Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
sureness
Sureness
提交
0a2d12ed
Sureness
项目概览
sureness
/
Sureness
大约 1 年 前同步成功
通知
32
Star
813
Fork
161
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
Sureness
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
未验证
提交
0a2d12ed
编写于
10月 29, 2020
作者:
sinat_25235033
提交者:
GitHub
10月 29, 2020
浏览文件
操作
浏览文件
下载
差异文件
Merge pull request #29 from tomsun28/digest-auth-feature
Digest auth feature - support digest auth with servlet and jax-rs
上级
51e19888
c7391e40
变更
12
隐藏空白更改
内联
并排
Showing
12 changed file
with
609 addition
and
20 deletion
+609
-20
core/src/main/java/com/usthe/sureness/DefaultSurenessConfig.java
...c/main/java/com/usthe/sureness/DefaultSurenessConfig.java
+9
-8
core/src/main/java/com/usthe/sureness/processor/exception/NeedDigestInfoException.java
...sureness/processor/exception/NeedDigestInfoException.java
+21
-0
core/src/main/java/com/usthe/sureness/processor/support/DigestProcessor.java
...com/usthe/sureness/processor/support/DigestProcessor.java
+139
-0
core/src/main/java/com/usthe/sureness/subject/creater/DigestSubjectJaxRsCreator.java
...e/sureness/subject/creater/DigestSubjectJaxRsCreator.java
+91
-0
core/src/main/java/com/usthe/sureness/subject/creater/DigestSubjectServletCreator.java
...sureness/subject/creater/DigestSubjectServletCreator.java
+90
-0
core/src/main/java/com/usthe/sureness/subject/support/DigestSubject.java
...ava/com/usthe/sureness/subject/support/DigestSubject.java
+244
-0
core/src/main/resources/sureness-sample.yml
core/src/main/resources/sureness-sample.yml
+1
-0
sample-bootstrap/src/main/java/com/usthe/sureness/sample/bootstrap/SurenessFilterExample.java
...sthe/sureness/sample/bootstrap/SurenessFilterExample.java
+10
-12
sample-bootstrap/src/main/resources/sureness.yml
sample-bootstrap/src/main/resources/sureness.yml
+1
-0
samples/javalin-sureness/src/main/resources/sureness.yml
samples/javalin-sureness/src/main/resources/sureness.yml
+1
-0
samples/ktor-sureness/resources/sureness.yml
samples/ktor-sureness/resources/sureness.yml
+1
-0
samples/quarkus-sureness/src/main/resources/sureness.yml
samples/quarkus-sureness/src/main/resources/sureness.yml
+1
-0
未找到文件。
core/src/main/java/com/usthe/sureness/DefaultSurenessConfig.java
浏览文件 @
0a2d12ed
...
...
@@ -4,6 +4,7 @@ import com.usthe.sureness.matcher.DefaultPathRoleMatcher;
import
com.usthe.sureness.mgt.SurenessSecurityManager
;
import
com.usthe.sureness.processor.DefaultProcessorManager
;
import
com.usthe.sureness.processor.Processor
;
import
com.usthe.sureness.processor.support.DigestProcessor
;
import
com.usthe.sureness.processor.support.JwtProcessor
;
import
com.usthe.sureness.processor.support.NoneProcessor
;
import
com.usthe.sureness.processor.support.PasswordProcessor
;
...
...
@@ -11,12 +12,7 @@ import com.usthe.sureness.provider.ducument.DocumentResourceDefaultProvider;
import
com.usthe.sureness.subject.SubjectCreate
;
import
com.usthe.sureness.subject.SubjectFactory
;
import
com.usthe.sureness.subject.SurenessSubjectFactory
;
import
com.usthe.sureness.subject.creater.BasicSubjectJaxRsCreator
;
import
com.usthe.sureness.subject.creater.JwtSubjectJaxRsCreator
;
import
com.usthe.sureness.subject.creater.JwtSubjectServletCreator
;
import
com.usthe.sureness.subject.creater.BasicSubjectServletCreator
;
import
com.usthe.sureness.subject.creater.NoneSubjectJaxRsCreator
;
import
com.usthe.sureness.subject.creater.NoneSubjectServletCreator
;
import
com.usthe.sureness.subject.creater.*
;
import
org.slf4j.Logger
;
import
org.slf4j.LoggerFactory
;
...
