Merge remote branch 'origin/master'

openid-connect-server/.settings/org.eclipse.wst.common.component

@@ -5,7 +5,10 @@
         <wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/resources"/>
         <wb-resource deploy-path="/" source-path="/target/m2e-wtp/web-resources"/>
         <wb-resource deploy-path="/" source-path="/src/main/webapp" tag="defaultRootSource"/>
-        <dependent-module archiveName="openid-connect-common-0.1-SNAPSHOT.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/openid-connect-common/openid-connect-common">
+        <dependent-module archiveName="spring-security-oauth2-1.0.0.BUILD-SNAPSHOT.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/spring-security-oauth2-MITRE/spring-security-oauth2-MITRE">
+            <dependency-type>uses</dependency-type>
+        </dependent-module>
+        <dependent-module archiveName="openid-connect-common-0.1-SNAPSHOT.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/openid-connect-common-MITRE/openid-connect-common-MITRE">
             <dependency-type>uses</dependency-type>
         </dependent-module>
         <property name="java-output-path" value="/openid/target/classes"/>

openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java

@@ -22,6 +22,8 @@ import org.mitre.oauth2.exception.ClientNotFoundException;
 import org.mitre.oauth2.service.ClientDetailsEntityService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.oauth2.provider.AuthorizationRequest;
 import org.springframework.security.oauth2.provider.ClientDetails;
 import org.springframework.stereotype.Controller;

openid-connect-server/src/main/java/org/mitre/openid/connect/view/JSONUserInfoView.java

@@ -21,6 +21,7 @@ import java.util.Map;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.mitre.openid.connect.model.UserInfo;
 import org.springframework.validation.BeanPropertyBindingResult;
 import org.springframework.web.servlet.view.AbstractView;
 
@@ -28,6 +29,7 @@ import com.google.gson.ExclusionStrategy;
 import com.google.gson.FieldAttributes;
 import com.google.gson.Gson;
 import com.google.gson.GsonBuilder;
+import com.google.gson.JsonObject;
 
 public class JSONUserInfoView extends AbstractView{
 	
@@ -38,6 +40,8 @@ public class JSONUserInfoView extends AbstractView{
 			HttpServletRequest request, HttpServletResponse response)
 			throws Exception {
 		
+		UserInfo userInfo = (UserInfo) model.get("userInfo");
+
 		Gson gson = new GsonBuilder()
 			.setExclusionStrategies(new ExclusionStrategy() {
 				
@@ -57,15 +61,43 @@ public class JSONUserInfoView extends AbstractView{
 			}).create();
 
 		response.setContentType("application/json");
-		
 		Writer out = response.getWriter();
+		gson.toJson(toJson(userInfo),out);
+	}
 	
-		Object obj = model.get("entity");
+	private JsonObject toJson(UserInfo ui) {
-		if (obj == null) {
+		JsonObject obj = new JsonObject();
-			obj = model;
+		
+		obj.addProperty("user_id", ui.getUserId());
+		obj.addProperty("name", ui.getName());
+		obj.addProperty("given_name", ui.getGivenName());
+		obj.addProperty("family_name", ui.getFamilyName());
+		obj.addProperty("middle_name", ui.getMiddleName());
+		obj.addProperty("nickname", ui.getNickname());
+		obj.addProperty("profile", ui.getProfile());
+		obj.addProperty("picture", ui.getPicture());
+		obj.addProperty("email", ui.getEmail());
+		obj.addProperty("website", ui.getWebsite());
+		obj.addProperty("verified", ui.getVerified());
+		obj.addProperty("gender", ui.getGender());
+		obj.addProperty("zone_info", ui.getZoneinfo());
+		obj.addProperty("locale", ui.getLocale());
+		obj.addProperty("phone_number", ui.getPhoneNumber());
+		obj.addProperty("updated_time", ui.getUpdatedTime());
+		
+		if (ui.getAddress() != null) {
+			JsonObject addr = new JsonObject();
+			addr.addProperty("formatted", ui.getAddress().getFormatted());
+			addr.addProperty("street_address", ui.getAddress().getStreetAddress());
+			addr.addProperty("locality", ui.getAddress().getLocality());
+			addr.addProperty("region", ui.getAddress().getRegion());
+			addr.addProperty("postal_code", ui.getAddress().getPostalCode());
+			addr.addProperty("country", ui.getAddress().getCountry());
+		
+			obj.add("address", addr);
 		}	
 		
-		gson.toJson(obj, out);
+		return obj;
 	}
 
 }

openid-connect-server/src/main/java/org/mitre/openid/connect/web/CheckIDEndpoint.java

@@ -25,6 +25,9 @@ import org.mitre.openid.connect.exception.InvalidJwtSignatureException;
 import org.mitre.openid.connect.model.IdToken;
 import org.mitre.util.Utility;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.access.prepost.PreAuthorize;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
@@ -39,9 +42,12 @@ public class CheckIDEndpoint {
 	@Autowired
 	private ConfigurationPropertiesBean configBean;
 	
+	@PreAuthorize("hasRole('ROLE_USER')")
 	@RequestMapping("/checkid")
 	public ModelAndView checkID(@RequestParam("access_token") String tokenString, ModelAndView mav, HttpServletRequest request) {
 		
+		Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+		
 		if (!jwtSignerService.validateSignature(tokenString)) {
 			// can't validate 
 			throw new InvalidJwtSignatureException(); // TODO: attach a view to this exception

openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java

@@ -15,12 +15,15 @@
  ******************************************************************************/
 package org.mitre.openid.connect.web;
 
+import java.security.Principal;
+
 import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
 import org.mitre.oauth2.service.OAuth2TokenEntityService;
 import org.mitre.openid.connect.model.UserInfo;
 import org.mitre.openid.connect.service.UserInfoService;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.userdetails.UsernameNotFoundException;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -42,6 +45,12 @@ public class UserInfoEndpoint {
 	@Autowired
 	UserInfoService userInfoService;
 	
+	// Valid schemas and associated views
+	private static final String openIdSchema = "openId";
+	private static final String pocoSchema = "poco";
+	private static final String jsonUserInfoViewName = "jsonUserInfoView";
+	private static final String pocoUserInfoViewName = "pocoUserInfoView";
+	
 	/**
 	 * Get information about the user as specified in the accessToken->idToken included in this request
 	 * 
@@ -51,34 +60,29 @@ public class UserInfoEndpoint {
 	 * @return				JSON or JWT response containing UserInfo data
 	 */
 	@RequestMapping(value="/userinfo", method= {RequestMethod.GET, RequestMethod.POST})
-	public ModelAndView getInfo(@RequestParam("access_token") String accessToken, @RequestParam("schema") String schema, ModelAndView mav) {
+	public ModelAndView getInfo(Principal p, @RequestParam("schema") String schema, ModelAndView mav) {
 
-		//This will throw the proper error if the token cannot be found
-		OAuth2AccessTokenEntity token = tokenService.getAccessToken(accessToken);
-		
-		if (schema != "openid") {
-			//openid is the ONLY defined schema and is a required parameter
-			//Will we be defining other schemas?
-			//if schema is unrecognized, throw an error?
 		
+		if (p == null) {
+			throw new UsernameNotFoundException("Invalid User"); 
 		}
 		
-		String userId = token.getIdToken().getTokenClaims().getUserId();
+		String viewName = null;
+		if (schema.equalsIgnoreCase( openIdSchema )){
+			viewName = jsonUserInfoViewName;
+		} else if (schema.equalsIgnoreCase( pocoSchema )) {
+			viewName = pocoUserInfoViewName;
+		} else {
+			//TODO: Create an Error class *UnknownSchema*
+		}
+		
+		String userId = p.getName(); 
 		
 		UserInfo userInfo = userInfoService.getByUserId(userId);
 		
-		ClientDetailsEntity client = token.getClient();
+		return new ModelAndView(viewName, "userInfo", userInfo);
 		
-		//if client wants plain JSON, give it JSON; if it wants a JWT, give it a JWT
 
-		//If returning JSON
-		return new ModelAndView("jsonUserInfoView", "userInfo", userInfo);
-		
-		// If returning JWT
-		//Jwt jwt = new Jwt(new JwtHeader(), new JwtClaims(userInfo.toJson()), null);
-		//sign jwt according to client's userinfo_signed_response_algs parameter
-		//mav.addObject(jwt);
-		//return mav;
 	}
 	
 }

openid-connect-server/src/main/webapp/WEB-INF/spring-servlet.xml

@@ -30,6 +30,9 @@
 	<import resource="data-context.xml" />	
 
     <!-- Spring Security configuration -->
+    
+    <oauth:resource-server id="resourceServerFilter" token-services-ref="defaultOAuth2ProviderTokenService" />
+    
 	<security:http pattern="/oauth/token" create-session="stateless" authentication-manager-ref="clientAuthenticationManager" 
 		entry-point-ref="oauthAuthenticationEntryPoint">
 		<security:intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />

openid-connect-server/src/main/webapp/WEB-INF/user-context.xml

@@ -32,6 +32,7 @@
 	<security:http auto-config="true" disable-url-rewriting="true"> <!-- authentication-manager-ref="springSecurityAuthenticationManager" -->
 		<security:intercept-url pattern="/oauth/**" access="ROLE_USER" />
 		<security:intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
+		<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
 		<security:anonymous />
 	</security:http>