mirror of
https://gitee.com/dromara/MaxKey.git
synced 2025-12-08 01:48:33 +08:00
OIDC接口优化 #I4VFYD
This commit is contained in:
MaxKey
parent
933780d082
commit
545e2c1a96
@ -85,7 +85,7 @@ public class BasicEntryPoint implements AsyncHandlerInterceptor {
|
||||
_logger.info("recreate new session .");
|
||||
request.getSession(true);
|
||||
}
|
||||
String basicCredential =request.getHeader(AuthorizationHeaderUtils.AUTHORIZATION_HEADERNAME);
|
||||
String basicCredential =request.getHeader(AuthorizationHeaderUtils.HEADER_Authorization);
|
||||
_logger.info("getSession.getId : "+ request.getSession().getId());
|
||||
|
||||
_logger.info("Authorization : " + basicCredential);
|
||||
|
||||
@ -17,6 +17,8 @@
|
||||
|
||||
package org.maxkey.util;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
import org.maxkey.crypto.Base64Utils;
|
||||
|
||||
/**
|
||||
@ -25,7 +27,14 @@ import org.maxkey.crypto.Base64Utils;
|
||||
*/
|
||||
public class AuthorizationHeaderUtils {
|
||||
|
||||
public static final String AUTHORIZATION_HEADERNAME = "Authorization";
|
||||
/**
|
||||
* first UpperCase
|
||||
*/
|
||||
public static final String HEADER_Authorization = "Authorization";
|
||||
/**
|
||||
* first LowerCase
|
||||
*/
|
||||
public static final String HEADER_authorization = "authorization";
|
||||
|
||||
public static String createBasic(String username, String password) {
|
||||
String authUserPass = username + ":" + password;
|
||||
@ -34,7 +43,7 @@ public class AuthorizationHeaderUtils {
|
||||
}
|
||||
|
||||
public static AuthorizationHeaderCredential resolve(String authorization) {
|
||||
if (isBasic(authorization)) {
|
||||
if (StringUtils.isNotBlank(authorization) && isBasic(authorization)) {
|
||||
String decodeUserPass = Base64Utils.decode(authorization.split(" ")[1]);
|
||||
String []userPass =decodeUserPass.split(":");
|
||||
return new AuthorizationHeaderCredential(userPass[0],userPass[1]);
|
||||
@ -56,10 +65,10 @@ public class AuthorizationHeaderUtils {
|
||||
}
|
||||
|
||||
public static String resolveBearer(String bearer) {
|
||||
if (isBearer(bearer)) {
|
||||
if (StringUtils.isNotBlank(bearer) && isBearer(bearer)) {
|
||||
return bearer.split(" ")[1];
|
||||
} else {
|
||||
return null;
|
||||
return bearer;
|
||||
}
|
||||
}
|
||||
|
||||
@ -71,4 +80,14 @@ public class AuthorizationHeaderUtils {
|
||||
}
|
||||
}
|
||||
|
||||
public static String resolveBearer(HttpServletRequest request) {
|
||||
String authorization =
|
||||
StringUtils.isNotBlank(request.getHeader(HEADER_Authorization)) ?
|
||||
request.getHeader(HEADER_Authorization) : request.getHeader(HEADER_authorization);
|
||||
if(StringUtils.isNotBlank(authorization)) {
|
||||
return resolveBearer(authorization);
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -56,6 +56,10 @@ import org.springframework.web.servlet.support.RequestContextUtils;
|
||||
* @author Crystal.Sea
|
||||
* @since 1.5
|
||||
*/
|
||||
/**
|
||||
* @author shimi
|
||||
*
|
||||
*/
|
||||
public final class WebContext {
|
||||
|
||||
final static Logger _logger = LoggerFactory.getLogger(WebContext.class);
|
||||
@ -275,22 +279,32 @@ public final class WebContext {
|
||||
|
||||
}
|
||||
|
||||
/**
|
||||
* isTraceEnabled print request headers and parameters<br>
|
||||
* see WebInstRequestFilter
|
||||
* @param request
|
||||
*/
|
||||
public static void printRequest(final HttpServletRequest request) {
|
||||
_logger.trace("getRequestURL : "+request.getRequestURL());
|
||||
_logger.trace("getMethod : "+request.getMethod());
|
||||
Enumeration<String> headerNames = request.getHeaderNames();
|
||||
while (headerNames.hasMoreElements()) {
|
||||
String key = (String) headerNames.nextElement();
|
||||
String value = request.getHeader(key);
|
||||
_logger.trace("Header key "+key +" , value " + value);
|
||||
}
|
||||
if(_logger.isTraceEnabled()) {
|
||||
_logger.trace("getContextPath : {}" , request.getContextPath());
|
||||
_logger.trace("getRequestURL : {} " , request.getRequestURL());
|
||||
_logger.trace("URL : {}" , request.getRequestURI().substring(request.getContextPath().length()));
|
||||
_logger.trace("getMethod : {} " , request.getMethod());
|
||||
|
||||
Enumeration<String> parameterNames = request.getParameterNames();
|
||||
while (parameterNames.hasMoreElements()) {
|
||||
String key = (String) parameterNames.nextElement();
|
||||
String value = request.getParameter(key);
|
||||
_logger.trace("Parameter "+key +" , value " + value);
|
||||
}
|
||||
Enumeration<String> headerNames = request.getHeaderNames();
|
||||
while (headerNames.hasMoreElements()) {
|
||||
String key = (String) headerNames.nextElement();
|
||||
String value = request.getHeader(key);
|
||||
_logger.trace("Header key {} , value {}" , key, value);
|
||||
}
|
||||
|
||||
Enumeration<String> parameterNames = request.getParameterNames();
|
||||
while (parameterNames.hasMoreElements()) {
|
||||
String key = (String) parameterNames.nextElement();
|
||||
String value = request.getParameter(key);
|
||||
_logger.trace("Parameter {} , value {}",key , value);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -70,15 +70,10 @@ public class WebXssRequestFilter extends GenericFilterBean {
|
||||
public void doFilter(ServletRequest servletRequest, ServletResponse response, FilterChain chain)
|
||||
throws IOException, ServletException {
|
||||
_logger.trace("WebXssRequestFilter");
|
||||
|
||||
boolean isWebXss = false;
|
||||
HttpServletRequest request= ((HttpServletRequest)servletRequest);
|
||||
String requestURI=request.getRequestURI();
|
||||
_logger.trace("getContextPath " +request.getContextPath());
|
||||
_logger.trace("getRequestURL " + ((HttpServletRequest)request).getRequestURI());
|
||||
_logger.trace("URL " +requestURI.substring(request.getContextPath().length()));
|
||||
|
||||
if(skipUrlMap.containsKey(requestURI.substring(request.getContextPath().length()))) {
|
||||
if(skipUrlMap.containsKey(request.getRequestURI().substring(request.getContextPath().length()))) {
|
||||
isWebXss = false;
|
||||
}else {
|
||||
Enumeration<String> parameterNames = request.getParameterNames();
|
||||
|
||||
@ -136,10 +136,6 @@ public class TokenEndpointAuthenticationFilter implements Filter {
|
||||
final HttpServletRequest request = (HttpServletRequest) req;
|
||||
final HttpServletResponse response = (HttpServletResponse) res;
|
||||
|
||||
if(_logger.isTraceEnabled()) {
|
||||
WebContext.printRequest(request);
|
||||
}
|
||||
|
||||
try {
|
||||
String grantType = request.getParameter(OAuth2Constants.PARAMETER.GRANT_TYPE);
|
||||
if (grantType != null && grantType.equals(OAuth2Constants.PARAMETER.GRANT_TYPE_PASSWORD)) {
|
||||
|
||||
@ -18,13 +18,13 @@
|
||||
package org.maxkey.authz.oauth2.provider.userinfo.endpoint;
|
||||
|
||||
import java.lang.reflect.InvocationTargetException;
|
||||
import java.util.Enumeration;
|
||||
import java.util.HashMap;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.apache.commons.beanutils.BeanUtils;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.maxkey.authn.SigninPrincipal;
|
||||
import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
|
||||
import org.maxkey.authz.oauth2.common.OAuth2Constants;
|
||||
@ -48,7 +48,6 @@ import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Qualifier;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.web.bind.annotation.RequestHeader;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
import org.springframework.web.bind.annotation.RequestParam;
|
||||
@ -83,27 +82,18 @@ public class UserInfoEndpoint {
|
||||
@RequestMapping(value=OAuth2Constants.ENDPOINT.ENDPOINT_USERINFO, method={RequestMethod.POST, RequestMethod.GET})
|
||||
public void apiV20UserInfo(
|
||||
@RequestParam(value = "access_token", required = false) String access_token,
|
||||
@RequestHeader(value = "authorization", required = false) String authorization_bearer,
|
||||
HttpServletRequest request,
|
||||
HttpServletResponse response) {
|
||||
if(access_token == null && authorization_bearer!= null) {
|
||||
if(_logger.isTraceEnabled()) {
|
||||
_logger.trace("getRequestURL : "+request.getRequestURL());
|
||||
Enumeration<String> headerNames = request.getHeaderNames();
|
||||
while (headerNames.hasMoreElements()) {
|
||||
String key = (String) headerNames.nextElement();
|
||||
String value = request.getHeader(key);
