github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

MitreID code compiles against latest Spring libraries

pull/1611/head
Andrea Ceccanti 2021-10-25 17:13:07 +02:00
parent 711a2e7eab
commit 12bfab4f55
5 changed files with 441 additions and 443 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
View File

@ -50,8 +50,6 @@ import org.mitre.oauth2.model.convert.JWTStringConverter;
import org.mitre.openid.connect.model.ApprovedSite; import org.mitre.openid.connect.model.ApprovedSite;
import org.mitre.uma.model.Permission; import org.mitre.uma.model.Permission;
import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.OAuth2AccessTokenJackson1Deserializer;
import org.springframework.security.oauth2.common.OAuth2AccessTokenJackson1Serializer;
import org.springframework.security.oauth2.common.OAuth2AccessTokenJackson2Deserializer; import org.springframework.security.oauth2.common.OAuth2AccessTokenJackson2Deserializer;
import org.springframework.security.oauth2.common.OAuth2AccessTokenJackson2Serializer; import org.springframework.security.oauth2.common.OAuth2AccessTokenJackson2Serializer;
import org.springframework.security.oauth2.common.OAuth2RefreshToken; import org.springframework.security.oauth2.common.OAuth2RefreshToken;
@ -74,8 +72,6 @@ import com.nimbusds.jwt.JWT;
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_RESOURCE_SET, query = "select a from OAuth2AccessTokenEntity a join a.permissions p where p.resourceSet.id = :" + OAuth2AccessTokenEntity.PARAM_RESOURCE_SET_ID), @NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_RESOURCE_SET, query = "select a from OAuth2AccessTokenEntity a join a.permissions p where p.resourceSet.id = :" + OAuth2AccessTokenEntity.PARAM_RESOURCE_SET_ID),
@NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_NAME, query = "select r from OAuth2AccessTokenEntity r where r.authenticationHolder.userAuth.name = :" + OAuth2AccessTokenEntity.PARAM_NAME) @NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_NAME, query = "select r from OAuth2AccessTokenEntity r where r.authenticationHolder.userAuth.name = :" + OAuth2AccessTokenEntity.PARAM_NAME)
}) })
@org.codehaus.jackson.map.annotate.JsonSerialize(using = OAuth2AccessTokenJackson1Serializer.class)
@org.codehaus.jackson.map.annotate.JsonDeserialize(using = OAuth2AccessTokenJackson1Deserializer.class)
@com.fasterxml.jackson.databind.annotation.JsonSerialize(using = OAuth2AccessTokenJackson2Serializer.class) @com.fasterxml.jackson.databind.annotation.JsonSerialize(using = OAuth2AccessTokenJackson2Serializer.class)
@com.fasterxml.jackson.databind.annotation.JsonDeserialize(using = OAuth2AccessTokenJackson2Deserializer.class) @com.fasterxml.jackson.databind.annotation.JsonDeserialize(using = OAuth2AccessTokenJackson2Deserializer.class)
public class OAuth2AccessTokenEntity implements OAuth2AccessToken { public class OAuth2AccessTokenEntity implements OAuth2AccessToken {

3
openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/UriEncodedClientUserDetailsService.java
View File

@ -15,7 +15,6 @@
*******************************************************************************/ *******************************************************************************/
package org.mitre.oauth2.service.impl; package org.mitre.oauth2.service.impl;
import java.io.UnsupportedEncodingException;
import java.math.BigInteger; import java.math.BigInteger;
import java.security.SecureRandom; import java.security.SecureRandom;
import java.util.Collection; import java.util.Collection;
@ -91,7 +90,7 @@ public class UriEncodedClientUserDetailsService implements UserDetailsService {
} else { } else {
throw new UsernameNotFoundException("Client not found: " + clientId); throw new UsernameNotFoundException("Client not found: " + clientId);
} }
} catch (UnsupportedEncodingException | InvalidClientException e) { } catch (InvalidClientException e) {
throw new UsernameNotFoundException("Client not found: " + clientId); throw new UsernameNotFoundException("Client not found: " + clientId);
} }

16
openid-connect-server/src/main/java/org/mitre/openid/connect/web/DynamicClientRegistrationEndpoint.java
