Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
MaxKey单点登录官方(MaxKeyTop)
MaxKey
提交
06b27d35
MaxKey
项目概览
MaxKey单点登录官方(MaxKeyTop)
/
MaxKey
9 个月 前同步成功
通知
75
Star
3
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
1
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
MaxKey
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
1
Issue
1
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
06b27d35
编写于
11月 08, 2020
作者:
MaxKey单点登录官方
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Authentication 优化
上级
c1e4b36c
变更
41
隐藏空白更改
内联
并排
Showing
41 changed file
with
425 addition
and
163 deletion
+425
-163
maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java
...java/org/maxkey/authn/AbstractAuthenticationProvider.java
+11
-19
maxkey-core/src/main/java/org/maxkey/authn/LoginCredential.java
...-core/src/main/java/org/maxkey/authn/LoginCredential.java
+13
-27
maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java
...in/java/org/maxkey/authn/RealmAuthenticationProvider.java
+31
-33
maxkey-core/src/main/java/org/maxkey/authn/SigninPrincipal.java
...-core/src/main/java/org/maxkey/authn/SigninPrincipal.java
+172
-0
maxkey-core/src/main/java/org/maxkey/autoconfigure/MvcAutoConfiguration.java
...n/java/org/maxkey/autoconfigure/MvcAutoConfiguration.java
+25
-0
maxkey-core/src/main/java/org/maxkey/domain/UserInfo.java
maxkey-core/src/main/java/org/maxkey/domain/UserInfo.java
+0
-11
maxkey-core/src/main/java/org/maxkey/domain/apps/Apps.java
maxkey-core/src/main/java/org/maxkey/domain/apps/Apps.java
+10
-0
maxkey-core/src/main/java/org/maxkey/web/InitializeContext.java
...-core/src/main/java/org/maxkey/web/InitializeContext.java
+5
-1
maxkey-core/src/main/java/org/maxkey/web/SessionSecurityContextHolderStrategy.java
.../org/maxkey/web/SessionSecurityContextHolderStrategy.java
+51
-0
maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/adapter/AbstractAuthorizeAdapter.java
...xkey/authz/endpoint/adapter/AbstractAuthorizeAdapter.java
+2
-1
maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas10AuthorizeEndpoint.java
...org/maxkey/authz/cas/endpoint/Cas10AuthorizeEndpoint.java
+2
-2
maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas20AuthorizeEndpoint.java
...org/maxkey/authz/cas/endpoint/Cas20AuthorizeEndpoint.java
+3
-4
maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas30AuthorizeEndpoint.java
...org/maxkey/authz/cas/endpoint/Cas30AuthorizeEndpoint.java
+6
-6
maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java
...a/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java
+11
-3
maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasRestV1Endpoint.java
...java/org/maxkey/authz/cas/endpoint/CasRestV1Endpoint.java
+5
-5
maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/adapter/CasDefaultAdapter.java
.../maxkey/authz/cas/endpoint/adapter/CasDefaultAdapter.java
+3
-2
maxkey-protocols/maxkey-protocol-desktop/src/main/java/org/maxkey/authz/desktop/endpoint/DesktopAuthorizeEndpoint.java
...xkey/authz/desktop/endpoint/DesktopAuthorizeEndpoint.java
+4
-1
maxkey-protocols/maxkey-protocol-desktop/src/main/java/org/maxkey/authz/desktop/endpoint/adapter/DesktopDefaultAdapter.java
...authz/desktop/endpoint/adapter/DesktopDefaultAdapter.java
+2
-1
maxkey-protocols/maxkey-protocol-desktop/src/main/java/org/maxkey/authz/desktop/endpoint/adapter/DesktopQQAdapter.java
...xkey/authz/desktop/endpoint/adapter/DesktopQQAdapter.java
+2
-1
maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiQQExmailDefaultAdapter.java
...api/endpoint/adapter/ExtendApiQQExmailDefaultAdapter.java
+2
-1
maxkey-protocols/maxkey-protocol-formbased/src/main/java/org/maxkey/authz/formbased/endpoint/adapter/FormBasedDefaultAdapter.java
...z/formbased/endpoint/adapter/FormBasedDefaultAdapter.java
+2
-1
maxkey-protocols/maxkey-protocol-formbased/src/main/java/org/maxkey/authz/formbased/endpoint/adapter/FormBasedNetease163EmailAdapter.java
...sed/endpoint/adapter/FormBasedNetease163EmailAdapter.java
+2
-1
maxkey-protocols/maxkey-protocol-formbased/src/main/java/org/maxkey/authz/formbased/endpoint/adapter/FormBasedNeteaseNoteYoudaoAdapter.java
...d/endpoint/adapter/FormBasedNeteaseNoteYoudaoAdapter.java
+2
-1
maxkey-protocols/maxkey-protocol-formbased/src/main/java/org/maxkey/authz/formbased/endpoint/adapter/FormBasedRedirectAdapter.java
.../formbased/endpoint/adapter/FormBasedRedirectAdapter.java
+2
-1
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/controller/OAuth20AccessConfirmationController.java
...roval/controller/OAuth20AccessConfirmationController.java
+2
-2
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AuthorizationEndpoint.java
...authz/oauth2/provider/endpoint/AuthorizationEndpoint.java
+2
-2
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpoint.java
.../maxkey/authz/oauth2/provider/endpoint/TokenEndpoint.java
+5
-3
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpointAuthenticationFilter.java
.../provider/endpoint/TokenEndpointAuthenticationFilter.java
+2
-3
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/OAuthDefaultUserInfoAdapter.java
...ovider/userinfo/endpoint/OAuthDefaultUserInfoAdapter.java
+3
-2
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/UserInfoEndpoint.java
...z/oauth2/provider/userinfo/endpoint/UserInfoEndpoint.java
+9
-8
maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/AssertionEndpoint.java
...key/authz/saml20/provider/endpoint/AssertionEndpoint.java
+2
-2
maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/TokenBasedAuthorizeEndpoint.java
...key/authz/token/endpoint/TokenBasedAuthorizeEndpoint.java
+2
-0
maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedDefaultAdapter.java
...uthz/token/endpoint/adapter/TokenBasedDefaultAdapter.java
+3
-2
maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedJWTAdapter.java
...ey/authz/token/endpoint/adapter/TokenBasedJWTAdapter.java
+3
-2
maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedJWTHS256Adapter.java
...thz/token/endpoint/adapter/TokenBasedJWTHS256Adapter.java
+3
-2
maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedSimpleAdapter.java
...authz/token/endpoint/adapter/TokenBasedSimpleAdapter.java
+2
-1
maxkey-web-manage/src/main/java/org/maxkey/web/endpoint/LoginEndpoint.java
.../src/main/java/org/maxkey/web/endpoint/LoginEndpoint.java
+3
-3
maxkey-web-manage/src/main/java/org/maxkey/web/interceptor/PermissionAdapter.java
...in/java/org/maxkey/web/interceptor/PermissionAdapter.java
+2
-2
maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/AppListController.java
...ain/java/org/maxkey/web/contorller/AppListController.java
+2
-1
maxkey-web-maxkey/src/main/java/org/maxkey/web/endpoint/LoginEndpoint.java
.../src/main/java/org/maxkey/web/endpoint/LoginEndpoint.java
+3
-4
maxkey-web-maxkey/src/main/resources/application.properties
maxkey-web-maxkey/src/main/resources/application.properties
+9
-2
未找到文件。
maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java
浏览文件 @
06b27d35
...
...
@@ -18,7 +18,6 @@
package
org.maxkey.authn
;
import
java.util.ArrayList
;
import
org.maxkey.authn.online.OnlineTicketServices
;
import
org.maxkey.authn.realm.AbstractAuthenticationRealm
;
import
org.maxkey.authn.support.rememberme.AbstractRemeberMeService
;
...
...
@@ -39,7 +38,6 @@ import org.springframework.security.core.Authentication;
import
org.springframework.security.core.AuthenticationException
;
import
org.springframework.security.core.GrantedAuthority
;
import
org.springframework.security.core.authority.SimpleGrantedAuthority
;
/**
* login Authentication abstract class.
*
...
...
@@ -78,9 +76,9 @@ public abstract class AbstractAuthenticationProvider {
protected
abstract
String
getProviderName
();
protected
abstract
Authentication
doInternalAuthenticate
(
Authentication
authentication
);
protected
abstract
Authentication
doInternalAuthenticate
(
LoginCredential
authentication
);
public
abstract
Authentication
basicAuthenticate
(
Authentication
authentication
)
;
public
abstract
Authentication
basicAuthenticate
(
LoginCredential
authentication
)
;
public
abstract
Authentication
trustAuthentication
(
String
username
,
...
...
@@ -98,17 +96,18 @@ public abstract class AbstractAuthenticationProvider {
* authenticate .
*
*/
public
Authentication
authenticate
(
Authentication
authentication
)
public
Authentication
authenticate
(
LoginCredential
loginCredential
)
throws
AuthenticationException
{
_logger
.
debug
(
"Trying to authenticate user '{}' via {}"
,
authentication
.
getPrincipal
(),
getProviderName
());
loginCredential
.
getPrincipal
(),
getProviderName
());
Authentication
authentication
=
null
;
try
{
authentication
=
doInternalAuthenticate
(
authentication
);
authentication
=
doInternalAuthenticate
(
loginCredential
);
}
catch
(
AuthenticationException
e
)
{
_logger
.
error
(
"Failed to authenticate user {} via {}: {}"
,
new
Object
[]
{
authentication
.
getPrincipal
(),
getProviderName
(),
e
.
getMessage
()
});
new
Object
[]
{
loginCredential
.
getPrincipal
(),
getProviderName
(),
e
.
getMessage
()
});
WebContext
.
setAttribute
(
WebConstants
.
LOGIN_ERROR_SESSION_MESSAGE
,
e
.
getMessage
());
}
catch
(
Exception
e
)
{
...
...
@@ -131,7 +130,7 @@ public abstract class AbstractAuthenticationProvider {
final
Object
firstSavedRequest
=
WebContext
.
getAttribute
(
WebConstants
.
FIRST_SAVED_REQUEST_PARAMETER
);
//change Session
WebContext
.
getSession
().
invalidate
();
WebContext
.
setAttribute
(
WebConstants
.
CURRENT_USER_SESSION_ID
,
WebContext
.
getSession
().
getId
());
...
...
@@ -147,14 +146,7 @@ public abstract class AbstractAuthenticationProvider {
WebContext
.
getSession
().
setAttribute
(
WebConstants
.
CURRENT_LOGIN_USER_PASSWORD_SET_TYPE
,
passwordSetType
);
// create new authentication response containing the user and it's authorities
UsernamePasswordAuthenticationToken
simpleUserAuthentication
=
new
UsernamePasswordAuthenticationToken
(
userInfo
.
getUsername
(),
authentication
.
getCredentials
(),
authentication
.
getAuthorities
()
);
return
simpleUserAuthentication
;
return
authentication
;
}
/**
...
