use of org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter in project MaxKey by dromara.
the class Cas30AuthorizeEndpoint method serviceValidate.
@Operation(summary = "CAS 3.0 ticket验证接口", description = "通过ticket获取当前登录用户信息", method = "POST")
@RequestMapping(value = CasConstants.ENDPOINT.ENDPOINT_SERVICE_VALIDATE_V3)
public void serviceValidate(HttpServletRequest request, HttpServletResponse response, @RequestParam(value = CasConstants.PARAMETER.TICKET) String ticket, @RequestParam(value = CasConstants.PARAMETER.SERVICE) String service, @RequestParam(value = CasConstants.PARAMETER.PROXY_CALLBACK_URL, required = false) String pgtUrl, @RequestParam(value = CasConstants.PARAMETER.RENEW, required = false) String renew, @RequestParam(value = CasConstants.PARAMETER.FORMAT, required = false, defaultValue = HttpResponseConstants.FORMAT_TYPE.XML) String format) {
_logger.debug("serviceValidate " + " ticket " + ticket + " , service " + service + " , pgtUrl " + pgtUrl + " , renew " + renew + " , format " + format);
Ticket storedTicket = null;
if (ticket.startsWith(CasConstants.PREFIX.SERVICE_TICKET_PREFIX)) {
try {
storedTicket = ticketServices.consumeTicket(ticket);
} catch (Exception e) {
e.printStackTrace();
}
}
ServiceResponseBuilder serviceResponseBuilder = new ServiceResponseBuilder();
if (storedTicket != null) {
SigninPrincipal authentication = ((SigninPrincipal) storedTicket.getAuthentication().getPrincipal());
if (StringUtils.isNotBlank(pgtUrl)) {
ProxyGrantingTicketIOUImpl proxyGrantingTicketIOUImpl = new ProxyGrantingTicketIOUImpl();
String proxyGrantingTicketIOU = casProxyGrantingTicketServices.createTicket(proxyGrantingTicketIOUImpl);
ProxyGrantingTicketImpl proxyGrantingTicketImpl = new ProxyGrantingTicketImpl(storedTicket.getAuthentication(), storedTicket.getCasDetails());
String proxyGrantingTicket = casProxyGrantingTicketServices.createTicket(proxyGrantingTicketImpl);
serviceResponseBuilder.success().setTicket(proxyGrantingTicketIOU);
serviceResponseBuilder.success().setProxy(pgtUrl);
httpRequestAdapter.post(pgtUrl + "?pgtId=" + proxyGrantingTicket + "&pgtIou=" + proxyGrantingTicketIOU, null);
}
if (ConstsBoolean.isTrue(storedTicket.getCasDetails().getIsAdapter())) {
Object samlAdapter = Instance.newInstance(storedTicket.getCasDetails().getAdapter());
try {
BeanUtils.setProperty(samlAdapter, "serviceResponseBuilder", serviceResponseBuilder);
} catch (IllegalAccessException | InvocationTargetException e) {
_logger.error("setProperty error . ", e);
}
UserInfo userInfo = (UserInfo) userInfoService.findByUsername(authentication.getUsername());
AbstractAuthorizeAdapter adapter = (AbstractAuthorizeAdapter) samlAdapter;
adapter.setAuthentication(authentication);
adapter.setUserInfo(userInfo);
adapter.setApp(storedTicket.getCasDetails());
adapter.generateInfo();
}
} else {
serviceResponseBuilder.failure().setCode(CasConstants.ERROR_CODE.INVALID_TICKET).setDescription("Ticket " + ticket + " not recognized");
}
httpResponseAdapter.write(response, serviceResponseBuilder.serviceResponseBuilder(), format);
}
use of org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter in project MaxKey by dromara.
the class UserInfoEndpoint method apiV20UserInfo.
