diff --git a/maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java b/maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java index 0aee2490dcbcff4b7b4b2ccc404426b27657a0fb..6fbfec88ec4fd9dbed582bfccd643beab480de52 100644 --- a/maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java +++ b/maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java @@ -18,7 +18,6 @@ package org.maxkey.authn; import java.util.ArrayList; - import org.maxkey.authn.online.OnlineTicketServices; import org.maxkey.authn.realm.AbstractAuthenticationRealm; import org.maxkey.authn.support.rememberme.AbstractRemeberMeService; @@ -39,7 +38,6 @@ import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.authority.SimpleGrantedAuthority; - /** * login Authentication abstract class. * @@ -78,9 +76,9 @@ public abstract class AbstractAuthenticationProvider { protected abstract String getProviderName(); - protected abstract Authentication doInternalAuthenticate(Authentication authentication); + protected abstract Authentication doInternalAuthenticate(LoginCredential authentication); - public abstract Authentication basicAuthenticate(Authentication authentication) ; + public abstract Authentication basicAuthenticate(LoginCredential authentication) ; public abstract Authentication trustAuthentication( String username, @@ -98,17 +96,18 @@ public abstract class AbstractAuthenticationProvider { * authenticate . * */ - public Authentication authenticate(Authentication authentication) + public Authentication authenticate(LoginCredential loginCredential) throws AuthenticationException { _logger.debug("Trying to authenticate user '{}' via {}", - authentication.getPrincipal(), getProviderName()); - + loginCredential.getPrincipal(), getProviderName()); + Authentication authentication = null; try { - authentication = doInternalAuthenticate(authentication); + authentication = doInternalAuthenticate(loginCredential); } catch (AuthenticationException e) { _logger.error("Failed to authenticate user {} via {}: {}", - new Object[] { - authentication.getPrincipal(), getProviderName(), e.getMessage() }); + new Object[] { loginCredential.getPrincipal(), + getProviderName(), + e.getMessage() }); WebContext.setAttribute( WebConstants.LOGIN_ERROR_SESSION_MESSAGE, e.getMessage()); } catch (Exception e) { @@ -131,7 +130,7 @@ public abstract class AbstractAuthenticationProvider { final Object firstSavedRequest = WebContext.getAttribute(WebConstants.FIRST_SAVED_REQUEST_PARAMETER); - + //change Session WebContext.getSession().invalidate(); WebContext.setAttribute( WebConstants.CURRENT_USER_SESSION_ID, WebContext.getSession().getId()); @@ -147,14 +146,7 @@ public abstract class AbstractAuthenticationProvider { WebContext.getSession().setAttribute( WebConstants.CURRENT_LOGIN_USER_PASSWORD_SET_TYPE, passwordSetType); - // create new authentication response containing the user and it's authorities - UsernamePasswordAuthenticationToken simpleUserAuthentication = - new UsernamePasswordAuthenticationToken( - userInfo.getUsername(), - authentication.getCredentials(), - authentication.getAuthorities() - ); - return simpleUserAuthentication; + return authentication; } /** diff --git a/maxkey-core/src/main/java/org/maxkey/authn/BasicAuthentication.java b/maxkey-core/src/main/java/org/maxkey/authn/LoginCredential.java similarity index 78% rename from maxkey-core/src/main/java/org/maxkey/authn/BasicAuthentication.java rename to maxkey-core/src/main/java/org/maxkey/authn/LoginCredential.java index 8de5cc9e2e3d22c347ee4dc802e0d5cdee524316..87dee73cbd49321e4587a5855aa4cdb12a06dc2e 100644 --- a/maxkey-core/src/main/java/org/maxkey/authn/BasicAuthentication.java +++ b/maxkey-core/src/main/java/org/maxkey/authn/LoginCredential.java @@ -1,32 +1,17 @@ -/* - * Copyright [2020] [MaxKey of copyright http://www.maxkey.top] - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - - package org.maxkey.authn; import java.util.ArrayList; import java.util.Collection; -import org.maxkey.authn.online.OnlineTicket; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; - -public class BasicAuthentication implements Authentication { - private static final long serialVersionUID = -110742975439268030L; +public class LoginCredential implements Authentication { + + /** + * + */ + private static final long serialVersionUID = 3125709257481600320L; String username; String password; String sessionId; @@ -35,7 +20,7 @@ public class BasicAuthentication implements Authentication { String remeberMe; String authType; String jwtToken; - OnlineTicket onlineTicket; + String onlineTicket; ArrayList grantedAuthority; boolean authenticated; boolean roleAdministrators; @@ -43,20 +28,21 @@ public class BasicAuthentication implements Authentication { /** * BasicAuthentication. */ - public BasicAuthentication() { + public LoginCredential() { } /** * BasicAuthentication. */ - public BasicAuthentication(String username,String password,String authType) { + public LoginCredential(String username,String password,String authType) { this.username = username; this.password = password; this.authType = authType; } + @Override public String getName() { - return "Basic Authentication"; + return "Login Credential"; } @Override @@ -163,11 +149,11 @@ public class BasicAuthentication implements Authentication { this.grantedAuthority = grantedAuthority; } - public OnlineTicket getOnlineTicket() { + public String getOnlineTicket() { return onlineTicket; } - public void setOnlineTicket(OnlineTicket onlineTicket) { + public void setOnlineTicket(String onlineTicket) { this.onlineTicket = onlineTicket; } diff --git a/maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java b/maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java index 8440ed3a35362a1519c02dde7f44fefd2f4de76f..a909b21b0ded6065160f226850ecdfcbd63529a3 100644 --- a/maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java +++ b/maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java @@ -49,41 +49,40 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider } @Override - protected Authentication doInternalAuthenticate(Authentication authentication) { - BasicAuthentication auth = (BasicAuthentication)authentication; + protected Authentication doInternalAuthenticate(LoginCredential loginCredential) { - _logger.debug("authentication " + auth); + _logger.debug("authentication " + loginCredential); - sessionValid(auth.getSessionId()); + sessionValid(loginCredential.getSessionId()); //jwtTokenValid(j_jwtToken); - authTypeValid(auth.getAuthType()); + authTypeValid(loginCredential.getAuthType()); - captchaValid(auth.getCaptcha(),auth.getAuthType()); + captchaValid(loginCredential.getCaptcha(),loginCredential.getAuthType()); - emptyPasswordValid(auth.getPassword()); + emptyPasswordValid(loginCredential.getPassword()); UserInfo userInfo = null; - emptyUsernameValid(auth.getUsername()); + emptyUsernameValid(loginCredential.getUsername()); - userInfo = loadUserInfo(auth.getUsername(),auth.getPassword()); + userInfo = loadUserInfo(loginCredential.getUsername(),loginCredential.getPassword()); - userinfoValid(userInfo, auth.getPassword()); + userinfoValid(userInfo, loginCredential.getPassword()); - tftcaptchaValid(auth.getOtpCaptcha(),auth.getAuthType(),userInfo); + tftcaptchaValid(loginCredential.getOtpCaptcha(),loginCredential.getAuthType(),userInfo); authenticationRealm.getPasswordPolicyValidator().passwordPolicyValid(userInfo); - authenticationRealm.passwordMatches(userInfo, auth.getPassword()); + authenticationRealm.passwordMatches(userInfo, loginCredential.getPassword()); - UsernamePasswordAuthenticationToken authenticationToken = setOnline(auth,userInfo); + UsernamePasswordAuthenticationToken authenticationToken = setOnline(loginCredential,userInfo); //RemeberMe Config check then set RemeberMe cookies if (applicationConfig.getLoginConfig().isRemeberMe()) { - if (auth.getRemeberMe() != null && auth.getRemeberMe().equals("remeberMe")) { + if (loginCredential.getRemeberMe() != null && loginCredential.getRemeberMe().equals("remeberMe")) { WebContext.getSession().setAttribute( - WebConstants.REMEBER_ME_SESSION,auth.getUsername()); + WebConstants.REMEBER_ME_SESSION,loginCredential.getUsername()); _logger.debug("do Remeber Me"); remeberMeService.createRemeberMe( userInfo.getUsername(), @@ -98,20 +97,19 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider } @Override - public Authentication basicAuthenticate(Authentication authentication) { - BasicAuthentication auth = (BasicAuthentication) authentication; - UserInfo loadeduserInfo = loadUserInfo(auth.getUsername(), ""); + public Authentication basicAuthenticate(LoginCredential loginCredential) { + UserInfo loadeduserInfo = loadUserInfo(loginCredential.getUsername(), ""); if (loadeduserInfo != null) { - authenticationRealm.passwordMatches(loadeduserInfo, auth.getPassword()); + authenticationRealm.passwordMatches(loadeduserInfo, loginCredential.getPassword()); authenticationRealm.getPasswordPolicyValidator().passwordPolicyValid(loadeduserInfo); - authenticationRealm.insertLoginHistory(loadeduserInfo, auth.getAuthType(), "", "", "SUCCESS"); + authenticationRealm.insertLoginHistory(loadeduserInfo, loginCredential.getAuthType(), "", "", "SUCCESS"); - return setOnline(auth,loadeduserInfo); + return