github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

added randomized view names to lower possibility of conflicting with local views

pull/210/head
Justin Richer 2012-09-10 16:43:45 -04:00
parent d11005fc5f
commit 7aec0dfe80
2 changed files with 71 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

42
openid-connect-client/src/main/java/org/mitre/openid/connect/client/JwkViewResolver.java
View File

@ -18,10 +18,12 @@ import org.springframework.web.servlet.ViewResolver;
*/ */
public class JwkViewResolver implements ViewResolver, Ordered { public class JwkViewResolver implements ViewResolver, Ordered {
private View x509; private String jwkViewName = "jwkKeyList";
private View jwk; private View jwk;
private String x509ViewName = "x509certs";
private View x509;
private int order = HIGHEST_PRECEDENCE; // highest precedence, most specific -- avoids hitting the catch-all view resolvers private int order = HIGHEST_PRECEDENCE; // highest precedence, most specific -- avoids hitting the catch-all view resolvers
/** /**
@ -31,10 +33,10 @@ public class JwkViewResolver implements ViewResolver, Ordered {
@Override @Override
public View resolveViewName(String viewName, Locale locale) throws Exception { public View resolveViewName(String viewName, Locale locale) throws Exception {
if (viewName != null) { if (viewName != null) {
if (viewName.equals("jwkKeyList")) { if (viewName.equals(getJwkViewName())) {
return jwk; return getJwk();
} else if (viewName.equals("x509certs")) { } else if (viewName.equals(getX509ViewName())) {
return x509; return getX509();
} else { } else {
return null; return null;
} }
@ -86,4 +88,32 @@ public class JwkViewResolver implements ViewResolver, Ordered {
this.order = order; this.order = order;
} }
/**
* @return the jwkViewName
*/
public String getJwkViewName() {
return jwkViewName;
}
/**
* @param jwkViewName the jwkViewName to set
*/
public void setJwkViewName(String jwkViewName) {
this.jwkViewName = jwkViewName;
}
/**
* @return the x509ViewName
*/
public String getX509ViewName() {
return x509ViewName;
}
/**
* @param x509ViewName the x509ViewName to set
*/
public void setX509ViewName(String x509ViewName) {
this.x509ViewName = x509ViewName;
}
} }

72
openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCSignedRequestFilter.java
View File

@ -4,6 +4,7 @@ import java.io.IOException;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.util.HashMap; import java.util.HashMap;
import java.util.Map; import java.util.Map;
import java.util.UUID;
import javax.servlet.ServletException; import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
@ -42,6 +43,10 @@ public class OIDCSignedRequestFilter extends AbstractOIDCAuthenticationFilter im
private BeanDefinitionRegistry registry; private BeanDefinitionRegistry registry;
private String jwkViewName = "jwkKeyList";
private String x509ViewName;
protected OIDCSignedRequestFilter() { protected OIDCSignedRequestFilter() {
super(); super();
@ -285,7 +290,7 @@ public class OIDCSignedRequestFilter extends AbstractOIDCAuthenticationFilter im
// TODO: check if keys are empty, return a 404 here or just an empty list? // TODO: check if keys are empty, return a 404 here or just an empty list?
return new ModelAndView("jwkKeyList", "signers", signers); return new ModelAndView(jwkViewName, "signers", signers);
} }
/** /**
@ -298,7 +303,7 @@ public class OIDCSignedRequestFilter extends AbstractOIDCAuthenticationFilter im
// TODO: check if keys are empty, return a 404 here or just an empty list? // TODO: check if keys are empty, return a 404 here or just an empty list?
return new ModelAndView("x509certs", "signers", signers); return new ModelAndView(x509ViewName, "signers", signers);
} }
/** /**
@ -306,48 +311,41 @@ public class OIDCSignedRequestFilter extends AbstractOIDCAuthenticationFilter im
*/ */
@Override @Override
public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException { public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
if (!Strings.isNullOrEmpty(jwkPublishUrl) || !Strings.isNullOrEmpty(getX509PublishUrl())) { if (!Strings.isNullOrEmpty(getJwkPublishUrl()) || !Strings.isNullOrEmpty(getX509PublishUrl())) {
// standard endpoint
/*
BeanDefinitionBuilder jwkBuilder = BeanDefinitionBuilder.rootBeanDefinition(JsonWebKeyEndpoint.class);
jwkBuilder.addPropertyValue("jwtService", signingAndValidationService);
registry.registerBeanDefinition("jwkEndpointController", jwkBuilder.getBeanDefinition());
*/
// add a mapping to this class // add a mapping to this class
BeanDefinitionBuilder clientKeyMapping = BeanDefinitionBuilder.rootBeanDefinition(ClientKeyPublisherMapping.class); BeanDefinitionBuilder clientKeyMapping = BeanDefinitionBuilder.rootBeanDefinition(ClientKeyPublisherMapping.class);
if (!Strings.isNullOrEmpty(jwkPublishUrl)) {
clientKeyMapping.addPropertyValue("jwkPublishUrl", jwkPublishUrl);
}
if (!Strings.isNullOrEmpty(getX509PublishUrl())) {
clientKeyMapping.addPropertyValue("x509PublishUrl", getX509PublishUrl());
}
registry.registerBeanDefinition("clientKeyMapping", clientKeyMapping.getBeanDefinition());
// add views for JWK and x509 formats
BeanDefinitionBuilder jwkView = BeanDefinitionBuilder.rootBeanDefinition(JwkKeyListView.class);
registry.registerBeanDefinition("jwkKeyList", jwkView.getBeanDefinition());
BeanDefinitionBuilder x509View = BeanDefinitionBuilder.rootBeanDefinition(X509CertificateView.class);
registry.registerBeanDefinition("x509certs", x509View.getBeanDefinition());
// custom view resolver // custom view resolver
BeanDefinitionBuilder viewResolver = BeanDefinitionBuilder.rootBeanDefinition(JwkViewResolver.class); BeanDefinitionBuilder viewResolver = BeanDefinitionBuilder.rootBeanDefinition(JwkViewResolver.class);
viewResolver.addPropertyReference("jwk", "jwkKeyList");
viewResolver.addPropertyReference("x509", "x509certs");
registry.registerBeanDefinition("jwkViewResolver", viewResolver.getBeanDefinition());
// Bean name view resolver if (!Strings.isNullOrEmpty(getJwkPublishUrl())) {
/* clientKeyMapping.addPropertyValue("jwkPublishUrl", getJwkPublishUrl());
Map<String, BeanNameViewResolver> resolvers = beanFactory.getBeansOfType(BeanNameViewResolver.class);
if (resolvers.isEmpty()) { // randomize view name to make sure it doesn't conflict with local views
logger.info("Creating view resolver"); jwkViewName = "jwkKeyList-" + UUID.randomUUID().toString();
BeanDefinitionBuilder viewResolverBuilder = BeanDefinitionBuilder.rootBeanDefinition(BeanNameViewResolver.class); viewResolver.addPropertyValue("jwkViewName", jwkViewName);
viewResolverBuilder.addPropertyValue("order", 1);
registry.registerBeanDefinition("beanNameViewResolver", viewResolverBuilder.getBeanDefinition()); // view bean
BeanDefinitionBuilder jwkView = BeanDefinitionBuilder.rootBeanDefinition(JwkKeyListView.class);
registry.registerBeanDefinition("jwkKeyList", jwkView.getBeanDefinition());
viewResolver.addPropertyReference("jwk", "jwkKeyList");
} }
*/
if (!Strings.isNullOrEmpty(getX509PublishUrl())) {
clientKeyMapping.addPropertyValue("x509PublishUrl", getX509PublishUrl());
// randomize view name to make sure it doesn't conflict with local views
x509ViewName = "x509certs-" + UUID.randomUUID().toString();
viewResolver.addPropertyValue("x509ViewName", x509ViewName);
// view bean
BeanDefinitionBuilder x509View = BeanDefinitionBuilder.rootBeanDefinition(X509CertificateView.class);
registry.registerBeanDefinition("x509certs", x509View.getBeanDefinition());
viewResolver.addPropertyReference("x509", "x509certs");
}
registry.registerBeanDefinition("clientKeyMapping", clientKeyMapping.getBeanDefinition());
registry.registerBeanDefinition("jwkViewResolver", viewResolver.getBeanDefinition());
} }