Cleaned up classes affected by SECOAUTH changes; added Connect implementation of AuthorizationRequest and updated manager class to reflect new class & updated interface;
;pull/340/head
Amanda Anganes
parent
5cff31bdbc
commit
e17eaa499e
|
|
@ -15,6 +15,7 @@ import org.springframework.security.core.AuthenticationException;
|
|||
import org.springframework.security.oauth2.common.exceptions.InvalidScopeException;
|
||||
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
|
||||
import org.springframework.security.oauth2.provider.AuthorizationRequest;
|
||||
import org.springframework.security.oauth2.provider.AuthorizationRequestManager;
|
||||
import org.springframework.security.oauth2.provider.DefaultAuthorizationRequest;
|
||||
import org.springframework.security.oauth2.provider.OAuth2Authentication;
|
||||
import org.springframework.security.oauth2.provider.token.AbstractTokenGranter;
|
||||
|
|
@ -31,6 +32,9 @@ public class ChainedTokenGranter extends AbstractTokenGranter {
|
|||
|
||||
private static final String grantType = "urn:ietf:params:oauth:grant_type:redelegate";
|
||||
|
||||
@Autowired
|
||||
private static AuthorizationRequestManager authorizationRequestManager;
|
||||
|
||||
// keep down-cast versions so we can get to the right queries
|
||||
private OAuth2TokenEntityService tokenServices;
|
||||
|
||||
|
|
@ -41,7 +45,7 @@ public class ChainedTokenGranter extends AbstractTokenGranter {
|
|||
*/
|
||||
@Autowired
|
||||
public ChainedTokenGranter(OAuth2TokenEntityService tokenServices, ClientDetailsEntityService clientDetailsService) {
|
||||
super(tokenServices, clientDetailsService, grantType);
|
||||
super(tokenServices, clientDetailsService, grantType, authorizationRequestManager);
|
||||
this.tokenServices = tokenServices;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -3,7 +3,6 @@
|
|||
*/
|
||||
package org.mitre.oauth2.token;
|
||||
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.text.ParseException;
|
||||
import java.util.Date;
|
||||
|
||||
|
|
@ -19,6 +18,7 @@ import org.springframework.security.oauth2.common.OAuth2AccessToken;
|
|||
import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
|
||||
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
|
||||
import org.springframework.security.oauth2.provider.AuthorizationRequest;
|
||||
import org.springframework.security.oauth2.provider.AuthorizationRequestManager;
|
||||
import org.springframework.security.oauth2.provider.token.AbstractTokenGranter;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
|
|
@ -46,9 +46,12 @@ public class JwtAssertionTokenGranter extends AbstractTokenGranter {
|
|||
@Autowired
|
||||
private ConfigurationPropertiesBean config;
|
||||
|
||||
@Autowired
|
||||
private static AuthorizationRequestManager authorizationRequestManager;
|
||||
|
||||
@Autowired
|
||||
public JwtAssertionTokenGranter(OAuth2TokenEntityService tokenServices, ClientDetailsEntityService clientDetailsService) {
|
||||
super(tokenServices, clientDetailsService, grantType);
|
||||
super(tokenServices, clientDetailsService, grantType, authorizationRequestManager);
|
||||
this.tokenServices = tokenServices;
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -0,0 +1,195 @@
|
|||
package org.mitre.openid.connect;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
import org.mitre.openid.connect.model.ApprovedSite;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.oauth2.provider.AuthorizationRequest;
|
||||
|
||||
import com.google.common.collect.Maps;
|
||||
import com.google.common.collect.Sets;
|
||||
|
||||
public class ConnectAuthorizationRequest implements AuthorizationRequest {
|
||||
|
||||
//SECOAUTH interface parameters
|
||||
private Map<String, String> authorizationParameters;
|
||||
private Map<String, String> approvalParameters;
|
||||
private String clientId;
|
||||
private Set<String> scope;
|
||||
private Set<String> resourceIds;
|
||||
private Collection<? extends GrantedAuthority> authorities;
|
||||
private boolean approved = false;
|
||||
private String state;
|
||||
private String redirectUri;
|
||||
private Set<String> responseTypes;
|
||||
|
||||
//Extra parameters
|
||||
private ApprovedSite approvedSite; //See issue 230
|
||||
|
||||
/**
|
||||
* Default constructor. Initialize maps & sets.