setOnline(loginCredential,loadeduserInfo); }else { String message = WebContext.getI18nValue("login.error.username"); - _logger.debug("login user " + auth.getUsername() + " not in this System ." + message); + _logger.debug("login user " + loginCredential.getUsername() + " not in this System ." + message); throw new BadCredentialsException(WebContext.getI18nValue("login.error.username")); } } @@ -133,12 +131,12 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider String message) { UserInfo loadeduserInfo = loadUserInfo(username, ""); if (loadeduserInfo != null) { - BasicAuthentication auth = new BasicAuthentication(); - auth.setUsername(loadeduserInfo.getUsername()); + LoginCredential loginCredential = new LoginCredential(); + loginCredential.setUsername(loadeduserInfo.getUsername()); authenticationRealm.insertLoginHistory(loadeduserInfo, type, provider, code, message); - return setOnline(auth,loadeduserInfo); + return setOnline(loginCredential,loadeduserInfo); }else { String i18nMessage = WebContext.getI18nValue("login.error.username"); _logger.debug("login user " + username + " not in this System ." + i18nMessage); @@ -146,7 +144,7 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider } } - public UsernamePasswordAuthenticationToken setOnline(BasicAuthentication authentication,UserInfo userInfo) { + public UsernamePasswordAuthenticationToken setOnline(LoginCredential credential,UserInfo userInfo) { //Online Tickit Id String onlineTickitId = WebConstants.ONLINE_TICKET_PREFIX + "-" + java.util.UUID.randomUUID().toString().toLowerCase(); _logger.debug("set online Tickit Cookie " + onlineTickitId + " on domain "+ this.applicationConfig.getBaseDomainName()); @@ -157,27 +155,26 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider onlineTickitId, 0); + SigninPrincipal signinPrincipal = new SigninPrincipal(userInfo); //set OnlineTicket - OnlineTicket onlineTicket = new OnlineTicket(onlineTickitId,authentication); - this.onlineTicketServices.store(onlineTickitId, onlineTicket); - authentication.setOnlineTicket(onlineTicket); + signinPrincipal.setOnlineTicket(onlineTickitId); ArrayList grantedAuthoritys = authenticationRealm.grantAuthority(userInfo); //set default roles grantedAuthoritys.add(new SimpleGrantedAuthority("ROLE_USER")); grantedAuthoritys.add(new SimpleGrantedAuthority("ROLE_ORDINARY_USER")); - authentication.setAuthenticated(true); + signinPrincipal.setAuthenticated(true); for(GrantedAuthority administratorsAuthority : grantedAdministratorsAuthoritys) { if(grantedAuthoritys.contains(administratorsAuthority)) { - authentication.setRoleAdministrators(true); + signinPrincipal.setRoleAdministrators(true); _logger.trace("ROLE ADMINISTRATORS Authentication ."); } } UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken( - authentication, + signinPrincipal, "PASSWORD", grantedAuthoritys ); @@ -185,12 +182,13 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider authenticationToken.setDetails( new WebAuthenticationDetails(WebContext.getRequest())); + OnlineTicket onlineTicket = new OnlineTicket(onlineTickitId,authenticationToken); + this.onlineTicketServices.store(onlineTickitId, onlineTicket); /* * put userInfo to current session context */ WebContext.setAuthentication(authenticationToken); - userInfo.setOnlineTicket(onlineTicket); WebContext.setUserInfo(userInfo); return authenticationToken; diff --git a/maxkey-core/src/main/java/org/maxkey/authn/SigninPrincipal.java b/maxkey-core/src/main/java/org/maxkey/authn/SigninPrincipal.java new file mode 100644 index 0000000000000000000000000000000000000000..7666a0596ed8464b5c0afd89405ff380488561c7 --- /dev/null +++ b/maxkey-core/src/main/java/org/maxkey/authn/SigninPrincipal.java @@ -0,0 +1,172 @@ +/* + * Copyright [2020] [MaxKey of copyright http://www.maxkey.top] + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +package org.maxkey.authn; + +import java.util.ArrayList; +import java.util.Collection; + +import org.maxkey.domain.UserInfo; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.userdetails.UserDetails; + + +public class SigninPrincipal implements UserDetails { + private static final long serialVersionUID = -110742975439268030L; + UserInfo userInfo; + + UserDetails userDetails; + + String onlineTicket; + ArrayList grantedAuthority; + boolean authenticated; + boolean roleAdministrators; + + /** + * SigninPrincipal. + */ + public SigninPrincipal() { + } + + /** + * SigninPrincipal. + */ + public SigninPrincipal(UserInfo userInfo) { + this.userInfo = userInfo; + this.authenticated = true; + } + + /** + * SigninPrincipal. + */ + public SigninPrincipal(UserDetails userDetails) { + this.userDetails = userDetails; + this.authenticated = true; + } + + public UserInfo getUserInfo() { + return userInfo; + } + + public void setUserInfo(UserInfo userInfo) { + this.userInfo = userInfo; + } + + public boolean isAuthenticated() { + return authenticated; + } + + public void setAuthenticated(boolean authenticated) { + this.authenticated = authenticated; + } + + @Override + public Collection getAuthorities() { + return grantedAuthority; + } + + public ArrayList getGrantedAuthority() { + return grantedAuthority; + } + + public UserDetails getUserDetails() { + return userDetails; + } + + public void setUserDetails(UserDetails userDetails) { + this.userDetails = userDetails; + } + + public void setGrantedAuthority(ArrayList grantedAuthority) { + this.grantedAuthority = grantedAuthority; + } + + public String getOnlineTicket() { + return onlineTicket; + } + + public void setOnlineTicket(String onlineTicket) { + this.onlineTicket = onlineTicket; + } + + public boolean isRoleAdministrators() { + return roleAdministrators; + } + + public void setRoleAdministrators(boolean roleAdministrators) { + this.roleAdministrators = roleAdministrators; + } + + + @Override + public boolean isAccountNonExpired() { + return false; + } + + @Override + public boolean isAccountNonLocked() { + return false; + } + + @Override + public boolean isCredentialsNonExpired() { + return false; + } + + @Override + public boolean isEnabled() { + return false; + } + + @Override + public String getUsername() { + if(this.userInfo != null) { + return this.userInfo.getUsername(); + }else { + return this.userDetails.getUsername(); + } + } + + @Override + public String getPassword() { + if(this.userInfo != null) { + return this.userInfo.getPassword(); + }else { + return this.userDetails.getPassword(); + } + } + + @Override + public String toString() { + StringBuilder builder = new StringBuilder(); + builder.append("SigninPrincipal [userInfo="); + builder.append(userInfo); + builder.append(", onlineTicket="); + builder.append(onlineTicket); + builder.append(", grantedAuthority="); + builder.append(grantedAuthority); + builder.append(", authenticated="); + builder.append(authenticated); + builder.append(", roleAdministrators="); + builder.append(roleAdministrators); + builder.append("]"); + return builder.toString(); + } + + + +} diff --git a/maxkey-core/src/main/java/org/maxkey/autoconfigure/MvcAutoConfiguration.java b/maxkey-core/src/main/java/org/maxkey/autoconfigure/MvcAutoConfiguration.java index d30ae939fb0620710a9d5658cf3ba5b7516b2ae0..63313f4cf9cf4aedfa727ca62dacd4c02dbf4c14 100644 --- a/maxkey-core/src/main/java/org/maxkey/autoconfigure/MvcAutoConfiguration.java +++ b/maxkey-core/src/main/java/org/maxkey/autoconfigure/MvcAutoConfiguration.java @@ -20,6 +20,9 @@ package org.maxkey.autoconfigure; import java.nio.charset.Charset; import java.util.ArrayList; import java.util.List; + +import javax.servlet.Filter; + import org.maxkey.constants.ConstantsProperties; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -28,6 +31,7 @@ import org.springframework.beans.factory.annotation.Value; import org.springframework.boot.web.server.ConfigurableWebServerFactory; import org.springframework.boot.web.server.ErrorPage; import org.springframework.boot.web.server.WebServerFactoryCustomizer; +import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.PropertySource; @@ -39,7 +43,9 @@ import org.springframework.http.converter.StringHttpMessageConverter; import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter; import org.springframework.http.converter.xml.MarshallingHttpMessageConverter; import org.springframework.oxm.jaxb.Jaxb2Marshaller; +import org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter; import org.springframework.web.client.RestTemplate; +import org.springframework.web.filter.DelegatingFilterProxy; import org.springframework.web.multipart.commons.CommonsMultipartResolver; import org.springframework.web.servlet.i18n.CookieLocaleResolver; import org.springframework.web.servlet.i18n.LocaleChangeInterceptor; @@ -244,6 +250,25 @@ public class MvcAutoConfiguration implements InitializingBean { }; } + @Bean + public SecurityContextHolderAwareRequestFilter securityContextHolderAwareRequestFilter() { + _logger.debug("securityContextHolderAwareRequestFilter init "); + return new SecurityContextHolderAwareRequestFilter(); + } + + @Bean + public FilterRegistrationBean delegatingFilterProxy() { + _logger.debug("delegatingFilterProxy init for /* "); + FilterRegistrationBean registrationBean = new FilterRegistrationBean(); + registrationBean.setFilter(new DelegatingFilterProxy("securityContextHolderAwareRequestFilter")); + registrationBean.addUrlPatterns("/*"); + //registrationBean. + registrationBean.setName("delegatingFilterProxy"); + registrationBean.setOrder(1); + + return registrationBean; + } + @Override public void afterPropertiesSet() throws Exception { // TODO Auto-generated method stub diff --git a/maxkey-core/src/main/java/org/maxkey/domain/UserInfo.java b/maxkey-core/src/main/java/org/maxkey/domain/UserInfo.java index 40fbfe4ebe6f5829eb9470a942b4f8a6a2e37705..94b3ca4b28758a959c7844332d90a28142dc73ec 100644 --- a/maxkey-core/src/main/java/org/maxkey/domain/UserInfo.java +++ b/maxkey-core/src/main/java/org/maxkey/domain/UserInfo.java @@ -26,7 +26,6 @@ import javax.persistence.GenerationType; import javax.persistence.Id; import javax.persistence.Table; import org.apache.mybatis.jpa.persistence.JpaBaseDomain; -import org.maxkey.authn.online.OnlineTicket; import org.maxkey.util.StringUtils; import org.springframework.web.multipart.MultipartFile; @@ -230,8 +229,6 @@ public class UserInfo extends JpaBaseDomain { protected HashMap extraAttributeMap; protected int online; - - OnlineTicket onlineTicket; protected String ldapDn; @@ -1165,14 +1162,6 @@ public class UserInfo extends JpaBaseDomain { this.createdBy = createdBy; } - public OnlineTicket getOnlineTicket() { - return onlineTicket; - } - - public void setOnlineTicket(OnlineTicket onlineTicket) { - this.onlineTicket = onlineTicket; - } - /** * @return the createdDate */ diff --git a/maxkey-core/src/main/java/org/maxkey/domain/apps/Apps.java b/maxkey-core/src/main/java/org/maxkey/domain/apps/Apps.java index 7ac4affc88e3e83c6ec3e0851d75e6050a3fcb3d..cc6a8955265a6a0f041fe8eb1907e02a4ab3dfe8 100644 --- a/maxkey-core/src/main/java/org/maxkey/domain/apps/Apps.java +++ b/maxkey-core/src/main/java/org/maxkey/domain/apps/Apps.java @@ -153,6 +153,8 @@ public class Apps extends JpaBaseDomain implements Serializable { protected String loginDateTime; + protected String onlineTicket; + public Apps() { super(); isSignature = Boolean.FALSE; @@ -549,6 +551,14 @@ public class Apps extends JpaBaseDomain implements Serializable { this.loginDateTime = loginDateTime; } + public String getOnlineTicket() { + return onlineTicket; + } + + public void setOnlineTicket(String onlineTicket) { + this.onlineTicket = onlineTicket; + } + @Override public String toString() { StringBuilder builder = new StringBuilder(); diff --git a/maxkey-core/src/main/java/org/maxkey/web/InitializeContext.java b/maxkey-core/src/main/java/org/maxkey/web/InitializeContext.java index 1fdadb13f7015c649bd4126016e3d8b80732cbc9..7b6bd45a49c248cad9231c905013c4338303e42c 100644 --- a/maxkey-core/src/main/java/org/maxkey/web/InitializeContext.java +++ b/maxkey-core/src/main/java/org/maxkey/web/InitializeContext.java @@ -36,6 +36,7 @@ import org.springframework.beans.BeansException; import org.springframework.context.ApplicationContext; import org.springframework.context.ConfigurableApplicationContext; import org.springframework.context.support.PropertySourcesPlaceholderConfigurer; +import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.web.context.support.WebApplicationContextUtils; /** @@ -57,7 +58,10 @@ public class InitializeContext extends HttpServlet { @Override public void init(ServletConfig config) throws ServletException { super.init(config); - + + _logger.info("SecurityContextHolder StrategyName " + SessionSecurityContextHolderStrategy.class.getCanonicalName()); + SecurityContextHolder.setStrategyName(SessionSecurityContextHolderStrategy.class.getCanonicalName()); + // List Environment Variables listEnvVars(); diff --git a/maxkey-core/src/main/java/org/maxkey/web/SessionSecurityContextHolderStrategy.java b/maxkey-core/src/main/java/org/maxkey/web/SessionSecurityContextHolderStrategy.java new file mode 100644 index 0000000000000000000000000000000000000000..6fe41ecc9b90bdd773ca375a02ea6bb9f3185f99 --- /dev/null +++ b/maxkey-core/src/main/java/org/maxkey/web/SessionSecurityContextHolderStrategy.java @@ -0,0 +1,51 @@ +package org.maxkey.web; + +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.context.SecurityContext; +import org.springframework.security.core.context.SecurityContextHolderStrategy; +import org.springframework.security.core.context.SecurityContextImpl; + +/** + * SecurityContext Session for Request , use SecurityContextHolderAwareRequestFilter + * @author Crystal.Sea + * + */ +public class SessionSecurityContextHolderStrategy implements SecurityContextHolderStrategy { + private static final Logger _logger = + LoggerFactory.getLogger(SessionSecurityContextHolderStrategy.class); + + @Override + public void clearContext() { + WebContext.removeAttribute(WebConstants.AUTHENTICATION); + } + + @Override + public SecurityContext getContext() { + SecurityContext ctx = createEmptyContext(); + Authentication authentication = null; + try { + authentication = (Authentication)WebContext.getAuthentication(); + if (authentication != null) { + ctx.setAuthentication(authentication); + } + }catch(Exception e) { + _logger.trace("a session ", e); + } + + + return ctx; + } + + @Override + public void setContext(SecurityContext context) { + WebContext.setAuthentication(context.getAuthentication()); + } + + @Override + public SecurityContext createEmptyContext() { + return new SecurityContextImpl(); + } + +} diff --git a/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/adapter/AbstractAuthorizeAdapter.java b/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/adapter/AbstractAuthorizeAdapter.java index 46598de04077c19143bb9a184f4556953aab8c81..723bf167869bcac0c752a80a452bca8bc1ddc93c 100644 --- a/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/adapter/AbstractAuthorizeAdapter.java +++ b/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/adapter/AbstractAuthorizeAdapter.java @@ -19,6 +19,7 @@ package org.maxkey.authz.endpoint.adapter; import java.io.UnsupportedEncodingException; import org.apache.commons.codec.binary.Hex; +import org.maxkey.authn.SigninPrincipal; import org.maxkey.constants.Boolean; import org.maxkey.crypto.Base64Utils; import org.maxkey.crypto.ReciprocalUtils; @@ -39,7 +40,7 @@ public abstract class AbstractAuthorizeAdapter { public abstract ModelAndView authorize(UserInfo userInfo,Object app,String data,ModelAndView modelAndView); - public abstract String generateInfo(UserInfo userInfo,Object app); + public abstract String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app); public String sign(String data,Apps app){ if(Boolean.isTrue(app.getIsSignature())){ diff --git a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas10AuthorizeEndpoint.java b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas10AuthorizeEndpoint.java index bc30734ec7b11a210cf7dbd91c5f19608e86e742..b10e0787a285dd41a207a8d13516c83892a4811a 100644 --- a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas10AuthorizeEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas10AuthorizeEndpoint.java @@ -23,7 +23,7 @@ package org.maxkey.authz.cas.endpoint; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.maxkey.authn.BasicAuthentication; +import org.maxkey.authn.SigninPrincipal; import org.maxkey.authz.cas.endpoint.response.Service10ResponseBuilder; import org.maxkey.authz.cas.endpoint.ticket.CasConstants; import org.maxkey.authz.cas.endpoint.ticket.Ticket; @@ -102,7 +102,7 @@ renew [OPTIONAL] - if this parameter is set, ticket validation will only succeed } if(storedTicket!=null){ - String principal=((BasicAuthentication)storedTicket.getAuthentication().getPrincipal()).getUsername(); + String principal=((SigninPrincipal)storedTicket.getAuthentication().getPrincipal()).getUsername(); _logger.debug("principal "+principal); return new Service10ResponseBuilder().success() .setUser(principal) diff --git a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas20AuthorizeEndpoint.java b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas20AuthorizeEndpoint.java index fc782bf8a7fadc8b95874222be2693ce75a26f78..ef097f527a9bcdcaeaa31bddf20af5c9d097736d 100644 --- a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas20AuthorizeEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas20AuthorizeEndpoint.java @@ -23,7 +23,7 @@ package org.maxkey.authz.cas.endpoint; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.maxkey.authn.BasicAuthentication; +import org.maxkey.authn.SigninPrincipal; import org.maxkey.authz.cas.endpoint.response.ProxyServiceResponseBuilder; import org.maxkey.authz.cas.endpoint.response.ServiceResponseBuilder; import org.maxkey.authz.cas.endpoint.ticket.CasConstants; @@ -193,7 +193,7 @@ For all error codes, it is RECOMMENDED that CAS provide a more detailed message ServiceResponseBuilder serviceResponseBuilder=new ServiceResponseBuilder(); if(storedTicket!