Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
yujianwangzivayy
MaxKey
提交
e0e517d6
MaxKey
项目概览
yujianwangzivayy
/
MaxKey
与 Fork 源项目一致
Fork自
MaxKey单点登录官方(MaxKeyTop) / MaxKey
通知
1
Star
0
Fork
0
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
MaxKey
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
e0e517d6
编写于
4月 07, 2022
作者:
M
MaxKey
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
apps
上级
0307d875
变更
8
隐藏空白更改
内联
并排
Showing
8 changed file
with
127 addition
and
84 deletion
+127
-84
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/AuthEntryPoint.java
...re/src/main/java/org/maxkey/authn/web/AuthEntryPoint.java
+41
-0
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/interceptor/PermissionAdapter.java
...a/org/maxkey/authn/web/interceptor/PermissionAdapter.java
+2
-2
maxkey-core/src/main/java/org/maxkey/constants/ConstsBoolean.java
...ore/src/main/java/org/maxkey/constants/ConstsBoolean.java
+4
-0
maxkey-core/src/main/java/org/maxkey/entity/apps/AppsOAuth20Details.java
.../main/java/org/maxkey/entity/apps/AppsOAuth20Details.java
+8
-4
maxkey-core/src/main/java/org/maxkey/entity/apps/AppsSAML20Details.java
...c/main/java/org/maxkey/entity/apps/AppsSAML20Details.java
+18
-23
maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/xml/AuthnResponseGenerator.java
...key/authz/saml20/provider/xml/AuthnResponseGenerator.java
+1
-1
maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/xml/SubjectGenerator.java
...rg/maxkey/authz/saml20/provider/xml/SubjectGenerator.java
+4
-4
maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/apps/contorller/SAML20DetailsController.java
...g/maxkey/web/apps/contorller/SAML20DetailsController.java
+49
-50
未找到文件。
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/AuthEntryPoint.java
0 → 100644
浏览文件 @
e0e517d6
package
org.maxkey.authn.web
;
import
java.io.IOException
;
import
java.util.HashMap
;
import
java.util.Map
;
import
javax.servlet.http.HttpServletRequest
;
import
javax.servlet.http.HttpServletResponse
;
import
org.slf4j.Logger
;
import
org.slf4j.LoggerFactory
;
import
org.springframework.http.MediaType
;
import
org.springframework.stereotype.Controller
;
import
org.springframework.web.bind.annotation.RequestMapping
;
import
com.fasterxml.jackson.core.exc.StreamWriteException
;
import
com.fasterxml.jackson.databind.DatabindException
;
import
com.fasterxml.jackson.databind.ObjectMapper
;
@Controller
public
class
AuthEntryPoint
{
private
static
final
Logger
_logger
=
LoggerFactory
.
getLogger
(
AuthEntryPoint
.
class
);
@RequestMapping
(
value
={
"/auth/entrypoint"
})
public
void
entryPoint
(
HttpServletRequest
request
,
HttpServletResponse
response
)
throws
StreamWriteException
,
DatabindException
,
IOException
{
_logger
.
trace
(
"AuthEntryPoint /entrypoint."
);
response
.
setContentType
(
MediaType
.
APPLICATION_JSON_VALUE
);
response
.
setStatus
(
HttpServletResponse
.
SC_UNAUTHORIZED
);
final
Map
<
String
,
Object
>
body
=
new
HashMap
<>();
body
.
put
(
"status"
,
HttpServletResponse
.
SC_UNAUTHORIZED
);
body
.
put
(
"error"
,
"Unauthorized"
);
body
.
put
(
"message"
,
"Unauthorized"
);
body
.
put
(
"path"
,
request
.
getServletPath
());
final
ObjectMapper
mapper
=
new
ObjectMapper
();
mapper
.
writeValue
(
response
.
getOutputStream
(),
body
);
}
}
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/interceptor/PermissionAdapter.java
浏览文件 @
e0e517d6
...
...
@@ -78,8 +78,8 @@ public class PermissionAdapter implements AsyncHandlerInterceptor {
//判断用户是否登录
if
(
WebContext
.
getAuthentication
()==
null
||
WebContext
.
getAuthentication
().
getAuthorities
()==
null
){
//判断用户和角色,判断用户是否登录用户
_logger
.
trace
(
"No Authentication ... forward to /
login
"
);
RequestDispatcher
dispatcher
=
request
.
getRequestDispatcher
(
"/
login
"
);
_logger
.
trace
(
"No Authentication ... forward to /
auth/entrypoint
"
);
RequestDispatcher
dispatcher
=
request
.
getRequestDispatcher
(
"/
auth/entrypoint
"
);
dispatcher
.
forward
(
request
,
response
);
return
false
;
}
...
