From a79aca906ef3f5e1ebf28dbc0197e04855adf04e Mon Sep 17 00:00:00 2001 From: Amanda Anganes Date: Mon, 22 Apr 2013 15:49:06 -0400 Subject: [PATCH] Fixed error logging; added ApprovedSite tracking to tokens --- .../oauth2/model/OAuth2AccessTokenEntity.java | 21 ++- .../openid/connect/model/ApprovedSite.java | 134 +++++++++++++++++- .../openid/connect/model/WhitelistedSite.java | 70 ++++++++- .../DefaultOAuth2ProviderTokenService.java | 6 - .../oauth2/web/IntrospectionEndpoint.java | 4 +- .../web/OAuthConfirmationController.java | 4 +- .../connect/token/ConnectTokenEnhancer.java | 16 ++- .../token/TofuUserApprovalHandler.java | 7 +- .../openid/connect/web/ApprovedSiteAPI.java | 18 +++ .../openid/connect/web/BlacklistAPI.java | 8 +- .../mitre/openid/connect/web/ClientAPI.java | 8 +- .../openid/connect/web/WhitelistAPI.java | 8 +- .../db/tables/hsql_database_tables.sql | 3 +- spring-security-oauth | 2 +- 14 files changed, 273 insertions(+), 36 deletions(-) diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java index 822d72112..6bf6111ef 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java @@ -43,13 +43,12 @@ import javax.persistence.Table; import javax.persistence.Temporal; import javax.persistence.Transient; +import org.mitre.openid.connect.model.ApprovedSite; import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.common.OAuth2RefreshToken; import com.nimbusds.jwt.JWT; -import com.nimbusds.jwt.JWTClaimsSet; import com.nimbusds.jwt.JWTParser; -import com.nimbusds.jwt.PlainJWT; /** * @author jricher @@ -92,6 +91,8 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken { private Set scope; + private ApprovedSite approvedSite; //Back-reference for one-to-many relationship + /** * Create a new, blank access token */ @@ -284,4 +285,20 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken { // TODO Auto-generated method stub return 0; } + + /** + * @return the approvedSite + */ + @ManyToOne(fetch=FetchType.EAGER) + @JoinColumn(name="approved_site_id", referencedColumnName="id") + public ApprovedSite getApprovedSite() { + return approvedSite; + } + + /** + * @param approvedSite the approvedSite to set + */ + public void setApprovedSite(ApprovedSite approvedSite) { + this.approvedSite = approvedSite; + } } diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java index cbf19b2c9..245ded4df 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/ApprovedSite.java @@ -15,10 +15,12 @@ ******************************************************************************/ package org.mitre.openid.connect.model; +import java.io.Serializable; import java.util.Date; import java.util.Set; import javax.persistence.Basic; +import javax.persistence.CascadeType; import javax.persistence.CollectionTable; import javax.persistence.Column; import javax.persistence.ElementCollection; @@ -31,10 +33,15 @@ import javax.persistence.JoinColumn; import javax.persistence.ManyToOne; import javax.persistence.NamedQueries; import javax.persistence.NamedQuery; +import javax.persistence.OneToMany; import javax.persistence.Table; import javax.persistence.Temporal; import javax.persistence.Transient; +import org.mitre.oauth2.model.OAuth2AccessTokenEntity; + +import com.google.common.collect.Sets; + @Entity @Table(name="approved_site") @NamedQueries({ @@ -43,9 +50,11 @@ import javax.persistence.Transient; @NamedQuery(name = "ApprovedSite.getByClientId", query = "select a from ApprovedSite a where a.clientId = :clientId"), @NamedQuery(name = "ApprovedSite.getByClientIdAndUserId", query = "select a from ApprovedSite a where a.clientId = :clientId and a.userId = :userId") }) -public class ApprovedSite { +public class ApprovedSite implements Serializable { - // unique id + private static final long serialVersionUID = 1L; + + // unique id private Long id; // which user made the approval @@ -70,7 +79,8 @@ public class ApprovedSite { // If this AP is a WS, link to the WS private WhitelistedSite whitelistedSite; - // TODO: should we store the OAuth2 tokens and IdTokens here? + //Link to any access tokens