From 10b964ad79897f79eb5d7471cdb0e5a24090adf8 Mon Sep 17 00:00:00 2001 From: MaxKey Date: Tue, 26 Apr 2022 21:54:46 +0800 Subject: [PATCH] AuthorizationUtils --- .../authn/AbstractAuthenticationProvider.java | 24 +++++----- ...igninPrincipal.java => SignPrincipal.java} | 23 ++++++--- .../java/org/maxkey/authn/jwt/AuthJwt.java | 4 +- .../org/maxkey/authn/jwt/AuthJwtService.java | 4 +- .../realm/AbstractAuthenticationRealm.java | 6 +-- .../maxkey/authn/web/AuthorizationUtils.java | 47 ++++++++++++------- .../authn/web/SessionListenerAdapter.java | 4 +- .../interceptor/PermissionInterceptor.java | 4 +- .../main/java/org/maxkey/entity/UserInfo.java | 10 ++-- .../java/org/maxkey/web/WebConstants.java | 2 + .../adapter/AbstractAuthorizeAdapter.java | 6 +-- .../singlelogout/DefaultSingleLogout.java | 4 +- .../cas/endpoint/Cas10AuthorizeEndpoint.java | 4 +- .../cas/endpoint/Cas20AuthorizeEndpoint.java | 6 +-- .../cas/endpoint/Cas30AuthorizeEndpoint.java | 6 +-- .../provider/OAuth2UserDetailsService.java | 4 +- .../OAuth20AccessConfirmationEndpoint.java | 4 +- .../endpoint/AuthorizationEndpoint.java | 4 +- .../provider/endpoint/TokenEndpoint.java | 4 +- .../TokenEndpointAuthenticationFilter.java | 10 ++-- .../userinfo/endpoint/UserInfoEndpoint.java | 4 +- .../endpoint/UserInfoOIDCEndpoint.java | 6 +-- .../contorller/LoginSessionController.java | 2 +- .../maxkey/web/contorller/LogoutEndpoint.java | 12 ++--- .../HistorySignOnAppInterceptor.java | 6 +-- .../contorller/LoginSessionController.java | 2 +- .../maxkey/web/contorller/LogoutEndpoint.java | 2 +- 27 files changed, 120 insertions(+), 94 deletions(-) rename maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/{SigninPrincipal.java => SignPrincipal.java} (88%) diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java index c75e8b0a3..584fe3189 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java @@ -101,14 +101,12 @@ public abstract class AbstractAuthenticationProvider { * @return */ public UsernamePasswordAuthenticationToken createOnlineTicket(LoginCredential credential,UserInfo userInfo) { - //Online Tickit - Session onlineTicket = new Session(); + //create session + Session session = new Session(); + + //set session with principal + SignPrincipal principal = new SignPrincipal(userInfo,session); - userInfo.setOnlineTicket(onlineTicket.getId()); - - SigninPrincipal principal = new SigninPrincipal(userInfo); - //set OnlineTicket - principal.setSession(onlineTicket); ArrayList grantedAuthoritys = authenticationRealm.grantAuthority(userInfo); principal.setAuthenticated(true); @@ -132,15 +130,15 @@ public abstract class AbstractAuthenticationProvider { authenticationToken.setDetails( new WebAuthenticationDetails(WebContext.getRequest())); - onlineTicket.setAuthentication(authenticationToken); - - //store session - this.sessionService.store(onlineTicket.getId(), onlineTicket); - /* * put Authentication to current session context */ - AuthorizationUtils.setAuthentication(authenticationToken); + session.setAuthentication(authenticationToken); + + //store session + this.sessionService.store(session.getId(), session); + + AuthorizationUtils.setSession(session); return authenticationToken; } diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/SigninPrincipal.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/SignPrincipal.java similarity index 88% rename from maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/SigninPrincipal.java rename to maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/SignPrincipal.java index 81e24bfe8..38abddae0 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/SigninPrincipal.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/SignPrincipal.java @@ -1,5 +1,5 @@ /* - * Copyright [2020] [MaxKey of copyright http://www.maxkey.top] + * Copyright [2022] [MaxKey of copyright http://www.maxkey.top] * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -26,7 +26,7 @@ import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.userdetails.UserDetails; -public class SigninPrincipal implements UserDetails { +public class SignPrincipal implements UserDetails { private static final long serialVersionUID = -110742975439268030L; UserInfo userInfo; @@ -49,13 +49,13 @@ public class SigninPrincipal implements UserDetails { /** * SigninPrincipal. */ - public SigninPrincipal() { + public SignPrincipal() { } /** - * SigninPrincipal. + * SignPrincipal. */ - public SigninPrincipal(UserInfo userInfo) { + public SignPrincipal(UserInfo userInfo) { this.userInfo = userInfo; this.authenticated = true; this.accountNonExpired = true; @@ -64,10 +64,21 @@ public class SigninPrincipal implements UserDetails { this.enabled = true; } + public SignPrincipal(UserInfo userInfo,Session session) { + this.userInfo = userInfo; + this.authenticated = true; + this.accountNonExpired = true; + this.accountNonLocked = true; + this.credentialsNonExpired =true; + this.enabled = true; + this.session = session; + this.userInfo.setSessionId(session.getId()); + } + /** * SigninPrincipal. */ - public SigninPrincipal(UserDetails userDetails) { + public SignPrincipal(UserDetails userDetails) { this.userDetails = userDetails; this.authenticated = true; } diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/jwt/AuthJwt.