diff --git a/maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java b/maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java index a909b21b0ded6065160f226850ecdfcbd63529a3..25a4d4e3f2ca4bec2e012fcd793166fbf8c0143f 100644 --- a/maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java +++ b/maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java @@ -149,6 +149,9 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider String onlineTickitId = WebConstants.ONLINE_TICKET_PREFIX + "-" + java.util.UUID.randomUUID().toString().toLowerCase(); _logger.debug("set online Tickit Cookie " + onlineTickitId + " on domain "+ this.applicationConfig.getBaseDomainName()); + OnlineTicket onlineTicket = new OnlineTicket(onlineTickitId); + + WebContext.setCookie(WebContext.getResponse(), this.applicationConfig.getBaseDomainName(), WebConstants.ONLINE_TICKET_NAME, @@ -157,7 +160,7 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider SigninPrincipal signinPrincipal = new SigninPrincipal(userInfo); //set OnlineTicket - signinPrincipal.setOnlineTicket(onlineTickitId); + signinPrincipal.setOnlineTicket(onlineTicket); ArrayList grantedAuthoritys = authenticationRealm.grantAuthority(userInfo); //set default roles grantedAuthoritys.add(new SimpleGrantedAuthority("ROLE_USER")); @@ -182,8 +185,10 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider authenticationToken.setDetails( new WebAuthenticationDetails(WebContext.getRequest())); - OnlineTicket onlineTicket = new OnlineTicket(onlineTickitId,authenticationToken); + onlineTicket.setAuthentication(authenticationToken); + this.onlineTicketServices.store(onlineTickitId, onlineTicket); + /* * put userInfo to current session context */ diff --git a/maxkey-core/src/main/java/org/maxkey/authn/SigninPrincipal.java b/maxkey-core/src/main/java/org/maxkey/authn/SigninPrincipal.java index 7666a0596ed8464b5c0afd89405ff380488561c7..ee6a8397024e9270603cf68cceb9eec20c80a671 100644 --- a/maxkey-core/src/main/java/org/maxkey/authn/SigninPrincipal.java +++ b/maxkey-core/src/main/java/org/maxkey/authn/SigninPrincipal.java @@ -20,6 +20,7 @@ package org.maxkey.authn; import java.util.ArrayList; import java.util.Collection; +import org.maxkey.authn.online.OnlineTicket; import org.maxkey.domain.UserInfo; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.userdetails.UserDetails; @@ -31,7 +32,7 @@ public class SigninPrincipal implements UserDetails { UserDetails userDetails; - String onlineTicket; + OnlineTicket onlineTicket; ArrayList grantedAuthority; boolean authenticated; boolean roleAdministrators; @@ -95,11 +96,11 @@ public class SigninPrincipal implements UserDetails { this.grantedAuthority = grantedAuthority; } - public String getOnlineTicket() { + public OnlineTicket getOnlineTicket() { return onlineTicket; } - public void setOnlineTicket(String onlineTicket) { + public void setOnlineTicket(OnlineTicket onlineTicket) { this.onlineTicket = onlineTicket; } diff --git a/maxkey-core/src/main/java/org/maxkey/authn/online/InMemoryOnlineTicketServices.java b/maxkey-core/src/main/java/org/maxkey/authn/online/InMemoryOnlineTicketServices.java index 1bba1a3f845b5f7ceb944b0101d01fdd4a4c281a..12f14670f9813437f09171b0ad865a654effffff 100644 --- a/maxkey-core/src/main/java/org/maxkey/authn/online/InMemoryOnlineTicketServices.java +++ b/maxkey-core/src/main/java/org/maxkey/authn/online/InMemoryOnlineTicketServices.java @@ -18,15 +18,19 @@ package org.maxkey.authn.online; import java.time.Duration; +import java.time.LocalTime; import org.ehcache.UserManagedCache; import org.ehcache.config.builders.ExpiryPolicyBuilder; import org.ehcache.config.builders.UserManagedCacheBuilder; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; public class InMemoryOnlineTicketServices implements OnlineTicketServices{ - - protected final static UserManagedCache onlineTicketStore = + private static final Logger _logger = LoggerFactory.getLogger(InMemoryOnlineTicketServices.class); + + protected static UserManagedCache