jwt

2025-12-07 01:18:27 +08:00 · 2022-05-05 17:13:16 +08:00 · 2022-05-05 17:13:16 +08:00 · 48600c4af8
commit 48600c4af8
parent daad22a00e
27 changed files with 241 additions and 188 deletions
--- a/.gitignore
+++ b/.gitignore
@ -45,7 +45,9 @@ setEnvVars.bat
 maxkey-web-frontend/maxkey-web-mgt-app/node_modules/
 maxkey-web-frontend/maxkey-web-mgt-app/.angular
 maxkey-web-frontend/maxkey-web-mgt-app/yarn.lock
 maxkey-web-frontend/maxkey-web-mgt-app/dist
 maxkey-web-frontend/maxkey-web-app/node_modules/
 maxkey-web-frontend/maxkey-web-app/.angular/
-maxkey-web-frontend/maxkey-web-app/yarn.lock
+maxkey-web-frontend/maxkey-web-app/yarn.lock
 maxkey-web-frontend/maxkey-web-app/dist
--- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/jwt/HttpJwtEntryPoint.java
+++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/jwt/HttpJwtEntryPoint.java
@ -1,5 +1,5 @@
 /*
- * Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
+ * Copyright [2022] [MaxKey of copyright http://www.maxkey.top]
 * 
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
@ -14,103 +14,68 @@
 * limitations under the License.
 */
 package org.maxkey.authn.support.jwt;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import org.maxkey.authn.AbstractAuthenticationProvider;
 import org.maxkey.authn.LoginCredential;
-import org.maxkey.authn.web.AuthorizationUtils;
+import org.maxkey.authn.jwt.AuthJwt;
 import org.maxkey.authn.jwt.AuthTokenService;
 import org.maxkey.configuration.ApplicationConfig;
 import org.maxkey.constants.ConstsLoginType;
 import org.maxkey.entity.Message;
 import org.maxkey.web.WebConstants;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.web.servlet.AsyncHandlerInterceptor;
+import org.springframework.beans.factory.annotation.Autowired;
-
+import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.core.Authentication;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
 import com.nimbusds.jwt.SignedJWT;
-public class HttpJwtEntryPoint implements AsyncHandlerInterceptor {
+@Controller
@RequestMapping(value = "/login")
 public class HttpJwtEntryPoint {
 	private static final Logger _logger = LoggerFactory.getLogger(HttpJwtEntryPoint.class);
    boolean enable;
 	@Autowired
  	ApplicationConfig applicationConfig;
  	@Autowired
    AbstractAuthenticationProvider authenticationProvider ;
-    
+  	
  	@Autowired
 	AuthTokenService authTokenService;
    @Autowired
 	JwtLoginService jwtLoginService;
-	 @Override
+	@RequestMapping(value={"/jwt"}, produces = {MediaType.APPLICATION_JSON_VALUE})
-	 public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
+	public ResponseEntity<?> jwt(@RequestParam(value = WebConstants.JWT_TOKEN_PARAMETER, required = false) String jwt) {
-		 boolean isAuthenticated= AuthorizationUtils.isAuthenticated();
+		try {
-		 String jwt = request.getParameter(WebConstants.JWT_TOKEN_PARAMETER);
+			//for jwt Login
-		 
+			 _logger.debug("jwt : " + jwt);
-		 if(!enable 
+	
-				 || isAuthenticated 
+			 SignedJWT signedJWT = jwtLoginService.jwtTokenValidation(jwt);
-				 || jwt == null){
+			 
-			 return true;
+			 if(signedJWT != null) {
-		 }
+				 String username =signedJWT.getJWTClaimsSet().getSubject();
-		 
+				 LoginCredential loginCredential =new LoginCredential(username,"",ConstsLoginType.JWT);
-		 _logger.debug("JWT Login Start ...");
+				 Authentication  authentication = authenticationProvider.authenticate(loginCredential,true);
-		 _logger.trace("Request url : "+ request.getRequestURL());
+				 _logger.debug("JWT Logined in , username " + username);
-		 _logger.trace("Request URI : "+ request.getRequestURI());
+				 AuthJwt authJwt = authTokenService.genAuthJwt(authentication);
-		 _logger.trace("Request ContextPath : "+ request.getContextPath());
+		 		 return new Message<AuthJwt>(authJwt).buildResponse();
-		 _logger.trace("Request ServletPath : "+ request.getServletPath());
+			 }
