consistently named JOSE-based classes, closes #529
parent
335d05bb5c
commit
994ce6c743
|
@ -36,9 +36,9 @@ import javax.servlet.http.HttpSession;
|
||||||
import org.apache.http.client.HttpClient;
|
import org.apache.http.client.HttpClient;
|
||||||
import org.apache.http.client.config.RequestConfig;
|
import org.apache.http.client.config.RequestConfig;
|
||||||
import org.apache.http.impl.client.HttpClientBuilder;
|
import org.apache.http.impl.client.HttpClientBuilder;
|
||||||
import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
|
import org.mitre.jwt.signer.service.JWTSigningAndValidationService;
|
||||||
import org.mitre.jwt.signer.service.impl.JWKSetCacheService;
|
import org.mitre.jwt.signer.service.impl.JWKSetCacheService;
|
||||||
import org.mitre.jwt.signer.service.impl.SymmetricCacheService;
|
import org.mitre.jwt.signer.service.impl.SymmetricKeyJWTValidatorCacheService;
|
||||||
import org.mitre.oauth2.model.RegisteredClient;
|
import org.mitre.oauth2.model.RegisteredClient;
|
||||||
import org.mitre.openid.connect.client.model.IssuerServiceResponse;
|
import org.mitre.openid.connect.client.model.IssuerServiceResponse;
|
||||||
import org.mitre.openid.connect.client.service.AuthRequestOptionsService;
|
import org.mitre.openid.connect.client.service.AuthRequestOptionsService;
|
||||||
|
@ -105,11 +105,11 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
|
||||||
|
|
||||||
// creates JWT signer/validators for symmetric keys
|
// creates JWT signer/validators for symmetric keys
|
||||||
@Autowired(required=false)
|
@Autowired(required=false)
|
||||||
private SymmetricCacheService symmetricCacheService;
|
private SymmetricKeyJWTValidatorCacheService symmetricCacheService;
|
||||||
|
|
||||||
// signer based on keypair for this client (for outgoing auth requests)
|
// signer based on keypair for this client (for outgoing auth requests)
|
||||||
@Autowired
|
@Autowired
|
||||||
private JwtSigningAndValidationService authenticationSignerService;
|
private JWTSigningAndValidationService authenticationSignerService;
|
||||||
|
|
||||||
|
|
||||||
/*
|
/*
|
||||||
|
@ -152,7 +152,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
|
||||||
}
|
}
|
||||||
|
|
||||||
if (symmetricCacheService == null) {
|
if (symmetricCacheService == null) {
|
||||||
symmetricCacheService = new SymmetricCacheService();
|
symmetricCacheService = new SymmetricKeyJWTValidatorCacheService();
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -348,7 +348,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
|
||||||
// do a symmetric secret signed JWT for auth
|
// do a symmetric secret signed JWT for auth
|
||||||
|
|
||||||
|
|
||||||
JwtSigningAndValidationService signer = null;
|
JWTSigningAndValidationService signer = null;
|
||||||
JWSAlgorithm alg = clientConfig.getTokenEndpointAuthSigningAlg();
|
JWSAlgorithm alg = clientConfig.getTokenEndpointAuthSigningAlg();
|
||||||
|
|
||||||
if (SECRET_JWT.equals(clientConfig.getTokenEndpointAuthMethod()) &&
|
if (SECRET_JWT.equals(clientConfig.getTokenEndpointAuthMethod()) &&
|
||||||
|
@ -472,7 +472,7 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
|
||||||
ReadOnlyJWTClaimsSet idClaims = idToken.getJWTClaimsSet();
|
ReadOnlyJWTClaimsSet idClaims = idToken.getJWTClaimsSet();
|
||||||
|
|
||||||
// check the signature
|
// check the signature
|
||||||
JwtSigningAndValidationService jwtValidator = null;
|
JWTSigningAndValidationService jwtValidator = null;
|
||||||
|
|
||||||
Algorithm tokenAlg = idToken.getHeader().getAlgorithm();
|
Algorithm tokenAlg = idToken.getHeader().getAlgorithm();
|
||||||
|
|
||||||
|
@ -829,11 +829,11 @@ public class OIDCAuthenticationFilter extends AbstractAuthenticationProcessingFi
|
||||||
this.authOptions = authOptions;
|
this.authOptions = authOptions;
|
||||||
}
|
}
|
||||||
|
|
||||||
public SymmetricCacheService getSymmetricCacheService() {
|
public SymmetricKeyJWTValidatorCacheService getSymmetricCacheService() {
|
||||||
return symmetricCacheService;
|
return symmetricCacheService;
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setSymmetricCacheService(SymmetricCacheService symmetricCacheService) {
|
public void setSymmetricCacheService(SymmetricKeyJWTValidatorCacheService symmetricCacheService) {
|
||||||
this.symmetricCacheService = symmetricCacheService;
|
this.symmetricCacheService = symmetricCacheService;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -19,8 +19,8 @@ package org.mitre.openid.connect.client.keypublisher;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
import java.util.UUID;
|
import java.util.UUID;
|
||||||
|
|
||||||
import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
|
import org.mitre.jwt.signer.service.JWTSigningAndValidationService;
|
||||||
import org.mitre.openid.connect.view.JwkKeyListView;
|
import org.mitre.openid.connect.view.JWKSetView;
|
||||||
import org.springframework.beans.BeansException;
|
import org.springframework.beans.BeansException;
|
||||||
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
|
import org.springframework.beans.factory.config.ConfigurableListableBeanFactory;
|
||||||
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
|
import org.springframework.beans.factory.support.BeanDefinitionBuilder;
|
||||||
|
@ -37,13 +37,13 @@ import com.nimbusds.jose.jwk.JWK;
|
||||||
*/
|
*/
|
||||||
public class ClientKeyPublisher implements BeanDefinitionRegistryPostProcessor {
|
public class ClientKeyPublisher implements BeanDefinitionRegistryPostProcessor {
|
||||||
|
|
||||||
private JwtSigningAndValidationService signingAndValidationService;
|
private JWTSigningAndValidationService signingAndValidationService;
|
||||||
|
|
||||||
private String jwkPublishUrl;
|
private String jwkPublishUrl;
|
||||||
|
|
||||||
private BeanDefinitionRegistry registry;
|
private BeanDefinitionRegistry registry;
|
||||||
|
|
||||||
private String jwkViewName = JwkKeyListView.VIEWNAME;
|
private String jwkViewName = JWKSetView.VIEWNAME;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* If the jwkPublishUrl field is set on this bean, set up a listener on that URL to publish keys.
|
* If the jwkPublishUrl field is set on this bean, set up a listener on that URL to publish keys.
