updated request object forwarding hack

openid-connect-server/src/main/java/org/mitre/openid/connect/web/RequestObjectAuthorizationEndpoint.java

@@ -1,40 +1,62 @@
 package org.mitre.openid.connect.web;
 
-import java.security.Principal;
+import java.net.URI;
-import java.util.Map;
+import java.net.URISyntaxException;
+import java.text.ParseException;
+
+import javax.servlet.http.HttpServletRequest;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.springframework.beans.factory.annotation.Autowired;
+import org.apache.http.client.utils.URIBuilder;
-import org.springframework.security.oauth2.provider.endpoint.AuthorizationEndpoint;
+import org.springframework.stereotype.Component;
+import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
-import org.springframework.web.bind.support.SessionStatus;
-import org.springframework.web.servlet.ModelAndView;
 
-// 
+import com.google.common.base.Strings;
-// TODO: make this into a controller again, use the forward: or redirect: mechanism to send to auth endpoint
+import com.nimbusds.jwt.JWT;
-//
+import com.nimbusds.jwt.JWTParser;
 
-//@Controller("requestObjectAuthorzationEndpoint")
+
+/**
+ * This @Controller is a hack to get around SECOAUTH's AuthorizationEndpoint requiring the response_type parameter to be passed in.
+ * 
+ * @author jricher
+ *
+ */
+@Controller("requestObjectAuthorzationEndpoint")
+//@Component
 public class RequestObjectAuthorizationEndpoint {
 
 	protected final Log logger = LogFactory.getLog(getClass());
 
-	@Autowired
+	@RequestMapping(value = "/authorize", params = "request")
-	private AuthorizationEndpoint authorizationEndpoint;
+	public String authorizeRequestObject(@RequestParam("request") String jwtString, @RequestParam(value = "response_type", required = false) String responseType, HttpServletRequest request) {
 
-	@RequestMapping(value = "/oauth/authorize", params = "request")
+		String query = request.getQueryString();
-	public ModelAndView authorizeRequestObject(Map<String, Object> model, @RequestParam("request") String jwtString, 
-			@RequestParam Map<String, String> parameters, SessionStatus sessionStatus, Principal principal) {
 		
-		/*
+		if (responseType == null) {
-		 * 
+			try {
-		 * SEE Processing code in ConnectAuthorizationRequestManager.processRequestObject
+		        JWT requestObject = JWTParser.parse(jwtString);
-		 *
+		        responseType = (String)requestObject.getJWTClaimsSet().getClaim("response_type");
-		 */ 
 		        
-		return null;
+		        URI uri = new URIBuilder(Strings.nullToEmpty(request.getServletPath()) + Strings.nullToEmpty(request.getPathInfo()) + "?" + query)
+		        	.addParameter("response_type", responseType)
+		        	.build();
+		        
+		        query = uri.getRawQuery();//uri.toString();
+		        
+	        } catch (ParseException e) {
+		        // TODO Auto-generated catch block
+		        e.printStackTrace();
+	        } catch (URISyntaxException e) {
+	            // TODO Auto-generated catch block
+	            e.printStackTrace();
+            }
+		}
+		
+		return "forward:/oauth/authorize?" + query;
 		
 	}
 	

openid-connect-server/src/main/webapp/WEB-INF/application-context.xml

@@ -27,7 +27,7 @@
 	</mvc:interceptors>
 	<mvc:default-servlet-handler />
 
-	<!-- Bean to hold configuration propreties -->
+	<!-- Bean to hold configuration properties -->
 	<import resource="server-config.xml" />
 
 	<!-- Import the data context -->

pom.xml

@@ -244,7 +244,7 @@
         <dependency>
             <groupId>org.apache.httpcomponents</groupId>
             <artifactId>httpclient</artifactId>
-            <version>4.1.1</version>
+            <version>4.2.3</version>
         </dependency>
         <dependency>
         	<groupId>mysql</groupId>