Browse Source

oauth client_credentials Optimize

MaxKey 4 năm trước cách đây
mục cha
commit
26de7922e5

+ 1 - 0
maxkey-core/src/main/java/org/maxkey/entity/apps/AppsOAuth20Details.java

@@ -81,6 +81,7 @@ public class AppsOAuth20Details extends Apps {
         this.id = application.getId();
         this.setName(application.getName());
         this.setLoginUrl(application.getLoginUrl());
+        this.setLogoutUrl(application.getLogoutUrl());
         this.setCategory(application.getCategory());
         this.setProtocol(application.getProtocol());
         this.setIcon(application.getIcon());

+ 1 - 0
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/client/JdbcClientDetailsService.java

@@ -152,6 +152,7 @@ public class JdbcClientDetailsService implements ClientDetailsService, ClientReg
         if (count != 1) {
             throw new NoSuchClientException("No client found with id = " + clientDetails.getClientId());
         }
+        clientDetailsCache.invalidate(clientDetails.getClientId());
     }
 
     public void updateClientSecret(String clientId, String secret) throws NoSuchClientException {

+ 4 - 1
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpointAuthenticationFilter.java

@@ -155,14 +155,17 @@ public class TokenEndpointAuthenticationFilter implements Filter {
 		try {
 			String grantType = request.getParameter(OAuth2Constants.PARAMETER.GRANT_TYPE);
 			if (grantType != null && grantType.equals(OAuth2Constants.PARAMETER.GRANT_TYPE_PASSWORD)) {
+				//password
 				usernamepassword(request,response);
 			}else {
 				Authentication authentication=ClientCredentials(request,response);
 				logger.trace("getPrincipal " + authentication.getPrincipal().getClass());
 				SigninPrincipal auth = null;
 				if(authentication.getPrincipal() instanceof SigninPrincipal) {
+					//authorization_code
 					auth = (SigninPrincipal)authentication.getPrincipal();
 				}else {
+					//client_credentials
 					auth =new SigninPrincipal((User)authentication.getPrincipal());
 				}
 				auth.setAuthenticated(true);
@@ -242,7 +245,7 @@ public class TokenEndpointAuthenticationFilter implements Filter {
 	public Authentication ClientCredentials(HttpServletRequest request, HttpServletResponse response)
 				throws AuthenticationException, IOException, ServletException {
 			if (allowOnlyPost && !"POST".equalsIgnoreCase(request.getMethod())) {
-				throw new HttpRequestMethodNotSupportedException(request.getMethod(), new String[] { "POST" });
+				throw new HttpRequestMethodNotSupportedException(request.getMethod(), new String[] { "POST","G" });
 			}
 
 			String clientId = request.getParameter(OAuth2Constants.PARAMETER.CLIENT_ID);

+ 5 - 0
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/request/DefaultOAuth2RequestFactory.java

@@ -17,6 +17,7 @@ import java.util.LinkedHashSet;
 import java.util.Map;
 import java.util.Set;
 
+import org.apache.commons.lang3.StringUtils;
 import org.maxkey.authz.oauth2.common.OAuth2Constants;
 import org.maxkey.authz.oauth2.common.exceptions.InvalidClientException;
 import org.maxkey.authz.oauth2.common.util.OAuth2Utils;
@@ -109,6 +110,10 @@ public class DefaultOAuth2RequestFactory implements OAuth2RequestFactory {
 			}
 		}
 		String grantType = requestParameters.get(OAuth2Constants.PARAMETER.GRANT_TYPE);
+		if(StringUtils.isBlank(grantType)) {
+			//default client_credentials
+			grantType = OAuth2Constants.PARAMETER.GRANT_TYPE_CLIENT_CREDENTIALS;
+		}
 
 		Set<String> scopes = extractScopes(requestParameters, clientId);
 		TokenRequest tokenRequest = new TokenRequest(requestParameters, clientId, scopes, grantType);

+ 1 - 1
maxkey-webs/maxkey-web-maxkey/src/main/resources/application-http.properties

@@ -16,7 +16,7 @@
 #spring.profiles.active=http                                               #
 ############################################################################
 #server port
-server.port                                     =8080
+server.port                                     =80
 #session default 1800
 #1800s =30m
 #28800s=8h

