v2.0.0RC1

2025-12-06 17:08:29 +08:00 · 2020-05-23 21:08:44 +08:00 · 2020-05-23 21:08:44 +08:00 · 1ad1db9846
commit 1ad1db9846
parent bcbd926bbe
14 changed files with 314 additions and 103 deletions
--- a/maxkey-authentications/src/main/java/org/maxkey/authn/support/basic/BasicEntryPoint.java
+++ b/maxkey-authentications/src/main/java/org/maxkey/authn/support/basic/BasicEntryPoint.java
@ -18,7 +18,16 @@ public class BasicEntryPoint extends HandlerInterceptorAdapter {
 	
 	boolean enable;
 	
-	String []skipRequestURI={
+	public BasicEntryPoint() {
+	    
+    }
+	
+	public BasicEntryPoint(boolean enable) {
+        super();
+        this.enable = enable;
+    }
+
+    String []skipRequestURI={
 			"/oauth/v20/token",
 			"/oauth/v10a/request_token",
 			"/oauth/v10a/access_token"
--- a/maxkey-authentications/src/main/java/org/maxkey/authn/support/httpheader/HttpHeaderConfig.java
+++ b/maxkey-authentications/src/main/java/org/maxkey/authn/support/httpheader/HttpHeaderConfig.java
@ -23,6 +23,11 @@ public class HttpHeaderConfig {
 	public void setEnable(boolean enable) {
 		this.enable = enable;
 	}
+    public HttpHeaderConfig(String headerName, boolean enable) {
+        super();
+        this.headerName = headerName;
+        this.enable = enable;
+    }
 	
 	
 }
--- a/maxkey-authentications/src/main/java/org/maxkey/authn/support/httpheader/HttpHeaderEntryPoint.java
+++ b/maxkey-authentications/src/main/java/org/maxkey/authn/support/httpheader/HttpHeaderEntryPoint.java
@ -7,8 +7,6 @@ import org.maxkey.constants.ConstantsLoginType;
 import org.maxkey.web.WebContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
@ -17,8 +15,7 @@ import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
 public class HttpHeaderEntryPoint extends HandlerInterceptorAdapter {
 	private static final Logger _logger = LoggerFactory.getLogger(HttpHeaderEntryPoint.class);
 	
-	@Autowired 
-  	@Qualifier("httpHeaderSupport")
+	
 	HttpHeaderConfig httpHeaderSupport;
 	
 	String []skipRequestURI={
@ -94,7 +91,16 @@ public class HttpHeaderEntryPoint extends HandlerInterceptorAdapter {
 		 return true;
 	}

-	public void setHttpHeaderSupport(HttpHeaderConfig httpHeaderSupport) {
+	 public HttpHeaderEntryPoint() {
+	        super();
+	 }
+	 
+	public HttpHeaderEntryPoint(HttpHeaderConfig httpHeaderSupport) {
+        super();
+        this.httpHeaderSupport = httpHeaderSupport;
+    }
+
+    public void setHttpHeaderSupport(HttpHeaderConfig httpHeaderSupport) {
 		this.httpHeaderSupport = httpHeaderSupport;
 	}
 	
--- a/maxkey-authentications/src/main/java/org/maxkey/authn/support/socialsignon/service/SocialSignOnProvider.java
+++ b/maxkey-authentications/src/main/java/org/maxkey/authn/support/socialsignon/service/SocialSignOnProvider.java
@ -88,6 +88,13 @@ public class SocialSignOnProvider {
 		this.userBind = userBind;
 	}

+    @Override
+    public String toString() {
+        return "SocialSignOnProvider [provider=" + provider + ", providerName=" + providerName + ", icon=" + icon
+                + ", clientId=" + clientId + ", clientSecret=" + clientSecret + ", accountId=" + accountId
+                + ", sortOrder=" + sortOrder + ", userBind=" + userBind + "]";
+    }
+	
 	