View File

@ -17,7 +17,6 @@
*******************************************************************************/ *******************************************************************************/
package org.mitre.openid.connect.web; package org.mitre.openid.connect.web;
import java.io.UnsupportedEncodingException;
import java.text.ParseException; import java.text.ParseException;
import java.util.Date; import java.util.Date;
import java.util.Set; import java.util.Set;
@ -218,10 +217,6 @@ public class DynamicClientRegistrationEndpoint {
m.addAttribute(HttpCodeView.CODE, HttpStatus.CREATED); // http 201 m.addAttribute(HttpCodeView.CODE, HttpStatus.CREATED); // http 201
return ClientInformationResponseView.VIEWNAME; return ClientInformationResponseView.VIEWNAME;
} catch (UnsupportedEncodingException e) {
logger.error("Unsupported encoding", e);
m.addAttribute(HttpCodeView.CODE, HttpStatus.INTERNAL_SERVER_ERROR);
return HttpCodeView.VIEWNAME;
} catch (IllegalArgumentException e) { } catch (IllegalArgumentException e) {
logger.error("Couldn't save client", e); logger.error("Couldn't save client", e);
@ -260,8 +255,6 @@ public class DynamicClientRegistrationEndpoint {
ClientDetailsEntity client = clientService.loadClientByClientId(clientId); ClientDetailsEntity client = clientService.loadClientByClientId(clientId);
if (client != null && client.getClientId().equals(auth.getOAuth2Request().getClientId())) { if (client != null && client.getClientId().equals(auth.getOAuth2Request().getClientId())) {
try {
OAuth2AccessTokenEntity token = rotateRegistrationTokenIfNecessary(auth, client); OAuth2AccessTokenEntity token = rotateRegistrationTokenIfNecessary(auth, client);
RegisteredClient registered = RegisteredClient registered =
new RegisteredClient(client, token.getValue(), config.getIssuer() + "register/" new RegisteredClient(client, token.getValue(), config.getIssuer() + "register/"
@ -272,11 +265,6 @@ public class DynamicClientRegistrationEndpoint {
m.addAttribute(HttpCodeView.CODE, HttpStatus.OK); // http 200 m.addAttribute(HttpCodeView.CODE, HttpStatus.OK); // http 200
return ClientInformationResponseView.VIEWNAME; return ClientInformationResponseView.VIEWNAME;
} catch (UnsupportedEncodingException e) {
logger.error("Unsupported encoding", e);
m.addAttribute(HttpCodeView.CODE, HttpStatus.INTERNAL_SERVER_ERROR);
return HttpCodeView.VIEWNAME;
}
} else { } else {
// client mismatch // client mismatch
@ -380,10 +368,6 @@ public class DynamicClientRegistrationEndpoint {
m.addAttribute(HttpCodeView.CODE, HttpStatus.OK); // http 200 m.addAttribute(HttpCodeView.CODE, HttpStatus.OK); // http 200
return ClientInformationResponseView.VIEWNAME; return ClientInformationResponseView.VIEWNAME;
} catch (UnsupportedEncodingException e) {
logger.error("Unsupported encoding", e);
m.addAttribute(HttpCodeView.CODE, HttpStatus.INTERNAL_SERVER_ERROR);
return HttpCodeView.VIEWNAME;
} catch (IllegalArgumentException e) { } catch (IllegalArgumentException e) {
logger.error("Couldn't save client", e); logger.error("Couldn't save client", e);

122
openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java
View File

@ -15,7 +15,6 @@
*******************************************************************************/ *******************************************************************************/
package org.mitre.openid.connect.web; package org.mitre.openid.connect.web;
import java.io.UnsupportedEncodingException;
import java.text.ParseException; import java.text.ParseException;
import java.util.Date; import java.util.Date;
import java.util.HashSet; import java.util.HashSet;
@ -82,16 +81,19 @@ public class ProtectedResourceRegistrationEndpoint {
/** /**
* Logger for this class * Logger for this class
*/ */
private static final Logger logger = LoggerFactory.getLogger(ProtectedResourceRegistrationEndpoint.class); private static final Logger logger =
LoggerFactory.getLogger(ProtectedResourceRegistrationEndpoint.class);
/** /**
* Create a new Client, issue a client ID, and create a registration access token. * Create a new Client, issue a client ID, and create a registration access token.
