diff --git a/ReleaseNotes.txt b/ReleaseNotes.txt index d6a50007a..765b0c272 100644 --- a/ReleaseNotes.txt +++ b/ReleaseNotes.txt @@ -9,7 +9,10 @@ *(MAXKEY-200908) 应用修改时数字大于4为长度格式化问题 *(MAXKEY-200910) 注销后,点击重新登陆跳转问题 *(MAXKEY-200911) 增加SP登录跳转功能,支持knox的认证 - *(MAXKEY-200912) 构建脚本的优化和更新 + *(MAXKEY-200912) 构建脚本的优化和更新 + *(MAXKEY-200913) 权限控制 RoleAdministrators + *(MAXKEY-200914) 社交账号登录优化 + *(MAXKEY-200915) 列表界面中未”选择“情况下,弹出界面错误 *(MAXKEY-200920) 依赖jar引用、更新和升级 druid 1.2.1 JustAuth 1.15.8 diff --git a/maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java b/maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java index 971b174d5..0aee2490d 100644 --- a/maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java +++ b/maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java @@ -17,6 +17,8 @@ package org.maxkey.authn; +import java.util.ArrayList; + import org.maxkey.authn.online.OnlineTicketServices; import org.maxkey.authn.realm.AbstractAuthenticationRealm; import org.maxkey.authn.support.rememberme.AbstractRemeberMeService; @@ -35,6 +37,8 @@ import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.AuthenticationException; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; /** * login Authentication abstract class. @@ -65,6 +69,12 @@ public abstract class AbstractAuthenticationProvider { @Autowired @Qualifier("onlineTicketServices") protected OnlineTicketServices onlineTicketServices; + + static ArrayList grantedAdministratorsAuthoritys = new ArrayList(); + + static { + grantedAdministratorsAuthoritys.add(new SimpleGrantedAuthority("ROLE_ADMINISTRATORS")); + } protected abstract String getProviderName(); diff --git a/maxkey-core/src/main/java/org/maxkey/authn/BasicAuthentication.java b/maxkey-core/src/main/java/org/maxkey/authn/BasicAuthentication.java index 97f3af680..8de5cc9e2 100644 --- a/maxkey-core/src/main/java/org/maxkey/authn/BasicAuthentication.java +++ b/maxkey-core/src/main/java/org/maxkey/authn/BasicAuthentication.java @@ -23,7 +23,6 @@ import java.util.Collection; import org.maxkey.authn.online.OnlineTicket; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; -import org.springframework.security.core.authority.SimpleGrantedAuthority; public class BasicAuthentication implements Authentication { @@ -39,14 +38,12 @@ public class BasicAuthentication implements Authentication { OnlineTicket onlineTicket; ArrayList grantedAuthority; boolean authenticated; + boolean roleAdministrators; /** * BasicAuthentication. */ public BasicAuthentication() { - grantedAuthority = new ArrayList(); - grantedAuthority.add(new SimpleGrantedAuthority("ROLE_USER")); - grantedAuthority.add(new SimpleGrantedAuthority("ORDINARY_USER")); } /** @@ -56,9 +53,6 @@ public class BasicAuthentication implements Authentication { this.username = username; this.password = password; this.authType = authType; - grantedAuthority = new ArrayList(); - grantedAuthority.add(new SimpleGrantedAuthority("ROLE_USER")); - grantedAuthority.add(new SimpleGrantedAuthority("ORDINARY_USER")); } @Override public String getName() { @@ -177,6 +171,14 @@ public class BasicAuthentication implements Authentication { this.onlineTicket = onlineTicket; } + public boolean isRoleAdministrators() { + return roleAdministrators; + } + + public void setRoleAdministrators(boolean roleAdministrators) { + this.roleAdministrators = roleAdministrators; + } + @Override public String toString() { StringBuilder builder = new StringBuilder(); diff --git a/maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java b/maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java index b15810640..8440ed3a3 100644 --- a/maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java +++ b/maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java @@ -17,6 +17,8 @@ package org.maxkey.authn; +import java.util.ArrayList; + import org.maxkey.authn.online.OnlineTicket; import org.maxkey.domain.UserInfo; import org.maxkey.web.WebConstants; @@ -26,6 +28,8 @@ import org.slf4j.LoggerFactory; import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.web.authentication.WebAuthenticationDetails; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; @@ -157,13 +161,25 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider OnlineTicket onlineTicket = new OnlineTicket(onlineTickitId,authentication); this.onlineTicketServices.store(onlineTickitId, onlineTicket); authentication.setOnlineTicket(onlineTicket); + ArrayList grantedAuthoritys = authenticationRealm.grantAuthority(userInfo); + //set default roles + grantedAuthoritys.add(new SimpleGrantedAuthority("ROLE_USER")); + grantedAuthoritys.add(new SimpleGrantedAuthority("ROLE_ORDINARY_USER")); authentication.setAuthenticated(true); + + for(GrantedAuthority administratorsAuthority : grantedAdministratorsAuthoritys) { + if(grantedAuthoritys.contains(administratorsAuthority)) { + authentication.setRoleAdministrators(true); + _logger.trace("ROLE ADMINISTRATORS Authentication ."); + } + } + UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken( authentication, "PASSWORD", - authenticationRealm.grantAuthority(userInfo) + grantedAuthoritys ); authenticationToken.setDetails( diff --git a/maxkey-web-manage/src/main/java/org/maxkey/web/interceptor/PermissionAdapter.java b/maxkey-web-manage/src/main/java/org/maxkey/web/interceptor/PermissionAdapter.java index 7870981eb..25f7928ed 100644 --- a/maxkey-web-manage/src/main/java/org/maxkey/web/interceptor/PermissionAdapter.java +++ b/maxkey-web-manage/src/main/java/org/maxkey/web/interceptor/PermissionAdapter.java @@ -23,13 +23,13 @@ import javax.servlet.RequestDispatcher; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.maxkey.authn.BasicAuthentication; import org.maxkey.configuration.ApplicationConfig; import org.maxkey.web.WebContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; -import org.springframework.context.annotation.Configuration; import org.springframework.stereotype.Component; import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; /** @@ -48,6 +48,7 @@ public class PermissionAdapter extends HandlerInterceptorAdapter { private ApplicationConfig applicationConfig; static ConcurrentHashMapnavigationsMap=null; + /* * 请求前处理 * (non-Javadoc) @@ -58,13 +59,21 @@ public class PermissionAdapter extends HandlerInterceptorAdapter { _logger.trace("PermissionAdapter preHandle"); //判断用户是否登录 - if(WebContext.getAuthentication()==null||WebContext.getAuthentication().getAuthorities()==null){//判断用户和角色,判断用户是否登录用户 - _logger.trace("No Authentication ... forward to /login"); - RequestDispatcher dispatcher = request.getRequestDispatcher("/login"); - dispatcher.forward(request, response); - return false; - } - + if(WebContext.getAuthentication()==null + ||WebContext.getAuthentication().getAuthorities()==null){//判断用户和角色,判断用户是否登录用户 + _logger.trace("No Authentication ... forward to /login"); + RequestDispatcher dispatcher = request.getRequestDispatcher("/login"); + dispatcher.forward(request, response); + return false; + } + + //非管理员用户直接注销 + if (!((BasicAuthentication) WebContext.getAuthentication().getPrincipal()).isRoleAdministrators()) { + _logger.debug("Not ADMINISTRATORS Authentication ."); + RequestDispatcher dispatcher = request.getRequestDispatcher("/logout"); + dispatcher.forward(request, response); + return false; + } boolean hasAccess=true; diff --git a/maxkey-web-manage/src/main/resources/templates/views/groupapp/groupAppsList.ftl b/maxkey-web-manage/src/main/resources/templates/views/groupapp/groupAppsList.ftl index cb732533c..6d56f052b 100644 --- a/maxkey-web-manage/src/main/resources/templates/views/groupapp/groupAppsList.ftl +++ b/maxkey-web-manage/src/main/resources/templates/views/groupapp/groupAppsList.ftl @@ -11,6 +11,10 @@ $(function () { $("#addGroupAppsBtn").on("click",function(){ + if($("#groupId").val()==""){ + $.alert({content:$.platform.messages.select.alertText}); + return; + } var settings={ url : "<@base/>/groupPrivileges/addGroupAppsList/"+$("#groupId").val(),//window url title : "New",//title diff --git a/maxkey-web-manage/src/main/resources/templates/views/groupuser/groupUsersList.ftl b/maxkey-web-manage/src/main/resources/templates/views/groupuser/groupUsersList.ftl index 3d82b8c96..c5eef7993 100644 --- a/maxkey-web-manage/src/main/resources/templates/views/groupuser/groupUsersList.ftl +++ b/maxkey-web-manage/src/main/resources/templates/views/groupuser/groupUsersList.ftl @@ -11,7 +11,11 @@ $(function () { - $("#insertGroupUserBtn").on("click",function(){ + $("#insertGroupUserBtn").on("click",function(){ + if($("#groupId").val()==""){ + $.alert({content:$.platform.messages.select.alertText}); + return; + } var settings={ url : "<@base/>/groupMember/addGroupAppsList/"+$("#groupId").val(),//window url title : "New",//title diff --git a/maxkey-web-manage/src/main/resources/templates/views/resources/resourceAdd.ftl b/maxkey-web-manage/src/main/resources/templates/views/resources/resourceAdd.ftl index acfe59088..dc2b87833 100644 --- a/maxkey-web-manage/src/main/resources/templates/views/resources/resourceAdd.ftl +++ b/maxkey-web-manage/src/main/resources/templates/views/resources/resourceAdd.ftl @@ -15,6 +15,14 @@ $(function () { $("#appId").val($.cookie("select_app_id")); $("#parentId").val($.cookie("select_res_id")); $("#parentName").val($.cookie("select_res_name")); + + if($("#parentId").val()==""){ + $.alert({ + content:$.platform.messages.select.alertText, + callback:function (){$.closeWindow();} + }); + + } }); diff --git a/maxkey-web-manage/src/main/resources/templates/views/roleusers/roleUsersList.ftl b/maxkey-web-manage/src/main/resources/templates/views/roleusers/roleUsersList.ftl index fe8daa48a..1f21b5979 100644 --- a/maxkey-web-manage/src/main/resources/templates/views/roleusers/roleUsersList.ftl +++ b/maxkey-web-manage/src/main/resources/templates/views/roleusers/roleUsersList.ftl @@ -12,6 +12,10 @@ $(function () { $("#insertGroupUserBtn").on("click",function(){ + if($("#roleId").val()==""){ + $.alert({content:$.platform.messages.select.alertText}); + return; + } var settings={ url : "<@base/>/rolemembers/addRoleAppsList/"+$("#roleId").val(),//window url title : "New",//title diff --git a/maxkey-web-manage/src/main/resources/templates/views/userinfo/userAdd.ftl b/maxkey-web-manage/src/main/resources/templates/views/userinfo/userAdd.ftl index 877ecaa38..8bf02a700 100644 --- a/maxkey-web-manage/src/main/resources/templates/views/userinfo/userAdd.ftl +++ b/maxkey-web-manage/src/main/resources/templates/views/userinfo/userAdd.ftl @@ -51,7 +51,8 @@ <@locale code="userinfo.username" />: - + + <@locale code="login.text.password" />: diff --git a/maxkey-web-manage/src/main/resources/templates/views/userinfo/usersList.ftl b/maxkey-web-manage/src/main/resources/templates/views/userinfo/usersList.ftl index 80c5de74a..51d83e67f 100644 --- a/maxkey-web-manage/src/main/resources/templates/views/userinfo/usersList.ftl +++ b/maxkey-web-manage/src/main/resources/templates/views/userinfo/usersList.ftl @@ -136,9 +136,13 @@ $(function () { } );//end tree - $("#changepwdBtn").on("click",function(){ - $("#changepwdBtnHidden").attr("wurl","<@base/>/userinfo/forwardChangePassword/"+$.dataGridSelRowsData("#datagrid")[0].id); - $("#changepwdBtnHidden").click(); + $("#changepwdBtn").on("click",function(){ + if($.dataGridSelRowsData("#datagrid")[0]==null){ + $.alert({content:$.platform.messages.select.alertText}); + return; + } + $("#changepwdBtnHidden").attr("wurl","<@base/>/userinfo/forwardChangePassword/"+$.dataGridSelRowsData("#datagrid")[0].id); + $("#changepwdBtnHidden").click(); }); }); diff --git a/maxkey-web-maxkey/src/main/resources/templates/views/layout/top.ftl b/maxkey-web-maxkey/src/main/resources/templates/views/layout/top.ftl index 94588f110..7c3bde932 100644 --- a/maxkey-web-maxkey/src/main/resources/templates/views/layout/top.ftl +++ b/maxkey-web-maxkey/src/main/resources/templates/views/layout/top.ftl @@ -40,12 +40,13 @@
  <@locale code="login.password.changepassword"/>  
+ <#if Session["current_authentication"].principal.roleAdministrators==true >
  <@locale code="global.text.manage"/>  
 - +
  <@locale code="global.text.logout"/>  
diff --git a/sql/maxkey_v2.2.0.GA.sql b/sql/oldversions/maxkey_v2.2.0.GA.sql similarity index 100% rename from sql/maxkey_v2.2.0.GA.sql rename to sql/oldversions/maxkey_v2.2.0.GA.sql