Skip to content

MaxKey
MaxKey

yujianwangzivayy / MaxKey
与 Fork 源项目一致

Fork自 MaxKey单点登录官方(MaxKeyTop) / MaxKey

通知 1
Star 0
Fork 0
MaxKey
MaxKey

体验新版 GitCode,发现更多精彩内容 >>

切换分支/标签
查找文件 普通视图历史永久链接Permalink
HttpKerberosEntryPoint.java 4.9 KB
Newer Older
M
EntryPoints  
MaxKey 已提交
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 
/*
 * Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
 * 
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * 
 *     http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 

package org.maxkey.authn.support.kerberos;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.joda.time.DateTime;
import org.maxkey.authn.AbstractAuthenticationProvider;
import org.maxkey.configuration.ApplicationConfig;
import org.maxkey.constants.ConstantsLoginType;
import org.maxkey.crypto.ReciprocalUtils;
import org.maxkey.util.DateUtils;
import org.maxkey.util.JsonUtils;
import org.maxkey.web.WebConstants;
import org.maxkey.web.WebContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.servlet.AsyncHandlerInterceptor;


public class HttpKerberosEntryPoint implements AsyncHandlerInterceptor {
	private static final Logger _logger = LoggerFactory.getLogger(HttpKerberosEntryPoint.class);
	
    boolean enable;
    
  	ApplicationConfig applicationConfig;
    
    AbstractAuthenticationProvider authenticationProvider ;
    
	KerberosService kerberosService;
	
	 @Override
	 public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
		 boolean isAuthenticated= WebContext.isAuthenticated();
		 String kerberosTokenString = request.getParameter(WebConstants.KERBEROS_TOKEN_PARAMETER);
		 String kerberosUserDomain = request.getParameter(WebConstants.KERBEROS_USERDOMAIN_PARAMETER);
		 
		 if(!enable 
				 || isAuthenticated 
				 || kerberosTokenString == null){
			 return true;
		 }
M
trace  
MaxKey 已提交
59 60 61 62 63 64 65 66 
		 _logger.trace("Kerberos Login Start ...");
		 _logger.trace("Request url : "+ request.getRequestURL());
		 _logger.trace("Request URI : "+ request.getRequestURI());
		 _logger.trace("Request ContextPath : "+ request.getContextPath());
		 _logger.trace("Request ServletPath : "+ request.getServletPath());
		 _logger.trace("RequestSessionId : "+ request.getRequestedSessionId());
		 _logger.trace("isRequestedSessionIdValid : "+ request.isRequestedSessionIdValid());
		 _logger.trace("getSession : "+ request.getSession(false));
M
EntryPoints  
MaxKey 已提交
67 68 69 
		 
		// session not exists,session timeout,recreate new session
		 if(request.getSession(false) == null) {
M
trace  
MaxKey 已提交
70 
		    _logger.trace("recreate new session .");
M
EntryPoints  
MaxKey 已提交
71 72 73 
			request.getSession(true);
		 }
M
trace  
MaxKey 已提交
74 
		 _logger.trace("getSession.getId : "+ request.getSession().getId());
M
EntryPoints  
MaxKey 已提交
75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 

		//for Kerberos Login
		_logger.debug("Try Kerberos login ");
		_logger.debug("encoder Kerberos Token "+kerberosTokenString);
		_logger.debug("kerberos UserDomain "+kerberosUserDomain);
		
		String decoderKerberosToken=null;
		for(KerberosProxy kerberosProxy : kerberosService.getKerberosProxys()){
			if(kerberosProxy.getUserdomain().equalsIgnoreCase(kerberosUserDomain)){
				decoderKerberosToken=ReciprocalUtils.aesDecoder(kerberosTokenString, kerberosProxy.getCrypto());
				break;
			}
		}
		_logger.debug("decoder Kerberos Token "+decoderKerberosToken);
		KerberosToken  kerberosToken=new KerberosToken();
		kerberosToken=(KerberosToken)JsonUtils.json2Object(decoderKerberosToken, kerberosToken);
		_logger.debug("Kerberos Token "+kerberosToken);
		
		DateTime notOnOrAfter=DateUtils.toUtcDate(kerberosToken.getNotOnOrAfter());
		_logger.debug("Kerberos Token is After Now  "+notOnOrAfter.isAfterNow());
		
		if(notOnOrAfter.isAfterNow()){
	    	authenticationProvider.trustAuthentication(kerberosToken.getPrincipal(),ConstantsLoginType.KERBEROS,kerberosUserDomain,"","success");
	    	_logger.debug("Kerberos Logined in , username " + kerberosToken.getPrincipal());
		}
		
		return true;
	}

	 public HttpKerberosEntryPoint() {
	        super();
	 }

    public HttpKerberosEntryPoint (boolean enable) {
        super();
        this.enable = enable;
    }

    public HttpKerberosEntryPoint(AbstractAuthenticationProvider authenticationProvider, KerberosService kerberosService,
			ApplicationConfig applicationConfig, boolean enable) {
		super();
		this.authenticationProvider = authenticationProvider;
		this.kerberosService = kerberosService;
		this.applicationConfig = applicationConfig;
		this.enable = enable;
	}

	public boolean isEnable() {
        return enable;
    }

    public void setEnable(boolean enable) {
        this.enable = enable;
    }

	public void setApplicationConfig(ApplicationConfig applicationConfig) {
		this.applicationConfig = applicationConfig;
	}

	public void setAuthenticationProvider(AbstractAuthenticationProvider authenticationProvider) {
		this.authenticationProvider = authenticationProvider;
	}


	
}