Browse Source

make RPTs optionally expire, closes #794

pull/708/merge
Justin Richer 10 years ago
parent
commit
ed7799b54a
  1. 16
      openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationPropertiesBean.java
  2. 13
      openid-connect-server/src/main/java/org/mitre/uma/service/impl/DefaultUmaTokenService.java

16
openid-connect-common/src/main/java/org/mitre/openid/connect/config/ConfigurationPropertiesBean.java

@ -50,6 +50,8 @@ public class ConfigurationPropertiesBean {
private Long regTokenLifeTime;
private Long rqpTokenLifeTime;
private boolean forceHttps = false; // by default we just log a warning for HTTPS deployment
private Locale locale = Locale.ENGLISH; // we default to the english translation
@ -131,6 +133,20 @@ public class ConfigurationPropertiesBean {
this.regTokenLifeTime = regTokenLifeTime;
}
/**
* @return the rqpTokenLifeTime
*/
public Long getRqpTokenLifeTime() {
return rqpTokenLifeTime;
}
/**
* @param rqpTokenLifeTime the rqpTokenLifeTime to set
*/
public void setRqpTokenLifeTime(Long rqpTokenLifeTime) {
this.rqpTokenLifeTime = rqpTokenLifeTime;
}
public boolean isForceHttps() {
return forceHttps;
}

13
openid-connect-server/src/main/java/org/mitre/uma/service/impl/DefaultUmaTokenService.java

@ -17,6 +17,7 @@
package org.mitre.uma.service.impl;
import java.util.Date;
import java.util.UUID;
import org.mitre.jwt.signer.service.JWTSigningAndValidationService;
@ -57,7 +58,7 @@ public class DefaultUmaTokenService implements UmaTokenService {
private ClientDetailsEntityService clientService;
@Autowired
private ConfigurationPropertiesBean configBean;
private ConfigurationPropertiesBean config;
@Autowired
private JWTSigningAndValidationService jwtService;
@ -81,9 +82,17 @@ public class DefaultUmaTokenService implements UmaTokenService {
JWTClaimsSet claims = new JWTClaimsSet();
claims.setAudience(Lists.newArrayList(ticket.getPermission().getResourceSet().getId().toString()));
claims.setIssuer(configBean.getIssuer());
claims.setIssuer(config.getIssuer());
claims.setJWTID(UUID.randomUUID().toString());
if (config.getRqpTokenLifeTime() != null) {
Date exp = new Date(System.currentTimeMillis() + config.getRqpTokenLifeTime() * 1000L);
claims.setExpirationTime(exp);
token.setExpiration(exp);
}
JWSAlgorithm signingAlgorithm = jwtService.getDefaultSigningAlgorithm();
SignedJWT signed = new SignedJWT(new JWSHeader(signingAlgorithm), claims);

Loading…
Cancel
Save