protocl fix
This commit is contained in:
shimingxy
@@ -1,81 +0,0 @@
|
||||
package org.maxkey.web.authz.approval.controller;
|
||||
|
||||
import java.security.Principal;
|
||||
import java.util.HashMap;
|
||||
import java.util.LinkedHashMap;
|
||||
import java.util.Map;
|
||||
|
||||
import org.maxkey.authz.oauth2.common.util.OAuth2Utils;
|
||||
import org.maxkey.authz.oauth2.provider.AuthorizationRequest;
|
||||
import org.maxkey.authz.oauth2.provider.ClientDetailsService;
|
||||
import org.maxkey.authz.oauth2.provider.approval.Approval;
|
||||
import org.maxkey.authz.oauth2.provider.approval.ApprovalStore;
|
||||
import org.maxkey.authz.oauth2.provider.approval.Approval.ApprovalStatus;
|
||||
import org.maxkey.domain.apps.oauth2.provider.ClientDetails;
|
||||
import org.maxkey.web.WebContext;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Qualifier;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestParam;
|
||||
import org.springframework.web.bind.annotation.SessionAttributes;
|
||||
import org.springframework.web.servlet.ModelAndView;
|
||||
|
||||
/**
|
||||
* Controller for retrieving the model for and displaying the confirmation page
|
||||
* for access to a protected resource.
|
||||
*
|
||||
* @author Ryan Heaton
|
||||
*/
|
||||
@Controller
|
||||
@SessionAttributes("authorizationRequest")
|
||||
public class OAuth20AccessConfirmationController {
|
||||
|
||||
@Autowired
|
||||
@Qualifier("oauth20JdbcClientDetailsService")
|
||||
private ClientDetailsService clientDetailsService;
|
||||
|
||||
@Autowired
|
||||
@Qualifier("approvalStore")
|
||||
private ApprovalStore approvalStore;
|
||||
|
||||
|
||||
@RequestMapping("/oauth/v20/confirm_access")
|
||||
public ModelAndView getAccessConfirmation(@RequestParam Map<String, Object> model,Principal principal) throws Exception {
|
||||
model.remove("authorizationRequest");
|
||||
Map<String, String> modelRequest=new HashMap<String, String>();
|
||||
for(Object key:model.keySet()){
|
||||
modelRequest.put(key.toString(), model.get(key).toString());
|
||||
}
|
||||
|
||||
//Map<String, Object> model
|
||||
AuthorizationRequest clientAuth = (AuthorizationRequest) WebContext.getAttribute("authorizationRequest");
|
||||
ClientDetails client = clientDetailsService.loadClientByClientId(clientAuth.getClientId());
|
||||
model.put("auth_request", clientAuth);
|
||||
model.put("client", client);
|
||||
model.put("oauth_version", "oauth 2.0");
|
||||
Map<String, String> scopes = new LinkedHashMap<String, String>();
|
||||
for (String scope : clientAuth.getScope()) {
|
||||
scopes.put(OAuth2Utils.SCOPE_PREFIX + scope, "false");
|
||||
}
|
||||
for (Approval approval : approvalStore.getApprovals(principal.getName(), client.getClientId())) {
|
||||
if (clientAuth.getScope().contains(approval.getScope())) {
|
||||
scopes.put(OAuth2Utils.SCOPE_PREFIX + approval.getScope(),
|
||||
approval.getStatus() == ApprovalStatus.APPROVED ? "true" : "false");
|
||||
}
|
||||
}
|
||||
model.put("scopes", scopes);
|
||||
|
||||
ModelAndView modelAndView=new ModelAndView("authorize/oauth_access_confirmation");
|
||||
modelAndView.addObject("model",model);
|
||||
return modelAndView;
|
||||
}
|
||||
|
||||
@RequestMapping("/oauth/v20/error")
|
||||
public String handleError(Map<String,Object> model) throws Exception {
|
||||
// We can add more stuff to the model here for JSP rendering. If the client was a machine then
|
||||
// the JSON will already have been rendered.
|
||||
model.put("message", "There was a problem with the OAuth2 protocol");
|
||||
return "oauth_error";
|
||||
}
|
||||
}
|
||||
@@ -1,96 +0,0 @@
|
||||
/*
|
||||
* Copyright 2002-2011 the original author or authors.
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
package org.maxkey.web.authz.approval.controller;
|
||||
|
||||
import java.util.Collection;
|
||||
|
||||
import org.maxkey.authz.oauth2.provider.AuthorizationRequest;
|
||||
import org.maxkey.authz.oauth2.provider.ClientDetailsService;
|
||||
import org.maxkey.authz.oauth2.provider.ClientRegistrationException;
|
||||
import org.maxkey.authz.oauth2.provider.approval.ApprovalStoreUserApprovalHandler;
|
||||
import org.maxkey.domain.apps.oauth2.provider.ClientDetails;
|
||||
import org.springframework.security.core.Authentication;
|
||||
|
||||
/**
|
||||
* @author Dave Syer
|
||||
*
|
||||
*/
|
||||
public class OAuth20UserApprovalHandler extends ApprovalStoreUserApprovalHandler {
|
||||
|
||||
private boolean useApprovalStore = true;
|
||||
|
||||
private ClientDetailsService clientDetailsService;
|
||||
|
||||
/**
|
||||
* Service to load client details (optional) for auto approval checks.
|
||||
*
|
||||
* @param clientDetailsService a client details service
|
||||
*/
|
||||
public void setClientDetailsService(ClientDetailsService clientDetailsService) {
|
||||
this.clientDetailsService = clientDetailsService;
|
||||
super.setClientDetailsService(clientDetailsService);
|
||||
}
|
||||
|
||||
/**
|
||||
* @param useApprovalStore the useTokenServices to set
|
||||
*/
|
||||
public void setUseApprovalStore(boolean useApprovalStore) {
|
||||
this.useApprovalStore = useApprovalStore;
|
||||
}
|
||||
|
||||
/**
|
||||
* Allows automatic approval for a white list of clients in the implicit grant case.
|
||||
*
|
||||
* @param authorizationRequest The authorization request.
|
||||
* @param userAuthentication the current user authentication
|
||||
*
|
||||
* @return An updated request if it has already been approved by the current user.
|
||||
*/
|
||||
@Override
|
||||
public AuthorizationRequest checkForPreApproval(AuthorizationRequest authorizationRequest,
|
||||
Authentication userAuthentication) {
|
||||
|
||||
boolean approved = false;
|
||||
// If we are allowed to check existing approvals this will short circuit the decision
|
||||
if (useApprovalStore) {
|
||||
authorizationRequest = super.checkForPreApproval(authorizationRequest, userAuthentication);
|
||||
approved = authorizationRequest.isApproved();
|
||||
}
|
||||
else {
|
||||
if (clientDetailsService != null) {
|
||||
Collection<String> requestedScopes = authorizationRequest.getScope();
|
||||
try {
|
||||
ClientDetails client = clientDetailsService
|
||||
.loadClientByClientId(authorizationRequest.getClientId());
|
||||
for (String scope : requestedScopes) {
|
||||
if (client.isAutoApprove(scope) || client.isAutoApprove("all")) {
|
||||
approved = true;
|
||||
break;
|
||||
}
|
||||
}
|
||||
}
|
||||
catch (ClientRegistrationException e) {
|
||||
}
|
||||
}
|
||||
}
|
||||
authorizationRequest.setApproved(approved);
|
||||
|
||||
return authorizationRequest;
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
@@ -74,7 +74,7 @@ public class AppListController{
|
||||
UserApplications userApplications=new UserApplications();
|
||||
userApplications.setUsername(WebContext.getUserInfo().getUsername());
|
||||
|
||||
List<UserApplications> appList=myAppsListService.query(userApplications);
|
||||
List<UserApplications> appList=myAppsListService.queryMyApps(userApplications);
|
||||
for (UserApplications app : appList){
|
||||
WebContext.setAttribute(app.getId(), app.getIcon());
|
||||
}
|
||||
|
||||
@@ -23,19 +23,19 @@ public class PreLoginAppAdapter extends HandlerInterceptorAdapter {
|
||||
UserInfo userInfo=WebContext.getUserInfo();
|
||||
String redirect_uri=request.getRequestURL().toString();
|
||||
String appId=getAppIdFromRequestURI(request);
|
||||
|
||||
