Dominik František Bučík
GitHub
commit
698777f159
|
|
@ -128,8 +128,12 @@
|
||||||
<artifactId>jaxb-runtime</artifactId>
|
<artifactId>jaxb-runtime</artifactId>
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>jakarta.servlet</groupId>
|
<groupId>org.glassfish</groupId>
|
||||||
<artifactId>jakarta.servlet-api</artifactId>
|
<artifactId>javax.servlet</artifactId>
|
||||||
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>org.glassfish.web</groupId>
|
||||||
|
<artifactId>jakarta.servlet.jsp.jstl</artifactId>
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.apache.directory.api</groupId>
|
<groupId>org.apache.directory.api</groupId>
|
||||||
|
|
@ -139,6 +143,10 @@
|
||||||
<groupId>ch.qos.logback</groupId>
|
<groupId>ch.qos.logback</groupId>
|
||||||
<artifactId>logback-classic</artifactId>
|
<artifactId>logback-classic</artifactId>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>ch.qos.logback</groupId>
|
||||||
|
<artifactId>logback-core</artifactId>
|
||||||
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.aspectj</groupId>
|
<groupId>org.aspectj</groupId>
|
||||||
<artifactId>aspectjweaver</artifactId>
|
<artifactId>aspectjweaver</artifactId>
|
||||||
|
|
@ -147,6 +155,10 @@
|
||||||
<groupId>org.projectlombok</groupId>
|
<groupId>org.projectlombok</groupId>
|
||||||
<artifactId>lombok</artifactId>
|
<artifactId>lombok</artifactId>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>javax.persistence</groupId>
|
||||||
|
<artifactId>javax.persistence-api</artifactId>
|
||||||
|
</dependency>
|
||||||
</dependencies>
|
</dependencies>
|
||||||
|
|
||||||
<build>
|
<build>
|
||||||
|
|
|
||||||
|
|
@ -1,7 +1,8 @@
|
||||||
package cz.muni.ics.mdc;
|
package cz.muni.ics.mdc;
|
||||||
|
|
||||||
import java.io.IOException;
|
|
||||||
import javax.servlet.FilterChain;
|
import javax.servlet.FilterChain;
|
||||||
|
import java.io.IOException;
|
||||||
import javax.servlet.ServletException;
|
import javax.servlet.ServletException;
|
||||||
import javax.servlet.ServletRequest;
|
import javax.servlet.ServletRequest;
|
||||||
import javax.servlet.ServletResponse;
|
import javax.servlet.ServletResponse;
|
||||||
|
|
@ -23,7 +24,7 @@ public class MultiMDCFilter extends GenericFilterBean {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
|
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
|
||||||
throws IOException, ServletException
|
throws ServletException, IOException
|
||||||
{
|
{
|
||||||
remoteAddressMDCFilter.doFilter(servletRequest);
|
remoteAddressMDCFilter.doFilter(servletRequest);
|
||||||
sessionIdMDCFilter.doFilter(servletRequest);
|
sessionIdMDCFilter.doFilter(servletRequest);
|
||||||
|
|
|
||||||
|
|
@ -3,6 +3,7 @@ package cz.muni.ics.oidc.server;
|
||||||
import com.google.gson.Gson;
|
import com.google.gson.Gson;
|
||||||
import com.google.gson.JsonElement;
|
import com.google.gson.JsonElement;
|
||||||
import com.google.gson.JsonPrimitive;
|
import com.google.gson.JsonPrimitive;
|
||||||
|
import com.nimbusds.jose.shaded.json.JSONArray;
|
||||||
import com.nimbusds.jose.util.JSONObjectUtils;
|
import com.nimbusds.jose.util.JSONObjectUtils;
|
||||||
import com.nimbusds.jwt.JWTClaimsSet;
|
import com.nimbusds.jwt.JWTClaimsSet;
|
||||||
import cz.muni.ics.oauth2.model.ClientDetailsEntity;
|
import cz.muni.ics.oauth2.model.ClientDetailsEntity;
|
||||||
|
|
