Cleaned up classes affected by SECOAUTH changes; added Connect implementation of AuthorizationRequest and updated manager class to reflect new class & updated interface;
;pull/340/head
parent
5cff31bdbc
commit
e17eaa499e
|
@ -15,6 +15,7 @@ import org.springframework.security.core.AuthenticationException;
|
||||||
import org.springframework.security.oauth2.common.exceptions.InvalidScopeException;
|
import org.springframework.security.oauth2.common.exceptions.InvalidScopeException;
|
||||||
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
|
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
|
||||||
import org.springframework.security.oauth2.provider.AuthorizationRequest;
|
import org.springframework.security.oauth2.provider.AuthorizationRequest;
|
||||||
|
import org.springframework.security.oauth2.provider.AuthorizationRequestManager;
|
||||||
import org.springframework.security.oauth2.provider.DefaultAuthorizationRequest;
|
import org.springframework.security.oauth2.provider.DefaultAuthorizationRequest;
|
||||||
import org.springframework.security.oauth2.provider.OAuth2Authentication;
|
import org.springframework.security.oauth2.provider.OAuth2Authentication;
|
||||||
import org.springframework.security.oauth2.provider.token.AbstractTokenGranter;
|
import org.springframework.security.oauth2.provider.token.AbstractTokenGranter;
|
||||||
|
@ -31,6 +32,9 @@ public class ChainedTokenGranter extends AbstractTokenGranter {
|
||||||
|
|
||||||
private static final String grantType = "urn:ietf:params:oauth:grant_type:redelegate";
|
private static final String grantType = "urn:ietf:params:oauth:grant_type:redelegate";
|
||||||
|
|
||||||
|
@Autowired
|
||||||
|
private static AuthorizationRequestManager authorizationRequestManager;
|
||||||
|
|
||||||
// keep down-cast versions so we can get to the right queries
|
// keep down-cast versions so we can get to the right queries
|
||||||
private OAuth2TokenEntityService tokenServices;
|
private OAuth2TokenEntityService tokenServices;
|
||||||
|
|
||||||
|
@ -41,7 +45,7 @@ public class ChainedTokenGranter extends AbstractTokenGranter {
|
||||||
*/
|
*/
|
||||||
@Autowired
|
@Autowired
|
||||||
public ChainedTokenGranter(OAuth2TokenEntityService tokenServices, ClientDetailsEntityService clientDetailsService) {
|
public ChainedTokenGranter(OAuth2TokenEntityService tokenServices, ClientDetailsEntityService clientDetailsService) {
|
||||||
super(tokenServices, clientDetailsService, grantType);
|
super(tokenServices, clientDetailsService, grantType, authorizationRequestManager);
|
||||||
this.tokenServices = tokenServices;
|
this.tokenServices = tokenServices;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -3,7 +3,6 @@
|
||||||
*/
|
*/
|
||||||
package org.mitre.oauth2.token;
|
package org.mitre.oauth2.token;
|
||||||
|
|
||||||
import java.security.NoSuchAlgorithmException;
|
|
||||||
import java.text.ParseException;
|
import java.text.ParseException;
|
||||||
import java.util.Date;
|
import java.util.Date;
|
||||||
|
|
||||||
|
@ -19,6 +18,7 @@ import org.springframework.security.oauth2.common.OAuth2AccessToken;
|
||||||
import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
|
import org.springframework.security.oauth2.common.exceptions.InvalidClientException;
|
||||||
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
|
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
|
||||||
import org.springframework.security.oauth2.provider.AuthorizationRequest;
|
import org.springframework.security.oauth2.provider.AuthorizationRequest;
|
||||||
|
import org.springframework.security.oauth2.provider.AuthorizationRequestManager;
|
||||||
import org.springframework.security.oauth2.provider.token.AbstractTokenGranter;
|
import org.springframework.security.oauth2.provider.token.AbstractTokenGranter;
|
||||||
import org.springframework.stereotype.Component;
|
import org.springframework.stereotype.Component;
|
||||||
|
|
||||||
|
@ -46,9 +46,12 @@ public class JwtAssertionTokenGranter extends AbstractTokenGranter {
|
||||||
@Autowired
|
@Autowired
|
||||||
private ConfigurationPropertiesBean config;
|
private ConfigurationPropertiesBean config;
|
||||||
|
|
||||||
|
@Autowired
|
||||||
|
private static AuthorizationRequestManager authorizationRequestManager;
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
