Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
yujianwangzivayy
MaxKey
提交
7bba47a4
MaxKey
项目概览
yujianwangzivayy
/
MaxKey
与 Fork 源项目一致
Fork自
MaxKey单点登录官方(MaxKeyTop) / MaxKey
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
MaxKey
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
7bba47a4
编写于
4月 21, 2022
作者:
M
MaxKey
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
Provider
上级
586e473e
变更
26
隐藏空白更改
内联
并排
Showing
26 changed file
with
686 addition
and
433 deletion
+686
-433
maxkey-authentications/maxkey-authentication-captcha/build.gradle
...uthentications/maxkey-authentication-captcha/build.gradle
+3
-0
maxkey-authentications/maxkey-authentication-captcha/src/main/java/org/maxkey/web/contorller/ImageCaptcha.java
...src/main/java/org/maxkey/web/contorller/ImageCaptcha.java
+44
-0
maxkey-authentications/maxkey-authentication-captcha/src/main/java/org/maxkey/web/contorller/ImageCaptchaBase64Endpoint.java
...org/maxkey/web/contorller/ImageCaptchaBase64Endpoint.java
+0
-142
maxkey-authentications/maxkey-authentication-captcha/src/main/java/org/maxkey/web/contorller/ImageCaptchaEndpoint.java
.../java/org/maxkey/web/contorller/ImageCaptchaEndpoint.java
+56
-66
maxkey-authentications/maxkey-authentication-captcha/src/main/resources/kaptcha.properties
...hentication-captcha/src/main/resources/kaptcha.properties
+7
-3
maxkey-authentications/maxkey-authentication-captcha/src/main/resources/kaptcha_d.properties
...ntication-captcha/src/main/resources/kaptcha_d.properties
+9
-0
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java
...java/org/maxkey/authn/AbstractAuthenticationProvider.java
+30
-87
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/LoginCredential.java
...-core/src/main/java/org/maxkey/authn/LoginCredential.java
+14
-12
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/provider/MfaAuthenticationProvider.java
.../org/maxkey/authn/provider/MfaAuthenticationProvider.java
+22
-71
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/provider/MobileAuthenticationProvider.java
...g/maxkey/authn/provider/MobileAuthenticationProvider.java
+142
-0
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/provider/NormalAuthenticationProvider.java
...g/maxkey/authn/provider/NormalAuthenticationProvider.java
+178
-0
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/provider/TrustedAuthenticationProvider.java
.../maxkey/authn/provider/TrustedAuthenticationProvider.java
+84
-0
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/provider/package-info.java
...src/main/java/org/maxkey/authn/provider/package-info.java
+1
-0
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/basic/BasicEntryPoint.java
.../java/org/maxkey/authn/support/basic/BasicEntryPoint.java
+1
-1
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/httpheader/HttpHeaderEntryPoint.java
...maxkey/authn/support/httpheader/HttpHeaderEntryPoint.java
+1
-1
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/jwt/HttpJwtEntryPoint.java
.../java/org/maxkey/authn/support/jwt/HttpJwtEntryPoint.java
+1
-1
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/kerberos/HttpKerberosEntryPoint.java
...maxkey/authn/support/kerberos/HttpKerberosEntryPoint.java
+1
-1
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/wsfederation/HttpWsFederationEntryPoint.java
...uthn/support/wsfederation/HttpWsFederationEntryPoint.java
+1
-1
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/autoconfigure/AuthenticationAutoConfiguration.java
...maxkey/autoconfigure/AuthenticationAutoConfiguration.java
+53
-9
maxkey-authentications/maxkey-authentication-social/src/main/java/org/maxkey/authn/support/socialsignon/SocialSignOnEndpoint.java
...xkey/authn/support/socialsignon/SocialSignOnEndpoint.java
+1
-1
maxkey-core/src/main/java/org/maxkey/persistence/InMemoryMomentaryService.java
...java/org/maxkey/persistence/InMemoryMomentaryService.java
+1
-1
maxkey-core/src/main/java/org/maxkey/persistence/RedisMomentaryService.java
...in/java/org/maxkey/persistence/RedisMomentaryService.java
+1
-1
maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasRestV1Endpoint.java
...java/org/maxkey/authz/cas/endpoint/CasRestV1Endpoint.java
+2
-2
maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/consumer/endpoint/ConsumerEndpoint.java
...xkey/authz/saml20/consumer/endpoint/ConsumerEndpoint.java
+1
-1
maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/endpoint/LoginEntryPoint.java
...rc/main/java/org/maxkey/web/endpoint/LoginEntryPoint.java
+14
-6
maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/LoginEntryPoint.java
.../main/java/org/maxkey/web/contorller/LoginEntryPoint.java
+18
-26
未找到文件。
maxkey-authentications/maxkey-authentication-captcha/build.gradle
浏览文件 @
7bba47a4
...
...
@@ -3,6 +3,9 @@ description = "maxkey-authentication-captcha"
dependencies
{
implementation
project
(
":maxkey-common"
)
implementation
project
(
":maxkey-core"
)
implementation
project
(
":maxkey-authentications:maxkey-authentication-core"
)
//local jars
implementation
fileTree
(
dir:
'../maxkey-lib/'
,
include:
'*/*.jar'
)
}
\ No newline at end of file
maxkey-authentications/maxkey-authentication-captcha/src/main/java/org/maxkey/web/contorller/ImageCaptcha.java
0 → 100644
浏览文件 @
7bba47a4
/*
* Copyright [2022] [MaxKey of copyright http://www.maxkey.top]
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package
org.maxkey.web.contorller
;
public
class
ImageCaptcha
{
String
id
;
String
image
;
public
ImageCaptcha
(
String
id
,
String
image
)
{
super
();
this
.
id
=
id
;
this
.
image
=
image
;
}
public
String
getId
()
{
return
id
;
}
public
void
setId
(
String
id
)
{
this
.
id
=
id
;
}
public
String
getImage
()
{
return
image
;
}
public
void
setImage
(
String
image
)
{
this
.
image
=
image
;
}
}
maxkey-authentications/maxkey-authentication-captcha/src/main/java/org/maxkey/web/contorller/ImageCaptchaBase64Endpoint.java
已删除
100644 → 0
浏览文件 @
586e473e
/*
* Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package
org.maxkey.web.contorller
;
import
com.google.code.kaptcha.Producer
;
import
java.awt.image.BufferedImage
;
import
java.io.ByteArrayOutputStream
;
import
java.io.IOException
;
import
java.util.Base64
;
import
javax.imageio.ImageIO
;
import
javax.servlet.ServletOutputStream
;
import
javax.servlet.http.HttpServletRequest
;
import
javax.servlet.http.HttpServletResponse
;
import
org.slf4j.Logger
;
import
org.slf4j.LoggerFactory
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.stereotype.Controller
;
import
org.springframework.web.bind.annotation.RequestMapping
;
import
org.springframework.web.bind.annotation.RequestParam
;
/**
* ImageCaptchaEndpoint Producer captcha.
* @author Crystal.Sea
*
*/
@Controller
public
class
ImageCaptchaBase64Endpoint
{
private
static
final
Logger
_logger
=
LoggerFactory
.
getLogger
(
ImageCaptchaBase64Endpoint
.
class
);
public
static
final
String
IMAGE_GIF
=
"image/gif"
;
public
static
final
String
KAPTCHA_SESSION_KEY
=
"kaptcha_session_key"
;
@Autowired
private
Producer
captchaProducer
;
/**
* captcha image Producer.
*
* @param request HttpServletRequest
* @param response HttpServletResponse
*/
@RequestMapping
(
value
=
"/captcha/base64"
)
public
void
captchaHandleRequest
(
HttpServletRequest
request
,
HttpServletResponse
response
,
@RequestParam
(
value
=
"captcha"
,
required
=
false
,
defaultValue
=
"text"
)
String
captchaType
)
{
try
{
String
kaptchaText
=
captchaProducer
.
createText
();
if
(
captchaType
.
equalsIgnoreCase
(
"Arithmetic"
))
{
Integer
intParamA
=
Integer
.
valueOf
(
kaptchaText
.
substring
(
0
,
1
));
Integer
intParamB
=
Integer
.
valueOf
(
kaptchaText
.
substring
(
1
,
2
));
Integer
calculateValue
=
0
;
if
((
intParamA
>
intParamB
)
&&
((
intParamA
+
intParamB
)
%
5
>
3
))
{
calculateValue
=
intParamA
-
intParamB
;
kaptchaText
=
intParamA
+
"-"
+
intParamB
+
"=?"
;
}
else
{
calculateValue
=
intParamA
+
intParamB
;
kaptchaText
=
intParamA
+
"+"
+
intParamB
+
"=?"
