Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
符节科技
Jap
提交
d44b851d
Jap
项目概览
符节科技
/
Jap
10 个月 前同步成功
通知
91
Star
3
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
Jap
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
d44b851d
编写于
8月 05, 2021
作者:
智布道
👁
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
✨
Support custom verification of client_secret
上级
bf9b8769
变更
4
隐藏空白更改
内联
并排
Showing
4 changed file
with
109 addition
and
6 deletion
+109
-6
jap-ids/src/main/java/com/fujieid/jap/ids/context/IdsContext.java
...src/main/java/com/fujieid/jap/ids/context/IdsContext.java
+11
-0
jap-ids/src/main/java/com/fujieid/jap/ids/service/IdsSecretService.java
...in/java/com/fujieid/jap/ids/service/IdsSecretService.java
+40
-0
jap-ids/src/main/java/com/fujieid/jap/ids/service/IdsSimpleSecretServiceImpl.java
...m/fujieid/jap/ids/service/IdsSimpleSecretServiceImpl.java
+43
-0
jap-ids/src/main/java/com/fujieid/jap/ids/util/OauthUtil.java
...ids/src/main/java/com/fujieid/jap/ids/util/OauthUtil.java
+15
-6
未找到文件。
jap-ids/src/main/java/com/fujieid/jap/ids/context/IdsContext.java
浏览文件 @
d44b851d
...
...
@@ -45,6 +45,8 @@ public class IdsContext implements Serializable {
private
IdsTokenService
tokenService
=
new
IdsTokenServiceImpl
();
private
IdsSecretService
secretService
=
new
IdsSimpleSecretServiceImpl
();
private
IdsConfig
idsConfig
;
private
IdsPipeline
<
Object
>
filterPipeline
;
...
...
@@ -116,6 +118,15 @@ public class IdsContext implements Serializable {
return
this
;
}
public
IdsSecretService
getSecretService
()
{
return
secretService
;
}
public
IdsContext
setSecretService
(
IdsSecretService
secretService
)
{
this
.
secretService
=
secretService
;
return
this
;
}
public
IdsPipeline
<
Object
>
getFilterPipeline
()
{
return
filterPipeline
;
}
...
...
jap-ids/src/main/java/com/fujieid/jap/ids/service/IdsSecretService.java
0 → 100644
浏览文件 @
d44b851d
/*
* Copyright (c) 2020-2040, 北京符节科技有限公司 (support@fujieid.com & https://www.fujieid.com).
* <p>
* Licensed under the GNU LESSER GENERAL PUBLIC LICENSE 3.0;
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* <p>
* http://www.gnu.org/licenses/lgpl.html
* <p>
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package
com.fujieid.jap.ids.service
;
/**
* Service interface for verifying client_secret.
* <p>
* The preferred implementation is {@link IdsSimpleSecretServiceImpl}.
*
* @author yadong.zhang (yadong.zhang0415(a)gmail.com)
* @version 1.0.0
* @since 1.0.4
*/
public
interface
IdsSecretService
{
/**
* Verify the encoded secret obtained from storage matches the submitted raw
* secret after it too is encoded. Returns true if the secret match, false if
* they do not. The stored secret itself is never decoded.
*
* @param rawSecret the raw secret to encode and match
* @param encodedSecret the encoded secret from storage to compare with
* @return true if the raw secret, after encoding, matches the encoded secret from
* storage
*/
boolean
matches
(
CharSequence
rawSecret
,
String
encodedSecret
);
}
jap-ids/src/main/java/com/fujieid/jap/ids/service/IdsSimpleSecretServiceImpl.java
0 → 100644
浏览文件 @
d44b851d
/*
* Copyright (c) 2020-2040, 北京符节科技有限公司 (support@fujieid.com & https://www.fujieid.com).
* <p>
* Licensed under the GNU LESSER GENERAL PUBLIC LICENSE 3.0;
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* <p>
* http://www.gnu.org/licenses/lgpl.html
* <p>
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package
com.fujieid.jap.ids.service
;
import
com.xkcoding.json.util.StringUtil
;
/**
* Implementation of IdsSecretService that uses the {@code String.equals} function
*
* @author yadong.zhang (yadong.zhang0415(a)gmail.com)
* @version 1.0.0
* @since 1.0.0
*/
public
class
IdsSimpleSecretServiceImpl
implements
IdsSecretService
{
/**
* Verify the encoded secret obtained from storage matches the submitted raw
* secret after it too is encoded. Returns true if the secret match, false if
* they do not. The stored secret itself is never decoded.
*
* @param rawSecret the raw secret to encode and match
* @param encodedSecret the encoded secret from storage to compare with
* @return true if the raw secret, after encoding, matches the encoded secret from
* storage
*/
@Override
public
boolean
matches
(
CharSequence
rawSecret
,
String
encodedSecret
)
{
return
!
StringUtil
.
isEmpty
(
encodedSecret
)
&&
rawSecret
.
equals
(
encodedSecret
);
}
}
jap-ids/src/main/java/com/fujieid/jap/ids/util/OauthUtil.java
浏览文件 @
d44b851d
...
...
@@ -20,12 +20,14 @@ import cn.hutool.core.util.ArrayUtil;
import
cn.hutool.core.util.RandomUtil
;
import
cn.hutool.core.util.URLUtil
;
import
cn.hutool.crypto.SecureUtil
;
import
com.fujieid.jap.ids.JapIds
;
import
com.fujieid.jap.ids.exception.*
;
import
com.fujieid.jap.ids.model.ClientDetail
;
import
com.fujieid.jap.ids.model.IdsConsts
;
import
com.fujieid.jap.ids.model.IdsRequestParam
;
import
com.fujieid.jap.ids.model.enums.ErrorResponse
;
import
com.fujieid.jap.ids.model.enums.GrantType
;
import
com.fujieid.jap.ids.service.IdsSecretService
;
import
com.fujieid.jap.ids.service.Oauth2Service
;
import
com.xkcoding.json.util.StringUtil
;
import
org.jose4j.base64url.Base64Url
;
...
...
@@ -146,14 +148,21 @@ public class OauthUtil {
if
(
param
.
isEnablePkce
())
{
oauth2Service
.
validateAuthrizationCodeChallenge
(
param
.
getCodeVerifier
(),
param
.
getCode
());
}
else
{
if
(
StringUtil
.
isEmpty
(
param
.
getClientSecret
())
||
!
clientDetail
.
getClientSecret
().
equals
(
param
.
getClientSecret
()))
{
throw
new
InvalidClientException
(
ErrorResponse
.
INVALID_CLIENT
);
}
matchesSecret
(
param
,
clientDetail
);
}
}
else
{
if
(
StringUtil
.
isEmpty
(
param
.
getClientSecret
())
||
!
clientDetail
.
getClientSecret
().
equals
(
param
.
getClientSecret
()))
{
throw
new
InvalidClientException
(
ErrorResponse
.
INVALID_CLIENT
);
}
matchesSecret
(
param
,
clientDetail
);
}
}
private
static
void
matchesSecret
(
IdsRequestParam
param
,
ClientDetail
clientDetail
)
{
IdsSecretService
secretService
=
JapIds
.
getContext
().
getSecretService
();
if
(
null
==
secretService
)
{
throw
new
IdsTokenException
(
"com.fujieid.jap.ids.service.IdsSecretService has not been injected"
);
}
if
(!
secretService
.
matches
(
clientDetail
.
getClientSecret
(),
param
.
getClientSecret
()))
{
throw
new
InvalidClientException
(
ErrorResponse
.
INVALID_CLIENT
);
}
}
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录