cleaned up old code
parent
40f39a18e0
commit
d07667576e
|
@ -1,22 +0,0 @@
|
||||||
/*******************************************************************************
|
|
||||||
* Copyright 2012 The MITRE Corporation
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
******************************************************************************/
|
|
||||||
package org.mitre.oauth2.model;
|
|
||||||
|
|
||||||
public interface OAuth2AccessTokenEntityFactory {
|
|
||||||
|
|
||||||
public OAuth2AccessTokenEntity createNewAccessToken();
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,22 +0,0 @@
|
||||||
/*******************************************************************************
|
|
||||||
* Copyright 2012 The MITRE Corporation
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
******************************************************************************/
|
|
||||||
package org.mitre.oauth2.model;
|
|
||||||
|
|
||||||
public interface OAuth2RefreshTokenEntityFactory {
|
|
||||||
|
|
||||||
public OAuth2RefreshTokenEntity createNewRefreshToken();
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,54 +0,0 @@
|
||||||
/*******************************************************************************
|
|
||||||
* Copyright 2012 The MITRE Corporation
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
******************************************************************************/
|
|
||||||
package org.mitre.oauth2.model;
|
|
||||||
|
|
||||||
import java.util.UUID;
|
|
||||||
|
|
||||||
import org.springframework.stereotype.Service;
|
|
||||||
|
|
||||||
@Service
|
|
||||||
public class UUIDTokenFactory implements OAuth2AccessTokenEntityFactory, OAuth2RefreshTokenEntityFactory {
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Create a new access token and set its value to a random UUID
|
|
||||||
*/
|
|
||||||
@Override
|
|
||||||
public OAuth2AccessTokenEntity createNewAccessToken() {
|
|
||||||
// create our token container
|
|
||||||
OAuth2AccessTokenEntity token = new OAuth2AccessTokenEntity();
|
|
||||||
|
|
||||||
// set a random value (TODO: support JWT)
|
|
||||||
String tokenValue = UUID.randomUUID().toString();
|
|
||||||
token.setValue(tokenValue);
|
|
||||||
|
|
||||||
return token;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Create a new refresh token and set its value to a random UUID
|
|
||||||
*/
|
|
||||||
@Override
|
|
||||||
public OAuth2RefreshTokenEntity createNewRefreshToken() {
|
|
||||||
OAuth2RefreshTokenEntity refreshToken = new OAuth2RefreshTokenEntity();
|
|
||||||
|
|
||||||
// set a random value for the refresh
|
|
||||||
String refreshTokenValue = UUID.randomUUID().toString();
|
|
||||||
refreshToken.setValue(refreshTokenValue);
|
|
||||||
|
|
||||||
return refreshToken;
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
|
@ -21,13 +21,10 @@ package org.mitre.oauth2.service.impl;
|
||||||
import java.util.Date;
|
import java.util.Date;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
import java.util.UUID;
|
|
||||||
|
|
||||||
import org.mitre.oauth2.model.ClientDetailsEntity;
|
import org.mitre.oauth2.model.ClientDetailsEntity;
|
||||||
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
|
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
|
||||||
import org.mitre.oauth2.model.OAuth2AccessTokenEntityFactory;
|
|
||||||
import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
|
import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
|
||||||
import org.mitre.oauth2.model.OAuth2RefreshTokenEntityFactory;
|
|
||||||
import org.mitre.oauth2.repository.OAuth2TokenRepository;
|
import org.mitre.oauth2.repository.OAuth2TokenRepository;
|
||||||
import org.mitre.oauth2.service.ClientDetailsEntityService;
|
import org.mitre.oauth2.service.ClientDetailsEntityService;
|
||||||
import org.mitre.oauth2.service.OAuth2TokenEntityService;
|
import org.mitre.oauth2.service.OAuth2TokenEntityService;
|
||||||
|
@ -37,7 +34,6 @@ import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.scheduling.annotation.Scheduled;
|
import org.springframework.scheduling.annotation.Scheduled;
|
||||||
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
|
import org.springframework.security.authentication.AuthenticationCredentialsNotFoundException;
|
||||||
import org.springframework.security.core.AuthenticationException;
|
import org.springframework.security.core.AuthenticationException;
|
||||||
import org.springframework.security.oauth2.common.OAuth2AccessToken;
|
|
||||||
import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
|
import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
|
||||||
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
|
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
|
||||||
import org.springframework.security.oauth2.provider.AuthorizationRequest;
|
import org.springframework.security.oauth2.provider.AuthorizationRequest;
|
||||||
|
|
|
@ -1,81 +0,0 @@
|
||||||
/*******************************************************************************
|
|
||||||
* Copyright 2012 The MITRE Corporation
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
******************************************************************************/
|
|
||||||
package org.mitre.oauth2.view;
|
|
||||||
|
|
||||||
import java.io.Writer;
|
|
||||||
import java.lang.reflect.Type;
|
|
||||||
import java.util.Map;
|
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
import javax.servlet.http.HttpServletResponse;
|
|
||||||
|
|
||||||
import org.springframework.security.core.GrantedAuthority;
|
|
||||||
import org.springframework.validation.BeanPropertyBindingResult;
|
|
||||||
import org.springframework.web.servlet.view.AbstractView;
|
|
||||||
|
|
||||||
import com.google.gson.ExclusionStrategy;
|
|
||||||
import com.google.gson.FieldAttributes;
|
|
||||||
import com.google.gson.Gson;
|
|
||||||
import com.google.gson.GsonBuilder;
|
|
||||||
import com.google.gson.JsonElement;
|
|
||||||
import com.google.gson.JsonPrimitive;
|
|
||||||
import com.google.gson.JsonSerializationContext;
|
|
||||||
import com.google.gson.JsonSerializer;
|
|
||||||
|
|
||||||
public class JSONOAuthClientView extends AbstractView {
|
|
||||||
|
|
||||||
@Override
|
|
||||||
protected void renderMergedOutputModel(Map<String, Object> model, HttpServletRequest request, HttpServletResponse response) throws Exception {
|
|
||||||
Gson gson = new GsonBuilder().setExclusionStrategies(new ExclusionStrategy() {
