trustAuthentication

d14a0962 · MaxKey单点登录官方 · b3083adf · d14a0962 · d14a0962 · d14a0962
12 changed file
--- a/maxkey-authentications/src/main/java/org/maxkey/authn/support/basic/BasicEntryPoint.java
+++ b/maxkey-authentications/src/main/java/org/maxkey/authn/support/basic/BasicEntryPoint.java
@@ -20,11 +20,13 @@ package org.maxkey.authn.support.basic;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import org.maxkey.authn.RealmAuthenticationProvider;
 import org.maxkey.constants.ConstantsLoginType;
 import org.maxkey.util.AuthorizationHeaderUtils;
-import org.maxkey.web.WebContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
@@ -35,6 +37,10 @@ public class BasicEntryPoint extends HandlerInterceptorAdapter {
 	boolean enable;
+	@Autowired
+    @Qualifier("authenticationProvider")
+    RealmAuthenticationProvider authenticationProvider ;
 	public BasicEntryPoint() {
    }
@@ -126,9 +132,8 @@ public class BasicEntryPoint extends HandlerInterceptorAdapter {
 		 }
 		 if(!isAuthenticated){
-			if(WebContext.setAuthentication(username,ConstantsLoginType.BASIC,"","","success")){
+			authenticationProvider.trustAuthentication(username,ConstantsLoginType.BASIC,"","","success");
 				_logger.info("Authentication  "+username+" successful .");
-			}
 		 }
 		 return true;

--- a/maxkey-authentications/src/main/java/org/maxkey/authn/support/httpheader/HttpHeaderEntryPoint.java
+++ b/maxkey-authentications/src/main/java/org/maxkey/authn/support/httpheader/HttpHeaderEntryPoint.java
@@ -20,10 +20,12 @@ package org.maxkey.authn.support.httpheader;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import org.maxkey.authn.RealmAuthenticationProvider;
 import org.maxkey.constants.ConstantsLoginType;
-import org.maxkey.web.WebContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
@@ -35,6 +37,9 @@ public class HttpHeaderEntryPoint extends HandlerInterceptorAdapter {
 	String headerName;
    boolean enable;
+    @Autowired
+    @Qualifier("authenticationProvider")
+    RealmAuthenticationProvider authenticationProvider ;
 	String []skipRequestURI={
 			"/oauth/v20/token",
@@ -102,9 +107,8 @@ public class HttpHeaderEntryPoint extends HandlerInterceptorAdapter {
 		 }
 		 if(!isAuthenticated){
-			if(WebContext.setAuthentication(httpHeaderUsername,ConstantsLoginType.HTTPHEADER,"","","success")){
+			authenticationProvider.trustAuthentication(httpHeaderUsername,ConstantsLoginType.HTTPHEADER,"","","success");
-				_logger.info("Authentication  "+httpHeaderUsername+" successful .");
+			_logger.info("Authentication  "+httpHeaderUsername+" successful .");
-			}
 		 }
 		 return true;

--- a/maxkey-authentications/src/main/java/org/maxkey/authn/support/kerberos/RemoteKerberosService.java
+++ b/maxkey-authentications/src/main/java/org/maxkey/authn/support/kerberos/RemoteKerberosService.java
@@ -23,11 +23,11 @@ import java.util.List;
 import java.util.Map;
 import org.joda.time.DateTime;
+import org.maxkey.authn.RealmAuthenticationProvider;
 import org.maxkey.constants.ConstantsLoginType;
 import org.maxkey.crypto.ReciprocalUtils;
 import org.maxkey.util.DateUtils;
 import org.maxkey.util.JsonUtils;
-import org.maxkey.web.WebContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -35,6 +35,8 @@ public class RemoteKerberosService  implements KerberosService{
 	private static Logger _logger = LoggerFactory.getLogger(RemoteKerberosService.class);
 	List<KerberosProxy> kerberosProxys;
+	RealmAuthenticationProvider authenticationProvider ;
 	public boolean login(String kerberosTokenString,String kerberosUserDomain){
 		_logger.debug("encoder Kerberos Token "+kerberosTokenString);
 		_logger.debug("kerberos UserDomain "+kerberosUserDomain);
@@ -54,7 +56,8 @@ public class RemoteKerberosService  implements KerberosService{
 		DateTime notOnOrAfter=DateUtils.toUtcDate(kerberosToken.getNotOnOrAfter());
 		_logger.debug("Kerberos Token is After Now  "+notOnOrAfter.isAfterNow());
 		if(notOnOrAfter.isAfterNow()){
-	    	return WebContext.setAuthentication(kerberosToken.getPrincipal(),ConstantsLoginType.KERBEROS,kerberosUserDomain,"","success");
+	    	authenticationProvider.trustAuthentication(kerberosToken.getPrincipal(),ConstantsLoginType.KERBEROS,kerberosUserDomain,"","success");
+	    	return true;
 		}else{
 			return false;

