Updated classes to track newest version of SECOAUTH. This update closes issues #3, #4, #8, and #36 (infinite redirects). This revision changes the authorization and token endpoints to be /openidconnect/auth and /openidconnect/token, respectively.

2012-05-09 15:16:56 -04:00 · 2012-05-09 15:16:56 -04:00 · e33f277bbe
parent c9b5aea357
commit e33f277bbe
16 changed files with 65 additions and 128 deletions
--- a/.settings/org.eclipse.m2e.core.prefs
+++ b/.settings/org.eclipse.m2e.core.prefs
@ -1,4 +1,3 @@
 #Fri Mar 23 15:19:12 EDT 2012
 activeProfiles=
 eclipse.preferences.version=1
 resolveWorkspaceProjects=true
--- a/account-chooser/.classpath
+++ b/account-chooser/.classpath
@ -1,9 +1,6 @@
 <?xml version="1.0" encoding="UTF-8"?>
 <classpath>
 	<classpathentry kind="src" output="target/classes" path="src/main/java"/>
 	<classpathentry excluding="**" kind="src" output="target/classes" path="src/main/resources"/>
 	<classpathentry kind="src" output="target/test-classes" path="src/test/java"/>
 	<classpathentry excluding="**" kind="src" output="target/test-classes" path="src/test/resources"/>
 	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.6"/>
 	<classpathentry kind="con" path="org.eclipse.m2e.MAVEN2_CLASSPATH_CONTAINER">
 		<attributes>
--- a/account-chooser/.settings/org.eclipse.wst.common.component
+++ b/account-chooser/.settings/org.eclipse.wst.common.component
@ -5,8 +5,6 @@
        <wb-resource deploy-path="/" source-path="/src/main/webapp" tag="defaultRootSource"/>
        <wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/resources"/>
        <wb-resource deploy-path="/WEB-INF/classes" source-path="/src/main/java"/>
        <wb-resource deploy-path="/WEB-INF/classes" source-path="/src/test/java"/>
        <wb-resource deploy-path="/WEB-INF/classes" source-path="/src/test/resources"/>
        <property name="context-root" value="account-chooser"/>
        <property name="java-output-path" value="/account-chooser/target/classes"/>
    </wb-module>
--- a/openid-connect-client/.settings/org.eclipse.m2e.core.prefs
+++ b/openid-connect-client/.settings/org.eclipse.m2e.core.prefs
@ -1,4 +1,3 @@
 #Fri Mar 16 15:07:52 EDT 2012
 activeProfiles=
 eclipse.preferences.version=1
 resolveWorkspaceProjects=true
--- a/openid-connect-client/.settings/org.eclipse.wst.common.component
+++ b/openid-connect-client/.settings/org.eclipse.wst.common.component
@ -3,7 +3,5 @@
    <wb-module deploy-name="openid-connect-client">
        <wb-resource deploy-path="/" source-path="/src/main/java"/>
        <wb-resource deploy-path="/" source-path="/src/main/resources"/>
        <wb-resource deploy-path="/" source-path="/src/test/java"/>
        <wb-resource deploy-path="/" source-path="/src/test/resources"/>
    </wb-module>
 </project-modules>
--- a/openid-connect-common/.settings/org.eclipse.m2e.core.prefs
+++ b/openid-connect-common/.settings/org.eclipse.m2e.core.prefs
@ -1,4 +1,3 @@
 #Fri Mar 16 15:07:16 EDT 2012
 activeProfiles=
 eclipse.preferences.version=1
 resolveWorkspaceProjects=true
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/ClientDetailsEntity.java
@ -65,8 +65,8 @@ public class ClientDetailsEntity implements ClientDetails {
 	private String clientName;
 	private String clientDescription;
 	private boolean allowRefresh = false; // do we allow refresh tokens for this client?
