diff --git a/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectingTokenService.java b/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectingTokenService.java index 41e0c99ed..c496547eb 100644 --- a/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectingTokenService.java +++ b/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectingTokenService.java @@ -11,8 +11,8 @@ import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.authority.AuthorityUtils; import org.springframework.security.oauth2.common.OAuth2AccessToken; -import org.springframework.security.oauth2.provider.AuthorizationRequest; import org.springframework.security.oauth2.provider.OAuth2Authentication; +import org.springframework.security.oauth2.provider.OAuth2Request; import org.springframework.security.oauth2.provider.token.ResourceServerTokenServices; import org.springframework.security.web.authentication.preauth.PreAuthenticatedAuthenticationToken; import org.springframework.util.LinkedMultiValueMap; @@ -79,14 +79,14 @@ public class IntrospectingTokenService implements ResourceServerTokenServices { return null; } - private AuthorizationRequest createAuthRequest(final JsonObject token) { + private OAuth2Request createAuthRequest(final JsonObject token) { clientId = token.get("client_id").getAsString(); Set scopes = new HashSet(); for (JsonElement e : token.get("scope").getAsJsonArray()) { scopes.add(e.getAsString()); } - AuthorizationRequest authReq = new AuthorizationRequest(); + OAuth2Request authReq = new OAuth2Request(); authReq.setScope(scopes); authReq.setClientId(clientId); return authReq; diff --git a/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/OAuth2AccessTokenImpl.java b/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/OAuth2AccessTokenImpl.java index b6141b2f7..5ec2cb774 100644 --- a/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/OAuth2AccessTokenImpl.java +++ b/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/OAuth2AccessTokenImpl.java @@ -1,7 +1,5 @@ package org.mitre.oauth2.introspectingfilter; -import com.google.gson.JsonElement; -import com.google.gson.JsonObject; import java.text.DateFormat; import java.text.ParseException; import java.text.SimpleDateFormat; @@ -12,9 +10,13 @@ import java.util.Set; import java.util.concurrent.TimeUnit; import java.util.logging.Level; import java.util.logging.Logger; + import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.common.OAuth2RefreshToken; +import com.google.gson.JsonElement; +import com.google.gson.JsonObject; + public class OAuth2AccessTokenImpl implements OAuth2AccessToken { diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java index d46322ea1..cf934b31d 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java @@ -42,8 +42,8 @@ import org.springframework.security.authentication.AuthenticationCredentialsNotF import org.springframework.security.core.AuthenticationException; import org.springframework.security.oauth2.common.exceptions.InvalidClientException; import org.springframework.security.oauth2.common.exceptions.InvalidTokenException; -import org.springframework.security.oauth2.provider.AuthorizationRequest; import org.springframework.security.oauth2.provider.OAuth2Authentication; +import org.springframework.security.oauth2.provider.OAuth2Request; import org.springframework.security.oauth2.provider.token.TokenEnhancer; import org.springframework.stereotype.Service; @@ -80,7 +80,7 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi public OAuth2AccessTokenEntity createAccessToken(OAuth2Authentication authentication) throws AuthenticationException, InvalidClientException { if (authentication != null && authentication.getAuthorizationRequest() != null) { // look up our client - AuthorizationRequest clientAuth = authentication.getAuthorizationRequest(); + OAuth2Request clientAuth = authentication.getAuthorizationRequest(); ClientDetailsEntity client = clientDetailsService.loadClientByClientId(clientAuth.getClientId()); @@ -151,7 +151,7 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi tokenRepository.saveAccessToken(token); //Add approved site reference, if any - AuthorizationRequest originalAuthRequest = authHolder.getAuthentication().getAuthorizationRequest(); + OAuth2Request