Cleaned up classes affected by SECOAUTH changes; added Connect implementation of AuthorizationRequest and updated manager class to reflect new class & updated interface;

;

openid-connect-server/src/main/java/org/mitre/oauth2/token/ChainedTokenGranter.java

@@ -15,6 +15,7 @@ import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.oauth2.common.exceptions.InvalidScopeException;
 import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
 import org.springframework.security.oauth2.provider.AuthorizationRequest;
+import org.springframework.security.oauth2.provider.AuthorizationRequestManager;
 import org.springframework.security.oauth2.provider.DefaultAuthorizationRequest;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.security.oauth2.provider.token.AbstractTokenGranter;
@@ -31,6 +32,9 @@ public class ChainedTokenGranter extends AbstractTokenGranter {
 
 	private static final String grantType = "urn:ietf:params:oauth:grant_type:redelegate";
 
+	@Autowired
+	private static AuthorizationRequestManager authorizationRequestManager;
+	
 	// keep down-cast versions so we can get to the right queries
 	private OAuth2TokenEntityService tokenServices;
 	
@@ -41,7 +45,7 @@ public class ChainedTokenGranter extends AbstractTokenGranter {
 	 */
 	@Autowired
 	public ChainedTokenGranter(OAuth2TokenEntityService tokenServices, ClientDetailsEntityService clientDetailsService) {
-		super(tokenServices, clientDetailsService, grantType);
+		super(tokenServices, clientDetailsService, grantType, authorizationRequestManager);
 		this.tokenServices = tokenServices;
 	}
 

openid-connect-server/src/main/java/org/mitre/oauth2/token/JwtAssertionTokenGranter.java

@@ -3,7 +3,6 @@
  */
 package org.mitre.oauth2.token;
 
-import java.security.NoSuchAlgorithmException;
 import java.text.ParseException;
 import java.util.Date;
 
@@ -19,6 +18,7 @@ import org.springframework.security.oauth2.common.OAuth2AccessToken;
 import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
 import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
 import org.springframework.security.oauth2.provider.AuthorizationRequest;
+import org.springframework.security.oauth2.provider.AuthorizationRequestManager;
 import org.springframework.security.oauth2.provider.token.AbstractTokenGranter;
 import org.springframework.stereotype.Component;
 
@@ -46,9 +46,12 @@ public class JwtAssertionTokenGranter extends AbstractTokenGranter {
 	@Autowired
 	private ConfigurationPropertiesBean config;
 	
+	@Autowired
+	private static AuthorizationRequestManager authorizationRequestManager;	
+	
 	@Autowired
 	public JwtAssertionTokenGranter(OAuth2TokenEntityService tokenServices, ClientDetailsEntityService clientDetailsService) {
-	    super(tokenServices, clientDetailsService, grantType);
+	    super(tokenServices, clientDetailsService, grantType, authorizationRequestManager);
 	    this.tokenServices = tokenServices;
     }
 

openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectAuthorizationRequest.java

