github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

cleaned up old code

pull/124/merge
Justin Richer 2012-07-30 16:46:22 -04:00
parent 40f39a18e0
commit d07667576e
14 changed files with 27 additions and 1156 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

22
openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntityFactory.java
View File

@ -1,22 +0,0 @@
/*******************************************************************************
* Copyright 2012 The MITRE Corporation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
******************************************************************************/
package org.mitre.oauth2.model;
public interface OAuth2AccessTokenEntityFactory {
public OAuth2AccessTokenEntity createNewAccessToken();
}

22
openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntityFactory.java
View File

@ -1,22 +0,0 @@
/*******************************************************************************
* Copyright 2012 The MITRE Corporation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
******************************************************************************/
package org.mitre.oauth2.model;
public interface OAuth2RefreshTokenEntityFactory {
public OAuth2RefreshTokenEntity createNewRefreshToken();
}

54
openid-connect-common/src/main/java/org/mitre/oauth2/model/UUIDTokenFactory.java
View File

@ -1,54 +0,0 @@
/*******************************************************************************
* Copyright 2012 The MITRE Corporation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
******************************************************************************/
package org.mitre.oauth2.model;
import java.util.UUID;
import org.springframework.stereotype.Service;
@Service
public class UUIDTokenFactory implements OAuth2AccessTokenEntityFactory, OAuth2RefreshTokenEntityFactory {
/**
* Create a new access token and set its value to a random UUID
*/
@Override
public OAuth2AccessTokenEntity createNewAccessToken() {
// create our token container
OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity();
// set a random value (TODO: support JWT)
String tokenValue = UUID.randomUUID().toString();
token.setValue(tokenValue);
return token;
}
/**
* Create a new refresh token and set its value to a random UUID
*/
@Override
public OAuth2RefreshTokenEntity createNewRefreshToken() {
OAuth2RefreshTokenEntity refreshToken = new OAuth2RefreshTokenEntity();
// set a random value for the refresh
String refreshTokenValue = UUID.randomUUID().toString();
refreshToken.setValue(refreshTokenValue);
return refreshToken;
}
}

4
openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java
View File

@ -21,13 +21,10 @@ package org.mitre.oauth2.service.impl;
import java.util.Date;
import java.util.List;
import java.util.Set;
import java.util.UUID;
import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
import org.mitre.oauth2.model.OAuth2AccessTokenEntityFactory;
import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
import org.mitre.oauth2.model.OAuth2RefreshTokenEntityFactory;
import org.mitre.oauth2.repository.OAuth2TokenRepository;
import org.mitre.oauth2.service.ClientDetailsEntityService;
import org.mitre.oauth2.service.OAuth2TokenEntityService;
@ -37,7 +34,6 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.scheduling.annotation.Scheduled;
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
import org.springframework.security.oauth2.provider.AuthorizationRequest;

81
openid-connect-server/src/main/java/org/mitre/oauth2/view/JSONOAuthClientView.java
View File

@ -1,81 +0,0 @@
/*******************************************************************************
* Copyright 2012 The MITRE Corporation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
******************************************************************************/
package org.mitre.oauth2.view;
import java.io.Writer;
import java.lang.reflect.Type;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.validation.BeanPropertyBindingResult;
import org.springframework.web.servlet.view.AbstractView;
import com.google.gson.ExclusionStrategy;
import com.google.gson.FieldAttributes;
import com.google.gson.Gson;
import com.google.gson.GsonBuilder;
import com.google.gson.JsonElement;
import com.google.gson.JsonPrimitive;
import com.google.gson.JsonSerializationContext;
import com.google.gson.JsonSerializer;
public class JSONOAuthClientView extends AbstractView {
@Override
protected void renderMergedOutputModel(Map<String, Object> model, HttpServletRequest request, HttpServletResponse response) throws Exception {
Gson gson = new GsonBuilder().setExclusionStrategies(new ExclusionStrategy() {
@Override
public boolean shouldSkipField(FieldAttributes f) {
return false;
}
@Override
public boolean shouldSkipClass(Class<?> clazz) {
// skip the JPA binding wrapper
if (clazz.equals(BeanPropertyBindingResult.class)) {
return true;
} else {
return false;
}
}
})
.registerTypeAdapter(GrantedAuthority.class, new JsonSerializer<GrantedAuthority>() {
@Override
public JsonElement serialize(GrantedAuthority src, Type typeOfSrc, JsonSerializationContext context) {
return new JsonPrimitive(src.getAuthority());
}
})
.create();
response.setContentType("application/json");
Writer out = response.getWriter();
Object obj = model.get("entity");
if (obj == null) {
obj = model;
}
gson.toJson(obj, out);
}
}

