updated custom filter

12 years ago · 60bda31c54
parent e8095bab26
commit 60bda31c54
3 changed files with 32 additions and 1 deletions
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JwtBearerAuthenticationProvider.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JwtBearerAuthenticationProvider.java
@ -3,6 +3,7 @@
 */
 package org.mitre.openid.connect.assertion;

+import java.security.NoSuchAlgorithmException;
 import java.security.PublicKey;
 import java.security.interfaces.RSAPublicKey;
 import java.util.Date;
@ -11,6 +12,7 @@ import java.util.Map;

 import org.mitre.jwt.model.Jwt;
 import org.mitre.jwt.model.JwtClaims;
+import org.mitre.jwt.model.JwtHeader;
 import org.mitre.jwt.signer.JwsAlgorithm;
 import org.mitre.jwt.signer.JwtSigner;
 import org.mitre.jwt.signer.impl.RsaSigner;
@ -80,6 +82,19 @@ public class JwtBearerAuthenticationProvider implements AuthenticationProvider {
    		Jwt jwt = jwtAuth.getJwt();
    		JwtClaims jwtClaims = jwt.getClaims();

+    		// do a deep copy
+    		Jwt newJwt = new Jwt(new JwtHeader(jwt.getHeader()), new JwtClaims(jwt.getClaims()), null);
+    		// sign it
+    		try {
+    			for (JwtSigner signer : validator.getAllSigners().values()) {
+	                signer.sign(newJwt);
+                }
+	            //validator.signJwt(newJwt);
+            } catch (NoSuchAlgorithmException e) {
+	            // TODO Auto-generated catch block
+	            e.printStackTrace();
+            }
+    		
    		if (!validator.validateSignature(jwt.toString())) {
    			throw new AuthenticationServiceException("Invalid signature");
    		}
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JwtBearerClientAssertionTokenEndpointFilter.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JwtBearerClientAssertionTokenEndpointFilter.java
@ -76,8 +76,23 @@ public class JwtBearerClientAssertionTokenEndpointFilter extends ClientCredentia
    	}
    	
    	
+    	// Can't call to superclass here b/c client creds would break for lack of client_id
+//	    return super.requiresAuthentication(request, response);
+    	
+        String uri = request.getRequestURI();
+        int pathParamIndex = uri.indexOf(';');
+
+        if (pathParamIndex > 0) {
+            // strip everything after the first semi-colon
+            uri = uri.substring(0, pathParamIndex);
+        }
+
+        if ("".equals(request.getContextPath())) {
+            return uri.endsWith(getFilterProcessesUrl());
+        }
+
+        return uri.endsWith(request.getContextPath() + getFilterProcessesUrl());

-	    return super.requiresAuthentication(request, response);
    }


--- a/openid-connect-server/src/main/webapp/WEB-INF/application-context.xml
+++ b/openid-connect-server/src/main/webapp/WEB-INF/application-context.xml
@ -57,6 +57,7 @@
 		<security:http-basic entry-point-ref="oauthAuthenticationEntryPoint" />
 		<!-- include this only if you need to authenticate clients via request parameters -->
 		<security:custom-filter ref="clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER" />
+		<security:custom-filter ref="clientAssertiontokenEndpointFilter" after="BASIC_AUTH_FILTER" />
 		<security:access-denied-handler ref="oauthAccessDeniedHandler" />
 	</security:http>