├── .editorconfig ├── .gitignore ├── .travis.yml ├── CHANGELOG.md ├── LICENSE.txt ├── README.md ├── README_zh_CN.md ├── checkstyle.xml ├── openid-connect-client ├── .gitignore ├── README.md ├── pom.xml └── src │ ├── META-INF │ └── MANIFEST.MF │ ├── main │ └── java │ │ └── org │ │ └── mitre │ │ ├── oauth2 │ │ └── introspectingfilter │ │ │ ├── IntrospectingTokenService.java │ │ │ ├── OAuth2AccessTokenImpl.java │ │ │ └── service │ │ │ ├── IntrospectionAuthorityGranter.java │ │ │ ├── IntrospectionConfigurationService.java │ │ │ └── impl │ │ │ ├── JWTParsingIntrospectionConfigurationService.java │ │ │ ├── ScopeBasedIntrospectionAuthoritiesGranter.java │ │ │ ├── SimpleIntrospectionAuthorityGranter.java │ │ │ └── StaticIntrospectionConfigurationService.java │ │ └── openid │ │ └── connect │ │ └── client │ │ ├── AuthorizationEndpointException.java │ │ ├── NamedAdminAuthoritiesMapper.java │ │ ├── OIDCAuthenticationFilter.java │ │ ├── OIDCAuthenticationProvider.java │ │ ├── OIDCAuthoritiesMapper.java │ │ ├── StaticPrefixTargetLinkURIChecker.java │ │ ├── SubjectIssuerGrantedAuthority.java │ │ ├── TargetLinkURIChecker.java │ │ ├── UserInfoFetcher.java │ │ ├── keypublisher │ │ ├── ClientKeyPublisher.java │ │ ├── ClientKeyPublisherMapping.java │ │ └── JwkViewResolver.java │ │ ├── model │ │ └── IssuerServiceResponse.java │ │ └── service │ │ ├── AuthRequestOptionsService.java │ │ ├── AuthRequestUrlBuilder.java │ │ ├── ClientConfigurationService.java │ │ ├── IssuerService.java │ │ ├── RegisteredClientService.java │ │ ├── ServerConfigurationService.java │ │ └── impl │ │ ├── DynamicRegistrationClientConfigurationService.java │ │ ├── DynamicServerConfigurationService.java │ │ ├── EncryptedAuthRequestUrlBuilder.java │ │ ├── HybridClientConfigurationService.java │ │ ├── HybridIssuerService.java │ │ ├── HybridServerConfigurationService.java │ │ ├── InMemoryRegisteredClientService.java │ │ ├── JsonFileRegisteredClientService.java │ │ ├── PlainAuthRequestUrlBuilder.java │ │ ├── SignedAuthRequestUrlBuilder.java │ │ ├── StaticAuthRequestOptionsService.java │ │ ├── StaticClientConfigurationService.java │ │ ├── StaticServerConfigurationService.java │ │ ├── StaticSingleIssuerService.java │ │ ├── ThirdPartyIssuerService.java │ │ └── WebfingerIssuerService.java │ └── test │ ├── java │ └── org │ │ └── mitre │ │ ├── oauth2 │ │ └── introspectingfilter │ │ │ ├── TestOAuth2AccessTokenImpl.java │ │ │ └── service │ │ │ └── impl │ │ │ └── TestScopeBasedIntrospectionAuthoritiesGranter.java │ │ └── openid │ │ └── connect │ │ └── client │ │ ├── TestOIDCAuthenticationFilter.java │ │ └── service │ │ └── impl │ │ ├── TestHybridClientConfigurationService.java │ │ ├── TestHybridServerConfigurationService.java │ │ ├── TestPlainAuthRequestUrlBuilder.java │ │ ├── TestSignedAuthRequestUrlBuilder.java │ │ ├── TestStaticClientConfigurationService.java │ │ ├── TestStaticServerConfigurationService.java │ │ └── TestThirdPartyIssuerService.java │ └── resources │ ├── jwk │ ├── jwk │ └── jwkEncrypted │ ├── test-context.xml │ └── x509 │ ├── x509 │ └── x509Encrypted ├── openid-connect-common ├── .gitignore ├── pom.xml └── src │ ├── META-INF │ └── MANIFEST.MF │ ├── main │ └── java │ │ └── org │ │ └── mitre │ │ ├── data │ │ ├── AbstractPageOperationTemplate.java │ │ ├── DefaultPageCriteria.java │ │ └── PageCriteria.java │ │ ├── discovery │ │ └── util │ │ │ └── WebfingerURLNormalizer.java │ │ ├── jose │ │ └── keystore │ │ │ └── JWKSetKeyStore.java │ │ ├── jwt │ │ ├── assertion │ │ │ ├── AssertionValidator.java │ │ │ └── impl │ │ │ │ ├── NullAssertionValidator.java │ │ │ │ ├── SelfAssertionValidator.java │ │ │ │ └── WhitelistedIssuerAssertionValidator.java │ │ ├── encryption │ │ │ └── service │ │ │ │ ├── JWTEncryptionAndDecryptionService.java │ │ │ │ └── impl │ │ │ │ └── DefaultJWTEncryptionAndDecryptionService.java │ │ └── signer │ │ │ └── service │ │ │ ├── JWTSigningAndValidationService.java │ │ │ └── impl │ │ │ ├── ClientKeyCacheService.java │ │ │ ├── DefaultJWTSigningAndValidationService.java │ │ │ ├── JWKSetCacheService.java │ │ │ └── SymmetricKeyJWTValidatorCacheService.java │ │ ├── oauth2 │ │ ├── exception │ │ │ └── DeviceCodeCreationException.java │ │ ├── model │ │ │ ├── AuthenticationHolderEntity.java │ │ │ ├── AuthorizationCodeEntity.java │ │ │ ├── ClientDetailsEntity.java │ │ │ ├── DeviceCode.java │ │ │ ├── OAuth2AccessTokenEntity.java │ │ │ ├── OAuth2RefreshTokenEntity.java │ │ │ ├── PKCEAlgorithm.java │ │ │ ├── RegisteredClient.java │ │ │ ├── RegisteredClientFields.java │ │ │ ├── SavedUserAuthentication.java │ │ │ ├── SystemScope.java │ │ │ └── convert │ │ │ │ ├── JWEAlgorithmStringConverter.java │ │ │ │ ├── JWEEncryptionMethodStringConverter.java │ │ │ │ ├── JWKSetStringConverter.java │ │ │ │ ├── JWSAlgorithmStringConverter.java │ │ │ │ ├── JWTStringConverter.java │ │ │ │ ├── JsonElementStringConverter.java │ │ │ │ ├── PKCEAlgorithmStringConverter.java │ │ │ │ ├── SerializableStringConverter.java │ │ │ │ └── SimpleGrantedAuthorityStringConverter.java │ │ ├── repository │ │ │ ├── AuthenticationHolderRepository.java │ │ │ ├── AuthorizationCodeRepository.java │ │ │ ├── OAuth2ClientRepository.java │ │ │ ├── OAuth2TokenRepository.java │ │ │ ├── SystemScopeRepository.java │ │ │ └── impl │ │ │ │ └── DeviceCodeRepository.java │ │ └── service │ │ │ ├── ClientDetailsEntityService.java │ │ │ ├── DeviceCodeService.java │ │ │ ├── IntrospectionResultAssembler.java │ │ │ ├── OAuth2TokenEntityService.java │ │ │ ├── SystemScopeService.java │ │ │ └── impl │ │ │ ├── DefaultClientUserDetailsService.java │ │ │ └── UriEncodedClientUserDetailsService.java │ │ ├── openid │ │ └── connect │ │ │ ├── ClientDetailsEntityJsonProcessor.java │ │ │ ├── config │ │ │ ├── ConfigurationBeanLocaleResolver.java │ │ │ ├── ConfigurationPropertiesBean.java │ │ │ ├── JWKSetEditor.java │ │ │ ├── ServerConfiguration.java │ │ │ └── UIConfiguration.java │ │ │ ├── model │ │ │ ├── Address.java │ │ │ ├── ApprovedSite.java │ │ │ ├── BlacklistedSite.java │ │ │ ├── CachedImage.java │ │ │ ├── ClientStat.java │ │ │ ├── DefaultAddress.java │ │ │ ├── DefaultUserInfo.java │ │ │ ├── OIDCAuthenticationToken.java │ │ │ ├── PairwiseIdentifier.java │ │ │ ├── PendingOIDCAuthenticationToken.java │ │ │ ├── UserInfo.java │ │ │ ├── WhitelistedSite.java │ │ │ └── convert │ │ │ │ └── JsonObjectStringConverter.java │ │ │ ├── repository │ │ │ ├── AddressRepository.java │ │ │ ├── ApprovedSiteRepository.java │ │ │ ├── BlacklistedSiteRepository.java │ │ │ ├── PairwiseIdentifierRepository.java │ │ │ ├── UserInfoRepository.java │ │ │ └── WhitelistedSiteRepository.java │ │ │ ├── service │ │ │ ├── ApprovedSiteService.java │ │ │ ├── BlacklistedSiteService.java │ │ │ ├── ClientLogoLoadingService.java │ │ │ ├── LoginHintExtracter.java │ │ │ ├── MITREidDataService.java │ │ │ ├── MITREidDataServiceExtension.java │ │ │ ├── MITREidDataServiceMaps.java │ │ │ ├── OIDCTokenService.java │ │ │ ├── PairwiseIdentiferService.java │ │ │ ├── ScopeClaimTranslationService.java │ │ │ ├── StatsService.java │ │ │ ├── UserInfoService.java │ │ │ └── WhitelistedSiteService.java │ │ │ ├── view │ │ │ └── JWKSetView.java │ │ │ └── web │ │ │ └── UserInfoInterceptor.java │ │ ├── uma │ │ ├── model │ │ │ ├── Claim.java │ │ │ ├── ClaimProcessingResult.java │ │ │ ├── Permission.java │ │ │ ├── PermissionTicket.java │ │ │ ├── Policy.java │ │ │ ├── ResourceSet.java │ │ │ ├── SavedRegisteredClient.java │ │ │ └── convert │ │ │ │ └── RegisteredClientStringConverter.java │ │ ├── repository │ │ │ ├── PermissionRepository.java │ │ │ └── ResourceSetRepository.java │ │ └── service │ │ │ ├── ClaimsProcessingService.java │ │ │ ├── PermissionService.java │ │ │ ├── ResourceSetService.java │ │ │ ├── SavedRegisteredClientService.java │ │ │ └── UmaTokenService.java │ │ └── util │ │ ├── JsonUtils.java │ │ └── jpa │ │ └── JpaUtil.java │ └── test │ └── java │ └── org │ └── mitre │ ├── data │ └── AbstractPageOperationTemplateTest.java │ ├── discovery │ └── util │ │ └── TestWebfingerURLNormalizer.java │ ├── jose │ └── TestJWKSetKeyStore.java │ ├── jwt │ └── encryption │ │ └── service │ │ └── impl │ │ └── TestDefaultJWTEncryptionAndDecryptionService.java │ ├── oauth2 │ └── model │ │ ├── ClientDetailsEntityTest.java │ │ └── RegisteredClientTest.java │ └── openid │ └── connect │ ├── ClientDetailsEntityJsonProcessorTest.java │ └── config │ ├── ConfigurationPropertiesBeanTest.java │ └── ServerConfigurationTest.java ├── openid-connect-server-webapp ├── .gitignore ├── pom.xml └── src │ └── main │ ├── resources │ ├── db │ │ ├── hsql │ │ │ ├── clients.sql │ │ │ ├── hsql_database_index.sql │ │ │ ├── hsql_database_tables.sql │ │ │ ├── loading_temp_tables.sql │ │ │ ├── scopes.sql │ │ │ ├── security-schema.sql │ │ │ └── users.sql │ │ ├── mysql │ │ │ ├── clients.sql │ │ │ ├── mysql_database_index.sql │ │ │ ├── mysql_database_tables.sql │ │ │ ├── scopes.sql │ │ │ ├── security-schema.sql │ │ │ └── users.sql │ │ ├── oracle │ │ │ ├── clients_oracle.sql │ │ │ ├── create_db-user │ │ │ ├── entity-mappings_oracle.xml │ │ │ ├── loading_temp_tables_oracle.sql │ │ │ ├── oracle_database_index.sql │ │ │ ├── oracle_database_tables.sql │ │ │ ├── scopes_oracle.sql │ │ │ ├── security-schema_oracle.sql │ │ │ └── users_oracle.sql │ │ └── psql │ │ │ ├── clients.sql │ │ │ ├── psql_database_index.sql │ │ │ ├── psql_database_tables.sql │ │ │ ├── scopes.sql │ │ │ ├── security-schema.sql │ │ │ └── users.sql │ ├── keystore.jwks │ └── log4j.xml │ └── webapp │ ├── META-INF │ └── MANIFEST.MF │ ├── WEB-INF │ ├── application-context.xml │ ├── assertion-config.xml │ ├── authz-config.xml │ ├── crypto-config.xml │ ├── data-context.xml │ ├── endpoint-config.xml │ ├── jpa-config.xml │ ├── local-config.xml │ ├── locale-config.xml │ ├── server-config.xml │ ├── spring-servlet.xml │ ├── tags │ │ ├── actionmenu.tag │ │ ├── copyright.tag │ │ ├── footer.tag │ │ ├── header.tag │ │ ├── navmenu.tag │ │ ├── sidebar.tag │ │ └── topbar.tag │ ├── task-config.xml │ ├── ui-config.xml │ ├── user-context.xml │ ├── views │ │ ├── about.jsp │ │ ├── approve.jsp │ │ ├── approveDevice.jsp │ │ ├── contact.jsp │ │ ├── deviceApproved.jsp │ │ ├── error.jsp │ │ ├── home.jsp │ │ ├── login.jsp │ │ ├── logoutConfirmation.jsp │ │ ├── manage.jsp │ │ ├── postLogout.jsp │ │ ├── requestUserCode.jsp │ │ └── stats.jsp │ ├── web.xml │ ├── wro.properties │ └── wro.xml │ ├── less │ ├── accordion.less │ ├── alerts.less │ ├── bootstrap-responsive.less │ ├── bootstrap.less │ ├── breadcrumbs.less │ ├── button-groups.less │ ├── buttons.less │ ├── carousel.less │ ├── close.less │ ├── code.less │ ├── component-animations.less │ ├── dropdowns.less │ ├── forms.less │ ├── grid.less │ ├── hero-unit.less │ ├── labels-badges.less │ ├── layouts.less │ ├── media.less │ ├── mixins.less │ ├── modals.less │ ├── navbar.less │ ├── navs.less │ ├── pager.less │ ├── pagination.less │ ├── popovers.less │ ├── progress-bars.less │ ├── reset.less │ ├── responsive-1200px-min.less │ ├── responsive-767px-max.less │ ├── responsive-768px-979px.less │ ├── responsive-navbar.less │ ├── responsive-utilities.less │ ├── scaffolding.less │ ├── sprites.less │ ├── tables.less │ ├── thumbnails.less │ ├── tooltip.less │ ├── type.less │ ├── utilities.less │ ├── variables.less │ └── wells.less │ └── resources │ ├── bootstrap2 │ ├── img │ │ ├── glyphicons-halflings-white.png │ │ └── glyphicons-halflings.png │ └── js │ │ ├── bootstrap.js │ │ └── bootstrap.min.js │ ├── css │ ├── bootstrap-sheet.css │ ├── mitreid-connect-local.css │ ├── mitreid-connect-responsive-local.css │ ├── mitreid-connect-responsive.css │ └── mitreid-connect.css │ ├── images │ ├── heart_mode.png │ ├── heart_mode@2x.png │ ├── logo_placeholder.gif │ ├── mitreid-connect.ico │ ├── openid_connect_large.png │ ├── openid_connect_large@2x.png │ ├── openid_connect_small.png │ └── openid_connect_small@2x.png │ ├── js │ ├── admin.js │ ├── blacklist.js │ ├── client.js │ ├── dynreg.js │ ├── grant.js │ ├── lib │ │ ├── backbone.js │ │ ├── backbone.validations.js │ │ ├── bootpag.js │ │ ├── bootstrap-sheet.js │ │ ├── bootstrapx-clickover.js │ │ ├── html5.js │ │ ├── i18next.js │ │ ├── jquery.js │ │ ├── moment-with-locales.js │ │ ├── purl.js │ │ ├── retina.js │ │ └── underscore.js │ ├── locale │ │ ├── en │ │ │ └── messages.json │ │ ├── fr │ │ │ └── messages.json │ │ ├── sv │ │ │ └── messages.json │ │ ├── zh │ │ │ └── messages.json │ │ ├── zh_CN │ │ │ └── messages.json │ │ └── zh_TW │ │ │ └── messages.json │ ├── profile.js │ ├── rsreg.js │ ├── scope.js │ ├── token.js │ └── whitelist.js │ └── template │ ├── admin.html │ ├── blacklist.html │ ├── client.html │ ├── dynreg.html │ ├── grant.html │ ├── rsreg.html │ ├── scope.html │ ├── token.html │ └── whitelist.html ├── openid-connect-server ├── .gitignore ├── pom.xml └── src │ ├── main │ └── java │ │ └── org │ │ └── mitre │ │ ├── discovery │ │ ├── view │ │ │ └── WebfingerView.java │ │ └── web │ │ │ └── DiscoveryEndpoint.java │ │ ├── oauth2 │ │ ├── assertion │ │ │ ├── AssertionOAuth2RequestFactory.java │ │ │ └── impl │ │ │ │ └── DirectCopyRequestFactory.java │ │ ├── exception │ │ │ ├── AuthorizationPendingException.java │ │ │ ├── DeviceCodeExpiredException.java │ │ │ └── DuplicateClientIdException.java │ │ ├── repository │ │ │ └── impl │ │ │ │ ├── JpaAuthenticationHolderRepository.java │ │ │ │ ├── JpaAuthorizationCodeRepository.java │ │ │ │ ├── JpaDeviceCodeRepository.java │ │ │ │ ├── JpaOAuth2ClientRepository.java │ │ │ │ ├── JpaOAuth2TokenRepository.java │ │ │ │ └── JpaSystemScopeRepository.java │ │ ├── service │ │ │ └── impl │ │ │ │ ├── BlacklistAwareRedirectResolver.java │ │ │ │ ├── DefaultDeviceCodeService.java │ │ │ │ ├── DefaultIntrospectionResultAssembler.java │ │ │ │ ├── DefaultOAuth2AuthorizationCodeService.java │ │ │ │ ├── DefaultOAuth2ClientDetailsEntityService.java │ │ │ │ ├── DefaultOAuth2ProviderTokenService.java │ │ │ │ └── DefaultSystemScopeService.java │ │ ├── token │ │ │ ├── ChainedTokenGranter.java │ │ │ ├── DeviceTokenGranter.java │ │ │ ├── JWTAssertionTokenGranter.java │ │ │ └── ScopeServiceAwareOAuth2RequestValidator.java │ │ ├── view │ │ │ └── TokenApiView.java │ │ └── web │ │ │ ├── AuthenticationUtilities.java │ │ │ ├── CorsFilter.java │ │ │ ├── DeviceEndpoint.java │ │ │ ├── IntrospectionEndpoint.java │ │ │ ├── OAuth2ExceptionHandler.java │ │ │ ├── OAuthConfirmationController.java │ │ │ ├── RevocationEndpoint.java │ │ │ ├── ScopeAPI.java │ │ │ └── TokenAPI.java │ │ └── openid │ │ └── connect │ │ ├── assertion │ │ ├── JWTBearerAssertionAuthenticationToken.java │ │ ├── JWTBearerAuthenticationProvider.java │ │ └── JWTBearerClientAssertionTokenEndpointFilter.java │ │ ├── config │ │ └── JsonMessageSource.java │ │ ├── exception │ │ └── ValidationException.java │ │ ├── filter │ │ ├── AuthorizationRequestFilter.java │ │ └── MultiUrlRequestMatcher.java │ │ ├── repository │ │ └── impl │ │ │ ├── JpaAddressRepository.java │ │ │ ├── JpaApprovedSiteRepository.java │ │ │ ├── JpaBlacklistedSiteRepository.java │ │ │ ├── JpaPairwiseIdentifierRepository.java │ │ │ ├── JpaUserInfoRepository.java │ │ │ └── JpaWhitelistedSiteRepository.java │ │ ├── request │ │ ├── ConnectOAuth2RequestFactory.java │ │ └── ConnectRequestParameters.java │ │ ├── service │ │ └── impl │ │ │ ├── DefaultApprovedSiteService.java │ │ │ ├── DefaultBlacklistedSiteService.java │ │ │ ├── DefaultOIDCTokenService.java │ │ │ ├── DefaultScopeClaimTranslationService.java │ │ │ ├── DefaultStatsService.java │ │ │ ├── DefaultUserInfoService.java │ │ │ ├── DefaultWhitelistedSiteService.java │ │ │ ├── DummyResourceSetService.java │ │ │ ├── InMemoryClientLogoLoadingService.java │ │ │ ├── MITREidDataServiceSupport.java │ │ │ ├── MITREidDataService_1_0.java │ │ │ ├── MITREidDataService_1_1.java │ │ │ ├── MITREidDataService_1_2.java │ │ │ ├── MITREidDataService_1_3.java │ │ │ ├── MatchLoginHintsAgainstUsers.java │ │ │ ├── PassAllLoginHints.java │ │ │ ├── RemoveLoginHintsWithHTTP.java │ │ │ └── UUIDPairwiseIdentiferService.java │ │ ├── token │ │ ├── ConnectTokenEnhancer.java │ │ └── TofuUserApprovalHandler.java │ │ ├── util │ │ └── IdTokenHashUtils.java │ │ ├── view │ │ ├── AbstractClientEntityView.java │ │ ├── ClientEntityViewForAdmins.java │ │ ├── ClientEntityViewForUsers.java │ │ ├── ClientInformationResponseView.java │ │ ├── HttpCodeView.java │ │ ├── JsonApprovedSiteView.java │ │ ├── JsonEntityView.java │ │ ├── JsonErrorView.java │ │ ├── UserInfoJWTView.java │ │ └── UserInfoView.java │ │ └── web │ │ ├── ApprovedSiteAPI.java │ │ ├── AuthenticationTimeStamper.java │ │ ├── BlacklistAPI.java │ │ ├── ClientAPI.java │ │ ├── DataAPI.java │ │ ├── DynamicClientRegistrationEndpoint.java │ │ ├── EndSessionEndpoint.java │ │ ├── JWKSetPublishingEndpoint.java │ │ ├── ProtectedResourceRegistrationEndpoint.java │ │ ├── RootController.java │ │ ├── ServerConfigInterceptor.java │ │ ├── StatsAPI.java │ │ ├── UserInfoEndpoint.java │ │ └── WhitelistAPI.java │ └── test │ ├── java │ └── org │ │ └── mitre │ │ ├── oauth2 │ │ ├── repository │ │ │ └── impl │ │ │ │ ├── TestDatabaseConfiguration.java │ │ │ │ └── TestJpaOAuth2TokenRepository.java │ │ └── service │ │ │ └── impl │ │ │ ├── TestBlacklistAwareRedirectResolver.java │ │ │ ├── TestDefaultIntrospectionResultAssembler.java │ │ │ ├── TestDefaultOAuth2ClientDetailsEntityService.java │ │ │ ├── TestDefaultOAuth2ProviderTokenService.java │ │ │ └── TestDefaultSystemScopeService.java │ │ └── openid │ │ └── connect │ │ ├── assertion │ │ └── TestJWTBearerAuthenticationProvider.java │ │ ├── config │ │ └── TestJsonMessageSource.java │ │ ├── service │ │ └── impl │ │ │ ├── TestDefaultApprovedSiteService.java │ │ │ ├── TestDefaultBlacklistedSiteService.java │ │ │ ├── TestDefaultOIDCTokenService.java │ │ │ ├── TestDefaultStatsService.java │ │ │ ├── TestDefaultUserInfoService.java │ │ │ ├── TestDefaultWhitelistedSiteService.java │ │ │ ├── TestMITREidDataService_1_0.java │ │ │ ├── TestMITREidDataService_1_1.java │ │ │ ├── TestMITREidDataService_1_2.java │ │ │ ├── TestMITREidDataService_1_3.java │ │ │ └── TestUUIDPairwiseIdentiferService.java │ │ ├── token │ │ └── TestConnectTokenEnhancer.java │ │ └── util │ │ └── TestIdTokenHashUtils.java │ └── resources │ └── resources │ └── js │ └── locale │ └── en │ └── messages.json ├── pom.xml ├── uma-server-webapp ├── pom.xml └── src │ └── main │ ├── resources │ └── db │ │ ├── hsql │ │ ├── clients.sql │ │ └── scopes.sql │ │ ├── mysql │ │ ├── clients.sql │ │ └── scopes.sql │ │ ├── oracle │ │ ├── clients_oracle.sql │ │ └── scopes_oracle.sql │ │ └── psql │ │ ├── clients.sql │ │ └── scopes.sql │ └── webapp │ ├── WEB-INF │ ├── endpoint-config.xml │ ├── server-config.xml │ ├── tags │ │ └── actionmenu.tag │ ├── ui-config.xml │ ├── user-context.xml │ └── views │ │ └── external_login.jsp │ └── resources │ ├── js │ ├── locale │ │ ├── en │ │ │ └── uma.json │ │ ├── zh │ │ │ └── uma.json │ │ ├── zh_CN │ │ │ └── uma.json │ │ └── zh_TW │ │ │ └── uma.json │ └── policy.js │ └── template │ └── policy.html └── uma-server ├── pom.xml └── src ├── main └── java │ └── org │ └── mitre │ └── uma │ ├── repository │ └── impl │ │ ├── JpaPermissionRepository.java │ │ └── JpaResourceSetRepository.java │ ├── service │ └── impl │ │ ├── DefaultPermissionService.java │ │ ├── DefaultResourceSetService.java │ │ ├── DefaultUmaTokenService.java │ │ ├── JpaRegisteredClientService.java │ │ ├── MatchAllClaimsOnAnyPolicy.java │ │ └── UmaDataServiceExtension_1_3.java │ ├── util │ └── ExternalLoginAuthoritiesMapper.java │ ├── view │ ├── ResourceSetEntityAbbreviatedView.java │ └── ResourceSetEntityView.java │ └── web │ ├── AuthorizationRequestEndpoint.java │ ├── ClaimsCollectionEndpoint.java │ ├── PermissionRegistrationEndpoint.java │ ├── PolicyAPI.java │ ├── ResourceSetRegistrationEndpoint.java │ ├── UmaDiscoveryEndpoint.java │ └── UserClaimSearchHelper.java └── test └── java └── org └── mitre └── uma └── service └── impl ├── TestDefaultPermissionService.java └── TestDefaultResourceSetService.java /.editorconfig: -------------------------------------------------------------------------------- 1 | # EditorConfig is awesome: http://EditorConfig.org 2 | 3 | # top-most EditorConfig file 4 | root = true 5 | 6 | # Unix-style newlines with a newline ending every file 7 | [*] 8 | end_of_line = lf 9 | insert_final_newline = true 10 | 11 | # 4 space - Tab indentation 12 | [*.{java,xml,js,html}] 13 | indent_style = tab 14 | indent_size = 4 15 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | target 2 | *~ 3 | bin 4 | *.idea 5 | *.iml 6 | *.eml 7 | .project 8 | .settings 9 | .classpath 10 | /target 11 | .springBeans 12 | nb-configuration.xml 13 | -------------------------------------------------------------------------------- /.travis.yml: -------------------------------------------------------------------------------- 1 | language: java 2 | jdk: 3 | - oraclejdk11 4 | sudo: false 5 | 6 | after_success: 7 | - bash <(curl -s https://codecov.io/bash) 8 | 9 | cache: 10 | directories: 11 | - $HOME/.m2 12 | -------------------------------------------------------------------------------- /CHANGELOG.md: -------------------------------------------------------------------------------- 1 | Unreleased: 2 | 3 | *1.3.3*: 4 | - Authorization codes are now longer 5 | - Client/RS can parse the "sub" and "user_id" claims in introspection response 6 | - Database-direct queries for fetching tokens by user (optimization) 7 | - Device flow supports verification_uri_complete (must be turned on) 8 | - Long scopes display properly and are still checkable 9 | - Language system remebers when it can't find a file and stops throwing so many errors 10 | - Index added for refresh tokens 11 | - Updated to Spring Security 4.2.11 12 | - Updated Spring to 4.3.22 13 | - Change approve pages to use issuer instead of page context 14 | - Updated oracle database scripts 15 | 16 | *1.3.2*: 17 | - Added changelog 18 | - Set default redirect URI resolver strict matching to true 19 | - Fixed XSS vulnerability on redirect URI display on approval page 20 | - Removed MITRE from copyright 21 | - Disallow unsigned JWTs on client authentication 22 | - Upgraded Nimbus revision 23 | - Added French translation 24 | - Added hooks for custom JWT claims 25 | - Removed "Not Yet Implemented" tag from post-logout redirect URI 26 | 27 | *1.3.1*: 28 | - Added End Session endpoint 29 | - Fixed discovery endpoint 30 | - Downgrade MySQL connector dependency version from developer preview to GA release 31 | 32 | *1.3.0*: 33 | - Added device flow support 34 | - Added PKCE support 35 | - Modularized UI to allow better overlay and extensions 36 | - Modularized data import/export API 37 | - Added software statements to dynamic client registration 38 | - Added assertion processing framework 39 | - Removed ID tokens from storage 40 | - Removed structured scopes 41 | 42 | *1.2.6*: 43 | - Added strict HEART compliance mode 44 | -------------------------------------------------------------------------------- /LICENSE.txt: -------------------------------------------------------------------------------- 1 | Copyright 2018 The MIT Internet Trust Consortium 2 | 3 | Portions copyright 2011-2013 The MITRE Corporation 4 | 5 | Licensed under the Apache License, Version 2.0 (the "License"); 6 | you may not use this project except in compliance with the License. 7 | You may obtain a copy of the License at 8 | 9 | http://www.apache.org/licenses/LICENSE-2.0 10 | 11 | Unless required by applicable law or agreed to in writing, software 12 | distributed under the License is distributed on an "AS IS" BASIS, 13 | WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 14 | See the License for the specific language governing permissions and 15 | limitations under the License. 16 | -------------------------------------------------------------------------------- /README_zh_CN.md: -------------------------------------------------------------------------------- 1 | # MITREid Connect 2 | --- 3 | 4 | [![Maven Central](https://maven-badges.herokuapp.com/maven-central/org.mitre/openid-connect-parent/badge.svg)](https://maven-badges.herokuapp.com/maven-central/org.mitre/openid-connect-parent) [![Travis CI](https://travis-ci.org/mitreid-connect/OpenID-Connect-Java-Spring-Server.svg?branch=master)](https://travis-ci.org/mitreid-connect/OpenID-Connect-Java-Spring-Server) 5 | 6 | 此项目提供了一个业经认证的、用Java语言构筑于Spring平台之上的OpenID Connect参考实现,包括 [服务器端的实现库](openid-connect-server), [可部署的服务器包](openid-connect-server-webapp), [客户端 (RP) 的库](openid-connect-client), 以及 [工具类库](openid-connect-common)。该服务器可以用做OpenID Connect身份提供者,也可以用做一般意义上的OAuth 2.0授权服务器。 7 | 8 | [![OpenID认证](https://cloud.githubusercontent.com/assets/1454075/7611268/4d19de32-f97b-11e4-895b-31b2455a7ca6.png)](https://openid.net/certification/) 9 | 10 | 有关项目的更多信息参见: 11 | 12 | * [项目在GitHub上的主页 (及相关项目)](https://github.com/mitreid-connect/) 13 | * [完整的文档](https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/wiki) 14 | * [Maven文档及Java API](http://mitreid-connect.github.com/) 15 | * [问题(Issue)追踪系统 (用于报告bug及提交支持请求)](https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/issues) 16 | * 项目的邮件列表: `mitreid-connect@mit.edu`, 及其 [在线存档](https://mailman.mit.edu/mailman/listinfo/mitreid-connect). 17 | 18 | 19 | 项目的作者及主要贡献者有: 20 | 21 | * [Justin Richer](https://github.com/jricher/) 22 | * [Amanda Anganes](https://github.com/aanganes/) 23 | * [Michael Jett](https://github.com/jumbojett/) 24 | * [Michael Walsh](https://github.com/nemonik/) 25 | * [Steve Moore](https://github.com/srmoore) 26 | * [Mike Derryberry](https://github.com/mtderryberry) 27 | * [William Kim](https://github.com/wikkim) 28 | * [Mark Janssen](https://github.com/praseodym) 29 | 30 | 31 | 项目的中文译者: 32 | 33 | * [刘晓曦](https://github.com/liouxiao/) 34 | 35 | 36 | 37 | 38 | 版权所有 ©2018 [MIT因特网信任联盟](http://www.mit-trust.org/). 采用Apache 2.0许可证, 详见 `LICENSE.txt`. 39 | -------------------------------------------------------------------------------- /openid-connect-client/.gitignore: -------------------------------------------------------------------------------- 1 | local-values.conf 2 | target 3 | *~ 4 | bin 5 | *.idea 6 | *.iml 7 | *.eml 8 | .project 9 | .settings 10 | .classpath 11 | /target 12 | .springBeans 13 | -------------------------------------------------------------------------------- /openid-connect-client/README.md: -------------------------------------------------------------------------------- 1 | # OpenID Connect Client # 2 | 3 | ## Overview ## 4 | 5 | This project contains an OpenID Connect Client implemented as a Spring Security AuthenticationFilter. The client facilitates a user's authentication into the secured application to an OpenID Connect Server following the OpenID Connect standard protocol. 6 | 7 | ## Configuring ## 8 | 9 | For an example of the Client configuration, see the [Simple Web App](https://github.com/mitreid-connect/simple-web-app) project. 10 | 11 | Full documentation is available on the [project documentation wiki pages](https://github.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/wiki/Client-configuration). 12 | 13 | -------------------------------------------------------------------------------- /openid-connect-client/src/META-INF/MANIFEST.MF: -------------------------------------------------------------------------------- 1 | Manifest-Version: 1.0 2 | Class-Path: 3 | 4 | -------------------------------------------------------------------------------- /openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/IntrospectionAuthorityGranter.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Portions copyright 2011-2013 The MITRE Corporation 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); 7 | * you may not use this file except in compliance with the License. 8 | * You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software 13 | * distributed under the License is distributed on an "AS IS" BASIS, 14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | * See the License for the specific language governing permissions and 16 | * limitations under the License. 17 | *******************************************************************************/ 18 | /** 19 | * 20 | */ 21 | package org.mitre.oauth2.introspectingfilter.service; 22 | 23 | import java.util.List; 24 | 25 | import org.springframework.security.core.GrantedAuthority; 26 | 27 | import com.google.gson.JsonObject; 28 | 29 | /** 30 | * @author jricher 31 | * 32 | */ 33 | public interface IntrospectionAuthorityGranter { 34 | 35 | public List getAuthorities(JsonObject introspectionResponse); 36 | 37 | } 38 | -------------------------------------------------------------------------------- /openid-connect-client/src/main/java/org/mitre/oauth2/introspectingfilter/service/IntrospectionConfigurationService.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Portions copyright 2011-2013 The MITRE Corporation 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); 7 | * you may not use this file except in compliance with the License. 8 | * You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software 13 | * distributed under the License is distributed on an "AS IS" BASIS, 14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | * See the License for the specific language governing permissions and 16 | * limitations under the License. 17 | *******************************************************************************/ 18 | /** 19 | * 20 | */ 21 | package org.mitre.oauth2.introspectingfilter.service; 22 | 23 | import org.mitre.oauth2.model.RegisteredClient; 24 | 25 | /** 26 | * @author jricher 27 | * 28 | */ 29 | public interface IntrospectionConfigurationService { 30 | 31 | /** 32 | * Get the introspection URL based on the access token. 33 | * @param accessToken 34 | * @return 35 | */ 36 | public String getIntrospectionUrl(String accessToken); 37 | 38 | 39 | /** 40 | * Get the client configuration to use to connect to the 41 | * introspection endpoint. In particular, this cares about 42 | * the clientId, clientSecret, and tokenEndpointAuthMethod 43 | * fields. 44 | */ 45 | public RegisteredClient getClientConfiguration(String accessToken); 46 | 47 | } 48 | -------------------------------------------------------------------------------- /openid-connect-client/src/main/java/org/mitre/openid/connect/client/AuthorizationEndpointException.