Merge branch 'refreshtokens' of file:///home/jricher/Projects/workspace-sts/OpenIDConnect-MITRE/OpenID-Connect-Java-Spring-Server into refreshtokens
Justin Richer
commit
29731d52f6
|
|
@ -1,3 +1,4 @@
|
||||||
|
#Thu Jun 28 14:40:29 EDT 2012
|
||||||
activeProfiles=
|
activeProfiles=
|
||||||
eclipse.preferences.version=1
|
eclipse.preferences.version=1
|
||||||
resolveWorkspaceProjects=true
|
resolveWorkspaceProjects=true
|
||||||
|
|
|
||||||
|
|
@ -1,3 +1,4 @@
|
||||||
|
#Thu Jun 28 14:40:29 EDT 2012
|
||||||
activeProfiles=
|
activeProfiles=
|
||||||
eclipse.preferences.version=1
|
eclipse.preferences.version=1
|
||||||
resolveWorkspaceProjects=true
|
resolveWorkspaceProjects=true
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,6 @@
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
<classpath>
|
<classpath>
|
||||||
<classpathentry kind="src" output="target/classes" path="src/main/java"/>
|
<classpathentry kind="src" output="target/classes" path="src/main/java"/>
|
||||||
<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources"/>
|
|
||||||
<classpathentry excluding="**" kind="src" output="target/test-classes" path="src/test/resources"/>
|
<classpathentry excluding="**" kind="src" output="target/test-classes" path="src/test/resources"/>
|
||||||
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.6"/>
|
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.6"/>
|
||||||
<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
|
<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
|
||||||
|
|
|
||||||
|
|
@ -0,0 +1,6 @@
|
||||||
|
#Thu Jun 28 14:40:32 EDT 2012
|
||||||
|
eclipse.preferences.version=1
|
||||||
|
org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.6
|
||||||
|
org.eclipse.jdt.core.compiler.compliance=1.6
|
||||||
|
org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
|
||||||
|
org.eclipse.jdt.core.compiler.source=1.6
|
||||||
|
|
@ -1,2 +1,3 @@
|
||||||
|
#Thu Jun 28 14:40:29 EDT 2012
|
||||||
eclipse.preferences.version=1
|
eclipse.preferences.version=1
|
||||||
org.eclipse.jdt.launching.PREF_STRICTLY_COMPATIBLE_JRE_NOT_AVAILABLE=warning
|
org.eclipse.jdt.launching.PREF_STRICTLY_COMPATIBLE_JRE_NOT_AVAILABLE=warning
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,6 @@
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
<classpath>
|
<classpath>
|
||||||
<classpathentry kind="src" output="target/classes" path="src/main/java"/>
|
<classpathentry kind="src" output="target/classes" path="src/main/java"/>
|
||||||
<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources"/>
|
|
||||||
<classpathentry kind="src" output="target/test-classes" path="src/test/java"/>
|
<classpathentry kind="src" output="target/test-classes" path="src/test/java"/>
|
||||||
<classpathentry excluding="**" kind="src" output="target/test-classes" path="src/test/resources"/>
|
<classpathentry excluding="**" kind="src" output="target/test-classes" path="src/test/resources"/>
|
||||||
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.6"/>
|
<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.6"/>
|
||||||
|
|
|
||||||
|
|
@ -1,2 +1,3 @@
|
||||||
|
#Thu Jun 28 14:40:29 EDT 2012
|
||||||
eclipse.preferences.version=1
|
eclipse.preferences.version=1
|
||||||
org.eclipse.jdt.launching.PREF_STRICTLY_COMPATIBLE_JRE_NOT_AVAILABLE=warning
|
org.eclipse.jdt.launching.PREF_STRICTLY_COMPATIBLE_JRE_NOT_AVAILABLE=warning
|
||||||
|
|
|
||||||
|
|
@ -1,8 +1,10 @@
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
<projectDescription>
|
<projectDescription>
|
||||||
<name>openid</name>
|
<name>openid-connect-server</name>
|
||||||
