Merge branch 'refreshtokens' of file:///home/jricher/Projects/workspace-sts/OpenIDConnect-MITRE/OpenID-Connect-Java-Spring-Server into refreshtokens

2012-06-28 17:00:17 -04:00 · 2012-06-28 17:00:17 -04:00 · 29731d52f6
parent 0dc568e5d0 d4b45006d5
commit 29731d52f6
13 changed files with 52 additions and 50 deletions
--- a/.settings/org.eclipse.m2e.core.prefs
+++ b/.settings/org.eclipse.m2e.core.prefs
@ -1,3 +1,4 @@
+#Thu Jun 28 14:40:29 EDT 2012
 activeProfiles=
 eclipse.preferences.version=1
 resolveWorkspaceProjects=true
--- a/account-chooser/.settings/org.eclipse.m2e.core.prefs
+++ b/account-chooser/.settings/org.eclipse.m2e.core.prefs
@ -1,3 +1,4 @@
+#Thu Jun 28 14:40:29 EDT 2012
 activeProfiles=
 eclipse.preferences.version=1
 resolveWorkspaceProjects=true
--- a/openid-connect-client/.classpath
+++ b/openid-connect-client/.classpath
@ -1,7 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <classpath>
 	<classpathentry kind="src" output="target/classes" path="src/main/java"/>
-	<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources"/>
 	<classpathentry excluding="**" kind="src" output="target/test-classes" path="src/test/resources"/>
 	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.6"/>
 	<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
--- a/openid-connect-client/.settings/org.eclipse.jdt.core.prefs
+++ b/openid-connect-client/.settings/org.eclipse.jdt.core.prefs
@ -0,0 +1,6 @@
+#Thu Jun 28 14:40:32 EDT 2012
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.6
+org.eclipse.jdt.core.compiler.compliance=1.6
+org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
+org.eclipse.jdt.core.compiler.source=1.6
--- a/openid-connect-client/.settings/org.eclipse.jdt.launching.prefs
+++ b/openid-connect-client/.settings/org.eclipse.jdt.launching.prefs
@ -1,2 +1,3 @@
+#Thu Jun 28 14:40:29 EDT 2012
 eclipse.preferences.version=1
 org.eclipse.jdt.launching.PREF_STRICTLY_COMPATIBLE_JRE_NOT_AVAILABLE=warning
--- a/openid-connect-common/.classpath
+++ b/openid-connect-common/.classpath
@ -1,7 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <classpath>
 	<classpathentry kind="src" output="target/classes" path="src/main/java"/>
-	<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources"/>
 	<classpathentry kind="src" output="target/test-classes" path="src/test/java"/>
 	<classpathentry excluding="**" kind="src" output="target/test-classes" path="src/test/resources"/>
 	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.6"/>
--- a/openid-connect-common/.settings/org.eclipse.jdt.launching.prefs
+++ b/openid-connect-common/.settings/org.eclipse.jdt.launching.prefs
@ -1,2 +1,3 @@
+#Thu Jun 28 14:40:29 EDT 2012
 eclipse.preferences.version=1
 org.eclipse.jdt.launching.PREF_STRICTLY_COMPATIBLE_JRE_NOT_AVAILABLE=warning
--- a/openid-connect-server/.project
+++ b/openid-connect-server/.project
@ -1,8 +1,10 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <projectDescription>
-	<name>openid</name>
+	<name>openid-connect-server</name>
 	<comment>Reference implementation of OpenID Connect spec (http://openid.net/connect/). NO_M2ECLIPSE_SUPPORT: Project files created with the maven-eclipse-plugin are not supported in M2Eclipse.</comment>
 	<projects>
+		<project>openid-connect-common</project>
+		<project>spring-security-oauth2</project>
 	</projects>
 	<buildSpec>
 		<buildCommand>
@ -21,12 +23,12 @@
 			</arguments>
 		</buildCommand>
 		<buildCommand>
-			<name>org.eclipse.wst.validation.validationbuilder</name>
+			<name>org.eclipse.m2e.core.maven2Builder</name>
 			<arguments>
 			</arguments>
 		</buildCommand>
 		<buildCommand>
-			<name>org.eclipse.m2e.core.maven2Builder</name>
+			<name>org.eclipse.wst.validation.validationbuilder</name>
 			<arguments>
 			</arguments>
 		</buildCommand>
@ -34,9 +36,9 @@
 	<natures>
 		<nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
 		<nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
+		<nature>org.eclipse.m2e.core.maven2Nature</nature>
 		<nature>org.eclipse.jdt.core.javanature</nature>
 		<nature>org.eclipse.wst.common.project.facet.core.nature</nature>
