Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
MaxKey单点登录官方(MaxKeyTop)
MaxKey
提交
924cff98
MaxKey
项目概览
MaxKey单点登录官方(MaxKeyTop)
/
MaxKey
8 个月 前同步成功
通知
75
Star
3
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
1
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
MaxKey
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
1
Issue
1
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
924cff98
编写于
12月 19, 2020
作者:
M
MaxKey
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
OAuth2Exception
上级
3497aa5d
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
115 addition
and
76 deletion
+115
-76
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/common/DefaultOAuth2AccessToken.java
.../maxkey/authz/oauth2/common/DefaultOAuth2AccessToken.java
+15
-1
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/common/OAuth2AccessToken.java
...ava/org/maxkey/authz/oauth2/common/OAuth2AccessToken.java
+9
-0
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/common/OAuth2AccessTokenJackson2Serializer.java
...hz/oauth2/common/OAuth2AccessTokenJackson2Serializer.java
+29
-19
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpoint.java
.../maxkey/authz/oauth2/provider/endpoint/TokenEndpoint.java
+62
-56
未找到文件。
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/common/DefaultOAuth2AccessToken.java
浏览文件 @
924cff98
...
...
@@ -26,6 +26,8 @@ import java.util.Set;
import
java.util.StringTokenizer
;
import
java.util.TreeSet
;
import
org.maxkey.authz.oauth2.common.exceptions.OAuth2Exception
;
/**
* Basic access token for OAuth 2.
*
...
...
@@ -48,7 +50,9 @@ public class DefaultOAuth2AccessToken implements Serializable, OAuth2AccessToken
private
Set
<
String
>
scope
;
private
Map
<
String
,
Object
>
additionalInformation
=
Collections
.
emptyMap
();
private
OAuth2Exception
oauth2Exception
;
/**
* Create an access token from the value provided.
*/
...
...
@@ -78,6 +82,10 @@ public class DefaultOAuth2AccessToken implements Serializable, OAuth2AccessToken
setTokenType
(
accessToken
.
getTokenType
());
}
public
DefaultOAuth2AccessToken
(
OAuth2Exception
oauth2Exception
)
{
this
.
oauth2Exception
=
oauth2Exception
;
}
public
void
setValue
(
String
value
)
{
this
.
value
=
value
;
}
...
...
@@ -258,4 +266,10 @@ public class DefaultOAuth2AccessToken implements Serializable, OAuth2AccessToken
this
.
additionalInformation
=
new
LinkedHashMap
<
String
,
Object
>(
additionalInformation
);
}
@Override
public
OAuth2Exception
getOAuth2Exception
()
{
return
this
.
oauth2Exception
;
}
}
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/common/OAuth2AccessToken.java
浏览文件 @
924cff98
...
...
@@ -17,6 +17,8 @@ import java.util.Date;
import
java.util.Map
;
import
java.util.Set
;
import
org.maxkey.authz.oauth2.common.exceptions.OAuth2Exception
;
/**
* @author Dave Syer
*
...
...
@@ -59,6 +61,11 @@ public interface OAuth2AccessToken extends Serializable {
* href="http://tools.ietf.org/html/draft-ietf-oauth-v2-22#section-3.3">Section 3.3</a>
*/
public
static
String
SCOPE
=
"scope"
;
public
static
String
ERROR
=
"error"
;
public
static
String
ERROR_DESCRIPTION
=
"error_description"
;
/**
* The additionalInformation map is used by the token serializers to export any fields used by extensions of OAuth.
...
...
@@ -73,6 +80,8 @@ public interface OAuth2AccessToken extends Serializable {
OAuth2RefreshToken
getRefreshToken
();
String
getTokenType
();
OAuth2Exception
getOAuth2Exception
();
boolean
isExpired
();
...
...
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/common/OAuth2AccessTokenJackson2Serializer.java
浏览文件 @
924cff98
...
...
@@ -34,6 +34,11 @@ import com.fasterxml.jackson.databind.ser.std.StdSerializer;
*/
public
final
class
OAuth2AccessTokenJackson2Serializer
extends
StdSerializer
<
OAuth2AccessToken
>
{
/**
*
*/
private
static
final
long
serialVersionUID
=
-
7323248504425950254L
;
public
OAuth2AccessTokenJackson2Serializer
()
{
super
(
OAuth2AccessToken
.
class
);
}
...
...
@@ -42,26 +47,31 @@ public final class OAuth2AccessTokenJackson2Serializer extends StdSerializer<OAu
public
void
serialize
(
OAuth2AccessToken
token
,
JsonGenerator
jgen
,
SerializerProvider
provider
)
throws
IOException
,
JsonGenerationException
{
jgen
.
writeStartObject
();
jgen
.
writeStringField
(
OAuth2AccessToken
.
ACCESS_TOKEN
,
token
.
getValue
());
jgen
.
writeStringField
(
OAuth2AccessToken
.
TOKEN_TYPE
,
token
.
getTokenType
());
OAuth2RefreshToken
refreshToken
=
token
.
getRefreshToken
();
if
(
refreshToken
!=
null
)
{
jgen
.
writeStringField
(
OAuth2AccessToken
.
REFRESH_TOKEN
,
refreshToken
.
getValue
());
}
Date
expiration
=
token
.
getExpiration
();
if
(
expiration
!=
null
)
{
long
now
=
System
.
currentTimeMillis
();
jgen
.
writeNumberField
(
OAuth2AccessToken
.
EXPIRES_IN
,
(
expiration
.
getTime
()
-
now
)
/
1000
);
}
Set
<
String
>
scope
=
token
.
getScope
();
if
(
scope
!=
null
&&
!
scope
.
isEmpty
())
{
StringBuffer
scopes
=
new
StringBuffer
();
for
(
String
s
:
scope
)
{
Assert
.
hasLength
(
s
,
"Scopes cannot be null or empty. Got "
+
scope
+
""
);
scopes
.
append
(
s
);
scopes
.
append
(
" "
);
if
(
token
.
getOAuth2Exception
()==
null
)
{
jgen
.
writeStringField
(
OAuth2AccessToken
.
ACCESS_TOKEN
,
token
.
getValue
());
jgen
.
writeStringField
(
OAuth2AccessToken
.
TOKEN_TYPE
,
token
.
getTokenType
());
OAuth2RefreshToken
refreshToken
=
token
.
getRefreshToken
();
if
(
refreshToken
!=
null
)
{
jgen
.
writeStringField
(
OAuth2AccessToken
.
REFRESH_TOKEN
,
refreshToken
.
getValue
());
}
Date
expiration
=
token
.
getExpiration
();
if
(
expiration
!=
null
)
{
long
now
=
System
.
currentTimeMillis
();
jgen
.
writeNumberField
(
OAuth2AccessToken
.
EXPIRES_IN
,
(
expiration
.
getTime
()
-
now
)
/
1000
);
}
Set
<
String
>
scope
=
token
.
getScope
();
if
(
scope
!=
null
&&
!
scope
.
isEmpty
())
{
StringBuffer
scopes
=
new
StringBuffer
();
for
(
String
s
:
scope
)
{
Assert
.
hasLength
(
s
,
"Scopes cannot be null or empty. Got "
+
scope
+
""
);
scopes
.
append
(
s
);
scopes
.
append
(
" "
);
}
jgen
.
writeStringField
(
OAuth2AccessToken
.
SCOPE
,
scopes
.
substring
(
0
,
scopes
.
length
()
-
1
));
}
jgen
.
writeStringField
(
OAuth2AccessToken
.
SCOPE
,
scopes
.
substring
(
0
,
scopes
.
length
()
-
1
));
}
else
{
jgen
.
writeStringField
(
OAuth2AccessToken
.
ERROR
,
token
.
getOAuth2Exception
().
getOAuth2ErrorCode
());
jgen
.
writeStringField
(
OAuth2AccessToken
.
