Auth code flow works through user approval page. Current problem is that it doesn't seem to be matching up auth codes correctly (I keep getting "invalid code" error). But, it looks like it's going through our custom token granter so that is good.

13 years ago · d94eb338ee
parent 626779b58e
commit d94eb338ee
7 changed files with 26 additions and 72 deletions
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java
@ -35,7 +35,7 @@ public class OAuthConfirmationController {
 	}
 	
 	@PreAuthorize("hasRole('ROLE_USER')")
-	@RequestMapping("/oauth/user/approve")
+	@RequestMapping("/oauth/confirm_access")
 	public ModelAndView confimAccess(@ModelAttribute AuthorizationRequest clientAuth, 
 			ModelAndView modelAndView) {
 		
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/AuthorizationEndpoint.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/AuthorizationEndpoint.java
@ -1,49 +0,0 @@
-package org.mitre.openid.connect.web;
-
-import java.util.TreeMap;
-
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.oauth2.provider.AuthorizationRequest;
-import org.springframework.security.oauth2.provider.ClientDetails;
-import org.springframework.security.oauth2.provider.ClientDetailsService;
-import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.ModelAttribute;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.servlet.ModelAndView;
-
-@Controller
-@RequestMapping("/")
-public class AuthorizationEndpoint {
-
-	@Autowired
-	private ClientDetailsService clientDetailsService;
-
-	//TODO: this endpoint needs to be protected
-	@RequestMapping("/oauth/confirm_access")
-	public ModelAndView getAccessConfirmation(
-			@ModelAttribute AuthorizationRequest clientAuth) throws Exception {
-		ClientDetails client = clientDetailsService
-				.loadClientByClientId(clientAuth.getClientId());
-		TreeMap<String, Object> model = new TreeMap<String, Object>();
-		model.put("auth_request", clientAuth);
-		model.put("client", client);
-		return new ModelAndView("oauth/approve", model);
-	}
-
-	public void setClientDetailsService(
-			ClientDetailsService clientDetailsService) {
-		this.clientDetailsService = clientDetailsService;
-	}
-
-	public ClientDetailsService getClientDetailsService() {
-		return this.clientDetailsService;
-	}
-
-	/*
-	 * handle "idtoken token" flow
-	 */
-
-	/*
-	 * Other flows get handled outside of our endpoints by SSOA
-	 */
-}
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/TokenEndpoint.java
+++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/TokenEndpoint.java
@ -1,16 +0,0 @@
-package org.mitre.openid.connect.web;
-
-import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.RequestMapping;
-
-@Controller
-@RequestMapping("token")
-public class TokenEndpoint {
-
-	//Corresponds to spring security Authentication Filter class
-	
-	// handle sending back a token and an id token for a code
-	
-	// fall through to SSOA code if no id token?
-	
-}
--- a/openid-connect-server/src/main/webapp/WEB-INF/spring/appServlet/controllers.xml
+++ b/openid-connect-server/src/main/webapp/WEB-INF/spring/appServlet/controllers.xml
@ -15,4 +15,8 @@
 		<context:include-filter type="annotation" expression="org.springframework.stereotype.Controller" />
 	</context:component-scan>
 	
+	<context:component-scan base-package="org.mitre">
+		<context:include-filter type="annotation" expression="org.springframework.stereotype.Controller" />
+	</context:component-scan>
+	
 </beans>
--- a/openid-connect-server/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml
+++ b/openid-connect-server/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml
@ -45,7 +45,7 @@
 	<!-- SECOAUTH Authorization Server, with our custom token granter plugged in -->
 	<oauth:authorization-server client-details-service-ref="defaultOAuth2ClientDetailsEntityService" 
 		token-services-ref="defaultOAuth2ProviderTokenService" token-granter-ref="connectAuthCodeTokenGranter"
-		authorization-endpoint-url="/openidconnect/auth">
+		authorization-endpoint-url="/openidconnect/auth" token-endpoint-url="/openidconnect/token">
 		<oauth:authorization-code authorization-code-services-ref="authCodeServices"/>
 	</oauth:authorization-server>
 	
--- a/openid-connect-server/src/main/webapp/WEB-INF/spring/application-context.xml
+++ b/openid-connect-server/src/main/webapp/WEB-INF/spring/application-context.xml
@ -19,13 +19,28 @@
 		
 	<import resource="data-context.xml" />	

+
+
 	<security:global-method-security pre-post-annotations="enabled" proxy-target-class="true" authentication-manager-ref="springSecurityAuthenticationManager"/>
+
 	<security:http use-expressions="true" auto-config="true" authentication-manager-ref="springSecurityAuthenticationManager">
-<!-- 		<security:intercept-url pattern="/oauth/user/**" access="hasRole('ROLE_USER')"/> -->
-		<security:intercept-url pattern="/*" access="permitAll"/>
-		
+ 		<security:intercept-url pattern="/oauth/authorize**" access="hasRole('ROLE_USER')"/> 
+<!--  		<security:intercept-url pattern="/openidconnect/token**" access="hasRole('ROLE_USER')"/>  -->
+		<security:intercept-url pattern="/**" access="permitAll"/>
 	</security:http>
-		
+
+<!-- 	<security:http pattern="/oauth/**" use-expressions="true" auto-config="true" authentication-manager-ref="springSecurityAuthenticationManager"> -->
+<!--  		<security:intercept-url pattern="/oauth/**" access="hasRole('ROLE_USER')"/>	 -->
+<!-- 	</security:http> -->
+
+<!-- 	<security:http pattern="/resources/**" security="none" authentication-manager-ref="springSecurityAuthenticationManager"/> -->
+
+<!-- 	<security:http pattern="/oauth/authorize" security="none" authentication-manager-ref="springSecurityAuthenticationManager"/> -->
+	
+<!-- 	<security:http pattern="/openidconnect/auth" security="none" authentication-manager-ref="springSecurityAuthenticationManager"/> -->
+
+<!-- 	<security:http pattern="/**" security="none" authentication-manager-ref="springSecurityAuthenticationManager"/> -->
+
 	<bean id="clientCredentialsChecker" class="org.springframework.security.oauth2.provider.ClientCredentialsChecker">
 		<constructor-arg>
 			<bean class="org.mitre.oauth2.service.impl.DefaultOAuth2ClientDetailsEntityService"/>
--- a/openid-connect-server/src/main/webapp/WEB-INF/views/oauth/approve.jsp
+++ b/openid-connect-server/src/main/webapp/WEB-INF/views/oauth/approve.jsp
@ -2,7 +2,7 @@
 <%@ page import="org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException" %>
 <%@ page import="org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter" %>
 <%@ taglib prefix="authz" uri="http://www.springframework.org/security/tags" %>
-<%@ taglib prefix="c" uri="http://java.sun.com/jstl/core" %>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 <%@ taglib prefix="o" tagdir="/WEB-INF/tags" %>

 <o:header title="approve access"/>