|
||||||
|
@ -61,12 +61,12 @@ public class ClientKeyPublisher implements BeanDefinitionRegistryPostProcessor {
|
||||||
clientKeyMapping.addPropertyValue("jwkPublishUrl", getJwkPublishUrl());
|
clientKeyMapping.addPropertyValue("jwkPublishUrl", getJwkPublishUrl());
|
||||||
|
|
||||||
// randomize view name to make sure it doesn't conflict with local views
|
// randomize view name to make sure it doesn't conflict with local views
|
||||||
jwkViewName = JwkKeyListView.VIEWNAME + "-" + UUID.randomUUID().toString();
|
jwkViewName = JWKSetView.VIEWNAME + "-" + UUID.randomUUID().toString();
|
||||||
viewResolver.addPropertyValue("jwkViewName", jwkViewName);
|
viewResolver.addPropertyValue("jwkViewName", jwkViewName);
|
||||||
|
|
||||||
// view bean
|
// view bean
|
||||||
BeanDefinitionBuilder jwkView = BeanDefinitionBuilder.rootBeanDefinition(JwkKeyListView.class);
|
BeanDefinitionBuilder jwkView = BeanDefinitionBuilder.rootBeanDefinition(JWKSetView.class);
|
||||||
registry.registerBeanDefinition(JwkKeyListView.VIEWNAME, jwkView.getBeanDefinition());
|
registry.registerBeanDefinition(JWKSetView.VIEWNAME, jwkView.getBeanDefinition());
|
||||||
viewResolver.addPropertyReference("jwk", "jwkKeyList");
|
viewResolver.addPropertyReference("jwk", "jwkKeyList");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -114,14 +114,14 @@ public class ClientKeyPublisher implements BeanDefinitionRegistryPostProcessor {
|
||||||
/**
|
/**
|
||||||
* @return the signingAndValidationService
|
* @return the signingAndValidationService
|
||||||
*/
|
*/
|
||||||
public JwtSigningAndValidationService getSigningAndValidationService() {
|
public JWTSigningAndValidationService getSigningAndValidationService() {
|
||||||
return signingAndValidationService;
|
return signingAndValidationService;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param signingAndValidationService the signingAndValidationService to set
|
* @param signingAndValidationService the signingAndValidationService to set
|
||||||
*/
|
*/
|
||||||
public void setSigningAndValidationService(JwtSigningAndValidationService signingAndValidationService) {
|
public void setSigningAndValidationService(JWTSigningAndValidationService signingAndValidationService) {
|
||||||
this.signingAndValidationService = signingAndValidationService;
|
this.signingAndValidationService = signingAndValidationService;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -24,7 +24,7 @@ import java.util.Map;
|
||||||
import java.util.Map.Entry;
|
import java.util.Map.Entry;
|
||||||
|
|
||||||
import org.apache.http.client.utils.URIBuilder;
|
import org.apache.http.client.utils.URIBuilder;
|
||||||
import org.mitre.jwt.encryption.service.JwtEncryptionAndDecryptionService;
|
import org.mitre.jwt.encryption.service.JWTEncryptionAndDecryptionService;
|
||||||
import org.mitre.jwt.signer.service.impl.JWKSetCacheService;
|
import org.mitre.jwt.signer.service.impl.JWKSetCacheService;
|
||||||
import org.mitre.oauth2.model.RegisteredClient;
|
import org.mitre.oauth2.model.RegisteredClient;
|
||||||
import org.mitre.openid.connect.client.service.AuthRequestUrlBuilder;
|
import org.mitre.openid.connect.client.service.AuthRequestUrlBuilder;
|
||||||
|
@ -82,7 +82,7 @@ public class EncryptedAuthRequestUrlBuilder implements AuthRequestUrlBuilder {
|
||||||
|
|
||||||
EncryptedJWT jwt = new EncryptedJWT(new JWEHeader(alg, enc), claims);
|
EncryptedJWT jwt = new EncryptedJWT(new JWEHeader(alg, enc), claims);
|
||||||
|
|
||||||
JwtEncryptionAndDecryptionService encryptor = encrypterService.getEncrypter(serverConfig.getJwksUri());
|
JWTEncryptionAndDecryptionService encryptor = encrypterService.getEncrypter(serverConfig.getJwksUri());
|
||||||
|
|
||||||
encryptor.encryptJwt(jwt);
|
encryptor.encryptJwt(jwt);
|
||||||
|
|
||||||
|
|
|
@ -24,7 +24,7 @@ import java.util.Map;
|
||||||
import java.util.Map.Entry;
|
import java.util.Map.Entry;
|
||||||
|
|
||||||
import org.apache.http.client.utils.URIBuilder;
|
import org.apache.http.client.utils.URIBuilder;
|
||||||
import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
|
import org.mitre.jwt.signer.service.JWTSigningAndValidationService;
|
||||||
import org.mitre.oauth2.model.RegisteredClient;
|
import org.mitre.oauth2.model.RegisteredClient;
|
||||||
import org.mitre.openid.connect.client.service.AuthRequestUrlBuilder;
|
import org.mitre.openid.connect.client.service.AuthRequestUrlBuilder;
|
||||||
import org.mitre.openid.connect.config.ServerConfiguration;
|
import org.mitre.openid.connect.config.ServerConfiguration;
|
||||||
|
@ -41,7 +41,7 @@ import com.nimbusds.jwt.SignedJWT;
|
||||||
*/
|
*/
|
||||||
public class SignedAuthRequestUrlBuilder implements AuthRequestUrlBuilder {
|
public class SignedAuthRequestUrlBuilder implements AuthRequestUrlBuilder {
|
||||||
|
|
||||||
private JwtSigningAndValidationService signingAndValidationService;
|
private JWTSigningAndValidationService signingAndValidationService;
|
||||||
|
|
||||||
/* (non-Javadoc)
|
/* (non-Javadoc)
|
||||||
* @see org.mitre.openid.connect.client.service.AuthRequestUrlBuilder#buildAuthRequestUrl(org.mitre.openid.connect.config.ServerConfiguration, org.springframework.security.oauth2.provider.ClientDetails, java.lang.String, java.lang.String, java.lang.String)
|
* @see org.mitre.openid.connect.client.service.AuthRequestUrlBuilder#buildAuthRequestUrl(org.mitre.openid.connect.config.ServerConfiguration, org.springframework.security.oauth2.provider.ClientDetails, java.lang.String, java.lang.String, java.lang.String)
|
||||||
|
@ -93,14 +93,14 @@ public class SignedAuthRequestUrlBuilder implements AuthRequestUrlBuilder {
|
||||||
/**
|
/**
|
||||||
* @return the signingAndValidationService
|
* @return the signingAndValidationService
|
||||||
*/
|
*/
|
||||||
public JwtSigningAndValidationService getSigningAndValidationService() {
|
public JWTSigningAndValidationService getSigningAndValidationService() {
|
||||||
return signingAndValidationService;
|
return signingAndValidationService;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param signingAndValidationService the signingAndValidationService to set
|
* @param signingAndValidationService the signingAndValidationService to set
|
||||||
*/
|
*/
|
||||||
public void setSigningAndValidationService(JwtSigningAndValidationService signingAndValidationService) {
|
public void setSigningAndValidationService(JWTSigningAndValidationService signingAndValidationService) {
|
||||||
this.signingAndValidationService = signingAndValidationService;
|
this.signingAndValidationService = signingAndValidationService;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -31,7 +31,7 @@ import java.util.Map;
|
||||||
|
|
||||||
import org.junit.Before;
|
import org.junit.Before;
|
||||||
import org.junit.Test;
|
import org.junit.Test;
|
||||||
import org.mitre.jwt.signer.service.impl.DefaultJwtSigningAndValidationService;
|
import org.mitre.jwt.signer.service.impl.DefaultJWTSigningAndValidationService;
|
||||||
import org.mitre.oauth2.model.RegisteredClient;
|
import org.mitre.oauth2.model.RegisteredClient;
|
||||||
import org.mitre.openid.connect.config.ServerConfiguration;
|
import org.mitre.openid.connect.config.ServerConfiguration;
|
||||||
import org.mockito.Mockito;
|
import org.mockito.Mockito;
|
||||||
|
@ -83,7 +83,7 @@ public class TestSignedAuthRequestUrlBuilder {
|
||||||
private String alg = "RS256";
|
private String alg = "RS256";
|
||||||
private String kid = "2011-04-29";
|
private String kid = "2011-04-29";
|
||||||
|
|
||||||
private DefaultJwtSigningAndValidationService signingAndValidationService;
|
private DefaultJWTSigningAndValidationService signingAndValidationService;
|
||||||
|
|
||||||
private SignedAuthRequestUrlBuilder urlBuilder = new SignedAuthRequestUrlBuilder();
|
private SignedAuthRequestUrlBuilder urlBuilder = new SignedAuthRequestUrlBuilder();
|
||||||
|
|
||||||
|
@ -94,7 +94,7 @@ public class TestSignedAuthRequestUrlBuilder {
|
||||||
Map<String, JWK> keys = Maps.newHashMap();
|
Map<String, JWK> keys = Maps.newHashMap();
|
||||||
keys.put("client", key);
|
keys.put("client", key);
|
||||||
|
|
||||||
signingAndValidationService = new DefaultJwtSigningAndValidationService(keys);
|
signingAndValidationService = new DefaultJWTSigningAndValidationService(keys);
|
||||||
signingAndValidationService.setDefaultSignerKeyId("client");
|
signingAndValidationService.setDefaultSignerKeyId("client");
|
||||||
signingAndValidationService.setDefaultSigningAlgorithmName(alg);
|
signingAndValidationService.setDefaultSigningAlgorithmName(alg);
|
||||||
|
|
||||||
|
|
|
@ -28,7 +28,7 @@ import com.nimbusds.jose.jwk.JWK;
|
||||||
* @author wkim
|
* @author wkim
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
public interface JwtEncryptionAndDecryptionService {
|
public interface JWTEncryptionAndDecryptionService {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Encrypts the JWT in place with the default encrypter.
|
* Encrypts the JWT in place with the default encrypter.
