fix: use server side templates
This commit is contained in:
parent
0f9d61b9f0
commit
8ee516850b
@ -77,12 +77,7 @@ public class ApplicationConfiguration {
|
|||||||
.invalidateHttpSession(true)
|
.invalidateHttpSession(true)
|
||||||
.deleteCookies("JSESSIONID")
|
.deleteCookies("JSESSIONID")
|
||||||
)
|
)
|
||||||
.csrf(c -> {
|
|
||||||
c.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
|
|
||||||
c.csrfTokenRequestHandler(new CsrfTokenRequestAttributeHandler());
|
|
||||||
})
|
|
||||||
.addFilterAfter(new CookieCsrfFilter(), BasicAuthenticationFilter.class)
|
|
||||||
.addFilterAfter(new SimpleCORSFilter(), BasicAuthenticationFilter.class)
|
|
||||||
.build();
|
.build();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -3,8 +3,6 @@ package com.onlyoffice.authorization.configuration;
|
|||||||
import com.nimbusds.jose.jwk.JWKSet;
|
import com.nimbusds.jose.jwk.JWKSet;
|
||||||
import com.nimbusds.jose.jwk.source.JWKSource;
|
import com.nimbusds.jose.jwk.source.JWKSource;
|
||||||
import com.nimbusds.jose.proc.SecurityContext;
|
import com.nimbusds.jose.proc.SecurityContext;
|
||||||
import com.onlyoffice.authorization.extensions.filters.CookieCsrfFilter;
|
|
||||||
import com.onlyoffice.authorization.extensions.filters.SimpleCORSFilter;
|
|
||||||
import com.onlyoffice.authorization.extensions.jwks.JwksKeyPairGenerator;
|
import com.onlyoffice.authorization.extensions.jwks.JwksKeyPairGenerator;
|
||||||
import com.onlyoffice.authorization.extensions.providers.DocspaceAuthenticationProvider;
|
import com.onlyoffice.authorization.extensions.providers.DocspaceAuthenticationProvider;
|
||||||
import jakarta.servlet.RequestDispatcher;
|
import jakarta.servlet.RequestDispatcher;
|
||||||
@ -16,7 +14,6 @@ import org.springframework.context.annotation.Configuration;
|
|||||||
import org.springframework.core.Ordered;
|
import org.springframework.core.Ordered;
|
||||||
import org.springframework.core.annotation.Order;
|
import org.springframework.core.annotation.Order;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
|
||||||
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
|
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
|
||||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||||
import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
|
import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
|
||||||
@ -30,9 +27,6 @@ import org.springframework.security.oauth2.server.authorization.settings.ClientS
|
|||||||
import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext;
|
import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext;
|
||||||
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenCustomizer;
|
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenCustomizer;
|
||||||
import org.springframework.security.web.SecurityFilterChain;
|
import org.springframework.security.web.SecurityFilterChain;
|
||||||
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
|
|
||||||
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
|
|
||||||
import org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler;
|
|
||||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
||||||
|
|
||||||
import java.security.NoSuchAlgorithmException;
|
import java.security.NoSuchAlgorithmException;
|
||||||
@ -62,13 +56,6 @@ public class AuthorizationServerConfiguration {
|
|||||||
dispatcher.forward(request, response);
|
dispatcher.forward(request, response);
|
||||||
}, new AntPathRequestMatcher(applicationConfiguration.getLogin())));
|
}, new AntPathRequestMatcher(applicationConfiguration.getLogin())));
|
||||||
|
|
||||||
http.csrf(c -> {
|
|
||||||
c.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
|
|
||||||
c.csrfTokenRequestHandler(new CsrfTokenRequestAttributeHandler());
|
|
||||||
});
|
|
||||||
http.addFilterAfter(new CookieCsrfFilter(), BasicAuthenticationFilter.class);
|
|
||||||
http.addFilterAfter(new SimpleCORSFilter(), BasicAuthenticationFilter.class);
|
|
||||||
|
|
||||||
return http.build();
|
return http.build();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -56,20 +56,12 @@ public class AuthorizationConsentController {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
String url = String.format(
|
model.addAttribute("clientId", clientId);
|
||||||
"redirect:%s/consent?clientId=%s&state=%s&principalName=%s",
|
model.addAttribute("state", state);
|
||||||
configuration.getFrontendUrl(),
|
model.addAttribute("scopes", scopesToApprove);
|
||||||
clientId,
|
model.addAttribute("previouslyApprovedScopes", previouslyApprovedScopes);
|
||||||
state,
|
model.addAttribute("principalName", principal.getName());
|
||||||
principal.getName()
|
|
||||||
);
|
|
||||||
|
|
||||||
if (scope.length() > 0)
|
return "consent";
|
||||||
url += String.format("&scopes=%s", String.join(",", scopesToApprove));
|
|
||||||
|
|
||||||
if (previouslyApprovedScopes.size() > 0)
|
|
||||||
url += String.format("&previouslyApprovedScopes=%s", String.join(",", previouslyApprovedScopes));
|
|
||||||
|
|
||||||
return url;
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -6,6 +6,7 @@ import lombok.RequiredArgsConstructor;
|
|||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
import org.springframework.stereotype.Controller;
|
import org.springframework.stereotype.Controller;
|
||||||
import org.springframework.web.bind.annotation.GetMapping;
|
import org.springframework.web.bind.annotation.GetMapping;
|
||||||
|
import org.springframework.web.bind.annotation.RequestParam;
|
||||||
|
|
||||||
@Controller
|
@Controller
|
||||||
@RequiredArgsConstructor
|
@RequiredArgsConstructor
|
||||||
@ -18,10 +19,20 @@ public class LoginController {
|
|||||||
public String login(HttpServletRequest request) {
|
public String login(HttpServletRequest request) {
|
||||||
log.debug("A new login request");
|
log.debug("A new login request");
|
||||||
if (request.getDispatcherType().name() == null || !request.getDispatcherType().name().equals(FORWARD))
|
if (request.getDispatcherType().name() == null || !request.getDispatcherType().name().equals(FORWARD))
|
||||||
return String.format("redirect:%s/error", configuration.getFrontendUrl());
|
return "error";
|
||||||
return String.format(
|
return "login";
|
||||||
"redirect:%s/login?%s",
|
}
|
||||||
configuration.getFrontendUrl(),
|
|
||||||
request.getQueryString());
|
@GetMapping("/authorized")
|
||||||
|
public String authorized(
|
||||||
|
@RequestParam(name = "error", required = false) String error,
|
||||||
|
@RequestParam(name = "error_description", required = false) String description
|
||||||
|
) {
|
||||||
|
log.debug("Authorized redirect");
|
||||||
|
if (error != null && !error.isBlank() && description != null && !description.isBlank()) {
|
||||||
|
log.debug("Authorization error has occurred {} - {}", error, description);
|
||||||
|
return "error";
|
||||||
|
}
|
||||||
|
return "authorized";
|
||||||
}
|
}
|
||||||
}
|
}
|
Loading…
Reference in New Issue
Block a user