fix: use server side templates
This commit is contained in:
parent
0f9d61b9f0
commit
8ee516850b
@ -77,12 +77,7 @@ public class ApplicationConfiguration {
|
||||
.invalidateHttpSession(true)
|
||||
.deleteCookies("JSESSIONID")
|
||||
)
|
||||
.csrf(c -> {
|
||||
c.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
|
||||
c.csrfTokenRequestHandler(new CsrfTokenRequestAttributeHandler());
|
||||
})
|
||||
.addFilterAfter(new CookieCsrfFilter(), BasicAuthenticationFilter.class)
|
||||
.addFilterAfter(new SimpleCORSFilter(), BasicAuthenticationFilter.class)
|
||||
|
||||
.build();
|
||||
}
|
||||
}
|
||||
|
@ -3,8 +3,6 @@ package com.onlyoffice.authorization.configuration;
|
||||
import com.nimbusds.jose.jwk.JWKSet;
|
||||
import com.nimbusds.jose.jwk.source.JWKSource;
|
||||
import com.nimbusds.jose.proc.SecurityContext;
|
||||
import com.onlyoffice.authorization.extensions.filters.CookieCsrfFilter;
|
||||
import com.onlyoffice.authorization.extensions.filters.SimpleCORSFilter;
|
||||
import com.onlyoffice.authorization.extensions.jwks.JwksKeyPairGenerator;
|
||||
import com.onlyoffice.authorization.extensions.providers.DocspaceAuthenticationProvider;
|
||||
import jakarta.servlet.RequestDispatcher;
|
||||
@ -16,7 +14,6 @@ import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.core.Ordered;
|
||||
import org.springframework.core.annotation.Order;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||
import org.springframework.security.crypto.password.NoOpPasswordEncoder;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.security.oauth2.jose.jws.SignatureAlgorithm;
|
||||
@ -30,9 +27,6 @@ import org.springframework.security.oauth2.server.authorization.settings.ClientS
|
||||
import org.springframework.security.oauth2.server.authorization.token.JwtEncodingContext;
|
||||
import org.springframework.security.oauth2.server.authorization.token.OAuth2TokenCustomizer;
|
||||
import org.springframework.security.web.SecurityFilterChain;
|
||||
import org.springframework.security.web.authentication.www.BasicAuthenticationFilter;
|
||||
import org.springframework.security.web.csrf.CookieCsrfTokenRepository;
|
||||
import org.springframework.security.web.csrf.CsrfTokenRequestAttributeHandler;
|
||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
||||
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
@ -62,13 +56,6 @@ public class AuthorizationServerConfiguration {
|
||||
dispatcher.forward(request, response);
|
||||
}, new AntPathRequestMatcher(applicationConfiguration.getLogin())));
|
||||
|
||||
http.csrf(c -> {
|
||||
c.csrfTokenRepository(CookieCsrfTokenRepository.withHttpOnlyFalse());
|
||||
c.csrfTokenRequestHandler(new CsrfTokenRequestAttributeHandler());
|
||||
});
|
||||
http.addFilterAfter(new CookieCsrfFilter(), BasicAuthenticationFilter.class);
|
||||
http.addFilterAfter(new SimpleCORSFilter(), BasicAuthenticationFilter.class);
|
||||
|
||||
return http.build();
|
||||
}
|
||||
|
||||
|
@ -56,20 +56,12 @@ public class AuthorizationConsentController {
|
||||
}
|
||||
}
|
||||
|
||||
String url = String.format(
|
||||
"redirect:%s/consent?clientId=%s&state=%s&principalName=%s",
|
||||
configuration.getFrontendUrl(),
|
||||
clientId,
|
||||
state,
|
||||
principal.getName()
|
||||
);
|
||||
model.addAttribute("clientId", clientId);
|
||||
model.addAttribute("state", state);
|
||||
model.addAttribute("scopes", scopesToApprove);
|
||||
model.addAttribute("previouslyApprovedScopes", previouslyApprovedScopes);
|
||||
model.addAttribute("principalName", principal.getName());
|
||||
|
||||
if (scope.length() > 0)
|
||||
url += String.format("&scopes=%s", String.join(",", scopesToApprove));
|
||||
|
||||
if (previouslyApprovedScopes.size() > 0)
|
||||
url += String.format("&previouslyApprovedScopes=%s", String.join(",", previouslyApprovedScopes));
|
||||
|
||||
return url;
|
||||
return "consent";
|
||||
}
|
||||
}
|
||||
|
@ -6,6 +6,7 @@ import lombok.RequiredArgsConstructor;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.RequestParam;
|
||||
|
||||
@Controller
|
||||
@RequiredArgsConstructor
|
||||
@ -18,10 +19,20 @@ public class LoginController {
|
||||
public String login(HttpServletRequest request) {
|
||||
log.debug("A new login request");
|
||||
if (request.getDispatcherType().name() == null || !request.getDispatcherType().name().equals(FORWARD))
|
||||
return String.format("redirect:%s/error", configuration.getFrontendUrl());
|
||||
return String.format(
|
||||
"redirect:%s/login?%s",
|
||||
configuration.getFrontendUrl(),
|
||||
request.getQueryString());
|
||||
return "error";
|
||||
return "login";
|
||||
}
|
||||
|
||||
@GetMapping("/authorized")
|
||||
public String authorized(
|
||||
@RequestParam(name = "error", required = false) String error,
|
||||
@RequestParam(name = "error_description", required = false) String description
|
||||
) {
|
||||
log.debug("Authorized redirect");
|
||||
if (error != null && !error.isBlank() && description != null && !description.isBlank()) {
|
||||
log.debug("Authorization error has occurred {} - {}", error, description);
|
||||
return "error";
|
||||
}
|
||||
return "authorized";
|
||||
}
|
||||
}
|
Loading…
Reference in New Issue
Block a user