change Social Sign On use JustAuth

change Social Sign On use JustAuth，
dingtalk
sinaweibo
is tested

build.gradle

@@ -202,6 +202,10 @@ subprojects {
          compile group: 'org.opensaml', name: 'openws', version: '1.5.4'
          compile group: 'org.opensaml', name: 'xmltooling', version: '1.4.4'
          
+         compile group: 'cn.hutool', name: 'hutool-core', version: '5.1.2'
+         compile group: 'cn.hutool', name: 'hutool-http', version: '5.1.2'
+         implementation 'me.zhyd.oauth:JustAuth:1.13.2'
+         
          compile group: 'org.javassist', name: 'javassist', version: '3.23.0-GA'
          compile group: 'org.owasp.esapi', name: 'esapi', version: '2.2.0.0'
          compile group: 'com.sun.mail', name: 'javax.mail', version: '1.6.2'
@@ -232,6 +236,7 @@ subprojects {
          compile group: 'com.fasterxml.jackson.core', name: 'jackson-core', version: "${jacksonVersion}"
          compile group: 'com.fasterxml.jackson.core', name: 'jackson-annotations', version: "${jacksonVersion}"
          compile group: 'com.fasterxml', name: 'classmate', version: '1.5.0'
+		 compile group: 'com.alibaba', name: 'fastjson', version: '1.2.62'
          
          compile group: 'org.reactivestreams', name: 'reactive-streams', version: '1.0.2'
          compile group: 'io.projectreactor', name: 'reactor-core', version: '3.2.10.RELEASE'

maxkey-authentications/src/main/java/org/maxkey/authn/support/socialsignon/AbstractSocialSignOnEndpoint.java

@@ -3,25 +3,18 @@
  */
 package org.maxkey.authn.support.socialsignon;
 
-import java.util.HashMap;
-import java.util.Map;
-
 import org.maxkey.authn.support.socialsignon.service.SocialSignOnProvider;
 import org.maxkey.authn.support.socialsignon.service.SocialSignOnProviderService;
 import org.maxkey.authn.support.socialsignon.service.SocialSignOnUserTokenService;
-import org.maxkey.client.http.HttpVerb;
-import org.maxkey.client.http.Response;
-import org.maxkey.client.oauth.model.OAuthRequest;
-import org.maxkey.client.oauth.model.Token;
-import org.maxkey.client.oauth.model.Verifier;
-import org.maxkey.client.oauth.oauth.OAuthService;
-import org.maxkey.util.JsonUtils;
-import org.maxkey.util.StringUtils;
 import org.maxkey.web.WebContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 
+import me.zhyd.oauth.model.AuthCallback;
+import me.zhyd.oauth.model.AuthResponse;
+import me.zhyd.oauth.request.AuthRequest;
+
 /**
  * @author Crystal.Sea
  *
@@ -45,11 +38,10 @@ public class AbstractSocialSignOnEndpoint {
 		public  final static String SOCIALSIGNON_TYPE_BIND="socialsignon_type_bind";
 	}
 	
-	protected Token accessToken;
 	
 	protected SocialSignOnProvider socialSignOnProvider;
 	
-	protected OAuthService oauthService;
+	protected AuthRequest authRequest;
 	
 	protected String accountJsonString;
 	
@@ -65,103 +57,41 @@ public class AbstractSocialSignOnEndpoint {
 	
 	
  	
-  	protected OAuthService buildOAuthService(String provider){
+  	protected AuthRequest buildAuthRequest(String provider){
   		
 		SocialSignOnProvider socialSignOnProvider = socialSignOnProviderService.get(provider);
 		_logger.debug("socialSignOn Provider : "+socialSignOnProvider);
 		
