Optimize
This commit is contained in:
MaxKey
@@ -17,26 +17,31 @@
|
||||
|
||||
package org.maxkey.authz.jwt.endpoint.adapter;
|
||||
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.spec.InvalidKeySpecException;
|
||||
import java.util.Arrays;
|
||||
import java.util.Date;
|
||||
import java.util.UUID;
|
||||
|
||||
import org.joda.time.DateTime;
|
||||
import org.maxkey.authn.SigninPrincipal;
|
||||
import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
|
||||
import org.maxkey.configuration.oidc.OIDCProviderMetadata;
|
||||
import org.maxkey.crypto.jwt.signer.service.JwtSigningAndValidationService;
|
||||
import org.maxkey.entity.UserInfo;
|
||||
import org.maxkey.entity.apps.Apps;
|
||||
import org.maxkey.crypto.jose.keystore.JWKSetKeyStore;
|
||||
import org.maxkey.crypto.jwt.encryption.service.impl.DefaultJwtEncryptionAndDecryptionService;
|
||||
import org.maxkey.crypto.jwt.signer.service.impl.DefaultJwtSigningAndValidationService;
|
||||
import org.maxkey.entity.apps.AppsJwtDetails;
|
||||
import org.maxkey.web.WebConstants;
|
||||
import org.maxkey.web.WebContext;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.web.servlet.ModelAndView;
|
||||
|
||||
import com.nimbusds.jose.EncryptionMethod;
|
||||
import com.nimbusds.jose.JOSEException;
|
||||
import com.nimbusds.jose.JWEAlgorithm;
|
||||
import com.nimbusds.jose.JWEHeader;
|
||||
import com.nimbusds.jose.JWEObject;
|
||||
import com.nimbusds.jose.JWSAlgorithm;
|
||||
import com.nimbusds.jose.JWSHeader;
|
||||
import com.nimbusds.jose.Payload;
|
||||
import com.nimbusds.jwt.JWT;
|
||||
import com.nimbusds.jwt.JWTClaimsSet;
|
||||
import com.nimbusds.jwt.PlainJWT;
|
||||
@@ -44,23 +49,35 @@ import com.nimbusds.jwt.SignedJWT;
|
||||
|
||||
public class JwtAdapter extends AbstractAuthorizeAdapter {
|
||||
final static Logger _logger = LoggerFactory.getLogger(JwtAdapter.class);
|
||||
|
||||
AppsJwtDetails jwtDetails;
|
||||
|
||||
JWT jwtToken;
|
||||
|
||||
JWEObject jweObject;
|
||||
|
||||
JWTClaimsSet jwtClaims;
|
||||
|
||||
public JwtAdapter() {
|
||||
|
||||
}
|
||||
|
||||
public JwtAdapter(AppsJwtDetails jwtDetails) {
|
||||
this.jwtDetails = jwtDetails;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app) {
|
||||
AppsJwtDetails details=(AppsJwtDetails)app;
|
||||
|
||||
public Object generateInfo() {
|
||||
DateTime currentDateTime = DateTime.now();
|
||||
Date expirationTime = currentDateTime.plusMinutes(Integer.parseInt(jwtDetails.getExpires())).toDate();
|
||||
_logger.debug("expiration Time : {}" , expirationTime);
|
||||
String subject = getValueByUserAttr(userInfo,jwtDetails.getSubject());
|
||||
_logger.trace("jwt subject : {}" , subject);
|
||||
|
||||
JwtSigningAndValidationService jwtSignerService= WebContext.getBean("jwtSignerValidationService",JwtSigningAndValidationService.class);
|
||||
OIDCProviderMetadata providerMetadata= WebContext.getBean("oidcProviderMetadata",OIDCProviderMetadata.class);
|
||||
|
||||
DateTime currentDateTime=DateTime.now();
|
||||
|
||||
Date expirationTime=currentDateTime.plusMinutes(Integer.parseInt(details.getExpires())).toDate();
|
||||
_logger.debug("expiration Time : "+expirationTime);