...
maxkey-core/src/main/java/org/maxkey/authn/
BasicAuthentication
.java
→
maxkey-core/src/main/java/org/maxkey/authn/
LoginCredential
.java
浏览文件 @
06b27d35
/*
* Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package
org.maxkey.authn
;
import
java.util.ArrayList
;
import
java.util.Collection
;
import
org.maxkey.authn.online.OnlineTicket
;
import
org.springframework.security.core.Authentication
;
import
org.springframework.security.core.GrantedAuthority
;
public
class
BasicAuthentication
implements
Authentication
{
private
static
final
long
serialVersionUID
=
-
110742975439268030L
;
public
class
LoginCredential
implements
Authentication
{
/**
*
*/
private
static
final
long
serialVersionUID
=
3125709257481600320L
;
String
username
;
String
password
;
String
sessionId
;
...
...
@@ -35,7 +20,7 @@ public class BasicAuthentication implements Authentication {
String
remeberMe
;
String
authType
;
String
jwtToken
;
OnlineTicket
onlineTicket
;
String
onlineTicket
;
ArrayList
<
GrantedAuthority
>
grantedAuthority
;
boolean
authenticated
;
boolean
roleAdministrators
;
...
...
@@ -43,20 +28,21 @@ public class BasicAuthentication implements Authentication {
/**
* BasicAuthentication.
*/
public
BasicAuthentication
()
{
public
LoginCredential
()
{
}
/**
* BasicAuthentication.
*/
public
BasicAuthentication
(
String
username
,
String
password
,
String
authType
)
{
public
LoginCredential
(
String
username
,
String
password
,
String
authType
)
{
this
.
username
=
username
;
this
.
password
=
password
;
this
.
authType
=
authType
;
}
@Override
public
String
getName
()
{
return
"
Basic Authentication
"
;
return
"
Login Credential
"
;
}
@Override
...
...
@@ -163,11 +149,11 @@ public class BasicAuthentication implements Authentication {
this
.
grantedAuthority
=
grantedAuthority
;
}
public
OnlineTicket
getOnlineTicket
()
{
public
String
getOnlineTicket
()
{
return
onlineTicket
;
}
public
void
setOnlineTicket
(
OnlineTicket
onlineTicket
)
{
public
void
setOnlineTicket
(
String
onlineTicket
)
{
this
.
onlineTicket
=
onlineTicket
;
}
...
...
maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java
浏览文件 @
06b27d35
...
...
@@ -49,41 +49,40 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
}
@Override
protected
Authentication
doInternalAuthenticate
(
Authentication
authentication
)
{
BasicAuthentication
auth
=
(
BasicAuthentication
)
authentication
;
protected
Authentication
doInternalAuthenticate
(
LoginCredential
loginCredential
)
{
_logger
.
debug
(
"authentication "
+
auth
);
_logger
.
debug
(
"authentication "
+
loginCredential
);
sessionValid
(
auth
.
getSessionId
());
sessionValid
(
loginCredential
.
getSessionId
());
//jwtTokenValid(j_jwtToken);
authTypeValid
(
auth
.
getAuthType
());
authTypeValid
(
loginCredential
.
getAuthType
());
captchaValid
(
auth
.
getCaptcha
(),
auth
.
getAuthType
());
captchaValid
(
loginCredential
.
getCaptcha
(),
loginCredential
.
getAuthType
());
emptyPasswordValid
(
auth
.
getPassword
());
emptyPasswordValid
(
loginCredential
.
getPassword
());
UserInfo
userInfo
=
null
;
emptyUsernameValid
(
auth
.
getUsername
());
emptyUsernameValid
(
loginCredential
.
getUsername
());
userInfo
=
loadUserInfo
(
auth
.
getUsername
(),
auth
.
getPassword
());
userInfo
=
loadUserInfo
(
loginCredential
.
getUsername
(),
loginCredential
.
getPassword
());
userinfoValid
(
userInfo
,
auth
.
getPassword
());
userinfoValid
(
userInfo
,
loginCredential
.
getPassword
());
tftcaptchaValid
(
auth
.
getOtpCaptcha
(),
auth
.
getAuthType
(),
userInfo
);
tftcaptchaValid
(
loginCredential
.
getOtpCaptcha
(),
loginCredential
.
getAuthType
(),
userInfo
);
authenticationRealm
.
getPasswordPolicyValidator
().
passwordPolicyValid
(
userInfo
);
authenticationRealm
.
passwordMatches
(
userInfo
,
auth
.
getPassword
());
authenticationRealm
.
passwordMatches
(
userInfo
,
loginCredential
.
getPassword
());
UsernamePasswordAuthenticationToken
authenticationToken
=
setOnline
(
auth
,
userInfo
);
UsernamePasswordAuthenticationToken
authenticationToken
=
setOnline
(
loginCredential
,
userInfo
);
//RemeberMe Config check then set RemeberMe cookies
if
(
applicationConfig
.
getLoginConfig
().
isRemeberMe
())
{
if
(
auth
.
getRemeberMe
()
!=
null
&&
auth
.
getRemeberMe
().
equals
(
"remeberMe"
))
{
if
(
loginCredential
.
getRemeberMe
()
!=
null
&&
loginCredential
.
getRemeberMe
().
equals
(
"remeberMe"
))
{
WebContext
.
getSession
().
setAttribute
(
WebConstants
.
REMEBER_ME_SESSION
,
auth
.
getUsername
());
WebConstants
.
REMEBER_ME_SESSION
,
loginCredential
.
getUsername
());
_logger
.
debug
(
"do Remeber Me"
);
remeberMeService
.
createRemeberMe
(
userInfo
.
getUsername
(),
...
...
@@ -98,20 +97,19 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
}
@Override
public
Authentication
basicAuthenticate
(
Authentication
authentication
)
{
BasicAuthentication
auth
=
(
BasicAuthentication
)
authentication
;
UserInfo
loadeduserInfo
=
loadUserInfo
(
auth
.
getUsername
(),
""
);
public
Authentication
basicAuthenticate
(
LoginCredential
loginCredential
)
{
UserInfo
loadeduserInfo
=
loadUserInfo
(
loginCredential
.
getUsername
(),
""
);
if
(
loadeduserInfo
!=
null
)
{
authenticationRealm
.
passwordMatches
(
loadeduserInfo
,
auth
.
getPassword
());
authenticationRealm
.
passwordMatches
(
loadeduserInfo
,
loginCredential
.
getPassword
());
authenticationRealm
.
getPasswordPolicyValidator
().
passwordPolicyValid
(
loadeduserInfo
);
authenticationRealm
.
insertLoginHistory
(
loadeduserInfo
,
auth
.
getAuthType
(),
""
,
""
,
"SUCCESS"
);
authenticationRealm
.
insertLoginHistory
(
loadeduserInfo
,
loginCredential
.
getAuthType
(),
""
,
""
,
"SUCCESS"
);
return
setOnline
(
auth
,
loadeduserInfo
);
return
setOnline
(
loginCredential
,
loadeduserInfo
);
}
else
{
String
message
=
WebContext
.
getI18nValue
(
"login.error.username"
);
_logger
.
debug
(
"login user "
+
auth
.
getUsername
()
+
" not in this System ."
+
message
);
_logger
.
debug
(
"login user "
+
loginCredential
.
getUsername
()
+
" not in this System ."
+
message
);
throw
new
BadCredentialsException
(
WebContext
.
getI18nValue
(
"login.error.username"
));
}
}
...
...
@@ -133,12 +131,12 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
String
message
)
{
UserInfo
loadeduserInfo
=
loadUserInfo
(
username
,
""
);
if
(
loadeduserInfo
!=
null
)
{
BasicAuthentication
auth
=
new
BasicAuthentication
();
auth
.
setUsername
(
loadeduserInfo
.
getUsername
());
LoginCredential
loginCredential
=
new
LoginCredential
();
loginCredential
.
setUsername
(
loadeduserInfo
.
getUsername
());
authenticationRealm
.
insertLoginHistory
(
loadeduserInfo
,
type
,
provider
,
code
,
message
);
return
setOnline
(
auth
,
loadeduserInfo
);
return
setOnline
(
loginCredential
,
loadeduserInfo
);
}
else
{
String
i18nMessage
=
WebContext
.
getI18nValue
(
"login.error.username"
);
_logger
.
debug
(
"login user "
+
username
+
" not in this System ."
+
i18nMessage
);
...
...
@@ -146,7 +144,7 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
}
}
public
UsernamePasswordAuthenticationToken
setOnline
(
BasicAuthentication
authentication
,
UserInfo
userInfo
)
{
public
UsernamePasswordAuthenticationToken
setOnline
(
LoginCredential
credential
,
UserInfo
userInfo
)
{
//Online Tickit Id
String
onlineTickitId
=
WebConstants
.
ONLINE_TICKET_PREFIX
+
"-"
+
java
.
util
.
UUID
.
randomUUID
().
toString
().
toLowerCase
();
_logger
.
debug
(
"set online Tickit Cookie "
+
onlineTickitId
+
" on domain "
+
this
.
applicationConfig
.
getBaseDomainName
());
...
...
@@ -157,27 +155,26 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
onlineTickitId
,
0
);
SigninPrincipal
signinPrincipal
=
new
SigninPrincipal
(
userInfo
);
//set OnlineTicket
OnlineTicket
onlineTicket
=
new
OnlineTicket
(
onlineTickitId
,
authentication
);
this
.
onlineTicketServices
.
store
(
onlineTickitId
,
onlineTicket
);
authentication
.
setOnlineTicket
(
onlineTicket
);
signinPrincipal
.
setOnlineTicket
(
onlineTickitId
);
ArrayList
<
GrantedAuthority
>
grantedAuthoritys
=
authenticationRealm
.
grantAuthority
(
userInfo
);
//set default roles
grantedAuthoritys
.
add
(
new
SimpleGrantedAuthority
(
"ROLE_USER"
));
grantedAuthoritys
.
add
(
new
SimpleGrantedAuthority
(
"ROLE_ORDINARY_USER"
));
authentication
.
setAuthenticated
(
true
);
signinPrincipal
.
setAuthenticated
(
true
);
for
(
GrantedAuthority
administratorsAuthority
:
grantedAdministratorsAuthoritys
)
{
if
(
grantedAuthoritys
.
contains
(
administratorsAuthority
))
{
authentication
.
setRoleAdministrators
(
true
);
signinPrincipal
.
setRoleAdministrators
(
true
);
_logger
.
trace
(
"ROLE ADMINISTRATORS Authentication ."
);
}
}
UsernamePasswordAuthenticationToken
authenticationToken
=
new
UsernamePasswordAuthenticationToken
(
authentication
,
signinPrincipal
,
"PASSWORD"
,
grantedAuthoritys
);
...