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/jwt/AuthJwt.java index c2fb5781b..e34741a37 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/jwt/AuthJwt.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/jwt/AuthJwt.java @@ -21,7 +21,7 @@ import java.io.Serializable; import java.util.ArrayList; import java.util.List; -import org.maxkey.authn.SigninPrincipal; +import org.maxkey.authn.SignPrincipal; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; @@ -57,7 +57,7 @@ public class AuthJwt implements Serializable { } public AuthJwt(String token, Authentication authentication) { - SigninPrincipal principal = ((SigninPrincipal)authentication.getPrincipal()); + SignPrincipal principal = ((SignPrincipal)authentication.getPrincipal()); this.token = token; this.ticket = principal.getSession().getId(); diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/jwt/AuthJwtService.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/jwt/AuthJwtService.java index bc3bbfc81..f4b2c520d 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/jwt/AuthJwtService.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/jwt/AuthJwtService.java @@ -22,7 +22,7 @@ import java.util.Date; import org.apache.commons.lang3.StringUtils; import org.joda.time.DateTime; -import org.maxkey.authn.SigninPrincipal; +import org.maxkey.authn.SignPrincipal; import org.maxkey.configuration.AuthJwkConfig; import org.maxkey.crypto.jwt.HMAC512Service; import org.maxkey.entity.UserInfo; @@ -86,7 +86,7 @@ public class AuthJwtService { * @return */ public String genJwt(Authentication authentication) { - SigninPrincipal principal = ((SigninPrincipal)authentication.getPrincipal()); + SignPrincipal principal = ((SignPrincipal)authentication.getPrincipal()); UserInfo userInfo = principal.getUserInfo(); DateTime currentDateTime = DateTime.now(); Date expirationTime = currentDateTime.plusSeconds(authJwkConfig.getExpires()).toDate(); diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/AbstractAuthenticationRealm.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/AbstractAuthenticationRealm.java index e574ea26e..f1f904396 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/AbstractAuthenticationRealm.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/AbstractAuthenticationRealm.java @@ -21,7 +21,7 @@ import java.util.ArrayList; import java.util.Date; import java.util.List; -import org.maxkey.authn.SigninPrincipal; +import org.maxkey.authn.SignPrincipal; import org.maxkey.authn.realm.ldap.LdapAuthenticationRealmService; import org.maxkey.entity.Groups; import org.maxkey.entity.HistoryLogin; @@ -124,9 +124,9 @@ public abstract class AbstractAuthenticationRealm { historyLogin.setSessionId(WebContext.genId()); historyLogin.setSessionStatus(7); Authentication authentication = (Authentication ) WebContext.getAttribute(WebConstants.AUTHENTICATION); - if(authentication.getPrincipal() instanceof SigninPrincipal) { + if(authentication.getPrincipal() instanceof SignPrincipal) { historyLogin.setSessionStatus(1); - historyLogin.setSessionId(userInfo.getOnlineTicket()); + historyLogin.setSessionId(userInfo.getSessionId()); } _logger.debug("user session id is {} . ",historyLogin.getSessionId()); diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/AuthorizationUtils.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/AuthorizationUtils.java index 5d6889a20..f1f1a6ce1 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/AuthorizationUtils.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/AuthorizationUtils.java @@ -22,7 +22,7 @@ import java.text.ParseException; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; -import org.maxkey.authn.SigninPrincipal; +import org.maxkey.authn.SignPrincipal; import org.maxkey.authn.jwt.AuthJwtService; import org.maxkey.authn.session.Session; import org.maxkey.authn.session.SessionService; @@ -44,7 +44,7 @@ public class AuthorizationUtils { AuthJwtService authJwtService, SessionService sessionService ) throws ParseException{ - if(getAuthentication() == null) { + if(getSession() == null) { Cookie authCookie = WebContext.getCookie(request, Authorization_Cookie); if(authCookie != null ) { String authorization = authCookie.getValue(); @@ -59,7 +59,7 @@ public class AuthorizationUtils { AuthJwtService authJwtService, SessionService sessionService ) throws ParseException{ - if(getAuthentication() == null) { + if(getSession() == null) { String authorization = AuthorizationHeaderUtils.resolveBearer(request); if(authorization != null ) { doJwtAuthenticate(authorization,authJwtService,sessionService); @@ -73,48 +73,63 @@ public class AuthorizationUtils { AuthJwtService authJwtService, SessionService sessionService) throws ParseException { if(authJwtService.validateJwtToken(authorization)) { - String ticket = authJwtService.resolveJWTID(authorization); - Session onlineTicket = sessionService.get(ticket); - if(onlineTicket != null) { - setAuthentication(onlineTicket.getAuthentication()); + String sessionId = authJwtService.resolveJWTID(authorization); + Session session = sessionService.get(sessionId); + if(session != null) { + setSession(session); + setAuthentication(session.getAuthentication()); } } } - public static void setAuthentication(Authentication authentication) { - WebContext.setAttribute(WebConstants.AUTHENTICATION, authentication); + public static void setSession(Session session) { + WebContext.setAttribute(WebConstants.SESSION, session); + } + + public static Session getSession() { + Session session = getSession(WebContext.getRequest()); + return session; + } + + public static Session getSession(HttpServletRequest request) { + Session session = (Session) request.getSession().getAttribute(WebConstants.SESSION); + return session; } public static Authentication getAuthentication() { - Authentication authentication = (Authentication) getAuthentication(WebContext.getRequest()); + Authentication authentication = (Authentication) getAuthentication(WebContext.getRequest()); return authentication; } public static Authentication getAuthentication(HttpServletRequest request) { - Authentication authentication = (Authentication) request.getSession().getAttribute(WebConstants.AUTHENTICATION); + Authentication authentication = (Authentication) request.getSession().getAttribute(WebConstants.AUTHENTICATION); return authentication; } + public static void setAuthentication(Authentication authentication) { + WebContext.setAttribute(WebConstants.AUTHENTICATION, authentication); + } + public static boolean isAuthenticated() { - return getAuthentication() != null; + return getSession() != null; } public static boolean isNotAuthenticated() { return ! isAuthenticated(); } - public static SigninPrincipal getPrincipal() { + public static SignPrincipal getPrincipal() { Authentication authentication = getAuthentication(); return getPrincipal(authentication); } - public static SigninPrincipal getPrincipal(Authentication authentication) { - return authentication == null ? null : (SigninPrincipal) authentication.getPrincipal(); + public static SignPrincipal getPrincipal(Authentication authentication) { + return authentication == null ? null : (SignPrincipal) authentication.getPrincipal(); } public static UserInfo getUserInfo(Authentication authentication) { UserInfo userInfo = null; - SigninPrincipal principal = getPrincipal(authentication); + SignPrincipal principal = getPrincipal(authentication); if(principal != null ) { userInfo = principal.getUserInfo(); } diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/SessionListenerAdapter.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/SessionListenerAdapter.java index 2ed373381..577c11577 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/SessionListenerAdapter.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/SessionListenerAdapter.java @@ -22,7 +22,7 @@ import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSessionEvent; import javax.servlet.http.HttpSessionListener; -import org.maxkey.authn.SigninPrincipal; +import org.maxkey.authn.SignPrincipal; import org.maxkey.util.DateUtils; import org.maxkey.web.WebConstants; import org.slf4j.Logger; @@ -53,7 +53,7 @@ public class SessionListenerAdapter implements HttpSessionListener { public void sessionDestroyed(HttpSessionEvent sessionEvent) { HttpSession session = sessionEvent.getSession(); Authentication authentication = (Authentication ) session.getAttribute(WebConstants.AUTHENTICATION); - SigninPrincipal principal = AuthorizationUtils.getPrincipal(authentication); + SignPrincipal principal = AuthorizationUtils.getPrincipal(authentication); if(principal != null ) { _logger.trace("{} HttpSession Id {} for userId {} , username {} @Ticket {} Destroyed" , DateUtils.formatDateTime(new Date()), diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/interceptor/PermissionInterceptor.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/interceptor/PermissionInterceptor.java index 7a2e45717..b3d3fb73e 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/interceptor/PermissionInterceptor.