|
||||
|
||||
JWTClaimsSet jwtClaims =new JWTClaimsSet.Builder()
|
||||
.issuer(providerMetadata.getIssuer())
|
||||
.subject(userInfo.getUsername())
|
||||
.audience(Arrays.asList(details.getId()))
|
||||
jwtClaims =new JWTClaimsSet.Builder()
|
||||
.issuer(jwtDetails.getIssuer())
|
||||
.subject(subject)
|
||||
.audience(Arrays.asList(jwtDetails.getId()))
|
||||
.jwtID(UUID.randomUUID().toString())
|
||||
.issueTime(currentDateTime.toDate())
|
||||
.expirationTime(expirationTime)
|
||||
@@ -70,58 +87,111 @@ public class JwtAdapter extends AbstractAuthorizeAdapter {
|
||||
.claim("external_id", userInfo.getId())
|
||||
.claim("locale", userInfo.getLocale())
|
||||
.claim(WebConstants.ONLINE_TICKET_NAME, authentication.getOnlineTicket().getTicketId())
|
||||
.claim("kid", jwtSignerService.getDefaultSignerKeyId())
|
||||
.claim("kid", jwtDetails.getId()+ "_sig")
|
||||
.claim("institution", userInfo.getInstId())
|
||||
.build();
|
||||
|
||||
_logger.debug("jwt Claims : "+jwtClaims);
|
||||
_logger.trace("jwt Claims : {}" , jwtClaims);
|
||||
|
||||
JWT jwtToken = new PlainJWT(jwtClaims);
|
||||
|
||||
JWSAlgorithm signingAlg = jwtSignerService.getDefaultSigningAlgorithm();
|
||||
|
||||
//get PublicKey
|
||||
/*Map<String, JWK> jwkMap=jwtSignerService.getAllPublicKeys();
|
||||
|
||||
JWK jwk=jwkMap.get("connsec_rsa1");
|
||||
|
||||
_logger.debug("isPrivate "+jwk.isPrivate());*/
|
||||
|
||||
_logger.debug(" signingAlg "+signingAlg);
|
||||
|
||||
jwtToken = new SignedJWT(new JWSHeader(signingAlg), jwtClaims);
|
||||
// sign it with the server's key
|
||||
jwtSignerService.signJwt((SignedJWT) jwtToken);
|
||||
|
||||
String tokenString=jwtToken.serialize();
|
||||
_logger.debug("jwt Token : "+tokenString);
|
||||
|
||||
return tokenString;
|
||||
jwtToken = new PlainJWT(jwtClaims);
|
||||
|
||||
return jwtToken;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String encrypt(String data, String algorithmKey, String algorithm) {
|
||||
public Object sign(Object data,String signatureKey,String signature) {
|
||||
if(!jwtDetails.getSignature().equalsIgnoreCase("none")) {
|
||||
JWKSetKeyStore jwkSetKeyStore = new JWKSetKeyStore("{\"keys\": ["+jwtDetails.getSignatureKey()+"]}");
|
||||
try {
|
||||
DefaultJwtSigningAndValidationService jwtSignerService =
|
||||
new DefaultJwtSigningAndValidationService(jwkSetKeyStore);
|
||||
jwtSignerService.setDefaultSignerKeyId(jwtDetails.getId() + "_sig");
|
||||
jwtSignerService.setDefaultSigningAlgorithmName(jwtDetails.getSignature());
|
||||
JWSAlgorithm signingAlg = jwtSignerService.getDefaultSigningAlgorithm();
|
||||
_logger.trace(" signingAlg {}" , signingAlg);
|
||||
jwtToken = new SignedJWT(new JWSHeader(signingAlg), jwtClaims);
|
||||
// sign it with the server's key
|
||||
jwtSignerService.signJwt((SignedJWT) jwtToken);
|
||||
return jwtToken;
|
||||
} catch (NoSuchAlgorithmException e) {
|
||||
_logger.error("NoSuchAlgorithmException", e);
|
||||
} catch (InvalidKeySpecException e) {
|
||||
_logger.error("InvalidKeySpecException", e);
|
||||
} catch (JOSEException e) {
|
||||
_logger.error("JOSEException", e);
|
||||
}
|
||||
}
|
||||
return data;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String sign(String data, Apps app) {
|
||||
|
||||
public Object encrypt(Object data, String algorithmKey, String algorithm) {
|
||||
if(!jwtDetails.getAlgorithm().equalsIgnoreCase("none")) {
|
||||
JWKSetKeyStore jwkSetKeyStore = new JWKSetKeyStore("{\"keys\": ["+jwtDetails.getAlgorithmKey()+"]}");
|
||||
try {
|
||||
DefaultJwtEncryptionAndDecryptionService jwtEncryptionService =
|
||||
new DefaultJwtEncryptionAndDecryptionService(jwkSetKeyStore);
|
||||
jwtEncryptionService.setDefaultEncryptionKeyId(jwtDetails.getId() + "_enc");
|
||||
jwtEncryptionService.setDefaultAlgorithm(jwtDetails.getAlgorithm());
|
||||
JWEAlgorithm encryptAlgorithm = null;
|
||||
if(jwtDetails.getAlgorithm().startsWith("RSA")) {
|
||||
encryptAlgorithm = jwtEncryptionService.getDefaultAlgorithm();
|
||||
}else {
|
||||
encryptAlgorithm = JWEAlgorithm.DIR;
|
||||
}
|
||||
_logger.trace(" encryptAlgorithm {}" , encryptAlgorithm);
|
||||
EncryptionMethod encryptionMethod =
|
||||
jwtEncryptionService.parseEncryptionMethod(jwtDetails.getEncryptionMethod());
|
||||
|
||||
Payload payload;
|
||||
if(jwtToken instanceof SignedJWT) {
|
||||
payload = ((SignedJWT)jwtToken).getPayload();
|
||||
}else {
|
||||
payload = ((PlainJWT)jwtToken).getPayload();
|
||||
}
|
||||
// Example Request JWT encrypted with RSA-OAEP-256 and 128-bit AES/GCM
|
||||
//JWEHeader jweHeader = new JWEHeader(JWEAlgorithm.RSA1_5, EncryptionMethod.A128GCM);
|
||||
|
||||
jweObject = new JWEObject(
|
||||
new JWEHeader.Builder(new JWEHeader(encryptAlgorithm,encryptionMethod))
|
||||
.contentType("JWT") // required to indicate nested JWT
|
||||
.build(),
|
||||
payload);
|
||||
|
||||
jwtEncryptionService.encryptJwt(jweObject);
|
||||
|
||||
} catch (NoSuchAlgorithmException | InvalidKeySpecException | JOSEException e) {
|
||||
_logger.error("Encrypt Exception", e);
|
||||
}
|
||||
}
|
||||
return data;
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public ModelAndView authorize(UserInfo userInfo, Object app, String data,ModelAndView modelAndView) {
|
||||
public ModelAndView authorize(ModelAndView modelAndView) {
|
||||
modelAndView.setViewName("authorize/jwt_sso_submint");
|
||||
AppsJwtDetails details=(AppsJwtDetails)app;
|
||||
modelAndView.addObject("action", details.getRedirectUri());
|
||||
_logger.debug("jwt Token data : "+data);
|
||||
modelAndView.addObject("action", jwtDetails.getRedirectUri());
|
||||
|
||||
modelAndView.addObject("token",data);
|
||||
|
||||
//return_to
|
||||
modelAndView.addObject("token",serialize());
|
||||
modelAndView.addObject("jwtName",jwtDetails.getJwtName());
|
||||
|
||||
return modelAndView;
|
||||
}
|
||||
|
||||
public void setJwtDetails(AppsJwtDetails jwtDetails) {
|
||||
this.jwtDetails = jwtDetails;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String serialize() {
|
||||
String tokenString = "";
|
||||
if(jweObject != null) {
|
||||
tokenString = jweObject.serialize();
|
||||
}else {
|
||||
tokenString = jwtToken.serialize();
|
||||
}
|
||||
_logger.debug("jwt Token : {}" , tokenString);
|
||||
return tokenString;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -1,115 +0,0 @@
