OAuth2 grant_type=password fix

2025-12-06 17:08:29 +08:00 · 2020-12-19 11:16:08 +08:00 · 2020-12-19 11:16:08 +08:00 · 3497aa5d26
commit 3497aa5d26
parent ba681ed7ca
3 changed files with 50 additions and 8 deletions
--- a/maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java
+++ b/maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java
@ -70,7 +70,7 @@ public abstract class AbstractAuthenticationProvider {
    @Qualifier("onlineTicketServices")
    protected OnlineTicketServices onlineTicketServices;
    
-    static  ArrayList<GrantedAuthority> grantedAdministratorsAuthoritys = new ArrayList<GrantedAuthority>();
+    public static  ArrayList<GrantedAuthority> grantedAdministratorsAuthoritys = new ArrayList<GrantedAuthority>();
    
    static {
        grantedAdministratorsAuthoritys.add(new SimpleGrantedAuthority("ROLE_ADMINISTRATORS"));
--- a/maxkey-core/src/main/java/org/maxkey/authn/SigninPrincipal.java
+++ b/maxkey-core/src/main/java/org/maxkey/authn/SigninPrincipal.java
@ -37,6 +37,14 @@ public class SigninPrincipal implements  UserDetails {
    ArrayList<GrantedAuthority> grantedAuthorityApps;
    boolean authenticated;
    boolean roleAdministrators;
+    
+	private  boolean accountNonExpired;
+
+	private  boolean accountNonLocked;
+
+	private  boolean credentialsNonExpired;
+
+	private  boolean enabled;

    /**
     * SigninPrincipal.
@ -50,6 +58,10 @@ public class SigninPrincipal implements  UserDetails {
    public SigninPrincipal(UserInfo userInfo) {
        this.userInfo = userInfo;
        this.authenticated = true;
+        this.accountNonExpired = true;
+        this.accountNonLocked  = true;
+        this.credentialsNonExpired =true;
+        this.enabled = true;
    }
    
    /**
@ -116,22 +128,22 @@ public class SigninPrincipal implements  UserDetails {

    @Override
    public boolean isAccountNonExpired() {
-        return false;
+        return this.accountNonExpired;
    }

    @Override
    public boolean isAccountNonLocked() {
-        return false;
+        return this.accountNonLocked;
    }

    @Override
    public boolean isCredentialsNonExpired() {
-        return false;
+        return this.credentialsNonExpired;
    }

    @Override
    public boolean isEnabled() {
-        return false;
+        return this.enabled;
    }

    public ArrayList<GrantedAuthority> getGrantedAuthorityApps() {
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/OAuth2UserDetailsService.java
+++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/OAuth2UserDetailsService.java
@ -12,9 +12,19 @@
 */
 package org.maxkey.authz.oauth2.provider;

+import java.util.ArrayList;
+
+import org.maxkey.authn.AbstractAuthenticationProvider;
+import org.maxkey.authn.SigninPrincipal;
+import org.maxkey.authn.online.OnlineTicket;
 import org.maxkey.domain.UserInfo;
 import org.maxkey.persistence.db.LoginService;
-import org.springframework.security.core.userdetails.User;
+import org.maxkey.web.WebConstants;
+import org.maxkey.web.WebContext;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
@ -24,7 +34,8 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException;
 * 
 */
 public class OAuth2UserDetailsService implements UserDetailsService {
-
+	 private static final Logger _logger = 
+	            LoggerFactory.getLogger(OAuth2UserDetailsService.class);
 	
    LoginService loginService;
 	
@ -42,8 +53,27 @@ public class OAuth2UserDetailsService implements UserDetailsService {
 			throw new UsernameNotFoundException(e.getMessage(), e);
 		}
 		
+		String onlineTickitId = WebConstants.ONLINE_TICKET_PREFIX + "-" + java.util.UUID.randomUUID().toString().toLowerCase();
 		
-		return new User(username, userInfo.getPassword(), loginService.grantAuthority(userInfo));
+		SigninPrincipal signinPrincipal = new SigninPrincipal(userInfo);
+		OnlineTicket onlineTicket = new OnlineTicket(onlineTickitId);
+		//set OnlineTicket
+        signinPrincipal.setOnlineTicket(onlineTicket);
+        
+        ArrayList<GrantedAuthority> grantedAuthoritys = loginService.grantAuthority(userInfo);
+        signinPrincipal.setAuthenticated(true);
+        
+        for(GrantedAuthority administratorsAuthority : AbstractAuthenticationProvider.grantedAdministratorsAuthoritys) {
+            if(grantedAuthoritys.contains(administratorsAuthority)) {
+                signinPrincipal.setRoleAdministrators(true);
+                _logger.trace("ROLE ADMINISTRATORS Authentication .");
+            }
+        }
+        _logger.debug("Granted Authority " + grantedAuthoritys);
+        
+        signinPrincipal.setGrantedAuthorityApps(grantedAuthoritys);
+        
+		return signinPrincipal;
 	}

 }