-		 _logger.trace("RequestSessionId : "+ request.getRequestedSessionId());
+		}catch(Exception e) {
-		 _logger.trace("isRequestedSessionIdValid : "+ request.isRequestedSessionIdValid());
+			_logger.error("Exception ",e);
-		 _logger.trace("getSession : "+ request.getSession(false));
+		}
 		// session not exists，session timeout，recreate new session
 		 if(request.getSession(false) == null) {
 		    _logger.trace("recreate new session .");
 			request.getSession(true);
 		 }
 		 _logger.trace("getSession.getId : "+ request.getSession().getId());
 		//for jwt Login
 		 _logger.debug("jwt : " + jwt);
 		 SignedJWT signedJWT = jwtLoginService.jwtTokenValidation(jwt);
 		 if(signedJWT != null) {
 			 String username =signedJWT.getJWTClaimsSet().getSubject();
 			 LoginCredential loginCredential =new LoginCredential(username,"",ConstsLoginType.JWT);
 			 authenticationProvider.authenticate(loginCredential,true);
 			 _logger.debug("JWT Logined in , username " + username);
 		 }
-		return true;
+		 return new Message<AuthJwt>(Message.FAIL).buildResponse();
 	}
 	 public HttpJwtEntryPoint() {
 	        super();
 	 }
    public HttpJwtEntryPoint (boolean enable) {
        super();
        this.enable = enable;
    }
    public HttpJwtEntryPoint(AbstractAuthenticationProvider authenticationProvider, JwtLoginService jwtLoginService,
 			ApplicationConfig applicationConfig, boolean enable) {
 		super();
 		this.authenticationProvider = authenticationProvider;
 		this.jwtLoginService = jwtLoginService;
 		this.applicationConfig = applicationConfig;
 		this.enable = enable;
 	}
 	public boolean isEnable() {
        return enable;
    }
    public void setEnable(boolean enable) {
        this.enable = enable;
    }
 	public void setApplicationConfig(ApplicationConfig applicationConfig) {
 		this.applicationConfig = applicationConfig;
--- a/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java
@ -34,7 +34,6 @@ import org.maxkey.web.WebContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.web.servlet.ModelAndView;
 /**
@ -61,8 +60,8 @@ public class AuthorizeBaseEndpoint {
 			//session中为空或者id不一致重新加载
 			if(app == null || !app.getId().equalsIgnoreCase(id)) {
 				app = appsService.get(id,true);
 				WebContext.setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP, app);
 			}
 			WebContext.setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP, app);
 		}
 		if(app	==	null){
 			_logger.error("Applications id " + id + "  is not exist.");
--- a/maxkey-protocols/maxkey-protocol-jwt/src/main/java/org/maxkey/authz/jwt/endpoint/adapter/JwtAdapter.java
+++ b/maxkey-protocols/maxkey-protocol-jwt/src/main/java/org/maxkey/authz/jwt/endpoint/adapter/JwtAdapter.java
@ -169,6 +169,8 @@ public class JwtAdapter extends AbstractAuthorizeAdapter {
 		modelAndView.addObject("token",serialize());
 		modelAndView.addObject("jwtName",jwtDetails.getJwtName());
 		modelAndView.addObject("tokenType",jwtDetails.getTokenType().toLowerCase());
 		return modelAndView;
 	}
--- a/maxkey-protocols/maxkey-protocol-jwt/src/main/java/org/maxkey/authz/token/endpoint/JwtAuthorizeEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-jwt/src/main/java/org/maxkey/authz/token/endpoint/JwtAuthorizeEndpoint.java
@ -83,7 +83,7 @@ public class JwtAuthorizeEndpoint  extends AuthorizeBaseEndpoint{
 			@CurrentUser UserInfo currentUser){
 		ModelAndView modelAndView=new ModelAndView();
 		Apps  application = getApp(id);
-		AppsJwtDetails jwtDetails = jwtDetailsService.getAppDetails(id , true);
+		AppsJwtDetails jwtDetails = jwtDetailsService.getAppDetails(application.getId() , true);
 		_logger.debug(""+jwtDetails);
 		jwtDetails.setAdapter(application.getAdapter());
 		jwtDetails.setIsAdapter(application.getIsAdapter());
@ -110,34 +110,7 @@ public class JwtAuthorizeEndpoint  extends AuthorizeBaseEndpoint{
 		//encrypt
 		adapter.encrypt(null, jwtDetails.getAlgorithmKey(), jwtDetails.getAlgorithm());
