From c777ebfac99add4d1d29a96d0fced51b8a4954ea Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Wed, 11 Mar 2015 11:41:28 -0400 Subject: [PATCH 01/22] added universal OAuth exception handling --- .../main/webapp/WEB-INF/application-context.xml | 2 ++ .../mitre/oauth2/web/IntrospectionEndpoint.java | 15 +++++++++++++++ .../java/org/mitre/oauth2/web/ScopeAPI.java | 12 ++++++++++++ .../java/org/mitre/oauth2/web/TokenAPI.java | 12 ++++++++++++ .../openid/connect/web/ApprovedSiteAPI.java | 15 ++++++++++++++- .../mitre/openid/connect/web/BlacklistAPI.java | 13 +++++++++++++ .../org/mitre/openid/connect/web/ClientAPI.java | 13 +++++++++++++ .../org/mitre/openid/connect/web/DataAPI.java | 12 ++++++++++++ .../web/DynamicClientRegistrationEndpoint.java | 13 +++++++++++++ .../ProtectedResourceRegistrationEndpoint.java | 13 +++++++++++++ .../org/mitre/openid/connect/web/StatsAPI.java | 17 +++++++++++++++++ .../openid/connect/web/UserInfoEndpoint.java | 12 ++++++++++++ .../mitre/openid/connect/web/WhitelistAPI.java | 13 +++++++++++++ 13 files changed, 161 insertions(+), 1 deletion(-) diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/application-context.xml b/openid-connect-server-webapp/src/main/webapp/WEB-INF/application-context.xml index 1f59aff7d..2c8aa76a7 100644 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/application-context.xml +++ b/openid-connect-server-webapp/src/main/webapp/WEB-INF/application-context.xml @@ -162,6 +162,8 @@ + + diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java index a54f537fe..e58c95545 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java @@ -35,10 +35,15 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.oauth2.common.exceptions.InvalidTokenException; +import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; +import org.springframework.security.oauth2.provider.error.DefaultWebResponseExceptionTranslator; +import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; +import org.springframework.web.bind.annotation.ExceptionHandler; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestParam; @@ -63,6 +68,9 @@ public class IntrospectionEndpoint { @Autowired private UserInfoService userInfoService; + @Autowired + private WebResponseExceptionTranslator providerExceptionHandler; + /** * Logger for this class */ @@ -150,5 +158,12 @@ public class IntrospectionEndpoint { } } + + @ExceptionHandler(OAuth2Exception.class) + public ResponseEntity handleException(Exception e) throws Exception { + logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage()); + return providerExceptionHandler.translate(e); + } + } diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/ScopeAPI.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/ScopeAPI.java index 6864ed720..f7b72af93 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/ScopeAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/ScopeAPI.java @@ -30,9 +30,13 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; +import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator; import org.springframework.stereotype.Controller; import org.springframework.ui.ModelMap; +import org.springframework.web.bind.annotation.ExceptionHandler; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; @@ -52,6 +56,9 @@ public class ScopeAPI { @Autowired private SystemScopeService scopeService; + @Autowired + private WebResponseExceptionTranslator providerExceptionHandler; + /** * Logger for this class */ @@ -177,4 +184,9 @@ public class ScopeAPI { } } + @ExceptionHandler(OAuth2Exception.class) + public ResponseEntity handleException(Exception e) throws Exception { + logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage()); + return providerExceptionHandler.translate(e); + } } diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/TokenAPI.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/TokenAPI.java index c02fdc312..b4bf62bb9 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/TokenAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/TokenAPI.java @@ -33,9 +33,13 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; +import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator; import org.springframework.stereotype.Controller; import org.springframework.ui.ModelMap; +import org.springframework.web.bind.annotation.ExceptionHandler; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; @@ -59,6 +63,9 @@ public class TokenAPI { @Autowired private OIDCTokenService oidcTokenService; + @Autowired + private WebResponseExceptionTranslator providerExceptionHandler; + /** * Logger for this class */ @@ -238,4 +245,9 @@ public class TokenAPI { } } + @ExceptionHandler(OAuth2Exception.class) + public ResponseEntity handleException(Exception e) throws Exception { + logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage()); + return providerExceptionHandler.translate(e); + } } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java index 031488534..64e3509cd 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java @@ -32,9 +32,13 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; +import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator; import org.springframework.stereotype.Controller; import org.springframework.ui.ModelMap; +import org.springframework.web.bind.annotation.ExceptionHandler; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; @@ -52,7 +56,10 @@ public class ApprovedSiteAPI { private ApprovedSiteService approvedSiteService; @Autowired - OAuth2TokenEntityService tokenServices; + private OAuth2TokenEntityService tokenServices; + + @Autowired + private WebResponseExceptionTranslator providerExceptionHandler; /** * Logger for this class @@ -124,4 +131,10 @@ public class ApprovedSiteAPI { } } + + @ExceptionHandler(OAuth2Exception.class) + public ResponseEntity handleException(Exception e) throws Exception { + logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage()); + return providerExceptionHandler.translate(e); + } } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java index b553b48f0..4da6a1344 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java @@ -31,9 +31,13 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; +import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator; import org.springframework.stereotype.Controller; import org.springframework.ui.ModelMap; +import org.springframework.web.bind.annotation.ExceptionHandler; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; @@ -61,6 +65,9 @@ public class BlacklistAPI { */ private static final Logger logger = LoggerFactory.getLogger(BlacklistAPI.class); + @Autowired + private WebResponseExceptionTranslator providerExceptionHandler; + private Gson gson = new Gson(); private JsonParser parser = new JsonParser(); @@ -202,4 +209,10 @@ public class BlacklistAPI { } } + + @ExceptionHandler(OAuth2Exception.class) + public ResponseEntity handleException(Exception e) throws Exception { + logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage()); + return providerExceptionHandler.translate(e); + } } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java index 851c47727..3d3e4dd23 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java @@ -34,11 +34,15 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; +import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; +import org.springframework.web.bind.annotation.ExceptionHandler; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; @@ -71,6 +75,9 @@ public class ClientAPI { @Autowired private UserInfoService userInfoService; + @Autowired + private WebResponseExceptionTranslator providerExceptionHandler; + private JsonParser parser = new JsonParser(); private Gson gson = new GsonBuilder() @@ -376,4 +383,10 @@ public class ClientAPI { } return false; } + + @ExceptionHandler(OAuth2Exception.class) + public ResponseEntity handleException(Exception e) throws Exception { + logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage()); + return providerExceptionHandler.translate(e); + } } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/DataAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/DataAPI.java index 542f9aeac..a2a61d6d1 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/DataAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/DataAPI.java @@ -31,9 +31,13 @@ import org.mitre.openid.connect.service.impl.MITREidDataService_1_1; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.ResponseEntity; import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; +import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; +import org.springframework.web.bind.annotation.ExceptionHandler; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; @@ -72,6 +76,9 @@ public class DataAPI { @Autowired private MITREidDataService_1_1 dataService_1_2; + @Autowired + private WebResponseExceptionTranslator providerExceptionHandler; + @RequestMapping(method = RequestMethod.POST, consumes = "application/json") public String importData(Reader in, Model m) throws IOException { @@ -140,5 +147,10 @@ public class DataAPI { } } + @ExceptionHandler(OAuth2Exception.class) + public ResponseEntity handleException(Exception e) throws Exception { + logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage()); + return providerExceptionHandler.translate(e); + } } \ No newline at end of file diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/DynamicClientRegistrationEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/DynamicClientRegistrationEndpoint.java index 967cb4376..03dc44e3c 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/DynamicClientRegistrationEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/DynamicClientRegistrationEndpoint.java @@ -44,11 +44,15 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails; +import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; +import org.springframework.web.bind.annotation.ExceptionHandler; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; @@ -85,6 +89,9 @@ public class DynamicClientRegistrationEndpoint { @Autowired private OIDCTokenService connectTokenService; + @Autowired + private WebResponseExceptionTranslator providerExceptionHandler; + /** * Logger for this class */ @@ -559,4 +566,10 @@ public class DynamicClientRegistrationEndpoint { return token; } } + + @ExceptionHandler(OAuth2Exception.class) + public ResponseEntity handleException(Exception e) throws Exception { + logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage()); + return providerExceptionHandler.translate(e); + } } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java index 2a78055b2..bba26c47a 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java @@ -43,11 +43,15 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails; +import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; +import org.springframework.web.bind.annotation.ExceptionHandler; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; @@ -82,6 +86,9 @@ public class ProtectedResourceRegistrationEndpoint { @Autowired private OIDCTokenService connectTokenService; + @Autowired + private WebResponseExceptionTranslator providerExceptionHandler; + /** * Logger for this class */ @@ -469,4 +476,10 @@ public class ProtectedResourceRegistrationEndpoint { return token; } } + + @ExceptionHandler(OAuth2Exception.class) + public ResponseEntity handleException(Exception e) throws Exception { + logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage()); + return providerExceptionHandler.translate(e); + } } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/StatsAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/StatsAPI.java index 50ec2d3c2..3cba53523 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/StatsAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/StatsAPI.java @@ -16,24 +16,36 @@ *******************************************************************************/ package org.mitre.openid.connect.web; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; + import java.util.Map; import org.mitre.openid.connect.service.StatsService; import org.mitre.openid.connect.view.JsonEntityView; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.ResponseEntity; import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; +import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator; import org.springframework.stereotype.Controller; import org.springframework.ui.ModelMap; +import org.springframework.web.bind.annotation.ExceptionHandler; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestMapping; @Controller @RequestMapping("/api/stats") public class StatsAPI { + // Logger for this class + private static final Logger logger = LoggerFactory.getLogger(StatsAPI.class); @Autowired private StatsService statsService; + @Autowired + private WebResponseExceptionTranslator providerExceptionHandler; + @RequestMapping(value = "summary", produces = "application/json") public String statsSummary(ModelMap m) { @@ -65,4 +77,9 @@ public class StatsAPI { return JsonEntityView.VIEWNAME; } + @ExceptionHandler(OAuth2Exception.class) + public ResponseEntity handleException(Exception e) throws Exception { + logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage()); + return providerExceptionHandler.translate(e); + } } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java index 2c4b9ecfd..ba6cbbc7e 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java @@ -30,10 +30,14 @@ import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; +import org.springframework.http.ResponseEntity; import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; import org.springframework.security.oauth2.provider.OAuth2Authentication; +import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; +import org.springframework.web.bind.annotation.ExceptionHandler; import org.springframework.web.bind.annotation.RequestHeader; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; @@ -56,6 +60,9 @@ public class UserInfoEndpoint { @Autowired private ClientDetailsEntityService clientService; + @Autowired + private WebResponseExceptionTranslator providerExceptionHandler; + /** * Logger for this class */ @@ -136,4 +143,9 @@ public class UserInfoEndpoint { } + @ExceptionHandler(OAuth2Exception.class) + public ResponseEntity handleException(Exception e) throws Exception { + logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage()); + return providerExceptionHandler.translate(e); + } } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java index 1f24f078f..443d06fa8 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java @@ -31,9 +31,13 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; +import org.springframework.http.ResponseEntity; import org.springframework.security.access.prepost.PreAuthorize; +import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; +import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator; import org.springframework.stereotype.Controller; import org.springframework.ui.ModelMap; +import org.springframework.web.bind.annotation.ExceptionHandler; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestBody; import org.springframework.web.bind.annotation.RequestMapping; @@ -61,6 +65,9 @@ public class WhitelistAPI { */ private static final Logger logger = LoggerFactory.getLogger(WhitelistAPI.class); + @Autowired + private WebResponseExceptionTranslator providerExceptionHandler; + private Gson gson = new Gson(); private JsonParser parser = new JsonParser(); @@ -204,4 +211,10 @@ public class WhitelistAPI { } } + + @ExceptionHandler(OAuth2Exception.class) + public ResponseEntity handleException(Exception e) throws Exception { + logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage()); + return providerExceptionHandler.translate(e); + } } From 617d48547859e5ef770004a9ec7d2ffd37b3b486 Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Wed, 11 Mar 2015 12:06:38 -0400 Subject: [PATCH 02/22] updated all references to media types to use constants instead of literals, closes #767 --- .../IntrospectingTokenService.java | 4 +- .../client/OIDCAuthenticationFilter.java | 8 ++-- .../DynamicServerConfigurationService.java | 14 +++---- .../TestOAuth2AccessTokenImpl.java | 9 +++-- .../TestHybridClientConfigurationService.java | 11 +++--- .../TestHybridServerConfigurationService.java | 11 +++--- .../impl/TestPlainAuthRequestUrlBuilder.java | 7 ++-- .../impl/TestSignedAuthRequestUrlBuilder.java | 8 ++-- .../TestStaticClientConfigurationService.java | 13 ++++--- .../TestStaticServerConfigurationService.java | 13 ++++--- .../impl/TestThirdPartyIssuerService.java | 9 +++-- .../AuthenticationHolderRepository.java | 1 - .../ClientDetailsEntityJsonProcessor.java | 26 ++++++------- .../mitre/openid/connect/view/JWKSetView.java | 3 +- .../util/TestWebfingerURLNormalizer.java | 4 +- .../java/org/mitre/jose/JOSEEmbedTest.java | 4 +- .../org/mitre/jose/TestJWKSetKeyStore.java | 6 +-- ...aultJWTEncryptionAndDecryptionService.java | 11 +++--- .../oauth2/model/ClientDetailsEntityTest.java | 4 +- .../oauth2/model/RegisteredClientTest.java | 4 +- .../ClientDetailsEntityJsonProcessorTest.java | 6 +-- .../ConfigurationPropertiesBeanTest.java | 6 +-- .../config/ServerConfigurationTest.java | 4 +- .../discovery/web/DiscoveryEndpoint.java | 3 +- .../JpaAuthenticationHolderRepository.java | 1 - .../impl/JpaSystemScopeRepository.java | 6 +-- .../DefaultIntrospectionResultAssembler.java | 5 +-- ...faultOAuth2ClientDetailsEntityService.java | 1 - .../org/mitre/oauth2/view/TokenApiView.java | 4 +- .../oauth2/web/IntrospectionEndpoint.java | 1 - .../web/OAuthConfirmationController.java | 8 +++- .../java/org/mitre/oauth2/web/ScopeAPI.java | 9 +++-- .../java/org/mitre/oauth2/web/TokenAPI.java | 19 +++++----- .../filter/AuthorizationRequestFilter.java | 8 +++- .../repository/impl/JpaAddressRepository.java | 2 - .../impl/JpaApprovedSiteRepository.java | 4 +- .../impl/JpaBlacklistedSiteRepository.java | 4 +- .../impl/JpaPairwiseIdentifierRepository.java | 6 +-- .../impl/JpaUserInfoRepository.java | 6 +-- .../impl/JpaWhitelistedSiteRepository.java | 4 +- .../request/ConnectOAuth2RequestFactory.java | 15 +++++++- .../service/impl/MITREidDataService_1_0.java | 8 ++-- .../service/impl/MITREidDataService_1_1.java | 8 ++-- .../service/impl/MITREidDataService_1_2.java | 12 +++--- .../token/TofuUserApprovalHandler.java | 7 +++- .../view/AbstractClientEntityView.java | 3 +- .../view/ClientInformationResponseView.java | 3 +- .../connect/view/JsonApprovedSiteView.java | 3 +- .../openid/connect/view/JsonEntityView.java | 3 +- .../openid/connect/view/JsonErrorView.java | 3 +- .../openid/connect/view/UserInfoView.java | 3 +- .../openid/connect/web/ApprovedSiteAPI.java | 5 ++- .../openid/connect/web/BlacklistAPI.java | 9 +++-- .../mitre/openid/connect/web/ClientAPI.java | 9 +++-- .../org/mitre/openid/connect/web/DataAPI.java | 7 ++-- .../DynamicClientRegistrationEndpoint.java | 9 +++-- .../connect/web/JWKSetPublishingEndpoint.java | 3 +- ...ProtectedResourceRegistrationEndpoint.java | 9 +++-- .../mitre/openid/connect/web/StatsAPI.java | 12 +++--- .../openid/connect/web/UserInfoEndpoint.java | 3 +- .../openid/connect/web/WhitelistAPI.java | 9 +++-- .../TestDefaultIntrospectionAuthorizer.java | 16 +++++--- ...stDefaultIntrospectionResultAssembler.java | 20 ++++++---- ...faultOAuth2ClientDetailsEntityService.java | 13 ++++--- ...TestDefaultOAuth2ProviderTokenService.java | 17 +++++---- .../impl/TestDefaultSystemScopeService.java | 12 +++--- .../impl/TestDefaultApprovedSiteService.java | 9 +++-- .../TestDefaultBlacklistedSiteService.java | 9 +++-- .../service/impl/TestDefaultStatsService.java | 7 ++-- .../impl/TestDefaultUserInfoService.java | 6 +-- .../TestDefaultWhitelistedSiteService.java | 11 +++--- .../impl/TestMITREidDataService_1_0.java | 29 ++++++++------- .../impl/TestMITREidDataService_1_1.java | 29 ++++++++------- .../impl/TestMITREidDataService_1_2.java | 37 ++++++++++--------- .../TestUUIDPairwiseIdentiferService.java | 6 +-- .../connect/util/TestIdTokenHashUtils.java | 4 +- 76 files changed, 354 insertions(+), 291 deletions(-) diff --git a/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectingTokenService.java b/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectingTokenService.java index 987c1fdc8..8e126011e 100644 --- a/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectingTokenService.java +++ b/openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/IntrospectingTokenService.java @@ -16,8 +16,6 @@ *******************************************************************************/ package org.mitre.oauth2.introspectingfilter; -import static org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod.SECRET_BASIC; - import java.io.IOException; import java.net.URI; import java.util.Date; @@ -55,6 +53,8 @@ import com.google.gson.JsonObject; import com.google.gson.JsonParser; import com.nimbusds.jose.util.Base64; +import static org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod.SECRET_BASIC; + /** * This ResourceServerTokenServices implementation introspects incoming tokens at a * server's introspection endpoint URL and passes an Authentication object along diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java index 7bd745440..976e2971e 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthenticationFilter.java @@ -16,10 +16,6 @@ *******************************************************************************/ package org.mitre.openid.connect.client; -import static org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod.PRIVATE_KEY; -import static org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod.SECRET_BASIC; -import static org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod.SECRET_JWT; - import java.io.IOException; import java.math.BigInteger; import java.net.URI; @@ -79,6 +75,10 @@ import com.nimbusds.jwt.PlainJWT; import com.nimbusds.jwt.ReadOnlyJWTClaimsSet; import com.nimbusds.jwt.SignedJWT; +import static org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod.PRIVATE_KEY; +import static org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod.SECRET_BASIC; +import static org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod.SECRET_JWT; + /** * OpenID Connect Authentication Filter class * diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicServerConfigurationService.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicServerConfigurationService.java index 40335f850..d8fc7576a 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicServerConfigurationService.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/DynamicServerConfigurationService.java @@ -19,13 +19,6 @@ */ package org.mitre.openid.connect.client.service.impl; -import static org.mitre.util.JsonUtils.getAsBoolean; -import static org.mitre.util.JsonUtils.getAsEncryptionMethodList; -import static org.mitre.util.JsonUtils.getAsJweAlgorithmList; -import static org.mitre.util.JsonUtils.getAsJwsAlgorithmList; -import static org.mitre.util.JsonUtils.getAsString; -import static org.mitre.util.JsonUtils.getAsStringList; - import java.util.HashSet; import java.util.Set; import java.util.concurrent.ExecutionException; @@ -48,6 +41,13 @@ import com.google.gson.JsonElement; import com.google.gson.JsonObject; import com.google.gson.JsonParser; +import static org.mitre.util.JsonUtils.getAsBoolean; +import static org.mitre.util.JsonUtils.getAsEncryptionMethodList; +import static org.mitre.util.JsonUtils.getAsJweAlgorithmList; +import static org.mitre.util.JsonUtils.getAsJwsAlgorithmList; +import static org.mitre.util.JsonUtils.getAsString; +import static org.mitre.util.JsonUtils.getAsStringList; + /** * * Dynamically fetches OpenID Connect server configurations based on the issuer. Caches the server configurations. diff --git a/openid-connect-client/src/test/java/org/mitre/oauth2/introspectingfilter/TestOAuth2AccessTokenImpl.java b/openid-connect-client/src/test/java/org/mitre/oauth2/introspectingfilter/TestOAuth2AccessTokenImpl.java index df3f00c65..70ee62cd9 100644 --- a/openid-connect-client/src/test/java/org/mitre/oauth2/introspectingfilter/TestOAuth2AccessTokenImpl.java +++ b/openid-connect-client/src/test/java/org/mitre/oauth2/introspectingfilter/TestOAuth2AccessTokenImpl.java @@ -16,10 +16,6 @@ *******************************************************************************/ package org.mitre.oauth2.introspectingfilter; -import static org.hamcrest.CoreMatchers.equalTo; -import static org.hamcrest.CoreMatchers.is; -import static org.junit.Assert.assertThat; - import java.util.Collections; import java.util.Date; import java.util.Set; @@ -29,6 +25,11 @@ import org.junit.Test; import com.google.common.collect.ImmutableSet; import com.google.gson.JsonObject; +import static org.hamcrest.CoreMatchers.equalTo; +import static org.hamcrest.CoreMatchers.is; + +import static org.junit.Assert.assertThat; + public class TestOAuth2AccessTokenImpl { private static String tokenString = "thisisatokenstring"; diff --git a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestHybridClientConfigurationService.java b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestHybridClientConfigurationService.java index 90c353e05..53fe382e0 100644 --- a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestHybridClientConfigurationService.java +++ b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestHybridClientConfigurationService.java @@ -16,11 +16,6 @@ *******************************************************************************/ package org.mitre.openid.connect.client.service.impl; -import static org.hamcrest.CoreMatchers.is; -import static org.hamcrest.CoreMatchers.nullValue; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertThat; - import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; @@ -32,6 +27,12 @@ import org.mockito.Mock; import org.mockito.Mockito; import org.mockito.runners.MockitoJUnitRunner; +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.CoreMatchers.nullValue; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertThat; + /** * @author wkim * diff --git a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestHybridServerConfigurationService.java b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestHybridServerConfigurationService.java index 7477421a3..fc0a55292 100644 --- a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestHybridServerConfigurationService.java +++ b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestHybridServerConfigurationService.java @@ -17,11 +17,6 @@ package org.mitre.openid.connect.client.service.impl; -import static org.hamcrest.CoreMatchers.is; -import static org.hamcrest.CoreMatchers.nullValue; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertThat; - import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; @@ -32,6 +27,12 @@ import org.mockito.Mock; import org.mockito.Mockito; import org.mockito.runners.MockitoJUnitRunner; +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.CoreMatchers.nullValue; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertThat; + /** * @author wkim * diff --git a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestPlainAuthRequestUrlBuilder.java b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestPlainAuthRequestUrlBuilder.java index 2e9664594..a37c50dd6 100644 --- a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestPlainAuthRequestUrlBuilder.java +++ b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestPlainAuthRequestUrlBuilder.java @@ -16,9 +16,6 @@ *******************************************************************************/ package org.mitre.openid.connect.client.service.impl; -import static org.hamcrest.CoreMatchers.equalTo; -import static org.junit.Assert.assertThat; - import java.util.Map; import org.junit.Before; @@ -31,6 +28,10 @@ import org.springframework.security.authentication.AuthenticationServiceExceptio import com.google.common.collect.ImmutableMap; import com.google.common.collect.Sets; +import static org.hamcrest.CoreMatchers.equalTo; + +import static org.junit.Assert.assertThat; + /** * @author wkim * diff --git a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestSignedAuthRequestUrlBuilder.java b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestSignedAuthRequestUrlBuilder.java index 98215c63f..b81b17bf5 100644 --- a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestSignedAuthRequestUrlBuilder.java +++ b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestSignedAuthRequestUrlBuilder.java @@ -16,10 +16,6 @@ *******************************************************************************/ package org.mitre.openid.connect.client.service.impl; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; -import static org.junit.Assert.fail; - import java.net.URI; import java.net.URISyntaxException; import java.security.NoSuchAlgorithmException; @@ -50,6 +46,10 @@ import com.nimbusds.jose.util.Base64URL; import com.nimbusds.jwt.ReadOnlyJWTClaimsSet; import com.nimbusds.jwt.SignedJWT; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; + /** * @author wkim * diff --git a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestStaticClientConfigurationService.java b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestStaticClientConfigurationService.java index 02bf67aa8..46787034c 100644 --- a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestStaticClientConfigurationService.java +++ b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestStaticClientConfigurationService.java @@ -16,12 +16,6 @@ *******************************************************************************/ package org.mitre.openid.connect.client.service.impl; -import static org.hamcrest.CoreMatchers.is; -import static org.hamcrest.CoreMatchers.notNullValue; -import static org.hamcrest.CoreMatchers.nullValue; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertThat; - import java.util.HashMap; import java.util.Map; @@ -34,6 +28,13 @@ import org.mockito.Mock; import org.mockito.Mockito; import org.mockito.runners.MockitoJUnitRunner; +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.CoreMatchers.notNullValue; +import static org.hamcrest.CoreMatchers.nullValue; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertThat; + /** * @author wkim * diff --git a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestStaticServerConfigurationService.java b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestStaticServerConfigurationService.java index b4782e6f7..7edc16320 100644 --- a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestStaticServerConfigurationService.java +++ b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestStaticServerConfigurationService.java @@ -16,12 +16,6 @@ *******************************************************************************/ package org.mitre.openid.connect.client.service.impl; -import static org.hamcrest.CoreMatchers.is; -import static org.hamcrest.CoreMatchers.notNullValue; -import static org.hamcrest.CoreMatchers.nullValue; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertThat; - import java.util.HashMap; import java.util.Map; @@ -32,6 +26,13 @@ import org.mitre.openid.connect.config.ServerConfiguration; import org.mockito.Mock; import org.mockito.runners.MockitoJUnitRunner; +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.CoreMatchers.notNullValue; +import static org.hamcrest.CoreMatchers.nullValue; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertThat; + /** * @author wkim * diff --git a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestThirdPartyIssuerService.java b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestThirdPartyIssuerService.java index 52eed7448..b315f2075 100644 --- a/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestThirdPartyIssuerService.java +++ b/openid-connect-client/src/test/java/org/mitre/openid/connect/client/service/impl/TestThirdPartyIssuerService.java @@ -16,10 +16,6 @@ *******************************************************************************/ package org.mitre.openid.connect.client.service.impl; -import static org.hamcrest.CoreMatchers.equalTo; -import static org.hamcrest.CoreMatchers.nullValue; -import static org.junit.Assert.assertThat; - import javax.servlet.http.HttpServletRequest; import org.junit.Before; @@ -30,6 +26,11 @@ import org.springframework.security.authentication.AuthenticationServiceExceptio import com.google.common.collect.Sets; +import static org.hamcrest.CoreMatchers.equalTo; +import static org.hamcrest.CoreMatchers.nullValue; + +import static org.junit.Assert.assertThat; + /** * @author wkim * diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthenticationHolderRepository.java b/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthenticationHolderRepository.java index d98395643..6c11942cb 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthenticationHolderRepository.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthenticationHolderRepository.java @@ -19,7 +19,6 @@ package org.mitre.oauth2.repository; import java.util.List; import org.mitre.oauth2.model.AuthenticationHolderEntity; -import org.springframework.security.oauth2.provider.OAuth2Authentication; public interface AuthenticationHolderRepository { public List getAll(); diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/ClientDetailsEntityJsonProcessor.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/ClientDetailsEntityJsonProcessor.java index d344c9176..ff4370ec8 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/ClientDetailsEntityJsonProcessor.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/ClientDetailsEntityJsonProcessor.java @@ -20,6 +20,19 @@ package org.mitre.openid.connect; +import org.mitre.oauth2.model.ClientDetailsEntity; +import org.mitre.oauth2.model.ClientDetailsEntity.AppType; +import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod; +import org.mitre.oauth2.model.ClientDetailsEntity.SubjectType; +import org.mitre.oauth2.model.RegisteredClient; + +import com.google.common.base.Joiner; +import com.google.common.base.Splitter; +import com.google.common.collect.Sets; +import com.google.gson.JsonElement; +import com.google.gson.JsonObject; +import com.google.gson.JsonParser; + import static org.mitre.oauth2.model.RegisteredClientFields.APPLICATION_TYPE; import static org.mitre.oauth2.model.RegisteredClientFields.CLIENT_ID; import static org.mitre.oauth2.model.RegisteredClientFields.CLIENT_ID_ISSUED_AT; @@ -64,19 +77,6 @@ import static org.mitre.util.JsonUtils.getAsJwsAlgorithm; import static org.mitre.util.JsonUtils.getAsString; import static org.mitre.util.JsonUtils.getAsStringSet; -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.ClientDetailsEntity.AppType; -import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod; -import org.mitre.oauth2.model.ClientDetailsEntity.SubjectType; -import org.mitre.oauth2.model.RegisteredClient; - -import com.google.common.base.Joiner; -import com.google.common.base.Splitter; -import com.google.common.collect.Sets; -import com.google.gson.JsonElement; -import com.google.gson.JsonObject; -import com.google.gson.JsonParser; - /** * @author jricher * diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/view/JWKSetView.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/view/JWKSetView.java index b803c7e79..d35a3a6f6 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/view/JWKSetView.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/view/JWKSetView.java @@ -29,6 +29,7 @@ import javax.servlet.http.HttpServletResponse; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.http.MediaType; import org.springframework.stereotype.Component; import org.springframework.web.servlet.view.AbstractView; @@ -51,7 +52,7 @@ public class JWKSetView extends AbstractView { @Override protected void renderMergedOutputModel(Map model, HttpServletRequest request, HttpServletResponse response) { - response.setContentType("application/json"); + response.setContentType(MediaType.APPLICATION_JSON_VALUE); //BiMap keyMap = (BiMap) model.get("keys"); diff --git a/openid-connect-common/src/test/java/org/mitre/discovery/util/TestWebfingerURLNormalizer.java b/openid-connect-common/src/test/java/org/mitre/discovery/util/TestWebfingerURLNormalizer.java index 99491da89..edde15cc0 100644 --- a/openid-connect-common/src/test/java/org/mitre/discovery/util/TestWebfingerURLNormalizer.java +++ b/openid-connect-common/src/test/java/org/mitre/discovery/util/TestWebfingerURLNormalizer.java @@ -16,13 +16,13 @@ *******************************************************************************/ package org.mitre.discovery.util; -import static org.junit.Assert.assertEquals; - import org.junit.Test; import org.springframework.web.util.UriComponents; import com.google.common.collect.ImmutableMap; +import static org.junit.Assert.assertEquals; + /** * @author wkim * diff --git a/openid-connect-common/src/test/java/org/mitre/jose/JOSEEmbedTest.java b/openid-connect-common/src/test/java/org/mitre/jose/JOSEEmbedTest.java index c9a9e9183..a06ac5af1 100644 --- a/openid-connect-common/src/test/java/org/mitre/jose/JOSEEmbedTest.java +++ b/openid-connect-common/src/test/java/org/mitre/jose/JOSEEmbedTest.java @@ -19,14 +19,14 @@ */ package org.mitre.jose; -import static org.junit.Assert.assertEquals; - import org.junit.Test; import com.nimbusds.jose.EncryptionMethod; import com.nimbusds.jose.JWEAlgorithm; import com.nimbusds.jose.JWSAlgorithm; +import static org.junit.Assert.assertEquals; + /** * * These tests make sure that the algorithm name processing diff --git a/openid-connect-common/src/test/java/org/mitre/jose/TestJWKSetKeyStore.java b/openid-connect-common/src/test/java/org/mitre/jose/TestJWKSetKeyStore.java index 13efb5c6b..a3abd9efb 100644 --- a/openid-connect-common/src/test/java/org/mitre/jose/TestJWKSetKeyStore.java +++ b/openid-connect-common/src/test/java/org/mitre/jose/TestJWKSetKeyStore.java @@ -16,9 +16,6 @@ *******************************************************************************/ package org.mitre.jose; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; - import java.io.File; import java.io.FileOutputStream; import java.io.IOException; @@ -39,6 +36,9 @@ import com.nimbusds.jose.jwk.KeyUse; import com.nimbusds.jose.jwk.RSAKey; import com.nimbusds.jose.util.Base64URL; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; + /** * @author tsitkov diff --git a/openid-connect-common/src/test/java/org/mitre/jwt/encryption/service/impl/TestDefaultJWTEncryptionAndDecryptionService.java b/openid-connect-common/src/test/java/org/mitre/jwt/encryption/service/impl/TestDefaultJWTEncryptionAndDecryptionService.java index 706c233c8..72b3ef002 100644 --- a/openid-connect-common/src/test/java/org/mitre/jwt/encryption/service/impl/TestDefaultJWTEncryptionAndDecryptionService.java +++ b/openid-connect-common/src/test/java/org/mitre/jwt/encryption/service/impl/TestDefaultJWTEncryptionAndDecryptionService.java @@ -16,11 +16,6 @@ *******************************************************************************/ package org.mitre.jwt.encryption.service.impl; -import static org.hamcrest.CoreMatchers.nullValue; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertThat; -import static org.junit.Assert.assertTrue; - import java.security.NoSuchAlgorithmException; import java.security.spec.InvalidKeySpecException; import java.text.ParseException; @@ -49,6 +44,12 @@ import com.nimbusds.jwt.EncryptedJWT; import com.nimbusds.jwt.JWTClaimsSet; import com.nimbusds.jwt.ReadOnlyJWTClaimsSet; +import static org.hamcrest.CoreMatchers.nullValue; + +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertThat; +import static org.junit.Assert.assertTrue; + /** * @author wkim diff --git a/openid-connect-common/src/test/java/org/mitre/oauth2/model/ClientDetailsEntityTest.java b/openid-connect-common/src/test/java/org/mitre/oauth2/model/ClientDetailsEntityTest.java index 346878ee0..dbeca24cf 100644 --- a/openid-connect-common/src/test/java/org/mitre/oauth2/model/ClientDetailsEntityTest.java +++ b/openid-connect-common/src/test/java/org/mitre/oauth2/model/ClientDetailsEntityTest.java @@ -19,8 +19,6 @@ */ package org.mitre.oauth2.model; -import static org.junit.Assert.assertEquals; - import java.util.Date; import org.junit.Test; @@ -29,6 +27,8 @@ import com.google.common.collect.ImmutableSet; import com.nimbusds.jose.EncryptionMethod; import com.nimbusds.jose.JWEAlgorithm; +import static org.junit.Assert.assertEquals; + /** * @author jricher * diff --git a/openid-connect-common/src/test/java/org/mitre/oauth2/model/RegisteredClientTest.java b/openid-connect-common/src/test/java/org/mitre/oauth2/model/RegisteredClientTest.java index e4b389d82..f01d0a604 100644 --- a/openid-connect-common/src/test/java/org/mitre/oauth2/model/RegisteredClientTest.java +++ b/openid-connect-common/src/test/java/org/mitre/oauth2/model/RegisteredClientTest.java @@ -19,8 +19,6 @@ */ package org.mitre.oauth2.model; -import static org.junit.Assert.assertEquals; - import java.sql.Date; import org.junit.Test; @@ -29,6 +27,8 @@ import com.google.common.collect.ImmutableSet; import com.nimbusds.jose.EncryptionMethod; import com.nimbusds.jose.JWEAlgorithm; +import static org.junit.Assert.assertEquals; + /** * @author jricher * diff --git a/openid-connect-common/src/test/java/org/mitre/openid/connect/ClientDetailsEntityJsonProcessorTest.java b/openid-connect-common/src/test/java/org/mitre/openid/connect/ClientDetailsEntityJsonProcessorTest.java index d67e7d048..02a2fd79d 100644 --- a/openid-connect-common/src/test/java/org/mitre/openid/connect/ClientDetailsEntityJsonProcessorTest.java +++ b/openid-connect-common/src/test/java/org/mitre/openid/connect/ClientDetailsEntityJsonProcessorTest.java @@ -19,9 +19,6 @@ */ package org.mitre.openid.connect; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertTrue; - import java.sql.Date; import org.junit.Test; @@ -34,6 +31,9 @@ import com.google.gson.JsonObject; import com.nimbusds.jose.EncryptionMethod; import com.nimbusds.jose.JWEAlgorithm; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertTrue; + /** * @author jricher * diff --git a/openid-connect-common/src/test/java/org/mitre/openid/connect/config/ConfigurationPropertiesBeanTest.java b/openid-connect-common/src/test/java/org/mitre/openid/connect/config/ConfigurationPropertiesBeanTest.java index d5cf815ff..9ebeb8ca8 100644 --- a/openid-connect-common/src/test/java/org/mitre/openid/connect/config/ConfigurationPropertiesBeanTest.java +++ b/openid-connect-common/src/test/java/org/mitre/openid/connect/config/ConfigurationPropertiesBeanTest.java @@ -19,12 +19,12 @@ */ package org.mitre.openid.connect.config; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.fail; - import org.junit.Test; import org.springframework.beans.factory.BeanCreationException; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.fail; + /** * @author jricher * diff --git a/openid-connect-common/src/test/java/org/mitre/openid/connect/config/ServerConfigurationTest.java b/openid-connect-common/src/test/java/org/mitre/openid/connect/config/ServerConfigurationTest.java index 16100b745..dfbd07da6 100644 --- a/openid-connect-common/src/test/java/org/mitre/openid/connect/config/ServerConfigurationTest.java +++ b/openid-connect-common/src/test/java/org/mitre/openid/connect/config/ServerConfigurationTest.java @@ -19,11 +19,11 @@ */ package org.mitre.openid.connect.config; +import org.junit.Test; + import static org.junit.Assert.assertEquals; import static org.junit.Assert.assertTrue; -import org.junit.Test; - /** * @author jricher * diff --git a/openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java b/openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java index 0ace42310..8914c621a 100644 --- a/openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java @@ -33,6 +33,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; +import org.springframework.http.MediaType; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.web.bind.annotation.RequestMapping; @@ -91,7 +92,7 @@ public class DiscoveryEndpoint { }; @RequestMapping(value={"/.well-known/webfinger"}, - params={"resource", "rel=http://openid.net/specs/connect/1.0/issuer"}, produces = "application/json") + params={"resource", "rel=http://openid.net/specs/connect/1.0/issuer"}, produces = MediaType.APPLICATION_JSON_VALUE) public String webfinger(@RequestParam("resource") String resource, Model model) { if (!resource.equals(config.getIssuer())) { diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthenticationHolderRepository.java b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthenticationHolderRepository.java index 63a6a585d..4ea8c0c29 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthenticationHolderRepository.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthenticationHolderRepository.java @@ -25,7 +25,6 @@ import javax.persistence.TypedQuery; import org.mitre.oauth2.model.AuthenticationHolderEntity; import org.mitre.oauth2.repository.AuthenticationHolderRepository; import org.mitre.util.jpa.JpaUtil; -import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.stereotype.Repository; import org.springframework.transaction.annotation.Transactional; diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaSystemScopeRepository.java b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaSystemScopeRepository.java index 841f85824..b1435c318 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaSystemScopeRepository.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaSystemScopeRepository.java @@ -19,9 +19,6 @@ */ package org.mitre.oauth2.repository.impl; -import static org.mitre.util.jpa.JpaUtil.getSingleResult; -import static org.mitre.util.jpa.JpaUtil.saveOrUpdate; - import java.util.LinkedHashSet; import java.util.Set; @@ -34,6 +31,9 @@ import org.mitre.oauth2.repository.SystemScopeRepository; import org.springframework.stereotype.Repository; import org.springframework.transaction.annotation.Transactional; +import static org.mitre.util.jpa.JpaUtil.getSingleResult; +import static org.mitre.util.jpa.JpaUtil.saveOrUpdate; + /** * @author jricher * diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultIntrospectionResultAssembler.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultIntrospectionResultAssembler.java index 54d82a3c2..358818005 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultIntrospectionResultAssembler.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultIntrospectionResultAssembler.java @@ -16,12 +16,9 @@ *******************************************************************************/ package org.mitre.oauth2.service.impl; -import static com.google.common.collect.Maps.newLinkedHashMap; - import java.text.ParseException; import java.util.Map; - import org.mitre.oauth2.model.OAuth2AccessTokenEntity; import org.mitre.oauth2.model.OAuth2RefreshTokenEntity; import org.mitre.oauth2.service.IntrospectionResultAssembler; @@ -33,6 +30,8 @@ import org.springframework.stereotype.Service; import com.google.common.base.Joiner; +import static com.google.common.collect.Maps.newLinkedHashMap; + /** * Default implementation of the {@link IntrospectionResultAssembler} interface. */ diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java index 3de62eb07..da2a27b67 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java @@ -29,7 +29,6 @@ import java.util.concurrent.TimeUnit; import org.apache.commons.codec.binary.Base64; import org.apache.http.client.HttpClient; -import org.apache.http.impl.client.DefaultHttpClient; import org.apache.http.impl.client.HttpClientBuilder; import org.mitre.oauth2.model.ClientDetailsEntity; import org.mitre.oauth2.model.SystemScope; diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/view/TokenApiView.java b/openid-connect-server/src/main/java/org/mitre/oauth2/view/TokenApiView.java index f3acdfc4b..f86ec467b 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/view/TokenApiView.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/view/TokenApiView.java @@ -26,10 +26,10 @@ import javax.servlet.http.HttpServletResponse; import org.mitre.oauth2.model.OAuth2AccessTokenEntity; import org.mitre.oauth2.model.OAuth2RefreshTokenEntity; -import org.mitre.openid.connect.view.JsonEntityView; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.http.HttpStatus; +import org.springframework.http.MediaType; import org.springframework.stereotype.Component; import org.springframework.validation.BeanPropertyBindingResult; import org.springframework.web.servlet.view.AbstractView; @@ -124,7 +124,7 @@ public class TokenApiView extends AbstractView { @Override protected void renderMergedOutputModel(Map model, HttpServletRequest request, HttpServletResponse response) { - response.setContentType("application/json"); + response.setContentType(MediaType.APPLICATION_JSON_VALUE); HttpStatus code = (HttpStatus) model.get("code"); diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java index e58c95545..77e302f22 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java @@ -39,7 +39,6 @@ import org.springframework.http.ResponseEntity; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.oauth2.common.exceptions.InvalidTokenException; import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; -import org.springframework.security.oauth2.provider.error.DefaultWebResponseExceptionTranslator; import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java index 1ddea2f69..72250a8d1 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java @@ -19,8 +19,6 @@ */ package org.mitre.oauth2.web; -import static org.mitre.openid.connect.request.ConnectRequestParameters.*; - import java.security.Principal; import java.util.Date; import java.util.HashMap; @@ -56,6 +54,12 @@ import com.google.common.base.Strings; import com.google.common.collect.Sets; import com.google.gson.JsonObject; +import static org.mitre.openid.connect.request.ConnectRequestParameters.CSRF; +import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT; +import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT_CONSENT; +import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT_NONE; +import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT_SEPARATOR; + /** * @author jricher * diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/ScopeAPI.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/ScopeAPI.java index f7b72af93..4ac46af68 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/ScopeAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/ScopeAPI.java @@ -30,6 +30,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; +import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; @@ -66,7 +67,7 @@ public class ScopeAPI { private Gson gson = new Gson(); - @RequestMapping(value = "", method = RequestMethod.GET, produces = "application/json") + @RequestMapping(value = "", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) public String getAll(ModelMap m) { Set allScopes = scopeService.getAll(); @@ -76,7 +77,7 @@ public class ScopeAPI { return JsonEntityView.VIEWNAME; } - @RequestMapping(value = "/{id}", method = RequestMethod.GET, produces = "application/json") + @RequestMapping(value = "/{id}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) public String getScope(@PathVariable("id") Long id, ModelMap m) { SystemScope scope = scopeService.getById(id); @@ -97,7 +98,7 @@ public class ScopeAPI { } @PreAuthorize("hasRole('ROLE_ADMIN')") - @RequestMapping(value = "/{id}", method = RequestMethod.PUT, produces = "application/json", consumes = "application/json") + @RequestMapping(value = "/{id}", method = RequestMethod.PUT, produces = MediaType.APPLICATION_JSON_VALUE, consumes = MediaType.APPLICATION_JSON_VALUE) public String updateScope(@PathVariable("id") Long id, @RequestBody String json, ModelMap m) { SystemScope existing = scopeService.getById(id); @@ -135,7 +136,7 @@ public class ScopeAPI { } @PreAuthorize("hasRole('ROLE_ADMIN')") - @RequestMapping(value = "", method = RequestMethod.POST, produces = "application/json", consumes = "application/json") + @RequestMapping(value = "", method = RequestMethod.POST, produces = MediaType.APPLICATION_JSON_VALUE, consumes = MediaType.APPLICATION_JSON_VALUE) public String createScope(@RequestBody String json, ModelMap m) { SystemScope scope = gson.fromJson(json, SystemScope.class); diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/TokenAPI.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/TokenAPI.java index b4bf62bb9..52980c790 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/TokenAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/TokenAPI.java @@ -33,6 +33,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; +import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; @@ -71,7 +72,7 @@ public class TokenAPI { */ private static final Logger logger = LoggerFactory.getLogger(TokenAPI.class); - @RequestMapping(value = "/access", method = RequestMethod.GET, produces = "application/json") + @RequestMapping(value = "/access", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) public String getAllAccessTokens(ModelMap m, Principal p) { Set allTokens = tokenService.getAllAccessTokensForUser(p.getName()); @@ -79,7 +80,7 @@ public class TokenAPI { return TokenApiView.VIEWNAME; } - @RequestMapping(value = "/access/{id}", method = RequestMethod.GET, produces = "application/json") + @RequestMapping(value = "/access/{id}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) public String getAccessTokenById(@PathVariable("id") Long id, ModelMap m, Principal p) { OAuth2AccessTokenEntity token = tokenService.getAccessTokenById(id); @@ -100,7 +101,7 @@ public class TokenAPI { } } - @RequestMapping(value = "/access/{id}", method = RequestMethod.DELETE, produces = "application/json") + @RequestMapping(value = "/access/{id}", method = RequestMethod.DELETE, produces = MediaType.APPLICATION_JSON_VALUE) public String deleteAccessTokenById(@PathVariable("id") Long id, ModelMap m, Principal p) { OAuth2AccessTokenEntity token = tokenService.getAccessTokenById(id); @@ -123,7 +124,7 @@ public class TokenAPI { } @PreAuthorize("hasRole('ROLE_ADMIN')") - @RequestMapping(value = "/client/{clientId}", method = RequestMethod.GET, produces = "application/json") + @RequestMapping(value = "/client/{clientId}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) public String getAccessTokensByClientId(@PathVariable("clientId") String clientId, ModelMap m, Principal p) { ClientDetailsEntity client = clientService.loadClientByClientId(clientId); @@ -142,7 +143,7 @@ public class TokenAPI { } @PreAuthorize("hasRole('ROLE_ADMIN')") - @RequestMapping(value = "/registration/{clientId}", method = RequestMethod.GET, produces = "application/json") + @RequestMapping(value = "/registration/{clientId}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) public String getRegistrationTokenByClientId(@PathVariable("clientId") String clientId, ModelMap m, Principal p) { ClientDetailsEntity client = clientService.loadClientByClientId(clientId); @@ -167,7 +168,7 @@ public class TokenAPI { } @PreAuthorize("hasRole('ROLE_ADMIN')") - @RequestMapping(value = "/registration/{clientId}", method = RequestMethod.PUT, produces = "application/json") + @RequestMapping(value = "/registration/{clientId}", method = RequestMethod.PUT, produces = MediaType.APPLICATION_JSON_VALUE) public String rotateRegistrationTokenByClientId(@PathVariable("clientId") String clientId, ModelMap m, Principal p) { ClientDetailsEntity client = clientService.loadClientByClientId(clientId); @@ -192,7 +193,7 @@ public class TokenAPI { } - @RequestMapping(value = "/refresh", method = RequestMethod.GET, produces = "application/json") + @RequestMapping(value = "/refresh", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) public String getAllRefreshTokens(ModelMap m, Principal p) { Set allTokens = tokenService.getAllRefreshTokensForUser(p.getName()); @@ -202,7 +203,7 @@ public class TokenAPI { } - @RequestMapping(value = "/refresh/{id}", method = RequestMethod.GET, produces = "application/json") + @RequestMapping(value = "/refresh/{id}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) public String getRefreshTokenById(@PathVariable("id") Long id, ModelMap m, Principal p) { OAuth2RefreshTokenEntity token = tokenService.getRefreshTokenById(id); @@ -223,7 +224,7 @@ public class TokenAPI { } } - @RequestMapping(value = "/refresh/{id}", method = RequestMethod.DELETE, produces = "application/json") + @RequestMapping(value = "/refresh/{id}", method = RequestMethod.DELETE, produces = MediaType.APPLICATION_JSON_VALUE) public String deleteRefreshTokenById(@PathVariable("id") Long id, ModelMap m, Principal p) { OAuth2RefreshTokenEntity token = tokenService.getRefreshTokenById(id); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/filter/AuthorizationRequestFilter.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/filter/AuthorizationRequestFilter.java index 0270e669a..23e8a2367 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/filter/AuthorizationRequestFilter.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/filter/AuthorizationRequestFilter.java @@ -19,8 +19,6 @@ */ package org.mitre.openid.connect.filter; -import static org.mitre.openid.connect.request.ConnectRequestParameters.*; - import java.io.IOException; import java.util.Date; import java.util.HashMap; @@ -52,6 +50,12 @@ import org.springframework.web.filter.GenericFilterBean; import com.google.common.base.Splitter; import com.google.common.base.Strings; +import static org.mitre.openid.connect.request.ConnectRequestParameters.LOGIN_HINT; +import static org.mitre.openid.connect.request.ConnectRequestParameters.MAX_AGE; +import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT; +import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT_LOGIN; +import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT_NONE; + /** * @author jricher * diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaAddressRepository.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaAddressRepository.java index 813fed0a9..ff7fbb97e 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaAddressRepository.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaAddressRepository.java @@ -16,8 +16,6 @@ *******************************************************************************/ package org.mitre.openid.connect.repository.impl; -import static org.mitre.util.jpa.JpaUtil.saveOrUpdate; - import javax.persistence.EntityManager; import javax.persistence.PersistenceContext; diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaApprovedSiteRepository.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaApprovedSiteRepository.java index 6df0d32bf..5c716f38d 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaApprovedSiteRepository.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaApprovedSiteRepository.java @@ -16,8 +16,6 @@ *******************************************************************************/ package org.mitre.openid.connect.repository.impl; -import static org.mitre.util.jpa.JpaUtil.saveOrUpdate; - import java.util.Collection; import javax.persistence.EntityManager; @@ -29,6 +27,8 @@ import org.mitre.openid.connect.repository.ApprovedSiteRepository; import org.springframework.stereotype.Repository; import org.springframework.transaction.annotation.Transactional; +import static org.mitre.util.jpa.JpaUtil.saveOrUpdate; + /** * JPA ApprovedSite repository implementation * diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaBlacklistedSiteRepository.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaBlacklistedSiteRepository.java index bf0a92ec9..f3bf068ea 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaBlacklistedSiteRepository.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaBlacklistedSiteRepository.java @@ -19,8 +19,6 @@ */ package org.mitre.openid.connect.repository.impl; -import static org.mitre.util.jpa.JpaUtil.saveOrUpdate; - import java.util.Collection; import javax.persistence.EntityManager; @@ -32,6 +30,8 @@ import org.mitre.openid.connect.repository.BlacklistedSiteRepository; import org.springframework.stereotype.Repository; import org.springframework.transaction.annotation.Transactional; +import static org.mitre.util.jpa.JpaUtil.saveOrUpdate; + /** * @author jricher * diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaPairwiseIdentifierRepository.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaPairwiseIdentifierRepository.java index 5170f5bf4..614cfeca0 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaPairwiseIdentifierRepository.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaPairwiseIdentifierRepository.java @@ -19,9 +19,6 @@ */ package org.mitre.openid.connect.repository.impl; -import static org.mitre.util.jpa.JpaUtil.getSingleResult; -import static org.mitre.util.jpa.JpaUtil.saveOrUpdate; - import javax.persistence.EntityManager; import javax.persistence.PersistenceContext; import javax.persistence.TypedQuery; @@ -31,6 +28,9 @@ import org.mitre.openid.connect.repository.PairwiseIdentifierRepository; import org.springframework.stereotype.Repository; import org.springframework.transaction.annotation.Transactional; +import static org.mitre.util.jpa.JpaUtil.getSingleResult; +import static org.mitre.util.jpa.JpaUtil.saveOrUpdate; + /** * @author jricher * diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaUserInfoRepository.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaUserInfoRepository.java index ca2c83a7b..ca1576013 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaUserInfoRepository.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaUserInfoRepository.java @@ -16,9 +16,6 @@ *******************************************************************************/ package org.mitre.openid.connect.repository.impl; -import static org.mitre.util.jpa.JpaUtil.getSingleResult; -import static org.mitre.util.jpa.JpaUtil.saveOrUpdate; - import javax.persistence.EntityManager; import javax.persistence.PersistenceContext; import javax.persistence.TypedQuery; @@ -27,7 +24,8 @@ import org.mitre.openid.connect.model.DefaultUserInfo; import org.mitre.openid.connect.model.UserInfo; import org.mitre.openid.connect.repository.UserInfoRepository; import org.springframework.stereotype.Repository; -import org.springframework.transaction.annotation.Transactional; + +import static org.mitre.util.jpa.JpaUtil.getSingleResult; /** * JPA UserInfo repository implementation diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaWhitelistedSiteRepository.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaWhitelistedSiteRepository.java index f49d42189..a2f68d586 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaWhitelistedSiteRepository.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaWhitelistedSiteRepository.java @@ -16,8 +16,6 @@ *******************************************************************************/ package org.mitre.openid.connect.repository.impl; -import static org.mitre.util.jpa.JpaUtil.saveOrUpdate; - import java.util.Collection; import javax.persistence.EntityManager; @@ -30,6 +28,8 @@ import org.mitre.util.jpa.JpaUtil; import org.springframework.stereotype.Repository; import org.springframework.transaction.annotation.Transactional; +import static org.mitre.util.jpa.JpaUtil.saveOrUpdate; + /** * JPA WhitelistedSite repository implementation * diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/request/ConnectOAuth2RequestFactory.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/request/ConnectOAuth2RequestFactory.java index 7b2a26820..dd76c18f9 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/request/ConnectOAuth2RequestFactory.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/request/ConnectOAuth2RequestFactory.java @@ -16,8 +16,6 @@ *******************************************************************************/ package org.mitre.openid.connect.request; -import static org.mitre.openid.connect.request.ConnectRequestParameters.*; - import java.text.ParseException; import java.util.Collections; import java.util.Map; @@ -55,6 +53,19 @@ import com.nimbusds.jwt.PlainJWT; import com.nimbusds.jwt.ReadOnlyJWTClaimsSet; import com.nimbusds.jwt.SignedJWT; +import static org.mitre.openid.connect.request.ConnectRequestParameters.CLAIMS; +import static org.mitre.openid.connect.request.ConnectRequestParameters.CLIENT_ID; +import static org.mitre.openid.connect.request.ConnectRequestParameters.CSRF; +import static org.mitre.openid.connect.request.ConnectRequestParameters.DISPLAY; +import static org.mitre.openid.connect.request.ConnectRequestParameters.LOGIN_HINT; +import static org.mitre.openid.connect.request.ConnectRequestParameters.MAX_AGE; +import static org.mitre.openid.connect.request.ConnectRequestParameters.NONCE; +import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT; +import static org.mitre.openid.connect.request.ConnectRequestParameters.REDIRECT_URI; +import static org.mitre.openid.connect.request.ConnectRequestParameters.REQUEST; +import static org.mitre.openid.connect.request.ConnectRequestParameters.RESPONSE_TYPE; +import static org.mitre.openid.connect.request.ConnectRequestParameters.STATE; + @Component("connectOAuth2RequestFactory") public class ConnectOAuth2RequestFactory extends DefaultOAuth2RequestFactory { diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java index a3742af36..7284acb80 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_0.java @@ -16,10 +16,6 @@ *******************************************************************************/ package org.mitre.openid.connect.service.impl; -import static org.mitre.util.JsonUtils.base64UrlDecodeObject; -import static org.mitre.util.JsonUtils.readMap; -import static org.mitre.util.JsonUtils.readSet; - import java.io.IOException; import java.text.ParseException; import java.util.Collection; @@ -66,6 +62,10 @@ import com.google.common.collect.Sets; import com.google.gson.stream.JsonReader; import com.google.gson.stream.JsonToken; import com.google.gson.stream.JsonWriter; + +import static org.mitre.util.JsonUtils.base64UrlDecodeObject; +import static org.mitre.util.JsonUtils.readMap; +import static org.mitre.util.JsonUtils.readSet; /** * * Data service to import MITREid 1.0 configuration. diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_1.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_1.java index def550790..8882f0a3f 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_1.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_1.java @@ -16,10 +16,6 @@ *******************************************************************************/ package org.mitre.openid.connect.service.impl; -import static org.mitre.util.JsonUtils.base64UrlDecodeObject; -import static org.mitre.util.JsonUtils.readMap; -import static org.mitre.util.JsonUtils.readSet; - import java.io.IOException; import java.io.Serializable; import java.text.ParseException; @@ -69,6 +65,10 @@ import com.google.gson.stream.JsonReader; import com.google.gson.stream.JsonToken; import com.google.gson.stream.JsonWriter; +import static org.mitre.util.JsonUtils.base64UrlDecodeObject; +import static org.mitre.util.JsonUtils.readMap; +import static org.mitre.util.JsonUtils.readSet; + /** * * Data service to import MITREid 1.1 configuration. diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java index 238b7850b..35ede0100 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataService_1_2.java @@ -16,12 +16,6 @@ *******************************************************************************/ package org.mitre.openid.connect.service.impl; -import static org.mitre.util.JsonUtils.base64UrlDecodeObject; -import static org.mitre.util.JsonUtils.base64UrlEncodeObject; -import static org.mitre.util.JsonUtils.readMap; -import static org.mitre.util.JsonUtils.readSet; -import static org.mitre.util.JsonUtils.writeNullSafeArray; - import java.io.IOException; import java.io.Serializable; import java.text.ParseException; @@ -71,6 +65,12 @@ import com.google.gson.stream.JsonReader; import com.google.gson.stream.JsonToken; import com.google.gson.stream.JsonWriter; +import static org.mitre.util.JsonUtils.base64UrlDecodeObject; +import static org.mitre.util.JsonUtils.base64UrlEncodeObject; +import static org.mitre.util.JsonUtils.readMap; +import static org.mitre.util.JsonUtils.readSet; +import static org.mitre.util.JsonUtils.writeNullSafeArray; + /** * * Data service to import and export MITREid 1.2 configuration. diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java index 5005ba103..2d2fdd812 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java @@ -16,8 +16,6 @@ *******************************************************************************/ package org.mitre.openid.connect.token; -import static org.mitre.openid.connect.request.ConnectRequestParameters.*; - import java.util.Calendar; import java.util.Collection; import java.util.Date; @@ -49,6 +47,11 @@ import com.google.common.base.Splitter; import com.google.common.base.Strings; import com.google.common.collect.Sets; +import static org.mitre.openid.connect.request.ConnectRequestParameters.APPROVED_SITE; +import static org.mitre.openid.connect.request.ConnectRequestParameters.CSRF; +import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT; +import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT_SEPARATOR; + /** * Custom User Approval Handler implementation which uses a concept of a whitelist, * blacklist, and greylist. diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java index 62d191683..340a7fba7 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java @@ -33,6 +33,7 @@ import org.mitre.jose.JWSAlgorithmEmbed; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.http.HttpStatus; +import org.springframework.http.MediaType; import org.springframework.web.servlet.view.AbstractView; import com.google.gson.ExclusionStrategy; @@ -105,7 +106,7 @@ public abstract class AbstractClientEntityView extends AbstractView { @Override protected void renderMergedOutputModel(Map model, HttpServletRequest request, HttpServletResponse response) { - response.setContentType("application/json"); + response.setContentType(MediaType.APPLICATION_JSON_VALUE); HttpStatus code = (HttpStatus) model.get("code"); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientInformationResponseView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientInformationResponseView.java index 1e26b39d3..d0cd142f6 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientInformationResponseView.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientInformationResponseView.java @@ -31,6 +31,7 @@ import org.mitre.openid.connect.ClientDetailsEntityJsonProcessor; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.http.HttpStatus; +import org.springframework.http.MediaType; import org.springframework.stereotype.Component; import org.springframework.web.servlet.view.AbstractView; @@ -65,7 +66,7 @@ public class ClientInformationResponseView extends AbstractView { @Override protected void renderMergedOutputModel(Map model, HttpServletRequest request, HttpServletResponse response) { - response.setContentType("application/json"); + response.setContentType(MediaType.APPLICATION_JSON_VALUE); RegisteredClient c = (RegisteredClient) model.get("client"); //OAuth2AccessTokenEntity token = (OAuth2AccessTokenEntity) model.get("token"); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonApprovedSiteView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonApprovedSiteView.java index daf190273..87c82fab2 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonApprovedSiteView.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonApprovedSiteView.java @@ -32,6 +32,7 @@ import org.mitre.openid.connect.model.WhitelistedSite; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.http.HttpStatus; +import org.springframework.http.MediaType; import org.springframework.stereotype.Component; import org.springframework.validation.BeanPropertyBindingResult; import org.springframework.web.servlet.view.AbstractView; @@ -98,7 +99,7 @@ public class JsonApprovedSiteView extends AbstractView { @Override protected void renderMergedOutputModel(Map model, HttpServletRequest request, HttpServletResponse response) { - response.setContentType("application/json"); + response.setContentType(MediaType.APPLICATION_JSON_VALUE); HttpStatus code = (HttpStatus) model.get("code"); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonEntityView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonEntityView.java index 87855151a..c4b4cd642 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonEntityView.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonEntityView.java @@ -29,6 +29,7 @@ import javax.servlet.http.HttpServletResponse; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.http.HttpStatus; +import org.springframework.http.MediaType; import org.springframework.stereotype.Component; import org.springframework.validation.BeanPropertyBindingResult; import org.springframework.web.servlet.view.AbstractView; @@ -78,7 +79,7 @@ public class JsonEntityView extends AbstractView { @Override protected void renderMergedOutputModel(Map model, HttpServletRequest request, HttpServletResponse response) { - response.setContentType("application/json"); + response.setContentType(MediaType.APPLICATION_JSON_VALUE); HttpStatus code = (HttpStatus) model.get("code"); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonErrorView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonErrorView.java index fec397eb7..8ee36991d 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonErrorView.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonErrorView.java @@ -26,6 +26,7 @@ import javax.servlet.http.HttpServletResponse; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.http.HttpStatus; +import org.springframework.http.MediaType; import org.springframework.stereotype.Component; import org.springframework.validation.BeanPropertyBindingResult; import org.springframework.web.servlet.view.AbstractView; @@ -77,7 +78,7 @@ public class JsonErrorView extends AbstractView { @Override protected void renderMergedOutputModel(Map model, HttpServletRequest request, HttpServletResponse response) { - response.setContentType("application/json"); + response.setContentType(MediaType.APPLICATION_JSON_VALUE); HttpStatus code = (HttpStatus) model.get("code"); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoView.java index b83cb4528..8c79e4759 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoView.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoView.java @@ -31,6 +31,7 @@ import org.mitre.openid.connect.service.ScopeClaimTranslationService; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.MediaType; import org.springframework.stereotype.Component; import org.springframework.validation.BeanPropertyBindingResult; import org.springframework.web.servlet.view.AbstractView; @@ -92,7 +93,7 @@ public class UserInfoView extends AbstractView { Set scope = (Set) model.get("scope"); - response.setContentType("application/json"); + response.setContentType(MediaType.APPLICATION_JSON_VALUE); JsonObject authorizedClaims = null; diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java index 64e3509cd..e00127820 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java @@ -32,6 +32,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; +import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; @@ -71,7 +72,7 @@ public class ApprovedSiteAPI { * @param m * @return */ - @RequestMapping(method = RequestMethod.GET, produces = "application/json") + @RequestMapping(method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) public String getAllApprovedSites(ModelMap m, Principal p) { Collection all = approvedSiteService.getByUserId(p.getName()); @@ -111,7 +112,7 @@ public class ApprovedSiteAPI { /** * Get a single approved site */ - @RequestMapping(value="/{id}", method = RequestMethod.GET, produces = "application/json") + @RequestMapping(value="/{id}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) public String getApprovedSite(@PathVariable("id") Long id, ModelMap m, Principal p) { ApprovedSite approvedSite = approvedSiteService.getById(id); if (approvedSite == null) { diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java index 4da6a1344..2e328af15 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java @@ -31,6 +31,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; +import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; @@ -76,7 +77,7 @@ public class BlacklistAPI { * @param m * @return */ - @RequestMapping(method = RequestMethod.GET, produces = "application/json") + @RequestMapping(method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) public String getAllBlacklistedSites(ModelMap m) { Collection all = blacklistService.getAll(); @@ -93,7 +94,7 @@ public class BlacklistAPI { * @param p * @return */ - @RequestMapping(method = RequestMethod.POST, consumes = "application/json", produces = "application/json") + @RequestMapping(method = RequestMethod.POST, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE) public String addNewBlacklistedSite(@RequestBody String jsonString, ModelMap m, Principal p) { JsonObject json; @@ -127,7 +128,7 @@ public class BlacklistAPI { /** * Update an existing blacklisted site */ - @RequestMapping(value="/{id}", method = RequestMethod.PUT, consumes = "application/json", produces = "application/json") + @RequestMapping(value="/{id}", method = RequestMethod.PUT, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE) public String updateBlacklistedSite(@PathVariable("id") Long id, @RequestBody String jsonString, ModelMap m, Principal p) { JsonObject json; @@ -193,7 +194,7 @@ public class BlacklistAPI { /** * Get a single blacklisted site */ - @RequestMapping(value="/{id}", method = RequestMethod.GET, produces = "application/json") + @RequestMapping(value="/{id}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) public String getBlacklistedSite(@PathVariable("id") Long id, ModelMap m) { BlacklistedSite blacklist = blacklistService.getById(id); if (blacklist == null) { diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java index 3d3e4dd23..8fc35e0aa 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java @@ -34,6 +34,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; +import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.core.Authentication; @@ -125,7 +126,7 @@ public class ClientAPI { * @param modelAndView * @return */ - @RequestMapping(method = RequestMethod.GET, produces = "application/json") + @RequestMapping(method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) public String apiGetAllClients(Model model, Authentication auth) { Collection clients = clientService.getAllClients(); @@ -146,7 +147,7 @@ public class ClientAPI { * @return */ @PreAuthorize("hasRole('ROLE_ADMIN')") - @RequestMapping(method = RequestMethod.POST, consumes = "application/json", produces = "application/json") + @RequestMapping(method = RequestMethod.POST, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE) public String apiAddClient(@RequestBody String jsonString, Model m, Authentication auth) { JsonObject json = null; @@ -232,7 +233,7 @@ public class ClientAPI { * @return */ @PreAuthorize("hasRole('ROLE_ADMIN')") - @RequestMapping(value="/{id}", method = RequestMethod.PUT, consumes = "application/json", produces = "application/json") + @RequestMapping(value="/{id}", method = RequestMethod.PUT, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE) public String apiUpdateClient(@PathVariable("id") Long id, @RequestBody String jsonString, Model m, Authentication auth) { JsonObject json = null; @@ -349,7 +350,7 @@ public class ClientAPI { * @param modelAndView * @return */ - @RequestMapping(value="/{id}", method=RequestMethod.GET, produces = "application/json") + @RequestMapping(value="/{id}", method=RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) public String apiShowClient(@PathVariable("id") Long id, Model model, Authentication auth) { ClientDetailsEntity client = clientService.getClientById(id); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/DataAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/DataAPI.java index a2a61d6d1..fb4117c12 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/DataAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/DataAPI.java @@ -31,6 +31,7 @@ import org.mitre.openid.connect.service.impl.MITREidDataService_1_1; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; @@ -79,7 +80,7 @@ public class DataAPI { @Autowired private WebResponseExceptionTranslator providerExceptionHandler; - @RequestMapping(method = RequestMethod.POST, consumes = "application/json") + @RequestMapping(method = RequestMethod.POST, consumes = MediaType.APPLICATION_JSON_VALUE) public String importData(Reader in, Model m) throws IOException { JsonReader reader = new JsonReader(in); @@ -114,10 +115,10 @@ public class DataAPI { return "httpCodeView"; } - @RequestMapping(method = RequestMethod.GET, produces = "application/json") + @RequestMapping(method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) public void exportData(HttpServletResponse resp, Principal prin) throws IOException { - resp.setContentType("application/json"); + resp.setContentType(MediaType.APPLICATION_JSON_VALUE); // this writer puts things out onto the wire JsonWriter writer = new JsonWriter(resp.getWriter()); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/DynamicClientRegistrationEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/DynamicClientRegistrationEndpoint.java index 03dc44e3c..e317a5c6f 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/DynamicClientRegistrationEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/DynamicClientRegistrationEndpoint.java @@ -44,6 +44,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; +import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; @@ -104,7 +105,7 @@ public class DynamicClientRegistrationEndpoint { * @param p * @return */ - @RequestMapping(method = RequestMethod.POST, consumes = "application/json", produces = "application/json") + @RequestMapping(method = RequestMethod.POST, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE) public String registerNewClient(@RequestBody String jsonString, Model m) { ClientDetailsEntity newClient = null; @@ -213,7 +214,7 @@ public class DynamicClientRegistrationEndpoint { * @return */ @PreAuthorize("hasRole('ROLE_CLIENT') and #oauth2.hasScope('" + SystemScopeService.REGISTRATION_TOKEN_SCOPE + "')") - @RequestMapping(value = "/{id}", method = RequestMethod.GET, produces = "application/json") + @RequestMapping(value = "/{id}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) public String readClientConfiguration(@PathVariable("id") String clientId, Model m, OAuth2Authentication auth) { ClientDetailsEntity client = clientService.loadClientByClientId(clientId); @@ -254,7 +255,7 @@ public class DynamicClientRegistrationEndpoint { * @return */ @PreAuthorize("hasRole('ROLE_CLIENT') and #oauth2.hasScope('" + SystemScopeService.REGISTRATION_TOKEN_SCOPE + "')") - @RequestMapping(value = "/{id}", method = RequestMethod.PUT, produces = "application/json", consumes = "application/json") + @RequestMapping(value = "/{id}", method = RequestMethod.PUT, produces = MediaType.APPLICATION_JSON_VALUE, consumes = MediaType.APPLICATION_JSON_VALUE) public String updateClient(@PathVariable("id") String clientId, @RequestBody String jsonString, Model m, OAuth2Authentication auth) { @@ -348,7 +349,7 @@ public class DynamicClientRegistrationEndpoint { * @return */ @PreAuthorize("hasRole('ROLE_CLIENT') and #oauth2.hasScope('" + SystemScopeService.REGISTRATION_TOKEN_SCOPE + "')") - @RequestMapping(value = "/{id}", method = RequestMethod.DELETE, produces = "application/json") + @RequestMapping(value = "/{id}", method = RequestMethod.DELETE, produces = MediaType.APPLICATION_JSON_VALUE) public String deleteClient(@PathVariable("id") String clientId, Model m, OAuth2Authentication auth) { ClientDetailsEntity client = clientService.loadClientByClientId(clientId); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/JWKSetPublishingEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/JWKSetPublishingEndpoint.java index b43ce3971..52a5ab27e 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/JWKSetPublishingEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/JWKSetPublishingEndpoint.java @@ -21,6 +21,7 @@ import java.util.Map; import org.mitre.jwt.signer.service.JWTSigningAndValidationService; import org.mitre.openid.connect.view.JWKSetView; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.MediaType; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; import org.springframework.web.bind.annotation.RequestMapping; @@ -33,7 +34,7 @@ public class JWKSetPublishingEndpoint { @Autowired private JWTSigningAndValidationService jwtService; - @RequestMapping(value = "/jwk", produces = "application/json") + @RequestMapping(value = "/jwk", produces = MediaType.APPLICATION_JSON_VALUE) public String getJwk(Model m) { // map from key id to key diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java index bba26c47a..61bc0f833 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java @@ -43,6 +43,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; +import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; @@ -101,7 +102,7 @@ public class ProtectedResourceRegistrationEndpoint { * @param p * @return */ - @RequestMapping(method = RequestMethod.POST, consumes = "application/json", produces = "application/json") + @RequestMapping(method = RequestMethod.POST, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE) public String registerNewProtectedResource(@RequestBody String jsonString, Model m) { ClientDetailsEntity newClient = null; @@ -235,7 +236,7 @@ public class ProtectedResourceRegistrationEndpoint { * @return */ @PreAuthorize("hasRole('ROLE_CLIENT') and #oauth2.hasScope('" + SystemScopeService.RESOURCE_TOKEN_SCOPE + "')") - @RequestMapping(value = "/{id}", method = RequestMethod.GET, produces = "application/json") + @RequestMapping(value = "/{id}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) public String readResourceConfiguration(@PathVariable("id") String clientId, Model m, OAuth2Authentication auth) { ClientDetailsEntity client = clientService.loadClientByClientId(clientId); @@ -279,7 +280,7 @@ public class ProtectedResourceRegistrationEndpoint { * @return */ @PreAuthorize("hasRole('ROLE_CLIENT') and #oauth2.hasScope('" + SystemScopeService.RESOURCE_TOKEN_SCOPE + "')") - @RequestMapping(value = "/{id}", method = RequestMethod.PUT, produces = "application/json", consumes = "application/json") + @RequestMapping(value = "/{id}", method = RequestMethod.PUT, produces = MediaType.APPLICATION_JSON_VALUE, consumes = MediaType.APPLICATION_JSON_VALUE) public String updateProtectedResource(@PathVariable("id") String clientId, @RequestBody String jsonString, Model m, OAuth2Authentication auth) { @@ -398,7 +399,7 @@ public class ProtectedResourceRegistrationEndpoint { * @return */ @PreAuthorize("hasRole('ROLE_CLIENT') and #oauth2.hasScope('" + SystemScopeService.RESOURCE_TOKEN_SCOPE + "')") - @RequestMapping(value = "/{id}", method = RequestMethod.DELETE, produces = "application/json") + @RequestMapping(value = "/{id}", method = RequestMethod.DELETE, produces = MediaType.APPLICATION_JSON_VALUE) public String deleteResource(@PathVariable("id") String clientId, Model m, OAuth2Authentication auth) { ClientDetailsEntity client = clientService.loadClientByClientId(clientId); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/StatsAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/StatsAPI.java index 3cba53523..6e3031744 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/StatsAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/StatsAPI.java @@ -16,14 +16,14 @@ *******************************************************************************/ package org.mitre.openid.connect.web; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; - import java.util.Map; import org.mitre.openid.connect.service.StatsService; import org.mitre.openid.connect.view.JsonEntityView; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; @@ -46,7 +46,7 @@ public class StatsAPI { @Autowired private WebResponseExceptionTranslator providerExceptionHandler; - @RequestMapping(value = "summary", produces = "application/json") + @RequestMapping(value = "summary", produces = MediaType.APPLICATION_JSON_VALUE) public String statsSummary(ModelMap m) { Map e = statsService.getSummaryStats(); @@ -58,7 +58,7 @@ public class StatsAPI { } @PreAuthorize("hasRole('ROLE_USER')") - @RequestMapping(value = "byclientid", produces = "application/json") + @RequestMapping(value = "byclientid", produces = MediaType.APPLICATION_JSON_VALUE) public String statsByClient(ModelMap m) { Map e = statsService.getByClientId(); @@ -68,7 +68,7 @@ public class StatsAPI { } @PreAuthorize("hasRole('ROLE_USER')") - @RequestMapping(value = "byclientid/{id}", produces = "application/json") + @RequestMapping(value = "byclientid/{id}", produces = MediaType.APPLICATION_JSON_VALUE) public String statsByClientId(@PathVariable("id") Long id, ModelMap m) { Integer e = statsService.getCountForClientId(id); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java index ba6cbbc7e..40ac60e8c 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java @@ -69,12 +69,13 @@ public class UserInfoEndpoint { private static final Logger logger = LoggerFactory.getLogger(UserInfoEndpoint.class); private static final MediaType JOSE_MEDIA_TYPE = new MediaType("application", "jwt"); + private static final String JOSE_MEDIA_TYPE_VALUE = "application/jwt"; /** * Get information about the user as specified in the accessToken included in this request */ @PreAuthorize("hasRole('ROLE_USER') and #oauth2.hasScope('openid')") - @RequestMapping(value="/userinfo", method= {RequestMethod.GET, RequestMethod.POST}, produces = {"application/json", "application/jwt"}) + @RequestMapping(value="/userinfo", method= {RequestMethod.GET, RequestMethod.POST}, produces = {MediaType.APPLICATION_JSON_VALUE, JOSE_MEDIA_TYPE_VALUE}) public String getInfo(@RequestParam(value="claims", required=false) String claimsRequestJsonString, @RequestHeader(value="Accept", required=false) String acceptHeader, OAuth2Authentication auth, Model model) { diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java index 443d06fa8..41eebfb02 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java @@ -31,6 +31,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.http.HttpStatus; +import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; @@ -76,7 +77,7 @@ public class WhitelistAPI { * @param m * @return */ - @RequestMapping(method = RequestMethod.GET, produces = "application/json") + @RequestMapping(method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) public String getAllWhitelistedSites(ModelMap m) { Collection all = whitelistService.getAll(); @@ -94,7 +95,7 @@ public class WhitelistAPI { * @return */ @PreAuthorize("hasRole('ROLE_ADMIN')") - @RequestMapping(method = RequestMethod.POST, consumes = "application/json", produces = "application/json") + @RequestMapping(method = RequestMethod.POST, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE) public String addNewWhitelistedSite(@RequestBody String jsonString, ModelMap m, Principal p) { JsonObject json; @@ -131,7 +132,7 @@ public class WhitelistAPI { * Update an existing whitelisted site */ @PreAuthorize("hasRole('ROLE_ADMIN')") - @RequestMapping(value="/{id}", method = RequestMethod.PUT, consumes = "application/json", produces = "application/json") + @RequestMapping(value="/{id}", method = RequestMethod.PUT, consumes = MediaType.APPLICATION_JSON_VALUE, produces = MediaType.APPLICATION_JSON_VALUE) public String updateWhitelistedSite(@PathVariable("id") Long id, @RequestBody String jsonString, ModelMap m, Principal p) { JsonObject json; @@ -195,7 +196,7 @@ public class WhitelistAPI { /** * Get a single whitelisted site */ - @RequestMapping(value="/{id}", method = RequestMethod.GET, produces = "application/json") + @RequestMapping(value="/{id}", method = RequestMethod.GET, produces = MediaType.APPLICATION_JSON_VALUE) public String getWhitelistedSite(@PathVariable("id") Long id, ModelMap m) { WhitelistedSite whitelist = whitelistService.getById(id); if (whitelist == null) { diff --git a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultIntrospectionAuthorizer.java b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultIntrospectionAuthorizer.java index d163f11c1..0785906a7 100755 --- a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultIntrospectionAuthorizer.java +++ b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultIntrospectionAuthorizer.java @@ -16,12 +16,6 @@ *******************************************************************************/ package org.mitre.oauth2.service.impl; -import static com.google.common.collect.Sets.newHashSet; -import static org.hamcrest.CoreMatchers.is; -import static org.junit.Assert.assertThat; -import static org.mockito.BDDMockito.given; -import static org.mockito.Mockito.mock; - import java.util.Set; import org.junit.Test; @@ -32,6 +26,16 @@ import org.mockito.Mock; import org.mockito.runners.MockitoJUnitRunner; import org.springframework.security.oauth2.provider.ClientDetails; +import static com.google.common.collect.Sets.newHashSet; + +import static org.hamcrest.CoreMatchers.is; + +import static org.mockito.BDDMockito.given; + +import static org.mockito.Mockito.mock; + +import static org.junit.Assert.assertThat; + @RunWith(MockitoJUnitRunner.class) public class TestDefaultIntrospectionAuthorizer { diff --git a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultIntrospectionResultAssembler.java b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultIntrospectionResultAssembler.java index 42dc44b18..33b1a3f16 100644 --- a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultIntrospectionResultAssembler.java +++ b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultIntrospectionResultAssembler.java @@ -16,14 +16,6 @@ *******************************************************************************/ package org.mitre.oauth2.service.impl; -import static com.google.common.collect.Sets.newHashSet; -import static org.hamcrest.CoreMatchers.equalTo; -import static org.hamcrest.CoreMatchers.is; -import static org.junit.Assert.assertThat; -import static org.mockito.BDDMockito.given; -import static org.mockito.Mockito.RETURNS_DEEP_STUBS; -import static org.mockito.Mockito.mock; - import java.text.ParseException; import java.text.SimpleDateFormat; import java.util.Date; @@ -42,6 +34,18 @@ import org.springframework.security.oauth2.provider.OAuth2Request; import com.google.common.collect.ImmutableMap; +import static com.google.common.collect.Sets.newHashSet; + +import static org.hamcrest.CoreMatchers.equalTo; +import static org.hamcrest.CoreMatchers.is; + +import static org.mockito.BDDMockito.given; + +import static org.mockito.Mockito.RETURNS_DEEP_STUBS; +import static org.mockito.Mockito.mock; + +import static org.junit.Assert.assertThat; + public class TestDefaultIntrospectionResultAssembler { private IntrospectionResultAssembler assembler = new DefaultIntrospectionResultAssembler(); diff --git a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ClientDetailsEntityService.java b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ClientDetailsEntityService.java index dc865697b..bc7e6da15 100644 --- a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ClientDetailsEntityService.java +++ b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ClientDetailsEntityService.java @@ -16,12 +16,6 @@ *******************************************************************************/ package org.mitre.oauth2.service.impl; -import static org.hamcrest.CoreMatchers.equalTo; -import static org.hamcrest.CoreMatchers.is; -import static org.hamcrest.CoreMatchers.notNullValue; -import static org.junit.Assert.assertThat; -import static org.junit.Assert.fail; - import java.util.HashSet; import java.util.Set; @@ -50,6 +44,13 @@ import org.springframework.security.oauth2.common.exceptions.InvalidClientExcept import com.google.common.collect.Sets; +import static org.hamcrest.CoreMatchers.equalTo; +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.CoreMatchers.notNullValue; + +import static org.junit.Assert.assertThat; +import static org.junit.Assert.fail; + /** * @author wkim * diff --git a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ProviderTokenService.java b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ProviderTokenService.java index 05ece0dd4..acf3a9605 100644 --- a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ProviderTokenService.java +++ b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultOAuth2ProviderTokenService.java @@ -16,14 +16,6 @@ *******************************************************************************/ package org.mitre.oauth2.service.impl; -import static org.hamcrest.CoreMatchers.equalTo; -import static org.hamcrest.CoreMatchers.is; -import static org.hamcrest.CoreMatchers.notNullValue; -import static org.hamcrest.CoreMatchers.nullValue; -import static org.junit.Assert.assertThat; -import static org.junit.Assert.assertTrue; -import static org.junit.Assert.fail; - import java.util.Date; import java.util.HashSet; import java.util.Set; @@ -59,6 +51,15 @@ import org.springframework.security.oauth2.provider.token.TokenEnhancer; import com.google.common.collect.Sets; +import static org.hamcrest.CoreMatchers.equalTo; +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.CoreMatchers.notNullValue; +import static org.hamcrest.CoreMatchers.nullValue; + +import static org.junit.Assert.assertThat; +import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; + /** * @author wkim * diff --git a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultSystemScopeService.java b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultSystemScopeService.java index cd97a74ba..2c1853473 100644 --- a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultSystemScopeService.java +++ b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultSystemScopeService.java @@ -16,12 +16,6 @@ *******************************************************************************/ package org.mitre.oauth2.service.impl; -import static org.hamcrest.CoreMatchers.equalTo; -import static org.hamcrest.CoreMatchers.is; -import static org.hamcrest.CoreMatchers.nullValue; -import static org.junit.Assert.assertThat; - -import java.util.HashSet; import java.util.Set; import org.junit.Before; @@ -38,6 +32,12 @@ import org.mockito.stubbing.Answer; import com.google.common.collect.Sets; +import static org.hamcrest.CoreMatchers.equalTo; +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.CoreMatchers.nullValue; + +import static org.junit.Assert.assertThat; + /** * @author wkim * diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultApprovedSiteService.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultApprovedSiteService.java index f3fc7c44f..95a8049d8 100644 --- a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultApprovedSiteService.java +++ b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultApprovedSiteService.java @@ -16,10 +16,6 @@ *******************************************************************************/ package org.mitre.openid.connect.service.impl; -import static org.mockito.Matchers.any; -import static org.mockito.Mockito.never; -import static org.mockito.Mockito.times; - import java.util.HashSet; import java.util.Set; @@ -39,6 +35,11 @@ import org.springframework.test.annotation.Rollback; import com.google.common.collect.Sets; +import static org.mockito.Matchers.any; + +import static org.mockito.Mockito.never; +import static org.mockito.Mockito.times; + @RunWith(MockitoJUnitRunner.class) public class TestDefaultApprovedSiteService { diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultBlacklistedSiteService.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultBlacklistedSiteService.java index 4bc007724..454b53685 100644 --- a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultBlacklistedSiteService.java +++ b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultBlacklistedSiteService.java @@ -16,10 +16,6 @@ *******************************************************************************/ package org.mitre.openid.connect.service.impl; -import static org.junit.Assert.assertFalse; -import static org.junit.Assert.assertTrue; -import static org.mockito.Mockito.times; - import java.util.Set; import org.junit.Before; @@ -34,6 +30,11 @@ import org.mockito.runners.MockitoJUnitRunner; import com.google.common.collect.Sets; +import static org.mockito.Mockito.times; + +import static org.junit.Assert.assertFalse; +import static org.junit.Assert.assertTrue; + /** * @author wkim * diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultStatsService.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultStatsService.java index d328fd914..a46890d8d 100644 --- a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultStatsService.java +++ b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultStatsService.java @@ -16,9 +16,6 @@ *******************************************************************************/ package org.mitre.openid.connect.service.impl; -import static org.hamcrest.CoreMatchers.is; -import static org.junit.Assert.assertThat; - import java.util.HashSet; import java.util.Map; @@ -36,6 +33,10 @@ import org.mockito.runners.MockitoJUnitRunner; import com.google.common.collect.Sets; +import static org.hamcrest.CoreMatchers.is; + +import static org.junit.Assert.assertThat; + /** * @author wkim * diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultUserInfoService.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultUserInfoService.java index bc67f8bcc..2870eafa1 100644 --- a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultUserInfoService.java +++ b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultUserInfoService.java @@ -19,9 +19,6 @@ */ package org.mitre.openid.connect.service.impl; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNull; - import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; @@ -40,6 +37,9 @@ import org.mockito.invocation.InvocationOnMock; import org.mockito.runners.MockitoJUnitRunner; import org.mockito.stubbing.Answer; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNull; + /** * @author jricher * diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultWhitelistedSiteService.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultWhitelistedSiteService.java index 177ecbb61..dabe482c2 100644 --- a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultWhitelistedSiteService.java +++ b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestDefaultWhitelistedSiteService.java @@ -16,11 +16,6 @@ *******************************************************************************/ package org.mitre.openid.connect.service.impl; -import static org.hamcrest.CoreMatchers.is; -import static org.hamcrest.CoreMatchers.notNullValue; -import static org.junit.Assert.assertThat; -import static org.junit.Assert.fail; - import org.junit.Before; import org.junit.Test; import org.junit.runner.RunWith; @@ -31,6 +26,12 @@ import org.mockito.Mock; import org.mockito.Mockito; import org.mockito.runners.MockitoJUnitRunner; +import static org.hamcrest.CoreMatchers.is; +import static org.hamcrest.CoreMatchers.notNullValue; + +import static org.junit.Assert.assertThat; +import static org.junit.Assert.fail; + /** * @author wkim * diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_0.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_0.java index a61142c2c..69723fa72 100644 --- a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_0.java +++ b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_0.java @@ -16,19 +16,6 @@ *******************************************************************************/ package org.mitre.openid.connect.service.impl; -import static org.hamcrest.CoreMatchers.equalTo; -import static org.hamcrest.CoreMatchers.is; -import static org.junit.Assert.assertThat; -import static org.mockito.Matchers.anyLong; -import static org.mockito.Matchers.anyString; -import static org.mockito.Matchers.isA; -import static org.mockito.Matchers.isNull; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.times; -import static org.mockito.Mockito.verify; -import static org.mockito.Mockito.when; -import static org.mockito.Mockito.withSettings; - import java.io.IOException; import java.io.StringReader; import java.io.StringWriter; @@ -81,6 +68,22 @@ import com.google.common.collect.ImmutableSet; import com.google.gson.stream.JsonReader; import com.google.gson.stream.JsonWriter; +import static org.hamcrest.CoreMatchers.equalTo; +import static org.hamcrest.CoreMatchers.is; + +import static org.mockito.Matchers.anyLong; +import static org.mockito.Matchers.anyString; +import static org.mockito.Matchers.isA; +import static org.mockito.Matchers.isNull; + +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.times; +import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.when; +import static org.mockito.Mockito.withSettings; + +import static org.junit.Assert.assertThat; + @RunWith(MockitoJUnitRunner.class) @SuppressWarnings(value = {"rawtypes", "unchecked"}) public class TestMITREidDataService_1_0 { diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_1.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_1.java index bd04dc0fb..313037923 100644 --- a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_1.java +++ b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_1.java @@ -16,19 +16,6 @@ *******************************************************************************/ package org.mitre.openid.connect.service.impl; -import static org.hamcrest.CoreMatchers.equalTo; -import static org.hamcrest.CoreMatchers.is; -import static org.junit.Assert.assertThat; -import static org.mockito.Matchers.anyLong; -import static org.mockito.Matchers.anyString; -import static org.mockito.Matchers.isA; -import static org.mockito.Matchers.isNull; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.times; -import static org.mockito.Mockito.verify; -import static org.mockito.Mockito.when; -import static org.mockito.Mockito.withSettings; - import java.io.IOException; import java.io.StringReader; import java.io.StringWriter; @@ -81,6 +68,22 @@ import com.google.common.collect.ImmutableSet; import com.google.gson.stream.JsonReader; import com.google.gson.stream.JsonWriter; +import static org.hamcrest.CoreMatchers.equalTo; +import static org.hamcrest.CoreMatchers.is; + +import static org.mockito.Matchers.anyLong; +import static org.mockito.Matchers.anyString; +import static org.mockito.Matchers.isA; +import static org.mockito.Matchers.isNull; + +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.times; +import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.when; +import static org.mockito.Mockito.withSettings; + +import static org.junit.Assert.assertThat; + @RunWith(MockitoJUnitRunner.class) @SuppressWarnings(value = {"rawtypes", "unchecked"}) public class TestMITREidDataService_1_1 { diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_2.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_2.java index f6f2045c2..3d8f0be40 100644 --- a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_2.java +++ b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestMITREidDataService_1_2.java @@ -16,23 +16,6 @@ *******************************************************************************/ package org.mitre.openid.connect.service.impl; -import static org.hamcrest.CoreMatchers.equalTo; -import static org.hamcrest.CoreMatchers.is; -import static org.junit.Assert.assertNotNull; -import static org.junit.Assert.assertNull; -import static org.junit.Assert.assertThat; -import static org.junit.Assert.assertTrue; -import static org.junit.Assert.fail; -import static org.mockito.Matchers.anyLong; -import static org.mockito.Matchers.anyString; -import static org.mockito.Matchers.isA; -import static org.mockito.Matchers.isNull; -import static org.mockito.Mockito.mock; -import static org.mockito.Mockito.times; -import static org.mockito.Mockito.verify; -import static org.mockito.Mockito.when; -import static org.mockito.Mockito.withSettings; - import java.io.IOException; import java.io.StringReader; import java.io.StringWriter; @@ -91,6 +74,26 @@ import com.google.gson.JsonParser; import com.google.gson.stream.JsonReader; import com.google.gson.stream.JsonWriter; +import static org.hamcrest.CoreMatchers.equalTo; +import static org.hamcrest.CoreMatchers.is; + +import static org.mockito.Matchers.anyLong; +import static org.mockito.Matchers.anyString; +import static org.mockito.Matchers.isA; +import static org.mockito.Matchers.isNull; + +import static org.mockito.Mockito.mock; +import static org.mockito.Mockito.times; +import static org.mockito.Mockito.verify; +import static org.mockito.Mockito.when; +import static org.mockito.Mockito.withSettings; + +import static org.junit.Assert.assertNotNull; +import static org.junit.Assert.assertNull; +import static org.junit.Assert.assertThat; +import static org.junit.Assert.assertTrue; +import static org.junit.Assert.fail; + @RunWith(MockitoJUnitRunner.class) @SuppressWarnings(value = {"rawtypes", "unchecked"}) public class TestMITREidDataService_1_2 { diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestUUIDPairwiseIdentiferService.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestUUIDPairwiseIdentiferService.java index 15e95d443..46fa42c9a 100644 --- a/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestUUIDPairwiseIdentiferService.java +++ b/openid-connect-server/src/test/java/org/mitre/openid/connect/service/impl/TestUUIDPairwiseIdentiferService.java @@ -19,9 +19,6 @@ */ package org.mitre.openid.connect.service.impl; -import static org.junit.Assert.assertEquals; -import static org.junit.Assert.assertNotSame; - import java.util.Set; import java.util.UUID; @@ -42,6 +39,9 @@ import org.mockito.runners.MockitoJUnitRunner; import com.google.common.collect.ImmutableSet; +import static org.junit.Assert.assertEquals; +import static org.junit.Assert.assertNotSame; + /** * @author jricher * diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/util/TestIdTokenHashUtils.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/util/TestIdTokenHashUtils.java index 047af1db7..ff8aaf51c 100644 --- a/openid-connect-server/src/test/java/org/mitre/openid/connect/util/TestIdTokenHashUtils.java +++ b/openid-connect-server/src/test/java/org/mitre/openid/connect/util/TestIdTokenHashUtils.java @@ -17,8 +17,6 @@ package org.mitre.openid.connect.util; -import static org.junit.Assert.assertEquals; - import java.text.ParseException; import org.junit.Before; @@ -33,6 +31,8 @@ import com.nimbusds.jose.JWSAlgorithm; import com.nimbusds.jose.util.Base64URL; import com.nimbusds.jwt.JWTParser; +import static org.junit.Assert.assertEquals; + /** * * @author wkim From 1735dbca1182421dd432eda92e50be5b4cc48486 Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Wed, 11 Mar 2015 13:20:59 -0400 Subject: [PATCH 03/22] extracted controller URLs to constants, closes #769 --- .../oauth2/service/SystemScopeService.java | 2 +- .../webapp/WEB-INF/application-context.xml | 22 +++++++++--------- .../discovery/web/DiscoveryEndpoint.java | 23 +++++++++++++------ .../oauth2/web/IntrospectionEndpoint.java | 7 +++++- .../mitre/oauth2/web/RevocationEndpoint.java | 4 +++- .../java/org/mitre/oauth2/web/ScopeAPI.java | 5 +++- .../java/org/mitre/oauth2/web/TokenAPI.java | 5 +++- .../openid/connect/web/ApprovedSiteAPI.java | 4 +++- .../openid/connect/web/BlacklistAPI.java | 4 +++- .../mitre/openid/connect/web/ClientAPI.java | 4 +++- .../org/mitre/openid/connect/web/DataAPI.java | 4 +++- .../DynamicClientRegistrationEndpoint.java | 4 +++- .../connect/web/JWKSetPublishingEndpoint.java | 4 +++- ...ProtectedResourceRegistrationEndpoint.java | 7 +++++- ...gerController.java => RootController.java} | 11 +++------ .../mitre/openid/connect/web/StatsAPI.java | 5 +++- .../openid/connect/web/UserInfoEndpoint.java | 8 +++++-- .../openid/connect/web/WhitelistAPI.java | 4 +++- 18 files changed, 85 insertions(+), 42 deletions(-) rename openid-connect-server/src/main/java/org/mitre/openid/connect/web/{ManagerController.java => RootController.java} (93%) diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/service/SystemScopeService.java b/openid-connect-common/src/main/java/org/mitre/oauth2/service/SystemScopeService.java index 4d2f35d30..c227d199b 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/service/SystemScopeService.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/service/SystemScopeService.java @@ -32,7 +32,7 @@ import com.google.common.collect.Sets; public interface SystemScopeService { public static final String OFFLINE_ACCESS = "offline_access"; - public static final Object OPENID_SCOPE = "openid"; + public static final String OPENID_SCOPE = "openid"; public static final String ID_TOKEN_SCOPE = "id-token"; public static final String REGISTRATION_TOKEN_SCOPE = "registration-token"; public static final String RESOURCE_TOKEN_SCOPE = "resource-token"; diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/application-context.xml b/openid-connect-server-webapp/src/main/webapp/WEB-INF/application-context.xml index 2c8aa76a7..02131cf71 100644 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/application-context.xml +++ b/openid-connect-server-webapp/src/main/webapp/WEB-INF/application-context.xml @@ -86,13 +86,13 @@ - - - + + + - - + + @@ -103,32 +103,32 @@ - + - + - + - + - - summary = statsService.getSummaryStats(); - - //m.put("statsSummary", summary); return "home"; } @RequestMapping({"about", "about/"}) public String showAboutPage(ModelMap m) { - return "about"; } @RequestMapping({"stats", "stats/"}) public String showStatsPage(ModelMap m) { - Map summary = statsService.getSummaryStats(); m.put("statsSummary", summary); @@ -61,7 +57,6 @@ public class ManagerController { @RequestMapping({"contact", "contact/"}) public String showContactPage(ModelMap m) { - return "contact"; } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/StatsAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/StatsAPI.java index 6e3031744..1f80e28e9 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/StatsAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/StatsAPI.java @@ -35,8 +35,11 @@ import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestMapping; @Controller -@RequestMapping("/api/stats") +@RequestMapping("/" + StatsAPI.URL) public class StatsAPI { + + public static final String URL = RootController.API_URL + "/stats"; + // Logger for this class private static final Logger logger = LoggerFactory.getLogger(StatsAPI.class); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java index 40ac60e8c..a3e531d8b 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java @@ -20,6 +20,7 @@ import java.util.List; import org.mitre.oauth2.model.ClientDetailsEntity; import org.mitre.oauth2.service.ClientDetailsEntityService; +import org.mitre.oauth2.service.SystemScopeService; import org.mitre.openid.connect.model.UserInfo; import org.mitre.openid.connect.service.UserInfoService; import org.mitre.openid.connect.view.HttpCodeView; @@ -52,8 +53,11 @@ import com.google.common.base.Strings; * */ @Controller +@RequestMapping("/" + UserInfoEndpoint.URL) public class UserInfoEndpoint { + public static final String URL = "userinfo"; + @Autowired private UserInfoService userInfoService; @@ -74,8 +78,8 @@ public class UserInfoEndpoint { /** * Get information about the user as specified in the accessToken included in this request */ - @PreAuthorize("hasRole('ROLE_USER') and #oauth2.hasScope('openid')") - @RequestMapping(value="/userinfo", method= {RequestMethod.GET, RequestMethod.POST}, produces = {MediaType.APPLICATION_JSON_VALUE, JOSE_MEDIA_TYPE_VALUE}) + @PreAuthorize("hasRole('ROLE_USER') and #oauth2.hasScope('" + SystemScopeService.OPENID_SCOPE + "')") + @RequestMapping(method= {RequestMethod.GET, RequestMethod.POST}, produces = {MediaType.APPLICATION_JSON_VALUE, JOSE_MEDIA_TYPE_VALUE}) public String getInfo(@RequestParam(value="claims", required=false) String claimsRequestJsonString, @RequestHeader(value="Accept", required=false) String acceptHeader, OAuth2Authentication auth, Model model) { diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java index 41eebfb02..fe4337a77 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java @@ -54,10 +54,12 @@ import com.google.gson.JsonParser; * */ @Controller -@RequestMapping("/api/whitelist") +@RequestMapping("/" + WhitelistAPI.URL) @PreAuthorize("hasRole('ROLE_USER')") public class WhitelistAPI { + public static final String URL = RootController.API_URL + "/whitelist"; + @Autowired private WhitelistedSiteService whitelistService; From e56161e223552a62cd3340ccaca8012ee37f3d88 Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Wed, 11 Mar 2015 13:39:07 -0400 Subject: [PATCH 04/22] extracted http "code" view parameter --- .../mitre/discovery/view/WebfingerView.java | 3 +- .../discovery/web/DiscoveryEndpoint.java | 6 ++-- .../org/mitre/oauth2/view/TokenApiView.java | 3 +- .../oauth2/web/IntrospectionEndpoint.java | 4 +-- .../web/OAuthConfirmationController.java | 8 ++--- .../mitre/oauth2/web/RevocationEndpoint.java | 10 +++--- .../java/org/mitre/oauth2/web/ScopeAPI.java | 12 +++---- .../java/org/mitre/oauth2/web/TokenAPI.java | 26 +++++++------- .../view/AbstractClientEntityView.java | 2 +- .../view/ClientInformationResponseView.java | 2 +- .../openid/connect/view/HttpCodeView.java | 4 ++- .../connect/view/JsonApprovedSiteView.java | 2 +- .../openid/connect/view/JsonEntityView.java | 2 +- .../openid/connect/view/JsonErrorView.java | 2 +- .../openid/connect/web/ApprovedSiteAPI.java | 10 +++--- .../openid/connect/web/BlacklistAPI.java | 14 ++++---- .../mitre/openid/connect/web/ClientAPI.java | 24 ++++++------- .../DynamicClientRegistrationEndpoint.java | 34 +++++++++---------- ...ProtectedResourceRegistrationEndpoint.java | 34 +++++++++---------- .../openid/connect/web/UserInfoEndpoint.java | 4 +-- .../openid/connect/web/WhitelistAPI.java | 16 ++++----- 21 files changed, 113 insertions(+), 109 deletions(-) diff --git a/openid-connect-server/src/main/java/org/mitre/discovery/view/WebfingerView.java b/openid-connect-server/src/main/java/org/mitre/discovery/view/WebfingerView.java index 967b16420..09de0f044 100644 --- a/openid-connect-server/src/main/java/org/mitre/discovery/view/WebfingerView.java +++ b/openid-connect-server/src/main/java/org/mitre/discovery/view/WebfingerView.java @@ -26,6 +26,7 @@ import java.util.Map; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.mitre.openid.connect.view.HttpCodeView; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.http.HttpStatus; @@ -81,7 +82,7 @@ public class WebfingerView extends AbstractView { response.setContentType("application/jrd+json"); - HttpStatus code = (HttpStatus) model.get("code"); + HttpStatus code = (HttpStatus) model.get(HttpCodeView.CODE); if (code == null) { code = HttpStatus.OK; // default to 200 } diff --git a/openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java b/openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java index d4ac3d939..62616b44e 100644 --- a/openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java @@ -117,7 +117,7 @@ public class DiscoveryEndpoint { if (user == null) { logger.info("User not found: " + resource); - model.addAttribute("code", HttpStatus.NOT_FOUND); + model.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); return HttpCodeView.VIEWNAME; } @@ -125,14 +125,14 @@ public class DiscoveryEndpoint { if (!Strings.nullToEmpty(issuerComponents.getHost()) .equals(Strings.nullToEmpty(resourceUri.getHost()))) { logger.info("Host mismatch, expected " + issuerComponents.getHost() + " got " + resourceUri.getHost()); - model.addAttribute("code", HttpStatus.NOT_FOUND); + model.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); return HttpCodeView.VIEWNAME; } } else { logger.info("Unknown URI format: " + resource); - model.addAttribute("code", HttpStatus.NOT_FOUND); + model.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); return HttpCodeView.VIEWNAME; } } diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/view/TokenApiView.java b/openid-connect-server/src/main/java/org/mitre/oauth2/view/TokenApiView.java index f86ec467b..41e27b175 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/view/TokenApiView.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/view/TokenApiView.java @@ -26,6 +26,7 @@ import javax.servlet.http.HttpServletResponse; import org.mitre.oauth2.model.OAuth2AccessTokenEntity; import org.mitre.oauth2.model.OAuth2RefreshTokenEntity; +import org.mitre.openid.connect.view.HttpCodeView; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.http.HttpStatus; @@ -127,7 +128,7 @@ public class TokenApiView extends AbstractView { response.setContentType(MediaType.APPLICATION_JSON_VALUE); - HttpStatus code = (HttpStatus) model.get("code"); + HttpStatus code = (HttpStatus) model.get(HttpCodeView.CODE); if (code == null) { code = HttpStatus.OK; // default to 200 } diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java index 6011061b7..2d37a7cbb 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java @@ -152,12 +152,12 @@ public class IntrospectionEndpoint { return JsonEntityView.VIEWNAME; } else { logger.error("Verify failed; client configuration or scope don't permit token introspection"); - model.addAttribute("code", HttpStatus.FORBIDDEN); + model.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); return HttpCodeView.VIEWNAME; } } else { logger.error("Verify failed; client " + clientId + " is not allowed to call introspection endpoint"); - model.addAttribute("code", HttpStatus.FORBIDDEN); + model.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); return HttpCodeView.VIEWNAME; } diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java index 72250a8d1..670718c0b 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java @@ -109,7 +109,7 @@ public class OAuthConfirmationController { if (prompts.contains(PROMPT_NONE)) { // we're not supposed to prompt, so "return an error" logger.info("Client requested no prompt, returning 403 from confirmation endpoint"); - model.put("code", HttpStatus.FORBIDDEN); + model.put(HttpCodeView.CODE, HttpStatus.FORBIDDEN); return HttpCodeView.VIEWNAME; } @@ -125,17 +125,17 @@ public class OAuthConfirmationController { client = clientService.loadClientByClientId(authRequest.getClientId()); } catch (OAuth2Exception e) { logger.error("confirmAccess: OAuth2Exception was thrown when attempting to load client", e); - model.put("code", HttpStatus.BAD_REQUEST); + model.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); return HttpCodeView.VIEWNAME; } catch (IllegalArgumentException e) { logger.error("confirmAccess: IllegalArgumentException was thrown when attempting to load client", e); - model.put("code", HttpStatus.BAD_REQUEST); + model.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); return HttpCodeView.VIEWNAME; } if (client == null) { logger.error("confirmAccess: could not find client " + authRequest.getClientId()); - model.put("code", HttpStatus.NOT_FOUND); + model.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); return HttpCodeView.VIEWNAME; } diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/RevocationEndpoint.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/RevocationEndpoint.java index 326f3b32a..a8d333068 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/RevocationEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/RevocationEndpoint.java @@ -68,14 +68,14 @@ public class RevocationEndpoint { // client acting on its own, make sure it owns the token if (!accessToken.getClient().getClientId().equals(authRequest.getClientId())) { // trying to revoke a token we don't own, throw a 403 - model.addAttribute("code", HttpStatus.FORBIDDEN); + model.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); return HttpCodeView.VIEWNAME; } } // if we got this far, we're allowed to do this tokenServices.revokeAccessToken(accessToken); - model.addAttribute("code", HttpStatus.OK); + model.addAttribute(HttpCodeView.CODE, HttpStatus.OK); return HttpCodeView.VIEWNAME; } catch (InvalidTokenException e) { @@ -88,21 +88,21 @@ public class RevocationEndpoint { // client acting on its own, make sure it owns the token if (!refreshToken.getClient().getClientId().equals(authRequest.getClientId())) { // trying to revoke a token we don't own, throw a 403 - model.addAttribute("code", HttpStatus.FORBIDDEN); + model.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); return HttpCodeView.VIEWNAME; } } // if we got this far, we're allowed to do this tokenServices.revokeRefreshToken(refreshToken); - model.addAttribute("code", HttpStatus.OK); + model.addAttribute(HttpCodeView.CODE, HttpStatus.OK); return HttpCodeView.VIEWNAME; } catch (InvalidTokenException e1) { // neither token type was found, simply say "OK" and be on our way. - model.addAttribute("code", HttpStatus.OK); + model.addAttribute(HttpCodeView.CODE, HttpStatus.OK); return HttpCodeView.VIEWNAME; } } diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/ScopeAPI.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/ScopeAPI.java index a605c6ad6..d81b1620a 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/ScopeAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/ScopeAPI.java @@ -94,7 +94,7 @@ public class ScopeAPI { logger.error("getScope failed; scope not found: " + id); - m.put("code", HttpStatus.NOT_FOUND); + m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); m.put("errorMessage", "The requested scope with id " + id + " could not be found."); return JsonErrorView.VIEWNAME; } @@ -123,7 +123,7 @@ public class ScopeAPI { logger.error("updateScope failed; scope ids to not match: got " + existing.getId() + " and " + scope.getId()); - m.put("code", HttpStatus.BAD_REQUEST); + m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); m.put("errorMessage", "Could not update scope. Scope ids to not match: got " + existing.getId() + " and " + scope.getId()); return JsonErrorView.VIEWNAME; @@ -132,7 +132,7 @@ public class ScopeAPI { } else { logger.error("updateScope failed; scope with id " + id + " not found."); - m.put("code", HttpStatus.NOT_FOUND); + m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); m.put("errorMessage", "Could not update scope. The scope with id " + id + " could not be found."); return JsonErrorView.VIEWNAME; } @@ -147,7 +147,7 @@ public class ScopeAPI { if (alreadyExists != null) { //Error, cannot save a scope with the same value as an existing one logger.error("Error: attempting to save a scope with a value that already exists: " + scope.getValue()); - m.put("code", HttpStatus.CONFLICT); + m.put(HttpCodeView.CODE, HttpStatus.CONFLICT); m.put("errorMessage", "A scope with value " + scope.getValue() + " already exists, please choose a different value."); return JsonErrorView.VIEWNAME; } @@ -162,7 +162,7 @@ public class ScopeAPI { } else { logger.error("createScope failed; JSON was invalid: " + json); - m.put("code", HttpStatus.BAD_REQUEST); + m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); m.put("errorMessage", "Could not save new scope " + scope + ". The scope service failed to return a saved entity."); return JsonErrorView.VIEWNAME; @@ -182,7 +182,7 @@ public class ScopeAPI { } else { logger.error("deleteScope failed; scope with id " + id + " not found."); - m.put("code", HttpStatus.NOT_FOUND); + m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); m.put("errorMessage", "Could not delete scope. The requested scope with id " + id + " could not be found."); return JsonErrorView.VIEWNAME; } diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/TokenAPI.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/TokenAPI.java index d293459c4..2efdc5f4e 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/TokenAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/TokenAPI.java @@ -90,12 +90,12 @@ public class TokenAPI { if (token == null) { logger.error("getToken failed; token not found: " + id); - m.put("code", HttpStatus.NOT_FOUND); + m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); m.put("errorMessage", "The requested token with id " + id + " could not be found."); return JsonErrorView.VIEWNAME; } else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) { logger.error("getToken failed; token does not belong to principal " + p.getName()); - m.put("code", HttpStatus.FORBIDDEN); + m.put(HttpCodeView.CODE, HttpStatus.FORBIDDEN); m.put("errorMessage", "You do not have permission to view this token"); return JsonErrorView.VIEWNAME; } else { @@ -111,12 +111,12 @@ public class TokenAPI { if (token == null) { logger.error("getToken failed; token not found: " + id); - m.put("code", HttpStatus.NOT_FOUND); + m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); m.put("errorMessage", "The requested token with id " + id + " could not be found."); return JsonErrorView.VIEWNAME; } else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) { logger.error("getToken failed; token does not belong to principal " + p.getName()); - m.put("code", HttpStatus.FORBIDDEN); + m.put(HttpCodeView.CODE, HttpStatus.FORBIDDEN); m.put("errorMessage", "You do not have permission to view this token"); return JsonErrorView.VIEWNAME; } else { @@ -138,7 +138,7 @@ public class TokenAPI { return TokenApiView.VIEWNAME; } else { // client not found - m.put("code", HttpStatus.NOT_FOUND); + m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); m.put("errorMessage", "The requested client with id " + clientId + " could not be found."); return JsonErrorView.VIEWNAME; } @@ -157,13 +157,13 @@ public class TokenAPI { m.put("entity", token); return TokenApiView.VIEWNAME; } else { - m.put("code", HttpStatus.NOT_FOUND); + m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); m.put("errorMessage", "No registration token could be found."); return JsonErrorView.VIEWNAME; } } else { // client not found - m.put("code", HttpStatus.NOT_FOUND); + m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); m.put("errorMessage", "The requested client with id " + clientId + " could not be found."); return JsonErrorView.VIEWNAME; } @@ -183,13 +183,13 @@ public class TokenAPI { m.put("entity", token); return TokenApiView.VIEWNAME; } else { - m.put("code", HttpStatus.NOT_FOUND); + m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); m.put("errorMessage", "No registration token could be found."); return JsonErrorView.VIEWNAME; } } else { // client not found - m.put("code", HttpStatus.NOT_FOUND); + m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); m.put("errorMessage", "The requested client with id " + clientId + " could not be found."); return JsonErrorView.VIEWNAME; } @@ -213,12 +213,12 @@ public class TokenAPI { if (token == null) { logger.error("refresh token not found: " + id); - m.put("code", HttpStatus.NOT_FOUND); + m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); m.put("errorMessage", "The requested token with id " + id + " could not be found."); return JsonErrorView.VIEWNAME; } else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) { logger.error("refresh token " + id + " does not belong to principal " + p.getName()); - m.put("code", HttpStatus.FORBIDDEN); + m.put(HttpCodeView.CODE, HttpStatus.FORBIDDEN); m.put("errorMessage", "You do not have permission to view this token"); return JsonErrorView.VIEWNAME; } else { @@ -234,12 +234,12 @@ public class TokenAPI { if (token == null) { logger.error("refresh token not found: " + id); - m.put("code", HttpStatus.NOT_FOUND); + m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); m.put("errorMessage", "The requested token with id " + id + " could not be found."); return JsonErrorView.VIEWNAME; } else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) { logger.error("refresh token " + id + " does not belong to principal " + p.getName()); - m.put("code", HttpStatus.FORBIDDEN); + m.put(HttpCodeView.CODE, HttpStatus.FORBIDDEN); m.put("errorMessage", "You do not have permission to view this token"); return JsonErrorView.VIEWNAME; } else { diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java index 340a7fba7..b278a18ed 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java @@ -109,7 +109,7 @@ public abstract class AbstractClientEntityView extends AbstractView { response.setContentType(MediaType.APPLICATION_JSON_VALUE); - HttpStatus code = (HttpStatus) model.get("code"); + HttpStatus code = (HttpStatus) model.get(HttpCodeView.CODE); if (code == null) { code = HttpStatus.OK; // default to 200 } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientInformationResponseView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientInformationResponseView.java index d0cd142f6..1ae8ecfcf 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientInformationResponseView.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientInformationResponseView.java @@ -72,7 +72,7 @@ public class ClientInformationResponseView extends AbstractView { //OAuth2AccessTokenEntity token = (OAuth2AccessTokenEntity) model.get("token"); //String uri = (String)model.get("uri"); //request.getRequestURL() + "/" + c.getClientId(); - HttpStatus code = (HttpStatus) model.get("code"); + HttpStatus code = (HttpStatus) model.get(HttpCodeView.CODE); if (code == null) { code = HttpStatus.OK; } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/HttpCodeView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/HttpCodeView.java index c55a30095..0e8ff0b01 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/HttpCodeView.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/HttpCodeView.java @@ -37,10 +37,12 @@ import org.springframework.web.servlet.view.AbstractView; public class HttpCodeView extends AbstractView { public static final String VIEWNAME = "httpCodeView"; + + public static final String CODE = "code"; @Override protected void renderMergedOutputModel(Map model, HttpServletRequest request, HttpServletResponse response) { - HttpStatus code = (HttpStatus) model.get("code"); + HttpStatus code = (HttpStatus) model.get(CODE); if (code == null) { code = HttpStatus.OK; // default to 200 } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonApprovedSiteView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonApprovedSiteView.java index 87c82fab2..7ab7bb59e 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonApprovedSiteView.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonApprovedSiteView.java @@ -102,7 +102,7 @@ public class JsonApprovedSiteView extends AbstractView { response.setContentType(MediaType.APPLICATION_JSON_VALUE); - HttpStatus code = (HttpStatus) model.get("code"); + HttpStatus code = (HttpStatus) model.get(HttpCodeView.CODE); if (code == null) { code = HttpStatus.OK; // default to 200 } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonEntityView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonEntityView.java index c4b4cd642..e03d1e085 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonEntityView.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonEntityView.java @@ -82,7 +82,7 @@ public class JsonEntityView extends AbstractView { response.setContentType(MediaType.APPLICATION_JSON_VALUE); - HttpStatus code = (HttpStatus) model.get("code"); + HttpStatus code = (HttpStatus) model.get(HttpCodeView.CODE); if (code == null) { code = HttpStatus.OK; // default to 200 } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonErrorView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonErrorView.java index 8ee36991d..57b055acb 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonErrorView.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonErrorView.java @@ -81,7 +81,7 @@ public class JsonErrorView extends AbstractView { response.setContentType(MediaType.APPLICATION_JSON_VALUE); - HttpStatus code = (HttpStatus) model.get("code"); + HttpStatus code = (HttpStatus) model.get(HttpCodeView.CODE); if (code == null) { code = HttpStatus.OK; // default to 200 } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java index 2cbb507ae..0daaffff4 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java @@ -94,17 +94,17 @@ public class ApprovedSiteAPI { if (approvedSite == null) { logger.error("deleteApprovedSite failed; no approved site found for id: " + id); - m.put("code", HttpStatus.NOT_FOUND); + m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); m.put("errorMessage", "Could not delete approved site. The requested approved site with id: " + id + " could not be found."); return JsonErrorView.VIEWNAME; } else if (!approvedSite.getUserId().equals(p.getName())) { logger.error("deleteApprovedSite failed; principal " + p.getName() + " does not own approved site" + id); - m.put("code", HttpStatus.FORBIDDEN); + m.put(HttpCodeView.CODE, HttpStatus.FORBIDDEN); m.put("errorMessage", "You do not have permission to delete this approved site. The approved site decision will not be deleted."); return JsonErrorView.VIEWNAME; } else { - m.put("code", HttpStatus.OK); + m.put(HttpCodeView.CODE, HttpStatus.OK); approvedSiteService.remove(approvedSite); } @@ -119,13 +119,13 @@ public class ApprovedSiteAPI { ApprovedSite approvedSite = approvedSiteService.getById(id); if (approvedSite == null) { logger.error("getApprovedSite failed; no approved site found for id: " + id); - m.put("code", HttpStatus.NOT_FOUND); + m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); m.put("errorMessage", "The requested approved site with id: " + id + " could not be found."); return JsonErrorView.VIEWNAME; } else if (!approvedSite.getUserId().equals(p.getName())) { logger.error("getApprovedSite failed; principal " + p.getName() + " does not own approved site" + id); - m.put("code", HttpStatus.FORBIDDEN); + m.put(HttpCodeView.CODE, HttpStatus.FORBIDDEN); m.put("errorMessage", "You do not have permission to view this approved site."); return JsonErrorView.VIEWNAME; } else { diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java index 562fc4e5e..59dd25ead 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java @@ -113,12 +113,12 @@ public class BlacklistAPI { } catch (JsonSyntaxException e) { logger.error("addNewBlacklistedSite failed due to JsonSyntaxException: ", e); - m.put("code", HttpStatus.BAD_REQUEST); + m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); m.put("errorMessage", "Could not save new blacklisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); return JsonErrorView.VIEWNAME; } catch (IllegalStateException e) { logger.error("addNewBlacklistedSite failed due to IllegalStateException", e); - m.put("code", HttpStatus.BAD_REQUEST); + m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); m.put("errorMessage", "Could not save new blacklisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); return JsonErrorView.VIEWNAME; } @@ -145,12 +145,12 @@ public class BlacklistAPI { } catch (JsonSyntaxException e) { logger.error("updateBlacklistedSite failed due to JsonSyntaxException", e); - m.put("code", HttpStatus.BAD_REQUEST); + m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); m.put("errorMessage", "Could not update blacklisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); return JsonErrorView.VIEWNAME; } catch (IllegalStateException e) { logger.error("updateBlacklistedSite failed due to IllegalStateException", e); - m.put("code", HttpStatus.BAD_REQUEST); + m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); m.put("errorMessage", "Could not update blacklisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); return JsonErrorView.VIEWNAME; } @@ -160,7 +160,7 @@ public class BlacklistAPI { if (oldBlacklist == null) { logger.error("updateBlacklistedSite failed; blacklist with id " + id + " could not be found"); - m.put("code", HttpStatus.NOT_FOUND); + m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); m.put("errorMessage", "Could not update blacklisted site. The requested blacklist with id " + id + "could not be found."); return JsonErrorView.VIEWNAME; } else { @@ -186,7 +186,7 @@ public class BlacklistAPI { m.put("errorMessage", "Could not delete bladklist. The requested bladklist with id " + id + " could not be found."); return JsonErrorView.VIEWNAME; } else { - m.put("code", HttpStatus.OK); + m.put(HttpCodeView.CODE, HttpStatus.OK); blacklistService.remove(blacklist); } @@ -201,7 +201,7 @@ public class BlacklistAPI { BlacklistedSite blacklist = blacklistService.getById(id); if (blacklist == null) { logger.error("getBlacklistedSite failed; blacklist with id " + id + " could not be found"); - m.put("code", HttpStatus.NOT_FOUND); + m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); m.put("errorMessage", "Could not delete bladklist. The requested bladklist with id " + id + " could not be found."); return JsonErrorView.VIEWNAME; } else { diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java index ad2d9dd43..563519a5e 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java @@ -161,12 +161,12 @@ public class ClientAPI { } catch (JsonSyntaxException e) { logger.error("apiAddClient failed due to JsonSyntaxException", e); - m.addAttribute("code", HttpStatus.BAD_REQUEST); + m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); m.addAttribute("errorMessage", "Could not save new client. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); return JsonErrorView.VIEWNAME; } catch (IllegalStateException e) { logger.error("apiAddClient failed due to IllegalStateException", e); - m.addAttribute("code", HttpStatus.BAD_REQUEST); + m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); m.addAttribute("errorMessage", "Could not save new client. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); return JsonErrorView.VIEWNAME; } @@ -196,7 +196,7 @@ public class ClientAPI { if (Strings.isNullOrEmpty(client.getJwksUri())) { logger.error("tried to create client with private key auth but no private key"); - m.addAttribute("code", HttpStatus.BAD_REQUEST); + m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); m.addAttribute("errorMessage", "Can not create a client with private key authentication without registering a key via the JWS Set URI."); return JsonErrorView.VIEWNAME; } @@ -207,7 +207,7 @@ public class ClientAPI { } else { logger.error("unknown auth method"); - m.addAttribute("code", HttpStatus.BAD_REQUEST); + m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); m.addAttribute("errorMessage", "Unknown auth method requested"); return JsonErrorView.VIEWNAME; @@ -248,12 +248,12 @@ public class ClientAPI { } catch (JsonSyntaxException e) { logger.error("apiUpdateClient failed due to JsonSyntaxException", e); - m.addAttribute("code", HttpStatus.BAD_REQUEST); + m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); m.addAttribute("errorMessage", "Could not update client. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); return JsonErrorView.VIEWNAME; } catch (IllegalStateException e) { logger.error("apiUpdateClient failed due to IllegalStateException", e); - m.addAttribute("code", HttpStatus.BAD_REQUEST); + m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); m.addAttribute("errorMessage", "Could not update client. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); return JsonErrorView.VIEWNAME; } @@ -262,7 +262,7 @@ public class ClientAPI { if (oldClient == null) { logger.error("apiUpdateClient failed; client with id " + id + " could not be found."); - m.addAttribute("code", HttpStatus.NOT_FOUND); + m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); m.addAttribute("errorMessage", "Could not update client. The requested client with id " + id + "could not be found."); return JsonErrorView.VIEWNAME; } @@ -292,7 +292,7 @@ public class ClientAPI { if (Strings.isNullOrEmpty(client.getJwksUri())) { logger.error("tried to create client with private key auth but no private key"); - m.addAttribute("code", HttpStatus.BAD_REQUEST); + m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); m.addAttribute("errorMessage", "Can not create a client with private key authentication without registering a key via the JWS Set URI."); return JsonErrorView.VIEWNAME; } @@ -303,7 +303,7 @@ public class ClientAPI { } else { logger.error("unknown auth method"); - m.addAttribute("code", HttpStatus.BAD_REQUEST); + m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); m.addAttribute("errorMessage", "Unknown auth method requested"); return JsonErrorView.VIEWNAME; @@ -334,11 +334,11 @@ public class ClientAPI { if (client == null) { logger.error("apiDeleteClient failed; client with id " + id + " could not be found."); - modelAndView.getModelMap().put("code", HttpStatus.NOT_FOUND); + modelAndView.getModelMap().put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); modelAndView.getModelMap().put("errorMessage", "Could not delete client. The requested client with id " + id + "could not be found."); return JsonErrorView.VIEWNAME; } else { - modelAndView.getModelMap().put("code", HttpStatus.OK); + modelAndView.getModelMap().put(HttpCodeView.CODE, HttpStatus.OK); clientService.deleteClient(client); } @@ -359,7 +359,7 @@ public class ClientAPI { if (client == null) { logger.error("apiShowClient failed; client with id " + id + " could not be found."); - model.addAttribute("code", HttpStatus.NOT_FOUND); + model.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); model.addAttribute("errorMessage", "The requested client with id " + id + " could not be found."); return JsonErrorView.VIEWNAME; } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/DynamicClientRegistrationEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/DynamicClientRegistrationEndpoint.java index 888328219..da6b6f535 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/DynamicClientRegistrationEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/DynamicClientRegistrationEndpoint.java @@ -117,7 +117,7 @@ public class DynamicClientRegistrationEndpoint { // bad parse // didn't parse, this is a bad request logger.error("registerNewClient failed; submitted JSON is malformed"); - m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400 + m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); // http 400 return HttpCodeView.VIEWNAME; } @@ -143,7 +143,7 @@ public class DynamicClientRegistrationEndpoint { // validation failed, return an error m.addAttribute("error", ve.getError()); m.addAttribute("errorMessage", ve.getErrorDescription()); - m.addAttribute("code", ve.getStatus()); + m.addAttribute(HttpCodeView.CODE, ve.getStatus()); return JsonErrorView.VIEWNAME; } @@ -182,26 +182,26 @@ public class DynamicClientRegistrationEndpoint { RegisteredClient registered = new RegisteredClient(savedClient, token.getValue(), config.getIssuer() + "register/" + UriUtils.encodePathSegment(savedClient.getClientId(), "UTF-8")); m.addAttribute("client", registered); - m.addAttribute("code", HttpStatus.CREATED); // http 201 + m.addAttribute(HttpCodeView.CODE, HttpStatus.CREATED); // http 201 return ClientInformationResponseView.VIEWNAME; } catch (UnsupportedEncodingException e) { logger.error("Unsupported encoding", e); - m.addAttribute("code", HttpStatus.INTERNAL_SERVER_ERROR); + m.addAttribute(HttpCodeView.CODE, HttpStatus.INTERNAL_SERVER_ERROR); return HttpCodeView.VIEWNAME; } catch (IllegalArgumentException e) { logger.error("Couldn't save client", e); m.addAttribute("error", "invalid_client_metadata"); m.addAttribute("errorMessage", "Unable to save client due to invalid or inconsistent metadata."); - m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400 + m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); // http 400 return JsonErrorView.VIEWNAME; } } else { // didn't parse, this is a bad request logger.error("registerNewClient failed; submitted JSON is malformed"); - m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400 + m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); // http 400 return HttpCodeView.VIEWNAME; } @@ -229,12 +229,12 @@ public class DynamicClientRegistrationEndpoint { // send it all out to the view m.addAttribute("client", registered); - m.addAttribute("code", HttpStatus.OK); // http 200 + m.addAttribute(HttpCodeView.CODE, HttpStatus.OK); // http 200 return ClientInformationResponseView.VIEWNAME; } catch (UnsupportedEncodingException e) { logger.error("Unsupported encoding", e); - m.addAttribute("code", HttpStatus.INTERNAL_SERVER_ERROR); + m.addAttribute(HttpCodeView.CODE, HttpStatus.INTERNAL_SERVER_ERROR); return HttpCodeView.VIEWNAME; } @@ -242,7 +242,7 @@ public class DynamicClientRegistrationEndpoint { // client mismatch logger.error("readClientConfiguration failed, client ID mismatch: " + clientId + " and " + auth.getOAuth2Request().getClientId() + " do not match."); - m.addAttribute("code", HttpStatus.FORBIDDEN); // http 403 + m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); // http 403 return HttpCodeView.VIEWNAME; } @@ -268,7 +268,7 @@ public class DynamicClientRegistrationEndpoint { // bad parse // didn't parse, this is a bad request logger.error("updateClient failed; submitted JSON is malformed"); - m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400 + m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); // http 400 return HttpCodeView.VIEWNAME; } ClientDetailsEntity oldClient = clientService.loadClientByClientId(clientId); @@ -303,7 +303,7 @@ public class DynamicClientRegistrationEndpoint { // validation failed, return an error m.addAttribute("error", ve.getError()); m.addAttribute("errorMessage", ve.getErrorDescription()); - m.addAttribute("code", ve.getStatus()); + m.addAttribute(HttpCodeView.CODE, ve.getStatus()); return JsonErrorView.VIEWNAME; } @@ -317,19 +317,19 @@ public class DynamicClientRegistrationEndpoint { // send it all out to the view m.addAttribute("client", registered); - m.addAttribute("code", HttpStatus.OK); // http 200 + m.addAttribute(HttpCodeView.CODE, HttpStatus.OK); // http 200 return ClientInformationResponseView.VIEWNAME; } catch (UnsupportedEncodingException e) { logger.error("Unsupported encoding", e); - m.addAttribute("code", HttpStatus.INTERNAL_SERVER_ERROR); + m.addAttribute(HttpCodeView.CODE, HttpStatus.INTERNAL_SERVER_ERROR); return HttpCodeView.VIEWNAME; } catch (IllegalArgumentException e) { logger.error("Couldn't save client", e); m.addAttribute("error", "invalid_client_metadata"); m.addAttribute("errorMessage", "Unable to save client due to invalid or inconsistent metadata."); - m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400 + m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); // http 400 return JsonErrorView.VIEWNAME; } @@ -337,7 +337,7 @@ public class DynamicClientRegistrationEndpoint { // client mismatch logger.error("updateClient failed, client ID mismatch: " + clientId + " and " + auth.getOAuth2Request().getClientId() + " do not match."); - m.addAttribute("code", HttpStatus.FORBIDDEN); // http 403 + m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); // http 403 return HttpCodeView.VIEWNAME; } @@ -360,14 +360,14 @@ public class DynamicClientRegistrationEndpoint { clientService.deleteClient(client); - m.addAttribute("code", HttpStatus.NO_CONTENT); // http 204 + m.addAttribute(HttpCodeView.CODE, HttpStatus.NO_CONTENT); // http 204 return HttpCodeView.VIEWNAME; } else { // client mismatch logger.error("readClientConfiguration failed, client ID mismatch: " + clientId + " and " + auth.getOAuth2Request().getClientId() + " do not match."); - m.addAttribute("code", HttpStatus.FORBIDDEN); // http 403 + m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); // http 403 return HttpCodeView.VIEWNAME; } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java index b029f95b6..fa56535cc 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java @@ -117,7 +117,7 @@ public class ProtectedResourceRegistrationEndpoint { // bad parse // didn't parse, this is a bad request logger.error("registerNewProtectedResource failed; submitted JSON is malformed"); - m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400 + m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); // http 400 return HttpCodeView.VIEWNAME; } @@ -140,7 +140,7 @@ public class ProtectedResourceRegistrationEndpoint { // validation failed, return an error m.addAttribute("error", ve.getError()); m.addAttribute("errorMessage", ve.getErrorDescription()); - m.addAttribute("code", ve.getStatus()); + m.addAttribute(HttpCodeView.CODE, ve.getStatus()); return JsonErrorView.VIEWNAME; } @@ -190,26 +190,26 @@ public class ProtectedResourceRegistrationEndpoint { RegisteredClient registered = new RegisteredClient(savedClient, token.getValue(), config.getIssuer() + "resource/" + UriUtils.encodePathSegment(savedClient.getClientId(), "UTF-8")); m.addAttribute("client", registered); - m.addAttribute("code", HttpStatus.CREATED); // http 201 + m.addAttribute(HttpCodeView.CODE, HttpStatus.CREATED); // http 201 return ClientInformationResponseView.VIEWNAME; } catch (UnsupportedEncodingException e) { logger.error("Unsupported encoding", e); - m.addAttribute("code", HttpStatus.INTERNAL_SERVER_ERROR); + m.addAttribute(HttpCodeView.CODE, HttpStatus.INTERNAL_SERVER_ERROR); return HttpCodeView.VIEWNAME; } catch (IllegalArgumentException e) { logger.error("Couldn't save client", e); m.addAttribute("error", "invalid_client_metadata"); m.addAttribute("errorMessage", "Unable to save client due to invalid or inconsistent metadata."); - m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400 + m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); // http 400 return JsonErrorView.VIEWNAME; } } else { // didn't parse, this is a bad request logger.error("registerNewClient failed; submitted JSON is malformed"); - m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400 + m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); // http 400 return HttpCodeView.VIEWNAME; } @@ -258,19 +258,19 @@ public class ProtectedResourceRegistrationEndpoint { // send it all out to the view m.addAttribute("client", registered); - m.addAttribute("code", HttpStatus.OK); // http 200 + m.addAttribute(HttpCodeView.CODE, HttpStatus.OK); // http 200 return ClientInformationResponseView.VIEWNAME; } catch (UnsupportedEncodingException e) { logger.error("Unsupported encoding", e); - m.addAttribute("code", HttpStatus.INTERNAL_SERVER_ERROR); + m.addAttribute(HttpCodeView.CODE, HttpStatus.INTERNAL_SERVER_ERROR); return HttpCodeView.VIEWNAME; } } else { // client mismatch logger.error("readResourceConfiguration failed, client ID mismatch: " + clientId + " and " + auth.getOAuth2Request().getClientId() + " do not match."); - m.addAttribute("code", HttpStatus.FORBIDDEN); // http 403 + m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); // http 403 return HttpCodeView.VIEWNAME; } @@ -296,7 +296,7 @@ public class ProtectedResourceRegistrationEndpoint { // bad parse // didn't parse, this is a bad request logger.error("updateProtectedResource failed; submitted JSON is malformed"); - m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400 + m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); // http 400 return HttpCodeView.VIEWNAME; } @@ -353,7 +353,7 @@ public class ProtectedResourceRegistrationEndpoint { // validation failed, return an error m.addAttribute("error", ve.getError()); m.addAttribute("errorMessage", ve.getErrorDescription()); - m.addAttribute("code", ve.getStatus()); + m.addAttribute(HttpCodeView.CODE, ve.getStatus()); return JsonErrorView.VIEWNAME; } @@ -369,19 +369,19 @@ public class ProtectedResourceRegistrationEndpoint { // send it all out to the view m.addAttribute("client", registered); - m.addAttribute("code", HttpStatus.OK); // http 200 + m.addAttribute(HttpCodeView.CODE, HttpStatus.OK); // http 200 return ClientInformationResponseView.VIEWNAME; } catch (UnsupportedEncodingException e) { logger.error("Unsupported encoding", e); - m.addAttribute("code", HttpStatus.INTERNAL_SERVER_ERROR); + m.addAttribute(HttpCodeView.CODE, HttpStatus.INTERNAL_SERVER_ERROR); return HttpCodeView.VIEWNAME; } catch (IllegalArgumentException e) { logger.error("Couldn't save client", e); m.addAttribute("error", "invalid_client_metadata"); m.addAttribute("errorMessage", "Unable to save client due to invalid or inconsistent metadata."); - m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400 + m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); // http 400 return JsonErrorView.VIEWNAME; } @@ -390,7 +390,7 @@ public class ProtectedResourceRegistrationEndpoint { logger.error("updateProtectedResource" + " failed, client ID mismatch: " + clientId + " and " + auth.getOAuth2Request().getClientId() + " do not match."); - m.addAttribute("code", HttpStatus.FORBIDDEN); // http 403 + m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); // http 403 return HttpCodeView.VIEWNAME; } @@ -413,14 +413,14 @@ public class ProtectedResourceRegistrationEndpoint { clientService.deleteClient(client); - m.addAttribute("code", HttpStatus.NO_CONTENT); // http 204 + m.addAttribute(HttpCodeView.CODE, HttpStatus.NO_CONTENT); // http 204 return HttpCodeView.VIEWNAME; } else { // client mismatch logger.error("readClientConfiguration failed, client ID mismatch: " + clientId + " and " + auth.getOAuth2Request().getClientId() + " do not match."); - m.addAttribute("code", HttpStatus.FORBIDDEN); // http 403 + m.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); // http 403 return HttpCodeView.VIEWNAME; } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java index a3e531d8b..d2a625894 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java @@ -86,7 +86,7 @@ public class UserInfoEndpoint { if (auth == null) { logger.error("getInfo failed; no principal. Requester is not authorized."); - model.addAttribute("code", HttpStatus.FORBIDDEN); + model.addAttribute(HttpCodeView.CODE, HttpStatus.FORBIDDEN); return HttpCodeView.VIEWNAME; } @@ -95,7 +95,7 @@ public class UserInfoEndpoint { if (userInfo == null) { logger.error("getInfo failed; user not found: " + username); - model.addAttribute("code", HttpStatus.NOT_FOUND); + model.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); return HttpCodeView.VIEWNAME; } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java index fe4337a77..6889dfdfb 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java @@ -109,12 +109,12 @@ public class WhitelistAPI { } catch (JsonParseException e) { logger.error("addNewWhitelistedSite failed due to JsonParseException", e); - m.addAttribute("code", HttpStatus.BAD_REQUEST); + m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); m.addAttribute("errorMessage", "Could not save new whitelisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); return JsonErrorView.VIEWNAME; } catch (IllegalStateException e) { logger.error("addNewWhitelistedSite failed due to IllegalStateException", e); - m.addAttribute("code", HttpStatus.BAD_REQUEST); + m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); m.addAttribute("errorMessage", "Could not save new whitelisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); return JsonErrorView.VIEWNAME; } @@ -146,12 +146,12 @@ public class WhitelistAPI { } catch (JsonParseException e) { logger.error("updateWhitelistedSite failed due to JsonParseException", e); - m.put("code", HttpStatus.BAD_REQUEST); + m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); m.put("errorMessage", "Could not update whitelisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); return JsonErrorView.VIEWNAME; } catch (IllegalStateException e) { logger.error("updateWhitelistedSite failed due to IllegalStateException", e); - m.put("code", HttpStatus.BAD_REQUEST); + m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); m.put("errorMessage", "Could not update whitelisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); return JsonErrorView.VIEWNAME; } @@ -160,7 +160,7 @@ public class WhitelistAPI { if (oldWhitelist == null) { logger.error("updateWhitelistedSite failed; whitelist with id " + id + " could not be found."); - m.put("code", HttpStatus.NOT_FOUND); + m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); m.put("errorMessage", "Could not update whitelisted site. The requested whitelisted site with id " + id + "could not be found."); return JsonErrorView.VIEWNAME; } else { @@ -184,11 +184,11 @@ public class WhitelistAPI { if (whitelist == null) { logger.error("deleteWhitelistedSite failed; whitelist with id " + id + " could not be found."); - m.put("code", HttpStatus.NOT_FOUND); + m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); m.put("errorMessage", "Could not delete whitelisted site. The requested whitelisted site with id " + id + "could not be found."); return JsonErrorView.VIEWNAME; } else { - m.put("code", HttpStatus.OK); + m.put(HttpCodeView.CODE, HttpStatus.OK); whitelistService.remove(whitelist); } @@ -203,7 +203,7 @@ public class WhitelistAPI { WhitelistedSite whitelist = whitelistService.getById(id); if (whitelist == null) { logger.error("getWhitelistedSite failed; whitelist with id " + id + " could not be found."); - m.put("code", HttpStatus.NOT_FOUND); + m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); m.put("errorMessage", "The requested whitelisted site with id " + id + "could not be found."); return JsonErrorView.VIEWNAME; } else { From 86e95d9e6e5c5bf5df79f5e53107f59f9123f47d Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Wed, 11 Mar 2015 13:52:32 -0400 Subject: [PATCH 05/22] externalized json entity and error parameters, closes #770 --- .../discovery/web/DiscoveryEndpoint.java | 2 +- .../org/mitre/oauth2/view/TokenApiView.java | 3 +- .../oauth2/web/IntrospectionEndpoint.java | 6 +-- .../java/org/mitre/oauth2/web/ScopeAPI.java | 20 ++++----- .../java/org/mitre/oauth2/web/TokenAPI.java | 41 ++++++++++--------- .../view/AbstractClientEntityView.java | 2 +- .../connect/view/JsonApprovedSiteView.java | 2 +- .../openid/connect/view/JsonEntityView.java | 4 +- .../openid/connect/view/JsonErrorView.java | 18 ++++++-- .../openid/connect/web/ApprovedSiteAPI.java | 13 +++--- .../openid/connect/web/BlacklistAPI.java | 22 +++++----- .../mitre/openid/connect/web/ClientAPI.java | 31 +++++++------- .../DynamicClientRegistrationEndpoint.java | 16 ++++---- ...ProtectedResourceRegistrationEndpoint.java | 16 ++++---- .../mitre/openid/connect/web/StatsAPI.java | 6 +-- .../openid/connect/web/WhitelistAPI.java | 22 +++++----- 16 files changed, 120 insertions(+), 104 deletions(-) diff --git a/openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java b/openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java index 62616b44e..be9038216 100644 --- a/openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java @@ -340,7 +340,7 @@ public class DiscoveryEndpoint { m.put("introspection_endpoint", baseUrl + IntrospectionEndpoint.URL); // token introspection endpoint for verifying tokens m.put("revocation_endpoint", baseUrl + RevocationEndpoint.URL); // token revocation endpoint - model.addAttribute("entity", m); + model.addAttribute(JsonEntityView.ENTITY, m); return JsonEntityView.VIEWNAME; } diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/view/TokenApiView.java b/openid-connect-server/src/main/java/org/mitre/oauth2/view/TokenApiView.java index 41e27b175..98e6ccfca 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/view/TokenApiView.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/view/TokenApiView.java @@ -27,6 +27,7 @@ import javax.servlet.http.HttpServletResponse; import org.mitre.oauth2.model.OAuth2AccessTokenEntity; import org.mitre.oauth2.model.OAuth2RefreshTokenEntity; import org.mitre.openid.connect.view.HttpCodeView; +import org.mitre.openid.connect.view.JsonEntityView; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.http.HttpStatus; @@ -138,7 +139,7 @@ public class TokenApiView extends AbstractView { try { Writer out = response.getWriter(); - Object obj = model.get("entity"); + Object obj = model.get(JsonEntityView.ENTITY); gson.toJson(obj, out); } catch (IOException e) { diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java index 2d37a7cbb..838e91b87 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java @@ -98,7 +98,7 @@ public class IntrospectionEndpoint { if (Strings.isNullOrEmpty(tokenValue)) { logger.error("Verify failed; token value is null"); Map entity = ImmutableMap.of("active", Boolean.FALSE); - model.addAttribute("entity", entity); + model.addAttribute(JsonEntityView.ENTITY, entity); return JsonEntityView.VIEWNAME; } @@ -133,7 +133,7 @@ public class IntrospectionEndpoint { } catch (InvalidTokenException e2) { logger.error("Verify failed; Invalid access/refresh token", e2); Map entity = ImmutableMap.of("active", Boolean.FALSE); - model.addAttribute("entity", entity); + model.addAttribute(JsonEntityView.ENTITY, entity); return JsonEntityView.VIEWNAME; } } @@ -148,7 +148,7 @@ public class IntrospectionEndpoint { Map entity = accessToken != null ? introspectionResultAssembler.assembleFrom(accessToken, user) : introspectionResultAssembler.assembleFrom(refreshToken, user); - model.addAttribute("entity", entity); + model.addAttribute(JsonEntityView.ENTITY, entity); return JsonEntityView.VIEWNAME; } else { logger.error("Verify failed; client configuration or scope don't permit token introspection"); diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/ScopeAPI.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/ScopeAPI.java index d81b1620a..2690525e2 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/ScopeAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/ScopeAPI.java @@ -75,7 +75,7 @@ public class ScopeAPI { Set allScopes = scopeService.getAll(); - m.put("entity", allScopes); + m.put(JsonEntityView.ENTITY, allScopes); return JsonEntityView.VIEWNAME; } @@ -87,7 +87,7 @@ public class ScopeAPI { if (scope != null) { - m.put("entity", scope); + m.put(JsonEntityView.ENTITY, scope); return JsonEntityView.VIEWNAME; } else { @@ -95,7 +95,7 @@ public class ScopeAPI { logger.error("getScope failed; scope not found: " + id); m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - m.put("errorMessage", "The requested scope with id " + id + " could not be found."); + m.put(JsonErrorView.ERROR_MESSAGE, "The requested scope with id " + id + " could not be found."); return JsonErrorView.VIEWNAME; } } @@ -115,7 +115,7 @@ public class ScopeAPI { scope = scopeService.save(scope); - m.put("entity", scope); + m.put(JsonEntityView.ENTITY, scope); return JsonEntityView.VIEWNAME; } else { @@ -124,7 +124,7 @@ public class ScopeAPI { + existing.getId() + " and " + scope.getId()); m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.put("errorMessage", "Could not update scope. Scope ids to not match: got " + m.put(JsonErrorView.ERROR_MESSAGE, "Could not update scope. Scope ids to not match: got " + existing.getId() + " and " + scope.getId()); return JsonErrorView.VIEWNAME; } @@ -133,7 +133,7 @@ public class ScopeAPI { logger.error("updateScope failed; scope with id " + id + " not found."); m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - m.put("errorMessage", "Could not update scope. The scope with id " + id + " could not be found."); + m.put(JsonErrorView.ERROR_MESSAGE, "Could not update scope. The scope with id " + id + " could not be found."); return JsonErrorView.VIEWNAME; } } @@ -148,7 +148,7 @@ public class ScopeAPI { //Error, cannot save a scope with the same value as an existing one logger.error("Error: attempting to save a scope with a value that already exists: " + scope.getValue()); m.put(HttpCodeView.CODE, HttpStatus.CONFLICT); - m.put("errorMessage", "A scope with value " + scope.getValue() + " already exists, please choose a different value."); + m.put(JsonErrorView.ERROR_MESSAGE, "A scope with value " + scope.getValue() + " already exists, please choose a different value."); return JsonErrorView.VIEWNAME; } @@ -156,14 +156,14 @@ public class ScopeAPI { if (scope != null && scope.getId() != null) { - m.put("entity", scope); + m.put(JsonEntityView.ENTITY, scope); return JsonEntityView.VIEWNAME; } else { logger.error("createScope failed; JSON was invalid: " + json); m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.put("errorMessage", "Could not save new scope " + scope + ". The scope service failed to return a saved entity."); + m.put(JsonErrorView.ERROR_MESSAGE, "Could not save new scope " + scope + ". The scope service failed to return a saved entity."); return JsonErrorView.VIEWNAME; } @@ -183,7 +183,7 @@ public class ScopeAPI { logger.error("deleteScope failed; scope with id " + id + " not found."); m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - m.put("errorMessage", "Could not delete scope. The requested scope with id " + id + " could not be found."); + m.put(JsonErrorView.ERROR_MESSAGE, "Could not delete scope. The requested scope with id " + id + " could not be found."); return JsonErrorView.VIEWNAME; } } diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/TokenAPI.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/TokenAPI.java index 2efdc5f4e..bbfb1b49b 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/TokenAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/TokenAPI.java @@ -28,6 +28,7 @@ import org.mitre.oauth2.service.OAuth2TokenEntityService; import org.mitre.oauth2.view.TokenApiView; import org.mitre.openid.connect.service.OIDCTokenService; import org.mitre.openid.connect.view.HttpCodeView; +import org.mitre.openid.connect.view.JsonEntityView; import org.mitre.openid.connect.view.JsonErrorView; import org.mitre.openid.connect.web.RootController; import org.slf4j.Logger; @@ -79,7 +80,7 @@ public class TokenAPI { public String getAllAccessTokens(ModelMap m, Principal p) { Set allTokens = tokenService.getAllAccessTokensForUser(p.getName()); - m.put("entity", allTokens); + m.put(JsonEntityView.ENTITY, allTokens); return TokenApiView.VIEWNAME; } @@ -91,15 +92,15 @@ public class TokenAPI { if (token == null) { logger.error("getToken failed; token not found: " + id); m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - m.put("errorMessage", "The requested token with id " + id + " could not be found."); + m.put(JsonErrorView.ERROR_MESSAGE, "The requested token with id " + id + " could not be found."); return JsonErrorView.VIEWNAME; } else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) { logger.error("getToken failed; token does not belong to principal " + p.getName()); m.put(HttpCodeView.CODE, HttpStatus.FORBIDDEN); - m.put("errorMessage", "You do not have permission to view this token"); + m.put(JsonErrorView.ERROR_MESSAGE, "You do not have permission to view this token"); return JsonErrorView.VIEWNAME; } else { - m.put("entity", token); + m.put(JsonEntityView.ENTITY, token); return TokenApiView.VIEWNAME; } } @@ -112,12 +113,12 @@ public class TokenAPI { if (token == null) { logger.error("getToken failed; token not found: " + id); m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - m.put("errorMessage", "The requested token with id " + id + " could not be found."); + m.put(JsonErrorView.ERROR_MESSAGE, "The requested token with id " + id + " could not be found."); return JsonErrorView.VIEWNAME; } else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) { logger.error("getToken failed; token does not belong to principal " + p.getName()); m.put(HttpCodeView.CODE, HttpStatus.FORBIDDEN); - m.put("errorMessage", "You do not have permission to view this token"); + m.put(JsonErrorView.ERROR_MESSAGE, "You do not have permission to view this token"); return JsonErrorView.VIEWNAME; } else { tokenService.revokeAccessToken(token); @@ -134,12 +135,12 @@ public class TokenAPI { if (client != null) { List tokens = tokenService.getAccessTokensForClient(client); - m.put("entity", tokens); + m.put(JsonEntityView.ENTITY, tokens); return TokenApiView.VIEWNAME; } else { // client not found m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - m.put("errorMessage", "The requested client with id " + clientId + " could not be found."); + m.put(JsonErrorView.ERROR_MESSAGE, "The requested client with id " + clientId + " could not be found."); return JsonErrorView.VIEWNAME; } @@ -154,17 +155,17 @@ public class TokenAPI { if (client != null) { OAuth2AccessTokenEntity token = tokenService.getRegistrationAccessTokenForClient(client); if (token != null) { - m.put("entity", token); + m.put(JsonEntityView.ENTITY, token); return TokenApiView.VIEWNAME; } else { m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - m.put("errorMessage", "No registration token could be found."); + m.put(JsonErrorView.ERROR_MESSAGE, "No registration token could be found."); return JsonErrorView.VIEWNAME; } } else { // client not found m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - m.put("errorMessage", "The requested client with id " + clientId + " could not be found."); + m.put(JsonErrorView.ERROR_MESSAGE, "The requested client with id " + clientId + " could not be found."); return JsonErrorView.VIEWNAME; } @@ -180,17 +181,17 @@ public class TokenAPI { token = tokenService.saveAccessToken(token); if (token != null) { - m.put("entity", token); + m.put(JsonEntityView.ENTITY, token); return TokenApiView.VIEWNAME; } else { m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - m.put("errorMessage", "No registration token could be found."); + m.put(JsonErrorView.ERROR_MESSAGE, "No registration token could be found."); return JsonErrorView.VIEWNAME; } } else { // client not found m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - m.put("errorMessage", "The requested client with id " + clientId + " could not be found."); + m.put(JsonErrorView.ERROR_MESSAGE, "The requested client with id " + clientId + " could not be found."); return JsonErrorView.VIEWNAME; } @@ -200,7 +201,7 @@ public class TokenAPI { public String getAllRefreshTokens(ModelMap m, Principal p) { Set allTokens = tokenService.getAllRefreshTokensForUser(p.getName()); - m.put("entity", allTokens); + m.put(JsonEntityView.ENTITY, allTokens); return TokenApiView.VIEWNAME; @@ -214,15 +215,15 @@ public class TokenAPI { if (token == null) { logger.error("refresh token not found: " + id); m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - m.put("errorMessage", "The requested token with id " + id + " could not be found."); + m.put(JsonErrorView.ERROR_MESSAGE, "The requested token with id " + id + " could not be found."); return JsonErrorView.VIEWNAME; } else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) { logger.error("refresh token " + id + " does not belong to principal " + p.getName()); m.put(HttpCodeView.CODE, HttpStatus.FORBIDDEN); - m.put("errorMessage", "You do not have permission to view this token"); + m.put(JsonErrorView.ERROR_MESSAGE, "You do not have permission to view this token"); return JsonErrorView.VIEWNAME; } else { - m.put("entity", token); + m.put(JsonEntityView.ENTITY, token); return TokenApiView.VIEWNAME; } } @@ -235,12 +236,12 @@ public class TokenAPI { if (token == null) { logger.error("refresh token not found: " + id); m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - m.put("errorMessage", "The requested token with id " + id + " could not be found."); + m.put(JsonErrorView.ERROR_MESSAGE, "The requested token with id " + id + " could not be found."); return JsonErrorView.VIEWNAME; } else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) { logger.error("refresh token " + id + " does not belong to principal " + p.getName()); m.put(HttpCodeView.CODE, HttpStatus.FORBIDDEN); - m.put("errorMessage", "You do not have permission to view this token"); + m.put(JsonErrorView.ERROR_MESSAGE, "You do not have permission to view this token"); return JsonErrorView.VIEWNAME; } else { tokenService.revokeRefreshToken(token); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java index b278a18ed..b60bf1302 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/AbstractClientEntityView.java @@ -119,7 +119,7 @@ public abstract class AbstractClientEntityView extends AbstractView { try { Writer out = response.getWriter(); - Object obj = model.get("entity"); + Object obj = model.get(JsonEntityView.ENTITY); gson.toJson(obj, out); } catch (IOException e) { diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonApprovedSiteView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonApprovedSiteView.java index 7ab7bb59e..35b866b7b 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonApprovedSiteView.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonApprovedSiteView.java @@ -112,7 +112,7 @@ public class JsonApprovedSiteView extends AbstractView { try { Writer out = response.getWriter(); - Object obj = model.get("entity"); + Object obj = model.get(JsonEntityView.ENTITY); gson.toJson(obj, out); } catch (IOException e) { diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonEntityView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonEntityView.java index e03d1e085..ef5f0c064 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonEntityView.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonEntityView.java @@ -46,6 +46,8 @@ import com.google.gson.GsonBuilder; @Component(JsonEntityView.VIEWNAME) public class JsonEntityView extends AbstractView { + public static final String ENTITY = "entity"; + /** * Logger for this class */ @@ -92,7 +94,7 @@ public class JsonEntityView extends AbstractView { try { Writer out = response.getWriter(); - Object obj = model.get("entity"); + Object obj = model.get(ENTITY); gson.toJson(obj, out); } catch (IOException e) { diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonErrorView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonErrorView.java index 57b055acb..520577f50 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonErrorView.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonErrorView.java @@ -45,6 +45,16 @@ import com.google.gson.JsonObject; @Component(JsonErrorView.VIEWNAME) public class JsonErrorView extends AbstractView { + /** + * + */ + public static final String ERROR_MESSAGE = "errorMessage"; + + /** + * + */ + public static final String ERROR = "error"; + /** * Logger for this class */ @@ -83,7 +93,7 @@ public class JsonErrorView extends AbstractView { HttpStatus code = (HttpStatus) model.get(HttpCodeView.CODE); if (code == null) { - code = HttpStatus.OK; // default to 200 + code = HttpStatus.INTERNAL_SERVER_ERROR; // default to 500 } response.setStatus(code.value()); @@ -92,11 +102,11 @@ public class JsonErrorView extends AbstractView { Writer out = response.getWriter(); - String errorTitle = (String) model.get("error"); + String errorTitle = (String) model.get(ERROR); if (Strings.isNullOrEmpty(errorTitle)) { - errorTitle = "Error"; + errorTitle = "mitreid_error"; } - String errorMessage = (String) model.get("errorMessage"); + String errorMessage = (String) model.get(ERROR_MESSAGE); JsonObject obj = new JsonObject(); obj.addProperty("error", errorTitle); obj.addProperty("error_description", errorMessage); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java index 0daaffff4..f5131c006 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java @@ -27,6 +27,7 @@ import org.mitre.openid.connect.model.ApprovedSite; import org.mitre.openid.connect.service.ApprovedSiteService; import org.mitre.openid.connect.view.HttpCodeView; import org.mitre.openid.connect.view.JsonApprovedSiteView; +import org.mitre.openid.connect.view.JsonEntityView; import org.mitre.openid.connect.view.JsonErrorView; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -79,7 +80,7 @@ public class ApprovedSiteAPI { Collection all = approvedSiteService.getByUserId(p.getName()); - m.put("entity", all); + m.put(JsonEntityView.ENTITY, all); return JsonApprovedSiteView.VIEWNAME; } @@ -95,13 +96,13 @@ public class ApprovedSiteAPI { if (approvedSite == null) { logger.error("deleteApprovedSite failed; no approved site found for id: " + id); m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - m.put("errorMessage", "Could not delete approved site. The requested approved site with id: " + id + " could not be found."); + m.put(JsonErrorView.ERROR_MESSAGE, "Could not delete approved site. The requested approved site with id: " + id + " could not be found."); return JsonErrorView.VIEWNAME; } else if (!approvedSite.getUserId().equals(p.getName())) { logger.error("deleteApprovedSite failed; principal " + p.getName() + " does not own approved site" + id); m.put(HttpCodeView.CODE, HttpStatus.FORBIDDEN); - m.put("errorMessage", "You do not have permission to delete this approved site. The approved site decision will not be deleted."); + m.put(JsonErrorView.ERROR_MESSAGE, "You do not have permission to delete this approved site. The approved site decision will not be deleted."); return JsonErrorView.VIEWNAME; } else { m.put(HttpCodeView.CODE, HttpStatus.OK); @@ -120,16 +121,16 @@ public class ApprovedSiteAPI { if (approvedSite == null) { logger.error("getApprovedSite failed; no approved site found for id: " + id); m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - m.put("errorMessage", "The requested approved site with id: " + id + " could not be found."); + m.put(JsonErrorView.ERROR_MESSAGE, "The requested approved site with id: " + id + " could not be found."); return JsonErrorView.VIEWNAME; } else if (!approvedSite.getUserId().equals(p.getName())) { logger.error("getApprovedSite failed; principal " + p.getName() + " does not own approved site" + id); m.put(HttpCodeView.CODE, HttpStatus.FORBIDDEN); - m.put("errorMessage", "You do not have permission to view this approved site."); + m.put(JsonErrorView.ERROR_MESSAGE, "You do not have permission to view this approved site."); return JsonErrorView.VIEWNAME; } else { - m.put("entity", approvedSite); + m.put(JsonEntityView.ENTITY, approvedSite); return JsonApprovedSiteView.VIEWNAME; } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java index 59dd25ead..da149e3f2 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java @@ -84,7 +84,7 @@ public class BlacklistAPI { Collection all = blacklistService.getAll(); - m.put("entity", all); + m.put(JsonEntityView.ENTITY, all); return JsonEntityView.VIEWNAME; } @@ -108,18 +108,18 @@ public class BlacklistAPI { json = parser.parse(jsonString).getAsJsonObject(); blacklist = gson.fromJson(json, BlacklistedSite.class); BlacklistedSite newBlacklist = blacklistService.saveNew(blacklist); - m.put("entity", newBlacklist); + m.put(JsonEntityView.ENTITY, newBlacklist); } catch (JsonSyntaxException e) { logger.error("addNewBlacklistedSite failed due to JsonSyntaxException: ", e); m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.put("errorMessage", "Could not save new blacklisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); + m.put(JsonErrorView.ERROR_MESSAGE, "Could not save new blacklisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); return JsonErrorView.VIEWNAME; } catch (IllegalStateException e) { logger.error("addNewBlacklistedSite failed due to IllegalStateException", e); m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.put("errorMessage", "Could not save new blacklisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); + m.put(JsonErrorView.ERROR_MESSAGE, "Could not save new blacklisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); return JsonErrorView.VIEWNAME; } @@ -146,12 +146,12 @@ public class BlacklistAPI { catch (JsonSyntaxException e) { logger.error("updateBlacklistedSite failed due to JsonSyntaxException", e); m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.put("errorMessage", "Could not update blacklisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); + m.put(JsonErrorView.ERROR_MESSAGE, "Could not update blacklisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); return JsonErrorView.VIEWNAME; } catch (IllegalStateException e) { logger.error("updateBlacklistedSite failed due to IllegalStateException", e); m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.put("errorMessage", "Could not update blacklisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); + m.put(JsonErrorView.ERROR_MESSAGE, "Could not update blacklisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); return JsonErrorView.VIEWNAME; } @@ -161,13 +161,13 @@ public class BlacklistAPI { if (oldBlacklist == null) { logger.error("updateBlacklistedSite failed; blacklist with id " + id + " could not be found"); m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - m.put("errorMessage", "Could not update blacklisted site. The requested blacklist with id " + id + "could not be found."); + m.put(JsonErrorView.ERROR_MESSAGE, "Could not update blacklisted site. The requested blacklist with id " + id + "could not be found."); return JsonErrorView.VIEWNAME; } else { BlacklistedSite newBlacklist = blacklistService.update(oldBlacklist, blacklist); - m.put("entity", newBlacklist); + m.put(JsonEntityView.ENTITY, newBlacklist); return JsonEntityView.VIEWNAME; } @@ -183,7 +183,7 @@ public class BlacklistAPI { if (blacklist == null) { logger.error("deleteBlacklistedSite failed; blacklist with id " + id + " could not be found"); - m.put("errorMessage", "Could not delete bladklist. The requested bladklist with id " + id + " could not be found."); + m.put(JsonErrorView.ERROR_MESSAGE, "Could not delete bladklist. The requested bladklist with id " + id + " could not be found."); return JsonErrorView.VIEWNAME; } else { m.put(HttpCodeView.CODE, HttpStatus.OK); @@ -202,11 +202,11 @@ public class BlacklistAPI { if (blacklist == null) { logger.error("getBlacklistedSite failed; blacklist with id " + id + " could not be found"); m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - m.put("errorMessage", "Could not delete bladklist. The requested bladklist with id " + id + " could not be found."); + m.put(JsonErrorView.ERROR_MESSAGE, "Could not delete bladklist. The requested bladklist with id " + id + " could not be found."); return JsonErrorView.VIEWNAME; } else { - m.put("entity", blacklist); + m.put(JsonEntityView.ENTITY, blacklist); return JsonEntityView.VIEWNAME; } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java index 563519a5e..b24b6acbe 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java @@ -29,6 +29,7 @@ import org.mitre.openid.connect.service.UserInfoService; import org.mitre.openid.connect.view.ClientEntityViewForAdmins; import org.mitre.openid.connect.view.ClientEntityViewForUsers; import org.mitre.openid.connect.view.HttpCodeView; +import org.mitre.openid.connect.view.JsonEntityView; import org.mitre.openid.connect.view.JsonErrorView; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -132,7 +133,7 @@ public class ClientAPI { public String apiGetAllClients(Model model, Authentication auth) { Collection clients = clientService.getAllClients(); - model.addAttribute("entity", clients); + model.addAttribute(JsonEntityView.ENTITY, clients); if (isAdmin(auth)) { return ClientEntityViewForAdmins.VIEWNAME; @@ -162,12 +163,12 @@ public class ClientAPI { catch (JsonSyntaxException e) { logger.error("apiAddClient failed due to JsonSyntaxException", e); m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.addAttribute("errorMessage", "Could not save new client. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); + m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Could not save new client. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); return JsonErrorView.VIEWNAME; } catch (IllegalStateException e) { logger.error("apiAddClient failed due to IllegalStateException", e); m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.addAttribute("errorMessage", "Could not save new client. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); + m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Could not save new client. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); return JsonErrorView.VIEWNAME; } @@ -197,7 +198,7 @@ public class ClientAPI { if (Strings.isNullOrEmpty(client.getJwksUri())) { logger.error("tried to create client with private key auth but no private key"); m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.addAttribute("errorMessage", "Can not create a client with private key authentication without registering a key via the JWS Set URI."); + m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Can not create a client with private key authentication without registering a key via the JWS Set URI."); return JsonErrorView.VIEWNAME; } @@ -208,7 +209,7 @@ public class ClientAPI { logger.error("unknown auth method"); m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.addAttribute("errorMessage", "Unknown auth method requested"); + m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Unknown auth method requested"); return JsonErrorView.VIEWNAME; @@ -217,7 +218,7 @@ public class ClientAPI { client.setDynamicallyRegistered(false); ClientDetailsEntity newClient = clientService.saveNewClient(client); - m.addAttribute("entity", newClient); + m.addAttribute(JsonEntityView.ENTITY, newClient); if (isAdmin(auth)) { return ClientEntityViewForAdmins.VIEWNAME; @@ -249,12 +250,12 @@ public class ClientAPI { catch (JsonSyntaxException e) { logger.error("apiUpdateClient failed due to JsonSyntaxException", e); m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.addAttribute("errorMessage", "Could not update client. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); + m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Could not update client. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); return JsonErrorView.VIEWNAME; } catch (IllegalStateException e) { logger.error("apiUpdateClient failed due to IllegalStateException", e); m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.addAttribute("errorMessage", "Could not update client. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); + m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Could not update client. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); return JsonErrorView.VIEWNAME; } @@ -263,7 +264,7 @@ public class ClientAPI { if (oldClient == null) { logger.error("apiUpdateClient failed; client with id " + id + " could not be found."); m.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - m.addAttribute("errorMessage", "Could not update client. The requested client with id " + id + "could not be found."); + m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Could not update client. The requested client with id " + id + "could not be found."); return JsonErrorView.VIEWNAME; } @@ -293,7 +294,7 @@ public class ClientAPI { if (Strings.isNullOrEmpty(client.getJwksUri())) { logger.error("tried to create client with private key auth but no private key"); m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.addAttribute("errorMessage", "Can not create a client with private key authentication without registering a key via the JWS Set URI."); + m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Can not create a client with private key authentication without registering a key via the JWS Set URI."); return JsonErrorView.VIEWNAME; } @@ -304,14 +305,14 @@ public class ClientAPI { logger.error("unknown auth method"); m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.addAttribute("errorMessage", "Unknown auth method requested"); + m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Unknown auth method requested"); return JsonErrorView.VIEWNAME; } ClientDetailsEntity newClient = clientService.updateClient(oldClient, client); - m.addAttribute("entity", newClient); + m.addAttribute(JsonEntityView.ENTITY, newClient); if (isAdmin(auth)) { return ClientEntityViewForAdmins.VIEWNAME; @@ -335,7 +336,7 @@ public class ClientAPI { if (client == null) { logger.error("apiDeleteClient failed; client with id " + id + " could not be found."); modelAndView.getModelMap().put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - modelAndView.getModelMap().put("errorMessage", "Could not delete client. The requested client with id " + id + "could not be found."); + modelAndView.getModelMap().put(JsonErrorView.ERROR_MESSAGE, "Could not delete client. The requested client with id " + id + "could not be found."); return JsonErrorView.VIEWNAME; } else { modelAndView.getModelMap().put(HttpCodeView.CODE, HttpStatus.OK); @@ -360,11 +361,11 @@ public class ClientAPI { if (client == null) { logger.error("apiShowClient failed; client with id " + id + " could not be found."); model.addAttribute(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - model.addAttribute("errorMessage", "The requested client with id " + id + " could not be found."); + model.addAttribute(JsonErrorView.ERROR_MESSAGE, "The requested client with id " + id + " could not be found."); return JsonErrorView.VIEWNAME; } - model.addAttribute("entity", client); + model.addAttribute(JsonEntityView.ENTITY, client); if (isAdmin(auth)) { return ClientEntityViewForAdmins.VIEWNAME; diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/DynamicClientRegistrationEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/DynamicClientRegistrationEndpoint.java index da6b6f535..e6672de8c 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/DynamicClientRegistrationEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/DynamicClientRegistrationEndpoint.java @@ -141,8 +141,8 @@ public class DynamicClientRegistrationEndpoint { newClient = validateAuth(newClient); } catch (ValidationException ve) { // validation failed, return an error - m.addAttribute("error", ve.getError()); - m.addAttribute("errorMessage", ve.getErrorDescription()); + m.addAttribute(JsonErrorView.ERROR, ve.getError()); + m.addAttribute(JsonErrorView.ERROR_MESSAGE, ve.getErrorDescription()); m.addAttribute(HttpCodeView.CODE, ve.getStatus()); return JsonErrorView.VIEWNAME; } @@ -192,8 +192,8 @@ public class DynamicClientRegistrationEndpoint { } catch (IllegalArgumentException e) { logger.error("Couldn't save client", e); - m.addAttribute("error", "invalid_client_metadata"); - m.addAttribute("errorMessage", "Unable to save client due to invalid or inconsistent metadata."); + m.addAttribute(JsonErrorView.ERROR, "invalid_client_metadata"); + m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Unable to save client due to invalid or inconsistent metadata."); m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); // http 400 return JsonErrorView.VIEWNAME; @@ -301,8 +301,8 @@ public class DynamicClientRegistrationEndpoint { newClient = validateAuth(newClient); } catch (ValidationException ve) { // validation failed, return an error - m.addAttribute("error", ve.getError()); - m.addAttribute("errorMessage", ve.getErrorDescription()); + m.addAttribute(JsonErrorView.ERROR, ve.getError()); + m.addAttribute(JsonErrorView.ERROR_MESSAGE, ve.getErrorDescription()); m.addAttribute(HttpCodeView.CODE, ve.getStatus()); return JsonErrorView.VIEWNAME; } @@ -327,8 +327,8 @@ public class DynamicClientRegistrationEndpoint { } catch (IllegalArgumentException e) { logger.error("Couldn't save client", e); - m.addAttribute("error", "invalid_client_metadata"); - m.addAttribute("errorMessage", "Unable to save client due to invalid or inconsistent metadata."); + m.addAttribute(JsonErrorView.ERROR, "invalid_client_metadata"); + m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Unable to save client due to invalid or inconsistent metadata."); m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); // http 400 return JsonErrorView.VIEWNAME; diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java index fa56535cc..340e18ccd 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java @@ -138,8 +138,8 @@ public class ProtectedResourceRegistrationEndpoint { newClient = validateAuth(newClient); } catch (ValidationException ve) { // validation failed, return an error - m.addAttribute("error", ve.getError()); - m.addAttribute("errorMessage", ve.getErrorDescription()); + m.addAttribute(JsonErrorView.ERROR, ve.getError()); + m.addAttribute(JsonErrorView.ERROR_MESSAGE, ve.getErrorDescription()); m.addAttribute(HttpCodeView.CODE, ve.getStatus()); return JsonErrorView.VIEWNAME; } @@ -200,8 +200,8 @@ public class ProtectedResourceRegistrationEndpoint { } catch (IllegalArgumentException e) { logger.error("Couldn't save client", e); - m.addAttribute("error", "invalid_client_metadata"); - m.addAttribute("errorMessage", "Unable to save client due to invalid or inconsistent metadata."); + m.addAttribute(JsonErrorView.ERROR, "invalid_client_metadata"); + m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Unable to save client due to invalid or inconsistent metadata."); m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); // http 400 return JsonErrorView.VIEWNAME; @@ -351,8 +351,8 @@ public class ProtectedResourceRegistrationEndpoint { newClient = validateAuth(newClient); } catch (ValidationException ve) { // validation failed, return an error - m.addAttribute("error", ve.getError()); - m.addAttribute("errorMessage", ve.getErrorDescription()); + m.addAttribute(JsonErrorView.ERROR, ve.getError()); + m.addAttribute(JsonErrorView.ERROR_MESSAGE, ve.getErrorDescription()); m.addAttribute(HttpCodeView.CODE, ve.getStatus()); return JsonErrorView.VIEWNAME; } @@ -379,8 +379,8 @@ public class ProtectedResourceRegistrationEndpoint { } catch (IllegalArgumentException e) { logger.error("Couldn't save client", e); - m.addAttribute("error", "invalid_client_metadata"); - m.addAttribute("errorMessage", "Unable to save client due to invalid or inconsistent metadata."); + m.addAttribute(JsonErrorView.ERROR, "invalid_client_metadata"); + m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Unable to save client due to invalid or inconsistent metadata."); m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); // http 400 return JsonErrorView.VIEWNAME; diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/StatsAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/StatsAPI.java index 1f80e28e9..0bf0b6e57 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/StatsAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/StatsAPI.java @@ -54,7 +54,7 @@ public class StatsAPI { Map e = statsService.getSummaryStats(); - m.put("entity", e); + m.put(JsonEntityView.ENTITY, e); return JsonEntityView.VIEWNAME; @@ -65,7 +65,7 @@ public class StatsAPI { public String statsByClient(ModelMap m) { Map e = statsService.getByClientId(); - m.put("entity", e); + m.put(JsonEntityView.ENTITY, e); return JsonEntityView.VIEWNAME; } @@ -75,7 +75,7 @@ public class StatsAPI { public String statsByClientId(@PathVariable("id") Long id, ModelMap m) { Integer e = statsService.getCountForClientId(id); - m.put("entity", e); + m.put(JsonEntityView.ENTITY, e); return JsonEntityView.VIEWNAME; } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java index 6889dfdfb..5f3272171 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java @@ -84,7 +84,7 @@ public class WhitelistAPI { Collection all = whitelistService.getAll(); - m.put("entity", all); + m.put(JsonEntityView.ENTITY, all); return JsonEntityView.VIEWNAME; } @@ -110,12 +110,12 @@ public class WhitelistAPI { } catch (JsonParseException e) { logger.error("addNewWhitelistedSite failed due to JsonParseException", e); m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.addAttribute("errorMessage", "Could not save new whitelisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); + m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Could not save new whitelisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); return JsonErrorView.VIEWNAME; } catch (IllegalStateException e) { logger.error("addNewWhitelistedSite failed due to IllegalStateException", e); m.addAttribute(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.addAttribute("errorMessage", "Could not save new whitelisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); + m.addAttribute(JsonErrorView.ERROR_MESSAGE, "Could not save new whitelisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); return JsonErrorView.VIEWNAME; } @@ -124,7 +124,7 @@ public class WhitelistAPI { WhitelistedSite newWhitelist = whitelistService.saveNew(whitelist); - m.put("entity", newWhitelist); + m.put(JsonEntityView.ENTITY, newWhitelist); return JsonEntityView.VIEWNAME; @@ -147,12 +147,12 @@ public class WhitelistAPI { } catch (JsonParseException e) { logger.error("updateWhitelistedSite failed due to JsonParseException", e); m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.put("errorMessage", "Could not update whitelisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); + m.put(JsonErrorView.ERROR_MESSAGE, "Could not update whitelisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); return JsonErrorView.VIEWNAME; } catch (IllegalStateException e) { logger.error("updateWhitelistedSite failed due to IllegalStateException", e); m.put(HttpCodeView.CODE, HttpStatus.BAD_REQUEST); - m.put("errorMessage", "Could not update whitelisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); + m.put(JsonErrorView.ERROR_MESSAGE, "Could not update whitelisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); return JsonErrorView.VIEWNAME; } @@ -161,13 +161,13 @@ public class WhitelistAPI { if (oldWhitelist == null) { logger.error("updateWhitelistedSite failed; whitelist with id " + id + " could not be found."); m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - m.put("errorMessage", "Could not update whitelisted site. The requested whitelisted site with id " + id + "could not be found."); + m.put(JsonErrorView.ERROR_MESSAGE, "Could not update whitelisted site. The requested whitelisted site with id " + id + "could not be found."); return JsonErrorView.VIEWNAME; } else { WhitelistedSite newWhitelist = whitelistService.update(oldWhitelist, whitelist); - m.put("entity", newWhitelist); + m.put(JsonEntityView.ENTITY, newWhitelist); return JsonEntityView.VIEWNAME; } @@ -185,7 +185,7 @@ public class WhitelistAPI { if (whitelist == null) { logger.error("deleteWhitelistedSite failed; whitelist with id " + id + " could not be found."); m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - m.put("errorMessage", "Could not delete whitelisted site. The requested whitelisted site with id " + id + "could not be found."); + m.put(JsonErrorView.ERROR_MESSAGE, "Could not delete whitelisted site. The requested whitelisted site with id " + id + "could not be found."); return JsonErrorView.VIEWNAME; } else { m.put(HttpCodeView.CODE, HttpStatus.OK); @@ -204,11 +204,11 @@ public class WhitelistAPI { if (whitelist == null) { logger.error("getWhitelistedSite failed; whitelist with id " + id + " could not be found."); m.put(HttpCodeView.CODE, HttpStatus.NOT_FOUND); - m.put("errorMessage", "The requested whitelisted site with id " + id + "could not be found."); + m.put(JsonErrorView.ERROR_MESSAGE, "The requested whitelisted site with id " + id + "could not be found."); return JsonErrorView.VIEWNAME; } else { - m.put("entity", whitelist); + m.put(JsonEntityView.ENTITY, whitelist); return JsonEntityView.VIEWNAME; } From 61a596dc15fe9837556a8345949aae7a278069f1 Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Wed, 11 Mar 2015 14:00:14 -0400 Subject: [PATCH 06/22] externalized strings from user info views --- .../openid/connect/view/UserInfoJWTView.java | 11 +++++++++-- .../openid/connect/view/UserInfoView.java | 19 ++++++++++++------- .../openid/connect/web/UserInfoEndpoint.java | 19 ++++++++----------- 3 files changed, 29 insertions(+), 20 deletions(-) diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoJWTView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoJWTView.java index 750dd848f..a918dfeb3 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoJWTView.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoJWTView.java @@ -39,6 +39,7 @@ import org.mitre.openid.connect.config.ConfigurationPropertiesBean; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.MediaType; import org.springframework.stereotype.Component; import com.google.common.base.Strings; @@ -59,6 +60,8 @@ import com.nimbusds.jwt.SignedJWT; @Component(UserInfoJWTView.VIEWNAME) public class UserInfoJWTView extends UserInfoView { + public static final String CLIENT = "client"; + /** * Logger for this class */ @@ -66,6 +69,10 @@ public class UserInfoJWTView extends UserInfoView { public static final String VIEWNAME = "userInfoJwtView"; + public static final String JOSE_MEDIA_TYPE_VALUE = "application/jwt"; + public static final MediaType JOSE_MEDIA_TYPE = new MediaType("application", "jwt"); + + @Autowired private JWTSigningAndValidationService jwtService; @@ -83,13 +90,13 @@ public class UserInfoJWTView extends UserInfoView { HttpServletRequest request, HttpServletResponse response) { try { - ClientDetailsEntity client = (ClientDetailsEntity)model.get("client"); + ClientDetailsEntity client = (ClientDetailsEntity)model.get(CLIENT); // use the parser to import the user claims into the object StringWriter writer = new StringWriter(); gson.toJson(json, writer); - response.setContentType("application/jwt"); + response.setContentType(JOSE_MEDIA_TYPE_VALUE); JWTClaimsSet claims = JWTClaimsSet.parse(writer.toString()); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoView.java index 8c79e4759..f9d689c44 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoView.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoView.java @@ -47,9 +47,14 @@ import com.google.gson.JsonParser; @Component(UserInfoView.VIEWNAME) public class UserInfoView extends AbstractView { - private static JsonParser jsonParser = new JsonParser(); + public static final String REQUESTED_CLAIMS = "requestedClaims"; + public static final String AUTHORIZED_CLAIMS = "authorizedClaims"; + public static final String SCOPE = "scope"; + public static final String USER_INFO = "userInfo"; public static final String VIEWNAME = "userInfoView"; + + private static JsonParser jsonParser = new JsonParser(); /** * Logger for this class @@ -89,20 +94,20 @@ public class UserInfoView extends AbstractView { @Override protected void renderMergedOutputModel(Map model, HttpServletRequest request, HttpServletResponse response) { - UserInfo userInfo = (UserInfo) model.get("userInfo"); + UserInfo userInfo = (UserInfo) model.get(USER_INFO); - Set scope = (Set) model.get("scope"); + Set scope = (Set) model.get(SCOPE); response.setContentType(MediaType.APPLICATION_JSON_VALUE); JsonObject authorizedClaims = null; JsonObject requestedClaims = null; - if (model.get("authorizedClaims") != null) { - authorizedClaims = jsonParser.parse((String) model.get("authorizedClaims")).getAsJsonObject(); + if (model.get(AUTHORIZED_CLAIMS) != null) { + authorizedClaims = jsonParser.parse((String) model.get(AUTHORIZED_CLAIMS)).getAsJsonObject(); } - if (model.get("requestedClaims") != null) { - requestedClaims = jsonParser.parse((String) model.get("requestedClaims")).getAsJsonObject(); + if (model.get(REQUESTED_CLAIMS) != null) { + requestedClaims = jsonParser.parse((String) model.get(REQUESTED_CLAIMS)).getAsJsonObject(); } JsonObject json = toJsonFromRequestObj(userInfo, scope, authorizedClaims, requestedClaims); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java index d2a625894..efbe3e9af 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java @@ -72,14 +72,11 @@ public class UserInfoEndpoint { */ private static final Logger logger = LoggerFactory.getLogger(UserInfoEndpoint.class); - private static final MediaType JOSE_MEDIA_TYPE = new MediaType("application", "jwt"); - private static final String JOSE_MEDIA_TYPE_VALUE = "application/jwt"; - /** * Get information about the user as specified in the accessToken included in this request */ @PreAuthorize("hasRole('ROLE_USER') and #oauth2.hasScope('" + SystemScopeService.OPENID_SCOPE + "')") - @RequestMapping(method= {RequestMethod.GET, RequestMethod.POST}, produces = {MediaType.APPLICATION_JSON_VALUE, JOSE_MEDIA_TYPE_VALUE}) + @RequestMapping(method= {RequestMethod.GET, RequestMethod.POST}, produces = {MediaType.APPLICATION_JSON_VALUE, UserInfoJWTView.JOSE_MEDIA_TYPE_VALUE}) public String getInfo(@RequestParam(value="claims", required=false) String claimsRequestJsonString, @RequestHeader(value="Accept", required=false) String acceptHeader, OAuth2Authentication auth, Model model) { @@ -99,21 +96,21 @@ public class UserInfoEndpoint { return HttpCodeView.VIEWNAME; } - model.addAttribute("scope", auth.getOAuth2Request().getScope()); + model.addAttribute(UserInfoView.SCOPE, auth.getOAuth2Request().getScope()); - model.addAttribute("authorizedClaims", auth.getOAuth2Request().getExtensions().get("claims")); + model.addAttribute(UserInfoView.AUTHORIZED_CLAIMS, auth.getOAuth2Request().getExtensions().get("claims")); if (!Strings.isNullOrEmpty(claimsRequestJsonString)) { - model.addAttribute("requestedClaims", claimsRequestJsonString); + model.addAttribute(UserInfoView.REQUESTED_CLAIMS, claimsRequestJsonString); } - model.addAttribute("userInfo", userInfo); + model.addAttribute(UserInfoView.USER_INFO, userInfo); // content negotiation // start off by seeing if the client has registered for a signed/encrypted JWT from here ClientDetailsEntity client = clientService.loadClientByClientId(auth.getOAuth2Request().getClientId()); - model.addAttribute("client", client); + model.addAttribute(UserInfoJWTView.CLIENT, client); List mediaTypes = MediaType.parseMediaTypes(acceptHeader); MediaType.sortBySpecificityAndQuality(mediaTypes); @@ -123,7 +120,7 @@ public class UserInfoEndpoint { || client.getUserInfoEncryptedResponseEnc() != null) { // client has a preference, see if they ask for plain JSON specifically on this request for (MediaType m : mediaTypes) { - if (!m.isWildcardType() && m.isCompatibleWith(JOSE_MEDIA_TYPE)) { + if (!m.isWildcardType() && m.isCompatibleWith(UserInfoJWTView.JOSE_MEDIA_TYPE)) { return UserInfoJWTView.VIEWNAME; } else if (!m.isWildcardType() && m.isCompatibleWith(MediaType.APPLICATION_JSON)) { return UserInfoView.VIEWNAME; @@ -137,7 +134,7 @@ public class UserInfoEndpoint { for (MediaType m : mediaTypes) { if (!m.isWildcardType() && m.isCompatibleWith(MediaType.APPLICATION_JSON)) { return UserInfoView.VIEWNAME; - } else if (!m.isWildcardType() && m.isCompatibleWith(JOSE_MEDIA_TYPE)) { + } else if (!m.isWildcardType() && m.isCompatibleWith(UserInfoJWTView.JOSE_MEDIA_TYPE)) { return UserInfoJWTView.VIEWNAME; } } From 15b97b1dcb2fd9cc6a3b559dd57c90bcae9713be Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Wed, 11 Mar 2015 15:51:51 -0400 Subject: [PATCH 07/22] Externalized strings for named queries on auth holders, auth codes, clients, and tokens, closes #771 --- .../model/AuthenticationHolderEntity.java | 7 ++- .../oauth2/model/AuthorizationCodeEntity.java | 4 +- .../oauth2/model/ClientDetailsEntity.java | 12 +++-- .../oauth2/model/OAuth2AccessTokenEntity.java | 29 ++++++++--- .../model/OAuth2RefreshTokenEntity.java | 21 ++++++-- .../JpaAuthenticationHolderRepository.java | 4 +- .../impl/JpaAuthorizationCodeRepository.java | 2 +- .../impl/JpaOAuth2ClientRepository.java | 6 +-- .../impl/JpaOAuth2TokenRepository.java | 48 +++++++++---------- .../openid/connect/web/UserInfoEndpoint.java | 3 +- 10 files changed, 85 insertions(+), 51 deletions(-) diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthenticationHolderEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthenticationHolderEntity.java index 8d93b3d81..5193e88f9 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthenticationHolderEntity.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthenticationHolderEntity.java @@ -33,11 +33,14 @@ import org.springframework.security.oauth2.provider.OAuth2Authentication; @Entity @Table(name = "authentication_holder") @NamedQueries ({ - @NamedQuery(name = "AuthenticationHolderEntity.getAll", query = "select a from AuthenticationHolderEntity a"), - @NamedQuery(name = "AuthenticationHolderEntity.getUnusedAuthenticationHolders", query = "select a from AuthenticationHolderEntity a where a.id not in (select t.authenticationHolder.id from OAuth2AccessTokenEntity t) and a.id not in (select r.authenticationHolder.id from OAuth2RefreshTokenEntity r)") + @NamedQuery(name = AuthenticationHolderEntity.QUERY_ALL, query = "select a from AuthenticationHolderEntity a"), + @NamedQuery(name = AuthenticationHolderEntity.QUERY_GET_UNUSED, query = "select a from AuthenticationHolderEntity a where a.id not in (select t.authenticationHolder.id from OAuth2AccessTokenEntity t) and a.id not in (select r.authenticationHolder.id from OAuth2RefreshTokenEntity r)") }) public class AuthenticationHolderEntity { + public static final String QUERY_GET_UNUSED = "AuthenticationHolderEntity.getUnusedAuthenticationHolders"; + public static final String QUERY_ALL = "AuthenticationHolderEntity.getAll"; + private Long id; private OAuth2Authentication authentication; diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthorizationCodeEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthorizationCodeEntity.java index d0ded1d16..f93b03475 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthorizationCodeEntity.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthorizationCodeEntity.java @@ -39,10 +39,12 @@ import org.springframework.security.oauth2.provider.OAuth2Authentication; @Entity @Table(name = "authorization_code") @NamedQueries({ - @NamedQuery(name = "AuthorizationCodeEntity.getByValue", query = "select a from AuthorizationCodeEntity a where a.code = :code") + @NamedQuery(name = AuthorizationCodeEntity.QUERY_BY_VALUE, query = "select a from AuthorizationCodeEntity a where a.code = :code") }) public class AuthorizationCodeEntity { + public static final String QUERY_BY_VALUE = "AuthorizationCodeEntity.getByValue"; + private Long id; private String code; diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java index 329e0b800..931ba2a2a 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java @@ -66,14 +66,16 @@ import com.nimbusds.jose.JWSAlgorithm; @Entity @Table(name = "client_details") @NamedQueries({ - @NamedQuery(name = "ClientDetailsEntity.findAll", query = "SELECT c FROM ClientDetailsEntity c"), - @NamedQuery(name = "ClientDetailsEntity.getByClientId", query = "select c from ClientDetailsEntity c where c.clientId = :clientId") + @NamedQuery(name = ClientDetailsEntity.QUERY_ALL, query = "SELECT c FROM ClientDetailsEntity c"), + @NamedQuery(name = ClientDetailsEntity.QUERY_BY_CLIENT_ID, query = "select c from ClientDetailsEntity c where c.clientId = :" + ClientDetailsEntity.PARAM_CLIENT_ID) }) public class ClientDetailsEntity implements ClientDetails { - /** - * - */ + public static final String QUERY_BY_CLIENT_ID = "ClientDetailsEntity.getByClientId"; + public static final String QUERY_ALL = "ClientDetailsEntity.findAll"; + + public static final String PARAM_CLIENT_ID = "clientId"; + private static final int DEFAULT_ID_TOKEN_VALIDITY_SECONDS = 600; private static final long serialVersionUID = -1617727085733786296L; diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java index 97730381a..4a93a9bfd 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java @@ -61,13 +61,13 @@ import com.nimbusds.jwt.JWTParser; @Entity @Table(name = "access_token") @NamedQueries({ - @NamedQuery(name = "OAuth2AccessTokenEntity.getAll", query = "select a from OAuth2AccessTokenEntity a"), - @NamedQuery(name = "OAuth2AccessTokenEntity.getAllExpiredByDate", query = "select a from OAuth2AccessTokenEntity a where a.expiration <= :date"), - @NamedQuery(name = "OAuth2AccessTokenEntity.getByRefreshToken", query = "select a from OAuth2AccessTokenEntity a where a.refreshToken = :refreshToken"), - @NamedQuery(name = "OAuth2AccessTokenEntity.getByClient", query = "select a from OAuth2AccessTokenEntity a where a.client = :client"), - @NamedQuery(name = "OAuth2AccessTokenEntity.getByAuthentication", query = "select a from OAuth2AccessTokenEntity a where a.authenticationHolder.authentication = :authentication"), - @NamedQuery(name = "OAuth2AccessTokenEntity.getByIdToken", query = "select a from OAuth2AccessTokenEntity a where a.idToken = :idToken"), - @NamedQuery(name = "OAuth2AccessTokenEntity.getByTokenValue", query = "select a from OAuth2AccessTokenEntity a where a.value = :tokenValue") + @NamedQuery(name = OAuth2AccessTokenEntity.QUERY_ALL, query = "select a from OAuth2AccessTokenEntity a"), + @NamedQuery(name = OAuth2AccessTokenEntity.QUERY_EXPIRED_BY_DATE, query = "select a from OAuth2AccessTokenEntity a where a.expiration <= :" + OAuth2AccessTokenEntity.PARAM_DATE), + @NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_REFRESH_TOKEN, query = "select a from OAuth2AccessTokenEntity a where a.refreshToken = :" + OAuth2AccessTokenEntity.PARAM_REFERSH_TOKEN), + @NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_CLIENT, query = "select a from OAuth2AccessTokenEntity a where a.client = :" + OAuth2AccessTokenEntity.PARAM_CLIENT), + @NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_AUTHENTICATION, query = "select a from OAuth2AccessTokenEntity a where a.authenticationHolder.authentication = :" + OAuth2AccessTokenEntity.PARAM_AUTHENTICATION), + @NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_ID_TOKEN, query = "select a from OAuth2AccessTokenEntity a where a.idToken = :" + OAuth2AccessTokenEntity.PARAM_ID_TOKEN), + @NamedQuery(name = OAuth2AccessTokenEntity.QUERY_BY_TOKEN_VALUE, query = "select a from OAuth2AccessTokenEntity a where a.value = :" + OAuth2AccessTokenEntity.PARAM_TOKEN_VALUE) }) @org.codehaus.jackson.map.annotate.JsonSerialize(using = OAuth2AccessTokenJackson1Serializer.class) @org.codehaus.jackson.map.annotate.JsonDeserialize(using = OAuth2AccessTokenJackson1Deserializer.class) @@ -75,6 +75,21 @@ import com.nimbusds.jwt.JWTParser; @com.fasterxml.jackson.databind.annotation.JsonDeserialize(using = OAuth2AccessTokenJackson2Deserializer.class) public class OAuth2AccessTokenEntity implements OAuth2AccessToken { + public static final String QUERY_BY_TOKEN_VALUE = "OAuth2AccessTokenEntity.getByTokenValue"; + public static final String QUERY_BY_ID_TOKEN = "OAuth2AccessTokenEntity.getByIdToken"; + public static final String QUERY_BY_AUTHENTICATION = "OAuth2AccessTokenEntity.getByAuthentication"; + public static final String QUERY_BY_CLIENT = "OAuth2AccessTokenEntity.getByClient"; + public static final String QUERY_BY_REFRESH_TOKEN = "OAuth2AccessTokenEntity.getByRefreshToken"; + public static final String QUERY_EXPIRED_BY_DATE = "OAuth2AccessTokenEntity.getAllExpiredByDate"; + public static final String QUERY_ALL = "OAuth2AccessTokenEntity.getAll"; + + public static final String PARAM_TOKEN_VALUE = "tokenValue"; + public static final String PARAM_ID_TOKEN = "idToken"; + public static final String PARAM_AUTHENTICATION = "authentication"; + public static final String PARAM_CLIENT = "client"; + public static final String PARAM_REFERSH_TOKEN = "refreshToken"; + public static final String PARAM_DATE = "date"; + public static String ID_TOKEN_FIELD_NAME = "id_token"; private Long id; diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java index 3224e4584..d1e3f47b6 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java @@ -49,14 +49,25 @@ import com.nimbusds.jwt.JWTParser; @Entity @Table(name = "refresh_token") @NamedQueries({ - @NamedQuery(name = "OAuth2RefreshTokenEntity.getAll", query = "select r from OAuth2RefreshTokenEntity r"), - @NamedQuery(name = "OAuth2RefreshTokenEntity.getAllExpiredByDate", query = "select r from OAuth2RefreshTokenEntity r where r.expiration <= :date"), - @NamedQuery(name = "OAuth2RefreshTokenEntity.getByClient", query = "select r from OAuth2RefreshTokenEntity r where r.client = :client"), - @NamedQuery(name = "OAuth2RefreshTokenEntity.getByTokenValue", query = "select r from OAuth2RefreshTokenEntity r where r.value = :tokenValue"), - @NamedQuery(name = "OAuth2RefreshTokenEntity.getByAuthentication", query = "select r from OAuth2RefreshTokenEntity r where r.authenticationHolder.authentication = :authentication") + @NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_ALL, query = "select r from OAuth2RefreshTokenEntity r"), + @NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_EXPIRED_BY_DATE, query = "select r from OAuth2RefreshTokenEntity r where r.expiration <= :" + OAuth2RefreshTokenEntity.PARAM_DATE), + @NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_BY_CLIENT, query = "select r from OAuth2RefreshTokenEntity r where r.client = :" + OAuth2RefreshTokenEntity.PARAM_CLIENT), + @NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_BY_TOKEN_VALUE, query = "select r from OAuth2RefreshTokenEntity r where r.value = :" + OAuth2RefreshTokenEntity.PARAM_TOKEN_VALUE), + @NamedQuery(name = OAuth2RefreshTokenEntity.QUERY_BY_AUTHENTICATION, query = "select r from OAuth2RefreshTokenEntity r where r.authenticationHolder.authentication = :" + OAuth2RefreshTokenEntity.PARAM_AUTHENTICATION) }) public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken { + public static final String QUERY_BY_AUTHENTICATION = "OAuth2RefreshTokenEntity.getByAuthentication"; + public static final String QUERY_BY_TOKEN_VALUE = "OAuth2RefreshTokenEntity.getByTokenValue"; + public static final String QUERY_BY_CLIENT = "OAuth2RefreshTokenEntity.getByClient"; + public static final String QUERY_EXPIRED_BY_DATE = "OAuth2RefreshTokenEntity.getAllExpiredByDate"; + public static final String QUERY_ALL = "OAuth2RefreshTokenEntity.getAll"; + + public static final String PARAM_AUTHENTICATION = "authentication"; + public static final String PARAM_TOKEN_VALUE = "tokenValue"; + public static final String PARAM_CLIENT = "client"; + public static final String PARAM_DATE = "date"; + private Long id; private AuthenticationHolderEntity authenticationHolder; diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthenticationHolderRepository.java b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthenticationHolderRepository.java index 4ea8c0c29..497ed6e23 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthenticationHolderRepository.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthenticationHolderRepository.java @@ -39,7 +39,7 @@ public class JpaAuthenticationHolderRepository implements AuthenticationHolderRe @Override public List getAll() { - TypedQuery query = manager.createNamedQuery("AuthenticationHolderEntity.getAll", AuthenticationHolderEntity.class); + TypedQuery query = manager.createNamedQuery(AuthenticationHolderEntity.QUERY_ALL, AuthenticationHolderEntity.class); return query.getResultList(); } @@ -68,7 +68,7 @@ public class JpaAuthenticationHolderRepository implements AuthenticationHolderRe @Override @Transactional public List getOrphanedAuthenticationHolders() { - TypedQuery query = manager.createNamedQuery("AuthenticationHolderEntity.getUnusedAuthenticationHolders", AuthenticationHolderEntity.class); + TypedQuery query = manager.createNamedQuery(AuthenticationHolderEntity.QUERY_GET_UNUSED, AuthenticationHolderEntity.class); query.setMaxResults(MAXEXPIREDRESULTS); List unusedAuthenticationHolders = query.getResultList(); return unusedAuthenticationHolders; diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthorizationCodeRepository.java b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthorizationCodeRepository.java index 37d761058..06955ceac 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthorizationCodeRepository.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaAuthorizationCodeRepository.java @@ -62,7 +62,7 @@ public class JpaAuthorizationCodeRepository implements AuthorizationCodeReposito @Transactional public OAuth2Authentication consume(String code) throws InvalidGrantException { - TypedQuery query = manager.createNamedQuery("AuthorizationCodeEntity.getByValue", AuthorizationCodeEntity.class); + TypedQuery query = manager.createNamedQuery(AuthorizationCodeEntity.QUERY_BY_VALUE, AuthorizationCodeEntity.class); query.setParameter("code", code); AuthorizationCodeEntity result = JpaUtil.getSingleResult(query.getResultList()); diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2ClientRepository.java b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2ClientRepository.java index fade69592..ff80d43c4 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2ClientRepository.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2ClientRepository.java @@ -57,8 +57,8 @@ public class JpaOAuth2ClientRepository implements OAuth2ClientRepository { */ @Override public ClientDetailsEntity getClientByClientId(String clientId) { - TypedQuery query = manager.createNamedQuery("ClientDetailsEntity.getByClientId", ClientDetailsEntity.class); - query.setParameter("clientId", clientId); + TypedQuery query = manager.createNamedQuery(ClientDetailsEntity.QUERY_BY_CLIENT_ID, ClientDetailsEntity.class); + query.setParameter(ClientDetailsEntity.PARAM_CLIENT_ID, clientId); return JpaUtil.getSingleResult(query.getResultList()); } @@ -93,7 +93,7 @@ public class JpaOAuth2ClientRepository implements OAuth2ClientRepository { @Override public Collection getAllClients() { - TypedQuery query = manager.createNamedQuery("ClientDetailsEntity.findAll", ClientDetailsEntity.class); + TypedQuery query = manager.createNamedQuery(ClientDetailsEntity.QUERY_ALL, ClientDetailsEntity.class); return query.getResultList(); } diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java index f0d17cf80..d8ff60c36 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaOAuth2TokenRepository.java @@ -44,21 +44,21 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository { @Override public Set getAllAccessTokens() { - TypedQuery query = manager.createNamedQuery("OAuth2AccessTokenEntity.getAll", OAuth2AccessTokenEntity.class); + TypedQuery query = manager.createNamedQuery(OAuth2AccessTokenEntity.QUERY_ALL, OAuth2AccessTokenEntity.class); return new LinkedHashSet(query.getResultList()); } @Override public Set getAllRefreshTokens() { - TypedQuery query = manager.createNamedQuery("OAuth2RefreshTokenEntity.getAll", OAuth2RefreshTokenEntity.class); + TypedQuery query = manager.createNamedQuery(OAuth2RefreshTokenEntity.QUERY_ALL, OAuth2RefreshTokenEntity.class); return new LinkedHashSet(query.getResultList()); } @Override public OAuth2AccessTokenEntity getAccessTokenByValue(String accessTokenValue) { - TypedQuery query = manager.createNamedQuery("OAuth2AccessTokenEntity.getByTokenValue", OAuth2AccessTokenEntity.class); - query.setParameter("tokenValue", accessTokenValue); + TypedQuery query = manager.createNamedQuery(OAuth2AccessTokenEntity.QUERY_BY_TOKEN_VALUE, OAuth2AccessTokenEntity.class); + query.setParameter(OAuth2AccessTokenEntity.PARAM_TOKEN_VALUE, accessTokenValue); return JpaUtil.getSingleResult(query.getResultList()); } @@ -87,8 +87,8 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository { @Override @Transactional public void clearAccessTokensForRefreshToken(OAuth2RefreshTokenEntity refreshToken) { - TypedQuery query = manager.createNamedQuery("OAuth2AccessTokenEntity.getByRefreshToken", OAuth2AccessTokenEntity.class); - query.setParameter("refreshToken", refreshToken); + TypedQuery query = manager.createNamedQuery(OAuth2AccessTokenEntity.QUERY_BY_REFRESH_TOKEN, OAuth2AccessTokenEntity.class); + query.setParameter(OAuth2AccessTokenEntity.PARAM_REFERSH_TOKEN, refreshToken); List accessTokens = query.getResultList(); for (OAuth2AccessTokenEntity accessToken : accessTokens) { removeAccessToken(accessToken); @@ -97,8 +97,8 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository { @Override public OAuth2RefreshTokenEntity getRefreshTokenByValue(String refreshTokenValue) { - TypedQuery query = manager.createNamedQuery("OAuth2RefreshTokenEntity.getByTokenValue", OAuth2RefreshTokenEntity.class); - query.setParameter("tokenValue", refreshTokenValue); + TypedQuery query = manager.createNamedQuery(OAuth2RefreshTokenEntity.QUERY_BY_TOKEN_VALUE, OAuth2RefreshTokenEntity.class); + query.setParameter(OAuth2RefreshTokenEntity.PARAM_TOKEN_VALUE, refreshTokenValue); return JpaUtil.getSingleResult(query.getResultList()); } @@ -127,14 +127,14 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository { @Override @Transactional public void clearTokensForClient(ClientDetailsEntity client) { - TypedQuery queryA = manager.createNamedQuery("OAuth2AccessTokenEntity.getByClient", OAuth2AccessTokenEntity.class); - queryA.setParameter("client", client); + TypedQuery queryA = manager.createNamedQuery(OAuth2AccessTokenEntity.QUERY_BY_CLIENT, OAuth2AccessTokenEntity.class); + queryA.setParameter(OAuth2AccessTokenEntity.PARAM_CLIENT, client); List accessTokens = queryA.getResultList(); for (OAuth2AccessTokenEntity accessToken : accessTokens) { removeAccessToken(accessToken); } - TypedQuery queryR = manager.createNamedQuery("OAuth2RefreshTokenEntity.getByClient", OAuth2RefreshTokenEntity.class); - queryR.setParameter("client", client); + TypedQuery queryR = manager.createNamedQuery(OAuth2RefreshTokenEntity.QUERY_BY_CLIENT, OAuth2RefreshTokenEntity.class); + queryR.setParameter(OAuth2RefreshTokenEntity.PARAM_CLIENT, client); List refreshTokens = queryR.getResultList(); for (OAuth2RefreshTokenEntity refreshToken : refreshTokens) { removeRefreshToken(refreshToken); @@ -146,8 +146,8 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository { */ @Override public List getAccessTokensForClient(ClientDetailsEntity client) { - TypedQuery queryA = manager.createNamedQuery("OAuth2AccessTokenEntity.getByClient", OAuth2AccessTokenEntity.class); - queryA.setParameter("client", client); + TypedQuery queryA = manager.createNamedQuery(OAuth2AccessTokenEntity.QUERY_BY_CLIENT, OAuth2AccessTokenEntity.class); + queryA.setParameter(OAuth2AccessTokenEntity.PARAM_CLIENT, client); List accessTokens = queryA.getResultList(); return accessTokens; } @@ -157,16 +157,16 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository { */ @Override public List getRefreshTokensForClient(ClientDetailsEntity client) { - TypedQuery queryR = manager.createNamedQuery("OAuth2RefreshTokenEntity.getByClient", OAuth2RefreshTokenEntity.class); - queryR.setParameter("client", client); + TypedQuery queryR = manager.createNamedQuery(OAuth2RefreshTokenEntity.QUERY_BY_CLIENT, OAuth2RefreshTokenEntity.class); + queryR.setParameter(OAuth2RefreshTokenEntity.PARAM_CLIENT, client); List refreshTokens = queryR.getResultList(); return refreshTokens; } @Override public OAuth2AccessTokenEntity getByAuthentication(OAuth2Authentication auth) { - TypedQuery queryA = manager.createNamedQuery("OAuth2AccessTokenEntity.getByAuthentication", OAuth2AccessTokenEntity.class); - queryA.setParameter("authentication", auth); + TypedQuery queryA = manager.createNamedQuery(OAuth2AccessTokenEntity.QUERY_BY_AUTHENTICATION, OAuth2AccessTokenEntity.class); + queryA.setParameter(OAuth2AccessTokenEntity.PARAM_AUTHENTICATION, auth); List accessTokens = queryA.getResultList(); return JpaUtil.getSingleResult(accessTokens); } @@ -176,24 +176,24 @@ public class JpaOAuth2TokenRepository implements OAuth2TokenRepository { */ @Override public OAuth2AccessTokenEntity getAccessTokenForIdToken(OAuth2AccessTokenEntity idToken) { - TypedQuery queryA = manager.createNamedQuery("OAuth2AccessTokenEntity.getByIdToken", OAuth2AccessTokenEntity.class); - queryA.setParameter("idToken", idToken); + TypedQuery queryA = manager.createNamedQuery(OAuth2AccessTokenEntity.QUERY_BY_ID_TOKEN, OAuth2AccessTokenEntity.class); + queryA.setParameter(OAuth2AccessTokenEntity.PARAM_ID_TOKEN, idToken); List accessTokens = queryA.getResultList(); return JpaUtil.getSingleResult(accessTokens); } @Override public Set getAllExpiredAccessTokens() { - TypedQuery query = manager.createNamedQuery("OAuth2AccessTokenEntity.getAllExpiredByDate", OAuth2AccessTokenEntity.class); - query.setParameter("date", new Date()); + TypedQuery query = manager.createNamedQuery(OAuth2AccessTokenEntity.QUERY_EXPIRED_BY_DATE, OAuth2AccessTokenEntity.class); + query.setParameter(OAuth2AccessTokenEntity.PARAM_DATE, new Date()); query.setMaxResults(MAXEXPIREDRESULTS); return new LinkedHashSet(query.getResultList()); } @Override public Set getAllExpiredRefreshTokens() { - TypedQuery query = manager.createNamedQuery("OAuth2RefreshTokenEntity.getAllExpiredByDate", OAuth2RefreshTokenEntity.class); - query.setParameter("date", new Date()); + TypedQuery query = manager.createNamedQuery(OAuth2RefreshTokenEntity.QUERY_EXPIRED_BY_DATE, OAuth2RefreshTokenEntity.class); + query.setParameter(OAuth2RefreshTokenEntity.PARAM_DATE, new Date()); query.setMaxResults(MAXEXPIREDRESULTS); return new LinkedHashSet(query.getResultList()); } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java index efbe3e9af..4aa6e8d06 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java @@ -29,6 +29,7 @@ import org.mitre.openid.connect.view.UserInfoView; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.HttpHeaders; import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; @@ -78,7 +79,7 @@ public class UserInfoEndpoint { @PreAuthorize("hasRole('ROLE_USER') and #oauth2.hasScope('" + SystemScopeService.OPENID_SCOPE + "')") @RequestMapping(method= {RequestMethod.GET, RequestMethod.POST}, produces = {MediaType.APPLICATION_JSON_VALUE, UserInfoJWTView.JOSE_MEDIA_TYPE_VALUE}) public String getInfo(@RequestParam(value="claims", required=false) String claimsRequestJsonString, - @RequestHeader(value="Accept", required=false) String acceptHeader, + @RequestHeader(value=HttpHeaders.ACCEPT, required=false) String acceptHeader, OAuth2Authentication auth, Model model) { if (auth == null) { From ad9b49733f77c4c5dbe3a5abf5356585e9073147 Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Wed, 11 Mar 2015 16:13:28 -0400 Subject: [PATCH 08/22] externalized queries for scopes, blacklists, user info, pairwise identifiers, and whitelists, closes #771 even harder --- .../org/mitre/oauth2/model/SystemScope.java | 9 +++++++-- .../openid/connect/model/ApprovedSite.java | 16 ++++++++++++---- .../openid/connect/model/BlacklistedSite.java | 4 +++- .../openid/connect/model/DefaultUserInfo.java | 9 +++++---- .../connect/model/PairwiseIdentifier.java | 12 +++++++++--- .../openid/connect/model/WhitelistedSite.java | 13 ++++++++++--- .../impl/JpaSystemScopeRepository.java | 6 +++--- .../impl/JpaApprovedSiteRepository.java | 17 ++++++++--------- .../impl/JpaBlacklistedSiteRepository.java | 2 +- .../impl/JpaPairwiseIdentifierRepository.java | 6 +++--- .../repository/impl/JpaUserInfoRepository.java | 4 ++-- .../impl/JpaWhitelistedSiteRepository.java | 10 +++++----- 12 files changed, 68 insertions(+), 40 deletions(-) diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/SystemScope.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/SystemScope.java index 5901c6001..02dd134d1 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/SystemScope.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/SystemScope.java @@ -37,11 +37,16 @@ import javax.persistence.Transient; @Entity @Table(name = "system_scope") @NamedQueries({ - @NamedQuery(name = "SystemScope.findAll", query = "select s from SystemScope s ORDER BY s.id"), - @NamedQuery(name = "SystemScope.getByValue", query = "select s from SystemScope s WHERE s.value = :value") + @NamedQuery(name = SystemScope.QUERY_ALL, query = "select s from SystemScope s ORDER BY s.id"), + @NamedQuery(name = SystemScope.QUERY_BY_VALUE, query = "select s from SystemScope s WHERE s.value = :" + SystemScope.PARAM_VALUE) }) public class SystemScope { + public static final String QUERY_BY_VALUE = "SystemScope.getByValue"; + public static final String QUERY_ALL = "SystemScope.findAll"; + + public static final String PARAM_VALUE = "value"; + private Long id; private String value; // scope value private String description; // human-readable description diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java index 53a01f039..da09ae645 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java @@ -45,13 +45,21 @@ import com.google.common.collect.Sets; @Entity @Table(name="approved_site") @NamedQueries({ - @NamedQuery(name = "ApprovedSite.getAll", query = "select a from ApprovedSite a"), - @NamedQuery(name = "ApprovedSite.getByUserId", query = "select a from ApprovedSite a where a.userId = :userId"), - @NamedQuery(name = "ApprovedSite.getByClientId", query = "select a from ApprovedSite a where a.clientId = :clientId"), - @NamedQuery(name = "ApprovedSite.getByClientIdAndUserId", query = "select a from ApprovedSite a where a.clientId = :clientId and a.userId = :userId") + @NamedQuery(name = ApprovedSite.QUERY_ALL, query = "select a from ApprovedSite a"), + @NamedQuery(name = ApprovedSite.QUERY_BY_USER_ID, query = "select a from ApprovedSite a where a.userId = :" + ApprovedSite.PARAM_USER_ID), + @NamedQuery(name = ApprovedSite.QUERY_BY_CLIENT_ID, query = "select a from ApprovedSite a where a.clientId = :" + ApprovedSite.PARAM_CLIENT_ID), + @NamedQuery(name = ApprovedSite.QUERY_BY_CLIENT_ID_AND_USER_ID, query = "select a from ApprovedSite a where a.clientId = :" + ApprovedSite.PARAM_CLIENT_ID + " and a.userId = :" + ApprovedSite.PARAM_USER_ID) }) public class ApprovedSite { + public static final String QUERY_BY_CLIENT_ID_AND_USER_ID = "ApprovedSite.getByClientIdAndUserId"; + public static final String QUERY_BY_CLIENT_ID = "ApprovedSite.getByClientId"; + public static final String QUERY_BY_USER_ID = "ApprovedSite.getByUserId"; + public static final String QUERY_ALL = "ApprovedSite.getAll"; + + public static final String PARAM_CLIENT_ID = "clientId"; + public static final String PARAM_USER_ID = "userId"; + // unique id private Long id; diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/BlacklistedSite.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/BlacklistedSite.java index 73de931d6..0cbdecc81 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/BlacklistedSite.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/BlacklistedSite.java @@ -36,10 +36,12 @@ import javax.persistence.Table; @Entity @Table(name="blacklisted_site") @NamedQueries({ - @NamedQuery(name = "BlacklistedSite.getAll", query = "select b from BlacklistedSite b") + @NamedQuery(name = BlacklistedSite.QUERY_ALL, query = "select b from BlacklistedSite b") }) public class BlacklistedSite { + public static final String QUERY_ALL = "BlacklistedSite.getAll"; + // unique id private Long id; diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/DefaultUserInfo.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/DefaultUserInfo.java index 1c9505903..4fe7d914a 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/DefaultUserInfo.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/DefaultUserInfo.java @@ -33,13 +33,14 @@ import com.google.gson.JsonObject; @Entity @Table(name="user_info") @NamedQueries({ - @NamedQuery(name="DefaultUserInfo.getByUsername", query = "select u from DefaultUserInfo u WHERE u.preferredUsername = :username") + @NamedQuery(name=DefaultUserInfo.QUERY_BY_USERNAME, query = "select u from DefaultUserInfo u WHERE u.preferredUsername = :" + DefaultUserInfo.PARAM_USERNAME) }) public class DefaultUserInfo implements UserInfo { - /** - * - */ + public static final String QUERY_BY_USERNAME = "DefaultUserInfo.getByUsername"; + + public static final String PARAM_USERNAME = "username"; + private static final long serialVersionUID = 6078310513185681918L; private Long id; private String sub; diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/PairwiseIdentifier.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/PairwiseIdentifier.java index eea35bc5e..78dac5768 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/PairwiseIdentifier.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/PairwiseIdentifier.java @@ -39,11 +39,17 @@ import javax.persistence.Table; @Entity @Table(name = "pairwise_identifier") @NamedQueries({ - @NamedQuery(name="PairwiseIdentifier.getAll", query = "select p from PairwiseIdentifier p"), - @NamedQuery(name="PairwiseIdentifier.getBySectorIdentifier", query = "select p from PairwiseIdentifier p WHERE p.userSub = :sub AND p.sectorIdentifier = :sectorIdentifier") + @NamedQuery(name=PairwiseIdentifier.QUERY_ALL, query = "select p from PairwiseIdentifier p"), + @NamedQuery(name=PairwiseIdentifier.QUERY_BY_SECTOR_IDENTIFIER, query = "select p from PairwiseIdentifier p WHERE p.userSub = :" + PairwiseIdentifier.PARAM_SUB + " AND p.sectorIdentifier = :" + PairwiseIdentifier.PARAM_SECTOR_IDENTIFIER) }) public class PairwiseIdentifier { + public static final String QUERY_BY_SECTOR_IDENTIFIER = "PairwiseIdentifier.getBySectorIdentifier"; + public static final String QUERY_ALL = "PairwiseIdentifier.getAll"; + + public static final String PARAM_SECTOR_IDENTIFIER = "sectorIdentifier"; + public static final String PARAM_SUB = "sub"; + private Long id; private String identifier; private String userSub; @@ -86,7 +92,7 @@ public class PairwiseIdentifier { * @return the userSub */ @Basic - @Column(name = "sub") + @Column(name = PairwiseIdentifier.PARAM_SUB) public String getUserSub() { return userSub; } diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/WhitelistedSite.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/WhitelistedSite.java index 81f20c4fe..fab666005 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/WhitelistedSite.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/WhitelistedSite.java @@ -41,12 +41,19 @@ import javax.persistence.Table; @Entity @Table(name="whitelisted_site") @NamedQueries({ - @NamedQuery(name = "WhitelistedSite.getAll", query = "select w from WhitelistedSite w"), - @NamedQuery(name = "WhitelistedSite.getByClientId", query = "select w from WhitelistedSite w where w.clientId = :clientId"), - @NamedQuery(name = "WhitelistedSite.getByCreatoruserId", query = "select w from WhitelistedSite w where w.creatorUserId = :userId") + @NamedQuery(name = WhitelistedSite.QUERY_ALL, query = "select w from WhitelistedSite w"), + @NamedQuery(name = WhitelistedSite.QUERY_BY_CLIENT_ID, query = "select w from WhitelistedSite w where w.clientId = :" + WhitelistedSite.PARAM_CLIENT_ID), + @NamedQuery(name = WhitelistedSite.QUERY_BY_CREATOR, query = "select w from WhitelistedSite w where w.creatorUserId = :" + WhitelistedSite.PARAM_USER_ID) }) public class WhitelistedSite { + public static final String QUERY_BY_CREATOR = "WhitelistedSite.getByCreatoruserId"; + public static final String QUERY_BY_CLIENT_ID = "WhitelistedSite.getByClientId"; + public static final String QUERY_ALL = "WhitelistedSite.getAll"; + + public static final String PARAM_USER_ID = "userId"; + public static final String PARAM_CLIENT_ID = "clientId"; + // unique id private Long id; diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaSystemScopeRepository.java b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaSystemScopeRepository.java index b1435c318..7c9a8fb6d 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaSystemScopeRepository.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/repository/impl/JpaSystemScopeRepository.java @@ -50,7 +50,7 @@ public class JpaSystemScopeRepository implements SystemScopeRepository { @Override @Transactional public Set getAll() { - TypedQuery query = em.createNamedQuery("SystemScope.findAll", SystemScope.class); + TypedQuery query = em.createNamedQuery(SystemScope.QUERY_ALL, SystemScope.class); return new LinkedHashSet(query.getResultList()); } @@ -70,8 +70,8 @@ public class JpaSystemScopeRepository implements SystemScopeRepository { @Override @Transactional public SystemScope getByValue(String value) { - TypedQuery query = em.createNamedQuery("SystemScope.getByValue", SystemScope.class); - query.setParameter("value", value); + TypedQuery query = em.createNamedQuery(SystemScope.QUERY_BY_VALUE, SystemScope.class); + query.setParameter(SystemScope.PARAM_VALUE, value); return getSingleResult(query.getResultList()); } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaApprovedSiteRepository.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaApprovedSiteRepository.java index 5c716f38d..330116e23 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaApprovedSiteRepository.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaApprovedSiteRepository.java @@ -44,8 +44,7 @@ public class JpaApprovedSiteRepository implements ApprovedSiteRepository { @Override @Transactional public Collection getAll() { - TypedQuery query = manager.createNamedQuery( - "ApprovedSite.getAll", ApprovedSite.class); + TypedQuery query = manager.createNamedQuery(ApprovedSite.QUERY_ALL, ApprovedSite.class); return query.getResultList(); } @@ -76,9 +75,9 @@ public class JpaApprovedSiteRepository implements ApprovedSiteRepository { @Override public Collection getByClientIdAndUserId(String clientId, String userId) { - TypedQuery query = manager.createNamedQuery("ApprovedSite.getByClientIdAndUserId", ApprovedSite.class); - query.setParameter("userId", userId); - query.setParameter("clientId", clientId); + TypedQuery query = manager.createNamedQuery(ApprovedSite.QUERY_BY_CLIENT_ID_AND_USER_ID, ApprovedSite.class); + query.setParameter(ApprovedSite.PARAM_USER_ID, userId); + query.setParameter(ApprovedSite.PARAM_CLIENT_ID, clientId); return query.getResultList(); } @@ -86,8 +85,8 @@ public class JpaApprovedSiteRepository implements ApprovedSiteRepository { @Override @Transactional public Collection getByUserId(String userId) { - TypedQuery query = manager.createNamedQuery("ApprovedSite.getByUserId", ApprovedSite.class); - query.setParameter("userId", userId); + TypedQuery query = manager.createNamedQuery(ApprovedSite.QUERY_BY_USER_ID, ApprovedSite.class); + query.setParameter(ApprovedSite.PARAM_USER_ID, userId); return query.getResultList(); @@ -96,8 +95,8 @@ public class JpaApprovedSiteRepository implements ApprovedSiteRepository { @Override @Transactional public Collection getByClientId(String clientId) { - TypedQuery query = manager.createNamedQuery("ApprovedSite.getByClientId", ApprovedSite.class); - query.setParameter("clientId", clientId); + TypedQuery query = manager.createNamedQuery(ApprovedSite.QUERY_BY_CLIENT_ID, ApprovedSite.class); + query.setParameter(ApprovedSite.PARAM_CLIENT_ID, clientId); return query.getResultList(); } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaBlacklistedSiteRepository.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaBlacklistedSiteRepository.java index f3bf068ea..762a57824 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaBlacklistedSiteRepository.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaBlacklistedSiteRepository.java @@ -48,7 +48,7 @@ public class JpaBlacklistedSiteRepository implements BlacklistedSiteRepository { @Override @Transactional public Collection getAll() { - TypedQuery query = manager.createNamedQuery("BlacklistedSite.getAll", BlacklistedSite.class); + TypedQuery query = manager.createNamedQuery(BlacklistedSite.QUERY_ALL, BlacklistedSite.class); return query.getResultList(); } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaPairwiseIdentifierRepository.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaPairwiseIdentifierRepository.java index 614cfeca0..658517e75 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaPairwiseIdentifierRepository.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaPairwiseIdentifierRepository.java @@ -46,9 +46,9 @@ public class JpaPairwiseIdentifierRepository implements PairwiseIdentifierReposi */ @Override public PairwiseIdentifier getBySectorIdentifier(String sub, String sectorIdentifierUri) { - TypedQuery query = manager.createNamedQuery("PairwiseIdentifier.getBySectorIdentifier", PairwiseIdentifier.class); - query.setParameter("sub", sub); - query.setParameter("sectorIdentifier", sectorIdentifierUri); + TypedQuery query = manager.createNamedQuery(PairwiseIdentifier.QUERY_BY_SECTOR_IDENTIFIER, PairwiseIdentifier.class); + query.setParameter(PairwiseIdentifier.PARAM_SUB, sub); + query.setParameter(PairwiseIdentifier.PARAM_SECTOR_IDENTIFIER, sectorIdentifierUri); return getSingleResult(query.getResultList()); } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaUserInfoRepository.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaUserInfoRepository.java index ca1576013..4acb2687a 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaUserInfoRepository.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaUserInfoRepository.java @@ -44,8 +44,8 @@ public class JpaUserInfoRepository implements UserInfoRepository { */ @Override public UserInfo getByUsername(String username) { - TypedQuery query = manager.createNamedQuery("DefaultUserInfo.getByUsername", DefaultUserInfo.class); - query.setParameter("username", username); + TypedQuery query = manager.createNamedQuery(DefaultUserInfo.QUERY_BY_USERNAME, DefaultUserInfo.class); + query.setParameter(DefaultUserInfo.PARAM_USERNAME, username); return getSingleResult(query.getResultList()); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaWhitelistedSiteRepository.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaWhitelistedSiteRepository.java index a2f68d586..c26c03917 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaWhitelistedSiteRepository.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaWhitelistedSiteRepository.java @@ -45,7 +45,7 @@ public class JpaWhitelistedSiteRepository implements WhitelistedSiteRepository { @Override @Transactional public Collection getAll() { - TypedQuery query = manager.createNamedQuery("WhitelistedSite.getAll", WhitelistedSite.class); + TypedQuery query = manager.createNamedQuery(WhitelistedSite.QUERY_ALL, WhitelistedSite.class); return query.getResultList(); } @@ -85,16 +85,16 @@ public class JpaWhitelistedSiteRepository implements WhitelistedSiteRepository { @Override @Transactional public WhitelistedSite getByClientId(String clientId) { - TypedQuery query = manager.createNamedQuery("WhitelistedSite.getByClientId", WhitelistedSite.class); - query.setParameter("clientId", clientId); + TypedQuery query = manager.createNamedQuery(WhitelistedSite.QUERY_BY_CLIENT_ID, WhitelistedSite.class); + query.setParameter(WhitelistedSite.PARAM_CLIENT_ID, clientId); return JpaUtil.getSingleResult(query.getResultList()); } @Override @Transactional public Collection getByCreator(String creatorId) { - TypedQuery query = manager.createNamedQuery("WhitelistedSite.getByCreaterUserId", WhitelistedSite.class); - query.setParameter("userId", creatorId); + TypedQuery query = manager.createNamedQuery(WhitelistedSite.QUERY_BY_CREATOR, WhitelistedSite.class); + query.setParameter(WhitelistedSite.PARAM_USER_ID, creatorId); return query.getResultList(); } From daee9266c5b6f03dcda98dcb8ff9381cbb18ad62 Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Wed, 11 Mar 2015 16:34:45 -0400 Subject: [PATCH 09/22] default clients to SECRET_BASIC in UI, closes #772 --- .../src/main/webapp/resources/template/client.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openid-connect-server-webapp/src/main/webapp/resources/template/client.html b/openid-connect-server-webapp/src/main/webapp/resources/template/client.html index 40c170504..2923b0e29 100644 --- a/openid-connect-server-webapp/src/main/webapp/resources/template/client.html +++ b/openid-connect-server-webapp/src/main/webapp/resources/template/client.html @@ -410,7 +410,7 @@
- > + >
From 54bec32b7e3a8b8bf8f39d75b2aea717b4246418 Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Wed, 11 Mar 2015 21:24:11 -0400 Subject: [PATCH 10/22] restored relative time display to a few pages where it was lost during i18n updates, closes #766 --- .../src/main/resources/messages_en.properties | 6 ++-- .../src/main/webapp/WEB-INF/views/approve.jsp | 32 ++++++++++++++++--- .../src/main/webapp/resources/js/client.js | 8 ++--- .../resources/js/locale/en/messages.json | 7 +++- .../webapp/resources/template/client.html | 6 +++- 5 files changed, 45 insertions(+), 14 deletions(-) diff --git a/openid-connect-server-webapp/src/main/resources/messages_en.properties b/openid-connect-server-webapp/src/main/resources/messages_en.properties index 5bbbecd34..7292af100 100644 --- a/openid-connect-server-webapp/src/main/resources/messages_en.properties +++ b/openid-connect-server-webapp/src/main/resources/messages_en.properties @@ -82,10 +82,10 @@ manage.title=Management Console approve.title=Approve Access approve.error.not_granted=Access could not be granted. approve.required_for=Approval Required for -approve.dynamically_registered=This client was dynamically registered +approve.dynamically_registered=This client was dynamically registered {0}. approve.caution=Caution -approve.caution.message.none=It has never been approved previously. -approve.caution.message.singular=It has been approved {0} time previously. +approve.caution.message.none=It has never been approved previously. +approve.caution.message.singular=It has been approved {0} time previously. approve.caution.message.plural=It has been approved {0} times previously. approve.more_information=more information approve.home_page=Home page diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/approve.jsp b/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/approve.jsp index 288f38154..e4fc9c968 100644 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/approve.jsp +++ b/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/approve.jsp @@ -41,16 +41,15 @@
- -

+ - . +

@@ -60,8 +59,11 @@

:

- - . + +

+ +

+

@@ -73,6 +75,7 @@ +

@@ -294,6 +297,25 @@ $(document).ready(function() { $('#toggleMoreInformation i').attr('class', 'icon-chevron-down'); } }); + + var creationDate = ""; + var displayCreationDate = $.t('approve.dynamically-registered-unkown'); + var hoverCreationDate = ""; + if (creationDate != null && moment(creationDate).isValid()) { + creationDate = moment(creationDate); + if (moment().diff(creationDate, 'months') < 6) { + displayCreationDate = creationDate.fromNow(); + } else { + displayCreationDate = "on " + creationDate.format("LL"); + } + hoverCreationDate = creationDate.format("LLL"); + } + + $('#registrationTime').html(displayCreationDate); + $('#registrationTime').attr('title', hoverCreationDate); + + + }); //--> diff --git a/openid-connect-server-webapp/src/main/webapp/resources/js/client.js b/openid-connect-server-webapp/src/main/webapp/resources/js/client.js index 5cb704b5e..3ac0674b8 100644 --- a/openid-connect-server-webapp/src/main/webapp/resources/js/client.js +++ b/openid-connect-server-webapp/src/main/webapp/resources/js/client.js @@ -224,19 +224,19 @@ var ClientView = Backbone.View.extend({ render:function (eventName) { var creationDate = this.model.get('createdAt'); - var displayCreationDate = "at an unknown time"; + var displayCreationDate = $.t('client.client-table.unknown'); var hoverCreationDate = ""; if (creationDate == null || !moment(creationDate).isValid()) { - displayCreationDate = "at an unknown time"; + displayCreationDate = $.t('client.client-table.unknown'); hoverCreationDate = ""; } else { creationDate = moment(creationDate); if (moment().diff(creationDate, 'months') < 6) { displayCreationDate = creationDate.fromNow(); } else { - displayCreationDate = "on " + creationDate.format("MMMM Do, YYYY"); + displayCreationDate = "on " + creationDate.format("LL"); } - hoverCreationDate = creationDate.format("MMMM Do, YYYY [at] h:mmA"); + hoverCreationDate = creationDate.format("LLL"); } diff --git a/openid-connect-server-webapp/src/main/webapp/resources/js/locale/en/messages.json b/openid-connect-server-webapp/src/main/webapp/resources/js/locale/en/messages.json index 810c6c5fd..65f8f5d38 100644 --- a/openid-connect-server-webapp/src/main/webapp/resources/js/locale/en/messages.json +++ b/openid-connect-server-webapp/src/main/webapp/resources/js/locale/en/messages.json @@ -158,6 +158,7 @@ "type": "Application Type", "type-native": "Native", "type-web": "Web", + "unknown": "(Unknown)", "user-info-crypto-algorithm": "User Info Endpoint Encryption Algorithm", "user-info-crypto-method": "User Info Endpoint Encryption Method", "user-info-signing-algorithm": "User Info Endpoint Signing Algorithm" @@ -185,7 +186,8 @@ "no-redirect": "NO REDIRECT URI", "registered": "Registrered", "search": "Search...", - "whitelist": "Whitelist" + "whitelist": "Whitelist", + "unknown": "at an unknown time" }, "manage": "Manage Clients", "more-info": { @@ -335,5 +337,8 @@ "whitelist-table": { "no-sites": "There are no whitelisted sites. Use the whitelist button on the client management page to create one." } + }, + approve: { + "dynamically-registered-unknown": "at an unknown time" } } \ No newline at end of file diff --git a/openid-connect-server-webapp/src/main/webapp/resources/template/client.html b/openid-connect-server-webapp/src/main/webapp/resources/template/client.html index 2923b0e29..9bdf4cba6 100644 --- a/openid-connect-server-webapp/src/main/webapp/resources/template/client.html +++ b/openid-connect-server-webapp/src/main/webapp/resources/template/client.html @@ -195,7 +195,11 @@
- <%-createdAt%> + <% if (createdAt) { %> + <%-createdAt%> + <% } else { %> + Unknown + <% } %>
From e1fb8272ccde465afba72b708a1dc228b60a1531 Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Thu, 12 Mar 2015 09:26:38 -0400 Subject: [PATCH 11/22] redirect error on prompt=none, addresses #667 --- .../filter/AuthorizationRequestFilter.java | 38 +++++++++++++++++-- .../request/ConnectRequestParameters.java | 4 +- 2 files changed, 38 insertions(+), 4 deletions(-) diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/filter/AuthorizationRequestFilter.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/filter/AuthorizationRequestFilter.java index 23e8a2367..8a7dc32aa 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/filter/AuthorizationRequestFilter.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/filter/AuthorizationRequestFilter.java @@ -20,6 +20,7 @@ package org.mitre.openid.connect.filter; import java.io.IOException; +import java.net.URISyntaxException; import java.util.Date; import java.util.HashMap; import java.util.List; @@ -33,6 +34,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; +import org.apache.http.client.utils.URIBuilder; import org.mitre.oauth2.model.ClientDetailsEntity; import org.mitre.oauth2.service.ClientDetailsEntityService; import org.mitre.openid.connect.web.AuthenticationTimeStamper; @@ -44,15 +46,17 @@ import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.oauth2.common.exceptions.InvalidClientException; import org.springframework.security.oauth2.provider.AuthorizationRequest; import org.springframework.security.oauth2.provider.OAuth2RequestFactory; +import org.springframework.security.oauth2.provider.endpoint.RedirectResolver; import org.springframework.stereotype.Component; import org.springframework.web.filter.GenericFilterBean; import com.google.common.base.Splitter; import com.google.common.base.Strings; -import static org.mitre.openid.connect.request.ConnectRequestParameters.LOGIN_HINT; +import static org.mitre.openid.connect.request.ConnectRequestParameters.*; import static org.mitre.openid.connect.request.ConnectRequestParameters.MAX_AGE; import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT; +import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT_SEPARATOR; import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT_LOGIN; import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT_NONE; @@ -76,6 +80,9 @@ public class AuthorizationRequestFilter extends GenericFilterBean { @Autowired private ClientDetailsEntityService clientService; + + @Autowired + private RedirectResolver redirectResolver; /** * @@ -118,7 +125,7 @@ public class AuthorizationRequestFilter extends GenericFilterBean { if (authRequest.getExtensions().get(PROMPT) != null) { // we have a "prompt" parameter String prompt = (String)authRequest.getExtensions().get(PROMPT); - List prompts = Splitter.on(" ").splitToList(Strings.nullToEmpty(prompt)); + List prompts = Splitter.on(PROMPT_SEPARATOR).splitToList(Strings.nullToEmpty(prompt)); if (prompts.contains(PROMPT_NONE)) { logger.info("Client requested no prompt"); @@ -131,7 +138,32 @@ public class AuthorizationRequestFilter extends GenericFilterBean { chain.doFilter(req, res); } else { // user hasn't been logged in, we need to "return an error" - logger.info("User not logged in, no prompt requested, returning 403 from filter"); + logger.info("User not logged in, no prompt requested, returning error from filter"); + + if (client != null && authRequest.getRedirectUri() != null) { + + // if we've got a redirect URI then we'll send it + + String url = redirectResolver.resolveRedirect(authRequest.getRedirectUri(), client); + + try { + URIBuilder uriBuilder = new URIBuilder(url); + + uriBuilder.addParameter(ERROR, LOGIN_REQUIRED); + if (!Strings.isNullOrEmpty(authRequest.getState())) { + uriBuilder.addParameter(STATE, authRequest.getState()); // copy the state parameter if one was given + } + + response.sendRedirect(uriBuilder.toString()); + return; + + } catch (URISyntaxException e) { + logger.error("Can't build redirect URI for prompt=none, sending error instead", e); + response.sendError(HttpServletResponse.SC_FORBIDDEN, "Access Denied"); + return; + } + } + response.sendError(HttpServletResponse.SC_FORBIDDEN, "Access Denied"); return; } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/request/ConnectRequestParameters.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/request/ConnectRequestParameters.java index b82cf20fc..ab070dae7 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/request/ConnectRequestParameters.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/request/ConnectRequestParameters.java @@ -24,6 +24,8 @@ public interface ConnectRequestParameters { public String CSRF = "csrf"; public String APPROVED_SITE = "approved_site"; - + // responses + public String ERROR = "error"; + public String LOGIN_REQUIRED = "login_required"; } From 75e0cdd55015f522dbb800a0f54ec2c209e8ab05 Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Thu, 12 Mar 2015 13:34:35 -0400 Subject: [PATCH 12/22] fixed syntax error in messages file --- .../src/main/webapp/resources/js/locale/en/messages.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/openid-connect-server-webapp/src/main/webapp/resources/js/locale/en/messages.json b/openid-connect-server-webapp/src/main/webapp/resources/js/locale/en/messages.json index 65f8f5d38..4deb78e07 100644 --- a/openid-connect-server-webapp/src/main/webapp/resources/js/locale/en/messages.json +++ b/openid-connect-server-webapp/src/main/webapp/resources/js/locale/en/messages.json @@ -338,7 +338,7 @@ "no-sites": "There are no whitelisted sites. Use the whitelist button on the client management page to create one." } }, - approve: { + "approve": { "dynamically-registered-unknown": "at an unknown time" } } \ No newline at end of file From ed8887864cbe6a1e893e2ca5b13c552f172a0e0d Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Thu, 12 Mar 2015 13:35:11 -0400 Subject: [PATCH 13/22] added font and key files to non-filtered file sets --- openid-connect-server-webapp/pom.xml | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/openid-connect-server-webapp/pom.xml b/openid-connect-server-webapp/pom.xml index 0718d5eaa..bbea2fedc 100644 --- a/openid-connect-server-webapp/pom.xml +++ b/openid-connect-server-webapp/pom.xml @@ -47,6 +47,11 @@ jpg png pdf + eot + woff + ttf + svg + jwks From 80605becf18dbb10018352caacaf4504adc2c5a3 Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Thu, 12 Mar 2015 15:26:23 -0400 Subject: [PATCH 14/22] rudimentary json-based message source --- .../webapp/WEB-INF/application-context.xml | 29 ++-- .../connect/config/JsonMessageSource.java | 152 ++++++++++++++++++ 2 files changed, 169 insertions(+), 12 deletions(-) create mode 100644 openid-connect-server/src/main/java/org/mitre/openid/connect/config/JsonMessageSource.java diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/application-context.xml b/openid-connect-server-webapp/src/main/webapp/WEB-INF/application-context.xml index 02131cf71..864470e15 100644 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/application-context.xml +++ b/openid-connect-server-webapp/src/main/webapp/WEB-INF/application-context.xml @@ -205,18 +205,23 @@ - - - - classpath:custom_messages - classpath:messages - - - - - - + + + + + + + + + + + + + + + + + diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/config/JsonMessageSource.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/config/JsonMessageSource.java new file mode 100644 index 000000000..6194a433f --- /dev/null +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/config/JsonMessageSource.java @@ -0,0 +1,152 @@ +/******************************************************************************* + * Copyright 2015 The MITRE Corporation + * and the MIT Kerberos and Internet Trust Consortium + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + *******************************************************************************/ + +package org.mitre.openid.connect.config; + +import java.io.File; +import java.io.FileNotFoundException; +import java.io.FileReader; +import java.io.IOException; +import java.io.InputStreamReader; +import java.text.MessageFormat; +import java.util.HashMap; +import java.util.Iterator; +import java.util.Locale; +import java.util.Map; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.context.support.AbstractMessageSource; +import org.springframework.core.io.Resource; + +import com.google.common.base.Splitter; +import com.google.gson.JsonElement; +import com.google.gson.JsonIOException; +import com.google.gson.JsonObject; +import com.google.gson.JsonParser; +import com.google.gson.JsonSyntaxException; + +/** + * @author jricher + * + */ +public class JsonMessageSource extends AbstractMessageSource { + // Logger for this class + private static final Logger logger = LoggerFactory.getLogger(JsonMessageSource.class); + + private Resource baseDirectory; + + private Map languageMaps = new HashMap<>(); + + @Override + protected MessageFormat resolveCode(String code, Locale locale) { + + JsonObject lang = getLanguageMap(locale); + + MessageFormat mf = getMessageFormat(code, locale, lang); + + // TODO Auto-generated method stub + return mf; + } + + /** + * @param code + * @param locale + * @param lang + * @return + */ + private MessageFormat getMessageFormat(String code, Locale locale, JsonObject lang) { + + JsonElement e = lang; + + Iterable parts = Splitter.on('.').split(code); + Iterator it = parts.iterator(); + + String value = code; + + while (it.hasNext()) { + String p = it.next(); + if (e.isJsonObject()) { + JsonObject o = e.getAsJsonObject(); + if (o.has(p)) { + e = o.get(p); // found the next level + if (!it.hasNext()) { + // we've reached a leaf, grab it + if (e.isJsonPrimitive()) { + value = e.getAsString(); + } + } + } else { + // didn't find it, stop processing + break; + } + } else { + // didn't find it, stop processing + break; + } + } + + + MessageFormat mf = new MessageFormat(value, locale); + + return mf; + } + + /** + * @param locale + * @return + */ + private JsonObject getLanguageMap(Locale locale) { + + if (!languageMaps.containsKey(locale)) { + try { + String filename = locale.getLanguage() + File.separator + "messages.json"; + + Resource r = getBaseDirectory().createRelative(filename); + + logger.info("No locale loaded, trying to load from " + r); + + JsonParser parser = new JsonParser(); + JsonObject obj = (JsonObject) parser.parse(new InputStreamReader(r.getInputStream())); + + languageMaps.put(locale, obj); + } catch (JsonIOException | JsonSyntaxException | IOException e) { + logger.error("Unable to load locale", e); + } + } + + return languageMaps.get(locale); + + + + } + + /** + * @return the baseDirectory + */ + public Resource getBaseDirectory() { + return baseDirectory; + } + + /** + * @param baseDirectory the baseDirectory to set + */ + public void setBaseDirectory(Resource baseDirectory) { + this.baseDirectory = baseDirectory; + } + +} From 4d1b08f89d7805e7cfb40699676ff1d8074d7127 Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Thu, 12 Mar 2015 15:49:44 -0400 Subject: [PATCH 15/22] moved english homepage text to json format --- .../webapp/WEB-INF/tags/landingPageAbout.tag | 2 +- .../WEB-INF/tags/landingPageContact.tag | 2 +- .../webapp/WEB-INF/tags/landingPageStats.tag | 2 +- .../WEB-INF/tags/landingPageWelcome.tag | 2 +- .../resources/js/locale/en/messages.json | 24 ++++++++++++++++++- 5 files changed, 27 insertions(+), 5 deletions(-) diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/landingPageAbout.tag b/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/landingPageAbout.tag index dd241669a..0d9a4e6ac 100644 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/landingPageAbout.tag +++ b/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/landingPageAbout.tag @@ -1,5 +1,5 @@ <%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%> -

+

diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/landingPageContact.tag b/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/landingPageContact.tag index 3692584f4..db9d3f51e 100644 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/landingPageContact.tag +++ b/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/landingPageContact.tag @@ -1,5 +1,5 @@ <%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%> -

+

diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/landingPageStats.tag b/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/landingPageStats.tag index c4a75b38e..45e352780 100644 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/landingPageStats.tag +++ b/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/landingPageStats.tag @@ -1,5 +1,5 @@ <%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%> -

+

diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/landingPageWelcome.tag b/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/landingPageWelcome.tag index 5a4a187dd..851ddbe0b 100644 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/landingPageWelcome.tag +++ b/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/landingPageWelcome.tag @@ -3,7 +3,7 @@
-

+

\ No newline at end of file diff --git a/openid-connect-server-webapp/src/main/webapp/resources/js/locale/en/messages.json b/openid-connect-server-webapp/src/main/webapp/resources/js/locale/en/messages.json index 4deb78e07..80d5addf5 100644 --- a/openid-connect-server-webapp/src/main/webapp/resources/js/locale/en/messages.json +++ b/openid-connect-server-webapp/src/main/webapp/resources/js/locale/en/messages.json @@ -340,5 +340,27 @@ }, "approve": { "dynamically-registered-unknown": "at an unknown time" - } + }, + "home": { + "welcome": { + "title": "Welcome!", + "body": "\nOpenID Connect is an internet-scale federated identity protocol built on top of the OAuth2 authorization framework. \nOpenID Connect lets you log into a remote site using your identity without exposing your credentials, like a username and password.

\n

Learn more »" + }, + "more": "More", + "about": { + "title": "About", + "body": "This OpenID Connect service is built from the MITREid Connect Open Source project, from \nThe MITRE Corporation and the MIT Kerberos and Internet Trust Consortium." + }, + "contact": { + "title": "Contact", + "body": "\nFor more information or support, contact the administrators of this system.

\n

Email »" + }, + "statistics": { + "title": "Current Statistics", + "loading": "Loading...", + "number_users": "Number of users: {0}", + "number_clients": "Authorized clients: {0}", + "number_approvals": "Approved sites: {0}" + } + } } \ No newline at end of file From 285ad71874bf37add747798d3b43c5fc4c03de1b Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Thu, 12 Mar 2015 17:07:08 -0400 Subject: [PATCH 16/22] made input reader use UTF8, imported the first set of Swedish text to the JSON format --- openid-connect-server-webapp/pom.xml | 1 + .../resources/js/locale/en/messages.json | 1 + .../resources/js/locale/sv/messages.json | 23 +++++++++++++++++++ .../connect/config/JsonMessageSource.java | 4 +--- 4 files changed, 26 insertions(+), 3 deletions(-) diff --git a/openid-connect-server-webapp/pom.xml b/openid-connect-server-webapp/pom.xml index bbea2fedc..491cbca56 100644 --- a/openid-connect-server-webapp/pom.xml +++ b/openid-connect-server-webapp/pom.xml @@ -52,6 +52,7 @@ ttf svg jwks + json diff --git a/openid-connect-server-webapp/src/main/webapp/resources/js/locale/en/messages.json b/openid-connect-server-webapp/src/main/webapp/resources/js/locale/en/messages.json index 80d5addf5..33f840409 100644 --- a/openid-connect-server-webapp/src/main/webapp/resources/js/locale/en/messages.json +++ b/openid-connect-server-webapp/src/main/webapp/resources/js/locale/en/messages.json @@ -342,6 +342,7 @@ "dynamically-registered-unknown": "at an unknown time" }, "home": { + "title": "Home", "welcome": { "title": "Welcome!", "body": "\nOpenID Connect is an internet-scale federated identity protocol built on top of the OAuth2 authorization framework. \nOpenID Connect lets you log into a remote site using your identity without exposing your credentials, like a username and password.

\n

Learn more »" diff --git a/openid-connect-server-webapp/src/main/webapp/resources/js/locale/sv/messages.json b/openid-connect-server-webapp/src/main/webapp/resources/js/locale/sv/messages.json index 3be641254..e2bdeec7c 100644 --- a/openid-connect-server-webapp/src/main/webapp/resources/js/locale/sv/messages.json +++ b/openid-connect-server-webapp/src/main/webapp/resources/js/locale/sv/messages.json @@ -322,5 +322,28 @@ "whitelist-table": { "no-sites": "Det finns inga vitlistade webbplatser. Använd knappen vitlista på klientadminstrationssidan för att skapa en." } + }, + "home": { + "title": "Hem", + "welcome": { + "title": "Välkommen!", + "body": "\nOpenID Connect är ett internet-kapabelt federerat identitetsprotokoll byggt ovanpå autentiseringsramverket OAuth2. \nOpenID Connect låter dig logga in på en webbplats med din identitet utan att avslöja dina inloggningshemligheter, som ett användarnamn och lösenord.

\n

Lär dig mer »" + }, + "more": "Mer", + "about": { + "title": "Om tjänsten", + "body": "\nDenna OpenID Connect-tjänst är byggd från det öpnna källkodsprojektet MITREid, av \nMITRE Corporation och MIT Kerberos and Internet Trust Consortium." + }, + "contact": { + "title": "Kontakt", + "body": "\nFör mer information eller användarstöd, kontakta administratörerna av detta system.

\n

E-post »" + }, + "statistics": { + "title": "Nuvarande statistik", + "loading": "Laddar...", + "number_users": "Antal användare: {0}", + "number_clients": "Auktoriserade klienter: {0}", + "number_approvals": "Godkända webbplatser: {0}" + } } } \ No newline at end of file diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/config/JsonMessageSource.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/config/JsonMessageSource.java index 6194a433f..25ba928a1 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/config/JsonMessageSource.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/config/JsonMessageSource.java @@ -18,8 +18,6 @@ package org.mitre.openid.connect.config; import java.io.File; -import java.io.FileNotFoundException; -import java.io.FileReader; import java.io.IOException; import java.io.InputStreamReader; import java.text.MessageFormat; @@ -121,7 +119,7 @@ public class JsonMessageSource extends AbstractMessageSource { logger.info("No locale loaded, trying to load from " + r); JsonParser parser = new JsonParser(); - JsonObject obj = (JsonObject) parser.parse(new InputStreamReader(r.getInputStream())); + JsonObject obj = (JsonObject) parser.parse(new InputStreamReader(r.getInputStream(), "UTF-8")); languageMaps.put(locale, obj); } catch (JsonIOException | JsonSyntaxException | IOException e) { From 2abcd96bbea0bf3775e85cb6420e9bedefea7403 Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Thu, 12 Mar 2015 17:28:27 -0400 Subject: [PATCH 17/22] set fallback locale to English, ultimate fall through is to return the code string itself --- .../src/main/webapp/WEB-INF/views/home.jsp | 2 +- .../resources/js/locale/en/messages.json | 8 +++++ .../connect/config/JsonMessageSource.java | 29 +++++++++++++++---- 3 files changed, 32 insertions(+), 7 deletions(-) diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/home.jsp b/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/home.jsp index 363051881..f3e902904 100644 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/home.jsp +++ b/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/home.jsp @@ -3,7 +3,7 @@ <%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%> <%@ taglib prefix="security" uri="http://www.springframework.org/security/tags"%> - +

diff --git a/openid-connect-server-webapp/src/main/webapp/resources/js/locale/en/messages.json b/openid-connect-server-webapp/src/main/webapp/resources/js/locale/en/messages.json index 33f840409..aeeac39d2 100644 --- a/openid-connect-server-webapp/src/main/webapp/resources/js/locale/en/messages.json +++ b/openid-connect-server-webapp/src/main/webapp/resources/js/locale/en/messages.json @@ -363,5 +363,13 @@ "number_clients": "Authorized clients: {0}", "number_approvals": "Approved sites: {0}" } + }, + "topbar": { + "about": "About", + "contact": "Contact", + "statistics": "Statistics", + "home": "Home", + "login": "Log in", + "logout": "Log out" } } \ No newline at end of file diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/config/JsonMessageSource.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/config/JsonMessageSource.java index 25ba928a1..8c5a7303b 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/config/JsonMessageSource.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/config/JsonMessageSource.java @@ -47,6 +47,8 @@ public class JsonMessageSource extends AbstractMessageSource { private static final Logger logger = LoggerFactory.getLogger(JsonMessageSource.class); private Resource baseDirectory; + + private Locale fallbackLocale = new Locale("en"); // US English is the fallback language private Map languageMaps = new HashMap<>(); @@ -55,9 +57,20 @@ public class JsonMessageSource extends AbstractMessageSource { JsonObject lang = getLanguageMap(locale); - MessageFormat mf = getMessageFormat(code, locale, lang); + String value = getValue(code, lang); + + if (value == null) { + // if we haven't found anything, try the default locale + lang = getLanguageMap(fallbackLocale); + value = getValue(code, lang); + } + + if (value == null) { + value = code; + } + + MessageFormat mf = new MessageFormat(value, locale); - // TODO Auto-generated method stub return mf; } @@ -67,14 +80,19 @@ public class JsonMessageSource extends AbstractMessageSource { * @param lang * @return */ - private MessageFormat getMessageFormat(String code, Locale locale, JsonObject lang) { + private String getValue(String code, JsonObject lang) { + + // if there's no language map, nothing to look up + if (lang == null) { + return null; + } JsonElement e = lang; Iterable parts = Splitter.on('.').split(code); Iterator it = parts.iterator(); - String value = code; + String value = null; while (it.hasNext()) { String p = it.next(); @@ -99,9 +117,8 @@ public class JsonMessageSource extends AbstractMessageSource { } - MessageFormat mf = new MessageFormat(value, locale); + return value; - return mf; } /** From 9b0e504cea62a8d8f74f0731efb7dd0e023857c9 Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Thu, 12 Mar 2015 18:03:05 -0400 Subject: [PATCH 18/22] transferred remainder of English text to new configuration --- .../main/webapp/WEB-INF/tags/actionmenu.tag | 6 +- .../src/main/webapp/WEB-INF/views/approve.jsp | 6 +- .../resources/js/locale/en/messages.json | 83 ++++++++++++++++++- 3 files changed, 86 insertions(+), 9 deletions(-) diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/actionmenu.tag b/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/actionmenu.tag index 8e8a49386..d391a30ad 100644 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/actionmenu.tag +++ b/openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/actionmenu.tag @@ -3,18 +3,18 @@ <%@ taglib prefix="security" uri="http://www.springframework.org/security/tags"%> -
    • +
  • -
    • +
  • -
    • +
  • \ No newline at end of file diff --git a/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/approve.jsp b/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/approve.jsp index e4fc9c968..80385cc35 100644 --- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/approve.jsp +++ b/openid-connect-server-webapp/src/main/webapp/WEB-INF/views/approve.jsp @@ -57,7 +57,7 @@
    ">

    - : + :

    @@ -146,7 +146,7 @@

    :

    - +
    @@ -228,7 +228,7 @@
    - : + :