From d94eb338ee9f666d16a82e662dd9ddaa1350e18f Mon Sep 17 00:00:00 2001
From: Amanda Anganes <aanganes@mitre.org>
Date: Tue, 20 Mar 2012 15:07:18 -0400
Subject: [PATCH] Auth code flow works through user approval page. Current
 problem is that it doesn't seem to be matching up auth codes correctly (I
 keep getting "invalid code" error). But, it looks like it's going through our
 custom token granter so that is good.

---
 .../web/OAuthConfirmationController.java      |  2 +-
 .../connect/web/AuthorizationEndpoint.java    | 49 -------------------
 .../openid/connect/web/TokenEndpoint.java     | 16 ------
 .../WEB-INF/spring/appServlet/controllers.xml |  4 ++
 .../spring/appServlet/servlet-context.xml     |  2 +-
 .../WEB-INF/spring/application-context.xml    | 23 +++++++--
 .../webapp/WEB-INF/views/oauth/approve.jsp    |  2 +-
 7 files changed, 26 insertions(+), 72 deletions(-)
 delete mode 100644 openid-connect-server/src/main/java/org/mitre/openid/connect/web/AuthorizationEndpoint.java
 delete mode 100644 openid-connect-server/src/main/java/org/mitre/openid/connect/web/TokenEndpoint.java

diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java
index 6b54db931..7a9952a5a 100644
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthConfirmationController.java
@@ -35,7 +35,7 @@ public class OAuthConfirmationController {
 	}
 	
 	@PreAuthorize("hasRole('ROLE_USER')")
-	@RequestMapping("/oauth/user/approve")
+	@RequestMapping("/oauth/confirm_access")
 	public ModelAndView confimAccess(@ModelAttribute AuthorizationRequest clientAuth, 
 			ModelAndView modelAndView) {
 		
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/AuthorizationEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/AuthorizationEndpoint.java
deleted file mode 100644
index 28047bd27..000000000
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/AuthorizationEndpoint.java
+++ /dev/null
@@ -1,49 +0,0 @@
-package org.mitre.openid.connect.web;
-
-import java.util.TreeMap;
-
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.oauth2.provider.AuthorizationRequest;
-import org.springframework.security.oauth2.provider.ClientDetails;
-import org.springframework.security.oauth2.provider.ClientDetailsService;
-import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.ModelAttribute;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.servlet.ModelAndView;
-
-@Controller
-@RequestMapping("/")
-public class AuthorizationEndpoint {
-
-	@Autowired
-	private ClientDetailsService clientDetailsService;
-
-	//TODO: this endpoint needs to be protected
-	@RequestMapping("/oauth/confirm_access")
-	public ModelAndView getAccessConfirmation(
-			@ModelAttribute AuthorizationRequest clientAuth) throws Exception {
-		ClientDetails client = clientDetailsService
-				.loadClientByClientId(clientAuth.getClientId());
-		TreeMap<String, Object> model = new TreeMap<String, Object>();
-		model.put("auth_request", clientAuth);
-		model.put("client", client);
-		return new ModelAndView("oauth/approve", model);
-	}
-
-	public void setClientDetailsService(
-			ClientDetailsService clientDetailsService) {
-		this.clientDetailsService = clientDetailsService;
-	}
-
-	public ClientDetailsService getClientDetailsService() {
-		return this.clientDetailsService;
-	}
-
-	/*
-	 * handle "idtoken token" flow
-	 */
-
-	/*
-	 * Other flows get handled outside of our endpoints by SSOA
-	 */
-}
diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/TokenEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/TokenEndpoint.java
deleted file mode 100644
index ac1cbc2c0..000000000
--- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/TokenEndpoint.java
+++ /dev/null
@@ -1,16 +0,0 @@
-package org.mitre.openid.connect.web;
-
-import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.RequestMapping;
-
-@Controller
-@RequestMapping("token")
-public class TokenEndpoint {
-
-	//Corresponds to spring security Authentication Filter class
-	
-	// handle sending back a token and an id token for a code
-	
-	// fall through to SSOA code if no id token?
-	
-}
diff --git a/openid-connect-server/src/main/webapp/WEB-INF/spring/appServlet/controllers.xml b/openid-connect-server/src/main/webapp/WEB-INF/spring/appServlet/controllers.xml
index dcab144a8..2e1b8ff85 100644
--- a/openid-connect-server/src/main/webapp/WEB-INF/spring/appServlet/controllers.xml
+++ b/openid-connect-server/src/main/webapp/WEB-INF/spring/appServlet/controllers.xml
@@ -15,4 +15,8 @@
 		<context:include-filter type="annotation" expression="org.springframework.stereotype.Controller" />
 	</context:component-scan>
 	
