diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectAuthorizationRequestManager.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectAuthorizationRequestManager.java index 79c61dd50..fde3e3bce 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectAuthorizationRequestManager.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectAuthorizationRequestManager.java @@ -15,6 +15,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.InitializingBean; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.oauth2.common.exceptions.InvalidClientException; import org.springframework.security.oauth2.common.exceptions.InvalidScopeException; import org.springframework.security.oauth2.common.util.OAuth2Utils; @@ -76,30 +77,44 @@ public class ConnectAuthorizationRequestManager implements AuthorizationRequestM String requestNonce = parameters.get("nonce"); - //If a nonce was included in the request, process it - if (requestNonce != null) { + Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal(); + boolean anonymous = false; - //Check request nonce for reuse - Collection clientNonces = nonceService.getByClientId(client.getClientId()); - for (Nonce nonce : clientNonces) { - if (nonce.getValue().equals(requestNonce)) { - throw new NonceReuseException(client.getClientId(), nonce); - } + if (principal instanceof String) { + if (principal.toString().equals("anonymousUser")) { + anonymous = true; } - - //Store nonce - Nonce nonce = new Nonce(); - nonce.setClientId(client.getClientId()); - nonce.setValue(requestNonce); - DateTime now = new DateTime(new Date()); - nonce.setUseDate(now.toDate()); - DateTime expDate = now.plus(nonceStorageDuration); - Date expirationJdkDate = expDate.toDate(); - nonce.setExpireDate(expirationJdkDate); - - nonceService.save(nonce); } + //If a nonce was included in the request, process it +// if (requestNonce != null) { +// +// //Check request nonce for reuse +// Collection clientNonces = nonceService.getByClientId(client.getClientId()); +// for (Nonce nonce : clientNonces) { +// if (nonce.getValue().equals(requestNonce)) { +// throw new NonceReuseException(client.getClientId(), nonce); +// } +// } +// +// +// +// if (principal != null && !anonymous) { +// +// //Store nonce +// Nonce nonce = new Nonce(); +// nonce.setClientId(client.getClientId()); +// nonce.setValue(requestNonce); +// DateTime now = new DateTime(new Date()); +// nonce.setUseDate(now.toDate()); +// DateTime expDate = now.plus(nonceStorageDuration); +// Date expirationJdkDate = expDate.toDate(); +// nonce.setExpireDate(expirationJdkDate); +// +// nonceService.save(nonce); +// } +// } + Set scopes = OAuth2Utils.parseParameterList(parameters.get("scope")); if ((scopes == null || scopes.isEmpty())) { //TODO: do we want to allow default scoping at all? diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JSONUserInfoView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JSONUserInfoView.java index 59bf0c1ef..cc03c0e33 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JSONUserInfoView.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JSONUserInfoView.java @@ -106,7 +106,7 @@ public class JSONUserInfoView extends AbstractView { JsonObject obj = new JsonObject(); //The "sub" claim must always be returned from this endpoint - obj.addProperty("sub", ui.getUserId()); + obj.addProperty("sub", ui.getSub()); //TODO: I think the following should be removed. "sub" replaces "user_id", and according //to the spec it must ALWAYS be returned from this endpoint.