@ -15,7 +16,6 @@ import java.text.ParseException;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
import net.minidev.json.JSONArray;
|
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.security.oauth2.provider.OAuth2Request;
|
import org.springframework.security.oauth2.provider.OAuth2Request;
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -25,6 +25,7 @@ import com.google.common.collect.Lists;
|
||||||
import com.google.common.collect.Maps;
|
import com.google.common.collect.Maps;
|
||||||
import com.google.common.collect.Sets;
|
import com.google.common.collect.Sets;
|
||||||
import com.nimbusds.jose.Algorithm;
|
import com.nimbusds.jose.Algorithm;
|
||||||
|
import com.nimbusds.jose.JOSEObjectType;
|
||||||
import com.nimbusds.jose.JWEHeader;
|
import com.nimbusds.jose.JWEHeader;
|
||||||
import com.nimbusds.jose.JWEObject;
|
import com.nimbusds.jose.JWEObject;
|
||||||
import com.nimbusds.jose.JWSAlgorithm;
|
import com.nimbusds.jose.JWSAlgorithm;
|
||||||
|
|
@ -59,7 +60,6 @@ import org.springframework.security.core.AuthenticationException;
|
||||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||||
import org.springframework.security.oauth2.provider.OAuth2Authentication;
|
import org.springframework.security.oauth2.provider.OAuth2Authentication;
|
||||||
import org.springframework.security.oauth2.provider.OAuth2Request;
|
import org.springframework.security.oauth2.provider.OAuth2Request;
|
||||||
import org.springframework.stereotype.Service;
|
|
||||||
/**
|
/**
|
||||||
* Default implementation of service to create specialty OpenID Connect tokens.
|
* Default implementation of service to create specialty OpenID Connect tokens.
|
||||||
*
|
*
|
||||||
|
|
@ -140,7 +140,7 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
|
||||||
if (responseTypes.contains("token")) {
|
if (responseTypes.contains("token")) {
|
||||||
// calculate the token hash
|
// calculate the token hash
|
||||||
Base64URL at_hash = IdTokenHashUtils.getAccessTokenHash(signingAlg, accessToken);
|
Base64URL at_hash = IdTokenHashUtils.getAccessTokenHash(signingAlg, accessToken);
|
||||||
idClaims.claim("at_hash", at_hash);
|
idClaims.claim("at_hash", at_hash.toString());
|
||||||
}
|
}
|
||||||
|
|
||||||
addCustomIdTokenClaims(idClaims, client, request, sub, accessToken);
|
addCustomIdTokenClaims(idClaims, client, request, sub, accessToken);
|
||||||
|
|
@ -166,7 +166,6 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
|
||||||
if (signingAlg.equals(Algorithm.NONE)) {
|
if (signingAlg.equals(Algorithm.NONE)) {
|
||||||
// unsigned ID token
|
// unsigned ID token
|
||||||
idToken = new PlainJWT(idClaims.build());
|
idToken = new PlainJWT(idClaims.build());
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
|
|
||||||
// signed ID token
|
// signed ID token
|
||||||
|
|
@ -175,7 +174,7 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
|
||||||
|| signingAlg.equals(JWSAlgorithm.HS384)
|
|| signingAlg.equals(JWSAlgorithm.HS384)
|
||||||
|| signingAlg.equals(JWSAlgorithm.HS512)) {
|
|| signingAlg.equals(JWSAlgorithm.HS512)) {
|
||||||
|
|
||||||
JWSHeader header = new JWSHeader(signingAlg, null, null, null, null, null, null, null, null, null,
|
JWSHeader header = new JWSHeader(signingAlg, JOSEObjectType.JWT, null, null, null, null, null, null, null, null,
|
||||||
jwtService.getDefaultSignerKeyId(),
|
jwtService.getDefaultSignerKeyId(),