|
|
@ -27,7 +27,7 @@ import java.util.Set;
|
||||||
import javax.annotation.PostConstruct;
|
import javax.annotation.PostConstruct;
|
||||||
|
|
||||||
import org.mitre.jose.keystore.JWKSetKeyStore;
|
import org.mitre.jose.keystore.JWKSetKeyStore;
|
||||||
import org.mitre.jwt.encryption.service.JwtEncryptionAndDecryptionService;
|
import org.mitre.jwt.encryption.service.JWTEncryptionAndDecryptionService;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
|
@ -50,9 +50,9 @@ import com.nimbusds.jose.jwk.RSAKey;
|
||||||
* @author wkim
|
* @author wkim
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
public class DefaultJwtEncryptionAndDecryptionService implements JwtEncryptionAndDecryptionService {
|
public class DefaultJWTEncryptionAndDecryptionService implements JWTEncryptionAndDecryptionService {
|
||||||
|
|
||||||
private static Logger logger = LoggerFactory.getLogger(DefaultJwtEncryptionAndDecryptionService.class);
|
private static Logger logger = LoggerFactory.getLogger(DefaultJWTEncryptionAndDecryptionService.class);
|
||||||
|
|
||||||
// map of identifier to encrypter
|
// map of identifier to encrypter
|
||||||
private Map<String, JWEEncrypter> encrypters = new HashMap<String, JWEEncrypter>();
|
private Map<String, JWEEncrypter> encrypters = new HashMap<String, JWEEncrypter>();
|
||||||
|
@ -78,7 +78,7 @@ public class DefaultJwtEncryptionAndDecryptionService implements JwtEncryptionAn
|
||||||
* @throws InvalidKeySpecException
|
* @throws InvalidKeySpecException
|
||||||
* @throws JOSEException
|
* @throws JOSEException
|
||||||
*/
|
*/
|
||||||
public DefaultJwtEncryptionAndDecryptionService(Map<String, JWK> keys) throws NoSuchAlgorithmException, InvalidKeySpecException, JOSEException {
|
public DefaultJWTEncryptionAndDecryptionService(Map<String, JWK> keys) throws NoSuchAlgorithmException, InvalidKeySpecException, JOSEException {
|
||||||
this.keys = keys;
|
this.keys = keys;
|
||||||
buildEncryptersAndDecrypters();
|
buildEncryptersAndDecrypters();
|
||||||
}
|
}
|
||||||
|
@ -92,7 +92,7 @@ public class DefaultJwtEncryptionAndDecryptionService implements JwtEncryptionAn
|
||||||
* @throws InvalidKeySpecException
|
* @throws InvalidKeySpecException
|
||||||
* @throws JOSEException
|
* @throws JOSEException
|
||||||
*/
|
*/
|
||||||
public DefaultJwtEncryptionAndDecryptionService(JWKSetKeyStore keyStore) throws NoSuchAlgorithmException, InvalidKeySpecException, JOSEException {
|
public DefaultJWTEncryptionAndDecryptionService(JWKSetKeyStore keyStore) throws NoSuchAlgorithmException, InvalidKeySpecException, JOSEException {
|
||||||
|
|
||||||
// convert all keys in the keystore to a map based on key id
|
// convert all keys in the keystore to a map based on key id
|
||||||
for (JWK key : keyStore.getKeys()) {
|
for (JWK key : keyStore.getKeys()) {
|
|
@ -24,7 +24,7 @@ import com.nimbusds.jose.JWSAlgorithm;
|
||||||
import com.nimbusds.jose.jwk.JWK;
|
import com.nimbusds.jose.jwk.JWK;
|
||||||
import com.nimbusds.jwt.SignedJWT;
|
import com.nimbusds.jwt.SignedJWT;
|
||||||
|
|
||||||
public interface JwtSigningAndValidationService {
|
public interface JWTSigningAndValidationService {
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Get all public keys for this service, mapped by their Key ID
|
* Get all public keys for this service, mapped by their Key ID
|
|
@ -26,7 +26,7 @@ import java.util.Set;
|
||||||
import java.util.UUID;
|
import java.util.UUID;
|
||||||
|
|
||||||
import org.mitre.jose.keystore.JWKSetKeyStore;
|
import org.mitre.jose.keystore.JWKSetKeyStore;
|
||||||
import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
|
import org.mitre.jwt.signer.service.JWTSigningAndValidationService;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
|
||||||
|
@ -45,7 +45,7 @@ import com.nimbusds.jose.jwk.OctetSequenceKey;
|
||||||
import com.nimbusds.jose.jwk.RSAKey;
|
import com.nimbusds.jose.jwk.RSAKey;
|
||||||
import com.nimbusds.jwt.SignedJWT;
|
import com.nimbusds.jwt.SignedJWT;
|
||||||
|
|
||||||
public class DefaultJwtSigningAndValidationService implements JwtSigningAndValidationService {
|
public class DefaultJWTSigningAndValidationService implements JWTSigningAndValidationService {
|
||||||
|
|
||||||
// map of identifier to signer
|
// map of identifier to signer
|
||||||
private Map<String, JWSSigner> signers = new HashMap<String, JWSSigner>();
|
private Map<String, JWSSigner> signers = new HashMap<String, JWSSigner>();
|
||||||
|
@ -53,7 +53,7 @@ public class DefaultJwtSigningAndValidationService implements JwtSigningAndValid
|
||||||
// map of identifier to verifier
|
// map of identifier to verifier
|
||||||
private Map<String, JWSVerifier> verifiers = new HashMap<String, JWSVerifier>();
|
private Map<String, JWSVerifier> verifiers = new HashMap<String, JWSVerifier>();
|
||||||
|
|
||||||
private static Logger logger = LoggerFactory.getLogger(DefaultJwtSigningAndValidationService.class);
|
private static Logger logger = LoggerFactory.getLogger(DefaultJWTSigningAndValidationService.class);
|
||||||
|
|
||||||
private String defaultSignerKeyId;
|
private String defaultSignerKeyId;
|
||||||
|
|
||||||
|
@ -74,7 +74,7 @@ public class DefaultJwtSigningAndValidationService implements JwtSigningAndValid
|
||||||
* @throws NoSuchAlgorithmException
|
* @throws NoSuchAlgorithmException
|
||||||
* If there is no appropriate algorithm to tie the keys to.
|
* If there is no appropriate algorithm to tie the keys to.
|
||||||
*/
|
*/
|
||||||
public DefaultJwtSigningAndValidationService(Map<String, JWK> keys) throws NoSuchAlgorithmException, InvalidKeySpecException {
|
public DefaultJWTSigningAndValidationService(Map<String, JWK> keys) throws NoSuchAlgorithmException, InvalidKeySpecException {
|
||||||
this.keys = keys;
|
this.keys = keys;
|
||||||
buildSignersAndVerifiers();
|
buildSignersAndVerifiers();
|
||||||
}
|
}
|
||||||
|
@ -91,7 +91,7 @@ public class DefaultJwtSigningAndValidationService implements JwtSigningAndValid
|
||||||
* @throws NoSuchAlgorithmException
|
* @throws NoSuchAlgorithmException
|
||||||
* If there is no appropriate algorithm to tie the keys to.
|
* If there is no appropriate algorithm to tie the keys to.