...
maxkey-core/src/main/java/org/maxkey/constants/ConstsBoolean.java
浏览文件 @
e0e517d6
...
...
@@ -50,6 +50,10 @@ public class ConstsBoolean {
public
static
boolean
isTrue
(
int
value
)
{
return
TRUE
==
value
;
}
public
static
boolean
isYes
(
String
value
)
{
return
"YES"
==
value
.
toUpperCase
();
}
public
static
boolean
isFalse
(
int
value
)
{
return
FALSE
==
value
;
...
...
maxkey-core/src/main/java/org/maxkey/entity/apps/AppsOAuth20Details.java
浏览文件 @
e0e517d6
...
...
@@ -108,12 +108,16 @@ public class AppsOAuth20Details extends Apps {
this
.
setAdapterName
(
application
.
getAdapterName
());
this
.
clientSecret
=
baseClientDetails
.
getClientSecret
();
this
.
scope
=
baseClientDetails
.
getScope
().
toString
();
this
.
resourceIds
=
baseClientDetails
.
getResourceIds
().
toString
();
this
.
authorizedGrantTypes
=
baseClientDetails
.
getAuthorizedGrantTypes
().
toString
();
this
.
scope
=
StringUtils
.
collectionToCommaDelimitedString
(
baseClientDetails
.
getScope
());
this
.
resourceIds
=
StringUtils
.
collectionToCommaDelimitedString
(
baseClientDetails
.
getResourceIds
());
this
.
authorizedGrantTypes
=
StringUtils
.
collectionToCommaDelimitedString
(
baseClientDetails
.
getAuthorizedGrantTypes
());
this
.
registeredRedirectUris
=
StringUtils
.
collectionToCommaDelimitedString
(
baseClientDetails
.
getRegisteredRedirectUri
());
this
.
authorities
=
baseClientDetails
.
getAuthorities
().
toString
();
this
.
authorities
=
StringUtils
.
collectionToCommaDelimitedString
(
baseClientDetails
.
getAuthorities
());
this
.
accessTokenValiditySeconds
=
baseClientDetails
.
getAccessTokenValiditySeconds
();
this
.
refreshTokenValiditySeconds
=
baseClientDetails
.
getRefreshTokenValiditySeconds
();
this
.
approvalPrompt
=
baseClientDetails
.
isAutoApprove
(
"all"
)
+
""
;
...
...
maxkey-core/src/main/java/org/maxkey/entity/apps/AppsSAML20Details.java
浏览文件 @
e0e517d6
...
...
@@ -26,8 +26,6 @@ import javax.persistence.GenerationType;
import
javax.persistence.Id
;
import
javax.persistence.Table
;
import
org.springframework.web.multipart.MultipartFile
;
/**
* @author Crystal.Sea
*
...
...
@@ -79,17 +77,14 @@ public class AppsSAML20Details extends Apps {
* 0 false 1 true
*/
@Column
private
int
encrypted
;
/**
* for upload
*/
private
MultipartFile
metaFile
;
private
String
encrypted
;
/**
* metadata_file metadata_url or certificate
*/
private
String
fileType
;
String
metaFileId
;
X509Certificate
trustCert
=
null
;
/**
* metadata Url
...
...
@@ -101,7 +96,7 @@ public class AppsSAML20Details extends Apps {
* 0 original 1 uppercase 2 lowercase
*/
@Column
private
int
nameIdConvert
;
private
String
nameIdConvert
;
@Column
private
String
nameIdSuffix
;
...
...
@@ -283,15 +278,7 @@ public class AppsSAML20Details extends Apps {
this
.
validityInterval
=
validityInterval
;
}
public
MultipartFile
getMetaFile
()
{
return
metaFile
;
}
public
void
setMetaFile
(
MultipartFile
metaFile
)
{
this
.
metaFile
=
metaFile
;
}
/**
* @return the fileType
...
...
@@ -307,7 +294,15 @@ public class AppsSAML20Details extends Apps {
this
.
fileType
=
fileType
;
}
public
String
getBinding
()
{
public
String
getMetaFileId
()
{
return
metaFileId
;
}
public
void
setMetaFileId
(
String
metaFileId
)
{
this
.
metaFileId
=
metaFileId
;
}
public
String
getBinding
()
{
return
binding
;
}
...
...
@@ -315,19 +310,19 @@ public class AppsSAML20Details extends Apps {
this
.
binding
=
binding
;
}
public
int
getEncrypted
()
{
public
String
getEncrypted
()
{
return
encrypted
;
}
public
void
setEncrypted
(
int
encrypted
)
{
public
void
setEncrypted
(
String
encrypted
)
{
this
.
encrypted
=
encrypted
;
}
public
int
getNameIdConvert
()
{
public
String
getNameIdConvert
()
{
return
nameIdConvert
;
}
public
void
setNameIdConvert
(
int
nameIdConvert
)
{
public
void
setNameIdConvert
(
String
nameIdConvert
)
{
this
.
nameIdConvert
=
nameIdConvert
;
}
...
