Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
MaxKey单点登录官方(MaxKeyTop)
MaxKey
提交
83887ca2
MaxKey
项目概览
MaxKey单点登录官方(MaxKeyTop)
/
MaxKey
9 个月 前同步成功
通知
75
Star
3
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
1
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
MaxKey
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
1
Issue
1
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
83887ca2
编写于
10月 31, 2020
作者:
MaxKey单点登录官方
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
RoleAdministrators 权限控制
上级
4c772d7a
变更
5
隐藏空白更改
内联
并排
Showing
5 changed file
with
47 addition
and
32 deletion
+47
-32
maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java
...java/org/maxkey/authn/AbstractAuthenticationProvider.java
+10
-0
maxkey-core/src/main/java/org/maxkey/authn/BasicAuthentication.java
...e/src/main/java/org/maxkey/authn/BasicAuthentication.java
+9
-7
maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java
...in/java/org/maxkey/authn/RealmAuthenticationProvider.java
+17
-1
maxkey-web-manage/src/main/java/org/maxkey/web/interceptor/PermissionAdapter.java
...in/java/org/maxkey/web/interceptor/PermissionAdapter.java
+9
-23
maxkey-web-maxkey/src/main/resources/templates/views/layout/top.ftl
...-maxkey/src/main/resources/templates/views/layout/top.ftl
+2
-1
未找到文件。
maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java
浏览文件 @
83887ca2
...
@@ -17,6 +17,8 @@
...
@@ -17,6 +17,8 @@
package
org.maxkey.authn
;
package
org.maxkey.authn
;
import
java.util.ArrayList
;
import
org.maxkey.authn.online.OnlineTicketServices
;
import
org.maxkey.authn.online.OnlineTicketServices
;
import
org.maxkey.authn.realm.AbstractAuthenticationRealm
;
import
org.maxkey.authn.realm.AbstractAuthenticationRealm
;
import
org.maxkey.authn.support.rememberme.AbstractRemeberMeService
;
import
org.maxkey.authn.support.rememberme.AbstractRemeberMeService
;
...
@@ -35,6 +37,8 @@ import org.springframework.security.authentication.BadCredentialsException;
...
@@ -35,6 +37,8 @@ import org.springframework.security.authentication.BadCredentialsException;
import
org.springframework.security.authentication.UsernamePasswordAuthenticationToken
;
import
org.springframework.security.authentication.UsernamePasswordAuthenticationToken
;
import
org.springframework.security.core.Authentication
;
import
org.springframework.security.core.Authentication
;
import
org.springframework.security.core.AuthenticationException
;
import
org.springframework.security.core.AuthenticationException
;
import
org.springframework.security.core.GrantedAuthority
;
import
org.springframework.security.core.authority.SimpleGrantedAuthority
;
/**
/**
* login Authentication abstract class.
* login Authentication abstract class.
...
@@ -65,6 +69,12 @@ public abstract class AbstractAuthenticationProvider {
...
@@ -65,6 +69,12 @@ public abstract class AbstractAuthenticationProvider {
@Autowired
@Autowired
@Qualifier
(
"onlineTicketServices"
)
@Qualifier
(
"onlineTicketServices"
)
protected
OnlineTicketServices
onlineTicketServices
;
protected
OnlineTicketServices
onlineTicketServices
;
static
ArrayList
<
GrantedAuthority
>
grantedAdministratorsAuthoritys
=
new
ArrayList
<
GrantedAuthority
>();
static
{
grantedAdministratorsAuthoritys
.
add
(
new
SimpleGrantedAuthority
(
"ROLE_ADMINISTRATORS"
));
}
protected
abstract
String
getProviderName
();
protected
abstract
String
getProviderName
();
...
...
maxkey-core/src/main/java/org/maxkey/authn/BasicAuthentication.java
浏览文件 @
83887ca2
...
@@ -23,7 +23,6 @@ import java.util.Collection;
...
