Removed patches to SECOAUTH and updated to current head revision. Updated code to match changes, filed issues 2-4 in github issue tracker for some cleanup still remaining. Updated OAuth2AccessTokenEntity to contain an IdToken, which is persisted as a string. NOTE: to deploy, you will need to update your database tables to include the column "idTokenString VARCHAR(256)". accesstoken.sql has been updated to reflect this.
Amanda Anganes
parent
6c1c71809d
commit
4d4def75f1
|
|
@ -470,4 +470,14 @@ public class ClientDetailsEntity implements ClientDetails {
|
|||
|
||||
}
|
||||
|
||||
/**
|
||||
* TODO: Implement
|
||||
* See github issue #3
|
||||
*/
|
||||
@Override
|
||||
public int getAccessTokenValiditySeconds() {
|
||||
// TODO Auto-generated method stub
|
||||
return 0;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -4,6 +4,7 @@
|
|||
package org.mitre.oauth2.model;
|
||||
|
||||
import java.util.Date;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
import javax.persistence.Basic;
|
||||
|
|
@ -18,11 +19,12 @@ import javax.persistence.Lob;
|
|||
import javax.persistence.ManyToOne;
|
||||
import javax.persistence.NamedQueries;
|
||||
import javax.persistence.NamedQuery;
|
||||
import javax.persistence.OneToMany;
|
||||
import javax.persistence.Table;
|
||||
import javax.persistence.Temporal;
|
||||
import javax.persistence.Transient;
|
||||
|
||||
import org.mitre.jwt.model.Jwt;
|
||||
import org.mitre.openid.connect.model.IdToken;
|
||||
import org.springframework.security.oauth2.common.OAuth2AccessToken;
|
||||
import org.springframework.security.oauth2.common.OAuth2RefreshToken;
|
||||
import org.springframework.security.oauth2.provider.OAuth2Authentication;
|
||||
|
|
@ -40,10 +42,17 @@ import org.springframework.security.oauth2.provider.OAuth2Authentication;
|
|||
})
|
||||
public class OAuth2AccessTokenEntity extends OAuth2AccessToken {
|
||||
|
||||
public static String ID_TOKEN = "id_token";
|
||||
|
||||
private ClientDetailsEntity client;
|
||||
|
||||
private OAuth2Authentication authentication; // the authentication that made this access
|
||||
|
||||
private String idTokenString;
|
||||
|
||||
//JWT-encoded representation of this access token entity
|
||||
private Jwt jwt;
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
|
|
@ -51,6 +60,18 @@ public class OAuth2AccessTokenEntity extends OAuth2AccessToken {
|
|||
super(null);
|
||||
}
|
||||
|
||||
/**
|
||||
* Override this method to insert the ID Token
|
||||
*/
|
||||
@Override
|
||||
@Transient
|
||||
public Map<String, Object> getAdditionalInformation() {
|
||||
Map<String, Object> map = super.getAdditionalInformation();
|
||||
map.put(ID_TOKEN, idTokenString);
|
||||
return map;
|
||||
}
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* @return the authentication
|
||||
|
|
@ -94,17 +115,21 @@ public class OAuth2AccessTokenEntity extends OAuth2AccessToken {
|
|||
@Id
|
||||
@Column(name="id")
|
||||
public String getValue() {
|
||||
// TODO Auto-generated method stub
|
||||
return super.getValue();
|
||||
return jwt.toString();
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.springframework.security.oauth2.common.OAuth2AccessToken#setValue(java.lang.String)
|
||||
/**
|
||||
* Set the "value" of this Access Token
|
||||
*
|
||||
* @param value
|
||||
*/
|
||||
@Override
|
||||
public void setValue(String value) {
|
||||
// TODO Auto-generated method stub
|
||||
super.setValue(value);
|
||||
try {
|
||||
Jwt valueJwt = Jwt.parse(value);
|
||||
setJwt(valueJwt);
|
||||
} catch (IllegalArgumentException e) {
|
||||
//TODO: What to do in this case?