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/interceptor/PermissionInterceptor.java @@ -21,7 +21,7 @@ import javax.servlet.RequestDispatcher; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.maxkey.authn.SigninPrincipal; +import org.maxkey.authn.SignPrincipal; import org.maxkey.authn.jwt.AuthJwtService; import org.maxkey.authn.session.SessionService; import org.maxkey.authn.web.AuthorizationUtils; @@ -60,7 +60,7 @@ public class PermissionInterceptor implements AsyncHandlerInterceptor { public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception { _logger.trace("Permission Interceptor ."); AuthorizationUtils.authenticate(request, authJwtService, sessionService); - SigninPrincipal principal = AuthorizationUtils.getPrincipal(); + SignPrincipal principal = AuthorizationUtils.getPrincipal(); //判断用户是否登录,判断用户是否登录用户 if(principal == null){ _logger.trace("No Authentication ... forward to /auth/entrypoint"); diff --git a/maxkey-core/src/main/java/org/maxkey/entity/UserInfo.java b/maxkey-core/src/main/java/org/maxkey/entity/UserInfo.java index 9c9d9aca3..5c652960d 100644 --- a/maxkey-core/src/main/java/org/maxkey/entity/UserInfo.java +++ b/maxkey-core/src/main/java/org/maxkey/entity/UserInfo.java @@ -46,7 +46,7 @@ public class UserInfo extends JpaBaseEntity { public static final String DEFAULT_PASSWORD_SUFFIX = "MaxKey@888"; - String onlineTicket; + String sessionId; // @Id @@ -384,12 +384,12 @@ public class UserInfo extends JpaBaseEntity { this.id = id; } - public String getOnlineTicket() { - return onlineTicket; + public String getSessionId() { + return sessionId; } - public void setOnlineTicket(String onlineTicket) { - this.onlineTicket = onlineTicket; + public void setSessionId(String sessionId) { + this.sessionId = sessionId; } /** diff --git a/maxkey-core/src/main/java/org/maxkey/web/WebConstants.java b/maxkey-core/src/main/java/org/maxkey/web/WebConstants.java index af16d9ee6..f233b87de 100644 --- a/maxkey-core/src/main/java/org/maxkey/web/WebConstants.java +++ b/maxkey-core/src/main/java/org/maxkey/web/WebConstants.java @@ -81,6 +81,8 @@ public class WebConstants { public static final String AUTHENTICATION = "current_authentication"; + public static final String SESSION = "current_session"; + public static final String THEME_COOKIE_NAME = "mxk_theme_value"; public static final String LOGIN_ERROR_SESSION_MESSAGE diff --git a/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/adapter/AbstractAuthorizeAdapter.java b/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/adapter/AbstractAuthorizeAdapter.java index 8bb2b6b14..7160dc3eb 100644 --- a/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/adapter/AbstractAuthorizeAdapter.java +++ b/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/adapter/AbstractAuthorizeAdapter.java @@ -20,7 +20,7 @@ package org.maxkey.authz.endpoint.adapter; import java.io.UnsupportedEncodingException; import org.apache.commons.codec.binary.Hex; import org.apache.commons.lang3.StringUtils; -import org.maxkey.authn.SigninPrincipal; +import org.maxkey.authn.SignPrincipal; import org.maxkey.constants.ConstsBoolean; import org.maxkey.crypto.Base64Utils; import org.maxkey.crypto.ReciprocalUtils; @@ -44,7 +44,7 @@ public abstract class AbstractAuthorizeAdapter { protected Accounts account; - protected SigninPrincipal principal; + protected SignPrincipal principal; public abstract Object generateInfo(); @@ -127,7 +127,7 @@ public abstract class AbstractAuthorizeAdapter { return ""; }; - public void setPrincipal(SigninPrincipal principal) { + public void setPrincipal(SignPrincipal principal) { this.principal = principal; this.userInfo = principal.getUserInfo(); } diff --git a/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/singlelogout/DefaultSingleLogout.java b/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/singlelogout/DefaultSingleLogout.java index 2e6036706..5f7122333 100644 --- a/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/singlelogout/DefaultSingleLogout.java +++ b/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/singlelogout/DefaultSingleLogout.java @@ -20,7 +20,7 @@ package org.maxkey.authz.singlelogout; import java.util.HashMap; import java.util.UUID; -import org.maxkey.authn.SigninPrincipal; +import org.maxkey.authn.SignPrincipal; import org.maxkey.entity.apps.Apps; import org.maxkey.util.DateUtils; import org.springframework.security.core.Authentication; @@ -34,7 +34,7 @@ public class DefaultSingleLogout extends SingleLogout{ logoutParameters.put("principal", authentication.getName()); logoutParameters.put("request", "logoutRequest"); logoutParameters.put("issueInstant", DateUtils.getCurrentDateAsString(DateUtils.FORMAT_DATE_ISO_TIMESTAMP)); - logoutParameters.put("ticket", ((SigninPrincipal)authentication.getPrincipal()).getSession().getFormattedId()); + logoutParameters.put("ticket", ((SignPrincipal)authentication.getPrincipal()).getSession().getFormattedId()); postMessage(logoutApp.getLogoutUrl(),logoutParameters); } diff --git a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas10AuthorizeEndpoint.java b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas10AuthorizeEndpoint.java index d2359e572..632b416f4 100644 --- a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas10AuthorizeEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas10AuthorizeEndpoint.java @@ -23,7 +23,7 @@ package org.maxkey.authz.cas.endpoint; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.maxkey.authn.SigninPrincipal; +import org.maxkey.authn.SignPrincipal; import org.maxkey.authz.cas.endpoint.response.Service10ResponseBuilder; import org.maxkey.authz.cas.endpoint.ticket.CasConstants; import org.maxkey.authz.cas.endpoint.ticket.Ticket; @@ -105,7 +105,7 @@ renew [OPTIONAL] - if this parameter is set, ticket validation will only succeed } if(storedTicket != null){ - String principal=((SigninPrincipal)storedTicket.getAuthentication().getPrincipal()).getUsername(); + String principal=((SignPrincipal)storedTicket.getAuthentication().getPrincipal()).getUsername(); _logger.debug("principal "+principal); return new Service10ResponseBuilder().success() .setUser(principal) diff --git a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas20AuthorizeEndpoint.java b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas20AuthorizeEndpoint.java index 8a2eaf5dd..29e5f090f 100644 --- a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas20AuthorizeEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas20AuthorizeEndpoint.java @@ -26,7 +26,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.beanutils.BeanUtils; -import org.maxkey.authn.SigninPrincipal; +import org.maxkey.authn.SignPrincipal; import org.maxkey.authz.cas.endpoint.response.ProxyServiceResponseBuilder; import org.maxkey.authz.cas.endpoint.response.ServiceResponseBuilder; import org.maxkey.authz.cas.endpoint.ticket.CasConstants; @@ -204,7 +204,7 @@ For all error codes, it is RECOMMENDED that CAS provide a more detailed message ServiceResponseBuilder serviceResponseBuilder=new ServiceResponseBuilder(); if(storedTicket!=null){ - SigninPrincipal authentication = ((SigninPrincipal)storedTicket.getAuthentication().getPrincipal()); + SignPrincipal authentication = ((SignPrincipal)storedTicket.getAuthentication().getPrincipal()); if(StringUtils.isNotBlank(pgtUrl)) { ProxyGrantingTicketIOUImpl proxyGrantingTicketIOUImpl =new ProxyGrantingTicketIOUImpl(); String proxyGrantingTicketIOU=casProxyGrantingTicketServices.createTicket(proxyGrantingTicketIOUImpl); @@ -332,7 +332,7 @@ Response on ticket validation failure: ServiceResponseBuilder serviceResponseBuilder=new ServiceResponseBuilder(); if(storedTicket!=null){ - SigninPrincipal authentication = ((SigninPrincipal)storedTicket.getAuthentication().getPrincipal()); + SignPrincipal authentication = ((SignPrincipal)storedTicket.getAuthentication().getPrincipal()); if(ConstsBoolean.isTrue(storedTicket.getCasDetails().getIsAdapter())){ Object samlAdapter = Instance.newInstance(storedTicket.getCasDetails().getAdapter()); try { diff --git a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas30AuthorizeEndpoint.java b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas30AuthorizeEndpoint.java index 544d207aa..990480ebf 100644 --- a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas30AuthorizeEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas30AuthorizeEndpoint.java @@ -26,7 +26,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.beanutils.BeanUtils; -import org.maxkey.authn.SigninPrincipal; +import org.maxkey.authn.SignPrincipal; import org.maxkey.authz.cas.endpoint.response.ProxyServiceResponseBuilder; import org.maxkey.authz.cas.endpoint.response.ServiceResponseBuilder; import org.maxkey.authz.cas.endpoint.ticket.CasConstants; @@ -86,7 +86,7 @@ public class Cas30AuthorizeEndpoint extends CasBaseAuthorizeEndpoint{ ServiceResponseBuilder serviceResponseBuilder=new ServiceResponseBuilder(); if(storedTicket!=null){ - SigninPrincipal authentication = ((SigninPrincipal)storedTicket.getAuthentication().getPrincipal()); + SignPrincipal authentication = ((SignPrincipal)storedTicket.getAuthentication().getPrincipal()); if(StringUtils.isNotBlank(pgtUrl)) { ProxyGrantingTicketIOUImpl proxyGrantingTicketIOUImpl =new ProxyGrantingTicketIOUImpl(); String proxyGrantingTicketIOU=casProxyGrantingTicketServices.createTicket(proxyGrantingTicketIOUImpl); @@ -177,7 +177,7 @@ public class Cas30AuthorizeEndpoint extends CasBaseAuthorizeEndpoint{ ServiceResponseBuilder serviceResponseBuilder=new ServiceResponseBuilder(); if(storedTicket!=null){ - SigninPrincipal authentication = ((SigninPrincipal)storedTicket.getAuthentication().getPrincipal()); + SignPrincipal authentication = ((SignPrincipal)storedTicket.getAuthentication().getPrincipal()); if(ConstsBoolean.isTrue(storedTicket.getCasDetails().getIsAdapter())){ Object samlAdapter = Instance.newInstance(storedTicket.getCasDetails().getAdapter()); try { diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/OAuth2UserDetailsService.