github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

externalized view name strings and tied them to view beans

pull/689/merge
Justin Richer 2014-09-28 22:25:39 -04:00
parent a704277652
commit c683131f12
30 changed files with 227 additions and 169 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
openid-connect-client/src/main/java/org/mitre/openid/connect/client/keypublisher/ClientKeyPublisher.java
View File

@ -43,7 +43,7 @@ public class ClientKeyPublisher implements BeanDefinitionRegistryPostProcessor {
private BeanDefinitionRegistry registry; private BeanDefinitionRegistry registry;
private String jwkViewName = "jwkKeyList"; private String jwkViewName = JwkKeyListView.VIEWNAME;
/** /**
* If the jwkPublishUrl field is set on this bean, set up a listener on that URL to publish keys. * If the jwkPublishUrl field is set on this bean, set up a listener on that URL to publish keys.
@ -61,12 +61,12 @@ public class ClientKeyPublisher implements BeanDefinitionRegistryPostProcessor {
clientKeyMapping.addPropertyValue("jwkPublishUrl", getJwkPublishUrl()); clientKeyMapping.addPropertyValue("jwkPublishUrl", getJwkPublishUrl());
// randomize view name to make sure it doesn't conflict with local views // randomize view name to make sure it doesn't conflict with local views
jwkViewName = "jwkKeyList-" + UUID.randomUUID().toString(); jwkViewName = JwkKeyListView.VIEWNAME + "-" + UUID.randomUUID().toString();
viewResolver.addPropertyValue("jwkViewName", jwkViewName); viewResolver.addPropertyValue(JwkKeyListView.VIEWNAME, jwkViewName);
// view bean // view bean
BeanDefinitionBuilder jwkView = BeanDefinitionBuilder.rootBeanDefinition(JwkKeyListView.class); BeanDefinitionBuilder jwkView = BeanDefinitionBuilder.rootBeanDefinition(JwkKeyListView.class);
registry.registerBeanDefinition("jwkKeyList", jwkView.getBeanDefinition()); registry.registerBeanDefinition(JwkKeyListView.VIEWNAME, jwkView.getBeanDefinition());
viewResolver.addPropertyReference("jwk", "jwkKeyList"); viewResolver.addPropertyReference("jwk", "jwkKeyList");
} }

3
openid-connect-common/src/main/java/org/mitre/openid/connect/view/JwkKeyListView.java
View File

@ -39,9 +39,10 @@ import com.nimbusds.jose.jwk.JWKSet;
* @author jricher * @author jricher
* *
*/ */
@Component("jwkKeyList") @Component(JwkKeyListView.VIEWNAME)
public class JwkKeyListView extends AbstractView { public class JwkKeyListView extends AbstractView {
public static final String VIEWNAME = "jwkKeyList";
private static Logger logger = LoggerFactory.getLogger(JwkKeyListView.class); private static Logger logger = LoggerFactory.getLogger(JwkKeyListView.class);
@Override @Override

10
openid-connect-server/src/main/java/org/mitre/discovery/web/DiscoveryEndpoint.java
View File

@ -27,6 +27,8 @@ import org.mitre.oauth2.service.SystemScopeService;
import org.mitre.openid.connect.config.ConfigurationPropertiesBean; import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
import org.mitre.openid.connect.model.UserInfo; import org.mitre.openid.connect.model.UserInfo;
import org.mitre.openid.connect.service.UserInfoService; import org.mitre.openid.connect.service.UserInfoService;
import org.mitre.openid.connect.view.HttpCodeView;
import org.mitre.openid.connect.view.JsonEntityView;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
@ -103,7 +105,7 @@ public class DiscoveryEndpoint {
if (user == null) { if (user == null) {
logger.info("User not found: " + resource); logger.info("User not found: " + resource);
model.addAttribute("code", HttpStatus.NOT_FOUND); model.addAttribute("code", HttpStatus.NOT_FOUND);
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} }
UriComponents issuerComponents = UriComponentsBuilder.fromHttpUrl(config.getIssuer()).build(); UriComponents issuerComponents = UriComponentsBuilder.fromHttpUrl(config.getIssuer()).build();
@ -111,14 +113,14 @@ public class DiscoveryEndpoint {
.equals(Strings.nullToEmpty(resourceUri.getHost()))) { .equals(Strings.nullToEmpty(resourceUri.getHost()))) {
logger.info("Host mismatch, expected " + issuerComponents.getHost() + " got " + resourceUri.getHost()); logger.info("Host mismatch, expected " + issuerComponents.getHost() + " got " + resourceUri.getHost());
model.addAttribute("code", HttpStatus.NOT_FOUND); model.addAttribute("code", HttpStatus.NOT_FOUND);
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} }
} else { } else {
logger.info("Unknown URI format: " + resource); logger.info("Unknown URI format: " + resource);
model.addAttribute("code", HttpStatus.NOT_FOUND); model.addAttribute("code", HttpStatus.NOT_FOUND);
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} }
} }
@ -326,7 +328,7 @@ public class DiscoveryEndpoint {
model.addAttribute("entity", m); model.addAttribute("entity", m);
return "jsonEntityView"; return JsonEntityView.VIEWNAME;
} }
} }

1
openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/BlacklistAwareRedirectResolver.java
View File

@ -9,7 +9,6 @@ import org.springframework.security.oauth2.common.exceptions.InvalidRequestExcep
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
import org.springframework.security.oauth2.provider.ClientDetails; import org.springframework.security.oauth2.provider.ClientDetails;
import org.springframework.security.oauth2.provider.endpoint.DefaultRedirectResolver; import org.springframework.security.oauth2.provider.endpoint.DefaultRedirectResolver;
import org.springframework.security.oauth2.provider.endpoint.RedirectResolver;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
/** /**

4
openid-connect-server/src/main/java/org/mitre/oauth2/view/TokenApiView.java
View File

@ -43,9 +43,11 @@ import com.google.gson.JsonObject;
import com.google.gson.JsonSerializationContext; import com.google.gson.JsonSerializationContext;
import com.google.gson.JsonSerializer; import com.google.gson.JsonSerializer;
@Component("tokenApiView") @Component(TokenApiView.VIEWNAME)
public class TokenApiView extends AbstractView { public class TokenApiView extends AbstractView {
public static final String VIEWNAME = "tokenApiView";
private static Logger logger = LoggerFactory.getLogger(JsonEntityView.class); private static Logger logger = LoggerFactory.getLogger(JsonEntityView.class);
private Gson gson = new GsonBuilder() private Gson gson = new GsonBuilder()

4
openid-connect-server/src/main/java/org/mitre/oauth2/view/TokenIntrospectionView.java
View File

@ -39,9 +39,11 @@ import com.google.gson.Gson;
import com.google.gson.GsonBuilder; import com.google.gson.GsonBuilder;
import com.google.gson.JsonObject; import com.google.gson.JsonObject;
@Component("tokenIntrospection") @Component(TokenIntrospectionView.VIEWNAME)
public class TokenIntrospectionView extends AbstractView { public class TokenIntrospectionView extends AbstractView {
public static final String VIEWNAME = "tokenIntrospection";
private static Logger logger = LoggerFactory.getLogger(TokenIntrospectionView.class); private static Logger logger = LoggerFactory.getLogger(TokenIntrospectionView.class);
private static DateFormatter isoDateFormatter = new DateFormatter(new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZ")); private static DateFormatter isoDateFormatter = new DateFormatter(new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ssZ"));

15
openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java
View File

@ -26,8 +26,11 @@ import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
import org.mitre.oauth2.service.ClientDetailsEntityService; import org.mitre.oauth2.service.ClientDetailsEntityService;
import org.mitre.oauth2.service.IntrospectionAuthorizer; import org.mitre.oauth2.service.IntrospectionAuthorizer;
import org.mitre.oauth2.service.OAuth2TokenEntityService; import org.mitre.oauth2.service.OAuth2TokenEntityService;
import org.mitre.oauth2.view.TokenIntrospectionView;
import org.mitre.openid.connect.model.UserInfo; import org.mitre.openid.connect.model.UserInfo;
import org.mitre.openid.connect.service.UserInfoService; import org.mitre.openid.connect.service.UserInfoService;
import org.mitre.openid.connect.view.HttpCodeView;
import org.mitre.openid.connect.view.JsonEntityView;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
@ -78,7 +81,7 @@ public class IntrospectionEndpoint {
logger.error("Verify failed; token value is null"); logger.error("Verify failed; token value is null");
Map<String,Boolean> entity = ImmutableMap.of("active", Boolean.FALSE); Map<String,Boolean> entity = ImmutableMap.of("active", Boolean.FALSE);
model.addAttribute("entity", entity); model.addAttribute("entity", entity);
return "jsonEntityView"; return JsonEntityView.VIEWNAME;
} }
// clientID is the principal name in the authentication // clientID is the principal name in the authentication
@ -120,7 +123,7 @@ public class IntrospectionEndpoint {
logger.error("Verify failed; Invalid refresh token", e2); logger.error("Verify failed; Invalid refresh token", e2);
Map<String,Boolean> entity = ImmutableMap.of("active", Boolean.FALSE); Map<String,Boolean> entity = ImmutableMap.of("active", Boolean.FALSE);
model.addAttribute("entity", entity); model.addAttribute("entity", entity);
return "jsonEntityView"; return JsonEntityView.VIEWNAME;
} }
} }
@ -130,22 +133,22 @@ public class IntrospectionEndpoint {
// if it's a valid token, we'll print out information on it // if it's a valid token, we'll print out information on it
model.addAttribute("token", token); model.addAttribute("token", token);
model.addAttribute("user", user); model.addAttribute("user", user);
return "tokenIntrospection"; return TokenIntrospectionView.VIEWNAME;
} else { } else {
logger.error("Verify failed; client configuration or scope don't permit token introspection"); logger.error("Verify failed; client configuration or scope don't permit token introspection");
model.addAttribute("code", HttpStatus.FORBIDDEN); model.addAttribute("code", HttpStatus.FORBIDDEN);
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} }
} else { } else {
logger.error("Verify failed; client " + clientId + " is not allowed to call introspection endpoint"); logger.error("Verify failed; client " + clientId + " is not allowed to call introspection endpoint");
model.addAttribute("code", HttpStatus.FORBIDDEN); model.addAttribute("code", HttpStatus.FORBIDDEN);
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} }
} else { } else {
// This is a bad error -- I think it means we have a token outstanding that doesn't map to a client? // This is a bad error -- I think it means we have a token outstanding that doesn't map to a client?
logger.error("Verify failed; client " + clientId + " not found."); logger.error("Verify failed; client " + clientId + " not found.");
model.addAttribute("code", HttpStatus.NOT_FOUND); model.addAttribute("code", HttpStatus.NOT_FOUND);
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} }
} }