;
}
_logger
.
trace
(
"Sesssion id "
+
request
.
getSession
().
getId
()
+
" , Arithmetic calculate Value is "
+
calculateValue
);
request
.
getSession
().
setAttribute
(
KAPTCHA_SESSION_KEY
,
calculateValue
+
""
);
}
else
{
// store the text in the session
request
.
getSession
().
setAttribute
(
KAPTCHA_SESSION_KEY
,
kaptchaText
);
}
_logger
.
trace
(
"Sesssion id "
+
request
.
getSession
().
getId
()
+
" , Captcha Text is "
+
kaptchaText
);
// create the image with the text
BufferedImage
bufferedImage
=
captchaProducer
.
createImage
(
kaptchaText
);
producerImage
(
request
,
response
,
bufferedImage
);
}
catch
(
Exception
e
)
{
_logger
.
error
(
"captcha Producer Error "
+
e
.
getMessage
());
}
}
/**
* producerImage.
* @param request HttpServletRequest
* @param response HttpServletResponse
* @param bufferedImage BufferedImage
* @throws IOException error
*/
public
static
void
producerImage
(
HttpServletRequest
request
,
HttpServletResponse
response
,
BufferedImage
bufferedImage
)
throws
IOException
{
// Set to expire far in the past.
response
.
setDateHeader
(
"Expires"
,
0
);
// Set standard HTTP/1.1 no-cache headers.
response
.
setHeader
(
"Cache-Control"
,
"no-store, no-cache, must-revalidate"
);
// Set IE extended HTTP/1.1 no-cache headers (use addHeader).
response
.
addHeader
(
"Cache-Control"
,
"post-check=0, pre-check=0"
);
// Set standard HTTP/1.0 no-cache header.
response
.
setHeader
(
"Pragma"
,
"no-cache"
);
// return a jpeg/gif
//response.setContentType(IMAGE_GIF);
_logger
.
trace
(
"create the image"
);
// create the image
if
(
bufferedImage
!=
null
)
{
ServletOutputStream
out
=
response
.
getOutputStream
();
// write the data out
ByteArrayOutputStream
stream
=
new
ByteArrayOutputStream
();
ImageIO
.
write
(
bufferedImage
,
"png"
,
stream
);
String
b64Image
=
"data:image/png;base64,"
+
Base64
.
getEncoder
().
encodeToString
(
stream
.
toByteArray
());
out
.
print
(
b64Image
);
_logger
.
debug
(
"b64Image {}"
,
b64Image
);
stream
.
close
();
try
{
out
.
flush
();
}
finally
{
out
.
close
();
}
}
}
public
void
setCaptchaProducer
(
Producer
captchaProducer
)
{
this
.
captchaProducer
=
captchaProducer
;
}
}
maxkey-authentications/maxkey-authentication-captcha/src/main/java/org/maxkey/web/contorller/ImageCaptchaEndpoint.java
浏览文件 @
7bba47a4
/*
* Copyright [202
0
] [MaxKey of copyright http://www.maxkey.top]
* Copyright [202
2
] [MaxKey of copyright http://www.maxkey.top]
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
...
...
@@ -18,16 +18,24 @@
package
org.maxkey.web.contorller
;
import
com.google.code.kaptcha.Producer
;
import
com.nimbusds.jwt.JWTClaimsSet
;
import
java.awt.image.BufferedImage
;
import
java.io.IOException
;
import
java.io.ByteArrayOutputStream
;
import
java.util.Base64
;
import
javax.imageio.ImageIO
;
import
javax.servlet.ServletOutputStream
;
import
javax.servlet.http.HttpServletRequest
;
import
javax.servlet.http.HttpServletResponse
;
import
org.apache.commons.lang3.StringUtils
;
import
org.maxkey.authn.jwt.AuthJwtService
;
import
org.maxkey.entity.Message
;
import
org.maxkey.persistence.MomentaryService
;
import
org.maxkey.web.WebContext
;
import
org.slf4j.Logger
;
import
org.slf4j.LoggerFactory
;
import
org.springframework.beans.factory.annotation.Autowired
;
import
org.springframework.http.MediaType
;
import
org.springframework.http.ResponseEntity
;
import
org.springframework.stereotype.Controller
;
import
org.springframework.web.bind.annotation.RequestMapping
;
import
org.springframework.web.bind.annotation.RequestParam
;
...
...
@@ -41,13 +49,15 @@ import org.springframework.web.bind.annotation.RequestParam;
@Controller
public
class
ImageCaptchaEndpoint
{
private
static
final
Logger
_logger
=
LoggerFactory
.
getLogger
(
ImageCaptchaEndpoint
.
class
);
public
static
final
String
IMAGE_GIF
=
"image/gif"
;
public
static
final
String
KAPTCHA_SESSION_KEY
=
"kaptcha_session_key"
;
@Autowired
private
Producer
captchaProducer
;
@Autowired
protected
MomentaryService
momentaryService
;
@Autowired
AuthJwtService
authJwtService
;
/**
* captcha image Producer.
...
...
@@ -55,75 +65,55 @@ public class ImageCaptchaEndpoint {
* @param request HttpServletRequest
* @param response HttpServletResponse
*/
@RequestMapping
(
value
=
"/captcha"
)
public
void
captchaHandleRequest
(
HttpServletRequest
request
,
HttpServletResponse
response
,
@RequestParam
(
value
=
"captcha"
,
required
=
false
,
defaultValue
=
"text"
)
String
captchaTyp
e
)
{
@RequestMapping
(
value
={
"/captcha"
},
produces
=
{
MediaType
.
APPLICATION_JSON_VALUE
}
)
public
ResponseEntity
<?>
captchaHandleRequest
(
@RequestParam
(
value
=
"captcha"
,
required
=
false
,
defaultValue
=
"text"
)
String
captchaType
,
@RequestParam
(
value
=
"state"
,
required
=
false
,
defaultValue
=
"state"
)
String
stat
e
)
{
try
{
String
kaptchaText
=
captchaProducer
.
createText
();
String
kaptchaValue
=
kaptchaText
;
if
(
captchaType
.
equalsIgnoreCase
(
"Arithmetic"
))
{
Integer
intParamA
=
Integer
.
valueOf
(
kaptchaText
.
substring
(
0
,
1
));
Integer
intParamB
=
Integer
.
valueOf
(
kaptchaText
.
substring
(
1
,
2
));
Integer
calculateValue
=
0
;
if
((
intParamA
>
intParamB
)
&&
((
intParamA
+
intParamB
)
%
5
>
3
))
{
calculateValue
=
intParamA
-
intParamB
;
kaptchaText
=
intParamA
+
"-"
+
intParamB
+
"=?"
;
Integer
minuend
=
Integer
.
valueOf
(
kaptchaText
.
substring
(
0
,
1
));
Integer
subtrahend
=
Integer
.
valueOf
(
kaptchaText
.
substring
(
1
,
2
));
if
(
minuend
-
subtrahend
>
0
)
{
kaptchaValue
=
(
minuend
-
subtrahend
)
+
""
;
kaptchaText
=
minuend
+
"-"
+
subtrahend
+
"=?"
;
}
else
{
calculateValue
=
intParamA
+
intParamB
;
kaptchaText
=
intParamA
+
"+"
+
intParamB
+
"=?"
;
kaptchaValue
=
(
minuend
+
subtrahend
)
+
""
;
kaptchaText
=
minuend
+
"+"
+
subtrahend
+
"=?"
;
}
_logger
.
trace
(
"Sesssion id "
+
request
.
getSession
().
getId
()
+
" , Arithmetic calculate Value is "
+
calculateValue
);
request
.
getSession
().
setAttribute
(
KAPTCHA_SESSION_KEY
,
calculateValue
+
""
);
}
else
{
// store the text in the session
request
.
getSession
().
setAttribute
(
KAPTCHA_SESSION_KEY
,
kaptchaText
);
}
_logger
.
trace
(
"Sesssion id "
+
request
.
getSession
().
getId
()
+
" , Captcha Text is "
+
kaptchaText
);
String
kaptchaKey
=
""
;
if
(
StringUtils
.
isNotBlank
(
state
)
&&
!
state
.
equalsIgnoreCase
(
"state"
)
&&
authJwtService
.
validateJwtToken
(
state
))
{
JWTClaimsSet
claim
=
authJwtService
.
resolve
(
state
);
kaptchaKey
=
claim
.
getJWTID
();
}
else
{
kaptchaKey
=
WebContext
.
genId
();
}
_logger
.
trace
(
"kaptchaKey {} , Captcha Text is {}"
,
kaptchaKey
,
kaptchaValue
);
momentaryService
.
put
(
""
,
kaptchaKey
,
kaptchaValue
);
// create the image with the text
BufferedImage
bufferedImage
=
captchaProducer
.
createImage
(
kaptchaText
);
producerImage
(
request
,
response
,
bufferedImage
);
// write the data out
ByteArrayOutputStream
stream
=
new
ByteArrayOutputStream
();
ImageIO
.
write
(
bufferedImage
,
"png"
,
stream
);
String
b64Image
=
"data:image/png;base64,"
+
Base64
.
getEncoder
().
encodeToString
(
stream
.
toByteArray
());
_logger
.
trace
(
"b64Image {}"
,
b64Image
);
stream
.
close
();
return
new
Message
<
ImageCaptcha
>(
new
ImageCaptcha
(
kaptchaKey
,
b64Image
)
).
buildResponse
();
}
catch
(
Exception
e
)
{
_logger
.
error
(
"captcha Producer Error "
+
e
.
getMessage
());
}
}
/**
* producerImage.
