github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

added workarounds for quirks in SECOAUTH

pull/263/head
Justin Richer 2012-12-10 11:27:28 -05:00
parent edc96d646c
commit cab0839430
1 changed files with 14 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

15
openid-connect-server/src/main/java/org/mitre/oauth2/token/ChainedTokenGranter.java
View File

@ -6,15 +6,18 @@ package org.mitre.oauth2.token;
import java.util.HashSet; import java.util.HashSet;
import java.util.Set; import java.util.Set;
import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.model.OAuth2AccessTokenEntity; import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
import org.mitre.oauth2.service.ClientDetailsEntityService; import org.mitre.oauth2.service.ClientDetailsEntityService;
import org.mitre.oauth2.service.OAuth2TokenEntityService; import org.mitre.oauth2.service.OAuth2TokenEntityService;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.exceptions.InvalidScopeException; import org.springframework.security.oauth2.common.exceptions.InvalidScopeException;
import org.springframework.security.oauth2.common.util.OAuth2Utils;
import org.springframework.security.oauth2.provider.AuthorizationRequest; import org.springframework.security.oauth2.provider.AuthorizationRequest;
import org.springframework.security.oauth2.provider.ClientDetailsService; import org.springframework.security.oauth2.provider.ClientDetailsService;
import org.springframework.security.oauth2.provider.DefaultAuthorizationRequest; import org.springframework.security.oauth2.provider.DefaultAuthorizationRequest;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.token.AbstractTokenGranter; import org.springframework.security.oauth2.provider.token.AbstractTokenGranter;
import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices; import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
@ -66,6 +69,14 @@ public class ChainedTokenGranter extends AbstractTokenGranter {
requestedScopes = new HashSet<String>(); requestedScopes = new HashSet<String>();
} }
// do a check on the requested scopes -- if they exactly match the client scopes, they were probably shadowed by the token granter
// FIXME: bug in SECOAUTH functionality
ClientDetailsEntity client = incomingToken.getClient();
if (client.getScope().equals(requestedScopes)) {
requestedScopes = new HashSet<String>();
}
// if our scopes are a valid subset of what's allowed, we can continue // if our scopes are a valid subset of what's allowed, we can continue
if (approvedScopes.containsAll(requestedScopes)) { if (approvedScopes.containsAll(requestedScopes)) {
@ -84,7 +95,9 @@ public class ChainedTokenGranter extends AbstractTokenGranter {
// NOTE: don't revoke the existing access token // NOTE: don't revoke the existing access token
// create a new access token // create a new access token
return tokenServices.createAccessToken(getOAuth2Authentication(outgoingAuthRequest)); OAuth2Authentication authentication = new OAuth2Authentication(outgoingAuthRequest, incomingToken.getAuthenticationHolder().getAuthentication().getUserAuthentication());
return tokenServices.createAccessToken(authentication);
} else { } else {
throw new InvalidScopeException("Invalid scope requested in chained request", approvedScopes); throw new InvalidScopeException("Invalid scope requested in chained request", approvedScopes);