diff --git a/maxkey-authentications/maxkey-authentication-captcha/src/main/java/org/maxkey/autoconfigure/KaptchaAutoConfiguration.java b/maxkey-authentications/maxkey-authentication-captcha/src/main/java/org/maxkey/autoconfigure/KaptchaAutoConfiguration.java index 48b80259f71ed7856a379e2084319fcaf2bd425f..e830ef283e1ea87f820a004c76b3c543ff2f22d0 100644 --- a/maxkey-authentications/maxkey-authentication-captcha/src/main/java/org/maxkey/autoconfigure/KaptchaAutoConfiguration.java +++ b/maxkey-authentications/maxkey-authentication-captcha/src/main/java/org/maxkey/autoconfigure/KaptchaAutoConfiguration.java @@ -41,7 +41,7 @@ public class KaptchaAutoConfiguration implements InitializingBean { * @return Producer * @throws IOException kaptcha.properties is null */ - @Bean (name = "captchaProducer") + @Bean public Producer captchaProducer() throws IOException { Resource resource = new ClassPathResource(kaptchaPropertySource); _logger.debug("Kaptcha config file " + resource.getURL()); diff --git a/maxkey-authentications/maxkey-authentication-captcha/src/main/java/org/maxkey/web/contorller/ImageCaptcha.java b/maxkey-authentications/maxkey-authentication-captcha/src/main/java/org/maxkey/web/contorller/ImageCaptcha.java index dc083d975d07688f627499a40caa0019896f7071..40d2ce94f2d033844b90bbbbc311c57fba03cb3d 100644 --- a/maxkey-authentications/maxkey-authentication-captcha/src/main/java/org/maxkey/web/contorller/ImageCaptcha.java +++ b/maxkey-authentications/maxkey-authentication-captcha/src/main/java/org/maxkey/web/contorller/ImageCaptcha.java @@ -17,7 +17,9 @@ package org.maxkey.web.contorller; public class ImageCaptcha { + String state; + String image; public ImageCaptcha(String state, String image) { diff --git a/maxkey-authentications/maxkey-authentication-captcha/src/main/java/org/maxkey/web/contorller/ImageCaptchaEndpoint.java b/maxkey-authentications/maxkey-authentication-captcha/src/main/java/org/maxkey/web/contorller/ImageCaptchaEndpoint.java index 2aba59ba2d1afd998351c101e47ccae2abffab3f..85e77ec8d94f64f832131abd35a0a85d0957f886 100644 --- a/maxkey-authentications/maxkey-authentication-captcha/src/main/java/org/maxkey/web/contorller/ImageCaptchaEndpoint.java +++ b/maxkey-authentications/maxkey-authentication-captcha/src/main/java/org/maxkey/web/contorller/ImageCaptchaEndpoint.java @@ -25,7 +25,7 @@ import java.util.Base64; import javax.imageio.ImageIO; import org.apache.commons.lang3.StringUtils; -import org.maxkey.authn.jwt.AuthJwtService; +import org.maxkey.authn.jwt.AuthTokenService; import org.maxkey.entity.Message; import org.maxkey.persistence.MomentaryService; import org.slf4j.Logger; @@ -54,7 +54,7 @@ public class ImageCaptchaEndpoint { protected MomentaryService momentaryService; @Autowired - AuthJwtService authJwtService; + AuthTokenService authTokenService; /** * captcha image Producer. @@ -83,12 +83,12 @@ public class ImageCaptchaEndpoint { String kaptchaKey = ""; if(StringUtils.isNotBlank(state) && !state.equalsIgnoreCase("state") - && authJwtService.validateJwtToken(state)) { + && authTokenService.validateJwtToken(state)) { //just validate state Token }else { - state = authJwtService.genJwt(); + state = authTokenService.genRandomJwt(); } - kaptchaKey = authJwtService.resolveJWTID(state); + kaptchaKey = authTokenService.resolveJWTID(state); _logger.trace("kaptchaKey {} , Captcha Text is {}" ,kaptchaKey, kaptchaValue); momentaryService.put("", kaptchaKey, kaptchaValue); diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java index f287b758e7651918aadeae829976f4f5b137be04..269fe63bf80f322f100406aebc8ab782001fd8f2 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java @@ -19,7 +19,7 @@ package org.maxkey.authn; import java.util.ArrayList; -import org.maxkey.authn.jwt.AuthJwtService; +import org.maxkey.authn.jwt.AuthTokenService; import org.maxkey.authn.realm.AbstractAuthenticationRealm; import org.maxkey.authn.session.Session; import org.maxkey.authn.session.SessionManager; @@ -69,7 +69,7 @@ public abstract class AbstractAuthenticationProvider { protected SessionManager sessionManager; - protected AuthJwtService authJwtService; + protected AuthTokenService authTokenService; public static ArrayList grantedAdministratorsAuthoritys = new ArrayList(); diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/jwt/AuthJwt.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/jwt/AuthJwt.java index 92fc948f4e52f7d6cfe9dd22897e057e20971d44..7dc59645d838a372aebbffc398aeeebaec8e3b80 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/jwt/AuthJwt.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/jwt/AuthJwt.java @@ -31,6 +31,7 @@ public class AuthJwt implements Serializable { private String ticket; private String token; + private String refreshToken; private String type = "Bearer"; private String remeberMe; private String id; @@ -57,10 +58,11 @@ public class AuthJwt implements Serializable { this.authorities = authorities; } - public AuthJwt(String token, Authentication authentication) { + public AuthJwt(String token,String refreshToken, Authentication authentication) { SignPrincipal principal = ((SignPrincipal)authentication.getPrincipal()); this.token = token; + this.refreshToken = refreshToken; this.ticket = principal.getSession().getId(); this.id = principal.getUserInfo().getId(); @@ -166,6 +168,14 @@ public class AuthJwt implements Serializable { this.remeberMe = remeberMe; } + public String getRefreshToken() { + return refreshToken; + } + + public void setRefreshToken(String refreshToken) { + this.refreshToken = refreshToken; + } + @Override public String toString() { StringBuilder builder = new StringBuilder(); diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/jwt/AuthJwtService.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/jwt/AuthJwtService.java index adc76c0fb0cd22c48d9c32c5de1a84393d70c505..f1dadf3dab536f7618f47e2eacac114140806f91 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/jwt/AuthJwtService.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/jwt/AuthJwtService.java @@ -1,99 +1,42 @@ -/* - * Copyright [2022] [MaxKey of copyright http://www.maxkey.top] - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - - package org.maxkey.authn.jwt; import java.text.ParseException; import java.util.Date; -import org.apache.commons.lang3.StringUtils; import org.joda.time.DateTime; import org.maxkey.authn.SignPrincipal; -import org.maxkey.configuration.AuthJwkConfig; import org.maxkey.crypto.jwt.HMAC512Service; import org.maxkey.entity.UserInfo; -import org.maxkey.persistence.MomentaryService; import org.maxkey.web.WebContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.security.core.Authentication; -import com.nimbusds.jose.JOSEException; import com.nimbusds.jose.JWSAlgorithm; import com.nimbusds.jose.JWSHeader; import com.nimbusds.jwt.JWTClaimsSet; import com.nimbusds.jwt.SignedJWT; public class AuthJwtService { - private static final Logger _logger = - LoggerFactory.getLogger(AuthJwtService.class); + private static final Logger _logger = LoggerFactory.getLogger(AuthJwtService.class); HMAC512Service hmac512Service; - AuthJwkConfig authJwkConfig; - - CongressService congressService; - - MomentaryService momentaryService; - - public AuthJwtService(AuthJwkConfig authJwkConfig) throws JOSEException { - this.authJwkConfig = authJwkConfig; - - this.hmac512Service = new HMAC512Service(authJwkConfig.getSecret()); - } - - public AuthJwtService(AuthJwkConfig authJwkConfig,CongressService congressService,MomentaryService momentaryService) throws JOSEException { - this.authJwkConfig = authJwkConfig; - - this.congressService = congressService; - - this.momentaryService = momentaryService; - - this.hmac512Service = new HMAC512Service(authJwkConfig.getSecret()); - } - - /** - * create AuthJwt use Authentication JWT - * @param authentication - * @return AuthJwt - */ - public AuthJwt genAuthJwt(Authentication authentication) { - if(authentication != null) { - return new AuthJwt(genJwt(authentication), authentication); - } - return null; - } - /** * JWT with Authentication * @param authentication * @return */ - public String genJwt(Authentication authentication) { + public String genJwt(Authentication authentication,String issuer,int expires) { SignPrincipal principal = ((SignPrincipal)authentication.getPrincipal()); UserInfo userInfo = principal.getUserInfo(); DateTime currentDateTime = DateTime.now(); - Date expirationTime = currentDateTime.plusSeconds(authJwkConfig.getExpires()).toDate(); - _logger.debug("expiration Time : {}" , expirationTime); String subject = principal.getUsername(); - _logger.trace("jwt subject : {}" , subject); + Date expirationTime = currentDateTime.plusSeconds(expires).toDate(); + _logger.debug("jwt subject : {} , expiration Time : {}" , subject,expirationTime); JWTClaimsSet jwtClaims =new JWTClaimsSet.Builder() - .issuer(authJwkConfig.getIssuer()) + .issuer(issuer) .subject(subject) .jwtID(principal.getSession().getId()) .issueTime(currentDateTime.toDate()) @@ -111,14 +54,13 @@ public class AuthJwtService { * @param subject subject * @return */ - public String genJwt(String subject) { + public String genJwt(String subject,String issuer,int expires) { DateTime currentDateTime = DateTime.now(); - Date expirationTime = currentDateTime.plusSeconds(authJwkConfig.getExpires()).toDate(); - _logger.debug("expiration Time : {}" , expirationTime); - _logger.trace("jwt subject : {}" , subject); + Date expirationTime = currentDateTime.plusSeconds(expires).toDate(); + _logger.trace("jwt subject : {} , expiration Time : {}" , subject,expirationTime); JWTClaimsSet jwtClaims =new JWTClaimsSet.Builder() - .issuer(authJwkConfig.getIssuer()) + .issuer(issuer) .subject(subject) .jwtID(WebContext.genId()) .issueTime(currentDateTime.toDate()) @@ -132,10 +74,9 @@ public class AuthJwtService { * Random JWT * @return */ - public String genJwt() { - DateTime currentDateTime = DateTime.now(); - Date expirationTime = currentDateTime.plusSeconds(authJwkConfig.getExpires()).toDate(); - _logger.debug("expiration Time : {}" , expirationTime); + public String genRandomJwt(int expires) { + Date expirationTime = DateTime.now().plusSeconds(expires).toDate(); + _logger.trace("expiration Time : {}" , expirationTime); JWTClaimsSet jwtClaims =new JWTClaimsSet.Builder() .jwtID(WebContext.genId()) @@ -153,8 +94,25 @@ public class AuthJwtService { return hmac512Service.sign(jwtToken.getPayload()); } + /** + * Verify with HMAC512 and check ExpirationTime + * + * @param authToken + * @return true or false + */ public boolean validateJwtToken(String authToken) { - return hmac512Service.verify(authToken); + try { + JWTClaimsSet claims = resolve(authToken); + boolean isExpiration = claims.getExpirationTime().after(DateTime.now().toDate()); + boolean isVerify = hmac512Service.verify(authToken); + _logger.debug("JWT Verify {} , now {} , ExpirationTime {} , isExpiration : {}" , + isVerify,DateTime.now().toDate(),claims.getExpirationTime(),isExpiration); + return isVerify && isExpiration; + } catch (ParseException e) { + _logger.error("authToken {}",authToken); + _logger.error("ParseException ",e); + } + return false; } public JWTClaimsSet resolve(String authToken) throws ParseException { @@ -167,38 +125,4 @@ public class AuthJwtService { JWTClaimsSet claims = resolve(authToken); return claims.getJWTID(); } - - public String createCongress(Authentication authentication) { - String congress = WebContext.genId(); - congressService.store( - congress, - new AuthJwt( - genJwt(authentication), - authentication) - ); - return congress; - } - - public AuthJwt consumeCongress(String congress) { - AuthJwt authJwt = congressService.consume(congress); - return authJwt; - } - - public boolean validateCaptcha(String state,String captcha) { - try { - String jwtId = resolveJWTID(state); - if(StringUtils.isNotBlank(jwtId) &&StringUtils.isNotBlank(captcha)) { - Object momentaryCaptcha = momentaryService.get("", jwtId); - _logger.debug("captcha : {}, momentary Captcha : {}" ,captcha, momentaryCaptcha); - if (!StringUtils.isBlank(captcha) && captcha.equals(momentaryCaptcha.toString())) { - momentaryService.remove("", jwtId); - return true; - } - } - } catch (ParseException e) { - _logger.debug("Exception ",e); - } - return false; - } - } diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/jwt/AuthRefreshTokenService.