|
||||||
*/
|
*/
|
||||||
public DefaultJwtSigningAndValidationService(JWKSetKeyStore keyStore) throws NoSuchAlgorithmException, InvalidKeySpecException {
|
public DefaultJWTSigningAndValidationService(JWKSetKeyStore keyStore) throws NoSuchAlgorithmException, InvalidKeySpecException {
|
||||||
// convert all keys in the keystore to a map based on key id
|
// convert all keys in the keystore to a map based on key id
|
||||||
if (keyStore!= null && keyStore.getJwkSet() != null) {
|
if (keyStore!= null && keyStore.getJwkSet() != null) {
|
||||||
for (JWK key : keyStore.getKeys()) {
|
for (JWK key : keyStore.getKeys()) {
|
|
@ -25,9 +25,9 @@ import java.util.concurrent.TimeUnit;
|
||||||
import org.apache.http.client.HttpClient;
|
import org.apache.http.client.HttpClient;
|
||||||
import org.apache.http.impl.client.HttpClientBuilder;
|
import org.apache.http.impl.client.HttpClientBuilder;
|
||||||
import org.mitre.jose.keystore.JWKSetKeyStore;
|
import org.mitre.jose.keystore.JWKSetKeyStore;
|
||||||
import org.mitre.jwt.encryption.service.JwtEncryptionAndDecryptionService;
|
import org.mitre.jwt.encryption.service.JWTEncryptionAndDecryptionService;
|
||||||
import org.mitre.jwt.encryption.service.impl.DefaultJwtEncryptionAndDecryptionService;
|
import org.mitre.jwt.encryption.service.impl.DefaultJWTEncryptionAndDecryptionService;
|
||||||
import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
|
import org.mitre.jwt.signer.service.JWTSigningAndValidationService;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
|
import org.springframework.http.client.HttpComponentsClientHttpRequestFactory;
|
||||||
|
@ -54,10 +54,10 @@ public class JWKSetCacheService {
|
||||||
private static Logger logger = LoggerFactory.getLogger(JWKSetCacheService.class);
|
private static Logger logger = LoggerFactory.getLogger(JWKSetCacheService.class);
|
||||||
|
|
||||||
// map of jwk set uri -> signing/validation service built on the keys found in that jwk set
|
// map of jwk set uri -> signing/validation service built on the keys found in that jwk set
|
||||||
private LoadingCache<String, JwtSigningAndValidationService> validators;
|
private LoadingCache<String, JWTSigningAndValidationService> validators;
|
||||||
|
|
||||||
// map of jwk set uri -> encryption/decryption service built on the keys found in that jwk set
|
// map of jwk set uri -> encryption/decryption service built on the keys found in that jwk set
|
||||||
private LoadingCache<String, JwtEncryptionAndDecryptionService> encrypters;
|
private LoadingCache<String, JWTEncryptionAndDecryptionService> encrypters;
|
||||||
|
|
||||||
public JWKSetCacheService() {
|
public JWKSetCacheService() {
|
||||||
this.validators = CacheBuilder.newBuilder()
|
this.validators = CacheBuilder.newBuilder()
|
||||||
|
@ -76,7 +76,7 @@ public class JWKSetCacheService {
|
||||||
* @throws ExecutionException
|
* @throws ExecutionException
|
||||||
* @see com.google.common.cache.Cache#get(java.lang.Object)
|
* @see com.google.common.cache.Cache#get(java.lang.Object)
|
||||||
*/
|
*/
|
||||||
public JwtSigningAndValidationService getValidator(String jwksUri) {
|
public JWTSigningAndValidationService getValidator(String jwksUri) {
|
||||||
try {
|
try {
|
||||||
return validators.get(jwksUri);
|
return validators.get(jwksUri);
|
||||||
} catch (UncheckedExecutionException ue) {
|
} catch (UncheckedExecutionException ue) {
|
||||||
|
@ -88,7 +88,7 @@ public class JWKSetCacheService {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
public JwtEncryptionAndDecryptionService getEncrypter(String jwksUri) {
|
public JWTEncryptionAndDecryptionService getEncrypter(String jwksUri) {
|
||||||
try {
|
try {
|
||||||
return encrypters.get(jwksUri);
|
return encrypters.get(jwksUri);
|
||||||
} catch (UncheckedExecutionException ue) {
|
} catch (UncheckedExecutionException ue) {
|
||||||
|
@ -104,7 +104,7 @@ public class JWKSetCacheService {
|
||||||
* @author jricher
|
* @author jricher
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
private class JWKSetVerifierFetcher extends CacheLoader<String, JwtSigningAndValidationService> {
|
private class JWKSetVerifierFetcher extends CacheLoader<String, JWTSigningAndValidationService> {
|
||||||
private HttpClient httpClient = HttpClientBuilder.create().useSystemProperties().build();
|
private HttpClient httpClient = HttpClientBuilder.create().useSystemProperties().build();
|
||||||
private HttpComponentsClientHttpRequestFactory httpFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
|
private HttpComponentsClientHttpRequestFactory httpFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
|
||||||
private RestTemplate restTemplate = new RestTemplate(httpFactory);
|
private RestTemplate restTemplate = new RestTemplate(httpFactory);
|
||||||
|
@ -113,14 +113,14 @@ public class JWKSetCacheService {
|
||||||
* Load the JWK Set and build the appropriate signing service.
|
* Load the JWK Set and build the appropriate signing service.
|
||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
public JwtSigningAndValidationService load(String key) throws Exception {
|
public JWTSigningAndValidationService load(String key) throws Exception {
|
||||||
|
|
||||||
String jsonString = restTemplate.getForObject(key, String.class);
|
String jsonString = restTemplate.getForObject(key, String.class);
|
||||||
JWKSet jwkSet = JWKSet.parse(jsonString);
|
JWKSet jwkSet = JWKSet.parse(jsonString);
|
||||||
|
|
||||||
JWKSetKeyStore keyStore = new JWKSetKeyStore(jwkSet);
|
JWKSetKeyStore keyStore = new JWKSetKeyStore(jwkSet);
|
||||||
|
|
||||||
JwtSigningAndValidationService service = new DefaultJwtSigningAndValidationService(keyStore);
|
JWTSigningAndValidationService service = new DefaultJWTSigningAndValidationService(keyStore);
|
||||||
|
|
||||||
return service;
|
return service;
|
||||||
|
|
||||||
|
@ -132,7 +132,7 @@ public class JWKSetCacheService {
|
||||||
* @author jricher
|
* @author jricher
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
private class JWKSetEncryptorFetcher extends CacheLoader<String, JwtEncryptionAndDecryptionService> {
|
private class JWKSetEncryptorFetcher extends CacheLoader<String, JWTEncryptionAndDecryptionService> {
|
||||||
private HttpClient httpClient = HttpClientBuilder.create().useSystemProperties().build();
|
private HttpClient httpClient = HttpClientBuilder.create().useSystemProperties().build();
|
||||||
private HttpComponentsClientHttpRequestFactory httpFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
|
private HttpComponentsClientHttpRequestFactory httpFactory = new HttpComponentsClientHttpRequestFactory(httpClient);
|
||||||
private RestTemplate restTemplate = new RestTemplate(httpFactory);
|
private RestTemplate restTemplate = new RestTemplate(httpFactory);
|
||||||
|
@ -140,13 +140,13 @@ public class JWKSetCacheService {
|
||||||
* @see com.google.common.cache.CacheLoader#load(java.lang.Object)
|
* @see com.google.common.cache.CacheLoader#load(java.lang.Object)
|
||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
public JwtEncryptionAndDecryptionService load(String key) throws Exception {
|
public JWTEncryptionAndDecryptionService load(String key) throws Exception {
|
||||||
String jsonString = restTemplate.getForObject(key, String.class);
|
String jsonString = restTemplate.getForObject(key, String.class);
|
||||||
JWKSet jwkSet = JWKSet.parse(jsonString);
|
JWKSet jwkSet = JWKSet.parse(jsonString);
|
||||||
|
|
||||||
JWKSetKeyStore keyStore = new JWKSetKeyStore(jwkSet);
|
JWKSetKeyStore keyStore = new JWKSetKeyStore(jwkSet);
|
||||||
|
|
||||||