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public boolean shouldSkipField(FieldAttributes f) {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public boolean shouldSkipClass(Class<?> clazz) {
|
|
||||||
// skip the JPA binding wrapper
|
|
||||||
if (clazz.equals(BeanPropertyBindingResult.class)) {
|
|
||||||
return true;
|
|
||||||
} else {
|
|
||||||
return false;
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
})
|
|
||||||
.registerTypeAdapter(GrantedAuthority.class, new JsonSerializer<GrantedAuthority>() {
|
|
||||||
@Override
|
|
||||||
public JsonElement serialize(GrantedAuthority src, Type typeOfSrc, JsonSerializationContext context) {
|
|
||||||
return new JsonPrimitive(src.getAuthority());
|
|
||||||
}
|
|
||||||
})
|
|
||||||
.create();
|
|
||||||
|
|
||||||
response.setContentType("application/json");
|
|
||||||
|
|
||||||
Writer out = response.getWriter();
|
|
||||||
|
|
||||||
Object obj = model.get("entity");
|
|
||||||
if (obj == null) {
|
|
||||||
obj = model;
|
|
||||||
}
|
|
||||||
|
|
||||||
gson.toJson(obj, out);
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,220 +0,0 @@
|
||||||
/*******************************************************************************
|
|
||||||
* Copyright 2012 The MITRE Corporation
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
******************************************************************************/
|
|
||||||
package org.mitre.oauth2.web;
|
|
||||||
|
|
||||||
import java.util.Collection;
|
|
||||||
import java.util.HashSet;
|
|
||||||
import java.util.Set;
|
|
||||||
|
|
||||||
import org.mitre.oauth2.exception.ClientNotFoundException;
|
|
||||||
import org.mitre.oauth2.exception.DuplicateClientIdException;
|
|
||||||
import org.mitre.oauth2.model.ClientDetailsEntity;
|
|
||||||
import org.mitre.oauth2.service.ClientDetailsEntityService;
|
|
||||||
import org.slf4j.Logger;
|
|
||||||
import org.slf4j.LoggerFactory;
|
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
|
||||||
import org.springframework.security.access.prepost.PreAuthorize;
|
|
||||||
import org.springframework.security.core.GrantedAuthority;
|
|
||||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
|
||||||
import org.springframework.stereotype.Controller;
|
|
||||||
import org.springframework.web.bind.annotation.RequestMapping;
|
|
||||||
import org.springframework.web.bind.annotation.RequestParam;
|
|
||||||
import org.springframework.web.servlet.ModelAndView;
|
|
||||||
|
|
||||||
import com.google.common.base.Function;
|
|
||||||
import com.google.common.base.Splitter;
|
|
||||||
import com.google.common.collect.Iterables;
|
|
||||||
import com.google.common.collect.Sets;
|
|
||||||
|
|
||||||
@Controller
|
|
||||||
@RequestMapping("/manager/oauth/clients/api")
|
|
||||||
public class OAuthClientAPI {
|
|
||||||
|
|
||||||
@Autowired
|
|
||||||
private ClientDetailsEntityService clientService;
|
|
||||||
|
|
||||||
private static final Logger logger = LoggerFactory.getLogger(OAuthClientAPI.class);
|
|
||||||
|
|
||||||
public OAuthClientAPI() {
|
|
||||||
|
|
||||||
}
|
|
||||||
|
|
||||||
public OAuthClientAPI(ClientDetailsEntityService clientService) {
|
|
||||||
this.clientService = clientService;
|
|
||||||
}
|
|
||||||
|
|
||||||
// TODO: i think this needs a fancier binding than just strings on the way in
|
|
||||||
@PreAuthorize("hasRole('ROLE_ADMIN')")
|
|
||||||
@RequestMapping("/add")
|
|
||||||
public ModelAndView apiAddClient(ModelAndView modelAndView,
|
|
||||||
@RequestParam String clientId, @RequestParam String clientSecret,
|
|
||||||
@RequestParam String scope, // space delimited
|
|
||||||
@RequestParam String grantTypes, // space delimited
|
|
||||||
@RequestParam(required=false) String redirectUri,
|
|
||||||
@RequestParam String authorities, // space delimited
|
|
||||||
@RequestParam(required=false) String resourceIds, // space delimited
|
|
||||||
@RequestParam(required=false) String name,
|
|
||||||
@RequestParam(required=false) String description,
|
|
||||||
@RequestParam(required=false, defaultValue="false") boolean allowRefresh,
|
|
||||||
@RequestParam(required=false) Integer accessTokenTimeout,
|
|
||||||
@RequestParam(required=false) Integer refreshTokenTimeout,
|
|
||||||
@RequestParam(required=false) String owner
|
|
||||||
) {
|
|
||||||
logger.info("apiAddClient - start");
|
|
||||||
ClientDetailsEntity oldClient = clientService.loadClientByClientId(clientId);
|
|
||||||
if (oldClient != null) {
|
|
||||||
throw new DuplicateClientIdException(clientId);
|
|
||||||
}
|
|
||||||
|
|
||||||
Splitter spaceDelimited = Splitter.on(" ");
|
|
||||||
// parse all of our space-delimited lists
|
|
||||||
Set<String> scopeSet = Sets.newHashSet(spaceDelimited.split(scope));
|
|
||||||
Set<String> grantTypesSet = Sets.newHashSet(spaceDelimited.split(grantTypes)); // TODO: make a stronger binding to GrantTypes
|
|
||||||
logger.info("apiAddClient - before creating authorities list");
|
|
||||||
Set<GrantedAuthority> authoritiesSet = Sets.newHashSet(
|
|
||||||
Iterables.transform(spaceDelimited.split(authorities), new Function<String, GrantedAuthority>() {
|
|
||||||
@Override
|
|
||||||
public GrantedAuthority apply(String auth) {
|
|
||||||
return new SimpleGrantedAuthority(auth);
|
|
||||||
}
|
|
||||||
}));
|
|
||||||
logger.info("apiAddClient - printing client details");
|
|
||||||
logger.info("Making call to create client with " + clientId + ", " + clientSecret
|
|
||||||
+ ", " + scopeSet + ", " + grantTypesSet + ", " + redirectUri + ", "
|
|
||||||
+ authoritiesSet + ", " + name + ", " + description + ", " + allowRefresh
|
|
||||||
+ ", " + accessTokenTimeout + ", " + refreshTokenTimeout + ", " + owner);
|
|
||||||
|
|
||||||
Set<String> resourceIdSet = Sets.newHashSet(spaceDelimited.split(resourceIds));
|
|
||||||
|
|
||||||
ClientDetailsEntity client = clientService.createClient(clientId, clientSecret,
|
|
||||||
scopeSet, grantTypesSet, redirectUri, authoritiesSet, resourceIdSet, name, description,
|
|
||||||
allowRefresh, accessTokenTimeout, refreshTokenTimeout, owner);
|
|
||||||
logger.info("apiAddClient - adding model objects");
|
|
||||||
modelAndView.addObject("entity", client);
|
|
||||||
modelAndView.setViewName("jsonOAuthClientView");
|
|
||||||
logger.info("apiAddClient - end");
|
|
||||||
return modelAndView;
|
|
||||||
}
|
|
||||||
|
|
||||||
@PreAuthorize("hasRole('ROLE_ADMIN')")
|
|
||||||
