From 0636df5d3c64d22f557651e6ee1139846c431ea7 Mon Sep 17 00:00:00 2001
From: MaxKey <shimingxy@qq.com>
Date: Fri, 2 Sep 2022 21:02:46 +0800
Subject: [PATCH] CAS service ${errorMessage!} not registered .

---
 .../service/AppsCasDetailsService.java        |  4 +-
 .../cas/endpoint/CasAuthorizeEndpoint.java    | 73 +++++++++----------
 .../interceptor/SingleSignOnInterceptor.java  |  6 ++
 .../views/authorize/cas_sso_submint.ftl       | 23 +++---
 4 files changed, 59 insertions(+), 47 deletions(-)

diff --git a/maxkey-persistence/src/main/java/org/maxkey/persistence/service/AppsCasDetailsService.java b/maxkey-persistence/src/main/java/org/maxkey/persistence/service/AppsCasDetailsService.java
index 7cbf6736d..df6a04cf3 100644
--- a/maxkey-persistence/src/main/java/org/maxkey/persistence/service/AppsCasDetailsService.java
+++ b/maxkey-persistence/src/main/java/org/maxkey/persistence/service/AppsCasDetailsService.java
@@ -54,7 +54,9 @@ public class AppsCasDetailsService  extends JpaBaseService<AppsCasDetails>{
 			details = detailsCache.getIfPresent(id);
 			if(details == null) {
 				details = getMapper().getAppDetails(id);
-				detailsCache.put(id, details);
+				if(details != null) {
+					detailsCache.put(id, details);
+				}
 			}
 		}else {
 			details = getMapper().getAppDetails(id);
diff --git a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java
index 26d76dd1e..d7f2e923f 100644
--- a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java
@@ -37,8 +37,8 @@ import org.maxkey.web.WebConstants;
 import org.maxkey.web.WebContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.security.core.annotation.AuthenticationPrincipal;
 import org.springframework.stereotype.Controller;
+import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
@@ -58,36 +58,41 @@ public class CasAuthorizeEndpoint  extends CasBaseAuthorizeEndpoint{
 	final static Logger _logger = LoggerFactory.getLogger(CasAuthorizeEndpoint.class);
 	
 	@Operation(summary = "CAS页面跳转service认证接口", description = "传递参数service",method="GET")
-	@RequestMapping(CasConstants.ENDPOINT.ENDPOINT_LOGIN)
-	public ModelAndView casLogin(
-			HttpServletRequest request,
-			HttpServletResponse response,
-			@RequestParam(value=CasConstants.PARAMETER.SERVICE,required=false) String casService){
+	@GetMapping(CasConstants.ENDPOINT.ENDPOINT_LOGIN)
+	public ModelAndView casLogin(@RequestParam(value=CasConstants.PARAMETER.SERVICE,required=false) String casService,
+								 HttpServletRequest request,
+								 HttpServletResponse response
+			){
 	    
-		AppsCasDetails  casDetails=casDetailsService.getAppDetails(casService , true);
+		AppsCasDetails  casDetails = casDetailsService.getAppDetails(casService , true);
 		
 		return buildCasModelAndView(request,response,casDetails,casService);
 	}
 	
 	@Operation(summary = "CAS页面跳转应用ID认证接口", description = "传递参数应用ID",method="GET")
-	@RequestMapping(CasConstants.ENDPOINT.ENDPOINT_BASE + "/{id}")
-	public ModelAndView authorize(
-			HttpServletRequest request,
-			HttpServletResponse response,
-			@PathVariable("id") String id){
+	@GetMapping(CasConstants.ENDPOINT.ENDPOINT_BASE + "/{id}")
+	public ModelAndView authorize(  @PathVariable("id") String id,
+									HttpServletRequest request,
+									HttpServletResponse response
+			){
 		
-		AppsCasDetails casDetails=casDetailsService.getAppDetails(id , true);
+		AppsCasDetails casDetails = casDetailsService.getAppDetails(id , true);
 		
