mirror of
https://gitee.com/dromara/MaxKey.git
synced 2025-12-07 17:38:32 +08:00
OIDC接口优化 #I4VFYD
This commit is contained in:
MaxKey
parent
933780d082
commit
545e2c1a96
@ -85,7 +85,7 @@ public class BasicEntryPoint implements AsyncHandlerInterceptor {
|
|||||||
_logger.info("recreate new session .");
|
_logger.info("recreate new session .");
|
||||||
request.getSession(true);
|
request.getSession(true);
|
||||||
}
|
}
|
||||||
String basicCredential =request.getHeader(AuthorizationHeaderUtils.AUTHORIZATION_HEADERNAME);
|
String basicCredential =request.getHeader(AuthorizationHeaderUtils.HEADER_Authorization);
|
||||||
_logger.info("getSession.getId : "+ request.getSession().getId());
|
_logger.info("getSession.getId : "+ request.getSession().getId());
|
||||||
|
|
||||||
_logger.info("Authorization : " + basicCredential);
|
_logger.info("Authorization : " + basicCredential);
|
||||||
|
|||||||
@ -17,6 +17,8 @@
|
|||||||
|
|
||||||
package org.maxkey.util;
|
package org.maxkey.util;
|
||||||
|
|
||||||
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
|
||||||
import org.maxkey.crypto.Base64Utils;
|
import org.maxkey.crypto.Base64Utils;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -25,7 +27,14 @@ import org.maxkey.crypto.Base64Utils;
|
|||||||
*/
|
*/
|
||||||
public class AuthorizationHeaderUtils {
|
public class AuthorizationHeaderUtils {
|
||||||
|
|
||||||
public static final String AUTHORIZATION_HEADERNAME = "Authorization";
|
/**
|
||||||
|
* first UpperCase
|
||||||
|
*/
|
||||||
|
public static final String HEADER_Authorization = "Authorization";
|
||||||
|
/**
|
||||||
|
* first LowerCase
|
||||||
|
*/
|
||||||
|
public static final String HEADER_authorization = "authorization";
|
||||||
|
|
||||||
public static String createBasic(String username, String password) {
|
public static String createBasic(String username, String password) {
|
||||||
String authUserPass = username + ":" + password;
|
String authUserPass = username + ":" + password;
|
||||||
@ -34,7 +43,7 @@ public class AuthorizationHeaderUtils {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public static AuthorizationHeaderCredential resolve(String authorization) {
|
public static AuthorizationHeaderCredential resolve(String authorization) {
|
||||||
if (isBasic(authorization)) {
|
if (StringUtils.isNotBlank(authorization) && isBasic(authorization)) {
|
||||||
String decodeUserPass = Base64Utils.decode(authorization.split(" ")[1]);
|
String decodeUserPass = Base64Utils.decode(authorization.split(" ")[1]);
|
||||||
String []userPass =decodeUserPass.split(":");
|
String []userPass =decodeUserPass.split(":");
|
||||||
return new AuthorizationHeaderCredential(userPass[0],userPass[1]);
|
return new AuthorizationHeaderCredential(userPass[0],userPass[1]);
|
||||||
@ -56,10 +65,10 @@ public class AuthorizationHeaderUtils {
|
|||||||
}
|
}
|
||||||
|
|
||||||
public static String resolveBearer(String bearer) {
|
public static String resolveBearer(String bearer) {
|
||||||
if (isBearer(bearer)) {
|
if (StringUtils.isNotBlank(bearer) && isBearer(bearer)) {
|
||||||
return bearer.split(" ")[1];
|
return bearer.split(" ")[1];
|
||||||
} else {
|
} else {
|
||||||
return null;
|
return bearer;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -70,5 +79,15 @@ public class AuthorizationHeaderUtils {
|
|||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static String resolveBearer(HttpServletRequest request) {
|
||||||
|
String authorization =
|
||||||
|
StringUtils.isNotBlank(request.getHeader(HEADER_Authorization)) ?