@RequestMapping("/delete")
|
|
||||||
public ModelAndView apiDeleteClient(ModelAndView modelAndView,
|
|
||||||
@RequestParam String clientId) {
|
|
||||||
|
|
||||||
ClientDetailsEntity client = clientService.loadClientByClientId(clientId);
|
|
||||||
|
|
||||||
if (client == null) {
|
|
||||||
throw new ClientNotFoundException("Client not found: " + clientId);
|
|
||||||
}
|
|
||||||
|
|
||||||
clientService.deleteClient(client);
|
|
||||||
|
|
||||||
modelAndView.setViewName("management/successfullyRemoved");
|
|
||||||
return modelAndView;
|
|
||||||
}
|
|
||||||
|
|
||||||
// TODO: the serializtion of this falls over, don't know why
|
|
||||||
@PreAuthorize("hasRole('ROLE_ADMIN')")
|
|
||||||
@RequestMapping("/getAll")
|
|
||||||
public ModelAndView apiGetAllClients(ModelAndView modelAndView) {
|
|
||||||
|
|
||||||
Collection<ClientDetailsEntity> clients = clientService.getAllClients();
|
|
||||||
modelAndView.addObject("entity", clients);
|
|
||||||
modelAndView.setViewName("jsonOAuthClientView");
|
|
||||||
|
|
||||||
return modelAndView;
|
|
||||||
}
|
|
||||||
|
|
||||||
@PreAuthorize("hasRole('ROLE_ADMIN')")
|
|
||||||
@RequestMapping("/update")
|
|
||||||
public ModelAndView apiUpdateClient(ModelAndView modelAndView,
|
|
||||||
@RequestParam String clientId, @RequestParam String clientSecret,
|
|
||||||
@RequestParam String scope, // space delimited
|
|
||||||
@RequestParam String grantTypes, // space delimited
|
|
||||||
@RequestParam(required=false) String redirectUri,
|
|
||||||
@RequestParam String authorities, // space delimited
|
|
||||||
@RequestParam(required=false) String resourceIds, // space delimited
|
|
||||||
@RequestParam(required=false) String name,
|
|
||||||
@RequestParam(required=false) String description,
|
|
||||||
@RequestParam(required=false, defaultValue="false") boolean allowRefresh,
|
|
||||||
@RequestParam(required=false) Integer accessTokenTimeout,
|
|
||||||
@RequestParam(required=false) Integer refreshTokenTimeout,
|
|
||||||
@RequestParam(required=false) String owner
|
|
||||||
) {
|
|
||||||
ClientDetailsEntity client = clientService.loadClientByClientId(clientId);
|
|
||||||
|
|
||||||
if (client == null) {
|
|
||||||
throw new ClientNotFoundException("Client not found: " + clientId);
|
|
||||||
}
|
|
||||||
|
|
||||||
Splitter spaceDelimited = Splitter.on(" ");
|
|
||||||
// parse all of our space-delimited lists
|
|
||||||
Set<String> scopeSet = Sets.newHashSet(spaceDelimited.split(scope));
|
|
||||||
Set<String> grantTypesSet = Sets.newHashSet(spaceDelimited.split(grantTypes)); // TODO: make a stronger binding to GrantTypes
|
|
||||||
Set<GrantedAuthority> authoritiesSet = Sets.newHashSet(
|
|
||||||
Iterables.transform(spaceDelimited.split(authorities), new Function<String, GrantedAuthority>() {
|
|
||||||
@Override
|
|
||||||
public GrantedAuthority apply(String auth) {
|
|
||||||
return new SimpleGrantedAuthority(auth);
|
|
||||||
}
|
|
||||||
}));
|
|
||||||
Set<String> resourceIdSet = Sets.newHashSet(spaceDelimited.split(resourceIds));
|
|
||||||
|
|
||||||
|
|
||||||
client.setClientSecret(clientSecret);
|
|
||||||
client.setScope(scopeSet);
|
|
||||||
client.setAuthorizedGrantTypes(grantTypesSet);
|
|
||||||
|
|
||||||
//AANGANES 4/9/2012 client.redirectUri is now a Set<String>
|
|
||||||
Set<String> redirectUris = new HashSet<String>();
|
|
||||||
redirectUris.add(redirectUri);
|
|
||||||
|
|
||||||
client.setRegisteredRedirectUri(redirectUris);
|
|
||||||
client.setAuthorities(authoritiesSet);
|
|
||||||
client.setResourceIds(resourceIdSet);
|
|
||||||
client.setClientName(name);
|
|
||||||
client.setClientDescription(description);
|
|
||||||
client.setAllowRefresh(allowRefresh);
|
|
||||||
client.setAccessTokenValiditySeconds(accessTokenTimeout);
|
|
||||||
client.setRefreshTokenValiditySeconds(refreshTokenTimeout);
|
|
||||||
client.setOwner(owner);
|
|
||||||
|
|
||||||
clientService.updateClient(client, client);
|
|
||||||
|
|
||||||
modelAndView.addObject("entity", client);
|
|
||||||
modelAndView.setViewName("jsonOAuthClientView");
|
|
||||||
|
|
||||||
return modelAndView;
|
|
||||||
}
|
|
||||||
|
|
||||||
@PreAuthorize("hasRole('ROLE_ADMIN')")
|
|
||||||
@RequestMapping("/getById")
|
|
||||||
public ModelAndView getClientById(ModelAndView modelAndView,
|
|
||||||
@RequestParam String clientId) {
|
|
||||||
|
|
||||||
ClientDetailsEntity client = clientService.loadClientByClientId(clientId);
|
|
||||||
|
|
||||||
if (client == null) {
|
|
||||||
throw new ClientNotFoundException("Client not found: " + clientId);
|
|
||||||
}
|
|
||||||
|
|
||||||
modelAndView.addObject("entity", client);
|
|
||||||
modelAndView.setViewName("jsonOAuthClientView");
|
|
||||||
|
|
||||||
return modelAndView;
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,181 +0,0 @@
|
||||||
/*******************************************************************************
|
|
||||||
* Copyright 2012 The MITRE Corporation
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
******************************************************************************/
|
|
||||||
/**
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
package org.mitre.oauth2.web;
|
|
||||||
|
|
||||||
import java.util.Collection;
|
|
||||||
import java.util.List;
|
|
||||||
import java.util.Set;
|
|
||||||
|
|
||||||
import org.mitre.oauth2.model.ClientDetailsEntity;
|
|
||||||
import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
|
|
||||||
import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
|
|
||||||
import org.mitre.oauth2.service.ClientDetailsEntityService;
|
|
||||||
import org.mitre.oauth2.service.OAuth2TokenEntityService;
|
|
||||||
import org.slf4j.Logger;
|
|
||||||
import org.slf4j.LoggerFactory;
|
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
|
||||||
import org.springframework.security.access.prepost.PreAuthorize;
|
|
||||||
import org.springframework.security.core.Authentication;
|
|
||||||
import org.springframework.security.core.GrantedAuthority;
|
|
||||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
|
||||||
import org.springframework.security.core.context.SecurityContextHolder;
|
|
||||||
import org.springframework.security.oauth2.provider.AuthorizationRequest;
|
|
||||||
import org.springframework.security.oauth2.provider.OAuth2Authentication;
|
|
||||||
import org.springframework.stereotype.Controller;
|
|
||||||
import org.springframework.web.bind.annotation.PathVariable;
|
|
||||||
