From d07667576e99c1f047be2526d1da3c1c950e6ece Mon Sep 17 00:00:00 2001 From: Justin Richer Date: Mon, 30 Jul 2012 16:46:22 -0400 Subject: [PATCH] cleaned up old code --- .../model/OAuth2AccessTokenEntityFactory.java | 22 -- .../OAuth2RefreshTokenEntityFactory.java | 22 -- .../mitre/oauth2/model/UUIDTokenFactory.java | 54 ----- .../DefaultOAuth2ProviderTokenService.java | 4 - .../oauth2/view/JSONOAuthClientView.java | 81 ------- .../org/mitre/oauth2/web/OAuthClientAPI.java | 220 ------------------ .../oauth2/web/OAuthClientController.java | 181 -------------- .../web/OAuthConfirmationController.java | 11 +- .../openid/connect/web/CheckIDEndpoint.java | 92 -------- .../openid/connect/web/ManagerController.java | 6 +- .../signer/service/impl/jwt-signer-1.0.xsd | 130 ----------- .../webapp/WEB-INF/views/oauth/approve.jsp | 36 +-- .../repository/AddressRepositoryTest.java | 158 ------------- .../repository/EventRepositoryTest.java | 166 ------------- 14 files changed, 27 insertions(+), 1156 deletions(-) delete mode 100644 openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntityFactory.java delete mode 100644 openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntityFactory.java delete mode 100644 openid-connect-common/src/main/java/org/mitre/oauth2/model/UUIDTokenFactory.java delete mode 100644 openid-connect-server/src/main/java/org/mitre/oauth2/view/JSONOAuthClientView.java delete mode 100644 openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthClientAPI.java delete mode 100644 openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthClientController.java delete mode 100644 openid-connect-server/src/main/java/org/mitre/openid/connect/web/CheckIDEndpoint.java delete mode 100644 openid-connect-server/src/main/resources/org/mitre/jwt/signer/service/impl/jwt-signer-1.0.xsd delete mode 100644 openid-connect-server/src/test/java/org/mitre/openid/connect/repository/AddressRepositoryTest.java delete mode 100644 openid-connect-server/src/test/java/org/mitre/openid/connect/repository/EventRepositoryTest.java diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntityFactory.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntityFactory.java deleted file mode 100644 index bab5e1314..000000000 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntityFactory.java +++ /dev/null @@ -1,22 +0,0 @@ -/******************************************************************************* - * Copyright 2012 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - ******************************************************************************/ -package org.mitre.oauth2.model; - -public interface OAuth2AccessTokenEntityFactory { - - public OAuth2AccessTokenEntity createNewAccessToken(); - -} diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntityFactory.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntityFactory.java deleted file mode 100644 index c0ef52157..000000000 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntityFactory.java +++ /dev/null @@ -1,22 +0,0 @@ -/******************************************************************************* - * Copyright 2012 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - ******************************************************************************/ -package org.mitre.oauth2.model; - -public interface OAuth2RefreshTokenEntityFactory { - - public OAuth2RefreshTokenEntity createNewRefreshToken(); - -} diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/UUIDTokenFactory.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/UUIDTokenFactory.java deleted file mode 100644 index 2709adc83..000000000 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/UUIDTokenFactory.java +++ /dev/null @@ -1,54 +0,0 @@ -/******************************************************************************* - * Copyright 2012 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - ******************************************************************************/ -package org.mitre.oauth2.model; - -import java.util.UUID; - -import org.springframework.stereotype.Service; - -@Service -public class UUIDTokenFactory implements OAuth2AccessTokenEntityFactory, OAuth2RefreshTokenEntityFactory { - - /** - * Create a new access token and set its value to a random UUID - */ - @Override - public OAuth2AccessTokenEntity createNewAccessToken() { - // create our token container - OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity(); - - // set a random value (TODO: support JWT) - String tokenValue = UUID.randomUUID().toString(); - token.setValue(tokenValue); - - return token; - } - - /** - * Create a new refresh token and set its value to a random UUID - */ - @Override - public OAuth2RefreshTokenEntity createNewRefreshToken() { - OAuth2RefreshTokenEntity refreshToken = new