From e17eaa499e052faaf51dbdbfff18ce0a9e330517 Mon Sep 17 00:00:00 2001 From: Amanda Anganes Date: Mon, 8 Apr 2013 10:13:27 -0400 Subject: [PATCH] Cleaned up classes affected by SECOAUTH changes; added Connect implementation of AuthorizationRequest and updated manager class to reflect new class & updated interface; ; --- .../oauth2/token/ChainedTokenGranter.java | 6 +- .../token/JwtAssertionTokenGranter.java | 7 +- .../connect/ConnectAuthorizationRequest.java | 195 ++++++++++++++++++ .../ConnectAuthorizationRequestManager.java | 19 +- .../ClientDynamicRegistrationEndpoint.java | 20 +- spring-security-oauth | 2 +- 6 files changed, 237 insertions(+), 12 deletions(-) create mode 100644 openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectAuthorizationRequest.java diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/token/ChainedTokenGranter.java b/openid-connect-server/src/main/java/org/mitre/oauth2/token/ChainedTokenGranter.java index 670fbc332..a183ad34d 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/token/ChainedTokenGranter.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/token/ChainedTokenGranter.java @@ -15,6 +15,7 @@ import org.springframework.security.core.AuthenticationException; import org.springframework.security.oauth2.common.exceptions.InvalidScopeException; import org.springframework.security.oauth2.common.exceptions.InvalidTokenException; import org.springframework.security.oauth2.provider.AuthorizationRequest; +import org.springframework.security.oauth2.provider.AuthorizationRequestManager; import org.springframework.security.oauth2.provider.DefaultAuthorizationRequest; import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.security.oauth2.provider.token.AbstractTokenGranter; @@ -31,6 +32,9 @@ public class ChainedTokenGranter extends AbstractTokenGranter { private static final String grantType = "urn:ietf:params:oauth:grant_type:redelegate"; + @Autowired + private static AuthorizationRequestManager authorizationRequestManager; + // keep down-cast versions so we can get to the right queries private OAuth2TokenEntityService tokenServices; @@ -41,7 +45,7 @@ public class ChainedTokenGranter extends AbstractTokenGranter { */ @Autowired public ChainedTokenGranter(OAuth2TokenEntityService tokenServices, ClientDetailsEntityService clientDetailsService) { - super(tokenServices, clientDetailsService, grantType); + super(tokenServices, clientDetailsService, grantType, authorizationRequestManager); this.tokenServices = tokenServices; } diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/token/JwtAssertionTokenGranter.java b/openid-connect-server/src/main/java/org/mitre/oauth2/token/JwtAssertionTokenGranter.java index edc9d7207..b3fc7d884 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/token/JwtAssertionTokenGranter.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/token/JwtAssertionTokenGranter.java @@ -3,7 +3,6 @@ */ package org.mitre.oauth2.token; -import java.security.NoSuchAlgorithmException; import java.text.ParseException; import java.util.Date; @@ -19,6 +18,7 @@ import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.common.exceptions.InvalidClientException; import org.springframework.security.oauth2.common.exceptions.InvalidTokenException; import org.springframework.security.oauth2.provider.AuthorizationRequest; +import org.springframework.security.oauth2.provider.AuthorizationRequestManager; import org.springframework.security.oauth2.provider.token.AbstractTokenGranter; import org.springframework.stereotype.Component; @@ -46,9 +46,12 @@ public class JwtAssertionTokenGranter extends AbstractTokenGranter { @Autowired private ConfigurationPropertiesBean config; + @Autowired + private static AuthorizationRequestManager authorizationRequestManager; + @Autowired public JwtAssertionTokenGranter(OAuth2TokenEntityService tokenServices, ClientDetailsEntityService clientDetailsService) { - super(tokenServices, clientDetailsService, grantType); + super(tokenServices, clientDetailsService, grantType, authorizationRequestManager); this.tokenServices = tokenServices; } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectAuthorizationRequest.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectAuthorizationRequest.java new file mode 100644 index 000000000..af8537be9 --- /dev/null +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectAuthorizationRequest.java @@ -0,0 +1,195 @@ +package org.mitre.openid.connect; + +import java.util.Collection; +import java.util.Map; +import java.util.Set; + +import org.mitre.openid.connect.model.ApprovedSite; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.oauth2.provider.AuthorizationRequest; + +import com.google.common.collect.Maps; +import com.google.common.collect.Sets; + +public class ConnectAuthorizationRequest implements AuthorizationRequest { + + //SECOAUTH interface parameters + private Map authorizationParameters; + private Map approvalParameters; + private String clientId; + private Set scope; + private Set resourceIds; + private Collection authorities; + private boolean approved = false; + private String state; + private String redirectUri; + private Set responseTypes; + + //Extra parameters + private ApprovedSite approvedSite; //See issue 230 + + /** + * Default constructor. Initialize maps & sets. + */ + public ConnectAuthorizationRequest() { + authorizationParameters = Maps.newHashMap(); + approvalParameters = Maps.newHashMap(); + scope = Sets.newHashSet(); + resourceIds = Sets.newHashSet(); + authorities = Sets.newHashSet(); + responseTypes = Sets.newHashSet(); + } + + /** + * Constructor. + * + * @param authorizationParameters + * @param approvalParameters + * @param clientId + * @param scope + * @param resourceIds + * @param authorities + * @param approved + * @param state + * @param redirectUri + * @param responseTypes + */ + public ConnectAuthorizationRequest(Map authorizationParameters, Map approvalParameters, String clientId, Set scope, Set resourceIds, + Collection authorities, boolean approved, String state, String redirectUri, Set responseTypes) { + this.authorizationParameters = authorizationParameters; + this.approvalParameters = approvalParameters; + this.clientId = clientId; + this.scope = scope; + this.resourceIds = resourceIds; + this.authorities = authorities; + this.approved = approved; + this.state = state; + this.redirectUri = redirectUri; + this.responseTypes = responseTypes; + } + + @Override + public Map getAuthorizationParameters() { + return authorizationParameters; + } + + @Override + public void setAuthorizationParameters(Map authorizationParameters) { + this.authorizationParameters = authorizationParameters; + } + + @Override + public Map getApprovalParameters() { + return approvalParameters; + } + + @Override + public void setApprovalParameters(Map approvalParameters) { + this.approvalParameters = approvalParameters; + } + + @Override + public String getClientId() { + return clientId; + } + + @Override + public void setClientId(String clientId) { + this.clientId = clientId; + } + + @Override + public Set getScope() { + return scope; + } + + @Override + public void setScope(Set scope) { + this.scope = scope; + } + + @Override + public Set getResourceIds() { + return resourceIds; + } + + @Override + public void setResourceIds(Set resourceIds) { + this.resourceIds = resourceIds; + } + + @Override + public Collection getAuthorities() { + return authorities; + } + + @Override + public void setAuthorities(Collection authorities) { + this.authorities = authorities; + } + + @Override + public boolean isApproved() { + return approved; + } + + @Override + public void setApproved(boolean approved) { + this.approved = approved; + } + + @Override + public boolean isDenied() { + return !approved; + } + + @Override + public void setDenied(boolean denied) { + this.approved = !denied; + } + + @Override + public String getState() { + return state; + } + + @Override + public void setState(String state) { + this.state = state; + } + + @Override + public String getRedirectUri() { + return redirectUri; + } + + @Override + public void setRedirectUri(String redirectUri) { + this.redirectUri = redirectUri; + } + + @Override + public Set getResponseTypes() { + return responseTypes; + } + + @Override + public void setResponseTypes(Set responseTypes) { + this.responseTypes = responseTypes; + } + + /** + * @return the approvedSite + */ + public ApprovedSite getApprovedSite() { + return approvedSite; + } + + /** + * @param approvedSite the approvedSite to set + */ + public void setApprovedSite(ApprovedSite approvedSite) { + this.approvedSite = approvedSite; + } + +} diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectAuthorizationRequestManager.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectAuthorizationRequestManager.java index ecc12d3e3..163acae69 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectAuthorizationRequestManager.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectAuthorizationRequestManager.java @@ -215,8 +215,7 @@ public class ConnectAuthorizationRequestManager implements AuthorizationRequestM } } catch (ParseException e) { - // TODO Auto-generated catch block - e.printStackTrace(); + logger.error("ParseException while parsing RequestObject:", e); } return parameters; } @@ -235,4 +234,20 @@ public class ConnectAuthorizationRequestManager implements AuthorizationRequestM } } + @Override + public AuthorizationRequest createFromExisting(AuthorizationRequest original) { + ConnectAuthorizationRequest copy + = new ConnectAuthorizationRequest(original.getAuthorizationParameters(), original.getApprovalParameters(), + original.getClientId(), original.getScope(), original.getResourceIds(), + original.getAuthorities(),original.isApproved(), original.getState(), + original.getRedirectUri(), original.getResponseTypes()); + + //If original is a ConnectAuthorizationRequest, preserve extra properties + if (original instanceof ConnectAuthorizationRequest) { + copy.setApprovedSite(((ConnectAuthorizationRequest) original).getApprovedSite()); + } + + return copy; + } + } diff --git a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java index 83cf323be..4217aaa73 100644 --- a/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java +++ b/openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java @@ -2,6 +2,7 @@ package org.mitre.openid.connect.web; +import java.util.Map; import java.util.Set; import java.util.concurrent.TimeUnit; @@ -24,7 +25,8 @@ import org.springframework.http.HttpStatus; import org.springframework.security.access.prepost.PreAuthorize; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.authority.SimpleGrantedAuthority; -import org.springframework.security.oauth2.provider.DefaultAuthorizationRequest; +import org.springframework.security.oauth2.provider.AuthorizationRequest; +import org.springframework.security.oauth2.provider.AuthorizationRequestManager; import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails; import org.springframework.stereotype.Controller; @@ -35,6 +37,7 @@ import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; import com.google.common.base.Splitter; +import com.google.common.collect.Maps; import com.google.common.collect.Sets; import com.google.gson.Gson; import com.google.gson.JsonElement; @@ -56,6 +59,9 @@ public class ClientDynamicRegistrationEndpoint { @Autowired private SystemScopeService scopeService; + @Autowired + private AuthorizationRequestManager authorizationRequestManager; + private static Logger logger = LoggerFactory.getLogger(ClientDynamicRegistrationEndpoint.class); private JsonParser parser = new JsonParser(); private Gson gson = new Gson(); @@ -460,11 +466,13 @@ public class ClientDynamicRegistrationEndpoint { * @throws AuthenticationException */ private OAuth2AccessTokenEntity createRegistrationAccessToken(ClientDetailsEntity client) throws AuthenticationException { - // create a registration access token, treat it like a client credentials flow - // I can't use the auth request interface here because it has no setters and bad constructors -- THIS IS BAD API DESIGN - DefaultAuthorizationRequest authorizationRequest = new DefaultAuthorizationRequest(client.getClientId(), Sets.newHashSet(OAuth2AccessTokenEntity.REGISTRATION_TOKEN_SCOPE)); - authorizationRequest.setApproved(true); - authorizationRequest.setAuthorities(Sets.newHashSet(new SimpleGrantedAuthority("ROLE_CLIENT"))); + + Map authorizationParameters = Maps.newHashMap(); + authorizationParameters.put("client_id", client.getClientId()); + authorizationParameters.put("scope", OAuth2AccessTokenEntity.REGISTRATION_TOKEN_SCOPE); + AuthorizationRequest authorizationRequest = authorizationRequestManager.createAuthorizationRequest(authorizationParameters); + authorizationRequest.setApproved(true); + authorizationRequest.setAuthorities(Sets.newHashSet(new SimpleGrantedAuthority("ROLE_CLIENT"))); OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest, null); OAuth2AccessTokenEntity registrationAccessToken = (OAuth2AccessTokenEntity) tokenService.createAccessToken(authentication); return registrationAccessToken; diff --git a/spring-security-oauth b/spring-security-oauth index 2e9815d05..a063a7e0f 160000 --- a/spring-security-oauth +++ b/spring-security-oauth @@ -1 +1 @@ -Subproject commit 2e9815d05ed695df42b6966be86c2a47a8ab5f51 +Subproject commit a063a7e0f2e622d93f5facf474e9c1d0c8e37603