--- a/maxkey-authentications/src/main/java/org/maxkey/authn/support/socialsignon/AbstractSocialSignOnEndpoint.java
+++ b/maxkey-authentications/src/main/java/org/maxkey/authn/support/socialsignon/AbstractSocialSignOnEndpoint.java
@@ -20,6 +20,7 @@
 */
 package org.maxkey.authn.support.socialsignon;
+import org.maxkey.authn.RealmAuthenticationProvider;
 import org.maxkey.authn.support.socialsignon.service.SocialSignOnProvider;
 import org.maxkey.authn.support.socialsignon.service.SocialSignOnProviderService;
 import org.maxkey.authn.support.socialsignon.service.SocialsAssociateService;
@@ -27,6 +28,7 @@ import org.maxkey.web.WebContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
 import me.zhyd.oauth.model.AuthCallback;
 import me.zhyd.oauth.model.AuthResponse;
@@ -72,7 +74,9 @@ public class AbstractSocialSignOnEndpoint {
 	@Autowired
 	protected SocialsAssociateService socialsAssociateService;
+	@Autowired
+    @Qualifier("authenticationProvider")
+    RealmAuthenticationProvider authenticationProvider ;
  	protected AuthRequest buildAuthRequest(String provider){

--- a/maxkey-authentications/src/main/java/org/maxkey/authn/support/socialsignon/SocialSignOnEndpoint.java
+++ b/maxkey-authentications/src/main/java/org/maxkey/authn/support/socialsignon/SocialSignOnEndpoint.java
@@ -22,14 +22,11 @@ package org.maxkey.authn.support.socialsignon;
 import javax.servlet.http.HttpServletRequest;
-import org.maxkey.authn.realm.AbstractAuthenticationRealm;
 import org.maxkey.authn.support.socialsignon.service.SocialsAssociate;
 import org.maxkey.constants.ConstantsLoginType;
 import org.maxkey.web.WebContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.web.WebAttributes;
 import org.springframework.stereotype.Controller;
@@ -49,11 +46,6 @@ import me.zhyd.oauth.utils.AuthStateUtils;
 public class SocialSignOnEndpoint  extends AbstractSocialSignOnEndpoint{
 	final static Logger _logger = LoggerFactory.getLogger(SocialSignOnEndpoint.class);
-    @Autowired
-	@Qualifier("authenticationRealm")
-	protected AbstractAuthenticationRealm authenticationRealm;
    public  ModelAndView socialSignOnAuthorize(String provider){
    	_logger.debug("SocialSignOn provider : "+provider);
    	String authorizationUrl=buildAuthRequest(provider).authorize(AuthStateUtils.createState());
@@ -155,13 +147,13 @@ public class SocialSignOnEndpoint  extends AbstractSocialSignOnEndpoint{
 			_logger.debug("Social Sign On from "+socialSignOnUserToken.getProvider()+" mapping to user "+socialSignOnUserToken.getUsername());
-			if(WebContext.setAuthentication(socialSignOnUserToken.getUsername(), ConstantsLoginType.SOCIALSIGNON,this.socialSignOnProvider.getProviderName(),"xe00000004","success")){
+			authenticationProvider.trustAuthentication(socialSignOnUserToken.getUsername(), ConstantsLoginType.SOCIALSIGNON,this.socialSignOnProvider.getProviderName(),"xe00000004","success");
-				//socialSignOnUserToken.setAccessToken(JsonUtils.object2Json(this.accessToken));
+			//socialSignOnUserToken.setAccessToken(JsonUtils.object2Json(this.accessToken));
-				socialSignOnUserToken.setSocialUserInfo(accountJsonString);
+			socialSignOnUserToken.setSocialUserInfo(accountJsonString);
-				//socialSignOnUserToken.setExAttribute(JsonUtils.object2Json(accessToken.getResponseObject()));
+			//socialSignOnUserToken.setExAttribute(JsonUtils.object2Json(accessToken.getResponseObject()));
-				this.socialsAssociateService.update(socialSignOnUserToken);
+			this.socialsAssociateService.update(socialSignOnUserToken);
-			}
 		}else{
 			WebContext.getRequest().getSession().setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, new BadCredentialsException(WebContext.getI18nValue("login.error.social")));