OAuth2RefreshTokenEntity(); - - // set a random value for the refresh - String refreshTokenValue = UUID.randomUUID().toString(); - refreshToken.setValue(refreshTokenValue); - - return refreshToken; - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java index 26f375c60..5851d1834 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ProviderTokenService.java @@ -21,13 +21,10 @@ package org.mitre.oauth2.service.impl; import java.util.Date; import java.util.List; import java.util.Set; -import java.util.UUID; import org.mitre.oauth2.model.ClientDetailsEntity; import org.mitre.oauth2.model.OAuth2AccessTokenEntity; -import org.mitre.oauth2.model.OAuth2AccessTokenEntityFactory; import org.mitre.oauth2.model.OAuth2RefreshTokenEntity; -import org.mitre.oauth2.model.OAuth2RefreshTokenEntityFactory; import org.mitre.oauth2.repository.OAuth2TokenRepository; import org.mitre.oauth2.service.ClientDetailsEntityService; import org.mitre.oauth2.service.OAuth2TokenEntityService; @@ -37,7 +34,6 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.scheduling.annotation.Scheduled; import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException; import org.springframework.security.core.AuthenticationException; -import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.common.exceptions.InvalidClientException; import org.springframework.security.oauth2.common.exceptions.InvalidTokenException; import org.springframework.security.oauth2.provider.AuthorizationRequest; diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/view/JSONOAuthClientView.java b/openid-connect-server/src/main/java/org/mitre/oauth2/view/JSONOAuthClientView.java deleted file mode 100644 index cb5ae5190..000000000 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/view/JSONOAuthClientView.java +++ /dev/null @@ -1,81 +0,0 @@ -/******************************************************************************* - * Copyright 2012 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - ******************************************************************************/ -package org.mitre.oauth2.view; - -import java.io.Writer; -import java.lang.reflect.Type; -import java.util.Map; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.springframework.security.core.GrantedAuthority; -import org.springframework.validation.BeanPropertyBindingResult; -import org.springframework.web.servlet.view.AbstractView; - -import com.google.gson.ExclusionStrategy; -import com.google.gson.FieldAttributes; -import com.google.gson.Gson; -import com.google.gson.GsonBuilder; -import com.google.gson.JsonElement; -import com.google.gson.JsonPrimitive; -import com.google.gson.JsonSerializationContext; -import com.google.gson.JsonSerializer; - -public class JSONOAuthClientView extends AbstractView { - - @Override - protected void renderMergedOutputModel(Map model, HttpServletRequest request, HttpServletResponse response) throws Exception { - Gson gson = new GsonBuilder().setExclusionStrategies(new ExclusionStrategy() { - - @Override - public boolean shouldSkipField(FieldAttributes f) { - return false; - } - - @Override - public boolean shouldSkipClass(Class clazz) { - // skip the JPA binding wrapper - if (clazz.equals(BeanPropertyBindingResult.class)) { - return true; - } else { - return false; - } - } - - }) - .registerTypeAdapter(GrantedAuthority.class, new JsonSerializer() { - @Override - public JsonElement serialize(GrantedAuthority src, Type typeOfSrc, JsonSerializationContext context) { - return new JsonPrimitive(src.getAuthority()); - } - }) - .create(); - - response.setContentType("application/json"); - - Writer out = response.getWriter(); - - Object obj = model.get("entity"); - if (obj == null) { - obj = model; - } - - gson.toJson(obj, out); - - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthClientAPI.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthClientAPI.java deleted file mode 100644 index 83d49b7a3..000000000 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthClientAPI.java +++ /dev/null @@ -1,220 +0,0 @@ -/******************************************************************************* - * Copyright 2012 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - ******************************************************************************/ -package org.mitre.oauth2.web; - -import java.util.Collection; -import java.util.HashSet; -import java.util.Set; - -import org.mitre.oauth2.exception.ClientNotFoundException; -import org.mitre.oauth2.exception.DuplicateClientIdException; -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.service.ClientDetailsEntityService; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.authority.SimpleGrantedAuthority; -import org.springframework.stereotype.Controller; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestParam; -import