import org.springframework.web.bind.annotation.RequestMapping;
|
|
||||||
import org.springframework.web.servlet.ModelAndView;
|
|
||||||
|
|
||||||
import com.google.common.collect.Sets;
|
|
||||||
|
|
||||||
|
|
||||||
/**
|
|
||||||
*
|
|
||||||
* Endpoint for managing OAuth2 clients
|
|
||||||
*
|
|
||||||
* @author jricher
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
@Controller
|
|
||||||
@RequestMapping("/manager/oauth/clients")
|
|
||||||
public class OAuthClientController {
|
|
||||||
|
|
||||||
private final static Set<String> GRANT_TYPES = Sets.newHashSet("authorization_code", "client_credentials", "password", "implicit");
|
|
||||||
|
|
||||||
@Autowired
|
|
||||||
private ClientDetailsEntityService clientService;
|
|
||||||
|
|
||||||
@Autowired
|
|
||||||
private OAuth2TokenEntityService tokenService;
|
|
||||||
|
|
||||||
private Logger logger;
|
|
||||||
|
|
||||||
public OAuthClientController() {
|
|
||||||
logger = LoggerFactory.getLogger(this.getClass());
|
|
||||||
}
|
|
||||||
|
|
||||||
public OAuthClientController(ClientDetailsEntityService clientService, OAuth2TokenEntityService tokenService) {
|
|
||||||
this.clientService = clientService;
|
|
||||||
this.tokenService = tokenService;
|
|
||||||
logger = LoggerFactory.getLogger(this.getClass());
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Redirect to the "/" version of the root
|
|
||||||
* @param modelAndView
|
|
||||||
* @return
|
|
||||||
*/
|
|
||||||
@RequestMapping("")
|
|
||||||
public ModelAndView redirectRoot(ModelAndView modelAndView) {
|
|
||||||
modelAndView.setViewName("redirect:/manager/oauth/clients/");
|
|
||||||
return modelAndView;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
|
||||||
* View all clients
|
|
||||||
* @param modelAndView
|
|
||||||
* @return
|
|
||||||
*/
|
|
||||||
@PreAuthorize("hasRole('ROLE_ADMIN')")
|
|
||||||
@RequestMapping("/")
|
|
||||||
public ModelAndView viewAllClients(ModelAndView modelAndView) {
|
|
||||||
Authentication auth = SecurityContextHolder.getContext().getAuthentication();
|
|
||||||
//ClientAuthenticationToken clientAuth = (ClientAuthenticationToken) ((OAuth2Authentication) auth).getClientAuthentication();
|
|
||||||
AuthorizationRequest clientAuth = ((OAuth2Authentication) auth).getAuthorizationRequest();
|
|
||||||
|
|
||||||
logger.info("Client auth = " + clientAuth);
|
|
||||||
logger.info("Granted authorities = " + clientAuth.getAuthorities().toString());
|
|
||||||
|
|
||||||
Collection<ClientDetailsEntity> clients = clientService.getAllClients();
|
|
||||||
modelAndView.addObject("clients", clients);
|
|
||||||
modelAndView.setViewName("/management/oauth/clientIndex");
|
|
||||||
|
|
||||||
return modelAndView;
|
|
||||||
}
|
|
||||||
|
|
||||||
@PreAuthorize("hasRole('ROLE_ADMIN')")
|
|
||||||
@RequestMapping("/add")
|
|
||||||
public ModelAndView redirectAdd(ModelAndView modelAndView) {
|
|
||||||
modelAndView.setViewName("redirect:/manager/oauth/clients/add/");
|
|
||||||
return modelAndView;
|
|
||||||
}
|
|
||||||
|
|
||||||
@PreAuthorize("hasRole('ROLE_ADMIN')")
|
|
||||||
@RequestMapping("/add/")
|
|
||||||
public ModelAndView addClientPage(ModelAndView modelAndView) {
|
|
||||||
|
|
||||||
Set<GrantedAuthority> auth = Sets.newHashSet();
|
|
||||||
auth.add(new SimpleGrantedAuthority("ROLE_CLIENT"));
|
|
||||||
|
|
||||||
ClientDetailsEntity client = ClientDetailsEntity.makeBuilder()
|
|
||||||
.setScope(Sets.newHashSet("scope"))
|
|
||||||
.setAuthorities(auth) // why do we have to pull this into a separate list?
|
|
||||||
.setAuthorizedGrantTypes(Sets.newHashSet("authorization_code"))
|
|
||||||
.finish();
|
|
||||||
modelAndView.addObject("availableGrantTypes", GRANT_TYPES);
|
|
||||||
modelAndView.addObject("client", client);
|
|
||||||
|
|
||||||
modelAndView.setViewName("/management/oauth/editClient");
|
|
||||||
return modelAndView;
|
|
||||||
}
|
|
||||||
|
|
||||||
@PreAuthorize("hasRole('ROLE_ADMIN')")
|
|
||||||
@RequestMapping("/delete/{clientId}")
|
|
||||||
public ModelAndView deleteClientConfirmation(ModelAndView modelAndView,
|
|
||||||
@PathVariable String clientId) {
|
|
||||||
|
|
||||||
ClientDetailsEntity client = clientService.loadClientByClientId(clientId);
|
|
||||||
modelAndView.addObject("client", client);
|
|
||||||
modelAndView.setViewName("/management/oauth/deleteClientConfirm");
|
|
||||||
|
|
||||||
return modelAndView;
|
|
||||||
}
|
|
||||||
|
|
||||||
@PreAuthorize("hasRole('ROLE_ADMIN')")
|
|
||||||
@RequestMapping("/edit/{clientId}")
|
|
||||||
public ModelAndView editClientPage(ModelAndView modelAndView,
|
|
||||||
@PathVariable String clientId) {
|
|
||||||
|
|
||||||
ClientDetailsEntity client = clientService.loadClientByClientId(clientId);
|
|
||||||
|
|
||||||
modelAndView.addObject("availableGrantTypes", GRANT_TYPES);
|
|
||||||
modelAndView.addObject("client", client);
|
|
||||||
modelAndView.setViewName("/management/oauth/editClient");
|
|
||||||
|
|
||||||
return modelAndView;
|
|
||||||
}
|
|
||||||
|
|
||||||
@PreAuthorize("hasRole('ROLE_ADMIN')")
|
|
||||||
@RequestMapping("/view/{clientId}")
|
|
||||||
public ModelAndView viewClientDetails(ModelAndView modelAndView,
|
|
||||||
@PathVariable String clientId) {
|
|
||||||
|
|
||||||
ClientDetailsEntity client = clientService.loadClientByClientId(clientId);
|
|
||||||
|
|
||||||
List<OAuth2AccessTokenEntity> accessTokens = tokenService.getAccessTokensForClient(client);
|
|
||||||
List<OAuth2RefreshTokenEntity> refreshTokens = tokenService.getRefreshTokensForClient(client);
|
|
||||||
|
|
||||||
modelAndView.addObject("client", client);
|
|
||||||
modelAndView.addObject("accessTokens", accessTokens);
|
|
||||||
modelAndView.addObject("refreshTokens", refreshTokens);
|
|
||||||
|
|
||||||
modelAndView.setViewName("/management/oauth/viewClient");
|
|
||||||
return modelAndView;
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -53,18 +53,17 @@ public class OAuthConfirmationController {
|
||||||
|
|
||||||
//@PreAuthorize("hasRole('ROLE_USER')")
|
//@PreAuthorize("hasRole('ROLE_USER')")
|
||||||
@RequestMapping("/oauth/confirm_access")
|
@RequestMapping("/oauth/confirm_access")
|
||||||
public ModelAndView confimAccess(@ModelAttribute AuthorizationRequest clientAuth,
|
public ModelAndView confimAccess(@ModelAttribute AuthorizationRequest authRequest, ModelAndView modelAndView) {
|
||||||
ModelAndView modelAndView) {
|
|
||||||
|
|
||||||