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/jwt/AuthRefreshTokenService.java new file mode 100644 index 0000000000000000000000000000000000000000..08383a5151400257d6e0265792b2a80479be4dfb --- /dev/null +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/jwt/AuthRefreshTokenService.java @@ -0,0 +1,51 @@ +/* + * Copyright [2022] [MaxKey of copyright http://www.maxkey.top] + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +package org.maxkey.authn.jwt; + +import org.maxkey.configuration.AuthJwkConfig; +import org.maxkey.crypto.jwt.HMAC512Service; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.security.core.Authentication; + +import com.nimbusds.jose.JOSEException; + +public class AuthRefreshTokenService extends AuthJwtService{ + private static final Logger _logger = LoggerFactory.getLogger(AuthRefreshTokenService.class); + + AuthJwkConfig authJwkConfig; + + public AuthRefreshTokenService(AuthJwkConfig authJwkConfig) throws JOSEException { + this.authJwkConfig = authJwkConfig; + + this.hmac512Service = new HMAC512Service(authJwkConfig.getRefreshSecret()); + } + + /** + * JWT Refresh Token with Authentication + * @param authentication + * @return + */ + public String genRefreshToken(Authentication authentication) { + _logger.trace("gen Refresh Token"); + return genJwt( + authentication, + authJwkConfig.getIssuer(), + authJwkConfig.getRefreshExpires()); + } +} diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/jwt/AuthTokenService.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/jwt/AuthTokenService.java new file mode 100644 index 0000000000000000000000000000000000000000..c87f0787f9f5c61f887ab63dbbe3c75e6e4568d2 --- /dev/null +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/jwt/AuthTokenService.java @@ -0,0 +1,132 @@ +/* + * Copyright [2022] [MaxKey of copyright http://www.maxkey.top] + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +package org.maxkey.authn.jwt; + +import java.text.ParseException; +import org.apache.commons.lang3.StringUtils; +import org.maxkey.configuration.AuthJwkConfig; +import org.maxkey.crypto.jwt.HMAC512Service; +import org.maxkey.persistence.MomentaryService; +import org.maxkey.web.WebContext; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.security.core.Authentication; + +import com.nimbusds.jose.JOSEException; + +public class AuthTokenService extends AuthJwtService{ + private static final Logger _logger = LoggerFactory.getLogger(AuthTokenService.class); + + AuthJwkConfig authJwkConfig; + + CongressService congressService; + + MomentaryService momentaryService; + + AuthRefreshTokenService refreshTokenService; + + public AuthTokenService( + AuthJwkConfig authJwkConfig, + CongressService congressService, + MomentaryService momentaryService, + AuthRefreshTokenService refreshTokenService) throws JOSEException { + + this.authJwkConfig = authJwkConfig; + + this.congressService = congressService; + + this.momentaryService = momentaryService; + + this.refreshTokenService = refreshTokenService; + + this.hmac512Service = new HMAC512Service(authJwkConfig.getSecret()); + + } + + /** + * create AuthJwt use Authentication JWT + * @param authentication + * @return AuthJwt + */ + public AuthJwt genAuthJwt(Authentication authentication) { + if(authentication != null) { + String refreshToken = refreshTokenService.genRefreshToken(authentication); + return new AuthJwt(genJwt(authentication),refreshToken, authentication); + } + return null; + } + + public String genJwt(Authentication authentication) { + return genJwt( authentication,authJwkConfig.getIssuer(),authJwkConfig.getExpires()); + } + + + /** + * JWT with subject + * @param subject subject + * @return + */ + public String genJwt(String subject) { + return genJwt(subject,authJwkConfig.getIssuer(),authJwkConfig.getExpires()); + } + + /** + * Random JWT + * @return + */ + public String genRandomJwt() { + return genRandomJwt(authJwkConfig.getExpires()); + } + + public String createCongress(Authentication authentication) { + String congress = WebContext.genId(); + String refreshToken = refreshTokenService.genRefreshToken(authentication); + congressService.store( + congress, + new AuthJwt( + genJwt(authentication), + refreshToken, + authentication) + ); + return congress; + } + + public AuthJwt consumeCongress(String congress) { + AuthJwt authJwt = congressService.consume(congress); + return authJwt; + } + + public boolean validateCaptcha(String state,String captcha) { + try { + String jwtId = resolveJWTID(state); + if(StringUtils.isNotBlank(jwtId) &&StringUtils.isNotBlank(captcha)) { + Object momentaryCaptcha = momentaryService.get("", jwtId); + _logger.debug("captcha : {}, momentary Captcha : {}" ,captcha, momentaryCaptcha); + if (!StringUtils.isBlank(captcha) && captcha.equals(momentaryCaptcha.toString())) { + momentaryService.remove("", jwtId); + return true; + } + } + } catch (ParseException e) { + _logger.debug("Exception ",e); + } + return false; + } + + +} diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/provider/MfaAuthenticationProvider.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/provider/MfaAuthenticationProvider.java index 4b55aef03bf9d406828cd3412ffa07edaeb7a7bd..632e06f434c47aafda939f9e7b259f3e04f7eb14 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/provider/MfaAuthenticationProvider.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/provider/MfaAuthenticationProvider.java @@ -19,7 +19,7 @@ package org.maxkey.authn.provider; import org.maxkey.authn.AbstractAuthenticationProvider; import org.maxkey.authn.LoginCredential; -import org.maxkey.authn.jwt.AuthJwtService; +import org.maxkey.authn.jwt.AuthTokenService; import org.maxkey.authn.realm.AbstractAuthenticationRealm; import org.maxkey.authn.session.SessionManager; import org.maxkey.configuration.ApplicationConfig; @@ -58,11 +58,11 @@ public class MfaAuthenticationProvider extends AbstractAuthenticationProvider { AbstractAuthenticationRealm authenticationRealm, ApplicationConfig applicationConfig, SessionManager sessionManager, - AuthJwtService authJwtService) { + AuthTokenService authTokenService) { this.authenticationRealm = authenticationRealm; this.applicationConfig = applicationConfig; this.sessionManager = sessionManager; - this.authJwtService = authJwtService; + this.authTokenService = authTokenService; } @Override diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/provider/NormalAuthenticationProvider.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/provider/NormalAuthenticationProvider.java index ecaba5e653022d3c2c1385d869df9df9c26c2e8b..1e359d7213e8786b03686fbfb6aaa038effe74f7 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/provider/NormalAuthenticationProvider.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/provider/NormalAuthenticationProvider.java @@ -20,7 +20,7 @@ package org.maxkey.authn.provider; import java.text.ParseException; import org.maxkey.authn.AbstractAuthenticationProvider; import org.maxkey.authn.LoginCredential; -import org.maxkey.authn.jwt.AuthJwtService; +import org.maxkey.authn.jwt.AuthTokenService; import org.maxkey.authn.realm.AbstractAuthenticationRealm; import org.maxkey.authn.session.SessionManager; import org.maxkey.configuration.ApplicationConfig; @@ -58,11 +58,11 @@ public class NormalAuthenticationProvider extends AbstractAuthenticationProvider AbstractAuthenticationRealm authenticationRealm, ApplicationConfig applicationConfig, SessionManager sessionManager, - AuthJwtService authJwtService) { + AuthTokenService authTokenService) { this.authenticationRealm = authenticationRealm; this.applicationConfig = applicationConfig; this.sessionManager = sessionManager; - this.authJwtService = authJwtService; + this.authTokenService = authTokenService; } @Override @@ -134,7 +134,7 @@ public class NormalAuthenticationProvider extends AbstractAuthenticationProvider */ protected void captchaValid(String state ,String captcha) throws ParseException { // for basic - if(!authJwtService.validateCaptcha(state,captcha)) { + if(!authTokenService.validateCaptcha(state,captcha)) { throw new BadCredentialsException(WebContext.getI18nValue("login.error.captcha")); } } diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/AbstractSessionManager.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/AbstractSessionManager.java index c21afa91a5c02862d7d37e7431f665c82f0b41ed..91ba8c7e840ebb25ca327fea28811014c850d504 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/AbstractSessionManager.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/AbstractSessionManager.java @@ -110,13 +110,13 @@ public class AbstractSessionManager implements SessionManager{ } @Override - public void refresh(String sessionId, LocalTime refreshTime) { - + public Session refresh(String sessionId, LocalTime refreshTime) { + return null; } @Override - public void refresh(String sessionId) { - + public Session refresh(String sessionId) { + return null; } @Override diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/InMemorySessionManager.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/InMemorySessionManager.java index fc791b7f04021a431e054bdae20b223846c613be..61fac2be3eedec23082563f6d19ac20bc6ff0171 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/InMemorySessionManager.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/InMemorySessionManager.java @@ -78,14 +78,15 @@ public class InMemorySessionManager extends AbstractSessionManager{ } @Override - public void refresh(String sessionId,LocalTime refreshTime) { + public Session refresh(String sessionId,LocalTime refreshTime) { Session session = get(sessionId); session.setLastAccessTime(refreshTime); create(sessionId , session); + return session; } @Override - public void refresh(String sessionId) { + public Session refresh(String sessionId) { Session session = get(sessionId); LocalTime currentTime = LocalTime.now(); @@ -95,8 +96,9 @@ public class InMemorySessionManager extends AbstractSessionManager{ if(duration.getSeconds() > Session.MAX_EXPIRY_DURATION) { session.setLastAccessTime(currentTime); - refresh(sessionId,currentTime); + return refresh(sessionId,currentTime); } + return session; } } diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/RedisSessionManager.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/RedisSessionManager.java index 1c6b7164242a3015ae642fddf4b99b6b771ad693..7ca43728fbdb8398e918010713b40a32764207ed 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/RedisSessionManager.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/RedisSessionManager.java @@ -1,5 +1,5 @@ /* - * Copyright [2020] [MaxKey of copyright http://www.maxkey.top] + * Copyright [2022] [MaxKey of copyright http://www.maxkey.top] * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -33,6 +33,11 @@ public class RedisSessionManager extends AbstractSessionManager { RedisConnectionFactory connectionFactory; public static String PREFIX="REDIS_SESSION_"; + + public String getKey(String sessionId) { + return PREFIX + sessionId; + } + /** * @param connectionFactory */ @@ -59,15 +64,15 @@ public class RedisSessionManager extends AbstractSessionManager { @Override public void create(String sessionId, Session session) { RedisConnection conn = connectionFactory.getConnection(); - conn.setexObject(PREFIX + sessionId, validitySeconds, session); + conn.setexObject( getKey(sessionId), validitySeconds, session); conn.close(); } @Override public Session remove(String sessionId) { RedisConnection conn=connectionFactory.getConnection(); - Session ticket = conn.getObject(PREFIX+sessionId); - conn.delete(PREFIX+sessionId); + Session ticket = conn.getObject(getKey(sessionId)); + conn.delete(getKey(sessionId)); conn.close(); return ticket; } @@ -75,7 +80,7 @@ public class RedisSessionManager extends AbstractSessionManager { @Override public Session get(String sessionId) { RedisConnection conn=connectionFactory.getConnection(); - Session session = conn.getObject(PREFIX+sessionId); + Session session = conn.getObject(getKey(sessionId)); conn.close(); return session; } @@ -90,14 +95,15 @@ public class RedisSessionManager extends AbstractSessionManager { } @Override - public void refresh(String sessionId,LocalTime refreshTime) { + public Session refresh(String sessionId,LocalTime refreshTime) { Session session = get(sessionId); session.setLastAccessTime(refreshTime); create(sessionId , session); + return session; } @Override - public void refresh(String sessionId) { + public Session refresh(String sessionId) { Session session = get(sessionId); LocalTime currentTime = LocalTime.now(); @@ -107,8 +113,9 @@ public class RedisSessionManager extends AbstractSessionManager { if(duration.getSeconds() > Session.MAX_EXPIRY_DURATION) { session.setLastAccessTime(currentTime); - refresh(sessionId,currentTime); + return refresh(sessionId,currentTime); } + return session; } diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/Session.