 }
--- a/maxkey-authentications/src/main/java/org/maxkey/authn/support/socialsignon/service/SocialSignOnProviderService.java
+++ b/maxkey-authentications/src/main/java/org/maxkey/authn/support/socialsignon/service/SocialSignOnProviderService.java
@ -78,8 +78,9 @@ public class SocialSignOnProviderService{
 			return ((AuthUser)authResponse.getData()).getUuid();
 		}else if(provider.equalsIgnoreCase("DingTalk")) {
 			return ((AuthUser)authResponse.getData()).getUuid();
+		}else {
+		    return ((AuthUser)authResponse.getData()).getUuid();
 		}
-		return null;
 	}
 	public List<SocialSignOnProvider> getSocialSignOnProviders() {
 		return socialSignOnProviders;
--- a/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java
+++ b/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java
@ -1,16 +1,32 @@
 package org.maxkey;

+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Properties;
+
 import org.apache.catalina.Context;
 import org.apache.catalina.connector.Connector;
 import org.apache.tomcat.util.descriptor.web.SecurityCollection;
 import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
+import org.maxkey.authn.realm.jdbc.JdbcAuthenticationRealm;
+import org.maxkey.authn.support.kerberos.KerberosProxy;
+import org.maxkey.authn.support.kerberos.RemoteKerberosService;
+import org.maxkey.authn.support.socialsignon.service.JdbcSocialsAssociateService;
+import org.maxkey.authn.support.socialsignon.service.SocialSignOnProvider;
+import org.maxkey.authn.support.socialsignon.service.SocialSignOnProviderService;
 import org.maxkey.authz.oauth2.provider.endpoint.TokenEndpointAuthenticationFilter;
 import org.maxkey.crypto.password.opt.algorithm.KeyUriFormat;
+import org.maxkey.crypto.password.opt.impl.MailOtpAuthn;
+import org.maxkey.crypto.password.opt.impl.SmsOtpAuthn;
+import org.maxkey.crypto.password.opt.impl.TimeBasedOtpAuthn;
+import org.maxkey.crypto.password.opt.impl.sms.SmsOtpAuthnYunxin;
 import org.mybatis.spring.annotation.MapperScan;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
@ -18,12 +34,15 @@ import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.ImportResource;
 import org.springframework.context.annotation.PropertySource;
+import org.springframework.core.io.ClassPathResource;
+import org.springframework.core.io.Resource;
+import org.springframework.jdbc.core.JdbcTemplate;




@Configuration
-@ImportResource(locations = { "classpath:spring/maxkey.xml" })
+//@ImportResource(locations = { "classpath:spring/maxkey.xml" })
@PropertySource("classpath:/application.properties")
@PropertySource("classpath:/config/applicationConfig.properties")
@MapperScan("org.maxkey.dao.persistence,")
@ -35,6 +54,7 @@ import org.springframework.context.annotation.PropertySource;
        "org.maxkey.api.v1.contorller",
        "org.maxkey.web.endpoint",
        "org.maxkey.web.contorller",
+        "org.maxkey.web.interceptor",
        //single sign on protocol
        "org.maxkey.authz.endpoint",
        "org.maxkey.authz.desktop.endpoint",
@ -42,6 +62,7 @@ import org.springframework.context.annotation.PropertySource;
        "org.maxkey.authz.formbased.endpoint",
        "org.maxkey.authz.ltpa.endpoint",
        "org.maxkey.authz.token.endpoint",
+        "org.maxkey.web.authentication.support.socialsignon"
 })
 public class MaxKeyConfig  implements InitializingBean {
    private static final  Logger _logger = LoggerFactory.getLogger(MaxKeyConfig.class);
@ -115,6 +136,101 @@ public class MaxKeyConfig  implements InitializingBean {
        return keyUriFormat;
    }

+    @Bean(name = "authenticationRealm")
+    public JdbcAuthenticationRealm JdbcAuthenticationRealm(
+                JdbcTemplate jdbcTemplate) {
+        JdbcAuthenticationRealm authenticationRealm = new JdbcAuthenticationRealm(jdbcTemplate);
+        _logger.debug("JdbcAuthenticationRealm inited.");
+        return authenticationRealm;
+    }
+    
+    @Bean(name = "tfaOptAuthn")
+    public TimeBasedOtpAuthn tfaOptAuthn() {
+        TimeBasedOtpAuthn tfaOptAuthn = new TimeBasedOtpAuthn();
+        _logger.debug("TimeBasedOtpAuthn inited.");
+        return tfaOptAuthn;
+    }
+    
+    @Bean(name = "tfaMailOptAuthn")
+    public MailOtpAuthn mailOtpAuthn() {
+        MailOtpAuthn mailOtpAuthn = new MailOtpAuthn();
+        _logger.debug("tfaMailOptAuthn inited.");
+        return mailOtpAuthn;
+    }
+    
+    @Bean(name = "tfaMobileOptAuthn")
+    public SmsOtpAuthn smsOtpAuthn() {
+        SmsOtpAuthnYunxin smsOtpAuthn = new SmsOtpAuthnYunxin();
+        _logger.debug("SmsOtpAuthn inited.");
+        return smsOtpAuthn;
+    }
+    
+    @Bean(name = "kerberosService")
+    public RemoteKerberosService kerberosService(
+            @Value("${config.support.kerberos.default.userdomain}")
+            String userDomain,
+            @Value("${config.support.kerberos.default.fulluserdomain}")
+            String fullUserDomain,
+            @Value("${config.support.kerberos.default.crypto}")
+            String crypto,
+            @Value("${config.support.kerberos.default.redirecturi}")
+            String redirectUri
+            ) {
+        RemoteKerberosService kerberosService = new RemoteKerberosService();
+        KerberosProxy kerberosProxy = new KerberosProxy();
+        
+        kerberosProxy.setCrypto(crypto);
+        kerberosProxy.setFullUserdomain(fullUserDomain);
+        kerberosProxy.setUserdomain(userDomain);
+        kerberosProxy.setRedirectUri(redirectUri);
+        
+        List<KerberosProxy> kerberosProxysList = new ArrayList<KerberosProxy>();
+        kerberosProxysList.add(kerberosProxy);
+        kerberosService.setKerberosProxys(kerberosProxysList);
+        
+        _logger.debug("RemoteKerberosService inited.");
+        return kerberosService;
+    }
+    
+    @Bean(name = "socialSignOnProviderService")
+    @ConditionalOnClass(SocialSignOnProvider.class)
+    public SocialSignOnProviderService socialSignOnProviderService() throws IOException {
+        SocialSignOnProviderService socialSignOnProviderService = new SocialSignOnProviderService();
+        
+        Resource resource = new ClassPathResource("/config/applicationConfig.properties");
+        Properties properties = new Properties();
+        properties.load(resource.getInputStream());
+        String [] providerList =properties.get("config.login.socialsignon.providers").toString().split(",");
+        List<SocialSignOnProvider> socialSignOnProviderList = new ArrayList<SocialSignOnProvider>();
+        for(String provider : providerList) {
+            String providerName = properties.getProperty("config.socialsignon."+provider+".provider.name");
+            String icon=properties.getProperty("config.socialsignon."+provider+".icon");
+            String clientId=properties.getProperty("config.socialsignon."+provider+".client.id");
+            String clientSecret=properties.getProperty("config.socialsignon."+provider+".client.secret");
+            String sortOrder = properties.getProperty("config.socialsignon."+provider+".sortorder");
+            SocialSignOnProvider socialSignOnProvider = new SocialSignOnProvider();
+            socialSignOnProvider.setProvider(provider);
+            socialSignOnProvider.setProviderName(providerName);
+            socialSignOnProvider.setIcon(icon);
+            socialSignOnProvider.setClientId(clientId);
+            socialSignOnProvider.setClientSecret(clientSecret);
+            socialSignOnProvider.setSortOrder(Integer.valueOf(sortOrder));
+            _logger.debug("socialSignOnProvider " + socialSignOnProvider);
+            socialSignOnProviderList.add(socialSignOnProvider);            
+        }
+        socialSignOnProviderService.setSocialSignOnProviders(socialSignOnProviderList);
+        _logger.debug("SocialSignOnProviderService inited.");
+        return socialSignOnProviderService;
+    }
+    
+    @Bean(name = "socialsAssociateService")
+    public JdbcSocialsAssociateService socialsAssociateService(
+                JdbcTemplate jdbcTemplate) {
+        JdbcSocialsAssociateService socialsAssociateService = new JdbcSocialsAssociateService(jdbcTemplate);
+        _logger.debug("JdbcSocialsAssociateService inited.");
+        return socialsAssociateService;
+    }
+    
    @Override
    public void afterPropertiesSet() throws Exception {
        // TODO Auto-generated method stub
--- a/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyMvcConfig.java
+++ b/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyMvcConfig.java
@ -0,0 +1,138 @@
+package org.maxkey;
+
+import org.maxkey.authn.support.basic.BasicEntryPoint;
+import org.maxkey.authn.support.httpheader.HttpHeaderConfig;
+import org.maxkey.authn.support.httpheader.HttpHeaderEntryPoint;
+import org.maxkey.web.interceptor.HistoryLoginAppAdapter;
+import org.maxkey.web.interceptor.HistoryLogsAdapter;
+import org.maxkey.web.interceptor.PermissionAdapter;