ClientDetails client = clientService.loadClientByClientId(clientAuth.getClientId());
|
ClientDetails client = clientService.loadClientByClientId(authRequest.getClientId());
|
||||||
|
|
||||||
if (client == null) {
|
if (client == null) {
|
||||||
throw new ClientNotFoundException("Client not found: " + clientAuth.getClientId());
|
throw new ClientNotFoundException("Client not found: " + authRequest.getClientId());
|
||||||
}
|
}
|
||||||
|
|
||||||
String redirect_uri = clientAuth.getAuthorizationParameters().get("redirect_uri");
|
String redirect_uri = authRequest.getAuthorizationParameters().get("redirect_uri");
|
||||||
|
|
||||||
modelAndView.addObject("auth_request", clientAuth);
|
modelAndView.addObject("auth_request", authRequest);
|
||||||
modelAndView.addObject("client", client);
|
modelAndView.addObject("client", client);
|
||||||
modelAndView.addObject("redirect_uri", redirect_uri);
|
modelAndView.addObject("redirect_uri", redirect_uri);
|
||||||
modelAndView.setViewName("oauth/approve");
|
modelAndView.setViewName("oauth/approve");
|
||||||
|
|
|
@ -1,92 +0,0 @@
|
||||||
/*******************************************************************************
|
|
||||||
* Copyright 2012 The MITRE Corporation
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
******************************************************************************/
|
|
||||||
package org.mitre.openid.connect.web;
|
|
||||||
|
|
||||||
import java.security.NoSuchAlgorithmException;
|
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
|
||||||
|
|
||||||
import org.mitre.jwt.signer.service.JwtSigningAndValidationService;
|
|
||||||
import org.mitre.openid.connect.config.ConfigurationPropertiesBean;
|
|
||||||
import org.mitre.openid.connect.exception.ExpiredTokenException;
|
|
||||||
import org.mitre.openid.connect.exception.InvalidJwtIssuerException;
|
|
||||||
import org.mitre.openid.connect.exception.InvalidJwtSignatureException;
|
|
||||||
import org.mitre.openid.connect.model.IdToken;
|
|
||||||
import org.mitre.util.Utility;
|
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
|
||||||
import org.springframework.security.access.prepost.PreAuthorize;
|
|
||||||
import org.springframework.security.core.Authentication;
|
|
||||||
import org.springframework.security.core.context.SecurityContextHolder;
|
|
||||||
import org.springframework.stereotype.Controller;
|
|
||||||
import org.springframework.web.bind.annotation.RequestMapping;
|
|
||||||
import org.springframework.web.bind.annotation.RequestParam;
|
|
||||||
import org.springframework.web.servlet.ModelAndView;
|
|
||||||
|
|
||||||
@Controller
|
|
||||||
public class CheckIDEndpoint {
|
|
||||||
|
|
||||||
@Autowired
|
|
||||||
JwtSigningAndValidationService jwtSignerService;
|
|
||||||
|
|
||||||
@Autowired
|
|
||||||
private ConfigurationPropertiesBean configBean;
|
|
||||||
|
|
||||||
@PreAuthorize("hasRole('ROLE_USER')")
|
|
||||||
@RequestMapping("/checkid")
|
|
||||||
public ModelAndView checkID(@RequestParam("access_token") String tokenString, ModelAndView mav, HttpServletRequest request) {
|
|
||||||
|
|
||||||
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
|
|
||||||
|
|
||||||
if (!jwtSignerService.validateSignature(tokenString)) {
|
|
||||||
// can't validate
|
|
||||||
throw new InvalidJwtSignatureException("The Signature could not be validated.");
|
|
||||||
}
|
|
||||||
|
|
||||||
// it's a valid signature, parse the token
|
|
||||||
IdToken token = IdToken.parse(tokenString);
|
|
||||||
|
|
||||||
// check the expiration
|
|
||||||
if (jwtSignerService.isJwtExpired(token)) {
|
|
||||||
// token has expired
|
|
||||||
throw new ExpiredTokenException("The token has expired.");
|
|
||||||
}
|
|
||||||
|
|
||||||
// check the issuer (sanity check)
|
|
||||||
//if (!jwtSignerService.validateIssuedJwt(token, configBean.getIssuer())) {
|
|
||||||
// throw new InvalidJwtIssuerException("The JWT issuer is invalid.");
|
|
||||||
//}
|
|
||||||
|
|
||||||
// pass the claims directly (the view doesn't care about other fields)
|
|
||||||
return new ModelAndView("jsonIdTokenView", "entity", token.getClaims());
|
|
||||||
}
|
|
||||||
|
|
||||||
public JwtSigningAndValidationService getJwtSignerService() {
|
|
||||||
return jwtSignerService;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setJwtSignerService(JwtSigningAndValidationService jwtSignerService) {
|
|
||||||
this.jwtSignerService = jwtSignerService;
|
|
||||||
}
|
|
||||||
|
|
||||||
public ConfigurationPropertiesBean getConfigBean() {
|
|
||||||
return configBean;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setConfigBean(ConfigurationPropertiesBean configBean) {
|
|
||||||
this.configBean = configBean;
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
|
@ -25,16 +25,16 @@ import org.springframework.web.bind.annotation.RequestMapping;
|
||||||
|
|
||||||
@Controller
|
@Controller
|
||||||
@RequestMapping("/")
|
@RequestMapping("/")
|
||||||
@PreAuthorize("hasRole('ROLE_USER')")
|
@PreAuthorize("hasRole('ROLE_USER')") // TODO: this probably shouldn't be here
|
||||||
public class ManagerController {
|
public class ManagerController {
|
||||||
|
|
||||||
|
|
||||||
@RequestMapping({"", "/home", "/index"})
|
@RequestMapping({"", "home", "index"})
|
||||||
public String showHomePage() {
|
public String showHomePage() {
|
||||||
return "home";
|
return "home";
|
||||||
}
|
}
|
||||||
|
|
||||||
@RequestMapping("/admin/manage/")
|
@RequestMapping("admin/manage")
|
||||||
public String showClientManager() {
|
public String showClientManager() {
|
||||||
return "admin/manage";
|
return "admin/manage";
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,130 +0,0 @@
|
||||||
<?xml version="1.0" encoding="UTF-8"?>
|
|
||||||
<xsd:schema xmlns="http://www.mitre.org/schema/openid-connect/jwt-signer"
|
|
||||||
xmlns:xsd="http://www.w3.org/2001/XMLSchema" xmlns:beans="http://www.springframework.org/schema/beans"
|
|
||||||
targetNamespace="http://www.mitre.org/schema/openid-connect/jwt-signer"
|
|
||||||
elementFormDefault="qualified" attributeFormDefault="unqualified">
|
|
||||||
|
|
||||||
<xsd:import namespace="http://www.springframework.org/schema/beans" schemaLocation="http://www.springframework.org/schema/beans/spring-beans-3.1.xsd" />
|
|
||||||
|
|
||||||
<xsd:element name="keystore">
|
|
||||||
|
|
||||||
<xsd:annotation>
|
|
||||||
<xsd:documentation>
|
|
||||||
Describes the JCE KeyStore necessary for certain
|
|
||||||
signers.
