github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

make RPTs optionally expire, closes #794

pull/708/merge
Justin Richer 2015-05-11 19:00:26 -04:00
parent e0cdeb3571
commit ed7799b54a
2 changed files with 27 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationPropertiesBean.java
View File

@ -49,6 +49,8 @@ public class ConfigurationPropertiesBean {
private String logoImageUrl;
private Long regTokenLifeTime;
private Long rqpTokenLifeTime;
private boolean forceHttps = false; // by default we just log a warning for HTTPS deployment
@ -131,6 +133,20 @@ public class ConfigurationPropertiesBean {
this.regTokenLifeTime = regTokenLifeTime;
}
/**
* @return the rqpTokenLifeTime
*/
public Long getRqpTokenLifeTime() {
return rqpTokenLifeTime;
}
/**
* @param rqpTokenLifeTime the rqpTokenLifeTime to set
*/
public void setRqpTokenLifeTime(Long rqpTokenLifeTime) {
this.rqpTokenLifeTime = rqpTokenLifeTime;
}
public boolean isForceHttps() {
return forceHttps;
}

13
openid-connect-server/src/main/java/org/mitre/uma/service/impl/DefaultUmaTokenService.java
View File

@ -17,6 +17,7 @@
package org.mitre.uma.service.impl;
import java.util.Date;
import java.util.UUID;
import org.mitre.jwt.signer.service.JWTSigningAndValidationService;
@ -57,7 +58,7 @@ public class DefaultUmaTokenService implements UmaTokenService {
private ClientDetailsEntityService clientService;
@Autowired
private ConfigurationPropertiesBean configBean;
private ConfigurationPropertiesBean config;
@Autowired
private JWTSigningAndValidationService jwtService;
@ -81,9 +82,17 @@ public class DefaultUmaTokenService implements UmaTokenService {
JWTClaimsSet claims = new JWTClaimsSet();
claims.setAudience(Lists.newArrayList(ticket.getPermission().getResourceSet().getId().toString()));
claims.setIssuer(configBean.getIssuer());
claims.setIssuer(config.getIssuer());
claims.setJWTID(UUID.randomUUID().toString());
if (config.getRqpTokenLifeTime() != null) {
Date exp = new Date(System.currentTimeMillis() + config.getRqpTokenLifeTime() * 1000L);
claims.setExpirationTime(exp);
token.setExpiration(exp);
}
JWSAlgorithm signingAlgorithm = jwtService.getDefaultSigningAlgorithm();
SignedJWT signed = new SignedJWT(new JWSHeader(signingAlgorithm), claims);