github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

scope wasn't quite right, needed a space

pull/59/head
U-MITRE\mjwalsh 2012-03-22 17:55:59 -04:00
parent b4836a0302
commit 02d0471acf
1 changed files with 48 additions and 53 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

101
openid-connect-client/src/main/java/org/mitre/openid/connect/client/OpenIdConnectAuthenticationFilter.java
View File

@ -44,42 +44,40 @@ import com.google.gson.JsonParser;
/** /**
* The OpenID Connect Authentication Filter * The OpenID Connect Authentication Filter
* *
* Configured like: * Configured like:
* *
* <security:http auto-config="false" use-expressions="true" * <security:http auto-config="false" use-expressions="true"
* disable-url-rewriting="true" entry-point-ref="authenticationEntryPoint" pattern="/**"> * disable-url-rewriting="true" entry-point-ref="authenticationEntryPoint"
* * pattern="/**">
* <security:intercept-url pattern="/somepath/**" *
* access="denyAll" /> * <security:intercept-url pattern="/somepath/**" access="denyAll" />
* *
* <security:custom-filter before="PRE_AUTH_FILTER " * <security:custom-filter before="PRE_AUTH_FILTER "
* ref="openIdConnectAuthenticationFilter" /> * ref="openIdConnectAuthenticationFilter" />
* *
* <security:intercept-url pattern="/**" * <security:intercept-url pattern="/**"
* access="hasAnyRole('ROLE_USER','ROLE_ADMIN')" /> * access="hasAnyRole('ROLE_USER','ROLE_ADMIN')" /> <security:logout />
* <security:logout /> * </security:http>
* </security:http> *
* * <bean id="authenticationEntryPoint" class=
* <bean id="authenticationEntryPoint" * "org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"
* class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"> * > <property name="loginFormUrl" value="/openid_connect_login"/> </bean>
* <property name="loginFormUrl" value="/openid_connect_login"/> *
* </bean> * <security:authentication-manager alias="authenticationManager" /> <bean
* * id="openIdConnectAuthenticationFilter"
* <security:authentication-manager alias="authenticationManager" /> * class="org.mitre.openid.connect.client.OpenIdConnectAuthenticationFilter">
* <bean id="openIdConnectAuthenticationFilter" *
* class="org.mitre.openid.connect.client.OpenIdConnectAuthenticationFilter"> * <property name="authenticationManager" ref="authenticationManager" />
* * <property name="errorRedirectURI" value="/login.jsp?authfail=openid" /> <!--
* <property name="authenticationManager" ref="authenticationManager" /> * TODO: or would this be value="/login.jsp?authfail=openid_connect" -->
* <property name="errorRedirectURI" value="/login.jsp?authfail=openid" /> <!-- TODO: or would this be value="/login.jsp?authfail=openid_connect" --> * <property name="authorizationEndpointURI" value=
* <property name="authorizationEndpointURI" * "http://sever.example.com:8080/openid-connect-server/openidconnect/auth" />
* value="http://sever.example.com:8080/openid-connect-server/openidconnect/auth" /> * <property name="tokenEndpointURI"
* <property name="tokenEndpointURI" * value="http://sever.example.com:8080/openid-connect-server/checkid" />
* value="http://sever.example.com:8080/openid-connect-server/checkid" /> * <property name="checkIDEndpointURI"
* <property name="checkIDEndpointURI" * value="http://sever.example.com:8080/openid-connect-server/checkid" />
* value="http://sever.example.com:8080/openid-connect-server/checkid" /> * <property name="clientId" value="someClientId" /> <property
* <property name="clientId" value="someClientId" /> * name="clientSecret" value="someClientSecret" /> </bean>
* <property name="clientSecret" value="someClientSecret" />
* </bean>
* *
* @author nemonik * @author nemonik
* *
@ -95,7 +93,7 @@ public class OpenIdConnectAuthenticationFilter extends
private final static int KEY_SIZE = 1024; private final static int KEY_SIZE = 1024;
private final static String SIGNING_ALGORITHM = "SHA256withRSA"; private final static String SIGNING_ALGORITHM = "SHA256withRSA";
