Cleaned up indentation, whitespace, and imports.
Justin Richer
parent
8185171119
commit
525f3aa2a8
|
|
@ -328,8 +328,8 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
|
||||||
|
|
||||||
if (SECRET_JWT.equals(clientConfig.getTokenEndpointAuthMethod()) &&
|
if (SECRET_JWT.equals(clientConfig.getTokenEndpointAuthMethod()) &&
|
||||||
(alg.equals(JWSAlgorithm.HS256)
|
(alg.equals(JWSAlgorithm.HS256)
|
||||||
|| alg.equals(JWSAlgorithm.HS384)
|
|| alg.equals(JWSAlgorithm.HS384)
|
||||||
|| alg.equals(JWSAlgorithm.HS512))) {
|
|| alg.equals(JWSAlgorithm.HS512))) {
|
||||||
|
|
||||||
// generate one based on client secret
|
// generate one based on client secret
|
||||||
signer = symmetricCacheService.getSymmetricValidtor(clientConfig.getClient());
|
signer = symmetricCacheService.getSymmetricValidtor(clientConfig.getClient());
|
||||||
|
|
@ -634,7 +634,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
|
||||||
@Override
|
@Override
|
||||||
public void onAuthenticationSuccess(HttpServletRequest request,
|
public void onAuthenticationSuccess(HttpServletRequest request,
|
||||||
HttpServletResponse response, Authentication authentication)
|
HttpServletResponse response, Authentication authentication)
|
||||||
throws IOException, ServletException {
|
throws IOException, ServletException {
|
||||||
|
|
||||||
HttpSession session = request.getSession();
|
HttpSession session = request.getSession();
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -48,13 +48,6 @@ import com.google.gson.JsonElement;
|
||||||
import com.google.gson.JsonObject;
|
import com.google.gson.JsonObject;
|
||||||
import com.google.gson.JsonParser;
|
import com.google.gson.JsonParser;
|
||||||
|
|
||||||
import static org.mitre.discovery.util.JsonUtils.getAsBoolean;
|
|
||||||
import static org.mitre.discovery.util.JsonUtils.getAsEncryptionMethodList;
|
|
||||||
import static org.mitre.discovery.util.JsonUtils.getAsJweAlgorithmList;
|
|
||||||
import static org.mitre.discovery.util.JsonUtils.getAsJwsAlgorithmList;
|
|
||||||
import static org.mitre.discovery.util.JsonUtils.getAsString;
|
|
||||||
import static org.mitre.discovery.util.JsonUtils.getAsStringList;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
*
|
*
|
||||||
* Dynamically fetches OpenID Connect server configurations based on the issuer. Caches the server configurations.
|
* Dynamically fetches OpenID Connect server configurations based on the issuer. Caches the server configurations.
|
||||||
|
|
|
||||||
|
|
@ -23,7 +23,6 @@ import java.util.concurrent.ExecutionException;
|
||||||
import java.util.concurrent.TimeUnit;
|
import java.util.concurrent.TimeUnit;
|
||||||
|
|
||||||
import org.apache.http.client.HttpClient;
|
import org.apache.http.client.HttpClient;
|
||||||
import org.apache.http.impl.client.DefaultHttpClient;
|
|
||||||
import org.apache.http.impl.client.SystemDefaultHttpClient;
|
import org.apache.http.impl.client.SystemDefaultHttpClient;
|
||||||
import org.mitre.jose.keystore.JWKSetKeyStore;
|
import org.mitre.jose.keystore.JWKSetKeyStore;
|
||||||
import org.mitre.jwt.encryption.service.JwtEncryptionAndDecryptionService;
|
import org.mitre.jwt.encryption.service.JwtEncryptionAndDecryptionService;
|
||||||
|
|
@ -130,10 +129,10 @@ public class JWKSetCacheService {
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author jricher
|
* @author jricher
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
private class JWKSetEncryptorFetcher extends CacheLoader<String, JwtEncryptionAndDecryptionService> {
|
private class JWKSetEncryptorFetcher extends CacheLoader<String, JwtEncryptionAndDecryptionService> {
|
||||||
private HttpClient httpClient = new SystemDefaultHttpClient();
|
private HttpClient httpClient = new SystemDefaultHttpClient();
|
||||||
private HttpComponentsClientHttpRequestFactory httpFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
|
private HttpComponentsClientHttpRequestFactory httpFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
|
||||||
private RestTemplate restTemplate = new RestTemplate(httpFactory);
|
private RestTemplate restTemplate = new RestTemplate(httpFactory);
|
||||||
|
|
|
||||||
|
|
@ -22,8 +22,6 @@ import org.mitre.oauth2.model.ClientDetailsEntity;
|
||||||
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
|
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
|
||||||
import org.springframework.security.oauth2.provider.OAuth2Request;
|
import org.springframework.security.oauth2.provider.OAuth2Request;
|
||||||
|
|
||||||
import com.nimbusds.jose.JWSAlgorithm;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Service to create specialty OpenID Connect tokens.