JwtEncryptionAndDecryptionService service = new DefaultJwtEncryptionAndDecryptionService(keyStore);
|
JWTEncryptionAndDecryptionService service = new DefaultJWTEncryptionAndDecryptionService(keyStore);
|
||||||
|
|
||||||
return service;
|
return service;
|
||||||
}
|
}
|
||||||
|
|
|
@ -22,7 +22,7 @@ import java.util.Map;
|
||||||
import java.util.concurrent.ExecutionException;
|
import java.util.concurrent.ExecutionException;
|
||||||
import java.util.concurrent.TimeUnit;
|
import java.util.concurrent.TimeUnit;
|
||||||
|
|
||||||
import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
|
import org.mitre.jwt.signer.service.JWTSigningAndValidationService;
|
||||||
import org.mitre.oauth2.model.ClientDetailsEntity;
|
import org.mitre.oauth2.model.ClientDetailsEntity;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
@ -46,14 +46,14 @@ import com.nimbusds.jose.util.Base64URL;
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
@Service
|
@Service
|
||||||
public class SymmetricCacheService {
|
public class SymmetricKeyJWTValidatorCacheService {
|
||||||
|
|
||||||
private static Logger logger = LoggerFactory.getLogger(SymmetricCacheService.class);
|
private static Logger logger = LoggerFactory.getLogger(SymmetricKeyJWTValidatorCacheService.class);
|
||||||
|
|
||||||
private LoadingCache<String, JwtSigningAndValidationService> validators;
|
private LoadingCache<String, JWTSigningAndValidationService> validators;
|
||||||
|
|
||||||
|
|
||||||
public SymmetricCacheService() {
|
public SymmetricKeyJWTValidatorCacheService() {
|
||||||
validators = CacheBuilder.newBuilder()
|
validators = CacheBuilder.newBuilder()
|
||||||
.expireAfterAccess(24, TimeUnit.HOURS)
|
.expireAfterAccess(24, TimeUnit.HOURS)
|
||||||
.maximumSize(100)
|
.maximumSize(100)
|
||||||
|
@ -67,7 +67,7 @@ public class SymmetricCacheService {
|
||||||
* @param client
|
* @param client
|
||||||
* @return
|
* @return
|
||||||
*/
|
*/
|
||||||
public JwtSigningAndValidationService getSymmetricValidtor(ClientDetailsEntity client) {
|
public JWTSigningAndValidationService getSymmetricValidtor(ClientDetailsEntity client) {
|
||||||
|
|
||||||
if (client == null) {
|
if (client == null) {
|
||||||
logger.error("Couldn't create symmetric validator for null client");
|
logger.error("Couldn't create symmetric validator for null client");
|
||||||
|
@ -91,16 +91,16 @@ public class SymmetricCacheService {
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public class SymmetricValidatorBuilder extends CacheLoader<String, JwtSigningAndValidationService> {
|
public class SymmetricValidatorBuilder extends CacheLoader<String, JWTSigningAndValidationService> {
|
||||||
@Override
|
@Override
|
||||||
public JwtSigningAndValidationService load(String key) throws Exception {
|
public JWTSigningAndValidationService load(String key) throws Exception {
|
||||||
try {
|
try {
|
||||||
|
|
||||||
String id = "SYMMETRIC-KEY";
|
String id = "SYMMETRIC-KEY";
|
||||||
|
|
||||||
JWK jwk = new OctetSequenceKey(Base64URL.encode(key), KeyUse.SIGNATURE, null, null, id, null, null, null);
|
JWK jwk = new OctetSequenceKey(Base64URL.encode(key), KeyUse.SIGNATURE, null, null, id, null, null, null);
|
||||||
Map<String, JWK> keys = ImmutableMap.of(id, jwk);
|
Map<String, JWK> keys = ImmutableMap.of(id, jwk);
|
||||||
JwtSigningAndValidationService service = new DefaultJwtSigningAndValidationService(keys);
|
JWTSigningAndValidationService service = new DefaultJWTSigningAndValidationService(keys);
|
||||||
|
|
||||||
return service;
|
return service;
|
||||||
|
|
|
@ -39,11 +39,11 @@ import com.nimbusds.jose.jwk.JWKSet;
|
||||||
* @author jricher
|
* @author jricher
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
@Component(JwkKeyListView.VIEWNAME)
|
@Component(JWKSetView.VIEWNAME)
|
||||||
public class JwkKeyListView extends AbstractView {
|
public class JWKSetView extends AbstractView {
|
||||||
|
|
||||||
public static final String VIEWNAME = "jwkKeyList";
|
public static final String VIEWNAME = "jwkSet";
|
||||||
private static Logger logger = LoggerFactory.getLogger(JwkKeyListView.class);
|
private static Logger logger = LoggerFactory.getLogger(JWKSetView.class);
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void renderMergedOutputModel(Map<String, Object> model, HttpServletRequest request, HttpServletResponse response) {
|
protected void renderMergedOutputModel(Map<String, Object> model, HttpServletRequest request, HttpServletResponse response) {
|
||||||
|
@ -63,7 +63,7 @@ public class JwkKeyListView extends AbstractView {
|
||||||
|
|
||||||
} catch (IOException e) {
|
} catch (IOException e) {
|
||||||
|
|
||||||
logger.error("IOException in JwkKeyListView.java: ", e);
|
logger.error("IOException in JWKSetView.java: ", e);
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -56,7 +56,7 @@ import com.nimbusds.jwt.ReadOnlyJWTClaimsSet;
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
|
|
||||||
public class TestDefaultJwtEncryptionAndDecryptionService {
|
public class TestDefaultJWTEncryptionAndDecryptionService {
|
||||||
|
|
||||||
private String plainText = "The true sign of intelligence is not knowledge but imagination.";
|
private String plainText = "The true sign of intelligence is not knowledge but imagination.";
|
||||||
|
|
||||||
|
@ -136,20 +136,20 @@ public class TestDefaultJwtEncryptionAndDecryptionService {
|
||||||
|
|
||||||
private List<JWK> keys_list = new LinkedList<JWK>();
|
private List<JWK> keys_list = new LinkedList<JWK>();
|
||||||
|
|
||||||
private DefaultJwtEncryptionAndDecryptionService service;
|
private DefaultJWTEncryptionAndDecryptionService service;
|
||||||
private DefaultJwtEncryptionAndDecryptionService service_2;
|
private DefaultJWTEncryptionAndDecryptionService service_2;
|
||||||
private DefaultJwtEncryptionAndDecryptionService service_3;
|
private DefaultJWTEncryptionAndDecryptionService service_3;
|
||||||
private DefaultJwtEncryptionAndDecryptionService service_4;
|
private DefaultJWTEncryptionAndDecryptionService service_4;
|
||||||
private DefaultJwtEncryptionAndDecryptionService service_ks;
|
private DefaultJWTEncryptionAndDecryptionService service_ks;
|
||||||
|
|
||||||
|
|
||||||
@Before
|
@Before
|
||||||
public void prepare() throws NoSuchAlgorithmException, InvalidKeySpecException, JOSEException {
|
public void prepare() throws NoSuchAlgorithmException, InvalidKeySpecException, JOSEException {
|
||||||
|
|
||||||
service = new DefaultJwtEncryptionAndDecryptionService(keys);
|
service = new DefaultJWTEncryptionAndDecryptionService(keys);
|
||||||
service_2 = new DefaultJwtEncryptionAndDecryptionService(keys_2);
|
service_2 = new DefaultJWTEncryptionAndDecryptionService(keys_2);
|
||||||
service_3 = new DefaultJwtEncryptionAndDecryptionService(keys_3);
|
service_3 = new DefaultJWTEncryptionAndDecryptionService(keys_3);
|
||||||
service_4 = new DefaultJwtEncryptionAndDecryptionService(keys_4);
|
service_4 = new DefaultJWTEncryptionAndDecryptionService(keys_4);
|
||||||
|
|
||||||
claimsSet.setIssuer(issuer);
|
claimsSet.setIssuer(issuer);
|
||||||
claimsSet.setSubject(subject);
|
claimsSet.setSubject(subject);
|
||||||
|
@ -161,7 +161,7 @@ public class TestDefaultJwtEncryptionAndDecryptionService {
|
||||||
JWKSet jwkSet = new JWKSet(keys_list);
|
JWKSet jwkSet = new JWKSet(keys_list);
|
||||||
JWKSetKeyStore keyStore = new JWKSetKeyStore(jwkSet);
|
JWKSetKeyStore keyStore = new JWKSetKeyStore(jwkSet);
|
||||||
|
|
||||||
service_ks = new DefaultJwtEncryptionAndDecryptionService(keyStore);
|
