github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

cleaned up AuthRequestObjectEndpoint class

pull/166/merge
Mike Derryberry 2012-08-02 14:21:30 -04:00 committed by Justin Richer
parent d93f5f18e5
commit 638ebf2010
1 changed files with 52 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
openid-connect-server/src/main/java/org/mitre/openid/connect/server/AuthorizationEndpointRequestObject.java
View File

@ -8,6 +8,7 @@ import java.util.Collection;
import java.util.Date; import java.util.Date;
import java.util.HashSet; import java.util.HashSet;
import java.util.Map; import java.util.Map;
import java.util.Set;
import org.mitre.jwt.model.Jwt; import org.mitre.jwt.model.Jwt;
import org.mitre.jwt.model.JwtClaims; import org.mitre.jwt.model.JwtClaims;
@ -21,6 +22,7 @@ import org.springframework.security.oauth2.common.exceptions.InvalidGrantExcepti
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
import org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException; import org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException;
import org.springframework.security.oauth2.common.exceptions.UnsupportedGrantTypeException; import org.springframework.security.oauth2.common.exceptions.UnsupportedGrantTypeException;
import org.springframework.security.oauth2.common.exceptions.UserDeniedAuthorizationException;
import org.springframework.security.oauth2.provider.AuthorizationRequest; import org.springframework.security.oauth2.provider.AuthorizationRequest;
import org.springframework.security.oauth2.provider.ClientDetailsService; import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.approval.DefaultUserApprovalHandler; import org.springframework.security.oauth2.provider.approval.DefaultUserApprovalHandler;
@ -33,7 +35,9 @@ import org.springframework.security.oauth2.provider.endpoint.DefaultRedirectReso
import org.springframework.security.oauth2.provider.endpoint.RedirectResolver; import org.springframework.security.oauth2.provider.endpoint.RedirectResolver;
import org.springframework.stereotype.Controller; import org.springframework.stereotype.Controller;
import org.springframework.util.ClassUtils; import org.springframework.util.ClassUtils;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.SessionAttributes; import org.springframework.web.bind.annotation.SessionAttributes;
import org.springframework.web.bind.support.SessionStatus; import org.springframework.web.bind.support.SessionStatus;
@ -72,7 +76,7 @@ public class AuthorizationEndpointRequestObject extends AbstractEndpoint impleme
AuthorizationRequest authorizationRequest = new AuthorizationRequest(parameters, null, clientId, scope); AuthorizationRequest authorizationRequest = new AuthorizationRequest(parameters, null, clientId, scope);
if (claims.getClaim("client_id") == null) { if (authorizationRequest.getClientId() == null) {
sessionStatus.setComplete(); sessionStatus.setComplete();
throw new InvalidClientException("A client_id must be supplied."); throw new InvalidClientException("A client_id must be supplied.");
} }
@ -84,17 +88,17 @@ public class AuthorizationEndpointRequestObject extends AbstractEndpoint impleme
} }
if (!authorizationRequest.getResponseTypes().contains("token") && !authorizationRequest.getResponseTypes().contains("code")) { if (!authorizationRequest.getResponseTypes().contains("token") && !authorizationRequest.getResponseTypes().contains("code")) {
throw new UnsupportedGrantTypeException("Unsupported response types: " + claims.getClaim("response_type")); throw new UnsupportedGrantTypeException("Unsupported response types: " + authorizationRequest.getResponseTypes());
} }
try { try {
authorizationRequest = resolveRedirectUriAndCheckApproval(authorizationRequest, (Authentication) principal); authorizationRequest = resolveRedirectUriAndCheckApproval(authorizationRequest, (Authentication) principal);
if (authorizationRequest.isApproved()) { if (authorizationRequest.isApproved()) {
if (claims.getClaim("response_type").equals("token")) { if (authorizationRequest.getResponseTypes().contains("token")) {
return getImplicitGrantResponse(authorizationRequest); return getImplicitGrantResponse(authorizationRequest);
} }
if (claims.getClaim("response_type").equals("code")) { if (authorizationRequest.getResponseTypes().contains("code")) {
return new ModelAndView(getAuthorizationCodeResponse(authorizationRequest, return new ModelAndView(getAuthorizationCodeResponse(authorizationRequest,
(Authentication) principal)); (Authentication) principal));
} }
@ -119,6 +123,50 @@ public class AuthorizationEndpointRequestObject extends AbstractEndpoint impleme
// COPIED FROM SECOAUTH AuthorizationEndpoint // COPIED FROM SECOAUTH AuthorizationEndpoint
// //
@RequestMapping(method = RequestMethod.POST, params = AuthorizationRequest.USER_OAUTH_APPROVAL)
public View approveOrDeny(@RequestParam Map<String, String> approvalParameters,
@ModelAttribute AuthorizationRequest authorizationRequest, SessionStatus sessionStatus, Principal principal) {
if (authorizationRequest.getClientId() == null) {
sessionStatus.setComplete();
throw new InvalidClientException("A client_id must be supplied.");
}
if (!(principal instanceof Authentication)) {
sessionStatus.setComplete();
throw new InsufficientAuthenticationException(
"User must be authenticated with Spring Security before authorizing an access token.");
}
try {
Set<String> responseTypes = authorizationRequest.getResponseTypes();
authorizationRequest = authorizationRequest.addApprovalParameters(approvalParameters);
authorizationRequest = resolveRedirectUriAndCheckApproval(authorizationRequest, (Authentication) principal);
if (!authorizationRequest.isApproved()) {
return new RedirectView(getUnsuccessfulRedirect(authorizationRequest,
new UserDeniedAuthorizationException("User denied access"), responseTypes.contains("token")),
false);
}
if (responseTypes.contains("token")) {
return getImplicitGrantResponse(authorizationRequest).getView();
}
return getAuthorizationCodeResponse(authorizationRequest, (Authentication) principal);
}
finally {
sessionStatus.setComplete();
}
}
//
// TODO: Remove when possible
// COPIED FROM SECOAUTH AuthorizationEndpoint
//
private AuthorizationRequest resolveRedirectUriAndCheckApproval(AuthorizationRequest authorizationRequest, private AuthorizationRequest resolveRedirectUriAndCheckApproval(AuthorizationRequest authorizationRequest,
Authentication authentication) throws OAuth2Exception { Authentication authentication) throws OAuth2Exception {