mods to auth filter including config comments, http socket time out...

openid-connect-client/.classpath

@@ -1,10 +1,11 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<classpath>
-	<classpathentry kind="src" output="target/classes" path="src/main/java"/>
-	<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources"/>
-	<classpathentry kind="src" output="target/test-classes" path="src/test/java"/>
-	<classpathentry excluding="**" kind="src" output="target/test-classes" path="src/test/resources"/>
-	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.6"/>
-	<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER"/>
-	<classpathentry kind="output" path="target/classes"/>
-</classpath>
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+	<classpathentry kind="src" output="target/classes" path="src/main/java"/>
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.6"/>
+	<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
+		<attributes>
+			<attribute name="org.eclipse.jst.component.nondependency" value=""/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="output" path="target/classes"/>
+</classpath>

openid-connect-client/.project

@@ -1,23 +1,36 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<projectDescription>
-	<name>openid-connect-client</name>
-	<comment></comment>
-	<projects>
-	</projects>
-	<buildSpec>
-		<buildCommand>
-			<name>org.eclipse.jdt.core.javabuilder</name>
-			<arguments>
-			</arguments>
-		</buildCommand>
-		<buildCommand>
-			<name>org.eclipse.m2e.core.maven2Builder</name>
-			<arguments>
-			</arguments>
-		</buildCommand>
-	</buildSpec>
-	<natures>
-		<nature>org.eclipse.jdt.core.javanature</nature>
-		<nature>org.eclipse.m2e.core.maven2Nature</nature>
-	</natures>
-</projectDescription>
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>openid-connect-client</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>org.eclipse.wst.common.project.facet.core.builder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.jdt.core.javabuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.m2e.core.maven2Builder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.wst.validation.validationbuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
+		<nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
+		<nature>org.eclipse.jdt.core.javanature</nature>
+		<nature>org.eclipse.m2e.core.maven2Nature</nature>
+		<nature>org.eclipse.wst.common.project.facet.core.nature</nature>
+	</natures>
+</projectDescription>

openid-connect-client/.settings/org.eclipse.jdt.core.prefs

@@ -1,6 +1,8 @@
-#Fri Mar 16 16:16:56 EDT 2012
-eclipse.preferences.version=1
-org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.6
-org.eclipse.jdt.core.compiler.compliance=1.6
-org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
-org.eclipse.jdt.core.compiler.source=1.6
+eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
+org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.6
+org.eclipse.jdt.core.compiler.compliance=1.6
+org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
+org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
+org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
+org.eclipse.jdt.core.compiler.source=1.6

openid-connect-client/.settings/org.eclipse.wst.common.component

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project-modules id="moduleCoreId" project-version="1.5.0">
+    <wb-module deploy-name="openid-connect-client">
+        <wb-resource deploy-path="/" source-path="/src/main/java"/>
+    </wb-module>
+</project-modules>

openid-connect-client/.settings/org.eclipse.wst.common.project.facet.core.xml

@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<faceted-project>
+  <installed facet="java" version="1.6"/>
+  <installed facet="jst.utility" version="1.0"/>
+</faceted-project>

openid-connect-client/src/main/java/org/mitre/openid/connect/client/OpenIdConnectAuthenticationFilter.java

@@ -44,28 +44,42 @@ import com.google.gson.JsonParser;
 /**
  * The OpenID Connect Authentication Filter
  * 
- * See:  
- * 
- * http://static.springsource.org/spring-security/site/docs/3.0.x/reference/ns-config.html#ns-custom-filters
- * 
- * <http>
- *    <custom-filter position="FORM_LOGIN_FILTER" ref="openIdConnectAuthenticationFilter">
- * </http>
- * 
- * <beans:bean id="openIdConnectAuthenticationFilter" 
- * 			class="org.mitre.openid.connect.client.OpenIdConnectAuthenticationFilter">
- *   <property name="errorRedirectURI" value=""/>
- *   <property name="authorizationEndpointURI" 
- *   		value="http://server.example.com:8080/openid-connect-server/openidconnect/auth"/>
- *   <property name="tokenEndpointURI" 
- *   		value=http://server.example.com:8080/openid-connect-server/checkid""/>
- *   <property name="checkIDEndpointURI" 
- *   		value="http://server.example.comg:8080/openid-connect-server/checkid"/>
- *   <property name="clientId" 
- *   		value=""/>
- *   <property name="clientSecret" 
- *   		value=""/>
- * </bean>
+ * Configured like:  
+ *   
+ *	<security:http auto-config="false" use-expressions="true"
+ *		disable-url-rewriting="true" entry-point-ref="authenticationEntryPoint" pattern="/**">
+ *
+ *		<security:intercept-url pattern="/somepath/**"
+ *			access="denyAll" />
+ *
+ *		<security:custom-filter before="PRE_AUTH_FILTER "
+ *			ref="openIdConnectAuthenticationFilter" />
+ *
+ *		<security:intercept-url pattern="/**"
+ * 			access="hasAnyRole('ROLE_USER','ROLE_ADMIN')" />
+ *		<security:logout />
+ *	</security:http>
+ *
+ *	<bean id="authenticationEntryPoint"
+ *     	class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">		
+ * 		<property name="loginFormUrl" value="/openid_connect_login"/>
+ *	</bean>
+ *
+ *	<security:authentication-manager alias="authenticationManager" />
+ *	<bean id="openIdConnectAuthenticationFilter"
+ *		class="org.mitre.openid.connect.client.OpenIdConnectAuthenticationFilter">
+ *		
+ *		<property name="authenticationManager" ref="authenticationManager" />
+ *		<property name="errorRedirectURI" value="/login.jsp?authfail=openid" /> <!-- TODO: or would this be value="/login.jsp?authfail=openid_connect" -->
+ *		<property name="authorizationEndpointURI"
+ *			value="http://sever.example.com:8080/openid-connect-server/openidconnect/auth" />
+ *		<property name="tokenEndpointURI"
+ *			value="http://sever.example.com:8080/openid-connect-server/checkid" />
+ *		<property name="checkIDEndpointURI"
+ *			value="http://sever.example.com:8080/openid-connect-server/checkid" />
+ *		<property name="clientId" value="someClientId" />
+ *		<property name="clientSecret" value="someClientSecret" />
+ *	</bean>
  * 
  * @author nemonik
  * 
@@ -76,11 +90,12 @@ public class OpenIdConnectAuthenticationFilter extends
 	private static Log logger = LogFactory
 			.getLog(OpenIdConnectAuthenticationFilter.class);
 