* @param request HttpServletRequest
* @param response HttpServletResponse
* @param bufferedImage BufferedImage
* @throws IOException error
*/
public
static
void
producerImage
(
HttpServletRequest
request
,
HttpServletResponse
response
,
BufferedImage
bufferedImage
)
throws
IOException
{
// Set to expire far in the past.
response
.
setDateHeader
(
"Expires"
,
0
);
// Set standard HTTP/1.1 no-cache headers.
response
.
setHeader
(
"Cache-Control"
,
"no-store, no-cache, must-revalidate"
);
// Set IE extended HTTP/1.1 no-cache headers (use addHeader).
response
.
addHeader
(
"Cache-Control"
,
"post-check=0, pre-check=0"
);
// Set standard HTTP/1.0 no-cache header.
response
.
setHeader
(
"Pragma"
,
"no-cache"
);
// return a jpeg/gif
response
.
setContentType
(
IMAGE_GIF
);
_logger
.
trace
(
"create the image"
);
// create the image
if
(
bufferedImage
!=
null
)
{
ServletOutputStream
out
=
response
.
getOutputStream
();
// write the data out
ImageIO
.
write
(
bufferedImage
,
"gif"
,
out
);
try
{
out
.
flush
();
}
finally
{
out
.
close
();
}
}
return
new
Message
<
Object
>(
Message
.
FAIL
).
buildResponse
();
}
public
void
setCaptchaProducer
(
Producer
captchaProducer
)
{
...
...
maxkey-authentications/maxkey-authentication-captcha/src/main/resources/kaptcha.properties
浏览文件 @
7bba47a4
kaptcha.image.width
=
80
kaptcha.image.height
=
40
kaptcha.border
=
no
kaptcha.obscurificator.impl
=
com.google.code.kaptcha.impl.ShadowGimpy
#kaptcha.obscurificator.impl=com.google.code.kaptcha.impl.ShadowGimpy
kaptcha.obscurificator.impl
=
com.google.code.kaptcha.impl.Ripple
kaptcha.textproducer.font.size
=
23
kaptcha.textproducer.char.string
=
0123456789
kaptcha.textproducer.char.length
=
4
kaptcha.noise.impl
=
com.google.code.kaptcha.impl.NoNoise
#
kaptcha.noise.color
=
white
\ No newline at end of file
kaptcha.textproducer.char.space
=
3
#kaptcha.noise.impl=com.google.code.kaptcha.impl.DefaultNoise
kaptcha.noise.impl
=
com.google.code.kaptcha.impl.LightNoise
#kaptcha.noise.color=white
kaptcha.word.impl
=
com.google.code.kaptcha.text.impl.RandomColorWordRenderer
\ No newline at end of file
maxkey-authentications/maxkey-authentication-captcha/src/main/resources/kaptcha_d.properties
0 → 100644
浏览文件 @
7bba47a4
kaptcha.image.width
=
80
kaptcha.image.height
=
40
kaptcha.border
=
no
kaptcha.obscurificator.impl
=
com.google.code.kaptcha.impl.ShadowGimpy
kaptcha.textproducer.font.size
=
23
kaptcha.textproducer.char.string
=
0123456789
kaptcha.textproducer.char.length
=
4
kaptcha.noise.impl
=
com.google.code.kaptcha.impl.NoNoise
#
kaptcha.noise.color
=
white
\ No newline at end of file
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java
浏览文件 @
7bba47a4
...
...
@@ -20,6 +20,7 @@ package org.maxkey.authn;
import
java.util.ArrayList
;
import
java.util.HashMap
;
import
org.maxkey.authn.jwt.AuthJwtService
;
import
org.maxkey.authn.online.OnlineTicketService
;
import
org.maxkey.authn.realm.AbstractAuthenticationRealm
;
import
org.maxkey.configuration.ApplicationConfig
;
...
...
@@ -28,6 +29,7 @@ import org.maxkey.constants.ConstsStatus;
import
org.maxkey.entity.UserInfo
;
import
org.maxkey.password.onetimepwd.AbstractOtpAuthn
;
import
org.maxkey.password.onetimepwd.OtpAuthnService
;
import
org.maxkey.persistence.MomentaryService
;
import
org.maxkey.web.WebConstants
;
import
org.maxkey.web.WebContext
;
import
org.slf4j.Logger
;
...
...
@@ -51,7 +53,14 @@ public abstract class AbstractAuthenticationProvider {
public
final
static
String
NORMAL
=
"normal"
;
public
final
static
String
TFA
=
"tfa"
;
public
final
static
String
MOBILE
=
"mobile"
;
public
final
static
String
TRUSTED
=
"trusted"
;
}
protected
static
String
PROVIDER_SUFFIX
=
"AuthenticationProvider"
;
private
static
HashMap
<
String
,
AbstractAuthenticationProvider
>
providers
=
new
HashMap
<
String
,
AbstractAuthenticationProvider
>();
protected
ApplicationConfig
applicationConfig
;
protected
AbstractAuthenticationRealm
authenticationRealm
;
...
...
@@ -62,87 +71,42 @@ public abstract class AbstractAuthenticationProvider {
protected
OnlineTicketService
onlineTicketServices
;
protected
MomentaryService
momentaryService
;
protected
AuthJwtService
authJwtService
;
public
static
ArrayList
<
GrantedAuthority
>
grantedAdministratorsAuthoritys
=
new
ArrayList
<
GrantedAuthority
>();
static
{
grantedAdministratorsAuthoritys
.
add
(
new
SimpleGrantedAuthority
(
"ROLE_ADMINISTRATORS"
));
}
p
rotected
abstract
String
getProviderName
();
p
ublic
abstract
String
getProviderName
();
public
abstract
Authentication
authenticate
(
LoginCredential
authentication
);
public
abstract
Authentication
authentication
(
LoginCredential
loginCredential
,
boolean
isTrusted
);
public
abstract
Authentication
doAuthenticate
(
LoginCredential
authentication
);
@SuppressWarnings
(
"rawtypes"
)
public
boolean
supports
(
Class
authentication
)
{
return
(
UsernamePasswordAuthenticationToken
.
class
.
isAssignableFrom
(
authentication
));
}
protected
void
changeSession
(
Authentication
authentication
)
{
HashMap
<
String
,
Object
>
sessionAttributeMap
=
new
HashMap
<
String
,
Object
>();
for
(
String
attributeName
:
WebContext
.
sessionAttributeNameList
)
{
sessionAttributeMap
.
put
(
attributeName
,
WebContext
.
getAttribute
(
attributeName
));
WebContext
.
removeAttribute
(
attributeName
);
}
//new Session
WebContext
.
getSession
().
invalidate
();
for
(
String
attributeName
:
WebContext
.
sessionAttributeNameList
)
{
WebContext
.
setAttribute
(
attributeName
,
sessionAttributeMap
.
get
(
attributeName
));
}
public
Authentication
authenticate
(
LoginCredential
authentication
){
if
(
authentication
.
getAuthType
().
equalsIgnoreCase
(
"trusted"
))
{
return
null
;
}
AbstractAuthenticationProvider
provider
=
providers
.
get
(
authentication
.
getAuthType
()
+
PROVIDER_SUFFIX
);
return
provider
==
null
?
null
:
provider
.
doAuthenticate
(
authentication
);
}
/**
* session validate.
*
* @param sessionId String
*/
protected
void
sessionValid
(
String
sessionId
)
{
if
(
sessionId
==
null
||
!
sessionId
.
equals
(
WebContext
.
getSession
().
getId
()))
{
_logger
.
debug
(
"login session valid error."
);
_logger
.
debug
(
"login session sessionId "
+
sessionId
);
_logger
.
debug
(
"login getSession sessionId "
+
WebContext
.
getSession
().
getId
());
String
message
=
WebContext
.
getI18nValue
(
"login.error.session"
);
throw
new
BadCredentialsException
(
message
);
}
}
/**
* session validate.
*
* @param jwtToken String
*/
protected
void
jwtTokenValid
(
String
jwtToken
)
{
/*
* if(jwtToken!=null && ! jwtToken.equals("")){
* if(jwtLoginService.jwtTokenValidation(j_jwtToken)){ return; } }
*/
String
message
=
WebContext
.
getI18nValue
(
"login.error.session"
);
_logger
.
debug
(
"login session valid error."
);
throw
new
BadCredentialsException
(
message
);
public
Authentication
authenticate
(
LoginCredential
authentication
,
boolean
trusted
){
AbstractAuthenticationProvider
provider
=
providers
.
get
(
AuthType
.
TRUSTED
+
PROVIDER_SUFFIX
);
return
provider
==
null
?
null
:
provider
.
doAuthenticate
(
authentication
);
}
protected
void
authTypeValid
(
String
authType
)
{
_logger
.
debug
(
"Login AuthN Type "
+
authType
);
if
(
authType
!=
null
&&
(
authType
.
equalsIgnoreCase
(
AuthType
.
NORMAL
)
||
authType
.
equalsIgnoreCase
(
AuthType
.
TFA
)
||
authType
.
equalsIgnoreCase
(
AuthType
.