org.springframework.web.servlet.ModelAndView; - -import com.google.common.base.Function; -import com.google.common.base.Splitter; -import com.google.common.collect.Iterables; -import com.google.common.collect.Sets; - -@Controller -@RequestMapping("/manager/oauth/clients/api") -public class OAuthClientAPI { - - @Autowired - private ClientDetailsEntityService clientService; - - private static final Logger logger = LoggerFactory.getLogger(OAuthClientAPI.class); - - public OAuthClientAPI() { - - } - - public OAuthClientAPI(ClientDetailsEntityService clientService) { - this.clientService = clientService; - } - - // TODO: i think this needs a fancier binding than just strings on the way in - @PreAuthorize("hasRole('ROLE_ADMIN')") - @RequestMapping("/add") - public ModelAndView apiAddClient(ModelAndView modelAndView, - @RequestParam String clientId, @RequestParam String clientSecret, - @RequestParam String scope, // space delimited - @RequestParam String grantTypes, // space delimited - @RequestParam(required=false) String redirectUri, - @RequestParam String authorities, // space delimited - @RequestParam(required=false) String resourceIds, // space delimited - @RequestParam(required=false) String name, - @RequestParam(required=false) String description, - @RequestParam(required=false, defaultValue="false") boolean allowRefresh, - @RequestParam(required=false) Integer accessTokenTimeout, - @RequestParam(required=false) Integer refreshTokenTimeout, - @RequestParam(required=false) String owner - ) { - logger.info("apiAddClient - start"); - ClientDetailsEntity oldClient = clientService.loadClientByClientId(clientId); - if (oldClient != null) { - throw new DuplicateClientIdException(clientId); - } - - Splitter spaceDelimited = Splitter.on(" "); - // parse all of our space-delimited lists - Set scopeSet = Sets.newHashSet(spaceDelimited.split(scope)); - Set grantTypesSet = Sets.newHashSet(spaceDelimited.split(grantTypes)); // TODO: make a stronger binding to GrantTypes - logger.info("apiAddClient - before creating authorities list"); - Set authoritiesSet = Sets.newHashSet( - Iterables.transform(spaceDelimited.split(authorities), new Function() { - @Override - public GrantedAuthority apply(String auth) { - return new SimpleGrantedAuthority(auth); - } - })); - logger.info("apiAddClient - printing client details"); - logger.info("Making call to create client with " + clientId + ", " + clientSecret - + ", " + scopeSet + ", " + grantTypesSet + ", " + redirectUri + ", " - + authoritiesSet + ", " + name + ", " + description + ", " + allowRefresh - + ", " + accessTokenTimeout + ", " + refreshTokenTimeout + ", " + owner); - - Set resourceIdSet = Sets.newHashSet(spaceDelimited.split(resourceIds)); - - ClientDetailsEntity client = clientService.createClient(clientId, clientSecret, - scopeSet, grantTypesSet, redirectUri, authoritiesSet, resourceIdSet, name, description, - allowRefresh, accessTokenTimeout, refreshTokenTimeout, owner); - logger.info("apiAddClient - adding model objects"); - modelAndView.addObject("entity", client); - modelAndView.setViewName("jsonOAuthClientView"); - logger.info("apiAddClient - end"); - return modelAndView; - } - - @PreAuthorize("hasRole('ROLE_ADMIN')") - @RequestMapping("/delete") - public ModelAndView apiDeleteClient(ModelAndView modelAndView, - @RequestParam String clientId) { - - ClientDetailsEntity client = clientService.loadClientByClientId(clientId); - - if (client == null) { - throw new ClientNotFoundException("Client not found: " + clientId); - } - - clientService.deleteClient(client); - - modelAndView.setViewName("management/successfullyRemoved"); - return modelAndView; - } - - // TODO: the serializtion of this falls over, don't know why - @PreAuthorize("hasRole('ROLE_ADMIN')") - @RequestMapping("/getAll") - public ModelAndView apiGetAllClients(ModelAndView modelAndView) { - - Collection clients = clientService.getAllClients(); - modelAndView.addObject("entity", clients); - modelAndView.setViewName("jsonOAuthClientView"); - - return modelAndView; - } - - @PreAuthorize("hasRole('ROLE_ADMIN')") - @RequestMapping("/update") - public ModelAndView apiUpdateClient(ModelAndView modelAndView, - @RequestParam String clientId, @RequestParam String clientSecret, - @RequestParam String scope, // space delimited - @RequestParam String grantTypes, // space delimited - @RequestParam(required=false) String redirectUri, - @RequestParam String authorities, // space delimited - @RequestParam(required=false) String resourceIds, // space delimited - @RequestParam(required=false) String name, - @RequestParam(required=false) String description, - @RequestParam(required=false, defaultValue="false") boolean allowRefresh, - @RequestParam(required=false) Integer