|
|
||||||
</xsd:documentation>
|
|
||||||
</xsd:annotation>
|
|
||||||
|
|
||||||
<xsd:complexType>
|
|
||||||
<xsd:complexContent>
|
|
||||||
<xsd:extension base="beans:identifiedType">
|
|
||||||
<xsd:attribute name="location" type="xsd:string" use="required" />
|
|
||||||
<xsd:attribute name="password" type="xsd:string" />
|
|
||||||
</xsd:extension>
|
|
||||||
</xsd:complexContent>
|
|
||||||
</xsd:complexType>
|
|
||||||
</xsd:element>
|
|
||||||
|
|
||||||
<xsd:element name="service">
|
|
||||||
|
|
||||||
<xsd:annotation>
|
|
||||||
<xsd:documentation>
|
|
||||||
Configures the signer service with these signers.
|
|
||||||
</xsd:documentation>
|
|
||||||
</xsd:annotation>
|
|
||||||
|
|
||||||
<xsd:complexType>
|
|
||||||
<xsd:complexContent>
|
|
||||||
<xsd:extension base="beans:identifiedType">
|
|
||||||
<xsd:choice minOccurs="0" maxOccurs="unbounded">
|
|
||||||
<xsd:element name="rsa">
|
|
||||||
<xsd:annotation>
|
|
||||||
<xsd:documentation>
|
|
||||||
Configures an RSA signer.
|
|
||||||
</xsd:documentation>
|
|
||||||
</xsd:annotation>
|
|
||||||
<xsd:complexType>
|
|
||||||
<xsd:attribute name="bits" type="xsd:string" />
|
|
||||||
<xsd:attribute name="keystore-ref" type="xsd:string" use="required">
|
|
||||||
<xsd:annotation>
|
|
||||||
<xsd:documentation>
|
|
||||||
The reference to the bean that defines the
|
|
||||||
KeyStore.
|
|
||||||
</xsd:documentation>
|
|
||||||
</xsd:annotation>
|
|
||||||
</xsd:attribute>
|
|
||||||
<xsd:attribute name="key-alias" type="xsd:string" use="required">
|
|
||||||
<xsd:annotation>
|
|
||||||
<xsd:documentation>
|
|
||||||
The alias to the KeyPair to use for
|
|
||||||
signing/verifying.
|
|
||||||
</xsd:documentation>
|
|
||||||
</xsd:annotation>
|
|
||||||
</xsd:attribute>
|
|
||||||
<xsd:attribute name="password" type="xsd:string">
|
|
||||||
<xsd:annotation>
|
|
||||||
<xsd:documentation>
|
|
||||||
The password to the KeyPair to use for
|
|
||||||
signing/verifying.
|
|
||||||
</xsd:documentation>
|
|
||||||
</xsd:annotation>
|
|
||||||
</xsd:attribute>
|
|
||||||
</xsd:complexType>
|
|
||||||
</xsd:element>
|
|
||||||
<xsd:element name="ecdsa">
|
|
||||||
<xsd:annotation>
|
|
||||||
<xsd:documentation>
|
|
||||||
Configures an ECDSA signer.
|
|
||||||
</xsd:documentation>
|
|
||||||
</xsd:annotation>
|
|
||||||
<xsd:complexType>
|
|
||||||
<xsd:attribute name="bits" type="xsd:string" />
|
|
||||||
<xsd:attribute name="keystore-ref" type="xsd:string" use="required">
|
|
||||||
<xsd:annotation>
|
|
||||||
<xsd:documentation>
|
|
||||||
The reference to the bean that defines the
|
|
||||||
KeyStore.
|
|
||||||
</xsd:documentation>
|
|
||||||
</xsd:annotation>
|
|
||||||
</xsd:attribute>
|
|
||||||
<xsd:attribute name="key-alias" type="xsd:string" use="required">
|
|
||||||
<xsd:annotation>
|
|
||||||
<xsd:documentation>
|
|
||||||
The alias to the KeyPair to use for
|
|
||||||
signing/verifying.
|
|
||||||
</xsd:documentation>
|
|
||||||
</xsd:annotation>
|
|
||||||
</xsd:attribute>
|
|
||||||
<xsd:attribute name="password" type="xsd:string">
|
|
||||||
<xsd:annotation>
|
|
||||||
<xsd:documentation>
|
|
||||||
The password to the KeyPair to use for
|
|
||||||
signing/verifying.
|
|
||||||
</xsd:documentation>
|
|
||||||
</xsd:annotation>
|
|
||||||
</xsd:attribute>
|
|
||||||
</xsd:complexType>
|
|
||||||
</xsd:element>
|
|
||||||
<xsd:element name="hmac">
|
|
||||||
<xsd:annotation>
|
|
||||||
<xsd:documentation>
|
|
||||||
Configures an HMAC signer.
|
|
||||||
</xsd:documentation>
|
|
||||||
</xsd:annotation>
|
|
||||||
<xsd:complexType>
|
|
||||||
<xsd:attribute name="bits" type="xsd:integer" />
|
|
||||||
<xsd:attribute name="passphrase" type="xsd:string">
|
|
||||||
<xsd:annotation>
|
|
||||||
<xsd:documentation>
|
|
||||||
The passphrase used for signing/verifying.
|
|
||||||
</xsd:documentation>
|
|
||||||
</xsd:annotation>
|
|
||||||
</xsd:attribute>
|
|
||||||
</xsd:complexType>
|
|
||||||
</xsd:element>
|
|
||||||
</xsd:choice>
|
|
||||||
</xsd:extension>
|
|
||||||
</xsd:complexContent>
|
|
||||||
</xsd:complexType>
|
|
||||||
</xsd:element>
|
|
||||||
</xsd:schema>
|
|
|
@ -37,21 +37,27 @@
|
||||||
</c:otherwise>
|
</c:otherwise>
|
||||||
</c:choose>" to sign you into their site
|
</c:choose>" to sign you into their site
|
||||||
using your identity?
|
using your identity?
|
||||||
<a class="small" href="#" onclick="$('#description').toggle('fast'); return false;">more information</a>
|
<div>
|
||||||
|
<a class="small" href="#" onclick="$('#description').toggle('fast'); return false;">more information</a>
|
||||||
|
</div>
|
||||||
<p>
|
<p>
|
||||||
<blockquote id="description" style="display: none">
|
<blockquote id="description" style="display: none">
|
||||||
<c:choose>
|
<c:choose>
|
||||||
<c:when test="${empty client.clientDescription}">
|
<c:when test="${empty client.clientDescription}">
|
||||||
No additional information available.
