github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

externalized view name strings and tied them to view beans

pull/689/merge
Justin Richer 2014-09-28 22:25:39 -04:00
parent a704277652
commit c683131f12
30 changed files with 227 additions and 169 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
openid-connect-client/src/main/java/org/mitre/openid/connect/client/keypublisher/ClientKeyPublisher.java
View File

@ -43,7 +43,7 @@ public class ClientKeyPublisher implements BeanDefinitionRegistryPostProcessor {
private BeanDefinitionRegistry registry;
private String jwkViewName = "jwkKeyList";
private String jwkViewName = JwkKeyListView.VIEWNAME;
/**
* If the jwkPublishUrl field is set on this bean, set up a listener on that URL to publish keys.
@ -61,12 +61,12 @@ public class ClientKeyPublisher implements BeanDefinitionRegistryPostProcessor {
clientKeyMapping.addPropertyValue("jwkPublishUrl", getJwkPublishUrl());
// randomize view name to make sure it doesn't conflict with local views
jwkViewName = "jwkKeyList-" + UUID.randomUUID().toString();
viewResolver.addPropertyValue("jwkViewName", jwkViewName);
jwkViewName = JwkKeyListView.VIEWNAME + "-" + UUID.randomUUID().toString();
viewResolver.addPropertyValue(JwkKeyListView.VIEWNAME, jwkViewName);
// view bean
BeanDefinitionBuilder jwkView = BeanDefinitionBuilder.rootBeanDefinition(JwkKeyListView.class);
registry.registerBeanDefinition("jwkKeyList", jwkView.getBeanDefinition());
registry.registerBeanDefinition(JwkKeyListView.VIEWNAME, jwkView.getBeanDefinition());
viewResolver.addPropertyReference("jwk", "jwkKeyList");
}

3
openid-connect-common/src/main/java/org/mitre/openid/connect/view/JwkKeyListView.java
View File

@ -39,9 +39,10 @@ import com.nimbusds.jose.jwk.JWKSet;
* @author jricher
*
*/
@Component("jwkKeyList")
@Component(JwkKeyListView.VIEWNAME)
public class JwkKeyListView extends AbstractView {
public static final String VIEWNAME = "jwkKeyList";
private static Logger logger = LoggerFactory.getLogger(JwkKeyListView.class);
@Override

10
openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java
View File

@ -27,6 +27,8 @@ import org.mitre.oauth2.service.SystemScopeService;
import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
import org.mitre.openid.connect.model.UserInfo;
import org.mitre.openid.connect.service.UserInfoService;
import org.mitre.openid.connect.view.HttpCodeView;
import org.mitre.openid.connect.view.JsonEntityView;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@ -103,7 +105,7 @@ public class DiscoveryEndpoint {
if (user == null) {
logger.info("User not found: " + resource);
model.addAttribute("code", HttpStatus.NOT_FOUND);
return "httpCodeView";
return HttpCodeView.VIEWNAME;
}
UriComponents issuerComponents = UriComponentsBuilder.fromHttpUrl(config.getIssuer()).build();
@ -111,14 +113,14 @@ public class DiscoveryEndpoint {
.equals(Strings.nullToEmpty(resourceUri.getHost()))) {
logger.info("Host mismatch, expected " + issuerComponents.getHost() + " got " + resourceUri.getHost());
model.addAttribute("code", HttpStatus.NOT_FOUND);
return "httpCodeView";
return HttpCodeView.VIEWNAME;
}
} else {
logger.info("Unknown URI format: " + resource);
model.addAttribute("code", HttpStatus.NOT_FOUND);
return "httpCodeView";
return HttpCodeView.VIEWNAME;
}
}
@ -326,7 +328,7 @@ public class DiscoveryEndpoint {
model.addAttribute("entity", m);
return "jsonEntityView";
return JsonEntityView.VIEWNAME;
}
}

1
openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/BlacklistAwareRedirectResolver.java
View File

@ -9,7 +9,6 @@ import org.springframework.security.oauth2.common.exceptions.InvalidRequestExcep
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.endpoint.DefaultRedirectResolver;
import org.springframework.security.oauth2.provider.endpoint.RedirectResolver;
import org.springframework.stereotype.Component;
/**

4
openid-connect-server/src/main/java/org/mitre/oauth2/view/TokenApiView.java
View File

@ -43,9 +43,11 @@ import com.google.gson.JsonObject;
import com.google.gson.JsonSerializationContext;
import com.google.gson.JsonSerializer;
@Component("tokenApiView")
@Component(TokenApiView.VIEWNAME)
public class TokenApiView extends AbstractView {
public static final String VIEWNAME = "tokenApiView";
private static Logger logger = LoggerFactory.getLogger(JsonEntityView.class);
private Gson gson = new GsonBuilder()

4
openid-connect-server/src/main/java/org/mitre/oauth2/view/TokenIntrospectionView.java
View File

@ -39,9 +39,11 @@ import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.google.gson.JsonObject;
@Component("tokenIntrospection")
@Component(TokenIntrospectionView.VIEWNAME)
public class TokenIntrospectionView extends AbstractView {
public static final String VIEWNAME = "tokenIntrospection";
private static Logger logger = LoggerFactory.getLogger(TokenIntrospectionView.class);
private static DateFormatter isoDateFormatter = new DateFormatter(new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZ"));

15
openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java
View File

@ -26,8 +26,11 @@ import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
import org.mitre.oauth2.service.ClientDetailsEntityService;
import org.mitre.oauth2.service.IntrospectionAuthorizer;
import org.mitre.oauth2.service.OAuth2TokenEntityService;
import org.mitre.oauth2.view.TokenIntrospectionView;
import org.mitre.openid.connect.model.UserInfo;
import org.mitre.openid.connect.service.UserInfoService;
import org.mitre.openid.connect.view.HttpCodeView;
import org.mitre.openid.connect.view.JsonEntityView;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@ -78,7 +81,7 @@ public class IntrospectionEndpoint {
logger.error("Verify failed; token value is null");
Map<String,Boolean> entity = ImmutableMap.of("active", Boolean.FALSE);
model.addAttribute("entity", entity);
return "jsonEntityView";
return JsonEntityView.VIEWNAME;
}
// clientID is the principal name in the authentication
@ -120,7 +123,7 @@ public class IntrospectionEndpoint {
logger.error("Verify failed; Invalid refresh token", e2);
Map<String,Boolean> entity = ImmutableMap.of("active", Boolean.FALSE);
model.addAttribute("entity", entity);
return "jsonEntityView";
return JsonEntityView.VIEWNAME;
}
}
@ -130,22 +133,22 @@ public class IntrospectionEndpoint {
// if it's a valid token, we'll print out information on it
model.addAttribute("token", token);
model.addAttribute("user", user);
return "tokenIntrospection";
return TokenIntrospectionView.VIEWNAME;
} else {
logger.error("Verify failed; client configuration or scope don't permit token introspection");
model.addAttribute("code", HttpStatus.FORBIDDEN);
return "httpCodeView";
return HttpCodeView.VIEWNAME;
}
} else {
logger.error("Verify failed; client " + clientId + " is not allowed to call introspection endpoint");
model.addAttribute("code", HttpStatus.FORBIDDEN);
return "httpCodeView";
return HttpCodeView.VIEWNAME;
}
} else {
// This is a bad error -- I think it means we have a token outstanding that doesn't map to a client?
logger.error("Verify failed; client " + clientId + " not found.");
model.addAttribute("code", HttpStatus.NOT_FOUND);
return "httpCodeView";
return HttpCodeView.VIEWNAME;
}
}