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package org.mitre.openid.connect.client; 17 | 18 | import org.springframework.security.authentication.AuthenticationServiceException; 19 | 20 | public class AuthorizationEndpointException extends AuthenticationServiceException { 21 | 22 | private static final long serialVersionUID = 6953119789654778380L; 23 | 24 | private String error; 25 | 26 | private String errorDescription; 27 | 28 | private String errorURI; 29 | 30 | public AuthorizationEndpointException(String error, String errorDescription, String errorURI) { 31 | super("Error from Authorization Endpoint: " + error + " " + errorDescription + " " + errorURI); 32 | this.error = error; 33 | this.errorDescription = errorDescription; 34 | this.errorURI = errorURI; 35 | } 36 | 37 | public String getError() { 38 | return error; 39 | } 40 | 41 | public String getErrorDescription() { 42 | return errorDescription; 43 | } 44 | 45 | public String getErrorURI() { 46 | return errorURI; 47 | } 48 | 49 | /* (non-Javadoc) 50 | * @see java.lang.Object#toString() 51 | */ 52 | @Override 53 | public String toString() { 54 | return "AuthorizationEndpointException [error=" + error + ", errorDescription=" + errorDescription + ", errorURI=" + errorURI + "]"; 55 | } 56 | } 57 | -------------------------------------------------------------------------------- /openid-connect-client/src/main/java/org/mitre/openid/connect/client/OIDCAuthoritiesMapper.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | 17 | package org.mitre.openid.connect.client; 18 | 19 | import java.util.Collection; 20 | 21 | import org.mitre.openid.connect.model.UserInfo; 22 | import org.springframework.security.core.GrantedAuthority; 23 | 24 | import com.nimbusds.jwt.JWT; 25 | 26 | /** 27 | * @author jricher 28 | * 29 | */ 30 | public interface OIDCAuthoritiesMapper { 31 | 32 | /** 33 | * @param idToken the ID Token (parsed as a JWT, cannot be @null) 34 | * @param userInfo userInfo of the current user (could be @null) 35 | * @return the set of authorities to map to this user 36 | */ 37 | Collection mapAuthorities(JWT idToken, UserInfo userInfo); 38 | 39 | } 40 | -------------------------------------------------------------------------------- /openid-connect-client/src/main/java/org/mitre/openid/connect/client/StaticPrefixTargetLinkURIChecker.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package org.mitre.openid.connect.client; 17 | 18 | /** 19 | * Simple target URI checker, checks whether the string in question starts 20 | * with a configured prefix. Returns "/" if the match fails. 21 | * 22 | * @author jricher 23 | * 24 | */ 25 | public class StaticPrefixTargetLinkURIChecker implements TargetLinkURIChecker { 26 | 27 | private String prefix = ""; 28 | 29 | @Override 30 | public String filter(String target) { 31 | if (target == null) { 32 | return "/"; 33 | } else if (target.startsWith(prefix)) { 34 | return target; 35 | } else { 36 | return "/"; 37 | } 38 | } 39 | 40 | public String getPrefix() { 41 | return prefix; 42 | } 43 | 44 | public void setPrefix(String prefix) { 45 | this.prefix = prefix; 46 | } 47 | 48 | } 49 | -------------------------------------------------------------------------------- /openid-connect-client/src/main/java/org/mitre/openid/connect/client/TargetLinkURIChecker.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package org.mitre.openid.connect.client; 17 | 18 | public interface TargetLinkURIChecker { 19 | 20 | /** 21 | * Check the parameter to make sure that it's a valid deep-link into this application. 22 | * 23 | * @param target 24 | * @return 25 | */ 26 | public String filter(String target); 27 | 28 | } 29 | -------------------------------------------------------------------------------- /openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/AuthRequestUrlBuilder.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Portions copyright 2011-2013 The MITRE Corporation 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); 7 | * you may not use this file except in compliance with the License. 8 | * You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software 13 | * distributed under the License is distributed on an "AS IS" BASIS, 14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | * See the License for the specific language governing permissions and 16 | * limitations under the License. 17 | *******************************************************************************/ 18 | /** 19 | * 20 | */ 21 | package org.mitre.openid.connect.client.service; 22 | 23 | import java.util.Map; 24 | 25 | import org.mitre.oauth2.model.RegisteredClient; 26 | import org.mitre.openid.connect.config.ServerConfiguration; 27 | 28 | /** 29 | * Builds a URL string to the IdP's authorization endpoint. 30 | * 31 | * @author jricher 32 | * 33 | */ 34 | public interface AuthRequestUrlBuilder { 35 | 36 | /** 37 | * @param serverConfig 38 | * @param clientConfig 39 | * @param redirectUri 40 | * @param nonce 41 | * @param state 42 | * @param loginHint 43 | * @return 44 | */ 45 | public String buildAuthRequestUrl(ServerConfiguration serverConfig, RegisteredClient clientConfig, String redirectUri, String nonce, String state, Map options, String loginHint); 46 | 47 | } 48 | -------------------------------------------------------------------------------- /openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/ClientConfigurationService.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Portions copyright 2011-2013 The MITRE Corporation 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); 7 | * you may not use this file except in compliance with the License. 8 | * You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software 13 | * distributed under the License is distributed on an "AS IS" BASIS, 14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | * See the License for the specific language governing permissions and 16 | * limitations under the License. 17 | *******************************************************************************/ 18 | /** 19 | * 20 | */ 21 | package org.mitre.openid.connect.client.service; 22 | 23 | import org.mitre.oauth2.model.RegisteredClient; 24 | import org.mitre.openid.connect.config.ServerConfiguration; 25 | 26 | /** 27 | * @author jricher 28 | * 29 | */ 30 | public interface ClientConfigurationService { 31 | 32 | public RegisteredClient getClientConfiguration(ServerConfiguration issuer); 33 | 34 | } 35 | -------------------------------------------------------------------------------- /openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/IssuerService.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Portions copyright 2011-2013 The MITRE Corporation 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); 7 | * you may not use this file except in compliance with the License. 8 | * You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software 13 | * distributed under the License is distributed on an "AS IS" BASIS, 14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | * See the License for the specific language governing permissions and 16 | * limitations under the License. 17 | *******************************************************************************/ 18 | /** 19 | * 20 | */ 21 | package org.mitre.openid.connect.client.service; 22 | 23 | import javax.servlet.http.HttpServletRequest; 24 | 25 | import org.mitre.openid.connect.client.model.IssuerServiceResponse; 26 | 27 | /** 28 | * 29 | * Gets an issuer for the given request. Might do dynamic discovery, or might be statically configured. 30 | * 31 | * @author jricher 32 | * 33 | */ 34 | public interface IssuerService { 35 | 36 | public IssuerServiceResponse getIssuer(HttpServletRequest request); 37 | 38 | } 39 | -------------------------------------------------------------------------------- /openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/RegisteredClientService.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Portions copyright 2011-2013 The MITRE Corporation 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); 7 | * you may not use this file except in compliance with the License. 8 | * You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software 13 | * distributed under the License is distributed on an "AS IS" BASIS, 14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | * See the License for the specific language governing permissions and 16 | * limitations under the License. 17 | *******************************************************************************/ 18 | /** 19 | * 20 | */ 21 | package org.mitre.openid.connect.client.service; 22 | 23 | import org.mitre.oauth2.model.RegisteredClient; 24 | 25 | /** 26 | * @author jricher 27 | * 28 | */ 29 | public interface RegisteredClientService { 30 | 31 | /** 32 | * Get a remembered client (if one exists) to talk to the given issuer. This 33 | * client likely doesn't have its full configuration information but contains 34 | * the information needed to fetch it. 35 | * @param issuer 36 | * @return 37 | */ 38 | RegisteredClient getByIssuer(String issuer); 39 | 40 | /** 41 | * Save this client's information for talking to the given issuer. This will 42 | * save only enough information to fetch the client's full configuration from 43 | * the server. 44 | * @param client 45 | */ 46 | void save(String issuer, RegisteredClient client); 47 | 48 | } 49 | -------------------------------------------------------------------------------- /openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/ServerConfigurationService.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Portions copyright 2011-2013 The MITRE Corporation 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); 7 | * you may not use this file except in compliance with the License. 8 | * You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software 13 | * distributed under the License is distributed on an "AS IS" BASIS, 14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | * See the License for the specific language governing permissions and 16 | * limitations under the License. 17 | *******************************************************************************/ 18 | /** 19 | * 20 | */ 21 | package org.mitre.openid.connect.client.service; 22 | 23 | import org.mitre.openid.connect.config.ServerConfiguration; 24 | 25 | /** 26 | * @author jricher 27 | * 28 | */ 29 | public interface ServerConfigurationService { 30 | 31 | public ServerConfiguration getServerConfiguration(String issuer); 32 | 33 | } 34 | -------------------------------------------------------------------------------- /openid-connect-client/src/main/java/org/mitre/openid/connect/client/service/impl/InMemoryRegisteredClientService.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Portions copyright 2011-2013 The MITRE Corporation 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); 7 | * you may not use this file except in compliance with the License. 8 | * You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software 13 | * distributed under the License is distributed on an "AS IS" BASIS, 14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | * See the License for the specific language governing permissions and 16 | * limitations under the License. 17 | *******************************************************************************/ 18 | /** 19 | * 20 | */ 21 | package org.mitre.openid.connect.client.service.impl; 22 | 23 | import java.util.HashMap; 24 | import java.util.Map; 25 | 26 | import org.mitre.oauth2.model.RegisteredClient; 27 | import org.mitre.openid.connect.client.service.RegisteredClientService; 28 | 29 | /** 30 | * @author jricher 31 | * 32 | */ 33 | public class InMemoryRegisteredClientService implements RegisteredClientService { 34 | 35 | private Map clients = new HashMap<>(); 36 | 37 | /* (non-Javadoc) 38 | * @see org.mitre.openid.connect.client.service.RegisteredClientService#getByIssuer(java.lang.String) 39 | */ 40 | @Override 41 | public RegisteredClient getByIssuer(String issuer) { 42 | return clients.get(issuer); 43 | } 44 | 45 | /* (non-Javadoc) 46 | * @see org.mitre.openid.connect.client.service.RegisteredClientService#save(org.mitre.oauth2.model.RegisteredClient) 47 | */ 48 | @Override 49 | public void save(String issuer, RegisteredClient client) { 50 | clients.put(issuer, client); 51 | } 52 | 53 | } 54 | -------------------------------------------------------------------------------- /openid-connect-client/src/test/resources/jwk/jwk: -------------------------------------------------------------------------------- 1 | {"jwk": 2 | [ 3 | {"alg":"RSA", 4 | "mod": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", 5 | "exp":"AQAB", 6 | "kid":"2011-04-29"} 7 | ] 8 | } -------------------------------------------------------------------------------- /openid-connect-client/src/test/resources/jwk/jwkEncrypted: -------------------------------------------------------------------------------- 1 | {"jwk": 2 | [ 3 | {"alg":"RSA", 4 | "mod": "0vx7agoebGcQSuuPiLJXZptN9nndrQmbXEps2aiAFbWhM78LhWx4cbbfAAtVT86zwu1RK7aPFFxuhDR1L6tSoc_BJECPebWKRXjBZCiFV4n3oknjhMstn64tZ_2W-5JsGY4Hc5n9yBXArwl93lqt7_RN5w6Cf0h4QyQ5v-65YGjQR0_FDW2QvzqY368QQMicAtaSqzs8KJZgnYb9c7d0zgdAZHzu6qMQvRL5hajrn1n91CbOpbISD08qNLyrdkt-bFTWhAI4vMQFh6WeZu0fM4lFd2NcRwr3XPksINHaQ-G_xBniIqbw0Ls1jF44-csFCur-kEgU8awapJzKnqDKgw", 5 | "exp":"AQAB", 6 | "kid":"2011-04-29"} 7 | ] 8 | } -------------------------------------------------------------------------------- /openid-connect-client/src/test/resources/x509/x509: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICxDCCAi0CBECcV/wwDQYJKoZIhvcNAQEEBQAwgagxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIEwVU 3 | ZXhhczEPMA0GA1UEBxMGQXVzdGluMSowKAYDVQQKEyFUaGUgVW5pdmVyc2l0eSBvZiBUZXhhcyBh 4 | dCBBdXN0aW4xKDAmBgNVBAsTH0luZm9ybWF0aW9uIFRlY2hub2xvZ3kgU2VydmljZXMxIjAgBgNV 5 | BAMTGXhtbGdhdGV3YXkuaXRzLnV0ZXhhcy5lZHUwHhcNMDQwNTA4MDM0NjA0WhcNMDQwODA2MDM0 6 | NjA0WjCBqDELMAkGA1UEBhMCVVMxDjAMBgNVBAgTBVRleGFzMQ8wDQYDVQQHEwZBdXN0aW4xKjAo 7 | BgNVBAoTIVRoZSBVbml2ZXJzaXR5IG9mIFRleGFzIGF0IEF1c3RpbjEoMCYGA1UECxMfSW5mb3Jt 8 | YXRpb24gVGVjaG5vbG9neSBTZXJ2aWNlczEiMCAGA1UEAxMZeG1sZ2F0ZXdheS5pdHMudXRleGFz 9 | LmVkdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsmc+6+NjLmanvh+FvBziYdBwTiz+d/DZ 10 | Uy2jyvij6f8Xly6zkhHLSsuBzw08wPzr2K+F359bf9T3uiZMuao//FBGtDrTYpvQwkn4PFZwSeY2 11 | Ynw4edxp1JEWT2zfOY+QJDfNgpsYQ9hrHDwqnpbMVVqjdBq5RgTKGhFBj9kxEq0CAwEAATANBgkq 12 | hkiG9w0BAQQFAAOBgQCPYGXF6oRbnjti3CPtjfwORoO7ab1QzNS9Z2rLMuPnt6POlm1A3UPEwCS8 13 | 6flTlAqg19Sh47H7+Iq/LuzotKvUE5ugK52QRNMa4c0OSaO5UEM5EfVox1pT9tZV1Z3whYYMhThg 14 | oC4y/On0NUVMN5xfF/GpSACga/bVjoNvd8HWEg== 15 | -----END CERTIFICATE----- -------------------------------------------------------------------------------- /openid-connect-client/src/test/resources/x509/x509Encrypted: -------------------------------------------------------------------------------- 1 | -----BEGIN CERTIFICATE----- 2 | MIICxDCCAi0CBECcV/wwDQYJKoZIhvcNAQEEBQAwgagxCzAJBgNVBAYTAlVTMQ4wDAYDVQQIEwVU 3 | ZXhhczEPMA0GA1UEBxMGQXVzdGluMSowKAYDVQQKEyFUaGUgVW5pdmVyc2l0eSBvZiBUZXhhcyBh 4 | dCBBdXN0aW4xKDAmBgNVBAsTH0luZm9ybWF0aW9uIFRlY2hub2xvZ3kgU2VydmljZXMxIjAgBgNV 5 | BAMTGXhtbGdhdGV3YXkuaXRzLnV0ZXhhcy5lZHUwHhcNMDQwNTA4MDM0NjA0WhcNMDQwODA2MDM0 6 | NjA0WjCBqDELMAkGA1UEBhMCVVMxDjAMBgNVBAgTBVRleGFzMQ8wDQYDVQQHEwZBdXN0aW4xKjAo 7 | BgNVBAoTIVRoZSBVbml2ZXJzaXR5IG9mIFRleGFzIGF0IEF1c3RpbjEoMCYGA1UECxMfSW5mb3Jt 8 | YXRpb24gVGVjaG5vbG9neSBTZXJ2aWNlczEiMCAGA1UEAxMZeG1sZ2F0ZXdheS5pdHMudXRleGFz 9 | LmVkdTCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEAsmc+6+NjLmanvh+FvBziYdBwTiz+d/DZ 10 | Uy2jyvij6f8Xly6zkhHLSsuBzw08wPzr2K+F359bf9T3uiZMuao//FBGtDrTYpvQwkn4PFZwSeY2 11 | Ynw4edxp1JEWT2zfOY+QJDfNgpsYQ9hrHDwqnpbMVVqjdBq5RgTKGhFBj9kxEq0CAwEAATANBgkq 12 | hkiG9w0BAQQFAAOBgQCPYGXF6oRbnjti3CPtjfwORoO7ab1QzNS9Z2rLMuPnt6POlm1A3UPEwCS8 13 | 6flTlAqg19Sh47H7+Iq/LuzotKvUE5ugK52QRNMa4c0OSaO5UEM5EfVox1pT9tZV1Z3whYYMhThg 14 | oC4y/On0NUVMN5xfF/GpSACga/bVjoNvd8HWEg== 15 | -----END CERTIFICATE----- -------------------------------------------------------------------------------- /openid-connect-common/.gitignore: -------------------------------------------------------------------------------- 1 | local-values.conf 2 | target 3 | *~ 4 | bin 5 | *.idea 6 | *.iml 7 | *.eml 8 | .project 9 | .settings 10 | .classpath 11 | /target 12 | .springBeans 13 | -------------------------------------------------------------------------------- /openid-connect-common/src/META-INF/MANIFEST.MF: -------------------------------------------------------------------------------- 1 | Manifest-Version: 1.0 2 | Class-Path: 3 | 4 | -------------------------------------------------------------------------------- /openid-connect-common/src/main/java/org/mitre/data/DefaultPageCriteria.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package org.mitre.data; 17 | 18 | /** 19 | * Default implementation of PageCriteria which specifies 20 | * both page to be retrieved and page size in the constructor. 21 | * 22 | * @author Colm Smyth 23 | */ 24 | public class DefaultPageCriteria implements PageCriteria { 25 | 26 | private static final int DEFAULT_PAGE_NUMBER = 0; 27 | private static final int DEFAULT_PAGE_SIZE = 100; 28 | 29 | private int pageNumber; 30 | private int pageSize; 31 | 32 | public DefaultPageCriteria(){ 33 | this(DEFAULT_PAGE_NUMBER, DEFAULT_PAGE_SIZE); 34 | } 35 | 36 | public DefaultPageCriteria(int pageNumber, int pageSize) { 37 | this.pageNumber = pageNumber; 38 | this.pageSize = pageSize; 39 | } 40 | 41 | @Override 42 | public int getPageNumber() { 43 | return pageNumber; 44 | } 45 | 46 | @Override 47 | public int getPageSize() { 48 | return pageSize; 49 | } 50 | } 51 | -------------------------------------------------------------------------------- /openid-connect-common/src/main/java/org/mitre/data/PageCriteria.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package org.mitre.data; 17 | 18 | /** 19 | * Interface which defines page criteria for use in 20 | * a repository operation. 21 | * 22 | * @author Colm Smyth 23 | */ 24 | public interface PageCriteria { 25 | 26 | public int getPageNumber(); 27 | public int getPageSize(); 28 | } 29 | -------------------------------------------------------------------------------- /openid-connect-common/src/main/java/org/mitre/jwt/assertion/AssertionValidator.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | 17 | package org.mitre.jwt.assertion; 18 | 19 | import com.nimbusds.jwt.JWT; 20 | 21 | /** 22 | * @author jricher 23 | * 24 | */ 25 | public interface AssertionValidator { 26 | 27 | public boolean isValid(JWT assertion); 28 | 29 | } 30 | -------------------------------------------------------------------------------- /openid-connect-common/src/main/java/org/mitre/jwt/assertion/impl/NullAssertionValidator.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | 17 | package org.mitre.jwt.assertion.impl; 18 | 19 | import org.mitre.jwt.assertion.AssertionValidator; 20 | 21 | import com.nimbusds.jwt.JWT; 22 | 23 | /** 24 | * Reject all assertions passed in. 25 | * 26 | * @author jricher 27 | * 28 | */ 29 | public class NullAssertionValidator implements AssertionValidator { 30 | 31 | /** 32 | * Reject all assertions passed in, always returns false. 33 | */ 34 | @Override 35 | public boolean isValid(JWT assertion) { 36 | return false; 37 | 38 | } 39 | 40 | } 41 | -------------------------------------------------------------------------------- /openid-connect-common/src/main/java/org/mitre/oauth2/exception/DeviceCodeCreationException.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | 17 | package org.mitre.oauth2.exception; 18 | 19 | /** 20 | * @author jricher 21 | * 22 | */ 23 | public class DeviceCodeCreationException extends Exception { 24 | 25 | private static final long serialVersionUID = 8078568710169208466L; 26 | 27 | private String error; 28 | 29 | public DeviceCodeCreationException(String error, String message) { 30 | super(message); 31 | this.error = error; 32 | } 33 | 34 | /** 35 | * @return the error 36 | */ 37 | public String getError() { 38 | return error; 39 | } 40 | 41 | /** 42 | * @param error the error to set 43 | */ 44 | public void setError(String error) { 45 | this.error = error; 46 | } 47 | 48 | 49 | 50 | } 51 | -------------------------------------------------------------------------------- /openid-connect-common/src/main/java/org/mitre/oauth2/model/PKCEAlgorithm.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | 17 | package org.mitre.oauth2.model; 18 | 19 | import com.nimbusds.jose.Algorithm; 20 | import com.nimbusds.jose.Requirement; 21 | 22 | /** 23 | * @author jricher 24 | * 25 | */ 26 | public final class PKCEAlgorithm extends Algorithm { 27 | 28 | /** 29 | * 30 | */ 31 | private static final long serialVersionUID = 7752852583210088925L; 32 | 33 | public static final PKCEAlgorithm plain = new PKCEAlgorithm("plain", Requirement.REQUIRED); 34 | 35 | public static final PKCEAlgorithm S256 = new PKCEAlgorithm("S256", Requirement.OPTIONAL); 36 | 37 | public PKCEAlgorithm(String name, Requirement req) { 38 | super(name, req); 39 | } 40 | 41 | public PKCEAlgorithm(String name) { 42 | super(name, null); 43 | } 44 | 45 | public static PKCEAlgorithm parse(final String s) { 46 | if (s.equals(plain.getName())) { 47 | return plain; 48 | } else if (s.equals(S256.getName())) { 49 | return S256; 50 | } else { 51 | return new PKCEAlgorithm(s); 52 | } 53 | } 54 | 55 | 56 | 57 | } 58 | -------------------------------------------------------------------------------- /openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWEAlgorithmStringConverter.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | 17 | package org.mitre.oauth2.model.convert; 18 | 19 | import javax.persistence.AttributeConverter; 20 | import javax.persistence.Converter; 21 | 22 | import com.nimbusds.jose.JWEAlgorithm; 23 | 24 | @Converter 25 | public class JWEAlgorithmStringConverter implements AttributeConverter { 26 | 27 | @Override 28 | public String convertToDatabaseColumn(JWEAlgorithm attribute) { 29 | if (attribute != null) { 30 | return attribute.getName(); 31 | } else { 32 | return null; 33 | } 34 | } 35 | 36 | /* (non-Javadoc) 37 | * @see javax.persistence.AttributeConverter#convertToEntityAttribute(java.lang.Object) 38 | */ 39 | @Override 40 | public JWEAlgorithm convertToEntityAttribute(String dbData) { 41 | if (dbData != null) { 42 | return JWEAlgorithm.parse(dbData); 43 | } else { 44 | return null; 45 | } 46 | } 47 | } -------------------------------------------------------------------------------- /openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWEEncryptionMethodStringConverter.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | 17 | package org.mitre.oauth2.model.convert; 18 | 19 | import javax.persistence.AttributeConverter; 20 | import javax.persistence.Converter; 21 | 22 | import com.nimbusds.jose.EncryptionMethod; 23 | 24 | @Converter 25 | public class JWEEncryptionMethodStringConverter implements AttributeConverter { 26 | 27 | @Override 28 | public String convertToDatabaseColumn(EncryptionMethod attribute) { 29 | if (attribute != null) { 30 | return attribute.getName(); 31 | } else { 32 | return null; 33 | } 34 | } 35 | 36 | /* (non-Javadoc) 37 | * @see javax.persistence.AttributeConverter#convertToEntityAttribute(java.lang.Object) 38 | */ 39 | @Override 40 | public EncryptionMethod convertToEntityAttribute(String dbData) { 41 | if (dbData != null) { 42 | return EncryptionMethod.parse(dbData); 43 | } else { 44 | return null; 45 | } 46 | } 47 | } -------------------------------------------------------------------------------- /openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWKSetStringConverter.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | 17 | package org.mitre.oauth2.model.convert; 18 | 19 | import java.text.ParseException; 20 | 21 | import javax.persistence.AttributeConverter; 22 | import javax.persistence.Converter; 23 | 24 | import org.slf4j.Logger; 25 | import org.slf4j.LoggerFactory; 26 | 27 | import com.nimbusds.jose.jwk.JWKSet; 28 | 29 | /** 30 | * @author jricher 31 | * 32 | */ 33 | @Converter 34 | public class JWKSetStringConverter implements AttributeConverter { 35 | 36 | private static Logger logger = LoggerFactory.getLogger(JWKSetStringConverter.class); 37 | 38 | @Override 39 | public String convertToDatabaseColumn(JWKSet attribute) { 40 | if (attribute != null) { 41 | return attribute.toString(); 42 | } else { 43 | return null; 44 | } 45 | } 46 | 47 | /* (non-Javadoc) 48 | * @see javax.persistence.AttributeConverter#convertToEntityAttribute(java.lang.Object) 49 | */ 50 | @Override 51 | public JWKSet convertToEntityAttribute(String dbData) { 52 | if (dbData != null) { 53 | try { 54 | JWKSet jwks = JWKSet.parse(dbData); 55 | return jwks; 56 | } catch (ParseException e) { 57 | logger.error("Unable to parse JWK Set", e); 58 | return null; 59 | } 60 | } else { 61 | return null; 62 | } 63 | 64 | } 65 | 66 | } 67 | -------------------------------------------------------------------------------- /openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWSAlgorithmStringConverter.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | 17 | package org.mitre.oauth2.model.convert; 18 | 19 | import javax.persistence.AttributeConverter; 20 | import javax.persistence.Converter; 21 | 22 | import com.nimbusds.jose.JWSAlgorithm; 23 | 24 | @Converter 25 | public class JWSAlgorithmStringConverter implements AttributeConverter { 26 | 27 | @Override 28 | public String convertToDatabaseColumn(JWSAlgorithm attribute) { 29 | if (attribute != null) { 30 | return attribute.getName(); 31 | } else { 32 | return null; 33 | } 34 | } 35 | 36 | /* (non-Javadoc) 37 | * @see javax.persistence.AttributeConverter#convertToEntityAttribute(java.lang.Object) 38 | */ 39 | @Override 40 | public JWSAlgorithm convertToEntityAttribute(String dbData) { 41 | if (dbData != null) { 42 | return JWSAlgorithm.parse(dbData); 43 | } else { 44 | return null; 45 | } 46 | } 47 | } -------------------------------------------------------------------------------- /openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JWTStringConverter.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | 17 | package org.mitre.oauth2.model.convert; 18 | 19 | import java.text.ParseException; 20 | 21 | import javax.persistence.AttributeConverter; 22 | import javax.persistence.Converter; 23 | 24 | import org.slf4j.Logger; 25 | import org.slf4j.LoggerFactory; 26 | 27 | import com.nimbusds.jwt.JWT; 28 | import com.nimbusds.jwt.JWTParser; 29 | 30 | /** 31 | * @author jricher 32 | * 33 | */ 34 | @Converter 35 | public class JWTStringConverter implements AttributeConverter { 36 | 37 | public static Logger logger = LoggerFactory.getLogger(JWTStringConverter.class); 38 | 39 | @Override 40 | public String convertToDatabaseColumn(JWT attribute) { 41 | if (attribute != null) { 42 | return attribute.serialize(); 43 | } else { 44 | return null; 45 | } 46 | } 47 | 48 | /* (non-Javadoc) 49 | * @see javax.persistence.AttributeConverter#convertToEntityAttribute(java.lang.Object) 50 | */ 51 | @Override 52 | public JWT convertToEntityAttribute(String dbData) { 53 | if (dbData != null) { 54 | try { 55 | JWT jwt = JWTParser.parse(dbData); 56 | return jwt; 57 | } catch (ParseException e) { 58 | logger.error("Unable to parse JWT", e); 59 | return null; 60 | } 61 | } else { 62 | return null; 63 | } 64 | } 65 | 66 | } 67 | -------------------------------------------------------------------------------- /openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/JsonElementStringConverter.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | 17 | package org.mitre.oauth2.model.convert; 18 | 19 | import javax.persistence.AttributeConverter; 20 | import javax.persistence.Converter; 21 | 22 | import com.google.common.base.Strings; 23 | import com.google.gson.JsonElement; 24 | import com.google.gson.JsonParser; 25 | 26 | /** 27 | * @author jricher 28 | * 29 | */ 30 | @Converter 31 | public class JsonElementStringConverter implements AttributeConverter { 32 | 33 | private JsonParser parser = new JsonParser(); 34 | 35 | @Override 36 | public String convertToDatabaseColumn(JsonElement attribute) { 37 | if (attribute != null) { 38 | return attribute.toString(); 39 | } else { 40 | return null; 41 | } 42 | } 43 | 44 | /* (non-Javadoc) 45 | * @see javax.persistence.AttributeConverter#convertToEntityAttribute(java.lang.Object) 46 | */ 47 | @Override 48 | public JsonElement convertToEntityAttribute(String dbData) { 49 | if (!Strings.isNullOrEmpty(dbData)) { 50 | return parser.parse(dbData); 51 | } else { 52 | return null; 53 | } 54 | } 55 | 56 | } 57 | -------------------------------------------------------------------------------- /openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/PKCEAlgorithmStringConverter.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | 17 | package org.mitre.oauth2.model.convert; 18 | 19 | import javax.persistence.AttributeConverter; 20 | import javax.persistence.Converter; 21 | 22 | import org.mitre.oauth2.model.PKCEAlgorithm; 23 | 24 | /** 25 | * @author jricher 26 | * 27 | */ 28 | @Converter 29 | public class PKCEAlgorithmStringConverter implements AttributeConverter { 30 | 31 | @Override 32 | public String convertToDatabaseColumn(PKCEAlgorithm attribute) { 33 | if (attribute != null) { 34 | return attribute.getName(); 35 | } else { 36 | return null; 37 | } 38 | } 39 | 40 | /* (non-Javadoc) 41 | * @see javax.persistence.AttributeConverter#convertToEntityAttribute(java.lang.Object) 42 | */ 43 | @Override 44 | public PKCEAlgorithm convertToEntityAttribute(String dbData) { 45 | if (dbData != null) { 46 | return PKCEAlgorithm.parse(dbData); 47 | } else { 48 | return null; 49 | } 50 | } 51 | 52 | } 53 | -------------------------------------------------------------------------------- /openid-connect-common/src/main/java/org/mitre/oauth2/model/convert/SimpleGrantedAuthorityStringConverter.