220
openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthClientAPI.java
View File

@ -1,220 +0,0 @@
/*******************************************************************************
* Copyright 2012 The MITRE Corporation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
******************************************************************************/
package org.mitre.oauth2.web;
import java.util.Collection;
import java.util.HashSet;
import java.util.Set;
import org.mitre.oauth2.exception.ClientNotFoundException;
import org.mitre.oauth2.exception.DuplicateClientIdException;
import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.service.ClientDetailsEntityService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.ModelAndView;
import com.google.common.base.Function;
import com.google.common.base.Splitter;
import com.google.common.collect.Iterables;
import com.google.common.collect.Sets;
@Controller
@RequestMapping("/manager/oauth/clients/api")
public class OAuthClientAPI {
@Autowired
private ClientDetailsEntityService clientService;
private static final Logger logger = LoggerFactory.getLogger(OAuthClientAPI.class);
public OAuthClientAPI() {
}
public OAuthClientAPI(ClientDetailsEntityService clientService) {
this.clientService = clientService;
}
// TODO: i think this needs a fancier binding than just strings on the way in
@PreAuthorize("hasRole('ROLE_ADMIN')")
@RequestMapping("/add")
public ModelAndView apiAddClient(ModelAndView modelAndView,
@RequestParam String clientId, @RequestParam String clientSecret,
@RequestParam String scope, // space delimited
@RequestParam String grantTypes, // space delimited
@RequestParam(required=false) String redirectUri,
@RequestParam String authorities, // space delimited
@RequestParam(required=false) String resourceIds, // space delimited
@RequestParam(required=false) String name,
@RequestParam(required=false) String description,
@RequestParam(required=false, defaultValue="false") boolean allowRefresh,
@RequestParam(required=false) Integer accessTokenTimeout,
@RequestParam(required=false) Integer refreshTokenTimeout,
@RequestParam(required=false) String owner
) {
logger.info("apiAddClient - start");
ClientDetailsEntity oldClient = clientService.loadClientByClientId(clientId);
if (oldClient != null) {
throw new DuplicateClientIdException(clientId);
}
Splitter spaceDelimited = Splitter.on(" ");
// parse all of our space-delimited lists
Set<String> scopeSet = Sets.newHashSet(spaceDelimited.split(scope));
Set<String> grantTypesSet = Sets.newHashSet(spaceDelimited.split(grantTypes)); // TODO: make a stronger binding to GrantTypes
logger.info("apiAddClient - before creating authorities list");
Set<GrantedAuthority> authoritiesSet = Sets.newHashSet(
Iterables.transform(spaceDelimited.split(authorities), new Function<String, GrantedAuthority>() {
@Override
public GrantedAuthority apply(String auth) {
return new SimpleGrantedAuthority(auth);
}
}));
logger.info("apiAddClient - printing client details");
logger.info("Making call to create client with " + clientId + ", " + clientSecret
+ ", " + scopeSet + ", " + grantTypesSet + ", " + redirectUri + ", "
+ authoritiesSet + ", " + name + ", " + description + ", " + allowRefresh
+ ", " + accessTokenTimeout + ", " + refreshTokenTimeout + ", " + owner);
Set<String> resourceIdSet = Sets.newHashSet(spaceDelimited.split(resourceIds));
ClientDetailsEntity client = clientService.createClient(clientId, clientSecret,
scopeSet, grantTypesSet, redirectUri, authoritiesSet, resourceIdSet, name, description,
allowRefresh, accessTokenTimeout, refreshTokenTimeout, owner);
logger.info("apiAddClient - adding model objects");
modelAndView.addObject("entity", client);
modelAndView.setViewName("jsonOAuthClientView");
logger.info("apiAddClient - end");
