From 48600c4af88b6884eb3213c29bafdb1d3ea859e8 Mon Sep 17 00:00:00 2001 From: MaxKey Date: Thu, 5 May 2022 17:13:16 +0800 Subject: [PATCH] jwt --- .gitignore | 4 +- .../authn/support/jwt/HttpJwtEntryPoint.java | 117 ++++++------------ .../authz/endpoint/AuthorizeBaseEndpoint.java | 3 +- .../jwt/endpoint/adapter/JwtAdapter.java | 2 + .../token/endpoint/JwtAuthorizeEndpoint.java | 31 +---- .../OAuth20AccessConfirmationEndpoint.java | 1 + .../endpoint/AuthorizationEndpoint.java | 3 +- .../src/app/layout/basic/basic.component.ts | 2 +- .../src/environments/environment.prod.ts | 11 +- .../src/environments/environment.ts | 2 +- .../maxkey-web-mgt-app/Dockerfile | 26 ++++ .../maxkey-web-mgt-app/nginx.conf | 17 +++ .../src/app/core/net/default.interceptor.ts | 7 +- .../src/app/layout/basic/basic.component.ts | 2 +- .../app/routes/passport/callback.component.ts | 9 +- .../app/routes/passport/jwt-auth.component.ts | 56 +++++++++ .../routes/passport/login/login.component.ts | 7 +- .../passport/passport-routing.module.ts | 12 +- .../app/routes/passport/passport.module.ts | 9 +- .../src/app/service/authentication.service.ts | 11 +- .../src/environments/environment.prod.ts | 11 +- .../src/environments/environment.ts | 9 +- .../HistorySignOnAppInterceptor.java | 14 ++- .../resources/application-http.properties | 6 +- .../views/authorize/jwt_sso_submint.ftl | 37 ++++-- .../java/org/maxkey/MaxKeyMgtMvcConfig.java | 10 +- .../resources/application-http.properties | 10 +- 27 files changed, 241 insertions(+), 188 deletions(-) create mode 100644 maxkey-web-frontend/maxkey-web-mgt-app/Dockerfile create mode 100644 maxkey-web-frontend/maxkey-web-mgt-app/nginx.conf create mode 100644 maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/passport/jwt-auth.component.ts diff --git a/.gitignore b/.gitignore index c0b5c1fe6..51e944390 100644 --- a/.gitignore +++ b/.gitignore @@ -45,7 +45,9 @@ setEnvVars.bat maxkey-web-frontend/maxkey-web-mgt-app/node_modules/ maxkey-web-frontend/maxkey-web-mgt-app/.angular maxkey-web-frontend/maxkey-web-mgt-app/yarn.lock +maxkey-web-frontend/maxkey-web-mgt-app/dist maxkey-web-frontend/maxkey-web-app/node_modules/ maxkey-web-frontend/maxkey-web-app/.angular/ -maxkey-web-frontend/maxkey-web-app/yarn.lock \ No newline at end of file +maxkey-web-frontend/maxkey-web-app/yarn.lock +maxkey-web-frontend/maxkey-web-app/dist \ No newline at end of file diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/jwt/HttpJwtEntryPoint.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/jwt/HttpJwtEntryPoint.java index 78309adbd..19e0b0865 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/jwt/HttpJwtEntryPoint.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/jwt/HttpJwtEntryPoint.java @@ -1,5 +1,5 @@ /* - * Copyright [2020] [MaxKey of copyright http://www.maxkey.top] + * Copyright [2022] [MaxKey of copyright http://www.maxkey.top] * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. @@ -14,103 +14,68 @@ * limitations under the License. */ - package org.maxkey.authn.support.jwt; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - import org.maxkey.authn.AbstractAuthenticationProvider; import org.maxkey.authn.LoginCredential; -import org.maxkey.authn.web.AuthorizationUtils; +import org.maxkey.authn.jwt.AuthJwt; +import org.maxkey.authn.jwt.AuthTokenService; import org.maxkey.configuration.ApplicationConfig; import org.maxkey.constants.ConstsLoginType; +import org.maxkey.entity.Message; import org.maxkey.web.WebConstants; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.springframework.web.servlet.AsyncHandlerInterceptor; - +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.http.MediaType; +import org.springframework.http.ResponseEntity; +import org.springframework.security.core.Authentication; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestParam; import com.nimbusds.jwt.SignedJWT; -public class HttpJwtEntryPoint implements AsyncHandlerInterceptor { +@Controller +@RequestMapping(value = "/login") +public class HttpJwtEntryPoint { private static final Logger _logger = LoggerFactory.getLogger(HttpJwtEntryPoint.class); - - boolean enable; + @Autowired ApplicationConfig applicationConfig; + @Autowired AbstractAuthenticationProvider authenticationProvider ; - + + @Autowired + AuthTokenService authTokenService; + + @Autowired JwtLoginService jwtLoginService; - @Override - public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception { - boolean isAuthenticated= AuthorizationUtils.isAuthenticated(); - String jwt = request.getParameter(WebConstants.JWT_TOKEN_PARAMETER); - - if(!enable - || isAuthenticated - || jwt == null){ - return true; - } - - _logger.debug("JWT Login Start ..."); - _logger.trace("Request url : "+ request.getRequestURL()); - _logger.trace("Request URI : "+ request.getRequestURI()); - _logger.trace("Request ContextPath : "+ request.getContextPath()); - _logger.trace("Request ServletPath : "+ request.getServletPath()); - _logger.trace("RequestSessionId : "+ request.getRequestedSessionId()); - _logger.trace("isRequestedSessionIdValid : "+ request.isRequestedSessionIdValid()); - _logger.trace("getSession : "+ request.getSession(false)); - - // session not exists,session timeout,recreate new session - if(request.getSession(false) == null) { - _logger.trace("recreate new session ."); - request.getSession(true); - } - - _logger.trace("getSession.getId : "+ request.getSession().getId()); - - //for jwt Login - _logger.debug("jwt : " + jwt); - - SignedJWT signedJWT = jwtLoginService.jwtTokenValidation(jwt); - if(signedJWT != null) { - String username =signedJWT.getJWTClaimsSet().getSubject(); - LoginCredential loginCredential =new LoginCredential(username,"",ConstsLoginType.JWT); - authenticationProvider.authenticate(loginCredential,true); - _logger.debug("JWT Logined in , username " + username); - } + @RequestMapping(value={"/jwt"}, produces = {MediaType.APPLICATION_JSON_VALUE}) + public ResponseEntity jwt(@RequestParam(value = WebConstants.JWT_TOKEN_PARAMETER, required = false) String jwt) { + try { + //for jwt Login + _logger.debug("jwt : " + jwt); + + SignedJWT signedJWT = jwtLoginService.jwtTokenValidation(jwt); + + if(signedJWT != null) { + String username =signedJWT.getJWTClaimsSet().getSubject(); + LoginCredential loginCredential =new LoginCredential(username,"",ConstsLoginType.JWT); + Authentication authentication = authenticationProvider.authenticate(loginCredential,true); + _logger.debug("JWT Logined in , username " + username); + AuthJwt authJwt = authTokenService.genAuthJwt(authentication); + return new Message(authJwt).buildResponse(); + } + }catch(Exception e) { + _logger.error("Exception ",e); + } - return true; + return new Message(Message.FAIL).buildResponse(); } - public HttpJwtEntryPoint() { - super(); - } - - public HttpJwtEntryPoint (boolean enable) { - super(); - this.enable = enable; - } - - public HttpJwtEntryPoint(AbstractAuthenticationProvider authenticationProvider, JwtLoginService jwtLoginService, - ApplicationConfig applicationConfig, boolean enable) { - super(); - this.authenticationProvider = authenticationProvider; - this.jwtLoginService = jwtLoginService; - this.applicationConfig = applicationConfig; - this.enable = enable; - } - - public boolean isEnable() { - return enable; - } - - public void setEnable(boolean enable) { - this.enable = enable; - } public void setApplicationConfig(ApplicationConfig applicationConfig) { this.applicationConfig = applicationConfig; diff --git a/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java b/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java index 5ac5fb323..62c763b58 100644 --- a/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java @@ -34,7 +34,6 @@ import org.maxkey.web.WebContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.web.servlet.ModelAndView; /** @@ -61,8 +60,8 @@ public class AuthorizeBaseEndpoint { //session中为空或者id不一致重新加载 if(app == null || !app.getId().equalsIgnoreCase(id)) { app = appsService.get(id,true); - WebContext.setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP, app); } + WebContext.setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP, app); } if(app == null){ _logger.error("Applications id " + id + " is not exist."); diff --git a/maxkey-protocols/maxkey-protocol-jwt/src/main/java/org/maxkey/authz/jwt/endpoint/adapter/JwtAdapter.java b/maxkey-protocols/maxkey-protocol-jwt/src/main/java/org/maxkey/authz/jwt/endpoint/adapter/JwtAdapter.java index 4bf503545..7e9bf5828 100644 --- a/maxkey-protocols/maxkey-protocol-jwt/src/main/java/org/maxkey/authz/jwt/endpoint/adapter/JwtAdapter.java +++ b/maxkey-protocols/maxkey-protocol-jwt/src/main/java/org/maxkey/authz/jwt/endpoint/adapter/JwtAdapter.java @@ -169,6 +169,8 @@ public class JwtAdapter extends AbstractAuthorizeAdapter { modelAndView.addObject("token",serialize()); modelAndView.addObject("jwtName",jwtDetails.getJwtName()); + modelAndView.addObject("tokenType",jwtDetails.getTokenType().toLowerCase()); + return modelAndView; } diff --git a/maxkey-protocols/maxkey-protocol-jwt/src/main/java/org/maxkey/authz/token/endpoint/JwtAuthorizeEndpoint.java b/maxkey-protocols/maxkey-protocol-jwt/src/main/java/org/maxkey/authz/token/endpoint/JwtAuthorizeEndpoint.java index 85da44745..1b06d0e8b 100644 --- a/maxkey-protocols/maxkey-protocol-jwt/src/main/java/org/maxkey/authz/token/endpoint/JwtAuthorizeEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-jwt/src/main/java/org/maxkey/authz/token/endpoint/JwtAuthorizeEndpoint.java @@ -83,7 +83,7 @@ public class JwtAuthorizeEndpoint extends AuthorizeBaseEndpoint{ @CurrentUser UserInfo currentUser){ ModelAndView modelAndView=new ModelAndView(); Apps application = getApp(id); - AppsJwtDetails jwtDetails = jwtDetailsService.getAppDetails(id , true); + AppsJwtDetails jwtDetails = jwtDetailsService.getAppDetails(application.getId() , true); _logger.debug(""+jwtDetails); jwtDetails.setAdapter(application.getAdapter()); jwtDetails.setIsAdapter(application.getIsAdapter()); @@ -110,34 +110,7 @@ public class JwtAuthorizeEndpoint extends AuthorizeBaseEndpoint{ //encrypt adapter.encrypt(null, jwtDetails.getAlgorithmKey(), jwtDetails.getAlgorithm()); - if(jwtDetails.getTokenType().equalsIgnoreCase("POST")) { - return adapter.authorize(modelAndView); - }else { - _logger.debug("Cookie Name : {}" , jwtDetails.getJwtName()); - - Cookie cookie= new Cookie(jwtDetails.getJwtName(),adapter.serialize()); - - Integer maxAge = jwtDetails.getExpires(); - _logger.debug("Cookie Max Age : {} seconds." , maxAge); - cookie.setMaxAge(maxAge); - - cookie.setPath("/"); - // - //cookie.setDomain("."+applicationConfig.getBaseDomainName()); - //tomcat 8.5 - cookie.setDomain(applicationConfig.getBaseDomainName()); - - _logger.debug("Sub Domain Name : .{}",applicationConfig.getBaseDomainName()); - response.addCookie(cookie); - - if(jwtDetails.getRedirectUri().indexOf(applicationConfig.getBaseDomainName())>-1){ - return WebContext.redirect(jwtDetails.getRedirectUri()); - }else{ - _logger.error(jwtDetails.getRedirectUri()+" not in domain "+applicationConfig.getBaseDomainName()); - return null; - } - } - + return adapter.authorize(modelAndView); } @Operation(summary = "JWT JWK元数据接口", description = "参数mxk_metadata_APPID",method="GET") diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/endpoint/OAuth20AccessConfirmationEndpoint.