github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

Merge branch 'master' into userInfoEndpoint

pull/105/merge
Stephen Moore 2012-05-24 13:06:29 -04:00
parent 1bff5ef19f b838ddb786
commit c418ccabb1
7 changed files with 29 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
openid-connect-server/.settings/org.eclipse.wst.common.component
View File

@ -5,7 +5,10 @@
<wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/resources"/> <wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/resources"/>
<wb-resource deploy-path="/" source-path="/target/m2e-wtp/web-resources"/> <wb-resource deploy-path="/" source-path="/target/m2e-wtp/web-resources"/>
<wb-resource deploy-path="/" source-path="/src/main/webapp" tag="defaultRootSource"/> <wb-resource deploy-path="/" source-path="/src/main/webapp" tag="defaultRootSource"/>
<dependent-module archiveName="openid-connect-common-0.1-SNAPSHOT.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/openid-connect-common/openid-connect-common"> <dependent-module archiveName="spring-security-oauth2-1.0.0.BUILD-SNAPSHOT.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/spring-security-oauth2-MITRE/spring-security-oauth2-MITRE">
<dependency-type>uses</dependency-type>
</dependent-module>
<dependent-module archiveName="openid-connect-common-0.1-SNAPSHOT.jar" deploy-path="/WEB-INF/lib" handle="module:/resource/openid-connect-common-MITRE/openid-connect-common-MITRE">
<dependency-type>uses</dependency-type> <dependency-type>uses</dependency-type>
</dependent-module> </dependent-module>
<property name="java-output-path" value="/openid/target/classes"/> <property name="java-output-path" value="/openid/target/classes"/>

2
openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java
View File

@ -22,6 +22,8 @@ import org.mitre.oauth2.exception.ClientNotFoundException;
import org.mitre.oauth2.service.ClientDetailsEntityService; import org.mitre.oauth2.service.ClientDetailsEntityService;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.provider.AuthorizationRequest; import org.springframework.security.oauth2.provider.AuthorizationRequest;
import org.springframework.security.oauth2.provider.ClientDetails; import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.stereotype.Controller; import org.springframework.stereotype.Controller;

7
openid-connect-server/src/main/java/org/mitre/openid/connect/view/JSONUserInfoView.java
View File

@ -77,6 +77,7 @@ public class JSONUserInfoView extends AbstractView{
obj.addProperty("email", ui.getEmail()); obj.addProperty("email", ui.getEmail());
obj.addProperty("profile", ui.getProfile()); obj.addProperty("profile", ui.getProfile());
obj.addProperty("picture", ui.getPicture()); obj.addProperty("picture", ui.getPicture());
obj.addProperty("email", ui.getEmail());
obj.addProperty("website", ui.getWebsite()); obj.addProperty("website", ui.getWebsite());
obj.addProperty("verified", ui.getVerified()); obj.addProperty("verified", ui.getVerified());
obj.addProperty("gender", ui.getGender()); obj.addProperty("gender", ui.getGender());
@ -85,7 +86,8 @@ public class JSONUserInfoView extends AbstractView{
obj.addProperty("phone_number", ui.getPhoneNumber()); obj.addProperty("phone_number", ui.getPhoneNumber());
obj.addProperty("updated_time", ui.getUpdatedTime()); obj.addProperty("updated_time", ui.getUpdatedTime());
if(ui.getAddress() != null) { if (ui.getAddress() != null) {
JsonObject addr = new JsonObject(); JsonObject addr = new JsonObject();
addr.addProperty("formatted", ui.getAddress().getFormatted()); addr.addProperty("formatted", ui.getAddress().getFormatted());
addr.addProperty("street_address", ui.getAddress().getStreetAddress()); addr.addProperty("street_address", ui.getAddress().getStreetAddress());
@ -96,7 +98,8 @@ public class JSONUserInfoView extends AbstractView{
obj.add("address", addr); obj.add("address", addr);
} }
return obj; return obj;
} }
} }

6
openid-connect-server/src/main/java/org/mitre/openid/connect/web/CheckIDEndpoint.java
View File

