mirror of
https://gitee.com/dromara/MaxKey.git
synced 2025-12-07 09:28:49 +08:00
AuthorizationUtils
This commit is contained in:
MaxKey
parent
9221064088
commit
10b964ad79
@ -101,14 +101,12 @@ public abstract class AbstractAuthenticationProvider {
|
||||
* @return
|
||||
*/
|
||||
public UsernamePasswordAuthenticationToken createOnlineTicket(LoginCredential credential,UserInfo userInfo) {
|
||||
//Online Tickit
|
||||
Session onlineTicket = new Session();
|
||||
//create session
|
||||
Session session = new Session();
|
||||
|
||||
//set session with principal
|
||||
SignPrincipal principal = new SignPrincipal(userInfo,session);
|
||||
|
||||
userInfo.setOnlineTicket(onlineTicket.getId());
|
||||
|
||||
SigninPrincipal principal = new SigninPrincipal(userInfo);
|
||||
//set OnlineTicket
|
||||
principal.setSession(onlineTicket);
|
||||
ArrayList<GrantedAuthority> grantedAuthoritys = authenticationRealm.grantAuthority(userInfo);
|
||||
principal.setAuthenticated(true);
|
||||
|
||||
@ -132,15 +130,15 @@ public abstract class AbstractAuthenticationProvider {
|
||||
authenticationToken.setDetails(
|
||||
new WebAuthenticationDetails(WebContext.getRequest()));
|
||||
|
||||
onlineTicket.setAuthentication(authenticationToken);
|
||||
|
||||
//store session
|
||||
this.sessionService.store(onlineTicket.getId(), onlineTicket);
|
||||
|
||||
/*
|
||||
* put Authentication to current session context
|
||||
*/
|
||||
AuthorizationUtils.setAuthentication(authenticationToken);
|
||||
session.setAuthentication(authenticationToken);
|
||||
|
||||
//store session
|
||||
this.sessionService.store(session.getId(), session);
|
||||
|
||||
AuthorizationUtils.setSession(session);
|
||||
|
||||
return authenticationToken;
|
||||
}
|
||||
|
||||
@ -1,5 +1,5 @@
|
||||
/*
|
||||
* Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
|
||||
* Copyright [2022] [MaxKey of copyright http://www.maxkey.top]
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
@ -26,7 +26,7 @@ import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
|
||||
|
||||
public class SigninPrincipal implements UserDetails {
|
||||
public class SignPrincipal implements UserDetails {
|
||||
private static final long serialVersionUID = -110742975439268030L;
|
||||
UserInfo userInfo;
|
||||
|
||||
@ -49,13 +49,13 @@ public class SigninPrincipal implements UserDetails {
|
||||
/**
|
||||
* SigninPrincipal.
|
||||
*/
|
||||
public SigninPrincipal() {
|
||||
public SignPrincipal() {
|
||||
}
|
||||
|
||||
/**
|
||||
* SigninPrincipal.
|
||||
* SignPrincipal.
|
||||
*/
|
||||
public SigninPrincipal(UserInfo userInfo) {
|
||||
public SignPrincipal(UserInfo userInfo) {
|
||||
this.userInfo = userInfo;
|
||||
this.authenticated = true;
|
||||
this.accountNonExpired = true;
|
||||
@ -64,10 +64,21 @@ public class SigninPrincipal implements UserDetails {
|
||||
this.enabled = true;
|
||||
}
|
||||
|
||||
public SignPrincipal(UserInfo userInfo,Session session) {
|
||||
this.userInfo = userInfo;
|
||||
this.authenticated = true;
|
||||
this.accountNonExpired = true;
|
||||
this.accountNonLocked = true;
|
||||
this.credentialsNonExpired =true;
|
||||
this.enabled = true;
|
||||
this.session = session;
|
||||
this.userInfo.setSessionId(session.getId());
|
||||
}
|
||||
|
||||
/**
|
||||
* SigninPrincipal.
