github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merged 1.3.1 (build & test green)

pull/1611/head
Andrea Ceccanti 2017-09-21 15:49:50 +02:00
parent 2b1df25aad
commit 7d10337205
210 changed files with 566 additions and 58763 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
View File

@ -308,7 +308,6 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
public void setPermissions(Set<Permission> permissions) {
this.permissions = permissions;
}
>>>>>>> mitre/master
@ManyToOne
@JoinColumn(name="approved_site_id")

4
openid-connect-common/src/main/java/org/mitre/oauth2/service/AuthenticationHolderEntityService.java
View File

@ -2,6 +2,7 @@ package org.mitre.oauth2.service;
import java.util.List;
import org.mitre.data.PageCriteria;
import org.mitre.oauth2.model.AuthenticationHolderEntity;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
@ -12,4 +13,7 @@ public interface AuthenticationHolderEntityService {
void remove(AuthenticationHolderEntity holder);
List<AuthenticationHolderEntity> getOrphanedAuthenticationHolders();
List<AuthenticationHolderEntity> getOrphanedAuthenticationHolders(PageCriteria page);
}

7
openid-connect-common/src/main/java/org/mitre/oauth2/service/impl/DefaultAuthenticationHolderEntityService.java
View File

@ -2,6 +2,7 @@ package org.mitre.oauth2.service.impl;
import java.util.List;
import org.mitre.data.PageCriteria;
import org.mitre.oauth2.model.AuthenticationHolderEntity;
import org.mitre.oauth2.repository.AuthenticationHolderRepository;
import org.mitre.oauth2.service.AuthenticationHolderEntityService;
@ -38,4 +39,10 @@ public class DefaultAuthenticationHolderEntityService implements AuthenticationH
return repo.getOrphanedAuthenticationHolders();
}
@Override
public List<AuthenticationHolderEntity> getOrphanedAuthenticationHolders(
PageCriteria pageCriteria) {
return repo.getOrphanedAuthenticationHolders(pageCriteria);
}
}

12
openid-connect-server-webapp/.gitignore vendored
View File

@ -1,12 +0,0 @@
local-values.conf
target
*~
bin
*.idea
*.iml
*.eml
.project
.settings
.classpath
/target
.springBeans

152
openid-connect-server-webapp/pom.xml
View File

@ -1,152 +0,0 @@
<?xml version="1.0"?>
<!--
Copyright 2017 The MIT Internet Trust Consortium
Portions copyright 2011-2013 The MITRE Corporation
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<modelVersion>4.0.0</modelVersion>
<parent>
<groupId>org.mitre</groupId>
<artifactId>openid-connect-parent</artifactId>
<version>1.3.2.cnaf-SNAPSHOT</version>
</parent>
<artifactId>openid-connect-server-webapp</artifactId>
<packaging>war</packaging>
<name>OpenID Connect Server Webapp</name>
<build>
<plugins>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-compiler-plugin</artifactId>
<configuration>
<source>${java-version}</source>
<target>${java-version}</target>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-war-plugin</artifactId>
<configuration>
<warName>openid-connect-server-webapp</warName>
<webResources>
<resource>
<directory>src/main/webapp</directory>
<filtering>true</filtering>
<includes>
<include>**/*.tag</include>
<include>**/*.jsp</include>
</includes>
</resource>
<resource>
<directory>src/main/webapp</directory>
<filtering>false</filtering>
<excludes>
<exclude>**/*.tag</exclude>
<exclude>**/*.jsp</exclude>
</excludes>
</resource>
</webResources>
<packagingExcludes>less/**</packagingExcludes>
</configuration>
</plugin>
<plugin>
<groupId>org.apache.maven.plugins</groupId>
<artifactId>maven-dependency-plugin</artifactId>
<executions>
<execution>
<id>install</id>
<phase>install</phase>
<goals>
<goal>sources</goal>
</goals>
</execution>
</executions>
</plugin>
<plugin>
<groupId>org.eclipse.jetty</groupId>
<artifactId>jetty-maven-plugin</artifactId>
<configuration>
<war>${project.build.directory}/openid-connect-server-webapp.war</war>
<webAppConfig>
<contextPath>/openid-connect-server-webapp</contextPath>
</webAppConfig>
</configuration>
</plugin>
<plugin>
<groupId>ro.isdc.wro4j</groupId>
<artifactId>wro4j-maven-plugin</artifactId>
<configuration>
<targetGroups>bootstrap,bootstrap-responsive</targetGroups>
<destinationFolder>${project.build.directory}/${project.build.finalName}</destinationFolder>
<cssDestinationFolder>${project.build.directory}/${project.build.finalName}/resources/bootstrap2/css/</cssDestinationFolder>
<jsDestinationFolder>${project.build.directory}/${project.build.finalName}/js/</jsDestinationFolder>
<wroManagerFactory>ro.isdc.wro.maven.plugin.manager.factory.ConfigurableWroManagerFactory</wroManagerFactory>
</configuration>
</plugin>
</plugins>
</build>
<dependencies>
<dependency>
<groupId>org.mitre</groupId>
<artifactId>openid-connect-server</artifactId>
</dependency>
<dependency>
<groupId>org.springframework</groupId>
<artifactId>spring-orm</artifactId>
<exclusions>
<exclusion>
<groupId>commons-logging</groupId>
<artifactId>commons-logging</artifactId>
</exclusion>
</exclusions>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>jcl-over-slf4j</artifactId>
</dependency>
<dependency>
<groupId>org.slf4j</groupId>
<artifactId>slf4j-log4j12</artifactId>
</dependency>
<dependency>
<groupId>log4j</groupId>
<artifactId>log4j</artifactId>
</dependency>
<dependency>
<groupId>org.hsqldb</groupId>
<artifactId>hsqldb</artifactId>
</dependency>
<dependency>
<groupId>org.eclipse.persistence</groupId>
<artifactId>org.eclipse.persistence.jpa</artifactId>
</dependency>
<dependency>
<groupId>org.springframework.security</groupId>
<artifactId>spring-security-taglibs</artifactId>
</dependency>
<dependency>
<groupId>javax.servlet</groupId>
<artifactId>jstl</artifactId>
</dependency>
<dependency>
<groupId>com.zaxxer</groupId>
<artifactId>HikariCP</artifactId>
</dependency>
</dependencies>
<description>Deployable package of the OpenID Connect server</description>
</project>

70
openid-connect-server-webapp/src/main/resources/db/hsql/clients.sql
View File

@ -1,70 +0,0 @@
--
-- Turn off autocommit and start a transaction so that we can use the temp tables
--
SET AUTOCOMMIT FALSE;
START TRANSACTION;
--
-- Insert client information into the temporary tables. To add clients to the HSQL database, edit things here.
--
INSERT INTO client_details_TEMP (client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection) VALUES
('client', 'secret', 'Test Client', false, null, 3600, 600, true);
INSERT INTO client_scope_TEMP (owner_id, scope) VALUES
('client', 'openid'),
('client', 'profile'),
('client', 'email'),
('client', 'address'),
('client', 'phone'),
('client', 'offline_access');
INSERT INTO client_redirect_uri_TEMP (owner_id, redirect_uri) VALUES
('client', 'http://localhost/'),
('client', 'http://localhost:8080/');
INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES
('client', 'authorization_code'),
('client', 'urn:ietf:params:oauth:grant_type:redelegate'),
('client', 'urn:ietf:params:oauth:grant-type:device_code'),
('client', 'implicit'),
('client', 'refresh_token');
--
-- Merge the temporary clients safely into the database. This is a two-step process to keep clients from being created on every startup with a persistent store.
--
MERGE INTO client_details
USING (SELECT client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection FROM client_details_TEMP) AS vals(client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection)
ON vals.client_id = client_details.client_id
WHEN NOT MATCHED THEN
INSERT (client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection) VALUES(client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection);
MERGE INTO client_scope
USING (SELECT id, scope FROM client_scope_TEMP, client_details WHERE client_details.client_id = client_scope_TEMP.owner_id) AS vals(id, scope)
ON vals.id = client_scope.owner_id AND vals.scope = client_scope.scope
WHEN NOT MATCHED THEN
INSERT (owner_id, scope) values (vals.id, vals.scope);
MERGE INTO client_redirect_uri
USING (SELECT id, redirect_uri FROM client_redirect_uri_TEMP, client_details WHERE client_details.client_id = client_redirect_uri_TEMP.owner_id) AS vals(id, redirect_uri)
ON vals.id = client_redirect_uri.owner_id AND vals.redirect_uri = client_redirect_uri.redirect_uri
WHEN NOT MATCHED THEN
INSERT (owner_id, redirect_uri) values (vals.id, vals.redirect_uri);
MERGE INTO client_grant_type
USING (SELECT id, grant_type FROM client_grant_type_TEMP, client_details WHERE client_details.client_id = client_grant_type_TEMP.owner_id) AS vals(id, grant_type)
ON vals.id = client_grant_type.owner_id AND vals.grant_type = client_grant_type.grant_type
WHEN NOT MATCHED THEN
INSERT (owner_id, grant_type) values (vals.id, vals.grant_type);
--
-- Close the transaction and turn autocommit back on
--
COMMIT;
SET AUTOCOMMIT TRUE;

18
openid-connect-server-webapp/src/main/resources/db/hsql/hsql_database_index.sql
View File

@ -1,18 +0,0 @@
--
-- Indexes for HSQLDB
--
CREATE INDEX IF NOT EXISTS at_tv_idx ON access_token(token_value);
CREATE INDEX IF NOT EXISTS ts_oi_idx ON token_scope(owner_id);
CREATE INDEX IF NOT EXISTS at_exp_idx ON access_token(expiration);
CREATE INDEX IF NOT EXISTS rf_ahi_idx ON refresh_token(auth_holder_id);
CREATE INDEX IF NOT EXISTS cd_ci_idx ON client_details(client_id);
CREATE INDEX IF NOT EXISTS at_ahi_idx ON access_token(auth_holder_id);
CREATE INDEX IF NOT EXISTS aha_oi_idx ON authentication_holder_authority(owner_id);
CREATE INDEX IF NOT EXISTS ahe_oi_idx ON authentication_holder_extension(owner_id);
CREATE INDEX IF NOT EXISTS ahrp_oi_idx ON authentication_holder_request_parameter(owner_id);
CREATE INDEX IF NOT EXISTS ahri_oi_idx ON authentication_holder_resource_id(owner_id);
CREATE INDEX IF NOT EXISTS ahrt_oi_idx ON authentication_holder_response_type(owner_id);
CREATE INDEX IF NOT EXISTS ahs_oi_idx ON authentication_holder_scope(owner_id);
CREATE INDEX IF NOT EXISTS ac_ahi_idx ON authorization_code(auth_holder_id);
CREATE INDEX IF NOT EXISTS suaa_oi_idx ON saved_user_auth_authority(owner_id);

391
openid-connect-server-webapp/src/main/resources/db/hsql/hsql_database_tables.sql
View File

@ -1,391 +0,0 @@
--
-- Tables for OIDC Server functionality, HSQL
--
CREATE TABLE IF NOT EXISTS access_token (
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
token_value VARCHAR(4096),
expiration TIMESTAMP,
token_type VARCHAR(256),
refresh_token_id BIGINT,
client_id BIGINT,
auth_holder_id BIGINT,
approved_site_id BIGINT,
UNIQUE(token_value)
);
CREATE TABLE IF NOT EXISTS access_token_permissions (
access_token_id BIGINT NOT NULL,
permission_id BIGINT NOT NULL
);
CREATE TABLE IF NOT EXISTS address (
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
formatted VARCHAR(256),
street_address VARCHAR(256),
locality VARCHAR(256),
region VARCHAR(256),
postal_code VARCHAR(256),
country VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS approved_site (
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
user_id VARCHAR(256),
client_id VARCHAR(256),
creation_date TIMESTAMP,
access_date TIMESTAMP,
timeout_date TIMESTAMP,
whitelisted_site_id BIGINT
);
CREATE TABLE IF NOT EXISTS approved_site_scope (
owner_id BIGINT,
scope VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS authentication_holder (
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
user_auth_id BIGINT,
approved BOOLEAN,
redirect_uri VARCHAR(2048),
client_id VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS authentication_holder_authority (
owner_id BIGINT,
authority VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS authentication_holder_resource_id (
owner_id BIGINT,
resource_id VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS authentication_holder_response_type (
owner_id BIGINT,
response_type VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS authentication_holder_extension (
owner_id BIGINT,
extension VARCHAR(2048),
val VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS authentication_holder_scope (
owner_id BIGINT,
scope VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS authentication_holder_request_parameter (
owner_id BIGINT,
param VARCHAR(2048),
val VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS saved_user_auth (
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
name VARCHAR(1024),
authenticated BOOLEAN,
source_class VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS saved_user_auth_authority (
owner_id BIGINT,
authority VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS saved_user_auth_info (
owner_id BIGINT,
info_key VARCHAR(256),
info_val VARCHAR(256),
UNIQUE(owner_id,info_key)
);
CREATE TABLE IF NOT EXISTS client_authority (
owner_id BIGINT,
authority VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS authorization_code (
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
code VARCHAR(256),
auth_holder_id BIGINT,
expiration TIMESTAMP
);
CREATE TABLE IF NOT EXISTS client_grant_type (
owner_id BIGINT,
grant_type VARCHAR(2000)
);
CREATE TABLE IF NOT EXISTS client_response_type (
owner_id BIGINT,
response_type VARCHAR(2000)
);
CREATE TABLE IF NOT EXISTS blacklisted_site (
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
uri VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS client_details (
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
client_description VARCHAR(1024),
reuse_refresh_tokens BOOLEAN DEFAULT true NOT NULL,
dynamically_registered BOOLEAN DEFAULT false NOT NULL,
allow_introspection BOOLEAN DEFAULT false NOT NULL,
id_token_validity_seconds BIGINT DEFAULT 600 NOT NULL,
device_code_validity_seconds BIGINT,
client_id VARCHAR(256),
client_secret VARCHAR(2048),
access_token_validity_seconds BIGINT,
refresh_token_validity_seconds BIGINT,
application_type VARCHAR(256),
client_name VARCHAR(256),
token_endpoint_auth_method VARCHAR(256),
subject_type VARCHAR(256),
logo_uri VARCHAR(2048),
policy_uri VARCHAR(2048),
client_uri VARCHAR(2048),
tos_uri VARCHAR(2048),
jwks_uri VARCHAR(2048),
jwks VARCHAR(8192),
sector_identifier_uri VARCHAR(2048),
request_object_signing_alg VARCHAR(256),
user_info_signed_response_alg VARCHAR(256),
user_info_encrypted_response_alg VARCHAR(256),
user_info_encrypted_response_enc VARCHAR(256),
id_token_signed_response_alg VARCHAR(256),
id_token_encrypted_response_alg VARCHAR(256),
id_token_encrypted_response_enc VARCHAR(256),
token_endpoint_auth_signing_alg VARCHAR(256),
default_max_age BIGINT,
require_auth_time BOOLEAN,
created_at TIMESTAMP,
initiate_login_uri VARCHAR(2048),
clear_access_tokens_on_refresh BOOLEAN DEFAULT true NOT NULL,
software_statement VARCHAR(4096),
software_id VARCHAR(2048),
software_version VARCHAR(2048),
code_challenge_method VARCHAR(256),
UNIQUE (client_id)
);
CREATE TABLE IF NOT EXISTS client_request_uri (
owner_id BIGINT,
request_uri VARCHAR(2000)
);
CREATE TABLE IF NOT EXISTS client_post_logout_redirect_uri (
owner_id BIGINT,
post_logout_redirect_uri VARCHAR(2000)
);
CREATE TABLE IF NOT EXISTS client_default_acr_value (
owner_id BIGINT,
default_acr_value VARCHAR(2000)
);
CREATE TABLE IF NOT EXISTS client_contact (
owner_id BIGINT,
contact VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS client_redirect_uri (
owner_id BIGINT,
redirect_uri VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS client_claims_redirect_uri (
owner_id BIGINT,
redirect_uri VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS refresh_token (
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
token_value VARCHAR(4096),
expiration TIMESTAMP,
auth_holder_id BIGINT,
client_id BIGINT
);
CREATE TABLE IF NOT EXISTS client_resource (
owner_id BIGINT,
resource_id VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS client_scope (
owner_id BIGINT,
scope VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS token_scope (
owner_id BIGINT,
scope VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS system_scope (
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
scope VARCHAR(256) NOT NULL,
description VARCHAR(4096),
icon VARCHAR(256),
restricted BOOLEAN DEFAULT false NOT NULL,
default_scope BOOLEAN DEFAULT false NOT NULL,
UNIQUE (scope)
);
CREATE TABLE IF NOT EXISTS user_info (
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
sub VARCHAR(256),
preferred_username VARCHAR(256),
name VARCHAR(256),
given_name VARCHAR(256),
family_name VARCHAR(256),
middle_name VARCHAR(256),
nickname VARCHAR(256),
profile VARCHAR(256),
picture VARCHAR(256),
website VARCHAR(256),
email VARCHAR(256),
email_verified BOOLEAN,
gender VARCHAR(256),
zone_info VARCHAR(256),
locale VARCHAR(256),
phone_number VARCHAR(256),
phone_number_verified BOOLEAN,
address_id VARCHAR(256),
updated_time VARCHAR(256),
birthdate VARCHAR(256),
src VARCHAR(4096)
);
CREATE TABLE IF NOT EXISTS whitelisted_site (
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
creator_user_id VARCHAR(256),
client_id VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS whitelisted_site_scope (
owner_id BIGINT,
scope VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS pairwise_identifier (
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
identifier VARCHAR(256),
sub VARCHAR(256),
sector_identifier VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS resource_set (
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
name VARCHAR(1024) NOT NULL,
uri VARCHAR(1024),
icon_uri VARCHAR(1024),
rs_type VARCHAR(256),
owner VARCHAR(256) NOT NULL,
client_id VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS resource_set_scope (
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
);
CREATE TABLE IF NOT EXISTS permission_ticket (
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
ticket VARCHAR(256) NOT NULL,
permission_id BIGINT NOT NULL,
expiration TIMESTAMP
);
CREATE TABLE IF NOT EXISTS permission (
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
resource_set_id BIGINT
);
CREATE TABLE IF NOT EXISTS permission_scope (
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
);
CREATE TABLE IF NOT EXISTS claim (
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
name VARCHAR(256),
friendly_name VARCHAR(1024),
claim_type VARCHAR(1024),
claim_value VARCHAR(1024)
);
CREATE TABLE IF NOT EXISTS claim_to_policy (
policy_id BIGINT NOT NULL,
claim_id BIGINT NOT NULL
);
CREATE TABLE IF NOT EXISTS claim_to_permission_ticket (
permission_ticket_id BIGINT NOT NULL,
claim_id BIGINT NOT NULL
);
CREATE TABLE IF NOT EXISTS policy (
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
name VARCHAR(1024),
resource_set_id BIGINT
);
CREATE TABLE IF NOT EXISTS policy_scope (
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
);
CREATE TABLE IF NOT EXISTS claim_token_format (
owner_id BIGINT NOT NULL,
claim_token_format VARCHAR(1024)
);
CREATE TABLE IF NOT EXISTS claim_issuer (
owner_id BIGINT NOT NULL,
issuer VARCHAR(1024)
);
CREATE TABLE IF NOT EXISTS saved_registered_client (
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
issuer VARCHAR(1024),
registered_client VARCHAR(8192)
);
CREATE TABLE IF NOT EXISTS device_code (
id BIGINT GENERATED BY DEFAULT AS IDENTITY(START WITH 1) PRIMARY KEY,
device_code VARCHAR(1024),
user_code VARCHAR(1024),
expiration TIMESTAMP,
client_id VARCHAR(256),
approved BOOLEAN,
auth_holder_id BIGINT
);
CREATE TABLE IF NOT EXISTS device_code_scope (
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
);
CREATE TABLE IF NOT EXISTS device_code_request_parameter (
owner_id BIGINT,
param VARCHAR(2048),
val VARCHAR(2048)
);

73
openid-connect-server-webapp/src/main/resources/db/hsql/loading_temp_tables.sql
View File

@ -1,73 +0,0 @@
--
-- Temporary tables used during the bootstrapping process to safely load users and clients.
-- These are not needed if you're not using the users.sql/clients.sql files to bootstrap the database.
--
CREATE TEMPORARY TABLE IF NOT EXISTS authorities_TEMP (
username varchar(50) not null,
authority varchar(50) not null,
constraint ix_authority_TEMP unique (username,authority));
CREATE TEMPORARY TABLE IF NOT EXISTS users_TEMP (
username varchar(50) not null primary key,
password varchar(50) not null,
enabled boolean not null);
CREATE TEMPORARY TABLE IF NOT EXISTS user_info_TEMP (
sub VARCHAR(256) not null primary key,
preferred_username VARCHAR(256),
name VARCHAR(256),
given_name VARCHAR(256),
family_name VARCHAR(256),
middle_name VARCHAR(256),
nickname VARCHAR(256),
profile VARCHAR(256),
picture VARCHAR(256),
website VARCHAR(256),
email VARCHAR(256),
email_verified BOOLEAN,
gender VARCHAR(256),
zone_info VARCHAR(256),
locale VARCHAR(256),
phone_number VARCHAR(256),
address_id VARCHAR(256),
updated_time VARCHAR(256),
birthdate VARCHAR(256)
);
CREATE TEMPORARY TABLE IF NOT EXISTS client_details_TEMP (
client_description VARCHAR(256),
dynamically_registered BOOLEAN,
id_token_validity_seconds BIGINT,
client_id VARCHAR(256),
client_secret VARCHAR(2048),
access_token_validity_seconds BIGINT,
refresh_token_validity_seconds BIGINT,
allow_introspection BOOLEAN,
client_name VARCHAR(256)
);
CREATE TEMPORARY TABLE IF NOT EXISTS client_scope_TEMP (
owner_id VARCHAR(256),
scope VARCHAR(2048)
);
CREATE TEMPORARY TABLE IF NOT EXISTS client_redirect_uri_TEMP (
owner_id VARCHAR(256),
redirect_uri VARCHAR(2048)
);
CREATE TEMPORARY TABLE IF NOT EXISTS client_grant_type_TEMP (
owner_id VARCHAR(256),
grant_type VARCHAR(2000)
);
CREATE TEMPORARY TABLE IF NOT EXISTS system_scope_TEMP (
scope VARCHAR(256),
description VARCHAR(4096),
icon VARCHAR(256),
restricted BOOLEAN,
default_scope BOOLEAN
);

33
openid-connect-server-webapp/src/main/resources/db/hsql/scopes.sql
View File

@ -1,33 +0,0 @@
--
-- Turn off autocommit and start a transaction so that we can use the temp tables
--
SET AUTOCOMMIT FALSE;
START TRANSACTION;
--
-- Insert scope information into the temporary tables.
--
INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope) VALUES
('openid', 'log in using your identity', 'user', false, true),
('profile', 'basic profile information', 'list-alt', false, true),
('email', 'email address', 'envelope', false, true),
('address', 'physical address', 'home', false, true),
('phone', 'telephone number', 'bell', false, true),
('offline_access', 'offline access', 'time', false, false);
--
-- Merge the temporary scopes safely into the database. This is a two-step process to keep scopes from being created on every startup with a persistent store.
--
MERGE INTO system_scope
USING (SELECT scope, description, icon, restricted, default_scope FROM system_scope_TEMP) AS vals(scope, description, icon, restricted, default_scope)
ON vals.scope = system_scope.scope
WHEN NOT MATCHED THEN
INSERT (scope, description, icon, restricted, default_scope) VALUES(vals.scope, vals.description, vals.icon, vals.restricted, vals.default_scope);
COMMIT;
SET AUTOCOMMIT TRUE;

14
openid-connect-server-webapp/src/main/resources/db/hsql/security-schema.sql
View File

@ -1,14 +0,0 @@
--
-- Tables for Spring Security's user details service
--
create table IF NOT EXISTS users(
username varchar(50) not null primary key,
password varchar(50) not null,
enabled boolean not null);
create table IF NOT EXISTS authorities (
username varchar(50) not null,
authority varchar(50) not null,
constraint fk_authorities_users foreign key(username) references users(username),
constraint ix_authority unique (username,authority));

59
openid-connect-server-webapp/src/main/resources/db/hsql/users.sql
View File

@ -1,59 +0,0 @@
--
-- Turn off autocommit and start a transaction so that we can use the temp tables
--
SET AUTOCOMMIT FALSE;
START TRANSACTION;
--
-- Insert user information into the temporary tables. To add users to the HSQL database, edit things here.
--
INSERT INTO users_TEMP (username, password, enabled) VALUES
('admin','password',true),
('user','password',true);
INSERT INTO authorities_TEMP (username, authority) VALUES
('admin','ROLE_ADMIN'),
('admin','ROLE_USER'),
('user','ROLE_USER');
-- By default, the username column here has to match the username column in the users table, above
INSERT INTO user_info_TEMP (sub, preferred_username, name, email, email_verified) VALUES
('90342.ASDFJWFA','admin','Demo Admin','admin@example.com', true),
('01921.FLANRJQW','user','Demo User','user@example.com', true);
--
-- Merge the temporary users safely into the database. This is a two-step process to keep users from being created on every startup with a persistent store.
--
MERGE INTO users
USING (SELECT username, password, enabled FROM users_TEMP) AS vals(username, password, enabled)
ON vals.username = users.username
WHEN NOT MATCHED THEN
INSERT (username, password, enabled) VALUES(vals.username, vals.password, vals.enabled);
MERGE INTO authorities
USING (SELECT username, authority FROM authorities_TEMP) AS vals(username, authority)
ON vals.username = authorities.username AND vals.authority = authorities.authority
WHEN NOT MATCHED THEN
INSERT (username,authority) values (vals.username, vals.authority);
MERGE INTO user_info
USING (SELECT sub, preferred_username, name, email, email_verified FROM user_info_TEMP) AS vals(sub, preferred_username, name, email, email_verified)
ON vals.preferred_username = user_info.preferred_username
WHEN NOT MATCHED THEN
INSERT (sub, preferred_username, name, email, email_verified) VALUES (vals.sub, vals.preferred_username, vals.name, vals.email, vals.email_verified);
--
-- Close the transaction and turn autocommit back on
--
COMMIT;
SET AUTOCOMMIT TRUE;

61
openid-connect-server-webapp/src/main/resources/db/mysql/clients.sql
View File

@ -1,61 +0,0 @@
--
-- Turn off autocommit and start a transaction so that we can use the temp tables
--
SET AUTOCOMMIT = 0;
START TRANSACTION;
--
-- Insert client information into the temporary tables. To add clients to the HSQL database, edit things here.
--
INSERT INTO client_details_TEMP (client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection) VALUES
('client', 'secret', 'Test Client', false, null, 3600, 600, true);
INSERT INTO client_scope_TEMP (owner_id, scope) VALUES
('client', 'openid'),
('client', 'profile'),
('client', 'email'),
('client', 'address'),
('client', 'phone'),
('client', 'offline_access');
INSERT INTO client_redirect_uri_TEMP (owner_id, redirect_uri) VALUES
('client', 'http://localhost/'),
('client', 'http://localhost:8080/');
INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES
('client', 'authorization_code'),
('client', 'urn:ietf:params:oauth:grant_type:redelegate'),
('client', 'implicit'),
('client', 'refresh_token');
--
-- Merge the temporary clients safely into the database. This is a two-step process to keep clients from being created on every startup with a persistent store.
--
INSERT INTO client_details (client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection)
SELECT client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection FROM client_details_TEMP
ON DUPLICATE KEY UPDATE client_details.client_id = client_details.client_id;
INSERT INTO client_scope (owner_id, scope)
SELECT id, scope FROM client_scope_TEMP, client_details WHERE client_details.client_id = client_scope_TEMP.owner_id
ON DUPLICATE KEY UPDATE client_scope.owner_id = client_scope.owner_id;
INSERT INTO client_redirect_uri (owner_id, redirect_uri)
SELECT id, redirect_uri FROM client_redirect_uri_TEMP, client_details WHERE client_details.client_id = client_redirect_uri_TEMP.owner_id
ON DUPLICATE KEY UPDATE client_redirect_uri.owner_id = client_redirect_uri.owner_id;
INSERT INTO client_grant_type (owner_id, grant_type)
SELECT id, grant_type FROM client_grant_type_TEMP, client_details WHERE client_details.client_id = client_grant_type_TEMP.owner_id
ON DUPLICATE KEY UPDATE client_grant_type.owner_id = client_grant_type.owner_id;
--
-- Close the transaction and turn autocommit back on
--
COMMIT;
SET AUTOCOMMIT = 1;

18
openid-connect-server-webapp/src/main/resources/db/mysql/mysql_database_index.sql
View File

@ -1,18 +0,0 @@
--
-- Indexes for MySQL
--
CREATE INDEX at_tv_idx ON access_token(token_value(767));
CREATE INDEX ts_oi_idx ON token_scope(owner_id);
CREATE INDEX at_exp_idx ON access_token(expiration);
CREATE INDEX rf_ahi_idx ON refresh_token(auth_holder_id);
CREATE INDEX cd_ci_idx ON client_details(client_id);
CREATE INDEX at_ahi_idx ON access_token(auth_holder_id);
CREATE INDEX aha_oi_idx ON authentication_holder_authority(owner_id);
CREATE INDEX ahe_oi_idx ON authentication_holder_extension(owner_id);
CREATE INDEX ahrp_oi_idx ON authentication_holder_request_parameter(owner_id);
CREATE INDEX ahri_oi_idx ON authentication_holder_resource_id(owner_id);
CREATE INDEX ahrt_oi_idx ON authentication_holder_response_type(owner_id);
CREATE INDEX ahs_oi_idx ON authentication_holder_scope(owner_id);
CREATE INDEX ac_ahi_idx ON authorization_code(auth_holder_id);
CREATE INDEX suaa_oi_idx ON saved_user_auth_authority(owner_id);

390
openid-connect-server-webapp/src/main/resources/db/mysql/mysql_database_tables.sql
View File

@ -1,390 +0,0 @@
--
-- Tables for OIDC Server functionality, MySQL
--
CREATE TABLE IF NOT EXISTS access_token (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
token_value VARCHAR(4096),
expiration TIMESTAMP NULL,
token_type VARCHAR(256),
refresh_token_id BIGINT,
client_id BIGINT,
auth_holder_id BIGINT,
approved_site_id BIGINT
);
CREATE TABLE IF NOT EXISTS access_token_permissions (
access_token_id BIGINT NOT NULL,
permission_id BIGINT NOT NULL
);
CREATE TABLE IF NOT EXISTS address (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
formatted VARCHAR(256),
street_address VARCHAR(256),
locality VARCHAR(256),
region VARCHAR(256),
postal_code VARCHAR(256),
country VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS approved_site (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
user_id VARCHAR(256),
client_id VARCHAR(256),
creation_date TIMESTAMP NULL,
access_date TIMESTAMP NULL,
timeout_date TIMESTAMP NULL,
whitelisted_site_id BIGINT
);
CREATE TABLE IF NOT EXISTS approved_site_scope (
owner_id BIGINT,
scope VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS authentication_holder (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
user_auth_id BIGINT,
approved BOOLEAN,
redirect_uri VARCHAR(2048),
client_id VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS authentication_holder_authority (
owner_id BIGINT,
authority VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS authentication_holder_resource_id (
owner_id BIGINT,
resource_id VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS authentication_holder_response_type (
owner_id BIGINT,
response_type VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS authentication_holder_extension (
owner_id BIGINT,
extension VARCHAR(2048),
val VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS authentication_holder_scope (
owner_id BIGINT,
scope VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS authentication_holder_request_parameter (
owner_id BIGINT,
param VARCHAR(2048),
val VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS saved_user_auth (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
name VARCHAR(1024),
authenticated BOOLEAN,
source_class VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS saved_user_auth_authority (
owner_id BIGINT,
authority VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS saved_user_auth_info (
owner_id BIGINT,
info_key VARCHAR(256),
info_val VARCHAR(256),
UNIQUE(owner_id, info_key)
);
CREATE TABLE IF NOT EXISTS client_authority (
owner_id BIGINT,
authority VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS authorization_code (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
code VARCHAR(256),
auth_holder_id BIGINT,
expiration TIMESTAMP NULL
);
CREATE TABLE IF NOT EXISTS client_grant_type (
owner_id BIGINT,
grant_type VARCHAR(2000)
);
CREATE TABLE IF NOT EXISTS client_response_type (
owner_id BIGINT,
response_type VARCHAR(2000)
);
CREATE TABLE IF NOT EXISTS blacklisted_site (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
uri VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS client_details (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
client_description VARCHAR(1024),
reuse_refresh_tokens BOOLEAN DEFAULT true NOT NULL,
dynamically_registered BOOLEAN DEFAULT false NOT NULL,
allow_introspection BOOLEAN DEFAULT false NOT NULL,
id_token_validity_seconds BIGINT DEFAULT 600 NOT NULL,
device_code_validity_seconds BIGINT,
client_id VARCHAR(256),
client_secret VARCHAR(2048),
access_token_validity_seconds BIGINT,
refresh_token_validity_seconds BIGINT,
application_type VARCHAR(256),
client_name VARCHAR(256),
token_endpoint_auth_method VARCHAR(256),
subject_type VARCHAR(256),
logo_uri VARCHAR(2048),
policy_uri VARCHAR(2048),
client_uri VARCHAR(2048),
tos_uri VARCHAR(2048),
jwks_uri VARCHAR(2048),
jwks VARCHAR(8192),
sector_identifier_uri VARCHAR(2048),
request_object_signing_alg VARCHAR(256),
user_info_signed_response_alg VARCHAR(256),
user_info_encrypted_response_alg VARCHAR(256),
user_info_encrypted_response_enc VARCHAR(256),
id_token_signed_response_alg VARCHAR(256),
id_token_encrypted_response_alg VARCHAR(256),
id_token_encrypted_response_enc VARCHAR(256),
token_endpoint_auth_signing_alg VARCHAR(256),
default_max_age BIGINT,
require_auth_time BOOLEAN,
created_at TIMESTAMP NULL,
initiate_login_uri VARCHAR(2048),
clear_access_tokens_on_refresh BOOLEAN DEFAULT true NOT NULL,
software_statement VARCHAR(4096),
software_id VARCHAR(2048),
software_version VARCHAR(2048),
code_challenge_method VARCHAR(256),
UNIQUE (client_id)
);
CREATE TABLE IF NOT EXISTS client_request_uri (
owner_id BIGINT,
request_uri VARCHAR(2000)
);
CREATE TABLE IF NOT EXISTS client_post_logout_redirect_uri (
owner_id BIGINT,
post_logout_redirect_uri VARCHAR(2000)
);
CREATE TABLE IF NOT EXISTS client_default_acr_value (
owner_id BIGINT,
default_acr_value VARCHAR(2000)
);
CREATE TABLE IF NOT EXISTS client_contact (
owner_id BIGINT,
contact VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS client_redirect_uri (
owner_id BIGINT,
redirect_uri VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS client_claims_redirect_uri (
owner_id BIGINT,
redirect_uri VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS refresh_token (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
token_value VARCHAR(4096),
expiration TIMESTAMP NULL,
auth_holder_id BIGINT,
client_id BIGINT
);
CREATE TABLE IF NOT EXISTS client_resource (
owner_id BIGINT,
resource_id VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS client_scope (
owner_id BIGINT,
scope VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS token_scope (
owner_id BIGINT,
scope VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS system_scope (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
scope VARCHAR(256) NOT NULL,
description VARCHAR(4096),
icon VARCHAR(256),
restricted BOOLEAN DEFAULT false NOT NULL,
default_scope BOOLEAN DEFAULT false NOT NULL,
UNIQUE (scope)
);
CREATE TABLE IF NOT EXISTS user_info (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
sub VARCHAR(256),
preferred_username VARCHAR(256),
name VARCHAR(256),
given_name VARCHAR(256),
family_name VARCHAR(256),
middle_name VARCHAR(256),
nickname VARCHAR(256),
profile VARCHAR(256),
picture VARCHAR(256),
website VARCHAR(256),
email VARCHAR(256),
email_verified BOOLEAN,
gender VARCHAR(256),
zone_info VARCHAR(256),
locale VARCHAR(256),
phone_number VARCHAR(256),
phone_number_verified BOOLEAN,
address_id VARCHAR(256),
updated_time VARCHAR(256),
birthdate VARCHAR(256),
src VARCHAR(4096)
);
CREATE TABLE IF NOT EXISTS whitelisted_site (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
creator_user_id VARCHAR(256),
client_id VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS whitelisted_site_scope (
owner_id BIGINT,
scope VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS pairwise_identifier (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
identifier VARCHAR(256),
sub VARCHAR(256),
sector_identifier VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS resource_set (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
name VARCHAR(1024) NOT NULL,
uri VARCHAR(1024),
icon_uri VARCHAR(1024),
rs_type VARCHAR(256),
owner VARCHAR(256) NOT NULL,
client_id VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS resource_set_scope (
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
);
CREATE TABLE IF NOT EXISTS permission_ticket (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
ticket VARCHAR(256) NOT NULL,
permission_id BIGINT NOT NULL,
expiration TIMESTAMP NULL
);
CREATE TABLE IF NOT EXISTS permission (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
resource_set_id BIGINT
);
CREATE TABLE IF NOT EXISTS permission_scope (
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
);
CREATE TABLE IF NOT EXISTS claim (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
name VARCHAR(256),
friendly_name VARCHAR(1024),
claim_type VARCHAR(1024),
claim_value VARCHAR(1024)
);
CREATE TABLE IF NOT EXISTS claim_to_policy (
policy_id BIGINT NOT NULL,
claim_id BIGINT NOT NULL
);
CREATE TABLE IF NOT EXISTS claim_to_permission_ticket (
permission_ticket_id BIGINT NOT NULL,
claim_id BIGINT NOT NULL
);
CREATE TABLE IF NOT EXISTS policy (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
name VARCHAR(1024),
resource_set_id BIGINT
);
CREATE TABLE IF NOT EXISTS policy_scope (
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
);
CREATE TABLE IF NOT EXISTS claim_token_format (
owner_id BIGINT NOT NULL,
claim_token_format VARCHAR(1024)
);
CREATE TABLE IF NOT EXISTS claim_issuer (
owner_id BIGINT NOT NULL,
issuer VARCHAR(1024)
);
CREATE TABLE IF NOT EXISTS saved_registered_client (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
issuer VARCHAR(1024),
registered_client VARCHAR(8192)
);
CREATE TABLE IF NOT EXISTS device_code (
id BIGINT AUTO_INCREMENT PRIMARY KEY,
device_code VARCHAR(1024),
user_code VARCHAR(1024),
expiration TIMESTAMP NULL,
client_id VARCHAR(256),
approved BOOLEAN,
auth_holder_id BIGINT
);
CREATE TABLE IF NOT EXISTS device_code_scope (
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
);
CREATE TABLE IF NOT EXISTS device_code_request_parameter (
owner_id BIGINT,
param VARCHAR(2048),
val VARCHAR(2048)
);

31
openid-connect-server-webapp/src/main/resources/db/mysql/scopes.sql
View File

@ -1,31 +0,0 @@
--
-- Turn off autocommit and start a transaction so that we can use the temp tables
--
SET AUTOCOMMIT = 0;
START TRANSACTION;
--
-- Insert scope information into the temporary tables.
--
INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES
('openid', 'log in using your identity', 'user', false, true, false, null),
('profile', 'basic profile information', 'list-alt', false, true, false, null),
('email', 'email address', 'envelope', false, true, false, null),
('address', 'physical address', 'home', false, true, false, null),
('phone', 'telephone number', 'bell', false, true, false, null),
('offline_access', 'offline access', 'time', false, false, false, null);
--
-- Merge the temporary scopes safely into the database. This is a two-step process to keep scopes from being created on every startup with a persistent store.
--
INSERT INTO system_scope (scope, description, icon, restricted, default_scope, structured, structured_param_description)
SELECT scope, description, icon, restricted, default_scope, structured, structured_param_description FROM system_scope_TEMP
ON DUPLICATE KEY UPDATE system_scope.scope = system_scope.scope;
COMMIT;
SET AUTOCOMMIT = 1;

14
openid-connect-server-webapp/src/main/resources/db/mysql/security-schema.sql
View File

@ -1,14 +0,0 @@
--
-- Tables for Spring Security's user details service
--
create table IF NOT EXISTS users(
username varchar(50) not null primary key,
password varchar(50) not null,
enabled boolean not null);
create table IF NOT EXISTS authorities (
username varchar(50) not null,
authority varchar(50) not null,
constraint fk_authorities_users foreign key(username) references users(username),
constraint ix_authority unique (username,authority));

52
openid-connect-server-webapp/src/main/resources/db/mysql/users.sql
View File

@ -1,52 +0,0 @@
--
-- Turn off autocommit and start a transaction so that we can use the temp tables
--
SET AUTOCOMMIT = 0;
START TRANSACTION;
--
-- Insert user information into the temporary tables. To add users to the HSQL database, edit things here.
--
INSERT INTO users_TEMP (username, password, enabled) VALUES
('admin','password',true),
('user','password',true);
INSERT INTO authorities_TEMP (username, authority) VALUES
('admin','ROLE_ADMIN'),
('admin','ROLE_USER'),
('user','ROLE_USER');
-- By default, the username column here has to match the username column in the users table, above
INSERT INTO user_info_TEMP (sub, preferred_username, name, email, email_verified) VALUES
('90342.ASDFJWFA','admin','Demo Admin','admin@example.com', true),
('01921.FLANRJQW','user','Demo User','user@example.com', true);
--
-- Merge the temporary users safely into the database. This is a two-step process to keep users from being created on every startup with a persistent store.
--
INSERT INTO users (username, password, enabled)
SELECT username, password, enabled FROM users_TEMP
ON DUPLICATE KEY UPDATE users.username = users.username;
INSERT INTO authorities (username,authority)
SELECT username, authority FROM authorities_TEMP
ON DUPLICATE KEY UPDATE authorities.username = authorities.username;
INSERT INTO user_info (sub, preferred_username, name, email, email_verified)
SELECT sub, preferred_username, name, email, email_verified FROM user_info_TEMP
ON DUPLICATE KEY UPDATE user_info.preferred_username = user_info.preferred_username;
--
-- Close the transaction and turn autocommit back on
--
COMMIT;
SET AUTOCOMMIT = 1;

51
openid-connect-server-webapp/src/main/resources/db/oracle/clients_oracle.sql
View File

@ -1,51 +0,0 @@
--
-- Insert client information into the temporary tables. To add clients to the Oracle database, edit things here.
--
INSERT INTO client_details_TEMP (client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection) VALUES
('client', 'secret', 'Test Client', 0, null, 3600, 600, 1);
INSERT INTO client_scope_TEMP (owner_id, scope) VALUES ('client', 'openid');
INSERT INTO client_scope_TEMP (owner_id, scope) VALUES ('client', 'profile');
INSERT INTO client_scope_TEMP (owner_id, scope) VALUES ('client', 'email');
INSERT INTO client_scope_TEMP (owner_id, scope) VALUES ('client', 'address');
INSERT INTO client_scope_TEMP (owner_id, scope) VALUES ('client', 'phone');
INSERT INTO client_scope_TEMP (owner_id, scope) VALUES ('client', 'offline_access');
INSERT INTO client_redirect_uri_TEMP (owner_id, redirect_uri) VALUES ('client', 'http://localhost/');
INSERT INTO client_redirect_uri_TEMP (owner_id, redirect_uri) VALUES ('client', 'http://localhost:8080/');
INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES ('client', 'authorization_code');
INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES ('client', 'urn:ietf:params:oauth:grant_type:redelegate');
INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES ('client', 'implicit');
INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES ('client', 'refresh_token');
--
-- Merge the temporary clients safely into the database. This is a two-step process to keep clients from being created on every startup with a persistent store.
--
MERGE INTO client_details
USING (SELECT client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection FROM client_details_TEMP) vals
ON (vals.client_id = client_details.client_id)
WHEN NOT MATCHED THEN
INSERT (id, client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds,
id_token_validity_seconds, allow_introspection) VALUES(client_details_seq.nextval, vals.client_id, vals.client_secret, vals.client_name, vals.dynamically_registered,
vals.refresh_token_validity_seconds, vals.access_token_validity_seconds, vals.id_token_validity_seconds, vals.allow_introspection);
MERGE INTO client_scope
USING (SELECT id, scope FROM client_scope_TEMP, client_details WHERE client_details.client_id = client_scope_TEMP.owner_id) vals
ON (vals.id = client_scope.owner_id AND vals.scope = client_scope.scope)
WHEN NOT MATCHED THEN
INSERT (owner_id, scope) values (vals.id, vals.scope);
MERGE INTO client_redirect_uri
USING (SELECT id, redirect_uri FROM client_redirect_uri_TEMP, client_details WHERE client_details.client_id = client_redirect_uri_TEMP.owner_id) vals
ON (vals.id = client_redirect_uri.owner_id AND vals.redirect_uri = client_redirect_uri.redirect_uri)
WHEN NOT MATCHED THEN
INSERT (owner_id, redirect_uri) values (vals.id, vals.redirect_uri);
MERGE INTO client_grant_type
USING (SELECT id, grant_type FROM client_grant_type_TEMP, client_details WHERE client_details.client_id = client_grant_type_TEMP.owner_id) vals
ON (vals.id = client_grant_type.owner_id AND vals.grant_type = client_grant_type.grant_type)
WHEN NOT MATCHED THEN
INSERT (owner_id, grant_type) values (vals.id, vals.grant_type);

281
openid-connect-server-webapp/src/main/resources/db/oracle/entity-mappings_oracle.xml
View File

@ -1,281 +0,0 @@
<!--
Copyright 2017 The MIT Internet Trust Consortium
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<entity-mappings xmlns="http://xmlns.jcp.org/xml/ns/persistence/orm"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://xmlns.jcp.org/xml/ns/persistence/orm http://xmlns.jcp.org/xml/ns/persistence/orm_2_0.xsd"
version="2.1">
<description>OpenID Connect Server entities</description>
<entity class="org.mitre.oauth2.model.AuthenticationHolderEntity" name="AuthenticationHolderEntity">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="AuthenticationHolderSequenceGenerator"/>
<sequence-generator name="AuthenticationHolderSequenceGenerator" sequence-name="authentication_holder_seq" allocation-size="1"/>
<column name="id"/>
</id>
<!-- table name too long: authentication_holder_authority -->
<element-collection fetch="EAGER" name="authorities">
<collection-table name="auth_holder_authority">
<join-column name="owner_id"/>
</collection-table>
<convert converter="org.mitre.oauth2.model.convert.SimpleGrantedAuthorityStringConverter"/>
<column name="authority"/>
</element-collection>
<!-- table name too long: authentication_holder_resource_id -->
<element-collection fetch="EAGER" name="resourceIds">
<collection-table name="auth_holder_resource_id">
<join-column name="owner_id"/>
</collection-table>
<column name="resource_id"/>
</element-collection>
<!-- table name too long: authentication_holder_response_type -->
<element-collection fetch="EAGER" name="responseTypes">
<collection-table name="auth_holder_response_type">
<join-column name="owner_id"/>
</collection-table>
<column name="response_type"/>
</element-collection>
<!-- table name too long: authentication_holder_extension -->
<element-collection fetch="EAGER" name="extensions">
<collection-table name="auth_holder_extension">
<join-column name="owner_id"/>
</collection-table>
<column name="val"/>
<map-key-column name="extension"/>
<convert converter="org.mitre.oauth2.model.convert.SerializableStringConverter"/>
</element-collection>
<!-- table name too long: authentication_holder_request_parameter -->
<element-collection fetch="EAGER" name="requestParameters">
<collection-table name="auth_holder_request_parameter">
<join-column name="owner_id"/>
</collection-table>
<column name="val"/>
<map-key-column name="param"/>
</element-collection>
</attributes>
</entity>
<entity class="org.mitre.oauth2.model.AuthorizationCodeEntity" name="AuthorizationCodeEntity">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="AuthorizationCodeSequenceGenerator"/>
<sequence-generator name="AuthorizationCodeSequenceGenerator" sequence-name="authorization_code_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
<entity class="org.mitre.oauth2.model.ClientDetailsEntity" name="ClientDetailsEntity">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="ClientDetailsSequenceGenerator"/>
<sequence-generator name="ClientDetailsSequenceGenerator" sequence-name="client_details_seq" allocation-size="1"/>
<column name="id"/>
</id>
<!-- column name too long: user_info_encrypted_response_alg -->
<basic name="userInfoEncryptedResponseAlg">
<column name="user_info_encrypted_resp_alg"/>
<convert converter="org.mitre.oauth2.model.convert.JWEAlgorithmStringConverter"/>
</basic>
<!-- column name too long: user_info_encrypted_response_enc -->
<basic name="userInfoEncryptedResponseEnc">
<column name="user_info_encrypted_resp_enc"/>
<convert converter="org.mitre.oauth2.model.convert.JWEEncryptionMethodStringConverter"/>
</basic>
<!-- column name too long: id_token_encrypted_response_alg -->
<basic name="idTokenEncryptedResponseAlg">
<column name="id_token_encrypted_resp_alg"/>
<convert converter="org.mitre.oauth2.model.convert.JWEAlgorithmStringConverter"/>
</basic>
<!-- column name too long: id_token_encrypted_response_enc -->
<basic name="idTokenEncryptedResponseEnc">
<column name="id_token_encrypted_resp_enc"/>
<convert converter="org.mitre.oauth2.model.convert.JWEEncryptionMethodStringConverter"/>
</basic>
<!-- column name too long: token_endpoint_auth_signing_alg -->
<basic name="tokenEndpointAuthSigningAlg">
<column name="token_endpoint_auth_sign_alg"/>
<convert converter="org.mitre.oauth2.model.convert.JWSAlgorithmStringConverter"/>
</basic>
<!-- table name too long: client_post_logout_redirect_uri -->
<element-collection fetch="EAGER" name="postLogoutRedirectUris">
<collection-table name="client_post_logout_redir_uri">
<join-column name="owner_id"/>
</collection-table>
<column name="post_logout_redirect_uri"/>
</element-collection>
</attributes>
</entity>
<entity class="org.mitre.oauth2.model.OAuth2AccessTokenEntity" name="OAuth2AccessTokenEntity">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="OAuth2AccessTokenSequenceGenerator"/>
<sequence-generator name="OAuth2AccessTokenSequenceGenerator" sequence-name="access_token_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
<entity class="org.mitre.oauth2.model.OAuth2RefreshTokenEntity" name="OAuth2RefreshTokenEntity">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="OAuth2RefreshTokenSequenceGenerator"/>
<sequence-generator name="OAuth2RefreshTokenSequenceGenerator" sequence-name="refresh_token_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
<entity class="org.mitre.oauth2.model.SavedUserAuthentication" name="SavedUserAuthentication">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="SavedUserAuthenticationSequenceGenerator"/>
<sequence-generator name="SavedUserAuthenticationSequenceGenerator" sequence-name="saved_user_auth_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
<entity class="org.mitre.oauth2.model.SystemScope" name="SystemScope">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="SystemScopeSequenceGenerator"/>
<sequence-generator name="SystemScopeSequenceGenerator" sequence-name="system_scope_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
<entity class="org.mitre.openid.connect.model.ApprovedSite" name="ApprovedSite">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="ApprovedSiteSequenceGenerator"/>
<sequence-generator name="ApprovedSiteSequenceGenerator" sequence-name="approved_site_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
<entity class="org.mitre.openid.connect.model.BlacklistedSite" name="BlacklistedSite">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="BlacklistedSiteSequenceGenerator"/>
<sequence-generator name="BlacklistedSiteSequenceGenerator" sequence-name="blacklisted_site_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
<entity class="org.mitre.openid.connect.model.PairwiseIdentifier" name="PairwiseIdentifier">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="PairwiseIdentifierSequenceGenerator"/>
<sequence-generator name="PairwiseIdentifierSequenceGenerator" sequence-name="pairwise_identifier_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
<entity class="org.mitre.openid.connect.model.WhitelistedSite" name="WhitelistedSite">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="WhitelistedSiteSequenceGenerator"/>
<sequence-generator name="WhitelistedSiteSequenceGenerator" sequence-name="whitelisted_site_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
<entity class="org.mitre.uma.model.Claim" name="Claim">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="ClaimSequenceGenerator"/>
<sequence-generator name="ClaimSequenceGenerator" sequence-name="claim_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
<entity class="org.mitre.uma.model.Permission" name="Permission">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="PermissionSequenceGenerator"/>
<sequence-generator name="PermissionSequenceGenerator" sequence-name="permission_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
<entity class="org.mitre.uma.model.PermissionTicket" name="PermissionTicket">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="PermissionTicketSequenceGenerator"/>
<sequence-generator name="PermissionTicketSequenceGenerator" sequence-name="permission_ticket_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
<entity class="org.mitre.uma.model.Policy" name="Policy">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="PolicySequenceGenerator"/>
<sequence-generator name="PolicySequenceGenerator" sequence-name="policy_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
<entity class="org.mitre.uma.model.ResourceSet" name="ResourceSet">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="ResourceSetSequenceGenerator"/>
<sequence-generator name="ResourceSetSequenceGenerator" sequence-name="resource_set_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
<entity class="org.mitre.uma.model.SavedRegisteredClient" name="SavedRegisteredClient">
<attributes>
<!-- changing generated value to sequence strategy (Oracle doesn't support identity) -->
<id name="id">
<generated-value strategy="SEQUENCE" generator="SavedRegisteredClientSequenceGenerator"/>
<sequence-generator name="SavedRegisteredClientSequenceGenerator" sequence-name="saved_registered_client_seq" allocation-size="1"/>
<column name="id"/>
</id>
</attributes>
</entity>
</entity-mappings>

77
openid-connect-server-webapp/src/main/resources/db/oracle/loading_temp_tables_oracle.sql
View File

@ -1,77 +0,0 @@
--
-- Temporary tables used during the bootstrapping process to safely load users and clients.
-- These are not needed if you're not using the users.sql/clients.sql files to bootstrap the database.
--
CREATE GLOBAL TEMPORARY TABLE authorities_TEMP (
username varchar2(50) not null,
authority varchar2(50) not null,
constraint ix_authority_TEMP unique (username,authority)
) ON COMMIT PRESERVE ROWS;
CREATE GLOBAL TEMPORARY TABLE users_TEMP (
username VARCHAR2(50) not null primary key,
password VARCHAR2(50) not null,
enabled NUMBER(1) not null
) ON COMMIT PRESERVE ROWS;
CREATE GLOBAL TEMPORARY TABLE user_info_TEMP (
sub VARCHAR2(256) not null primary key,
preferred_username VARCHAR2(256),
name VARCHAR2(256),
given_name VARCHAR2(256),
family_name VARCHAR2(256),
middle_name VARCHAR2(256),
nickname VARCHAR2(256),
profile VARCHAR2(256),
picture VARCHAR2(256),
website VARCHAR2(256),
email VARCHAR2(256),
email_verified NUMBER(1),
gender VARCHAR2(256),
zone_info VARCHAR2(256),
locale VARCHAR2(256),
phone_number VARCHAR2(256),
address_id VARCHAR2(256),
updated_time VARCHAR2(256),
birthdate VARCHAR2(256)
) ON COMMIT PRESERVE ROWS;
CREATE GLOBAL TEMPORARY TABLE client_details_TEMP (
client_description VARCHAR2(256),
dynamically_registered NUMBER(1),
id_token_validity_seconds NUMBER(19),
client_id VARCHAR2(256),
client_secret VARCHAR2(2048),
access_token_validity_seconds NUMBER(19),
refresh_token_validity_seconds NUMBER(19),
allow_introspection NUMBER(1),
client_name VARCHAR2(256)
) ON COMMIT PRESERVE ROWS;
CREATE GLOBAL TEMPORARY TABLE client_scope_TEMP (
owner_id VARCHAR2(256),
scope VARCHAR2(2048)
) ON COMMIT PRESERVE ROWS;
CREATE GLOBAL TEMPORARY TABLE client_redirect_uri_TEMP (
owner_id VARCHAR2(256),
redirect_uri VARCHAR2(2048)
) ON COMMIT PRESERVE ROWS;
CREATE GLOBAL TEMPORARY TABLE client_grant_type_TEMP (
owner_id VARCHAR2(256),
grant_type VARCHAR2(2000)
) ON COMMIT PRESERVE ROWS;
CREATE GLOBAL TEMPORARY TABLE system_scope_TEMP (
scope VARCHAR2(256),
description VARCHAR2(4000),
icon VARCHAR2(256),
restricted NUMBER(1),
default_scope NUMBER(1),
structured NUMBER(1),
structured_param_description VARCHAR2(256)
) ON COMMIT PRESERVE ROWS;

17
openid-connect-server-webapp/src/main/resources/db/oracle/oracle_database_index.sql
View File

@ -1,17 +0,0 @@
--
-- Indexes for Oracle
--
CREATE INDEX at_tv_idx ON access_token(token_value);
CREATE INDEX ts_oi_idx ON token_scope(owner_id);
CREATE INDEX at_exp_idx ON access_token(expiration);
CREATE INDEX rf_ahi_idx ON refresh_token(auth_holder_id);
CREATE INDEX at_ahi_idx ON access_token(auth_holder_id);
CREATE INDEX aha_oi_idx ON authentication_holder_authority(owner_id);
CREATE INDEX ahe_oi_idx ON authentication_holder_extension(owner_id);
CREATE INDEX ahrp_oi_idx ON authentication_holder_request_parameter(owner_id);
CREATE INDEX ahri_oi_idx ON authentication_holder_resource_id(owner_id);
CREATE INDEX ahrt_oi_idx ON authentication_holder_response_type(owner_id);
CREATE INDEX ahs_oi_idx ON authentication_holder_scope(owner_id);
CREATE INDEX ac_ahi_idx ON authorization_code(auth_holder_id);
CREATE INDEX suaa_oi_idx ON saved_user_auth_authority(owner_id);

420
openid-connect-server-webapp/src/main/resources/db/oracle/oracle_database_tables.sql
View File

@ -1,420 +0,0 @@
--
-- Tables for OIDC Server functionality, Oracle
--
CREATE TABLE access_token (
id NUMBER(19) NOT NULL PRIMARY KEY,
token_value VARCHAR2(4000),
expiration TIMESTAMP,
token_type VARCHAR2(256),
refresh_token_id NUMBER(19),
client_id NUMBER(19),
auth_holder_id NUMBER(19),
approved_site_id NUMBER(19)
);
CREATE SEQUENCE access_token_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE access_token_permissions (
access_token_id NUMBER(19) NOT NULL,
permission_id NUMBER(19) NOT NULL
);
CREATE TABLE address (
id NUMBER(19) NOT NULL PRIMARY KEY,
formatted VARCHAR2(256),
street_address VARCHAR2(256),
locality VARCHAR2(256),
region VARCHAR2(256),
postal_code VARCHAR2(256),
country VARCHAR2(256)
);
CREATE SEQUENCE address_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE approved_site (
id NUMBER(19) NOT NULL PRIMARY KEY,
user_id VARCHAR2(256),
client_id VARCHAR2(256),
creation_date TIMESTAMP,
access_date TIMESTAMP,
timeout_date TIMESTAMP,
whitelisted_site_id NUMBER(19)
);
CREATE SEQUENCE approved_site_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE approved_site_scope (
owner_id NUMBER(19),
scope VARCHAR2(256)
);
CREATE TABLE authentication_holder (
id NUMBER(19) NOT NULL PRIMARY KEY,
user_auth_id NUMBER(19),
approved NUMBER(1),
redirect_uri VARCHAR2(2048),
client_id VARCHAR2(256),
CONSTRAINT approved_check CHECK (approved in (1,0))
);
CREATE SEQUENCE authentication_holder_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE auth_holder_authority (
owner_id NUMBER(19),
authority VARCHAR2(256)
);
CREATE TABLE auth_holder_resource_id (
owner_id NUMBER(19),
resource_id VARCHAR2(2048)
);
CREATE TABLE auth_holder_response_type (
owner_id NUMBER(19),
response_type VARCHAR2(2048)
);
CREATE TABLE auth_holder_extension (
owner_id NUMBER(19),
extension VARCHAR2(2048),
val VARCHAR2(2048)
);
CREATE TABLE authentication_holder_scope (
owner_id NUMBER(19),
scope VARCHAR2(2048)
);
CREATE TABLE auth_holder_request_parameter (
owner_id NUMBER(19),
param VARCHAR2(2048),
val VARCHAR2(2048)
);
CREATE TABLE saved_user_auth (
id NUMBER(19) NOT NULL PRIMARY KEY,
name VARCHAR2(1024),
authenticated NUMBER(1),
source_class VARCHAR2(2048),
CONSTRAINT authenticated_check CHECK (authenticated in (1,0))
);
CREATE SEQUENCE saved_user_auth_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE saved_user_auth_authority (
owner_id NUMBER(19),
authority VARCHAR2(256)
);
CREATE TABLE client_authority (
owner_id NUMBER(19),
authority VARCHAR2(256)
);
CREATE TABLE authorization_code (
id NUMBER(19) NOT NULL PRIMARY KEY,
code VARCHAR2(256),
auth_holder_id NUMBER(19),
expiration TIMESTAMP
);
CREATE SEQUENCE authorization_code_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE client_grant_type (
owner_id NUMBER(19),
grant_type VARCHAR2(2000)
);
CREATE TABLE client_response_type (
owner_id NUMBER(19),
response_type VARCHAR2(2000)
);
CREATE TABLE blacklisted_site (
id NUMBER(19) NOT NULL PRIMARY KEY,
uri VARCHAR2(2048)
);
CREATE SEQUENCE blacklisted_site_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE client_details (
id NUMBER(19) NOT NULL PRIMARY KEY,
client_description VARCHAR2(1024),
reuse_refresh_tokens NUMBER(1) DEFAULT 1 NOT NULL,
dynamically_registered NUMBER(1) DEFAULT 0 NOT NULL,
allow_introspection NUMBER(1) DEFAULT 0 NOT NULL,
id_token_validity_seconds NUMBER(19) DEFAULT 600 NOT NULL,
client_id VARCHAR2(256),
client_secret VARCHAR2(2048),
access_token_validity_seconds NUMBER(19),
refresh_token_validity_seconds NUMBER(19),
device_code_validity_seconds NUMBER(19),
application_type VARCHAR2(256),
client_name VARCHAR2(256),
token_endpoint_auth_method VARCHAR2(256),
subject_type VARCHAR2(256),
logo_uri VARCHAR2(2048),
policy_uri VARCHAR2(2048),
client_uri VARCHAR2(2048),
tos_uri VARCHAR2(2048),
jwks_uri VARCHAR2(2048),
jwks CLOB,
sector_identifier_uri VARCHAR2(2048),
request_object_signing_alg VARCHAR2(256),
user_info_signed_response_alg VARCHAR2(256),
user_info_encrypted_resp_alg VARCHAR2(256),
user_info_encrypted_resp_enc VARCHAR2(256),
id_token_signed_response_alg VARCHAR2(256),
id_token_encrypted_resp_alg VARCHAR2(256),
id_token_encrypted_resp_enc VARCHAR2(256),
token_endpoint_auth_sign_alg VARCHAR2(256),
default_max_age NUMBER(19),
require_auth_time NUMBER(1),
created_at TIMESTAMP,
initiate_login_uri VARCHAR2(2048),
clear_access_tokens_on_refresh NUMBER(1) DEFAULT 1 NOT NULL,
software_statement VARCHAR(4096),
software_id VARCHAR(2048),
software_statement VARCHAR2(4000),
code_challenge_method VARCHAR2(256),
CONSTRAINT client_details_unique UNIQUE (client_id),
CONSTRAINT reuse_refresh_tokens_check CHECK (reuse_refresh_tokens in (1,0)),
CONSTRAINT dynamically_registered_check CHECK (dynamically_registered in (1,0)),
CONSTRAINT allow_introspection_check CHECK (allow_introspection in (1,0)),
CONSTRAINT require_auth_time_check CHECK (require_auth_time in (1,0)),
CONSTRAINT clear_acc_tok_on_refresh_check CHECK (clear_access_tokens_on_refresh in (1,0))
);
CREATE SEQUENCE client_details_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE client_request_uri (
owner_id NUMBER(19),
request_uri VARCHAR2(2000)
);
CREATE TABLE client_post_logout_redir_uri (
owner_id NUMBER(19),
post_logout_redirect_uri VARCHAR2(2000)
);
CREATE TABLE client_default_acr_value (
owner_id NUMBER(19),
default_acr_value VARCHAR2(2000)
);
CREATE TABLE client_contact (
owner_id NUMBER(19),
contact VARCHAR2(256)
);
CREATE TABLE client_redirect_uri (
owner_id NUMBER(19),
redirect_uri VARCHAR2(2048)
);
CREATE TABLE client_claims_redirect_uri (
owner_id NUMBER(19),
redirect_uri VARCHAR2(2048)
);
CREATE TABLE refresh_token (
id NUMBER(19) NOT NULL PRIMARY KEY,
token_value VARCHAR2(4000),
expiration TIMESTAMP,
auth_holder_id NUMBER(19),
client_id NUMBER(19)
);
CREATE SEQUENCE refresh_token_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE client_resource (
owner_id NUMBER(19),
resource_id VARCHAR2(256)
);
CREATE TABLE client_scope (
owner_id NUMBER(19),
scope VARCHAR2(2048)
);
CREATE TABLE token_scope (
owner_id NUMBER(19),
scope VARCHAR2(2048)
);
CREATE TABLE system_scope (
id NUMBER(19) NOT NULL PRIMARY KEY,
scope VARCHAR2(256) NOT NULL,
description VARCHAR2(4000),
icon VARCHAR2(256),
restricted NUMBER(1) DEFAULT 0 NOT NULL,
default_scope NUMBER(1) DEFAULT 0 NOT NULL,
structured NUMBER(1) DEFAULT 0 NOT NULL,
structured_param_description VARCHAR2(256),
CONSTRAINT system_scope_unique UNIQUE (scope),
CONSTRAINT default_scope_check CHECK (default_scope in (1,0)),
CONSTRAINT restricted_check CHECK (restricted in (1,0)),
CONSTRAINT structured_check CHECK (structured in (1,0))
);
CREATE SEQUENCE system_scope_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE user_info (
id NUMBER(19) NOT NULL PRIMARY KEY,
sub VARCHAR2(256),
preferred_username VARCHAR2(256),
name VARCHAR2(256),
given_name VARCHAR2(256),
family_name VARCHAR2(256),
middle_name VARCHAR2(256),
nickname VARCHAR2(256),
profile VARCHAR2(256),
picture VARCHAR2(256),
website VARCHAR2(256),
email VARCHAR2(256),
email_verified NUMBER(1),
gender VARCHAR2(256),
zone_info VARCHAR2(256),
locale VARCHAR2(256),
phone_number VARCHAR2(256),
phone_number_verified NUMBER(1),
address_id VARCHAR2(256),
updated_time VARCHAR2(256),
birthdate VARCHAR2(256),
src VARCHAR2(4000),
CONSTRAINT email_verified_check CHECK (email_verified in (1,0)),
CONSTRAINT phone_number_verified_check CHECK (phone_number_verified in (1,0))
);
CREATE SEQUENCE user_info_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE whitelisted_site (
id NUMBER(19) NOT NULL PRIMARY KEY,
creator_user_id VARCHAR2(256),
client_id VARCHAR2(256)
);
CREATE SEQUENCE whitelisted_site_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE whitelisted_site_scope (
owner_id NUMBER(19),
scope VARCHAR2(256)
);
CREATE TABLE pairwise_identifier (
id NUMBER(19) NOT NULL PRIMARY KEY,
identifier VARCHAR2(256),
sub VARCHAR2(256),
sector_identifier VARCHAR2(2048)
);
CREATE SEQUENCE pairwise_identifier_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE resource_set (
id NUMBER(19) NOT NULL PRIMARY KEY,
name VARCHAR2(1024) NOT NULL,
uri VARCHAR2(1024),
icon_uri VARCHAR2(1024),
rs_type VARCHAR2(256),
owner VARCHAR2(256) NOT NULL,
client_id VARCHAR2(256)
);
CREATE SEQUENCE resource_set_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE resource_set_scope (
owner_id NUMBER(19) NOT NULL,
scope VARCHAR2(256) NOT NULL
);
CREATE TABLE permission_ticket (
id NUMBER(19) NOT NULL PRIMARY KEY,
ticket VARCHAR2(256) NOT NULL,
permission_id NUMBER(19) NOT NULL,
expiration TIMESTAMP
);
CREATE SEQUENCE permission_ticket_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE permission (
id NUMBER(19) NOT NULL PRIMARY KEY,
resource_set_id NUMBER(19)
);
CREATE SEQUENCE permission_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE permission_scope (
owner_id NUMBER(19) NOT NULL,
scope VARCHAR2(256) NOT NULL
);
CREATE TABLE claim (
id NUMBER(19) NOT NULL PRIMARY KEY,
name VARCHAR2(256),
friendly_name VARCHAR2(1024),
claim_type VARCHAR2(1024),
claim_value VARCHAR2(1024)
);
CREATE SEQUENCE claim_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE claim_to_policy (
policy_id NUMBER(19) NOT NULL,
claim_id NUMBER(19) NOT NULL
);
CREATE TABLE claim_to_permission_ticket (
permission_ticket_id NUMBER(19) NOT NULL,
claim_id NUMBER(19) NOT NULL
);
CREATE TABLE policy (
id NUMBER(19) NOT NULL PRIMARY KEY,
name VARCHAR2(1024),
resource_set_id NUMBER(19)
);
CREATE SEQUENCE policy_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE policy_scope (
owner_id NUMBER(19) NOT NULL,
scope VARCHAR2(256) NOT NULL
);
CREATE TABLE claim_token_format (
owner_id NUMBER(19) NOT NULL,
claim_token_format VARCHAR2(1024) NOT NULL
);
CREATE TABLE claim_issuer (
owner_id NUMBER(19) NOT NULL,
issuer VARCHAR2(1024) NOT NULL
);
CREATE TABLE saved_registered_client (
id NUMBER(19) NOT NULL PRIMARY KEY,
issuer VARCHAR2(1024),
registered_client CLOB
);
CREATE SEQUENCE saved_registered_client_seq START WITH 1 INCREMENT BY 1 NOCACHE NOCYCLE;
CREATE TABLE IF NOT EXISTS device_code (
id NUMBER(19) NOT NULL PRIMARY KEY,
device_code VARCHAR2(1024),
user_code VARCHAR2(1024),
expiration TIMESTAMP,
client_id VARCHAR2(256),
approved BOOLEAN,
auth_holder_id NUMBER(19)
);
CREATE TABLE IF NOT EXISTS device_code_scope (
owner_id NUMBER(19) NOT NULL,
scope VARCHAR2(256) NOT NULL
);
CREATE TABLE IF NOT EXISTS device_code_request_parameter (
owner_id NUMBER(19),
param VARCHAR2(2048),
val VARCHAR2(2048)
);

27
openid-connect-server-webapp/src/main/resources/db/oracle/scopes_oracle.sql
View File

@ -1,27 +0,0 @@
--
-- Insert scope information into the temporary tables.
--
INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES
('openid', 'log in using your identity', 'user', 0, 1, 0, null);
INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES
('profile', 'basic profile information', 'list-alt', 0, 1, 0, null);
INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES
('email', 'email address', 'envelope', 0, 1, 0, null);
INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES
('address', 'physical address', 'home', 0, 1, 0, null);
INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES
('phone', 'telephone number', 'bell', 0, 1, 0, null);
INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES
('offline_access', 'offline access', 'time', 0, 0, 0, null);
--
-- Merge the temporary scopes safely into the database. This is a two-step process to keep scopes from being created on every startup with a persistent store.
--
MERGE INTO system_scope
USING (SELECT scope, description, icon, restricted, default_scope, structured, structured_param_description FROM system_scope_TEMP) vals
ON (vals.scope = system_scope.scope)
WHEN NOT MATCHED THEN
INSERT (id, scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES(system_scope_seq.nextval, vals.scope,
vals.description, vals.icon, vals.restricted, vals.default_scope, vals.structured, vals.structured_param_description);

18
openid-connect-server-webapp/src/main/resources/db/oracle/security-schema_oracle.sql
View File

@ -1,18 +0,0 @@
--
-- Tables for Spring Security's user details service
--
create table users(
username varchar2(50) not null primary key,
password varchar2(50) not null,
enabled number(1) not null,
constraint enabled_check check (enabled in (1, 0))
);
create table authorities (
username varchar2(50) not null,
authority varchar2(50) not null,
constraint fk_authorities_users foreign key(username) references users(username),
constraint ix_authority unique (username,authority)
);

39
openid-connect-server-webapp/src/main/resources/db/oracle/users_oracle.sql
View File

@ -1,39 +0,0 @@
--
-- Insert user information into the temporary tables. To add users to the Oracle database, edit things here.
--
INSERT INTO users_TEMP (username, password, enabled) VALUES ('admin','password',1);
INSERT INTO users_TEMP (username, password, enabled) VALUES ('user','password',1);
INSERT INTO authorities_TEMP (username, authority) VALUES ('admin','ROLE_ADMIN');
INSERT INTO authorities_TEMP (username, authority) VALUES('admin','ROLE_USER');
INSERT INTO authorities_TEMP (username, authority) VALUES('user','ROLE_USER');
-- By default, the username column here has to match the username column in the users table, above
INSERT INTO user_info_TEMP (sub, preferred_username, name, email, email_verified) VALUES ('90342.ASDFJWFA','admin','Demo Admin','admin@example.com', 1);
INSERT INTO user_info_TEMP (sub, preferred_username, name, email, email_verified) VALUES ('01921.FLANRJQW','user','Demo User','user@example.com', 1);
--
-- Merge the temporary users safely into the database. This is a two-step process to keep users from being created on every startup with a persistent store.
--
MERGE INTO users
USING (SELECT username, password, enabled FROM users_TEMP) vals
ON (vals.username = users.username)
WHEN NOT MATCHED THEN
INSERT (username, password, enabled) VALUES(vals.username, vals.password, vals.enabled);
MERGE INTO authorities
USING (SELECT username, authority FROM authorities_TEMP) vals
ON (vals.username = authorities.username AND vals.authority = authorities.authority)
WHEN NOT MATCHED THEN
INSERT (username,authority) values (vals.username, vals.authority);
MERGE INTO user_info
USING (SELECT sub, preferred_username, name, email, email_verified FROM user_info_TEMP) vals
ON (vals.preferred_username = user_info.preferred_username)
WHEN NOT MATCHED THEN
INSERT (id, sub, preferred_username, name, email, email_verified) VALUES (user_info_seq.nextval, vals.sub, vals.preferred_username, vals.name, vals.email,
vals.email_verified);

66
openid-connect-server-webapp/src/main/resources/db/psql/clients.sql
View File

@ -1,66 +0,0 @@
--
-- Turn off autocommit and start a transaction so that we can use the temp tables
--
--SET AUTOCOMMIT = OFF;
START TRANSACTION;
--
-- Insert client information into the temporary tables. To add clients to the HSQL database, edit things here.
--
INSERT INTO client_details_TEMP (client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection) VALUES
('client', 'secret', 'Test Client', false, null, 3600, 600, true);
INSERT INTO client_scope_TEMP (owner_id, scope) VALUES
('client', 'openid'),
('client', 'profile'),
('client', 'email'),
('client', 'address'),
('client', 'phone'),
('client', 'offline_access');
INSERT INTO client_redirect_uri_TEMP (owner_id, redirect_uri) VALUES
('client', 'http://localhost/'),
('client', 'http://localhost:8080/');
INSERT INTO client_grant_type_TEMP (owner_id, grant_type) VALUES
('client', 'authorization_code'),
('client', 'urn:ietf:params:oauth:grant_type:redelegate'),
('client', 'implicit'),
('client', 'refresh_token');
--
-- Merge the temporary clients safely into the database. This is a two-step process to keep clients from being created on every startup with a persistent store.
--
INSERT INTO client_details (client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection)
SELECT client_id, client_secret, client_name, dynamically_registered, refresh_token_validity_seconds, access_token_validity_seconds, id_token_validity_seconds, allow_introspection FROM client_details_TEMP
ON CONFLICT
DO NOTHING;
INSERT INTO client_scope (scope)
SELECT scope FROM client_scope_TEMP, client_details WHERE client_details.client_id = client_scope_TEMP.owner_id
ON CONFLICT
DO NOTHING;
INSERT INTO client_redirect_uri (redirect_uri)
SELECT redirect_uri FROM client_redirect_uri_TEMP, client_details WHERE client_details.client_id = client_redirect_uri_TEMP.owner_id
ON CONFLICT
DO NOTHING;
INSERT INTO client_grant_type (grant_type)
SELECT grant_type FROM client_grant_type_TEMP, client_details WHERE client_details.client_id = client_grant_type_TEMP.owner_id
ON CONFLICT
DO NOTHING;
--
-- Close the transaction and turn autocommit back on
--
COMMIT;
--SET AUTOCOMMIT = ON;

18
openid-connect-server-webapp/src/main/resources/db/psql/psql_database_index.sql
View File

@ -1,18 +0,0 @@
--
-- Indexes for PostgreSQL
--
CREATE INDEX IF NOT EXISTS at_tv_idx ON access_token(token_value);
CREATE INDEX IF NOT EXISTS ts_oi_idx ON token_scope(owner_id);
CREATE INDEX IF NOT EXISTS at_exp_idx ON access_token(expiration);
CREATE INDEX IF NOT EXISTS rf_ahi_idx ON refresh_token(auth_holder_id);
CREATE INDEX IF NOT EXISTS cd_ci_idx ON client_details(client_id);
CREATE INDEX IF NOT EXISTS at_ahi_idx ON access_token(auth_holder_id);
CREATE INDEX IF NOT EXISTS aha_oi_idx ON authentication_holder_authority(owner_id);
CREATE INDEX IF NOT EXISTS ahe_oi_idx ON authentication_holder_extension(owner_id);
CREATE INDEX IF NOT EXISTS ahrp_oi_idx ON authentication_holder_request_parameter(owner_id);
CREATE INDEX IF NOT EXISTS ahri_oi_idx ON authentication_holder_resource_id(owner_id);
CREATE INDEX IF NOT EXISTS ahrt_oi_idx ON authentication_holder_response_type(owner_id);
CREATE INDEX IF NOT EXISTS ahs_oi_idx ON authentication_holder_scope(owner_id);
CREATE INDEX IF NOT EXISTS ac_ahi_idx ON authorization_code(auth_holder_id);
CREATE INDEX IF NOT EXISTS suaa_oi_idx ON saved_user_auth_authority(owner_id);

393
openid-connect-server-webapp/src/main/resources/db/psql/psql_database_tables.sql
View File

@ -1,393 +0,0 @@
--
-- Tables for OIDC Server functionality, PostgreSQL
--
CREATE TABLE IF NOT EXISTS access_token (
id BIGSERIAL PRIMARY KEY,
token_value VARCHAR(4096),
expiration TIMESTAMP,
token_type VARCHAR(256),
refresh_token_id BIGINT,
client_id BIGINT,
auth_holder_id BIGINT,
approved_site_id BIGINT,
UNIQUE(token_value)
);
CREATE TABLE IF NOT EXISTS access_token_permissions (
access_token_id BIGINT NOT NULL,
permission_id BIGINT NOT NULL
);
CREATE TABLE IF NOT EXISTS address (
id BIGSERIAL PRIMARY KEY,
formatted VARCHAR(256),
street_address VARCHAR(256),
locality VARCHAR(256),
region VARCHAR(256),
postal_code VARCHAR(256),
country VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS approved_site (
id BIGSERIAL PRIMARY KEY,
user_id VARCHAR(256),
client_id VARCHAR(256),
creation_date TIMESTAMP,
access_date TIMESTAMP,
timeout_date TIMESTAMP,
whitelisted_site_id BIGINT
);
CREATE TABLE IF NOT EXISTS approved_site_scope (
owner_id BIGINT,
scope VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS authentication_holder (
id BIGSERIAL PRIMARY KEY,
user_auth_id BIGINT,
approved BOOLEAN,
redirect_uri VARCHAR(2048),
client_id VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS authentication_holder_authority (
owner_id BIGINT,
authority VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS authentication_holder_resource_id (
owner_id BIGINT,
resource_id VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS authentication_holder_response_type (
owner_id BIGINT,
response_type VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS authentication_holder_extension (
owner_id BIGINT,
extension VARCHAR(2048),
val VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS authentication_holder_scope (
owner_id BIGINT,
scope VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS authentication_holder_request_parameter (
owner_id BIGINT,
param VARCHAR(2048),
val VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS saved_user_auth (
id BIGSERIAL PRIMARY KEY,
name VARCHAR(1024),
authenticated BOOLEAN,
source_class VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS saved_user_auth_authority (
owner_id BIGINT,
authority VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS saved_user_auth_info (
owner_id BIGINT,
info_key VARCHAR(256),
info_val VARCHAR(256),
UNIQUE(owner_id, info_key)
);
CREATE TABLE IF NOT EXISTS client_authority (
owner_id BIGINT,
authority VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS authorization_code (
id BIGSERIAL PRIMARY KEY,
code VARCHAR(256),
auth_holder_id BIGINT,
expiration TIMESTAMP
);
CREATE TABLE IF NOT EXISTS client_grant_type (
owner_id BIGINT,
grant_type VARCHAR(2000)
);
CREATE TABLE IF NOT EXISTS client_response_type (
owner_id BIGINT,
response_type VARCHAR(2000)
);
CREATE TABLE IF NOT EXISTS blacklisted_site (
id BIGSERIAL PRIMARY KEY,
uri VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS client_details (
id BIGSERIAL PRIMARY KEY,
client_description VARCHAR(1024),
reuse_refresh_tokens BOOLEAN DEFAULT true NOT NULL,
dynamically_registered BOOLEAN DEFAULT false NOT NULL,
allow_introspection BOOLEAN DEFAULT false NOT NULL,
id_token_validity_seconds BIGINT DEFAULT 600 NOT NULL,
device_code_validity_seconds BIGINT,
client_id VARCHAR(256),
client_secret VARCHAR(2048),
access_token_validity_seconds BIGINT,
refresh_token_validity_seconds BIGINT,
application_type VARCHAR(256),
client_name VARCHAR(256),
token_endpoint_auth_method VARCHAR(256),
subject_type VARCHAR(256),
logo_uri VARCHAR(2048),
policy_uri VARCHAR(2048),
client_uri VARCHAR(2048),
tos_uri VARCHAR(2048),
jwks_uri VARCHAR(2048),
jwks VARCHAR(8192),
sector_identifier_uri VARCHAR(2048),
request_object_signing_alg VARCHAR(256),
user_info_signed_response_alg VARCHAR(256),
user_info_encrypted_response_alg VARCHAR(256),
user_info_encrypted_response_enc VARCHAR(256),
id_token_signed_response_alg VARCHAR(256),
id_token_encrypted_response_alg VARCHAR(256),
id_token_encrypted_response_enc VARCHAR(256),
token_endpoint_auth_signing_alg VARCHAR(256),
default_max_age BIGINT,
require_auth_time BOOLEAN,
created_at TIMESTAMP,
initiate_login_uri VARCHAR(2048),
clear_access_tokens_on_refresh BOOLEAN DEFAULT true NOT NULL,
software_statement VARCHAR(4096),
software_id VARCHAR(2048),
software_version VARCHAR(2048),
code_challenge_method VARCHAR(256),
UNIQUE (client_id)
);
CREATE TABLE IF NOT EXISTS client_request_uri (
owner_id BIGINT,
request_uri VARCHAR(2000)
);
CREATE TABLE IF NOT EXISTS client_post_logout_redirect_uri (
owner_id BIGINT,
post_logout_redirect_uri VARCHAR(2000)
);
CREATE TABLE IF NOT EXISTS client_default_acr_value (
owner_id BIGINT,
default_acr_value VARCHAR(2000)
);
CREATE TABLE IF NOT EXISTS client_contact (
owner_id BIGINT,
contact VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS client_redirect_uri (
owner_id BIGINT,
redirect_uri VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS client_claims_redirect_uri (
owner_id BIGINT,
redirect_uri VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS refresh_token (
id BIGSERIAL PRIMARY KEY,
token_value VARCHAR(4096),
expiration TIMESTAMP,
auth_holder_id BIGINT,
client_id BIGINT
);
CREATE TABLE IF NOT EXISTS client_resource (
owner_id BIGINT,
resource_id VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS client_scope (
owner_id BIGINT,
scope VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS token_scope (
owner_id BIGINT,
scope VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS system_scope (
id BIGSERIAL PRIMARY KEY,
scope VARCHAR(256) NOT NULL,
description VARCHAR(4096),
icon VARCHAR(256),
restricted BOOLEAN DEFAULT false NOT NULL,
default_scope BOOLEAN DEFAULT false NOT NULL,
structured BOOLEAN DEFAULT false NOT NULL,
structured_param_description VARCHAR(256),
UNIQUE (scope)
);
CREATE TABLE IF NOT EXISTS user_info (
id BIGSERIAL PRIMARY KEY,
sub VARCHAR(256),
preferred_username VARCHAR(256),
name VARCHAR(256),
given_name VARCHAR(256),
family_name VARCHAR(256),
middle_name VARCHAR(256),
nickname VARCHAR(256),
profile VARCHAR(256),
picture VARCHAR(256),
website VARCHAR(256),
email VARCHAR(256),
email_verified BOOLEAN,
gender VARCHAR(256),
zone_info VARCHAR(256),
locale VARCHAR(256),
phone_number VARCHAR(256),
phone_number_verified BOOLEAN,
address_id VARCHAR(256),
updated_time VARCHAR(256),
birthdate VARCHAR(256),
src VARCHAR(4096)
);
CREATE TABLE IF NOT EXISTS whitelisted_site (
id BIGSERIAL PRIMARY KEY,
creator_user_id VARCHAR(256),
client_id VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS whitelisted_site_scope (
owner_id BIGINT,
scope VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS pairwise_identifier (
id BIGSERIAL PRIMARY KEY,
identifier VARCHAR(256),
sub VARCHAR(256),
sector_identifier VARCHAR(2048)
);
CREATE TABLE IF NOT EXISTS resource_set (
id BIGSERIAL PRIMARY KEY,
name VARCHAR(1024) NOT NULL,
uri VARCHAR(1024),
icon_uri VARCHAR(1024),
rs_type VARCHAR(256),
owner VARCHAR(256) NOT NULL,
client_id VARCHAR(256)
);
CREATE TABLE IF NOT EXISTS resource_set_scope (
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
);
CREATE TABLE IF NOT EXISTS permission_ticket (
id BIGSERIAL PRIMARY KEY,
ticket VARCHAR(256) NOT NULL,
permission_id BIGINT NOT NULL,
expiration TIMESTAMP
);
CREATE TABLE IF NOT EXISTS permission (
id BIGSERIAL PRIMARY KEY,
resource_set_id BIGINT
);
CREATE TABLE IF NOT EXISTS permission_scope (
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
);
CREATE TABLE IF NOT EXISTS claim (
id BIGSERIAL PRIMARY KEY,
name VARCHAR(256),
friendly_name VARCHAR(1024),
claim_type VARCHAR(1024),
claim_value VARCHAR(1024)
);
CREATE TABLE IF NOT EXISTS claim_to_policy (
policy_id BIGINT NOT NULL,
claim_id BIGINT NOT NULL
);
CREATE TABLE IF NOT EXISTS claim_to_permission_ticket (
permission_ticket_id BIGINT NOT NULL,
claim_id BIGINT NOT NULL
);
CREATE TABLE IF NOT EXISTS policy (
id BIGSERIAL PRIMARY KEY,
name VARCHAR(1024),
resource_set_id BIGINT
);
CREATE TABLE IF NOT EXISTS policy_scope (
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
);
CREATE TABLE IF NOT EXISTS claim_token_format (
owner_id BIGINT NOT NULL,
claim_token_format VARCHAR(1024)
);
CREATE TABLE IF NOT EXISTS claim_issuer (
owner_id BIGINT NOT NULL,
issuer VARCHAR(1024)
);
CREATE TABLE IF NOT EXISTS saved_registered_client (
id BIGSERIAL PRIMARY KEY,
issuer VARCHAR(1024),
registered_client VARCHAR(8192)
);
CREATE TABLE IF NOT EXISTS device_code (
id BIGSERIAL PRIMARY KEY,
device_code VARCHAR(1024),
user_code VARCHAR(1024),
expiration TIMESTAMP NULL,
client_id VARCHAR(256),
approved BOOLEAN,
auth_holder_id BIGINT
);
CREATE TABLE IF NOT EXISTS device_code_scope (
owner_id BIGINT NOT NULL,
scope VARCHAR(256) NOT NULL
);
CREATE TABLE IF NOT EXISTS device_code_request_parameter (
owner_id BIGINT,
param VARCHAR(2048),
val VARCHAR(2048)
);

33
openid-connect-server-webapp/src/main/resources/db/psql/scopes.sql
View File

@ -1,33 +0,0 @@
--
-- Turn off autocommit and start a transaction so that we can use the temp tables
--
--SET AUTOCOMMIT = OFF;
START TRANSACTION;
--
-- Insert scope information into the temporary tables.
--
INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES
('openid', 'log in using your identity', 'user', false, true, false, null),
('profile', 'basic profile information', 'list-alt', false, true, false, null),
('email', 'email address', 'envelope', false, true, false, null),
('address', 'physical address', 'home', false, true, false, null),
('phone', 'telephone number', 'bell', false, true, false, null),
('offline_access', 'offline access', 'time', false, false, false, null);
--
-- Merge the temporary scopes safely into the database. This is a two-step process to keep scopes from being created on every startup with a persistent store.
--
INSERT INTO system_scope (scope, description, icon, restricted, default_scope, structured, structured_param_description)
SELECT scope, description, icon, restricted, default_scope, structured, structured_param_description FROM system_scope_TEMP
ON CONFLICT(scope)
DO NOTHING;
COMMIT;
--SET AUTOCOMMIT = ON;

14
openid-connect-server-webapp/src/main/resources/db/psql/security-schema.sql
View File

@ -1,14 +0,0 @@
--
-- Tables for Spring Security's user details service
--
create table IF NOT EXISTS users(
username varchar(50) not null primary key,
password varchar(50) not null,
enabled boolean not null);
create table IF NOT EXISTS authorities (
username varchar(50) not null,
authority varchar(50) not null,
constraint fk_authorities_users foreign key(username) references users(username),
constraint ix_authority unique (username,authority));

55
openid-connect-server-webapp/src/main/resources/db/psql/users.sql
View File

@ -1,55 +0,0 @@
--
-- Turn off autocommit and start a transaction so that we can use the temp tables
--
--SET AUTOCOMMIT FALSE;
START TRANSACTION;
--
-- Insert user information into the temporary tables. To add users to the HSQL database, edit things here.
--
INSERT INTO users_TEMP (username, password, enabled) VALUES
('admin','password',true),
('user','password',true);
INSERT INTO authorities_TEMP (username, authority) VALUES
('admin','ROLE_ADMIN'),
('admin','ROLE_USER'),
('user','ROLE_USER');
-- By default, the username column here has to match the username column in the users table, above
INSERT INTO user_info_TEMP (sub, preferred_username, name, email, email_verified) VALUES
('90342.ASDFJWFA','admin','Demo Admin','admin@example.com', true),
('01921.FLANRJQW','user','Demo User','user@example.com', true);
--
-- Merge the temporary users safely into the database. This is a two-step process to keep users from being created on every startup with a persistent store.
--
INSERT INTO users
SELECT username, password, enabled FROM users_TEMP
ON CONFLICT(username)
DO NOTHING;
INSERT INTO authorities
SELECT username, authority FROM authorities_TEMP
ON CONFLICT(username, authority)
DO NOTHING;
INSERT INTO user_info (sub, preferred_username, name, email, email_verified)
SELECT sub, preferred_username, name, email, email_verified FROM user_info_TEMP
ON CONFLICT
DO NOTHING;
--
-- Close the transaction and turn autocommit back on
--
COMMIT;
--SET AUTOCOMMIT TRUE;

12
openid-connect-server-webapp/src/main/resources/keystore.jwks
View File

@ -1,12 +0,0 @@
{
"keys": [
{
"alg": "RS256",
"d": "PvBAngE3kkTnD3yDKo3wCvHJHm20kb9a0FVGLd0s2Y0E_3H2XnZC8-2zPhN6AQTjPhohSDCew20gzm76lyOvMqRiUP2Zpaopa1d2fGvNIQSdM07yKa6EivEYxqPQxa5esoZnexgnb9fom70I8n5OQRNQikwu-az26CsHX2zWMRodzSdN5CXHvb1PV09DmH8azTYwoMElPIqmcTfxiRw2Ov5ucmXXngKRFJgvfUgKd7v4ScBX7sQoQEjWEtt7ta0WvL3Ar5E1RAW4aHxuubZ6AtloxWCf17AAKw03dfP5RDm5TDmgm2B635ecJ7fTvneFmg8W_fdMTPRfBlCGNBp3wQ",
"e": "AQAB",
"n": "qt6yOiI_wCoCVlGO0MySsez0VkSqhPvDl3rfabOslx35mYEO-n4ABfIT5Gn2zN-CeIcOZ5ugAXvIIRWv5H55-tzjFazi5IKkOIMCiz5__MtsdxKCqGlZu2zt-BLpqTOAPiflNPpM3RUAlxKAhnYEqNha6-allPnFQupnW_eTYoyuzuedT7dSp90ry0ZcQDimntXWeaSbrYKCj9Rr9W1jn2uTowUuXaScKXTCjAmJVnsD75JNzQfa8DweklTyWQF-Y5Ky039I0VIu-0CIGhXY48GAFe2EFb8VpNhf07DP63p138RWQ1d3KPEM9mYJVpQC68j3wzDQYSljpLf9by7TGw",
"kty": "RSA",
"kid": "rsa1"
}
]
}

83
openid-connect-server-webapp/src/main/resources/log4j.xml
View File

@ -1,83 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright 2017 The MIT Internet Trust Consortium
Portions copyright 2011-2013 The MITRE Corporation
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<!DOCTYPE log4j:configuration PUBLIC "-//APACHE//DTD LOG4J 1.2//EN" "log4j.dtd">
<log4j:configuration xmlns:log4j="http://jakarta.apache.org/log4j/">
<!-- Appenders -->
<appender name="console" class="org.apache.log4j.ConsoleAppender">
<param name="Target" value="System.out" />
<layout class="org.apache.log4j.PatternLayout">
<param name="ConversionPattern" value="%-5p: %c - %m%n" />
</layout>
</appender>
<!-- Application Loggers -->
<logger name="org.mitre.openid">
<level value="info" />
</logger>
<logger name="org.mitre.oauth2">
<level value="info" />
</logger>
<logger name="org.mitre.discovery">
<level value="info" />
</logger>
<logger name="org.mitre.jose">
<level value="info" />
</logger>
<logger name="org.mitre.jwt">
<level value="info" />
</logger>
<logger name="org.mitre.util">
<level value="info" />
</logger>
<logger name="org.mitre.uma">
<level value="info" />
</logger>
<logger name="org.mitre.data">
<level value="info" />
</logger>
<!-- 3rdparty Loggers -->
<logger name="org.springframework.core">
<level value="info" />
</logger>
<logger name="org.springframework.beans">
<level value="info" />
</logger>
<logger name="org.springframework.context">
<level value="info" />
</logger>
<logger name="org.springframework.web">
<level value="info" />
</logger>
<logger name="org.springframework.security">
<level value="warn" />
</logger>
<!-- Root Logger -->
<root>
<priority value="warn" />
<appender-ref ref="console" />
</root>
</log4j:configuration>

2
openid-connect-server-webapp/src/main/webapp/META-INF/MANIFEST.MF
View File

@ -1,2 +0,0 @@
Manifest-Version: 1.0

314
openid-connect-server-webapp/src/main/webapp/WEB-INF/application-context.xml
View File

@ -1,314 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright 2017 The MIT Internet Trust Consortium
Portions copyright 2011-2013 The MITRE Corporation
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.3.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
http://www.springframework.org/schema/util http://www.springframework.org/schema/util/spring-util-4.3.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.3.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd">
<!-- Scan for components -->
<context:component-scan annotation-config="true" base-package="org.mitre" />
<!-- Enables the Spring MVC @Controller programming model -->
<tx:annotation-driven transaction-manager="transactionManager" />
<mvc:annotation-driven ignore-default-model-on-redirect="true">
<mvc:message-converters>
<bean class="org.springframework.http.converter.StringHttpMessageConverter" />
<bean class="org.springframework.http.converter.json.MappingJackson2HttpMessageConverter" />
</mvc:message-converters>
</mvc:annotation-driven>
<mvc:interceptors>
<mvc:interceptor>
<!-- Exclude APIs and other machine-facing endpoints from these interceptors -->
<mvc:mapping path="/**" />
<mvc:exclude-mapping path="/#{T(org.mitre.openid.connect.web.JWKSetPublishingEndpoint).URL}**" />
<mvc:exclude-mapping path="/#{T(org.mitre.discovery.web.DiscoveryEndpoint).WELL_KNOWN_URL}/**" />
<mvc:exclude-mapping path="/resources/**" />
<mvc:exclude-mapping path="/token**"/>
<mvc:exclude-mapping path="/#{T(org.mitre.openid.connect.web.DynamicClientRegistrationEndpoint).URL}/**" />
<mvc:exclude-mapping path="/#{T(org.mitre.openid.connect.web.ProtectedResourceRegistrationEndpoint).URL}/**" />
<mvc:exclude-mapping path="/#{T(org.mitre.openid.connect.web.UserInfoEndpoint).URL}**" />
<mvc:exclude-mapping path="/#{T(org.mitre.openid.connect.web.RootController).API_URL}/**" />
<mvc:exclude-mapping path="/#{T(org.mitre.oauth2.web.DeviceEndpoint).URL}/**" />
<mvc:exclude-mapping path="/#{T(org.mitre.oauth2.web.IntrospectionEndpoint).URL}**" />
<mvc:exclude-mapping path="/#{T(org.mitre.oauth2.web.RevocationEndpoint).URL}**" />
<!-- Inject the UserInfo into the response -->
<bean id="userInfoInterceptor" class="org.mitre.openid.connect.web.UserInfoInterceptor" />
</mvc:interceptor>
<mvc:interceptor>
<!-- Exclude APIs and other machine-facing endpoints from these interceptors -->
<mvc:mapping path="/**" />
<mvc:exclude-mapping path="/#{T(org.mitre.openid.connect.web.JWKSetPublishingEndpoint).URL}**" />
<mvc:exclude-mapping path="/#{T(org.mitre.discovery.web.DiscoveryEndpoint).WELL_KNOWN_URL}/**" />
<mvc:exclude-mapping path="/resources/**" />
<mvc:exclude-mapping path="/token**"/>
<mvc:exclude-mapping path="/#{T(org.mitre.openid.connect.web.DynamicClientRegistrationEndpoint).URL}/**" />
<mvc:exclude-mapping path="/#{T(org.mitre.openid.connect.web.ProtectedResourceRegistrationEndpoint).URL}/**" />
<mvc:exclude-mapping path="/#{T(org.mitre.openid.connect.web.UserInfoEndpoint).URL}**" />
<mvc:exclude-mapping path="/#{T(org.mitre.openid.connect.web.RootController).API_URL}/**" />
<mvc:exclude-mapping path="/#{T(org.mitre.oauth2.web.DeviceEndpoint).URL}/**" />
<mvc:exclude-mapping path="/#{T(org.mitre.oauth2.web.IntrospectionEndpoint).URL}**" />
<mvc:exclude-mapping path="/#{T(org.mitre.oauth2.web.RevocationEndpoint).URL}**" />
<!-- Inject the server configuration into the response -->
<bean id="serverConfigInterceptor" class="org.mitre.openid.connect.web.ServerConfigInterceptor" />
</mvc:interceptor>
</mvc:interceptors>
<mvc:default-servlet-handler />
<!-- Bean to hold configuration properties -->
<import resource="server-config.xml" />
<!-- Import the data context -->
<import resource="data-context.xml" />
<!-- SPEL processors -->
<security:global-method-security pre-post-annotations="enabled" proxy-target-class="true" authentication-manager-ref="authenticationManager">
<!--you could also wire in the expression handler up at the layer of the http filters. See https://jira.springsource.org/browse/SEC-1452 -->
<security:expression-handler ref="oauthExpressionHandler" />
</security:global-method-security>
<oauth:expression-handler id="oauthExpressionHandler" />
<oauth:web-expression-handler id="oauthWebExpressionHandler" />
<!-- Spring Security configuration -->
<oauth:resource-server id="resourceServerFilter" token-services-ref="defaultOAuth2ProviderTokenService" stateless="false" />
<security:http pattern="/token"
create-session="stateless"
authentication-manager-ref="clientAuthenticationManager"
entry-point-ref="oauthAuthenticationEntryPoint"
use-expressions="true">
<security:intercept-url pattern="/token" access="permitAll" method="OPTIONS" /> <!-- allow OPTIONS calls without auth for CORS stuff -->
<security:intercept-url pattern="/token" access="isAuthenticated()" />
<security:http-basic entry-point-ref="oauthAuthenticationEntryPoint" />
<!-- include this only if you need to authenticate clients via request parameters -->
<security:custom-filter ref="clientAssertionEndpointFilter" after="PRE_AUTH_FILTER" /> <!-- this one has to go first -->
<security:custom-filter ref="clientCredentialsEndpointFilter" after="BASIC_AUTH_FILTER" />
<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
<security:access-denied-handler ref="oauthAccessDeniedHandler" />
<security:csrf disabled="true"/>
</security:http>
<!-- Allow open access to discovery endpoints -->
<security:http pattern="/#{T(org.mitre.openid.connect.web.JWKSetPublishingEndpoint).URL}**" use-expressions="true" entry-point-ref="http403EntryPoint" create-session="stateless">
<security:intercept-url pattern="/#{T(org.mitre.openid.connect.web.JWKSetPublishingEndpoint).URL}**" access="permitAll"/>
<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
<security:csrf disabled="true"/>
</security:http>
<security:http pattern="/#{T(org.mitre.discovery.web.DiscoveryEndpoint).WELL_KNOWN_URL}/**" use-expressions="true" entry-point-ref="http403EntryPoint" create-session="stateless">
<security:intercept-url pattern="/#{T(org.mitre.discovery.web.DiscoveryEndpoint).WELL_KNOWN_URL}/**" access="permitAll"/>
<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
<security:csrf disabled="true"/>
</security:http>
<!-- Allow open access to all static resources -->
<security:http pattern="/resources/**" use-expressions="true" entry-point-ref="http403EntryPoint" create-session="stateless">
<security:intercept-url pattern="/resources/**" access="permitAll"/>
<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
<security:csrf disabled="true"/>
</security:http>
<!-- OAuth-protect API and other endpoints -->
<security:http pattern="/#{T(org.mitre.openid.connect.web.DynamicClientRegistrationEndpoint).URL}/**" use-expressions="true" entry-point-ref="oauthAuthenticationEntryPoint" create-session="stateless">
<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
<security:expression-handler ref="oauthWebExpressionHandler" />
<security:intercept-url pattern="/register/**" access="permitAll"/>
<security:csrf disabled="true"/>
</security:http>
<security:http pattern="/#{T(org.mitre.openid.connect.web.ProtectedResourceRegistrationEndpoint).URL}/**" use-expressions="true" entry-point-ref="oauthAuthenticationEntryPoint" create-session="stateless">
<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
<security:expression-handler ref="oauthWebExpressionHandler" />
<security:intercept-url pattern="/resource/**" access="permitAll"/>
<security:csrf disabled="true"/>
</security:http>
<security:http pattern="/#{T(org.mitre.openid.connect.web.UserInfoEndpoint).URL}**" use-expressions="true" entry-point-ref="oauthAuthenticationEntryPoint" create-session="stateless">
<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
<security:expression-handler ref="oauthWebExpressionHandler" />
<security:csrf disabled="true"/>
</security:http>
<security:http pattern="/#{T(org.mitre.openid.connect.web.RootController).API_URL}/**" use-expressions="true" entry-point-ref="oauthAuthenticationEntryPoint" create-session="never">
<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
<security:expression-handler ref="oauthWebExpressionHandler" />
<security:csrf disabled="true"/>
</security:http>
<security:http pattern="/#{T(org.mitre.oauth2.web.DeviceEndpoint).URL}/**"
use-expressions="true"
entry-point-ref="oauthAuthenticationEntryPoint"
create-session="stateless"
authentication-manager-ref="clientAuthenticationManager">
<security:http-basic entry-point-ref="oauthAuthenticationEntryPoint" />
<!-- include this only if you need to authenticate clients via request parameters -->
<security:custom-filter ref="clientAssertionEndpointFilter" after="PRE_AUTH_FILTER" /> <!-- this one has to go first -->
<security:custom-filter ref="clientCredentialsEndpointFilter" after="BASIC_AUTH_FILTER" />
<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
<security:access-denied-handler ref="oauthAccessDeniedHandler" />
<security:csrf disabled="true"/>
</security:http>
<security:http pattern="/#{T(org.mitre.oauth2.web.IntrospectionEndpoint).URL}**"
use-expressions="true"
entry-point-ref="oauthAuthenticationEntryPoint"
create-session="stateless"
authentication-manager-ref="clientAuthenticationManager">
<security:http-basic entry-point-ref="oauthAuthenticationEntryPoint" />
<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
<security:custom-filter ref="clientAssertionEndpointFilter" after="PRE_AUTH_FILTER" /> <!-- this one has to go first -->
<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
<security:custom-filter ref="clientCredentialsEndpointFilter" after="BASIC_AUTH_FILTER" />
<security:csrf disabled="true"/>
</security:http>
<security:http pattern="/#{T(org.mitre.oauth2.web.RevocationEndpoint).URL}**"
use-expressions="true"
entry-point-ref="oauthAuthenticationEntryPoint"
create-session="stateless"
authentication-manager-ref="clientAuthenticationManager">
<security:http-basic entry-point-ref="oauthAuthenticationEntryPoint" />
<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
<security:custom-filter ref="clientAssertionEndpointFilter" after="PRE_AUTH_FILTER" /> <!-- this one has to go first -->
<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
<security:custom-filter ref="clientCredentialsEndpointFilter" after="BASIC_AUTH_FILTER" />
<security:csrf disabled="true"/>
</security:http>
<bean id="oauthAuthenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
<property name="realmName" value="openidconnect" />
</bean>
<bean id="http403EntryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint" />
<!-- Additional endpoints for extensions (such as UMA) -->
<import resource="endpoint-config.xml" />
<!-- SECOAUTH Authorization Server -->
<import resource="authz-config.xml" />
<bean id="oauth2ExceptionTranslator" class="org.springframework.security.oauth2.provider.error.DefaultWebResponseExceptionTranslator" />
<bean id="clientAuthMatcher" class="org.mitre.openid.connect.filter.MultiUrlRequestMatcher">
<constructor-arg name="filterProcessesUrls">
<set>
<value>/introspect</value>
<value>/revoke</value>
<value>/token</value>
</set>
</constructor-arg>
</bean>
<bean id="clientCredentialsEndpointFilter" class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
<property name="authenticationManager" ref="clientAuthenticationManager" />
<property name="requiresAuthenticationRequestMatcher" ref="clientAuthMatcher" />
</bean>
<bean id="clientAssertionEndpointFilter" class="org.mitre.openid.connect.assertion.JWTBearerClientAssertionTokenEndpointFilter">
<constructor-arg name="additionalMatcher" ref="clientAuthMatcher" />
<property name="authenticationManager" ref="clientAssertionAuthenticationManager" />
</bean>
<security:authentication-manager id="clientAuthenticationManager">
<security:authentication-provider user-service-ref="clientUserDetailsService" />
<security:authentication-provider user-service-ref="uriEncodedClientUserDetailsService" />
</security:authentication-manager>
<security:authentication-manager id="clientAssertionAuthenticationManager">
<security:authentication-provider ref="clientAssertionAuthenticationProvider" />
</security:authentication-manager>
<bean id="clientAssertionAuthenticationProvider" class="org.mitre.openid.connect.assertion.JWTBearerAuthenticationProvider" />
<!-- Configure locale information -->
<import resource="locale-config.xml" />
<!-- user services -->
<import resource="user-context.xml" />
<!-- assertion processing -->
<import resource="assertion-config.xml" />
<!-- End Spring Security configuration -->
<!-- JPA -->
<import resource="jpa-config.xml" />
<!-- End JPA -->
<!-- Crypto -->
<import resource="crypto-config.xml" />
<!-- End Crypto -->
<!-- View configuration -->
<!-- Handles HTTP GET requests for /resources/** by efficiently serving
up static resources in the ${webappRoot}/resources directory -->
<mvc:resources mapping="/resources/**" location="/resources/" />
<!-- Resolves views selected for rendering by @Controllers to .jsp resources
in the /WEB-INF/views directory -->
<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
<property name="viewClass" value="org.springframework.web.servlet.view.JstlView" />
<property name="prefix" value="/WEB-INF/views/" />
<property name="suffix" value=".jsp" />
<property name="order" value="2" />
</bean>
<!-- Resolve views based on string names -->
<bean class="org.springframework.web.servlet.view.BeanNameViewResolver">
<property name="order" value="1" />
</bean>
<!-- End view configuration -->
<!--Import scheduled task configuration -->
<import resource="task-config.xml" />
<!-- Import configuration for front-end (JavaScript) UI components -->
<import resource="ui-config.xml" />
<!-- import application-local configuration information (such as bean definitions) -->
<import resource="local-config.xml" />
</beans>

50
openid-connect-server-webapp/src/main/webapp/WEB-INF/assertion-config.xml
View File

@ -1,50 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright 2017 The MIT Internet Trust Consortium
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.3.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.3.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd">
<!-- validate incoming tokens for JWT assertions -->
<bean id="jwtAssertionValidator" class="org.mitre.jwt.assertion.impl.NullAssertionValidator" />
<!-- translate incoming assertions to token authorization objects -->
<bean id="jwtAssertionTokenFactory" class="org.mitre.oauth2.assertion.impl.DirectCopyRequestFactory" />
<!-- validate client software statements for dynamic registration -->
<!-- <bean id="clientAssertionValidator" class="org.mitre.jwt.assertion.impl.NullAssertionValidator" /> -->
<!-- this class will pass assertions signed by the issuers and keys in the whitelist -->
<bean id="clientAssertionValidator" class="org.mitre.jwt.assertion.impl.WhitelistedIssuerAssertionValidator">
<property name="whitelist">
<map>
<entry key="http://artemesia.local" value="http://localhost:8080/openid-connect-server-webapp/jwk" />
</map>
</property>
</bean>
</beans>

60
openid-connect-server-webapp/src/main/webapp/WEB-INF/authz-config.xml
View File

@ -1,60 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright 2017 The MIT Internet Trust Consortium
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.3.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.3.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd">
<oauth:authorization-server
client-details-service-ref="defaultOAuth2ClientDetailsEntityService"
authorization-request-manager-ref="connectOAuth2RequestFactory"
token-services-ref="defaultOAuth2ProviderTokenService"
user-approval-handler-ref="tofuUserApprovalHandler"
request-validator-ref="oauthRequestValidator"
redirect-resolver-ref="blacklistAwareRedirectResolver"
authorization-endpoint-url="/authorize"
token-endpoint-url="/token"
error-page="/error">
<oauth:authorization-code authorization-code-services-ref="defaultOAuth2AuthorizationCodeService"/>
<oauth:implicit />
<oauth:refresh-token/>
<oauth:client-credentials/>
<oauth:custom-grant token-granter-ref="chainedTokenGranter" />
<oauth:custom-grant token-granter-ref="jwtAssertionTokenGranter" />
<oauth:custom-grant token-granter-ref="deviceTokenGranter" />
</oauth:authorization-server>
<bean id="oauthAccessDeniedHandler" class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />
<bean id="oauthRequestValidator" class="org.mitre.oauth2.token.ScopeServiceAwareOAuth2RequestValidator" />
<!-- Error page handler. -->
<mvc:view-controller path="/error" view-name="error" />
</beans>

50
openid-connect-server-webapp/src/main/webapp/WEB-INF/crypto-config.xml
View File

@ -1,50 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright 2017 The MIT Internet Trust Consortium
Portions copyright 2011-2013 The MITRE Corporation
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.3.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.3.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd">
<bean id="defaultKeyStore" class="org.mitre.jose.keystore.JWKSetKeyStore">
<property name="location" value="classpath:keystore.jwks" />
</bean>
<bean id="defaultsignerService" class="org.mitre.jwt.signer.service.impl.DefaultJWTSigningAndValidationService">
<constructor-arg name="keyStore" ref="defaultKeyStore" />
<property name="defaultSignerKeyId" value="rsa1" />
<property name="defaultSigningAlgorithmName" value="RS256" />
</bean>
<bean id="defaultEncryptionService" class="org.mitre.jwt.encryption.service.impl.DefaultJWTEncryptionAndDecryptionService">
<constructor-arg name="keyStore" ref="defaultKeyStore" />
<property name="defaultAlgorithm" value="RSA1_5" />
<property name="defaultDecryptionKeyId" value="rsa1" />
<property name="defaultEncryptionKeyId" value="rsa1" />
</bean>
</beans>

128
openid-connect-server-webapp/src/main/webapp/WEB-INF/data-context.xml
View File

@ -1,128 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright 2017 The MIT Internet Trust Consortium
Portions copyright 2011-2013 The MITRE Corporation
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:jdbc="http://www.springframework.org/schema/jdbc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
http://www.springframework.org/schema/jdbc http://www.springframework.org/schema/jdbc/spring-jdbc-4.3.xsd">
<bean id="dataSource" class="com.zaxxer.hikari.HikariDataSource" destroy-method="close">
<property name="driverClassName" value="org.hsqldb.jdbcDriver" />
<property name="jdbcUrl" value="jdbc:hsqldb:mem:oic;sql.syntax_mys=true" />
<!-- <property name="jdbcUrl" value="jdbc:hsqldb:file:/tmp/oic;sql.syntax_mys=true" /> -->
<property name="username" value="oic" />
<property name="password" value="oic" />
</bean>
<!-- Use the following to set up the OIC tables in the in-memory DB
If you are using a file based HSQLDB you should not run this every time. -->
<jdbc:initialize-database data-source="dataSource">
<jdbc:script location="classpath:/db/hsql/hsql_database_tables.sql"/>
<!-- The following file is for the jdbc-user-service spring security implementation -->
<jdbc:script location="classpath:/db/hsql/security-schema.sql"/>
<!-- The following files are for safely bootstrapping users and clients into the database -->
<jdbc:script location="classpath:/db/hsql/loading_temp_tables.sql"/>
<jdbc:script location="classpath:/db/hsql/users.sql"/>
<jdbc:script location="classpath:/db/hsql/clients.sql"/>
<jdbc:script location="classpath:/db/hsql/scopes.sql"/>
</jdbc:initialize-database>
<bean id="jpaAdapter" class="org.springframework.orm.jpa.vendor.EclipseLinkJpaVendorAdapter">
<property name="databasePlatform" value="org.eclipse.persistence.platform.database.HSQLPlatform" />
<property name="showSql" value="true" />
</bean>
<!-- The following is for connecting to a MySQL database that has been initialized with
src/main/resources/db/mysql/mysql_database_tables.sql -->
<!-- <bean id="dataSource" class="com.zaxxer.hikari.HikariDataSource" destroy-method="close"> -->
<!-- <property name="driverClassName" value="com.mysql.jdbc.Driver" /> -->
<!-- <property name="jdbcUrl" value="jdbc:mysql://127.0.0.1:3306/oic" /> -->
<!-- <property name="username" value="oic" /> -->
<!-- <property name="password" value="oic" /> -->
<!-- </bean> -->
<!-- <bean id="jpaAdapter" class="org.springframework.orm.jpa.vendor.EclipseLinkJpaVendorAdapter"> -->
<!-- <property name="databasePlatform" value="org.eclipse.persistence.platform.database.MySQLPlatform" /> -->
<!-- <property name="showSql" value="true" /> -->
<!-- </bean> -->
<!-- You can optionally initialize the database with test values here,
but this is not recommended for real systems -->
<!-- <jdbc:initialize-database data-source="dataSource"> -->
<!-- <jdbc:script location="classpath:/db/tables/mysql_database_tables.sql"/> -->
<!-- <jdbc:script location="classpath:/db/tables/security-schema.sql"/> -->
<!-- <jdbc:script location="classpath:/db/tables/loading_temp_tables.sql"/> -->
<!-- <jdbc:script location="classpath:/db/mysql/users.sql"/> -->
<!-- <jdbc:script location="classpath:/db/mysql/clients.sql"/> -->
<!-- <jdbc:script location="classpath:/db/mysql/scopes.sql"/> -->
<!-- </jdbc:initialize-database> -->
<!-- The following is for connecting to a PostgreSQL database that has been initialized with
src/main/resources/db/psql/psql_database_tables.sql -->
<!--
<bean id="dataSource" class="com.zaxxer.hikari.HikariDataSource" destroy-method="close">
<property name="driverClassName" value="org.postgresql.Driver" />
<property name="jdbcUrl" value="jdbc:postgresql://localhost/oic" />
<property name="username" value="oic" />
<property name="password" value="oic" />
</bean>
<bean id="jpaAdapter" class="org.springframework.orm.jpa.vendor.EclipseLinkJpaVendorAdapter">
<property name="databasePlatform" value="org.eclipse.persistence.platform.database.PostgreSQLPlatform" />
<property name="showSql" value="true" />
</bean>
-->
<!-- You can optionally initialize the database with test values here,
but this is not recommended for real systems -->
<!-- <jdbc:initialize-database data-source="dataSource"> -->
<!-- <jdbc:script location="classpath:/db/psql/psql_database_tables.sql"/> -->
<!-- <jdbc:script location="classpath:/db/psql/security-schema.sql"/> -->
<!-- <jdbc:script location="classpath:/db/psql/loading_temp_tables.sql"/> -->
<!-- <jdbc:script location="classpath:/db/psql/users.sql"/> -->
<!-- <jdbc:script location="classpath:/db/psql/clients.sql"/> -->
<!-- <jdbc:script location="classpath:/db/psql/scopes.sql"/> -->
<!-- </jdbc:initialize-database> -->
<!-- The following is for connecting to a Oracle database that has been initialized with
src/main/resources/db/oracle/oracle_database_tables.sql -->
<!--<bean id="dataSource" class="com.zaxxer.hikari.HikariDataSource" destroy-method="close">
<property name="driverClassName" value="oracle.jdbc.driver.OracleDriver" />
<property name="jdbcUrl" value="jdbc:oracle:thin:@localhost:1521:XE" />
<property name="username" value="oic" />
<property name="password" value="oic" />
</bean>-->
<!--<bean id="jpaAdapter" class="org.springframework.orm.jpa.vendor.EclipseLinkJpaVendorAdapter">
<property name="databasePlatform" value="org.eclipse.persistence.platform.database.OraclePlatform" />
<property name="showSql" value="true" />
</bean>-->
<!-- Use the following to set up the OIC tables in the Oracle DB
Below scripts are intended to be run once at startup. -->
<!--<jdbc:initialize-database data-source="dataSource">
<jdbc:script location="classpath:/db/oracle/oracle_database_tables.sql"/>
<jdbc:script location="classpath:/db/oracle/security-schema_oracle.sql"/>
<jdbc:script location="classpath:/db/oracle/loading_temp_tables_oracle.sql"/>
<jdbc:script location="classpath:/db/oracle/users_oracle.sql"/>
<jdbc:script location="classpath:/db/oracle/clients_oracle.sql"/>
<jdbc:script location="classpath:/db/oracle/scopes_oracle.sql"/>
</jdbc:initialize-database>-->
</beans>

34
openid-connect-server-webapp/src/main/webapp/WEB-INF/endpoint-config.xml
View File

@ -1,34 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright 2017 The MIT Internet Trust Consortium
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.3.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.3.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd">
<!-- This file allows you to define additional endpoints, it's normally empty in the OIDC server and has entries in the UMA server -->
</beans>

55
openid-connect-server-webapp/src/main/webapp/WEB-INF/jpa-config.xml
View File

@ -1,55 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright 2017 The MIT Internet Trust Consortium
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.3.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.3.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd">
<bean id="transactionManager" class="org.springframework.orm.jpa.JpaTransactionManager">
<property name="entityManagerFactory" ref="entityManagerFactory" />
<qualifier value="defaultTransactionManager" />
</bean>
<bean id="entityManagerFactory" class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
<property name="packagesToScan" value="org.mitre" />
<property name="persistenceProviderClass" value="org.eclipse.persistence.jpa.PersistenceProvider" />
<property name="dataSource" ref="dataSource" />
<property name="jpaVendorAdapter" ref="jpaAdapter" />
<property name="jpaPropertyMap">
<map>
<entry key="eclipselink.weaving" value="false" />
<entry key="eclipselink.logging.level" value="INFO" />
<entry key="eclipselink.logging.level.sql" value="INFO" />
<entry key="eclipselink.cache.shared.default" value="false" />
</map>
</property>
<property name="persistenceUnitName" value="defaultPersistenceUnit" />
<!-- uncomment for Oracle -->
<!--<property name="mappingResources" value="db/oracle/entity-mappings_oracle.xml" />-->
</bean>
</beans>

36
openid-connect-server-webapp/src/main/webapp/WEB-INF/local-config.xml
View File

@ -1,36 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright 2017 The MIT Internet Trust Consortium
Portions copyright 2011-2013 The MITRE Corporation
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.3.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.3.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd">
<!-- Empty: Override this file in your local project to change configuration options. -->
</beans>

29
openid-connect-server-webapp/src/main/webapp/WEB-INF/locale-config.xml
View File

@ -1,29 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright 2017 The MIT Internet Trust Consortium
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
<bean id="messageSource" class="org.mitre.openid.connect.config.JsonMessageSource">
<property name="baseDirectory" value="/resources/js/locale/" />
<property name="useCodeAsDefaultMessage" value="true" />
</bean>
<bean id="localeResolver" class="org.mitre.openid.connect.config.ConfigurationBeanLocaleResolver" />
</beans>

73
openid-connect-server-webapp/src/main/webapp/WEB-INF/server-config.xml
View File

@ -1,73 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright 2017 The MIT Internet Trust Consortium
Portions copyright 2011-2013 The MITRE Corporation
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.3.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.3.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd">
<bean id="configBean" class="org.mitre.openid.connect.config.ConfigurationPropertiesBean">
<!-- This property sets the root URL of the server, known as the issuer -->
<property name="issuer" value="http://localhost:8080/openid-connect-server-webapp/" />
<!-- This property is a URL pointing to a logo image 24px high to be used in the top bar -->
<property name="logoImageUrl" value="resources/images/openid_connect_small.png" />
<!-- This property sets the display name of the server, displayed in the topbar and page title -->
<property name="topbarTitle" value="OpenID Connect Server" />
<!-- This property sets the lifetime of registration access tokens, in seconds. Leave it unset (null) for no rotation. -->
<!-- <property name="regTokenLifeTime" value="172800" /> -->
<!-- This property forces the issuer value to start with "https", recommended on production servers -->
<!-- <property name="forceHttps" value="true" /> -->
<!-- This property sets the locale for server text -->
<!-- <property name="locale" value="sv" /> -->
<!-- This property sets the set of namespaces for language translation files. The default is "messages". These are checked in the order presented here. -->
<!--
<property name="languageNamespaces">
<list>
<value>foo</value>
<value>bar</value>
<value>messages</value>
</list>
</property>
-->
<!-- This property indicates if a dynamically registered client supports dual flows, such as client_credentials
at the same time with authorization_code or implicit -->
<!-- <property name="dualClient" value="true" /> -->
<!-- This property turns on HEART compliance mode -->
<!-- <property name="heartMode" value="true" /> -->
</bean>
</beans>

37
openid-connect-server-webapp/src/main/webapp/WEB-INF/spring-servlet.xml
View File

@ -1,37 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright 2017 The MIT Internet Trust Consortium
Portions copyright 2011-2013 The MITRE Corporation
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.3.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.3.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd">
<!-- This file has been left blank -->
<!-- Feel free to override this by using a maven overlay. -->
<!-- see: https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/wiki/Maven-Overlay-Project-How-To/ -->
</beans>

20
openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/actionmenu.tag
View File

@ -1,20 +0,0 @@
<%@ tag language="java" pageEncoding="UTF-8"%>
<%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%>
<%@ taglib prefix="security"
uri="http://www.springframework.org/security/tags"%>
<security:authorize access="hasRole('ROLE_ADMIN')">
<li class="nav-header"><spring:message code="sidebar.administrative.title"/></li>
<li><a href="manage/#admin/clients" data-toggle="collapse" data-target=".nav-collapse"><spring:message code="sidebar.administrative.manage_clients"/></a></li>
<li><a href="manage/#admin/whitelists" data-toggle="collapse" data-target=".nav-collapse"><spring:message code="sidebar.administrative.whitelisted_clients"/></a></li>
<li><a href="manage/#admin/blacklist" data-toggle="collapse" data-target=".nav-collapse"><spring:message code="sidebar.administrative.blacklisted_clients"/></a></li>
<li><a href="manage/#admin/scope" data-toggle="collapse" data-target=".nav-collapse"><spring:message code="sidebar.administrative.system_scopes"/></a></li>
<li class="divider"></li>
</security:authorize>
<li class="nav-header"><spring:message code="sidebar.personal.title"/></li>
<li><a href="manage/#user/approved" data-toggle="collapse" data-target=".nav-collapse"><spring:message code="sidebar.personal.approved_sites"/></a></li>
<li><a href="manage/#user/tokens" data-toggle="collapse" data-target=".nav-collapse"><spring:message code="sidebar.personal.active_tokens"/></a></li>
<li><a href="manage/#user/profile" data-toggle="collapse" data-target=".nav-collapse"><spring:message code="sidebar.personal.profile_information"/></a></li>
<li class="divider"></li>
<li class="nav-header"><spring:message code="sidebar.developer.title"/></li>
<li><a href="manage/#dev/dynreg" data-toggle="collapse" data-target=".nav-collapse"><spring:message code="sidebar.developer.client_registration"/></a><li>
<li><a href="manage/#dev/resource" data-toggle="collapse" data-target=".nav-collapse"><spring:message code="sidebar.developer.resource_registration"/></a><li>

4
openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/copyright.tag
View File

@ -1,4 +0,0 @@
<%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<c:if test="${ config.heartMode }"><span class="pull-left"><img src="resources/images/heart_mode.png" alt="HEART Mode" title="This server is running in HEART Compliance Mode" /></span> </c:if>
<spring:message code="copyright" arguments="${project.version}"/>

45
openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/footer.tag
View File

@ -1,45 +0,0 @@
<%@ attribute name="js" required="false"%>
<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="o" tagdir="/WEB-INF/tags"%>
<div id="push"></div>
</div>
<!-- end #wrap -->
<div id="footer">
<div class="container">
<p class="muted credit">
<o:copyright />
</p>
</div>
</div>
<!-- javascript
================================================== -->
<!-- Placed at the end of the document so the pages load faster -->
<script type="text/javascript" src="resources/bootstrap2/js/bootstrap.js"></script>
<script type="text/javascript" src="resources/js/lib/underscore.js"></script>
<script type="text/javascript" src="resources/js/lib/backbone.js"></script>
<script type="text/javascript" src="resources/js/lib/purl.js"></script>
<script type="text/javascript" src="resources/js/lib/bootstrapx-clickover.js"></script>
<script type="text/javascript" src="resources/js/lib/bootstrap-sheet.js"></script>
<script type="text/javascript" src="resources/js/lib/bootpag.js"></script>
<script type="text/javascript" src="resources/js/lib/retina.js"></script>
<c:if test="${js != null && js != ''}">
<script type="text/javascript">
// set up a global variable for UI components to hang extensions off of
var ui = {
templates: ["resources/template/admin.html"], // template files to load for UI
routes: [], // routes to add to the UI {path: URI to map to, name: unique name for internal use, callback: function to call when route is activated}
init: [] // functions to call after initialization is complete
};
</script>
<c:forEach var="file" items="${ ui.jsFiles }">
<script type="text/javascript" src="<c:out value="${ file }" />" ></script>
</c:forEach>
<script type="text/javascript" src="resources/js/admin.js"></script>
</c:if>
<div id="templates" class="hide"></div>
</body>
</html>

86
openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/header.tag
View File

@ -1,86 +0,0 @@
<%@attribute name="title" required="false"%>
<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%>
<%@ tag import="com.google.gson.Gson" %>
<!DOCTYPE html>
<html lang="${pageContext.response.locale}">
<head>
<base href="${config.issuer}">
<meta charset="utf-8">
<title>${config.topbarTitle} - ${title}</title>
<meta name="viewport" content="width=device-width, initial-scale=1.0">
<meta name="description" content="">
<meta name="author" content="">
<!-- stylesheets -->
<link href="resources/bootstrap2/css/bootstrap.css" rel="stylesheet">
<link href="resources/css/bootstrap-sheet.css" rel="stylesheet">
<link href="resources/css/mitreid-connect.css" rel="stylesheet">
<link href="resources/css/mitreid-connect-local.css" rel="stylesheet">
<link href="resources/bootstrap2/css/bootstrap-responsive.css" rel="stylesheet">
<link href="resources/css/mitreid-connect-responsive.css" rel="stylesheet">
<link href="resources/css/mitreid-connect-responsive-local.css" rel="stylesheet">
<!-- HTML5 shim, for IE6-8 support of HTML5 elements -->
<!--[if lt IE 9]>
<script src="resources/js/lib/html5.js"></script>
<![endif]-->
<!-- favico -->
<link rel="shortcut icon" href="resources/images/mitreid-connect.ico">
<!-- Load jQuery up here so that we can use in-page functions -->
<script type="text/javascript" src="resources/js/lib/jquery.js"></script>
<script type="text/javascript" charset="UTF-8" src="resources/js/lib/moment-with-locales.js"></script>
<script type="text/javascript" src="resources/js/lib/i18next.js"></script>
<script type="text/javascript">
$.i18n.init({
fallbackLng: "en",
lng: "${config.locale}",
resGetPath: "resources/js/locale/__lng__/__ns__.json",
ns: {
namespaces: ${config.languageNamespacesString},
defaultNs: '${config.defaultLanguageNamespace}'
},
fallbackNS: ${config.languageNamespacesString}
});
moment.locale("${config.locale}");
// safely set the title of the application
function setPageTitle(title) {
document.title = "${config.topbarTitle} - " + title;
}
// get the info of the current user, if available (null otherwise)
function getUserInfo() {
return ${userInfoJson};
}
// get the authorities of the current user, if available (null otherwise)
function getUserAuthorities() {
return ${userAuthorities};
}
// is the current user an admin?
// NOTE: this is just for
function isAdmin() {
var auth = getUserAuthorities();
if (auth && _.contains(auth, "ROLE_ADMIN")) {
return true;
} else {
return false;
}
}
var heartMode = ${config.heartMode};
</script>
</head>
<body>
<div id="wrap">
<!-- Start body -->

39
openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/navmenu.tag
View File

@ -1,39 +0,0 @@
<%@attribute name="pageName"%>
<%@ tag language="java" pageEncoding="UTF-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%>
<%@ taglib prefix="security"
uri="http://www.springframework.org/security/tags"%>
<c:choose>
<c:when test="${pageName == 'Home'}">
<li class="active"><a href="" data-toggle="collapse" data-target=".nav-collapse"><spring:message code="topbar.home"/></a></li>
</c:when>
<c:otherwise>
<li><a href="" data-toggle="collapse" data-target=".nav-collapse"><spring:message code="topbar.home"/></a></li>
</c:otherwise>
</c:choose>
<c:choose>
<c:when test="${pageName == 'About'}">
<li class="active" data-toggle="collapse" data-target=".nav-collapse"><a href=""><spring:message code="topbar.about"/></a></li>
</c:when>
<c:otherwise>
<li><a href="about" data-toggle="collapse" data-target=".nav-collapse"><spring:message code="topbar.about"/></a></li>
</c:otherwise>
</c:choose>
<c:choose>
<c:when test="${pageName == 'Statistics'}">
<li class="active" data-toggle="collapse" data-target=".nav-collapse"><a href=""><spring:message code="topbar.statistics"/></a></li>
</c:when>
<c:otherwise>
<li><a href="stats" data-toggle="collapse" data-target=".nav-collapse"><spring:message code="topbar.statistics"/></a></li>
</c:otherwise>
</c:choose>
<c:choose>
<c:when test="${pageName == 'Contact'}">
<li class="active" data-toggle="collapse" data-target=".nav-collapse"><a href=""><spring:message code="topbar.contact"/></a></li>
</c:when>
<c:otherwise>
<li><a href="contact" data-toggle="collapse" data-target=".nav-collapse"><spring:message code="topbar.contact"/></a></li>
</c:otherwise>
</c:choose>

18
openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/sidebar.tag
View File

@ -1,18 +0,0 @@
<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags"%>
<%@ taglib prefix="o" tagdir="/WEB-INF/tags"%>
<security:authorize access="hasRole('ROLE_USER')">
<div class="span2 visible-desktop">
<div class="well sidebar-nav">
<ul class="nav nav-list">
<o:actionmenu />
</ul>
</div><!--/.well -->
</div><!--/span-->
</security:authorize>
<security:authorize access="!hasRole('ROLE_USER')">
<div class="span1">
<!-- placeholder for non-logged-in users -->
</div><!--/span-->
</security:authorize>

107
openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/topbar.tag
View File

@ -1,107 +0,0 @@
<%@attribute name="pageName" required="false"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags"%>
<%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%>
<%@ taglib prefix="o" tagdir="/WEB-INF/tags"%>
<c:choose>
<c:when test="${ not empty userInfo.preferredUsername }">
<c:set var="shortName" value="${ userInfo.preferredUsername }" />
</c:when>
<c:otherwise>
<c:set var="shortName" value="${ userInfo.sub }" />
</c:otherwise>
</c:choose>
<c:choose>
<c:when test="${ not empty userInfo.name }">
<c:set var="longName" value="${ userInfo.name }" />
</c:when>
<c:otherwise>
<c:choose>
<c:when test="${ not empty userInfo.givenName || not empty userInfo.familyName }">
<c:set var="longName" value="${ userInfo.givenName } ${ userInfo.familyName }" />
</c:when>
<c:otherwise>
<c:set var="longName" value="${ shortName }" />
</c:otherwise>
</c:choose>
</c:otherwise>
</c:choose>
<div class="navbar navbar-fixed-top">
<div class="navbar-inner">
<div class="container">
<button class="btn btn-navbar" data-toggle="collapse" data-target=".nav-collapse">
<span class="icon-bar"></span>
<span class="icon-bar"></span>
<span class="icon-bar"></span>
</button>
<a class="brand" href="">
<img src="${ config.logoImageUrl }" />
<span>
<span class="visible-phone">${config.shortTopbarTitle}</span>
<span class="hidden-phone">${config.topbarTitle}</span>
</span>
</a>
<c:if test="${ not empty pageName }">
<div class="nav-collapse collapse">
<ul class="nav">
<o:navmenu pageName="${ pageName }" />
</ul>
<security:authorize access="hasRole('ROLE_USER')">
<ul class="nav hidden-desktop">
<o:actionmenu />
</ul>
</security:authorize>
<!-- use a full user menu and button when not collapsed -->
<ul class="nav pull-right visible-desktop">
<security:authorize access="hasRole('ROLE_USER')">
<li class="dropdown">
<a id="userButton" class="dropdown-toggle" data-toggle="dropdown" href=""><i class="icon-user icon-white"></i> ${ shortName } <span class="caret"></span></a>
<ul class="dropdown-menu pull-right">
<li><a href="manage/#user/profile" data-toggle="collapse" data-target=".nav-collapse">${ longName }</a></li>
<li class="divider"></li>
<li><a href="" data-toggle="collapse" data-target=".nav-collapse" class="logoutLink"><i class="icon-remove"></i> <spring:message code="topbar.logout"/></a></li>
</ul>
</li>
</security:authorize>
<security:authorize access="!hasRole('ROLE_USER')">
<li>
<a id="loginButton" href="login" data-toggle="collapse" data-target=".nav-collapse"><i class="icon-lock icon-white"></i> <spring:message code="topbar.login"/></a>
</li>
</security:authorize>
</ul>
<!-- use a simplified user button system when collapsed -->
<ul class="nav hidden-desktop">
<security:authorize access="hasRole('ROLE_USER')">
<li><a href="manage/#user/profile">${ longName }</a></li>
<li class="divider"></li>
<li><a href="" class="logoutLink"><i class="icon-remove"></i> <spring:message code="topbar.logout"/></a></li>
</security:authorize>
<security:authorize access="!hasRole('ROLE_USER')">
<li>
<a href="login" data-toggle="collapse" data-target=".nav-collapse"><i class="icon-lock"></i> <spring:message code="topbar.login"/></a>
</li>
</security:authorize>
</ul>
<form action="${ config.issuer }${ config.issuer.endsWith('/') ? '' : '/' }logout" method="POST" class="hidden" id="logoutForm">
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
</form>
</div><!--/.nav-collapse -->
</c:if>
</div>
</div>
</div>
<script type="text/javascript">
$(document).ready(function() {
$('.logoutLink').on('click', function(e) {
e.preventDefault();
$('#logoutForm').submit();
});
});
</script>

38
openid-connect-server-webapp/src/main/webapp/WEB-INF/task-config.xml
View File

@ -1,38 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright 2017 The MIT Internet Trust Consortium
Portions copyright 2011-2013 The MITRE Corporation
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:task="http://www.springframework.org/schema/task"
xsi:schemaLocation="http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task-4.3.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd">
<!-- Configuration for scheduled tasks -->
<task:scheduler id="taskScheduler" pool-size="10" />
<task:executor id="taskExecutor" pool-size="5" />
<task:annotation-driven scheduler="taskScheduler" executor="taskExecutor" />
<!-- Schedule the token service and approved site service to clear out expired tokens and sites every 5 minutes -->
<task:scheduled-tasks scheduler="taskScheduler">
<task:scheduled ref="defaultOAuth2ProviderTokenService" method="clearExpiredTokens" fixed-delay="300000" initial-delay="600000"/>
<task:scheduled ref="defaultApprovedSiteService" method="clearExpiredSites" fixed-delay="300000" initial-delay="600000"/>
<task:scheduled ref="defaultOAuth2AuthorizationCodeService" method="clearExpiredAuthorizationCodes" fixed-delay="300000" initial-delay="600000"/>
<task:scheduled ref="defaultDeviceCodeService" method="clearExpiredDeviceCodes" fixed-delay="300000" initial-delay="600000"/>
</task:scheduled-tasks>
</beans>

52
openid-connect-server-webapp/src/main/webapp/WEB-INF/ui-config.xml
View File

@ -1,52 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright 2017 The MIT Internet Trust Consortium
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.3.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.3.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd">
<!-- This file allows you to define components to the UI -->
<bean class="org.mitre.openid.connect.config.UIConfiguration" id="uiConfiguration">
<property name="jsFiles">
<set>
<value>resources/js/client.js</value>
<value>resources/js/grant.js</value>
<value>resources/js/scope.js</value>
<value>resources/js/whitelist.js</value>
<value>resources/js/dynreg.js</value>
<value>resources/js/rsreg.js</value>
<value>resources/js/token.js</value>
<value>resources/js/blacklist.js</value>
<value>resources/js/profile.js</value>
</set>
</property>
</bean>
</beans>

57
openid-connect-server-webapp/src/main/webapp/WEB-INF/user-context.xml
View File

@ -1,57 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright 2017 The MIT Internet Trust Consortium
Portions copyright 2011-2013 The MITRE Corporation
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:security="http://www.springframework.org/schema/security"
xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.3.xsd
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.3.xsd
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd">
<security:authentication-manager id="authenticationManager">
<security:authentication-provider>
<security:jdbc-user-service data-source-ref="dataSource"/>
</security:authentication-provider>
</security:authentication-manager>
<mvc:view-controller path="/login" view-name="login" />
<security:http authentication-manager-ref="authenticationManager">
<security:intercept-url pattern="/authorize" access="hasRole('ROLE_USER')" />
<security:intercept-url pattern="/**" access="permitAll" />
<security:form-login login-page="/login" authentication-failure-url="/login?error=failure" authentication-success-handler-ref="authenticationTimeStamper" />
<security:custom-filter ref="authRequestFilter" after="SECURITY_CONTEXT_FILTER" />
<security:logout logout-url="/logout" />
<security:anonymous />
<security:expression-handler ref="oauthWebExpressionHandler" />
<security:headers>
<security:frame-options policy="DENY" />
</security:headers>
<security:csrf />
</security:http>
</beans>

29
openid-connect-server-webapp/src/main/webapp/WEB-INF/views/about.jsp
View File

@ -1,29 +0,0 @@
<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<%@ taglib prefix="o" tagdir="/WEB-INF/tags"%>
<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags"%>
<%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%>
<!-- TODO: highlight proper section of topbar; what is the right way to do this? -->
<spring:message code="about.title" var="title"/>
<o:header title="${title}"/>
<o:topbar pageName="About"/>
<div class="container-fluid main">
<div class="row-fluid">
<o:sidebar />
<div class="span10">
<!-- Main hero unit for a primary marketing message or call to action -->
<div class="hero-unit">
<h2><spring:message code="about.title"/></h2>
<p>
<spring:message code="about.body"/>
</p>
</div>
</div>
</div>
</div>
<o:footer/>

320
openid-connect-server-webapp/src/main/webapp/WEB-INF/views/approve.jsp
View File

@ -1,320 +0,0 @@
<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
<%@ page import="org.springframework.security.core.AuthenticationException"%>
<%@ page import="org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException"%>
<%@ page import="org.springframework.security.web.WebAttributes"%>
<%@ taglib prefix="authz" uri="http://www.springframework.org/security/tags"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%>
<%@ taglib prefix="o" tagdir="/WEB-INF/tags"%>
<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
<%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%>
<spring:message code="approve.title" var="title"/>
<o:header title="${title}"/>
<o:topbar pageName="Approve" />
<div class="container main">
<% if (session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION) != null && !(session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION) instanceof UnapprovedClientAuthenticationException)) { %>
<div class="alert-message error">
<a href="#" class="close">&times;</a>
<p><strong><spring:message code="approve.error.not_granted"/></strong>
(<%= ((AuthenticationException) session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION)).getMessage() %>)
</p>
</div>
<% } %>
<c:remove scope="session" var="SPRING_SECURITY_LAST_EXCEPTION" />
<div class="well" style="text-align: center">
<h1><spring:message code="approve.required_for"/>&nbsp;
<c:choose>
<c:when test="${empty client.clientName}">
<em><c:out value="${client.clientId}" /></em>
</c:when>
<c:otherwise>
<em><c:out value="${client.clientName}" /></em>
</c:otherwise>
</c:choose>
</h1>
<form name="confirmationForm"
action="${pageContext.request.contextPath.endsWith('/') ? pageContext.request.contextPath : pageContext.request.contextPath.concat('/') }authorize" method="post">
<div class="row">
<div class="span5 offset1 well-small" style="text-align: left">
<c:if test="${ client.dynamicallyRegistered }">
<c:choose>
<c:when test="${ gras }">
<!-- client is "generally recognized as safe, display a more muted block -->
<div>
<p class="alert alert-info">
<i class="icon-globe"></i>
<spring:message code="approve.dynamically_registered"/>
</p>
</div>
</c:when>
<c:otherwise>
<!-- client is dynamically registered -->
<div class="alert alert-block <c:out value="${ count eq 0 ? 'alert-error' : 'alert-warn' }" />">
<h4>
<i class="icon-globe"></i> <spring:message code="approve.caution.title"/>:
</h4>
<p>
<spring:message code="approve.dynamically_registered" arguments="${ client.createdAt }"/>
</p>
<p>
<c:choose>
<c:when test="${count == 0}">
<spring:message code="approve.caution.message.none" arguments="${count}"/>
</c:when>
<c:when test="${count == 1}">
<spring:message code="approve.caution.message.singular" arguments="${count}"/>
</c:when>
<c:otherwise>
<spring:message code="approve.caution.message.plural" arguments="${count}"/>
</c:otherwise>
</c:choose>
</p>
</div>
</c:otherwise>
</c:choose>
</c:if>
<c:if test="${ not empty client.logoUri }">
<ul class="thumbnails">
<li class="span5">
<a class="thumbnail" data-toggle="modal" data-target="#logoModal"><img src="api/clients/${ client.id }/logo" /></a>
</li>
</ul>
<!-- Modal -->
<div id="logoModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="logoModalLabel" aria-hidden="true">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button>
<h3 id="logoModalLabel">
<c:choose>
<c:when test="${empty client.clientName}">
<em><c:out value="${client.clientId}" /></em>
</c:when>
<c:otherwise>
<em><c:out value="${client.clientName}" /></em>
</c:otherwise>
</c:choose>
</h3>
</div>
<div class="modal-body">
<img src="api/clients/${ client.id }/logo" />
<c:if test="${ not empty client.clientUri }">
<a href="<c:out value="${ client.clientUri }" />"><c:out value="${ client.clientUri }" /></a>
</c:if>
</div>
<div class="modal-footer">
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</div>
</c:if>
<c:if test="${ (not empty client.clientDescription) || (not empty client.clientUri) || (not empty client.policyUri) || (not empty client.tosUri) || (not empty contacts) }">
<div class="muted moreInformationContainer">
<c:out value="${client.clientDescription}" />
<c:if test="${ (not empty client.clientUri) || (not empty client.policyUri) || (not empty client.tosUri) || (not empty contacts) }">
<div id="toggleMoreInformation" style="cursor: pointer;">
<small><i class="icon-chevron-right"></i> <spring:message code="approve.more_information"/></small>
</div>
<div id="moreInformation" class="hide">
<ul>
<c:if test="${ not empty client.clientUri }">
<li><spring:message code="approve.home_page"/>: <a href="<c:out value="${ client.clientUri }" />"><c:out value="${ client.clientUri }" /></a></li>
</c:if>
<c:if test="${ not empty client.policyUri }">
<li><spring:message code="Policy"/>: <a href="<c:out value="${ client.policyUri }" />"><c:out value="${ client.policyUri }" /></a></li>
</c:if>
<c:if test="${ not empty client.tosUri }">
<li><spring:message code="approve.terms"/>: <a href="<c:out value="${ client.tosUri }" />"><c:out value="${ client.tosUri }" /></a></li>
</c:if>
<c:if test="${ (not empty contacts) }">
<li><spring:message code="approve.contacts"/>: <c:out value="${ contacts }" /></li>
</c:if>
</ul>
</div>
</c:if>
</div>
</c:if>
<div>
<c:choose>
<c:when test="${ empty client.redirectUris }">
<div class="alert alert-block alert-error">
<h4>
<i class="icon-info-sign"></i> <spring:message code="approve.warning"/>:
</h4>
<spring:message code="approve.no_redirect_uri"/>
<spring:message code="approve.redirect_uri" arguments="${ fn:escapeXml(redirect_uri) }"/>
</div>
</c:when>
<c:otherwise>
<spring:message code="approve.redirect_uri" arguments="${ fn:escapeXml(redirect_uri) }" />
</c:otherwise>
</c:choose>
</div>
<c:if test="${ client.subjectType == 'PAIRWISE' }">
<div class="alert alert-success">
<spring:message code="approve.pairwise"/>
</div>
</c:if>
</div>
<div class="span4">
<fieldset style="text-align: left" class="well">
<legend style="margin-bottom: 0;"><spring:message code="approve.access_to"/>:</legend>
<c:if test="${ empty client.scope }">
<div class="alert alert-block alert-error">
<h4>
<i class="icon-info-sign"></i> <spring:message code="approve.warning"/>:
</h4>
<p>
<spring:message code="approve.no_scopes"/>
</p>
</div>
</c:if>
<c:forEach var="scope" items="${ scopes }">
<label for="scope_${ fn:escapeXml(scope.value) }" class="checkbox">
<input type="checkbox" name="scope_${ fn:escapeXml(scope.value) }" id="scope_${ fn:escapeXml(scope.value) }" value="${ fn:escapeXml(scope.value) }" checked="checked">
<c:if test="${ not empty scope.icon }">
<i class="icon-${ fn:escapeXml(scope.icon) }"></i>
</c:if>
<c:choose>
<c:when test="${ not empty scope.description }">
<c:out value="${ scope.description }" />
</c:when>
<c:otherwise>
<c:out value="${ scope.value }" />
</c:otherwise>
</c:choose>
<c:if test="${ not empty claims[scope.value] }">
<span class="claim-tooltip" data-toggle="popover"
data-html="true"
data-placement="right"
data-trigger="hover"
data-title="These values will be sent:"
data-content="<div style=&quot;text-align: left;&quot;>
<ul>
<c:forEach var="claim" items="${ claims[scope.value] }">
<li>
<b><c:out value="${ claim.key }" /></b>:
<c:out value="${ claim.value }" />
</li>
</c:forEach>
</ul>
</div>
"
>
<i class="icon-question-sign"></i>
</span>
</c:if>
</label>
</c:forEach>
</fieldset>
<fieldset style="text-align: left" class="well">
<legend style="margin-bottom: 0;"><spring:message code="approve.remember.title"/>:</legend>
<label for="remember-forever" class="radio">
<input type="radio" name="remember" id="remember-forever" value="until-revoked" ${ !consent ? 'checked="checked"' : '' }>
<spring:message code="approve.remember.until_revoke"/>
</label>
<label for="remember-hour" class="radio">
<input type="radio" name="remember" id="remember-hour" value="one-hour">
<spring:message code="approve.remember.one_hour"/>
</label>
<label for="remember-not" class="radio">
<input type="radio" name="remember" id="remember-not" value="none" ${ consent ? 'checked="checked"' : '' }>
<spring:message code="approve.remember.next_time"/>
</label>
</fieldset>
</div>
</div>
<div class="row">
<h3>
<spring:message code="approve.do_authorize"/>
"<c:choose>
<c:when test="${empty client.clientName}">
<c:out value="${client.clientId}" />
</c:when>
<c:otherwise>
<c:out value="${client.clientName}" />
</c:otherwise>
</c:choose>"?
</h3>
<spring:message code="approve.label.authorize" var="authorize_label"/>
<spring:message code="approve.label.deny" var="deny_label"/>
<input id="user_oauth_approval" name="user_oauth_approval" value="true" type="hidden" />
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
<input name="authorize" value="${authorize_label}" type="submit"
onclick="$('#user_oauth_approval').attr('value',true)" class="btn btn-success btn-large" />
&nbsp;
<input name="deny" value="${deny_label}" type="submit" onclick="$('#user_oauth_approval').attr('value',false)"
class="btn btn-secondary btn-large" />
</div>
</form>
</div>
</div>
<script type="text/javascript">
<!--
$(document).ready(function() {
$('.claim-tooltip').popover();
$('.claim-tooltip').on('click', function(e) {
e.preventDefault();
$(this).popover('show');
});
$(document).on('click', '#toggleMoreInformation', function(event) {
event.preventDefault();
if ($('#moreInformation').is(':visible')) {
// hide it
$('.moreInformationContainer', this.el).removeClass('alert').removeClass('alert-info').addClass('muted');
$('#moreInformation').hide('fast');
$('#toggleMoreInformation i').attr('class', 'icon-chevron-right');
} else {
// show it
$('.moreInformationContainer', this.el).addClass('alert').addClass('alert-info').removeClass('muted');
$('#moreInformation').show('fast');
$('#toggleMoreInformation i').attr('class', 'icon-chevron-down');
}
});
var creationDate = "<c:out value="${ client.createdAt }" />";
var displayCreationDate = $.t('approve.dynamically-registered-unkown');
var hoverCreationDate = "";
if (creationDate != null && moment(creationDate).isValid()) {
creationDate = moment(creationDate);
if (moment().diff(creationDate, 'months') < 6) {
displayCreationDate = creationDate.fromNow();
} else {
displayCreationDate = "on " + creationDate.format("LL");
}
hoverCreationDate = creationDate.format("LLL");
}
$('#registrationTime').html(displayCreationDate);
$('#registrationTime').attr('title', hoverCreationDate);
});
//-->
</script>
<o:footer/>

287
openid-connect-server-webapp/src/main/webapp/WEB-INF/views/approveDevice.jsp
View File

@ -1,287 +0,0 @@
<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
<%@ page import="org.springframework.security.core.AuthenticationException"%>
<%@ page import="org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException"%>
<%@ page import="org.springframework.security.web.WebAttributes"%>
<%@ taglib prefix="authz" uri="http://www.springframework.org/security/tags"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%>
<%@ taglib prefix="o" tagdir="/WEB-INF/tags"%>
<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
<%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%>
<spring:message code="approve.title" var="title"/>
<o:header title="${title}"/>
<o:topbar pageName="Approve" />
<div class="container main">
<% if (session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION) != null && !(session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION) instanceof UnapprovedClientAuthenticationException)) { %>
<div class="alert-message error">
<a href="#" class="close">&times;</a>
<p><strong><spring:message code="approve.error.not_granted"/></strong>
(<%= ((AuthenticationException) session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION)).getMessage() %>)
</p>
</div>
<% } %>
<c:remove scope="session" var="SPRING_SECURITY_LAST_EXCEPTION" />
<div class="well" style="text-align: center">
<h1><spring:message code="approve.required_for"/>&nbsp;
<c:choose>
<c:when test="${empty client.clientName}">
<em><c:out value="${client.clientId}" /></em>
</c:when>
<c:otherwise>
<em><c:out value="${client.clientName}" /></em>
</c:otherwise>
</c:choose>
</h1>
<form name="confirmationForm"
action="${pageContext.request.contextPath.endsWith('/') ? pageContext.request.contextPath : pageContext.request.contextPath.concat('/') }device/approve" method="post">
<div class="row">
<div class="span5 offset1 well-small" style="text-align: left">
<c:if test="${ client.dynamicallyRegistered }">
<c:choose>
<c:when test="${ gras }">
<!-- client is "generally recognized as safe, display a more muted block -->
<div>
<p class="alert alert-info">
<i class="icon-globe"></i>
<spring:message code="approve.dynamically_registered"/>
</p>
</div>
</c:when>
<c:otherwise>
<!-- client is dynamically registered -->
<div class="alert alert-block <c:out value="${ count eq 0 ? 'alert-error' : 'alert-warn' }" />">
<h4>
<i class="icon-globe"></i> <spring:message code="approve.caution.title"/>:
</h4>
<p>
<spring:message code="approve.dynamically_registered" arguments="${ client.createdAt }"/>
</p>
<p>
<c:choose>
<c:when test="${count == 0}">
<spring:message code="approve.caution.message.none" arguments="${count}"/>
</c:when>
<c:when test="${count == 1}">
<spring:message code="approve.caution.message.singular" arguments="${count}"/>
</c:when>
<c:otherwise>
<spring:message code="approve.caution.message.plural" arguments="${count}"/>
</c:otherwise>
</c:choose>
</p>
</div>
</c:otherwise>
</c:choose>
</c:if>
<c:if test="${ not empty client.logoUri }">
<ul class="thumbnails">
<li class="span5">
<a class="thumbnail" data-toggle="modal" data-target="#logoModal"><img src="api/clients/${ client.id }/logo" /></a>
</li>
</ul>
<!-- Modal -->
<div id="logoModal" class="modal hide fade" tabindex="-1" role="dialog" aria-labelledby="logoModalLabel" aria-hidden="true">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal" aria-hidden="true">&times;</button>
<h3 id="logoModalLabel">
<c:choose>
<c:when test="${empty client.clientName}">
<em><c:out value="${client.clientId}" /></em>
</c:when>
<c:otherwise>
<em><c:out value="${client.clientName}" /></em>
</c:otherwise>
</c:choose>
</h3>
</div>
<div class="modal-body">
<img src="api/clients/${ client.id }/logo" />
<c:if test="${ not empty client.clientUri }">
<a href="<c:out value="${ client.clientUri }" />"><c:out value="${ client.clientUri }" /></a>
</c:if>
</div>
<div class="modal-footer">
<button class="btn" data-dismiss="modal" aria-hidden="true">Close</button>
</div>
</div>
</c:if>
<c:if test="${ (not empty client.clientDescription) || (not empty client.clientUri) || (not empty client.policyUri) || (not empty client.tosUri) || (not empty contacts) }">
<div class="muted moreInformationContainer">
<c:out value="${client.clientDescription}" />
<c:if test="${ (not empty client.clientUri) || (not empty client.policyUri) || (not empty client.tosUri) || (not empty contacts) }">
<div id="toggleMoreInformation" style="cursor: pointer;">
<small><i class="icon-chevron-right"></i> <spring:message code="approve.more_information"/></small>
</div>
<div id="moreInformation" class="hide">
<ul>
<c:if test="${ not empty client.clientUri }">
<li><spring:message code="approve.home_page"/>: <a href="<c:out value="${ client.clientUri }" />"><c:out value="${ client.clientUri }" /></a></li>
</c:if>
<c:if test="${ not empty client.policyUri }">
<li><spring:message code="Policy"/>: <a href="<c:out value="${ client.policyUri }" />"><c:out value="${ client.policyUri }" /></a></li>
</c:if>
<c:if test="${ not empty client.tosUri }">
<li><spring:message code="approve.terms"/>: <a href="<c:out value="${ client.tosUri }" />"><c:out value="${ client.tosUri }" /></a></li>
</c:if>
<c:if test="${ (not empty contacts) }">
<li><spring:message code="approve.contacts"/>: <c:out value="${ contacts }" /></li>
</c:if>
</ul>
</div>
</c:if>
</div>
</c:if>
<c:if test="${ client.subjectType == 'PAIRWISE' }">
<div class="alert alert-success">
<spring:message code="approve.pairwise"/>
</div>
</c:if>
</div>
<div class="span4">
<fieldset style="text-align: left" class="well">
<legend style="margin-bottom: 0;"><spring:message code="approve.access_to"/>:</legend>
<c:if test="${ empty client.scope }">
<div class="alert alert-block alert-error">
<h4>
<i class="icon-info-sign"></i> <spring:message code="approve.warning"/>:
</h4>
<p>
<spring:message code="approve.no_scopes"/>
</p>
</div>
</c:if>
<ul>
<c:forEach var="scope" items="${ scopes }">
<li>
<c:if test="${ not empty scope.icon }">
<i class="icon-${ fn:escapeXml(scope.icon) }"></i>
</c:if>
<c:choose>
<c:when test="${ not empty scope.description }">
<c:out value="${ scope.description }" />
</c:when>
<c:otherwise>
<c:out value="${ scope.value }" />
</c:otherwise>
</c:choose>
<c:if test="${ not empty claims[scope.value] }">
<span class="claim-tooltip" data-toggle="popover"
data-html="true"
data-placement="right"
data-trigger="hover"
data-title="These values will be sent:"
data-content="<div style=&quot;text-align: left;&quot;>
<ul>
<c:forEach var="claim" items="${ claims[scope.value] }">
<li>
<b><c:out value="${ claim.key }" /></b>:
<c:out value="${ claim.value }" />
</li>
</c:forEach>
</ul>
</div>
"
>
<i class="icon-question-sign"></i>
</span>
</c:if>
</li>
</c:forEach>
</ul>
</fieldset>
</div>
</div>
<div class="row">
<h3>
<spring:message code="approve.do_authorize"/>
"<c:choose>
<c:when test="${empty client.clientName}">
<c:out value="${client.clientId}" />
</c:when>
<c:otherwise>
<c:out value="${client.clientName}" />
</c:otherwise>
</c:choose>"?
</h3>
<spring:message code="approve.label.authorize" var="authorize_label"/>
<spring:message code="approve.label.deny" var="deny_label"/>
<input id="user_oauth_approval" name="user_oauth_approval" value="true" type="hidden" />
<input type="hidden" name="user_code" value="${ dc.userCode }" />
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
<input name="authorize" value="${authorize_label}" type="submit"
onclick="$('#user_oauth_approval').attr('value',true)" class="btn btn-success btn-large" />
&nbsp;
<input name="deny" value="${deny_label}" type="submit" onclick="$('#user_oauth_approval').attr('value',false)"
class="btn btn-secondary btn-large" />
</div>
</form>
</div>
</div>
<script type="text/javascript">
<!--
$(document).ready(function() {
$('.claim-tooltip').popover();
$('.claim-tooltip').on('click', function(e) {
e.preventDefault();
$(this).popover('show');
});
$(document).on('click', '#toggleMoreInformation', function(event) {
event.preventDefault();
if ($('#moreInformation').is(':visible')) {
// hide it
$('.moreInformationContainer', this.el).removeClass('alert').removeClass('alert-info').addClass('muted');
$('#moreInformation').hide('fast');
$('#toggleMoreInformation i').attr('class', 'icon-chevron-right');
} else {
// show it
$('.moreInformationContainer', this.el).addClass('alert').addClass('alert-info').removeClass('muted');
$('#moreInformation').show('fast');
$('#toggleMoreInformation i').attr('class', 'icon-chevron-down');
}
});
var creationDate = "<c:out value="${ client.createdAt }" />";
var displayCreationDate = $.t('approve.dynamically-registered-unkown');
var hoverCreationDate = "";
if (creationDate != null && moment(creationDate).isValid()) {
creationDate = moment(creationDate);
if (moment().diff(creationDate, 'months') < 6) {
displayCreationDate = creationDate.fromNow();
} else {
displayCreationDate = "on " + creationDate.format("LL");
}
hoverCreationDate = creationDate.format("LLL");
}
$('#registrationTime').html(displayCreationDate);
$('#registrationTime').attr('title', hoverCreationDate);
});
//-->
</script>
<o:footer/>

29
openid-connect-server-webapp/src/main/webapp/WEB-INF/views/contact.jsp
View File

@ -1,29 +0,0 @@
<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<%@ taglib prefix="o" tagdir="/WEB-INF/tags"%>
<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags"%>
<%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%>
<!-- TODO: highlight proper section of topbar; what is the right way to do this? -->
<spring:message code="contact.title" var="title"/>
<o:header title="${title}"/>
<o:topbar pageName="Contact"/>
<div class="container-fluid main">
<div class="row-fluid">
<o:sidebar />
<div class="span10">
<div class="hero-unit">
<h2><spring:message code="contact.title"/></h2>
<p>
<spring:message code="contact.body"/>
</p>
</div>
</div>
</div>
</div>
<o:footer/>

39
openid-connect-server-webapp/src/main/webapp/WEB-INF/views/deviceApproved.jsp
View File

@ -1,39 +0,0 @@
<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
<%@ page import="org.springframework.security.core.AuthenticationException"%>
<%@ page import="org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException"%>
<%@ page import="org.springframework.security.web.WebAttributes"%>
<%@ taglib prefix="authz" uri="http://www.springframework.org/security/tags"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%>
<%@ taglib prefix="o" tagdir="/WEB-INF/tags"%>
<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
<%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%>
<spring:message code="approve.title" var="title"/>
<o:header title="${title}"/>
<o:topbar pageName="Approve" />
<div class="container main">
<div class="well" style="text-align: center">
<h1><c:choose>
<c:when test="${empty client.clientName}">
<em><c:out value="${client.clientId}" /></em>
</c:when>
<c:otherwise>
<em><c:out value="${client.clientName}" /></em>
</c:otherwise>
</c:choose>
</h1>
<c:choose>
<c:when test="${ approved }">
<div class="text-success"><i class="icon-ok"></i> <spring:message code="device.approve.approved" /></div>
</c:when>
<c:otherwise>
<div class="text-error"><i class="icon-remove"></i> <spring:message code="device.approve.notApproved" /></div>
</c:otherwise>
</c:choose>
</div>
</div>
<o:footer/>

48
openid-connect-server-webapp/src/main/webapp/WEB-INF/views/error.jsp
View File

@ -1,48 +0,0 @@
<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
<%@page import="org.springframework.http.HttpStatus"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<%@ taglib prefix="o" tagdir="/WEB-INF/tags"%>
<%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%>
<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags"%>
<%@page import="org.springframework.security.oauth2.common.exceptions.OAuth2Exception"%>
<%
if (request.getAttribute("error") != null && request.getAttribute("error") instanceof OAuth2Exception) {
request.setAttribute("errorCode", ((OAuth2Exception)request.getAttribute("error")).getOAuth2ErrorCode());
request.setAttribute("message", ((OAuth2Exception)request.getAttribute("error")).getMessage());
} else if (request.getAttribute("javax.servlet.error.exception") != null) {
Throwable t = (Throwable)request.getAttribute("javax.servlet.error.exception");
request.setAttribute("errorCode", t.getClass().getSimpleName() + " (" + request.getAttribute("javax.servlet.error.status_code") + ")");
request.setAttribute("message", t.getMessage());
} else if (request.getAttribute("javax.servlet.error.status_code") != null) {
Integer code = (Integer)request.getAttribute("javax.servlet.error.status_code");
HttpStatus status = HttpStatus.valueOf(code);
request.setAttribute("errorCode", status.toString() + " " + status.getReasonPhrase());
request.setAttribute("message", request.getAttribute("javax.servlet.error.message"));
} else {
request.setAttribute("errorCode", "Server error");
request.setAttribute("message", "See the logs for details");
}
%>
<spring:message code="error.title" var="title"/>
<o:header title="${title}" />
<o:topbar pageName="Error" />
<div class="container-fluid main">
<div class="row-fluid">
<div class="offset1 span10">
<div class="hero-unit">
<h1><span><spring:message code="error.header"/></span>
<span class="text-error"><c:out value="${ errorCode }" /></span>
</h1>
<p>
<spring:message code="error.message"/>
<blockquote class="text-error"><b><c:out value="${ message }" /></b></blockquote>
</p>
</div>
</div>
</div>
</div>
<o:footer />

81
openid-connect-server-webapp/src/main/webapp/WEB-INF/views/home.jsp
View File

@ -1,81 +0,0 @@
<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<%@ taglib prefix="o" tagdir="/WEB-INF/tags"%>
<%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%>
<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags"%>
<spring:message code="home.title" var="title"/>
<o:header title="${title}" />
<o:topbar pageName="Home" />
<div class="container-fluid main">
<div class="row-fluid">
<o:sidebar />
<div class="span10">
<div class="hero-unit">
<div class="row-fluid">
<div class="span2 visible-desktop"><img src="resources/images/openid_connect_large.png"/></div>
<div class="span10">
<h1><spring:message code="home.welcome.title"/></h1>
<p><spring:message code="home.welcome.body"/></p>
</div>
</div>
</div>
<!-- Example row of columns -->
<div class="row-fluid">
<div class="span6">
<h2><spring:message code="home.about.title"/></h2>
<p><spring:message code="home.about.body"/></p>
<p><a class="btn" href="http://github.com/mitreid-connect/"><spring:message code="home.more"/> &raquo;</a></p>
</div>
<div class="span6">
<h2><spring:message code="home.contact.title"/></h2>
<p>
<spring:message code="home.contact.body"/>
</p>
</div>
</div>
<hr>
<!-- Example row of columns -->
<div class="row-fluid">
<div class="span12">
<h2><spring:message code="home.statistics.title"/></h2>
<p id="statsloader" class="muted"><spring:message code="home.statistics.loading"/></p>
<p id="stats">
<spring:message code="home.statistics.number_users" arguments="?"/>
<spring:message code="home.statistics.number_clients" arguments="?"/>
<spring:message code="home.statistics.number_approvals" arguments="?"/>
</p>
</div>
</div>
</div>
</div>
</div>
<script type="text/javascript">
// load stats dynamically to make main page render faster
$(document).ready(function() {
$('#stats').hide();
var base = $('base').attr('href');
$.getJSON(base + 'api/stats/summary', function(data) {
var stats = data;
$('#userCount').html(stats.userCount);
$('#clientCount').html(stats.clientCount);
$('#approvalCount').html(stats.approvalCount);
$('#statsloader').hide();
$('#stats').show();
});
});
</script>
<o:footer />

51
openid-connect-server-webapp/src/main/webapp/WEB-INF/views/login.jsp
View File

@ -1,51 +0,0 @@
<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
<%@ taglib prefix="authz" uri="http://www.springframework.org/security/tags"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="o" tagdir="/WEB-INF/tags"%>
<%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%>
<o:header title="Log In" />
<script type="text/javascript">
<!--
$(document).ready(function() {
// select the appropriate field based on context
$('#<c:out value="${ login_hint != null ? 'j_password' : 'j_username' }" />').focus();
});
//-->
</script>
<o:topbar />
<div class="container-fluid main">
<h1><spring:message code="login.login_with_username_and_password"/></h1>
<c:if test="${ param.error != null }">
<div class="alert alert-error"><spring:message code="login.error"/></div>
</c:if>
<div class="row-fluid">
<div class="span6 offset1 well">
<form action="${ config.issuer }${ config.issuer.endsWith('/') ? '' : '/' }login" method="POST">
<div>
<div class="input-prepend input-block-level">
<span class="add-on"><i class="icon-user"></i></span>
<input type="text" placeholder="<spring:message code="login.username"/>" autocorrect="off" autocapitalize="off" autocomplete="off" spellcheck="false" value="<c:out value="${ login_hint }" />" id="j_username" name="username">
</div>
</div>
<div>
<div class="input-prepend input-block-level">
<span class="add-on"><i class="icon-lock"></i></span>
<input type="password" placeholder="<spring:message code="login.password"/>" autocorrect="off" autocapitalize="off" autocomplete="off" spellcheck="false" id="j_password" name="password">
</div>
</div>
<div>
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
<input type="submit" class="btn" value="<spring:message code="login.login-button"/>" name="submit">
</div>
</form>
</div>
</div>
</div>
<o:footer/>

55
openid-connect-server-webapp/src/main/webapp/WEB-INF/views/logoutConfirmation.jsp
View File

@ -1,55 +0,0 @@
<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
<%@ page import="org.springframework.security.core.AuthenticationException"%>
<%@ page import="org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException"%>
<%@ page import="org.springframework.security.web.WebAttributes"%>
<%@ taglib prefix="authz" uri="http://www.springframework.org/security/tags"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%>
<%@ taglib prefix="o" tagdir="/WEB-INF/tags"%>
<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
<%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%>
<spring:message code="logout.confirmation.title" var="title"/>
<o:header title="${title}"/>
<o:topbar />
<div class="container main">
<div class="well" style="text-align: center">
<h1><spring:message code="logout.confirmation.header"/></h1>
<form action="${ config.issuer }${ config.issuer.endsWith('/') ? '' : '/' }endsession" method="POST">
<div class="row-fluid">
<div class="span12">
<spring:message code="logout.confirmation.submit" var="authorize_label"/>
<spring:message code="logout.confirmation.deny" var="deny_label"/>
<div>
<c:if test="${ not empty client }">
<!-- display some client information -->
<spring:message code="logout.confirmation.requested"/>&nbsp;
<c:choose>
<c:when test="${empty client.clientName}">
<em><c:out value="${client.clientId}" /></em>
</c:when>
<c:otherwise>
<em><c:out value="${client.clientName}" /></em>
</c:otherwise>
</c:choose>
</c:if>
</div>
<div>
<spring:message code="logout.confirmation.explanation" />
</div>
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
<input name="approve" value="${authorize_label}" type="submit" class="btn btn-info btn-large" />
&nbsp;
<input name="deny" value="${deny_label}" type="submit" class="btn btn-large" />
</div>
</div>
</form>
</div>
</div>
<o:footer/>

47
openid-connect-server-webapp/src/main/webapp/WEB-INF/views/manage.jsp
View File

@ -1,47 +0,0 @@
<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<%@ taglib prefix="o" tagdir="/WEB-INF/tags"%>
<%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%>
<spring:message code="manage.title" var="title"/>
<o:header title="${title}"/>
<o:topbar pageName="Home" />
<!-- Modal dialogue for management UI -->
<div id="modalAlert" class="modal hide fade" tabindex="-1" role="dialog">
<div class="modal-header">
<button type="button" class="close" data-dismiss="modal">&times;</button>
<h3 id="modalAlertLabel"></h3>
</div>
<div class="modal-body"></div>
<div class="modal-footer">
<button class="btn btn-primary" data-dismiss="modal"><spring:message code="manage.ok"/></button>
</div>
</div>
<div class="container-fluid main">
<div class="row-fluid">
<o:sidebar/>
<div class="span10">
<div class="content span12">
<div id="breadcrumbs"></div>
<div id="loadingbox" class="sheet hide fade" data-sheet-parent="#breadcrumbs">
<div class="sheet-body">
<p><spring:message code="manage.loading"/>:</p>
<p><span id="loading"></span></p>
</div>
</div>
<div id="content">
<div class="well">
<div><h3><spring:message code="manage.loading"/>...</h3></div>
<div class="progress progress-striped active">
<div class="bar" style="width: 100%;"></div>
</div>
</div>
</div>
</div>
</div>
</div>
</div>
<o:footer js="resources/js/admin.js" />

26
openid-connect-server-webapp/src/main/webapp/WEB-INF/views/postLogout.jsp
View File

@ -1,26 +0,0 @@
<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
<%@ taglib prefix="authz" uri="http://www.springframework.org/security/tags"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%>
<%@ taglib prefix="o" tagdir="/WEB-INF/tags"%>
<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
<%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%>
<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags"%>
<spring:message code="logout.post.title" var="title"/>
<o:header title="${title}"/>
<o:topbar />
<div class="container main">
<div class="well" style="text-align: center">
<h1><spring:message code="logout.post.header" /></h1>
<security:authorize access="hasRole('ROLE_USER')">
<div class=""><spring:message code="logout.post.notLoggedOut" /></div>
</security:authorize>
<security:authorize access="!hasRole('ROLE_USER')">
<div class=""><spring:message code="logout.post.loggedOut" /></div>
</security:authorize>
</div>
</div>
<o:footer/>

61
openid-connect-server-webapp/src/main/webapp/WEB-INF/views/requestUserCode.jsp
View File

@ -1,61 +0,0 @@
<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
<%@ page import="org.springframework.security.core.AuthenticationException"%>
<%@ page import="org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException"%>
<%@ page import="org.springframework.security.web.WebAttributes"%>
<%@ taglib prefix="authz" uri="http://www.springframework.org/security/tags"%>
<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%>
<%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%>
<%@ taglib prefix="o" tagdir="/WEB-INF/tags"%>
<%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %>
<%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%>
<spring:message code="device.request_code.title" var="title"/>
<o:header title="${title}"/>
<o:topbar pageName="Approve" />
<div class="container main">
<div class="well" style="text-align: center">
<h1><spring:message code="device.request_code.header"/></h1>
<c:if test="${ error != null }">
<c:choose>
<c:when test="${ error == 'noUserCode' }">
<div class="alert alert-error"><spring:message code="device.error.noUserCode"/></div>
</c:when>
<c:when test="${ error == 'expiredUserCode' }">
<div class="alert alert-error"><spring:message code="device.error.expiredUserCode"/></div>
</c:when>
<c:when test="${ error == 'userCodeAlreadyApproved' }">
<div class="alert alert-error"><spring:message code="device.error.userCodeAlreadyApproved"/></div>
</c:when>
<c:when test="${ error == 'userCodeMismatch' }">
<div class="alert alert-error"><spring:message code="device.error.userCodeMismatch"/></div>
</c:when>
<c:otherwise>
<div class="alert alert-error"><spring:message code="device.error.error"/></div>
</c:otherwise>
</c:choose>
</c:if>
<form action="${ config.issuer }${ config.issuer.endsWith('/') ? '' : '/' }device/verify" method="POST">
<div class="row-fluid">
<div class="span12">
<spring:message code="device.request_code.submit" var="authorize_label"/>
<div>
<div class="input-block-level input-xlarge">
<input type="text" name="user_code" placeholder="code" autocorrect="off" autocapitalize="off" autocomplete="off" spellcheck="false" value="" />
</div>
</div>
<input type="hidden" name="${_csrf.parameterName}" value="${_csrf.token}" />
<input name="approve" value="${authorize_label}" type="submit" class="btn btn-info btn-large" />
</div>
</div>
</form>
</div>
</div>
<o:footer/>

28
openid-connect-server-webapp/src/main/webapp/WEB-INF/views/stats.jsp
View File

@ -1,28 +0,0 @@
<%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%>
<%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%>
<%@ taglib prefix="o" tagdir="/WEB-INF/tags"%>
<%@ taglib prefix="security" uri="http://www.springframework.org/security/tags"%>
<%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%>
<!-- TODO: highlight proper section of topbar; what is the right way to do this? -->
<spring:message code="statistics.title" var="title"/>
<o:header title="${title}"/>
<o:topbar pageName="Statistics"/>
<div class="container-fluid main">
<div class="row-fluid">
<o:sidebar/>
<div class="span10">
<div class="hero-unit">
<h2><spring:message code="statistics.title"/></h2>
<p>
<spring:message code="statistics.number_users" arguments='${statsSummary["userCount"]}'/>
<spring:message code="statistics.number_clients" arguments='${statsSummary["clientCount"]}'/>
<spring:message code="statistics.number_approvals" arguments='${statsSummary["approvalCount"]}'/>
</p>
</div>
</div>
</div>
</div>
<o:footer/>

79
openid-connect-server-webapp/src/main/webapp/WEB-INF/web.xml
View File

@ -1,79 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
Copyright 2017 The MIT Internet Trust Consortium
Portions copyright 2011-2013 The MITRE Corporation
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<web-app version="3.0" xmlns="http://java.sun.com/xml/ns/javaee"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_3_0.xsd"
metadata-complete="true">
<absolute-ordering />
<!-- The definition of the Root Spring Container shared by all Servlets
and Filters -->
<context-param>
<param-name>contextConfigLocation</param-name>
<param-value>
/WEB-INF/application-context.xml
</param-value>
</context-param>
<!-- Creates the Spring Container shared by all Servlets and Filters -->
<listener>
<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
</listener>
<!-- filter through Spring Security -->
<filter>
<filter-name>springSecurityFilterChain</filter-name>
<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
<init-param>
<param-name>contextAttribute</param-name>
<param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.spring</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>springSecurityFilterChain</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- Processes application requests -->
<servlet>
<servlet-name>spring</servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>spring</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<jsp-config>
<jsp-property-group>
<url-pattern>*.jsp</url-pattern>
<trim-directive-whitespaces>true</trim-directive-whitespaces>
</jsp-property-group>
</jsp-config>
<error-page>
<location>/error</location>
</error-page>
</web-app>

17
openid-connect-server-webapp/src/main/webapp/WEB-INF/wro.properties
View File

@ -1,17 +0,0 @@
###############################################################################
# Copyright 2017 The MIT Internet Trust Consortium
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
###############################################################################
preProcessors=cssImport
postProcessors=lessCss

23
openid-connect-server-webapp/src/main/webapp/WEB-INF/wro.xml
View File

@ -1,23 +0,0 @@
<!--
Copyright 2017 The MIT Internet Trust Consortium
Licensed under the Apache License, Version 2.0 (the "License");
you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software
distributed under the License is distributed on an "AS IS" BASIS,
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
See the License for the specific language governing permissions and
limitations under the License.
-->
<groups xmlns="http://www.isdc.ro/wro">
<group name="bootstrap">
<css>/less/bootstrap.less</css>
</group>
<group name="bootstrap-responsive">
<css>/less/bootstrap-responsive.less</css>
</group>
</groups>

34
openid-connect-server-webapp/src/main/webapp/less/accordion.less
View File

@ -1,34 +0,0 @@
//
// Accordion
// --------------------------------------------------
// Parent container
.accordion {
margin-bottom: @baseLineHeight;
}
// Group == heading + body
.accordion-group {
margin-bottom: 2px;
border: 1px solid #e5e5e5;
.border-radius(@baseBorderRadius);
}
.accordion-heading {
border-bottom: 0;
}
.accordion-heading .accordion-toggle {
display: block;
padding: 8px 15px;
}
// General toggle styles
.accordion-toggle {
cursor: pointer;
}
// Inner needs the styles because you can't animate properly with any styles on the element
.accordion-inner {
padding: 9px 15px;
border-top: 1px solid #e5e5e5;
}

79
openid-connect-server-webapp/src/main/webapp/less/alerts.less
View File

@ -1,79 +0,0 @@
//
// Alerts
// --------------------------------------------------
// Base styles
// -------------------------
.alert {
padding: 8px 35px 8px 14px;
margin-bottom: @baseLineHeight;
text-shadow: 0 1px 0 rgba(255,255,255,.5);
background-color: @warningBackground;
border: 1px solid @warningBorder;
.border-radius(@baseBorderRadius);
}
.alert,
.alert h4 {
// Specified for the h4 to prevent conflicts of changing @headingsColor
color: @warningText;
}
.alert h4 {
margin: 0;
}
// Adjust close link position
.alert .close {
position: relative;
top: -2px;
right: -21px;
line-height: @baseLineHeight;
}
// Alternate styles
// -------------------------
.alert-success {
background-color: @successBackground;
border-color: @successBorder;
color: @successText;
}
.alert-success h4 {
color: @successText;
}
.alert-danger,
.alert-error {
background-color: @errorBackground;
border-color: @errorBorder;
color: @errorText;
}
.alert-danger h4,
.alert-error h4 {
color: @errorText;
}
.alert-info {
background-color: @infoBackground;
border-color: @infoBorder;
color: @infoText;
}
.alert-info h4 {
color: @infoText;
}
// Block alerts
// -------------------------
.alert-block {
padding-top: 14px;
padding-bottom: 14px;
}
.alert-block > p,
.alert-block > ul {
margin-bottom: 0;
}
.alert-block p + p {
margin-top: 5px;
}

48
openid-connect-server-webapp/src/main/webapp/less/bootstrap-responsive.less
View File

@ -1,48 +0,0 @@
/*!
* Bootstrap Responsive v2.3.2
*
* Copyright 2013 Twitter, Inc
* Licensed under the Apache License v2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Designed and built with all the love in the world by @mdo and @fat.
*/
// Responsive.less
// For phone and tablet devices
// -------------------------------------------------------------
// REPEAT VARIABLES & MIXINS
// -------------------------
// Required since we compile the responsive stuff separately
@import "variables.less"; // Modify this for custom colors, font-sizes, etc
@import "mixins.less";
// RESPONSIVE CLASSES
// ------------------
@import "responsive-utilities.less";
// MEDIA QUERIES
// ------------------
// Large desktops
@import "responsive-1200px-min.less";
// Tablets to regular desktops
@import "responsive-768px-979px.less";
// Phones to portrait tablets and narrow desktops
@import "responsive-767px-max.less";
// RESPONSIVE NAVBAR
// ------------------
// From 979px and below, show a button to toggle navbar contents
@import "responsive-navbar.less";

63
openid-connect-server-webapp/src/main/webapp/less/bootstrap.less
View File

@ -1,63 +0,0 @@
/*!
* Bootstrap v2.3.2
*
* Copyright 2013 Twitter, Inc
* Licensed under the Apache License v2.0
* http://www.apache.org/licenses/LICENSE-2.0
*
* Designed and built with all the love in the world by @mdo and @fat.
*/
// Core variables and mixins
@import "variables.less"; // Modify this for custom colors, font-sizes, etc
@import "mixins.less";
// CSS Reset
@import "reset.less";
// Grid system and page structure
@import "scaffolding.less";
@import "grid.less";
@import "layouts.less";
// Base CSS
@import "type.less";
@import "code.less";
@import "forms.less";
@import "tables.less";
// Components: common
@import "sprites.less";
@import "dropdowns.less";
@import "wells.less";
@import "component-animations.less";
@import "close.less";
// Components: Buttons & Alerts
@import "buttons.less";
@import "button-groups.less";
@import "alerts.less"; // Note: alerts share common CSS with buttons and thus have styles in buttons.less
// Components: Nav
@import "navs.less";
@import "navbar.less";
@import "breadcrumbs.less";
@import "pagination.less";
@import "pager.less";
// Components: Popovers
@import "modals.less";
@import "tooltip.less";
@import "popovers.less";
// Components: Misc
@import "thumbnails.less";
@import "media.less";
@import "labels-badges.less";
@import "progress-bars.less";
@import "accordion.less";
@import "carousel.less";
@import "hero-unit.less";
// Utility classes
@import "utilities.less"; // Has to be last to override when necessary

24
openid-connect-server-webapp/src/main/webapp/less/breadcrumbs.less
View File

@ -1,24 +0,0 @@
//
// Breadcrumbs
// --------------------------------------------------
.breadcrumb {
padding: 8px 15px;
margin: 0 0 @baseLineHeight;
list-style: none;
background-color: #f5f5f5;
.border-radius(@baseBorderRadius);
> li {
display: inline-block;
.ie7-inline-block();
text-shadow: 0 1px 0 @white;
> .divider {
padding: 0 5px;
color: #ccc;
}
}
> .active {
color: @grayLight;
}
}

229
openid-connect-server-webapp/src/main/webapp/less/button-groups.less
View File

@ -1,229 +0,0 @@
//
// Button groups
// --------------------------------------------------
// Make the div behave like a button
.btn-group {
position: relative;
display: inline-block;
.ie7-inline-block();
font-size: 0; // remove as part 1 of font-size inline-block hack
vertical-align: middle; // match .btn alignment given font-size hack above
white-space: nowrap; // prevent buttons from wrapping when in tight spaces (e.g., the table on the tests page)
.ie7-restore-left-whitespace();
}
// Space out series of button groups
.btn-group + .btn-group {
margin-left: 5px;
}
// Optional: Group multiple button groups together for a toolbar
.btn-toolbar {
font-size: 0; // Hack to remove whitespace that results from using inline-block
margin-top: @baseLineHeight / 2;
margin-bottom: @baseLineHeight / 2;
> .btn + .btn,
> .btn-group + .btn,
> .btn + .btn-group {
margin-left: 5px;
}
}
// Float them, remove border radius, then re-add to first and last elements
.btn-group > .btn {
position: relative;
.border-radius(0);
}
.btn-group > .btn + .btn {
margin-left: -1px;
}
.btn-group > .btn,
.btn-group > .dropdown-menu,
.btn-group > .popover {
font-size: @baseFontSize; // redeclare as part 2 of font-size inline-block hack
}
// Reset fonts for other sizes
.btn-group > .btn-mini {
font-size: @fontSizeMini;
}
.btn-group > .btn-small {
font-size: @fontSizeSmall;
}
.btn-group > .btn-large {
font-size: @fontSizeLarge;
}
// Set corners individual because sometimes a single button can be in a .btn-group and we need :first-child and :last-child to both match
.btn-group > .btn:first-child {
margin-left: 0;
.border-top-left-radius(@baseBorderRadius);
.border-bottom-left-radius(@baseBorderRadius);
}
// Need .dropdown-toggle since :last-child doesn't apply given a .dropdown-menu immediately after it
.btn-group > .btn:last-child,
.btn-group > .dropdown-toggle {
.border-top-right-radius(@baseBorderRadius);
.border-bottom-right-radius(@baseBorderRadius);
}
// Reset corners for large buttons
.btn-group > .btn.large:first-child {
margin-left: 0;
.border-top-left-radius(@borderRadiusLarge);
.border-bottom-left-radius(@borderRadiusLarge);
}
.btn-group > .btn.large:last-child,
.btn-group > .large.dropdown-toggle {
.border-top-right-radius(@borderRadiusLarge);
.border-bottom-right-radius(@borderRadiusLarge);
}
// On hover/focus/active, bring the proper btn to front
.btn-group > .btn:hover,
.btn-group > .btn:focus,
.btn-group > .btn:active,
.btn-group > .btn.active {
z-index: 2;
}
// On active and open, don't show outline
.btn-group .dropdown-toggle:active,
.btn-group.open .dropdown-toggle {
outline: 0;
}
// Split button dropdowns
// ----------------------
// Give the line between buttons some depth
.btn-group > .btn + .dropdown-toggle {
padding-left: 8px;
padding-right: 8px;
.box-shadow(~"inset 1px 0 0 rgba(255,255,255,.125), inset 0 1px 0 rgba(255,255,255,.2), 0 1px 2px rgba(0,0,0,.05)");
*padding-top: 5px;
*padding-bottom: 5px;
}
.btn-group > .btn-mini + .dropdown-toggle {
padding-left: 5px;
padding-right: 5px;
*padding-top: 2px;
*padding-bottom: 2px;
}
.btn-group > .btn-small + .dropdown-toggle {
*padding-top: 5px;
*padding-bottom: 4px;
}
.btn-group > .btn-large + .dropdown-toggle {
padding-left: 12px;
padding-right: 12px;
*padding-top: 7px;
*padding-bottom: 7px;
}
.btn-group.open {
// The clickable button for toggling the menu
// Remove the gradient and set the same inset shadow as the :active state
.dropdown-toggle {
background-image: none;
.box-shadow(~"inset 0 2px 4px rgba(0,0,0,.15), 0 1px 2px rgba(0,0,0,.05)");
}
// Keep the hover's background when dropdown is open
.btn.dropdown-toggle {
background-color: @btnBackgroundHighlight;
}
.btn-primary.dropdown-toggle {
background-color: @btnPrimaryBackgroundHighlight;
}
.btn-warning.dropdown-toggle {
background-color: @btnWarningBackgroundHighlight;
}
.btn-danger.dropdown-toggle {
background-color: @btnDangerBackgroundHighlight;
}
.btn-success.dropdown-toggle {
background-color: @btnSuccessBackgroundHighlight;
}
.btn-info.dropdown-toggle {
background-color: @btnInfoBackgroundHighlight;
}
.btn-inverse.dropdown-toggle {
background-color: @btnInverseBackgroundHighlight;
}
}
// Reposition the caret
.btn .caret {
margin-top: 8px;
margin-left: 0;
}
// Carets in other button sizes
.btn-large .caret {
margin-top: 6px;
}
.btn-large .caret {
border-left-width: 5px;
border-right-width: 5px;
border-top-width: 5px;
}
.btn-mini .caret,
.btn-small .caret {
margin-top: 8px;
}
// Upside down carets for .dropup
.dropup .btn-large .caret {
border-bottom-width: 5px;
}
// Account for other colors
.btn-primary,
.btn-warning,
.btn-danger,
.btn-info,
.btn-success,
.btn-inverse {
.caret {
border-top-color: @white;
border-bottom-color: @white;
}
}
// Vertical button groups
// ----------------------
.btn-group-vertical {
display: inline-block; // makes buttons only take up the width they need
.ie7-inline-block();
}
.btn-group-vertical > .btn {
display: block;
float: none;
max-width: 100%;
.border-radius(0);
}
.btn-group-vertical > .btn + .btn {
margin-left: 0;
margin-top: -1px;
}
.btn-group-vertical > .btn:first-child {
.border-radius(@baseBorderRadius @baseBorderRadius 0 0);
}
.btn-group-vertical > .btn:last-child {
.border-radius(0 0 @baseBorderRadius @baseBorderRadius);
}
.btn-group-vertical > .btn-large:first-child {
.border-radius(@borderRadiusLarge @borderRadiusLarge 0 0);
}
.btn-group-vertical > .btn-large:last-child {
.border-radius(0 0 @borderRadiusLarge @borderRadiusLarge);
}

228
openid-connect-server-webapp/src/main/webapp/less/buttons.less
View File

@ -1,228 +0,0 @@
//
// Buttons
// --------------------------------------------------
// Base styles
// --------------------------------------------------
// Core
.btn {
display: inline-block;
.ie7-inline-block();
padding: 4px 12px;
margin-bottom: 0; // For input.btn
font-size: @baseFontSize;
line-height: @baseLineHeight;
text-align: center;
vertical-align: middle;
cursor: pointer;
.buttonBackground(@btnBackground, @btnBackgroundHighlight, @grayDark, 0 1px 1px rgba(255,255,255,.75));
border: 1px solid @btnBorder;
*border: 0; // Remove the border to prevent IE7's black border on input:focus
border-bottom-color: darken(@btnBorder, 10%);
.border-radius(@baseBorderRadius);
.ie7-restore-left-whitespace(); // Give IE7 some love
.box-shadow(~"inset 0 1px 0 rgba(255,255,255,.2), 0 1px 2px rgba(0,0,0,.05)");
// Hover/focus state
&:hover,
&:focus {
color: @grayDark;
text-decoration: none;
background-position: 0 -15px;
// transition is only when going to hover/focus, otherwise the background
// behind the gradient (there for IE<=9 fallback) gets mismatched
.transition(background-position .1s linear);
}
// Focus state for keyboard and accessibility
&:focus {
.tab-focus();
}
// Active state
&.active,
&:active {
background-image: none;
outline: 0;
.box-shadow(~"inset 0 2px 4px rgba(0,0,0,.15), 0 1px 2px rgba(0,0,0,.05)");
}
// Disabled state
&.disabled,
&[disabled] {
cursor: default;
background-image: none;
.opacity(65);
.box-shadow(none);
}
}
// Button Sizes
// --------------------------------------------------
// Large
.btn-large {
padding: @paddingLarge;
font-size: @fontSizeLarge;
.border-radius(@borderRadiusLarge);
}
.btn-large [class^="icon-"],
.btn-large [class*=" icon-"] {
margin-top: 4px;
}
// Small
.btn-small {
padding: @paddingSmall;
font-size: @fontSizeSmall;
.border-radius(@borderRadiusSmall);
}
.btn-small [class^="icon-"],
.btn-small [class*=" icon-"] {
margin-top: 0;
}
.btn-mini [class^="icon-"],
.btn-mini [class*=" icon-"] {
margin-top: -1px;
}
// Mini
.btn-mini {
padding: @paddingMini;
font-size: @fontSizeMini;
.border-radius(@borderRadiusSmall);
}
// Block button
// -------------------------
.btn-block {
display: block;
width: 100%;
padding-left: 0;
padding-right: 0;
.box-sizing(border-box);
}
// Vertically space out multiple block buttons
.btn-block + .btn-block {
margin-top: 5px;
}
// Specificity overrides
input[type="submit"],
input[type="reset"],
input[type="button"] {
&.btn-block {
width: 100%;
}
}
// Alternate buttons
// --------------------------------------------------
// Provide *some* extra contrast for those who can get it
.btn-primary.active,
.btn-warning.active,
.btn-danger.active,
.btn-success.active,
.btn-info.active,
.btn-inverse.active {
color: rgba(255,255,255,.75);
}
// Set the backgrounds
// -------------------------
.btn-primary {
.buttonBackground(@btnPrimaryBackground, @btnPrimaryBackgroundHighlight);
}
// Warning appears are orange
.btn-warning {
.buttonBackground(@btnWarningBackground, @btnWarningBackgroundHighlight);
}
// Danger and error appear as red
.btn-danger {
.buttonBackground(@btnDangerBackground, @btnDangerBackgroundHighlight);
}
// Success appears as green
.btn-success {
.buttonBackground(@btnSuccessBackground, @btnSuccessBackgroundHighlight);
}
// Info appears as a neutral blue
.btn-info {
.buttonBackground(@btnInfoBackground, @btnInfoBackgroundHighlight);
}
// Inverse appears as dark gray
.btn-inverse {
.buttonBackground(@btnInverseBackground, @btnInverseBackgroundHighlight);
}
// Cross-browser Jank
// --------------------------------------------------
button.btn,
input[type="submit"].btn {
// Firefox 3.6 only I believe
&::-moz-focus-inner {
padding: 0;
border: 0;
}
// IE7 has some default padding on button controls
*padding-top: 3px;
*padding-bottom: 3px;
&.btn-large {
*padding-top: 7px;
*padding-bottom: 7px;
}
&.btn-small {
*padding-top: 3px;
*padding-bottom: 3px;
}
&.btn-mini {
*padding-top: 1px;
*padding-bottom: 1px;
}
}
// Link buttons
// --------------------------------------------------
// Make a button look and behave like a link
.btn-link,
.btn-link:active,
.btn-link[disabled] {
background-color: transparent;
background-image: none;
.box-shadow(none);
}
.btn-link {
border-color: transparent;
cursor: pointer;
color: @linkColor;
.border-radius(0);
}
.btn-link:hover,
.btn-link:focus {
color: @linkColorHover;
text-decoration: underline;
background-color: transparent;
}
.btn-link[disabled]:hover,
.btn-link[disabled]:focus {
color: @grayDark;
text-decoration: none;
}

158
openid-connect-server-webapp/src/main/webapp/less/carousel.less
View File

@ -1,158 +0,0 @@
//
// Carousel
// --------------------------------------------------
.carousel {
position: relative;
margin-bottom: @baseLineHeight;
line-height: 1;
}
.carousel-inner {
overflow: hidden;
width: 100%;
position: relative;
}
.carousel-inner {
> .item {
display: none;
position: relative;
.transition(.6s ease-in-out left);
// Account for jankitude on images
> img,
> a > img {
display: block;
line-height: 1;
}
}
> .active,
> .next,
> .prev { display: block; }
> .active {
left: 0;
}
> .next,
> .prev {
position: absolute;
top: 0;
width: 100%;
}
> .next {
left: 100%;
}
> .prev {
left: -100%;
}
> .next.left,
> .prev.right {
left: 0;
}
> .active.left {
left: -100%;
}
> .active.right {
left: 100%;
}
}
// Left/right controls for nav
// ---------------------------
.carousel-control {
position: absolute;
top: 40%;
left: 15px;
width: 40px;
height: 40px;
margin-top: -20px;
font-size: 60px;
font-weight: 100;
line-height: 30px;
color: @white;
text-align: center;
background: @grayDarker;
border: 3px solid @white;
.border-radius(23px);
.opacity(50);
// we can't have this transition here
// because webkit cancels the carousel
// animation if you trip this while
// in the middle of another animation
// ;_;
// .transition(opacity .2s linear);
// Reposition the right one
&.right {
left: auto;
right: 15px;
}
// Hover/focus state
&:hover,
&:focus {
color: @white;
text-decoration: none;
.opacity(90);
}
}
// Carousel indicator pips
// -----------------------------
.carousel-indicators {
position: absolute;
top: 15px;
right: 15px;
z-index: 5;
margin: 0;
list-style: none;
li {
display: block;
float: left;
width: 10px;
height: 10px;
margin-left: 5px;
text-indent: -999px;
background-color: #ccc;
background-color: rgba(255,255,255,.25);
border-radius: 5px;
}
.active {
background-color: #fff;
}
}
// Caption for text below images
// -----------------------------
.carousel-caption {
position: absolute;
left: 0;
right: 0;
bottom: 0;
padding: 15px;
background: @grayDark;
background: rgba(0,0,0,.75);
}
.carousel-caption h4,
.carousel-caption p {
color: @white;
line-height: @baseLineHeight;
}
.carousel-caption h4 {
margin: 0 0 5px;
}
.carousel-caption p {
margin-bottom: 0;
}

32
openid-connect-server-webapp/src/main/webapp/less/close.less
View File

@ -1,32 +0,0 @@
//
// Close icons
// --------------------------------------------------
.close {
float: right;
font-size: 20px;
font-weight: bold;
line-height: @baseLineHeight;
color: @black;
text-shadow: 0 1px 0 rgba(255,255,255,1);
.opacity(20);
&:hover,
&:focus {
color: @black;
text-decoration: none;
cursor: pointer;
.opacity(40);
}
}
// Additional properties for button version
// iOS requires the button element instead of an anchor tag.
// If you want the anchor version, it requires `href="#"`.
button.close {
padding: 0;
cursor: pointer;
background: transparent;
border: 0;
-webkit-appearance: none;
}

61
openid-connect-server-webapp/src/main/webapp/less/code.less
View File

@ -1,61 +0,0 @@
//
// Code (inline and blocK)
// --------------------------------------------------
// Inline and block code styles
code,
pre {
padding: 0 3px 2px;
#font > #family > .monospace;
font-size: @baseFontSize - 2;
color: @grayDark;
.border-radius(3px);
}
// Inline code
code {
padding: 2px 4px;
color: #d14;
background-color: #f7f7f9;
border: 1px solid #e1e1e8;
white-space: nowrap;
}
// Blocks of code
pre {
display: block;
padding: (@baseLineHeight - 1) / 2;
margin: 0 0 @baseLineHeight / 2;
font-size: @baseFontSize - 1; // 14px to 13px
line-height: @baseLineHeight;
word-break: break-all;
word-wrap: break-word;
white-space: pre;
white-space: pre-wrap;
background-color: #f5f5f5;
border: 1px solid #ccc; // fallback for IE7-8
border: 1px solid rgba(0,0,0,.15);
.border-radius(@baseBorderRadius);
// Make prettyprint styles more spaced out for readability
&.prettyprint {
margin-bottom: @baseLineHeight;
}
// Account for some code outputs that place code tags in pre tags
code {
padding: 0;
color: inherit;
white-space: pre;
white-space: pre-wrap;
background-color: transparent;
border: 0;
}
}
// Enable scrollable blocks of code
.pre-scrollable {
max-height: 340px;
overflow-y: scroll;
}

22
openid-connect-server-webapp/src/main/webapp/less/component-animations.less
View File

@ -1,22 +0,0 @@
//
// Component animations
// --------------------------------------------------
.fade {
opacity: 0;
.transition(opacity .15s linear);
&.in {
opacity: 1;
}
}
.collapse {
position: relative;
height: 0;
overflow: hidden;
.transition(height .35s ease);
&.in {
height: auto;
}
}

248
openid-connect-server-webapp/src/main/webapp/less/dropdowns.less
View File

@ -1,248 +0,0 @@
//
// Dropdown menus
// --------------------------------------------------
// Use the .menu class on any <li> element within the topbar or ul.tabs and you'll get some superfancy dropdowns
.dropup,
.dropdown {
position: relative;
}
.dropdown-toggle {
// The caret makes the toggle a bit too tall in IE7
*margin-bottom: -3px;
}
.dropdown-toggle:active,
.open .dropdown-toggle {
outline: 0;
}
// Dropdown arrow/caret
// --------------------
.caret {
display: inline-block;
width: 0;
height: 0;
vertical-align: top;
border-top: 4px solid @black;
border-right: 4px solid transparent;
border-left: 4px solid transparent;
content: "";
}
// Place the caret
.dropdown .caret {
margin-top: 8px;
margin-left: 2px;
}
// The dropdown menu (ul)
// ----------------------
.dropdown-menu {
position: absolute;
top: 100%;
left: 0;
z-index: @zindexDropdown;
display: none; // none by default, but block on "open" of the menu
float: left;
min-width: 160px;
padding: 5px 0;
margin: 2px 0 0; // override default ul
list-style: none;
background-color: @dropdownBackground;
border: 1px solid #ccc; // Fallback for IE7-8
border: 1px solid @dropdownBorder;
*border-right-width: 2px;
*border-bottom-width: 2px;
.border-radius(6px);
.box-shadow(0 5px 10px rgba(0,0,0,.2));
-webkit-background-clip: padding-box;
-moz-background-clip: padding;
background-clip: padding-box;
// Aligns the dropdown menu to right
&.pull-right {
right: 0;
left: auto;
}
// Dividers (basically an hr) within the dropdown
.divider {
.nav-divider(@dropdownDividerTop, @dropdownDividerBottom);
}
// Links within the dropdown menu
> li > a {
display: block;
padding: 3px 20px;
clear: both;
font-weight: normal;
line-height: @baseLineHeight;
color: @dropdownLinkColor;
white-space: nowrap;
}
}
// Hover/Focus state
// -----------
.dropdown-menu > li > a:hover,
.dropdown-menu > li > a:focus,
.dropdown-submenu:hover > a,
.dropdown-submenu:focus > a {
text-decoration: none;
color: @dropdownLinkColorHover;
#gradient > .vertical(@dropdownLinkBackgroundHover, darken(@dropdownLinkBackgroundHover, 5%));
}
// Active state
// ------------
.dropdown-menu > .active > a,
.dropdown-menu > .active > a:hover,
.dropdown-menu > .active > a:focus {
color: @dropdownLinkColorActive;
text-decoration: none;
outline: 0;
#gradient > .vertical(@dropdownLinkBackgroundActive, darken(@dropdownLinkBackgroundActive, 5%));
}
// Disabled state
// --------------
// Gray out text and ensure the hover/focus state remains gray
.dropdown-menu > .disabled > a,
.dropdown-menu > .disabled > a:hover,
.dropdown-menu > .disabled > a:focus {
color: @grayLight;
}
// Nuke hover/focus effects
.dropdown-menu > .disabled > a:hover,
.dropdown-menu > .disabled > a:focus {
text-decoration: none;
background-color: transparent;
background-image: none; // Remove CSS gradient
.reset-filter();
cursor: default;
}
// Open state for the dropdown
// ---------------------------
.open {
// IE7's z-index only goes to the nearest positioned ancestor, which would
// make the menu appear below buttons that appeared later on the page
*z-index: @zindexDropdown;
& > .dropdown-menu {
display: block;
}
}
// Backdrop to catch body clicks on mobile, etc.
// ---------------------------
.dropdown-backdrop {
position: fixed;
left: 0;
right: 0;
bottom: 0;
top: 0;
z-index: @zindexDropdown - 10;
}
// Right aligned dropdowns
// ---------------------------
.pull-right > .dropdown-menu {
right: 0;
left: auto;
}
// Allow for dropdowns to go bottom up (aka, dropup-menu)
// ------------------------------------------------------
// Just add .dropup after the standard .dropdown class and you're set, bro.
// TODO: abstract this so that the navbar fixed styles are not placed here?
.dropup,
.navbar-fixed-bottom .dropdown {
// Reverse the caret
.caret {
border-top: 0;
border-bottom: 4px solid @black;
content: "";
}
// Different positioning for bottom up menu
.dropdown-menu {
top: auto;
bottom: 100%;
margin-bottom: 1px;
}
}
// Sub menus
// ---------------------------
.dropdown-submenu {
position: relative;
}
// Default dropdowns
.dropdown-submenu > .dropdown-menu {
top: 0;
left: 100%;
margin-top: -6px;
margin-left: -1px;
.border-radius(0 6px 6px 6px);
}
.dropdown-submenu:hover > .dropdown-menu {
display: block;
}
// Dropups
.dropup .dropdown-submenu > .dropdown-menu {
top: auto;
bottom: 0;
margin-top: 0;
margin-bottom: -2px;
.border-radius(5px 5px 5px 0);
}
// Caret to indicate there is a submenu
.dropdown-submenu > a:after {
display: block;
content: " ";
float: right;
width: 0;
height: 0;
border-color: transparent;
border-style: solid;
border-width: 5px 0 5px 5px;
border-left-color: darken(@dropdownBackground, 20%);
margin-top: 5px;
margin-right: -10px;
}
.dropdown-submenu:hover > a:after {
border-left-color: @dropdownLinkColorHover;
}
// Left aligned submenus
.dropdown-submenu.pull-left {
// Undo the float
// Yes, this is awkward since .pull-left adds a float, but it sticks to our conventions elsewhere.
float: none;
// Positioning the submenu
> .dropdown-menu {
left: -100%;
margin-left: 10px;
.border-radius(6px 0 6px 6px);
}
}
// Tweak nav headers
// -----------------
// Increase padding from 15px to 20px on sides
.dropdown .dropdown-menu .nav-header {
padding-left: 20px;
padding-right: 20px;
}
// Typeahead
// ---------
.typeahead {
z-index: 1051;
margin-top: 2px; // give it some space to breathe
.border-radius(@baseBorderRadius);
}

690
openid-connect-server-webapp/src/main/webapp/less/forms.less
View File

@ -1,690 +0,0 @@
//
// Forms
// --------------------------------------------------
// GENERAL STYLES
// --------------
// Make all forms have space below them
form {
margin: 0 0 @baseLineHeight;
}
fieldset {
padding: 0;
margin: 0;
border: 0;
}
// Groups of fields with labels on top (legends)
legend {
display: block;
width: 100%;
padding: 0;
margin-bottom: @baseLineHeight;
font-size: @baseFontSize * 1.5;
line-height: @baseLineHeight * 2;
color: @grayDark;
border: 0;
border-bottom: 1px solid #e5e5e5;
// Small
small {
font-size: @baseLineHeight * .75;
color: @grayLight;
}
}
// Set font for forms
label,
input,
button,
select,
textarea {
#font > .shorthand(@baseFontSize,normal,@baseLineHeight); // Set size, weight, line-height here
}
input,
button,
select,
textarea {
font-family: @baseFontFamily; // And only set font-family here for those that need it (note the missing label element)
}
// Identify controls by their labels
label {
display: block;
margin-bottom: 5px;
}
// Form controls
// -------------------------
// Shared size and type resets
select,
textarea,
input[type="text"],
input[type="password"],
input[type="datetime"],
input[type="datetime-local"],
input[type="date"],
input[type="month"],
input[type="time"],
input[type="week"],
input[type="number"],
input[type="email"],
input[type="url"],
input[type="search"],
input[type="tel"],
input[type="color"],
.uneditable-input {
display: inline-block;
height: @baseLineHeight;
padding: 4px 6px;
margin-bottom: @baseLineHeight / 2;
font-size: @baseFontSize;
line-height: @baseLineHeight;
color: @gray;
.border-radius(@inputBorderRadius);
vertical-align: middle;
}
// Reset appearance properties for textual inputs and textarea
// Declare width for legacy (can't be on input[type=*] selectors or it's too specific)
input,
textarea,
.uneditable-input {
width: 206px; // plus 12px padding and 2px border
}
// Reset height since textareas have rows
textarea {
height: auto;
}
// Everything else
textarea,
input[type="text"],
input[type="password"],
input[type="datetime"],
input[type="datetime-local"],
input[type="date"],
input[type="month"],
input[type="time"],
input[type="week"],
input[type="number"],
input[type="email"],
input[type="url"],
input[type="search"],
input[type="tel"],
input[type="color"],
.uneditable-input {
background-color: @inputBackground;
border: 1px solid @inputBorder;
.box-shadow(inset 0 1px 1px rgba(0,0,0,.075));
.transition(~"border linear .2s, box-shadow linear .2s");
// Focus state
&:focus {
border-color: rgba(82,168,236,.8);
outline: 0;
outline: thin dotted \9; /* IE6-9 */
.box-shadow(~"inset 0 1px 1px rgba(0,0,0,.075), 0 0 8px rgba(82,168,236,.6)");
}
}
// Position radios and checkboxes better
input[type="radio"],
input[type="checkbox"] {
margin: 4px 0 0;
*margin-top: 0; /* IE7 */
margin-top: 1px \9; /* IE8-9 */
line-height: normal;
}
// Reset width of input images, buttons, radios, checkboxes
input[type="file"],
input[type="image"],
input[type="submit"],
input[type="reset"],
input[type="button"],
input[type="radio"],
input[type="checkbox"] {
width: auto; // Override of generic input selector
}
// Set the height of select and file controls to match text inputs
select,
input[type="file"] {
height: @inputHeight; /* In IE7, the height of the select element cannot be changed by height, only font-size */
*margin-top: 4px; /* For IE7, add top margin to align select with labels */
line-height: @inputHeight;
}
// Make select elements obey height by applying a border
select {
width: 220px; // default input width + 10px of padding that doesn't get applied
border: 1px solid @inputBorder;
background-color: @inputBackground; // Chrome on Linux and Mobile Safari need background-color
}
// Make multiple select elements height not fixed
select[multiple],
select[size] {
height: auto;
}
// Focus for select, file, radio, and checkbox
select:focus,
input[type="file"]:focus,
input[type="radio"]:focus,
input[type="checkbox"]:focus {
.tab-focus();
}
// Uneditable inputs
// -------------------------
// Make uneditable inputs look inactive
.uneditable-input,
.uneditable-textarea {
color: @grayLight;
background-color: darken(@inputBackground, 1%);
border-color: @inputBorder;
.box-shadow(inset 0 1px 2px rgba(0,0,0,.025));
cursor: not-allowed;
}
// For text that needs to appear as an input but should not be an input
.uneditable-input {
overflow: hidden; // prevent text from wrapping, but still cut it off like an input does
white-space: nowrap;
}
// Make uneditable textareas behave like a textarea
.uneditable-textarea {
width: auto;
height: auto;
}
// Placeholder
// -------------------------
// Placeholder text gets special styles because when browsers invalidate entire lines if it doesn't understand a selector
input,
textarea {
.placeholder();
}
// CHECKBOXES & RADIOS
// -------------------
// Indent the labels to position radios/checkboxes as hanging
.radio,
.checkbox {
min-height: @baseLineHeight; // clear the floating input if there is no label text
padding-left: 20px;
}
.radio input[type="radio"],
.checkbox input[type="checkbox"] {
float: left;
margin-left: -20px;
}
// Move the options list down to align with labels
.controls > .radio:first-child,
.controls > .checkbox:first-child {
padding-top: 5px; // has to be padding because margin collaspes
}
// Radios and checkboxes on same line
// TODO v3: Convert .inline to .control-inline
.radio.inline,
.checkbox.inline {
display: inline-block;
padding-top: 5px;
margin-bottom: 0;
vertical-align: middle;
}
.radio.inline + .radio.inline,
.checkbox.inline + .checkbox.inline {
margin-left: 10px; // space out consecutive inline controls
}
// INPUT SIZES
// -----------
// General classes for quick sizes
.input-mini { width: 60px; }
.input-small { width: 90px; }
.input-medium { width: 150px; }
.input-large { width: 210px; }
.input-xlarge { width: 270px; }
.input-xxlarge { width: 530px; }
// Grid style input sizes
input[class*="span"],
select[class*="span"],
textarea[class*="span"],
.uneditable-input[class*="span"],
// Redeclare since the fluid row class is more specific
.row-fluid input[class*="span"],
.row-fluid select[class*="span"],
.row-fluid textarea[class*="span"],
.row-fluid .uneditable-input[class*="span"] {
float: none;
margin-left: 0;
}
// Ensure input-prepend/append never wraps
.input-append input[class*="span"],
.input-append .uneditable-input[class*="span"],
.input-prepend input[class*="span"],
.input-prepend .uneditable-input[class*="span"],
.row-fluid input[class*="span"],
.row-fluid select[class*="span"],
.row-fluid textarea[class*="span"],
.row-fluid .uneditable-input[class*="span"],
.row-fluid .input-prepend [class*="span"],
.row-fluid .input-append [class*="span"] {
display: inline-block;
}
// GRID SIZING FOR INPUTS
// ----------------------
// Grid sizes
#grid > .input(@gridColumnWidth, @gridGutterWidth);
// Control row for multiple inputs per line
.controls-row {
.clearfix(); // Clear the float from controls
}
// Float to collapse white-space for proper grid alignment
.controls-row [class*="span"],
// Redeclare the fluid grid collapse since we undo the float for inputs
.row-fluid .controls-row [class*="span"] {
float: left;
}
// Explicity set top padding on all checkboxes/radios, not just first-child
.controls-row .checkbox[class*="span"],
.controls-row .radio[class*="span"] {
padding-top: 5px;
}
// DISABLED STATE
// --------------
// Disabled and read-only inputs
input[disabled],
select[disabled],
textarea[disabled],
input[readonly],
select[readonly],
textarea[readonly] {
cursor: not-allowed;
background-color: @inputDisabledBackground;
}
// Explicitly reset the colors here
input[type="radio"][disabled],
input[type="checkbox"][disabled],
input[type="radio"][readonly],
input[type="checkbox"][readonly] {
background-color: transparent;
}
// FORM FIELD FEEDBACK STATES
// --------------------------
// Warning
.control-group.warning {
.formFieldState(@warningText, @warningText, @warningBackground);
}
// Error
.control-group.error {
.formFieldState(@errorText, @errorText, @errorBackground);
}
// Success
.control-group.success {
.formFieldState(@successText, @successText, @successBackground);
}
// Success
.control-group.info {
.formFieldState(@infoText, @infoText, @infoBackground);
}
// HTML5 invalid states
// Shares styles with the .control-group.error above
input:focus:invalid,
textarea:focus:invalid,
select:focus:invalid {
color: #b94a48;
border-color: #ee5f5b;
&:focus {
border-color: darken(#ee5f5b, 10%);
@shadow: 0 0 6px lighten(#ee5f5b, 20%);
.box-shadow(@shadow);
}
}
// FORM ACTIONS
// ------------
.form-actions {
padding: (@baseLineHeight - 1) 20px @baseLineHeight;
margin-top: @baseLineHeight;
margin-bottom: @baseLineHeight;
background-color: @formActionsBackground;
border-top: 1px solid #e5e5e5;
.clearfix(); // Adding clearfix to allow for .pull-right button containers
}
// HELP TEXT
// ---------
.help-block,
.help-inline {
color: lighten(@textColor, 15%); // lighten the text some for contrast
}
.help-block {
display: block; // account for any element using help-block
margin-bottom: @baseLineHeight / 2;
}
.help-inline {
display: inline-block;
.ie7-inline-block();
vertical-align: middle;
padding-left: 5px;
}
// INPUT GROUPS
// ------------
// Allow us to put symbols and text within the input field for a cleaner look
.input-append,
.input-prepend {
display: inline-block;
margin-bottom: @baseLineHeight / 2;
vertical-align: middle;
font-size: 0; // white space collapse hack
white-space: nowrap; // Prevent span and input from separating
// Reset the white space collapse hack
input,
select,
.uneditable-input,
.dropdown-menu,
.popover {
font-size: @baseFontSize;
}
input,
select,
.uneditable-input {
position: relative; // placed here by default so that on :focus we can place the input above the .add-on for full border and box-shadow goodness
margin-bottom: 0; // prevent bottom margin from screwing up alignment in stacked forms
*margin-left: 0;
vertical-align: top;
.border-radius(0 @inputBorderRadius @inputBorderRadius 0);
// Make input on top when focused so blue border and shadow always show
&:focus {
z-index: 2;
}
}
.add-on {
display: inline-block;
width: auto;
height: @baseLineHeight;
min-width: 16px;
padding: 4px 5px;
font-size: @baseFontSize;
font-weight: normal;
line-height: @baseLineHeight;
text-align: center;
text-shadow: 0 1px 0 @white;
background-color: @grayLighter;
border: 1px solid #ccc;
}
.add-on,
.btn,
.btn-group > .dropdown-toggle {
vertical-align: top;
.border-radius(0);
}
.active {
background-color: lighten(@green, 30);
border-color: @green;
}
}
.input-prepend {
.add-on,
.btn {
margin-right: -1px;
}
.add-on:first-child,
.btn:first-child {
// FYI, `.btn:first-child` accounts for a button group that's prepended
.border-radius(@inputBorderRadius 0 0 @inputBorderRadius);
}
}
.input-append {
input,
select,
.uneditable-input {
.border-radius(@inputBorderRadius 0 0 @inputBorderRadius);
+ .btn-group .btn:last-child {
.border-radius(0 @inputBorderRadius @inputBorderRadius 0);
}
}
.add-on,
.btn,
.btn-group {
margin-left: -1px;
}
.add-on:last-child,
.btn:last-child,
.btn-group:last-child > .dropdown-toggle {
.border-radius(0 @inputBorderRadius @inputBorderRadius 0);
}
}
// Remove all border-radius for inputs with both prepend and append
.input-prepend.input-append {
input,
select,
.uneditable-input {
.border-radius(0);
+ .btn-group .btn {
.border-radius(0 @inputBorderRadius @inputBorderRadius 0);
}
}
.add-on:first-child,
.btn:first-child {
margin-right: -1px;
.border-radius(@inputBorderRadius 0 0 @inputBorderRadius);
}
.add-on:last-child,
.btn:last-child {
margin-left: -1px;
.border-radius(0 @inputBorderRadius @inputBorderRadius 0);
}
.btn-group:first-child {
margin-left: 0;
}
}
// SEARCH FORM
// -----------
input.search-query {
padding-right: 14px;
padding-right: 4px \9;
padding-left: 14px;
padding-left: 4px \9; /* IE7-8 doesn't have border-radius, so don't indent the padding */
margin-bottom: 0; // Remove the default margin on all inputs
.border-radius(15px);
}
/* Allow for input prepend/append in search forms */
.form-search .input-append .search-query,
.form-search .input-prepend .search-query {
.border-radius(0); // Override due to specificity
}
.form-search .input-append .search-query {
.border-radius(14px 0 0 14px);
}
.form-search .input-append .btn {
.border-radius(0 14px 14px 0);
}
.form-search .input-prepend .search-query {
.border-radius(0 14px 14px 0);
}
.form-search .input-prepend .btn {
.border-radius(14px 0 0 14px);
}
// HORIZONTAL & VERTICAL FORMS
// ---------------------------
// Common properties
// -----------------
.form-search,
.form-inline,
.form-horizontal {
input,
textarea,
select,
.help-inline,
.uneditable-input,
.input-prepend,
.input-append {
display: inline-block;
.ie7-inline-block();
margin-bottom: 0;
vertical-align: middle;
}
// Re-hide hidden elements due to specifity
.hide {
display: none;
}
}
.form-search label,
.form-inline label,
.form-search .btn-group,
.form-inline .btn-group {
display: inline-block;
}
// Remove margin for input-prepend/-append
.form-search .input-append,
.form-inline .input-append,
.form-search .input-prepend,
.form-inline .input-prepend {
margin-bottom: 0;
}
// Inline checkbox/radio labels (remove padding on left)
.form-search .radio,
.form-search .checkbox,
.form-inline .radio,
.form-inline .checkbox {
padding-left: 0;
margin-bottom: 0;
vertical-align: middle;
}
// Remove float and margin, set to inline-block
.form-search .radio input[type="radio"],
.form-search .checkbox input[type="checkbox"],
.form-inline .radio input[type="radio"],
.form-inline .checkbox input[type="checkbox"] {
float: left;
margin-right: 3px;
margin-left: 0;
}
// Margin to space out fieldsets
.control-group {
margin-bottom: @baseLineHeight / 2;
}
// Legend collapses margin, so next element is responsible for spacing
legend + .control-group {
margin-top: @baseLineHeight;
-webkit-margin-top-collapse: separate;
}
// Horizontal-specific styles
// --------------------------
.form-horizontal {
// Increase spacing between groups
.control-group {
margin-bottom: @baseLineHeight;
.clearfix();
}
// Float the labels left
.control-label {
float: left;
width: @horizontalComponentOffset - 20;
padding-top: 5px;
text-align: right;
}
// Move over all input controls and content
.controls {
// Super jank IE7 fix to ensure the inputs in .input-append and input-prepend
// don't inherit the margin of the parent, in this case .controls
*display: inline-block;
*padding-left: 20px;
margin-left: @horizontalComponentOffset;
*margin-left: 0;
&:first-child {
*padding-left: @horizontalComponentOffset;
}
}
// Remove bottom margin on block level help text since that's accounted for on .control-group
.help-block {
margin-bottom: 0;
}
// And apply it only to .help-block instances that follow a form control
input,
select,
textarea,
.uneditable-input,
.input-prepend,
.input-append {
+ .help-block {
margin-top: @baseLineHeight / 2;
}
}
// Move over buttons in .form-actions to align with .controls
.form-actions {
padding-left: @horizontalComponentOffset;
}
}

21
openid-connect-server-webapp/src/main/webapp/less/grid.less
View File

@ -1,21 +0,0 @@
//
// Grid system
// --------------------------------------------------
// Fixed (940px)
#grid > .core(@gridColumnWidth, @gridGutterWidth);
// Fluid (940px)
#grid > .fluid(@fluidGridColumnWidth, @fluidGridGutterWidth);
// Reset utility classes due to specificity
[class*="span"].hide,
.row-fluid [class*="span"].hide {
display: none;
}
[class*="span"].pull-right,
.row-fluid [class*="span"].pull-right {
float: right;
}

25
openid-connect-server-webapp/src/main/webapp/less/hero-unit.less
View File

@ -1,25 +0,0 @@
//
// Hero unit
// --------------------------------------------------
.hero-unit {
padding: 60px;
margin-bottom: 30px;
font-size: 18px;
font-weight: 200;
line-height: @baseLineHeight * 1.5;
color: @heroUnitLeadColor;
background-color: @heroUnitBackground;
.border-radius(6px);
h1 {
margin-bottom: 0;
font-size: 60px;
line-height: 1;
color: @heroUnitHeadingColor;
letter-spacing: -1px;
}
li {
line-height: @baseLineHeight * 1.5; // Reset since we specify in type.less
}
}

84
openid-connect-server-webapp/src/main/webapp/less/labels-badges.less
View File

@ -1,84 +0,0 @@
//
// Labels and badges
// --------------------------------------------------
// Base classes
.label,
.badge {
display: inline-block;
padding: 2px 4px;
font-size: @baseFontSize * .846;
font-weight: bold;
line-height: 14px; // ensure proper line-height if floated
color: @white;
vertical-align: baseline;
white-space: nowrap;
text-shadow: 0 -1px 0 rgba(0,0,0,.25);
background-color: @grayLight;
}
// Set unique padding and border-radii
.label {
.border-radius(3px);
}
.badge {
padding-left: 9px;
padding-right: 9px;
.border-radius(9px);
}
// Empty labels/badges collapse
.label,
.badge {
&:empty {
display: none;
}
}
// Hover/focus state, but only for links
a {
&.label:hover,
&.label:focus,
&.badge:hover,
&.badge:focus {
color: @white;
text-decoration: none;
cursor: pointer;
}
}
// Colors
// Only give background-color difference to links (and to simplify, we don't qualifty with `a` but [href] attribute)
.label,
.badge {
// Important (red)
&-important { background-color: @errorText; }
&-important[href] { background-color: darken(@errorText, 10%); }
// Warnings (orange)
&-warning { background-color: @orange; }
&-warning[href] { background-color: darken(@orange, 10%); }
// Success (green)
&-success { background-color: @successText; }
&-success[href] { background-color: darken(@successText, 10%); }
// Info (turquoise)
&-info { background-color: @infoText; }
&-info[href] { background-color: darken(@infoText, 10%); }
// Inverse (black)
&-inverse { background-color: @grayDark; }
&-inverse[href] { background-color: darken(@grayDark, 10%); }
}
// Quick fix for labels/badges in buttons
.btn {
.label,
.badge {
position: relative;
top: -1px;
}
}
.btn-mini {
.label,
.badge {
top: 0;
}
}

16
openid-connect-server-webapp/src/main/webapp/less/layouts.less
View File

@ -1,16 +0,0 @@
//
// Layouts
// --------------------------------------------------
// Container (centered, fixed-width layouts)
.container {
.container-fixed();
}
// Fluid layouts (left aligned, with sidebar, min- & max-width content)
.container-fluid {
padding-right: @gridGutterWidth;
padding-left: @gridGutterWidth;
.clearfix();
}

55
openid-connect-server-webapp/src/main/webapp/less/media.less
View File

@ -1,55 +0,0 @@
// Media objects
// Source: http://stubbornella.org/content/?p=497
// --------------------------------------------------
// Common styles
// -------------------------
// Clear the floats
.media,
.media-body {
overflow: hidden;
*overflow: visible;
zoom: 1;
}
// Proper spacing between instances of .media
.media,
.media .media {
margin-top: 15px;
}
.media:first-child {
margin-top: 0;
}
// For images and videos, set to block
.media-object {
display: block;
}
// Reset margins on headings for tighter default spacing
.media-heading {
margin: 0 0 5px;
}
// Media image alignment
// -------------------------
.media > .pull-left {
margin-right: 10px;
}
.media > .pull-right {
margin-left: 10px;
}
// Media list variation
// -------------------------
// Undo default ul/ol styles
.media-list {
margin-left: 0;
list-style: none;
}

702
openid-connect-server-webapp/src/main/webapp/less/mixins.less
View File

@ -1,702 +0,0 @@
//
// Mixins
// --------------------------------------------------
// UTILITY MIXINS
// --------------------------------------------------
// Clearfix
// --------
// For clearing floats like a boss h5bp.com/q
.clearfix {
*zoom: 1;
&:before,
&:after {
display: table;
content: "";
// Fixes Opera/contenteditable bug:
// http://nicolasgallagher.com/micro-clearfix-hack/#comment-36952
line-height: 0;
}
&:after {
clear: both;
}
}
// Webkit-style focus
// ------------------
.tab-focus() {
// Default
outline: thin dotted #333;
// Webkit
outline: 5px auto -webkit-focus-ring-color;
outline-offset: -2px;
}
// Center-align a block level element
// ----------------------------------
.center-block() {
display: block;
margin-left: auto;
margin-right: auto;
}
// IE7 inline-block
// ----------------
.ie7-inline-block() {
*display: inline; /* IE7 inline-block hack */
*zoom: 1;
}
// IE7 likes to collapse whitespace on either side of the inline-block elements.
// Ems because we're attempting to match the width of a space character. Left
// version is for form buttons, which typically come after other elements, and
// right version is for icons, which come before. Applying both is ok, but it will
// mean that space between those elements will be .6em (~2 space characters) in IE7,
// instead of the 1 space in other browsers.
.ie7-restore-left-whitespace() {
*margin-left: .3em;
&:first-child {
*margin-left: 0;
}
}
.ie7-restore-right-whitespace() {
*margin-right: .3em;
}
// Sizing shortcuts
// -------------------------
.size(@height, @width) {
width: @width;
height: @height;
}
.square(@size) {
.size(@size, @size);
}
// Placeholder text
// -------------------------
.placeholder(@color: @placeholderText) {
&:-moz-placeholder {
color: @color;
}
&:-ms-input-placeholder {
color: @color;
}
&::-webkit-input-placeholder {
color: @color;
}
}
// Text overflow
// -------------------------
// Requires inline-block or block for proper styling
.text-overflow() {
overflow: hidden;
text-overflow: ellipsis;
white-space: nowrap;
}
// CSS image replacement
// -------------------------
// Source: https://github.com/h5bp/html5-boilerplate/commit/aa0396eae757
.hide-text {
font: 0/0 a;
color: transparent;
text-shadow: none;
background-color: transparent;
border: 0;
}
// FONTS
// --------------------------------------------------
#font {
#family {
.serif() {
font-family: @serifFontFamily;
}
.sans-serif() {
font-family: @sansFontFamily;
}
.monospace() {
font-family: @monoFontFamily;
}
}
.shorthand(@size: @baseFontSize, @weight: normal, @lineHeight: @baseLineHeight) {
font-size: @size;
font-weight: @weight;
line-height: @lineHeight;
}
.serif(@size: @baseFontSize, @weight: normal, @lineHeight: @baseLineHeight) {
#font > #family > .serif;
#font > .shorthand(@size, @weight, @lineHeight);
}
.sans-serif(@size: @baseFontSize, @weight: normal, @lineHeight: @baseLineHeight) {
#font > #family > .sans-serif;
#font > .shorthand(@size, @weight, @lineHeight);
}
.monospace(@size: @baseFontSize, @weight: normal, @lineHeight: @baseLineHeight) {
#font > #family > .monospace;
#font > .shorthand(@size, @weight, @lineHeight);
}
}
// FORMS
// --------------------------------------------------
// Block level inputs
.input-block-level {
display: block;
width: 100%;
min-height: @inputHeight; // Make inputs at least the height of their button counterpart (base line-height + padding + border)
.box-sizing(border-box); // Makes inputs behave like true block-level elements
}
// Mixin for form field states
.formFieldState(@textColor: #555, @borderColor: #ccc, @backgroundColor: #f5f5f5) {
// Set the text color
.control-label,
.help-block,
.help-inline {
color: @textColor;
}
// Style inputs accordingly
.checkbox,
.radio,
input,
select,
textarea {
color: @textColor;
}
input,
select,
textarea {
border-color: @borderColor;
.box-shadow(inset 0 1px 1px rgba(0,0,0,.075)); // Redeclare so transitions work
&:focus {
border-color: darken(@borderColor, 10%);
@shadow: inset 0 1px 1px rgba(0,0,0,.075), 0 0 6px lighten(@borderColor, 20%);
.box-shadow(@shadow);
}
}
// Give a small background color for input-prepend/-append
.input-prepend .add-on,
.input-append .add-on {
color: @textColor;
background-color: @backgroundColor;
border-color: @textColor;
}
}
// CSS3 PROPERTIES
// --------------------------------------------------
// Border Radius
.border-radius(@radius) {
-webkit-border-radius: @radius;
-moz-border-radius: @radius;
border-radius: @radius;
}
// Single Corner Border Radius
.border-top-left-radius(@radius) {
-webkit-border-top-left-radius: @radius;
-moz-border-radius-topleft: @radius;
border-top-left-radius: @radius;
}
.border-top-right-radius(@radius) {
-webkit-border-top-right-radius: @radius;
-moz-border-radius-topright: @radius;
border-top-right-radius: @radius;
}
.border-bottom-right-radius(@radius) {
-webkit-border-bottom-right-radius: @radius;
-moz-border-radius-bottomright: @radius;
border-bottom-right-radius: @radius;
}
.border-bottom-left-radius(@radius) {
-webkit-border-bottom-left-radius: @radius;
-moz-border-radius-bottomleft: @radius;
border-bottom-left-radius: @radius;
}
// Single Side Border Radius
.border-top-radius(@radius) {
.border-top-right-radius(@radius);
.border-top-left-radius(@radius);
}
.border-right-radius(@radius) {
.border-top-right-radius(@radius);
.border-bottom-right-radius(@radius);
}
.border-bottom-radius(@radius) {
.border-bottom-right-radius(@radius);
.border-bottom-left-radius(@radius);
}
.border-left-radius(@radius) {
.border-top-left-radius(@radius);
.border-bottom-left-radius(@radius);
}
// Drop shadows
.box-shadow(@shadow) {
-webkit-box-shadow: @shadow;
-moz-box-shadow: @shadow;
box-shadow: @shadow;
}
// Transitions
.transition(@transition) {
-webkit-transition: @transition;
-moz-transition: @transition;
-o-transition: @transition;
transition: @transition;
}
.transition-delay(@transition-delay) {
-webkit-transition-delay: @transition-delay;
-moz-transition-delay: @transition-delay;
-o-transition-delay: @transition-delay;
transition-delay: @transition-delay;
}
.transition-duration(@transition-duration) {
-webkit-transition-duration: @transition-duration;
-moz-transition-duration: @transition-duration;
-o-transition-duration: @transition-duration;
transition-duration: @transition-duration;
}
// Transformations
.rotate(@degrees) {
-webkit-transform: rotate(@degrees);
-moz-transform: rotate(@degrees);
-ms-transform: rotate(@degrees);
-o-transform: rotate(@degrees);
transform: rotate(@degrees);
}
.scale(@ratio) {
-webkit-transform: scale(@ratio);
-moz-transform: scale(@ratio);
-ms-transform: scale(@ratio);
-o-transform: scale(@ratio);
transform: scale(@ratio);
}
.translate(@x, @y) {
-webkit-transform: translate(@x, @y);
-moz-transform: translate(@x, @y);
-ms-transform: translate(@x, @y);
-o-transform: translate(@x, @y);
transform: translate(@x, @y);
}
.skew(@x, @y) {
-webkit-transform: skew(@x, @y);
-moz-transform: skew(@x, @y);
-ms-transform: skewX(@x) skewY(@y); // See https://github.com/twbs/bootstrap/issues/4885
-o-transform: skew(@x, @y);
transform: skew(@x, @y);
-webkit-backface-visibility: hidden; // See https://github.com/twbs/bootstrap/issues/5319
}
.translate3d(@x, @y, @z) {
-webkit-transform: translate3d(@x, @y, @z);
-moz-transform: translate3d(@x, @y, @z);
-o-transform: translate3d(@x, @y, @z);
transform: translate3d(@x, @y, @z);
}
// Backface visibility
// Prevent browsers from flickering when using CSS 3D transforms.
// Default value is `visible`, but can be changed to `hidden
// See git pull https://github.com/dannykeane/bootstrap.git backface-visibility for examples
.backface-visibility(@visibility){
-webkit-backface-visibility: @visibility;
-moz-backface-visibility: @visibility;
backface-visibility: @visibility;
}
// Background clipping
// Heads up: FF 3.6 and under need "padding" instead of "padding-box"
.background-clip(@clip) {
-webkit-background-clip: @clip;
-moz-background-clip: @clip;
background-clip: @clip;
}
// Background sizing
.background-size(@size) {
-webkit-background-size: @size;
-moz-background-size: @size;
-o-background-size: @size;
background-size: @size;
}
// Box sizing
.box-sizing(@boxmodel) {
-webkit-box-sizing: @boxmodel;
-moz-box-sizing: @boxmodel;
box-sizing: @boxmodel;
}
// User select
// For selecting text on the page
.user-select(@select) {
-webkit-user-select: @select;
-moz-user-select: @select;
-ms-user-select: @select;
-o-user-select: @select;
user-select: @select;
}
// Resize anything
.resizable(@direction) {
resize: @direction; // Options: horizontal, vertical, both
overflow: auto; // Safari fix
}
// CSS3 Content Columns
.content-columns(@columnCount, @columnGap: @gridGutterWidth) {
-webkit-column-count: @columnCount;
-moz-column-count: @columnCount;
column-count: @columnCount;
-webkit-column-gap: @columnGap;
-moz-column-gap: @columnGap;
column-gap: @columnGap;
}
// Optional hyphenation
.hyphens(@mode: auto) {
word-wrap: break-word;
-webkit-hyphens: @mode;
-moz-hyphens: @mode;
-ms-hyphens: @mode;
-o-hyphens: @mode;
hyphens: @mode;
}
// Opacity
.opacity(@opacity) {
opacity: @opacity / 100;
filter: ~"alpha(opacity=@{opacity})";
}
// BACKGROUNDS
// --------------------------------------------------
// Add an alphatransparency value to any background or border color (via Elyse Holladay)
#translucent {
.background(@color: @white, @alpha: 1) {
background-color: hsla(hue(@color), saturation(@color), lightness(@color), @alpha);
}
.border(@color: @white, @alpha: 1) {
border-color: hsla(hue(@color), saturation(@color), lightness(@color), @alpha);
.background-clip(padding-box);
}
}
// Gradient Bar Colors for buttons and alerts
.gradientBar(@primaryColor, @secondaryColor, @textColor: #fff, @textShadow: 0 -1px 0 rgba(0,0,0,.25)) {
color: @textColor;
text-shadow: @textShadow;
#gradient > .vertical(@primaryColor, @secondaryColor);
border-color: @secondaryColor @secondaryColor darken(@secondaryColor, 15%);
border-color: rgba(0,0,0,.1) rgba(0,0,0,.1) fadein(rgba(0,0,0,.1), 15%);
}
// Gradients
#gradient {
.horizontal(@startColor: #555, @endColor: #333) {
background-color: @endColor;
background-image: -moz-linear-gradient(left, @startColor, @endColor); // FF 3.6+
background-image: -webkit-gradient(linear, 0 0, 100% 0, from(@startColor), to(@endColor)); // Safari 4+, Chrome 2+
background-image: -webkit-linear-gradient(left, @startColor, @endColor); // Safari 5.1+, Chrome 10+
background-image: -o-linear-gradient(left, @startColor, @endColor); // Opera 11.10
background-image: linear-gradient(to right, @startColor, @endColor); // Standard, IE10
background-repeat: repeat-x;
filter: e(%("progid:DXImageTransform.Microsoft.gradient(startColorstr='%d', endColorstr='%d', GradientType=1)",argb(@startColor),argb(@endColor))); // IE9 and down
}
.vertical(@startColor: #555, @endColor: #333) {
background-color: mix(@startColor, @endColor, 60%);
background-image: -moz-linear-gradient(top, @startColor, @endColor); // FF 3.6+
background-image: -webkit-gradient(linear, 0 0, 0 100%, from(@startColor), to(@endColor)); // Safari 4+, Chrome 2+
background-image: -webkit-linear-gradient(top, @startColor, @endColor); // Safari 5.1+, Chrome 10+
background-image: -o-linear-gradient(top, @startColor, @endColor); // Opera 11.10
background-image: linear-gradient(to bottom, @startColor, @endColor); // Standard, IE10
background-repeat: repeat-x;
filter: e(%("progid:DXImageTransform.Microsoft.gradient(startColorstr='%d', endColorstr='%d', GradientType=0)",argb(@startColor),argb(@endColor))); // IE9 and down
}
.directional(@startColor: #555, @endColor: #333, @deg: 45deg) {
background-color: @endColor;
background-repeat: repeat-x;
background-image: -moz-linear-gradient(@deg, @startColor, @endColor); // FF 3.6+
background-image: -webkit-linear-gradient(@deg, @startColor, @endColor); // Safari 5.1+, Chrome 10+
background-image: -o-linear-gradient(@deg, @startColor, @endColor); // Opera 11.10
background-image: linear-gradient(@deg, @startColor, @endColor); // Standard, IE10
}
.horizontal-three-colors(@startColor: #00b3ee, @midColor: #7a43b6, @colorStop: 50%, @endColor: #c3325f) {
background-color: mix(@midColor, @endColor, 80%);
background-image: -webkit-gradient(left, linear, 0 0, 0 100%, from(@startColor), color-stop(@colorStop, @midColor), to(@endColor));
background-image: -webkit-linear-gradient(left, @startColor, @midColor @colorStop, @endColor);
background-image: -moz-linear-gradient(left, @startColor, @midColor @colorStop, @endColor);
background-image: -o-linear-gradient(left, @startColor, @midColor @colorStop, @endColor);
background-image: linear-gradient(to right, @startColor, @midColor @colorStop, @endColor);
background-repeat: no-repeat;
filter: e(%("progid:DXImageTransform.Microsoft.gradient(startColorstr='%d', endColorstr='%d', GradientType=0)",argb(@startColor),argb(@endColor))); // IE9 and down, gets no color-stop at all for proper fallback
}
.vertical-three-colors(@startColor: #00b3ee, @midColor: #7a43b6, @colorStop: 50%, @endColor: #c3325f) {
background-color: mix(@midColor, @endColor, 80%);
background-image: -webkit-gradient(linear, 0 0, 0 100%, from(@startColor), color-stop(@colorStop, @midColor), to(@endColor));
background-image: -webkit-linear-gradient(@startColor, @midColor @colorStop, @endColor);
background-image: -moz-linear-gradient(top, @startColor, @midColor @colorStop, @endColor);
background-image: -o-linear-gradient(@startColor, @midColor @colorStop, @endColor);
background-image: linear-gradient(@startColor, @midColor @colorStop, @endColor);
background-repeat: no-repeat;
filter: e(%("progid:DXImageTransform.Microsoft.gradient(startColorstr='%d', endColorstr='%d', GradientType=0)",argb(@startColor),argb(@endColor))); // IE9 and down, gets no color-stop at all for proper fallback
}
.radial(@innerColor: #555, @outerColor: #333) {
background-color: @outerColor;
background-image: -webkit-gradient(radial, center center, 0, center center, 460, from(@innerColor), to(@outerColor));
background-image: -webkit-radial-gradient(circle, @innerColor, @outerColor);
background-image: -moz-radial-gradient(circle, @innerColor, @outerColor);
background-image: -o-radial-gradient(circle, @innerColor, @outerColor);
background-repeat: no-repeat;
}
.striped(@color: #555, @angle: 45deg) {
background-color: @color;
background-image: -webkit-gradient(linear, 0 100%, 100% 0, color-stop(.25, rgba(255,255,255,.15)), color-stop(.25, transparent), color-stop(.5, transparent), color-stop(.5, rgba(255,255,255,.15)), color-stop(.75, rgba(255,255,255,.15)), color-stop(.75, transparent), to(transparent));
background-image: -webkit-linear-gradient(@angle, rgba(255,255,255,.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,.15) 50%, rgba(255,255,255,.15) 75%, transparent 75%, transparent);
background-image: -moz-linear-gradient(@angle, rgba(255,255,255,.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,.15) 50%, rgba(255,255,255,.15) 75%, transparent 75%, transparent);
background-image: -o-linear-gradient(@angle, rgba(255,255,255,.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,.15) 50%, rgba(255,255,255,.15) 75%, transparent 75%, transparent);
background-image: linear-gradient(@angle, rgba(255,255,255,.15) 25%, transparent 25%, transparent 50%, rgba(255,255,255,.15) 50%, rgba(255,255,255,.15) 75%, transparent 75%, transparent);
}
}
// Reset filters for IE
.reset-filter() {
filter: e(%("progid:DXImageTransform.Microsoft.gradient(enabled = false)"));
}
// COMPONENT MIXINS
// --------------------------------------------------
// Horizontal dividers
// -------------------------
// Dividers (basically an hr) within dropdowns and nav lists
.nav-divider(@top: #e5e5e5, @bottom: @white) {
// IE7 needs a set width since we gave a height. Restricting just
// to IE7 to keep the 1px left/right space in other browsers.
// It is unclear where IE is getting the extra space that we need
// to negative-margin away, but so it goes.
*width: 100%;
height: 1px;
margin: ((@baseLineHeight / 2) - 1) 1px; // 8px 1px
*margin: -5px 0 5px;
overflow: hidden;
background-color: @top;
border-bottom: 1px solid @bottom;
}
// Button backgrounds
// ------------------
.buttonBackground(@startColor, @endColor, @textColor: #fff, @textShadow: 0 -1px 0 rgba(0,0,0,.25)) {
// gradientBar will set the background to a pleasing blend of these, to support IE<=9
.gradientBar(@startColor, @endColor, @textColor, @textShadow);
*background-color: @endColor; /* Darken IE7 buttons by default so they stand out more given they won't have borders */
.reset-filter();
// in these cases the gradient won't cover the background, so we override
&:hover, &:focus, &:active, &.active, &.disabled, &[disabled] {
color: @textColor;
background-color: @endColor;
*background-color: darken(@endColor, 5%);
}
// IE 7 + 8 can't handle box-shadow to show active, so we darken a bit ourselves
&:active,
&.active {
background-color: darken(@endColor, 10%) e("\9");
}
}
// Navbar vertical align
// -------------------------
// Vertically center elements in the navbar.
// Example: an element has a height of 30px, so write out `.navbarVerticalAlign(30px);` to calculate the appropriate top margin.
.navbarVerticalAlign(@elementHeight) {
margin-top: (@navbarHeight - @elementHeight) / 2;
}
// Grid System
// -----------
// Centered container element
.container-fixed() {
margin-right: auto;
margin-left: auto;
.clearfix();
}
// Table columns
.tableColumns(@columnSpan: 1) {
float: none; // undo default grid column styles
width: ((@gridColumnWidth) * @columnSpan) + (@gridGutterWidth * (@columnSpan - 1)) - 16; // 16 is total padding on left and right of table cells
margin-left: 0; // undo default grid column styles
}
// Make a Grid
// Use .makeRow and .makeColumn to assign semantic layouts grid system behavior
.makeRow() {
margin-left: @gridGutterWidth * -1;
.clearfix();
}
.makeColumn(@columns: 1, @offset: 0) {
float: left;
margin-left: (@gridColumnWidth * @offset) + (@gridGutterWidth * (@offset - 1)) + (@gridGutterWidth * 2);
width: (@gridColumnWidth * @columns) + (@gridGutterWidth * (@columns - 1));
}
// The Grid
#grid {
.core (@gridColumnWidth, @gridGutterWidth) {
.spanX (@index) when (@index > 0) {
.span@{index} { .span(@index); }
.spanX(@index - 1);
}
.spanX (0) {}
.offsetX (@index) when (@index > 0) {
.offset@{index} { .offset(@index); }
.offsetX(@index - 1);
}
.offsetX (0) {}
.offset (@columns) {
margin-left: (@gridColumnWidth * @columns) + (@gridGutterWidth * (@columns + 1));
}
.span (@columns) {
width: (@gridColumnWidth * @columns) + (@gridGutterWidth * (@columns - 1));
}
.row {
margin-left: @gridGutterWidth * -1;
.clearfix();
}
[class*="span"] {
float: left;
min-height: 1px; // prevent collapsing columns
margin-left: @gridGutterWidth;
}
// Set the container width, and override it for fixed navbars in media queries
.container,
.navbar-static-top .container,
.navbar-fixed-top .container,
.navbar-fixed-bottom .container { .span(@gridColumns); }
// generate .spanX and .offsetX
.spanX (@gridColumns);
.offsetX (@gridColumns);
}
.fluid (@fluidGridColumnWidth, @fluidGridGutterWidth) {
.spanX (@index) when (@index > 0) {
.span@{index} { .span(@index); }
.spanX(@index - 1);
}
.spanX (0) {}
.offsetX (@index) when (@index > 0) {
.offset@{index} { .offset(@index); }
.offset@{index}:first-child { .offsetFirstChild(@index); }
.offsetX(@index - 1);
}
.offsetX (0) {}
.offset (@columns) {
margin-left: (@fluidGridColumnWidth * @columns) + (@fluidGridGutterWidth * (@columns - 1)) + (@fluidGridGutterWidth*2);
*margin-left: (@fluidGridColumnWidth * @columns) + (@fluidGridGutterWidth * (@columns - 1)) - (.5 / @gridRowWidth * 100 * 1%) + (@fluidGridGutterWidth*2) - (.5 / @gridRowWidth * 100 * 1%);
}
.offsetFirstChild (@columns) {
margin-left: (@fluidGridColumnWidth * @columns) + (@fluidGridGutterWidth * (@columns - 1)) + (@fluidGridGutterWidth);
*margin-left: (@fluidGridColumnWidth * @columns) + (@fluidGridGutterWidth * (@columns - 1)) - (.5 / @gridRowWidth * 100 * 1%) + @fluidGridGutterWidth - (.5 / @gridRowWidth * 100 * 1%);
}
.span (@columns) {
width: (@fluidGridColumnWidth * @columns) + (@fluidGridGutterWidth * (@columns - 1));
*width: (@fluidGridColumnWidth * @columns) + (@fluidGridGutterWidth * (@columns - 1)) - (.5 / @gridRowWidth * 100 * 1%);
}
.row-fluid {
width: 100%;
.clearfix();
[class*="span"] {
.input-block-level();
float: left;
margin-left: @fluidGridGutterWidth;
*margin-left: @fluidGridGutterWidth - (.5 / @gridRowWidth * 100 * 1%);
}
[class*="span"]:first-child {
margin-left: 0;
}
// Space grid-sized controls properly if multiple per line
.controls-row [class*="span"] + [class*="span"] {
margin-left: @fluidGridGutterWidth;
}
// generate .spanX and .offsetX
.spanX (@gridColumns);
.offsetX (@gridColumns);
}
}
.input(@gridColumnWidth, @gridGutterWidth) {
.spanX (@index) when (@index > 0) {
input.span@{index}, textarea.span@{index}, .uneditable-input.span@{index} { .span(@index); }
.spanX(@index - 1);
}
.spanX (0) {}
.span(@columns) {
width: ((@gridColumnWidth) * @columns) + (@gridGutterWidth * (@columns - 1)) - 14;
}
input,
textarea,
.uneditable-input {
margin-left: 0; // override margin-left from core grid system
}
// Space grid-sized controls properly if multiple per line
.controls-row [class*="span"] + [class*="span"] {
margin-left: @gridGutterWidth;
}
// generate .spanX
.spanX (@gridColumns);
}
}

95
openid-connect-server-webapp/src/main/webapp/less/modals.less
View File

@ -1,95 +0,0 @@
//
// Modals
// --------------------------------------------------
// Background
.modal-backdrop {
position: fixed;
top: 0;
right: 0;
bottom: 0;
left: 0;
z-index: @zindexModalBackdrop;
background-color: @black;
// Fade for backdrop
&.fade { opacity: 0; }
}
.modal-backdrop,
.modal-backdrop.fade.in {
.opacity(80);
}
// Base modal
.modal {
position: fixed;
top: 10%;
left: 50%;
z-index: @zindexModal;
width: 560px;
margin-left: -280px;
background-color: @white;
border: 1px solid #999;
border: 1px solid rgba(0,0,0,.3);
*border: 1px solid #999; /* IE6-7 */
.border-radius(6px);
.box-shadow(0 3px 7px rgba(0,0,0,0.3));
.background-clip(padding-box);
// Remove focus outline from opened modal
outline: none;
&.fade {
.transition(e('opacity .3s linear, top .3s ease-out'));
top: -25%;
}
&.fade.in { top: 10%; }
}
.modal-header {
padding: 9px 15px;
border-bottom: 1px solid #eee;
// Close icon
.close { margin-top: 2px; }
// Heading
h3 {
margin: 0;
line-height: 30px;
}
}
// Body (where all modal content resides)
.modal-body {
position: relative;
overflow-y: auto;
max-height: 400px;
padding: 15px;
}
// Remove bottom margin if need be
.modal-form {
margin-bottom: 0;
}
// Footer (for actions)
.modal-footer {
padding: 14px 15px 15px;
margin-bottom: 0;
text-align: right; // right align buttons
background-color: #f5f5f5;
border-top: 1px solid #ddd;
.border-radius(0 0 6px 6px);
.box-shadow(inset 0 1px 0 @white);
.clearfix(); // clear it in case folks use .pull-* classes on buttons
// Properly space out buttons
.btn + .btn {
margin-left: 5px;
margin-bottom: 0; // account for input[type="submit"] which gets the bottom margin like all other inputs
}
// but override that for button groups
.btn-group .btn + .btn {
margin-left: -1px;
}
// and override it for block buttons as well
.btn-block + .btn-block {
margin-left: 0;
}
}