...
@@ -60,6 +56,9 @@ public class DefaultSurenessConfig {
PasswordProcessor
passwordProcessor
=
new
PasswordProcessor
();
passwordProcessor
.
setAccountProvider
(
resourceProvider
);
processorList
.
add
(
passwordProcessor
);
DigestProcessor
digestProcessor
=
new
DigestProcessor
();
digestProcessor
.
setAccountProvider
(
resourceProvider
);
processorList
.
add
(
digestProcessor
);
DefaultProcessorManager
processorManager
=
new
DefaultProcessorManager
(
processorList
);
if
(
logger
.
isDebugEnabled
())
{
logger
.
debug
(
"DefaultProcessorManager init"
);
...
...
@@ -80,12 +79,14 @@ public class DefaultSurenessConfig {
subjectCreates
=
Arrays
.
asList
(
new
NoneSubjectJaxRsCreator
(),
new
BasicSubjectJaxRsCreator
(),
new
JwtSubjectJaxRsCreator
());
new
JwtSubjectJaxRsCreator
(),
new
DigestSubjectJaxRsCreator
());
}
else
{
subjectCreates
=
Arrays
.
asList
(
new
NoneSubjectServletCreator
(),
new
BasicSubjectServletCreator
(),
new
JwtSubjectServletCreator
());
new
JwtSubjectServletCreator
(),
new
DigestSubjectServletCreator
());
}
subjectFactory
.
registerSubjectCreator
(
subjectCreates
);
if
(
logger
.
isDebugEnabled
())
{
...
...
core/src/main/java/com/usthe/sureness/processor/exception/NeedDigestInfoException.java
0 → 100644
浏览文件 @
0a2d12ed
package
com.usthe.sureness.processor.exception
;
/**
* exception for digest auth
* means you should try once again by authenticate below with digest auth information
* @author tomsun28
* @date 2020-10-28 23:27
*/
public
class
NeedDigestInfoException
extends
SurenessAuthenticationException
{
private
String
authenticate
;
public
NeedDigestInfoException
(
String
message
,
String
authenticate
)
{
super
(
message
);
this
.
authenticate
=
authenticate
;
}
public
String
getAuthenticate
()
{
return
authenticate
;
}
}
core/src/main/java/com/usthe/sureness/processor/support/DigestProcessor.java
0 → 100644
浏览文件 @
0a2d12ed
package
com.usthe.sureness.processor.support
;
import
com.usthe.sureness.processor.BaseProcessor
;
import
com.usthe.sureness.processor.exception.*
;
import
com.usthe.sureness.provider.SurenessAccount
;
import
com.usthe.sureness.provider.SurenessAccountProvider
;
import
com.usthe.sureness.subject.Subject
;
import
com.usthe.sureness.subject.support.DigestSubject
;
import
org.slf4j.Logger
;
import
org.slf4j.LoggerFactory
;
import
java.nio.charset.StandardCharsets
;
import
java.security.MessageDigest
;
import
java.security.NoSuchAlgorithmException
;
import
java.util.List
;
/**
* process digest auth
* @author tomsun28
* @date 2020-10-28 23:17
*/
public
class
DigestProcessor
extends
BaseProcessor
{
private
static
final
Logger
logger
=
LoggerFactory
.
getLogger
(
DigestProcessor
.
class
);
private
static
final
String
DEFAULT_REALM
=
"sureness_realm"
;
private
static
final
String
DEFAULT_QOP
=
"auth"
;
private
static
final
String
HEX_LOOKUP
=
"0123456789abcdef"
;
private
static
MessageDigest
md5Digest
;
private
static
String
realm
;
private
static
String
qop
;
private
SurenessAccountProvider
accountProvider
;
static
{
try
{
md5Digest
=
MessageDigest
.
getInstance
(
"MD5"
);
realm
=
DEFAULT_REALM
;
qop
=
DEFAULT_QOP
;
}
catch
(
NoSuchAlgorithmException
e
)
{
logger
.
error
(
e
.
getMessage
(),
e
);
}
}
@Override
public
boolean
canSupportAuTokenClass
(
Class
<?>
var
)
{
return
var
==
DigestSubject
.
class
;
}
@Override
public
Class
<?>
getSupportAuTokenClass
()
{
return
DigestSubject
.
class
;
}
@Override
public
Subject
authenticated
(
Subject
var
)
throws
SurenessAuthenticationException
{
if
(
var
.
getPrincipal
()
==
null
||
var
.
getCredentials
()
==
null
)
{
String
authenticate
=
getAuthenticate
();
throw
new
NeedDigestInfoException
(
"you should try once with digest auth information"
,
authenticate
);
}
String
appId
=
(
String
)
var
.
getPrincipal
();
SurenessAccount
account
=
accountProvider
.
loadAccount
(
appId
);
if
(
account
==
null
)
{
if
(
logger
.
isDebugEnabled
())
{
logger
.
debug
(
"PasswordProcessor authenticated fail, no this user: {}"
,
var
.
getPrincipal
());
}
throw
new
UnknownAccountException
(
"do not exist the account: "
+
appId
);
}
DigestSubject
digestSubject
=
(
DigestSubject
)
var
;
//A1 = MD5("username:realm:password");
String
a1
=
calcDigest
(
appId
,
digestSubject
.
getRealm
(),
account
.
getPassword
());
//A2 = MD5("httpMethod:uri");
String
a2
=
calcDigest
(
digestSubject
.
getHttpMethod
(),
digestSubject
.
getUri
());
//response = MD5("A1:nonce:nc:cNonce:qop:A2");
String
oriResponse
=
calcDigest
(
a1
,
digestSubject
.
getNonce
(),
digestSubject
.
getNc
(),
digestSubject
.
getCnonce
(),
digestSubject
.
getQop
(),
a2
);
if
(!
oriResponse
.
equals
(
digestSubject
.
getCredentials
()))
{
throw
new
IncorrectCredentialsException
(
"incorrect password"
);
}
if
(
account
.
isDisabledAccount
())
{
throw
new
DisabledAccountException
(
"account is disabled"
);
}
if
(
account
.
isExcessiveAttempts
())
{
throw
new
ExcessiveAttemptsException
(
"account is disable due to many time authenticated, try later"
);
}
return
DigestSubject
.
builder
(
var
)
.
setOwnRoles
(
account
.
getOwnRoles
())
.
build
();
}
@SuppressWarnings
(
"unchecked"
)
@Override
public
void
authorized
(
Subject
var
)
throws
SurenessAuthorizationException
{
List
<
String
>
ownRoles
=
(
List
<
String
>)
var
.
getOwnRoles
();
List
<
String
>
supportRoles
=
(
List
<
String
>)
var
.
getSupportRoles
();
if
(
supportRoles
==
null
||
supportRoles
.
isEmpty
()
||
supportRoles
.
stream
().
anyMatch
(
ownRoles:
:
contains
))
{
return
;
}
throw
new
UnauthorizedException
(
"do not have the role to access resource"
);
}
private
String
getAuthenticate
(){
String
nonce
=
calcDigest
(
String
.
valueOf
(
System
.
currentTimeMillis
()));
return
"Digest "
+
"realm="
+
realm
+
",nonce="
+
nonce
+
",qop="
+
qop
;
}
private
String
calcDigest
(
String
first
,
String
...
args
){
StringBuilder
stringBuilder
=
new
StringBuilder
(
first
);
if
(
args
!=
null
)
{
for
(
String
str
:
args
){
stringBuilder
.
append
(
':'
).
append
(
str
);
}
}
md5Digest
.
reset
();
md5Digest
.
update
(
stringBuilder
.
toString
().
getBytes
(
StandardCharsets
.
UTF_8
));
return
bytesToHexString
(
md5Digest
.
digest
());
}
private
static
String
bytesToHexString
(
byte
[]
bytes
)
{
StringBuilder
sb
=
new
StringBuilder
();
for
(
byte
aByte
:
bytes
)
{
sb
.
append
(
HEX_LOOKUP
.
charAt
((
aByte
&
0xF0
)
>>
4
));
sb
.
append
(
HEX_LOOKUP
.
charAt
((
aByte
&
0x0F
)));
}
return
sb
.
toString
();
}
public
void
setAccountProvider
(
SurenessAccountProvider
provider
)
{
this
.
accountProvider
=
provider
;
}
public
static
void
setRealm
(
String
realm
)
{
DigestProcessor
.