_logger.debug("preHandle app Id "+appId);
|
||||
Object singlesignon_uri=WebContext.getAttribute(WebConstants.CURRENT_SINGLESIGNON_URI);
|
||||
if(singlesignon_uri!=null&&singlesignon_uri.equals(redirect_uri)){
|
||||
return true;
|
||||
}
|
||||
if(userInfo.getProtectedAppsMap().get(appId)!=null){
|
||||
/*if(userInfo.getProtectedAppsMap().get(appId)!=null){
|
||||
|
||||
request.setAttribute("redirect_uri",redirect_uri);
|
||||
_logger.debug(""+redirect_uri);
|
||||
RequestDispatcher dispatcher = request.getRequestDispatcher("/authorize/protected/forward");
|
||||
dispatcher.forward(request, response);
|
||||
return false;
|
||||
}
|
||||
}*/
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
@@ -1,48 +0,0 @@
|
||||
package org.maxkey.web.oauth.userinfo.controller;
|
||||
|
||||
import java.util.HashMap;
|
||||
|
||||
import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
|
||||
import org.maxkey.domain.UserInfo;
|
||||
import org.maxkey.util.DateUtils;
|
||||
import org.maxkey.util.JsonUtils;
|
||||
import org.maxkey.util.StringGenerator;
|
||||
import org.springframework.web.servlet.ModelAndView;
|
||||
|
||||
public class OAuthDefaultUserInfoAdapter extends AbstractAuthorizeAdapter {
|
||||
|
||||
@Override
|
||||
public String generateInfo(UserInfo userInfo,Object app) {
|
||||
HashMap<String, Object> beanMap = new HashMap<String, Object>();
|
||||
beanMap.put("randomId",(new StringGenerator()).uuidGenerate());
|
||||
beanMap.put("uid", userInfo.getId());
|
||||
beanMap.put("username", userInfo.getUsername());
|
||||
beanMap.put("employeeNumber", userInfo.getEmployeeNumber());
|
||||
beanMap.put("email", userInfo.getEmail());
|
||||
beanMap.put("mobile", userInfo.getMobile());
|
||||
beanMap.put("realname", userInfo.getDisplayName());
|
||||
beanMap.put("birthday", userInfo.getBirthDate());
|
||||
beanMap.put("department", userInfo.getDepartment());
|
||||
beanMap.put("createdate", userInfo.getCreatedDate());
|
||||
beanMap.put("title", userInfo.getJobTitle());
|
||||
beanMap.put("state", userInfo.getWorkRegion());
|
||||
beanMap.put("gender", userInfo.getGender());
|
||||
|
||||
String info= JsonUtils.object2Json(beanMap);
|
||||
|
||||
return info;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String encrypt(String data, String algorithmKey, String algorithm) {
|
||||
// TODO Auto-generated method stub
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public ModelAndView authorize(UserInfo userInfo, Object app, String data,ModelAndView modelAndView) {
|
||||
// TODO Auto-generated method stub
|
||||
return null;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,311 +0,0 @@
|
||||
//package org.maxkey.web.oauth.userinfo.controller;
|
||||
//
|
||||
//import java.util.Arrays;
|
||||
//import java.util.Date;
|
||||
//import java.util.HashMap;
|
||||
//import java.util.Set;
|
||||
//import java.util.UUID;
|
||||
//
|
||||
//import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
|
||||
//import org.maxkey.authz.oauth2.common.exceptions.OAuth2Exception;
|
||||
//import org.maxkey.authz.oauth2.provider.ClientDetailsService;
|
||||
//import org.maxkey.authz.oauth2.provider.OAuth2Authentication;
|
||||
//import org.maxkey.authz.oauth2.provider.token.DefaultTokenServices;
|
||||
//import org.maxkey.constants.BOOLEAN;
|
||||
//import org.maxkey.crypto.ReciprocalUtils;
|
||||
//import org.maxkey.crypto.jwt.encryption.service.JwtEncryptionAndDecryptionService;
|
||||
//import org.maxkey.crypto.jwt.encryption.service.impl.RecipientJwtEncryptionAndDecryptionServiceBuilder;
|
||||
//import org.maxkey.crypto.jwt.signer.service.JwtSigningAndValidationService;
|
||||
//import org.maxkey.crypto.jwt.signer.service.impl.SymmetricSigningAndValidationServiceBuilder;
|
||||
//import org.maxkey.dao.service.ApplicationsService;
|
||||
//import org.maxkey.dao.service.UserInfoService;
|
||||
//import org.maxkey.domain.UserInfo;
|
||||
//import org.maxkey.domain.apps.Applications;
|
||||
//import org.maxkey.domain.apps.oauth2.provider.ClientDetails;
|
||||
//import org.maxkey.util.Instance;
|
||||
//import org.maxkey.util.JsonUtils;
|
||||
//import org.maxkey.util.StringGenerator;
|
||||
//import org.slf4j.Logger;
|
||||
//import org.slf4j.LoggerFactory;
|
||||
//import org.springframework.beans.factory.annotation.Autowired;
|
||||
//import org.springframework.beans.factory.annotation.Qualifier;
|
||||
//import org.springframework.stereotype.Controller;
|
||||
//import org.springframework.web.bind.annotation.RequestHeader;
|
||||
//import org.springframework.web.bind.annotation.RequestMapping;
|
||||
//import org.springframework.web.bind.annotation.RequestParam;
|
||||
//import org.springframework.web.bind.annotation.ResponseBody;
|
||||
//
|
||||
//import com.nimbusds.jose.EncryptionMethod;
|
||||
//import com.nimbusds.jose.JWEAlgorithm;
|
||||
//import com.nimbusds.jose.JWEHeader;
|
||||
//import com.nimbusds.jose.JWSAlgorithm;
|
||||
//import com.nimbusds.jose.JWSHeader;
|
||||
//import com.nimbusds.jwt.EncryptedJWT;
|
||||
//import com.nimbusds.jwt.JWT;
|
||||
//import com.nimbusds.jwt.JWTClaimsSet;
|
||||
//import com.nimbusds.jwt.SignedJWT;
|
||||
//
|
||||
//@Controller
|
||||
//@RequestMapping(value = { "/api" })
|
||||
//public class UserInfoEndpoint {
|
||||
// final static Logger _logger = LoggerFactory.getLogger(UserInfoEndpoint.class);
|
||||
// @Autowired
|
||||
// @Qualifier("oauth20JdbcClientDetailsService")
|
||||
// private ClientDetailsService clientDetailsService;
|
||||
//
|
||||
// @Autowired
|
||||
// @Qualifier("oauth20TokenServices")
|
||||
// private DefaultTokenServices oauth20tokenServices;
|
||||
//
|
||||
//
|
||||
// @Autowired
|
||||
// @Qualifier("userInfoService")
|
||||
// private UserInfoService userInfoService;
|
||||
//
|
||||
// @Autowired
|
||||
// @Qualifier("applicationsService")
|
||||
// protected ApplicationsService applicationsService;
|
||||
//
|
||||
// @Autowired
|
||||
// @Qualifier("jwtSignerValidationService")
|
||||
// private JwtSigningAndValidationService jwtSignerValidationService;
|
||||
//
|
||||
// @Autowired
|
||||
// @Qualifier("jwtEncryptionService")
|
||||
// private JwtEncryptionAndDecryptionService jwtEnDecryptionService;
|
||||
//
|
||||
// private SymmetricSigningAndValidationServiceBuilder symmetricJwtSignerServiceBuilder
|
||||
// =new SymmetricSigningAndValidationServiceBuilder();
|
||||
//
|
||||
// private RecipientJwtEncryptionAndDecryptionServiceBuilder recipientJwtEnDecryptionServiceBuilder
|
||||
// =new RecipientJwtEncryptionAndDecryptionServiceBuilder();
|
||||
//
|
||||
//
|
||||
// OAuthDefaultUserInfoAdapter defaultOAuthUserInfoAdapter=new OAuthDefaultUserInfoAdapter();
|
||||
//
|
||||
// @RequestMapping(value="/oauth/v20/me",produces="text/plain;charset=UTF-8")
|
||||
// @ResponseBody
|
||||
// public String apiV20UserInfo(
|
||||
// @RequestParam(value = "access_token", required = true) String access_token) {
|
||||
// String principal="";
|
||||
// if (!StringGenerator.uuidMatches(access_token)) {
|
||||
// return accessTokenFormatError(access_token);
|
||||
// }
|
||||
// OAuth2Authentication oAuth2Authentication =null;
|
||||
// try{
|
||||
// oAuth2Authentication = oauth20tokenServices.loadAuthentication(access_token);
|
||||
//
|
||||
// principal=oAuth2Authentication.getPrincipal().toString();
|
||||
//
|
||||
// String client_id= oAuth2Authentication.getOAuth2Request().getClientId();
|
||||
// UserInfo userInfo=queryUserInfo(principal);
