From e33f277bbe6ce0fd487c6f6fb8b03b2f7ccee379 Mon Sep 17 00:00:00 2001 From: Amanda Anganes Date: Wed, 9 May 2012 15:16:56 -0400 Subject: [PATCH] Updated classes to track newest version of SECOAUTH. This update closes issues #3, #4, #8, and #36 (infinite redirects). This revision changes the authorization and token endpoints to be /openidconnect/auth and /openidconnect/token, respectively. --- .settings/org.eclipse.m2e.core.prefs | 1 - account-chooser/.classpath | 3 - .../org.eclipse.wst.common.component | 2 - .../.settings/org.eclipse.m2e.core.prefs | 1 - .../org.eclipse.wst.common.component | 2 - .../.settings/org.eclipse.m2e.core.prefs | 1 - .../oauth2/model/ClientDetailsEntity.java | 31 +++--- .../oauth2/model/OAuth2AccessTokenEntity.java | 103 +++++------------- .../model/OAuth2RefreshTokenEntity.java | 11 +- .../service/ClientDetailsEntityService.java | 2 +- openid-connect-server/.project | 6 - .../com.springsource.sts.maven.prefs | 1 - ...faultOAuth2ClientDetailsEntityService.java | 4 +- .../org/mitre/oauth2/web/OAuthClientAPI.java | 8 +- .../main/webapp/WEB-INF/spring-servlet.xml | 2 +- .../src/main/webapp/WEB-INF/web.xml | 15 +++ 16 files changed, 65 insertions(+), 128 deletions(-) diff --git a/.settings/org.eclipse.m2e.core.prefs b/.settings/org.eclipse.m2e.core.prefs index bea595e57..f897a7f1c 100644 --- a/.settings/org.eclipse.m2e.core.prefs +++ b/.settings/org.eclipse.m2e.core.prefs @@ -1,4 +1,3 @@ -#Fri Mar 23 15:19:12 EDT 2012 activeProfiles= eclipse.preferences.version=1 resolveWorkspaceProjects=true diff --git a/account-chooser/.classpath b/account-chooser/.classpath index 5abeb50d1..ab3e094bf 100644 --- a/account-chooser/.classpath +++ b/account-chooser/.classpath @@ -1,9 +1,6 @@ - - - diff --git a/account-chooser/.settings/org.eclipse.wst.common.component b/account-chooser/.settings/org.eclipse.wst.common.component index c852923e3..3a973c875 100644 --- a/account-chooser/.settings/org.eclipse.wst.common.component +++ b/account-chooser/.settings/org.eclipse.wst.common.component @@ -5,8 +5,6 @@ - - diff --git a/openid-connect-client/.settings/org.eclipse.m2e.core.prefs b/openid-connect-client/.settings/org.eclipse.m2e.core.prefs index 2a3420dd4..f897a7f1c 100644 --- a/openid-connect-client/.settings/org.eclipse.m2e.core.prefs +++ b/openid-connect-client/.settings/org.eclipse.m2e.core.prefs @@ -1,4 +1,3 @@ -#Fri Mar 16 15:07:52 EDT 2012 activeProfiles= eclipse.preferences.version=1 resolveWorkspaceProjects=true diff --git a/openid-connect-client/.settings/org.eclipse.wst.common.component b/openid-connect-client/.settings/org.eclipse.wst.common.component index 24ebd11e7..fc2629825 100755 --- a/openid-connect-client/.settings/org.eclipse.wst.common.component +++ b/openid-connect-client/.settings/org.eclipse.wst.common.component @@ -3,7 +3,5 @@ - - diff --git a/openid-connect-common/.settings/org.eclipse.m2e.core.prefs b/openid-connect-common/.settings/org.eclipse.m2e.core.prefs index 6d3ad943f..f897a7f1c 100644 --- a/openid-connect-common/.settings/org.eclipse.m2e.core.prefs +++ b/openid-connect-common/.settings/org.eclipse.m2e.core.prefs @@ -1,4 +1,3 @@ -#Fri Mar 16 15:07:16 EDT 2012 activeProfiles= eclipse.preferences.version=1 resolveWorkspaceProjects=true diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java index 536bdf116..422f81129 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java @@ -65,8 +65,8 @@ public class ClientDetailsEntity implements ClientDetails { private String clientName; private String clientDescription; private boolean allowRefresh = false; // do we allow refresh tokens for this client? - private Long accessTokenTimeout; // in seconds - private Long refreshTokenTimeout; // in seconds + private Integer accessTokenTimeout; // in seconds + private Integer refreshTokenTimeout; // in seconds private String owner; // userid of who registered it private Set registeredRedirectUri; private Set resourceIds; @@ -271,14 +271,14 @@ public class ClientDetailsEntity implements ClientDetails { * @param accessTokenTimeout Lifetime of access tokens, in seconds (optional - leave null for no timeout) */ @Basic - public Long getAccessTokenTimeout() { + public