return modelAndView;
}
@PreAuthorize("hasRole('ROLE_ADMIN')")
@RequestMapping("/delete")
public ModelAndView apiDeleteClient(ModelAndView modelAndView,
@RequestParam String clientId) {
ClientDetailsEntity client = clientService.loadClientByClientId(clientId);
if (client == null) {
throw new ClientNotFoundException("Client not found: " + clientId);
}
clientService.deleteClient(client);
modelAndView.setViewName("management/successfullyRemoved");
return modelAndView;
}
// TODO: the serializtion of this falls over, don't know why
@PreAuthorize("hasRole('ROLE_ADMIN')")
@RequestMapping("/getAll")
public ModelAndView apiGetAllClients(ModelAndView modelAndView) {
Collection<ClientDetailsEntity> clients = clientService.getAllClients();
modelAndView.addObject("entity", clients);
modelAndView.setViewName("jsonOAuthClientView");
return modelAndView;
}
@PreAuthorize("hasRole('ROLE_ADMIN')")
@RequestMapping("/update")
public ModelAndView apiUpdateClient(ModelAndView modelAndView,
@RequestParam String clientId, @RequestParam String clientSecret,
@RequestParam String scope, // space delimited
@RequestParam String grantTypes, // space delimited
@RequestParam(required=false) String redirectUri,
@RequestParam String authorities, // space delimited
@RequestParam(required=false) String resourceIds, // space delimited
@RequestParam(required=false) String name,
@RequestParam(required=false) String description,
@RequestParam(required=false, defaultValue="false") boolean allowRefresh,
@RequestParam(required=false) Integer accessTokenTimeout,
@RequestParam(required=false) Integer refreshTokenTimeout,
@RequestParam(required=false) String owner
) {
ClientDetailsEntity client = clientService.loadClientByClientId(clientId);
if (client == null) {
throw new ClientNotFoundException("Client not found: " + clientId);
}
Splitter spaceDelimited = Splitter.on(" ");
// parse all of our space-delimited lists
Set<String> scopeSet = Sets.newHashSet(spaceDelimited.split(scope));
Set<String> grantTypesSet = Sets.newHashSet(spaceDelimited.split(grantTypes)); // TODO: make a stronger binding to GrantTypes
Set<GrantedAuthority> authoritiesSet = Sets.newHashSet(
Iterables.transform(spaceDelimited.split(authorities), new Function<String, GrantedAuthority>() {
@Override
public GrantedAuthority apply(String auth) {
return new SimpleGrantedAuthority(auth);
}
}));
Set<String> resourceIdSet = Sets.newHashSet(spaceDelimited.split(resourceIds));
client.setClientSecret(clientSecret);
client.setScope(scopeSet);
client.setAuthorizedGrantTypes(grantTypesSet);
//AANGANES 4/9/2012 client.redirectUri is now a Set<String>
Set<String> redirectUris = new HashSet<String>();
redirectUris.add(redirectUri);
client.setRegisteredRedirectUri(redirectUris);
client.setAuthorities(authoritiesSet);
client.setResourceIds(resourceIdSet);
client.setClientName(name);
client.setClientDescription(description);
client.setAllowRefresh(allowRefresh);
client.setAccessTokenValiditySeconds(accessTokenTimeout);
client.setRefreshTokenValiditySeconds(refreshTokenTimeout);
client.setOwner(owner);
clientService.updateClient(client, client);
modelAndView.addObject("entity", client);
modelAndView.setViewName("jsonOAuthClientView");
return modelAndView;
}
@PreAuthorize("hasRole('ROLE_ADMIN')")
@RequestMapping("/getById")
public ModelAndView getClientById(ModelAndView modelAndView,
@RequestParam String clientId) {
ClientDetailsEntity client = clientService.loadClientByClientId(clientId);
if (client == null) {
throw new ClientNotFoundException("Client not found: " + clientId);
}
modelAndView.addObject("entity", client);
modelAndView.setViewName("jsonOAuthClientView");
return modelAndView;
}
}

181
openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthClientController.java
View File