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | 17 | package org.mitre.oauth2.model.convert; 18 | 19 | import javax.persistence.AttributeConverter; 20 | import javax.persistence.Converter; 21 | 22 | import org.springframework.security.core.authority.SimpleGrantedAuthority; 23 | 24 | /** 25 | * @author jricher 26 | * 27 | */ 28 | @Converter 29 | public class SimpleGrantedAuthorityStringConverter implements AttributeConverter { 30 | 31 | @Override 32 | public String convertToDatabaseColumn(SimpleGrantedAuthority attribute) { 33 | if (attribute != null) { 34 | return attribute.getAuthority(); 35 | } else { 36 | return null; 37 | } 38 | } 39 | 40 | @Override 41 | public SimpleGrantedAuthority convertToEntityAttribute(String dbData) { 42 | if (dbData != null) { 43 | return new SimpleGrantedAuthority(dbData); 44 | } else { 45 | return null; 46 | } 47 | } 48 | 49 | } 50 | -------------------------------------------------------------------------------- /openid-connect-common/src/main/java/org/mitre/oauth2/repository/AuthenticationHolderRepository.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Portions copyright 2011-2013 The MITRE Corporation 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); 7 | * you may not use this file except in compliance with the License. 8 | * You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software 13 | * distributed under the License is distributed on an "AS IS" BASIS, 14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | * See the License for the specific language governing permissions and 16 | * limitations under the License. 17 | *******************************************************************************/ 18 | package org.mitre.oauth2.repository; 19 | 20 | import java.util.List; 21 | 22 | import org.mitre.data.PageCriteria; 23 | import org.mitre.oauth2.model.AuthenticationHolderEntity; 24 | 25 | public interface AuthenticationHolderRepository { 26 | public List getAll(); 27 | 28 | public AuthenticationHolderEntity getById(Long id); 29 | 30 | public void remove(AuthenticationHolderEntity a); 31 | 32 | public AuthenticationHolderEntity save(AuthenticationHolderEntity a); 33 | 34 | public List getOrphanedAuthenticationHolders(); 35 | 36 | public List getOrphanedAuthenticationHolders(PageCriteria pageCriteria); 37 | } 38 | -------------------------------------------------------------------------------- /openid-connect-common/src/main/java/org/mitre/oauth2/repository/OAuth2ClientRepository.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Portions copyright 2011-2013 The MITRE Corporation 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); 7 | * you may not use this file except in compliance with the License. 8 | * You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software 13 | * distributed under the License is distributed on an "AS IS" BASIS, 14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | * See the License for the specific language governing permissions and 16 | * limitations under the License. 17 | *******************************************************************************/ 18 | package org.mitre.oauth2.repository; 19 | 20 | import java.util.Collection; 21 | 22 | import org.mitre.oauth2.model.ClientDetailsEntity; 23 | 24 | public interface OAuth2ClientRepository { 25 | 26 | public ClientDetailsEntity getById(Long id); 27 | 28 | public ClientDetailsEntity getClientByClientId(String clientId); 29 | 30 | public ClientDetailsEntity saveClient(ClientDetailsEntity client); 31 | 32 | public void deleteClient(ClientDetailsEntity client); 33 | 34 | public ClientDetailsEntity updateClient(Long id, ClientDetailsEntity client); 35 | 36 | public Collection getAllClients(); 37 | 38 | 39 | } 40 | -------------------------------------------------------------------------------- /openid-connect-common/src/main/java/org/mitre/oauth2/repository/SystemScopeRepository.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Portions copyright 2011-2013 The MITRE Corporation 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); 7 | * you may not use this file except in compliance with the License. 8 | * You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software 13 | * distributed under the License is distributed on an "AS IS" BASIS, 14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | * See the License for the specific language governing permissions and 16 | * limitations under the License. 17 | *******************************************************************************/ 18 | /** 19 | * 20 | */ 21 | package org.mitre.oauth2.repository; 22 | 23 | import java.util.Set; 24 | 25 | import org.mitre.oauth2.model.SystemScope; 26 | 27 | /** 28 | * @author jricher 29 | * 30 | */ 31 | public interface SystemScopeRepository { 32 | 33 | public Set getAll(); 34 | 35 | public SystemScope getById(Long id); 36 | 37 | public SystemScope getByValue(String value); 38 | 39 | public void remove(SystemScope scope); 40 | 41 | public SystemScope save(SystemScope scope); 42 | 43 | } 44 | -------------------------------------------------------------------------------- /openid-connect-common/src/main/java/org/mitre/oauth2/repository/impl/DeviceCodeRepository.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | 17 | package org.mitre.oauth2.repository.impl; 18 | 19 | import java.util.Collection; 20 | 21 | import org.mitre.oauth2.model.DeviceCode; 22 | 23 | /** 24 | * @author jricher 25 | * 26 | */ 27 | public interface DeviceCodeRepository { 28 | 29 | /** 30 | * @param id 31 | * @return 32 | */ 33 | public DeviceCode getById(Long id); 34 | 35 | /** 36 | * @param deviceCode 37 | * @return 38 | */ 39 | public DeviceCode getByDeviceCode(String deviceCode); 40 | 41 | /** 42 | * @param scope 43 | */ 44 | public void remove(DeviceCode scope); 45 | 46 | /** 47 | * @param scope 48 | * @return 49 | */ 50 | public DeviceCode save(DeviceCode scope); 51 | 52 | /** 53 | * @param userCode 54 | * @return 55 | */ 56 | public DeviceCode getByUserCode(String userCode); 57 | 58 | /** 59 | * @return 60 | */ 61 | public Collection getExpiredCodes(); 62 | 63 | } 64 | -------------------------------------------------------------------------------- /openid-connect-common/src/main/java/org/mitre/oauth2/service/ClientDetailsEntityService.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Portions copyright 2011-2013 The MITRE Corporation 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); 7 | * you may not use this file except in compliance with the License. 8 | * You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software 13 | * distributed under the License is distributed on an "AS IS" BASIS, 14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | * See the License for the specific language governing permissions and 16 | * limitations under the License. 17 | *******************************************************************************/ 18 | package org.mitre.oauth2.service; 19 | 20 | import java.util.Collection; 21 | 22 | import org.mitre.oauth2.model.ClientDetailsEntity; 23 | import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; 24 | import org.springframework.security.oauth2.provider.ClientDetailsService; 25 | 26 | public interface ClientDetailsEntityService extends ClientDetailsService { 27 | 28 | public ClientDetailsEntity saveNewClient(ClientDetailsEntity client); 29 | 30 | public ClientDetailsEntity getClientById(Long id); 31 | 32 | @Override 33 | public ClientDetailsEntity loadClientByClientId(String clientId) throws OAuth2Exception; 34 | 35 | public void deleteClient(ClientDetailsEntity client); 36 | 37 | public ClientDetailsEntity updateClient(ClientDetailsEntity oldClient, ClientDetailsEntity newClient); 38 | 39 | public Collection getAllClients(); 40 | 41 | public ClientDetailsEntity generateClientId(ClientDetailsEntity client); 42 | 43 | public ClientDetailsEntity generateClientSecret(ClientDetailsEntity client); 44 | 45 | } 46 | -------------------------------------------------------------------------------- /openid-connect-common/src/main/java/org/mitre/openid/connect/config/JWKSetEditor.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | 17 | package org.mitre.openid.connect.config; 18 | 19 | import java.beans.PropertyEditorSupport; 20 | import java.text.ParseException; 21 | 22 | import com.google.common.base.Strings; 23 | import com.nimbusds.jose.jwk.JWKSet; 24 | 25 | /** 26 | * Allows JWK Set strings to be used in XML configurations. 27 | * 28 | * @author jricher 29 | * 30 | */ 31 | public class JWKSetEditor extends PropertyEditorSupport { 32 | 33 | @Override 34 | public void setAsText(String text) throws IllegalArgumentException { 35 | if (!Strings.isNullOrEmpty(text)) { 36 | try { 37 | setValue(JWKSet.parse(text)); 38 | } catch (ParseException e) { 39 | throw new IllegalArgumentException(e); 40 | } 41 | } else { 42 | setValue(null); 43 | } 44 | } 45 | 46 | } 47 | -------------------------------------------------------------------------------- /openid-connect-common/src/main/java/org/mitre/openid/connect/config/UIConfiguration.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | 17 | package org.mitre.openid.connect.config; 18 | 19 | import java.util.Set; 20 | 21 | /** 22 | * 23 | * Bean for UI (front-end) configuration to be read at start-up. 24 | * 25 | * @author jricher 26 | * 27 | */ 28 | public class UIConfiguration { 29 | 30 | private Set jsFiles; 31 | 32 | /** 33 | * @return the jsFiles 34 | */ 35 | public Set getJsFiles() { 36 | return jsFiles; 37 | } 38 | /** 39 | * @param jsFiles the jsFiles to set 40 | */ 41 | public void setJsFiles(Set jsFiles) { 42 | this.jsFiles = jsFiles; 43 | } 44 | 45 | } 46 | -------------------------------------------------------------------------------- /openid-connect-common/src/main/java/org/mitre/openid/connect/model/CachedImage.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | 17 | package org.mitre.openid.connect.model; 18 | 19 | /** 20 | * @author jricher 21 | * 22 | */ 23 | public class CachedImage { 24 | 25 | private byte[] data; 26 | private String contentType; 27 | private long length; 28 | 29 | /** 30 | * @return the data 31 | */ 32 | public byte[] getData() { 33 | return data; 34 | } 35 | /** 36 | * @param data the data to set 37 | */ 38 | public void setData(byte[] data) { 39 | this.data = data; 40 | } 41 | /** 42 | * @return the contentType 43 | */ 44 | public String getContentType() { 45 | return contentType; 46 | } 47 | /** 48 | * @param contentType the contentType to set 49 | */ 50 | public void setContentType(String contentType) { 51 | this.contentType = contentType; 52 | } 53 | /** 54 | * @return the length 55 | */ 56 | public long getLength() { 57 | return length; 58 | } 59 | /** 60 | * @param length the length to set 61 | */ 62 | public void setLength(long length) { 63 | this.length = length; 64 | } 65 | 66 | } 67 | -------------------------------------------------------------------------------- /openid-connect-common/src/main/java/org/mitre/openid/connect/model/ClientStat.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | 17 | package org.mitre.openid.connect.model; 18 | 19 | /** 20 | * @author jricher 21 | * 22 | */ 23 | public class ClientStat { 24 | 25 | private Integer approvedSiteCount; 26 | 27 | /** 28 | * @return the count 29 | */ 30 | public Integer getApprovedSiteCount() { 31 | return approvedSiteCount; 32 | } 33 | 34 | /** 35 | * @param count the count to set 36 | */ 37 | public void setApprovedSiteCount(Integer count) { 38 | this.approvedSiteCount = count; 39 | } 40 | 41 | } 42 | -------------------------------------------------------------------------------- /openid-connect-common/src/main/java/org/mitre/openid/connect/model/convert/JsonObjectStringConverter.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | 17 | package org.mitre.openid.connect.model.convert; 18 | 19 | import javax.persistence.AttributeConverter; 20 | import javax.persistence.Converter; 21 | 22 | import com.google.common.base.Strings; 23 | import com.google.gson.JsonObject; 24 | import com.google.gson.JsonParser; 25 | 26 | /** 27 | * @author jricher 28 | * 29 | */ 30 | @Converter 31 | public class JsonObjectStringConverter implements AttributeConverter { 32 | 33 | private JsonParser parser = new JsonParser(); 34 | 35 | @Override 36 | public String convertToDatabaseColumn(JsonObject attribute) { 37 | if (attribute != null) { 38 | return attribute.toString(); 39 | } else { 40 | return null; 41 | } 42 | } 43 | 44 | /* (non-Javadoc) 45 | * @see javax.persistence.AttributeConverter#convertToEntityAttribute(java.lang.Object) 46 | */ 47 | @Override 48 | public JsonObject convertToEntityAttribute(String dbData) { 49 | if (!Strings.isNullOrEmpty(dbData)) { 50 | return parser.parse(dbData).getAsJsonObject(); 51 | } else { 52 | return null; 53 | } 54 | } 55 | 56 | } 57 | -------------------------------------------------------------------------------- /openid-connect-common/src/main/java/org/mitre/openid/connect/repository/AddressRepository.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Portions copyright 2011-2013 The MITRE Corporation 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); 7 | * you may not use this file except in compliance with the License. 8 | * You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software 13 | * distributed under the License is distributed on an "AS IS" BASIS, 14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | * See the License for the specific language governing permissions and 16 | * limitations under the License. 17 | *******************************************************************************/ 18 | package org.mitre.openid.connect.repository; 19 | 20 | import org.mitre.openid.connect.model.Address; 21 | 22 | /** 23 | * Address repository interface 24 | * 25 | * @author Michael Joseph Walsh 26 | * 27 | */ 28 | public interface AddressRepository { 29 | 30 | /** 31 | * Returns the Address for the given id 32 | * 33 | * @param id 34 | * id the id of the Address 35 | * @return a valid Address if it exists, null otherwise 36 | */ 37 | public Address getById(Long id); 38 | 39 | } 40 | -------------------------------------------------------------------------------- /openid-connect-common/src/main/java/org/mitre/openid/connect/repository/BlacklistedSiteRepository.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Portions copyright 2011-2013 The MITRE Corporation 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); 7 | * you may not use this file except in compliance with the License. 8 | * You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software 13 | * distributed under the License is distributed on an "AS IS" BASIS, 14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | * See the License for the specific language governing permissions and 16 | * limitations under the License. 17 | *******************************************************************************/ 18 | /** 19 | * 20 | */ 21 | package org.mitre.openid.connect.repository; 22 | 23 | import java.util.Collection; 24 | 25 | import org.mitre.openid.connect.model.BlacklistedSite; 26 | 27 | /** 28 | * @author jricher 29 | * 30 | */ 31 | public interface BlacklistedSiteRepository { 32 | 33 | public Collection getAll(); 34 | 35 | public BlacklistedSite getById(Long id); 36 | 37 | public void remove(BlacklistedSite blacklistedSite); 38 | 39 | public BlacklistedSite save(BlacklistedSite blacklistedSite); 40 | 41 | public BlacklistedSite update(BlacklistedSite oldBlacklistedSite, BlacklistedSite blacklistedSite); 42 | 43 | } 44 | -------------------------------------------------------------------------------- /openid-connect-common/src/main/java/org/mitre/openid/connect/repository/PairwiseIdentifierRepository.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Portions copyright 2011-2013 The MITRE Corporation 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); 7 | * you may not use this file except in compliance with the License. 8 | * You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software 13 | * distributed under the License is distributed on an "AS IS" BASIS, 14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | * See the License for the specific language governing permissions and 16 | * limitations under the License. 17 | *******************************************************************************/ 18 | /** 19 | * 20 | */ 21 | package org.mitre.openid.connect.repository; 22 | 23 | import org.mitre.openid.connect.model.PairwiseIdentifier; 24 | 25 | /** 26 | * @author jricher 27 | * 28 | */ 29 | public interface PairwiseIdentifierRepository { 30 | 31 | /** 32 | * Get a pairwise identifier by its associated user subject and sector identifier. 33 | * 34 | * @param sub 35 | * @param sectorIdentifierUri 36 | * @return 37 | */ 38 | public PairwiseIdentifier getBySectorIdentifier(String sub, String sectorIdentifierUri); 39 | 40 | /** 41 | * Save a pairwise identifier to the database. 42 | * 43 | * @param pairwise 44 | */ 45 | public void save(PairwiseIdentifier pairwise); 46 | 47 | } 48 | -------------------------------------------------------------------------------- /openid-connect-common/src/main/java/org/mitre/openid/connect/repository/UserInfoRepository.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Portions copyright 2011-2013 The MITRE Corporation 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); 7 | * you may not use this file except in compliance with the License. 8 | * You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software 13 | * distributed under the License is distributed on an "AS IS" BASIS, 14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | * See the License for the specific language governing permissions and 16 | * limitations under the License. 17 | *******************************************************************************/ 18 | package org.mitre.openid.connect.repository; 19 | 20 | import org.mitre.openid.connect.model.UserInfo; 21 | 22 | /** 23 | * UserInfo repository interface 24 | * 25 | * @author Michael Joseph Walsh 26 | * 27 | */ 28 | public interface UserInfoRepository { 29 | 30 | /** 31 | * Get a UserInfo object by its preferred_username field 32 | * @param username 33 | * @return 34 | */ 35 | public UserInfo getByUsername(String username); 36 | 37 | /** 38 | * 39 | * Get the UserInfo object by its email field 40 | * 41 | * @param email 42 | * @return 43 | */ 44 | public UserInfo getByEmailAddress(String email); 45 | 46 | } 47 | -------------------------------------------------------------------------------- /openid-connect-common/src/main/java/org/mitre/openid/connect/service/BlacklistedSiteService.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Portions copyright 2011-2013 The MITRE Corporation 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); 7 | * you may not use this file except in compliance with the License. 8 | * You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software 13 | * distributed under the License is distributed on an "AS IS" BASIS, 14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | * See the License for the specific language governing permissions and 16 | * limitations under the License. 17 | *******************************************************************************/ 18 | /** 19 | * 20 | */ 21 | package org.mitre.openid.connect.service; 22 | 23 | import java.util.Collection; 24 | 25 | import org.mitre.openid.connect.model.BlacklistedSite; 26 | 27 | /** 28 | * @author jricher 29 | * 30 | */ 31 | public interface BlacklistedSiteService { 32 | 33 | public Collection getAll(); 34 | 35 | public BlacklistedSite getById(Long id); 36 | 37 | public void remove(BlacklistedSite blacklistedSite); 38 | 39 | public BlacklistedSite saveNew(BlacklistedSite blacklistedSite); 40 | 41 | public BlacklistedSite update(BlacklistedSite oldBlacklistedSite, BlacklistedSite blacklistedSite); 42 | 43 | public boolean isBlacklisted(String uri); 44 | 45 | } 46 | -------------------------------------------------------------------------------- /openid-connect-common/src/main/java/org/mitre/openid/connect/service/ClientLogoLoadingService.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | 17 | package org.mitre.openid.connect.service; 18 | 19 | import org.mitre.oauth2.model.ClientDetailsEntity; 20 | import org.mitre.openid.connect.model.CachedImage; 21 | 22 | /** 23 | * @author jricher 24 | * 25 | */ 26 | public interface ClientLogoLoadingService { 27 | 28 | /** 29 | * @param client 30 | * @return 31 | */ 32 | public CachedImage getLogo(ClientDetailsEntity client); 33 | 34 | } 35 | -------------------------------------------------------------------------------- /openid-connect-common/src/main/java/org/mitre/openid/connect/service/LoginHintExtracter.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | 17 | package org.mitre.openid.connect.service; 18 | 19 | /** 20 | * @author jricher 21 | * 22 | */ 23 | public interface LoginHintExtracter { 24 | 25 | /** 26 | * @param loginHint 27 | * @return 28 | */ 29 | public String extractHint(String loginHint); 30 | 31 | } 32 | -------------------------------------------------------------------------------- /openid-connect-common/src/main/java/org/mitre/openid/connect/service/PairwiseIdentiferService.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Portions copyright 2011-2013 The MITRE Corporation 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); 7 | * you may not use this file except in compliance with the License. 8 | * You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software 13 | * distributed under the License is distributed on an "AS IS" BASIS, 14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | * See the License for the specific language governing permissions and 16 | * limitations under the License. 17 | *******************************************************************************/ 18 | /** 19 | * 20 | */ 21 | package org.mitre.openid.connect.service; 22 | 23 | import org.mitre.oauth2.model.ClientDetailsEntity; 24 | import org.mitre.openid.connect.model.UserInfo; 25 | 26 | /** 27 | * @author jricher 28 | * 29 | */ 30 | public interface PairwiseIdentiferService { 31 | 32 | /** 33 | * Calcualtes the pairwise identifier for the given userinfo object and client. 34 | * 35 | * Returns 'null' if no identifer could be calculated. 36 | * 37 | * @param userInfo 38 | * @param client 39 | * @return 40 | */ 41 | public String getIdentifier(UserInfo userInfo, ClientDetailsEntity client); 42 | 43 | } 44 | -------------------------------------------------------------------------------- /openid-connect-common/src/main/java/org/mitre/openid/connect/service/ScopeClaimTranslationService.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Portions copyright 2011-2013 The MITRE Corporation 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); 7 | * you may not use this file except in compliance with the License. 8 | * You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software 13 | * distributed under the License is distributed on an "AS IS" BASIS, 14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | * See the License for the specific language governing permissions and 16 | * limitations under the License. 17 | *******************************************************************************/ 18 | /** 19 | * 20 | */ 21 | package org.mitre.openid.connect.service; 22 | 23 | import java.util.Set; 24 | 25 | /** 26 | * @author jricher 27 | * 28 | */ 29 | public interface ScopeClaimTranslationService { 30 | 31 | public Set getClaimsForScope(String scope); 32 | 33 | public Set getClaimsForScopeSet(Set scopes); 34 | 35 | } 36 | -------------------------------------------------------------------------------- /openid-connect-common/src/main/java/org/mitre/openid/connect/service/StatsService.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Portions copyright 2011-2013 The MITRE Corporation 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); 7 | * you may not use this file except in compliance with the License. 8 | * You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software 13 | * distributed under the License is distributed on an "AS IS" BASIS, 14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | * See the License for the specific language governing permissions and 16 | * limitations under the License. 17 | *******************************************************************************/ 18 | /** 19 | * 20 | */ 21 | package org.mitre.openid.connect.service; 22 | 23 | import java.util.Map; 24 | 25 | import org.mitre.openid.connect.model.ClientStat; 26 | 27 | /** 28 | * @author jricher 29 | * 30 | */ 31 | public interface StatsService { 32 | 33 | /** 34 | * Calculate summary statistics 35 | * approvalCount: total approved sites 36 | * userCount: unique users 37 | * clientCount: unique clients 38 | * 39 | * @return 40 | */ 41 | public Map getSummaryStats(); 42 | 43 | /** 44 | * Calculate the usage count for a single client 45 | * 46 | * @param clientId the id of the client to search on 47 | * @return 48 | */ 49 | public ClientStat getCountForClientId(String clientId); 50 | 51 | /** 52 | * Trigger the stats to be recalculated upon next update. 53 | */ 54 | public void resetCache(); 55 | 56 | } 57 | -------------------------------------------------------------------------------- /openid-connect-common/src/main/java/org/mitre/openid/connect/service/UserInfoService.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Portions copyright 2011-2013 The MITRE Corporation 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); 7 | * you may not use this file except in compliance with the License. 8 | * You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software 13 | * distributed under the License is distributed on an "AS IS" BASIS, 14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | * See the License for the specific language governing permissions and 16 | * limitations under the License. 17 | *******************************************************************************/ 18 | package org.mitre.openid.connect.service; 19 | 20 | import org.mitre.openid.connect.model.UserInfo; 21 | 22 | /** 23 | * Interface for UserInfo service 24 | * 25 | * @author Michael Joseph Walsh 26 | * 27 | */ 28 | public interface UserInfoService { 29 | 30 | /** 31 | * Get the UserInfo for the given username (usually maps to the 32 | * preferredUsername field). 33 | * @param username 34 | * @return 35 | */ 36 | public UserInfo getByUsername(String username); 37 | 38 | /** 39 | * Get the UserInfo for the given username (usually maps to the 40 | * preferredUsername field) and clientId. This allows pairwise 41 | * client identifiers where appropriate. 42 | * @param username 43 | * @param clientId 44 | * @return 45 | */ 46 | public UserInfo getByUsernameAndClientId(String username, String clientId); 47 | 48 | /** 49 | * Get the user registered at this server with the given email address. 50 | * 51 | * @param email 52 | * @return 53 | */ 54 | public UserInfo getByEmailAddress(String email); 55 | 56 | } 57 | -------------------------------------------------------------------------------- /openid-connect-common/src/main/java/org/mitre/uma/model/convert/RegisteredClientStringConverter.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | 17 | package org.mitre.uma.model.convert; 18 | 19 | import javax.persistence.AttributeConverter; 20 | import javax.persistence.Converter; 21 | 22 | import org.mitre.oauth2.model.RegisteredClient; 23 | import org.mitre.openid.connect.ClientDetailsEntityJsonProcessor; 24 | 25 | import com.google.common.base.Strings; 26 | 27 | /** 28 | * @author jricher 29 | * 30 | */ 31 | @Converter 32 | public class RegisteredClientStringConverter implements AttributeConverter{ 33 | 34 | /* (non-Javadoc) 35 | * @see javax.persistence.AttributeConverter#convertToDatabaseColumn(java.lang.Object) 36 | */ 37 | @Override 38 | public String convertToDatabaseColumn(RegisteredClient attribute) { 39 | if (attribute == null || attribute.getSource() == null) { 40 | return null; 41 | } else { 42 | return attribute.getSource().toString(); 43 | } 44 | 45 | } 46 | 47 | /* (non-Javadoc) 48 | * @see javax.persistence.AttributeConverter#convertToEntityAttribute(java.lang.Object) 49 | */ 50 | @Override 51 | public RegisteredClient convertToEntityAttribute(String dbData) { 52 | if (Strings.isNullOrEmpty(dbData)) { 53 | return null; 54 | } else { 55 | return ClientDetailsEntityJsonProcessor.parseRegistered(dbData); 56 | } 57 | } 58 | 59 | } 60 | -------------------------------------------------------------------------------- /openid-connect-common/src/main/java/org/mitre/uma/repository/ResourceSetRepository.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | 17 | package org.mitre.uma.repository; 18 | 19 | import java.util.Collection; 20 | 21 | import org.mitre.uma.model.ResourceSet; 22 | 23 | /** 24 | * @author jricher 25 | * 26 | */ 27 | public interface ResourceSetRepository { 28 | 29 | public ResourceSet save(ResourceSet rs); 30 | 31 | public ResourceSet getById(Long id); 32 | 33 | public void remove(ResourceSet rs); 34 | 35 | public Collection getAllForOwner(String owner); 36 | 37 | public Collection getAllForOwnerAndClient(String owner, String clientId); 38 | 39 | public Collection getAll(); 40 | 41 | public Collection getAllForClient(String clientId); 42 | 43 | } 44 | -------------------------------------------------------------------------------- /openid-connect-common/src/main/java/org/mitre/uma/service/ClaimsProcessingService.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | 17 | package org.mitre.uma.service; 18 | 19 | import org.mitre.uma.model.ClaimProcessingResult; 20 | import org.mitre.uma.model.PermissionTicket; 21 | import org.mitre.uma.model.ResourceSet; 22 | 23 | /** 24 | * 25 | * Processes claims presented during an UMA transaction. 26 | * 27 | * @author jricher 28 | * 29 | */ 30 | public interface ClaimsProcessingService { 31 | 32 | /** 33 | * 34 | * Determine whether or not the claims that have been supplied are 35 | * sufficient to fulfill the requirements given by the claims that 36 | * are required. 37 | * 38 | * @param rs the required claims to check against 39 | * @param ticket the supplied claims to test 40 | * @return the result of the claims processing action 41 | */ 42 | public ClaimProcessingResult claimsAreSatisfied(ResourceSet rs, PermissionTicket ticket); 43 | 44 | } 45 | -------------------------------------------------------------------------------- /openid-connect-common/src/main/java/org/mitre/uma/service/PermissionService.