...
@@ -185,12 +182,13 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
authenticationToken
.
setDetails
(
new
WebAuthenticationDetails
(
WebContext
.
getRequest
()));
OnlineTicket
onlineTicket
=
new
OnlineTicket
(
onlineTickitId
,
authenticationToken
);
this
.
onlineTicketServices
.
store
(
onlineTickitId
,
onlineTicket
);
/*
* put userInfo to current session context
*/
WebContext
.
setAuthentication
(
authenticationToken
);
userInfo
.
setOnlineTicket
(
onlineTicket
);
WebContext
.
setUserInfo
(
userInfo
);
return
authenticationToken
;
...
...
maxkey-core/src/main/java/org/maxkey/authn/SigninPrincipal.java
0 → 100644
浏览文件 @
06b27d35
/*
* Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package
org.maxkey.authn
;
import
java.util.ArrayList
;
import
java.util.Collection
;
import
org.maxkey.domain.UserInfo
;
import
org.springframework.security.core.GrantedAuthority
;
import
org.springframework.security.core.userdetails.UserDetails
;
public
class
SigninPrincipal
implements
UserDetails
{
private
static
final
long
serialVersionUID
=
-
110742975439268030L
;
UserInfo
userInfo
;
UserDetails
userDetails
;
String
onlineTicket
;
ArrayList
<
GrantedAuthority
>
grantedAuthority
;
boolean
authenticated
;
boolean
roleAdministrators
;
/**
* SigninPrincipal.
*/
public
SigninPrincipal
()
{
}
/**
* SigninPrincipal.
*/
public
SigninPrincipal
(
UserInfo
userInfo
)
{
this
.
userInfo
=
userInfo
;
this
.
authenticated
=
true
;
}
/**
* SigninPrincipal.
*/
public
SigninPrincipal
(
UserDetails
userDetails
)
{
this
.
userDetails
=
userDetails
;
this
.
authenticated
=
true
;
}
public
UserInfo
getUserInfo
()
{
return
userInfo
;
}
public
void
setUserInfo
(
UserInfo
userInfo
)
{
this
.
userInfo
=
userInfo
;
}
public
boolean
isAuthenticated
()
{
return
authenticated
;
}
public
void
setAuthenticated
(
boolean
authenticated
)
{
this
.
authenticated
=
authenticated
;
}
@Override
public
Collection
<?
extends
GrantedAuthority
>
getAuthorities
()
{
return
grantedAuthority
;
}
public
ArrayList
<
GrantedAuthority
>
getGrantedAuthority
()
{
return
grantedAuthority
;
}
public
UserDetails
getUserDetails
()
{
return
userDetails
;
}
public
void
setUserDetails
(
UserDetails
userDetails
)
{
this
.
userDetails
=
userDetails
;
}
public
void
setGrantedAuthority
(
ArrayList
<
GrantedAuthority
>
grantedAuthority
)
{
this
.
grantedAuthority
=
grantedAuthority
;
}
public
String
getOnlineTicket
()
{
return
onlineTicket
;
}
public
void
setOnlineTicket
(
String
onlineTicket
)
{
this
.
onlineTicket
=
onlineTicket
;
}
public
boolean
isRoleAdministrators
()
{
return
roleAdministrators
;
}
public
void
setRoleAdministrators
(
boolean
roleAdministrators
)
{
this
.
roleAdministrators
=
roleAdministrators
;
}
@Override
public
boolean
isAccountNonExpired
()
{
return
false
;
}
@Override
public
boolean
isAccountNonLocked
()
{
return
false
;
}
@Override
public
boolean
isCredentialsNonExpired
()
{
return
false
;
}
@Override
public
boolean
isEnabled
()
{
return
false
;
}
@Override
public
String
getUsername
()
{
if
(
this
.
userInfo
!=
null
)
{
return
this
.
userInfo
.
getUsername
();
}
else
{
return
this
.
userDetails
.
getUsername
();
}
}
@Override
public
String
getPassword
()
{
if
(
this
.
userInfo
!=
null
)
{
return
this
.
userInfo
.
getPassword
();
}
else
{
return
this
.
userDetails
.
getPassword
();
}
}
@Override
public
String
toString
()
{
StringBuilder
builder
=
new
StringBuilder
();
builder
.
append
(
"SigninPrincipal [userInfo="
);
builder
.
append
(
userInfo
);
builder
.
append
(
", onlineTicket="
);
builder
.
append
(
onlineTicket
);
builder
.
append
(
", grantedAuthority="
);
builder
.
append
(
grantedAuthority
);
builder
.
append
(
", authenticated="
);
builder
.
append
(
authenticated
);
builder
.
append
(
", roleAdministrators="
);
builder
.
append
(
roleAdministrators
);
builder
.
append
(
"]"
);
return
builder
.
toString
();
}
}
maxkey-core/src/main/java/org/maxkey/autoconfigure/MvcAutoConfiguration.java
浏览文件 @
06b27d35
...
...
@@ -20,6 +20,9 @@ package org.maxkey.autoconfigure;
import
java.nio.charset.Charset
;
import
java.util.ArrayList
;
import
java.util.List
;
import
javax.servlet.Filter
;
import
org.maxkey.constants.ConstantsProperties
;
import
org.slf4j.Logger
;
import
org.slf4j.LoggerFactory
;
...
...
@@ -28,6 +31,7 @@ import org.springframework.beans.factory.annotation.Value;
import
org.springframework.boot.web.server.ConfigurableWebServerFactory
;
import
org.springframework.boot.web.server.ErrorPage
;
import
org.springframework.boot.web.server.WebServerFactoryCustomizer
;
import
org.springframework.boot.web.servlet.FilterRegistrationBean
;
import
org.springframework.context.annotation.Bean
;
import
org.springframework.context.annotation.Configuration
;
import
org.springframework.context.annotation.PropertySource
;
...
...
@@ -39,7 +43,9 @@ import org.springframework.http.converter.StringHttpMessageConverter;
import
org.springframework.http.converter.json.MappingJackson2HttpMessageConverter
;
import
org.springframework.http.converter.xml.MarshallingHttpMessageConverter
;
import
org.springframework.oxm.jaxb.Jaxb2Marshaller
;
import
org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter
;
import
org.springframework.web.client.RestTemplate
;
import
org.springframework.web.filter.DelegatingFilterProxy
;
import
org.springframework.web.multipart.commons.CommonsMultipartResolver
;
import
org.springframework.web.servlet.i18n.CookieLocaleResolver
;
import
org.springframework.web.servlet.i18n.LocaleChangeInterceptor
;
...
...
@@ -244,6 +250,25 @@ public class MvcAutoConfiguration implements InitializingBean {
};
}
@Bean
public
SecurityContextHolderAwareRequestFilter
securityContextHolderAwareRequestFilter
()
{
_logger
.
debug
(
"securityContextHolderAwareRequestFilter init "
);
return
new
SecurityContextHolderAwareRequestFilter
();
}
@Bean
public
FilterRegistrationBean
<
Filter
>
delegatingFilterProxy
()
{
_logger
.
debug
(
"delegatingFilterProxy init for /* "
);
FilterRegistrationBean
<
Filter
>
registrationBean
=
new
FilterRegistrationBean
<
Filter
>();
registrationBean
.
setFilter
(
new
DelegatingFilterProxy
(
"securityContextHolderAwareRequestFilter"
));
registrationBean
.
addUrlPatterns
(
"/*"
);
//registrationBean.
registrationBean
.
setName
(
"delegatingFilterProxy"
);
registrationBean
.
setOrder
(
1
);
return
registrationBean
;
}
@Override
public
void
afterPropertiesSet
()
throws
Exception
{
// TODO Auto-generated method stub
...
...
maxkey-core/src/main/java/org/maxkey/domain/UserInfo.java
浏览文件 @
06b27d35
...
...
@@ -26,7 +26,6 @@ import javax.persistence.GenerationType;
import
javax.persistence.Id
;
import
javax.persistence.Table
;
import
org.apache.mybatis.jpa.persistence.JpaBaseDomain
;
import
org.maxkey.authn.online.OnlineTicket
;
import
org.maxkey.util.StringUtils
;
import
org.springframework.web.multipart.MultipartFile
;
...
...
@@ -230,8 +229,6 @@ public class UserInfo extends JpaBaseDomain {
protected
HashMap
<
String
,
String
>
extraAttributeMap
;
protected
int
online
;
OnlineTicket
onlineTicket
;
protected
String
ldapDn
;
...
...
@@ -1165,14 +1162,6 @@ public class UserInfo extends JpaBaseDomain {
this
.
createdBy
=
createdBy
;
}
public
OnlineTicket
getOnlineTicket
()
{
return
onlineTicket
;
}
public
void
setOnlineTicket
(
OnlineTicket
onlineTicket
)
{
this
.
onlineTicket
=
onlineTicket
;
}
/**
* @return the createdDate
*/
...
...
maxkey-core/src/main/java/org/maxkey/domain/apps/Apps.java
浏览文件 @
06b27d35
...
...
@@ -153,6 +153,8 @@ public class Apps extends JpaBaseDomain implements Serializable {
protected
String
loginDateTime
;
protected
String
onlineTicket
;
public
Apps
()
{
super
();
isSignature
=
Boolean
.
FALSE
;
...
...
@@ -549,6 +551,14 @@ public class Apps extends JpaBaseDomain implements Serializable {
this
.
loginDateTime
=
loginDateTime
;
}
public
String
getOnlineTicket
()
{
return
onlineTicket
;
}
public
void
setOnlineTicket
(
String
onlineTicket
)
{
this
.
onlineTicket
=
onlineTicket
;
}
@Override
public
String
toString
()
{
StringBuilder
builder
=
new
StringBuilder
();
...
...
maxkey-core/src/main/java/org/maxkey/web/InitializeContext.java
浏览文件 @
06b27d35
...
...
@@ -36,6 +36,7 @@ import org.springframework.beans.BeansException;
import
org.springframework.context.ApplicationContext
;
import
org.springframework.context.ConfigurableApplicationContext
;
import
org.springframework.context.support.PropertySourcesPlaceholderConfigurer
;
import
org.springframework.security.core.context.SecurityContextHolder
;
import
org.springframework.web.context.support.WebApplicationContextUtils
;
/**
...
...
@@ -57,7 +58,10 @@ public class InitializeContext extends HttpServlet {
@Override
public
void
init
(
ServletConfig
config
)
throws
ServletException
{
super
.
init
(
config
);
_logger
.
info
(
"SecurityContextHolder StrategyName "
+
SessionSecurityContextHolderStrategy
.
class
.
getCanonicalName
());
SecurityContextHolder
.
setStrategyName
(
SessionSecurityContextHolderStrategy
.
class
.
getCanonicalName
());
// List Environment Variables
listEnvVars
();
...