originalAuthRequest = authHolder.getAuthentication().getAuthorizationRequest(); if (originalAuthRequest.getExtensionProperties().containsKey("approved_site")) { @@ -175,7 +175,7 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi } @Override - public OAuth2AccessTokenEntity refreshAccessToken(String refreshTokenValue, AuthorizationRequest authRequest) throws AuthenticationException { + public OAuth2AccessTokenEntity refreshAccessToken(String refreshTokenValue, OAuth2Request authRequest) throws AuthenticationException { OAuth2RefreshTokenEntity refreshToken = tokenRepository.getRefreshTokenByValue(refreshTokenValue); diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/token/ChainedTokenGranter.java b/openid-connect-server/src/main/java/org/mitre/oauth2/token/ChainedTokenGranter.java index 3de4fad23..21be12b6a 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/token/ChainedTokenGranter.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/token/ChainedTokenGranter.java @@ -14,8 +14,8 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.AuthenticationException; import org.springframework.security.oauth2.common.exceptions.InvalidScopeException; import org.springframework.security.oauth2.common.exceptions.InvalidTokenException; -import org.springframework.security.oauth2.provider.AuthorizationRequest; import org.springframework.security.oauth2.provider.OAuth2Authentication; +import org.springframework.security.oauth2.provider.OAuth2Request; import org.springframework.security.oauth2.provider.token.AbstractTokenGranter; import org.springframework.stereotype.Component; @@ -48,7 +48,7 @@ public class ChainedTokenGranter extends AbstractTokenGranter { * @see org.springframework.security.oauth2.provider.token.AbstractTokenGranter#getOAuth2Authentication(org.springframework.security.oauth2.provider.AuthorizationRequest) */ @Override - protected OAuth2Authentication getOAuth2Authentication(AuthorizationRequest authorizationRequest) throws AuthenticationException, InvalidTokenException { + protected OAuth2Authentication getOAuth2Authentication(OAuth2Request authorizationRequest) throws AuthenticationException, InvalidTokenException { // read and load up the existing token String incomingTokenValue = authorizationRequest.getAuthorizationParameters().get("token"); OAuth2AccessTokenEntity incomingToken = tokenServices.readAccessToken(incomingTokenValue); diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/token/JwtAssertionTokenGranter.java b/openid-connect-server/src/main/java/org/mitre/oauth2/token/JwtAssertionTokenGranter.java index 47df3d97e..e69776d11 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/token/JwtAssertionTokenGranter.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/token/JwtAssertionTokenGranter.java @@ -17,7 +17,7 @@ import org.springframework.security.core.AuthenticationException; import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.common.exceptions.InvalidClientException; import org.springframework.security.oauth2.common.exceptions.InvalidTokenException; -import org.springframework.security.oauth2.provider.AuthorizationRequest; +import org.springframework.security.oauth2.provider.OAuth2Request; import org.springframework.security.oauth2.provider.token.AbstractTokenGranter; import org.springframework.stereotype.Component; @@ -55,9 +55,9 @@ public class JwtAssertionTokenGranter extends AbstractTokenGranter { * @see org.springframework.security.oauth2.provider.token.AbstractTokenGranter#getOAuth2Authentication(org.springframework.security.oauth2.provider.AuthorizationRequest) */ @Override - protected OAuth2AccessToken getAccessToken(AuthorizationRequest authorizationRequest) throws AuthenticationException, InvalidTokenException { + protected OAuth2AccessToken getAccessToken(OAuth2Request oAuthRequest) throws AuthenticationException, InvalidTokenException { // read and load up the existing token - String incomingTokenValue = authorizationRequest.getAuthorizationParameters().get("assertion"); + String incomingTokenValue = oAuthRequest.getAuthorizationParameters().get("assertion"); OAuth2AccessTokenEntity incomingToken = tokenServices.readAccessToken(incomingTokenValue); ClientDetailsEntity client = incomingToken.getClient(); @@ -65,7 +65,7 @@ public class JwtAssertionTokenGranter extends AbstractTokenGranter { if (incomingToken.getScope().contains(OAuth2AccessTokenEntity.ID_TOKEN_SCOPE)) { - if (!client.getClientId().equals(authorizationRequest.getClientId())) { + if (!client.getClientId().equals(oAuthRequest.getClientId())) { throw new InvalidClientException("Not the right client for this token"); } diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java index 5d11d5465..fd201330b 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java @@ -31,8 +31,8 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; -import org.springframework.security.oauth2.provider.AuthorizationRequest; import org.springframework.security.oauth2.provider.ClientDetails; +import org.springframework.security.oauth2.provider.OAuth2Request; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.ModelAttribute; import org.springframework.web.bind.annotation.RequestMapping; @@ -67,7 +67,7 @@ public class OAuthConfirmationController { @PreAuthorize("hasRole('ROLE_USER')") @RequestMapping("/oauth/confirm_access") - public ModelAndView confimAccess(Map model, @ModelAttribute("authorizationRequest") AuthorizationRequest clientAuth) { + public ModelAndView confimAccess(Map model, @ModelAttribute("authorizationRequest") OAuth2Request clientAuth) { //AuthorizationRequest clientAuth = (AuthorizationRequest) model.remove("authorizationRequest"); diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/RevocationEndpoint.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/RevocationEndpoint.java index b352f19d5..8d0f2ec63 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/RevocationEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/RevocationEndpoint.java @@ -27,8 +27,8 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.core.AuthenticationException; import org.springframework.security.oauth2.common.exceptions.InvalidTokenException; -import org.springframework.security.oauth2.provider.AuthorizationRequest; import org.springframework.security.oauth2.provider.OAuth2Authentication; +import org.springframework.security.oauth2.provider.OAuth2Request; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestParam; @@ -86,7 +86,7 @@ public class RevocationEndpoint { // we've got a client acting on its own behalf, not an admin //ClientAuthentication clientAuth = (ClientAuthenticationToken) ((OAuth2Authentication) auth).getClientAuthentication(); - AuthorizationRequest clientAuth = ((OAuth2Authentication) principal).getAuthorizationRequest(); + OAuth2Request clientAuth = ((OAuth2Authentication) principal).getAuthorizationRequest(); if (refreshToken != null) { if (!refreshToken.getClient().getClientId().equals(clientAuth.getClientId())) { diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectAuthorizationRequestManager.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectOAuth2RequestManager.java similarity index 86% rename from openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectAuthorizationRequestManager.java rename to openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectOAuth2RequestManager.java index 365fa52ce..4a234d0df 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectAuthorizationRequestManager.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectOAuth2RequestManager.java @@ -24,9 +24,9 @@ import org.springframework.security.core.userdetails.User; import org.springframework.security.oauth2.common.exceptions.InvalidClientException; import org.springframework.security.oauth2.common.exceptions.InvalidScopeException; import org.springframework.security.oauth2.common.util.OAuth2Utils; -import org.springframework.security.oauth2.provider.AuthorizationRequest; -import org.springframework.security.oauth2.provider.AuthorizationRequestManager; import org.springframework.security.oauth2.provider.ClientDetails; +import org.springframework.security.oauth2.provider.OAuth2Request; +import org.springframework.security.oauth2.provider.OAuth2RequestManager; import org.springframework.stereotype.Component; import com.google.common.base.Strings; @@ -34,9 +34,9 @@ import com.nimbusds.jose.util.JSONObjectUtils; import com.nimbusds.jwt.SignedJWT; @Component("authorizationRequestManager") -public class