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/Session.java index da4217fb6bb82f2309e515b28f6562c82a7a7868..bf17b91df1d6ee2ffb3b113682fe5fd95e5dd0f4 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/Session.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/Session.java @@ -30,7 +30,7 @@ public class Session implements Serializable{ public static final String SESSION_PREFIX = "OT"; - public static final int MAX_EXPIRY_DURATION = 60 * 10; //default 10 minutes. + public static final int MAX_EXPIRY_DURATION = 60 * 5; //default 5 minutes. public String id; diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/SessionManager.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/SessionManager.java index dfde93e68916cc78d8c4e77c767a2c53ba08e060..98a00413c64ab5b8b53ac74b9a37e7ba68ec94b2 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/SessionManager.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/session/SessionManager.java @@ -30,9 +30,9 @@ public interface SessionManager { public Session get(String sessionId); - public void refresh(String sessionId ,LocalTime refreshTime); + public Session refresh(String sessionId ,LocalTime refreshTime); - public void refresh(String sessionId); + public Session refresh(String sessionId); public void setValiditySeconds(int validitySeconds); diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/AbstractRemeberMeService.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/AbstractRemeberMeManager.java similarity index 93% rename from maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/AbstractRemeberMeService.java rename to maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/AbstractRemeberMeManager.java index 91cf8519882a3c27aad46d4174808fd11846856f..3f587f650f96f586ec5a9ff19f0142cecd661fd2 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/AbstractRemeberMeService.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/AbstractRemeberMeManager.java @@ -24,7 +24,7 @@ import javax.servlet.http.HttpServletResponse; import org.joda.time.DateTime; import org.maxkey.authn.SignPrincipal; -import org.maxkey.authn.jwt.AuthJwtService; +import org.maxkey.authn.jwt.AuthTokenService; import org.maxkey.configuration.ApplicationConfig; import org.maxkey.crypto.jwt.HMAC512Service; import org.maxkey.entity.UserInfo; @@ -36,14 +36,14 @@ import org.springframework.security.core.Authentication; import com.nimbusds.jwt.JWTClaimsSet; -public abstract class AbstractRemeberMeService { - private static final Logger _logger = LoggerFactory.getLogger(AbstractRemeberMeService.class); +public abstract class AbstractRemeberMeManager { + private static final Logger _logger = LoggerFactory.getLogger(AbstractRemeberMeManager.class); protected Integer validity = 7; protected ApplicationConfig applicationConfig; - AuthJwtService authJwtService; + AuthTokenService authTokenService; // follow function is for persist public abstract void save(RemeberMe remeberMe); @@ -90,7 +90,7 @@ public abstract class AbstractRemeberMeService { } public RemeberMe resolve(String rememberMeJwt) throws ParseException { - JWTClaimsSet claims = authJwtService.resolve(rememberMeJwt); + JWTClaimsSet claims = authTokenService.resolve(rememberMeJwt); RemeberMe remeberMe = new RemeberMe(); remeberMe.setId(claims.getJWTID()); remeberMe.setUsername(claims.getSubject()); @@ -109,7 +109,7 @@ public abstract class AbstractRemeberMeService { .claim("kid", HMAC512Service.MXK_AUTH_JWK) .build(); - return authJwtService.signedJWT(remeberMeJwtClaims); + return authTokenService.signedJWT(remeberMeJwtClaims); } public Integer getValidity() { diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/InMemoryRemeberMeService.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/InMemoryRemeberMeManager.java similarity index 95% rename from maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/InMemoryRemeberMeService.java rename to maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/InMemoryRemeberMeManager.java index 7e66a7e485c7e60c0e6ce577b233dc2871937c8d..8ea4ee6d35c5cf47ee6787241428f0287b295754 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/InMemoryRemeberMeService.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/InMemoryRemeberMeManager.java @@ -24,7 +24,7 @@ import org.maxkey.constants.ConstsTimeInterval; import com.github.benmanes.caffeine.cache.Cache; import com.github.benmanes.caffeine.cache.Caffeine; -public class InMemoryRemeberMeService extends AbstractRemeberMeService { +public class InMemoryRemeberMeManager extends AbstractRemeberMeManager { protected static final Cache remeberMeStore = Caffeine.newBuilder() diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/JdbcRemeberMeService.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/JdbcRemeberMeManager.java similarity index 93% rename from maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/JdbcRemeberMeService.java rename to maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/JdbcRemeberMeManager.java index 60b4b7b666b85f327aac06011e9de01a2f05240d..2afc41fcff436493e9bfb303e926f6c2bbc3ea9b 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/JdbcRemeberMeService.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/JdbcRemeberMeManager.java @@ -22,15 +22,15 @@ import java.sql.SQLException; import java.sql.Types; import java.util.List; -import org.maxkey.authn.jwt.AuthJwtService; +import org.maxkey.authn.jwt.AuthTokenService; import org.maxkey.configuration.ApplicationConfig; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.jdbc.core.RowMapper; -public class JdbcRemeberMeService extends AbstractRemeberMeService { - private static final Logger _logger = LoggerFactory.getLogger(JdbcRemeberMeService.class); +public class JdbcRemeberMeManager extends AbstractRemeberMeManager { + private static final Logger _logger = LoggerFactory.getLogger(JdbcRemeberMeManager.class); private static final String DEFAULT_DEFAULT_INSERT_STATEMENT = "insert into mxk_remember_me(id, userid,username,lastlogintime,expirationtime)values( ? , ? , ? , ? , ?)"; @@ -47,14 +47,14 @@ public class JdbcRemeberMeService extends AbstractRemeberMeService { private final JdbcTemplate jdbcTemplate; - public JdbcRemeberMeService( + public JdbcRemeberMeManager( JdbcTemplate jdbcTemplate, ApplicationConfig applicationConfig, - AuthJwtService authJwtService, + AuthTokenService authTokenService, int validity) { this.jdbcTemplate = jdbcTemplate; this.applicationConfig = applicationConfig; - this.authJwtService = authJwtService; + this.authTokenService = authTokenService; if(validity != 0) { this.validity = validity; } diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/RemeberMeServiceFactory.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/RemeberMeManagerFactory.java similarity index 85% rename from maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/RemeberMeServiceFactory.java rename to maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/RemeberMeManagerFactory.java index 222d8e21a6cf359badfda9a95a7d48f0b295008f..2a08dd087fc24ccc275040cf688203c2edb75395 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/RemeberMeServiceFactory.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/RemeberMeManagerFactory.java @@ -23,18 +23,18 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.jdbc.core.JdbcTemplate; -public class RemeberMeServiceFactory { +public class RemeberMeManagerFactory { private static final Logger _logger = - LoggerFactory.getLogger(RemeberMeServiceFactory.class); + LoggerFactory.getLogger(RemeberMeManagerFactory.class); - public AbstractRemeberMeService getService( + public AbstractRemeberMeManager getService( int persistence, JdbcTemplate jdbcTemplate, RedisConnectionFactory redisConnFactory){ - AbstractRemeberMeService remeberMeService = null; + AbstractRemeberMeManager remeberMeService = null; if (persistence == ConstsPersistence.INMEMORY) { - remeberMeService = new InMemoryRemeberMeService(); + remeberMeService = new InMemoryRemeberMeManager(); _logger.debug("InMemoryRemeberMeService"); } else if (persistence == ConstsPersistence.JDBC) { //remeberMeService = new JdbcRemeberMeService(jdbcTemplate); diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/AuthorizationUtils.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/AuthorizationUtils.java index 94c3f1cad33983c6472b63b79d2cf42efb528709..bb2b74df87b273a0796fb63a50d2e23e2ad05a09 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/AuthorizationUtils.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/AuthorizationUtils.java @@ -23,7 +23,7 @@ import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import org.maxkey.authn.SignPrincipal; -import org.maxkey.authn.jwt.AuthJwtService; +import org.maxkey.authn.jwt.AuthTokenService; import org.maxkey.authn.session.Session; import org.maxkey.authn.session.SessionManager; import org.maxkey.entity.UserInfo; @@ -41,43 +41,46 @@ public class AuthorizationUtils { public static void authenticateWithCookie( HttpServletRequest request, - AuthJwtService authJwtService, + AuthTokenService authTokenService, SessionManager sessionManager ) throws ParseException{ - if(getAuthentication() == null) { - Cookie authCookie = WebContext.getCookie(request, Authorization_Cookie); - if(authCookie != null ) { - String authorization = authCookie.getValue(); - doJwtAuthenticate(authorization,authJwtService,sessionManager); - _logger.debug("congress automatic authenticated ."); - } - } + Cookie authCookie = WebContext.getCookie(request, Authorization_Cookie); + if(authCookie != null ) { + String authorization = authCookie.getValue(); + doJwtAuthenticate(authorization,authTokenService,sessionManager); + _logger.debug("congress automatic authenticated ."); + } } public static void authenticate( HttpServletRequest request, - AuthJwtService authJwtService, + AuthTokenService authTokenService, SessionManager sessionManager ) throws ParseException{ - if(getAuthentication() == null) { - String authorization = AuthorizationHeaderUtils.resolveBearer(request); - if(authorization != null ) { - doJwtAuthenticate(authorization,authJwtService,sessionManager); - _logger.debug("Authorization automatic authenticated ."); - } - } + String authorization = AuthorizationHeaderUtils.resolveBearer(request); + if(authorization != null ) { + doJwtAuthenticate(authorization,authTokenService,sessionManager); + _logger.debug("Authorization automatic authenticated ."); + } + } public static void doJwtAuthenticate( String authorization, - AuthJwtService authJwtService, + AuthTokenService authTokenService, SessionManager sessionManager) throws ParseException { - if(authJwtService.validateJwtToken(authorization)) { - String sessionId = authJwtService.resolveJWTID(authorization); - Session session = sessionManager.get(sessionId); - if(session != null) { - setAuthentication(session.getAuthentication()); + if(authTokenService.validateJwtToken(authorization)) { + if(isNotAuthenticated()) { + String sessionId = authTokenService.resolveJWTID(authorization); + Session session = sessionManager.get(sessionId); + if(session != null) { + setAuthentication(session.getAuthentication()); + }else { + setAuthentication(null); + } } + }else { + setAuthentication(null); } } diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/LoginRefreshPoint.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/LoginRefreshPoint.java new file mode 100644 index 0000000000000000000000000000000000000000..9e114af859574245be5eee1b7fbaa5c4f7638f2f --- /dev/null +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/LoginRefreshPoint.java @@ -0,0 +1,57 @@ +package org.maxkey.authn.web; + +import org.maxkey.authn.jwt.AuthJwt; +import org.maxkey.authn.jwt.AuthRefreshTokenService; +import org.maxkey.authn.jwt.AuthTokenService; +import org.maxkey.authn.session.Session; +import org.maxkey.authn.session.SessionManager; +import org.maxkey.entity.Message; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.HttpStatus; +import org.springframework.http.MediaType; +import org.springframework.http.ResponseEntity; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestHeader; +import org.springframework.web.bind.annotation.RequestMapping; + +@Controller +@RequestMapping(value = "/auth") +public class LoginRefreshPoint { + private static final Logger _logger = LoggerFactory.getLogger(LoginRefreshPoint.class); + + @Autowired + AuthTokenService authTokenService; + + @Autowired + AuthRefreshTokenService refreshTokenService; + + @Autowired + SessionManager sessionManager; + + @RequestMapping(value={"/token/refresh"}, produces = {MediaType.APPLICATION_JSON_VALUE}) + public ResponseEntity refresh( + @RequestHeader(name = "refresh_token", required = true) String refreshToken) { + _logger.trace("refresh token {} " , refreshToken); + try { + if(refreshTokenService.validateJwtToken(refreshToken)) { + String sessionId = refreshTokenService.resolveJWTID(refreshToken); + _logger.trace("Try to refresh sessionId [{}]" , sessionId); + Session session = sessionManager.refresh(sessionId); + if(session != null) { + AuthJwt authJwt = authTokenService.genAuthJwt(session.getAuthentication()); + _logger.trace("Grant new token {}" , authJwt); + return new Message(authJwt).buildResponse(); + }else { + _logger.debug("Session is timeout , sessionId [{}]" , sessionId); + } + }else { + _logger.trace("refresh token is not validate ."); + } + }catch(Exception e) { + _logger.error("Refresh Exception !",e); + } + return new ResponseEntity<>("Refresh Token Fail !", HttpStatus.UNAUTHORIZED); + } +} diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/UnauthorizedEntryPoint.