Implicit grant. Needs CORS filter running on UAA.

cloudfoundry · Jan 21, 2015 · 139e57e · 139e57e
1 parent fb5cfba
commit 139e57e
Show file tree

Hide file tree

Showing 7 changed files with 69 additions and 10 deletions.
diff --git a/...dfoundry/identity/api/web/CorsFilter.java → ...dfoundry/identity/uaa/web/CorsFilter.java b/...dfoundry/identity/api/web/CorsFilter.java → ...dfoundry/identity/uaa/web/CorsFilter.java
@@ -11,7 +11,7 @@
  *     subcomponent's license, as noted in the LICENSE file.
  *******************************************************************************/
 
-package org.cloudfoundry.identity.api.web;
+package org.cloudfoundry.identity.uaa.web;
 
 import java.io.IOException;
 

diff --git a/samples/api/src/main/webapp/WEB-INF/web.xml b/samples/api/src/main/webapp/WEB-INF/web.xml
@@ -17,7 +17,7 @@
 
 	<filter>
 		<filter-name>cors</filter-name>
-		<filter-class>org.cloudfoundry.identity.api.web.CorsFilter</filter-class>
+		<filter-class>org.cloudfoundry.identity.uaa.web.CorsFilter</filter-class>
 	</filter>
 
 	<filter-mapping>

diff --git a/...rc/main/java/org/cloudfoundry/identity/oauth2showcase/controller/IndexPageController.java b/...rc/main/java/org/cloudfoundry/identity/oauth2showcase/controller/IndexPageController.java
@@ -12,6 +12,7 @@
 import org.springframework.security.oauth2.client.OAuth2ClientContext;
 import org.springframework.security.oauth2.client.OAuth2RestTemplate;
 import org.springframework.security.oauth2.client.token.grant.password.ResourceOwnerPasswordResourceDetails;
+import org.springframework.security.web.util.UrlUtils;
 import org.springframework.stereotype.Controller;
 import org.springframework.ui.Model;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -56,8 +57,9 @@ public String clientCredentials(Model model) throws Exception {
     }
 
     @RequestMapping("/")
-    public String index(HttpServletRequest request) {
+    public String index(HttpServletRequest request, Model model) {
         request.getSession().invalidate();
+        model.addAttribute("thisUrl", UrlUtils.buildFullRequestUrl(request));
         return "index";
     }
 
@@ -69,7 +71,7 @@ public String authCode(Model model) {
         return "authorization_code";
     }
 
-    @RequestMapping({"/password","implicit"})
+    @RequestMapping("/password")
 
     public String showPasswordPage() {
         return "password";
@@ -83,8 +85,7 @@ public String doPasswordLogin(@RequestParam String username, @RequestParam Strin
         model.addAttribute("response", jsonFromUaa);
         addTokenToModel(model);
         return "after_password";
-    }
-
+    }  
 
     public void addTokenToModel(Model model) {
         try {

diff --git a/samples/oauth-showcase/src/main/resources/public/implicit.html b/samples/oauth-showcase/src/main/resources/public/implicit.html
@@ -0,0 +1,45 @@
+<!DOCTYPE HTML>
+<html xmlns:th="http://www.thymeleaf.org">
+	<head>
+	    <title>OAuth 2 Showcase</title>
+	    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+	    <style type="text/css">
+	    table, th, td {
+		   border: 1px solid black;
+		   border-spacing: 0;
+		}
+	    </style>
+	    <script src="//ajax.googleapis.com/ajax/libs/jquery/2.1.1/jquery.min.js"></script>
+	    <script type="text/javascript">
+	   	$(function(){
+	   		var fullTokenBase64 = /access_token=([^&]+)/.exec(window.location.hash)[1];
+	   		var tokenBase64 = fullTokenBase64.split('\.')[1];
+	   		var tokenJsonString = atob(tokenBase64);
+	   		var prettyToken = JSON.stringify(JSON.parse(tokenJsonString),null,'  ');
+	   		$('#token').text(prettyToken);
+
+	   		$.ajax('http://localhost:8080/uaa/userinfo',{
+	   			headers:{
+	   				"Authorization": "Bearer "+fullTokenBase64		
+	   			},
+	   			success: function(data) {
+	   				var prettyUserinfo = JSON.stringify(data,null,'  ');
+	   				$('#userinfo').text(prettyUserinfo);
+	   			}
+	   		});
+
+
+	   	});
+
+	    </script>
+	</head>
+	<body>
+		<h1>OAuth 2 Showcase!!!!!!!!!!!!111</h1>
+		<p>This is a static HTML page! The server only saw a request for /implicit.html. Everything after the # in the address bar is stuff that only your browser can see.</p>
+		<p>Here's the result of calling /userinfo:</p>
+		<pre id="userinfo"></pre>
+		<p>Your access token is:</p> 
+		<pre id="token"></pre>
+
+	</body>
+</html>
diff --git a/samples/oauth-showcase/src/main/resources/templates/index.html b/samples/oauth-showcase/src/main/resources/templates/index.html
@@ -18,16 +18,16 @@ <h1>OAuth 2 Showcase!!!!!!!!!!!!111</h1>
 		<h2>What do you want to do?</h2>
 		<ul>
 			<li>
-				<a href="/authorization_code">Log in via authcode flow SSO and see the response from /login</a>
+				<a href="/authorization_code">Log in via authcode flow SSO and see the response from /userinfo</a>
 			</li>
 			<li>
 				<a href="/client_credentials">Use Client Credentials to get a list of clients from UAA</a>
 			</li>
 			<li>
-				<a href="/password">Use the Resource Owner Password Grant to get a list of clients from UAA</a>
+				<a href="/password">Use the Resource Owner Password Grant and see the response from /userinfo</a>
 			</li>
 			<li>
-				<a href="/password">Use the Resource Owner Password Grant to get a list of clients from UAA</a>
+				<a target="uaa" th:href="@{{uaa}/oauth/authorize(uaa=${@environment.getProperty('uaa.location')},client_id='oauth_showcase_implicit_grant',response_type='token',redirect_uri=|${thisUrl}/implicit.html|) }">Use the Implicit Grant and see the response from /userinfo</a>
 			</li>
 		</ul>
 

diff --git a/uaa/src/main/webapp/WEB-INF/spring-servlet.xml b/uaa/src/main/webapp/WEB-INF/spring-servlet.xml
@@ -56,6 +56,8 @@
     <bean id="oauth2TokenParseFilter" class="java.lang.Class" factory-method="forName">
         <constructor-arg value="org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationProcessingFilter"/>
     </bean>
+	<bean id="corsFilter" class="org.cloudfoundry.identity.uaa.web.CorsFilter"/>
+
     <bean class="org.cloudfoundry.identity.uaa.security.web.SecurityFilterChainPostProcessor">
         <property name="requireHttps" value="${require_https:false}" />
         <property name="dumpRequests" value="${dump_requests:false}" />
@@ -77,12 +79,14 @@
         <property name="additionalFilters">
             <map>
                 <!-- Zone resolver goes after UaaLoggingFilter : position 1-->
+                <entry value-ref="corsFilter"
+                       key="#{T(org.cloudfoundry.identity.uaa.security.web.SecurityFilterChainPostProcessor.FilterPosition).position(0)}" />
                 <entry value-ref="identityZoneResolvingFilter"
                        key="#{T(org.cloudfoundry.identity.uaa.security.web.SecurityFilterChainPostProcessor.FilterPosition).position(1)}"/>
                 <!-- Zone switcher goes *after* class OAuth2AuthenticationProcessingFilter as it requires a token to be present to work -->
                 <entry value-ref="identityZoneSwitchingFilter"
                        key="#{T(org.cloudfoundry.identity.uaa.security.web.SecurityFilterChainPostProcessor.FilterPosition).after(@oauth2TokenParseFilter)}"/>
-            </map>
+        	</map>
         </property>
     </bean>
 

diff --git a/uaa/src/main/webapp/WEB-INF/spring/oauth-clients.xml b/uaa/src/main/webapp/WEB-INF/spring/oauth-clients.xml
@@ -149,6 +149,15 @@
                             <entry key="authorities" value="uaa.resource,clients.read" />
                         </map>
                     </entry>
+                    <entry key="oauth_showcase_implicit_grant">
+                        <map>
+                            <entry key="id" value="oauth_showcase_implicit_grant" />
+                            <entry key="secret" value="secret" />
+                            <entry key="authorized-grant-types" value="implicit" />
+                            <entry key="scope" value="openid" />
+                            <entry key="authorities" value="uaa.resource" />
+                        </map>
+                    </entry>
 
                 </map>
             </property>