Testing, nonce handling seems to be working now

openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectAuthorizationRequestManager.java

@@ -63,27 +63,30 @@ public class ConnectAuthorizationRequestManager implements AuthorizationRequestM
 		
 		String requestNonce = parameters.get("nonce");
 		
-		//Check request nonce for reuse
+		//If a nonce was included in the request, process it
-		Collection<Nonce> clientNonces = nonceService.getByClientId(client.getClientId());
+		if (requestNonce != null) {
-		for (Nonce nonce : clientNonces) {
+		
-			if (nonce.getValue().equals(requestNonce)) {
+			//Check request nonce for reuse
-				throw new NonceReuseException(client.getClientId(), nonce);
+			Collection<Nonce> clientNonces = nonceService.getByClientId(client.getClientId());
+			for (Nonce nonce : clientNonces) {
+				if (nonce.getValue().equals(requestNonce)) {
+					throw new NonceReuseException(client.getClientId(), nonce);
+				}
 			}
+			
+			//Store nonce
+			Nonce nonce = new Nonce();
+			nonce.setClientId(client.getClientId());
+			nonce.setValue(requestNonce);
+			DateTime now = new DateTime(new Date());
+			nonce.setUseDate(now.toDate());
+			DateTime expDate = now.plus(nonceStorageDuration);
+			Date expirationJdkDate = expDate.toDate();
+			nonce.setExpireDate(expirationJdkDate);
+			
+			nonceService.save(nonce);
 		}
 		
-		//Store nonce
-		Nonce nonce = new Nonce();
-		nonce.setClientId(client.getClientId());
-		nonce.setValue(requestNonce);
-		DateTime now = new DateTime(new Date());
-		nonce.setUseDate(now.toDate());
-		DateTime expDate = now.plus(nonceStorageDuration);
-		Date expirationJdkDate = expDate.toDate();
-		nonce.setExpireDate(expirationJdkDate);
-		
-		nonceService.save(nonce);
-		
-		
 		Set<String> scopes = OAuth2Utils.parseParameterList(parameters.get("scope"));
 		if ((scopes == null || scopes.isEmpty())) {
 			//TODO: do we want to allow default scoping at all?

openid-connect-server/src/main/webapp/WEB-INF/application-context.xml

@@ -105,7 +105,7 @@
 	<!-- SECOAUTH Authorization Server -->
 	<oauth:authorization-server 
 		client-details-service-ref="defaultOAuth2ClientDetailsEntityService"
-		authorization-request-manager-ref="authorizationRequestFactory" 
+		authorization-request-manager-ref="authorizationRequestManager" 
 		token-services-ref="defaultOAuth2ProviderTokenService" 
 		user-approval-handler-ref="jdbcUserApprovalHandler" 
 		authorization-endpoint-url="/authorize" 
@@ -139,12 +139,6 @@
 	<authentication-manager id="clientAuthenticationManager" xmlns="http://www.springframework.org/schema/security">
 		<authentication-provider user-service-ref="clientUserDetailsService" />
 	</authentication-manager>
-
-	<bean id="authorizationRequestFactory" class="org.springframework.security.oauth2.provider.DefaultAuthorizationRequestManager">
-		<constructor-arg>
-			<bean class="org.mitre.oauth2.service.impl.DefaultOAuth2ClientDetailsEntityService" />
-		</constructor-arg>
-	</bean>
 	
 	<bean id="authorizationRequestManager" class="org.mitre.openid.connect.ConnectAuthorizationRequestManager">
 		<constructor-arg>