added randomized view names to lower possibility of conflicting with local views

12 years ago · 7aec0dfe80
parent d11005fc5f
commit 7aec0dfe80
2 changed files with 70 additions and 42 deletions
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/JwkViewResolver.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/JwkViewResolver.java
@ -18,10 +18,12 @@ import org.springframework.web.servlet.ViewResolver;
 */
 public class JwkViewResolver implements ViewResolver, Ordered {

-	private View x509;
-	
+	private String jwkViewName = "jwkKeyList";
 	private View jwk;
 	
+	private String x509ViewName = "x509certs";
+	private View x509;
+	
 	private int order = HIGHEST_PRECEDENCE; // highest precedence, most specific -- avoids hitting the catch-all view resolvers
 	
 	/**
@ -31,10 +33,10 @@ public class JwkViewResolver implements ViewResolver, Ordered {
 	@Override
 	public View resolveViewName(String viewName, Locale locale) throws Exception {
 		if (viewName != null) {
-			if (viewName.equals("jwkKeyList")) {
-				return jwk;
-			} else if (viewName.equals("x509certs")) {
-				return x509;
+			if (viewName.equals(getJwkViewName())) {
+				return getJwk();
+			} else if (viewName.equals(getX509ViewName())) {
+				return getX509();
 			} else {
 				return null;
 			}
@ -86,4 +88,32 @@ public class JwkViewResolver implements ViewResolver, Ordered {
 	    this.order = order;
    }

+	/**
+     * @return the jwkViewName
+     */
+    public String getJwkViewName() {
+	    return jwkViewName;
+    }
+
+	/**
+     * @param jwkViewName the jwkViewName to set
+     */
+    public void setJwkViewName(String jwkViewName) {
+	    this.jwkViewName = jwkViewName;
+    }
+
+	/**
+     * @return the x509ViewName
+     */
+    public String getX509ViewName() {
+	    return x509ViewName;
+    }
+
+	/**
+     * @param x509ViewName the x509ViewName to set
+     */
+    public void setX509ViewName(String x509ViewName) {
+	    this.x509ViewName = x509ViewName;
+    }
+
 }
--- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCSignedRequestFilter.java
+++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCSignedRequestFilter.java
@ -4,6 +4,7 @@ import java.io.IOException;
 import java.security.NoSuchAlgorithmException;
 import java.util.HashMap;
 import java.util.Map;
+import java.util.UUID;

 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
@ -42,6 +43,10 @@ public class OIDCSignedRequestFilter extends AbstractOIDCAuthenticationFilter im

 	private BeanDefinitionRegistry registry;

+	private String jwkViewName = "jwkKeyList";
+
+	private String x509ViewName;
+

 	protected OIDCSignedRequestFilter() {
 		super();
@ -285,7 +290,7 @@ public class OIDCSignedRequestFilter extends AbstractOIDCAuthenticationFilter im

 		// TODO: check if keys are empty, return a 404 here or just an empty list?
 		
-		return new ModelAndView("jwkKeyList", "signers", signers);
+		return new ModelAndView(jwkViewName, "signers", signers);
 	}

 	/**
@ -298,7 +303,7 @@ public class OIDCSignedRequestFilter extends AbstractOIDCAuthenticationFilter im
 		
 		// TODO: check if keys are empty, return a 404 here or just an empty list?
 		
-		return new ModelAndView("x509certs", "signers", signers);
+		return new ModelAndView(x509ViewName, "signers", signers);
 	}
 	
 	/**
@ -306,48 +311,41 @@ public class OIDCSignedRequestFilter extends AbstractOIDCAuthenticationFilter im
     */
    @Override
    public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException {
-		if (!Strings.isNullOrEmpty(jwkPublishUrl) || !Strings.isNullOrEmpty(getX509PublishUrl())) {
-
-			// standard endpoint
-			/*
-			BeanDefinitionBuilder jwkBuilder = BeanDefinitionBuilder.rootBeanDefinition(JsonWebKeyEndpoint.class);
-			jwkBuilder.addPropertyValue("jwtService", signingAndValidationService);			
-			registry.registerBeanDefinition("jwkEndpointController", jwkBuilder.getBeanDefinition());
-			*/
+		if (!Strings.isNullOrEmpty(getJwkPublishUrl()) || !Strings.isNullOrEmpty(getX509PublishUrl())) {

 			// add a mapping to this class
 			BeanDefinitionBuilder clientKeyMapping = BeanDefinitionBuilder.rootBeanDefinition(ClientKeyPublisherMapping.class);
-			if (!Strings.isNullOrEmpty(jwkPublishUrl)) {
-				clientKeyMapping.addPropertyValue("jwkPublishUrl", jwkPublishUrl);
+			// custom view resolver
+			BeanDefinitionBuilder viewResolver = BeanDefinitionBuilder.rootBeanDefinition(JwkViewResolver.class);
+			
+			if (!Strings.isNullOrEmpty(getJwkPublishUrl())) {
+				clientKeyMapping.addPropertyValue("jwkPublishUrl", getJwkPublishUrl());
+
+				// randomize view name to make sure it doesn't conflict with local views
+				jwkViewName = "jwkKeyList-" + UUID.randomUUID().toString();
+				viewResolver.addPropertyValue("jwkViewName", jwkViewName);
+
+				// view bean
+				BeanDefinitionBuilder jwkView = BeanDefinitionBuilder.rootBeanDefinition(JwkKeyListView.class);
+				registry.registerBeanDefinition("jwkKeyList", jwkView.getBeanDefinition());
+				viewResolver.addPropertyReference("jwk", "jwkKeyList");
 			}
+			
 			if (!Strings.isNullOrEmpty(getX509PublishUrl())) {
 				clientKeyMapping.addPropertyValue("x509PublishUrl", getX509PublishUrl());
-			}
-			registry.registerBeanDefinition("clientKeyMapping", clientKeyMapping.getBeanDefinition());
 				
-			// add views for JWK and x509 formats
-			BeanDefinitionBuilder jwkView = BeanDefinitionBuilder.rootBeanDefinition(JwkKeyListView.class);
-			registry.registerBeanDefinition("jwkKeyList", jwkView.getBeanDefinition());
+				// randomize view name to make sure it doesn't conflict with local views
+				x509ViewName = "x509certs-" + UUID.randomUUID().toString();
+				viewResolver.addPropertyValue("x509ViewName", x509ViewName);

+				// view bean
 				BeanDefinitionBuilder x509View = BeanDefinitionBuilder.rootBeanDefinition(X509CertificateView.class);
 				registry.registerBeanDefinition("x509certs", x509View.getBeanDefinition());
-			
-			// custom view resolver
-			BeanDefinitionBuilder viewResolver = BeanDefinitionBuilder.rootBeanDefinition(JwkViewResolver.class);
-			viewResolver.addPropertyReference("jwk", "jwkKeyList");
 				viewResolver.addPropertyReference("x509", "x509certs");
-			registry.registerBeanDefinition("jwkViewResolver", viewResolver.getBeanDefinition());
-			
-			// Bean name view resolver
-			/*
-			Map<String, BeanNameViewResolver> resolvers = beanFactory.getBeansOfType(BeanNameViewResolver.class);			
-			if (resolvers.isEmpty()) {
-				logger.info("Creating view resolver");
-				BeanDefinitionBuilder viewResolverBuilder = BeanDefinitionBuilder.rootBeanDefinition(BeanNameViewResolver.class);
-				viewResolverBuilder.addPropertyValue("order", 1);
-				registry.registerBeanDefinition("beanNameViewResolver", viewResolverBuilder.getBeanDefinition());
 			}
-			*/
+			
+			registry.registerBeanDefinition("clientKeyMapping", clientKeyMapping.getBeanDefinition());
+			registry.registerBeanDefinition("jwkViewResolver", viewResolver.getBeanDefinition());
 			
 		}