AuthorizationUtils
This commit is contained in:
MaxKey
@@ -22,14 +22,15 @@ import java.util.HashMap;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.maxkey.authn.SigninPrincipal;
|
||||
import org.maxkey.authn.annotation.CurrentUser;
|
||||
import org.maxkey.authn.web.AuthorizationUtils;
|
||||
import org.maxkey.authz.saml.common.AuthnRequestInfo;
|
||||
import org.maxkey.authz.saml.common.EndpointGenerator;
|
||||
import org.maxkey.authz.saml20.binding.BindingAdapter;
|
||||
import org.maxkey.authz.saml20.provider.xml.AuthnResponseGenerator;
|
||||
import org.maxkey.entity.UserInfo;
|
||||
import org.maxkey.entity.apps.AppsSAML20Details;
|
||||
import org.maxkey.web.WebConstants;
|
||||
import org.maxkey.web.WebContext;
|
||||
import org.opensaml.saml2.core.Response;
|
||||
import org.opensaml.saml2.metadata.Endpoint;
|
||||
import org.opensaml.ws.message.encoder.MessageEncodingException;
|
||||
@@ -57,7 +58,10 @@ public class AssertionEndpoint {
|
||||
AuthnResponseGenerator authnResponseGenerator;
|
||||
|
||||
@RequestMapping(value = "/authz/saml20/assertion")
|
||||
public ModelAndView assertion(HttpServletRequest request,HttpServletResponse response) throws Exception {
|
||||
public ModelAndView assertion(
|
||||
HttpServletRequest request,
|
||||
HttpServletResponse response,
|
||||
@CurrentUser UserInfo currentUser) throws Exception {
|
||||
logger.debug("saml20 assertion start.");
|
||||
bindingAdapter = (BindingAdapter) request.getSession().getAttribute(
|
||||
WebConstants.AUTHORIZE_SIGN_ON_APP_SAMLV20_ADAPTER);
|
||||
@@ -74,14 +78,15 @@ public class AssertionEndpoint {
|
||||
logger.debug("AuthnRequestInfo: {}", authnRequestInfo);
|
||||
HashMap <String,String>attributeMap=new HashMap<String,String>();
|
||||
attributeMap.put(WebConstants.ONLINE_TICKET_NAME,
|
||||
((SigninPrincipal)WebContext.getAuthentication().getPrincipal()).getOnlineTicket().getTicketId());
|
||||
AuthorizationUtils.getPrincipal().getOnlineTicket().getTicketId());
|
||||
|
||||
//saml20Details
|
||||
Response authResponse = authnResponseGenerator.generateAuthnResponse(
|
||||
saml20Details,
|
||||
authnRequestInfo,
|
||||
attributeMap,
|
||||
bindingAdapter);
|
||||
bindingAdapter,
|
||||
currentUser);
|
||||
|
||||
Endpoint endpoint = endpointGenerator.generateEndpoint(saml20Details.getSpAcsUrl());
|
||||
|
||||
|
||||
@@ -21,10 +21,12 @@ import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
|
||||
import org.joda.time.DateTime;
|
||||
import org.maxkey.authn.web.AuthorizationUtils;
|
||||
import org.maxkey.authz.saml.service.IDService;
|
||||
import org.maxkey.authz.saml.service.TimeService;
|
||||
import org.maxkey.authz.saml20.binding.BindingAdapter;
|
||||
import org.maxkey.authz.saml20.xml.IssuerGenerator;
|
||||
import org.maxkey.entity.UserInfo;
|
||||
import org.maxkey.entity.apps.AppsSAML20Details;
|
||||
import org.maxkey.web.WebContext;
|
||||
import org.opensaml.Configuration;
|
||||
@@ -79,7 +81,8 @@ public class AssertionGenerator {
|
||||
String inResponseTo,
|
||||
String audienceUrl,
|
||||
int validInSeconds,
|
||||
HashMap<String,String>attributeMap
|
||||
HashMap<String,String>attributeMap,
|
||||
UserInfo userInfo
|
||||
) {
|
||||
|
||||
Assertion assertion = new AssertionBuilder().buildObject();;
|
||||
@@ -88,7 +91,8 @@ public class AssertionGenerator {
|
||||
saml20Details,
|
||||
assertionConsumerURL,
|
||||
inResponseTo,
|
||||
validInSeconds);
|
||||
validInSeconds,
|
||||
userInfo);
|
||||
assertion.setSubject(subject);
|
||||
//issuer
|
||||
Issuer issuer = issuerGenerator.generateIssuer();
|
||||
@@ -100,11 +104,15 @@ public class AssertionGenerator {
|
||||
//AttributeStatements
|
||||
ArrayList<GrantedAuthority> grantedAuthoritys = new ArrayList<GrantedAuthority>();
|
||||
grantedAuthoritys.add(new SimpleGrantedAuthority("ROLE_USER"));
|
||||
for(GrantedAuthority anthGrantedAuthority: ((UsernamePasswordAuthenticationToken)WebContext.getAuthentication()).getAuthorities()){
|
||||
for(GrantedAuthority anthGrantedAuthority: ((UsernamePasswordAuthenticationToken)AuthorizationUtils.getAuthentication()).getAuthorities()){
|
||||
grantedAuthoritys.add(anthGrantedAuthority);
|
||||
}
|
||||
AttributeStatement attributeStatement =attributeStatementGenerator.generateAttributeStatement(
|
||||
saml20Details, grantedAuthoritys,attributeMap);
|
||||
AttributeStatement attributeStatement =
|
||||
attributeStatementGenerator.generateAttributeStatement(
|
||||
saml20Details,
|
||||
grantedAuthoritys,
|
||||
attributeMap,
|
||||
