From fbdccdb78e87b77c4bcd0311bc560f7a9c63b96b Mon Sep 17 00:00:00 2001
From: Justin Richer <jricher@mitre.org>
Date: Tue, 5 Jun 2012 16:32:49 -0400
Subject: [PATCH 1/2] added Xrd support (fixes #63), updated configuration
 locations (fixes #47)

---
 .../org/mitre/swd/view/XrdJsonResponse.java   | 90 +++++++++++++++++++
 .../swd/web/SimpleWebDiscoveryEndpoint.java   | 38 +++++---
 .../main/webapp/WEB-INF/spring-servlet.xml    |  3 +
 3 files changed, 121 insertions(+), 10 deletions(-)
 create mode 100644 openid-connect-server/src/main/java/org/mitre/swd/view/XrdJsonResponse.java

diff --git a/openid-connect-server/src/main/java/org/mitre/swd/view/XrdJsonResponse.java b/openid-connect-server/src/main/java/org/mitre/swd/view/XrdJsonResponse.java
new file mode 100644
index 000000000..5f2a69c7b
--- /dev/null
+++ b/openid-connect-server/src/main/java/org/mitre/swd/view/XrdJsonResponse.java
@@ -0,0 +1,90 @@
+/*******************************************************************************
+ * Copyright 2012 The MITRE Corporation
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ ******************************************************************************/
+/**
+ * 
+ */
+package org.mitre.swd.view;
+
+import java.io.Writer;
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.validation.BeanPropertyBindingResult;
+import org.springframework.web.servlet.view.AbstractView;
+
+import com.google.gson.ExclusionStrategy;
+import com.google.gson.FieldAttributes;
+import com.google.gson.Gson;
+import com.google.gson.GsonBuilder;
+import com.google.gson.JsonArray;
+import com.google.gson.JsonObject;
+
+/**
+ * @author jricher
+ *
+ */
+public class XrdJsonResponse extends AbstractView {
+
+	/* (non-Javadoc)
+	 * @see org.springframework.web.servlet.view.AbstractView#renderMergedOutputModel(java.util.Map, javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse)
+	 */
+	@Override
+	protected void renderMergedOutputModel(Map<String, Object> model, HttpServletRequest request, HttpServletResponse response) throws Exception {
+		Gson gson = new GsonBuilder().setExclusionStrategies(new ExclusionStrategy() {
+
+			@Override
+			public boolean shouldSkipField(FieldAttributes f) {
+				return false;
+			}
+
+			@Override
+			public boolean shouldSkipClass(Class<?> clazz) {
+				// skip the JPA binding wrapper
+				if (clazz.equals(BeanPropertyBindingResult.class)) {
+					return true;
+				} else {
+					return false;
+				}
+			}
+
+		})
+		.create();
+
+		response.setContentType("application/json");
+
+		Writer out = response.getWriter();
+
+		Map<String, String> links = (Map<String, String>) model.get("links");
+
+		JsonObject obj = new JsonObject();
+		JsonArray linksList = new JsonArray();
+		obj.add("links", linksList);
+		
+		// map of "rel" -> "link" values
+		for (Map.Entry<String, String> link : links.entrySet()) {
+	        JsonObject l = new JsonObject();
+	        l.addProperty("rel", link.getKey());
+	        l.addProperty("link", link.getValue());
+	        
+	        linksList.add(l);
+        }
+		
+		gson.toJson(obj, out);
+	}
+
+}
diff --git a/openid-connect-server/src/main/java/org/mitre/swd/web/SimpleWebDiscoveryEndpoint.java b/openid-connect-server/src/main/java/org/mitre/swd/web/SimpleWebDiscoveryEndpoint.java
index e20af27ff..9019d0515 100644
--- a/openid-connect-server/src/main/java/org/mitre/swd/web/SimpleWebDiscoveryEndpoint.java
+++ b/openid-connect-server/src/main/java/org/mitre/swd/web/SimpleWebDiscoveryEndpoint.java
@@ -20,7 +20,9 @@ import java.util.Map;
 
 import javax.servlet.http.HttpServletRequest;
 
+import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
 import org.mitre.util.Utility;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
@@ -31,11 +33,14 @@ import com.google.common.collect.Lists;
 @Controller
 public class SimpleWebDiscoveryEndpoint {
 