 		<nature>org.eclipse.wst.jsdt.core.jsNature</nature>
-		<nature>org.eclipse.m2e.core.maven2Nature</nature>
 	</natures>
 </projectDescription>
--- a/openid-connect-server/.settings/com.springsource.sts.maven.prefs
+++ b/openid-connect-server/.settings/com.springsource.sts.maven.prefs
@ -1,2 +1,3 @@
+#Thu Jun 28 14:40:29 EDT 2012
 com.springsource.sts.maven.maven.automatically.update=true
 eclipse.preferences.version=1
--- a/openid-connect-server/.settings/org.eclipse.jdt.core.prefs
+++ b/openid-connect-server/.settings/org.eclipse.jdt.core.prefs
@ -1,19 +1,9 @@
+#Thu Jun 28 14:40:32 EDT 2012
 eclipse.preferences.version=1
-org.eclipse.jdt.core.builder.cleanOutputFolder=clean
-org.eclipse.jdt.core.builder.duplicateResourceTask=warning
-org.eclipse.jdt.core.builder.invalidClasspath=abort
-org.eclipse.jdt.core.builder.recreateModifiedClassFileInOutputFolder=ignore
-org.eclipse.jdt.core.builder.resourceCopyExclusionFilter=*.launch
-org.eclipse.jdt.core.circularClasspath=warning
-org.eclipse.jdt.core.classpath.exclusionPatterns=enabled
-org.eclipse.jdt.core.classpath.multipleOutputLocations=enabled
 org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
 org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.6
 org.eclipse.jdt.core.compiler.compliance=1.6
-org.eclipse.jdt.core.compiler.maxProblemPerUnit=100
 org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
 org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
 org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
 org.eclipse.jdt.core.compiler.source=1.6
-org.eclipse.jdt.core.incompatibleJDKLevel=ignore
-org.eclipse.jdt.core.incompleteClasspath=error
--- a/openid-connect-server/.settings/org.eclipse.wst.common.component
+++ b/openid-connect-server/.settings/org.eclipse.wst.common.component
@ -1,17 +1,19 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <project-modules id="moduleCoreId" project-version="1.5.0">
-    <wb-module deploy-name="openid">
-        <wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/java"/>
-        <wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/resources"/>
+    <wb-module deploy-name="openid-connect-server-MITRE">
        <wb-resource deploy-path="/" source-path="/target/m2e-wtp/web-resources"/>
        <wb-resource deploy-path="/" source-path="/src/main/webapp" tag="defaultRootSource"/>
-        <dependent-module archiveName="spring-security-oauth2-1.0.0.BUILD-SNAPSHOT.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/spring-security-oauth2/spring-security-oauth2">
+        <wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/java"/>
+        <wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/resources"/>
+        <wb-resource deploy-path="/WEB-INF/classes" source-path="/src/test/java"/>
+        <wb-resource deploy-path="/WEB-INF/classes" source-path="/src/test/resources"/>
+        <dependent-module archiveName="spring-security-oauth2-1.0.0.BUILD-SNAPSHOT.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/spring-security-oauth2-MITRE/spring-security-oauth2-MITRE">
            <dependency-type>uses</dependency-type>
        </dependent-module>
-        <dependent-module archiveName="openid-connect-common-0.1-SNAPSHOT.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/openid-connect-common/openid-connect-common">
+        <dependent-module archiveName="openid-connect-common-0.1-SNAPSHOT.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/openid-connect-common-MITRE/openid-connect-common-MITRE">
            <dependency-type>uses</dependency-type>
        </dependent-module>
-        <property name="java-output-path" value="/openid/target/classes"/>
        <property name="context-root" value="openid-connect-server"/>
+        <property name="java-output-path" value="/openid-connect-server-MITRE/target/classes"/>
    </wb-module>
 </project-modules>
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java
@ -21,6 +21,7 @@ package org.mitre.oauth2.service.impl;
 import java.util.Date;
 import java.util.List;
 import java.util.Set;
+import java.util.UUID;

