github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

UserInfoView returning intersection of claims request parameter and request object claims in effect now.

pull/477/head
William Kim 2013-08-19 14:19:32 -04:00
parent bd3d2a5cee
commit b89436d7b9
1 changed files with 18 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

21
openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoView.java
View File

@ -37,6 +37,7 @@ import org.springframework.web.servlet.view.AbstractView;
import com.google.common.base.CaseFormat; import com.google.common.base.CaseFormat;
import com.google.common.base.Strings; import com.google.common.base.Strings;
import com.google.common.collect.Sets;
import com.google.gson.ExclusionStrategy; import com.google.gson.ExclusionStrategy;
import com.google.gson.FieldAttributes; import com.google.gson.FieldAttributes;
import com.google.gson.Gson; import com.google.gson.Gson;
@ -118,7 +119,7 @@ public class UserInfoView extends AbstractView {
// FIXME: move to GSON for easier processing // FIXME: move to GSON for easier processing
JsonObject obj = (JsonObject) jsonParser.parse(requestObject.getJWTClaimsSet().toJSONObject().toJSONString()); JsonObject obj = (JsonObject) jsonParser.parse(requestObject.getJWTClaimsSet().toJSONObject().toJSONString());
gson.toJson(toJsonFromRequestObj(userInfo, scope, obj), out); gson.toJson(toJsonFromRequestObj(userInfo, scope, obj, claimsRequest), out);
} catch (JsonSyntaxException e) { } catch (JsonSyntaxException e) {
logger.error("JsonSyntaxException in UserInfoView.java: ", e); logger.error("JsonSyntaxException in UserInfoView.java: ", e);
} catch (JsonIOException e) { } catch (JsonIOException e) {
@ -201,9 +202,10 @@ public class UserInfoView extends AbstractView {
* @param ui * @param ui
* @param scope * @param scope
* @param requestObj * @param requestObj
* @param claimsRequest the claims request parameter object.
* @return * @return
*/ */
private JsonObject toJsonFromRequestObj(UserInfo ui, Set<String> scope, JsonObject requestObj) { private JsonObject toJsonFromRequestObj(UserInfo ui, Set<String> scope, JsonObject requestObj, JsonObject claimsRequest) {
JsonObject obj = toJson(ui, scope); JsonObject obj = toJson(ui, scope);
@ -218,10 +220,23 @@ public class UserInfoView extends AbstractView {
return obj; return obj;
} }
// Filter claims from the request object with the claims from the claims request parameter, if it exists
Set<Entry<String, JsonElement>> requestClaimsSet = Sets.newHashSet();
if (claimsRequest != null) {
for (Entry<String, JsonElement> entry : userinfo.getAsJsonObject().entrySet()) {
if (claimsRequest.has(entry.getKey())) {
requestClaimsSet.add(entry);
}
}
}
// TODO: this method is likely to be fragile if the data model changes at all // TODO: this method is likely to be fragile if the data model changes at all
//For each claim found, add it if not already present //For each claim found, add it if not already present
for (Entry<String, JsonElement> i : userinfo.getAsJsonObject().entrySet()) { for (Entry<String, JsonElement> i : requestClaimsSet) {
String claimName = i.getKey(); String claimName = i.getKey();
if (!obj.has(claimName)) { if (!obj.has(claimName)) {
String value = ""; String value = "";