github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

roles granted by introspection token services are now configurable (and extendable) via service, addresses #386

pull/419/merge
Justin Richer 2013-07-16 16:59:43 -04:00
parent 35d1e1b6d4
commit 67fd5fa7e9
4 changed files with 73 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectingTokenService.java
View File

@ -23,7 +23,6 @@ import java.util.Map;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.provider.AuthorizationRequest; import org.springframework.security.oauth2.provider.AuthorizationRequest;
import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.security.oauth2.provider.OAuth2Authentication;
@ -50,6 +49,7 @@ public class IntrospectingTokenService implements ResourceServerTokenServices {
private String clientId; private String clientId;
private String clientSecret; private String clientSecret;
private IntrospectionUrlProvider introspectionUrlProvider; private IntrospectionUrlProvider introspectionUrlProvider;
private IntrospectionAuthorityGranter introspectionAuthorityGranter = new SimpleIntrospectionAuthorityGranter();
// Inner class to store in the hash map // Inner class to store in the hash map
private class TokenCacheObject { private class TokenCacheObject {
@ -117,7 +117,7 @@ public class IntrospectingTokenService implements ResourceServerTokenServices {
// create a default authentication object with authority ROLE_API // create a default authentication object with authority ROLE_API
private Authentication createAuthentication(JsonObject token) { private Authentication createAuthentication(JsonObject token) {
// TODO: make role/authority configurable somehow // TODO: make role/authority configurable somehow
return new PreAuthenticatedAuthenticationToken(token.get("sub").getAsString(), null, AuthorityUtils.createAuthorityList("ROLE_API")); return new PreAuthenticatedAuthenticationToken(token.get("sub").getAsString(), token, introspectionAuthorityGranter.getAuthorities(token));
} }
private OAuth2AccessToken createAccessToken(final JsonObject token, final String tokenString) { private OAuth2AccessToken createAccessToken(final JsonObject token, final String tokenString) {

20
openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectionAuthorityGranter.java Normal file
View File

@ -0,0 +1,20 @@
/**
*
*/
package org.mitre.oauth2.introspectingfilter;
import java.util.List;
import org.springframework.security.core.GrantedAuthority;
import com.google.gson.JsonObject;
/**
* @author jricher
*
*/
public interface IntrospectionAuthorityGranter {
public List<GrantedAuthority> getAuthorities(JsonObject introspectionResponse);
}

5
openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/JWTParsingIntrospectionUrlProvider.java
View File

@ -4,6 +4,8 @@
package org.mitre.oauth2.introspectingfilter; package org.mitre.oauth2.introspectingfilter;
import java.text.ParseException; import java.text.ParseException;
import java.util.HashSet;
import java.util.Set;
import org.mitre.openid.connect.client.service.ServerConfigurationService; import org.mitre.openid.connect.client.service.ServerConfigurationService;
import org.mitre.openid.connect.config.ServerConfiguration; import org.mitre.openid.connect.config.ServerConfiguration;
@ -50,6 +52,9 @@ public class JWTParsingIntrospectionUrlProvider implements IntrospectionUrlProvi
String issuer = jwt.getJWTClaimsSet().getIssuer(); String issuer = jwt.getJWTClaimsSet().getIssuer();
if (!Strings.isNullOrEmpty(issuer)) { if (!Strings.isNullOrEmpty(issuer)) {
ServerConfiguration server = serverConfigurationService.getServerConfiguration(issuer); ServerConfiguration server = serverConfigurationService.getServerConfiguration(issuer);
if (server != null) { if (server != null) {
if (!Strings.isNullOrEmpty(server.getIntrospectionEndpointUri())) { if (!Strings.isNullOrEmpty(server.getIntrospectionEndpointUri())) {

46
openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/SimpleIntrospectionAuthorityGranter.java Normal file
View File

@ -0,0 +1,46 @@
/**
*
*/
package org.mitre.oauth2.introspectingfilter;
import java.util.List;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import com.google.gson.JsonObject;
/**
*
* Grants the same set of authorities no matter what's passed in.
*
* @author jricher
*
*/
public class SimpleIntrospectionAuthorityGranter implements IntrospectionAuthorityGranter {
private List<GrantedAuthority> authorities = AuthorityUtils.createAuthorityList("ROLE_API");
/* (non-Javadoc)
* @see org.mitre.oauth2.introspectingfilter.IntrospectionAuthorityGranter#getAuthorities(net.minidev.json.JSONObject)
*/
@Override
public List<GrantedAuthority> getAuthorities(JsonObject introspectionResponse) {
return authorities;
}
/**
* @return the authorities
*/
public List<GrantedAuthority> getAuthorities() {
return authorities;
}
/**
* @param authorities the authorities to set
*/
public void setAuthorities(List<GrantedAuthority> authorities) {
this.authorities = authorities;
}
}