public JwtAssertionTokenGranter(OAuth2TokenEntityService tokenServices, ClientDetailsEntityService clientDetailsService) {
|
public JwtAssertionTokenGranter(OAuth2TokenEntityService tokenServices, ClientDetailsEntityService clientDetailsService) {
|
||||||
super(tokenServices, clientDetailsService, grantType);
|
super(tokenServices, clientDetailsService, grantType, authorizationRequestManager);
|
||||||
this.tokenServices = tokenServices;
|
this.tokenServices = tokenServices;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -0,0 +1,195 @@
|
||||||
|
package org.mitre.openid.connect;
|
||||||
|
|
||||||
|
import java.util.Collection;
|
||||||
|
import java.util.Map;
|
||||||
|
import java.util.Set;
|
||||||
|
|
||||||
|
import org.mitre.openid.connect.model.ApprovedSite;
|
||||||
|
import org.springframework.security.core.GrantedAuthority;
|
||||||
|
import org.springframework.security.oauth2.provider.AuthorizationRequest;
|
||||||
|
|
||||||
|
import com.google.common.collect.Maps;
|
||||||
|
import com.google.common.collect.Sets;
|
||||||
|
|
||||||
|
public class ConnectAuthorizationRequest implements AuthorizationRequest {
|
||||||
|
|
||||||
|
//SECOAUTH interface parameters
|
||||||
|
private Map<String, String> authorizationParameters;
|
||||||
|
private Map<String, String> approvalParameters;
|
||||||
|
private String clientId;
|
||||||
|
private Set<String> scope;
|
||||||
|
private Set<String> resourceIds;
|
||||||
|
private Collection<? extends GrantedAuthority> authorities;
|
||||||
|
private boolean approved = false;
|
||||||
|
private String state;
|
||||||
|
private String redirectUri;
|
||||||
|
private Set<String> responseTypes;
|
||||||
|
|
||||||
|
//Extra parameters
|
||||||
|
private ApprovedSite approvedSite; //See issue 230
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Default constructor. Initialize maps & sets.
|
||||||
|
*/
|
||||||
|
public ConnectAuthorizationRequest() {
|
||||||
|
authorizationParameters = Maps.newHashMap();
|
||||||
|
approvalParameters = Maps.newHashMap();
|
||||||
|
scope = Sets.newHashSet();
|
||||||
|
resourceIds = Sets.newHashSet();
|
||||||
|
authorities = Sets.newHashSet();
|
||||||
|
responseTypes = Sets.newHashSet();
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Constructor.
|
||||||
|
*
|
||||||
|
* @param authorizationParameters
|
||||||
|
* @param approvalParameters
|
||||||
|
* @param clientId
|
||||||
|
* @param scope
|
||||||
|
* @param resourceIds
|
||||||
|
* @param authorities
|
||||||
|
* @param approved
|
||||||
|
* @param state
|
||||||
|
* @param redirectUri
|
||||||
|
* @param responseTypes
|
||||||
|
*/
|
||||||
|
public ConnectAuthorizationRequest(Map<String, String> authorizationParameters, Map<String, String> approvalParameters, String clientId, Set<String> scope, Set<String> resourceIds,
|
||||||
|
Collection<? extends GrantedAuthority> authorities, boolean approved, String state, String redirectUri, Set<String> responseTypes) {
|
||||||
|
this.authorizationParameters = authorizationParameters;
|
||||||
|
this.approvalParameters = approvalParameters;
|
||||||
|
this.clientId = clientId;
|
||||||
|
this.scope = scope;
|
||||||
|
this.resourceIds = resourceIds;
|
||||||
|
this.authorities = authorities;
|
||||||
|
this.approved = approved;
|
||||||
|
this.state = state;
|
||||||
|
this.redirectUri = redirectUri;
|
||||||
|
this.responseTypes = responseTypes;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Map<String, String> getAuthorizationParameters() {
|
||||||
|
return authorizationParameters;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void setAuthorizationParameters(Map<String, String> authorizationParameters) {
|
||||||
|
this.authorizationParameters = authorizationParameters;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Map<String, String> getApprovalParameters() {
|
||||||
|
return approvalParameters;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void setApprovalParameters(Map<String, String> approvalParameters) {
|
||||||
|
this.approvalParameters = approvalParameters;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getClientId() {
|
||||||
|
return clientId;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void setClientId(String clientId) {
|
||||||
|
this.clientId = clientId;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Set<String> getScope() {