onlineTicketStore = UserManagedCacheBuilder.newUserManagedCacheBuilder(String.class, OnlineTicket.class) .withExpiry(ExpiryPolicyBuilder.timeToLiveExpiration(Duration.ofMinutes(30))) .build(true); @@ -56,8 +60,37 @@ public class InMemoryOnlineTicketServices implements OnlineTicketServices{ @Override public void setValiditySeconds(int validitySeconds) { - // TODO Auto-generated method stub + onlineTicketStore = + UserManagedCacheBuilder. + newUserManagedCacheBuilder(String.class, OnlineTicket.class) + .withExpiry( + ExpiryPolicyBuilder.timeToLiveExpiration( + Duration.ofMinutes(validitySeconds/60)) + ) + .build(true); + + } + + @Override + public void refresh(String ticketId,LocalTime refreshTime) { + OnlineTicket onlineTicket = get(ticketId); + onlineTicket.setTicketTime(refreshTime); + store(ticketId , onlineTicket); + } + + @Override + public void refresh(String ticketId) { + OnlineTicket onlineTicket = get(ticketId); + + LocalTime currentTime = LocalTime.now(); + Duration duration = Duration.between(currentTime, onlineTicket.getTicketTime()); + + _logger.trace("OnlineTicket duration " + duration.getSeconds()); + if(duration.getSeconds() > OnlineTicket.MAX_EXPIRY_DURATION) { + onlineTicket.setTicketTime(currentTime); + refresh(ticketId,currentTime); + } } } diff --git a/maxkey-core/src/main/java/org/maxkey/authn/online/OnlineTicket.java b/maxkey-core/src/main/java/org/maxkey/authn/online/OnlineTicket.java index 1ae569559ae044f3c515a995de7118fd29e46da1..b7f3ec2256992a7fe0df37657195fdf5245697cf 100644 --- a/maxkey-core/src/main/java/org/maxkey/authn/online/OnlineTicket.java +++ b/maxkey-core/src/main/java/org/maxkey/authn/online/OnlineTicket.java @@ -1,6 +1,7 @@ package org.maxkey.authn.online; import java.io.Serializable; +import java.time.LocalTime; import java.util.HashMap; import org.maxkey.domain.apps.Apps; @@ -11,10 +12,15 @@ public class OnlineTicket implements Serializable{ /** * */ - private static final long serialVersionUID = 9008067569150338296L; + + public static final int MAX_EXPIRY_DURATION = 60 * 10; //default 10 minutes. + + private static final long serialVersionUID = 9008067569150338296L; public String ticketId; + public LocalTime ticketTime; + public Authentication authentication; private HashMap authorizedApps = new HashMap(); @@ -23,12 +29,14 @@ public class OnlineTicket implements Serializable{ public OnlineTicket(String ticketId) { super(); this.ticketId = ticketId; + this.ticketTime = LocalTime.now(); } public OnlineTicket(String ticketId,Authentication authentication) { super(); this.ticketId = ticketId; this.authentication = authentication; + this.ticketTime = LocalTime.now(); } @@ -44,6 +52,14 @@ public class OnlineTicket implements Serializable{ } + public LocalTime getTicketTime() { + return ticketTime; + } + + public void setTicketTime(LocalTime ticketTime) { + this.ticketTime = ticketTime; + } + public Authentication getAuthentication() { return authentication; } diff --git a/maxkey-core/src/main/java/org/maxkey/authn/online/OnlineTicketServices.java b/maxkey-core/src/main/java/org/maxkey/authn/online/OnlineTicketServices.java index 28a8b3dd4e89308b63bcf782ef6403fcb8e16fa6..6f4aa6c9648bf4e2ad94a1961d39bed8329d5be1 100644 --- a/maxkey-core/src/main/java/org/maxkey/authn/online/OnlineTicketServices.java +++ b/maxkey-core/src/main/java/org/maxkey/authn/online/OnlineTicketServices.java @@ -17,6 +17,7 @@ package org.maxkey.authn.online; +import java.time.LocalTime; public interface OnlineTicketServices { @@ -25,6 +26,10 @@ public interface OnlineTicketServices { public OnlineTicket remove(String ticket); public OnlineTicket get(String ticketId); + + public void refresh(String ticketId ,LocalTime refreshTime); + + public void refresh(String ticketId); public void setValiditySeconds(int validitySeconds); } diff --git a/maxkey-core/src/main/java/org/maxkey/authn/online/RedisOnlineTicketServices.java b/maxkey-core/src/main/java/org/maxkey/authn/online/RedisOnlineTicketServices.java index 3035e86dd962a2176bba0b94a6c4202e04cd6482..b849302a3051250ef58877bc5922dfa627b919a5 100644 --- a/maxkey-core/src/main/java/org/maxkey/authn/online/RedisOnlineTicketServices.java +++ b/maxkey-core/src/main/java/org/maxkey/authn/online/RedisOnlineTicketServices.java @@ -17,12 +17,17 @@ package org.maxkey.authn.online; +import java.time.Duration; +import java.time.LocalTime; + import org.maxkey.persistence.redis.RedisConnection; import org.maxkey.persistence.redis.RedisConnectionFactory; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; public class RedisOnlineTicketServices implements OnlineTicketServices { - + private static final Logger _logger = LoggerFactory.getLogger(RedisOnlineTicketServices.class); protected int serviceTicketValiditySeconds = 60 * 30; //default 30 minutes. @@ -78,5 +83,27 @@ public class RedisOnlineTicketServices implements OnlineTicketServices { } + @Override + public void refresh(String ticketId,LocalTime refreshTime) { + OnlineTicket onlineTicket = get(ticketId); + onlineTicket.setTicketTime(refreshTime); + store(ticketId , onlineTicket); + } + + @Override + public void refresh(String ticketId) { + OnlineTicket onlineTicket = get(ticketId); + + LocalTime currentTime = LocalTime.now(); + Duration duration = Duration.between(currentTime, onlineTicket.getTicketTime()); + + _logger.trace("OnlineTicket duration " + duration.getSeconds()); + + if(duration.getSeconds() > OnlineTicket.MAX_EXPIRY_DURATION) { + onlineTicket.setTicketTime(currentTime); + refresh(ticketId,currentTime); + } + } + } diff --git a/maxkey-web-maxkey/src/main/java/org/maxkey/web/endpoint/OnlineTicketEndpoint.java b/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/OnlineTicketEndpoint.java similarity index 96% rename from maxkey-web-maxkey/src/main/java/org/maxkey/web/endpoint/OnlineTicketEndpoint.java rename to maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/OnlineTicketEndpoint.java index 189f7e72dd9bd8098374a776ffa7125ee485ef37..d2ec4d2d19c74f0fae883033d5afd2f925f81c15 100644 --- a/maxkey-web-maxkey/src/main/java/org/maxkey/web/endpoint/OnlineTicketEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/OnlineTicketEndpoint.java @@ -1,4 +1,4 @@ -package org.maxkey.web.endpoint; +package org.maxkey.authz.endpoint; import org.maxkey.authn.online.OnlineTicket; import org.maxkey.authn.online.OnlineTicketServices; diff --git a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java index ce47b2900dea0e5456fc6232e7756d5bdc5d523b..34e3c444ba86cd7b8db7386bc0cf13032f3a065c 100644 --- a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java @@ -135,7 +135,7 @@ public class CasAuthorizeEndpoint extends CasBaseAuthorizeEndpoint{ } if(casDetails.getLogoutType()==LogoutType.BACK_CHANNEL) { - String onlineTicketId = ((SigninPrincipal)WebContext.getAuthentication().getPrincipal()).getOnlineTicket(); + String onlineTicketId = ((SigninPrincipal)WebContext.getAuthentication().getPrincipal()).getOnlineTicket().getTicketId(); OnlineTicket onlineTicket = onlineTicketServices.get(onlineTicketId); //set cas ticket as OnlineTicketId casDetails.setOnlineTicket(ticket); diff --git a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/adapter/CasDefaultAdapter.java b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/adapter/CasDefaultAdapter.java index c5d1c523430f650964551a8d2f1815023ae3d901..6b10e7ff3ae59ded306dddfa51174524bcc81ea0 100644 --- a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/adapter/CasDefaultAdapter.java +++ b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/adapter/CasDefaultAdapter.java @@ -67,7 +67,7 @@ public class CasDefaultAdapter extends AbstractAuthorizeAdapter { serviceResponseBuilder.setAttribute("departmentId", userInfo.getDepartmentId()); serviceResponseBuilder.setAttribute("workRegion",base64Attr(userInfo.getWorkRegion())); - serviceResponseBuilder.setAttribute(WebConstants.ONLINE_TICKET_NAME,authentication.getOnlineTicket()); + serviceResponseBuilder.setAttribute(WebConstants.ONLINE_TICKET_NAME,authentication.getOnlineTicket().getTicketId()); return null; } diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/OAuthDefaultUserInfoAdapter.