github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

extracted RPT generation component to new token service class, closes #797

pull/708/merge
Justin Richer 2015-05-11 15:20:26 -04:00
parent 0ea06f01b8
commit 1f083c7acb
3 changed files with 144 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
openid-connect-common/src/main/java/org/mitre/uma/service/UmaTokenService.java Normal file
View File

@ -0,0 +1,41 @@
/*******************************************************************************
* Copyright 2015 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
package org.mitre.uma.service;
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
import org.mitre.uma.model.PermissionTicket;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
/**
* Service to create special tokens for UMA.
*
* @author jricher
*
*/
public interface UmaTokenService {
/**
* Create the RPT from the given authentication and ticket.
*
* @param o2auth
* @param ticket
* @return
*/
public OAuth2AccessTokenEntity createRequestingPartyToken(OAuth2Authentication o2auth, PermissionTicket ticket);
}

97
openid-connect-server/src/main/java/org/mitre/uma/service/impl/DefaultUmaTokenService.java Normal file
View File

@ -0,0 +1,97 @@
/*******************************************************************************
* Copyright 2015 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*******************************************************************************/
package org.mitre.uma.service.impl;
import java.util.UUID;
import org.mitre.jwt.signer.service.JWTSigningAndValidationService;
import org.mitre.oauth2.model.AuthenticationHolderEntity;
import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
import org.mitre.oauth2.repository.AuthenticationHolderRepository;
import org.mitre.oauth2.service.ClientDetailsEntityService;
import org.mitre.oauth2.service.OAuth2TokenEntityService;
import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
import org.mitre.uma.model.PermissionTicket;
import org.mitre.uma.service.UmaTokenService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import com.google.common.collect.Lists;
import com.google.common.collect.Sets;
import com.nimbusds.jose.JWSAlgorithm;
import com.nimbusds.jose.JWSHeader;
import com.nimbusds.jwt.JWTClaimsSet;
import com.nimbusds.jwt.SignedJWT;
/**
* @author jricher
*
*/
public class DefaultUmaTokenService implements UmaTokenService {
@Autowired
private AuthenticationHolderRepository authenticationHolderRepository;
@Autowired
private OAuth2TokenEntityService tokenService;
@Autowired
private ClientDetailsEntityService clientService;
@Autowired
private ConfigurationPropertiesBean configBean;
@Autowired
private JWTSigningAndValidationService jwtService;
@Override
public OAuth2AccessTokenEntity createRequestingPartyToken(OAuth2Authentication o2auth, PermissionTicket ticket) {
OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity();
AuthenticationHolderEntity authHolder = new AuthenticationHolderEntity();
authHolder.setAuthentication(o2auth);
authHolder = authenticationHolderRepository.save(authHolder);
token.setAuthenticationHolder(authHolder);
ClientDetailsEntity client = clientService.loadClientByClientId(o2auth.getOAuth2Request().getClientId());
token.setClient(client);
token.setPermissions(Sets.newHashSet(ticket.getPermission()));
JWTClaimsSet claims = new JWTClaimsSet();
claims.setAudience(Lists.newArrayList(ticket.getPermission().getResourceSet().getId().toString()));
claims.setIssuer(configBean.getIssuer());
claims.setJWTID(UUID.randomUUID().toString());
JWSAlgorithm signingAlgorithm = jwtService.getDefaultSigningAlgorithm();
SignedJWT signed = new SignedJWT(new JWSHeader(signingAlgorithm), claims);
jwtService.signJwt(signed);
token.setJwt(signed);
tokenService.saveAccessToken(token);
return token;
}
}

44
openid-connect-server/src/main/java/org/mitre/uma/web/AuthorizationRequestEndpoint.java
View File

@ -43,6 +43,7 @@ import org.mitre.uma.model.PermissionTicket;
import org.mitre.uma.model.ResourceSet;
import org.mitre.uma.service.ClaimsProcessingService;
import org.mitre.uma.service.PermissionService;
import org.mitre.uma.service.UmaTokenService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@ -96,20 +97,15 @@ public class AuthorizationRequestEndpoint {
@Autowired
private OIDCTokenService oidcTokenService;
/////// TODO: TEMPORARY
@Autowired private AuthenticationHolderRepository authenticationHolderRepository;
@Autowired private OAuth2TokenRepository tokenRepository;
@Autowired private ClientDetailsEntityService clientService;
@Autowired private ConfigurationPropertiesBean configBean;
@Autowired private JWTSigningAndValidationService jwtService;
////////
@Autowired
private WebResponseExceptionTranslator providerExceptionHandler;
@Autowired
private ClaimsProcessingService claimsProcessingService;
@Autowired
private UmaTokenService umaTokenService;
@RequestMapping(method = RequestMethod.POST, consumes = MimeTypeUtils.APPLICATION_JSON_VALUE, produces = MimeTypeUtils.APPLICATION_JSON_VALUE)
public String authorizationRequest(@RequestBody String jsonString, Model m, Authentication auth) {
@ -152,38 +148,10 @@ public class AuthorizationRequestEndpoint {
if (claimsUnmatched.isEmpty()) {
// if the unmatched claims come back empty, by function contract that means we're happy and can issue a token
// TODO: move this whole mess to the OIDCTokenService (#797)
OAuth2Authentication o2auth = (OAuth2Authentication) auth;
OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity();
AuthenticationHolderEntity authHolder = new AuthenticationHolderEntity();
authHolder.setAuthentication(o2auth);
authHolder = authenticationHolderRepository.save(authHolder);
token.setAuthenticationHolder(authHolder);
ClientDetailsEntity client = clientService.loadClientByClientId(o2auth.getOAuth2Request().getClientId());
token.setClient(client);
token.setPermissions(Sets.newHashSet(ticket.getPermission()));
JWTClaimsSet claims = new JWTClaimsSet();
claims.setAudience(Lists.newArrayList(ticket.getPermission().getResourceSet().getId().toString()));
claims.setIssuer(configBean.getIssuer());
claims.setJWTID(UUID.randomUUID().toString());
JWSAlgorithm signingAlgorithm = jwtService.getDefaultSigningAlgorithm();
SignedJWT signed = new SignedJWT(new JWSHeader(signingAlgorithm), claims);
jwtService.signJwt(signed);
token.setJwt(signed);
tokenService.saveAccessToken(token);
OAuth2AccessTokenEntity token = umaTokenService.createRequestingPartyToken(o2auth, ticket);
Map<String, String> entity = ImmutableMap.of("rpt", token.getValue());