+	@Autowired
+	ConfigurationPropertiesBean config;
+	
 	@RequestMapping(value="/.well-known/simple-web-discovery", 
 					params={"principal", "service=http://openid.net/specs/connect/1.0/issuer"})
-	public ModelAndView openIdConnectIssuerDiscovery(@RequestParam("principal") String principal, ModelAndView modelAndView, HttpServletRequest request) {
+	public ModelAndView openIdConnectIssuerDiscovery(@RequestParam("principal") String principal, ModelAndView modelAndView) {
 		
-		String baseUrl = Utility.findBaseUrl(request);
+		String baseUrl = config.getIssuer();
 		
 		// look up user, see if they're local
 		// if so, return this server
@@ -51,11 +56,24 @@ public class SimpleWebDiscoveryEndpoint {
 		return modelAndView;
 	}
 	
+	@RequestMapping(value="/.well-known/host-meta",
+			params={"resource", "rel=http://openid.net/specs/connect/1.0/issuer"})
+	public ModelAndView xrdDiscovery(@RequestParam("resource") String resource, ModelAndView modelAndView) {
+		
+		Map<String, String> relMap = new HashMap<String, String>();
+		relMap.put("http://openid.net/specs/connect/1.0/issuer", config.getIssuer());
+		
+		modelAndView.getModel().put("links", relMap);
+		
+		modelAndView.setViewName("jsonXrdResponseView");
+		
+		return modelAndView;
+	}
 
 	@RequestMapping("/.well-known/openid-configuration")
-	public ModelAndView providerConfiguration(ModelAndView modelAndView, HttpServletRequest request) {
+	public ModelAndView providerConfiguration(ModelAndView modelAndView) {
 
-		String baseUrl = Utility.findBaseUrl(request);
+		String baseUrl = config.getIssuer();
 		
 		/*	
 		 * version 	string 	Version of the provider response. "3.0" is the default.
@@ -84,15 +102,15 @@ public class SimpleWebDiscoveryEndpoint {
 		Map<String, Object> m = new HashMap<String, Object>();
 		m.put("version", "3.0");
 		m.put("issuer", baseUrl);
-		m.put("authorization_endpoint", baseUrl + "/authorize");
-		m.put("token_endpoint", baseUrl + "/oauth");
+		m.put("authorization_endpoint", baseUrl + "/openidconnect/auth");
+		m.put("token_endpoint", baseUrl + "/openidconnect/token");
 		m.put("userinfo_endpoint", baseUrl + "/userinfo");
 		m.put("check_id_endpoint", baseUrl + "/checkid");
-		m.put("refresh_session_endpoint", baseUrl + "/refresh_session");
-		m.put("end_session_endpoint", baseUrl + "/end_session");
+		//m.put("refresh_session_endpoint", baseUrl + "/refresh_session");
+		//m.put("end_session_endpoint", baseUrl + "/end_session");
 		m.put("jwk_url", baseUrl + "/jwk");
-		m.put("registration_endpoint", baseUrl + "/register_client");
-		m.put("scopes_supported", Lists.newArrayList("openid"));
+		//m.put("registration_endpoint", baseUrl + "/register_client");
+		m.put("scopes_supported", Lists.newArrayList("openid", "email", "profile", "address", "phone"));
 		m.put("response_types_supported", Lists.newArrayList("code"));
 				
 		
diff --git a/openid-connect-server/src/main/webapp/WEB-INF/spring-servlet.xml b/openid-connect-server/src/main/webapp/WEB-INF/spring-servlet.xml
index 03faf3cb1..adea116a6 100644
--- a/openid-connect-server/src/main/webapp/WEB-INF/spring-servlet.xml
+++ b/openid-connect-server/src/main/webapp/WEB-INF/spring-servlet.xml
@@ -190,8 +190,11 @@
 	<!-- </bean> -->
 
 	<!-- JSON views for each type of model object -->
+	
 	<bean id="jsonOpenIdConfigurationView" class="org.mitre.swd.view.JsonOpenIdConfigurationView" />
 	<bean id="jsonSwdResponseView" class="org.mitre.swd.view.SwdResponse" />
+	<bean id="jsonXrdResponseView" class="org.mitre.swd.view.XrdJsonResponse" />
+	
 	<bean id="jwkKeyList" class="org.mitre.openid.connect.view.JwkKeyListView" />
 
 	<bean id="jsonUserInfoView" class="org.mitre.openid.connect.view.JSONUserInfoView" />

From 7df2663e00bf5526cc9f2eddd7001c535f8e8802 Mon Sep 17 00:00:00 2001
From: Justin Richer <jricher@mitre.org>
Date: Tue, 5 Jun 2012 16:36:11 -0400
Subject: [PATCH 2/2] added final slashification of configuration URLs

---
 .../swd/web/SimpleWebDiscoveryEndpoint.java   | 22 +++++++++++--------
 1 file changed, 13 insertions(+), 9 deletions(-)

diff --git a/openid-connect-server/src/main/java/org/mitre/swd/web/SimpleWebDiscoveryEndpoint.java b/openid-connect-server/src/main/java/org/mitre/swd/web/SimpleWebDiscoveryEndpoint.java
index 9019d0515..eb9599d68 100644
--- a/openid-connect-server/src/main/java/org/mitre/swd/web/SimpleWebDiscoveryEndpoint.java
+++ b/openid-connect-server/src/main/java/org/mitre/swd/web/SimpleWebDiscoveryEndpoint.java
@@ -73,11 +73,9 @@ public class SimpleWebDiscoveryEndpoint {
 	@RequestMapping("/.well-known/openid-configuration")
 	public ModelAndView providerConfiguration(ModelAndView modelAndView) {
 
-		String baseUrl = config.getIssuer();
-		
 		/*	
 		 * version 	string 	Version of the provider response. "3.0" is the default.
-		 * issuer 	string 	The https: URL with no path component that the OP asserts as its Issuer Identifier
+		 * issuer 	string 	The https: URL that the OP asserts as its Issuer Identifier
 		 * authorization_endpoint 	string 	URL of the OP's Authentication and Authorization Endpoint [OpenID.Messages]
 		 * 	token_endpoint 	string 	URL of the OP's OAuth 2.0 Token Endpoint [OpenID.Messages]
 		 * 	userinfo_endpoint 	string 	URL of the OP's UserInfo Endpoint [OpenID.Messages]
@@ -99,16 +97,22 @@ public class SimpleWebDiscoveryEndpoint {
 		 * 	token_endpoint_auth_types_supported 	array 	A JSON array containing a list of authentication types supported by this Token Endpoint. The options are client_secret_post, client_secret_basic, client_secret_jwt, and private_key_jwt, as described in Section 2.2.1 of OpenID Connect Messages 1.0 [OpenID.Messages]. Other Authentication types may be defined by extension. If unspecified or omitted, the default is client_secret_basic HTTP Basic Authentication Scheme as specified in section 2.3.1 of OAuth 2.0 [OAuth2.0].
 		 * 	token_endpoint_auth_algs_supported 	array 	A JSON array containing a list of the JWS [JWS] signing algorithms supported by the Token Endpoint for the private_key_jwt method to encode the JWT [JWT]. Servers SHOULD support RS256.
 		 */
+		String baseUrl = config.getIssuer();
+		
+		if (!baseUrl.endsWith("/")) {
+			baseUrl = baseUrl.concat("/");
+		}
+
 		Map<String, Object> m = new HashMap<String, Object>();
 		m.put("version", "3.0");
-		m.put("issuer", baseUrl);
-		m.put("authorization_endpoint", baseUrl + "/openidconnect/auth");
-		m.put("token_endpoint", baseUrl + "/openidconnect/token");
-		m.put("userinfo_endpoint", baseUrl + "/userinfo");
-		m.put("check_id_endpoint", baseUrl + "/checkid");
+		m.put("issuer", config.getIssuer());
+		m.put("authorization_endpoint", baseUrl + "openidconnect/auth");
+		m.put("token_endpoint", baseUrl + "openidconnect/token");
+		m.put("userinfo_endpoint", baseUrl + "userinfo");
+		m.put("check_id_endpoint", baseUrl + "checkid");
 		//m.put("refresh_session_endpoint", baseUrl + "/refresh_session");
 		//m.put("end_session_endpoint", baseUrl + "/end_session");
-		m.put("jwk_url", baseUrl + "/jwk");
+		m.put("jwk_url", baseUrl + "jwk");
 		//m.put("registration_endpoint", baseUrl + "/register_client");
 		m.put("scopes_supported", Lists.newArrayList("openid", "email", "profile", "address", "phone"));
 		m.put("response_types_supported", Lists.newArrayList("code"));