add ee8 openid (#8342)

Signed-off-by: Olivier Lamy <oliver.lamy@gmail.com>

jetty-ee8/jetty-ee8-openid/pom.xml

@@ -0,0 +1,72 @@
+<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
+  <parent>
+    <groupId>org.eclipse.jetty.ee8</groupId>
+    <artifactId>jetty-ee8</artifactId>
+    <version>12.0.0-SNAPSHOT</version>
+  </parent>
+
+  <modelVersion>4.0.0</modelVersion>
+  <artifactId>jetty-ee8-openid</artifactId>
+  <name>EE8 :: Jetty :: OpenID</name>
+  <description>Jetty OpenID Connect infrastructure</description>
+
+  <properties>
+    <ee9.module>jetty-ee9-openid</ee9.module>
+    <bundle-symbolic-name>${project.groupId}.openid</bundle-symbolic-name>
+    <spotbugs.onlyAnalyze>org.eclipse.jetty.security.openid.*</spotbugs.onlyAnalyze>
+  </properties>
+
+  <build>
+    <plugins>
+      <plugin>
+        <groupId>org.apache.felix</groupId>
+        <artifactId>maven-bundle-plugin</artifactId>
+        <extensions>true</extensions>
+        <configuration>
+          <instructions>
+            <Require-Capability>osgi.extender; filter:="(osgi.extender=osgi.serviceloader.registrar)"</Require-Capability>
+            <Provide-Capability>osgi.serviceloader;osgi.serviceloader=org.eclipse.jetty.security.Authenticator$Factory</Provide-Capability>
+          </instructions>
+        </configuration>
+      </plugin>
+    </plugins>
+  </build>
+
+  <dependencies>
+    <dependency>
+      <groupId>org.eclipse.jetty</groupId>
+      <artifactId>jetty-server</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.eclipse.jetty</groupId>
+      <artifactId>jetty-client</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.eclipse.jetty.ee8</groupId>
+      <artifactId>jetty-ee8-security</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.eclipse.jetty</groupId>
+      <artifactId>jetty-util-ajax</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.slf4j</groupId>
+      <artifactId>slf4j-api</artifactId>
+    </dependency>
+    <dependency>
+      <groupId>org.eclipse.jetty</groupId>
+      <artifactId>jetty-slf4j-impl</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.eclipse.jetty.ee8</groupId>
+      <artifactId>jetty-ee8-servlet</artifactId>
+      <scope>test</scope>
+    </dependency>
+    <dependency>
+      <groupId>org.eclipse.jetty.toolchain</groupId>
+      <artifactId>jetty-test-helper</artifactId>
+      <scope>test</scope>
+    </dependency>
+  </dependencies>
+</project>

jetty-ee8/jetty-ee8-openid/src/main/config/etc/jetty-openid.xml

@@ -0,0 +1,51 @@
+<?xml version="1.0"?>
+<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_3.dtd">
+<Configure id="Server" class="org.eclipse.jetty.server.Server">
+  <Get id="ThreadPool" name="threadPool"/>
+  <New id="HttpClient" class="org.eclipse.jetty.client.HttpClient">
+    <Arg>
+      <New class="org.eclipse.jetty.client.http.HttpClientTransportOverHTTP">
+        <Arg>
+          <New class="org.eclipse.jetty.io.ClientConnector">
+            <Set name="sslContextFactory">
+              <New class="org.eclipse.jetty.util.ssl.SslContextFactory$Client">
+                <Set name="trustAll" type="boolean">
+                  <Property name="jetty.openid.sslContextFactory.trustAll" default="false"/>
+                </Set>
+              </New>
+            </Set>
+          </New>
+        </Arg>
+      </New>
+    </Arg>
+    <Set name="executor"><Ref refid="ThreadPool"/></Set>
+  </New>
+  <Call name="addBean">
+    <Arg>
+      <Ref refid="BaseLoginService"/>
+    </Arg>
+  </Call>
+  <Call name="addBean">
+    <Arg>
+      <New id="OpenIdConfiguration" class="org.eclipse.jetty.ee8.security.openid.OpenIdConfiguration">
+        <Arg name="issuer"><Property name="jetty.openid.provider" deprecated="jetty.openid.openIdProvider"/></Arg>
+        <Arg name="authorizationEndpoint"><Property name="jetty.openid.provider.authorizationEndpoint"/></Arg>
+        <Arg name="tokenEndpoint"><Property name="jetty.openid.provider.tokenEndpoint"/></Arg>
+        <Arg name="clientId"><Property name="jetty.openid.clientId"/></Arg>
+        <Arg name="clientSecret"><Property name="jetty.openid.clientSecret"/></Arg>
+        <Arg name="authMethod"><Property name="jetty.openid.authMethod" default="client_secret_post"/></Arg>
+        <Arg name="httpClient"><Ref refid="HttpClient"/></Arg>
+        <Set name="authenticateNewUsers">
+          <Property name="jetty.openid.authenticateNewUsers" default="false"/>
+        </Set>
+        <Call name="addScopes">
+          <Arg>
+            <Call class="org.eclipse.jetty.util.StringUtil" name="csvSplit">
+              <Arg><Property name="jetty.openid.scopes"/></Arg>
+            </Call>
+          </Arg>
+        </Call>
+      </New>
+    </Arg>
+  </Call>
+</Configure>

jetty-ee8/jetty-ee8-openid/src/main/config/modules/openid.mod

@@ -0,0 +1,47 @@
+# DO NOT EDIT - See: https://www.eclipse.org/jetty/documentation/current/startup-modules.html
+
+[description]
+Adds OpenId Connect authentication to the server.
+
+[depend]
+security
+client
+
+[lib]
+lib/jetty-ee8-openid-${jetty.version}.jar
+lib/jetty-util-ajax-${jetty.version}.jar
+
+[files]
+basehome:modules/openid/jetty-ee8-openid-baseloginservice.xml|etc/openid-baseloginservice.xml
+
+[xml]
+etc/openid-baseloginservice.xml
+etc/jetty-openid.xml
+
+[ini-template]
+## The OpenID Identity Provider's issuer ID (the entire URL *before* ".well-known/openid-configuration")
+# jetty.openid.provider=https://id.example.com/
+
+## The OpenID Identity Provider's authorization endpoint (optional if the metadata of the OP is accessible)
+# jetty.openid.provider.authorizationEndpoint=https://id.example.com/authorization
+
+## The OpenID Identity Provider's token endpoint (optional if the metadata of the OP is accessible)
+# jetty.openid.provider.tokenEndpoint=https://id.example.com/token
+
+## The Client Identifier
+# jetty.openid.clientId=test1234
+
+## The Client Secret
+# jetty.openid.clientSecret=XT_Mafv_aUCGheuCaKY8P
+
+## Additional Scopes to Request
+# jetty.openid.scopes=email,profile
+
+## Whether to Authenticate users not found by base LoginService
+# jetty.openid.authenticateNewUsers=false
+
+## True if all certificates should be trusted by the default SslContextFactory
+# jetty.openid.sslContextFactory.trustAll=false
+
+## What authentication method to use with the Token Endpoint (client_secret_post, client_secret_basic).
+# jetty.openid.authMethod=client_secret_post

jetty-ee8/pom.xml

@@ -38,6 +38,7 @@
     <module>jetty-ee8-annotations</module>
     <module>jetty-ee8-websocket</module>
     <module>jetty-ee8-quickstart</module>
+    <module>jetty-ee8-openid</module>
     <module>jetty-ee8-bom</module>
     <module>jetty-ee8-demos</module>
     <module>jetty-ee8-home</module>

jetty-ee9/jetty-ee9-openid/src/main/config/modules/openid.mod

@@ -8,11 +8,11 @@ security
 client
 
 [lib]
-lib/jetty-openid-${jetty.version}.jar
+lib/jetty-ee9-openid-${jetty.version}.jar
 lib/jetty-util-ajax-${jetty.version}.jar
 
 [files]
-basehome:modules/openid/openid-baseloginservice.xml|etc/openid-baseloginservice.xml
+basehome:modules/openid/jetty-ee9-openid-baseloginservice.xml|etc/openid-baseloginservice.xml
 
 [xml]
 etc/openid-baseloginservice.xml

jetty-ee9/jetty-ee9-openid/src/main/config/modules/openid/jetty-ee9-openid-baseloginservice.xml

@@ -0,0 +1,10 @@
+<?xml version="1.0"?>
+<!DOCTYPE Configure PUBLIC "-//Jetty//Configure//EN" "http://www.eclipse.org/jetty/configure_9_3.dtd">
+<Configure>
+  <!-- Optional code to configure the base LoginService used by the OpenIdLoginService
+  <New id="BaseLoginService" class="org.eclipse.jetty.security.HashLoginService">
+    <Set name="config"><SystemProperty name="jetty.home" default="."/>/etc/realm.properties</Set>
+    <Set name="hotReload">true</Set>
+  </New>
+  -->
+</Configure>