v3.0.0GA with authentication isTrusted

v3.0.0GA with authentication isTrusted cas Parameter service fix

v3.0.0GA with authentication isTrusted
v3.0.0GA with authentication isTrusted cas Parameter service fix
d1cf1804 · MaxKey单点登录官方 · 9c10a5aa · d1cf1804 · d1cf1804 · d1cf1804
15 changed file
--- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java
+++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java
@@ -74,14 +74,7 @@ public abstract class AbstractAuthenticationProvider {

    protected abstract Authentication doInternalAuthenticate(LoginCredential authentication);
    
-    public abstract Authentication basicAuthenticate(LoginCredential authentication) ;
-
-    public abstract Authentication trustAuthentication(
-                                    String username, 
-                                    String type, 
-                                    String provider, 
-                                    String code,
-                                    String message);
+    public    abstract Authentication authentication(LoginCredential loginCredential,boolean isTrusted);
    
    @SuppressWarnings("rawtypes")
    public boolean supports(Class authentication) {

--- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/LoginCredential.java
+++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/LoginCredential.java
@@ -38,6 +38,10 @@ public class LoginCredential  implements Authentication {
    String authType;
    String jwtToken;
    String onlineTicket;
+    String provider;
+    String code;
+    String message="SUCCESS";
+    
    ArrayList<GrantedAuthority> grantedAuthority;
    boolean authenticated;
    boolean roleAdministrators;
@@ -182,6 +186,30 @@ public class LoginCredential  implements Authentication {
        this.roleAdministrators = roleAdministrators;
    }

+    public String getProvider() {
+        return provider;
+    }
+
+    public void setProvider(String provider) {
+        this.provider = provider;
+    }
+
+    public String getCode() {
+        return code;
+    }
+
+    public void setCode(String code) {
+        this.code = code;
+    }
+
+    public String getMessage() {
+        return message;
+    }
+
+    public void setMessage(String message) {
+        this.message = message;
+    }
+
    @Override
    public String toString() {
        StringBuilder builder = new StringBuilder();

--- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java
+++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java
@@ -95,19 +95,19 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
        userInfo =  loadUserInfo(loginCredential.getUsername(),loginCredential.getPassword());

        userinfoValid(userInfo, loginCredential.getUsername());
-
+        //mfa 
        tftcaptchaValid(loginCredential.getOtpCaptcha(),loginCredential.getAuthType(),userInfo);
-
+        
+        //Validate PasswordPolicy
+        authenticationRealm.getPasswordPolicyValidator().passwordPolicyValid(userInfo);
        if(loginCredential.getAuthType().equalsIgnoreCase(AuthType.MOBILE)) {
        	mobilecaptchaValid(loginCredential.getPassword(),loginCredential.getAuthType(),userInfo);
-        }else {
-            //Validate PasswordPolicy
-            authenticationRealm.getPasswordPolicyValidator().passwordPolicyValid(userInfo);
+        }else {            
            //Match password 
        	authenticationRealm.passwordMatches(userInfo, loginCredential.getPassword());
-        	//apply PasswordSetType and resetBadPasswordCount
-        	authenticationRealm.getPasswordPolicyValidator().applyPasswordPolicy(userInfo);
        }
+        //apply PasswordSetType and resetBadPasswordCount
+        authenticationRealm.getPasswordPolicyValidator().applyPasswordPolicy(userInfo);
        
        UsernamePasswordAuthenticationToken authenticationToken = createOnlineSession(loginCredential,userInfo);
        //RemeberMe Config check then set  RemeberMe cookies
@@ -127,26 +127,6 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
        
        return  authenticationToken;
    }
-    
-    @Override
-    public Authentication basicAuthenticate(LoginCredential loginCredential) {
-        UserInfo loadeduserInfo = loadUserInfo(loginCredential.getUsername(), "");
-        if (loadeduserInfo != null) {
-            authenticationRealm.passwordMatches(loadeduserInfo, loginCredential.getPassword());
-
-            authenticationRealm.getPasswordPolicyValidator().passwordPolicyValid(loadeduserInfo);
-            
-            Authentication authentication = createOnlineSession(loginCredential,loadeduserInfo);
-            
-            authenticationRealm.insertLoginHistory(loadeduserInfo, loginCredential.getAuthType(), "", "", "SUCCESS");
-                        
-            return authentication;
-        }else {
-            String message = WebContext.getI18nValue("login.error.username");
-            _logger.debug("login user  " + loginCredential.getUsername() + " not in this System ." + message);
-            throw new BadCredentialsException(WebContext.getI18nValue("login.error.username"));
-        }
-    }