=null){ - BasicAuthentication authentication = ((BasicAuthentication)storedTicket.getAuthentication().getPrincipal()); + SigninPrincipal authentication = ((SigninPrincipal)storedTicket.getAuthentication().getPrincipal()); String principal=authentication.getUsername(); _logger.debug("principal "+principal); serviceResponseBuilder.success().setUser(principal); @@ -201,8 +201,7 @@ For all error codes, it is RECOMMENDED that CAS provide a more detailed message if(Boolean.isTrue(storedTicket.getCasDetails().getIsAdapter())){ AbstractAuthorizeAdapter adapter =(AbstractAuthorizeAdapter)Instance.newInstance(storedTicket.getCasDetails().getAdapter()); UserInfo userInfo = (UserInfo) userInfoService.loadByUsername(principal); - userInfo.setOnlineTicket(authentication.getOnlineTicket()); - adapter.generateInfo(userInfo, serviceResponseBuilder); + adapter.generateInfo(authentication,userInfo, serviceResponseBuilder); } }else{ serviceResponseBuilder.failure() diff --git a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas30AuthorizeEndpoint.java b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas30AuthorizeEndpoint.java index 3cc86e11650705655f06bf17e21b6675266e9d6d..c2a98afdd75632fefa846f45ced4639c1ffc7a60 100644 --- a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas30AuthorizeEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas30AuthorizeEndpoint.java @@ -23,7 +23,7 @@ package org.maxkey.authz.cas.endpoint; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.maxkey.authn.BasicAuthentication; +import org.maxkey.authn.SigninPrincipal; import org.maxkey.authz.cas.endpoint.response.ServiceResponseBuilder; import org.maxkey.authz.cas.endpoint.ticket.CasConstants; import org.maxkey.authz.cas.endpoint.ticket.Ticket; @@ -76,15 +76,14 @@ public class Cas30AuthorizeEndpoint extends CasBaseAuthorizeEndpoint{ ServiceResponseBuilder serviceResponseBuilder=new ServiceResponseBuilder(); if(storedTicket!=null){ - BasicAuthentication authentication = ((BasicAuthentication)storedTicket.getAuthentication().getPrincipal()); + SigninPrincipal authentication = ((SigninPrincipal)storedTicket.getAuthentication().getPrincipal()); String principal=authentication.getUsername(); serviceResponseBuilder.success().setUser(principal); if(Boolean.isTrue(storedTicket.getCasDetails().getIsAdapter())){ AbstractAuthorizeAdapter adapter =(AbstractAuthorizeAdapter)Instance.newInstance(storedTicket.getCasDetails().getAdapter()); UserInfo userInfo = (UserInfo) userInfoService.loadByUsername(principal); - userInfo.setOnlineTicket(authentication.getOnlineTicket()); - adapter.generateInfo(userInfo, serviceResponseBuilder); + adapter.generateInfo(authentication,userInfo, serviceResponseBuilder); } }else{ serviceResponseBuilder.failure() @@ -123,13 +122,14 @@ public class Cas30AuthorizeEndpoint extends CasBaseAuthorizeEndpoint{ ServiceResponseBuilder serviceResponseBuilder=new ServiceResponseBuilder(); if(storedTicket!=null){ - String principal=((BasicAuthentication)storedTicket.getAuthentication().getPrincipal()).getUsername(); + SigninPrincipal authentication = ((SigninPrincipal)storedTicket.getAuthentication().getPrincipal()); + String principal=authentication.getUsername(); serviceResponseBuilder.success().setUser(principal); if(Boolean.isTrue(storedTicket.getCasDetails().getIsAdapter())){ AbstractAuthorizeAdapter adapter =(AbstractAuthorizeAdapter)Instance.newInstance(storedTicket.getCasDetails().getAdapter()); UserInfo userInfo = (UserInfo) userInfoService.loadByUsername(principal); - adapter.generateInfo(userInfo, serviceResponseBuilder); + adapter.generateInfo(authentication,userInfo, serviceResponseBuilder); } }else{ serviceResponseBuilder.failure() diff --git a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java index dfcc72f07705f4bf64608852a5bc5b5a9e67828e..ce47b2900dea0e5456fc6232e7756d5bdc5d523b 100644 --- a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java @@ -20,12 +20,13 @@ */ package org.maxkey.authz.cas.endpoint; +import java.security.Principal; import java.util.Map; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.maxkey.authn.BasicAuthentication; +import org.maxkey.authn.SigninPrincipal; import org.maxkey.authn.online.OnlineTicket; import org.maxkey.authz.cas.endpoint.ticket.CasConstants; import org.maxkey.authz.cas.endpoint.ticket.ServiceTicketImpl; @@ -36,6 +37,9 @@ import org.maxkey.web.WebConstants; import org.maxkey.web.WebContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.security.core.Authentication; +import org.springframework.security.core.annotation.AuthenticationPrincipal; +import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestMapping; @@ -92,10 +96,12 @@ public class CasAuthorizeEndpoint extends CasBaseAuthorizeEndpoint{ } @RequestMapping("/authz/cas/granting") - public ModelAndView grantingTicket( + public ModelAndView grantingTicket(Principal principal, + @AuthenticationPrincipal Object user, HttpServletRequest request, HttpServletResponse response){ + Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); AppsCasDetails casDetails=(AppsCasDetails)WebContext.getAttribute(CasConstants.PARAMETER.ENDPOINT_CAS_DETAILS); ServiceTicketImpl serviceTicket=new ServiceTicketImpl(WebContext.getAuthentication(),casDetails); @@ -129,8 +135,10 @@ public class CasAuthorizeEndpoint extends CasBaseAuthorizeEndpoint{ } if(casDetails.getLogoutType()==LogoutType.BACK_CHANNEL) { - String onlineTicketId = ((BasicAuthentication)WebContext.getAuthentication().getPrincipal()).getOnlineTicket().getTicketId(); + String onlineTicketId = ((SigninPrincipal)WebContext.getAuthentication().getPrincipal()).getOnlineTicket(); OnlineTicket onlineTicket = onlineTicketServices.get(onlineTicketId); + //set cas ticket as OnlineTicketId + casDetails.setOnlineTicket(ticket); onlineTicket.setAuthorizedApp(casDetails); onlineTicketServices.store(onlineTicketId, onlineTicket); } diff --git a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasRestV1Endpoint.java b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasRestV1Endpoint.java index 18fc9367bf6ffd616006251134618e5e42e1af5c..1483b0f1786b56a70231cab3ac8bbd50c3e6f48e 100644 --- a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasRestV1Endpoint.java +++ b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasRestV1Endpoint.java @@ -24,7 +24,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.maxkey.authn.AbstractAuthenticationProvider; -import org.maxkey.authn.BasicAuthentication; +import org.maxkey.authn.LoginCredential; import org.maxkey.authz.cas.endpoint.response.ServiceResponseBuilder; import org.maxkey.authz.cas.endpoint.ticket.CasConstants; import org.maxkey.authz.cas.endpoint.ticket.ServiceTicketImpl; @@ -75,9 +75,9 @@ public class CasRestV1Endpoint extends CasBaseAuthorizeEndpoint{ throw new BadCredentialsException("No credentials are provided or extracted to authenticate the REST request"); } - BasicAuthentication authentication =new BasicAuthentication(username,password,"CASREST"); + LoginCredential loginCredential =new LoginCredential(username,password,"CASREST"); - authenticationProvider.basicAuthenticate(authentication); + authenticationProvider.basicAuthenticate(loginCredential); TicketGrantingTicketImpl ticketGrantingTicket=new TicketGrantingTicketImpl("Random",WebContext.getAuthentication(),null); @@ -178,9 +178,9 @@ public class CasRestV1Endpoint extends CasBaseAuthorizeEndpoint{ throw new BadCredentialsException("No credentials are provided or extracted to authenticate the REST request"); } - BasicAuthentication authentication =new BasicAuthentication(username,password,"CASREST"); + LoginCredential loginCredential =new LoginCredential(username,password,"CASREST"); - authenticationProvider.basicAuthenticate(authentication); + authenticationProvider.basicAuthenticate(loginCredential); UserInfo userInfo =WebContext.getUserInfo(); TicketGrantingTicketImpl ticketGrantingTicket=new TicketGrantingTicketImpl("Random",WebContext.getAuthentication(),null); diff --git a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/adapter/CasDefaultAdapter.java b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/adapter/CasDefaultAdapter.java index 36fe3f7ecd6a4ed3a3ec20dd8ff225786d770bda..c5d1c523430f650964551a8d2f1815023ae3d901 100644 --- a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/adapter/CasDefaultAdapter.java +++ b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/adapter/CasDefaultAdapter.java @@ -20,6 +20,7 @@ package org.maxkey.authz.cas.endpoint.adapter; import java.io.UnsupportedEncodingException; import org.apache.commons.codec.binary.Base64; +import org.maxkey.authn.SigninPrincipal; import org.maxkey.authz.cas.endpoint.response.ServiceResponseBuilder; import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter; import org.maxkey.domain.UserInfo; @@ -47,7 +48,7 @@ public class CasDefaultAdapter extends AbstractAuthorizeAdapter { } @Override - public String generateInfo(UserInfo userInfo, Object serviceResponseObject) { + public String generateInfo(SigninPrincipal authentication,UserInfo userInfo, Object serviceResponseObject) { ServiceResponseBuilder serviceResponseBuilder=(ServiceResponseBuilder)serviceResponseObject; //for user serviceResponseBuilder.setAttribute("uid", userInfo.getId()); @@ -66,7 +67,7 @@ public class CasDefaultAdapter extends AbstractAuthorizeAdapter { serviceResponseBuilder.setAttribute("departmentId", userInfo.getDepartmentId()); serviceResponseBuilder.setAttribute("workRegion",base64Attr(userInfo.getWorkRegion())); - serviceResponseBuilder.setAttribute(WebConstants.ONLINE_TICKET_NAME,userInfo.getOnlineTicket().getTicketId()); + serviceResponseBuilder.setAttribute(WebConstants.ONLINE_TICKET_NAME,authentication.getOnlineTicket()); return