github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge remote branch 'origin/master'

pull/165/merge
Michael Jett 2012-08-10 16:12:54 -04:00
parent 3f9e2cfa52 47ff885032
commit ae5e1ca859
6 changed files with 66 additions and 91 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
openid-connect-common/src/main/java/org/mitre/oauth2/model/AuthenticationHolder.java
View File

@ -1,6 +1,7 @@
package org.mitre.oauth2.model; package org.mitre.oauth2.model;
import javax.persistence.Basic; import javax.persistence.Basic;
import javax.persistence.Column;
import javax.persistence.Entity; import javax.persistence.Entity;
import javax.persistence.FetchType; import javax.persistence.FetchType;
import javax.persistence.GeneratedValue; import javax.persistence.GeneratedValue;
@ -22,7 +23,7 @@ public class AuthenticationHolder {
private Long id; private Long id;
private Long owner_id; private Long ownerId;
private OAuth2Authentication authentication; private OAuth2Authentication authentication;
@ -41,12 +42,13 @@ public class AuthenticationHolder {
} }
@Basic @Basic
public Long getOwner_id() { @Column(name="owner_id")
return owner_id; public Long getOwnerId() {
return ownerId;
} }
public void setOwner_id(Long owner_id) { public void setOwnerId(Long owner_id) {
this.owner_id = owner_id; this.ownerId = owner_id;
} }
@Lob @Lob