9
openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java
View File

@ -35,6 +35,7 @@ import org.mitre.openid.connect.model.UserInfo;
import org.mitre.openid.connect.service.ScopeClaimTranslationService;
import org.mitre.openid.connect.service.StatsService;
import org.mitre.openid.connect.service.UserInfoService;
import org.mitre.openid.connect.view.HttpCodeView;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@ -99,7 +100,7 @@ public class OAuthConfirmationController {
// we're not supposed to prompt, so "return an error"
logger.info("Client requested no prompt, returning 403 from confirmation endpoint");
model.put("code", HttpStatus.FORBIDDEN);
return "httpCodeView";
return HttpCodeView.VIEWNAME;
}
//AuthorizationRequest clientAuth = (AuthorizationRequest) model.remove("authorizationRequest");
@ -111,17 +112,17 @@ public class OAuthConfirmationController {
} catch (OAuth2Exception e) {
logger.error("confirmAccess: OAuth2Exception was thrown when attempting to load client", e);
model.put("code", HttpStatus.BAD_REQUEST);
return "httpCodeView";
return HttpCodeView.VIEWNAME;
} catch (IllegalArgumentException e) {
logger.error("confirmAccess: IllegalArgumentException was thrown when attempting to load client", e);
model.put("code", HttpStatus.BAD_REQUEST);
return "httpCodeView";
return HttpCodeView.VIEWNAME;
}
if (client == null) {
logger.error("confirmAccess: could not find client " + authRequest.getClientId());
model.put("code", HttpStatus.NOT_FOUND);
return "httpCodeView";
return HttpCodeView.VIEWNAME;
}
model.put("auth_request", authRequest);

11
openid-connect-server/src/main/java/org/mitre/oauth2/web/RevocationEndpoint.java
View File

@ -21,6 +21,7 @@ import java.security.Principal;
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
import org.mitre.oauth2.service.OAuth2TokenEntityService;
import org.mitre.openid.connect.view.HttpCodeView;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@ -63,14 +64,14 @@ public class RevocationEndpoint {
if (!accessToken.getClient().getClientId().equals(authRequest.getClientId())) {
// trying to revoke a token we don't own, throw a 403
model.addAttribute("code", HttpStatus.FORBIDDEN);
return "httpCodeView";
return HttpCodeView.VIEWNAME;
}
}
// if we got this far, we're allowed to do this
tokenServices.revokeAccessToken(accessToken);
model.addAttribute("code", HttpStatus.OK);
return "httpCodeView";
return HttpCodeView.VIEWNAME;
} catch (InvalidTokenException e) {
@ -83,21 +84,21 @@ public class RevocationEndpoint {
if (!refreshToken.getClient().getClientId().equals(authRequest.getClientId())) {
// trying to revoke a token we don't own, throw a 403
model.addAttribute("code", HttpStatus.FORBIDDEN);
return "httpCodeView";
return HttpCodeView.VIEWNAME;
}
}
// if we got this far, we're allowed to do this
tokenServices.revokeRefreshToken(refreshToken);
model.addAttribute("code", HttpStatus.OK);
return "httpCodeView";
return HttpCodeView.VIEWNAME;
} catch (InvalidTokenException e1) {
// neither token type was found, simply say "OK" and be on our way.
model.addAttribute("code", HttpStatus.OK);
return "httpCodeView";
return HttpCodeView.VIEWNAME;
}
}
}

25
openid-connect-server/src/main/java/org/mitre/oauth2/web/ScopeAPI.java
View File

@ -23,6 +23,9 @@ import java.util.Set;
import org.mitre.oauth2.model.SystemScope;
import org.mitre.oauth2.service.SystemScopeService;
import org.mitre.openid.connect.view.HttpCodeView;
import org.mitre.openid.connect.view.JsonEntityView;
import org.mitre.openid.connect.view.JsonErrorView;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@ -60,7 +63,7 @@ public class ScopeAPI {
m.put("entity", allScopes);
return "jsonEntityView";
return JsonEntityView.VIEWNAME;
}
@RequestMapping(value = "/{id}", method = RequestMethod.GET, produces = "application/json")
@ -72,14 +75,14 @@ public class ScopeAPI {
m.put("entity", scope);
return "jsonEntityView";
return JsonEntityView.VIEWNAME;
} else {
logger.error("getScope failed; scope not found: " + id);
m.put("code", HttpStatus.NOT_FOUND);
m.put("errorMessage", "The requested scope with id " + id + " could not be found.");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
}
}
@ -100,7 +103,7 @@ public class ScopeAPI {
m.put("entity", scope);
return "jsonEntityView";
return JsonEntityView.VIEWNAME;
} else {
logger.error("updateScope failed; scope ids to not match: got "
@ -109,7 +112,7 @@ public class ScopeAPI {
m.put("code", HttpStatus.BAD_REQUEST);
m.put("errorMessage", "Could not update scope. Scope ids to not match: got "
+ existing.getId() + " and " + scope.getId());
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
}
} else {
@ -117,7 +120,7 @@ public class ScopeAPI {
logger.error("updateScope failed; scope with id " + id + " not found.");
m.put("code", HttpStatus.NOT_FOUND);
m.put("errorMessage", "Could not update scope. The scope with id " + id + " could not be found.");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
}
}
@ -132,7 +135,7 @@ public class ScopeAPI {
logger.error("Error: attempting to save a scope with a value that already exists: " + scope.getValue());
m.put("code", HttpStatus.CONFLICT);
m.put("errorMessage", "A scope with value " + scope.getValue() + " already exists, please choose a different value.");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
}
scope = scopeService.save(scope);
@ -141,13 +144,13 @@ public class ScopeAPI {
m.put("entity", scope);
return "jsonEntityView";
return JsonEntityView.VIEWNAME;
} else {
logger.error("createScope failed; JSON was invalid: " + json);
m.put("code", HttpStatus.BAD_REQUEST);
m.put("errorMessage", "Could not save new scope " + scope + ". The scope service failed to return a saved entity.");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
}
}
@ -161,13 +164,13 @@ public class ScopeAPI {
scopeService.remove(existing);
return "httpCodeView";
return HttpCodeView.VIEWNAME;
} else {
logger.error("deleteScope failed; scope with id " + id + " not found.");
m.put("code", HttpStatus.NOT_FOUND);
m.put("errorMessage", "Could not delete scope. The requested scope with id " + id + " could not be found.");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
}
}