-		return buildCasModelAndView(request,response,casDetails,casDetails.getCallbackUrl());
+		return buildCasModelAndView(request,response,casDetails,casDetails == null ? id : casDetails.getCallbackUrl());
 	}
 	
-	private  ModelAndView buildCasModelAndView(
-	                HttpServletRequest request,
-	                HttpServletResponse response,
-	                AppsCasDetails casDetails,
-	                String casService){
+	private  ModelAndView buildCasModelAndView( HttpServletRequest request,
+	                							HttpServletResponse response,
+	                							AppsCasDetails casDetails,
+	                							String casService){
+		if(casDetails == null) {
+			_logger.debug("service {} not registered  " , casService);
+			ModelAndView modelAndView = new ModelAndView("authorize/cas_sso_submint");
+			modelAndView.addObject("errorMessage", casService);
+			return modelAndView;
+		}
 		
-		_logger.debug(""+casDetails);
+		_logger.debug("Detail {}" , casDetails);
 		Map<String, String> parameterMap = WebContext.getRequestParameterMap(request);
 		String service = casService;
 		_logger.debug("CAS Parameter service = {}" , service);
@@ -101,23 +106,21 @@ public class CasAuthorizeEndpoint  extends CasBaseAuthorizeEndpoint{
 		    }
 		    _logger.debug("CAS service with Parameter : {}" , parameterMap);
 		}
-		WebContext.setAttribute(
-    		        CasConstants.PARAMETER.PARAMETER_MAP, 
-    		        parameterMap
-		        );
-
+		WebContext.setAttribute(CasConstants.PARAMETER.PARAMETER_MAP, parameterMap);
 		WebContext.setAttribute(CasConstants.PARAMETER.ENDPOINT_CAS_DETAILS, casDetails);
 		WebContext.setAttribute(WebConstants.SINGLE_SIGN_ON_APP_ID, casDetails.getId());
 		WebContext.setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP,casDetails);
 		return WebContext.redirect(CasConstants.ENDPOINT.ENDPOINT_SERVICE_TICKET_GRANTING);
+		
 	}
 	
 	@RequestMapping(CasConstants.ENDPOINT.ENDPOINT_SERVICE_TICKET_GRANTING)
-	public ModelAndView grantingTicket(Principal principal,
-	        @AuthenticationPrincipal Object user,
-			HttpServletRequest request,
-			HttpServletResponse response){
+	public ModelAndView grantingTicket( Principal principal,
+										HttpServletRequest request,
+										HttpServletResponse response){
+		ModelAndView modelAndView = new ModelAndView("authorize/cas_sso_submint");
 		AppsCasDetails casDetails = (AppsCasDetails)WebContext.getAttribute(CasConstants.PARAMETER.ENDPOINT_CAS_DETAILS);
+		
 		ServiceTicketImpl serviceTicket = new ServiceTicketImpl(AuthorizationUtils.getAuthentication(),casDetails);
 
 		String ticket = ticketServices.createTicket(serviceTicket,casDetails.getExpires());
@@ -150,7 +153,7 @@ public class CasAuthorizeEndpoint  extends CasBaseAuthorizeEndpoint{
 		}
 		
 		if(casDetails.getLogoutType()==LogoutType.BACK_CHANNEL) {
-		    String sessionId = AuthorizationUtils.getPrincipal().getSession().getId();
+			String sessionId = AuthorizationUtils.getPrincipal().getSession().getId();
 		    Session session  = sessionManager.get(sessionId);
 		    //set cas ticket as OnlineTicketId
 		    casDetails.setOnlineTicket(ticket);
@@ -159,8 +162,6 @@ public class CasAuthorizeEndpoint  extends CasBaseAuthorizeEndpoint{
 		}
 		
