diff --git a/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectingTokenService.java b/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectingTokenService.java index 76eaf2225..06ec7f72e 100644 --- a/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectingTokenService.java +++ b/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectingTokenService.java @@ -21,12 +21,7 @@ import static org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod.SECRET_BASIC import java.io.IOException; import java.net.URI; -import java.util.Calendar; -import java.util.Date; -import java.util.HashMap; -import java.util.HashSet; -import java.util.Map; -import java.util.Set; +import java.util.*; import org.apache.http.client.HttpClient; import org.apache.http.impl.client.HttpClientBuilder; @@ -41,6 +36,7 @@ import org.springframework.http.client.ClientHttpRequest; import org.springframework.http.client.HttpComponentsClientHttpRequestFactory; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; +import org.springframework.security.core.GrantedAuthority; import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.common.util.OAuth2Utils; import org.springframework.security.oauth2.provider.OAuth2Authentication; @@ -237,10 +233,15 @@ public class IntrospectingTokenService implements ResourceServerTokenServices { Map parameters = new HashMap<>(); parameters.put("client_id", clientId); parameters.put("scope", OAuth2Utils.formatParameterList(scopes)); - OAuth2Request storedRequest = new OAuth2Request(parameters, clientId, null, true, scopes, null, null, null, null); + OAuth2Request storedRequest = new OAuth2Request(parameters, clientId, parseClientAuthorities(token), true, scopes, null, null, null, null); return storedRequest; } + // Added the protected method to allow custom behaviour + protected Collection parseClientAuthorities(JsonObject token) { + return null; + } + private Authentication createUserAuthentication(JsonObject token) { JsonElement userId = token.get("user_id"); if(userId == null) { diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java index 6ed98ee5d..f02e77397 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java @@ -50,6 +50,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.client.HttpComponentsClientHttpRequestFactory; +import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.oauth2.common.exceptions.InvalidClientException; import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; import org.springframework.stereotype.Service; @@ -100,7 +101,11 @@ public class DefaultOAuth2ClientDetailsEntityService implements ClientDetailsEnt @Autowired private ConfigurationPropertiesBean config; - // map of sector URI -> list of redirect URIs + @Autowired + private PasswordEncoder passwordEncoder; + + + // map of sector URI -> list of redirect URIs private LoadingCache> sectorRedirects = CacheBuilder.newBuilder() .expireAfterAccess(1, TimeUnit.HOURS) .maximumSize(100) @@ -145,6 +150,10 @@ public class DefaultOAuth2ClientDetailsEntityService implements ClientDetailsEnt ensureNoReservedScopes(client); + if(!Strings.isNullOrEmpty(client.getClientSecret())) { + client.setClientSecret(this.passwordEncoder.encode(client.getClientSecret())); + } + ClientDetailsEntity c = clientRepository.saveClient(client); statsService.resetCache(); @@ -423,6 +432,10 @@ public class DefaultOAuth2ClientDetailsEntityService implements ClientDetailsEnt // make sure a client doesn't get any special system scopes ensureNoReservedScopes(newClient); + if(!Strings.isNullOrEmpty(newClient.getClientSecret())) { + newClient.setClientSecret(this.passwordEncoder.encode(newClient.getClientSecret())); + } + return clientRepository.updateClient(oldClient.getId(), newClient); } throw new IllegalArgumentException("Neither old client or new client can be null!");