github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Fixed bug in nonce processing

pull/263/merge
Amanda Anganes 2013-01-29 13:07:09 -05:00
parent 3db74100a4
commit 2e2c0e8e6c
1 changed files with 12 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectAuthorizationRequestManager.java
View File

@ -15,6 +15,8 @@ import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean; import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.oauth2.common.exceptions.InvalidClientException; import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
import org.springframework.security.oauth2.common.exceptions.InvalidScopeException; import org.springframework.security.oauth2.common.exceptions.InvalidScopeException;
import org.springframework.security.oauth2.common.util.OAuth2Utils; import org.springframework.security.oauth2.common.util.OAuth2Utils;
@ -76,14 +78,19 @@ public class ConnectAuthorizationRequestManager implements AuthorizationRequestM
String requestNonce = parameters.get("nonce"); String requestNonce = parameters.get("nonce");
//If a nonce was included in the request, process it //Only process if the user is authenticated. If the user is not authenticated yet, this
if (requestNonce != null) { //code will be called a second time once the user is redirected from the login page back
//to the auth endpoint.
Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
if (requestNonce != null && principal != null && principal instanceof User) {
//Check request nonce for reuse //Check request nonce for reuse
Collection<Nonce> clientNonces = nonceService.getByClientId(client.getClientId()); Collection<Nonce> clientNonces = nonceService.getByClientId(client.getClientId());
for (Nonce nonce : clientNonces) { for (Nonce nonce : clientNonces) {
if (nonce.getValue().equals(requestNonce)) { String nonceVal = nonce.getValue();
//throw new NonceReuseException(client.getClientId(), nonce); if (nonceVal.equals(requestNonce)) {
throw new NonceReuseException(client.getClientId(), nonce);
} }
} }
@ -98,6 +105,7 @@ public class ConnectAuthorizationRequestManager implements AuthorizationRequestM
nonce.setExpireDate(expirationJdkDate); nonce.setExpireDate(expirationJdkDate);
nonceService.save(nonce); nonceService.save(nonce);
} }
Set<String> scopes = OAuth2Utils.parseParameterList(parameters.get("scope")); Set<String> scopes = OAuth2Utils.parseParameterList(parameters.get("scope"));