admin/MaxKey
1
0
Fork 0
mirror of https://gitee.com/dromara/MaxKey.git synced 2025-12-06 17:08:29 +08:00
Code Issues Packages Projects Releases Wiki Activity

Authentication 优化

Browse Source
This commit is contained in:
Crystal.Sea 2020-11-08 13:05:30 +08:00
parent c1e4b36cbe
commit 06b27d3564
41 changed files with 425 additions and 163 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

30
maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java
View File

@ -18,7 +18,6 @@
package org.maxkey.authn;
import java.util.ArrayList;
import org.maxkey.authn.online.OnlineTicketServices;
import org.maxkey.authn.realm.AbstractAuthenticationRealm;
import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
@ -39,7 +38,6 @@ import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
/**
* login Authentication abstract class.
*
@ -78,9 +76,9 @@ public abstract class AbstractAuthenticationProvider {
protected abstract String getProviderName();
protected abstract Authentication doInternalAuthenticate(Authentication authentication);
protected abstract Authentication doInternalAuthenticate(LoginCredential authentication);
public abstract Authentication basicAuthenticate(Authentication authentication) ;
public abstract Authentication basicAuthenticate(LoginCredential authentication) ;
public abstract Authentication trustAuthentication(
String username,
@ -98,17 +96,18 @@ public abstract class AbstractAuthenticationProvider {
* authenticate .
*
*/
public Authentication authenticate(Authentication authentication)
public Authentication authenticate(LoginCredential loginCredential)
throws AuthenticationException {
_logger.debug("Trying to authenticate user '{}' via {}",
authentication.getPrincipal(), getProviderName());
loginCredential.getPrincipal(), getProviderName());
Authentication authentication = null;
try {
authentication = doInternalAuthenticate(authentication);
authentication = doInternalAuthenticate(loginCredential);
} catch (AuthenticationException e) {
_logger.error("Failed to authenticate user {} via {}: {}",
new Object[] {
authentication.getPrincipal(), getProviderName(), e.getMessage() });
new Object[] { loginCredential.getPrincipal(),
getProviderName(),
e.getMessage() });
WebContext.setAttribute(
WebConstants.LOGIN_ERROR_SESSION_MESSAGE, e.getMessage());
} catch (Exception e) {
@ -131,7 +130,7 @@ public abstract class AbstractAuthenticationProvider {
final Object firstSavedRequest =
WebContext.getAttribute(WebConstants.FIRST_SAVED_REQUEST_PARAMETER);
//change Session
WebContext.getSession().invalidate();
WebContext.setAttribute(
WebConstants.CURRENT_USER_SESSION_ID, WebContext.getSession().getId());
@ -147,14 +146,7 @@ public abstract class AbstractAuthenticationProvider {
WebContext.getSession().setAttribute(
WebConstants.CURRENT_LOGIN_USER_PASSWORD_SET_TYPE, passwordSetType);
// create new authentication response containing the user and it's authorities
UsernamePasswordAuthenticationToken simpleUserAuthentication =
new UsernamePasswordAuthenticationToken(
userInfo.getUsername(),
authentication.getCredentials(),
authentication.getAuthorities()
);
return simpleUserAuthentication;
return authentication;
}
/**

40
maxkey-core/src/main/java/org/maxkey/authn/BasicAuthentication.java → maxkey-core/src/main/java/org/maxkey/authn/LoginCredential.java
View File

@ -1,32 +1,17 @@
/*
* Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.maxkey.authn;
import java.util.ArrayList;
import java.util.Collection;
import org.maxkey.authn.online.OnlineTicket;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
public class BasicAuthentication implements Authentication {
private static final long serialVersionUID = -110742975439268030L;
public class LoginCredential implements Authentication {
/**
*
*/
private static final long serialVersionUID = 3125709257481600320L;
String username;
String password;
String sessionId;
@ -35,7 +20,7 @@ public class BasicAuthentication implements Authentication {
String remeberMe;
String authType;
String jwtToken;
OnlineTicket onlineTicket;
String onlineTicket;
ArrayList<GrantedAuthority> grantedAuthority;
boolean authenticated;
boolean roleAdministrators;
@ -43,20 +28,21 @@ public class BasicAuthentication implements Authentication {
/**
* BasicAuthentication.
*/
public BasicAuthentication() {
public LoginCredential() {
}
/**
* BasicAuthentication.
*/
public BasicAuthentication(String username,String password,String authType) {
public LoginCredential(String username,String password,String authType) {
this.username = username;
this.password = password;
this.authType = authType;
}
@Override
public String getName() {
return "Basic Authentication";
return "Login Credential";
}
@Override
@ -163,11 +149,11 @@ public class BasicAuthentication implements Authentication {
this.grantedAuthority = grantedAuthority;
}
public OnlineTicket getOnlineTicket() {
public String getOnlineTicket() {
return onlineTicket;
}
public void setOnlineTicket(OnlineTicket onlineTicket) {
public void setOnlineTicket(String onlineTicket) {
this.onlineTicket = onlineTicket;
}

