admin/MaxKey
1
0
Fork 0
mirror of https://gitee.com/dromara/MaxKey.git synced 2025-12-08 01:48:33 +08:00
Code Issues Packages Projects Releases Wiki Activity

OAuth 2 Password Fix

Browse Source
This commit is contained in:
Crystal.Sea 2020-09-16 07:56:27 +08:00
parent 3fff38480b
commit edd4ad7252
12 changed files with 138 additions and 55 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java
View File

@ -242,7 +242,7 @@ public abstract class AbstractAuthenticationProvider {
* @param password String * @param password String
* @return * @return
*/ */
protected UserInfo loadUserInfo(String username, String password) { public UserInfo loadUserInfo(String username, String password) {
UserInfo userInfo = authenticationRealm.loadUserInfo(username, password); UserInfo userInfo = authenticationRealm.loadUserInfo(username, password);
if (userInfo != null) { if (userInfo != null) {

2
maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas10AuthorizeEndpoint.java
View File

@ -36,7 +36,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
/** /**
* @author Crystal.Sea * @author Crystal.Sea
* https://apereo.github.io/cas/5.0.x/protocol/CAS-Protocol-V2-Specification.html * https://apereo.github.io/cas/6.2.x/protocol/CAS-Protocol-Specification.html
*/ */
@Controller @Controller
public class Cas10AuthorizeEndpoint extends CasBaseAuthorizeEndpoint{ public class Cas10AuthorizeEndpoint extends CasBaseAuthorizeEndpoint{

2
maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas20AuthorizeEndpoint.java
View File

@ -41,7 +41,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
/** /**
* @author Crystal.Sea * @author Crystal.Sea
* https://apereo.github.io/cas/5.0.x/protocol/CAS-Protocol-V2-Specification.html * https://apereo.github.io/cas/6.2.x/protocol/CAS-Protocol-V2-Specification.html
*/ */
@Controller @Controller
public class Cas20AuthorizeEndpoint extends CasBaseAuthorizeEndpoint{ public class Cas20AuthorizeEndpoint extends CasBaseAuthorizeEndpoint{

2
maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas30AuthorizeEndpoint.java
View File

@ -40,7 +40,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
/** /**
* @author Crystal.Sea * @author Crystal.Sea
* https://apereo.github.io/cas/5.0.x/protocol/CAS-Protocol.html * https://apereo.github.io/cas/6.2.x/protocol/CAS-Protocol-Specification.html
*/ */
@Controller @Controller
public class Cas30AuthorizeEndpoint extends CasBaseAuthorizeEndpoint{ public class Cas30AuthorizeEndpoint extends CasBaseAuthorizeEndpoint{

2
maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java
View File

@ -41,7 +41,7 @@ import org.springframework.web.servlet.ModelAndView;
/** /**
* @author Crystal.Sea * @author Crystal.Sea
* https://apereo.github.io/cas/5.0.x/protocol/CAS-Protocol-V2-Specification.html * https://apereo.github.io/cas/6.2.x/protocol/CAS-Protocol.html
*/ */
@Controller @Controller
public class CasAuthorizeEndpoint extends CasBaseAuthorizeEndpoint{ public class CasAuthorizeEndpoint extends CasBaseAuthorizeEndpoint{

49
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/OAuth2UserDetailsService.java Normal file
View File

@ -0,0 +1,49 @@
/*
* Copyright 2006-2011 the original author or authors.
*
* Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on
* an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the
* specific language governing permissions and limitations under the License.
*/
package org.maxkey.authz.oauth2.provider;
import org.maxkey.domain.UserInfo;
import org.maxkey.persistence.db.LoginService;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
/**
* @author Dave Syer
*
*/
public class OAuth2UserDetailsService implements UserDetailsService {
LoginService loginService;
public void setLoginService(LoginService loginService) {
this.loginService = loginService;
}
public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
UserInfo userInfo;
try {
userInfo = loginService.loadUserInfo(username, "");
} catch (NoSuchClientException e) {
throw new UsernameNotFoundException(e.getMessage(), e);
}
return new User(username, userInfo.getPassword(), loginService.grantAuthority(userInfo));
}
}