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | 17 | package org.mitre.uma.service; 18 | 19 | import java.util.Set; 20 | 21 | import org.mitre.uma.model.PermissionTicket; 22 | import org.mitre.uma.model.ResourceSet; 23 | import org.springframework.security.oauth2.common.exceptions.InsufficientScopeException; 24 | 25 | 26 | /** 27 | * @author jricher 28 | * 29 | */ 30 | public interface PermissionService { 31 | 32 | /** 33 | * @param resourceSet the resource set to create the permission on 34 | * @param scopes the set of scopes that this permission is for 35 | * @return the created (and stored) permission object, with ticket 36 | * @throws InsufficientScopeException if the scopes in scopes don't match those in resourceSet.getScopes 37 | */ 38 | public PermissionTicket createTicket(ResourceSet resourceSet, Set scopes); 39 | 40 | /** 41 | * 42 | * Read the permission associated with the given ticket. 43 | * 44 | * @param the ticket value to search on 45 | * @return the permission object, or null if none is found 46 | */ 47 | public PermissionTicket getByTicket(String ticket); 48 | 49 | /** 50 | * Save the updated permission ticket to the database. Does not create a new ticket. 51 | * 52 | * @param ticket 53 | * @return 54 | */ 55 | public PermissionTicket updateTicket(PermissionTicket ticket); 56 | 57 | } 58 | -------------------------------------------------------------------------------- /openid-connect-common/src/main/java/org/mitre/uma/service/ResourceSetService.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package org.mitre.uma.service; 17 | 18 | import java.util.Collection; 19 | 20 | import org.mitre.oauth2.model.ClientDetailsEntity; 21 | import org.mitre.uma.model.ResourceSet; 22 | 23 | /** 24 | * 25 | * Manage registered resource sets at this authorization server. 26 | * 27 | * @author jricher 28 | * 29 | */ 30 | public interface ResourceSetService { 31 | 32 | public ResourceSet saveNew(ResourceSet rs); 33 | 34 | public ResourceSet getById(Long id); 35 | 36 | public ResourceSet update(ResourceSet oldRs, ResourceSet newRs); 37 | 38 | public void remove(ResourceSet rs); 39 | 40 | public Collection getAllForOwner(String owner); 41 | 42 | public Collection getAllForOwnerAndClient(String owner, String authClientId); 43 | 44 | public Collection getAllForClient(ClientDetailsEntity client); 45 | 46 | } 47 | -------------------------------------------------------------------------------- /openid-connect-common/src/main/java/org/mitre/uma/service/SavedRegisteredClientService.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | 17 | package org.mitre.uma.service; 18 | 19 | import java.util.Collection; 20 | 21 | import org.mitre.oauth2.model.RegisteredClient; 22 | import org.mitre.uma.model.SavedRegisteredClient; 23 | 24 | /** 25 | * @author jricher 26 | * 27 | */ 28 | public interface SavedRegisteredClientService { 29 | 30 | /** 31 | * Get a list of all the registered clients that we know about. 32 | * 33 | * @return 34 | */ 35 | Collection getAll(); 36 | 37 | /** 38 | * @param issuer 39 | * @param client 40 | */ 41 | void save(String issuer, RegisteredClient client); 42 | 43 | 44 | } 45 | -------------------------------------------------------------------------------- /openid-connect-common/src/main/java/org/mitre/uma/service/UmaTokenService.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | 17 | package org.mitre.uma.service; 18 | 19 | import org.mitre.oauth2.model.OAuth2AccessTokenEntity; 20 | import org.mitre.uma.model.PermissionTicket; 21 | import org.mitre.uma.model.Policy; 22 | import org.springframework.security.oauth2.provider.OAuth2Authentication; 23 | 24 | /** 25 | * Service to create special tokens for UMA. 26 | * 27 | * @author jricher 28 | * 29 | */ 30 | public interface UmaTokenService { 31 | 32 | /** 33 | * Create the RPT from the given authentication and ticket. 34 | * 35 | */ 36 | public OAuth2AccessTokenEntity createRequestingPartyToken(OAuth2Authentication o2auth, PermissionTicket ticket, Policy policy); 37 | 38 | } 39 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/.gitignore: -------------------------------------------------------------------------------- 1 | local-values.conf 2 | target 3 | *~ 4 | bin 5 | *.idea 6 | *.iml 7 | *.eml 8 | .project 9 | .settings 10 | .classpath 11 | /target 12 | .springBeans 13 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/resources/db/hsql/hsql_database_index.sql: -------------------------------------------------------------------------------- 1 | -- 2 | -- Indexes for HSQLDB 3 | -- 4 | 5 | CREATE INDEX IF NOT EXISTS at_tv_idx ON access_token(token_value); 6 | CREATE INDEX IF NOT EXISTS ts_oi_idx ON token_scope(owner_id); 7 | CREATE INDEX IF NOT EXISTS at_exp_idx ON access_token(expiration); 8 | CREATE INDEX IF NOT EXISTS rf_ahi_idx ON refresh_token(auth_holder_id); 9 | CREATE INDEX IF NOT EXISTS rf_tv_idx ON refresh_token(token_value); 10 | CREATE INDEX IF NOT EXISTS cd_ci_idx ON client_details(client_id); 11 | CREATE INDEX IF NOT EXISTS at_ahi_idx ON access_token(auth_holder_id); 12 | CREATE INDEX IF NOT EXISTS aha_oi_idx ON authentication_holder_authority(owner_id); 13 | CREATE INDEX IF NOT EXISTS ahe_oi_idx ON authentication_holder_extension(owner_id); 14 | CREATE INDEX IF NOT EXISTS ahrp_oi_idx ON authentication_holder_request_parameter(owner_id); 15 | CREATE INDEX IF NOT EXISTS ahri_oi_idx ON authentication_holder_resource_id(owner_id); 16 | CREATE INDEX IF NOT EXISTS ahrt_oi_idx ON authentication_holder_response_type(owner_id); 17 | CREATE INDEX IF NOT EXISTS ahs_oi_idx ON authentication_holder_scope(owner_id); 18 | CREATE INDEX IF NOT EXISTS ac_ahi_idx ON authorization_code(auth_holder_id); 19 | CREATE INDEX IF NOT EXISTS suaa_oi_idx ON saved_user_auth_authority(owner_id); 20 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/resources/db/hsql/scopes.sql: -------------------------------------------------------------------------------- 1 | -- 2 | -- Turn off autocommit and start a transaction so that we can use the temp tables 3 | -- 4 | 5 | SET AUTOCOMMIT FALSE; 6 | 7 | START TRANSACTION; 8 | 9 | -- 10 | -- Insert scope information into the temporary tables. 11 | -- 12 | 13 | INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope) VALUES 14 | ('openid', 'log in using your identity', 'user', false, true), 15 | ('profile', 'basic profile information', 'list-alt', false, true), 16 | ('email', 'email address', 'envelope', false, true), 17 | ('address', 'physical address', 'home', false, true), 18 | ('phone', 'telephone number', 'bell', false, true), 19 | ('offline_access', 'offline access', 'time', false, false); 20 | 21 | -- 22 | -- Merge the temporary scopes safely into the database. This is a two-step process to keep scopes from being created on every startup with a persistent store. 23 | -- 24 | 25 | MERGE INTO system_scope 26 | USING (SELECT scope, description, icon, restricted, default_scope FROM system_scope_TEMP) AS vals(scope, description, icon, restricted, default_scope) 27 | ON vals.scope = system_scope.scope 28 | WHEN NOT MATCHED THEN 29 | INSERT (scope, description, icon, restricted, default_scope) VALUES(vals.scope, vals.description, vals.icon, vals.restricted, vals.default_scope); 30 | 31 | COMMIT; 32 | 33 | SET AUTOCOMMIT TRUE; -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/resources/db/hsql/security-schema.sql: -------------------------------------------------------------------------------- 1 | -- 2 | -- Tables for Spring Security's user details service 3 | -- 4 | 5 | create table IF NOT EXISTS users( 6 | username varchar(50) not null primary key, 7 | password varchar(50) not null, 8 | enabled boolean not null); 9 | 10 | create table IF NOT EXISTS authorities ( 11 | username varchar(50) not null, 12 | authority varchar(50) not null, 13 | constraint fk_authorities_users foreign key(username) references users(username), 14 | constraint ix_authority unique (username,authority)); -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/resources/db/mysql/mysql_database_index.sql: -------------------------------------------------------------------------------- 1 | -- 2 | -- Indexes for MySQL 3 | -- 4 | 5 | CREATE INDEX at_tv_idx ON access_token(token_value(767)); 6 | CREATE INDEX ts_oi_idx ON token_scope(owner_id); 7 | CREATE INDEX at_exp_idx ON access_token(expiration); 8 | CREATE INDEX rf_ahi_idx ON refresh_token(auth_holder_id); 9 | CREATE INDEX rf_tv_idx ON refresh_token(token_value(105)); 10 | CREATE INDEX cd_ci_idx ON client_details(client_id); 11 | CREATE INDEX at_ahi_idx ON access_token(auth_holder_id); 12 | CREATE INDEX aha_oi_idx ON authentication_holder_authority(owner_id); 13 | CREATE INDEX ahe_oi_idx ON authentication_holder_extension(owner_id); 14 | CREATE INDEX ahrp_oi_idx ON authentication_holder_request_parameter(owner_id); 15 | CREATE INDEX ahri_oi_idx ON authentication_holder_resource_id(owner_id); 16 | CREATE INDEX ahrt_oi_idx ON authentication_holder_response_type(owner_id); 17 | CREATE INDEX ahs_oi_idx ON authentication_holder_scope(owner_id); 18 | CREATE INDEX ac_ahi_idx ON authorization_code(auth_holder_id); 19 | CREATE INDEX suaa_oi_idx ON saved_user_auth_authority(owner_id); 20 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/resources/db/mysql/scopes.sql: -------------------------------------------------------------------------------- 1 | -- 2 | -- Turn off autocommit and start a transaction so that we can use the temp tables 3 | -- 4 | 5 | SET AUTOCOMMIT = 0; 6 | 7 | START TRANSACTION; 8 | 9 | -- 10 | -- Insert scope information into the temporary tables. 11 | -- 12 | 13 | INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope) VALUES 14 | ('openid', 'log in using your identity', 'user', false, true), 15 | ('profile', 'basic profile information', 'list-alt', false, true), 16 | ('email', 'email address', 'envelope', false, true), 17 | ('address', 'physical address', 'home', false, true), 18 | ('phone', 'telephone number', 'bell', false, true), 19 | ('offline_access', 'offline access', 'time', false, false); 20 | 21 | -- 22 | -- Merge the temporary scopes safely into the database. This is a two-step process to keep scopes from being created on every startup with a persistent store. 23 | -- 24 | 25 | INSERT INTO system_scope (scope, description, icon, restricted, default_scope, structured, structured_param_description) 26 | SELECT scope, description, icon, restricted, default_scope, structured, structured_param_description FROM system_scope_TEMP 27 | ON DUPLICATE KEY UPDATE system_scope.scope = system_scope.scope; 28 | 29 | COMMIT; 30 | 31 | SET AUTOCOMMIT = 1; 32 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/resources/db/mysql/security-schema.sql: -------------------------------------------------------------------------------- 1 | -- 2 | -- Tables for Spring Security's user details service 3 | -- 4 | 5 | create table IF NOT EXISTS users( 6 | username varchar(50) not null primary key, 7 | password varchar(50) not null, 8 | enabled boolean not null); 9 | 10 | create table IF NOT EXISTS authorities ( 11 | username varchar(50) not null, 12 | authority varchar(50) not null, 13 | constraint fk_authorities_users foreign key(username) references users(username), 14 | constraint ix_authority unique (username,authority)); -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/resources/db/mysql/users.sql: -------------------------------------------------------------------------------- 1 | -- 2 | -- Turn off autocommit and start a transaction so that we can use the temp tables 3 | -- 4 | 5 | SET AUTOCOMMIT = 0; 6 | 7 | START TRANSACTION; 8 | 9 | -- 10 | -- Insert user information into the temporary tables. To add users to the HSQL database, edit things here. 11 | -- 12 | 13 | INSERT INTO users_TEMP (username, password, enabled) VALUES 14 | ('admin','password',true), 15 | ('user','password',true); 16 | 17 | 18 | INSERT INTO authorities_TEMP (username, authority) VALUES 19 | ('admin','ROLE_ADMIN'), 20 | ('admin','ROLE_USER'), 21 | ('user','ROLE_USER'); 22 | 23 | -- By default, the username column here has to match the username column in the users table, above 24 | INSERT INTO user_info_TEMP (sub, preferred_username, name, email, email_verified) VALUES 25 | ('90342.ASDFJWFA','admin','Demo Admin','admin@example.com', true), 26 | ('01921.FLANRJQW','user','Demo User','user@example.com', true); 27 | 28 | 29 | -- 30 | -- Merge the temporary users safely into the database. This is a two-step process to keep users from being created on every startup with a persistent store. 31 | -- 32 | 33 | INSERT INTO users (username, password, enabled) 34 | SELECT username, password, enabled FROM users_TEMP 35 | ON DUPLICATE KEY UPDATE users.username = users.username; 36 | 37 | INSERT INTO authorities (username,authority) 38 | SELECT username, authority FROM authorities_TEMP 39 | ON DUPLICATE KEY UPDATE authorities.username = authorities.username; 40 | 41 | INSERT INTO user_info (sub, preferred_username, name, email, email_verified) 42 | SELECT sub, preferred_username, name, email, email_verified FROM user_info_TEMP 43 | ON DUPLICATE KEY UPDATE user_info.preferred_username = user_info.preferred_username; 44 | 45 | -- 46 | -- Close the transaction and turn autocommit back on 47 | -- 48 | 49 | COMMIT; 50 | 51 | SET AUTOCOMMIT = 1; 52 | 53 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/resources/db/oracle/create_db-user: -------------------------------------------------------------------------------- 1 | drop user oauth cascade; 2 | drop tablespace data_ts INCLUDING CONTENTS AND DATAFILES; 3 | drop tablespace temp_ts INCLUDING CONTENTS AND DATAFILES; 4 | CREATE TABLESPACE data_ts DATAFILE 'data_ts.dat' SIZE 40M ONLINE; 5 | CREATE TEMPORARY TABLESPACE temp_ts TEMPFILE 'temp_ts.dbf' SIZE 5M AUTOEXTEND ON; 6 | create user oauth identified by test DEFAULT TABLESPACE data_ts QUOTA 500K ON data_ts TEMPORARY TABLESPACE temp_ts; 7 | GRANT CONNECT TO oauth; 8 | GRANT UNLIMITED TABLESPACE TO oauth; 9 | grant create session to oauth; 10 | grant create table to oauth; 11 | GRANT CREATE TABLESPACE TO oauth; 12 | GRANT CREATE VIEW TO oauth; 13 | GRANT CREATE ANY INDEX TO oauth; 14 | GRANT CREATE SEQUENCE TO oauth; 15 | GRANT CREATE SYNONYM TO oauth; 16 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/resources/db/oracle/oracle_database_index.sql: -------------------------------------------------------------------------------- 1 | -- 2 | -- Indexes for Oracle 3 | -- 4 | 5 | CREATE INDEX at_tv_idx ON access_token(token_value); 6 | CREATE INDEX ts_oi_idx ON token_scope(owner_id); 7 | CREATE INDEX at_exp_idx ON access_token(expiration); 8 | CREATE INDEX rf_ahi_idx ON refresh_token(auth_holder_id); 9 | CREATE INDEX rf_tv_idx ON refresh_token(token_value); 10 | CREATE INDEX at_ahi_idx ON access_token(auth_holder_id); 11 | CREATE INDEX aha_oi_idx ON authentication_holder_authority(owner_id); 12 | CREATE INDEX ahe_oi_idx ON authentication_holder_extension(owner_id); 13 | CREATE INDEX ahrp_oi_idx ON authentication_holder_request_parameter(owner_id); 14 | CREATE INDEX ahri_oi_idx ON authentication_holder_resource_id(owner_id); 15 | CREATE INDEX ahrt_oi_idx ON authentication_holder_response_type(owner_id); 16 | CREATE INDEX ahs_oi_idx ON authentication_holder_scope(owner_id); 17 | CREATE INDEX ac_ahi_idx ON authorization_code(auth_holder_id); 18 | CREATE INDEX suaa_oi_idx ON saved_user_auth_authority(owner_id); 19 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/resources/db/oracle/scopes_oracle.sql: -------------------------------------------------------------------------------- 1 | -- 2 | -- Insert scope information into the temporary tables. 3 | -- 4 | 5 | INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope) VALUES 6 | ('openid', 'log in using your identity', 'user', 0, 1); 7 | INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope) VALUES 8 | ('profile', 'basic profile information', 'list-alt', 0, 1); 9 | INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope) VALUES 10 | ('email', 'email address', 'envelope', 0, 1); 11 | INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope) VALUES 12 | ('address', 'physical address', 'home', 0, 1); 13 | INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope) VALUES 14 | ('phone', 'telephone number', 'bell', 0, 1, 0); 15 | INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope) VALUES 16 | ('offline_access', 'offline access', 'time', 0, 0); 17 | -- 18 | -- Merge the temporary scopes safely into the database. This is a two-step process to keep scopes from being created on every startup with a persistent store. 19 | -- 20 | 21 | MERGE INTO system_scope 22 | USING (SELECT scope, description, icon, restricted, default_scope FROM system_scope_TEMP) vals 23 | ON (vals.scope = system_scope.scope) 24 | WHEN NOT MATCHED THEN 25 | INSERT (id, scope, description, icon, restricted, default_scope) VALUES(system_scope_seq.nextval, vals.scope, 26 | vals.description, vals.icon, vals.restricted, vals.default_scope); 27 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/resources/db/oracle/security-schema_oracle.sql: -------------------------------------------------------------------------------- 1 | -- 2 | -- Tables for Spring Security's user details service 3 | -- 4 | 5 | create table users( 6 | username varchar2(50) not null primary key, 7 | password varchar2(50) not null, 8 | enabled number(1) not null, 9 | 10 | constraint enabled_check check (enabled in (1, 0)) 11 | ); 12 | 13 | create table authorities ( 14 | username varchar2(50) not null, 15 | authority varchar2(50) not null, 16 | constraint fk_authorities_users foreign key(username) references users(username), 17 | constraint ix_authority unique (username,authority) 18 | ); 19 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/resources/db/oracle/users_oracle.sql: -------------------------------------------------------------------------------- 1 | -- 2 | -- Insert user information into the temporary tables. To add users to the Oracle database, edit things here. 3 | -- 4 | 5 | INSERT INTO users_TEMP (username, password, enabled) VALUES ('admin','password',1); 6 | INSERT INTO users_TEMP (username, password, enabled) VALUES ('user','password',1); 7 | 8 | 9 | INSERT INTO authorities_TEMP (username, authority) VALUES ('admin','ROLE_ADMIN'); 10 | INSERT INTO authorities_TEMP (username, authority) VALUES('admin','ROLE_USER'); 11 | INSERT INTO authorities_TEMP (username, authority) VALUES('user','ROLE_USER'); 12 | 13 | -- By default, the username column here has to match the username column in the users table, above 14 | INSERT INTO user_info_TEMP (sub, preferred_username, name, email, email_verified) VALUES ('90342.ASDFJWFA','admin','Demo Admin','admin@example.com', 1); 15 | INSERT INTO user_info_TEMP (sub, preferred_username, name, email, email_verified) VALUES ('01921.FLANRJQW','user','Demo User','user@example.com', 1); 16 | 17 | 18 | -- 19 | -- Merge the temporary users safely into the database. This is a two-step process to keep users from being created on every startup with a persistent store. 20 | -- 21 | 22 | MERGE INTO users 23 | USING (SELECT username, password, enabled FROM users_TEMP) vals 24 | ON (vals.username = users.username) 25 | WHEN NOT MATCHED THEN 26 | INSERT (username, password, enabled) VALUES(vals.username, vals.password, vals.enabled); 27 | 28 | MERGE INTO authorities 29 | USING (SELECT username, authority FROM authorities_TEMP) vals 30 | ON (vals.username = authorities.username AND vals.authority = authorities.authority) 31 | WHEN NOT MATCHED THEN 32 | INSERT (username,authority) values (vals.username, vals.authority); 33 | 34 | MERGE INTO user_info 35 | USING (SELECT sub, preferred_username, name, email, email_verified FROM user_info_TEMP) vals 36 | ON (vals.preferred_username = user_info.preferred_username) 37 | WHEN NOT MATCHED THEN 38 | INSERT (id, sub, preferred_username, name, email, email_verified) VALUES (user_info_seq.nextval, vals.sub, vals.preferred_username, vals.name, vals.email, 39 | vals.email_verified); 40 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/resources/db/psql/psql_database_index.sql: -------------------------------------------------------------------------------- 1 | -- 2 | -- Indexes for PostgreSQL 3 | -- 4 | 5 | CREATE INDEX IF NOT EXISTS at_tv_idx ON access_token(token_value); 6 | CREATE INDEX IF NOT EXISTS ts_oi_idx ON token_scope(owner_id); 7 | CREATE INDEX IF NOT EXISTS at_exp_idx ON access_token(expiration); 8 | CREATE INDEX IF NOT EXISTS rf_ahi_idx ON refresh_token(auth_holder_id); 9 | CREATE INDEX IF NOT EXISTS rf_tv_idx ON refresh_token(token_value); 10 | CREATE INDEX IF NOT EXISTS cd_ci_idx ON client_details(client_id); 11 | CREATE INDEX IF NOT EXISTS at_ahi_idx ON access_token(auth_holder_id); 12 | CREATE INDEX IF NOT EXISTS aha_oi_idx ON authentication_holder_authority(owner_id); 13 | CREATE INDEX IF NOT EXISTS ahe_oi_idx ON authentication_holder_extension(owner_id); 14 | CREATE INDEX IF NOT EXISTS ahrp_oi_idx ON authentication_holder_request_parameter(owner_id); 15 | CREATE INDEX IF NOT EXISTS ahri_oi_idx ON authentication_holder_resource_id(owner_id); 16 | CREATE INDEX IF NOT EXISTS ahrt_oi_idx ON authentication_holder_response_type(owner_id); 17 | CREATE INDEX IF NOT EXISTS ahs_oi_idx ON authentication_holder_scope(owner_id); 18 | CREATE INDEX IF NOT EXISTS ac_ahi_idx ON authorization_code(auth_holder_id); 19 | CREATE INDEX IF NOT EXISTS suaa_oi_idx ON saved_user_auth_authority(owner_id); 20 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/resources/db/psql/scopes.sql: -------------------------------------------------------------------------------- 1 | -- 2 | -- Turn off autocommit and start a transaction so that we can use the temp tables 3 | -- 4 | 5 | --SET AUTOCOMMIT = OFF; 6 | 7 | START TRANSACTION; 8 | 9 | -- 10 | -- Insert scope information into the temporary tables. 11 | -- 12 | 13 | INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope) VALUES 14 | ('openid', 'log in using your identity', 'user', false, true), 15 | ('profile', 'basic profile information', 'list-alt', false, true), 16 | ('email', 'email address', 'envelope', false, true), 17 | ('address', 'physical address', 'home', false, true), 18 | ('phone', 'telephone number', 'bell', false, true), 19 | ('offline_access', 'offline access', 'time', false, false); 20 | 21 | -- 22 | -- Merge the temporary scopes safely into the database. This is a two-step process to keep scopes from being created on every startup with a persistent store. 23 | -- 24 | 25 | INSERT INTO system_scope (scope, description, icon, restricted, default_scope) 26 | SELECT scope, description, icon, restricted, default_scope FROM system_scope_TEMP 27 | ON CONFLICT(scope) 28 | DO NOTHING; 29 | 30 | COMMIT; 31 | 32 | --SET AUTOCOMMIT = ON; 33 | 34 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/resources/db/psql/security-schema.sql: -------------------------------------------------------------------------------- 1 | -- 2 | -- Tables for Spring Security's user details service 3 | -- 4 | 5 | create table IF NOT EXISTS users( 6 | username varchar(50) not null primary key, 7 | password varchar(50) not null, 8 | enabled boolean not null); 9 | 10 | create table IF NOT EXISTS authorities ( 11 | username varchar(50) not null, 12 | authority varchar(50) not null, 13 | constraint fk_authorities_users foreign key(username) references users(username), 14 | constraint ix_authority unique (username,authority)); -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/resources/db/psql/users.sql: -------------------------------------------------------------------------------- 1 | -- 2 | -- Turn off autocommit and start a transaction so that we can use the temp tables 3 | -- 4 | 5 | --SET AUTOCOMMIT FALSE; 6 | 7 | START TRANSACTION; 8 | 9 | -- 10 | -- Insert user information into the temporary tables. To add users to the HSQL database, edit things here. 11 | -- 12 | 13 | INSERT INTO users_TEMP (username, password, enabled) VALUES 14 | ('admin','password',true), 15 | ('user','password',true); 16 | 17 | 18 | INSERT INTO authorities_TEMP (username, authority) VALUES 19 | ('admin','ROLE_ADMIN'), 20 | ('admin','ROLE_USER'), 21 | ('user','ROLE_USER'); 22 | 23 | -- By default, the username column here has to match the username column in the users table, above 24 | INSERT INTO user_info_TEMP (sub, preferred_username, name, email, email_verified) VALUES 25 | ('90342.ASDFJWFA','admin','Demo Admin','admin@example.com', true), 26 | ('01921.FLANRJQW','user','Demo User','user@example.com', true); 27 | 28 | 29 | -- 30 | -- Merge the temporary users safely into the database. This is a two-step process to keep users from being created on every startup with a persistent store. 31 | -- 32 | 33 | INSERT INTO users 34 | SELECT username, password, enabled FROM users_TEMP 35 | ON CONFLICT(username) 36 | DO NOTHING; 37 | 38 | INSERT INTO authorities 39 | SELECT username, authority FROM authorities_TEMP 40 | ON CONFLICT(username, authority) 41 | DO NOTHING; 42 | 43 | INSERT INTO user_info (sub, preferred_username, name, email, email_verified) 44 | SELECT sub, preferred_username, name, email, email_verified FROM user_info_TEMP 45 | ON CONFLICT 46 | DO NOTHING; 47 | 48 | -- 49 | -- Close the transaction and turn autocommit back on 50 | -- 51 | 52 | COMMIT; 53 | 54 | --SET AUTOCOMMIT TRUE; 55 | 56 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/resources/keystore.jwks: -------------------------------------------------------------------------------- 1 | { 2 | "keys": [ 3 | { 4 | "alg": "RS256", 5 | "d": "PvBAngE3kkTnD3yDKo3wCvHJHm20kb9a0FVGLd0s2Y0E_3H2XnZC8-2zPhN6AQTjPhohSDCew20gzm76lyOvMqRiUP2Zpaopa1d2fGvNIQSdM07yKa6EivEYxqPQxa5esoZnexgnb9fom70I8n5OQRNQikwu-az26CsHX2zWMRodzSdN5CXHvb1PV09DmH8azTYwoMElPIqmcTfxiRw2Ov5ucmXXngKRFJgvfUgKd7v4ScBX7sQoQEjWEtt7ta0WvL3Ar5E1RAW4aHxuubZ6AtloxWCf17AAKw03dfP5RDm5TDmgm2B635ecJ7fTvneFmg8W_fdMTPRfBlCGNBp3wQ", 6 | "e": "AQAB", 7 | "n": "qt6yOiI_wCoCVlGO0MySsez0VkSqhPvDl3rfabOslx35mYEO-n4ABfIT5Gn2zN-CeIcOZ5ugAXvIIRWv5H55-tzjFazi5IKkOIMCiz5__MtsdxKCqGlZu2zt-BLpqTOAPiflNPpM3RUAlxKAhnYEqNha6-allPnFQupnW_eTYoyuzuedT7dSp90ry0ZcQDimntXWeaSbrYKCj9Rr9W1jn2uTowUuXaScKXTCjAmJVnsD75JNzQfa8DweklTyWQF-Y5Ky039I0VIu-0CIGhXY48GAFe2EFb8VpNhf07DP63p138RWQ1d3KPEM9mYJVpQC68j3wzDQYSljpLf9by7TGw", 8 | "kty": "RSA", 9 | "kid": "rsa1" 10 | } 11 | ] 12 | } -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/META-INF/MANIFEST.MF: -------------------------------------------------------------------------------- 1 | Manifest-Version: 1.0 2 | 3 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/WEB-INF/endpoint-config.xml: -------------------------------------------------------------------------------- 1 | 2 | 17 | 30 | 31 | 32 | 33 | 34 | 35 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/WEB-INF/local-config.xml: -------------------------------------------------------------------------------- 1 | 2 | 19 | 32 | 33 | 34 | 35 | 36 | 37 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/WEB-INF/locale-config.xml: -------------------------------------------------------------------------------- 1 | 2 | 17 | 18 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 28 | 29 | 30 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/actionmenu.tag: -------------------------------------------------------------------------------- 1 | <%@ tag language="java" pageEncoding="UTF-8"%> 2 | <%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%> 3 | <%@ taglib prefix="security" 4 | uri="http://www.springframework.org/security/tags"%> 5 | 6 |
    • 7 |
    • 8 |
    • 9 |
    • 10 |
    • 11 |
  • 12 |     13 |
    • 14 |
    • 15 |
    • 16 |
    • 17 |
  • 18 |
    • 19 |
  • 20 |
  • -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/copyright.tag: -------------------------------------------------------------------------------- 1 | <%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%> 2 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> 3 | HEART Mode 4 | 5 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/footer.tag: -------------------------------------------------------------------------------- 1 | <%@ attribute name="js" required="false"%> 2 | <%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions"%> 3 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> 4 | <%@ taglib prefix="o" tagdir="/WEB-INF/tags"%> 5 |
    6 | 7 | 8 | 15 | 17 | 18 | 19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 | 27 | 38 | 39 | 40 | 41 | 42 | 43 |
    44 | 45 | 46 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/navmenu.tag: -------------------------------------------------------------------------------- 1 | <%@attribute name="pageName"%> 2 | <%@ tag language="java" pageEncoding="UTF-8"%> 3 | <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%> 4 | <%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%> 5 | <%@ taglib prefix="security" 6 | uri="http://www.springframework.org/security/tags"%> 7 | 8 | 9 | 10 |
    • 11 | 12 | 13 |
    • 14 |     15 | 16 | 17 | 18 |
    • 19 |     20 | 21 |
    • 22 |     23 |     24 | 25 | 26 |
    • 27 |     28 | 29 |
    • 30 |     31 |     32 | 33 | 34 |
    • 35 |     36 | 37 |
    • 38 |     39 |     40 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/WEB-INF/tags/sidebar.tag: -------------------------------------------------------------------------------- 1 | <%@ taglib prefix="security" uri="http://www.springframework.org/security/tags"%> 2 | <%@ taglib prefix="o" tagdir="/WEB-INF/tags"%> 3 | 4 | 5 | 6 |
    7 |
    8 |
      9 | 10 |
    11 |
    12 |
    13 |     14 | 15 |
    16 | 17 |
    18 |     19 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/WEB-INF/views/about.jsp: -------------------------------------------------------------------------------- 1 | <%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> 2 | <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%> 3 | <%@ taglib prefix="o" tagdir="/WEB-INF/tags"%> 4 | <%@ taglib prefix="security" uri="http://www.springframework.org/security/tags"%> 5 | <%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%> 6 | 7 | 8 | 9 | 10 | 11 |
    12 |
    13 | 14 |
    15 | 16 |
    17 | 18 |