64
maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java
View File

@ -49,41 +49,40 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
}
@Override
protected Authentication doInternalAuthenticate(Authentication authentication) {
BasicAuthentication auth = (BasicAuthentication)authentication;
protected Authentication doInternalAuthenticate(LoginCredential loginCredential) {
_logger.debug("authentication " + auth);
_logger.debug("authentication " + loginCredential);
sessionValid(auth.getSessionId());
sessionValid(loginCredential.getSessionId());
//jwtTokenValid(j_jwtToken);
authTypeValid(auth.getAuthType());
authTypeValid(loginCredential.getAuthType());
captchaValid(auth.getCaptcha(),auth.getAuthType());
captchaValid(loginCredential.getCaptcha(),loginCredential.getAuthType());
emptyPasswordValid(auth.getPassword());
emptyPasswordValid(loginCredential.getPassword());
UserInfo userInfo = null;
emptyUsernameValid(auth.getUsername());
emptyUsernameValid(loginCredential.getUsername());
userInfo = loadUserInfo(auth.getUsername(),auth.getPassword());
userInfo = loadUserInfo(loginCredential.getUsername(),loginCredential.getPassword());
userinfoValid(userInfo, auth.getPassword());
userinfoValid(userInfo, loginCredential.getPassword());
tftcaptchaValid(auth.getOtpCaptcha(),auth.getAuthType(),userInfo);
tftcaptchaValid(loginCredential.getOtpCaptcha(),loginCredential.getAuthType(),userInfo);
authenticationRealm.getPasswordPolicyValidator().passwordPolicyValid(userInfo);
authenticationRealm.passwordMatches(userInfo, auth.getPassword());
authenticationRealm.passwordMatches(userInfo, loginCredential.getPassword());
UsernamePasswordAuthenticationToken authenticationToken = setOnline(auth,userInfo);
UsernamePasswordAuthenticationToken authenticationToken = setOnline(loginCredential,userInfo);
//RemeberMe Config check then set RemeberMe cookies
if (applicationConfig.getLoginConfig().isRemeberMe()) {
if (auth.getRemeberMe() != null && auth.getRemeberMe().equals("remeberMe")) {
if (loginCredential.getRemeberMe() != null && loginCredential.getRemeberMe().equals("remeberMe")) {
WebContext.getSession().setAttribute(
WebConstants.REMEBER_ME_SESSION,auth.getUsername());
WebConstants.REMEBER_ME_SESSION,loginCredential.getUsername());
_logger.debug("do Remeber Me");
remeberMeService.createRemeberMe(
userInfo.getUsername(),
@ -98,20 +97,19 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
}
@Override
public Authentication basicAuthenticate(Authentication authentication) {
BasicAuthentication auth = (BasicAuthentication) authentication;
UserInfo loadeduserInfo = loadUserInfo(auth.getUsername(), "");
public Authentication basicAuthenticate(LoginCredential loginCredential) {
UserInfo loadeduserInfo = loadUserInfo(loginCredential.getUsername(), "");
if (loadeduserInfo != null) {
authenticationRealm.passwordMatches(loadeduserInfo, auth.getPassword());
authenticationRealm.passwordMatches(loadeduserInfo, loginCredential.getPassword());
authenticationRealm.getPasswordPolicyValidator().passwordPolicyValid(loadeduserInfo);
authenticationRealm.insertLoginHistory(loadeduserInfo, auth.getAuthType(), "", "", "SUCCESS");
authenticationRealm.insertLoginHistory(loadeduserInfo, loginCredential.getAuthType(), "", "", "SUCCESS");
return setOnline(auth,loadeduserInfo);
return setOnline(loginCredential,loadeduserInfo);
}else {
String message = WebContext.getI18nValue("login.error.username");
_logger.debug("login user " + auth.getUsername() + " not in this System ." + message);
_logger.debug("login user " + loginCredential.getUsername() + " not in this System ." + message);
throw new BadCredentialsException(WebContext.getI18nValue("login.error.username"));
}
}
@ -133,12 +131,12 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
String message) {
UserInfo loadeduserInfo = loadUserInfo(username, "");
if (loadeduserInfo != null) {
BasicAuthentication auth = new BasicAuthentication();
auth.setUsername(loadeduserInfo.getUsername());
LoginCredential loginCredential = new LoginCredential();
loginCredential.setUsername(loadeduserInfo.getUsername());
authenticationRealm.insertLoginHistory(loadeduserInfo, type, provider, code, message);
return setOnline(auth,loadeduserInfo);
return setOnline(loginCredential,loadeduserInfo);
}else {
String i18nMessage = WebContext.getI18nValue("login.error.username");
_logger.debug("login user " + username + " not in this System ." + i18nMessage);
@ -146,7 +144,7 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
}
}
public UsernamePasswordAuthenticationToken setOnline(BasicAuthentication authentication,UserInfo userInfo) {
public UsernamePasswordAuthenticationToken setOnline(LoginCredential credential,UserInfo userInfo) {
//Online Tickit Id
String onlineTickitId = WebConstants.ONLINE_TICKET_PREFIX + "-" + java.util.UUID.randomUUID().toString().toLowerCase();
_logger.debug("set online Tickit Cookie " + onlineTickitId + " on domain "+ this.applicationConfig.getBaseDomainName());
@ -157,27 +155,26 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
onlineTickitId,
0);
SigninPrincipal signinPrincipal = new SigninPrincipal(userInfo);
//set OnlineTicket
OnlineTicket onlineTicket = new OnlineTicket(onlineTickitId,authentication);
this.onlineTicketServices.store(onlineTickitId, onlineTicket);
authentication.setOnlineTicket(onlineTicket);
signinPrincipal.setOnlineTicket(onlineTickitId);
ArrayList<GrantedAuthority> grantedAuthoritys = authenticationRealm.grantAuthority(userInfo);
//set default roles
grantedAuthoritys.add(new SimpleGrantedAuthority("ROLE_USER"));
grantedAuthoritys.add(new SimpleGrantedAuthority("ROLE_ORDINARY_USER"));
authentication.setAuthenticated(true);
signinPrincipal.setAuthenticated(true);
for(GrantedAuthority administratorsAuthority : grantedAdministratorsAuthoritys) {
if(grantedAuthoritys.contains(administratorsAuthority)) {
authentication.setRoleAdministrators(true);
signinPrincipal.setRoleAdministrators(true);
_logger.trace("ROLE ADMINISTRATORS Authentication .");
}
}
UsernamePasswordAuthenticationToken authenticationToken =
new UsernamePasswordAuthenticationToken(
authentication,
signinPrincipal,
"PASSWORD",
grantedAuthoritys
);
@ -185,12 +182,13 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
authenticationToken.setDetails(
new WebAuthenticationDetails(WebContext.getRequest()));
OnlineTicket onlineTicket = new OnlineTicket(onlineTickitId,authenticationToken);
this.onlineTicketServices.store(onlineTickitId, onlineTicket);
/*
* put userInfo to current session context
*/
WebContext.setAuthentication(authenticationToken);
userInfo.setOnlineTicket(onlineTicket);
WebContext.setUserInfo(userInfo);
return authenticationToken;

172
maxkey-core/src/main/java/org/maxkey/authn/SigninPrincipal.java Normal file
View File

@ -0,0 +1,172 @@
/*
* Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.maxkey.authn;
import java.util.ArrayList;
import java.util.Collection;
import org.maxkey.domain.UserInfo;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
public class SigninPrincipal implements UserDetails {
private static final long serialVersionUID = -110742975439268030L;
UserInfo userInfo;
UserDetails userDetails;
String onlineTicket;
ArrayList<GrantedAuthority> grantedAuthority;
boolean authenticated;
boolean roleAdministrators;
/**
* SigninPrincipal.
*/
public SigninPrincipal() {
}
/**
* SigninPrincipal.
*/
public SigninPrincipal(UserInfo userInfo) {
this.userInfo = userInfo;
this.authenticated = true;
}
/**
* SigninPrincipal.
*/
public SigninPrincipal(UserDetails userDetails) {
this.userDetails = userDetails;
this.authenticated = true;
}
public UserInfo getUserInfo() {
return userInfo;
}
public void setUserInfo(UserInfo userInfo) {
this.userInfo = userInfo;
}
public boolean isAuthenticated() {
return authenticated;
}
public void setAuthenticated(boolean authenticated) {
this.authenticated = authenticated;
}
@Override
public Collection<? extends GrantedAuthority> getAuthorities() {
return grantedAuthority;
}
public ArrayList<GrantedAuthority> getGrantedAuthority() {
return grantedAuthority;
}
public UserDetails getUserDetails() {
return userDetails;
}
public void setUserDetails(UserDetails userDetails) {
this.userDetails = userDetails;
}
public void setGrantedAuthority(ArrayList<GrantedAuthority> grantedAuthority) {
this.grantedAuthority = grantedAuthority;
}
public String getOnlineTicket() {
return onlineTicket;
}
public void setOnlineTicket(String onlineTicket) {
this.onlineTicket = onlineTicket;
}
public boolean isRoleAdministrators() {
return roleAdministrators;
}
public void setRoleAdministrators(boolean roleAdministrators) {
this.roleAdministrators = roleAdministrators;
}
@Override
public boolean isAccountNonExpired() {
return false;
}
@Override
public boolean isAccountNonLocked() {
return false;
}
@Override
public boolean isCredentialsNonExpired() {
return false;
}
@Override
public boolean isEnabled() {
return false;
}
@Override
public String getUsername() {
if(this.userInfo != null) {
return this.userInfo.getUsername();
}else {
return this.userDetails.getUsername();
}
}
@Override
public String getPassword() {
if(this.userInfo != null) {
return this.userInfo.getPassword();
}else {
return this.userDetails.getPassword();
}
}
@Override
public String toString() {
StringBuilder builder = new StringBuilder();
builder.append("SigninPrincipal [userInfo=");
builder.append(userInfo);
builder.append(", onlineTicket=");
builder.append(onlineTicket);
builder.append(", grantedAuthority=");
builder.append(grantedAuthority);
builder.append(", authenticated=");
builder.append(authenticated);
builder.append(", roleAdministrators=");
builder.append(roleAdministrators);
builder.append("]");
return builder.toString();
}
}

25
maxkey-core/src/main/java/org/maxkey/autoconfigure/MvcAutoConfiguration.java
View File

