From 61a596dc15fe9837556a8345949aae7a278069f1 Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Wed, 11 Mar 2015 14:00:14 -0400 Subject: [PATCH] externalized strings from user info views --- .../openid/connect/view/UserInfoJWTView.java | 11 +++++++++-- .../openid/connect/view/UserInfoView.java | 19 ++++++++++++------- .../openid/connect/web/UserInfoEndpoint.java | 19 ++++++++----------- 3 files changed, 29 insertions(+), 20 deletions(-) diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoJWTView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoJWTView.java index 750dd848f..a918dfeb3 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoJWTView.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoJWTView.java @@ -39,6 +39,7 @@ import org.mitre.openid.connect.config.ConfigurationPropertiesBean; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.MediaType; import org.springframework.stereotype.Component; import com.google.common.base.Strings; @@ -59,6 +60,8 @@ import com.nimbusds.jwt.SignedJWT; @Component(UserInfoJWTView.VIEWNAME) public class UserInfoJWTView extends UserInfoView { + public static final String CLIENT = "client"; + /** * Logger for this class */ @@ -66,6 +69,10 @@ public class UserInfoJWTView extends UserInfoView { public static final String VIEWNAME = "userInfoJwtView"; + public static final String JOSE_MEDIA_TYPE_VALUE = "application/jwt"; + public static final MediaType JOSE_MEDIA_TYPE = new MediaType("application", "jwt"); + + @Autowired private JWTSigningAndValidationService jwtService; @@ -83,13 +90,13 @@ public class UserInfoJWTView extends UserInfoView { HttpServletRequest request, HttpServletResponse response) { try { - ClientDetailsEntity client = (ClientDetailsEntity)model.get("client"); + ClientDetailsEntity client = (ClientDetailsEntity)model.get(CLIENT); // use the parser to import the user claims into the object StringWriter writer = new StringWriter(); gson.toJson(json, writer); - response.setContentType("application/jwt"); + response.setContentType(JOSE_MEDIA_TYPE_VALUE); JWTClaimsSet claims = JWTClaimsSet.parse(writer.toString()); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoView.java index 8c79e4759..f9d689c44 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoView.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoView.java @@ -47,9 +47,14 @@ import com.google.gson.JsonParser; @Component(UserInfoView.VIEWNAME) public class UserInfoView extends AbstractView { - private static JsonParser jsonParser = new JsonParser(); + public static final String REQUESTED_CLAIMS = "requestedClaims"; + public static final String AUTHORIZED_CLAIMS = "authorizedClaims"; + public static final String SCOPE = "scope"; + public static final String USER_INFO = "userInfo"; public static final String VIEWNAME = "userInfoView"; + + private static JsonParser jsonParser = new JsonParser(); /** * Logger for this class @@ -89,20 +94,20 @@ public class UserInfoView extends AbstractView { @Override protected void renderMergedOutputModel(Map model, HttpServletRequest request, HttpServletResponse response) { - UserInfo userInfo = (UserInfo) model.get("userInfo"); + UserInfo userInfo = (UserInfo) model.get(USER_INFO); - Set scope = (Set) model.get("scope"); + Set scope = (Set) model.get(SCOPE); response.setContentType(MediaType.APPLICATION_JSON_VALUE); JsonObject authorizedClaims = null; JsonObject requestedClaims = null; - if (model.get("authorizedClaims") != null) { - authorizedClaims = jsonParser.parse((String) model.get("authorizedClaims")).getAsJsonObject(); + if (model.get(AUTHORIZED_CLAIMS) != null) { + authorizedClaims = jsonParser.parse((String) model.get(AUTHORIZED_CLAIMS)).getAsJsonObject(); } - if (model.get("requestedClaims") != null) { - requestedClaims = jsonParser.parse((String) model.get("requestedClaims")).getAsJsonObject(); + if (model.get(REQUESTED_CLAIMS) != null) { + requestedClaims = jsonParser.parse((String) model.get(REQUESTED_CLAIMS)).getAsJsonObject(); } JsonObject json = toJsonFromRequestObj(userInfo, scope, authorizedClaims, requestedClaims); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java index d2a625894..efbe3e9af 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java @@ -72,14 +72,11 @@ public class UserInfoEndpoint { */ private static final Logger logger = LoggerFactory.getLogger(UserInfoEndpoint.class); - private static final MediaType JOSE_MEDIA_TYPE = new MediaType("application", "jwt"); - private static final String JOSE_MEDIA_TYPE_VALUE = "application/jwt"; - /** * Get information about the user as specified in the accessToken included in this request */ @PreAuthorize("hasRole('ROLE_USER') and #oauth2.hasScope('" + SystemScopeService.OPENID_SCOPE + "')") - @RequestMapping(method= {RequestMethod.GET, RequestMethod.POST}, produces = {MediaType.APPLICATION_JSON_VALUE, JOSE_MEDIA_TYPE_VALUE}) + @RequestMapping(method= {RequestMethod.GET, RequestMethod.POST}, produces = {MediaType.APPLICATION_JSON_VALUE, UserInfoJWTView.JOSE_MEDIA_TYPE_VALUE}) public String getInfo(@RequestParam(value="claims", required=false) String claimsRequestJsonString, @RequestHeader(value="Accept", required=false) String acceptHeader, OAuth2Authentication auth, Model model) { @@ -99,21 +96,21 @@ public class UserInfoEndpoint { return HttpCodeView.VIEWNAME; } - model.addAttribute("scope", auth.getOAuth2Request().getScope()); + model.addAttribute(UserInfoView.SCOPE, auth.getOAuth2Request().getScope()); - model.addAttribute("authorizedClaims", auth.getOAuth2Request().getExtensions().get("claims")); + model.addAttribute(UserInfoView.AUTHORIZED_CLAIMS, auth.getOAuth2Request().getExtensions().get("claims")); if (!Strings.isNullOrEmpty(claimsRequestJsonString)) { - model.addAttribute("requestedClaims", claimsRequestJsonString); + model.addAttribute(UserInfoView.REQUESTED_CLAIMS, claimsRequestJsonString); } - model.addAttribute("userInfo", userInfo); + model.addAttribute(UserInfoView.USER_INFO, userInfo); // content negotiation // start off by seeing if the client has registered for a signed/encrypted JWT from here ClientDetailsEntity client = clientService.loadClientByClientId(auth.getOAuth2Request().getClientId()); - model.addAttribute("client", client); + model.addAttribute(UserInfoJWTView.CLIENT, client); List mediaTypes = MediaType.parseMediaTypes(acceptHeader); MediaType.sortBySpecificityAndQuality(mediaTypes); @@ -123,7 +120,7 @@ public class UserInfoEndpoint { || client.getUserInfoEncryptedResponseEnc() != null) { // client has a preference, see if they ask for plain JSON specifically on this request for (MediaType m : mediaTypes) { - if (!m.isWildcardType() && m.isCompatibleWith(JOSE_MEDIA_TYPE)) { + if (!m.isWildcardType() && m.isCompatibleWith(UserInfoJWTView.JOSE_MEDIA_TYPE)) { return UserInfoJWTView.VIEWNAME; } else if (!m.isWildcardType() && m.isCompatibleWith(MediaType.APPLICATION_JSON)) { return UserInfoView.VIEWNAME; @@ -137,7 +134,7 @@ public class UserInfoEndpoint { for (MediaType m : mediaTypes) { if (!m.isWildcardType() && m.isCompatibleWith(MediaType.APPLICATION_JSON)) { return UserInfoView.VIEWNAME; - } else if (!m.isWildcardType() && m.isCompatibleWith(JOSE_MEDIA_TYPE)) { + } else if (!m.isWildcardType() && m.isCompatibleWith(UserInfoJWTView.JOSE_MEDIA_TYPE)) { return UserInfoJWTView.VIEWNAME; } }