    /**
     * trustAuthentication.
@@ -158,24 +138,29 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
     * @return boolean
     */
    @Override
-    public  Authentication trustAuthentication(String username, 
-                                            String type, 
-                                            String provider, 
-                                            String code,
-                                            String message) {
-        UserInfo loadeduserInfo = loadUserInfo(username, "");
+    public  Authentication authentication(LoginCredential loginCredential,boolean isTrusted) {
+        UserInfo loadeduserInfo = loadUserInfo(loginCredential.getUsername(), "");
        if (loadeduserInfo != null) {
-            LoginCredential loginCredential = new LoginCredential();
-            loginCredential.setUsername(loadeduserInfo.getUsername());
-            
+            //Validate PasswordPolicy
+            authenticationRealm.getPasswordPolicyValidator().passwordPolicyValid(loadeduserInfo);
+            if(!isTrusted) {
+                authenticationRealm.passwordMatches(loadeduserInfo, loginCredential.getPassword());
+            }
+            //apply PasswordSetType and resetBadPasswordCount
+            authenticationRealm.getPasswordPolicyValidator().applyPasswordPolicy(loadeduserInfo);
            Authentication authentication = createOnlineSession(loginCredential,loadeduserInfo);
            
-            authenticationRealm.insertLoginHistory(loadeduserInfo, type, provider, code, message);
+            authenticationRealm.insertLoginHistory( loadeduserInfo, 
+                                                    loginCredential.getAuthType(), 
+                                                    loginCredential.getProvider(), 
+                                                    loginCredential.getCode(), 
+                                                    loginCredential.getMessage()
+                                                );
            
            return authentication;
        }else {
            String i18nMessage = WebContext.getI18nValue("login.error.username");
-            _logger.debug("login user  " + username + " not in this System ." + i18nMessage);
+            _logger.debug("login user  " + loginCredential.getUsername() + " not in this System ." + i18nMessage);
            throw new BadCredentialsException(WebContext.getI18nValue("login.error.username"));
        }
    }

--- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/basic/BasicEntryPoint.java
+++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/basic/BasicEntryPoint.java
@@ -21,6 +21,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

 import org.maxkey.authn.AbstractAuthenticationProvider;
+import org.maxkey.authn.LoginCredential;
 import org.maxkey.constants.ConstantsLoginType;
 import org.maxkey.util.AuthorizationHeaderCredential;
 import org.maxkey.util.AuthorizationHeaderUtils;
@@ -129,8 +130,9 @@ public class BasicEntryPoint implements   AsyncHandlerInterceptor {
 		 }
 		 
 		 if(!isAuthenticated){
-			authenticationProvider.trustAuthentication(headerCredential.getUsername(),ConstantsLoginType.BASIC,"","","success");
-				_logger.info("Authentication  "+headerCredential.getUsername()+" successful .");
+		     LoginCredential loginCredential =new LoginCredential(headerCredential.getUsername(),"",ConstantsLoginType.BASIC);
+			 authenticationProvider.authentication(loginCredential,true);
+			 _logger.info("Authentication  "+headerCredential.getUsername()+" successful .");
 		 }
 		
 		 return true;

--- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/httpheader/HttpHeaderEntryPoint.java
+++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/httpheader/HttpHeaderEntryPoint.java
@@ -21,6 +21,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

 import org.maxkey.authn.AbstractAuthenticationProvider;
+import org.maxkey.authn.LoginCredential;
 import org.maxkey.constants.ConstantsLoginType;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -107,7 +108,8 @@ public class HttpHeaderEntryPoint implements AsyncHandlerInterceptor {
 		 }
 		 
 		 if(!isAuthenticated){
-			authenticationProvider.trustAuthentication(httpHeaderUsername,ConstantsLoginType.HTTPHEADER,"","","success");
+			LoginCredential loginCredential =new LoginCredential(httpHeaderUsername,"",ConstantsLoginType.HTTPHEADER);
+            authenticationProvider.authentication(loginCredential,true);
 			_logger.info("Authentication  "+httpHeaderUsername+" successful .");
 		 }
 		

--- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/jwt/HttpJwtEntryPoint.java
+++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/jwt/HttpJwtEntryPoint.java
@@ -21,6 +21,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;

 import org.maxkey.authn.AbstractAuthenticationProvider;
+import org.maxkey.authn.LoginCredential;
 import org.maxkey.configuration.ApplicationConfig;
 import org.maxkey.constants.ConstantsLoginType;
 import org.maxkey.web.WebConstants;
@@ -77,7 +78,8 @@ public class HttpJwtEntryPoint implements AsyncHandlerInterceptor {
 		 SignedJWT signedJWT = jwtLoginService.jwtTokenValidation(jwt);
 		 if(signedJWT != null) {
 			 String username =signedJWT.getJWTClaimsSet().getSubject();
-			 authenticationProvider.trustAuthentication(username, ConstantsLoginType.JWT, "", "", "success"); 
+			 LoginCredential loginCredential =new LoginCredential(username,"",ConstantsLoginType.JWT);
+			 authenticationProvider.authentication(loginCredential,true);
 			 _logger.debug("JWT Logined in , username " + username);
 		 }
 		

--- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/kerberos/HttpKerberosEntryPoint.java
+++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/kerberos/HttpKerberosEntryPoint.java
@@ -21,6 +21,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import org.joda.time.DateTime;
 import org.maxkey.authn.AbstractAuthenticationProvider;
+import org.maxkey.authn.LoginCredential;
 import org.maxkey.configuration.ApplicationConfig;
 import org.maxkey.constants.ConstantsLoginType;
 import org.maxkey.crypto.ReciprocalUtils;
@@ -94,7 +95,9 @@ public class HttpKerberosEntryPoint implements AsyncHandlerInterceptor {
 		_logger.debug("Kerberos Token is After Now  "+notOnOrAfter.isAfterNow());
 		
 		if(notOnOrAfter.isAfterNow()){
-	    	authenticationProvider.trustAuthentication(kerberosToken.getPrincipal(),ConstantsLoginType.KERBEROS,kerberosUserDomain,"","success");
+		    LoginCredential loginCredential =new LoginCredential(kerberosToken.getPrincipal(),"",ConstantsLoginType.KERBEROS);
+		    loginCredential.setProvider(kerberosUserDomain);
+            authenticationProvider.authentication(loginCredential,true);
 	    	_logger.debug("Kerberos Logined in , username " + kerberosToken.getPrincipal());
 		}
 		

--- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/HttpRemeberMeEntryPoint.java
+++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/HttpRemeberMeEntryPoint.java
@@ -23,6 +23,7 @@ import javax.servlet.http.HttpServletResponse;

 import org.joda.time.DateTime;
 import org.maxkey.authn.AbstractAuthenticationProvider;
+import org.maxkey.authn.LoginCredential;
 import org.maxkey.configuration.ApplicationConfig;
 import org.maxkey.constants.ConstantsLoginType;
 import org.maxkey.crypto.Base64Utils;
@@ -94,12 +95,8 @@ public class HttpRemeberMeEntryPoint implements AsyncHandlerInterceptor {
 	        DateTime expiryDate = loginDate.plusSeconds(remeberMeService.getRemeberMeValidity());
 	        DateTime now = new DateTime();
 	        if (now.isBefore(expiryDate)) {
-	            authenticationProvider.trustAuthentication(
-	                    storeRemeberMe.getUsername(), 
-	                    ConstantsLoginType.REMEBER_ME, 
-	                    "", 
-	                    "", 
-	                    "success");
+	            LoginCredential loginCredential =new LoginCredential(storeRemeberMe.getUsername(),"",ConstantsLoginType.REMEBER_ME);
+	            authenticationProvider.authentication(loginCredential,true);
 	            remeberMeService.updateRemeberMe(remeberMeCookie, response);
 	            _logger.debug("RemeberMe Logined in , username " + storeRemeberMe.getUsername());
 	        }

--- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/wsfederation/HttpWsFederationEntryPoint.java
+++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/wsfederation/HttpWsFederationEntryPoint.java
@@ -20,6 +20,7 @@ package org.maxkey.authn.support.wsfederation;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import org.maxkey.authn.AbstractAuthenticationProvider;
+import org.maxkey.authn.LoginCredential;
 import org.maxkey.configuration.ApplicationConfig;
 import org.maxkey.constants.ConstantsLoginType;
 import org.maxkey.util.StringUtils;
@@ -97,11 +98,9 @@ public class HttpWsFederationEntryPoint implements AsyncHandlerInterceptor {
                    			wsFederationCredential.getAttributes(),
                    			wsFederationService.getWsFederationConfiguration().getUpnSuffix());
                    }
-
-                    authenticationProvider.trustAuthentication(
-                    		wsFederationCredential.getAttributes().get("").toString(),
-                    		ConstantsLoginType.WSFEDERATION,
-                    		"","","success");
+                    LoginCredential loginCredential =new LoginCredential(
+                            wsFederationCredential.getAttributes().get("").toString(),"",ConstantsLoginType.WSFEDERATION);
+                    authenticationProvider.authentication(loginCredential,true);
                    return true;
                } else {
                    _logger.warn("SAML assertions are blank or no longer valid.");