4
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/client/JdbcClientDetailsService.java
View File

@ -34,6 +34,7 @@ import org.maxkey.authz.oauth2.provider.ClientAlreadyExistsException;
import org.maxkey.authz.oauth2.provider.ClientDetailsService; import org.maxkey.authz.oauth2.provider.ClientDetailsService;
import org.maxkey.authz.oauth2.provider.ClientRegistrationService; import org.maxkey.authz.oauth2.provider.ClientRegistrationService;
import org.maxkey.authz.oauth2.provider.NoSuchClientException; import org.maxkey.authz.oauth2.provider.NoSuchClientException;
import org.maxkey.crypto.password.NoOpPasswordEncoder;
import org.maxkey.domain.apps.oauth2.provider.ClientDetails; import org.maxkey.domain.apps.oauth2.provider.ClientDetails;
import org.maxkey.domain.apps.oauth2.provider.client.BaseClientDetails; import org.maxkey.domain.apps.oauth2.provider.client.BaseClientDetails;
import org.springframework.dao.DuplicateKeyException; import org.springframework.dao.DuplicateKeyException;
@ -41,7 +42,6 @@ import org.springframework.dao.EmptyResultDataAccessException;
import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.jdbc.core.RowMapper; import org.springframework.jdbc.core.RowMapper;
import org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate; import org.springframework.jdbc.core.namedparam.NamedParameterJdbcTemplate;
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.util.Assert; import org.springframework.util.Assert;
import org.springframework.util.ClassUtils; import org.springframework.util.ClassUtils;
@ -50,7 +50,7 @@ import org.springframework.util.StringUtils;
/** /**
* Basic, JDBC implementation of the client details service. * Basic, JDBC implementation of the client details service.
*/ */
public class JdbcClientDetailsService implements ClientDetailsService, ClientRegistrationService { public class JdbcClientDetailsService implements ClientDetailsService, ClientRegistrationService{
private static final Log logger = LogFactory.getLog(JdbcClientDetailsService.class); private static final Log logger = LogFactory.getLog(JdbcClientDetailsService.class);

13
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AbstractEndpoint.java
View File