|
* Service to create specialty OpenID Connect tokens.
|
||||||
*
|
*
|
||||||
|
|
|
||||||
|
|
@ -51,8 +51,6 @@ import org.springframework.security.oauth2.provider.TokenRequest;
|
||||||
import org.springframework.security.oauth2.provider.token.TokenEnhancer;
|
import org.springframework.security.oauth2.provider.token.TokenEnhancer;
|
||||||
import org.springframework.stereotype.Service;
|
import org.springframework.stereotype.Service;
|
||||||
|
|
||||||
import com.google.common.base.Predicate;
|
|
||||||
import com.google.common.collect.Collections2;
|
|
||||||
import com.google.common.collect.Sets;
|
import com.google.common.collect.Sets;
|
||||||
import com.nimbusds.jwt.JWTClaimsSet;
|
import com.nimbusds.jwt.JWTClaimsSet;
|
||||||
import com.nimbusds.jwt.PlainJWT;
|
import com.nimbusds.jwt.PlainJWT;
|
||||||
|
|
|
||||||
|
|
@ -180,7 +180,7 @@ public class ConnectOAuth2RequestFactory extends DefaultOAuth2RequestFactory {
|
||||||
JWSAlgorithm alg = signedJwt.getHeader().getAlgorithm();
|
JWSAlgorithm alg = signedJwt.getHeader().getAlgorithm();
|
||||||
|
|
||||||
if (client.getRequestObjectSigningAlg() == null ||
|
if (client.getRequestObjectSigningAlg() == null ||
|
||||||
!client.getRequestObjectSigningAlg().equals(alg)) {
|
!client.getRequestObjectSigningAlg().equals(alg)) {
|
||||||
throw new InvalidClientException("Client's registered request object signing algorithm (" + client.getRequestObjectSigningAlg() + ") does not match request object's actual algorithm (" + alg.getName() + ")");
|
throw new InvalidClientException("Client's registered request object signing algorithm (" + client.getRequestObjectSigningAlg() + ") does not match request object's actual algorithm (" + alg.getName() + ")");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -32,6 +32,10 @@ import com.nimbusds.jwt.JWT;
|
||||||
*/
|
*/
|
||||||
public class JwtBearerAssertionAuthenticationToken extends AbstractAuthenticationToken {
|
public class JwtBearerAssertionAuthenticationToken extends AbstractAuthenticationToken {
|
||||||
|
|
||||||
|
/**
|
||||||
|
*
|
||||||
|
*/
|
||||||
|
private static final long serialVersionUID = -3138213539914074617L;
|
||||||
private String clientId;
|
private String clientId;
|
||||||
private JWT jwt;
|
private JWT jwt;
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -99,8 +99,8 @@ public class JwtBearerAuthenticationProvider implements AuthenticationProvider {
|
||||||
|
|
||||||
if (client.getTokenEndpointAuthMethod().equals(AuthMethod.PRIVATE_KEY) &&
|
if (client.getTokenEndpointAuthMethod().equals(AuthMethod.PRIVATE_KEY) &&
|
||||||
(alg.equals(JWSAlgorithm.RS256)
|
(alg.equals(JWSAlgorithm.RS256)
|
||||||
|| alg.equals(JWSAlgorithm.RS384)
|
|| alg.equals(JWSAlgorithm.RS384)
|
||||||
|| alg.equals(JWSAlgorithm.RS512))) {
|
|| alg.equals(JWSAlgorithm.RS512))) {
|
||||||
|
|
||||||
JwtSigningAndValidationService validator = validators.getValidator(client.getJwksUri());
|
JwtSigningAndValidationService validator = validators.getValidator(client.getJwksUri());
|
||||||
|
|
||||||
|
|
@ -113,8 +113,8 @@ public class JwtBearerAuthenticationProvider implements AuthenticationProvider {
|
||||||
}
|
}
|
||||||
} else if (client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_JWT) &&
|