MOBILE
)
)
)
{
return
;
}
final
String
message
=
WebContext
.
getI18nValue
(
"login.error.authtype"
);
_logger
.
debug
(
"Login AuthN type must eq basic or tfa , Error message is {}"
,
message
);
throw
new
BadCredentialsException
(
message
);
public
void
addAuthenticationProvider
(
AbstractAuthenticationProvider
provider
)
{
providers
.
put
(
provider
.
getProviderName
(),
provider
);
}
/**
* captcha validate .
*
...
...
@@ -189,28 +153,7 @@ public abstract class AbstractAuthenticationProvider {
}
}
/**
* mobile validate.
*
* @param otpCaptcha String
* @param authType String
* @param userInfo UserInfo
*/
protected
void
mobilecaptchaValid
(
String
password
,
String
authType
,
UserInfo
userInfo
)
{
// for mobile password
if
(
applicationConfig
.
getLoginConfig
().
isMfa
()
&&
authType
.
equalsIgnoreCase
(
AuthType
.
MOBILE
))
{
UserInfo
validUserInfo
=
new
UserInfo
();
validUserInfo
.
setUsername
(
userInfo
.
getUsername
());
validUserInfo
.
setId
(
userInfo
.
getId
());
AbstractOtpAuthn
smsOtpAuthn
=
otpAuthnService
.
getByInstId
(
userInfo
.
getInstId
());
if
(
password
==
null
||
!
smsOtpAuthn
.
validate
(
validUserInfo
,
password
))
{
String
message
=
WebContext
.
getI18nValue
(
"login.error.captcha"
);
_logger
.
debug
(
"login captcha valid error."
);
throw
new
BadCredentialsException
(
message
);
}
}
}
/**
* login user by j_username and j_cname first query user by j_cname if first
...
...
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/LoginCredential.java
浏览文件 @
7bba47a4
...
...
@@ -33,7 +33,7 @@ public class LoginCredential implements Authentication {
String
congress
;
String
username
;
String
password
;
String
s
essionId
;
String
s
tate
;
String
captcha
;
String
otpCaptcha
;
String
remeberMe
;
...
...
@@ -126,15 +126,15 @@ public class LoginCredential implements Authentication {
this
.
password
=
password
;
}
public
String
getS
essionId
()
{
return
sessionId
;
}
public
String
getS
tate
()
{
return
state
;
}
public
void
setSessionId
(
String
sessionId
)
{
this
.
sessionId
=
sessionId
;
}
public
void
setState
(
String
state
)
{
this
.
state
=
state
;
}
public
String
getCaptcha
()
{
public
String
getCaptcha
()
{
return
captcha
;
}
...
...
@@ -233,12 +233,14 @@ public class LoginCredential implements Authentication {
@Override
public
String
toString
()
{
StringBuilder
builder
=
new
StringBuilder
();
builder
.
append
(
"LoginCredential [username="
);
builder
.
append
(
"LoginCredential [congress="
);
builder
.
append
(
congress
);
builder
.
append
(
", username="
);
builder
.
append
(
username
);
builder
.
append
(
", password="
);
builder
.
append
(
"******"
);
builder
.
append
(
", s
essionId
="
);
builder
.
append
(
s
essionId
);
builder
.
append
(
password
);
builder
.
append
(
", s
tate
="
);
builder
.
append
(
s
tate
);
builder
.
append
(
", captcha="
);
builder
.
append
(
captcha
);
builder
.
append
(
", otpCaptcha="
);
...
...
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/
Realm
AuthenticationProvider.java
→
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/
provider/Mfa
AuthenticationProvider.java
浏览文件 @
7bba47a4
...
...
@@ -15,10 +15,14 @@
*/
package
org.maxkey.authn
;
package
org.maxkey.authn
.provider
;
import
java.util.ArrayList
;
import
org.maxkey.authn.AbstractAuthenticationProvider
;
import
org.maxkey.authn.LoginCredential
;
import
org.maxkey.authn.SigninPrincipal
;
import
org.maxkey.authn.jwt.AuthJwtService
;
import
org.maxkey.authn.online.OnlineTicket
;
import
org.maxkey.authn.online.OnlineTicketService
;
import
org.maxkey.authn.realm.AbstractAuthenticationRealm
;
...
...
@@ -27,13 +31,11 @@ import org.maxkey.configuration.ApplicationConfig;
import
org.maxkey.constants.ConstsLoginType
;
import
org.maxkey.entity.Institutions
;
import
org.maxkey.entity.UserInfo
;
import
org.maxkey.password.onetimepwd.AbstractOtpAuthn
;
import
org.maxkey.password.onetimepwd.OtpAuthnService
;
import
org.maxkey.persistence.MomentaryService
;
import
org.maxkey.web.WebConstants
;
import
org.maxkey.web.WebContext
;
import
org.slf4j.Logger
;
import
org.slf4j.LoggerFactory
;
import
org.springframework.security.authentication.BadCredentialsException
;
import
org.springframework.security.authentication.UsernamePasswordAuthenticationToken
;
import
org.springframework.security.core.Authentication
;
import
org.springframework.security.core.AuthenticationException
;
...
...
@@ -46,47 +48,40 @@ import org.springframework.security.web.authentication.WebAuthenticationDetails;
* @author Crystal.Sea
*
*/
public
class
Realm
AuthenticationProvider
extends
AbstractAuthenticationProvider
{
public
class
Mfa
AuthenticationProvider
extends
AbstractAuthenticationProvider
{
private
static
final
Logger
_logger
=
LoggerFactory
.
getLogger
(
Realm
AuthenticationProvider
.
class
);
LoggerFactory
.
getLogger
(
Mfa
AuthenticationProvider
.
class
);
p
rotected
String
getProviderName
()
{
return
"
RealmAuthenticationProvider"
;
p
ublic
String
getProviderName
()
{
return
"
normal"
+
PROVIDER_SUFFIX
;
}
public
Realm
AuthenticationProvider
()
{
public
Mfa
AuthenticationProvider
()
{
super
();
}
public
RealmAuthenticationProvider
(
public
MfaAuthenticationProvider
(
AbstractAuthenticationRealm
authenticationRealm
,
ApplicationConfig
applicationConfig
,
AbstractOtpAuthn
tfaOtpAuthn
,
OtpAuthnService
otpAuthn
Service
,
OnlineTicketService
onlineTicketServices
)
{
OnlineTicketService
onlineTicketServices
,
AuthJwtService
authJwt
Service
,
MomentaryService
momentaryService
)
{
this
.
authenticationRealm
=
authenticationRealm
;
this
.
applicationConfig
=
applicationConfig
;
this
.
tfaOtpAuthn
=
tfaOtpAuthn
;
this
.
otpAuthnService
=
otpAuthnService
;
this
.
onlineTicketServices
=
onlineTicketServices
;
this
.
authJwtService
=
authJwtService
;
this
.
momentaryService
=
momentaryService
;
}
@Override
public
Authentication
a
uthenticate
(
LoginCredential
loginCredential
)
{
public
Authentication
doA
uthenticate
(
LoginCredential
loginCredential
)
{
UsernamePasswordAuthenticationToken
authenticationToken
=
null
;
_logger
.
debug
(
"Trying to authenticate user '{}' via {}"
,
loginCredential
.
getPrincipal
(),
getProviderName
());
try
{
_logger
.
debug
(
"authentication "
+
loginCredential
);
//sessionValid(loginCredential.getSessionId());
//jwtTokenValid(j_jwtToken);
authTypeValid
(
loginCredential
.
getAuthType
());
Institutions
inst
=
(
Institutions
)
WebContext
.
getAttribute
(
WebConstants
.
CURRENT_INST
);
if
(
inst
.
getCaptchaSupport
().
equalsIgnoreCase
(
"YES"
))
{
...
...
@@ -107,12 +102,10 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
//Validate PasswordPolicy
authenticationRealm
.
getPasswordPolicyValidator
().
passwordPolicyValid
(
userInfo
);
if
(
loginCredential
.
getAuthType
().
equalsIgnoreCase
(
AuthType
.
MOBILE
))
{
mobilecaptchaValid
(
loginCredential
.
getPassword
(),
loginCredential
.
getAuthType
(),
userInfo
);
}
else
{
//Match password
authenticationRealm
.
passwordMatches
(
userInfo
,
loginCredential
.
getPassword
());
}
//Match password
authenticationRealm
.
passwordMatches
(
userInfo
,
loginCredential
.
getPassword
());
//apply PasswordSetType and resetBadPasswordCount
authenticationRealm
.
getPasswordPolicyValidator
().
applyPasswordPolicy
(
userInfo
);
...
...
@@ -121,8 +114,6 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
_logger
.
debug
(
"'{}' authenticated successfully by {}."
,
loginCredential
.
getPrincipal
(),
getProviderName
());
changeSession
(
authenticationToken
);
authenticationRealm
.
insertLoginHistory
(
userInfo
,
ConstsLoginType
.
LOCAL
,
""
,
...
...
@@ -143,46 +134,6 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
return
authenticationToken
;
}
/**
* trustAuthentication.
* @param username String
* @param type String
* @param provider String
* @param code String
* @param message String
* @return boolean
*/
@Override
public
Authentication
authentication
(
LoginCredential
loginCredential
,
boolean
isTrusted
)
{
UserInfo
loadeduserInfo
=
loadUserInfo
(
loginCredential
.
getUsername
(),
""
);
statusValid
(
loginCredential
,
loadeduserInfo
);
if
(
loadeduserInfo
!=
null
)
{
//Validate PasswordPolicy
authenticationRealm
.
getPasswordPolicyValidator
().
passwordPolicyValid
(
loadeduserInfo
);
if
(!
isTrusted
)
{
authenticationRealm
.
passwordMatches
(
loadeduserInfo
,
loginCredential
.
getPassword
());
}
//apply PasswordSetType and resetBadPasswordCount
authenticationRealm
.
getPasswordPolicyValidator
().
applyPasswordPolicy
(
loadeduserInfo
);
Authentication
authentication
=
createOnlineSession
(
loginCredential
,
loadeduserInfo
);
authenticationRealm
.
insertLoginHistory
(
loadeduserInfo
,
loginCredential
.
getAuthType
(),
loginCredential
.
getProvider
(),
loginCredential
.
getCode
(),
loginCredential
.
getMessage
()
);
return
authentication
;
}
else
{
String
i18nMessage
=
WebContext
.
getI18nValue
(
"login.error.username"
);
_logger
.
debug
(
"login user {} not in this System . {}"
,
loginCredential
.
getUsername
(),
i18nMessage
);
throw
new
BadCredentialsException
(
WebContext
.
getI18nValue
(
"login.error.username"
));
}
}
public
UsernamePasswordAuthenticationToken
createOnlineSession
(
LoginCredential
credential
,
UserInfo
userInfo
)
{
//Online Tickit
OnlineTicket
onlineTicket
=
new
OnlineTicket
();
...
...
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/provider/MobileAuthenticationProvider.java
0 → 100644
浏览文件 @
7bba47a4
/*
* Copyright [2022] [MaxKey of copyright http://www.maxkey.top]
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package
org.maxkey.authn.provider
;
import
org.maxkey.authn.LoginCredential
;
import
org.maxkey.authn.online.OnlineTicketService
;
import
org.maxkey.authn.realm.AbstractAuthenticationRealm
;
import
org.maxkey.configuration.ApplicationConfig
;
import
org.maxkey.constants.ConstsLoginType
;
import
org.maxkey.entity.UserInfo
;
import
org.maxkey.password.onetimepwd.AbstractOtpAuthn
;
import
org.maxkey.password.onetimepwd.OtpAuthnService
;
import
org.maxkey.web.WebConstants
;
import
org.maxkey.web.WebContext
;
import
org.slf4j.Logger
;
import
org.slf4j.LoggerFactory
;
import
org.springframework.security.authentication.BadCredentialsException
;
import
org.springframework.security.authentication.UsernamePasswordAuthenticationToken
;
import
org.springframework.security.core.Authentication
;
import
org.springframework.security.core.AuthenticationException
;
/**
* Mobile Authentication provider.
* @author Crystal.Sea
*
*/
public
class
MobileAuthenticationProvider
extends
NormalAuthenticationProvider
{
private
static
final
Logger
_logger
=
LoggerFactory
.
getLogger
(
MobileAuthenticationProvider
.
class
);
public
String
getProviderName
()
{
return
"mobile"
+
PROVIDER_SUFFIX
;
}
public
MobileAuthenticationProvider
()
{
super
();
}
public
MobileAuthenticationProvider
(
AbstractAuthenticationRealm
authenticationRealm
,
ApplicationConfig
applicationConfig
,
OtpAuthnService
otpAuthnService
,
OnlineTicketService
onlineTicketServices
)
{
this
.
authenticationRealm
=
authenticationRealm
;
this
.
applicationConfig
=
applicationConfig
;
this
.
otpAuthnService
=
otpAuthnService
;
this
.
onlineTicketServices
=
onlineTicketServices
;
}
@Override
public
Authentication
authenticate
(
LoginCredential
loginCredential
)
{
UsernamePasswordAuthenticationToken
authenticationToken
=
null
;
_logger
.
debug
(
"Trying to authenticate user '{}' via {}"
,
loginCredential
.
getPrincipal
(),
getProviderName
());
try
{
_logger
.
debug
(
"authentication "
+
loginCredential
);
emptyPasswordValid
(
loginCredential
.
getPassword
());
emptyUsernameValid
(
loginCredential
.
getUsername
());
UserInfo
userInfo
=
loadUserInfo
(
loginCredential
.
getUsername
(),
loginCredential
.
getPassword
());
statusValid
(
loginCredential
,
userInfo
);
//Validate PasswordPolicy
authenticationRealm
.
getPasswordPolicyValidator
().
passwordPolicyValid
(
userInfo
);
mobilecaptchaValid
(
loginCredential
.
getPassword
(),
userInfo
);
//apply PasswordSetType and resetBadPasswordCount
authenticationRealm
.
getPasswordPolicyValidator
().
applyPasswordPolicy
(
userInfo
);
authenticationToken
=
createOnlineSession
(
loginCredential
,
userInfo
);
// user authenticated
_logger
.
debug
(
"'{}' authenticated successfully by {}."
,
loginCredential
.
getPrincipal
(),
getProviderName
());
authenticationRealm
.
insertLoginHistory
(
userInfo
,
ConstsLoginType
.
LOCAL
,
""
,
"xe00000004"
,
WebConstants
.
LOGIN_RESULT
.
SUCCESS
);
}
catch
(
AuthenticationException
e
)
{
_logger
.
error
(
"Failed to authenticate user {} via {}: {}"
,
new
Object
[]
{
loginCredential
.
getPrincipal
(),
getProviderName
(),
e
.
getMessage
()
});
WebContext
.
setAttribute
(
WebConstants
.
LOGIN_ERROR_SESSION_MESSAGE
,
e
.
getMessage
());
}
catch
(
Exception
e
)
{
_logger
.
error
(
"Login error Unexpected exception in {} authentication:\n{}"
,
getProviderName
(),
e
.
getMessage
());
}
return
authenticationToken
;
}
/**
* mobile validate.
*
* @param otpCaptcha String
* @param authType String
* @param userInfo UserInfo
*/
protected
void
mobilecaptchaValid
(
String
password
,
UserInfo
userInfo
)
{
// for mobile password
if
(
applicationConfig
.
getLoginConfig
().
isMfa
())
{
UserInfo
validUserInfo
=
new
UserInfo
();
validUserInfo
.
setUsername
(
userInfo
.
getUsername
());
validUserInfo
.
setId
(
userInfo
.
getId
());
AbstractOtpAuthn
smsOtpAuthn
=
otpAuthnService
.
getByInstId
(
userInfo
.
getInstId
());
if
(
password
==
null
||
!
smsOtpAuthn
.
validate
(
validUserInfo
,
password
))
{
String
message
=
WebContext
.
getI18nValue
(
"login.error.captcha"
);
_logger
.
debug
(
"login captcha valid error."
);
throw
new
BadCredentialsException
(
message
);
}
}
}
}
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/provider/NormalAuthenticationProvider.java
0 → 100644
浏览文件 @
7bba47a4
/*
* Copyright [2022] [MaxKey of copyright http://www.maxkey.top]
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package
org.maxkey.authn.provider
;
import
java.util.ArrayList
;
import
org.maxkey.authn.AbstractAuthenticationProvider
;
import
org.maxkey.authn.LoginCredential
;
import
org.maxkey.authn.SigninPrincipal
;
import
org.maxkey.authn.jwt.AuthJwtService
;
import
org.maxkey.authn.online.OnlineTicket
;
import
org.maxkey.authn.online.OnlineTicketService
;
import
org.maxkey.authn.realm.AbstractAuthenticationRealm
;
import
org.maxkey.authn.web.AuthorizationUtils
;
import
org.maxkey.configuration.ApplicationConfig
;
import
org.maxkey.constants.ConstsLoginType
;
import
org.maxkey.entity.Institutions
;
import
org.maxkey.entity.UserInfo
;
import
org.maxkey.persistence.MomentaryService
;
import
org.maxkey.web.WebConstants
;
import
org.maxkey.web.WebContext
;
import
org.slf4j.Logger
;
import
org.slf4j.LoggerFactory
;
import
org.springframework.security.authentication.UsernamePasswordAuthenticationToken
;
import
org.springframework.security.core.Authentication
;
import
org.springframework.security.core.AuthenticationException
;
import
org.springframework.security.core.GrantedAuthority
;
import
org.springframework.security.web.authentication.WebAuthenticationDetails
;
/**
* database Authentication provider.