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/UnauthorizedEntryPoint.java index 7cf317864ff5c1cd5a2a8506aa4d186a3a815d86..5d307f11ee92b7834280d0594484c15c45026be9 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/UnauthorizedEntryPoint.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/UnauthorizedEntryPoint.java @@ -35,10 +35,11 @@ import com.fasterxml.jackson.databind.DatabindException; import com.fasterxml.jackson.databind.ObjectMapper; @Controller +@RequestMapping(value = "/auth") public class UnauthorizedEntryPoint { private static final Logger _logger = LoggerFactory.getLogger(UnauthorizedEntryPoint.class); - @RequestMapping(value={"/auth/entrypoint"}) + @RequestMapping(value={"/entrypoint"}) public void entryPoint( HttpServletRequest request, HttpServletResponse response) throws StreamWriteException, DatabindException, IOException { diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/interceptor/PermissionInterceptor.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/interceptor/PermissionInterceptor.java index 158b713323c6e1b6c8c72e54432a2d007aa6f590..6e845c2934062d24e2499483b2777fc6192c68cf 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/interceptor/PermissionInterceptor.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/interceptor/PermissionInterceptor.java @@ -22,7 +22,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.maxkey.authn.SignPrincipal; -import org.maxkey.authn.jwt.AuthJwtService; +import org.maxkey.authn.jwt.AuthTokenService; import org.maxkey.authn.session.SessionManager; import org.maxkey.authn.web.AuthorizationUtils; import org.maxkey.configuration.ApplicationConfig; @@ -47,7 +47,7 @@ public class PermissionInterceptor implements AsyncHandlerInterceptor { SessionManager sessionManager; @Autowired - AuthJwtService authJwtService ; + AuthTokenService authTokenService ; boolean mgmt = false; @@ -59,7 +59,7 @@ public class PermissionInterceptor implements AsyncHandlerInterceptor { @Override public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception { _logger.trace("Permission Interceptor ."); - AuthorizationUtils.authenticate(request, authJwtService, sessionManager); + AuthorizationUtils.authenticate(request, authTokenService, sessionManager); SignPrincipal principal = AuthorizationUtils.getPrincipal(); //判断用户是否登录,判断用户是否登录用户 if(principal == null){ diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/autoconfigure/AuthenticationAutoConfiguration.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/autoconfigure/AuthenticationAutoConfiguration.java index 4c714cff6324c609d9f111947bf9cbe6cbb1a59e..1e451cb62a74ba86153ecf966ade9e4c9e5c9a9a 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/autoconfigure/AuthenticationAutoConfiguration.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/autoconfigure/AuthenticationAutoConfiguration.java @@ -19,7 +19,8 @@ package org.maxkey.autoconfigure; import org.maxkey.authn.AbstractAuthenticationProvider; import org.maxkey.authn.SavedRequestAwareAuthenticationSuccessHandler; -import org.maxkey.authn.jwt.AuthJwtService; +import org.maxkey.authn.jwt.AuthRefreshTokenService; +import org.maxkey.authn.jwt.AuthTokenService; import org.maxkey.authn.jwt.CongressService; import org.maxkey.authn.jwt.InMemoryCongressService; import org.maxkey.authn.jwt.RedisCongressService; @@ -30,8 +31,8 @@ import org.maxkey.authn.provider.TrustedAuthenticationProvider; import org.maxkey.authn.realm.AbstractAuthenticationRealm; import org.maxkey.authn.session.SessionManager; import org.maxkey.authn.session.SessionManagerFactory; -import org.maxkey.authn.support.rememberme.AbstractRemeberMeService; -import org.maxkey.authn.support.rememberme.JdbcRemeberMeService; +import org.maxkey.authn.support.rememberme.AbstractRemeberMeManager; +import org.maxkey.authn.support.rememberme.JdbcRemeberMeManager; import org.maxkey.authn.web.HttpSessionListenerAdapter; import org.maxkey.configuration.ApplicationConfig; import org.maxkey.configuration.AuthJwkConfig; @@ -89,14 +90,14 @@ public class AuthenticationAutoConfiguration implements InitializingBean { AbstractAuthenticationRealm authenticationRealm, ApplicationConfig applicationConfig, SessionManager sessionManager, - AuthJwtService authJwtService + AuthTokenService authTokenService ) { _logger.debug("init authentication Provider ."); return new NormalAuthenticationProvider( authenticationRealm, applicationConfig, sessionManager, - authJwtService + authTokenService ); } @@ -131,10 +132,11 @@ public class AuthenticationAutoConfiguration implements InitializingBean { } @Bean - public AuthJwtService authJwtService( + public AuthTokenService authTokenService( AuthJwkConfig authJwkConfig, RedisConnectionFactory redisConnFactory, MomentaryService momentaryService, + AuthRefreshTokenService refreshTokenService, @Value("${maxkey.server.persistence}") int persistence) throws JOSEException { CongressService congressService; if (persistence == ConstsPersistence.REDIS) { @@ -143,9 +145,20 @@ public class AuthenticationAutoConfiguration implements InitializingBean { congressService = new InMemoryCongressService(); } - AuthJwtService authJwtService = new AuthJwtService(authJwkConfig,congressService,momentaryService); + AuthTokenService authTokenService = + new AuthTokenService( + authJwkConfig, + congressService, + momentaryService, + refreshTokenService + ); - return authJwtService; + return authTokenService; + } + + @Bean + public AuthRefreshTokenService refreshTokenService(AuthJwkConfig authJwkConfig) throws JOSEException { + return new AuthRefreshTokenService(authJwkConfig); } @Bean(name = "otpAuthnService") @@ -196,21 +209,20 @@ public class AuthenticationAutoConfiguration implements InitializingBean { return sessionManager; } - /** * remeberMeService . * @return */ @Bean - public AbstractRemeberMeService remeberMeService( + public AbstractRemeberMeManager remeberMeManager( @Value("${maxkey.server.persistence}") int persistence, @Value("${maxkey.login.remeberme.validity}") int validity, ApplicationConfig applicationConfig, - AuthJwtService authJwtService, + AuthTokenService authTokenService, JdbcTemplate jdbcTemplate) { - _logger.trace("init remeberMeService , validity {}." , validity); - return new JdbcRemeberMeService( - jdbcTemplate,applicationConfig,authJwtService,validity); + _logger.trace("init RemeberMeManager , validity {}." , validity); + return new JdbcRemeberMeManager( + jdbcTemplate,applicationConfig,authTokenService,validity); } @Bean diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/autoconfigure/JwtAuthnAutoConfiguration.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/autoconfigure/JwtAuthnAutoConfiguration.java index 346bfae1f73a71d6b8fd928727bbe3224bb86be9..e3ad0f1f8b271301c387a88d70b38f9e64f41a73 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/autoconfigure/JwtAuthnAutoConfiguration.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/autoconfigure/JwtAuthnAutoConfiguration.java @@ -41,7 +41,7 @@ public class JwtAuthnAutoConfiguration implements InitializingBean { * jwt Login JwkSetKeyStore. * @return */ - @Bean(name = "jwtLoginJwkSetKeyStore") + @Bean public JWKSetKeyStore jwtLoginJwkSetKeyStore() { JWKSetKeyStore jwkSetKeyStore = new JWKSetKeyStore(); ClassPathResource classPathResource = new ClassPathResource("/config/loginjwkkeystore.jwks"); @@ -57,7 +57,7 @@ public class JwtAuthnAutoConfiguration implements InitializingBean { * @throws InvalidKeySpecException * @throws NoSuchAlgorithmException */ - @Bean(name = "jwtLoginValidationService") + @Bean public DefaultJwtSigningAndValidationService jwtLoginValidationService( JWKSetKeyStore jwtLoginJwkSetKeyStore) throws NoSuchAlgorithmException, InvalidKeySpecException, JOSEException { @@ -73,7 +73,7 @@ public class JwtAuthnAutoConfiguration implements InitializingBean { * Jwt LoginService. * @return */ - @Bean(name = "jwtLoginService") + @Bean public JwtLoginService jwtLoginService( @Value("${maxkey.login.jwt.issuer}") String issuer, diff --git a/maxkey-authentications/maxkey-authentication-social/src/main/java/org/maxkey/authn/support/socialsignon/AbstractSocialSignOnEndpoint.java b/maxkey-authentications/maxkey-authentication-social/src/main/java/org/maxkey/authn/support/socialsignon/AbstractSocialSignOnEndpoint.java index 4de5387958506edb614a16cad01698235d4ebf0c..0239ae7258cd648d646d971cc89d510b23809e08 100644 --- a/maxkey-authentications/maxkey-authentication-social/src/main/java/org/maxkey/authn/support/socialsignon/AbstractSocialSignOnEndpoint.java +++ b/maxkey-authentications/maxkey-authentication-social/src/main/java/org/maxkey/authn/support/socialsignon/AbstractSocialSignOnEndpoint.java @@ -21,7 +21,7 @@ package org.maxkey.authn.support.socialsignon; import org.maxkey.authn.AbstractAuthenticationProvider; -import org.maxkey.authn.jwt.AuthJwtService; +import org.maxkey.authn.jwt.AuthTokenService; import org.maxkey.authn.support.socialsignon.service.SocialSignOnProviderService; import org.maxkey.authn.support.socialsignon.service.SocialsAssociateService; import org.maxkey.configuration.ApplicationConfig; @@ -59,7 +59,7 @@ public class AbstractSocialSignOnEndpoint { AbstractAuthenticationProvider authenticationProvider ; @Autowired - AuthJwtService authJwtService; + AuthTokenService authTokenService; @Autowired ApplicationConfig applicationConfig; diff --git a/maxkey-authentications/maxkey-authentication-social/src/main/java/org/maxkey/authn/support/socialsignon/SocialSignOnEndpoint.java b/maxkey-authentications/maxkey-authentication-social/src/main/java/org/maxkey/authn/support/socialsignon/SocialSignOnEndpoint.java index e23d470fdbab2e2278302b6c2dfde792e6e654a4..076b09dfc8c509a95f090b51b07c2b118033bd4d 100644 --- a/maxkey-authentications/maxkey-authentication-social/src/main/java/org/maxkey/authn/support/socialsignon/SocialSignOnEndpoint.java +++ b/maxkey-authentications/maxkey-authentication-social/src/main/java/org/maxkey/authn/support/socialsignon/SocialSignOnEndpoint.java @@ -59,7 +59,7 @@ public class SocialSignOnEndpoint extends AbstractSocialSignOnEndpoint{ ) { _logger.trace("SocialSignOn provider : " + provider); String instId = WebContext.getInst().getId(); - String authorizationUrl = buildAuthRequest(instId,provider).authorize(authJwtService.genJwt()); + String authorizationUrl = buildAuthRequest(instId,provider).authorize(authTokenService.genRandomJwt()); _logger.trace("authorize SocialSignOn : " + authorizationUrl); return new Message((Object)authorizationUrl).buildResponse(); } @@ -75,7 +75,7 @@ public class SocialSignOnEndpoint extends AbstractSocialSignOnEndpoint{ if(authRequest == null ) { _logger.error("build authRequest fail ."); } - String state = authJwtService.genJwt(); + String state = authTokenService.genRandomJwt(); authRequest.authorize(state); SocialsProvider socialSignOnProvider = socialSignOnProviderService.get(instId,provider); @@ -139,7 +139,7 @@ public class SocialSignOnEndpoint extends AbstractSocialSignOnEndpoint{ //socialsAssociate.setExAttribute(JsonUtils.object2Json(accessToken.getResponseObject())); this.socialsAssociateService.update(socialsAssociate); - return new Message(authJwtService.genAuthJwt(authentication)).buildResponse(); + return new Message(authTokenService.genAuthJwt(authentication)).buildResponse(); }catch(Exception e) { _logger.error("callback Exception ",e); return new Message(Message.ERROR).buildResponse(); diff --git a/maxkey-core/src/main/java/org/maxkey/autoconfigure/ApplicationAutoConfiguration.java b/maxkey-core/src/main/java/org/maxkey/autoconfigure/ApplicationAutoConfiguration.java index 331eeaf305ef4db05ba0b8a4d2554be3a1fc9324..e1eaac0a6a634579ea1227a70bdad20f0663ce45 100644 --- a/maxkey-core/src/main/java/org/maxkey/autoconfigure/ApplicationAutoConfiguration.java +++ b/maxkey-core/src/main/java/org/maxkey/autoconfigure/ApplicationAutoConfiguration.java @@ -62,22 +62,22 @@ public class ApplicationAutoConfiguration implements InitializingBean { private static final Logger _logger = LoggerFactory.getLogger(ApplicationAutoConfiguration.class); - @Bean(name = "passwordReciprocal") + @Bean public PasswordReciprocal passwordReciprocal() { return new PasswordReciprocal(); } - @Bean(name = "transactionManager") + @Bean public DataSourceTransactionManager transactionManager(DataSource dataSource) { return new DataSourceTransactionManager(dataSource); } - @Bean(name = "institutionsRepository") - public InstitutionsRepository InstitutionsRepository(JdbcTemplate jdbcTemplate) { + @Bean + public InstitutionsRepository institutionsRepository(JdbcTemplate jdbcTemplate) { return new InstitutionsRepository(jdbcTemplate); } - @Bean(name = "localizationRepository") + @Bean public LocalizationRepository localizationRepository(JdbcTemplate jdbcTemplate, InstitutionsRepository institutionsRepository) { return new LocalizationRepository(jdbcTemplate,institutionsRepository); @@ -87,7 +87,7 @@ public class ApplicationAutoConfiguration implements InitializingBean { * Authentication Password Encoder . * @return */ - @Bean(name = "passwordEncoder") + @Bean public PasswordEncoder passwordEncoder() { String idForEncode = "bcrypt"; Map encoders = new HashMap(); @@ -127,7 +127,7 @@ public class ApplicationAutoConfiguration implements InitializingBean { * keyStoreLoader . * @return */ - @Bean(name = "keyStoreLoader") + @Bean public KeyStoreLoader keyStoreLoader( @Value("${maxkey.saml.v20.idp.issuing.entity.id}") String entityName, @Value("${maxkey.saml.v20.idp.keystore.password}") String keystorePassword, @@ -143,7 +143,7 @@ public class ApplicationAutoConfiguration implements InitializingBean { * spKeyStoreLoader . * @return */ - @Bean(name = "spKeyStoreLoader") + @Bean public KeyStoreLoader spKeyStoreLoader( @Value("${maxkey.saml.v20.sp.issuing.entity.id}") String entityName, @Value("${maxkey.saml.v20.sp.keystore.password}") String keystorePassword, @@ -159,17 +159,17 @@ public class ApplicationAutoConfiguration implements InitializingBean { * spKeyStoreLoader . * @return */ - @Bean(name = "spIssuingEntityName") + @Bean public String spIssuingEntityName( @Value("${maxkey.saml.v20.sp.issuing.entity.id}") String spIssuingEntityName) { return spIssuingEntityName; } /** - * spKeyStoreLoader . + * Id Generator . * @return */ - @Bean(name = "idGenerator") + @Bean public IdGenerator idGenerator( @Value("${maxkey.id.strategy:SnowFlake}") String strategy, @Value("${maxkey.id.datacenterId:0}") int datacenterId, @@ -182,7 +182,7 @@ public class ApplicationAutoConfiguration implements InitializingBean { } - @Bean(name = "momentaryService") + @Bean public MomentaryService momentaryService( RedisConnectionFactory redisConnFactory, @Value("${maxkey.server.persistence}") int persistence) throws JOSEException { diff --git a/maxkey-core/src/main/java/org/maxkey/configuration/ApplicationConfig.java b/maxkey-core/src/main/java/org/maxkey/configuration/ApplicationConfig.java index da711d228f0dbd8fea7a0a842ce0aa70154fe631..cf18c02169531f438789ebcadedd0fd4c9fbb5bf 100644 --- a/maxkey-core/src/main/java/org/maxkey/configuration/ApplicationConfig.java +++ b/maxkey-core/src/main/java/org/maxkey/configuration/ApplicationConfig.java @@ -37,16 +37,7 @@ import org.springframework.stereotype.Component; @Configuration public class ApplicationConfig { - @Autowired - EmailConfig emailConfig; - - @Autowired - CharacterEncodingConfig characterEncodingConfig; - - @Autowired - LoginConfig loginConfig; - - @Value("${maxkey.server.basedomain}") + @Value("${maxkey.server.basedomain}") String baseDomainName; @Value("${maxkey.server.domain}") @@ -83,6 +74,17 @@ public class ApplicationConfig { private boolean noticesVisible; public static String databaseProduct = "MySQL"; + + @Autowired + EmailConfig emailConfig; + + @Autowired + CharacterEncodingConfig characterEncodingConfig; + + @Autowired + LoginConfig loginConfig; + + public int getPort() { diff --git a/maxkey-core/src/main/java/org/maxkey/configuration/AuthJwkConfig.java b/maxkey-core/src/main/java/org/maxkey/configuration/AuthJwkConfig.java index 9dcbecd32efe1fb39edc6482b36cc0be477c74e9..00a2d121d4e9cef990a24a42edf43930a63cc0c5 100644 --- a/maxkey-core/src/main/java/org/maxkey/configuration/AuthJwkConfig.java +++ b/maxkey-core/src/main/java/org/maxkey/configuration/AuthJwkConfig.java @@ -25,9 +25,6 @@ import org.springframework.stereotype.Component; @Configuration public class AuthJwkConfig { - @Value("${maxkey.auth.jwt.issuer:https://sso.maxkey.top/}") - String issuer; - @Value("${maxkey.auth.jwt.expires:86400}") int expires; @@ -35,10 +32,13 @@ public class AuthJwkConfig { String secret; @Value("${maxkey.session.timeout}") - String refreshExpire; + int refreshExpires; @Value("${maxkey.auth.jwt.refresh.secret}") String refreshSecret; + + @Value("${maxkey.auth.jwt.issuer:https://sso.maxkey.top/}") + String issuer; public AuthJwkConfig() { super(); @@ -52,7 +52,6 @@ public class AuthJwkConfig { this.issuer = issuer; } - public int getExpires() { return expires; @@ -69,6 +68,22 @@ public class AuthJwkConfig { public void setSecret(String secret) { this.secret = secret; } + + public int getRefreshExpires() { + return refreshExpires; + } + + public void setRefreshExpires(int refreshExpires) { + this.refreshExpires = refreshExpires; + } + + public String getRefreshSecret() { + return refreshSecret; + } + + public void setRefreshSecret(String refreshSecret) { + this.refreshSecret = refreshSecret; + } @Override public String toString() { diff --git a/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java b/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java index df305119fca34fd4a7f66a8b09c3eaca77fff4d9..5ac5fb323e7417259f4b872c52ddac8b2c0a032d 100644 --- a/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java @@ -45,15 +45,12 @@ public class AuthorizeBaseEndpoint { final static Logger _logger = LoggerFactory.getLogger(AuthorizeBaseEndpoint.class); @Autowired - @Qualifier("applicationConfig") protected ApplicationConfig applicationConfig; @Autowired - @Qualifier("appsService") protected AppsService appsService; @Autowired - @Qualifier("accountsService") protected AccountsService accountsService; protected Apps getApp(String id){ diff --git a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasBaseAuthorizeEndpoint.java b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasBaseAuthorizeEndpoint.java index 14ff223949617423ced8f63d8e43a720bbb29c79..39104e08cc21da5a833addd81f9bc73b733ee8d1 100644 --- a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasBaseAuthorizeEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasBaseAuthorizeEndpoint.java @@ -33,11 +33,9 @@ public class CasBaseAuthorizeEndpoint extends AuthorizeBaseEndpoint{ final static Logger _logger = LoggerFactory.getLogger(CasBaseAuthorizeEndpoint.class); @Autowired - @Qualifier("appsCasDetailsService") protected AppsCasDetailsService casDetailsService; @Autowired - @Qualifier("userInfoService") protected UserInfoService userInfoService; @Autowired diff --git a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/consumer/endpoint/ConsumerEndpoint.java b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/consumer/endpoint/ConsumerEndpoint.java index 0107219208676830cc3850e66b34f82c1877804c..92151cf2f9e228c72ae2ebdada57e841b25af7e1 100644 --- a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/consumer/endpoint/ConsumerEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/consumer/endpoint/ConsumerEndpoint.java @@ -33,7 +33,7 @@ import org.apache.commons.lang.Validate; import org.maxkey.authn.AbstractAuthenticationProvider; import org.maxkey.authn.LoginCredential; import org.maxkey.authn.jwt.AuthJwt; -import org.maxkey.authn.jwt.AuthJwtService; +import org.maxkey.authn.jwt.AuthTokenService; import org.maxkey.authz.saml.common.EndpointGenerator; import org.maxkey.authz.saml.common.TrustResolver; import org.maxkey.authz.saml.service.IDService; @@ -120,7 +120,7 @@ public class ConsumerEndpoint { private MessageReplayRule messageReplayRule; @Autowired - AuthJwtService authJwtService; + AuthTokenService authJwtService; EndpointGenerator endpointGenerator; AuthnRequestGenerator authnRequestGenerator; diff --git a/maxkey-web-frontend/maxkey-web-app/src/app/core/net/default.interceptor.ts b/maxkey-web-frontend/maxkey-web-app/src/app/core/net/default.interceptor.ts index 71ae00374b0d5fd8b12ecf0ba8e8a95d322cf00b..53249e6b20bf92c809d053ff98beba8c81bffbdc 100644 --- a/maxkey-web-frontend/maxkey-web-app/src/app/core/net/default.interceptor.ts +++ b/maxkey-web-frontend/maxkey-web-app/src/app/core/net/default.interceptor.ts @@ -13,9 +13,12 @@ import { DA_SERVICE_TOKEN, ITokenService } from '@delon/auth'; import { ALAIN_I18N_TOKEN, _HttpClient } from '@delon/theme'; import { environment } from '@env/environment'; import { NzNotificationService } from 'ng-zorro-antd/notification'; +import { CookieService } from 'ngx-cookie-service'; import { BehaviorSubject, Observable, of, throwError } from 'rxjs'; import { catchError, filter, mergeMap, switchMap, take } from 'rxjs/operators'; +import { CONSTS } from '../../shared/consts'; + const CODEMESSAGE: { [key: number]: string } = { 200: '服务器成功返回请求的数据。', 201: '新建或修改数据成功。', @@ -54,6 +57,10 @@ export class DefaultInterceptor implements HttpInterceptor { return this.injector.get(NzNotificationService); } + private get cookieService(): CookieService { + return this.injector.get(CookieService); + } + private get tokenSrv(): ITokenService { return this.injector.get(DA_SERVICE_TOKEN); } @@ -80,17 +87,18 @@ export class DefaultInterceptor implements HttpInterceptor { */ private refreshTokenRequest(): Observable { const model = this.tokenSrv.get(); - return this.http.post(`/api/auth/refresh`, null, null, { headers: { refresh_token: model?.['refresh_token'] || '' } }); + return this.http.post(`/auth/token/refresh`, null, null, { headers: { refresh_token: model?.['refreshToken'] || '' } }); } // #region 刷新Token方式一:使用 401 重新刷新 Token private tryRefreshToken(ev: HttpResponseBase, req: HttpRequest, next: HttpHandler): Observable { // 1、若请求为刷新Token请求,表示来自刷新Token可以直接跳转登录页 - if ([`/api/auth/refresh`].some(url => req.url.includes(url))) { + if ([`/auth/token/refresh`].some(url => req.url.includes(url))) { this.toLogin(); return throwError(ev); } + // 2、如果 `refreshToking` 为 `true` 表示已经在请求刷新 Token 中,后续所有请求转入等待状态,直至结果返回后再重新发起请求 if (this.refreshToking) { return this.refreshToken$.pipe( @@ -99,17 +107,20 @@ export class DefaultInterceptor implements HttpInterceptor { switchMap(() => next.handle(this.reAttachToken(req))) ); } + // 3、尝试调用刷新 Token this.refreshToking = true; this.refreshToken$.next(null); return this.refreshTokenRequest().pipe( switchMap(res => { + console.log(res.data); // 通知后续请求继续执行 this.refreshToking = false; - this.refreshToken$.next(res); + this.refreshToken$.next(res.data.refreshToken); + this.cookieService.set(CONSTS.CONGRESS, res.data.token); // 重新保存新 token - this.tokenSrv.set(res); + this.tokenSrv.set(res.data); // 重新发起请求 return next.handle(this.reAttachToken(req)); }), @@ -127,6 +138,7 @@ export class DefaultInterceptor implements HttpInterceptor { * > 由于已经发起的请求,不会再走一遍 `@delon/auth` 因此需要结合业务情况重新附加新的 Token */ private reAttachToken(req: HttpRequest): HttpRequest { + //console.log('reAttachToken'); // 以下示例是以 NG-ALAIN 默认使用 `SimpleInterceptor` const token = this.tokenSrv.get()?.token; return req.clone({ diff --git a/maxkey-web-frontend/maxkey-web-app/src/environments/environment.ts b/maxkey-web-frontend/maxkey-web-app/src/environments/environment.ts index 0764ccb0794b281ab1c2a59cc99a2a197df2fe11..7eda9908eeda6ace1462ac557c8ab351dc905084 100644 --- a/maxkey-web-frontend/maxkey-web-app/src/environments/environment.ts +++ b/maxkey-web-frontend/maxkey-web-app/src/environments/environment.ts @@ -13,7 +13,7 @@ export const environment = { api: { baseUrl: 'http://sso.maxkey.top:8080/maxkey', refreshTokenEnabled: true, - refreshTokenType: 'auth-refresh' + refreshTokenType: 're-request' }, modules: [DelonMockModule.forRoot({ data: MOCKDATA })] } as Environment; diff --git a/maxkey-web-frontend/maxkey-web-mgt-app/src/app/core/net/default.interceptor.ts b/maxkey-web-frontend/maxkey-web-mgt-app/src/app/core/net/default.interceptor.ts index 63d0bc9d74a9f9d69b33d1a03c85807bf87e5b2b..8e5cee1e6d4b199704cc94f1c65b491d9a1b0561 100644 --- a/maxkey-web-frontend/maxkey-web-mgt-app/src/app/core/net/default.interceptor.ts +++ b/maxkey-web-frontend/maxkey-web-mgt-app/src/app/core/net/default.interceptor.ts @@ -80,14 +80,14 @@ export class DefaultInterceptor implements HttpInterceptor { */ private refreshTokenRequest(): Observable { const model = this.tokenSrv.get(); - return this.http.post(`/api/auth/refresh`, null, null, { headers: { refresh_token: model?.