34
openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
View File

@ -28,6 +28,8 @@ import javax.persistence.CollectionTable;
import javax.persistence.Column; import javax.persistence.Column;
import javax.persistence.ElementCollection; import javax.persistence.ElementCollection;
import javax.persistence.Entity; import javax.persistence.Entity;
import javax.persistence.EnumType;
import javax.persistence.Enumerated;
import javax.persistence.FetchType; import javax.persistence.FetchType;
import javax.persistence.GeneratedValue; import javax.persistence.GeneratedValue;
import javax.persistence.GenerationType; import javax.persistence.GenerationType;
@ -55,15 +57,17 @@ import org.springframework.security.oauth2.provider.ClientDetails;
}) })
public class ClientDetailsEntity implements ClientDetails { public class ClientDetailsEntity implements ClientDetails {
private static final long serialVersionUID = -1617727085733786296L;
private Long id; private Long id;
/** Our own fields **/ /** Our own fields **/
private String clientDescription = "";//this is ours private String clientDescription = ""; // human-readable description
private Boolean allowRefresh = false; // do we allow refresh tokens for this client? private Boolean allowRefresh = false; // do we allow refresh tokens for this client?
private Boolean allowMultipleAccessTokens = false; // do we allow multiple access tokens, or not? private Boolean allowMultipleAccessTokens = false; // do we allow multiple access tokens, or not?
private Boolean reuseRefreshToken = false; // do we let someone reuse a refresh token? private Boolean reuseRefreshToken = false; // do we let someone reuse a refresh token?
private Integer idTokenValiditySeconds = 0; //timeout for id tokens private Boolean dynamicallyRegistered = false; // was this client dynamically registered?
private Boolean dynamicallyRegistered = false; private Integer idTokenValiditySeconds; //timeout for id tokens
/** Fields from ClientDetails interface **/ /** Fields from ClientDetails interface **/
private String clientId = ""; private String clientId = "";
@ -447,7 +451,7 @@ public class ClientDetailsEntity implements ClientDetails {
*/ */
@ElementCollection(fetch = FetchType.EAGER) @ElementCollection(fetch = FetchType.EAGER)
@CollectionTable( @CollectionTable(
name="scope", name="client_scope",
joinColumns=@JoinColumn(name="owner_id") joinColumns=@JoinColumn(name="owner_id")
) )
@Override @Override
@ -588,7 +592,7 @@ public class ClientDetailsEntity implements ClientDetails {
@Basic @Enumerated(EnumType.STRING)
@Column(name="application_type") @Column(name="application_type")
public AppType getApplicationType() { public AppType getApplicationType() {
return applicationType; return applicationType;
@ -608,7 +612,7 @@ public class ClientDetailsEntity implements ClientDetails {
this.applicationName = applicationName; this.applicationName = applicationName;
} }
@Basic @Enumerated(EnumType.STRING)
@Column(name="token_endpoint_auth_type") @Column(name="token_endpoint_auth_type")
public AuthType getTokenEndpointAuthType() { public AuthType getTokenEndpointAuthType() {
return tokenEndpointAuthType; return tokenEndpointAuthType;
@ -712,7 +716,7 @@ public class ClientDetailsEntity implements ClientDetails {
this.sectorIdentifierUrl = sectorIdentifierUrl; this.sectorIdentifierUrl = sectorIdentifierUrl;
} }
@Basic @Enumerated(EnumType.STRING)
@Column(name="requre_signed_request_object") @Column(name="requre_signed_request_object")
public JwsAlgorithm getRequireSignedRequestObject() { public JwsAlgorithm getRequireSignedRequestObject() {
return requireSignedRequestObject; return requireSignedRequestObject;
@ -723,7 +727,7 @@ public class ClientDetailsEntity implements ClientDetails {
this.requireSignedRequestObject = requireSignedRequestObject; this.requireSignedRequestObject = requireSignedRequestObject;
} }
@Basic @Enumerated(EnumType.STRING)
@Column(name="user_info_signed_response_alg") @Column(name="user_info_signed_response_alg")
public JwsAlgorithm getUserInfoSignedResponseAlg() { public JwsAlgorithm getUserInfoSignedResponseAlg() {
return userInfoSignedResponseAlg; return userInfoSignedResponseAlg;
@ -733,7 +737,7 @@ public class ClientDetailsEntity implements ClientDetails {
this.userInfoSignedResponseAlg = userInfoSignedResponseAlg; this.userInfoSignedResponseAlg = userInfoSignedResponseAlg;
} }
@Basic @Enumerated(EnumType.STRING)
@Column(name="user_info_encrypted_response_alg") @Column(name="user_info_encrypted_response_alg")
public JweAlgorithms getUserInfoEncryptedResponseAlg() { public JweAlgorithms getUserInfoEncryptedResponseAlg() {
return userInfoEncryptedResponseAlg; return userInfoEncryptedResponseAlg;
@ -744,7 +748,7 @@ public class ClientDetailsEntity implements ClientDetails {
this.userInfoEncryptedResponseAlg = userInfoEncryptedResponseAlg; this.userInfoEncryptedResponseAlg = userInfoEncryptedResponseAlg;
} }
@Basic @Enumerated(EnumType.STRING)
@Column(name="user_info_encrypted_response_enc") @Column(name="user_info_encrypted_response_enc")
public JweAlgorithms getUserInfoEncryptedResponseEnc() { public JweAlgorithms getUserInfoEncryptedResponseEnc() {
return userInfoEncryptedResponseEnc; return userInfoEncryptedResponseEnc;
@ -755,7 +759,7 @@ public class ClientDetailsEntity implements ClientDetails {
this.userInfoEncryptedResponseEnc = userInfoEncryptedResponseEnc; this.userInfoEncryptedResponseEnc = userInfoEncryptedResponseEnc;
} }
@Basic @Enumerated(EnumType.STRING)
@Column(name="user_info_encrypted_response_int") @Column(name="user_info_encrypted_response_int")
public JweAlgorithms getUserInfoEncryptedResponseInt() { public JweAlgorithms getUserInfoEncryptedResponseInt() {
return userInfoEncryptedResponseInt; return userInfoEncryptedResponseInt;
@ -766,7 +770,7 @@ public class ClientDetailsEntity implements ClientDetails {
this.userInfoEncryptedResponseInt = userInfoEncryptedResponseInt; this.userInfoEncryptedResponseInt = userInfoEncryptedResponseInt;
} }
@Basic @Enumerated(EnumType.STRING)
@Column(name="id_token_signed_response_alg") @Column(name="id_token_signed_response_alg")
public JwsAlgorithm getIdTokenSignedResponseAlg() { public JwsAlgorithm getIdTokenSignedResponseAlg() {
return idTokenSignedResponseAlg; return idTokenSignedResponseAlg;
@ -776,7 +780,7 @@ public class ClientDetailsEntity implements ClientDetails {
this.idTokenSignedResponseAlg = idTokenSignedResponseAlg; this.idTokenSignedResponseAlg = idTokenSignedResponseAlg;
} }
@Basic @Enumerated(EnumType.STRING)
@Column(name="id_token_encrypted_response_alg") @Column(name="id_token_encrypted_response_alg")
public JweAlgorithms getIdTokenEncryptedResponseAlg() { public JweAlgorithms getIdTokenEncryptedResponseAlg() {
return idTokenEncryptedResponseAlg; return idTokenEncryptedResponseAlg;
@ -787,7 +791,7 @@ public class ClientDetailsEntity implements ClientDetails {
this.idTokenEncryptedResponseAlg = idTokenEncryptedResponseAlg; this.idTokenEncryptedResponseAlg = idTokenEncryptedResponseAlg;
} }
@Basic @Enumerated(EnumType.STRING)
@Column(name="id_token_encrypted_response_enc") @Column(name="id_token_encrypted_response_enc")
public JweAlgorithms getIdTokenEncryptedReponseEnc() { public JweAlgorithms getIdTokenEncryptedReponseEnc() {
return idTokenEncryptedReponseEnc; return idTokenEncryptedReponseEnc;
@ -798,7 +802,7 @@ public class ClientDetailsEntity implements ClientDetails {
this.idTokenEncryptedReponseEnc = idTokenEncryptedReponseEnc; this.idTokenEncryptedReponseEnc = idTokenEncryptedReponseEnc;
} }
@Basic @Enumerated(EnumType.STRING)
@Column(name="id_token_encrypted_response_int") @Column(name="id_token_encrypted_response_int")
public JweAlgorithms getIdTokenEncryptedResponseInt() { public JweAlgorithms getIdTokenEncryptedResponseInt() {
return idTokenEncryptedResponseInt; return idTokenEncryptedResponseInt;