|
||||
// Applications app=applicationsService.get(client_id);
|
||||
//
|
||||
// String userJson="";
|
||||
//
|
||||
// AbstractAuthorizeAdapter adapter;
|
||||
// if(BOOLEAN.isTrue(app.getIsAdapter())){
|
||||
// adapter =(AbstractAuthorizeAdapter)Instance.newInstance(app.getAdapter());
|
||||
// }else{
|
||||
// adapter =(AbstractAuthorizeAdapter)defaultOAuthUserInfoAdapter;
|
||||
// }
|
||||
//
|
||||
// String jsonData=adapter.generateInfo(userInfo, null);
|
||||
// userJson=adapter.sign(jsonData, app);
|
||||
//
|
||||
// return userJson;
|
||||
//
|
||||
// }catch(OAuth2Exception e){
|
||||
// HashMap<String,Object>authzException=new HashMap<String,Object>();
|
||||
// authzException.put(OAuth2Exception.ERROR, e.getOAuth2ErrorCode());
|
||||
// authzException.put(OAuth2Exception.DESCRIPTION,e.getMessage());
|
||||
// return JsonUtils.object2Json(authzException);
|
||||
// }
|
||||
// }
|
||||
//
|
||||
//
|
||||
// @RequestMapping(value="/connect/v10/userinfo",produces="text/plain;charset=UTF-8")
|
||||
// @ResponseBody
|
||||
// public String apiConnect10aUserInfo(
|
||||
// @RequestHeader(value = "Authorization", required = true) String access_token) {
|
||||
// String principal="";
|
||||
// if (!StringGenerator.uuidMatches(access_token)) {
|
||||
// return accessTokenFormatError(access_token);
|
||||
// }
|
||||
// OAuth2Authentication oAuth2Authentication =null;
|
||||
// try{
|
||||
// oAuth2Authentication = oauth20tokenServices.loadAuthentication(access_token);
|
||||
//
|
||||
// principal=oAuth2Authentication.getPrincipal().toString();
|
||||
//
|
||||
// Set<String >scopes=oAuth2Authentication.getOAuth2Request().getScope();
|
||||
// ClientDetails clientDetails = clientDetailsService.loadClientByClientId(oAuth2Authentication.getOAuth2Request().getClientId());
|
||||
//
|
||||
// UserInfo userInfo=queryUserInfo(principal);
|
||||
// String userJson="";
|
||||
// HashMap<String, Object> claimsFields = new HashMap<String, Object>();
|
||||
//
|
||||
// claimsFields.put("sub", userInfo.getId());
|
||||
//
|
||||
// if(scopes.contains("profile")){
|
||||
// claimsFields.put("name", userInfo.getUsername());
|
||||
// claimsFields.put("preferred_username", userInfo.getDisplayName());
|
||||
// claimsFields.put("given_name", userInfo.getGivenName());
|
||||
// claimsFields.put("family_name", userInfo.getFamilyName());
|
||||
// claimsFields.put("middle_name", userInfo.getMiddleName());
|
||||
// claimsFields.put("nickname", userInfo.getNickName());
|
||||
// claimsFields.put("profile", "profile");
|
||||
// claimsFields.put("picture", "picture");
|
||||
// claimsFields.put("website", userInfo.getWebSite());
|
||||
//
|
||||
// String gender;
|
||||
// switch(userInfo.getGender()){
|
||||
// case UserInfo.GENDER.MALE :
|
||||
// gender="male";break;
|
||||
// case UserInfo.GENDER.FEMALE :
|
||||
// gender="female";break;
|
||||
// default:
|
||||
// gender="unknown";
|
||||
// }
|
||||
// claimsFields.put("gender", gender);
|
||||
// claimsFields.put("zoneinfo", userInfo.getTimeZone());
|
||||
// claimsFields.put("locale", userInfo.getLocale());
|
||||
// claimsFields.put("updated_time", userInfo.getModifiedDate());
|
||||
// claimsFields.put("birthdate", userInfo.getBirthDate());
|
||||
// }
|
||||
//
|
||||
// if(scopes.contains("email")){
|
||||
// claimsFields.put("email", userInfo.getWorkEmail());
|
||||
// claimsFields.put("email_verified", false);
|
||||
// }
|
||||
//
|
||||
// if(scopes.contains("phone")){
|
||||
// claimsFields.put("phone_number", userInfo.getWorkPhoneNumber());
|
||||
// claimsFields.put("phone_number_verified", false);
|
||||
// }
|
||||
//
|
||||
// if(scopes.contains("address")){
|
||||
// HashMap<String, String> addressFields = new HashMap<String, String>();
|
||||
// addressFields.put("country", userInfo.getWorkCountry());
|
||||
// addressFields.put("region", userInfo.getWorkRegion());
|
||||
// addressFields.put("locality", userInfo.getWorkLocality());
|
||||
// addressFields.put("street_address", userInfo.getWorkStreetAddress());
|
||||
// addressFields.put("formatted", userInfo.getWorkAddressFormatted());
|
||||
// addressFields.put("postal_code", userInfo.getWorkPostalCode());
|
||||
//
|
||||
// claimsFields.put("address", addressFields);
|
||||
// }
|
||||
//
|
||||
// JWTClaimsSet userInfoJWTClaims = new JWTClaimsSet.Builder()
|
||||
// .jwtID(UUID.randomUUID().toString())// set a random NONCE in the middle of it
|
||||
// .audience(Arrays.asList(clientDetails.getClientId()))
|
||||
// .issueTime(new Date())
|
||||
// .expirationTime(new Date(new Date().getTime()+clientDetails.getAccessTokenValiditySeconds()*1000))
|
||||
// .claim(claimsFields)
|
||||
// .build();
|
||||
//
|
||||
//
|
||||
// JWT userInfoJWT=null;
|
||||
// JWSAlgorithm signingAlg = jwtSignerValidationService.getDefaultSigningAlgorithm();
|
||||
// if (clientDetails.getUserInfoEncryptedAlgorithm() != null && !clientDetails.getUserInfoEncryptedAlgorithm().equals("none")
|
||||
// && clientDetails.getUserInfoEncryptionMethod() != null && !clientDetails.getUserInfoEncryptionMethod().equals("none")
|
||||
// &&clientDetails.getJwksUri()!=null&&clientDetails.getJwksUri().length()>4
|
||||
// ) {
|
||||
// JwtEncryptionAndDecryptionService recipientJwtEnDecryptionService =
|
||||
// recipientJwtEnDecryptionServiceBuilder.serviceBuilder(clientDetails.getJwksUri());
|
||||
//
|
||||
// if (recipientJwtEnDecryptionService != null) {
|
||||
// JWEAlgorithm jweAlgorithm=new JWEAlgorithm(clientDetails.getUserInfoEncryptedAlgorithm());
|
||||
// EncryptionMethod encryptionMethod=new EncryptionMethod(clientDetails.getUserInfoEncryptionMethod());
|
||||
// EncryptedJWT encryptedJWT = new EncryptedJWT(new JWEHeader(jweAlgorithm, encryptionMethod), userInfoJWTClaims);
|
||||
// recipientJwtEnDecryptionService.encryptJwt(encryptedJWT);
|
||||
// userJson=encryptedJWT.serialize();
|
||||
// }else{
|
||||
// _logger.error("Couldn't find encrypter for client: " + clientDetails.getClientId());
|
||||
// HashMap<String,Object>authzException=new HashMap<String,Object>();
|
||||
// authzException.put(OAuth2Exception.ERROR, "error");
|
||||
// authzException.put(OAuth2Exception.DESCRIPTION,"Couldn't find encrypter for client: " + clientDetails.getClientId());
|
||||
// return JsonUtils.gson2Json(authzException);
|
||||
// }
|
||||
// } else {
|
||||
// if (clientDetails.getUserInfoSigningAlgorithm()==null||clientDetails.getUserInfoSigningAlgorithm().equals("none")) {
|
||||
// // unsigned ID token
|
||||
// //userInfoJWT = new PlainJWT(userInfoJWTClaims);
|
||||
// userJson=JsonUtils.gson2Json(claimsFields);
|
||||
// } else {
|
||||
// // signed ID token
|
||||
// if (signingAlg.equals(JWSAlgorithm.HS256)
|
||||
// || signingAlg.equals(JWSAlgorithm.HS384)
|
||||
// || signingAlg.equals(JWSAlgorithm.HS512)) {
|
||||
// // sign it with the client's secret
|
||||
// String client_secret=ReciprocalUtils.decoder(clientDetails.getClientSecret());
|
||||
//
|
||||
// JwtSigningAndValidationService symmetricJwtSignerService =symmetricJwtSignerServiceBuilder.serviceBuilder(client_secret);
|
||||
// if(symmetricJwtSignerService!=null){
|
||||
// userInfoJWTClaims = new JWTClaimsSet.Builder(userInfoJWTClaims).claim("kid", "SYMMETRIC-KEY").build();
|
||||
// userInfoJWT = new SignedJWT(new JWSHeader(signingAlg), userInfoJWTClaims);
|
||||
// symmetricJwtSignerService.signJwt((SignedJWT) userInfoJWT);
|
||||
// }else{
|
||||
// _logger.error("Couldn't create symmetric validator for client " + clientDetails.getClientId() + " without a client secret");
|
||||
// }
|
||||
// } else {
|
||||
// userInfoJWTClaims = new JWTClaimsSet.Builder(userInfoJWTClaims).claim("kid", jwtSignerValidationService.getDefaultSignerKeyId()).build();
|
||||
// userInfoJWT = new SignedJWT(new JWSHeader(signingAlg), userInfoJWTClaims);
|
||||
// // sign it with the server's key
|
||||
// jwtSignerValidationService.signJwt((SignedJWT) userInfoJWT);
|
||||
// }
|
||||
// userJson=userInfoJWT.serialize();
|
||||
// }
|
||||
// }
|
||||
//
|
||||
// return userJson;
|
||||
//
|
||||
// }catch(OAuth2Exception e){
|
||||
// HashMap<String,Object>authzException=new HashMap<String,Object>();
|
||||
// authzException.put(OAuth2Exception.ERROR, e.getOAuth2ErrorCode());
|
||||
// authzException.put(OAuth2Exception.DESCRIPTION,e.getMessage());
|
||||
// return JsonUtils.object2Json(authzException);
|
||||
// }
|
||||
// }
|
||||
//
|
||||
//
|
||||
// public String accessTokenFormatError(String access_token){
|
||||
// HashMap<String,Object>atfe=new HashMap<String,Object>();
|
||||
// atfe.put(OAuth2Exception.ERROR, "token Format Invalid");
|
||||
// atfe.put(OAuth2Exception.DESCRIPTION, "access Token Format Invalid , access_token : "+access_token);
|
||||
//
|
||||
// return JsonUtils.object2Json(atfe);
|
||||
// }
|
||||
//
|
||||
//
|
||||
// public UserInfo queryUserInfo(String uid){
|
||||
// _logger.debug("uid : "+uid);
|
||||
// UserInfo queryUserInfo=new UserInfo();
|
||||
// queryUserInfo.setUsername(uid);
|
||||
// UserInfo userInfo = (UserInfo) userInfoService.load(queryUserInfo);
|
||||
// return userInfo;
|
||||
// }
|
||||
//
|
||||
//
|
||||
// public void setOauth20tokenServices(DefaultTokenServices oauth20tokenServices) {
|
||||
// this.oauth20tokenServices = oauth20tokenServices;
|
||||
// }
|
||||
//
|
||||
//
|
||||
//
|
||||
// public void setUserInfoService(UserInfoService userInfoService) {
|
||||
// this.userInfoService = userInfoService;
|
||||
// }
|
||||
//
|
||||
//
|
||||
//
|
||||
// public void setJwtSignerValidationService(
|
||||
// JwtSigningAndValidationService jwtSignerValidationService) {
|
||||
// this.jwtSignerValidationService = jwtSignerValidationService;
|
||||
// }
|
||||
//
|
||||
// public void setJwtEnDecryptionService(
|
||||
// JwtEncryptionAndDecryptionService jwtEnDecryptionService) {
|
||||
// this.jwtEnDecryptionService = jwtEnDecryptionService;
|
||||
// }
|
||||
//}
|
||||
@@ -1,8 +0,0 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
/**
|
||||
* @author Crystal.Sea
|
||||
*
|
||||
*/
|
||||
package org.maxkey.web.oauth.userinfo.controller;
|
||||
@@ -4,7 +4,8 @@
|
||||
# domain name configuration
|
||||
config.domain.name=sso.maxkey.org
|
||||
config.server.name=http://${config.domain.name}
|
||||
config.server.prefix=${config.server.name}/maxkey
|
||||
config.server.maxkey.uri=${config.server.name}/maxkey
|
||||
|
||||
############################################################################
|
||||
# Login configuration
|
||||
#enable captcha
|
||||
@@ -90,8 +91,8 @@ config.support.wsfederation.logoutUrl=https://adfs.connsec.com/adfs/ls/?wa=wsign
|
||||
#############################################################################
|
||||
|
||||
#############################################################################
|
||||
config.oidc.metadata.issuer=http://login.connsec.com
|
||||
config.oidc.metadata.authorizationEndpoint=http://login.connsec.com/maxkey/oauth/v20/authorize
|
||||
config.oidc.metadata.tokenEndpoint=http://login.connsec.com/maxkey/oauth/v20/token
|
||||
config.oidc.metadata.userinfoEndpoint=http://login.connsec.com/maxkey/api/connect/userinfo
|
||||
config.oidc.metadata.issuer=${config.server.maxkey.uri}
|
||||
config.oidc.metadata.authorizationEndpoint=${config.server.maxkey.uri}/oauth/v20/authorize
|
||||
config.oidc.metadata.tokenEndpoint=${config.server.maxkey.uri}/oauth/v20/token
|
||||
config.oidc.metadata.userinfoEndpoint=${config.server.maxkey.uri}/api/connect/userinfo
|
||||
#############################################################################
|
||||
|
||||
@@ -1,13 +1,13 @@
|
||||
{
|
||||
"keys":
|
||||
[
|
||||
{
|
||||
"d": "envdv35_HU48wXPivE5qTFwILhCibDz6aZflcNYu58M0lfSNdererwsqkBaDB2Ai8Nv4ZCDSeP4wvvVztJy-KtK422i9kLKvQsvt4zdtFnmhT_aSBEp3FyMPEL1OX9nUixkw8_kMc2o-aCWPDTVucfBWlWxEGRdgDR_nH56Ywwk",
|
||||
"e": "AQAB",
|
||||
"n": "h5xtDWLssoj5-WLCKPYPUDJlM5pnL4pS8-wMt9sVA57QVRVFdpWHi1dbDCugCApjvmD-giO5yjF5mQSTAF6a14FvktozVw_dDTEzrjG5FgT6WpMzMZd6JpiwQLOtEbV7oBkKYWm1vh1C67-xTlhKgQUNLVNDg4RqRcKFxZd5JPc",
|
||||
"kty": "RSA",
|
||||
"alg": "RS256",
|
||||
"kid": "connsec_rsa"
|
||||
}
|
||||
]
|
||||
}
|
||||
"keys": [
|
||||
{
|
||||
"kty": "RSA",
|
||||
"d": "K2VCm_6enq5uoFLZXUlWkgbCXj5m9X5uUX3_Ol3qcY9X1cP04TN98R8lpw-ASeFDRFRhe0FT-lYCYu_fqZcrNXVhyN3rgi27af5x4HdFMnHLTLMPvE6aEyTGmZjTF1AbiX5VOJAl6POI9FiyTbV1Uqt943ydJv8SH4NfcYhKBmpp8Fi1f58mon-bYwsIy8mzZjssc8KZy-GzpscKrc5ewb7106JY3uRQNprAHrpcGAPZ8uXUvVhrxp_FNn5Nf5KVxl2tm50L83_5nw0OZrbJ8Ceg7sZAw_Z41lbYbS9VDaST6TuKRb7W4XCKimZUn57LoQT2-Gkv6msJHCmqTgK02Q",
|
||||
"e": "AQAB",
|
||||
"use": "sig",
|
||||
"kid": "maxkey_rsa",
|
||||
"alg": "RS256",
|
||||
"n": "vyfZwQuBLNvJDhmziUCFuAfIv-bC6ivodcR6PfanTt8XLd6G63Yx10YChAdsDACjoLz1tEU56WPp_ee_vcTSsEZT3ouWJYghuGI2j4XclXlEj0S7DzdpcBBpI4n5dr8K3iKY-3JUMZR1AMBHI50UaMST9ZTZJAjUPIYxkhRdca5lWBo4wGUh1yj_80-Bq6al0ia9S5NTzNLaJ18jSxFqZ79BAkBm-KjkP248YUk6WBGtYEAV5Fws4dpse4hrqJ3RRHiMZV1o1iTmPHz_l55ZSDP3vpYf6iKqKzoK2RmdjfH5mGpbc4-PclTs4GKfwZ7cWfrny6B7sMnQfzujCH996Q"
|
||||
}
|
||||
]
|
||||
}
|
||||
|
||||
@@ -27,10 +27,8 @@
|
||||
|
||||
<loggers>
|
||||
<Logger name="org.springframework" level="INFO"></Logger>
|
||||
<Logger name="org.springframework.web.servlet.tags" level="TRACE"></Logger>
|
||||
<Logger name="org.apache.logging" level="INFO"></Logger>
|
||||
<Logger name="org.maxkey" level="DEBUG"></Logger>
|
||||
<Logger name="org.apache.mybatis.jpa" level="DEBUG"></Logger>
|
||||
|
||||
|
||||
<root level="INFO">
|
||||
|
||||
@@ -15,12 +15,13 @@
|
||||
http://www.springframework.org/schema/mvc
|
||||
http://www.springframework.org/schema/mvc/spring-mvc.xsd">
|
||||
|
||||
<!--
|
||||
<context:component-scan base-package="org.maxkey.authz.cas.endpoint" />
|
||||
|
||||
<bean id="casTicketServices" class="org.maxkey.authz.cas.endpoint.ticket.service.InMemoryTicketServices" />
|
||||
-->
|
||||
|
||||
|
||||
<!--
|
||||
<bean id="casTicketServices" class="org.maxkey.authz.cas.endpoint.ticket.service.RedisTicketServices" >
|
||||
<property name="connectionFactory" ref="redisConnectionFactory"/>
|
||||
</bean>
|
||||
|
||||
-->
|
||||
</beans>
|
||||
@@ -2,17 +2,10 @@
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:context="http://www.springframework.org/schema/context"
|
||||
xmlns:mvc="http://www.springframework.org/schema/mvc"
|
||||
xmlns:sec="http://www.springframework.org/schema/security"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:p="http://www.springframework.org/schema/p"
|
||||
xmlns:util="http://www.springframework.org/schema/util"
|
||||
xmlns:oauth20="http://www.springframework.org/schema/security/oauth2"
|
||||
xmlns:oauth10a="http://www.springframework.org/schema/security/oauth"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/security/oauth2
|
||||
http://www.springframework.org/schema/security/spring-security-oauth2.xsd
|
||||
http://www.springframework.org/schema/security/oauth
|
||||
http://www.springframework.org/schema/security/spring-security-oauth.xsd
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd
|
||||
http://www.springframework.org/schema/context
|
||||
@@ -20,14 +13,14 @@
|
||||
http://www.springframework.org/schema/util
|
||||
http://www.springframework.org/schema/util/spring-util.xsd
|
||||
http://www.springframework.org/schema/mvc
|
||||
http://www.springframework.org/schema/mvc/spring-mvc.xsd
|
||||
http://www.springframework.org/schema/security
|
||||
http://www.springframework.org/schema/security/spring-security.xsd">
|
||||
http://www.springframework.org/schema/mvc/spring-mvc.xsd">
|
||||
|
||||
<!-- oauth.provider-->
|
||||
<context:component-scan base-package="org.maxkey.web.oauth.approval.controller" />
|
||||
<context:component-scan base-package="org.maxkey.authz.oauth2.provider.endpoint" />
|
||||
<!-- oauth.provider userinfo-->
|
||||
<context:component-scan base-package="org.maxkey.web.oauth.userinfo.controller" />
|
||||
<context:component-scan base-package="org.maxkey.authz.oauth2.provider.userinfo.endpoint" />
|
||||
|
||||
<context:component-scan base-package="org.maxkey.authz.oauth2.provider.approval.controller" />
|
||||
|
||||
<!-- OpenID Connect 1.0 -->
|
||||
<!--
|
||||
@@ -35,159 +28,107 @@
|
||||
*
|
||||
* http://openid.net/specs/openid-connect-core-1_0.html#SelfIssued
|
||||
* -->
|
||||
<bean id="oidcProviderMetadata" class="com.connsec.config.oidc.OIDCProviderMetadataDetails">
|
||||
<bean id="oidcProviderMetadata" class="org.maxkey.config.oidc.OIDCProviderMetadataDetails">
|
||||
<property name="issuer" value="${config.oidc.metadata.issuer}" />
|
||||
<property name="authorizationEndpoint" value="${config.oidc.metadata.authorizationEndpoint}" />
|
||||
<property name="tokenEndpoint" value="${config.oidc.metadata.tokenEndpoint}" />
|
||||
<property name="userinfoEndpoint" value="${config.oidc.metadata.userinfoEndpoint}" />
|
||||
</bean>
|
||||
|
||||
<bean id="tokenEnhancer" class="com.connsec.oidc.idtoken.OIDCIdTokenEnhancer">
|
||||
<bean id="tokenEnhancer" class="org.maxkey.authz.oidc.idtoken.OIDCIdTokenEnhancer">
|
||||
<property name="providerMetadata" ref="oidcProviderMetadata" />
|
||||
<property name="jwtSignerService" ref="jwtSignerValidationService" />
|
||||
<property name="jwtEnDecryptionService" ref="jwtEncryptionService" />
|
||||
<property name="clientDetailsService" ref="oauth20JdbcClientDetailsService" />
|
||||
</bean>
|
||||
|
||||
<bean id="jwkSetKeyStore" class="com.connsec.crypto.jose.keystore.JWKSetKeyStore">
|
||||
<bean id="jwkSetKeyStore" class="org.maxkey.crypto.jose.keystore.JWKSetKeyStore">
|
||||
<property name="location" value="classpath:config/keystore.jwks" />
|
||||
</bean>
|
||||
|
||||
<bean id="jwtSignerValidationService" class="com.connsec.crypto.jwt.signer.service.impl.DefaultJwtSigningAndValidationService">
|
||||
<bean id="jwtSignerValidationService" class="org.maxkey.crypto.jwt.signer.service.impl.DefaultJwtSigningAndValidationService">
|
||||
<constructor-arg name="keyStore" ref="jwkSetKeyStore" />
|
||||
<property name="defaultSignerKeyId" value="connsec_rsa" />
|
||||
<property name="defaultSignerKeyId" value="maxkey_rsa" />
|
||||
<property name="defaultSigningAlgorithmName" value="RS256" />
|
||||
</bean>
|
||||
|
||||
<bean id="jwtEncryptionService" class="com.connsec.crypto.jwt.encryption.service.impl.DefaultJwtEncryptionAndDecryptionService">
|
||||
<bean id="jwtEncryptionService" class="org.maxkey.crypto.jwt.encryption.service.impl.DefaultJwtEncryptionAndDecryptionService">
|
||||
<constructor-arg name="keyStore" ref="jwkSetKeyStore" />
|
||||
<property name="defaultAlgorithm" value="RSA1_5" />
|
||||
<property name="defaultDecryptionKeyId" value="connsec_rsa" />
|
||||
<property name="defaultEncryptionKeyId" value="connsec_rsa" />
|
||||
<property name="defaultDecryptionKeyId" value="maxkey_rsa" />
|
||||
<property name="defaultEncryptionKeyId" value="maxkey_rsa" />
|
||||
</bean>
|
||||
|
||||
<!--
|
||||
<bean id="jwtLoginService" class="com.connsec.web.authentication.support.jwt.JwtLoginService">
|
||||
<property name="jwtSignerValidationService" ref="jwtSignerValidationService" />
|
||||
<property name="jwtProviderMetadata" ref="oidcProviderMetadata" />
|
||||
</bean>
|
||||
|
||||
-->
|
||||
<!-- OpenID Connect 1.0 End -->
|
||||
|
||||
<!-- Follow is just for Spring security OAuth 2.0 configration -->
|
||||
<authentication-manager id="oauth20ClientAuthenticationManager" xmlns="http://www.springframework.org/schema/security">
|
||||
<authentication-provider user-service-ref="oauth20ClientDetailsUserService" />
|
||||
</authentication-manager>
|
||||
|
||||
<bean id="oauth20OauthAuthenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
|
||||
<property name="realmName" value="connsec" />
|
||||
</bean>
|
||||
|
||||
<bean id="oauth20ClientAuthenticationEntryPoint" class="org.springframework.security.oauth2.provider.error.OAuth2AuthenticationEntryPoint">
|
||||
<property name="realmName" value="connsec/client" />
|
||||
<property name="typeName" value="Basic" />
|
||||
<!-- In Memory -->
|
||||
<bean id="oauth20AuthorizationCodeServices" class="org.maxkey.authz.oauth2.provider.code.InMemoryAuthorizationCodeServices">
|
||||
</bean>
|
||||
|
||||
<bean id="oauth20OauthAccessDeniedHandler" class="org.springframework.security.oauth2.provider.error.OAuth2AccessDeniedHandler" />
|
||||
|
||||
<bean id="oauth20ClientCredentialsTokenEndpointFilter" class="org.springframework.security.oauth2.provider.client.ClientCredentialsTokenEndpointFilter">
|
||||
<property name="authenticationManager" ref="oauth20ClientAuthenticationManager" />
|
||||
<bean id="oauth20TokenStore" class="org.maxkey.authz.oauth2.provider.token.store.InMemoryTokenStore" >
|
||||
</bean>
|
||||
|
||||
<bean id="accessDecisionManager" class="org.springframework.security.access.vote.UnanimousBased" xmlns="http://www.springframework.org/schema/beans">
|
||||
<constructor-arg>
|
||||
<list>
|
||||
<bean class="org.springframework.security.oauth2.provider.vote.ScopeVoter" />
|
||||
<bean class="org.springframework.security.access.vote.RoleVoter" />
|
||||
<bean class="org.springframework.security.access.vote.AuthenticatedVoter" />
|
||||
</list>
|
||||
</constructor-arg>
|
||||
</bean>
|
||||
|
||||
<bean id="oauth20ClientDetailsUserService" class="org.springframework.security.oauth2.provider.client.ClientDetailsUserDetailsService">
|
||||
<constructor-arg ref="oauth20JdbcClientDetailsService" />
|
||||
<property name="passwordEncoder" ref="passwordReciprocal"></property>
|
||||
</bean>
|
||||
<!--
|
||||
<bean id="oauth20AuthorizationCodeServices" class="org.springframework.security.oauth2.provider.code.JdbcAuthorizationCodeServices">
|
||||
<constructor-arg ref="dataSource" />
|
||||
</bean>
|
||||
|
||||
<bean id="oauth20TokenStore" class="org.springframework.security.oauth2.provider.token.store.JdbcTokenStore" >
|
||||
<constructor-arg ref="dataSource" />
|
||||
</bean>
|
||||
-->
|
||||
<bean id="oauth20AuthorizationCodeServices" class="org.springframework.security.oauth2.provider.code.RedisAuthorizationCodeServices">
|
||||
<!-- Redis
|
||||
<bean id="oauth20AuthorizationCodeServices" class="org.maxkey.authz.oauth2.provider.code.RedisAuthorizationCodeServices">
|
||||
<constructor-arg ref="redisConnectionFactory" />
|
||||
</bean>
|
||||
|