 		if(socialSignOnProvider!=null){
-			OAuthServiceBuilder oAuthServiceBuilder=new OAuthServiceBuilder(socialSignOnProvider);
-			oauthService=oAuthServiceBuilder.builderOAuthService();
-			WebContext.setAttribute(SOCIALSIGNON_OAUTH_SERVICE_SESSION, socialSignOnProvider);
-			WebContext.setAttribute(SOCIALSIGNON_PROVIDER_SESSION, oauthService);
-			return oauthService;
+			authRequest=socialSignOnProviderService.getAuthRequest(provider);
+			WebContext.setAttribute(SOCIALSIGNON_OAUTH_SERVICE_SESSION, authRequest);
+			WebContext.setAttribute(SOCIALSIGNON_PROVIDER_SESSION, socialSignOnProvider);
+			return authRequest;
 		}
 		return null;
 	}
-  	
-  	/**
-  	 * get accessToken
-  	 * @param service
-  	 * @return
-  	 */
-  	protected Token getAccessToken() {
-  		
-  		socialSignOnProvider=(SocialSignOnProvider)WebContext.getAttribute(SOCIALSIGNON_OAUTH_SERVICE_SESSION);
-  		oauthService=(OAuthService)WebContext.getAttribute(SOCIALSIGNON_PROVIDER_SESSION);
-  		String oauthVerifier = WebContext.getRequest().getParameter(socialSignOnProvider.getVerifierCode());
+    	
+	protected String  authCallback() {
+ 		authRequest=(AuthRequest)WebContext.getAttribute(SOCIALSIGNON_OAUTH_SERVICE_SESSION);
+ 		socialSignOnProvider=(SocialSignOnProvider)WebContext.getAttribute(SOCIALSIGNON_PROVIDER_SESSION);
   		WebContext.removeAttribute(SOCIALSIGNON_OAUTH_SERVICE_SESSION);
   		WebContext.removeAttribute(SOCIALSIGNON_PROVIDER_SESSION);
-		if(StringUtils.isNullOrBlank(socialSignOnProvider.getVerifierCode()))
-			return null;
-		// getting access token
-		Verifier verifier = new Verifier(oauthVerifier);
-		this.accessToken=oauthService.getAccessToken(null, verifier);
-		
-		return accessToken;
-  	}
-  	
-  	protected String requestAccountJson() {
-  		OAuthRequest oauthRequest = new OAuthRequest(HttpVerb.GET, this.convertAccountUrl(socialSignOnProvider.getAccountUrl(),socialSignOnProvider.getProvider(), accessToken));
-  		oauthService.signRequest(accessToken, oauthRequest);
-		Response oauthResponse = oauthRequest.send();
-		accountJsonString=oauthResponse.getBody();
-		_logger.debug("requestAccountJson : "+accountJsonString);
-		return accountJsonString;
-  	}
-  	
-  	
-
- 	@SuppressWarnings("unchecked")
-	protected String  getAccountId() {
- 		//if(StringUtils.isNullOrBlank(accountJsonString)) {
- 			requestAccountJson();
- 		//}
- 			
-		if(this.provider.equals("qq")){
- 			accountJsonString=accountJsonString.substring(accountJsonString.indexOf("{"), accountJsonString.indexOf("}")+1);
- 		}
- 		Map<String,Object> map = new HashMap<String,Object>();
- 		
- 		map=(HashMap<String,Object>)JsonUtils.json2Object(accountJsonString, map);
- 		if(this.provider.equals("qqweibo")){
- 			if(accessToken.getResponseObject().get(socialSignOnProvider.getAccountId())!=null){
- 	 			accountId=accessToken.getResponseObject().get(socialSignOnProvider.getAccountId()).toString();
- 	 		}
- 		}else if(this.provider.equals("qq")){
- 			accountId=map.get(socialSignOnProvider.getAccountId()).toString();
-
- 		}else{
-	 		if(map.get(socialSignOnProvider.getAccountId())!=null){
-	 			accountId=map.get(socialSignOnProvider.getAccountId()).toString();
-	 		}
- 		}
- 		
+  		
+  		AuthCallback authCallback=new AuthCallback();
+  		authCallback.setCode(WebContext.getRequest().getParameter("code"));
+  		authCallback.setAuth_code(WebContext.getRequest().getParameter("auth_code"));
+  		authCallback.setOauthToken(WebContext.getRequest().getParameter("oauthToken"));
+  		authCallback.setAuthorization_code(WebContext.getRequest().getParameter("authorization_code"));
+  		authCallback.setOauthVerifier(WebContext.getRequest().getParameter("oauthVerifier"));
+  		authCallback.setState(WebContext.getRequest().getParameter("state"));
+  		
+  		AuthResponse<?> authResponse=authRequest.login(authCallback);
+  		_logger.debug("Response  : "+authResponse);
+  		accountId=socialSignOnProviderService.getAccountId(socialSignOnProvider.getProvider(), authResponse);
  		
  		_logger.debug("getAccountId : "+accountId);
  		return accountId;
  	}
   	
-  	private String convertAccountUrl(String accountUrl,String provider,Token accessToken) {
-  		if("sinaweibo".equals(provider)) {
-  			if(null!=accessToken.getResponseObject()) {
-  				Object uid = accessToken.getResponseObject().get("uid");
-  				accountUrl = this.convertUrl(accountUrl, "uid", uid == null  ? "" : uid.toString());
-  			}
-  		}
-  		return accountUrl;
-  	}
-  	
-  	private String convertUrl(String url,String paramName,String paramVal) {
-		StringBuilder sb = new StringBuilder(url);
-		if (url.indexOf('?') < 0) {
-			sb.append('?');
-		}
-		else {
-			sb.append('&');
-		}
-		sb.append(paramName+"=").append(paramVal);
-		return sb.toString();
-  	}
 
 }

maxkey-authentications/src/main/java/org/maxkey/authn/support/socialsignon/OAuthServiceBuilder.java

@@ -1,91 +0,0 @@
-package org.maxkey.authn.support.socialsignon;
-
-import org.maxkey.authn.support.socialsignon.service.SocialSignOnProvider;
-import org.maxkey.client.http.SignatureType;
-import org.maxkey.client.oauth.builder.ServiceBuilder;
-import org.maxkey.client.oauth.builder.api.Api;
-import org.maxkey.client.oauth.builder.api.OAuthApi20;
-import org.maxkey.client.oauth.oauth.OAuthService;
-import org.maxkey.web.WebContext;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-
-public class OAuthServiceBuilder {
-	private static Logger _logger = LoggerFactory.getLogger(OAuthServiceBuilder.class);
-	
-	private SocialSignOnProvider socialSignOnProvider;
-	
-	private Api api;
-	
-	
-	/**
-	 * 
-	 */
-	public OAuthServiceBuilder() {
-
-	}
-
-
-	/**
-	 * @param socialSignOnProvider
-	 */
-	public OAuthServiceBuilder(SocialSignOnProvider socialSignOnProvider) {
-		
-		this.socialSignOnProvider = socialSignOnProvider;
-		String callbackUrl=WebContext.getHttpContextPath()+ "/logon/oauth20/callback/"+socialSignOnProvider.getProvider();
-		
-		socialSignOnProvider.setCallBack(callbackUrl);
-		
-		api  = new OAuthApi20(socialSignOnProvider.getAuthorizeUrl(),
-				socialSignOnProvider.getAccessTokenUrl(),
-				socialSignOnProvider.getAccessTokenMethod());
-		
-		_logger.debug("api : "+api);
-	}
-
-
-	public OAuthService builderOAuthService() {
-		
-		if(socialSignOnProvider.getScope()==null||socialSignOnProvider.getScope().equals("")){
-			return new ServiceBuilder().provider(api)
-								.apiKey(socialSignOnProvider.getClientId())
-							    .apiSecret(socialSignOnProvider.getClientSecret())
-							    .callback(socialSignOnProvider.getCallBack())
-							    .signatureType(SignatureType.QueryString)
-							    .debug()
-							    .build();
-		}else{
-			return new ServiceBuilder().provider(api)
-								.apiKey(socialSignOnProvider.getClientId())
-							    .apiSecret(socialSignOnProvider.getClientSecret())
-							    .scope(socialSignOnProvider.getScope())
-							    .callback(socialSignOnProvider.getCallBack())
-							    .signatureType(SignatureType.QueryString)
-							    .debug()
-							    .build();
-		}
-	}
-
-	
-
-	public SocialSignOnProvider getSocialSignOnProvider() {
-		return socialSignOnProvider;
-	}
-
-
-	public void setSocialSignOnProvider(SocialSignOnProvider socialSignOnProvider) {
-		this.socialSignOnProvider = socialSignOnProvider;
-	}
-
-
-	public Api getApi() {
-		return api;
-	}
-
-
-	public void setApi(Api api) {
-		this.api = api;
-	}
-	
-	
-}

maxkey-authentications/src/main/java/org/maxkey/authn/support/socialsignon/SocialSignOnEndpoint.java

