From c1c9bb5e878ee52aa9a34e244e86635473233740 Mon Sep 17 00:00:00 2001 From: MaxKey Date: Tue, 23 Mar 2021 19:11:54 +0800 Subject: [PATCH] header authorization --- .../maxkey/util/AuthorizationHeaderUtils.java | 2 +- .../maxkey/constants/ldap/GroupOfNames.java | 1 + .../constants/ldap/GroupOfUniqueNames.java | 1 + .../maxkey/constants/ldap/InetOrgPerson.java | 1 + .../maxkey/constants/ldap/Organization.java | 3 + .../constants/ldap/OrganizationalUnit.java | 1 + .../java/org/maxkey/domain/Organizations.java | 122 ++++++++++-------- .../org/maxkey/web/HttpResponseAdapter.java | 1 - .../token/endpoint/JwtAuthorizeEndpoint.java | 4 +- .../TokenEndpointAuthenticationFilter.java | 22 +++- .../endpoint/OAuthDefaultUserInfoAdapter.java | 2 + .../userinfo/endpoint/UserInfoEndpoint.java | 38 +++--- 12 files changed, 122 insertions(+), 76 deletions(-) diff --git a/maxkey-common/src/main/java/org/maxkey/util/AuthorizationHeaderUtils.java b/maxkey-common/src/main/java/org/maxkey/util/AuthorizationHeaderUtils.java index f34fb766..ac219e36 100644 --- a/maxkey-common/src/main/java/org/maxkey/util/AuthorizationHeaderUtils.java +++ b/maxkey-common/src/main/java/org/maxkey/util/AuthorizationHeaderUtils.java @@ -64,7 +64,7 @@ public class AuthorizationHeaderUtils { } public static boolean isBearer(String bearer) { - if (bearer.startsWith(AuthorizationHeaderCredential.Credential.BEARER)) { + if (bearer.toLowerCase().startsWith(AuthorizationHeaderCredential.Credential.BEARER.toLowerCase())) { return true; } else { return false; diff --git a/maxkey-core/src/main/java/org/maxkey/constants/ldap/GroupOfNames.java b/maxkey-core/src/main/java/org/maxkey/constants/ldap/GroupOfNames.java index 0d4e8389..b3edfc31 100644 --- a/maxkey-core/src/main/java/org/maxkey/constants/ldap/GroupOfNames.java +++ b/maxkey-core/src/main/java/org/maxkey/constants/ldap/GroupOfNames.java @@ -28,6 +28,7 @@ import java.util.Arrays; */ public class GroupOfNames { public static ArrayList OBJECTCLASS = new ArrayList<>(Arrays.asList("top", "groupOfNames")); + public static final String DISTINGUISHEDNAME = "distinguishedname"; public static final String CN = "cn"; public static final String MEMBER = "member"; public static final String BUSINESSCATEGORY = "businessCategory"; diff --git a/maxkey-core/src/main/java/org/maxkey/constants/ldap/GroupOfUniqueNames.java b/maxkey-core/src/main/java/org/maxkey/constants/ldap/GroupOfUniqueNames.java index 417504b0..4600f3dd 100644 --- a/maxkey-core/src/main/java/org/maxkey/constants/ldap/GroupOfUniqueNames.java +++ b/maxkey-core/src/main/java/org/maxkey/constants/ldap/GroupOfUniqueNames.java @@ -28,6 +28,7 @@ import java.util.Arrays; */ public class GroupOfUniqueNames { public static ArrayList OBJECTCLASS = new ArrayList<>(Arrays.asList("top", "groupOfUniqueNames")); + public static final String DISTINGUISHEDNAME = "distinguishedname"; public static final String CN = "cn"; public static final String UNIQUEMEMBER = "uniqueMember"; public static final String BUSINESSCATEGORY = "businessCategory"; diff --git a/maxkey-core/src/main/java/org/maxkey/constants/ldap/InetOrgPerson.java b/maxkey-core/src/main/java/org/maxkey/constants/ldap/InetOrgPerson.java index 8fd62556..9d3598e1 100644 --- a/maxkey-core/src/main/java/org/maxkey/constants/ldap/InetOrgPerson.java +++ b/maxkey-core/src/main/java/org/maxkey/constants/ldap/InetOrgPerson.java @@ -28,6 +28,7 @@ import java.util.Arrays; */ public class InetOrgPerson { public static ArrayList OBJECTCLASS = new ArrayList<>(Arrays.asList("top", "person","organizationalPerson","inetOrgPerson")); + public static final String DISTINGUISHEDNAME = "distinguishedname"; //person sup top /**person sn MUST*/ public static final String SN = "sn"; diff --git a/maxkey-core/src/main/java/org/maxkey/constants/ldap/Organization.java b/maxkey-core/src/main/java/org/maxkey/constants/ldap/Organization.java index 8fea393e..91122fa0 100644 --- a/maxkey-core/src/main/java/org/maxkey/constants/ldap/Organization.java +++ b/maxkey-core/src/main/java/org/maxkey/constants/ldap/Organization.java @@ -28,6 +28,9 @@ import java.util.Arrays; */ public class Organization { public static ArrayList OBJECTCLASS = new ArrayList<>(Arrays.asList("top", "organization")); + + public static final String DISTINGUISHEDNAME = "distinguishedname"; + /**Organization o*/ public static final String O = "o"; /**Organization userPassword*/ diff --git