approved through this stored decision + private Set approvedAccessTokens = Sets.newHashSet(); /** * Empty constructor @@ -235,5 +245,123 @@ public class ApprovedSite { return false; } } + + /** + * @return the approvedAccessTokens + */ + @OneToMany(cascade=CascadeType.ALL, fetch=FetchType.EAGER, mappedBy="approvedSite") + public Set getApprovedAccessTokens() { + return approvedAccessTokens; + } + + /** + * @param approvedAccessTokens the approvedAccessTokens to set + */ + public void setApprovedAccessTokens(Set approvedAccessTokens) { + this.approvedAccessTokens = approvedAccessTokens; + } + + public void addApprovedAccessToken(OAuth2AccessTokenEntity token) { + this.getApprovedAccessTokens(); + this.approvedAccessTokens.add(token); + } + + /* (non-Javadoc) + * @see java.lang.Object#hashCode() + */ + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + + ((accessDate == null) ? 0 : accessDate.hashCode()); + result = prime * result + + ((allowedScopes == null) ? 0 : allowedScopes.hashCode()); + result = prime * result + + ((clientId == null) ? 0 : clientId.hashCode()); + result = prime * result + + ((creationDate == null) ? 0 : creationDate.hashCode()); + result = prime * result + ((id == null) ? 0 : id.hashCode()); + result = prime * result + + ((timeoutDate == null) ? 0 : timeoutDate.hashCode()); + result = prime * result + ((userId == null) ? 0 : userId.hashCode()); + result = prime * result + + ((whitelistedSite == null) ? 0 : whitelistedSite.hashCode()); + return result; + } + + /* (non-Javadoc) + * @see java.lang.Object#equals(java.lang.Object) + */ + @Override + public boolean equals(Object obj) { + if (this == obj) { + return true; + } + if (obj == null) { + return false; + } + if (!(obj instanceof ApprovedSite)) { + return false; + } + ApprovedSite other = (ApprovedSite) obj; + if (accessDate == null) { + if (other.accessDate != null) { + return false; + } + } else if (!accessDate.equals(other.accessDate)) { + return false; + } + if (allowedScopes == null) { + if (other.allowedScopes != null) { + return false; + } + } else if (!allowedScopes.equals(other.allowedScopes)) { + return false; + } + if (clientId == null) { + if (other.clientId != null) { + return false; + } + } else if (!clientId.equals(other.clientId)) { + return false; + } + if (creationDate == null) { + if (other.creationDate != null) { + return false; + } + } else if (!creationDate.equals(other.creationDate)) { + return false; + } + if (id == null) { + if (other.id != null) { + return false; + } + } else if (!id.equals(other.id)) { + return false; + } + if (timeoutDate == null) { + if (other.timeoutDate != null) { + return false; + } + } else if (!timeoutDate.equals(other.timeoutDate)) { + return false; + } + if (userId == null) { + if (other.userId != null) { + return false; + } + } else if (!userId.equals(other.userId)) { + return false; + } + if (whitelistedSite == null) { + if (other.whitelistedSite != null) { + return false; + } + } else if (!whitelistedSite.equals(other.whitelistedSite)) { + return false; + } + return true; + } } diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/WhitelistedSite.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/WhitelistedSite.java index 50dd016d7..a007dd102 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/model/WhitelistedSite.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/model/WhitelistedSite.java @@ -15,6 +15,7 @@ ******************************************************************************/ package org.mitre.openid.connect.model; +import java.io.Serializable; import java.util.Set; import javax.persistence.Basic; @@ -44,9 +45,11 @@ import javax.persistence.Table; @NamedQuery(name = "WhitelistedSite.getByClientId", query = "select w from WhitelistedSite w where w.clientId = :clientId"), @NamedQuery(name = "WhitelistedSite.getByCreatoruserId", query = "select w from WhitelistedSite w where w.creatorUserId = :userId") }) -public class WhitelistedSite { +public class WhitelistedSite implements Serializable { - // unique id + private static final long serialVersionUID = 1L; + + // unique id private Long id; // Reference to the admin user who created this entry @@ -127,4 +130,67 @@ public class WhitelistedSite { public void setCreatorUserId(String creatorUserId) { this.creatorUserId = creatorUserId; } + + /* (non-Javadoc) + * @see java.lang.Object#hashCode() + */ + @Override + public int hashCode() { + final int prime = 31; + int result = 1; + result = prime * result + + ((allowedScopes == null) ? 