@ -25,6 +25,9 @@ import org.mitre.openid.connect.exception.InvalidJwtSignatureException;
import org.mitre.openid.connect.model.IdToken; import org.mitre.openid.connect.model.IdToken;
import org.mitre.util.Utility; import org.mitre.util.Utility;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller; import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RequestParam;
@ -39,9 +42,12 @@ public class CheckIDEndpoint {
@Autowired @Autowired
private ConfigurationPropertiesBean configBean; private ConfigurationPropertiesBean configBean;
@PreAuthorize("hasRole('ROLE_USER')")
@RequestMapping("/checkid") @RequestMapping("/checkid")
public ModelAndView checkID(@RequestParam("access_token") String tokenString, ModelAndView mav, HttpServletRequest request) { public ModelAndView checkID(@RequestParam("access_token") String tokenString, ModelAndView mav, HttpServletRequest request) {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (!jwtSignerService.validateSignature(tokenString)) { if (!jwtSignerService.validateSignature(tokenString)) {
// can't validate // can't validate
throw new InvalidJwtSignatureException(); // TODO: attach a view to this exception throw new InvalidJwtSignatureException(); // TODO: attach a view to this exception

5
openid-connect-server/src/main/webapp/WEB-INF/spring-servlet.xml
View File

@ -30,6 +30,9 @@
<import resource="data-context.xml" /> <import resource="data-context.xml" />
<!-- Spring Security configuration --> <!-- Spring Security configuration -->
<oauth:resource-server id="resourceServerFilter" token-services-ref="defaultOAuth2ProviderTokenService" />
<security:http pattern="/oauth/token" create-session="stateless" authentication-manager-ref="clientAuthenticationManager" <security:http pattern="/oauth/token" create-session="stateless" authentication-manager-ref="clientAuthenticationManager"
entry-point-ref="oauthAuthenticationEntryPoint"> entry-point-ref="oauthAuthenticationEntryPoint">
<security:intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" /> <security:intercept-url pattern="/oauth/token" access="IS_AUTHENTICATED_FULLY" />
@ -75,7 +78,7 @@
<!-- user services --> <!-- user services -->
<import resource="user-context.xml" /> <import resource="user-context.xml" />
<!-- End Spring Security configuration --> <!-- End Spring Security configuration -->
<!-- JPA --> <!-- JPA -->

1
openid-connect-server/src/main/webapp/WEB-INF/user-context.xml
View File

@ -32,6 +32,7 @@
<security:http auto-config="true" disable-url-rewriting="true"> <!-- authentication-manager-ref="springSecurityAuthenticationManager" --> <security:http auto-config="true" disable-url-rewriting="true"> <!-- authentication-manager-ref="springSecurityAuthenticationManager" -->
<security:intercept-url pattern="/oauth/**" access="ROLE_USER" /> <security:intercept-url pattern="/oauth/**" access="ROLE_USER" />
<security:intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" /> <security:intercept-url pattern="/**" access="IS_AUTHENTICATED_ANONYMOUSLY" />
<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
<security:anonymous /> <security:anonymous />
</security:http> </security:http>

10
openid-connect-server/src/main/webapp/resources/template/client.html
View File

@ -1,4 +1,7 @@
<script type="text/html" id="tmpl-client"> <script type="text/html" id="tmpl-client">
<td>
<%=clientId%>
</td>
<td> <td>
<%=clientName%> <%=clientName%>
@ -55,6 +58,7 @@
<table id="client-table" class="table"> <table id="client-table" class="table">
<thead> <thead>
<tr> <tr>
<th>ID</th>
<th>Name</th> <th>Name</th>
<th>Redirect URI(s)</th> <th>Redirect URI(s)</th>
<th>Grant Types</th> <th>Grant Types</th>
@ -83,7 +87,7 @@
<div class=""> <div class="">
<form> <form>
<fieldset> <fieldset>
<legend>Details</legend> <legend>Details <%=(clientId != null ? 'for ' + clientId : '')%></legend>
<div class="well"> <div class="well">
@ -158,7 +162,7 @@
<input type="text" class="" value="<%=accessTokenTimeout%>" id="access-token-timeout-seconds" size="16"><span <input type="text" class="" value="<%=accessTokenTimeout%>" id="access-token-timeout-seconds" size="16"><span
class="add-on">seconds</span> class="add-on">seconds</span>
</div> </div>
<span class="help-inline">Here's more help text</span> <span class="help-inline">Enter this time in seconds</span>
</div> </div>
</span> </span>
<span class="control-group" id="refreshTokenTimeout"> <span class="control-group" id="refreshTokenTimeout">
@ -170,7 +174,7 @@
<input type="text" class="" value="<%=refreshTokenTimeout%>" id="refresh-token-timeout-seconds" size="16"><span <input type="text" class="" value="<%=refreshTokenTimeout%>" id="refresh-token-timeout-seconds" size="16"><span
class="add-on">seconds</span> class="add-on">seconds</span>
</div> </div>
<span class="help-inline">Here's more help text</span> <span class="help-inline">Enter this time in seconds</span>
</div> </div>
</span> </span>
</div> </div>