accessTokenTimeout, - @RequestParam(required=false) Integer refreshTokenTimeout, - @RequestParam(required=false) String owner - ) { - ClientDetailsEntity client = clientService.loadClientByClientId(clientId); - - if (client == null) { - throw new ClientNotFoundException("Client not found: " + clientId); - } - - Splitter spaceDelimited = Splitter.on(" "); - // parse all of our space-delimited lists - Set scopeSet = Sets.newHashSet(spaceDelimited.split(scope)); - Set grantTypesSet = Sets.newHashSet(spaceDelimited.split(grantTypes)); // TODO: make a stronger binding to GrantTypes - Set authoritiesSet = Sets.newHashSet( - Iterables.transform(spaceDelimited.split(authorities), new Function() { - @Override - public GrantedAuthority apply(String auth) { - return new SimpleGrantedAuthority(auth); - } - })); - Set resourceIdSet = Sets.newHashSet(spaceDelimited.split(resourceIds)); - - - client.setClientSecret(clientSecret); - client.setScope(scopeSet); - client.setAuthorizedGrantTypes(grantTypesSet); - - //AANGANES 4/9/2012 client.redirectUri is now a Set - Set redirectUris = new HashSet(); - redirectUris.add(redirectUri); - - client.setRegisteredRedirectUri(redirectUris); - client.setAuthorities(authoritiesSet); - client.setResourceIds(resourceIdSet); - client.setClientName(name); - client.setClientDescription(description); - client.setAllowRefresh(allowRefresh); - client.setAccessTokenValiditySeconds(accessTokenTimeout); - client.setRefreshTokenValiditySeconds(refreshTokenTimeout); - client.setOwner(owner); - - clientService.updateClient(client, client); - - modelAndView.addObject("entity", client); - modelAndView.setViewName("jsonOAuthClientView"); - - return modelAndView; - } - - @PreAuthorize("hasRole('ROLE_ADMIN')") - @RequestMapping("/getById") - public ModelAndView getClientById(ModelAndView modelAndView, - @RequestParam String clientId) { - - ClientDetailsEntity client = clientService.loadClientByClientId(clientId); - - if (client == null) { - throw new ClientNotFoundException("Client not found: " + clientId); - } - - modelAndView.addObject("entity", client); - modelAndView.setViewName("jsonOAuthClientView"); - - return modelAndView; - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthClientController.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthClientController.java deleted file mode 100644 index ef88c6335..000000000 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthClientController.java +++ /dev/null @@ -1,181 +0,0 @@ -/******************************************************************************* - * Copyright 2012 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - ******************************************************************************/ -/** - * - */ -package org.mitre.oauth2.web; - -import java.util.Collection; -import java.util.List; -import java.util.Set; - -import org.mitre.oauth2.model.ClientDetailsEntity; -import org.mitre.oauth2.model.OAuth2AccessTokenEntity; -import org.mitre.oauth2.model.OAuth2RefreshTokenEntity; -import org.mitre.oauth2.service.ClientDetailsEntityService; -import org.mitre.oauth2.service.OAuth2TokenEntityService; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.authority.SimpleGrantedAuthority; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.security.oauth2.provider.AuthorizationRequest; -import org.springframework.security.oauth2.provider.OAuth2Authentication; -import org.springframework.stereotype.Controller; -import org.springframework.web.bind.annotation.PathVariable; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.servlet.ModelAndView; - -import com.google.common.collect.Sets; - - -/** - * - * Endpoint for managing OAuth2 clients - * - * @author jricher - * - */ -@Controller -@RequestMapping("/manager/oauth/clients") -public class OAuthClientController { - - private final static Set GRANT_TYPES = Sets.newHashSet("authorization_code", "client_credentials", "password", "implicit"); - - @Autowired - private ClientDetailsEntityService clientService; - - @Autowired - private OAuth2TokenEntityService tokenService; - - private Logger logger; - - public OAuthClientController() { - logger = LoggerFactory.getLogger(this.getClass()); - } - - public OAuthClientController(ClientDetailsEntityService clientService, OAuth2TokenEntityService tokenService) { - this.clientService = clientService; - this.tokenService = tokenService; - logger = LoggerFactory.getLogger(this.getClass()); - } - - /** - * Redirect to the "/" version of the root - * @param modelAndView - * @return - */ - @RequestMapping("") - public ModelAndView redirectRoot(ModelAndView modelAndView) { - modelAndView.setViewName("redirect:/manager/oauth/clients/"); - return modelAndView; - } - - /** - * View all clients - * @param modelAndView - * @return - */ - @PreAuthorize("hasRole('ROLE_ADMIN')") - @RequestMapping("/") - public ModelAndView viewAllClients(ModelAndView modelAndView) { - Authentication auth = SecurityContextHolder.getContext().getAuthentication(); - //ClientAuthenticationToken clientAuth = (ClientAuthenticationToken) ((OAuth2Authentication) auth).getClientAuthentication(); - AuthorizationRequest clientAuth = ((OAuth2Authentication) auth).getAuthorizationRequest(); - - logger.info("Client auth = " + clientAuth); - logger.info("Granted authorities = " + clientAuth.getAuthorities().toString()); - - Collection clients = clientService.getAllClients(); - modelAndView.addObject("clients", clients); - modelAndView.setViewName("/management/oauth/clientIndex"); - - return modelAndView; - } - - @PreAuthorize("hasRole('ROLE_ADMIN')") - @RequestMapping("/add") - public ModelAndView redirectAdd(ModelAndView modelAndView) { - modelAndView.setViewName("redirect:/manager/oauth/clients/add/"); - return modelAndView; - } - - @PreAuthorize("hasRole('ROLE_ADMIN')") - @RequestMapping("/add/") - public ModelAndView addClientPage(ModelAndView modelAndView) { - - Set auth = Sets.newHashSet(); - auth.add(new SimpleGrantedAuthority("ROLE_CLIENT")); - - ClientDetailsEntity client = ClientDetailsEntity.makeBuilder() - .setScope(Sets.newHashSet("scope")) - .setAuthorities(auth) // why do we have to pull this into a separate list? - .setAuthorizedGrantTypes(Sets.newHashSet("authorization_code")) - .finish(); - modelAndView.addObject("availableGrantTypes", GRANT_TYPES); - modelAndView.addObject("client", client); - - modelAndView.setViewName("/management/oauth/editClient"); - return modelAndView; - } - - @PreAuthorize("hasRole('ROLE_ADMIN')") - @RequestMapping("/delete/{clientId}") - public ModelAndView deleteClientConfirmation(ModelAndView modelAndView, - @PathVariable String clientId) { - - ClientDetailsEntity client = clientService.loadClientByClientId(clientId); - modelAndView.addObject("client", client); - modelAndView.setViewName("/management/oauth/deleteClientConfirm"); - - return modelAndView; - } - - @PreAuthorize("hasRole('ROLE_ADMIN')") - @RequestMapping("/edit/{clientId}") - public ModelAndView editClientPage(ModelAndView modelAndView, - @PathVariable String clientId) { - - ClientDetailsEntity client = clientService.loadClientByClientId(clientId); - - modelAndView.addObject("availableGrantTypes", GRANT_TYPES); - modelAndView.addObject("client", client); - modelAndView.setViewName("/management/oauth/editClient"); - - return modelAndView; - } - - @PreAuthorize("hasRole('ROLE_ADMIN')") - @RequestMapping("/view/{clientId}") - public ModelAndView viewClientDetails(ModelAndView modelAndView, - @PathVariable String clientId) { - - ClientDetailsEntity client = clientService.loadClientByClientId(clientId); - - List accessTokens = tokenService.getAccessTokensForClient(client); - List refreshTokens = tokenService.getRefreshTokensForClient(client); - - modelAndView.addObject("client", client); - modelAndView.addObject("accessTokens", accessTokens); - modelAndView.addObject("refreshTokens", refreshTokens); - - modelAndView.setViewName("/management/oauth/viewClient"); - return modelAndView; - } -} diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java index 7b491b584..d62b72f9f 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java @@ -53,18 +53,17 @@ public class OAuthConfirmationController { //@PreAuthorize("hasRole('ROLE_USER')") @RequestMapping("/oauth/confirm_access") - public ModelAndView confimAccess(@ModelAttribute AuthorizationRequest clientAuth, - ModelAndView modelAndView) { + public ModelAndView confimAccess(@ModelAttribute AuthorizationRequest authRequest, ModelAndView modelAndView) { - ClientDetails client = clientService.loadClientByClientId(clientAuth.getClientId()); + ClientDetails client = clientService.loadClientByClientId(authRequest.getClientId()); if (client == null) { - throw new ClientNotFoundException("Client not found: " + clientAuth.getClientId()); + throw new ClientNotFoundException("Client not found: " + authRequest.getClientId()); } - String redirect_uri = clientAuth.getAuthorizationParameters().get("redirect_uri"); + String redirect_uri = authRequest.getAuthorizationParameters().get("redirect_uri"); - modelAndView.addObject("auth_request", clientAuth); + modelAndView.addObject("auth_request", authRequest); modelAndView.addObject("client", client); modelAndView.addObject("redirect_uri", redirect_uri); modelAndView.setViewName("oauth/approve"); diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/CheckIDEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/CheckIDEndpoint.java deleted file mode 100644 index 448567872..000000000 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/CheckIDEndpoint.java +++ /dev/null @@ -1,92 +0,0 @@ -/******************************************************************************* - * Copyright 2012 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - ******************************************************************************/ -package org.mitre.openid.connect.web; - -import java.security.NoSuchAlgorithmException; - -import javax.servlet.http.HttpServletRequest; - -import org.mitre.jwt.signer.service.JwtSigningAndValidationService; -import org.mitre.openid.connect.config.ConfigurationPropertiesBean; -import org.mitre.openid.connect.exception.ExpiredTokenException; -import org.mitre.openid.connect.exception.InvalidJwtIssuerException; -import org.mitre.openid.connect.exception.InvalidJwtSignatureException; -import org.mitre.openid.connect.model.IdToken; -import org.mitre.util.Utility; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.access.prepost.PreAuthorize; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.stereotype.Controller; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestParam; -import org.springframework.web.servlet.ModelAndView; - -@Controller -public class CheckIDEndpoint { - - @Autowired - JwtSigningAndValidationService jwtSignerService; - - @Autowired - private ConfigurationPropertiesBean configBean; - - @PreAuthorize("hasRole('ROLE_USER')") - @RequestMapping("/checkid") - public ModelAndView checkID(@RequestParam("access_token") String tokenString, ModelAndView mav, HttpServletRequest request) { - - Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); - - if (!jwtSignerService.validateSignature(tokenString)) { - // can't validate - throw new InvalidJwtSignatureException("The Signature could not be validated."); - } - - // it's a valid signature, parse the token - IdToken token = IdToken.parse(tokenString); - - // check the expiration - if (jwtSignerService.isJwtExpired(token)) { - // token has expired - throw new ExpiredTokenException("The token has expired."); - } - - // check the issuer (sanity check) - //if (!jwtSignerService.validateIssuedJwt(token, configBean.getIssuer())) { - // throw new InvalidJwtIssuerException("The JWT issuer is invalid."); - //} - - // pass the claims directly (the view doesn't care about other fields) - return new ModelAndView("jsonIdTokenView", "entity", token.getClaims()); - } - - public JwtSigningAndValidationService getJwtSignerService() { - return jwtSignerService; - } - - public void setJwtSignerService(JwtSigningAndValidationService jwtSignerService) { - this.jwtSignerService = jwtSignerService; - } - - public ConfigurationPropertiesBean getConfigBean() { - return configBean; - } - - public void setConfigBean(ConfigurationPropertiesBean configBean) { - this.configBean = configBean; - } - -} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ManagerController.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ManagerController.java index a1af29cf6..d8a915469 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ManagerController.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ManagerController.java @@ -25,16 +25,16 @@ import org.springframework.web.bind.annotation.RequestMapping; @Controller @RequestMapping("/") -@PreAuthorize("hasRole('ROLE_USER')") +@PreAuthorize("hasRole('ROLE_USER')") // TODO: this probably shouldn't be here public class ManagerController { - @RequestMapping({"", "/home", "/index"}) + @RequestMapping({"", "home", "index"}) public String showHomePage() { return "home"; } - @RequestMapping("/admin/manage/") + @RequestMapping("admin/manage") public String showClientManager() { return "admin/manage"; } diff --git a/openid-connect-server/src/main/resources/org/mitre/jwt/signer/service/impl/jwt-signer-1.0.xsd b/openid-connect-server/src/main/resources/org/mitre/jwt/signer/service/impl/jwt-signer-1.0.xsd deleted file mode 100644 index cb3e606fa..000000000 --- a/openid-connect-server/src/main/resources/org/mitre/jwt/signer/service/impl/jwt-signer-1.0.xsd +++ /dev/null @@ -1,130 +0,0 @@ - - - - - - - - - - Describes the JCE KeyStore necessary for certain - signers. - - - - - - - - - - - - - - - - - - Configures the signer service with these signers. - - - - - - - - - - - Configures an RSA signer. - - - - - - - - The reference to the bean that defines the - KeyStore. - - - - - - - The alias to the KeyPair to use for - signing/verifying. - - - - - - - The password to the KeyPair to use for - signing/verifying. - - - - - - - - - Configures an ECDSA signer. - - - - - - - - The reference to the bean that defines the - KeyStore. - - - - - - - The alias to the KeyPair to use for - signing/verifying. - - - - - - - The password to the KeyPair to use for - signing/verifying. - - - - - - - - - Configures an HMAC signer. - - - - - - - - The passphrase used for signing/verifying. - - - - - - - - - - - \ No newline at end of file diff --git a/openid-connect-server/src/main/webapp/WEB-INF/views/oauth/approve.jsp b/openid-connect-server/src/main/webapp/WEB-INF/views/oauth/approve.jsp index 907088ae0..8c4bbe13d 100644 --- a/openid-connect-server/src/main/webapp/WEB-INF/views/oauth/approve.jsp +++ b/openid-connect-server/src/main/webapp/WEB-INF/views/oauth/approve.jsp @@ -37,21 +37,27 @@ " to sign you into their site using your identity? - more information - +

