github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

updated mimicked methods to not use jwt, but rather a jwt in an auth request

pull/166/merge
Mike Derryberry 2012-07-31 14:04:37 -04:00 committed by Justin Richer
parent 1a20dcbc6e
commit 3486ea28f1
1 changed files with 53 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

84
openid-connect-server/src/main/java/org/mitre/openid/connect/server/AuthorizationEndpointRequestObject.java
View File

@ -68,11 +68,13 @@ public class AuthorizationEndpointRequestObject extends AbstractEndpoint impleme
// Manually initialize auth request instead of using @ModelAttribute // Manually initialize auth request instead of using @ModelAttribute
// to make sure it comes from request instead of the session // to make sure it comes from request instead of the session
Map<String, String> jwtRequest = new HashMap<String, String>(); Map<String, String> jwtParameters = new HashMap<String, String>();
jwtRequest.put("jwt", jwtString); jwtParameters.put("client_id", claims.getClaimAsString("client_id"));
jwtParameters.put("redirect_uri", claims.getClaimAsString("redirect_uri"));
jwtParameters.put("scope", claims.getClaimAsString("scope"));
AuthorizationRequest authorizationRequest = new AuthorizationRequest(jwtRequest); AuthorizationRequest authorizationRequest = new AuthorizationRequest(jwtParameters);
if (claims.getClaim("client_id") == null) { if (claims.getClaim("client_id") == null) {
sessionStatus.setComplete(); sessionStatus.setComplete();
@ -120,10 +122,7 @@ public class AuthorizationEndpointRequestObject extends AbstractEndpoint impleme
public View approveOrDeny(@RequestParam Map<String, String> approvalParameters, public View approveOrDeny(@RequestParam Map<String, String> approvalParameters,
@ModelAttribute AuthorizationRequest authorizationRequest, SessionStatus sessionStatus, Principal principal) { @ModelAttribute AuthorizationRequest authorizationRequest, SessionStatus sessionStatus, Principal principal) {
String jwtString = authorizationRequest.getApprovalParameters().get("jwt"); if (authorizationRequest.getClientId() == null) {
Jwt jwt = Jwt.parse(jwtString);
if (jwt.getClaims().getClaim("client_id").toString() == null) {
sessionStatus.setComplete(); sessionStatus.setComplete();
throw new InvalidClientException("A client_id must be supplied."); throw new InvalidClientException("A client_id must be supplied.");
} }
@ -158,15 +157,16 @@ public class AuthorizationEndpointRequestObject extends AbstractEndpoint impleme
} }
//change to use jwt rather than authRequest //
// TODO: Remove when possible
// COPIED FROM SECOAUTH AuthorizationEndpoint
//
private AuthorizationRequest resolveRedirectUriAndCheckApproval(AuthorizationRequest authorizationRequest, private AuthorizationRequest resolveRedirectUriAndCheckApproval(AuthorizationRequest authorizationRequest,
Authentication authentication) throws OAuth2Exception { Authentication authentication) throws OAuth2Exception {
String jwtString = authorizationRequest.getApprovalParameters().get("jwt"); String requestedRedirect = redirectResolver.resolveRedirect(authorizationRequest.getRedirectUri(),
Jwt jwt = Jwt.parse(jwtString); clientDetailsService.loadClientByClientId(authorizationRequest.getClientId()));
String requestedRedirect = redirectResolver.resolveRedirect(jwt.getClaims().getClaim("redirect_uri").toString(),
clientDetailsService.loadClientByClientId(jwt.getClaims().getClaim("client_id").toString()));
authorizationRequest = authorizationRequest.resolveRedirectUri(requestedRedirect); authorizationRequest = authorizationRequest.resolveRedirectUri(requestedRedirect);
boolean approved = authorizationRequest.isApproved(); boolean approved = authorizationRequest.isApproved();
@ -179,15 +179,16 @@ public class AuthorizationEndpointRequestObject extends AbstractEndpoint impleme
} }
//change to use a jwt rather than authRequest //
private ModelAndView getImplicitGrantResponse(AuthorizationRequest authorizationRequest) { // TODO: Remove when possible
// COPIED FROM SECOAUTH AuthorizationEndpoint
//
String jwtString = authorizationRequest.getApprovalParameters().get("jwt"); private ModelAndView getImplicitGrantResponse(AuthorizationRequest authorizationRequest) {
Jwt jwt = Jwt.parse(jwtString);
try { try {
OAuth2AccessToken accessToken = getTokenGranter().grant("implicit", OAuth2AccessToken accessToken = getTokenGranter().grant("implicit",
authorizationRequest.getAuthorizationParameters(), jwt.getClaims().getClaimAsString("client_id").toString(), authorizationRequest.getAuthorizationParameters(), authorizationRequest.getClientId(),
authorizationRequest.getScope()); authorizationRequest.getScope());
if (accessToken == null) { if (accessToken == null) {
throw new UnsupportedGrantTypeException("Unsupported grant type: implicit"); throw new UnsupportedGrantTypeException("Unsupported grant type: implicit");
@ -199,12 +200,14 @@ public class AuthorizationEndpointRequestObject extends AbstractEndpoint impleme
} }
} }
//