@ -20,6 +20,9 @@ package org.maxkey.autoconfigure;
import java.nio.charset.Charset;
import java.util.ArrayList;
import java.util.List;
import javax.servlet.Filter;
import org.maxkey.constants.ConstantsProperties;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -28,6 +31,7 @@ import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.web.server.ConfigurableWebServerFactory;
import org.springframework.boot.web.server.ErrorPage;
import org.springframework.boot.web.server.WebServerFactoryCustomizer;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.PropertySource;
@ -39,7 +43,9 @@ import org.springframework.http.converter.StringHttpMessageConverter;
import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
import org.springframework.http.converter.xml.MarshallingHttpMessageConverter;
import org.springframework.oxm.jaxb.Jaxb2Marshaller;
import org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter;
import org.springframework.web.client.RestTemplate;
import org.springframework.web.filter.DelegatingFilterProxy;
import org.springframework.web.multipart.commons.CommonsMultipartResolver;
import org.springframework.web.servlet.i18n.CookieLocaleResolver;
import org.springframework.web.servlet.i18n.LocaleChangeInterceptor;
@ -244,6 +250,25 @@ public class MvcAutoConfiguration implements InitializingBean {
};
}
@Bean
public SecurityContextHolderAwareRequestFilter securityContextHolderAwareRequestFilter() {
_logger.debug("securityContextHolderAwareRequestFilter init ");
return new SecurityContextHolderAwareRequestFilter();
}
@Bean
public FilterRegistrationBean<Filter> delegatingFilterProxy() {
_logger.debug("delegatingFilterProxy init for /* ");
FilterRegistrationBean<Filter> registrationBean = new FilterRegistrationBean<Filter>();
registrationBean.setFilter(new DelegatingFilterProxy("securityContextHolderAwareRequestFilter"));
registrationBean.addUrlPatterns("/*");
//registrationBean.
registrationBean.setName("delegatingFilterProxy");
registrationBean.setOrder(1);
return registrationBean;
}
@Override
public void afterPropertiesSet() throws Exception {
// TODO Auto-generated method stub

11
maxkey-core/src/main/java/org/maxkey/domain/UserInfo.java
View File

@ -26,7 +26,6 @@ import javax.persistence.GenerationType;
import javax.persistence.Id;
import javax.persistence.Table;
import org.apache.mybatis.jpa.persistence.JpaBaseDomain;
import org.maxkey.authn.online.OnlineTicket;
import org.maxkey.util.StringUtils;
import org.springframework.web.multipart.MultipartFile;
@ -230,8 +229,6 @@ public class UserInfo extends JpaBaseDomain {
protected HashMap<String, String> extraAttributeMap;
protected int online;
OnlineTicket onlineTicket;
protected String ldapDn;
@ -1165,14 +1162,6 @@ public class UserInfo extends JpaBaseDomain {
this.createdBy = createdBy;
}
public OnlineTicket getOnlineTicket() {
return onlineTicket;
}
public void setOnlineTicket(OnlineTicket onlineTicket) {
this.onlineTicket = onlineTicket;
}
/**
* @return the createdDate
*/

10
maxkey-core/src/main/java/org/maxkey/domain/apps/Apps.java
View File

@ -153,6 +153,8 @@ public class Apps extends JpaBaseDomain implements Serializable {
protected String loginDateTime;
protected String onlineTicket;
public Apps() {
super();
isSignature = Boolean.FALSE;
@ -549,6 +551,14 @@ public class Apps extends JpaBaseDomain implements Serializable {
this.loginDateTime = loginDateTime;
}
public String getOnlineTicket() {
return onlineTicket;
}
public void setOnlineTicket(String onlineTicket) {
this.onlineTicket = onlineTicket;
}
@Override
public String toString() {
StringBuilder builder = new StringBuilder();

6
maxkey-core/src/main/java/org/maxkey/web/InitializeContext.java
View File

@ -36,6 +36,7 @@ import org.springframework.beans.BeansException;
import org.springframework.context.ApplicationContext;
import org.springframework.context.ConfigurableApplicationContext;
import org.springframework.context.support.PropertySourcesPlaceholderConfigurer;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.web.context.support.WebApplicationContextUtils;
/**
@ -57,7 +58,10 @@ public class InitializeContext extends HttpServlet {
@Override
public void init(ServletConfig config) throws ServletException {
super.init(config);
_logger.info("SecurityContextHolder StrategyName " + SessionSecurityContextHolderStrategy.class.getCanonicalName());
SecurityContextHolder.setStrategyName(SessionSecurityContextHolderStrategy.class.getCanonicalName());
// List Environment Variables
listEnvVars();

51
maxkey-core/src/main/java/org/maxkey/web/SessionSecurityContextHolderStrategy.java Normal file
View File

@ -0,0 +1,51 @@
package org.maxkey.web;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolderStrategy;
import org.springframework.security.core.context.SecurityContextImpl;
/**
* SecurityContext Session for Request , use SecurityContextHolderAwareRequestFilter
* @author Crystal.Sea
*
*/
public class SessionSecurityContextHolderStrategy implements SecurityContextHolderStrategy {
private static final Logger _logger =
LoggerFactory.getLogger(SessionSecurityContextHolderStrategy.class);
@Override
public void clearContext() {
WebContext.removeAttribute(WebConstants.AUTHENTICATION);
}
@Override
public SecurityContext getContext() {
SecurityContext ctx = createEmptyContext();
Authentication authentication = null;
try {
authentication = (Authentication)WebContext.getAuthentication();
if (authentication != null) {
ctx.setAuthentication(authentication);
}
}catch(Exception e) {
_logger.trace("a session ", e);
}
return ctx;
}
@Override
public void setContext(SecurityContext context) {
WebContext.setAuthentication(context.getAuthentication());
}
@Override
public SecurityContext createEmptyContext() {
return new SecurityContextImpl();
}
}

3
maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/adapter/AbstractAuthorizeAdapter.java
View File

@ -19,6 +19,7 @@ package org.maxkey.authz.endpoint.adapter;
import java.io.UnsupportedEncodingException;
import org.apache.commons.codec.binary.Hex;
import org.maxkey.authn.SigninPrincipal;
import org.maxkey.constants.Boolean;
import org.maxkey.crypto.Base64Utils;
import org.maxkey.crypto.ReciprocalUtils;
@ -39,7 +40,7 @@ public abstract class AbstractAuthorizeAdapter {
public abstract ModelAndView authorize(UserInfo userInfo,Object app,String data,ModelAndView modelAndView);
public abstract String generateInfo(UserInfo userInfo,Object app);
public abstract String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app);
public String sign(String data,Apps app){
if(Boolean.isTrue(app.getIsSignature())){

4
maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas10AuthorizeEndpoint.java
View File

@ -23,7 +23,7 @@ package org.maxkey.authz.cas.endpoint;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.maxkey.authn.BasicAuthentication;
import org.maxkey.authn.SigninPrincipal;
import org.maxkey.authz.cas.endpoint.response.Service10ResponseBuilder;
import org.maxkey.authz.cas.endpoint.ticket.CasConstants;
import org.maxkey.authz.cas.endpoint.ticket.Ticket;
@ -102,7 +102,7 @@ renew [OPTIONAL] - if this parameter is set, ticket validation will only succeed
}
if(storedTicket!=null){
String principal=((BasicAuthentication)storedTicket.getAuthentication().getPrincipal()).getUsername();
String principal=((SigninPrincipal)storedTicket.getAuthentication().getPrincipal()).getUsername();
_logger.debug("principal "+principal);
return new Service10ResponseBuilder().success()
.setUser(principal)

7
maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas20AuthorizeEndpoint.java
View File