|
||||
/*
|
||||
* Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
|
||||
package org.maxkey.authz.jwt.endpoint.adapter;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.Date;
|
||||
import java.util.UUID;
|
||||
|
||||
import org.joda.time.DateTime;
|
||||
import org.maxkey.authn.SigninPrincipal;
|
||||
import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
|
||||
import org.maxkey.configuration.oidc.OIDCProviderMetadata;
|
||||
import org.maxkey.crypto.jwt.signer.service.JwtSigningAndValidationService;
|
||||
import org.maxkey.entity.UserInfo;
|
||||
import org.maxkey.entity.apps.AppsJwtDetails;
|
||||
import org.maxkey.web.WebConstants;
|
||||
import org.maxkey.web.WebContext;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.web.servlet.ModelAndView;
|
||||
|
||||
import com.nimbusds.jose.JWSAlgorithm;
|
||||
import com.nimbusds.jose.JWSHeader;
|
||||
import com.nimbusds.jwt.JWT;
|
||||
import com.nimbusds.jwt.JWTClaimsSet;
|
||||
import com.nimbusds.jwt.PlainJWT;
|
||||
import com.nimbusds.jwt.SignedJWT;
|
||||
|
||||
public class JwtDefaultAdapter extends AbstractAuthorizeAdapter {
|
||||
final static Logger _logger = LoggerFactory.getLogger(JwtDefaultAdapter.class);
|
||||
@Override
|
||||
public String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app) {
|
||||
AppsJwtDetails details=(AppsJwtDetails)app;
|
||||
|
||||
|
||||
JwtSigningAndValidationService jwtSignerService= WebContext.getBean("jwtSignerValidationService",JwtSigningAndValidationService.class);
|
||||
OIDCProviderMetadata providerMetadata= WebContext.getBean("oidcProviderMetadata",OIDCProviderMetadata.class);
|
||||
|
||||
DateTime currentDateTime=DateTime.now();
|
||||
|
||||
Date expirationTime=currentDateTime.plusMinutes(Integer.parseInt(details.getExpires())).toDate();
|
||||
_logger.debug("expiration Time : "+expirationTime);
|
||||
|
||||
JWTClaimsSet jwtClaims =new JWTClaimsSet.Builder()
|
||||
.issuer(providerMetadata.getIssuer())
|
||||
.subject(userInfo.getUsername())
|
||||
.audience(Arrays.asList(details.getId()))
|
||||
.jwtID(UUID.randomUUID().toString())
|
||||
.issueTime(currentDateTime.toDate())
|
||||
.expirationTime(expirationTime)
|
||||
.claim("email", userInfo.getWorkEmail())
|
||||
.claim("name", userInfo.getUsername())
|
||||
.claim("user_id", userInfo.getId())
|
||||
.claim("external_id", userInfo.getId())
|
||||
.claim("locale", userInfo.getLocale())
|
||||
.claim(WebConstants.ONLINE_TICKET_NAME, authentication.getOnlineTicket().getTicketId())
|
||||
.claim("kid", jwtSignerService.getDefaultSignerKeyId())
|
||||
.claim("institution", userInfo.getInstId())
|
||||
.build();
|
||||
|
||||
_logger.debug("jwt Claims : "+jwtClaims);
|
||||
|
||||
JWT jwtToken = new PlainJWT(jwtClaims);
|
||||
|
||||
JWSAlgorithm signingAlg = jwtSignerService.getDefaultSigningAlgorithm();
|
||||
|
||||
//get PublicKey
|
||||
/*Map<String, JWK> jwkMap=jwtSignerService.getAllPublicKeys();
|
||||
|
||||
JWK jwk=jwkMap.get("connsec_rsa1");
|
||||
|
||||
_logger.debug("isPrivate "+jwk.isPrivate());*/
|
||||
|
||||
_logger.debug(" signingAlg "+signingAlg);
|
||||
|
||||
jwtToken = new SignedJWT(new JWSHeader(signingAlg), jwtClaims);
|
||||
// sign it with the server's key
|
||||
jwtSignerService.signJwt((SignedJWT) jwtToken);
|
||||
|
||||
String tokenString=jwtToken.serialize();
|
||||
_logger.debug("jwt Token : "+tokenString);
|
||||
|
||||
return tokenString;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String encrypt(String data, String algorithmKey, String algorithm) {
|
||||
return super.encrypt(data, algorithmKey, algorithm);
|
||||
}
|
||||
|
||||
@Override
|
||||
public ModelAndView authorize(UserInfo userInfo, Object app, String data,ModelAndView modelAndView) {
|
||||
modelAndView.setViewName("authorize/jwt_sso_submint");
|
||||
AppsJwtDetails details=(AppsJwtDetails)app;
|
||||
modelAndView.addObject("action", details.getRedirectUri());
|
||||
|
||||
modelAndView.addObject("token",data );
|
||||
return modelAndView;
|
||||
}
|
||||
}
|
||||
@@ -1,124 +0,0 @@
|
||||
/*
|
||||
* Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
|
||||
package org.maxkey.authz.jwt.endpoint.adapter;
|
||||
|
||||
import java.util.Arrays;
|
||||
import java.util.Date;
|
||||
import java.util.UUID;
|
||||
|
||||
import org.joda.time.DateTime;
|
||||
import org.maxkey.authn.SigninPrincipal;
|
||||
import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
|
||||
import org.maxkey.configuration.oidc.OIDCProviderMetadata;
|
||||
import org.maxkey.crypto.jwt.signer.service.JwtSigningAndValidationService;
|
||||
import org.maxkey.crypto.jwt.signer.service.impl.SymmetricSigningAndValidationServiceBuilder;
|
||||
import org.maxkey.crypto.password.PasswordReciprocal;
|
||||
import org.maxkey.entity.UserInfo;
|
||||
import org.maxkey.entity.apps.Apps;
|
||||
import org.maxkey.entity.apps.AppsJwtDetails;
|
||||
import org.maxkey.web.WebConstants;
|
||||
import org.maxkey.web.WebContext;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.web.servlet.ModelAndView;
|
||||
|
||||
import com.nimbusds.jose.JWSAlgorithm;
|
||||
import com.nimbusds.jose.JWSHeader;
|
||||
import com.nimbusds.jwt.JWT;
|
||||
import com.nimbusds.jwt.JWTClaimsSet;
|
||||
import com.nimbusds.jwt.PlainJWT;
|
||||
import com.nimbusds.jwt.SignedJWT;
|
||||
|
||||
public class JwtHS256Adapter extends AbstractAuthorizeAdapter {
|
||||
final static Logger _logger = LoggerFactory.getLogger(JwtHS256Adapter.class);
|
||||
private SymmetricSigningAndValidationServiceBuilder symmetricJwtSignerServiceBuilder=new SymmetricSigningAndValidationServiceBuilder();
|
||||
|
||||
@Override
|
||||
public String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app) {
|
||||
AppsJwtDetails details=(AppsJwtDetails)app;
|
||||
|
||||
OIDCProviderMetadata providerMetadata= WebContext.getBean("oidcProviderMetadata",OIDCProviderMetadata.class);
|
||||
|
||||
DateTime currentDateTime=DateTime.now();
|
||||
|
||||
Date expirationTime=currentDateTime.plusMinutes(Integer.parseInt(details.getExpires())).toDate();
|
||||
_logger.debug("expiration Time : "+expirationTime);
|
||||
|
||||
JWTClaimsSet jwtClaims =new JWTClaimsSet.Builder()
|
||||
.issuer(providerMetadata.getIssuer())
|
||||
.subject(userInfo.getUsername())
|
||||
.audience(Arrays.asList(details.getId()))
|
||||
.jwtID(UUID.randomUUID().toString())
|
||||
.issueTime(currentDateTime.toDate())
|
||||
.expirationTime(expirationTime)
|
||||
.claim("email", userInfo.getWorkEmail())
|
||||
.claim("name", userInfo.getUsername())
|
||||
.claim("user_id", userInfo.getId())
|
||||
.claim(WebConstants.ONLINE_TICKET_NAME, authentication.getOnlineTicket().getTicketId())
|
||||
.claim("external_id", userInfo.getId())
|
||||
.claim("locale", userInfo.getLocale())
|
||||
.claim("kid", "SYMMETRIC-KEY")
|
||||
.claim("institution", userInfo.getInstId())
|
||||
.build();
|
||||
|
||||
_logger.debug("jwt Claims : "+jwtClaims);
|
||||
|
||||
JWT jwtToken = new PlainJWT(jwtClaims);
|
||||
|
||||
String sharedSecret=PasswordReciprocal.getInstance().decoder(details.getAlgorithmKey());
|
||||
|
||||
_logger.debug("jwt sharedSecret : "+sharedSecret);
|
||||
|
||||
JwtSigningAndValidationService symmetricJwtSignerService =symmetricJwtSignerServiceBuilder.serviceBuilder(sharedSecret);
|
||||
if(symmetricJwtSignerService!=null){
|
||||
jwtToken = new SignedJWT(new JWSHeader(JWSAlgorithm.HS256), jwtClaims);
|
||||
symmetricJwtSignerService.signJwt((SignedJWT) jwtToken);
|
||||
}
|
||||
|
||||
String tokenString=jwtToken.serialize();
|
||||
_logger.debug("jwt Token : "+tokenString);
|
||||
|
||||
return tokenString;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String encrypt(String data, String algorithmKey, String algorithm) {
|
||||
return data;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String sign(String data, Apps app) {
|
||||
|
||||
return data;
|
||||
}
|
||||
|
||||
@Override
|
||||
public ModelAndView authorize(UserInfo userInfo, Object app, String data,ModelAndView modelAndView) {
|
||||
modelAndView.setViewName("authorize/jwt_sso_submint");
|
||||
AppsJwtDetails details=(AppsJwtDetails)app;
|
||||
modelAndView.addObject("action", details.getRedirectUri());
|
||||
_logger.debug("jwt Token data : "+data);
|
||||
|
||||
modelAndView.addObject("token",data);
|
||||
|
||||
//return_to
|
||||
|
||||
return modelAndView;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -20,14 +20,17 @@
|
||||
*/
|
||||
package org.maxkey.authz.token.endpoint;
|
||||
|
||||
import java.lang.reflect.InvocationTargetException;
|
||||
|
||||
import javax.servlet.http.Cookie;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.apache.commons.beanutils.BeanUtils;
|
||||
import org.maxkey.authn.SigninPrincipal;
|
||||
import org.maxkey.authz.endpoint.AuthorizeBaseEndpoint;
|
||||
import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
|
||||
import org.maxkey.authz.jwt.endpoint.adapter.JwtDefaultAdapter;
|
||||
import org.maxkey.authz.jwt.endpoint.adapter.JwtAdapter;
|
||||
import org.maxkey.configuration.ApplicationConfig;
|
||||
import org.maxkey.constants.ConstsBoolean;
|
||||
import org.maxkey.entity.apps.Apps;
|
||||
@@ -59,8 +62,6 @@ public class JwtAuthorizeEndpoint extends AuthorizeBaseEndpoint{
|
||||
@Autowired
|
||||
AppsJwtDetailsService jwtDetailsService;
|
||||
|
||||
JwtDefaultAdapter jwtDefaultAdapter=new JwtDefaultAdapter();
|
||||
|
||||
@Autowired
|
||||
ApplicationConfig applicationConfig;
|
||||
|
||||