|
No additional information available.
|
||||||
</c:when>
|
</c:when>
|
||||||
<c:otherwise>
|
<c:otherwise>
|
||||||
<c:out value="${client.clientDescription}"/>
|
<c:out value="${client.clientDescription}"/>
|
||||||
</c:otherwise>
|
</c:otherwise>
|
||||||
</c:choose>
|
</c:choose>
|
||||||
|
|
||||||
</blockquote>
|
</blockquote>
|
||||||
</p>
|
</p>
|
||||||
|
<div>
|
||||||
|
<small>
|
||||||
|
<strong>Redirect URI: </strong><c:out value="${redirect_uri}"/>
|
||||||
|
</small>
|
||||||
|
</div>
|
||||||
</div>
|
</div>
|
||||||
<div class="span4">
|
<div class="span4">
|
||||||
<fieldset style="text-align:left" class="well">
|
<fieldset style="text-align:left" class="well">
|
||||||
|
@ -81,10 +87,6 @@
|
||||||
class="btn btn-secondary btn-large"/>
|
class="btn btn-secondary btn-large"/>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<small>
|
|
||||||
<strong>Redirect URI: </strong><c:out value="${redirect_uri}"/>
|
|
||||||
</small>
|
|
||||||
|
|
||||||
</form>
|
</form>
|
||||||
|
|
||||||
</authz:authorize>
|
</authz:authorize>
|
||||||
|
|
|
@ -1,158 +0,0 @@
|
||||||
/*******************************************************************************
|
|
||||||
* Copyright 2012 The MITRE Corporation
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
******************************************************************************/
|
|
||||||
package org.mitre.openid.connect.repository;
|
|
||||||
|
|
||||||
import static org.hamcrest.CoreMatchers.equalTo;
|
|
||||||
import static org.hamcrest.CoreMatchers.is;
|
|
||||||
import static org.hamcrest.CoreMatchers.not;
|
|
||||||
import static org.hamcrest.CoreMatchers.nullValue;
|
|
||||||
import static org.hamcrest.CoreMatchers.sameInstance;
|
|
||||||
import static org.junit.Assert.assertThat;
|
|
||||||
|
|
||||||
import javax.persistence.EntityManager;
|
|
||||||
import javax.persistence.PersistenceContext;
|
|
||||||
|
|
||||||
import org.junit.Before;
|
|
||||||
import org.junit.Test;
|
|
||||||
import org.junit.runner.RunWith;
|
|
||||||
import org.mitre.openid.connect.model.Address;
|
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
|
||||||
import org.springframework.test.annotation.Rollback;
|
|
||||||
import org.springframework.test.context.ContextConfiguration;
|
|
||||||
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
|
|
||||||
import org.springframework.transaction.annotation.Transactional;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* AddressRepository unit test
|
|
||||||
*
|
|
||||||
* @author Michael Joseph Walsh
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
@Transactional
|
|
||||||
@RunWith(SpringJUnit4ClassRunner.class)
|
|
||||||
@ContextConfiguration(locations={"file:src/main/webapp/WEB-INF/application-context.xml", "classpath:test-context.xml"})
|
|
||||||
public class AddressRepositoryTest {
|
|
||||||
|
|
||||||
@Autowired
|
|
||||||
private AddressRepository repository;
|
|
||||||
|
|
||||||
@PersistenceContext
|
|
||||||
private EntityManager sharedManager;
|
|
||||||
|
|
||||||
private Address address1;
|
|
||||||
private Address address2;
|
|
||||||
|
|
||||||
@Before
|
|
||||||
public void setup() {
|
|
||||||
//Use existing test-data.sql
|
|
||||||
address1 = new Address();
|
|
||||||
address1.setId(1L);
|
|
||||||
// too lazy to create formatted...
|
|
||||||
address1.setStreetAddress("7443 Et Road");
|
|
||||||
address1.setLocality("Pass Christian");
|
|
||||||
address1.setRegion("ID");
|
|
||||||
address1.setPostalCode("16183");
|
|
||||||
address1.setCountry("Jordan");
|
|
||||||
|
|
||||||
address2 = new Address();
|
|
||||||
address2.setId(2L);
|
|
||||||
address2.setStreetAddress("P.O. Box 893, 2523 Felis Rd.");
|
|
||||||
address2.setLocality("New Kensington");
|
|
||||||
address2.setRegion("NT");
|
|
||||||
address2.setPostalCode("I5V 3Z7");
|
|
||||||
address2.setCountry("Israel");
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void getById_valid() {
|
|
||||||
Address retrieved = repository.getById(1L);
|
|
||||||
assertThat(retrieved, is(not(nullValue())));
|
|
||||||
assertThat(retrieved.getId(), equalTo(address1.getId()));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void getById_invalid() {
|
|
||||||
Address nullAddress = repository.getById(42L);
|
|
||||||
assertThat(nullAddress, is(nullValue()));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
@Rollback
|
|
||||||
public void save_validNew() {
|
|
||||||
// See: http://openid.net/specs/openid-connect-basic-1_0.html#address_claim
|
|
||||||
Address newAddress = new Address();
|
|
||||||
newAddress.setStreetAddress("P.O. Box 517, 8158 Elementum Rd.");
|
|
||||||
newAddress.setLocality("Whittier");
|
|
||||||
newAddress.setRegion("YT");
|
|
||||||
newAddress.setPostalCode("U6Q 3F2");
|
|
||||||
newAddress.setCountry("Cyprus");
|
|
||||||
|
|
||||||
Address saved = repository.save(newAddress);
|
|
||||||
sharedManager.flush();
|
|
||||||
|
|
||||||
assertThat(saved, is(sameInstance(newAddress)));
|
|
||||||
assertThat(saved.getId(), not(nullValue()));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
@Rollback
|
|
||||||
public void save_validExisting() {
|
|
||||||
address1.setStreetAddress("A New address");
|
|
||||||
|
|
||||||
Address saved = repository.save(address1);
|
|
||||||
|
|
||||||
assertThat(saved, not(nullValue()));
|
|
||||||
assertThat(saved.getId(), equalTo(address1.getId()));
|
|
||||||
assertThat(saved.getStreetAddress(), equalTo(address1.getStreetAddress()));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
@Rollback
|
|
||||||
public void remove_valid() {
|
|
||||||
|
|
||||||
Address managed = repository.getById((address1.getId()));
|
|
||||||
|
|
||||||
repository.remove(managed);
|
|
||||||
|
|
||||||
Address nullAddress = repository.getById(address1.getId());
|
|
||||||
|
|
||||||
assertThat(nullAddress, is(nullValue()));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test(expected = IllegalArgumentException.class)
|
|
||||||
public void remove_invalid() {
|
|
||||||
Address doesNotExist = new Address();
|
|
||||||
doesNotExist.setId(42L);
|
|
||||||
|
|
||||||
repository.remove(doesNotExist);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
@Rollback
|
|
||||||
public void removeById_valid() {
|
|
||||||
repository.removeById(address1.getId());
|
|
||||||
|
|
||||||
Address nullagg = repository.getById(address1.getId());
|
|
||||||
|
|
||||||
assertThat(nullagg, is(nullValue()));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test(expected = IllegalArgumentException.class)
|
|
||||||
public void removeById_invalid() {
|
|
||||||
|
|
||||||
repository.removeById(42L);
|
|
||||||
}
|
|
||||||
}
|
|
|
@ -1,166 +0,0 @@
|
||||||
/*******************************************************************************
|
|
||||||
* Copyright 2012 The MITRE Corporation
|
|
||||||
*
|
|
||||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
|
||||||
* you may not use this file except in compliance with the License.
|
|
||||||
* You may obtain a copy of the License at
|
|
||||||
*
|
|
||||||
* http://www.apache.org/licenses/LICENSE-2.0
|
|
||||||
*
|
|
||||||
* Unless required by applicable law or agreed to in writing, software
|
|
||||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
|
||||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
|
||||||
* See the License for the specific language governing permissions and
|
|
||||||
* limitations under the License.
|
|
||||||
******************************************************************************/
|
|
||||||
package org.mitre.openid.connect.repository;
|
|
||||||
|
|
||||||
import static org.hamcrest.CoreMatchers.equalTo;
|
|
||||||
import static org.hamcrest.CoreMatchers.is;
|
|
||||||
import static org.hamcrest.CoreMatchers.not;
|
|
||||||
import static org.hamcrest.CoreMatchers.nullValue;
|
|
||||||
import static org.hamcrest.CoreMatchers.sameInstance;
|
|
||||||
import static org.junit.Assert.assertThat;
|
|
||||||
import static org.junit.Assert.fail;
|
|
||||||
|
|
||||||
import java.util.Date;
|
|
||||||
import java.util.List;
|
|
||||||
|
|
||||||
import javax.persistence.EntityManager;
|
|
||||||
import javax.persistence.PersistenceContext;
|
|
||||||
|
|
||||||
import org.junit.Before;
|
|
||||||
import org.junit.Test;
|
|
||||||
import org.junit.runner.RunWith;
|
|
||||||
import org.mitre.openid.connect.model.Event;
|
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
|
||||||
import org.springframework.test.annotation.Rollback;
|
|
||||||
import org.springframework.test.context.ContextConfiguration;
|
|
||||||
import org.springframework.test.context.junit4.SpringJUnit4ClassRunner;
|
|
||||||
import org.springframework.transaction.annotation.Transactional;
|
|
||||||
|
|
||||||
import com.google.common.collect.Lists;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* EventRepository unit test
|
|
||||||
*
|
|
||||||
* @author Michael Joseph Walsh
|
|
||||||
*
|
|
||||||
*/
|
|
||||||
@Transactional
|
|
||||||
@RunWith(SpringJUnit4ClassRunner.class)
|
|
||||||
@ContextConfiguration(locations={"file:src/main/webapp/WEB-INF/application-context.xml", "classpath:test-context.xml"})
|
|
||||||
public class EventRepositoryTest {
|
|
||||||
|
|
||||||
@Autowired
|
|
||||||
private EventRepository repository;
|
|
||||||
|
|
||||||
@PersistenceContext
|
|
||||||
private EntityManager sharedManager;
|
|
||||||
|
|
||||||
private Event event1;
|
|
||||||
private Event event2;
|
|
||||||
|
|
||||||
@Before
|
|
||||||
public void setup() {
|
|
||||||
//Use existing test-data.sql
|
|
||||||
event1 = new Event();
|
|
||||||
event1.setId(1L);
|
|
||||||
event1.setType(Event.EventType.LOGIN);
|
|
||||||
event1.setTimestamp(new Date(86400000*5)); // 1 day = 86 400 000 milliseconds
|
|
||||||
|
|
||||||
event2 = new Event();
|
|
||||||
event2.setId(2L);
|
|
||||||
event2.setType(Event.EventType.AUTHORIZATION);
|
|
||||||
event2.setTimestamp(new Date(86400000*10));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void getById_valid() {
|
|
||||||
Event retrieved = repository.getById(1L);
|
|
||||||
assertThat(retrieved, is(not(nullValue())));
|
|
||||||
assertThat(retrieved.getId(), equalTo(event1.getId()));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void getById_invalid() {
|
|
||||||
Event nullAddress = repository.getById(42L);
|
|
||||||
assertThat(nullAddress, is(nullValue()));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
public void getEventsDuringPeriod() {
|
|
||||||
List<Event> allEvents = Lists.newArrayList(event1, event2);
|
|
||||||
|
|
||||||
List<Event> retrieved = (List<Event>) repository.getEventsDuringPeriod(new Date(0L), new Date(86400000*11), 0, 10);
|
|
||||||
|
|
||||||
if (allEvents.size() != retrieved.size()) {
|
|
||||||
fail("Retrieved and expected are not of equal size!");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
@Rollback
|
|
||||||
public void save_validNew() {
|
|
||||||
|
|
||||||
Event newEvent = new Event();
|
|
||||||
newEvent.setType(Event.EventType.LOGIN);
|
|
||||||
newEvent.setTimestamp(new Date());
|
|
||||||
|
|
||||||
Event saved = repository.save(newEvent);
|
|
||||||
sharedManager.flush();
|
|
||||||
|
|
||||||
assertThat(saved, is(sameInstance(newEvent)));
|
|
||||||
assertThat(saved.getId(), not(nullValue()));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
@Rollback
|
|
||||||
public void save_validExisting() {
|
|
||||||
event1.setType(Event.EventType.ACCESS);
|
|
||||||
|
|
||||||
Event saved = repository.save(event1);
|
|
||||||
|
|
||||||
assertThat(saved, not(nullValue()));
|
|
||||||
assertThat(saved.getId(), equalTo(event1.getId()));
|
|
||||||
assertThat(saved.getType(), equalTo(event1.getType()));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
@Rollback
|
|
||||||
public void remove_valid() {
|
|
||||||
|
|
||||||
Event managed = repository.getById((event1.getId()));
|
|
||||||
|
|
||||||
repository.remove(managed);
|
|
||||||
|
|
||||||
Event nullAddress = repository.getById(event1.getId());
|
|
||||||
|
|
||||||
assertThat(nullAddress, is(nullValue()));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test(expected = IllegalArgumentException.class)
|
|
||||||
public void remove_invalid() {
|
|
||||||
Event doesNotExist = new Event();
|
|
||||||
doesNotExist.setId(42L);
|
|
||||||
|
|
||||||
repository.remove(doesNotExist);
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test
|
|
||||||
@Rollback
|
|
||||||
public void removeById_valid() {
|
|
||||||
repository.removeById(event1.getId());
|
|
||||||
|
|
||||||
Event nullagg = repository.getById(event1.getId());
|
|
||||||
|
|
||||||
assertThat(nullagg, is(nullValue()));
|
|
||||||
}
|
|
||||||
|
|
||||||
@Test(expected = IllegalArgumentException.class)
|
|
||||||
public void removeById_invalid() {
|
|
||||||
|
|
||||||
repository.removeById(42L);
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
Loading…
Reference in New Issue