Updated Architecture (markdown)

Architecture.md

@@ -1,4 +1,4 @@
-This project (OIDC-JSS) is intended to be a standalone OpenID Connect Server. Extension and customization of this server can be accomplished by configuration through Spring configuration files, injected functionality through new Beans, and overlay of views and static resources (using Maven War Overlay or similar functionality).
+This project (OIDC-JSS) is intended to be a standalone OpenID Connect Server. Extension and customization of this server can be accomplished by configuration through Spring configuration files, injected functionality through new Beans, and overlay of views and static resources (using Maven War Overlay or similar functionality). We currently support the Authorization Code flow, and intend to eventually support others.
 
 OIDC-JSS is built on Spring 3.1 and Spring Security 3.1, making heavy use of the OAuth2 module of Spring Security OAuth (SECOAUTH)*. Wherever sensible, we have tried to make use of existing functionality in SECOAUTH, Spring, and Spring Security. Because of this, much of the functionality of OIDC-JSS is hidden in Spring context configuration files and may not be readily apparent when examining the codebase. This architecture document will attempt to lay out which portions of the server implementation reside in our own code, and which portions are delegated to the SECOAUTH library.
 
@@ -15,9 +15,33 @@ The project uses a multi-level Maven and git repository structure. The main proj
 * openid-connect-client: RP/client implementation, built around spring security filters.
 * spring-security-oauth: Git submodule that points to the Spring Security OAuth Git repository. Will be removed once a reliable milestone is reached upstream (see note above).
 
-## Authorization
+## Spring Configuration
 
-//using SECOAUTH auth endpoint,with custom UserApprovalHandler, etc
+We are using the SECOAUTH 'authorization-server' element in our spring-servlet.xml (Spring configuration file, in openid-connect-server src/main/webapp/WEB-INF). This element stands up several SECOAUTH beans, and allows customization by injecting replacements for some of their default beans. 
+
+    <oauth:authorization-server client-details-service-ref="defaultOAuth2ClientDetailsEntityService" 
+		token-services-ref="defaultOAuth2ProviderTokenService" token-granter-ref="authCodeTokenGranter"
+		user-approval-handler-ref="userApprovalHandler" authorization-endpoint-url="/openidconnect/auth" token-endpoint-url="/openidconnect/token">
+        <oauth:authorization-code authorization-code-services-ref="authCodeServices" />
+    </oauth:authorization-server>
+    <bean id="authCodeTokenGranter" class="org.springframework.security.oauth2.provider.code.AuthorizationCodeTokenGranter">
+        <constructor-arg name="tokenServices" ref="defaultOAuth2ProviderTokenService"/>
+        <constructor-arg name="authorizationRequestFactory" ref="authorizationRequestFactory"/>
+	<constructor-arg name="authorizationCodeServices" ref="authCodeServices"/>
+    </bean>
+
+
+Following is a list of the important SECOAUTH beans we are using out-of-the-box. This is not an exhaustive list; but these beans contain most of the functionality that we care about:
+ * org.springframework.security.oauth2.endpoint.AuthorizationEndpoint
+ * org.springframework.security.oauth2.endpoint.TokenEndpoint
+ * org.springframework.security.oauth2.code.AuthorizationCodeTokenGranter 
+ * org.springframework.security.oauth2.provider.code.InMemoryAuthorizationCodeServices
+
+Following is a list of the custom beans we are injecting:
+ * org.mitre.oauth2.service.impl.DefaultOAuth2ProviderTokenService
+ * org.mitre.oauth2.service.impl.DefaultOAuth2ClientDetailsEntityService
+ * org.mitre.openid.connect.token.ConnectTokenEnhancer
+ * org.mitre.openid.connect.token.JdbcUserApprovalHandler [TODO, not fully implemented yet]
 
 ## Tokens