<comment>Reference implementation of OpenID Connect spec (http://openid.net/connect/). NO_M2ECLIPSE_SUPPORT: Project files created with the maven-eclipse-plugin are not supported in M2Eclipse.</comment>
|
<comment>Reference implementation of OpenID Connect spec (http://openid.net/connect/). NO_M2ECLIPSE_SUPPORT: Project files created with the maven-eclipse-plugin are not supported in M2Eclipse.</comment>
|
||||||
<projects>
|
<projects>
|
||||||
|
<project>openid-connect-common</project>
|
||||||
|
<project>spring-security-oauth2</project>
|
||||||
</projects>
|
</projects>
|
||||||
<buildSpec>
|
<buildSpec>
|
||||||
<buildCommand>
|
<buildCommand>
|
||||||
|
|
@ -21,12 +23,12 @@
|
||||||
</arguments>
|
</arguments>
|
||||||
</buildCommand>
|
</buildCommand>
|
||||||
<buildCommand>
|
<buildCommand>
|
||||||
<name>org.eclipse.wst.validation.validationbuilder</name>
|
<name>org.eclipse.m2e.core.maven2Builder</name>
|
||||||
<arguments>
|
<arguments>
|
||||||
</arguments>
|
</arguments>
|
||||||
</buildCommand>
|
</buildCommand>
|
||||||
<buildCommand>
|
<buildCommand>
|
||||||
<name>org.eclipse.m2e.core.maven2Builder</name>
|
<name>org.eclipse.wst.validation.validationbuilder</name>
|
||||||
<arguments>
|
<arguments>
|
||||||
</arguments>
|
</arguments>
|
||||||
</buildCommand>
|
</buildCommand>
|
||||||
|
|
@ -34,9 +36,9 @@
|
||||||
<natures>
|
<natures>
|
||||||
<nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
|
<nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
|
||||||
<nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
|
<nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
|
||||||
|
<nature>org.eclipse.m2e.core.maven2Nature</nature>
|
||||||
<nature>org.eclipse.jdt.core.javanature</nature>
|
<nature>org.eclipse.jdt.core.javanature</nature>
|
||||||
<nature>org.eclipse.wst.common.project.facet.core.nature</nature>
|
<nature>org.eclipse.wst.common.project.facet.core.nature</nature>
|
||||||
<nature>org.eclipse.wst.jsdt.core.jsNature</nature>
|
<nature>org.eclipse.wst.jsdt.core.jsNature</nature>
|
||||||
<nature>org.eclipse.m2e.core.maven2Nature</nature>
|
|
||||||
</natures>
|
</natures>
|
||||||
</projectDescription>
|
</projectDescription>
|
||||||
|
|
|
||||||
|
|
@ -1,2 +1,3 @@
|
||||||
|
#Thu Jun 28 14:40:29 EDT 2012
|
||||||
com.springsource.sts.maven.maven.automatically.update=true
|
com.springsource.sts.maven.maven.automatically.update=true
|
||||||
eclipse.preferences.version=1
|
eclipse.preferences.version=1
|
||||||
|
|
|
||||||
|
|
@ -1,19 +1,9 @@
|
||||||
|
#Thu Jun 28 14:40:32 EDT 2012
|
||||||
eclipse.preferences.version=1
|
eclipse.preferences.version=1
|
||||||
org.eclipse.jdt.core.builder.cleanOutputFolder=clean
|
|
||||||
org.eclipse.jdt.core.builder.duplicateResourceTask=warning
|
|
||||||
org.eclipse.jdt.core.builder.invalidClasspath=abort
|
|
||||||
org.eclipse.jdt.core.builder.recreateModifiedClassFileInOutputFolder=ignore
|
|
||||||
org.eclipse.jdt.core.builder.resourceCopyExclusionFilter=*.launch
|
|
||||||
org.eclipse.jdt.core.circularClasspath=warning
|
|
||||||
org.eclipse.jdt.core.classpath.exclusionPatterns=enabled
|
|
||||||
org.eclipse.jdt.core.classpath.multipleOutputLocations=enabled
|
|
||||||
org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
|
org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
|
||||||
org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.6
|
org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.6
|
||||||
org.eclipse.jdt.core.compiler.compliance=1.6
|
org.eclipse.jdt.core.compiler.compliance=1.6
|
||||||
org.eclipse.jdt.core.compiler.maxProblemPerUnit=100
|
|
||||||
org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
|
org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
|
||||||
org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
|