--- a/maxkey-authentications/src/main/java/org/maxkey/authn/support/wsfederation/WsFederationServiceImpl.java
+++ b/maxkey-authentications/src/main/java/org/maxkey/authn/support/wsfederation/WsFederationServiceImpl.java
@@ -19,12 +19,14 @@ package org.maxkey.authn.support.wsfederation;
 import javax.servlet.http.HttpServletRequest;
+import org.maxkey.authn.RealmAuthenticationProvider;
 import org.maxkey.constants.ConstantsLoginType;
 import org.maxkey.util.StringUtils;
-import org.maxkey.web.WebContext;
 import org.opensaml.saml1.core.impl.AssertionImpl;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
 public class WsFederationServiceImpl implements   WsFederationService{
@@ -32,6 +34,10 @@ public class WsFederationServiceImpl implements   WsFederationService{
 	private WsFederationConfiguration wsFederationConfiguration;
+	@Autowired
+    @Qualifier("authenticationProvider")
+    RealmAuthenticationProvider authenticationProvider ;
 	public boolean login(String wsFederationWA,String wsFederationWResult,HttpServletRequest request){
 		// it's an authentication
        if (StringUtils.isNotEmpty(wsFederationWA) && wsFederationWA.equalsIgnoreCase(WsFederationConstants.WSIGNIN)) {
@@ -57,11 +63,11 @@ public class WsFederationServiceImpl implements   WsFederationService{
                    			wsFederationConfiguration.getUpnSuffix());
                    }
-                    return WebContext.setAuthentication(
+                    authenticationProvider.trustAuthentication(
                    		wsFederationCredential.getAttributes().get("").toString(),
                    		ConstantsLoginType.WSFEDERATION,
                    		"","","success");
+                    return true;
                } else {
                    _logger.warn("SAML assertions are blank or no longer valid.");
                    return false;