a/maxkey-core/src/main/java/org/maxkey/constants/ldap/OrganizationalUnit.java b/maxkey-core/src/main/java/org/maxkey/constants/ldap/OrganizationalUnit.java index f8c9472d..6b12d4c9 100644 --- a/maxkey-core/src/main/java/org/maxkey/constants/ldap/OrganizationalUnit.java +++ b/maxkey-core/src/main/java/org/maxkey/constants/ldap/OrganizationalUnit.java @@ -28,6 +28,7 @@ import java.util.Arrays; */ public class OrganizationalUnit { public static ArrayList OBJECTCLASS = new ArrayList<>(Arrays.asList("top", "OrganizationalUnit")); + public static final String DISTINGUISHEDNAME = "distinguishedname"; /**OrganizationalUnit ou*/ public static final String OU = "ou"; /**OrganizationalUnit userPassword*/ diff --git a/maxkey-core/src/main/java/org/maxkey/domain/Organizations.java b/maxkey-core/src/main/java/org/maxkey/domain/Organizations.java index eec9ac61..bf309d9a 100644 --- a/maxkey-core/src/main/java/org/maxkey/domain/Organizations.java +++ b/maxkey-core/src/main/java/org/maxkey/domain/Organizations.java @@ -80,6 +80,8 @@ public class Organizations extends JpaBaseDomain implements Serializable { @Column private String sortIndex; @Column + private String ldapDn; + @Column private String description; private String status; @@ -292,7 +294,15 @@ public class Organizations extends JpaBaseDomain implements Serializable { - public String getStatus() { + public String getLdapDn() { + return ldapDn; + } + + public void setLdapDn(String ldapDn) { + this.ldapDn = ldapDn; + } + + public String getStatus() { return status; } @@ -301,59 +311,63 @@ public class Organizations extends JpaBaseDomain implements Serializable { } @Override - public String toString() { - StringBuilder builder = new StringBuilder(); - builder.append("Organizations [id="); - builder.append(id); - builder.append(", code="); - builder.append(code); - builder.append(", name="); - builder.append(name); - builder.append(", fullName="); - builder.append(fullName); - builder.append(", parentId="); - builder.append(parentId); - builder.append(", parentName="); - builder.append(parentName); - builder.append(", type="); - builder.append(type); - builder.append(", codePath="); - builder.append(codePath); - builder.append(", namePath="); - builder.append(namePath); - builder.append(", level="); - builder.append(level); - builder.append(", hasChild="); - builder.append(hasChild); - builder.append(", division="); - builder.append(division); - builder.append(", country="); - builder.append(country); - builder.append(", region="); - builder.append(region); - builder.append(", locality="); - builder.append(locality); - builder.append(", street="); - builder.append(street); - builder.append(", address="); - builder.append(address); - builder.append(", contact="); - builder.append(contact); - builder.append(", postalCode="); - builder.append(postalCode); - builder.append(", phone="); - builder.append(phone); - builder.append(", fax="); - builder.append(fax); - builder.append(", email="); - builder.append(email); - builder.append(", sortIndex="); - builder.append(sortIndex); - builder.append(", description="); - builder.append(description); - builder.append("]"); - return builder.toString(); - } + public String toString() { + StringBuilder builder = new StringBuilder(); + builder.append("Organizations [id="); + builder.append(id); + builder.append(", code="); + builder.append(code); + builder.append(", name="); + builder.append(name); + builder.append(", fullName="); + builder.append(fullName); + builder.append(", parentId="); + builder.append(parentId); + builder.append(", parentName="); + builder.append(parentName); + builder.append(", type="); + builder.append(type); + builder.append(", codePath="); + builder.append(codePath); + builder.append(", namePath="); + builder.append(namePath); + builder.append(", level="); + builder.append(level); + builder.append(", hasChild="); + builder.append(hasChild); + builder.append(", division="); + builder.append(division); + builder.append(", country="); + builder.append(country); + builder.append(", region="); + builder.append(region); + builder.append(", locality="); + builder.append(locality); + builder.append(", street="); + builder.append(street); + builder.append(", address="); + builder.append(address); + builder.append(", contact="); + builder.append(contact); + builder.append(", postalCode="); + builder.append(postalCode); + builder.append(", phone="); + builder.append(phone); + builder.append(", fax="); + builder.append(fax); + builder.append(", email="); + builder.append(email); + builder.append(", sortIndex="); + builder.append(sortIndex); + builder.append(", ldapDn="); + builder.append(ldapDn); + builder.append(", description="); + builder.append(description); + builder.append(", status="); + builder.append(status); + builder.append("]"); + return builder.toString(); + } diff --git a/maxkey-core/src/main/java/org/maxkey/web/HttpResponseAdapter.java b/maxkey-core/src/main/java/org/maxkey/web/HttpResponseAdapter.java index 1cb01784..7b189d00 100644 --- a/maxkey-core/src/main/java/org/maxkey/web/HttpResponseAdapter.java +++ b/maxkey-core/src/main/java/org/maxkey/web/HttpResponseAdapter.java @@ -63,7 +63,6 @@ public class HttpResponseAdapter { out.close(); } } catch (IOException e) { - // TODO Auto-generated catch block e.printStackTrace(); } } diff --git a/maxkey-protocols/maxkey-protocol-jwt/src/main/java/org/maxkey/authz/token/endpoint/JwtAuthorizeEndpoint.java b/maxkey-protocols/maxkey-protocol-jwt/src/main/java/org/maxkey/authz/token/endpoint/JwtAuthorizeEndpoint.java index 17a46549..1b452638 100644 --- a/maxkey-protocols/maxkey-protocol-jwt/src/main/java/org/maxkey/authz/token/endpoint/JwtAuthorizeEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-jwt/src/main/java/org/maxkey/authz/token/endpoint/JwtAuthorizeEndpoint.java @@ -50,7 +50,7 @@ import io.swagger.annotations.ApiOperation; * @author Crystal.Sea * */ -@Api(tags = "JWT接口文档模块") +@Api(tags = "JWT浠ょ墝鎺ュ彛") @Controller public class JwtAuthorizeEndpoint extends AuthorizeBaseEndpoint{ @@ -64,7 +64,7 @@ public class JwtAuthorizeEndpoint extends AuthorizeBaseEndpoint{ @Autowired ApplicationConfig applicationConfig; - @ApiOperation(value = "JWT认证地址接口", notes = "参数应用ID",httpMethod="GET") + @ApiOperation(value = "JWT锟斤拷证锟斤拷址锟接匡拷", notes = "锟斤拷锟斤拷应锟斤拷ID",httpMethod="GET") @RequestMapping("/authz/jwt/{id}") public ModelAndView authorize( HttpServletRequest request, diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpointAuthenticationFilter.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpointAuthenticationFilter.java index 4b3633ae..01085c3a 100644 --- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpointAuthenticationFilter.java +++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpointAuthenticationFilter.java @@ -17,6 +17,7 @@ package org.maxkey.authz.oauth2.provider.endpoint; import java.io.IOException; +import java.util.Enumeration; import java.util.HashMap; import java.util.Map; import java.util.Set; @@ -39,6 +40,8 @@ import org.maxkey.authz.oauth2.provider.AuthorizationRequest; import org.maxkey.authz.oauth2.provider.OAuth2Authentication; import org.maxkey.authz.oauth2.provider.OAuth2Request; import org.maxkey.authz.oauth2.provider.OAuth2RequestFactory; +import org.maxkey.util.AuthorizationHeaderCredential; +import org.maxkey.util.AuthorizationHeaderUtils; import org.maxkey.web.WebContext; import org.springframework.security.authentication.AuthenticationDetailsSource; import org.springframework.security.authentication.AuthenticationManager; @@ -213,13 +216,30 @@ public class TokenEndpointAuthenticationFilter implements Filter { public Authentication ClientCredentials(HttpServletRequest request, HttpServletResponse response) throws AuthenticationException, IOException, ServletException { - if (allowOnlyPost && !"POST".equalsIgnoreCase(request.getMethod())) { throw new HttpRequestMethodNotSupportedException(request.getMethod(), new String[] { "POST" }); } String clientId = request.getParameter("client_id"); String clientSecret = request.getParameter("client_secret"); + if(clientId == null) { + if(logger.isTraceEnabled()) { + logger.trace("getRequestURL : "+request.getRequestURL()); + Enumeration headerNames = request.getHeaderNames(); + while (headerNames.hasMoreElements()) { + String key = (String) headerNames.nextElement(); + String value = request.getHeader(key); + logger.trace("Header key "+key +" , value " + value); + } + } + //for header authorization basic + String authorization_bearer =request.getHeader("authorization"); + AuthorizationHeaderCredential ahc=AuthorizationHeaderUtils.resolve(authorization_bearer); + clientId =ahc.getUsername(); + clientSecret=ahc.getCredential(); + } + + logger.trace("clientId "+clientId +" , clientSecret " + clientSecret); // If the request is already authenticated we can assume that this // filter is not needed diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/OAuthDefaultUserInfoAdapter.