-		if(jwtDetails.getTokenType().equalsIgnoreCase("POST")) {
+		return adapter.authorize(modelAndView);
 			return adapter.authorize(modelAndView);
 		}else {
 			_logger.debug("Cookie Name : {}" , jwtDetails.getJwtName());
 			Cookie cookie= new Cookie(jwtDetails.getJwtName(),adapter.serialize());
 			Integer maxAge = jwtDetails.getExpires();
 			_logger.debug("Cookie Max Age : {} seconds." , maxAge);
 			cookie.setMaxAge(maxAge);
 			cookie.setPath("/");
 			//
 			//cookie.setDomain("."+applicationConfig.getBaseDomainName());
 			//tomcat 8.5
 			cookie.setDomain(applicationConfig.getBaseDomainName());
 			_logger.debug("Sub Domain Name : .{}",applicationConfig.getBaseDomainName());
 			response.addCookie(cookie);
 			if(jwtDetails.getRedirectUri().indexOf(applicationConfig.getBaseDomainName())>-1){
 				return WebContext.redirect(jwtDetails.getRedirectUri());
 			}else{
 				_logger.error(jwtDetails.getRedirectUri()+" not in domain "+applicationConfig.getBaseDomainName());
 				return null;
 			}
 		}
 	}
 	@Operation(summary = "JWT JWK元数据接口", description = "参数mxk_metadata_APPID",method="GET")
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/endpoint/OAuth20AccessConfirmationEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/endpoint/OAuth20AccessConfirmationEndpoint.java
@ -129,6 +129,7 @@ public class OAuth20AccessConfirmationEndpoint {
        for (Object key : model.keySet()) {
            _logger.trace("key " + key +"=" + model.get(key));
        }
        model.put("authorizeApproveUri", applicationConfig.getFrontendUri()+"/#/authz/oauth2approve");
        modelAndView.addObject("model", model);
--- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AuthorizationEndpoint.java
+++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AuthorizationEndpoint.java
@ -102,7 +102,7 @@ import io.swagger.v3.oas.annotations.tags.Tag;
 public class AuthorizationEndpoint extends AbstractEndpoint {
 	final static Logger _logger = LoggerFactory.getLogger(AuthorizationEndpoint.class);
-	private static final String OAUTH_V20_AUTHORIZATION_URL = "%s" + OAuth2Constants.ENDPOINT.ENDPOINT_AUTHORIZE + "?client_id=%s&response_type=code&redirect_uri=%s&approval_prompt=auto";
+	private static final String OAUTH_V20_AUTHORIZATION_URL = "" + OAuth2Constants.ENDPOINT.ENDPOINT_AUTHORIZE + "?client_id=%s&response_type=code&redirect_uri=%s&approval_prompt=auto";
 	private RedirectResolver redirectResolver = new DefaultRedirectResolver();
@ -132,7 +132,6 @@ public class AuthorizationEndpoint extends AbstractEndpoint {
        String authorizationUrl = "";
        try {
            authorizationUrl = String.format(OAUTH_V20_AUTHORIZATION_URL, 
                            applicationConfig.getServerPrefix(),
                            clientDetails.getClientId(), 
                            HttpEncoder.encode(clientDetails.getRegisteredRedirectUri().toArray()[0].toString())
                    );
--- a/maxkey-web-frontend/maxkey-web-app/src/app/layout/basic/basic.component.ts
+++ b/maxkey-web-frontend/maxkey-web-app/src/app/layout/basic/basic.component.ts
@ -38,7 +38,7 @@ import { LayoutDefaultOptions } from '../../theme/layout-default';
    <layout-default [options]="options" [asideUser]="asideUserTpl" [content]="contentTpl" [customError]="null">
      <layout-default-header-item direction="left">
        <a href="#">
-          <img src="../assets/logo.jpg" alt="logo" style="height: 50px;height: 50px;float: left;" />
+          <img src="./assets/logo.jpg" alt="logo" style="height: 50px;height: 50px;float: left;" />
          <div class="alain-default__header-title"> Max<span style="color: #FFD700;">Key</span>{{ 'mxk.title' | i18n }} </div>
        </a>
      </layout-default-header-item>
--- a/maxkey-web-frontend/maxkey-web-app/src/environments/environment.prod.ts
+++ b/maxkey-web-frontend/maxkey-web-app/src/environments/environment.prod.ts
@ -1,19 +1,18 @@
 /*