10
openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
View File

@ -73,9 +73,6 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
private Jwt jwtValue; // JWT-encoded access token value private Jwt jwtValue; // JWT-encoded access token value
//TODO should not need this
private String value;
private IdToken idToken; // JWT-encoded OpenID Connect IdToken private IdToken idToken; // JWT-encoded OpenID Connect IdToken
private Date expiration; private Date expiration;
@ -158,8 +155,7 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
@Basic @Basic
@Column(name="token_value") @Column(name="token_value")
public String getValue() { public String getValue() {
this.value = jwtValue.toString(); return jwtValue.toString();
return value;
} }
/** /**
@ -169,7 +165,6 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
* @throws IllegalArgumentException if "value" is not a properly formatted JWT string * @throws IllegalArgumentException if "value" is not a properly formatted JWT string
*/ */
public void setValue(String value) { public void setValue(String value) {
this.value = value;
setJwt(Jwt.parse(value)); setJwt(Jwt.parse(value));
} }
@ -215,7 +210,7 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
@ElementCollection(fetch=FetchType.EAGER) @ElementCollection(fetch=FetchType.EAGER)
@CollectionTable( @CollectionTable(
joinColumns=@JoinColumn(name="owner_id"), joinColumns=@JoinColumn(name="owner_id"),
name="scope" name="token_scope"
) )
public Set<String> getScope() { public Set<String> getScope() {
return scope; return scope;
@ -281,7 +276,6 @@ public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
*/ */
public void setJwt(Jwt jwt) { public void setJwt(Jwt jwt) {
this.jwtValue = jwt; this.jwtValue = jwt;
this.value = jwt.toString();
} }
@Override @Override

