Skip to content
GitLab
Menu
Projects
Groups
Snippets
Help
Help
Support
Community forum
Keyboard shortcuts
?
Submit feedback
Sign in
Toggle navigation
Menu
Open sidebar
reg-app
Regapp
Commits
f5775833
Commit
f5775833
authored
Feb 15, 2021
by
michael.simon
Browse files
add hostname to OIDC OP operations
parent
7165704e
Changes
10
Hide whitespace changes
Inline
Side-by-side
bwreg-jpa/src/main/java/edu/kit/scc/webreg/dao/jpa/oidc/JpaOidcOpConfigurationDao.java
View file @
f5775833
...
@@ -40,6 +40,24 @@ public class JpaOidcOpConfigurationDao extends JpaBaseDao<OidcOpConfigurationEnt
...
@@ -40,6 +40,24 @@ public class JpaOidcOpConfigurationDao extends JpaBaseDao<OidcOpConfigurationEnt
}
}
}
}
@Override
public
OidcOpConfigurationEntity
findByRealmAndHost
(
String
realm
,
String
host
)
{
CriteriaBuilder
builder
=
em
.
getCriteriaBuilder
();
CriteriaQuery
<
OidcOpConfigurationEntity
>
criteria
=
builder
.
createQuery
(
OidcOpConfigurationEntity
.
class
);
Root
<
OidcOpConfigurationEntity
>
root
=
criteria
.
from
(
OidcOpConfigurationEntity
.
class
);
criteria
.
where
(
builder
.
and
(
builder
.
equal
(
root
.
get
(
OidcOpConfigurationEntity_
.
realm
),
realm
),
builder
.
equal
(
root
.
get
(
OidcOpConfigurationEntity_
.
host
),
host
)
));
criteria
.
select
(
root
);
try
{
return
em
.
createQuery
(
criteria
).
getSingleResult
();
}
catch
(
NoResultException
e
)
{
return
null
;
}
}
@Override
@Override
public
Class
<
OidcOpConfigurationEntity
>
getEntityClass
()
{
public
Class
<
OidcOpConfigurationEntity
>
getEntityClass
()
{
return
OidcOpConfigurationEntity
.
class
;
return
OidcOpConfigurationEntity
.
class
;
...
...
bwreg-jpa/src/main/java/edu/kit/scc/webreg/dao/oidc/OidcOpConfigurationDao.java
View file @
f5775833
...
@@ -16,5 +16,5 @@ import edu.kit.scc.webreg.entity.oidc.OidcOpConfigurationEntity;
...
@@ -16,5 +16,5 @@ import edu.kit.scc.webreg.entity.oidc.OidcOpConfigurationEntity;
public
interface
OidcOpConfigurationDao
extends
BaseDao
<
OidcOpConfigurationEntity
,
Long
>
{
public
interface
OidcOpConfigurationDao
extends
BaseDao
<
OidcOpConfigurationEntity
,
Long
>
{
OidcOpConfigurationEntity
findByRealm
(
String
realm
);
OidcOpConfigurationEntity
findByRealm
(
String
realm
);
OidcOpConfigurationEntity
findByRealmAndHost
(
String
realm
,
String
host
);
}
}
bwreg-jpa/src/main/java/edu/kit/scc/webreg/entity/oidc/OidcOpConfigurationEntity_.java
View file @
f5775833
...
@@ -10,5 +10,6 @@ public abstract class OidcOpConfigurationEntity_ extends edu.kit.scc.webreg.enti
...
@@ -10,5 +10,6 @@ public abstract class OidcOpConfigurationEntity_ extends edu.kit.scc.webreg.enti
public
static
volatile
SingularAttribute
<
OidcOpConfigurationEntity
,
String
>
realm
;
public
static
volatile
SingularAttribute
<
OidcOpConfigurationEntity
,
String
>
realm
;
public
static
volatile
SingularAttribute
<
OidcOpConfigurationEntity
,
String
>
name
;
public
static
volatile
SingularAttribute
<
OidcOpConfigurationEntity
,
String
>
name
;
public
static
volatile
SingularAttribute
<
OidcOpConfigurationEntity
,
String
>
host
;
}
}
bwreg-service/src/main/java/edu/kit/scc/webreg/service/oidc/OidcOpConfigurationService.java
View file @
f5775833
...