['refresh_token'] || '' } }); + return this.http.post(`/auth/token/refresh`, null, null, { headers: { refresh_token: model?.['refresh_token'] || '' } }); } // #region 刷新Token方式一:使用 401 重新刷新 Token private tryRefreshToken(ev: HttpResponseBase, req: HttpRequest, next: HttpHandler): Observable { // 1、若请求为刷新Token请求,表示来自刷新Token可以直接跳转登录页 - if ([`/api/auth/refresh`].some(url => req.url.includes(url))) { + if ([`/auth/token/refresh`].some(url => req.url.includes(url))) { this.toLogin(); return throwError(ev); } diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java index 1ccee5d73f4ec1d11d6328599a93c716d87e0366..bec46d7d72f64280f7ef7ca918d4910ee9d9b858 100644 --- a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java +++ b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java @@ -77,7 +77,7 @@ public class MaxKeyConfig implements InitializingBean { private static final Logger _logger = LoggerFactory.getLogger(MaxKeyConfig.class); - @Bean(name = "otpKeyUriFormat") + @Bean public OtpKeyUriFormat otpKeyUriFormat( @Value("${maxkey.otp.policy.type:totp}") String type, @@ -96,7 +96,7 @@ public class MaxKeyConfig implements InitializingBean { } //可以在此实现其他的登陆认证方式,请实现AbstractAuthenticationRealm - @Bean(name = "authenticationRealm") + @Bean public JdbcAuthenticationRealm authenticationRealm( PasswordEncoder passwordEncoder, PasswordPolicyValidator passwordPolicyValidator, @@ -120,7 +120,7 @@ public class MaxKeyConfig implements InitializingBean { return authenticationRealm; } - @Bean(name = "timeBasedOtpAuthn") + @Bean public TimeBasedOtpAuthn timeBasedOtpAuthn( @Value("${maxkey.otp.policy.digits:6}") int digits, @@ -131,8 +131,8 @@ public class MaxKeyConfig implements InitializingBean { return tfaOtpAuthn; } - @Bean(name = "tfaOtpAuthn") - public AbstractOtpAuthn tfaOptAuthn( + @Bean + public AbstractOtpAuthn tfaOtpAuthn( @Value("${maxkey.login.mfa.type}")String mfaType, @Value("${maxkey.otp.policy.digits:6}") int digits, @@ -152,7 +152,7 @@ public class MaxKeyConfig implements InitializingBean { return tfaOtpAuthn; } - @Bean(name = "mailOtpAuthn") + @Bean public MailOtpAuthn mailOtpAuthn( EmailConfig emailConfig, @Value("${spring.mail.properties.mailotp.message.subject}") @@ -185,7 +185,7 @@ public class MaxKeyConfig implements InitializingBean { } - @Bean(name = "kerberosService") + @Bean public RemoteKerberosService kerberosService( @Value("${maxkey.login.kerberos.default.userdomain}") String userDomain, diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyMvcConfig.java b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyMvcConfig.java index 91215c4efbc1239be9f1b0307a7785025a9c7825..6d1a65f3bea2a4b12667e8c2fc92b42759736595 100644 --- a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyMvcConfig.java +++ b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyMvcConfig.java @@ -46,6 +46,15 @@ import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; @EnableWebMvc public class MaxKeyMvcConfig implements WebMvcConfigurer { private static final Logger _logger = LoggerFactory.getLogger(MaxKeyMvcConfig.class); + + @Value("${maxkey.login.basic.enable:false}") + private boolean basicEnable; + + @Value("${maxkey.login.httpheader.enable:false}") + private boolean httpHeaderEnable; + + @Value("${maxkey.login.httpheader.headername:iv-user}") + private String httpHeaderName; @Autowired ApplicationConfig applicationConfig; @@ -69,15 +78,6 @@ public class MaxKeyMvcConfig implements WebMvcConfigurer { @Autowired HistorySignOnAppInterceptor historySignOnAppInterceptor; - @Value("${maxkey.login.httpheader.enable:false}") - private boolean httpHeaderEnable; - - @Value("${maxkey.login.httpheader.headername:iv-user}") - private String httpHeaderName; - - @Value("${maxkey.login.basic.enable:false}") - private boolean basicEnable; - @Override public void addResourceHandlers(ResourceHandlerRegistry registry) { _logger.debug("addResourceHandlers"); diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/AppListController.java b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/AppListController.java index 1201b8cd1f509f92490ba1bf2d8b83102e071ec7..7a15bdd8af4bbd9c9ca98c05a31c6c94f9bfbd4c 100644 --- a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/AppListController.java +++ b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/AppListController.java @@ -20,6 +20,7 @@ package org.maxkey.web.contorller; import java.util.List; import org.maxkey.authn.annotation.CurrentUser; +import org.maxkey.authn.web.AuthorizationUtils; import org.maxkey.constants.ConstsStatus; import org.maxkey.crypto.password.PasswordReciprocal; import org.maxkey.entity.Accounts; @@ -78,6 +79,7 @@ public class AppListController { for (UserApps app : appList) { app.transIconBase64(); } + //AuthorizationUtils.setAuthentication(null); return new Message>(appList).buildResponse(); } diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/ForgotPasswordContorller.java b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/ForgotPasswordContorller.java index fecc56a0ef6bf13dce4fb7c1a1abd7a77c285111..a94de9933ec699cd9cbeec7bed9e9723e29fee4b 100644 --- a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/ForgotPasswordContorller.java +++ b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/ForgotPasswordContorller.java @@ -20,7 +20,7 @@ package org.maxkey.web.contorller; import java.util.regex.Pattern; import org.apache.commons.lang3.StringUtils; -import org.maxkey.authn.jwt.AuthJwtService; +import org.maxkey.authn.jwt.AuthTokenService; import org.maxkey.configuration.EmailConfig; import org.maxkey.entity.ChangePassword; import org.maxkey.entity.Message; @@ -68,7 +68,7 @@ public class ForgotPasswordContorller { } @Autowired - AuthJwtService authJwtService; + AuthTokenService authTokenService; @Autowired UserInfoService userInfoService; @@ -88,7 +88,7 @@ public class ForgotPasswordContorller { @RequestParam String captcha) { _logger.debug("forgotpassword /forgotpassword/produceOtp."); _logger.debug(" Mobile {}: " ,mobile); - if (!authJwtService.validateCaptcha(state,captcha)) { + if (!authTokenService.validateCaptcha(state,captcha)) { _logger.debug("login captcha valid error."); return new Message(Message.FAIL).buildResponse(); } @@ -116,7 +116,7 @@ public class ForgotPasswordContorller { @RequestParam String state, @RequestParam String captcha) { _logger.debug("/forgotpassword/produceEmailOtp Email {} : " , email); - if (!authJwtService.validateCaptcha(state,captcha)) { + if (!authTokenService.validateCaptcha(state,captcha)) { _logger.debug("captcha valid error."); return new Message(Message.FAIL).buildResponse(); } diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/IndexEndpoint.java b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/IndexEndpoint.java index 2253c5f79723ee7c295dfb4103ae6f73c0e3f2d4..92d01ec3ce0f58f06cadb65babb3b6be3d7c5819 100644 --- a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/IndexEndpoint.java +++ b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/IndexEndpoint.java @@ -49,8 +49,8 @@ public class IndexEndpoint { NoticesService noticesService; @Autowired - @Qualifier("applicationConfig") ApplicationConfig applicationConfig; + @RequestMapping(value={"/forwardindex"}) public ModelAndView forwardindex(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/LoginEntryPoint.java b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/LoginEntryPoint.java index 803859831f472fe200374f3cbb481b2abea6297e..7be927b4ca1d5ae32ca493cf59fb405aa9a4fdf0 100644 --- a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/LoginEntryPoint.java +++ b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/LoginEntryPoint.java @@ -28,9 +28,9 @@ import org.apache.commons.lang3.StringUtils; import org.maxkey.authn.AbstractAuthenticationProvider; import org.maxkey.authn.LoginCredential; import org.maxkey.authn.jwt.AuthJwt; -import org.maxkey.authn.jwt.AuthJwtService; +import org.maxkey.authn.jwt.AuthTokenService; import org.maxkey.authn.support.kerberos.KerberosService; -import org.maxkey.authn.support.rememberme.AbstractRemeberMeService; +import org.maxkey.authn.support.rememberme.AbstractRemeberMeManager; import org.maxkey.authn.support.rememberme.RemeberMe; import org.maxkey.authn.support.socialsignon.service.SocialSignOnProviderService; import org.maxkey.configuration.ApplicationConfig; @@ -45,7 +45,6 @@ import org.maxkey.web.WebContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; import org.springframework.security.core.Authentication; @@ -71,17 +70,15 @@ public class LoginEntryPoint { Pattern mobileRegex = Pattern.compile("^(13[4,5,6,7,8,9]|15[0,8,9,1,7]|188|187)\\\\d{8}$"); @Autowired - AuthJwtService authJwtService; + AuthTokenService authTokenService; @Autowired ApplicationConfig applicationConfig; @Autowired - @Qualifier("authenticationProvider") AbstractAuthenticationProvider authenticationProvider ; @Autowired - @Qualifier("socialSignOnProviderService") SocialSignOnProviderService socialSignOnProviderService; @Autowired @@ -91,15 +88,13 @@ public class LoginEntryPoint { UserInfoService userInfoService; @Autowired - @Qualifier("tfaOtpAuthn") - protected AbstractOtpAuthn tfaOtpAuthn; + AbstractOtpAuthn tfaOtpAuthn; @Autowired - @Qualifier("otpAuthnService") - protected OtpAuthnService otpAuthnService; + OtpAuthnService otpAuthnService; @Autowired - AbstractRemeberMeService remeberMeService; + AbstractRemeberMeManager remeberMeManager; /** * init login @@ -112,16 +107,16 @@ public class LoginEntryPoint { _logger.debug("/get."); //Remember Me if(StringUtils.isNotBlank(rememberMeJwt) - && authJwtService.validateJwtToken(rememberMeJwt)) { + && authTokenService.validateJwtToken(rememberMeJwt)) { try { - RemeberMe remeberMe = remeberMeService.resolve(rememberMeJwt); + RemeberMe remeberMe = remeberMeManager.resolve(rememberMeJwt); if(remeberMe != null) { LoginCredential credential = new LoginCredential(); - String remeberMeJwt = remeberMeService.updateRemeberMe(remeberMe); + String remeberMeJwt = remeberMeManager.updateRemeberMe(remeberMe); credential.setUsername(remeberMe.getUsername()); Authentication authentication = authenticationProvider.authenticate(credential,true); if(authentication != null) { - AuthJwt authJwt = authJwtService.genAuthJwt(authentication); + AuthJwt authJwt = authTokenService.genAuthJwt(authentication); authJwt.setRemeberMe(remeberMeJwt); return new Message(authJwt).buildResponse(); } @@ -150,7 +145,7 @@ public class LoginEntryPoint { model.put("captcha", inst.getCaptchaSupport()); model.put("captchaType", inst.getCaptchaType()); } - model.put("state", authJwtService.genJwt()); + model.put("state", authTokenService.genRandomJwt()); //load Social Sign On Providers model.put("socials", socialSignOnProviderService.loadSocials(inst.getId())); @@ -178,16 +173,16 @@ public class LoginEntryPoint { public ResponseEntity signin( HttpServletRequest request, HttpServletResponse response, @RequestBody LoginCredential credential) { Message authJwtMessage = new Message(Message.FAIL); - if(authJwtService.validateJwtToken(credential.getState())){ + if(authTokenService.validateJwtToken(credential.getState())){ String authType = credential.getAuthType(); _logger.debug("Login AuthN Type " + authType); if (StringUtils.isNotBlank(authType)){ Authentication authentication = authenticationProvider.authenticate(credential); if(authentication != null) { - AuthJwt authJwt = authJwtService.genAuthJwt(authentication); + AuthJwt authJwt = authTokenService.genAuthJwt(authentication); if(StringUtils.isNotBlank(credential.getRemeberMe()) &&credential.getRemeberMe().equalsIgnoreCase("true")) { - String remeberMe = remeberMeService.createRemeberMe(authentication, request, response); + String remeberMe = remeberMeManager.createRemeberMe(authentication, request, response); authJwt.setRemeberMe(remeberMe); } if(WebContext.getAttribute(WebConstants.CURRENT_USER_PASSWORD_SET_TYPE)!