 		_logger.debug("redirect to CAS Client URL {}" , callbackUrl);
-		
-		ModelAndView modelAndView=new ModelAndView("authorize/cas_sso_submint");
 		modelAndView.addObject("callbackUrl", callbackUrl.toString());
 		return modelAndView;
 	}
@@ -174,11 +175,9 @@ public class CasAuthorizeEndpoint  extends CasBaseAuthorizeEndpoint{
 	 */
 	@Operation(summary = "CAS注销接口", description = "CAS注销接口",method="GET")
 	@RequestMapping(CasConstants.ENDPOINT.ENDPOINT_LOGOUT)
-	public ModelAndView logout(
-			HttpServletRequest request,
-			HttpServletResponse response,
-			@RequestParam(value=CasConstants.PARAMETER.SERVICE,required=false) String casService){
-		StringBuffer logoutUrl = new StringBuffer("/force/logout");
+	public ModelAndView logout(HttpServletRequest request , HttpServletResponse response,
+			@RequestParam(value = CasConstants.PARAMETER.SERVICE , required = false) String casService){
+		StringBuffer logoutUrl = new StringBuffer("force/logout");
 		if(StringUtils.isNotBlank(casService)){
 			logoutUrl.append("?").append("redirect_uri=").append(casService);
 		}
diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/SingleSignOnInterceptor.java b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/SingleSignOnInterceptor.java
index f091c8351..952bf8057 100644
--- a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/SingleSignOnInterceptor.java
+++ b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/SingleSignOnInterceptor.java
@@ -106,6 +106,12 @@ public class SingleSignOnInterceptor  implements AsyncHandlerInterceptor {
 		        			request.getParameter(OAuth2Constants.PARAMETER.CLIENT_ID),true);
 	        	}
 	        }
+	        
+	        if(app == null) {
+	        	_logger.debug("preHandle app is not exist . ");
+	        	return true;
+	        }
+	        
 	        SignPrincipal principal = AuthorizationUtils.getPrincipal();
 	        if(principal != null && app !=null) {
 	            if(principal.getGrantedAuthorityApps().contains(new SimpleGrantedAuthority(app.getId()))) {
diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/resources/templates/views/authorize/cas_sso_submint.ftl b/maxkey-webs/maxkey-web-maxkey/src/main/resources/templates/views/authorize/cas_sso_submint.ftl
index efab39ee6..9d7946ebb 100644
--- a/maxkey-webs/maxkey-web-maxkey/src/main/resources/templates/views/authorize/cas_sso_submint.ftl
+++ b/maxkey-webs/maxkey-web-maxkey/src/main/resources/templates/views/authorize/cas_sso_submint.ftl
@@ -5,24 +5,29 @@
     <#include  "authorize_common.ftl">
     <script type="text/javascript">
         function redirectToLogin(){
+          <#if callbackUrl??>
             var srcUrl = window.top.location.href;
             srcUrl = srcUrl.substring(srcUrl.indexOf("#"));
-            var callbackUrl = "${callbackUrl}";
+            var callbackUrl = "${callbackUrl!}";
             if(srcUrl.indexOf("#") >-1 ){
                 callbackUrl =callbackUrl + srcUrl;
             }
             window.top.location.href = callbackUrl;
+          </#if>
        }
     </script>
 </head>
 
-<body onload="redirectToLogin()"  style="display:none">
-    <form id="cas_sso_form" name="cas_sso_form" action="${callbackUrl}" method="get">
-		<table style="width:100%">
-			<tr>
-				<td colspan="2"><input type="submit"  name="submitBtn" value="Continue..." /></td>
-			</tr>
-		</table>
-	</form>
+<body onload="redirectToLogin()" >
+    <form id="cas_sso_form" name="cas_sso_form" action="${callbackUrl!}" method="get"  style="display:none">
+        <table style="width:100%">
+            <tr>
+                <td colspan="2"><input type="submit"  name="submitBtn" value="Continue..." /></td>
+            </tr>
+        </table>
+    </form>
+    <#if errorMessage??>
+        service ${errorMessage!} not registered .
+    </#if>
 </body>
 </html>
-- 
GitLab