github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Removed nonce checking from token service impl

pull/263/head
Amanda Anganes 2013-01-04 15:28:55 -05:00
parent 7e7b2527db
commit 1af6513499
1 changed files with 1 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

44
openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java
View File

@ -71,12 +71,6 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
@Autowired @Autowired
private ClientDetailsEntityService clientDetailsService; private ClientDetailsEntityService clientDetailsService;
@Autowired
private NonceService nonceService;
//TODO how to specify this?
private Period nonceStorageDuration = new Period(1, 0, 0, 0, 0, 0, 0, 0);
@Autowired @Autowired
private TokenEnhancer tokenEnhancer; private TokenEnhancer tokenEnhancer;
@ -91,29 +85,7 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
if (client == null) { if (client == null) {
throw new InvalidClientException("Client not found: " + clientAuth.getClientId()); throw new InvalidClientException("Client not found: " + clientAuth.getClientId());
} }
String requestNonce = clientAuth.getAuthorizationParameters().get("nonce");
//Check request nonce for reuse
Collection<Nonce> clientNonces = nonceService.getByClientId(client.getClientId());
for (Nonce nonce : clientNonces) {
if (nonce.getValue().equals(requestNonce)) {
throw new NonceReuseException(client.getClientId(), nonce);
}
}
//Store nonce
Nonce nonce = new Nonce();
nonce.setClientId(client.getClientId());
nonce.setValue(requestNonce);
DateTime now = new DateTime(new Date());
DateTime expDate = now.plus(nonceStorageDuration);
Date expirationJdkDate = expDate.toDate();
nonce.setExpireDate(expirationJdkDate);
nonceService.save(nonce);
OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity();//accessTokenFactory.createNewAccessToken(); OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity();//accessTokenFactory.createNewAccessToken();
// attach the client // attach the client
@ -428,19 +400,5 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
public OAuth2AccessTokenEntity getAccessTokenForIdToken(OAuth2AccessTokenEntity idToken) { public OAuth2AccessTokenEntity getAccessTokenForIdToken(OAuth2AccessTokenEntity idToken) {
return tokenRepository.getAccessTokenForIdToken(idToken); return tokenRepository.getAccessTokenForIdToken(idToken);
} }
/**
* @return the nonceStorageDuration
*/
public Period getNonceStorageDuration() {
return nonceStorageDuration;
}
/**
* @param nonceStorageDuration the nonceStorageDuration to set
*/
public void setNonceStorageDuration(Period nonceStorageDuration) {
this.nonceStorageDuration = nonceStorageDuration;
}
} }