|
||||||
|
request.getHeader(HEADER_Authorization) : request.getHeader(HEADER_authorization);
|
||||||
|
if(StringUtils.isNotBlank(authorization)) {
|
||||||
|
return resolveBearer(authorization);
|
||||||
|
}
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -56,6 +56,10 @@ import org.springframework.web.servlet.support.RequestContextUtils;
|
|||||||
* @author Crystal.Sea
|
* @author Crystal.Sea
|
||||||
* @since 1.5
|
* @since 1.5
|
||||||
*/
|
*/
|
||||||
|
/**
|
||||||
|
* @author shimi
|
||||||
|
*
|
||||||
|
*/
|
||||||
public final class WebContext {
|
public final class WebContext {
|
||||||
|
|
||||||
final static Logger _logger = LoggerFactory.getLogger(WebContext.class);
|
final static Logger _logger = LoggerFactory.getLogger(WebContext.class);
|
||||||
@ -275,22 +279,32 @@ public final class WebContext {
|
|||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/**
|
||||||
|
* isTraceEnabled print request headers and parameters<br>
|
||||||
|
* see WebInstRequestFilter
|
||||||
|
* @param request
|
||||||
|
*/
|
||||||
public static void printRequest(final HttpServletRequest request) {
|
public static void printRequest(final HttpServletRequest request) {
|
||||||
_logger.trace("getRequestURL : "+request.getRequestURL());
|
if(_logger.isTraceEnabled()) {
|
||||||
_logger.trace("getMethod : "+request.getMethod());
|
_logger.trace("getContextPath : {}" , request.getContextPath());
|
||||||
Enumeration<String> headerNames = request.getHeaderNames();
|
_logger.trace("getRequestURL : {} " , request.getRequestURL());
|
||||||
while (headerNames.hasMoreElements()) {
|
_logger.trace("URL : {}" , request.getRequestURI().substring(request.getContextPath().length()));
|
||||||
String key = (String) headerNames.nextElement();
|
_logger.trace("getMethod : {} " , request.getMethod());
|
||||||
String value = request.getHeader(key);
|
|
||||||
_logger.trace("Header key "+key +" , value " + value);
|
Enumeration<String> headerNames = request.getHeaderNames();
|
||||||
}
|
while (headerNames.hasMoreElements()) {
|
||||||
|
String key = (String) headerNames.nextElement();
|
||||||
Enumeration<String> parameterNames = request.getParameterNames();
|
String value = request.getHeader(key);
|
||||||
while (parameterNames.hasMoreElements()) {
|
_logger.trace("Header key {} , value {}" , key, value);
|
||||||
String key = (String) parameterNames.nextElement();
|
}
|
||||||
String value = request.getParameter(key);
|
|
||||||
_logger.trace("Parameter "+key +" , value " + value);
|
Enumeration<String> parameterNames = request.getParameterNames();
|
||||||
}
|
while (parameterNames.hasMoreElements()) {
|
||||||
|
String key = (String) parameterNames.nextElement();
|
||||||
|
String value = request.getParameter(key);
|
||||||
|
_logger.trace("Parameter {} , value {}",key , value);
|
||||||
|
}
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
|||||||
@ -70,15 +70,10 @@ public class WebXssRequestFilter extends GenericFilterBean {
|
|||||||
public void doFilter(ServletRequest servletRequest, ServletResponse response, FilterChain chain)
|
public void doFilter(ServletRequest servletRequest, ServletResponse response, FilterChain chain)
|
||||||
throws IOException, ServletException {
|
throws IOException, ServletException {
|
||||||
_logger.trace("WebXssRequestFilter");
|
_logger.trace("WebXssRequestFilter");
|
||||||
|
|
||||||
boolean isWebXss = false;
|
boolean isWebXss = false;
|
||||||
HttpServletRequest request= ((HttpServletRequest)servletRequest);
|
HttpServletRequest request= ((HttpServletRequest)servletRequest);
|
||||||
String requestURI=request.getRequestURI();
|
|
||||||
_logger.trace("getContextPath " +request.getContextPath());
|
|
||||||
_logger.trace("getRequestURL " + ((HttpServletRequest)request).getRequestURI());
|
|
||||||
_logger.trace("URL " +requestURI.substring(request.getContextPath().length()));
|
|
||||||
|
|
||||||
if(skipUrlMap.containsKey(requestURI.substring(request.getContextPath().length()))) {
|
if(skipUrlMap.containsKey(request.getRequestURI().substring(request.getContextPath().length()))) {
|
||||||
isWebXss = false;
|
isWebXss = false;
|
||||||
}else {
|
}else {
|
||||||
Enumeration<String> parameterNames = request.getParameterNames();
|
Enumeration<String> parameterNames = request.getParameterNames();
|
||||||
|
|||||||
@ -136,10 +136,6 @@ public class TokenEndpointAuthenticationFilter implements Filter {
|
|||||||
final HttpServletRequest request = (HttpServletRequest) req;
|
final HttpServletRequest request = (HttpServletRequest) req;
|
||||||
final HttpServletResponse response = (HttpServletResponse) res;
|
final HttpServletResponse response = (HttpServletResponse) res;
|
||||||
|
|
||||||
if(_logger.isTraceEnabled()) {
|
|
||||||
WebContext.printRequest(request);
|
|
||||||
}
|
|
||||||
|
|
||||||
try {
|
try {
|
||||||
String grantType = request.getParameter(OAuth2Constants.PARAMETER.GRANT_TYPE);
|
String grantType = request.getParameter(OAuth2Constants.PARAMETER.GRANT_TYPE);
|
||||||
if (grantType != null && grantType.equals(OAuth2Constants.PARAMETER.GRANT_TYPE_PASSWORD)) {
|
if (grantType != null && grantType.equals(OAuth2Constants.PARAMETER.GRANT_TYPE_PASSWORD)) {
|
||||||
|
|||||||
@ -18,13 +18,13 @@
|
|||||||
package org.maxkey.authz.oauth2.provider.userinfo.endpoint;
|
package org.maxkey.authz.oauth2.provider.userinfo.endpoint;
|
||||||
|
|
||||||
import java.lang.reflect.InvocationTargetException;
|
import java.lang.reflect.InvocationTargetException;
|
||||||
import java.util.Enumeration;
|
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import javax.servlet.http.HttpServletResponse;
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
|
||||||
import org.apache.commons.beanutils.BeanUtils;
|
import org.apache.commons.beanutils.BeanUtils;
|
||||||
|
import org.apache.commons.lang3.StringUtils;
|
||||||
import org.maxkey.authn.SigninPrincipal;
|
import org.maxkey.authn.SigninPrincipal;
|
||||||
import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
|
import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
|
||||||
import org.maxkey.authz.oauth2.common.OAuth2Constants;
|
import org.maxkey.authz.oauth2.common.OAuth2Constants;
|
||||||
@ -48,7 +48,6 @@ import org.slf4j.LoggerFactory;
|
|||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.beans.factory.annotation.Qualifier;
|
import org.springframework.beans.factory.annotation.Qualifier;
|
||||||
import org.springframework.stereotype.Controller;
|
import org.springframework.stereotype.Controller;
|
||||||
import org.springframework.web.bind.annotation.RequestHeader;
|
|
||||||
import org.springframework.web.bind.annotation.RequestMapping;
|
import org.springframework.web.bind.annotation.RequestMapping;
|
||||||
import org.springframework.web.bind.annotation.RequestMethod;
|
import org.springframework.web.bind.annotation.RequestMethod;
|
||||||
import org.springframework.web.bind.annotation.RequestParam;
|
import org.springframework.web.bind.annotation.RequestParam;
|
||||||
@ -83,27 +82,18 @@ public class UserInfoEndpoint {
|
|||||||
@RequestMapping(value=OAuth2Constants.ENDPOINT.ENDPOINT_USERINFO, method={RequestMethod.POST, RequestMethod.GET})
|
@RequestMapping(value=OAuth2Constants.ENDPOINT.ENDPOINT_USERINFO, method={RequestMethod.POST, RequestMethod.GET})
|
||||||
public void apiV20UserInfo(
|
public void apiV20UserInfo(
|
||||||
@RequestParam(value = "access_token", required = false) String access_token,
