mitreid-connect
公開メンバ関数 | 非公開変数類 | 静的非公開変数類 | 全メンバ一覧
org.mitre.openid.connect.token.ConnectTokenEnhancer クラス
org.mitre.openid.connect.token.ConnectTokenEnhancer の継承関係図
Inheritance graph
org.mitre.openid.connect.token.ConnectTokenEnhancer 連携図
Collaboration graph

公開メンバ関数

OAuth2AccessToken enhance (OAuth2AccessToken accessToken, OAuth2Authentication authentication)
 
ConfigurationPropertiesBean getConfigBean ()
 
void setConfigBean (ConfigurationPropertiesBean configBean)
 
JWTSigningAndValidationService getJwtService ()
 
void setJwtService (JWTSigningAndValidationService jwtService)
 
ClientDetailsEntityService getClientService ()
 
void setClientService (ClientDetailsEntityService clientService)
 

非公開変数類

ConfigurationPropertiesBean configBean
 
JWTSigningAndValidationService jwtService
 
ClientDetailsEntityService clientService
 
UserInfoService userInfoService
 
OIDCTokenService connectTokenService
 

静的非公開変数類

static final Logger logger = LoggerFactory.getLogger(ConnectTokenEnhancer.class)
 

詳解

関数詳解

◆ enhance()

OAuth2AccessToken org.mitre.openid.connect.token.ConnectTokenEnhancer.enhance ( OAuth2AccessToken  accessToken,
OAuth2Authentication  authentication 
)
inline

Authorization request scope MUST include "openid" in OIDC, but access token request may or may not include the scope parameter. As long as the AuthorizationRequest has the proper scope, we can consider this a valid OpenID Connect request. Otherwise, we consider it to be a vanilla OAuth2 request.

Also, there must be a user authentication involved in the request for it to be considered OIDC and not OAuth, so we check for that as well.

74  {
75 
76  OAuth2AccessTokenEntity token = (OAuth2AccessTokenEntity) accessToken;
77  OAuth2Request originalAuthRequest = authentication.getOAuth2Request();
78 
79  String clientId = originalAuthRequest.getClientId();
80  ClientDetailsEntity client = clientService.loadClientByClientId(clientId);
81 
82  Builder builder = new JWTClaimsSet.Builder()
83  .claim("azp", clientId)
84  .issuer(configBean.getIssuer())
85  .issueTime(new Date())
86  .expirationTime(token.getExpiration())
87  .subject(authentication.getName())
88  .jwtID(UUID.randomUUID().toString()); // set a random NONCE in the middle of it
89 
90  String audience = (String) authentication.getOAuth2Request().getExtensions().get("aud");
91  if (!Strings.isNullOrEmpty(audience)) {
92  builder.audience(Lists.newArrayList(audience));
93  }
94 
95  JWTClaimsSet claims = builder.build();
96 
97  JWSAlgorithm signingAlg = jwtService.getDefaultSigningAlgorithm();
98  JWSHeader header = new JWSHeader(signingAlg, null, null, null, null, null, null, null, null, null,
99  jwtService.getDefaultSignerKeyId(),
100  null, null);
101  SignedJWT signed = new SignedJWT(header, claims);
102 
103  jwtService.signJwt(signed);
104 
105  token.setJwt(signed);
106 
116  if (originalAuthRequest.getScope().contains(SystemScopeService.OPENID_SCOPE)
117  && !authentication.isClientOnly()) {
118 
119  String username = authentication.getName();
120  UserInfo userInfo = userInfoService.getByUsernameAndClientId(username, clientId);
121 
122  if (userInfo != null) {
123 
124  JWT idToken = connectTokenService.createIdToken(client,
125  originalAuthRequest, claims.getIssueTime(),
126  userInfo.getSub(), token);
127 
128  // attach the id token to the parent access token
129  token.setIdToken(idToken);
130  } else {
131  // can't create an id token if we can't find the user
132  logger.warn("Request for ID token when no user is present.");
133  }
134  }
135 
136  return token;
137  }
org.mitre.openid.connect.token.ConnectTokenEnhancer.clientService
ClientDetailsEntityService clientService
Definition: ConnectTokenEnhancer.java:65
org.mitre.openid.connect.service.OIDCTokenService.createIdToken
JWT createIdToken(ClientDetailsEntity client, OAuth2Request request, Date issueTime, String sub, OAuth2AccessTokenEntity accessToken)
org.mitre.openid.connect.token.ConnectTokenEnhancer.jwtService
JWTSigningAndValidationService jwtService
Definition: ConnectTokenEnhancer.java:62
org.mitre.openid.connect.service.UserInfoService.getByUsernameAndClientId
UserInfo getByUsernameAndClientId(String username, String clientId)
org.mitre.openid.connect.token.ConnectTokenEnhancer.userInfoService
UserInfoService userInfoService
Definition: ConnectTokenEnhancer.java:68
org.mitre.openid.connect.token.ConnectTokenEnhancer.configBean
ConfigurationPropertiesBean configBean
Definition: ConnectTokenEnhancer.java:59
org.mitre.openid.connect.token.ConnectTokenEnhancer.connectTokenService
OIDCTokenService connectTokenService
Definition: ConnectTokenEnhancer.java:71
org.mitre.openid.connect.token.ConnectTokenEnhancer.logger
static final Logger logger
Definition: ConnectTokenEnhancer.java:56
org.mitre.oauth2.service.ClientDetailsEntityService.loadClientByClientId
ClientDetailsEntity loadClientByClientId(String clientId)
org.mitre.openid.connect.config.ConfigurationPropertiesBean.getIssuer
String getIssuer()
Definition: ConfigurationPropertiesBean.java:100

◆ getClientService()

ClientDetailsEntityService org.mitre.openid.connect.token.ConnectTokenEnhancer.getClientService ( )
inline
155  {
156  return clientService;
157  }
org.mitre.openid.connect.token.ConnectTokenEnhancer.clientService
ClientDetailsEntityService clientService
Definition: ConnectTokenEnhancer.java:65

◆ getConfigBean()

ConfigurationPropertiesBean org.mitre.openid.connect.token.ConnectTokenEnhancer.getConfigBean ( )
inline
139  {
140  return configBean;
141  }
org.mitre.openid.connect.token.ConnectTokenEnhancer.configBean
ConfigurationPropertiesBean configBean
Definition: ConnectTokenEnhancer.java:59

◆ getJwtService()

JWTSigningAndValidationService org.mitre.openid.connect.token.ConnectTokenEnhancer.getJwtService ( )
inline
147  {
148  return jwtService;
149  }
org.mitre.openid.connect.token.ConnectTokenEnhancer.jwtService
JWTSigningAndValidationService jwtService
Definition: ConnectTokenEnhancer.java:62

◆ setClientService()

void org.mitre.openid.connect.token.ConnectTokenEnhancer.setClientService ( ClientDetailsEntityService  clientService)
inline
159  {
160  this.clientService = clientService;
161  }
org.mitre.openid.connect.token.ConnectTokenEnhancer.clientService
ClientDetailsEntityService clientService
Definition: ConnectTokenEnhancer.java:65

◆ setConfigBean()

void org.mitre.openid.connect.token.ConnectTokenEnhancer.setConfigBean ( ConfigurationPropertiesBean  configBean)
inline
143  {
144  this.configBean = configBean;
145  }
org.mitre.openid.connect.token.ConnectTokenEnhancer.configBean
ConfigurationPropertiesBean configBean
Definition: ConnectTokenEnhancer.java:59

◆ setJwtService()

void org.mitre.openid.connect.token.ConnectTokenEnhancer.setJwtService ( JWTSigningAndValidationService  jwtService)
inline
151  {
152  this.jwtService = jwtService;
153  }
org.mitre.openid.connect.token.ConnectTokenEnhancer.jwtService
JWTSigningAndValidationService jwtService
Definition: ConnectTokenEnhancer.java:62

メンバ詳解

◆ clientService

ClientDetailsEntityService org.mitre.openid.connect.token.ConnectTokenEnhancer.clientService
private

◆ configBean

ConfigurationPropertiesBean org.mitre.openid.connect.token.ConnectTokenEnhancer.configBean
private

◆ connectTokenService

OIDCTokenService org.mitre.openid.connect.token.ConnectTokenEnhancer.connectTokenService
private

◆ jwtService

JWTSigningAndValidationService org.mitre.openid.connect.token.ConnectTokenEnhancer.jwtService
private

◆ logger

final Logger org.mitre.openid.connect.token.ConnectTokenEnhancer.logger = LoggerFactory.getLogger(ConnectTokenEnhancer.class)
staticprivate

Logger for this class

◆ userInfoService

UserInfoService org.mitre.openid.connect.token.ConnectTokenEnhancer.userInfoService
private
このクラス詳解は次のファイルから抽出されました:
2018年09月27日(木) 21時26分38秒作成 - mitreid-connect / 構成:   doxygen 1.8.13