removed introspection authorizer hook

openid-connect-common/src/main/java/org/mitre/oauth2/service/IntrospectionAuthorizer.java

@@ -1,36 +0,0 @@
-/*******************************************************************************
- * Copyright 2015 The MITRE Corporation
- *   and the MIT Kerberos and Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-package org.mitre.oauth2.service;
-
-import java.util.Set;
-
-import org.springframework.security.oauth2.provider.ClientDetails;
-
-/**
- * Strategy interface used for authorizing token introspection.
- */
-public interface IntrospectionAuthorizer {
-
-	/**
-	 * @param authClient the authenticated client wanting to perform token introspection
-	 * @param tokenClient the client the token was issued to
-	 * @param tokenScope the scope associated with the token
-	 * @return {@code true} in case introspection is permitted; {@code false} otherwise
-	 */
-	boolean isIntrospectionPermitted(ClientDetails authClient, ClientDetails tokenClient, Set<String> tokenScope);
-
-}

openid-connect-server/src/main/java/org/mitre/oauth2/service/impl/DefaultIntrospectionAuthorizer.java

@@ -1,43 +0,0 @@
-/*******************************************************************************
- * Copyright 2015 The MITRE Corporation
- *   and the MIT Kerberos and Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-package org.mitre.oauth2.service.impl;
-
-import java.util.Set;
-
-import org.mitre.oauth2.service.IntrospectionAuthorizer;
-import org.mitre.oauth2.service.SystemScopeService;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.oauth2.provider.ClientDetails;
-import org.springframework.stereotype.Service;
-
-@Service
-public class DefaultIntrospectionAuthorizer implements IntrospectionAuthorizer {
-
-	@Autowired
-	private SystemScopeService scopeService;
-
-	@Override
-	public boolean isIntrospectionPermitted(ClientDetails authClient,
-			ClientDetails tokenClient, Set<String> tokenScope) {
-		// permit introspection if it's the same client that the token was
-		// issued to, or it at least has all the scopes the token was issued
-		// with
-		return authClient.getClientId().equals(tokenClient.getClientId())
-				|| scopeService.scopesMatch(authClient.getScope(), tokenScope);
-	}
-
-}

openid-connect-server/src/main/java/org/mitre/oauth2/web/IntrospectionEndpoint.java

@@ -23,7 +23,6 @@ import org.mitre.oauth2.model.ClientDetailsEntity;
 import org.mitre.oauth2.model.OAuth2AccessTokenEntity;
 import org.mitre.oauth2.model.OAuth2RefreshTokenEntity;
 import org.mitre.oauth2.service.ClientDetailsEntityService;
-import org.mitre.oauth2.service.IntrospectionAuthorizer;
 import org.mitre.oauth2.service.IntrospectionResultAssembler;
 import org.mitre.oauth2.service.OAuth2TokenEntityService;
 import org.mitre.oauth2.service.SystemScopeService;
@@ -57,9 +56,6 @@ public class IntrospectionEndpoint {
 	@Autowired
 	private ClientDetailsEntityService clientService;
 
-	@Autowired
-	private IntrospectionAuthorizer introspectionAuthorizer;
-
 	@Autowired
 	private IntrospectionResultAssembler introspectionResultAssembler;
 
@@ -168,30 +164,24 @@ public class IntrospectionEndpoint {
 			}
 		}
 
-		if (introspectionAuthorizer.isIntrospectionPermitted(authClient, tokenClient, scopes)) {
+		// if it's a valid token, we'll print out information on it
-			// if it's a valid token, we'll print out information on it
+		
-			
+		if (accessToken != null) {
-			if (accessToken != null) {
+			Map<String, Object> entity = introspectionResultAssembler.assembleFrom(accessToken, user);
-				Map<String, Object> entity = introspectionResultAssembler.assembleFrom(accessToken, user);
+			model.addAttribute("entity", entity);
-				model.addAttribute("entity", entity);
+		} else if (refreshToken != null) {
-			} else if (refreshToken != null) {
+			Map<String, Object> entity = introspectionResultAssembler.assembleFrom(refreshToken, user);
-				Map<String, Object> entity = introspectionResultAssembler.assembleFrom(refreshToken, user);
+			model.addAttribute("entity", entity);
-				model.addAttribute("entity", entity);
-			} else {
-				// no tokens were found (we shouldn't get here)
-				logger.error("Verify failed; Invalid access/refresh token");
-				Map<String,Boolean> entity = ImmutableMap.of("active", Boolean.FALSE);
-				model.addAttribute("entity", entity);
-				return JsonEntityView.VIEWNAME;
-			}
-			
-			return JsonEntityView.VIEWNAME;
-			
 		} else {
-			logger.error("Verify failed; client configuration or scope don't permit token introspection");
+			// no tokens were found (we shouldn't get here)
-			model.addAttribute("code", HttpStatus.FORBIDDEN);
+			logger.error("Verify failed; Invalid access/refresh token");
-			return HttpCodeView.VIEWNAME;
+			Map<String,Boolean> entity = ImmutableMap.of("active", Boolean.FALSE);
+			model.addAttribute("entity", entity);
+			return JsonEntityView.VIEWNAME;
 		}
+		
+		return JsonEntityView.VIEWNAME;
+			
 	}
 
 }

openid-connect-server/src/test/java/org/mitre/oauth2/service/impl/TestDefaultIntrospectionAuthorizer.java

@@ -1,112 +0,0 @@
-/*******************************************************************************
- * Copyright 2015 The MITRE Corporation
- *   and the MIT Kerberos and Internet Trust Consortium
- *
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- *
- *   http://www.apache.org/licenses/LICENSE-2.0
- *
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- *******************************************************************************/
-package org.mitre.oauth2.service.impl;
-
-import static com.google.common.collect.Sets.newHashSet;
-import static org.hamcrest.CoreMatchers.is;
-import static org.junit.Assert.assertThat;
-import static org.mockito.BDDMockito.given;
-import static org.mockito.Mockito.mock;
-
-import java.util.Set;
-
-import org.junit.Test;
-import org.junit.runner.RunWith;
-import org.mitre.oauth2.service.SystemScopeService;
-import org.mockito.InjectMocks;
-import org.mockito.Mock;
-import org.mockito.runners.MockitoJUnitRunner;
-import org.springframework.security.oauth2.provider.ClientDetails;
-
-@RunWith(MockitoJUnitRunner.class)
-public class TestDefaultIntrospectionAuthorizer {
-
-	@InjectMocks
-	private DefaultIntrospectionAuthorizer introspectionPermitter;
-
-	@Mock
-	private SystemScopeService scopeService;
-
-	@Test
-	public void shouldPermitIntrospectionToSameClientTheTokenWasIssuedTo() {
-
-		// given
-		String sameClient = "same";
-
-		// when
-		boolean permitted = introspectionPermitter.isIntrospectionPermitted(
-				clientWithId(sameClient), clientWithId(sameClient),
-				scope("scope"));
-
-		// then
-		assertThat(permitted, is(true));
-	}
-
-	@Test
-	public void shouldPermitIntrospectionToDifferentClientIfScopesMatch() {
-
-		// given
-		String authClient = "auth";
-		String tokenClient = "token";
-		Set<String> authScope = scope("scope1", "scope2", "scope3");
-		Set<String> tokenScope = scope("scope1", "scope2");
-		given(scopeService.scopesMatch(authScope, tokenScope)).willReturn(true);
-
-		// when
-		boolean permitted = introspectionPermitter.isIntrospectionPermitted(
-				clientWithIdAndScope(authClient, authScope),
-				clientWithId(tokenClient), tokenScope);
-
-		// then
-		assertThat(permitted, is(true));
-	}
-
-	@Test
-	public void shouldNotPermitIntrospectionToDifferentClientIfScopesDontMatch() {
-
-		// given
-		String authClient = "auth";
-		String tokenClient = "token";
-		Set<String> authScope = scope("scope1", "scope2");
-		Set<String> tokenScope = scope("scope1", "scope2", "scope3");
-		given(scopeService.scopesMatch(authScope, tokenScope)).willReturn(false);
-
-		// when
-		boolean permitted = introspectionPermitter.isIntrospectionPermitted(
-				clientWithIdAndScope(authClient, authScope),
-				clientWithId(tokenClient), tokenScope);
-
-		// then
-		assertThat(permitted, is(false));
-	}
-
-	private ClientDetails clientWithId(String clientId) {
-		ClientDetails client = mock(ClientDetails.class);
-		given(client.getClientId()).willReturn(clientId);
-		return client;
-	}
-
-	private ClientDetails clientWithIdAndScope(String clientId, Set<String> scope) {
-		ClientDetails client = clientWithId(clientId);
-		given(client.getScope()).willReturn(scope);
-		return client;
-	}
-
-	private Set<String> scope(String... scopeItems) {
-		return newHashSet(scopeItems);
-	}
-}