||||
<bean id="oauth20TokenStore" class="org.springframework.security.oauth2.provider.token.store.RedisTokenStore" >
|
||||
<bean id="oauth20TokenStore" class="org.maxkey.authz.oauth2.provider.token.store.RedisTokenStore" >
|
||||
<constructor-arg ref="redisConnectionFactory" />
|
||||
</bean>
|
||||
-->
|
||||
|
||||
<bean id="oauth20TokenServices" class="org.springframework.security.oauth2.provider.token.DefaultTokenServices">
|
||||
<property name="tokenStore" ref="oauth20TokenStore"/>
|
||||
<property name="supportRefreshToken" value="true" />
|
||||
<property name="tokenEnhancer" ref="tokenEnhancer" />
|
||||
<property name="clientDetailsService" ref="oauth20JdbcClientDetailsService" />
|
||||
|
||||
<bean id="converter" class="org.maxkey.authz.oauth2.provider.token.store.JwtAccessTokenConverter">
|
||||
</bean>
|
||||
|
||||
<bean id="approvalStore" class="org.springframework.security.oauth2.provider.approval.TokenApprovalStore">
|
||||
<property name="tokenStore" ref="oauth20TokenStore" />
|
||||
</bean>
|
||||
|
||||
<bean id="requestFactory" class="org.springframework.security.oauth2.provider.request.DefaultOAuth2RequestFactory">
|
||||
<constructor-arg name="clientDetailsService" ref="oauth20JdbcClientDetailsService" />
|
||||
</bean>
|
||||
|
||||
<bean id="oauth20UserApprovalHandler" class="com.connsec.web.oauth.approval.controller.OAuth20UserApprovalHandler">
|
||||
<property name="approvalStore" ref="approvalStore" />
|
||||
<property name="clientDetailsService" ref="oauth20JdbcClientDetailsService"/>
|
||||
<property name="requestFactory" ref="requestFactory" />
|
||||
</bean>
|
||||
|
||||
<oauth20:authorization-server client-details-service-ref="oauth20JdbcClientDetailsService" token-services-ref="oauth20TokenServices"
|
||||
user-approval-handler-ref="oauth20UserApprovalHandler">
|
||||
<oauth20:authorization-code authorization-code-services-ref="oauth20AuthorizationCodeServices"></oauth20:authorization-code>
|
||||
<oauth20:implicit />
|
||||
<oauth20:refresh-token />
|
||||
<oauth20:client-credentials />
|
||||
<oauth20:password/>
|
||||
</oauth20:authorization-server>
|
||||
|
||||
<oauth20:resource-server id="oauth20ResourceServerFilter" resource-id="connsec" token-services-ref="oauth20TokenServices" />
|
||||
|
||||
<bean id="oauth20JdbcClientDetailsService" class="org.springframework.security.oauth2.provider.client.JdbcClientDetailsService">
|
||||
<bean id="oauth20JdbcClientDetailsService" class="org.maxkey.authz.oauth2.provider.client.JdbcClientDetailsService">
|
||||
<constructor-arg ref="dataSource" />
|
||||
<property name="passwordEncoder" ref="passwordReciprocal"></property>
|
||||
</bean>
|
||||
|
||||
<!-- OAuth 2 Token-->
|
||||
<http pattern="/oauth/v20/token" create-session="stateless" authentication-manager-ref="oauth20ClientAuthenticationManager" xmlns="http://www.springframework.org/schema/security">
|
||||
<!-- <csrf disabled="true"/>-->
|
||||
<intercept-url pattern="/oauth/v20/token" access="IS_AUTHENTICATED_ANONYMOUSLY" />
|
||||
<anonymous enabled="false" />
|
||||
<http-basic entry-point-ref="oauth20ClientAuthenticationEntryPoint" />
|
||||
|
||||
<!-- include this only if you need to authenticate clients via request parameters -->
|
||||
<custom-filter ref="oauth20ClientCredentialsTokenEndpointFilter" after="BASIC_AUTH_FILTER"/>
|
||||
<access-denied-handler ref="oauth20OauthAccessDeniedHandler"/>
|
||||
</http>
|
||||
<bean id="oauth20ClientDetailsUserService" class="org.maxkey.authz.oauth2.provider.client.ClientDetailsUserDetailsService">
|
||||
<constructor-arg ref="oauth20JdbcClientDetailsService" />
|
||||
<property name="passwordEncoder" ref="passwordReciprocal"></property>
|
||||
</bean>
|
||||
|
||||
<!-- OAuth 2 Authorize-->
|
||||
<http pattern="/oauth/v20/**" use-expressions="false" disable-url-rewriting="false" authentication-manager-ref="oauth20ClientAuthenticationManager" xmlns="http://www.springframework.org/schema/security">
|
||||
<access-denied-handler error-page="/login"/>
|
||||
<intercept-url pattern="/oauth/v20/authz" access="IS_AUTHENTICATED_ANONYMOUSLY,ROLE_USER"/>
|
||||
<form-login authentication-failure-url="/login"
|
||||
default-target-url="/index"
|
||||
login-page="/login"
|
||||
login-processing-url="/login.do"
|
||||
authentication-success-handler-ref="savedRequestSuccessHandler"/>
|
||||
<!-- self define filter for spring-security!-->
|
||||
<!-- <custom-filter before="FORM_LOGIN_FILTER" ref="oauthFilter"/> -->
|
||||
</http>
|
||||
|
||||
<oauth20:expression-handler id="oauthExpressionHandler" />
|
||||
|
||||
<oauth20:web-expression-handler id="oauthWebExpressionHandler" />
|
||||
<bean id="oauth20TokenServices" class="org.maxkey.authz.oauth2.provider.token.DefaultTokenServices">
|
||||
<property name="tokenStore" ref="oauth20TokenStore"/>
|
||||
<property name="supportRefreshToken" value="true" />
|
||||
<property name="tokenEnhancer" ref="tokenEnhancer" />
|
||||
<property name="clientDetailsService" ref="oauth20JdbcClientDetailsService" />
|
||||
</bean>
|
||||
|
||||
<bean id="oauth20ApprovalStore" class="org.maxkey.authz.oauth2.provider.approval.TokenApprovalStore">
|
||||
<property name="tokenStore" ref="oauth20TokenStore" />
|
||||
</bean>
|
||||
|
||||
<bean id="oAuth2RequestFactory" class="org.maxkey.authz.oauth2.provider.request.DefaultOAuth2RequestFactory">
|
||||
<constructor-arg name="clientDetailsService" ref="oauth20JdbcClientDetailsService" />
|
||||
</bean>
|
||||
|
||||
<bean id="oauth20UserApprovalHandler" class="org.maxkey.authz.oauth2.provider.approval.controller.OAuth20UserApprovalHandler">
|
||||
<property name="approvalStore" ref="oauth20ApprovalStore" />
|
||||
<property name="clientDetailsService" ref="oauth20JdbcClientDetailsService"/>
|
||||
<property name="requestFactory" ref="oAuth2RequestFactory" />
|
||||
</bean>
|
||||
|
||||
<bean id="oauth20ClientAuthenticationManager" class="org.springframework.security.authentication.ProviderManager">
|
||||
<constructor-arg>
|
||||
<list>
|
||||
<bean class="org.springframework.security.authentication.dao.DaoAuthenticationProvider">
|
||||
<property name="passwordEncoder">
|
||||
<bean class="org.springframework.security.crypto.password.NoOpPasswordEncoder "/>
|
||||
</property>
|
||||
<property name="userDetailsService" ref="oauth20ClientDetailsUserService"></property>
|
||||
</bean>
|
||||
</list>
|
||||
</constructor-arg>
|
||||
</bean>
|
||||
</beans>
|
||||
@@ -18,9 +18,9 @@
|
||||
http://www.springframework.org/schema/security/spring-security-3.1.xsd">
|
||||
|
||||
<!-- SAML V2.0 EndPoint -->
|
||||
<context:component-scan base-package="org.maxkey.saml20.provider.endpoint" />
|
||||
<context:component-scan base-package="org.maxkey.authz.saml20.provider.endpoint" />
|
||||
<!-- MetaData V2.0 EndPoint -->
|
||||
<context:component-scan base-package="org.maxkey.saml20.metadata.endpoint" />
|
||||
<context:component-scan base-package="org.maxkey.authz.saml20.metadata.endpoint" />
|
||||
|
||||
<bean id="samlBootstrapInitializer" class="org.opensaml.DefaultBootstrap" init-method="bootstrap"/>
|
||||
|
||||
|
||||
@@ -17,7 +17,6 @@
|
||||
|
||||
<!-- Single Sign On for application -->
|
||||
<context:component-scan base-package="org.maxkey.authz.endpoint" />
|
||||
<context:component-scan base-package="org.maxkey.authz.cas.endpoint" />
|
||||
<context:component-scan base-package="org.maxkey.authz.desktop.endpoint" />
|
||||