@@ -8,7 +8,6 @@ import javax.servlet.http.HttpServletRequest;
 import org.maxkey.authn.realm.AbstractAuthenticationRealm;
 import org.maxkey.authn.support.socialsignon.service.SocialSignOnUserToken;
 import org.maxkey.constants.LOGINTYPE;
-import org.maxkey.util.JsonUtils;
 import org.maxkey.web.WebContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -22,6 +21,8 @@ import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.servlet.ModelAndView;
 
+import me.zhyd.oauth.utils.AuthStateUtils;
+
 /**
  * @author Crystal.Sea
  *
@@ -38,7 +39,7 @@ public class SocialSignOnEndpoint  extends AbstractSocialSignOnEndpoint{
     
     public  ModelAndView socialSignOnAuthorize(String provider){
     	_logger.debug("SocialSignOn provider : "+provider);
-    	String authorizationUrl=buildOAuthService(provider).getAuthorizationUrl(null);
+    	String authorizationUrl=buildAuthRequest(provider).authorize(AuthStateUtils.createState());
 		_logger.debug("authorize SocialSignOn : "+authorizationUrl);
 		return WebContext.redirect(authorizationUrl);
     }
@@ -89,8 +90,7 @@ public class SocialSignOnEndpoint  extends AbstractSocialSignOnEndpoint{
 	public ModelAndView callback(@PathVariable String provider
 			) {
 		this.provider=provider;
-		this.getAccessToken();
-		this.getAccountId();
+		this.authCallback();
 		_logger.debug(this.accountId);
 		SocialSignOnUserToken socialSignOnUserToken =new SocialSignOnUserToken();
 		socialSignOnUserToken.setProvider(provider);
@@ -121,8 +121,8 @@ public class SocialSignOnEndpoint  extends AbstractSocialSignOnEndpoint{
 		socialSignOnUserToken.setSocialUserInfo(accountJsonString);
 		socialSignOnUserToken.setUid(WebContext.getUserInfo().getId());
 		socialSignOnUserToken.setUsername(WebContext.getUserInfo().getUsername());
-		socialSignOnUserToken.setAccessToken(JsonUtils.object2Json(accessToken));
-		socialSignOnUserToken.setExAttribute(JsonUtils.object2Json(accessToken.getResponseObject()));
+		//socialSignOnUserToken.setAccessToken(JsonUtils.object2Json(accessToken));
+		//socialSignOnUserToken.setExAttribute(JsonUtils.object2Json(accessToken.getResponseObject()));
 		_logger.debug("Social Bind : "+socialSignOnUserToken);
 		this.socialSignOnUserTokenService.delete(socialSignOnUserToken);
 		this.socialSignOnUserTokenService.insert(socialSignOnUserToken);
@@ -139,9 +139,9 @@ public class SocialSignOnEndpoint  extends AbstractSocialSignOnEndpoint{
 			_logger.debug("Social Sign On from "+socialSignOnUserToken.getProvider()+" mapping to user "+socialSignOnUserToken.getUsername());
 			
 			if(WebContext.setAuthentication(socialSignOnUserToken.getUsername(), LOGINTYPE.SOCIALSIGNON,this.socialSignOnProvider.getProviderName(),"xe00000004","success")){
-				socialSignOnUserToken.setAccessToken(JsonUtils.object2Json(this.accessToken));
+				//socialSignOnUserToken.setAccessToken(JsonUtils.object2Json(this.accessToken));
 				socialSignOnUserToken.setSocialUserInfo(accountJsonString);
-				socialSignOnUserToken.setExAttribute(JsonUtils.object2Json(accessToken.getResponseObject()));
+				//socialSignOnUserToken.setExAttribute(JsonUtils.object2Json(accessToken.getResponseObject()));
 				
 				this.socialSignOnUserTokenService.update(socialSignOnUserToken);
 			}

maxkey-authentications/src/main/java/org/maxkey/authn/support/socialsignon/service/SocialSignOnProvider.java

@@ -11,13 +11,6 @@ public class SocialSignOnProvider {
 	private String icon;
 	private String clientId;
 	private String clientSecret;
-	private String callBack;
-	private String authorizeUrl;
-	private String accessTokenUrl;
-	private String accessTokenMethod;
-	private String scope;
-	private String verifierCode;
-	private String accountUrl;
 	private String accountId;
 	private int sortOrder;
 	
@@ -30,96 +23,63 @@ public class SocialSignOnProvider {
 	public SocialSignOnProvider() {
 
 	}
-	
-	
+
 	public String getProvider() {
 		return provider;
 	}
+
 	public void setProvider(String provider) {
 		this.provider = provider;
 	}
-	public String getIcon() {
-		return icon;
-	}
-	public void setIcon(String icon) {
-		this.icon = icon;
-	}
+
 	public String getProviderName() {
 		return providerName;
 	}
+
 	public void setProviderName(String providerName) {
 		this.providerName = providerName;
 	}
+
+	public String getIcon() {
+		return icon;
+	}
+
+	public void setIcon(String icon) {
+		this.icon = icon;
+	}
+
 	public String getClientId() {
 		return clientId;
 	}
+
 	public void setClientId(String clientId) {
 		this.clientId = clientId;
 	}
+
 	public String getClientSecret() {
 		return clientSecret;
 	}
+
 	public void setClientSecret(String clientSecret) {
 		this.clientSecret = clientSecret;
 	}
 
