diff --git a/openid-connect-server/.settings/org.eclipse.wst.common.component b/openid-connect-server/.settings/org.eclipse.wst.common.component
index f1cfea574..5b4c881f0 100644
--- a/openid-connect-server/.settings/org.eclipse.wst.common.component
+++ b/openid-connect-server/.settings/org.eclipse.wst.common.component
@@ -5,7 +5,10 @@
-
+
+ uses
+
+
uses
diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java
index 67b78bc6d..58896bd45 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java
@@ -22,6 +22,8 @@ import org.mitre.oauth2.exception.ClientNotFoundException;
import org.mitre.oauth2.service.ClientDetailsEntityService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.provider.AuthorizationRequest;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.stereotype.Controller;
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JSONUserInfoView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JSONUserInfoView.java
index 706219898..dd3fac8fa 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JSONUserInfoView.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JSONUserInfoView.java
@@ -21,6 +21,7 @@ import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import org.mitre.openid.connect.model.UserInfo;
import org.springframework.validation.BeanPropertyBindingResult;
import org.springframework.web.servlet.view.AbstractView;
@@ -28,6 +29,7 @@ import com.google.gson.ExclusionStrategy;
import com.google.gson.FieldAttributes;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
+import com.google.gson.JsonObject;
public class JSONUserInfoView extends AbstractView{
@@ -37,6 +39,8 @@ public class JSONUserInfoView extends AbstractView{
protected void renderMergedOutputModel(Map model,
HttpServletRequest request, HttpServletResponse response)
throws Exception {
+
+ UserInfo userInfo = (UserInfo) model.get("userInfo");
Gson gson = new GsonBuilder()
.setExclusionStrategies(new ExclusionStrategy() {
@@ -57,15 +61,43 @@ public class JSONUserInfoView extends AbstractView{
}).create();
response.setContentType("application/json");
-
Writer out = response.getWriter();
+ gson.toJson(toJson(userInfo),out);
+ }
+
+ private JsonObject toJson(UserInfo ui) {
+ JsonObject obj = new JsonObject();
- Object obj = model.get("entity");
- if (obj == null) {
- obj = model;
- }
+ obj.addProperty("user_id", ui.getUserId());
+ obj.addProperty("name", ui.getName());
+ obj.addProperty("given_name", ui.getGivenName());
+ obj.addProperty("family_name", ui.getFamilyName());
+ obj.addProperty("middle_name", ui.getMiddleName());
+ obj.addProperty("nickname", ui.getNickname());
+ obj.addProperty("profile", ui.getProfile());
+ obj.addProperty("picture", ui.getPicture());
+ obj.addProperty("email", ui.getEmail());
+ obj.addProperty("website", ui.getWebsite());
+ obj.addProperty("verified", ui.getVerified());
+ obj.addProperty("gender", ui.getGender());
+ obj.addProperty("zone_info", ui.getZoneinfo());
+ obj.addProperty("locale", ui.getLocale());
+ obj.addProperty("phone_number", ui.getPhoneNumber());
+ obj.addProperty("updated_time", ui.getUpdatedTime());
- gson.toJson(obj, out);
+ if (ui.getAddress() != null) {
+ JsonObject addr = new JsonObject();
+ addr.addProperty("formatted", ui.getAddress().getFormatted());
+ addr.addProperty("street_address", ui.getAddress().getStreetAddress());
+ addr.addProperty("locality", ui.getAddress().getLocality());
+ addr.addProperty("region", ui.getAddress().getRegion());
+ addr.addProperty("postal_code", ui.getAddress().getPostalCode());
+ addr.addProperty("country", ui.getAddress().getCountry());
+
+ obj.add("address", addr);
+ }
+
+ return obj;
}
}
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/CheckIDEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/CheckIDEndpoint.java
index 9eb468bbc..a0e57814d 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/CheckIDEndpoint.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/CheckIDEndpoint.java
@@ -25,6 +25,9 @@ import org.mitre.openid.connect.exception.InvalidJwtSignatureException;
import org.mitre.openid.connect.model.IdToken;
import org.mitre.util.Utility;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