9
openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java
View File

@ -35,6 +35,7 @@ import org.mitre.openid.connect.model.UserInfo;
import org.mitre.openid.connect.service.ScopeClaimTranslationService; import org.mitre.openid.connect.service.ScopeClaimTranslationService;
import org.mitre.openid.connect.service.StatsService; import org.mitre.openid.connect.service.StatsService;
import org.mitre.openid.connect.service.UserInfoService; import org.mitre.openid.connect.service.UserInfoService;
import org.mitre.openid.connect.view.HttpCodeView;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
@ -99,7 +100,7 @@ public class OAuthConfirmationController {
// we're not supposed to prompt, so "return an error" // we're not supposed to prompt, so "return an error"
logger.info("Client requested no prompt, returning 403 from confirmation endpoint"); logger.info("Client requested no prompt, returning 403 from confirmation endpoint");
model.put("code", HttpStatus.FORBIDDEN); model.put("code", HttpStatus.FORBIDDEN);
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} }
//AuthorizationRequest clientAuth = (AuthorizationRequest) model.remove("authorizationRequest"); //AuthorizationRequest clientAuth = (AuthorizationRequest) model.remove("authorizationRequest");
@ -111,17 +112,17 @@ public class OAuthConfirmationController {
} catch (OAuth2Exception e) { } catch (OAuth2Exception e) {
logger.error("confirmAccess: OAuth2Exception was thrown when attempting to load client", e); logger.error("confirmAccess: OAuth2Exception was thrown when attempting to load client", e);
model.put("code", HttpStatus.BAD_REQUEST); model.put("code", HttpStatus.BAD_REQUEST);
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} catch (IllegalArgumentException e) { } catch (IllegalArgumentException e) {
logger.error("confirmAccess: IllegalArgumentException was thrown when attempting to load client", e); logger.error("confirmAccess: IllegalArgumentException was thrown when attempting to load client", e);
model.put("code", HttpStatus.BAD_REQUEST); model.put("code", HttpStatus.BAD_REQUEST);
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} }
if (client == null) { if (client == null) {
logger.error("confirmAccess: could not find client " + authRequest.getClientId()); logger.error("confirmAccess: could not find client " + authRequest.getClientId());
model.put("code", HttpStatus.NOT_FOUND); model.put("code", HttpStatus.NOT_FOUND);
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} }
model.put("auth_request", authRequest); model.put("auth_request", authRequest);

11
openid-connect-server/src/main/java/org/mitre/oauth2/web/RevocationEndpoint.java
View File

@ -21,6 +21,7 @@ import java.security.Principal;
import org.mitre.oauth2.model.OAuth2AccessTokenEntity; import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
import org.mitre.oauth2.model.OAuth2RefreshTokenEntity; import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
import org.mitre.oauth2.service.OAuth2TokenEntityService; import org.mitre.oauth2.service.OAuth2TokenEntityService;
import org.mitre.openid.connect.view.HttpCodeView;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
@ -63,14 +64,14 @@ public class RevocationEndpoint {
if (!accessToken.getClient().getClientId().equals(authRequest.getClientId())) { if (!accessToken.getClient().getClientId().equals(authRequest.getClientId())) {
// trying to revoke a token we don't own, throw a 403 // trying to revoke a token we don't own, throw a 403
model.addAttribute("code", HttpStatus.FORBIDDEN); model.addAttribute("code", HttpStatus.FORBIDDEN);
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} }
} }
// if we got this far, we're allowed to do this // if we got this far, we're allowed to do this
tokenServices.revokeAccessToken(accessToken); tokenServices.revokeAccessToken(accessToken);
model.addAttribute("code", HttpStatus.OK); model.addAttribute("code", HttpStatus.OK);
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} catch (InvalidTokenException e) { } catch (InvalidTokenException e) {
@ -83,21 +84,21 @@ public class RevocationEndpoint {
if (!refreshToken.getClient().getClientId().equals(authRequest.getClientId())) { if (!refreshToken.getClient().getClientId().equals(authRequest.getClientId())) {
// trying to revoke a token we don't own, throw a 403 // trying to revoke a token we don't own, throw a 403
model.addAttribute("code", HttpStatus.FORBIDDEN); model.addAttribute("code", HttpStatus.FORBIDDEN);
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} }
} }
// if we got this far, we're allowed to do this // if we got this far, we're allowed to do this
tokenServices.revokeRefreshToken(refreshToken); tokenServices.revokeRefreshToken(refreshToken);
model.addAttribute("code", HttpStatus.OK); model.addAttribute("code", HttpStatus.OK);
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} catch (InvalidTokenException e1) { } catch (InvalidTokenException e1) {
// neither token type was found, simply say "OK" and be on our way. // neither token type was found, simply say "OK" and be on our way.
model.addAttribute("code", HttpStatus.OK); model.addAttribute("code", HttpStatus.OK);
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} }
} }
} }

25
openid-connect-server/src/main/java/org/mitre/oauth2/web/ScopeAPI.java
View File

@ -23,6 +23,9 @@ import java.util.Set;
import org.mitre.oauth2.model.SystemScope; import org.mitre.oauth2.model.SystemScope;
import org.mitre.oauth2.service.SystemScopeService; import org.mitre.oauth2.service.SystemScopeService;
import org.mitre.openid.connect.view.HttpCodeView;
import org.mitre.openid.connect.view.JsonEntityView;
import org.mitre.openid.connect.view.JsonErrorView;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
@ -60,7 +63,7 @@ public class ScopeAPI {
m.put("entity", allScopes); m.put("entity", allScopes);
return "jsonEntityView"; return JsonEntityView.VIEWNAME;
} }
@RequestMapping(value = "/{id}", method = RequestMethod.GET, produces = "application/json") @RequestMapping(value = "/{id}", method = RequestMethod.GET, produces = "application/json")
@ -72,14 +75,14 @@ public class ScopeAPI {
m.put("entity", scope); m.put("entity", scope);
return "jsonEntityView"; return JsonEntityView.VIEWNAME;
} else { } else {
logger.error("getScope failed; scope not found: " + id); logger.error("getScope failed; scope not found: " + id);
m.put("code", HttpStatus.NOT_FOUND); m.put("code", HttpStatus.NOT_FOUND);
m.put("errorMessage", "The requested scope with id " + id + " could not be found."); m.put("errorMessage", "The requested scope with id " + id + " could not be found.");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} }
} }
@ -100,7 +103,7 @@ public class ScopeAPI {
m.put("entity", scope); m.put("entity", scope);
return "jsonEntityView"; return JsonEntityView.VIEWNAME;
} else { } else {
logger.error("updateScope failed; scope ids to not match: got " logger.error("updateScope failed; scope ids to not match: got "
@ -109,7 +112,7 @@ public class ScopeAPI {
m.put("code", HttpStatus.BAD_REQUEST); m.put("code", HttpStatus.BAD_REQUEST);
m.put("errorMessage", "Could not update scope. Scope ids to not match: got " m.put("errorMessage", "Could not update scope. Scope ids to not match: got "
+ existing.getId() + " and " + scope.getId()); + existing.getId() + " and " + scope.getId());
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} }
} else { } else {
@ -117,7 +120,7 @@ public class ScopeAPI {
logger.error("updateScope failed; scope with id " + id + " not found."); logger.error("updateScope failed; scope with id " + id + " not found.");
m.put("code", HttpStatus.NOT_FOUND); m.put("code", HttpStatus.NOT_FOUND);
m.put("errorMessage", "Could not update scope. The scope with id " + id + " could not be found."); m.put("errorMessage", "Could not update scope. The scope with id " + id + " could not be found.");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} }
} }
@ -132,7 +135,7 @@ public class ScopeAPI {
logger.error("Error: attempting to save a scope with a value that already exists: " + scope.getValue()); logger.error("Error: attempting to save a scope with a value that already exists: " + scope.getValue());
m.put("code", HttpStatus.CONFLICT); m.put("code", HttpStatus.CONFLICT);
m.put("errorMessage", "A scope with value " + scope.getValue() + " already exists, please choose a different value."); m.put("errorMessage", "A scope with value " + scope.getValue() + " already exists, please choose a different value.");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} }
scope = scopeService.save(scope); scope = scopeService.save(scope);
@ -141,13 +144,13 @@ public class ScopeAPI {
m.put("entity", scope); m.put("entity", scope);
return "jsonEntityView"; return JsonEntityView.VIEWNAME;
} else { } else {
logger.error("createScope failed; JSON was invalid: " + json); logger.error("createScope failed; JSON was invalid: " + json);
m.put("code", HttpStatus.BAD_REQUEST); m.put("code", HttpStatus.BAD_REQUEST);
m.put("errorMessage", "Could not save new scope " + scope + ". The scope service failed to return a saved entity."); m.put("errorMessage", "Could not save new scope " + scope + ". The scope service failed to return a saved entity.");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} }
} }
@ -161,13 +164,13 @@ public class ScopeAPI {
scopeService.remove(existing); scopeService.remove(existing);
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} else { } else {
logger.error("deleteScope failed; scope with id " + id + " not found."); logger.error("deleteScope failed; scope with id " + id + " not found.");
m.put("code", HttpStatus.NOT_FOUND); m.put("code", HttpStatus.NOT_FOUND);
m.put("errorMessage", "Could not delete scope. The requested scope with id " + id + " could not be found."); m.put("errorMessage", "Could not delete scope. The requested scope with id " + id + " could not be found.");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} }
} }

