OAuth2 Access Confirmation

OAuth2 Access Confirmation

OAuth2 Access Confirmation
173f5cdf · MaxKey单点登录官方 · fd2a054d · 173f5cdf · 173f5cdf · 173f5cdf
5 changed file
--- a/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java
@@ -41,11 +41,12 @@ public class AuthorizeBaseEndpoint {
 		//session中为空或者id不一致重新加载
 		if(app==null||!app.getId().equalsIgnoreCase(id)) {
 			app=appsService.get(id);
+			WebContext.setAttribute(AuthorizeBaseEndpoint.class.getName(), app);
 		}
 		if(app	==	null){
 			_logger.error("Applications for id "+id + "  is null");
 		}
-		WebContext.setAttribute(AuthorizeBaseEndpoint.class.getName(), app);
+		
 		return app;
 	}
 	

--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/controller/OAuth20AccessConfirmationController.java
+++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/controller/OAuth20AccessConfirmationController.java
 package org.maxkey.authz.oauth2.provider.approval.controller;

-import java.security.Principal;
 import java.util.HashMap;
 import java.util.LinkedHashMap;
 import java.util.Map;
-
 import org.maxkey.authn.BasicAuthentication;
+import org.maxkey.authz.endpoint.AuthorizeBaseEndpoint;
 import org.maxkey.authz.oauth2.common.util.OAuth2Utils;
 import org.maxkey.authz.oauth2.provider.AuthorizationRequest;
 import org.maxkey.authz.oauth2.provider.ClientDetailsService;
 import org.maxkey.authz.oauth2.provider.approval.Approval;
-import org.maxkey.authz.oauth2.provider.approval.ApprovalStore;
 import org.maxkey.authz.oauth2.provider.approval.Approval.ApprovalStatus;
+import org.maxkey.authz.oauth2.provider.approval.ApprovalStore;
+import org.maxkey.dao.service.AppsService;
+import org.maxkey.domain.apps.Apps;
 import org.maxkey.domain.apps.oauth2.provider.ClientDetails;
 import org.maxkey.web.WebContext;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -32,6 +33,10 @@ import org.springframework.web.servlet.ModelAndView;
 @SessionAttributes("authorizationRequest")
 public class OAuth20AccessConfirmationController {

+    @Autowired
+    @Qualifier("appsService")
+    protected AppsService appsService;
+    
    @Autowired
    @Qualifier("oauth20JdbcClientDetailsService")
    private ClientDetailsService clientDetailsService;
@@ -44,26 +49,43 @@ public class OAuth20AccessConfirmationController {
    @Qualifier("oauth20UserApprovalHandler")
    OAuth20UserApprovalHandler oauth20UserApprovalHandler;

-	
+    /**
+     * getAccessConfirmation.
+     * @param model  Map
+     * @return
+     * throws Exception  
+     */
    @RequestMapping("/oauth/v20/approval_confirm")
-	public ModelAndView getAccessConfirmation(@RequestParam  Map<String, Object> model) throws Exception {
+    public ModelAndView getAccessConfirmation(
+            @RequestParam Map<String, Object> model) throws Exception {
        model.remove("authorizationRequest");
-		Map<String, String> modelRequest=new HashMap<String, String>();
-		for(Object key:model.keySet()){
+        Map<String, String> modelRequest = new HashMap<String, String>();
+        for (Object key : model.keySet()) {
            modelRequest.put(key.toString(), model.get(key).toString());
        }
-		String principal=((BasicAuthentication)WebContext.getAuthentication().getPrincipal()).getUsername();
-		 //Map<String, Object> model
-		AuthorizationRequest clientAuth = (AuthorizationRequest) WebContext.getAttribute("authorizationRequest");
+        
+        // Map<String, Object> model
+        AuthorizationRequest clientAuth = 
+                (AuthorizationRequest) WebContext.getAttribute("authorizationRequest");
        ClientDetails client = clientDetailsService.loadClientByClientId(clientAuth.getClientId());
+        Apps  app = (Apps)WebContext.getAttribute(AuthorizeBaseEndpoint.class.getName());
+        //session中为空或者id不一致重新加载
+        if (app == null || !app.getId().equalsIgnoreCase(clientAuth.getClientId())) {
+            app = appsService.get(clientAuth.getClientId()); 
+            WebContext.setAttribute(AuthorizeBaseEndpoint.class.getName(), app);
+            WebContext.setAttribute(app.getId(), app.getIcon());
+        }
+       
        model.put("auth_request", clientAuth);
        model.put("client", client);
+        model.put("app", app);
        model.put("oauth_version", "oauth 2.0");
        Map<String, String> scopes = new LinkedHashMap<String, String>();
        for (String scope : clientAuth.getScope()) {
            scopes.put(OAuth2Utils.SCOPE_PREFIX + scope, "false");
        }
-		
+        String principal = 
+                ((BasicAuthentication) WebContext.getAuthentication().getPrincipal()).getUsername();
        for (Approval approval : approvalStore.getApprovals(principal, client.getClientId())) {
            if (clientAuth.getScope().contains(approval.getScope())) {
                scopes.put(OAuth2Utils.SCOPE_PREFIX + approval.getScope(),
@@ -72,14 +94,21 @@ public class OAuth20AccessConfirmationController {
        }
        model.put("scopes", scopes);