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/OAuthDefaultUserInfoAdapter.java index 9a7b2a1fdd7a2f6c738425156ba32ff5ccdaa86e..64690b17af96590c703937e4a1c0d02a44c775cf 100644 --- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/OAuthDefaultUserInfoAdapter.java +++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/OAuthDefaultUserInfoAdapter.java @@ -45,7 +45,7 @@ public class OAuthDefaultUserInfoAdapter extends AbstractAuthorizeAdapter { beanMap.put("title", userInfo.getJobTitle()); beanMap.put("state", userInfo.getWorkRegion()); beanMap.put("gender", userInfo.getGender()); - beanMap.put(WebConstants.ONLINE_TICKET_NAME, authentication.getOnlineTicket()); + beanMap.put(WebConstants.ONLINE_TICKET_NAME, authentication.getOnlineTicket().getTicketId()); String info= JsonUtils.object2Json(beanMap); diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/UserInfoEndpoint.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/UserInfoEndpoint.java index f3daf7003ecd6bd9edb86f58be1da9889bbcb95e..75c08452db51c132e091c6608968676036b7f010 100644 --- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/UserInfoEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/UserInfoEndpoint.java @@ -176,7 +176,7 @@ public class UserInfoEndpoint { SigninPrincipal authentication = (SigninPrincipal)oAuth2Authentication.getUserAuthentication().getPrincipal(); jwtClaimsSetBuilder.claim("sub", userInfo.getId()); - jwtClaimsSetBuilder.claim(WebConstants.ONLINE_TICKET_NAME, authentication.getOnlineTicket()); + jwtClaimsSetBuilder.claim(WebConstants.ONLINE_TICKET_NAME, authentication.getOnlineTicket().getTicketId()); if(scopes.contains("profile")){ jwtClaimsSetBuilder.claim("name", userInfo.getUsername()); diff --git a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/AssertionEndpoint.java b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/AssertionEndpoint.java index 31ba1e0515c3cc151363380ab60b9ef2eda07589..d5fbf98c975365c9892111d30b138eb5605db040 100644 --- a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/AssertionEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/AssertionEndpoint.java @@ -73,7 +73,7 @@ public class AssertionEndpoint { logger.debug("AuthnRequestInfo: {}", authnRequestInfo); HashMap attributeMap=new HashMap(); - attributeMap.put(WebConstants.ONLINE_TICKET_NAME, ((SigninPrincipal)WebContext.getAuthentication().getPrincipal()).getOnlineTicket()); + attributeMap.put(WebConstants.ONLINE_TICKET_NAME, ((SigninPrincipal)WebContext.getAuthentication().getPrincipal()).getOnlineTicket().getTicketId()); //saml20Details Response authResponse = authnResponseGenerator.generateAuthnResponse( diff --git a/maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedDefaultAdapter.java b/maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedDefaultAdapter.java index 9b35a2b51dc41bda6e1392d3426c2e69bac1c53f..ffb0f36cc48e21b020f4be356286519ba43a9e1b 100644 --- a/maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedDefaultAdapter.java +++ b/maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedDefaultAdapter.java @@ -72,7 +72,7 @@ public class TokenBasedDefaultAdapter extends AbstractAuthorizeAdapter { } beanMap.put("displayName", userInfo.getDisplayName()); - beanMap.put(WebConstants.ONLINE_TICKET_NAME, authentication.getOnlineTicket()); + beanMap.put(WebConstants.ONLINE_TICKET_NAME, authentication.getOnlineTicket().getTicketId()); /* * use UTC date time format diff --git a/maxkey-web-maxkey/src/main/java/org/maxkey/web/endpoint/LogoutEndpoint.java b/maxkey-web-maxkey/src/main/java/org/maxkey/web/endpoint/LogoutEndpoint.java index 0090cea45c69970dc809986ca5d9cff857b6a25f..1491b838c07383b4714036a6f04d8cd15e1fde95 100644 --- a/maxkey-web-maxkey/src/main/java/org/maxkey/web/endpoint/LogoutEndpoint.java +++ b/maxkey-web-maxkey/src/main/java/org/maxkey/web/endpoint/LogoutEndpoint.java @@ -20,6 +20,8 @@ package org.maxkey.web.endpoint; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.maxkey.authn.SigninPrincipal; +import org.maxkey.authn.online.OnlineTicketServices; import org.maxkey.authn.realm.AbstractAuthenticationRealm; import org.maxkey.configuration.ApplicationConfig; import org.maxkey.web.WebConstants; @@ -49,6 +51,10 @@ public class LogoutEndpoint { @Autowired ApplicationConfig applicationConfig; + @Autowired + @Qualifier("onlineTicketServices") + protected OnlineTicketServices onlineTicketServices; + @RequestMapping(value={"/logout"}) public ModelAndView logout( HttpServletRequest request, @@ -89,8 +95,10 @@ public class LogoutEndpoint { _logger.debug("re Login URL : "+ reLoginUrl); modelAndView.addObject("reloginUrl",reLoginUrl); + onlineTicketServices.remove(((SigninPrincipal)WebContext.getAuthentication().getPrincipal()).getOnlineTicket().getTicketId()); request.getSession().invalidate(); SecurityContextHolder.clearContext(); + modelAndView.setViewName(viewName); return modelAndView; } diff --git a/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/PermissionAdapter.java b/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/PermissionAdapter.java index 44af6fd7452a38557beafbfa6ca60c040fbd4d1c..56d5fd0075d058cd9c5419a844748f00d7695549 100644 --- a/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/PermissionAdapter.java +++ b/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/PermissionAdapter.java @@ -23,6 +23,9 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.maxkey.authn.SavedRequestAwareAuthenticationSuccessHandler; +import org.maxkey.authn.SigninPrincipal; +import org.maxkey.authn.online.OnlineTicket; +import org.maxkey.authn.online.OnlineTicketServices; import org.maxkey.configuration.ApplicationConfig; import org.maxkey.constants.ConstantsPasswordSetType; import org.maxkey.web.WebConstants; @@ -31,6 +34,7 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; +import org.springframework.security.core.Authentication; import org.springframework.security.web.savedrequest.HttpSessionRequestCache; import org.springframework.security.web.savedrequest.RequestCache; import org.springframework.security.web.savedrequest.SavedRequest; @@ -57,6 +61,10 @@ public class PermissionAdapter extends HandlerInterceptorAdapter { SavedRequestAwareAuthenticationSuccessHandler savedRequestSuccessHandler; static ConcurrentHashMap navigationsMap = null; + + @Autowired + @Qualifier("onlineTicketServices") + protected OnlineTicketServices onlineTicketServices; /* * 请求前处理 (non-Javadoc) @@ -96,11 +104,12 @@ public class PermissionAdapter extends HandlerInterceptorAdapter { } } + Authentication authentication = WebContext.getAuthentication(); //save first protected url SavedRequest firstSavedRequest = (SavedRequest)WebContext.getAttribute(WebConstants.FIRST_SAVED_REQUEST_PARAMETER); // 判断用户是否登录, 判断用户和角色,判断用户是否登录用户 - if (WebContext.getAuthentication() == null - || WebContext.getAuthentication().getAuthorities() == null) { + if (authentication == null + || authentication.getAuthorities() == null) { //保存未认证的请求信息 if(firstSavedRequest==null){ RequestCache requestCache = new HttpSessionRequestCache(); @@ -119,14 +128,20 @@ public class PermissionAdapter extends HandlerInterceptorAdapter { return false; } + //认证完成,跳转到未认证请求 if(firstSavedRequest!=null) { - savedRequestSuccessHandler.onAuthenticationSuccess(request, response, WebContext.getAuthentication()); + savedRequestSuccessHandler.onAuthenticationSuccess(request, response, authentication); WebContext.removeAttribute(WebConstants.FIRST_SAVED_REQUEST_PARAMETER); } boolean hasAccess = true; - + + if(authentication.getPrincipal() instanceof SigninPrincipal) { + SigninPrincipal signinPrincipal = (SigninPrincipal)authentication.getPrincipal(); + OnlineTicket onlineTicket = signinPrincipal.getOnlineTicket(); + onlineTicketServices.refresh(onlineTicket.getTicketId()); + } /* * boolean preHandler = super.preHandle(request, response, handler); *