+ 1 - 1
maxkey-webs/maxkey-web-maxkey/src/main/resources/application.properties

@@ -27,5 +27,5 @@ spring.main.banner-mode                     =log
 ############################################################################
 #spring.profiles.active https/http; default https                          #
 ############################################################################
-spring.profiles.active                      =https
+spring.profiles.active                      =http
 

+ 0 - 2
maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/jobs/AccountsStrategyJob.java

@@ -57,9 +57,7 @@ public class AccountsStrategyJob   implements Job , Serializable {
                 accountsService = 
                 		(AccountsService) context.getMergedJobDataMap().get("service");
             }else {
-
             	accountsService.refreshAllByStrategy();
-            
             	Thread.sleep(10 *1000);
             }
             _logger.debug("DynamicGroupsJob is success  " );

+ 0 - 2
maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/jobs/DynamicGroupsJob.java

@@ -56,9 +56,7 @@ public class DynamicGroupsJob  implements Job , Serializable {
                 groupsService = 
                 		(GroupsService) context.getMergedJobDataMap().get("service");
             }else {
-
             	groupsService.refreshAllDynamicGroups();
-            
             	Thread.sleep(10 *1000);
             }
             _logger.debug("DynamicGroupsJob is success  " );

+ 1 - 0
maxkey-webs/maxkey-web-mgt/src/main/resources/templates/views/apps/oauth20/appAdd.ftl

@@ -81,6 +81,7 @@
 								<td>authorization_code | code<input type="checkbox" id="grantTypes_authorization_code" name="authorizedGrantTypes" value="authorization_code"  checked /></td>
 								<td>password<input type="checkbox" id="grantTypes_trust" name="authorizedGrantTypes" value="password"/></td>
 								<td>implicit<input type="checkbox" id="grantTypes_implicit" name="authorizedGrantTypes" value="implicit"/></td>
+								<td>client_credentials<input type="checkbox" id="grantTypes_client_credentials" name="authorizedGrantTypes" value="client_credentials"/></td>
 								<td>refresh_token<input type="checkbox" id="grantTypes_refresh_token" name="authorizedGrantTypes" value="refresh_token"/></td>
 								<td>id_token<input  type="checkbox" id="grantTypes_id_token" name="authorizedGrantTypes" value="id_token"/></td>
 								<td>token<input type="checkbox" id="grantTypes_token" name="authorizedGrantTypes" value="token"/></td>

+ 1 - 0
maxkey-webs/maxkey-web-mgt/src/main/resources/templates/views/apps/oauth20/appUpdate.ftl

@@ -68,6 +68,7 @@
 								<td>authorization_code | code<input <#if   model.authorizedGrantTypes?contains('authorization_code') >checked</#if>  type="checkbox" id="grantTypes_authorization_code" name="authorizedGrantTypes" value="authorization_code"/></td>
 								<td>password<input <#if   model.authorizedGrantTypes?contains('password') >checked</#if>  type="checkbox" id="grantTypes_trust" name="authorizedGrantTypes" value="password"/></td>
 								<td>implicit<input <#if   model.authorizedGrantTypes?contains('implicit') >checked</#if>  type="checkbox" id="grantTypes_implicit" name="authorizedGrantTypes" value="implicit"/></td>
+								<td>client_credentials<input <#if   model.authorizedGrantTypes?contains('client_credentials') >checked</#if>  type="checkbox" id="grantTypes_client_credentials" name="authorizedGrantTypes" value="client_credentials"/></td>
 								<td>refresh_token<input <#if   model.authorizedGrantTypes?contains('refresh_token') >checked</#if>  type="checkbox" id="grantTypes_refresh_token" name="authorizedGrantTypes" value="refresh_token"/></td>
 								<td>id_token<input <#if   model.authorizedGrantTypes?contains('id_token') >checked</#if>  type="checkbox" id="grantTypes_id_token" name="authorizedGrantTypes" value="id_token"/></td>
 								<td>token<input <#if   model.authorizedGrantTypes?contains( 'token') >checked</#if>  type="checkbox" id="grantTypes_token" name="authorizedGrantTypes" value="token"/></td>