|
||||||
null, null);
|
null, null);
|
||||||
idToken = new SignedJWT(header, idClaims.build());
|
idToken = new SignedJWT(header, idClaims.build());
|
||||||
|
|
@ -187,7 +186,7 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
|
||||||
} else {
|
} else {
|
||||||
idClaims.claim("kid", jwtService.getDefaultSignerKeyId());
|
idClaims.claim("kid", jwtService.getDefaultSignerKeyId());
|
||||||
|
|
||||||
JWSHeader header = new JWSHeader(signingAlg, null, null, null, null, null, null, null, null, null,
|
JWSHeader header = new JWSHeader(signingAlg, JOSEObjectType.JWT, null, null, null, null, null, null, null, null,
|
||||||
jwtService.getDefaultSignerKeyId(),
|
jwtService.getDefaultSignerKeyId(),
|
||||||
null, null);
|
null, null);
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -568,7 +568,7 @@ public class ClientAPI {
|
||||||
newClient.setJwksUri(claimSet.getStringClaim(claim));
|
newClient.setJwksUri(claimSet.getStringClaim(claim));
|
||||||
break;
|
break;
|
||||||
case JWKS:
|
case JWKS:
|
||||||
newClient.setJwks(JWKSet.parse(claimSet.getJSONObjectClaim(claim).toJSONString()));
|
newClient.setJwks(JWKSet.parse(claimSet.getJSONObjectClaim(claim)));
|
||||||
break;
|
break;
|
||||||
case POLICY_URI:
|
case POLICY_URI:
|
||||||
newClient.setPolicyUri(claimSet.getStringClaim(claim));
|
newClient.setPolicyUri(claimSet.getStringClaim(claim));
|
||||||
|
|
|
||||||
|
|
@ -681,7 +681,7 @@ public class DynamicClientRegistrationEndpoint {
|
||||||
newClient.setJwksUri(claimSet.getStringClaim(claim));
|
newClient.setJwksUri(claimSet.getStringClaim(claim));
|
||||||
break;
|
break;
|
||||||
case JWKS:
|
case JWKS:
|
||||||
newClient.setJwks(JWKSet.parse(claimSet.getJSONObjectClaim(claim).toJSONString()));
|
newClient.setJwks(JWKSet.parse(claimSet.getJSONObjectClaim(claim)));
|
||||||
break;
|
break;
|
||||||
case POLICY_URI:
|
case POLICY_URI:
|
||||||
newClient.setPolicyUri(claimSet.getStringClaim(claim));
|
newClient.setPolicyUri(claimSet.getStringClaim(claim));
|
||||||
|
|
|
||||||
62
pom.xml
62
pom.xml
|
|
@ -82,27 +82,28 @@
|
||||||
<!-- Database -->
|
<!-- Database -->
|
||||||
<postgresql.version>42.3.1</postgresql.version>
|
<postgresql.version>42.3.1</postgresql.version>
|
||||||
<mysql.version>8.0.27</mysql.version>
|
<mysql.version>8.0.27</mysql.version>
|
||||||
<hsqldb.version>2.5.2</hsqldb.version>
|
<hsqldb.version>2.6.1</hsqldb.version>
|
||||||
<mariadb-java-client.version>2.7.4</mariadb-java-client.version>
|
<mariadb-java-client.version>2.7.4</mariadb-java-client.version>
|
||||||
<hikari.version>3.4.5</hikari.version>
|
<hikari.version>5.0.0</hikari.version>
|
||||||
<shedlock.version>4.3.1</shedlock.version>
|
<shedlock.version>4.3.1</shedlock.version><!-- CANNOT BE UPGRADED DUE TO SPRING 4 Compatibility -->
|
||||||
<shedlock-spring.version>${shedlock.version}</shedlock-spring.version>
|
<shedlock-spring.version>${shedlock.version}</shedlock-spring.version>
|
||||||
<shedlock-provider-jdbc-template.version>${shedlock.version}</shedlock-provider-jdbc-template.version>
|
<shedlock-provider-jdbc-template.version>${shedlock.version}</shedlock-provider-jdbc-template.version>
|
||||||
|
|
||||||
<!-- Servlet -->
|
<!-- Servlet -->
|
||||||
<jakarta-jstl.version>1.2.6</jakarta-jstl.version>
|
<glassfish-servlet.version>3.1.1</glassfish-servlet.version>
|
||||||