|
||||
_logger.trace("Header key "+key +" , value " + value);
|
||||
}
|
||||
}
|
||||
if(StringUtils.isBlank(access_token)) {
|
||||
//for header authorization bearer
|
||||
access_token = AuthorizationHeaderUtils.resolveBearer(authorization_bearer);
|
||||
access_token = AuthorizationHeaderUtils.resolveBearer(request);
|
||||
}
|
||||
|
||||
String principal="";
|
||||
if (!StringGenerator.uuidMatches(access_token)) {
|
||||
httpResponseAdapter.write(response,JsonUtils.gson2Json(accessTokenFormatError(access_token)),"json");
|
||||
}
|
||||
|
||||
String principal="";
|
||||
OAuth2Authentication oAuth2Authentication =null;
|
||||
try{
|
||||
oAuth2Authentication = oauth20tokenServices.loadAuthentication(access_token);
|
||||
|
||||
@ -42,6 +42,7 @@ import org.maxkey.entity.UserInfo;
|
||||
import org.maxkey.entity.apps.oauth2.provider.ClientDetails;
|
||||
import org.maxkey.persistence.service.AppsService;
|
||||
import org.maxkey.persistence.service.UserInfoService;
|
||||
import org.maxkey.util.AuthorizationHeaderUtils;
|
||||
import org.maxkey.util.JsonUtils;
|
||||
import org.maxkey.util.StringGenerator;
|
||||
import org.maxkey.web.HttpResponseAdapter;
|
||||
@ -51,7 +52,6 @@ import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Qualifier;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.web.bind.annotation.RequestHeader;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMethod;
|
||||
import org.springframework.web.bind.annotation.ResponseBody;
|
||||
@ -100,15 +100,15 @@ public class UserInfoOIDCEndpoint {
|
||||
@Operation(summary = "OIDC 用户信息接口", description = "传递Authorization参数access_token",method="GET")
|
||||
@RequestMapping(value=OAuth2Constants.ENDPOINT.ENDPOINT_OPENID_CONNECT_USERINFO, method={RequestMethod.POST, RequestMethod.GET})
|
||||
@ResponseBody
|
||||
public String connect10aUserInfo(
|
||||
@RequestHeader(value = "Authorization", required = true) String access_token,
|
||||
HttpServletRequest request,
|
||||
HttpServletResponse response) {
|
||||
String principal="";
|
||||
public String connect10aUserInfo(HttpServletRequest request,
|
||||
HttpServletResponse response) {
|
||||
String access_token = AuthorizationHeaderUtils.resolveBearer(request);
|
||||
|
||||
if (!StringGenerator.uuidMatches(access_token)) {
|
||||
return JsonUtils.gson2Json(accessTokenFormatError(access_token));
|
||||
}
|
||||
|
||||
String principal="";
|
||||
OAuth2Authentication oAuth2Authentication =null;
|
||||
try{
|
||||
oAuth2Authentication = oauth20tokenServices.loadAuthentication(access_token);
|
||||
|
||||
@ -99,8 +99,6 @@ public class LoginEndpoint {
|
||||
public ModelAndView login(HttpServletRequest request) {
|
||||
_logger.debug("LoginController /login.");
|
||||
|
||||
WebContext.printRequest(request);
|
||||
|
||||
boolean isAuthenticated= WebContext.isAuthenticated();
|
||||
|
||||
if(isAuthenticated){
|
||||
|
||||
@ -61,7 +61,7 @@ public class Oauth20ApiPermissionAdapter implements AsyncHandlerInterceptor {
|
||||
@Override
|
||||
public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
|
||||
_logger.trace("Oauth20ApiPermissionAdapter preHandle");
|
||||
String authorization = request.getHeader(AuthorizationHeaderUtils.AUTHORIZATION_HEADERNAME);
|
||||
String authorization = request.getHeader(AuthorizationHeaderUtils.HEADER_Authorization);
|
||||
|
||||
String accessToken = AuthorizationHeaderUtils.resolveBearer(authorization);
|
||||
OAuth2Authentication authentication = oauth20tokenServices.loadAuthentication(accessToken);
|
||||
|
||||
@ -65,7 +65,7 @@ public class RestApiPermissionAdapter implements AsyncHandlerInterceptor {
|
||||
@Override
|
||||
public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
|
||||
_logger.trace("RestApiPermissionAdapter preHandle");
|
||||
String authorization = request.getHeader(AuthorizationHeaderUtils.AUTHORIZATION_HEADERNAME);
|
||||
String authorization = request.getHeader(AuthorizationHeaderUtils.HEADER_Authorization);
|
||||
AuthorizationHeaderCredential headerCredential = AuthorizationHeaderUtils.resolve(authorization);
|
||||
|
||||
//判断应用的AppId和Secret
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user