@@ -23,7 +23,6 @@ import java.util.Collection;
import
org.maxkey.authn.online.OnlineTicket
;
import
org.maxkey.authn.online.OnlineTicket
;
import
org.springframework.security.core.Authentication
;
import
org.springframework.security.core.Authentication
;
import
org.springframework.security.core.GrantedAuthority
;
import
org.springframework.security.core.GrantedAuthority
;
import
org.springframework.security.core.authority.SimpleGrantedAuthority
;
public
class
BasicAuthentication
implements
Authentication
{
public
class
BasicAuthentication
implements
Authentication
{
...
@@ -39,14 +38,12 @@ public class BasicAuthentication implements Authentication {
...
@@ -39,14 +38,12 @@ public class BasicAuthentication implements Authentication {
OnlineTicket
onlineTicket
;
OnlineTicket
onlineTicket
;
ArrayList
<
GrantedAuthority
>
grantedAuthority
;
ArrayList
<
GrantedAuthority
>
grantedAuthority
;
boolean
authenticated
;
boolean
authenticated
;
boolean
roleAdministrators
;
/**
/**
* BasicAuthentication.
* BasicAuthentication.
*/
*/
public
BasicAuthentication
()
{
public
BasicAuthentication
()
{
grantedAuthority
=
new
ArrayList
<
GrantedAuthority
>();
grantedAuthority
.
add
(
new
SimpleGrantedAuthority
(
"ROLE_USER"
));
grantedAuthority
.
add
(
new
SimpleGrantedAuthority
(
"ORDINARY_USER"
));
}
}
/**
/**
...
@@ -56,9 +53,6 @@ public class BasicAuthentication implements Authentication {
...
@@ -56,9 +53,6 @@ public class BasicAuthentication implements Authentication {
this
.
username
=
username
;
this
.
username
=
username
;
this
.
password
=
password
;
this
.
password
=
password
;
this
.
authType
=
authType
;
this
.
authType
=
authType
;
grantedAuthority
=
new
ArrayList
<
GrantedAuthority
>();
grantedAuthority
.
add
(
new
SimpleGrantedAuthority
(
"ROLE_USER"
));
grantedAuthority
.
add
(
new
SimpleGrantedAuthority
(
"ORDINARY_USER"
));
}
}
@Override
@Override
public
String
getName
()
{
public
String
getName
()
{
...
@@ -177,6 +171,14 @@ public class BasicAuthentication implements Authentication {
...
@@ -177,6 +171,14 @@ public class BasicAuthentication implements Authentication {
this
.
onlineTicket
=
onlineTicket
;
this
.
onlineTicket
=
onlineTicket
;
}
}
public
boolean
isRoleAdministrators
()
{
return
roleAdministrators
;
}
public
void
setRoleAdministrators
(
boolean
roleAdministrators
)
{
this
.
roleAdministrators
=
roleAdministrators
;
}
@Override
@Override
public
String
toString
()
{
public
String
toString
()
{
StringBuilder
builder
=
new
StringBuilder
();
StringBuilder
builder
=
new
StringBuilder
();
...
...
maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java
浏览文件 @
83887ca2
...
@@ -17,6 +17,8 @@
...
@@ -17,6 +17,8 @@
package
org.maxkey.authn
;
package
org.maxkey.authn
;
import
java.util.ArrayList
;
import
org.maxkey.authn.online.OnlineTicket
;
import
org.maxkey.authn.online.OnlineTicket
;
import
org.maxkey.domain.UserInfo
;
import
org.maxkey.domain.UserInfo
;
import
org.maxkey.web.WebConstants
;
import
org.maxkey.web.WebConstants
;
...
@@ -26,6 +28,8 @@ import org.slf4j.LoggerFactory;
...