<jakarta-servlet-api.version>4.0.4</jakarta-servlet-api.version>
|
<glassfish-jstl.version>1.2.6</glassfish-jstl.version>
|
||||||
|
|
||||||
<!-- Eclipse -->
|
<!-- Eclipse -->
|
||||||
|
<javax-persistence-api.version>2.2</javax-persistence-api.version>
|
||||||
<eclipse-persistence.version>2.7.9</eclipse-persistence.version>
|
<eclipse-persistence.version>2.7.9</eclipse-persistence.version>
|
||||||
<eclipse-persistence-core.version>${eclipse-persistence.version}</eclipse-persistence-core.version>
|
<eclipse-persistence-core.version>${eclipse-persistence.version}</eclipse-persistence-core.version>
|
||||||
<eclipse-persistence-jpa.version>${eclipse-persistence.version}</eclipse-persistence-jpa.version>
|
<eclipse-persistence-jpa.version>${eclipse-persistence.version}</eclipse-persistence-jpa.version>
|
||||||
|
|
||||||
<!-- LDAP -->
|
<!-- LDAP -->
|
||||||
<apache-directory-api.version>2.1.0</apache-directory-api.version>
|
<apache-ldap-api-all.version>2.1.0</apache-ldap-api-all.version>
|
||||||
|
|
||||||
<!-- Logging -->
|
<!-- Logging -->
|
||||||
<logback.verison>1.2.7</logback.verison>
|
<logback.version>1.2.7</logback.version>
|
||||||
|
|
||||||
<!-- Testing -->
|
<!-- Testing -->
|
||||||
<junit.version>4.13.2</junit.version>
|
<junit.version>4.13.2</junit.version>
|
||||||
|
|
@ -112,7 +113,7 @@
|
||||||
<guava.version>31.0.1-jre</guava.version>
|
<guava.version>31.0.1-jre</guava.version>
|
||||||
<gson.version>2.8.9</gson.version>
|
<gson.version>2.8.9</gson.version>
|
||||||
<httpclient.version>4.5.13</httpclient.version>
|
<httpclient.version>4.5.13</httpclient.version>
|
||||||
<nimbus-jose-jwt.version>8.23</nimbus-jose-jwt.version>
|
<nimbus-jose-jwt.version>9.15.2</nimbus-jose-jwt.version>
|
||||||
<javax-annotation-api.version>1.3.2</javax-annotation-api.version>
|
<javax-annotation-api.version>1.3.2</javax-annotation-api.version>
|
||||||
<jaxb.version>2.3.3</jaxb.version>
|
<jaxb.version>2.3.3</jaxb.version>
|
||||||
<aspectjweaver.version>1.9.7</aspectjweaver.version>
|
<aspectjweaver.version>1.9.7</aspectjweaver.version>
|
||||||
|
|
@ -176,16 +177,14 @@
|
||||||
|
|
||||||
<!-- Servlet -->
|
<!-- Servlet -->
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>jakarta.servlet</groupId>
|
<groupId>org.glassfish</groupId>
|
||||||
<artifactId>jakarta.servlet-api</artifactId>
|
<artifactId>javax.servlet</artifactId>
|
||||||
<version>${jakarta-servlet-api.version}</version>
|
<version>${glassfish-servlet.version}</version>
|
||||||
<scope>provided</scope>
|
|
||||||
</dependency>
|
</dependency>
|
||||||
<!-- Replace this with the 2+ version when migrated to tomcat 10+ -->
|
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.glassfish.web</groupId>
|
<groupId>org.glassfish.web</groupId>
|
||||||
<artifactId>jakarta.servlet.jsp.jstl</artifactId>
|
<artifactId>jakarta.servlet.jsp.jstl</artifactId>
|
||||||
<version>${jakarta-jstl.version}</version>
|
<version>${glassfish-jstl.version}</version>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
|
||||||
<!-- Database -->
|
<!-- Database -->
|
||||||
|
|
@ -209,6 +208,12 @@
|
||||||
<groupId>com.zaxxer</groupId>
|
<groupId>com.zaxxer</groupId>
|
||||||
<artifactId>HikariCP</artifactId>
|
<artifactId>HikariCP</artifactId>
|
||||||
<version>${hikari.version}</version>
|
<version>${hikari.version}</version>
|
||||||
|
<exclusions>
|
||||||
|
<exclusion>