--- a/maxkey-authentications/maxkey-authentication-social/src/main/java/org/maxkey/authn/support/socialsignon/SocialSignOnEndpoint.java
+++ b/maxkey-authentications/maxkey-authentication-social/src/main/java/org/maxkey/authn/support/socialsignon/SocialSignOnEndpoint.java
@@ -22,6 +22,7 @@ package org.maxkey.authn.support.socialsignon;

 import javax.servlet.http.HttpServletRequest;

+import org.maxkey.authn.LoginCredential;
 import org.maxkey.authn.support.socialsignon.service.SocialSignOnProvider;
 import org.maxkey.authn.support.socialsignon.service.SocialsAssociate;
 import org.maxkey.constants.ConstantsLoginType;
@@ -176,8 +177,11 @@ public class SocialSignOnEndpoint  extends AbstractSocialSignOnEndpoint{
 		
 		_logger.debug("Social Sign On from "+socialsAssociate.getProvider()+" mapping to user "+socialsAssociate.getUsername());
 		
-		authenticationProvider.trustAuthentication(socialsAssociate.getUsername(), ConstantsLoginType.SOCIALSIGNON,this.socialSignOnProvider.getProviderName(),"xe00000004","success");
-		//socialsAssociate.setAccessToken(JsonUtils.object2Json(this.accessToken));
+		LoginCredential loginCredential =new LoginCredential(
+		        socialsAssociate.getUsername(),"",ConstantsLoginType.SOCIALSIGNON);
+		loginCredential.setProvider(this.socialSignOnProvider.getProviderName());
+        authenticationProvider.authentication(loginCredential,true);
+        //socialsAssociate.setAccessToken(JsonUtils.object2Json(this.accessToken));
 		socialsAssociate.setSocialUserInfo(accountJsonString);
 		//socialsAssociate.setExAttribute(JsonUtils.object2Json(accessToken.getResponseObject()));
 		

--- a/maxkey-core/src/main/java/org/maxkey/web/WebXssRequestFilter.java
+++ b/maxkey-core/src/main/java/org/maxkey/web/WebXssRequestFilter.java
@@ -39,8 +39,12 @@ public class WebXssRequestFilter  extends GenericFilterBean {
 	final static ConcurrentHashMap <String,String> skipUrlMap = new  ConcurrentHashMap <String,String>();
 	
 	static {
-		skipUrlMap.put("/notices/add", "");
-		skipUrlMap.put("/notices/update", "");
+		skipUrlMap.put("/notices/add", "/notices/add");
+		skipUrlMap.put("/notices/update", "/notices/update");
+		skipUrlMap.put("/authz/cas", "/authz/cas");
+		skipUrlMap.put("/authz/cas/", "/authz/cas/");
+		skipUrlMap.put("/authz/cas/login", "/authz/cas/login");
+		skipUrlMap.put("/authz/oauth/v20/authorize", "/authz/oauth/v20/authorize");
 	}
 	
 	@Override

--- a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java
@@ -64,7 +64,7 @@ public class CasAuthorizeEndpoint  extends CasBaseAuthorizeEndpoint{
 	    
 		AppsCasDetails  casDetails=casDetailsService.getAppDetails(casService);
 		
-		return buildCasModelAndView(request,response,casDetails);
+		return buildCasModelAndView(request,response,casDetails,casService);
 		
 	}
 	
@@ -77,20 +77,34 @@ public class CasAuthorizeEndpoint  extends CasBaseAuthorizeEndpoint{
 		
 		AppsCasDetails casDetails=casDetailsService.getAppDetails(id);
 		
-		return buildCasModelAndView(request,response,casDetails);
+		return buildCasModelAndView(request,response,casDetails,casDetails.getCallbackUrl());
 	}
 	
 	private  ModelAndView buildCasModelAndView(
 	                HttpServletRequest request,
 	                HttpServletResponse response,
-	                AppsCasDetails casDetails){
+	                AppsCasDetails casDetails,
+	                String casService){
 		
 		_logger.debug(""+casDetails);
-
+		Map<String, String> parameterMap = WebContext.getRequestParameterMap(request);
+		String service = casService;
+		_logger.debug("CAS Parameter service = " + service);
+		if(casService.indexOf("?") >-1 ) {
+		    service = casService.substring(casService.indexOf("?") + 1);
+		    if(service.indexOf("=") > -1) {
+		        String [] parameterValues = service.split("=");
+		        if(parameterValues.length == 2) {
+		            parameterMap.put(parameterValues[0], parameterValues[1]);
+		        }
+		    }
+		    _logger.debug("CAS service with Parameter : " + service);
+		}
 		WebContext.setAttribute(
    		        CasConstants.PARAMETER.PARAMETER_MAP, 
-    		        WebContext.getRequestParameterMap(request)
+    		        parameterMap
 		        );
+
 		WebContext.setAttribute(CasConstants.PARAMETER.ENDPOINT_CAS_DETAILS, casDetails);
 		WebContext.setAttribute(WebConstants.SINGLE_SIGN_ON_APP_ID, casDetails.getId());
 		WebContext.setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP,casDetails);
@@ -116,7 +130,6 @@ public class CasAuthorizeEndpoint  extends CasBaseAuthorizeEndpoint{
 		    callbackUrl.append("&");
 		}
 		
-		
 		//append ticket
 		callbackUrl.append(CasConstants.PARAMETER.TICKET).append("=").append(ticket);
 		

--- a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasRestV1Endpoint.java
+++ b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasRestV1Endpoint.java
@@ -82,7 +82,7 @@ public class CasRestV1Endpoint  extends CasBaseAuthorizeEndpoint{
    	    
    	    LoginCredential loginCredential =new LoginCredential(username,password,"CASREST");
    	    
-    	    authenticationProvider.basicAuthenticate(loginCredential);
+    	    authenticationProvider.authentication(loginCredential,false);
            
            TicketGrantingTicketImpl ticketGrantingTicket=new TicketGrantingTicketImpl("Random",WebContext.getAuthentication(),null);
            
@@ -189,7 +189,7 @@ public class CasRestV1Endpoint  extends CasBaseAuthorizeEndpoint{
            
            LoginCredential loginCredential =new LoginCredential(username,password,"CASREST");
            
-            authenticationProvider.basicAuthenticate(loginCredential);
+            authenticationProvider.authentication(loginCredential,false);
            UserInfo userInfo =WebContext.getUserInfo();
            TicketGrantingTicketImpl ticketGrantingTicket=new TicketGrantingTicketImpl("Random",WebContext.getAuthentication(),null);
            

--- a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/consumer/endpoint/ConsumerEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/consumer/endpoint/ConsumerEndpoint.java
@@ -31,6 +31,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.lang.Validate;
 import org.maxkey.authn.AbstractAuthenticationProvider;
+import org.maxkey.authn.LoginCredential;
 import org.maxkey.authz.saml.common.EndpointGenerator;
 import org.maxkey.authz.saml.common.TrustResolver;
 import org.maxkey.authz.saml.service.IDService;
@@ -185,8 +186,9 @@ public class ConsumerEndpoint {
 		
 	
 		logger.debug("assertion.getID() ", assertion.getAuthnStatements());
-		
-		authenticationProvider.trustAuthentication(username, ConstantsLoginType.SAMLTRUST,"","","success");
+		LoginCredential loginCredential =new LoginCredential(
+		        username,"",ConstantsLoginType.SAMLTRUST);
+        authenticationProvider.authentication(loginCredential,true);

 		ModelAndView mav = new ModelAndView();
 		mav.addObject("username", username);

--- a/maxkey-webs/maxkey-web-maxkey/src/main/resources/templates/views/authorize/cas_sso_submint.ftl
+++ b/maxkey-webs/maxkey-web-maxkey/src/main/resources/templates/views/authorize/cas_sso_submint.ftl
@@ -5,7 +5,13 @@
    <#include  "authorize_common.ftl">
    <script type="text/javascript">
        function redirectToLogin(){
-            window.top.location.href ="${callbackUrl}";
+            var srcUrl = window.top.location.href;
+            srcUrl = srcUrl.substring(srcUrl.indexOf("#"));
+            var callbackUrl = "${callbackUrl}";
+            if(srcUrl.indexOf("#") >-1 ){
+                callbackUrl =callbackUrl.replace("?",srcUrl + "&");
+            }
+            window.top.location.href = callbackUrl;
       }
    </script>
 </head>