From 3c820edb9cb68c9cb92b06316b8f2c62b8472ab7 Mon Sep 17 00:00:00 2001
From: Amanda Anganes <aanganes@mitre.org>
Date: Fri, 9 Mar 2012 16:06:27 -0500
Subject: [PATCH 1/2] /oauth/authorize is MAPPED. Failing when trying to access
 /openidconnect/auth url with java.lang.IllegalStateException: No
 WebApplicationContext found: no ContextLoaderListener registered? 
 org.springframework.web.filter.DelegatingFilterProxy.doFilter(DelegatingFilterProxy.java:251)

---
 .../token/ConnectAuthCodeTokenGranter.java    | 11 ++---
 .../spring/appServlet/servlet-context.xml     | 13 +++--
 .../WEB-INF/spring/application-context.xml    | 48 +++++++++++++++----
 .../WEB-INF/spring/security-context.xml       | 48 -------------------
 server/src/main/webapp/WEB-INF/web.xml        | 10 +++-
 5 files changed, 62 insertions(+), 68 deletions(-)
 delete mode 100644 server/src/main/webapp/WEB-INF/spring/security-context.xml

diff --git a/server/src/main/java/org/mitre/openid/connect/token/ConnectAuthCodeTokenGranter.java b/server/src/main/java/org/mitre/openid/connect/token/ConnectAuthCodeTokenGranter.java
index 37c0712d1..6c9e238b3 100644
--- a/server/src/main/java/org/mitre/openid/connect/token/ConnectAuthCodeTokenGranter.java
+++ b/server/src/main/java/org/mitre/openid/connect/token/ConnectAuthCodeTokenGranter.java
@@ -9,7 +9,6 @@ import java.util.Set;
 import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
 import org.mitre.oauth2.service.impl.DefaultOAuth2ProviderTokenService;
 import org.mitre.openid.connect.model.IdToken;
-import org.mitre.util.Utility;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.common.OAuth2AccessToken;
@@ -22,8 +21,8 @@ import org.springframework.security.oauth2.provider.ClientCredentialsChecker;
 import org.springframework.security.oauth2.provider.ClientDetailsService;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.security.oauth2.provider.TokenGranter;
+import org.springframework.security.oauth2.provider.code.AuthorizationCodeServices;
 import org.springframework.security.oauth2.provider.code.AuthorizationRequestHolder;
-import org.springframework.security.oauth2.provider.code.JdbcAuthorizationCodeServices;
 import org.springframework.stereotype.Component;
 
 /**
@@ -42,7 +41,7 @@ public class ConnectAuthCodeTokenGranter implements TokenGranter {
 	private static final String GRANT_TYPE = "authorization_code";
 	
 	@Autowired
-	private JdbcAuthorizationCodeServices authorizationCodeServices;
+	private AuthorizationCodeServices authorizationCodeServices;
 
 	@Autowired
 	private ClientCredentialsChecker clientCredentialsChecker;
@@ -70,7 +69,7 @@ public class ConnectAuthCodeTokenGranter implements TokenGranter {
 	 */
 	public ConnectAuthCodeTokenGranter(
 			DefaultOAuth2ProviderTokenService tokenServices,
-			JdbcAuthorizationCodeServices authorizationCodeServices,
+			AuthorizationCodeServices authorizationCodeServices,
 			ClientDetailsService clientDetailsService) {
 		
 		setTokenServices(tokenServices);
@@ -156,14 +155,14 @@ public class ConnectAuthCodeTokenGranter implements TokenGranter {
 	/**
 	 * @return the authorizationCodeServices
 	 */
-	public JdbcAuthorizationCodeServices getAuthorizationCodeServices() {
+	public AuthorizationCodeServices getAuthorizationCodeServices() {
 		return authorizationCodeServices;
 	}
 
 	/**
 	 * @param authorizationCodeServices the authorizationCodeServices to set
 	 */
-	public void setAuthorizationCodeServices(JdbcAuthorizationCodeServices authorizationCodeServices) {
+	public void setAuthorizationCodeServices(AuthorizationCodeServices authorizationCodeServices) {
 		this.authorizationCodeServices = authorizationCodeServices;
 	}
 
diff --git a/server/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml b/server/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml
index aa2ff7cd9..0334f4170 100644
--- a/server/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml
+++ b/server/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml
@@ -4,18 +4,18 @@
 	xmlns:beans="http://www.springframework.org/schema/beans"
 	xmlns:context="http://www.springframework.org/schema/context"
 	xmlns:security="http://www.springframework.org/schema/security"
+	xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
 	xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
 		http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
 		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd
-		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd">
+		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.0.xsd
+		http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2.xsd">
 
 	<!-- DispatcherServlet Context: defines this servlet's request-processing infrastructure -->
 	
 	<!-- Enables the Spring MVC @Controller programming model -->
 	<annotation-driven />
 
-	<security:global-method-security pre-post-annotations="enabled" proxy-target-class="true"/>
-
 	<!-- Handles HTTP GET requests for /resources/** by efficiently serving up static resources in the ${webappRoot}/resources directory -->
 	<resources mapping="/resources/**" location="/resources/" />
 
