feat: HTTP Alias Prohibited (#151)

TakahikoKawasaki · web-flow · commit 7f4e46b2a464 · 2025-12-01T14:59:09.000+09:00
diff --git a/CHANGES.ja.md b/CHANGES.ja.md
@@ -1,6 +1,11 @@
 変更点
 ======
 
+- `Service` クラス
+    * `isHttpAliasProhibited()` メソッドを追加。
+    * `setHttpAliasProhibited(boolean)` メソッドを追加。
+
+
 4.31 (2025 年 11 月 25 日)
 --------------------------
 
diff --git a/CHANGES.md b/CHANGES.md
@@ -1,6 +1,11 @@
 CHANGES
 =======
 
+- `Service` class
+    * Added the `isHttpAliasProhibited()` method.
+    * Added the `setHttpAliasProhibited(boolean)` method.
+
+
 4.31 (2025-11-25)
 -----------------
 
diff --git a/src/main/java/com/authlete/common/dto/Service.java b/src/main/java/com/authlete/common/dto/Service.java
@@ -330,7 +330,7 @@
  */
 public class Service implements Serializable
 {
-    private static final long serialVersionUID = 87L;
+    private static final long serialVersionUID = 88L;
 
 
     /*
@@ -1951,6 +1951,16 @@ public class Service implements Serializable
     private boolean cimdQueryPermitted;
 
 
+    /**
+     * Whether to prohibit client ID aliases that start with {@code https://}
+     * or {@code http://}.
+     *
+     * @since 4.32
+     * @since Authlete 3.0.22
+     */
+    private boolean httpAliasProhibited;
+
+
     /**
      * Get the service number.
      *
@@ -4302,6 +4312,8 @@ public Service setErrorUriOmitted(boolean omitted)
      *         {@code false} if the feature is disabled.
      *
      * @since 2.2
+     *
+     * @see #isHttpAliasProhibited()
      */
     public boolean isClientIdAliasEnabled()
     {
@@ -4328,6 +4340,8 @@ public boolean isClientIdAliasEnabled()
      *         {@code this} object.
      *
      * @since 2.2
+     *
+     * @see #isHttpAliasProhibited()
      */
     public Service setClientIdAliasEnabled(boolean enabled)
     {
@@ -12708,4 +12722,83 @@ public Service setCimdQueryPermitted(boolean permitted)
 
         return this;
     }
+
+
+    /**
+     * Get the flag that indicates whether to prohibit client ID aliases that
+     * start with {@code https://} or {@code http://}.
+     *
+     * <p>
+     * The primary purpose of this flag is to prevent the use of client ID
+     * aliases that may conflict with entity IDs in <a href=
+     * "https://openid.net/specs/openid-federation-1_0.html">OpenID Federation
+     * 1.0</a> or metadata document locations in <a href=
+     * "https://datatracker.ietf.org/doc/draft-ietf-oauth-client-id-metadata-document/"
+     * >CIMD</a>.
+     * </p>
+     *
+     * <p>
+     * For backward compatibility, the default value of this flag is set to
+     * {@code false}, but it is recommended to set it to {@code true} whenever
+     * possible.
+     * </p>
+     *
+     * @return
+     *         {@code true} if client ID aliases that start with {@code https://}
+     *         or {@code http://} are prohibited.
+     *
+     * @since 4.32
+     * @since Authlete 3.0.22
+     *
+     * @see <a href="https://openid.net/specs/openid-federation-1_0.html">
+     *      OpenID Federation 1.0</a>
+     * @see <a href="https://datatracker.ietf.org/doc/draft-ietf-oauth-client-id-metadata-document/">
+     *      OAuth Client ID Metadata Document</a>
+     */
+    public boolean isHttpAliasProhibited()
+    {
+        return httpAliasProhibited;
+    }
+
+
+    /**
+     * Set the flag that indicates whether to prohibit client ID aliases that
+     * start with {@code https://} or {@code http://}.
+     *
+     * <p>
+     * The primary purpose of this flag is to prevent the use of client ID
+     * aliases that may conflict with entity IDs in <a href=
+     * "https://openid.net/specs/openid-federation-1_0.html">OpenID Federation
+     * 1.0</a> or metadata document locations in <a href=
+     * "https://datatracker.ietf.org/doc/draft-ietf-oauth-client-id-metadata-document/"
+     * >CIMD</a>.
+     * </p>
+     *
+     * <p>
+     * For backward compatibility, the default value of this flag is set to
+     * {@code false}, but it is recommended to set it to {@code true} whenever
+     * possible.
+     * </p>
+     *
+     * @param prohibited
+     *         {@code true} to prohibit client ID aliases that start with
+     *         {@code https://} or {@code http://}.
+     *
+     * @return
+     *         {@code this} object.
+     *
+     * @since 4.32
+     * @since Authlete 3.0.22
+     *
+     * @see <a href="https://openid.net/specs/openid-federation-1_0.html">
+     *      OpenID Federation 1.0</a>
+     * @see <a href="https://datatracker.ietf.org/doc/draft-ietf-oauth-client-id-metadata-document/">
+     *      OAuth Client ID Metadata Document</a>
+     */
+    public Service setHttpAliasProhibited(boolean prohibited)
+    {
+        this.httpAliasProhibited = prohibited;
+
+        return this;
+    }
 }