41
openid-connect-server/src/main/java/org/mitre/oauth2/web/TokenAPI.java
View File

@ -25,6 +25,9 @@ import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
import org.mitre.oauth2.model.OAuth2RefreshTokenEntity; import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
import org.mitre.oauth2.service.ClientDetailsEntityService; import org.mitre.oauth2.service.ClientDetailsEntityService;
import org.mitre.oauth2.service.OAuth2TokenEntityService; import org.mitre.oauth2.service.OAuth2TokenEntityService;
import org.mitre.oauth2.view.TokenApiView;
import org.mitre.openid.connect.view.HttpCodeView;
import org.mitre.openid.connect.view.JsonErrorView;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
@ -59,7 +62,7 @@ public class TokenAPI {
Set<OAuth2AccessTokenEntity> allTokens = tokenService.getAllAccessTokensForUser(p.getName()); Set<OAuth2AccessTokenEntity> allTokens = tokenService.getAllAccessTokensForUser(p.getName());
m.put("entity", allTokens); m.put("entity", allTokens);
return "tokenApiView"; return TokenApiView.VIEWNAME;
} }
@RequestMapping(value = "/access/{id}", method = RequestMethod.GET, produces = "application/json") @RequestMapping(value = "/access/{id}", method = RequestMethod.GET, produces = "application/json")
@ -71,15 +74,15 @@ public class TokenAPI {
logger.error("getToken failed; token not found: " + id); logger.error("getToken failed; token not found: " + id);
m.put("code", HttpStatus.NOT_FOUND); m.put("code", HttpStatus.NOT_FOUND);
m.put("errorMessage", "The requested token with id " + id + " could not be found."); m.put("errorMessage", "The requested token with id " + id + " could not be found.");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) { } else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) {
logger.error("getToken failed; token does not belong to principal " + p.getName()); logger.error("getToken failed; token does not belong to principal " + p.getName());
m.put("code", HttpStatus.FORBIDDEN); m.put("code", HttpStatus.FORBIDDEN);
m.put("errorMessage", "You do not have permission to view this token"); m.put("errorMessage", "You do not have permission to view this token");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} else { } else {
m.put("entity", token); m.put("entity", token);
return "tokenApiView"; return TokenApiView.VIEWNAME;
} }
} }
@ -92,16 +95,16 @@ public class TokenAPI {
logger.error("getToken failed; token not found: " + id); logger.error("getToken failed; token not found: " + id);
m.put("code", HttpStatus.NOT_FOUND); m.put("code", HttpStatus.NOT_FOUND);
m.put("errorMessage", "The requested token with id " + id + " could not be found."); m.put("errorMessage", "The requested token with id " + id + " could not be found.");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) { } else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) {
logger.error("getToken failed; token does not belong to principal " + p.getName()); logger.error("getToken failed; token does not belong to principal " + p.getName());
m.put("code", HttpStatus.FORBIDDEN); m.put("code", HttpStatus.FORBIDDEN);
m.put("errorMessage", "You do not have permission to view this token"); m.put("errorMessage", "You do not have permission to view this token");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} else { } else {
tokenService.revokeAccessToken(token); tokenService.revokeAccessToken(token);
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} }
} }
@ -114,12 +117,12 @@ public class TokenAPI {
if (client != null) { if (client != null) {
List<OAuth2AccessTokenEntity> tokens = tokenService.getAccessTokensForClient(client); List<OAuth2AccessTokenEntity> tokens = tokenService.getAccessTokensForClient(client);
m.put("entity", tokens); m.put("entity", tokens);
return "tokenApiView"; return TokenApiView.VIEWNAME;
} else { } else {
// client not found // client not found
m.put("code", HttpStatus.NOT_FOUND); m.put("code", HttpStatus.NOT_FOUND);
m.put("errorMessage", "The requested client with id " + clientId + " could not be found."); m.put("errorMessage", "The requested client with id " + clientId + " could not be found.");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} }
} }
@ -134,17 +137,17 @@ public class TokenAPI {
OAuth2AccessTokenEntity token = tokenService.getRegistrationAccessTokenForClient(client); OAuth2AccessTokenEntity token = tokenService.getRegistrationAccessTokenForClient(client);
if (token != null) { if (token != null) {
m.put("entity", token); m.put("entity", token);
return "tokenApiView"; return TokenApiView.VIEWNAME;
} else { } else {
m.put("code", HttpStatus.NOT_FOUND); m.put("code", HttpStatus.NOT_FOUND);
m.put("errorMessage", "No registration token could be found."); m.put("errorMessage", "No registration token could be found.");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} }
} else { } else {
// client not found // client not found
m.put("code", HttpStatus.NOT_FOUND); m.put("code", HttpStatus.NOT_FOUND);
m.put("errorMessage", "The requested client with id " + clientId + " could not be found."); m.put("errorMessage", "The requested client with id " + clientId + " could not be found.");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} }
} }
@ -154,7 +157,7 @@ public class TokenAPI {
Set<OAuth2RefreshTokenEntity> allTokens = tokenService.getAllRefreshTokensForUser(p.getName()); Set<OAuth2RefreshTokenEntity> allTokens = tokenService.getAllRefreshTokensForUser(p.getName());
m.put("entity", allTokens); m.put("entity", allTokens);
return "tokenApiView"; return TokenApiView.VIEWNAME;
} }
@ -168,15 +171,15 @@ public class TokenAPI {
logger.error("refresh token not found: " + id); logger.error("refresh token not found: " + id);
m.put("code", HttpStatus.NOT_FOUND); m.put("code", HttpStatus.NOT_FOUND);
m.put("errorMessage", "The requested token with id " + id + " could not be found."); m.put("errorMessage", "The requested token with id " + id + " could not be found.");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) { } else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) {
logger.error("refresh token " + id + " does not belong to principal " + p.getName()); logger.error("refresh token " + id + " does not belong to principal " + p.getName());
m.put("code", HttpStatus.FORBIDDEN); m.put("code", HttpStatus.FORBIDDEN);
m.put("errorMessage", "You do not have permission to view this token"); m.put("errorMessage", "You do not have permission to view this token");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} else { } else {
m.put("entity", token); m.put("entity", token);
return "tokenApiView"; return TokenApiView.VIEWNAME;
} }
} }
@ -189,16 +192,16 @@ public class TokenAPI {
logger.error("refresh token not found: " + id); logger.error("refresh token not found: " + id);
m.put("code", HttpStatus.NOT_FOUND); m.put("code", HttpStatus.NOT_FOUND);
m.put("errorMessage", "The requested token with id " + id + " could not be found."); m.put("errorMessage", "The requested token with id " + id + " could not be found.");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) { } else if (!token.getAuthenticationHolder().getAuthentication().getName().equals(p.getName())) {
logger.error("refresh token " + id + " does not belong to principal " + p.getName()); logger.error("refresh token " + id + " does not belong to principal " + p.getName());
m.put("code", HttpStatus.FORBIDDEN); m.put("code", HttpStatus.FORBIDDEN);
m.put("errorMessage", "You do not have permission to view this token"); m.put("errorMessage", "You do not have permission to view this token");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} else { } else {
tokenService.revokeRefreshToken(token); tokenService.revokeRefreshToken(token);
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} }
} }

3
openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientEntityViewForAdmins.java
View File

@ -36,9 +36,10 @@ import com.google.gson.FieldAttributes;
* @author jricher * @author jricher
* *
*/ */
@Component("clientEntityViewAdmins") @Component(ClientEntityViewForAdmins.VIEWNAME)
public class ClientEntityViewForAdmins extends AbstractClientEntityView { public class ClientEntityViewForAdmins extends AbstractClientEntityView {
public static final String VIEWNAME = "clientEntityViewAdmins";
private Set<String> blacklistedFields = ImmutableSet.of("additionalInformation"); private Set<String> blacklistedFields = ImmutableSet.of("additionalInformation");
/** /**

4
openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientEntityViewForUsers.java
View File

@ -37,11 +37,13 @@ import com.google.gson.FieldAttributes;
* @author jricher * @author jricher
* *
*/ */
@Component("clientEntityViewUsers") @Component(ClientEntityViewForUsers.VIEWNAME)
public class ClientEntityViewForUsers extends AbstractClientEntityView { public class ClientEntityViewForUsers extends AbstractClientEntityView {
private Set<String> whitelistedFields = ImmutableSet.of("clientName", "clientId", "id", "clientDescription", "scope", "logoUri"); private Set<String> whitelistedFields = ImmutableSet.of("clientName", "clientId", "id", "clientDescription", "scope", "logoUri");
public static final String VIEWNAME = "clientEntityViewUsers";
/* (non-Javadoc) /* (non-Javadoc)
* @see org.mitre.openid.connect.view.AbstractClientEntityView#getExclusionStrategy() * @see org.mitre.openid.connect.view.AbstractClientEntityView#getExclusionStrategy()
*/ */

4
openid-connect-server/src/main/java/org/mitre/openid/connect/view/ClientInformationResponseView.java
View File

@ -46,11 +46,13 @@ import com.google.gson.JsonObject;
* @author jricher * @author jricher
* *
*/ */
@Component("clientInformationResponseView") @Component(ClientInformationResponseView.VIEWNAME)
public class ClientInformationResponseView extends AbstractView { public class ClientInformationResponseView extends AbstractView {
private static Logger logger = LoggerFactory.getLogger(ClientInformationResponseView.class); private static Logger logger = LoggerFactory.getLogger(ClientInformationResponseView.class);
public static final String VIEWNAME = "clientInformationResponseView";
// note that this won't serialize nulls by default // note that this won't serialize nulls by default
private Gson gson = new Gson(); private Gson gson = new Gson();

