github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

deny tickets with no claims required (closes a race condition)

pull/708/merge
Justin Richer 2015-03-31 10:26:06 -04:00
parent dc10779abb
commit f48049be4d
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
openid-connect-server/src/main/java/org/mitre/uma/web/AuthorizationRequestEndpoint.java
View File

@ -139,6 +139,7 @@ public class AuthorizationRequestEndpoint {
Collection<Claim> claimsUnmatched = new HashSet<>(claimsRequired); Collection<Claim> claimsUnmatched = new HashSet<>(claimsRequired);
// see if each of the required claims has a counterpart in the supplied claims set // see if each of the required claims has a counterpart in the supplied claims set
// TODO: move this component to a claims checking service (#796)
for (Claim required : claimsRequired) { for (Claim required : claimsRequired) {
for (Claim supplied : claimsSupplied) { for (Claim supplied : claimsSupplied) {
@ -153,16 +154,17 @@ public class AuthorizationRequestEndpoint {
} }
}
} }
} }
}
if (claimsUnmatched.isEmpty()) { // note that if the required claims are empty we don't want to return a token
if (!claimsRequired.isEmpty() && claimsUnmatched.isEmpty()) {
// we matched all the claims, create and return the token // we matched all the claims, create and return the token
// TODO: move this whole mess to the OIDCTokenService // TODO: move this whole mess to the OIDCTokenService (#797)
OAuth2Authentication o2auth = (OAuth2Authentication) auth; OAuth2Authentication o2auth = (OAuth2Authentication) auth;