Integer getAccessTokenTimeout() { return accessTokenTimeout; } /** * @param accessTokenTimeout the accessTokenTimeout to set */ - public void setAccessTokenTimeout(Long accessTokenTimeout) { + public void setAccessTokenTimeout(Integer accessTokenTimeout) { this.accessTokenTimeout = accessTokenTimeout; } @@ -286,14 +286,14 @@ public class ClientDetailsEntity implements ClientDetails { * @return the refreshTokenTimeout */ @Basic - public Long getRefreshTokenTimeout() { + public Integer getRefreshTokenTimeout() { return refreshTokenTimeout; } /** * @param refreshTokenTimeout Lifetime of refresh tokens, in seconds (optional - leave null for no timeout) */ - public void setRefreshTokenTimeout(Long refreshTokenTimeout) { + public void setRefreshTokenTimeout(Integer refreshTokenTimeout) { this.refreshTokenTimeout = refreshTokenTimeout; } @@ -482,7 +482,7 @@ public class ClientDetailsEntity implements ClientDetails { * @param accessTokenTimeout * @see org.mitre.oauth2.model.ClientDetailsEntity#setAccessTokenTimeout(java.lang.Long) */ - public ClientDetailsEntityBuilder setAccessTokenTimeout(Long accessTokenTimeout) { + public ClientDetailsEntityBuilder setAccessTokenTimeout(int accessTokenTimeout) { instance.setAccessTokenTimeout(accessTokenTimeout); return this; } @@ -491,7 +491,7 @@ public class ClientDetailsEntity implements ClientDetails { * @param refreshTokenTimeout * @see org.mitre.oauth2.model.ClientDetailsEntity#setRefreshTokenTimeout(java.lang.Long) */ - public ClientDetailsEntityBuilder setRefreshTokenTimeout(Long refreshTokenTimeout) { + public ClientDetailsEntityBuilder setRefreshTokenTimeout(int refreshTokenTimeout) { instance.setRefreshTokenTimeout(refreshTokenTimeout); return this; } @@ -504,8 +504,6 @@ public class ClientDetailsEntity implements ClientDetails { instance.setOwner(owner); return this; } - - /** * Complete the builder @@ -535,14 +533,15 @@ public class ClientDetailsEntity implements ClientDetails { } - /** - * TODO: Implement - * See github issue #3 - */ @Override public int getAccessTokenValiditySeconds() { - // TODO Auto-generated method stub - return 0; + return accessTokenTimeout; + } + + + @Override + public int getRefreshTokenValiditySeconds() { + return refreshTokenTimeout; } /* *//** diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java index be11e0f71..766da81aa 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java @@ -39,13 +39,9 @@ import javax.persistence.Table; import javax.persistence.Temporal; import javax.persistence.Transient; -import org.codehaus.jackson.map.annotate.JsonDeserialize; -import org.codehaus.jackson.map.annotate.JsonSerialize; import org.mitre.jwt.model.Jwt; import org.mitre.openid.connect.model.IdToken; import org.springframework.security.oauth2.common.OAuth2AccessToken; -import org.springframework.security.oauth2.common.OAuth2AccessTokenDeserializer; -import org.springframework.security.oauth2.common.OAuth2AccessTokenSerializer; import org.springframework.security.oauth2.common.OAuth2RefreshToken; import org.springframework.security.oauth2.provider.OAuth2Authentication; @@ -63,7 +59,7 @@ import org.springframework.security.oauth2.provider.OAuth2Authentication; }) //@JsonSerialize(using = OAuth2AccessTokenSerializer.class) //@JsonDeserialize(using = OAuth2AccessTokenDeserializer.class) -public class OAuth2AccessTokenEntity extends OAuth2AccessToken { +public class OAuth2AccessTokenEntity implements OAuth2AccessToken { public static String ID_TOKEN = "id_token"; @@ -71,26 +67,28 @@ public class OAuth2AccessTokenEntity extends OAuth2AccessToken { private OAuth2Authentication authentication; // the authentication that made this access - // JWT-encoded access token value - private Jwt jwtValue; + private Jwt jwtValue; // JWT-encoded access token value - // JWT-encoded OpenID Connect IdToken - private IdToken idToken; + private IdToken idToken; // JWT-encoded OpenID Connect IdToken + + private Date expiration; + + private String tokenType = OAuth2AccessToken.BEARER_TYPE; + + private OAuth2RefreshTokenEntity refreshToken; + + private Set scope; /** * Create a new, blank access token */ public OAuth2AccessTokenEntity() { - // we