@ -30,12 +30,14 @@ import org.maxkey.authz.oauth2.provider.code.AuthorizationCodeServices;
import org.maxkey.authz.oauth2.provider.code.AuthorizationCodeTokenGranter; import org.maxkey.authz.oauth2.provider.code.AuthorizationCodeTokenGranter;
import org.maxkey.authz.oauth2.provider.code.InMemoryAuthorizationCodeServices; import org.maxkey.authz.oauth2.provider.code.InMemoryAuthorizationCodeServices;
import org.maxkey.authz.oauth2.provider.implicit.ImplicitTokenGranter; import org.maxkey.authz.oauth2.provider.implicit.ImplicitTokenGranter;
import org.maxkey.authz.oauth2.provider.password.ResourceOwnerPasswordTokenGranter;
import org.maxkey.authz.oauth2.provider.refresh.RefreshTokenGranter; import org.maxkey.authz.oauth2.provider.refresh.RefreshTokenGranter;
import org.maxkey.authz.oauth2.provider.request.DefaultOAuth2RequestFactory; import org.maxkey.authz.oauth2.provider.request.DefaultOAuth2RequestFactory;
import org.maxkey.authz.oauth2.provider.token.AuthorizationServerTokenServices; import org.maxkey.authz.oauth2.provider.token.AuthorizationServerTokenServices;
import org.springframework.beans.factory.InitializingBean; import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.util.Assert; import org.springframework.util.Assert;
/** /**
@ -67,6 +69,11 @@ public class AbstractEndpoint implements InitializingBean {
@Qualifier("oAuth2RequestFactory") @Qualifier("oAuth2RequestFactory")
private OAuth2RequestFactory defaultOAuth2RequestFactory; private OAuth2RequestFactory defaultOAuth2RequestFactory;
@Autowired
@Qualifier("oauth20UserAuthenticationManager")
AuthenticationManager authenticationManager;
public void afterPropertiesSet() throws Exception { public void afterPropertiesSet() throws Exception {
if (tokenGranter == null) { if (tokenGranter == null) {
//ClientDetailsService clientDetails = clientDetailsService(); //ClientDetailsService clientDetails = clientDetailsService();
@ -81,10 +88,10 @@ public class AbstractEndpoint implements InitializingBean {
ImplicitTokenGranter implicit = new ImplicitTokenGranter(tokenServices, clientDetailsService, oAuth2RequestFactory); ImplicitTokenGranter implicit = new ImplicitTokenGranter(tokenServices, clientDetailsService, oAuth2RequestFactory);
tokenGranters.add(implicit); tokenGranters.add(implicit);
tokenGranters.add(new ClientCredentialsTokenGranter(tokenServices, clientDetailsService, oAuth2RequestFactory)); tokenGranters.add(new ClientCredentialsTokenGranter(tokenServices, clientDetailsService, oAuth2RequestFactory));
/*if (authenticationManager != null) { if (authenticationManager != null) {
tokenGranters.add(new ResourceOwnerPasswordTokenGranter(authenticationManager, tokenServices, tokenGranters.add(new ResourceOwnerPasswordTokenGranter(authenticationManager, tokenServices,
clientDetails, requestFactory)); clientDetailsService, oAuth2RequestFactory));
}*/ }
tokenGranter = new CompositeTokenGranter(tokenGranters); tokenGranter = new CompositeTokenGranter(tokenGranters);
} }
Assert.state(tokenGranter != null, "TokenGranter must be provided"); Assert.state(tokenGranter != null, "TokenGranter must be provided");

12
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpoint.java
View File

@ -95,14 +95,18 @@ public class TokenEndpoint extends AbstractEndpoint {
public ResponseEntity<OAuth2AccessToken> postAccessToken(@RequestParam public ResponseEntity<OAuth2AccessToken> postAccessToken(@RequestParam
Map<String, String> parameters) throws HttpRequestMethodNotSupportedException { Map<String, String> parameters) throws HttpRequestMethodNotSupportedException {
// TokenEndpointAuthenticationFilter // TokenEndpointAuthenticationFilter
Principal principal=(Principal)WebContext.getAuthentication().getPrincipal();
Object principal = WebContext.getAuthentication();
if(parameters.get("code") != null) {
principal=WebContext.getAuthentication().getPrincipal();
}
if (!(principal instanceof Authentication)) { if (!(principal instanceof Authentication)) {
throw new InsufficientAuthenticationException( throw new InsufficientAuthenticationException(
"There is no client authentication. Try adding an appropriate authentication filter."); "There is no client authentication. Try adding an appropriate authentication filter.");
} }
String clientId = getClientId(principal); String clientId = getClientId((Authentication)principal);
ClientDetails authenticatedClient = getClientDetailsService().loadClientByClientId(clientId); ClientDetails authenticatedClient = getClientDetailsService().loadClientByClientId(clientId);
TokenRequest tokenRequest = getOAuth2RequestFactory().createTokenRequest(parameters, authenticatedClient); TokenRequest tokenRequest = getOAuth2RequestFactory().createTokenRequest(parameters, authenticatedClient);
@ -138,7 +142,7 @@ public class TokenEndpoint extends AbstractEndpoint {
/**crystal.sea /**crystal.sea
* code must uuid format * code must uuid format
*/ */
if (!StringGenerator.uuidMatches(parameters.get("code"))) { if (parameters.get("code") != null &&!StringGenerator.uuidMatches(parameters.get("code"))) {
throw new InvalidRequestException("The code is not valid format ."); throw new InvalidRequestException("The code is not valid format .");
} }
@ -160,7 +164,7 @@ public class TokenEndpoint extends AbstractEndpoint {
* @param principal the currently authentication principal * @param principal the currently authentication principal
* @return a client id if there is one in the principal * @return a client id if there is one in the principal
*/ */
protected String getClientId(Principal principal) { protected String getClientId(Authentication principal) {
Authentication client = (Authentication) principal; Authentication client = (Authentication) principal;
if (!client.isAuthenticated()) { if (!client.isAuthenticated()) {
throw new InsufficientAuthenticationException("The client is not authenticated."); throw new InsufficientAuthenticationException("The client is not authenticated.");

19
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpointAuthenticationFilter.java
View File

@ -84,6 +84,8 @@ public class TokenEndpointAuthenticationFilter implements Filter {
private AuthenticationManager authenticationManager; private AuthenticationManager authenticationManager;
private AuthenticationManager oauth20ClientAuthenticationManager;
private OAuth2RequestFactory oAuth2RequestFactory; private OAuth2RequestFactory oAuth2RequestFactory;
public TokenEndpointAuthenticationFilter() { public TokenEndpointAuthenticationFilter() {
@ -115,11 +117,14 @@ public class TokenEndpointAuthenticationFilter implements Filter {
ServletException { ServletException {
logger.debug("Authentication TokenEndpoint "); logger.debug("Authentication TokenEndpoint ");
if(authenticationManager==null) { if(authenticationManager==null) {
authenticationManager=(AuthenticationManager)WebContext.getBean("oauth20ClientAuthenticationManager"); authenticationManager=(AuthenticationManager)WebContext.getBean("oauth20UserAuthenticationManager");
} }
if(oAuth2RequestFactory==null) { if(oAuth2RequestFactory==null) {
oAuth2RequestFactory=(OAuth2RequestFactory)WebContext.getBean("oAuth2RequestFactory"); oAuth2RequestFactory=(OAuth2RequestFactory)WebContext.getBean("oAuth2RequestFactory");
} }
if(oauth20ClientAuthenticationManager==null) {
oauth20ClientAuthenticationManager = (AuthenticationManager)WebContext.getBean("oauth20ClientAuthenticationManager");
}
final boolean debug = logger.isDebugEnabled(); final boolean debug = logger.isDebugEnabled();
final HttpServletRequest request = (HttpServletRequest) req; final HttpServletRequest request = (HttpServletRequest) req;
@ -133,7 +138,7 @@ public class TokenEndpointAuthenticationFilter implements Filter {
Authentication authentication=ClientCredentials(request,response); Authentication authentication=ClientCredentials(request,response);
BasicAuthentication auth =new BasicAuthentication(); BasicAuthentication auth =new BasicAuthentication();
auth.setUsername(((User)authentication.getPrincipal()).getUsername()); auth.setUsername(((User)authentication.getPrincipal()).getUsername());
auth.setAuthenticated(true); auth.setAuthenticated(true);
UsernamePasswordAuthenticationToken simpleUserAuthentication = new UsernamePasswordAuthenticationToken(auth, authentication.getCredentials(), authentication.getAuthorities()); UsernamePasswordAuthenticationToken simpleUserAuthentication = new UsernamePasswordAuthenticationToken(auth, authentication.getCredentials(), authentication.getAuthorities());
WebContext.setAuthentication(simpleUserAuthentication); WebContext.setAuthentication(simpleUserAuthentication);
} }
@ -166,8 +171,12 @@ public class TokenEndpointAuthenticationFilter implements Filter {
Authentication authResult = authenticationManager.authenticate(credentials); Authentication authResult = authenticationManager.authenticate(credentials);
logger.debug("Authentication success: " + authResult.getName()); logger.debug("Authentication success: " + authResult.getName());
String clientId = request.getParameter("client_id");
Authentication clientAuth = SecurityContextHolder.getContext().getAuthentication(); String clientSecret = request.getParameter("client_secret");
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(clientId,
clientSecret);
Authentication clientAuth = oauth20ClientAuthenticationManager.authenticate(authRequest);
//Authentication clientAuth = SecurityContextHolder.getContext().getAuthentication();
if (clientAuth == null) { if (clientAuth == null) {
throw new BadCredentialsException( throw new BadCredentialsException(
"No client authentication found. Remember to put a filter upstream of the TokenEndpointAuthenticationFilter."); "No client authentication found. Remember to put a filter upstream of the TokenEndpointAuthenticationFilter.");
@ -231,7 +240,7 @@ public class TokenEndpointAuthenticationFilter implements Filter {
clientId = clientId.trim(); clientId = clientId.trim();
UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(clientId,clientSecret); UsernamePasswordAuthenticationToken authRequest = new UsernamePasswordAuthenticationToken(clientId,clientSecret);
return this.authenticationManager.authenticate(authRequest); return this.oauth20ClientAuthenticationManager.authenticate(authRequest);
} }
private Map<String, String> getSingleValueMap(HttpServletRequest request) { private Map<String, String> getSingleValueMap(HttpServletRequest request) {

11
maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java
View File

@ -27,7 +27,6 @@ import org.maxkey.authn.realm.activedirectory.ActiveDirectoryAuthenticationRealm
import org.maxkey.authn.realm.activedirectory.ActiveDirectoryServer; import org.maxkey.authn.realm.activedirectory.ActiveDirectoryServer;
import org.maxkey.authn.support.kerberos.KerberosProxy; import org.maxkey.authn.support.kerberos.KerberosProxy;
import org.maxkey.authn.support.kerberos.RemoteKerberosService; import org.maxkey.authn.support.kerberos.RemoteKerberosService;
import org.maxkey.authz.oauth2.provider.endpoint.TokenEndpointAuthenticationFilter;
import org.maxkey.constants.ConstantsProperties; import org.maxkey.constants.ConstantsProperties;
import org.maxkey.crypto.password.opt.AbstractOptAuthn; import org.maxkey.crypto.password.opt.AbstractOptAuthn;
import org.maxkey.crypto.password.opt.algorithm.KeyUriFormat; import org.maxkey.crypto.password.opt.algorithm.KeyUriFormat;
@ -79,16 +78,6 @@ import org.springframework.jdbc.core.JdbcTemplate;
public class MaxKeyConfig implements InitializingBean { public class MaxKeyConfig implements InitializingBean {
private static final Logger _logger = LoggerFactory.getLogger(MaxKeyConfig.class); private static final Logger _logger = LoggerFactory.getLogger(MaxKeyConfig.class);
@Bean
public FilterRegistrationBean<TokenEndpointAuthenticationFilter> TokenEndpointAuthenticationFilter() {
_logger.debug("TokenEndpointAuthenticationFilter init ");
FilterRegistrationBean<TokenEndpointAuthenticationFilter> registration = new FilterRegistrationBean<TokenEndpointAuthenticationFilter>();
registration.setFilter(new TokenEndpointAuthenticationFilter());
registration.addUrlPatterns("/oauth/v20/token/*");
registration.setName("TokenEndpointAuthenticationFilter");
registration.setOrder(1);
return registration;
}
@Bean(name = "keyUriFormat") @Bean(name = "keyUriFormat")
public KeyUriFormat keyUriFormat( public KeyUriFormat keyUriFormat(

67
maxkey-web-maxkey/src/main/java/org/maxkey/autoconfigure/Oauth20AutoConfiguration.java
View File

@ -21,11 +21,13 @@ import java.net.URI;
import java.security.NoSuchAlgorithmException; import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException; import java.security.spec.InvalidKeySpecException;
import javax.servlet.Filter;
import javax.sql.DataSource; import javax.sql.DataSource;
import org.maxkey.authn.AbstractAuthenticationProvider; import org.maxkey.authn.AbstractAuthenticationProvider;
import org.maxkey.authn.support.jwt.JwtLoginService; import org.maxkey.authn.support.jwt.JwtLoginService;
import org.maxkey.authz.oauth2.provider.ClientDetailsService; import org.maxkey.authz.oauth2.provider.ClientDetailsService;
import org.maxkey.authz.oauth2.provider.OAuth2UserDetailsService;
import org.maxkey.authz.oauth2.provider.approval.TokenApprovalStore; import org.maxkey.authz.oauth2.provider.approval.TokenApprovalStore;
import org.maxkey.authz.oauth2.provider.approval.controller.OAuth20UserApprovalHandler; import org.maxkey.authz.oauth2.provider.approval.controller.OAuth20UserApprovalHandler;
import org.maxkey.authz.oauth2.provider.client.ClientDetailsUserDetailsService; import org.maxkey.authz.oauth2.provider.client.ClientDetailsUserDetailsService;
@ -34,6 +36,7 @@ import org.maxkey.authz.oauth2.provider.code.AuthorizationCodeServices;
import org.maxkey.authz.oauth2.provider.code.InMemoryAuthorizationCodeServices; import org.maxkey.authz.oauth2.provider.code.InMemoryAuthorizationCodeServices;
import org.maxkey.authz.oauth2.provider.code.JdbcAuthorizationCodeServices; import org.maxkey.authz.oauth2.provider.code.JdbcAuthorizationCodeServices;
import org.maxkey.authz.oauth2.provider.code.RedisAuthorizationCodeServices; import org.maxkey.authz.oauth2.provider.code.RedisAuthorizationCodeServices;
import org.maxkey.authz.oauth2.provider.endpoint.TokenEndpointAuthenticationFilter;
import org.maxkey.authz.oauth2.provider.request.DefaultOAuth2RequestFactory; import org.maxkey.authz.oauth2.provider.request.DefaultOAuth2RequestFactory;
import org.maxkey.authz.oauth2.provider.token.TokenStore; import org.maxkey.authz.oauth2.provider.token.TokenStore;
import org.maxkey.authz.oauth2.provider.token.DefaultTokenServices; import org.maxkey.authz.oauth2.provider.token.DefaultTokenServices;
@ -47,12 +50,13 @@ import org.maxkey.constants.ConstantsProperties;
import org.maxkey.crypto.jose.keystore.JWKSetKeyStore; import org.maxkey.crypto.jose.keystore.JWKSetKeyStore;
import org.maxkey.crypto.jwt.encryption.service.impl.DefaultJwtEncryptionAndDecryptionService; import org.maxkey.crypto.jwt.encryption.service.impl.DefaultJwtEncryptionAndDecryptionService;
import org.maxkey.crypto.jwt.signer.service.impl.DefaultJwtSigningAndValidationService; import org.maxkey.crypto.jwt.signer.service.impl.DefaultJwtSigningAndValidationService;
import org.maxkey.crypto.password.NoOpPasswordEncoder; import org.maxkey.persistence.db.LoginService;
import org.maxkey.persistence.redis.RedisConnectionFactory; import org.maxkey.persistence.redis.RedisConnectionFactory;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean; import org.springframework.beans.factory.InitializingBean;
import org.springframework.beans.factory.annotation.Value; import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.ComponentScan;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
@ -77,6 +81,17 @@ import com.nimbusds.jose.JWEAlgorithm;
public class Oauth20AutoConfiguration implements InitializingBean { public class Oauth20AutoConfiguration implements InitializingBean {
private static final Logger _logger = LoggerFactory.getLogger(Oauth20AutoConfiguration.class); private static final Logger _logger = LoggerFactory.getLogger(Oauth20AutoConfiguration.class);
@Bean