...
maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/xml/AuthnResponseGenerator.java
浏览文件 @
e0e517d6
...
...
@@ -78,7 +78,7 @@ public class AuthnResponseGenerator {
attributeMap
);
//Encrypt
if
(
ConstsBoolean
.
is
True
(
saml20Details
.
getEncrypted
()))
{
if
(
ConstsBoolean
.
is
Yes
(
saml20Details
.
getEncrypted
()))
{
logger
.
info
(
"begin to encrypt assertion"
);
try
{
// Assume this contains a recipient's RSA public
...
...
maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/xml/SubjectGenerator.java
浏览文件 @
e0e517d6
...
...
@@ -84,12 +84,12 @@ public class SubjectGenerator {
nameIdValue
=
nameIdValue
+
saml20Details
.
getNameIdSuffix
();
}
if
(
saml20Details
.
getNameIdConvert
()==
0
)
{
}
else
if
(
saml20Details
.
getNameIdConvert
()==
1
)
{
if
(
saml20Details
.
getNameIdConvert
().
equalsIgnoreCase
(
"uppercase"
))
{
nameIdValue
=
nameIdValue
.
toUpperCase
();
}
else
if
(
saml20Details
.
getNameIdConvert
()
==
1
)
{
}
else
if
(
saml20Details
.
getNameIdConvert
()
.
equalsIgnoreCase
(
"lowercase"
)
)
{
nameIdValue
=
nameIdValue
.
toLowerCase
();
}
else
{
//do nothing
}
NameID
nameID
=
builderNameID
(
nameIdValue
,
assertionConsumerURL
);
...
...
maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/apps/contorller/SAML20DetailsController.java
浏览文件 @
e0e517d6
...
...
@@ -17,10 +17,13 @@
package
org.maxkey.web.apps.contorller
;
import
java.io.ByteArrayInputStream
;
import
java.io.IOException
;
import
java.io.InputStream
;
import
java.security.KeyStore
;
import
java.security.cert.X509Certificate
;
import
org.apache.commons.lang3.StringUtils
;
import
org.apache.http.client.methods.CloseableHttpResponse
;
import
org.apache.http.client.methods.HttpPost
;
import
org.apache.http.impl.client.CloseableHttpClient
;
...
...
@@ -83,7 +86,6 @@ public class SAML20DetailsController extends BaseAppContorller {
AppsSAML20Details
saml20Details
=
saml20DetailsService
.
getAppDetails
(
id
,
false
);
decoderSecret
(
saml20Details
);
saml20Details
.
transIconBase64
();
//modelAndView.addObject("model",saml20Details);
//modelAndView.addObject("authzURI",applicationConfig.getAuthzUri());
return
new
Message
<
AppsSAML20Details
>(
saml20Details
).
buildResponse
();
}
...
...
@@ -142,60 +144,57 @@ public class SAML20DetailsController extends BaseAppContorller {
}
}
//////////////////////////////
protected
AppsSAML20Details
transform
(
AppsSAML20Details
samlDetails
)
throws
Exception
{
super
.
transform
(
samlDetails
);
if
(
null
==
samlDetails
.
getFileType
()||
samlDetails
.
getFileType
().
equals
(
"certificate"
)){
//certificate file
try
{
if
(
null
!=
samlDetails
.
getMetaFile
()&&!
samlDetails
.
getMetaFile
().
isEmpty
())
{
InputStream
isCert
=
samlDetails
.
getMetaFile
().
getInputStream
();
X509Certificate
trustCert
=
X509CertUtils
.
loadCertFromInputStream
(
isCert
);
samlDetails
.
setTrustCert
(
trustCert
);
isCert
.
close
();
}
}
catch
(
IOException
e
)
{
_logger
.
error
(
"read certificate file error ."
,
e
);
throw
new
Exception
(
"read certificate file error"
,
e
);
if
(
StringUtils
.
isNotBlank
(
samlDetails
.
getFileType
())){
if
(
StringUtils
.
isNotBlank
(
samlDetails
.
getMetaFileId
()))
{
ByteArrayInputStream
bArrayInputStream
=
new
ByteArrayInputStream
(
fileUploadService
.
get
(
samlDetails
.
getMetaFileId
()).
getUploaded
());;
if
(
samlDetails
.
getFileType
().
equals
(
"certificate"
)){
//certificate file
try
{
X509Certificate
trustCert
=
X509CertUtils
.
loadCertFromInputStream
(
bArrayInputStream
);
samlDetails
.
setTrustCert
(
trustCert
);
}
catch
(
IOException
e
)
{
_logger
.
error
(
"read certificate file error ."