+	private final static int HTTP_SOCKET_TIMEOUT = 30000;
 	private final static String SCOPE = "openid";
 	private final static int KEY_SIZE = 1024;
 	private final static String SIGNING_ALGORITHM = "SHA256withRSA";
 	private final static String NONCE_SIGNATURE_COOKIE_NAME = "nonce";
-	private final static String FILTER_PROCESSES_URL ="/j_spring_openid_connect_security_check";
+	private final static String FILTER_PROCESSES_URL ="/openid_connect_login";
 
 	/**
 	 * Return the URL w/ GET parameters
@@ -176,6 +191,8 @@ public class OpenIdConnectAuthenticationFilter extends
 	private String clientId;
 
 	private String scope;
+	
+	private int httpSocketTimeout = HTTP_SOCKET_TIMEOUT;
 
 	private PublicKey publicKey;
 
@@ -244,7 +261,11 @@ public class OpenIdConnectAuthenticationFilter extends
 		}
 
 		// prepend the spec necessary scope
-		setScope(SCOPE + scope);
+		if (scope != null && !scope.isEmpty() ) { 
+			setScope(SCOPE + scope);
+		} else { 
+			setScope(SCOPE);
+		}	
 	}
 
 	/*
@@ -294,6 +315,9 @@ public class OpenIdConnectAuthenticationFilter extends
 				// Handle Token Endpoint interaction
 
 				HttpClient httpClient = new DefaultHttpClient();
+				
+				httpClient.getParams().setParameter("http.socket.timeout", new Integer(httpSocketTimeout));
+				
 				UsernamePasswordCredentials credentials = new UsernamePasswordCredentials(
 						clientId, clientSecret);
 				((DefaultHttpClient) httpClient).getCredentialsProvider()
@@ -372,6 +396,9 @@ public class OpenIdConnectAuthenticationFilter extends
 					// Handle Check ID Endpoint interaction
 
 					httpClient = new DefaultHttpClient();
+					
+					httpClient.getParams().setParameter("http.socket.timeout", new Integer(httpSocketTimeout));
+					
 					factory = new HttpComponentsClientHttpRequestFactory(
 							httpClient);
 					restTemplate = new RestTemplate(factory);
@@ -569,3 +596,4 @@ public class OpenIdConnectAuthenticationFilter extends
 		this.tokenEndpointURI = tokenEndpointURI;
 	}
 }
+

openid-connect-common/.classpath

@@ -1,11 +1,11 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<classpath>
-	<classpathentry kind="src" output="target/classes" path="src/main/java"/>
-	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.6"/>
-	<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
-		<attributes>
-			<attribute name="org.eclipse.jst.component.nondependency" value=""/>
-		</attributes>
-	</classpathentry>
-	<classpathentry kind="output" path="target/classes"/>
-</classpath>
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+	<classpathentry kind="src" output="target/classes" path="src/main/java"/>
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.6"/>
+	<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
+		<attributes>
+			<attribute name="org.eclipse.jst.component.nondependency" value=""/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="output" path="target/classes"/>
+</classpath>

