Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
MaxKey单点登录官方(MaxKeyTop)
MaxKey
提交
a8f090a8
MaxKey
项目概览
MaxKey单点登录官方(MaxKeyTop)
/
MaxKey
10 个月 前同步成功
通知
75
Star
3
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
1
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
MaxKey
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
1
Issue
1
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
a8f090a8
编写于
2月 13, 2022
作者:
M
MaxKey
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
metadatas
上级
b5decd3a
变更
5
隐藏空白更改
内联
并排
Showing
5 changed file
with
62 addition
and
14 deletion
+62
-14
maxkey-core/src/main/java/org/maxkey/web/WebConstants.java
maxkey-core/src/main/java/org/maxkey/web/WebConstants.java
+2
-0
maxkey-protocols/maxkey-protocol-jwt/src/main/java/org/maxkey/authz/token/endpoint/JwtAuthorizeEndpoint.java
...org/maxkey/authz/token/endpoint/JwtAuthorizeEndpoint.java
+29
-6
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AuthorizationEndpoint.java
...authz/oauth2/provider/endpoint/AuthorizationEndpoint.java
+25
-0
maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/metadata/endpoint/MetadataEndpoint.java
...xkey/authz/saml20/metadata/endpoint/MetadataEndpoint.java
+5
-7
maxkey-webs/maxkey-web-mgt/src/main/resources/templates/views/apps/saml20/appUpdate.ftl
.../main/resources/templates/views/apps/saml20/appUpdate.ftl
+1
-1
未找到文件。
maxkey-core/src/main/java/org/maxkey/web/WebConstants.java
浏览文件 @
a8f090a8
...
...
@@ -90,6 +90,8 @@ public class WebConstants {
public
static
final
String
ONLINE_TICKET_PREFIX
=
"OT"
;
public
static
final
String
MXK_METADATA_PREFIX
=
"mxk_metadata_"
;
public
static
final
class
LOGIN_RESULT
{
public
static
final
String
SUCCESS
=
"success"
;
public
static
final
String
FAIL
=
"fail"
;
...
...
maxkey-protocols/maxkey-protocol-jwt/src/main/java/org/maxkey/authz/token/endpoint/JwtAuthorizeEndpoint.java
浏览文件 @
a8f090a8
...
...
@@ -27,16 +27,19 @@ import javax.servlet.http.HttpServletRequest;
import
javax.servlet.http.HttpServletResponse
;
import
org.apache.commons.beanutils.BeanUtils
;
import
org.apache.commons.lang3.StringUtils
;
import
org.maxkey.authn.SigninPrincipal
;
import
org.maxkey.authz.endpoint.AuthorizeBaseEndpoint
;
import
org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter
;
import
org.maxkey.authz.jwt.endpoint.adapter.JwtAdapter
;
import
org.maxkey.configuration.ApplicationConfig
;
import
org.maxkey.constants.ConstsBoolean
;
import
org.maxkey.crypto.jose.keystore.JWKSetKeyStore
;
import
org.maxkey.entity.apps.Apps
;
import
org.maxkey.entity.apps.AppsJwtDetails
;
import
org.maxkey.persistence.service.AppsJwtDetailsService
;
import
org.maxkey.util.Instance
;
import
org.maxkey.web.WebConstants
;
import
org.maxkey.web.WebContext
;
import
org.slf4j.Logger
;
import
org.slf4j.LoggerFactory
;
...
...
@@ -44,6 +47,8 @@ import org.springframework.beans.factory.annotation.Autowired;
import
org.springframework.stereotype.Controller
;
import
org.springframework.web.bind.annotation.PathVariable
;
import
org.springframework.web.bind.annotation.RequestMapping
;
import
org.springframework.web.bind.annotation.RequestMethod
;
import
org.springframework.web.bind.annotation.ResponseBody
;
import
org.springframework.web.servlet.ModelAndView
;
import
io.swagger.v3.oas.annotations.Operation
;
...
...
@@ -72,13 +77,9 @@ public class JwtAuthorizeEndpoint extends AuthorizeBaseEndpoint{
HttpServletResponse
response
,
@PathVariable
(
"id"
)
String
id
){
ModelAndView
modelAndView
=
new
ModelAndView
();
AppsJwtDetails
jwtDetails
=
null
;
jwtDetails
=
jwtDetailsService
.
getAppDetails
(
id
);
Apps
application
=
getApp
(
id
);
AppsJwtDetails
jwtDetails
=
jwtDetailsService
.
getAppDetails
(
id
);
_logger
.
debug
(
""
+
jwtDetails
);
Apps
application
=
getApp
(
id
);
jwtDetails
.
setAdapter
(
application
.
getAdapter
());
jwtDetails
.
setIsAdapter
(
application
.
getIsAdapter
());
...
