From c683131f12e225c289222835874f2a039473692f Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Sun, 28 Sep 2014 22:25:39 -0400 Subject: [PATCH] externalized view name strings and tied them to view beans --- .../keypublisher/ClientKeyPublisher.java | 8 ++-- .../openid/connect/view/JwkKeyListView.java | 3 +- .../discovery/web/DiscoveryEndpoint.java | 10 +++-- .../impl/BlacklistAwareRedirectResolver.java | 1 - .../org/mitre/oauth2/view/TokenApiView.java | 4 +- .../oauth2/view/TokenIntrospectionView.java | 4 +- .../oauth2/web/IntrospectionEndpoint.java | 15 ++++--- .../web/OAuthConfirmationController.java | 9 ++-- .../mitre/oauth2/web/RevocationEndpoint.java | 11 ++--- .../java/org/mitre/oauth2/web/ScopeAPI.java | 25 ++++++----- .../java/org/mitre/oauth2/web/TokenAPI.java | 41 +++++++++-------- .../view/ClientEntityViewForAdmins.java | 3 +- .../view/ClientEntityViewForUsers.java | 4 +- .../view/ClientInformationResponseView.java | 4 +- .../openid/connect/view/HttpCodeView.java | 4 +- .../connect/view/JsonApprovedSiteView.java | 4 +- .../openid/connect/view/JsonEntityView.java | 4 +- .../openid/connect/view/JsonErrorView.java | 4 +- .../openid/connect/view/UserInfoJwtView.java | 4 +- .../openid/connect/view/UserInfoView.java | 4 +- .../openid/connect/web/ApprovedSiteAPI.java | 17 ++++--- .../openid/connect/web/BlacklistAPI.java | 27 +++++++----- .../mitre/openid/connect/web/ClientAPI.java | 44 ++++++++++--------- .../ClientDynamicRegistrationEndpoint.java | 37 +++++++++------- .../connect/web/JsonWebKeyEndpoint.java | 3 +- ...ProtectedResourceRegistrationEndpoint.java | 37 +++++++++------- .../mitre/openid/connect/web/StatsAPI.java | 7 +-- .../openid/connect/web/UserInfoEndpoint.java | 19 ++++---- .../openid/connect/web/WhitelistAPI.java | 27 +++++++----- .../TestDefaultIntrospectionAuthorizer.java | 12 ++--- 30 files changed, 227 insertions(+), 169 deletions(-) diff --git a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/keypublisher/ClientKeyPublisher.java b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/keypublisher/ClientKeyPublisher.java index 673a55883..5d0cc5e09 100644 --- a/openid-connect-client/src/main/java/org/mitre/openid/connect/client/keypublisher/ClientKeyPublisher.java +++ b/openid-connect-client/src/main/java/org/mitre/openid/connect/client/keypublisher/ClientKeyPublisher.java @@ -43,7 +43,7 @@ public class ClientKeyPublisher implements BeanDefinitionRegistryPostProcessor { private BeanDefinitionRegistry registry; - private String jwkViewName = "jwkKeyList"; + private String jwkViewName = JwkKeyListView.VIEWNAME; /** * If the jwkPublishUrl field is set on this bean, set up a listener on that URL to publish keys. @@ -61,12 +61,12 @@ public class ClientKeyPublisher implements BeanDefinitionRegistryPostProcessor { clientKeyMapping.addPropertyValue("jwkPublishUrl", getJwkPublishUrl()); // randomize view name to make sure it doesn't conflict with local views - jwkViewName = "jwkKeyList-" + UUID.randomUUID().toString(); - viewResolver.addPropertyValue("jwkViewName", jwkViewName); + jwkViewName = JwkKeyListView.VIEWNAME + "-" + UUID.randomUUID().toString(); + viewResolver.addPropertyValue(JwkKeyListView.VIEWNAME, jwkViewName); // view bean BeanDefinitionBuilder jwkView = BeanDefinitionBuilder.rootBeanDefinition(JwkKeyListView.class); - registry.registerBeanDefinition("jwkKeyList", jwkView.getBeanDefinition()); + registry.registerBeanDefinition(JwkKeyListView.VIEWNAME, jwkView.getBeanDefinition()); viewResolver.addPropertyReference("jwk", "jwkKeyList"); } diff --git a/openid-connect-common/src/main/java/org/mitre/openid/connect/view/JwkKeyListView.java b/openid-connect-common/src/main/java/org/mitre/openid/connect/view/JwkKeyListView.java index b07e765b6..c713f2d2c 100644 --- a/openid-connect-common/src/main/java/org/mitre/openid/connect/view/JwkKeyListView.java +++ b/openid-connect-common/src/main/java/org/mitre/openid/connect/view/JwkKeyListView.java @@ -39,9 +39,10 @@ import com.nimbusds.jose.jwk.JWKSet; * @author jricher * */ -@Component("jwkKeyList") +@Component(JwkKeyListView.VIEWNAME) public class JwkKeyListView extends AbstractView { + public static final String VIEWNAME = "jwkKeyList"; private static Logger logger = LoggerFactory.getLogger(JwkKeyListView.class); @Override diff --git a/openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java b/openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java index ad2caa831..e4be95fb5 100644 --- a/openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java @@ -27,6 +27,8 @@ import org.mitre.oauth2.service.SystemScopeService; import org.mitre.openid.connect.config.ConfigurationPropertiesBean; import org.mitre.openid.connect.model.UserInfo; import org.mitre.openid.connect.service.UserInfoService; +import org.mitre.openid.connect.view.HttpCodeView; +import org.mitre.openid.connect.view.JsonEntityView; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -103,7 +105,7 @@ public class DiscoveryEndpoint { if (user == null) { logger.info("User not found: " + resource); model.addAttribute("code", HttpStatus.NOT_FOUND); - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } UriComponents issuerComponents = UriComponentsBuilder.fromHttpUrl(config.getIssuer()).build(); @@ -111,14 +113,14 @@ public class DiscoveryEndpoint { .equals(Strings.nullToEmpty(resourceUri.getHost()))) { logger.info("Host mismatch, expected " + issuerComponents.getHost() + " got " + resourceUri.getHost()); model.addAttribute("code", HttpStatus.NOT_FOUND); - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } } else { logger.info("Unknown URI format: " + resource); model.addAttribute("code", HttpStatus.NOT_FOUND); - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } } @@ -326,7 +328,7 @@ public class DiscoveryEndpoint { model.addAttribute("entity", m); - return "jsonEntityView"; + return JsonEntityView.VIEWNAME; } } diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/BlacklistAwareRedirectResolver.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/BlacklistAwareRedirectResolver.java index e3b95c1fa..c100434f5 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/BlacklistAwareRedirectResolver.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/BlacklistAwareRedirectResolver.java @@ -9,7 +9,6 @@ import org.springframework.security.oauth2.common.exceptions.InvalidRequestExcep import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; import org.springframework.security.oauth2.provider.ClientDetails; import org.springframework.security.oauth2.provider.endpoint.DefaultRedirectResolver; -import org.springframework.security.oauth2.provider.endpoint.RedirectResolver; import org.springframework.stereotype.Component; /** diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/view/TokenApiView.java b/openid-connect-server/src/main/java/org/mitre/oauth2/view/TokenApiView.java index a47304d76..f27d0c83f 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/view/TokenApiView.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/view/TokenApiView.java @@ -43,9 +43,11 @@ import com.google.gson.JsonObject; import com.google.gson.JsonSerializationContext; import com.google.gson.JsonSerializer; -@Component("tokenApiView") +@Component(TokenApiView.VIEWNAME) public class TokenApiView extends AbstractView { + public static final String VIEWNAME = "tokenApiView"; + private static Logger logger = LoggerFactory.getLogger(JsonEntityView.class); private Gson gson = new GsonBuilder() diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/view/TokenIntrospectionView.java b/openid-connect-server/src/main/java/org/mitre/oauth2/view/TokenIntrospectionView.java index bcce2667d..f307cfcf7 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/view/TokenIntrospectionView.