* @author Crystal.Sea
*
*/
public
class
NormalAuthenticationProvider
extends
AbstractAuthenticationProvider
{
private
static
final
Logger
_logger
=
LoggerFactory
.
getLogger
(
NormalAuthenticationProvider
.
class
);
public
String
getProviderName
()
{
return
"normal"
+
PROVIDER_SUFFIX
;
}
public
NormalAuthenticationProvider
()
{
super
();
}
public
NormalAuthenticationProvider
(
AbstractAuthenticationRealm
authenticationRealm
,
ApplicationConfig
applicationConfig
,
OnlineTicketService
onlineTicketServices
,
AuthJwtService
authJwtService
,
MomentaryService
momentaryService
)
{
this
.
authenticationRealm
=
authenticationRealm
;
this
.
applicationConfig
=
applicationConfig
;
this
.
onlineTicketServices
=
onlineTicketServices
;
this
.
authJwtService
=
authJwtService
;
this
.
momentaryService
=
momentaryService
;
}
@Override
public
Authentication
doAuthenticate
(
LoginCredential
loginCredential
)
{
UsernamePasswordAuthenticationToken
authenticationToken
=
null
;
_logger
.
debug
(
"Trying to authenticate user '{}' via {}"
,
loginCredential
.
getPrincipal
(),
getProviderName
());
try
{
_logger
.
debug
(
"authentication "
+
loginCredential
);
Institutions
inst
=
(
Institutions
)
WebContext
.
getAttribute
(
WebConstants
.
CURRENT_INST
);
if
(
inst
.
getCaptchaSupport
().
equalsIgnoreCase
(
"YES"
))
{
captchaValid
(
loginCredential
.
getCaptcha
(),
loginCredential
.
getAuthType
());
}
emptyPasswordValid
(
loginCredential
.
getPassword
());
emptyUsernameValid
(
loginCredential
.
getUsername
());
UserInfo
userInfo
=
loadUserInfo
(
loginCredential
.
getUsername
(),
loginCredential
.
getPassword
());
statusValid
(
loginCredential
,
userInfo
);
//Validate PasswordPolicy
authenticationRealm
.
getPasswordPolicyValidator
().
passwordPolicyValid
(
userInfo
);
//Match password
authenticationRealm
.
passwordMatches
(
userInfo
,
loginCredential
.
getPassword
());
//apply PasswordSetType and resetBadPasswordCount
authenticationRealm
.
getPasswordPolicyValidator
().
applyPasswordPolicy
(
userInfo
);
authenticationToken
=
createOnlineSession
(
loginCredential
,
userInfo
);
// user authenticated
_logger
.
debug
(
"'{}' authenticated successfully by {}."
,
loginCredential
.
getPrincipal
(),
getProviderName
());
authenticationRealm
.
insertLoginHistory
(
userInfo
,
ConstsLoginType
.
LOCAL
,
""
,
"xe00000004"
,
WebConstants
.
LOGIN_RESULT
.
SUCCESS
);
}
catch
(
AuthenticationException
e
)
{
_logger
.
error
(
"Failed to authenticate user {} via {}: {}"
,
new
Object
[]
{
loginCredential
.
getPrincipal
(),
getProviderName
(),
e
.
getMessage
()
});
WebContext
.
setAttribute
(
WebConstants
.
LOGIN_ERROR_SESSION_MESSAGE
,
e
.
getMessage
());
}
catch
(
Exception
e
)
{
_logger
.
error
(
"Login error Unexpected exception in {} authentication:\n{}"
,
getProviderName
(),
e
.
getMessage
());
}
return
authenticationToken
;
}
public
UsernamePasswordAuthenticationToken
createOnlineSession
(
LoginCredential
credential
,
UserInfo
userInfo
)
{
//Online Tickit
OnlineTicket
onlineTicket
=
new
OnlineTicket
();
userInfo
.
setOnlineTicket
(
onlineTicket
.
getTicketId
());
SigninPrincipal
principal
=
new
SigninPrincipal
(
userInfo
);
//set OnlineTicket
principal
.
setOnlineTicket
(
onlineTicket
);
ArrayList
<
GrantedAuthority
>
grantedAuthoritys
=
authenticationRealm
.
grantAuthority
(
userInfo
);
principal
.
setAuthenticated
(
true
);
for
(
GrantedAuthority
administratorsAuthority
:
grantedAdministratorsAuthoritys
)
{
if
(
grantedAuthoritys
.
contains
(
administratorsAuthority
))
{
principal
.
setRoleAdministrators
(
true
);
_logger
.
trace
(
"ROLE ADMINISTRATORS Authentication ."
);
}
}
_logger
.
debug
(
"Granted Authority {}"
,
grantedAuthoritys
);
principal
.
setGrantedAuthorityApps
(
authenticationRealm
.
queryAuthorizedApps
(
grantedAuthoritys
));
UsernamePasswordAuthenticationToken
authenticationToken
=
new
UsernamePasswordAuthenticationToken
(
principal
,
"PASSWORD"
,
grantedAuthoritys
);
authenticationToken
.
setDetails
(
new
WebAuthenticationDetails
(
WebContext
.
getRequest
()));
onlineTicket
.
setAuthentication
(
authenticationToken
);
//store onlineTicket
this
.
onlineTicketServices
.
store
(
onlineTicket
.
getTicketId
(),
onlineTicket
);
/*
* put Authentication to current session context
*/
AuthorizationUtils
.
setAuthentication
(
authenticationToken
);
return
authenticationToken
;
}
}
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/provider/TrustedAuthenticationProvider.java
0 → 100644
浏览文件 @
7bba47a4
/*
* Copyright [2022] [MaxKey of copyright http://www.maxkey.top]
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package
org.maxkey.authn.provider
;
import
org.maxkey.authn.LoginCredential
;
import
org.maxkey.authn.online.OnlineTicketService
;
import
org.maxkey.authn.realm.AbstractAuthenticationRealm
;
import
org.maxkey.configuration.ApplicationConfig
;
import
org.maxkey.entity.UserInfo
;
import
org.maxkey.web.WebContext
;
import
org.slf4j.Logger
;
import
org.slf4j.LoggerFactory
;
import
org.springframework.security.authentication.BadCredentialsException
;
import
org.springframework.security.core.Authentication
;
/**
* Trusted Authentication provider.
* @author Crystal.Sea
*
*/
public
class
TrustedAuthenticationProvider
extends
NormalAuthenticationProvider
{
private
static
final
Logger
_logger
=
LoggerFactory
.
getLogger
(
TrustedAuthenticationProvider
.
class
);
public
String
getProviderName
()
{
return
"trusted"
+
PROVIDER_SUFFIX
;
}
public
TrustedAuthenticationProvider
()
{
super
();
}
public
TrustedAuthenticationProvider
(
AbstractAuthenticationRealm
authenticationRealm
,
ApplicationConfig
applicationConfig
,
OnlineTicketService
onlineTicketServices
)
{
this
.
authenticationRealm
=
authenticationRealm
;
this
.
applicationConfig
=
applicationConfig
;
this
.
onlineTicketServices
=
onlineTicketServices
;
}
@Override
public
Authentication
doAuthenticate
(
LoginCredential
loginCredential
)
{
UserInfo
loadeduserInfo
=
loadUserInfo
(
loginCredential
.
getUsername
(),
""
);
statusValid
(
loginCredential
,
loadeduserInfo
);
if
(
loadeduserInfo
!=
null
)
{
//Validate PasswordPolicy
authenticationRealm
.
getPasswordPolicyValidator
().
passwordPolicyValid
(
loadeduserInfo
);
//apply PasswordSetType and resetBadPasswordCount
authenticationRealm
.
getPasswordPolicyValidator
().
applyPasswordPolicy
(
loadeduserInfo
);
Authentication
authentication
=
createOnlineSession
(
loginCredential
,
loadeduserInfo
);
authenticationRealm
.
insertLoginHistory
(
loadeduserInfo
,
loginCredential
.
getAuthType
(),
loginCredential
.
getProvider
(),
loginCredential
.
getCode
(),
loginCredential
.
getMessage
()
);
return
authentication
;
}
else
{
String
i18nMessage
=
WebContext
.
getI18nValue
(
"login.error.username"
);
_logger
.
debug
(
"login user {} not in this System . {}"
,
loginCredential
.
getUsername
(),
i18nMessage
);
throw
new
BadCredentialsException
(
WebContext
.
getI18nValue
(
"login.error.username"
));
}
}
}
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/provider/package-info.java
0 → 100644
浏览文件 @
7bba47a4
package
org.maxkey.authn.provider
;
\ No newline at end of file
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/basic/BasicEntryPoint.java
浏览文件 @
7bba47a4
...
...
@@ -131,7 +131,7 @@ public class BasicEntryPoint implements AsyncHandlerInterceptor {
if
(!
isAuthenticated
){
LoginCredential
loginCredential
=
new
LoginCredential
(
headerCredential
.
getUsername
(),
""
,
ConstsLoginType
.
BASIC
);
authenticationProvider
.
authenticat
ion
(
loginCredential
,
true
);
authenticationProvider
.
authenticat
e
(
loginCredential
,
true
);
_logger
.
info
(
"Authentication "
+
headerCredential
.
getUsername
()+
" successful ."
);
}
...
...
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/httpheader/HttpHeaderEntryPoint.java
浏览文件 @
7bba47a4
...
...
@@ -110,7 +110,7 @@ public class HttpHeaderEntryPoint implements AsyncHandlerInterceptor {
if
(!
isAuthenticated
){
LoginCredential
loginCredential
=
new
LoginCredential
(
httpHeaderUsername
,
""
,
ConstsLoginType
.
