scope wasn't quite right, needed a space
U-MITRE\mjwalsh
parent
b4836a0302
commit
02d0471acf
|
|
@ -47,39 +47,37 @@ import com.google.gson.JsonParser;
|
|||
* Configured like:
|
||||
*
|
||||
* <security:http auto-config="false" use-expressions="true"
|
||||
* disable-url-rewriting="true" entry-point-ref="authenticationEntryPoint" pattern="/**">
|
||||
* disable-url-rewriting="true" entry-point-ref="authenticationEntryPoint"
|
||||
* pattern="/**">
|
||||
*
|
||||
* <security:intercept-url pattern="/somepath/**"
|
||||
* access="denyAll" />
|
||||
* <security:intercept-url pattern="/somepath/**" access="denyAll" />
|
||||
*
|
||||
* <security:custom-filter before="PRE_AUTH_FILTER "
|
||||
* ref="openIdConnectAuthenticationFilter" />
|
||||
*
|
||||
* <security:intercept-url pattern="/**"
|
||||
* access="hasAnyRole('ROLE_USER','ROLE_ADMIN')" />
|
||||
* <security:logout />
|
||||
* access="hasAnyRole('ROLE_USER','ROLE_ADMIN')" /> <security:logout />
|
||||
* </security:http>
|
||||
*
|
||||
* <bean id="authenticationEntryPoint"
|
||||
* class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">
|
||||
* <property name="loginFormUrl" value="/openid_connect_login"/>
|
||||
* </bean>
|
||||
* <bean id="authenticationEntryPoint" class=
|
||||
* "org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint"
|
||||
* > <property name="loginFormUrl" value="/openid_connect_login"/> </bean>
|
||||
*
|
||||
* <security:authentication-manager alias="authenticationManager" />
|
||||
* <bean id="openIdConnectAuthenticationFilter"
|
||||
* <security:authentication-manager alias="authenticationManager" /> <bean
|
||||
* id="openIdConnectAuthenticationFilter"
|
||||
* class="org.mitre.openid.connect.client.OpenIdConnectAuthenticationFilter">
|
||||
*
|
||||
* <property name="authenticationManager" ref="authenticationManager" />
|
||||
* <property name="errorRedirectURI" value="/login.jsp?authfail=openid" /> <!-- TODO: or would this be value="/login.jsp?authfail=openid_connect" -->
|
||||
* <property name="authorizationEndpointURI"
|
||||
* value="http://sever.example.com:8080/openid-connect-server/openidconnect/auth" />
|
||||
* <property name="errorRedirectURI" value="/login.jsp?authfail=openid" /> <!--
|
||||
* TODO: or would this be value="/login.jsp?authfail=openid_connect" -->
|
||||
* <property name="authorizationEndpointURI" value=
|
||||
* "http://sever.example.com:8080/openid-connect-server/openidconnect/auth" />
|
||||
* <property name="tokenEndpointURI"
|
||||
* value="http://sever.example.com:8080/openid-connect-server/checkid" />
|
||||
* <property name="checkIDEndpointURI"
|
||||
* value="http://sever.example.com:8080/openid-connect-server/checkid" />
|
||||
* <property name="clientId" value="someClientId" />
|
||||
* <property name="clientSecret" value="someClientSecret" />
|
||||
* </bean>
|
||||
* <property name="clientId" value="someClientId" /> <property
|
||||
* name="clientSecret" value="someClientSecret" /> </bean>
|
||||
*
|
||||
* @author nemonik
|
||||
*
|
||||
|
|
@ -95,7 +93,7 @@ public class OpenIdConnectAuthenticationFilter extends
|
|||
private final static int KEY_SIZE = 1024;
|
||||
private final static String SIGNING_ALGORITHM = "SHA256withRSA";
|
||||
private final static String NONCE_SIGNATURE_COOKIE_NAME = "nonce";
|
||||
private final static String FILTER_PROCESSES_URL ="/openid_connect_login";
|
||||
private final static String FILTER_PROCESSES_URL = "/openid_connect_login";
|
||||
|
||||
/**
|
||||
* Return the URL w/ GET parameters
|
||||
|
|
@ -261,11 +259,7 @@ public class OpenIdConnectAuthenticationFilter extends
|
|||
}
|
||||
|
||||
// prepend the spec necessary scope
|
||||
if (scope != null && !scope.isEmpty() ) {
|
||||
setScope(SCOPE + scope);
|
||||
} else {
|
||||
setScope(SCOPE);
|
||||
}
|
||||
setScope(SCOPE + ((scope != null && !scope.isEmpty()) ? " " + scope : ""));
|
||||
}
|
||||
|
||||
/*
|
||||
|
|
@ -316,7 +310,8 @@ public class OpenIdConnectAuthenticationFilter extends
|
|||
|
||||
HttpClient httpClient = new DefaultHttpClient();
|
||||
|
||||
httpClient.getParams().setParameter("http.socket.timeout", new Integer(httpSocketTimeout));
|
||||
httpClient.getParams().setParameter("http.socket.timeout",
|
||||
new Integer(httpSocketTimeout));
|
||||
|
||||
UsernamePasswordCredentials credentials = new UsernamePasswordCredentials(
|
||||
clientId, clientSecret);
|
||||
|
|
@ -397,7 +392,8 @@ public class OpenIdConnectAuthenticationFilter extends
|
|||
|
||||
httpClient = new DefaultHttpClient();
|
||||
|
||||
httpClient.getParams().setParameter("http.socket.timeout", new Integer(httpSocketTimeout));
|
||||
httpClient.getParams().setParameter("http.socket.timeout",
|
||||
new Integer(httpSocketTimeout));
|
||||
|
||||
factory = new HttpComponentsClientHttpRequestFactory(
|
||||
httpClient);
|
||||
|
|
@ -596,4 +592,3 @@ public class OpenIdConnectAuthenticationFilter extends
|
|||
this.tokenEndpointURI = tokenEndpointURI;
|
||||
}
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue