Skip to content

Commit 3acb717

Browse files
jricherjricher
committed
cleaned up UMA server overlay
1 parent 52d2298 commit 3acb717

File tree

7 files changed

+183
-345
lines changed

7 files changed

+183
-345
lines changed

openid-connect-server-webapp/src/main/webapp/WEB-INF/application-context.xml

Lines changed: 6 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -144,7 +144,7 @@
144144
create-session="stateless"
145145
authentication-manager-ref="clientAuthenticationManager">
146146
<security:http-basic entry-point-ref="oauthAuthenticationEntryPoint" />
147-
<!-- <security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" /> -->
147+
<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
148148
<security:custom-filter ref="clientAssertionEndpointFilter" after="PRE_AUTH_FILTER" /> <!-- this one has to go first -->
149149
<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
150150
<security:custom-filter ref="clientCredentialsEndpointFilter" after="BASIC_AUTH_FILTER" />
@@ -157,7 +157,7 @@
157157
create-session="stateless"
158158
authentication-manager-ref="clientAuthenticationManager">
159159
<security:http-basic entry-point-ref="oauthAuthenticationEntryPoint" />
160-
<!-- <security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" /> -->
160+
<security:custom-filter ref="resourceServerFilter" before="PRE_AUTH_FILTER" />
161161
<security:custom-filter ref="clientAssertionEndpointFilter" after="PRE_AUTH_FILTER" /> <!-- this one has to go first -->
162162
<security:custom-filter ref="corsFilter" after="SECURITY_CONTEXT_FILTER" />
163163
<security:custom-filter ref="clientCredentialsEndpointFilter" after="BASIC_AUTH_FILTER" />
@@ -170,6 +170,10 @@
170170

171171
<bean id="http403EntryPoint" class="org.springframework.security.web.authentication.Http403ForbiddenEntryPoint" />
172172

173+
<!-- Additional endpoints for extensions (such as UMA) -->
174+
175+
<import resource="endpoint-config.xml" />
176+
173177
<!-- SECOAUTH Authorization Server -->
174178

175179
<import resource="authz-config.xml" />

openid-connect-server-webapp/src/main/webapp/WEB-INF/endpoint-config.xml

Lines changed: 35 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,35 @@
1+
<?xml version="1.0" encoding="UTF-8"?>
2+
<!--
3+
Copyright 2017 The MITRE Corporation
4+
and the MIT Internet Trust Consortium
5+
6+
Licensed under the Apache License, Version 2.0 (the "License");
7+
you may not use this file except in compliance with the License.
8+
You may obtain a copy of the License at
9+
10+
http://www.apache.org/licenses/LICENSE-2.0
11+
12+
Unless required by applicable law or agreed to in writing, software
13+
distributed under the License is distributed on an "AS IS" BASIS,
14+
WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
15+
See the License for the specific language governing permissions and
16+
limitations under the License.
17+
-->
18+
<beans xmlns="http://www.springframework.org/schema/beans"
19+
xmlns:mvc="http://www.springframework.org/schema/mvc"
20+
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
21+
xmlns:tx="http://www.springframework.org/schema/tx"
22+
xmlns:context="http://www.springframework.org/schema/context"
23+
xmlns:security="http://www.springframework.org/schema/security"
24+
xmlns:oauth="http://www.springframework.org/schema/security/oauth2"
25+
xsi:schemaLocation="http://www.springframework.org/schema/security/oauth2 http://www.springframework.org/schema/security/spring-security-oauth2-2.0.xsd
26+
http://www.springframework.org/schema/mvc http://www.springframework.org/schema/mvc/spring-mvc-4.3.xsd
27+
http://www.springframework.org/schema/security http://www.springframework.org/schema/security/spring-security-4.2.xsd
28+
http://www.springframework.org/schema/beans http://www.springframework.org/schema/beans/spring-beans-4.3.xsd
29+
http://www.springframework.org/schema/tx http://www.springframework.org/schema/tx/spring-tx-4.3.xsd
30+
http://www.springframework.org/schema/context http://www.springframework.org/schema/context/spring-context-4.3.xsd">
31+
32+
33+
<!-- This file allows you to define additional endpoints, it's normally empty in the OIDC server and has entries in the UMA server -->
34+
35+
</beans>

uma-server-webapp/src/main/resources/db/hsql/scopes.sql

Lines changed: 11 additions & 11 deletions
Original file line numberDiff line numberDiff line change
@@ -10,25 +10,25 @@ START TRANSACTION;
1010
-- Insert scope information into the temporary tables.
1111
--
1212

13-
INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES
14-
('openid', 'log in using your identity', 'user', false, true, false, null),
15-
('profile', 'basic profile information', 'list-alt', false, true, false, null),
16-
('email', 'email address', 'envelope', false, true, false, null),
17-
('address', 'physical address', 'home', false, true, false, null),
18-
('phone', 'telephone number', 'bell', false, true, false, null),
19-
('offline_access', 'offline access', 'time', false, false, false, null),
20-
('uma_protection', 'manage protected resources', 'briefcase', false, false, false, null),
21-
('uma_authorization', 'request access to protected resources', 'share', false, false, false, null);
13+
INSERT INTO system_scope_TEMP (scope, description, icon, restricted, default_scope) VALUES
14+
('openid', 'log in using your identity', 'user', false, true),
15+
('profile', 'basic profile information', 'list-alt', false, true),
16+
('email', 'email address', 'envelope', false, true),
17+
('address', 'physical address', 'home', false, true),
18+
('phone', 'telephone number', 'bell', false, true),
19+
('offline_access', 'offline access', 'time', false, false),
20+
('uma_protection', 'manage protected resources', 'briefcase', false, false),
21+
('uma_authorization', 'request access to protected resources', 'share', false, false);
2222

2323
--
2424
-- Merge the temporary scopes safely into the database. This is a two-step process to keep scopes from being created on every startup with a persistent store.
2525
--
2626

2727
MERGE INTO system_scope
28-
USING (SELECT scope, description, icon, restricted, default_scope, structured, structured_param_description FROM system_scope_TEMP) AS vals(scope, description, icon, restricted, default_scope, structured, structured_param_description)
28+
USING (SELECT scope, description, icon, restricted, default_scope FROM system_scope_TEMP) AS vals(scope, description, icon, restricted, default_scope)
2929
ON vals.scope = system_scope.scope
3030
WHEN NOT MATCHED THEN
31-
INSERT (scope, description, icon, restricted, default_scope, structured, structured_param_description) VALUES(vals.scope, vals.description, vals.icon, vals.restricted, vals.default_scope, vals.structured, vals.structured_param_description);
31+
INSERT (scope, description, icon, restricted, default_scope) VALUES(vals.scope, vals.description, vals.icon, vals.restricted, vals.default_scope);
3232

3333
COMMIT;
3434

0 commit comments

Comments
 (0)