diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCSignedRequestFilter.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCSignedRequestFilter.java index d78d9c2e3..c9bf242de 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCSignedRequestFilter.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCSignedRequestFilter.java @@ -18,16 +18,36 @@ import org.mitre.jwt.model.Jwt; import org.mitre.jwt.model.JwtClaims; import org.mitre.jwt.signer.service.JwtSigningAndValidationService; import org.mitre.openid.connect.config.OIDCServerConfiguration; +import org.mitre.openid.connect.view.JwkKeyListView; +import org.mitre.openid.connect.view.X509CertificateView; +import org.mitre.openid.connect.web.JsonWebKeyEndpoint; +import org.springframework.beans.BeansException; +import org.springframework.beans.factory.BeanFactory; +import org.springframework.beans.factory.BeanFactoryAware; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.config.ConfigurableListableBeanFactory; +import org.springframework.beans.factory.support.BeanDefinitionBuilder; +import org.springframework.beans.factory.support.BeanDefinitionRegistry; +import org.springframework.beans.factory.support.BeanDefinitionRegistryPostProcessor; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.util.Assert; +import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter; +import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping; +import org.springframework.web.servlet.view.BeanNameViewResolver; -public class OIDCSignedRequestFilter extends AbstractOIDCAuthenticationFilter { +import com.google.common.base.Strings; + +public class OIDCSignedRequestFilter extends AbstractOIDCAuthenticationFilter implements BeanDefinitionRegistryPostProcessor { - protected OIDCServerConfiguration oidcServerConfig; + private OIDCServerConfiguration oidcServerConfig; private JwtSigningAndValidationService signingAndValidationService; + private String jwkPublishUrl; + + private BeanDefinitionRegistry registry; + protected OIDCSignedRequestFilter() { super(); @@ -51,6 +71,7 @@ public class OIDCSignedRequestFilter extends AbstractOIDCAuthenticationFilter { Assert.notNull(oidcServerConfig.getClientSecret(), "A Client Secret must be supplied"); + } @Override @@ -151,75 +172,141 @@ public class OIDCSignedRequestFilter extends AbstractOIDCAuthenticationFilter { } /** - * @param authorizationEndpointURI - * @see org.mitre.openid.connect.config.OIDCServerConfiguration#setAuthorizationEndpointUrl(java.lang.String) - */ - public void setAuthorizationEndpointURI(String authorizationEndpointURI) { - oidcServerConfig.setAuthorizationEndpointUrl(authorizationEndpointURI); - } + * @param authorizationEndpointURI + * @see org.mitre.openid.connect.config.OIDCServerConfiguration#setAuthorizationEndpointUrl(java.lang.String) + */ + public void setAuthorizationEndpointUrl(String authorizationEndpointURI) { + oidcServerConfig.setAuthorizationEndpointUrl(authorizationEndpointURI); + } /** - * @param clientId - * @see org.mitre.openid.connect.config.OIDCServerConfiguration#setClientId(java.lang.String) - */ - public void setClientId(String clientId) { - oidcServerConfig.setClientId(clientId); - } + * @param clientId + * @see org.mitre.openid.connect.config.OIDCServerConfiguration#setClientId(java.lang.String) + */ + public void setClientId(String clientId) { + oidcServerConfig.setClientId(clientId); + } /** - * @param issuer - * @see org.mitre.openid.connect.config.OIDCServerConfiguration#setIssuer(java.lang.String) - */ - public void setIssuer(String issuer) { - oidcServerConfig.setIssuer(issuer); - } + * @param issuer + * @see org.mitre.openid.connect.config.OIDCServerConfiguration#setIssuer(java.lang.String) + */ + public void setIssuer(String issuer) { + oidcServerConfig.setIssuer(issuer); + } /** - * @param clientSecret - * @see org.mitre.openid.connect.config.OIDCServerConfiguration#setClientSecret(java.lang.String) - */ - public void setClientSecret(String clientSecret) { - oidcServerConfig.setClientSecret(clientSecret); - } + * @param clientSecret + * @see org.mitre.openid.connect.config.OIDCServerConfiguration#setClientSecret(java.lang.String) + */ + public void setClientSecret(String clientSecret) { + oidcServerConfig.setClientSecret(clientSecret); + } /** - * @param tokenEndpointURI - * @see org.mitre.openid.connect.config.OIDCServerConfiguration#setTokenEndpointUrl(java.lang.String) - */ - public void setTokenEndpointURI(String tokenEndpointURI) { - oidcServerConfig.setTokenEndpointUrl(tokenEndpointURI); - } + * @param tokenEndpointURI + * @see org.mitre.openid.connect.config.OIDCServerConfiguration#setTokenEndpointUrl(java.lang.String) + */ + public void setTokenEndpointUrl(String tokenEndpointURI) { + oidcServerConfig.setTokenEndpointUrl(tokenEndpointURI); + } /** - * @param x509EncryptUrl - * @see org.mitre.openid.connect.config.OIDCServerConfiguration#setX509EncryptUrl(java.lang.String) - */ - public void setX509EncryptUrl(String x509EncryptUrl) { - oidcServerConfig.setX509EncryptUrl(x509EncryptUrl); - } + * @param x509EncryptUrl + * @see org.mitre.openid.connect.config.OIDCServerConfiguration#setX509EncryptUrl(java.lang.String) + */ + public void setX509EncryptUrl(String x509EncryptUrl) { + oidcServerConfig.setX509EncryptUrl(x509EncryptUrl); + } /** - * @param x509SigningUrl - * @see org.mitre.openid.connect.config.OIDCServerConfiguration#setX509SigningUrl(java.lang.String) - */ - public void setX509SigningUrl(String x509SigningUrl) { - oidcServerConfig.setX509SigningUrl(x509SigningUrl); - } + * @param x509SigningUrl + * @see org.mitre.openid.connect.config.OIDCServerConfiguration#setX509SigningUrl(java.lang.String) + */ + public void setX509SigningUrl(String x509SigningUrl) { + oidcServerConfig.setX509SigningUrl(x509SigningUrl); + } /** - * @param jwkEncryptUrl - * @see org.mitre.openid.connect.config.OIDCServerConfiguration#setJwkEncryptUrl(java.lang.String) - */ - public void setJwkEncryptUrl(String jwkEncryptUrl) { - oidcServerConfig.setJwkEncryptUrl(jwkEncryptUrl); - } + * @param jwkEncryptUrl + * @see org.mitre.openid.connect.config.OIDCServerConfiguration#setJwkEncryptUrl(java.lang.String) + */ + public void setJwkEncryptUrl(String jwkEncryptUrl) { + oidcServerConfig.setJwkEncryptUrl(jwkEncryptUrl); + } /** - * @param jwkSigningUrl - * @see org.mitre.openid.connect.config.OIDCServerConfiguration#setJwkSigningUrl(java.lang.String) - */ - public void setJwkSigningUrl(String jwkSigningUrl) { - oidcServerConfig.setJwkSigningUrl(jwkSigningUrl); - } + * @param jwkSigningUrl + * @see org.mitre.openid.connect.config.OIDCServerConfiguration#setJwkSigningUrl(java.lang.String) + */ + public void setJwkSigningUrl(String jwkSigningUrl) { + oidcServerConfig.setJwkSigningUrl(jwkSigningUrl); + } + + /** + * @param userInfoUrl + * @see org.mitre.openid.connect.config.OIDCServerConfiguration#setUserInfoUrl(java.lang.String) + */ + public void setUserInfoUrl(String userInfoUrl) { + oidcServerConfig.setUserInfoUrl(userInfoUrl); + } + + /** + * @return the jwkPublishUrl + */ + public String getJwkPublishUrl() { + return jwkPublishUrl; + } + + /** + * @param jwkPublishUrl the jwkPublishUrl to set + */ + public void setJwkPublishUrl(String jwkPublishUrl) { + this.jwkPublishUrl = jwkPublishUrl; + } + + /* (non-Javadoc) + * @see org.springframework.beans.factory.config.BeanFactoryPostProcessor#postProcessBeanFactory(org.springframework.beans.factory.config.ConfigurableListableBeanFactory) + */ + @Override + public void postProcessBeanFactory(ConfigurableListableBeanFactory beanFactory) throws BeansException { + if (!Strings.isNullOrEmpty(jwkPublishUrl)) { + + + BeanDefinitionBuilder jwkBuilder = BeanDefinitionBuilder.rootBeanDefinition(JsonWebKeyEndpoint.class); + jwkBuilder.addPropertyValue("jwtService", signingAndValidationService); + + registry.registerBeanDefinition("jwkEndpointController", jwkBuilder.getBeanDefinition()); + + + BeanDefinitionBuilder jwkViewBuilder = BeanDefinitionBuilder.rootBeanDefinition(JwkKeyListView.class); + registry.registerBeanDefinition("jwkKeyList", jwkViewBuilder.getBeanDefinition()); + + BeanDefinitionBuilder x509ViewBuilder = BeanDefinitionBuilder.rootBeanDefinition(X509CertificateView.class); + registry.registerBeanDefinition("x509certs", x509ViewBuilder.getBeanDefinition()); + + Map resolvers = beanFactory.getBeansOfType(BeanNameViewResolver.class); + + if (resolvers.isEmpty()) { + logger.info("Creating view resolver"); + BeanDefinitionBuilder viewResolverBuilder = BeanDefinitionBuilder.rootBeanDefinition(BeanNameViewResolver.class); + viewResolverBuilder.addPropertyValue("order", 1); + registry.registerBeanDefinition("beanNameViewResolver", viewResolverBuilder.getBeanDefinition()); + } + + //beanFactory.createBean(JsonWebKeyEndpoint.class); + + } + + } + + /* (non-Javadoc) + * @see org.springframework.beans.factory.support.BeanDefinitionRegistryPostProcessor#postProcessBeanDefinitionRegistry(org.springframework.beans.factory.support.BeanDefinitionRegistry) + */ + @Override + public void postProcessBeanDefinitionRegistry(BeanDefinitionRegistry registry) throws BeansException { + this.registry = registry; + } + } diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/web/JsonWebKeyEndpoint.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/web/JsonWebKeyEndpoint.java index 93626a7ef..efce7b4b5 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/web/JsonWebKeyEndpoint.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/web/JsonWebKeyEndpoint.java @@ -50,5 +50,19 @@ public class JsonWebKeyEndpoint { return new ModelAndView("x509certs", "signers", signers); } + + /** + * @return the jwtService + */ + public JwtSigningAndValidationService getJwtService() { + return jwtService; + } + + /** + * @param jwtService the jwtService to set + */ + public void setJwtService(JwtSigningAndValidationService jwtService) { + this.jwtService = jwtService; + } }