ConnectAuthorizationRequestManager implements AuthorizationRequestManager { +public class ConnectOAuth2RequestManager implements OAuth2RequestManager { - private static Logger logger = LoggerFactory.getLogger(ConnectAuthorizationRequestManager.class); + private static Logger logger = LoggerFactory.getLogger(ConnectOAuth2RequestManager.class); @Autowired private NonceService nonceService; @@ -53,7 +53,7 @@ public class ConnectAuthorizationRequestManager implements AuthorizationRequestM * @param clientDetailsService * @param nonceService */ - public ConnectAuthorizationRequestManager(ClientDetailsEntityService clientDetailsService, NonceService nonceService) { + public ConnectOAuth2RequestManager(ClientDetailsEntityService clientDetailsService, NonceService nonceService) { this.clientDetailsService = clientDetailsService; this.nonceService = nonceService; } @@ -61,12 +61,12 @@ public class ConnectAuthorizationRequestManager implements AuthorizationRequestM /** * Default empty constructor */ - public ConnectAuthorizationRequestManager() { + public ConnectOAuth2RequestManager() { } @Override - public AuthorizationRequest createAuthorizationRequest(Map inputParams) { + public OAuth2Request createOAuth2Request(Map inputParams) { Map parameters = processRequestObject(inputParams); @@ -79,12 +79,12 @@ public class ConnectAuthorizationRequestManager implements AuthorizationRequestM String requestNonce = parameters.get("nonce"); - AuthorizationRequest request = new AuthorizationRequest(parameters, Collections. emptyMap(), - parameters.get(AuthorizationRequest.CLIENT_ID), - OAuth2Utils.parseParameterList(parameters.get(AuthorizationRequest.SCOPE)), null, - null, false, parameters.get(AuthorizationRequest.STATE), - parameters.get(AuthorizationRequest.REDIRECT_URI), - OAuth2Utils.parseParameterList(parameters.get(AuthorizationRequest.RESPONSE_TYPE))); + OAuth2Request request = new OAuth2Request(parameters, Collections. emptyMap(), + parameters.get(OAuth2Request.CLIENT_ID), + OAuth2Utils.parseParameterList(parameters.get(OAuth2Request.SCOPE)), null, + null, false, parameters.get(OAuth2Request.STATE), + parameters.get(OAuth2Request.REDIRECT_URI), + OAuth2Utils.parseParameterList(parameters.get(OAuth2Request.RESPONSE_TYPE))); //Only process if the user is authenticated. If the user is not authenticated yet, this //code will be called a second time once the user is redirected from the login page back diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java index 679348bd6..181824e5f 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java @@ -29,8 +29,8 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.oauth2.common.OAuth2AccessToken; -import org.springframework.security.oauth2.provider.AuthorizationRequest; import org.springframework.security.oauth2.provider.OAuth2Authentication; +import org.springframework.security.oauth2.provider.OAuth2Request; import org.springframework.security.oauth2.provider.token.TokenEnhancer; import org.springframework.stereotype.Service; @@ -62,7 +62,7 @@ public class ConnectTokenEnhancer implements TokenEnhancer { public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) { OAuth2AccessTokenEntity token = (OAuth2AccessTokenEntity) accessToken; - AuthorizationRequest originalAuthRequest = authentication.getAuthorizationRequest(); + OAuth2Request originalAuthRequest = authentication.getAuthorizationRequest(); String clientId = originalAuthRequest.getClientId(); ClientDetailsEntity client = clientService.loadClientByClientId(clientId); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java index 0c28406ac..3ec96c00d 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java @@ -27,9 +27,9 @@ import org.mitre.openid.connect.service.ApprovedSiteService; import org.mitre.openid.connect.service.WhitelistedSiteService; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.Authentication; -import org.springframework.security.oauth2.provider.AuthorizationRequest; import org.springframework.security.oauth2.provider.ClientDetails; import org.springframework.security.oauth2.provider.ClientDetailsService; +import org.springframework.security.oauth2.provider.OAuth2Request; import org.springframework.security.oauth2.provider.approval.UserApprovalHandler; import