浏览代码

OAuth2 grant_type=password fix

OAuth2 grant_type=password fix
MaxKey 4 年之前
父节点
当前提交
3497aa5d26

+ 1 - 1
maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java

@@ -70,7 +70,7 @@ public abstract class AbstractAuthenticationProvider {
     @Qualifier("onlineTicketServices")
     protected OnlineTicketServices onlineTicketServices;
     
-    static  ArrayList<GrantedAuthority> grantedAdministratorsAuthoritys = new ArrayList<GrantedAuthority>();
+    public static  ArrayList<GrantedAuthority> grantedAdministratorsAuthoritys = new ArrayList<GrantedAuthority>();
     
     static {
         grantedAdministratorsAuthoritys.add(new SimpleGrantedAuthority("ROLE_ADMINISTRATORS"));

+ 16 - 4
maxkey-core/src/main/java/org/maxkey/authn/SigninPrincipal.java

@@ -37,6 +37,14 @@ public class SigninPrincipal implements  UserDetails {
     ArrayList<GrantedAuthority> grantedAuthorityApps;
     boolean authenticated;
     boolean roleAdministrators;
+    
+	private  boolean accountNonExpired;
+
+	private  boolean accountNonLocked;
+
+	private  boolean credentialsNonExpired;
+
+	private  boolean enabled;
 
     /**
      * SigninPrincipal.
@@ -50,6 +58,10 @@ public class SigninPrincipal implements  UserDetails {
     public SigninPrincipal(UserInfo userInfo) {
         this.userInfo = userInfo;
         this.authenticated = true;
+        this.accountNonExpired = true;
+        this.accountNonLocked  = true;
+        this.credentialsNonExpired =true;
+        this.enabled = true;
     }
     
     /**
@@ -116,22 +128,22 @@ public class SigninPrincipal implements  UserDetails {
 
     @Override
     public boolean isAccountNonExpired() {
-        return false;
+        return this.accountNonExpired;
     }
 
     @Override
     public boolean isAccountNonLocked() {
-        return false;
+        return this.accountNonLocked;
     }
 
     @Override
     public boolean isCredentialsNonExpired() {
-        return false;
+        return this.credentialsNonExpired;
     }
 
     @Override
     public boolean isEnabled() {
-        return false;
+        return this.enabled;
     }
 
     public ArrayList<GrantedAuthority> getGrantedAuthorityApps() {

+ 33 - 3
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/OAuth2UserDetailsService.java

@@ -12,9 +12,19 @@
  */
 package org.maxkey.authz.oauth2.provider;
 
+import java.util.ArrayList;
+
+import org.maxkey.authn.AbstractAuthenticationProvider;
+import org.maxkey.authn.SigninPrincipal;
+import org.maxkey.authn.online.OnlineTicket;
 import org.maxkey.domain.UserInfo;
 import org.maxkey.persistence.db.LoginService;
-import org.springframework.security.core.userdetails.User;
+import org.maxkey.web.WebConstants;
+import org.maxkey.web.WebContext;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
@@ -24,7 +34,8 @@ import org.springframework.security.core.userdetails.UsernameNotFoundException;
  * 
  */
 public class OAuth2UserDetailsService implements UserDetailsService {
-
+	 private static final Logger _logger = 
+	            LoggerFactory.getLogger(OAuth2UserDetailsService.class);
 	
     LoginService loginService;
 	
@@ -42,8 +53,27 @@ public class OAuth2UserDetailsService implements UserDetailsService {
 			throw new UsernameNotFoundException(e.getMessage(), e);
 		}
 		
+		String onlineTickitId = WebConstants.ONLINE_TICKET_PREFIX + "-" + java.util.UUID.randomUUID().toString().toLowerCase();
 		
-		return new User(username, userInfo.getPassword(), loginService.grantAuthority(userInfo));
+		SigninPrincipal signinPrincipal = new SigninPrincipal(userInfo);
+		OnlineTicket onlineTicket = new OnlineTicket(onlineTickitId);
+		//set OnlineTicket
+        signinPrincipal.setOnlineTicket(onlineTicket);
+        
+        ArrayList<GrantedAuthority> grantedAuthoritys = loginService.grantAuthority(userInfo);
+        signinPrincipal.setAuthenticated(true);
+        
+        for(GrantedAuthority administratorsAuthority : AbstractAuthenticationProvider.grantedAdministratorsAuthoritys) {
+            if(grantedAuthoritys.contains(administratorsAuthority)) {
+                signinPrincipal.setRoleAdministrators(true);
+                _logger.trace("ROLE ADMINISTRATORS Authentication .");
+            }
+        }
+        _logger.debug("Granted Authority " + grantedAuthoritys);
+        
+        signinPrincipal.setGrantedAuthorityApps(grantedAuthoritys);
+        
+		return signinPrincipal;
 	}
 
 }