|
@RequestParam(value = "access_token", required = false) String access_token,
|
||||||
@RequestHeader(value = "authorization", required = false) String authorization_bearer,
|
|
||||||
HttpServletRequest request,
|
HttpServletRequest request,
|
||||||
HttpServletResponse response) {
|
HttpServletResponse response) {
|
||||||
if(access_token == null && authorization_bearer!= null) {
|
if(StringUtils.isBlank(access_token)) {
|
||||||
if(_logger.isTraceEnabled()) {
|
|
||||||
_logger.trace("getRequestURL : "+request.getRequestURL());
|
|
||||||
Enumeration<String> headerNames = request.getHeaderNames();
|
|
||||||
while (headerNames.hasMoreElements()) {
|
|
||||||
String key = (String) headerNames.nextElement();
|
|
||||||
String value = request.getHeader(key);
|
|
||||||
_logger.trace("Header key "+key +" , value " + value);
|
|
||||||
}
|
|
||||||
}
|
|
||||||
//for header authorization bearer
|
//for header authorization bearer
|
||||||
access_token = AuthorizationHeaderUtils.resolveBearer(authorization_bearer);
|
access_token = AuthorizationHeaderUtils.resolveBearer(request);
|
||||||
}
|
}
|
||||||
|
|
||||||
String principal="";
|
|
||||||
if (!StringGenerator.uuidMatches(access_token)) {
|
if (!StringGenerator.uuidMatches(access_token)) {
|
||||||
httpResponseAdapter.write(response,JsonUtils.gson2Json(accessTokenFormatError(access_token)),"json");
|
httpResponseAdapter.write(response,JsonUtils.gson2Json(accessTokenFormatError(access_token)),"json");
|
||||||
}
|
}
|
||||||
|
|
||||||
|
String principal="";
|
||||||
OAuth2Authentication oAuth2Authentication =null;
|
OAuth2Authentication oAuth2Authentication =null;
|
||||||
try{
|
try{
|
||||||
oAuth2Authentication = oauth20tokenServices.loadAuthentication(access_token);
|
oAuth2Authentication = oauth20tokenServices.loadAuthentication(access_token);
|
||||||
|
|||||||
@ -42,6 +42,7 @@ import org.maxkey.entity.UserInfo;
|
|||||||
import org.maxkey.entity.apps.oauth2.provider.ClientDetails;
|
import org.maxkey.entity.apps.oauth2.provider.ClientDetails;
|
||||||
import org.maxkey.persistence.service.AppsService;
|
import org.maxkey.persistence.service.AppsService;
|
||||||
import org.maxkey.persistence.service.UserInfoService;
|
import org.maxkey.persistence.service.UserInfoService;
|
||||||
|
import org.maxkey.util.AuthorizationHeaderUtils;
|
||||||
import org.maxkey.util.JsonUtils;
|
import org.maxkey.util.JsonUtils;
|
||||||
import org.maxkey.util.StringGenerator;
|
import org.maxkey.util.StringGenerator;
|
||||||
import org.maxkey.web.HttpResponseAdapter;
|
import org.maxkey.web.HttpResponseAdapter;
|
||||||
@ -51,7 +52,6 @@ import org.slf4j.LoggerFactory;
|
|||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.beans.factory.annotation.Qualifier;
|
import org.springframework.beans.factory.annotation.Qualifier;
|
||||||
import org.springframework.stereotype.Controller;
|
import org.springframework.stereotype.Controller;
|
||||||
import org.springframework.web.bind.annotation.RequestHeader;
|
|
||||||
import org.springframework.web.bind.annotation.RequestMapping;
|
import org.springframework.web.bind.annotation.RequestMapping;
|
||||||
import org.springframework.web.bind.annotation.RequestMethod;
|
import org.springframework.web.bind.annotation.RequestMethod;
|
||||||
import org.springframework.web.bind.annotation.ResponseBody;
|
import org.springframework.web.bind.annotation.ResponseBody;
|
||||||
@ -100,15 +100,15 @@ public class UserInfoOIDCEndpoint {
|
|||||||
@Operation(summary = "OIDC 用户信息接口", description = "传递Authorization参数access_token",method="GET")
|
@Operation(summary = "OIDC 用户信息接口", description = "传递Authorization参数access_token",method="GET")
|
||||||
