github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

DWN-26566: Added password encoded to the client entity service and changed the Introspection token service to allow parsing of client authorities for api level access

pull/1601/head
Gaurav Katiyar 2018-11-14 09:53:46 +00:00
parent b7b2c2d817
commit 028972c359
2 changed files with 22 additions and 8 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectingTokenService.java
View File

@ -21,12 +21,7 @@ import static org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod.SECRET_BASIC
import java.io.IOException;
import java.net.URI;
import java.util.Calendar;
import java.util.Date;
import java.util.HashMap;
import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import java.util.*;
import org.apache.http.client.HttpClient;
import org.apache.http.impl.client.HttpClientBuilder;
@ -41,6 +36,7 @@ import org.springframework.http.client.ClientHttpRequest;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.util.OAuth2Utils;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
@ -237,10 +233,15 @@ public class IntrospectingTokenService implements ResourceServerTokenServices {
Map<String, String> parameters = new HashMap<>();
parameters.put("client_id", clientId);
parameters.put("scope", OAuth2Utils.formatParameterList(scopes));
OAuth2Request storedRequest = new OAuth2Request(parameters, clientId, null, true, scopes, null, null, null, null);
OAuth2Request storedRequest = new OAuth2Request(parameters, clientId, parseClientAuthorities(token), true, scopes, null, null, null, null);
return storedRequest;
}
// Added the protected method to allow custom behaviour
protected Collection<? extends GrantedAuthority> parseClientAuthorities(JsonObject token) {
return null;
}
private Authentication createUserAuthentication(JsonObject token) {
JsonElement userId = token.get("user_id");
if(userId == null) {

15
openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java
View File

@ -50,6 +50,7 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
import org.springframework.stereotype.Service;
@ -100,7 +101,11 @@ public class DefaultOAuth2ClientDetailsEntityService implements ClientDetailsEnt
@Autowired
private ConfigurationPropertiesBean config;
// map of sector URI -> list of redirect URIs
@Autowired
private PasswordEncoder passwordEncoder;
// map of sector URI -> list of redirect URIs
private LoadingCache<String, List<String>> sectorRedirects = CacheBuilder.newBuilder()
.expireAfterAccess(1, TimeUnit.HOURS)
.maximumSize(100)
@ -145,6 +150,10 @@ public class DefaultOAuth2ClientDetailsEntityService implements ClientDetailsEnt
ensureNoReservedScopes(client);
if(!Strings.isNullOrEmpty(client.getClientSecret())) {
client.setClientSecret(this.passwordEncoder.encode(client.getClientSecret()));
}
ClientDetailsEntity c = clientRepository.saveClient(client);
statsService.resetCache();
@ -423,6 +432,10 @@ public class DefaultOAuth2ClientDetailsEntityService implements ClientDetailsEnt
// make sure a client doesn't get any special system scopes
ensureNoReservedScopes(newClient);
if(!Strings.isNullOrEmpty(newClient.getClientSecret())) {
newClient.setClientSecret(this.passwordEncoder.encode(newClient.getClientSecret()));
}
return clientRepository.updateClient(oldClient.getId(), newClient);
}
throw new IllegalArgumentException("Neither old client or new client can be null!");