41
openid-connect-server/src/main/java/org/mitre/oauth2/web/TokenAPI.java
View File

@ -25,6 +25,9 @@ import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
import org.mitre.oauth2.service.ClientDetailsEntityService;
import org.mitre.oauth2.service.OAuth2TokenEntityService;
import org.mitre.oauth2.view.TokenApiView;
import org.mitre.openid.connect.view.HttpCodeView;
import org.mitre.openid.connect.view.JsonErrorView;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@ -59,7 +62,7 @@ public class TokenAPI {
Set<OAuth2AccessTokenEntity> allTokens = tokenService.getAllAccessTokensForUser(p.getName());
m.put("entity", allTokens);
return "tokenApiView";
return TokenApiView.VIEWNAME;
}
@RequestMapping(value = "/access/{id}", method = RequestMethod.GET, produces = "application/json")
@ -71,15 +74,15 @@ public class TokenAPI {
logger.error("getToken failed; token not found: " + id);
m.put("code", HttpStatus.NOT_FOUND);
m.put("errorMessage", "The requested token with id " + id + " could not be found.");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
} else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) {
logger.error("getToken failed; token does not belong to principal " + p.getName());
m.put("code", HttpStatus.FORBIDDEN);
m.put("errorMessage", "You do not have permission to view this token");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
} else {
m.put("entity", token);
return "tokenApiView";
return TokenApiView.VIEWNAME;
}
}
@ -92,16 +95,16 @@ public class TokenAPI {
logger.error("getToken failed; token not found: " + id);
m.put("code", HttpStatus.NOT_FOUND);
m.put("errorMessage", "The requested token with id " + id + " could not be found.");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
} else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) {
logger.error("getToken failed; token does not belong to principal " + p.getName());
m.put("code", HttpStatus.FORBIDDEN);
m.put("errorMessage", "You do not have permission to view this token");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
} else {
tokenService.revokeAccessToken(token);
return "httpCodeView";
return HttpCodeView.VIEWNAME;
}
}
@ -114,12 +117,12 @@ public class TokenAPI {
if (client != null) {
List<OAuth2AccessTokenEntity> tokens = tokenService.getAccessTokensForClient(client);
m.put("entity", tokens);
return "tokenApiView";
return TokenApiView.VIEWNAME;
} else {
// client not found
m.put("code", HttpStatus.NOT_FOUND);
m.put("errorMessage", "The requested client with id " + clientId + " could not be found.");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
}
}
@ -134,17 +137,17 @@ public class TokenAPI {
OAuth2AccessTokenEntity token = tokenService.getRegistrationAccessTokenForClient(client);
if (token != null) {
m.put("entity", token);
return "tokenApiView";
return TokenApiView.VIEWNAME;
} else {
m.put("code", HttpStatus.NOT_FOUND);
m.put("errorMessage", "No registration token could be found.");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
}
} else {
// client not found
m.put("code", HttpStatus.NOT_FOUND);
m.put("errorMessage", "The requested client with id " + clientId + " could not be found.");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
}
}
@ -154,7 +157,7 @@ public class TokenAPI {
Set<OAuth2RefreshTokenEntity> allTokens = tokenService.getAllRefreshTokensForUser(p.getName());
m.put("entity", allTokens);
return "tokenApiView";
return TokenApiView.VIEWNAME;
}
@ -168,15 +171,15 @@ public class TokenAPI {
logger.error("refresh token not found: " + id);
m.put("code", HttpStatus.NOT_FOUND);
m.put("errorMessage", "The requested token with id " + id + " could not be found.");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
} else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) {
logger.error("refresh token " + id + " does not belong to principal " + p.getName());
m.put("code", HttpStatus.FORBIDDEN);
m.put("errorMessage", "You do not have permission to view this token");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
} else {
m.put("entity", token);
return "tokenApiView";
return TokenApiView.VIEWNAME;
}
}
@ -189,16 +192,16 @@ public class TokenAPI {
logger.error("refresh token not found: " + id);
m.put("code", HttpStatus.NOT_FOUND);
m.put("errorMessage", "The requested token with id " + id + " could not be found.");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
} else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) {
logger.error("refresh token " + id + " does not belong to principal " + p.getName());
m.put("code", HttpStatus.FORBIDDEN);
m.put("errorMessage", "You do not have permission to view this token");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
} else {
tokenService.revokeRefreshToken(token);
return "httpCodeView";
return HttpCodeView.VIEWNAME;
}
}

3
openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientEntityViewForAdmins.java
View File

@ -36,9 +36,10 @@ import com.google.gson.FieldAttributes;
* @author jricher
*
*/
@Component("clientEntityViewAdmins")
@Component(ClientEntityViewForAdmins.VIEWNAME)
public class ClientEntityViewForAdmins extends AbstractClientEntityView {
public static final String VIEWNAME = "clientEntityViewAdmins";
private Set<String> blacklistedFields = ImmutableSet.of("additionalInformation");
/**

4
openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientEntityViewForUsers.java
View File

@ -37,11 +37,13 @@ import com.google.gson.FieldAttributes;
* @author jricher
*
*/
@Component("clientEntityViewUsers")
@Component(ClientEntityViewForUsers.VIEWNAME)
public class ClientEntityViewForUsers extends AbstractClientEntityView {
private Set<String> whitelistedFields = ImmutableSet.of("clientName", "clientId", "id", "clientDescription", "scope", "logoUri");
public static final String VIEWNAME = "clientEntityViewUsers";
/* (non-Javadoc)
* @see org.mitre.openid.connect.view.AbstractClientEntityView#getExclusionStrategy()
*/

4
openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientInformationResponseView.java
View File