|
||||
*/
|
||||
public SigninPrincipal(UserDetails userDetails) {
|
||||
public SignPrincipal(UserDetails userDetails) {
|
||||
this.userDetails = userDetails;
|
||||
this.authenticated = true;
|
||||
}
|
||||
@ -21,7 +21,7 @@ import java.io.Serializable;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
import org.maxkey.authn.SigninPrincipal;
|
||||
import org.maxkey.authn.SignPrincipal;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
|
||||
@ -57,7 +57,7 @@ public class AuthJwt implements Serializable {
|
||||
}
|
||||
|
||||
public AuthJwt(String token, Authentication authentication) {
|
||||
SigninPrincipal principal = ((SigninPrincipal)authentication.getPrincipal());
|
||||
SignPrincipal principal = ((SignPrincipal)authentication.getPrincipal());
|
||||
|
||||
this.token = token;
|
||||
this.ticket = principal.getSession().getId();
|
||||
|
||||
@ -22,7 +22,7 @@ import java.util.Date;
|
||||
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.joda.time.DateTime;
|
||||
import org.maxkey.authn.SigninPrincipal;
|
||||
import org.maxkey.authn.SignPrincipal;
|
||||
import org.maxkey.configuration.AuthJwkConfig;
|
||||
import org.maxkey.crypto.jwt.HMAC512Service;
|
||||
import org.maxkey.entity.UserInfo;
|
||||
@ -86,7 +86,7 @@ public class AuthJwtService {
|
||||
* @return
|
||||
*/
|
||||
public String genJwt(Authentication authentication) {
|
||||
SigninPrincipal principal = ((SigninPrincipal)authentication.getPrincipal());
|
||||
SignPrincipal principal = ((SignPrincipal)authentication.getPrincipal());
|
||||
UserInfo userInfo = principal.getUserInfo();
|
||||
DateTime currentDateTime = DateTime.now();
|
||||
Date expirationTime = currentDateTime.plusSeconds(authJwkConfig.getExpires()).toDate();
|
||||
|
||||
@ -21,7 +21,7 @@ import java.util.ArrayList;
|
||||
import java.util.Date;
|
||||
import java.util.List;
|
||||
|
||||
import org.maxkey.authn.SigninPrincipal;
|
||||
import org.maxkey.authn.SignPrincipal;
|
||||
import org.maxkey.authn.realm.ldap.LdapAuthenticationRealmService;
|
||||
import org.maxkey.entity.Groups;
|
||||
import org.maxkey.entity.HistoryLogin;
|
||||
@ -124,9 +124,9 @@ public abstract class AbstractAuthenticationRealm {
|
||||
historyLogin.setSessionId(WebContext.genId());
|
||||
historyLogin.setSessionStatus(7);
|
||||
Authentication authentication = (Authentication ) WebContext.getAttribute(WebConstants.AUTHENTICATION);
|
||||
if(authentication.getPrincipal() instanceof SigninPrincipal) {
|
||||
if(authentication.getPrincipal() instanceof SignPrincipal) {
|
||||
historyLogin.setSessionStatus(1);
|
||||
historyLogin.setSessionId(userInfo.getOnlineTicket());
|
||||
historyLogin.setSessionId(userInfo.getSessionId());
|
||||
}
|
||||
|
||||
_logger.debug("user session id is {} . ",historyLogin.getSessionId());
|
||||
|
||||
@ -22,7 +22,7 @@ import java.text.ParseException;
|
||||
import javax.servlet.http.Cookie;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
import org.maxkey.authn.SigninPrincipal;
|
||||
import org.maxkey.authn.SignPrincipal;
|
||||
import org.maxkey.authn.jwt.AuthJwtService;
|
||||
import org.maxkey.authn.session.Session;
|
||||
import org.maxkey.authn.session.SessionService;
|
||||
@ -44,7 +44,7 @@ public class AuthorizationUtils {
|
||||
AuthJwtService authJwtService,
|
||||
SessionService sessionService
|
||||
) throws ParseException{
|
||||
if(getAuthentication() == null) {
|
||||
if(getSession() == null) {
|
||||
Cookie authCookie = WebContext.getCookie(request, Authorization_Cookie);
|
||||
if(authCookie != null ) {
|
||||
String authorization = authCookie.getValue();
|
||||
@ -59,7 +59,7 @@ public class AuthorizationUtils {
|
||||
AuthJwtService authJwtService,
|
||||
SessionService sessionService
|
||||
) throws ParseException{
|
||||
if(getAuthentication() == null) {
|
||||
if(getSession() == null) {
|
||||
String authorization = AuthorizationHeaderUtils.resolveBearer(request);
|
||||
if(authorization != null ) {
|
||||
doJwtAuthenticate(authorization,authJwtService,sessionService);
|
||||
@ -73,48 +73,63 @@ public class AuthorizationUtils {
|
||||
AuthJwtService authJwtService,
|
||||
