LiRuochen_WorkFlow/MaxKey
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

ONLINE_TICKET

Browse Source
This commit is contained in:
Crystal.Sea
2020-10-22 07:54:52 +08:00
parent 2ab0745441
commit 8df8c0dc06
23 changed files with 144 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas10AuthorizeEndpoint.java
View File

@@ -86,12 +86,19 @@ renew [OPTIONAL] - if this parameter is set, ticket validation will only succeed
@RequestParam(value = CasConstants.PARAMETER.SERVICE) String service,
@RequestParam(value = CasConstants.PARAMETER.RENEW,required=false) String renew
){
_logger.debug("serviceValidate "
+ " ticket " + ticket
+" , service " + service
+" , renew " + renew
);
Ticket storedTicket=null;
try {
storedTicket = ticketServices.consumeTicket(ticket);
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
_logger.error("consume Ticket error " , e);
}
if(storedTicket!=null){
@@ -101,6 +108,7 @@ renew [OPTIONAL] - if this parameter is set, ticket validation will only succeed
.setUser(principal)
.serviceResponseBuilder();
}else{
_logger.debug("Ticket not found .");
return new Service10ResponseBuilder().failure()
.serviceResponseBuilder();
}

27
maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas20AuthorizeEndpoint.java
View File

@@ -173,7 +173,14 @@ For all error codes, it is RECOMMENDED that CAS provide a more detailed message
@RequestParam(value = CasConstants.PARAMETER.PROXY_CALLBACK_URL,required=false) String pgtUrl,
@RequestParam(value = CasConstants.PARAMETER.RENEW,required=false) String renew,
@RequestParam(value = CasConstants.PARAMETER.FORMAT,required=false,defaultValue=CasConstants.FORMAT_TYPE.XML) String format){
_logger.debug("serviceValidate "
+ " ticket " + ticket
+" , service " + service
+" , pgtUrl " + pgtUrl
+" , renew " + renew
+" , format " + format
);
setContentType(request,response,format);
Ticket storedTicket=null;
@@ -186,13 +193,15 @@ For all error codes, it is RECOMMENDED that CAS provide a more detailed message
ServiceResponseBuilder serviceResponseBuilder=new ServiceResponseBuilder();
if(storedTicket!=null){
String principal=((BasicAuthentication)storedTicket.getAuthentication().getPrincipal()).getUsername();
BasicAuthentication authentication = ((BasicAuthentication)storedTicket.getAuthentication().getPrincipal());
String principal=authentication.getUsername();
_logger.debug("principal "+principal);
serviceResponseBuilder.success().setUser(principal);
if(Boolean.isTrue(storedTicket.getCasDetails().getIsAdapter())){
AbstractAuthorizeAdapter adapter =(AbstractAuthorizeAdapter)Instance.newInstance(storedTicket.getCasDetails().getAdapter());
UserInfo userInfo = (UserInfo) userInfoService.loadByUsername(principal);
userInfo.setOnlineTickit(authentication.getOnlineTickit());
adapter.generateInfo(userInfo, serviceResponseBuilder);
}
}else{
@@ -274,7 +283,13 @@ Response on ticket validation failure:
@RequestParam(value = CasConstants.PARAMETER.PROXY_CALLBACK_URL,required=false) String pgtUrl,
@RequestParam(value = CasConstants.PARAMETER.RENEW,required=false) String renew,
@RequestParam(value = CasConstants.PARAMETER.FORMAT,required=false,defaultValue=CasConstants.FORMAT_TYPE.XML) String format){
_logger.debug("proxyValidate "
+ " ticket " + ticket
+" , service " + service
+" , pgtUrl " + pgtUrl
+" , renew " + renew
+" , format " + format
);
setContentType(request,response,format);
Ticket storedTicket=null;
@@ -358,7 +373,11 @@ For all error codes, it is RECOMMENDED that CAS provide a more detailed message
@RequestParam(value = CasConstants.PARAMETER.PROXY_GRANTING_TICKET) String pgt,
@RequestParam(value = CasConstants.PARAMETER.TARGET_SERVICE) String targetService,
@RequestParam(value = CasConstants.PARAMETER.FORMAT,required=false,defaultValue=CasConstants.FORMAT_TYPE.XML) String format){
_logger.debug("proxy "
+ " pgt " + pgt
+" , targetService " + targetService
+" , format " + format
);
setContentType(request,response,format);
ProxyServiceResponseBuilder proxyServiceResponseBuilder=new ProxyServiceResponseBuilder();

21
maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas30AuthorizeEndpoint.java
View File