...
maxkey-core/src/main/java/org/maxkey/web/SessionSecurityContextHolderStrategy.java
0 → 100644
浏览文件 @
06b27d35
package
org.maxkey.web
;
import
org.slf4j.Logger
;
import
org.slf4j.LoggerFactory
;
import
org.springframework.security.core.Authentication
;
import
org.springframework.security.core.context.SecurityContext
;
import
org.springframework.security.core.context.SecurityContextHolderStrategy
;
import
org.springframework.security.core.context.SecurityContextImpl
;
/**
* SecurityContext Session for Request , use SecurityContextHolderAwareRequestFilter
* @author Crystal.Sea
*
*/
public
class
SessionSecurityContextHolderStrategy
implements
SecurityContextHolderStrategy
{
private
static
final
Logger
_logger
=
LoggerFactory
.
getLogger
(
SessionSecurityContextHolderStrategy
.
class
);
@Override
public
void
clearContext
()
{
WebContext
.
removeAttribute
(
WebConstants
.
AUTHENTICATION
);
}
@Override
public
SecurityContext
getContext
()
{
SecurityContext
ctx
=
createEmptyContext
();
Authentication
authentication
=
null
;
try
{
authentication
=
(
Authentication
)
WebContext
.
getAuthentication
();
if
(
authentication
!=
null
)
{
ctx
.
setAuthentication
(
authentication
);
}
}
catch
(
Exception
e
)
{
_logger
.
trace
(
"a session "
,
e
);
}
return
ctx
;
}
@Override
public
void
setContext
(
SecurityContext
context
)
{
WebContext
.
setAuthentication
(
context
.
getAuthentication
());
}
@Override
public
SecurityContext
createEmptyContext
()
{
return
new
SecurityContextImpl
();
}
}
maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/adapter/AbstractAuthorizeAdapter.java
浏览文件 @
06b27d35
...
...
@@ -19,6 +19,7 @@ package org.maxkey.authz.endpoint.adapter;
import
java.io.UnsupportedEncodingException
;
import
org.apache.commons.codec.binary.Hex
;
import
org.maxkey.authn.SigninPrincipal
;
import
org.maxkey.constants.Boolean
;
import
org.maxkey.crypto.Base64Utils
;
import
org.maxkey.crypto.ReciprocalUtils
;
...
...
@@ -39,7 +40,7 @@ public abstract class AbstractAuthorizeAdapter {
public
abstract
ModelAndView
authorize
(
UserInfo
userInfo
,
Object
app
,
String
data
,
ModelAndView
modelAndView
);
public
abstract
String
generateInfo
(
UserInfo
userInfo
,
Object
app
);
public
abstract
String
generateInfo
(
SigninPrincipal
authentication
,
UserInfo
userInfo
,
Object
app
);
public
String
sign
(
String
data
,
Apps
app
){
if
(
Boolean
.
isTrue
(
app
.
getIsSignature
())){
...
...
maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas10AuthorizeEndpoint.java
浏览文件 @
06b27d35
...
...
@@ -23,7 +23,7 @@ package org.maxkey.authz.cas.endpoint;
import
javax.servlet.http.HttpServletRequest
;
import
javax.servlet.http.HttpServletResponse
;
import
org.maxkey.authn.
BasicAuthentication
;
import
org.maxkey.authn.
SigninPrincipal
;
import
org.maxkey.authz.cas.endpoint.response.Service10ResponseBuilder
;
import
org.maxkey.authz.cas.endpoint.ticket.CasConstants
;
import
org.maxkey.authz.cas.endpoint.ticket.Ticket
;
...
...
@@ -102,7 +102,7 @@ renew [OPTIONAL] - if this parameter is set, ticket validation will only succeed
}
if
(
storedTicket
!=
null
){
String
principal
=((
BasicAuthentication
)
storedTicket
.
getAuthentication
().
getPrincipal
()).
getUsername
();
String
principal
=((
SigninPrincipal
)
storedTicket
.
getAuthentication
().
getPrincipal
()).
getUsername
();
_logger
.
debug
(
"principal "
+
principal
);
return
new
Service10ResponseBuilder
().
success
()
.
setUser
(
principal
)
...
...
maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas20AuthorizeEndpoint.java
浏览文件 @
06b27d35
...
...
@@ -23,7 +23,7 @@ package org.maxkey.authz.cas.endpoint;
import
javax.servlet.http.HttpServletRequest
;
import
javax.servlet.http.HttpServletResponse
;
import
org.maxkey.authn.
BasicAuthentication
;
import
org.maxkey.authn.
SigninPrincipal
;
import
org.maxkey.authz.cas.endpoint.response.ProxyServiceResponseBuilder
;
import
org.maxkey.authz.cas.endpoint.response.ServiceResponseBuilder
;
import
org.maxkey.authz.cas.endpoint.ticket.CasConstants
;
...
...
@@ -193,7 +193,7 @@ For all error codes, it is RECOMMENDED that CAS provide a more detailed message
ServiceResponseBuilder
serviceResponseBuilder
=
new
ServiceResponseBuilder
();
if
(
storedTicket
!=
null
){
BasicAuthentication
authentication
=
((
BasicAuthentication
)
storedTicket
.
getAuthentication
().
getPrincipal
());
SigninPrincipal
authentication
=
((
SigninPrincipal
)
storedTicket
.
getAuthentication
().
getPrincipal
());
String
principal
=
authentication
.
getUsername
();
_logger
.
debug
(
"principal "
+
principal
);
serviceResponseBuilder
.
success
().
setUser
(
principal
);
...
...
@@ -201,8 +201,7 @@ For all error codes, it is RECOMMENDED that CAS provide a more detailed message
if
(
Boolean
.
isTrue
(
storedTicket
.
getCasDetails
().
getIsAdapter
())){
AbstractAuthorizeAdapter
adapter
=(
AbstractAuthorizeAdapter
)
Instance
.
newInstance
(
storedTicket
.
getCasDetails
().
getAdapter
());
UserInfo
userInfo
=
(
UserInfo
)
userInfoService
.
loadByUsername
(
principal
);
userInfo
.
setOnlineTicket
(
authentication
.
getOnlineTicket
());
adapter
.
generateInfo
(
userInfo
,
serviceResponseBuilder
);
adapter
.
generateInfo
(
authentication
,
userInfo
,
serviceResponseBuilder
);
}
}
else
{
serviceResponseBuilder
.
failure
()
...
...
maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas30AuthorizeEndpoint.java
浏览文件 @
06b27d35
...
...
@@ -23,7 +23,7 @@ package org.maxkey.authz.cas.endpoint;
import
javax.servlet.http.HttpServletRequest
;
import
javax.servlet.http.HttpServletResponse
;
import
org.maxkey.authn.
BasicAuthentication
;
import
org.maxkey.authn.
SigninPrincipal
;
import
org.maxkey.authz.cas.endpoint.response.ServiceResponseBuilder
;
import
org.maxkey.authz.cas.endpoint.ticket.CasConstants
;
import
org.maxkey.authz.cas.endpoint.ticket.Ticket
;
...
...
@@ -76,15 +76,14 @@ public class Cas30AuthorizeEndpoint extends CasBaseAuthorizeEndpoint{
ServiceResponseBuilder
serviceResponseBuilder
=
new
ServiceResponseBuilder
();
if
(
storedTicket
!=
null
){
BasicAuthentication
authentication
=
((
BasicAuthentication
)
storedTicket
.
getAuthentication
().
getPrincipal
());
SigninPrincipal
authentication
=
((
SigninPrincipal
)
storedTicket
.
getAuthentication
().
getPrincipal
());
String
principal
=
authentication
.
getUsername
();
serviceResponseBuilder
.
success
().
setUser
(
principal
);
if
(
Boolean
.
isTrue
(
storedTicket
.
getCasDetails
().
getIsAdapter
())){
AbstractAuthorizeAdapter
adapter
=(
AbstractAuthorizeAdapter
)
Instance
.
newInstance
(
storedTicket
.
getCasDetails
().
getAdapter
());
UserInfo
userInfo
=
(
UserInfo
)
userInfoService
.
loadByUsername
(
principal
);
userInfo
.
setOnlineTicket
(
authentication
.
getOnlineTicket
());
adapter
.
generateInfo
(
userInfo
,
serviceResponseBuilder
);
adapter
.
generateInfo
(
authentication
,
userInfo
,
serviceResponseBuilder
);
}
}
else
{
serviceResponseBuilder
.
failure
()
...
...
@@ -123,13 +122,14 @@ public class Cas30AuthorizeEndpoint extends CasBaseAuthorizeEndpoint{
ServiceResponseBuilder
serviceResponseBuilder
=
new
ServiceResponseBuilder
();
if
(
storedTicket
!=
null
){
String
principal
=((
BasicAuthentication
)
storedTicket
.
getAuthentication
().
getPrincipal
()).
getUsername
();
SigninPrincipal
authentication
=
((
SigninPrincipal
)
storedTicket
.
getAuthentication
().
getPrincipal
());
String
principal
=
authentication
.
getUsername
();
serviceResponseBuilder
.
success
().
setUser
(
principal
);
if
(
Boolean
.
isTrue
(
storedTicket
.
getCasDetails
().
getIsAdapter
())){
AbstractAuthorizeAdapter
adapter
=(
AbstractAuthorizeAdapter
)
Instance
.
newInstance
(
storedTicket
.
getCasDetails
().
getAdapter
());
UserInfo
userInfo
=
(
UserInfo
)
userInfoService
.
loadByUsername
(
principal
);
adapter
.
generateInfo
(
userInfo
,
serviceResponseBuilder
);
adapter
.
generateInfo
(
authentication
,
userInfo
,
serviceResponseBuilder
);
}
}
else
{
serviceResponseBuilder
.
failure
()
...
...
maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java
浏览文件 @
06b27d35
...
...
@@ -20,12 +20,13 @@
*/
package
org.maxkey.authz.cas.endpoint
;
import
java.security.Principal
;
import
java.util.Map
;
import
javax.servlet.http.HttpServletRequest
;
import
javax.servlet.http.HttpServletResponse
;
import
org.maxkey.authn.
BasicAuthentication
;
import
org.maxkey.authn.
SigninPrincipal
;
import
org.maxkey.authn.online.OnlineTicket
;
import
org.maxkey.authz.cas.endpoint.ticket.CasConstants
;
import
org.maxkey.authz.cas.endpoint.ticket.ServiceTicketImpl
;
...
...
@@ -36,6 +37,9 @@ import org.maxkey.web.WebConstants;
import
org.maxkey.web.WebContext
;
import
org.slf4j.Logger
;
import
org.slf4j.LoggerFactory
;
import
org.springframework.security.core.Authentication
;
import
org.springframework.security.core.annotation.AuthenticationPrincipal
;
import
org.springframework.security.core.context.SecurityContextHolder
;
import
org.springframework.stereotype.Controller
;
import
org.springframework.web.bind.annotation.PathVariable
;
import
org.springframework.web.bind.annotation.RequestMapping
;
...
...
@@ -92,10 +96,12 @@ public class CasAuthorizeEndpoint extends CasBaseAuthorizeEndpoint{
}
@RequestMapping
(
"/authz/cas/granting"
)
public
ModelAndView
grantingTicket
(
public
ModelAndView
grantingTicket
(
Principal
principal
,
@AuthenticationPrincipal
Object
user
,
HttpServletRequest
request
,
HttpServletResponse
response
){
Authentication
authentication
=
SecurityContextHolder
.
getContext
().
getAuthentication
();
AppsCasDetails
casDetails
=(
AppsCasDetails
)
WebContext
.
getAttribute
(
CasConstants
.
PARAMETER
.
ENDPOINT_CAS_DETAILS
);
ServiceTicketImpl
serviceTicket
=
new
ServiceTicketImpl
(
WebContext
.
getAuthentication
(),
casDetails
);
...
...
@@ -129,8 +135,10 @@ public class CasAuthorizeEndpoint extends CasBaseAuthorizeEndpoint{
}
if
(
casDetails
.
getLogoutType
()==
LogoutType
.
BACK_CHANNEL
)
{
String
onlineTicketId
=
((
BasicAuthentication
)
WebContext
.
getAuthentication
().
getPrincipal
()).
getOnlineTicket
().
getTicketId
();
String
onlineTicketId
=
((
SigninPrincipal
)
WebContext
.
getAuthentication
().
getPrincipal
()).
getOnlineTicket
();
OnlineTicket
onlineTicket
=
onlineTicketServices
.
get
(
onlineTicketId
);
//set cas ticket as OnlineTicketId
casDetails
.
setOnlineTicket
(
ticket
);
onlineTicket
.
setAuthorizedApp
(
casDetails
);
onlineTicketServices
.
store
(
onlineTicketId
,
onlineTicket
);
}
...
...
maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasRestV1Endpoint.java
浏览文件 @
06b27d35
...
...
@@ -24,7 +24,7 @@ import javax.servlet.http.HttpServletRequest;
import
javax.servlet.http.HttpServletResponse
;
import
org.maxkey.authn.AbstractAuthenticationProvider
;
import
org.maxkey.authn.
BasicAuthentication
;
import
org.maxkey.authn.
LoginCredential
;
import
org.maxkey.authz.cas.endpoint.response.ServiceResponseBuilder
;
import
org.maxkey.authz.cas.endpoint.ticket.CasConstants
;
import
org.maxkey.authz.cas.endpoint.ticket.ServiceTicketImpl
;
...
...
@@ -75,9 +75,9 @@ public class CasRestV1Endpoint extends CasBaseAuthorizeEndpoint{
throw
new
BadCredentialsException
(
"No credentials are provided or extracted to authenticate the REST request"
);
}
BasicAuthentication
authentication
=
new
BasicAuthentication
(
username
,
password
,
"CASREST"
);
LoginCredential
loginCredential
=
new
LoginCredential
(
username
,
password
,
"CASREST"
);
authenticationProvider
.
basicAuthenticate
(
authentication
);
authenticationProvider
.
basicAuthenticate
(
loginCredential
);
TicketGrantingTicketImpl
ticketGrantingTicket
=
new
TicketGrantingTicketImpl
(
"Random"
,
WebContext
.
getAuthentication
(),
null
);
...
...
@@ -178,9 +178,9 @@ public class CasRestV1Endpoint extends CasBaseAuthorizeEndpoint{
throw
new
BadCredentialsException
(
"No credentials are provided or extracted to authenticate the REST request"
);
}
BasicAuthentication
authentication
=
new
BasicAuthentication
(
username
,
password
,
"CASREST"
);
LoginCredential
loginCredential
=
new
LoginCredential
(
username
,
password
,
"CASREST"
);
authenticationProvider
.
basicAuthenticate
(
authentication
);
authenticationProvider
.
basicAuthenticate
(
loginCredential
);
UserInfo
userInfo
=
WebContext
.
getUserInfo
();
TicketGrantingTicketImpl
ticketGrantingTicket
=
new
TicketGrantingTicketImpl
(
"Random"
,
WebContext
.
getAuthentication
(),
null
);
...
...
maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/adapter/CasDefaultAdapter.java
浏览文件 @
06b27d35
...
...
@@ -20,6 +20,7 @@ package org.maxkey.authz.cas.endpoint.adapter;
import
java.io.UnsupportedEncodingException
;
import
org.apache.commons.codec.binary.Base64
;
import
org.maxkey.authn.SigninPrincipal
;
import
org.maxkey.authz.cas.endpoint.response.ServiceResponseBuilder
;
import
org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter
;
import
org.maxkey.domain.UserInfo
;
...
...
@@ -47,7 +48,7 @@ public class CasDefaultAdapter extends AbstractAuthorizeAdapter {
}
@Override
public
String
generateInfo
(
UserInfo
userInfo
,
Object
serviceResponseObject
)
{
public
String
generateInfo
(
SigninPrincipal
authentication
,
UserInfo
userInfo
,
Object
serviceResponseObject
)
{
ServiceResponseBuilder
serviceResponseBuilder
=(
ServiceResponseBuilder
)
serviceResponseObject
;
//for user
serviceResponseBuilder
.
setAttribute
(
"uid"
,
userInfo
.
getId
());
...
...
@@ -66,7 +67,7 @@ public class CasDefaultAdapter extends AbstractAuthorizeAdapter {
serviceResponseBuilder
.
setAttribute
(
"departmentId"
,
userInfo
.
getDepartmentId
());
serviceResponseBuilder
.
setAttribute
(
"workRegion"
,
base64Attr
(
userInfo
.
getWorkRegion
()));
serviceResponseBuilder
.
setAttribute
(
WebConstants
.
ONLINE_TICKET_NAME
,
userInfo
.
getOnlineTicket
().
getTicketId
());
serviceResponseBuilder
.
setAttribute
(
WebConstants
.
ONLINE_TICKET_NAME
,
authentication
.
getOnlineTicket
());
return
null
;
}
...
...
maxkey-protocols/maxkey-protocol-desktop/src/main/java/org/maxkey/authz/desktop/endpoint/DesktopAuthorizeEndpoint.java
浏览文件 @
06b27d35
...
...
@@ -22,6 +22,7 @@ package org.maxkey.authz.desktop.endpoint;
import
javax.servlet.http.HttpServletRequest
;
import
org.maxkey.authn.SigninPrincipal
;
import
org.maxkey.authz.desktop.endpoint.adapter.DesktopDefaultAdapter
;
import
org.maxkey.authz.endpoint.AuthorizeBaseEndpoint
;
import
org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter
;
...
...
@@ -74,7 +75,9 @@ public class DesktopAuthorizeEndpoint extends AuthorizeBaseEndpoint{
adapter
=(
AbstractAuthorizeAdapter
)
defaultDesktopAdapter
;
}
String
paramString
=
adapter
.
generateInfo
(
WebContext
.
getUserInfo
(),
desktopDetails
);
String
paramString
=
adapter
.
generateInfo
(
(
SigninPrincipal
)
WebContext
.
getAuthentication
().
getPrincipal
(),
WebContext
.
getUserInfo
(),
desktopDetails
);
String
encryptParamString
=
adapter
.
encrypt
(
paramString
,
null
,
null
);
...
...
maxkey-protocols/maxkey-protocol-desktop/src/main/java/org/maxkey/authz/desktop/endpoint/adapter/DesktopDefaultAdapter.java
浏览文件 @
06b27d35
...
...
@@ -19,6 +19,7 @@ package org.maxkey.authz.desktop.endpoint.adapter;
import
java.util.HashMap
;
import
org.maxkey.authn.SigninPrincipal
;
import
org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter
;
import
org.maxkey.crypto.HexUtils
;
import
org.maxkey.domain.UserInfo
;
...
...
@@ -33,7 +34,7 @@ import org.springframework.web.servlet.ModelAndView;
public
class
DesktopDefaultAdapter
extends
AbstractAuthorizeAdapter
{
final
static
Logger
_logger
=
LoggerFactory
.
getLogger
(
DesktopDefaultAdapter
.
class
);
@Override
public
String
generateInfo
(
UserInfo
userInfo
,
Object
app
)
{
public
String
generateInfo
(
SigninPrincipal
authentication
,
UserInfo
userInfo
,
Object
app
)
{
AppsDesktopDetails
details
=(
AppsDesktopDetails
)
app
;
String
parameter
=
details
.
getParameter
()==
null
?
""
:
details
.
getParameter
();
...
...
maxkey-protocols/maxkey-protocol-desktop/src/main/java/org/maxkey/authz/desktop/endpoint/adapter/DesktopQQAdapter.java
浏览文件 @
06b27d35
...
...
@@ -19,6 +19,7 @@ package org.maxkey.authz.desktop.endpoint.adapter;
import
java.util.HashMap
;
import
org.maxkey.authn.SigninPrincipal
;
import
org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter
;
import
org.maxkey.crypto.HexUtils
;
import
org.maxkey.domain.UserInfo
;
...
...
@@ -33,7 +34,7 @@ import org.springframework.web.servlet.ModelAndView;
public
class
DesktopQQAdapter
extends
AbstractAuthorizeAdapter
{
final
static
Logger
_logger
=
LoggerFactory
.
getLogger
(
DesktopQQAdapter
.
class
);
@Override
public
String
generateInfo
(
UserInfo
userInfo
,
Object
app
)
{
public
String
generateInfo
(
SigninPrincipal
authentication
,
UserInfo
userInfo
,
Object
app
)
{
AppsDesktopDetails
details
=(
AppsDesktopDetails
)
app
;
String
parameter
=
details
.
getParameter
()==
null
?
""
:
details
.
getParameter
();
...
...
maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiQQExmailDefaultAdapter.java
浏览文件 @
06b27d35
...
...
@@ -19,6 +19,7 @@ package org.maxkey.authz.exapi.endpoint.adapter;
import
java.util.HashMap
;
import
org.maxkey.authn.SigninPrincipal
;
import
org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter
;
import
org.maxkey.client.oauth.OAuthClient
;
import
org.maxkey.client.oauth.model.Token
;
...
...
@@ -38,7 +39,7 @@ public class ExtendApiQQExmailDefaultAdapter extends AbstractAuthorizeAdapter {
static
String
authkey_uri
=
"http://openapi.exmail.qq.com:12211/openapi/mail/authkey"
;
@Override
public
String
generateInfo
(
UserInfo
userInfo
,
Object
app
)
{
public
String
generateInfo
(
SigninPrincipal
authentication
,
UserInfo
userInfo
,
Object
app
)
{
return
null
;
}
...
...
maxkey-protocols/maxkey-protocol-formbased/src/main/java/org/maxkey/authz/formbased/endpoint/adapter/FormBasedDefaultAdapter.java
浏览文件 @
06b27d35
...
...
@@ -17,6 +17,7 @@
package
org.maxkey.authz.formbased.endpoint.adapter
;
import
org.maxkey.authn.SigninPrincipal
;
import
org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter
;
import
org.maxkey.constants.Boolean
;
import
org.maxkey.crypto.DigestUtils
;
...
...
@@ -27,7 +28,7 @@ import org.springframework.web.servlet.ModelAndView;
public
class
FormBasedDefaultAdapter
extends
AbstractAuthorizeAdapter
{
@Override
public
String
generateInfo
(
UserInfo
userInfo
,
Object
app
)
{
public
String
generateInfo
(
SigninPrincipal
authentication
,
UserInfo
userInfo
,
Object
app
)
{
return
null
;
}
...
...
maxkey-protocols/maxkey-protocol-formbased/src/main/java/org/maxkey/authz/formbased/endpoint/adapter/FormBasedNetease163EmailAdapter.java
浏览文件 @
06b27d35
...
...
@@ -17,6 +17,7 @@
package
org.maxkey.authz.formbased.endpoint.adapter
;
import
org.maxkey.authn.SigninPrincipal
;
import
org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter
;
import
org.maxkey.constants.Boolean
;
import
org.maxkey.domain.UserInfo
;
...
...
@@ -26,7 +27,7 @@ import org.springframework.web.servlet.ModelAndView;
public
class
FormBasedNetease163EmailAdapter
extends
AbstractAuthorizeAdapter
{
@Override
public
String
generateInfo
(
UserInfo
userInfo
,
Object
app
)
{
public
String
generateInfo
(
SigninPrincipal
authentication
,
UserInfo
userInfo
,
Object
app
)
{
return
null
;
}
...
...
maxkey-protocols/maxkey-protocol-formbased/src/main/java/org/maxkey/authz/formbased/endpoint/adapter/FormBasedNeteaseNoteYoudaoAdapter.java
浏览文件 @
06b27d35
...
...
@@ -19,6 +19,7 @@ package org.maxkey.authz.formbased.endpoint.adapter;
import
java.util.Date
;
import
org.maxkey.authn.SigninPrincipal
;
import
org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter
;
import
org.maxkey.crypto.DigestUtils
;
import
org.maxkey.domain.UserInfo
;
...
...
@@ -28,7 +29,7 @@ import org.springframework.web.servlet.ModelAndView;
public
class
FormBasedNeteaseNoteYoudaoAdapter
extends
AbstractAuthorizeAdapter
{
@Override
public
String
generateInfo
(
UserInfo
userInfo
,
Object
app
)
{
public
String
generateInfo
(
SigninPrincipal
authentication
,
UserInfo
userInfo
,
Object
app
)
{
return
null
;
}
...
...
maxkey-protocols/maxkey-protocol-formbased/src/main/java/org/maxkey/authz/formbased/endpoint/adapter/FormBasedRedirectAdapter.java
浏览文件 @
06b27d35
...
...
@@ -17,6 +17,7 @@
package
org.maxkey.authz.formbased.endpoint.adapter
;
import
org.maxkey.authn.SigninPrincipal
;
import
org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter
;
import
org.maxkey.constants.Boolean
;
import
org.maxkey.crypto.DigestUtils
;
...
...
@@ -28,7 +29,7 @@ import org.springframework.web.servlet.ModelAndView;
public
class
FormBasedRedirectAdapter
extends
AbstractAuthorizeAdapter
{
@Override
public
String
generateInfo
(
UserInfo
userInfo
,
Object
app
)
{
public
String
generateInfo
(
SigninPrincipal
authentication
,
UserInfo
userInfo
,
Object
app
)
{
return
null
;
}
...
...
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/controller/OAuth20AccessConfirmationController.java
浏览文件 @
06b27d35
...
...
@@ -20,7 +20,7 @@ package org.maxkey.authz.oauth2.provider.approval.controller;
import
java.util.HashMap
;
import
java.util.LinkedHashMap
;
import
java.util.Map
;
import
org.maxkey.authn.
BasicAuthentication
;
import
org.maxkey.authn.
SigninPrincipal
;
import
org.maxkey.authz.endpoint.AuthorizeBaseEndpoint
;
import
org.maxkey.authz.oauth2.common.util.OAuth2Utils
;
import
org.maxkey.authz.oauth2.provider.AuthorizationRequest
;
...
...
@@ -102,7 +102,7 @@ public class OAuth20AccessConfirmationController {
scopes
.
put
(
OAuth2Utils
.
SCOPE_PREFIX
+
scope
,
"false"
);
}
String
principal
=
((
BasicAuthentication
)
WebContext
.
getAuthentication
().
getPrincipal
()).
getUsername
();
((
SigninPrincipal
)
WebContext
.
getAuthentication
().
getPrincipal
()).
getUsername
();
for
(
Approval
approval
:
approvalStore
.
getApprovals
(
principal
,
client
.
getClientId
()))
{
if
(
clientAuth
.
getScope
().
contains
(
approval
.
getScope
()))
{
scopes
.
put
(
OAuth2Utils
.
SCOPE_PREFIX
+
approval
.
getScope
(),
...
...
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AuthorizationEndpoint.java
浏览文件 @
06b27d35
...
...
@@ -129,7 +129,7 @@ public class AuthorizationEndpoint extends AbstractEndpoint {
@RequestMapping
(
value
=
"/oauth/v20/authorize"
,
method
=
RequestMethod
.
GET
)
public
ModelAndView
authorize
(
Map
<
String
,
Object
>
model
,
@RequestParam
Map
<
String
,
String
>
parameters
,
SessionStatus
sessionStatus
)
{
Principal
principal
=(
Principal
)
WebContext
.
getAuthentication
()
.
getPrincipal
()
;
Principal
principal
=(
Principal
)
WebContext
.
getAuthentication
();
// Pull out the authorization request first, using the OAuth2RequestFactory. All further logic should
// query off of the authorization request instead of referring back to the parameters map. The contents of the
// parameters map will be stored without change in the AuthorizationRequest object once it is created.
...
...
@@ -208,7 +208,7 @@ public class AuthorizationEndpoint extends AbstractEndpoint {
@RequestMapping
(
value
=
"/oauth/v20/authorize"
,
method
=
RequestMethod
.
POST
,
params
=
OAuth2Utils
.
USER_OAUTH_APPROVAL
)
public
View
approveOrDeny
(
@RequestParam
Map
<
String
,
String
>
approvalParameters
,
Map
<
String
,
?>
model
,
SessionStatus
sessionStatus
)
{
Principal
principal
=(
Principal
)
WebContext
.
getAuthentication
()
.
getPrincipal
()
;
Principal
principal
=(
Principal
)
WebContext
.
getAuthentication
();
if
(!(
principal
instanceof
Authentication
))
{
sessionStatus
.
setComplete
();
throw
new
InsufficientAuthenticationException
(
...
...
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpoint.java
浏览文件 @
06b27d35
...
...
@@ -23,6 +23,7 @@ import java.util.HashSet;
import
java.util.Map
;
import
java.util.Set
;
import
org.maxkey.authn.SigninPrincipal
;
import
org.maxkey.authz.oauth2.common.OAuth2AccessToken
;
import
org.maxkey.authz.oauth2.common.exceptions.InvalidClientException
;
import
org.maxkey.authz.oauth2.common.exceptions.InvalidGrantException
;
...
...
@@ -41,6 +42,7 @@ import org.springframework.http.HttpMethod;
import
org.springframework.http.HttpStatus
;
import
org.springframework.http.ResponseEntity
;
import
org.springframework.security.authentication.InsufficientAuthenticationException
;
import
org.springframework.security.authentication.UsernamePasswordAuthenticationToken
;
import
org.springframework.security.core.Authentication
;
import
org.springframework.stereotype.Controller
;
import
org.springframework.util.StringUtils
;
...
...
@@ -98,9 +100,6 @@ public class TokenEndpoint extends AbstractEndpoint {
Object
principal
=
WebContext
.
getAuthentication
();
if
(
parameters
.
get
(
"code"
)
!=
null
)
{
principal
=
WebContext
.
getAuthentication
().
getPrincipal
();
}
if
(!(
principal
instanceof
Authentication
))
{
throw
new
InsufficientAuthenticationException
(
"There is no client authentication. Try adding an appropriate authentication filter."
);
...
...
@@ -174,6 +173,9 @@ public class TokenEndpoint extends AbstractEndpoint {
// Might be a client and user combined authentication
clientId
=
((
OAuth2Authentication
)
client
).
getOAuth2Request
().
getClientId
();
}
if
(
client
instanceof
UsernamePasswordAuthenticationToken
)
{
clientId
=
((
SigninPrincipal
)
client
.
getPrincipal
()).
getUsername
();
}
return
clientId
;
}
...
...
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpointAuthenticationFilter.java
浏览文件 @
06b27d35
...
...
@@ -33,7 +33,7 @@ import javax.servlet.http.HttpServletResponse;
import
org.apache.commons.logging.Log
;
import
org.apache.commons.logging.LogFactory
;
import
org.maxkey.authn.
BasicAuthentication
;
import
org.maxkey.authn.
SigninPrincipal
;
import
org.maxkey.authz.oauth2.common.util.OAuth2Utils
;
import
org.maxkey.authz.oauth2.provider.AuthorizationRequest
;
import
org.maxkey.authz.oauth2.provider.OAuth2Authentication
;
...
...
@@ -136,8 +136,7 @@ public class TokenEndpointAuthenticationFilter implements Filter {
usernamepassword
(
request
,
response
);
}
else
{
Authentication
authentication
=
ClientCredentials
(
request
,
response
);
BasicAuthentication
auth
=
new
BasicAuthentication
();
auth
.
setUsername
(((
User
)
authentication
.
getPrincipal
()).
getUsername
());
SigninPrincipal
auth
=
new
SigninPrincipal
((
User
)
authentication
.
getPrincipal
());
auth
.
setAuthenticated
(
true
);
UsernamePasswordAuthenticationToken
simpleUserAuthentication
=
new
UsernamePasswordAuthenticationToken
(
auth
,
authentication
.
getCredentials
(),
authentication
.
getAuthorities
());
WebContext
.
setAuthentication
(
simpleUserAuthentication
);
...
...
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/OAuthDefaultUserInfoAdapter.java
浏览文件 @
06b27d35
...
...
@@ -19,6 +19,7 @@ package org.maxkey.authz.oauth2.provider.userinfo.endpoint;
import
java.util.HashMap
;
import
org.maxkey.authn.SigninPrincipal
;
import
org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter
;
import
org.maxkey.domain.UserInfo
;
import
org.maxkey.util.JsonUtils
;
...
...