4
openid-connect-server/src/main/java/org/mitre/openid/connect/view/HttpCodeView.java
View File

@ -33,9 +33,11 @@ import org.springframework.web.servlet.view.AbstractView;
* @author jricher * @author jricher
* *
*/ */
@Component("httpCodeView") @Component(HttpCodeView.VIEWNAME)
public class HttpCodeView extends AbstractView { public class HttpCodeView extends AbstractView {
public static final String VIEWNAME = "httpCodeView";
@Override @Override
protected void renderMergedOutputModel(Map<String, Object> model, HttpServletRequest request, HttpServletResponse response) { protected void renderMergedOutputModel(Map<String, Object> model, HttpServletRequest request, HttpServletResponse response) {
HttpStatus code = (HttpStatus) model.get("code"); HttpStatus code = (HttpStatus) model.get("code");

4
openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonApprovedSiteView.java
View File

@ -49,11 +49,13 @@ import com.google.gson.JsonSerializer;
* @author jricher * @author jricher
* *
*/ */
@Component("jsonApprovedSiteView") @Component(JsonApprovedSiteView.VIEWNAME)
public class JsonApprovedSiteView extends AbstractView { public class JsonApprovedSiteView extends AbstractView {
private static Logger logger = LoggerFactory.getLogger(JsonApprovedSiteView.class); private static Logger logger = LoggerFactory.getLogger(JsonApprovedSiteView.class);
public static final String VIEWNAME = "jsonApprovedSiteView";
private Gson gson = new GsonBuilder() private Gson gson = new GsonBuilder()
.setExclusionStrategies(new ExclusionStrategy() { .setExclusionStrategies(new ExclusionStrategy() {

4
openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonEntityView.java
View File

@ -42,11 +42,13 @@ import com.google.gson.GsonBuilder;
* @author jricher * @author jricher
* *
*/ */
@Component("jsonEntityView") @Component(JsonEntityView.VIEWNAME)
public class JsonEntityView extends AbstractView { public class JsonEntityView extends AbstractView {
private static Logger logger = LoggerFactory.getLogger(JsonEntityView.class); private static Logger logger = LoggerFactory.getLogger(JsonEntityView.class);
public static final String VIEWNAME = "jsonEntityView";
private Gson gson = new GsonBuilder() private Gson gson = new GsonBuilder()
.setExclusionStrategies(new ExclusionStrategy() { .setExclusionStrategies(new ExclusionStrategy() {

4
openid-connect-server/src/main/java/org/mitre/openid/connect/view/JsonErrorView.java
View File

@ -41,11 +41,13 @@ import com.google.gson.JsonObject;
* @author aanganes, jricher * @author aanganes, jricher
* *
*/ */
@Component("jsonErrorView") @Component(JsonErrorView.VIEWNAME)
public class JsonErrorView extends AbstractView { public class JsonErrorView extends AbstractView {
private static Logger logger = LoggerFactory.getLogger(JsonEntityView.class); private static Logger logger = LoggerFactory.getLogger(JsonEntityView.class);
public static final String VIEWNAME = "jsonErrorView";
private Gson gson = new GsonBuilder() private Gson gson = new GsonBuilder()
.setExclusionStrategies(new ExclusionStrategy() { .setExclusionStrategies(new ExclusionStrategy() {

4
openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoJwtView.java
View File

@ -56,11 +56,13 @@ import com.nimbusds.jwt.SignedJWT;
* @author jricher * @author jricher
* *
*/ */
@Component("userInfoJwtView") @Component(UserInfoJwtView.VIEWNAME)
public class UserInfoJwtView extends UserInfoView { public class UserInfoJwtView extends UserInfoView {
private static Logger logger = LoggerFactory.getLogger(UserInfoJwtView.class); private static Logger logger = LoggerFactory.getLogger(UserInfoJwtView.class);
public static final String VIEWNAME = "userInfoJwtView";
@Autowired @Autowired
private JwtSigningAndValidationService jwtService; private JwtSigningAndValidationService jwtService;

4
openid-connect-server/src/main/java/org/mitre/openid/connect/view/UserInfoView.java
View File

@ -43,11 +43,13 @@ import com.google.gson.JsonElement;
import com.google.gson.JsonObject; import com.google.gson.JsonObject;
import com.google.gson.JsonParser; import com.google.gson.JsonParser;
@Component("userInfoView") @Component(UserInfoView.VIEWNAME)
public class UserInfoView extends AbstractView { public class UserInfoView extends AbstractView {
private static JsonParser jsonParser = new JsonParser(); private static JsonParser jsonParser = new JsonParser();
public static final String VIEWNAME = "userInfoView";
private static Logger logger = LoggerFactory.getLogger(UserInfoView.class); private static Logger logger = LoggerFactory.getLogger(UserInfoView.class);
@Autowired @Autowired

17
openid-connect-server/src/main/java/org/mitre/openid/connect/web/ApprovedSiteAPI.java
View File

@ -25,6 +25,9 @@ import java.util.Collection;
import org.mitre.oauth2.service.OAuth2TokenEntityService; import org.mitre.oauth2.service.OAuth2TokenEntityService;
import org.mitre.openid.connect.model.ApprovedSite; import org.mitre.openid.connect.model.ApprovedSite;
import org.mitre.openid.connect.service.ApprovedSiteService; import org.mitre.openid.connect.service.ApprovedSiteService;
import org.mitre.openid.connect.view.HttpCodeView;
import org.mitre.openid.connect.view.JsonApprovedSiteView;
import org.mitre.openid.connect.view.JsonErrorView;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
@ -65,7 +68,7 @@ public class ApprovedSiteAPI {
m.put("entity", all); m.put("entity", all);
return "jsonApprovedSiteView"; return JsonApprovedSiteView.VIEWNAME;
} }
/** /**
@ -80,19 +83,19 @@ public class ApprovedSiteAPI {
logger.error("deleteApprovedSite failed; no approved site found for id: " + id); logger.error("deleteApprovedSite failed; no approved site found for id: " + id);
m.put("code", HttpStatus.NOT_FOUND); m.put("code", HttpStatus.NOT_FOUND);
m.put("errorMessage", "Could not delete approved site. The requested approved site with id: " + id + " could not be found."); m.put("errorMessage", "Could not delete approved site. The requested approved site with id: " + id + " could not be found.");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} else if (!approvedSite.getUserId().equals(p.getName())) { } else if (!approvedSite.getUserId().equals(p.getName())) {
logger.error("deleteApprovedSite failed; principal " logger.error("deleteApprovedSite failed; principal "
+ p.getName() + " does not own approved site" + id); + p.getName() + " does not own approved site" + id);
m.put("code", HttpStatus.FORBIDDEN); m.put("code", HttpStatus.FORBIDDEN);
m.put("errorMessage", "You do not have permission to delete this approved site. The approved site decision will not be deleted."); m.put("errorMessage", "You do not have permission to delete this approved site. The approved site decision will not be deleted.");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} else { } else {
m.put("code", HttpStatus.OK); m.put("code", HttpStatus.OK);
approvedSiteService.remove(approvedSite); approvedSiteService.remove(approvedSite);
} }
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} }
/** /**
@ -105,16 +108,16 @@ public class ApprovedSiteAPI {
logger.error("getApprovedSite failed; no approved site found for id: " + id); logger.error("getApprovedSite failed; no approved site found for id: " + id);
m.put("code", HttpStatus.NOT_FOUND); m.put("code", HttpStatus.NOT_FOUND);
m.put("errorMessage", "The requested approved site with id: " + id + " could not be found."); m.put("errorMessage", "The requested approved site with id: " + id + " could not be found.");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} else if (!approvedSite.getUserId().equals(p.getName())) { } else if (!approvedSite.getUserId().equals(p.getName())) {
logger.error("getApprovedSite failed; principal " logger.error("getApprovedSite failed; principal "
+ p.getName() + " does not own approved site" + id); + p.getName() + " does not own approved site" + id);
m.put("code", HttpStatus.FORBIDDEN); m.put("code", HttpStatus.FORBIDDEN);
m.put("errorMessage", "You do not have permission to view this approved site."); m.put("errorMessage", "You do not have permission to view this approved site.");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} else { } else {
m.put("entity", approvedSite); m.put("entity", approvedSite);
return "jsonApprovedSiteView"; return JsonApprovedSiteView.VIEWNAME;
} }
} }

27
openid-connect-server/src/main/java/org/mitre/openid/connect/web/BlacklistAPI.java
View File

