github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Testing, nonce handling seems to be working now

pull/263/head
Amanda Anganes 2013-01-07 13:28:30 -05:00
parent a1a117cfde
commit 59f1b1f05e
2 changed files with 22 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectAuthorizationRequestManager.java
View File

@ -63,6 +63,9 @@ public class ConnectAuthorizationRequestManager implements AuthorizationRequestM
String requestNonce = parameters.get("nonce"); String requestNonce = parameters.get("nonce");
//If a nonce was included in the request, process it
if (requestNonce != null) {
//Check request nonce for reuse //Check request nonce for reuse
Collection<Nonce> clientNonces = nonceService.getByClientId(client.getClientId()); Collection<Nonce> clientNonces = nonceService.getByClientId(client.getClientId());
for (Nonce nonce : clientNonces) { for (Nonce nonce : clientNonces) {
@ -82,7 +85,7 @@ public class ConnectAuthorizationRequestManager implements AuthorizationRequestM
nonce.setExpireDate(expirationJdkDate); nonce.setExpireDate(expirationJdkDate);
nonceService.save(nonce); nonceService.save(nonce);
}
Set<String> scopes = OAuth2Utils.parseParameterList(parameters.get("scope")); Set<String> scopes = OAuth2Utils.parseParameterList(parameters.get("scope"));
if ((scopes == null || scopes.isEmpty())) { if ((scopes == null || scopes.isEmpty())) {

8
openid-connect-server/src/main/webapp/WEB-INF/application-context.xml
View File

@ -105,7 +105,7 @@
<!-- SECOAUTH Authorization Server --> <!-- SECOAUTH Authorization Server -->
<oauth:authorization-server <oauth:authorization-server
client-details-service-ref="defaultOAuth2ClientDetailsEntityService" client-details-service-ref="defaultOAuth2ClientDetailsEntityService"
authorization-request-manager-ref="authorizationRequestFactory" authorization-request-manager-ref="authorizationRequestManager"
token-services-ref="defaultOAuth2ProviderTokenService" token-services-ref="defaultOAuth2ProviderTokenService"
user-approval-handler-ref="jdbcUserApprovalHandler" user-approval-handler-ref="jdbcUserApprovalHandler"
authorization-endpoint-url="/authorize" authorization-endpoint-url="/authorize"
@ -140,12 +140,6 @@
<authentication-provider user-service-ref="clientUserDetailsService" /> <authentication-provider user-service-ref="clientUserDetailsService" />
</authentication-manager> </authentication-manager>
<bean id="authorizationRequestFactory" class="org.springframework.security.oauth2.provider.DefaultAuthorizationRequestManager">
<constructor-arg>
<bean class="org.mitre.oauth2.service.impl.DefaultOAuth2ClientDetailsEntityService" />
</constructor-arg>
</bean>
<bean id="authorizationRequestManager" class="org.mitre.openid.connect.ConnectAuthorizationRequestManager"> <bean id="authorizationRequestManager" class="org.mitre.openid.connect.ConnectAuthorizationRequestManager">
<constructor-arg> <constructor-arg>
<bean class="org.mitre.oauth2.service.impl.DefaultOAuth2ClientDetailsEntityService" /> <bean class="org.mitre.oauth2.service.impl.DefaultOAuth2ClientDetailsEntityService" />