Pārlūkot izejas kodu

OAuth App is null

Crystal.Sea 4 gadi atpakaļ
vecāks
revīzija
d20c0cf8eb

+ 1 - 6
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/endpoint/OAuth20AccessConfirmationEndpoint.java

@@ -85,12 +85,7 @@ public class OAuth20AccessConfirmationEndpoint {
 	                (AuthorizationRequest) WebContext.getAttribute("authorizationRequest");
 	        ClientDetails client = clientDetailsService.loadClientByClientId(clientAuth.getClientId());
 	        Apps  app = (Apps)WebContext.getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP);
-	        //session中为空或者id不一致重新加载
-	        if (app == null || !app.getId().equalsIgnoreCase(clientAuth.getClientId())) {
-	            app = appsService.get(clientAuth.getClientId()); 
-	            WebContext.setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP, app);
-	            WebContext.setAttribute(app.getId(), app.getIcon());
-	        }
+	        WebContext.setAttribute(app.getId(), app.getIcon());
 	       
 	        model.put("auth_request", clientAuth);
 	        model.put("client", client);

+ 5 - 0
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AbstractEndpoint.java

@@ -35,6 +35,7 @@ import org.maxkey.authz.oauth2.provider.refresh.RefreshTokenGranter;
 import org.maxkey.authz.oauth2.provider.request.DefaultOAuth2RequestFactory;
 import org.maxkey.authz.oauth2.provider.token.AuthorizationServerTokenServices;
 import org.maxkey.configuration.ApplicationConfig;
+import org.maxkey.persistence.service.AppsService;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
@@ -75,6 +76,10 @@ public class AbstractEndpoint implements InitializingBean {
     @Qualifier("oauth20UserAuthenticationManager")
 	AuthenticationManager authenticationManager;
 	
+	@Autowired
+    @Qualifier("appsService")
+    protected AppsService appsService;
+	
 	@Autowired 
     @Qualifier("applicationConfig")
     protected ApplicationConfig applicationConfig;

+ 9 - 1
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AuthorizationEndpoint.java

@@ -43,7 +43,9 @@ import org.maxkey.authz.oauth2.provider.code.AuthorizationCodeServices;
 import org.maxkey.authz.oauth2.provider.implicit.ImplicitTokenRequest;
 import org.maxkey.authz.oauth2.provider.request.DefaultOAuth2RequestValidator;
 import org.maxkey.util.HttpEncoder;
+import org.maxkey.entity.apps.Apps;
 import org.maxkey.entity.apps.oauth2.provider.ClientDetails;
+import org.maxkey.web.WebConstants;
 import org.maxkey.web.WebContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -200,7 +202,13 @@ public class AuthorizationEndpoint extends AbstractEndpoint {
 							(Authentication) principal));
 				}
 			}
-
+			Apps  app = (Apps)WebContext.getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP);
+			//session中为空或者id不一致重新加载
+            if (app == null || !app.getId().equalsIgnoreCase(authorizationRequest.getClientId())) {
+                app = appsService.get(authorizationRequest.getClientId()); 
+                WebContext.setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP, app);
+            }
+            
 			// Place auth request into the model so that it is stored in the session
 			// for approveOrDeny to use. That way we make sure that auth request comes from the session,
 			// so any auth request parameters passed to approveOrDeny will be ignored and retrieved from the session.