@ -24,6 +24,9 @@ import java.util.Collection;
import org.mitre.openid.connect.model.BlacklistedSite; import org.mitre.openid.connect.model.BlacklistedSite;
import org.mitre.openid.connect.service.BlacklistedSiteService; import org.mitre.openid.connect.service.BlacklistedSiteService;
import org.mitre.openid.connect.view.HttpCodeView;
import org.mitre.openid.connect.view.JsonEntityView;
import org.mitre.openid.connect.view.JsonErrorView;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
@ -70,7 +73,7 @@ public class BlacklistAPI {
m.put("entity", all); m.put("entity", all);
return "jsonEntityView"; return JsonEntityView.VIEWNAME;
} }
/** /**
@ -99,15 +102,15 @@ public class BlacklistAPI {
logger.error("addNewBlacklistedSite failed due to JsonSyntaxException: ", e); logger.error("addNewBlacklistedSite failed due to JsonSyntaxException: ", e);
m.put("code", HttpStatus.BAD_REQUEST); m.put("code", HttpStatus.BAD_REQUEST);
m.put("errorMessage", "Could not save new blacklisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); m.put("errorMessage", "Could not save new blacklisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance.");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} catch (IllegalStateException e) { } catch (IllegalStateException e) {
logger.error("addNewBlacklistedSite failed due to IllegalStateException", e); logger.error("addNewBlacklistedSite failed due to IllegalStateException", e);
m.put("code", HttpStatus.BAD_REQUEST); m.put("code", HttpStatus.BAD_REQUEST);
m.put("errorMessage", "Could not save new blacklisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); m.put("errorMessage", "Could not save new blacklisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance.");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} }
return "jsonEntityView"; return JsonEntityView.VIEWNAME;
} }
@ -131,12 +134,12 @@ public class BlacklistAPI {
logger.error("updateBlacklistedSite failed due to JsonSyntaxException", e); logger.error("updateBlacklistedSite failed due to JsonSyntaxException", e);
m.put("code", HttpStatus.BAD_REQUEST); m.put("code", HttpStatus.BAD_REQUEST);
m.put("errorMessage", "Could not update blacklisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); m.put("errorMessage", "Could not update blacklisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance.");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} catch (IllegalStateException e) { } catch (IllegalStateException e) {
logger.error("updateBlacklistedSite failed due to IllegalStateException", e); logger.error("updateBlacklistedSite failed due to IllegalStateException", e);
m.put("code", HttpStatus.BAD_REQUEST); m.put("code", HttpStatus.BAD_REQUEST);
m.put("errorMessage", "Could not update blacklisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); m.put("errorMessage", "Could not update blacklisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance.");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} }
@ -146,14 +149,14 @@ public class BlacklistAPI {
logger.error("updateBlacklistedSite failed; blacklist with id " + id + " could not be found"); logger.error("updateBlacklistedSite failed; blacklist with id " + id + " could not be found");
m.put("code", HttpStatus.NOT_FOUND); m.put("code", HttpStatus.NOT_FOUND);
m.put("errorMessage", "Could not update blacklisted site. The requested blacklist with id " + id + "could not be found."); m.put("errorMessage", "Could not update blacklisted site. The requested blacklist with id " + id + "could not be found.");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} else { } else {
BlacklistedSite newBlacklist = blacklistService.update(oldBlacklist, blacklist); BlacklistedSite newBlacklist = blacklistService.update(oldBlacklist, blacklist);
m.put("entity", newBlacklist); m.put("entity", newBlacklist);
return "jsonEntityView"; return JsonEntityView.VIEWNAME;
} }
} }
@ -168,13 +171,13 @@ public class BlacklistAPI {
if (blacklist == null) { if (blacklist == null) {
logger.error("deleteBlacklistedSite failed; blacklist with id " + id + " could not be found"); logger.error("deleteBlacklistedSite failed; blacklist with id " + id + " could not be found");
m.put("errorMessage", "Could not delete bladklist. The requested bladklist with id " + id + " could not be found."); m.put("errorMessage", "Could not delete bladklist. The requested bladklist with id " + id + " could not be found.");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} else { } else {
m.put("code", HttpStatus.OK); m.put("code", HttpStatus.OK);
blacklistService.remove(blacklist); blacklistService.remove(blacklist);
} }
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} }
/** /**
@ -187,12 +190,12 @@ public class BlacklistAPI {
logger.error("getBlacklistedSite failed; blacklist with id " + id + " could not be found"); logger.error("getBlacklistedSite failed; blacklist with id " + id + " could not be found");
m.put("code", HttpStatus.NOT_FOUND); m.put("code", HttpStatus.NOT_FOUND);
m.put("errorMessage", "Could not delete bladklist. The requested bladklist with id " + id + " could not be found."); m.put("errorMessage", "Could not delete bladklist. The requested bladklist with id " + id + " could not be found.");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} else { } else {
m.put("entity", blacklist); m.put("entity", blacklist);
return "jsonEntityView"; return JsonEntityView.VIEWNAME;
} }
} }

44
openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientAPI.java
View File

@ -26,6 +26,10 @@ import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod; import org.mitre.oauth2.model.ClientDetailsEntity.AuthMethod;
import org.mitre.oauth2.service.ClientDetailsEntityService; import org.mitre.oauth2.service.ClientDetailsEntityService;
import org.mitre.openid.connect.service.UserInfoService; import org.mitre.openid.connect.service.UserInfoService;
import org.mitre.openid.connect.view.ClientEntityViewForAdmins;
import org.mitre.openid.connect.view.ClientEntityViewForUsers;
import org.mitre.openid.connect.view.HttpCodeView;
import org.mitre.openid.connect.view.JsonErrorView;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
@ -118,9 +122,9 @@ public class ClientAPI {
model.addAttribute("entity", clients); model.addAttribute("entity", clients);
if (isAdmin(auth)) { if (isAdmin(auth)) {
return "clientEntityViewAdmins"; return ClientEntityViewForAdmins.VIEWNAME;
} else { } else {
return "clientEntityViewUsers"; return ClientEntityViewForUsers.VIEWNAME;
} }
} }
@ -146,12 +150,12 @@ public class ClientAPI {
logger.error("apiAddClient failed due to JsonSyntaxException", e); logger.error("apiAddClient failed due to JsonSyntaxException", e);
m.addAttribute("code", HttpStatus.BAD_REQUEST); m.addAttribute("code", HttpStatus.BAD_REQUEST);
m.addAttribute("errorMessage", "Could not save new client. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); m.addAttribute("errorMessage", "Could not save new client. The server encountered a JSON syntax exception. Contact a system administrator for assistance.");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} catch (IllegalStateException e) { } catch (IllegalStateException e) {
logger.error("apiAddClient failed due to IllegalStateException", e); logger.error("apiAddClient failed due to IllegalStateException", e);
m.addAttribute("code", HttpStatus.BAD_REQUEST); m.addAttribute("code", HttpStatus.BAD_REQUEST);
m.addAttribute("errorMessage", "Could not save new client. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); m.addAttribute("errorMessage", "Could not save new client. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance.");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} }
// if they leave the client identifier empty, force it to be generated // if they leave the client identifier empty, force it to be generated
@ -181,7 +185,7 @@ public class ClientAPI {
logger.error("tried to create client with private key auth but no private key"); logger.error("tried to create client with private key auth but no private key");
m.addAttribute("code", HttpStatus.BAD_REQUEST); m.addAttribute("code", HttpStatus.BAD_REQUEST);
m.addAttribute("errorMessage", "Can not create a client with private key authentication without registering a key via the JWS Set URI."); m.addAttribute("errorMessage", "Can not create a client with private key authentication without registering a key via the JWS Set URI.");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} }
// otherwise we shouldn't have a secret for this client // otherwise we shouldn't have a secret for this client
@ -192,7 +196,7 @@ public class ClientAPI {
logger.error("unknown auth method"); logger.error("unknown auth method");
m.addAttribute("code", HttpStatus.BAD_REQUEST); m.addAttribute("code", HttpStatus.BAD_REQUEST);
m.addAttribute("errorMessage", "Unknown auth method requested"); m.addAttribute("errorMessage", "Unknown auth method requested");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} }
@ -203,9 +207,9 @@ public class ClientAPI {
m.addAttribute("entity", newClient); m.addAttribute("entity", newClient);
if (isAdmin(auth)) { if (isAdmin(auth)) {
return "clientEntityViewAdmins"; return ClientEntityViewForAdmins.VIEWNAME;
} else { } else {
return "clientEntityViewUsers"; return ClientEntityViewForUsers.VIEWNAME;
} }
} }
@ -233,12 +237,12 @@ public class ClientAPI {
logger.error("apiUpdateClient failed due to JsonSyntaxException", e); logger.error("apiUpdateClient failed due to JsonSyntaxException", e);
m.addAttribute("code", HttpStatus.BAD_REQUEST); m.addAttribute("code", HttpStatus.BAD_REQUEST);
m.addAttribute("errorMessage", "Could not update client. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); m.addAttribute("errorMessage", "Could not update client. The server encountered a JSON syntax exception. Contact a system administrator for assistance.");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} catch (IllegalStateException e) { } catch (IllegalStateException e) {
logger.error("apiUpdateClient failed due to IllegalStateException", e); logger.error("apiUpdateClient failed due to IllegalStateException", e);
m.addAttribute("code", HttpStatus.BAD_REQUEST); m.addAttribute("code", HttpStatus.BAD_REQUEST);
m.addAttribute("errorMessage", "Could not update client. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); m.addAttribute("errorMessage", "Could not update client. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance.");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} }
ClientDetailsEntity oldClient = clientService.getClientById(id); ClientDetailsEntity oldClient = clientService.getClientById(id);
@ -247,7 +251,7 @@ public class ClientAPI {
logger.error("apiUpdateClient failed; client with id " + id + " could not be found."); logger.error("apiUpdateClient failed; client with id " + id + " could not be found.");
m.addAttribute("code", HttpStatus.NOT_FOUND); m.addAttribute("code", HttpStatus.NOT_FOUND);
m.addAttribute("errorMessage", "Could not update client. The requested client with id " + id + "could not be found."); m.addAttribute("errorMessage", "Could not update client. The requested client with id " + id + "could not be found.");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} }
// if they leave the client identifier empty, force it to be generated // if they leave the client identifier empty, force it to be generated
@ -277,7 +281,7 @@ public class ClientAPI {
logger.error("tried to create client with private key auth but no private key"); logger.error("tried to create client with private key auth but no private key");
m.addAttribute("code", HttpStatus.BAD_REQUEST); m.addAttribute("code", HttpStatus.BAD_REQUEST);
m.addAttribute("errorMessage", "Can not create a client with private key authentication without registering a key via the JWS Set URI."); m.addAttribute("errorMessage", "Can not create a client with private key authentication without registering a key via the JWS Set URI.");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} }
// otherwise we shouldn't have a secret for this client // otherwise we shouldn't have a secret for this client
@ -288,7 +292,7 @@ public class ClientAPI {
logger.error("unknown auth method"); logger.error("unknown auth method");
m.addAttribute("code", HttpStatus.BAD_REQUEST); m.addAttribute("code", HttpStatus.BAD_REQUEST);
m.addAttribute("errorMessage", "Unknown auth method requested"); m.addAttribute("errorMessage", "Unknown auth method requested");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} }
@ -297,9 +301,9 @@ public class ClientAPI {
m.addAttribute("entity", newClient); m.addAttribute("entity", newClient);
if (isAdmin(auth)) { if (isAdmin(auth)) {
return "clientEntityViewAdmins"; return ClientEntityViewForAdmins.VIEWNAME;
} else { } else {
return "clientEntityViewUsers"; return ClientEntityViewForUsers.VIEWNAME;
} }
} }
@ -319,13 +323,13 @@ public class ClientAPI {
logger.error("apiDeleteClient failed; client with id " + id + " could not be found."); logger.error("apiDeleteClient failed; client with id " + id + " could not be found.");
modelAndView.getModelMap().put("code", HttpStatus.NOT_FOUND); modelAndView.getModelMap().put("code", HttpStatus.NOT_FOUND);
modelAndView.getModelMap().put("errorMessage", "Could not delete client. The requested client with id " + id + "could not be found."); modelAndView.getModelMap().put("errorMessage", "Could not delete client. The requested client with id " + id + "could not be found.");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} else { } else {
modelAndView.getModelMap().put("code", HttpStatus.OK); modelAndView.getModelMap().put("code", HttpStatus.OK);
clientService.deleteClient(client); clientService.deleteClient(client);
} }
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} }
@ -344,15 +348,15 @@ public class ClientAPI {
logger.error("apiShowClient failed; client with id " + id + " could not be found."); logger.error("apiShowClient failed; client with id " + id + " could not be found.");
model.addAttribute("code", HttpStatus.NOT_FOUND); model.addAttribute("code", HttpStatus.NOT_FOUND);
model.addAttribute("errorMessage", "The requested client with id " + id + " could not be found."); model.addAttribute("errorMessage", "The requested client with id " + id + " could not be found.");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} }
model.addAttribute("entity", client); model.addAttribute("entity", client);
if (isAdmin(auth)) { if (isAdmin(auth)) {
return "clientEntityViewAdmins"; return ClientEntityViewForAdmins.VIEWNAME;
} else { } else {
return "clientEntityViewUsers"; return ClientEntityViewForUsers.VIEWNAME;
} }
} }