*
* @param jsonString * @param jsonString
* @param m * @param m
* @param p * @param p
* @return * @return
*/ */
@RequestMapping(method = RequestMethod.POST, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE) @RequestMapping(method = RequestMethod.POST, consumes = MediaType.APPLICATION_JSON_VALUE,
produces = MediaType.APPLICATION_JSON_VALUE)
public String registerNewProtectedResource(@RequestBody String jsonString, Model m) { public String registerNewProtectedResource(@RequestBody String jsonString, Model m) {
ClientDetailsEntity newClient = null; ClientDetailsEntity newClient = null;
@ -172,20 +174,19 @@ public class ProtectedResourceRegistrationEndpoint {
// send it all out to the view // send it all out to the view
RegisteredClient registered = new RegisteredClient(savedClient, token.getValue(), config.getIssuer() + "resource/" + UriUtils.encodePathSegment(savedClient.getClientId(), "UTF-8")); RegisteredClient registered =
new RegisteredClient(savedClient, token.getValue(), config.getIssuer() + "resource/"
+ UriUtils.encodePathSegment(savedClient.getClientId(), "UTF-8"));
m.addAttribute("client", registered); m.addAttribute("client", registered);
m.addAttribute(HttpCodeView.CODE, HttpStatus.CREATED); // http 201 m.addAttribute(HttpCodeView.CODE, HttpStatus.CREATED); // http 201
return ClientInformationResponseView.VIEWNAME; return ClientInformationResponseView.VIEWNAME;
} catch (UnsupportedEncodingException e) {
logger.error("Unsupported encoding", e);
m.addAttribute(HttpCodeView.CODE, HttpStatus.INTERNAL_SERVER_ERROR);
return HttpCodeView.VIEWNAME;
} catch (IllegalArgumentException e) { } catch (IllegalArgumentException e) {
logger.error("Couldn't save client", e); logger.error("Couldn't save client", e);
m.addAttribute(JsonErrorView.ERROR, "invalid_client_metadata"); m.addAttribute(JsonErrorView.ERROR, "invalid_client_metadata");
m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Unable to save client due to invalid or inconsistent metadata."); m.addAttribute(JsonErrorView.ERROR_MESSAGE,
"Unable to save client due to invalid or inconsistent metadata.");
m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); // http 400 m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); // http 400
return JsonErrorView.VIEWNAME; return JsonErrorView.VIEWNAME;
@ -200,12 +201,14 @@ public class ProtectedResourceRegistrationEndpoint {
} }
private ClientDetailsEntity validateScopes(ClientDetailsEntity newClient) throws ValidationException { private ClientDetailsEntity validateScopes(ClientDetailsEntity newClient)
throws ValidationException {
// scopes that the client is asking for // scopes that the client is asking for
Set<SystemScope> requestedScopes = scopeService.fromStrings(newClient.getScope()); Set<SystemScope> requestedScopes = scopeService.fromStrings(newClient.getScope());
// the scopes that the client can have must be a subset of the dynamically allowed scopes // the scopes that the client can have must be a subset of the dynamically allowed scopes
Set<SystemScope> allowedScopes = scopeService.removeRestrictedAndReservedScopes(requestedScopes); Set<SystemScope> allowedScopes =
scopeService.removeRestrictedAndReservedScopes(requestedScopes);
// if the client didn't ask for any, give them the defaults // if the client didn't ask for any, give them the defaults
if (allowedScopes == null || allowedScopes.isEmpty()) { if (allowedScopes == null || allowedScopes.isEmpty()) {
@ -219,41 +222,40 @@ public class ProtectedResourceRegistrationEndpoint {
/** /**
* Get the meta information for a client. * Get the meta information for a client.