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/OAuth2UserDetailsService.java index 13c7ad250..4bef822c7 100644 --- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/OAuth2UserDetailsService.java +++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/OAuth2UserDetailsService.java @@ -15,7 +15,7 @@ package org.maxkey.authz.oauth2.provider; import java.util.ArrayList; import org.maxkey.authn.AbstractAuthenticationProvider; -import org.maxkey.authn.SigninPrincipal; +import org.maxkey.authn.SignPrincipal; import org.maxkey.authn.session.Session; import org.maxkey.entity.UserInfo; import org.maxkey.persistence.repository.LoginRepository; @@ -47,7 +47,7 @@ public class OAuth2UserDetailsService implements UserDetailsService { String onlineTickitId = WebConstants.ONLINE_TICKET_PREFIX + "-" + java.util.UUID.randomUUID().toString().toLowerCase(); - SigninPrincipal principal = new SigninPrincipal(userInfo); + SignPrincipal principal = new SignPrincipal(userInfo); Session onlineTicket = new Session(onlineTickitId); //set OnlineTicket principal.setSession(onlineTicket); diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/endpoint/OAuth20AccessConfirmationEndpoint.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/endpoint/OAuth20AccessConfirmationEndpoint.java index d9e18e7a8..1354e298b 100644 --- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/endpoint/OAuth20AccessConfirmationEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/endpoint/OAuth20AccessConfirmationEndpoint.java @@ -93,7 +93,7 @@ public class OAuth20AccessConfirmationEndpoint { try { // Map model AuthorizationRequest clientAuth = - (AuthorizationRequest) momentaryService.get(currentUser.getOnlineTicket(), "authorizationRequest"); + (AuthorizationRequest) momentaryService.get(currentUser.getSessionId(), "authorizationRequest"); ClientDetails client = clientDetailsService.loadClientByClientId(clientAuth.getClientId(),true); model.put("oauth_approval", WebContext.genId()); model.put("auth_request", clientAuth); @@ -139,7 +139,7 @@ public class OAuth20AccessConfirmationEndpoint { if(StringUtils.isNotBlank(oauth_approval)) { try { AuthorizationRequest clientAuth = - (AuthorizationRequest) momentaryService.get(currentUser.getOnlineTicket(), "authorizationRequest"); + (AuthorizationRequest) momentaryService.get(currentUser.getSessionId(), "authorizationRequest"); ClientDetails client = clientDetailsService.loadClientByClientId(clientAuth.getClientId(),true); Apps app = appsService.get(client.getClientId(),true); diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AuthorizationEndpoint.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AuthorizationEndpoint.java index 3acd28a1b..add391a14 100644 --- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AuthorizationEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AuthorizationEndpoint.java @@ -227,7 +227,7 @@ public class AuthorizationEndpoint extends AbstractEndpoint { // Place auth request into the model so that it is stored in the session // for approveOrDeny to use. That way we make sure that auth request comes from the session, // so any auth request parameters passed to approveOrDeny will be ignored and retrieved from the session. - momentaryService.put(currentUser.getOnlineTicket(), "authorizationRequest", authorizationRequest); + momentaryService.put(currentUser.getSessionId(), "authorizationRequest", authorizationRequest); return getUserApprovalPageResponse(model, authorizationRequest, (Authentication) principal); @@ -255,7 +255,7 @@ public class AuthorizationEndpoint extends AbstractEndpoint { "User must be authenticated with Spring Security before authorizing an access token."); } - AuthorizationRequest authorizationRequest = (AuthorizationRequest) momentaryService.get(currentUser.getOnlineTicket(), "authorizationRequest"); + AuthorizationRequest authorizationRequest = (AuthorizationRequest) momentaryService.get(currentUser.getSessionId(), "authorizationRequest"); if (authorizationRequest == null) { sessionStatus.setComplete(); diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpoint.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpoint.java index 0e0d2fdc7..273292283 100644 --- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpoint.java @@ -22,7 +22,7 @@ import java.util.HashSet; import java.util.Map; import java.util.Set; -import org.maxkey.authn.SigninPrincipal; +import org.maxkey.authn.SignPrincipal; import org.maxkey.authn.web.AuthorizationUtils; import org.maxkey.authz.oauth2.common.DefaultOAuth2AccessToken; import org.maxkey.authz.oauth2.common.OAuth2AccessToken; @@ -196,7 +196,7 @@ public class TokenEndpoint extends AbstractEndpoint { clientId = ((OAuth2Authentication) client).getOAuth2Request().getClientId(); } if (client instanceof UsernamePasswordAuthenticationToken) { - clientId = ((SigninPrincipal)client.getPrincipal()).getUsername(); + clientId = ((SignPrincipal)client.getPrincipal()).getUsername(); } return clientId; } diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpointAuthenticationFilter.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpointAuthenticationFilter.java index dab7153b3..4b83814b2 100644 --- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpointAuthenticationFilter.java +++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpointAuthenticationFilter.java @@ -31,7 +31,7 @@ import javax.servlet.annotation.WebFilter; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.maxkey.authn.SigninPrincipal; +import org.maxkey.authn.SignPrincipal; import org.maxkey.authn.web.AuthorizationUtils; import org.maxkey.authz.oauth2.common.OAuth2Constants; import org.maxkey.authz.oauth2.common.util.OAuth2Utils; @@ -145,13 +145,13 @@ public class TokenEndpointAuthenticationFilter implements Filter { }else { Authentication authentication=ClientCredentials(request,response); _logger.trace("getPrincipal " + authentication.getPrincipal().getClass()); - SigninPrincipal auth = null; - if(authentication.getPrincipal() instanceof SigninPrincipal) { + SignPrincipal auth = null; + if(authentication.getPrincipal() instanceof SignPrincipal) { //authorization_code - auth = (SigninPrincipal)authentication.getPrincipal(); + auth = (SignPrincipal)authentication.getPrincipal(); }else { //client_credentials - auth =new SigninPrincipal((User)authentication.getPrincipal()); + auth =new SignPrincipal((User)authentication.getPrincipal()); } auth.setAuthenticated(true); UsernamePasswordAuthenticationToken simpleUserAuthentication = new UsernamePasswordAuthenticationToken(auth, authentication.getCredentials(), authentication.getAuthorities()); diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/UserInfoEndpoint.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/UserInfoEndpoint.java index 6abe38219..bd820000b 100644 --- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/UserInfoEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/UserInfoEndpoint.java @@ -25,7 +25,7 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.beanutils.BeanUtils; import org.apache.commons.lang3.StringUtils; -import org.maxkey.authn.SigninPrincipal; +import org.maxkey.authn.SignPrincipal; import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter; import org.maxkey.authz.oauth2.common.OAuth2Constants; import org.maxkey.authz.oauth2.common.exceptions.OAuth2Exception; @@ -114,7 +114,7 @@ public class UserInfoEndpoint { }else{ adapter =(AbstractAuthorizeAdapter)new OAuthDefaultUserInfoAdapter(clientDetails); } - adapter.setPrincipal((SigninPrincipal)oAuth2Authentication.getUserAuthentication().getPrincipal()); + adapter.setPrincipal((SignPrincipal)oAuth2Authentication.getUserAuthentication().getPrincipal()); adapter.setApp(app); Object jsonData = adapter.generateInfo(); diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/UserInfoOIDCEndpoint.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/UserInfoOIDCEndpoint.java index a0c735244..517d9b615 100644 --- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/UserInfoOIDCEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/UserInfoOIDCEndpoint.java @@ -28,7 +28,7 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang3.StringUtils; -import org.maxkey.authn.SigninPrincipal; +import org.maxkey.authn.SignPrincipal; import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter; import org.maxkey.authz.oauth2.common.OAuth2Constants; import org.maxkey.authz.oauth2.common.exceptions.OAuth2Exception; @@ -113,7 +113,7 @@ public class UserInfoOIDCEndpoint { try{ oAuth2Authentication = oauth20tokenServices.loadAuthentication(access_token); - principal=((SigninPrincipal)oAuth2Authentication.getPrincipal()).getUsername(); + principal=((SignPrincipal)oAuth2Authentication.getPrincipal()).getUsername(); Setscopes = oAuth2Authentication.getOAuth2Request().getScope(); ClientDetails clientDetails = @@ -123,7 +123,7 @@ public class UserInfoOIDCEndpoint { String userJson = ""; Builder jwtClaimsSetBuilder= new JWTClaimsSet.Builder(); - SigninPrincipal authentication = (SigninPrincipal)oAuth2Authentication.getUserAuthentication().getPrincipal(); + SignPrincipal authentication = (SignPrincipal)oAuth2Authentication.getUserAuthentication().getPrincipal(); String subject = AbstractAuthorizeAdapter.getValueByUserAttr(userInfo, clientDetails.getSubject()); _logger.debug("userId : {} , username : {} , displayName : {} , subject : {}" , diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/access/contorller/LoginSessionController.java b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/access/contorller/LoginSessionController.java index 36c13e072..18b1bffc4 100644 --- a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/access/contorller/LoginSessionController.java +++ b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/access/contorller/LoginSessionController.java @@ -86,7 +86,7 @@ public class LoginSessionController { try { for(String sessionId : StringUtils.string2List(ids, ",")) { _logger.trace("terminate session