31
openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java
View File

@ -64,14 +64,9 @@ public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
//JWT-encoded representation of this access token entity //JWT-encoded representation of this access token entity
private Jwt jwt; private Jwt jwt;
//TOOD: shouldn't need this
private String value;
// our refresh tokens might expire // our refresh tokens might expire
private Date expiration; private Date expiration;
private Set<String> scope; // we save the scope issued to the refresh token so that we can reissue a new access token
/** /**
* *
*/ */
@ -102,7 +97,7 @@ public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
* @return the authentication * @return the authentication
*/ */
@ManyToOne @ManyToOne
@JoinColumn(name = "owner_id") @JoinColumn(name = "auth_holder_id")
public AuthenticationHolder getAuthenticationHolder() { public AuthenticationHolder getAuthenticationHolder() {
return authenticationHolder; return authenticationHolder;
} }
@ -120,8 +115,7 @@ public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
@Basic @Basic
@Column(name="token_value") @Column(name="token_value")
public String getValue() { public String getValue() {
value = jwt.toString(); return jwt.toString();
return value;
} }
/** /**
@ -130,7 +124,6 @@ public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
* @throws IllegalArgumentException if the value is not a valid JWT string * @throws IllegalArgumentException if the value is not a valid JWT string
*/ */
public void setValue(String value) { public void setValue(String value) {
this.value = value;
setJwt(Jwt.parse(value)); setJwt(Jwt.parse(value));
} }
@ -173,25 +166,6 @@ public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
this.client = client; this.client = client;
} }
/**
* @return the scope
*/
@ElementCollection(fetch = FetchType.EAGER)
@CollectionTable(
joinColumns=@JoinColumn(name="owner_id"),
name="scope"
)
public Set<String> getScope() {
return scope;
}
/**
* @param scope the scope to set
*/
public void setScope(Set<String> scope) {
this.scope = scope;
}
/** /**
* Get the JWT object directly * Get the JWT object directly
* @return the jwt * @return the jwt
@ -206,7 +180,6 @@ public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
*/ */
public void setJwt(Jwt jwt) { public void setJwt(Jwt jwt) {
this.jwt = jwt; this.jwt = jwt;
this.value = jwt.toString();
} }
} }

54
openid-connect-server/db/tables/database_tables.sql
View File

@ -3,9 +3,9 @@ CREATE TABLE access_token (
token_value VARCHAR(4096), token_value VARCHAR(4096),
expiration TIMESTAMP, expiration TIMESTAMP,
token_type VARCHAR(256), token_type VARCHAR(256),
refresh_token_id VARCHAR(256), refresh_token_id BIGINT,
client_id VARCHAR(256), client_id VARCHAR(256),
auth_holder_id VARCHAR(256), auth_holder_id BIGINT,
id_token_string VARCHAR(4096) id_token_string VARCHAR(4096)
); );
@ -20,33 +20,33 @@ CREATE TABLE address (
); );
CREATE TABLE allowed_scope ( CREATE TABLE allowed_scope (
owner_id VARCHAR(256), owner_id BIGINT,
allowed_scope VARCHAR(256) allowed_scope VARCHAR(256)
); );
CREATE TABLE approved_site ( CREATE TABLE approved_site (
id BIGINT AUTO_INCREMENT PRIMARY KEY, id BIGINT AUTO_INCREMENT PRIMARY KEY,
user_id VARCHAR(256), user_id VARCHAR(4096),
client_id VARCHAR(256), client_id VARCHAR(4096),
creation_date DATE, creation_date TIMESTAMP,
access_date DATE, access_date TIMESTAMP,
timeout_date DATE, timeout_date TIMESTAMP,
whitelisted_site_id VARCHAR(256) whitelisted_site_id VARCHAR(256)
); );
CREATE TABLE authentication_holder ( CREATE TABLE authentication_holder (
id BIGINT AUTO_INCREMENT PRIMARY KEY, id BIGINT AUTO_INCREMENT PRIMARY KEY,
owner_id VARCHAR(256), owner_id BIGINT,
authentication LONGBLOB authentication LONGBLOB
); );
CREATE TABLE authority ( CREATE TABLE authority (
owner_id VARCHAR(4096), owner_id BIGINT,
authority LONGBLOB authority LONGBLOB
); );
CREATE TABLE authorized_grant_type ( CREATE TABLE authorized_grant_type (
owner_id VARCHAR(256), owner_id BIGINT,
authorized_grant_type VARCHAR(2000) authorized_grant_type VARCHAR(2000)
); );
@ -56,11 +56,11 @@ CREATE TABLE client_details (
allow_refresh TINYINT, allow_refresh TINYINT,
allow_multiple_access_tokens TINYINT, allow_multiple_access_tokens TINYINT,
reuse_refresh_tokens TINYINT, reuse_refresh_tokens TINYINT,
id_token_validity_seconds BIGINT,
dynamically_registered TINYINT, dynamically_registered TINYINT,
id_token_validity_seconds BIGINT,
client_id VARCHAR(256), client_id VARCHAR(256),
client_secret VARCHAR(2000), client_secret VARCHAR(2048),
access_token_validity_seconds BIGINT, access_token_validity_seconds BIGINT,
refresh_token_validity_seconds BIGINT, refresh_token_validity_seconds BIGINT,
@ -69,13 +69,13 @@ CREATE TABLE client_details (
token_endpoint_auth_type VARCHAR(256), token_endpoint_auth_type VARCHAR(256),
user_id_type VARCHAR(256), user_id_type VARCHAR(256),
logo_url VARCHAR(256), logo_url VARCHAR(2048),
policy_url VARCHAR(256), policy_url VARCHAR(2048),
jwk_url VARCHAR(256), jwk_url VARCHAR(2048),
jwk_encryption_url VARCHAR(256), jwk_encryption_url VARCHAR(2048),
x509_url VARCHAR(256), x509_url VARCHAR(2048),
x509_encryption_url VARCHAR(256), x509_encryption_url VARCHAR(2048),
sector_identifier_url VARCHAR(256), sector_identifier_url VARCHAR(2048),
requre_signed_request_object VARCHAR(256), requre_signed_request_object VARCHAR(256),
@ -95,7 +95,7 @@ CREATE TABLE client_details (
); );
CREATE TABLE contact ( CREATE TABLE contact (
owner_id VARCHAR(256), owner_id BIGINT,
contact VARCHAR(256) contact VARCHAR(256)
); );
@ -114,14 +114,15 @@ CREATE TABLE idtokenclaims (
); );
CREATE TABLE redirect_uri ( CREATE TABLE redirect_uri (
owner_id VARCHAR(256), owner_id BIGINT,
redirect_uri VARCHAR(2000) redirect_uri VARCHAR(2048)
); );
CREATE TABLE refresh_token ( CREATE TABLE refresh_token (
id BIGINT AUTO_INCREMENT PRIMARY KEY, id BIGINT AUTO_INCREMENT PRIMARY KEY,
token_value VARCHAR(4096), token_value VARCHAR(4096),
expiration TIMESTAMP, expiration TIMESTAMP,
auth_holder_id BIGINT,
client_id VARCHAR(256) client_id VARCHAR(256)
); );
@ -130,7 +131,12 @@ CREATE TABLE resource_id (
resource_id VARCHAR(256) resource_id VARCHAR(256)
); );
CREATE TABLE scope ( CREATE TABLE client_scope (
owner_id VARCHAR(4096),
scope VARCHAR(2048)
);
CREATE TABLE token_scope (
owner_id VARCHAR(4096), owner_id VARCHAR(4096),
scope VARCHAR(2048) scope VARCHAR(2048)
); );

14
openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java
View File

@ -112,12 +112,6 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
refreshToken.setExpiration(expiration); refreshToken.setExpiration(expiration);
} }
// save our scopes so that we can reuse them later for more auth tokens
// TODO: save the auth instead of the just the scope?
if (client.isScoped()) {
refreshToken.setScope(token.getScope());
}
//Add the authentication //Add the authentication
refreshToken.setAuthenticationHolder(authHolder); refreshToken.setAuthenticationHolder(authHolder);
@ -173,20 +167,22 @@ public class DefaultOAuth2ProviderTokenService implements OAuth2TokenEntityServi
OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity(); OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity();
// get the stored scopes from the authentication holder's authorization request; these are the scopes associated with the refresh token
Set<String> refreshScopes = refreshToken.getAuthenticationHolder().getAuthentication().getAuthorizationRequest().getScope();
if (scope != null && !scope.isEmpty()) { if (scope != null && !scope.isEmpty()) {
// ensure a proper subset of scopes // ensure a proper subset of scopes
if (refreshToken.getScope() != null && refreshToken.getScope().containsAll(scope)) { if (refreshScopes != null && refreshScopes.containsAll(scope)) {
// set the scope of the new access token if requested // set the scope of the new access token if requested
token.setScope(scope); token.setScope(scope);
} else { } else {
// up-scoping is not allowed // up-scoping is not allowed
// (TODO: should this throw InvalidScopeException? For now just pass through) // (TODO: should this throw InvalidScopeException? For now just pass through)
token.setScope(refreshToken.getScope()); token.setScope(refreshScopes);
} }
} else { } else {
// otherwise inherit the scope of the refresh token (if it's there -- this can return a null scope set) // otherwise inherit the scope of the refresh token (if it's there -- this can return a null scope set)
token.setScope(refreshToken.getScope()); token.setScope(refreshScopes);
} }
token.setClient(client); token.setClient(client);