|
||||
}
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
|
|
@ -207,4 +232,52 @@ public class OAuth2AccessTokenEntity extends OAuth2AccessToken {
|
|||
}
|
||||
|
||||
|
||||
/**
|
||||
* This is transient b/c the IdToken is not serializable. Instead,
|
||||
* the toString of the IdToken is persisted in idTokenString
|
||||
* @return the idToken
|
||||
*/
|
||||
@Transient
|
||||
public IdToken getIdToken() {
|
||||
return IdToken.parse(idTokenString);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @param idToken the idToken to set
|
||||
*/
|
||||
public void setIdToken(IdToken idToken) {
|
||||
this.idTokenString = idToken.toString();
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the idTokenString
|
||||
*/
|
||||
@Basic
|
||||
public String getIdTokenString() {
|
||||
return idTokenString;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param idTokenString the idTokenString to set
|
||||
*/
|
||||
public void setIdTokenString(String idTokenString) {
|
||||
this.idTokenString = idTokenString;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the jwt
|
||||
*/
|
||||
@Transient
|
||||
public Jwt getJwt() {
|
||||
return jwt;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @param jwt the jwt to set
|
||||
*/
|
||||
public void setJwt(Jwt jwt) {
|
||||
this.jwt = jwt;
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -21,6 +21,7 @@ import javax.persistence.Table;
|
|||
import javax.persistence.Temporal;
|
||||
import javax.persistence.Transient;
|
||||
|
||||
import org.mitre.jwt.model.Jwt;
|
||||
import org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken;
|
||||
|
||||
/**
|
||||
|
|
@ -37,6 +38,9 @@ public class OAuth2RefreshTokenEntity extends ExpiringOAuth2RefreshToken {
|
|||
|
||||
private ClientDetailsEntity client;
|
||||
|
||||
//JWT-encoded representation of this access token entity
|
||||
private Jwt jwt;
|
||||
|
||||
private Set<String> scope; // we save the scope issued to the refresh token so that we can reissue a new access token
|
||||
|
||||
/**
|
||||
|
|
@ -44,6 +48,7 @@ public class OAuth2RefreshTokenEntity extends ExpiringOAuth2RefreshToken {
|
|||
*/
|
||||
public OAuth2RefreshTokenEntity() {
|
||||
// TODO Auto-generated constructor stub
|
||||
super(null, null);
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
|
|
@ -54,16 +59,15 @@ public class OAuth2RefreshTokenEntity extends ExpiringOAuth2RefreshToken {
|
|||
@Column(name="id")
|
||||
public String getValue() {
|
||||
// TODO Auto-generated method stub
|
||||
return super.getValue();
|
||||
return jwt.toString();
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
* @see org.springframework.security.oauth2.common.OAuth2RefreshToken#setValue(java.lang.String)
|
||||
*/
|
||||
@Override
|
||||
public void setValue(String value) {
|
||||
// TODO Auto-generated method stub
|
||||
super.setValue(value);
|
||||
setJwt(Jwt.parse(value));
|
||||
}
|
||||
|
||||
/* (non-Javadoc)
|
||||
|
|
@ -80,10 +84,10 @@ public class OAuth2RefreshTokenEntity extends ExpiringOAuth2RefreshToken {
|
|||
/* (non-Javadoc)
|
||||
* @see org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken#setExpiration(java.util.Date)
|
||||
*/
|
||||
@Override
|
||||
|
||||
public void setExpiration(Date expiration) {
|
||||
// TODO Auto-generated method stub
|
||||
super.setExpiration(expiration);
|
||||
//super.setExpiration(expiration);
|
||||
}
|
||||
|
||||
/**
|
||||
|
|
@ -131,6 +135,19 @@ public class OAuth2RefreshTokenEntity extends ExpiringOAuth2RefreshToken {
|
|||
this.scope = scope;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @return the jwt
|
||||
*/
|
||||
@Transient
|
||||
public Jwt getJwt() {
|
||||
return jwt;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param jwt the jwt to set
|
||||
*/
|
||||
public void setJwt(Jwt jwt) {
|
||||
this.jwt = jwt;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -25,7 +25,6 @@ import org.springframework.security.oauth2.common.exceptions.InvalidClientExcept
|
|||
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
|
||||
import org.springframework.security.oauth2.provider.AuthorizationRequest;
|
||||
import org.springframework.security.oauth2.provider.OAuth2Authentication;
|
||||
import org.springframework.security.oauth2.provider.client.ClientAuthenticationToken;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import com.google.common.collect.Sets;
|
||||
|
|
@ -216,6 +215,18 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
|
|||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* TODO: Implement
|
||||
* See github issue #2
|
||||
*/
|
||||
@Override
|
||||
public OAuth2AccessTokenEntity getAccessToken(OAuth2Authentication authentication) {
|
||||
|
||||
OAuth2AccessTokenEntity accessToken = new OAuth2AccessTokenEntity();
|
||||
|
||||
return accessToken;
|
||||
}
|
||||
|
||||
@Override
|
||||
public OAuth2RefreshTokenEntity getRefreshToken(String refreshTokenValue) throws AuthenticationException {
|
||||
OAuth2RefreshTokenEntity refreshToken = tokenRepository.getRefreshTokenByValue(refreshTokenValue);
|
||||
|
|
|
|||
|
|
@ -109,8 +109,8 @@ public class ConnectAuthCodeTokenGranter implements TokenGranter {
|
|||
}
|
||||
|
||||
AuthorizationRequest unconfirmedAuthorizationRequest = storedAuth.getAuthenticationRequest();
|
||||
if (unconfirmedAuthorizationRequest.getRequestedRedirect() != null
|
||||
&& !unconfirmedAuthorizationRequest.getRequestedRedirect().equals(redirectUri)) {
|
||||
if (unconfirmedAuthorizationRequest.getRedirectUri() != null
|
||||
&& !unconfirmedAuthorizationRequest.getRedirectUri().equals(redirectUri)) {
|
||||
throw new RedirectMismatchException("Redirect URI mismatch.");
|
||||
}
|
||||
|
||||
|
|
@ -147,8 +147,7 @@ public class ConnectAuthCodeTokenGranter implements TokenGranter {
|
|||
//See github issue #1
|
||||
IdToken idToken = idTokenService.generateIdToken(userId, "http://id.mitre.org/openidconnect");
|
||||
|
||||
|
||||
//TODO: insert IdToken into OAuth2AccessTokenEntity
|
||||
token.setIdToken(idToken);
|
||||
}
|
||||
|
||||
return token;
|
||||
|
|
|
|||
|
|
@ -4,5 +4,6 @@ CREATE TABLE accesstoken (
|
|||
tokenType VARCHAR(256),
|
||||
refresh_token_id VARCHAR(256),
|
||||
client_id VARCHAR(256),
|
||||
authentication LONGBLOB
|
||||
authentication LONGBLOB,
|
||||
idTokenString VARCHAR(256)
|
||||
);
|
||||
|
|
@ -1 +1 @@
|
|||
Subproject commit 92f3ec73e303878f264610ca9d9ff9386b1f6264
|
||||
Subproject commit 2e7150fc0fd1307bc4adb33112bd9487e5b9715f
|
||||
Loading…
Reference in New Issue