<context:component-scan base-package="org.maxkey.authz.exapi.endpoint" />
|
||||
<context:component-scan base-package="org.maxkey.authz.formbased.endpoint" />
|
||||
@@ -25,10 +24,10 @@
|
||||
<context:component-scan base-package="org.maxkey.authz.token.endpoint" />
|
||||
|
||||
<import resource="maxkey-protocol-cas.xml"/>
|
||||
<!--
|
||||
|
||||
<import resource="maxkey-protocol-saml.xml"/>
|
||||
|
||||
<import resource="maxkey-protocol-oauth2.0.xml"/>
|
||||
-->
|
||||
|
||||
|
||||
</beans>
|
||||
@@ -114,9 +114,6 @@
|
||||
<constructor-arg ref="jdbcTemplate"/>
|
||||
<property name="validity" value="${config.login.remeberme.validity}"/>
|
||||
</bean>
|
||||
|
||||
<!-- Authentication Password Encoder Config -->
|
||||
<bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"></bean>
|
||||
|
||||
<bean id="timeBasedKeyUriFormat" class="org.maxkey.crypto.password.opt.algorithm.KeyUriFormat">
|
||||
<property name="type" value="totp" />
|
||||
@@ -148,6 +145,9 @@
|
||||
<constructor-arg ref="jdbcTemplate" />
|
||||
</bean>
|
||||
|
||||
<!-- Authentication Password Encoder Config -->
|
||||
<bean id="passwordEncoder" class="org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder"></bean>
|
||||
|
||||
<bean id="passwordReciprocal" class="org.maxkey.crypto.password.PasswordReciprocal"></bean>
|
||||
|
||||
|
||||
|
||||
@@ -0,0 +1,118 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<beans xmlns="http://www.springframework.org/schema/beans"
|
||||
xmlns:context="http://www.springframework.org/schema/context"
|
||||
xmlns:mvc="http://www.springframework.org/schema/mvc"
|
||||
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
|
||||
xmlns:p="http://www.springframework.org/schema/p"
|
||||
xmlns:tx="http://www.springframework.org/schema/tx"
|
||||
xmlns:util="http://www.springframework.org/schema/util"
|
||||
xsi:schemaLocation="
|
||||
http://www.springframework.org/schema/beans
|
||||
http://www.springframework.org/schema/beans/spring-beans.xsd
|
||||
http://www.springframework.org/schema/context
|
||||
http://www.springframework.org/schema/context/spring-context.xsd
|
||||
http://www.springframework.org/schema/tx
|
||||
http://www.springframework.org/schema/tx/spring-tx.xsd
|
||||
http://www.springframework.org/schema/util
|
||||
http://www.springframework.org/schema/util/spring-util.xsd
|
||||
http://www.springframework.org/schema/mvc
|
||||
http://www.springframework.org/schema/mvc/spring-mvc.xsd">
|
||||
|
||||
<!-- Static resources -->
|
||||
<!-- js images css -->
|
||||
<mvc:resources mapping="/jquery/**" location="/jquery/" />
|
||||
<mvc:resources mapping="/images/**" location="/images/" />
|
||||
<mvc:resources mapping="/css/**" location="/css/" />
|
||||
<mvc:resources mapping="/js/**" location="/js/" />
|
||||
|
||||
<!-- LocaleResolver -->
|
||||
<bean id="localeResolver" class="org.springframework.web.servlet.i18n.CookieLocaleResolver">
|
||||
<property name="cookieDomain" value="#{applicationConfig.subDomainName}"/>
|
||||
<property name="cookieName" value="single_sign_on_lang"/>
|
||||
<property name="cookieMaxAge" value="604800" />
|
||||
<!-- auto select language by brower remove -->
|
||||
<!--<property name="defaultLocale" value="en" /> -->
|
||||
</bean>
|
||||
|
||||
<!-- 消息处理,可以直接使用properties的key值,返回的是对应的value值 -->
|
||||
<bean id="messageSource"
|
||||
class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
|
||||
<property name="basenames">
|
||||
<list>
|
||||
<value>classpath:messages/message</value>
|
||||
</list>
|
||||
</property>
|
||||
<!-- 必须设置成false,否则hibernate原有的校验信息无法返回value值-->
|
||||
<property name="useCodeAsDefaultMessage" value="false"/>
|
||||
</bean>
|
||||
|
||||
<!-- Locale Change Interceptor and Resolver definition -->
|
||||
<bean id="localeChangeInterceptor" class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
|
||||
<property name="paramName" value="language" />
|
||||
</bean>
|
||||
|
||||
<!-- XML bean Marshaller define -->
|
||||
<bean id="Jaxb2Marshaller" class="org.springframework.oxm.jaxb.Jaxb2Marshaller">
|
||||
<property name="classesToBeBound">
|
||||
<list>
|
||||
<value>org.maxkey.domain.xml.UserInfoXML</value>
|
||||
</list>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<!-- MarshallingHttpMessageConverter -->
|
||||
<bean id="marshallingHttpMessageConverter" class="org.springframework.http.converter.xml.MarshallingHttpMessageConverter">
|
||||
<property name="marshaller" ref="Jaxb2Marshaller" />
|
||||
<property name="unmarshaller" ref="Jaxb2Marshaller" />
|
||||
<property name="supportedMediaTypes">
|
||||
<list>
|
||||
<value>application/xml;charset=UTF-8</value>
|
||||
</list>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<!--MappingJacksonHttpMessageConverter -->
|
||||
<bean id="mappingJacksonHttpMessageConverter" class="org.springframework.http.converter.json.MappingJackson2HttpMessageConverter">
|
||||
<property name="supportedMediaTypes">
|
||||
<list>
|
||||
<value>application/json;charset=UTF-8</value>
|
||||
</list>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<!-- REST Client -->
|
||||
<bean id="restTemplate" class="org.springframework.web.client.RestTemplate">
|
||||
<property name="messageConverters">
|
||||
<list>
|
||||
<ref bean="marshallingHttpMessageConverter" />
|
||||
<ref bean="mappingJacksonHttpMessageConverter" />
|
||||
</list>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<!-- AnnotationMethodHandlerAdapter -->
|
||||
<bean class="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter">
|
||||
<property name="messageConverters">
|
||||
<util:list id="beanList">
|
||||
<ref bean="marshallingHttpMessageConverter" />
|
||||
<ref bean="mappingJacksonHttpMessageConverter" />
|
||||
</util:list>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="handlerMapping" class="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping">
|
||||
<property name="interceptors">
|
||||
<list>
|
||||
<ref bean="localeChangeInterceptor" />
|
||||
</list>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<!-- View Resolver -->
|
||||
<bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver" p:prefix="/WEB-INF/views/" p:suffix=".jsp" p:order="2" />
|
||||
|
||||
<!-- upload file support -->
|
||||
<bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
|
||||
<property name="maxUploadSize" value="4194304" />
|
||||
</bean>
|
||||
</beans>
|
||||
@@ -76,7 +76,7 @@
|
||||
<property name="emailConfig" ref="emailConfig"/>
|
||||
<property name="loginConfig" ref="loginConfig"/>
|
||||
<property name="domainName" value="${config.domain.name}"/>
|
||||
<property name="serverPrefix" value="${config.server.prefix}"/>
|
||||
<property name="serverPrefix" value="${config.server.maxkey.uri}"/>
|
||||
<property name="manageUri" value="${config.manage.uri}"/>
|
||||
<property name="whiteList" value="${config.ipaddress.whitelist}"/>
|
||||
<property name="anonymousAccessUrls">
|
||||
@@ -86,19 +86,6 @@
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<!-- Datastore configuration -->
|
||||
<import resource="maxkey-persistence.xml"/>
|
||||
|
||||
<import resource="maxkey-support.xml"/>
|
||||
|
||||
<import resource="maxkey-protocol.xml"/>
|
||||
|
||||
<!-- Scheduler task -->
|
||||
<import resource="maxkey-task.xml"/>
|
||||
|
||||
<!-- Basic Authn -->
|
||||
<import resource="maxkey-security.xml"/>
|
||||
|
||||
<!-- Scans the classpath for annotated components that will be auto-registered as Spring beans.
|
||||
@Controller and @Service. Make sure to set the correct base-package-->
|
||||
|
||||
@@ -106,109 +93,24 @@
|
||||
<context:component-scan base-package="org.maxkey.domain" />
|
||||
<context:component-scan base-package="org.maxkey.domain.apps" />
|
||||
<context:component-scan base-package="org.maxkey.domain.userinfo" />
|
||||
|
||||
<context:component-scan base-package="org.maxkey.web.authorize.endpoint" />
|
||||
<context:component-scan base-package="org.maxkey.web.endpoint" />
|
||||
<!-- REST API interface -->
|
||||
<context:component-scan base-package="org.maxkey.api.v1.contorller" />
|
||||
|
||||
<!-- Business Contorller -->
|
||||
<context:component-scan base-package="org.maxkey.web.endpoint" />
|
||||
<context:component-scan base-package="org.maxkey.web.contorller" />
|
||||
|
||||
<!-- Static resources -->
|
||||
<!-- js images css -->
|
||||
<mvc:resources mapping="/jquery/**" location="/jquery/" />
|
||||
<mvc:resources mapping="/images/**" location="/images/" />
|
||||
<mvc:resources mapping="/css/**" location="/css/" />
|
||||
<mvc:resources mapping="/js/**" location="/js/" />
|
||||
|
||||
<!-- LocaleResolver -->
|
||||
<bean id="localeResolver" class="org.springframework.web.servlet.i18n.CookieLocaleResolver">
|
||||
<property name="cookieDomain" value="#{applicationConfig.subDomainName}"/>
|
||||
<property name="cookieName" value="single_sign_on_lang"/>
|
||||
<property name="cookieMaxAge" value="604800" />
|
||||
<!-- auto select language by brower remove -->
|
||||
<!--<property name="defaultLocale" value="en" /> -->
|
||||
</bean>
|
||||
|
||||
<!-- 消息处理,可以直接使用properties的key值,返回的是对应的value值 -->
|
||||
<bean id="messageSource"
|
||||
class="org.springframework.context.support.ReloadableResourceBundleMessageSource">
|
||||
<property name="basenames">
|
||||
<list>
|
||||
<value>classpath:messages/message</value>
|
||||
</list>
|
||||
</property>
|
||||
<!-- 必须设置成false,否则hibernate原有的校验信息无法返回value值-->
|
||||
<property name="useCodeAsDefaultMessage" value="false"/>
|
||||
</bean>
|
||||
|
||||
<!-- Locale Change Interceptor and Resolver definition -->
|
||||
<bean id="localeChangeInterceptor" class="org.springframework.web.servlet.i18n.LocaleChangeInterceptor">
|
||||
<property name="paramName" value="language" />
|
||||
</bean>
|
||||
|
||||
<!-- XML bean Marshaller define -->
|
||||
<bean id="Jaxb2Marshaller" class="org.springframework.oxm.jaxb.Jaxb2Marshaller">
|
||||
<property name="classesToBeBound">
|
||||
<list>
|
||||
<value>org.maxkey.domain.xml.UserInfoXML</value>
|
||||
</list>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<!-- MarshallingHttpMessageConverter -->
|
||||
<bean id="marshallingHttpMessageConverter" class="org.springframework.http.converter.xml.MarshallingHttpMessageConverter">
|
||||
<property name="marshaller" ref="Jaxb2Marshaller" />
|
||||
<property name="unmarshaller" ref="Jaxb2Marshaller" />
|
||||
<property name="supportedMediaTypes">
|
||||
<list>
|
||||
<value>application/xml;charset=UTF-8</value>
|
||||
</list>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<!--MappingJacksonHttpMessageConverter -->
|
||||
<bean id="mappingJacksonHttpMessageConverter" class="org.springframework.http.converter.json.MappingJackson2HttpMessageConverter">
|
||||
<property name="supportedMediaTypes">
|
||||
<list>
|
||||
<value>application/json;charset=UTF-8</value>
|
||||
</list>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<!-- REST Client -->
|
||||
<bean id="restTemplate" class="org.springframework.web.client.RestTemplate">
|
||||
<property name="messageConverters">
|
||||
<list>
|
||||
<ref bean="marshallingHttpMessageConverter" />
|
||||
<ref bean="mappingJacksonHttpMessageConverter" />
|
||||
</list>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<!-- AnnotationMethodHandlerAdapter -->
|
||||
<bean class="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter">
|
||||
<property name="messageConverters">
|
||||
<util:list id="beanList">
|
||||
<ref bean="marshallingHttpMessageConverter" />
|
||||
<ref bean="mappingJacksonHttpMessageConverter" />
|
||||
</util:list>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<bean id="handlerMapping" class="org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping">
|
||||
<property name="interceptors">
|
||||
<list>
|
||||
<ref bean="localeChangeInterceptor" />
|
||||
</list>
|
||||
</property>
|
||||
</bean>
|
||||
|
||||
<!-- View Resolver -->
|
||||
<bean id="viewResolver" class="org.springframework.web.servlet.view.InternalResourceViewResolver" p:prefix="/WEB-INF/views/" p:suffix=".jsp" p:order="2" />
|
||||
|
||||
<!-- upload file support -->
|
||||
<bean id="multipartResolver" class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
|
||||
<property name="maxUploadSize" value="4194304" />
|
||||
</bean>
|
||||
<!-- persistence configuration -->
|
||||
<import resource="maxkey-persistence.xml"/>
|
||||
<!-- authn support -->
|
||||
<import resource="maxkey-support.xml"/>
|
||||
<!-- single sign on protocol -->
|
||||
<import resource="maxkey-protocol.xml"/>
|
||||
<!-- Scheduler task -->
|
||||
<import resource="maxkey-task.xml"/>
|
||||
<!-- Basic Authn for user login -->
|
||||
<import resource="maxkey-security.xml"/>
|
||||
<!-- web mvc configuration -->
|
||||
<import resource="maxkey-web.xml"/>
|
||||
|
||||
</beans>
|
||||
@@ -7,51 +7,16 @@
|
||||
<%@ taglib prefix="s" uri="http://www.connsec.com/tags" %>
|
||||
<html xmlns="http://www.w3.org/1999/xhtml">
|
||||
<head>
|
||||
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1"/>
|
||||
<title>Access Confirmation</title>
|
||||
<link rel="shortcut icon" type="image/x-icon" href="<s:Base />/images/favicon.ico"/>
|
||||
<link type="text/css" rel="stylesheet" href="<s:Base />/css/base.css"/>
|
||||
<jsp:include page="../layout/header.jsp"></jsp:include>
|
||||
<jsp:include page="../layout/common.css.jsp"></jsp:include>
|
||||
<jsp:include page="../layout/common.js.jsp"></jsp:include>
|
||||
</head>
|
||||
|
||||
<body>
|
||||
<h1>Access Confirmation ${'oauth 1.0a'==model.oauth_version}</h1>
|
||||
<div id="content">
|
||||
|
||||
<c:if test="${'oauth 1.0a'==model.oauth_version}">
|
||||
<!-- oauth 1.0a -->
|
||||
<c:if test="${!empty sessionScope.SPRING_SECURITY_LAST_EXCEPTION}">
|
||||
<div class="error">
|
||||
<h2>Woops!</h2>
|
||||
|
||||
<p>Access could not be granted. (<%= ((AuthenticationException) session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION)).getMessage() %>)</p>
|
||||
</div>
|
||||
</c:if>
|
||||
<c:remove scope="session" var="SPRING_SECURITY_LAST_EXCEPTION"/>
|
||||
<authz:authorize ifAllGranted="ROLE_USER">
|
||||
<h2>Please Confirm OAuth 1.0a</h2>
|
||||
|
||||
<p>You hereby authorize "${consumer.consumerName}" to access the following resource:</p>
|
||||
|
||||
<ul>
|
||||
<li>${consumer.resourceName} — ${consumer.resourceDescription}</li>
|
||||
</ul>
|
||||
|
||||
<form id="oauth_v10a_form" name="oauth_v10a_form" action="<c:url value="/oauth/v10a/authenticate_token"/>" method="post">
|
||||
<input name="requestToken" value="${model.oauth_token}" type="hidden"/>
|
||||
<c:if test="${!empty model.oauth_callback}">
|
||||
<input name="callbackURL" value="${model.oauth_callback}" type="hidden"/>
|
||||
</c:if>
|
||||
<label><input name="authorize" value="Authorize" type="submit"/></label>
|
||||
</form>
|
||||
<c:if test="${!empty model.approval_prompt&&'auto'== model.approval_prompt}">
|
||||
<script type="text/javascript">
|
||||
document.getElementById("oauth_v10a_form").submit();
|
||||
</script>
|
||||
</c:if>
|
||||
</authz:authorize>
|
||||
|
||||
</c:if>
|
||||
|
||||
<div id="top">
|
||||
<jsp:include page="../layout/nologintop.jsp"></jsp:include>
|
||||
</div>
|
||||
<div class="container">
|
||||
<c:if test="${'oauth 2.0'==model.oauth_version}">
|
||||
<!-- oauth 2.0 -->
|
||||
<% if (session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION) != null && !(session.getAttribute(WebAttributes.AUTHENTICATION_EXCEPTION) instanceof UnapprovedClientAuthenticationException)) { %>
|
||||
@@ -63,11 +28,10 @@
|
||||
<% } %>
|
||||
<c:remove scope="session" var="SPRING_SECURITY_LAST_EXCEPTION"/>
|
||||
|
||||
<authz:authorize ifAllGranted="ROLE_USER">
|
||||
<h2>Please Confirm OAuth 2.0</h2>
|
||||
|
||||
<p>You hereby authorize "${client.clientId}" to access your protected resources.</p>
|
||||
<form id="confirmationForm" name="confirmationForm" action="<%=request.getContextPath()%>/oauth/v20/authz" method="post">
|
||||
<form id="confirmationForm" name="confirmationForm" action="<%=request.getContextPath()%>/oauth/v20/authorize" method="post">
|
||||
<input name="user_oauth_approval" value="true" type="hidden"/>
|
||||
|
||||
<ul>
|
||||
@@ -87,8 +51,10 @@
|
||||
</ul>
|
||||
<label><input name="authorize" value="Authorize" type="submit"/></label>
|
||||
</form>
|
||||
</authz:authorize>
|
||||
</c:if>
|
||||
</div>
|
||||
<div id="footer">
|
||||
<jsp:include page="../layout/footer.jsp"></jsp:include>
|
||||
</div>
|
||||
</body>
|
||||
</html>
|
||||
|
||||
@@ -108,6 +108,16 @@
|
||||
<filter-mapping>
|
||||
<filter-name>ipAddressFilter</filter-name>
|
||||
<url-pattern>/*</url-pattern>
|
||||
</filter-mapping>
|
||||
|
||||
|
||||
<filter>
|
||||
<filter-name>OAuth20TokenEndpointAuthenticationFilter</filter-name>
|
||||
<filter-class>org.maxkey.authz.oauth2.provider.endpoint.TokenEndpointAuthenticationFilter</filter-class>
|
||||
</filter>
|
||||
<filter-mapping>
|
||||
<filter-name>OAuth20TokenEndpointAuthenticationFilter</filter-name>
|
||||
<url-pattern>/oauth/v20/token</url-pattern>
|
||||
</filter-mapping>
|
||||
|
||||
<!-- DispatcherServlet Spring MVC -->
|
||||
|
||||
Reference in New Issue
Block a user