37
openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java
View File

@ -37,6 +37,9 @@ import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
import org.mitre.openid.connect.exception.ValidationException; import org.mitre.openid.connect.exception.ValidationException;
import org.mitre.openid.connect.service.BlacklistedSiteService; import org.mitre.openid.connect.service.BlacklistedSiteService;
import org.mitre.openid.connect.service.OIDCTokenService; import org.mitre.openid.connect.service.OIDCTokenService;
import org.mitre.openid.connect.view.ClientInformationResponseView;
import org.mitre.openid.connect.view.HttpCodeView;
import org.mitre.openid.connect.view.JsonErrorView;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
@ -102,7 +105,7 @@ public class ClientDynamicRegistrationEndpoint {
// didn't parse, this is a bad request // didn't parse, this is a bad request
logger.error("registerNewClient failed; submitted JSON is malformed"); logger.error("registerNewClient failed; submitted JSON is malformed");
m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400 m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} }
if (newClient != null) { if (newClient != null) {
@ -128,7 +131,7 @@ public class ClientDynamicRegistrationEndpoint {
m.addAttribute("error", ve.getError()); m.addAttribute("error", ve.getError());
m.addAttribute("errorMessage", ve.getErrorDescription()); m.addAttribute("errorMessage", ve.getErrorDescription());
m.addAttribute("code", ve.getStatus()); m.addAttribute("code", ve.getStatus());
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} }
if (newClient.getTokenEndpointAuthMethod() == null) { if (newClient.getTokenEndpointAuthMethod() == null) {
@ -168,11 +171,11 @@ public class ClientDynamicRegistrationEndpoint {
m.addAttribute("client", registered); m.addAttribute("client", registered);
m.addAttribute("code", HttpStatus.CREATED); // http 201 m.addAttribute("code", HttpStatus.CREATED); // http 201
return "clientInformationResponseView"; return ClientInformationResponseView.VIEWNAME;
} catch (UnsupportedEncodingException e) { } catch (UnsupportedEncodingException e) {
logger.error("Unsupported encoding", e); logger.error("Unsupported encoding", e);
m.addAttribute("code", HttpStatus.INTERNAL_SERVER_ERROR); m.addAttribute("code", HttpStatus.INTERNAL_SERVER_ERROR);
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} catch (IllegalArgumentException e) { } catch (IllegalArgumentException e) {
logger.error("Couldn't save client", e); logger.error("Couldn't save client", e);
@ -180,14 +183,14 @@ public class ClientDynamicRegistrationEndpoint {
m.addAttribute("errorMessage", "Unable to save client due to invalid or inconsistent metadata."); m.addAttribute("errorMessage", "Unable to save client due to invalid or inconsistent metadata.");
m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400 m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} }
} else { } else {
// didn't parse, this is a bad request // didn't parse, this is a bad request
logger.error("registerNewClient failed; submitted JSON is malformed"); logger.error("registerNewClient failed; submitted JSON is malformed");
m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400 m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} }
} }
@ -215,11 +218,11 @@ public class ClientDynamicRegistrationEndpoint {
m.addAttribute("client", registered); m.addAttribute("client", registered);
m.addAttribute("code", HttpStatus.OK); // http 200 m.addAttribute("code", HttpStatus.OK); // http 200
return "clientInformationResponseView"; return ClientInformationResponseView.VIEWNAME;
} catch (UnsupportedEncodingException e) { } catch (UnsupportedEncodingException e) {
logger.error("Unsupported encoding", e); logger.error("Unsupported encoding", e);
m.addAttribute("code", HttpStatus.INTERNAL_SERVER_ERROR); m.addAttribute("code", HttpStatus.INTERNAL_SERVER_ERROR);
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} }
} else { } else {
@ -228,7 +231,7 @@ public class ClientDynamicRegistrationEndpoint {
+ clientId + " and " + auth.getOAuth2Request().getClientId() + " do not match."); + clientId + " and " + auth.getOAuth2Request().getClientId() + " do not match.");
m.addAttribute("code", HttpStatus.FORBIDDEN); // http 403 m.addAttribute("code", HttpStatus.FORBIDDEN); // http 403
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} }
} }
@ -253,7 +256,7 @@ public class ClientDynamicRegistrationEndpoint {
// didn't parse, this is a bad request // didn't parse, this is a bad request
logger.error("updateClient failed; submitted JSON is malformed"); logger.error("updateClient failed; submitted JSON is malformed");
m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400 m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} }
ClientDetailsEntity oldClient = clientService.loadClientByClientId(clientId); ClientDetailsEntity oldClient = clientService.loadClientByClientId(clientId);
@ -288,7 +291,7 @@ public class ClientDynamicRegistrationEndpoint {
m.addAttribute("error", ve.getError()); m.addAttribute("error", ve.getError());
m.addAttribute("errorMessage", ve.getErrorDescription()); m.addAttribute("errorMessage", ve.getErrorDescription());
m.addAttribute("code", ve.getStatus()); m.addAttribute("code", ve.getStatus());
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} }
try { try {
@ -303,11 +306,11 @@ public class ClientDynamicRegistrationEndpoint {
m.addAttribute("client", registered); m.addAttribute("client", registered);
m.addAttribute("code", HttpStatus.OK); // http 200 m.addAttribute("code", HttpStatus.OK); // http 200
return "clientInformationResponseView"; return ClientInformationResponseView.VIEWNAME;
} catch (UnsupportedEncodingException e) { } catch (UnsupportedEncodingException e) {
logger.error("Unsupported encoding", e); logger.error("Unsupported encoding", e);
m.addAttribute("code", HttpStatus.INTERNAL_SERVER_ERROR); m.addAttribute("code", HttpStatus.INTERNAL_SERVER_ERROR);
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} catch (IllegalArgumentException e) { } catch (IllegalArgumentException e) {
logger.error("Couldn't save client", e); logger.error("Couldn't save client", e);
@ -315,7 +318,7 @@ public class ClientDynamicRegistrationEndpoint {
m.addAttribute("errorMessage", "Unable to save client due to invalid or inconsistent metadata."); m.addAttribute("errorMessage", "Unable to save client due to invalid or inconsistent metadata.");
m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400 m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} }
} else { } else {
// client mismatch // client mismatch
@ -323,7 +326,7 @@ public class ClientDynamicRegistrationEndpoint {
+ clientId + " and " + auth.getOAuth2Request().getClientId() + " do not match."); + clientId + " and " + auth.getOAuth2Request().getClientId() + " do not match.");
m.addAttribute("code", HttpStatus.FORBIDDEN); // http 403 m.addAttribute("code", HttpStatus.FORBIDDEN); // http 403
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} }
} }
@ -346,14 +349,14 @@ public class ClientDynamicRegistrationEndpoint {
m.addAttribute("code", HttpStatus.NO_CONTENT); // http 204 m.addAttribute("code", HttpStatus.NO_CONTENT); // http 204
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} else { } else {
// client mismatch // client mismatch
logger.error("readClientConfiguration failed, client ID mismatch: " logger.error("readClientConfiguration failed, client ID mismatch: "
+ clientId + " and " + auth.getOAuth2Request().getClientId() + " do not match."); + clientId + " and " + auth.getOAuth2Request().getClientId() + " do not match.");
m.addAttribute("code", HttpStatus.FORBIDDEN); // http 403 m.addAttribute("code", HttpStatus.FORBIDDEN); // http 403
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} }
} }

3
openid-connect-server/src/main/java/org/mitre/openid/connect/web/JsonWebKeyEndpoint.java
View File