@@ -16,5 +16,5 @@ import edu.kit.scc.webreg.service.BaseService;
...
@@ -16,5 +16,5 @@ import edu.kit.scc.webreg.service.BaseService;
public
interface
OidcOpConfigurationService
extends
BaseService
<
OidcOpConfigurationEntity
,
Long
>
{
public
interface
OidcOpConfigurationService
extends
BaseService
<
OidcOpConfigurationEntity
,
Long
>
{
OidcOpConfigurationEntity
findByRealm
(
String
realm
);
OidcOpConfigurationEntity
findByRealm
(
String
realm
);
OidcOpConfigurationEntity
findByRealmAndHost
(
String
realm
,
String
host
);
}
}
bwreg-service/src/main/java/edu/kit/scc/webreg/service/oidc/OidcOpConfigurationServiceImpl.java
View file @
f5775833
...
@@ -30,6 +30,10 @@ public class OidcOpConfigurationServiceImpl extends BaseServiceImpl<OidcOpConfig
...
@@ -30,6 +30,10 @@ public class OidcOpConfigurationServiceImpl extends BaseServiceImpl<OidcOpConfig
return
dao
.
findByRealm
(
realm
);
return
dao
.
findByRealm
(
realm
);
}
}
public
OidcOpConfigurationEntity
findByRealmAndHost
(
String
realm
,
String
host
)
{
return
dao
.
findByRealmAndHost
(
realm
,
host
);
}
@Override
@Override
protected
BaseDao
<
OidcOpConfigurationEntity
,
Long
>
getDao
()
{
protected
BaseDao
<
OidcOpConfigurationEntity
,
Long
>
getDao
()
{
return
dao
;
return
dao
;
...
...
bwreg-service/src/main/java/edu/kit/scc/webreg/service/oidc/OidcOpLogin.java
View file @
f5775833
...
@@ -20,7 +20,7 @@ public interface OidcOpLogin {
...
@@ -20,7 +20,7 @@ public interface OidcOpLogin {
String
registerAuthRequestReturn
(
String
realm
,
HttpServletRequest
request
,
HttpServletResponse
response
)
String
registerAuthRequestReturn
(
String
realm
,
HttpServletRequest
request
,
HttpServletResponse
response
)
throws
IOException
,
OidcAuthenticationException
;
throws
IOException
,
OidcAuthenticationException
;
JSONObject
serveUserJwt
(
String
realm
)
throws
OidcAuthenticationException
;
JSONObject
serveUserJwt
(
String
realm
,
HttpServletRequest
request
,
HttpServletResponse
response
)
throws
OidcAuthenticationException
;
JSONObject
serveToken
(
String
realm
,
String
grantType
,
String
code
,
String
redirectUri
,
HttpServletRequest
request
,
JSONObject
serveToken
(
String
realm
,
String
grantType
,
String
code
,
String
redirectUri
,
HttpServletRequest
request
,
HttpServletResponse
response
,
String
clientId
,
String
clientSecret
)
throws
OidcAuthenticationException
;
HttpServletResponse
response
,
String
clientId
,
String
clientSecret
)
throws
OidcAuthenticationException
;
...
...
bwreg-service/src/main/java/edu/kit/scc/webreg/service/oidc/OidcOpLoginImpl.java
View file @
f5775833
...
@@ -104,10 +104,10 @@ public class OidcOpLoginImpl implements OidcOpLogin {
...
@@ -104,10 +104,10 @@ public class OidcOpLoginImpl implements OidcOpLogin {
String
state
,
String
nonce
,
String
clientId
,
String
state
,
String
nonce
,
String
clientId
,
HttpServletRequest
request
,
HttpServletResponse
response
)
throws
IOException
,
OidcAuthenticationException
{
HttpServletRequest
request
,
HttpServletResponse
response
)
throws
IOException
,
OidcAuthenticationException
{
OidcOpConfigurationEntity
opConfig
=
opDao
.
findByRealm
(
realm
);
OidcOpConfigurationEntity
opConfig
=
opDao
.
findByRealm
AndHost
(
realm
,
request
.
getLocalName
()
);
if
(
opConfig
==
null
)
{
if
(
opConfig
==
null
)
{
throw
new
OidcAuthenticationException
(
"unknown realm
"
);
throw
new
OidcAuthenticationException
(
"unknown realm
/host combination: "
+
realm
+
" / "
+
request
.
getLocalName
()
);
}
}
IdentityEntity
identity
=
null
;
IdentityEntity
identity
=
null
;
...
@@ -153,10 +153,10 @@ public class OidcOpLoginImpl implements OidcOpLogin {
...
@@ -153,10 +153,10 @@ public class OidcOpLoginImpl implements OidcOpLogin {
public
String
registerAuthRequestReturn
(
String
realm
,
HttpServletRequest
request
,
HttpServletResponse
response
)
public
String
registerAuthRequestReturn
(
String
realm
,
HttpServletRequest
request
,
HttpServletResponse
response
)
throws
IOException
,
OidcAuthenticationException
{
throws
IOException
,
OidcAuthenticationException
{
OidcOpConfigurationEntity
opConfig
=
opDao
.
findByRealm
(
realm
);
OidcOpConfigurationEntity
opConfig
=
opDao
.
findByRealm
AndHost
(
realm
,
request
.
getLocalName
()
);
if
(
opConfig
==
null
)
{
if
(
opConfig
==
null
)
{
throw
new
OidcAuthenticationException
(
"unknown realm
"
);
throw
new
OidcAuthenticationException
(
"unknown realm
/host combination: "
+
realm
+
" / "
+
request
.
getLocalName
()
);
}
}
IdentityEntity
identity
=
null
;
IdentityEntity
identity
=
null
;
...
@@ -447,12 +447,12 @@ public class OidcOpLoginImpl implements OidcOpLogin {
...
@@ -447,12 +447,12 @@ public class OidcOpLoginImpl implements OidcOpLogin {
}
}
@Override
@Override
public
JSONObject
serveUserJwt
(
String
realm
)
throws
OidcAuthenticationException
{
public
JSONObject
serveUserJwt
(
String
realm
,
HttpServletRequest
request
,
HttpServletResponse
response
)
throws
OidcAuthenticationException
{
OidcOpConfigurationEntity
opConfig
=
opDao
.
findByRealm
(
realm
);
OidcOpConfigurationEntity
opConfig
=
opDao
.
findByRealm
AndHost
(
realm
,
request
.
getLocalName
()
);
if
(
opConfig
==
null
)
{
if
(
opConfig
==
null
)
{
throw
new
OidcAuthenticationException
(
"unknown realm
"
);
throw
new
OidcAuthenticationException
(
"unknown realm
/host combination: "
+
realm
+
" / "
+
request
.
getLocalName
()
);
}
}
if
(
session
.
isLoggedIn
())
{
if
(
session
.
isLoggedIn
())
{
...
...
bwreg-webapp/src/main/java/edu/kit/scc/webreg/oauth/JwtAuthController.java
View file @
f5775833
package
edu.kit.scc.webreg.oauth
;
package
edu.kit.scc.webreg.oauth
;
import
javax.inject.Inject
;
import
javax.inject.Inject
;
import
javax.servlet.http.HttpServletRequest
;
import
javax.servlet.http.HttpServletResponse
;
import
javax.ws.rs.GET
;
import
javax.ws.rs.GET
;
import
javax.ws.rs.Path
;
import
javax.ws.rs.Path
;
import
javax.ws.rs.PathParam
;
import
javax.ws.rs.PathParam
;
import
javax.ws.rs.Produces
;
import
javax.ws.rs.Produces
;
import
javax.ws.rs.core.Context
;
import
javax.ws.rs.core.MediaType
;
import
javax.ws.rs.core.MediaType
;
import
org.slf4j.Logger
;
import
org.slf4j.Logger
;
...
@@ -24,12 +27,12 @@ public class JwtAuthController {
...
@@ -24,12 +27,12 @@ public class JwtAuthController {
@GET
@GET
@Path
(
"/{realm}/jwt"
)
@Path
(
"/{realm}/jwt"
)
@Produces
(
MediaType
.
APPLICATION_JSON
)
@Produces
(
MediaType
.
APPLICATION_JSON
)
public
JSONObject
jwt
(
@PathParam
(
"realm"
)
String
realm
)
public
JSONObject
jwt
(
@PathParam
(
"realm"
)
String
realm
,
@Context
HttpServletRequest
request
,
@Context
HttpServletResponse
response
)
throws
Exception
{
throws
Exception
{
logger
.
debug
(
"Token JWT called"
);
logger
.
debug
(
"Token JWT called"
);
return
opLogin
.
serveUserJwt
(
realm
);
return
opLogin
.
serveUserJwt
(
realm
,
request
,
response
);
}
}
}
}
bwreg-webapp/src/main/java/edu/kit/scc/webreg/oauth/OidcCertsController.java
View file @
f5775833
...
@@ -6,10 +6,13 @@ import java.util.ArrayList;
...
@@ -6,10 +6,13 @@ import java.util.ArrayList;
import
java.util.List
;
import
java.util.List
;
import
javax.inject.Inject
;
import
javax.inject.Inject
;
import
javax.servlet.http.HttpServletRequest
;
import
javax.servlet.http.HttpServletResponse
;
import
javax.ws.rs.GET
;
import
javax.ws.rs.GET
;
import
javax.ws.rs.Path
;
import
javax.ws.rs.Path
;
import
javax.ws.rs.PathParam
;
import
javax.ws.rs.PathParam
;
import
javax.ws.rs.Produces
;
import
javax.ws.rs.Produces
;
import
javax.ws.rs.core.Context
;
import
javax.ws.rs.core.MediaType
;
import
javax.ws.rs.core.MediaType
;
import
org.slf4j.Logger
;
import
org.slf4j.Logger
;
...
@@ -39,14 +42,18 @@ public class OidcCertsController {
...
@@ -39,14 +42,18 @@ public class OidcCertsController {
@GET
@GET
@Path
(
"/{realm}/protocol/openid-connect/certs"
)
@Path
(
"/{realm}/protocol/openid-connect/certs"
)
@Produces
(
MediaType
.
APPLICATION_JSON
)
@Produces
(
MediaType
.
APPLICATION_JSON
)
public
JSONObject
auth
(
@PathParam
(
"realm"
)
String
realm
)
public
JSONObject
auth
(
@PathParam
(
"realm"
)
String
realm
,
@Context
HttpServletRequest
request
,
@Context
HttpServletResponse
response
)
throws
IOException
,
OidcAuthenticationException
{
throws
IOException
,
OidcAuthenticationException
{
try
{
try
{
logger
.
debug
(
"certs called for {}"
,
realm
);
logger
.
debug
(
"certs called for {}"
,
realm
);
OidcOpConfigurationEntity
opConfig
=
opService
.
findByRealmAndHost
(
realm
,
request
.
getLocalName
());
OidcOpConfigurationEntity
opConfig
=
opService
.
findByRealm
(
realm
);
if
(
opConfig
==
null
)
{
throw
new
OidcAuthenticationException
(
"No such realm"
);
}
List
<
JWK
>
jwkList
=
new
ArrayList
<
JWK
>();
List
<
JWK
>
jwkList
=
new
ArrayList
<
JWK
>();
if
(
opConfig
.
getCertificate
()
!=
null
&&
!(
opConfig
.
getCertificate
().
equals
(
""
)))
{
if
(
opConfig
.
getCertificate
()
!=
null
&&
!(
opConfig
.
getCertificate
().
equals
(
""
)))
{
X509Certificate
certificate
=
cryptoHelper
.
getCertificate
(
opConfig
.
getCertificate
());
X509Certificate
certificate
=
cryptoHelper
.
getCertificate
(
opConfig
.
getCertificate
());
...