} else if (client.getTokenEndpointAuthMethod().equals(AuthMethod.SECRET_JWT) &&
|
||||||
(alg.equals(JWSAlgorithm.HS256)
|
(alg.equals(JWSAlgorithm.HS256)
|
||||||
|| alg.equals(JWSAlgorithm.HS384)
|
|| alg.equals(JWSAlgorithm.HS384)
|
||||||
|| alg.equals(JWSAlgorithm.HS512))) {
|
|| alg.equals(JWSAlgorithm.HS512))) {
|
||||||
|
|
||||||
// it's HMAC, we need to make a validator based on the client secret
|
// it's HMAC, we need to make a validator based on the client secret
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -42,7 +42,6 @@ import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.context.SecurityContextHolder;
|
import org.springframework.security.core.context.SecurityContextHolder;
|
||||||
import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
|
import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
|
||||||
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
|
|
||||||
import org.springframework.security.oauth2.provider.AuthorizationRequest;
|
import org.springframework.security.oauth2.provider.AuthorizationRequest;
|
||||||
import org.springframework.security.oauth2.provider.OAuth2RequestFactory;
|
import org.springframework.security.oauth2.provider.OAuth2RequestFactory;
|
||||||
import org.springframework.stereotype.Component;
|
import org.springframework.stereotype.Component;
|
||||||
|
|
|
||||||
|
|
@ -33,7 +33,6 @@ import org.mitre.openid.connect.service.UserInfoService;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
|
||||||
import org.springframework.security.oauth2.common.OAuth2AccessToken;
|
import org.springframework.security.oauth2.common.OAuth2AccessToken;
|
||||||
import org.springframework.security.oauth2.provider.OAuth2Authentication;
|
import org.springframework.security.oauth2.provider.OAuth2Authentication;
|
||||||
import org.springframework.security.oauth2.provider.OAuth2Request;
|
import org.springframework.security.oauth2.provider.OAuth2Request;
|
||||||
|
|
@ -41,7 +40,6 @@ import org.springframework.security.oauth2.provider.token.TokenEnhancer;
|
||||||
import org.springframework.stereotype.Service;
|
import org.springframework.stereotype.Service;
|
||||||
|
|
||||||
import com.google.common.collect.Lists;
|
import com.google.common.collect.Lists;
|
||||||
import com.nimbusds.jose.Algorithm;
|
|
||||||
import com.nimbusds.jose.JWSAlgorithm;
|
import com.nimbusds.jose.JWSAlgorithm;
|
||||||
import com.nimbusds.jose.JWSHeader;
|
import com.nimbusds.jose.JWSHeader;
|
||||||
import com.nimbusds.jwt.JWTClaimsSet;
|
import com.nimbusds.jwt.JWTClaimsSet;
|
||||||
|
|
|
||||||
|
|
@ -9,7 +9,6 @@ import java.io.Writer;
|
||||||
import java.text.ParseException;
|
import java.text.ParseException;
|
||||||
import java.util.Date;
|
import java.util.Date;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.Map.Entry;
|
|
||||||
import java.util.UUID;
|
import java.util.UUID;
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
|
@ -28,7 +27,6 @@ import org.springframework.stereotype.Component;
|
||||||
|
|
||||||
import com.google.common.base.Strings;
|
import com.google.common.base.Strings;
|
||||||
import com.google.common.collect.Lists;
|
import com.google.common.collect.Lists;
|
||||||
import com.google.gson.JsonElement;
|
|
||||||
import com.google.gson.JsonObject;
|
import com.google.gson.JsonObject;