public FilterRegistrationBean<Filter> TokenEndpointAuthenticationFilter() {
_logger.debug("TokenEndpointAuthenticationFilter init ");
FilterRegistrationBean<Filter> registration = new FilterRegistrationBean<Filter>();
registration.setFilter(new TokenEndpointAuthenticationFilter());
registration.addUrlPatterns("/oauth/v20/token/*");
registration.setName("TokenEndpointAuthenticationFilter");
registration.setOrder(1);
return registration;
}
/** /**
* OIDCProviderMetadataDetails. * OIDCProviderMetadataDetails.
* Self-issued Provider Metadata * Self-issued Provider Metadata
@ -258,20 +273,6 @@ public class Oauth20AutoConfiguration implements InitializingBean {
return clientDetailsService; return clientDetailsService;
} }
/**
* clientDetailsUserDetailsService.
* @return oauth20ClientDetailsUserService
*/
@Bean(name = "oauth20ClientDetailsUserService")
public ClientDetailsUserDetailsService clientDetailsUserDetailsService(
JdbcClientDetailsService oauth20JdbcClientDetailsService,PasswordEncoder passwordReciprocal) {
ClientDetailsUserDetailsService cientDetailsUserDetailsService =
new ClientDetailsUserDetailsService(oauth20JdbcClientDetailsService);
cientDetailsUserDetailsService.setPasswordEncoder(passwordReciprocal);
return cientDetailsUserDetailsService;
}
/** /**
* clientDetailsUserDetailsService. * clientDetailsUserDetailsService.
* @return oauth20TokenServices * @return oauth20TokenServices
@ -332,20 +333,44 @@ public class Oauth20AutoConfiguration implements InitializingBean {
return userApprovalHandler; return userApprovalHandler;
} }
/**
* ProviderManager.
* @return oauth20UserAuthenticationManager
*/
@Bean(name = "oauth20UserAuthenticationManager")
public ProviderManager oauth20UserAuthenticationManager(
PasswordEncoder passwordEncoder,
LoginService loginService
) {
OAuth2UserDetailsService userDetailsService =new OAuth2UserDetailsService();
userDetailsService.setLoginService(loginService);
DaoAuthenticationProvider daoAuthenticationProvider= new DaoAuthenticationProvider();
daoAuthenticationProvider.setPasswordEncoder(passwordEncoder);
daoAuthenticationProvider.setUserDetailsService(userDetailsService);
ProviderManager authenticationManager = new ProviderManager(daoAuthenticationProvider);
return authenticationManager;
}
/** /**
* ProviderManager. * ProviderManager.
* @return oauth20ClientAuthenticationManager * @return oauth20ClientAuthenticationManager
*/ */
@Bean(name = "oauth20ClientAuthenticationManager") @Bean(name = "oauth20ClientAuthenticationManager")
public ProviderManager oauth20ClientAuthenticationManager( public ProviderManager oauth20ClientAuthenticationManager(
ClientDetailsUserDetailsService oauth20ClientDetailsUserService JdbcClientDetailsService oauth20JdbcClientDetailsService,
PasswordEncoder passwordReciprocal
) { ) {
ClientDetailsUserDetailsService cientDetailsUserDetailsService =
new ClientDetailsUserDetailsService(oauth20JdbcClientDetailsService);
DaoAuthenticationProvider daoAuthenticationProvider= new DaoAuthenticationProvider(); DaoAuthenticationProvider daoAuthenticationProvider= new DaoAuthenticationProvider();
PasswordEncoder passwordEncoder = NoOpPasswordEncoder.getInstance(); daoAuthenticationProvider.setPasswordEncoder(passwordReciprocal);
daoAuthenticationProvider.setPasswordEncoder(passwordEncoder); daoAuthenticationProvider.setUserDetailsService(cientDetailsUserDetailsService);
daoAuthenticationProvider.setUserDetailsService(oauth20ClientDetailsUserService); ProviderManager authenticationManager = new ProviderManager(daoAuthenticationProvider);
ProviderManager clientAuthenticationManager = new ProviderManager(daoAuthenticationProvider); return authenticationManager;
return clientAuthenticationManager;
} }