@ -46,11 +46,13 @@ import com.google.gson.JsonObject;
* @author jricher
*
*/
@Component("clientInformationResponseView")
@Component(ClientInformationResponseView.VIEWNAME)
public class ClientInformationResponseView extends AbstractView {
private static Logger logger = LoggerFactory.getLogger(ClientInformationResponseView.class);
public static final String VIEWNAME = "clientInformationResponseView";
// note that this won't serialize nulls by default
private Gson gson = new Gson();

4
openid-connect-server/src/main/java/org/mitre/openid/connect/view/HttpCodeView.java
View File

@ -33,9 +33,11 @@ import org.springframework.web.servlet.view.AbstractView;
* @author jricher
*
*/
@Component("httpCodeView")
@Component(HttpCodeView.VIEWNAME)
public class HttpCodeView extends AbstractView {
public static final String VIEWNAME = "httpCodeView";
@Override
protected void renderMergedOutputModel(Map<String, Object> model, HttpServletRequest request, HttpServletResponse response) {
HttpStatus code = (HttpStatus) model.get("code");

4
openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonApprovedSiteView.java
View File

@ -49,11 +49,13 @@ import com.google.gson.JsonSerializer;
* @author jricher
*
*/
@Component("jsonApprovedSiteView")
@Component(JsonApprovedSiteView.VIEWNAME)
public class JsonApprovedSiteView extends AbstractView {
private static Logger logger = LoggerFactory.getLogger(JsonApprovedSiteView.class);
public static final String VIEWNAME = "jsonApprovedSiteView";
private Gson gson = new GsonBuilder()
.setExclusionStrategies(new ExclusionStrategy() {

4
openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonEntityView.java
View File

@ -42,11 +42,13 @@ import com.google.gson.GsonBuilder;
* @author jricher
*
*/
@Component("jsonEntityView")
@Component(JsonEntityView.VIEWNAME)
public class JsonEntityView extends AbstractView {
private static Logger logger = LoggerFactory.getLogger(JsonEntityView.class);
public static final String VIEWNAME = "jsonEntityView";
private Gson gson = new GsonBuilder()
.setExclusionStrategies(new ExclusionStrategy() {

4
openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonErrorView.java
View File

@ -41,11 +41,13 @@ import com.google.gson.JsonObject;
* @author aanganes, jricher
*
*/
@Component("jsonErrorView")
@Component(JsonErrorView.VIEWNAME)
public class JsonErrorView extends AbstractView {
private static Logger logger = LoggerFactory.getLogger(JsonEntityView.class);
public static final String VIEWNAME = "jsonErrorView";
private Gson gson = new GsonBuilder()
.setExclusionStrategies(new ExclusionStrategy() {

4
openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoJwtView.java
View File

@ -56,11 +56,13 @@ import com.nimbusds.jwt.SignedJWT;
* @author jricher
*
*/
@Component("userInfoJwtView")
@Component(UserInfoJwtView.VIEWNAME)
public class UserInfoJwtView extends UserInfoView {
private static Logger logger = LoggerFactory.getLogger(UserInfoJwtView.class);
public static final String VIEWNAME = "userInfoJwtView";
@Autowired
private JwtSigningAndValidationService jwtService;

4
openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoView.java
View File

@ -43,11 +43,13 @@ import com.google.gson.JsonElement;
import com.google.gson.JsonObject;
import com.google.gson.JsonParser;
@Component("userInfoView")
@Component(UserInfoView.VIEWNAME)
public class UserInfoView extends AbstractView {
private static JsonParser jsonParser = new JsonParser();
public static final String VIEWNAME = "userInfoView";
private static Logger logger = LoggerFactory.getLogger(UserInfoView.class);
@Autowired

17
openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java
View File

@ -25,6 +25,9 @@ import java.util.Collection;
import org.mitre.oauth2.service.OAuth2TokenEntityService;
import org.mitre.openid.connect.model.ApprovedSite;
import org.mitre.openid.connect.service.ApprovedSiteService;
import org.mitre.openid.connect.view.HttpCodeView;
import org.mitre.openid.connect.view.JsonApprovedSiteView;
import org.mitre.openid.connect.view.JsonErrorView;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@ -65,7 +68,7 @@ public class ApprovedSiteAPI {
m.put("entity", all);
return "jsonApprovedSiteView";
return JsonApprovedSiteView.VIEWNAME;
}
/**
@ -80,19 +83,19 @@ public class ApprovedSiteAPI {
logger.error("deleteApprovedSite failed; no approved site found for id: " + id);
m.put("code", HttpStatus.NOT_FOUND);
m.put("errorMessage", "Could not delete approved site. The requested approved site with id: " + id + " could not be found.");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
} else if (!approvedSite.getUserId().equals(p.getName())) {
logger.error("deleteApprovedSite failed; principal "
+ p.getName() + " does not own approved site" + id);
m.put("code", HttpStatus.FORBIDDEN);
m.put("errorMessage", "You do not have permission to delete this approved site. The approved site decision will not be deleted.");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
} else {
m.put("code", HttpStatus.OK);
approvedSiteService.remove(approvedSite);
}
return "httpCodeView";
return HttpCodeView.VIEWNAME;
}
/**
@ -105,16 +108,16 @@ public class ApprovedSiteAPI {
logger.error("getApprovedSite failed; no approved site found for id: " + id);
m.put("code", HttpStatus.NOT_FOUND);
m.put("errorMessage", "The requested approved site with id: " + id + " could not be found.");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
} else if (!approvedSite.getUserId().equals(p.getName())) {
logger.error("getApprovedSite failed; principal "
+ p.getName() + " does not own approved site" + id);
m.put("code", HttpStatus.FORBIDDEN);
m.put("errorMessage", "You do not have permission to view this approved site.");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
} else {
m.put("entity", approvedSite);
return "jsonApprovedSiteView";
return JsonApprovedSiteView.VIEWNAME;
}
}

