Merge branch 'master' of github.com:mitreid-connect/OpenID-Connect-Java-Spring-Server

openid-connect-client/src/main/java/org/mitre/openid/connect/client/AbstractOIDCAuthenticationFilter.java

@@ -522,8 +522,18 @@ public class AbstractOIDCAuthenticationFilter extends
 			// Read the paragraph describing "nonce". Required w/ implicit flow.
 			//
 			
-			String nonce = idToken.getClaims().getNonce();
+			//String nonce = idToken.getClaims().getClaimAsString("nonce");
 
+			String nonce = idToken.getClaims().getNonce();
+			
+			if (StringUtils.isBlank(nonce)) {
+				
+				logger.error("ID token did not contain a nonce claim.");
+
+				throw new AuthenticationServiceException(
+						"ID token did not contain a nonce claim.");
+			}
+			
 			Cookie nonceSignatureCookie = WebUtils.getCookie(request,
 					NONCE_SIGNATURE_COOKIE_NAME);
 

openid-connect-server/.springBeans

@@ -11,6 +11,7 @@
 		<config>src/main/webapp/WEB-INF/server-config.xml</config>
 		<config>src/main/webapp/WEB-INF/local-config.xml</config>
 		<config>src/main/webapp/WEB-INF/data-context.xml</config>
+		<config>src/main/webapp/WEB-INF/crypto-config.xml</config>
 	</configs>
 	<configSets>
 	</configSets>

openid-connect-server/src/main/webapp/WEB-INF/crypto-config.xml

@@ -0,0 +1,33 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<beans xmlns="http://www.springframework.org/schema/beans"
+	xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+	xsi:schemaLocation="http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans.xsd">
+
+	<bean id="defaultKeystore" class="org.mitre.jwt.signer.service.impl.KeyStore">
+		<constructor-arg name="location" value="classpath:keystore.jks" />
+		<constructor-arg name="password" value="changeit" />
+	</bean>
+
+	<bean id="defaultsignerService"
+		class="org.mitre.jwt.signer.service.impl.JwtSigningAndValidationServiceDefault">
+		<property name="signers">
+			<map>
+				<entry key="rsa1">
+					<bean id="rsaSigner" class="org.mitre.jwt.signer.impl.RsaSigner">
+						<property name="algorithm" value="RS256" />
+						<property name="keystore" ref="defaultKeystore" />
+						<property name="alias" value="rsa" />
+						<property name="password" value="changeit" />
+					</bean>
+				</entry>
+				<entry key="hmac1">
+					<bean id="hmacSigner" class="org.mitre.jwt.signer.impl.HmacSigner">
+						<property name="algorithm" value="HS256" />
+						<property name="passphrase" value="changeit" />
+					</bean>
+				</entry>
+			</map>
+		</property>
+	</bean>
+
+</beans>

openid-connect-server/src/main/webapp/WEB-INF/spring-servlet.xml

@@ -133,32 +133,7 @@
 
 	<!-- Crypto -->
 
-	<bean id="defaultKeystore" class="org.mitre.jwt.signer.service.impl.KeyStore">
+	<import resource="crypto-config.xml" />
-		<constructor-arg name="location" value="classpath:keystore.jks" />
-		<constructor-arg name="password" value="changeit" />
-	</bean>
-
-	<bean id="defaultsignerService"
-		class="org.mitre.jwt.signer.service.impl.JwtSigningAndValidationServiceDefault">
-		<property name="signers">
-			<map>
-				<entry key="rsa1">
-					<bean id="rsaSigner" class="org.mitre.jwt.signer.impl.RsaSigner">
-						<property name="algorithm" value="RS256" />
-						<property name="keystore" ref="defaultKeystore" />
-						<property name="alias" value="rsa" />
-						<property name="password" value="changeit" />
-					</bean>
-				</entry>
-				<entry key="hmac1">
-					<bean id="hmacSigner" class="org.mitre.jwt.signer.impl.HmacSigner">
-						<property name="algorithm" value="HS256" />
-						<property name="passphrase" value="changeit" />
-					</bean>
-				</entry>
-			</map>
-		</property>
-	</bean>
 
 	<!-- End Crypto -->