@ -23,7 +23,7 @@ package org.maxkey.authz.cas.endpoint;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.maxkey.authn.BasicAuthentication;
import org.maxkey.authn.SigninPrincipal;
import org.maxkey.authz.cas.endpoint.response.ProxyServiceResponseBuilder;
import org.maxkey.authz.cas.endpoint.response.ServiceResponseBuilder;
import org.maxkey.authz.cas.endpoint.ticket.CasConstants;
@ -193,7 +193,7 @@ For all error codes, it is RECOMMENDED that CAS provide a more detailed message
ServiceResponseBuilder serviceResponseBuilder=new ServiceResponseBuilder();
if(storedTicket!=null){
BasicAuthentication authentication = ((BasicAuthentication)storedTicket.getAuthentication().getPrincipal());
SigninPrincipal authentication = ((SigninPrincipal)storedTicket.getAuthentication().getPrincipal());
String principal=authentication.getUsername();
_logger.debug("principal "+principal);
serviceResponseBuilder.success().setUser(principal);
@ -201,8 +201,7 @@ For all error codes, it is RECOMMENDED that CAS provide a more detailed message
if(Boolean.isTrue(storedTicket.getCasDetails().getIsAdapter())){
AbstractAuthorizeAdapter adapter =(AbstractAuthorizeAdapter)Instance.newInstance(storedTicket.getCasDetails().getAdapter());
UserInfo userInfo = (UserInfo) userInfoService.loadByUsername(principal);
userInfo.setOnlineTicket(authentication.getOnlineTicket());
adapter.generateInfo(userInfo, serviceResponseBuilder);
adapter.generateInfo(authentication,userInfo, serviceResponseBuilder);
}
}else{
serviceResponseBuilder.failure()

12
maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas30AuthorizeEndpoint.java
View File

@ -23,7 +23,7 @@ package org.maxkey.authz.cas.endpoint;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.maxkey.authn.BasicAuthentication;
import org.maxkey.authn.SigninPrincipal;
import org.maxkey.authz.cas.endpoint.response.ServiceResponseBuilder;
import org.maxkey.authz.cas.endpoint.ticket.CasConstants;
import org.maxkey.authz.cas.endpoint.ticket.Ticket;
@ -76,15 +76,14 @@ public class Cas30AuthorizeEndpoint extends CasBaseAuthorizeEndpoint{
ServiceResponseBuilder serviceResponseBuilder=new ServiceResponseBuilder();
if(storedTicket!=null){
BasicAuthentication authentication = ((BasicAuthentication)storedTicket.getAuthentication().getPrincipal());
SigninPrincipal authentication = ((SigninPrincipal)storedTicket.getAuthentication().getPrincipal());
String principal=authentication.getUsername();
serviceResponseBuilder.success().setUser(principal);
if(Boolean.isTrue(storedTicket.getCasDetails().getIsAdapter())){
AbstractAuthorizeAdapter adapter =(AbstractAuthorizeAdapter)Instance.newInstance(storedTicket.getCasDetails().getAdapter());
UserInfo userInfo = (UserInfo) userInfoService.loadByUsername(principal);
userInfo.setOnlineTicket(authentication.getOnlineTicket());
adapter.generateInfo(userInfo, serviceResponseBuilder);
adapter.generateInfo(authentication,userInfo, serviceResponseBuilder);
}
}else{
serviceResponseBuilder.failure()
@ -123,13 +122,14 @@ public class Cas30AuthorizeEndpoint extends CasBaseAuthorizeEndpoint{
ServiceResponseBuilder serviceResponseBuilder=new ServiceResponseBuilder();
if(storedTicket!=null){
String principal=((BasicAuthentication)storedTicket.getAuthentication().getPrincipal()).getUsername();
SigninPrincipal authentication = ((SigninPrincipal)storedTicket.getAuthentication().getPrincipal());
String principal=authentication.getUsername();
serviceResponseBuilder.success().setUser(principal);
if(Boolean.isTrue(storedTicket.getCasDetails().getIsAdapter())){
AbstractAuthorizeAdapter adapter =(AbstractAuthorizeAdapter)Instance.newInstance(storedTicket.getCasDetails().getAdapter());
UserInfo userInfo = (UserInfo) userInfoService.loadByUsername(principal);
adapter.generateInfo(userInfo, serviceResponseBuilder);
adapter.generateInfo(authentication,userInfo, serviceResponseBuilder);
}
}else{
serviceResponseBuilder.failure()

14
maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java
View File

@ -20,12 +20,13 @@
*/
package org.maxkey.authz.cas.endpoint;
import java.security.Principal;
import java.util.Map;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.maxkey.authn.BasicAuthentication;
import org.maxkey.authn.SigninPrincipal;
import org.maxkey.authn.online.OnlineTicket;
import org.maxkey.authz.cas.endpoint.ticket.CasConstants;
import org.maxkey.authz.cas.endpoint.ticket.ServiceTicketImpl;
@ -36,6 +37,9 @@ import org.maxkey.web.WebConstants;
import org.maxkey.web.WebContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.annotation.AuthenticationPrincipal;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
@ -92,10 +96,12 @@ public class CasAuthorizeEndpoint extends CasBaseAuthorizeEndpoint{
}
@RequestMapping("/authz/cas/granting")
public ModelAndView grantingTicket(
public ModelAndView grantingTicket(Principal principal,
@AuthenticationPrincipal Object user,
HttpServletRequest request,
HttpServletResponse response){
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
AppsCasDetails casDetails=(AppsCasDetails)WebContext.getAttribute(CasConstants.PARAMETER.ENDPOINT_CAS_DETAILS);
ServiceTicketImpl serviceTicket=new ServiceTicketImpl(WebContext.getAuthentication(),casDetails);
@ -129,8 +135,10 @@ public class CasAuthorizeEndpoint extends CasBaseAuthorizeEndpoint{
}
if(casDetails.getLogoutType()==LogoutType.BACK_CHANNEL) {
String onlineTicketId = ((BasicAuthentication)WebContext.getAuthentication().getPrincipal()).getOnlineTicket().getTicketId();
String onlineTicketId = ((SigninPrincipal)WebContext.getAuthentication().getPrincipal()).getOnlineTicket();
OnlineTicket onlineTicket = onlineTicketServices.get(onlineTicketId);
//set cas ticket as OnlineTicketId
casDetails.setOnlineTicket(ticket);
onlineTicket.setAuthorizedApp(casDetails);
onlineTicketServices.store(onlineTicketId, onlineTicket);
}

10
maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasRestV1Endpoint.java
View File

@ -24,7 +24,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.maxkey.authn.AbstractAuthenticationProvider;
import org.maxkey.authn.BasicAuthentication;
import org.maxkey.authn.LoginCredential;
import org.maxkey.authz.cas.endpoint.response.ServiceResponseBuilder;
import org.maxkey.authz.cas.endpoint.ticket.CasConstants;
import org.maxkey.authz.cas.endpoint.ticket.ServiceTicketImpl;
@ -75,9 +75,9 @@ public class CasRestV1Endpoint extends CasBaseAuthorizeEndpoint{
throw new BadCredentialsException("No credentials are provided or extracted to authenticate the REST request");
}
BasicAuthentication authentication =new BasicAuthentication(username,password,"CASREST");
LoginCredential loginCredential =new LoginCredential(username,password,"CASREST");
authenticationProvider.basicAuthenticate(authentication);
authenticationProvider.basicAuthenticate(loginCredential);
TicketGrantingTicketImpl ticketGrantingTicket=new TicketGrantingTicketImpl("Random",WebContext.getAuthentication(),null);
@ -178,9 +178,9 @@ public class CasRestV1Endpoint extends CasBaseAuthorizeEndpoint{
throw new BadCredentialsException("No credentials are provided or extracted to authenticate the REST request");
}
BasicAuthentication authentication =new BasicAuthentication(username,password,"CASREST");
LoginCredential loginCredential =new LoginCredential(username,password,"CASREST");
authenticationProvider.basicAuthenticate(authentication);
authenticationProvider.basicAuthenticate(loginCredential);
UserInfo userInfo =WebContext.getUserInfo();
TicketGrantingTicketImpl ticketGrantingTicket=new TicketGrantingTicketImpl("Random",WebContext.getAuthentication(),null);