SessionService sessionService) throws ParseException {
|
||||
if(authJwtService.validateJwtToken(authorization)) {
|
||||
String ticket = authJwtService.resolveJWTID(authorization);
|
||||
Session onlineTicket = sessionService.get(ticket);
|
||||
if(onlineTicket != null) {
|
||||
setAuthentication(onlineTicket.getAuthentication());
|
||||
String sessionId = authJwtService.resolveJWTID(authorization);
|
||||
Session session = sessionService.get(sessionId);
|
||||
if(session != null) {
|
||||
setSession(session);
|
||||
setAuthentication(session.getAuthentication());
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
public static void setAuthentication(Authentication authentication) {
|
||||
WebContext.setAttribute(WebConstants.AUTHENTICATION, authentication);
|
||||
public static void setSession(Session session) {
|
||||
WebContext.setAttribute(WebConstants.SESSION, session);
|
||||
}
|
||||
|
||||
public static Session getSession() {
|
||||
Session session = getSession(WebContext.getRequest());
|
||||
return session;
|
||||
}
|
||||
|
||||
public static Session getSession(HttpServletRequest request) {
|
||||
Session session = (Session) request.getSession().getAttribute(WebConstants.SESSION);
|
||||
return session;
|
||||
}
|
||||
|
||||
public static Authentication getAuthentication() {
|
||||
Authentication authentication = (Authentication) getAuthentication(WebContext.getRequest());
|
||||
Authentication authentication = (Authentication) getAuthentication(WebContext.getRequest());
|
||||
return authentication;
|
||||
}
|
||||
|
||||
public static Authentication getAuthentication(HttpServletRequest request) {
|
||||
Authentication authentication = (Authentication) request.getSession().getAttribute(WebConstants.AUTHENTICATION);
|
||||
Authentication authentication = (Authentication) request.getSession().getAttribute(WebConstants.AUTHENTICATION);
|
||||
return authentication;
|
||||
}
|
||||
|
||||
public static void setAuthentication(Authentication authentication) {
|
||||
WebContext.setAttribute(WebConstants.AUTHENTICATION, authentication);
|
||||
}
|
||||
|
||||
public static boolean isAuthenticated() {
|
||||
return getAuthentication() != null;
|
||||
return getSession() != null;
|
||||
}
|
||||
|
||||
public static boolean isNotAuthenticated() {
|
||||
return ! isAuthenticated();
|
||||
}
|
||||
|
||||
public static SigninPrincipal getPrincipal() {
|
||||
public static SignPrincipal getPrincipal() {
|
||||
Authentication authentication = getAuthentication();
|
||||
return getPrincipal(authentication);
|
||||
}
|
||||
|
||||
public static SigninPrincipal getPrincipal(Authentication authentication) {
|
||||
return authentication == null ? null : (SigninPrincipal) authentication.getPrincipal();
|
||||
public static SignPrincipal getPrincipal(Authentication authentication) {
|
||||
return authentication == null ? null : (SignPrincipal) authentication.getPrincipal();
|
||||
}
|
||||
|
||||
public static UserInfo getUserInfo(Authentication authentication) {
|
||||
UserInfo userInfo = null;
|
||||
SigninPrincipal principal = getPrincipal(authentication);
|
||||
SignPrincipal principal = getPrincipal(authentication);
|
||||
if(principal != null ) {
|
||||
userInfo = principal.getUserInfo();
|
||||
}
|
||||
|
||||
@ -22,7 +22,7 @@ import javax.servlet.http.HttpSession;
|
||||
import javax.servlet.http.HttpSessionEvent;
|
||||
import javax.servlet.http.HttpSessionListener;
|
||||
|
||||
import org.maxkey.authn.SigninPrincipal;
|
||||
import org.maxkey.authn.SignPrincipal;
|
||||
import org.maxkey.util.DateUtils;
|
||||
import org.maxkey.web.WebConstants;
|
||||
import org.slf4j.Logger;
|
||||
@ -53,7 +53,7 @@ public class SessionListenerAdapter implements HttpSessionListener {
|
||||
public void sessionDestroyed(HttpSessionEvent sessionEvent) {
|
||||
HttpSession session = sessionEvent.getSession();
|
||||
Authentication authentication = (Authentication ) session.getAttribute(WebConstants.AUTHENTICATION);
|
||||
SigninPrincipal principal = AuthorizationUtils.getPrincipal(authentication);
|
||||
SignPrincipal principal = AuthorizationUtils.getPrincipal(authentication);
|
||||