|
||||||
|
return scope;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void setScope(Set<String> scope) {
|
||||||
|
this.scope = scope;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Set<String> getResourceIds() {
|
||||||
|
return resourceIds;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void setResourceIds(Set<String> resourceIds) {
|
||||||
|
this.resourceIds = resourceIds;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Collection<? extends GrantedAuthority> getAuthorities() {
|
||||||
|
return authorities;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void setAuthorities(Collection<? extends GrantedAuthority> authorities) {
|
||||||
|
this.authorities = authorities;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean isApproved() {
|
||||||
|
return approved;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void setApproved(boolean approved) {
|
||||||
|
this.approved = approved;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean isDenied() {
|
||||||
|
return !approved;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void setDenied(boolean denied) {
|
||||||
|
this.approved = !denied;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getState() {
|
||||||
|
return state;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void setState(String state) {
|
||||||
|
this.state = state;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public String getRedirectUri() {
|
||||||
|
return redirectUri;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void setRedirectUri(String redirectUri) {
|
||||||
|
this.redirectUri = redirectUri;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Set<String> getResponseTypes() {
|
||||||
|
return responseTypes;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void setResponseTypes(Set<String> responseTypes) {
|
||||||
|
this.responseTypes = responseTypes;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @return the approvedSite
|
||||||
|
*/
|
||||||
|
public ApprovedSite getApprovedSite() {
|
||||||
|
return approvedSite;
|
||||||
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param approvedSite the approvedSite to set
|
||||||
|
*/
|
||||||
|
public void setApprovedSite(ApprovedSite approvedSite) {
|
||||||
|
this.approvedSite = approvedSite;
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
|
@ -215,8 +215,7 @@ public class ConnectAuthorizationRequestManager implements AuthorizationRequestM
|
||||||
}
|
}
|
||||||
|
|
||||||
} catch (ParseException e) {
|
} catch (ParseException e) {
|
||||||
// TODO Auto-generated catch block
|
logger.error("ParseException while parsing RequestObject:", e);
|
||||||
e.printStackTrace();
|
|
||||||
}
|
}
|
||||||
return parameters;
|
return parameters;
|
||||||
}
|
}
|
||||||
|
@ -235,4 +234,20 @@ public class ConnectAuthorizationRequestManager implements AuthorizationRequestM
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public AuthorizationRequest createFromExisting(AuthorizationRequest original) {
|
||||||
|
ConnectAuthorizationRequest copy
|
||||||
|
= new ConnectAuthorizationRequest(original.getAuthorizationParameters(), original.getApprovalParameters(),
|
||||||
|
original.getClientId(), original.getScope(), original.getResourceIds(),
|
||||||
|
original.getAuthorities(),original.isApproved(), original.getState(),
|
||||||
|
original.getRedirectUri(), original.getResponseTypes());
|
||||||
|
|
||||||
|
//If original is a ConnectAuthorizationRequest, preserve extra properties
|
||||||
|
if (original instanceof ConnectAuthorizationRequest) {
|
||||||
|
copy.setApprovedSite(((ConnectAuthorizationRequest) original).getApprovedSite());
|
||||||
|
}
|
||||||
|
|
||||||
|
return copy;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,6 +2,7 @@
|
||||||
|
|
||||||
package org.mitre.openid.connect.web;
|
package org.mitre.openid.connect.web;
|
||||||
|
|
||||||
|
import java.util.Map;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
import java.util.concurrent.TimeUnit;
|
import java.util.concurrent.TimeUnit;
|
||||||
|
|
||||||
|
@ -24,7 +25,8 @@ import org.springframework.http.HttpStatus;
|
||||||
import org.springframework.security.access.prepost.PreAuthorize;
|
import org.springframework.security.access.prepost.PreAuthorize;
|
||||||
import org.springframework.security.core.AuthenticationException;