+import org.maxkey.web.interceptor.PreLoginAppAdapter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.PropertySource;
+import org.springframework.web.servlet.config.annotation.EnableWebMvc;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+import org.springframework.web.servlet.i18n.LocaleChangeInterceptor;
+
+@Configuration
+@EnableWebMvc
+@PropertySource("classpath:/config/applicationConfig.properties")
+public class MaxKeyMvcConfig implements WebMvcConfigurer {
+    private static final  Logger _logger = LoggerFactory.getLogger(MaxKeyMvcConfig.class);
+    @Autowired
+    PermissionAdapter permissionAdapter;
+    
+    @Autowired
+    HistoryLogsAdapter historyLogsAdapter;
+    
+    @Autowired
+    LocaleChangeInterceptor localeChangeInterceptor;
+    
+    @Autowired
+    PreLoginAppAdapter preLoginAppAdapter;
+    
+    @Autowired
+    HistoryLoginAppAdapter historyLoginAppAdapter;
+    
+    @Value("${config.support.httpheader.enable:false}")
+    private boolean httpHeaderEnable;
+    
+    @Value("${config.support.httpheader.headername:iv-user}")
+    private String httpHeaderName;
+    
+    @Value("${config.support.basic.enable:false}")
+    private boolean basicEnable;
+    
+    @Override
+    public void addResourceHandlers(ResourceHandlerRegistry registry) {
+        registry.addResourceHandler("/static/**")
+                .addResourceLocations("classpath:/static/");
+        registry.addResourceHandler("/templates/**")
+                .addResourceLocations("classpath:/templates/");
+        _logger.debug("add addResourceHandler");
+    }
+
+    @Override
+    public void addInterceptors(InterceptorRegistry registry) {
+        //addPathPatterns 用于添加拦截规则 ， 先把所有路径都加入拦截， 再一个个排除
+        //excludePathPatterns 表示改路径不用拦截
+        registry.addInterceptor(permissionAdapter)
+                .addPathPatterns("/index/**")
+                .addPathPatterns("/logs/**")
+                .addPathPatterns("/userinfo/**")
+                .addPathPatterns("/profile/**")
+                .addPathPatterns("/safe/**")
+                .addPathPatterns("/historys/**")
+                .addPathPatterns("/appList/**")
+                .addPathPatterns("/socialsignon/**")
+                
+                .addPathPatterns("/authz/basic/*")
+                .addPathPatterns("/authz/ltpa/*")
+                .addPathPatterns("/authz/desktop/*")
+                .addPathPatterns("/authz/formbased/*")
+                .addPathPatterns("/authz/tokenbased/*")
+                .addPathPatterns("/authz/saml20/idpinit/*")
+                .addPathPatterns("/authz/saml20/assertion")
+                .addPathPatterns("/authz/cas/*")
+                .addPathPatterns("/authz/cas/*/*")
+                .addPathPatterns("/authz/cas/granting/*")
+                .addPathPatterns("/oauth/v20/authorize")
+                .addPathPatterns("/oauth/v20/authorize/*")
+                ;
+        
+        _logger.debug("add PermissionAdapter");
+        
+        registry.addInterceptor(historyLogsAdapter)
+                .addPathPatterns("/safe/changePassword/**")
+                ;
+        _logger.debug("add HistoryLogsAdapter");
+
+        registry.addInterceptor(preLoginAppAdapter)
+                .addPathPatterns("/authz/basic/*")
+                .addPathPatterns("/authz/ltpa/*")
+                .addPathPatterns("/authz/desktop/*")
+                .addPathPatterns("/authz/formbased/*")
+                .addPathPatterns("/authz/tokenbased/*")
+                .addPathPatterns("/authz/saml20/idpinit/*")
+                .addPathPatterns("/authz/saml20/assertion")
+                .addPathPatterns("/authz/cas/login")
+                .addPathPatterns("/authz/cas/granting")
+        ;
+        _logger.debug("add PreLoginAppAdapter");
+        
+        registry.addInterceptor(historyLoginAppAdapter)
+                .addPathPatterns("/authz/basic/*")
+                .addPathPatterns("/authz/ltpa/*")
+                .addPathPatterns("/authz/desktop/*")
+                .addPathPatterns("/authz/formbased/*")
+                .addPathPatterns("/authz/tokenbased/*")
+                .addPathPatterns("/authz/saml20/idpinit/*")
+                .addPathPatterns("/authz/saml20/assertion")
+                .addPathPatterns("/authz/cas/granting")
+        ;
+        _logger.debug("add HistoryLoginAppAdapter");
+        
+       
+        registry.addInterceptor(localeChangeInterceptor);
+        _logger.debug("add LocaleChangeInterceptor");
+        
+        if(httpHeaderEnable) {
+            HttpHeaderConfig httpHeaderConfig= new HttpHeaderConfig(this.httpHeaderName,httpHeaderEnable);
+            registry.addInterceptor(new HttpHeaderEntryPoint(httpHeaderConfig))
+                    .addPathPatterns("/*");
+            _logger.debug("add HttpHeaderEntryPoint");
+        }
+        
+        if(basicEnable) {
+            registry.addInterceptor(new BasicEntryPoint(basicEnable))
+                    .addPathPatterns("/*");
+            _logger.debug("add BasicEntryPoint");
+        }
+    }
+
+}
--- a/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/HistoryLoginAppAdapter.java
+++ b/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/HistoryLoginAppAdapter.java
@ -14,9 +14,11 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.stereotype.Component;
 import org.springframework.web.servlet.ModelAndView;
 import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