-		ModelAndView modelAndView=new ModelAndView("authorize/oauth_access_confirmation");
-		modelAndView.addObject("model",model);
+        ModelAndView modelAndView = new ModelAndView("authorize/oauth_access_confirmation");
+        modelAndView.addObject("model", model);
        return modelAndView;
    }

+    /**
+     * handleError.
+     * @param model Map
+     * @return
+     * throws Exception
+     */
    @RequestMapping("/oauth/v20/error")
-	public String handleError(Map<String,Object> model) throws Exception {
-		// We can add more stuff to the model here for JSP rendering.  If the client was a machine then
+    public String handleError(Map<String, Object> model) throws Exception {
+        // We can add more stuff to the model here for JSP rendering. If the client was
+        // a machine then
        // the JSON will already have been rendered.
        model.put("message", "There was a problem with the OAuth2 protocol");
        return "oauth_error";

--- a/maxkey-web-maxkey/src/main/resources/messages/message.properties
+++ b/maxkey-web-maxkey/src/main/resources/messages/message.properties
@@ -180,6 +180,11 @@ apps.protocol=\u8BBF\u95EE\u534F\u8BAE
 apps.category=\u7C7B\u578B
 apps.account=\u8D26\u53F7

+apps.oauth.approval.title=OAuth \u6388\u6743\u8BF7\u6C42
+apps.oauth.approval.info=\u6B64\u7B2C\u4E09\u65B9\u5E94\u7528\u8BF7\u6C42\u83B7\u5F97\u4EE5\u4E0B\u6743\u9650:
+apps.oauth.approval.context=\u8BBF\u95EE\u4F60\u7684\u4E2A\u4EBA\u4FE1\u606F
+apps.oauth.approval.authorize=\u540C\u610F\u6388\u6743
+
 button.text.action=\u8BBF\u95EE
 button.text.visit=\u8BBF\u95EE
 button.text.save=\u4FDD\u5B58

--- a/maxkey-web-maxkey/src/main/resources/messages/message_en.properties
+++ b/maxkey-web-maxkey/src/main/resources/messages/message_en.properties
@@ -179,6 +179,11 @@ apps.protocol=protocol
 apps.category=category
 apps.account=account

+apps.oauth.approval.title=OAuth Authorize Confirm
+apps.oauth.approval.info=This third-party app request has the following permissions:
+apps.oauth.approval.context=Access your personal information
+apps.oauth.approval.authorize=Authorize
+
 button.text.action=Action
 button.text.visit=Visit
 button.text.save=Save

--- a/maxkey-web-maxkey/src/main/resources/templates/views/authorize/oauth_access_confirmation.ftl
+++ b/maxkey-web-maxkey/src/main/resources/templates/views/authorize/oauth_access_confirmation.ftl
@@ -12,16 +12,30 @@
 	<div class="container">	
 		<#if 'oauth 2.0'==model.oauth_version>
 			 <!-- oauth 2.0 -->
-		      <h2>Please Confirm OAuth 2.0</h2>
+			 <table  class="table table-bordered">
+                        <tr>
+                            <th colspan='2'><@locale code="apps.oauth.approval.title"/></th>
+                        </tr>
+                         <tr>
+                            <td><img src="<@base/>/image/${model.app.id}" title="${model.app.name}" width="65px" height="65px"  style="border:0;"/></td>
+                            <td>
+                                <b>${model.app.name!}</b><br/>
+                                <@locale code="apps.oauth.approval.info"/>
+                            </td>
+                        </tr>
+                         <tr>
+                            <td></td>
+                            <td>
+                                    <span class="checkboxspan icon_checkbox_selected"></span>
+                                    <@locale code="apps.oauth.approval.context"/>
+                            </td>
+                        </tr>
+              </table>   
 		      
-		      <p>You hereby authorize "${model.client.clientId!}" to access your protected resources.</p>
+		      <!--<p>You hereby authorize "${model.client.clientId!}" to access your protected resources.</p>-->
 		      <form id="confirmationForm" name="confirmationForm" action="<@base/>/oauth/v20/authorize" method="post">
 		        <input name="user_oauth_approval" value="true" type="hidden"/>
-		        	
-			        <ul>
-			        	
-		       		 </ul>
-		        <label><input name="authorize" value="Authorize" type="submit"/></label>
+		        <label><input class="button btn btn-primary mr-3" name="authorize" value='<@locale code="apps.oauth.approval.authorize"/>' type="submit"/></label>
 		      </form>
 	    </#if>
    </div>