ignore the "value" field in the superclass because we can't cleanly override it - super(null); setJwt(new Jwt()); // give us a blank jwt to work with at least - //setIdToken(new IdToken()); // ID Tokens aren't there unless we need them } /** * Get all additional information to be sent to the serializer. Inserts a copy of the IdToken (in JWT String form). */ - @Override @Transient public Map getAdditionalInformation() { Map map = new HashMap(); //super.getAdditionalInformation(); @@ -98,8 +96,6 @@ public class OAuth2AccessTokenEntity extends OAuth2AccessToken { return map; } - - /** * The authentication in place when this token was created. * @return the authentication @@ -110,7 +106,6 @@ public class OAuth2AccessTokenEntity extends OAuth2AccessToken { return authentication; } - /** * @param authentication the authentication to set */ @@ -118,7 +113,6 @@ public class OAuth2AccessTokenEntity extends OAuth2AccessToken { this.authentication = authentication; } - /** * @return the client */ @@ -128,7 +122,6 @@ public class OAuth2AccessTokenEntity extends OAuth2AccessToken { return client; } - /** * @param client the client to set */ @@ -136,13 +129,9 @@ public class OAuth2AccessTokenEntity extends OAuth2AccessToken { this.client = client; } - /* (non-Javadoc) - * @see org.springframework.security.oauth2.common.OAuth2AccessToken#getValue() - */ /** * Get the string-encoded value of this access token. */ - @Override @Id @Column(name="id") public String getValue() { @@ -159,68 +148,35 @@ public class OAuth2AccessTokenEntity extends OAuth2AccessToken { setJwt(Jwt.parse(value)); } - /* (non-Javadoc) - * @see org.springframework.security.oauth2.common.OAuth2AccessToken#getExpiration() - */ - @Override @Basic @Temporal(javax.persistence.TemporalType.TIMESTAMP) public Date getExpiration() { - // TODO Auto-generated method stub - return super.getExpiration(); + return expiration; } - /* (non-Javadoc) - * @see org.springframework.security.oauth2.common.OAuth2AccessToken#setExpiration(java.util.Date) - */ - @Override public void setExpiration(Date expiration) { - // TODO Auto-generated method stub - super.setExpiration(expiration); + this.expiration = expiration; } - /* (non-Javadoc) - * @see org.springframework.security.oauth2.common.OAuth2AccessToken#getTokenType() - */ - @Override @Basic public String getTokenType() { - // TODO Auto-generated method stub - return super.getTokenType(); + return tokenType; } - /* (non-Javadoc) - * @see org.springframework.security.oauth2.common.OAuth2AccessToken#setTokenType(java.lang.String) - */ - @Override public void setTokenType(String tokenType) { - // TODO Auto-generated method stub - super.setTokenType(tokenType); + this.tokenType = tokenType; } - /* (non-Javadoc) - * @see org.springframework.security.oauth2.common.OAuth2AccessToken#getRefreshToken() - */ - @Override @ManyToOne @JoinColumn(name="refresh_token_id") public OAuth2RefreshTokenEntity getRefreshToken() { - // TODO Auto-generated method stub - return (OAuth2RefreshTokenEntity) super.getRefreshToken(); + return refreshToken; } - /* (non-Javadoc) - * @see org.springframework.security.oauth2.common.OAuth2AccessToken#setRefreshToken(org.springframework.security.oauth2.common.OAuth2RefreshToken) - */ public void setRefreshToken(OAuth2RefreshTokenEntity refreshToken) { - // TODO Auto-generated method stub - super.setRefreshToken(refreshToken); + this.refreshToken = refreshToken; } - /* (non-Javadoc) - * @see org.springframework.security.oauth2.common.OAuth2AccessToken#setRefreshToken(org.springframework.security.oauth2.common.OAuth2RefreshToken) - */ - @Override public void setRefreshToken(OAuth2RefreshToken refreshToken) { if (!(refreshToken instanceof OAuth2RefreshTokenEntity)) { // TODO: make a copy constructor instead.... @@ -230,35 +186,24 @@ public class OAuth2AccessTokenEntity extends OAuth2AccessToken { setRefreshToken((OAuth2RefreshTokenEntity)refreshToken); } - /* (non-Javadoc) - * @see org.springframework.security.oauth2.common.OAuth2AccessToken#getScope() - */ - @Override @ElementCollection(fetch=FetchType.EAGER) @CollectionTable( joinColumns=@JoinColumn(name="owner_id"), name="scope" ) public Set getScope() { - // TODO Auto-generated method stub - return super.getScope(); + return scope; } - /* (non-Javadoc) - * @see org.springframework.security.oauth2.common.OAuth2AccessToken#setScope(java.util.Set) - */ - @Override public void setScope(Set scope) { - // TODO Auto-generated method stub - super.setScope(scope); + this.scope = scope; } @Transient public boolean isExpired() { return getExpiration() == null ? false : System.currentTimeMillis() > getExpiration().getTime(); } - - + /** * This is transient b/c the IdToken is not serializable. Instead, * the toString of the IdToken is persisted in idTokenString @@ -269,7 +214,6 @@ public class OAuth2AccessTokenEntity extends OAuth2AccessToken { return idToken; } - /** * @param idToken the idToken to set */ @@ -305,11 +249,16 @@ public class OAuth2AccessTokenEntity extends OAuth2AccessToken { return jwtValue; } - /** * @param jwtValue the jwtValue to set */ public void setJwt(Jwt jwt) { this.jwtValue = jwt; } + + @Override + public int getExpiresIn() { + // TODO Auto-generated method stub + return 0; + } } diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java index b61baba52..407bdaabf 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java @@ -37,7 +37,6 @@ import javax.persistence.Temporal; import javax.persistence.Transient; import org.mitre.jwt.model.Jwt; -import org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken; import org.springframework.security.oauth2.common.OAuth2RefreshToken; /** @@ -50,7 +49,7 @@ import org.springframework.security.oauth2.common.OAuth2RefreshToken; @NamedQuery(name = "OAuth2RefreshTokenEntity.getByClient", query = "select r from OAuth2RefreshTokenEntity r where r.client = :client"), @NamedQuery(name = "OAuth2RefreshTokenEntity.getExpired", query = "select r from OAuth2RefreshTokenEntity r where r.expiration is not null and r.expiration < current_timestamp") }) -public class OAuth2RefreshTokenEntity extends OAuth2RefreshToken { +public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken { private ClientDetailsEntity client; @@ -66,18 +65,12 @@ public class OAuth2RefreshTokenEntity extends OAuth2RefreshToken { * */ public OAuth2RefreshTokenEntity() { - // we ignore the superclass's Value field - super(null); setJwt(new Jwt()); // start with a blank JWT value } - /* (non-Javadoc) - * @see org.springframework.security.oauth2.common.OAuth2RefreshToken#getValue() - */ /** * Get the JWT-encoded value of this token */ - @Override @Id @Column(name="id") public String getValue() { @@ -91,7 +84,6 @@ public class OAuth2RefreshTokenEntity extends OAuth2RefreshToken { * @throws IllegalArgumentException if the value is not a valid JWT string */ public void setValue(String value) { - // TODO Auto-generated method stub setJwt(Jwt.parse(value)); } @@ -127,7 +119,6 @@ public class OAuth2RefreshTokenEntity extends OAuth2RefreshToken { return client; } - /** * @param client the client to set */ diff --git a/openid-connect-common/src/main/java/org/mitre/oauth2/service/ClientDetailsEntityService.java b/openid-connect-common/src/main/java/org/mitre/oauth2/service/ClientDetailsEntityService.java index dad0c75e0..ba62e309c 100644 --- a/openid-connect-common/src/main/java/org/mitre/oauth2/service/ClientDetailsEntityService.java +++ b/openid-connect-common/src/main/java/org/mitre/oauth2/service/ClientDetailsEntityService.java @@ -27,7 +27,7 @@ public interface ClientDetailsEntityService extends ClientDetailsService { public ClientDetailsEntity loadClientByClientId(String clientId) throws OAuth2Exception; - public ClientDetailsEntity createClient(String clientId, String clientSecret, Set scope, Set grantTypes, String redirectUri, Set authorities, Set resourceIds, String name, String description, boolean allowRefresh, Long accessTokenTimeout, Long refreshTokenTimeout, String owner); + public ClientDetailsEntity createClient(String clientId, String clientSecret, Set scope, Set grantTypes, String redirectUri, Set authorities, Set resourceIds, String name, String description, boolean allowRefresh, Integer accessTokenTimeout, Integer refreshTokenTimeout, String owner); public void deleteClient(ClientDetailsEntity client); diff --git a/openid-connect-server/.project b/openid-connect-server/.project index f0808e7fa..4c7c87524 100644 --- a/openid-connect-server/.project +++ b/openid-connect-server/.project @@ -31,14 +31,8 @@ - - org.springframework.ide.eclipse.core.springbuilder - - - - org.springframework.ide.eclipse.core.springnature org.eclipse.jem.workbench.JavaEMFNature org.eclipse.wst.common.modulecore.ModuleCoreNature org.eclipse.jdt.core.javanature diff --git a/openid-connect-server/.settings/com.springsource.sts.maven.prefs b/openid-connect-server/.settings/com.springsource.sts.maven.prefs index 20d9f6ab8..049137b9c 100644 --- a/openid-connect-server/.settings/com.springsource.sts.maven.prefs +++ b/openid-connect-server/.settings/com.springsource.sts.maven.prefs @@ -1,3 +1,2 @@ -#Fri Mar 23 15:19:13 EDT 2012 com.springsource.sts.maven.maven.automatically.update=true eclipse.preferences.version=1 diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java index dc3b2d417..3a607353d 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java @@ -82,8 +82,8 @@ public class DefaultOAuth2ClientDetailsEntityService implements ClientDetailsEnt public ClientDetailsEntity createClient(String clientId, String clientSecret, Set scope, Set grantTypes, String redirectUri, Set authorities, Set resourceIds, - String name, String description, boolean allowRefresh, Long accessTokenTimeout, - Long refreshTokenTimeout, String owner) { + String name, String description, boolean allowRefresh, Integer accessTokenTimeout, + Integer refreshTokenTimeout, String owner) { // TODO: check "owner" locally? diff --git a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthClientAPI.java b/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthClientAPI.java index 9159505a9..4f7711a1d 100644 --- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthClientAPI.java +++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthClientAPI.java @@ -69,8 +69,8 @@ public class OAuthClientAPI { @RequestParam(required=false) String name, @RequestParam(required=false) String description, @RequestParam(required=false, defaultValue="false") boolean allowRefresh, - @RequestParam(required=false) Long accessTokenTimeout, - @RequestParam(required=false) Long refreshTokenTimeout, + @RequestParam(required=false) Integer accessTokenTimeout, + @RequestParam(required=false) Integer refreshTokenTimeout, @RequestParam(required=false) String owner ) { logger.info("apiAddClient - start"); @@ -150,8 +150,8 @@ public class OAuthClientAPI { @RequestParam(required=false) String name, @RequestParam(required=false) String description, @RequestParam(required=false, defaultValue="false") boolean allowRefresh, - @RequestParam(required=false) Long accessTokenTimeout, - @RequestParam(required=false) Long refreshTokenTimeout, + @RequestParam(required=false) Integer accessTokenTimeout, + @RequestParam(required=false) Integer refreshTokenTimeout, @RequestParam(required=false) String owner ) { ClientDetailsEntity client = clientService.loadClientByClientId(clientId); diff --git a/openid-connect-server/src/main/webapp/WEB-INF/spring-servlet.xml b/openid-connect-server/src/main/webapp/WEB-INF/spring-servlet.xml index 724dc8282..d318ac8ea 100644 --- a/openid-connect-server/src/main/webapp/WEB-INF/spring-servlet.xml +++ b/openid-connect-server/src/main/webapp/WEB-INF/spring-servlet.xml @@ -52,7 +52,7 @@ + user-approval-handler-ref="userApprovalHandler" authorization-endpoint-url="/openidconnect/auth" token-endpoint-url="/openidconnect/token"> diff --git a/openid-connect-server/src/main/webapp/WEB-INF/web.xml b/openid-connect-server/src/main/webapp/WEB-INF/web.xml index 3ecb2d5a1..8977d5e31 100644 --- a/openid-connect-server/src/main/webapp/WEB-INF/web.xml +++ b/openid-connect-server/src/main/webapp/WEB-INF/web.xml @@ -6,6 +6,21 @@ + + + oauth2EndpointUrlFilter + org.springframework.web.filter.DelegatingFilterProxy + + contextAttribute + org.springframework.web.servlet.FrameworkServlet.CONTEXT.spring + + + + + oauth2EndpointUrlFilter + /* + + clientCredentialsTokenEndpointFilter org.springframework.web.filter.DelegatingFilterProxy