realm
=
realm
;
}
public
static
void
setQop
(
String
qop
)
{
DigestProcessor
.
qop
=
qop
;
}
}
core/src/main/java/com/usthe/sureness/subject/creater/DigestSubjectJaxRsCreator.java
0 → 100644
浏览文件 @
0a2d12ed
package
com.usthe.sureness.subject.creater
;
import
com.usthe.sureness.subject.Subject
;
import
com.usthe.sureness.subject.SubjectCreate
;
import
com.usthe.sureness.subject.support.DigestSubject
;
import
org.slf4j.Logger
;
import
org.slf4j.LoggerFactory
;
import
javax.ws.rs.container.ContainerRequestContext
;
import
java.util.Arrays
;
import
java.util.HashMap
;
import
java.util.Map
;
/**
* digest subject creator
* @author tomsun28
* @date 2020-10-28 20:44
*/
public
class
DigestSubjectJaxRsCreator
implements
SubjectCreate
{
private
static
final
Logger
logger
=
LoggerFactory
.
getLogger
(
DigestSubjectJaxRsCreator
.
class
);
private
static
final
String
AUTHORIZATION
=
"Authorization"
;
private
static
final
String
DIGEST
=
"Digest "
;
private
static
final
String
USERNAME
=
"username"
;
private
static
final
String
NONCE
=
"nonce"
;
private
static
final
String
QOP
=
"qop"
;
private
static
final
String
REALM
=
"realm"
;
private
static
final
String
NC
=
"nc"
;
private
static
final
String
CNONCE
=
"cnonce"
;
private
static
final
String
RESPONSE
=
"response"
;
private
static
final
String
URI
=
"uri"
;
private
static
final
int
FILED_SIZE
=
2
;
private
static
final
String
SPLIT
=
"\""
;
@Override
public
boolean
canSupportSubject
(
Object
context
)
{
return
context
instanceof
ContainerRequestContext
;
}
@Override
public
Subject
createSubject
(
Object
context
)
{
String
authorization
=
((
ContainerRequestContext
)
context
).
getHeaderString
(
AUTHORIZATION
);
if
(
authorization
==
null
||
!
authorization
.
startsWith
(
DIGEST
))
{
return
new
DigestSubject
();
}
else
{
// digest auth
String
digestAuth
=
authorization
.
replace
(
DIGEST
,
""
).
trim
();
try
{
final
Map
<
String
,
String
>
digestMap
=
new
HashMap
<>(
8
);
Arrays
.
stream
(
digestAuth
.
split
(
","
)).
forEach
(
auth
->
{
String
[]
tmpArr
=
auth
.
trim
().
split
(
"="
);
if
(
tmpArr
.
length
==
FILED_SIZE
)
{
String
authValue
=
tmpArr
[
1
].
trim
();
if
(
authValue
.
startsWith
(
SPLIT
)
&&
authValue
.
endsWith
(
SPLIT
))
{
authValue
=
authValue
.
substring
(
1
,
authValue
.
length
()
-
1
);
}
digestMap
.
put
(
tmpArr
[
0
].
trim
(),
authValue
);
}
});
String
username
=
digestMap
.
get
(
USERNAME
);
String
response
=
digestMap
.
get
(
RESPONSE
);
String
realm
=
digestMap
.
get
(
REALM
);
String
uri
=
digestMap
.
get
(
URI
);
String
nonce
=
digestMap
.
get
(
NONCE
);
String
nc
=
digestMap
.
get
(
NC
);
String
cNonce
=
digestMap
.
get
(
CNONCE
);
String
qop
=
digestMap
.
get
(
QOP
);
if
(
username
==
null
||
response
==
null
||
realm
==
null
||
uri
==
null
||
nonce
==
null
||
nc
==
null
||
cNonce
==
null
)
{
logger
.
debug
(
"can not create digest subject due some need field is null"
);
return
null
;
}
String
requestUri
=
((
ContainerRequestContext
)
context
).
getUriInfo
().
getPath
();
String
requestType
=
((
ContainerRequestContext
)
context
).
getMethod
();
String
targetUri
=
requestUri
.
concat
(
"==="
).
concat
(
requestType
).
toLowerCase
();
return
DigestSubject
.
builder
(
username
,
response
)
.
setRealm
(
realm
).
setUri
(
uri
).