 * Copyright [2022] [MaxKey of copyright http://www.maxkey.top]
- * 
+ *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
- * 
+ *
 *     http://www.apache.org/licenses/LICENSE-2.0
- * 
+ *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 import { Environment } from '@delon/theme';
@ -21,8 +20,8 @@ export const environment = {
  production: true,
  useHash: true,
  api: {
-    baseUrl: './',
+    baseUrl: '/sign',
    refreshTokenEnabled: true,
-    refreshTokenType: 'auth-refresh'
+    refreshTokenType: 're-request'
  }
 } as Environment;
--- a/maxkey-web-frontend/maxkey-web-app/src/environments/environment.ts
+++ b/maxkey-web-frontend/maxkey-web-app/src/environments/environment.ts
@ -27,7 +27,7 @@ export const environment = {
  production: false,
  useHash: true,
  api: {
-    baseUrl: 'http://sso.maxkey.top:8080/maxkey',
+    baseUrl: 'http://sso.maxkey.top:9527/sign',
    refreshTokenEnabled: true,
    refreshTokenType: 're-request'
  },
--- a/maxkey-web-frontend/maxkey-web-mgt-app/Dockerfile
+++ b/maxkey-web-frontend/maxkey-web-mgt-app/Dockerfile
@ -0,0 +1,26 @@
 FROM node:16.14.2
 LABEL authors="MaxKey <maxkeysupport@163.com>"
 WORKDIR /usr/src/app
 COPY package.json package.json
 RUN npm config set registry https://registry.npm.taobao.org \
    && npm i
 COPY ./src  ./src
 RUN npm install -g @angular/cli
 RUN ng build --prod
 FROM nginx
 COPY ./nginx.conf /etc/nginx/conf.d/
 RUN rm -rf /usr/share/nginx/html/*
 COPY  dist /usr/share/nginx/html
 #CMD ["nginx", "-g", "daemon off;"]
--- a/maxkey-web-frontend/maxkey-web-mgt-app/nginx.conf
+++ b/maxkey-web-frontend/maxkey-web-mgt-app/nginx.conf
@ -0,0 +1,17 @@
 #MaxKey mgmt server
 server {
    listen       9524;
    server_name  localhost;
    location / {
        root   /usr/share/nginx/html;
        index  index.html index.htm;
        try_files $uri $uri/ /index.html;
    }
    error_page   500 502 503 504  /50x.html;
    location = /50x.html {
        root   /usr/share/nginx/html;
    }
 }
--- a/maxkey-web-frontend/maxkey-web-mgt-app/src/app/core/net/default.interceptor.ts
+++ b/maxkey-web-frontend/maxkey-web-mgt-app/src/app/core/net/default.interceptor.ts
@ -1,19 +1,18 @@
 /*
 * Copyright [2022] [MaxKey of copyright http://www.maxkey.top]
- * 
+ *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
- * 
+ *
 *     http://www.apache.org/licenses/LICENSE-2.0
- * 
+ *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 import {
  HttpErrorResponse,
--- a/maxkey-web-frontend/maxkey-web-mgt-app/src/app/layout/basic/basic.component.ts
+++ b/maxkey-web-frontend/maxkey-web-mgt-app/src/app/layout/basic/basic.component.ts
@ -35,7 +35,7 @@ import { LayoutDefaultOptions } from '../../theme/layout-default';
    <layout-default [options]="options" [asideUser]="asideUserTpl" [content]="contentTpl" [customError]="null">
      <layout-default-header-item direction="left">
        <a href="#">
-          <img src="../assets/logo.jpg" alt="logo" style="height: 50px;height: 50px;float: left;" />
+          <img src="./assets/logo.jpg" alt="logo" style="height: 50px;height: 50px;float: left;" />
          <div
            class="alain-default__nav-item_title"
            style="letter-spacing: 2px;
--- a/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/passport/callback.component.ts
+++ b/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/passport/callback.component.ts
@ -1,19 +1,18 @@
 /*
 * Copyright [2022] [MaxKey of copyright http://www.maxkey.top]
- * 
+ *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
- * 
+ *
 *     http://www.apache.org/licenses/LICENSE-2.0
- * 
+ *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 import { Component, OnInit } from '@angular/core';
 import { ActivatedRoute } from '@angular/router';
@ -28,7 +27,7 @@ import { SettingsService } from '@delon/theme';
 export class CallbackComponent implements OnInit {
  type = '';
-  constructor(private socialService: SocialService, private settingsSrv: SettingsService, private route: ActivatedRoute) {}
+  constructor(private socialService: SocialService, private settingsSrv: SettingsService, private route: ActivatedRoute) { }
  ngOnInit(): void {
    this.type = this.route.snapshot.params['type'];
--- a/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/passport/jwt-auth.component.ts
+++ b/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/passport/jwt-auth.component.ts
@ -0,0 +1,56 @@
 /*
 * Copyright [2022] [MaxKey of copyright http://www.maxkey.top]
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 *     http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 import { Component, OnInit, Inject } from '@angular/core';
 import { ActivatedRoute, Router } from '@angular/router';
 import { ReuseTabService } from '@delon/abc/reuse-tab';
 import { DA_SERVICE_TOKEN, ITokenService } from '@delon/auth';
 import { SettingsService } from '@delon/theme';
 import { AuthenticationService } from '../../service/authentication.service';
@Component({
  selector: 'app-jwt-auth',
  template: ``
 })
 export class JwtAuthComponent implements OnInit {
  jwt = '';
  constructor(
    private authenticationService: AuthenticationService,
    @Inject(ReuseTabService)
    private reuseTabService: ReuseTabService,
    private router: Router,
    private settingsSrv: SettingsService,
    private route: ActivatedRoute
  ) { }
  ngOnInit(): void {
    this.jwt = this.route.snapshot.queryParams['jwt'];
    this.authenticationService.jwtAuth({ jwt: this.jwt }).subscribe(res => {
      if (res.code !== 0) {
        this.router.navigateByUrl('/passport/login');
      } else {
        // 清空路由复用信息
        this.reuseTabService.clear();
        // 设置用户Token信息
        this.authenticationService.auth(res.data);
        this.authenticationService.navigate({});
      }
    });
  }
 }
--- a/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/passport/login/login.component.ts
+++ b/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/passport/login/login.component.ts
@ -1,19 +1,18 @@
 /*
 * Copyright [2022] [MaxKey of copyright http://www.maxkey.top]
- * 
+ *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
- * 
+ *
 *     http://www.apache.org/licenses/LICENSE-2.0
- * 
+ *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 import { ChangeDetectionStrategy, ChangeDetectorRef, Component, OnInit, Inject, OnDestroy, Optional } from '@angular/core';
 import { AbstractControl, FormBuilder, FormGroup, Validators } from '@angular/forms';
--- a/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/passport/passport-routing.module.ts
+++ b/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/passport/passport-routing.module.ts
@ -1,25 +1,25 @@
 /*
 * Copyright [2022] [MaxKey of copyright http://www.maxkey.top]
- * 
+ *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
- * 
+ *
 *     http://www.apache.org/licenses/LICENSE-2.0
- * 
+ *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 import { NgModule } from '@angular/core';
 import { RouterModule, Routes } from '@angular/router';
 import { LayoutPassportComponent } from '../../layout/passport/passport.component';
 import { CallbackComponent } from './callback.component';
 import { JwtAuthComponent } from './jwt-auth.component';
 import { UserLockComponent } from './lock/lock.component';
 import { UserLoginComponent } from './login/login.component';
 import { UserRegisterResultComponent } from './register-result/register-result.component';
@ -54,11 +54,11 @@ const routes: Routes = [
    ]
  },
  // 单页不包裹Layout
-  { path: 'passport/callback/:type', component: CallbackComponent }
+  { path: 'passport/jwt/auth', component: JwtAuthComponent }
 ];
@NgModule({
  imports: [RouterModule.forChild(routes)],
  exports: [RouterModule]
 })
-export class PassportRoutingModule {}
+export class PassportRoutingModule { }
