admin/MaxKey
1
0
Fork 0
mirror of https://gitee.com/dromara/MaxKey.git synced 2025-12-07 01:18:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

AuthorizationUtils

Browse Source
This commit is contained in:
MaxKey 2022-04-12 22:31:41 +08:00
parent 742b660453
commit 50bfb3087e
75 changed files with 766 additions and 1638 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java
View File

@ -22,7 +22,6 @@ import java.util.HashMap;
import org.maxkey.authn.online.OnlineTicketService; import org.maxkey.authn.online.OnlineTicketService;
import org.maxkey.authn.realm.AbstractAuthenticationRealm; import org.maxkey.authn.realm.AbstractAuthenticationRealm;
import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
import org.maxkey.configuration.ApplicationConfig; import org.maxkey.configuration.ApplicationConfig;
import org.maxkey.constants.ConstsLoginType; import org.maxkey.constants.ConstsLoginType;
import org.maxkey.constants.ConstsStatus; import org.maxkey.constants.ConstsStatus;
@ -62,8 +61,6 @@ public abstract class AbstractAuthenticationProvider {
protected OtpAuthnService otpAuthnService; protected OtpAuthnService otpAuthnService;
protected AbstractRemeberMeService remeberMeService;
protected OnlineTicketService onlineTicketServices; protected OnlineTicketService onlineTicketServices;
public static ArrayList<GrantedAuthority> grantedAdministratorsAuthoritys = new ArrayList<GrantedAuthority>(); public static ArrayList<GrantedAuthority> grantedAdministratorsAuthoritys = new ArrayList<GrantedAuthority>();
@ -372,10 +369,6 @@ public abstract class AbstractAuthenticationProvider {
this.tfaOtpAuthn = tfaOtpAuthn; this.tfaOtpAuthn = tfaOtpAuthn;
} }
public void setRemeberMeService(AbstractRemeberMeService remeberMeService) {
this.remeberMeService = remeberMeService;
}
public void setOnlineTicketServices(OnlineTicketService onlineTicketServices) { public void setOnlineTicketServices(OnlineTicketService onlineTicketServices) {
this.onlineTicketServices = onlineTicketServices; this.onlineTicketServices = onlineTicketServices;
} }

22
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java
View File

@ -22,7 +22,7 @@ import java.util.ArrayList;
import org.maxkey.authn.online.OnlineTicket; import org.maxkey.authn.online.OnlineTicket;
import org.maxkey.authn.online.OnlineTicketService; import org.maxkey.authn.online.OnlineTicketService;
import org.maxkey.authn.realm.AbstractAuthenticationRealm; import org.maxkey.authn.realm.AbstractAuthenticationRealm;
import org.maxkey.authn.support.rememberme.AbstractRemeberMeService; import org.maxkey.authn.web.AuthorizationUtils;
import org.maxkey.configuration.ApplicationConfig; import org.maxkey.configuration.ApplicationConfig;
import org.maxkey.entity.Institutions; import org.maxkey.entity.Institutions;
import org.maxkey.entity.UserInfo; import org.maxkey.entity.UserInfo;
@ -37,8 +37,6 @@ import org.springframework.security.authentication.UsernamePasswordAuthenticatio
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.web.authentication.WebAuthenticationDetails; import org.springframework.security.web.authentication.WebAuthenticationDetails;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
/** /**
@ -65,13 +63,11 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
ApplicationConfig applicationConfig, ApplicationConfig applicationConfig,
AbstractOtpAuthn tfaOtpAuthn, AbstractOtpAuthn tfaOtpAuthn,
OtpAuthnService otpAuthnService, OtpAuthnService otpAuthnService,
AbstractRemeberMeService remeberMeService,
OnlineTicketService onlineTicketServices) { OnlineTicketService onlineTicketServices) {
this.authenticationRealm = authenticationRealm; this.authenticationRealm = authenticationRealm;
this.applicationConfig = applicationConfig; this.applicationConfig = applicationConfig;
this.tfaOtpAuthn = tfaOtpAuthn; this.tfaOtpAuthn = tfaOtpAuthn;
this.otpAuthnService = otpAuthnService; this.otpAuthnService = otpAuthnService;
this.remeberMeService = remeberMeService;
this.onlineTicketServices = onlineTicketServices; this.onlineTicketServices = onlineTicketServices;
} }
@ -115,20 +111,6 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
authenticationRealm.getPasswordPolicyValidator().applyPasswordPolicy(userInfo); authenticationRealm.getPasswordPolicyValidator().applyPasswordPolicy(userInfo);
UsernamePasswordAuthenticationToken authenticationToken = createOnlineSession(loginCredential,userInfo); UsernamePasswordAuthenticationToken authenticationToken = createOnlineSession(loginCredential,userInfo);
//RemeberMe Config check then set RemeberMe cookies
if (applicationConfig.getLoginConfig().isRemeberMe()) {
if (loginCredential.getRemeberMe() != null && loginCredential.getRemeberMe().equals("remeberMe")) {
WebContext.getSession().setAttribute(
WebConstants.REMEBER_ME_SESSION,loginCredential.getUsername());
_logger.debug("do Remeber Me");
remeberMeService.createRemeberMe(
userInfo.getUsername(),
WebContext.getRequest(),
((ServletRequestAttributes)RequestContextHolder.getRequestAttributes())
.getResponse()
);
}
}
return authenticationToken; return authenticationToken;
} }
@ -225,7 +207,7 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
/* /*
* put Authentication to current session context * put Authentication to current session context
*/ */
WebContext.setAuthentication(authenticationToken); AuthorizationUtils.setAuthentication(authenticationToken);
return authenticationToken; return authenticationToken;
} }

10
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/SavedRequestAwareAuthenticationSuccessHandler.java
View File

@ -22,13 +22,10 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
import org.maxkey.web.WebConstants; import org.maxkey.web.WebConstants;
import org.maxkey.web.WebContext; import org.maxkey.web.WebContext;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler; import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
import org.springframework.security.web.savedrequest.HttpSessionRequestCache; import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
@ -74,10 +71,6 @@ public class SavedRequestAwareAuthenticationSuccessHandler
protected final Logger _logger = LoggerFactory.getLogger( protected final Logger _logger = LoggerFactory.getLogger(
SavedRequestAwareAuthenticationSuccessHandler.class); SavedRequestAwareAuthenticationSuccessHandler.class);
@Autowired
@Qualifier("remeberMeService")
protected AbstractRemeberMeService remeberMeService;
private RequestCache requestCache = new HttpSessionRequestCache(); private RequestCache requestCache = new HttpSessionRequestCache();
@Override @Override
@ -85,9 +78,6 @@ public class SavedRequestAwareAuthenticationSuccessHandler
Authentication authentication) throws ServletException, IOException { Authentication authentication) throws ServletException, IOException {
SavedRequest savedRequest = requestCache.getRequest(request, response); SavedRequest savedRequest = requestCache.getRequest(request, response);
remeberMeService.createRemeberMe(
authentication.getPrincipal().toString(), request, response);
if (savedRequest == null) { if (savedRequest == null) {
super.onAuthenticationSuccess(request, response, authentication); super.onAuthenticationSuccess(request, response, authentication);

12
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/jwt/AuthJwt.java
View File

@ -8,6 +8,7 @@ import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority; import org.springframework.security.core.GrantedAuthority;
public class AuthJwt { public class AuthJwt {
private String ticket;
private String token; private String token;
private String type = "Bearer"; private String type = "Bearer";
private String id; private String id;
@ -37,6 +38,8 @@ public class AuthJwt {
SigninPrincipal signinPrincipal = ((SigninPrincipal)authentication.getPrincipal()); SigninPrincipal signinPrincipal = ((SigninPrincipal)authentication.getPrincipal());
this.token = token; this.token = token;
this.ticket = signinPrincipal.getOnlineTicket().getTicketId().substring(3);
this.id = signinPrincipal.getUserInfo().getId(); this.id = signinPrincipal.getUserInfo().getId();
this.username = signinPrincipal.getUserInfo().getUsername(); this.username = signinPrincipal.getUserInfo().getUsername();
this.name = this.username; this.name = this.username;
@ -115,6 +118,15 @@ public class AuthJwt {
public void setAuthorities(List<String> authorities) { public void setAuthorities(List<String> authorities) {
this.authorities = authorities; this.authorities = authorities;
} }
public String getTicket() {
return ticket;
}
public void setTicket(String ticket) {
this.ticket = ticket;
}
@Override @Override
public String toString() { public String toString() {
StringBuilder builder = new StringBuilder(); StringBuilder builder = new StringBuilder();

15
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/AbstractAuthenticationRealm.java
View File

@ -24,7 +24,6 @@ import javax.servlet.http.HttpServletResponse;
import org.maxkey.authn.SigninPrincipal; import org.maxkey.authn.SigninPrincipal;
import org.maxkey.authn.realm.ldap.LdapAuthenticationRealmService; import org.maxkey.authn.realm.ldap.LdapAuthenticationRealmService;
import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
import org.maxkey.entity.Groups; import org.maxkey.entity.Groups;
import org.maxkey.entity.HistoryLogin; import org.maxkey.entity.HistoryLogin;
import org.maxkey.entity.UserInfo; import org.maxkey.entity.UserInfo;
@ -58,8 +57,6 @@ public abstract class AbstractAuthenticationRealm {
protected LoginHistoryRepository loginHistoryRepository; protected LoginHistoryRepository loginHistoryRepository;
protected AbstractRemeberMeService remeberMeService;
protected UserInfoService userInfoService; protected UserInfoService userInfoService;
protected LdapAuthenticationRealmService ldapAuthenticationRealmService; protected LdapAuthenticationRealmService ldapAuthenticationRealmService;
@ -90,16 +87,6 @@ public abstract class AbstractAuthenticationRealm {
public abstract boolean passwordMatches(UserInfo userInfo, String password); public abstract boolean passwordMatches(UserInfo userInfo, String password);
public static boolean isAuthenticated() {
if (WebContext.getUserInfo() != null) {
return true;
} else {
return false;
}
}
public List<Groups> queryGroups(UserInfo userInfo) { public List<Groups> queryGroups(UserInfo userInfo) {
return loginRepository.queryGroups(userInfo); return loginRepository.queryGroups(userInfo);
} }
@ -184,8 +171,6 @@ public abstract class AbstractAuthenticationRealm {
UserInfo userInfo = signinPrincipal.getUserInfo(); UserInfo userInfo = signinPrincipal.getUserInfo();
userInfo.setLastLogoffTime(DateUtils.formatDateTime(new Date())); userInfo.setLastLogoffTime(DateUtils.formatDateTime(new Date()));
remeberMeService.removeRemeberMe(response);
loginHistoryRepository.logoff(userInfo.getLastLogoffTime(), signinPrincipal.getOnlineTicket().getTicketId()); loginHistoryRepository.logoff(userInfo.getLastLogoffTime(), signinPrincipal.getOnlineTicket().getTicketId());

14
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/jdbc/JdbcAuthenticationRealm.java
View File

@ -20,8 +20,8 @@ package org.maxkey.authn.realm.jdbc;
import org.maxkey.authn.realm.AbstractAuthenticationRealm; import org.maxkey.authn.realm.AbstractAuthenticationRealm;
import org.maxkey.authn.realm.ldap.LdapAuthenticationRealm; import org.maxkey.authn.realm.ldap.LdapAuthenticationRealm;
import org.maxkey.authn.realm.ldap.LdapAuthenticationRealmService; import org.maxkey.authn.realm.ldap.LdapAuthenticationRealmService;
import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
import org.maxkey.constants.ConstsLoginType; import org.maxkey.constants.ConstsLoginType;
import org.maxkey.entity.ChangePassword;
import org.maxkey.entity.PasswordPolicy; import org.maxkey.entity.PasswordPolicy;
import org.maxkey.entity.UserInfo; import org.maxkey.entity.UserInfo;
import org.maxkey.persistence.repository.LoginHistoryRepository; import org.maxkey.persistence.repository.LoginHistoryRepository;
@ -59,7 +59,6 @@ public class JdbcAuthenticationRealm extends AbstractAuthenticationRealm {
PasswordPolicyValidator passwordPolicyValidator, PasswordPolicyValidator passwordPolicyValidator,
LoginRepository loginRepository, LoginRepository loginRepository,
LoginHistoryRepository loginHistoryRepository, LoginHistoryRepository loginHistoryRepository,
AbstractRemeberMeService remeberMeService,
UserInfoService userInfoService, UserInfoService userInfoService,
JdbcTemplate jdbcTemplate) { JdbcTemplate jdbcTemplate) {
@ -67,7 +66,6 @@ public class JdbcAuthenticationRealm extends AbstractAuthenticationRealm {
this.passwordPolicyValidator=passwordPolicyValidator; this.passwordPolicyValidator=passwordPolicyValidator;
this.loginRepository = loginRepository; this.loginRepository = loginRepository;
this.loginHistoryRepository = loginHistoryRepository; this.loginHistoryRepository = loginHistoryRepository;
this.remeberMeService = remeberMeService;
this.userInfoService = userInfoService; this.userInfoService = userInfoService;
this.jdbcTemplate = jdbcTemplate; this.jdbcTemplate = jdbcTemplate;
} }
@ -77,7 +75,6 @@ public class JdbcAuthenticationRealm extends AbstractAuthenticationRealm {
PasswordPolicyValidator passwordPolicyValidator, PasswordPolicyValidator passwordPolicyValidator,
LoginRepository loginRepository, LoginRepository loginRepository,
LoginHistoryRepository loginHistoryRepository, LoginHistoryRepository loginHistoryRepository,
AbstractRemeberMeService remeberMeService,
UserInfoService userInfoService, UserInfoService userInfoService,
JdbcTemplate jdbcTemplate, JdbcTemplate jdbcTemplate,
LdapAuthenticationRealmService ldapAuthenticationRealmService) { LdapAuthenticationRealmService ldapAuthenticationRealmService) {
@ -85,7 +82,6 @@ public class JdbcAuthenticationRealm extends AbstractAuthenticationRealm {
this.passwordPolicyValidator = passwordPolicyValidator; this.passwordPolicyValidator = passwordPolicyValidator;
this.loginRepository = loginRepository; this.loginRepository = loginRepository;
this.loginHistoryRepository = loginHistoryRepository; this.loginHistoryRepository = loginHistoryRepository;
this.remeberMeService = remeberMeService;
this.userInfoService = userInfoService; this.userInfoService = userInfoService;
this.jdbcTemplate = jdbcTemplate; this.jdbcTemplate = jdbcTemplate;
this.ldapAuthenticationRealmService = ldapAuthenticationRealmService; this.ldapAuthenticationRealmService = ldapAuthenticationRealmService;
@ -109,11 +105,9 @@ public class JdbcAuthenticationRealm extends AbstractAuthenticationRealm {
passwordMatches = ldapRealm.passwordMatches(userInfo, password); passwordMatches = ldapRealm.passwordMatches(userInfo, password);
if(passwordMatches) { if(passwordMatches) {
//write password to database Realm //write password to database Realm
UserInfo changePasswordUser = new UserInfo(); ChangePassword changePassword = new ChangePassword(userInfo);
changePasswordUser.setId(userInfo.getId()); changePassword.setPassword(password);
changePasswordUser.setUsername(userInfo.getUsername()); userInfoService.changePassword(changePassword, false);
changePasswordUser.setPassword(password);
userInfoService.changePassword(changePasswordUser, false);
} }
} }
} }

4
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/jwt/HttpJwtEntryPoint.java
View File

@ -22,10 +22,10 @@ import javax.servlet.http.HttpServletResponse;
import org.maxkey.authn.AbstractAuthenticationProvider; import org.maxkey.authn.AbstractAuthenticationProvider;
import org.maxkey.authn.LoginCredential; import org.maxkey.authn.LoginCredential;
import org.maxkey.authn.web.AuthorizationUtils;
import org.maxkey.configuration.ApplicationConfig; import org.maxkey.configuration.ApplicationConfig;
import org.maxkey.constants.ConstsLoginType; import org.maxkey.constants.ConstsLoginType;
import org.maxkey.web.WebConstants; import org.maxkey.web.WebConstants;
import org.maxkey.web.WebContext;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.web.servlet.AsyncHandlerInterceptor; import org.springframework.web.servlet.AsyncHandlerInterceptor;
@ -46,7 +46,7 @@ public class HttpJwtEntryPoint implements AsyncHandlerInterceptor {
@Override @Override
public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception { public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
boolean isAuthenticated= WebContext.isAuthenticated(); boolean isAuthenticated= AuthorizationUtils.isAuthenticated();
String jwt = request.getParameter(WebConstants.JWT_TOKEN_PARAMETER); String jwt = request.getParameter(WebConstants.JWT_TOKEN_PARAMETER);
if(!enable if(!enable

4
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/kerberos/HttpKerberosEntryPoint.java
View File

@ -22,13 +22,13 @@ import javax.servlet.http.HttpServletResponse;
import org.joda.time.DateTime; import org.joda.time.DateTime;
import org.maxkey.authn.AbstractAuthenticationProvider; import org.maxkey.authn.AbstractAuthenticationProvider;
import org.maxkey.authn.LoginCredential; import org.maxkey.authn.LoginCredential;
import org.maxkey.authn.web.AuthorizationUtils;
import org.maxkey.configuration.ApplicationConfig; import org.maxkey.configuration.ApplicationConfig;
import org.maxkey.constants.ConstsLoginType; import org.maxkey.constants.ConstsLoginType;
import org.maxkey.crypto.ReciprocalUtils; import org.maxkey.crypto.ReciprocalUtils;
import org.maxkey.util.DateUtils; import org.maxkey.util.DateUtils;
import org.maxkey.util.JsonUtils; import org.maxkey.util.JsonUtils;
import org.maxkey.web.WebConstants; import org.maxkey.web.WebConstants;
import org.maxkey.web.WebContext;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.web.servlet.AsyncHandlerInterceptor; import org.springframework.web.servlet.AsyncHandlerInterceptor;
@ -47,7 +47,7 @@ public class HttpKerberosEntryPoint implements AsyncHandlerInterceptor {
@Override @Override
public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception { public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
boolean isAuthenticated= WebContext.isAuthenticated(); boolean isAuthenticated= AuthorizationUtils.isAuthenticated();
String kerberosTokenString = request.getParameter(WebConstants.KERBEROS_TOKEN_PARAMETER); String kerberosTokenString = request.getParameter(WebConstants.KERBEROS_TOKEN_PARAMETER);
String kerberosUserDomain = request.getParameter(WebConstants.KERBEROS_USERDOMAIN_PARAMETER); String kerberosUserDomain = request.getParameter(WebConstants.KERBEROS_USERDOMAIN_PARAMETER);

166
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/AbstractRemeberMeService.java
View File

@ -1,166 +0,0 @@
/*
* Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.maxkey.authn.support.rememberme;
import java.util.Date;
import java.util.regex.Pattern;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.maxkey.configuration.ApplicationConfig;
import org.maxkey.constants.ConstsTimeInterval;
import org.maxkey.crypto.Base64Utils;
import org.maxkey.crypto.password.PasswordReciprocal;
import org.maxkey.util.JsonUtils;
import org.maxkey.web.WebConstants;
import org.maxkey.web.WebContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
public abstract class AbstractRemeberMeService {
private static final Logger _logger = LoggerFactory.getLogger(AbstractRemeberMeService.class);
protected Integer remeberMeValidity = ConstsTimeInterval.TWO_WEEK;
protected String validity;
@Autowired
@Qualifier("applicationConfig")
protected ApplicationConfig applicationConfig;
// follow function is for persist
public abstract void save(RemeberMe remeberMe);
public abstract void update(RemeberMe remeberMe);
public abstract RemeberMe read(RemeberMe remeberMe);
public abstract void remove(String username);
// end persist
public boolean createRemeberMe(String username, HttpServletRequest request, HttpServletResponse response) {
if (request.getSession().getAttribute(WebConstants.REMEBER_ME_SESSION) != null
&& applicationConfig.getLoginConfig().isRemeberMe()) {
_logger.debug("Remeber Me ...");
RemeberMe remeberMe = new RemeberMe();
remeberMe.setAuthKey(WebContext.genId());
remeberMe.setId(WebContext.genId());
remeberMe.setUsername(WebContext.getUserInfo().getUsername());
remeberMe.setLastLogin(new Date());
save(remeberMe);
_logger.debug("Remeber Me " + remeberMe);
_logger.debug("Cookie Name : " + WebConstants.REMEBER_ME_COOKIE);
String jsonRemeberMe = JsonUtils.object2Json(remeberMe);
_logger.debug("Remeber Me JSON " + jsonRemeberMe);
jsonRemeberMe = PasswordReciprocal.getInstance().encode(jsonRemeberMe);
String cookieValue = Base64Utils.base64UrlEncode(jsonRemeberMe.getBytes());
_logger.debug("Remeber Me JSON " + cookieValue);
Cookie cookie = new Cookie(WebConstants.REMEBER_ME_COOKIE, cookieValue);
Integer maxAge = getRemeberMeValidity();
_logger.debug("Cookie Max Age :" + maxAge + " seconds.");
cookie.setMaxAge(maxAge);
// cookie.setPath("/");
cookie.setDomain(applicationConfig.getDomainName());
response.addCookie(cookie);
request.getSession().removeAttribute(WebConstants.REMEBER_ME_SESSION);
}
return true;
}
public boolean updateRemeberMe(RemeberMe remeberMe, HttpServletResponse response) {
remeberMe.setAuthKey(WebContext.genId());
remeberMe.setLastLogin(new Date());
update(remeberMe);
_logger.debug("update Remeber Me " + remeberMe);
_logger.debug("Cookie Name : " + WebConstants.REMEBER_ME_COOKIE);
String jsonRemeberMe = JsonUtils.object2Json(remeberMe);
_logger.debug("Remeber Me JSON " + jsonRemeberMe);
_logger.debug("Encode Remeber Me JSON ...");
jsonRemeberMe = PasswordReciprocal.getInstance().encode(jsonRemeberMe);
_logger.debug("Encode Remeber Me JSON " + jsonRemeberMe);
String cookieValue = Base64Utils.base64UrlEncode(jsonRemeberMe.getBytes());
Cookie cookie = new Cookie(WebConstants.REMEBER_ME_COOKIE, cookieValue);
Integer maxAge = getRemeberMeValidity();
_logger.debug("Cookie Max Age :" + maxAge + " seconds.");
cookie.setMaxAge(maxAge);
// cookie.setPath("/");
cookie.setDomain(applicationConfig.getDomainName());
response.addCookie(cookie);
return true;
}
public boolean removeRemeberMe(HttpServletResponse response) {
Cookie cookie = new Cookie(WebConstants.REMEBER_ME_COOKIE, null);
cookie.setMaxAge(0);
cookie.setDomain(applicationConfig.getDomainName());
response.addCookie(cookie);
remove(WebContext.getUserInfo().getUsername());
return true;
}
public Integer getRemeberMeValidity() {
return remeberMeValidity;
}
public void setRemeberMeValidity(Integer remeberMeValidity) {
this.remeberMeValidity = remeberMeValidity;
}
public String getValidity() {
return validity;
}
public void setApplicationConfig(ApplicationConfig applicationConfig) {
this.applicationConfig = applicationConfig;
}
public void setValidity(String validity) {
_logger.debug("validity : " + validity);
this.validity = validity;
if (Pattern.matches("[0-9]+", validity)) {
remeberMeValidity = Integer.parseInt(validity);
} else if (validity.equalsIgnoreCase("ONE_DAY")) {
remeberMeValidity = ConstsTimeInterval.ONE_DAY;
} else if (validity.equalsIgnoreCase("ONE_WEEK")) {
remeberMeValidity = ConstsTimeInterval.ONE_WEEK;
} else if (validity.equalsIgnoreCase("TWO_WEEK")) {
remeberMeValidity = ConstsTimeInterval.TWO_WEEK;
} else if (validity.equalsIgnoreCase("ONE_YEAR")) {
remeberMeValidity = ConstsTimeInterval.ONE_YEAR;
}
_logger.debug("Remeber Me Validity : " + remeberMeValidity);
}
}

149
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/HttpRemeberMeEntryPoint.java
View File

@ -1,149 +0,0 @@
/*
* Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.maxkey.authn.support.rememberme;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.joda.time.DateTime;
import org.maxkey.authn.AbstractAuthenticationProvider;
import org.maxkey.authn.LoginCredential;
import org.maxkey.configuration.ApplicationConfig;
import org.maxkey.constants.ConstsLoginType;
import org.maxkey.crypto.Base64Utils;
import org.maxkey.crypto.password.PasswordReciprocal;
import org.maxkey.util.JsonUtils;
import org.maxkey.web.WebConstants;
import org.maxkey.web.WebContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.servlet.AsyncHandlerInterceptor;
public class HttpRemeberMeEntryPoint implements AsyncHandlerInterceptor {
private static final Logger _logger = LoggerFactory.getLogger(HttpRemeberMeEntryPoint.class);
boolean enable;
ApplicationConfig applicationConfig;
AbstractAuthenticationProvider authenticationProvider ;
AbstractRemeberMeService remeberMeService;
@Override
public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
boolean isAuthenticated= WebContext.isAuthenticated();
Cookie readRemeberMeCookie = WebContext.readCookieByName(request,WebConstants.REMEBER_ME_COOKIE);
if(!enable
|| isAuthenticated
|| readRemeberMeCookie==null
|| !applicationConfig.getLoginConfig().isRemeberMe()){
return true;
}
_logger.trace("RemeberMe Login Start ...");
_logger.trace("Request url : "+ request.getRequestURL());
_logger.trace("Request URI : "+ request.getRequestURI());
_logger.trace("Request ContextPath : "+ request.getContextPath());
_logger.trace("Request ServletPath : "+ request.getServletPath());
_logger.trace("RequestSessionId : "+ request.getRequestedSessionId());
_logger.trace("isRequestedSessionIdValid : "+ request.isRequestedSessionIdValid());
_logger.trace("getSession : "+ request.getSession(false));
// session not existssession timeoutrecreate new session
if(request.getSession(false) == null) {
_logger.info("recreate new session .");
request.getSession(true);
}
_logger.trace("getSession.getId : "+ request.getSession().getId());
_logger.debug("Try RemeberMe login ");
String remeberMe = readRemeberMeCookie.getValue();
_logger.debug("RemeberMe : " + remeberMe);
remeberMe = new String(Base64Utils.base64UrlDecode(remeberMe));
remeberMe = PasswordReciprocal.getInstance().decoder(remeberMe);
_logger.debug("decoder RemeberMe : " + remeberMe);
RemeberMe remeberMeCookie = new RemeberMe();
remeberMeCookie = (RemeberMe) JsonUtils.json2Object(remeberMe, remeberMeCookie);
_logger.debug("Remeber Me Cookie : " + remeberMeCookie);
RemeberMe storeRemeberMe = remeberMeService.read(remeberMeCookie);
if (storeRemeberMe != null) {
DateTime loginDate = new DateTime(storeRemeberMe.getLastLogin());
DateTime expiryDate = loginDate.plusSeconds(remeberMeService.getRemeberMeValidity());
DateTime now = new DateTime();
if (now.isBefore(expiryDate)) {
LoginCredential loginCredential =
new LoginCredential(storeRemeberMe.getUsername(),"",ConstsLoginType.REMEBER_ME);
authenticationProvider.authentication(loginCredential,true);
remeberMeService.updateRemeberMe(remeberMeCookie, response);
_logger.debug("RemeberMe Logined in , username " + storeRemeberMe.getUsername());
}
}
return true;
}
public HttpRemeberMeEntryPoint() {
super();
}
public HttpRemeberMeEntryPoint (boolean enable) {
super();
this.enable = enable;
}
public HttpRemeberMeEntryPoint(
AbstractAuthenticationProvider authenticationProvider, AbstractRemeberMeService remeberMeService,
ApplicationConfig applicationConfig,boolean enable) {
super();
this.enable = enable;
this.applicationConfig = applicationConfig;
this.authenticationProvider = authenticationProvider;
this.remeberMeService = remeberMeService;
}
public boolean isEnable() {
return enable;
}
public void setEnable(boolean enable) {
this.enable = enable;
}
public void setApplicationConfig(ApplicationConfig applicationConfig) {
this.applicationConfig = applicationConfig;
}
public void setAuthenticationProvider(AbstractAuthenticationProvider authenticationProvider) {
this.authenticationProvider = authenticationProvider;
}
public void setRemeberMeService(AbstractRemeberMeService remeberMeService) {
this.remeberMeService = remeberMeService;
}
}

54
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/InMemoryRemeberMeService.java
View File

@ -1,54 +0,0 @@
/*
* Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.maxkey.authn.support.rememberme;
import java.util.concurrent.TimeUnit;
import org.maxkey.constants.ConstsTimeInterval;
import com.github.benmanes.caffeine.cache.Cache;
import com.github.benmanes.caffeine.cache.Caffeine;
public class InMemoryRemeberMeService extends AbstractRemeberMeService {
protected static final Cache<String, RemeberMe> remeberMeStore =
Caffeine.newBuilder()
.expireAfterWrite(ConstsTimeInterval.TWO_WEEK, TimeUnit.SECONDS)
.build();
@Override
public void save(RemeberMe remeberMe) {
remeberMeStore.put(remeberMe.getUsername(), remeberMe);
}
@Override
public void update(RemeberMe remeberMe) {
remeberMeStore.put(remeberMe.getUsername(), remeberMe);
}
@Override
public RemeberMe read(RemeberMe remeberMe) {
return remeberMeStore.getIfPresent(remeberMe.getUsername());
}
@Override
public void remove(String username) {
remeberMeStore.invalidate(username);
}
}

91
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/JdbcRemeberMeService.java
View File

@ -1,91 +0,0 @@
/*
* Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.maxkey.authn.support.rememberme;
import java.sql.ResultSet;
import java.sql.SQLException;
import java.sql.Types;
import java.util.List;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.jdbc.core.JdbcTemplate;
import org.springframework.jdbc.core.RowMapper;
public class JdbcRemeberMeService extends AbstractRemeberMeService {
private static final Logger _logger = LoggerFactory.getLogger(JdbcRemeberMeService.class);
private static final String DEFAULT_DEFAULT_INSERT_STATEMENT =
"INSERT INTO REMEMBER_ME(ID, USERNAME,AUTHKEY,LASTLOGIN)VALUES( ? , ? , ? , ?)";
private static final String DEFAULT_DEFAULT_SELECT_STATEMENT =
"SELECT ID, USERNAME,AUTHKEY,LASTLOGIN FROM REMEMBER_ME "
+ " WHERE ID = ? AND USERNAME = ? AND AUTHKEY = ?";
private static final String DEFAULT_DEFAULT_DELETE_STATEMENT =
"DELETE FROM REMEMBER_ME WHERE USERNAME = ?";
private static final String DEFAULT_DEFAULT_UPDATE_STATEMENT =
"UPDATE REMEMBER_ME SET AUTHKEY = ? , LASTLOGIN = ? WHERE ID = ?";
private final JdbcTemplate jdbcTemplate;
public JdbcRemeberMeService(JdbcTemplate jdbcTemplate) {
this.jdbcTemplate = jdbcTemplate;
}
@Override
public void save(RemeberMe remeberMe) {
jdbcTemplate.update(DEFAULT_DEFAULT_INSERT_STATEMENT,
new Object[] { remeberMe.getId(), remeberMe.getUsername(), remeberMe.getAuthKey(),
remeberMe.getLastLogin() },
new int[] { Types.VARCHAR, Types.VARCHAR, Types.VARCHAR, Types.TIMESTAMP });
}
@Override
public void update(RemeberMe remeberMe) {
jdbcTemplate.update(DEFAULT_DEFAULT_UPDATE_STATEMENT,
new Object[] {
remeberMe.getAuthKey(),
remeberMe.getLastLogin(),
remeberMe.getId()
});
}
@Override
public RemeberMe read(RemeberMe remeberMe) {
List<RemeberMe> listRemeberMe = jdbcTemplate.query(DEFAULT_DEFAULT_SELECT_STATEMENT,
new RowMapper<RemeberMe>() {
public RemeberMe mapRow(ResultSet rs, int rowNum) throws SQLException {
RemeberMe remeberMe = new RemeberMe();
remeberMe.setId(rs.getString(1));
remeberMe.setUsername(rs.getString(2));
remeberMe.setAuthKey(rs.getString(3));
remeberMe.setLastLogin(rs.getDate(4));
return remeberMe;
}
}, remeberMe.getId(), remeberMe.getUsername(), remeberMe.getAuthKey());
_logger.debug("listRemeberMe " + listRemeberMe);
return (listRemeberMe.size() > 0) ? listRemeberMe.get(0) : null;
}
@Override
public void remove(String username) {
jdbcTemplate.update(DEFAULT_DEFAULT_DELETE_STATEMENT, username);
}
}

71
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/RedisRemeberMeService.java
View File

@ -1,71 +0,0 @@
/*
* Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.maxkey.authn.support.rememberme;
import org.maxkey.constants.ConstsTimeInterval;
import org.maxkey.persistence.redis.RedisConnection;
import org.maxkey.persistence.redis.RedisConnectionFactory;
public class RedisRemeberMeService extends AbstractRemeberMeService {
protected int serviceTicketValiditySeconds = ConstsTimeInterval.TWO_WEEK;
RedisConnectionFactory connectionFactory;
public static String PREFIX = "REDIS_REMEBER_ME_SERVICE_";
@Override
public void save(RemeberMe remeberMe) {
RedisConnection conn = connectionFactory.getConnection();
conn.setexObject(PREFIX + remeberMe.getUsername(), serviceTicketValiditySeconds, remeberMe);
conn.close();
}
@Override
public void update(RemeberMe remeberMe) {
RedisConnection conn = connectionFactory.getConnection();
conn.setexObject(PREFIX + remeberMe.getUsername(), serviceTicketValiditySeconds, remeberMe);
conn.close();
}
@Override
public RemeberMe read(RemeberMe remeberMe) {
RedisConnection conn = connectionFactory.getConnection();
RemeberMe readRemeberMe = (RemeberMe)conn.getObject(PREFIX + remeberMe.getUsername());
conn.close();
return readRemeberMe;
}
@Override
public void remove(String username) {
RedisConnection conn = connectionFactory.getConnection();
conn.delete(PREFIX + username);
conn.close();
}
public RedisRemeberMeService(RedisConnectionFactory connectionFactory) {
super();
this.connectionFactory = connectionFactory;
}
public void setConnectionFactory(RedisConnectionFactory connectionFactory) {
this.connectionFactory = connectionFactory;
}
}

74
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/RemeberMe.java
View File

@ -1,74 +0,0 @@
/*
* Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.maxkey.authn.support.rememberme;
import java.io.Serializable;
import java.util.Date;
public class RemeberMe implements Serializable {
private static final long serialVersionUID = 8010496585233991785L;
String id;
String username;
String authKey;
Date lastLogin;
public String getId() {
return id;
}
public void setId(String id) {
this.id = id;
}
public String getUsername() {
return username;
}
public void setUsername(String username) {
this.username = username;
}
public String getAuthKey() {
return authKey;
}
public void setAuthKey(String authKey) {
this.authKey = authKey;
}
public Date getLastLogin() {
return lastLogin;
}
public void setLastLogin(Date lastLogin) {
this.lastLogin = lastLogin;
}
@Override
public String toString() {
return "RemeberMe [id=" + id
+ ", username=" + username
+ ", authKey=" + authKey + ", lastLogin=" + lastLogin
+ "]";
}
}

48
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/RemeberMeServiceFactory.java
View File

@ -1,48 +0,0 @@
/*
* Copyright [2021] [MaxKey of copyright http://www.maxkey.top]
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.maxkey.authn.support.rememberme;
import org.maxkey.constants.ConstsPersistence;
import org.maxkey.persistence.redis.RedisConnectionFactory;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.jdbc.core.JdbcTemplate;
public class RemeberMeServiceFactory {
private static final Logger _logger =
LoggerFactory.getLogger(RemeberMeServiceFactory.class);
public AbstractRemeberMeService getService(
int persistence,
JdbcTemplate jdbcTemplate,
RedisConnectionFactory redisConnFactory){
AbstractRemeberMeService remeberMeService = null;
if (persistence == ConstsPersistence.INMEMORY) {
remeberMeService = new InMemoryRemeberMeService();
_logger.debug("InMemoryRemeberMeService");
} else if (persistence == ConstsPersistence.JDBC) {
//remeberMeService = new JdbcRemeberMeService(jdbcTemplate);
_logger.debug("JdbcRemeberMeService not support ");
} else if (persistence == ConstsPersistence.REDIS) {
remeberMeService = new RedisRemeberMeService(redisConnFactory);
_logger.debug("RedisRemeberMeService");
}
return remeberMeService;
}
}

4
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/wsfederation/HttpWsFederationEntryPoint.java
View File

@ -21,10 +21,10 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.maxkey.authn.AbstractAuthenticationProvider; import org.maxkey.authn.AbstractAuthenticationProvider;
import org.maxkey.authn.LoginCredential; import org.maxkey.authn.LoginCredential;
import org.maxkey.authn.web.AuthorizationUtils;
import org.maxkey.configuration.ApplicationConfig; import org.maxkey.configuration.ApplicationConfig;
import org.maxkey.constants.ConstsLoginType; import org.maxkey.constants.ConstsLoginType;
import org.maxkey.util.StringUtils; import org.maxkey.util.StringUtils;
import org.maxkey.web.WebContext;
import org.opensaml.saml1.core.impl.AssertionImpl; import org.opensaml.saml1.core.impl.AssertionImpl;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
@ -44,7 +44,7 @@ public class HttpWsFederationEntryPoint implements AsyncHandlerInterceptor {
@Override @Override
public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception { public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
boolean isAuthenticated= WebContext.isAuthenticated(); boolean isAuthenticated= AuthorizationUtils.isAuthenticated();
String wsFederationWA = request.getParameter(WsFederationConstants.WA); String wsFederationWA = request.getParameter(WsFederationConstants.WA);
String wsFederationWResult = request.getParameter(WsFederationConstants.WRESULT); String wsFederationWResult = request.getParameter(WsFederationConstants.WRESULT);

95
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/AuthorizationUtils.java Normal file
View File

@ -0,0 +1,95 @@
package org.maxkey.authn.web;
import java.text.ParseException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import org.maxkey.authn.SigninPrincipal;
import org.maxkey.authn.jwt.AuthJwtService;
import org.maxkey.authn.online.OnlineTicket;
import org.maxkey.authn.online.OnlineTicketService;
import org.maxkey.entity.UserInfo;
import org.maxkey.util.AuthorizationHeaderUtils;
import org.maxkey.web.WebConstants;
import org.maxkey.web.WebContext;
import org.springframework.security.core.Authentication;
public class AuthorizationUtils {
static final String Authorization = "Authorization";
public static void authenticateWithCookie(
HttpServletRequest request,
AuthJwtService authJwtService,
OnlineTicketService onlineTicketService
) throws ParseException{
if(getAuthentication() == null) {
Cookie authCookie = WebContext.getCookie(request, Authorization);
if(authCookie != null ) {
String authorization = authCookie.getValue();
doAuthenticate(authorization,authJwtService,onlineTicketService);
}
}
}
public static void authenticate(
HttpServletRequest request,
AuthJwtService authJwtService,
OnlineTicketService onlineTicketService
) throws ParseException{
if(getAuthentication() == null) {
String authorization = AuthorizationHeaderUtils.resolveBearer(request);
if(authorization != null ) {
doAuthenticate(authorization,authJwtService,onlineTicketService);
}
}
}
public static void doAuthenticate(
String authorization,
AuthJwtService authJwtService,
OnlineTicketService onlineTicketService) throws ParseException {
if(authJwtService.validateJwtToken(authorization)) {
String ticket = authJwtService.resolveTicket(authorization);
OnlineTicket onlineTicket = onlineTicketService.get(ticket);
if(onlineTicket != null) {
setAuthentication(onlineTicket.getAuthentication());
}
}
}
public static void setAuthentication(Authentication authentication) {
WebContext.setAttribute(WebConstants.AUTHENTICATION, authentication);
}
public static Authentication getAuthentication() {
Authentication authentication = (Authentication) WebContext.getAttribute(WebConstants.AUTHENTICATION);
return authentication;
}
public static boolean isAuthenticated() {
return getAuthentication() != null;
}
public static boolean isNotAuthenticated() {
return getAuthentication() == null;
}
public static SigninPrincipal getPrincipal() {
Authentication authentication = getAuthentication();
return authentication == null ? null :(SigninPrincipal) authentication.getPrincipal();
}
public static UserInfo getUserInfo() {
Authentication authentication = getAuthentication();
UserInfo userInfo = null;
if(isAuthenticated() && (authentication.getPrincipal() instanceof SigninPrincipal)) {
SigninPrincipal signinPrincipal = ((SigninPrincipal) authentication.getPrincipal());
userInfo = signinPrincipal.getUserInfo();
}
return userInfo;
}
}

2
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/CurrentUserMethodArgumentResolver.java
View File

@ -24,7 +24,7 @@ public class CurrentUserMethodArgumentResolver implements HandlerMethodArgumentR
public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer, NativeWebRequest webRequest, WebDataBinderFactory binderFactory) throws Exception { public Object resolveArgument(MethodParameter parameter, ModelAndViewContainer mavContainer, NativeWebRequest webRequest, WebDataBinderFactory binderFactory) throws Exception {
UserInfo userInfo = null; UserInfo userInfo = null;
Authentication authentication = (Authentication ) webRequest.getAttribute(WebConstants.AUTHENTICATION, RequestAttributes.SCOPE_SESSION); Authentication authentication = (Authentication ) webRequest.getAttribute(WebConstants.AUTHENTICATION, RequestAttributes.SCOPE_SESSION);
if(authentication.getPrincipal() instanceof SigninPrincipal) { if((authentication != null) && (authentication.getPrincipal() instanceof SigninPrincipal)) {
SigninPrincipal signinPrincipal = ((SigninPrincipal) authentication.getPrincipal()); SigninPrincipal signinPrincipal = ((SigninPrincipal) authentication.getPrincipal());
userInfo = signinPrincipal.getUserInfo(); userInfo = signinPrincipal.getUserInfo();
if (userInfo != null) { if (userInfo != null) {

4
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/SessionSecurityContextHolderStrategy.java
View File

@ -45,7 +45,7 @@ public class SessionSecurityContextHolderStrategy implements SecurityContextHold
SecurityContext ctx = createEmptyContext(); SecurityContext ctx = createEmptyContext();
Authentication authentication = null; Authentication authentication = null;
try { try {
authentication = (Authentication)WebContext.getAuthentication(); authentication = (Authentication)AuthorizationUtils.getAuthentication();
if (authentication != null) { if (authentication != null) {
ctx.setAuthentication(authentication); ctx.setAuthentication(authentication);
} }
@ -59,7 +59,7 @@ public class SessionSecurityContextHolderStrategy implements SecurityContextHold
@Override @Override
public void setContext(SecurityContext context) { public void setContext(SecurityContext context) {
WebContext.setAuthentication(context.getAuthentication()); AuthorizationUtils.setAuthentication(context.getAuthentication());
} }
@Override @Override

18
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/AuthEntryPoint.java → maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/UnauthorizedEntryPoint.java
View File

@ -18,24 +18,24 @@ import com.fasterxml.jackson.databind.DatabindException;
import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.ObjectMapper;
@Controller @Controller
public class AuthEntryPoint { public class UnauthorizedEntryPoint {
private static final Logger _logger = LoggerFactory.getLogger(AuthEntryPoint.class); private static final Logger _logger = LoggerFactory.getLogger(UnauthorizedEntryPoint.class);
@RequestMapping(value={"/auth/entrypoint"}) @RequestMapping(value={"/auth/entrypoint"})
public void entryPoint( public void entryPoint(
HttpServletRequest request, HttpServletResponse response) HttpServletRequest request, HttpServletResponse response)
throws StreamWriteException, DatabindException, IOException { throws StreamWriteException, DatabindException, IOException {
_logger.trace("AuthEntryPoint /entrypoint."); _logger.trace("UnauthorizedEntryPoint /entrypoint.");
response.setContentType(MediaType.APPLICATION_JSON_VALUE); response.setContentType(MediaType.APPLICATION_JSON_VALUE);
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED); response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
final Map<String, Object> body = new HashMap<>(); final Map<String, Object> responseBody = new HashMap<>();
body.put("status", HttpServletResponse.SC_UNAUTHORIZED); responseBody.put("status", HttpServletResponse.SC_UNAUTHORIZED);
body.put("error", "Unauthorized"); responseBody.put("error", "Unauthorized");
body.put("message", "Unauthorized"); responseBody.put("message", "Unauthorized");
body.put("path", request.getServletPath()); responseBody.put("path", request.getServletPath());
final ObjectMapper mapper = new ObjectMapper(); final ObjectMapper mapper = new ObjectMapper();
mapper.writeValue(response.getOutputStream(), body); mapper.writeValue(response.getOutputStream(), responseBody);
} }
} }

115
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/interceptor/PermissionAdapter.java
View File

@ -1,115 +0,0 @@
/*
* Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.maxkey.authn.web.interceptor;
import javax.servlet.RequestDispatcher;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.maxkey.authn.SigninPrincipal;
import org.maxkey.authn.jwt.AuthJwtService;
import org.maxkey.authn.online.OnlineTicket;
import org.maxkey.authn.online.OnlineTicketService;
import org.maxkey.configuration.ApplicationConfig;
import org.maxkey.util.AuthorizationHeaderUtils;
import org.maxkey.web.WebContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.AsyncHandlerInterceptor;
/**
* 权限Interceptor处理
* 权限处理需在servlet.xml中配置
* mvc:interceptors permission
* @author Crystal.Sea
*
*/
@Component
public class PermissionAdapter implements AsyncHandlerInterceptor {
private static final Logger _logger = LoggerFactory.getLogger(PermissionAdapter.class);
//无需Interceptor url
@Autowired
@Qualifier("applicationConfig")
private ApplicationConfig applicationConfig;
@Autowired
@Qualifier("onlineTicketService")
OnlineTicketService onlineTicketService;
@Autowired
@Qualifier("authJwtService")
AuthJwtService authJwtService ;
/*
* 请求前处理
* (non-Javadoc)
* @see org.springframework.web.servlet.handler.HandlerInterceptorAdapter#preHandle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object)
*/
@Override
public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
_logger.trace("PermissionAdapter preHandle");
String authorization = AuthorizationHeaderUtils.resolveBearer(request);
if(authJwtService.validateJwtToken(authorization)) {
String ticket = authJwtService.resolveTicket(authorization);
if(WebContext.getAuthentication()==null) {
OnlineTicket onlineTicket = onlineTicketService.get(ticket);
if(onlineTicket != null) {
WebContext.setAuthentication(onlineTicket.getAuthentication());
}
}
//判断用户是否登录
if(WebContext.getAuthentication()==null
||WebContext.getAuthentication().getAuthorities()==null){//判断用户和角色判断用户是否登录用户
_logger.trace("No Authentication ... forward to /auth/entrypoint");
RequestDispatcher dispatcher = request.getRequestDispatcher("/auth/entrypoint");
dispatcher.forward(request, response);
return false;
}
//非管理员用户直接注销
if (!((SigninPrincipal) WebContext.getAuthentication().getPrincipal()).isRoleAdministrators()) {
_logger.debug("Not ADMINISTRATORS Authentication .");
RequestDispatcher dispatcher = request.getRequestDispatcher("/logout");
dispatcher.forward(request, response);
return false;
}
}
boolean hasAccess=true;
/*
boolean preHandler = super.preHandle(request, response, handler);
if(preHandler) {
preHandler = false;
if(!preHandler){//无权限转向
log.debug("You do not have permission to access "+accessUrl);
RequestDispatcher dispatcher = request.getRequestDispatcher("/accessdeny");
dispatcher.forward(request, response);
return false;
}
}*/
return hasAccess;
}
}

84
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/interceptor/PermissionInterceptor.java Normal file
View File

@ -0,0 +1,84 @@
/*
* Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.maxkey.authn.web.interceptor;
import javax.servlet.RequestDispatcher;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.maxkey.authn.SigninPrincipal;
import org.maxkey.authn.jwt.AuthJwtService;
import org.maxkey.authn.online.OnlineTicketService;
import org.maxkey.authn.web.AuthorizationUtils;
import org.maxkey.configuration.ApplicationConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.AsyncHandlerInterceptor;
/**
* 权限Interceptor处理
* 权限处理需在servlet.xml中配置
* mvc:interceptors permission
* @author Crystal.Sea
*
*/
@Component
public class PermissionInterceptor implements AsyncHandlerInterceptor {
private static final Logger _logger = LoggerFactory.getLogger(PermissionInterceptor.class);
//无需Interceptor url
@Autowired
ApplicationConfig applicationConfig;
@Autowired
OnlineTicketService onlineTicketService;
@Autowired
AuthJwtService authJwtService ;
/*
* 请求前处理
* (non-Javadoc)
* @see org.springframework.web.servlet.handler.HandlerInterceptorAdapter#preHandle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object)
*/
@Override
public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
_logger.trace("PermissionAdapter preHandle");
AuthorizationUtils.authenticate(request, authJwtService, onlineTicketService);
//判断用户是否登录
if(AuthorizationUtils.getAuthentication()==null
||AuthorizationUtils.getAuthentication().getAuthorities()==null){//判断用户和角色判断用户是否登录用户
_logger.trace("No Authentication ... forward to /auth/entrypoint");
RequestDispatcher dispatcher = request.getRequestDispatcher("/auth/entrypoint");
dispatcher.forward(request, response);
return false;
}
//非管理员用户直接注销
if (!((SigninPrincipal) AuthorizationUtils.getAuthentication().getPrincipal()).isRoleAdministrators()) {
_logger.debug("Not ADMINISTRATORS Authentication .");
RequestDispatcher dispatcher = request.getRequestDispatcher("/logout");
dispatcher.forward(request, response);
return false;
}
boolean hasAccess=true;
return hasAccess;
}
}

16
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/autoconfigure/AuthenticationAutoConfiguration.java
View File

@ -24,8 +24,6 @@ import org.maxkey.authn.jwt.AuthJwtService;
import org.maxkey.authn.online.OnlineTicketService; import org.maxkey.authn.online.OnlineTicketService;
import org.maxkey.authn.online.OnlineTicketServiceFactory; import org.maxkey.authn.online.OnlineTicketServiceFactory;
import org.maxkey.authn.realm.AbstractAuthenticationRealm; import org.maxkey.authn.realm.AbstractAuthenticationRealm;
import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
import org.maxkey.authn.support.rememberme.RemeberMeServiceFactory;
import org.maxkey.authn.web.SessionListenerAdapter; import org.maxkey.authn.web.SessionListenerAdapter;
import org.maxkey.configuration.ApplicationConfig; import org.maxkey.configuration.ApplicationConfig;
import org.maxkey.configuration.AuthJwkConfig; import org.maxkey.configuration.AuthJwkConfig;
@ -69,7 +67,6 @@ public class AuthenticationAutoConfiguration implements InitializingBean {
ApplicationConfig applicationConfig, ApplicationConfig applicationConfig,
AbstractOtpAuthn tfaOtpAuthn, AbstractOtpAuthn tfaOtpAuthn,
OtpAuthnService otpAuthnService, OtpAuthnService otpAuthnService,
AbstractRemeberMeService remeberMeService,
OnlineTicketService onlineTicketServices OnlineTicketService onlineTicketServices
) { ) {
@ -79,7 +76,6 @@ public class AuthenticationAutoConfiguration implements InitializingBean {
applicationConfig, applicationConfig,
tfaOtpAuthn, tfaOtpAuthn,
otpAuthnService, otpAuthnService,
remeberMeService,
onlineTicketServices onlineTicketServices
); );
@ -125,18 +121,6 @@ public class AuthenticationAutoConfiguration implements InitializingBean {
return new LoginHistoryRepository(jdbcTemplate); return new LoginHistoryRepository(jdbcTemplate);
} }
/**
* remeberMeService .
* @return
*/
@Bean(name = "remeberMeService")
public AbstractRemeberMeService remeberMeService(
@Value("${maxkey.server.persistence}") int persistence,
@Value("${maxkey.login.remeberme.validity}") int validity,
JdbcTemplate jdbcTemplate,
RedisConnectionFactory redisConnFactory) {
return new RemeberMeServiceFactory().getService(persistence, jdbcTemplate, redisConnFactory);
}
@Bean(name = "onlineTicketService") @Bean(name = "onlineTicketService")
public OnlineTicketService onlineTicketService( public OnlineTicketService onlineTicketService(

31
maxkey-authentications/maxkey-authentication-social/src/main/java/org/maxkey/authn/support/socialsignon/SocialSignOnEndpoint.java
View File

@ -23,9 +23,11 @@ package org.maxkey.authn.support.socialsignon;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import org.maxkey.authn.LoginCredential; import org.maxkey.authn.LoginCredential;
import org.maxkey.authn.web.AuthorizationUtils;
import org.maxkey.constants.ConstsLoginType; import org.maxkey.constants.ConstsLoginType;
import org.maxkey.entity.SocialsAssociate; import org.maxkey.entity.SocialsAssociate;
import org.maxkey.entity.SocialsProvider; import org.maxkey.entity.SocialsProvider;
import org.maxkey.entity.UserInfo;
import org.maxkey.web.WebContext; import org.maxkey.web.WebContext;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
@ -71,30 +73,6 @@ public class SocialSignOnEndpoint extends AbstractSocialSignOnEndpoint{
return socialSignOnAuthorize(request,provider); return socialSignOnAuthorize(request,provider);
} }
@RequestMapping(value={"/unbind/{provider}"}, method = RequestMethod.GET)
public ModelAndView unbind(HttpServletRequest request,
@PathVariable String provider) {
WebContext.setAttribute(SOCIALSIGNON_SESSION_REDIRECT_URI, request.getParameter(SOCIALSIGNON_REDIRECT_URI));
SocialsAssociate socialSignOnUser =new SocialsAssociate();
socialSignOnUser.setProvider(provider);
socialSignOnUser.setUserId(WebContext.getUserInfo().getId());
socialSignOnUser.setUsername(WebContext.getUserInfo().getUsername());
_logger.debug("Social Sign On unbind {} from user {}",
provider,
WebContext.getUserInfo().getUsername()
);
socialsAssociateService.delete(socialSignOnUser);
Object redirect_uri = WebContext.getAttribute(SOCIALSIGNON_SESSION_REDIRECT_URI);
if(redirect_uri != null){
return WebContext.redirect(redirect_uri.toString());
}else{
return WebContext.forward("/socialsignon/list");
}
}
@RequestMapping(value={"/authorize/{provider}/{appid}"}, method = RequestMethod.GET) @RequestMapping(value={"/authorize/{provider}/{appid}"}, method = RequestMethod.GET)
public ModelAndView authorize2AppId(HttpServletRequest request, public ModelAndView authorize2AppId(HttpServletRequest request,
@PathVariable("provider") String provider, @PathVariable("provider") String provider,
@ -177,9 +155,10 @@ public class SocialSignOnEndpoint extends AbstractSocialSignOnEndpoint{
return false; return false;
} }
UserInfo userInfo = AuthorizationUtils.getUserInfo();
socialsAssociate.setSocialUserInfo(accountJsonString); socialsAssociate.setSocialUserInfo(accountJsonString);
socialsAssociate.setUserId(WebContext.getUserInfo().getId()); socialsAssociate.setUserId(userInfo.getId());
socialsAssociate.setUsername(WebContext.getUserInfo().getUsername()); socialsAssociate.setUsername(userInfo.getUsername());
//socialsAssociate.setAccessToken(JsonUtils.object2Json(accessToken)); //socialsAssociate.setAccessToken(JsonUtils.object2Json(accessToken));
//socialsAssociate.setExAttribute(JsonUtils.object2Json(accessToken.getResponseObject())); //socialsAssociate.setExAttribute(JsonUtils.object2Json(accessToken.getResponseObject()));
_logger.debug("Social Bind : "+socialsAssociate); _logger.debug("Social Bind : "+socialsAssociate);

63
maxkey-core/src/main/java/org/maxkey/entity/ChangePassword.java
View File

@ -36,9 +36,11 @@ public class ChangePassword extends JpaBaseEntity{
private String displayName; private String displayName;
private String oldPassword; private String oldPassword;
private String password; private String password;
private String confirmpassword; private String confirmPassword;
private String decipherable; private String decipherable;
private String instId; private String instId;
private int passwordSetType;
private String passwordLastSetTime;
/** /**
* *
@ -47,6 +49,23 @@ public class ChangePassword extends JpaBaseEntity{
} }
public ChangePassword(String username,String password) {
this.username = username;
this.password = password;
}
public ChangePassword(UserInfo userInfo) {
this.setId(userInfo.getId());
this.setUserId(userInfo.getId());
this.setUsername(userInfo.getUsername());
this.setWindowsAccount(userInfo.getWindowsAccount());
this.setMobile(userInfo.getMobile());
this.setEmail(userInfo.getEmail());
this.setEmployeeNumber(userInfo.getEmployeeNumber());
this.setDecipherable(userInfo.getDecipherable());
this.setPassword(userInfo.getPassword());
this.setInstId(userInfo.getInstId());
}
/** /**
* @return the id * @return the id
@ -127,23 +146,14 @@ public class ChangePassword extends JpaBaseEntity{
this.password = password; this.password = password;
} }
public String getConfirmPassword() {
/** return confirmPassword;
* @return the confirmpassword
*/
public String getConfirmpassword() {
return confirmpassword;
} }
public void setConfirmPassword(String confirmPassword) {
/** this.confirmPassword = confirmPassword;
* @param confirmpassword the confirmpassword to set
*/
public void setConfirmpassword(String confirmpassword) {
this.confirmpassword = confirmpassword;
} }
/** /**
* @return the decipherable * @return the decipherable
*/ */
@ -217,6 +227,27 @@ public class ChangePassword extends JpaBaseEntity{
this.instId = instId; this.instId = instId;
} }
public int getPasswordSetType() {
return passwordSetType;
}
public void setPasswordSetType(int passwordSetType) {
this.passwordSetType = passwordSetType;
}
public String getPasswordLastSetTime() {
return passwordLastSetTime;
}
public void setPasswordLastSetTime(String passwordLastSetTime) {
this.passwordLastSetTime = passwordLastSetTime;
}
@Override @Override
public String toString() { public String toString() {
StringBuilder builder = new StringBuilder(); StringBuilder builder = new StringBuilder();
@ -232,8 +263,8 @@ public class ChangePassword extends JpaBaseEntity{
builder.append(oldPassword); builder.append(oldPassword);
builder.append(", password="); builder.append(", password=");
builder.append(password); builder.append(password);
builder.append(", confirmpassword="); builder.append(", confirmPassword=");
builder.append(confirmpassword); builder.append(confirmPassword);
builder.append(", decipherable="); builder.append(", decipherable=");
builder.append(decipherable); builder.append(decipherable);
builder.append("]"); builder.append("]");

6
maxkey-core/src/main/java/org/maxkey/entity/UserInfo.java
View File

@ -1361,6 +1361,12 @@ public class UserInfo extends JpaBaseEntity {
this.originId2 = originId2; this.originId2 = originId2;
} }
public void trans() {
this.setPassword("");
this.setDecipherable("");
this.transPictureBase64();
}
@Override @Override
public String toString() { public String toString() {
StringBuilder builder = new StringBuilder(); StringBuilder builder = new StringBuilder();

7
maxkey-core/src/main/java/org/maxkey/persistence/repository/PasswordPolicyValidator.java
View File

@ -25,6 +25,7 @@ import org.joda.time.format.DateTimeFormat;
import org.maxkey.constants.ConstsPasswordSetType; import org.maxkey.constants.ConstsPasswordSetType;
import org.maxkey.constants.ConstsStatus; import org.maxkey.constants.ConstsStatus;
import org.maxkey.crypto.password.PasswordGen; import org.maxkey.crypto.password.PasswordGen;
import org.maxkey.entity.ChangePassword;
import org.maxkey.entity.PasswordPolicy; import org.maxkey.entity.PasswordPolicy;
import org.maxkey.entity.UserInfo; import org.maxkey.entity.UserInfo;
import org.maxkey.util.StringUtils; import org.maxkey.util.StringUtils;
@ -73,11 +74,11 @@ public class PasswordPolicyValidator {
* @param userInfo * @param userInfo
* @return boolean * @return boolean
*/ */
public boolean validator(UserInfo userInfo) { public boolean validator(ChangePassword changePassword) {
String password = userInfo.getPassword(); String password = changePassword.getPassword();
String username = userInfo.getUsername(); String username = changePassword.getUsername();
if(password.equals("") || password==null){ if(password.equals("") || password==null){
_logger.debug("password is Empty "); _logger.debug("password is Empty ");

46
maxkey-core/src/main/java/org/maxkey/web/WebContext.java
View File

@ -33,7 +33,6 @@ import org.apache.commons.lang3.StringUtils;
import org.apache.commons.logging.LogFactory; import org.apache.commons.logging.LogFactory;
import org.maxkey.configuration.ApplicationConfig; import org.maxkey.configuration.ApplicationConfig;
import org.maxkey.entity.Institutions; import org.maxkey.entity.Institutions;
import org.maxkey.entity.UserInfo;
import org.maxkey.util.DateUtils; import org.maxkey.util.DateUtils;
import org.maxkey.util.IdGenerator; import org.maxkey.util.IdGenerator;
import org.maxkey.web.message.Message; import org.maxkey.web.message.Message;
@ -42,7 +41,6 @@ import org.slf4j.LoggerFactory;
import org.springframework.beans.BeansException; import org.springframework.beans.BeansException;
import org.springframework.context.ApplicationContext; import org.springframework.context.ApplicationContext;
import org.springframework.core.env.StandardEnvironment; import org.springframework.core.env.StandardEnvironment;
import org.springframework.security.core.Authentication;
import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes; import org.springframework.web.context.request.ServletRequestAttributes;
import org.springframework.web.context.support.WebApplicationContextUtils; import org.springframework.web.context.support.WebApplicationContextUtils;
@ -107,24 +105,6 @@ public final class WebContext {
} }
/**
* set Current login user to session.
*
* @see WebConstants.CURRENT_USER
*/
public static void setUserInfo(UserInfo userInfo) {
setAttribute(WebConstants.CURRENT_USER, userInfo);
}
/**
* get Current login user from session.
*
* @see WebConstants.CURRENT_USER
* @return UserInfo
*/
public static UserInfo getUserInfo() {
return ((UserInfo) getAttribute(WebConstants.CURRENT_USER));
}
public static String getInst(HttpServletRequest request) { public static String getInst(HttpServletRequest request) {
String instId = "1"; String instId = "1";
@ -133,7 +113,7 @@ public final class WebContext {
instId = ((Institutions)request.getSession().getAttribute(WebConstants.CURRENT_INST)).getId(); instId = ((Institutions)request.getSession().getAttribute(WebConstants.CURRENT_INST)).getId();
}else { }else {
//from cookie //from cookie
instId = WebContext.readCookieByName(request, WebConstants.INST_COOKIE_NAME).getValue(); instId = WebContext.getCookie(request, WebConstants.INST_COOKIE_NAME).getValue();
} }
return StringUtils.isBlank(instId) ? "1" : instId; return StringUtils.isBlank(instId) ? "1" : instId;
} }
@ -167,25 +147,7 @@ public final class WebContext {
removeAttribute(WebConstants.CURRENT_MESSAGE); removeAttribute(WebConstants.CURRENT_MESSAGE);
} }
public static void setAuthentication(Authentication authentication) {
setAttribute(WebConstants.AUTHENTICATION, authentication);
}
public static Authentication getAuthentication() {
Authentication authentication = (Authentication) getAttribute(WebConstants.AUTHENTICATION);
return authentication;
}
/**
* isAuthenticated.
* @return isAuthenticated
*/
public static boolean isAuthenticated() {
if (getUserInfo() != null) {
return true;
}
return false;
}
/** /**
* get ApplicationContext from web ServletContext configuration * get ApplicationContext from web ServletContext configuration
@ -413,8 +375,8 @@ public final class WebContext {
* @param name cookie名字 * @param name cookie名字
* @return Cookie * @return Cookie
*/ */
public static Cookie readCookieByName(HttpServletRequest request, String name) { public static Cookie getCookie(HttpServletRequest request, String name) {
Map<String, Cookie> cookieMap = readCookieAll(request); Map<String, Cookie> cookieMap = getCookieAll(request);
if (cookieMap.containsKey(name)) { if (cookieMap.containsKey(name)) {
Cookie cookie = (Cookie) cookieMap.get(name); Cookie cookie = (Cookie) cookieMap.get(name);
return cookie; return cookie;
@ -429,7 +391,7 @@ public final class WebContext {
* @param request HttpServletRequest * @param request HttpServletRequest
* @return Map * @return Map
*/ */
private static Map<String, Cookie> readCookieAll(HttpServletRequest request) { private static Map<String, Cookie> getCookieAll(HttpServletRequest request) {
Map<String, Cookie> cookieMap = new HashMap<String, Cookie>(); Map<String, Cookie> cookieMap = new HashMap<String, Cookie>();
Cookie[] cookies = request.getCookies(); Cookie[] cookies = request.getCookies();
if (null != cookies) { if (null != cookies) {

86
maxkey-core/src/main/java/org/maxkey/web/tag/ThemeTagDirective.java
View File

@ -1,86 +0,0 @@
/*
* Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.maxkey.web.tag;
import freemarker.core.Environment;
import freemarker.template.TemplateDirectiveBody;
import freemarker.template.TemplateDirectiveModel;
import freemarker.template.TemplateException;
import freemarker.template.TemplateModel;
import java.io.IOException;
import java.util.Map;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.maxkey.constants.ConstsTimeInterval;
import org.maxkey.web.WebConstants;
import org.maxkey.web.WebContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
/**
* 获取主题标签 .<@theme/>
*
* @author Crystal.Sea
*
*/
@FreemarkerTag("theme")
public class ThemeTagDirective implements TemplateDirectiveModel {
private static final Logger _logger = LoggerFactory.getLogger(ThemeTagDirective.class);
@Autowired
private HttpServletRequest request;
@Autowired
HttpServletResponse response;
@SuppressWarnings("rawtypes")
@Override
public void execute(Environment env,
Map params, TemplateModel[] loopVars, TemplateDirectiveBody body)
throws TemplateException, IOException {
String theme = null;
if (null != WebContext.getUserInfo()) {
theme = WebContext.getUserInfo().getTheme();
_logger.trace("read theme form login user session , theme is " + theme);
}
if (null == theme) {
Cookie themeCookie =
WebContext.readCookieByName(request, WebConstants.THEME_COOKIE_NAME);
if (themeCookie != null) {
theme = themeCookie.getValue();
_logger.trace("read theme form cookie , theme is " + theme);
}
}
//每次登陆完成设置一次COOKIE
if (request.getAttribute(WebConstants.THEME_COOKIE_NAME) == null
&& null != WebContext.getUserInfo()) {
request.setAttribute(WebConstants.THEME_COOKIE_NAME, "theme");
WebContext.setCookie(response, null,
WebConstants.THEME_COOKIE_NAME, theme, ConstsTimeInterval.ONE_WEEK);
}
env.getOut().append(theme == null ? "default" : theme);
}
}

5
maxkey-identitys/maxkey-identity-rest/src/main/java/org/maxkey/identity/rest/RestUserInfoController.java
View File

@ -19,6 +19,7 @@ package org.maxkey.identity.rest;
import java.io.IOException; import java.io.IOException;
import org.maxkey.entity.ChangePassword;
import org.maxkey.entity.UserInfo; import org.maxkey.entity.UserInfo;
import org.maxkey.persistence.service.UserInfoService; import org.maxkey.persistence.service.UserInfoService;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
@ -75,9 +76,7 @@ public class RestUserInfoController {
UriComponentsBuilder builder) throws IOException { UriComponentsBuilder builder) throws IOException {
UserInfo loadUserInfo = userInfoService.findByUsername(username); UserInfo loadUserInfo = userInfoService.findByUsername(username);
if(loadUserInfo != null) { if(loadUserInfo != null) {
UserInfo changePassword = new UserInfo(); ChangePassword changePassword = new ChangePassword(loadUserInfo);
changePassword.setId(loadUserInfo.getId());
changePassword.setUsername(username);
changePassword.setPassword(password); changePassword.setPassword(password);
changePassword.setDecipherable(loadUserInfo.getDecipherable()); changePassword.setDecipherable(loadUserInfo.getDecipherable());
userInfoService.changePassword(changePassword,true); userInfoService.changePassword(changePassword,true);

3
maxkey-persistence/src/main/java/org/maxkey/persistence/mapper/UserInfoMapper.java
View File

@ -23,6 +23,7 @@ import org.apache.ibatis.annotations.Select;
import org.apache.ibatis.annotations.Update; import org.apache.ibatis.annotations.Update;
import org.apache.mybatis.jpa.persistence.IJpaBaseMapper; import org.apache.mybatis.jpa.persistence.IJpaBaseMapper;
import org.maxkey.constants.ConstsStatus; import org.maxkey.constants.ConstsStatus;
import org.maxkey.entity.ChangePassword;
import org.maxkey.entity.Organizations; import org.maxkey.entity.Organizations;
import org.maxkey.entity.UserInfo; import org.maxkey.entity.UserInfo;
import org.maxkey.entity.UserInfoAdjoint; import org.maxkey.entity.UserInfoAdjoint;
@ -53,7 +54,7 @@ public interface UserInfoMapper extends IJpaBaseMapper<UserInfo>{
public void updateBadPWDCount(UserInfo userInfo); public void updateBadPWDCount(UserInfo userInfo);
public int updatePassword(UserInfo userInfo); public int changePassword(ChangePassword changePassword);
public int updateAppLoginPassword(UserInfo userInfo); public int updateAppLoginPassword(UserInfo userInfo);

121
maxkey-persistence/src/main/java/org/maxkey/persistence/service/UserInfoService.java
View File

@ -77,7 +77,7 @@ public class UserInfoService extends JpaBaseService<UserInfo> {
} }
public boolean insert(UserInfo userInfo) { public boolean insert(UserInfo userInfo) {
userInfo = passwordEncoder(userInfo); this.passwordEncoder(userInfo);
if (super.insert(userInfo)) { if (super.insert(userInfo)) {
if(mqPersistService.getApplicationConfig().isMessageQueueSupport()) { if(mqPersistService.getApplicationConfig().isMessageQueueSupport()) {
UserInfo loadUserInfo = findUserRelated(userInfo.getId()); UserInfo loadUserInfo = findUserRelated(userInfo.getId());
@ -94,7 +94,7 @@ public class UserInfoService extends JpaBaseService<UserInfo> {
} }
public boolean update(UserInfo userInfo) { public boolean update(UserInfo userInfo) {
userInfo = passwordEncoder(userInfo); ChangePassword changePassword = this.passwordEncoder(userInfo);
if (super.update(userInfo)) { if (super.update(userInfo)) {
if(mqPersistService.getApplicationConfig().isMessageQueueSupport()) { if(mqPersistService.getApplicationConfig().isMessageQueueSupport()) {
UserInfo loadUserInfo = findUserRelated(userInfo.getId()); UserInfo loadUserInfo = findUserRelated(userInfo.getId());
@ -105,7 +105,7 @@ public class UserInfoService extends JpaBaseService<UserInfo> {
MqIdentityAction.UPDATE_ACTION); MqIdentityAction.UPDATE_ACTION);
} }
changePasswordProvisioning(userInfo); changePasswordProvisioning(changePassword);
return true; return true;
} }
return false; return false;
@ -151,11 +151,11 @@ public class UserInfoService extends JpaBaseService<UserInfo> {
return loadUserInfo; return loadUserInfo;
} }
public boolean updateGridList(String gridList) { public boolean updateGridList(String gridList,UserInfo userInfo) {
try { try {
if (gridList != null && !gridList.equals("")) { if (gridList != null && !gridList.equals("")) {
WebContext.getUserInfo().setGridList(Integer.parseInt(gridList)); userInfo.setGridList(Integer.parseInt(gridList));
getMapper().updateGridList(WebContext.getUserInfo()); getMapper().updateGridList(userInfo);
} }
}catch(Exception e) { }catch(Exception e) {
e.printStackTrace(); e.printStackTrace();
@ -180,9 +180,6 @@ public class UserInfoService extends JpaBaseService<UserInfo> {
public boolean updateProtectedApps(UserInfo userinfo) { public boolean updateProtectedApps(UserInfo userinfo) {
try { try {
if(WebContext.getUserInfo() != null) {
userinfo.setModifiedBy(WebContext.getUserInfo().getId());
}
userinfo.setModifiedDate(DateUtils.getCurrentDateTimeAsString()); userinfo.setModifiedDate(DateUtils.getCurrentDateTimeAsString());
return getMapper().updateProtectedApps(userinfo) > 0; return getMapper().updateProtectedApps(userinfo) > 0;
} catch (Exception e) { } catch (Exception e) {
@ -210,21 +207,32 @@ public class UserInfoService extends JpaBaseService<UserInfo> {
return null; return null;
} }
public UserInfo passwordEncoder(UserInfo userInfo) { public ChangePassword passwordEncoder(UserInfo userInfo) {
//密码不为空则需要进行加密处理 ChangePassword changePassword = null;
if(!StringUtils.isBlank(userInfo.getPassword())) { if(StringUtils.isNotBlank(userInfo.getPassword())) {
String password = passwordEncoder.encode(userInfo.getPassword()); changePassword = new ChangePassword(userInfo);
userInfo.setDecipherable(PasswordReciprocal.getInstance().encode(userInfo.getPassword())); passwordEncoder(changePassword);
_logger.debug("decipherable : "+userInfo.getDecipherable()); userInfo.setPassword(changePassword.getPassword());
userInfo.setPassword(password); userInfo.setDecipherable(changePassword.getDecipherable());
userInfo.setPasswordLastSetTime(DateUtils.getCurrentDateTimeAsString()); userInfo.setPasswordLastSetTime(changePassword.getPasswordLastSetTime());
userInfo.setModifiedDate(DateUtils.getCurrentDateTimeAsString());
}else {
userInfo.setPassword(null);
userInfo.setDecipherable(null);
} }
return userInfo; return changePassword;
}
public ChangePassword passwordEncoder(ChangePassword changePassword) {
//密码不为空则需要进行加密处理
if(StringUtils.isNotBlank(changePassword.getPassword())) {
String password = passwordEncoder.encode(changePassword.getPassword());
changePassword.setDecipherable(PasswordReciprocal.getInstance().encode(changePassword.getPassword()));
_logger.debug("decipherable : "+changePassword.getDecipherable());
changePassword.setPassword(password);
changePassword.setPasswordLastSetTime(DateUtils.getCurrentDateTimeAsString());
}else {
changePassword.setPassword(null);
changePassword.setDecipherable(null);
}
return changePassword;
} }
/** /**
@ -235,32 +243,20 @@ public class UserInfoService extends JpaBaseService<UserInfo> {
* @param passwordSetType * @param passwordSetType
* @return * @return
*/ */
public boolean changePassword( String oldPassword, public boolean changePassword( ChangePassword changePassword) {
String newPassword,
String confirmPassword,
int passwordSetType) {
try { try {
WebContext.setAttribute(PasswordPolicyValidator.PASSWORD_POLICY_VALIDATE_RESULT, ""); WebContext.setAttribute(PasswordPolicyValidator.PASSWORD_POLICY_VALIDATE_RESULT, "");
UserInfo userInfo = WebContext.getUserInfo(); UserInfo userInfo = this.findByUsername(changePassword.getUsername());
UserInfo changeUserInfo = new UserInfo(); if(changePassword.getPassword().equals(changePassword.getConfirmPassword())){
changeUserInfo.setUsername(userInfo.getUsername()); if(StringUtils.isNotBlank(changePassword.getOldPassword()) ||
changeUserInfo.setPassword(newPassword); passwordEncoder.matches(changePassword.getOldPassword(), userInfo.getPassword())){
changeUserInfo.setId(userInfo.getId()); if(changePassword(changePassword,true) ){
changeUserInfo.setDecipherable(userInfo.getDecipherable());
changeUserInfo.setPasswordSetType(passwordSetType);
if(newPassword.equals(confirmPassword)){
if(oldPassword==null ||
passwordEncoder.matches(oldPassword, userInfo.getPassword())){
if(changePassword(changeUserInfo,true) ){
userInfo.setPassword(changeUserInfo.getPassword());
userInfo.setDecipherable(changeUserInfo.getDecipherable());
return true; return true;
} }
return false; return false;
}else { }else {
if(oldPassword!=null && if(StringUtils.isNotBlank(changePassword.getOldPassword())&&
passwordEncoder.matches(newPassword, userInfo.getPassword())) { passwordEncoder.matches(changePassword.getPassword(), userInfo.getPassword())) {
WebContext.setAttribute(PasswordPolicyValidator.PASSWORD_POLICY_VALIDATE_RESULT, WebContext.setAttribute(PasswordPolicyValidator.PASSWORD_POLICY_VALIDATE_RESULT,
WebContext.getI18nValue("PasswordPolicy.OLD_PASSWORD_MATCH")); WebContext.getI18nValue("PasswordPolicy.OLD_PASSWORD_MATCH"));
}else { }else {
@ -285,23 +281,19 @@ public class UserInfoService extends JpaBaseService<UserInfo> {
* @param passwordPolicy * @param passwordPolicy
* @return * @return
*/ */
public boolean changePassword(UserInfo changeUserInfo,boolean passwordPolicy) { public boolean changePassword(ChangePassword changePassword,boolean passwordPolicy) {
try { try {
_logger.debug("decipherable old : " + changeUserInfo.getDecipherable()); _logger.debug("decipherable old : " + changePassword.getDecipherable());
_logger.debug("decipherable new : " + PasswordReciprocal.getInstance().encode(changeUserInfo.getPassword())); _logger.debug("decipherable new : " + PasswordReciprocal.getInstance().encode(changePassword.getDecipherable()));
if (passwordPolicy && passwordPolicyValidator.validator(changeUserInfo) == false) { if (passwordPolicy && passwordPolicyValidator.validator(changePassword) == false) {
return false; return false;
} }
if (WebContext.getUserInfo() != null) { changePassword = passwordEncoder(changePassword);
changeUserInfo.setModifiedBy(WebContext.getUserInfo().getId());
}
changeUserInfo = passwordEncoder(changeUserInfo); if (getMapper().changePassword(changePassword) > 0) {
changePasswordProvisioning(changePassword);
if (getMapper().updatePassword(changeUserInfo) > 0) {
changePasswordProvisioning(changeUserInfo);
return true; return true;
} }
return false; return false;
@ -317,20 +309,10 @@ public class UserInfoService extends JpaBaseService<UserInfo> {
return passwordPolicyValidator.generateRandomPassword(); return passwordPolicyValidator.generateRandomPassword();
} }
public void changePasswordProvisioning(UserInfo userInfo) { public void changePasswordProvisioning(ChangePassword changePassworded) {
if(StringUtils.isNotBlank(userInfo.getPassword())) { if(changePassworded !=null && StringUtils.isNotBlank(changePassworded.getPassword())) {
UserInfo loadUserInfo = findByUsername(userInfo.getUsername()); UserInfo loadUserInfo = findByUsername(changePassworded.getUsername());
ChangePassword changePassword=new ChangePassword(); ChangePassword changePassword = new ChangePassword(loadUserInfo);
changePassword.setId(loadUserInfo.getId());
changePassword.setUserId(loadUserInfo.getId());
changePassword.setUsername(loadUserInfo.getUsername());
changePassword.setWindowsAccount(loadUserInfo.getWindowsAccount());
changePassword.setMobile(loadUserInfo.getMobile());
changePassword.setEmail(loadUserInfo.getEmail());
changePassword.setEmployeeNumber(loadUserInfo.getEmployeeNumber());
changePassword.setDecipherable(loadUserInfo.getDecipherable());
changePassword.setPassword(loadUserInfo.getPassword());
changePassword.setInstId(loadUserInfo.getInstId());
mqPersistService.send( mqPersistService.send(
MqIdentityTopic.PASSWORD_TOPIC, MqIdentityTopic.PASSWORD_TOPIC,
changePassword, changePassword,
@ -340,9 +322,6 @@ public class UserInfoService extends JpaBaseService<UserInfo> {
public boolean updateAppLoginPassword(UserInfo userinfo) { public boolean updateAppLoginPassword(UserInfo userinfo) {
try { try {
if(WebContext.getUserInfo() != null) {
userinfo.setModifiedBy(WebContext.getUserInfo().getId());
}
userinfo.setModifiedDate(DateUtils.getCurrentDateTimeAsString()); userinfo.setModifiedDate(DateUtils.getCurrentDateTimeAsString());
return getMapper().updateAppLoginPassword(userinfo) > 0; return getMapper().updateAppLoginPassword(userinfo) > 0;
} catch (Exception e) { } catch (Exception e) {

4
maxkey-persistence/src/main/resources/org/maxkey/persistence/mapper/xml/mysql/UserInfoMapper.xml
View File

@ -84,7 +84,7 @@
id = #{id} id = #{id}
</update> </update>
<update id="updatePassword" parameterType="UserInfo" > <update id="changePassword" parameterType="ChangePassword" >
update mxk_userinfo set update mxk_userinfo set
<if test="password != null"> <if test="password != null">
password = #{password}, password = #{password},
@ -93,7 +93,7 @@
</if> </if>
passwordlastsettime = current_timestamp passwordlastsettime = current_timestamp
where where
id = #{id} id = #{userId}
</update> </update>
<update id="updateSharedSecret" parameterType="UserInfo" > <update id="updateSharedSecret" parameterType="UserInfo" >

5
maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java
View File

@ -73,8 +73,7 @@ public class AuthorizeBaseEndpoint {
return app; return app;
} }
protected Accounts getAccounts(Apps app){ protected Accounts getAccounts(Apps app,UserInfo userInfo){
UserInfo userInfo = WebContext.getUserInfo();
Apps loadApp = getApp(app.getId()); Apps loadApp = getApp(app.getId());
Accounts account = new Accounts(userInfo.getId(),loadApp.getId()); Accounts account = new Accounts(userInfo.getId(),loadApp.getId());
@ -97,7 +96,7 @@ public class AuthorizeBaseEndpoint {
); );
//decoder database stored encode password //decoder database stored encode password
account.setRelatedPassword( account.setRelatedPassword(
PasswordReciprocal.getInstance().decoder(WebContext.getUserInfo().getDecipherable())); PasswordReciprocal.getInstance().decoder(userInfo.getDecipherable()));
}else if(loadApp.getCredential()==Apps.CREDENTIALS.NONE){ }else if(loadApp.getCredential()==Apps.CREDENTIALS.NONE){
account.setUsername(userInfo.getUsername()); account.setUsername(userInfo.getUsername());
account.setRelatedPassword(userInfo.getUsername()); account.setRelatedPassword(userInfo.getUsername());

20
maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeCredentialEndpoint.java
View File

@ -21,6 +21,8 @@
package org.maxkey.authz.endpoint; package org.maxkey.authz.endpoint;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import org.maxkey.authn.annotation.CurrentUser;
import org.maxkey.crypto.password.PasswordReciprocal; import org.maxkey.crypto.password.PasswordReciprocal;
import org.maxkey.entity.Accounts; import org.maxkey.entity.Accounts;
import org.maxkey.entity.UserInfo; import org.maxkey.entity.UserInfo;
@ -41,12 +43,13 @@ public class AuthorizeCredentialEndpoint extends AuthorizeBaseEndpoint{
@RequestMapping("/authz/credential/forward") @RequestMapping("/authz/credential/forward")
public ModelAndView authorizeCredentialForward( public ModelAndView authorizeCredentialForward(
@RequestParam("appId") String appId, @RequestParam("appId") String appId,
@RequestParam("redirect_uri") String redirect_uri){ @RequestParam("redirect_uri") String redirect_uri,
@CurrentUser UserInfo currentUser){
ModelAndView modelAndView=new ModelAndView("authorize/init_sso_credential"); ModelAndView modelAndView=new ModelAndView("authorize/init_sso_credential");
modelAndView.addObject("username", ""); modelAndView.addObject("username", "");
modelAndView.addObject("password", ""); modelAndView.addObject("password", "");
modelAndView.addObject("setpassword", true); modelAndView.addObject("setpassword", true);
modelAndView.addObject("userId", WebContext.getUserInfo().getId()); modelAndView.addObject("userId", currentUser.getId());
modelAndView.addObject("appId", appId); modelAndView.addObject("appId", appId);
modelAndView.addObject("appName",getApp(appId).getName()); modelAndView.addObject("appName",getApp(appId).getName());
modelAndView.addObject("redirect_uri", redirect_uri); modelAndView.addObject("redirect_uri", redirect_uri);
@ -60,16 +63,17 @@ public class AuthorizeCredentialEndpoint extends AuthorizeBaseEndpoint{
@RequestParam("appId") String appId, @RequestParam("appId") String appId,
@RequestParam("identity_username") String identity_username, @RequestParam("identity_username") String identity_username,
@RequestParam("identity_password") String identity_password, @RequestParam("identity_password") String identity_password,
@RequestParam("redirect_uri") String redirect_uri){ @RequestParam("redirect_uri") String redirect_uri,
@CurrentUser UserInfo currentUser){
if(StringUtils.isNotEmpty(identity_username)&&StringUtils.isNotEmpty(identity_password)){ if(StringUtils.isNotEmpty(identity_username)&&StringUtils.isNotEmpty(identity_password)){
Accounts appUser =new Accounts (); Accounts appUser =new Accounts ();
UserInfo userInfo=WebContext.getUserInfo();
appUser.setId(appUser.generateId()); appUser.setId(appUser.generateId());
appUser.setUserId(userInfo.getId()); appUser.setUserId(currentUser.getId());
appUser.setUsername(userInfo.getUsername()); appUser.setUsername(currentUser.getUsername());
appUser.setDisplayName(userInfo.getDisplayName()); appUser.setDisplayName(currentUser.getDisplayName());
appUser.setAppId(appId); appUser.setAppId(appId);
appUser.setAppName(getApp(appId).getName()); appUser.setAppName(getApp(appId).getName());
@ -77,7 +81,7 @@ public class AuthorizeCredentialEndpoint extends AuthorizeBaseEndpoint{
appUser.setRelatedUsername(identity_username); appUser.setRelatedUsername(identity_username);
appUser.setRelatedPassword(PasswordReciprocal.getInstance().encode(identity_password)); appUser.setRelatedPassword(PasswordReciprocal.getInstance().encode(identity_password));
appUser.setInstId(WebContext.getUserInfo().getInstId()); appUser.setInstId(currentUser.getInstId());
if(accountsService.insert(appUser)){ if(accountsService.insert(appUser)){

8
maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeProtectedEndpoint.java
View File

@ -21,6 +21,8 @@
package org.maxkey.authz.endpoint; package org.maxkey.authz.endpoint;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import org.maxkey.authn.annotation.CurrentUser;
import org.maxkey.crypto.password.PasswordReciprocal; import org.maxkey.crypto.password.PasswordReciprocal;
import org.maxkey.entity.UserInfo; import org.maxkey.entity.UserInfo;
import org.maxkey.web.WebConstants; import org.maxkey.web.WebConstants;
@ -49,9 +51,9 @@ public class AuthorizeProtectedEndpoint{
@RequestMapping("/authz/protected") @RequestMapping("/authz/protected")
public ModelAndView authorizeProtected( public ModelAndView authorizeProtected(
@RequestParam("password") String password, @RequestParam("password") String password,
@RequestParam("redirect_uri") String redirect_uri){ @RequestParam("redirect_uri") String redirect_uri,
UserInfo userInfo=WebContext.getUserInfo(); @CurrentUser UserInfo currentUser){
if( userInfo.getAppLoginPassword().equals(PasswordReciprocal.getInstance().encode(password))){ if( currentUser.getAppLoginPassword().equals(PasswordReciprocal.getInstance().encode(password))){
WebContext.setAttribute(WebConstants.CURRENT_SINGLESIGNON_URI, redirect_uri); WebContext.setAttribute(WebConstants.CURRENT_SINGLESIGNON_URI, redirect_uri);
return WebContext.redirect(redirect_uri); return WebContext.redirect(redirect_uri);
} }