@ -1,181 +0,0 @@
/*******************************************************************************
* Copyright 2012 The MITRE Corporation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
******************************************************************************/
/**
*
*/
package org.mitre.oauth2.web;
import java.util.Collection;
import java.util.List;
import java.util.Set;
import org.mitre.oauth2.model.ClientDetailsEntity;
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
import org.mitre.oauth2.service.ClientDetailsEntityService;
import org.mitre.oauth2.service.OAuth2TokenEntityService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.provider.AuthorizationRequest;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.servlet.ModelAndView;
import com.google.common.collect.Sets;
/**
*
* Endpoint for managing OAuth2 clients
*
* @author jricher
*
*/
@Controller
@RequestMapping("/manager/oauth/clients")
public class OAuthClientController {
private final static Set<String> GRANT_TYPES = Sets.newHashSet("authorization_code", "client_credentials", "password", "implicit");
@Autowired
private ClientDetailsEntityService clientService;
@Autowired
private OAuth2TokenEntityService tokenService;
private Logger logger;
public OAuthClientController() {
logger = LoggerFactory.getLogger(this.getClass());
}
public OAuthClientController(ClientDetailsEntityService clientService, OAuth2TokenEntityService tokenService) {
this.clientService = clientService;
this.tokenService = tokenService;
logger = LoggerFactory.getLogger(this.getClass());
}
/**
* Redirect to the "/" version of the root
* @param modelAndView
* @return
*/
@RequestMapping("")
public ModelAndView redirectRoot(ModelAndView modelAndView) {
modelAndView.setViewName("redirect:/manager/oauth/clients/");
return modelAndView;
}
/**
* View all clients
* @param modelAndView
* @return
*/
@PreAuthorize("hasRole('ROLE_ADMIN')")
@RequestMapping("/")
public ModelAndView viewAllClients(ModelAndView modelAndView) {
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
//ClientAuthenticationToken clientAuth = (ClientAuthenticationToken) ((OAuth2Authentication) auth).getClientAuthentication();
AuthorizationRequest clientAuth = ((OAuth2Authentication) auth).getAuthorizationRequest();
logger.info("Client auth = " + clientAuth);
logger.info("Granted authorities = " + clientAuth.getAuthorities().toString());
Collection<ClientDetailsEntity> clients = clientService.getAllClients();
modelAndView.addObject("clients", clients);
modelAndView.setViewName("/management/oauth/clientIndex");
return modelAndView;
}
@PreAuthorize("hasRole('ROLE_ADMIN')")
@RequestMapping("/add")
public ModelAndView redirectAdd(ModelAndView modelAndView) {
modelAndView.setViewName("redirect:/manager/oauth/clients/add/");
return modelAndView;
}
@PreAuthorize("hasRole('ROLE_ADMIN')")
@RequestMapping("/add/")
public ModelAndView addClientPage(ModelAndView modelAndView) {
Set<GrantedAuthority> auth = Sets.newHashSet();
auth.add(new SimpleGrantedAuthority("ROLE_CLIENT"));
ClientDetailsEntity client = ClientDetailsEntity.makeBuilder()
.setScope(Sets.newHashSet("scope"))
.setAuthorities(auth) // why do we have to pull this into a separate list?
.setAuthorizedGrantTypes(Sets.newHashSet("authorization_code"))
.finish();
modelAndView.addObject("availableGrantTypes", GRANT_TYPES);
modelAndView.addObject("client", client);
modelAndView.setViewName("/management/oauth/editClient");
return modelAndView;
}
@PreAuthorize("hasRole('ROLE_ADMIN')")
@RequestMapping("/delete/{clientId}")
public ModelAndView deleteClientConfirmation(ModelAndView modelAndView,
@PathVariable String clientId) {
ClientDetailsEntity client = clientService.loadClientByClientId(clientId);
modelAndView.addObject("client", client);
modelAndView.setViewName("/management/oauth/deleteClientConfirm");
return modelAndView;
}
@PreAuthorize("hasRole('ROLE_ADMIN')")
@RequestMapping("/edit/{clientId}")
public ModelAndView editClientPage(ModelAndView modelAndView,
@PathVariable String clientId) {
ClientDetailsEntity client = clientService.loadClientByClientId(clientId);
modelAndView.addObject("availableGrantTypes", GRANT_TYPES);
modelAndView.addObject("client", client);
modelAndView.setViewName("/management/oauth/editClient");
return modelAndView;
}
@PreAuthorize("hasRole('ROLE_ADMIN')")
@RequestMapping("/view/{clientId}")
public ModelAndView viewClientDetails(ModelAndView modelAndView,
@PathVariable String clientId) {
ClientDetailsEntity client = clientService.loadClientByClientId(clientId);
List<OAuth2AccessTokenEntity> accessTokens = tokenService.getAccessTokensForClient(client);
List<OAuth2RefreshTokenEntity> refreshTokens = tokenService.getRefreshTokensForClient(client);
modelAndView.addObject("client", client);
modelAndView.addObject("accessTokens", accessTokens);
modelAndView.addObject("refreshTokens", refreshTokens);
modelAndView.setViewName("/management/oauth/viewClient");
return modelAndView;
}
}