@ -19,6 +19,7 @@ package org.mitre.openid.connect.web;
import java.util.Map; import java.util.Map;
import org.mitre.jwt.signer.service.JwtSigningAndValidationService; import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
import org.mitre.openid.connect.view.JwkKeyListView;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller; import org.springframework.stereotype.Controller;
import org.springframework.ui.Model; import org.springframework.ui.Model;
@ -42,7 +43,7 @@ public class JsonWebKeyEndpoint {
m.addAttribute("keys", keys); m.addAttribute("keys", keys);
return "jwkKeyList"; return JwkKeyListView.VIEWNAME;
} }
/** /**

37
openid-connect-server/src/main/java/org/mitre/openid/connect/web/ProtectedResourceRegistrationEndpoint.java
View File

@ -36,6 +36,9 @@ import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
import org.mitre.openid.connect.exception.ValidationException; import org.mitre.openid.connect.exception.ValidationException;
import org.mitre.openid.connect.service.BlacklistedSiteService; import org.mitre.openid.connect.service.BlacklistedSiteService;
import org.mitre.openid.connect.service.OIDCTokenService; import org.mitre.openid.connect.service.OIDCTokenService;
import org.mitre.openid.connect.view.ClientInformationResponseView;
import org.mitre.openid.connect.view.HttpCodeView;
import org.mitre.openid.connect.view.JsonErrorView;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
@ -100,7 +103,7 @@ public class ProtectedResourceRegistrationEndpoint {
// didn't parse, this is a bad request // didn't parse, this is a bad request
logger.error("registerNewProtectedResource failed; submitted JSON is malformed"); logger.error("registerNewProtectedResource failed; submitted JSON is malformed");
m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400 m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} }
if (newClient != null) { if (newClient != null) {
@ -123,7 +126,7 @@ public class ProtectedResourceRegistrationEndpoint {
m.addAttribute("error", ve.getError()); m.addAttribute("error", ve.getError());
m.addAttribute("errorMessage", ve.getErrorDescription()); m.addAttribute("errorMessage", ve.getErrorDescription());
m.addAttribute("code", ve.getStatus()); m.addAttribute("code", ve.getStatus());
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} }
@ -174,11 +177,11 @@ public class ProtectedResourceRegistrationEndpoint {
m.addAttribute("client", registered); m.addAttribute("client", registered);
m.addAttribute("code", HttpStatus.CREATED); // http 201 m.addAttribute("code", HttpStatus.CREATED); // http 201
return "clientInformationResponseView"; return ClientInformationResponseView.VIEWNAME;
} catch (UnsupportedEncodingException e) { } catch (UnsupportedEncodingException e) {
logger.error("Unsupported encoding", e); logger.error("Unsupported encoding", e);
m.addAttribute("code", HttpStatus.INTERNAL_SERVER_ERROR); m.addAttribute("code", HttpStatus.INTERNAL_SERVER_ERROR);
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} catch (IllegalArgumentException e) { } catch (IllegalArgumentException e) {
logger.error("Couldn't save client", e); logger.error("Couldn't save client", e);
@ -186,14 +189,14 @@ public class ProtectedResourceRegistrationEndpoint {
m.addAttribute("errorMessage", "Unable to save client due to invalid or inconsistent metadata."); m.addAttribute("errorMessage", "Unable to save client due to invalid or inconsistent metadata.");
m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400 m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} }
} else { } else {
// didn't parse, this is a bad request // didn't parse, this is a bad request
logger.error("registerNewClient failed; submitted JSON is malformed"); logger.error("registerNewClient failed; submitted JSON is malformed");
m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400 m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} }
} }
@ -245,11 +248,11 @@ public class ProtectedResourceRegistrationEndpoint {
m.addAttribute("client", registered); m.addAttribute("client", registered);
m.addAttribute("code", HttpStatus.OK); // http 200 m.addAttribute("code", HttpStatus.OK); // http 200
return "clientInformationResponseView"; return ClientInformationResponseView.VIEWNAME;
} catch (UnsupportedEncodingException e) { } catch (UnsupportedEncodingException e) {
logger.error("Unsupported encoding", e); logger.error("Unsupported encoding", e);
m.addAttribute("code", HttpStatus.INTERNAL_SERVER_ERROR); m.addAttribute("code", HttpStatus.INTERNAL_SERVER_ERROR);
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} }
} else { } else {
// client mismatch // client mismatch
@ -257,7 +260,7 @@ public class ProtectedResourceRegistrationEndpoint {
+ clientId + " and " + auth.getOAuth2Request().getClientId() + " do not match."); + clientId + " and " + auth.getOAuth2Request().getClientId() + " do not match.");
m.addAttribute("code", HttpStatus.FORBIDDEN); // http 403 m.addAttribute("code", HttpStatus.FORBIDDEN); // http 403
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} }
} }
@ -282,7 +285,7 @@ public class ProtectedResourceRegistrationEndpoint {
// didn't parse, this is a bad request // didn't parse, this is a bad request
logger.error("updateProtectedResource failed; submitted JSON is malformed"); logger.error("updateProtectedResource failed; submitted JSON is malformed");
m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400 m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} }
ClientDetailsEntity oldClient = clientService.loadClientByClientId(clientId); ClientDetailsEntity oldClient = clientService.loadClientByClientId(clientId);
@ -339,7 +342,7 @@ public class ProtectedResourceRegistrationEndpoint {
m.addAttribute("error", ve.getError()); m.addAttribute("error", ve.getError());
m.addAttribute("errorMessage", ve.getErrorDescription()); m.addAttribute("errorMessage", ve.getErrorDescription());
m.addAttribute("code", ve.getStatus()); m.addAttribute("code", ve.getStatus());
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} }
@ -356,11 +359,11 @@ public class ProtectedResourceRegistrationEndpoint {
m.addAttribute("client", registered); m.addAttribute("client", registered);
m.addAttribute("code", HttpStatus.OK); // http 200 m.addAttribute("code", HttpStatus.OK); // http 200
return "clientInformationResponseView"; return ClientInformationResponseView.VIEWNAME;
} catch (UnsupportedEncodingException e) { } catch (UnsupportedEncodingException e) {
logger.error("Unsupported encoding", e); logger.error("Unsupported encoding", e);
m.addAttribute("code", HttpStatus.INTERNAL_SERVER_ERROR); m.addAttribute("code", HttpStatus.INTERNAL_SERVER_ERROR);
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} catch (IllegalArgumentException e) { } catch (IllegalArgumentException e) {
logger.error("Couldn't save client", e); logger.error("Couldn't save client", e);
@ -368,7 +371,7 @@ public class ProtectedResourceRegistrationEndpoint {
m.addAttribute("errorMessage", "Unable to save client due to invalid or inconsistent metadata."); m.addAttribute("errorMessage", "Unable to save client due to invalid or inconsistent metadata.");
m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400 m.addAttribute("code", HttpStatus.BAD_REQUEST); // http 400
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} }
} else { } else {
// client mismatch // client mismatch
@ -377,7 +380,7 @@ public class ProtectedResourceRegistrationEndpoint {
+ clientId + " and " + auth.getOAuth2Request().getClientId() + " do not match."); + clientId + " and " + auth.getOAuth2Request().getClientId() + " do not match.");
m.addAttribute("code", HttpStatus.FORBIDDEN); // http 403 m.addAttribute("code", HttpStatus.FORBIDDEN); // http 403
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} }
} }
@ -400,14 +403,14 @@ public class ProtectedResourceRegistrationEndpoint {
m.addAttribute("code", HttpStatus.NO_CONTENT); // http 204 m.addAttribute("code", HttpStatus.NO_CONTENT); // http 204
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} else { } else {
// client mismatch // client mismatch
logger.error("readClientConfiguration failed, client ID mismatch: " logger.error("readClientConfiguration failed, client ID mismatch: "
+ clientId + " and " + auth.getOAuth2Request().getClientId() + " do not match."); + clientId + " and " + auth.getOAuth2Request().getClientId() + " do not match.");
m.addAttribute("code", HttpStatus.FORBIDDEN); // http 403 m.addAttribute("code", HttpStatus.FORBIDDEN); // http 403
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} }
} }

7
openid-connect-server/src/main/java/org/mitre/openid/connect/web/StatsAPI.java
View File

@ -19,6 +19,7 @@ package org.mitre.openid.connect.web;
import java.util.Map; import java.util.Map;
import org.mitre.openid.connect.service.StatsService; import org.mitre.openid.connect.service.StatsService;
import org.mitre.openid.connect.view.JsonEntityView;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.stereotype.Controller; import org.springframework.stereotype.Controller;
@ -40,7 +41,7 @@ public class StatsAPI {
m.put("entity", e); m.put("entity", e);
return "jsonEntityView"; return JsonEntityView.VIEWNAME;
} }
@ -51,7 +52,7 @@ public class StatsAPI {
m.put("entity", e); m.put("entity", e);
return "jsonEntityView"; return JsonEntityView.VIEWNAME;
} }
@PreAuthorize("hasRole('ROLE_USER')") @PreAuthorize("hasRole('ROLE_USER')")
@ -61,7 +62,7 @@ public class StatsAPI {
m.put("entity", e); m.put("entity", e);
return "jsonEntityView"; return JsonEntityView.VIEWNAME;
} }
} }

19
openid-connect-server/src/main/java/org/mitre/openid/connect/web/UserInfoEndpoint.java
View File