@@ -57,7 +57,14 @@ public class Cas30AuthorizeEndpoint extends CasBaseAuthorizeEndpoint{
@RequestParam(value = CasConstants.PARAMETER.PROXY_CALLBACK_URL,required=false) String pgtUrl,
@RequestParam(value = CasConstants.PARAMETER.RENEW,required=false) String renew,
@RequestParam(value = CasConstants.PARAMETER.FORMAT,required=false,defaultValue=CasConstants.FORMAT_TYPE.XML) String format){
_logger.debug("serviceValidate "
+ " ticket " + ticket
+" , service " + service
+" , pgtUrl " + pgtUrl
+" , renew " + renew
+" , format " + format
);
setContentType(request,response,format);
Ticket storedTicket=null;
@@ -69,12 +76,14 @@ public class Cas30AuthorizeEndpoint extends CasBaseAuthorizeEndpoint{
ServiceResponseBuilder serviceResponseBuilder=new ServiceResponseBuilder();
if(storedTicket!=null){
String principal=((BasicAuthentication)storedTicket.getAuthentication().getPrincipal()).getUsername();
BasicAuthentication authentication = ((BasicAuthentication)storedTicket.getAuthentication().getPrincipal());
String principal=authentication.getUsername();
serviceResponseBuilder.success().setUser(principal);
if(Boolean.isTrue(storedTicket.getCasDetails().getIsAdapter())){
AbstractAuthorizeAdapter adapter =(AbstractAuthorizeAdapter)Instance.newInstance(storedTicket.getCasDetails().getAdapter());
UserInfo userInfo = (UserInfo) userInfoService.loadByUsername(principal);
userInfo.setOnlineTickit(authentication.getOnlineTickit());
adapter.generateInfo(userInfo, serviceResponseBuilder);
}
}else{
@@ -96,7 +105,13 @@ public class Cas30AuthorizeEndpoint extends CasBaseAuthorizeEndpoint{
@RequestParam(value = CasConstants.PARAMETER.PROXY_CALLBACK_URL,required=false) String pgtUrl,
@RequestParam(value = CasConstants.PARAMETER.RENEW,required=false) String renew,
@RequestParam(value = CasConstants.PARAMETER.FORMAT,required=false,defaultValue=CasConstants.FORMAT_TYPE.XML) String format){
_logger.debug("proxyValidate "
+ " ticket " + ticket
+" , service " + service
+" , pgtUrl " + pgtUrl
+" , renew " + renew
+" , format " + format
);
setContentType(request,response,format);
Ticket storedTicket=null;

4
maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java
View File

@@ -103,6 +103,10 @@ public class CasAuthorizeEndpoint extends CasBaseAuthorizeEndpoint{
callbackUrl.append("?");
}
if(callbackUrl.indexOf("&") != -1) {
callbackUrl.append("&");
}
//append ticket
callbackUrl.append(CasConstants.PARAMETER.TICKET).append("=").append(ticket);

2
maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/adapter/CasDefaultAdapter.java
View File

@@ -23,6 +23,7 @@ import org.apache.commons.codec.binary.Base64;
import org.maxkey.authz.cas.endpoint.response.ServiceResponseBuilder;
import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
import org.maxkey.domain.UserInfo;
import org.maxkey.web.WebConstants;
import org.springframework.web.servlet.ModelAndView;
public class CasDefaultAdapter extends AbstractAuthorizeAdapter {
@@ -65,6 +66,7 @@ public class CasDefaultAdapter extends AbstractAuthorizeAdapter {
serviceResponseBuilder.setAttribute("departmentId", userInfo.getDepartmentId());
serviceResponseBuilder.setAttribute("workRegion",base64Attr(userInfo.getWorkRegion()));
serviceResponseBuilder.setAttribute(WebConstants.ONLINE_TICKET_NAME,userInfo.getOnlineTickit());
return null;
}

2
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/OAuthDefaultUserInfoAdapter.java
View File

@@ -23,6 +23,7 @@ import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
import org.maxkey.domain.UserInfo;
import org.maxkey.util.JsonUtils;
import org.maxkey.util.StringGenerator;
import org.maxkey.web.WebConstants;
import org.springframework.web.servlet.ModelAndView;
public class OAuthDefaultUserInfoAdapter extends AbstractAuthorizeAdapter {
@@ -43,6 +44,7 @@ public class OAuthDefaultUserInfoAdapter extends AbstractAuthorizeAdapter {
beanMap.put("title", userInfo.getJobTitle());
beanMap.put("state", userInfo.getWorkRegion());
beanMap.put("gender", userInfo.getGender());
beanMap.put(WebConstants.ONLINE_TICKET_NAME, userInfo.getOnlineTickit());
String info= JsonUtils.object2Json(beanMap);

11
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/UserInfoEndpoint.java
View File

@@ -26,6 +26,7 @@ import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.maxkey.authn.BasicAuthentication;
import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
import org.maxkey.authz.oauth2.common.exceptions.OAuth2Exception;
import org.maxkey.authz.oauth2.provider.ClientDetailsService;
@@ -46,7 +47,7 @@ import org.maxkey.persistence.service.UserInfoService;
import org.maxkey.util.Instance;
import org.maxkey.util.JsonUtils;
import org.maxkey.util.StringGenerator;
import org.maxkey.web.WebConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@@ -134,7 +135,8 @@ public class UserInfoEndpoint {
}else{
adapter =(AbstractAuthorizeAdapter)defaultOAuthUserInfoAdapter;
}
BasicAuthentication authentication = (BasicAuthentication)oAuth2Authentication.getUserAuthentication();
userInfo.setOnlineTickit(authentication.getOnlineTickit());
String jsonData=adapter.generateInfo(userInfo, app);
return jsonData;
}catch(OAuth2Exception e){
@@ -170,8 +172,11 @@ public class UserInfoEndpoint {
String userJson="";
Builder jwtClaimsSetBuilder= new JWTClaimsSet.Builder();
BasicAuthentication authentication = (BasicAuthentication)oAuth2Authentication.getUserAuthentication();
jwtClaimsSetBuilder.claim("sub", userInfo.getId());
jwtClaimsSetBuilder.claim(WebConstants.ONLINE_TICKET_NAME, authentication.getOnlineTickit());
if(scopes.contains("profile")){
jwtClaimsSetBuilder.claim("name", userInfo.getUsername());
jwtClaimsSetBuilder.claim("preferred_username", userInfo.getDisplayName());

5
maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/AssertionEndpoint.java
View File

@@ -27,6 +27,8 @@ import org.maxkey.authz.saml.common.EndpointGenerator;
import org.maxkey.authz.saml20.binding.BindingAdapter;
import org.maxkey.authz.saml20.provider.xml.AuthnResponseGenerator;
import org.maxkey.domain.apps.AppsSAML20Details;
import org.maxkey.web.WebConstants;
import org.maxkey.web.WebContext;
import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.metadata.Endpoint;
import org.opensaml.ws.message.encoder.MessageEncodingException;
@@ -70,6 +72,9 @@ public class AssertionEndpoint {
logger.debug("AuthnRequestInfo: {}", authnRequestInfo);
HashMap <String,String>attributeMap=new HashMap<String,String>();
attributeMap.put(WebConstants.ONLINE_TICKET_NAME, WebContext.getUserInfo().getOnlineTickit());
//saml20Details
Response authResponse = authnResponseGenerator.generateAuthnResponse(
saml20Details,

2
maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedDefaultAdapter.java
View File

@@ -26,6 +26,7 @@ import org.maxkey.domain.apps.AppsTokenBasedDetails;
import org.maxkey.util.DateUtils;
import org.maxkey.util.JsonUtils;
import org.maxkey.util.StringGenerator;
import org.maxkey.web.WebConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.servlet.ModelAndView;
@@ -70,6 +71,7 @@ public class TokenBasedDefaultAdapter extends AbstractAuthorizeAdapter {
}
beanMap.put("displayName", userInfo.getDisplayName());
beanMap.put(WebConstants.ONLINE_TICKET_NAME, userInfo.getOnlineTickit());
/*
* use UTC date time format

2
maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedJWTAdapter.java
View File

@@ -28,6 +28,7 @@ import org.maxkey.crypto.jwt.signer.service.JwtSigningAndValidationService;
import org.maxkey.domain.UserInfo;
import org.maxkey.domain.apps.Apps;
import org.maxkey.domain.apps.AppsTokenBasedDetails;
import org.maxkey.web.WebConstants;
import org.maxkey.web.WebContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -67,6 +68,7 @@ public class TokenBasedJWTAdapter extends AbstractAuthorizeAdapter {
.claim("user_id", userInfo.getId())
.claim("external_id", userInfo.getId())
.claim("locale", userInfo.getLocale())
.claim(WebConstants.ONLINE_TICKET_NAME, userInfo.getOnlineTickit())
.claim("kid", jwtSignerService.getDefaultSignerKeyId())
.build();

2
maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedJWTHS256Adapter.java
View File

@@ -30,6 +30,7 @@ import org.maxkey.crypto.jwt.signer.service.impl.SymmetricSigningAndValidationSe
import org.maxkey.domain.UserInfo;
import org.maxkey.domain.apps.Apps;
import org.maxkey.domain.apps.AppsTokenBasedDetails;
import org.maxkey.web.WebConstants;
import org.maxkey.web.WebContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -67,6 +68,7 @@ public class TokenBasedJWTHS256Adapter extends AbstractAuthorizeAdapter {
.claim("email", userInfo.getWorkEmail())
.claim("name", userInfo.getUsername())
.claim("user_id", userInfo.getId())
.claim(WebConstants.ONLINE_TICKET_NAME, userInfo.getOnlineTickit())
.claim("external_id", userInfo.getId())
.claim("locale", userInfo.getLocale())
.claim("kid", "SYMMETRIC-KEY")