11
openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java
View File

@ -53,18 +53,17 @@ public class OAuthConfirmationController {
//@PreAuthorize("hasRole('ROLE_USER')")
@RequestMapping("/oauth/confirm_access")
public ModelAndView confimAccess(@ModelAttribute AuthorizationRequest clientAuth,
ModelAndView modelAndView) {
public ModelAndView confimAccess(@ModelAttribute AuthorizationRequest authRequest, ModelAndView modelAndView) {
ClientDetails client = clientService.loadClientByClientId(clientAuth.getClientId());
ClientDetails client = clientService.loadClientByClientId(authRequest.getClientId());
if (client == null) {
throw new ClientNotFoundException("Client not found: " + clientAuth.getClientId());
throw new ClientNotFoundException("Client not found: " + authRequest.getClientId());
}
String redirect_uri = clientAuth.getAuthorizationParameters().get("redirect_uri");
String redirect_uri = authRequest.getAuthorizationParameters().get("redirect_uri");
modelAndView.addObject("auth_request", clientAuth);
modelAndView.addObject("auth_request", authRequest);
modelAndView.addObject("client", client);
modelAndView.addObject("redirect_uri", redirect_uri);
modelAndView.setViewName("oauth/approve");

92
openid-connect-server/src/main/java/org/mitre/openid/connect/web/CheckIDEndpoint.java
View File

@ -1,92 +0,0 @@
/*******************************************************************************
* Copyright 2012 The MITRE Corporation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
******************************************************************************/
package org.mitre.openid.connect.web;
import java.security.NoSuchAlgorithmException;
import javax.servlet.http.HttpServletRequest;
import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
import org.mitre.openid.connect.exception.ExpiredTokenException;
import org.mitre.openid.connect.exception.InvalidJwtIssuerException;
import org.mitre.openid.connect.exception.InvalidJwtSignatureException;
import org.mitre.openid.connect.model.IdToken;
import org.mitre.util.Utility;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.access.prepost.PreAuthorize;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.servlet.ModelAndView;
@Controller
public class CheckIDEndpoint {
@Autowired
JwtSigningAndValidationService jwtSignerService;
@Autowired
private ConfigurationPropertiesBean configBean;
@PreAuthorize("hasRole('ROLE_USER')")
@RequestMapping("/checkid")
public ModelAndView checkID(@RequestParam("access_token") String tokenString, ModelAndView mav, HttpServletRequest request) {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
if (!jwtSignerService.validateSignature(tokenString)) {
// can't validate
throw new InvalidJwtSignatureException("The Signature could not be validated.");
}
// it's a valid signature, parse the token
IdToken token = IdToken.parse(tokenString);
// check the expiration
if (jwtSignerService.isJwtExpired(token)) {
// token has expired
throw new ExpiredTokenException("The token has expired.");
}
// check the issuer (sanity check)
//if (!jwtSignerService.validateIssuedJwt(token, configBean.getIssuer())) {
// throw new InvalidJwtIssuerException("The JWT issuer is invalid.");
//}
// pass the claims directly (the view doesn't care about other fields)
return new ModelAndView("jsonIdTokenView", "entity", token.getClaims());
}
public JwtSigningAndValidationService getJwtSignerService() {
return jwtSignerService;
}
public void setJwtSignerService(JwtSigningAndValidationService jwtSignerService) {
this.jwtSignerService = jwtSignerService;
}
public ConfigurationPropertiesBean getConfigBean() {
return configBean;
}
public void setConfigBean(ConfigurationPropertiesBean configBean) {
this.configBean = configBean;
}
}

6
openid-connect-server/src/main/java/org/mitre/openid/connect/web/ManagerController.java
View File

