|
|
|
|
@ -22,30 +22,19 @@ import java.util.Map;
@@ -22,30 +22,19 @@ import java.util.Map;
|
|
|
|
|
import java.util.Objects; |
|
|
|
|
import java.util.Set; |
|
|
|
|
|
|
|
|
|
import jakarta.servlet.http.HttpServletRequest; |
|
|
|
|
import jakarta.servlet.http.HttpServletResponse; |
|
|
|
|
|
|
|
|
|
import org.springframework.beans.factory.annotation.Value; |
|
|
|
|
import org.springframework.core.ParameterizedTypeReference; |
|
|
|
|
import org.springframework.http.HttpStatus; |
|
|
|
|
import org.springframework.http.MediaType; |
|
|
|
|
import org.springframework.http.ResponseEntity; |
|
|
|
|
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; |
|
|
|
|
import org.springframework.security.core.authority.AuthorityUtils; |
|
|
|
|
import org.springframework.security.core.context.SecurityContext; |
|
|
|
|
import org.springframework.security.core.context.SecurityContextHolder; |
|
|
|
|
import org.springframework.security.core.context.SecurityContextHolderStrategy; |
|
|
|
|
import org.springframework.security.oauth2.client.OAuth2AuthorizedClient; |
|
|
|
|
import org.springframework.security.oauth2.client.annotation.RegisteredOAuth2AuthorizedClient; |
|
|
|
|
import org.springframework.security.oauth2.client.registration.ClientRegistration; |
|
|
|
|
import org.springframework.security.oauth2.client.registration.ClientRegistrationRepository; |
|
|
|
|
import org.springframework.security.oauth2.core.ClientAuthenticationMethod; |
|
|
|
|
import org.springframework.security.oauth2.core.OAuth2AuthorizationException; |
|
|
|
|
import org.springframework.security.oauth2.core.OAuth2DeviceCode; |
|
|
|
|
import org.springframework.security.oauth2.core.OAuth2Error; |
|
|
|
|
import org.springframework.security.oauth2.core.endpoint.OAuth2ParameterNames; |
|
|
|
|
import org.springframework.security.web.context.HttpSessionSecurityContextRepository; |
|
|
|
|
import org.springframework.security.web.context.SecurityContextRepository; |
|
|
|
|
import org.springframework.stereotype.Controller; |
|
|
|
|
import org.springframework.ui.Model; |
|
|
|
|
import org.springframework.util.LinkedMultiValueMap; |
|
|
|
|
@ -83,12 +72,6 @@ public class DeviceController {
@@ -83,12 +72,6 @@ public class DeviceController {
|
|
|
|
|
|
|
|
|
|
private final String messagesBaseUri; |
|
|
|
|
|
|
|
|
|
private final SecurityContextRepository securityContextRepository = |
|
|
|
|
new HttpSessionSecurityContextRepository(); |
|
|
|
|
|
|
|
|
|
private final SecurityContextHolderStrategy securityContextHolderStrategy = |
|
|
|
|
SecurityContextHolder.getContextHolderStrategy(); |
|
|
|
|
|
|
|
|
|
public DeviceController(ClientRegistrationRepository clientRegistrationRepository, WebClient webClient, |
|
|
|
|
@Value("${messages.base-uri}") String messagesBaseUri) { |
|
|
|
|
|
|
|
|
|
@ -98,7 +81,7 @@ public class DeviceController {
@@ -98,7 +81,7 @@ public class DeviceController {
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
@GetMapping("/device_authorize") |
|
|
|
|
public String authorize(Model model, HttpServletRequest request, HttpServletResponse response) { |
|
|
|
|
public String authorize(Model model) { |
|
|
|
|
// @formatter:off
|
|
|
|
|
ClientRegistration clientRegistration = |
|
|
|
|
this.clientRegistrationRepository.findByRegistrationId( |
|
|
|
|
@ -143,13 +126,9 @@ public class DeviceController {
@@ -143,13 +126,9 @@ public class DeviceController {
|
|
|
|
|
Instant issuedAt = Instant.now(); |
|
|
|
|
Integer expiresIn = (Integer) responseParameters.get(OAuth2ParameterNames.EXPIRES_IN); |
|
|
|
|
Instant expiresAt = issuedAt.plusSeconds(expiresIn); |
|
|
|
|
String deviceCodeValue = (String) responseParameters.get(OAuth2ParameterNames.DEVICE_CODE); |
|
|
|
|
|
|
|
|
|
OAuth2DeviceCode deviceCode = new OAuth2DeviceCode(deviceCodeValue, issuedAt, expiresAt); |
|
|
|
|
saveSecurityContext(deviceCode, request, response); |
|
|
|
|
|
|
|
|
|
model.addAttribute("deviceCode", deviceCode.getTokenValue()); |
|
|
|
|
model.addAttribute("expiresAt", deviceCode.getExpiresAt()); |
|
|
|
|
model.addAttribute("deviceCode", responseParameters.get(OAuth2ParameterNames.DEVICE_CODE)); |
|
|
|
|
model.addAttribute("expiresAt", expiresAt); |
|
|
|
|
model.addAttribute("userCode", responseParameters.get(OAuth2ParameterNames.USER_CODE)); |
|
|
|
|
model.addAttribute("verificationUri", responseParameters.get(OAuth2ParameterNames.VERIFICATION_URI)); |
|
|
|
|
// Note: You could use a QR-code to display this URL
|
|
|
|
|
@ -210,19 +189,4 @@ public class DeviceController {
@@ -210,19 +189,4 @@ public class DeviceController {
|
|
|
|
|
return "index"; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
private void saveSecurityContext(OAuth2DeviceCode deviceCode, HttpServletRequest request, |
|
|
|
|
HttpServletResponse response) { |
|
|
|
|
|
|
|
|
|
// @formatter:off
|
|
|
|
|
UsernamePasswordAuthenticationToken deviceAuthentication = |
|
|
|
|
UsernamePasswordAuthenticationToken.authenticated( |
|
|
|
|
deviceCode, null, AuthorityUtils.createAuthorityList("ROLE_DEVICE")); |
|
|
|
|
// @formatter:on
|
|
|
|
|
|
|
|
|
|
SecurityContext securityContext = this.securityContextHolderStrategy.createEmptyContext(); |
|
|
|
|
securityContext.setAuthentication(deviceAuthentication); |
|
|
|
|
this.securityContextHolderStrategy.setContext(securityContext); |
|
|
|
|
this.securityContextRepository.saveContext(securityContext, request, response); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
} |
|
|
|
|
|
Joe Grandja
3 years ago