0 : allowedScopes.hashCode()); + result = prime * result + + ((clientId == null) ? 0 : clientId.hashCode()); + result = prime * result + + ((creatorUserId == null) ? 0 : creatorUserId.hashCode()); + result = prime * result + ((id == null) ? 0 : id.hashCode()); + return result; + } + + /* (non-Javadoc) + * @see java.lang.Object#equals(java.lang.Object) + */ + @Override + public boolean equals(Object obj) { + if (this == obj) { + return true; + } + if (obj == null) { + return false; + } + if (!(obj instanceof WhitelistedSite)) { + return false; + } + WhitelistedSite other = (WhitelistedSite) obj; + if (allowedScopes == null) { + if (other.allowedScopes != null) { + return false; + } + } else if (!allowedScopes.equals(other.allowedScopes)) { + return false; + } + if (clientId == null) { + if (other.clientId != null) { + return false; + } + } else if (!clientId.equals(other.clientId)) { + return false; + } + if (creatorUserId == null) { + if (other.creatorUserId != null) { + return false; + } + } else if (!creatorUserId.equals(other.creatorUserId)) { + return false; + } + if (id == null) { + if (other.id != null) { + return false; + } + } else if (!id.equals(other.id)) { + return false; + } + return true; + } } diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java index 6dfb448ac..57f38db77 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java @@ -18,16 +18,12 @@ */ package org.mitre.oauth2.service.impl; -import java.util.Collection; import java.util.Date; import java.util.HashSet; import java.util.List; import java.util.Set; import java.util.UUID; -import org.joda.time.DateTime; -import org.joda.time.Period; -import org.mitre.oauth2.exception.NonceReuseException; import org.mitre.oauth2.model.AuthenticationHolderEntity; import org.mitre.oauth2.model.ClientDetailsEntity; import org.mitre.oauth2.model.OAuth2AccessTokenEntity; @@ -36,8 +32,6 @@ import org.mitre.oauth2.repository.AuthenticationHolderRepository; import org.mitre.oauth2.repository.OAuth2TokenRepository; import org.mitre.oauth2.service.ClientDetailsEntityService; import org.mitre.oauth2.service.OAuth2TokenEntityService; -import org.mitre.openid.connect.model.Nonce; -import org.mitre.openid.connect.service.NonceService; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java index 8693e6569..cee14e312 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java @@ -64,7 +64,7 @@ public class IntrospectionEndpoint { Map model = new HashMap(); model.put("entity", e); - logger.error("InvalidTokenException: " + ex.getStackTrace().toString()); + logger.error("InvalidTokenException: ", ex); model.put("code", HttpStatus.BAD_REQUEST); @@ -106,7 +106,7 @@ public class IntrospectionEndpoint { try { token = tokenServices.readAccessToken(tokenValue); } catch (AuthenticationException e) { - logger.error("Verify failed; AuthenticationException: " + e.getStackTrace().toString()); + logger.error("Verify failed; AuthenticationException: ", e); modelAndView.addObject("code", HttpStatus.FORBIDDEN); modelAndView.setViewName("httpCodeView"); return modelAndView; diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java index bfffc158a..5d11d5465 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java @@ -77,12 +77,12 @@ public class OAuthConfirmationController { client = clientService.loadClientByClientId(clientAuth.getClientId()); } catch (OAuth2Exception e) { logger.error("confirmAccess: OAuth2Exception was thrown when attempting to load client: " - + e.getStackTrace().toString()); + , e); model.put("code", HttpStatus.BAD_REQUEST); return new ModelAndView("httpCodeView"); } catch (IllegalArgumentException e) { logger.error("confirmAccess: IllegalArgumentException was thrown when attempting to load client: " - + e.getStackTrace().toString()); + , e); model.put("code", HttpStatus.BAD_REQUEST); return new ModelAndView("httpCodeView"); } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java index a56ae20f6..586d4e721 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/token/ConnectTokenEnhancer.java @@ -24,10 +24,12 @@ import org.mitre.oauth2.model.ClientDetailsEntity; import org.mitre.oauth2.model.OAuth2AccessTokenEntity; import org.mitre.oauth2.service.ClientDetailsEntityService; import org.mitre.openid.connect.config.ConfigurationPropertiesBean; +import org.mitre.openid.connect.model.ApprovedSite; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.oauth2.common.OAuth2AccessToken; +import org.springframework.security.oauth2.provider.AuthorizationRequest; import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.security.oauth2.provider.token.TokenEnhancer; import org.springframework.stereotype.Service; @@ -57,8 +59,16 @@ public class ConnectTokenEnhancer implements TokenEnhancer { public OAuth2AccessToken enhance(OAuth2AccessToken accessToken, OAuth2Authentication authentication) { OAuth2AccessTokenEntity token = (OAuth2AccessTokenEntity) accessToken; + AuthorizationRequest originalAuthRequest = authentication.getAuthorizationRequest(); - String clientId = authentication.getAuthorizationRequest().getClientId(); + if (originalAuthRequest.getExtensionProperties().containsKey("approved_site")) { + //Add the token to the approved site reference, if there is one + ApprovedSite ap = (ApprovedSite)originalAuthRequest.getExtensionProperties().get("approved_site"); + //ap.addApprovedAccessToken(token); + token.setApprovedSite(ap); + } + + String clientId = originalAuthRequest.getClientId(); ClientDetailsEntity client = clientService.loadClientByClientId(clientId); JWTClaimsSet claims = new JWTClaimsSet(); @@ -87,7 +97,7 @@ public class ConnectTokenEnhancer implements TokenEnhancer { * has the proper scope, we can consider this a valid OpenID Connect request. Otherwise, * we consider it to be a vanilla OAuth2 request. */ - if (authentication.getAuthorizationRequest().getScope().contains("openid")) { + if (originalAuthRequest.getScope().contains("openid")) { // TODO: maybe id tokens need a service layer @@ -114,7 +124,7 @@ public class ConnectTokenEnhancer implements TokenEnhancer { idClaims.setAudience(Lists.newArrayList(clientId)); - String nonce = authentication.getAuthorizationRequest().getAuthorizationParameters().get("nonce"); + String nonce = originalAuthRequest.getAuthorizationParameters().get("nonce"); if (!Strings.isNullOrEmpty(nonce)) { idClaims.setCustomClaim("nonce", nonce); } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java index 6eabfab76..ddbb3539d 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/token/TofuUserApprovalHandler.java @@ -117,6 +117,7 @@ public class TofuUserApprovalHandler implements UserApprovalHandler { ap.setAccessDate(new Date()); approvedSiteService.save(ap); + authorizationRequest.getExtensionProperties().put("approved_site", ap); authorizationRequest.setApproved(true); alreadyApproved = true; } @@ -128,7 +129,8 @@ public class TofuUserApprovalHandler implements UserApprovalHandler { if (ws != null && scopesMatch(authorizationRequest.getScope(), ws.getAllowedScopes())) { //Create an approved site - approvedSiteService.createApprovedSite(clientId, userId, null, ws.getAllowedScopes(), ws); + ApprovedSite newSite = approvedSiteService.createApprovedSite(clientId, userId, null, ws.getAllowedScopes(), ws); + authorizationRequest.getExtensionProperties().put("approved_site", newSite); authorizationRequest.setApproved(true); } } @@ -189,7 +191,8 @@ public class TofuUserApprovalHandler implements UserApprovalHandler { timeout = cal.getTime(); } - approvedSiteService.createApprovedSite(clientId, userId, timeout, allowedScopes, null); + ApprovedSite newSite = approvedSiteService.createApprovedSite(clientId, userId, timeout, allowedScopes, null); + authorizationRequest.getExtensionProperties().put("approved_site", newSite); } } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java index 8c3ff9c01..5c3907165 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java @@ -5,7 +5,10 @@ package org.mitre.openid.connect.web; import java.security.Principal; import java.util.Collection; +import java.util.Set; +import org.mitre.oauth2.model.OAuth2AccessTokenEntity; +import org.mitre.oauth2.service.OAuth2TokenEntityService; import org.mitre.openid.connect.model.ApprovedSite; import org.mitre.openid.connect.service.ApprovedSiteService; import org.slf4j.Logger; @@ -31,6 +34,9 @@ public class ApprovedSiteAPI { @Autowired private ApprovedSiteService approvedSiteService; + @Autowired + OAuth2TokenEntityService tokenServices; + private static Logger logger = LoggerFactory.getLogger(ApprovedSiteAPI.class); /** @@ -69,7 +75,19 @@ public class ApprovedSiteAPI { return "jsonErrorView"; } else { m.put("code", HttpStatus.OK); + + Set accessTokens = approvedSite.getApprovedAccessTokens(); + + for (OAuth2AccessTokenEntity token : accessTokens) { + if (token.getRefreshToken() != null) { + //TODO: how should refresh tokens be handled if you delete an approved site? + //tokenServices.revokeRefreshToken(token.getRefreshToken()); + } + tokenServices.revokeAccessToken(token); + } + approvedSiteService.remove(approvedSite); + } return "httpCodeView"; diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java index 85683c013..f535c6e14 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java @@ -80,12 +80,12 @@ public class BlacklistAPI { } catch (JsonSyntaxException e) { - logger.error("addNewBlacklistedSite failed due to JsonSyntaxException: " + e.getStackTrace().toString()); + logger.error("addNewBlacklistedSite failed due to JsonSyntaxException: " , e); m.put("code", HttpStatus.BAD_REQUEST); m.put("errorMessage", "Could not save new blacklisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); return "jsonErrorView"; } catch (IllegalStateException e) { - logger.error("addNewBlacklistedSite failed due to IllegalStateException: " + e.getStackTrace().toString()); + logger.error("addNewBlacklistedSite failed due to IllegalStateException: " , e); m.put("code", HttpStatus.BAD_REQUEST); m.put("errorMessage", "Could not save new blacklisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); return "jsonErrorView"; @@ -112,12 +112,12 @@ public class BlacklistAPI { } catch (JsonSyntaxException e) { - logger.error("updateBlacklistedSite failed due to JsonSyntaxException: " + e.getStackTrace().toString()); + logger.error("updateBlacklistedSite failed due to JsonSyntaxException: " , e); m.put("code", HttpStatus.BAD_REQUEST); m.put("errorMessage", "Could not update blacklisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); return "jsonErrorView"; } catch (IllegalStateException e) { - logger.error("updateBlacklistedSite failed due to IllegalStateException: " + e.getStackTrace().toString()); + logger.error("updateBlacklistedSite failed due to IllegalStateException: " , e); m.put("code", HttpStatus.BAD_REQUEST); m.put("errorMessage", "Could not update blacklisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); return "jsonErrorView"; diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java index 432af2ac6..09b73e789 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java @@ -136,12 +136,12 @@ public class ClientAPI { client = gson.fromJson(json, ClientDetailsEntity.class); } catch (JsonSyntaxException e) { - logger.error("apiAddClient failed due to JsonSyntaxException: " + e.getStackTrace().toString()); + logger.error("apiAddClient failed due to JsonSyntaxException: " , e); m.addAttribute("code", HttpStatus.BAD_REQUEST); m.addAttribute("errorMessage", "Could not save new client. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); return "jsonErrorView"; } catch (IllegalStateException e) { - logger.error("apiAddClient failed due to IllegalStateException: " + e.getStackTrace().toString()); + logger.error("apiAddClient failed due to IllegalStateException: " , e); m.addAttribute("code", HttpStatus.BAD_REQUEST); m.addAttribute("errorMessage", "Could not save new client. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); return "jsonErrorView"; @@ -193,12 +193,12 @@ public class ClientAPI { client = gson.fromJson(json, ClientDetailsEntity.class); } catch (JsonSyntaxException e) { - logger.error("apiUpdateClient failed due to JsonSyntaxException: " + e.getStackTrace().toString()); + logger.error("apiUpdateClient failed due to JsonSyntaxException: " , e); m.addAttribute("code", HttpStatus.BAD_REQUEST); m.addAttribute("errorMessage", "Could not update client. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); return "jsonErrorView"; } catch (IllegalStateException e) { - logger.error("apiUpdateClient failed due to IllegalStateException: " + e.getStackTrace().toString()); + logger.error("apiUpdateClient failed due to IllegalStateException: " , e); m.addAttribute("code", HttpStatus.BAD_REQUEST); m.addAttribute("errorMessage", "Could not update client. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); return "jsonErrorView"; diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java index f28bf8040..43a8ed21d 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java @@ -76,12 +76,12 @@ public class WhitelistAPI { whitelist = gson.fromJson(json, WhitelistedSite.class); } catch (JsonParseException e) { - logger.error("addNewWhitelistedSite failed due to JsonParseException: " + e.getStackTrace().toString()); + logger.error("addNewWhitelistedSite failed due to JsonParseException: " , e); m.addAttribute("code", HttpStatus.BAD_REQUEST); m.addAttribute("errorMessage", "Could not save new whitelisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); return "jsonErrorView"; } catch (IllegalStateException e) { - logger.error("addNewWhitelistedSite failed due to IllegalStateException: " + e.getStackTrace().toString()); + logger.error("addNewWhitelistedSite failed due to IllegalStateException: " , e); m.addAttribute("code", HttpStatus.BAD_REQUEST); m.addAttribute("errorMessage", "Could not save new whitelisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); return "jsonErrorView"; @@ -113,12 +113,12 @@ public class WhitelistAPI { whitelist = gson.fromJson(json, WhitelistedSite.class); } catch (JsonParseException e) { - logger.error("updateWhitelistedSite failed due to JsonParseException: " + e.getStackTrace().toString()); + logger.error("updateWhitelistedSite failed due to JsonParseException: " , e); m.put("code", HttpStatus.BAD_REQUEST); m.put("errorMessage", "Could not update whitelisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); return "jsonErrorView"; } catch (IllegalStateException e) { - logger.error("updateWhitelistedSite failed due to IllegalStateException: " + e.getStackTrace().toString()); + logger.error("updateWhitelistedSite failed due to IllegalStateException: " , e); m.put("code", HttpStatus.BAD_REQUEST); m.put("errorMessage", "Could not update whitelisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); return "jsonErrorView"; diff --git a/openid-connect-server/src/main/resources/db/tables/hsql_database_tables.sql b/openid-connect-server/src/main/resources/db/tables/hsql_database_tables.sql index 17ac3e443..b1230acc6 100644 --- a/openid-connect-server/src/main/resources/db/tables/hsql_database_tables.sql +++ b/openid-connect-server/src/main/resources/db/tables/hsql_database_tables.sql @@ -10,7 +10,8 @@ CREATE TABLE IF NOT EXISTS access_token ( refresh_token_id BIGINT, client_id VARCHAR(256), auth_holder_id BIGINT, - id_token_id BIGINT + id_token_id BIGINT, + approved_site_id BIGINT ); CREATE TABLE IF NOT EXISTS address ( diff --git a/spring-security-oauth b/spring-security-oauth index 570f83ff8..24b8229e5 160000 --- a/spring-security-oauth +++ b/spring-security-oauth @@ -1 +1 @@ -Subproject commit 570f83ff8a9d27022cb0f2a17f72a26f019120bb +Subproject commit 24b8229e5cc34504d5854ec41e3c4b7248981dc2