Id {} ",sessionId); - if(currentUser.getOnlineTicket().contains(sessionId)) { + if(currentUser.getSessionId().contains(sessionId)) { continue;//skip current session } diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/LogoutEndpoint.java b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/LogoutEndpoint.java index a603ba8e0..426e09f4a 100644 --- a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/LogoutEndpoint.java +++ b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/LogoutEndpoint.java @@ -54,10 +54,10 @@ public class LogoutEndpoint { @RequestMapping(value={"/logout"}, produces = {MediaType.APPLICATION_JSON_VALUE}) public ResponseEntity logout(@CurrentUser UserInfo currentUser){ //if logined in have onlineTicket ,need remove or logout back - String onlineTicketId = currentUser.getOnlineTicket(); - Session onlineTicket = sessionService.get(onlineTicketId); - if(onlineTicket != null) { - Set> entrySet = onlineTicket.getAuthorizedApps().entrySet(); + String sessionId = currentUser.getSessionId(); + Session session = sessionService.get(sessionId); + if(session != null) { + Set> entrySet = session.getAuthorizedApps().entrySet(); Iterator> iterator = entrySet.iterator(); while (iterator.hasNext()) { @@ -70,12 +70,12 @@ public class LogoutEndpoint { }else { singleLogout = new DefaultSingleLogout(); } - singleLogout.sendRequest(onlineTicket.getAuthentication(), mapEntry.getValue()); + singleLogout.sendRequest(session.getAuthentication(), mapEntry.getValue()); } } sessionService.terminate( - onlineTicketId, + session.getId(), currentUser.getId(), currentUser.getUsername()); } diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/HistorySignOnAppInterceptor.java b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/HistorySignOnAppInterceptor.java index 9a57cd0de..9cdcceca6 100644 --- a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/HistorySignOnAppInterceptor.java +++ b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/HistorySignOnAppInterceptor.java @@ -20,7 +20,7 @@ package org.maxkey.web.interceptor; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.maxkey.authn.SigninPrincipal; +import org.maxkey.authn.SignPrincipal; import org.maxkey.authn.web.AuthorizationUtils; import org.maxkey.entity.HistoryLoginApps; import org.maxkey.entity.UserInfo; @@ -56,7 +56,7 @@ public class HistorySignOnAppInterceptor implements AsyncHandlerInterceptor { throws Exception { _logger.debug("preHandle"); final Apps app = (Apps)WebContext.getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP); - SigninPrincipal principal = AuthorizationUtils.getPrincipal(); + SignPrincipal principal = AuthorizationUtils.getPrincipal(); if(principal != null && app !=null) { if(principal.getGrantedAuthorityApps().contains(new SimpleGrantedAuthority(app.getId()))) { _logger.trace("preHandle have authority access " + app); @@ -81,7 +81,7 @@ public class HistorySignOnAppInterceptor implements AsyncHandlerInterceptor { final Apps app = (Apps)WebContext.getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP); - SigninPrincipal principal = AuthorizationUtils.getPrincipal(); + SignPrincipal principal = AuthorizationUtils.getPrincipal(); if(principal != null && app !=null) { final UserInfo userInfo = principal.getUserInfo(); String sessionId = principal.getSession().getId(); diff --git a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/access/contorller/LoginSessionController.java b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/access/contorller/LoginSessionController.java index 9db6fceb3..20dae1f06 100644 --- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/access/contorller/LoginSessionController.java +++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/access/contorller/LoginSessionController.java @@ -87,7 +87,7 @@ public class LoginSessionController { try { for(String sessionId : StringUtils.string2List(ids, ",")) { _logger.trace("terminate session Id {} ",sessionId); - if(currentUser.getOnlineTicket().contains(sessionId)) { + if(currentUser.getSessionId().contains(sessionId)) { continue;//skip current session } sessionService.terminate(sessionId,currentUser.getId(),currentUser.getUsername()); diff --git a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/LogoutEndpoint.java b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/LogoutEndpoint.java index ed8ede292..4541bb2c5 100644 --- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/LogoutEndpoint.java +++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/LogoutEndpoint.java @@ -36,7 +36,7 @@ public class LogoutEndpoint { @RequestMapping(value={"/logout"}, produces = {MediaType.APPLICATION_JSON_VALUE}) public ResponseEntity logout(@CurrentUser UserInfo currentUser){ sessionService.terminate( - currentUser.getOnlineTicket(), + currentUser.getSessionId(), currentUser.getId(), currentUser.getUsername()); return new Message().buildResponse();