service_ks = new DefaultJWTEncryptionAndDecryptionService(keyStore);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -21,8 +21,8 @@ import java.util.HashMap;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
import org.mitre.discovery.util.WebfingerURLNormalizer;
|
import org.mitre.discovery.util.WebfingerURLNormalizer;
|
||||||
import org.mitre.jwt.encryption.service.JwtEncryptionAndDecryptionService;
|
import org.mitre.jwt.encryption.service.JWTEncryptionAndDecryptionService;
|
||||||
import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
|
import org.mitre.jwt.signer.service.JWTSigningAndValidationService;
|
||||||
import org.mitre.oauth2.service.SystemScopeService;
|
import org.mitre.oauth2.service.SystemScopeService;
|
||||||
import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
|
import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
|
||||||
import org.mitre.openid.connect.model.UserInfo;
|
import org.mitre.openid.connect.model.UserInfo;
|
||||||
|
@ -66,10 +66,10 @@ public class DiscoveryEndpoint {
|
||||||
private SystemScopeService scopeService;
|
private SystemScopeService scopeService;
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
private JwtSigningAndValidationService signService;
|
private JWTSigningAndValidationService signService;
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
private JwtEncryptionAndDecryptionService encService;
|
private JWTEncryptionAndDecryptionService encService;
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
private UserInfoService userService;
|
private UserInfoService userService;
|
||||||
|
|
|
@ -22,7 +22,7 @@ package org.mitre.oauth2.token;
|
||||||
import java.text.ParseException;
|
import java.text.ParseException;
|
||||||
import java.util.Date;
|
import java.util.Date;
|
||||||
|
|
||||||
import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
|
import org.mitre.jwt.signer.service.JWTSigningAndValidationService;
|
||||||
import org.mitre.oauth2.model.ClientDetailsEntity;
|
import org.mitre.oauth2.model.ClientDetailsEntity;
|
||||||
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
|
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
|
||||||
import org.mitre.oauth2.service.ClientDetailsEntityService;
|
import org.mitre.oauth2.service.ClientDetailsEntityService;
|
||||||
|
@ -60,7 +60,7 @@ public class JwtAssertionTokenGranter extends AbstractTokenGranter {
|
||||||
private OAuth2TokenEntityService tokenServices;
|
private OAuth2TokenEntityService tokenServices;
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
private JwtSigningAndValidationService jwtService;
|
private JWTSigningAndValidationService jwtService;
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
private ConfigurationPropertiesBean config;
|
private ConfigurationPropertiesBean config;
|
||||||
|
|
|
@ -22,10 +22,10 @@ import java.util.Map;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
import java.util.UUID;
|
import java.util.UUID;
|
||||||
|
|
||||||
import org.mitre.jwt.encryption.service.JwtEncryptionAndDecryptionService;
|
import org.mitre.jwt.encryption.service.JWTEncryptionAndDecryptionService;
|
||||||
import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
|
import org.mitre.jwt.signer.service.JWTSigningAndValidationService;
|
||||||
import org.mitre.jwt.signer.service.impl.JWKSetCacheService;
|
import org.mitre.jwt.signer.service.impl.JWKSetCacheService;
|
||||||
import org.mitre.jwt.signer.service.impl.SymmetricCacheService;
|
import org.mitre.jwt.signer.service.impl.SymmetricKeyJWTValidatorCacheService;
|
||||||
import org.mitre.oauth2.model.ClientDetailsEntity;
|
import org.mitre.oauth2.model.ClientDetailsEntity;
|
||||||
import org.mitre.oauth2.service.ClientDetailsEntityService;
|
import org.mitre.oauth2.service.ClientDetailsEntityService;
|
||||||
import org.mitre.oauth2.service.SystemScopeService;
|
import org.mitre.oauth2.service.SystemScopeService;
|
||||||
|
@ -64,13 +64,13 @@ public class ConnectOAuth2RequestFactory extends DefaultOAuth2RequestFactory {
|
||||||
private JWKSetCacheService validators;
|
private JWKSetCacheService validators;
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
private SymmetricCacheService symmetricCacheService;
|
private SymmetricKeyJWTValidatorCacheService symmetricCacheService;
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
private SystemScopeService systemScopes;
|
private SystemScopeService systemScopes;
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
private JwtEncryptionAndDecryptionService encryptionService;
|
private JWTEncryptionAndDecryptionService encryptionService;
|
||||||
|
|
||||||
private JsonParser parser = new JsonParser();
|
private JsonParser parser = new JsonParser();
|
||||||
|
|
||||||
|
@ -200,7 +200,7 @@ public class ConnectOAuth2RequestFactory extends DefaultOAuth2RequestFactory {
|
||||||
}
|
}
|
||||||
|
|
||||||
// check JWT signature
|
// check JWT signature
|
||||||
JwtSigningAndValidationService validator = validators.getValidator(client.getJwksUri());
|
JWTSigningAndValidationService validator = validators.getValidator(client.getJwksUri());
|
||||||
|
|
||||||
if (validator == null) {
|
if (validator == null) {
|
||||||
throw new InvalidClientException("Unable to create signature validator for client's JWKS URI: " + client.getJwksUri());
|
throw new InvalidClientException("Unable to create signature validator for client's JWKS URI: " + client.getJwksUri());
|
||||||
|
@ -215,7 +215,7 @@ public class ConnectOAuth2RequestFactory extends DefaultOAuth2RequestFactory {
|
||||||
|
|
||||||
// it's HMAC, we need to make a validator based on the client secret
|
// it's HMAC, we need to make a validator based on the client secret
|
||||||
|
|
||||||
JwtSigningAndValidationService validator = symmetricCacheService.getSymmetricValidtor(client);
|
JWTSigningAndValidationService validator = symmetricCacheService.getSymmetricValidtor(client);
|
||||||
|
|
||||||
if (validator == null) {
|
if (validator == null) {
|
||||||
throw new InvalidClientException("Unable to create signature validator for client's secret: " + client.getClientSecret());
|
throw new InvalidClientException("Unable to create signature validator for client's secret: " + client.getClientSecret());
|
||||||
|
|
|
@ -24,9 +24,9 @@ import java.util.Date;
|
||||||
import java.util.HashSet;
|
import java.util.HashSet;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
|
import org.mitre.jwt.signer.service.JWTSigningAndValidationService;
|
||||||
import org.mitre.jwt.signer.service.impl.JWKSetCacheService;
|
import org.mitre.jwt.signer.service.impl.JWKSetCacheService;
|
||||||
import org.mitre.jwt.signer.service.impl.SymmetricCacheService;
|
import org.mitre.jwt.signer.service.impl.SymmetricKeyJWTValidatorCacheService;
|
||||||
import org.mitre.oauth2.model.ClientDetailsEntity;
|
import org.mitre.oauth2.model.ClientDetailsEntity;
|
||||||
import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod;
|
import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod;
|
||||||
import org.mitre.oauth2.service.ClientDetailsEntityService;
|
import org.mitre.oauth2.service.ClientDetailsEntityService;
|
||||||
|
@ -64,7 +64,7 @@ public class JwtBearerAuthenticationProvider implements AuthenticationProvider {
|
||||||
|
|
||||||
// map of symmetric verifiers for client secrets
|
// map of symmetric verifiers for client secrets
|
||||||
@Autowired
|
@Autowired
|
||||||
private SymmetricCacheService symmetricCacheService;
|
private SymmetricKeyJWTValidatorCacheService symmetricCacheService;
|
||||||
|
|
||||||
// Allow for time sync issues by having a window of X seconds.
|
// Allow for time sync issues by having a window of X seconds.
