#IAZNZS oauth2单点注销没有生效修复
This commit is contained in:
shimingxy
@@ -20,22 +20,21 @@ package org.dromara.maxkey.authz.singlelogout;
|
||||
import java.util.HashMap;
|
||||
import java.util.UUID;
|
||||
|
||||
import org.dromara.maxkey.authn.SignPrincipal;
|
||||
import org.dromara.maxkey.entity.apps.Apps;
|
||||
import org.dromara.maxkey.authn.session.VisitedDto;
|
||||
import org.dromara.maxkey.util.DateUtils;
|
||||
import org.springframework.security.core.Authentication;
|
||||
|
||||
public class DefaultSingleLogout extends SingleLogout{
|
||||
|
||||
@Override
|
||||
public void sendRequest(Authentication authentication,Apps logoutApp) {
|
||||
public void sendRequest(Authentication authentication,VisitedDto visited) {
|
||||
HashMap<String,Object> logoutParameters = new HashMap<String,Object>();
|
||||
logoutParameters.put("id", UUID.randomUUID().toString());
|
||||
logoutParameters.put("principal", authentication.getName());
|
||||
logoutParameters.put("request", "logoutRequest");
|
||||
logoutParameters.put("issueInstant", DateUtils.getCurrentDateAsString(DateUtils.FORMAT_DATE_ISO_TIMESTAMP));
|
||||
logoutParameters.put("ticket", ((SignPrincipal)authentication.getPrincipal()).getSessionId());
|
||||
postMessage(logoutApp.getLogoutUrl(),logoutParameters);
|
||||
logoutParameters.put("ticket", visited.getTicket());
|
||||
postMessage(visited.getLogoutUrl(),logoutParameters);
|
||||
|
||||
}
|
||||
|
||||
|
||||
@@ -20,7 +20,7 @@ package org.dromara.maxkey.authz.singlelogout;
|
||||
import java.util.HashMap;
|
||||
import java.util.UUID;
|
||||
|
||||
import org.dromara.maxkey.entity.apps.Apps;
|
||||
import org.dromara.maxkey.authn.session.VisitedDto;
|
||||
import org.dromara.maxkey.util.DateUtils;
|
||||
import org.springframework.security.core.Authentication;
|
||||
|
||||
@@ -43,17 +43,17 @@ public class SamlSingleLogout extends SingleLogout{
|
||||
+ "</saml:NameID><samlp:SessionIndex>%s</samlp:SessionIndex></samlp:LogoutRequest>";
|
||||
|
||||
@Override
|
||||
public void sendRequest(Authentication authentication,Apps logoutApp) {
|
||||
public void sendRequest(Authentication authentication,VisitedDto visited) {
|
||||
String requestMessage = String.format(logoutRequestMessage,
|
||||
UUID.randomUUID().toString(),
|
||||
DateUtils.getCurrentDateAsString(DateUtils.FORMAT_DATE_ISO_TIMESTAMP),
|
||||
authentication.getName(),
|
||||
logoutApp.getOnlineTicket()
|
||||
visited.getTicket()
|
||||
);
|
||||
|
||||
HashMap<String,Object> logoutParameters = new HashMap<String,Object>();
|
||||
logoutParameters.put(LOGOUT_REQUEST_PARAMETER, requestMessage);
|
||||
postMessage(logoutApp.getLogoutUrl(),logoutParameters);
|
||||
postMessage(visited.getLogoutUrl(),logoutParameters);
|
||||
}
|
||||
|
||||
public SamlSingleLogout() {
|
||||
|
||||
@@ -19,7 +19,7 @@ package org.dromara.maxkey.authz.singlelogout;
|
||||
|
||||
import java.util.Map;
|
||||
|
||||
import org.dromara.maxkey.entity.apps.Apps;
|
||||
import org.dromara.maxkey.authn.session.VisitedDto;
|
||||
import org.dromara.maxkey.web.HttpRequestAdapter;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
@@ -28,7 +28,7 @@ import org.springframework.security.core.Authentication;
|
||||
public abstract class SingleLogout {
|
||||
private static final Logger _logger = LoggerFactory.getLogger(SingleLogout.class);
|
||||
|
||||
public abstract void sendRequest(Authentication authentication,Apps logoutApp) ;
|
||||
public abstract void sendRequest(Authentication authentication,VisitedDto visited) ;
|
||||
|
||||
public void postMessage(String url,Map<String, Object> paramMap) {
|
||||