// TODO: Remove when possible
// COPIED FROM SECOAUTH AuthorizationEndpoint
//
private String appendAccessToken(AuthorizationRequest authorizationRequest, OAuth2AccessToken accessToken) { private String appendAccessToken(AuthorizationRequest authorizationRequest, OAuth2AccessToken accessToken) {
String jwtString = authorizationRequest.getApprovalParameters().get("jwt"); String requestedRedirect = authorizationRequest.getRedirectUri();
Jwt jwt = Jwt.parse(jwtString);
String requestedRedirect = jwt.getClaims().getClaim("redirect_uri").toString();
if (accessToken == null) { if (accessToken == null) {
throw new InvalidGrantException("An implicit grant could not be made"); throw new InvalidGrantException("An implicit grant could not be made");
} }
@ -237,6 +240,11 @@ public class AuthorizationEndpointRequestObject extends AbstractEndpoint impleme
return url.toString(); return url.toString();
} }
//
// TODO: Remove when possible
// COPIED FROM SECOAUTH AuthorizationEndpoint
//
private View getAuthorizationCodeResponse(AuthorizationRequest authorizationRequest, Authentication authUser) { private View getAuthorizationCodeResponse(AuthorizationRequest authorizationRequest, Authentication authUser) {
try { try {
return new RedirectView(getSuccessfulRedirect(authorizationRequest, return new RedirectView(getSuccessfulRedirect(authorizationRequest,
@ -247,6 +255,11 @@ public class AuthorizationEndpointRequestObject extends AbstractEndpoint impleme
} }
} }
//
// TODO: Remove when possible
// COPIED FROM SECOAUTH AuthorizationEndpoint
//
private String generateCode(AuthorizationRequest authorizationRequest, Authentication authentication) private String generateCode(AuthorizationRequest authorizationRequest, Authentication authentication)
throws AuthenticationException { throws AuthenticationException {
@ -270,19 +283,21 @@ public class AuthorizationEndpointRequestObject extends AbstractEndpoint impleme
} }
} }
//
// TODO: Remove when possible
// COPIED FROM SECOAUTH AuthorizationEndpoint
//
private String getUnsuccessfulRedirect(AuthorizationRequest authorizationRequest, OAuth2Exception failure, private String getUnsuccessfulRedirect(AuthorizationRequest authorizationRequest, OAuth2Exception failure,
boolean fragment) { boolean fragment) {
String jwtString = authorizationRequest.getApprovalParameters().get("jwt");
Jwt jwt = Jwt.parse(jwtString);
// TODO: allow custom failure handling? // TODO: allow custom failure handling?
if (authorizationRequest == null || jwt.getClaims().getClaim("redirect_uri").toString() == null) { if (authorizationRequest == null || authorizationRequest.getRedirectUri() == null) {
// we have no redirect for the user. very sad. // we have no redirect for the user. very sad.
throw new UnapprovedClientAuthenticationException("Authorization failure, and no redirect URI.", failure); throw new UnapprovedClientAuthenticationException("Authorization failure, and no redirect URI.", failure);
} }
String redirectUri = jwt.getClaims().getClaim("redirect_uri").toString(); String redirectUri = authorizationRequest.getRedirectUri();
// extract existing fragments if any // extract existing fragments if any
String[] fragments = redirectUri.split("#"); String[] fragments = redirectUri.split("#");
@ -325,6 +340,11 @@ public class AuthorizationEndpointRequestObject extends AbstractEndpoint impleme
} }
//
// TODO: Remove when possible
// COPIED FROM SECOAUTH AuthorizationEndpoint
//
private ModelAndView getUserApprovalPageResponse(Map<String, Object> model, private ModelAndView getUserApprovalPageResponse(Map<String, Object> model,
AuthorizationRequest authorizationRequest) { AuthorizationRequest authorizationRequest) {
logger.debug("Loading user approval page: " + userApprovalPage); logger.debug("Loading user approval page: " + userApprovalPage);
@ -333,16 +353,18 @@ public class AuthorizationEndpointRequestObject extends AbstractEndpoint impleme
return new ModelAndView(userApprovalPage, model); return new ModelAndView(userApprovalPage, model);
} }
private String getSuccessfulRedirect(AuthorizationRequest authorizationRequest, String authorizationCode) { //
// TODO: Remove when possible
// COPIED FROM SECOAUTH AuthorizationEndpoint
//
String jwtString = authorizationRequest.getApprovalParameters().get("jwt"); private String getSuccessfulRedirect(AuthorizationRequest authorizationRequest, String authorizationCode) {
Jwt jwt = Jwt.parse(jwtString);
if (authorizationCode == null) { if (authorizationCode == null) {
throw new IllegalStateException("No authorization code found in the current request scope."); throw new IllegalStateException("No authorization code found in the current request scope.");
} }
String requestedRedirect = jwt.getClaims().getClaim("redirect_uri").toString(); String requestedRedirect = authorizationRequest.getRedirectUri();
String[] fragments = requestedRedirect.split("#"); String[] fragments = requestedRedirect.split("#");
String state = authorizationRequest.getState(); String state = authorizationRequest.getState();