if(principal != null ) {
|
||||
_logger.trace("{} HttpSession Id {} for userId {} , username {} @Ticket {} Destroyed" ,
|
||||
DateUtils.formatDateTime(new Date()),
|
||||
|
||||
@ -21,7 +21,7 @@ import javax.servlet.RequestDispatcher;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.maxkey.authn.SigninPrincipal;
|
||||
import org.maxkey.authn.SignPrincipal;
|
||||
import org.maxkey.authn.jwt.AuthJwtService;
|
||||
import org.maxkey.authn.session.SessionService;
|
||||
import org.maxkey.authn.web.AuthorizationUtils;
|
||||
@ -60,7 +60,7 @@ public class PermissionInterceptor implements AsyncHandlerInterceptor {
|
||||
public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
|
||||
_logger.trace("Permission Interceptor .");
|
||||
AuthorizationUtils.authenticate(request, authJwtService, sessionService);
|
||||
SigninPrincipal principal = AuthorizationUtils.getPrincipal();
|
||||
SignPrincipal principal = AuthorizationUtils.getPrincipal();
|
||||
//判断用户是否登录,判断用户是否登录用户
|
||||
if(principal == null){
|
||||
_logger.trace("No Authentication ... forward to /auth/entrypoint");
|
||||
|
||||
@ -46,7 +46,7 @@ public class UserInfo extends JpaBaseEntity {
|
||||
|
||||
public static final String DEFAULT_PASSWORD_SUFFIX = "MaxKey@888";
|
||||
|
||||
String onlineTicket;
|
||||
String sessionId;
|
||||
|
||||
//
|
||||
@Id
|
||||
@ -384,12 +384,12 @@ public class UserInfo extends JpaBaseEntity {
|
||||
this.id = id;
|
||||
}
|
||||
|
||||
public String getOnlineTicket() {
|
||||
return onlineTicket;
|
||||
public String getSessionId() {
|
||||
return sessionId;
|
||||
}
|
||||
|
||||
public void setOnlineTicket(String onlineTicket) {
|
||||
this.onlineTicket = onlineTicket;
|
||||
public void setSessionId(String sessionId) {
|
||||
this.sessionId = sessionId;
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@ -81,6 +81,8 @@ public class WebConstants {
|
||||
|
||||
public static final String AUTHENTICATION = "current_authentication";
|
||||
|
||||
public static final String SESSION = "current_session";
|
||||
|
||||
public static final String THEME_COOKIE_NAME = "mxk_theme_value";
|
||||
|
||||
public static final String LOGIN_ERROR_SESSION_MESSAGE
|
||||
|
||||
@ -20,7 +20,7 @@ package org.maxkey.authz.endpoint.adapter;
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import org.apache.commons.codec.binary.Hex;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.maxkey.authn.SigninPrincipal;
|
||||
import org.maxkey.authn.SignPrincipal;
|
||||
import org.maxkey.constants.ConstsBoolean;
|
||||
import org.maxkey.crypto.Base64Utils;
|
||||
import org.maxkey.crypto.ReciprocalUtils;
|
||||
@ -44,7 +44,7 @@ public abstract class AbstractAuthorizeAdapter {
|
||||
|
||||
protected Accounts account;
|
||||
|
||||
protected SigninPrincipal principal;
|
||||
protected SignPrincipal principal;
|
||||
|
||||
public abstract Object generateInfo();
|
||||
|
||||
@ -127,7 +127,7 @@ public abstract class AbstractAuthorizeAdapter {
|
||||
return "";
|
||||
};
|
||||
|
||||
public void setPrincipal(SigninPrincipal principal) {
|
||||
public void setPrincipal(SignPrincipal principal) {
|
||||
this.principal = principal;
|
||||
this.userInfo = principal.getUserInfo();
|
||||
}
|
||||
|
||||
@ -20,7 +20,7 @@ package org.maxkey.authz.singlelogout;
|
||||
import java.util.HashMap;
|
||||
import java.util.UUID;
|
||||
|
||||
import org.maxkey.authn.SigninPrincipal;
|
||||
import org.maxkey.authn.SignPrincipal;
|
||||
import org.maxkey.entity.apps.Apps;
|
||||
import org.maxkey.util.DateUtils;
|
||||
import org.springframework.security.core.Authentication;
|
||||
@ -34,7 +34,7 @@ public class DefaultSingleLogout extends SingleLogout{
|
||||
logoutParameters.put("principal", authentication.getName());
|
||||
logoutParameters.put("request", "logoutRequest");
|
||||
logoutParameters.put("issueInstant", DateUtils.getCurrentDateAsString(DateUtils.FORMAT_DATE_ISO_TIMESTAMP));
|
||||
logoutParameters.put("ticket", ((SigninPrincipal)authentication.getPrincipal()).getSession().getFormattedId());
|
||||
logoutParameters.put("ticket", ((SignPrincipal)authentication.getPrincipal()).getSession().getFormattedId());