@@ -0,0 +1,195 @@
+package org.mitre.openid.connect;
+
+import java.util.Collection;
+import java.util.Map;
+import java.util.Set;
+
+import org.mitre.openid.connect.model.ApprovedSite;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.oauth2.provider.AuthorizationRequest;
+
+import com.google.common.collect.Maps;
+import com.google.common.collect.Sets;
+
+public class ConnectAuthorizationRequest implements AuthorizationRequest {
+
+	//SECOAUTH interface parameters
+	private Map<String, String> authorizationParameters;
+	private Map<String, String> approvalParameters;
+	private String clientId;
+	private Set<String> scope;
+	private Set<String> resourceIds;
+	private Collection<? extends GrantedAuthority> authorities;
+	private boolean approved = false;
+	private String state;
+	private String redirectUri;
+	private Set<String> responseTypes;
+	
+	//Extra parameters
+	private ApprovedSite approvedSite; //See issue 230
+	
+	/**
+	 * Default constructor. Initialize maps & sets.
+	 */
+	public ConnectAuthorizationRequest() {
+		authorizationParameters = Maps.newHashMap();
+		approvalParameters = Maps.newHashMap();
+		scope = Sets.newHashSet();
+		resourceIds = Sets.newHashSet();
+		authorities = Sets.newHashSet();
+		responseTypes = Sets.newHashSet();
+	}
+	
+	/**
+	 * Constructor.
+	 * 
+	 * @param authorizationParameters
+	 * @param approvalParameters
+	 * @param clientId
+	 * @param scope
+	 * @param resourceIds
+	 * @param authorities
+	 * @param approved
+	 * @param state
+	 * @param redirectUri
+	 * @param responseTypes
+	 */
+	public ConnectAuthorizationRequest(Map<String, String> authorizationParameters, Map<String, String> approvalParameters, String clientId, Set<String> scope, Set<String> resourceIds,
+										Collection<? extends GrantedAuthority> authorities, boolean approved, String state, String redirectUri, Set<String> responseTypes) {
+		this.authorizationParameters = authorizationParameters;
+		this.approvalParameters = approvalParameters;
+		this.clientId = clientId;
+		this.scope = scope;
+		this.resourceIds = resourceIds;
+		this.authorities = authorities;
+		this.approved = approved;
+		this.state = state;
+		this.redirectUri = redirectUri;
+		this.responseTypes = responseTypes;
+	}
+	
+	@Override
+ 	public Map<String, String> getAuthorizationParameters() {
+		return authorizationParameters;
+	}
+
+	@Override
+	public void setAuthorizationParameters(Map<String, String> authorizationParameters) {
+		this.authorizationParameters = authorizationParameters;
+	}
+
+	@Override
+	public Map<String, String> getApprovalParameters() {
+		return approvalParameters;
+	}
+
+	@Override
+	public void setApprovalParameters(Map<String, String> approvalParameters) {
+		this.approvalParameters = approvalParameters;
+	}
+
+	@Override
+	public String getClientId() {
+		return clientId;
+	}
+
+	@Override
+	public void setClientId(String clientId) {
+		this.clientId = clientId;
+	}
+
+	@Override
+	public Set<String> getScope() {
+		return scope;
+	}
+	
+	@Override
+	public void setScope(Set<String> scope) {
+		this.scope = scope;
+	}
+
+	@Override
+	public Set<String> getResourceIds() {
+		return resourceIds;
+	}
+
+	@Override
+	public void setResourceIds(Set<String> resourceIds) {
+		this.resourceIds = resourceIds;
+	}
+
+	@Override
+	public Collection<? extends GrantedAuthority> getAuthorities() {
+		return authorities;
+	}
+
+	@Override
+	public void setAuthorities(Collection<? extends GrantedAuthority> authorities) {
+		this.authorities = authorities;
+	}
+
+	@Override
+	public boolean isApproved() {
+		return approved;
+	}
+
+	@Override
+	public void setApproved(boolean approved) {
+		this.approved = approved;
+	}
+
+	@Override
+	public boolean isDenied() {
+		return !approved;
+	}
+
+	@Override
+	public void setDenied(boolean denied) {
+		this.approved = !denied;
+	}
+
+	@Override
+	public String getState() {
+		return state;
+	}
+
+	@Override
+	public void setState(String state) {
+		this.state = state;
+	}
+
+	@Override
+	public String getRedirectUri() {
+		return redirectUri;
+	}
+
+	@Override
+	public void setRedirectUri(String redirectUri) {
+		this.redirectUri = redirectUri;
+	}
+
+	@Override
+	public Set<String> getResponseTypes() {
+		return responseTypes;
+	}
+
+	@Override
+	public void setResponseTypes(Set<String> responseTypes) {
+		this.responseTypes = responseTypes;
+	}
+
+	/**
+	 * @return the approvedSite
+	 */
+	public ApprovedSite getApprovedSite() {
+		return approvedSite;
+	}
+
+	/**
+	 * @param approvedSite the approvedSite to set
+	 */
+	public void setApprovedSite(ApprovedSite approvedSite) {
+		this.approvedSite = approvedSite;
+	}
+
+}

openid-connect-server/src/main/java/org/mitre/openid/connect/ConnectAuthorizationRequestManager.java