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/view/TokenIntrospectionView.java @@ -39,9 +39,11 @@ import com.google.gson.Gson; import com.google.gson.GsonBuilder; import com.google.gson.JsonObject; -@Component("tokenIntrospection") +@Component(TokenIntrospectionView.VIEWNAME) public class TokenIntrospectionView extends AbstractView { + public static final String VIEWNAME = "tokenIntrospection"; + private static Logger logger = LoggerFactory.getLogger(TokenIntrospectionView.class); private static DateFormatter isoDateFormatter = new DateFormatter(new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")); diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java index 14923e525..3547f3eab 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java @@ -26,8 +26,11 @@ import org.mitre.oauth2.model.OAuth2RefreshTokenEntity; import org.mitre.oauth2.service.ClientDetailsEntityService; import org.mitre.oauth2.service.IntrospectionAuthorizer; import org.mitre.oauth2.service.OAuth2TokenEntityService; +import org.mitre.oauth2.view.TokenIntrospectionView; import org.mitre.openid.connect.model.UserInfo; import org.mitre.openid.connect.service.UserInfoService; +import org.mitre.openid.connect.view.HttpCodeView; +import org.mitre.openid.connect.view.JsonEntityView; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -78,7 +81,7 @@ public class IntrospectionEndpoint { logger.error("Verify failed; token value is null"); Map entity = ImmutableMap.of("active", Boolean.FALSE); model.addAttribute("entity", entity); - return "jsonEntityView"; + return JsonEntityView.VIEWNAME; } // clientID is the principal name in the authentication @@ -120,7 +123,7 @@ public class IntrospectionEndpoint { logger.error("Verify failed; Invalid refresh token", e2); Map entity = ImmutableMap.of("active", Boolean.FALSE); model.addAttribute("entity", entity); - return "jsonEntityView"; + return JsonEntityView.VIEWNAME; } } @@ -130,22 +133,22 @@ public class IntrospectionEndpoint { // if it's a valid token, we'll print out information on it model.addAttribute("token", token); model.addAttribute("user", user); - return "tokenIntrospection"; + return TokenIntrospectionView.VIEWNAME; } else { logger.error("Verify failed; client configuration or scope don't permit token introspection"); model.addAttribute("code", HttpStatus.FORBIDDEN); - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } } else { logger.error("Verify failed; client " + clientId + " is not allowed to call introspection endpoint"); model.addAttribute("code", HttpStatus.FORBIDDEN); - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } } else { // This is a bad error -- I think it means we have a token outstanding that doesn't map to a client? logger.error("Verify failed; client " + clientId + " not found."); model.addAttribute("code", HttpStatus.NOT_FOUND); - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } } diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java index 39106cb1b..c04acdd80 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java @@ -35,6 +35,7 @@ import org.mitre.openid.connect.model.UserInfo; import org.mitre.openid.connect.service.ScopeClaimTranslationService; import org.mitre.openid.connect.service.StatsService; import org.mitre.openid.connect.service.UserInfoService; +import org.mitre.openid.connect.view.HttpCodeView; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -99,7 +100,7 @@ public class OAuthConfirmationController { // we're not supposed to prompt, so "return an error" logger.info("Client requested no prompt, returning 403 from confirmation endpoint"); model.put("code", HttpStatus.FORBIDDEN); - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } //AuthorizationRequest clientAuth = (AuthorizationRequest) model.remove("authorizationRequest"); @@ -111,17 +112,17 @@ public class OAuthConfirmationController { } catch (OAuth2Exception e) { logger.error("confirmAccess: OAuth2Exception was thrown when attempting to load client", e); model.put("code", HttpStatus.BAD_REQUEST); - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } catch (IllegalArgumentException e) { logger.error("confirmAccess: IllegalArgumentException was thrown when attempting to load client", e); model.put("code", HttpStatus.BAD_REQUEST); - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } if (client == null) { logger.error("confirmAccess: could not find client " + authRequest.getClientId()); model.put("code", HttpStatus.NOT_FOUND); - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } model.put("auth_request", authRequest); diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/RevocationEndpoint.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/RevocationEndpoint.java index 7786e02bb..f6f723dc7 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/RevocationEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/RevocationEndpoint.java @@ -21,6 +21,7 @@ import java.security.Principal; import org.mitre.oauth2.model.OAuth2AccessTokenEntity; import org.mitre.oauth2.model.OAuth2RefreshTokenEntity; import org.mitre.oauth2.service.OAuth2TokenEntityService; +import org.mitre.openid.connect.view.HttpCodeView; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -63,14 +64,14 @@ public class RevocationEndpoint { if (!accessToken.getClient().getClientId().equals(authRequest.getClientId())) { // trying to revoke a token we don't own, throw a 403 model.addAttribute("code", HttpStatus.FORBIDDEN); - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } } // if we got this far, we're allowed to do this tokenServices.revokeAccessToken(accessToken); model.addAttribute("code", HttpStatus.OK); - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } catch (InvalidTokenException e) { @@ -83,21 +84,21 @@ public class RevocationEndpoint { if (!refreshToken.getClient().getClientId().equals(authRequest.getClientId())) { // trying to revoke a token we don't own, throw a 403 model.addAttribute("code", HttpStatus.FORBIDDEN); - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } } // if we got this far, we're allowed to do this tokenServices.revokeRefreshToken(refreshToken); model.addAttribute("code", HttpStatus.OK); - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } catch (InvalidTokenException e1) { // neither token type was found, simply say "OK" and be on our way. model.addAttribute("code", HttpStatus.OK); - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } } } diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/ScopeAPI.