setNonce
(
nonce
)
.
setNc
(
nc
).
setCnonce
(
cNonce
).
setQop
(
qop
)
.
setHttpMethod
(
requestType
.
toUpperCase
())
.
setTargetUri
(
targetUri
)
.
build
();
}
catch
(
Exception
e
)
{
logger
.
info
(
e
.
getMessage
(),
e
);
return
null
;
}
}
}
}
core/src/main/java/com/usthe/sureness/subject/creater/DigestSubjectServletCreator.java
0 → 100644
浏览文件 @
0a2d12ed
package
com.usthe.sureness.subject.creater
;
import
com.usthe.sureness.subject.Subject
;
import
com.usthe.sureness.subject.SubjectCreate
;
import
com.usthe.sureness.subject.support.DigestSubject
;
import
org.slf4j.Logger
;
import
org.slf4j.LoggerFactory
;
import
javax.servlet.http.HttpServletRequest
;
import
java.util.Arrays
;
import
java.util.HashMap
;
import
java.util.Map
;
/**
* digest subject creator
* @author tomsun28
* @date 2020-10-28 20:44
*/
public
class
DigestSubjectServletCreator
implements
SubjectCreate
{
private
static
final
Logger
logger
=
LoggerFactory
.
getLogger
(
DigestSubjectServletCreator
.
class
);
private
static
final
String
AUTHORIZATION
=
"Authorization"
;
private
static
final
String
DIGEST
=
"Digest "
;
private
static
final
String
USERNAME
=
"username"
;
private
static
final
String
NONCE
=
"nonce"
;
private
static
final
String
QOP
=
"qop"
;
private
static
final
String
REALM
=
"realm"
;
private
static
final
String
NC
=
"nc"
;
private
static
final
String
CNONCE
=
"cnonce"
;
private
static
final
String
RESPONSE
=
"response"
;
private
static
final
String
URI
=
"uri"
;
private
static
final
int
FILED_SIZE
=
2
;
private
static
final
String
SPLIT
=
"\""
;
@Override
public
boolean
canSupportSubject
(
Object
context
)
{
return
context
instanceof
HttpServletRequest
;
}
@Override
public
Subject
createSubject
(
Object
context
)
{
String
authorization
=
((
HttpServletRequest
)
context
).
getHeader
(
AUTHORIZATION
);
if
(
authorization
==
null
||
!
authorization
.
startsWith
(
DIGEST
))
{
return
new
DigestSubject
();
}
else
{
// digest auth
String
digestAuth
=
authorization
.
replace
(
DIGEST
,
""
).
trim
();
try
{
final
Map
<
String
,
String
>
digestMap
=
new
HashMap
<>(
8
);
Arrays
.
stream
(
digestAuth
.
split
(
","
)).
forEach
(
auth
->
{
String
[]
tmpArr
=
auth
.
trim
().
split
(
"="
);
if
(
tmpArr
.
length
==
FILED_SIZE
)
{
String
authValue
=
tmpArr
[
1
].
trim
();
if
(
authValue
.
startsWith
(
SPLIT
)
&&
authValue
.
endsWith
(
SPLIT
))
{
authValue
=
authValue
.
substring
(
1
,
authValue
.
length
()
-
1
);
}
digestMap
.
put
(
tmpArr
[
0
].
trim
(),
authValue
);
}
});
String
username
=
digestMap
.
get
(
USERNAME
);
String
response
=
digestMap
.
get
(
RESPONSE
);
String
realm
=
digestMap
.
get
(
REALM
);
String
uri
=
digestMap
.
get
(
URI
);
String
nonce
=
digestMap
.
get
(
NONCE
);
String
nc
=
digestMap
.
get
(
NC
);
String
cNonce
=
digestMap
.
get
(
CNONCE
);
String
qop
=
digestMap
.
get
(
QOP
);
if
(
username
==
null
||
response
==
null
||
realm
==
null
||
uri
==
null
||
nonce
==
null
||
nc
==
null
||
cNonce
==
null
)
{
logger
.
debug
(
"can not create digest subject due some need field is null"
);
return
null
;
}
String
remoteHost
=
((
HttpServletRequest
)
context
).
getRemoteHost
();
String
requestUri
=
((
HttpServletRequest
)
context
).