@ -25,16 +25,16 @@ import org.springframework.web.bind.annotation.RequestMapping;
@Controller
@RequestMapping("/")
@PreAuthorize("hasRole('ROLE_USER')")
@PreAuthorize("hasRole('ROLE_USER')") // TODO: this probably shouldn't be here
public class ManagerController {
@RequestMapping({"", "/home", "/index"})
@RequestMapping({"", "home", "index"})
public String showHomePage() {
return "home";
}
@RequestMapping("/admin/manage/")
@RequestMapping("admin/manage")
public String showClientManager() {
return "admin/manage";
}

130
openid-connect-server/src/main/resources/org/mitre/jwt/signer/service/impl/jwt-signer-1.0.xsd
View File

@ -1,130 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<xsd:schema xmlns="http://www.mitre.org/schema/openid-connect/jwt-signer"
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:beans="http://www.springframework.org/schema/beans"
targetNamespace="http://www.mitre.org/schema/openid-connect/jwt-signer"
elementFormDefault="qualified" attributeFormDefault="unqualified">
<xsd:import namespace="http://www.springframework.org/schema/beans" schemaLocation="http://www.springframework.org/schema/beans/spring-beans-3.1.xsd" />
<xsd:element name="keystore">
<xsd:annotation>
<xsd:documentation>
Describes the JCE KeyStore necessary for certain
signers.
</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="beans:identifiedType">
<xsd:attribute name="location" type="xsd:string" use="required" />
<xsd:attribute name="password" type="xsd:string" />
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
<xsd:element name="service">
<xsd:annotation>
<xsd:documentation>
Configures the signer service with these signers.
</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
<xsd:complexContent>
<xsd:extension base="beans:identifiedType">
<xsd:choice minOccurs="0" maxOccurs="unbounded">
<xsd:element name="rsa">
<xsd:annotation>
<xsd:documentation>
Configures an RSA signer.
</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
<xsd:attribute name="bits" type="xsd:string" />
<xsd:attribute name="keystore-ref" type="xsd:string" use="required">
<xsd:annotation>
<xsd:documentation>
The reference to the bean that defines the
KeyStore.
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="key-alias" type="xsd:string" use="required">
<xsd:annotation>
<xsd:documentation>
The alias to the KeyPair to use for
signing/verifying.
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="password" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
The password to the KeyPair to use for
signing/verifying.
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:complexType>
</xsd:element>
<xsd:element name="ecdsa">
<xsd:annotation>
<xsd:documentation>
Configures an ECDSA signer.
</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
<xsd:attribute name="bits" type="xsd:string" />
<xsd:attribute name="keystore-ref" type="xsd:string" use="required">
<xsd:annotation>
<xsd:documentation>
The reference to the bean that defines the
KeyStore.
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="key-alias" type="xsd:string" use="required">
<xsd:annotation>
<xsd:documentation>
The alias to the KeyPair to use for
signing/verifying.
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
<xsd:attribute name="password" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
The password to the KeyPair to use for
signing/verifying.
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:complexType>
</xsd:element>
<xsd:element name="hmac">
<xsd:annotation>
<xsd:documentation>
Configures an HMAC signer.
</xsd:documentation>
</xsd:annotation>
<xsd:complexType>
<xsd:attribute name="bits" type="xsd:integer" />
<xsd:attribute name="passphrase" type="xsd:string">
<xsd:annotation>
<xsd:documentation>
The passphrase used for signing/verifying.
</xsd:documentation>
</xsd:annotation>
</xsd:attribute>
</xsd:complexType>
</xsd:element>
</xsd:choice>
</xsd:extension>
</xsd:complexContent>
</xsd:complexType>
</xsd:element>
</xsd:schema>

36
openid-connect-server/src/main/webapp/WEB-INF/views/oauth/approve.jsp
View File