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/ScopeAPI.java index 7877b8e4d..48292998d 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/ScopeAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/ScopeAPI.java @@ -23,6 +23,9 @@ import java.util.Set; import org.mitre.oauth2.model.SystemScope; import org.mitre.oauth2.service.SystemScopeService; +import org.mitre.openid.connect.view.HttpCodeView; +import org.mitre.openid.connect.view.JsonEntityView; +import org.mitre.openid.connect.view.JsonErrorView; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -60,7 +63,7 @@ public class ScopeAPI { m.put("entity", allScopes); - return "jsonEntityView"; + return JsonEntityView.VIEWNAME; } @RequestMapping(value = "/{id}", method = RequestMethod.GET, produces = "application/json") @@ -72,14 +75,14 @@ public class ScopeAPI { m.put("entity", scope); - return "jsonEntityView"; + return JsonEntityView.VIEWNAME; } else { logger.error("getScope failed; scope not found: " + id); m.put("code", HttpStatus.NOT_FOUND); m.put("errorMessage", "The requested scope with id " + id + " could not be found."); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } } @@ -100,7 +103,7 @@ public class ScopeAPI { m.put("entity", scope); - return "jsonEntityView"; + return JsonEntityView.VIEWNAME; } else { logger.error("updateScope failed; scope ids to not match: got " @@ -109,7 +112,7 @@ public class ScopeAPI { m.put("code", HttpStatus.BAD_REQUEST); m.put("errorMessage", "Could not update scope. Scope ids to not match: got " + existing.getId() + " and " + scope.getId()); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } } else { @@ -117,7 +120,7 @@ public class ScopeAPI { logger.error("updateScope failed; scope with id " + id + " not found."); m.put("code", HttpStatus.NOT_FOUND); m.put("errorMessage", "Could not update scope. The scope with id " + id + " could not be found."); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } } @@ -132,7 +135,7 @@ public class ScopeAPI { logger.error("Error: attempting to save a scope with a value that already exists: " + scope.getValue()); m.put("code", HttpStatus.CONFLICT); m.put("errorMessage", "A scope with value " + scope.getValue() + " already exists, please choose a different value."); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } scope = scopeService.save(scope); @@ -141,13 +144,13 @@ public class ScopeAPI { m.put("entity", scope); - return "jsonEntityView"; + return JsonEntityView.VIEWNAME; } else { logger.error("createScope failed; JSON was invalid: " + json); m.put("code", HttpStatus.BAD_REQUEST); m.put("errorMessage", "Could not save new scope " + scope + ". The scope service failed to return a saved entity."); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } } @@ -161,13 +164,13 @@ public class ScopeAPI { scopeService.remove(existing); - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } else { logger.error("deleteScope failed; scope with id " + id + " not found."); m.put("code", HttpStatus.NOT_FOUND); m.put("errorMessage", "Could not delete scope. The requested scope with id " + id + " could not be found."); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } } diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/TokenAPI.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/TokenAPI.java index ed199d6db..0fe1994c9 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/TokenAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/TokenAPI.java @@ -25,6 +25,9 @@ import org.mitre.oauth2.model.OAuth2AccessTokenEntity; import org.mitre.oauth2.model.OAuth2RefreshTokenEntity; import org.mitre.oauth2.service.ClientDetailsEntityService; import org.mitre.oauth2.service.OAuth2TokenEntityService; +import org.mitre.oauth2.view.TokenApiView; +import org.mitre.openid.connect.view.HttpCodeView; +import org.mitre.openid.connect.view.JsonErrorView; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -59,7 +62,7 @@ public class TokenAPI { Set allTokens = tokenService.getAllAccessTokensForUser(p.getName()); m.put("entity", allTokens); - return "tokenApiView"; + return TokenApiView.VIEWNAME; } @RequestMapping(value = "/access/{id}", method = RequestMethod.GET, produces = "application/json") @@ -71,15 +74,15 @@ public class TokenAPI { logger.error("getToken failed; token not found: " + id); m.put("code", HttpStatus.NOT_FOUND); m.put("errorMessage", "The requested token with id " + id + " could not be found."); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) { logger.error("getToken failed; token does not belong to principal " + p.getName()); m.put("code", HttpStatus.FORBIDDEN); m.put("errorMessage", "You do not have permission to view this token"); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } else { m.put("entity", token); - return "tokenApiView"; + return TokenApiView.VIEWNAME; } } @@ -92,16 +95,16 @@ public class TokenAPI { logger.error("getToken failed; token not found: " + id); m.put("code", HttpStatus.NOT_FOUND); m.put("errorMessage", "The requested token with id " + id + " could not be found."); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) { logger.error("getToken failed; token does not belong to principal " + p.getName()); m.put("code", HttpStatus.FORBIDDEN); m.put("errorMessage", "You do not have permission to view this token"); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } else { tokenService.revokeAccessToken(token); - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } } @@ -114,12 +117,12 @@ public class TokenAPI { if (client != null) { List tokens = tokenService.getAccessTokensForClient(client); m.put("entity", tokens); - return "tokenApiView"; + return TokenApiView.VIEWNAME; } else { // client not found m.put("code", HttpStatus.NOT_FOUND); m.put("errorMessage", "The requested client with id " + clientId + " could not be found."); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } } @@ -134,17 +137,17 @@ public class TokenAPI { OAuth2AccessTokenEntity token = tokenService.getRegistrationAccessTokenForClient(client); if (token != null) { m.put("entity", token); - return "tokenApiView"; + return TokenApiView.VIEWNAME; } else { m.put("code", HttpStatus.NOT_FOUND); m.put("errorMessage", "No registration token could be found."); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } } else { // client not found m.put("code", HttpStatus.NOT_FOUND); m.put("errorMessage", "The requested client with id " + clientId + " could not be found."); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } } @@ -154,7 +157,7 @@ public class TokenAPI { Set allTokens = tokenService.getAllRefreshTokensForUser(p.getName()); m.put("entity", allTokens); - return "tokenApiView"; + return TokenApiView.VIEWNAME; } @@ -168,15 +171,15 @@ public class TokenAPI { logger.error("refresh token not found: " + id); m.put("code", HttpStatus.NOT_FOUND); m.put("errorMessage", "The requested token with id " + id + " could not be found."); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) { logger.error("refresh token " + id + " does not belong to principal " + p.getName()); m.put("code", HttpStatus.FORBIDDEN); m.put("errorMessage", "You do not have permission to view this token"); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } else { m.put("entity", token); - return "tokenApiView"; + return TokenApiView.VIEWNAME; } } @@ -189,16 +192,16 @@ public class TokenAPI { logger.error("refresh token not found: " + id); m.put("code", HttpStatus.NOT_FOUND); m.put("errorMessage", "The requested token with id " + id + " could not be found."); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) { logger.error("refresh token " + id + " does not belong to principal " + p.getName()); m.put("code", HttpStatus.FORBIDDEN); m.put("errorMessage", "You do not have permission to view this token"); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } else { tokenService.revokeRefreshToken(token); - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientEntityViewForAdmins.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientEntityViewForAdmins.java index ec45bef94..bd5a38e1e 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientEntityViewForAdmins.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientEntityViewForAdmins.java @@ -36,9 +36,10 @@ import com.google.gson.FieldAttributes; * @author jricher * */ -@Component("clientEntityViewAdmins") +@Component(ClientEntityViewForAdmins.VIEWNAME) public class ClientEntityViewForAdmins extends AbstractClientEntityView { + public static final String VIEWNAME = "clientEntityViewAdmins"; private Set blacklistedFields = ImmutableSet.of("additionalInformation"); /** diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientEntityViewForUsers.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientEntityViewForUsers.java index 65f02b21f..8ba38cad5 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientEntityViewForUsers.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientEntityViewForUsers.java @@ -37,11 +37,13 @@ import com.google.gson.FieldAttributes; * @author jricher * */ -@Component("clientEntityViewUsers") +@Component(ClientEntityViewForUsers.VIEWNAME) public class ClientEntityViewForUsers extends AbstractClientEntityView { private Set whitelistedFields = ImmutableSet.of("clientName", "clientId", "id", "clientDescription", "scope", "logoUri"); + public static final String VIEWNAME = "clientEntityViewUsers"; + /* (non-Javadoc) * @see org.mitre.openid.connect.view.AbstractClientEntityView#getExclusionStrategy() */ diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientInformationResponseView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientInformationResponseView.java index 5d05a5f9e..cbefebe75 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientInformationResponseView.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientInformationResponseView.java @@ -46,11 +46,13 @@ import com.google.gson.JsonObject; * @author jricher * */ -@Component("clientInformationResponseView") +@Component(ClientInformationResponseView.VIEWNAME) public class ClientInformationResponseView extends AbstractView { private static Logger logger = LoggerFactory.getLogger(ClientInformationResponseView.class); + public static final String VIEWNAME = "clientInformationResponseView"; + // note that this won't serialize nulls by default private Gson gson = new Gson(); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/HttpCodeView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/HttpCodeView.java index cc14d738e..350e084ac 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/HttpCodeView.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/HttpCodeView.java @@ -33,9 +33,11 @@ import org.springframework.web.servlet.view.AbstractView; * @author jricher * */ -@Component("httpCodeView") +@Component(HttpCodeView.VIEWNAME) public class HttpCodeView extends AbstractView { + public static final String VIEWNAME = "httpCodeView"; + @Override protected void renderMergedOutputModel(Map model, HttpServletRequest request, HttpServletResponse response) { HttpStatus code = (HttpStatus) model.get("code"); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonApprovedSiteView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonApprovedSiteView.java index c3a99573b..f3a50fad3 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonApprovedSiteView.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonApprovedSiteView.java @@ -49,11 +49,13 @@ import com.google.gson.JsonSerializer; * @author jricher * */ -@Component("jsonApprovedSiteView") +@Component(JsonApprovedSiteView.VIEWNAME) public class JsonApprovedSiteView extends AbstractView { private static Logger logger = LoggerFactory.getLogger(JsonApprovedSiteView.class); + public static final String VIEWNAME = "jsonApprovedSiteView"; + private Gson gson = new GsonBuilder() .setExclusionStrategies(new ExclusionStrategy() { diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonEntityView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonEntityView.java index c72e88b63..6fc96283a 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonEntityView.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonEntityView.java @@ -42,11 +42,13 @@ import com.google.gson.GsonBuilder; * @author jricher * */ -@Component("jsonEntityView") +@Component(JsonEntityView.VIEWNAME) public class JsonEntityView extends AbstractView { private static Logger logger = LoggerFactory.getLogger(JsonEntityView.class); + public static final String VIEWNAME = "jsonEntityView"; + private Gson gson = new GsonBuilder() .setExclusionStrategies(new ExclusionStrategy() { diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonErrorView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonErrorView.java index 49104bf68..5dc32d87f 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonErrorView.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonErrorView.java @@ -41,11 +41,13 @@ import com.google.gson.JsonObject; * @author aanganes, jricher * */ -@Component("jsonErrorView") +@Component(JsonErrorView.VIEWNAME) public class JsonErrorView extends AbstractView { private static Logger logger = LoggerFactory.getLogger(JsonEntityView.class); + public static final String VIEWNAME = "jsonErrorView"; + private Gson gson = new GsonBuilder() .setExclusionStrategies(new ExclusionStrategy() { diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoJwtView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoJwtView.java index ddb8e84d5..8263c2585 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoJwtView.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoJwtView.java @@ -56,11 +56,13 @@ import com.nimbusds.jwt.SignedJWT; * @author jricher * */ -@Component("userInfoJwtView") +@Component(UserInfoJwtView.VIEWNAME) public class UserInfoJwtView extends UserInfoView { private static Logger logger = LoggerFactory.getLogger(UserInfoJwtView.class); + public static final String VIEWNAME = "userInfoJwtView"; + @Autowired private JwtSigningAndValidationService jwtService; diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoView.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoView.java index 931153880..ad7eeb7e6 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoView.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoView.java @@ -43,11 +43,13 @@ import com.google.gson.JsonElement; import com.google.gson.JsonObject; import com.google.gson.JsonParser; -@Component("userInfoView") +@Component(UserInfoView.VIEWNAME) public class UserInfoView extends AbstractView { private static JsonParser jsonParser = new JsonParser(); + public static final String VIEWNAME = "userInfoView"; + private static Logger logger = LoggerFactory.getLogger(UserInfoView.class); @Autowired diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java index a79eeaa4a..5f369a553 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java @@ -25,6 +25,9 @@ import java.util.Collection; import org.mitre.oauth2.service.OAuth2TokenEntityService; import org.mitre.openid.connect.model.ApprovedSite; import org.mitre.openid.connect.service.ApprovedSiteService; +import org.mitre.openid.connect.view.HttpCodeView; +import org.mitre.openid.connect.view.JsonApprovedSiteView; +import org.mitre.openid.connect.view.JsonErrorView; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -65,7 +68,7 @@ public class ApprovedSiteAPI { m.put("entity", all); - return "jsonApprovedSiteView"; + return