+@Component
 public class HistoryLoginAppAdapter extends HandlerInterceptorAdapter {
    private static final Logger _logger = LoggerFactory.getLogger(HistoryLoginAppAdapter.class);

--- a/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/HistoryLogsAdapter.java
+++ b/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/HistoryLogsAdapter.java
@ -13,6 +13,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.stereotype.Component;
 import org.springframework.web.servlet.ModelAndView;
 import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

@ -23,6 +24,7 @@ import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
 * @author Crystal.Sea
 *
 */
+@Component
 public class HistoryLogsAdapter extends HandlerInterceptorAdapter {

    private static final Logger _logger = LoggerFactory.getLogger(HistoryLogsAdapter.class);
--- a/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/PermissionAdapter.java
+++ b/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/PermissionAdapter.java
@ -16,6 +16,7 @@ import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
 import org.springframework.security.web.savedrequest.RequestCache;
 import org.springframework.security.web.savedrequest.SavedRequest;
+import org.springframework.stereotype.Component;
 import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

 /**
@ -24,7 +25,7 @@ import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
 * @author Crystal.Sea
 *
 */
-
+@Component
 public class PermissionAdapter extends HandlerInterceptorAdapter {
    private static final Logger _logger = LoggerFactory.getLogger(PermissionAdapter.class);
    // 无需Interceptor url
--- a/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/PreLoginAppAdapter.java
+++ b/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/PreLoginAppAdapter.java
@ -7,8 +7,10 @@ import org.maxkey.web.WebConstants;
 import org.maxkey.web.WebContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Component;
 import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

+@Component
 public class PreLoginAppAdapter extends HandlerInterceptorAdapter {

    private static final Logger _logger = LoggerFactory.getLogger(PreLoginAppAdapter.class);
--- a/maxkey-web-maxkey/src/main/resources/META-INF/spring.factories
+++ b/maxkey-web-maxkey/src/main/resources/META-INF/spring.factories
@ -6,4 +6,5 @@ org.maxkey.autoconfigure.KaptchaAutoConfiguration,\
 org.maxkey.autoconfigure.RedisAutoConfiguration,\
 org.maxkey.autoconfigure.CasAutoConfiguration,\
 org.maxkey.autoconfigure.Oauth20AutoConfiguration,\
-org.maxkey.autoconfigure.Saml20AutoConfiguration
+org.maxkey.autoconfigure.Saml20AutoConfiguration,\
+org.maxkey.MaxKeyMvcConfig
--- a/maxkey-web-maxkey/src/main/resources/config/applicationConfig.properties
+++ b/maxkey-web-maxkey/src/main/resources/config/applicationConfig.properties
@ -22,6 +22,8 @@ config.login.captcha.type=text
 config.login.onetimepwd=true
 #enable social sign on
 config.login.socialsignon=true
+#social sign on providers
+config.login.socialsignon.providers=sinaweibo,google,qq,dingtalk,microsoft,facebook
 #Enable kerberos/SPNEGO
 config.login.kerberos=true
 #wsFederation
--- a/maxkey-web-maxkey/src/main/resources/spring/maxkey.xml
+++ b/maxkey-web-maxkey/src/main/resources/spring/maxkey.xml
@ -43,11 +43,10 @@
    </mvc:interceptors>
    <!-- BASIC Support End-->
    