userInfo);
|
||||
assertion.getAttributeStatements().add(attributeStatement);
|
||||
//ID
|
||||
assertion.setID(idService.generateID());
|
||||
|
||||
@@ -30,7 +30,6 @@ import org.maxkey.entity.ExtraAttr;
|
||||
import org.maxkey.entity.ExtraAttrs;
|
||||
import org.maxkey.entity.UserInfo;
|
||||
import org.maxkey.entity.apps.AppsSAML20Details;
|
||||
import org.maxkey.web.WebContext;
|
||||
import org.opensaml.Configuration;
|
||||
import org.opensaml.saml2.core.Attribute;
|
||||
import org.opensaml.saml2.core.AttributeStatement;
|
||||
@@ -52,15 +51,20 @@ public class AttributeStatementGenerator {
|
||||
public static String COMMA = ",";
|
||||
public static String COMMA_ISO8859_1 = "#44;"; //#44; ->,
|
||||
|
||||
public AttributeStatement generateAttributeStatement(AppsSAML20Details saml20Details,ArrayList<GrantedAuthority> grantedAuthoritys) {
|
||||
return generateAttributeStatement(saml20Details, grantedAuthoritys,null);
|
||||
public AttributeStatement generateAttributeStatement(
|
||||
AppsSAML20Details saml20Details,
|
||||
ArrayList<GrantedAuthority> grantedAuthoritys,
|
||||
UserInfo userInfo) {
|
||||
return generateAttributeStatement(
|
||||
saml20Details, grantedAuthoritys,null,userInfo);
|
||||
|
||||
}
|
||||
|
||||
public AttributeStatement generateAttributeStatement(
|
||||
AppsSAML20Details saml20Details,
|
||||
ArrayList<GrantedAuthority> grantedAuthoritys,
|
||||
HashMap<String,String>attributeMap) {
|
||||
HashMap<String,String>attributeMap,
|
||||
UserInfo userInfo) {
|
||||
|
||||
AttributeStatementBuilder attributeStatementBuilder = (AttributeStatementBuilder) builderFactory.getBuilder(AttributeStatement.DEFAULT_ELEMENT_NAME);
|
||||
AttributeStatement attributeStatement = attributeStatementBuilder.buildObject();
|
||||
@@ -68,7 +72,7 @@ public class AttributeStatementGenerator {
|
||||
Attribute attributeGrantedAuthority=builderGrantedAuthority(grantedAuthoritys);
|
||||
attributeStatement.getAttributes().add(attributeGrantedAuthority);
|
||||
|
||||
putUserAttributes(attributeMap);
|
||||
putUserAttributes(attributeMap,userInfo);
|
||||
|
||||
if(null!=attributeMap){
|
||||
Iterator<Entry<String, String>> iterator = attributeMap.entrySet().iterator();
|
||||
@@ -137,8 +141,9 @@ public class AttributeStatementGenerator {
|
||||
return xsStringValue;
|
||||
}
|
||||
|
||||
public HashMap <String,String> putUserAttributes(HashMap <String,String> attributeMap){
|
||||
UserInfo userInfo = WebContext.getUserInfo();
|
||||
public HashMap <String,String> putUserAttributes(
|
||||
HashMap <String,String> attributeMap,
|
||||
UserInfo userInfo){
|
||||
attributeMap.put(ActiveDirectoryUser.USERNAME, userInfo.getUsername());
|
||||
attributeMap.put(ActiveDirectoryUser.UID, userInfo.getUsername());
|
||||
|
||||
|
||||
@@ -26,6 +26,7 @@ import org.maxkey.authz.saml.service.TimeService;
|
||||
import org.maxkey.authz.saml20.binding.BindingAdapter;
|
||||
import org.maxkey.authz.saml20.xml.IssuerGenerator;
|
||||
import org.maxkey.constants.ConstsBoolean;
|
||||
import org.maxkey.entity.UserInfo;
|
||||
import org.maxkey.entity.apps.AppsSAML20Details;
|
||||
import org.opensaml.Configuration;
|
||||
import org.opensaml.saml2.core.Assertion;
|
||||
@@ -64,7 +65,8 @@ public class AuthnResponseGenerator {
|
||||
public Response generateAuthnResponse( AppsSAML20Details saml20Details,
|
||||
AuthnRequestInfo authnRequestInfo,
|
||||
HashMap<String,String>attributeMap,
|
||||
BindingAdapter bindingAdapter){
|
||||
BindingAdapter bindingAdapter,
|
||||
UserInfo currentUser){
|
||||
|
||||
Response authResponse = new ResponseBuilder().buildObject();
|
||||
//builder Assertion
|
||||
@@ -75,7 +77,8 @@ public class AuthnResponseGenerator {
|
||||
authnRequestInfo.getAuthnRequestID(),
|
||||
saml20Details.getAudience(),
|
||||
Integer.parseInt(saml20Details.getValidityInterval()),
|
||||
attributeMap);
|
||||
attributeMap,
|
||||
currentUser);
|
||||
|
||||
//Encrypt
|
||||
if(ConstsBoolean.isYes(saml20Details.getEncrypted())) {
|
||||
|
||||
@@ -47,8 +47,8 @@ public class SubjectGenerator {
|
||||
public Subject generateSubject( AppsSAML20Details saml20Details,
|
||||
String assertionConsumerURL,
|
||||
String inResponseTo,
|
||||
int validInSeconds) {
|
||||
UserInfo userInfo = WebContext.getUserInfo();
|
||||
int validInSeconds,
|
||||
UserInfo userInfo) {
|
||||
String nameIdValue = userInfo.getUsername();
|
||||
if(saml20Details.getNameidFormat().equalsIgnoreCase("persistent")) {
|
||||
|
||||
|
||||
Reference in New Issue
Block a user