...
bwreg-webapp/src/main/java/edu/kit/scc/webreg/oauth/OidcWellknownController.java
View file @
f5775833
...
@@ -8,10 +8,13 @@ import java.util.List;
...
@@ -8,10 +8,13 @@ import java.util.List;
import
javax.inject.Inject
;
import
javax.inject.Inject
;
import
javax.servlet.ServletException
;
import
javax.servlet.ServletException
;
import
javax.servlet.http.HttpServletRequest
;
import
javax.servlet.http.HttpServletResponse
;
import
javax.ws.rs.GET
;
import
javax.ws.rs.GET
;
import
javax.ws.rs.Path
;
import
javax.ws.rs.Path
;
import
javax.ws.rs.PathParam
;
import
javax.ws.rs.PathParam
;
import
javax.ws.rs.Produces
;
import
javax.ws.rs.Produces
;
import
javax.ws.rs.core.Context
;
import
javax.ws.rs.core.MediaType
;
import
javax.ws.rs.core.MediaType
;
import
org.slf4j.Logger
;
import
org.slf4j.Logger
;
...
@@ -41,17 +44,15 @@ public class OidcWellknownController {
...
@@ -41,17 +44,15 @@ public class OidcWellknownController {
@GET
@GET
@Path
(
"/{realm}/.well-known/openid-configuration"
)
@Path
(
"/{realm}/.well-known/openid-configuration"
)
@Produces
(
MediaType
.
APPLICATION_JSON
)
@Produces
(
MediaType
.
APPLICATION_JSON
)
public
JSONObject
wellknown
(
@PathParam
(
"realm"
)
String
realm
)
public
JSONObject
wellknown
(
@PathParam
(
"realm"
)
String
realm
,
@Context
HttpServletRequest
request
,
@Context
HttpServletResponse
response
)
throws
ServletException
{
throws
ServletException
{
/*
* TODO: Realm from configuration (database)
OidcOpConfigurationEntity
opConfig
=
opService
.
findByRealmAndHost
(
realm
,
request
.
getLocalName
());
*/
OidcOpConfigurationEntity
opConfig
=
opService
.
findByRealm
(
realm
);
if
(
opConfig
==
null
)
{
if
(
opConfig
==
null
)
{
throw
new
ServletException
(
"No such realm"
);
throw
new
ServletException
(
"No such realm"
);
}
}
try
{
try
{
List
<
SubjectType
>
subjectTypeList
=
Arrays
.
asList
(
new
SubjectType
[]
{
SubjectType
.
PAIRWISE
,
SubjectType
.
PUBLIC
});
List
<
SubjectType
>
subjectTypeList
=
Arrays
.
asList
(
new
SubjectType
[]
{
SubjectType
.
PAIRWISE
,
SubjectType
.
PUBLIC
});
OIDCProviderMetadata
metadata
=
new
OIDCProviderMetadata
(
new
Issuer
(
"https://"
+
opConfig
.
getHost
()
+
"/oidc/realms/"
+
opConfig
.
getRealm
()),
OIDCProviderMetadata
metadata
=
new
OIDCProviderMetadata
(
new
Issuer
(
"https://"
+
opConfig
.
getHost
()
+
"/oidc/realms/"
+
opConfig
.
getRealm
()),
...
...
Write
Preview
Supports
Markdown
0%
Try again
or
attach a new file
.
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment