AuthorizationUtils
This commit is contained in:
MaxKey
@@ -19,7 +19,7 @@ package org.maxkey.authz.oauth2.provider.approval.endpoint;
|
||||
|
||||
import java.util.LinkedHashMap;
|
||||
import java.util.Map;
|
||||
import org.maxkey.authn.SigninPrincipal;
|
||||
import org.maxkey.authn.web.AuthorizationUtils;
|
||||
import org.maxkey.authz.oauth2.common.OAuth2Constants;
|
||||
import org.maxkey.authz.oauth2.provider.AuthorizationRequest;
|
||||
import org.maxkey.authz.oauth2.provider.ClientDetailsService;
|
||||
@@ -95,8 +95,7 @@ public class OAuth20AccessConfirmationEndpoint {
|
||||
for (String scope : clientAuth.getScope()) {
|
||||
scopes.put(OAuth2Constants.PARAMETER.SCOPE_PREFIX + scope, "false");
|
||||
}
|
||||
String principal =
|
||||
((SigninPrincipal) WebContext.getAuthentication().getPrincipal()).getUsername();
|
||||
String principal = AuthorizationUtils.getPrincipal().getUsername();
|
||||
for (Approval approval : approvalStore.getApprovals(principal, client.getClientId())) {
|
||||
if (clientAuth.getScope().contains(approval.getScope())) {
|
||||
scopes.put(OAuth2Constants.PARAMETER.SCOPE_PREFIX + approval.getScope(),
|
||||
|
||||
@@ -22,6 +22,8 @@ import java.util.Map;
|
||||
import java.util.Set;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.maxkey.authn.web.AuthorizationUtils;
|
||||
import org.maxkey.authz.oauth2.common.OAuth2AccessToken;
|
||||
import org.maxkey.authz.oauth2.common.OAuth2Constants;
|
||||
import org.maxkey.authz.oauth2.common.exceptions.InvalidClientException;
|
||||
@@ -150,7 +152,7 @@ public class AuthorizationEndpoint extends AbstractEndpoint {
|
||||
@RequestParam Map<String, String> parameters,
|
||||
SessionStatus sessionStatus) {
|
||||
|
||||
Principal principal=(Principal)WebContext.getAuthentication();
|
||||
Principal principal=(Principal)AuthorizationUtils.getAuthentication();
|
||||
// Pull out the authorization request first, using the OAuth2RequestFactory. All further logic should
|
||||
// query off of the authorization request instead of referring back to the parameters map. The contents of the
|
||||
// parameters map will be stored without change in the AuthorizationRequest object once it is created.
|
||||
@@ -241,7 +243,7 @@ public class AuthorizationEndpoint extends AbstractEndpoint {
|
||||
Map<String, ?> model,
|
||||
SessionStatus sessionStatus) {
|
||||
|
||||
Principal principal=(Principal)WebContext.getAuthentication();
|
||||
Principal principal=(Principal)AuthorizationUtils.getAuthentication();
|
||||
if (!(principal instanceof Authentication)) {
|
||||
sessionStatus.setComplete();
|
||||
throw new InsufficientAuthenticationException(
|
||||
|
||||
@@ -23,6 +23,7 @@ import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
import org.maxkey.authn.SigninPrincipal;
|
||||
import org.maxkey.authn.web.AuthorizationUtils;
|
||||
import org.maxkey.authz.oauth2.common.DefaultOAuth2AccessToken;
|
||||
import org.maxkey.authz.oauth2.common.OAuth2AccessToken;
|
||||
import org.maxkey.authz.oauth2.common.OAuth2Constants;
|
||||
@@ -38,7 +39,6 @@ import org.maxkey.authz.oauth2.provider.TokenRequest;
|
||||
import org.maxkey.authz.oauth2.provider.request.DefaultOAuth2RequestValidator;
|
||||
import org.maxkey.entity.apps.oauth2.provider.ClientDetails;
|
||||
import org.maxkey.util.StringGenerator;
|
||||
import org.maxkey.web.WebContext;
|
||||
import org.springframework.http.HttpHeaders;
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.http.HttpStatus;
|
||||
@@ -114,7 +114,7 @@ public class TokenEndpoint extends AbstractEndpoint {
|
||||
// TokenEndpointAuthenticationFilter
|
||||
OAuth2AccessToken token = null;
|
||||
try {
|
||||
Object principal = WebContext.getAuthentication();
|
||||
Object principal = AuthorizationUtils.getAuthentication();
|
||||
|
||||
if (!(principal instanceof Authentication)) {
|
||||
throw new InsufficientAuthenticationException(
|
||||
|
||||
@@ -32,6 +32,7 @@ import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.maxkey.authn.SigninPrincipal;
|
||||
import org.maxkey.authn.web.AuthorizationUtils;
|
||||
import org.maxkey.authz.oauth2.common.OAuth2Constants;
|
||||
import org.maxkey.authz.oauth2.common.util.OAuth2Utils;
|
||||
import org.maxkey.authz.oauth2.provider.AuthorizationRequest;
|
||||
@@ -154,7 +155,7 @@ public class TokenEndpointAuthenticationFilter implements Filter {
|
||||
}
|
||||
auth.setAuthenticated(true);
|
||||
UsernamePasswordAuthenticationToken simpleUserAuthentication = new UsernamePasswordAuthenticationToken(auth, authentication.getCredentials(), authentication.getAuthorities());
|
||||
WebContext.setAuthentication(simpleUserAuthentication);
|
||||
AuthorizationUtils.setAuthentication(simpleUserAuthentication);
|
||||
}
|
||||
|
||||
}
|
||||
@@ -208,7 +209,7 @@ public class TokenEndpointAuthenticationFilter implements Filter {
|
||||
|
||||
OAuth2Request storedOAuth2Request = oAuth2RequestFactory.createOAuth2Request(authorizationRequest);
|
||||
|
||||
WebContext.setAuthentication(new OAuth2Authentication(storedOAuth2Request, authResult));
|
||||
AuthorizationUtils.setAuthentication(new OAuth2Authentication(storedOAuth2Request, authResult));
|
||||
|
||||
onSuccessfulAuthentication(request, response, authResult);
|
||||
|
||||
|
||||
@@ -30,6 +30,7 @@ import java.util.UUID;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.joda.time.DateTime;
|
||||
import org.joda.time.format.DateTimeFormat;
|
||||
import org.maxkey.authn.web.AuthorizationUtils;
|
||||
import org.maxkey.authz.oauth2.common.DefaultOAuth2AccessToken;
|
||||
import org.maxkey.authz.oauth2.common.OAuth2AccessToken;
|
||||
import org.maxkey.authz.oauth2.provider.ClientDetailsService;
|
||||
@@ -40,7 +41,6 @@ import org.maxkey.configuration.oidc.OIDCProviderMetadata;
|
||||
import org.maxkey.crypto.jwt.encryption.service.impl.DefaultJwtEncryptionAndDecryptionService;
|
||||
import org.maxkey.crypto.jwt.signer.service.impl.DefaultJwtSigningAndValidationService;
|
||||
import org.maxkey.entity.apps.oauth2.provider.ClientDetails;
|
||||
import org.maxkey.web.WebContext;
|
||||
|
||||
import com.nimbusds.jose.util.Base64URL;
|
||||
import org.slf4j.Logger;
|
||||
@@ -125,7 +125,7 @@ public class OIDCIdTokenEnhancer implements TokenEnhancer {
|
||||
if (request.getExtensions().containsKey("max_age")
|
||||
|| (request.getExtensions().containsKey("idtoken")) // parse the ID Token claims (#473) -- for now assume it could be in there
|
||||
) {
|
||||
DateTime loginDate = DateTime.parse(WebContext.getUserInfo().getLastLoginTime(), DateTimeFormat.forPattern("yyyy-MM-dd HH:mm:ss"));
|
||||
DateTime loginDate = DateTime.parse(AuthorizationUtils.getUserInfo().getLastLoginTime(), DateTimeFormat.forPattern("yyyy-MM-dd HH:mm:ss"));
|
||||
builder.claim("auth_time", loginDate.getMillis()/1000);
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user