Added back discovery endpoint, but renamed to not say SWD

2013-04-11 10:27:31 -04:00 · 2013-04-11 10:27:31 -04:00 · 34b243e0e1
parent ac2993c402
commit 34b243e0e1
3 changed files with 298 additions and 0 deletions
--- a/openid-connect-server/src/main/java/org/mitre/discovery/view/JsonOpenIdConfigurationView.java
+++ b/openid-connect-server/src/main/java/org/mitre/discovery/view/JsonOpenIdConfigurationView.java
@ -0,0 +1,85 @@
+/*******************************************************************************
+ * Copyright 2012 The MITRE Corporation
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ ******************************************************************************/
+package org.mitre.discovery.view;
+
+import java.io.IOException;
+import java.io.Writer;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Component;
+import org.springframework.validation.BeanPropertyBindingResult;
+import org.springframework.web.servlet.view.AbstractView;
+
+import com.google.gson.ExclusionStrategy;
+import com.google.gson.FieldAttributes;
+import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;
+
+@Component("jsonOpenIdConfigurationView")
+public class JsonOpenIdConfigurationView extends AbstractView {
+
+	private static Logger logger = LoggerFactory.getLogger(JsonOpenIdConfigurationView.class);
+	
+	@Override
+	protected void renderMergedOutputModel(Map<String, Object> model, HttpServletRequest request, HttpServletResponse response) {
+		Gson gson = new GsonBuilder().setExclusionStrategies(new ExclusionStrategy() {
+
+			@Override
+			public boolean shouldSkipField(FieldAttributes f) {
+				return false;
+			}
+
+			@Override
+			public boolean shouldSkipClass(Class<?> clazz) {
+				// skip the JPA binding wrapper
+				if (clazz.equals(BeanPropertyBindingResult.class)) {
+					return true;
+				} else {
+					return false;
+				}
+			}
+
+		})
+		.create();
+
+		response.setContentType("application/json");
+
+		Object obj = model.get("entity");
+		if (obj == null) {
+			obj = model;
+		}
+		
+		Writer out;
+		
+		try {
+			
+			out = response.getWriter();
+			gson.toJson(obj, out);
+		
+		} catch (IOException e) {
+		
+			logger.error("IOException in JsonOpenIdConfigurationView.java: ", e);
+			
+		}
+
+	}
+
+}
--- a/openid-connect-server/src/main/java/org/mitre/discovery/view/XrdJsonResponse.java
+++ b/openid-connect-server/src/main/java/org/mitre/discovery/view/XrdJsonResponse.java
@ -0,0 +1,105 @@
+/*******************************************************************************
+ * Copyright 2012 The MITRE Corporation
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ ******************************************************************************/
+/**
+ * 
+ */
+package org.mitre.discovery.view;
+
+import java.io.IOException;
+import java.io.Writer;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Component;
+import org.springframework.validation.BeanPropertyBindingResult;
+import org.springframework.web.servlet.view.AbstractView;
+
+import com.google.gson.ExclusionStrategy;
+import com.google.gson.FieldAttributes;
+import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;
+import com.google.gson.JsonArray;
+import com.google.gson.JsonObject;
+
+/**
+ * @author jricher
+ *
+ */
+@Component("jsonXrdResponseView")
+public class XrdJsonResponse extends AbstractView {
+	
+	private static Logger logger = LoggerFactory.getLogger(XrdJsonResponse.class);
+
+	/* (non-Javadoc)
+	 * @see org.springframework.web.servlet.view.AbstractView#renderMergedOutputModel(java.util.Map, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+	 */
+	@Override
+	protected void renderMergedOutputModel(Map<String, Object> model, HttpServletRequest request, HttpServletResponse response) {
+		Gson gson = new GsonBuilder().setExclusionStrategies(new ExclusionStrategy() {
+
+			@Override
+			public boolean shouldSkipField(FieldAttributes f) {
+				return false;
+			}
+
+			@Override
+			public boolean shouldSkipClass(Class<?> clazz) {
+				// skip the JPA binding wrapper
+				if (clazz.equals(BeanPropertyBindingResult.class)) {
+					return true;
+				} else {
+					return false;
+				}
+			}
+
+		})
+		.create();
+
+		response.setContentType("application/json");
+
+		Map<String, String> links = (Map<String, String>) model.get("links");
+
+		JsonObject obj = new JsonObject();
+		JsonArray linksList = new JsonArray();
+		obj.add("links", linksList);
+		
+		// map of "rel" -> "link" values
+		for (Map.Entry<String, String> link : links.entrySet()) {
+	        JsonObject l = new JsonObject();
+	        l.addProperty("rel", link.getKey());
+	        l.addProperty("link", link.getValue());
+	        
+	        linksList.add(l);
+        }
+		
+		Writer out;
+		
+        try {
+        	
+	        out = response.getWriter();
+	        gson.toJson(obj, out);
+	        
+        } catch (IOException e) {
+	        
+        	logger.error("IOException in XrdJsonResponse.java: ", e);
+        	
+        }		
+	}
+}
--- a/openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java
+++ b/openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java
@ -0,0 +1,108 @@
+/*******************************************************************************
+ * Copyright 2012 The MITRE Corporation
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ ******************************************************************************/
+package org.mitre.discovery.web;
+
+import java.security.Principal;
+import java.util.HashMap;
+import java.util.Map;
+
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.servlet.ModelAndView;
+import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
+
+import com.google.common.collect.Lists;
+
+@Controller
+public class DiscoveryEndpoint {
+
+	@Autowired
+	ConfigurationPropertiesBean config;	
+	
+	@RequestMapping(value={"/.well-known/host-meta", "/.well-known/host-meta.json"},
+			params={"resource", "rel=http://openid.net/specs/connect/1.0/issuer"}, produces = "application/json")
+	public ModelAndView xrdDiscovery(@RequestParam("resource") String resource, ModelAndView modelAndView) {
+		
+		Map<String, String> relMap = new HashMap<String, String>();
+		relMap.put("http://openid.net/specs/connect/1.0/issuer", config.getIssuer());
+		
+		modelAndView.getModel().put("links", relMap);
+		
+		modelAndView.setViewName("jsonXrdResponseView");
+		
+		return modelAndView;
+	}
+
+	@RequestMapping("/.well-known/openid-configuration")
+	public ModelAndView providerConfiguration(ModelAndView modelAndView, Principal p) {
+
+		/*	
+		 *
+		 	version 	string 	Version of the provider response. "3.0" is the default.
