LiRuochen_WorkFlow/MaxKey
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

OAuth2 Access Confirmation

Browse Source 
OAuth2 Access Confirmation
This commit is contained in:
shimingxy
2020-06-05 11:09:40 +08:00
parent fd2a054d52
commit 173f5cdfb8
5 changed files with 119 additions and 65 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java
View File

@@ -40,12 +40,13 @@ public class AuthorizeBaseEndpoint {
Apps app=(Apps)WebContext.getAttribute(AuthorizeBaseEndpoint.class.getName());
//session中为空或者id不一致重新加载
if(app==null||!app.getId().equalsIgnoreCase(id)) {
app=appsService.get(id);
app=appsService.get(id);
WebContext.setAttribute(AuthorizeBaseEndpoint.class.getName(), app);
}
if(app == null){
_logger.error("Applications for id "+id + " is null");
}
WebContext.setAttribute(AuthorizeBaseEndpoint.class.getName(), app);
return app;
}

137
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/controller/OAuth20AccessConfirmationController.java
View File

@@ -1,17 +1,18 @@
package org.maxkey.authz.oauth2.provider.approval.controller;
import java.security.Principal;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;
import org.maxkey.authn.BasicAuthentication;
import org.maxkey.authz.endpoint.AuthorizeBaseEndpoint;
import org.maxkey.authz.oauth2.common.util.OAuth2Utils;
import org.maxkey.authz.oauth2.provider.AuthorizationRequest;
import org.maxkey.authz.oauth2.provider.ClientDetailsService;
import org.maxkey.authz.oauth2.provider.approval.Approval;
import org.maxkey.authz.oauth2.provider.approval.ApprovalStore;
import org.maxkey.authz.oauth2.provider.approval.Approval.ApprovalStatus;
import org.maxkey.authz.oauth2.provider.approval.ApprovalStore;
import org.maxkey.dao.service.AppsService;
import org.maxkey.domain.apps.Apps;
import org.maxkey.domain.apps.oauth2.provider.ClientDetails;
import org.maxkey.web.WebContext;
import org.springframework.beans.factory.annotation.Autowired;
@@ -32,56 +33,84 @@ import org.springframework.web.servlet.ModelAndView;
@SessionAttributes("authorizationRequest")
public class OAuth20AccessConfirmationController {
@Autowired
@Qualifier("oauth20JdbcClientDetailsService")
private ClientDetailsService clientDetailsService;
@Autowired
@Qualifier("oauth20ApprovalStore")
private ApprovalStore approvalStore;
@Autowired
@Qualifier("oauth20UserApprovalHandler")
OAuth20UserApprovalHandler oauth20UserApprovalHandler;
@RequestMapping("/oauth/v20/approval_confirm")
public ModelAndView getAccessConfirmation(@RequestParam Map<String, Object> model) throws Exception {
model.remove("authorizationRequest");
Map<String, String> modelRequest=new HashMap<String, String>();
for(Object key:model.keySet()){
modelRequest.put(key.toString(), model.get(key).toString());
}
String principal=((BasicAuthentication)WebContext.getAuthentication().getPrincipal()).getUsername();
//Map<String, Object> model
AuthorizationRequest clientAuth = (AuthorizationRequest) WebContext.getAttribute("authorizationRequest");
ClientDetails client = clientDetailsService.loadClientByClientId(clientAuth.getClientId());
model.put("auth_request", clientAuth);
model.put("client", client);
model.put("oauth_version", "oauth 2.0");
Map<String, String> scopes = new LinkedHashMap<String, String>();
for (String scope : clientAuth.getScope()) {
scopes.put(OAuth2Utils.SCOPE_PREFIX + scope, "false");
}
for (Approval approval : approvalStore.getApprovals(principal, client.getClientId())) {
if (clientAuth.getScope().contains(approval.getScope())) {
scopes.put(OAuth2Utils.SCOPE_PREFIX + approval.getScope(),
approval.getStatus() == ApprovalStatus.APPROVED ? "true" : "false");
}
}
model.put("scopes", scopes);
ModelAndView modelAndView=new ModelAndView("authorize/oauth_access_confirmation");
modelAndView.addObject("model",model);
return modelAndView;
}
@Autowired
@Qualifier("appsService")
protected AppsService appsService;
@Autowired
@Qualifier("oauth20JdbcClientDetailsService")
private ClientDetailsService clientDetailsService;
@RequestMapping("/oauth/v20/error")
public String handleError(Map<String,Object> model) throws Exception {
// We can add more stuff to the model here for JSP rendering. If the client was a machine then
// the JSON will already have been rendered.
model.put("message", "There was a problem with the OAuth2 protocol");
return "oauth_error";
}
@Autowired
@Qualifier("oauth20ApprovalStore")
private ApprovalStore approvalStore;
@Autowired
@Qualifier("oauth20UserApprovalHandler")
OAuth20UserApprovalHandler oauth20UserApprovalHandler;
/**
* getAccessConfirmation.
* @param model Map
* @return
* throws Exception
*/
@RequestMapping("/oauth/v20/approval_confirm")
public ModelAndView getAccessConfirmation(
@RequestParam Map<String, Object> model) throws Exception {
model.remove("authorizationRequest");
Map<String, String> modelRequest = new HashMap<String, String>();
for (Object key : model.keySet()) {
modelRequest.put(key.toString(), model.get(key).toString());
}
// Map<String, Object> model
AuthorizationRequest clientAuth =
(AuthorizationRequest) WebContext.getAttribute("authorizationRequest");
ClientDetails client = clientDetailsService.loadClientByClientId(clientAuth.getClientId());
Apps app = (Apps)WebContext.getAttribute(AuthorizeBaseEndpoint.class.getName());
//session中为空或者id不一致重新加载
if (app == null || !app.getId().equalsIgnoreCase(clientAuth.getClientId())) {
app = appsService.get(clientAuth.getClientId());
WebContext.setAttribute(AuthorizeBaseEndpoint.class.getName(), app);
WebContext.setAttribute(app.getId(), app.getIcon());
}
model.put("auth_request", clientAuth);
model.put("client", client);
model.put("app", app);
model.put("oauth_version", "oauth 2.0");
Map<String, String> scopes = new LinkedHashMap<String, String>();
for (String scope : clientAuth.getScope()) {
scopes.put(OAuth2Utils.SCOPE_PREFIX + scope, "false");
}
String principal =
((BasicAuthentication) WebContext.getAuthentication().getPrincipal()).getUsername();
for (Approval approval : approvalStore.getApprovals(principal, client.getClientId())) {
if (clientAuth.getScope().contains(approval.getScope())) {
scopes.put(OAuth2Utils.SCOPE_PREFIX + approval.getScope(),
approval.getStatus() == ApprovalStatus.APPROVED ? "true" : "false");
}
}
model.put("scopes", scopes);
ModelAndView modelAndView = new ModelAndView("authorize/oauth_access_confirmation");
modelAndView.addObject("model", model);
return modelAndView;
}
/**
* handleError.
* @param model Map
* @return
* throws Exception
*/
@RequestMapping("/oauth/v20/error")
public String handleError(Map<String, Object> model) throws Exception {
// We can add more stuff to the model here for JSP rendering. If the client was
// a machine then
// the JSON will already have been rendered.
model.put("message", "There was a problem with the OAuth2 protocol");
return "oauth_error";
}
}