private final static String NONCE_SIGNATURE_COOKIE_NAME = "nonce"; private final static String NONCE_SIGNATURE_COOKIE_NAME = "nonce";
private final static String FILTER_PROCESSES_URL ="/openid_connect_login"; private final static String FILTER_PROCESSES_URL = "/openid_connect_login";
/** /**
* Return the URL w/ GET parameters * Return the URL w/ GET parameters
@ -191,7 +189,7 @@ public class OpenIdConnectAuthenticationFilter extends
private String clientId; private String clientId;
private String scope; private String scope;
private int httpSocketTimeout = HTTP_SOCKET_TIMEOUT; private int httpSocketTimeout = HTTP_SOCKET_TIMEOUT;
private PublicKey publicKey; private PublicKey publicKey;
@ -245,7 +243,7 @@ public class OpenIdConnectAuthenticationFilter extends
throw new IllegalArgumentException( throw new IllegalArgumentException(
"A Client Secret must be supplied"); "A Client Secret must be supplied");
} }
KeyPairGenerator keyPairGenerator; KeyPairGenerator keyPairGenerator;
try { try {
keyPairGenerator = KeyPairGenerator.getInstance("RSA"); keyPairGenerator = KeyPairGenerator.getInstance("RSA");
@ -261,11 +259,7 @@ public class OpenIdConnectAuthenticationFilter extends
} }
// prepend the spec necessary scope // prepend the spec necessary scope
if (scope != null && !scope.isEmpty() ) { setScope(SCOPE + ((scope != null && !scope.isEmpty()) ? " " + scope : ""));
setScope(SCOPE + scope);
} else {
setScope(SCOPE);
}
} }
/* /*
@ -315,9 +309,10 @@ public class OpenIdConnectAuthenticationFilter extends
// Handle Token Endpoint interaction // Handle Token Endpoint interaction
HttpClient httpClient = new DefaultHttpClient(); HttpClient httpClient = new DefaultHttpClient();
httpClient.getParams().setParameter("http.socket.timeout", new Integer(httpSocketTimeout)); httpClient.getParams().setParameter("http.socket.timeout",
new Integer(httpSocketTimeout));
UsernamePasswordCredentials credentials = new UsernamePasswordCredentials( UsernamePasswordCredentials credentials = new UsernamePasswordCredentials(
clientId, clientSecret); clientId, clientSecret);
((DefaultHttpClient) httpClient).getCredentialsProvider() ((DefaultHttpClient) httpClient).getCredentialsProvider()
@ -396,9 +391,10 @@ public class OpenIdConnectAuthenticationFilter extends
// Handle Check ID Endpoint interaction // Handle Check ID Endpoint interaction
httpClient = new DefaultHttpClient(); httpClient = new DefaultHttpClient();
httpClient.getParams().setParameter("http.socket.timeout", new Integer(httpSocketTimeout)); httpClient.getParams().setParameter("http.socket.timeout",
new Integer(httpSocketTimeout));
factory = new HttpComponentsClientHttpRequestFactory( factory = new HttpComponentsClientHttpRequestFactory(
httpClient); httpClient);
restTemplate = new RestTemplate(factory); restTemplate = new RestTemplate(factory);
@ -417,7 +413,7 @@ public class OpenIdConnectAuthenticationFilter extends
} catch (HttpClientErrorException httpClientErrorException) { } catch (HttpClientErrorException httpClientErrorException) {
// Handle error // Handle error
logger.error("Check ID Endpoint error response: " logger.error("Check ID Endpoint error response: "
+ httpClientErrorException.getStatusText() + httpClientErrorException.getStatusText()
+ " : " + httpClientErrorException.getMessage()); + " : " + httpClientErrorException.getMessage());
@ -587,7 +583,7 @@ public class OpenIdConnectAuthenticationFilter extends
public void setErrorRedirectURI(String errorRedirectURI) { public void setErrorRedirectURI(String errorRedirectURI) {
this.errorRedirectURI = errorRedirectURI; this.errorRedirectURI = errorRedirectURI;
} }
public void setScope(String scope) { public void setScope(String scope) {
this.scope = scope; this.scope = scope;
} }
@ -596,4 +592,3 @@ public class OpenIdConnectAuthenticationFilter extends
this.tokenEndpointURI = tokenEndpointURI; this.tokenEndpointURI = tokenEndpointURI;
} }
} }