=null) @@ -211,7 +206,7 @@ public class LoginEntryPoint { @RequestMapping(value={"/congress"}, produces = {MediaType.APPLICATION_JSON_VALUE}) public ResponseEntity congress( @RequestBody LoginCredential credential) { if(StringUtils.isNotBlank(credential.getCongress())){ - AuthJwt authJwt = authJwtService.consumeCongress(credential.getCongress()); + AuthJwt authJwt = authTokenService.consumeCongress(credential.getCongress()); if(authJwt != null) { return new Message(authJwt).buildResponse(); } diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/OneTimePasswordController.java b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/OneTimePasswordController.java index a6b1576eea3e86e8fcba3028671c4308ad39c57d..cc805b503cfedbe4379e5f2099d271b8573cd9e1 100644 --- a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/OneTimePasswordController.java +++ b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/OneTimePasswordController.java @@ -35,7 +35,6 @@ import org.maxkey.web.image.ImageEndpoint; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.http.ResponseEntity; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; @@ -54,11 +53,9 @@ public class OneTimePasswordController { static final Logger _logger = LoggerFactory.getLogger(OneTimePasswordController.class); @Autowired - @Qualifier("userInfoService") private UserInfoService userInfoService; @Autowired - @Qualifier("otpKeyUriFormat") OtpKeyUriFormat otpKeyUriFormat; @RequestMapping(value = {"/timebased"}) diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/RegisterController.java b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/RegisterController.java index 82b845cacb36118a8a74709e8093c1848f477d22..b221e83846bc07f912d0aea5956941ee670551d4 100644 --- a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/RegisterController.java +++ b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/RegisterController.java @@ -22,7 +22,7 @@ import java.util.regex.Pattern; import javax.servlet.ServletException; -import org.maxkey.authn.jwt.AuthJwtService; +import org.maxkey.authn.jwt.AuthTokenService; import org.maxkey.configuration.ApplicationConfig; import org.maxkey.constants.ConstsStatus; import org.maxkey.crypto.password.PasswordReciprocal; @@ -55,7 +55,7 @@ public class RegisterController { Pattern mobileRegex = Pattern.compile("^[1][3,4,5,7,8][0-9]{9}$"); @Autowired - AuthJwtService authJwtService; + AuthTokenService authTokenService; @Autowired protected ApplicationConfig applicationConfig; diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/SocialSignOnListController.java b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/SocialSignOnListController.java index 9fa43b228c1343e9d92f03561cc0024c60d43c00..075320b05a7b3757daa311a14df30bd2630fe855 100644 --- a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/SocialSignOnListController.java +++ b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/SocialSignOnListController.java @@ -44,7 +44,6 @@ public class SocialSignOnListController { @Autowired protected SocialsAssociatesService socialsAssociatesService; - @RequestMapping(value={"/fetch"}) @ResponseBody public ResponseEntity fetch(@CurrentUser UserInfo currentUser){ diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/SingleSignOnInterceptor.java b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/SingleSignOnInterceptor.java index 60eb6edfe3af58929ca257a26b3bec4df8c03d55..b88986a199a7601ab2ce2d970b249e2e5192d935 100644 --- a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/SingleSignOnInterceptor.java +++ b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/SingleSignOnInterceptor.java @@ -19,7 +19,7 @@ package org.maxkey.web.interceptor; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.maxkey.authn.jwt.AuthJwtService; +import org.maxkey.authn.jwt.AuthTokenService; import org.maxkey.authn.session.SessionManager; import org.maxkey.authn.web.AuthorizationUtils; import org.maxkey.configuration.ApplicationConfig; @@ -42,7 +42,7 @@ public class SingleSignOnInterceptor implements AsyncHandlerInterceptor { SessionManager sessionManager; @Autowired - AuthJwtService authJwtService ; + AuthTokenService authTokenService ; @Override public boolean preHandle(HttpServletRequest request, @@ -51,7 +51,7 @@ public class SingleSignOnInterceptor implements AsyncHandlerInterceptor { _logger.trace("Single Sign On Interceptor"); AuthorizationUtils.authenticateWithCookie( - request,authJwtService,sessionManager); + request,authTokenService,sessionManager); if(AuthorizationUtils.isNotAuthenticated()){ String loginUrl = applicationConfig.getFrontendUri() + "/#/passport/login?redirect_uri=%s"; diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/resources/application-http.properties b/maxkey-webs/maxkey-web-maxkey/src/main/resources/application-http.properties index 4372a6a7373117fa81faa575b4452597e52b6455..c89446df8abb7b4c4acca0218b1ac7303bc35117 100644 --- a/maxkey-webs/maxkey-web-maxkey/src/main/resources/application-http.properties +++ b/maxkey-webs/maxkey-web-maxkey/src/main/resources/application-http.properties @@ -55,7 +55,7 @@ maxkey.app.issuer =CN=ConSec,CN=COM,CN=SH maxkey.session.timeout =${SERVER_SESSION_TIMEOUT:1800} maxkey.auth.jwt.issuer =${maxkey.server.uri} -maxkey.auth.jwt.expire =600 +maxkey.auth.jwt.expires =60 maxkey.auth.jwt.secret =7heM-14BtxjyKPuH3ITIm7q2-ps5MuBirWCsrrdbzzSAOuSPrbQYiaJ54AeA0uH2XdkYy3hHAkTFIsieGkyqxOJZ_dQzrCbaYISH9rhUZAKYx8tUY0wkE4ArOC6LqHDJarR6UIcMsARakK9U4dhoOPO1cj74XytemI-w6ACYfzRUn_Rn4e-CQMcnD1C56oNEukwalf06xVgXl41h6K8IBEzLVod58y_VfvFn-NGWpNG0fy_Qxng6dg8Dgva2DobvzMN2eejHGLGB-x809MvC4zbG7CKNVlcrzMYDt2Gt2sOVDrt2l9YqJNfgaLFjrOEVw5cuXemGkX1MvHj6TAsbLg maxkey.auth.jwt.refresh.secret =7heM-14BtxjyKPuH3ITIm7q2-ps5MuBirWCsrrdbzzSAOuSPrbQYiaJ54AeA0uH2XdkYy3hHAkTFIsieGkyqxOJZ_dQzrCbaYISH9rhUZAKYx8tUY0wkE4ArOC6LqHDJarR6UIcMsARakK9U4dhoOPO1cj74XytemI-w6ACYfzRUn_Rn4e-CQMcnD1C56oNEukwalf06xVgXl41h6K8IBEzLVod58y_VfvFn-NGWpNG0fy_Qxng6dg8Dgva2DobvzMN2eejHGLGB-x809MvC4zbG7CKNVlcrzMYDt2Gt2sOVDrt2l9YqJNfgaLFjrOEVw5cuXemGkX1MvHj6TAsbLg ############################################################################ diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/resources/application-https.properties b/maxkey-webs/maxkey-web-maxkey/src/main/resources/application-https.properties index a57b9fcc591e356e381f40080599ca769fe78c51..841a35a0775de62688e7186d09a00a509a3cf05e 100644 --- a/maxkey-webs/maxkey-web-maxkey/src/main/resources/application-https.properties +++ b/maxkey-webs/maxkey-web-maxkey/src/main/resources/application-https.properties @@ -51,7 +51,7 @@ maxkey.app.issuer =CN=ConSec,CN=COM,CN=SH maxkey.session.timeout =${SERVER_SESSION_TIMEOUT:1800} maxkey.auth.jwt.issuer =${maxkey.server.uri} -maxkey.auth.jwt.expire =600 +maxkey.auth.jwt.expires =600 maxkey.auth.jwt.secret =7heM-14BtxjyKPuH3ITIm7q2-ps5MuBirWCsrrdbzzSAOuSPrbQYiaJ54AeA0uH2XdkYy3hHAkTFIsieGkyqxOJZ_dQzrCbaYISH9rhUZAKYx8tUY0wkE4ArOC6LqHDJarR6UIcMsARakK9U4dhoOPO1cj74XytemI-w6ACYfzRUn_Rn4e-CQMcnD1C56oNEukwalf06xVgXl41h6K8IBEzLVod58y_VfvFn-NGWpNG0fy_Qxng6dg8Dgva2DobvzMN2eejHGLGB-x809MvC4zbG7CKNVlcrzMYDt2Gt2sOVDrt2l9YqJNfgaLFjrOEVw5cuXemGkX1MvHj6TAsbLg maxkey.auth.jwt.refresh.secret =7heM-14BtxjyKPuH3ITIm7q2-ps5MuBirWCsrrdbzzSAOuSPrbQYiaJ54AeA0uH2XdkYy3hHAkTFIsieGkyqxOJZ_dQzrCbaYISH9rhUZAKYx8tUY0wkE4ArOC6LqHDJarR6UIcMsARakK9U4dhoOPO1cj74XytemI-w6ACYfzRUn_Rn4e-CQMcnD1C56oNEukwalf06xVgXl41h6K8IBEzLVod58y_VfvFn-NGWpNG0fy_Qxng6dg8Dgva2DobvzMN2eejHGLGB-x809MvC4zbG7CKNVlcrzMYDt2Gt2sOVDrt2l9YqJNfgaLFjrOEVw5cuXemGkX1MvHj6TAsbLg ############################################################################ diff --git a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/MaxKeyMgtConfig.java b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/MaxKeyMgtConfig.java index 59111600e792548e0a7923519fb268d9ca7acc33..8e49144f1916b620aa1903807764fa3c63fd5875 100644 --- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/MaxKeyMgtConfig.java +++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/MaxKeyMgtConfig.java @@ -37,7 +37,7 @@ public class MaxKeyMgtConfig implements InitializingBean { private static final Logger _logger = LoggerFactory.getLogger(MaxKeyMgtConfig.class); //authenticationRealm for MaxKeyMgtApplication - @Bean(name = "authenticationRealm") + @Bean public JdbcAuthenticationRealm authenticationRealm( PasswordEncoder passwordEncoder, PasswordPolicyValidator passwordPolicyValidator, @@ -58,7 +58,7 @@ public class MaxKeyMgtConfig implements InitializingBean { return authenticationRealm; } - @Bean(name = "timeBasedOtpAuthn") + @Bean public AbstractOtpAuthn timeBasedOtpAuthn() { AbstractOtpAuthn tfaOtpAuthn = new TimeBasedOtpAuthn(); _logger.debug("TimeBasedOtpAuthn inited."); diff --git a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/Oauth20ClientAutoConfiguration.java b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/Oauth20ClientAutoConfiguration.java index d14efbea0299bbb76457a6b71b81d9232cb078e2..1a78e8d1e7834f58ab4ce8b28af44838403203b7 100644 --- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/Oauth20ClientAutoConfiguration.java +++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/Oauth20ClientAutoConfiguration.java @@ -46,8 +46,8 @@ import org.springframework.security.crypto.password.PasswordEncoder; public class Oauth20ClientAutoConfiguration implements InitializingBean { private static final Logger _logger = LoggerFactory.getLogger(Oauth20ClientAutoConfiguration.class); - @Bean(name = "oauth20JdbcClientDetailsService") - public JdbcClientDetailsService jdbcClientDetailsService( + @Bean + public JdbcClientDetailsService oauth20JdbcClientDetailsService( DataSource dataSource,PasswordEncoder passwordReciprocal) { JdbcClientDetailsService clientDetailsService = new JdbcClientDetailsService(dataSource); clientDetailsService.setPasswordEncoder(passwordReciprocal); @@ -60,7 +60,7 @@ public class Oauth20ClientAutoConfiguration implements InitializingBean { * @param persistence int * @return oauth20TokenStore */ - @Bean(name = "oauth20TokenStore") + @Bean public TokenStore oauth20TokenStore( @Value("${maxkey.server.persistence}") int persistence, JdbcTemplate jdbcTemplate, @@ -81,8 +81,8 @@ public class Oauth20ClientAutoConfiguration implements InitializingBean { * clientDetailsUserDetailsService. * @return oauth20TokenServices */ - @Bean(name = "oauth20TokenServices") - public DefaultTokenServices defaultTokenServices( + @Bean + public DefaultTokenServices oauth20TokenServices( JdbcClientDetailsService oauth20JdbcClientDetailsService, TokenStore oauth20TokenStore) { DefaultTokenServices tokenServices = new DefaultTokenServices(); @@ -96,7 +96,7 @@ public class Oauth20ClientAutoConfiguration implements InitializingBean { * ProviderManager. * @return oauth20ClientAuthenticationManager */ - @Bean(name = "oauth20ClientAuthenticationManager") + @Bean public ProviderManager oauth20ClientAuthenticationManager( JdbcClientDetailsService oauth20JdbcClientDetailsService, PasswordEncoder passwordReciprocal diff --git a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/api/endpoint/RestTimeBasedOtpController.java b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/api/endpoint/RestTimeBasedOtpController.java index 1d7d6487234928c1d89629527bd52328fb65b042..a7d2f71fb70503def30a0a0c730e2f504b1b66e0 100644 --- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/api/endpoint/RestTimeBasedOtpController.java +++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/api/endpoint/RestTimeBasedOtpController.java @@ -21,7 +21,6 @@ import org.maxkey.entity.UserInfo; import org.maxkey.password.onetimepwd.AbstractOtpAuthn; import org.maxkey.persistence.service.UserInfoService; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMethod; @@ -36,11 +35,9 @@ import io.swagger.v3.oas.annotations.tags.Tag; public class RestTimeBasedOtpController { @Autowired - @Qualifier("timeBasedOtpAuthn") protected AbstractOtpAuthn timeBasedOtpAuthn; @Autowired - @Qualifier("userInfoService") private UserInfoService userInfoService; @Operation(summary = "基于时间令牌验证 API文档模块", description = "传递参数username和token",method="GET") diff --git a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/apps/contorller/SAML20DetailsController.java b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/apps/contorller/SAML20DetailsController.java index 3c91c21854b93144ad182c03fc3917c92687ccb8..5c916545083232df4c47dc2fc3343953b778e586 100644 --- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/apps/contorller/SAML20DetailsController.java +++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/apps/contorller/SAML20DetailsController.java @@ -63,8 +63,7 @@ public class SAML20DetailsController extends BaseAppContorller { final static Logger _logger = LoggerFactory.getLogger(SAML20DetailsController.class); @Autowired - @Qualifier("keyStoreLoader") - private KeyStoreLoader idpKeyStoreLoader; + private KeyStoreLoader keyStoreLoader; @Autowired AppsSaml20DetailsService saml20DetailsService; @@ -184,7 +183,7 @@ public class SAML20DetailsController