5
maxkey-web-maxkey/src/main/resources/messages/message.properties
View File

@@ -180,6 +180,11 @@ apps.protocol=\u8BBF\u95EE\u534F\u8BAE
apps.category=\u7C7B\u578B
apps.account=\u8D26\u53F7
apps.oauth.approval.title=OAuth \u6388\u6743\u8BF7\u6C42
apps.oauth.approval.info=\u6B64\u7B2C\u4E09\u65B9\u5E94\u7528\u8BF7\u6C42\u83B7\u5F97\u4EE5\u4E0B\u6743\u9650:
apps.oauth.approval.context=\u8BBF\u95EE\u4F60\u7684\u4E2A\u4EBA\u4FE1\u606F
apps.oauth.approval.authorize=\u540C\u610F\u6388\u6743
button.text.action=\u8BBF\u95EE
button.text.visit=\u8BBF\u95EE
button.text.save=\u4FDD\u5B58

5
maxkey-web-maxkey/src/main/resources/messages/message_en.properties
View File

@@ -179,6 +179,11 @@ apps.protocol=protocol
apps.category=category
apps.account=account
apps.oauth.approval.title=OAuth Authorize Confirm
apps.oauth.approval.info=This third-party app request has the following permissions:
apps.oauth.approval.context=Access your personal information
apps.oauth.approval.authorize=Authorize
button.text.action=Action
button.text.visit=Visit
button.text.save=Save

32
maxkey-web-maxkey/src/main/resources/templates/views/authorize/oauth_access_confirmation.ftl
View File

@@ -11,17 +11,31 @@
</div>
<div class="container">
<#if 'oauth 2.0'==model.oauth_version>
<!-- oauth 2.0 -->
<h2>Please Confirm OAuth 2.0</h2>
<p>You hereby authorize "${model.client.clientId!}" to access your protected resources.</p>
<!-- oauth 2.0 -->
<table class="table table-bordered">
<tr>
<th colspan='2'><@locale code="apps.oauth.approval.title"/></th>
</tr>
<tr>
<td><img src="<@base/>/image/${model.app.id}" title="${model.app.name}" width="65px" height="65px" style="border:0;"/></td>
<td>
<b>${model.app.name!}</b><br/>
<@locale code="apps.oauth.approval.info"/>
</td>
</tr>
<tr>
<td></td>
<td>
<span class="checkboxspan icon_checkbox_selected"></span>
<@locale code="apps.oauth.approval.context"/>
</td>
</tr>
</table>
<!--<p>You hereby authorize "${model.client.clientId!}" to access your protected resources.</p>-->
<form id="confirmationForm" name="confirmationForm" action="<@base/>/oauth/v20/authorize" method="post">
<input name="user_oauth_approval" value="true" type="hidden"/>
<ul>
</ul>
<label><input name="authorize" value="Authorize" type="submit"/></label>
<label><input class="button btn btn-primary mr-3" name="authorize" value='<@locale code="apps.oauth.approval.authorize"/>' type="submit"/></label>
</form>
</#if>
</div>