@@ -215,8 +215,7 @@ public class ConnectAuthorizationRequestManager implements AuthorizationRequestM
 			}
 		
         } catch (ParseException e) {
-        	// TODO Auto-generated catch block
+        	logger.error("ParseException while parsing RequestObject:", e);
-        	e.printStackTrace();
         }
 		return parameters;
     }
@@ -235,4 +234,20 @@ public class ConnectAuthorizationRequestManager implements AuthorizationRequestM
 		}
 	}
 
+	@Override
+	public AuthorizationRequest createFromExisting(AuthorizationRequest original) {
+		ConnectAuthorizationRequest copy 
+				= new ConnectAuthorizationRequest(original.getAuthorizationParameters(), original.getApprovalParameters(), 
+				original.getClientId(), original.getScope(), original.getResourceIds(),
+				original.getAuthorities(),original.isApproved(), original.getState(), 
+				original.getRedirectUri(), original.getResponseTypes());
+		
+		//If original is a ConnectAuthorizationRequest, preserve extra properties
+		if (original instanceof ConnectAuthorizationRequest) {
+			copy.setApprovedSite(((ConnectAuthorizationRequest) original).getApprovedSite());
+		}
+		
+		return copy;
+	}
+
 }

openid-connect-server/src/main/java/org/mitre/openid/connect/web/ClientDynamicRegistrationEndpoint.java

@@ -2,6 +2,7 @@
 
 package org.mitre.openid.connect.web;
 
+import java.util.Map;
 import java.util.Set;
 import java.util.concurrent.TimeUnit;
 
@@ -24,7 +25,8 @@ import org.springframework.http.HttpStatus;
 import org.springframework.security.access.prepost.PreAuthorize;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
-import org.springframework.security.oauth2.provider.DefaultAuthorizationRequest;
+import org.springframework.security.oauth2.provider.AuthorizationRequest;
+import org.springframework.security.oauth2.provider.AuthorizationRequestManager;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
 import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails;
 import org.springframework.stereotype.Controller;
@@ -35,6 +37,7 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 
 import com.google.common.base.Splitter;
+import com.google.common.collect.Maps;
 import com.google.common.collect.Sets;
 import com.google.gson.Gson;
 import com.google.gson.JsonElement;
@@ -56,6 +59,9 @@ public class ClientDynamicRegistrationEndpoint {
 	@Autowired
 	private SystemScopeService scopeService;
 	
+	@Autowired
+	private AuthorizationRequestManager authorizationRequestManager;
+	
 	private static Logger logger = LoggerFactory.getLogger(ClientDynamicRegistrationEndpoint.class);
 	private JsonParser parser = new JsonParser();
 	private Gson gson = new Gson();
@@ -460,9 +466,11 @@ public class ClientDynamicRegistrationEndpoint {
      * @throws AuthenticationException
      */
     private OAuth2AccessTokenEntity createRegistrationAccessToken(ClientDetailsEntity client) throws AuthenticationException {
-	    // create a registration access token, treat it like a client credentials flow
+    	
-		// I can't use the auth request interface here because it has no setters and bad constructors -- THIS IS BAD API DESIGN
+    	Map<String, String> authorizationParameters = Maps.newHashMap();
-		DefaultAuthorizationRequest authorizationRequest = new DefaultAuthorizationRequest(client.getClientId(), Sets.newHashSet(OAuth2AccessTokenEntity.REGISTRATION_TOKEN_SCOPE));
+    	authorizationParameters.put("client_id", client.getClientId());
+    	authorizationParameters.put("scope", OAuth2AccessTokenEntity.REGISTRATION_TOKEN_SCOPE);
+    	AuthorizationRequest authorizationRequest = authorizationRequestManager.createAuthorizationRequest(authorizationParameters);
     	authorizationRequest.setApproved(true);
     	authorizationRequest.setAuthorities(Sets.newHashSet(new SimpleGrantedAuthority("ROLE_CLIENT")));
 		OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest, null);

spring-security-oauth

@@ -1 +1 @@
-Subproject commit 2e9815d05ed695df42b6966be86c2a47a8ab5f51
+Subproject commit a063a7e0f2e622d93f5facf474e9c1d0c8e37603