openid-connect-common/.project

@@ -1,36 +1,36 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<projectDescription>
-	<name>openid-connect-common</name>
-	<comment></comment>
-	<projects>
-	</projects>
-	<buildSpec>
-		<buildCommand>
-			<name>org.eclipse.wst.common.project.facet.core.builder</name>
-			<arguments>
-			</arguments>
-		</buildCommand>
-		<buildCommand>
-			<name>org.eclipse.jdt.core.javabuilder</name>
-			<arguments>
-			</arguments>
-		</buildCommand>
-		<buildCommand>
-			<name>org.eclipse.wst.validation.validationbuilder</name>
-			<arguments>
-			</arguments>
-		</buildCommand>
-		<buildCommand>
-			<name>org.eclipse.m2e.core.maven2Builder</name>
-			<arguments>
-			</arguments>
-		</buildCommand>
-	</buildSpec>
-	<natures>
-		<nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
-		<nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
-		<nature>org.eclipse.jdt.core.javanature</nature>
-		<nature>org.eclipse.m2e.core.maven2Nature</nature>
-		<nature>org.eclipse.wst.common.project.facet.core.nature</nature>
-	</natures>
-</projectDescription>
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>openid-connect-common</name>
+	<comment></comment>
+	<projects>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>org.eclipse.wst.common.project.facet.core.builder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.jdt.core.javabuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.wst.validation.validationbuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.m2e.core.maven2Builder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
+		<nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
+		<nature>org.eclipse.jdt.core.javanature</nature>
+		<nature>org.eclipse.m2e.core.maven2Nature</nature>
+		<nature>org.eclipse.wst.common.project.facet.core.nature</nature>
+	</natures>
+</projectDescription>

openid-connect-server/.classpath

@@ -1,14 +1,14 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<classpath>
-	<classpathentry kind="src" output="target/classes" path="src/main/java"/>
-	<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources"/>
-	<classpathentry kind="src" output="target/test-classes" path="src/test/java"/>
-	<classpathentry excluding="**" kind="src" output="target/test-classes" path="src/test/resources"/>
-	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.6"/>
-	<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
-		<attributes>
-			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
-		</attributes>
-	</classpathentry>
-	<classpathentry kind="output" path="target/classes"/>
-</classpath>
+<?xml version="1.0" encoding="UTF-8"?>
+<classpath>
+	<classpathentry kind="src" output="target/classes" path="src/main/java"/>
+	<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources"/>
+	<classpathentry kind="src" output="target/test-classes" path="src/test/java"/>
+	<classpathentry excluding="**" kind="src" output="target/test-classes" path="src/test/resources"/>
+	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.6"/>
+	<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
+		<attributes>
+			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+		</attributes>
+	</classpathentry>
+	<classpathentry kind="output" path="target/classes"/>
+</classpath>

openid-connect-server/.project

@@ -1,43 +1,43 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<projectDescription>
-	<name>openid</name>
-	<comment>Reference implementation of OpenID Connect spec (http://openid.net/connect/). NO_M2ECLIPSE_SUPPORT: Project files created with the maven-eclipse-plugin are not supported in M2Eclipse.</comment>
-	<projects>
-		<project>spring-security-oauth2</project>
-	</projects>
-	<buildSpec>
-		<buildCommand>
-			<name>org.eclipse.wst.jsdt.core.javascriptValidator</name>
-			<arguments>
-			</arguments>
-		</buildCommand>
-		<buildCommand>
-			<name>org.eclipse.wst.common.project.facet.core.builder</name>
-			<arguments>
-			</arguments>
-		</buildCommand>
-		<buildCommand>
-			<name>org.eclipse.jdt.core.javabuilder</name>
-			<arguments>
-			</arguments>
-		</buildCommand>
-		<buildCommand>
-			<name>org.eclipse.wst.validation.validationbuilder</name>
-			<arguments>
-			</arguments>
-		</buildCommand>
-		<buildCommand>
-			<name>org.eclipse.m2e.core.maven2Builder</name>
-			<arguments>
-			</arguments>
-		</buildCommand>
-	</buildSpec>
-	<natures>
-		<nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
-		<nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
-		<nature>org.eclipse.jdt.core.javanature</nature>
-		<nature>org.eclipse.wst.common.project.facet.core.nature</nature>
-		<nature>org.eclipse.wst.jsdt.core.jsNature</nature>
-		<nature>org.eclipse.m2e.core.maven2Nature</nature>
-	</natures>
-</projectDescription>
+<?xml version="1.0" encoding="UTF-8"?>
+<projectDescription>
+	<name>openid</name>
+	<comment>Reference implementation of OpenID Connect spec (http://openid.net/connect/). NO_M2ECLIPSE_SUPPORT: Project files created with the maven-eclipse-plugin are not supported in M2Eclipse.</comment>
+	<projects>
+		<project>spring-security-oauth2</project>
+	</projects>
+	<buildSpec>
+		<buildCommand>
+			<name>org.eclipse.wst.jsdt.core.javascriptValidator</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.wst.common.project.facet.core.builder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.jdt.core.javabuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.wst.validation.validationbuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.m2e.core.maven2Builder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
+	</buildSpec>
+	<natures>
+		<nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
+		<nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
+		<nature>org.eclipse.jdt.core.javanature</nature>
+		<nature>org.eclipse.wst.common.project.facet.core.nature</nature>
+		<nature>org.eclipse.wst.jsdt.core.jsNature</nature>
+		<nature>org.eclipse.m2e.core.maven2Nature</nature>
+	</natures>
+</projectDescription>