null; } diff --git a/maxkey-protocols/maxkey-protocol-desktop/src/main/java/org/maxkey/authz/desktop/endpoint/DesktopAuthorizeEndpoint.java b/maxkey-protocols/maxkey-protocol-desktop/src/main/java/org/maxkey/authz/desktop/endpoint/DesktopAuthorizeEndpoint.java index ddd496195be407987ac53cec0020f4802eddf353..1600f3f9ece92f69ab52fd881e67aac284406f7e 100644 --- a/maxkey-protocols/maxkey-protocol-desktop/src/main/java/org/maxkey/authz/desktop/endpoint/DesktopAuthorizeEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-desktop/src/main/java/org/maxkey/authz/desktop/endpoint/DesktopAuthorizeEndpoint.java @@ -22,6 +22,7 @@ package org.maxkey.authz.desktop.endpoint; import javax.servlet.http.HttpServletRequest; +import org.maxkey.authn.SigninPrincipal; import org.maxkey.authz.desktop.endpoint.adapter.DesktopDefaultAdapter; import org.maxkey.authz.endpoint.AuthorizeBaseEndpoint; import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter; @@ -74,7 +75,9 @@ public class DesktopAuthorizeEndpoint extends AuthorizeBaseEndpoint{ adapter =(AbstractAuthorizeAdapter)defaultDesktopAdapter; } - String paramString=adapter.generateInfo(WebContext.getUserInfo(), desktopDetails); + String paramString=adapter.generateInfo( + (SigninPrincipal)WebContext.getAuthentication().getPrincipal(), + WebContext.getUserInfo(), desktopDetails); String encryptParamString=adapter.encrypt(paramString, null, null); diff --git a/maxkey-protocols/maxkey-protocol-desktop/src/main/java/org/maxkey/authz/desktop/endpoint/adapter/DesktopDefaultAdapter.java b/maxkey-protocols/maxkey-protocol-desktop/src/main/java/org/maxkey/authz/desktop/endpoint/adapter/DesktopDefaultAdapter.java index 27e4bc7aab9b063faa4a34db2f6251f1bf348873..20bed547bc6d1e6faa139f4cba23fe5a5b06a585 100644 --- a/maxkey-protocols/maxkey-protocol-desktop/src/main/java/org/maxkey/authz/desktop/endpoint/adapter/DesktopDefaultAdapter.java +++ b/maxkey-protocols/maxkey-protocol-desktop/src/main/java/org/maxkey/authz/desktop/endpoint/adapter/DesktopDefaultAdapter.java @@ -19,6 +19,7 @@ package org.maxkey.authz.desktop.endpoint.adapter; import java.util.HashMap; +import org.maxkey.authn.SigninPrincipal; import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter; import org.maxkey.crypto.HexUtils; import org.maxkey.domain.UserInfo; @@ -33,7 +34,7 @@ import org.springframework.web.servlet.ModelAndView; public class DesktopDefaultAdapter extends AbstractAuthorizeAdapter { final static Logger _logger = LoggerFactory.getLogger(DesktopDefaultAdapter.class); @Override - public String generateInfo(UserInfo userInfo,Object app) { + public String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app) { AppsDesktopDetails details=(AppsDesktopDetails)app; String parameter=details.getParameter()==null?"":details.getParameter(); diff --git a/maxkey-protocols/maxkey-protocol-desktop/src/main/java/org/maxkey/authz/desktop/endpoint/adapter/DesktopQQAdapter.java b/maxkey-protocols/maxkey-protocol-desktop/src/main/java/org/maxkey/authz/desktop/endpoint/adapter/DesktopQQAdapter.java index a5ca0c215b4fee1aa13f9755c9eaeee56ec0d5e7..334797e76892e553ee62a1e2b0acb499328572ae 100644 --- a/maxkey-protocols/maxkey-protocol-desktop/src/main/java/org/maxkey/authz/desktop/endpoint/adapter/DesktopQQAdapter.java +++ b/maxkey-protocols/maxkey-protocol-desktop/src/main/java/org/maxkey/authz/desktop/endpoint/adapter/DesktopQQAdapter.java @@ -19,6 +19,7 @@ package org.maxkey.authz.desktop.endpoint.adapter; import java.util.HashMap; +import org.maxkey.authn.SigninPrincipal; import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter; import org.maxkey.crypto.HexUtils; import org.maxkey.domain.UserInfo; @@ -33,7 +34,7 @@ import org.springframework.web.servlet.ModelAndView; public class DesktopQQAdapter extends AbstractAuthorizeAdapter { final static Logger _logger = LoggerFactory.getLogger(DesktopQQAdapter.class); @Override - public String generateInfo(UserInfo userInfo,Object app) { + public String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app) { AppsDesktopDetails details=(AppsDesktopDetails)app; String parameter=details.getParameter()==null?"":details.getParameter(); diff --git a/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiQQExmailDefaultAdapter.java b/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiQQExmailDefaultAdapter.java index b791f7caad11bd0390a622627f30fcf9a938b721..577d51e784074ed3754d2f0792ff6c8be315a142 100644 --- a/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiQQExmailDefaultAdapter.java +++ b/maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiQQExmailDefaultAdapter.java @@ -19,6 +19,7 @@ package org.maxkey.authz.exapi.endpoint.adapter; import java.util.HashMap; +import org.maxkey.authn.SigninPrincipal; import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter; import org.maxkey.client.oauth.OAuthClient; import org.maxkey.client.oauth.model.Token; @@ -38,7 +39,7 @@ public class ExtendApiQQExmailDefaultAdapter extends AbstractAuthorizeAdapter { static String authkey_uri="http://openapi.exmail.qq.com:12211/openapi/mail/authkey"; @Override - public String generateInfo(UserInfo userInfo,Object app) { + public String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app) { return null; } diff --git a/maxkey-protocols/maxkey-protocol-formbased/src/main/java/org/maxkey/authz/formbased/endpoint/adapter/FormBasedDefaultAdapter.java b/maxkey-protocols/maxkey-protocol-formbased/src/main/java/org/maxkey/authz/formbased/endpoint/adapter/FormBasedDefaultAdapter.java index f7ca7534a2af66e1f89289281cb82c7a12b345da..a98458c9c1fb6803c67cf343df1c868563277124 100644 --- a/maxkey-protocols/maxkey-protocol-formbased/src/main/java/org/maxkey/authz/formbased/endpoint/adapter/FormBasedDefaultAdapter.java +++ b/maxkey-protocols/maxkey-protocol-formbased/src/main/java/org/maxkey/authz/formbased/endpoint/adapter/FormBasedDefaultAdapter.java @@ -17,6 +17,7 @@ package org.maxkey.authz.formbased.endpoint.adapter; +import org.maxkey.authn.SigninPrincipal; import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter; import org.maxkey.constants.Boolean; import org.maxkey.crypto.DigestUtils; @@ -27,7 +28,7 @@ import org.springframework.web.servlet.ModelAndView; public class FormBasedDefaultAdapter extends AbstractAuthorizeAdapter { @Override - public String generateInfo(UserInfo userInfo,Object app) { + public String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app) { return null; } diff --git a/maxkey-protocols/maxkey-protocol-formbased/src/main/java/org/maxkey/authz/formbased/endpoint/adapter/FormBasedNetease163EmailAdapter.java b/maxkey-protocols/maxkey-protocol-formbased/src/main/java/org/maxkey/authz/formbased/endpoint/adapter/FormBasedNetease163EmailAdapter.java index 976506e43c80ffac423e543f4c432fa66573be5f..31211e230688a1e847d12658b9e0038d2b61bf6f 100644 --- a/maxkey-protocols/maxkey-protocol-formbased/src/main/java/org/maxkey/authz/formbased/endpoint/adapter/FormBasedNetease163EmailAdapter.java +++ b/maxkey-protocols/maxkey-protocol-formbased/src/main/java/org/maxkey/authz/formbased/endpoint/adapter/FormBasedNetease163EmailAdapter.java @@ -17,6 +17,7 @@ package org.maxkey.authz.formbased.endpoint.adapter; +import org.maxkey.authn.SigninPrincipal; import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter; import org.maxkey.constants.Boolean; import org.maxkey.domain.UserInfo; @@ -26,7 +27,7 @@ import org.springframework.web.servlet.ModelAndView; public class FormBasedNetease163EmailAdapter extends AbstractAuthorizeAdapter { @Override - public String generateInfo(UserInfo userInfo,Object app) { + public String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app) { return null; } diff --git a/maxkey-protocols/maxkey-protocol-formbased/src/main/java/org/maxkey/authz/formbased/endpoint/adapter/FormBasedNeteaseNoteYoudaoAdapter.java b/maxkey-protocols/maxkey-protocol-formbased/src/main/java/org/maxkey/authz/formbased/endpoint/adapter/FormBasedNeteaseNoteYoudaoAdapter.java index 0a181e51f94669fb8453b19ed210779cf1ee25d4..48c64871043504b3d91469d0e482c171d3a427d7 100644 --- a/maxkey-protocols/maxkey-protocol-formbased/src/main/java/org/maxkey/authz/formbased/endpoint/adapter/FormBasedNeteaseNoteYoudaoAdapter.java +++ b/maxkey-protocols/maxkey-protocol-formbased/src/main/java/org/maxkey/authz/formbased/endpoint/adapter/FormBasedNeteaseNoteYoudaoAdapter.java @@ -19,6 +19,7 @@ package org.maxkey.authz.formbased.endpoint.adapter; import java.util.Date; +import org.maxkey.authn.SigninPrincipal; import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter; import org.maxkey.crypto.DigestUtils; import org.maxkey.domain.UserInfo; @@ -28,7 +29,7 @@ import org.springframework.web.servlet.ModelAndView; public class FormBasedNeteaseNoteYoudaoAdapter extends AbstractAuthorizeAdapter { @Override - public String generateInfo(UserInfo userInfo,Object app) { + public String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app) { return null; } diff --git a/maxkey-protocols/maxkey-protocol-formbased/src/main/java/org/maxkey/authz/formbased/endpoint/adapter/FormBasedRedirectAdapter.java b/maxkey-protocols/maxkey-protocol-formbased/src/main/java/org/maxkey/authz/formbased/endpoint/adapter/FormBasedRedirectAdapter.java index 5aca476a38a03abd9d5180aedfa277e9865c9b24..8cc6a7d004a458908083537c74bd534cef81b67b 100644 --- a/maxkey-protocols/maxkey-protocol-formbased/src/main/java/org/maxkey/authz/formbased/endpoint/adapter/FormBasedRedirectAdapter.java +++ b/maxkey-protocols/maxkey-protocol-formbased/src/main/java/org/maxkey/authz/formbased/endpoint/adapter/FormBasedRedirectAdapter.java @@ -17,6 +17,7 @@ package org.maxkey.authz.formbased.endpoint.adapter; +import org.maxkey.authn.SigninPrincipal; import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter; import org.maxkey.constants.Boolean; import org.maxkey.crypto.DigestUtils; @@ -28,7 +29,7 @@ import org.springframework.web.servlet.ModelAndView; public class FormBasedRedirectAdapter extends AbstractAuthorizeAdapter { @Override - public String generateInfo(UserInfo userInfo,Object app) { + public String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app) { return null; } diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/controller/OAuth20AccessConfirmationController.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/controller/OAuth20AccessConfirmationController.java index 1c116917328bbad777940a5f2d5473e39407b990..4a7f690c2f9c2f7de33c65dc9e434d145945f6eb 100644 --- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/controller/OAuth20AccessConfirmationController.java +++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/controller/OAuth20AccessConfirmationController.java @@ -20,7 +20,7 @@ package org.maxkey.authz.oauth2.provider.approval.controller; import java.util.HashMap; import java.util.LinkedHashMap; import java.util.Map; -import org.maxkey.authn.BasicAuthentication; +import org.maxkey.authn.SigninPrincipal; import org.maxkey.authz.endpoint.AuthorizeBaseEndpoint; import org.maxkey.authz.oauth2.common.util.OAuth2Utils; import org.maxkey.authz.oauth2.provider.AuthorizationRequest; @@ -102,7 +102,7 @@ public class OAuth20AccessConfirmationController { scopes.put(OAuth2Utils.SCOPE_PREFIX + scope, "false"); } String principal = - ((BasicAuthentication) WebContext.getAuthentication().getPrincipal()).getUsername(); + ((SigninPrincipal) WebContext.getAuthentication().getPrincipal()).getUsername(); for (Approval approval : approvalStore.getApprovals(principal, client.getClientId())) { if (clientAuth.getScope().contains(approval.getScope())) { scopes.put(OAuth2Utils.SCOPE_PREFIX + approval.getScope(), diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AuthorizationEndpoint.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AuthorizationEndpoint.java index 2ddb8be20b94b2cd770d9d2ecbbeccb97fe038e3..1665a48d87c412477888fc5b8c71b1520f13ef00 100644 --- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AuthorizationEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AuthorizationEndpoint.java @@ -129,7 +129,7 @@ public class AuthorizationEndpoint extends AbstractEndpoint { @RequestMapping(value = "/oauth/v20/authorize", method = RequestMethod.GET) public ModelAndView authorize(Map model, @RequestParam Map parameters, SessionStatus sessionStatus) { - Principal principal=(Principal)WebContext.getAuthentication().getPrincipal(); + Principal principal=(Principal)WebContext.getAuthentication(); // Pull out the authorization request first, using the OAuth2RequestFactory. All further logic should // query off of the authorization request instead of referring back to the parameters map. The contents of the // parameters map will be stored without change in the AuthorizationRequest object once it is created. @@ -208,7 +208,7 @@ public class AuthorizationEndpoint extends AbstractEndpoint { @RequestMapping(value = "/oauth/v20/authorize", method = RequestMethod.POST, params = OAuth2Utils.USER_OAUTH_APPROVAL) public View approveOrDeny(@RequestParam Map approvalParameters, Map model, SessionStatus sessionStatus) { - Principal principal=(Principal)WebContext.getAuthentication().getPrincipal(); + Principal principal=(Principal)WebContext.getAuthentication(); if (!(principal instanceof Authentication)) { sessionStatus.setComplete(); throw new InsufficientAuthenticationException( diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpoint.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpoint.java index af90844276b7902777e867fc83d5747f500d9b6e..f76868e9651b6cce19af5a005afa9890d498b7df 100644 --- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpoint.java @@ -23,6 +23,7 @@ import java.util.HashSet; import java.util.Map; import java.util.Set; +import org.maxkey.authn.SigninPrincipal; import org.maxkey.authz.oauth2.common.OAuth2AccessToken; import org.maxkey.authz.oauth2.common.exceptions.InvalidClientException; import org.maxkey.authz.oauth2.common.exceptions.InvalidGrantException; @@ -41,6 +42,7 @@ import org.springframework.http.HttpMethod; import org.springframework.http.HttpStatus; import org.springframework.http.ResponseEntity; import org.springframework.security.authentication.InsufficientAuthenticationException; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.stereotype.Controller; import org.springframework.util.StringUtils; @@ -98,9 +100,6 @@ public class TokenEndpoint extends AbstractEndpoint { Object principal = WebContext.getAuthentication(); - if(parameters.get("code") != null) { - principal=WebContext.getAuthentication().getPrincipal(); - } if (!(principal instanceof Authentication)) { throw new InsufficientAuthenticationException( "There is no client authentication. Try adding an appropriate authentication filter."); @@ -174,6 +173,9 @@ public class TokenEndpoint extends AbstractEndpoint { // Might be a client and user combined authentication clientId = ((OAuth2Authentication) client).getOAuth2Request().getClientId(); } + if (client instanceof UsernamePasswordAuthenticationToken) { + clientId = ((SigninPrincipal)client.getPrincipal()).getUsername(); + } return clientId; } diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpointAuthenticationFilter.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpointAuthenticationFilter.java index 4d0273fa40a3a52dcde8b4fa8b5b0c71ad3645bc..4b3633ae234a4ed052ea41e35b6eab435979e6c0 100644 --- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpointAuthenticationFilter.java +++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpointAuthenticationFilter.java @@ -33,7 +33,7 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.logging.Log; import org.apache.commons.logging.LogFactory; -import org.maxkey.authn.BasicAuthentication; +import org.maxkey.authn.SigninPrincipal; import org.maxkey.authz.oauth2.common.util.OAuth2Utils; import org.maxkey.authz.oauth2.provider.AuthorizationRequest; import org.maxkey.authz.oauth2.provider.OAuth2Authentication; @@ -136,8 +136,7 @@ public class TokenEndpointAuthenticationFilter implements Filter { usernamepassword(request,response); }else { Authentication authentication=ClientCredentials(request,response); - BasicAuthentication auth =new BasicAuthentication(); - auth.setUsername(((User)authentication.getPrincipal()).getUsername()); + SigninPrincipal auth =new SigninPrincipal((User)authentication.getPrincipal()); auth.setAuthenticated(true); UsernamePasswordAuthenticationToken simpleUserAuthentication = new UsernamePasswordAuthenticationToken(auth, authentication.getCredentials(), authentication.getAuthorities()); WebContext.setAuthentication(simpleUserAuthentication); diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/OAuthDefaultUserInfoAdapter.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/OAuthDefaultUserInfoAdapter.java index a9c8cb7c9bba715d37e0e61f8970719259bdbcbf..9a7b2a1fdd7a2f6c738425156ba32ff5ccdaa86e 100644 --- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/OAuthDefaultUserInfoAdapter.java +++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/OAuthDefaultUserInfoAdapter.java @@ -19,6 +19,7 @@ package org.maxkey.authz.oauth2.provider.userinfo.endpoint; import java.util.HashMap; +import org.maxkey.authn.SigninPrincipal; import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter; import org.maxkey.domain.UserInfo; import org.maxkey.util.JsonUtils; @@ -29,7 +30,7 @@ import org.springframework.web.servlet.ModelAndView; public class OAuthDefaultUserInfoAdapter extends AbstractAuthorizeAdapter { @Override - public String generateInfo(UserInfo userInfo,Object app) { + public String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app) { HashMap beanMap = new HashMap(); beanMap.put("randomId",(new StringGenerator()).uuidGenerate()); beanMap.put("uid", userInfo.getId()); @@ -44,7 +45,7 @@ public class OAuthDefaultUserInfoAdapter extends AbstractAuthorizeAdapter { beanMap.put("title", userInfo.getJobTitle()); beanMap.put("state", userInfo.getWorkRegion()); beanMap.put("gender", userInfo.getGender()); - beanMap.put(WebConstants.ONLINE_TICKET_NAME, userInfo.getOnlineTicket().getTicketId()); + beanMap.put(WebConstants.ONLINE_TICKET_NAME, authentication.getOnlineTicket()); String info= JsonUtils.object2Json(beanMap); diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/UserInfoEndpoint.