|
||||
postMessage(logoutApp.getLogoutUrl(),logoutParameters);
|
||||
|
||||
}
|
||||
|
||||
@ -23,7 +23,7 @@ package org.maxkey.authz.cas.endpoint;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.maxkey.authn.SigninPrincipal;
|
||||
import org.maxkey.authn.SignPrincipal;
|
||||
import org.maxkey.authz.cas.endpoint.response.Service10ResponseBuilder;
|
||||
import org.maxkey.authz.cas.endpoint.ticket.CasConstants;
|
||||
import org.maxkey.authz.cas.endpoint.ticket.Ticket;
|
||||
@ -105,7 +105,7 @@ renew [OPTIONAL] - if this parameter is set, ticket validation will only succeed
|
||||
}
|
||||
|
||||
if(storedTicket != null){
|
||||
String principal=((SigninPrincipal)storedTicket.getAuthentication().getPrincipal()).getUsername();
|
||||
String principal=((SignPrincipal)storedTicket.getAuthentication().getPrincipal()).getUsername();
|
||||
_logger.debug("principal "+principal);
|
||||
return new Service10ResponseBuilder().success()
|
||||
.setUser(principal)
|
||||
|
||||
@ -26,7 +26,7 @@ import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.apache.commons.beanutils.BeanUtils;
|
||||
import org.maxkey.authn.SigninPrincipal;
|
||||
import org.maxkey.authn.SignPrincipal;
|
||||
import org.maxkey.authz.cas.endpoint.response.ProxyServiceResponseBuilder;
|
||||
import org.maxkey.authz.cas.endpoint.response.ServiceResponseBuilder;
|
||||
import org.maxkey.authz.cas.endpoint.ticket.CasConstants;
|
||||
@ -204,7 +204,7 @@ For all error codes, it is RECOMMENDED that CAS provide a more detailed message
|
||||
ServiceResponseBuilder serviceResponseBuilder=new ServiceResponseBuilder();
|
||||
|
||||
if(storedTicket!=null){
|
||||
SigninPrincipal authentication = ((SigninPrincipal)storedTicket.getAuthentication().getPrincipal());
|
||||
SignPrincipal authentication = ((SignPrincipal)storedTicket.getAuthentication().getPrincipal());
|
||||
if(StringUtils.isNotBlank(pgtUrl)) {
|
||||
ProxyGrantingTicketIOUImpl proxyGrantingTicketIOUImpl =new ProxyGrantingTicketIOUImpl();
|
||||
String proxyGrantingTicketIOU=casProxyGrantingTicketServices.createTicket(proxyGrantingTicketIOUImpl);
|
||||
@ -332,7 +332,7 @@ Response on ticket validation failure:
|
||||
ServiceResponseBuilder serviceResponseBuilder=new ServiceResponseBuilder();
|
||||
|
||||
if(storedTicket!=null){
|
||||
SigninPrincipal authentication = ((SigninPrincipal)storedTicket.getAuthentication().getPrincipal());
|
||||
SignPrincipal authentication = ((SignPrincipal)storedTicket.getAuthentication().getPrincipal());
|
||||
if(ConstsBoolean.isTrue(storedTicket.getCasDetails().getIsAdapter())){
|
||||
Object samlAdapter = Instance.newInstance(storedTicket.getCasDetails().getAdapter());
|
||||
try {
|
||||
|
||||
@ -26,7 +26,7 @@ import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.apache.commons.beanutils.BeanUtils;
|
||||
import org.maxkey.authn.SigninPrincipal;
|
||||
import org.maxkey.authn.SignPrincipal;
|
||||
import org.maxkey.authz.cas.endpoint.response.ProxyServiceResponseBuilder;
|
||||
import org.maxkey.authz.cas.endpoint.response.ServiceResponseBuilder;
|
||||
import org.maxkey.authz.cas.endpoint.ticket.CasConstants;
|
||||
@ -86,7 +86,7 @@ public class Cas30AuthorizeEndpoint extends CasBaseAuthorizeEndpoint{
|
||||
ServiceResponseBuilder serviceResponseBuilder=new ServiceResponseBuilder();
|
||||
|
||||
if(storedTicket!=null){
|
||||
SigninPrincipal authentication = ((SigninPrincipal)storedTicket.getAuthentication().getPrincipal());
|
||||
SignPrincipal authentication = ((SignPrincipal)storedTicket.getAuthentication().getPrincipal());
|
||||
if(StringUtils.isNotBlank(pgtUrl)) {
|
||||
ProxyGrantingTicketIOUImpl proxyGrantingTicketIOUImpl =new ProxyGrantingTicketIOUImpl();
|
||||
String proxyGrantingTicketIOU=casProxyGrantingTicketServices.createTicket(proxyGrantingTicketIOUImpl);
|
||||
@ -177,7 +177,7 @@ public class Cas30AuthorizeEndpoint extends CasBaseAuthorizeEndpoint{
|
||||
ServiceResponseBuilder serviceResponseBuilder=new ServiceResponseBuilder();
|
||||
|
||||
if(storedTicket!=null){
|
||||
SigninPrincipal authentication = ((SigninPrincipal)storedTicket.getAuthentication().getPrincipal());
|
||||
SignPrincipal authentication = ((SignPrincipal)storedTicket.getAuthentication().getPrincipal());
|
||||
if(ConstsBoolean.isTrue(storedTicket.getCasDetails().getIsAdapter())){
|
||||
Object samlAdapter = Instance.newInstance(storedTicket.getCasDetails().getAdapter());
|
||||
try {
|
||||
|
||||
@ -15,7 +15,7 @@ package org.maxkey.authz.oauth2.provider;
|
||||
import java.util.ArrayList;
|
||||
|
||||
import org.maxkey.authn.AbstractAuthenticationProvider;
|
||||
import org.maxkey.authn.SigninPrincipal;
|
||||
import org.maxkey.authn.SignPrincipal;
|
||||
import org.maxkey.authn.session.Session;
|
||||
import org.maxkey.entity.UserInfo;
|
||||
import org.maxkey.persistence.repository.LoginRepository;
|
||||
@ -47,7 +47,7 @@ public class OAuth2UserDetailsService implements UserDetailsService {
|
||||
|
||||
String onlineTickitId = WebConstants.ONLINE_TICKET_PREFIX + "-" + java.util.UUID.randomUUID().toString().toLowerCase();
|
||||
|
||||
SigninPrincipal principal = new SigninPrincipal(userInfo);
|
||||
SignPrincipal principal = new SignPrincipal(userInfo);
|
||||
Session onlineTicket = new Session(onlineTickitId);
|
||||
//set OnlineTicket
|
||||
principal.setSession(onlineTicket);
|
||||
|
||||
@ -93,7 +93,7 @@ public class OAuth20AccessConfirmationEndpoint {
|
||||
try {
|
||||
// Map<String, Object> model
|
||||
AuthorizationRequest clientAuth =
|
||||
(AuthorizationRequest) momentaryService.get(currentUser.getOnlineTicket(), "authorizationRequest");
|
||||
(AuthorizationRequest) momentaryService.get(currentUser.getSessionId(), "authorizationRequest");
|
||||
ClientDetails client = clientDetailsService.loadClientByClientId(clientAuth.getClientId(),true);
|
||||
model.put("oauth_approval", WebContext.genId());
|
||||
model.put("auth_request", clientAuth);
|
||||
@ -139,7 +139,7 @@ public class OAuth20AccessConfirmationEndpoint {
|
||||
if(StringUtils.isNotBlank(oauth_approval)) {
|
||||
try {
|
||||
AuthorizationRequest clientAuth =
|
||||
(AuthorizationRequest) momentaryService.get(currentUser.getOnlineTicket(), "authorizationRequest");
|
||||
(AuthorizationRequest) momentaryService.get(currentUser.getSessionId(), "authorizationRequest");
|
||||
ClientDetails client = clientDetailsService.loadClientByClientId(clientAuth.getClientId(),true);
|
||||
|
||||
Apps app = appsService.get(client.getClientId(),true);
|
||||
|
||||
@ -227,7 +227,7 @@ public class AuthorizationEndpoint extends AbstractEndpoint {
|
||||
// Place auth request into the model so that it is stored in the session
|
||||
// for approveOrDeny to use. That way we make sure that auth request comes from the session,
|
||||
// so any auth request parameters passed to approveOrDeny will be ignored and retrieved from the session.
|
||||
momentaryService.put(currentUser.getOnlineTicket(), "authorizationRequest", authorizationRequest);
|
||||
momentaryService.put(currentUser.getSessionId(), "authorizationRequest", authorizationRequest);
|
||||
|
||||
return getUserApprovalPageResponse(model, authorizationRequest, (Authentication) principal);
|
||||
|
||||
@ -255,7 +255,7 @@ public class AuthorizationEndpoint extends AbstractEndpoint {
|
||||
"User must be authenticated with Spring Security before authorizing an access token.");
|
||||
}
|
||||
|
||||
AuthorizationRequest authorizationRequest = (AuthorizationRequest) momentaryService.get(currentUser.getOnlineTicket(), "authorizationRequest");
|
||||
AuthorizationRequest authorizationRequest = (AuthorizationRequest) momentaryService.get(currentUser.getSessionId(), "authorizationRequest");
|
||||
|
||||
if (authorizationRequest == null) {
|
||||
sessionStatus.setComplete();
|
||||
|
||||
@ -22,7 +22,7 @@ import java.util.HashSet;
|
||||
import java.util.Map;
|
||||
import java.util.Set;
|
||||
|
||||
import org.maxkey.authn.SigninPrincipal;
|
||||
import org.maxkey.authn.SignPrincipal;
|
||||
import org.maxkey.authn.web.AuthorizationUtils;
|
||||
import org.maxkey.authz.oauth2.common.DefaultOAuth2AccessToken;
|
||||
import org.maxkey.authz.oauth2.common.OAuth2AccessToken;
|
||||
@ -196,7 +196,7 @@ public class TokenEndpoint extends AbstractEndpoint {
|
||||
clientId = ((OAuth2Authentication) client).getOAuth2Request().getClientId();
|
||||
}
|
||||
if (client instanceof UsernamePasswordAuthenticationToken) {
|
||||
clientId = ((SigninPrincipal)client.getPrincipal()).getUsername();
|
||||
clientId = ((SignPrincipal)client.getPrincipal()).getUsername();
|
||||
}
|
||||
return clientId;
|
||||
}
|
||||
|
||||
@ -31,7 +31,7 @@ import javax.servlet.annotation.WebFilter;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.maxkey.authn.SigninPrincipal;
|
||||
import org.maxkey.authn.SignPrincipal;
|
||||
import org.maxkey.authn.web.AuthorizationUtils;
|
||||
import org.maxkey.authz.oauth2.common.OAuth2Constants;
|
||||
import org.maxkey.authz.oauth2.common.util.OAuth2Utils;
|
||||
@ -145,13 +145,13 @@ public class TokenEndpointAuthenticationFilter implements Filter {
|
||||
}else {
|
||||
Authentication authentication=ClientCredentials(request,response);
|
||||
_logger.trace("getPrincipal " + authentication.getPrincipal().getClass());
|
||||
SigninPrincipal auth = null;
|
||||
if(authentication.getPrincipal() instanceof SigninPrincipal) {
|
||||
SignPrincipal auth = null;
|
||||
if(authentication.getPrincipal() instanceof SignPrincipal) {
|
||||
//authorization_code
|
||||
auth = (SigninPrincipal)authentication.getPrincipal();
|
||||
auth = (SignPrincipal)authentication.getPrincipal();
|
||||
}else {
|
||||
//client_credentials
|
||||
auth =new SigninPrincipal((User)authentication.getPrincipal());
|
||||
auth =new SignPrincipal((User)authentication.getPrincipal());
|
||||
}
|
||||
auth.setAuthenticated(true);
|
||||
UsernamePasswordAuthenticationToken simpleUserAuthentication = new UsernamePasswordAuthenticationToken(auth, authentication.getCredentials(), authentication.getAuthorities());
|
||||
|
||||
@ -25,7 +25,7 @@ import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.apache.commons.beanutils.BeanUtils;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.maxkey.authn.SigninPrincipal;
|
||||
import org.maxkey.authn.SignPrincipal;
|
||||
import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
|
||||
import org.maxkey.authz.oauth2.common.OAuth2Constants;
|
||||
import org.maxkey.authz.oauth2.common.exceptions.OAuth2Exception;
|
||||
@ -114,7 +114,7 @@ public class UserInfoEndpoint {
|
||||
}else{
|
||||
adapter =(AbstractAuthorizeAdapter)new OAuthDefaultUserInfoAdapter(clientDetails);
|
||||
}
|
||||
adapter.setPrincipal((SigninPrincipal)oAuth2Authentication.getUserAuthentication().getPrincipal());
|
||||
adapter.setPrincipal((SignPrincipal)oAuth2Authentication.getUserAuthentication().getPrincipal());
|
||||
adapter.setApp(app);
|
||||
|
||||
Object jsonData = adapter.generateInfo();
|
||||
|
||||
@ -28,7 +28,7 @@ import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.maxkey.authn.SigninPrincipal;
|
||||
import org.maxkey.authn.SignPrincipal;
|
||||
import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
|
||||
import org.maxkey.authz.oauth2.common.OAuth2Constants;
|
||||
import org.maxkey.authz.oauth2.common.exceptions.OAuth2Exception;
|
||||
@ -113,7 +113,7 @@ public class UserInfoOIDCEndpoint {
|
||||
try{
|
||||
oAuth2Authentication = oauth20tokenServices.loadAuthentication(access_token);
|
||||
|
||||
principal=((SigninPrincipal)oAuth2Authentication.getPrincipal()).getUsername();
|
||||
principal=((SignPrincipal)oAuth2Authentication.getPrincipal()).getUsername();
|
||||
|
||||
Set<String >scopes = oAuth2Authentication.getOAuth2Request().getScope();
|
||||
ClientDetails clientDetails =
|
||||
@ -123,7 +123,7 @@ public class UserInfoOIDCEndpoint {
|
||||
String userJson = "";
|
||||
Builder jwtClaimsSetBuilder= new JWTClaimsSet.Builder();
|
||||
|
||||
SigninPrincipal authentication = (SigninPrincipal)oAuth2Authentication.getUserAuthentication().getPrincipal();
|
||||
SignPrincipal authentication = (SignPrincipal)oAuth2Authentication.getUserAuthentication().getPrincipal();
|
||||
|
||||
String subject = AbstractAuthorizeAdapter.getValueByUserAttr(userInfo, clientDetails.getSubject());
|
||||
_logger.debug("userId : {} , username : {} , displayName : {} , subject : {}" ,
|
||||
|
||||