-	public String getAuthorizeUrl() {
-		return authorizeUrl;
-	}
-	public void setAuthorizeUrl(String authorizeUrl) {
-		this.authorizeUrl = authorizeUrl;
-	}
-	public String getAccessTokenUrl() {
-		return accessTokenUrl;
-	}
-	public void setAccessTokenUrl(String accessTokenUrl) {
-		this.accessTokenUrl = accessTokenUrl;
-	}
-	public String getAccessTokenMethod() {
-		return accessTokenMethod;
-	}
-	public void setAccessTokenMethod(String accessTokenMethod) {
-		this.accessTokenMethod = accessTokenMethod;
-	}
-	public String getScope() {
-		return scope;
-	}
-	public void setScope(String scope) {
-		this.scope = scope;
-	}
-	public String getVerifierCode() {
-		return verifierCode;
-	}
-	public void setVerifierCode(String verifierCode) {
-		this.verifierCode = verifierCode;
-	}
-	public String getAccountUrl() {
-		return accountUrl;
-	}
-	public void setAccountUrl(String accountUrl) {
-		this.accountUrl = accountUrl;
-	}
 	public String getAccountId() {
 		return accountId;
 	}
+
 	public void setAccountId(String accountId) {
 		this.accountId = accountId;
 	}
+
 	public int getSortOrder() {
 		return sortOrder;
 	}
+
 	public void setSortOrder(int sortOrder) {
 		this.sortOrder = sortOrder;
 	}
 
-	public String getCallBack() {
-		return callBack;
-	}
-
-	public void setCallBack(String callBack) {
-		this.callBack = callBack;
-	}
-
 	public boolean isUserBind() {
 		return userBind;
 	}
@@ -127,17 +87,7 @@ public class SocialSignOnProvider {
 	public void setUserBind(boolean userBind) {
 		this.userBind = userBind;
 	}
-
-	@Override
-	public String toString() {
-		return "SocialSignOnProvider [provider=" + provider + ", providerName="
-				+ providerName + ", icon=" + icon + ", clientId=" + clientId
-				+ ", clientSecret=" + clientSecret + ", authorizeUrl="
-				+ authorizeUrl + ", accessTokenUrl=" + accessTokenUrl
-				+ ", accessTokenMethod=" + accessTokenMethod + ", scope="
-				+ scope + ", verifierCode=" + verifierCode + ", accountUrl="
-				+ accountUrl + ", accountId=" + accountId + ", sortOrder="
-				+ sortOrder + ", userBind=" + userBind + "]";
-	}
+	
+	
 
 }

maxkey-authentications/src/main/java/org/maxkey/authn/support/socialsignon/service/SocialSignOnProviderService.java

@@ -3,9 +3,15 @@ package org.maxkey.authn.support.socialsignon.service;
 import java.util.HashMap;
 import java.util.List;
 
+import org.maxkey.web.WebContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
+import me.zhyd.oauth.config.AuthConfig;
+import me.zhyd.oauth.model.AuthResponse;
+import me.zhyd.oauth.model.AuthUser;
+import me.zhyd.oauth.request.*;
+
 
 
 public class SocialSignOnProviderService{
@@ -19,7 +25,62 @@ public class SocialSignOnProviderService{
 	public SocialSignOnProvider get(String provider){
 		return socialSignOnProviderMaps.get(provider);
 	}
-
+	
+	public AuthRequest  getAuthRequest(String provider) {
+		AuthRequest authRequest = null;
+		AuthConfig authConfig = AuthConfig.builder()
+				.clientId(this.get(provider).getClientId())
+				.clientSecret(this.get(provider).getClientSecret())
+				.redirectUri(WebContext.getHttpContextPath()+ "/logon/oauth20/callback/"+provider)
+				.build();
+		
+		if(provider.equalsIgnoreCase("WeChatOpen")) {
+			authRequest = new AuthWeChatOpenRequest(authConfig);
+		}else if(provider.equalsIgnoreCase("sinaweibo")) {
+			authRequest = new AuthWeiboRequest(authConfig);
+		}else if(provider.equalsIgnoreCase("qq")) {
+			authRequest = new AuthQqRequest(authConfig);
+		}else if(provider.equalsIgnoreCase("Alipay")) {
+			authRequest = new AuthAlipayRequest(authConfig);
+		}else if(provider.equalsIgnoreCase("Twitter")) {
+			authRequest = new AuthTwitterRequest(authConfig);
+		}else if(provider.equalsIgnoreCase("google")) {
+			authRequest = new AuthGoogleRequest(authConfig);
+		}else if(provider.equalsIgnoreCase("Windows")) {
+			authRequest = new AuthMicrosoftRequest(authConfig);
+		}else if(provider.equalsIgnoreCase("Linkedin")) {
+			authRequest = new AuthLinkedinRequest(authConfig);
+		}else if(provider.equalsIgnoreCase("DingTalk")) {
+			authRequest = new AuthDingTalkRequest(authConfig);
+		}
+		
+		
+		
+		return authRequest;
+	}
+	
+	public String getAccountId(String provider,AuthResponse<?> authResponse) {
+		if(provider.equalsIgnoreCase("WeChatOpen")) {
+			return ((AuthUser)authResponse.getData()).getUuid();
+		}else if(provider.equalsIgnoreCase("sinaweibo")) {
+			return ((AuthUser)authResponse.getData()).getUuid();
+		}else if(provider.equalsIgnoreCase("qq")) {
+			return ((AuthUser)authResponse.getData()).getUuid();
+		}else if(provider.equalsIgnoreCase("Alipay")) {
+			return ((AuthUser)authResponse.getData()).getUuid();
+		}else if(provider.equalsIgnoreCase("Twitter")) {
+			return ((AuthUser)authResponse.getData()).getUuid();
+		}else if(provider.equalsIgnoreCase("google")) {
+			return ((AuthUser)authResponse.getData()).getUuid();
+		}else if(provider.equalsIgnoreCase("Windows")) {
+			return ((AuthUser)authResponse.getData()).getUuid();
+		}else if(provider.equalsIgnoreCase("Linkedin")) {
+			return ((AuthUser)authResponse.getData()).getUuid();
+		}else if(provider.equalsIgnoreCase("DingTalk")) {
+			return ((AuthUser)authResponse.getData()).getUuid();
+		}
+		return null;
+	}
 	public List<SocialSignOnProvider> getSocialSignOnProviders() {
 		return socialSignOnProviders;
 	}