|
||||
*/
|
||||
public ConnectAuthorizationRequest() {
|
||||
authorizationParameters = Maps.newHashMap();
|
||||
approvalParameters = Maps.newHashMap();
|
||||
scope = Sets.newHashSet();
|
||||
resourceIds = Sets.newHashSet();
|
||||
authorities = Sets.newHashSet();
|
||||
responseTypes = Sets.newHashSet();
|
||||
}
|
||||
|
||||
/**
|
||||
* Constructor.
|
||||
*
|
||||
* @param authorizationParameters
|
||||
* @param approvalParameters
|
||||
* @param clientId
|
||||
* @param scope
|
||||
* @param resourceIds
|
||||
* @param authorities
|
||||
* @param approved
|
||||
* @param state
|
||||
* @param redirectUri
|
||||
* @param responseTypes
|
||||
*/
|
||||
public ConnectAuthorizationRequest(Map<String, String> authorizationParameters, Map<String, String> approvalParameters, String clientId, Set<String> scope, Set<String> resourceIds,
|
||||
Collection<? extends GrantedAuthority> authorities, boolean approved, String state, String redirectUri, Set<String> responseTypes) {
|
||||
this.authorizationParameters = authorizationParameters;
|
||||
this.approvalParameters = approvalParameters;
|
||||
this.clientId = clientId;
|
||||
this.scope = scope;
|
||||
this.resourceIds = resourceIds;
|
||||
this.authorities = authorities;
|
||||
this.approved = approved;
|
||||
this.state = state;
|
||||
this.redirectUri = redirectUri;
|
||||
this.responseTypes = responseTypes;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Map<String, String> getAuthorizationParameters() {
|
||||
return authorizationParameters;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setAuthorizationParameters(Map<String, String> authorizationParameters) {
|
||||
this.authorizationParameters = authorizationParameters;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Map<String, String> getApprovalParameters() {
|
||||
return approvalParameters;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setApprovalParameters(Map<String, String> approvalParameters) {
|
||||
this.approvalParameters = approvalParameters;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getClientId() {
|
||||
return clientId;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setClientId(String clientId) {
|
||||
this.clientId = clientId;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Set<String> getScope() {
|
||||
return scope;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setScope(Set<String> scope) {
|
||||
this.scope = scope;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Set<String> getResourceIds() {
|
||||
return resourceIds;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setResourceIds(Set<String> resourceIds) {
|
||||
this.resourceIds = resourceIds;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Collection<? extends GrantedAuthority> getAuthorities() {
|
||||
return authorities;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setAuthorities(Collection<? extends GrantedAuthority> authorities) {
|
||||
this.authorities = authorities;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isApproved() {
|
||||
return approved;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setApproved(boolean approved) {
|
||||
this.approved = approved;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isDenied() {
|
||||
return !approved;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setDenied(boolean denied) {
|
||||
this.approved = !denied;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getState() {
|
||||
return state;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setState(String state) {
|
||||
this.state = state;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getRedirectUri() {
|
||||
return redirectUri;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setRedirectUri(String redirectUri) {
|
||||
this.redirectUri = redirectUri;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Set<String> getResponseTypes() {
|
||||
return responseTypes;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void setResponseTypes(Set<String> responseTypes) {
|
||||
this.responseTypes = responseTypes;
|
||||
}
|
||||
|
||||
/**
|
||||
* @return the approvedSite
|
||||
*/
|
||||
public ApprovedSite getApprovedSite() {
|
||||
return approvedSite;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param approvedSite the approvedSite to set
|
||||
*/
|
||||
public void setApprovedSite(ApprovedSite approvedSite) {
|
||||
this.approvedSite = approvedSite;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -215,8 +215,7 @@ public class ConnectAuthorizationRequestManager implements AuthorizationRequestM
