mods to auth filter including config comments, http socket time out...

openid-connect-client/.classpath

@@ -1,10 +1,11 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <classpath>
 	<classpathentry kind="src" output="target/classes" path="src/main/java"/>
-	<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources"/>
-	<classpathentry kind="src" output="target/test-classes" path="src/test/java"/>
-	<classpathentry excluding="**" kind="src" output="target/test-classes" path="src/test/resources"/>
 	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.6"/>
-	<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER"/>
+	<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
+		<attributes>
+			<attribute name="org.eclipse.jst.component.nondependency" value=""/>
+		</attributes>
+	</classpathentry>
 	<classpathentry kind="output" path="target/classes"/>
 </classpath>

openid-connect-client/.project

@@ -5,6 +5,11 @@
 	<projects>
 	</projects>
 	<buildSpec>
+		<buildCommand>
+			<name>org.eclipse.wst.common.project.facet.core.builder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
 		<buildCommand>
 			<name>org.eclipse.jdt.core.javabuilder</name>
 			<arguments>
@@ -15,9 +20,17 @@
 			<arguments>
 			</arguments>
 		</buildCommand>
+		<buildCommand>
+			<name>org.eclipse.wst.validation.validationbuilder</name>
+			<arguments>
+			</arguments>
+		</buildCommand>
 	</buildSpec>
 	<natures>
+		<nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
+		<nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
 		<nature>org.eclipse.jdt.core.javanature</nature>
 		<nature>org.eclipse.m2e.core.maven2Nature</nature>
+		<nature>org.eclipse.wst.common.project.facet.core.nature</nature>
 	</natures>
 </projectDescription>

openid-connect-client/.settings/org.eclipse.jdt.core.prefs

@@ -1,6 +1,8 @@
-#Fri Mar 16 16:16:56 EDT 2012
 eclipse.preferences.version=1
+org.eclipse.jdt.core.compiler.codegen.inlineJsrBytecode=enabled
 org.eclipse.jdt.core.compiler.codegen.targetPlatform=1.6
 org.eclipse.jdt.core.compiler.compliance=1.6
+org.eclipse.jdt.core.compiler.problem.assertIdentifier=error
+org.eclipse.jdt.core.compiler.problem.enumIdentifier=error
 org.eclipse.jdt.core.compiler.problem.forbiddenReference=warning
 org.eclipse.jdt.core.compiler.source=1.6

openid-connect-client/.settings/org.eclipse.wst.common.component

@@ -0,0 +1,6 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project-modules id="moduleCoreId" project-version="1.5.0">
+    <wb-module deploy-name="openid-connect-client">
+        <wb-resource deploy-path="/" source-path="/src/main/java"/>
+    </wb-module>
+</project-modules>

openid-connect-client/.settings/org.eclipse.wst.common.project.facet.core.xml

@@ -0,0 +1,5 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<faceted-project>
+  <installed facet="java" version="1.6"/>
+  <installed facet="jst.utility" version="1.0"/>
+</faceted-project>

openid-connect-client/src/main/java/org/mitre/openid/connect/client/OpenIdConnectAuthenticationFilter.java