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/OAuthDefaultUserInfoAdapter.java index 64690b17..8e9a68a3 100644 --- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/OAuthDefaultUserInfoAdapter.java +++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/OAuthDefaultUserInfoAdapter.java @@ -34,6 +34,8 @@ public class OAuthDefaultUserInfoAdapter extends AbstractAuthorizeAdapter { HashMap beanMap = new HashMap(); beanMap.put("randomId",(new StringGenerator()).uuidGenerate()); beanMap.put("uid", userInfo.getId()); + //for spring security oauth2 + beanMap.put("user", userInfo.getUsername()); beanMap.put("username", userInfo.getUsername()); beanMap.put("employeeNumber", userInfo.getEmployeeNumber()); beanMap.put("email", userInfo.getEmail()); diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/UserInfoEndpoint.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/UserInfoEndpoint.java index ac07b6d4..7c6233c0 100644 --- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/UserInfoEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/UserInfoEndpoint.java @@ -49,6 +49,7 @@ import org.maxkey.util.AuthorizationHeaderUtils; import org.maxkey.util.Instance; import org.maxkey.util.JsonUtils; import org.maxkey.util.StringGenerator; +import org.maxkey.web.HttpResponseAdapter; import org.maxkey.web.WebConstants; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -106,39 +107,42 @@ public class UserInfoEndpoint { private JwtEncryptionAndDecryptionService jwtEnDecryptionService; + private SymmetricSigningAndValidationServiceBuilder symmetricJwtSignerServiceBuilder =new SymmetricSigningAndValidationServiceBuilder(); private RecipientJwtEncryptionAndDecryptionServiceBuilder recipientJwtEnDecryptionServiceBuilder =new RecipientJwtEncryptionAndDecryptionServiceBuilder(); - OAuthDefaultUserInfoAdapter defaultOAuthUserInfoAdapter=new OAuthDefaultUserInfoAdapter(); + @Autowired + protected HttpResponseAdapter httpResponseAdapter; + @ApiOperation(value = "OAuth 2.0 鐢ㄦ埛淇℃伅鎺ュ彛", notes = "浼犻掑弬鏁癮ccess_token",httpMethod="GET") @RequestMapping(value="/oauth/v20/me") - @ResponseBody - public String apiV20UserInfo( + public void apiV20UserInfo( @RequestParam(value = "access_token", required = false) String access_token, @RequestHeader(value = "authorization", required = false) String authorization_bearer, HttpServletRequest request, - HttpServletResponse response) { - response.setContentType(ContentType.APPLICATION_JSON_UTF8); + HttpServletResponse response) { if(access_token == null && authorization_bearer!= null) { - access_token = AuthorizationHeaderUtils.resolveBearer(authorization_bearer); - } - if(_logger.isTraceEnabled()) { - _logger.trace("getRequestURL : "+request.getRequestURL()); - Enumeration headerNames = request.getHeaderNames(); - while (headerNames.hasMoreElements()) { - String key = (String) headerNames.nextElement(); - String value = request.getHeader(key); - _logger.trace("Header key "+key +" , value " + value); + if(_logger.isTraceEnabled()) { + _logger.trace("getRequestURL : "+request.getRequestURL()); + Enumeration headerNames = request.getHeaderNames(); + while (headerNames.hasMoreElements()) { + String key = (String) headerNames.nextElement(); + String value = request.getHeader(key); + _logger.trace("Header key "+key +" , value " + value); + } } + //for header authorization bearer + access_token = AuthorizationHeaderUtils.resolveBearer(authorization_bearer); } + String principal=""; if (!StringGenerator.uuidMatches(access_token)) { - return JsonUtils.gson2Json(accessTokenFormatError(access_token)); + httpResponseAdapter.write(response,JsonUtils.gson2Json(accessTokenFormatError(access_token)),"json"); } OAuth2Authentication oAuth2Authentication =null; try{ @@ -160,12 +164,12 @@ public class UserInfoEndpoint { String jsonData=adapter.generateInfo( (SigninPrincipal)oAuth2Authentication.getUserAuthentication().getPrincipal(), userInfo, app); - return jsonData; + httpResponseAdapter.write(response,jsonData,"json"); }catch(OAuth2Exception e){ HashMapauthzException=new HashMap(); authzException.put(OAuth2Exception.ERROR, e.getOAuth2ErrorCode()); authzException.put(OAuth2Exception.DESCRIPTION,e.getMessage()); - return JsonUtils.gson2Json(authzException); + httpResponseAdapter.write(response,JsonUtils.gson2Json(authzException),"json"); } } -- GitLab