updated custom filter

pull/263/head
Justin Richer 12 years ago
parent e8095bab26
commit 60bda31c54

@ -3,6 +3,7 @@
*/
package org.mitre.openid.connect.assertion;
import java.security.NoSuchAlgorithmException;
import java.security.PublicKey;
import java.security.interfaces.RSAPublicKey;
import java.util.Date;
@ -11,6 +12,7 @@ import java.util.Map;
import org.mitre.jwt.model.Jwt;
import org.mitre.jwt.model.JwtClaims;
import org.mitre.jwt.model.JwtHeader;
import org.mitre.jwt.signer.JwsAlgorithm;
import org.mitre.jwt.signer.JwtSigner;
import org.mitre.jwt.signer.impl.RsaSigner;
@ -79,6 +81,19 @@ public class JwtBearerAuthenticationProvider implements AuthenticationProvider {
Jwt jwt = jwtAuth.getJwt();
JwtClaims jwtClaims = jwt.getClaims();
// do a deep copy
Jwt newJwt = new Jwt(new JwtHeader(jwt.getHeader()), new JwtClaims(jwt.getClaims()), null);
// sign it
try {
for (JwtSigner signer : validator.getAllSigners().values()) {
signer.sign(newJwt);
}
//validator.signJwt(newJwt);
} catch (NoSuchAlgorithmException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
if (!validator.validateSignature(jwt.toString())) {
throw new AuthenticationServiceException("Invalid signature");

@ -76,8 +76,23 @@ public class JwtBearerClientAssertionTokenEndpointFilter extends ClientCredentia
}
// Can't call to superclass here b/c client creds would break for lack of client_id
// return super.requiresAuthentication(request, response);
return super.requiresAuthentication(request, response);
String uri = request.getRequestURI();
int pathParamIndex = uri.indexOf(';');
if (pathParamIndex > 0) {
// strip everything after the first semi-colon
uri = uri.substring(0, pathParamIndex);
}
if ("".equals(request.getContextPath())) {
return uri.endsWith(getFilterProcessesUrl());
}
return uri.endsWith(request.getContextPath() + getFilterProcessesUrl());
}

@ -57,6 +57,7 @@
<security:http-basic entry-point-ref="oauthAuthenticationEntryPoint" />
<!-- include this only if you need to authenticate clients via request parameters -->
<security:custom-filter ref="clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER" />
<security:custom-filter ref="clientAssertiontokenEndpointFilter" after="BASIC_AUTH_FILTER" />
<security:access-denied-handler ref="oauthAccessDeniedHandler" />
</security:http>

Loading…
Cancel
Save