HTTPHEADER
);
authenticationProvider
.
authenticat
ion
(
loginCredential
,
true
);
authenticationProvider
.
authenticat
e
(
loginCredential
,
true
);
_logger
.
info
(
"Authentication "
+
httpHeaderUsername
+
" successful ."
);
}
...
...
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/jwt/HttpJwtEntryPoint.java
浏览文件 @
7bba47a4
...
...
@@ -79,7 +79,7 @@ public class HttpJwtEntryPoint implements AsyncHandlerInterceptor {
if
(
signedJWT
!=
null
)
{
String
username
=
signedJWT
.
getJWTClaimsSet
().
getSubject
();
LoginCredential
loginCredential
=
new
LoginCredential
(
username
,
""
,
ConstsLoginType
.
JWT
);
authenticationProvider
.
authenticat
ion
(
loginCredential
,
true
);
authenticationProvider
.
authenticat
e
(
loginCredential
,
true
);
_logger
.
debug
(
"JWT Logined in , username "
+
username
);
}
...
...
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/kerberos/HttpKerberosEntryPoint.java
浏览文件 @
7bba47a4
...
...
@@ -97,7 +97,7 @@ public class HttpKerberosEntryPoint implements AsyncHandlerInterceptor {
if
(
notOnOrAfter
.
isAfterNow
()){
LoginCredential
loginCredential
=
new
LoginCredential
(
kerberosToken
.
getPrincipal
(),
""
,
ConstsLoginType
.
KERBEROS
);
loginCredential
.
setProvider
(
kerberosUserDomain
);
authenticationProvider
.
authenticat
ion
(
loginCredential
,
true
);
authenticationProvider
.
authenticat
e
(
loginCredential
,
true
);
_logger
.
debug
(
"Kerberos Logined in , username "
+
kerberosToken
.
getPrincipal
());
}
...
...
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/wsfederation/HttpWsFederationEntryPoint.java
浏览文件 @
7bba47a4
...
...
@@ -100,7 +100,7 @@ public class HttpWsFederationEntryPoint implements AsyncHandlerInterceptor {
}
LoginCredential
loginCredential
=
new
LoginCredential
(
wsFederationCredential
.
getAttributes
().
get
(
""
).
toString
(),
""
,
ConstsLoginType
.
WSFEDERATION
);
authenticationProvider
.
authenticat
ion
(
loginCredential
,
true
);
authenticationProvider
.
authenticat
e
(
loginCredential
,
true
);
return
true
;
}
else
{
_logger
.
warn
(
"SAML assertions are blank or no longer valid."
);
...
...
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/autoconfigure/AuthenticationAutoConfiguration.java
浏览文件 @
7bba47a4
/*
* Copyright [202
0
] [MaxKey of copyright http://www.maxkey.top]
* Copyright [202
2
] [MaxKey of copyright http://www.maxkey.top]
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
...
...
@@ -18,7 +18,6 @@
package
org.maxkey.autoconfigure
;
import
org.maxkey.authn.AbstractAuthenticationProvider
;
import
org.maxkey.authn.RealmAuthenticationProvider
;
import
org.maxkey.authn.SavedRequestAwareAuthenticationSuccessHandler
;
import
org.maxkey.authn.jwt.AuthJwtService
;
import
org.maxkey.authn.jwt.CongressService
;
...
...
@@ -26,6 +25,9 @@ import org.maxkey.authn.jwt.InMemoryCongressService;
import
org.maxkey.authn.jwt.RedisCongressService
;
import
org.maxkey.authn.online.OnlineTicketService
;
import
org.maxkey.authn.online.OnlineTicketServiceFactory
;
import
org.maxkey.authn.provider.MobileAuthenticationProvider
;
import
org.maxkey.authn.provider.NormalAuthenticationProvider
;
import
org.maxkey.authn.provider.TrustedAuthenticationProvider
;
import
org.maxkey.authn.realm.AbstractAuthenticationRealm
;
import
org.maxkey.authn.web.SessionListenerAdapter
;
import
org.maxkey.configuration.ApplicationConfig
;
...
...
@@ -34,6 +36,7 @@ import org.maxkey.constants.ConstsPersistence;
import
org.maxkey.password.onetimepwd.AbstractOtpAuthn
;
import
org.maxkey.password.onetimepwd.OtpAuthnService
;
import
org.maxkey.password.onetimepwd.token.RedisOtpTokenStore
;
import
org.maxkey.persistence.MomentaryService
;
import
org.maxkey.persistence.redis.RedisConnectionFactory
;
import
org.maxkey.persistence.repository.LoginHistoryRepository
;
import
org.maxkey.persistence.repository.LoginRepository
;
...
...
@@ -68,20 +71,61 @@ public class AuthenticationAutoConfiguration implements InitializingBean {
public
AbstractAuthenticationProvider
authenticationProvider
(
AbstractAuthenticationRealm
authenticationRealm
,
ApplicationConfig
applicationConfig
,
AbstractOtpAuthn
tfaOtpAuthn
,
OtpAuthnService
otpAuthn
Service
,
OnlineTicketService
onlineTicketServices
OnlineTicketService
onlineTicketServices
,
AuthJwtService
authJwt
Service
,
MomentaryService
momentaryService
)
{
_logger
.
debug
(
"init authentication Provider ."
);
return
new
RealmAuthenticationProvider
(
NormalAuthenticationProvider
normal
=
new
NormalAuthenticationProvider
(
authenticationRealm
,
applicationConfig
,
onlineTicketServices
,
authJwtService
,
momentaryService
);
normal
.
addAuthenticationProvider
(
normal
);
return
normal
;
}
@Bean
(
name
=
"mobileAuthenticationProvider"
)
public
AbstractAuthenticationProvider
mobileAuthenticationProvider
(
AbstractAuthenticationRealm
authenticationRealm
,
ApplicationConfig
applicationConfig
,
OtpAuthnService
otpAuthnService
,
OnlineTicketService
onlineTicketServices
,
AbstractAuthenticationProvider
authenticationProvider
)
{
MobileAuthenticationProvider
mobile
=
new
MobileAuthenticationProvider
(
authenticationRealm
,
applicationConfig
,
tfaOtpAuthn
,
otpAuthnService
,
onlineTicketServices
);
);
authenticationProvider
.
addAuthenticationProvider
(
mobile
);
_logger
.
debug
(
"init Mobile authentication Provider ."
);
return
mobile
;
}
@Bean
(
name
=
"trustedAuthenticationProvider"
)
public
AbstractAuthenticationProvider
trustedAuthenticationProvider
(
AbstractAuthenticationRealm
authenticationRealm
,
ApplicationConfig
applicationConfig
,
OnlineTicketService
onlineTicketServices
,
AbstractAuthenticationProvider
authenticationProvider
)
{
TrustedAuthenticationProvider
trusted
=
new
TrustedAuthenticationProvider
(
authenticationRealm
,
applicationConfig
,
onlineTicketServices
);
authenticationProvider
.
addAuthenticationProvider
(
trusted
);
_logger
.
debug
(
"init Mobile authentication Provider ."
);
return
trusted
;
}
@Bean
(
name
=
"authJwtService"
)
...
...
maxkey-authentications/maxkey-authentication-social/src/main/java/org/maxkey/authn/support/socialsignon/SocialSignOnEndpoint.java
浏览文件 @
7bba47a4
...
...
@@ -133,7 +133,7 @@ public class SocialSignOnEndpoint extends AbstractSocialSignOnEndpoint{
SocialsProvider
socialSignOnProvider
=
socialSignOnProviderService
.
get
(
instId
,
provider
);
loginCredential
.
setProvider
(
socialSignOnProvider
.
getProviderName
());
Authentication
authentication
=
authenticationProvider
.
authenticat
ion
(
loginCredential
,
true
);
Authentication
authentication
=
authenticationProvider
.
authenticat
e
(
loginCredential
,
true
);
//socialsAssociate.setAccessToken(JsonUtils.object2Json(this.accessToken));
socialsAssociate
.
setSocialUserInfo
(
accountJsonString
);
//socialsAssociate.setExAttribute(JsonUtils.object2Json(accessToken.getResponseObject()));
...
...
maxkey-core/src/main/java/org/maxkey/persistence/InMemoryMomentaryService.java
浏览文件 @
7bba47a4
...
...
@@ -30,7 +30,7 @@ public class InMemoryMomentaryService implements MomentaryService{
protected
static
Cache
<
String
,
Object
>
momentaryStore
=
Caffeine
.
newBuilder
()
.
expireAfterWrite
(
3
,
TimeUnit
.
MINUTES
)
.
expireAfterWrite
(
5
,
TimeUnit
.
MINUTES
)
.
maximumSize
(
200000
)
.
build
();
...
...
maxkey-core/src/main/java/org/maxkey/persistence/RedisMomentaryService.java
浏览文件 @
7bba47a4
...
...
