github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

return prompt=none error to client, closes #667

pull/819/merge
Justin Richer 2015-05-27 12:11:41 -04:00
parent cbf6316050
commit c974267cde
1 changed files with 28 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

41
openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java
View File

@ -19,6 +19,7 @@
*/ */
package org.mitre.oauth2.web; package org.mitre.oauth2.web;
import java.net.URISyntaxException;
import java.security.Principal; import java.security.Principal;
import java.util.Date; import java.util.Date;
import java.util.HashMap; import java.util.HashMap;
@ -27,6 +28,7 @@ import java.util.List;
import java.util.Map; import java.util.Map;
import java.util.Set; import java.util.Set;
import org.apache.http.client.utils.URIBuilder;
import org.mitre.oauth2.model.ClientDetailsEntity; import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.model.SystemScope; import org.mitre.oauth2.model.SystemScope;
import org.mitre.oauth2.service.ClientDetailsEntityService; import org.mitre.oauth2.service.ClientDetailsEntityService;
@ -43,6 +45,7 @@ import org.springframework.http.HttpStatus;
import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; import org.springframework.security.oauth2.common.exceptions.OAuth2Exception;
import org.springframework.security.oauth2.provider.AuthorizationRequest; import org.springframework.security.oauth2.provider.AuthorizationRequest;
import org.springframework.security.oauth2.provider.endpoint.RedirectResolver;
import org.springframework.stereotype.Controller; import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.ModelAttribute; import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMapping;
@ -84,6 +87,9 @@ public class OAuthConfirmationController {
@Autowired @Autowired
private StatsService statsService; private StatsService statsService;
@Autowired
private RedirectResolver redirectResolver;
/** /**
* Logger for this class * Logger for this class
*/ */
@ -106,19 +112,6 @@ public class OAuthConfirmationController {
String prompt = (String)authRequest.getExtensions().get(PROMPT); String prompt = (String)authRequest.getExtensions().get(PROMPT);
List<String> prompts = Splitter.on(PROMPT_SEPARATOR).splitToList(Strings.nullToEmpty(prompt)); List<String> prompts = Splitter.on(PROMPT_SEPARATOR).splitToList(Strings.nullToEmpty(prompt));
if (prompts.contains(PROMPT_NONE)) {
// we're not supposed to prompt, so "return an error"
logger.info("Client requested no prompt, returning 403 from confirmation endpoint");
model.put(HttpCodeView.CODE, HttpStatus.FORBIDDEN);
return HttpCodeView.VIEWNAME;
}
if (prompts.contains(PROMPT_CONSENT)) {
model.put(PROMPT_CONSENT, true);
}
//AuthorizationRequest clientAuth = (AuthorizationRequest) model.remove("authorizationRequest");
ClientDetailsEntity client = null; ClientDetailsEntity client = null;
try { try {
@ -139,6 +132,28 @@ public class OAuthConfirmationController {
return HttpCodeView.VIEWNAME; return HttpCodeView.VIEWNAME;
} }
if (prompts.contains("none")) {
// if we've got a redirect URI then we'll send it
String url = redirectResolver.resolveRedirect(authRequest.getRedirectUri(), client);
try {
URIBuilder uriBuilder = new URIBuilder(url);
uriBuilder.addParameter("error", "interaction_required");
if (!Strings.isNullOrEmpty(authRequest.getState())) {
uriBuilder.addParameter("state", authRequest.getState()); // copy the state parameter if one was given
}
return "redirect:" + uriBuilder.toString();
} catch (URISyntaxException e) {
logger.error("Can't build redirect URI for prompt=none, sending error instead", e);
model.put("code", HttpStatus.FORBIDDEN);
return HttpCodeView.VIEWNAME;
}
}
model.put("auth_request", authRequest); model.put("auth_request", authRequest);
model.put("client", client); model.put("client", client);