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/UserInfoEndpoint.java index ec3ae8fedf0dd56d8164ce2760807e49b664b9b6..f3daf7003ecd6bd9edb86f58be1da9889bbcb95e 100644 --- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/UserInfoEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/UserInfoEndpoint.java @@ -26,7 +26,7 @@ import java.util.UUID; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.maxkey.authn.BasicAuthentication; +import org.maxkey.authn.SigninPrincipal; import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter; import org.maxkey.authz.oauth2.common.exceptions.OAuth2Exception; import org.maxkey.authz.oauth2.provider.ClientDetailsService; @@ -123,7 +123,7 @@ public class UserInfoEndpoint { try{ oAuth2Authentication = oauth20tokenServices.loadAuthentication(access_token); - principal=oAuth2Authentication.getPrincipal().toString(); + principal=((SigninPrincipal)oAuth2Authentication.getUserAuthentication().getPrincipal()).getUsername(); String client_id= oAuth2Authentication.getOAuth2Request().getClientId(); UserInfo userInfo=queryUserInfo(principal); @@ -135,9 +135,10 @@ public class UserInfoEndpoint { }else{ adapter =(AbstractAuthorizeAdapter)defaultOAuthUserInfoAdapter; } - BasicAuthentication authentication = (BasicAuthentication)oAuth2Authentication.getUserAuthentication(); - userInfo.setOnlineTicket(authentication.getOnlineTicket()); - String jsonData=adapter.generateInfo(userInfo, app); + + String jsonData=adapter.generateInfo( + (SigninPrincipal)oAuth2Authentication.getUserAuthentication().getPrincipal(), + userInfo, app); return jsonData; }catch(OAuth2Exception e){ HashMapauthzException=new HashMap(); @@ -163,7 +164,7 @@ public class UserInfoEndpoint { try{ oAuth2Authentication = oauth20tokenServices.loadAuthentication(access_token); - principal=oAuth2Authentication.getPrincipal().toString(); + principal=((SigninPrincipal)oAuth2Authentication.getPrincipal()).getUsername(); Setscopes=oAuth2Authentication.getOAuth2Request().getScope(); ClientDetails clientDetails = clientDetailsService.loadClientByClientId(oAuth2Authentication.getOAuth2Request().getClientId()); @@ -172,10 +173,10 @@ public class UserInfoEndpoint { String userJson=""; Builder jwtClaimsSetBuilder= new JWTClaimsSet.Builder(); - BasicAuthentication authentication = (BasicAuthentication)oAuth2Authentication.getUserAuthentication(); + SigninPrincipal authentication = (SigninPrincipal)oAuth2Authentication.getUserAuthentication().getPrincipal(); jwtClaimsSetBuilder.claim("sub", userInfo.getId()); - jwtClaimsSetBuilder.claim(WebConstants.ONLINE_TICKET_NAME, authentication.getOnlineTicket().getTicketId()); + jwtClaimsSetBuilder.claim(WebConstants.ONLINE_TICKET_NAME, authentication.getOnlineTicket()); if(scopes.contains("profile")){ jwtClaimsSetBuilder.claim("name", userInfo.getUsername()); diff --git a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/AssertionEndpoint.java b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/AssertionEndpoint.java index aa2e0116546bc480ccad92b80b7a0337e99ebbe7..31ba1e0515c3cc151363380ab60b9ef2eda07589 100644 --- a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/AssertionEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/AssertionEndpoint.java @@ -22,6 +22,7 @@ import java.util.HashMap; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.maxkey.authn.SigninPrincipal; import org.maxkey.authz.saml.common.AuthnRequestInfo; import org.maxkey.authz.saml.common.EndpointGenerator; import org.maxkey.authz.saml20.binding.BindingAdapter; @@ -72,8 +73,7 @@ public class AssertionEndpoint { logger.debug("AuthnRequestInfo: {}", authnRequestInfo); HashMap attributeMap=new HashMap(); - - attributeMap.put(WebConstants.ONLINE_TICKET_NAME, WebContext.getUserInfo().getOnlineTicket().getTicketId()); + attributeMap.put(WebConstants.ONLINE_TICKET_NAME, ((SigninPrincipal)WebContext.getAuthentication().getPrincipal()).getOnlineTicket()); //saml20Details Response authResponse = authnResponseGenerator.generateAuthnResponse( diff --git a/maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/TokenBasedAuthorizeEndpoint.java b/maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/TokenBasedAuthorizeEndpoint.java index d262d97f3baa02913690288b0267c0405ba58eff..313aa970a3f4c81df1d3887251cacee2545c13a1 100644 --- a/maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/TokenBasedAuthorizeEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/TokenBasedAuthorizeEndpoint.java @@ -24,6 +24,7 @@ import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.maxkey.authn.SigninPrincipal; import org.maxkey.authz.endpoint.AuthorizeBaseEndpoint; import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter; import org.maxkey.authz.token.endpoint.adapter.TokenBasedDefaultAdapter; @@ -82,6 +83,7 @@ public class TokenBasedAuthorizeEndpoint extends AuthorizeBaseEndpoint{ } String tokenData=adapter.generateInfo( + (SigninPrincipal)WebContext.getAuthentication().getPrincipal(), WebContext.getUserInfo(), tokenBasedDetails); diff --git a/maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedDefaultAdapter.java b/maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedDefaultAdapter.java index b7b389477d8b11f4c4dbe62691a5319008095fb6..9b35a2b51dc41bda6e1392d3426c2e69bac1c53f 100644 --- a/maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedDefaultAdapter.java +++ b/maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedDefaultAdapter.java @@ -20,6 +20,7 @@ package org.maxkey.authz.token.endpoint.adapter; import java.util.Date; import java.util.HashMap; +import org.maxkey.authn.SigninPrincipal; import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter; import org.maxkey.domain.UserInfo; import org.maxkey.domain.apps.AppsTokenBasedDetails; @@ -34,7 +35,7 @@ import org.springframework.web.servlet.ModelAndView; public class TokenBasedDefaultAdapter extends AbstractAuthorizeAdapter { final static Logger _logger = LoggerFactory.getLogger(TokenBasedDefaultAdapter.class); @Override - public String generateInfo(UserInfo userInfo,Object app) { + public String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app) { AppsTokenBasedDetails details=(AppsTokenBasedDetails)app; HashMap beanMap=new HashMap(); @@ -71,7 +72,7 @@ public class TokenBasedDefaultAdapter extends AbstractAuthorizeAdapter { } beanMap.put("displayName", userInfo.getDisplayName()); - beanMap.put(WebConstants.ONLINE_TICKET_NAME, userInfo.getOnlineTicket().getTicketId()); + beanMap.put(WebConstants.ONLINE_TICKET_NAME, authentication.getOnlineTicket()); /* * use UTC date time format diff --git a/maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedJWTAdapter.java b/maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedJWTAdapter.java index 97aabb72378c8e93b236dc5e6b6bd4f156d08cf4..1f46a07b71a2f33111516256c786dd06287d4c75 100644 --- a/maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedJWTAdapter.java +++ b/maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedJWTAdapter.java @@ -22,6 +22,7 @@ import java.util.Date; import java.util.UUID; import org.joda.time.DateTime; +import org.maxkey.authn.SigninPrincipal; import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter; import org.maxkey.configuration.oidc.OIDCProviderMetadata; import org.maxkey.crypto.jwt.signer.service.JwtSigningAndValidationService; @@ -44,7 +45,7 @@ import com.nimbusds.jwt.SignedJWT; public class TokenBasedJWTAdapter extends AbstractAuthorizeAdapter { final static Logger _logger = LoggerFactory.getLogger(TokenBasedJWTAdapter.class); @Override - public String generateInfo(UserInfo userInfo,Object app) { + public String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app) { AppsTokenBasedDetails details=(AppsTokenBasedDetails)app; @@ -68,7 +69,7 @@ public class TokenBasedJWTAdapter extends AbstractAuthorizeAdapter { .claim("user_id", userInfo.getId()) .claim("external_id", userInfo.getId()) .claim("locale", userInfo.getLocale()) - .claim(WebConstants.ONLINE_TICKET_NAME, userInfo.getOnlineTicket().getTicketId()) + .claim(WebConstants.ONLINE_TICKET_NAME, authentication.getOnlineTicket()) .claim("kid", jwtSignerService.getDefaultSignerKeyId()) .build(); diff --git a/maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedJWTHS256Adapter.java b/maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedJWTHS256Adapter.java index 7ce4f19b9a51150d14502376f9c4d4bafa98be91..358ee4441f469e28d4f966d9a0d5922cca6308b7 100644 --- a/maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedJWTHS256Adapter.java +++ b/maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedJWTHS256Adapter.java @@ -22,6 +22,7 @@ import java.util.Date; import java.util.UUID; import org.joda.time.DateTime; +import org.maxkey.authn.SigninPrincipal; import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter; import org.maxkey.configuration.oidc.OIDCProviderMetadata; import org.maxkey.crypto.ReciprocalUtils; @@ -48,7 +49,7 @@ public class TokenBasedJWTHS256Adapter extends AbstractAuthorizeAdapter { private SymmetricSigningAndValidationServiceBuilder symmetricJwtSignerServiceBuilder=new SymmetricSigningAndValidationServiceBuilder(); @Override - public String generateInfo(UserInfo userInfo,Object app) { + public String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app) { AppsTokenBasedDetails details=(AppsTokenBasedDetails)app; OIDCProviderMetadata providerMetadata= (OIDCProviderMetadata)WebContext.getBean("oidcProviderMetadata"); @@ -68,7 +69,7 @@ public class TokenBasedJWTHS256Adapter extends AbstractAuthorizeAdapter { .claim("email", userInfo.getWorkEmail()) .claim("name", userInfo.getUsername()) .claim("user_id", userInfo.getId()) - .claim(WebConstants.ONLINE_TICKET_NAME, userInfo.getOnlineTicket().getTicketId()) + .claim(WebConstants.ONLINE_TICKET_NAME, authentication.getOnlineTicket()) .claim("external_id", userInfo.getId()) .claim("locale", userInfo.getLocale()) .claim("kid", "SYMMETRIC-KEY") diff --git a/maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedSimpleAdapter.java b/maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedSimpleAdapter.java index c1c4e5ea934bd7b0bedd64ae7accbe11a14fa6f2..5dfaa6b9121c451b1a97ab7e46a1bf1451bbca23 100644 --- a/maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedSimpleAdapter.java +++ b/maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedSimpleAdapter.java @@ -19,6 +19,7 @@ package org.maxkey.authz.token.endpoint.adapter; import java.util.Date; +import org.maxkey.authn.SigninPrincipal; import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter; import org.maxkey.domain.UserInfo; import org.maxkey.domain.apps.AppsTokenBasedDetails; @@ -30,7 +31,7 @@ import org.springframework.web.servlet.ModelAndView; public class TokenBasedSimpleAdapter extends AbstractAuthorizeAdapter { final static Logger _logger = LoggerFactory.getLogger(TokenBasedSimpleAdapter.class); @Override - public String generateInfo(UserInfo userInfo,Object app) { + public String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app) { AppsTokenBasedDetails details=(AppsTokenBasedDetails)app; String tokenUsername = userInfo.getUsername(); diff --git a/maxkey-web-manage/src/main/java/org/maxkey/web/endpoint/LoginEndpoint.java b/maxkey-web-manage/src/main/java/org/maxkey/web/endpoint/LoginEndpoint.java index 16448b67f63ec94fb069cfacf5a86b4e25bc8a52..8cd8efa300776047f5942d5372cbc33fc57bd972 100644 --- a/maxkey-web-manage/src/main/java/org/maxkey/web/endpoint/LoginEndpoint.java +++ b/maxkey-web-manage/src/main/java/org/maxkey/web/endpoint/LoginEndpoint.java @@ -21,7 +21,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.maxkey.authn.AbstractAuthenticationProvider; -import org.maxkey.authn.BasicAuthentication; +import org.maxkey.authn.LoginCredential; import org.maxkey.authn.support.jwt.JwtLoginService; import org.maxkey.authn.support.rememberme.AbstractRemeberMeService; import org.maxkey.configuration.ApplicationConfig; @@ -110,12 +110,12 @@ public class LoginEndpoint { } @RequestMapping(value={"/logon.do"}) - public ModelAndView logon(@ModelAttribute("authentication") BasicAuthentication authentication) { + public ModelAndView logon(@ModelAttribute("loginCredential") LoginCredential loginCredential) { if(WebContext.isAuthenticated()){ return WebContext.redirect("/main"); }else{ - authenticationProvider.authenticate(authentication); + authenticationProvider.authenticate(loginCredential); return WebContext.redirect("/login"); } } diff --git a/maxkey-web-manage/src/main/java/org/maxkey/web/interceptor/PermissionAdapter.java b/maxkey-web-manage/src/main/java/org/maxkey/web/interceptor/PermissionAdapter.java index 25f7928edc827592eea1abb885c1d84b930e5224..337e44f65c816ecb6d9b26909b2c7420a8f064d7 100644 --- a/maxkey-web-manage/src/main/java/org/maxkey/web/interceptor/PermissionAdapter.java +++ b/maxkey-web-manage/src/main/java/org/maxkey/web/interceptor/PermissionAdapter.java @@ -23,7 +23,7 @@ import javax.servlet.RequestDispatcher; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.maxkey.authn.BasicAuthentication; +import org.maxkey.authn.SigninPrincipal; import org.maxkey.configuration.ApplicationConfig; import org.maxkey.web.WebContext; import org.slf4j.Logger; @@ -68,7 +68,7 @@ public class PermissionAdapter extends HandlerInterceptorAdapter { } //非管理员用户直接注销 - if (!((BasicAuthentication) WebContext.getAuthentication().getPrincipal()).isRoleAdministrators()) { + if (!((SigninPrincipal) WebContext.getAuthentication().getPrincipal()).isRoleAdministrators()) { _logger.debug("Not ADMINISTRATORS Authentication ."); RequestDispatcher dispatcher = request.getRequestDispatcher("/logout"); dispatcher.forward(request, response); diff --git a/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/AppListController.java b/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/AppListController.java index 278f797f2caa31f113ef5460ae2af2a86271b397..ee5c521976c753d55188d11a38178be4eca5c9ca 100644 --- a/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/AppListController.java +++ b/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/AppListController.java @@ -17,6 +17,7 @@ package org.maxkey.web.contorller; +import java.security.Principal; import java.util.List; import org.maxkey.constants.ConstantsOperateMessage; import org.maxkey.constants.ConstantsProtocols; @@ -67,7 +68,7 @@ public class AppListController { */ @RequestMapping(value = { "/appList" }) public ModelAndView appList( - @RequestParam(value = "gridList", required = false) String gridList) { + @RequestParam(value = "gridList", required = false) String gridList,Principal principal) { ModelAndView modelAndView = new ModelAndView("main/appList"); userInfoService.updateGridList(gridList); modelAndView.addObject("appList", queryAccessableApps()); diff --git a/maxkey-web-maxkey/src/main/java/org/maxkey/web/endpoint/LoginEndpoint.java b/maxkey-web-maxkey/src/main/java/org/maxkey/web/endpoint/LoginEndpoint.java index 27157e66f7793d68362b300ec7b84fcbbb7286c5..f7940da63e739fe0b4e41dae85c11dc3d96aa341 100644 --- a/maxkey-web-maxkey/src/main/java/org/maxkey/web/endpoint/LoginEndpoint.java +++ b/maxkey-web-maxkey/src/main/java/org/maxkey/web/endpoint/LoginEndpoint.java @@ -25,13 +25,12 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.maxkey.authn.AbstractAuthenticationProvider; -import org.maxkey.authn.BasicAuthentication; +import org.maxkey.authn.LoginCredential; import org.maxkey.authn.support.kerberos.KerberosService; import org.maxkey.authn.support.rememberme.AbstractRemeberMeService; import org.maxkey.authn.support.socialsignon.service.SocialSignOnProviderService; import org.maxkey.authn.support.wsfederation.WsFederationConstants; import org.maxkey.configuration.ApplicationConfig; -import org.maxkey.constants.ConstantsOperateMessage; import org.maxkey.constants.ConstantsStatus; import org.maxkey.crypto.password.opt.AbstractOptAuthn; import org.maxkey.domain.UserInfo; @@ -185,9 +184,9 @@ public class LoginEndpoint { public ModelAndView logon( HttpServletRequest request, HttpServletResponse response, - @ModelAttribute("authentication") BasicAuthentication authentication) throws ServletException, IOException { + @ModelAttribute("loginCredential") LoginCredential loginCredential) throws ServletException, IOException { - authenticationProvider.authenticate(authentication); + authenticationProvider.authenticate(loginCredential); if (WebContext.isAuthenticated()) { return WebContext.redirect("/forwardindex"); diff --git a/maxkey-web-maxkey/src/main/resources/application.properties b/maxkey-web-maxkey/src/main/resources/application.properties index 7575e0e1af9a8c24f6303b6d92ead3935e4f7f1d..be21d463b443de1d187f9ccd369da142212f6ccd 100644 --- a/maxkey-web-maxkey/src/main/resources/application.properties +++ b/maxkey-web-maxkey/src/main/resources/application.properties @@ -3,25 +3,28 @@ application.title=MaxKey application.name=MaxKey application.formatted-version=v2.3.0 GA -#server config -#spring.profiles.active=dev + #server port #server.port=80 server.port=443 + #ssl server.ssl.key-store=maxkeyserver.keystore server.ssl.key-alias=maxkey server.ssl.enabled=true server.ssl.key-store-password=maxkey server.ssl.key-store-type=JKS + #web app context path server.servlet.context-path=/maxkey spring.servlet.multipart.enabled=true spring.servlet.multipart.max-file-size=4194304 + #encoding #server.servlet.encoding.charset=UTF-8 #server.servlet.encoding.enabled=true #server.servlet.encoding.force=true + #datasource spring.datasource.username=root spring.datasource.password=maxkey @@ -32,6 +35,7 @@ spring.datasource.type=com.alibaba.druid.pool.DruidDataSource mybatis.type-aliases-package=org.maxkey.domain,org.maxkey.domain.apps, mybatis.mapper-locations=classpath*:/org/maxkey/persistence/mapper/xml/mysql/*.xml mybatis.table-column-escape=true + #redis spring.redis.host=127.0.0.1 spring.redis.port=6379 @@ -53,6 +57,7 @@ spring.mail.properties.ssl=true spring.mail.properties.sender=maxkey@163.com spring.mail.properties.mailotp.message.subject=MaxKey One Time PassWord spring.mail.properties.mailotp.message.template={0} You Token is {1} , it validity in {2} minutes. + #for freemarker spring.freemarker.template-loader-path=classpath:/templates/views spring.freemarker.cache=false @@ -63,10 +68,12 @@ spring.freemarker.expose-request-attributes=false spring.freemarker.expose-session-attributes=false spring.freemarker.request-context-attribute=request spring.freemarker.suffix=.ftl + #static resources spring.mvc.static-path-pattern=/static/** spring.messages.basename=classpath:messages/message spring.messages.encoding=UTF-8 + #main spring.main.banner-mode=log spring.main.allow-bean-definition-overriding=true