Example 1 with ApprovedSite
use of org.mitre.openid.connect.model.ApprovedSite in project OpenID-Connect-Java-Spring-Server by mitreid-connect.
the class MITREidDataService_1_3 method fixObjectReferences.
private void fixObjectReferences() {
logger.info("Fixing object references...");
for (Long oldRefreshTokenId : maps.getRefreshTokenToClientRefs().keySet()) {
String clientRef = maps.getRefreshTokenToClientRefs().get(oldRefreshTokenId);
ClientDetailsEntity client = clientRepository.getClientByClientId(clientRef);
Long newRefreshTokenId = maps.getRefreshTokenOldToNewIdMap().get(oldRefreshTokenId);
OAuth2RefreshTokenEntity refreshToken = tokenRepository.getRefreshTokenById(newRefreshTokenId);
refreshToken.setClient(client);
tokenRepository.saveRefreshToken(refreshToken);
}
for (Long oldRefreshTokenId : maps.getRefreshTokenToAuthHolderRefs().keySet()) {
Long oldAuthHolderId = maps.getRefreshTokenToAuthHolderRefs().get(oldRefreshTokenId);
Long newAuthHolderId = maps.getAuthHolderOldToNewIdMap().get(oldAuthHolderId);
AuthenticationHolderEntity authHolder = authHolderRepository.getById(newAuthHolderId);
Long newRefreshTokenId = maps.getRefreshTokenOldToNewIdMap().get(oldRefreshTokenId);
OAuth2RefreshTokenEntity refreshToken = tokenRepository.getRefreshTokenById(newRefreshTokenId);
refreshToken.setAuthenticationHolder(authHolder);
tokenRepository.saveRefreshToken(refreshToken);
}
for (Long oldAccessTokenId : maps.getAccessTokenToClientRefs().keySet()) {
String clientRef = maps.getAccessTokenToClientRefs().get(oldAccessTokenId);
ClientDetailsEntity client = clientRepository.getClientByClientId(clientRef);
Long newAccessTokenId = maps.getAccessTokenOldToNewIdMap().get(oldAccessTokenId);
OAuth2AccessTokenEntity accessToken = tokenRepository.getAccessTokenById(newAccessTokenId);
accessToken.setClient(client);
tokenRepository.saveAccessToken(accessToken);
}
for (Long oldAccessTokenId : maps.getAccessTokenToAuthHolderRefs().keySet()) {
Long oldAuthHolderId = maps.getAccessTokenToAuthHolderRefs().get(oldAccessTokenId);
Long newAuthHolderId = maps.getAuthHolderOldToNewIdMap().get(oldAuthHolderId);
AuthenticationHolderEntity authHolder = authHolderRepository.getById(newAuthHolderId);
Long newAccessTokenId = maps.getAccessTokenOldToNewIdMap().get(oldAccessTokenId);
OAuth2AccessTokenEntity accessToken = tokenRepository.getAccessTokenById(newAccessTokenId);
accessToken.setAuthenticationHolder(authHolder);
tokenRepository.saveAccessToken(accessToken);
}
for (Long oldAccessTokenId : maps.getAccessTokenToRefreshTokenRefs().keySet()) {
Long oldRefreshTokenId = maps.getAccessTokenToRefreshTokenRefs().get(oldAccessTokenId);
Long newRefreshTokenId = maps.getRefreshTokenOldToNewIdMap().get(oldRefreshTokenId);
OAuth2RefreshTokenEntity refreshToken = tokenRepository.getRefreshTokenById(newRefreshTokenId);
Long newAccessTokenId = maps.getAccessTokenOldToNewIdMap().get(oldAccessTokenId);
OAuth2AccessTokenEntity accessToken = tokenRepository.getAccessTokenById(newAccessTokenId);
accessToken.setRefreshToken(refreshToken);
tokenRepository.saveAccessToken(accessToken);
}
for (Long oldGrantId : maps.getGrantToAccessTokensRefs().keySet()) {
Set<Long> oldAccessTokenIds = maps.getGrantToAccessTokensRefs().get(oldGrantId);
Long newGrantId = maps.getGrantOldToNewIdMap().get(oldGrantId);
ApprovedSite site = approvedSiteRepository.getById(newGrantId);
for (Long oldTokenId : oldAccessTokenIds) {
Long newTokenId = maps.getAccessTokenOldToNewIdMap().get(oldTokenId);
OAuth2AccessTokenEntity token = tokenRepository.getAccessTokenById(newTokenId);
token.setApprovedSite(site);
tokenRepository.saveAccessToken(token);
}
approvedSiteRepository.save(site);
}
/*
refreshTokenToClientRefs.clear();
refreshTokenToAuthHolderRefs.clear();
accessTokenToClientRefs.clear();
accessTokenToAuthHolderRefs.clear();
accessTokenToRefreshTokenRefs.clear();
refreshTokenOldToNewIdMap.clear();
accessTokenOldToNewIdMap.clear();
grantOldToNewIdMap.clear();
*/
logger.info("Done fixing object references.");
}
Also used :
ClientDetailsEntity(org.mitre.oauth2.model.ClientDetailsEntity)
OAuth2RefreshTokenEntity(org.mitre.oauth2.model.OAuth2RefreshTokenEntity)
ApprovedSite(org.mitre.openid.connect.model.ApprovedSite)
OAuth2AccessTokenEntity(org.mitre.oauth2.model.OAuth2AccessTokenEntity)
AuthenticationHolderEntity(org.mitre.oauth2.model.AuthenticationHolderEntity)
Example 2 with ApprovedSite
use of org.mitre.openid.connect.model.ApprovedSite in project OpenID-Connect-Java-Spring-Server by mitreid-connect.