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/endpoint/OAuth20AccessConfirmationEndpoint.java index 41849ac23..6b494d03c 100644 --- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/endpoint/OAuth20AccessConfirmationEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/endpoint/OAuth20AccessConfirmationEndpoint.java @@ -129,6 +129,7 @@ public class OAuth20AccessConfirmationEndpoint { for (Object key : model.keySet()) { _logger.trace("key " + key +"=" + model.get(key)); } + model.put("authorizeApproveUri", applicationConfig.getFrontendUri()+"/#/authz/oauth2approve"); modelAndView.addObject("model", model); diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AuthorizationEndpoint.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AuthorizationEndpoint.java index add391a14..bcdc31fb1 100644 --- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AuthorizationEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AuthorizationEndpoint.java @@ -102,7 +102,7 @@ import io.swagger.v3.oas.annotations.tags.Tag; public class AuthorizationEndpoint extends AbstractEndpoint { final static Logger _logger = LoggerFactory.getLogger(AuthorizationEndpoint.class); - private static final String OAUTH_V20_AUTHORIZATION_URL = "%s" + OAuth2Constants.ENDPOINT.ENDPOINT_AUTHORIZE + "?client_id=%s&response_type=code&redirect_uri=%s&approval_prompt=auto"; + private static final String OAUTH_V20_AUTHORIZATION_URL = "" + OAuth2Constants.ENDPOINT.ENDPOINT_AUTHORIZE + "?client_id=%s&response_type=code&redirect_uri=%s&approval_prompt=auto"; private RedirectResolver redirectResolver = new DefaultRedirectResolver(); @@ -132,7 +132,6 @@ public class AuthorizationEndpoint extends AbstractEndpoint { String authorizationUrl = ""; try { authorizationUrl = String.format(OAUTH_V20_AUTHORIZATION_URL, - applicationConfig.getServerPrefix(), clientDetails.getClientId(), HttpEncoder.encode(clientDetails.getRegisteredRedirectUri().toArray()[0].toString()) ); diff --git a/maxkey-web-frontend/maxkey-web-app/src/app/layout/basic/basic.component.ts b/maxkey-web-frontend/maxkey-web-app/src/app/layout/basic/basic.component.ts index 8927e94bf..a3abf9ce6 100644 --- a/maxkey-web-frontend/maxkey-web-app/src/app/layout/basic/basic.component.ts +++ b/maxkey-web-frontend/maxkey-web-app/src/app/layout/basic/basic.component.ts @@ -38,7 +38,7 @@ import { LayoutDefaultOptions } from '../../theme/layout-default'; - logo + logo
MaxKey{{ 'mxk.title' | i18n }}
diff --git a/maxkey-web-frontend/maxkey-web-app/src/environments/environment.prod.ts b/maxkey-web-frontend/maxkey-web-app/src/environments/environment.prod.ts index a9ba18f2e..742e611e7 100644 --- a/maxkey-web-frontend/maxkey-web-app/src/environments/environment.prod.ts +++ b/maxkey-web-frontend/maxkey-web-app/src/environments/environment.prod.ts @@ -1,19 +1,18 @@ /* * Copyright [2022] [MaxKey of copyright http://www.maxkey.top] - * + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ - import { Environment } from '@delon/theme'; @@ -21,8 +20,8 @@ export const environment = { production: true, useHash: true, api: { - baseUrl: './', + baseUrl: '/sign', refreshTokenEnabled: true, - refreshTokenType: 'auth-refresh' + refreshTokenType: 're-request' } } as Environment; diff --git a/maxkey-web-frontend/maxkey-web-app/src/environments/environment.ts b/maxkey-web-frontend/maxkey-web-app/src/environments/environment.ts index 2c8e6d865..61b10a6c9 100644 --- a/maxkey-web-frontend/maxkey-web-app/src/environments/environment.ts +++ b/maxkey-web-frontend/maxkey-web-app/src/environments/environment.ts @@ -27,7 +27,7 @@ export const environment = { production: false, useHash: true, api: { - baseUrl: 'http://sso.maxkey.top:8080/maxkey', + baseUrl: 'http://sso.maxkey.top:9527/sign', refreshTokenEnabled: true, refreshTokenType: 're-request' }, diff --git a/maxkey-web-frontend/maxkey-web-mgt-app/Dockerfile b/maxkey-web-frontend/maxkey-web-mgt-app/Dockerfile new file mode 100644 index 000000000..548faa381 --- /dev/null +++ b/maxkey-web-frontend/maxkey-web-mgt-app/Dockerfile @@ -0,0 +1,26 @@ +FROM node:16.14.2 + +LABEL authors="MaxKey " + +WORKDIR /usr/src/app + +COPY package.json package.json + +RUN npm config set registry https://registry.npm.taobao.org \ + && npm i + +COPY ./src ./src +RUN npm install -g @angular/cli + +RUN ng build --prod + +FROM nginx + +COPY ./nginx.conf /etc/nginx/conf.d/ + +RUN rm -rf /usr/share/nginx/html/* + +COPY dist /usr/share/nginx/html + +#CMD ["nginx", "-g", "daemon off;"] + diff --git a/maxkey-web-frontend/maxkey-web-mgt-app/nginx.conf b/maxkey-web-frontend/maxkey-web-mgt-app/nginx.conf new file mode 100644 index 000000000..6ca86656f --- /dev/null +++ b/maxkey-web-frontend/maxkey-web-mgt-app/nginx.conf @@ -0,0 +1,17 @@ +#MaxKey mgmt server +server { + listen 9524; + + server_name localhost; + + location / { + root /usr/share/nginx/html; + index index.html index.htm; + try_files $uri $uri/ /index.html; + } + + error_page 500 502 503 504 /50x.html; + location = /50x.html { + root /usr/share/nginx/html; + } +} \ No newline at end of file diff --git a/maxkey-web-frontend/maxkey-web-mgt-app/src/app/core/net/default.interceptor.ts b/maxkey-web-frontend/maxkey-web-mgt-app/src/app/core/net/default.interceptor.ts index 219aeb185..9b1e51209 100644 --- a/maxkey-web-frontend/maxkey-web-mgt-app/src/app/core/net/default.interceptor.ts +++ b/maxkey-web-frontend/maxkey-web-mgt-app/src/app/core/net/default.interceptor.ts @@ -1,19 +1,18 @@ /* * Copyright [2022] [MaxKey of copyright http://www.maxkey.top] - * + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ - import { HttpErrorResponse, diff --git a/maxkey-web-frontend/maxkey-web-mgt-app/src/app/layout/basic/basic.component.ts b/maxkey-web-frontend/maxkey-web-mgt-app/src/app/layout/basic/basic.component.ts index b8efbd094..7b7157985 100644 --- a/maxkey-web-frontend/maxkey-web-mgt-app/src/app/layout/basic/basic.component.ts +++ b/maxkey-web-frontend/maxkey-web-mgt-app/src/app/layout/basic/basic.component.ts @@ -35,7 +35,7 @@ import { LayoutDefaultOptions } from '../../theme/layout-default'; - logo + logo
{ + if (res.code !== 0) { + this.router.navigateByUrl('/passport/login'); + } else { + // 清空路由复用信息 + this.reuseTabService.clear(); + // 设置用户Token信息 + this.authenticationService.auth(res.data); + this.authenticationService.navigate({}); + } + }); + } +} diff --git a/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/passport/login/login.component.ts b/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/passport/login/login.component.ts index f08a5749c..c62e9bd16 100644 --- a/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/passport/login/login.component.ts +++ b/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/passport/login/login.component.ts @@ -1,19 +1,18 @@ /* * Copyright [2022] [MaxKey of copyright http://www.maxkey.top] - * + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ - import { ChangeDetectionStrategy, ChangeDetectorRef, Component, OnInit, Inject, OnDestroy, Optional } from '@angular/core'; import { AbstractControl, FormBuilder, FormGroup, Validators } from '@angular/forms'; diff --git a/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/passport/passport-routing.module.ts b/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/passport/passport-routing.module.ts index 770483626..9d729d245 100644 --- a/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/passport/passport-routing.module.ts +++ b/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/passport/passport-routing.module.ts @@ -1,25 +1,25 @@ /* * Copyright [2022] [MaxKey of copyright http://www.maxkey.top] - * + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ - import { NgModule } from '@angular/core'; import { RouterModule, Routes } from '@angular/router'; import { LayoutPassportComponent } from '../../layout/passport/passport.component'; import { CallbackComponent } from './callback.component'; +import { JwtAuthComponent } from './jwt-auth.component'; import { UserLockComponent } from './lock/lock.component'; import { UserLoginComponent } from './login/login.component'; import { UserRegisterResultComponent } from './register-result/register-result.component'; @@ -54,11 +54,11 @@ const routes: Routes = [ ] }, // 单页不包裹Layout - { path: 'passport/callback/:type', component: CallbackComponent } + { path: 'passport/jwt/auth', component: JwtAuthComponent } ]; @NgModule({ imports: [RouterModule.forChild(routes)], exports: [RouterModule] }) -export class PassportRoutingModule {} +export class PassportRoutingModule { } diff --git a/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/passport/passport.module.ts b/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/passport/passport.module.ts index 3ac79b48c..2034529fc 100644 --- a/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/passport/passport.module.ts +++ b/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/passport/passport.module.ts @@ -1,19 +1,18 @@ /* * Copyright [2022] [MaxKey of copyright http://www.maxkey.top] - * + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ - import { NgModule } from '@angular/core'; import { SharedModule } from '@shared'; @@ -31,4 +30,4 @@ const COMPONENTS = [UserLoginComponent, UserRegisterResultComponent, UserRegiste imports: [SharedModule, PassportRoutingModule], declarations: [...COMPONENTS] }) -export class PassportModule {} +export class PassportModule { } diff --git a/maxkey-web-frontend/maxkey-web-mgt-app/src/app/service/authentication.service.ts b/maxkey-web-frontend/maxkey-web-mgt-app/src/app/service/authentication.service.ts index e8eb410f5..2fcb27bb9 100644 --- a/maxkey-web-frontend/maxkey-web-mgt-app/src/app/service/authentication.service.ts +++ b/maxkey-web-frontend/maxkey-web-mgt-app/src/app/service/authentication.service.ts @@ -1,19 +1,18 @@ /* * Copyright [2022] [MaxKey of copyright http://www.maxkey.top] - * + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ - import { Injectable, Inject } from '@angular/core'; import { Router } from '@angular/router'; @@ -62,6 +61,10 @@ export class AuthenticationService { return this.http.post('/login/congress?_allow_anonymous=true', authParam); } + jwtAuth(authParam: any) { + return this.http.get(`/login/jwt?_allow_anonymous=true`, authParam); + } + clear() { this.tokenService.clear(); } diff --git a/maxkey-web-frontend/maxkey-web-mgt-app/src/environments/environment.prod.ts b/maxkey-web-frontend/maxkey-web-mgt-app/src/environments/environment.prod.ts index a9ba18f2e..8f59a6737 100644 --- a/maxkey-web-frontend/maxkey-web-mgt-app/src/environments/environment.prod.ts +++ b/maxkey-web-frontend/maxkey-web-mgt-app/src/environments/environment.prod.ts @@ -1,19 +1,18 @@ /* * Copyright [2022] [MaxKey of copyright http://www.maxkey.top] - * + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ - import { Environment } from '@delon/theme'; @@ -21,8 +20,8 @@ export const environment = { production: true, useHash: true, api: { - baseUrl: './', + baseUrl: '/maxkey-mgt-api', refreshTokenEnabled: true, - refreshTokenType: 'auth-refresh' + refreshTokenType: 're-request' } } as Environment; diff --git a/maxkey-web-frontend/maxkey-web-mgt-app/src/environments/environment.ts b/maxkey-web-frontend/maxkey-web-mgt-app/src/environments/environment.ts index 1be0cf2b6..3f3c76084 100644 --- a/maxkey-web-frontend/maxkey-web-mgt-app/src/environments/environment.ts +++ b/maxkey-web-frontend/maxkey-web-mgt-app/src/environments/environment.ts @@ -1,19 +1,18 @@ /* * Copyright [2022] [MaxKey of copyright http://www.maxkey.top] - * + * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at - * + * * http://www.apache.org/licenses/LICENSE-2.0 - * + * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ - // This file can be replaced during build by using the `fileReplacements` array. // `ng build ---prod` replaces `environment.ts` with `environment.prod.ts`. @@ -28,7 +27,7 @@ export const environment = { production: false, useHash: true, api: { - baseUrl: 'http://sso.maxkey.top:9527/maxkey-mgt/', + baseUrl: 'http://sso.maxkey.top:9526/maxkey-mgt-api/', refreshTokenEnabled: true, refreshTokenType: 're-request' }, diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/HistorySignOnAppInterceptor.java b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/HistorySignOnAppInterceptor.java index 9cdcceca6..f4be0c01b 100644 --- a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/HistorySignOnAppInterceptor.java +++ b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/HistorySignOnAppInterceptor.java @@ -54,8 +54,18 @@ public class HistorySignOnAppInterceptor implements AsyncHandlerInterceptor { public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception { - _logger.debug("preHandle"); - final Apps app = (Apps)WebContext.getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP); + _logger.debug("preHandle {}",request.getRequestURI()); + Apps app = (Apps)WebContext.getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP); + if(app == null) { + String appId =""; + //JWT + if(request.getRequestURI().contains("/authz/jwt/")) { + String [] requestURI = request.getRequestURI().split("/"); + appId = requestURI[requestURI.length -1]; + } + _logger.debug("appId {}",appId); + app = appsService.get(appId,true); + } SignPrincipal principal = AuthorizationUtils.getPrincipal(); if(principal != null && app !=null) { if(principal.getGrantedAuthorityApps().contains(new SimpleGrantedAuthority(app.getId()))) { diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/resources/application-http.properties b/maxkey-webs/maxkey-web-maxkey/src/main/resources/application-http.properties index 6beb38e28..c756af5d5 100644 --- a/maxkey-webs/maxkey-web-maxkey/src/main/resources/application-http.properties +++ b/maxkey-webs/maxkey-web-maxkey/src/main/resources/application-http.properties @@ -16,7 +16,7 @@ #spring.profiles.active=http # ############################################################################ #server port -server.port =${SERVER_PORT:8080} +server.port =${SERVER_PORT:9527} #session default 600 #600s =10m #1800s =30m @@ -24,7 +24,7 @@ server.port =${SERVER_PORT:8080} #28800s =8h server.servlet.session.timeout =${SERVLET_SESSION_TIMEOUT:600} #server context path -server.servlet.context-path =/maxkey +server.servlet.context-path =/sign #nacos discovery spring.cloud.nacos.discovery.enabled =${NACOS_DISCOVERY_ENABLED:false} spring.cloud.nacos.discovery.instance-enabled =false @@ -44,7 +44,7 @@ maxkey.server.mgt.uri =${maxkey.server.name}:9527/maxk maxkey.server.authz.uri =${maxkey.server.name}:${server.port}${server.servlet.context-path} #http://sso.maxkey.top/sign #http://sso.maxkey.top:4200 -maxkey.server.frontend.uri =${maxkey.server.name}:${server.frontend.port} +maxkey.server.frontend.uri =/maxkey #InMemory 0 , Redis 2 maxkey.server.persistence =${SERVER_PERSISTENCE:0} #identity none, Kafka ,RocketMQ diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/resources/templates/views/authorize/jwt_sso_submint.ftl b/maxkey-webs/maxkey-web-maxkey/src/main/resources/templates/views/authorize/jwt_sso_submint.ftl index cc91ea7ec..ba2f36450 100644 --- a/maxkey-webs/maxkey-web-maxkey/src/main/resources/templates/views/authorize/jwt_sso_submint.ftl +++ b/maxkey-webs/maxkey-web-maxkey/src/main/resources/templates/views/authorize/jwt_sso_submint.ftl @@ -7,17 +7,30 @@ -
- - - - - - - - - -
token
-
+<#if 'post'==tokenType> +
+ + + + + + + + + +
token
+
+ + +<#if 'get'==tokenType> +
+ + + + +
+