@ -37,21 +37,27 @@
</c:otherwise>
</c:choose>" to sign you into their site
using your identity?
<a class="small" href="#" onclick="$('#description').toggle('fast'); return false;">more information</a>
<div>
<a class="small" href="#" onclick="$('#description').toggle('fast'); return false;">more information</a>
</div>
<p>
<blockquote id="description" style="display: none">
<c:choose>
<c:when test="${empty client.clientDescription}">
No additional information available.
</c:when>
<c:otherwise>
<c:out value="${client.clientDescription}"/>
</c:otherwise>
</c:choose>
</blockquote>
<blockquote id="description" style="display: none">
<c:choose>
<c:when test="${empty client.clientDescription}">
No additional information available.
</c:when>
<c:otherwise>
<c:out value="${client.clientDescription}"/>
</c:otherwise>
</c:choose>
</blockquote>
</p>
<div>
<small>
<strong>Redirect URI: </strong><c:out value="${redirect_uri}"/>
</small>
</div>
</div>
<div class="span4">
<fieldset style="text-align:left" class="well">
@ -81,10 +87,6 @@
class="btn btn-secondary btn-large"/>
</div>
<small>
<strong>Redirect URI: </strong><c:out value="${redirect_uri}"/>
</small>
</form>
</authz:authorize>

158
openid-connect-server/src/test/java/org/mitre/openid/connect/repository/AddressRepositoryTest.java
View File

@ -1,158 +0,0 @@
/*******************************************************************************
* Copyright 2012 The MITRE Corporation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
******************************************************************************/
package org.mitre.openid.connect.repository;
import static org.hamcrest.CoreMatchers.equalTo;
import static org.hamcrest.CoreMatchers.is;
import static org.hamcrest.CoreMatchers.not;
import static org.hamcrest.CoreMatchers.nullValue;
import static org.hamcrest.CoreMatchers.sameInstance;
import static org.junit.Assert.assertThat;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mitre.openid.connect.model.Address;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.annotation.Rollback;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.transaction.annotation.Transactional;
/**
* AddressRepository unit test
*
* @author Michael Joseph Walsh
*
*/
@Transactional
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(locations={"file:src/main/webapp/WEB-INF/application-context.xml", "classpath:test-context.xml"})
public class AddressRepositoryTest {
@Autowired
private AddressRepository repository;
@PersistenceContext
private EntityManager sharedManager;
private Address address1;
private Address address2;
@Before
public void setup() {
//Use existing test-data.sql
address1 = new Address();
address1.setId(1L);
// too lazy to create formatted...
address1.setStreetAddress("7443 Et Road");
address1.setLocality("Pass Christian");
address1.setRegion("ID");
address1.setPostalCode("16183");
address1.setCountry("Jordan");
address2 = new Address();
address2.setId(2L);
address2.setStreetAddress("P.O. Box 893, 2523 Felis Rd.");
address2.setLocality("New Kensington");
address2.setRegion("NT");
address2.setPostalCode("I5V 3Z7");
address2.setCountry("Israel");
}
@Test
public void getById_valid() {
Address retrieved = repository.getById(1L);
assertThat(retrieved, is(not(nullValue())));
assertThat(retrieved.getId(), equalTo(address1.getId()));
}
@Test
public void getById_invalid() {
Address nullAddress = repository.getById(42L);
assertThat(nullAddress, is(nullValue()));
}
@Test
@Rollback
public void save_validNew() {
// See: http://openid.net/specs/openid-connect-basic-1_0.html#address_claim
Address newAddress = new Address();
newAddress.setStreetAddress("P.O. Box 517, 8158 Elementum Rd.");
newAddress.setLocality("Whittier");
newAddress.setRegion("YT");
newAddress.setPostalCode("U6Q 3F2");
newAddress.setCountry("Cyprus");
Address saved = repository.save(newAddress);
sharedManager.flush();
assertThat(saved, is(sameInstance(newAddress)));
assertThat(saved.getId(), not(nullValue()));
}
@Test
@Rollback
public void save_validExisting() {
address1.setStreetAddress("A New address");
Address saved = repository.save(address1);
assertThat(saved, not(nullValue()));
assertThat(saved.getId(), equalTo(address1.getId()));
assertThat(saved.getStreetAddress(), equalTo(address1.getStreetAddress()));
}
@Test
@Rollback
public void remove_valid() {
Address managed = repository.getById((address1.getId()));
repository.remove(managed);
Address nullAddress = repository.getById(address1.getId());
assertThat(nullAddress, is(nullValue()));
}
@Test(expected = IllegalArgumentException.class)
public void remove_invalid() {
Address doesNotExist = new Address();
doesNotExist.setId(42L);
repository.remove(doesNotExist);
}
@Test
@Rollback
public void removeById_valid() {
repository.removeById(address1.getId());
Address nullagg = repository.getById(address1.getId());
assertThat(nullagg, is(nullValue()));
}
@Test(expected = IllegalArgumentException.class)
public void removeById_invalid() {
repository.removeById(42L);
}
}