maxkey-client-sdk/.classpath

@@ -10,7 +10,6 @@
 		<attributes>
 			<attribute name="gradle_scope" value="test"/>
 			<attribute name="gradle_used_by_scope" value="test"/>
-			<attribute name="test" value="true"/>
 		</attributes>
 	</classpathentry>
 	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.8/"/>

maxkey-client-sdk/src/main/java/org/maxkey/client/oauth/builder/api/OAuthApi20.java

@@ -81,12 +81,22 @@ public class OAuthApi20 extends DefaultApi20
 	@Override
 	public String getAuthorizationUrl(OAuthConfig config){
 	    // Append scope if present
-	    if (config.hasScope()){
-	      return String.format(authorizeUrl+scope, config.getApiKey(), HttpEncoder.encode(config.getCallback()), HttpEncoder.encode(config.getScope()));
-	    }
-	    else{
-	      return String.format(authorizeUrl, config.getApiKey(), HttpEncoder.encode(config.getCallback()));
-	    }
+		//dingtalk
+		if(authorizeUrl.indexOf("oapi.dingtalk.com")>-1) {
+			if (config.hasScope()){
+			      return String.format(authorizeUrl+scope, config.getApiKey(), config.getCallback(), HttpEncoder.encode(config.getScope()));
+			    }
+			    else{
+			      return String.format(authorizeUrl, config.getApiKey(), config.getCallback());
+			    }
+		}else {
+			if (config.hasScope()){
+		      return String.format(authorizeUrl+scope, config.getApiKey(), HttpEncoder.encode(config.getCallback()), HttpEncoder.encode(config.getScope()));
+		    }
+		    else{
+		      return String.format(authorizeUrl, config.getApiKey(), HttpEncoder.encode(config.getCallback()));
+		    }
+		}
 	}
 
 	public String getAuthorizeUrl() {

maxkey-core/.classpath

@@ -10,7 +10,6 @@
 		<attributes>
 			<attribute name="gradle_scope" value="test"/>
 			<attribute name="gradle_used_by_scope" value="test"/>
-			<attribute name="test" value="true"/>
 		</attributes>
 	</classpathentry>
 	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.8/"/>

maxkey-core/src/main/java/org/maxkey/web/WebContext.java

@@ -1,12 +1,12 @@
 package org.maxkey.web;
 
-import java.util.ArrayList;
 import java.util.Locale;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
 
 import org.apache.commons.logging.LogFactory;
+import org.maxkey.authn.BasicAuthentication;
 import org.maxkey.authn.realm.AbstractAuthenticationRealm;
 import org.maxkey.config.ApplicationConfig;
 import org.maxkey.domain.UserInfo;
@@ -16,8 +16,6 @@ import org.maxkey.web.message.Message;
 import org.springframework.context.ApplicationContext;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
-import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
 import org.springframework.web.context.support.WebApplicationContextUtils;
@@ -83,11 +81,18 @@ public final class WebContext {
 	    UserInfo loadeduserInfo = authenticationRealm.loadUserInfo(username,"");
 	    if (loadeduserInfo != null)
 	    {
-	      ArrayList<GrantedAuthority> grantedAuthority = authenticationRealm.grantAuthority(loadeduserInfo);
 	      setUserInfo(loadeduserInfo);
-	      UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(loadeduserInfo.getUsername(), loadeduserInfo.getPassword(), grantedAuthority);
+	      BasicAuthentication authentication =new BasicAuthentication();
+	      authentication.setJ_username(loadeduserInfo.getUsername());
+	      UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken =new UsernamePasswordAuthenticationToken(
+	    		  authentication,
+					"PASSWORD",
+					authenticationRealm.grantAuthority(loadeduserInfo));
 	      
-	      SecurityContextHolder.getContext().setAuthentication(authentication);
+	      authentication.setAuthenticated(true);
+	      WebContext.setAuthentication(usernamePasswordAuthenticationToken);
+		  WebContext.setUserInfo(loadeduserInfo);
+		  
 	      authenticationRealm.insertLoginHistory(loadeduserInfo, type, provider, code, message);
 	    }
 	    return true;

maxkey-dao/.classpath

@@ -16,14 +16,12 @@
 		<attributes>
 			<attribute name="gradle_scope" value="test"/>
 			<attribute name="gradle_used_by_scope" value="test"/>
-			<attribute name="test" value="true"/>
 		</attributes>
 	</classpathentry>
 	<classpathentry kind="src" output="bin/test" path="src/test/resources">
 		<attributes>
 			<attribute name="gradle_scope" value="test"/>
 			<attribute name="gradle_used_by_scope" value="test"/>
-			<attribute name="test" value="true"/>
 		</attributes>
 	</classpathentry>
 	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.8/"/>

maxkey-protocols/maxkey-protocol-cas/.classpath

@@ -10,7 +10,6 @@
 		<attributes>
 			<attribute name="gradle_scope" value="test"/>
 			<attribute name="gradle_used_by_scope" value="test"/>
-			<attribute name="test" value="true"/>
 		</attributes>
 	</classpathentry>
 	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.8/"/>

maxkey-web-manage/.classpath

@@ -14,6 +14,10 @@
 	</classpathentry>
 	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.8/"/>
 	<classpathentry kind="con" path="org.eclipse.jst.j2ee.internal.web.container"/>
-	<classpathentry kind="con" path="org.eclipse.buildship.core.gradleclasspathcontainer"/>
+	<classpathentry kind="con" path="org.eclipse.buildship.core.gradleclasspathcontainer">
+		<attributes>
+			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+		</attributes>
+	</classpathentry>
 	<classpathentry kind="output" path="bin/default"/>
 </classpath>

maxkey-web-maxkey/.classpath

@@ -16,11 +16,14 @@
 		<attributes>
 			<attribute name="gradle_scope" value="test"/>
 			<attribute name="gradle_used_by_scope" value="test"/>
-			<attribute name="test" value="true"/>
 		</attributes>
 	</classpathentry>
 	<classpathentry kind="con" path="org.eclipse.jdt.launching.JRE_CONTAINER/org.eclipse.jdt.internal.debug.ui.launcher.StandardVMType/JavaSE-1.8/"/>
 	<classpathentry kind="con" path="org.eclipse.jst.j2ee.internal.web.container"/>
-	<classpathentry kind="con" path="org.eclipse.buildship.core.gradleclasspathcontainer"/>
+	<classpathentry kind="con" path="org.eclipse.buildship.core.gradleclasspathcontainer">
+		<attributes>
+			<attribute name="org.eclipse.jst.component.dependency" value="/WEB-INF/lib"/>
+		</attributes>
+	</classpathentry>
 	<classpathentry kind="output" path="bin/default"/>
 </classpath>

maxkey-web-maxkey/src/main/java/org/maxkey/web/endpoint/IndexEndpoint.java

@@ -31,13 +31,13 @@ public class IndexEndpoint {
 		_logger.debug("IndexEndpoint /forwardindex.");
 		ModelAndView modelAndView=new ModelAndView();
 		Integer passwordSetType=(Integer)WebContext.getSession().getAttribute(WebConstants.CURRENT_LOGIN_USER_PASSWORD_SET_TYPE);
-		if(passwordSetType==PASSWORDSETTYPE.PASSWORD_NORMAL){
+		if(passwordSetType==null || passwordSetType==PASSWORDSETTYPE.PASSWORD_NORMAL){
 			if(applicationConfig.getLoginConfig().getDefaultUri()!=null&&
 					!applicationConfig.getLoginConfig().getDefaultUri().equals("")){
 				if(applicationConfig.getLoginConfig().getDefaultUri().startsWith("http")){
 					return  WebContext.redirect(applicationConfig.getLoginConfig().getDefaultUri());
 				}
-				return  WebContext.forward(applicationConfig.getLoginConfig().getDefaultUri());
+				return  WebContext.redirect(applicationConfig.getLoginConfig().getDefaultUri());
 			}
 			modelAndView.setViewName("index");
 			return  modelAndView;

maxkey-web-maxkey/src/main/resources/config/applicationLogin.properties

@@ -76,3 +76,64 @@ config.oidc.metadata.authorizationEndpoint=http://${config.server.name}/maxkey/o
 config.oidc.metadata.tokenEndpoint=http://${config.server.name}/maxkey/oauth/v20/token
 config.oidc.metadata.userinfoEndpoint=http://${config.server.name}/maxkey/api/connect/userinfo
 #############################################################################
+
+
+############################################################################
+#              Social Sign On Configuration                                #
+#you config client.id & client.secret only
+############################################################################
+
+############################################################################ 
+#sina weibo
+config.socialsignon.sinaweibo.provider=sinaweibo
+config.socialsignon.sinaweibo.provider.name=\u65B0\u6D6A\u5FAE\u535A
+config.socialsignon.sinaweibo.icon=images/social/sinaweibo.png
+config.socialsignon.sinaweibo.client.id=3379757634
+config.socialsignon.sinaweibo.client.secret=1adfdf9800299037bcab9d1c238664ba
+config.socialsignon.sinaweibo.account.id=id
+config.socialsignon.sinaweibo.sortorder=1
+
+#Google
+config.socialsignon.google.provider=google
+config.socialsignon.google.provider.name=Google
+config.socialsignon.google.icon=images/social/google.png
+config.socialsignon.google.client.id=519914515488.apps.googleusercontent.com
+config.socialsignon.google.client.secret=3aTW3Iw7e11QqMnHxciCaXTt
+config.socialsignon.google.account.id=id
+config.socialsignon.google.sortorder=2
+
+#QQ
+config.socialsignon.qq.provider=qq
+config.socialsignon.qq.provider.name=QQ
+config.socialsignon.qq.icon=images/social/qq.png
+config.socialsignon.qq.client.id=101224990
+config.socialsignon.qq.client.secret=09d7481b68d888f01831e3ef7c1c3015
+config.socialsignon.qq.account.id=openid
+config.socialsignon.qq.sortorder=4
+
+#dingtalk
+config.socialsignon.dingtalk.provider=dingtalk
+config.socialsignon.dingtalk.provider.name=dingtalk
+config.socialsignon.dingtalk.icon=images/social/dingtalk.png
+config.socialsignon.dingtalk.client.id=dingoawf2jyiwh2uzqnphg
+config.socialsignon.dingtalk.client.secret=Crm7YJbMKfRlvG2i1SHpg4GHVpqF_oXiEjhmRQyiSiuzNRWpbFh9i0UjDTfhOoN9
+config.socialsignon.dingtalk.account.id=openid
+config.socialsignon.dingtalk.sortorder=4
+
+#Windows Live
+config.socialsignon.live.provider=Windows
+config.socialsignon.live.provider.name=Windows Live
+config.socialsignon.live.icon=images/social/live.png
+config.socialsignon.live.client.id=00000000401129A4
+config.socialsignon.live.client.secret=Kx-OAmHaoqG5vcitm3-TASOSZD1ebu64
+config.socialsignon.live.account.id=id
+config.socialsignon.live.sortorder=5
+
+#facebook
+config.socialsignon.facebook.provider=facebook
+config.socialsignon.facebook.provider.name=facebook
+config.socialsignon.facebook.icon=images/social/facebook.png
+config.socialsignon.facebook.client.id=appKey
+config.socialsignon.facebook.client.secret=appSecret
+config.socialsignon.facebook.account.id=id
+config.socialsignon.facebook.sortorder=7