-

+

+
+ + Redirect URI: + +
@@ -81,10 +87,6 @@ class="btn btn-secondary btn-large"/>
- - Redirect URI: - - diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/repository/AddressRepositoryTest.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/repository/AddressRepositoryTest.java deleted file mode 100644 index 2cac386bc..000000000 --- a/openid-connect-server/src/test/java/org/mitre/openid/connect/repository/AddressRepositoryTest.java +++ /dev/null @@ -1,158 +0,0 @@ -/******************************************************************************* - * Copyright 2012 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - ******************************************************************************/ -package org.mitre.openid.connect.repository; - -import static org.hamcrest.CoreMatchers.equalTo; -import static org.hamcrest.CoreMatchers.is; -import static org.hamcrest.CoreMatchers.not; -import static org.hamcrest.CoreMatchers.nullValue; -import static org.hamcrest.CoreMatchers.sameInstance; -import static org.junit.Assert.assertThat; - -import javax.persistence.EntityManager; -import javax.persistence.PersistenceContext; - -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mitre.openid.connect.model.Address; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.test.annotation.Rollback; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; -import org.springframework.transaction.annotation.Transactional; - -/** - * AddressRepository unit test - * - * @author Michael Joseph Walsh - * - */ -@Transactional -@RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration(locations={"file:src/main/webapp/WEB-INF/application-context.xml", "classpath:test-context.xml"}) -public class AddressRepositoryTest { - - @Autowired - private AddressRepository repository; - - @PersistenceContext - private EntityManager sharedManager; - - private Address address1; - private Address address2; - - @Before - public void setup() { - //Use existing test-data.sql - address1 = new Address(); - address1.setId(1L); - // too lazy to create formatted... - address1.setStreetAddress("7443 Et Road"); - address1.setLocality("Pass Christian"); - address1.setRegion("ID"); - address1.setPostalCode("16183"); - address1.setCountry("Jordan"); - - address2 = new Address(); - address2.setId(2L); - address2.setStreetAddress("P.O. Box 893, 2523 Felis Rd."); - address2.setLocality("New Kensington"); - address2.setRegion("NT"); - address2.setPostalCode("I5V 3Z7"); - address2.setCountry("Israel"); - } - - @Test - public void getById_valid() { - Address retrieved = repository.getById(1L); - assertThat(retrieved, is(not(nullValue()))); - assertThat(retrieved.getId(), equalTo(address1.getId())); - } - - @Test - public void getById_invalid() { - Address nullAddress = repository.getById(42L); - assertThat(nullAddress, is(nullValue())); - } - - @Test - @Rollback - public void save_validNew() { - // See: http://openid.net/specs/openid-connect-basic-1_0.html#address_claim - Address newAddress = new Address(); - newAddress.setStreetAddress("P.O. Box 517, 8158 Elementum Rd."); - newAddress.setLocality("Whittier"); - newAddress.setRegion("YT"); - newAddress.setPostalCode("U6Q 3F2"); - newAddress.setCountry("Cyprus"); - - Address saved = repository.save(newAddress); - sharedManager.flush(); - - assertThat(saved, is(sameInstance(newAddress))); - assertThat(saved.getId(), not(nullValue())); - } - - @Test - @Rollback - public void save_validExisting() { - address1.setStreetAddress("A New address"); - - Address saved = repository.save(address1); - - assertThat(saved, not(nullValue())); - assertThat(saved.getId(), equalTo(address1.getId())); - assertThat(saved.getStreetAddress(), equalTo(address1.getStreetAddress())); - } - - @Test - @Rollback - public void remove_valid() { - - Address managed = repository.getById((address1.getId())); - - repository.remove(managed); - - Address nullAddress = repository.getById(address1.getId()); - - assertThat(nullAddress, is(nullValue())); - } - - @Test(expected = IllegalArgumentException.class) - public void remove_invalid() { - Address doesNotExist = new Address(); - doesNotExist.setId(42L); - - repository.remove(doesNotExist); - } - - @Test - @Rollback - public void removeById_valid() { - repository.removeById(address1.getId()); - - Address