@Operation(summary = "OAuth 2.0 用户信息接口", description = "传递参数access_token", method = "GET")
@RequestMapping(value = OAuth2Constants.ENDPOINT.ENDPOINT_USERINFO, method = { RequestMethod.POST, RequestMethod.GET })
public void apiV20UserInfo(@RequestParam(value = "access_token", required = false) String access_token, HttpServletRequest request, HttpServletResponse response) {
if (StringUtils.isBlank(access_token)) {
// for header authorization bearer
access_token = AuthorizationHeaderUtils.resolveBearer(request);
}
if (!StringGenerator.uuidMatches(access_token)) {
httpResponseAdapter.write(response, JsonUtils.gson2Json(accessTokenFormatError(access_token)), "json");
}
String principal = "";
OAuth2Authentication oAuth2Authentication = null;
try {
oAuth2Authentication = oauth20tokenServices.loadAuthentication(access_token);
principal = ((SigninPrincipal) oAuth2Authentication.getUserAuthentication().getPrincipal()).getUsername();
String client_id = oAuth2Authentication.getOAuth2Request().getClientId();
ClientDetails clientDetails = clientDetailsService.loadClientByClientId(client_id, true);
UserInfo userInfo = queryUserInfo(principal);
Apps app = appsService.get(client_id);
AbstractAuthorizeAdapter adapter;
if (ConstsBoolean.isTrue(app.getIsAdapter())) {
adapter = (AbstractAuthorizeAdapter) Instance.newInstance(app.getAdapter());
try {
BeanUtils.setProperty(adapter, "clientDetails", clientDetails);
} catch (IllegalAccessException | InvocationTargetException e) {
_logger.error("setProperty error . ", e);
}
} else {
adapter = (AbstractAuthorizeAdapter) new OAuthDefaultUserInfoAdapter(clientDetails);
}
adapter.setAuthentication((SigninPrincipal) oAuth2Authentication.getUserAuthentication().getPrincipal());
adapter.setUserInfo(userInfo);
adapter.setApp(app);
Object jsonData = adapter.generateInfo();
httpResponseAdapter.write(response, jsonData.toString(), "json");
} catch (OAuth2Exception e) {
HashMap<String, Object> authzException = new HashMap<String, Object>();
authzException.put(OAuth2Exception.ERROR, e.getOAuth2ErrorCode());
authzException.put(OAuth2Exception.DESCRIPTION, e.getMessage());
httpResponseAdapter.write(response, JsonUtils.gson2Json(authzException), "json");
}
}
use of org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter in project MaxKey by dromara.
the class TokenBasedAuthorizeEndpoint method authorize.
@Operation(summary = "TokenBased认证接口", description = "传递参数应用ID", method = "GET")
@RequestMapping("/authz/tokenbased/{id}")
public ModelAndView authorize(HttpServletRequest request, HttpServletResponse response, @PathVariable("id") String id) {
ModelAndView modelAndView = new ModelAndView();
AppsTokenBasedDetails tokenBasedDetails = null;
tokenBasedDetails = tokenBasedDetailsService.getAppDetails(id, true);
_logger.debug("" + tokenBasedDetails);
Apps application = getApp(id);
tokenBasedDetails.setAdapter(application.getAdapter());
tokenBasedDetails.setIsAdapter(application.getIsAdapter());
AbstractAuthorizeAdapter adapter;
if (ConstsBoolean.isTrue(tokenBasedDetails.getIsAdapter())) {
adapter = (AbstractAuthorizeAdapter) Instance.newInstance(tokenBasedDetails.getAdapter());
} else {
adapter = (AbstractAuthorizeAdapter) new TokenBasedDefaultAdapter();
}
adapter.setAuthentication((SigninPrincipal) WebContext.getAuthentication().getPrincipal());
adapter.setUserInfo(WebContext.getUserInfo());
adapter.setApp(tokenBasedDetails);
adapter.generateInfo();
adapter.encrypt(null, tokenBasedDetails.getAlgorithmKey(), tokenBasedDetails.getAlgorithm());
if (tokenBasedDetails.getTokenType().equalsIgnoreCase("POST")) {
return adapter.authorize(modelAndView);
} else {
_logger.debug("Cookie Name : {}", tokenBasedDetails.getCookieName());
Cookie cookie = new Cookie(tokenBasedDetails.getCookieName(), adapter.serialize());
Integer maxAge = tokenBasedDetails.getExpires();
_logger.debug("Cookie Max Age : {} seconds.", maxAge);
cookie.setMaxAge(maxAge);
cookie.setPath("/");
//
// cookie.setDomain("."+applicationConfig.getBaseDomainName());
// tomcat 8.5
cookie.setDomain(applicationConfig.getBaseDomainName());
_logger.debug("Sub Domain Name : .{}", applicationConfig.getBaseDomainName());
response.addCookie(cookie);
if (tokenBasedDetails.getRedirectUri().indexOf(applicationConfig.getBaseDomainName()) > -1) {
return WebContext.redirect(tokenBasedDetails.getRedirectUri());
} else {
_logger.error(tokenBasedDetails.getRedirectUri() + " not in domain " + applicationConfig.getBaseDomainName());
return null;
}
}
}
Aggregations