5
maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/adapter/CasDefaultAdapter.java
View File

@ -20,6 +20,7 @@ package org.maxkey.authz.cas.endpoint.adapter;
import java.io.UnsupportedEncodingException;
import org.apache.commons.codec.binary.Base64;
import org.maxkey.authn.SigninPrincipal;
import org.maxkey.authz.cas.endpoint.response.ServiceResponseBuilder;
import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
import org.maxkey.domain.UserInfo;
@ -47,7 +48,7 @@ public class CasDefaultAdapter extends AbstractAuthorizeAdapter {
}
@Override
public String generateInfo(UserInfo userInfo, Object serviceResponseObject) {
public String generateInfo(SigninPrincipal authentication,UserInfo userInfo, Object serviceResponseObject) {
ServiceResponseBuilder serviceResponseBuilder=(ServiceResponseBuilder)serviceResponseObject;
//for user
serviceResponseBuilder.setAttribute("uid", userInfo.getId());
@ -66,7 +67,7 @@ public class CasDefaultAdapter extends AbstractAuthorizeAdapter {
serviceResponseBuilder.setAttribute("departmentId", userInfo.getDepartmentId());
serviceResponseBuilder.setAttribute("workRegion",base64Attr(userInfo.getWorkRegion()));
serviceResponseBuilder.setAttribute(WebConstants.ONLINE_TICKET_NAME,userInfo.getOnlineTicket().getTicketId());
serviceResponseBuilder.setAttribute(WebConstants.ONLINE_TICKET_NAME,authentication.getOnlineTicket());
return null;
}

5
maxkey-protocols/maxkey-protocol-desktop/src/main/java/org/maxkey/authz/desktop/endpoint/DesktopAuthorizeEndpoint.java
View File

@ -22,6 +22,7 @@ package org.maxkey.authz.desktop.endpoint;
import javax.servlet.http.HttpServletRequest;
import org.maxkey.authn.SigninPrincipal;
import org.maxkey.authz.desktop.endpoint.adapter.DesktopDefaultAdapter;
import org.maxkey.authz.endpoint.AuthorizeBaseEndpoint;
import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
@ -74,7 +75,9 @@ public class DesktopAuthorizeEndpoint extends AuthorizeBaseEndpoint{
adapter =(AbstractAuthorizeAdapter)defaultDesktopAdapter;
}
String paramString=adapter.generateInfo(WebContext.getUserInfo(), desktopDetails);
String paramString=adapter.generateInfo(
(SigninPrincipal)WebContext.getAuthentication().getPrincipal(),
WebContext.getUserInfo(), desktopDetails);
String encryptParamString=adapter.encrypt(paramString, null, null);

3
maxkey-protocols/maxkey-protocol-desktop/src/main/java/org/maxkey/authz/desktop/endpoint/adapter/DesktopDefaultAdapter.java
View File

@ -19,6 +19,7 @@ package org.maxkey.authz.desktop.endpoint.adapter;
import java.util.HashMap;
import org.maxkey.authn.SigninPrincipal;
import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
import org.maxkey.crypto.HexUtils;
import org.maxkey.domain.UserInfo;
@ -33,7 +34,7 @@ import org.springframework.web.servlet.ModelAndView;
public class DesktopDefaultAdapter extends AbstractAuthorizeAdapter {
final static Logger _logger = LoggerFactory.getLogger(DesktopDefaultAdapter.class);
@Override
public String generateInfo(UserInfo userInfo,Object app) {
public String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app) {
AppsDesktopDetails details=(AppsDesktopDetails)app;
String parameter=details.getParameter()==null?"":details.getParameter();

3
maxkey-protocols/maxkey-protocol-desktop/src/main/java/org/maxkey/authz/desktop/endpoint/adapter/DesktopQQAdapter.java
View File

@ -19,6 +19,7 @@ package org.maxkey.authz.desktop.endpoint.adapter;
import java.util.HashMap;
import org.maxkey.authn.SigninPrincipal;
import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
import org.maxkey.crypto.HexUtils;
import org.maxkey.domain.UserInfo;
@ -33,7 +34,7 @@ import org.springframework.web.servlet.ModelAndView;
public class DesktopQQAdapter extends AbstractAuthorizeAdapter {
final static Logger _logger = LoggerFactory.getLogger(DesktopQQAdapter.class);
@Override
public String generateInfo(UserInfo userInfo,Object app) {
public String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app) {
AppsDesktopDetails details=(AppsDesktopDetails)app;
String parameter=details.getParameter()==null?"":details.getParameter();

3
maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiQQExmailDefaultAdapter.java
View File

@ -19,6 +19,7 @@ package org.maxkey.authz.exapi.endpoint.adapter;
import java.util.HashMap;
import org.maxkey.authn.SigninPrincipal;
import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
import org.maxkey.client.oauth.OAuthClient;
import org.maxkey.client.oauth.model.Token;
@ -38,7 +39,7 @@ public class ExtendApiQQExmailDefaultAdapter extends AbstractAuthorizeAdapter {
static String authkey_uri="http://openapi.exmail.qq.com:12211/openapi/mail/authkey";
@Override
public String generateInfo(UserInfo userInfo,Object app) {
public String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app) {
return null;
}

3
maxkey-protocols/maxkey-protocol-formbased/src/main/java/org/maxkey/authz/formbased/endpoint/adapter/FormBasedDefaultAdapter.java
View File

@ -17,6 +17,7 @@
package org.maxkey.authz.formbased.endpoint.adapter;
import org.maxkey.authn.SigninPrincipal;
import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
import org.maxkey.constants.Boolean;
import org.maxkey.crypto.DigestUtils;
@ -27,7 +28,7 @@ import org.springframework.web.servlet.ModelAndView;
public class FormBasedDefaultAdapter extends AbstractAuthorizeAdapter {
@Override
public String generateInfo(UserInfo userInfo,Object app) {
public String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app) {
return null;
}

3
maxkey-protocols/maxkey-protocol-formbased/src/main/java/org/maxkey/authz/formbased/endpoint/adapter/FormBasedNetease163EmailAdapter.java
View File

@ -17,6 +17,7 @@
package org.maxkey.authz.formbased.endpoint.adapter;
import org.maxkey.authn.SigninPrincipal;
import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
import org.maxkey.constants.Boolean;
import org.maxkey.domain.UserInfo;
@ -26,7 +27,7 @@ import org.springframework.web.servlet.ModelAndView;
public class FormBasedNetease163EmailAdapter extends AbstractAuthorizeAdapter {
@Override
public String generateInfo(UserInfo userInfo,Object app) {
public String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app) {
return null;
}

3
maxkey-protocols/maxkey-protocol-formbased/src/main/java/org/maxkey/authz/formbased/endpoint/adapter/FormBasedNeteaseNoteYoudaoAdapter.java
View File

@ -19,6 +19,7 @@ package org.maxkey.authz.formbased.endpoint.adapter;
import java.util.Date;
import org.maxkey.authn.SigninPrincipal;
import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
import org.maxkey.crypto.DigestUtils;
import org.maxkey.domain.UserInfo;
@ -28,7 +29,7 @@ import org.springframework.web.servlet.ModelAndView;
public class FormBasedNeteaseNoteYoudaoAdapter extends AbstractAuthorizeAdapter {
@Override
public String generateInfo(UserInfo userInfo,Object app) {
public String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app) {
return null;
}