org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
|
||||||
org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
|
org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
|
||||||
org.eclipse.jdt.core.compiler.source=1.6
|
org.eclipse.jdt.core.compiler.source=1.6
|
||||||
org.eclipse.jdt.core.incompatibleJDKLevel=ignore
|
|
||||||
org.eclipse.jdt.core.incompleteClasspath=error
|
|
||||||
|
|
|
||||||
|
|
@ -1,17 +1,19 @@
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
<?xml version="1.0" encoding="UTF-8"?>
|
||||||
<project-modules id="moduleCoreId" project-version="1.5.0">
|
<project-modules id="moduleCoreId" project-version="1.5.0">
|
||||||
<wb-module deploy-name="openid">
|
<wb-module deploy-name="openid-connect-server-MITRE">
|
||||||
<wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/java"/>
|
|
||||||
<wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/resources"/>
|
|
||||||
<wb-resource deploy-path="/" source-path="/target/m2e-wtp/web-resources"/>
|
<wb-resource deploy-path="/" source-path="/target/m2e-wtp/web-resources"/>
|
||||||
<wb-resource deploy-path="/" source-path="/src/main/webapp" tag="defaultRootSource"/>
|
<wb-resource deploy-path="/" source-path="/src/main/webapp" tag="defaultRootSource"/>
|
||||||
<dependent-module archiveName="spring-security-oauth2-1.0.0.BUILD-SNAPSHOT.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/spring-security-oauth2/spring-security-oauth2">
|
<wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/java"/>
|
||||||
|
<wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/resources"/>
|
||||||
|
<wb-resource deploy-path="/WEB-INF/classes" source-path="/src/test/java"/>
|
||||||
|
<wb-resource deploy-path="/WEB-INF/classes" source-path="/src/test/resources"/>
|
||||||
|
<dependent-module archiveName="spring-security-oauth2-1.0.0.BUILD-SNAPSHOT.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/spring-security-oauth2-MITRE/spring-security-oauth2-MITRE">
|
||||||
<dependency-type>uses</dependency-type>
|
<dependency-type>uses</dependency-type>
|
||||||
</dependent-module>
|
</dependent-module>
|
||||||
<dependent-module archiveName="openid-connect-common-0.1-SNAPSHOT.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/openid-connect-common/openid-connect-common">
|
<dependent-module archiveName="openid-connect-common-0.1-SNAPSHOT.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/openid-connect-common-MITRE/openid-connect-common-MITRE">
|
||||||
<dependency-type>uses</dependency-type>
|
<dependency-type>uses</dependency-type>
|
||||||
</dependent-module>
|
</dependent-module>
|
||||||
<property name="java-output-path" value="/openid/target/classes"/>
|
|
||||||
<property name="context-root" value="openid-connect-server"/>
|
<property name="context-root" value="openid-connect-server"/>
|
||||||
|
<property name="java-output-path" value="/openid-connect-server-MITRE/target/classes"/>
|
||||||
</wb-module>
|
</wb-module>
|
||||||
</project-modules>
|
</project-modules>
|
||||||
|
|
|
||||||
|
|
@ -21,6 +21,7 @@ package org.mitre.oauth2.service.impl;
|
||||||
import java.util.Date;
|
import java.util.Date;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
import java.util.UUID;
|
||||||
|
|
||||||
import org.mitre.oauth2.model.ClientDetailsEntity;
|
import org.mitre.oauth2.model.ClientDetailsEntity;
|
||||||
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
|
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
|
||||||
|
|
@ -64,19 +65,12 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
|
||||||
@Autowired
|
@Autowired
|
||||||
private ClientDetailsEntityService clientDetailsService;
|
private ClientDetailsEntityService clientDetailsService;
|
||||||
|