...
@@ -135,4 +136,26 @@ public class JwtAuthorizeEndpoint extends AuthorizeBaseEndpoint{
}
@Operation
(
summary
=
"JWT JWK元数据接口"
,
description
=
"参数mxk_metadata_APPID"
,
method
=
"GET"
)
@RequestMapping
(
value
=
"/metadata/jwt/{appid}.json"
,
produces
=
"application/json"
,
method
={
RequestMethod
.
POST
,
RequestMethod
.
GET
})
@ResponseBody
public
String
metadata
(
HttpServletRequest
request
,
HttpServletResponse
response
,
@PathVariable
(
"appid"
)
String
appId
)
{
appId
=
appId
.
substring
(
WebConstants
.
MXK_METADATA_PREFIX
.
length
(),
appId
.
length
());
AppsJwtDetails
jwtDetails
=
jwtDetailsService
.
getAppDetails
(
appId
);
String
jwkSetString
=
""
;
if
(!
jwtDetails
.
getSignature
().
equalsIgnoreCase
(
"none"
))
{
jwkSetString
=
jwtDetails
.
getSignatureKey
();
}
if
(!
jwtDetails
.
getAlgorithm
().
equalsIgnoreCase
(
"none"
))
{
if
(
StringUtils
.
isBlank
(
jwkSetString
))
{
jwkSetString
=
jwtDetails
.
getAlgorithmKey
();
}
else
{
jwkSetString
=
jwkSetString
+
","
+
jwtDetails
.
getAlgorithmKey
();
}
}
JWKSetKeyStore
jwkSetKeyStore
=
new
JWKSetKeyStore
(
"{\"keys\": ["
+
jwkSetString
+
"]}"
);
return
jwkSetKeyStore
.
getJwkSet
().
toPublicJWKSet
().
toString
();
}
}
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AuthorizationEndpoint.java
浏览文件 @
a8f090a8
...
...
@@ -42,6 +42,7 @@ import org.maxkey.authz.oauth2.provider.approval.UserApprovalHandler;
import
org.maxkey.authz.oauth2.provider.code.AuthorizationCodeServices
;
import
org.maxkey.authz.oauth2.provider.implicit.ImplicitTokenRequest
;
import
org.maxkey.authz.oauth2.provider.request.DefaultOAuth2RequestValidator
;
import
org.maxkey.crypto.jose.keystore.JWKSetKeyStore
;
import
org.maxkey.util.HttpEncoder
;
import
org.maxkey.entity.apps.Apps
;
import
org.maxkey.entity.apps.oauth2.provider.ClientDetails
;
...
...
@@ -58,6 +59,7 @@ import org.springframework.web.bind.annotation.PathVariable;
import
org.springframework.web.bind.annotation.RequestMapping
;
import
org.springframework.web.bind.annotation.RequestMethod
;
import
org.springframework.web.bind.annotation.RequestParam
;
import
org.springframework.web.bind.annotation.ResponseBody
;
import
org.springframework.web.bind.annotation.SessionAttributes
;
import
org.springframework.web.bind.support.SessionStatus
;
import
org.springframework.web.servlet.ModelAndView
;
...
...
@@ -286,6 +288,29 @@ public class AuthorizationEndpoint extends AbstractEndpoint {
}
}
@Operation
(
summary
=
"OAuth JWk 元数据接口"
,
description
=
"参数mxk_metadata_APPID"
,
method
=
"GET"
)
@RequestMapping
(
value
=
"/metadata/oauth/v20/{appid}.json"
,
produces
=
"application/json"
,
method
={
RequestMethod
.
POST
,
RequestMethod
.
GET
})
@ResponseBody
public
String
metadata
(
HttpServletRequest
request
,
HttpServletResponse
response
,
@PathVariable
(
"appid"
)
String
appId
)
{
appId
=
appId
.
substring
(
WebConstants
.
MXK_METADATA_PREFIX
.
length
(),
appId
.
length
());
ClientDetails
clientDetails
=
getClientDetailsService
().
loadClientByClientId
(
appId
,
true
);
String
jwkSetString
=
""
;
if
(!
clientDetails
.
getSignature
().
equalsIgnoreCase
(
"none"
))
{
jwkSetString
=
clientDetails
.
getSignatureKey
();
}
if
(!
clientDetails
.
getAlgorithm
().
equalsIgnoreCase
(
"none"
))
{
if
(!