+	<context:component-scan base-package="org.mitre">
+		<context:include-filter type="annotation" expression="org.springframework.stereotype.Controller" />
+	</context:component-scan>
+	
 </beans>
diff --git a/openid-connect-server/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml b/openid-connect-server/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml
index 0334f4170..70caaa644 100644
--- a/openid-connect-server/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml
+++ b/openid-connect-server/src/main/webapp/WEB-INF/spring/appServlet/servlet-context.xml
@@ -45,7 +45,7 @@
 	<!-- SECOAUTH Authorization Server, with our custom token granter plugged in -->
 	<oauth:authorization-server client-details-service-ref="defaultOAuth2ClientDetailsEntityService" 
 		token-services-ref="defaultOAuth2ProviderTokenService" token-granter-ref="connectAuthCodeTokenGranter"
-		authorization-endpoint-url="/openidconnect/auth">
+		authorization-endpoint-url="/openidconnect/auth" token-endpoint-url="/openidconnect/token">
 		<oauth:authorization-code authorization-code-services-ref="authCodeServices"/>
 	</oauth:authorization-server>
 	
diff --git a/openid-connect-server/src/main/webapp/WEB-INF/spring/application-context.xml b/openid-connect-server/src/main/webapp/WEB-INF/spring/application-context.xml
index 647809e19..9712ab91f 100644
--- a/openid-connect-server/src/main/webapp/WEB-INF/spring/application-context.xml
+++ b/openid-connect-server/src/main/webapp/WEB-INF/spring/application-context.xml
@@ -19,13 +19,28 @@
 		
 	<import resource="data-context.xml" />	
 
+
+
 	<security:global-method-security pre-post-annotations="enabled" proxy-target-class="true" authentication-manager-ref="springSecurityAuthenticationManager"/>
+
 	<security:http use-expressions="true" auto-config="true" authentication-manager-ref="springSecurityAuthenticationManager">
-<!-- 		<security:intercept-url pattern="/oauth/user/**" access="hasRole('ROLE_USER')"/> -->
-		<security:intercept-url pattern="/*" access="permitAll"/>
-		
+ 		<security:intercept-url pattern="/oauth/authorize**" access="hasRole('ROLE_USER')"/> 
+<!--  		<security:intercept-url pattern="/openidconnect/token**" access="hasRole('ROLE_USER')"/>  -->
+		<security:intercept-url pattern="/**" access="permitAll"/>
 	</security:http>
-		
+
+<!-- 	<security:http pattern="/oauth/**" use-expressions="true" auto-config="true" authentication-manager-ref="springSecurityAuthenticationManager"> -->
+<!--  		<security:intercept-url pattern="/oauth/**" access="hasRole('ROLE_USER')"/>	 -->
+<!-- 	</security:http> -->
+
+<!-- 	<security:http pattern="/resources/**" security="none" authentication-manager-ref="springSecurityAuthenticationManager"/> -->
+
+<!-- 	<security:http pattern="/oauth/authorize" security="none" authentication-manager-ref="springSecurityAuthenticationManager"/> -->
+	
+<!-- 	<security:http pattern="/openidconnect/auth" security="none" authentication-manager-ref="springSecurityAuthenticationManager"/> -->
+
+<!-- 	<security:http pattern="/**" security="none" authentication-manager-ref="springSecurityAuthenticationManager"/> -->
+
 	<bean id="clientCredentialsChecker" class="org.springframework.security.oauth2.provider.ClientCredentialsChecker">
 		<constructor-arg>
 			<bean class="org.mitre.oauth2.service.impl.DefaultOAuth2ClientDetailsEntityService"/>
diff --git a/openid-connect-server/src/main/webapp/WEB-INF/views/oauth/approve.jsp b/openid-connect-server/src/main/webapp/WEB-INF/views/oauth/approve.jsp
index f27f5ac1a..6ad0a4f3a 100644
--- a/openid-connect-server/src/main/webapp/WEB-INF/views/oauth/approve.jsp
+++ b/openid-connect-server/src/main/webapp/WEB-INF/views/oauth/approve.jsp
@@ -2,7 +2,7 @@
 <%@ page import="org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException" %>
 <%@ page import="org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter" %>
 <%@ taglib prefix="authz" uri="http://www.springframework.org/security/tags" %>
-<%@ taglib prefix="c" uri="http://java.sun.com/jstl/core" %>
+<%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %>
 <%@ taglib prefix="o" tagdir="/WEB-INF/tags" %>
 
 <o:header title="approve access"/>