    19 |

    20 | 21 |

    22 | 23 |
    24 | 25 | 26 |
    27 |
    28 |
    29 | 30 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/WEB-INF/views/contact.jsp: -------------------------------------------------------------------------------- 1 | <%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> 2 | <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%> 3 | <%@ taglib prefix="o" tagdir="/WEB-INF/tags"%> 4 | <%@ taglib prefix="security" uri="http://www.springframework.org/security/tags"%> 5 | <%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%> 6 | 7 | 8 | 9 | 10 | 11 | 12 |
    13 |
    14 | 15 |
    16 |
    17 | 18 |

    19 |

    20 | 21 |

    22 | 23 |
    24 | 25 | 26 |
    27 |
    28 |
    29 | 30 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/WEB-INF/views/deviceApproved.jsp: -------------------------------------------------------------------------------- 1 | <%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> 2 | <%@ page import="org.springframework.security.core.AuthenticationException"%> 3 | <%@ page import="org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException"%> 4 | <%@ page import="org.springframework.security.web.WebAttributes"%> 5 | <%@ taglib prefix="authz" uri="http://www.springframework.org/security/tags"%> 6 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> 7 | <%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%> 8 | <%@ taglib prefix="o" tagdir="/WEB-INF/tags"%> 9 | <%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %> 10 | <%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%> 11 | 12 | 13 | 14 | 15 |
    16 | 17 |
    18 |

    19 | 20 | 21 | 22 | 23 | 24 | 25 | 26 |

    27 | 28 | 29 | 30 |
    31 |     32 | 33 |
    34 |     35 |     36 | 37 |
    38 |
    39 | 40 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/WEB-INF/views/manage.jsp: -------------------------------------------------------------------------------- 1 | <%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> 2 | <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%> 3 | <%@ taglib prefix="o" tagdir="/WEB-INF/tags"%> 4 | <%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%> 5 | 6 | 7 | 8 | 9 | 10 | 11 | 21 | 22 |
    23 |
    24 | 25 |
    26 |
    27 | 28 |
    29 |
    30 |

    :

    31 |

    32 |
    33 |
    34 |
    35 |
    36 |

    ...

    37 |
    38 |
    39 |
    40 |
    41 |
    42 |
    43 |
    44 |
    45 |
    46 | 47 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/WEB-INF/views/postLogout.jsp: -------------------------------------------------------------------------------- 1 | <%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> 2 | <%@ taglib prefix="authz" uri="http://www.springframework.org/security/tags"%> 3 | <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core"%> 4 | <%@ taglib prefix="fmt" uri="http://java.sun.com/jsp/jstl/fmt"%> 5 | <%@ taglib prefix="o" tagdir="/WEB-INF/tags"%> 6 | <%@ taglib prefix="fn" uri="http://java.sun.com/jsp/jstl/functions" %> 7 | <%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%> 8 | <%@ taglib prefix="security" uri="http://www.springframework.org/security/tags"%> 9 | 10 | 11 | 12 | 13 |
    14 | 15 |
    16 |

    17 | 18 | 19 |
    20 |     21 | 22 |
    23 |     24 |
    25 |
    26 | 27 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/WEB-INF/views/stats.jsp: -------------------------------------------------------------------------------- 1 | <%@ page language="java" contentType="text/html; charset=utf-8" pageEncoding="utf-8"%> 2 | <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c"%> 3 | <%@ taglib prefix="o" tagdir="/WEB-INF/tags"%> 4 | <%@ taglib prefix="security" uri="http://www.springframework.org/security/tags"%> 5 | <%@ taglib prefix="spring" uri="http://www.springframework.org/tags"%> 6 | 7 | 8 | 9 | 10 | 11 | 12 |
    13 |
    14 | 15 |
    16 |
    17 |

    18 | 19 |

    20 | 21 | 22 | 23 |

    24 |
    25 |
    26 |
    27 |
    28 | 29 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/WEB-INF/wro.properties: -------------------------------------------------------------------------------- 1 | ############################################################################### 2 | # Copyright 2018 The MIT Internet Trust Consortium 3 | # 4 | # Licensed under the Apache License, Version 2.0 (the "License"); 5 | # you may not use this file except in compliance with the License. 6 | # You may obtain a copy of the License at 7 | # 8 | # http://www.apache.org/licenses/LICENSE-2.0 9 | # 10 | # Unless required by applicable law or agreed to in writing, software 11 | # distributed under the License is distributed on an "AS IS" BASIS, 12 | # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | # See the License for the specific language governing permissions and 14 | # limitations under the License. 15 | ############################################################################### 16 | preProcessors=cssImport 17 | postProcessors=lessCss 18 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/WEB-INF/wro.xml: -------------------------------------------------------------------------------- 1 | 16 | 17 | 18 | /less/bootstrap.less 19 | 20 | 21 | /less/bootstrap-responsive.less 22 | 23 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/less/accordion.less: -------------------------------------------------------------------------------- 1 | // 2 | // Accordion 3 | // -------------------------------------------------- 4 | 5 | 6 | // Parent container 7 | .accordion { 8 | margin-bottom: @baseLineHeight; 9 | } 10 | 11 | // Group == heading + body 12 | .accordion-group { 13 | margin-bottom: 2px; 14 | border: 1px solid #e5e5e5; 15 | .border-radius(@baseBorderRadius); 16 | } 17 | .accordion-heading { 18 | border-bottom: 0; 19 | } 20 | .accordion-heading .accordion-toggle { 21 | display: block; 22 | padding: 8px 15px; 23 | } 24 | 25 | // General toggle styles 26 | .accordion-toggle { 27 | cursor: pointer; 28 | } 29 | 30 | // Inner needs the styles because you can't animate properly with any styles on the element 31 | .accordion-inner { 32 | padding: 9px 15px; 33 | border-top: 1px solid #e5e5e5; 34 | } 35 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/less/alerts.less: -------------------------------------------------------------------------------- 1 | // 2 | // Alerts 3 | // -------------------------------------------------- 4 | 5 | 6 | // Base styles 7 | // ------------------------- 8 | 9 | .alert { 10 | padding: 8px 35px 8px 14px; 11 | margin-bottom: @baseLineHeight; 12 | text-shadow: 0 1px 0 rgba(255,255,255,.5); 13 | background-color: @warningBackground; 14 | border: 1px solid @warningBorder; 15 | .border-radius(@baseBorderRadius); 16 | } 17 | .alert, 18 | .alert h4 { 19 | // Specified for the h4 to prevent conflicts of changing @headingsColor 20 | color: @warningText; 21 | } 22 | .alert h4 { 23 | margin: 0; 24 | } 25 | 26 | // Adjust close link position 27 | .alert .close { 28 | position: relative; 29 | top: -2px; 30 | right: -21px; 31 | line-height: @baseLineHeight; 32 | } 33 | 34 | 35 | // Alternate styles 36 | // ------------------------- 37 | 38 | .alert-success { 39 | background-color: @successBackground; 40 | border-color: @successBorder; 41 | color: @successText; 42 | } 43 | .alert-success h4 { 44 | color: @successText; 45 | } 46 | .alert-danger, 47 | .alert-error { 48 | background-color: @errorBackground; 49 | border-color: @errorBorder; 50 | color: @errorText; 51 | } 52 | .alert-danger h4, 53 | .alert-error h4 { 54 | color: @errorText; 55 | } 56 | .alert-info { 57 | background-color: @infoBackground; 58 | border-color: @infoBorder; 59 | color: @infoText; 60 | } 61 | .alert-info h4 { 62 | color: @infoText; 63 | } 64 | 65 | 66 | // Block alerts 67 | // ------------------------- 68 | 69 | .alert-block { 70 | padding-top: 14px; 71 | padding-bottom: 14px; 72 | } 73 | .alert-block > p, 74 | .alert-block > ul { 75 | margin-bottom: 0; 76 | } 77 | .alert-block p + p { 78 | margin-top: 5px; 79 | } 80 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/less/bootstrap-responsive.less: -------------------------------------------------------------------------------- 1 | /*! 2 | * Bootstrap Responsive v2.3.2 3 | * 4 | * Copyright 2013 Twitter, Inc 5 | * Licensed under the Apache License v2.0 6 | * http://www.apache.org/licenses/LICENSE-2.0 7 | * 8 | * Designed and built with all the love in the world by @mdo and @fat. 9 | */ 10 | 11 | 12 | // Responsive.less 13 | // For phone and tablet devices 14 | // ------------------------------------------------------------- 15 | 16 | 17 | // REPEAT VARIABLES & MIXINS 18 | // ------------------------- 19 | // Required since we compile the responsive stuff separately 20 | 21 | @import "variables.less"; // Modify this for custom colors, font-sizes, etc 22 | @import "mixins.less"; 23 | 24 | 25 | // RESPONSIVE CLASSES 26 | // ------------------ 27 | 28 | @import "responsive-utilities.less"; 29 | 30 | 31 | // MEDIA QUERIES 32 | // ------------------ 33 | 34 | // Large desktops 35 | @import "responsive-1200px-min.less"; 36 | 37 | // Tablets to regular desktops 38 | @import "responsive-768px-979px.less"; 39 | 40 | // Phones to portrait tablets and narrow desktops 41 | @import "responsive-767px-max.less"; 42 | 43 | 44 | // RESPONSIVE NAVBAR 45 | // ------------------ 46 | 47 | // From 979px and below, show a button to toggle navbar contents 48 | @import "responsive-navbar.less"; 49 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/less/bootstrap.less: -------------------------------------------------------------------------------- 1 | /*! 2 | * Bootstrap v2.3.2 3 | * 4 | * Copyright 2013 Twitter, Inc 5 | * Licensed under the Apache License v2.0 6 | * http://www.apache.org/licenses/LICENSE-2.0 7 | * 8 | * Designed and built with all the love in the world by @mdo and @fat. 9 | */ 10 | 11 | // Core variables and mixins 12 | @import "variables.less"; // Modify this for custom colors, font-sizes, etc 13 | @import "mixins.less"; 14 | 15 | // CSS Reset 16 | @import "reset.less"; 17 | 18 | // Grid system and page structure 19 | @import "scaffolding.less"; 20 | @import "grid.less"; 21 | @import "layouts.less"; 22 | 23 | // Base CSS 24 | @import "type.less"; 25 | @import "code.less"; 26 | @import "forms.less"; 27 | @import "tables.less"; 28 | 29 | // Components: common 30 | @import "sprites.less"; 31 | @import "dropdowns.less"; 32 | @import "wells.less"; 33 | @import "component-animations.less"; 34 | @import "close.less"; 35 | 36 | // Components: Buttons & Alerts 37 | @import "buttons.less"; 38 | @import "button-groups.less"; 39 | @import "alerts.less"; // Note: alerts share common CSS with buttons and thus have styles in buttons.less 40 | 41 | // Components: Nav 42 | @import "navs.less"; 43 | @import "navbar.less"; 44 | @import "breadcrumbs.less"; 45 | @import "pagination.less"; 46 | @import "pager.less"; 47 | 48 | // Components: Popovers 49 | @import "modals.less"; 50 | @import "tooltip.less"; 51 | @import "popovers.less"; 52 | 53 | // Components: Misc 54 | @import "thumbnails.less"; 55 | @import "media.less"; 56 | @import "labels-badges.less"; 57 | @import "progress-bars.less"; 58 | @import "accordion.less"; 59 | @import "carousel.less"; 60 | @import "hero-unit.less"; 61 | 62 | // Utility classes 63 | @import "utilities.less"; // Has to be last to override when necessary 64 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/less/breadcrumbs.less: -------------------------------------------------------------------------------- 1 | // 2 | // Breadcrumbs 3 | // -------------------------------------------------- 4 | 5 | 6 | .breadcrumb { 7 | padding: 8px 15px; 8 | margin: 0 0 @baseLineHeight; 9 | list-style: none; 10 | background-color: #f5f5f5; 11 | .border-radius(@baseBorderRadius); 12 | > li { 13 | display: inline-block; 14 | .ie7-inline-block(); 15 | text-shadow: 0 1px 0 @white; 16 | > .divider { 17 | padding: 0 5px; 18 | color: #ccc; 19 | } 20 | } 21 | > .active { 22 | color: @grayLight; 23 | } 24 | } 25 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/less/close.less: -------------------------------------------------------------------------------- 1 | // 2 | // Close icons 3 | // -------------------------------------------------- 4 | 5 | 6 | .close { 7 | float: right; 8 | font-size: 20px; 9 | font-weight: bold; 10 | line-height: @baseLineHeight; 11 | color: @black; 12 | text-shadow: 0 1px 0 rgba(255,255,255,1); 13 | .opacity(20); 14 | &:hover, 15 | &:focus { 16 | color: @black; 17 | text-decoration: none; 18 | cursor: pointer; 19 | .opacity(40); 20 | } 21 | } 22 | 23 | // Additional properties for button version 24 | // iOS requires the button element instead of an anchor tag. 25 | // If you want the anchor version, it requires `href="#"`. 26 | button.close { 27 | padding: 0; 28 | cursor: pointer; 29 | background: transparent; 30 | border: 0; 31 | -webkit-appearance: none; 32 | } -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/less/code.less: -------------------------------------------------------------------------------- 1 | // 2 | // Code (inline and blocK) 3 | // -------------------------------------------------- 4 | 5 | 6 | // Inline and block code styles 7 | code, 8 | pre { 9 | padding: 0 3px 2px; 10 | #font > #family > .monospace; 11 | font-size: @baseFontSize - 2; 12 | color: @grayDark; 13 | .border-radius(3px); 14 | } 15 | 16 | // Inline code 17 | code { 18 | padding: 2px 4px; 19 | color: #d14; 20 | background-color: #f7f7f9; 21 | border: 1px solid #e1e1e8; 22 | white-space: nowrap; 23 | } 24 | 25 | // Blocks of code 26 | pre { 27 | display: block; 28 | padding: (@baseLineHeight - 1) / 2; 29 | margin: 0 0 @baseLineHeight / 2; 30 | font-size: @baseFontSize - 1; // 14px to 13px 31 | line-height: @baseLineHeight; 32 | word-break: break-all; 33 | word-wrap: break-word; 34 | white-space: pre; 35 | white-space: pre-wrap; 36 | background-color: #f5f5f5; 37 | border: 1px solid #ccc; // fallback for IE7-8 38 | border: 1px solid rgba(0,0,0,.15); 39 | .border-radius(@baseBorderRadius); 40 | 41 | // Make prettyprint styles more spaced out for readability 42 | &.prettyprint { 43 | margin-bottom: @baseLineHeight; 44 | } 45 | 46 | // Account for some code outputs that place code tags in pre tags 47 | code { 48 | padding: 0; 49 | color: inherit; 50 | white-space: pre; 51 | white-space: pre-wrap; 52 | background-color: transparent; 53 | border: 0; 54 | } 55 | } 56 | 57 | // Enable scrollable blocks of code 58 | .pre-scrollable { 59 | max-height: 340px; 60 | overflow-y: scroll; 61 | } -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/less/component-animations.less: -------------------------------------------------------------------------------- 1 | // 2 | // Component animations 3 | // -------------------------------------------------- 4 | 5 | 6 | .fade { 7 | opacity: 0; 8 | .transition(opacity .15s linear); 9 | &.in { 10 | opacity: 1; 11 | } 12 | } 13 | 14 | .collapse { 15 | position: relative; 16 | height: 0; 17 | overflow: hidden; 18 | .transition(height .35s ease); 19 | &.in { 20 | height: auto; 21 | } 22 | } 23 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/less/grid.less: -------------------------------------------------------------------------------- 1 | // 2 | // Grid system 3 | // -------------------------------------------------- 4 | 5 | 6 | // Fixed (940px) 7 | #grid > .core(@gridColumnWidth, @gridGutterWidth); 8 | 9 | // Fluid (940px) 10 | #grid > .fluid(@fluidGridColumnWidth, @fluidGridGutterWidth); 11 | 12 | // Reset utility classes due to specificity 13 | [class*="span"].hide, 14 | .row-fluid [class*="span"].hide { 15 | display: none; 16 | } 17 | 18 | [class*="span"].pull-right, 19 | .row-fluid [class*="span"].pull-right { 20 | float: right; 21 | } 22 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/less/hero-unit.less: -------------------------------------------------------------------------------- 1 | // 2 | // Hero unit 3 | // -------------------------------------------------- 4 | 5 | 6 | .hero-unit { 7 | padding: 60px; 8 | margin-bottom: 30px; 9 | font-size: 18px; 10 | font-weight: 200; 11 | line-height: @baseLineHeight * 1.5; 12 | color: @heroUnitLeadColor; 13 | background-color: @heroUnitBackground; 14 | .border-radius(6px); 15 | h1 { 16 | margin-bottom: 0; 17 | font-size: 60px; 18 | line-height: 1; 19 | color: @heroUnitHeadingColor; 20 | letter-spacing: -1px; 21 | } 22 | li { 23 | line-height: @baseLineHeight * 1.5; // Reset since we specify in type.less 24 | } 25 | } 26 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/less/layouts.less: -------------------------------------------------------------------------------- 1 | // 2 | // Layouts 3 | // -------------------------------------------------- 4 | 5 | 6 | // Container (centered, fixed-width layouts) 7 | .container { 8 | .container-fixed(); 9 | } 10 | 11 | // Fluid layouts (left aligned, with sidebar, min- & max-width content) 12 | .container-fluid { 13 | padding-right: @gridGutterWidth; 14 | padding-left: @gridGutterWidth; 15 | .clearfix(); 16 | } -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/less/media.less: -------------------------------------------------------------------------------- 1 | // Media objects 2 | // Source: http://stubbornella.org/content/?p=497 3 | // -------------------------------------------------- 4 | 5 | 6 | // Common styles 7 | // ------------------------- 8 | 9 | // Clear the floats 10 | .media, 11 | .media-body { 12 | overflow: hidden; 13 | *overflow: visible; 14 | zoom: 1; 15 | } 16 | 17 | // Proper spacing between instances of .media 18 | .media, 19 | .media .media { 20 | margin-top: 15px; 21 | } 22 | .media:first-child { 23 | margin-top: 0; 24 | } 25 | 26 | // For images and videos, set to block 27 | .media-object { 28 | display: block; 29 | } 30 | 31 | // Reset margins on headings for tighter default spacing 32 | .media-heading { 33 | margin: 0 0 5px; 34 | } 35 | 36 | 37 | // Media image alignment 38 | // ------------------------- 39 | 40 | .media > .pull-left { 41 | margin-right: 10px; 42 | } 43 | .media > .pull-right { 44 | margin-left: 10px; 45 | } 46 | 47 | 48 | // Media list variation 49 | // ------------------------- 50 | 51 | // Undo default ul/ol styles 52 | .media-list { 53 | margin-left: 0; 54 | list-style: none; 55 | } 56 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/less/pager.less: -------------------------------------------------------------------------------- 1 | // 2 | // Pager pagination 3 | // -------------------------------------------------- 4 | 5 | 6 | .pager { 7 | margin: @baseLineHeight 0; 8 | list-style: none; 9 | text-align: center; 10 | .clearfix(); 11 | } 12 | .pager li { 13 | display: inline; 14 | } 15 | .pager li > a, 16 | .pager li > span { 17 | display: inline-block; 18 | padding: 5px 14px; 19 | background-color: #fff; 20 | border: 1px solid #ddd; 21 | .border-radius(15px); 22 | } 23 | .pager li > a:hover, 24 | .pager li > a:focus { 25 | text-decoration: none; 26 | background-color: #f5f5f5; 27 | } 28 | .pager .next > a, 29 | .pager .next > span { 30 | float: right; 31 | } 32 | .pager .previous > a, 33 | .pager .previous > span { 34 | float: left; 35 | } 36 | .pager .disabled > a, 37 | .pager .disabled > a:hover, 38 | .pager .disabled > a:focus, 39 | .pager .disabled > span { 40 | color: @grayLight; 41 | background-color: #fff; 42 | cursor: default; 43 | } -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/less/responsive-1200px-min.less: -------------------------------------------------------------------------------- 1 | // 2 | // Responsive: Large desktop and up 3 | // -------------------------------------------------- 4 | 5 | 6 | @media (min-width: 1200px) { 7 | 8 | // Fixed grid 9 | #grid > .core(@gridColumnWidth1200, @gridGutterWidth1200); 10 | 11 | // Fluid grid 12 | #grid > .fluid(@fluidGridColumnWidth1200, @fluidGridGutterWidth1200); 13 | 14 | // Input grid 15 | #grid > .input(@gridColumnWidth1200, @gridGutterWidth1200); 16 | 17 | // Thumbnails 18 | .thumbnails { 19 | margin-left: -@gridGutterWidth1200; 20 | } 21 | .thumbnails > li { 22 | margin-left: @gridGutterWidth1200; 23 | } 24 | .row-fluid .thumbnails { 25 | margin-left: 0; 26 | } 27 | 28 | } 29 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/less/responsive-768px-979px.less: -------------------------------------------------------------------------------- 1 | // 2 | // Responsive: Tablet to desktop 3 | // -------------------------------------------------- 4 | 5 | 6 | @media (min-width: 768px) and (max-width: 979px) { 7 | 8 | // Fixed grid 9 | #grid > .core(@gridColumnWidth768, @gridGutterWidth768); 10 | 11 | // Fluid grid 12 | #grid > .fluid(@fluidGridColumnWidth768, @fluidGridGutterWidth768); 13 | 14 | // Input grid 15 | #grid > .input(@gridColumnWidth768, @gridGutterWidth768); 16 | 17 | // No need to reset .thumbnails here since it's the same @gridGutterWidth 18 | 19 | } 20 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/less/responsive-utilities.less: -------------------------------------------------------------------------------- 1 | // 2 | // Responsive: Utility classes 3 | // -------------------------------------------------- 4 | 5 | 6 | // IE10 Metro responsive 7 | // Required for Windows 8 Metro split-screen snapping with IE10 8 | // Source: http://timkadlec.com/2012/10/ie10-snap-mode-and-responsive-design/ 9 | @-ms-viewport{ 10 | width: device-width; 11 | } 12 | 13 | // Hide from screenreaders and browsers 14 | // Credit: HTML5 Boilerplate 15 | .hidden { 16 | display: none; 17 | visibility: hidden; 18 | } 19 | 20 | // Visibility utilities 21 | 22 | // For desktops 23 | .visible-phone { display: none !important; } 24 | .visible-tablet { display: none !important; } 25 | .hidden-phone { } 26 | .hidden-tablet { } 27 | .hidden-desktop { display: none !important; } 28 | .visible-desktop { display: inherit !important; } 29 | 30 | // Tablets & small desktops only 31 | @media (min-width: 768px) and (max-width: 979px) { 32 | // Hide everything else 33 | .hidden-desktop { display: inherit !important; } 34 | .visible-desktop { display: none !important ; } 35 | // Show 36 | .visible-tablet { display: inherit !important; } 37 | // Hide 38 | .hidden-tablet { display: none !important; } 39 | } 40 | 41 | // Phones only 42 | @media (max-width: 767px) { 43 | // Hide everything else 44 | .hidden-desktop { display: inherit !important; } 45 | .visible-desktop { display: none !important; } 46 | // Show 47 | .visible-phone { display: inherit !important; } // Use inherit to restore previous behavior 48 | // Hide 49 | .hidden-phone { display: none !important; } 50 | } 51 | 52 | // Print utilities 53 | .visible-print { display: none !important; } 54 | .hidden-print { } 55 | 56 | @media print { 57 | .visible-print { display: inherit !important; } 58 | .hidden-print { display: none !important; } 59 | } 60 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/less/scaffolding.less: -------------------------------------------------------------------------------- 1 | // 2 | // Scaffolding 3 | // -------------------------------------------------- 4 | 5 | 6 | // Body reset 7 | // ------------------------- 8 | 9 | body { 10 | margin: 0; 11 | font-family: @baseFontFamily; 12 | font-size: @baseFontSize; 13 | line-height: @baseLineHeight; 14 | color: @textColor; 15 | background-color: @bodyBackground; 16 | } 17 | 18 | 19 | // Links 20 | // ------------------------- 21 | 22 | a { 23 | color: @linkColor; 24 | text-decoration: none; 25 | } 26 | a:hover, 27 | a:focus { 28 | color: @linkColorHover; 29 | text-decoration: underline; 30 | } 31 | 32 | 33 | // Images 34 | // ------------------------- 35 | 36 | // Rounded corners 37 | .img-rounded { 38 | .border-radius(6px); 39 | } 40 | 41 | // Add polaroid-esque trim 42 | .img-polaroid { 43 | padding: 4px; 44 | background-color: #fff; 45 | border: 1px solid #ccc; 46 | border: 1px solid rgba(0,0,0,.2); 47 | .box-shadow(0 1px 3px rgba(0,0,0,.1)); 48 | } 49 | 50 | // Perfect circle 51 | .img-circle { 52 | .border-radius(500px); // crank the border-radius so it works with most reasonably sized images 53 | } 54 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/less/thumbnails.less: -------------------------------------------------------------------------------- 1 | // 2 | // Thumbnails 3 | // -------------------------------------------------- 4 | 5 | 6 | // Note: `.thumbnails` and `.thumbnails > li` are overriden in responsive files 7 | 8 | // Make wrapper ul behave like the grid 9 | .thumbnails { 10 | margin-left: -@gridGutterWidth; 11 | list-style: none; 12 | .clearfix(); 13 | } 14 | // Fluid rows have no left margin 15 | .row-fluid .thumbnails { 16 | margin-left: 0; 17 | } 18 | 19 | // Float li to make thumbnails appear in a row 20 | .thumbnails > li { 21 | float: left; // Explicity set the float since we don't require .span* classes 22 | margin-bottom: @baseLineHeight; 23 | margin-left: @gridGutterWidth; 24 | } 25 | 26 | // The actual thumbnail (can be `a` or `div`) 27 | .thumbnail { 28 | display: block; 29 | padding: 4px; 30 | line-height: @baseLineHeight; 31 | border: 1px solid #ddd; 32 | .border-radius(@baseBorderRadius); 33 | .box-shadow(0 1px 3px rgba(0,0,0,.055)); 34 | .transition(all .2s ease-in-out); 35 | } 36 | // Add a hover/focus state for linked versions only 37 | a.thumbnail:hover, 38 | a.thumbnail:focus { 39 | border-color: @linkColor; 40 | .box-shadow(0 1px 4px rgba(0,105,214,.25)); 41 | } 42 | 43 | // Images and captions 44 | .thumbnail > img { 45 | display: block; 46 | max-width: 100%; 47 | margin-left: auto; 48 | margin-right: auto; 49 | } 50 | .thumbnail .caption { 51 | padding: 9px; 52 | color: @gray; 53 | } 54 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/less/tooltip.less: -------------------------------------------------------------------------------- 1 | // 2 | // Tooltips 3 | // -------------------------------------------------- 4 | 5 | 6 | // Base class 7 | .tooltip { 8 | position: absolute; 9 | z-index: @zindexTooltip; 10 | display: block; 11 | visibility: visible; 12 | font-size: 11px; 13 | line-height: 1.4; 14 | .opacity(0); 15 | &.in { .opacity(80); } 16 | &.top { margin-top: -3px; padding: 5px 0; } 17 | &.right { margin-left: 3px; padding: 0 5px; } 18 | &.bottom { margin-top: 3px; padding: 5px 0; } 19 | &.left { margin-left: -3px; padding: 0 5px; } 20 | } 21 | 22 | // Wrapper for the tooltip content 23 | .tooltip-inner { 24 | max-width: 200px; 25 | padding: 8px; 26 | color: @tooltipColor; 27 | text-align: center; 28 | text-decoration: none; 29 | background-color: @tooltipBackground; 30 | .border-radius(@baseBorderRadius); 31 | } 32 | 33 | // Arrows 34 | .tooltip-arrow { 35 | position: absolute; 36 | width: 0; 37 | height: 0; 38 | border-color: transparent; 39 | border-style: solid; 40 | } 41 | .tooltip { 42 | &.top .tooltip-arrow { 43 | bottom: 0; 44 | left: 50%; 45 | margin-left: -@tooltipArrowWidth; 46 | border-width: @tooltipArrowWidth @tooltipArrowWidth 0; 47 | border-top-color: @tooltipArrowColor; 48 | } 49 | &.right .tooltip-arrow { 50 | top: 50%; 51 | left: 0; 52 | margin-top: -@tooltipArrowWidth; 53 | border-width: @tooltipArrowWidth @tooltipArrowWidth @tooltipArrowWidth 0; 54 | border-right-color: @tooltipArrowColor; 55 | } 56 | &.left .tooltip-arrow { 57 | top: 50%; 58 | right: 0; 59 | margin-top: -@tooltipArrowWidth; 60 | border-width: @tooltipArrowWidth 0 @tooltipArrowWidth @tooltipArrowWidth; 61 | border-left-color: @tooltipArrowColor; 62 | } 63 | &.bottom .tooltip-arrow { 64 | top: 0; 65 | left: 50%; 66 | margin-left: -@tooltipArrowWidth; 67 | border-width: 0 @tooltipArrowWidth @tooltipArrowWidth; 68 | border-bottom-color: @tooltipArrowColor; 69 | } 70 | } 71 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/less/utilities.less: -------------------------------------------------------------------------------- 1 | // 2 | // Utility classes 3 | // -------------------------------------------------- 4 | 5 | 6 | // Quick floats 7 | .pull-right { 8 | float: right; 9 | } 10 | .pull-left { 11 | float: left; 12 | } 13 | 14 | // Toggling content 15 | .hide { 16 | display: none; 17 | } 18 | .show { 19 | display: block; 20 | } 21 | 22 | // Visibility 23 | .invisible { 24 | visibility: hidden; 25 | } 26 | 27 | // For Affix plugin 28 | .affix { 29 | position: fixed; 30 | } 31 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/less/wells.less: -------------------------------------------------------------------------------- 1 | // 2 | // Wells 3 | // -------------------------------------------------- 4 | 5 | 6 | // Base class 7 | .well { 8 | min-height: 20px; 9 | padding: 19px; 10 | margin-bottom: 20px; 11 | background-color: @wellBackground; 12 | border: 1px solid darken(@wellBackground, 7%); 13 | .border-radius(@baseBorderRadius); 14 | .box-shadow(inset 0 1px 1px rgba(0,0,0,.05)); 15 | blockquote { 16 | border-color: #ddd; 17 | border-color: rgba(0,0,0,.15); 18 | } 19 | } 20 | 21 | // Sizes 22 | .well-large { 23 | padding: 24px; 24 | .border-radius(@borderRadiusLarge); 25 | } 26 | .well-small { 27 | padding: 9px; 28 | .border-radius(@borderRadiusSmall); 29 | } 30 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/resources/bootstrap2/img/glyphicons-halflings-white.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/d074573de0c8b8e339add89a17a2bd000a1c6378/openid-connect-server-webapp/src/main/webapp/resources/bootstrap2/img/glyphicons-halflings-white.png -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/resources/bootstrap2/img/glyphicons-halflings.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/d074573de0c8b8e339add89a17a2bd000a1c6378/openid-connect-server-webapp/src/main/webapp/resources/bootstrap2/img/glyphicons-halflings.png -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/resources/css/bootstrap-sheet.css: -------------------------------------------------------------------------------- 1 | /*! 2 | * Bootstrap modal sheet 3 | * 4 | * Author: Michaël Perrin 5 | * https://github.com/michaelperrin/bootstrap-modal-sheet 6 | */ 7 | 8 | .sheet form { 9 | margin: 0; 10 | } 11 | 12 | .sheet .form-actions { 13 | margin-top: 10px; 14 | margin-bottom: 0; 15 | padding: 10px 20px 10px; 16 | text-align: right; 17 | } 18 | 19 | .sheet { 20 | position: absolute; 21 | z-index: 1050; 22 | 23 | width: 600px; 24 | background: rgba(240, 240, 240, 0.9); 25 | border-color: #909090; 26 | border-style: solid; 27 | border-width: 0 1px 1px 1px; 28 | box-shadow: inset 0 15px 12px -10px rgba(0, 0, 0, 0.4), 0 5px 12px rgba(0, 0, 0, 0.4); 29 | padding-top: 15px; 30 | } 31 | 32 | .sheet.hide { 33 | display: none; 34 | } 35 | 36 | .sheet .sheet-body { 37 | padding-left: 15px; 38 | padding-right: 15px; 39 | } 40 | 41 | .sheet .sheet-footer { 42 | margin-top: 10px; 43 | margin-bottom: 0; 44 | padding: 10px 20px 10px; 45 | text-align: right; 46 | background-color: #f5f5f5; 47 | border-top: 1px solid #e5e5e5; 48 | } 49 | 50 | .sheet-backdrop { 51 | position: fixed; 52 | top: 0; 53 | right: 0; 54 | bottom: 0; 55 | left: 0; 56 | z-index: 1040; 57 | } 58 | -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/resources/css/mitreid-connect-local.css: -------------------------------------------------------------------------------- 1 | /* 2 | * Overlay this file to provide local style overrides. 3 | */ -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/resources/css/mitreid-connect-responsive-local.css: -------------------------------------------------------------------------------- 1 | /* 2 | * Overlay this file to provide local style overrides. 3 | */ -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/resources/css/mitreid-connect-responsive.css: -------------------------------------------------------------------------------- 1 | /* size-responsive CSS to be loaded after bootstrap-responsive */ 2 | 3 | @media ( min-width : 768px) and (max-width: 979px) { 4 | .main { 5 | padding-top: 0px; 6 | } 7 | } 8 | 9 | @media ( max-width : 767px) { 10 | #footer { 11 | margin-left: -20px; 12 | margin-right: -20px; 13 | padding-left: 20px; 14 | padding-right: 20px; 15 | } 16 | } -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/resources/images/heart_mode.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/d074573de0c8b8e339add89a17a2bd000a1c6378/openid-connect-server-webapp/src/main/webapp/resources/images/heart_mode.png -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/resources/images/heart_mode@2x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/d074573de0c8b8e339add89a17a2bd000a1c6378/openid-connect-server-webapp/src/main/webapp/resources/images/heart_mode@2x.png -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/resources/images/logo_placeholder.gif: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/d074573de0c8b8e339add89a17a2bd000a1c6378/openid-connect-server-webapp/src/main/webapp/resources/images/logo_placeholder.gif -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/resources/images/mitreid-connect.ico: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/d074573de0c8b8e339add89a17a2bd000a1c6378/openid-connect-server-webapp/src/main/webapp/resources/images/mitreid-connect.ico -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/resources/images/openid_connect_large.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/d074573de0c8b8e339add89a17a2bd000a1c6378/openid-connect-server-webapp/src/main/webapp/resources/images/openid_connect_large.png -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/resources/images/openid_connect_large@2x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/d074573de0c8b8e339add89a17a2bd000a1c6378/openid-connect-server-webapp/src/main/webapp/resources/images/openid_connect_large@2x.png -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/resources/images/openid_connect_small.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/d074573de0c8b8e339add89a17a2bd000a1c6378/openid-connect-server-webapp/src/main/webapp/resources/images/openid_connect_small.png -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/resources/images/openid_connect_small@2x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/mitreid-connect/OpenID-Connect-Java-Spring-Server/d074573de0c8b8e339add89a17a2bd000a1c6378/openid-connect-server-webapp/src/main/webapp/resources/images/openid_connect_small@2x.png -------------------------------------------------------------------------------- /openid-connect-server-webapp/src/main/webapp/resources/js/profile.js: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | ui.routes.push({ 17 | path: "user/profile", 18 | name: "profile", 19 | callback: function() { 20 | 21 | this.breadCrumbView.collection.reset(); 22 | this.breadCrumbView.collection.add([{ 23 | text: $.t('admin.home'), 24 | href: "" 25 | }, { 26 | text: $.t('admin.user-profile.show'), 27 | href: "manage/#user/profile" 28 | }]); 29 | 30 | this.updateSidebar('user/profile'); 31 | 32 | var view = new UserProfileView({ 33 | model: getUserInfo() 34 | }); 35 | $('#content').html(view.render().el); 36 | 37 | setPageTitle($.t('admin.user-profile.show')); 38 | 39 | } 40 | }); -------------------------------------------------------------------------------- /openid-connect-server/.gitignore: -------------------------------------------------------------------------------- 1 | local-values.conf 2 | target 3 | *~ 4 | bin 5 | *.idea 6 | *.iml 7 | *.eml 8 | .project 9 | .settings 10 | .classpath 11 | /target 12 | .springBeans 13 | -------------------------------------------------------------------------------- /openid-connect-server/src/main/java/org/mitre/oauth2/assertion/AssertionOAuth2RequestFactory.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | 17 | package org.mitre.oauth2.assertion; 18 | 19 | import org.springframework.security.oauth2.provider.ClientDetails; 20 | import org.springframework.security.oauth2.provider.OAuth2Request; 21 | import org.springframework.security.oauth2.provider.TokenRequest; 22 | 23 | import com.nimbusds.jwt.JWT; 24 | 25 | /** 26 | * Take in an assertion and token request and generate an OAuth2Request from it, including scopes and other important components 27 | * 28 | * @author jricher 29 | * 30 | */ 31 | public interface AssertionOAuth2RequestFactory { 32 | 33 | /** 34 | * @param client 35 | * @param tokenRequest 36 | * @param assertion 37 | * @return 38 | */ 39 | OAuth2Request createOAuth2Request(ClientDetails client, TokenRequest tokenRequest, JWT assertion); 40 | 41 | } 42 | -------------------------------------------------------------------------------- /openid-connect-server/src/main/java/org/mitre/oauth2/exception/AuthorizationPendingException.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | 17 | package org.mitre.oauth2.exception; 18 | 19 | import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; 20 | 21 | /** 22 | * @author jricher 23 | * 24 | */ 25 | public class AuthorizationPendingException extends OAuth2Exception { 26 | 27 | /** 28 | * @param msg 29 | */ 30 | public AuthorizationPendingException(String msg) { 31 | super(msg); 32 | } 33 | 34 | /** 35 | * 36 | */ 37 | private static final long serialVersionUID = -7078098692596870940L; 38 | 39 | /* (non-Javadoc) 40 | * @see org.springframework.security.oauth2.common.exceptions.OAuth2Exception#getOAuth2ErrorCode() 41 | */ 42 | @Override 43 | public String getOAuth2ErrorCode() { 44 | return "authorization_pending"; 45 | } 46 | 47 | 48 | 49 | } 50 | -------------------------------------------------------------------------------- /openid-connect-server/src/main/java/org/mitre/oauth2/exception/DeviceCodeExpiredException.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | 17 | package org.mitre.oauth2.exception; 18 | 19 | import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; 20 | 21 | /** 22 | * @author jricher 23 | * 24 | */ 25 | public class DeviceCodeExpiredException extends OAuth2Exception { 26 | 27 | /** 28 | * @param msg 29 | */ 30 | public DeviceCodeExpiredException(String msg) { 31 | super(msg); 32 | } 33 | 34 | /** 35 | * 36 | */ 37 | private static final long serialVersionUID = -7078098692596870940L; 38 | 39 | /* (non-Javadoc) 40 | * @see org.springframework.security.oauth2.common.exceptions.OAuth2Exception#getOAuth2ErrorCode() 41 | */ 42 | @Override 43 | public String getOAuth2ErrorCode() { 44 | return "expired_token"; 45 | } 46 | 47 | } 48 | -------------------------------------------------------------------------------- /openid-connect-server/src/main/java/org/mitre/oauth2/exception/DuplicateClientIdException.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Portions copyright 2011-2013 The MITRE Corporation 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); 7 | * you may not use this file except in compliance with the License. 8 | * You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software 13 | * distributed under the License is distributed on an "AS IS" BASIS, 14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | * See the License for the specific language governing permissions and 16 | * limitations under the License. 17 | *******************************************************************************/ 18 | package org.mitre.oauth2.exception; 19 | 20 | public class DuplicateClientIdException extends RuntimeException { 21 | 22 | public DuplicateClientIdException(String clientId) { 23 | super("Duplicate client id: " + clientId); 24 | } 25 | 26 | /** 27 | * 28 | */ 29 | private static final long serialVersionUID = 1L; 30 | 31 | 32 | } 33 | -------------------------------------------------------------------------------- /openid-connect-server/src/main/java/org/mitre/oauth2/web/OAuth2ExceptionHandler.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | 17 | package org.mitre.oauth2.web; 18 | 19 | import org.slf4j.Logger; 20 | import org.slf4j.LoggerFactory; 21 | import org.springframework.beans.factory.annotation.Autowired; 22 | import org.springframework.http.ResponseEntity; 23 | import org.springframework.security.oauth2.common.exceptions.OAuth2Exception; 24 | import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator; 25 | import org.springframework.web.bind.annotation.ControllerAdvice; 26 | import org.springframework.web.bind.annotation.ExceptionHandler; 27 | 28 | /** 29 | * Controller helper that handles OAuth2 exceptions and propagates them as JSON errors. 30 | * 31 | * @author jricher 32 | * 33 | */ 34 | @ControllerAdvice 35 | public class OAuth2ExceptionHandler { 36 | private static final Logger logger = LoggerFactory.getLogger(OAuth2ExceptionHandler.class); 37 | 38 | @Autowired 39 | private WebResponseExceptionTranslator providerExceptionHandler; 40 | 41 | @ExceptionHandler(OAuth2Exception.class) 42 | public ResponseEntity handleException(Exception e) throws Exception { 43 | logger.info("Handling error: " + e.getClass().getSimpleName() + ", " + e.getMessage()); 44 | return providerExceptionHandler.translate(e); 45 | } 46 | 47 | } 48 | -------------------------------------------------------------------------------- /openid-connect-server/src/main/java/org/mitre/openid/connect/repository/impl/JpaAddressRepository.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Portions copyright 2011-2013 The MITRE Corporation 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); 7 | * you may not use this file except in compliance with the License. 8 | * You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software 13 | * distributed under the License is distributed on an "AS IS" BASIS, 14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | * See the License for the specific language governing permissions and 16 | * limitations under the License. 17 | *******************************************************************************/ 18 | package org.mitre.openid.connect.repository.impl; 19 | 20 | import javax.persistence.EntityManager; 21 | import javax.persistence.PersistenceContext; 22 | 23 | import org.mitre.openid.connect.model.Address; 24 | import org.mitre.openid.connect.repository.AddressRepository; 25 | import org.springframework.stereotype.Repository; 26 | import org.springframework.transaction.annotation.Transactional; 27 | 28 | /** 29 | * JPA Address repository implementation 30 | * 31 | * @author Michael Joseph Walsh 32 | * 33 | */ 34 | @Repository 35 | public class JpaAddressRepository implements AddressRepository { 36 | 37 | @PersistenceContext(unitName="defaultPersistenceUnit") 38 | private EntityManager manager; 39 | 40 | @Override 41 | @Transactional(value="defaultTransactionManager") 42 | public Address getById(Long id) { 43 | return manager.find(Address.class, id); 44 | } 45 | 46 | } 47 | -------------------------------------------------------------------------------- /openid-connect-server/src/main/java/org/mitre/openid/connect/request/ConnectRequestParameters.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package org.mitre.openid.connect.request; 17 | 18 | public interface ConnectRequestParameters { 19 | 20 | public String CLIENT_ID = "client_id"; 21 | public String RESPONSE_TYPE = "response_type"; 22 | public String REDIRECT_URI = "redirect_uri"; 23 | public String STATE = "state"; 24 | public String DISPLAY = "display"; 25 | public String REQUEST = "request"; 26 | public String LOGIN_HINT = "login_hint"; 27 | public String MAX_AGE = "max_age"; 28 | public String CLAIMS = "claims"; 29 | public String SCOPE = "scope"; 30 | public String NONCE = "nonce"; 31 | public String PROMPT = "prompt"; 32 | 33 | // prompt values 34 | public String PROMPT_LOGIN = "login"; 35 | public String PROMPT_NONE = "none"; 36 | public String PROMPT_CONSENT = "consent"; 37 | public String PROMPT_SEPARATOR = " "; 38 | 39 | // extensions 40 | public String APPROVED_SITE = "approved_site"; 41 | 42 | // responses 43 | public String ERROR = "error"; 44 | public String LOGIN_REQUIRED = "login_required"; 45 | 46 | // audience 47 | public String AUD = "aud"; 48 | 49 | // PKCE 50 | public String CODE_CHALLENGE = "code_challenge"; 51 | public String CODE_CHALLENGE_METHOD = "code_challenge_method"; 52 | public String CODE_VERIFIER = "code_verifier"; 53 | 54 | } 55 | -------------------------------------------------------------------------------- /openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/MITREidDataServiceSupport.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | package org.mitre.openid.connect.service.impl; 17 | 18 | import java.text.ParseException; 19 | import java.util.Date; 20 | import java.util.Locale; 21 | 22 | import org.slf4j.Logger; 23 | import org.slf4j.LoggerFactory; 24 | import org.springframework.format.annotation.DateTimeFormat.ISO; 25 | import org.springframework.format.datetime.DateFormatter; 26 | 27 | public abstract class MITREidDataServiceSupport { 28 | private final DateFormatter dateFormatter; 29 | /** 30 | * Logger for this class 31 | */ 32 | private static final Logger logger = LoggerFactory.getLogger(MITREidDataServiceSupport.class); 33 | 34 | public MITREidDataServiceSupport() { 35 | dateFormatter = new DateFormatter(); 36 | dateFormatter.setIso(ISO.DATE_TIME); 37 | } 38 | 39 | protected Date utcToDate(String value) { 40 | if (value == null) { 41 | return null; 42 | } 43 | try { 44 | return dateFormatter.parse(value, Locale.ENGLISH); 45 | } catch (ParseException ex) { 46 | logger.error("Unable to parse datetime {}", value, ex); 47 | } 48 | return null; 49 | } 50 | 51 | protected String toUTCString(Date value) { 52 | if (value == null) { 53 | return null; 54 | } 55 | return dateFormatter.print(value, Locale.ENGLISH); 56 | } 57 | 58 | } 59 | -------------------------------------------------------------------------------- /openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/PassAllLoginHints.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | 17 | package org.mitre.openid.connect.service.impl; 18 | 19 | import org.mitre.openid.connect.service.LoginHintExtracter; 20 | 21 | /** 22 | * Sends all login hints through to the login page regardless of setup. 23 | * 24 | * @author jricher 25 | * 26 | */ 27 | public class PassAllLoginHints implements LoginHintExtracter { 28 | 29 | /* (non-Javadoc) 30 | * @see org.mitre.openid.connect.service.LoginHintTester#useHint(java.lang.String) 31 | */ 32 | @Override 33 | public String extractHint(String loginHint) { 34 | return loginHint; 35 | } 36 | 37 | } 38 | -------------------------------------------------------------------------------- /openid-connect-server/src/main/java/org/mitre/openid/connect/service/impl/RemoveLoginHintsWithHTTP.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | 17 | package org.mitre.openid.connect.service.impl; 18 | 19 | import org.mitre.openid.connect.service.LoginHintExtracter; 20 | 21 | import com.google.common.base.Strings; 22 | 23 | /** 24 | * Passes login hints that don't start with "http" 25 | * 26 | * @author jricher 27 | * 28 | */ 29 | public class RemoveLoginHintsWithHTTP implements LoginHintExtracter { 30 | 31 | /* (non-Javadoc) 32 | * @see org.mitre.openid.connect.service.LoginHintTester#useHint(java.lang.String) 33 | */ 34 | @Override 35 | public String extractHint(String loginHint) { 36 | if (Strings.isNullOrEmpty(loginHint)) { 37 | return null; 38 | } else { 39 | if (loginHint.startsWith("http")) { 40 | return null; 41 | } else { 42 | return loginHint; 43 | } 44 | } 45 | } 46 | 47 | } 48 | -------------------------------------------------------------------------------- /openid-connect-server/src/main/java/org/mitre/openid/connect/view/HttpCodeView.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Portions copyright 2011-2013 The MITRE Corporation 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); 7 | * you may not use this file except in compliance with the License. 8 | * You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software 13 | * distributed under the License is distributed on an "AS IS" BASIS, 14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | * See the License for the specific language governing permissions and 16 | * limitations under the License. 17 | *******************************************************************************/ 18 | /** 19 | * 20 | */ 21 | package org.mitre.openid.connect.view; 22 | 23 | import java.util.Map; 24 | 25 | import javax.servlet.http.HttpServletRequest; 26 | import javax.servlet.http.HttpServletResponse; 27 | 28 | import org.springframework.http.HttpStatus; 29 | import org.springframework.stereotype.Component; 30 | import org.springframework.web.servlet.view.AbstractView; 31 | 32 | /** 33 | * An empty view that simply returns an HTTP code set in the model 34 | * @author jricher 35 | * 36 | */ 37 | @Component(HttpCodeView.VIEWNAME) 38 | public class HttpCodeView extends AbstractView { 39 | 40 | public static final String VIEWNAME = "httpCodeView"; 41 | 42 | public static final String CODE = "code"; 43 | 44 | @Override 45 | protected void renderMergedOutputModel(Map model, HttpServletRequest request, HttpServletResponse response) { 46 | HttpStatus code = (HttpStatus) model.get(CODE); 47 | if (code == null) { 48 | code = HttpStatus.OK; // default to 200 49 | } 50 | 51 | response.setStatus(code.value()); 52 | 53 | } 54 | 55 | } 56 | -------------------------------------------------------------------------------- /openid-connect-server/src/main/java/org/mitre/openid/connect/web/ServerConfigInterceptor.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Portions copyright 2011-2013 The MITRE Corporation 5 | * 6 | * Licensed under the Apache License, Version 2.0 (the "License"); 7 | * you may not use this file except in compliance with the License. 8 | * You may obtain a copy of the License at 9 | * 10 | * http://www.apache.org/licenses/LICENSE-2.0 11 | * 12 | * Unless required by applicable law or agreed to in writing, software 13 | * distributed under the License is distributed on an "AS IS" BASIS, 14 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 15 | * See the License for the specific language governing permissions and 16 | * limitations under the License. 17 | *******************************************************************************/ 18 | /** 19 | * 20 | */ 21 | package org.mitre.openid.connect.web; 22 | 23 | import javax.servlet.http.HttpServletRequest; 24 | import javax.servlet.http.HttpServletResponse; 25 | 26 | import org.mitre.openid.connect.config.ConfigurationPropertiesBean; 27 | import org.mitre.openid.connect.config.UIConfiguration; 28 | import org.springframework.beans.factory.annotation.Autowired; 29 | import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; 30 | 31 | /** 32 | * 33 | * Injects the server configuration bean into the request context. 34 | * This allows JSPs and the like to call "config.logoUrl" among others. 35 | * 36 | * @author jricher 37 | * 38 | */ 39 | public class ServerConfigInterceptor extends HandlerInterceptorAdapter { 40 | 41 | @Autowired 42 | private ConfigurationPropertiesBean config; 43 | 44 | @Autowired 45 | private UIConfiguration ui; 46 | 47 | @Override 48 | public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { 49 | request.setAttribute("config", config); 50 | request.setAttribute("ui", ui); 51 | return true; 52 | } 53 | 54 | } 55 | -------------------------------------------------------------------------------- /openid-connect-server/src/test/java/org/mitre/openid/connect/config/TestJsonMessageSource.java: -------------------------------------------------------------------------------- 1 | package org.mitre.openid.connect.config; 2 | 3 | import org.junit.Before; 4 | import org.junit.Test; 5 | import org.junit.runner.RunWith; 6 | import org.mockito.InjectMocks; 7 | import org.mockito.Spy; 8 | import org.mockito.runners.MockitoJUnitRunner; 9 | import org.springframework.core.io.ClassPathResource; 10 | import org.springframework.core.io.Resource; 11 | 12 | import java.text.MessageFormat; 13 | import java.util.Locale; 14 | 15 | import static org.junit.Assert.assertEquals; 16 | import static org.junit.Assert.assertNull; 17 | 18 | @RunWith(MockitoJUnitRunner.class) 19 | public class TestJsonMessageSource { 20 | 21 | @InjectMocks 22 | private JsonMessageSource jsonMessageSource; 23 | 24 | @Spy 25 | private ConfigurationPropertiesBean config; 26 | 27 | private Locale localeThatHasAFile = new Locale("en"); 28 | 29 | private Locale localeThatDoesNotHaveAFile = new Locale("xx"); 30 | 31 | @Before 32 | public void setup() { 33 | //test message files are located in test/resources/js/locale/ 34 | Resource resource = new ClassPathResource("/resources/js/locale/"); 35 | jsonMessageSource.setBaseDirectory(resource); 36 | } 37 | 38 | @Test 39 | public void verifyWhenLocaleExists_canResolveCode() { 40 | MessageFormat mf = jsonMessageSource.resolveCode("testAttribute", localeThatHasAFile); 41 | assertEquals(mf.getLocale().getLanguage(), "en"); 42 | assertEquals(mf.toPattern(), "testValue"); 43 | } 44 | 45 | @Test 46 | public void verifyWhenLocaleDoesNotExist_cannotResolveCode() { 47 | MessageFormat mf = jsonMessageSource.resolveCode("test", localeThatDoesNotHaveAFile); 48 | assertNull(mf); 49 | } 50 | } 51 | -------------------------------------------------------------------------------- /openid-connect-server/src/test/resources/resources/js/locale/en/messages.json: -------------------------------------------------------------------------------- 1 | { 2 | "testAttribute": "testValue" 3 | } 4 | -------------------------------------------------------------------------------- /uma-server-webapp/src/main/resources/db/hsql/scopes.sql: -------------------------------------------------------------------------------- 1 | -- 2 | -- Turn off autocommit and start a transaction so that we can use the temp tables 3 | -- 4 | 5 | SET AUTOCOMMIT FALSE; 6 | 7 | START TRANSACTION; 8 | 9 | -- 10 | -- Insert scope information into the temporary tables. 11 | -- 12 | 13 | INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope) VALUES 14 | ('openid', 'log in using your identity', 'user', false, true), 15 | ('profile', 'basic profile information', 'list-alt', false, true), 16 | ('email', 'email address', 'envelope', false, true), 17 | ('address', 'physical address', 'home', false, true), 18 | ('phone', 'telephone number', 'bell', false, true), 19 | ('offline_access', 'offline access', 'time', false, false), 20 | ('uma_protection', 'manage protected resources', 'briefcase', false, false), 21 | ('uma_authorization', 'request access to protected resources', 'share', false, false); 22 | 23 | -- 24 | -- Merge the temporary scopes safely into the database. This is a two-step process to keep scopes from being created on every startup with a persistent store. 25 | -- 26 | 27 | MERGE INTO system_scope 28 | USING (SELECT scope, description, icon, restricted, default_scope FROM system_scope_TEMP) AS vals(scope, description, icon, restricted, default_scope) 29 | ON vals.scope = system_scope.scope 30 | WHEN NOT MATCHED THEN 31 | INSERT (scope, description, icon, restricted, default_scope) VALUES(vals.scope, vals.description, vals.icon, vals.restricted, vals.default_scope); 32 | 33 | COMMIT; 34 | 35 | SET AUTOCOMMIT TRUE; 36 | -------------------------------------------------------------------------------- /uma-server-webapp/src/main/resources/db/mysql/scopes.sql: -------------------------------------------------------------------------------- 1 | -- 2 | -- Turn off autocommit and start a transaction so that we can use the temp tables 3 | -- 4 | 5 | SET AUTOCOMMIT = 0; 6 | 7 | START TRANSACTION; 8 | 9 | -- 10 | -- Insert scope information into the temporary tables. 11 | -- 12 | 13 | INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES 14 | ('openid', 'log in using your identity', 'user', false, true, false, null), 15 | ('profile', 'basic profile information', 'list-alt', false, true, false, null), 16 | ('email', 'email address', 'envelope', false, true, false, null), 17 | ('address', 'physical address', 'home', false, true, false, null), 18 | ('phone', 'telephone number', 'bell', false, true, false, null), 19 | ('offline_access', 'offline access', 'time', false, false, false, null), 20 | ('uma_protection', 'manage protected resources', 'briefcase', false, false, false, null), 21 | ('uma_authorization', 'request access to protected resources', 'share', false, false, false, null); 22 | 23 | -- 24 | -- Merge the temporary scopes safely into the database. This is a two-step process to keep scopes from being created on every startup with a persistent store. 25 | -- 26 | 27 | INSERT INTO system_scope (scope, description, icon, restricted, default_scope, structured, structured_param_description) 28 | SELECT scope, description, icon, restricted, default_scope, structured, structured_param_description FROM system_scope_TEMP 29 | ON DUPLICATE KEY UPDATE system_scope.scope = system_scope.scope; 30 | 31 | COMMIT; 32 | 33 | SET AUTOCOMMIT = 1; 34 | -------------------------------------------------------------------------------- /uma-server-webapp/src/main/resources/db/psql/scopes.sql: -------------------------------------------------------------------------------- 1 | -- 2 | -- Turn off autocommit and start a transaction so that we can use the temp tables 3 | -- 4 | 5 | --SET AUTOCOMMIT = OFF; 6 | 7 | START TRANSACTION; 8 | 9 | -- 10 | -- Insert scope information into the temporary tables. 11 | -- 12 | 13 | INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES 14 | ('openid', 'log in using your identity', 'user', false, true, false, null), 15 | ('profile', 'basic profile information', 'list-alt', false, true, false, null), 16 | ('email', 'email address', 'envelope', false, true, false, null), 17 | ('address', 'physical address', 'home', false, true, false, null), 18 | ('phone', 'telephone number', 'bell', false, true, false, null), 19 | ('offline_access', 'offline access', 'time', false, false, false, null); 20 | 21 | -- 22 | -- Merge the temporary scopes safely into the database. This is a two-step process to keep scopes from being created on every startup with a persistent store. 23 | -- 24 | 25 | INSERT INTO system_scope (scope, description, icon, restricted, default_scope, structured, structured_param_description) 26 | SELECT scope, description, icon, restricted, default_scope, structured, structured_param_description FROM system_scope_TEMP 27 | ON CONFLICT(scope) 28 | DO NOTHING; 29 | 30 | COMMIT; 31 | 32 | --SET AUTOCOMMIT = ON; 33 | 34 | -------------------------------------------------------------------------------- /uma-server-webapp/src/main/webapp/WEB-INF/views/external_login.jsp: -------------------------------------------------------------------------------- 1 | <%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%> 2 | <%@ taglib uri="http://java.sun.com/jsp/jstl/core" prefix="c" %> 3 | <%@ taglib prefix="security" uri="http://www.springframework.org/security/tags" %> 4 | <%@ taglib prefix="o" tagdir="/WEB-INF/tags"%> 5 | 6 | 7 |
    8 |
    9 |
    10 | 11 |