StringUtils
.
hasText
(
jwkSetString
))
{
jwkSetString
=
clientDetails
.
getAlgorithmKey
();
}
else
{
jwkSetString
=
jwkSetString
+
","
+
clientDetails
.
getAlgorithmKey
();
}
}
JWKSetKeyStore
jwkSetKeyStore
=
new
JWKSetKeyStore
(
"{\"keys\": ["
+
jwkSetString
+
"]}"
);
return
jwkSetKeyStore
.
getJwkSet
().
toPublicJWKSet
().
toString
();
}
// We need explicit approval from the user.
private
ModelAndView
getUserApprovalPageResponse
(
Map
<
String
,
Object
>
model
,
...
...
maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/metadata/endpoint/MetadataEndpoint.java
浏览文件 @
a8f090a8
...
...
@@ -26,6 +26,7 @@ import org.maxkey.authz.saml20.metadata.MetadataGenerator;
import
org.maxkey.constants.ContentType
;
import
org.maxkey.crypto.keystore.KeyStoreLoader
;
import
org.maxkey.entity.Saml20Metadata
;
import
org.maxkey.web.WebConstants
;
import
org.maxkey.web.WebContext
;
import
org.opensaml.common.xml.SAMLConstants
;
import
org.opensaml.saml2.core.NameIDType
;
...
...
@@ -73,17 +74,15 @@ public class MetadataEndpoint {
private
Saml20Metadata
saml20Metadata
;
private
Credential
signingCredential
;
public
static
String
IDP_METADATA_PREFIX
=
"Idp_Metadata_"
;
@Operation
(
summary
=
"SAML 2.0 元数据接口"
,
description
=
"参数
Idp_Metadata_应用
ID"
,
method
=
"GET"
)
@Operation
(
summary
=
"SAML 2.0 元数据接口"
,
description
=
"参数
mxk_metadata_APP
ID"
,
method
=
"GET"
)
@RequestMapping
(
value
=
"/{appid}.xml"
,
produces
=
"application/xml"
,
method
={
RequestMethod
.
POST
,
RequestMethod
.
GET
})
@ResponseBody
public
String
metadata
(
HttpServletRequest
request
,
HttpServletResponse
response
,
@PathVariable
(
"appid"
)
String
appId
)
{
response
.
setContentType
(
ContentType
.
APPLICATION_XML_UTF8
);
appId
=
appId
.
substring
(
IDP
_METADATA_PREFIX
.
length
(),
appId
.
length
());
if
(
signingCredential
==
null
){
appId
=
appId
.
substring
(
WebConstants
.
MXK
_METADATA_PREFIX
.
length
(),
appId
.
length
());
if
(
signingCredential
==
null
){
TrustResolver
trustResolver
=
new
TrustResolver
();
CredentialResolver
credentialResolver
=(
CredentialResolver
)
trustResolver
.
buildKeyStoreCredentialResolver
(
keyStoreLoader
.
getKeyStore
(),
...
...
@@ -96,7 +95,6 @@ public class MetadataEndpoint {
criteriaSet
.
add
(
new
UsageCriteria
(
UsageType
.
SIGNING
));
try
{
signingCredential
=
credentialResolver
.
resolveSingle
(
criteriaSet
);
}
catch
(
SecurityException
e
)
{
...
...
@@ -121,7 +119,7 @@ public class MetadataEndpoint {
descriptor
.
getSingleLogoutServices
().
add
(
metadataGenerator
.
getSingleLogoutService
(
WebContext
.
getHttpContextPath
()+
"/logout"
,
null
));
descriptor
.
getManageNameIDServices
().
add
(
metadataGenerator
.
getManageNameIDService
(
WebContext
.
getHttpContextPath
()+
"/saml/metadata/"
+
IDP_METADATA_PREFIX
+
appId
+
".xml"
));
descriptor
.
getManageNameIDServices
().
add
(
metadataGenerator
.
getManageNameIDService
(
WebContext
.
getHttpContextPath
()+
"/saml/metadata/"
+
WebConstants
.
MXK_METADATA_PREFIX
+
appId
+
".xml"
));
descriptor
.
getKeyDescriptors
().
add
(
metadataGenerator
.
generateEncryptionKeyDescriptor
(
signingCredential
));
...
...
maxkey-webs/maxkey-web-mgt/src/main/resources/templates/views/apps/saml20/appUpdate.ftl
浏览文件 @
a8f090a8
...
...
@@ -58,7 +58,7 @@
</td>
<td></td>
<td
>
<a
target=
"_blank"
href=
"${authzURI}/metadata/saml20/
Idp_Metadata_${model.id}.xml"
>
SAML MetaData
</a>
<a
target=
"_blank"
href=
"${authzURI}/metadata/saml20/
mxk_metadata_${model.id}.xml"
>
SAML MetaData
</a>
</td>
</tr>
<tr>
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录