@@ -26,6 +28,8 @@ import org.slf4j.LoggerFactory;
import
org.springframework.security.authentication.BadCredentialsException
;
import
org.springframework.security.authentication.BadCredentialsException
;
import
org.springframework.security.authentication.UsernamePasswordAuthenticationToken
;
import
org.springframework.security.authentication.UsernamePasswordAuthenticationToken
;
import
org.springframework.security.core.Authentication
;
import
org.springframework.security.core.Authentication
;
import
org.springframework.security.core.GrantedAuthority
;
import
org.springframework.security.core.authority.SimpleGrantedAuthority
;
import
org.springframework.security.web.authentication.WebAuthenticationDetails
;
import
org.springframework.security.web.authentication.WebAuthenticationDetails
;
import
org.springframework.web.context.request.RequestContextHolder
;
import
org.springframework.web.context.request.RequestContextHolder
;
import
org.springframework.web.context.request.ServletRequestAttributes
;
import
org.springframework.web.context.request.ServletRequestAttributes
;
...
@@ -157,13 +161,25 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
...
@@ -157,13 +161,25 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
OnlineTicket
onlineTicket
=
new
OnlineTicket
(
onlineTickitId
,
authentication
);
OnlineTicket
onlineTicket
=
new
OnlineTicket
(
onlineTickitId
,
authentication
);
this
.
onlineTicketServices
.
store
(
onlineTickitId
,
onlineTicket
);
this
.
onlineTicketServices
.
store
(
onlineTickitId
,
onlineTicket
);
authentication
.
setOnlineTicket
(
onlineTicket
);
authentication
.
setOnlineTicket
(
onlineTicket
);
ArrayList
<
GrantedAuthority
>
grantedAuthoritys
=
authenticationRealm
.
grantAuthority
(
userInfo
);
//set default roles
grantedAuthoritys
.
add
(
new
SimpleGrantedAuthority
(
"ROLE_USER"
));
grantedAuthoritys
.
add
(
new
SimpleGrantedAuthority
(
"ROLE_ORDINARY_USER"
));
authentication
.
setAuthenticated
(
true
);
authentication
.
setAuthenticated
(
true
);
for
(
GrantedAuthority
grantedAuthority
:
grantedAuthoritys
)
{
if
(
grantedAdministratorsAuthoritys
.
contains
(
grantedAuthority
))
{
authentication
.
setRoleAdministrators
(
true
);
_logger
.
trace
(
"ROLE ADMINISTRATORS Authentication ."
);
}
}
UsernamePasswordAuthenticationToken
authenticationToken
=
UsernamePasswordAuthenticationToken
authenticationToken
=
new
UsernamePasswordAuthenticationToken
(
new
UsernamePasswordAuthenticationToken
(
authentication
,
authentication
,
"PASSWORD"
,
"PASSWORD"
,
authenticationRealm
.
grantAuthority
(
userInfo
)
grantedAuthoritys
);
);
authenticationToken
.
setDetails
(
authenticationToken
.
setDetails
(
...
...
maxkey-web-manage/src/main/java/org/maxkey/web/interceptor/PermissionAdapter.java
浏览文件 @
83887ca2
...
@@ -17,22 +17,19 @@
...
@@ -17,22 +17,19 @@
package
org.maxkey.web.interceptor
;
package
org.maxkey.web.interceptor
;
import
java.util.ArrayList
;
import
java.util.concurrent.ConcurrentHashMap
;
import
java.util.concurrent.ConcurrentHashMap
;
import
javax.servlet.RequestDispatcher
;
import
javax.servlet.RequestDispatcher
;
import
javax.servlet.http.HttpServletRequest
;
import
javax.servlet.http.HttpServletRequest
;
import
javax.servlet.http.HttpServletResponse
;
import
javax.servlet.http.HttpServletResponse
;
import
org.maxkey.authn.BasicAuthentication
;
import
org.maxkey.configuration.ApplicationConfig
;
import
org.maxkey.configuration.ApplicationConfig
;
import
org.maxkey.web.WebContext
;
import
org.maxkey.web.WebContext
;
import
org.slf4j.Logger
;
import
org.slf4j.Logger
;
import
org.slf4j.LoggerFactory
;
import
org.slf4j.LoggerFactory
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.beans.factory.annotation.Qualifier
;
import
org.springframework.beans.factory.annotation.Qualifier
;
import
org.springframework.context.annotation.Configuration
;
import
org.springframework.security.core.GrantedAuthority
;
import
org.springframework.security.core.authority.SimpleGrantedAuthority
;
import
org.springframework.stereotype.Component
;
import
org.springframework.stereotype.Component
;
import
org.springframework.web.servlet.handler.HandlerInterceptorAdapter
;
import
org.springframework.web.servlet.handler.HandlerInterceptorAdapter
;
/**
/**
...
@@ -52,11 +49,6 @@ public class PermissionAdapter extends HandlerInterceptorAdapter {
...
@@ -52,11 +49,6 @@ public class PermissionAdapter extends HandlerInterceptorAdapter {
static
ConcurrentHashMap
<
String
,
String
>
navigationsMap
=
null
;
static
ConcurrentHashMap
<
String
,
String
>
navigationsMap
=
null
;
static
ArrayList
<
GrantedAuthority
>
grantedAuthoritys
=
new
ArrayList
<
GrantedAuthority
>();
static
{
grantedAuthoritys
.
add
(
new
SimpleGrantedAuthority
(
"ADMINISTRATORS"
));
}
/*
/*
* 请求前处理
* 请求前处理
* (non-Javadoc)
* (non-Javadoc)
...
@@ -74,20 +66,14 @@ public class PermissionAdapter extends HandlerInterceptorAdapter {
...
@@ -74,20 +66,14 @@ public class PermissionAdapter extends HandlerInterceptorAdapter {
dispatcher
.
forward
(
request
,
response
);
dispatcher
.
forward
(
request
,
response
);
return
false
;
return
false
;
}
}
boolean
isGrantedAuthority
=
false
;
//非管理员用户直接注销
for
(
GrantedAuthority
grantedAuthority
:
grantedAuthoritys
)
{
if
(!((
BasicAuthentication
)
WebContext
.
getAuthentication
().
getPrincipal
()).
isRoleAdministrators
())
{
if
(
WebContext
.
getAuthentication
().
getAuthorities
().
contains
(
grantedAuthority
))
{
_logger
.
debug
(
"Not ADMINISTRATORS Authentication ."
);
isGrantedAuthority
=
true
;
RequestDispatcher
dispatcher
=
request
.
getRequestDispatcher
(
"/logout"
);
_logger
.
trace
(
"ADMINISTRATORS Authentication ."
);
dispatcher
.
forward
(
request
,
response
);
}
return
false
;
}
}
if
(!
isGrantedAuthority
)
{
RequestDispatcher
dispatcher
=
request
.
getRequestDispatcher
(
"/logout"
);
dispatcher
.
forward
(
request
,
response
);
return
false
;
}
boolean
hasAccess
=
true
;
boolean
hasAccess
=
true
;
...
...
maxkey-web-maxkey/src/main/resources/templates/views/layout/top.ftl
浏览文件 @
83887ca2
...
@@ -40,12 +40,13 @@
...
@@ -40,12 +40,13 @@
<div style="float:right;" > <@locale code="login.password.changepassword"/> </div>
<div style="float:right;" > <@locale code="login.password.changepassword"/> </div>
</a>
</a>
</td>
</td>
<#if Session["current_authentication"].principal.roleAdministrators==true >
<td id="manage" nowrap>
<td id="manage" nowrap>
<a target="_blank" href="<@base/>/authz/maxkey_mgt">
<a target="_blank" href="<@base/>/authz/maxkey_mgt">
<div style="float:right;" > <@locale code="global.text.manage"/> </div>
<div style="float:right;" > <@locale code="global.text.manage"/> </div>
</a>
</a>
</td>
</td>
</#if>
<td id="logout" class="ui-widget-header" >
<td id="logout" class="ui-widget-header" >
<a href="<@base/>/logout?reLoginUrl=login">
<a href="<@base/>/logout?reLoginUrl=login">
<div style="float:right;" > <@locale code="global.text.logout"/> </div>
<div style="float:right;" > <@locale code="global.text.logout"/> </div>
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录