+			issuer 	string 	The https: URL with no query or fragment component that the OP asserts as its Issuer Identifier
+			authorization_endpoint 	string 	URL of the OP's Authentication and Authorization Endpoint [OpenID.Messages]
+			token_endpoint 	string 	URL of the OP's OAuth 2.0 Token Endpoint [OpenID.Messages]
+			userinfo_endpoint 	string 	URL of the OP's UserInfo Endpoint [OpenID.Messages]
+			refresh_session_endpoint 	string 	URL of the OP's Refresh Session Endpoint [OpenID.Session]
+			end_session_endpoint 	string 	URL of the OP's End Session Endpoint [OpenID.Session]
+			jwk_url 	string 	URL of the OP's JSON Web Key [JWK] document. Server's signing Key
+			jwk_encryption_url 	string 	URL of the OP's JSON Web Key [JWK] document. Server's Encryption Key, if not present, its value is the same as the URL provided by jwk_url
+			x509_url 	string 	URL of the OP's X.509 certificates in PEM format.
+			x509_encryption_url 	string 	URL of the OP's X.509 certificates in PEM format. Server's Encryption Key, if not present its value is the same as the URL provided by x509_url
+			registration_endpoint 	string 	URL of the OP's Dynamic Client Registration Endpoint [OpenID.Registration]
+			scopes_supported 	array 	A JSON array containing a list of the OAuth 2.0 [OAuth2.0] scope values that this server supports. The server MUST support the openid scope value.
+			response_types_supported 	array 	A JSON array containing a list of the OAuth 2.0 response_type that this server supports. The server MUST support the code, id_token, and the token id_token response_type.
+			acrs_supported 	array 	A JSON array containing a list of the Authentication Context Class References that this server supports.
+			subject_types_supported 	array 	A JSON array containing a list of the user identifier types that this server supports. Valid types include pairwise and public.
+			userinfo_algs_supported 	array 	A JSON array containing a list of the JWS [JWS] and JWE [JWE] signing and encryption algorithms [JWA] supported by the UserInfo Endpoint to encode the JWT [JWT].
+			id_token_algs_supported 	array 	A JSON array containing a list of the JWS and JWE signing and encryption algorithms [JWA] supported by the Authorization Server for the ID Token to encode the JWT [JWT].
+			request_object_algs_supported 	array 	A JSON array containing a list of the JWS and JWE signing and encryption algorithms [JWA] supported by the Authorization Server for the OpenID Request Object described in Section 2.1.2.1 of OpenID Connect Messages [OpenID.Messages] to encode the JWT [JWT]. Servers SHOULD support RS256.
+			token_endpoint_auth_methods_supported 	array 	A JSON array containing a list of authentication types supported by this Token Endpoint. The options are client_secret_post, client_secret_basic, client_secret_jwt, and private_key_jwt, as described in Section 2.2.1 of OpenID Connect Messages 1.0 [OpenID.Messages]. Other Authentication types may be defined by extension. If unspecified or omitted, the default is client_secret_basic HTTP Basic Authentication Scheme as specified in Section 2.3.1 of OAuth 2.0 [OAuth2.0].
+			token_endpoint_auth_algs_supported 	array 	A JSON array containing a list of the JWS signing algorithms [JWA] supported by the Token Endpoint for the private_key_jwt method to encode the JWT [JWT]. Servers SHOULD support RS256.
+		 *
+		 */
+		String baseUrl = config.getIssuer();
+		
+		if (!baseUrl.endsWith("/")) {
+			baseUrl = baseUrl.concat("/");
+		}
+
+		Map<String, Object> m = new HashMap<String, Object>();
+		m.put("version", "3.0");
+		m.put("issuer", config.getIssuer());
+		m.put("authorization_endpoint", baseUrl + "authorize");
+		m.put("token_endpoint", baseUrl + "token");
+		m.put("userinfo_endpoint", baseUrl + "userinfo");
+		//m.put("refresh_session_endpoint", baseUrl + "/refresh_session");
+		//m.put("end_session_endpoint", baseUrl + "/end_session");
+		m.put("jwk_url", baseUrl + "jwk");
+		m.put("x509_url", baseUrl + "x509");
+		m.put("registration_endpoint", baseUrl + "register");
+		m.put("scopes_supported", Lists.newArrayList("openid", "email", "profile", "address", "phone"));
+		m.put("response_types_supported", Lists.newArrayList("code"));
+		m.put("token_endpoint_auth_methods_supported", Lists.newArrayList("client_secret_post", "client_secret_basic", "private_key_jwt", "none"));
+		
+		modelAndView.getModel().put("entity", m);
+		// TODO: everything in the list up there
+		
+		modelAndView.setViewName("jsonOpenIdConfigurationView");
+		
+		return modelAndView;
+	}
+	
+}