-	private Long accessTokenTimeout; // in seconds
+	private Integer accessTokenTimeout; // in seconds
-	private Long refreshTokenTimeout; // in seconds
+	private Integer refreshTokenTimeout; // in seconds
 	private String owner; // userid of who registered it
 	private Set<String> registeredRedirectUri;
 	private Set<String> resourceIds;
@ -271,14 +271,14 @@ public class ClientDetailsEntity implements ClientDetails {
     * @param accessTokenTimeout Lifetime of access tokens, in seconds (optional - leave null for no timeout)
     */
 	@Basic
-    public Long getAccessTokenTimeout() {
+    public Integer getAccessTokenTimeout() {
    	return accessTokenTimeout;
    }
 	/**
     * @param accessTokenTimeout the accessTokenTimeout to set
     */
-    public void setAccessTokenTimeout(Long accessTokenTimeout) {
+    public void setAccessTokenTimeout(Integer accessTokenTimeout) {
    	this.accessTokenTimeout = accessTokenTimeout;
    }
@ -286,14 +286,14 @@ public class ClientDetailsEntity implements ClientDetails {
     * @return the refreshTokenTimeout
     */
 	@Basic
-    public Long getRefreshTokenTimeout() {
+    public Integer getRefreshTokenTimeout() {
    	return refreshTokenTimeout;
    }
 	/**
     * @param refreshTokenTimeout Lifetime of refresh tokens, in seconds (optional - leave null for no timeout)
     */
-    public void setRefreshTokenTimeout(Long refreshTokenTimeout) {
+    public void setRefreshTokenTimeout(Integer refreshTokenTimeout) {
    	this.refreshTokenTimeout = refreshTokenTimeout;
    }
@ -482,7 +482,7 @@ public class ClientDetailsEntity implements ClientDetails {
         * @param accessTokenTimeout
         * @see org.mitre.oauth2.model.ClientDetailsEntity#setAccessTokenTimeout(java.lang.Long)
         */
-        public ClientDetailsEntityBuilder setAccessTokenTimeout(Long accessTokenTimeout) {
+        public ClientDetailsEntityBuilder setAccessTokenTimeout(int accessTokenTimeout) {
 	        instance.setAccessTokenTimeout(accessTokenTimeout);
 			return this;
        }
@ -491,7 +491,7 @@ public class ClientDetailsEntity implements ClientDetails {
         * @param refreshTokenTimeout
         * @see org.mitre.oauth2.model.ClientDetailsEntity#setRefreshTokenTimeout(java.lang.Long)
         */
-        public ClientDetailsEntityBuilder setRefreshTokenTimeout(Long refreshTokenTimeout) {
+        public ClientDetailsEntityBuilder setRefreshTokenTimeout(int refreshTokenTimeout) {
 	        instance.setRefreshTokenTimeout(refreshTokenTimeout);
 			return this;
        }
@ -504,8 +504,6 @@ public class ClientDetailsEntity implements ClientDetails {
 	        instance.setOwner(owner);
 			return this;
        }
        /**
         * Complete the builder
@ -535,14 +533,15 @@ public class ClientDetailsEntity implements ClientDetails {
 	}
 	/**
 	 * TODO: Implement
 	 * See github issue #3
 	 */
 	@Override
 	public int getAccessTokenValiditySeconds() {
-		// TODO Auto-generated method stub
+		return accessTokenTimeout;
-		return 0;
+	}
 	@Override
 	public int getRefreshTokenValiditySeconds() {
 		return refreshTokenTimeout;
 	}
 /*	*//**
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2AccessTokenEntity.java
@ -39,13 +39,9 @@ import javax.persistence.Table;
 import javax.persistence.Temporal;