27
openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java
View File

@ -24,6 +24,9 @@ import java.util.Collection;
import org.mitre.openid.connect.model.BlacklistedSite;
import org.mitre.openid.connect.service.BlacklistedSiteService;
import org.mitre.openid.connect.view.HttpCodeView;
import org.mitre.openid.connect.view.JsonEntityView;
import org.mitre.openid.connect.view.JsonErrorView;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@ -70,7 +73,7 @@ public class BlacklistAPI {
m.put("entity", all);
return "jsonEntityView";
return JsonEntityView.VIEWNAME;
}
/**
@ -99,15 +102,15 @@ public class BlacklistAPI {
logger.error("addNewBlacklistedSite failed due to JsonSyntaxException: ", e);
m.put("code", HttpStatus.BAD_REQUEST);
m.put("errorMessage", "Could not save new blacklisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance.");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
} catch (IllegalStateException e) {
logger.error("addNewBlacklistedSite failed due to IllegalStateException", e);
m.put("code", HttpStatus.BAD_REQUEST);
m.put("errorMessage", "Could not save new blacklisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance.");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
}
return "jsonEntityView";
return JsonEntityView.VIEWNAME;
}
@ -131,12 +134,12 @@ public class BlacklistAPI {
logger.error("updateBlacklistedSite failed due to JsonSyntaxException", e);
m.put("code", HttpStatus.BAD_REQUEST);
m.put("errorMessage", "Could not update blacklisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance.");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
} catch (IllegalStateException e) {
logger.error("updateBlacklistedSite failed due to IllegalStateException", e);
m.put("code", HttpStatus.BAD_REQUEST);
m.put("errorMessage", "Could not update blacklisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance.");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
}
@ -146,14 +149,14 @@ public class BlacklistAPI {
logger.error("updateBlacklistedSite failed; blacklist with id " + id + " could not be found");
m.put("code", HttpStatus.NOT_FOUND);
m.put("errorMessage", "Could not update blacklisted site. The requested blacklist with id " + id + "could not be found.");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
} else {
BlacklistedSite newBlacklist = blacklistService.update(oldBlacklist, blacklist);
m.put("entity", newBlacklist);
return "jsonEntityView";
return JsonEntityView.VIEWNAME;
}
}
@ -168,13 +171,13 @@ public class BlacklistAPI {
if (blacklist == null) {
logger.error("deleteBlacklistedSite failed; blacklist with id " + id + " could not be found");
m.put("errorMessage", "Could not delete bladklist. The requested bladklist with id " + id + " could not be found.");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
} else {
m.put("code", HttpStatus.OK);
blacklistService.remove(blacklist);
}
return "httpCodeView";
return HttpCodeView.VIEWNAME;
}
/**
@ -187,12 +190,12 @@ public class BlacklistAPI {
logger.error("getBlacklistedSite failed; blacklist with id " + id + " could not be found");
m.put("code", HttpStatus.NOT_FOUND);
m.put("errorMessage", "Could not delete bladklist. The requested bladklist with id " + id + " could not be found.");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
} else {
m.put("entity", blacklist);
return "jsonEntityView";
return JsonEntityView.VIEWNAME;
}
}

44
openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java
View File

@ -26,6 +26,10 @@ import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod;
import org.mitre.oauth2.service.ClientDetailsEntityService;
import org.mitre.openid.connect.service.UserInfoService;
import org.mitre.openid.connect.view.ClientEntityViewForAdmins;
import org.mitre.openid.connect.view.ClientEntityViewForUsers;
import org.mitre.openid.connect.view.HttpCodeView;
import org.mitre.openid.connect.view.JsonErrorView;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@ -118,9 +122,9 @@ public class ClientAPI {
model.addAttribute("entity", clients);
if (isAdmin(auth)) {
return "clientEntityViewAdmins";
return ClientEntityViewForAdmins.VIEWNAME;
} else {
return "clientEntityViewUsers";
return ClientEntityViewForUsers.VIEWNAME;
}
}
@ -146,12 +150,12 @@ public class ClientAPI {
logger.error("apiAddClient failed due to JsonSyntaxException", e);
m.addAttribute("code", HttpStatus.BAD_REQUEST);
m.addAttribute("errorMessage", "Could not save new client. The server encountered a JSON syntax exception. Contact a system administrator for assistance.");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
} catch (IllegalStateException e) {
logger.error("apiAddClient failed due to IllegalStateException", e);
m.addAttribute("code", HttpStatus.BAD_REQUEST);
m.addAttribute("errorMessage", "Could not save new client. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance.");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
}
// if they leave the client identifier empty, force it to be generated
@ -181,7 +185,7 @@ public class ClientAPI {
logger.error("tried to create client with private key auth but no private key");
m.addAttribute("code", HttpStatus.BAD_REQUEST);
m.addAttribute("errorMessage", "Can not create a client with private key authentication without registering a key via the JWS Set URI.");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
}
// otherwise we shouldn't have a secret for this client
@ -192,7 +196,7 @@ public class ClientAPI {
logger.error("unknown auth method");
m.addAttribute("code", HttpStatus.BAD_REQUEST);
m.addAttribute("errorMessage", "Unknown auth method requested");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
}
@ -203,9 +207,9 @@ public class ClientAPI {
m.addAttribute("entity", newClient);
if (isAdmin(auth)) {
return "clientEntityViewAdmins";
return ClientEntityViewForAdmins.VIEWNAME;
} else {
return "clientEntityViewUsers";
return ClientEntityViewForUsers.VIEWNAME;
}
}
@ -233,12 +237,12 @@ public class ClientAPI {
logger.error("apiUpdateClient failed due to JsonSyntaxException", e);
m.addAttribute("code", HttpStatus.BAD_REQUEST);
m.addAttribute("errorMessage", "Could not update client. The server encountered a JSON syntax exception. Contact a system administrator for assistance.");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
} catch (IllegalStateException e) {
logger.error("apiUpdateClient failed due to IllegalStateException", e);
m.addAttribute("code", HttpStatus.BAD_REQUEST);
m.addAttribute("errorMessage", "Could not update client. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance.");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
}
ClientDetailsEntity oldClient = clientService.getClientById(id);
@ -247,7 +251,7 @@ public class ClientAPI {
logger.error("apiUpdateClient failed; client with id " + id + " could not be found.");
m.addAttribute("code", HttpStatus.NOT_FOUND);
m.addAttribute("errorMessage", "Could not update client. The requested client with id " + id + "could not be found.");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
}
// if they leave the client identifier empty, force it to be generated
@ -277,7 +281,7 @@ public class ClientAPI {
logger.error("tried to create client with private key auth but no private key");
m.addAttribute("code", HttpStatus.BAD_REQUEST);
m.addAttribute("errorMessage", "Can not create a client with private key authentication without registering a key via the JWS Set URI.");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
}
// otherwise we shouldn't have a secret for this client
@ -288,7 +292,7 @@ public class ClientAPI {
logger.error("unknown auth method");
m.addAttribute("code", HttpStatus.BAD_REQUEST);
m.addAttribute("errorMessage", "Unknown auth method requested");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
}
@ -297,9 +301,9 @@ public class ClientAPI {
m.addAttribute("entity", newClient);
if (isAdmin(auth)) {
return "clientEntityViewAdmins";
return ClientEntityViewForAdmins.VIEWNAME;
} else {
return "clientEntityViewUsers";
return ClientEntityViewForUsers.VIEWNAME;
}
}
@ -319,13 +323,13 @@ public class ClientAPI {
logger.error("apiDeleteClient failed; client with id " + id + " could not be found.");
modelAndView.getModelMap().put("code", HttpStatus.NOT_FOUND);
modelAndView.getModelMap().put("errorMessage", "Could not delete client. The requested client with id " + id + "could not be found.");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
} else {
modelAndView.getModelMap().put("code", HttpStatus.OK);
clientService.deleteClient(client);
}
return "httpCodeView";
return HttpCodeView.VIEWNAME;
}
@ -344,15 +348,15 @@ public class ClientAPI {
logger.error("apiShowClient failed; client with id " + id + " could not be found.");
model.addAttribute("code", HttpStatus.NOT_FOUND);
model.addAttribute("errorMessage", "The requested client with id " + id + " could not be found.");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
}
model.addAttribute("entity", client);
if (isAdmin(auth)) {
return "clientEntityViewAdmins";
return ClientEntityViewForAdmins.VIEWNAME;
} else {
return "clientEntityViewUsers";
return ClientEntityViewForUsers.VIEWNAME;
}
}