@@ -83,44 +84,36 @@ public class JwtAuthorizeEndpoint extends AuthorizeBaseEndpoint{
|
||||
|
||||
AbstractAuthorizeAdapter adapter;
|
||||
if(ConstsBoolean.isTrue(jwtDetails.getIsAdapter())){
|
||||
adapter =(AbstractAuthorizeAdapter)Instance.newInstance(jwtDetails.getAdapter());
|
||||
Object jwtAdapter = Instance.newInstance(jwtDetails.getAdapter());
|
||||
try {
|
||||
BeanUtils.setProperty(jwtAdapter, "jwtDetails", jwtDetails);
|
||||
} catch (IllegalAccessException | InvocationTargetException e) {
|
||||
_logger.error("setProperty error . ", e);
|
||||
}
|
||||
adapter = (AbstractAuthorizeAdapter)jwtAdapter;
|
||||
}else{
|
||||
adapter =(AbstractAuthorizeAdapter)jwtDefaultAdapter;
|
||||
JwtAdapter jwtAdapter =new JwtAdapter(jwtDetails);
|
||||
adapter = (AbstractAuthorizeAdapter)jwtAdapter;
|
||||
}
|
||||
|
||||
String tokenData=adapter.generateInfo(
|
||||
(SigninPrincipal)WebContext.getAuthentication().getPrincipal(),
|
||||
WebContext.getUserInfo(),
|
||||
jwtDetails);
|
||||
adapter.setAuthentication((SigninPrincipal)WebContext.getAuthentication().getPrincipal());
|
||||
adapter.setUserInfo(WebContext.getUserInfo());
|
||||
|
||||
String encryptTokenData=adapter.encrypt(
|
||||
tokenData,
|
||||
jwtDetails.getAlgorithmKey(),
|
||||
jwtDetails.getAlgorithm());
|
||||
|
||||
String signTokenData=adapter.sign(
|
||||
encryptTokenData,
|
||||
jwtDetails);
|
||||
adapter.generateInfo();
|
||||
//sign
|
||||
adapter.sign(null,jwtDetails.getSignatureKey(), jwtDetails.getSignature());
|
||||
//encrypt
|
||||
adapter.encrypt(null, jwtDetails.getAlgorithmKey(), jwtDetails.getAlgorithm());
|
||||
|
||||
if(jwtDetails.getTokenType().equalsIgnoreCase("POST")) {
|
||||
modelAndView=adapter.authorize(
|
||||
WebContext.getUserInfo(),
|
||||
jwtDetails,
|
||||
signTokenData,
|
||||
modelAndView);
|
||||
|
||||
return modelAndView;
|
||||
return adapter.authorize(modelAndView);
|
||||
}else {
|
||||
_logger.debug("Cookie Name : {}" , jwtDetails.getJwtName());
|
||||
|
||||
String cookieValue="";
|
||||
cookieValue=signTokenData;
|
||||
Cookie cookie= new Cookie(jwtDetails.getJwtName(),adapter.serialize());
|
||||
|
||||
_logger.debug("Cookie Name : "+jwtDetails.getCookieName());
|
||||
|
||||
Cookie cookie= new Cookie(jwtDetails.getCookieName(),cookieValue);
|
||||
|
||||
Integer maxAge=Integer.parseInt(jwtDetails.getExpires())*60;
|
||||
_logger.debug("Cookie Max Age :"+maxAge+" seconds.");
|
||||
Integer maxAge = Integer.parseInt(jwtDetails.getExpires()) * 60;
|
||||
_logger.debug("Cookie Max Age : {} seconds." , maxAge);
|
||||
cookie.setMaxAge(maxAge);
|
||||
|
||||
cookie.setPath("/");
|
||||
@@ -129,7 +122,7 @@ public class JwtAuthorizeEndpoint extends AuthorizeBaseEndpoint{
|
||||
//tomcat 8.5
|
||||
cookie.setDomain(applicationConfig.getBaseDomainName());
|
||||
|
||||
_logger.debug("Sub Domain Name : "+"."+applicationConfig.getBaseDomainName());
|
||||
_logger.debug("Sub Domain Name : .{}",applicationConfig.getBaseDomainName());
|
||||
response.addCookie(cookie);
|
||||
|
||||
if(jwtDetails.getRedirectUri().indexOf(applicationConfig.getBaseDomainName())>-1){
|
||||
|
||||
Reference in New Issue
Block a user