Issue #4138 - Changes from review

Signed-off-by: Lachlan Roberts <lachlan@webtide.com>
This commit is contained in:
Lachlan Roberts 2019-11-11 13:51:48 +11:00
parent ed74a459a7
commit 39aac30137
4 changed files with 9 additions and 10 deletions

View File

@ -5,8 +5,7 @@
<New id="HttpClient" class="org.eclipse.jetty.client.HttpClient">
<Arg>
<New class="org.eclipse.jetty.util.ssl.SslContextFactory$Client">
<Set name="trustAll" type="boolean">false</Set>
<Set name="endpointIdentificationAlgorithm">https</Set>
<Set name="trustAll" type="boolean"><Property name="jetty.openid.sslContextFactory.trustAll" default="false"/></Set>
</New>
</Arg>
<Set name="executor"><Ref refid="ThreadPool"/></Set>

View File

@ -39,3 +39,6 @@ etc/jetty-openid.xml
## Whether to Authenticate users not found by base LoginService
# jetty.openid.authenticateNewUsers=false
## True if all certificates should be trusted by the default SslContextFactory
# jetty.openid.sslContextFactory.trustAll=false

View File

@ -1,6 +1,6 @@
<?xml version="1.0"?>
<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_3.dtd">
<Configure id="BaseLoginService">
<Configure>
<!-- Optional code to configure the base LoginService used by the OpenIdLoginService
<New id="BaseLoginService" class="org.eclipse.jetty.security.HashLoginService">
<Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set>

View File

@ -18,7 +18,6 @@
package org.eclipse.jetty.security.openid;
import java.io.Serializable;
import java.util.ArrayList;
import java.util.Collections;
import java.util.List;
@ -39,10 +38,9 @@ import org.eclipse.jetty.util.ssl.SslContextFactory;
* This uses the OpenID Provider URL with the path {@link #CONFIG_PATH} to discover
* the required information about the OIDC service.
*/
public class OpenIdConfiguration extends ContainerLifeCycle implements Serializable
public class OpenIdConfiguration extends ContainerLifeCycle
{
private static final Logger LOG = Log.getLogger(OpenIdConfiguration.class);
private static final long serialVersionUID = 2227941990601349102L;
private static final String CONFIG_PATH = "/.well-known/openid-configuration";
private final HttpClient httpClient;
@ -61,7 +59,7 @@ public class OpenIdConfiguration extends ContainerLifeCycle implements Serializa
*/
public OpenIdConfiguration(String provider, String clientId, String clientSecret)
{
this(provider, null, null, clientId, clientSecret, newHttpClient());
this(provider, null, null, clientId, clientSecret, null);
}
/**
@ -81,7 +79,7 @@ public class OpenIdConfiguration extends ContainerLifeCycle implements Serializa
this.clientSecret = clientSecret;
this.authEndpoint = authorizationEndpoint;
this.tokenEndpoint = tokenEndpoint;
this.httpClient = httpClient;
this.httpClient = httpClient != null ? httpClient : newHttpClient();
if (this.issuer == null)
throw new IllegalArgumentException("Issuer was not configured");
@ -114,7 +112,6 @@ public class OpenIdConfiguration extends ContainerLifeCycle implements Serializa
private static HttpClient newHttpClient()
{
SslContextFactory.Client sslContextFactory = new SslContextFactory.Client(false);
sslContextFactory.setEndpointIdentificationAlgorithm("https");
return new HttpClient(sslContextFactory);
}