37
openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java
View File

@ -37,6 +37,9 @@ import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
import org.mitre.openid.connect.exception.ValidationException;
import org.mitre.openid.connect.service.BlacklistedSiteService;
import org.mitre.openid.connect.service.OIDCTokenService;
import org.mitre.openid.connect.view.ClientInformationResponseView;
import org.mitre.openid.connect.view.HttpCodeView;
import org.mitre.openid.connect.view.JsonErrorView;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@ -102,7 +105,7 @@ public class ClientDynamicRegistrationEndpoint {
// didn't parse, this is a bad request
logger.error("registerNewClient failed; submitted JSON is malformed");
m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400
return "httpCodeView";
return HttpCodeView.VIEWNAME;
}
if (newClient != null) {
@ -128,7 +131,7 @@ public class ClientDynamicRegistrationEndpoint {
m.addAttribute("error", ve.getError());
m.addAttribute("errorMessage", ve.getErrorDescription());
m.addAttribute("code", ve.getStatus());
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
}
if (newClient.getTokenEndpointAuthMethod() == null) {
@ -168,11 +171,11 @@ public class ClientDynamicRegistrationEndpoint {
m.addAttribute("client", registered);
m.addAttribute("code", HttpStatus.CREATED); // http 201
return "clientInformationResponseView";
return ClientInformationResponseView.VIEWNAME;
} catch (UnsupportedEncodingException e) {
logger.error("Unsupported encoding", e);
m.addAttribute("code", HttpStatus.INTERNAL_SERVER_ERROR);
return "httpCodeView";
return HttpCodeView.VIEWNAME;
} catch (IllegalArgumentException e) {
logger.error("Couldn't save client", e);
@ -180,14 +183,14 @@ public class ClientDynamicRegistrationEndpoint {
m.addAttribute("errorMessage", "Unable to save client due to invalid or inconsistent metadata.");
m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
}
} else {
// didn't parse, this is a bad request
logger.error("registerNewClient failed; submitted JSON is malformed");
m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400
return "httpCodeView";
return HttpCodeView.VIEWNAME;
}
}
@ -215,11 +218,11 @@ public class ClientDynamicRegistrationEndpoint {
m.addAttribute("client", registered);
m.addAttribute("code", HttpStatus.OK); // http 200
return "clientInformationResponseView";
return ClientInformationResponseView.VIEWNAME;
} catch (UnsupportedEncodingException e) {
logger.error("Unsupported encoding", e);
m.addAttribute("code", HttpStatus.INTERNAL_SERVER_ERROR);
return "httpCodeView";
return HttpCodeView.VIEWNAME;
}
} else {
@ -228,7 +231,7 @@ public class ClientDynamicRegistrationEndpoint {
+ clientId + " and " + auth.getOAuth2Request().getClientId() + " do not match.");
m.addAttribute("code", HttpStatus.FORBIDDEN); // http 403
return "httpCodeView";
return HttpCodeView.VIEWNAME;
}
}
@ -253,7 +256,7 @@ public class ClientDynamicRegistrationEndpoint {
// didn't parse, this is a bad request
logger.error("updateClient failed; submitted JSON is malformed");
m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400
return "httpCodeView";
return HttpCodeView.VIEWNAME;
}
ClientDetailsEntity oldClient = clientService.loadClientByClientId(clientId);
@ -288,7 +291,7 @@ public class ClientDynamicRegistrationEndpoint {
m.addAttribute("error", ve.getError());
m.addAttribute("errorMessage", ve.getErrorDescription());
m.addAttribute("code", ve.getStatus());
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
}
try {
@ -303,11 +306,11 @@ public class ClientDynamicRegistrationEndpoint {
m.addAttribute("client", registered);
m.addAttribute("code", HttpStatus.OK); // http 200
return "clientInformationResponseView";
return ClientInformationResponseView.VIEWNAME;
} catch (UnsupportedEncodingException e) {
logger.error("Unsupported encoding", e);
m.addAttribute("code", HttpStatus.INTERNAL_SERVER_ERROR);
return "httpCodeView";
return HttpCodeView.VIEWNAME;
} catch (IllegalArgumentException e) {
logger.error("Couldn't save client", e);
@ -315,7 +318,7 @@ public class ClientDynamicRegistrationEndpoint {
m.addAttribute("errorMessage", "Unable to save client due to invalid or inconsistent metadata.");
m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
}
} else {
// client mismatch
@ -323,7 +326,7 @@ public class ClientDynamicRegistrationEndpoint {
+ clientId + " and " + auth.getOAuth2Request().getClientId() + " do not match.");
m.addAttribute("code", HttpStatus.FORBIDDEN); // http 403
return "httpCodeView";
return HttpCodeView.VIEWNAME;
}
}
@ -346,14 +349,14 @@ public class ClientDynamicRegistrationEndpoint {
m.addAttribute("code", HttpStatus.NO_CONTENT); // http 204
return "httpCodeView";
return HttpCodeView.VIEWNAME;
} else {
// client mismatch
logger.error("readClientConfiguration failed, client ID mismatch: "
+ clientId + " and " + auth.getOAuth2Request().getClientId() + " do not match.");
m.addAttribute("code", HttpStatus.FORBIDDEN); // http 403
return "httpCodeView";
return HttpCodeView.VIEWNAME;
}
}

3
openid-connect-server/src/main/java/org/mitre/openid/connect/web/JsonWebKeyEndpoint.java
View File