@@ -29,7 +30,7 @@ import org.springframework.web.servlet.ModelAndView;
public
class
OAuthDefaultUserInfoAdapter
extends
AbstractAuthorizeAdapter
{
@Override
public
String
generateInfo
(
UserInfo
userInfo
,
Object
app
)
{
public
String
generateInfo
(
SigninPrincipal
authentication
,
UserInfo
userInfo
,
Object
app
)
{
HashMap
<
String
,
Object
>
beanMap
=
new
HashMap
<
String
,
Object
>();
beanMap
.
put
(
"randomId"
,(
new
StringGenerator
()).
uuidGenerate
());
beanMap
.
put
(
"uid"
,
userInfo
.
getId
());
...
...
@@ -44,7 +45,7 @@ public class OAuthDefaultUserInfoAdapter extends AbstractAuthorizeAdapter {
beanMap
.
put
(
"title"
,
userInfo
.
getJobTitle
());
beanMap
.
put
(
"state"
,
userInfo
.
getWorkRegion
());
beanMap
.
put
(
"gender"
,
userInfo
.
getGender
());
beanMap
.
put
(
WebConstants
.
ONLINE_TICKET_NAME
,
userInfo
.
getOnlineTicket
().
getTicketId
());
beanMap
.
put
(
WebConstants
.
ONLINE_TICKET_NAME
,
authentication
.
getOnlineTicket
());
String
info
=
JsonUtils
.
object2Json
(
beanMap
);
...
...
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/UserInfoEndpoint.java
浏览文件 @
06b27d35
...
...
@@ -26,7 +26,7 @@ import java.util.UUID;
import
javax.servlet.http.HttpServletRequest
;
import
javax.servlet.http.HttpServletResponse
;
import
org.maxkey.authn.
BasicAuthentication
;
import
org.maxkey.authn.
SigninPrincipal
;
import
org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter
;
import
org.maxkey.authz.oauth2.common.exceptions.OAuth2Exception
;
import
org.maxkey.authz.oauth2.provider.ClientDetailsService
;
...
...
@@ -123,7 +123,7 @@ public class UserInfoEndpoint {
try
{
oAuth2Authentication
=
oauth20tokenServices
.
loadAuthentication
(
access_token
);
principal
=
oAuth2Authentication
.
getPrincipal
().
toString
();
principal
=
((
SigninPrincipal
)
oAuth2Authentication
.
getUserAuthentication
().
getPrincipal
()).
getUsername
();
String
client_id
=
oAuth2Authentication
.
getOAuth2Request
().
getClientId
();
UserInfo
userInfo
=
queryUserInfo
(
principal
);
...
...
@@ -135,9 +135,10 @@ public class UserInfoEndpoint {
}
else
{
adapter
=(
AbstractAuthorizeAdapter
)
defaultOAuthUserInfoAdapter
;
}
BasicAuthentication
authentication
=
(
BasicAuthentication
)
oAuth2Authentication
.
getUserAuthentication
();
userInfo
.
setOnlineTicket
(
authentication
.
getOnlineTicket
());
String
jsonData
=
adapter
.
generateInfo
(
userInfo
,
app
);
String
jsonData
=
adapter
.
generateInfo
(
(
SigninPrincipal
)
oAuth2Authentication
.
getUserAuthentication
().
getPrincipal
(),
userInfo
,
app
);
return
jsonData
;
}
catch
(
OAuth2Exception
e
){
HashMap
<
String
,
Object
>
authzException
=
new
HashMap
<
String
,
Object
>();
...
...
@@ -163,7 +164,7 @@ public class UserInfoEndpoint {
try
{
oAuth2Authentication
=
oauth20tokenServices
.
loadAuthentication
(
access_token
);
principal
=
oAuth2Authentication
.
getPrincipal
().
toString
();
principal
=
((
SigninPrincipal
)
oAuth2Authentication
.
getPrincipal
()).
getUsername
();
Set
<
String
>
scopes
=
oAuth2Authentication
.
getOAuth2Request
().
getScope
();
ClientDetails
clientDetails
=
clientDetailsService
.
loadClientByClientId
(
oAuth2Authentication
.
getOAuth2Request
().
getClientId
());
...
...
@@ -172,10 +173,10 @@ public class UserInfoEndpoint {
String
userJson
=
""
;
Builder
jwtClaimsSetBuilder
=
new
JWTClaimsSet
.
Builder
();
BasicAuthentication
authentication
=
(
BasicAuthentication
)
oAuth2Authentication
.
getUserAuthentication
();
SigninPrincipal
authentication
=
(
SigninPrincipal
)
oAuth2Authentication
.
getUserAuthentication
().
getPrincipal
();
jwtClaimsSetBuilder
.
claim
(
"sub"
,
userInfo
.
getId
());
jwtClaimsSetBuilder
.
claim
(
WebConstants
.
ONLINE_TICKET_NAME
,
authentication
.
getOnlineTicket
()
.
getTicketId
()
);
jwtClaimsSetBuilder
.
claim
(
WebConstants
.
ONLINE_TICKET_NAME
,
authentication
.
getOnlineTicket
());
if
(
scopes
.
contains
(
"profile"
)){
jwtClaimsSetBuilder
.
claim
(
"name"
,
userInfo
.
getUsername
());
...
...
maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/AssertionEndpoint.java
浏览文件 @
06b27d35
...
...
@@ -22,6 +22,7 @@ import java.util.HashMap;
import
javax.servlet.http.HttpServletRequest
;
import
javax.servlet.http.HttpServletResponse
;
import
org.maxkey.authn.SigninPrincipal
;
import
org.maxkey.authz.saml.common.AuthnRequestInfo
;
import
org.maxkey.authz.saml.common.EndpointGenerator
;
import
org.maxkey.authz.saml20.binding.BindingAdapter
;
...
...
@@ -72,8 +73,7 @@ public class AssertionEndpoint {
logger
.
debug
(
"AuthnRequestInfo: {}"
,
authnRequestInfo
);
HashMap
<
String
,
String
>
attributeMap
=
new
HashMap
<
String
,
String
>();
attributeMap
.
put
(
WebConstants
.
ONLINE_TICKET_NAME
,
WebContext
.
getUserInfo
().
getOnlineTicket
().
getTicketId
());
attributeMap
.
put
(
WebConstants
.
ONLINE_TICKET_NAME
,
((
SigninPrincipal
)
WebContext
.
getAuthentication
().
getPrincipal
()).
getOnlineTicket
());
//saml20Details
Response
authResponse
=
authnResponseGenerator
.
generateAuthnResponse
(
...
...
maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/TokenBasedAuthorizeEndpoint.java
浏览文件 @
06b27d35
...
...
@@ -24,6 +24,7 @@ import javax.servlet.http.Cookie;
import
javax.servlet.http.HttpServletRequest
;
import
javax.servlet.http.HttpServletResponse
;
import
org.maxkey.authn.SigninPrincipal
;
import
org.maxkey.authz.endpoint.AuthorizeBaseEndpoint
;
import
org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter
;
import
org.maxkey.authz.token.endpoint.adapter.TokenBasedDefaultAdapter
;
...
...
@@ -82,6 +83,7 @@ public class TokenBasedAuthorizeEndpoint extends AuthorizeBaseEndpoint{
}
String
tokenData
=
adapter
.
generateInfo
(
(
SigninPrincipal
)
WebContext
.
getAuthentication
().
getPrincipal
(),
WebContext
.
getUserInfo
(),
tokenBasedDetails
);
...
...
maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedDefaultAdapter.java
浏览文件 @
06b27d35
...
...
@@ -20,6 +20,7 @@ package org.maxkey.authz.token.endpoint.adapter;
import
java.util.Date
;
import
java.util.HashMap
;
import
org.maxkey.authn.SigninPrincipal
;
import
org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter
;
import
org.maxkey.domain.UserInfo
;
import
org.maxkey.domain.apps.AppsTokenBasedDetails
;
...
...
@@ -34,7 +35,7 @@ import org.springframework.web.servlet.ModelAndView;
public
class
TokenBasedDefaultAdapter
extends
AbstractAuthorizeAdapter
{
final
static
Logger
_logger
=
LoggerFactory
.
getLogger
(
TokenBasedDefaultAdapter
.
class
);
@Override
public
String
generateInfo
(
UserInfo
userInfo
,
Object
app
)
{
public
String
generateInfo
(
SigninPrincipal
authentication
,
UserInfo
userInfo
,
Object
app
)
{
AppsTokenBasedDetails
details
=(
AppsTokenBasedDetails
)
app
;
HashMap
<
String
,
String
>
beanMap
=
new
HashMap
<
String
,
String
>();
...
...
@@ -71,7 +72,7 @@ public class TokenBasedDefaultAdapter extends AbstractAuthorizeAdapter {
}
beanMap
.
put
(
"displayName"
,
userInfo
.
getDisplayName
());
beanMap
.
put
(
WebConstants
.
ONLINE_TICKET_NAME
,
userInfo
.
getOnlineTicket
().
getTicketId
());
beanMap
.
put
(
WebConstants
.
ONLINE_TICKET_NAME
,
authentication
.
getOnlineTicket
());
/*
* use UTC date time format
...
...
maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedJWTAdapter.java
浏览文件 @
06b27d35
...
...
@@ -22,6 +22,7 @@ import java.util.Date;
import
java.util.UUID
;
import
org.joda.time.DateTime
;
import
org.maxkey.authn.SigninPrincipal
;
import
org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter
;
import
org.maxkey.configuration.oidc.OIDCProviderMetadata
;
import
org.maxkey.crypto.jwt.signer.service.JwtSigningAndValidationService
;
...
...
@@ -44,7 +45,7 @@ import com.nimbusds.jwt.SignedJWT;
public
class
TokenBasedJWTAdapter
extends
AbstractAuthorizeAdapter
{
final
static
Logger
_logger
=
LoggerFactory
.
getLogger
(
TokenBasedJWTAdapter
.
class
);
@Override
public
String
generateInfo
(
UserInfo
userInfo
,
Object
app
)
{
public
String
generateInfo
(
SigninPrincipal
authentication
,
UserInfo
userInfo
,
Object
app
)
{
AppsTokenBasedDetails
details
=(
AppsTokenBasedDetails
)
app
;
...
...
@@ -68,7 +69,7 @@ public class TokenBasedJWTAdapter extends AbstractAuthorizeAdapter {
.
claim
(
"user_id"
,
userInfo
.
getId
())
.
claim
(
"external_id"
,
userInfo
.
getId
())
.
claim
(
"locale"
,
userInfo
.
getLocale
())
.
claim
(
WebConstants
.
ONLINE_TICKET_NAME
,
userInfo
.
getOnlineTicket
().
getTicketId
())
.
claim
(
WebConstants
.
ONLINE_TICKET_NAME
,
authentication
.
getOnlineTicket
())
.
claim
(
"kid"
,
jwtSignerService
.
getDefaultSignerKeyId
())
.
build
();
...
...
maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedJWTHS256Adapter.java
浏览文件 @
06b27d35
...
...
@@ -22,6 +22,7 @@ import java.util.Date;
import
java.util.UUID
;
import
org.joda.time.DateTime
;
import
org.maxkey.authn.SigninPrincipal
;
import
org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter
;
import
org.maxkey.configuration.oidc.OIDCProviderMetadata
;
import
org.maxkey.crypto.ReciprocalUtils
;
...
...
@@ -48,7 +49,7 @@ public class TokenBasedJWTHS256Adapter extends AbstractAuthorizeAdapter {
private
SymmetricSigningAndValidationServiceBuilder
symmetricJwtSignerServiceBuilder
=
new
SymmetricSigningAndValidationServiceBuilder
();
@Override
public
String
generateInfo
(
UserInfo
userInfo
,
Object
app
)
{
public
String
generateInfo
(
SigninPrincipal
authentication
,
UserInfo
userInfo
,
Object
app
)
{
AppsTokenBasedDetails
details
=(
AppsTokenBasedDetails
)
app
;
OIDCProviderMetadata
providerMetadata
=
(
OIDCProviderMetadata
)
WebContext
.
getBean
(
"oidcProviderMetadata"
);
...
...
@@ -68,7 +69,7 @@ public class TokenBasedJWTHS256Adapter extends AbstractAuthorizeAdapter {
.
claim
(
"email"
,
userInfo
.
getWorkEmail
())
.
claim
(
"name"
,
userInfo
.
getUsername
())
.
claim
(
"user_id"
,
userInfo
.
getId
())
.
claim
(
WebConstants
.
ONLINE_TICKET_NAME
,
userInfo
.
getOnlineTicket
().
getTicketId
())
.
claim
(
WebConstants
.
ONLINE_TICKET_NAME
,
authentication
.
getOnlineTicket
())
.
claim
(
"external_id"
,
userInfo
.
getId
())
.
claim
(
"locale"
,
userInfo
.
getLocale
())
.
claim
(
"kid"
,
"SYMMETRIC-KEY"
)
...
...
maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedSimpleAdapter.java
浏览文件 @
06b27d35
...
...
@@ -19,6 +19,7 @@ package org.maxkey.authz.token.endpoint.adapter;
import
java.util.Date
;
import
org.maxkey.authn.SigninPrincipal
;
import
org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter
;
import
org.maxkey.domain.UserInfo
;
import
org.maxkey.domain.apps.AppsTokenBasedDetails
;
...
...
@@ -30,7 +31,7 @@ import org.springframework.web.servlet.ModelAndView;
public
class
TokenBasedSimpleAdapter
extends
AbstractAuthorizeAdapter
{
final
static
Logger
_logger
=
LoggerFactory
.
getLogger
(
TokenBasedSimpleAdapter
.
class
);
@Override
public
String
generateInfo
(
UserInfo
userInfo
,
Object
app
)
{
public
String
generateInfo
(
SigninPrincipal
authentication
,
UserInfo
userInfo
,
Object
app
)
{
AppsTokenBasedDetails
details
=(
AppsTokenBasedDetails
)
app
;
String
tokenUsername
=
userInfo
.
getUsername
();
...
...
maxkey-web-manage/src/main/java/org/maxkey/web/endpoint/LoginEndpoint.java
浏览文件 @
06b27d35
...
...
@@ -21,7 +21,7 @@ import javax.servlet.http.HttpServletRequest;
import
javax.servlet.http.HttpServletResponse
;
import
org.maxkey.authn.AbstractAuthenticationProvider
;
import
org.maxkey.authn.
BasicAuthentication
;
import
org.maxkey.authn.
LoginCredential
;
import
org.maxkey.authn.support.jwt.JwtLoginService
;
import
org.maxkey.authn.support.rememberme.AbstractRemeberMeService
;
import
org.maxkey.configuration.ApplicationConfig
;
...
...
@@ -110,12 +110,12 @@ public class LoginEndpoint {
}
@RequestMapping
(
value
={
"/logon.do"
})
public
ModelAndView
logon
(
@ModelAttribute
(
"
authentication"
)
BasicAuthentication
authentication
)
{
public
ModelAndView
logon
(
@ModelAttribute
(
"
loginCredential"
)
LoginCredential
loginCredential
)
{
if
(
WebContext
.
isAuthenticated
()){
return
WebContext
.
redirect
(
"/main"
);
}
else
{
authenticationProvider
.
authenticate
(
authentication
);
authenticationProvider
.
authenticate
(
loginCredential
);
return
WebContext
.
redirect
(
"/login"
);
}
}
...
...
maxkey-web-manage/src/main/java/org/maxkey/web/interceptor/PermissionAdapter.java
浏览文件 @
06b27d35
...
...
@@ -23,7 +23,7 @@ import javax.servlet.RequestDispatcher;
import
javax.servlet.http.HttpServletRequest
;
import
javax.servlet.http.HttpServletResponse
;
import
org.maxkey.authn.
BasicAuthentication
;
import
org.maxkey.authn.
SigninPrincipal
;
import
org.maxkey.configuration.ApplicationConfig
;
import
org.maxkey.web.WebContext
;
import
org.slf4j.Logger
;
...
...
@@ -68,7 +68,7 @@ public class PermissionAdapter extends HandlerInterceptorAdapter {
}
//非管理员用户直接注销
if
(!((
BasicAuthentication
)
WebContext
.
getAuthentication
().
getPrincipal
()).
isRoleAdministrators
())
{
if
(!((
SigninPrincipal
)
WebContext
.
getAuthentication
().
getPrincipal
()).
isRoleAdministrators
())
{
_logger
.
debug
(
"Not ADMINISTRATORS Authentication ."
);
RequestDispatcher
dispatcher
=
request
.
getRequestDispatcher
(
"/logout"
);
dispatcher
.
forward
(
request
,
response
);
...
...
maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/AppListController.java
浏览文件 @
06b27d35
...
...
@@ -17,6 +17,7 @@
package
org.maxkey.web.contorller
;
import
java.security.Principal
;
import
java.util.List
;
import
org.maxkey.constants.ConstantsOperateMessage
;
import
org.maxkey.constants.ConstantsProtocols
;
...
...
@@ -67,7 +68,7 @@ public class AppListController {
*/
@RequestMapping
(
value
=
{
"/appList"
})
public
ModelAndView
appList
(
@RequestParam
(
value
=
"gridList"
,
required
=
false
)
String
gridList
)
{
@RequestParam
(
value
=
"gridList"
,
required
=
false
)
String
gridList
,
Principal
principal
)
{
ModelAndView
modelAndView
=
new
ModelAndView
(
"main/appList"
);
userInfoService
.
updateGridList
(
gridList
);
modelAndView
.
addObject
(
"appList"
,
queryAccessableApps
());
...
...
maxkey-web-maxkey/src/main/java/org/maxkey/web/endpoint/LoginEndpoint.java
浏览文件 @
06b27d35
...
...
@@ -25,13 +25,12 @@ import javax.servlet.http.HttpServletRequest;
import
javax.servlet.http.HttpServletResponse
;
import
org.maxkey.authn.AbstractAuthenticationProvider
;
import
org.maxkey.authn.
BasicAuthentication
;
import
org.maxkey.authn.
LoginCredential
;
import
org.maxkey.authn.support.kerberos.KerberosService
;
import
org.maxkey.authn.support.rememberme.AbstractRemeberMeService
;
import
org.maxkey.authn.support.socialsignon.service.SocialSignOnProviderService
;
import
org.maxkey.authn.support.wsfederation.WsFederationConstants
;
import
org.maxkey.configuration.ApplicationConfig
;
import
org.maxkey.constants.ConstantsOperateMessage
;
import
org.maxkey.constants.ConstantsStatus
;
import
org.maxkey.crypto.password.opt.AbstractOptAuthn
;
import
org.maxkey.domain.UserInfo
;
...
...
@@ -185,9 +184,9 @@ public class LoginEndpoint {
public
ModelAndView
logon
(
HttpServletRequest
request
,
HttpServletResponse
response
,
@ModelAttribute
(
"
authentication"
)
BasicAuthentication
authentication
)
throws
ServletException
,
IOException
{
@ModelAttribute
(
"
loginCredential"
)
LoginCredential
loginCredential
)
throws
ServletException
,
IOException
{
authenticationProvider
.
authenticate
(
authentication
);
authenticationProvider
.
authenticate
(
loginCredential
);
if
(
WebContext
.
isAuthenticated
())
{
return
WebContext
.
redirect
(
"/forwardindex"
);
...
...
maxkey-web-maxkey/src/main/resources/application.properties
浏览文件 @
06b27d35
...
...
@@ -3,25 +3,28 @@
application.title
=
MaxKey
application.name
=
MaxKey
application.formatted-version
=
v2.3.0 GA
#server config
#spring.profiles.active=dev
#server port
#server.port=80
server.port
=
443
#ssl
server.ssl.key-store
=
maxkeyserver.keystore
server.ssl.key-alias
=
maxkey
server.ssl.enabled
=
true
server.ssl.key-store-password
=
maxkey
server.ssl.key-store-type
=
JKS
#web app context path
server.servlet.context-path
=
/maxkey
spring.servlet.multipart.enabled
=
true
spring.servlet.multipart.max-file-size
=
4194304
#encoding
#server.servlet.encoding.charset=UTF-8
#server.servlet.encoding.enabled=true
#server.servlet.encoding.force=true
#datasource
spring.datasource.username
=
root
spring.datasource.password
=
maxkey
...
...
@@ -32,6 +35,7 @@ spring.datasource.type=com.alibaba.druid.pool.DruidDataSource
mybatis.type-aliases-package
=
org.maxkey.domain,org.maxkey.domain.apps,
mybatis.mapper-locations
=
classpath*:/org/maxkey/persistence/mapper/xml/mysql/*.xml
mybatis.table-column-escape
=
true
#redis
spring.redis.host
=
127.0.0.1
spring.redis.port
=
6379
...
...
@@ -53,6 +57,7 @@ spring.mail.properties.ssl=true
spring.mail.properties.sender
=
maxkey@163.com
spring.mail.properties.mailotp.message.subject
=
MaxKey One Time PassWord
spring.mail.properties.mailotp.message.template
=
{0} You Token is {1} , it validity in {2} minutes.
#for freemarker
spring.freemarker.template-loader-path
=
classpath:/templates/views
spring.freemarker.cache
=
false
...
...
@@ -63,10 +68,12 @@ spring.freemarker.expose-request-attributes=false
spring.freemarker.expose-session-attributes
=
false
spring.freemarker.request-context-attribute
=
request
spring.freemarker.suffix
=
.ftl
#static resources
spring.mvc.static-path-pattern
=
/static/**
spring.messages.basename
=
classpath:messages/message
spring.messages.encoding
=
UTF-8
#main
spring.main.banner-mode
=
log
spring.main.allow-bean-definition-overriding
=
true
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录