--- a/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/passport/passport.module.ts
+++ b/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/passport/passport.module.ts
@ -1,19 +1,18 @@
 /*
 * Copyright [2022] [MaxKey of copyright http://www.maxkey.top]
- * 
+ *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
- * 
+ *
 *     http://www.apache.org/licenses/LICENSE-2.0
- * 
+ *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 import { NgModule } from '@angular/core';
 import { SharedModule } from '@shared';
@ -31,4 +30,4 @@ const COMPONENTS = [UserLoginComponent, UserRegisterResultComponent, UserRegiste
  imports: [SharedModule, PassportRoutingModule],
  declarations: [...COMPONENTS]
 })
-export class PassportModule {}
+export class PassportModule { }
--- a/maxkey-web-frontend/maxkey-web-mgt-app/src/app/service/authentication.service.ts
+++ b/maxkey-web-frontend/maxkey-web-mgt-app/src/app/service/authentication.service.ts
@ -1,19 +1,18 @@
 /*
 * Copyright [2022] [MaxKey of copyright http://www.maxkey.top]
- * 
+ *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
- * 
+ *
 *     http://www.apache.org/licenses/LICENSE-2.0
- * 
+ *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 import { Injectable, Inject } from '@angular/core';
 import { Router } from '@angular/router';
@ -62,6 +61,10 @@ export class AuthenticationService {
    return this.http.post('/login/congress?_allow_anonymous=true', authParam);
  }
  jwtAuth(authParam: any) {
    return this.http.get(`/login/jwt?_allow_anonymous=true`, authParam);
  }
  clear() {
    this.tokenService.clear();
  }
--- a/maxkey-web-frontend/maxkey-web-mgt-app/src/environments/environment.prod.ts
+++ b/maxkey-web-frontend/maxkey-web-mgt-app/src/environments/environment.prod.ts
@ -1,19 +1,18 @@
 /*
 * Copyright [2022] [MaxKey of copyright http://www.maxkey.top]
- * 
+ *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
- * 
+ *
 *     http://www.apache.org/licenses/LICENSE-2.0
- * 
+ *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 import { Environment } from '@delon/theme';
@ -21,8 +20,8 @@ export const environment = {
  production: true,
  useHash: true,
  api: {
-    baseUrl: './',
+    baseUrl: '/maxkey-mgt-api',
    refreshTokenEnabled: true,
-    refreshTokenType: 'auth-refresh'
+    refreshTokenType: 're-request'
  }
 } as Environment;
--- a/maxkey-web-frontend/maxkey-web-mgt-app/src/environments/environment.ts
+++ b/maxkey-web-frontend/maxkey-web-mgt-app/src/environments/environment.ts
@ -1,19 +1,18 @@
 /*
 * Copyright [2022] [MaxKey of copyright http://www.maxkey.top]
- * 
+ *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
- * 
+ *
 *     http://www.apache.org/licenses/LICENSE-2.0
- * 
+ *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 // This file can be replaced during build by using the `fileReplacements` array.
 // `ng build ---prod` replaces `environment.ts` with `environment.prod.ts`.
@ -28,7 +27,7 @@ export const environment = {
  production: false,
  useHash: true,
  api: {
-    baseUrl: 'http://sso.maxkey.top:9527/maxkey-mgt/',
+    baseUrl: 'http://sso.maxkey.top:9526/maxkey-mgt-api/',
    refreshTokenEnabled: true,
    refreshTokenType: 're-request'
  },
--- a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/HistorySignOnAppInterceptor.java
+++ b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/HistorySignOnAppInterceptor.java
@ -54,8 +54,18 @@ public class HistorySignOnAppInterceptor  implements AsyncHandlerInterceptor  {
    public boolean preHandle(HttpServletRequest request, 
            HttpServletResponse response, Object handler)
            throws Exception {
-        _logger.debug("preHandle");
+        _logger.debug("preHandle {}",request.getRequestURI());
-        final Apps app = (Apps)WebContext.getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP);
+        Apps app = (Apps)WebContext.getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP);