JsonApprovedSiteView.VIEWNAME; } /** @@ -80,19 +83,19 @@ public class ApprovedSiteAPI { logger.error("deleteApprovedSite failed; no approved site found for id: " + id); m.put("code", HttpStatus.NOT_FOUND); m.put("errorMessage", "Could not delete approved site. The requested approved site with id: " + id + " could not be found."); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } else if (!approvedSite.getUserId().equals(p.getName())) { logger.error("deleteApprovedSite failed; principal " + p.getName() + " does not own approved site" + id); m.put("code", HttpStatus.FORBIDDEN); m.put("errorMessage", "You do not have permission to delete this approved site. The approved site decision will not be deleted."); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } else { m.put("code", HttpStatus.OK); approvedSiteService.remove(approvedSite); } - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } /** @@ -105,16 +108,16 @@ public class ApprovedSiteAPI { logger.error("getApprovedSite failed; no approved site found for id: " + id); m.put("code", HttpStatus.NOT_FOUND); m.put("errorMessage", "The requested approved site with id: " + id + " could not be found."); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } else if (!approvedSite.getUserId().equals(p.getName())) { logger.error("getApprovedSite failed; principal " + p.getName() + " does not own approved site" + id); m.put("code", HttpStatus.FORBIDDEN); m.put("errorMessage", "You do not have permission to view this approved site."); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } else { m.put("entity", approvedSite); - return "jsonApprovedSiteView"; + return JsonApprovedSiteView.VIEWNAME; } } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java index df9584b3e..342c5e6cc 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java @@ -24,6 +24,9 @@ import java.util.Collection; import org.mitre.openid.connect.model.BlacklistedSite; import org.mitre.openid.connect.service.BlacklistedSiteService; +import org.mitre.openid.connect.view.HttpCodeView; +import org.mitre.openid.connect.view.JsonEntityView; +import org.mitre.openid.connect.view.JsonErrorView; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -70,7 +73,7 @@ public class BlacklistAPI { m.put("entity", all); - return "jsonEntityView"; + return JsonEntityView.VIEWNAME; } /** @@ -99,15 +102,15 @@ public class BlacklistAPI { logger.error("addNewBlacklistedSite failed due to JsonSyntaxException: ", e); m.put("code", HttpStatus.BAD_REQUEST); m.put("errorMessage", "Could not save new blacklisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } catch (IllegalStateException e) { logger.error("addNewBlacklistedSite failed due to IllegalStateException", e); m.put("code", HttpStatus.BAD_REQUEST); m.put("errorMessage", "Could not save new blacklisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } - return "jsonEntityView"; + return JsonEntityView.VIEWNAME; } @@ -131,12 +134,12 @@ public class BlacklistAPI { logger.error("updateBlacklistedSite failed due to JsonSyntaxException", e); m.put("code", HttpStatus.BAD_REQUEST); m.put("errorMessage", "Could not update blacklisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } catch (IllegalStateException e) { logger.error("updateBlacklistedSite failed due to IllegalStateException", e); m.put("code", HttpStatus.BAD_REQUEST); m.put("errorMessage", "Could not update blacklisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } @@ -146,14 +149,14 @@ public class BlacklistAPI { logger.error("updateBlacklistedSite failed; blacklist with id " + id + " could not be found"); m.put("code", HttpStatus.NOT_FOUND); m.put("errorMessage", "Could not update blacklisted site. The requested blacklist with id " + id + "could not be found."); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } else { BlacklistedSite newBlacklist = blacklistService.update(oldBlacklist, blacklist); m.put("entity", newBlacklist); - return "jsonEntityView"; + return JsonEntityView.VIEWNAME; } } @@ -168,13 +171,13 @@ public class BlacklistAPI { if (blacklist == null) { logger.error("deleteBlacklistedSite failed; blacklist with id " + id + " could not be found"); m.put("errorMessage", "Could not delete bladklist. The requested bladklist with id " + id + " could not be found."); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } else { m.put("code", HttpStatus.OK); blacklistService.remove(blacklist); } - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } /** @@ -187,12 +190,12 @@ public class BlacklistAPI { logger.error("getBlacklistedSite failed; blacklist with id " + id + " could not be found"); m.put("code", HttpStatus.NOT_FOUND); m.put("errorMessage", "Could not delete bladklist. The requested bladklist with id " + id + " could not be found."); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } else { m.put("entity", blacklist); - return "jsonEntityView"; + return JsonEntityView.VIEWNAME; } } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java index dc178ed98..49258f95f 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java @@ -26,6 +26,10 @@ import org.mitre.oauth2.model.ClientDetailsEntity; import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod; import org.mitre.oauth2.service.ClientDetailsEntityService; import org.mitre.openid.connect.service.UserInfoService; +import org.mitre.openid.connect.view.ClientEntityViewForAdmins; +import org.mitre.openid.connect.view.ClientEntityViewForUsers; +import org.mitre.openid.connect.view.HttpCodeView; +import org.mitre.openid.connect.view.JsonErrorView; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -118,9 +122,9 @@ public class ClientAPI { model.addAttribute("entity", clients); if (isAdmin(auth)) { - return "clientEntityViewAdmins"; + return ClientEntityViewForAdmins.VIEWNAME; } else { - return "clientEntityViewUsers"; + return ClientEntityViewForUsers.VIEWNAME; } } @@ -146,12 +150,12 @@ public class ClientAPI { logger.error("apiAddClient failed due to JsonSyntaxException", e); m.addAttribute("code", HttpStatus.BAD_REQUEST); m.addAttribute("errorMessage", "Could not save new client. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } catch (IllegalStateException e) { logger.error("apiAddClient failed due to IllegalStateException", e); m.addAttribute("code", HttpStatus.BAD_REQUEST); m.addAttribute("errorMessage", "Could not save new client. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } // if they leave the client identifier empty, force it to be generated @@ -181,7 +185,7 @@ public class ClientAPI { logger.error("tried to create client with private key auth but no private key"); m.addAttribute("code", HttpStatus.BAD_REQUEST); m.addAttribute("errorMessage", "Can not create a client with private key authentication without registering a key via the JWS Set URI."); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } // otherwise we shouldn't have a secret for this client @@ -192,7 +196,7 @@ public class ClientAPI { logger.error("unknown auth method"); m.addAttribute("code", HttpStatus.BAD_REQUEST); m.addAttribute("errorMessage", "Unknown auth method requested"); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } @@ -203,9 +207,9 @@ public class ClientAPI { m.addAttribute("entity", newClient); if (isAdmin(auth)) { - return "clientEntityViewAdmins"; + return ClientEntityViewForAdmins.VIEWNAME; } else { - return "clientEntityViewUsers"; + return ClientEntityViewForUsers.VIEWNAME; } } @@ -233,12 +237,12 @@ public class ClientAPI { logger.error("apiUpdateClient failed due to JsonSyntaxException", e); m.addAttribute("code", HttpStatus.BAD_REQUEST); m.addAttribute("errorMessage", "Could not update client. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } catch (IllegalStateException e) { logger.error("apiUpdateClient failed due to IllegalStateException", e); m.addAttribute("code", HttpStatus.BAD_REQUEST); m.addAttribute("errorMessage", "Could not update client. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } ClientDetailsEntity oldClient = clientService.getClientById(id); @@ -247,7 +251,7 @@ public class ClientAPI { logger.error("apiUpdateClient failed; client with id " + id + " could not be found."); m.addAttribute("code", HttpStatus.NOT_FOUND); m.addAttribute("errorMessage", "Could not update client. The requested client with id " + id + "could not be found."); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } // if they leave the client identifier empty, force it to be generated @@ -277,7 +281,7 @@ public class ClientAPI { logger.error("tried to create client with private key auth but no private key"); m.addAttribute("code", HttpStatus.BAD_REQUEST); m.addAttribute("errorMessage", "Can not create a client with private key authentication without registering a key via the JWS Set URI."); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } // otherwise we shouldn't have a secret for this client @@ -288,7 +292,7 @@ public class ClientAPI { logger.error("unknown auth method"); m.addAttribute("code", HttpStatus.BAD_REQUEST); m.addAttribute("errorMessage", "Unknown auth method requested"); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } @@ -297,9 +301,9 @@ public class ClientAPI { m.addAttribute("entity", newClient); if (isAdmin(auth)) { - return "clientEntityViewAdmins"; + return ClientEntityViewForAdmins.VIEWNAME; } else { - return "clientEntityViewUsers"; + return ClientEntityViewForUsers.VIEWNAME; } } @@ -319,13 +323,13 @@ public class ClientAPI { logger.error("apiDeleteClient failed; client with id " + id + " could not be found."); modelAndView.getModelMap().put("code", HttpStatus.NOT_FOUND); modelAndView.getModelMap().put("errorMessage", "Could not delete client. The requested client with id " + id + "could not be found."); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } else { modelAndView.getModelMap().put("code", HttpStatus.OK); clientService.deleteClient(client); } - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } @@ -344,15 +348,15 @@ public class ClientAPI { logger.error("apiShowClient failed; client with id " + id + " could not be found."); model.addAttribute("code", HttpStatus.NOT_FOUND); model.addAttribute("errorMessage", "The requested client with id " + id + " could not be found."); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } model.addAttribute("entity", client); if (isAdmin(auth)) { - return "clientEntityViewAdmins"; + return ClientEntityViewForAdmins.VIEWNAME; } else { - return "clientEntityViewUsers"; + return ClientEntityViewForUsers.VIEWNAME; } } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java index b5766e890..708484740 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java @@ -37,6 +37,9 @@ import org.mitre.openid.connect.config.ConfigurationPropertiesBean; import org.mitre.openid.connect.exception.ValidationException; import org.mitre.openid.connect.service.BlacklistedSiteService; import org.mitre.openid.connect.service.OIDCTokenService; +import org.mitre.openid.connect.view.ClientInformationResponseView; +import org.mitre.openid.connect.view.HttpCodeView; +import org.mitre.openid.connect.view.JsonErrorView; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -102,7 +105,7 @@ public class ClientDynamicRegistrationEndpoint { // didn't parse, this is a bad request logger.error("registerNewClient failed; submitted JSON is malformed"); m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400 - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } if (newClient != null) { @@ -128,7 +131,7 @@ public class ClientDynamicRegistrationEndpoint { m.addAttribute("error", ve.getError()); m.addAttribute("errorMessage", ve.getErrorDescription()); m.addAttribute("code", ve.getStatus()); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } if (newClient.getTokenEndpointAuthMethod() == null) { @@ -168,11 +171,11 @@ public class ClientDynamicRegistrationEndpoint { m.addAttribute("client", registered); m.addAttribute("code", HttpStatus.CREATED); // http 201 - return "clientInformationResponseView"; + return ClientInformationResponseView.VIEWNAME; } catch (UnsupportedEncodingException e) { logger.error("Unsupported encoding", e); m.addAttribute("code", HttpStatus.INTERNAL_SERVER_ERROR); - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } catch (IllegalArgumentException e) { logger.error("Couldn't save client", e); @@ -180,14 +183,14 @@ public class ClientDynamicRegistrationEndpoint { m.addAttribute("errorMessage", "Unable to save client due to invalid or inconsistent metadata."); m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400 - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } } else { // didn't parse, this is a bad request logger.error("registerNewClient failed; submitted JSON is malformed"); m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400 - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } } @@ -215,11 +218,11 @@ public class ClientDynamicRegistrationEndpoint { m.addAttribute("client", registered); m.addAttribute("code", HttpStatus.OK); // http 200 - return "clientInformationResponseView"; + return ClientInformationResponseView.VIEWNAME; } catch (UnsupportedEncodingException e) { logger.error("Unsupported encoding", e); m.addAttribute("code", HttpStatus.INTERNAL_SERVER_ERROR); - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } } else { @@ -228,7 +231,7 @@ public class ClientDynamicRegistrationEndpoint { + clientId + " and " + auth.getOAuth2Request().getClientId() + " do not match."); m.addAttribute("code", HttpStatus.FORBIDDEN); // http 403 - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } } @@ -253,7 +256,7 @@ public class ClientDynamicRegistrationEndpoint { // didn't parse, this is a bad request logger.error("updateClient failed; submitted JSON is malformed"); m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400 - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } ClientDetailsEntity oldClient = clientService.loadClientByClientId(clientId); @@ -288,7 +291,7 @@ public class ClientDynamicRegistrationEndpoint { m.addAttribute("error", ve.getError()); m.addAttribute("errorMessage", ve.getErrorDescription()); m.addAttribute("code", ve.getStatus()); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } try { @@ -303,11 +306,11 @@ public class ClientDynamicRegistrationEndpoint { m.addAttribute("client", registered); m.addAttribute("code", HttpStatus.OK); // http 200 - return "clientInformationResponseView"; + return ClientInformationResponseView.VIEWNAME; } catch (UnsupportedEncodingException e) { logger.error("Unsupported encoding", e); m.addAttribute("code", HttpStatus.INTERNAL_SERVER_ERROR); - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } catch (IllegalArgumentException e) { logger.error("Couldn't save client", e); @@ -315,7 +318,7 @@ public class ClientDynamicRegistrationEndpoint { m.addAttribute("errorMessage", "Unable to save client due to invalid or inconsistent metadata."); m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400 - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } } else { // client mismatch @@ -323,7 +326,7 @@ public class ClientDynamicRegistrationEndpoint { + clientId + " and " + auth.getOAuth2Request().getClientId() + " do not match."); m.addAttribute("code", HttpStatus.FORBIDDEN); // http 403 - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } } @@ -346,14 +349,14 @@ public class ClientDynamicRegistrationEndpoint { m.addAttribute("code", HttpStatus.NO_CONTENT); // http 204 - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } else { // client mismatch logger.error("readClientConfiguration failed, client ID mismatch: " + clientId + " and " + auth.getOAuth2Request().getClientId() + " do not match."); m.addAttribute("code", HttpStatus.FORBIDDEN); // http 403 - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/JsonWebKeyEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/JsonWebKeyEndpoint.java index 623e1edc1..8ccce7431 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/JsonWebKeyEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/JsonWebKeyEndpoint.java @@ -19,6 +19,7 @@ package org.mitre.openid.connect.web; import java.util.Map; import org.mitre.jwt.signer.service.JwtSigningAndValidationService; +import org.mitre.openid.connect.view.JwkKeyListView; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Controller; import org.springframework.ui.Model; @@ -42,7 +43,7 @@ public class JsonWebKeyEndpoint { m.addAttribute("keys", keys); - return "jwkKeyList"; + return JwkKeyListView.VIEWNAME; } /** diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java index 6e55d73ed..1f5eb34eb 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java @@ -36,6 +36,9 @@ import org.mitre.openid.connect.config.ConfigurationPropertiesBean; import org.mitre.openid.connect.exception.ValidationException; import org.mitre.openid.connect.service.BlacklistedSiteService; import org.mitre.openid.connect.service.OIDCTokenService; +import org.mitre.openid.connect.view.ClientInformationResponseView; +import org.mitre.openid.connect.view.HttpCodeView; +import org.mitre.openid.connect.view.JsonErrorView; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -100,7 +103,7 @@ public class ProtectedResourceRegistrationEndpoint { // didn't parse, this is a bad request logger.error("registerNewProtectedResource failed; submitted JSON is malformed"); m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400 - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } if (newClient != null) { @@ -123,7 +126,7 @@ public class ProtectedResourceRegistrationEndpoint { m.addAttribute("error", ve.getError()); m.addAttribute("errorMessage", ve.getErrorDescription()); m.addAttribute("code", ve.getStatus()); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } @@ -174,11 +177,11 @@ public class ProtectedResourceRegistrationEndpoint { m.addAttribute("client", registered); m.addAttribute("code", HttpStatus.CREATED); // http 201 - return "clientInformationResponseView"; + return ClientInformationResponseView.VIEWNAME; } catch (UnsupportedEncodingException e) { logger.error("Unsupported encoding", e); m.addAttribute("code", HttpStatus.INTERNAL_SERVER_ERROR); - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } catch (IllegalArgumentException e) { logger.error("Couldn't save client", e); @@ -186,14 +189,14 @@ public class ProtectedResourceRegistrationEndpoint { m.addAttribute("errorMessage", "Unable to save client due to invalid or inconsistent metadata."); m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400 - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } } else { // didn't parse, this is a bad request logger.error("registerNewClient failed; submitted JSON is malformed"); m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400 - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } } @@ -245,11 +248,11 @@ public class ProtectedResourceRegistrationEndpoint { m.addAttribute("client", registered); m.addAttribute("code", HttpStatus.OK); // http 200 - return "clientInformationResponseView"; + return ClientInformationResponseView.VIEWNAME; } catch (UnsupportedEncodingException e) { logger.error("Unsupported encoding", e); m.addAttribute("code", HttpStatus.INTERNAL_SERVER_ERROR); - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } } else { // client mismatch @@ -257,7 +260,7 @@ public class ProtectedResourceRegistrationEndpoint { + clientId + " and " + auth.getOAuth2Request().getClientId() + " do not match."); m.addAttribute("code", HttpStatus.FORBIDDEN); // http 403 - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } } @@ -282,7 +285,7 @@ public class ProtectedResourceRegistrationEndpoint { // didn't parse, this is a bad request logger.error("updateProtectedResource failed; submitted JSON is malformed"); m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400 - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } ClientDetailsEntity oldClient = clientService.loadClientByClientId(clientId); @@ -339,7 +342,7 @@ public class ProtectedResourceRegistrationEndpoint { m.addAttribute("error", ve.getError()); m.addAttribute("errorMessage", ve.getErrorDescription()); m.addAttribute("code", ve.getStatus()); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } @@ -356,11 +359,11 @@ public class ProtectedResourceRegistrationEndpoint { m.addAttribute("client", registered); m.addAttribute("code", HttpStatus.OK); // http 200 - return "clientInformationResponseView"; + return ClientInformationResponseView.VIEWNAME; } catch (UnsupportedEncodingException e) { logger.error("Unsupported encoding", e); m.addAttribute("code", HttpStatus.INTERNAL_SERVER_ERROR); - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } catch (IllegalArgumentException e) { logger.error("Couldn't save client", e); @@ -368,7 +371,7 @@ public class ProtectedResourceRegistrationEndpoint { m.addAttribute("errorMessage", "Unable to save client due to invalid or inconsistent metadata."); m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400 - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } } else { // client mismatch @@ -377,7 +380,7 @@ public class ProtectedResourceRegistrationEndpoint { + clientId + " and " + auth.getOAuth2Request().getClientId() + " do not match."); m.addAttribute("code", HttpStatus.FORBIDDEN); // http 403 - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } } @@ -400,14 +403,14 @@ public class ProtectedResourceRegistrationEndpoint { m.addAttribute("code", HttpStatus.NO_CONTENT); // http 204 - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } else { // client mismatch logger.error("readClientConfiguration failed, client ID mismatch: " + clientId + " and " + auth.getOAuth2Request().getClientId() + " do not match."); m.addAttribute("code", HttpStatus.FORBIDDEN); // http 403 - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/StatsAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/StatsAPI.java index 9a7170807..f828da924 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/StatsAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/StatsAPI.java @@ -19,6 +19,7 @@ package org.mitre.openid.connect.web; import java.util.Map; import org.mitre.openid.connect.service.StatsService; +import org.mitre.openid.connect.view.JsonEntityView; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.stereotype.Controller; @@ -40,7 +41,7 @@ public class StatsAPI { m.put("entity", e); - return "jsonEntityView"; + return JsonEntityView.VIEWNAME; } @@ -51,7 +52,7 @@ public class StatsAPI { m.put("entity", e); - return "jsonEntityView"; + return JsonEntityView.VIEWNAME; } @PreAuthorize("hasRole('ROLE_USER')") @@ -61,7 +62,7 @@ public class StatsAPI { m.put("entity", e); - return "jsonEntityView"; + return JsonEntityView.VIEWNAME; } } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java index bf7167d2f..35af6d7f3 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java @@ -22,6 +22,9 @@ import org.mitre.oauth2.model.ClientDetailsEntity; import org.mitre.oauth2.service.ClientDetailsEntityService; import org.mitre.openid.connect.model.UserInfo; import org.mitre.openid.connect.service.UserInfoService; +import org.mitre.openid.connect.view.HttpCodeView; +import org.mitre.openid.connect.view.UserInfoJwtView; +import org.mitre.openid.connect.view.UserInfoView; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -69,7 +72,7 @@ public class UserInfoEndpoint { if (auth == null) { logger.error("getInfo failed; no principal. Requester is not authorized."); model.addAttribute("code", HttpStatus.FORBIDDEN); - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } String username = auth.getName(); @@ -78,7 +81,7 @@ public class UserInfoEndpoint { if (userInfo == null) { logger.error("getInfo failed; user not found: " + username); model.addAttribute("code", HttpStatus.NOT_FOUND); - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } model.addAttribute("scope", auth.getOAuth2Request().getScope()); @@ -106,26 +109,26 @@ public class UserInfoEndpoint { // client has a preference, see if they ask for plain JSON specifically on this request for (MediaType m : mediaTypes) { if (!m.isWildcardType() && m.isCompatibleWith(JOSE_MEDIA_TYPE)) { - return "userInfoJwtView"; + return UserInfoJwtView.VIEWNAME; } else if (!m.isWildcardType() && m.isCompatibleWith(MediaType.APPLICATION_JSON)) { - return "userInfoView"; + return UserInfoView.VIEWNAME; } } // otherwise return JWT - return "userInfoJwtView"; + return UserInfoJwtView.VIEWNAME; } else { // client has no preference, see if they asked for JWT specifically on this request for (MediaType m : mediaTypes) { if (!m.isWildcardType() && m.isCompatibleWith(MediaType.APPLICATION_JSON)) { - return "userInfoView"; + return UserInfoView.VIEWNAME; } else if (!m.isWildcardType() && m.isCompatibleWith(JOSE_MEDIA_TYPE)) { - return "userInfoJwtView"; + return UserInfoJwtView.VIEWNAME; } } // otherwise return JSON - return "userInfoView"; + return UserInfoView.VIEWNAME; } } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java index 7d408fc08..8481e20fb 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java @@ -24,6 +24,9 @@ import java.util.Collection; import org.mitre.openid.connect.model.WhitelistedSite; import org.mitre.openid.connect.service.WhitelistedSiteService; +import org.mitre.openid.connect.view.HttpCodeView; +import org.mitre.openid.connect.view.JsonEntityView; +import org.mitre.openid.connect.view.JsonErrorView; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -70,7 +73,7 @@ public class WhitelistAPI { m.put("entity", all); - return "jsonEntityView"; + return JsonEntityView.VIEWNAME; } /** @@ -95,12 +98,12 @@ public class WhitelistAPI { logger.error("addNewWhitelistedSite failed due to JsonParseException", e); m.addAttribute("code", HttpStatus.BAD_REQUEST); m.addAttribute("errorMessage", "Could not save new whitelisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } catch (IllegalStateException e) { logger.error("addNewWhitelistedSite failed due to IllegalStateException", e); m.addAttribute("code", HttpStatus.BAD_REQUEST); m.addAttribute("errorMessage", "Could not save new whitelisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } // save the id of the person who created this @@ -110,7 +113,7 @@ public class WhitelistAPI { m.put("entity", newWhitelist); - return "jsonEntityView"; + return JsonEntityView.VIEWNAME; } @@ -132,12 +135,12 @@ public class WhitelistAPI { logger.error("updateWhitelistedSite failed due to JsonParseException", e); m.put("code", HttpStatus.BAD_REQUEST); m.put("errorMessage", "Could not update whitelisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } catch (IllegalStateException e) { logger.error("updateWhitelistedSite failed due to IllegalStateException", e); m.put("code", HttpStatus.BAD_REQUEST); m.put("errorMessage", "Could not update whitelisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } WhitelistedSite oldWhitelist = whitelistService.getById(id); @@ -146,14 +149,14 @@ public class WhitelistAPI { logger.error("updateWhitelistedSite failed; whitelist with id " + id + " could not be found."); m.put("code", HttpStatus.NOT_FOUND); m.put("errorMessage", "Could not update whitelisted site. The requested whitelisted site with id " + id + "could not be found."); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } else { WhitelistedSite newWhitelist = whitelistService.update(oldWhitelist, whitelist); m.put("entity", newWhitelist); - return "jsonEntityView"; + return JsonEntityView.VIEWNAME; } } @@ -170,13 +173,13 @@ public class WhitelistAPI { logger.error("deleteWhitelistedSite failed; whitelist with id " + id + " could not be found."); m.put("code", HttpStatus.NOT_FOUND); m.put("errorMessage", "Could not delete whitelisted site. The requested whitelisted site with id " + id + "could not be found."); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } else { m.put("code", HttpStatus.OK); whitelistService.remove(whitelist); } - return "httpCodeView"; + return HttpCodeView.VIEWNAME; } /** @@ -189,12 +192,12 @@ public class WhitelistAPI { logger.error("getWhitelistedSite failed; whitelist with id " + id + " could not be found."); m.put("code", HttpStatus.NOT_FOUND); m.put("errorMessage", "The requested whitelisted site with id " + id + "could not be found."); - return "jsonErrorView"; + return JsonErrorView.VIEWNAME; } else { m.put("entity", whitelist); - return "jsonEntityView"; + return JsonEntityView.VIEWNAME; } } diff --git a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultIntrospectionAuthorizer.java b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultIntrospectionAuthorizer.java index 0dde0e0ce..ab9bff014 100755 --- a/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultIntrospectionAuthorizer.java +++ b/openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultIntrospectionAuthorizer.java @@ -16,6 +16,12 @@ ******************************************************************************/ package org.mitre.oauth2.service.impl; +import static com.google.common.collect.Sets.newHashSet; +import static org.hamcrest.CoreMatchers.is; +import static org.junit.Assert.assertThat; +import static org.mockito.BDDMockito.given; +import static org.mockito.Mockito.mock; + import java.util.Set; import org.junit.Test; @@ -26,12 +32,6 @@ import org.mockito.Mock; import org.mockito.runners.MockitoJUnitRunner; import org.springframework.security.oauth2.provider.ClientDetails; -import static com.google.common.collect.Sets.newHashSet; -import static org.hamcrest.CoreMatchers.is; -import static org.junit.Assert.assertThat; -import static org.mockito.BDDMockito.given; -import static org.mockito.Mockito.mock; - @RunWith(MockitoJUnitRunner.class) public class TestDefaultIntrospectionAuthorizer {