|
||||||
private int timeSkewAllowance = 300;
|
private int timeSkewAllowance = 300;
|
||||||
|
@ -116,7 +116,7 @@ public class JwtBearerAuthenticationProvider implements AuthenticationProvider {
|
||||||
|| alg.equals(JWSAlgorithm.RS384)
|
|| alg.equals(JWSAlgorithm.RS384)
|
||||||
|| alg.equals(JWSAlgorithm.RS512))) {
|
|| alg.equals(JWSAlgorithm.RS512))) {
|
||||||
|
|
||||||
JwtSigningAndValidationService validator = validators.getValidator(client.getJwksUri());
|
JWTSigningAndValidationService validator = validators.getValidator(client.getJwksUri());
|
||||||
|
|
||||||
if (validator == null) {
|
if (validator == null) {
|
||||||
throw new AuthenticationServiceException("Unable to create signature validator for client's JWKS URI: " + client.getJwksUri());
|
throw new AuthenticationServiceException("Unable to create signature validator for client's JWKS URI: " + client.getJwksUri());
|
||||||
|
@ -132,7 +132,7 @@ public class JwtBearerAuthenticationProvider implements AuthenticationProvider {
|
||||||
|
|
||||||
// it's HMAC, we need to make a validator based on the client secret
|
// it's HMAC, we need to make a validator based on the client secret
|
||||||
|
|
||||||
JwtSigningAndValidationService validator = symmetricCacheService.getSymmetricValidtor(client);
|
JWTSigningAndValidationService validator = symmetricCacheService.getSymmetricValidtor(client);
|
||||||
|
|
||||||
if (validator == null) {
|
if (validator == null) {
|
||||||
throw new AuthenticationServiceException("Unable to create signature validator for client's secret: " + client.getClientSecret());
|
throw new AuthenticationServiceException("Unable to create signature validator for client's secret: " + client.getClientSecret());
|
||||||
|
|
|
@ -21,10 +21,10 @@ import java.util.Map;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
import java.util.UUID;
|
import java.util.UUID;
|
||||||
|
|
||||||
import org.mitre.jwt.encryption.service.JwtEncryptionAndDecryptionService;
|
import org.mitre.jwt.encryption.service.JWTEncryptionAndDecryptionService;
|
||||||
import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
|
import org.mitre.jwt.signer.service.JWTSigningAndValidationService;
|
||||||
import org.mitre.jwt.signer.service.impl.JWKSetCacheService;
|
import org.mitre.jwt.signer.service.impl.JWKSetCacheService;
|
||||||
import org.mitre.jwt.signer.service.impl.SymmetricCacheService;
|
import org.mitre.jwt.signer.service.impl.SymmetricKeyJWTValidatorCacheService;
|
||||||
import org.mitre.oauth2.model.AuthenticationHolderEntity;
|
import org.mitre.oauth2.model.AuthenticationHolderEntity;
|
||||||
import org.mitre.oauth2.model.ClientDetailsEntity;
|
import org.mitre.oauth2.model.ClientDetailsEntity;
|
||||||
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
|
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
|
||||||
|
@ -71,7 +71,7 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
|
||||||
Logger logger = LoggerFactory.getLogger(DefaultOIDCTokenService.class);
|
Logger logger = LoggerFactory.getLogger(DefaultOIDCTokenService.class);
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
private JwtSigningAndValidationService jwtService;
|
private JWTSigningAndValidationService jwtService;
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
private AuthenticationHolderRepository authenticationHolderRepository;
|
private AuthenticationHolderRepository authenticationHolderRepository;
|
||||||
|
@ -83,7 +83,7 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
|
||||||
private JWKSetCacheService encrypters;
|
private JWKSetCacheService encrypters;
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
private SymmetricCacheService symmetricCacheService;
|
private SymmetricKeyJWTValidatorCacheService symmetricCacheService;
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
private OAuth2TokenEntityService tokenService;
|
private OAuth2TokenEntityService tokenService;
|
||||||
|
@ -141,7 +141,7 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
|
||||||
&& client.getIdTokenEncryptedResponseEnc() != null && !client.getIdTokenEncryptedResponseEnc().equals(Algorithm.NONE)
|
&& client.getIdTokenEncryptedResponseEnc() != null && !client.getIdTokenEncryptedResponseEnc().equals(Algorithm.NONE)
|
||||||
&& !Strings.isNullOrEmpty(client.getJwksUri())) {
|
&& !Strings.isNullOrEmpty(client.getJwksUri())) {
|
||||||
|
|
||||||
JwtEncryptionAndDecryptionService encrypter = encrypters.getEncrypter(client.getJwksUri());
|
JWTEncryptionAndDecryptionService encrypter = encrypters.getEncrypter(client.getJwksUri());
|
||||||
|
|
||||||
if (encrypter != null) {
|
if (encrypter != null) {
|
||||||
|
|
||||||
|
@ -173,7 +173,7 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
|
||||||
|
|
||||||
idToken = new SignedJWT(new JWSHeader(signingAlg), idClaims);
|
idToken = new SignedJWT(new JWSHeader(signingAlg), idClaims);
|
||||||
|
|
||||||
JwtSigningAndValidationService signer = symmetricCacheService.getSymmetricValidtor(client);
|
JWTSigningAndValidationService signer = symmetricCacheService.getSymmetricValidtor(client);
|
||||||
|
|
||||||
// sign it with the client's secret
|
// sign it with the client's secret
|
||||||
signer.signJwt((SignedJWT) idToken);
|
signer.signJwt((SignedJWT) idToken);
|
||||||
|
@ -300,14 +300,14 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
|
||||||
/**
|
/**
|
||||||
* @return the jwtService
|
* @return the jwtService
|
||||||
*/
|
*/
|
||||||
public JwtSigningAndValidationService getJwtService() {
|
public JWTSigningAndValidationService getJwtService() {
|
||||||
return jwtService;
|
return jwtService;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param jwtService the jwtService to set
|
* @param jwtService the jwtService to set
|
||||||
*/
|
*/
|
||||||
public void setJwtService(JwtSigningAndValidationService jwtService) {
|
public void setJwtService(JWTSigningAndValidationService jwtService) {
|
||||||
this.jwtService = jwtService;
|
this.jwtService = jwtService;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -19,9 +19,9 @@ package org.mitre.openid.connect.token;
|
||||||
import java.util.Date;
|
import java.util.Date;
|
||||||
import java.util.UUID;
|
import java.util.UUID;
|
||||||
|
|
||||||
import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
|
import org.mitre.jwt.signer.service.JWTSigningAndValidationService;
|
||||||
import org.mitre.jwt.signer.service.impl.JWKSetCacheService;
|
import org.mitre.jwt.signer.service.impl.JWKSetCacheService;
|
||||||
import org.mitre.jwt.signer.service.impl.SymmetricCacheService;
|
import org.mitre.jwt.signer.service.impl.SymmetricKeyJWTValidatorCacheService;
|
||||||
import org.mitre.oauth2.model.ClientDetailsEntity;
|
import org.mitre.oauth2.model.ClientDetailsEntity;
|
||||||
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
|
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
|
||||||
import org.mitre.oauth2.service.ClientDetailsEntityService;
|
import org.mitre.oauth2.service.ClientDetailsEntityService;
|
||||||
|
@ -54,7 +54,7 @@ public class ConnectTokenEnhancer implements TokenEnhancer {
|
||||||
private ConfigurationPropertiesBean configBean;
|
private ConfigurationPropertiesBean configBean;
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
private JwtSigningAndValidationService jwtService;
|
private JWTSigningAndValidationService jwtService;
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
private ClientDetailsEntityService clientService;
|
private ClientDetailsEntityService clientService;
|
||||||
|
@ -72,7 +72,7 @@ public class ConnectTokenEnhancer implements TokenEnhancer {
|
||||||
private JWKSetCacheService encryptors;
|
private JWKSetCacheService encryptors;
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
private SymmetricCacheService symmetricCacheService;
|
private SymmetricKeyJWTValidatorCacheService symmetricCacheService;
|
||||||
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -144,11 +144,11 @@ public class ConnectTokenEnhancer implements TokenEnhancer {
|
||||||
this.configBean = configBean;
|
this.configBean = configBean;
|
||||||
}
|
}
|
||||||
|
|
||||||
public JwtSigningAndValidationService getJwtService() {
|
public JWTSigningAndValidationService getJwtService() {
|
||||||
return jwtService;
|
return jwtService;
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setJwtService(JwtSigningAndValidationService jwtService) {
|
public void setJwtService(JWTSigningAndValidationService jwtService) {
|
||||||
this.jwtService = jwtService;
|
this.jwtService = jwtService;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -30,10 +30,10 @@ import java.util.UUID;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import javax.servlet.http.HttpServletResponse;
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
|
||||||
import org.mitre.jwt.encryption.service.JwtEncryptionAndDecryptionService;
|
import org.mitre.jwt.encryption.service.JWTEncryptionAndDecryptionService;
|
||||||
import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
|
import org.mitre.jwt.signer.service.JWTSigningAndValidationService;
|
||||||
import org.mitre.jwt.signer.service.impl.JWKSetCacheService;
|
import org.mitre.jwt.signer.service.impl.JWKSetCacheService;
|
||||||
import org.mitre.jwt.signer.service.impl.SymmetricCacheService;
|
import org.mitre.jwt.signer.service.impl.SymmetricKeyJWTValidatorCacheService;
|
||||||
import org.mitre.oauth2.model.ClientDetailsEntity;
|
import org.mitre.oauth2.model.ClientDetailsEntity;
|
||||||