|
||||||
@Autowired
|
|
||||||
private OAuth2AccessTokenEntityFactory accessTokenFactory;
|
|
||||||
|
|
||||||
@Autowired
|
|
||||||
private OAuth2RefreshTokenEntityFactory refreshTokenFactory;
|
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
private TokenEnhancer tokenEnhancer;
|
private TokenEnhancer tokenEnhancer;
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public OAuth2AccessTokenEntity createAccessToken(OAuth2Authentication authentication) throws AuthenticationException, InvalidClientException {
|
public OAuth2AccessTokenEntity createAccessToken(OAuth2Authentication authentication) throws AuthenticationException, InvalidClientException {
|
||||||
if (authentication != null &&
|
if (authentication != null && authentication.getAuthorizationRequest() != null) {
|
||||||
authentication.getAuthorizationRequest() != null) {
|
|
||||||
// look up our client
|
// look up our client
|
||||||
AuthorizationRequest clientAuth = authentication.getAuthorizationRequest();
|
AuthorizationRequest clientAuth = authentication.getAuthorizationRequest();
|
||||||
|
|
||||||
|
|
@ -121,7 +115,7 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
|
||||||
|
|
||||||
// attach a refresh token, if this client is allowed to request them
|
// attach a refresh token, if this client is allowed to request them
|
||||||
if (client.isAllowRefresh()) {
|
if (client.isAllowRefresh()) {
|
||||||
OAuth2RefreshTokenEntity refreshToken = refreshTokenFactory.createNewRefreshToken();
|
OAuth2RefreshTokenEntity refreshToken = new OAuth2RefreshTokenEntity(); //refreshTokenFactory.createNewRefreshToken();
|
||||||
|
|
||||||
// make it expire if necessary
|
// make it expire if necessary
|
||||||
if (client.getRefreshTokenValiditySeconds() != null) {
|
if (client.getRefreshTokenValiditySeconds() != null) {
|
||||||
|
|
@ -132,9 +126,10 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
|
||||||
// save our scopes so that we can reuse them later for more auth tokens
|
// save our scopes so that we can reuse them later for more auth tokens
|
||||||
// TODO: save the auth instead of the just the scope?
|
// TODO: save the auth instead of the just the scope?
|
||||||
if (client.isScoped()) {
|
if (client.isScoped()) {
|
||||||
refreshToken.setScope(clientAuth.getScope());
|
refreshToken.setScope(token.getScope());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// save the token first so that we can set it to a member of the access token (NOTE: is this step necessary?)
|
||||||
tokenRepository.saveRefreshToken(refreshToken);
|
tokenRepository.saveRefreshToken(refreshToken);
|
||||||
|
|
||||||
token.setRefreshToken(refreshToken);
|
token.setRefreshToken(refreshToken);
|
||||||
|
|
@ -144,6 +139,10 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
|
||||||
|
|
||||||
tokenRepository.saveAccessToken(token);
|
tokenRepository.saveAccessToken(token);
|
||||||
|
|
||||||
|
if (token.getRefreshToken() != null) {
|
||||||
|
tokenRepository.saveRefreshToken(token.getRefreshToken()); // make sure we save any changes that might have been enhanced
|
||||||
|
}
|
||||||
|
|
||||||
return token;
|
return token;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -178,14 +177,14 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
|
||||||
// TODO: have the option to recycle the refresh token here, too
|
// TODO: have the option to recycle the refresh token here, too
|
||||||
// for now, we just reuse it as long as it's valid, which is the original intent
|
// for now, we just reuse it as long as it's valid, which is the original intent
|
||||||
|
|
||||||
OAuth2AccessTokenEntity token = accessTokenFactory.createNewAccessToken();
|
OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity(); //accessTokenFactory.createNewAccessToken();
|
||||||
|
|
||||||
|
|
||||||
if (scope != null && !scope.isEmpty()) {
|
if (scope != null && !scope.isEmpty()) {
|
||||||
// ensure a proper subset of scopes
|
// ensure a proper subset of scopes
|
||||||
if (refreshToken.getScope() != null && refreshToken.getScope().containsAll(scope)) {
|
if (refreshToken.getScope() != null && refreshToken.getScope().containsAll(scope)) {
|
||||||
// set the scope of the new access token if requested
|
// set the scope of the new access token if requested
|
||||||
refreshToken.setScope(scope);
|
token.setScope(scope);
|
||||||
} else {
|
} else {
|
||||||
// up-scoping is not allowed
|
// up-scoping is not allowed
|
||||||
// (TODO: should this throw InvalidScopeException? For now just pass through)
|
// (TODO: should this throw InvalidScopeException? For now just pass through)
|
||||||
|
|
@ -205,6 +204,9 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
|
||||||
|
|
||||||
token.setRefreshToken(refreshToken);
|
token.setRefreshToken(refreshToken);
|
||||||
|
|
||||||
|
// TODO: call the token enhancer on refresh, too
|
||||||
|
//tokenEnhancer.enhance(token, refreshToken.get)
|
||||||
|
|
||||||
tokenRepository.saveAccessToken(token);
|
tokenRepository.saveAccessToken(token);
|
||||||
|
|
||||||
return token;
|
return token;
|
||||||
|
|
@ -348,16 +350,6 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
|
||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
||||||
public DefaultOAuth2ProviderTokenServicesBuilder setAccessTokenFactory(OAuth2AccessTokenEntityFactory accessTokenFactory) {
|
|
||||||
instance.accessTokenFactory = accessTokenFactory;
|
|
||||||
return this;
|
|
||||||
}
|
|
||||||
|
|
||||||
public DefaultOAuth2ProviderTokenServicesBuilder setRefreshTokenFactory(OAuth2RefreshTokenEntityFactory refreshTokenFactory) {
|
|
||||||
instance.refreshTokenFactory = refreshTokenFactory;
|
|
||||||
return this;
|
|
||||||
}
|
|
||||||
|
|
||||||
public DefaultOAuth2ProviderTokenServicesBuilder setTokenEnhancer(TokenEnhancer tokenEnhancer) {
|
public DefaultOAuth2ProviderTokenServicesBuilder setTokenEnhancer(TokenEnhancer tokenEnhancer) {
|
||||||
instance.tokenEnhancer = tokenEnhancer;
|
instance.tokenEnhancer = tokenEnhancer;
|
||||||
return this;
|
return this;
|
||||||
|
|
|
||||||
|
|
@ -17,6 +17,7 @@ package org.mitre.openid.connect.token;
|
||||||
|
|
||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
import java.util.Date;
|
import java.util.Date;
|
||||||
|
import java.util.UUID;
|
||||||
|
|
||||||
import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
|
import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
|
||||||
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
|
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
|
||||||
|
|
@ -62,6 +63,12 @@ public class ConnectTokenEnhancer implements TokenEnhancer {
|
||||||
|
|
||||||
token.getJwt().getClaims().setExpiration(token.getExpiration());
|
token.getJwt().getClaims().setExpiration(token.getExpiration());
|
||||||
|
|
||||||
|
token.getJwt().getClaims().setNonce(UUID.randomUUID().toString()); // set a random NONCE in the middle of it
|
||||||
|
|
||||||
|
if (token.getRefreshToken() != null) {
|
||||||
|
token.getRefreshToken().getJwt().getClaims().setNonce(UUID.randomUUID().toString()); // set a random nonce in the middle of it
|
||||||
|
}
|
||||||
|
|
||||||
//TODO: check for client's preferred signer alg and use that
|
//TODO: check for client's preferred signer alg and use that
|
||||||
try {
|
try {
|
||||||
jwtService.signJwt(token.getJwt());
|
jwtService.signJwt(token.getJwt());
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue