Authentication 优化
This commit is contained in:
Crystal.Sea
@@ -20,7 +20,7 @@ package org.maxkey.authz.oauth2.provider.approval.controller;
|
||||
import java.util.HashMap;
|
||||
import java.util.LinkedHashMap;
|
||||
import java.util.Map;
|
||||
import org.maxkey.authn.BasicAuthentication;
|
||||
import org.maxkey.authn.SigninPrincipal;
|
||||
import org.maxkey.authz.endpoint.AuthorizeBaseEndpoint;
|
||||
import org.maxkey.authz.oauth2.common.util.OAuth2Utils;
|
||||
import org.maxkey.authz.oauth2.provider.AuthorizationRequest;
|
||||
@@ -102,7 +102,7 @@ public class OAuth20AccessConfirmationController {
|
||||
scopes.put(OAuth2Utils.SCOPE_PREFIX + scope, "false");
|
||||
}
|
||||
String principal =
|
||||
((BasicAuthentication) WebContext.getAuthentication().getPrincipal()).getUsername();
|
||||
((SigninPrincipal) WebContext.getAuthentication().getPrincipal()).getUsername();
|
||||
for (Approval approval : approvalStore.getApprovals(principal, client.getClientId())) {
|
||||
if (clientAuth.getScope().contains(approval.getScope())) {
|
||||
scopes.put(OAuth2Utils.SCOPE_PREFIX + approval.getScope(),
|
||||
|
||||
@@ -129,7 +129,7 @@ public class AuthorizationEndpoint extends AbstractEndpoint {
|
||||
@RequestMapping(value = "/oauth/v20/authorize", method = RequestMethod.GET)
|
||||
public ModelAndView authorize(Map<String, Object> model, @RequestParam Map<String, String> parameters,
|
||||
SessionStatus sessionStatus) {
|
||||
Principal principal=(Principal)WebContext.getAuthentication().getPrincipal();
|
||||
Principal principal=(Principal)WebContext.getAuthentication();
|
||||
// Pull out the authorization request first, using the OAuth2RequestFactory. All further logic should
|
||||
// query off of the authorization request instead of referring back to the parameters map. The contents of the
|
||||
// parameters map will be stored without change in the AuthorizationRequest object once it is created.
|
||||
@@ -208,7 +208,7 @@ public class AuthorizationEndpoint extends AbstractEndpoint {
|
||||
@RequestMapping(value = "/oauth/v20/authorize", method = RequestMethod.POST, params = OAuth2Utils.USER_OAUTH_APPROVAL)
|
||||
public View approveOrDeny(@RequestParam Map<String, String> approvalParameters, Map<String, ?> model,
|
||||
SessionStatus sessionStatus) {
|
||||
Principal principal=(Principal)WebContext.getAuthentication().getPrincipal();
|
||||
Principal principal=(Principal)WebContext.getAuthentication();
|
||||
if (!(principal instanceof Authentication)) {
|
||||
sessionStatus.setComplete();
|
||||
throw new InsufficientAuthenticationException(
|
||||
|
||||
@@ -23,6 +23,7 @@ import java.util.HashSet;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
import org.maxkey.authn.SigninPrincipal;
|
||||
import org.maxkey.authz.oauth2.common.OAuth2AccessToken;
|
||||
import org.maxkey.authz.oauth2.common.exceptions.InvalidClientException;
|
||||
import org.maxkey.authz.oauth2.common.exceptions.InvalidGrantException;
|
||||
@@ -41,6 +42,7 @@ import org.springframework.http.HttpMethod;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.http.ResponseEntity;
|
||||
import org.springframework.security.authentication.InsufficientAuthenticationException;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.util.StringUtils;
|
||||
@@ -98,9 +100,6 @@ public class TokenEndpoint extends AbstractEndpoint {
|
||||
|
||||
Object principal = WebContext.getAuthentication();
|
||||
|
||||
if(parameters.get("code") != null) {
|
||||
principal=WebContext.getAuthentication().getPrincipal();
|
||||
}
|
||||
if (!(principal instanceof Authentication)) {
|
||||
throw new InsufficientAuthenticationException(
|
||||
"There is no client authentication. Try adding an appropriate authentication filter.");
|
||||
@@ -174,6 +173,9 @@ public class TokenEndpoint extends AbstractEndpoint {
|
||||
// Might be a client and user combined authentication
|
||||
clientId = ((OAuth2Authentication) client).getOAuth2Request().getClientId();
|
||||
}
|
||||
if (client instanceof UsernamePasswordAuthenticationToken) {
|
||||
clientId = ((SigninPrincipal)client.getPrincipal()).getUsername();
|
||||
}
|
||||
return clientId;
|
||||
}
|
||||
|
||||
|
||||
@@ -33,7 +33,7 @@ import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.apache.commons.logging.Log;
|
||||
import org.apache.commons.logging.LogFactory;
|
||||
import org.maxkey.authn.BasicAuthentication;
|
||||
import org.maxkey.authn.SigninPrincipal;
|
||||
import org.maxkey.authz.oauth2.common.util.OAuth2Utils;
|
||||
import org.maxkey.authz.oauth2.provider.AuthorizationRequest;
|
||||
import org.maxkey.authz.oauth2.provider.OAuth2Authentication;
|
||||
@@ -136,8 +136,7 @@ public class TokenEndpointAuthenticationFilter implements Filter {
|
||||
usernamepassword(request,response);
|
||||
}else {
|
||||
Authentication authentication=ClientCredentials(request,response);
|
||||
BasicAuthentication auth =new BasicAuthentication();
|
||||
auth.setUsername(((User)authentication.getPrincipal()).getUsername());
|
||||
SigninPrincipal auth =new SigninPrincipal((User)authentication.getPrincipal());
|
||||
auth.setAuthenticated(true);
|
||||
UsernamePasswordAuthenticationToken simpleUserAuthentication = new UsernamePasswordAuthenticationToken(auth, authentication.getCredentials(), authentication.getAuthorities());
|
||||
WebContext.setAuthentication(simpleUserAuthentication);
|
||||
|
||||
@@ -19,6 +19,7 @@ package org.maxkey.authz.oauth2.provider.userinfo.endpoint;
|
||||
|
||||
import java.util.HashMap;
|
||||
|
||||
import org.maxkey.authn.SigninPrincipal;
|
||||
import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
|
||||
import org.maxkey.domain.UserInfo;
|
||||
import org.maxkey.util.JsonUtils;
|
||||
@@ -29,7 +30,7 @@ import org.springframework.web.servlet.ModelAndView;
|
||||
public class OAuthDefaultUserInfoAdapter extends AbstractAuthorizeAdapter {
|
||||
|
||||
@Override
|
||||
public String generateInfo(UserInfo userInfo,Object app) {
|
||||
public String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app) {
|
||||
HashMap<String, Object> beanMap = new HashMap<String, Object>();
|
||||
beanMap.put("randomId",(new StringGenerator()).uuidGenerate());
|
||||
beanMap.put("uid", userInfo.getId());
|
||||
@@ -44,7 +45,7 @@ public class OAuthDefaultUserInfoAdapter extends AbstractAuthorizeAdapter {
|
||||
beanMap.put("title", userInfo.getJobTitle());
|
||||
beanMap.put("state", userInfo.getWorkRegion());
|
||||
beanMap.put("gender", userInfo.getGender());
|
||||
beanMap.put(WebConstants.ONLINE_TICKET_NAME, userInfo.getOnlineTicket().getTicketId());
|
||||
beanMap.put(WebConstants.ONLINE_TICKET_NAME, authentication.getOnlineTicket());
|
||||
|
||||
String info= JsonUtils.object2Json(beanMap);
|
||||
|
||||
|
||||
@@ -26,7 +26,7 @@ import java.util.UUID;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.maxkey.authn.BasicAuthentication;
|
||||
import org.maxkey.authn.SigninPrincipal;
|
||||
import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
|
||||
import org.maxkey.authz.oauth2.common.exceptions.OAuth2Exception;
|
||||
import org.maxkey.authz.oauth2.provider.ClientDetailsService;
|
||||
@@ -123,7 +123,7 @@ public class UserInfoEndpoint {
|
||||
try{
|
||||
oAuth2Authentication = oauth20tokenServices.loadAuthentication(access_token);
|
||||
|
||||
principal=oAuth2Authentication.getPrincipal().toString();
|
||||
principal=((SigninPrincipal)oAuth2Authentication.getUserAuthentication().getPrincipal()).getUsername();
|
||||
|
||||
String client_id= oAuth2Authentication.getOAuth2Request().getClientId();
|
||||
UserInfo userInfo=queryUserInfo(principal);
|
||||
@@ -135,9 +135,10 @@ public class UserInfoEndpoint {
|
||||
}else{
|
||||
adapter =(AbstractAuthorizeAdapter)defaultOAuthUserInfoAdapter;
|
||||
}
|
||||
BasicAuthentication authentication = (BasicAuthentication)oAuth2Authentication.getUserAuthentication();
|
||||
userInfo.setOnlineTicket(authentication.getOnlineTicket());
|
||||
String jsonData=adapter.generateInfo(userInfo, app);
|
||||
|
||||
String jsonData=adapter.generateInfo(
|
||||
(SigninPrincipal)oAuth2Authentication.getUserAuthentication().getPrincipal(),
|
||||
userInfo, app);
|
||||
return jsonData;
|
||||
}catch(OAuth2Exception e){
|
||||
HashMap<String,Object>authzException=new HashMap<String,Object>();
|
||||
@@ -163,7 +164,7 @@ public class UserInfoEndpoint {
|
||||
try{
|
||||
oAuth2Authentication = oauth20tokenServices.loadAuthentication(access_token);
|
||||
|
||||
principal=oAuth2Authentication.getPrincipal().toString();
|
||||
principal=((SigninPrincipal)oAuth2Authentication.getPrincipal()).getUsername();
|
||||
|
||||
Set<String >scopes=oAuth2Authentication.getOAuth2Request().getScope();
|
||||
ClientDetails clientDetails = clientDetailsService.loadClientByClientId(oAuth2Authentication.getOAuth2Request().getClientId());
|
||||
@@ -172,10 +173,10 @@ public class UserInfoEndpoint {
|
||||
String userJson="";
|
||||
Builder jwtClaimsSetBuilder= new JWTClaimsSet.Builder();
|
||||
|
||||
BasicAuthentication authentication = (BasicAuthentication)oAuth2Authentication.getUserAuthentication();
|
||||
SigninPrincipal authentication = (SigninPrincipal)oAuth2Authentication.getUserAuthentication().getPrincipal();
|
||||
|
||||
jwtClaimsSetBuilder.claim("sub", userInfo.getId());
|
||||
jwtClaimsSetBuilder.claim(WebConstants.ONLINE_TICKET_NAME, authentication.getOnlineTicket().getTicketId());
|
||||
jwtClaimsSetBuilder.claim(WebConstants.ONLINE_TICKET_NAME, authentication.getOnlineTicket());
|
||||
|
||||
if(scopes.contains("profile")){
|
||||
jwtClaimsSetBuilder.claim("name", userInfo.getUsername());
|
||||
|
||||
Reference in New Issue
Block a user