,
e
);
throw
new
Exception
(
"read certificate file error"
,
e
);
}
}
else
if
(
samlDetails
.
getFileType
().
equals
(
"metadata_file"
)){
//metadata file
samlDetails
=
resolveMetaData
(
samlDetails
,
bArrayInputStream
);
}
}
if
(
samlDetails
.
getFileType
().
equals
(
"metadata_url"
)
&&
StringUtils
.
isNotBlank
(
samlDetails
.
getMetaUrl
())){
//metadata url
CloseableHttpClient
httpClient
=
HttpClients
.
createDefault
();
HttpPost
post
=
new
HttpPost
(
samlDetails
.
getMetaUrl
());
CloseableHttpResponse
response
=
httpClient
.
execute
(
post
);
samlDetails
=
resolveMetaData
(
samlDetails
,
response
.
getEntity
().
getContent
());;
response
.
close
();
httpClient
.
close
();
}
if
(
samlDetails
.
getTrustCert
()!=
null
)
{
samlDetails
.
setCertSubject
(
samlDetails
.
getTrustCert
().
getSubjectDN
().
getName
());
samlDetails
.
setCertExpiration
(
samlDetails
.
getTrustCert
().
getNotAfter
().
toString
());
samlDetails
.
setCertIssuer
(
X509CertUtils
.
getCommonName
(
samlDetails
.
getTrustCert
().
getIssuerX500Principal
()));
KeyStore
keyStore
=
KeyStoreUtil
.
clone
(
idpKeyStoreLoader
.
getKeyStore
(),
idpKeyStoreLoader
.
getKeystorePassword
());
KeyStore
trustKeyStore
=
null
;
if
(!
samlDetails
.
getEntityId
().
equals
(
""
))
{
trustKeyStore
=
KeyStoreUtil
.
importTrustCertificate
(
keyStore
,
samlDetails
.
getTrustCert
(),
samlDetails
.
getEntityId
());
}
else
{
trustKeyStore
=
KeyStoreUtil
.
importTrustCertificate
(
keyStore
,
samlDetails
.
getTrustCert
());
}
byte
[]
keyStoreByte
=
KeyStoreUtil
.
keyStore2Bytes
(
trustKeyStore
,
idpKeyStoreLoader
.
getKeystorePassword
());
// store KeyStore content
samlDetails
.
setKeyStore
(
keyStoreByte
);
}
}
else
if
(
samlDetails
.
getFileType
().
equals
(
"metadata_file"
)){
//metadata file
if
(
null
!=
samlDetails
.
getMetaFile
()&&!
samlDetails
.
getMetaFile
().
isEmpty
())
{
samlDetails
=
resolveMetaData
(
samlDetails
,
samlDetails
.
getMetaFile
().
getInputStream
());
}
}
else
if
(
samlDetails
.
getFileType
().
equals
(
"metadata_url"
)){
//metadata url
CloseableHttpClient
httpClient
=
HttpClients
.
createDefault
();
HttpPost
post
=
new
HttpPost
(
samlDetails
.
getMetaUrl
());
CloseableHttpResponse
response
=
httpClient
.
execute
(
post
);
samlDetails
=
resolveMetaData
(
samlDetails
,
response
.
getEntity
().
getContent
());;
response
.
close
();
httpClient
.
close
();
}
if
(
samlDetails
.
getTrustCert
()!=
null
)
{
samlDetails
.
setCertSubject
(
samlDetails
.
getTrustCert
().
getSubjectDN
().
getName
());
samlDetails
.
setCertExpiration
(
samlDetails
.
getTrustCert
().
getNotAfter
().
toString
());
samlDetails
.
setCertIssuer
(
X509CertUtils
.
getCommonName
(
samlDetails
.
getTrustCert
().
getIssuerX500Principal
()));
KeyStore
keyStore
=
KeyStoreUtil
.
clone
(
idpKeyStoreLoader
.
getKeyStore
(),
idpKeyStoreLoader
.
getKeystorePassword
());
KeyStore
trustKeyStore
=
null
;
if
(!
samlDetails
.
getEntityId
().
equals
(
""
))
{
trustKeyStore
=
KeyStoreUtil
.
importTrustCertificate
(
keyStore
,
samlDetails
.
getTrustCert
(),
samlDetails
.
getEntityId
());
}
else
{
trustKeyStore
=
KeyStoreUtil
.
importTrustCertificate
(
keyStore
,
samlDetails
.
getTrustCert
());
}
byte
[]
keyStoreByte
=
KeyStoreUtil
.
keyStore2Bytes
(
trustKeyStore
,
idpKeyStoreLoader
.
getKeystorePassword
());
// store KeyStore content
samlDetails
.
setKeyStore
(
keyStoreByte
);
}
return
samlDetails
;
}
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录