maxkey-web-maxkey/src/main/resources/config/applicationSocialSignOn.properties

@@ -1,83 +0,0 @@
-############################################################################
-#                        MaxKey
-############################################################################
-#              Social Sign On Configuration                                #
-#you config client.id & client.secret only
-############################################################################
-
-############################################################################ 
-#sina weibo
-config.socialsignon.sinaweibo.provider=sinaweibo
-config.socialsignon.sinaweibo.provider.name=\u65B0\u6D6A\u5FAE\u535A
-config.socialsignon.sinaweibo.icon=images/social/sinaweibo.png
-config.socialsignon.sinaweibo.client.id=3379757634
-config.socialsignon.sinaweibo.client.secret=1adfdf9800299037bcab9d1c238664ba
-config.socialsignon.sinaweibo.authorize.url=https://api.weibo.com/oauth2/authorize?client_id=%s&redirect_uri=%s&response_type=code
-config.socialsignon.sinaweibo.accesstoken.url=https://api.weibo.com/oauth2/access_token
-config.socialsignon.sinaweibo.accesstoken.method=POST
-config.socialsignon.sinaweibo.scope=all
-config.socialsignon.sinaweibo.verifier.code=code
-config.socialsignon.sinaweibo.account.url=https://api.weibo.com/2/users/show.json
-config.socialsignon.sinaweibo.account.id=id
-config.socialsignon.sinaweibo.sortorder=1
-
-#Google
-config.socialsignon.google.provider=google
-config.socialsignon.google.provider.name=Google
-config.socialsignon.google.icon=images/social/google.png
-config.socialsignon.google.client.id=519914515488.apps.googleusercontent.com
-config.socialsignon.google.client.secret=3aTW3Iw7e11QqMnHxciCaXTt
-config.socialsignon.google.authorize.url=https://accounts.google.com/o/oauth2/auth?client_id=%s&redirect_uri=%s&response_type=code
-config.socialsignon.google.accesstoken.url=https://accounts.google.com/o/oauth2/token?access_type=offline
-config.socialsignon.google.accesstoken.method=POST
-config.socialsignon.google.scope=openid email profile
-#config.socialsignon.google.scope=https://www.googleapis.com/auth/userinfo.email
-config.socialsignon.google.verifier.code=code
-config.socialsignon.google.account.url=https://www.googleapis.com/plus/v1/people/me
-config.socialsignon.google.account.id=id
-config.socialsignon.google.sortorder=2
-
-#QQ
-config.socialsignon.qq.provider=qq
-config.socialsignon.qq.provider.name=QQ
-config.socialsignon.qq.icon=images/social/qq.png
-config.socialsignon.qq.client.id=101224990
-config.socialsignon.qq.client.secret=09d7481b68d888f01831e3ef7c1c3015
-config.socialsignon.qq.authorize.url=https://graph.qq.com/oauth2.0/authorize?client_id=%s&redirect_uri=%s&response_type=code
-config.socialsignon.qq.accesstoken.url=https://graph.qq.com/oauth2.0/token
-config.socialsignon.qq.accesstoken.method=POST
-config.socialsignon.qq.scope=read
-config.socialsignon.qq.verifier.code=code
-config.socialsignon.qq.account.url=https://graph.qq.com/oauth2.0/me
-config.socialsignon.qq.account.id=openid
-config.socialsignon.qq.sortorder=4
-
-#Windows Live
-config.socialsignon.live.provider=live
-config.socialsignon.live.provider.name=Windows Live
-config.socialsignon.live.icon=images/social/live.png
-config.socialsignon.live.client.id=00000000401129A4
-config.socialsignon.live.client.secret=Kx-OAmHaoqG5vcitm3-TASOSZD1ebu64
-config.socialsignon.live.authorize.url=https://login.live.com/oauth20_authorize.srf?client_id=%s&redirect_uri=%s&response_type=code
-config.socialsignon.live.accesstoken.url=https://login.live.com/oauth20_token.srf
-config.socialsignon.live.accesstoken.method=GET
-config.socialsignon.live.scope=wl.basic
-config.socialsignon.live.verifier.code=code
-config.socialsignon.live.account.url=https://apis.live.net/v5.0/me
-config.socialsignon.live.account.id=id
-config.socialsignon.live.sortorder=5
-
-#facebook
-config.socialsignon.facebook.provider=facebook
-config.socialsignon.facebook.provider.name=facebook
-config.socialsignon.facebook.icon=images/social/facebook.png
-config.socialsignon.facebook.client.id=appKey
-config.socialsignon.facebook.client.secret=appSecret
-config.socialsignon.facebook.authorize.url=https://www.facebook.com/dialog/oauth?client_id=%s&redirect_uri=%s&response_type=code
-config.socialsignon.facebook.accesstoken.url=https://graph.facebook.com/oauth/access_token
-config.socialsignon.facebook.accesstoken.method=GET
-config.socialsignon.facebook.scope=read
-config.socialsignon.facebook.verifier.code=code
-config.socialsignon.facebook.account.url=https://graph.facebook.com/me
-config.socialsignon.facebook.account.id=id
-config.socialsignon.facebook.sortorder=7

maxkey-web-maxkey/src/main/resources/spring/maxkey-support-social.xml

@@ -28,13 +28,6 @@
 		<property name="icon" value="${config.socialsignon.sinaweibo.icon}"/>
 		<property name="clientId" value="${config.socialsignon.sinaweibo.client.id}"/>
 		<property name="clientSecret" value="${config.socialsignon.sinaweibo.client.secret}"/>
-		<property name="authorizeUrl" value="${config.socialsignon.sinaweibo.authorize.url}"/>
-		<property name="accessTokenUrl" value="${config.socialsignon.sinaweibo.accesstoken.url}"/>
-		<property name="accessTokenMethod" value="${config.socialsignon.sinaweibo.accesstoken.method}"/>
-		<property name="scope" value="${config.socialsignon.sinaweibo.scope}"/>
-		<property name="verifierCode" value="${config.socialsignon.sinaweibo.verifier.code}"/>
-		<property name="accountUrl" value="${config.socialsignon.sinaweibo.account.url}"/>
-		<property name="accountId" value="${config.socialsignon.sinaweibo.account.id}"/>
 		<property name="sortOrder" value="${config.socialsignon.sinaweibo.sortorder}"/>
 	</bean>
 	
