github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

only save strings in the Extensions map

pull/819/merge
Justin Richer 2015-05-22 15:00:04 -04:00
parent 93a91c8f84
commit a7905c9f82
5 changed files with 16 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java
View File

@ -184,7 +184,7 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
if (originalAuthRequest.getExtensions() != null && originalAuthRequest.getExtensions().containsKey("approved_site")) { if (originalAuthRequest.getExtensions() != null && originalAuthRequest.getExtensions().containsKey("approved_site")) {
Long apId = (Long) originalAuthRequest.getExtensions().get("approved_site"); Long apId = Long.parseLong((String) originalAuthRequest.getExtensions().get("approved_site"));
ApprovedSite ap = approvedSiteService.getById(apId); ApprovedSite ap = approvedSiteService.getById(apId);
Set<OAuth2AccessTokenEntity> apTokens = ap.getApprovedAccessTokens(); Set<OAuth2AccessTokenEntity> apTokens = ap.getApprovedAccessTokens();
apTokens.add(savedToken); apTokens.add(savedToken);

4
openid-connect-server/src/main/java/org/mitre/openid/connect/request/ConnectOAuth2RequestFactory.java
View File

@ -16,6 +16,7 @@
*******************************************************************************/ *******************************************************************************/
package org.mitre.openid.connect.request; package org.mitre.openid.connect.request;
import java.text.ParseException; import java.text.ParseException;
import java.util.Collections; import java.util.Collections;
import java.util.Map; import java.util.Map;
@ -64,6 +65,7 @@ import static org.mitre.openid.connect.request.ConnectRequestParameters.PROMPT;
import static org.mitre.openid.connect.request.ConnectRequestParameters.REDIRECT_URI; import static org.mitre.openid.connect.request.ConnectRequestParameters.REDIRECT_URI;
import static org.mitre.openid.connect.request.ConnectRequestParameters.REQUEST; import static org.mitre.openid.connect.request.ConnectRequestParameters.REQUEST;
import static org.mitre.openid.connect.request.ConnectRequestParameters.RESPONSE_TYPE; import static org.mitre.openid.connect.request.ConnectRequestParameters.RESPONSE_TYPE;
import static org.mitre.openid.connect.request.ConnectRequestParameters.SCOPE;
import static org.mitre.openid.connect.request.ConnectRequestParameters.STATE; import static org.mitre.openid.connect.request.ConnectRequestParameters.STATE;
@Component("connectOAuth2RequestFactory") @Component("connectOAuth2RequestFactory")
@ -356,7 +358,7 @@ public class ConnectOAuth2RequestFactory extends DefaultOAuth2RequestFactory {
request.getExtensions().put(PROMPT, prompt); request.getExtensions().put(PROMPT, prompt);
} }
Set<String> scope = OAuth2Utils.parseParameterList(claims.getStringClaim("scope")); Set<String> scope = OAuth2Utils.parseParameterList(claims.getStringClaim(SCOPE));
if (scope != null && !scope.isEmpty()) { if (scope != null && !scope.isEmpty()) {
if (!scope.equals(request.getScope())) { if (!scope.equals(request.getScope())) {
logger.info("Mismatch between request object and regular parameter for scope, using request object"); logger.info("Mismatch between request object and regular parameter for scope, using request object");

1
openid-connect-server/src/main/java/org/mitre/openid/connect/request/ConnectRequestParameters.java
View File

@ -27,6 +27,7 @@ public interface ConnectRequestParameters {
public String LOGIN_HINT = "login_hint"; public String LOGIN_HINT = "login_hint";
public String MAX_AGE = "max_age"; public String MAX_AGE = "max_age";
public String CLAIMS = "claims"; public String CLAIMS = "claims";
public String SCOPE = "scope";
public String NONCE = "nonce"; public String NONCE = "nonce";
public String PROMPT = "prompt"; public String PROMPT = "prompt";

6
openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/DefaultOIDCTokenService.java
View File

@ -109,9 +109,9 @@ public class DefaultOIDCTokenService implements OIDCTokenService {
|| (request.getExtensions().containsKey("idtoken")) // TODO: parse the ID Token claims (#473) -- for now assume it could be in there || (request.getExtensions().containsKey("idtoken")) // TODO: parse the ID Token claims (#473) -- for now assume it could be in there
|| (client.getRequireAuthTime() != null && client.getRequireAuthTime())) { || (client.getRequireAuthTime() != null && client.getRequireAuthTime())) {
Date authTime = (Date) request.getExtensions().get(AuthenticationTimeStamper.AUTH_TIMESTAMP); Long authTimestamp = Long.parseLong((String) request.getExtensions().get(AuthenticationTimeStamper.AUTH_TIMESTAMP));
if (authTime != null) { if (authTimestamp != null) {
idClaims.setClaim("auth_time", authTime.getTime() / 1000); idClaims.setClaim("auth_time", authTimestamp / 1000L);
} }
} }

12
openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java
View File

@ -162,7 +162,8 @@ public class TofuUserApprovalHandler implements UserApprovalHandler {
ap.setAccessDate(new Date()); ap.setAccessDate(new Date());
approvedSiteService.save(ap); approvedSiteService.save(ap);
authorizationRequest.getExtensions().put(APPROVED_SITE, ap.getId()); String apId = ap.getId().toString();
authorizationRequest.getExtensions().put(APPROVED_SITE, apId);
authorizationRequest.setApproved(true); authorizationRequest.setApproved(true);
alreadyApproved = true; alreadyApproved = true;
@ -177,7 +178,8 @@ public class TofuUserApprovalHandler implements UserApprovalHandler {
//Create an approved site //Create an approved site
ApprovedSite newSite = approvedSiteService.createApprovedSite(clientId, userId, null, ws.getAllowedScopes(), ws); ApprovedSite newSite = approvedSiteService.createApprovedSite(clientId, userId, null, ws.getAllowedScopes(), ws);
authorizationRequest.getExtensions().put(APPROVED_SITE, newSite.getId()); String newSiteId = newSite.getId().toString();
authorizationRequest.getExtensions().put(APPROVED_SITE, newSiteId);
authorizationRequest.setApproved(true); authorizationRequest.setApproved(true);
setAuthTime(authorizationRequest); setAuthTime(authorizationRequest);
@ -252,7 +254,8 @@ public class TofuUserApprovalHandler implements UserApprovalHandler {
} }
ApprovedSite newSite = approvedSiteService.createApprovedSite(clientId, userId, timeout, allowedScopes, null); ApprovedSite newSite = approvedSiteService.createApprovedSite(clientId, userId, timeout, allowedScopes, null);
authorizationRequest.getExtensions().put(APPROVED_SITE, newSite.getId()); String newSiteId = newSite.getId().toString();
authorizationRequest.getExtensions().put(APPROVED_SITE, newSiteId);
} }
setAuthTime(authorizationRequest); setAuthTime(authorizationRequest);
@ -277,7 +280,8 @@ public class TofuUserApprovalHandler implements UserApprovalHandler {
if (session != null) { if (session != null) {
Date authTime = (Date) session.getAttribute(AuthenticationTimeStamper.AUTH_TIMESTAMP); Date authTime = (Date) session.getAttribute(AuthenticationTimeStamper.AUTH_TIMESTAMP);
if (authTime != null) { if (authTime != null) {
authorizationRequest.getExtensions().put(AuthenticationTimeStamper.AUTH_TIMESTAMP, authTime); String authTimeString = Long.toString(authTime.getTime());
authorizationRequest.getExtensions().put(AuthenticationTimeStamper.AUTH_TIMESTAMP, authTimeString);
} }
} }
} }