        if(app == null) {
        	String appId ="";
        	//JWT
        	if(request.getRequestURI().contains("/authz/jwt/")) {
        		String [] requestURI = request.getRequestURI().split("/");
        		appId = requestURI[requestURI.length -1];
        	}
        	_logger.debug("appId {}",appId);
        	app = appsService.get(appId,true);
        }
        SignPrincipal principal = AuthorizationUtils.getPrincipal();
        if(principal != null && app !=null) {
            if(principal.getGrantedAuthorityApps().contains(new SimpleGrantedAuthority(app.getId()))) {
--- a/maxkey-webs/maxkey-web-maxkey/src/main/resources/application-http.properties
+++ b/maxkey-webs/maxkey-web-maxkey/src/main/resources/application-http.properties
@ -16,7 +16,7 @@
 #spring.profiles.active=http                                               #
 ############################################################################
 #server port
-server.port                                     =${SERVER_PORT:8080}
+server.port                                     =${SERVER_PORT:9527}
 #session default 600
 #600s   =10m
 #1800s  =30m
@ -24,7 +24,7 @@ server.port                                     =${SERVER_PORT:8080}
 #28800s =8h
 server.servlet.session.timeout                  =${SERVLET_SESSION_TIMEOUT:600}
 #server context path
-server.servlet.context-path                     =/maxkey
+server.servlet.context-path                     =/sign
 #nacos discovery
 spring.cloud.nacos.discovery.enabled            =${NACOS_DISCOVERY_ENABLED:false}
 spring.cloud.nacos.discovery.instance-enabled   =false
@ -44,7 +44,7 @@ maxkey.server.mgt.uri                           =${maxkey.server.name}:9527/maxk
 maxkey.server.authz.uri                         =${maxkey.server.name}:${server.port}${server.servlet.context-path}
 #http://sso.maxkey.top/sign
 #http://sso.maxkey.top:4200
-maxkey.server.frontend.uri                      =${maxkey.server.name}:${server.frontend.port}
+maxkey.server.frontend.uri                      =/maxkey
 #InMemory 0 , Redis 2               
 maxkey.server.persistence                       =${SERVER_PERSISTENCE:0}
 #identity none, Kafka ,RocketMQ
--- a/maxkey-webs/maxkey-web-maxkey/src/main/resources/templates/views/authorize/jwt_sso_submint.ftl
+++ b/maxkey-webs/maxkey-web-maxkey/src/main/resources/templates/views/authorize/jwt_sso_submint.ftl
@ -7,17 +7,30 @@
 </head>
 <body  onload="document.forms[0].submit()"  style="display:none">
-<form id="jwt_sso_form" name="jwt_sso_form" action="${action}" method="post">
+<#if 'post'==tokenType>
-		<table style="width:100%">
+    <form id="jwt_sso_form" name="jwt_sso_form" action="${action}" method="${tokenType}">
-			<tr>
+        <table style="width:100%">
-				<td>token</td>
+            <tr>
-				<td><input type="text" id="tokenbased_token" name="${jwtName}" value="${token}" /></td>
+                <td>token</td>
-			</tr>
+                <td><input type="text" id="tokenbased_token" name="${jwtName}" value="${token}" /></td>
-			
+            </tr>
-			<tr>
+            
-				<td colspan="2"><input type="submit"  name="submitBtn" value="Continue..." /></td>
+            <tr>
-			</tr>
+                <td colspan="2"><input type="submit"  name="submitBtn" value="Continue..." /></td>
-		</table>
+            </tr>
-	</form>
+        </table>
    </form>
 </#if>
 <#if 'get'==tokenType>
    <form id="jwt_sso_form" name="jwt_sso_form" action="${action}?${jwtName}=${token}" method="${tokenType}">
        <table style="width:100%">
            <tr>
                <td colspan="2"><input type="submit"  name="submitBtn" value="Continue..." /></td>
            </tr>
        </table>
    </form>
 </#if>
 </body>
 </html>
--- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/MaxKeyMgtMvcConfig.java
+++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/MaxKeyMgtMvcConfig.java
@ -20,8 +20,6 @@ package org.maxkey;
 import java.util.List;
 import org.maxkey.authn.AbstractAuthenticationProvider;
 import org.maxkey.authn.support.jwt.HttpJwtEntryPoint;
 import org.maxkey.authn.support.jwt.JwtLoginService;
 import org.maxkey.authn.web.CurrentUserMethodArgumentResolver;
 import org.maxkey.authn.web.interceptor.PermissionInterceptor;
 import org.maxkey.configuration.ApplicationConfig;
@ -49,9 +47,6 @@ public class MaxKeyMgtMvcConfig implements WebMvcConfigurer {
    @Autowired
    AbstractAuthenticationProvider authenticationProvider ;
    @Autowired
    JwtLoginService jwtLoginService;
    @Autowired
    PermissionInterceptor permissionInterceptor;
@ -90,10 +85,7 @@ public class MaxKeyMgtMvcConfig implements WebMvcConfigurer {
        //addPathPatterns 用于添加拦截规则 ， 先把所有路径都加入拦截， 再一个个排除
        //excludePathPatterns 表示改路径不用拦截
        _logger.debug("add HttpJwtEntryPoint");
-        registry.addInterceptor(new HttpJwtEntryPoint(
+
        		authenticationProvider,jwtLoginService,applicationConfig,true))
        	.addPathPatterns("/login");
        permissionInterceptor.setMgmt(true);
        registry.addInterceptor(permissionInterceptor)
--- a/maxkey-webs/maxkey-web-mgt/src/main/resources/application-http.properties
+++ b/maxkey-webs/maxkey-web-mgt/src/main/resources/application-http.properties
@ -16,9 +16,9 @@
 #MaxKey Server  configuration                                              #
 ############################################################################
 #server port
-server.port                                     =${SERVER_PORT:9527}
+server.port                                     =${SERVER_PORT:9526}
 #server context path
-server.servlet.context-path                     =/maxkey-mgt
+server.servlet.context-path                     =/maxkey-mgt-api
 #nacos discovery
 spring.cloud.nacos.discovery.enabled            =${NACOS_DISCOVERY_ENABLED:false}
 spring.cloud.nacos.discovery.instance-enabled   =false
@ -30,7 +30,7 @@ maxkey.server.scheme                            =http
 maxkey.server.basedomain                        =${SERVER_DOMAIN:maxkey.top}
 maxkey.server.domain                            =sso.${maxkey.server.basedomain}
 maxkey.server.name                              =${maxkey.server.scheme}://${maxkey.server.domain}
-maxkey.server.uri                               =${maxkey.server.name}:9527${server.servlet.context-path}
+maxkey.server.uri                               =${maxkey.server.name}:${server.port}${server.servlet.context-path}
 #default.uri
 maxkey.server.default.uri                       =${maxkey.server.uri}/main
 maxkey.server.mgt.uri                           =${maxkey.server.uri}
@ -41,8 +41,10 @@ maxkey.server.persistence                       =0
 maxkey.server.message.queue                     =${SERVER_MESSAGE_QUEUE:none}
 maxkey.session.timeout                          =${SERVER_SESSION_TIMEOUT:1800}
-maxkey.auth.jwt.expires                         =86400
+
 maxkey.auth.jwt.issuer                          =${maxkey.server.uri}
 maxkey.auth.jwt.expires                         =900
 maxkey.auth.jwt.secret                          =7heM-14BtxjyKPuH3ITIm7q2-ps5MuBirWCsrrdbzzSAOuSPrbQYiaJ54AeA0uH2XdkYy3hHAkTFIsieGkyqxOJZ_dQzrCbaYISH9rhUZAKYx8tUY0wkE4ArOC6LqHDJarR6UIcMsARakK9U4dhoOPO1cj74XytemI-w6ACYfzRUn_Rn4e-CQMcnD1C56oNEukwalf06xVgXl41h6K8IBEzLVod58y_VfvFn-NGWpNG0fy_Qxng6dg8Dgva2DobvzMN2eejHGLGB-x809MvC4zbG7CKNVlcrzMYDt2Gt2sOVDrt2l9YqJNfgaLFjrOEVw5cuXemGkX1MvHj6TAsbLg
 maxkey.auth.jwt.refresh.secret                  =7heM-14BtxjyKPuH3ITIm7q2-ps5MuBirWCsrrdbzzSAOuSPrbQYiaJ54AeA0uH2XdkYy3hHAkTFIsieGkyqxOJZ_dQzrCbaYISH9rhUZAKYx8tUY0wkE4ArOC6LqHDJarR6UIcMsARakK9U4dhoOPO1cj74XytemI-w6ACYfzRUn_Rn4e-CQMcnD1C56oNEukwalf06xVgXl41h6K8IBEzLVod58y_VfvFn-NGWpNG0fy_Qxng6dg8Dgva2DobvzMN2eejHGLGB-x809MvC4zbG7CKNVlcrzMYDt2Gt2sOVDrt2l9YqJNfgaLFjrOEVw5cuXemGkX1MvHj6TAsbLg
 ############################################################################