@ -19,6 +19,7 @@ package org.mitre.openid.connect.web;
import java.util.Map;
import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
import org.mitre.openid.connect.view.JwkKeyListView;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
@ -42,7 +43,7 @@ public class JsonWebKeyEndpoint {
m.addAttribute("keys", keys);
return "jwkKeyList";
return JwkKeyListView.VIEWNAME;
}
/**

37
openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java
View File

@ -36,6 +36,9 @@ import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
import org.mitre.openid.connect.exception.ValidationException;
import org.mitre.openid.connect.service.BlacklistedSiteService;
import org.mitre.openid.connect.service.OIDCTokenService;
import org.mitre.openid.connect.view.ClientInformationResponseView;
import org.mitre.openid.connect.view.HttpCodeView;
import org.mitre.openid.connect.view.JsonErrorView;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@ -100,7 +103,7 @@ public class ProtectedResourceRegistrationEndpoint {
// didn't parse, this is a bad request
logger.error("registerNewProtectedResource failed; submitted JSON is malformed");
m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400
return "httpCodeView";
return HttpCodeView.VIEWNAME;
}
if (newClient != null) {
@ -123,7 +126,7 @@ public class ProtectedResourceRegistrationEndpoint {
m.addAttribute("error", ve.getError());
m.addAttribute("errorMessage", ve.getErrorDescription());
m.addAttribute("code", ve.getStatus());
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
}
@ -174,11 +177,11 @@ public class ProtectedResourceRegistrationEndpoint {
m.addAttribute("client", registered);
m.addAttribute("code", HttpStatus.CREATED); // http 201
return "clientInformationResponseView";
return ClientInformationResponseView.VIEWNAME;
} catch (UnsupportedEncodingException e) {
logger.error("Unsupported encoding", e);
m.addAttribute("code", HttpStatus.INTERNAL_SERVER_ERROR);
return "httpCodeView";
return HttpCodeView.VIEWNAME;
} catch (IllegalArgumentException e) {
logger.error("Couldn't save client", e);
@ -186,14 +189,14 @@ public class ProtectedResourceRegistrationEndpoint {
m.addAttribute("errorMessage", "Unable to save client due to invalid or inconsistent metadata.");
m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
}
} else {
// didn't parse, this is a bad request
logger.error("registerNewClient failed; submitted JSON is malformed");
m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400
return "httpCodeView";
return HttpCodeView.VIEWNAME;
}
}
@ -245,11 +248,11 @@ public class ProtectedResourceRegistrationEndpoint {
m.addAttribute("client", registered);
m.addAttribute("code", HttpStatus.OK); // http 200
return "clientInformationResponseView";
return ClientInformationResponseView.VIEWNAME;
} catch (UnsupportedEncodingException e) {
logger.error("Unsupported encoding", e);
m.addAttribute("code", HttpStatus.INTERNAL_SERVER_ERROR);
return "httpCodeView";
return HttpCodeView.VIEWNAME;
}
} else {
// client mismatch
@ -257,7 +260,7 @@ public class ProtectedResourceRegistrationEndpoint {
+ clientId + " and " + auth.getOAuth2Request().getClientId() + " do not match.");
m.addAttribute("code", HttpStatus.FORBIDDEN); // http 403
return "httpCodeView";
return HttpCodeView.VIEWNAME;
}
}
@ -282,7 +285,7 @@ public class ProtectedResourceRegistrationEndpoint {
// didn't parse, this is a bad request
logger.error("updateProtectedResource failed; submitted JSON is malformed");
m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400
return "httpCodeView";
return HttpCodeView.VIEWNAME;
}
ClientDetailsEntity oldClient = clientService.loadClientByClientId(clientId);
@ -339,7 +342,7 @@ public class ProtectedResourceRegistrationEndpoint {
m.addAttribute("error", ve.getError());
m.addAttribute("errorMessage", ve.getErrorDescription());
m.addAttribute("code", ve.getStatus());
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
}
@ -356,11 +359,11 @@ public class ProtectedResourceRegistrationEndpoint {
m.addAttribute("client", registered);
m.addAttribute("code", HttpStatus.OK); // http 200
return "clientInformationResponseView";
return ClientInformationResponseView.VIEWNAME;
} catch (UnsupportedEncodingException e) {
logger.error("Unsupported encoding", e);
m.addAttribute("code", HttpStatus.INTERNAL_SERVER_ERROR);
return "httpCodeView";
return HttpCodeView.VIEWNAME;
} catch (IllegalArgumentException e) {
logger.error("Couldn't save client", e);
@ -368,7 +371,7 @@ public class ProtectedResourceRegistrationEndpoint {
m.addAttribute("errorMessage", "Unable to save client due to invalid or inconsistent metadata.");
m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
}
} else {
// client mismatch
@ -377,7 +380,7 @@ public class ProtectedResourceRegistrationEndpoint {
+ clientId + " and " + auth.getOAuth2Request().getClientId() + " do not match.");
m.addAttribute("code", HttpStatus.FORBIDDEN); // http 403
return "httpCodeView";
return HttpCodeView.VIEWNAME;
}
}
@ -400,14 +403,14 @@ public class ProtectedResourceRegistrationEndpoint {
m.addAttribute("code", HttpStatus.NO_CONTENT); // http 204
return "httpCodeView";
return HttpCodeView.VIEWNAME;
} else {
// client mismatch
logger.error("readClientConfiguration failed, client ID mismatch: "
+ clientId + " and " + auth.getOAuth2Request().getClientId() + " do not match.");
m.addAttribute("code", HttpStatus.FORBIDDEN); // http 403
return "httpCodeView";
return HttpCodeView.VIEWNAME;
}
}

7
openid-connect-server/src/main/java/org/mitre/openid/connect/web/StatsAPI.java
View File

@ -19,6 +19,7 @@ package org.mitre.openid.connect.web;
import java.util.Map;
import org.mitre.openid.connect.service.StatsService;
import org.mitre.openid.connect.view.JsonEntityView;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller;
@ -40,7 +41,7 @@ public class StatsAPI {
m.put("entity", e);
return "jsonEntityView";
return JsonEntityView.VIEWNAME;
}
@ -51,7 +52,7 @@ public class StatsAPI {
m.put("entity", e);
return "jsonEntityView";
return JsonEntityView.VIEWNAME;
}
@PreAuthorize("hasRole('ROLE_USER')")
@ -61,7 +62,7 @@ public class StatsAPI {
m.put("entity", e);
return "jsonEntityView";
return JsonEntityView.VIEWNAME;
}
}