import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
|
import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
|
@ -56,15 +56,15 @@ import com.nimbusds.jwt.SignedJWT;
|
||||||
* @author jricher
|
* @author jricher
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
@Component(UserInfoJwtView.VIEWNAME)
|
@Component(UserInfoJWTView.VIEWNAME)
|
||||||
public class UserInfoJwtView extends UserInfoView {
|
public class UserInfoJWTView extends UserInfoView {
|
||||||
|
|
||||||
private static Logger logger = LoggerFactory.getLogger(UserInfoJwtView.class);
|
private static Logger logger = LoggerFactory.getLogger(UserInfoJWTView.class);
|
||||||
|
|
||||||
public static final String VIEWNAME = "userInfoJwtView";
|
public static final String VIEWNAME = "userInfoJwtView";
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
private JwtSigningAndValidationService jwtService;
|
private JWTSigningAndValidationService jwtService;
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
private ConfigurationPropertiesBean config;
|
private ConfigurationPropertiesBean config;
|
||||||
|
@ -73,7 +73,7 @@ public class UserInfoJwtView extends UserInfoView {
|
||||||
private JWKSetCacheService encrypters;
|
private JWKSetCacheService encrypters;
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
private SymmetricCacheService symmetricCacheService;
|
private SymmetricKeyJWTValidatorCacheService symmetricCacheService;
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void writeOut(JsonObject json, Map<String, Object> model,
|
protected void writeOut(JsonObject json, Map<String, Object> model,
|
||||||
|
@ -105,7 +105,7 @@ public class UserInfoJwtView extends UserInfoView {
|
||||||
|
|
||||||
// encrypt it to the client's key
|
// encrypt it to the client's key
|
||||||
|
|
||||||
JwtEncryptionAndDecryptionService encrypter = encrypters.getEncrypter(client.getJwksUri());
|
JWTEncryptionAndDecryptionService encrypter = encrypters.getEncrypter(client.getJwksUri());
|
||||||
|
|
||||||
if (encrypter != null) {
|
if (encrypter != null) {
|
||||||
|
|
||||||
|
@ -134,7 +134,7 @@ public class UserInfoJwtView extends UserInfoView {
|
||||||
|| signingAlg.equals(JWSAlgorithm.HS512)) {
|
|| signingAlg.equals(JWSAlgorithm.HS512)) {
|
||||||
|
|
||||||
// sign it with the client's secret
|
// sign it with the client's secret
|
||||||
JwtSigningAndValidationService signer = symmetricCacheService.getSymmetricValidtor(client);
|
JWTSigningAndValidationService signer = symmetricCacheService.getSymmetricValidtor(client);
|
||||||
signer.signJwt(signed);
|
signer.signJwt(signed);
|
||||||
|
|
||||||
} else {
|
} else {
|
|
@ -23,7 +23,7 @@ import java.util.HashSet;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
import java.util.concurrent.TimeUnit;
|
import java.util.concurrent.TimeUnit;
|
||||||
|
|
||||||
import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
|
import org.mitre.jwt.signer.service.JWTSigningAndValidationService;
|
||||||
import org.mitre.oauth2.model.ClientDetailsEntity;
|
import org.mitre.oauth2.model.ClientDetailsEntity;
|
||||||
import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod;
|
import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod;
|
||||||
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
|
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
|
||||||
|
@ -71,7 +71,7 @@ public class ClientDynamicRegistrationEndpoint {
|
||||||
private OAuth2TokenEntityService tokenService;
|
private OAuth2TokenEntityService tokenService;
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
private JwtSigningAndValidationService jwtService;
|
private JWTSigningAndValidationService jwtService;
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
private SystemScopeService scopeService;
|
private SystemScopeService scopeService;
|
||||||
|
|
|
@ -18,8 +18,8 @@ package org.mitre.openid.connect.web;
|
||||||
|
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
|
import org.mitre.jwt.signer.service.JWTSigningAndValidationService;
|
||||||
import org.mitre.openid.connect.view.JwkKeyListView;
|
import org.mitre.openid.connect.view.JWKSetView;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.stereotype.Controller;
|
import org.springframework.stereotype.Controller;
|
||||||
import org.springframework.ui.Model;
|
import org.springframework.ui.Model;
|
||||||
|
@ -28,10 +28,10 @@ import org.springframework.web.bind.annotation.RequestMapping;
|
||||||
import com.nimbusds.jose.jwk.JWK;
|
import com.nimbusds.jose.jwk.JWK;
|
||||||
|
|
||||||
@Controller
|
@Controller
|
||||||
public class JsonWebKeyEndpoint {
|
public class JWKSetPublishingEndpoint {
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
private JwtSigningAndValidationService jwtService;
|
private JWTSigningAndValidationService jwtService;
|
||||||
|
|
||||||
@RequestMapping(value = "/jwk", produces = "application/json")
|
@RequestMapping(value = "/jwk", produces = "application/json")
|
||||||
public String getJwk(Model m) {
|
public String getJwk(Model m) {
|
||||||
|
@ -43,20 +43,20 @@ public class JsonWebKeyEndpoint {
|
||||||
|
|
||||||
m.addAttribute("keys", keys);
|
m.addAttribute("keys", keys);
|
||||||
|
|
||||||
return JwkKeyListView.VIEWNAME;
|
return JWKSetView.VIEWNAME;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @return the jwtService
|
* @return the jwtService
|
||||||
*/
|
*/
|
||||||
public JwtSigningAndValidationService getJwtService() {
|
public JWTSigningAndValidationService getJwtService() {
|
||||||
return jwtService;
|
return jwtService;
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @param jwtService the jwtService to set
|
* @param jwtService the jwtService to set
|
||||||
*/
|
*/
|
||||||
public void setJwtService(JwtSigningAndValidationService jwtService) {
|
public void setJwtService(JWTSigningAndValidationService jwtService) {
|
||||||
this.jwtService = jwtService;
|
this.jwtService = jwtService;
|
||||||
}
|
}
|
||||||
|
|
|
@ -22,7 +22,7 @@ import java.util.Date;
|
||||||
import java.util.HashSet;
|
import java.util.HashSet;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
|
import org.mitre.jwt.signer.service.JWTSigningAndValidationService;
|
||||||
import org.mitre.oauth2.model.ClientDetailsEntity;
|
import org.mitre.oauth2.model.ClientDetailsEntity;
|
||||||
import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod;
|
import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod;
|
||||||
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
|
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
|
||||||
|
@ -68,7 +68,7 @@ public class ProtectedResourceRegistrationEndpoint {
|
||||||
private OAuth2TokenEntityService tokenService;
|
private OAuth2TokenEntityService tokenService;
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
private JwtSigningAndValidationService jwtService;
|
private JWTSigningAndValidationService jwtService;
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
private SystemScopeService scopeService;
|
private SystemScopeService scopeService;
|
||||||
|
|
|
@ -23,7 +23,7 @@ import org.mitre.oauth2.service.ClientDetailsEntityService;
|
||||||
import org.mitre.openid.connect.model.UserInfo;
|
import org.mitre.openid.connect.model.UserInfo;
|
||||||
import org.mitre.openid.connect.service.UserInfoService;
|
import org.mitre.openid.connect.service.UserInfoService;
|
||||||
import org.mitre.openid.connect.view.HttpCodeView;
|
import org.mitre.openid.connect.view.HttpCodeView;
|
||||||
import org.mitre.openid.connect.view.UserInfoJwtView;
|
import org.mitre.openid.connect.view.UserInfoJWTView;
|
||||||
import org.mitre.openid.connect.view.UserInfoView;
|
import org.mitre.openid.connect.view.UserInfoView;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
@ -109,21 +109,21 @@ public class UserInfoEndpoint {
|
||||||
// client has a preference, see if they ask for plain JSON specifically on this request
|
// client has a preference, see if they ask for plain JSON specifically on this request
|
||||||
for (MediaType m : mediaTypes) {
|
for (MediaType m : mediaTypes) {
|
||||||
if (!m.isWildcardType() && m.isCompatibleWith(JOSE_MEDIA_TYPE)) {
|
if (!m.isWildcardType() && m.isCompatibleWith(JOSE_MEDIA_TYPE)) {
|
||||||
return UserInfoJwtView.VIEWNAME;
|
return UserInfoJWTView.VIEWNAME;
|
||||||
} else if (!m.isWildcardType() && m.isCompatibleWith(MediaType.APPLICATION_JSON)) {
|
} else if (!m.isWildcardType() && m.isCompatibleWith(MediaType.APPLICATION_JSON)) {
|
||||||
return UserInfoView.VIEWNAME;
|
return UserInfoView.VIEWNAME;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// otherwise return JWT
|
// otherwise return JWT
|
||||||
return UserInfoJwtView.VIEWNAME;
|
return UserInfoJWTView.VIEWNAME;
|
||||||
} else {
|
} else {
|
||||||
// client has no preference, see if they asked for JWT specifically on this request
|
// client has no preference, see if they asked for JWT specifically on this request
|
||||||
for (MediaType m : mediaTypes) {
|
for (MediaType m : mediaTypes) {
|
||||||
if (!m.isWildcardType() && m.isCompatibleWith(MediaType.APPLICATION_JSON)) {
|
if (!m.isWildcardType() && m.isCompatibleWith(MediaType.APPLICATION_JSON)) {
|
||||||
return UserInfoView.VIEWNAME;
|
return UserInfoView.VIEWNAME;
|
||||||
} else if (!m.isWildcardType() && m.isCompatibleWith(JOSE_MEDIA_TYPE)) {
|
} else if (!m.isWildcardType() && m.isCompatibleWith(JOSE_MEDIA_TYPE)) {
|
||||||
return UserInfoJwtView.VIEWNAME;
|
return UserInfoJWTView.VIEWNAME;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue