github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

make RPTs optionally expire, closes #794

pull/708/merge
Justin Richer 2015-05-11 19:00:26 -04:00
parent e0cdeb3571
commit ed7799b54a
2 changed files with 27 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationPropertiesBean.java
View File

@ -50,6 +50,8 @@ public class ConfigurationPropertiesBean {
private Long regTokenLifeTime; private Long regTokenLifeTime;
private Long rqpTokenLifeTime;
private boolean forceHttps = false; // by default we just log a warning for HTTPS deployment private boolean forceHttps = false; // by default we just log a warning for HTTPS deployment
private Locale locale = Locale.ENGLISH; // we default to the english translation private Locale locale = Locale.ENGLISH; // we default to the english translation
@ -131,6 +133,20 @@ public class ConfigurationPropertiesBean {
this.regTokenLifeTime = regTokenLifeTime; this.regTokenLifeTime = regTokenLifeTime;
} }
/**
* @return the rqpTokenLifeTime
*/
public Long getRqpTokenLifeTime() {
return rqpTokenLifeTime;
}
/**
* @param rqpTokenLifeTime the rqpTokenLifeTime to set
*/
public void setRqpTokenLifeTime(Long rqpTokenLifeTime) {
this.rqpTokenLifeTime = rqpTokenLifeTime;
}
public boolean isForceHttps() { public boolean isForceHttps() {
return forceHttps; return forceHttps;
} }

13
openid-connect-server/src/main/java/org/mitre/uma/service/impl/DefaultUmaTokenService.java
View File

@ -17,6 +17,7 @@
package org.mitre.uma.service.impl; package org.mitre.uma.service.impl;
import java.util.Date;
import java.util.UUID; import java.util.UUID;
import org.mitre.jwt.signer.service.JWTSigningAndValidationService; import org.mitre.jwt.signer.service.JWTSigningAndValidationService;
@ -57,7 +58,7 @@ public class DefaultUmaTokenService implements UmaTokenService {
private ClientDetailsEntityService clientService; private ClientDetailsEntityService clientService;
@Autowired @Autowired
private ConfigurationPropertiesBean configBean; private ConfigurationPropertiesBean config;
@Autowired @Autowired
private JWTSigningAndValidationService jwtService; private JWTSigningAndValidationService jwtService;
@ -81,9 +82,17 @@ public class DefaultUmaTokenService implements UmaTokenService {
JWTClaimsSet claims = new JWTClaimsSet(); JWTClaimsSet claims = new JWTClaimsSet();
claims.setAudience(Lists.newArrayList(ticket.getPermission().getResourceSet().getId().toString())); claims.setAudience(Lists.newArrayList(ticket.getPermission().getResourceSet().getId().toString()));
claims.setIssuer(configBean.getIssuer()); claims.setIssuer(config.getIssuer());
claims.setJWTID(UUID.randomUUID().toString()); claims.setJWTID(UUID.randomUUID().toString());
if (config.getRqpTokenLifeTime() != null) {
Date exp = new Date(System.currentTimeMillis() + config.getRqpTokenLifeTime() * 1000L);
claims.setExpirationTime(exp);
token.setExpiration(exp);
}
JWSAlgorithm signingAlgorithm = jwtService.getDefaultSigningAlgorithm(); JWSAlgorithm signingAlgorithm = jwtService.getDefaultSigningAlgorithm();
SignedJWT signed = new SignedJWT(new JWSHeader(signingAlgorithm), claims); SignedJWT signed = new SignedJWT(new JWSHeader(signingAlgorithm), claims);