cleaning up introspection endpoint

pull/124/merge
Justin Richer 13 years ago
parent e7449901a6
commit 40f39a18e0

@ -136,11 +136,6 @@ public class IdTokenClaims extends JwtClaims {
}
}
//
// FIXME:
// This doesn't handle loading JsonNull values from the claims set, and this is endemic to the whole claims structure!!!!
//
/**
* Load this IdToken from a JSON Object
*/

@ -15,9 +15,13 @@
******************************************************************************/
package org.mitre.oauth2.web;
import java.security.Principal;
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
import org.mitre.oauth2.service.OAuth2TokenEntityService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
@ -37,20 +41,29 @@ public class IntrospectionEndpoint {
this.tokenServices = tokenServices;
}
// TODO
@RequestMapping("/oauth/verify")
public ModelAndView verify(@RequestParam("token") String tokenValue,
ModelAndView modelAndView) {
OAuth2AccessTokenEntity token = tokenServices.readAccessToken(tokenValue);
public ModelAndView verify(Principal p, ModelAndView modelAndView) {
if (token == null) {
// if it's not a valid token, we'll print a 404
// assume the token's not valid until proven otherwise
modelAndView.setViewName("tokenNotFound");
} else {
if (p != null && p instanceof OAuth2Authentication) {
OAuth2Authentication auth = (OAuth2Authentication)p;
if (auth.getDetails() != null && auth.getDetails() instanceof OAuth2AuthenticationDetails) {
OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails)auth.getDetails();
String tokenValue = details.getTokenValue();
OAuth2AccessTokenEntity token = tokenServices.readAccessToken(tokenValue);
if (token != null) {
// if it's a valid token, we'll print out the scope and expiration
modelAndView.setViewName("tokenIntrospection");
modelAndView.addObject("entity", token);
}
}
}
return modelAndView;
}

Loading…
Cancel
Save