|
||||||
import com.nimbusds.jose.Algorithm;
|
import com.nimbusds.jose.Algorithm;
|
||||||
import com.nimbusds.jose.JWEHeader;
|
import com.nimbusds.jose.JWEHeader;
|
||||||
|
|
@ -126,7 +124,7 @@ public class UserInfoJwtView extends UserInfoView {
|
||||||
|
|
||||||
Writer out = response.getWriter();
|
Writer out = response.getWriter();
|
||||||
out.write(signed.serialize());
|
out.write(signed.serialize());
|
||||||
}
|
}
|
||||||
} catch (IOException e) {
|
} catch (IOException e) {
|
||||||
logger.error("IO Exception in UserInfoJwtView", e);
|
logger.error("IO Exception in UserInfoJwtView", e);
|
||||||
} catch (ParseException e) {
|
} catch (ParseException e) {
|
||||||
|
|
|
||||||
|
|
@ -90,17 +90,17 @@ public class UserInfoView extends AbstractView {
|
||||||
response.setContentType("application/json");
|
response.setContentType("application/json");
|
||||||
|
|
||||||
|
|
||||||
JsonObject authorizedClaims = null;
|
JsonObject authorizedClaims = null;
|
||||||
JsonObject requestedClaims = null;
|
JsonObject requestedClaims = null;
|
||||||
if (model.get("authorizedClaims") != null) {
|
if (model.get("authorizedClaims") != null) {
|
||||||
authorizedClaims = jsonParser.parse((String) model.get("authorizedClaims")).getAsJsonObject();
|
authorizedClaims = jsonParser.parse((String) model.get("authorizedClaims")).getAsJsonObject();
|
||||||
}
|
}
|
||||||
if (model.get("requestedClaims") != null) {
|
if (model.get("requestedClaims") != null) {
|
||||||
requestedClaims = jsonParser.parse((String) model.get("requestedClaims")).getAsJsonObject();
|
requestedClaims = jsonParser.parse((String) model.get("requestedClaims")).getAsJsonObject();
|
||||||
}
|
}
|
||||||
JsonObject json = toJsonFromRequestObj(userInfo, scope, authorizedClaims, requestedClaims);
|
JsonObject json = toJsonFromRequestObj(userInfo, scope, authorizedClaims, requestedClaims);
|
||||||
|
|
||||||
writeOut(json, model, request, response);
|
writeOut(json, model, request, response);
|
||||||
}
|
}
|
||||||
|
|
||||||
protected void writeOut(JsonObject json, Map<String, Object> model, HttpServletRequest request, HttpServletResponse response) {
|
protected void writeOut(JsonObject json, Map<String, Object> model, HttpServletRequest request, HttpServletResponse response) {
|
||||||
|
|
|
||||||
|
|
@ -31,7 +31,6 @@ import org.springframework.security.access.prepost.PreAuthorize;
|
||||||
import org.springframework.security.oauth2.provider.OAuth2Authentication;
|
import org.springframework.security.oauth2.provider.OAuth2Authentication;
|
||||||
import org.springframework.stereotype.Controller;
|
import org.springframework.stereotype.Controller;
|
||||||
import org.springframework.ui.Model;
|
import org.springframework.ui.Model;
|
||||||
import org.springframework.validation.BindingResult;
|
|
||||||
import org.springframework.web.bind.annotation.RequestHeader;
|
import org.springframework.web.bind.annotation.RequestHeader;
|
||||||
import org.springframework.web.bind.annotation.RequestMapping;
|
import org.springframework.web.bind.annotation.RequestMapping;
|
||||||
import org.springframework.web.bind.annotation.RequestMethod;
|
import org.springframework.web.bind.annotation.RequestMethod;
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue