see issue #19

.settings/org.eclipse.m2e.core.prefs

@@ -1,3 +1,4 @@
+#Wed May 30 14:51:48 EDT 2012
 activeProfiles=
 eclipse.preferences.version=1
 resolveWorkspaceProjects=true

account-chooser/.settings/org.eclipse.m2e.core.prefs

@@ -1,4 +1,4 @@
-#Mon May 07 14:38:46 EDT 2012
+#Wed May 30 14:51:48 EDT 2012
 activeProfiles=
 eclipse.preferences.version=1
 resolveWorkspaceProjects=true

openid-connect-client/.settings/org.eclipse.m2e.core.prefs

@@ -1,3 +1,4 @@
+#Wed May 30 14:51:48 EDT 2012
 activeProfiles=
 eclipse.preferences.version=1
 resolveWorkspaceProjects=true

openid-connect-common/.settings/org.eclipse.m2e.core.prefs

@@ -1,3 +1,4 @@
+#Wed May 30 14:51:48 EDT 2012
 activeProfiles=
 eclipse.preferences.version=1
 resolveWorkspaceProjects=true

openid-connect-server/.settings/com.springsource.sts.maven.prefs

@@ -1,2 +1,3 @@
+#Wed May 30 14:51:48 EDT 2012
 com.springsource.sts.maven.maven.automatically.update=true
 eclipse.preferences.version=1

openid-connect-server/.settings/org.eclipse.wst.common.component

@@ -5,10 +5,10 @@
         <wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/resources"/>
         <wb-resource deploy-path="/" source-path="/target/m2e-wtp/web-resources"/>
         <wb-resource deploy-path="/" source-path="/src/main/webapp" tag="defaultRootSource"/>
-        <dependent-module archiveName="spring-security-oauth2-1.0.0.BUILD-SNAPSHOT.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/spring-security-oauth2-MITRE/spring-security-oauth2-MITRE">
+        <dependent-module archiveName="spring-security-oauth2-1.0.0.BUILD-SNAPSHOT.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/spring-security-oauth2/spring-security-oauth2">
             <dependency-type>uses</dependency-type>
         </dependent-module>
-        <dependent-module archiveName="openid-connect-common-0.1-SNAPSHOT.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/openid-connect-common-MITRE/openid-connect-common-MITRE">
+        <dependent-module archiveName="openid-connect-common-0.1-SNAPSHOT.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/openid-connect-common/openid-connect-common">
             <dependency-type>uses</dependency-type>
         </dependent-module>
         <property name="java-output-path" value="/openid/target/classes"/>

openid-connect-server/src/main/java/org/mitre/openid/connect/exception/ExpiredTokenException.java

@@ -15,11 +15,20 @@
  ******************************************************************************/
 package org.mitre.openid.connect.exception;
 
+/**
+ * @author aanganes, nemonik
+ *
+ */
 public class ExpiredTokenException extends RuntimeException {
 
-	/**
-	 * 
-	 */
 	private static final long serialVersionUID = 1L;
 
+	public ExpiredTokenException() {
+		super();
+	}
+
+	public ExpiredTokenException(String message) {
+		super(message);
+	}
+	
 }

openid-connect-server/src/main/java/org/mitre/openid/connect/exception/InvalidJwtIssuerException.java

@@ -15,11 +15,20 @@
  ******************************************************************************/
 package org.mitre.openid.connect.exception;
 
+/**
+ * @author aanganes, nemonik
+ *
+ */
 public class InvalidJwtIssuerException extends RuntimeException {
 
-	/**
-	 * 
-	 */
 	private static final long serialVersionUID = 1L;
 
+	public InvalidJwtIssuerException() {
+		super();
+	}
+
+	public InvalidJwtIssuerException(String message) {
+		super(message);
+	}
+	
 }

openid-connect-server/src/main/java/org/mitre/openid/connect/exception/InvalidJwtSignatureException.java

@@ -15,11 +15,20 @@
  ******************************************************************************/
 package org.mitre.openid.connect.exception;
 
+/**
+ * @author aanganes, nemonik
+ *
+ */
 public class InvalidJwtSignatureException extends RuntimeException {
 
-	/**
-	 * 
-	 */
 	private static final long serialVersionUID = 1L;
 	
+	public InvalidJwtSignatureException() {
+		super();
+	}
+
+	public InvalidJwtSignatureException(String message) {
+		super(message);
+	}
+	
 }

openid-connect-server/src/main/java/org/mitre/openid/connect/exception/UnknownUserInfoSchemaException.java

@@ -15,14 +15,20 @@
  ******************************************************************************/
 package org.mitre.openid.connect.exception;
 
+/**
+ * @author aanganes, nemonik
+ *
+ */
 public class UnknownUserInfoSchemaException extends RuntimeException {
 	
-	public UnknownUserInfoSchemaException(String string) {
+	private static final long serialVersionUID = 1L;
-		super(string);
+	
+	public UnknownUserInfoSchemaException() {
+		super();
+	}
+
+	public UnknownUserInfoSchemaException(String message) {
+		super(message);
 	}
 	
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = 1L;
 }

openid-connect-server/src/main/java/org/mitre/openid/connect/view/ExceptionAsJSONView.java

@@ -0,0 +1,59 @@
+/*******************************************************************************
+ * Copyright 2012 The MITRE Corporation
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *   http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ ******************************************************************************/
+package org.mitre.openid.connect.view;
+
+import java.util.Map;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.web.servlet.view.AbstractView;
+
+import com.google.gson.JsonObject;
+
+/**
+ * @author nemonik
+ *
+ */
+public class ExceptionAsJSONView extends AbstractView {
+
+	/*
+	 * (non-Javadoc)
+	 * 
+	 * @see
+	 * org.springframework.web.servlet.view.AbstractView#renderMergedOutputModel
+	 * (java.util.Map, javax.servlet.http.HttpServletRequest,
+	 * javax.servlet.http.HttpServletResponse)
+	 */
+	@Override
+	protected void renderMergedOutputModel(Map<String, Object> model,
+			HttpServletRequest requesr, HttpServletResponse response)
+			throws Exception {
+
+		response.setContentType("application/json");
+
+		final JsonObject jsonObject = new JsonObject();
+
+		Object ex = model.get("exception");
+
+		jsonObject.addProperty("error", ex.getClass().getName());
+		jsonObject.addProperty("error_description",
+				((Exception) ex).getMessage());
+
+		response.getWriter().write(jsonObject.toString());
+	}
+
+}

openid-connect-server/src/main/java/org/mitre/openid/connect/web/CheckIDEndpoint.java

@@ -50,7 +50,7 @@ public class CheckIDEndpoint {
 		
 		if (!jwtSignerService.validateSignature(tokenString)) {
 			// can't validate 
-			throw new InvalidJwtSignatureException(); // TODO: attach a view to this exception
+			throw new InvalidJwtSignatureException("The Signature could not be validated.");
 		}
 		
 		// it's a valid signature, parse the token
@@ -59,12 +59,12 @@ public class CheckIDEndpoint {
 		// check the expiration
 		if (jwtSignerService.isJwtExpired(token)) {
 			// token has expired
-			throw new ExpiredTokenException(); // TODO create a view for this exception
+			throw new ExpiredTokenException("The token has expired.");
 		}
 		
 		// check the issuer (sanity check)
 		if (!jwtSignerService.validateIssuedJwt(token, configBean.getIssuer())) {
-			throw new InvalidJwtIssuerException(); // TODO: create a view for this exception
+			throw new InvalidJwtIssuerException("The JWT issuer is invalid.");
 		}
 		
 		// pass the claims directly (the view doesn't care about other fields)

openid-connect-server/src/main/webapp/WEB-INF/spring-servlet.xml

@@ -1,12 +1,9 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <beans xmlns="http://www.springframework.org/schema/beans"
-	xmlns:mvc="http://www.springframework.org/schema/mvc"
+	xmlns:mvc="http://www.springframework.org/schema/mvc" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xmlns:tx="http://www.springframework.org/schema/tx" xmlns:context="http://www.springframework.org/schema/context"
-	xmlns:tx="http://www.springframework.org/schema/tx"
-	xmlns:context="http://www.springframework.org/schema/context"
 	xmlns:security="http://www.springframework.org/schema/security"
-	xmlns:task="http://www.springframework.org/schema/task"
+	xmlns:task="http://www.springframework.org/schema/task" xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
-	xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
 	xsi:schemaLocation="http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-3.0.xsd
 		http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-1.0.xsd
 		http://www.springframework.org/schema/task http://www.springframework.org/schema/task/spring-task-3.1.xsd
@@ -16,7 +13,8 @@
 		http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-3.1.xsd">
 
 	<!-- Scan for components -->
-	<context:component-scan annotation-config="true" base-package="org.mitre"/>
+	<context:component-scan annotation-config="true"
+		base-package="org.mitre" />
 
 	<!-- Enables the Spring MVC @Controller programming model -->
 	<tx:annotation-driven transaction-manager="transactionManager" />
@@ -29,62 +27,83 @@
 	<!-- Import the data context -->
 	<import resource="data-context.xml" />
 
-    <!-- Spring Security configuration -->
+	<!-- Spring Security configuration -->
 
-    <oauth:resource-server id="resourceServerFilter" token-services-ref="defaultOAuth2ProviderTokenService" />
+	<oauth:resource-server id="resourceServerFilter"
+		token-services-ref="defaultOAuth2ProviderTokenService" />
 
-	<security:http pattern="/oauth/token" create-session="stateless" authentication-manager-ref="clientAuthenticationManager" 
+	<security:http pattern="/oauth/token" create-session="stateless"
+		authentication-manager-ref="clientAuthenticationManager"
 		entry-point-ref="oauthAuthenticationEntryPoint">
-		<security:intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
+		<security:intercept-url pattern="/oauth/token"
+			access="IS_AUTHENTICATED_FULLY" />
 		<security:anonymous enabled="false" />
 		<security:http-basic entry-point-ref="oauthAuthenticationEntryPoint" />
-		<!-- include this only if you need to authenticate clients via request parameters -->
+		<!-- include this only if you need to authenticate clients via request 
-		<security:custom-filter ref="clientCredentialsTokenEndpointFilter" before="BASIC_AUTH_FILTER" />
+			parameters -->
+		<security:custom-filter ref="clientCredentialsTokenEndpointFilter"
+			before="BASIC_AUTH_FILTER" />
 		<security:access-denied-handler ref="oauthAccessDeniedHandler" />
 	</security:http>
 
-	<bean id="oauthAuthenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
+	<bean id="oauthAuthenticationEntryPoint"
+		class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
 		<property name="realmName" value="openidconnect" />
 	</bean>
 
-	<!-- SECOAUTH Authorization Server, with our custom token granter plugged in -->
+	<!-- SECOAUTH Authorization Server, with our custom token granter plugged 
-	<oauth:authorization-server client-details-service-ref="defaultOAuth2ClientDetailsEntityService" 
+		in -->
-		token-services-ref="defaultOAuth2ProviderTokenService" token-granter-ref="connectAuthCodeTokenGranter"
+	<oauth:authorization-server
-		user-approval-handler-ref="userApprovalHandler" authorization-endpoint-url="/openidconnect/auth" token-endpoint-url="/openidconnect/token">
+		client-details-service-ref="defaultOAuth2ClientDetailsEntityService"
-		<oauth:authorization-code authorization-code-services-ref="authCodeServices" />
+		token-services-ref="defaultOAuth2ProviderTokenService"
+		token-granter-ref="connectAuthCodeTokenGranter"
+		user-approval-handler-ref="userApprovalHandler"
+		authorization-endpoint-url="/openidconnect/auth" token-endpoint-url="/openidconnect/token">
+		<oauth:authorization-code
+			authorization-code-services-ref="authCodeServices" />
 	</oauth:authorization-server>
 
-	<bean id="oauthAccessDeniedHandler" class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />
+	<bean id="oauthAccessDeniedHandler"
+		class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />
 
-	<bean id="clientCredentialsTokenEndpointFilter" class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
+	<bean id="clientCredentialsTokenEndpointFilter"
+		class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
 		<property name="authenticationManager" ref="clientAuthenticationManager" />
 	</bean>
 
-	<authentication-manager id="clientAuthenticationManager" xmlns="http://www.springframework.org/schema/security">
+	<authentication-manager id="clientAuthenticationManager"
+		xmlns="http://www.springframework.org/schema/security">
 		<authentication-provider user-service-ref="clientUserDetailsService" />
 	</authentication-manager>
 
-	<bean id="clientCredentialsChecker" class="org.springframework.security.oauth2.provider.ClientCredentialsChecker">
+	<bean id="clientCredentialsChecker"
+		class="org.springframework.security.oauth2.provider.ClientCredentialsChecker">
 		<constructor-arg>
-			<bean class="org.mitre.oauth2.service.impl.DefaultOAuth2ClientDetailsEntityService"/>
+			<bean
+				class="org.mitre.oauth2.service.impl.DefaultOAuth2ClientDetailsEntityService" />
 		</constructor-arg>
 	</bean>
 
-	<bean class="org.springframework.security.oauth2.provider.approval.TokenServicesUserApprovalHandler" id="userApprovalHandler">
+	<bean
-		<property name="tokenServices" ref="defaultOAuth2ProviderTokenService"/>
+		class="org.springframework.security.oauth2.provider.approval.TokenServicesUserApprovalHandler"
+		id="userApprovalHandler">
+		<property name="tokenServices" ref="defaultOAuth2ProviderTokenService" />
 	</bean>
 
-	<bean id="authCodeServices" class="org.springframework.security.oauth2.provider.code.InMemoryAuthorizationCodeServices"/>
+	<bean id="authCodeServices"
+		class="org.springframework.security.oauth2.provider.code.InMemoryAuthorizationCodeServices" />
 
 	<!-- user services -->
 	<import resource="user-context.xml" />
 
-<!-- End Spring Security configuration -->	
+	<!-- End Spring Security configuration -->
 
-<!-- JPA  -->
+	<!-- JPA -->
 
-	<bean id="jpaAdapter" class="org.springframework.orm.jpa.vendor.EclipseLinkJpaVendorAdapter">
+	<bean id="jpaAdapter"
-		<property name="databasePlatform" value="org.eclipse.persistence.platform.database.MySQLPlatform" />
+		class="org.springframework.orm.jpa.vendor.EclipseLinkJpaVendorAdapter">
+		<property name="databasePlatform"
+			value="org.eclipse.persistence.platform.database.MySQLPlatform" />
 		<property name="showSql" value="true" />
 	</bean>
 
@@ -96,7 +115,7 @@
 		class="org.springframework.orm.jpa.LocalContainerEntityManagerFactoryBean">
 		<property name="persistenceUnitName" value="openidPersistenceUnit" />
 		<property name="dataSource" ref="dataSource" />
-        <property name="jpaVendorAdapter" ref="jpaAdapter" />
+		<property name="jpaVendorAdapter" ref="jpaAdapter" />
 		<property name="jpaPropertyMap">
 			<map>
 				<entry key="eclipselink.weaving" value="false" />
@@ -106,16 +125,17 @@
 		</property>
 	</bean>
 
-<!-- End JPA -->
+	<!-- End JPA -->
 
-<!-- Crypto -->
+	<!-- Crypto -->
 
 	<bean id="defaultKeystore" class="org.mitre.jwt.signer.service.impl.KeyStore">
 		<constructor-arg name="location" value="classpath:keystore.jks" />
 		<constructor-arg name="password" value="changeit" />
 	</bean>
 
-	<bean id="defaultsignerService" class="org.mitre.jwt.signer.service.impl.JwtSigningAndValidationServiceDefault">
+	<bean id="defaultsignerService"
+		class="org.mitre.jwt.signer.service.impl.JwtSigningAndValidationServiceDefault">
 		<property name="signers">
 			<map>
 				<entry key="rsa1">
@@ -136,47 +156,71 @@
 		</property>
 	</bean>
 
-<!-- End Crypto -->
+	<!-- End Crypto -->
 
-<!-- View configuration -->
+	<!-- View configuration -->
 
-	<!-- Handles HTTP GET requests for /resources/** by efficiently serving up static resources in the ${webappRoot}/resources directory -->
+	<!-- Handles HTTP GET requests for /resources/** by efficiently serving 
+		up static resources in the ${webappRoot}/resources directory -->
 	<mvc:resources mapping="/resources/**" location="/resources/" />
 
-	<!-- Resolves views selected for rendering by @Controllers to .jsp resources in the /WEB-INF/views directory -->
+	<!-- Resolves views selected for rendering by @Controllers to .jsp resources 
-	<bean class="org.springframework.web.servlet.view.InternalResourceViewResolver">
+		in the /WEB-INF/views directory -->
-        <property name="viewClass" value="org.springframework.web.servlet.view.JstlView" />
+	<bean
+		class="org.springframework.web.servlet.view.InternalResourceViewResolver">
+		<property name="viewClass"
+			value="org.springframework.web.servlet.view.JstlView" />
 		<property name="prefix" value="/WEB-INF/views/" />
 		<property name="suffix" value=".jsp" />
-		<property name="order" value="2"/>
+		<property name="order" value="2" />
 	</bean>
 
 	<!-- Resolve views based on string names -->
-	<bean class="org.springframework.web.servlet.view.BeanNameViewResolver" >
+	<bean class="org.springframework.web.servlet.view.BeanNameViewResolver">
-		<property name="order" value="1"/>
+		<property name="order" value="1" />
 	</bean>
 
 	<!-- Map our custom exception classes to named views -->
-<!-- 	<bean class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver"> -->
+	<!-- <bean class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver"> -->
-<!-- 	   <property name="exceptionMappings"> -->
+	<!-- <property name="exceptionMappings"> -->
-<!-- 	   </property> -->
+	<!-- </property> -->
-<!-- 	</bean> -->
+	<!-- </bean> -->
 
 	<!-- JSON views for each type of model object -->
 	<bean id="jsonOpenIdConfigurationView" class="org.mitre.swd.view.JsonOpenIdConfigurationView" />
 	<bean id="jsonSwdResponseView" class="org.mitre.swd.view.SwdResponse" />
 	<bean id="jwkKeyList" class="org.mitre.openid.connect.view.JwkKeyListView" />
 
- 	<bean id="jsonUserInfoView" class="org.mitre.openid.connect.view.JSONUserInfoView"/>
+	<bean id="jsonUserInfoView" class="org.mitre.openid.connect.view.JSONUserInfoView" />
- 	<bean id="pocoUserInfoView" class="org.mitre.openid.connect.view.POCOUserInfoView"/>
+	<bean id="pocoUserInfoView" class="org.mitre.openid.connect.view.POCOUserInfoView" />
- 	<bean id="jsonIdTokenView" class="org.mitre.openid.connect.view.JSONIdTokenView"/>
+	<bean id="jsonIdTokenView" class="org.mitre.openid.connect.view.JSONIdTokenView" />
-    <bean id="jsonClientView" class="org.mitre.openid.connect.view.JSONClientView" />
+	<bean id="jsonClientView" class="org.mitre.openid.connect.view.JSONClientView" />
 
-<!-- End view configuration -->
+	<bean name="exceptionAsJSONView" class="org.mitre.openid.connect.view.ExceptionAsJSONView" />
+
+	<bean
+		class="org.springframework.web.servlet.handler.SimpleMappingExceptionResolver">
+		<property name="exceptionMappings">
+			<props>
+				<prop key="org.mitre.openid.connect.web.InvalidJwtSignatureException">
+					exceptionAsJSONView
+				</prop>
+				<prop key="org.mitre.openid.connect.web.ExpiredTokenException">
+					exceptionAsJSONView
+				</prop>
+				<prop key="org.mitre.openid.connect.web.InvalidJwtIssuerException">
+					exceptionAsJSONView
+				</prop>
+			</props>
+		</property>
+	</bean>
+
+	<!-- End view configuration -->
 
 	<!-- scheduled tasks -->
-<!-- 	<task:scheduler id="taskScheduler" pool-size="10" /> -->
+	<!-- <task:scheduler id="taskScheduler" pool-size="10" /> -->
-<!-- 	<task:executor id="taskExecutor" pool-size="5" /> -->
+	<!-- <task:executor id="taskExecutor" pool-size="5" /> -->
-<!-- 	<task:annotation-driven scheduler="taskScheduler" executor="taskExecutor" /> -->
+	<!-- <task:annotation-driven scheduler="taskScheduler" executor="taskExecutor" 
+		/> -->
 
 </beans>