extends BaseAppContorller { samlDetails.setCertIssuer(X509CertUtils.getCommonName(samlDetails.getTrustCert().getIssuerX500Principal())); - KeyStore keyStore = KeyStoreUtil.clone(idpKeyStoreLoader.getKeyStore(),idpKeyStoreLoader.getKeystorePassword()); + KeyStore keyStore = KeyStoreUtil.clone(keyStoreLoader.getKeyStore(),keyStoreLoader.getKeystorePassword()); KeyStore trustKeyStore = null; if (!samlDetails.getEntityId().equals("")) { @@ -193,7 +192,7 @@ public class SAML20DetailsController extends BaseAppContorller { trustKeyStore = KeyStoreUtil.importTrustCertificate(keyStore,samlDetails.getTrustCert()); } - byte[] keyStoreByte = KeyStoreUtil.keyStore2Bytes(trustKeyStore,idpKeyStoreLoader.getKeystorePassword()); + byte[] keyStoreByte = KeyStoreUtil.keyStore2Bytes(trustKeyStore,keyStoreLoader.getKeystorePassword()); // store KeyStore content samlDetails.setKeyStore(keyStoreByte); diff --git a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/DashboardController.java b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/DashboardController.java index c590d90050718e660f221df64b4e22026cbbe7a9..976e641c26e894cf4dd55579b0209a6379f9b55b 100644 --- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/DashboardController.java +++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/DashboardController.java @@ -26,7 +26,6 @@ import org.maxkey.persistence.service.ReportService; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; import org.springframework.stereotype.Controller; @@ -41,7 +40,6 @@ public class DashboardController { private static Logger _logger = LoggerFactory.getLogger(DashboardController.class); @Autowired - @Qualifier("reportService") ReportService reportService; @RequestMapping(value={"/dashboard"}, produces = {MediaType.APPLICATION_JSON_VALUE}) diff --git a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/LoginEntryPoint.java b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/LoginEntryPoint.java index bcba1c54fd9bbcc06f3090df091047d179890aa2..7cb6054abca5b12ba9f407bc1b7fd8a85c1c478f 100644 --- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/LoginEntryPoint.java +++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/LoginEntryPoint.java @@ -22,7 +22,7 @@ import java.util.HashMap; import org.maxkey.authn.AbstractAuthenticationProvider; import org.maxkey.authn.LoginCredential; import org.maxkey.authn.jwt.AuthJwt; -import org.maxkey.authn.jwt.AuthJwtService; +import org.maxkey.authn.jwt.AuthTokenService; import org.maxkey.configuration.ApplicationConfig; import org.maxkey.entity.Institutions; import org.maxkey.entity.Message; @@ -50,13 +50,12 @@ public class LoginEntryPoint { private static Logger _logger = LoggerFactory.getLogger(LoginEntryPoint.class); @Autowired - AuthJwtService authJwtService; + AuthTokenService authTokenService; @Autowired protected ApplicationConfig applicationConfig; @Autowired - @Qualifier("authenticationProvider") AbstractAuthenticationProvider authenticationProvider ; /** @@ -77,15 +76,15 @@ public class LoginEntryPoint { model.put("captcha", inst.getCaptchaSupport()); model.put("captchaType", inst.getCaptchaType()); } - model.put("state", authJwtService.genJwt()); + model.put("state", authTokenService.genRandomJwt()); return new Message>(model).buildResponse(); } @RequestMapping(value={"/signin"}, produces = {MediaType.APPLICATION_JSON_VALUE}) public ResponseEntity signin( @RequestBody LoginCredential loginCredential) { - if(authJwtService.validateJwtToken(loginCredential.getState())){ + if(authTokenService.validateJwtToken(loginCredential.getState())){ Authentication authentication = authenticationProvider.authenticate(loginCredential); - AuthJwt authJwt = authJwtService.genAuthJwt(authentication); + AuthJwt authJwt = authTokenService.genAuthJwt(authentication); return new Message(authJwt).buildResponse(); } return new Message(Message.FAIL).buildResponse(); diff --git a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/UserAdjointController.java b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/UserAdjointController.java index 870816650d7a98d79e84480dc906a38a8f7cd3bd..35795895734e44ebc4edbb3f016b31ec1d1f9e2f 100644 --- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/UserAdjointController.java +++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/UserAdjointController.java @@ -29,7 +29,6 @@ import org.maxkey.web.message.MessageType; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.ModelAttribute; import org.springframework.web.bind.annotation.PathVariable; @@ -44,7 +43,6 @@ public class UserAdjointController { final static Logger _logger = LoggerFactory.getLogger(UserAdjointController.class); @Autowired - @Qualifier("userInfoAdjointService") UserInfoAdjointService userInfoAdjointService; diff --git a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/historys/contorller/ConnectorHistoryController.java b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/historys/contorller/ConnectorHistoryController.java index b84915ca95013e267506d6048564d53579bc800a..5e4ae2dca72d131f77acbc000afcd78dd9e815b2 100644 --- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/historys/contorller/ConnectorHistoryController.java +++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/historys/contorller/ConnectorHistoryController.java @@ -52,7 +52,6 @@ public class ConnectorHistoryController { final static Logger _logger = LoggerFactory.getLogger(ConnectorHistoryController.class); @Autowired - @Qualifier("historyConnectorService") HistoryConnectorService historyConnectorService; /** diff --git a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/historys/contorller/SynchronizerHistoryController.java b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/historys/contorller/SynchronizerHistoryController.java index e60f5e338e59dc81d5beb019fd25d76567387043..833ae5f0b246f50361c419ce401cf9a48ec8e4dc 100644 --- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/historys/contorller/SynchronizerHistoryController.java +++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/historys/contorller/SynchronizerHistoryController.java @@ -29,7 +29,6 @@ import org.maxkey.util.DateUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.beans.propertyeditors.CustomDateEditor; import org.springframework.http.ResponseEntity; import org.springframework.stereotype.Controller; @@ -52,7 +51,6 @@ public class SynchronizerHistoryController { final static Logger _logger = LoggerFactory.getLogger(SynchronizerHistoryController.class); @Autowired - @Qualifier("historySynchronizerService") HistorySynchronizerService historySynchronizerService; /** diff --git a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/interceptor/Oauth20ApiPermissionAdapter.java b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/interceptor/Oauth20ApiPermissionAdapter.java index acab22423dd0d6040414be98baf7f5b7795038c3..7fb4565015b80dddee86f2d09e6e2f792509d857 100644 --- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/interceptor/Oauth20ApiPermissionAdapter.java +++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/interceptor/Oauth20ApiPermissionAdapter.java @@ -30,7 +30,6 @@ import org.maxkey.util.AuthorizationHeaderUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Component; import org.springframework.web.servlet.AsyncHandlerInterceptor; @@ -44,12 +43,10 @@ public class Oauth20ApiPermissionAdapter implements AsyncHandlerInterceptor { private static final Logger _logger = LoggerFactory.getLogger(Oauth20ApiPermissionAdapter.class); @Autowired - @Qualifier("passwordReciprocal") protected PasswordReciprocal passwordReciprocal; @Autowired - @Qualifier("oauth20TokenServices") - private DefaultTokenServices oauth20tokenServices; + private DefaultTokenServices oauth20TokenServices; static ConcurrentHashMapnavigationsMap=null; @@ -64,7 +61,7 @@ public class Oauth20ApiPermissionAdapter implements AsyncHandlerInterceptor { String authorization = request.getHeader(AuthorizationHeaderUtils.HEADER_Authorization); String accessToken = AuthorizationHeaderUtils.resolveBearer(authorization); - OAuth2Authentication authentication = oauth20tokenServices.loadAuthentication(accessToken); + OAuth2Authentication authentication = oauth20TokenServices.loadAuthentication(accessToken); //判断应用的accessToken信息 if(authentication != null ){ diff --git a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/interceptor/RestApiPermissionAdapter.java b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/interceptor/RestApiPermissionAdapter.java index 760c7936badf26d919d5f05455a326f9a3ece7bc..408bc4b4f1d982d8f0ed568811a98540c8a86edc 100644 --- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/interceptor/RestApiPermissionAdapter.java +++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/interceptor/RestApiPermissionAdapter.java @@ -31,7 +31,6 @@ import org.maxkey.util.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.security.authentication.ProviderManager; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.userdetails.User; @@ -48,12 +47,10 @@ public class RestApiPermissionAdapter implements AsyncHandlerInterceptor { private static final Logger _logger = LoggerFactory.getLogger(RestApiPermissionAdapter.class); @Autowired - @Qualifier("oauth20TokenServices") DefaultTokenServices oauth20TokenServices; @Autowired - @Qualifier("oauth20ClientAuthenticationManager") - ProviderManager authenticationManager; + ProviderManager oauth20ClientAuthenticationManager; static ConcurrentHashMapnavigationsMap=null; @@ -79,7 +76,7 @@ public class RestApiPermissionAdapter implements AsyncHandlerInterceptor { new UsernamePasswordAuthenticationToken( headerCredential.getUsername(), headerCredential.getCredential()); - authenticationToken= (UsernamePasswordAuthenticationToken)authenticationManager.authenticate(authRequest); + authenticationToken= (UsernamePasswordAuthenticationToken)oauth20ClientAuthenticationManager.authenticate(authRequest); } }else { _logger.trace("Authentication bearer " + headerCredential.getCredential()); diff --git a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/permissions/contorller/RolePrivilegesController.java b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/permissions/contorller/RolePrivilegesController.java index 0e05e3f1d750accd918e5a3386989807d2a2f225..0dea1b2092a966ab23dc752b664d912914d38c80 100644 --- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/permissions/contorller/RolePrivilegesController.java +++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/permissions/contorller/RolePrivilegesController.java @@ -30,7 +30,6 @@ import org.maxkey.util.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.http.MediaType; import org.springframework.http.ResponseEntity; import org.springframework.stereotype.Controller; @@ -46,7 +45,6 @@ public class RolePrivilegesController { final static Logger _logger = LoggerFactory.getLogger(RolePrivilegesController.class); @Autowired - @Qualifier("rolesService") RolesService rolesService; @ResponseBody diff --git a/maxkey-webs/maxkey-web-mgt/src/main/resources/application-http.properties b/maxkey-webs/maxkey-web-mgt/src/main/resources/application-http.properties index 861c6bb78e333fd1563f50fa66777c38fa82b2c3..3e3b2cdf18b28121b0a4ad81d47ef108a5a2b141 100644 --- a/maxkey-webs/maxkey-web-mgt/src/main/resources/application-http.properties +++ b/maxkey-webs/maxkey-web-mgt/src/main/resources/application-http.properties @@ -40,9 +40,11 @@ maxkey.server.persistence =0 #identity none, Kafka ,RocketMQ maxkey.server.message.queue =${SERVER_MESSAGE_QUEUE:none} -maxkey.auth.jwt.expire =86400 +maxkey.session.timeout =${SERVER_SESSION_TIMEOUT:1800} +maxkey.auth.jwt.expires =86400 maxkey.auth.jwt.issuer =${maxkey.server.uri} maxkey.auth.jwt.secret =7heM-14BtxjyKPuH3ITIm7q2-ps5MuBirWCsrrdbzzSAOuSPrbQYiaJ54AeA0uH2XdkYy3hHAkTFIsieGkyqxOJZ_dQzrCbaYISH9rhUZAKYx8tUY0wkE4ArOC6LqHDJarR6UIcMsARakK9U4dhoOPO1cj74XytemI-w6ACYfzRUn_Rn4e-CQMcnD1C56oNEukwalf06xVgXl41h6K8IBEzLVod58y_VfvFn-NGWpNG0fy_Qxng6dg8Dgva2DobvzMN2eejHGLGB-x809MvC4zbG7CKNVlcrzMYDt2Gt2sOVDrt2l9YqJNfgaLFjrOEVw5cuXemGkX1MvHj6TAsbLg +maxkey.auth.jwt.refresh.secret =7heM-14BtxjyKPuH3ITIm7q2-ps5MuBirWCsrrdbzzSAOuSPrbQYiaJ54AeA0uH2XdkYy3hHAkTFIsieGkyqxOJZ_dQzrCbaYISH9rhUZAKYx8tUY0wkE4ArOC6LqHDJarR6UIcMsARakK9U4dhoOPO1cj74XytemI-w6ACYfzRUn_Rn4e-CQMcnD1C56oNEukwalf06xVgXl41h6K8IBEzLVod58y_VfvFn-NGWpNG0fy_Qxng6dg8Dgva2DobvzMN2eejHGLGB-x809MvC4zbG7CKNVlcrzMYDt2Gt2sOVDrt2l9YqJNfgaLFjrOEVw5cuXemGkX1MvHj6TAsbLg ############################################################################ #Login configuration # ############################################################################