diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/AbstractOIDCAuthenticationFilter.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/AbstractOIDCAuthenticationFilter.java index b8c66f879..076a75864 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/AbstractOIDCAuthenticationFilter.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/AbstractOIDCAuthenticationFilter.java @@ -18,9 +18,6 @@ package org.mitre.openid.connect.client; import java.io.IOException; import java.io.UnsupportedEncodingException; import java.math.BigInteger; -import java.net.URI; -import java.net.URISyntaxException; -import java.net.URLEncoder; import java.security.PublicKey; import java.security.SecureRandom; import java.security.interfaces.RSAPublicKey; @@ -40,7 +37,6 @@ import javax.servlet.http.HttpSession; import org.apache.commons.lang.StringUtils; import org.apache.http.NameValuePair; import org.apache.http.client.HttpClient; -import org.apache.http.client.utils.URIUtils; import org.apache.http.client.utils.URLEncodedUtils; import org.apache.http.impl.client.DefaultHttpClient; import org.apache.http.message.BasicNameValuePair; @@ -53,7 +49,6 @@ import org.mitre.jwt.signer.service.impl.DefaultJwtSigningAndValidationService; import org.mitre.key.fetch.KeyFetcher; import org.mitre.openid.connect.config.OIDCServerConfiguration; import org.mitre.openid.connect.model.IdToken; -import org.springframework.http.HttpMethod; import org.springframework.http.client.HttpComponentsClientHttpRequestFactory; import org.springframework.security.authentication.AuthenticationServiceException; import org.springframework.security.core.Authentication; @@ -68,7 +63,6 @@ import org.springframework.web.client.RestTemplate; import com.google.gson.JsonElement; import com.google.gson.JsonObject; import com.google.gson.JsonParser; -import com.sun.xml.ws.mex.client.schema.GetMetadata; /** * Abstract OpenID Connect Authentication Filter class @@ -107,7 +101,7 @@ public class AbstractOIDCAuthenticationFilter extends List ignore = (ignoreFields != null) ? Arrays.asList(ignoreFields) : null; - boolean isFirst = true; + //boolean isFirst = true; StringBuffer sb = request.getRequestURL(); List queryparams = new ArrayList(); @@ -321,7 +315,7 @@ public class AbstractOIDCAuthenticationFilter extends } else { // Extract the id_token to insert into the - // OpenIdConnectAuthenticationToken + // OIDCAuthenticationToken // get out all the token strings String accessTokenValue = null; @@ -427,9 +421,9 @@ public class AbstractOIDCAuthenticationFilter extends String userId = idToken.getClaims().getUserId(); - // construct an OpenIdConnectAuthenticationToken and return a Authentication object w/the userId and the idToken + // construct an OIDCAuthenticationToken and return a Authentication object w/the userId and the idToken - OpenIdConnectAuthenticationToken token = new OpenIdConnectAuthenticationToken(userId, idClaims.getIssuer(), serverConfig, idTokenValue, accessTokenValue, refreshTokenValue); + OIDCAuthenticationToken token = new OIDCAuthenticationToken(userId, idClaims.getIssuer(), serverConfig, idTokenValue, accessTokenValue, refreshTokenValue); Authentication authentication = this.getAuthenticationManager().authenticate(token); diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OpenIdConnectAuthenticationProvider.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationProvider.java similarity index 85% rename from openid-connect-client/src/main/java/org/mitre/openid/connect/client/OpenIdConnectAuthenticationProvider.java rename to openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationProvider.java index 34936e4dc..826b295d5 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OpenIdConnectAuthenticationProvider.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationProvider.java @@ -22,14 +22,10 @@ import org.springframework.beans.factory.InitializingBean; import org.springframework.security.authentication.AuthenticationProvider; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; -import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.authority.mapping.GrantedAuthoritiesMapper; import org.springframework.security.core.authority.mapping.NullAuthoritiesMapper; -import org.springframework.security.core.userdetails.AuthenticationUserDetailsService; -import org.springframework.security.core.userdetails.UserDetails; import org.springframework.security.core.userdetails.UsernameNotFoundException; -import org.springframework.util.Assert; import com.google.common.base.Strings; import com.google.common.collect.Sets; @@ -38,7 +34,7 @@ import com.google.common.collect.Sets; * @author nemonik * */ -public class OpenIdConnectAuthenticationProvider implements +public class OIDCAuthenticationProvider implements AuthenticationProvider, InitializingBean { private UserInfoFetcher userInfoFetcher = new UserInfoFetcher(); @@ -69,13 +65,13 @@ public class OpenIdConnectAuthenticationProvider implements return null; } - if (authentication instanceof OpenIdConnectAuthenticationToken) { + if (authentication instanceof