the class MITREidDataService_1_3 method readGrants.
/**
* @param reader
* @throws IOException
*/
private void readGrants(JsonReader reader) throws IOException {
reader.beginArray();
while (reader.hasNext()) {
ApprovedSite site = new ApprovedSite();
Long currentId = null;
Set<Long> tokenIds = null;
reader.beginObject();
while (reader.hasNext()) {
switch(reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals(ID)) {
currentId = reader.nextLong();
} else if (name.equals(ACCESS_DATE)) {
Date date = utcToDate(reader.nextString());
site.setAccessDate(date);
} else if (name.equals(CLIENT_ID)) {
site.setClientId(reader.nextString());
} else if (name.equals(CREATION_DATE)) {
Date date = utcToDate(reader.nextString());
site.setCreationDate(date);
} else if (name.equals(TIMEOUT_DATE)) {
Date date = utcToDate(reader.nextString());
site.setTimeoutDate(date);
} else if (name.equals(USER_ID)) {
site.setUserId(reader.nextString());
} else if (name.equals(ALLOWED_SCOPES)) {
Set<String> allowedScopes = readSet(reader);
site.setAllowedScopes(allowedScopes);
} else if (name.equals(APPROVED_ACCESS_TOKENS)) {
tokenIds = readSet(reader);
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
}
}
reader.endObject();
Long newId = approvedSiteRepository.save(site).getId();
maps.getGrantOldToNewIdMap().put(currentId, newId);
if (tokenIds != null) {
maps.getGrantToAccessTokensRefs().put(currentId, tokenIds);
}
logger.debug("Read grant {}", currentId);
}
reader.endArray();
logger.info("Done reading grants");
}
Also used :
JWKSet(com.nimbusds.jose.jwk.JWKSet)
Set(java.util.Set)
JsonUtils.readSet(org.mitre.util.JsonUtils.readSet)
HashSet(java.util.HashSet)
ApprovedSite(org.mitre.openid.connect.model.ApprovedSite)
Date(java.util.Date)
Example 3 with ApprovedSite
use of org.mitre.openid.connect.model.ApprovedSite in project OpenID-Connect-Java-Spring-Server by mitreid-connect.
the class TofuUserApprovalHandler method checkForPreApproval.
/**
* Check if the user has already stored a positive approval decision for this site; or if the
* site is whitelisted, approve it automatically.
*
* Otherwise the user will be directed to the approval page and can make their own decision.
*
* @param authorizationRequest the incoming authorization request
* @param userAuthentication the Principal representing the currently-logged-in user
*
* @return the updated AuthorizationRequest
*/
@Override
public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest, Authentication userAuthentication) {
// First, check database to see if the user identified by the userAuthentication has stored an approval decision
String userId = userAuthentication.getName();
String clientId = authorizationRequest.getClientId();
// lookup ApprovedSites by userId and clientId
boolean alreadyApproved = false;
// find out if we're supposed to force a prompt on the user or not
String prompt = (String) authorizationRequest.getExtensions().get(PROMPT);
List<String> prompts = Splitter.on(PROMPT_SEPARATOR).splitToList(Strings.nullToEmpty(prompt));
if (!prompts.contains(PROMPT_CONSENT)) {
// if the prompt parameter is set to "consent" then we can't use approved sites or whitelisted sites
// otherwise, we need to check them below
Collection<ApprovedSite> aps = approvedSiteService.getByClientIdAndUserId(clientId, userId);
for (ApprovedSite ap : aps) {
if (!ap.isExpired()) {
// if we find one that fits...
if (systemScopes.scopesMatch(ap.getAllowedScopes(), authorizationRequest.getScope())) {
// We have a match; update the access date on the AP entry and return true.
ap.setAccessDate(new Date());
approvedSiteService.save(ap);
String apId = ap.getId().toString();
authorizationRequest.getExtensions().put(APPROVED_SITE, apId);
authorizationRequest.setApproved(true);
alreadyApproved = true;
setAuthTime(authorizationRequest);
}
}
}
if (!alreadyApproved) {
WhitelistedSite ws = whitelistedSiteService.getByClientId(clientId);
if (ws != null && systemScopes.scopesMatch(ws.getAllowedScopes(), authorizationRequest.getScope())) {
authorizationRequest.setApproved(true);
setAuthTime(authorizationRequest);
}
}
}
return authorizationRequest;
}
Also used :
WhitelistedSite(org.mitre.openid.connect.model.WhitelistedSite)
ApprovedSite(org.mitre.openid.connect.model.ApprovedSite)
Date(java.util.Date)
Example 4 with ApprovedSite
use of org.mitre.openid.connect.model.ApprovedSite in project OpenID-Connect-Java-Spring-Server by mitreid-connect.
the class MITREidDataService_1_0 method fixObjectReferences.
private void fixObjectReferences() {
for (Long oldRefreshTokenId : maps.getRefreshTokenToClientRefs().keySet()) {
String clientRef = maps.getRefreshTokenToClientRefs().get(oldRefreshTokenId);
ClientDetailsEntity client = clientRepository.getClientByClientId(clientRef);
Long newRefreshTokenId = maps.getRefreshTokenOldToNewIdMap().get(oldRefreshTokenId);
OAuth2RefreshTokenEntity refreshToken = tokenRepository.getRefreshTokenById(newRefreshTokenId);
refreshToken.setClient(client);
tokenRepository.saveRefreshToken(refreshToken);
}
for (Long oldRefreshTokenId : maps.getRefreshTokenToAuthHolderRefs().keySet()) {
Long oldAuthHolderId = maps.getRefreshTokenToAuthHolderRefs().get(oldRefreshTokenId);
Long newAuthHolderId = maps.getAuthHolderOldToNewIdMap().get(oldAuthHolderId);
AuthenticationHolderEntity authHolder = authHolderRepository.getById(newAuthHolderId);
Long newRefreshTokenId = maps.getRefreshTokenOldToNewIdMap().get(oldRefreshTokenId);
OAuth2RefreshTokenEntity refreshToken = tokenRepository.getRefreshTokenById(newRefreshTokenId);
refreshToken.setAuthenticationHolder(authHolder);
tokenRepository.saveRefreshToken(refreshToken);
}
for (Long oldAccessTokenId : maps.getAccessTokenToClientRefs().keySet()) {
String clientRef = maps.getAccessTokenToClientRefs().get(oldAccessTokenId);
ClientDetailsEntity client = clientRepository.getClientByClientId(clientRef);
Long newAccessTokenId = maps.getAccessTokenOldToNewIdMap().get(oldAccessTokenId);
OAuth2AccessTokenEntity accessToken = tokenRepository.getAccessTokenById(newAccessTokenId);
accessToken.setClient(client);
tokenRepository.saveAccessToken(accessToken);
}
for (Long oldAccessTokenId : maps.getAccessTokenToAuthHolderRefs().keySet()) {
Long oldAuthHolderId = maps.getAccessTokenToAuthHolderRefs().get(oldAccessTokenId);
Long newAuthHolderId = maps.getAuthHolderOldToNewIdMap().get(oldAuthHolderId);
AuthenticationHolderEntity authHolder = authHolderRepository.getById(newAuthHolderId);
Long newAccessTokenId = maps.getAccessTokenOldToNewIdMap().get(oldAccessTokenId);
OAuth2AccessTokenEntity accessToken = tokenRepository.getAccessTokenById(newAccessTokenId);
accessToken.setAuthenticationHolder(authHolder);
tokenRepository.saveAccessToken(accessToken);
}
maps.getAccessTokenToAuthHolderRefs().clear();
for (Long oldAccessTokenId : maps.getAccessTokenToRefreshTokenRefs().keySet()) {
Long oldRefreshTokenId = maps.getAccessTokenToRefreshTokenRefs().get(oldAccessTokenId);
Long newRefreshTokenId = maps.getRefreshTokenOldToNewIdMap().get(oldRefreshTokenId);
OAuth2RefreshTokenEntity refreshToken = tokenRepository.getRefreshTokenById(newRefreshTokenId);
Long newAccessTokenId = maps.getAccessTokenOldToNewIdMap().get(oldAccessTokenId);
OAuth2AccessTokenEntity accessToken = tokenRepository.getAccessTokenById(newAccessTokenId);
accessToken.setRefreshToken(refreshToken);
tokenRepository.saveAccessToken(accessToken);
}
for (Long oldGrantId : maps.getGrantToAccessTokensRefs().keySet()) {
Set<Long> oldAccessTokenIds = maps.getGrantToAccessTokensRefs().get(oldGrantId);
Long newGrantId = maps.getGrantOldToNewIdMap().get(oldGrantId);
ApprovedSite site = approvedSiteRepository.getById(newGrantId);
for (Long oldTokenId : oldAccessTokenIds) {
Long newTokenId = maps.getAccessTokenOldToNewIdMap().get(oldTokenId);
OAuth2AccessTokenEntity token = tokenRepository.getAccessTokenById(newTokenId);
token.setApprovedSite(site);
tokenRepository.saveAccessToken(token);
}
approvedSiteRepository.save(site);
}
}
Also used :
ClientDetailsEntity(org.mitre.oauth2.model.ClientDetailsEntity)
OAuth2RefreshTokenEntity(org.mitre.oauth2.model.OAuth2RefreshTokenEntity)
ApprovedSite(org.mitre.openid.connect.model.ApprovedSite)
OAuth2AccessTokenEntity(org.mitre.oauth2.model.OAuth2AccessTokenEntity)
AuthenticationHolderEntity(org.mitre.oauth2.model.AuthenticationHolderEntity)
Example 5 with ApprovedSite
use of org.mitre.openid.connect.model.ApprovedSite in project OpenID-Connect-Java-Spring-Server by mitreid-connect.