@@ -41,5 +41,12 @@
 <!-- 	<beans:bean id="jsonIdTokenView" class="org.mitre.openid.connect.view.JSONIdTokenView"/> -->
 	
 	<beans:import resource="controllers.xml" />
+
+	<!-- SECOAUTH Authorization Server, with our custom token granter plugged in -->
+	<oauth:authorization-server client-details-service-ref="defaultOAuth2ClientDetailsEntityService" 
+		token-services-ref="defaultOAuth2ProviderTokenService" token-granter-ref="connectAuthCodeTokenGranter"
+		authorization-endpoint-url="/openidconnect/auth">
+		<oauth:authorization-code authorization-code-services-ref="authCodeServices"/>
+	</oauth:authorization-server>
 	
 </beans:beans>
diff --git a/server/src/main/webapp/WEB-INF/spring/application-context.xml b/server/src/main/webapp/WEB-INF/spring/application-context.xml
index 5fba944d1..1935535cc 100644
--- a/server/src/main/webapp/WEB-INF/spring/application-context.xml
+++ b/server/src/main/webapp/WEB-INF/spring/application-context.xml
@@ -14,21 +14,51 @@
 		http://www.mitre.org/schema/openid-connect/jwt-signer http://www.mitre.org/schema/openid-connect/jwt-signer/jwt-signer-1.0.xsd
 		http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-3.1.xsd
 		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">
+	
+	<!-- Root Context: defines shared resources visible to all other web components -->
 		
 	<import resource="data-context.xml" />	
 
-	<import resource="security-context.xml" />
+	<security:global-method-security pre-post-annotations="enabled" proxy-target-class="true" authentication-manager-ref="springSecurityAuthenticationManager"/>
+	<security:http use-expressions="true" auto-config="true" authentication-manager-ref="springSecurityAuthenticationManager">
+<!-- 		<security:intercept-url pattern="/oauth/user/**" access="hasRole('ROLE_USER')"/> -->
+		<security:intercept-url pattern="/*" access="permitAll"/>
+		
+	</security:http>
+		
+	<bean id="clientCredentialsChecker" class="org.springframework.security.oauth2.provider.ClientCredentialsChecker">
+		<constructor-arg>
+			<bean class="org.mitre.oauth2.service.impl.DefaultOAuth2ClientDetailsEntityService"/>
+		</constructor-arg>
+	</bean>	
+		
+	<!-- Authorization Code Service, used by TokenGranter -->
+<!-- 	<bean id="jdbcAuthCodeServices" class="org.springframework.security.oauth2.provider.code.JdbcAuthorizationCodeServices"> -->
+<!-- 		<constructor-arg> -->
+<!-- 			<ref bean="dataSource"/> -->
+<!-- 		</constructor-arg> -->
+<!-- 	</bean> -->
+
+	
+
+	<bean id="authCodeServices" class="org.springframework.security.oauth2.provider.code.InMemoryAuthorizationCodeServices"/>
+
+	<security:authentication-manager id="springSecurityAuthenticationManager">
+		<security:authentication-provider>
+			<security:user-service id="userDetailsService">
+		    	<security:user name="jimi" password="jimispassword" authorities="ROLE_USER, ROLE_ADMIN" />
+		    	<security:user name="bob" password="bobspassword" authorities="ROLE_USER" />
+		  	</security:user-service>
+		</security:authentication-provider>
+	</security:authentication-manager>	
 		
 	<tx:annotation-driven transaction-manager="transactionManager" />
-
-	<!-- Root Context: defines shared resources visible to all other web components -->
+	
 	<bean id="jpaAdapter" class="org.springframework.orm.jpa.vendor.EclipseLinkJpaVendorAdapter">
 		<property name="databasePlatform" value="org.eclipse.persistence.platform.database.MySQLPlatform" />
 		<property name="showSql" value="true" />
 	</bean>
-	
-	
-	
+
 	<!-- Map our custom exception classes to named views -->
 	<bean class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
 	   <property name="exceptionMappings">
@@ -65,9 +95,9 @@
 	</jwt-signer:service>
 	 
 	<!-- scheduled tasks -->
-	<task:scheduler id="taskScheduler" pool-size="10" />
-	<task:executor id="taskExecutor" pool-size="5" />
-	<task:annotation-driven scheduler="taskScheduler" executor="taskExecutor" />
+<!-- 	<task:scheduler id="taskScheduler" pool-size="10" /> -->
+<!-- 	<task:executor id="taskExecutor" pool-size="5" /> -->
+<!-- 	<task:annotation-driven scheduler="taskScheduler" executor="taskExecutor" /> -->
 	