getRequestURI
();
String
requestType
=
((
HttpServletRequest
)
context
).
getMethod
();
String
targetUri
=
requestUri
.
concat
(
"==="
).
concat
(
requestType
).
toLowerCase
();
return
DigestSubject
.
builder
(
username
,
response
)
.
setRealm
(
realm
).
setUri
(
uri
).
setNonce
(
nonce
)
.
setNc
(
nc
).
setCnonce
(
cNonce
).
setQop
(
qop
).
setHttpMethod
(
requestType
.
toUpperCase
())
.
setRemoteHost
(
remoteHost
).
setTargetUri
(
targetUri
)
.
build
();
}
catch
(
Exception
e
)
{
logger
.
info
(
e
.
getMessage
(),
e
);
return
null
;
}
}
}
}
core/src/main/java/com/usthe/sureness/subject/support/DigestSubject.java
0 → 100644
浏览文件 @
0a2d12ed
package
com.usthe.sureness.subject.support
;
import
com.usthe.sureness.subject.Subject
;
import
java.util.List
;
/**
* subject for digest auth
* @author tomsun28
* @date 2020-10-28 20:44
*/
public
class
DigestSubject
implements
Subject
{
private
static
final
long
serialVersionUID
=
1L
;
/** 用户标识 **/
private
String
appId
;
/** 安全域 **/
private
String
realm
;
/** uri **/
private
String
uri
;
/** 保护质量,包含auth(默认的)和 auth-int **/
private
String
qop
;
/** 服务端向客户端发送质询时附带的一个随机数 **/
private
String
nonce
;
/** nonce计数器,是一个16进制的数值 **/
private
String
nc
;
/** 客户端随机数 **/
private
String
cnonce
;
/** 加密后的口令 **/
private
String
response
;
/** 请求的http method **/
private
String
httpMethod
;
/** 访问用户的IP **/
private
String
remoteHost
;
/** 所拥有的角色 在解析完jwt之后把用户角色放到这里 **/
private
List
<
String
>
ownRoles
;
/** 所访问资源地址 **/
private
String
targetUri
;
/** 所访问资源他支持的角色 **/
private
List
<
String
>
supportRoles
;
public
DigestSubject
()
{}
private
DigestSubject
(
Builder
builder
)
{
this
.
appId
=
builder
.
appId
;
this
.
response
=
builder
.
response
;
this
.
realm
=
builder
.
realm
;
this
.
uri
=
builder
.
uri
;
this
.
qop
=
builder
.
qop
;
this
.
nonce
=
builder
.
nonce
;
this
.
nc
=
builder
.
nc
;
this
.
cnonce
=
builder
.
cnonce
;
this
.
httpMethod
=
builder
.
httpMethod
;
this
.
remoteHost
=
builder
.
remoteHost
;
this
.
ownRoles
=
builder
.
ownRoles
;
this
.
targetUri
=
builder
.
targetUri
;
this
.
supportRoles
=
builder
.
supportRoles
;
}
@Override
public
Object
getPrincipal
()
{
return
appId
;
}
@Override
public
Object
getCredentials
()
{
return
response
;
}
@Override
public
Object
getOwnRoles
()
{
return
ownRoles
;
}
@Override
public
Object
getTargetResource
()
{
return
targetUri
;
}
@Override
public
Object
getSupportRoles
()
{
return
supportRoles
;
}
@SuppressWarnings
(
"unchecked"
)
@Override
public
void
setSupportRoles
(
Object
var1
)
{
this
.
supportRoles
=
(
List
<
String
>)
var1
;
}
public
String
getRealm
()
{
return
realm
;
}
public
String
getUri
()
{
return
uri
;
}
public
String
getQop
()
{
return
qop
;
}
public
String
getNonce
()
{
return
nonce
;
}
public
String
getNc
()
{
return
nc
;
}
public
String
getCnonce
()
{
return
cnonce
;
}
public
String
getHttpMethod
()
{
return
httpMethod
;
}
public
String
getRemoteHost
()
{
return
remoteHost
;
}
public
static
DigestSubject
.
Builder
builder
(
String
username
,
String
response
)
{
return
new
DigestSubject
.
Builder
(
username
,
response
);
}
public
static
DigestSubject
.
Builder
builder
(
Subject
auToken
)
{
return
new
DigestSubject
.
