make client assertion auth work again

2016-07-24 15:24:45 -04:00 · 2016-07-24 15:24:45 -04:00 · d89257380f
parent f9e4d75a4a
commit d89257380f
2 changed files with 18 additions and 5 deletions
--- a/openid-connect-server-webapp/src/main/webapp/WEB-INF/assertion-config.xml
+++ b/openid-connect-server-webapp/src/main/webapp/WEB-INF/assertion-config.xml
@ -32,6 +32,8 @@
 	<!-- validate incoming tokens for JWT assertions -->
 	<bean id="jwtAssertionValidator" class="org.mitre.jwt.assertion.impl.NullAssertionValidator" />

+	<bean id="jwtAssertionTokenFactory" class="org.mitre.oauth2.assertion.impl.DirectCopyRequestFactory" />
+
 	<!-- validate client software statements for dynamic registration -->
 	<bean id="clientAssertionValidator" class="org.mitre.jwt.assertion.impl.NullAssertionValidator" />
 	
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JWTBearerAssertionAuthenticationToken.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/assertion/JWTBearerAssertionAuthenticationToken.java
@ -37,6 +37,7 @@ public class JWTBearerAssertionAuthenticationToken extends AbstractAuthenticatio
 	 * 
 	 */
 	private static final long serialVersionUID = -3138213539914074617L;
+	private String subject;
 	private JWT jwt;

 	/**
@ -46,6 +47,13 @@ public class JWTBearerAssertionAuthenticationToken extends AbstractAuthenticatio
 	 */
 	public JWTBearerAssertionAuthenticationToken(JWT jwt) {
 		super(null);
+		try {
+			// save the subject of the JWT in case the credentials get erased later
+			this.subject = jwt.getJWTClaimsSet().getSubject();
+		} catch (ParseException e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+		}
 		this.jwt = jwt;
 		setAuthenticated(false);
 	}
@ -58,6 +66,13 @@ public class JWTBearerAssertionAuthenticationToken extends AbstractAuthenticatio
 	 */
 	public JWTBearerAssertionAuthenticationToken(JWT jwt, Collection<? extends GrantedAuthority> authorities) {
 		super(authorities);
+		try {
+			// save the subject of the JWT in case the credentials get erased later
+			this.subject = jwt.getJWTClaimsSet().getSubject();
+		} catch (ParseException e) {
+			// TODO Auto-generated catch block
+			e.printStackTrace();
+		}
 		this.jwt = jwt;
 		setAuthenticated(true);
 	}
@ -75,11 +90,7 @@ public class JWTBearerAssertionAuthenticationToken extends AbstractAuthenticatio
 	 */
 	@Override
 	public Object getPrincipal() {
-		try {
-			return jwt.getJWTClaimsSet().getSubject();
-		} catch (ParseException e) {
-			return null;
-		}
+		return subject;
 	}

 	/**