@ -86,7 +86,7 @@ public class LoginSessionController {
|
||||
try {
|
||||
for(String sessionId : StringUtils.string2List(ids, ",")) {
|
||||
_logger.trace("terminate session Id {} ",sessionId);
|
||||
if(currentUser.getOnlineTicket().contains(sessionId)) {
|
||||
if(currentUser.getSessionId().contains(sessionId)) {
|
||||
continue;//skip current session
|
||||
}
|
||||
|
||||
|
||||
@ -54,10 +54,10 @@ public class LogoutEndpoint {
|
||||
@RequestMapping(value={"/logout"}, produces = {MediaType.APPLICATION_JSON_VALUE})
|
||||
public ResponseEntity<?> logout(@CurrentUser UserInfo currentUser){
|
||||
//if logined in have onlineTicket ,need remove or logout back
|
||||
String onlineTicketId = currentUser.getOnlineTicket();
|
||||
Session onlineTicket = sessionService.get(onlineTicketId);
|
||||
if(onlineTicket != null) {
|
||||
Set<Entry<String, Apps>> entrySet = onlineTicket.getAuthorizedApps().entrySet();
|
||||
String sessionId = currentUser.getSessionId();
|
||||
Session session = sessionService.get(sessionId);
|
||||
if(session != null) {
|
||||
Set<Entry<String, Apps>> entrySet = session.getAuthorizedApps().entrySet();
|
||||
|
||||
Iterator<Entry<String, Apps>> iterator = entrySet.iterator();
|
||||
while (iterator.hasNext()) {
|
||||
@ -70,12 +70,12 @@ public class LogoutEndpoint {
|
||||
}else {
|
||||
singleLogout = new DefaultSingleLogout();
|
||||
}
|
||||
singleLogout.sendRequest(onlineTicket.getAuthentication(), mapEntry.getValue());
|
||||
singleLogout.sendRequest(session.getAuthentication(), mapEntry.getValue());
|
||||
}
|
||||
}
|
||||
|
||||
sessionService.terminate(
|
||||
onlineTicketId,
|
||||
session.getId(),
|
||||
currentUser.getId(),
|
||||
currentUser.getUsername());
|
||||
}
|
||||
|
||||
@ -20,7 +20,7 @@ package org.maxkey.web.interceptor;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.maxkey.authn.SigninPrincipal;
|
||||
import org.maxkey.authn.SignPrincipal;
|
||||
import org.maxkey.authn.web.AuthorizationUtils;
|
||||
import org.maxkey.entity.HistoryLoginApps;
|
||||
import org.maxkey.entity.UserInfo;
|
||||
@ -56,7 +56,7 @@ public class HistorySignOnAppInterceptor implements AsyncHandlerInterceptor {
|
||||
throws Exception {
|
||||
_logger.debug("preHandle");
|
||||
final Apps app = (Apps)WebContext.getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP);
|
||||
SigninPrincipal principal = AuthorizationUtils.getPrincipal();
|
||||
SignPrincipal principal = AuthorizationUtils.getPrincipal();
|
||||
if(principal != null && app !=null) {
|
||||
if(principal.getGrantedAuthorityApps().contains(new SimpleGrantedAuthority(app.getId()))) {
|
||||
_logger.trace("preHandle have authority access " + app);
|
||||
@ -81,7 +81,7 @@ public class HistorySignOnAppInterceptor implements AsyncHandlerInterceptor {
|
||||
|
||||
final Apps app = (Apps)WebContext.getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP);
|
||||
|
||||
SigninPrincipal principal = AuthorizationUtils.getPrincipal();
|
||||
SignPrincipal principal = AuthorizationUtils.getPrincipal();
|
||||
if(principal != null && app !=null) {
|
||||
final UserInfo userInfo = principal.getUserInfo();
|
||||
String sessionId = principal.getSession().getId();
|
||||
|
||||
@ -87,7 +87,7 @@ public class LoginSessionController {
|
||||
try {
|
||||
for(String sessionId : StringUtils.string2List(ids, ",")) {
|
||||
_logger.trace("terminate session Id {} ",sessionId);
|
||||
if(currentUser.getOnlineTicket().contains(sessionId)) {
|
||||
if(currentUser.getSessionId().contains(sessionId)) {
|
||||
continue;//skip current session
|
||||
}
|
||||
sessionService.terminate(sessionId,currentUser.getId(),currentUser.getUsername());
|
||||
|
||||
@ -36,7 +36,7 @@ public class LogoutEndpoint {
|
||||
@RequestMapping(value={"/logout"}, produces = {MediaType.APPLICATION_JSON_VALUE})
|
||||
public ResponseEntity<?> logout(@CurrentUser UserInfo currentUser){
|
||||
sessionService.terminate(
|
||||
currentUser.getOnlineTicket(),
|
||||
currentUser.getSessionId(),
|
||||
currentUser.getId(),
|
||||
currentUser.getUsername());
|
||||
return new Message<String>().buildResponse();
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user