OIDCAuthenticationToken) { // Default authorities set // TODO: let this be configured Collection authorities = Sets.newHashSet(new SimpleGrantedAuthority("ROLE_USER")); - OpenIdConnectAuthenticationToken token = (OpenIdConnectAuthenticationToken) authentication; + OIDCAuthenticationToken token = (OIDCAuthenticationToken) authentication; UserInfo userInfo = userInfoFetcher.loadUserInfo(token); @@ -88,7 +84,7 @@ public class OpenIdConnectAuthenticationProvider implements } } - return new OpenIdConnectAuthenticationToken(token.getUserId(), + return new OIDCAuthenticationToken(token.getUserId(), token.getIssuer(), userInfo, authoritiesMapper.mapAuthorities(authorities), token.getIdTokenValue(), token.getAccessTokenValue(), token.getRefreshTokenValue()); @@ -113,6 +109,6 @@ public class OpenIdConnectAuthenticationProvider implements */ @Override public boolean supports(Class authentication) { - return OpenIdConnectAuthenticationToken.class.isAssignableFrom(authentication); + return OIDCAuthenticationToken.class.isAssignableFrom(authentication); } } diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OpenIdConnectAuthenticationToken.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationToken.java similarity index 88% rename from openid-connect-client/src/main/java/org/mitre/openid/connect/client/OpenIdConnectAuthenticationToken.java rename to openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationToken.java index 0a9f18203..7ef755a70 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OpenIdConnectAuthenticationToken.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationToken.java @@ -19,21 +19,18 @@ import java.util.ArrayList; import java.util.Collection; import org.mitre.openid.connect.config.OIDCServerConfiguration; -import org.mitre.openid.connect.model.IdToken; import org.mitre.openid.connect.model.UserInfo; import org.springframework.security.authentication.AbstractAuthenticationToken; import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.SpringSecurityCoreVersion; import com.google.common.collect.ImmutableMap; -import com.google.common.collect.Sets; /** * * @author Michael Walsh, Justin Richer * */ -public class OpenIdConnectAuthenticationToken extends AbstractAuthenticationToken { +public class OIDCAuthenticationToken extends AbstractAuthenticationToken { private static final long serialVersionUID = 22100073066377804L; @@ -48,7 +45,7 @@ public class OpenIdConnectAuthenticationToken extends AbstractAuthenticationToke private final transient UserInfo userInfo; // user info container, don't serialize it b/c it might be huge and can be re-fetched /** - * Constructs OpenIdConnectAuthenticationToken with a full set of authorities, marking this as authenticated. + * Constructs OIDCAuthenticationToken with a full set of authorities, marking this as authenticated. * * Set to authenticated. * @@ -58,7 +55,7 @@ public class OpenIdConnectAuthenticationToken extends AbstractAuthenticationToke * @param principal * @param idToken */ - public OpenIdConnectAuthenticationToken(String userId, String issuer, + public OIDCAuthenticationToken(String userId, String issuer, UserInfo userInfo, Collection authorities, String idTokenValue, String accessTokenValue, String refreshTokenValue) { @@ -78,7 +75,7 @@ public class OpenIdConnectAuthenticationToken extends AbstractAuthenticationToke } /** - * Constructs OpenIdConnectAuthenticationToken for use as a data shuttle from the filter to the auth provider. + * Constructs OIDCAuthenticationToken for use as a data shuttle from the filter to the auth provider. * * Set to not-authenticated. * @@ -86,7 +83,7 @@ public class OpenIdConnectAuthenticationToken extends AbstractAuthenticationToke * @param userId * @param idToken */ - public OpenIdConnectAuthenticationToken(String userId, String issuer, + public OIDCAuthenticationToken(String userId, String issuer, OIDCServerConfiguration serverConfiguration, String idTokenValue, String accessTokenValue, String refreshTokenValue) { diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/UserInfoFetcher.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/UserInfoFetcher.java index 6f678cfa9..1ead26241 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/UserInfoFetcher.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/UserInfoFetcher.java @@ -1,7 +1,5 @@ package org.mitre.openid.connect.client; -import java.net.URI; - import org.apache.http.client.HttpClient; import org.apache.http.impl.client.DefaultHttpClient; import org.mitre.openid.connect.model.DefaultUserInfo; @@ -11,14 +9,12 @@ import org.springframework.util.LinkedMultiValueMap; import org.springframework.util.MultiValueMap; import org.springframework.web.client.RestTemplate; -import com.google.gson.Gson; -import com.google.gson.GsonBuilder; import com.google.gson.JsonObject; import com.google.gson.JsonParser; public class UserInfoFetcher { - public UserInfo loadUserInfo(OpenIdConnectAuthenticationToken token) { + public UserInfo loadUserInfo(OIDCAuthenticationToken token) { HttpClient httpClient = new DefaultHttpClient();