org.springframework.stereotype.Component; @@ -66,17 +66,17 @@ public class TofuUserApprovalHandler implements UserApprovalHandler { @Override - public boolean isApproved(AuthorizationRequest authorizationRequest, Authentication userAuthentication) { + public boolean isApproved(OAuth2Request oAuthRequest, Authentication userAuthentication) { // if this request is already approved, pass that info through // (this flag may be set by updateBeforeApproval, which can also do funny things with scopes, etc) - if (authorizationRequest.isApproved()) { + if (oAuthRequest.isApproved()) { return true; } else { // if not, check to see if the user has approved it // TODO: make parameter name configurable? - boolean approved = Boolean.parseBoolean(authorizationRequest.getApprovalParameters().get("user_oauth_approval")); + boolean approved = Boolean.parseBoolean(oAuthRequest.getApprovalParameters().get("user_oauth_approval")); return userAuthentication.isAuthenticated() && approved; } @@ -89,19 +89,19 @@ public class TofuUserApprovalHandler implements UserApprovalHandler { * * Otherwise the user will be directed to the approval page and can make their own decision. * - * @param authorizationRequest the incoming authorization request + * @param oAuthRequest the incoming authorization request * @param userAuthentication the Principal representing the currently-logged-in user * * @return the updated AuthorizationRequest */ @Override - public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) { + public OAuth2Request checkForPreApproval(OAuth2Request oAuthRequest, Authentication userAuthentication) { //First, check database to see if the user identified by the userAuthentication has stored an approval decision //getName may not be filled in? TODO: investigate String userId = userAuthentication.getName(); - String clientId = authorizationRequest.getClientId(); + String clientId = oAuthRequest.getClientId(); //lookup ApprovedSites by userId and clientId boolean alreadyApproved = false; @@ -111,14 +111,14 @@ public class TofuUserApprovalHandler implements UserApprovalHandler { if (!ap.isExpired()) { // if we find one that fits... - if (scopesMatch(authorizationRequest.getScope(), ap.getAllowedScopes())) { + if (scopesMatch(oAuthRequest.getScope(), ap.getAllowedScopes())) { //We have a match; update the access date on the AP entry and return true. ap.setAccessDate(new Date()); approvedSiteService.save(ap); - authorizationRequest.getExtensionProperties().put("approved_site", ap.getId()); - authorizationRequest.setApproved(true); + oAuthRequest.getExtensionProperties().put("approved_site", ap.getId()); + oAuthRequest.setApproved(true); alreadyApproved = true; } } @@ -126,37 +126,37 @@ public class TofuUserApprovalHandler implements UserApprovalHandler { if (!alreadyApproved) { WhitelistedSite ws = whitelistedSiteService.getByClientId(clientId); - if (ws != null && scopesMatch(authorizationRequest.getScope(), ws.getAllowedScopes())) { + if (ws != null && scopesMatch(oAuthRequest.getScope(), ws.getAllowedScopes())) { //Create an approved site ApprovedSite newSite = approvedSiteService.createApprovedSite(clientId, userId, null, ws.getAllowedScopes(), ws); - authorizationRequest.getExtensionProperties().put("approved_site", newSite.getId()); - authorizationRequest.setApproved(true); + oAuthRequest.getExtensionProperties().put("approved_site", newSite.getId()); + oAuthRequest.setApproved(true); } } - return authorizationRequest; + return oAuthRequest; } @Override - public AuthorizationRequest updateAfterApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) { + public OAuth2Request updateAfterApproval(OAuth2Request oAuthRequest, Authentication userAuthentication) { String userId = userAuthentication.getName(); - String clientId = authorizationRequest.getClientId(); + String clientId = oAuthRequest.getClientId(); ClientDetails client = clientDetailsService.loadClientByClientId(clientId); // This must be re-parsed here because SECOAUTH forces us to call things in a strange order - boolean approved = Boolean.parseBoolean(authorizationRequest.getApprovalParameters().get("user_oauth_approval")); + boolean approved = Boolean.parseBoolean(oAuthRequest.getApprovalParameters().get("user_oauth_approval")); if (approved) { - authorizationRequest.setApproved(true); + oAuthRequest.setApproved(true); // process scopes from user input Set allowedScopes = Sets.newHashSet(); - Map approvalParams = authorizationRequest.getApprovalParameters(); + Map approvalParams = oAuthRequest.getApprovalParameters(); Set keys = approvalParams.keySet(); @@ -177,10 +177,10 @@ public class TofuUserApprovalHandler implements UserApprovalHandler { // inject the user-allowed scopes into the auth request // TODO: for the moment this allows both upscoping and downscoping. - authorizationRequest.setScope(allowedScopes); + oAuthRequest.setScope(allowedScopes); //Only store an ApprovedSite if the user has checked "remember this decision": - String remember = authorizationRequest.getApprovalParameters().get("remember"); + String remember = oAuthRequest.getApprovalParameters().get("remember"); if (!Strings.isNullOrEmpty(remember) && !remember.equals("none")) { Date timeout = null; @@ -192,12 +192,12 @@ public class TofuUserApprovalHandler implements UserApprovalHandler { } ApprovedSite newSite = approvedSiteService.createApprovedSite(clientId, userId, timeout, allowedScopes, null); - authorizationRequest.getExtensionProperties().put("approved_site", newSite.getId()); + oAuthRequest.getExtensionProperties().put("approved_site", newSite.getId()); } } - return authorizationRequest; + return oAuthRequest; } /** diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java index 4217aaa73..a9ff0f5f4 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java @@ -25,9 +25,9 @@ import org.springframework.http.HttpStatus; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.authority.SimpleGrantedAuthority; -import org.springframework.security.oauth2.provider.AuthorizationRequest; -import org.springframework.security.oauth2.provider.AuthorizationRequestManager; import org.springframework.security.oauth2.provider.OAuth2Authentication; +import org.springframework.security.oauth2.provider.OAuth2Request; +import org.springframework.security.oauth2.provider.OAuth2RequestManager; import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; @@ -60,7 +60,7 @@ public class ClientDynamicRegistrationEndpoint { private SystemScopeService scopeService; @Autowired - private AuthorizationRequestManager authorizationRequestManager; + private OAuth2RequestManager oAuth2RequestManager; private static Logger logger = LoggerFactory.getLogger(ClientDynamicRegistrationEndpoint.class); private JsonParser parser = new JsonParser(); @@ -470,10 +470,10 @@ public class ClientDynamicRegistrationEndpoint { Map authorizationParameters = Maps.newHashMap(); authorizationParameters.put("client_id", client.getClientId()); authorizationParameters.put("scope", OAuth2AccessTokenEntity.REGISTRATION_TOKEN_SCOPE); - AuthorizationRequest authorizationRequest = authorizationRequestManager.createAuthorizationRequest(authorizationParameters); - authorizationRequest.setApproved(true); - authorizationRequest.setAuthorities(Sets.newHashSet(new SimpleGrantedAuthority("ROLE_CLIENT"))); - OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest, null); + OAuth2Request oAuthRequest = oAuth2RequestManager.createOAuth2Request(authorizationParameters); + oAuthRequest.setApproved(true); + oAuthRequest.setAuthorities(Sets.newHashSet(new SimpleGrantedAuthority("ROLE_CLIENT"))); + OAuth2Authentication authentication = new OAuth2Authentication(oAuthRequest, null); OAuth2AccessTokenEntity registrationAccessToken = (OAuth2AccessTokenEntity) tokenService.createAccessToken(authentication); return registrationAccessToken; } diff --git a/openid-connect-server/src/main/webapp/WEB-INF/application-context.xml b/openid-connect-server/src/main/webapp/WEB-INF/application-context.xml index 621ae6ec9..de1e0b64a 100644 --- a/openid-connect-server/src/main/webapp/WEB-INF/application-context.xml +++ b/openid-connect-server/src/main/webapp/WEB-INF/application-context.xml @@ -145,7 +145,7 @@ - + diff --git a/spring-security-oauth b/spring-security-oauth index 24b8229e5..2751c9490 160000 --- a/spring-security-oauth +++ b/spring-security-oauth @@ -1 +1 @@ -Subproject commit 24b8229e5cc34504d5854ec41e3c4b7248981dc2 +Subproject commit 2751c94908f712e7cb71cef49db25363912ea8bf