@@ -39,9 +42,12 @@ public class CheckIDEndpoint {
@Autowired
private ConfigurationPropertiesBean configBean;
+ @PreAuthorize("hasRole('ROLE_USER')")
@RequestMapping("/checkid")
public ModelAndView checkID(@RequestParam("access_token") String tokenString, ModelAndView mav, HttpServletRequest request) {
+ Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+
if (!jwtSignerService.validateSignature(tokenString)) {
// can't validate
throw new InvalidJwtSignatureException(); // TODO: attach a view to this exception
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java
index 11768c37c..46bb933d2 100644
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java
@@ -15,12 +15,15 @@
******************************************************************************/
package org.mitre.openid.connect.web;
+import java.security.Principal;
+
import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
import org.mitre.oauth2.service.OAuth2TokenEntityService;
import org.mitre.openid.connect.model.UserInfo;
import org.mitre.openid.connect.service.UserInfoService;
import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
@@ -42,6 +45,12 @@ public class UserInfoEndpoint {
@Autowired
UserInfoService userInfoService;
+ // Valid schemas and associated views
+ private static final String openIdSchema = "openId";
+ private static final String pocoSchema = "poco";
+ private static final String jsonUserInfoViewName = "jsonUserInfoView";
+ private static final String pocoUserInfoViewName = "pocoUserInfoView";
+
/**
* Get information about the user as specified in the accessToken->idToken included in this request
*
@@ -51,34 +60,29 @@ public class UserInfoEndpoint {
* @return JSON or JWT response containing UserInfo data
*/
@RequestMapping(value="/userinfo", method= {RequestMethod.GET, RequestMethod.POST})
- public ModelAndView getInfo(@RequestParam("access_token") String accessToken, @RequestParam("schema") String schema, ModelAndView mav) {
+ public ModelAndView getInfo(Principal p, @RequestParam("schema") String schema, ModelAndView mav) {
+
- //This will throw the proper error if the token cannot be found
- OAuth2AccessTokenEntity token = tokenService.getAccessToken(accessToken);
-
- if (schema != "openid") {
- //openid is the ONLY defined schema and is a required parameter
- //Will we be defining other schemas?
- //if schema is unrecognized, throw an error?
-
+ if (p == null) {
+ throw new UsernameNotFoundException("Invalid User");
}
- String userId = token.getIdToken().getTokenClaims().getUserId();
+ String viewName = null;
+ if (schema.equalsIgnoreCase( openIdSchema )){
+ viewName = jsonUserInfoViewName;
+ } else if (schema.equalsIgnoreCase( pocoSchema )) {
+ viewName = pocoUserInfoViewName;
+ } else {
+ //TODO: Create an Error class *UnknownSchema*
+ }
+
+ String userId = p.getName();
UserInfo userInfo = userInfoService.getByUserId(userId);
- ClientDetailsEntity client = token.getClient();
+ return new ModelAndView(viewName, "userInfo", userInfo);
- //if client wants plain JSON, give it JSON; if it wants a JWT, give it a JWT
-
- //If returning JSON
- return new ModelAndView("jsonUserInfoView", "userInfo", userInfo);
-
- // If returning JWT
- //Jwt jwt = new Jwt(new JwtHeader(), new JwtClaims(userInfo.toJson()), null);
- //sign jwt according to client's userinfo_signed_response_algs parameter
- //mav.addObject(jwt);
- //return mav;
+
}
}
diff --git a/openid-connect-server/src/main/webapp/WEB-INF/spring-servlet.xml b/openid-connect-server/src/main/webapp/WEB-INF/spring-servlet.xml
index fa62241f8..49733578c 100644
--- a/openid-connect-server/src/main/webapp/WEB-INF/spring-servlet.xml
+++ b/openid-connect-server/src/main/webapp/WEB-INF/spring-servlet.xml
@@ -30,6 +30,9 @@
+
+
+
@@ -75,7 +78,7 @@
-
+
diff --git a/openid-connect-server/src/main/webapp/WEB-INF/user-context.xml b/openid-connect-server/src/main/webapp/WEB-INF/user-context.xml
index e899c4986..7f5ed2457 100644
--- a/openid-connect-server/src/main/webapp/WEB-INF/user-context.xml
+++ b/openid-connect-server/src/main/webapp/WEB-INF/user-context.xml
@@ -32,6 +32,7 @@
+