Builder
(
auToken
);
}
public
static
class
Builder
{
private
String
appId
;
private
String
response
;
private
String
realm
;
private
String
uri
;
private
String
qop
;
private
String
nonce
;
private
String
nc
;
private
String
cnonce
;
private
String
httpMethod
;
private
String
remoteHost
;
private
List
<
String
>
ownRoles
;
private
String
targetUri
;
private
List
<
String
>
supportRoles
;
public
Builder
(
String
username
,
String
response
)
{
this
.
appId
=
username
;
this
.
response
=
response
;
}
@SuppressWarnings
(
"unchecked"
)
public
Builder
(
Subject
auToken
)
{
this
.
appId
=
String
.
valueOf
(
auToken
.
getPrincipal
());
this
.
response
=
String
.
valueOf
(
auToken
.
getCredentials
());
this
.
ownRoles
=
(
List
<
String
>)
auToken
.
getOwnRoles
();
this
.
targetUri
=
String
.
valueOf
(
auToken
.
getTargetResource
());
this
.
supportRoles
=
(
List
<
String
>)
auToken
.
getSupportRoles
();
}
public
DigestSubject
.
Builder
setAppId
(
String
appId
)
{
this
.
appId
=
appId
;
return
this
;
}
public
DigestSubject
.
Builder
setResponse
(
String
response
)
{
this
.
response
=
response
;
return
this
;
}
public
DigestSubject
.
Builder
setRealm
(
String
realm
)
{
this
.
realm
=
realm
;
return
this
;
}
public
DigestSubject
.
Builder
setUri
(
String
uri
)
{
this
.
uri
=
uri
;
return
this
;
}
public
DigestSubject
.
Builder
setQop
(
String
qop
)
{
this
.
qop
=
qop
;
return
this
;
}
public
DigestSubject
.
Builder
setNonce
(
String
nonce
)
{
this
.
nonce
=
nonce
;
return
this
;
}
public
DigestSubject
.
Builder
setNc
(
String
nc
)
{
this
.
nc
=
nc
;
return
this
;
}
public
DigestSubject
.
Builder
setCnonce
(
String
cnonce
)
{
this
.
cnonce
=
cnonce
;
return
this
;
}
public
DigestSubject
.
Builder
setHttpMethod
(
String
httpMethod
)
{
this
.
httpMethod
=
httpMethod
;
return
this
;
}
public
DigestSubject
.
Builder
setTargetUri
(
String
targetUri
)
{
this
.
targetUri
=
targetUri
;
return
this
;
}
public
DigestSubject
.
Builder
setRemoteHost
(
String
remoteHost
)
{
this
.
remoteHost
=
remoteHost
;
return
this
;
}
public
DigestSubject
.
Builder
setOwnRoles
(
List
<
String
>
ownRoles
)
{
this
.
ownRoles
=
ownRoles
;
return
this
;
}
public
DigestSubject
.
Builder
setSupportRoles
(
List
<
String
>
supportRoles
)
{
this
.
supportRoles
=
supportRoles
;
return
this
;
}
public
DigestSubject
build
()
{
return
new
DigestSubject
(
this
);
}
}
}
core/src/main/resources/sureness-sample.yml
浏览文件 @
0a2d12ed
...
...
@@ -32,6 +32,7 @@ excludedResource:
account
:
-
appId
:
admin
# if add salt, the password is encrypted password - the result: MD5(password+salt)
# digest auth not support encrypted password
# if no salt, the password is unencrypted password
credential
:
0192023A7BBD73250516F069DF18B500
salt
:
123
...
...
sample-bootstrap/src/main/java/com/usthe/sureness/sample/bootstrap/SurenessFilterExample.java
浏览文件 @
0a2d12ed
package
com.usthe.sureness.sample.bootstrap
;
import
com.usthe.sureness.mgt.SurenessSecurityManager
;
import
com.usthe.sureness.processor.exception.DisabledAccountException
;
import
com.usthe.sureness.processor.exception.ExcessiveAttemptsException
;
import
com.usthe.sureness.processor.exception.ExpiredCredentialsException
;
import
com.usthe.sureness.processor.exception.IncorrectCredentialsException
;
import
com.usthe.sureness.processor.exception.ProcessorNotFoundException
;
import
com.usthe.sureness.processor.exception.UnauthorizedException
;
import
com.usthe.sureness.processor.exception.UnknownAccountException
;
import
com.usthe.sureness.processor.exception.UnsupportedSubjectException
;
import
com.usthe.sureness.processor.exception.*
;
import
com.usthe.sureness.sample.bootstrap.util.CommonUtil
;
import
com.usthe.sureness.subject.SubjectSum
;
import
com.usthe.sureness.util.SurenessContextHolder
;
...
...
@@ -67,17 +60,22 @@ public class SurenessFilterExample implements Filter {
}
catch
(
DisabledAccountException
|
ExcessiveAttemptsException
e2
)
{
logger
.
debug
(
"the account is disabled"
);
CommonUtil
.
responseWrite
(
ResponseEntity
.
status
(
HttpStatus
.
FORBIDDEN
).
body
(
e2
.
getMessage
()),
servletResponse
);
.
status
(
HttpStatus
.
UNAUTHORIZED
).
body
(
e2
.
getMessage
()),
servletResponse
);
return
;
}
catch
(
IncorrectCredentialsException
|
ExpiredCredentialsException
e3
)
{
logger
.
debug
(
"this account credential is incorrect or expired"
);
CommonUtil
.
responseWrite
(
ResponseEntity
.
status
(
HttpStatus
.
FORBIDDEN
).
body
(
e3
.
getMessage
()),
servletResponse
);
.
status
(
HttpStatus
.
UNAUTHORIZED
).
body
(
e3
.
getMessage
()),
servletResponse
);
return
;
}
catch
(
UnauthorizedException
e5
)
{
}
catch
(
NeedDigestInfoException
e5
)
{
logger
.
debug
(
"you should try once again with digest auth information"
);
CommonUtil
.
responseWrite
(
ResponseEntity
.
status
(
HttpStatus
.
UNAUTHORIZED
)
.
header
(
"WWW-Authenticate"
,
e5
.
getAuthenticate
()).
build
(),
servletResponse
);
}
catch
(
UnauthorizedException
e6
)
{
logger
.
debug
(
"this account can not access this resource"
);
CommonUtil
.
responseWrite
(
ResponseEntity
.
status
(
HttpStatus
.
FORBIDDEN
).
body
(
e
5
.
getMessage
()),
servletResponse
);
.
status
(
HttpStatus
.
FORBIDDEN
).
body
(
e
6
.
getMessage
()),
servletResponse
);
return
;
}
catch
(
RuntimeException
e
)
{
logger
.
error
(
"other exception happen: "
,
e
);
...
...
sample-bootstrap/src/main/resources/sureness.yml
浏览文件 @
0a2d12ed
...
...
@@ -32,6 +32,7 @@ excludedResource:
account
:
-
appId
:
admin
# if add salt, the password is encrypted password - the result: MD5(password+salt)
# digest auth not support encrypted password
# if no salt, the password is unencrypted password
credential
:
0192023A7BBD73250516F069DF18B500
salt
:
123
...
...
samples/javalin-sureness/src/main/resources/sureness.yml
浏览文件 @
0a2d12ed
...
...
@@ -32,6 +32,7 @@ excludedResource:
account
:
-
appId
:
admin
# if add salt, the password is encrypted password - the result: MD5(password+salt)
# digest auth not support encrypted password
# if no salt, the password is unencrypted password
credential
:
0192023A7BBD73250516F069DF18B500
salt
:
123
...
...
samples/ktor-sureness/resources/sureness.yml
浏览文件 @
0a2d12ed
...
...
@@ -32,6 +32,7 @@ excludedResource:
account
:
-
appId
:
admin
# if add salt, the password is encrypted password - the result: MD5(password+salt)
# digest auth not support encrypted password
# if no salt, the password is unencrypted password
credential
:
0192023A7BBD73250516F069DF18B500
salt
:
123
...
...
samples/quarkus-sureness/src/main/resources/sureness.yml
浏览文件 @
0a2d12ed
...
...
@@ -32,6 +32,7 @@ excludedResource:
account
:
-
appId
:
admin
# if add salt, the password is encrypted password - the result: MD5(password+salt)
# digest auth not support encrypted password
# if no salt, the password is unencrypted password
credential
:
0192023A7BBD73250516F069DF18B500
salt
:
123
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录