19
openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java
View File

@ -22,6 +22,9 @@ import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.service.ClientDetailsEntityService;
import org.mitre.openid.connect.model.UserInfo;
import org.mitre.openid.connect.service.UserInfoService;
import org.mitre.openid.connect.view.HttpCodeView;
import org.mitre.openid.connect.view.UserInfoJwtView;
import org.mitre.openid.connect.view.UserInfoView;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@ -69,7 +72,7 @@ public class UserInfoEndpoint {
if (auth == null) {
logger.error("getInfo failed; no principal. Requester is not authorized.");
model.addAttribute("code", HttpStatus.FORBIDDEN);
return "httpCodeView";
return HttpCodeView.VIEWNAME;
}
String username = auth.getName();
@ -78,7 +81,7 @@ public class UserInfoEndpoint {
if (userInfo == null) {
logger.error("getInfo failed; user not found: " + username);
model.addAttribute("code", HttpStatus.NOT_FOUND);
return "httpCodeView";
return HttpCodeView.VIEWNAME;
}
model.addAttribute("scope", auth.getOAuth2Request().getScope());
@ -106,26 +109,26 @@ public class UserInfoEndpoint {
// client has a preference, see if they ask for plain JSON specifically on this request
for (MediaType m : mediaTypes) {
if (!m.isWildcardType() && m.isCompatibleWith(JOSE_MEDIA_TYPE)) {
return "userInfoJwtView";
return UserInfoJwtView.VIEWNAME;
} else if (!m.isWildcardType() && m.isCompatibleWith(MediaType.APPLICATION_JSON)) {
return "userInfoView";
return UserInfoView.VIEWNAME;
}
}
// otherwise return JWT
return "userInfoJwtView";
return UserInfoJwtView.VIEWNAME;
} else {
// client has no preference, see if they asked for JWT specifically on this request
for (MediaType m : mediaTypes) {
if (!m.isWildcardType() && m.isCompatibleWith(MediaType.APPLICATION_JSON)) {
return "userInfoView";
return UserInfoView.VIEWNAME;
} else if (!m.isWildcardType() && m.isCompatibleWith(JOSE_MEDIA_TYPE)) {
return "userInfoJwtView";
return UserInfoJwtView.VIEWNAME;
}
}
// otherwise return JSON
return "userInfoView";
return UserInfoView.VIEWNAME;
}
}

27
openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java
View File

@ -24,6 +24,9 @@ import java.util.Collection;
import org.mitre.openid.connect.model.WhitelistedSite;
import org.mitre.openid.connect.service.WhitelistedSiteService;
import org.mitre.openid.connect.view.HttpCodeView;
import org.mitre.openid.connect.view.JsonEntityView;
import org.mitre.openid.connect.view.JsonErrorView;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@ -70,7 +73,7 @@ public class WhitelistAPI {
m.put("entity", all);
return "jsonEntityView";
return JsonEntityView.VIEWNAME;
}
/**
@ -95,12 +98,12 @@ public class WhitelistAPI {
logger.error("addNewWhitelistedSite failed due to JsonParseException", e);
m.addAttribute("code", HttpStatus.BAD_REQUEST);
m.addAttribute("errorMessage", "Could not save new whitelisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance.");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
} catch (IllegalStateException e) {
logger.error("addNewWhitelistedSite failed due to IllegalStateException", e);
m.addAttribute("code", HttpStatus.BAD_REQUEST);
m.addAttribute("errorMessage", "Could not save new whitelisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance.");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
}
// save the id of the person who created this
@ -110,7 +113,7 @@ public class WhitelistAPI {
m.put("entity", newWhitelist);
return "jsonEntityView";
return JsonEntityView.VIEWNAME;
}
@ -132,12 +135,12 @@ public class WhitelistAPI {
logger.error("updateWhitelistedSite failed due to JsonParseException", e);
m.put("code", HttpStatus.BAD_REQUEST);
m.put("errorMessage", "Could not update whitelisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance.");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
} catch (IllegalStateException e) {
logger.error("updateWhitelistedSite failed due to IllegalStateException", e);
m.put("code", HttpStatus.BAD_REQUEST);
m.put("errorMessage", "Could not update whitelisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance.");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
}
WhitelistedSite oldWhitelist = whitelistService.getById(id);
@ -146,14 +149,14 @@ public class WhitelistAPI {
logger.error("updateWhitelistedSite failed; whitelist with id " + id + " could not be found.");
m.put("code", HttpStatus.NOT_FOUND);
m.put("errorMessage", "Could not update whitelisted site. The requested whitelisted site with id " + id + "could not be found.");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
} else {
WhitelistedSite newWhitelist = whitelistService.update(oldWhitelist, whitelist);
m.put("entity", newWhitelist);
return "jsonEntityView";
return JsonEntityView.VIEWNAME;
}
}
@ -170,13 +173,13 @@ public class WhitelistAPI {
logger.error("deleteWhitelistedSite failed; whitelist with id " + id + " could not be found.");
m.put("code", HttpStatus.NOT_FOUND);
m.put("errorMessage", "Could not delete whitelisted site. The requested whitelisted site with id " + id + "could not be found.");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
} else {
m.put("code", HttpStatus.OK);
whitelistService.remove(whitelist);
}
return "httpCodeView";
return HttpCodeView.VIEWNAME;
}
/**
@ -189,12 +192,12 @@ public class WhitelistAPI {
logger.error("getWhitelistedSite failed; whitelist with id " + id + " could not be found.");
m.put("code", HttpStatus.NOT_FOUND);
m.put("errorMessage", "The requested whitelisted site with id " + id + "could not be found.");
return "jsonErrorView";
return JsonErrorView.VIEWNAME;
} else {
m.put("entity", whitelist);
return "jsonEntityView";
return JsonEntityView.VIEWNAME;
}
}

12
openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultIntrospectionAuthorizer.java
View File

@ -16,6 +16,12 @@
******************************************************************************/
package org.mitre.oauth2.service.impl;
import static com.google.common.collect.Sets.newHashSet;
import static org.hamcrest.CoreMatchers.is;
import static org.junit.Assert.assertThat;
import static org.mockito.BDDMockito.given;
import static org.mockito.Mockito.mock;
import java.util.Set;
import org.junit.Test;
@ -26,12 +32,6 @@ import org.mockito.Mock;
import org.mockito.runners.MockitoJUnitRunner;
import org.springframework.security.oauth2.provider.ClientDetails;
import static com.google.common.collect.Sets.newHashSet;
import static org.hamcrest.CoreMatchers.is;
import static org.junit.Assert.assertThat;
import static org.mockito.BDDMockito.given;
import static org.mockito.Mockito.mock;
@RunWith(MockitoJUnitRunner.class)
public class TestDefaultIntrospectionAuthorizer {