 import javax.persistence.Transient;
 import org.codehaus.jackson.map.annotate.JsonDeserialize;
 import org.codehaus.jackson.map.annotate.JsonSerialize;
 import org.mitre.jwt.model.Jwt;
 import org.mitre.openid.connect.model.IdToken;
 import org.springframework.security.oauth2.common.OAuth2AccessToken;
 import org.springframework.security.oauth2.common.OAuth2AccessTokenDeserializer;
 import org.springframework.security.oauth2.common.OAuth2AccessTokenSerializer;
 import org.springframework.security.oauth2.common.OAuth2RefreshToken;
 import org.springframework.security.oauth2.provider.OAuth2Authentication;
@ -63,7 +59,7 @@ import org.springframework.security.oauth2.provider.OAuth2Authentication;
 })
 //@JsonSerialize(using = OAuth2AccessTokenSerializer.class)
 //@JsonDeserialize(using = OAuth2AccessTokenDeserializer.class)
-public class OAuth2AccessTokenEntity extends OAuth2AccessToken {
+public class OAuth2AccessTokenEntity implements OAuth2AccessToken {
 	public static String ID_TOKEN = "id_token";
@ -71,26 +67,28 @@ public class OAuth2AccessTokenEntity extends OAuth2AccessToken {
 	private OAuth2Authentication authentication; // the authentication that made this access
-	// JWT-encoded access token value
+	private Jwt jwtValue; // JWT-encoded access token value
 	private Jwt jwtValue;
-	// JWT-encoded OpenID Connect IdToken
+	private IdToken idToken; // JWT-encoded OpenID Connect IdToken
-	private IdToken idToken;
+	
 	private Date expiration;
 	private String tokenType = OAuth2AccessToken.BEARER_TYPE;
 	private OAuth2RefreshTokenEntity refreshToken;
 	private Set<String> scope;
 	/**
 	 * Create a new, blank access token
 	 */
 	public OAuth2AccessTokenEntity() {
 		// we ignore the "value" field in the superclass because we can't cleanly override it
 		super(null);
 		setJwt(new Jwt()); // give us a blank jwt to work with at least
 		//setIdToken(new IdToken()); // ID Tokens aren't there unless we need them
 	}
 	/**
 	 * Get all additional information to be sent to the serializer. Inserts a copy of the IdToken (in JWT String form). 
 	 */
 	@Override
 	@Transient
 	public Map<String, Object> getAdditionalInformation() {
 		Map<String, Object> map = new HashMap<String, Object>(); //super.getAdditionalInformation();
@ -98,8 +96,6 @@ public class OAuth2AccessTokenEntity extends OAuth2AccessToken {
 		return map;
 	}
 	/**
 	 * The authentication in place when this token was created.
     * @return the authentication
@ -110,7 +106,6 @@ public class OAuth2AccessTokenEntity extends OAuth2AccessToken {
    	return authentication;
    }
 	/**
     * @param authentication the authentication to set
     */
@ -118,7 +113,6 @@ public class OAuth2AccessTokenEntity extends OAuth2AccessToken {
    	this.authentication = authentication;
    }
 	/**
     * @return the client
     */
@ -128,7 +122,6 @@ public class OAuth2AccessTokenEntity extends OAuth2AccessToken {
    	return client;
    }
 	/**
     * @param client the client to set
     */
@ -136,13 +129,9 @@ public class OAuth2AccessTokenEntity extends OAuth2AccessToken {
    	this.client = client;
    }
 	/* (non-Javadoc)
     * @see org.springframework.security.oauth2.common.OAuth2AccessToken#getValue()
     */
    /**
     * Get the string-encoded value of this access token. 