-    <!-- KERBEROS Support Start-->
+    <!-- KERBEROS Support Start
    <bean id="kerberosService" class="org.maxkey.authn.support.kerberos.RemoteKerberosService">
        <property name="kerberosProxys" >
            <list>
-                <!-- default -->
                <bean class="org.maxkey.authn.support.kerberos.KerberosProxy">
                    <property name="userdomain" value="${config.support.kerberos.default.userdomain}"/>
                    <property name="fullUserdomain" value="${config.support.kerberos.default.fulluserdomain}"/>
@ -56,7 +55,7 @@
                </bean>
            </list>
        </property>
-    </bean>
+    </bean>-->
    <!-- KERBEROS Support End-->
    
    <!-- WsFederation  Support Start -->
@ -94,84 +93,6 @@
     -->
    <!-- WsFederation  Support End -->
 
-    <!-- Social Sign On Support Start-->
-    <!-- Social Sign On Endpoint-->
-    <context:component-scan base-package="org.maxkey.web.authentication.support.socialsignon" />
-    
-    <bean id="socialSignOnWeibo" class="org.maxkey.authn.support.socialsignon.service.SocialSignOnProvider">
-        <property name="provider" value="${config.socialsignon.sinaweibo.provider}"/>
-        <property name="providerName" value="${config.socialsignon.sinaweibo.provider.name}"/>
-        <property name="icon" value="${config.socialsignon.sinaweibo.icon}"/>
-        <property name="clientId" value="${config.socialsignon.sinaweibo.client.id}"/>
-        <property name="clientSecret" value="${config.socialsignon.sinaweibo.client.secret}"/>
-        <property name="sortOrder" value="${config.socialsignon.sinaweibo.sortorder}"/>
-    </bean>
-    
-    <bean id="socialSignOnGoogle" class="org.maxkey.authn.support.socialsignon.service.SocialSignOnProvider">
-        <property name="provider" value="${config.socialsignon.google.provider}"/>
-        <property name="providerName" value="${config.socialsignon.google.provider.name}"/>
-        <property name="icon" value="${config.socialsignon.google.icon}"/>
-        <property name="clientId" value="${config.socialsignon.google.client.id}"/>
-        <property name="clientSecret" value="${config.socialsignon.google.client.secret}"/>
-        <property name="sortOrder" value="${config.socialsignon.google.sortorder}"/>
-    </bean>
-    
-    <bean id="socialSignOnQQ" class="org.maxkey.authn.support.socialsignon.service.SocialSignOnProvider">
-        <property name="provider" value="${config.socialsignon.qq.provider}"/>
-        <property name="providerName" value="${config.socialsignon.qq.provider.name}"/>
-        <property name="icon" value="${config.socialsignon.qq.icon}"/>
-        <property name="clientId" value="${config.socialsignon.qq.client.id}"/>
-        <property name="clientSecret" value="${config.socialsignon.qq.client.secret}"/>
-        <property name="sortOrder" value="${config.socialsignon.qq.sortorder}"/>
-    </bean>
-
-    <bean id="socialSignOnMicrosoft" class="org.maxkey.authn.support.socialsignon.service.SocialSignOnProvider">
-        <property name="provider" value="${config.socialsignon.microsoft.provider}"/>
-        <property name="providerName" value="${config.socialsignon.microsoft.provider.name}"/>
-        <property name="icon" value="${config.socialsignon.microsoft.icon}"/>
-        <property name="clientId" value="${config.socialsignon.microsoft.client.id}"/>
-        <property name="clientSecret" value="${config.socialsignon.microsoft.client.secret}"/>
-        <property name="sortOrder" value="${config.socialsignon.microsoft.sortorder}"/>