166
openid-connect-server/src/test/java/org/mitre/openid/connect/repository/EventRepositoryTest.java
View File

@ -1,166 +0,0 @@
/*******************************************************************************
* Copyright 2012 The MITRE Corporation
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
******************************************************************************/
package org.mitre.openid.connect.repository;
import static org.hamcrest.CoreMatchers.equalTo;
import static org.hamcrest.CoreMatchers.is;
import static org.hamcrest.CoreMatchers.not;
import static org.hamcrest.CoreMatchers.nullValue;
import static org.hamcrest.CoreMatchers.sameInstance;
import static org.junit.Assert.assertThat;
import static org.junit.Assert.fail;
import java.util.Date;
import java.util.List;
import javax.persistence.EntityManager;
import javax.persistence.PersistenceContext;
import org.junit.Before;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.mitre.openid.connect.model.Event;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.test.annotation.Rollback;
import org.springframework.test.context.ContextConfiguration;
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
import org.springframework.transaction.annotation.Transactional;
import com.google.common.collect.Lists;
/**
* EventRepository unit test
*
* @author Michael Joseph Walsh
*
*/
@Transactional
@RunWith(SpringJUnit4ClassRunner.class)
@ContextConfiguration(locations={"file:src/main/webapp/WEB-INF/application-context.xml", "classpath:test-context.xml"})
public class EventRepositoryTest {
@Autowired
private EventRepository repository;
@PersistenceContext
private EntityManager sharedManager;
private Event event1;
private Event event2;
@Before
public void setup() {
//Use existing test-data.sql
event1 = new Event();
event1.setId(1L);
event1.setType(Event.EventType.LOGIN);
event1.setTimestamp(new Date(86400000*5)); // 1 day = 86 400 000 milliseconds
event2 = new Event();
event2.setId(2L);
event2.setType(Event.EventType.AUTHORIZATION);
event2.setTimestamp(new Date(86400000*10));
}
@Test
public void getById_valid() {
Event retrieved = repository.getById(1L);
assertThat(retrieved, is(not(nullValue())));
assertThat(retrieved.getId(), equalTo(event1.getId()));
}
@Test
public void getById_invalid() {
Event nullAddress = repository.getById(42L);
assertThat(nullAddress, is(nullValue()));
}
@Test
public void getEventsDuringPeriod() {
List<Event> allEvents = Lists.newArrayList(event1, event2);
List<Event> retrieved = (List<Event>) repository.getEventsDuringPeriod(new Date(0L), new Date(86400000*11), 0, 10);
if (allEvents.size() != retrieved.size()) {
fail("Retrieved and expected are not of equal size!");
}
}
@Test
@Rollback
public void save_validNew() {
Event newEvent = new Event();
newEvent.setType(Event.EventType.LOGIN);
newEvent.setTimestamp(new Date());
Event saved = repository.save(newEvent);
sharedManager.flush();
assertThat(saved, is(sameInstance(newEvent)));
assertThat(saved.getId(), not(nullValue()));
}
@Test
@Rollback
public void save_validExisting() {
event1.setType(Event.EventType.ACCESS);
Event saved = repository.save(event1);
assertThat(saved, not(nullValue()));
assertThat(saved.getId(), equalTo(event1.getId()));
assertThat(saved.getType(), equalTo(event1.getType()));
}
@Test
@Rollback
public void remove_valid() {
Event managed = repository.getById((event1.getId()));
repository.remove(managed);
Event nullAddress = repository.getById(event1.getId());
assertThat(nullAddress, is(nullValue()));
}
@Test(expected = IllegalArgumentException.class)
public void remove_invalid() {
Event doesNotExist = new Event();
doesNotExist.setId(42L);
repository.remove(doesNotExist);
}
@Test
@Rollback
public void removeById_valid() {
repository.removeById(event1.getId());
Event nullagg = repository.getById(event1.getId());
assertThat(nullagg, is(nullValue()));
}
@Test(expected = IllegalArgumentException.class)
public void removeById_invalid() {
repository.removeById(42L);
}
}