6
maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java
View File

@ -26,8 +26,8 @@ import java.util.Map;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.maxkey.authn.SigninPrincipal;
import org.maxkey.authn.online.OnlineTicket; import org.maxkey.authn.online.OnlineTicket;
import org.maxkey.authn.web.AuthorizationUtils;
import org.maxkey.authz.cas.endpoint.ticket.CasConstants; import org.maxkey.authz.cas.endpoint.ticket.CasConstants;
import org.maxkey.authz.cas.endpoint.ticket.ServiceTicketImpl; import org.maxkey.authz.cas.endpoint.ticket.ServiceTicketImpl;
import org.maxkey.authz.singlelogout.LogoutType; import org.maxkey.authz.singlelogout.LogoutType;
@ -117,7 +117,7 @@ public class CasAuthorizeEndpoint extends CasBaseAuthorizeEndpoint{
HttpServletRequest request, HttpServletRequest request,
HttpServletResponse response){ HttpServletResponse response){
AppsCasDetails casDetails = (AppsCasDetails)WebContext.getAttribute(CasConstants.PARAMETER.ENDPOINT_CAS_DETAILS); AppsCasDetails casDetails = (AppsCasDetails)WebContext.getAttribute(CasConstants.PARAMETER.ENDPOINT_CAS_DETAILS);
ServiceTicketImpl serviceTicket = new ServiceTicketImpl(WebContext.getAuthentication(),casDetails); ServiceTicketImpl serviceTicket = new ServiceTicketImpl(AuthorizationUtils.getAuthentication(),casDetails);
String ticket = ticketServices.createTicket(serviceTicket,casDetails.getExpires()); String ticket = ticketServices.createTicket(serviceTicket,casDetails.getExpires());
@ -149,7 +149,7 @@ public class CasAuthorizeEndpoint extends CasBaseAuthorizeEndpoint{
} }
if(casDetails.getLogoutType()==LogoutType.BACK_CHANNEL) { if(casDetails.getLogoutType()==LogoutType.BACK_CHANNEL) {
String onlineTicketId = ((SigninPrincipal)WebContext.getAuthentication().getPrincipal()).getOnlineTicket().getTicketId(); String onlineTicketId = AuthorizationUtils.getPrincipal().getOnlineTicket().getTicketId();
OnlineTicket onlineTicket = onlineTicketService.get(onlineTicketId); OnlineTicket onlineTicket = onlineTicketService.get(onlineTicketId);
//set cas ticket as OnlineTicketId //set cas ticket as OnlineTicketId
casDetails.setOnlineTicket(ticket); casDetails.setOnlineTicket(ticket);

8
maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasRestV1Endpoint.java
View File

@ -25,6 +25,7 @@ import javax.servlet.http.HttpServletResponse;
import org.maxkey.authn.AbstractAuthenticationProvider; import org.maxkey.authn.AbstractAuthenticationProvider;
import org.maxkey.authn.LoginCredential; import org.maxkey.authn.LoginCredential;
import org.maxkey.authn.web.AuthorizationUtils;
import org.maxkey.authz.cas.endpoint.response.ServiceResponseBuilder; import org.maxkey.authz.cas.endpoint.response.ServiceResponseBuilder;
import org.maxkey.authz.cas.endpoint.ticket.CasConstants; import org.maxkey.authz.cas.endpoint.ticket.CasConstants;
import org.maxkey.authz.cas.endpoint.ticket.ServiceTicketImpl; import org.maxkey.authz.cas.endpoint.ticket.ServiceTicketImpl;
@ -33,7 +34,6 @@ import org.maxkey.entity.UserInfo;
import org.maxkey.entity.apps.AppsCasDetails; import org.maxkey.entity.apps.AppsCasDetails;
import org.maxkey.util.StringUtils; import org.maxkey.util.StringUtils;
import org.maxkey.web.HttpResponseConstants; import org.maxkey.web.HttpResponseConstants;
import org.maxkey.web.WebContext;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
@ -85,7 +85,7 @@ public class CasRestV1Endpoint extends CasBaseAuthorizeEndpoint{
authenticationProvider.authentication(loginCredential,false); authenticationProvider.authentication(loginCredential,false);
TicketGrantingTicketImpl ticketGrantingTicket=new TicketGrantingTicketImpl("Random",WebContext.getAuthentication(),null); TicketGrantingTicketImpl ticketGrantingTicket=new TicketGrantingTicketImpl("Random",AuthorizationUtils.getAuthentication(),null);
String ticket=casTicketGrantingTicketServices.createTicket(ticketGrantingTicket); String ticket=casTicketGrantingTicketServices.createTicket(ticketGrantingTicket);
String location = applicationConfig.getServerPrefix()+CasConstants.ENDPOINT.ENDPOINT_REST_TICKET_V1 +"/" + ticket; String location = applicationConfig.getServerPrefix()+CasConstants.ENDPOINT.ENDPOINT_REST_TICKET_V1 +"/" + ticket;
@ -188,8 +188,8 @@ public class CasRestV1Endpoint extends CasBaseAuthorizeEndpoint{
LoginCredential loginCredential =new LoginCredential(username,password,"CASREST"); LoginCredential loginCredential =new LoginCredential(username,password,"CASREST");
authenticationProvider.authentication(loginCredential,false); authenticationProvider.authentication(loginCredential,false);
UserInfo userInfo =WebContext.getUserInfo(); UserInfo userInfo = AuthorizationUtils.getUserInfo();
TicketGrantingTicketImpl ticketGrantingTicket=new TicketGrantingTicketImpl("Random",WebContext.getAuthentication(),null); TicketGrantingTicketImpl ticketGrantingTicket=new TicketGrantingTicketImpl("Random",AuthorizationUtils.getAuthentication(),null);
String ticket=casTicketGrantingTicketServices.createTicket(ticketGrantingTicket); String ticket=casTicketGrantingTicketServices.createTicket(ticketGrantingTicket);
String location = applicationConfig.getServerPrefix() + CasConstants.ENDPOINT.ENDPOINT_REST_TICKET_V1 + ticket; String location = applicationConfig.getServerPrefix() + CasConstants.ENDPOINT.ENDPOINT_REST_TICKET_V1 + ticket;

16
maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/ExtendApiAuthorizeEndpoint.java
View File

@ -22,14 +22,15 @@ package org.maxkey.authz.exapi.endpoint;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import org.maxkey.authn.SigninPrincipal; import org.maxkey.authn.annotation.CurrentUser;
import org.maxkey.authn.web.AuthorizationUtils;
import org.maxkey.authz.endpoint.AuthorizeBaseEndpoint; import org.maxkey.authz.endpoint.AuthorizeBaseEndpoint;
import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter; import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
import org.maxkey.constants.ConstsBoolean; import org.maxkey.constants.ConstsBoolean;
import org.maxkey.entity.Accounts; import org.maxkey.entity.Accounts;
import org.maxkey.entity.UserInfo;
import org.maxkey.entity.apps.Apps; import org.maxkey.entity.apps.Apps;
import org.maxkey.util.Instance; import org.maxkey.util.Instance;
import org.maxkey.web.WebContext;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Controller; import org.springframework.stereotype.Controller;
@ -51,20 +52,23 @@ public class ExtendApiAuthorizeEndpoint extends AuthorizeBaseEndpoint{
@Operation(summary = "ExtendApi认证地址接口", description = "参数应用ID",method="GET") @Operation(summary = "ExtendApi认证地址接口", description = "参数应用ID",method="GET")
@RequestMapping("/authz/api/{id}") @RequestMapping("/authz/api/{id}")
public ModelAndView authorize(HttpServletRequest request,@PathVariable("id") String id){ public ModelAndView authorize(
HttpServletRequest request,
@PathVariable("id") String id,
@CurrentUser UserInfo currentUser){
ModelAndView modelAndView=new ModelAndView("authorize/redirect_sso_submit"); ModelAndView modelAndView=new ModelAndView("authorize/redirect_sso_submit");
Apps apps = getApp(id); Apps apps = getApp(id);
_logger.debug(""+apps); _logger.debug(""+apps);
if(ConstsBoolean.isTrue(apps.getIsAdapter())){ if(ConstsBoolean.isTrue(apps.getIsAdapter())){
AbstractAuthorizeAdapter adapter = (AbstractAuthorizeAdapter)Instance.newInstance(apps.getAdapter()); AbstractAuthorizeAdapter adapter = (AbstractAuthorizeAdapter)Instance.newInstance(apps.getAdapter());
Accounts account = getAccounts(apps); Accounts account = getAccounts(apps,currentUser);
if(apps.getCredential()==Apps.CREDENTIALS.USER_DEFINED && account == null) { if(apps.getCredential()==Apps.CREDENTIALS.USER_DEFINED && account == null) {
return generateInitCredentialModelAndView(id,"/authorize/api/"+id); return generateInitCredentialModelAndView(id,"/authorize/api/"+id);
} }
adapter.setAuthentication((SigninPrincipal)WebContext.getAuthentication().getPrincipal()); adapter.setAuthentication(AuthorizationUtils.getPrincipal());
adapter.setUserInfo(WebContext.getUserInfo()); adapter.setUserInfo(currentUser);
adapter.setApp(apps); adapter.setApp(apps);
adapter.setAccount(account); adapter.setAccount(account);

14
maxkey-protocols/maxkey-protocol-formbased/src/main/java/org/maxkey/authz/formbased/endpoint/FormBasedAuthorizeEndpoint.java
View File

@ -22,17 +22,18 @@ package org.maxkey.authz.formbased.endpoint;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import org.maxkey.authn.SigninPrincipal; import org.maxkey.authn.annotation.CurrentUser;
import org.maxkey.authn.web.AuthorizationUtils;
import org.maxkey.authz.endpoint.AuthorizeBaseEndpoint; import org.maxkey.authz.endpoint.AuthorizeBaseEndpoint;
import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter; import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
import org.maxkey.authz.formbased.endpoint.adapter.FormBasedDefaultAdapter; import org.maxkey.authz.formbased.endpoint.adapter.FormBasedDefaultAdapter;
import org.maxkey.constants.ConstsBoolean; import org.maxkey.constants.ConstsBoolean;
import org.maxkey.entity.Accounts; import org.maxkey.entity.Accounts;
import org.maxkey.entity.UserInfo;
import org.maxkey.entity.apps.Apps; import org.maxkey.entity.apps.Apps;
import org.maxkey.entity.apps.AppsFormBasedDetails; import org.maxkey.entity.apps.AppsFormBasedDetails;
import org.maxkey.persistence.service.AppsFormBasedDetailsService; import org.maxkey.persistence.service.AppsFormBasedDetailsService;
import org.maxkey.util.Instance; import org.maxkey.util.Instance;
import org.maxkey.web.WebContext;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
@ -62,7 +63,8 @@ public class FormBasedAuthorizeEndpoint extends AuthorizeBaseEndpoint{
@RequestMapping("/authz/formbased/{id}") @RequestMapping("/authz/formbased/{id}")
public ModelAndView authorize( public ModelAndView authorize(
HttpServletRequest request, HttpServletRequest request,
@PathVariable("id") String id){ @PathVariable("id") String id,
@CurrentUser UserInfo currentUser){
AppsFormBasedDetails formBasedDetails = formBasedDetailsService.getAppDetails(id , true); AppsFormBasedDetails formBasedDetails = formBasedDetailsService.getAppDetails(id , true);
_logger.debug("formBasedDetails {}",formBasedDetails); _logger.debug("formBasedDetails {}",formBasedDetails);
@ -71,7 +73,7 @@ public class FormBasedAuthorizeEndpoint extends AuthorizeBaseEndpoint{
formBasedDetails.setIsAdapter(application.getIsAdapter()); formBasedDetails.setIsAdapter(application.getIsAdapter());
ModelAndView modelAndView=null; ModelAndView modelAndView=null;
Accounts account = getAccounts(formBasedDetails); Accounts account = getAccounts(formBasedDetails,currentUser);
_logger.debug("Accounts {}",account); _logger.debug("Accounts {}",account);
if(account == null){ if(account == null){
@ -88,8 +90,8 @@ public class FormBasedAuthorizeEndpoint extends AuthorizeBaseEndpoint{
FormBasedDefaultAdapter formBasedDefaultAdapter =new FormBasedDefaultAdapter(); FormBasedDefaultAdapter formBasedDefaultAdapter =new FormBasedDefaultAdapter();
adapter =(AbstractAuthorizeAdapter)formBasedDefaultAdapter; adapter =(AbstractAuthorizeAdapter)formBasedDefaultAdapter;
} }
adapter.setAuthentication((SigninPrincipal)WebContext.getAuthentication().getPrincipal()); adapter.setAuthentication(AuthorizationUtils.getPrincipal());
adapter.setUserInfo(WebContext.getUserInfo()); adapter.setUserInfo(currentUser);
adapter.setApp(formBasedDetails); adapter.setApp(formBasedDetails);
adapter.setAccount(account); adapter.setAccount(account);

11
maxkey-protocols/maxkey-protocol-jwt/src/main/java/org/maxkey/authz/token/endpoint/JwtAuthorizeEndpoint.java
View File

@ -27,7 +27,8 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.commons.beanutils.BeanUtils; import org.apache.commons.beanutils.BeanUtils;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.maxkey.authn.SigninPrincipal; import org.maxkey.authn.annotation.CurrentUser;
import org.maxkey.authn.web.AuthorizationUtils;
import org.maxkey.authz.endpoint.AuthorizeBaseEndpoint; import org.maxkey.authz.endpoint.AuthorizeBaseEndpoint;
import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter; import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
import org.maxkey.authz.jwt.endpoint.adapter.JwtAdapter; import org.maxkey.authz.jwt.endpoint.adapter.JwtAdapter;
@ -35,6 +36,7 @@ import org.maxkey.configuration.ApplicationConfig;
import org.maxkey.constants.ConstsBoolean; import org.maxkey.constants.ConstsBoolean;
import org.maxkey.constants.ContentType; import org.maxkey.constants.ContentType;
import org.maxkey.crypto.jose.keystore.JWKSetKeyStore; import org.maxkey.crypto.jose.keystore.JWKSetKeyStore;
import org.maxkey.entity.UserInfo;
import org.maxkey.entity.apps.Apps; import org.maxkey.entity.apps.Apps;
import org.maxkey.entity.apps.AppsJwtDetails; import org.maxkey.entity.apps.AppsJwtDetails;
import org.maxkey.persistence.service.AppsJwtDetailsService; import org.maxkey.persistence.service.AppsJwtDetailsService;
@ -76,7 +78,8 @@ public class JwtAuthorizeEndpoint extends AuthorizeBaseEndpoint{
public ModelAndView authorize( public ModelAndView authorize(
HttpServletRequest request, HttpServletRequest request,
HttpServletResponse response, HttpServletResponse response,
@PathVariable("id") String id){ @PathVariable("id") String id,
@CurrentUser UserInfo currentUser){
ModelAndView modelAndView=new ModelAndView(); ModelAndView modelAndView=new ModelAndView();
Apps application = getApp(id); Apps application = getApp(id);
AppsJwtDetails jwtDetails = jwtDetailsService.getAppDetails(id , true); AppsJwtDetails jwtDetails = jwtDetailsService.getAppDetails(id , true);
@ -98,8 +101,8 @@ public class JwtAuthorizeEndpoint extends AuthorizeBaseEndpoint{
adapter = (AbstractAuthorizeAdapter)jwtAdapter; adapter = (AbstractAuthorizeAdapter)jwtAdapter;
} }
adapter.setAuthentication((SigninPrincipal)WebContext.getAuthentication().getPrincipal()); adapter.setAuthentication(AuthorizationUtils.getPrincipal());
adapter.setUserInfo(WebContext.getUserInfo()); adapter.setUserInfo(currentUser);
adapter.generateInfo(); adapter.generateInfo();
//sign //sign

5
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/endpoint/OAuth20AccessConfirmationEndpoint.java
View File