+ + diff --git a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/MaxKeyMgtMvcConfig.java b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/MaxKeyMgtMvcConfig.java index abd7ad4a0..0a7c48fd0 100644 --- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/MaxKeyMgtMvcConfig.java +++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/MaxKeyMgtMvcConfig.java @@ -20,8 +20,6 @@ package org.maxkey; import java.util.List; import org.maxkey.authn.AbstractAuthenticationProvider; -import org.maxkey.authn.support.jwt.HttpJwtEntryPoint; -import org.maxkey.authn.support.jwt.JwtLoginService; import org.maxkey.authn.web.CurrentUserMethodArgumentResolver; import org.maxkey.authn.web.interceptor.PermissionInterceptor; import org.maxkey.configuration.ApplicationConfig; @@ -49,9 +47,6 @@ public class MaxKeyMgtMvcConfig implements WebMvcConfigurer { @Autowired AbstractAuthenticationProvider authenticationProvider ; - @Autowired - JwtLoginService jwtLoginService; - @Autowired PermissionInterceptor permissionInterceptor; @@ -90,10 +85,7 @@ public class MaxKeyMgtMvcConfig implements WebMvcConfigurer { //addPathPatterns 用于添加拦截规则 , 先把所有路径都加入拦截, 再一个个排除 //excludePathPatterns 表示改路径不用拦截 _logger.debug("add HttpJwtEntryPoint"); - registry.addInterceptor(new HttpJwtEntryPoint( - authenticationProvider,jwtLoginService,applicationConfig,true)) - .addPathPatterns("/login"); - + permissionInterceptor.setMgmt(true); registry.addInterceptor(permissionInterceptor) diff --git a/maxkey-webs/maxkey-web-mgt/src/main/resources/application-http.properties b/maxkey-webs/maxkey-web-mgt/src/main/resources/application-http.properties index 3e3b2cdf1..589e1f484 100644 --- a/maxkey-webs/maxkey-web-mgt/src/main/resources/application-http.properties +++ b/maxkey-webs/maxkey-web-mgt/src/main/resources/application-http.properties @@ -16,9 +16,9 @@ #MaxKey Server configuration # ############################################################################ #server port -server.port =${SERVER_PORT:9527} +server.port =${SERVER_PORT:9526} #server context path -server.servlet.context-path =/maxkey-mgt +server.servlet.context-path =/maxkey-mgt-api #nacos discovery spring.cloud.nacos.discovery.enabled =${NACOS_DISCOVERY_ENABLED:false} spring.cloud.nacos.discovery.instance-enabled =false @@ -30,7 +30,7 @@ maxkey.server.scheme =http maxkey.server.basedomain =${SERVER_DOMAIN:maxkey.top} maxkey.server.domain =sso.${maxkey.server.basedomain} maxkey.server.name =${maxkey.server.scheme}://${maxkey.server.domain} -maxkey.server.uri =${maxkey.server.name}:9527${server.servlet.context-path} +maxkey.server.uri =${maxkey.server.name}:${server.port}${server.servlet.context-path} #default.uri maxkey.server.default.uri =${maxkey.server.uri}/main maxkey.server.mgt.uri =${maxkey.server.uri} @@ -41,8 +41,10 @@ maxkey.server.persistence =0 maxkey.server.message.queue =${SERVER_MESSAGE_QUEUE:none} maxkey.session.timeout =${SERVER_SESSION_TIMEOUT:1800} -maxkey.auth.jwt.expires =86400 + maxkey.auth.jwt.issuer =${maxkey.server.uri} + +maxkey.auth.jwt.expires =900 maxkey.auth.jwt.secret =7heM-14BtxjyKPuH3ITIm7q2-ps5MuBirWCsrrdbzzSAOuSPrbQYiaJ54AeA0uH2XdkYy3hHAkTFIsieGkyqxOJZ_dQzrCbaYISH9rhUZAKYx8tUY0wkE4ArOC6LqHDJarR6UIcMsARakK9U4dhoOPO1cj74XytemI-w6ACYfzRUn_Rn4e-CQMcnD1C56oNEukwalf06xVgXl41h6K8IBEzLVod58y_VfvFn-NGWpNG0fy_Qxng6dg8Dgva2DobvzMN2eejHGLGB-x809MvC4zbG7CKNVlcrzMYDt2Gt2sOVDrt2l9YqJNfgaLFjrOEVw5cuXemGkX1MvHj6TAsbLg maxkey.auth.jwt.refresh.secret =7heM-14BtxjyKPuH3ITIm7q2-ps5MuBirWCsrrdbzzSAOuSPrbQYiaJ54AeA0uH2XdkYy3hHAkTFIsieGkyqxOJZ_dQzrCbaYISH9rhUZAKYx8tUY0wkE4ArOC6LqHDJarR6UIcMsARakK9U4dhoOPO1cj74XytemI-w6ACYfzRUn_Rn4e-CQMcnD1C56oNEukwalf06xVgXl41h6K8IBEzLVod58y_VfvFn-NGWpNG0fy_Qxng6dg8Dgva2DobvzMN2eejHGLGB-x809MvC4zbG7CKNVlcrzMYDt2Gt2sOVDrt2l9YqJNfgaLFjrOEVw5cuXemGkX1MvHj6TAsbLg ############################################################################