github
/
OpenID-Connect-Java-Spring-Server
mirror of https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

send back a new ticket at each step

multiparty
Justin Richer 2016-01-26 17:58:18 -05:00
parent 565364aa9d
commit ee3219a8ce
6 changed files with 24 additions and 23 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
openid-connect-common/src/main/java/org/mitre/uma/service/PermissionService.java
View File

@ -48,7 +48,7 @@ public interface PermissionService {
public PermissionTicket getByTicket(String ticket); public PermissionTicket getByTicket(String ticket);
/** /**
* Save the updated permission ticket to the database. Does not create a new ticket. * Save the updated permission ticket to the database. Does not create a new ticket. Rotates the ticket value.
* *
* @param ticket * @param ticket
* @return * @return

32
uma-server/src/main/java/org/mitre/uma/exception/NeedInfoException.java
View File

@ -20,6 +20,7 @@ package org.mitre.uma.exception;
import java.util.Collection; import java.util.Collection;
import org.mitre.uma.model.Claim; import org.mitre.uma.model.Claim;
import org.mitre.uma.model.PermissionTicket;
/** /**
* @author jricher * @author jricher
@ -29,39 +30,30 @@ public class NeedInfoException extends RuntimeException {
private static final long serialVersionUID = -8886957523367481451L; private static final long serialVersionUID = -8886957523367481451L;
private String ticketValue; private PermissionTicket ticket;
private Collection<Claim> unmatched; private Collection<Claim> unmatched;
public NeedInfoException(PermissionTicket ticket, Collection<Claim> unmatched) {
/** this.ticket = ticket;
* @param ticketValue this.unmatched = unmatched;
* @param unmatched
*/
public NeedInfoException(String ticketValue, Collection<Claim> unmatched) {
this.setTicketValue(ticketValue);
this.setUnmatched(unmatched);
} }
/** /**
* @return the ticketValue * @return the ticket
*/ */
public String getTicketValue() { public PermissionTicket getTicket() {
return ticketValue; return ticket;
} }
/** /**
* @param ticketValue the ticketValue to set * @param ticket the ticket to set
*/ */
public void setTicketValue(String ticketValue) { public void setTicket(PermissionTicket ticket) {
this.ticketValue = ticketValue; this.ticket = ticket;
} }
/** /**
* @return the unmatched * @return the unmatched
*/ */
public Collection<Claim> getUnmatched() { public Collection<Claim> getUnmatched() {
return unmatched; return unmatched;
} }
/** /**
* @param unmatched the unmatched to set * @param unmatched the unmatched to set
*/ */
@ -69,4 +61,6 @@ public class NeedInfoException extends RuntimeException {
this.unmatched = unmatched; this.unmatched = unmatched;
} }
} }

2
uma-server/src/main/java/org/mitre/uma/service/impl/DefaultPermissionService.java
View File

@ -85,6 +85,8 @@ public class DefaultPermissionService implements PermissionService {
@Override @Override
public PermissionTicket updateTicket(PermissionTicket ticket) { public PermissionTicket updateTicket(PermissionTicket ticket) {
if (ticket.getId() != null) { if (ticket.getId() != null) {
// rotate the ticket value
ticket.setTicket(UUID.randomUUID().toString());
return repository.save(ticket); return repository.save(ticket);
} else { } else {
return null; return null;

9
uma-server/src/main/java/org/mitre/uma/token/RequestingPartyTokenGranter.java
View File

@ -1,6 +1,6 @@
/******************************************************************************* /*******************************************************************************
* Copyright 2015 The MITRE Corporation * Copyright 2016 The MITRE Corporation
* and the MIT Kerberos and Internet Trust Consortium * and the MIT Internet Trust Consortium
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -240,7 +240,10 @@ public class RequestingPartyTokenGranter extends AbstractTokenGranter {
return token; return token;
} else { } else {
throw new NeedInfoException(ticketValue, result.getUnmatched()); // first, update the ticket since we're sending it back
ticket = permissionService.updateTicket(ticket);
throw new NeedInfoException(ticket, result.getUnmatched());
} }

1
uma-server/src/main/java/org/mitre/uma/web/ClaimsCollectionEndpoint.java
View File

@ -131,6 +131,7 @@ public class ClaimsCollectionEndpoint {
UriComponentsBuilder template = UriComponentsBuilder.fromUriString(redirectUri); UriComponentsBuilder template = UriComponentsBuilder.fromUriString(redirectUri);
template.queryParam("authorization_state", "claims_submitted"); template.queryParam("authorization_state", "claims_submitted");
template.queryParam("ticket", updatedTicket.getTicket());
if (!Strings.isNullOrEmpty(state)) { if (!Strings.isNullOrEmpty(state)) {
template.queryParam("state", state); template.queryParam("state", state);
} }

1
uma-server/src/main/java/org/mitre/uma/web/UmaExceptionHandler.java
View File

@ -59,6 +59,7 @@ public class UmaExceptionHandler {
entity.addProperty(JsonErrorView.ERROR, "need_info"); entity.addProperty(JsonErrorView.ERROR, "need_info");
JsonObject details = new JsonObject(); JsonObject details = new JsonObject();
details.addProperty("requesting_party_claims_endpoint", config.getIssuer() + ClaimsCollectionEndpoint.URL); details.addProperty("requesting_party_claims_endpoint", config.getIssuer() + ClaimsCollectionEndpoint.URL);
details.addProperty("ticket", nie.getTicket().getTicket());
JsonObject rpClaims = new JsonObject(); JsonObject rpClaims = new JsonObject();
JsonArray req = new JsonArray(); JsonArray req = new JsonArray();