--- a/maxkey-core/src/main/java/org/maxkey/authn/support/jwt/JwtLoginService.java
+++ b/maxkey-core/src/main/java/org/maxkey/authn/support/jwt/JwtLoginService.java
@@ -30,6 +30,7 @@ import java.util.Date;
 import java.util.UUID;
 import javax.servlet.http.HttpServletResponse;
 import org.joda.time.DateTime;
+import org.maxkey.authn.RealmAuthenticationProvider;
 import org.maxkey.configuration.ApplicationConfig;
 import org.maxkey.configuration.oidc.OIDCProviderMetadataDetails;
 import org.maxkey.constants.ConstantsLoginType;
@@ -47,6 +48,8 @@ public class JwtLoginService {
    OIDCProviderMetadataDetails jwtProviderMetadata;
    DefaultJwtSigningAndValidationService jwtSignerValidationService;
+    RealmAuthenticationProvider authenticationProvider ;
    public boolean login(String jwt, HttpServletResponse response) {
        _logger.debug("jwt : " + jwt);
@@ -93,9 +96,8 @@ public class JwtLoginService {
            DateTime now = new DateTime();
            if (loginResult && now.isBefore(jwtClaimsSet.getExpirationTime().getTime())) {
-                if (WebContext.setAuthentication(username, ConstantsLoginType.JWT, "", "", "success")) {
+                authenticationProvider.trustAuthentication(username, ConstantsLoginType.JWT, "", "", "success");
-                    return true;
+                return true;
-                }
            }
        } catch (java.text.ParseException e) {
            // Invalid signed JWT encoding
@@ -198,4 +200,8 @@ public class JwtLoginService {
        this.jwtSignerValidationService = jwtSignerValidationService;
    }
+    public void setAuthenticationProvider(RealmAuthenticationProvider authenticationProvider) {
+        this.authenticationProvider = authenticationProvider;
+    }
 }
--- a/maxkey-core/src/main/java/org/maxkey/authn/support/rememberme/AbstractRemeberMeService.java
+++ b/maxkey-core/src/main/java/org/maxkey/authn/support/rememberme/AbstractRemeberMeService.java
@@ -23,6 +23,7 @@ import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import org.joda.time.DateTime;
+import org.maxkey.authn.RealmAuthenticationProvider;
 import org.maxkey.configuration.ApplicationConfig;
 import org.maxkey.constants.ConstantsLoginType;
 import org.maxkey.constants.ConstantsTimeInterval;
@@ -46,6 +47,10 @@ public abstract class AbstractRemeberMeService {
    @Autowired
    @Qualifier("applicationConfig")
    protected ApplicationConfig applicationConfig;
+    @Autowired
+    @Qualifier("authenticationProvider")
+    RealmAuthenticationProvider authenticationProvider ;
    // follow function is for persist
    public abstract void save(RemeberMe remeberMe);
@@ -112,15 +117,14 @@ public abstract class AbstractRemeberMeService {
        DateTime expiryDate = loginDate.plusSeconds(getRemeberMeValidity());
        DateTime now = new DateTime();
        if (now.isBefore(expiryDate)) {
-            if (WebContext.setAuthentication(
+            authenticationProvider.trustAuthentication(
                    storeRemeberMe.getUsername(), 
                    ConstantsLoginType.REMEBER_ME, 
                    "", 
                    "", 
-                    "success")
+                    "success");
-            ) {
+            return updateRemeberMe(remeberMeCookie, response);
-                return updateRemeberMe(remeberMeCookie, response);
-            }
        }
        return false;
    }

--- a/maxkey-core/src/main/java/org/maxkey/autoconfigure/JwtAuthnAutoConfiguration.java
+++ b/maxkey-core/src/main/java/org/maxkey/autoconfigure/JwtAuthnAutoConfiguration.java
@@ -22,6 +22,8 @@ import com.nimbusds.jose.JWEAlgorithm;
 import java.net.URI;
 import java.security.NoSuchAlgorithmException;
 import java.security.spec.InvalidKeySpecException;
+import org.maxkey.authn.RealmAuthenticationProvider;
 import org.maxkey.authn.support.jwt.JwtLoginService;
 import org.maxkey.configuration.oidc.OIDCProviderMetadataDetails;
 import org.maxkey.constants.ConstantsProperties;
@@ -124,11 +126,13 @@ public class JwtAuthnAutoConfiguration implements InitializingBean {
    @Bean(name = "jwtLoginService")
    public JwtLoginService jwtLoginService(
            DefaultJwtSigningAndValidationService jwtSignerValidationService,
-            OIDCProviderMetadataDetails oidcProviderMetadata) {
+            OIDCProviderMetadataDetails oidcProviderMetadata,
-        JwtLoginService jwkSetKeyStore = new JwtLoginService();
+            RealmAuthenticationProvider authenticationProvider) {
-        jwkSetKeyStore.setJwtSignerValidationService(jwtSignerValidationService);
+        JwtLoginService jwtLoginService = new JwtLoginService();
-        jwkSetKeyStore.setJwtProviderMetadata(oidcProviderMetadata);
+        jwtLoginService.setJwtSignerValidationService(jwtSignerValidationService);
-        return jwkSetKeyStore;
+        jwtLoginService.setJwtProviderMetadata(oidcProviderMetadata);
+        jwtLoginService.setAuthenticationProvider(authenticationProvider);
+        return jwtLoginService;
    }