the class MITREidDataService_1_2 method readGrants.
/**
* @param reader
* @throws IOException
*/
private void readGrants(JsonReader reader) throws IOException {
reader.beginArray();
while (reader.hasNext()) {
ApprovedSite site = new ApprovedSite();
Long currentId = null;
Set<Long> tokenIds = null;
reader.beginObject();
while (reader.hasNext()) {
switch(reader.peek()) {
case END_OBJECT:
continue;
case NAME:
String name = reader.nextName();
if (reader.peek() == JsonToken.NULL) {
reader.skipValue();
} else if (name.equals(ID)) {
currentId = reader.nextLong();
} else if (name.equals(ACCESS_DATE)) {
Date date = utcToDate(reader.nextString());
site.setAccessDate(date);
} else if (name.equals(CLIENT_ID)) {
site.setClientId(reader.nextString());
} else if (name.equals(CREATION_DATE)) {
Date date = utcToDate(reader.nextString());
site.setCreationDate(date);
} else if (name.equals(TIMEOUT_DATE)) {
Date date = utcToDate(reader.nextString());
site.setTimeoutDate(date);
} else if (name.equals(USER_ID)) {
site.setUserId(reader.nextString());
} else if (name.equals(ALLOWED_SCOPES)) {
Set<String> allowedScopes = readSet(reader);
site.setAllowedScopes(allowedScopes);
} else if (name.equals(APPROVED_ACCESS_TOKENS)) {
tokenIds = readSet(reader);
} else {
logger.debug("Found unexpected entry");
reader.skipValue();
}
break;
default:
logger.debug("Found unexpected entry");
reader.skipValue();
continue;
}
}
reader.endObject();
Long newId = approvedSiteRepository.save(site).getId();
maps.getGrantOldToNewIdMap().put(currentId, newId);
if (tokenIds != null) {
maps.getGrantToAccessTokensRefs().put(currentId, tokenIds);
}
logger.debug("Read grant {}", currentId);
}
reader.endArray();
logger.info("Done reading grants");
}
Also used :
JWKSet(com.nimbusds.jose.jwk.JWKSet)
HashSet(java.util.HashSet)
Set(java.util.Set)
JsonUtils.readSet(org.mitre.util.JsonUtils.readSet)
ApprovedSite(org.mitre.openid.connect.model.ApprovedSite)
Date(java.util.Date)
Aggregations
ApprovedSite (org.mitre.openid.connect.model.ApprovedSite)32
OAuth2AccessTokenEntity (org.mitre.oauth2.model.OAuth2AccessTokenEntity)18
Date (java.util.Date)15
ClientDetailsEntity (org.mitre.oauth2.model.ClientDetailsEntity)14
HashSet (java.util.HashSet)13
AuthenticationHolderEntity (org.mitre.oauth2.model.AuthenticationHolderEntity)13
OAuth2RefreshTokenEntity (org.mitre.oauth2.model.OAuth2RefreshTokenEntity)13
WhitelistedSite (org.mitre.openid.connect.model.WhitelistedSite)13
Test (org.junit.Test)12
SystemScope (org.mitre.oauth2.model.SystemScope)9
JsonArray (com.google.gson.JsonArray)8
JsonElement (com.google.gson.JsonElement)8
JsonObject (com.google.gson.JsonObject)8
JsonParser (com.google.gson.JsonParser)8
JsonWriter (com.google.gson.stream.JsonWriter)8
StringWriter (java.io.StringWriter)8
BlacklistedSite (org.mitre.openid.connect.model.BlacklistedSite)8
Matchers.anyString (org.mockito.Matchers.anyString)7
HashMap (java.util.HashMap)5
JsonReader (com.google.gson.stream.JsonReader)4