3
maxkey-protocols/maxkey-protocol-formbased/src/main/java/org/maxkey/authz/formbased/endpoint/adapter/FormBasedRedirectAdapter.java
View File

@ -17,6 +17,7 @@
package org.maxkey.authz.formbased.endpoint.adapter;
import org.maxkey.authn.SigninPrincipal;
import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
import org.maxkey.constants.Boolean;
import org.maxkey.crypto.DigestUtils;
@ -28,7 +29,7 @@ import org.springframework.web.servlet.ModelAndView;
public class FormBasedRedirectAdapter extends AbstractAuthorizeAdapter {
@Override
public String generateInfo(UserInfo userInfo,Object app) {
public String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app) {
return null;
}

4
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/controller/OAuth20AccessConfirmationController.java
View File

@ -20,7 +20,7 @@ package org.maxkey.authz.oauth2.provider.approval.controller;
import java.util.HashMap;
import java.util.LinkedHashMap;
import java.util.Map;
import org.maxkey.authn.BasicAuthentication;
import org.maxkey.authn.SigninPrincipal;
import org.maxkey.authz.endpoint.AuthorizeBaseEndpoint;
import org.maxkey.authz.oauth2.common.util.OAuth2Utils;
import org.maxkey.authz.oauth2.provider.AuthorizationRequest;
@ -102,7 +102,7 @@ public class OAuth20AccessConfirmationController {
scopes.put(OAuth2Utils.SCOPE_PREFIX + scope, "false");
}
String principal =
((BasicAuthentication) WebContext.getAuthentication().getPrincipal()).getUsername();
((SigninPrincipal) WebContext.getAuthentication().getPrincipal()).getUsername();
for (Approval approval : approvalStore.getApprovals(principal, client.getClientId())) {
if (clientAuth.getScope().contains(approval.getScope())) {
scopes.put(OAuth2Utils.SCOPE_PREFIX + approval.getScope(),

4
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AuthorizationEndpoint.java
View File

@ -129,7 +129,7 @@ public class AuthorizationEndpoint extends AbstractEndpoint {
@RequestMapping(value = "/oauth/v20/authorize", method = RequestMethod.GET)
public ModelAndView authorize(Map<String, Object> model, @RequestParam Map<String, String> parameters,
SessionStatus sessionStatus) {
Principal principal=(Principal)WebContext.getAuthentication().getPrincipal();
Principal principal=(Principal)WebContext.getAuthentication();
// Pull out the authorization request first, using the OAuth2RequestFactory. All further logic should
// query off of the authorization request instead of referring back to the parameters map. The contents of the
// parameters map will be stored without change in the AuthorizationRequest object once it is created.
@ -208,7 +208,7 @@ public class AuthorizationEndpoint extends AbstractEndpoint {
@RequestMapping(value = "/oauth/v20/authorize", method = RequestMethod.POST, params = OAuth2Utils.USER_OAUTH_APPROVAL)
public View approveOrDeny(@RequestParam Map<String, String> approvalParameters, Map<String, ?> model,
SessionStatus sessionStatus) {
Principal principal=(Principal)WebContext.getAuthentication().getPrincipal();
Principal principal=(Principal)WebContext.getAuthentication();
if (!(principal instanceof Authentication)) {
sessionStatus.setComplete();
throw new InsufficientAuthenticationException(

8
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpoint.java
View File

@ -23,6 +23,7 @@ import java.util.HashSet;
import java.util.Map;
import java.util.Set;
import org.maxkey.authn.SigninPrincipal;
import org.maxkey.authz.oauth2.common.OAuth2AccessToken;
import org.maxkey.authz.oauth2.common.exceptions.InvalidClientException;
import org.maxkey.authz.oauth2.common.exceptions.InvalidGrantException;
@ -41,6 +42,7 @@ import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.security.authentication.InsufficientAuthenticationException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Controller;
import org.springframework.util.StringUtils;
@ -98,9 +100,6 @@ public class TokenEndpoint extends AbstractEndpoint {
Object principal = WebContext.getAuthentication();
if(parameters.get("code") != null) {
principal=WebContext.getAuthentication().getPrincipal();
}
if (!(principal instanceof Authentication)) {
throw new InsufficientAuthenticationException(
"There is no client authentication. Try adding an appropriate authentication filter.");
@ -174,6 +173,9 @@ public class TokenEndpoint extends AbstractEndpoint {
// Might be a client and user combined authentication
clientId = ((OAuth2Authentication) client).getOAuth2Request().getClientId();
}
if (client instanceof UsernamePasswordAuthenticationToken) {
clientId = ((SigninPrincipal)client.getPrincipal()).getUsername();
}
return clientId;
}

5
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpointAuthenticationFilter.java
View File

@ -33,7 +33,7 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.maxkey.authn.BasicAuthentication;
import org.maxkey.authn.SigninPrincipal;
import org.maxkey.authz.oauth2.common.util.OAuth2Utils;
import org.maxkey.authz.oauth2.provider.AuthorizationRequest;
import org.maxkey.authz.oauth2.provider.OAuth2Authentication;
@ -136,8 +136,7 @@ public class TokenEndpointAuthenticationFilter implements Filter {
usernamepassword(request,response);
}else {
Authentication authentication=ClientCredentials(request,response);
BasicAuthentication auth =new BasicAuthentication();
auth.setUsername(((User)authentication.getPrincipal()).getUsername());
SigninPrincipal auth =new SigninPrincipal((User)authentication.getPrincipal());
auth.setAuthenticated(true);
UsernamePasswordAuthenticationToken simpleUserAuthentication = new UsernamePasswordAuthenticationToken(auth, authentication.getCredentials(), authentication.getAuthorities());
WebContext.setAuthentication(simpleUserAuthentication);

5
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/OAuthDefaultUserInfoAdapter.java
View File

@ -19,6 +19,7 @@ package org.maxkey.authz.oauth2.provider.userinfo.endpoint;
import java.util.HashMap;
import org.maxkey.authn.SigninPrincipal;
import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
import org.maxkey.domain.UserInfo;
import org.maxkey.util.JsonUtils;
@ -29,7 +30,7 @@ import org.springframework.web.servlet.ModelAndView;
public class OAuthDefaultUserInfoAdapter extends AbstractAuthorizeAdapter {
@Override
public String generateInfo(UserInfo userInfo,Object app) {
public String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app) {
HashMap<String, Object> beanMap = new HashMap<String, Object>();
beanMap.put("randomId",(new StringGenerator()).uuidGenerate());
beanMap.put("uid", userInfo.getId());
@ -44,7 +45,7 @@ public class OAuthDefaultUserInfoAdapter extends AbstractAuthorizeAdapter {
beanMap.put("title", userInfo.getJobTitle());
beanMap.put("state", userInfo.getWorkRegion());
beanMap.put("gender", userInfo.getGender());
beanMap.put(WebConstants.ONLINE_TICKET_NAME, userInfo.getOnlineTicket().getTicketId());
beanMap.put(WebConstants.ONLINE_TICKET_NAME, authentication.getOnlineTicket());
String info= JsonUtils.object2Json(beanMap);

17
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/UserInfoEndpoint.java
View File