@ -22,6 +22,9 @@ import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.service.ClientDetailsEntityService; import org.mitre.oauth2.service.ClientDetailsEntityService;
import org.mitre.openid.connect.model.UserInfo; import org.mitre.openid.connect.model.UserInfo;
import org.mitre.openid.connect.service.UserInfoService; import org.mitre.openid.connect.service.UserInfoService;
import org.mitre.openid.connect.view.HttpCodeView;
import org.mitre.openid.connect.view.UserInfoJwtView;
import org.mitre.openid.connect.view.UserInfoView;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
@ -69,7 +72,7 @@ public class UserInfoEndpoint {
if (auth == null) { if (auth == null) {
logger.error("getInfo failed; no principal. Requester is not authorized."); logger.error("getInfo failed; no principal. Requester is not authorized.");
model.addAttribute("code", HttpStatus.FORBIDDEN); model.addAttribute("code", HttpStatus.FORBIDDEN);
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} }
String username = auth.getName(); String username = auth.getName();
@ -78,7 +81,7 @@ public class UserInfoEndpoint {
if (userInfo == null) { if (userInfo == null) {
logger.error("getInfo failed; user not found: " + username); logger.error("getInfo failed; user not found: " + username);
model.addAttribute("code", HttpStatus.NOT_FOUND); model.addAttribute("code", HttpStatus.NOT_FOUND);
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} }
model.addAttribute("scope", auth.getOAuth2Request().getScope()); model.addAttribute("scope", auth.getOAuth2Request().getScope());
@ -106,26 +109,26 @@ public class UserInfoEndpoint {
// client has a preference, see if they ask for plain JSON specifically on this request // client has a preference, see if they ask for plain JSON specifically on this request
for (MediaType m : mediaTypes) { for (MediaType m : mediaTypes) {
if (!m.isWildcardType() && m.isCompatibleWith(JOSE_MEDIA_TYPE)) { if (!m.isWildcardType() && m.isCompatibleWith(JOSE_MEDIA_TYPE)) {
return "userInfoJwtView"; return UserInfoJwtView.VIEWNAME;
} else if (!m.isWildcardType() && m.isCompatibleWith(MediaType.APPLICATION_JSON)) { } else if (!m.isWildcardType() && m.isCompatibleWith(MediaType.APPLICATION_JSON)) {
return "userInfoView"; return UserInfoView.VIEWNAME;
} }
} }
// otherwise return JWT // otherwise return JWT
return "userInfoJwtView"; return UserInfoJwtView.VIEWNAME;
} else { } else {
// client has no preference, see if they asked for JWT specifically on this request // client has no preference, see if they asked for JWT specifically on this request
for (MediaType m : mediaTypes) { for (MediaType m : mediaTypes) {
if (!m.isWildcardType() && m.isCompatibleWith(MediaType.APPLICATION_JSON)) { if (!m.isWildcardType() && m.isCompatibleWith(MediaType.APPLICATION_JSON)) {
return "userInfoView"; return UserInfoView.VIEWNAME;
} else if (!m.isWildcardType() && m.isCompatibleWith(JOSE_MEDIA_TYPE)) { } else if (!m.isWildcardType() && m.isCompatibleWith(JOSE_MEDIA_TYPE)) {
return "userInfoJwtView"; return UserInfoJwtView.VIEWNAME;
} }
} }
// otherwise return JSON // otherwise return JSON
return "userInfoView"; return UserInfoView.VIEWNAME;
} }
} }

27
openid-connect-server/src/main/java/org/mitre/openid/connect/web/WhitelistAPI.java
View File

@ -24,6 +24,9 @@ import java.util.Collection;
import org.mitre.openid.connect.model.WhitelistedSite; import org.mitre.openid.connect.model.WhitelistedSite;
import org.mitre.openid.connect.service.WhitelistedSiteService; import org.mitre.openid.connect.service.WhitelistedSiteService;
import org.mitre.openid.connect.view.HttpCodeView;
import org.mitre.openid.connect.view.JsonEntityView;
import org.mitre.openid.connect.view.JsonErrorView;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
@ -70,7 +73,7 @@ public class WhitelistAPI {
m.put("entity", all); m.put("entity", all);
return "jsonEntityView"; return JsonEntityView.VIEWNAME;
} }
/** /**
@ -95,12 +98,12 @@ public class WhitelistAPI {
logger.error("addNewWhitelistedSite failed due to JsonParseException", e); logger.error("addNewWhitelistedSite failed due to JsonParseException", e);
m.addAttribute("code", HttpStatus.BAD_REQUEST); m.addAttribute("code", HttpStatus.BAD_REQUEST);
m.addAttribute("errorMessage", "Could not save new whitelisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); m.addAttribute("errorMessage", "Could not save new whitelisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance.");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} catch (IllegalStateException e) { } catch (IllegalStateException e) {
logger.error("addNewWhitelistedSite failed due to IllegalStateException", e); logger.error("addNewWhitelistedSite failed due to IllegalStateException", e);
m.addAttribute("code", HttpStatus.BAD_REQUEST); m.addAttribute("code", HttpStatus.BAD_REQUEST);
m.addAttribute("errorMessage", "Could not save new whitelisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); m.addAttribute("errorMessage", "Could not save new whitelisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance.");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} }
// save the id of the person who created this // save the id of the person who created this
@ -110,7 +113,7 @@ public class WhitelistAPI {
m.put("entity", newWhitelist); m.put("entity", newWhitelist);
return "jsonEntityView"; return JsonEntityView.VIEWNAME;
} }
@ -132,12 +135,12 @@ public class WhitelistAPI {
logger.error("updateWhitelistedSite failed due to JsonParseException", e); logger.error("updateWhitelistedSite failed due to JsonParseException", e);
m.put("code", HttpStatus.BAD_REQUEST); m.put("code", HttpStatus.BAD_REQUEST);
m.put("errorMessage", "Could not update whitelisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance."); m.put("errorMessage", "Could not update whitelisted site. The server encountered a JSON syntax exception. Contact a system administrator for assistance.");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} catch (IllegalStateException e) { } catch (IllegalStateException e) {
logger.error("updateWhitelistedSite failed due to IllegalStateException", e); logger.error("updateWhitelistedSite failed due to IllegalStateException", e);
m.put("code", HttpStatus.BAD_REQUEST); m.put("code", HttpStatus.BAD_REQUEST);
m.put("errorMessage", "Could not update whitelisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance."); m.put("errorMessage", "Could not update whitelisted site. The server encountered an IllegalStateException. Refresh and try again - if the problem persists, contact a system administrator for assistance.");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} }
WhitelistedSite oldWhitelist = whitelistService.getById(id); WhitelistedSite oldWhitelist = whitelistService.getById(id);
@ -146,14 +149,14 @@ public class WhitelistAPI {
logger.error("updateWhitelistedSite failed; whitelist with id " + id + " could not be found."); logger.error("updateWhitelistedSite failed; whitelist with id " + id + " could not be found.");
m.put("code", HttpStatus.NOT_FOUND); m.put("code", HttpStatus.NOT_FOUND);
m.put("errorMessage", "Could not update whitelisted site. The requested whitelisted site with id " + id + "could not be found."); m.put("errorMessage", "Could not update whitelisted site. The requested whitelisted site with id " + id + "could not be found.");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} else { } else {
WhitelistedSite newWhitelist = whitelistService.update(oldWhitelist, whitelist); WhitelistedSite newWhitelist = whitelistService.update(oldWhitelist, whitelist);
m.put("entity", newWhitelist); m.put("entity", newWhitelist);
return "jsonEntityView"; return JsonEntityView.VIEWNAME;
} }
} }
@ -170,13 +173,13 @@ public class WhitelistAPI {
logger.error("deleteWhitelistedSite failed; whitelist with id " + id + " could not be found."); logger.error("deleteWhitelistedSite failed; whitelist with id " + id + " could not be found.");
m.put("code", HttpStatus.NOT_FOUND); m.put("code", HttpStatus.NOT_FOUND);
m.put("errorMessage", "Could not delete whitelisted site. The requested whitelisted site with id " + id + "could not be found."); m.put("errorMessage", "Could not delete whitelisted site. The requested whitelisted site with id " + id + "could not be found.");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} else { } else {
m.put("code", HttpStatus.OK); m.put("code", HttpStatus.OK);
whitelistService.remove(whitelist); whitelistService.remove(whitelist);
} }
return "httpCodeView"; return HttpCodeView.VIEWNAME;
} }
/** /**
@ -189,12 +192,12 @@ public class WhitelistAPI {
logger.error("getWhitelistedSite failed; whitelist with id " + id + " could not be found."); logger.error("getWhitelistedSite failed; whitelist with id " + id + " could not be found.");
m.put("code", HttpStatus.NOT_FOUND); m.put("code", HttpStatus.NOT_FOUND);
m.put("errorMessage", "The requested whitelisted site with id " + id + "could not be found."); m.put("errorMessage", "The requested whitelisted site with id " + id + "could not be found.");
return "jsonErrorView"; return JsonErrorView.VIEWNAME;
} else { } else {
m.put("entity", whitelist); m.put("entity", whitelist);
return "jsonEntityView"; return JsonEntityView.VIEWNAME;
} }
} }

12
openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultIntrospectionAuthorizer.java
View File

@ -16,6 +16,12 @@
******************************************************************************/ ******************************************************************************/
package org.mitre.oauth2.service.impl; package org.mitre.oauth2.service.impl;
import static com.google.common.collect.Sets.newHashSet;
import static org.hamcrest.CoreMatchers.is;
import static org.junit.Assert.assertThat;
import static org.mockito.BDDMockito.given;
import static org.mockito.Mockito.mock;
import java.util.Set; import java.util.Set;
import org.junit.Test; import org.junit.Test;
@ -26,12 +32,6 @@ import org.mockito.Mock;
import org.mockito.runners.MockitoJUnitRunner; import org.mockito.runners.MockitoJUnitRunner;
import org.springframework.security.oauth2.provider.ClientDetails; import org.springframework.security.oauth2.provider.ClientDetails;
import static com.google.common.collect.Sets.newHashSet;
import static org.hamcrest.CoreMatchers.is;
import static org.junit.Assert.assertThat;
import static org.mockito.BDDMockito.given;
import static org.mockito.Mockito.mock;
@RunWith(MockitoJUnitRunner.class) @RunWith(MockitoJUnitRunner.class)
public class TestDefaultIntrospectionAuthorizer { public class TestDefaultIntrospectionAuthorizer {