Merge branch 'master' of https://github.com/MaxKeyTop/MaxKey

ReleaseNotes.txt

@@ -10,6 +10,9 @@
 	*(MAXKEY-200910)  注销后，点击重新登陆跳转问题
 	*(MAXKEY-200911)  增加SP登录跳转功能，支持knox的认证
 	*(MAXKEY-200912)  构建脚本的优化和更新
+	*(MAXKEY-200913)  权限控制 RoleAdministrators 
+	*(MAXKEY-200914)  社交账号登录优化
+	*(MAXKEY-200915)  列表界面中未”选择“情况下，弹出界面错误
 	*(MAXKEY-200920)  依赖jar引用、更新和升级
 	    druid 1.2.1
 	    JustAuth 1.15.8

maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java

@@ -17,6 +17,8 @@
 
 package org.maxkey.authn;
 
+import java.util.ArrayList;
+
 import org.maxkey.authn.online.OnlineTicketServices;
 import org.maxkey.authn.realm.AbstractAuthenticationRealm;
 import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
@@ -35,6 +37,8 @@ import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
 
 /**
  * login Authentication abstract class.
@@ -66,6 +70,12 @@ public abstract class AbstractAuthenticationProvider {
     @Qualifier("onlineTicketServices")
     protected OnlineTicketServices onlineTicketServices;
     
+    static  ArrayList<GrantedAuthority> grantedAdministratorsAuthoritys = new ArrayList<GrantedAuthority>();
+    
+    static {
+        grantedAdministratorsAuthoritys.add(new SimpleGrantedAuthority("ROLE_ADMINISTRATORS"));
+    }
+
     protected abstract String getProviderName();
 
     protected abstract Authentication doInternalAuthenticate(Authentication authentication);

maxkey-core/src/main/java/org/maxkey/authn/BasicAuthentication.java

@@ -23,7 +23,6 @@ import java.util.Collection;
 import org.maxkey.authn.online.OnlineTicket;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
-import org.springframework.security.core.authority.SimpleGrantedAuthority;
 
 
 public class BasicAuthentication implements Authentication {
@@ -39,14 +38,12 @@ public class BasicAuthentication implements Authentication {
     OnlineTicket onlineTicket;
     ArrayList<GrantedAuthority> grantedAuthority;
     boolean authenticated;
+    boolean roleAdministrators;
 
     /**
      * BasicAuthentication.
      */
     public BasicAuthentication() {
-        grantedAuthority = new ArrayList<GrantedAuthority>();
-        grantedAuthority.add(new SimpleGrantedAuthority("ROLE_USER"));
-        grantedAuthority.add(new SimpleGrantedAuthority("ORDINARY_USER"));
     }
 
     /**
@@ -56,9 +53,6 @@ public class BasicAuthentication implements Authentication {
         this.username = username;
         this.password = password;
         this.authType = authType;
-        grantedAuthority = new ArrayList<GrantedAuthority>();
-        grantedAuthority.add(new SimpleGrantedAuthority("ROLE_USER"));
-        grantedAuthority.add(new SimpleGrantedAuthority("ORDINARY_USER"));
     }
     @Override
     public String getName() {
@@ -177,6 +171,14 @@ public class BasicAuthentication implements Authentication {
         this.onlineTicket = onlineTicket;
     }
 
+    public boolean isRoleAdministrators() {
+        return roleAdministrators;
+    }
+
+    public void setRoleAdministrators(boolean roleAdministrators) {
+        this.roleAdministrators = roleAdministrators;
+    }
+
     @Override
     public String toString() {
         StringBuilder builder = new StringBuilder();

maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java

@@ -17,6 +17,8 @@
 
 package org.maxkey.authn;
 
+import java.util.ArrayList;
+
 import org.maxkey.authn.online.OnlineTicket;
 import org.maxkey.domain.UserInfo;
 import org.maxkey.web.WebConstants;
@@ -26,6 +28,8 @@ import org.slf4j.LoggerFactory;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.web.authentication.WebAuthenticationDetails;
 import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
@@ -157,13 +161,25 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
         OnlineTicket onlineTicket = new OnlineTicket(onlineTickitId,authentication);
         this.onlineTicketServices.store(onlineTickitId, onlineTicket);
         authentication.setOnlineTicket(onlineTicket);
+        ArrayList<GrantedAuthority> grantedAuthoritys = authenticationRealm.grantAuthority(userInfo);
+        //set default roles
+        grantedAuthoritys.add(new SimpleGrantedAuthority("ROLE_USER"));
+        grantedAuthoritys.add(new SimpleGrantedAuthority("ROLE_ORDINARY_USER"));
         
         authentication.setAuthenticated(true);
+        
+        for(GrantedAuthority administratorsAuthority : grantedAdministratorsAuthoritys) {
+            if(grantedAuthoritys.contains(administratorsAuthority)) {
+                authentication.setRoleAdministrators(true);
+                _logger.trace("ROLE ADMINISTRATORS Authentication .");
+            }
+        }
+        
         UsernamePasswordAuthenticationToken authenticationToken =
                 new UsernamePasswordAuthenticationToken(
                         authentication, 
                         "PASSWORD", 
-                        authenticationRealm.grantAuthority(userInfo)
+                        grantedAuthoritys
                 );
         
         authenticationToken.setDetails(

maxkey-web-manage/src/main/java/org/maxkey/web/interceptor/PermissionAdapter.java

@@ -23,13 +23,13 @@ import javax.servlet.RequestDispatcher;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.maxkey.authn.BasicAuthentication;
 import org.maxkey.configuration.ApplicationConfig;
 import org.maxkey.web.WebContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
-import org.springframework.context.annotation.Configuration;
 import org.springframework.stereotype.Component;
 import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
 /**
@@ -48,6 +48,7 @@ public class PermissionAdapter extends HandlerInterceptorAdapter {
 	private ApplicationConfig applicationConfig;
 	
 	static  ConcurrentHashMap<String ,String >navigationsMap=null;
+	
 	/*
 	 * 请求前处理
 	 *  (non-Javadoc)
@@ -58,13 +59,21 @@ public class PermissionAdapter extends HandlerInterceptorAdapter {
 		 _logger.trace("PermissionAdapter preHandle");
 		
 		//判断用户是否登录
-		if(WebContext.getAuthentication()==null||WebContext.getAuthentication().getAuthorities()==null){//判断用户和角色，判断用户是否登录用户
+        if(WebContext.getAuthentication()==null
+                ||WebContext.getAuthentication().getAuthorities()==null){//判断用户和角色，判断用户是否登录用户
             _logger.trace("No Authentication ... forward to /login");
             RequestDispatcher dispatcher = request.getRequestDispatcher("/login");
             dispatcher.forward(request, response);
             return false;
         }
         
+        //非管理员用户直接注销
+        if (!((BasicAuthentication) WebContext.getAuthentication().getPrincipal()).isRoleAdministrators()) {
+            _logger.debug("Not ADMINISTRATORS Authentication .");
+            RequestDispatcher dispatcher = request.getRequestDispatcher("/logout");
+            dispatcher.forward(request, response);
+            return false;
+        }
 		
 		boolean hasAccess=true;
 		

maxkey-web-manage/src/main/resources/templates/views/groupapp/groupAppsList.ftl

@@ -11,6 +11,10 @@
    	
 	$(function () {
 		$("#addGroupAppsBtn").on("click",function(){
+			if($("#groupId").val()==""){
+				$.alert({content:$.platform.messages.select.alertText});	
+				return;
+			}
 			var settings={
 					url		:	"<@base/>/groupPrivileges/addGroupAppsList/"+$("#groupId").val(),//window url
 					title	:	"New",//title

maxkey-web-manage/src/main/resources/templates/views/groupuser/groupUsersList.ftl

@@ -12,6 +12,10 @@
 	
 	$(function () {
 		$("#insertGroupUserBtn").on("click",function(){	
+			if($("#groupId").val()==""){
+				$.alert({content:$.platform.messages.select.alertText});	
+				return;
+			}
 			var settings={
 							url		:	"<@base/>/groupMember/addGroupAppsList/"+$("#groupId").val(),//window url
 							title	:	"New",//title

maxkey-web-manage/src/main/resources/templates/views/resources/resourceAdd.ftl

@@ -15,6 +15,14 @@ $(function () {
     $("#appId").val($.cookie("select_app_id"));
     $("#parentId").val($.cookie("select_res_id"));
     $("#parentName").val($.cookie("select_res_name"));
+    
+    if($("#parentId").val()==""){
+		$.alert({
+			content:$.platform.messages.select.alertText,
+			callback:function (){$.closeWindow();}
+		});	
+		
+	}
 });
 </script>
 </head>

maxkey-web-manage/src/main/resources/templates/views/roleusers/roleUsersList.ftl

@@ -12,6 +12,10 @@
 	
 	$(function () {
 		$("#insertGroupUserBtn").on("click",function(){		
+			if($("#roleId").val()==""){
+				$.alert({content:$.platform.messages.select.alertText});	
+				return;
+			}
 			var settings={
 							url		:	"<@base/>/rolemembers/addRoleAppsList/"+$("#roleId").val(),//window url
 							title	:	"New",//title

maxkey-web-manage/src/main/resources/templates/views/userinfo/userAdd.ftl

@@ -52,6 +52,7 @@
 		<td style="width:15%;"><@locale code="userinfo.username" />：</td>
 		<td style="width:35%;">
 			<input type="hidden" id="id" name="id" value=""/>
+			<input type="hidden" id="status" name="status" value="1"/>
 			<input  class="form-control"  type="text" required="" id="username" name="username"  title="" value=""/>
 		</td>
 		<td style="width:15%;"><@locale code="login.text.password" />：</td>

maxkey-web-manage/src/main/resources/templates/views/userinfo/usersList.ftl

@@ -137,6 +137,10 @@ $(function () {
 	    	);//end tree
 	    	
 	$("#changepwdBtn").on("click",function(){
+	 	if($.dataGridSelRowsData("#datagrid")[0]==null){
+			$.alert({content:$.platform.messages.select.alertText});
+			return;
+		}	
 		$("#changepwdBtnHidden").attr("wurl","<@base/>/userinfo/forwardChangePassword/"+$.dataGridSelRowsData("#datagrid")[0].id);
 		$("#changepwdBtnHidden").click();	
 	});

maxkey-web-maxkey/src/main/resources/templates/views/layout/top.ftl

@@ -40,12 +40,13 @@
 									<div  style="float:right;" >&nbsp;&nbsp;<@locale code="login.password.changepassword"/>&nbsp;&nbsp;</div>
 								</a>
 							</td>
+							<#if  Session["current_authentication"].principal.roleAdministrators==true >
 							<td id="manage" nowrap>
 								<a target="_blank"  href="<@base/>/authz/maxkey_mgt">
 									<div  style="float:right;" >&nbsp;&nbsp;<@locale code="global.text.manage"/>&nbsp;&nbsp;</div>
 								</a>
 							</td>
-				
+							</#if>
 							<td id="logout" class="ui-widget-header" >
 								<a  href="<@base/>/logout?reLoginUrl=login">
 									<div  style="float:right;" >&nbsp;&nbsp;<@locale code="global.text.logout"/>&nbsp;&nbsp;</div>