 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
@ -64,19 +65,12 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
 	@Autowired
 	private ClientDetailsEntityService clientDetailsService;
 	
-	@Autowired
-	private OAuth2AccessTokenEntityFactory accessTokenFactory;
-	
-	@Autowired
-	private OAuth2RefreshTokenEntityFactory refreshTokenFactory;
-	
 	@Autowired
 	private TokenEnhancer tokenEnhancer;
 	
 	@Override
    public OAuth2AccessTokenEntity createAccessToken(OAuth2Authentication authentication) throws AuthenticationException, InvalidClientException {
-		if (authentication != null && 
-				authentication.getAuthorizationRequest() != null) {
+		if (authentication != null && authentication.getAuthorizationRequest() != null) {
 			// look up our client
 			AuthorizationRequest clientAuth = authentication.getAuthorizationRequest();
 			
@ -121,7 +115,7 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
 	    	
 	    	// attach a refresh token, if this client is allowed to request them
 	    	if (client.isAllowRefresh()) {
-	    		OAuth2RefreshTokenEntity refreshToken = refreshTokenFactory.createNewRefreshToken();
+	    		OAuth2RefreshTokenEntity refreshToken = new OAuth2RefreshTokenEntity(); //refreshTokenFactory.createNewRefreshToken();

 	    		// make it expire if necessary
 	    		if (client.getRefreshTokenValiditySeconds() != null) {
@ -132,9 +126,10 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
 	    		// save our scopes so that we can reuse them later for more auth tokens
 	    		// TODO: save the auth instead of the just the scope?
 			    if (client.isScoped()) {
-			    	refreshToken.setScope(clientAuth.getScope());
+			    	refreshToken.setScope(token.getScope());
 			    }

+			    // save the token first so that we can set it to a member of the access token (NOTE: is this step necessary?)
 			    tokenRepository.saveRefreshToken(refreshToken);
 			    
 	    		token.setRefreshToken(refreshToken);
@ -144,6 +139,10 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
 	    	
 		    tokenRepository.saveAccessToken(token);
 		    
+		    if (token.getRefreshToken() != null) {
+		    	tokenRepository.saveRefreshToken(token.getRefreshToken()); // make sure we save any changes that might have been enhanced
+		    }
+		    
 		    return token;
 		}
 		
@ -178,14 +177,14 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
 		// TODO: have the option to recycle the refresh token here, too
 		// for now, we just reuse it as long as it's valid, which is the original intent

-		OAuth2AccessTokenEntity token = accessTokenFactory.createNewAccessToken();
+		OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity(); //accessTokenFactory.createNewAccessToken();

 		
 		if (scope != null && !scope.isEmpty()) { 
 			// ensure a proper subset of scopes 
 			if (refreshToken.getScope() != null && refreshToken.getScope().containsAll(scope)) {
 				// set the scope of the new access token if requested
-				refreshToken.setScope(scope);
+				token.setScope(scope);
 			} else {
 				// up-scoping is not allowed
 				// (TODO: should this throw InvalidScopeException? For now just pass through)
@ -205,6 +204,9 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
    	
    	token.setRefreshToken(refreshToken);

+    	// TODO: call the token enhancer on refresh, too
+    	//tokenEnhancer.enhance(token, refreshToken.get)
+    	
    	tokenRepository.saveAccessToken(token);
    	
    	return token;
@ -348,16 +350,6 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
 			return this;
 		}
 		
-		public DefaultOAuth2ProviderTokenServicesBuilder setAccessTokenFactory(OAuth2AccessTokenEntityFactory accessTokenFactory) {
-			instance.accessTokenFactory = accessTokenFactory;
-			return this;
-		}
-		
-		public DefaultOAuth2ProviderTokenServicesBuilder setRefreshTokenFactory(OAuth2RefreshTokenEntityFactory refreshTokenFactory) {
-			instance.refreshTokenFactory = refreshTokenFactory;
-			return this;
-		}
-		
 		public DefaultOAuth2ProviderTokenServicesBuilder setTokenEnhancer(TokenEnhancer tokenEnhancer) {
 			instance.tokenEnhancer = tokenEnhancer;
 			return this;
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java
@ -17,6 +17,7 @@ package org.mitre.openid.connect.token;

 import java.security.NoSuchAlgorithmException;
 import java.util.Date;
+import java.util.UUID;

 import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
 import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
@ -62,6 +63,12 @@ public class ConnectTokenEnhancer implements TokenEnhancer {
 		
 		token.getJwt().getClaims().setExpiration(token.getExpiration());

+		token.getJwt().getClaims().setNonce(UUID.randomUUID().toString()); // set a random NONCE in the middle of it
+		
+		if (token.getRefreshToken() != null) {
+			token.getRefreshToken().getJwt().getClaims().setNonce(UUID.randomUUID().toString()); // set a random nonce in the middle of it
+		}
+		
 		//TODO: check for client's preferred signer alg and use that
 		try {
 	        jwtService.signJwt(token.getJwt());