*
* @param clientId * @param clientId
* @param m * @param m
* @param auth * @param auth
* @return * @return
*/ */
@PreAuthorize("hasRole('ROLE_CLIENT') and #oauth2.hasScope('" + SystemScopeService.RESOURCE_TOKEN_SCOPE + "')") @PreAuthorize("hasRole('ROLE_CLIENT') and #oauth2.hasScope('"
@RequestMapping(value = "/{id}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) + SystemScopeService.RESOURCE_TOKEN_SCOPE + "')")
public String readResourceConfiguration(@PathVariable("id") String clientId, Model m, OAuth2Authentication auth) { @RequestMapping(value = "/{id}", method = RequestMethod.GET,
produces = MediaType.APPLICATION_JSON_VALUE)
public String readResourceConfiguration(@PathVariable("id") String clientId, Model m,
OAuth2Authentication auth) {
ClientDetailsEntity client = clientService.loadClientByClientId(clientId); ClientDetailsEntity client = clientService.loadClientByClientId(clientId);
if (client != null && client.getClientId().equals(auth.getOAuth2Request().getClientId())) { if (client != null && client.getClientId().equals(auth.getOAuth2Request().getClientId())) {
try {
// possibly update the token // possibly update the token
OAuth2AccessTokenEntity token = fetchValidRegistrationToken(auth, client); OAuth2AccessTokenEntity token = fetchValidRegistrationToken(auth, client);
RegisteredClient registered = new RegisteredClient(client, token.getValue(), config.getIssuer() + "resource/" + UriUtils.encodePathSegment(client.getClientId(), "UTF-8")); RegisteredClient registered =
new RegisteredClient(client, token.getValue(), config.getIssuer() + "resource/"
+ UriUtils.encodePathSegment(client.getClientId(), "UTF-8"));
// send it all out to the view // send it all out to the view
m.addAttribute("client", registered); m.addAttribute("client", registered);
m.addAttribute(HttpCodeView.CODE, HttpStatus.OK); // http 200 m.addAttribute(HttpCodeView.CODE, HttpStatus.OK); // http 200
return ClientInformationResponseView.VIEWNAME; return ClientInformationResponseView.VIEWNAME;
} catch (UnsupportedEncodingException e) {
logger.error("Unsupported encoding", e);
m.addAttribute(HttpCodeView.CODE, HttpStatus.INTERNAL_SERVER_ERROR);
return HttpCodeView.VIEWNAME;
}
} else { } else {
// client mismatch // client mismatch
logger.error("readResourceConfiguration failed, client ID mismatch: " logger.error("readResourceConfiguration failed, client ID mismatch: " + clientId + " and "
+ clientId + " and " + auth.getOAuth2Request().getClientId() + " do not match."); + auth.getOAuth2Request().getClientId() + " do not match.");
m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); // http 403 m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); // http 403
return HttpCodeView.VIEWNAME; return HttpCodeView.VIEWNAME;
@ -262,15 +264,19 @@ public class ProtectedResourceRegistrationEndpoint {
/** /**
* Update the metainformation for a given client. * Update the metainformation for a given client.
*
* @param clientId * @param clientId
* @param jsonString * @param jsonString
* @param m * @param m
* @param auth * @param auth
* @return * @return
*/ */
@PreAuthorize("hasRole('ROLE_CLIENT') and #oauth2.hasScope('" + SystemScopeService.RESOURCE_TOKEN_SCOPE + "')") @PreAuthorize("hasRole('ROLE_CLIENT') and #oauth2.hasScope('"
@RequestMapping(value = "/{id}", method = RequestMethod.PUT, produces = MediaType.APPLICATION_JSON_VALUE, consumes = MediaType.APPLICATION_JSON_VALUE) + SystemScopeService.RESOURCE_TOKEN_SCOPE + "')")
public String updateProtectedResource(@PathVariable("id") String clientId, @RequestBody String jsonString, Model m, OAuth2Authentication auth) { @RequestMapping(value = "/{id}", method = RequestMethod.PUT,
produces = MediaType.APPLICATION_JSON_VALUE, consumes = MediaType.APPLICATION_JSON_VALUE)
public String updateProtectedResource(@PathVariable("id") String clientId,
@RequestBody String jsonString, Model m, OAuth2Authentication auth) {
ClientDetailsEntity newClient = null; ClientDetailsEntity newClient = null;
@ -287,8 +293,12 @@ public class ProtectedResourceRegistrationEndpoint {
ClientDetailsEntity oldClient = clientService.loadClientByClientId(clientId); ClientDetailsEntity oldClient = clientService.loadClientByClientId(clientId);
if (newClient != null && oldClient != null // we have an existing client and the new one parsed if (newClient != null && oldClient != null // we have an existing client and the new one parsed
&& oldClient.getClientId().equals(auth.getOAuth2Request().getClientId()) // the client passed in the URI matches the one in the auth && oldClient.getClientId().equals(auth.getOAuth2Request().getClientId()) // the client
&& oldClient.getClientId().equals(newClient.getClientId()) // the client passed in the body matches the one in the URI // passed in the
// URI matches the
// one in the auth
&& oldClient.getClientId().equals(newClient.getClientId()) // the client passed in the body
// matches the one in the URI
) { ) {
// a client can't ask to update its own client secret to any particular value // a client can't ask to update its own client secret to any particular value
@ -349,31 +359,30 @@ public class ProtectedResourceRegistrationEndpoint {
// possibly update the token // possibly update the token
OAuth2AccessTokenEntity token = fetchValidRegistrationToken(auth, savedClient); OAuth2AccessTokenEntity token = fetchValidRegistrationToken(auth, savedClient);
RegisteredClient registered = new RegisteredClient(savedClient, token.getValue(), config.getIssuer() + "resource/" + UriUtils.encodePathSegment(savedClient.getClientId(), "UTF-8")); RegisteredClient registered =
new RegisteredClient(savedClient, token.getValue(), config.getIssuer() + "resource/"
+ UriUtils.encodePathSegment(savedClient.getClientId(), "UTF-8"));
// send it all out to the view // send it all out to the view
m.addAttribute("client", registered); m.addAttribute("client", registered);
m.addAttribute(HttpCodeView.CODE, HttpStatus.OK); // http 200 m.addAttribute(HttpCodeView.CODE, HttpStatus.OK); // http 200
return ClientInformationResponseView.VIEWNAME; return ClientInformationResponseView.VIEWNAME;
} catch (UnsupportedEncodingException e) {
logger.error("Unsupported encoding", e);
m.addAttribute(HttpCodeView.CODE, HttpStatus.INTERNAL_SERVER_ERROR);
return HttpCodeView.VIEWNAME;
} catch (IllegalArgumentException e) { } catch (IllegalArgumentException e) {
logger.error("Couldn't save client", e); logger.error("Couldn't save client", e);
m.addAttribute(JsonErrorView.ERROR, "invalid_client_metadata"); m.addAttribute(JsonErrorView.ERROR, "invalid_client_metadata");
m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Unable to save client due to invalid or inconsistent metadata."); m.addAttribute(JsonErrorView.ERROR_MESSAGE,
"Unable to save client due to invalid or inconsistent metadata.");
m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); // http 400 m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); // http 400
return JsonErrorView.VIEWNAME; return JsonErrorView.VIEWNAME;
} }
} else { } else {
// client mismatch // client mismatch
logger.error("updateProtectedResource" + logger.error("updateProtectedResource" + " failed, client ID mismatch: " + clientId + " and "
" failed, client ID mismatch: " + auth.getOAuth2Request().getClientId() + " do not match.");
+ clientId + " and " + auth.getOAuth2Request().getClientId() + " do not match.");
m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); // http 403 m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); // http 403
return HttpCodeView.VIEWNAME; return HttpCodeView.VIEWNAME;
@ -382,14 +391,18 @@ public class ProtectedResourceRegistrationEndpoint {
/** /**
* Delete the indicated client from the system. * Delete the indicated client from the system.
*
* @param clientId * @param clientId
* @param m * @param m
* @param auth * @param auth
* @return * @return
*/ */
@PreAuthorize("hasRole('ROLE_CLIENT') and #oauth2.hasScope('" + SystemScopeService.RESOURCE_TOKEN_SCOPE + "')") @PreAuthorize("hasRole('ROLE_CLIENT') and #oauth2.hasScope('"
@RequestMapping(value = "/{id}", method = RequestMethod.DELETE, produces = MediaType.APPLICATION_JSON_VALUE) + SystemScopeService.RESOURCE_TOKEN_SCOPE + "')")
public String deleteResource(@PathVariable("id") String clientId, Model m, OAuth2Authentication auth) { @RequestMapping(value = "/{id}", method = RequestMethod.DELETE,
produces = MediaType.APPLICATION_JSON_VALUE)
public String deleteResource(@PathVariable("id") String clientId, Model m,
OAuth2Authentication auth) {
ClientDetailsEntity client = clientService.loadClientByClientId(clientId); ClientDetailsEntity client = clientService.loadClientByClientId(clientId);
@ -402,22 +415,23 @@ public class ProtectedResourceRegistrationEndpoint {
return HttpCodeView.VIEWNAME; return HttpCodeView.VIEWNAME;
} else { } else {
// client mismatch // client mismatch
logger.error("readClientConfiguration failed, client ID mismatch: " logger.error("readClientConfiguration failed, client ID mismatch: " + clientId + " and "
+ clientId + " and " + auth.getOAuth2Request().getClientId() + " do not match."); + auth.getOAuth2Request().getClientId() + " do not match.");
m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); // http 403 m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); // http 403
return HttpCodeView.VIEWNAME; return HttpCodeView.VIEWNAME;
} }
} }
private ClientDetailsEntity validateAuth(ClientDetailsEntity newClient) throws ValidationException { private ClientDetailsEntity validateAuth(ClientDetailsEntity newClient)
throws ValidationException {
if (newClient.getTokenEndpointAuthMethod() == null) { if (newClient.getTokenEndpointAuthMethod() == null) {
newClient.setTokenEndpointAuthMethod(AuthMethod.SECRET_BASIC); newClient.setTokenEndpointAuthMethod(AuthMethod.SECRET_BASIC);
} }
if (newClient.getTokenEndpointAuthMethod() == AuthMethod.SECRET_BASIC || if (newClient.getTokenEndpointAuthMethod() == AuthMethod.SECRET_BASIC
newClient.getTokenEndpointAuthMethod() == AuthMethod.SECRET_JWT || || newClient.getTokenEndpointAuthMethod() == AuthMethod.SECRET_JWT
newClient.getTokenEndpointAuthMethod() == AuthMethod.SECRET_POST) { || newClient.getTokenEndpointAuthMethod() == AuthMethod.SECRET_POST) {
if (Strings.isNullOrEmpty(newClient.getClientSecret())) { if (Strings.isNullOrEmpty(newClient.getClientSecret())) {
// no secret yet, we need to generate a secret // no secret yet, we need to generate a secret
@ -425,19 +439,22 @@ public class ProtectedResourceRegistrationEndpoint {
} }
} else if (newClient.getTokenEndpointAuthMethod() == AuthMethod.PRIVATE_KEY) { } else if (newClient.getTokenEndpointAuthMethod() == AuthMethod.PRIVATE_KEY) {
if (Strings.isNullOrEmpty(newClient.getJwksUri()) && newClient.getJwks() == null) { if (Strings.isNullOrEmpty(newClient.getJwksUri()) && newClient.getJwks() == null) {
throw new ValidationException("invalid_client_metadata", "JWK Set URI required when using private key authentication", HttpStatus.BAD_REQUEST); throw new ValidationException("invalid_client_metadata",
"JWK Set URI required when using private key authentication", HttpStatus.BAD_REQUEST);
} }
newClient.setClientSecret(null); newClient.setClientSecret(null);
} else if (newClient.getTokenEndpointAuthMethod() == AuthMethod.NONE) { } else if (newClient.getTokenEndpointAuthMethod() == AuthMethod.NONE) {
newClient.setClientSecret(null); newClient.setClientSecret(null);
} else { } else {
throw new ValidationException("invalid_client_metadata", "Unknown authentication method", HttpStatus.BAD_REQUEST); throw new ValidationException("invalid_client_metadata", "Unknown authentication method",
HttpStatus.BAD_REQUEST);
} }
return newClient; return newClient;
} }
private OAuth2AccessTokenEntity fetchValidRegistrationToken(OAuth2Authentication auth, ClientDetailsEntity client) { private OAuth2AccessTokenEntity fetchValidRegistrationToken(OAuth2Authentication auth,
ClientDetailsEntity client) {
OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) auth.getDetails(); OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) auth.getDetails();
OAuth2AccessTokenEntity token = tokenService.readAccessToken(details.getTokenValue()); OAuth2AccessTokenEntity token = tokenService.readAccessToken(details.getTokenValue());
@ -446,7 +463,8 @@ public class ProtectedResourceRegistrationEndpoint {
try { try {
// Re-issue the token if it has been issued before [currentTime - validity] // Re-issue the token if it has been issued before [currentTime - validity]
Date validToDate = new Date(System.currentTimeMillis() - config.getRegTokenLifeTime() * 1000); Date validToDate =
new Date(System.currentTimeMillis() - config.getRegTokenLifeTime() * 1000);
if (token.getJwt().getJWTClaimsSet().getIssueTime().before(validToDate)) { if (token.getJwt().getJWTClaimsSet().getIssueTime().before(validToDate)) {
logger.info("Rotating the registration access token for " + client.getClientId()); logger.info("Rotating the registration access token for " + client.getClientId());
tokenService.revokeAccessToken(token); tokenService.revokeAccessToken(token);

11
pom.xml
View File

@ -385,35 +385,36 @@
<dependency> <dependency>
<groupId>org.springframework</groupId> <groupId>org.springframework</groupId>
<artifactId>spring-framework-bom</artifactId> <artifactId>spring-framework-bom</artifactId>
<version>4.3.7.RELEASE</version> <version>5.3.12</version>
<type>pom</type> <type>pom</type>
<scope>import</scope> <scope>import</scope>
</dependency> </dependency>
<!-- Jackson --> <!-- Jackson -->
<dependency> <dependency>
<groupId>com.fasterxml.jackson.core</groupId> <groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-databind</artifactId> <artifactId>jackson-databind</artifactId>
<version>2.9.0.pr2</version> <version>2.12.5</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>com.fasterxml.jackson.core</groupId> <groupId>com.fasterxml.jackson.core</groupId>
<artifactId>jackson-annotations</artifactId> <artifactId>jackson-annotations</artifactId>
<version>2.9.0.pr2</version> <version>2.12.5</version>
</dependency> </dependency>
<!-- Spring Security --> <!-- Spring Security -->
<dependency> <dependency>
<groupId>org.springframework.security</groupId> <groupId>org.springframework.security</groupId>
<artifactId>spring-security-bom</artifactId> <artifactId>spring-security-bom</artifactId>
<version>4.2.4.RELEASE</version> <version>5.5.3</version>
<type>pom</type> <type>pom</type>
<scope>import</scope> <scope>import</scope>
</dependency> </dependency>
<dependency> <dependency>
<groupId>org.springframework.security.oauth</groupId> <groupId>org.springframework.security.oauth</groupId>
<artifactId>spring-security-oauth2</artifactId> <artifactId>spring-security-oauth2</artifactId>
<version>2.1.0.RELEASE</version> <version>2.5.1.RELEASE</version>
</dependency> </dependency>
<!-- Servlet --> <!-- Servlet -->