@@ -44,13 +37,6 @@
 		<property name="icon" value="${config.socialsignon.google.icon}"/>
 		<property name="clientId" value="${config.socialsignon.google.client.id}"/>
 		<property name="clientSecret" value="${config.socialsignon.google.client.secret}"/>
-		<property name="authorizeUrl" value="${config.socialsignon.google.authorize.url}"/>
-		<property name="accessTokenUrl" value="${config.socialsignon.google.accesstoken.url}"/>
-		<property name="accessTokenMethod" value="${config.socialsignon.google.accesstoken.method}"/>
-		<property name="scope" value="${config.socialsignon.google.scope}"/>
-		<property name="verifierCode" value="${config.socialsignon.google.verifier.code}"/>
-		<property name="accountUrl" value="${config.socialsignon.google.account.url}"/>
-		<property name="accountId" value="${config.socialsignon.google.account.id}"/>
 		<property name="sortOrder" value="${config.socialsignon.google.sortorder}"/>
 	</bean>
 	
@@ -60,13 +46,6 @@
 		<property name="icon" value="${config.socialsignon.qq.icon}"/>
 		<property name="clientId" value="${config.socialsignon.qq.client.id}"/>
 		<property name="clientSecret" value="${config.socialsignon.qq.client.secret}"/>
-		<property name="authorizeUrl" value="${config.socialsignon.qq.authorize.url}"/>
-		<property name="accessTokenUrl" value="${config.socialsignon.qq.accesstoken.url}"/>
-		<property name="accessTokenMethod" value="${config.socialsignon.qq.accesstoken.method}"/>
-		<property name="scope" value="${config.socialsignon.qq.scope}"/>
-		<property name="verifierCode" value="${config.socialsignon.qq.verifier.code}"/>
-		<property name="accountUrl" value="${config.socialsignon.qq.account.url}"/>
-		<property name="accountId" value="${config.socialsignon.qq.account.id}"/>
 		<property name="sortOrder" value="${config.socialsignon.qq.sortorder}"/>
 	</bean>
 
@@ -76,13 +55,6 @@
 		<property name="icon" value="${config.socialsignon.live.icon}"/>
 		<property name="clientId" value="${config.socialsignon.live.client.id}"/>
 		<property name="clientSecret" value="${config.socialsignon.live.client.secret}"/>
-		<property name="authorizeUrl" value="${config.socialsignon.live.authorize.url}"/>
-		<property name="accessTokenUrl" value="${config.socialsignon.live.accesstoken.url}"/>
-		<property name="accessTokenMethod" value="${config.socialsignon.live.accesstoken.method}"/>
-		<property name="scope" value="${config.socialsignon.live.scope}"/>
-		<property name="verifierCode" value="${config.socialsignon.live.verifier.code}"/>
-		<property name="accountUrl" value="${config.socialsignon.live.account.url}"/>
-		<property name="accountId" value="${config.socialsignon.live.account.id}"/>
 		<property name="sortOrder" value="${config.socialsignon.live.sortorder}"/>
 	</bean>
 
@@ -92,15 +64,16 @@
 		<property name="icon" value="${config.socialsignon.facebook.icon}"/>
 		<property name="clientId" value="${config.socialsignon.facebook.client.id}"/>
 		<property name="clientSecret" value="${config.socialsignon.facebook.client.secret}"/>
-		<property name="authorizeUrl" value="${config.socialsignon.facebook.authorize.url}"/>
-		<property name="accessTokenUrl" value="${config.socialsignon.facebook.accesstoken.url}"/>
-		<property name="accessTokenMethod" value="${config.socialsignon.facebook.accesstoken.method}"/>
-		<property name="scope" value="${config.socialsignon.facebook.scope}"/>
-		<property name="verifierCode" value="${config.socialsignon.facebook.verifier.code}"/>
-		<property name="accountUrl" value="${config.socialsignon.facebook.account.url}"/>
-		<property name="accountId" value="${config.socialsignon.facebook.account.id}"/>
 		<property name="sortOrder" value="${config.socialsignon.facebook.sortorder}"/>
-	</bean>		
+	</bean>	
+	<bean id="socialSignOndingtalk" class="org.maxkey.authn.support.socialsignon.service.SocialSignOnProvider">
+		<property name="provider" value="${config.socialsignon.dingtalk.provider}"/>
+		<property name="providerName" value="${config.socialsignon.dingtalk.provider.name}"/>
+		<property name="icon" value="${config.socialsignon.dingtalk.icon}"/>
+		<property name="clientId" value="${config.socialsignon.dingtalk.client.id}"/>
+		<property name="clientSecret" value="${config.socialsignon.dingtalk.client.secret}"/>
+		<property name="sortOrder" value="${config.socialsignon.dingtalk.sortorder}"/>
+	</bean>	
 	
 	<bean id="socialSignOnProviderService" class="org.maxkey.authn.support.socialsignon.service.SocialSignOnProviderService">
 		<property name="socialSignOnProviders" >
@@ -110,6 +83,8 @@
 				<ref bean="socialSignOnGoogle"/>
 				<ref bean="socialSignOnLive"/>
 				<ref bean="socialSignOnFacebook"/>
+				<ref bean="socialSignOndingtalk"/>
+				
 			</list>
 		</property>
 	</bean>

maxkey-web-maxkey/src/main/resources/spring/maxkey.xml

@@ -25,7 +25,6 @@
 	   	  <value>classpath:config/applicationConfig.properties</value>
 	   	  <value>classpath:config/applicationLogin.properties</value>
 	   	  <value>classpath:config/applicationSaml.properties</value>
-	   	  <value>classpath:config/applicationSocialSignOn.properties</value>
 	    </list>
 	  </property>
 	  <property name="ignoreUnresolvablePlaceholders" value="true"/>