|
import org.springframework.security.core.AuthenticationException;
|
||||||
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
||||||
import org.springframework.security.oauth2.provider.DefaultAuthorizationRequest;
|
import org.springframework.security.oauth2.provider.AuthorizationRequest;
|
||||||
|
import org.springframework.security.oauth2.provider.AuthorizationRequestManager;
|
||||||
import org.springframework.security.oauth2.provider.OAuth2Authentication;
|
import org.springframework.security.oauth2.provider.OAuth2Authentication;
|
||||||
import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails;
|
import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails;
|
||||||
import org.springframework.stereotype.Controller;
|
import org.springframework.stereotype.Controller;
|
||||||
|
@ -35,6 +37,7 @@ import org.springframework.web.bind.annotation.RequestMapping;
|
||||||
import org.springframework.web.bind.annotation.RequestMethod;
|
import org.springframework.web.bind.annotation.RequestMethod;
|
||||||
|
|
||||||
import com.google.common.base.Splitter;
|
import com.google.common.base.Splitter;
|
||||||
|
import com.google.common.collect.Maps;
|
||||||
import com.google.common.collect.Sets;
|
import com.google.common.collect.Sets;
|
||||||
import com.google.gson.Gson;
|
import com.google.gson.Gson;
|
||||||
import com.google.gson.JsonElement;
|
import com.google.gson.JsonElement;
|
||||||
|
@ -56,6 +59,9 @@ public class ClientDynamicRegistrationEndpoint {
|
||||||
@Autowired
|
@Autowired
|
||||||
private SystemScopeService scopeService;
|
private SystemScopeService scopeService;
|
||||||
|
|
||||||
|
@Autowired
|
||||||
|
private AuthorizationRequestManager authorizationRequestManager;
|
||||||
|
|
||||||
private static Logger logger = LoggerFactory.getLogger(ClientDynamicRegistrationEndpoint.class);
|
private static Logger logger = LoggerFactory.getLogger(ClientDynamicRegistrationEndpoint.class);
|
||||||
private JsonParser parser = new JsonParser();
|
private JsonParser parser = new JsonParser();
|
||||||
private Gson gson = new Gson();
|
private Gson gson = new Gson();
|
||||||
|
@ -460,11 +466,13 @@ public class ClientDynamicRegistrationEndpoint {
|
||||||
* @throws AuthenticationException
|
* @throws AuthenticationException
|
||||||
*/
|
*/
|
||||||
private OAuth2AccessTokenEntity createRegistrationAccessToken(ClientDetailsEntity client) throws AuthenticationException {
|
private OAuth2AccessTokenEntity createRegistrationAccessToken(ClientDetailsEntity client) throws AuthenticationException {
|
||||||
// create a registration access token, treat it like a client credentials flow
|
|
||||||
// I can't use the auth request interface here because it has no setters and bad constructors -- THIS IS BAD API DESIGN
|
Map<String, String> authorizationParameters = Maps.newHashMap();
|
||||||
DefaultAuthorizationRequest authorizationRequest = new DefaultAuthorizationRequest(client.getClientId(), Sets.newHashSet(OAuth2AccessTokenEntity.REGISTRATION_TOKEN_SCOPE));
|
authorizationParameters.put("client_id", client.getClientId());
|
||||||
authorizationRequest.setApproved(true);
|
authorizationParameters.put("scope", OAuth2AccessTokenEntity.REGISTRATION_TOKEN_SCOPE);
|
||||||
authorizationRequest.setAuthorities(Sets.newHashSet(new SimpleGrantedAuthority("ROLE_CLIENT")));
|
AuthorizationRequest authorizationRequest = authorizationRequestManager.createAuthorizationRequest(authorizationParameters);
|
||||||
|
authorizationRequest.setApproved(true);
|
||||||
|
authorizationRequest.setAuthorities(Sets.newHashSet(new SimpleGrantedAuthority("ROLE_CLIENT")));
|
||||||
OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest, null);
|
OAuth2Authentication authentication = new OAuth2Authentication(authorizationRequest, null);
|
||||||
OAuth2AccessTokenEntity registrationAccessToken = (OAuth2AccessTokenEntity) tokenService.createAccessToken(authentication);
|
OAuth2AccessTokenEntity registrationAccessToken = (OAuth2AccessTokenEntity) tokenService.createAccessToken(authentication);
|
||||||
return registrationAccessToken;
|
return registrationAccessToken;
|
||||||
|
|
|
@ -1 +1 @@
|
||||||
Subproject commit 2e9815d05ed695df42b6966be86c2a47a8ab5f51
|
Subproject commit a063a7e0f2e622d93f5facf474e9c1d0c8e37603
|
Loading…
Reference in New Issue