|
|||
}
|
||||
|
||||
} catch (ParseException e) {
|
||||
// TODO Auto-generated catch block
|
||||
e.printStackTrace();
|
||||
logger.error("ParseException while parsing RequestObject:", e);
|
||||
}
|
||||
return parameters;
|
||||
}
|
||||
|
|
@ -235,4 +234,20 @@ public class ConnectAuthorizationRequestManager implements AuthorizationRequestM
|
|||
}
|
||||
}
|
||||
|
||||
@Override
|
||||
public AuthorizationRequest createFromExisting(AuthorizationRequest original) {
|
||||
ConnectAuthorizationRequest copy
|
||||
= new ConnectAuthorizationRequest(original.getAuthorizationParameters(), original.getApprovalParameters(),
|
||||
original.getClientId(), original.getScope(), original.getResourceIds(),
|
||||
original.getAuthorities(),original.isApproved(), original.getState(),
|
||||
original.getRedirectUri(), original.getResponseTypes());
|
||||
|
||||
//If original is a ConnectAuthorizationRequest, preserve extra properties
|
||||
if (original instanceof ConnectAuthorizationRequest) {
|
||||
copy.setApprovedSite(((ConnectAuthorizationRequest) original).getApprovedSite());
|
||||
}
|
||||
|
||||
return copy;
|
||||
}
|
||||
|
||||
}
|
||||
|
|
|
|||
|
|
@ -2,6 +2,7 @@
|
|||
|
||||
package org.mitre.openid.connect.web;
|
||||
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
|
|
@ -24,7 +25,8 @@ import org.springframework.http.HttpStatus;
|
|||
import org.springframework.security.access.prepost.PreAuthorize;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||
import org.springframework.security.oauth2.provider.DefaultAuthorizationRequest;
|
||||
import org.springframework.security.oauth2.provider.AuthorizationRequest;
|
||||
import org.springframework.security.oauth2.provider.AuthorizationRequestManager;
|
||||
import org.springframework.security.oauth2.provider.OAuth2Authentication;
|
||||
import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails;
|
||||
import org.springframework.stereotype.Controller;
|
||||
|
|
@ -35,6 +37,7 @@ import org.springframework.web.bind.annotation.RequestMapping;
|
|||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
|
||||
import com.google.common.base.Splitter;
|
||||
import com.google.common.collect.Maps;
|
||||
import com.google.common.collect.Sets;
|
||||
import com.google.gson.Gson;
|
||||
import com.google.gson.JsonElement;
|
||||
|
|
@ -56,6 +59,9 @@ public class ClientDynamicRegistrationEndpoint {
|
|||
@Autowired
|
||||
private SystemScopeService scopeService;
|
||||
|
||||
@Autowired
|
||||
private AuthorizationRequestManager authorizationRequestManager;
|
||||
|
||||
private static Logger logger = LoggerFactory.getLogger(ClientDynamicRegistrationEndpoint.class);
|
||||
private JsonParser parser = new JsonParser();
|
||||
private Gson gson = new Gson();
|
||||
|
|
@ -460,11 +466,13 @@ public class ClientDynamicRegistrationEndpoint {
|
|||
* @throws AuthenticationException
|
||||
*/
|
||||
private OAuth2AccessTokenEntity createRegistrationAccessToken(ClientDetailsEntity client) throws AuthenticationException {
|
||||
// create a registration access token, treat it like a client credentials flow
|
||||
// I can't use the auth request interface here because it has no setters and bad constructors -- THIS IS BAD API DESIGN
|
||||
DefaultAuthorizationRequest authorizationRequest = new DefaultAuthorizationRequest(client.getClientId(), Sets.newHashSet(OAuth2AccessTokenEntity.REGISTRATION_TOKEN_SCOPE));
|
||||
authorizationRequest.setApproved(true);
|
||||
authorizationRequest.setAuthorities(Sets.newHashSet(new SimpleGrantedAuthority("ROLE_CLIENT")));
|
||||
|
||||
Map<String, String> authorizationParameters = Maps.newHashMap();
|
||||
authorizationParameters.put("client_id", client.getClientId());
|
||||
authorizationParameters.put("scope", OAuth2AccessTokenEntity.REGISTRATION_TOKEN_SCOPE);
|
||||
AuthorizationRequest authorizationRequest = authorizationRequestManager.createAuthorizationRequest(authorizationParameters);
|
||||
authorizationRequest.setApproved(true);
|
||||
authorizationRequest.setAuthorities(Sets.newHashSet(new SimpleGrantedAuthority("ROLE_CLIENT")));
|
||||
OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest, null);
|
||||
OAuth2AccessTokenEntity registrationAccessToken = (OAuth2AccessTokenEntity) tokenService.createAccessToken(authentication);
|
||||
return registrationAccessToken;
|
||||
|
|
|
|||
|
|
@ -1 +1 @@
|
|||
Subproject commit 2e9815d05ed695df42b6966be86c2a47a8ab5f51
|
||||
Subproject commit a063a7e0f2e622d93f5facf474e9c1d0c8e37603
|
||||
Loading…
Reference in New Issue