@@ -26,7 +26,7 @@ import org.slf4j.LoggerFactory;
public
class
RedisMomentaryService
implements
MomentaryService
{
private
static
final
Logger
_logger
=
LoggerFactory
.
getLogger
(
RedisMomentaryService
.
class
);
protected
int
validitySeconds
=
60
*
3
;
//default 3
minutes.
protected
int
validitySeconds
=
60
*
5
;
//default 5
minutes.
RedisConnectionFactory
connectionFactory
;
...
...
maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasRestV1Endpoint.java
浏览文件 @
7bba47a4
...
...
@@ -83,7 +83,7 @@ public class CasRestV1Endpoint extends CasBaseAuthorizeEndpoint{
LoginCredential
loginCredential
=
new
LoginCredential
(
username
,
password
,
"CASREST"
);
authenticationProvider
.
authenticat
ion
(
loginCredential
,
false
);
authenticationProvider
.
authenticat
e
(
loginCredential
,
false
);
TicketGrantingTicketImpl
ticketGrantingTicket
=
new
TicketGrantingTicketImpl
(
"Random"
,
AuthorizationUtils
.
getAuthentication
(),
null
);
...
...
@@ -187,7 +187,7 @@ public class CasRestV1Endpoint extends CasBaseAuthorizeEndpoint{
LoginCredential
loginCredential
=
new
LoginCredential
(
username
,
password
,
"CASREST"
);
authenticationProvider
.
authenticat
ion
(
loginCredential
,
false
);
authenticationProvider
.
authenticat
e
(
loginCredential
,
false
);
UserInfo
userInfo
=
AuthorizationUtils
.
getUserInfo
();
TicketGrantingTicketImpl
ticketGrantingTicket
=
new
TicketGrantingTicketImpl
(
"Random"
,
AuthorizationUtils
.
getAuthentication
(),
null
);
...
...
maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/consumer/endpoint/ConsumerEndpoint.java
浏览文件 @
7bba47a4
...
...
@@ -195,7 +195,7 @@ public class ConsumerEndpoint {
LoginCredential
loginCredential
=
new
LoginCredential
(
username
,
""
,
ConstsLoginType
.
SAMLTRUST
);
Authentication
authentication
=
authenticationProvider
.
authenticat
ion
(
loginCredential
,
true
);
Authentication
authentication
=
authenticationProvider
.
authenticat
e
(
loginCredential
,
true
);
if
(
authentication
==
null
)
{
String
congress
=
authJwtService
.
createCongress
(
authentication
);
}
...
...
maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/endpoint/LoginEntryPoint.java
浏览文件 @
7bba47a4
...
...
@@ -71,7 +71,7 @@ public class LoginEntryPoint {
@Autowired
@Qualifier
(
"authenticationProvider"
)
AbstractAuthenticationProvider
authenticationProvider
;
@Autowired
@Qualifier
(
"socialSignOnProviderService"
)
SocialSignOnProviderService
socialSignOnProviderService
;
...
...
@@ -146,12 +146,20 @@ public class LoginEntryPoint {
*/
@RequestMapping
(
value
={
"/signin"
},
produces
=
{
MediaType
.
APPLICATION_JSON_VALUE
})
public
ResponseEntity
<?>
signin
(
@RequestBody
LoginCredential
loginCredential
)
{
Authentication
authentication
=
authenticationProvider
.
authenticate
(
loginCredential
);
if
(
authentication
==
null
)
{
return
new
Message
<
AuthJwt
>(
Message
.
FAIL
).
buildResponse
();
Message
<
AuthJwt
>
authJwtMessage
=
new
Message
<
AuthJwt
>(
Message
.
FAIL
);
if
(
authJwtService
.
validateJwtToken
(
loginCredential
.
getState
())){
String
authType
=
loginCredential
.
getAuthType
();
_logger
.
debug
(
"Login AuthN Type "
+
authType
);
if
(
StringUtils
.
isNotBlank
(
authType
)){
Authentication
authentication
=
authenticationProvider
.
doAuthenticate
(
loginCredential
);
if
(
authentication
!=
null
)
{
authJwtMessage
=
new
Message
<
AuthJwt
>(
authJwtService
.
genAuthJwt
(
authentication
));
}
}
else
{
_logger
.
error
(
"Login AuthN type must eq normal , tfa or mobile . "
);
}
}
return
new
Message
<
AuthJwt
>(
authJwtService
.
genAuthJwt
(
authentication
))
.
buildResponse
();
return
authJwtMessage
.
buildResponse
();
}
/**
...
...
maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/LoginEntryPoint.java
浏览文件 @
7bba47a4
/*
* Copyright [202
0
] [MaxKey of copyright http://www.maxkey.top]
* Copyright [202
2
] [MaxKey of copyright http://www.maxkey.top]
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
...
...
@@ -17,6 +17,8 @@
package
org.maxkey.web.contorller
;
import
java.util.HashMap
;
import
org.maxkey.authn.AbstractAuthenticationProvider
;
import
org.maxkey.authn.LoginCredential
;
import
org.maxkey.authn.jwt.AuthJwt
;
...
...
@@ -35,7 +37,6 @@ import org.springframework.security.core.Authentication;
import
org.springframework.stereotype.Controller
;
import
org.springframework.web.bind.annotation.RequestBody
;
import
org.springframework.web.bind.annotation.RequestMapping
;
import
org.springframework.web.servlet.ModelAndView
;
import
org.springframework.http.MediaType
;
...
...
@@ -48,14 +49,11 @@ public class LoginEntryPoint {
private
static
Logger
_logger
=
LoggerFactory
.
getLogger
(
LoginEntryPoint
.
class
);
@Autowired
@Qualifier
(
"authJwtService"
)
AuthJwtService
authJwtService
;
@Autowired
@Qualifier
(
"applicationConfig"
)
protected
ApplicationConfig
applicationConfig
;
@Autowired
@Qualifier
(
"authenticationProvider"
)
AbstractAuthenticationProvider
authenticationProvider
;
...
...
@@ -64,34 +62,28 @@ public class LoginEntryPoint {
* init login
* @return
*/
@RequestMapping
(
value
={
"/
login"
})
public
ModelAndView
login
()
{
@RequestMapping
(
value
={
"/
get"
},
produces
=
{
MediaType
.
APPLICATION_JSON_VALUE
})
public
ResponseEntity
<?>
get
()
{
_logger
.
debug
(
"LoginController /login."
);
boolean
isAuthenticated
=
false
;
//WebContext.isAuthenticated();
//for normal login
if
(
isAuthenticated
){
return
WebContext
.
redirect
(
"/main"
);
}
ModelAndView
modelAndView
=
new
ModelAndView
();
HashMap
<
String
,
Object
>
model
=
new
HashMap
<
String
,
Object
>();
model
.
put
(
"isRemeberMe"
,
applicationConfig
.
getLoginConfig
().
isRemeberMe
());
Institutions
inst
=
(
Institutions
)
WebContext
.
getAttribute
(
WebConstants
.
CURRENT_INST
);
modelAndView
.
addObject
(
"isRemeberMe"
,
applicationConfig
.
getLoginConfig
().
isRemeberMe
());
modelAndView
.
addObject
(
"captchaSupport"
,
inst
.
getCaptchaSupport
());
modelAndView
.
addObject
(
"captchaType"
,
inst
.
getCaptchaType
());
modelAndView
.
addObject
(
"sessionid"
,
WebContext
.
getSession
().
getId
());
Object
loginErrorMessage
=
WebContext
.
getAttribute
(
WebConstants
.
LOGIN_ERROR_SESSION_MESSAGE
);
modelAndView
.
addObject
(
"loginErrorMessage"
,
loginErrorMessage
==
null
?
""
:
loginErrorMessage
);
WebContext
.
removeAttribute
(
WebConstants
.
LOGIN_ERROR_SESSION_MESSAGE
);
modelAndView
.
setViewName
(
"login"
);
return
modelAndView
;
model
.
put
(
"inst"
,
inst
);
model
.
put
(
"captcha"
,
inst
.
getCaptchaSupport
());
model
.
put
(
"captchaType"
,
inst
.
getCaptchaType
());
model
.
put
(
"state"
,
authJwtService
.
genJwt
());
return
new
Message
<
HashMap
<
String
,
Object
>>(
model
).
buildResponse
();
}
@RequestMapping
(
value
={
"/signin"
},
produces
=
{
MediaType
.
APPLICATION_JSON_VALUE
})
public
ResponseEntity
<?>
signin
(
@RequestBody
LoginCredential
loginCredential
)
{
Authentication
authentication
=
authenticationProvider
.
authenticate
(
loginCredential
);
AuthJwt
authJwt
=
authJwtService
.
genAuthJwt
(
authentication
);
return
new
Message
<
AuthJwt
>(
authJwt
).
buildResponse
();
if
(
authJwtService
.
validateJwtToken
(
loginCredential
.
getState
())){
Authentication
authentication
=
authenticationProvider
.
authenticate
(
loginCredential
);
AuthJwt
authJwt
=
authJwtService
.
genAuthJwt
(
authentication
);
return
new
Message
<
AuthJwt
>(
authJwt
).
buildResponse
();
}
return
new
Message
<
AuthJwt
>(
Message
.
FAIL
).
buildResponse
();
}
}
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录