|
||||||
|
<groupId>org.slf4j</groupId>
|
||||||
|
<artifactId>slf4j-api</artifactId>
|
||||||
|
</exclusion>
|
||||||
|
</exclusions>
|
||||||
</dependency>
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.mariadb.jdbc</groupId>
|
<groupId>org.mariadb.jdbc</groupId>
|
||||||
|
|
@ -227,6 +232,12 @@
|
||||||
</dependency>
|
</dependency>
|
||||||
|
|
||||||
<!-- Eclipse Persistence -->
|
<!-- Eclipse Persistence -->
|
||||||
|
<!-- https://mvnrepository.com/artifact/javax.persistence/javax.persistence-api -->
|
||||||
|
<dependency>
|
||||||
|
<groupId>javax.persistence</groupId>
|
||||||
|
<artifactId>javax.persistence-api</artifactId>
|
||||||
|
<version>${javax-persistence-api.version}</version>
|
||||||
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.eclipse.persistence</groupId>
|
<groupId>org.eclipse.persistence</groupId>
|
||||||
<artifactId>org.eclipse.persistence.core</artifactId>
|
<artifactId>org.eclipse.persistence.core</artifactId>
|
||||||
|
|
@ -256,13 +267,12 @@
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>ch.qos.logback</groupId>
|
<groupId>ch.qos.logback</groupId>
|
||||||
<artifactId>logback-classic</artifactId>
|
<artifactId>logback-classic</artifactId>
|
||||||
<version>${logback.verison}</version>
|
<version>${logback.version}</version>
|
||||||
<exclusions>
|
</dependency>
|
||||||
<exclusion>
|
<dependency>
|
||||||
<groupId>org.slf4j</groupId>
|
<groupId>ch.qos.logback</groupId>
|
||||||
<artifactId>slf4j-api</artifactId>
|
<artifactId>logback-core</artifactId>
|
||||||
</exclusion>
|
<version>${logback.version}</version>
|
||||||
</exclusions>
|
|
||||||
</dependency>
|
</dependency>
|
||||||
|
|
||||||
<!-- Other libraries -->
|
<!-- Other libraries -->
|
||||||
|
|
@ -315,7 +325,7 @@
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.apache.directory.api</groupId>
|
<groupId>org.apache.directory.api</groupId>
|
||||||
<artifactId>api-all</artifactId>
|
<artifactId>api-all</artifactId>
|
||||||
<version>${apache-directory-api.version}</version>
|
<version>${apache-ldap-api-all.version}</version>
|
||||||
</dependency>
|
</dependency>
|
||||||
</dependencies>
|
</dependencies>
|
||||||
</dependencyManagement>
|
</dependencyManagement>
|
||||||
|
|
@ -342,6 +352,10 @@
|
||||||
<groupId>org.apache.maven.plugins</groupId>
|
<groupId>org.apache.maven.plugins</groupId>
|
||||||
<artifactId>maven-compiler-plugin</artifactId>
|
<artifactId>maven-compiler-plugin</artifactId>
|
||||||
<version>3.8.1</version>
|
<version>3.8.1</version>
|
||||||
|
<configuration>
|
||||||
|
<source>${java.version}</source>
|
||||||
|
<target>${java.version}</target>
|
||||||
|
</configuration>
|
||||||
</plugin>
|
</plugin>
|
||||||
<plugin>
|
<plugin>
|
||||||
<groupId>org.appfuse.plugins</groupId>
|
<groupId>org.appfuse.plugins</groupId>
|
||||||
|
|
@ -366,10 +380,6 @@
|
||||||
<plugin>
|
<plugin>
|
||||||
<groupId>org.apache.maven.plugins</groupId>
|
<groupId>org.apache.maven.plugins</groupId>
|
||||||
<artifactId>maven-compiler-plugin</artifactId>
|
<artifactId>maven-compiler-plugin</artifactId>
|
||||||
<configuration>
|
|
||||||
<source>${java.version}</source>
|
|
||||||
<target>${java.version}</target>
|
|
||||||
</configuration>
|
|
||||||
</plugin>
|
</plugin>
|
||||||
</plugins>
|
</plugins>
|
||||||
</build>
|
</build>
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue