send back a new ticket at each step

2016-01-26 17:58:18 -05:00 · 2016-01-26 17:58:18 -05:00 · ee3219a8ce
parent 565364aa9d
commit ee3219a8ce
6 changed files with 24 additions and 23 deletions
--- a/openid-connect-common/src/main/java/org/mitre/uma/service/PermissionService.java
+++ b/openid-connect-common/src/main/java/org/mitre/uma/service/PermissionService.java
@ -48,7 +48,7 @@ public interface PermissionService {
 	public PermissionTicket getByTicket(String ticket);

 	/**
-	 * Save the updated permission ticket to the database. Does not create a new ticket.
+	 * Save the updated permission ticket to the database. Does not create a new ticket. Rotates the ticket value.
 	 * 
 	 * @param ticket
 	 * @return
--- a/uma-server/src/main/java/org/mitre/uma/exception/NeedInfoException.java
+++ b/uma-server/src/main/java/org/mitre/uma/exception/NeedInfoException.java
@ -20,6 +20,7 @@ package org.mitre.uma.exception;
 import java.util.Collection;

 import org.mitre.uma.model.Claim;
+import org.mitre.uma.model.PermissionTicket;

 /**
 * @author jricher
@ -29,39 +30,30 @@ public class NeedInfoException extends RuntimeException {

 	private static final long serialVersionUID = -8886957523367481451L;

-	private String ticketValue;
+	private PermissionTicket ticket;
 	private Collection<Claim> unmatched;
-
-	/**
-	 * @param ticketValue
-	 * @param unmatched
-	 */
-	public NeedInfoException(String ticketValue, Collection<Claim> unmatched) {
-		this.setTicketValue(ticketValue);
-		this.setUnmatched(unmatched);
+	public NeedInfoException(PermissionTicket ticket, Collection<Claim> unmatched) {
+		this.ticket = ticket;
+		this.unmatched = unmatched;
 	}
-
 	/**
-	 * @return the ticketValue
+	 * @return the ticket
 	 */
-	public String getTicketValue() {
-		return ticketValue;
+	public PermissionTicket getTicket() {
+		return ticket;
 	}
-
 	/**
-	 * @param ticketValue the ticketValue to set
+	 * @param ticket the ticket to set
 	 */
-	public void setTicketValue(String ticketValue) {
-		this.ticketValue = ticketValue;
+	public void setTicket(PermissionTicket ticket) {
+		this.ticket = ticket;
 	}
-
 	/**
 	 * @return the unmatched
 	 */
 	public Collection<Claim> getUnmatched() {
 		return unmatched;
 	}
-
 	/**
 	 * @param unmatched the unmatched to set
 	 */
@ -69,4 +61,6 @@ public class NeedInfoException extends RuntimeException {
 		this.unmatched = unmatched;
 	}

+	
+	
 }
--- a/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultPermissionService.java
+++ b/uma-server/src/main/java/org/mitre/uma/service/impl/DefaultPermissionService.java
@ -85,6 +85,8 @@ public class DefaultPermissionService implements PermissionService {
 	@Override
 	public PermissionTicket updateTicket(PermissionTicket ticket) {
 		if (ticket.getId() != null) {
+			// rotate the ticket value
+			ticket.setTicket(UUID.randomUUID().toString());
 			return repository.save(ticket);
 		} else {
 			return null;
--- a/uma-server/src/main/java/org/mitre/uma/token/RequestingPartyTokenGranter.java
+++ b/uma-server/src/main/java/org/mitre/uma/token/RequestingPartyTokenGranter.java
@ -1,6 +1,6 @@
 /*******************************************************************************
- * Copyright 2015 The MITRE Corporation
- *   and the MIT Kerberos and Internet Trust Consortium
+ * Copyright 2016 The MITRE Corporation
+ *   and the MIT Internet Trust Consortium
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -240,7 +240,10 @@ public class RequestingPartyTokenGranter extends AbstractTokenGranter {
 					return token;
 				} else {

-					throw new NeedInfoException(ticketValue, result.getUnmatched());
+					// first, update the ticket since we're sending it back
+					ticket = permissionService.updateTicket(ticket);
+					
+					throw new NeedInfoException(ticket, result.getUnmatched());
 					
 				}

--- a/uma-server/src/main/java/org/mitre/uma/web/ClaimsCollectionEndpoint.java
+++ b/uma-server/src/main/java/org/mitre/uma/web/ClaimsCollectionEndpoint.java
@ -131,6 +131,7 @@ public class ClaimsCollectionEndpoint {

 		UriComponentsBuilder template = UriComponentsBuilder.fromUriString(redirectUri);
 		template.queryParam("authorization_state", "claims_submitted");
+		template.queryParam("ticket", updatedTicket.getTicket());
 		if (!Strings.isNullOrEmpty(state)) {
 			template.queryParam("state", state);
 		}
--- a/uma-server/src/main/java/org/mitre/uma/web/UmaExceptionHandler.java
+++ b/uma-server/src/main/java/org/mitre/uma/web/UmaExceptionHandler.java
@ -59,6 +59,7 @@ public class UmaExceptionHandler {
 		entity.addProperty(JsonErrorView.ERROR, "need_info");
 		JsonObject details = new JsonObject();
 		details.addProperty("requesting_party_claims_endpoint", config.getIssuer() + ClaimsCollectionEndpoint.URL);
+		details.addProperty("ticket", nie.getTicket().getTicket());

 		JsonObject rpClaims = new JsonObject();
 		JsonArray req = new JsonArray();