-    </bean>
-
-    <bean id="socialSignOnFacebook" class="org.maxkey.authn.support.socialsignon.service.SocialSignOnProvider">
-        <property name="provider" value="${config.socialsignon.facebook.provider}"/>
-        <property name="providerName" value="${config.socialsignon.facebook.provider.name}"/>
-        <property name="icon" value="${config.socialsignon.facebook.icon}"/>
-        <property name="clientId" value="${config.socialsignon.facebook.client.id}"/>
-        <property name="clientSecret" value="${config.socialsignon.facebook.client.secret}"/>
-        <property name="sortOrder" value="${config.socialsignon.facebook.sortorder}"/>
-    </bean> 
-    <bean id="socialSignOndingtalk" class="org.maxkey.authn.support.socialsignon.service.SocialSignOnProvider">
-        <property name="provider" value="${config.socialsignon.dingtalk.provider}"/>
-        <property name="providerName" value="${config.socialsignon.dingtalk.provider.name}"/>
-        <property name="icon" value="${config.socialsignon.dingtalk.icon}"/>
-        <property name="clientId" value="${config.socialsignon.dingtalk.client.id}"/>
-        <property name="clientSecret" value="${config.socialsignon.dingtalk.client.secret}"/>
-        <property name="sortOrder" value="${config.socialsignon.dingtalk.sortorder}"/>
-    </bean> 
-    
-    <!-- Add Your Providers Here -->
-    
-    <bean id="socialSignOnProviderService" class="org.maxkey.authn.support.socialsignon.service.SocialSignOnProviderService">
-        <property name="socialSignOnProviders" >
-            <list>
-                <ref bean="socialSignOnWeibo" />
-                <ref bean="socialSignOnQQ"/>
-                <ref bean="socialSignOnGoogle"/>
-                <ref bean="socialSignOnMicrosoft"/>
-                <ref bean="socialSignOnFacebook"/>
-                <ref bean="socialSignOndingtalk"/>
-                <!-- ref Your Providers Here -->
-            </list>
-        </property>
-    </bean>
-    
-    <bean id="socialsAssociateService" class="org.maxkey.authn.support.socialsignon.service.JdbcSocialsAssociateService">
-        <constructor-arg ref="jdbcTemplate"/>
-    </bean>
-     <!-- Social Sign On Support End -->
-     
    <!-- Web URL InterceptorAdapter  -->
    <mvc:interceptors>
        <!-- InterceptorAdapter for platform permission  -->
@ -238,19 +159,14 @@
        <ref bean="localeChangeInterceptor" />
    </mvc:interceptors>

-    <bean id="tfaOptAuthn" class="org.maxkey.crypto.password.opt.impl.TimeBasedOtpAuthn">
-    </bean>
-    <!-- 
-    <bean id="tfaOptAuthn" class="org.maxkey.crypto.password.opt.impl.sms.SmsOtpAuthnYunxin">
-    </bean>
-    -->

-    <!-- for Forgot Password -->
+    <!-- for Forgot Password 
    <bean id="tfaMailOptAuthn" class="org.maxkey.crypto.password.opt.impl.MailOtpAuthn">
    </bean>
    
    <bean id="tfaMobileOptAuthn" class="org.maxkey.crypto.password.opt.impl.sms.SmsOtpAuthnYunxin">
    </bean>
+    -->
    
    <!-- LDAP Realm 
    <bean id="authenticationRealm" class="org.maxkey.web.authentication.realm.ldap.LdapAuthenticationRealm">
@ -292,11 +208,14 @@
    </bean> -->
    
    <!-- Default Realm-->
-    <!-- realm use jdbc -->
+    <!-- realm use jdbc 
    <bean id="authenticationRealm" class="org.maxkey.authn.realm.jdbc.JdbcAuthenticationRealm">
        <constructor-arg ref="jdbcTemplate"/>
    </bean>
+     <bean id="tfaOptAuthn" class="org.maxkey.crypto.password.opt.impl.TimeBasedOtpAuthn">
+    </bean>
    
+   -->
    <!-- enable autowire -->
    <context:annotation-config />