ERROR_DESCRIPTION
,
token
.
getOAuth2Exception
().
getMessage
());
}
Map
<
String
,
Object
>
additionalInformation
=
token
.
getAdditionalInformation
();
for
(
String
key
:
additionalInformation
.
keySet
())
{
...
...
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpoint.java
浏览文件 @
924cff98
...
...
@@ -16,7 +16,6 @@
package
org.maxkey.authz.oauth2.provider.endpoint
;
import
java.security.Principal
;
import
java.util.Arrays
;
import
java.util.Collections
;
import
java.util.HashSet
;
...
...
@@ -24,10 +23,12 @@ import java.util.Map;
import
java.util.Set
;
import
org.maxkey.authn.SigninPrincipal
;
import
org.maxkey.authz.oauth2.common.DefaultOAuth2AccessToken
;
import
org.maxkey.authz.oauth2.common.OAuth2AccessToken
;
import
org.maxkey.authz.oauth2.common.exceptions.InvalidClientException
;
import
org.maxkey.authz.oauth2.common.exceptions.InvalidGrantException
;
import
org.maxkey.authz.oauth2.common.exceptions.InvalidRequestException
;
import
org.maxkey.authz.oauth2.common.exceptions.OAuth2Exception
;
import
org.maxkey.authz.oauth2.common.exceptions.UnsupportedGrantTypeException
;
import
org.maxkey.authz.oauth2.common.util.OAuth2Utils
;
import
org.maxkey.authz.oauth2.provider.OAuth2Authentication
;
...
...
@@ -97,64 +98,69 @@ public class TokenEndpoint extends AbstractEndpoint {
public
ResponseEntity
<
OAuth2AccessToken
>
postAccessToken
(
@RequestParam
Map
<
String
,
String
>
parameters
)
throws
HttpRequestMethodNotSupportedException
{
// TokenEndpointAuthenticationFilter
Object
principal
=
WebContext
.
getAuthentication
();
if
(!(
principal
instanceof
Authentication
))
{
throw
new
InsufficientAuthenticationException
(
"There is no client authentication. Try adding an appropriate authentication filter."
);
}
String
clientId
=
getClientId
((
Authentication
)
principal
);
ClientDetails
authenticatedClient
=
getClientDetailsService
().
loadClientByClientId
(
clientId
);
TokenRequest
tokenRequest
=
getOAuth2RequestFactory
().
createTokenRequest
(
parameters
,
authenticatedClient
);
if
(
clientId
!=
null
&&
!
clientId
.
equals
(
""
))
{
// Only validate the client details if a client authenticated during this
// request.
if
(!
clientId
.
equals
(
tokenRequest
.
getClientId
()))
{
// double check to make sure that the client ID in the token request is the same as that in the
// authenticated client
throw
new
InvalidClientException
(
"Given client ID does not match authenticated client"
);
OAuth2AccessToken
token
=
null
;
try
{
Object
principal
=
WebContext
.
getAuthentication
();
if
(!(
principal
instanceof
Authentication
))
{
throw
new
InsufficientAuthenticationException
(
"There is no client authentication. Try adding an appropriate authentication."
);
}
}
if
(
authenticatedClient
!=
null
)
{
oAuth2RequestValidator
.
validateScope
(
tokenRequest
,
authenticatedClient
);
}
if
(!
StringUtils
.
hasText
(
tokenRequest
.
getGrantType
()))
{
throw
new
InvalidRequestException
(
"Missing grant type"
);
}
if
(
tokenRequest
.
getGrantType
().
equals
(
"implicit"
))
{
throw
new
InvalidGrantException
(
"Implicit grant type not supported from token endpoint"
);
}
if
(
isAuthCodeRequest
(
parameters
))
{
String
clientId
=
getClientId
((
Authentication
)
principal
);
ClientDetails
authenticatedClient
=
getClientDetailsService
().
loadClientByClientId
(
clientId
);
TokenRequest
tokenRequest
=
getOAuth2RequestFactory
().
createTokenRequest
(
parameters
,
authenticatedClient
);
if
(
clientId
!=
null
&&
!
clientId
.
equals
(
""
))
{
// Only validate the client details if a client authenticated during this
// request.
if
(!
clientId
.
equals
(
tokenRequest
.
getClientId
()))
{
// double check to make sure that the client ID in the token request is the same as that in the
// authenticated client
throw
new
InvalidClientException
(
"Given client ID does not match authenticated client"
);
}
}
if
(
authenticatedClient
!=
null
)
{
oAuth2RequestValidator
.
validateScope
(
tokenRequest
,
authenticatedClient
);
}
if
(!
StringUtils
.
hasText
(
tokenRequest
.
getGrantType
()))
{
throw
new
InvalidRequestException
(
"Missing grant type"
);
}
if
(
tokenRequest
.
getGrantType
().
equals
(
"implicit"
))
{
throw
new
InvalidGrantException
(
"Implicit grant type not supported from token endpoint"
);
}
if
(
isAuthCodeRequest
(
parameters
))
{
// The scope was requested or determined during the authorization step
if
(!
tokenRequest
.
getScope
().
isEmpty
())
{
logger
.
debug
(
"Clearing scope of incoming token request"
);
tokenRequest
.
setScope
(
Collections
.<
String
>
emptySet
());
}
}
// The scope was requested or determined during the authorization step
if
(!
tokenRequest
.
getScope
().
isEmpty
())
{
logger
.
debug
(
"Clearing scope of incoming token request"
);
tokenRequest
.
setScope
(
Collections
.<
String
>
emptySet
());
/**crystal.sea
* code must uuid format
*/
if
(
parameters
.
get
(
"code"
)
!=
null
&&!
StringGenerator
.
uuidMatches
(
parameters
.
get
(
"code"
)))
{
throw
new
InvalidRequestException
(
"The code is not valid format ."
);
}
}
// The scope was requested or determined during the authorization step
/**crystal.sea
* code must uuid format
*/
if
(
parameters
.
get
(
"code"
)
!=
null
&&!
StringGenerator
.
uuidMatches
(
parameters
.
get
(
"code"
)))
{
throw
new
InvalidRequestException
(
"The code is not valid format ."
);
}
if
(
isRefreshTokenRequest
(
parameters
))
{
// A refresh token has its own default scopes, so we should ignore any added by the factory here.
tokenRequest
.
setScope
(
OAuth2Utils
.
parseParameterList
(
parameters
.
get
(
OAuth2Utils
.
SCOPE
)));
}
OAuth2AccessToken
token
=
getTokenGranter
().
grant
(
tokenRequest
.
getGrantType
(),
tokenRequest
);
if
(
token
==
null
)
{
throw
new
UnsupportedGrantTypeException
(
"Unsupported grant type: "
+
tokenRequest
.
getGrantType
());
}
if
(
isRefreshTokenRequest
(
parameters
))
{
// A refresh token has its own default scopes, so we should ignore any added by the factory here.
tokenRequest
.
setScope
(
OAuth2Utils
.
parseParameterList
(
parameters
.
get
(
OAuth2Utils
.
SCOPE
)));
}
token
=
getTokenGranter
().
grant
(
tokenRequest
.
getGrantType
(),
tokenRequest
);
if
(
token
==
null
)
{
throw
new
UnsupportedGrantTypeException
(
"Unsupported grant type: "
+
tokenRequest
.
getGrantType
());
}
}
catch
(
OAuth2Exception
oauth2Exception
)
{
token
=
new
DefaultOAuth2AccessToken
(
oauth2Exception
);
}
catch
(
InsufficientAuthenticationException
authenticationException
)
{
token
=
new
DefaultOAuth2AccessToken
(
new
OAuth2Exception
(
authenticationException
.
getMessage
()));
}
return
getResponse
(
token
);
}
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录