497
openid-connect-server-webapp/src/main/webapp/less/navbar.less
View File

@ -1,497 +0,0 @@
//
// Navbars (Redux)
// --------------------------------------------------
// COMMON STYLES
// -------------
// Base class and wrapper
.navbar {
overflow: visible;
margin-bottom: @baseLineHeight;
// Fix for IE7's bad z-indexing so dropdowns don't appear below content that follows the navbar
*position: relative;
*z-index: 2;
}
// Inner for background effects
// Gradient is applied to its own element because overflow visible is not honored by IE when filter is present
.navbar-inner {
min-height: @navbarHeight;
padding-left: 20px;
padding-right: 20px;
#gradient > .vertical(@navbarBackgroundHighlight, @navbarBackground);
border: 1px solid @navbarBorder;
.border-radius(@baseBorderRadius);
.box-shadow(0 1px 4px rgba(0,0,0,.065));
// Prevent floats from breaking the navbar
.clearfix();
}
// Set width to auto for default container
// We then reset it for fixed navbars in the #gridSystem mixin
.navbar .container {
width: auto;
}
// Override the default collapsed state
.nav-collapse.collapse {
height: auto;
overflow: visible;
}
// Brand: website or project name
// -------------------------
.navbar .brand {
float: left;
display: block;
// Vertically center the text given @navbarHeight
padding: ((@navbarHeight - @baseLineHeight) / 2) 20px ((@navbarHeight - @baseLineHeight) / 2);
margin-left: -20px; // negative indent to left-align the text down the page
font-size: 20px;
font-weight: 200;
color: @navbarBrandColor;
text-shadow: 0 1px 0 @navbarBackgroundHighlight;
&:hover,
&:focus {
text-decoration: none;
}
}
// Plain text in topbar
// -------------------------
.navbar-text {
margin-bottom: 0;
line-height: @navbarHeight;
color: @navbarText;
}
// Janky solution for now to account for links outside the .nav
// -------------------------
.navbar-link {
color: @navbarLinkColor;
&:hover,
&:focus {
color: @navbarLinkColorHover;
}
}
// Dividers in navbar
// -------------------------
.navbar .divider-vertical {
height: @navbarHeight;
margin: 0 9px;
border-left: 1px solid @navbarBackground;
border-right: 1px solid @navbarBackgroundHighlight;
}
// Buttons in navbar
// -------------------------
.navbar .btn,
.navbar .btn-group {
.navbarVerticalAlign(30px); // Vertically center in navbar
}
.navbar .btn-group .btn,
.navbar .input-prepend .btn,
.navbar .input-append .btn,
.navbar .input-prepend .btn-group,
.navbar .input-append .btn-group {
margin-top: 0; // then undo the margin here so we don't accidentally double it
}
// Navbar forms
// -------------------------
.navbar-form {
margin-bottom: 0; // remove default bottom margin
.clearfix();
input,
select,
.radio,
.checkbox {
.navbarVerticalAlign(30px); // Vertically center in navbar
}
input,
select,
.btn {
display: inline-block;
margin-bottom: 0;
}
input[type="image"],
input[type="checkbox"],
input[type="radio"] {
margin-top: 3px;
}
.input-append,
.input-prepend {
margin-top: 5px;
white-space: nowrap; // preven two items from separating within a .navbar-form that has .pull-left
input {
margin-top: 0; // remove the margin on top since it's on the parent
}
}
}
// Navbar search
// -------------------------
.navbar-search {
position: relative;
float: left;
.navbarVerticalAlign(30px); // Vertically center in navbar
margin-bottom: 0;
.search-query {
margin-bottom: 0;
padding: 4px 14px;
#font > .sans-serif(13px, normal, 1);
.border-radius(15px); // redeclare because of specificity of the type attribute
}
}
// Static navbar
// -------------------------
.navbar-static-top {
position: static;
margin-bottom: 0; // remove 18px margin for default navbar
.navbar-inner {
.border-radius(0);
}
}
// Fixed navbar
// -------------------------
// Shared (top/bottom) styles
.navbar-fixed-top,
.navbar-fixed-bottom {
position: fixed;
right: 0;
left: 0;
z-index: @zindexFixedNavbar;
margin-bottom: 0; // remove 18px margin for default navbar
}
.navbar-fixed-top .navbar-inner,
.navbar-static-top .navbar-inner {
border-width: 0 0 1px;
}
.navbar-fixed-bottom .navbar-inner {
border-width: 1px 0 0;
}
.navbar-fixed-top .navbar-inner,
.navbar-fixed-bottom .navbar-inner {
padding-left: 0;
padding-right: 0;
.border-radius(0);
}
// Reset container width
// Required here as we reset the width earlier on and the grid mixins don't override early enough
.navbar-static-top .container,
.navbar-fixed-top .container,
.navbar-fixed-bottom .container {
#grid > .core > .span(@gridColumns);
}
// Fixed to top
.navbar-fixed-top {
top: 0;
}
.navbar-fixed-top,
.navbar-static-top {
.navbar-inner {
.box-shadow(~"0 1px 10px rgba(0,0,0,.1)");
}
}
// Fixed to bottom
.navbar-fixed-bottom {
bottom: 0;
.navbar-inner {
.box-shadow(~"0 -1px 10px rgba(0,0,0,.1)");
}
}
// NAVIGATION
// ----------
.navbar .nav {
position: relative;
left: 0;
display: block;
float: left;
margin: 0 10px 0 0;
}
.navbar .nav.pull-right {
float: right; // redeclare due to specificity
margin-right: 0; // remove margin on float right nav
}
.navbar .nav > li {
float: left;
}
// Links
.navbar .nav > li > a {
float: none;
// Vertically center the text given @navbarHeight
padding: ((@navbarHeight - @baseLineHeight) / 2) 15px ((@navbarHeight - @baseLineHeight) / 2);
color: @navbarLinkColor;
text-decoration: none;
text-shadow: 0 1px 0 @navbarBackgroundHighlight;
}
.navbar .nav .dropdown-toggle .caret {
margin-top: 8px;
}
// Hover/focus
.navbar .nav > li > a:focus,
.navbar .nav > li > a:hover {
background-color: @navbarLinkBackgroundHover; // "transparent" is default to differentiate :hover/:focus from .active
color: @navbarLinkColorHover;
text-decoration: none;
}
// Active nav items
.navbar .nav > .active > a,
.navbar .nav > .active > a:hover,
.navbar .nav > .active > a:focus {
color: @navbarLinkColorActive;
text-decoration: none;
background-color: @navbarLinkBackgroundActive;
.box-shadow(inset 0 3px 8px rgba(0,0,0,.125));
}
// Navbar button for toggling navbar items in responsive layouts
// These definitions need to come after '.navbar .btn'
.navbar .btn-navbar {
display: none;
float: right;
padding: 7px 10px;
margin-left: 5px;
margin-right: 5px;
.buttonBackground(darken(@navbarBackgroundHighlight, 5%), darken(@navbarBackground, 5%));
.box-shadow(~"inset 0 1px 0 rgba(255,255,255,.1), 0 1px 0 rgba(255,255,255,.075)");
}
.navbar .btn-navbar .icon-bar {
display: block;
width: 18px;
height: 2px;
background-color: #f5f5f5;
.border-radius(1px);
.box-shadow(0 1px 0 rgba(0,0,0,.25));
}
.btn-navbar .icon-bar + .icon-bar {
margin-top: 3px;
}
// Dropdown menus
// --------------
// Menu position and menu carets
.navbar .nav > li > .dropdown-menu {
&:before {
content: '';
display: inline-block;
border-left: 7px solid transparent;
border-right: 7px solid transparent;
border-bottom: 7px solid #ccc;
border-bottom-color: @dropdownBorder;
position: absolute;
top: -7px;
left: 9px;
}
&:after {
content: '';
display: inline-block;
border-left: 6px solid transparent;
border-right: 6px solid transparent;
border-bottom: 6px solid @dropdownBackground;
position: absolute;
top: -6px;
left: 10px;
}
}
// Menu position and menu caret support for dropups via extra dropup class
.navbar-fixed-bottom .nav > li > .dropdown-menu {
&:before {
border-top: 7px solid #ccc;
border-top-color: @dropdownBorder;
border-bottom: 0;
bottom: -7px;
top: auto;
}
&:after {
border-top: 6px solid @dropdownBackground;
border-bottom: 0;
bottom: -6px;
top: auto;
}
}
// Caret should match text color on hover/focus
.navbar .nav li.dropdown > a:hover .caret,
.navbar .nav li.dropdown > a:focus .caret {
border-top-color: @navbarLinkColorHover;
border-bottom-color: @navbarLinkColorHover;
}
// Remove background color from open dropdown
.navbar .nav li.dropdown.open > .dropdown-toggle,
.navbar .nav li.dropdown.active > .dropdown-toggle,
.navbar .nav li.dropdown.open.active > .dropdown-toggle {
background-color: @navbarLinkBackgroundActive;
color: @navbarLinkColorActive;
}
.navbar .nav li.dropdown > .dropdown-toggle .caret {
border-top-color: @navbarLinkColor;
border-bottom-color: @navbarLinkColor;
}
.navbar .nav li.dropdown.open > .dropdown-toggle .caret,
.navbar .nav li.dropdown.active > .dropdown-toggle .caret,
.navbar .nav li.dropdown.open.active > .dropdown-toggle .caret {
border-top-color: @navbarLinkColorActive;
border-bottom-color: @navbarLinkColorActive;
}
// Right aligned menus need alt position
.navbar .pull-right > li > .dropdown-menu,
.navbar .nav > li > .dropdown-menu.pull-right {
left: auto;
right: 0;
&:before {
left: auto;
right: 12px;
}
&:after {
left: auto;
right: 13px;
}
.dropdown-menu {
left: auto;
right: 100%;
margin-left: 0;
margin-right: -1px;
.border-radius(6px 0 6px 6px);
}
}
// Inverted navbar
// -------------------------
.navbar-inverse {
.navbar-inner {
#gradient > .vertical(@navbarInverseBackgroundHighlight, @navbarInverseBackground);
border-color: @navbarInverseBorder;
}
.brand,
.nav > li > a {
color: @navbarInverseLinkColor;
text-shadow: 0 -1px 0 rgba(0,0,0,.25);
&:hover,
&:focus {
color: @navbarInverseLinkColorHover;
}
}
.brand {
color: @navbarInverseBrandColor;
}
.navbar-text {
color: @navbarInverseText;
}
.nav > li > a:focus,
.nav > li > a:hover {
background-color: @navbarInverseLinkBackgroundHover;
color: @navbarInverseLinkColorHover;
}
.nav .active > a,
.nav .active > a:hover,
.nav .active > a:focus {
color: @navbarInverseLinkColorActive;
background-color: @navbarInverseLinkBackgroundActive;
}
// Inline text links
.navbar-link {
color: @navbarInverseLinkColor;
&:hover,
&:focus {
color: @navbarInverseLinkColorHover;
}
}
// Dividers in navbar
.divider-vertical {
border-left-color: @navbarInverseBackground;
border-right-color: @navbarInverseBackgroundHighlight;
}
// Dropdowns
.nav li.dropdown.open > .dropdown-toggle,
.nav li.dropdown.active > .dropdown-toggle,
.nav li.dropdown.open.active > .dropdown-toggle {
background-color: @navbarInverseLinkBackgroundActive;
color: @navbarInverseLinkColorActive;
}
.nav li.dropdown > a:hover .caret,
.nav li.dropdown > a:focus .caret {
border-top-color: @navbarInverseLinkColorActive;
border-bottom-color: @navbarInverseLinkColorActive;
}
.nav li.dropdown > .dropdown-toggle .caret {
border-top-color: @navbarInverseLinkColor;
border-bottom-color: @navbarInverseLinkColor;
}
.nav li.dropdown.open > .dropdown-toggle .caret,
.nav li.dropdown.active > .dropdown-toggle .caret,
.nav li.dropdown.open.active > .dropdown-toggle .caret {
border-top-color: @navbarInverseLinkColorActive;
border-bottom-color: @navbarInverseLinkColorActive;
}
// Navbar search
.navbar-search {
.search-query {
color: @white;
background-color: @navbarInverseSearchBackground;
border-color: @navbarInverseSearchBorder;
.box-shadow(~"inset 0 1px 2px rgba(0,0,0,.1), 0 1px 0 rgba(255,255,255,.15)");
.transition(none);
.placeholder(@navbarInverseSearchPlaceholderColor);
// Focus states (we use .focused since IE7-8 and down doesn't support :focus)
&:focus,
&.focused {
padding: 5px 15px;
color: @grayDark;
text-shadow: 0 1px 0 @white;
background-color: @navbarInverseSearchBackgroundFocus;
border: 0;
.box-shadow(0 0 3px rgba(0,0,0,.15));
outline: 0;
}
}
}
// Navbar collapse button
.btn-navbar {
.buttonBackground(darken(@navbarInverseBackgroundHighlight, 5%), darken(@navbarInverseBackground, 5%));
}
}

409
openid-connect-server-webapp/src/main/webapp/less/navs.less
View File

@ -1,409 +0,0 @@
//
// Navs
// --------------------------------------------------
// BASE CLASS
// ----------
.nav {
margin-left: 0;
margin-bottom: @baseLineHeight;
list-style: none;
}
// Make links block level
.nav > li > a {
display: block;
}
.nav > li > a:hover,
.nav > li > a:focus {
text-decoration: none;
background-color: @grayLighter;
}
// Prevent IE8 from misplacing imgs
// See https://github.com/h5bp/html5-boilerplate/issues/984#issuecomment-3985989
.nav > li > a > img {
max-width: none;
}
// Redeclare pull classes because of specifity
.nav > .pull-right {
float: right;
}
// Nav headers (for dropdowns and lists)
.nav-header {
display: block;
padding: 3px 15px;
font-size: 11px;
font-weight: bold;
line-height: @baseLineHeight;
color: @grayLight;
text-shadow: 0 1px 0 rgba(255,255,255,.5);
text-transform: uppercase;
}
// Space them out when they follow another list item (link)
.nav li + .nav-header {
margin-top: 9px;
}
// NAV LIST
// --------
.nav-list {
padding-left: 15px;
padding-right: 15px;
margin-bottom: 0;
}
.nav-list > li > a,
.nav-list .nav-header {
margin-left: -15px;
margin-right: -15px;
text-shadow: 0 1px 0 rgba(255,255,255,.5);
}
.nav-list > li > a {
padding: 3px 15px;
}
.nav-list > .active > a,
.nav-list > .active > a:hover,
.nav-list > .active > a:focus {
color: @white;
text-shadow: 0 -1px 0 rgba(0,0,0,.2);
background-color: @linkColor;
}
.nav-list [class^="icon-"],
.nav-list [class*=" icon-"] {
margin-right: 2px;
}
// Dividers (basically an hr) within the dropdown
.nav-list .divider {
.nav-divider();
}
// TABS AND PILLS
// -------------
// Common styles
.nav-tabs,
.nav-pills {
.clearfix();
}
.nav-tabs > li,
.nav-pills > li {
float: left;
}
.nav-tabs > li > a,
.nav-pills > li > a {
padding-right: 12px;
padding-left: 12px;
margin-right: 2px;
line-height: 14px; // keeps the overall height an even number
}
// TABS
// ----
// Give the tabs something to sit on
.nav-tabs {
border-bottom: 1px solid #ddd;
}
// Make the list-items overlay the bottom border
.nav-tabs > li {
margin-bottom: -1px;
}
// Actual tabs (as links)
.nav-tabs > li > a {
padding-top: 8px;
padding-bottom: 8px;
line-height: @baseLineHeight;
border: 1px solid transparent;
.border-radius(4px 4px 0 0);
&:hover,
&:focus {
border-color: @grayLighter @grayLighter #ddd;
}
}
// Active state, and it's :hover/:focus to override normal :hover/:focus
.nav-tabs > .active > a,
.nav-tabs > .active > a:hover,
.nav-tabs > .active > a:focus {
color: @gray;
background-color: @bodyBackground;
border: 1px solid #ddd;
border-bottom-color: transparent;
cursor: default;
}
// PILLS
// -----
// Links rendered as pills
.nav-pills > li > a {
padding-top: 8px;
padding-bottom: 8px;
margin-top: 2px;
margin-bottom: 2px;
.border-radius(5px);
}
// Active state
.nav-pills > .active > a,
.nav-pills > .active > a:hover,
.nav-pills > .active > a:focus {
color: @white;
background-color: @linkColor;
}
// STACKED NAV
// -----------
// Stacked tabs and pills
.nav-stacked > li {
float: none;
}
.nav-stacked > li > a {
margin-right: 0; // no need for the gap between nav items
}
// Tabs
.nav-tabs.nav-stacked {
border-bottom: 0;
}
.nav-tabs.nav-stacked > li > a {
border: 1px solid #ddd;
.border-radius(0);
}
.nav-tabs.nav-stacked > li:first-child > a {
.border-top-radius(4px);
}
.nav-tabs.nav-stacked > li:last-child > a {
.border-bottom-radius(4px);
}
.nav-tabs.nav-stacked > li > a:hover,
.nav-tabs.nav-stacked > li > a:focus {
border-color: #ddd;
z-index: 2;
}
// Pills
.nav-pills.nav-stacked > li > a {
margin-bottom: 3px;
}
.nav-pills.nav-stacked > li:last-child > a {
margin-bottom: 1px; // decrease margin to match sizing of stacked tabs
}
// DROPDOWNS
// ---------
.nav-tabs .dropdown-menu {
.border-radius(0 0 6px 6px); // remove the top rounded corners here since there is a hard edge above the menu
}
.nav-pills .dropdown-menu {
.border-radius(6px); // make rounded corners match the pills
}
// Default dropdown links
// -------------------------
// Make carets use linkColor to start
.nav .dropdown-toggle .caret {
border-top-color: @linkColor;
border-bottom-color: @linkColor;
margin-top: 6px;
}
.nav .dropdown-toggle:hover .caret,
.nav .dropdown-toggle:focus .caret {
border-top-color: @linkColorHover;
border-bottom-color: @linkColorHover;
}
/* move down carets for tabs */
.nav-tabs .dropdown-toggle .caret {
margin-top: 8px;
}
// Active dropdown links
// -------------------------
.nav .active .dropdown-toggle .caret {
border-top-color: #fff;
border-bottom-color: #fff;
}
.nav-tabs .active .dropdown-toggle .caret {
border-top-color: @gray;
border-bottom-color: @gray;
}
// Active:hover/:focus dropdown links
// -------------------------
.nav > .dropdown.active > a:hover,
.nav > .dropdown.active > a:focus {
cursor: pointer;
}
// Open dropdowns
// -------------------------
.nav-tabs .open .dropdown-toggle,
.nav-pills .open .dropdown-toggle,
.nav > li.dropdown.open.active > a:hover,
.nav > li.dropdown.open.active > a:focus {
color: @white;
background-color: @grayLight;
border-color: @grayLight;
}
.nav li.dropdown.open .caret,
.nav li.dropdown.open.active .caret,
.nav li.dropdown.open a:hover .caret,
.nav li.dropdown.open a:focus .caret {
border-top-color: @white;
border-bottom-color: @white;
.opacity(100);
}
// Dropdowns in stacked tabs
.tabs-stacked .open > a:hover,
.tabs-stacked .open > a:focus {
border-color: @grayLight;
}
// TABBABLE
// --------
// COMMON STYLES
// -------------
// Clear any floats
.tabbable {
.clearfix();
}
.tab-content {
overflow: auto; // prevent content from running below tabs
}
// Remove border on bottom, left, right
.tabs-below > .nav-tabs,
.tabs-right > .nav-tabs,
.tabs-left > .nav-tabs {
border-bottom: 0;
}
// Show/hide tabbable areas
.tab-content > .tab-pane,
.pill-content > .pill-pane {
display: none;
}
.tab-content > .active,
.pill-content > .active {
display: block;
}
// BOTTOM
// ------
.tabs-below > .nav-tabs {
border-top: 1px solid #ddd;
}
.tabs-below > .nav-tabs > li {
margin-top: -1px;
margin-bottom: 0;
}
.tabs-below > .nav-tabs > li > a {
.border-radius(0 0 4px 4px);
&:hover,
&:focus {
border-bottom-color: transparent;
border-top-color: #ddd;
}
}
.tabs-below > .nav-tabs > .active > a,
.tabs-below > .nav-tabs > .active > a:hover,
.tabs-below > .nav-tabs > .active > a:focus {
border-color: transparent #ddd #ddd #ddd;
}
// LEFT & RIGHT
// ------------
// Common styles
.tabs-left > .nav-tabs > li,
.tabs-right > .nav-tabs > li {
float: none;
}
.tabs-left > .nav-tabs > li > a,
.tabs-right > .nav-tabs > li > a {
min-width: 74px;
margin-right: 0;
margin-bottom: 3px;
}
// Tabs on the left
.tabs-left > .nav-tabs {
float: left;
margin-right: 19px;
border-right: 1px solid #ddd;
}
.tabs-left > .nav-tabs > li > a {
margin-right: -1px;
.border-radius(4px 0 0 4px);
}
.tabs-left > .nav-tabs > li > a:hover,
.tabs-left > .nav-tabs > li > a:focus {
border-color: @grayLighter #ddd @grayLighter @grayLighter;
}
.tabs-left > .nav-tabs .active > a,
.tabs-left > .nav-tabs .active > a:hover,
.tabs-left > .nav-tabs .active > a:focus {
border-color: #ddd transparent #ddd #ddd;
*border-right-color: @white;
}
// Tabs on the right
.tabs-right > .nav-tabs {
float: right;
margin-left: 19px;
border-left: 1px solid #ddd;
}
.tabs-right > .nav-tabs > li > a {
margin-left: -1px;
.border-radius(0 4px 4px 0);
}
.tabs-right > .nav-tabs > li > a:hover,
.tabs-right > .nav-tabs > li > a:focus {
border-color: @grayLighter @grayLighter @grayLighter #ddd;
}
.tabs-right > .nav-tabs .active > a,
.tabs-right > .nav-tabs .active > a:hover,
.tabs-right > .nav-tabs .active > a:focus {
border-color: #ddd #ddd #ddd transparent;
*border-left-color: @white;
}
// DISABLED STATES
// ---------------
// Gray out text
.nav > .disabled > a {
color: @grayLight;
}
// Nuke hover/focus effects
.nav > .disabled > a:hover,
.nav > .disabled > a:focus {
text-decoration: none;
background-color: transparent;
cursor: default;
}

43
openid-connect-server-webapp/src/main/webapp/less/pager.less
View File

@ -1,43 +0,0 @@
//
// Pager pagination
// --------------------------------------------------
.pager {
margin: @baseLineHeight 0;
list-style: none;
text-align: center;
.clearfix();
}
.pager li {
display: inline;
}
.pager li > a,
.pager li > span {
display: inline-block;
padding: 5px 14px;
background-color: #fff;
border: 1px solid #ddd;
.border-radius(15px);
}
.pager li > a:hover,
.pager li > a:focus {
text-decoration: none;
background-color: #f5f5f5;
}
.pager .next > a,
.pager .next > span {
float: right;
}
.pager .previous > a,
.pager .previous > span {
float: left;
}
.pager .disabled > a,
.pager .disabled > a:hover,
.pager .disabled > a:focus,
.pager .disabled > span {
color: @grayLight;
background-color: #fff;
cursor: default;
}

123
openid-connect-server-webapp/src/main/webapp/less/pagination.less
View File

@ -1,123 +0,0 @@
//
// Pagination (multiple pages)
// --------------------------------------------------
// Space out pagination from surrounding content
.pagination {
margin: @baseLineHeight 0;
}
.pagination ul {
// Allow for text-based alignment
display: inline-block;
.ie7-inline-block();
// Reset default ul styles
margin-left: 0;
margin-bottom: 0;
// Visuals
.border-radius(@baseBorderRadius);
.box-shadow(0 1px 2px rgba(0,0,0,.05));
}
.pagination ul > li {
display: inline; // Remove list-style and block-level defaults
}
.pagination ul > li > a,
.pagination ul > li > span {
float: left; // Collapse white-space
padding: 4px 12px;
line-height: @baseLineHeight;
text-decoration: none;
background-color: @paginationBackground;
border: 1px solid @paginationBorder;
border-left-width: 0;
}
.pagination ul > li > a:hover,
.pagination ul > li > a:focus,
.pagination ul > .active > a,
.pagination ul > .active > span {
background-color: @paginationActiveBackground;
}
.pagination ul > .active > a,
.pagination ul > .active > span {
color: @grayLight;
cursor: default;
}
.pagination ul > .disabled > span,
.pagination ul > .disabled > a,
.pagination ul > .disabled > a:hover,
.pagination ul > .disabled > a:focus {
color: @grayLight;
background-color: transparent;
cursor: default;
}
.pagination ul > li:first-child > a,
.pagination ul > li:first-child > span {
border-left-width: 1px;
.border-left-radius(@baseBorderRadius);
}
.pagination ul > li:last-child > a,
.pagination ul > li:last-child > span {
.border-right-radius(@baseBorderRadius);
}
// Alignment
// --------------------------------------------------
.pagination-centered {
text-align: center;
}
.pagination-right {
text-align: right;
}
// Sizing
// --------------------------------------------------
// Large
.pagination-large {
ul > li > a,
ul > li > span {
padding: @paddingLarge;
font-size: @fontSizeLarge;
}
ul > li:first-child > a,
ul > li:first-child > span {
.border-left-radius(@borderRadiusLarge);
}
ul > li:last-child > a,
ul > li:last-child > span {
.border-right-radius(@borderRadiusLarge);
}
}
// Small and mini
.pagination-mini,
.pagination-small {
ul > li:first-child > a,
ul > li:first-child > span {
.border-left-radius(@borderRadiusSmall);
}
ul > li:last-child > a,
ul > li:last-child > span {
.border-right-radius(@borderRadiusSmall);
}
}
// Small
.pagination-small {
ul > li > a,
ul > li > span {
padding: @paddingSmall;
font-size: @fontSizeSmall;
}
}
// Mini
.pagination-mini {
ul > li > a,
ul > li > span {
padding: @paddingMini;
font-size: @fontSizeMini;
}
}

133
openid-connect-server-webapp/src/main/webapp/less/popovers.less
View File

@ -1,133 +0,0 @@
//
// Popovers
// --------------------------------------------------
.popover {
position: absolute;
top: 0;
left: 0;
z-index: @zindexPopover;
display: none;
max-width: 276px;
padding: 1px;
text-align: left; // Reset given new insertion method
background-color: @popoverBackground;
-webkit-background-clip: padding-box;
-moz-background-clip: padding;
background-clip: padding-box;
border: 1px solid #ccc;
border: 1px solid rgba(0,0,0,.2);
.border-radius(6px);
.box-shadow(0 5px 10px rgba(0,0,0,.2));
// Overrides for proper insertion
white-space: normal;
// Offset the popover to account for the popover arrow
&.top { margin-top: -10px; }
&.right { margin-left: 10px; }
&.bottom { margin-top: 10px; }
&.left { margin-left: -10px; }
}
.popover-title {
margin: 0; // reset heading margin
padding: 8px 14px;
font-size: 14px;
font-weight: normal;
line-height: 18px;
background-color: @popoverTitleBackground;
border-bottom: 1px solid darken(@popoverTitleBackground, 5%);
.border-radius(5px 5px 0 0);
&:empty {
display: none;
}
}
.popover-content {
padding: 9px 14px;
}
// Arrows
//
// .arrow is outer, .arrow:after is inner
.popover .arrow,
.popover .arrow:after {
position: absolute;
display: block;
width: 0;
height: 0;
border-color: transparent;
border-style: solid;
}
.popover .arrow {
border-width: @popoverArrowOuterWidth;
}
.popover .arrow:after {
border-width: @popoverArrowWidth;
content: "";
}
.popover {
&.top .arrow {
left: 50%;
margin-left: -@popoverArrowOuterWidth;
border-bottom-width: 0;
border-top-color: #999; // IE8 fallback
border-top-color: @popoverArrowOuterColor;
bottom: -@popoverArrowOuterWidth;
&:after {
bottom: 1px;
margin-left: -@popoverArrowWidth;
border-bottom-width: 0;
border-top-color: @popoverArrowColor;
}
}
&.right .arrow {
top: 50%;
left: -@popoverArrowOuterWidth;
margin-top: -@popoverArrowOuterWidth;
border-left-width: 0;
border-right-color: #999; // IE8 fallback
border-right-color: @popoverArrowOuterColor;
&:after {
left: 1px;
bottom: -@popoverArrowWidth;
border-left-width: 0;
border-right-color: @popoverArrowColor;
}
}
&.bottom .arrow {
left: 50%;
margin-left: -@popoverArrowOuterWidth;
border-top-width: 0;
border-bottom-color: #999; // IE8 fallback
border-bottom-color: @popoverArrowOuterColor;
top: -@popoverArrowOuterWidth;
&:after {
top: 1px;
margin-left: -@popoverArrowWidth;
border-top-width: 0;
border-bottom-color: @popoverArrowColor;
}
}
&.left .arrow {
top: 50%;
right: -@popoverArrowOuterWidth;
margin-top: -@popoverArrowOuterWidth;
border-right-width: 0;
border-left-color: #999; // IE8 fallback
border-left-color: @popoverArrowOuterColor;
&:after {
right: 1px;
border-right-width: 0;
border-left-color: @popoverArrowColor;
bottom: -@popoverArrowWidth;
}
}
}

122
openid-connect-server-webapp/src/main/webapp/less/progress-bars.less
View File

@ -1,122 +0,0 @@
//
// Progress bars
// --------------------------------------------------
// ANIMATIONS
// ----------
// Webkit
@-webkit-keyframes progress-bar-stripes {
from { background-position: 40px 0; }
to { background-position: 0 0; }
}
// Firefox
@-moz-keyframes progress-bar-stripes {
from { background-position: 40px 0; }
to { background-position: 0 0; }
}
// IE9
@-ms-keyframes progress-bar-stripes {
from { background-position: 40px 0; }
to { background-position: 0 0; }
}
// Opera
@-o-keyframes progress-bar-stripes {
from { background-position: 0 0; }
to { background-position: 40px 0; }
}
// Spec
@keyframes progress-bar-stripes {
from { background-position: 40px 0; }
to { background-position: 0 0; }
}
// THE BARS
// --------
// Outer container
.progress {
overflow: hidden;
height: @baseLineHeight;
margin-bottom: @baseLineHeight;
#gradient > .vertical(#f5f5f5, #f9f9f9);
.box-shadow(inset 0 1px 2px rgba(0,0,0,.1));
.border-radius(@baseBorderRadius);
}
// Bar of progress
.progress .bar {
width: 0%;
height: 100%;
color: @white;
float: left;
font-size: 12px;
text-align: center;
text-shadow: 0 -1px 0 rgba(0,0,0,.25);
#gradient > .vertical(#149bdf, #0480be);
.box-shadow(inset 0 -1px 0 rgba(0,0,0,.15));
.box-sizing(border-box);
.transition(width .6s ease);
}
.progress .bar + .bar {
.box-shadow(~"inset 1px 0 0 rgba(0,0,0,.15), inset 0 -1px 0 rgba(0,0,0,.15)");
}
// Striped bars
.progress-striped .bar {
#gradient > .striped(#149bdf);
.background-size(40px 40px);
}
// Call animation for the active one
.progress.active .bar {
-webkit-animation: progress-bar-stripes 2s linear infinite;
-moz-animation: progress-bar-stripes 2s linear infinite;
-ms-animation: progress-bar-stripes 2s linear infinite;
-o-animation: progress-bar-stripes 2s linear infinite;
animation: progress-bar-stripes 2s linear infinite;
}
// COLORS
// ------
// Danger (red)
.progress-danger .bar, .progress .bar-danger {
#gradient > .vertical(#ee5f5b, #c43c35);
}
.progress-danger.progress-striped .bar, .progress-striped .bar-danger {
#gradient > .striped(#ee5f5b);
}
// Success (green)
.progress-success .bar, .progress .bar-success {
#gradient > .vertical(#62c462, #57a957);
}
.progress-success.progress-striped .bar, .progress-striped .bar-success {
#gradient > .striped(#62c462);
}
// Info (teal)
.progress-info .bar, .progress .bar-info {
#gradient > .vertical(#5bc0de, #339bb9);
}
.progress-info.progress-striped .bar, .progress-striped .bar-info {
#gradient > .striped(#5bc0de);
}
// Warning (orange)
.progress-warning .bar, .progress .bar-warning {
#gradient > .vertical(lighten(@orange, 15%), @orange);
}
.progress-warning.progress-striped .bar, .progress-striped .bar-warning {
#gradient > .striped(lighten(@orange, 15%));
}

216
openid-connect-server-webapp/src/main/webapp/less/reset.less
View File

@ -1,216 +0,0 @@
//
// Reset CSS
// Adapted from http://github.com/necolas/normalize.css
// --------------------------------------------------
// Display in IE6-9 and FF3
// -------------------------
article,
aside,
details,
figcaption,
figure,
footer,
header,
hgroup,
nav,
section {
display: block;
}
// Display block in IE6-9 and FF3
// -------------------------
audio,
canvas,
video {
display: inline-block;
*display: inline;
*zoom: 1;
}
// Prevents modern browsers from displaying 'audio' without controls
// -------------------------
audio:not([controls]) {
display: none;
}
// Base settings
// -------------------------
html {
font-size: 100%;
-webkit-text-size-adjust: 100%;
-ms-text-size-adjust: 100%;
}
// Focus states
a:focus {
.tab-focus();
}
// Hover & Active
a:hover,
a:active {
outline: 0;
}
// Prevents sub and sup affecting line-height in all browsers
// -------------------------
sub,
sup {
position: relative;
font-size: 75%;
line-height: 0;
vertical-align: baseline;
}
sup {
top: -0.5em;
}
sub {
bottom: -0.25em;
}
// Img border in a's and image quality
// -------------------------
img {
/* Responsive images (ensure images don't scale beyond their parents) */
max-width: 100%; /* Part 1: Set a maxium relative to the parent */
width: auto\9; /* IE7-8 need help adjusting responsive images */
height: auto; /* Part 2: Scale the height according to the width, otherwise you get stretching */
vertical-align: middle;
border: 0;
-ms-interpolation-mode: bicubic;
}
// Prevent max-width from affecting Google Maps
#map_canvas img,
.google-maps img {
max-width: none;
}
// Forms
// -------------------------
// Font size in all browsers, margin changes, misc consistency
button,
input,
select,
textarea {
margin: 0;
font-size: 100%;
vertical-align: middle;
}
button,
input {
*overflow: visible; // Inner spacing ie IE6/7
line-height: normal; // FF3/4 have !important on line-height in UA stylesheet
}
button::-moz-focus-inner,
input::-moz-focus-inner { // Inner padding and border oddities in FF3/4
padding: 0;
border: 0;
}
button,
html input[type="button"], // Avoid the WebKit bug in Android 4.0.* where (2) destroys native `audio` and `video` controls.
input[type="reset"],
input[type="submit"] {
-webkit-appearance: button; // Corrects inability to style clickable `input` types in iOS.
cursor: pointer; // Improves usability and consistency of cursor style between image-type `input` and others.
}
label,
select,
button,
input[type="button"],
input[type="reset"],
input[type="submit"],
input[type="radio"],
input[type="checkbox"] {
cursor: pointer; // Improves usability and consistency of cursor style between image-type `input` and others.
}
input[type="search"] { // Appearance in Safari/Chrome
.box-sizing(content-box);
-webkit-appearance: textfield;
}
input[type="search"]::-webkit-search-decoration,
input[type="search"]::-webkit-search-cancel-button {
-webkit-appearance: none; // Inner-padding issues in Chrome OSX, Safari 5
}
textarea {
overflow: auto; // Remove vertical scrollbar in IE6-9
vertical-align: top; // Readability and alignment cross-browser
}
// Printing
// -------------------------
// Source: https://github.com/h5bp/html5-boilerplate/blob/master/css/main.css
@media print {
* {
text-shadow: none !important;
color: #000 !important; // Black prints faster: h5bp.com/s
background: transparent !important;
box-shadow: none !important;
}
a,
a:visited {
text-decoration: underline;
}
a[href]:after {
content: " (" attr(href) ")";
}
abbr[title]:after {
content: " (" attr(title) ")";
}
// Don't show links for images, or javascript/internal links
.ir a:after,
a[href^="javascript:"]:after,
a[href^="#"]:after {
content: "";
}
pre,
blockquote {
border: 1px solid #999;
page-break-inside: avoid;
}
thead {
display: table-header-group; // h5bp.com/t
}
tr,
img {
page-break-inside: avoid;
}
img {
max-width: 100% !important;
}
@page {
margin: 0.5cm;
}
p,
h2,
h3 {
orphans: 3;
widows: 3;
}
h2,
h3 {
page-break-after: avoid;
}
}

28
openid-connect-server-webapp/src/main/webapp/less/responsive-1200px-min.less
View File

@ -1,28 +0,0 @@
//
// Responsive: Large desktop and up
// --------------------------------------------------
@media (min-width: 1200px) {
// Fixed grid
#grid > .core(@gridColumnWidth1200, @gridGutterWidth1200);
// Fluid grid
#grid > .fluid(@fluidGridColumnWidth1200, @fluidGridGutterWidth1200);
// Input grid
#grid > .input(@gridColumnWidth1200, @gridGutterWidth1200);
// Thumbnails
.thumbnails {
margin-left: -@gridGutterWidth1200;
}
.thumbnails > li {
margin-left: @gridGutterWidth1200;
}
.row-fluid .thumbnails {
margin-left: 0;
}
}

Some files were not shown because too many files have changed in this diff Show More