    Log In

    12 | 13 |

    Enter your email address to log in

    14 | 15 |
    16 |
    17 | 18 |
    19 |
    20 | 21 | 22 |
    23 |
    24 | 25 |
    26 | 27 |
    28 |
    29 |
    30 | 31 | 42 | -------------------------------------------------------------------------------- /uma-server-webapp/src/main/webapp/resources/js/locale/zh/uma.json: -------------------------------------------------------------------------------- 1 | { 2 | "admin": { 3 | "policies": "管理受保护资源的政策" 4 | }, 5 | "policy" : { 6 | "resource-sets": "资源集", 7 | "edit-policies": "编辑政策", 8 | "new-policy": "新建政策", 9 | "edit-policy": "编辑政策", 10 | "loading-policies": "政策", 11 | "loading-policy": "政策", 12 | "loading-rs": "资源集", 13 | "rs-table": { 14 | "confirm": "确定要删除该资源?", 15 | "no-resource-sets": "尚未有已注册的资源集。您可在此授权服务器中注册一个。", 16 | "scopes": "范围", 17 | "shared-with": "共享给:", 18 | "shared-nobody": "不共享", 19 | "shared-nobody-tooltip": "此资源别人无法访问,请编辑政策使其与其他人共享。", 20 | "sharing": "共享政策" 21 | }, 22 | "policy-table": { 23 | "new": "新建政策", 24 | "return": "返回到列表", 25 | "edit": "编辑政策", 26 | "confirm": "确定要删除该政策?", 27 | "delete": "删除", 28 | "no-policies": "此资源集尚未有政策:别人无法访问此资源集。", 29 | "required-claims": "必须的声明", 30 | "required-claims-info": "与您共享此资源的用户必须具备以下声明,才能访问该资源。", 31 | "remove": "移除", 32 | "issuers": "签发者", 33 | "claim": "声明项", 34 | "value": "值" 35 | }, 36 | "policy-form": { 37 | "email-address": "email地址", 38 | "share-email": "连带email地址共享", 39 | "new": "新建政策", 40 | "edit": "编辑政策", 41 | "claim-name": "声明项名称", 42 | "friendly-claim-name": "声明的显示名", 43 | "claim-value": "声明的值", 44 | "value-type-text": "文本", 45 | "value-type-number": "数字", 46 | "clear-all": "清除全部声明", 47 | "clear-all-confirm": "您是否要从此政策中清除全部声明?" 48 | }, 49 | "webfinger-error": "错误", 50 | "webfinger-error-description": "服务器无法找到__email__的身份提供者。", 51 | "advanced-error": "错误", 52 | "advanced-error-description": "保存高级声明时出错。您是否填写了全部必填项?" 53 | }, 54 | "sidebar": { 55 | "personal": { 56 | "resource_policies": "管理受保护资源的政策" 57 | } 58 | } 59 | } -------------------------------------------------------------------------------- /uma-server-webapp/src/main/webapp/resources/js/locale/zh_CN/uma.json: -------------------------------------------------------------------------------- 1 | { 2 | "admin": { 3 | "policies": "管理受保护资源的政策" 4 | }, 5 | "policy" : { 6 | "resource-sets": "资源集", 7 | "edit-policies": "编辑政策", 8 | "new-policy": "新建政策", 9 | "edit-policy": "编辑政策", 10 | "loading-policies": "政策", 11 | "loading-policy": "政策", 12 | "loading-rs": "资源集", 13 | "rs-table": { 14 | "confirm": "确定要删除该资源?", 15 | "no-resource-sets": "尚未有已注册的资源集。您可在此授权服务器中注册一个。", 16 | "scopes": "范围", 17 | "shared-with": "共享给:", 18 | "shared-nobody": "不共享", 19 | "shared-nobody-tooltip": "此资源别人无法访问,请编辑政策使其与其他人共享。", 20 | "sharing": "共享政策" 21 | }, 22 | "policy-table": { 23 | "new": "新建政策", 24 | "return": "返回到列表", 25 | "edit": "编辑政策", 26 | "confirm": "确定要删除该政策?", 27 | "delete": "删除", 28 | "no-policies": "此资源集尚未有政策:别人无法访问此资源集。", 29 | "required-claims": "必须的声明", 30 | "required-claims-info": "与您共享此资源的用户必须具备以下声明,才能访问该资源。", 31 | "remove": "移除", 32 | "issuers": "签发者", 33 | "claim": "声明项", 34 | "value": "值" 35 | }, 36 | "policy-form": { 37 | "email-address": "email地址", 38 | "share-email": "连带email地址共享", 39 | "new": "新建政策", 40 | "edit": "编辑政策", 41 | "claim-name": "声明项名称", 42 | "friendly-claim-name": "声明的显示名", 43 | "claim-value": "声明的值", 44 | "value-type-text": "文本", 45 | "value-type-number": "数字", 46 | "clear-all": "清除全部声明", 47 | "clear-all-confirm": "您是否要从此政策中清除全部声明?" 48 | }, 49 | "webfinger-error": "错误", 50 | "webfinger-error-description": "服务器无法找到__email__的身份提供者。", 51 | "advanced-error": "错误", 52 | "advanced-error-description": "保存高级声明时出错。您是否填写了全部必填项?" 53 | }, 54 | "sidebar": { 55 | "personal": { 56 | "resource_policies": "管理受保护资源的政策" 57 | } 58 | } 59 | } -------------------------------------------------------------------------------- /uma-server-webapp/src/main/webapp/resources/js/locale/zh_TW/uma.json: -------------------------------------------------------------------------------- 1 | { 2 | "admin": { 3 | "policies": "管理受保護資源的政策" 4 | }, 5 | "policy" : { 6 | "resource-sets": "資源集", 7 | "edit-policies": "編輯政策", 8 | "new-policy": "新建政策", 9 | "edit-policy": "編輯政策", 10 | "loading-policies": "政策", 11 | "loading-policy": "政策", 12 | "loading-rs": "資源集", 13 | "rs-table": { 14 | "confirm": "確定要刪除該資源?", 15 | "no-resource-sets": "尚未有已注冊的資源集。您可在此授權伺服器中注冊一個。", 16 | "scopes": "范圍", 17 | "shared-with": "共享給:", 18 | "shared-nobody": "不共享", 19 | "shared-nobody-tooltip": "此資源別人無法訪問,請編輯政策使其與其他人共享。", 20 | "sharing": "共享政策" 21 | }, 22 | "policy-table": { 23 | "new": "新建政策", 24 | "return": "返回到列表", 25 | "edit": "編輯政策", 26 | "confirm": "確定要刪除該政策?", 27 | "delete": "刪除", 28 | "no-policies": "此資源集尚未有政策:別人無法訪問此資源集。", 29 | "required-claims": "必須的聲明", 30 | "required-claims-info": "與您共享此資源的用戶必須具備以下聲明,才能訪問該資源。", 31 | "remove": "移除", 32 | "issuers": "簽發者", 33 | "claim": "聲明項", 34 | "value": "值" 35 | }, 36 | "policy-form": { 37 | "email-address": "email地址", 38 | "share-email": "連帶email地址共享", 39 | "new": "新建政策", 40 | "edit": "編輯政策", 41 | "claim-name": "聲明項名稱", 42 | "friendly-claim-name": "聲明的顯示名", 43 | "claim-value": "聲明的值", 44 | "value-type-text": "文本", 45 | "value-type-number": "數字", 46 | "clear-all": "清除全部聲明", 47 | "clear-all-confirm": "您是否要從此政策中清除全部聲明?" 48 | }, 49 | "webfinger-error": "錯誤", 50 | "webfinger-error-description": "伺服器無法找到__email__的身份提供者。", 51 | "advanced-error": "錯誤", 52 | "advanced-error-description": "保存高級聲明時出錯。您是否填寫了全部必填項?" 53 | }, 54 | "sidebar": { 55 | "personal": { 56 | "resource_policies": "管理受保護資源的政策" 57 | } 58 | } 59 | } -------------------------------------------------------------------------------- /uma-server/pom.xml: -------------------------------------------------------------------------------- 1 | 2 | 17 | 18 | 4.0.0 19 | 20 | org.mitre 21 | openid-connect-parent 22 | 1.3.5-SNAPSHOT 23 | .. 24 | 25 | uma-server 26 | UMA Server Library 27 | User Managed Access (UMA) extension of the MITREid Connect server 28 | 29 | 30 | 31 | org.apache.maven.plugins 32 | maven-compiler-plugin 33 | 34 | ${java-version} 35 | ${java-version} 36 | 37 | 38 | 39 | 40 | 41 | 42 | org.mitre 43 | openid-connect-server 44 | 45 | 46 | org.mitre 47 | openid-connect-client 48 | 49 | 50 | 51 | -------------------------------------------------------------------------------- /uma-server/src/main/java/org/mitre/uma/util/ExternalLoginAuthoritiesMapper.java: -------------------------------------------------------------------------------- 1 | /******************************************************************************* 2 | * Copyright 2018 The MIT Internet Trust Consortium 3 | * 4 | * Licensed under the Apache License, Version 2.0 (the "License"); 5 | * you may not use this file except in compliance with the License. 6 | * You may obtain a copy of the License at 7 | * 8 | * http://www.apache.org/licenses/LICENSE-2.0 9 | * 10 | * Unless required by applicable law or agreed to in writing, software 11 | * distributed under the License is distributed on an "AS IS" BASIS, 12 | * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 13 | * See the License for the specific language governing permissions and 14 | * limitations under the License. 15 | *******************************************************************************/ 16 | 17 | package org.mitre.uma.util; 18 | 19 | import java.util.Collection; 20 | 21 | import org.mitre.openid.connect.client.OIDCAuthoritiesMapper; 22 | import org.mitre.openid.connect.model.UserInfo; 23 | import org.springframework.security.core.GrantedAuthority; 24 | import org.springframework.security.core.authority.SimpleGrantedAuthority; 25 | 26 | import com.google.common.collect.Sets; 27 | import com.nimbusds.jwt.JWT; 28 | 29 | /** 30 | * Utility class to map all external logins to the ROLE_EXTERNAL_USER authority 31 | * to prevent them from accessing other parts of the server. 32 | * 33 | * @author jricher 34 | * 35 | */ 36 | public class ExternalLoginAuthoritiesMapper implements OIDCAuthoritiesMapper { 37 | 38 | private static final GrantedAuthority ROLE_EXTERNAL_USER = new SimpleGrantedAuthority("ROLE_EXTERNAL_USER"); 39 | 40 | @Override 41 | public Collection mapAuthorities(JWT idToken, UserInfo userInfo) { 42 | return Sets.newHashSet(ROLE_EXTERNAL_USER); 43 | } 44 | 45 | } 46 | --------------------------------------------------------------------------------