LiRuochen_WorkFlow/MaxKey
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

AuthorizationUtils

Browse Source
This commit is contained in:
MaxKey
2022-04-26 21:54:46 +08:00
parent 9221064088
commit 10b964ad79
27 changed files with 120 additions and 94 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/OAuth2UserDetailsService.java
View File

@@ -15,7 +15,7 @@ package org.maxkey.authz.oauth2.provider;
import java.util.ArrayList;
import org.maxkey.authn.AbstractAuthenticationProvider;
import org.maxkey.authn.SigninPrincipal;
import org.maxkey.authn.SignPrincipal;
import org.maxkey.authn.session.Session;
import org.maxkey.entity.UserInfo;
import org.maxkey.persistence.repository.LoginRepository;
@@ -47,7 +47,7 @@ public class OAuth2UserDetailsService implements UserDetailsService {
String onlineTickitId = WebConstants.ONLINE_TICKET_PREFIX + "-" + java.util.UUID.randomUUID().toString().toLowerCase();
SigninPrincipal principal = new SigninPrincipal(userInfo);
SignPrincipal principal = new SignPrincipal(userInfo);
Session onlineTicket = new Session(onlineTickitId);
//set OnlineTicket
principal.setSession(onlineTicket);

4
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/endpoint/OAuth20AccessConfirmationEndpoint.java
View File

@@ -93,7 +93,7 @@ public class OAuth20AccessConfirmationEndpoint {
try {
// Map<String, Object> model
AuthorizationRequest clientAuth =
(AuthorizationRequest) momentaryService.get(currentUser.getOnlineTicket(), "authorizationRequest");
(AuthorizationRequest) momentaryService.get(currentUser.getSessionId(), "authorizationRequest");
ClientDetails client = clientDetailsService.loadClientByClientId(clientAuth.getClientId(),true);
model.put("oauth_approval", WebContext.genId());
model.put("auth_request", clientAuth);
@@ -139,7 +139,7 @@ public class OAuth20AccessConfirmationEndpoint {
if(StringUtils.isNotBlank(oauth_approval)) {
try {
AuthorizationRequest clientAuth =
(AuthorizationRequest) momentaryService.get(currentUser.getOnlineTicket(), "authorizationRequest");
(AuthorizationRequest) momentaryService.get(currentUser.getSessionId(), "authorizationRequest");
ClientDetails client = clientDetailsService.loadClientByClientId(clientAuth.getClientId(),true);
Apps app = appsService.get(client.getClientId(),true);

4
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AuthorizationEndpoint.java
View File

@@ -227,7 +227,7 @@ public class AuthorizationEndpoint extends AbstractEndpoint {
// Place auth request into the model so that it is stored in the session
// for approveOrDeny to use. That way we make sure that auth request comes from the session,
// so any auth request parameters passed to approveOrDeny will be ignored and retrieved from the session.
momentaryService.put(currentUser.getOnlineTicket(), "authorizationRequest", authorizationRequest);
momentaryService.put(currentUser.getSessionId(), "authorizationRequest", authorizationRequest);
return getUserApprovalPageResponse(model, authorizationRequest, (Authentication) principal);
@@ -255,7 +255,7 @@ public class AuthorizationEndpoint extends AbstractEndpoint {
"User must be authenticated with Spring Security before authorizing an access token.");
}
AuthorizationRequest authorizationRequest = (AuthorizationRequest) momentaryService.get(currentUser.getOnlineTicket(), "authorizationRequest");
AuthorizationRequest authorizationRequest = (AuthorizationRequest) momentaryService.get(currentUser.getSessionId(), "authorizationRequest");
if (authorizationRequest == null) {
sessionStatus.setComplete();

4
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpoint.java
View File

@@ -22,7 +22,7 @@ import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.maxkey.authn.SigninPrincipal;
import org.maxkey.authn.SignPrincipal;
import org.maxkey.authn.web.AuthorizationUtils;
import org.maxkey.authz.oauth2.common.DefaultOAuth2AccessToken;
import org.maxkey.authz.oauth2.common.OAuth2AccessToken;
@@ -196,7 +196,7 @@ public class TokenEndpoint extends AbstractEndpoint {
clientId = ((OAuth2Authentication) client).getOAuth2Request().getClientId();
}
if (client instanceof UsernamePasswordAuthenticationToken) {
clientId = ((SigninPrincipal)client.getPrincipal()).getUsername();
clientId = ((SignPrincipal)client.getPrincipal()).getUsername();
}
return clientId;
}

10
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpointAuthenticationFilter.java
View File

@@ -31,7 +31,7 @@ import javax.servlet.annotation.WebFilter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.maxkey.authn.SigninPrincipal;
import org.maxkey.authn.SignPrincipal;
import org.maxkey.authn.web.AuthorizationUtils;
import org.maxkey.authz.oauth2.common.OAuth2Constants;
import org.maxkey.authz.oauth2.common.util.OAuth2Utils;
@@ -145,13 +145,13 @@ public class TokenEndpointAuthenticationFilter implements Filter {
}else {
Authentication authentication=ClientCredentials(request,response);
_logger.trace("getPrincipal " + authentication.getPrincipal().getClass());
SigninPrincipal auth = null;
if(authentication.getPrincipal() instanceof SigninPrincipal) {
SignPrincipal auth = null;
if(authentication.getPrincipal() instanceof SignPrincipal) {
//authorization_code
auth = (SigninPrincipal)authentication.getPrincipal();
auth = (SignPrincipal)authentication.getPrincipal();
}else {
//client_credentials
auth =new SigninPrincipal((User)authentication.getPrincipal());
auth =new SignPrincipal((User)authentication.getPrincipal());
}
auth.setAuthenticated(true);
UsernamePasswordAuthenticationToken simpleUserAuthentication = new UsernamePasswordAuthenticationToken(auth, authentication.getCredentials(), authentication.getAuthorities());

4
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/UserInfoEndpoint.java
View File

@@ -25,7 +25,7 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.commons.beanutils.BeanUtils;
import org.apache.commons.lang3.StringUtils;
import org.maxkey.authn.SigninPrincipal;
import org.maxkey.authn.SignPrincipal;
import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
import org.maxkey.authz.oauth2.common.OAuth2Constants;
import org.maxkey.authz.oauth2.common.exceptions.OAuth2Exception;
@@ -114,7 +114,7 @@ public class UserInfoEndpoint {
}else{
adapter =(AbstractAuthorizeAdapter)new OAuthDefaultUserInfoAdapter(clientDetails);
}
adapter.setPrincipal((SigninPrincipal)oAuth2Authentication.getUserAuthentication().getPrincipal());
adapter.setPrincipal((SignPrincipal)oAuth2Authentication.getUserAuthentication().getPrincipal());
adapter.setApp(app);
Object jsonData = adapter.generateInfo();

6
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/UserInfoOIDCEndpoint.java
View File

@@ -28,7 +28,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang3.StringUtils;
import org.maxkey.authn.SigninPrincipal;
import org.maxkey.authn.SignPrincipal;
import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
import org.maxkey.authz.oauth2.common.OAuth2Constants;
import org.maxkey.authz.oauth2.common.exceptions.OAuth2Exception;
@@ -113,7 +113,7 @@ public class UserInfoOIDCEndpoint {
try{
oAuth2Authentication = oauth20tokenServices.loadAuthentication(access_token);
principal=((SigninPrincipal)oAuth2Authentication.getPrincipal()).getUsername();
principal=((SignPrincipal)oAuth2Authentication.getPrincipal()).getUsername();
Set<String >scopes = oAuth2Authentication.getOAuth2Request().getScope();
ClientDetails clientDetails =
@@ -123,7 +123,7 @@ public class UserInfoOIDCEndpoint {
String userJson = "";
Builder jwtClaimsSetBuilder= new JWTClaimsSet.Builder();
SigninPrincipal authentication = (SigninPrincipal)oAuth2Authentication.getUserAuthentication().getPrincipal();
SignPrincipal authentication = (SignPrincipal)oAuth2Authentication.getUserAuthentication().getPrincipal();
String subject = AbstractAuthorizeAdapter.getValueByUserAttr(userInfo, clientDetails.getSubject());
_logger.debug("userId : {} , username : {} , displayName : {} , subject : {}" ,