_logger.debug("post logout message to url {}" , url);
|
||||
|
||||
@@ -24,7 +24,7 @@ import java.security.Principal;
|
||||
import java.util.Map;
|
||||
import java.util.Map.Entry;
|
||||
|
||||
import org.dromara.maxkey.authn.session.Session;
|
||||
import org.dromara.maxkey.authn.session.VisitedDto;
|
||||
import org.dromara.maxkey.authn.web.AuthorizationUtils;
|
||||
import org.dromara.maxkey.authz.cas.endpoint.ticket.CasConstants;
|
||||
import org.dromara.maxkey.authz.cas.endpoint.ticket.ServiceTicketImpl;
|
||||
@@ -155,15 +155,9 @@ public class CasAuthorizeEndpoint extends CasBaseAuthorizeEndpoint{
|
||||
if(casDetails.getLogoutType()==LogoutType.BACK_CHANNEL) {
|
||||
_logger.debug("CAS LogoutType BACK_CHANNEL ... ");
|
||||
String sessionId = AuthorizationUtils.getPrincipal().getSessionId();
|
||||
_logger.trace("get session by id {} . ",sessionId);
|
||||
Session session = sessionManager.get(sessionId);
|
||||
_logger.trace("current session {} ",session);
|
||||
//set cas ticket as OnlineTicketId
|
||||
casDetails.setOnlineTicket(ticket);
|
||||
session.setAuthorizedApp(casDetails);
|
||||
_logger.trace("session store ticket {} .",ticket);
|
||||
sessionManager.create(sessionId, session);
|
||||
_logger.debug("CAS LogoutType session store ticket to AuthorizedApp .");
|
||||
VisitedDto visited = new VisitedDto(casDetails,ticket);
|
||||
sessionManager.visited(sessionId, visited);
|
||||
_logger.debug("App id {} , name {} , CAS LogoutType BACK_CHANNEL ... " , casDetails.getId(),casDetails.getAppName());
|
||||
}
|
||||
|
||||
_logger.debug("redirect to CAS Client URL {}" , callbackUrl);
|
||||
|
||||
@@ -17,11 +17,15 @@ import java.util.Date;
|
||||
import java.util.Set;
|
||||
import java.util.UUID;
|
||||
|
||||
import org.dromara.maxkey.authn.SignPrincipal;
|
||||
import org.dromara.maxkey.authn.session.SessionManager;
|
||||
import org.dromara.maxkey.authn.session.VisitedDto;
|
||||
import org.dromara.maxkey.authz.oauth2.common.DefaultExpiringOAuth2RefreshToken;
|
||||
import org.dromara.maxkey.authz.oauth2.common.DefaultOAuth2AccessToken;
|
||||
import org.dromara.maxkey.authz.oauth2.common.DefaultOAuth2RefreshToken;
|
||||
import org.dromara.maxkey.authz.oauth2.common.ExpiringOAuth2RefreshToken;
|
||||
import org.dromara.maxkey.authz.oauth2.common.OAuth2AccessToken;
|
||||
import org.dromara.maxkey.authz.oauth2.common.OAuth2Constants;
|
||||
import org.dromara.maxkey.authz.oauth2.common.OAuth2RefreshToken;
|
||||
import org.dromara.maxkey.authz.oauth2.common.exceptions.InvalidGrantException;
|
||||
import org.dromara.maxkey.authz.oauth2.common.exceptions.InvalidScopeException;
|
||||
@@ -31,7 +35,11 @@ import org.dromara.maxkey.authz.oauth2.provider.ClientRegistrationException;
|
||||
import org.dromara.maxkey.authz.oauth2.provider.OAuth2Authentication;
|
||||
import org.dromara.maxkey.authz.oauth2.provider.OAuth2Request;
|
||||
import org.dromara.maxkey.authz.oauth2.provider.TokenRequest;
|
||||
import org.dromara.maxkey.entity.apps.Apps;
|
||||
import org.dromara.maxkey.entity.apps.oauth2.provider.ClientDetails;
|
||||
import org.dromara.maxkey.persistence.service.AppsService;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.core.Authentication;
|
||||
@@ -54,6 +62,7 @@ import org.springframework.util.Assert;
|
||||
*/
|
||||
public class DefaultTokenServices implements AuthorizationServerTokenServices, ResourceServerTokenServices,
|
||||
ConsumerTokenServices, InitializingBean {
|
||||
static final Logger _logger = LoggerFactory.getLogger(DefaultTokenServices.class);
|
||||
|
||||
private int refreshTokenValiditySeconds = 60 * 60 * 24 * 30; // default 30 days.
|
||||
|
||||
@@ -70,6 +79,10 @@ public class DefaultTokenServices implements AuthorizationServerTokenServices, R
|
||||
private TokenEnhancer accessTokenEnhancer;
|
||||
|
||||
private AuthenticationManager authenticationManager;
|
||||
|
||||
private AppsService appsService;
|
||||
|
||||
private SessionManager sessionManager;
|
||||
|
||||
/**
|
||||
* Initialize these token services. If no random generator is set, one will be created.
|
||||
@@ -125,6 +138,18 @@ public class DefaultTokenServices implements AuthorizationServerTokenServices, R
|
||||
if (refreshToken != null) {
|
||||
tokenStore.storeRefreshToken(refreshToken, authentication);
|
||||
}
|
||||
//存储oauth、oidc等的token,用户退出时清除
|
||||
if(authentication.getUserAuthentication().getPrincipal() instanceof SignPrincipal principal) {
|
||||
_logger.debug("{}({}) , session {} access for logout clear ",
|
||||
principal.getUsername(),principal.getUserId(),principal.getSessionId());
|
||||
String clientId = authentication.getOAuth2Request().getRequestParameters().get(OAuth2Constants.PARAMETER.CLIENT_ID);
|
||||
_logger.debug("client_id {} token {}",clientId,accessToken);
|
||||
Apps app = appsService.get(clientId, true);
|
||||
VisitedDto visited = new VisitedDto(app,principal.getSessionId());
|
||||
visited.setToken(accessToken.getValue());
|
||||
visited.setRefreshToken(accessToken.getRefreshToken().getValue());
|
||||
sessionManager.visited(principal.getSessionId(), visited);
|
||||
}
|
||||
return accessToken;
|
||||
|
||||
}
|
||||
@@ -432,4 +457,13 @@ public class DefaultTokenServices implements AuthorizationServerTokenServices, R
|
||||
this.clientDetailsService = clientDetailsService;
|
||||
}
|
||||
|
||||
public void setAppsService(AppsService appsService) {
|
||||
this.appsService = appsService;
|
||||
}
|
||||
|
||||
public void setSessionManager(SessionManager sessionManager) {
|
||||
this.sessionManager = sessionManager;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
@@ -23,6 +23,7 @@ import java.security.spec.InvalidKeySpecException;
|
||||
|
||||
import javax.sql.DataSource;
|
||||
|
||||
import org.dromara.maxkey.authn.session.SessionManager;
|
||||
import org.dromara.maxkey.authz.oauth2.common.OAuth2Constants;
|
||||
import org.dromara.maxkey.authz.oauth2.provider.ClientDetailsService;
|
||||
import org.dromara.maxkey.authz.oauth2.provider.OAuth2UserDetailsService;
|
||||
@@ -48,6 +49,7 @@ import org.dromara.maxkey.crypto.jwt.encryption.service.impl.DefaultJwtEncryptio
|
||||
import org.dromara.maxkey.crypto.jwt.signer.service.impl.DefaultJwtSigningAndValidationService;
|
||||
import org.dromara.maxkey.persistence.redis.RedisConnectionFactory;
|
||||
import org.dromara.maxkey.persistence.repository.LoginRepository;
|
||||
import org.dromara.maxkey.persistence.service.AppsService;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
@@ -259,12 +261,16 @@ public class Oauth20AutoConfiguration implements InitializingBean {
|
||||
DefaultTokenServices defaultTokenServices(
|
||||
JdbcClientDetailsService oauth20JdbcClientDetailsService,
|
||||
TokenStore oauth20TokenStore,
|
||||
OIDCIdTokenEnhancer tokenEnhancer) {
|
||||
OIDCIdTokenEnhancer tokenEnhancer,
|
||||
AppsService appsService,
|
||||
SessionManager sessionManager) {
|
||||
DefaultTokenServices tokenServices = new DefaultTokenServices();
|
||||
tokenServices.setClientDetailsService(oauth20JdbcClientDetailsService);
|
||||
tokenServices.setTokenEnhancer(tokenEnhancer);
|
||||
tokenServices.setTokenStore(oauth20TokenStore);
|
||||
tokenServices.setSupportRefreshToken(true);
|
||||
tokenServices.setAppsService(appsService);
|
||||
tokenServices.setSessionManager(sessionManager);
|
||||
_logger.debug("OAuth 2 Token Services init.");
|
||||
return tokenServices;
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user