@@ -44,27 +44,41 @@ import com.google.gson.JsonParser;
 /**
  * The OpenID Connect Authentication Filter
  * 
- * See:  
+ * Configured like:  
  *   
- * http://static.springsource.org/spring-security/site/docs/3.0.x/reference/ns-config.html#ns-custom-filters
+ *	<security:http auto-config="false" use-expressions="true"
+ *		disable-url-rewriting="true" entry-point-ref="authenticationEntryPoint" pattern="/**">
  *
- * <http>
+ *		<security:intercept-url pattern="/somepath/**"
- *    <custom-filter position="FORM_LOGIN_FILTER" ref="openIdConnectAuthenticationFilter">
+ *			access="denyAll" />
- * </http>
  *
- * <beans:bean id="openIdConnectAuthenticationFilter" 
+ *		<security:custom-filter before="PRE_AUTH_FILTER "
+ *			ref="openIdConnectAuthenticationFilter" />
+ *
+ *		<security:intercept-url pattern="/**"
+ * 			access="hasAnyRole('ROLE_USER','ROLE_ADMIN')" />
+ *		<security:logout />
+ *	</security:http>
+ *
+ *	<bean id="authenticationEntryPoint"
+ *     	class="org.springframework.security.web.authentication.LoginUrlAuthenticationEntryPoint">		
+ * 		<property name="loginFormUrl" value="/openid_connect_login"/>
+ *	</bean>
+ *
+ *	<security:authentication-manager alias="authenticationManager" />
+ *	<bean id="openIdConnectAuthenticationFilter"
  *		class="org.mitre.openid.connect.client.OpenIdConnectAuthenticationFilter">
- *   <property name="errorRedirectURI" value=""/>
+ *		
+ *		<property name="authenticationManager" ref="authenticationManager" />
+ *		<property name="errorRedirectURI" value="/login.jsp?authfail=openid" /> <!-- TODO: or would this be value="/login.jsp?authfail=openid_connect" -->
  *		<property name="authorizationEndpointURI"
- *   		value="http://server.example.com:8080/openid-connect-server/openidconnect/auth"/>
+ *			value="http://sever.example.com:8080/openid-connect-server/openidconnect/auth" />
  *		<property name="tokenEndpointURI"
- *   		value=http://server.example.com:8080/openid-connect-server/checkid""/>
+ *			value="http://sever.example.com:8080/openid-connect-server/checkid" />
  *		<property name="checkIDEndpointURI"
- *   		value="http://server.example.comg:8080/openid-connect-server/checkid"/>
+ *			value="http://sever.example.com:8080/openid-connect-server/checkid" />
- *   <property name="clientId" 
+ *		<property name="clientId" value="someClientId" />
- *   		value=""/>
+ *		<property name="clientSecret" value="someClientSecret" />
- *   <property name="clientSecret" 
- *   		value=""/>
  *	</bean>
  * 
  * @author nemonik
@@ -76,11 +90,12 @@ public class OpenIdConnectAuthenticationFilter extends
 	private static Log logger = LogFactory
 			.getLog(OpenIdConnectAuthenticationFilter.class);
 
+	private final static int HTTP_SOCKET_TIMEOUT = 30000;
 	private final static String SCOPE = "openid";
 	private final static int KEY_SIZE = 1024;
 	private final static String SIGNING_ALGORITHM = "SHA256withRSA";
 	private final static String NONCE_SIGNATURE_COOKIE_NAME = "nonce";
-	private final static String FILTER_PROCESSES_URL ="/j_spring_openid_connect_security_check";
+	private final static String FILTER_PROCESSES_URL ="/openid_connect_login";
 
 	/**
 	 * Return the URL w/ GET parameters
@@ -177,6 +192,8 @@ public class OpenIdConnectAuthenticationFilter extends
 
 	private String scope;
 	
+	private int httpSocketTimeout = HTTP_SOCKET_TIMEOUT;
+
 	private PublicKey publicKey;
 
 	private PrivateKey privateKey;
@@ -244,7 +261,11 @@ public class OpenIdConnectAuthenticationFilter extends
 		}
 
 		// prepend the spec necessary scope
+		if (scope != null && !scope.isEmpty() ) { 
 			setScope(SCOPE + scope);
+		} else { 
+			setScope(SCOPE);
+		}	
 	}
 
 	/*
@@ -294,6 +315,9 @@ public class OpenIdConnectAuthenticationFilter extends
 				// Handle Token Endpoint interaction
 
 				HttpClient httpClient = new DefaultHttpClient();
+				
+				httpClient.getParams().setParameter("http.socket.timeout", new Integer(httpSocketTimeout));
+				
 				UsernamePasswordCredentials credentials = new UsernamePasswordCredentials(
 						clientId, clientSecret);
 				((DefaultHttpClient) httpClient).getCredentialsProvider()
@@ -372,6 +396,9 @@ public class OpenIdConnectAuthenticationFilter extends
 					// Handle Check ID Endpoint interaction
 
 					httpClient = new DefaultHttpClient();
+					
+					httpClient.getParams().setParameter("http.socket.timeout", new Integer(httpSocketTimeout));
+					
 					factory = new HttpComponentsClientHttpRequestFactory(
 							httpClient);
 					restTemplate = new RestTemplate(factory);
@@ -569,3 +596,4 @@ public class OpenIdConnectAuthenticationFilter extends
 		this.tokenEndpointURI = tokenEndpointURI;
 	}
 }
+