@ -26,7 +26,7 @@ import java.util.UUID;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.maxkey.authn.BasicAuthentication;
import org.maxkey.authn.SigninPrincipal;
import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
import org.maxkey.authz.oauth2.common.exceptions.OAuth2Exception;
import org.maxkey.authz.oauth2.provider.ClientDetailsService;
@ -123,7 +123,7 @@ public class UserInfoEndpoint {
try{
oAuth2Authentication = oauth20tokenServices.loadAuthentication(access_token);
principal=oAuth2Authentication.getPrincipal().toString();
principal=((SigninPrincipal)oAuth2Authentication.getUserAuthentication().getPrincipal()).getUsername();
String client_id= oAuth2Authentication.getOAuth2Request().getClientId();
UserInfo userInfo=queryUserInfo(principal);
@ -135,9 +135,10 @@ public class UserInfoEndpoint {
}else{
adapter =(AbstractAuthorizeAdapter)defaultOAuthUserInfoAdapter;
}
BasicAuthentication authentication = (BasicAuthentication)oAuth2Authentication.getUserAuthentication();
userInfo.setOnlineTicket(authentication.getOnlineTicket());
String jsonData=adapter.generateInfo(userInfo, app);
String jsonData=adapter.generateInfo(
(SigninPrincipal)oAuth2Authentication.getUserAuthentication().getPrincipal(),
userInfo, app);
return jsonData;
}catch(OAuth2Exception e){
HashMap<String,Object>authzException=new HashMap<String,Object>();
@ -163,7 +164,7 @@ public class UserInfoEndpoint {
try{
oAuth2Authentication = oauth20tokenServices.loadAuthentication(access_token);
principal=oAuth2Authentication.getPrincipal().toString();
principal=((SigninPrincipal)oAuth2Authentication.getPrincipal()).getUsername();
Set<String >scopes=oAuth2Authentication.getOAuth2Request().getScope();
ClientDetails clientDetails = clientDetailsService.loadClientByClientId(oAuth2Authentication.getOAuth2Request().getClientId());
@ -172,10 +173,10 @@ public class UserInfoEndpoint {
String userJson="";
Builder jwtClaimsSetBuilder= new JWTClaimsSet.Builder();
BasicAuthentication authentication = (BasicAuthentication)oAuth2Authentication.getUserAuthentication();
SigninPrincipal authentication = (SigninPrincipal)oAuth2Authentication.getUserAuthentication().getPrincipal();
jwtClaimsSetBuilder.claim("sub", userInfo.getId());
jwtClaimsSetBuilder.claim(WebConstants.ONLINE_TICKET_NAME, authentication.getOnlineTicket().getTicketId());
jwtClaimsSetBuilder.claim(WebConstants.ONLINE_TICKET_NAME, authentication.getOnlineTicket());
if(scopes.contains("profile")){
jwtClaimsSetBuilder.claim("name", userInfo.getUsername());

4
maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/AssertionEndpoint.java
View File

@ -22,6 +22,7 @@ import java.util.HashMap;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.maxkey.authn.SigninPrincipal;
import org.maxkey.authz.saml.common.AuthnRequestInfo;
import org.maxkey.authz.saml.common.EndpointGenerator;
import org.maxkey.authz.saml20.binding.BindingAdapter;
@ -72,8 +73,7 @@ public class AssertionEndpoint {
logger.debug("AuthnRequestInfo: {}", authnRequestInfo);
HashMap <String,String>attributeMap=new HashMap<String,String>();
attributeMap.put(WebConstants.ONLINE_TICKET_NAME, WebContext.getUserInfo().getOnlineTicket().getTicketId());
attributeMap.put(WebConstants.ONLINE_TICKET_NAME, ((SigninPrincipal)WebContext.getAuthentication().getPrincipal()).getOnlineTicket());
//saml20Details
Response authResponse = authnResponseGenerator.generateAuthnResponse(

2
maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/TokenBasedAuthorizeEndpoint.java
View File

@ -24,6 +24,7 @@ import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.maxkey.authn.SigninPrincipal;
import org.maxkey.authz.endpoint.AuthorizeBaseEndpoint;
import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
import org.maxkey.authz.token.endpoint.adapter.TokenBasedDefaultAdapter;
@ -82,6 +83,7 @@ public class TokenBasedAuthorizeEndpoint extends AuthorizeBaseEndpoint{
}
String tokenData=adapter.generateInfo(
(SigninPrincipal)WebContext.getAuthentication().getPrincipal(),
WebContext.getUserInfo(),
tokenBasedDetails);

5
maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedDefaultAdapter.java
View File

@ -20,6 +20,7 @@ package org.maxkey.authz.token.endpoint.adapter;
import java.util.Date;
import java.util.HashMap;
import org.maxkey.authn.SigninPrincipal;
import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
import org.maxkey.domain.UserInfo;
import org.maxkey.domain.apps.AppsTokenBasedDetails;
@ -34,7 +35,7 @@ import org.springframework.web.servlet.ModelAndView;
public class TokenBasedDefaultAdapter extends AbstractAuthorizeAdapter {
final static Logger _logger = LoggerFactory.getLogger(TokenBasedDefaultAdapter.class);
@Override
public String generateInfo(UserInfo userInfo,Object app) {
public String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app) {
AppsTokenBasedDetails details=(AppsTokenBasedDetails)app;
HashMap<String,String> beanMap=new HashMap<String,String>();
@ -71,7 +72,7 @@ public class TokenBasedDefaultAdapter extends AbstractAuthorizeAdapter {
}
beanMap.put("displayName", userInfo.getDisplayName());
beanMap.put(WebConstants.ONLINE_TICKET_NAME, userInfo.getOnlineTicket().getTicketId());
beanMap.put(WebConstants.ONLINE_TICKET_NAME, authentication.getOnlineTicket());
/*
* use UTC date time format

5
maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedJWTAdapter.java
View File

@ -22,6 +22,7 @@ import java.util.Date;
import java.util.UUID;
import org.joda.time.DateTime;
import org.maxkey.authn.SigninPrincipal;
import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
import org.maxkey.configuration.oidc.OIDCProviderMetadata;
import org.maxkey.crypto.jwt.signer.service.JwtSigningAndValidationService;
@ -44,7 +45,7 @@ import com.nimbusds.jwt.SignedJWT;
public class TokenBasedJWTAdapter extends AbstractAuthorizeAdapter {
final static Logger _logger = LoggerFactory.getLogger(TokenBasedJWTAdapter.class);
@Override
public String generateInfo(UserInfo userInfo,Object app) {
public String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app) {
AppsTokenBasedDetails details=(AppsTokenBasedDetails)app;
@ -68,7 +69,7 @@ public class TokenBasedJWTAdapter extends AbstractAuthorizeAdapter {
.claim("user_id", userInfo.getId())
.claim("external_id", userInfo.getId())
.claim("locale", userInfo.getLocale())
.claim(WebConstants.ONLINE_TICKET_NAME, userInfo.getOnlineTicket().getTicketId())
.claim(WebConstants.ONLINE_TICKET_NAME, authentication.getOnlineTicket())
.claim("kid", jwtSignerService.getDefaultSignerKeyId())
.build();

5
maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedJWTHS256Adapter.java
View File

@ -22,6 +22,7 @@ import java.util.Date;
import java.util.UUID;
import org.joda.time.DateTime;
import org.maxkey.authn.SigninPrincipal;
import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
import org.maxkey.configuration.oidc.OIDCProviderMetadata;
import org.maxkey.crypto.ReciprocalUtils;
@ -48,7 +49,7 @@ public class TokenBasedJWTHS256Adapter extends AbstractAuthorizeAdapter {
private SymmetricSigningAndValidationServiceBuilder symmetricJwtSignerServiceBuilder=new SymmetricSigningAndValidationServiceBuilder();
@Override
public String generateInfo(UserInfo userInfo,Object app) {
public String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app) {
AppsTokenBasedDetails details=(AppsTokenBasedDetails)app;
OIDCProviderMetadata providerMetadata= (OIDCProviderMetadata)WebContext.getBean("oidcProviderMetadata");
@ -68,7 +69,7 @@ public class TokenBasedJWTHS256Adapter extends AbstractAuthorizeAdapter {
.claim("email", userInfo.getWorkEmail())
.claim("name", userInfo.getUsername())
.claim("user_id", userInfo.getId())
.claim(WebConstants.ONLINE_TICKET_NAME, userInfo.getOnlineTicket().getTicketId())
.claim(WebConstants.ONLINE_TICKET_NAME, authentication.getOnlineTicket())
.claim("external_id", userInfo.getId())
.claim("locale", userInfo.getLocale())
.claim("kid", "SYMMETRIC-KEY")