@RequestMapping(value=OAuth2Constants.ENDPOINT.ENDPOINT_OPENID_CONNECT_USERINFO, method={RequestMethod.POST, RequestMethod.GET})
|
@RequestMapping(value=OAuth2Constants.ENDPOINT.ENDPOINT_OPENID_CONNECT_USERINFO, method={RequestMethod.POST, RequestMethod.GET})
|
||||||
@ResponseBody
|
@ResponseBody
|
||||||
public String connect10aUserInfo(
|
public String connect10aUserInfo(HttpServletRequest request,
|
||||||
@RequestHeader(value = "Authorization", required = true) String access_token,
|
HttpServletResponse response) {
|
||||||
HttpServletRequest request,
|
String access_token = AuthorizationHeaderUtils.resolveBearer(request);
|
||||||
HttpServletResponse response) {
|
|
||||||
String principal="";
|
|
||||||
if (!StringGenerator.uuidMatches(access_token)) {
|
if (!StringGenerator.uuidMatches(access_token)) {
|
||||||
return JsonUtils.gson2Json(accessTokenFormatError(access_token));
|
return JsonUtils.gson2Json(accessTokenFormatError(access_token));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
String principal="";
|
||||||
OAuth2Authentication oAuth2Authentication =null;
|
OAuth2Authentication oAuth2Authentication =null;
|
||||||
try{
|
try{
|
||||||
oAuth2Authentication = oauth20tokenServices.loadAuthentication(access_token);
|
oAuth2Authentication = oauth20tokenServices.loadAuthentication(access_token);
|
||||||
|
|||||||
@ -99,8 +99,6 @@ public class LoginEndpoint {
|
|||||||
public ModelAndView login(HttpServletRequest request) {
|
public ModelAndView login(HttpServletRequest request) {
|
||||||
_logger.debug("LoginController /login.");
|
_logger.debug("LoginController /login.");
|
||||||
|
|
||||||
WebContext.printRequest(request);
|
|
||||||
|
|
||||||
boolean isAuthenticated= WebContext.isAuthenticated();
|
boolean isAuthenticated= WebContext.isAuthenticated();
|
||||||
|
|
||||||
if(isAuthenticated){
|
if(isAuthenticated){
|
||||||
|
|||||||
@ -61,7 +61,7 @@ public class Oauth20ApiPermissionAdapter implements AsyncHandlerInterceptor {
|
|||||||
@Override
|
@Override
|
||||||
public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
|
public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
|
||||||
_logger.trace("Oauth20ApiPermissionAdapter preHandle");
|
_logger.trace("Oauth20ApiPermissionAdapter preHandle");
|
||||||
String authorization = request.getHeader(AuthorizationHeaderUtils.AUTHORIZATION_HEADERNAME);
|
String authorization = request.getHeader(AuthorizationHeaderUtils.HEADER_Authorization);
|
||||||
|
|
||||||
String accessToken = AuthorizationHeaderUtils.resolveBearer(authorization);
|
String accessToken = AuthorizationHeaderUtils.resolveBearer(authorization);
|
||||||
OAuth2Authentication authentication = oauth20tokenServices.loadAuthentication(accessToken);
|
OAuth2Authentication authentication = oauth20tokenServices.loadAuthentication(accessToken);
|
||||||
|
|||||||
@ -65,7 +65,7 @@ public class RestApiPermissionAdapter implements AsyncHandlerInterceptor {
|
|||||||
@Override
|
@Override
|
||||||
public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
|
public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
|
||||||
_logger.trace("RestApiPermissionAdapter preHandle");
|
_logger.trace("RestApiPermissionAdapter preHandle");
|
||||||
String authorization = request.getHeader(AuthorizationHeaderUtils.AUTHORIZATION_HEADERNAME);
|
String authorization = request.getHeader(AuthorizationHeaderUtils.HEADER_Authorization);
|
||||||
AuthorizationHeaderCredential headerCredential = AuthorizationHeaderUtils.resolve(authorization);
|
AuthorizationHeaderCredential headerCredential = AuthorizationHeaderUtils.resolve(authorization);
|
||||||
|
|
||||||
//判断应用的AppId和Secret
|
//判断应用的AppId和Secret
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user