--- a/maxkey-core/src/main/java/org/maxkey/web/WebContext.java
+++ b/maxkey-core/src/main/java/org/maxkey/web/WebContext.java
@@ -28,7 +28,6 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 import org.apache.commons.logging.LogFactory;
-import org.maxkey.authn.RealmAuthenticationProvider;
 import org.maxkey.configuration.ApplicationConfig;
 import org.maxkey.domain.UserInfo;
 import org.maxkey.util.DateUtils;
@@ -113,7 +112,7 @@ public final class WebContext {
     * @param code String
     * @param message String
     * @return boolean
-     */
    public static boolean setAuthentication(String username, 
                                            String type, 
                                            String provider, 
@@ -125,7 +124,7 @@ public final class WebContext {
        authenticationProvider.trustAuthentication(username, type, provider, code, message);
        return isAuthenticated();
-    }
+    }*/
    public static void setAuthentication(Authentication authentication) {
        setAttribute(WebConstants.AUTHENTICATION, authentication);

--- a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/consumer/endpoint/ConsumerEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/consumer/endpoint/ConsumerEndpoint.java
@@ -30,6 +30,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.lang.Validate;
+import org.maxkey.authn.RealmAuthenticationProvider;
 import org.maxkey.authz.saml.common.EndpointGenerator;
 import org.maxkey.authz.saml.common.TrustResolver;
 import org.maxkey.authz.saml.service.IDService;
@@ -44,7 +45,6 @@ import org.maxkey.constants.ConstantsLoginType;
 import org.maxkey.crypto.keystore.KeyStoreLoader;
 import org.maxkey.domain.apps.AppsSAML20Details;
 import org.maxkey.persistence.service.AppsSaml20DetailsService;
-import org.maxkey.web.WebContext;
 import org.opensaml.common.binding.SAMLMessageContext;
 import org.opensaml.common.binding.security.IssueInstantRule;
 import org.opensaml.common.binding.security.MessageReplayRule;
@@ -88,6 +88,10 @@ public class ConsumerEndpoint {
 	@Autowired
 	@Qualifier("idService")
 	private IDService idService;
+	@Autowired
+    @Qualifier("authenticationProvider")
+    RealmAuthenticationProvider authenticationProvider ;
 	private String singleSignOnServiceURL;
 	private String assertionConsumerServiceURL;
@@ -178,7 +182,7 @@ public class ConsumerEndpoint {
 		logger.debug("assertion.getID() ", assertion.getAuthnStatements());
-		WebContext.setAuthentication(username, ConstantsLoginType.SAMLTRUST,"","","success");
+		authenticationProvider.trustAuthentication(username, ConstantsLoginType.SAMLTRUST,"","","success");
 		ModelAndView mav = new ModelAndView();
 		mav.addObject("username", username);

--- a/maxkey-web-maxkey/src/main/java/org/maxkey/autoconfigure/CasAutoConfiguration.java
+++ b/maxkey-web-maxkey/src/main/java/org/maxkey/autoconfigure/CasAutoConfiguration.java
@@ -84,7 +84,7 @@ public class CasAutoConfiguration implements InitializingBean {
        TicketServices casTicketServices = null;
        if (persistence == 0) {
            casTicketServices = new InMemoryTicketGrantingTicketServices();
-            _logger.debug("InMemoryTicketServices");
+            _logger.debug("InMemoryTicketGrantingTicketServices");
        } else if (persistence == 1) {
            //
            //casTicketServices = new JdbcTicketServices(jdbcTemplate);