3
maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedSimpleAdapter.java
View File

@ -19,6 +19,7 @@ package org.maxkey.authz.token.endpoint.adapter;
import java.util.Date;
import org.maxkey.authn.SigninPrincipal;
import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
import org.maxkey.domain.UserInfo;
import org.maxkey.domain.apps.AppsTokenBasedDetails;
@ -30,7 +31,7 @@ import org.springframework.web.servlet.ModelAndView;
public class TokenBasedSimpleAdapter extends AbstractAuthorizeAdapter {
final static Logger _logger = LoggerFactory.getLogger(TokenBasedSimpleAdapter.class);
@Override
public String generateInfo(UserInfo userInfo,Object app) {
public String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app) {
AppsTokenBasedDetails details=(AppsTokenBasedDetails)app;
String tokenUsername = userInfo.getUsername();

6
maxkey-web-manage/src/main/java/org/maxkey/web/endpoint/LoginEndpoint.java
View File

@ -21,7 +21,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.maxkey.authn.AbstractAuthenticationProvider;
import org.maxkey.authn.BasicAuthentication;
import org.maxkey.authn.LoginCredential;
import org.maxkey.authn.support.jwt.JwtLoginService;
import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
import org.maxkey.configuration.ApplicationConfig;
@ -110,12 +110,12 @@ public class LoginEndpoint {
}
@RequestMapping(value={"/logon.do"})
public ModelAndView logon(@ModelAttribute("authentication") BasicAuthentication authentication) {
public ModelAndView logon(@ModelAttribute("loginCredential") LoginCredential loginCredential) {
if(WebContext.isAuthenticated()){
return WebContext.redirect("/main");
}else{
authenticationProvider.authenticate(authentication);
authenticationProvider.authenticate(loginCredential);
return WebContext.redirect("/login");
}
}

4
maxkey-web-manage/src/main/java/org/maxkey/web/interceptor/PermissionAdapter.java
View File

@ -23,7 +23,7 @@ import javax.servlet.RequestDispatcher;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.maxkey.authn.BasicAuthentication;
import org.maxkey.authn.SigninPrincipal;
import org.maxkey.configuration.ApplicationConfig;
import org.maxkey.web.WebContext;
import org.slf4j.Logger;
@ -68,7 +68,7 @@ public class PermissionAdapter extends HandlerInterceptorAdapter {
}
//非管理员用户直接注销
if (!((BasicAuthentication) WebContext.getAuthentication().getPrincipal()).isRoleAdministrators()) {
if (!((SigninPrincipal) WebContext.getAuthentication().getPrincipal()).isRoleAdministrators()) {
_logger.debug("Not ADMINISTRATORS Authentication .");
RequestDispatcher dispatcher = request.getRequestDispatcher("/logout");
dispatcher.forward(request, response);

3
maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/AppListController.java
View File

@ -17,6 +17,7 @@
package org.maxkey.web.contorller;
import java.security.Principal;
import java.util.List;
import org.maxkey.constants.ConstantsOperateMessage;
import org.maxkey.constants.ConstantsProtocols;
@ -67,7 +68,7 @@ public class AppListController {
*/
@RequestMapping(value = { "/appList" })
public ModelAndView appList(
@RequestParam(value = "gridList", required = false) String gridList) {
@RequestParam(value = "gridList", required = false) String gridList,Principal principal) {
ModelAndView modelAndView = new ModelAndView("main/appList");
userInfoService.updateGridList(gridList);
modelAndView.addObject("appList", queryAccessableApps());

7
maxkey-web-maxkey/src/main/java/org/maxkey/web/endpoint/LoginEndpoint.java
View File

@ -25,13 +25,12 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.maxkey.authn.AbstractAuthenticationProvider;
import org.maxkey.authn.BasicAuthentication;
import org.maxkey.authn.LoginCredential;
import org.maxkey.authn.support.kerberos.KerberosService;
import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
import org.maxkey.authn.support.socialsignon.service.SocialSignOnProviderService;
import org.maxkey.authn.support.wsfederation.WsFederationConstants;
import org.maxkey.configuration.ApplicationConfig;
import org.maxkey.constants.ConstantsOperateMessage;
import org.maxkey.constants.ConstantsStatus;
import org.maxkey.crypto.password.opt.AbstractOptAuthn;
import org.maxkey.domain.UserInfo;
@ -185,9 +184,9 @@ public class LoginEndpoint {
public ModelAndView logon(
HttpServletRequest request,
HttpServletResponse response,
@ModelAttribute("authentication") BasicAuthentication authentication) throws ServletException, IOException {
@ModelAttribute("loginCredential") LoginCredential loginCredential) throws ServletException, IOException {
authenticationProvider.authenticate(authentication);
authenticationProvider.authenticate(loginCredential);
if (WebContext.isAuthenticated()) {
return WebContext.redirect("/forwardindex");

11
maxkey-web-maxkey/src/main/resources/application.properties
View File

@ -3,25 +3,28 @@
application.title=MaxKey
application.name=MaxKey
application.formatted-version=v2.3.0 GA
#server config
#spring.profiles.active=dev
#server port
#server.port=80
server.port=443
#ssl
server.ssl.key-store=maxkeyserver.keystore
server.ssl.key-alias=maxkey
server.ssl.enabled=true
server.ssl.key-store-password=maxkey
server.ssl.key-store-type=JKS
#web app context path
server.servlet.context-path=/maxkey
spring.servlet.multipart.enabled=true
spring.servlet.multipart.max-file-size=4194304
#encoding
#server.servlet.encoding.charset=UTF-8
#server.servlet.encoding.enabled=true
#server.servlet.encoding.force=true
#datasource
spring.datasource.username=root
spring.datasource.password=maxkey
@ -32,6 +35,7 @@ spring.datasource.type=com.alibaba.druid.pool.DruidDataSource
mybatis.type-aliases-package=org.maxkey.domain,org.maxkey.domain.apps,
mybatis.mapper-locations=classpath*:/org/maxkey/persistence/mapper/xml/mysql/*.xml
mybatis.table-column-escape=true
#redis
spring.redis.host=127.0.0.1
spring.redis.port=6379
@ -53,6 +57,7 @@ spring.mail.properties.ssl=true
spring.mail.properties.sender=maxkey@163.com
spring.mail.properties.mailotp.message.subject=MaxKey One Time PassWord
spring.mail.properties.mailotp.message.template={0} You Token is {1} , it validity in {2} minutes.
#for freemarker
spring.freemarker.template-loader-path=classpath:/templates/views
spring.freemarker.cache=false
@ -63,10 +68,12 @@ spring.freemarker.expose-request-attributes=false
spring.freemarker.expose-session-attributes=false
spring.freemarker.request-context-attribute=request
spring.freemarker.suffix=.ftl
#static resources
spring.mvc.static-path-pattern=/static/**
spring.messages.basename=classpath:messages/message
spring.messages.encoding=UTF-8
#main
spring.main.banner-mode=log
spring.main.allow-bean-definition-overriding=true