nullagg = repository.getById(address1.getId()); - - assertThat(nullagg, is(nullValue())); - } - - @Test(expected = IllegalArgumentException.class) - public void removeById_invalid() { - - repository.removeById(42L); - } -} diff --git a/openid-connect-server/src/test/java/org/mitre/openid/connect/repository/EventRepositoryTest.java b/openid-connect-server/src/test/java/org/mitre/openid/connect/repository/EventRepositoryTest.java deleted file mode 100644 index d5040c57e..000000000 --- a/openid-connect-server/src/test/java/org/mitre/openid/connect/repository/EventRepositoryTest.java +++ /dev/null @@ -1,166 +0,0 @@ -/******************************************************************************* - * Copyright 2012 The MITRE Corporation - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - ******************************************************************************/ -package org.mitre.openid.connect.repository; - -import static org.hamcrest.CoreMatchers.equalTo; -import static org.hamcrest.CoreMatchers.is; -import static org.hamcrest.CoreMatchers.not; -import static org.hamcrest.CoreMatchers.nullValue; -import static org.hamcrest.CoreMatchers.sameInstance; -import static org.junit.Assert.assertThat; -import static org.junit.Assert.fail; - -import java.util.Date; -import java.util.List; - -import javax.persistence.EntityManager; -import javax.persistence.PersistenceContext; - -import org.junit.Before; -import org.junit.Test; -import org.junit.runner.RunWith; -import org.mitre.openid.connect.model.Event; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.test.annotation.Rollback; -import org.springframework.test.context.ContextConfiguration; -import org.springframework.test.context.junit4.SpringJUnit4ClassRunner; -import org.springframework.transaction.annotation.Transactional; - -import com.google.common.collect.Lists; - -/** - * EventRepository unit test - * - * @author Michael Joseph Walsh - * - */ -@Transactional -@RunWith(SpringJUnit4ClassRunner.class) -@ContextConfiguration(locations={"file:src/main/webapp/WEB-INF/application-context.xml", "classpath:test-context.xml"}) -public class EventRepositoryTest { - - @Autowired - private EventRepository repository; - - @PersistenceContext - private EntityManager sharedManager; - - private Event event1; - private Event event2; - - @Before - public void setup() { - //Use existing test-data.sql - event1 = new Event(); - event1.setId(1L); - event1.setType(Event.EventType.LOGIN); - event1.setTimestamp(new Date(86400000*5)); // 1 day = 86 400 000 milliseconds - - event2 = new Event(); - event2.setId(2L); - event2.setType(Event.EventType.AUTHORIZATION); - event2.setTimestamp(new Date(86400000*10)); - } - - @Test - public void getById_valid() { - Event retrieved = repository.getById(1L); - assertThat(retrieved, is(not(nullValue()))); - assertThat(retrieved.getId(), equalTo(event1.getId())); - } - - @Test - public void getById_invalid() { - Event nullAddress = repository.getById(42L); - assertThat(nullAddress, is(nullValue())); - } - - @Test - public void getEventsDuringPeriod() { - List allEvents = Lists.newArrayList(event1, event2); - - List retrieved = (List) repository.getEventsDuringPeriod(new Date(0L), new Date(86400000*11), 0, 10); - - if (allEvents.size() != retrieved.size()) { - fail("Retrieved and expected are not of equal size!"); - } - } - - @Test - @Rollback - public void save_validNew() { - - Event newEvent = new Event(); - newEvent.setType(Event.EventType.LOGIN); - newEvent.setTimestamp(new Date()); - - Event saved = repository.save(newEvent); - sharedManager.flush(); - - assertThat(saved, is(sameInstance(newEvent))); - assertThat(saved.getId(), not(nullValue())); - } - - @Test - @Rollback - public void save_validExisting() { - event1.setType(Event.EventType.ACCESS); - - Event saved = repository.save(event1); - - assertThat(saved, not(nullValue())); - assertThat(saved.getId(), equalTo(event1.getId())); - assertThat(saved.getType(), equalTo(event1.getType())); - } - - @Test - @Rollback - public void remove_valid() { - - Event managed = repository.getById((event1.getId())); - - repository.remove(managed); - - Event nullAddress = repository.getById(event1.getId()); - - assertThat(nullAddress, is(nullValue())); - } - - @Test(expected = IllegalArgumentException.class) - public void remove_invalid() { - Event doesNotExist = new Event(); - doesNotExist.setId(42L); - - repository.remove(doesNotExist); - } - - @Test - @Rollback - public void removeById_valid() { - repository.removeById(event1.getId()); - - Event nullagg = repository.getById(event1.getId()); - - assertThat(nullagg, is(nullValue())); - } - - @Test(expected = IllegalArgumentException.class) - public void removeById_invalid() { - - repository.removeById(42L); - } - -}