 	<!-- load everything except controllers (those get handled elsewhere) -->
     <context:component-scan annotation-config="true" base-package="org.mitre">
diff --git a/server/src/main/webapp/WEB-INF/spring/security-context.xml b/server/src/main/webapp/WEB-INF/spring/security-context.xml
deleted file mode 100644
index cfe1c27e6..000000000
--- a/server/src/main/webapp/WEB-INF/spring/security-context.xml
+++ /dev/null
@@ -1,48 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<beans xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xmlns:p="http://www.springframework.org/schema/p"
-	xmlns:oauth2="http://www.springframework.org/schema/security/oauth2"
-	xmlns="http://www.springframework.org/schema/beans"
-	xmlns:security="http://www.springframework.org/schema/security"
-	xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2.xsd
-		http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-3.1.xsd
-		http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-3.0.xsd">
-
-	<security:global-method-security pre-post-annotations="enabled" proxy-target-class="true"/>
-
-	<security:http use-expressions="true" auto-config="true">
-<!-- 		<security:intercept-url pattern="/oauth/user/**" access="hasRole('ROLE_USER')"/> -->
-		<security:intercept-url pattern="/*" access="permitAll"/>
-		
-	</security:http>
-	
-	<!-- Authorization Code Service, used by TokenGranter -->
-	<bean id="jdbcAuthCodeServices" class="org.springframework.security.oauth2.provider.code.JdbcAuthorizationCodeServices">
-		<constructor-arg>
-			<bean class="org.apache.commons.dbcp.BasicDataSource"/>
-		</constructor-arg>
-	</bean>
-	
-	<bean id="clientCredentialsChecker" class="org.springframework.security.oauth2.provider.ClientCredentialsChecker">
-		<constructor-arg>
-			<bean class="org.mitre.oauth2.service.impl.DefaultOAuth2ClientDetailsEntityService"/>
-		</constructor-arg>
-	</bean>
-	
-	<!-- SECOAUTH Authorization Server, with our custom token granter plugged in -->
-	<oauth2:authorization-server client-details-service-ref="defaultOAuth2ClientDetailsEntityService" 
-		token-services-ref="defaultOAuth2ProviderTokenService" token-granter-ref="connectAuthCodeTokenGranter"
-		authorization-endpoint-url="/openidconnect/auth">
-		<oauth2:authorization-code />
-	</oauth2:authorization-server>
-	
-	<security:authentication-manager>
-		<security:authentication-provider>
-			<security:user-service id="userDetailsService">
-		    	<security:user name="jimi" password="jimispassword" authorities="ROLE_USER, ROLE_ADMIN" />
-		    	<security:user name="bob" password="bobspassword" authorities="ROLE_USER" />
-		  	</security:user-service>
-		</security:authentication-provider>
-	</security:authentication-manager>
-
-</beans>
diff --git a/server/src/main/webapp/WEB-INF/web.xml b/server/src/main/webapp/WEB-INF/web.xml
index eb8152894..31a25c4f6 100644
--- a/server/src/main/webapp/WEB-INF/web.xml
+++ b/server/src/main/webapp/WEB-INF/web.xml
@@ -15,13 +15,15 @@
 	<listener>
 		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
 	</listener>
-	
-	
 
 	<!-- Since we defined a custom authorization-endpoint-url, we need an additional filter: -->
 	<filter>
 	    <filter-name>oauth2EndpointUrlFilter</filter-name>
 	    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+	    <init-param>
+	        <param-name>contextAttribute</param-name>
+	        <param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.spring</param-value>
+	    </init-param>
 	</filter>
 	
 	<filter-mapping>
@@ -33,6 +35,10 @@
 	<filter>
 	    <filter-name>springSecurityFilterChain</filter-name>
 	    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+	    <init-param>
+	        <param-name>contextAttribute</param-name>
+	        <param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.spring</param-value>
+	    </init-param>
 	</filter>
 
 	<filter-mapping>

From c68762877dff3f01029aa9de8d4020ba2662af5a Mon Sep 17 00:00:00 2001
From: Amanda Anganes <aanganes@mitre.org>
Date: Mon, 12 Mar 2012 11:54:19 -0400
Subject: [PATCH 2/2] Needs more testing, but this doesn't break anything
 existing and I *think* the SECOAUTH AuthZ server is up now. /oauth/authorize
 IS mapped, but I am getting a "GET not allowed" (POST looks like it is) when
 I try to access the authorization endpoint with my browser.

---
 server/src/main/webapp/WEB-INF/web.xml | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/server/src/main/webapp/WEB-INF/web.xml b/server/src/main/webapp/WEB-INF/web.xml
index 31a25c4f6..4b063fb7b 100644
--- a/server/src/main/webapp/WEB-INF/web.xml
+++ b/server/src/main/webapp/WEB-INF/web.xml
@@ -22,7 +22,7 @@
 	    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
 	    <init-param>
 	        <param-name>contextAttribute</param-name>
-	        <param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.spring</param-value>
+	        <param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.appServlet</param-value>
 	    </init-param>
 	</filter>
 	
@@ -35,9 +35,9 @@
 	<filter>
 	    <filter-name>springSecurityFilterChain</filter-name>
 	    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
-	    <init-param>
+	     <init-param>
 	        <param-name>contextAttribute</param-name>
-	        <param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.spring</param-value>
+	        <param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.appServlet</param-value>
 	    </init-param>
 	</filter>