     */
    @Override
    @Id
    @Column(name="id")
    public String getValue() {
@ -159,68 +148,35 @@ public class OAuth2AccessTokenEntity extends OAuth2AccessToken {
    	setJwt(Jwt.parse(value));
    }
 	/* (non-Javadoc)
     * @see org.springframework.security.oauth2.common.OAuth2AccessToken#getExpiration()
     */
    @Override
    @Basic
    @Temporal(javax.persistence.TemporalType.TIMESTAMP)
    public Date getExpiration() {
-	    // TODO Auto-generated method stub
+	    return expiration;
 	    return super.getExpiration();
    }
 	/* (non-Javadoc)
     * @see org.springframework.security.oauth2.common.OAuth2AccessToken#setExpiration(java.util.Date)
     */
    @Override
    public void setExpiration(Date expiration) {
-	    // TODO Auto-generated method stub
+	    this.expiration = expiration;
 	    super.setExpiration(expiration);
    }
 	/* (non-Javadoc)
     * @see org.springframework.security.oauth2.common.OAuth2AccessToken#getTokenType()
     */
    @Override
    @Basic
    public String getTokenType() {
-	    // TODO Auto-generated method stub
+	    return tokenType;
 	    return super.getTokenType();
    }
 	/* (non-Javadoc)
     * @see org.springframework.security.oauth2.common.OAuth2AccessToken#setTokenType(java.lang.String)
     */
    @Override
    public void setTokenType(String tokenType) {
-	    // TODO Auto-generated method stub
+	   this.tokenType = tokenType;
 	    super.setTokenType(tokenType);
    }
 	/* (non-Javadoc)
     * @see org.springframework.security.oauth2.common.OAuth2AccessToken#getRefreshToken()
     */
    @Override
    @ManyToOne
    @JoinColumn(name="refresh_token_id")
    public OAuth2RefreshTokenEntity getRefreshToken() {
-	    // TODO Auto-generated method stub
+	    return refreshToken;
 	    return (OAuth2RefreshTokenEntity) super.getRefreshToken();
    }
 	/* (non-Javadoc)
     * @see org.springframework.security.oauth2.common.OAuth2AccessToken#setRefreshToken(org.springframework.security.oauth2.common.OAuth2RefreshToken)
     */
    public void setRefreshToken(OAuth2RefreshTokenEntity refreshToken) {
-	    // TODO Auto-generated method stub
+	    this.refreshToken = refreshToken;
 	    super.setRefreshToken(refreshToken);
    }
 	/* (non-Javadoc)
     * @see org.springframework.security.oauth2.common.OAuth2AccessToken#setRefreshToken(org.springframework.security.oauth2.common.OAuth2RefreshToken)
     */
    @Override
    public void setRefreshToken(OAuth2RefreshToken refreshToken) {
    	if (!(refreshToken instanceof OAuth2RefreshTokenEntity)) {
    		// TODO: make a copy constructor instead....
@ -230,35 +186,24 @@ public class OAuth2AccessTokenEntity extends OAuth2AccessToken {
    	setRefreshToken((OAuth2RefreshTokenEntity)refreshToken);
    }
 	/* (non-Javadoc)
     * @see org.springframework.security.oauth2.common.OAuth2AccessToken#getScope()
     */
    @Override
    @ElementCollection(fetch=FetchType.EAGER)
    @CollectionTable(
    		joinColumns=@JoinColumn(name="owner_id"),
    		name="scope"
    )
    public Set<String> getScope() {
-	    // TODO Auto-generated method stub
+	    return scope;
 	    return super.getScope();
    }
 	/* (non-Javadoc)
     * @see org.springframework.security.oauth2.common.OAuth2AccessToken#setScope(java.util.Set)
     */
    @Override
    public void setScope(Set<String> scope) {
-	    // TODO Auto-generated method stub
+	    this.scope = scope;
 	    super.setScope(scope);
    }
    @Transient
 	public boolean isExpired() {
 		return getExpiration() == null ? false : System.currentTimeMillis() > getExpiration().getTime();
 	}
-
+    
 	/**
 	 * This is transient b/c the IdToken is not serializable. Instead,
 	 * the toString of the IdToken is persisted in idTokenString 
@ -269,7 +214,6 @@ public class OAuth2AccessTokenEntity extends OAuth2AccessToken {
 		return idToken;
 	}
 	/**
 	 * @param idToken the idToken to set
 	 */
@ -305,11 +249,16 @@ public class OAuth2AccessTokenEntity extends OAuth2AccessToken {
 		return jwtValue;
 	}
 	/**
 	 * @param jwtValue the jwtValue to set
 	 */
 	public void setJwt(Jwt jwt) {
 		this.jwtValue = jwt;
 	}
 	@Override
 	public int getExpiresIn() {
 		// TODO Auto-generated method stub
 		return 0;
 	}
 }
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/model/OAuth2RefreshTokenEntity.java
@ -37,7 +37,6 @@ import javax.persistence.Temporal;
 import javax.persistence.Transient;
 import org.mitre.jwt.model.Jwt;
 import org.springframework.security.oauth2.common.ExpiringOAuth2RefreshToken;
 import org.springframework.security.oauth2.common.OAuth2RefreshToken;
 /**
@ -50,7 +49,7 @@ import org.springframework.security.oauth2.common.OAuth2RefreshToken;
 	@NamedQuery(name = "OAuth2RefreshTokenEntity.getByClient", query = "select r from OAuth2RefreshTokenEntity r where r.client = :client"),
 	@NamedQuery(name = "OAuth2RefreshTokenEntity.getExpired", query = "select r from OAuth2RefreshTokenEntity r where r.expiration is not null and r.expiration < current_timestamp")
 })
-public class OAuth2RefreshTokenEntity extends OAuth2RefreshToken {
+public class OAuth2RefreshTokenEntity implements OAuth2RefreshToken {
 	private ClientDetailsEntity client;
@ -66,18 +65,12 @@ public class OAuth2RefreshTokenEntity extends OAuth2RefreshToken {
 	 * 
 	 */
 	public OAuth2RefreshTokenEntity() {
 		// we ignore the superclass's Value field
 		super(null);
 		setJwt(new Jwt()); // start with a blank JWT value
 	}
 	/* (non-Javadoc)
     * @see org.springframework.security.oauth2.common.OAuth2RefreshToken#getValue()
     */
 	/**
 	 * Get the JWT-encoded value of this token
 	 */
    @Override
    @Id
    @Column(name="id")
    public String getValue() {
@ -91,7 +84,6 @@ public class OAuth2RefreshTokenEntity extends OAuth2RefreshToken {
     * @throws IllegalArgumentException if the value is not a valid JWT string
     */
    public void setValue(String value) {
 	    // TODO Auto-generated method stub
 	    setJwt(Jwt.parse(value));
    }
@ -127,7 +119,6 @@ public class OAuth2RefreshTokenEntity extends OAuth2RefreshToken {
    	return client;
    }
 	/**
     * @param client the client to set
     */
--- a/openid-connect-common/src/main/java/org/mitre/oauth2/service/ClientDetailsEntityService.java
+++ b/openid-connect-common/src/main/java/org/mitre/oauth2/service/ClientDetailsEntityService.java
@ -27,7 +27,7 @@ public interface ClientDetailsEntityService extends ClientDetailsService {
 	public ClientDetailsEntity loadClientByClientId(String clientId) throws OAuth2Exception;
-	public ClientDetailsEntity createClient(String clientId, String clientSecret, Set<String> scope, Set<String> grantTypes, String redirectUri, Set<GrantedAuthority> authorities, Set<String> resourceIds, String name, String description, boolean allowRefresh, Long accessTokenTimeout, Long refreshTokenTimeout, String owner);
+	public ClientDetailsEntity createClient(String clientId, String clientSecret, Set<String> scope, Set<String> grantTypes, String redirectUri, Set<GrantedAuthority> authorities, Set<String> resourceIds, String name, String description, boolean allowRefresh, Integer accessTokenTimeout, Integer refreshTokenTimeout, String owner);
 	public void deleteClient(ClientDetailsEntity client);
--- a/openid-connect-server/.project
+++ b/openid-connect-server/.project
@ -31,14 +31,8 @@
 			<arguments>
 			</arguments>
 		</buildCommand>
 		<buildCommand>
 			<name>org.springframework.ide.eclipse.core.springbuilder</name>
 			<arguments>
 			</arguments>
 		</buildCommand>
 	</buildSpec>
 	<natures>
 		<nature>org.springframework.ide.eclipse.core.springnature</nature>
 		<nature>org.eclipse.jem.workbench.JavaEMFNature</nature>
 		<nature>org.eclipse.wst.common.modulecore.ModuleCoreNature</nature>
 		<nature>org.eclipse.jdt.core.javanature</nature>
--- a/openid-connect-server/.settings/com.springsource.sts.maven.prefs
+++ b/openid-connect-server/.settings/com.springsource.sts.maven.prefs
@ -1,3 +1,2 @@
 #Fri Mar 23 15:19:13 EDT 2012
 com.springsource.sts.maven.maven.automatically.update=true
 eclipse.preferences.version=1
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultOAuth2ClientDetailsEntityService.java
@ -82,8 +82,8 @@ public class DefaultOAuth2ClientDetailsEntityService implements ClientDetailsEnt
    public ClientDetailsEntity createClient(String clientId, String clientSecret, 
    		Set<String> scope, Set<String> grantTypes, String redirectUri, Set<GrantedAuthority> authorities,
    		Set<String> resourceIds,
-    		String name, String description, boolean allowRefresh, Long accessTokenTimeout, 
+    		String name, String description, boolean allowRefresh, Integer accessTokenTimeout, 
-    		Long refreshTokenTimeout, String owner) {
+    		Integer refreshTokenTimeout, String owner) {
 		// TODO: check "owner" locally?
--- a/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthClientAPI.java
+++ b/openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuthClientAPI.java
@ -69,8 +69,8 @@ public class OAuthClientAPI {
    		@RequestParam(required=false) String name, 
    		@RequestParam(required=false) String description, 
    		@RequestParam(required=false, defaultValue="false") boolean allowRefresh,
-    		@RequestParam(required=false) Long accessTokenTimeout, 
+    		@RequestParam(required=false) Integer accessTokenTimeout, 
-    		@RequestParam(required=false) Long refreshTokenTimeout, 
+    		@RequestParam(required=false) Integer refreshTokenTimeout, 
    		@RequestParam(required=false) String owner
    		) {
    	logger.info("apiAddClient - start");
@ -150,8 +150,8 @@ public class OAuthClientAPI {
    		@RequestParam(required=false) String name, 
    		@RequestParam(required=false) String description, 
    		@RequestParam(required=false, defaultValue="false") boolean allowRefresh,
-    		@RequestParam(required=false) Long accessTokenTimeout, 
+    		@RequestParam(required=false) Integer accessTokenTimeout, 
-    		@RequestParam(required=false) Long refreshTokenTimeout, 
+    		@RequestParam(required=false) Integer refreshTokenTimeout, 
    		@RequestParam(required=false) String owner			
    ) {
    	ClientDetailsEntity client = clientService.loadClientByClientId(clientId);
--- a/openid-connect-server/src/main/webapp/WEB-INF/spring-servlet.xml
+++ b/openid-connect-server/src/main/webapp/WEB-INF/spring-servlet.xml
@ -52,7 +52,7 @@
 	<!-- SECOAUTH Authorization Server, with our custom token granter plugged in -->
 	<oauth:authorization-server client-details-service-ref="defaultOAuth2ClientDetailsEntityService" 
 		token-services-ref="defaultOAuth2ProviderTokenService" token-granter-ref="connectAuthCodeTokenGranter"
-		user-approval-handler-ref="userApprovalHandler">
+		user-approval-handler-ref="userApprovalHandler" authorization-endpoint-url="/openidconnect/auth" token-endpoint-url="/openidconnect/token">
 		<oauth:authorization-code authorization-code-services-ref="authCodeServices" />
 	</oauth:authorization-server>
--- a/openid-connect-server/src/main/webapp/WEB-INF/web.xml
+++ b/openid-connect-server/src/main/webapp/WEB-INF/web.xml
@ -6,6 +6,21 @@
 	<!-- filter through Spring Security -->
 	<filter>
 	    <filter-name>oauth2EndpointUrlFilter</filter-name>
 	    <filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
 	    <init-param>
 	        <param-name>contextAttribute</param-name>
 	        <param-value>org.springframework.web.servlet.FrameworkServlet.CONTEXT.spring</param-value>
 	    </init-param>
 	</filter>
 	<filter-mapping>
 	    <filter-name>oauth2EndpointUrlFilter</filter-name>
 	    <url-pattern>/*</url-pattern>
 	</filter-mapping>
 	<filter>
 		<filter-name>clientCredentialsTokenEndpointFilter</filter-name>
 		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>