@ -19,7 +19,7 @@ package org.maxkey.authz.oauth2.provider.approval.endpoint;
import java.util.LinkedHashMap; import java.util.LinkedHashMap;
import java.util.Map; import java.util.Map;
import org.maxkey.authn.SigninPrincipal; import org.maxkey.authn.web.AuthorizationUtils;
import org.maxkey.authz.oauth2.common.OAuth2Constants; import org.maxkey.authz.oauth2.common.OAuth2Constants;
import org.maxkey.authz.oauth2.provider.AuthorizationRequest; import org.maxkey.authz.oauth2.provider.AuthorizationRequest;
import org.maxkey.authz.oauth2.provider.ClientDetailsService; import org.maxkey.authz.oauth2.provider.ClientDetailsService;
@ -95,8 +95,7 @@ public class OAuth20AccessConfirmationEndpoint {
for (String scope : clientAuth.getScope()) { for (String scope : clientAuth.getScope()) {
scopes.put(OAuth2Constants.PARAMETER.SCOPE_PREFIX + scope, "false"); scopes.put(OAuth2Constants.PARAMETER.SCOPE_PREFIX + scope, "false");
} }
String principal = String principal = AuthorizationUtils.getPrincipal().getUsername();
((SigninPrincipal) WebContext.getAuthentication().getPrincipal()).getUsername();
for (Approval approval : approvalStore.getApprovals(principal, client.getClientId())) { for (Approval approval : approvalStore.getApprovals(principal, client.getClientId())) {
if (clientAuth.getScope().contains(approval.getScope())) { if (clientAuth.getScope().contains(approval.getScope())) {
scopes.put(OAuth2Constants.PARAMETER.SCOPE_PREFIX + approval.getScope(), scopes.put(OAuth2Constants.PARAMETER.SCOPE_PREFIX + approval.getScope(),

6
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AuthorizationEndpoint.java
View File

@ -22,6 +22,8 @@ import java.util.Map;
import java.util.Set; import java.util.Set;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.maxkey.authn.web.AuthorizationUtils;
import org.maxkey.authz.oauth2.common.OAuth2AccessToken; import org.maxkey.authz.oauth2.common.OAuth2AccessToken;
import org.maxkey.authz.oauth2.common.OAuth2Constants; import org.maxkey.authz.oauth2.common.OAuth2Constants;
import org.maxkey.authz.oauth2.common.exceptions.InvalidClientException; import org.maxkey.authz.oauth2.common.exceptions.InvalidClientException;
@ -150,7 +152,7 @@ public class AuthorizationEndpoint extends AbstractEndpoint {
@RequestParam Map<String, String> parameters, @RequestParam Map<String, String> parameters,
SessionStatus sessionStatus) { SessionStatus sessionStatus) {
Principal principal=(Principal)WebContext.getAuthentication(); Principal principal=(Principal)AuthorizationUtils.getAuthentication();
// Pull out the authorization request first, using the OAuth2RequestFactory. All further logic should // Pull out the authorization request first, using the OAuth2RequestFactory. All further logic should
// query off of the authorization request instead of referring back to the parameters map. The contents of the // query off of the authorization request instead of referring back to the parameters map. The contents of the
// parameters map will be stored without change in the AuthorizationRequest object once it is created. // parameters map will be stored without change in the AuthorizationRequest object once it is created.
@ -241,7 +243,7 @@ public class AuthorizationEndpoint extends AbstractEndpoint {
Map<String, ?> model, Map<String, ?> model,
SessionStatus sessionStatus) { SessionStatus sessionStatus) {
Principal principal=(Principal)WebContext.getAuthentication(); Principal principal=(Principal)AuthorizationUtils.getAuthentication();
if (!(principal instanceof Authentication)) { if (!(principal instanceof Authentication)) {
sessionStatus.setComplete(); sessionStatus.setComplete();
throw new InsufficientAuthenticationException( throw new InsufficientAuthenticationException(

4
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpoint.java
View File

@ -23,6 +23,7 @@ import java.util.Map;
import java.util.Set; import java.util.Set;
import org.maxkey.authn.SigninPrincipal; import org.maxkey.authn.SigninPrincipal;
import org.maxkey.authn.web.AuthorizationUtils;
import org.maxkey.authz.oauth2.common.DefaultOAuth2AccessToken; import org.maxkey.authz.oauth2.common.DefaultOAuth2AccessToken;
import org.maxkey.authz.oauth2.common.OAuth2AccessToken; import org.maxkey.authz.oauth2.common.OAuth2AccessToken;
import org.maxkey.authz.oauth2.common.OAuth2Constants; import org.maxkey.authz.oauth2.common.OAuth2Constants;
@ -38,7 +39,6 @@ import org.maxkey.authz.oauth2.provider.TokenRequest;
import org.maxkey.authz.oauth2.provider.request.DefaultOAuth2RequestValidator; import org.maxkey.authz.oauth2.provider.request.DefaultOAuth2RequestValidator;
import org.maxkey.entity.apps.oauth2.provider.ClientDetails; import org.maxkey.entity.apps.oauth2.provider.ClientDetails;
import org.maxkey.util.StringGenerator; import org.maxkey.util.StringGenerator;
import org.maxkey.web.WebContext;
import org.springframework.http.HttpHeaders; import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpMethod; import org.springframework.http.HttpMethod;
import org.springframework.http.HttpStatus; import org.springframework.http.HttpStatus;
@ -114,7 +114,7 @@ public class TokenEndpoint extends AbstractEndpoint {
// TokenEndpointAuthenticationFilter // TokenEndpointAuthenticationFilter
OAuth2AccessToken token = null; OAuth2AccessToken token = null;
try { try {
Object principal = WebContext.getAuthentication(); Object principal = AuthorizationUtils.getAuthentication();
if (!(principal instanceof Authentication)) { if (!(principal instanceof Authentication)) {
throw new InsufficientAuthenticationException( throw new InsufficientAuthenticationException(

5
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpointAuthenticationFilter.java
View File

@ -32,6 +32,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.maxkey.authn.SigninPrincipal; import org.maxkey.authn.SigninPrincipal;
import org.maxkey.authn.web.AuthorizationUtils;
import org.maxkey.authz.oauth2.common.OAuth2Constants; import org.maxkey.authz.oauth2.common.OAuth2Constants;
import org.maxkey.authz.oauth2.common.util.OAuth2Utils; import org.maxkey.authz.oauth2.common.util.OAuth2Utils;
import org.maxkey.authz.oauth2.provider.AuthorizationRequest; import org.maxkey.authz.oauth2.provider.AuthorizationRequest;
@ -154,7 +155,7 @@ public class TokenEndpointAuthenticationFilter implements Filter {
} }
auth.setAuthenticated(true); auth.setAuthenticated(true);
UsernamePasswordAuthenticationToken simpleUserAuthentication = new UsernamePasswordAuthenticationToken(auth, authentication.getCredentials(), authentication.getAuthorities()); UsernamePasswordAuthenticationToken simpleUserAuthentication = new UsernamePasswordAuthenticationToken(auth, authentication.getCredentials(), authentication.getAuthorities());
WebContext.setAuthentication(simpleUserAuthentication); AuthorizationUtils.setAuthentication(simpleUserAuthentication);
} }
} }
@ -208,7 +209,7 @@ public class TokenEndpointAuthenticationFilter implements Filter {
OAuth2Request storedOAuth2Request = oAuth2RequestFactory.createOAuth2Request(authorizationRequest); OAuth2Request storedOAuth2Request = oAuth2RequestFactory.createOAuth2Request(authorizationRequest);
WebContext.setAuthentication(new OAuth2Authentication(storedOAuth2Request, authResult)); AuthorizationUtils.setAuthentication(new OAuth2Authentication(storedOAuth2Request, authResult));
onSuccessfulAuthentication(request, response, authResult); onSuccessfulAuthentication(request, response, authResult);

4
maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oidc/idtoken/OIDCIdTokenEnhancer.java
View File

@ -30,6 +30,7 @@ import java.util.UUID;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.joda.time.DateTime; import org.joda.time.DateTime;
import org.joda.time.format.DateTimeFormat; import org.joda.time.format.DateTimeFormat;
import org.maxkey.authn.web.AuthorizationUtils;
import org.maxkey.authz.oauth2.common.DefaultOAuth2AccessToken; import org.maxkey.authz.oauth2.common.DefaultOAuth2AccessToken;
import org.maxkey.authz.oauth2.common.OAuth2AccessToken; import org.maxkey.authz.oauth2.common.OAuth2AccessToken;
import org.maxkey.authz.oauth2.provider.ClientDetailsService; import org.maxkey.authz.oauth2.provider.ClientDetailsService;
@ -40,7 +41,6 @@ import org.maxkey.configuration.oidc.OIDCProviderMetadata;
import org.maxkey.crypto.jwt.encryption.service.impl.DefaultJwtEncryptionAndDecryptionService; import org.maxkey.crypto.jwt.encryption.service.impl.DefaultJwtEncryptionAndDecryptionService;
import org.maxkey.crypto.jwt.signer.service.impl.DefaultJwtSigningAndValidationService; import org.maxkey.crypto.jwt.signer.service.impl.DefaultJwtSigningAndValidationService;
import org.maxkey.entity.apps.oauth2.provider.ClientDetails; import org.maxkey.entity.apps.oauth2.provider.ClientDetails;
import org.maxkey.web.WebContext;
import com.nimbusds.jose.util.Base64URL; import com.nimbusds.jose.util.Base64URL;
import org.slf4j.Logger; import org.slf4j.Logger;
@ -125,7 +125,7 @@ public class OIDCIdTokenEnhancer implements TokenEnhancer {
if (request.getExtensions().containsKey("max_age") if (request.getExtensions().containsKey("max_age")
|| (request.getExtensions().containsKey("idtoken")) // parse the ID Token claims (#473) -- for now assume it could be in there || (request.getExtensions().containsKey("idtoken")) // parse the ID Token claims (#473) -- for now assume it could be in there
) { ) {
DateTime loginDate = DateTime.parse(WebContext.getUserInfo().getLastLoginTime(), DateTimeFormat.forPattern("yyyy-MM-dd HH:mm:ss")); DateTime loginDate = DateTime.parse(AuthorizationUtils.getUserInfo().getLastLoginTime(), DateTimeFormat.forPattern("yyyy-MM-dd HH:mm:ss"));
builder.claim("auth_time", loginDate.getMillis()/1000); builder.claim("auth_time", loginDate.getMillis()/1000);
} }

15
maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/AssertionEndpoint.java
View File

@ -22,14 +22,15 @@ import java.util.HashMap;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.maxkey.authn.SigninPrincipal; import org.maxkey.authn.annotation.CurrentUser;
import org.maxkey.authn.web.AuthorizationUtils;
import org.maxkey.authz.saml.common.AuthnRequestInfo; import org.maxkey.authz.saml.common.AuthnRequestInfo;
import org.maxkey.authz.saml.common.EndpointGenerator; import org.maxkey.authz.saml.common.EndpointGenerator;
import org.maxkey.authz.saml20.binding.BindingAdapter; import org.maxkey.authz.saml20.binding.BindingAdapter;
import org.maxkey.authz.saml20.provider.xml.AuthnResponseGenerator; import org.maxkey.authz.saml20.provider.xml.AuthnResponseGenerator;
import org.maxkey.entity.UserInfo;
import org.maxkey.entity.apps.AppsSAML20Details; import org.maxkey.entity.apps.AppsSAML20Details;
import org.maxkey.web.WebConstants; import org.maxkey.web.WebConstants;
import org.maxkey.web.WebContext;
import org.opensaml.saml2.core.Response; import org.opensaml.saml2.core.Response;
import org.opensaml.saml2.metadata.Endpoint; import org.opensaml.saml2.metadata.Endpoint;
import org.opensaml.ws.message.encoder.MessageEncodingException; import org.opensaml.ws.message.encoder.MessageEncodingException;
@ -57,7 +58,10 @@ public class AssertionEndpoint {
AuthnResponseGenerator authnResponseGenerator; AuthnResponseGenerator authnResponseGenerator;
@RequestMapping(value = "/authz/saml20/assertion") @RequestMapping(value = "/authz/saml20/assertion")
public ModelAndView assertion(HttpServletRequest request,HttpServletResponse response) throws Exception { public ModelAndView assertion(
HttpServletRequest request,
HttpServletResponse response,
@CurrentUser UserInfo currentUser) throws Exception {
logger.debug("saml20 assertion start."); logger.debug("saml20 assertion start.");
bindingAdapter = (BindingAdapter) request.getSession().getAttribute( bindingAdapter = (BindingAdapter) request.getSession().getAttribute(
WebConstants.AUTHORIZE_SIGN_ON_APP_SAMLV20_ADAPTER); WebConstants.AUTHORIZE_SIGN_ON_APP_SAMLV20_ADAPTER);
@ -74,14 +78,15 @@ public class AssertionEndpoint {
logger.debug("AuthnRequestInfo: {}", authnRequestInfo); logger.debug("AuthnRequestInfo: {}", authnRequestInfo);
HashMap <String,String>attributeMap=new HashMap<String,String>(); HashMap <String,String>attributeMap=new HashMap<String,String>();
attributeMap.put(WebConstants.ONLINE_TICKET_NAME, attributeMap.put(WebConstants.ONLINE_TICKET_NAME,
((SigninPrincipal)WebContext.getAuthentication().getPrincipal()).getOnlineTicket().getTicketId()); AuthorizationUtils.getPrincipal().getOnlineTicket().getTicketId());
//saml20Details //saml20Details
Response authResponse = authnResponseGenerator.generateAuthnResponse( Response authResponse = authnResponseGenerator.generateAuthnResponse(
saml20Details, saml20Details,
authnRequestInfo, authnRequestInfo,
attributeMap, attributeMap,
bindingAdapter); bindingAdapter,
currentUser);
Endpoint endpoint = endpointGenerator.generateEndpoint(saml20Details.getSpAcsUrl()); Endpoint endpoint = endpointGenerator.generateEndpoint(saml20Details.getSpAcsUrl());

18
maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/xml/AssertionGenerator.java
View File

@ -21,10 +21,12 @@ import java.util.ArrayList;
import java.util.HashMap; import java.util.HashMap;
import org.joda.time.DateTime; import org.joda.time.DateTime;
import org.maxkey.authn.web.AuthorizationUtils;
import org.maxkey.authz.saml.service.IDService; import org.maxkey.authz.saml.service.IDService;
import org.maxkey.authz.saml.service.TimeService; import org.maxkey.authz.saml.service.TimeService;
import org.maxkey.authz.saml20.binding.BindingAdapter; import org.maxkey.authz.saml20.binding.BindingAdapter;
import org.maxkey.authz.saml20.xml.IssuerGenerator; import org.maxkey.authz.saml20.xml.IssuerGenerator;
import org.maxkey.entity.UserInfo;
import org.maxkey.entity.apps.AppsSAML20Details; import org.maxkey.entity.apps.AppsSAML20Details;
import org.maxkey.web.WebContext; import org.maxkey.web.WebContext;
import org.opensaml.Configuration; import org.opensaml.Configuration;
@ -79,7 +81,8 @@ public class AssertionGenerator {
String inResponseTo, String inResponseTo,
String audienceUrl, String audienceUrl,
int validInSeconds, int validInSeconds,
HashMap<String,String>attributeMap HashMap<String,String>attributeMap,
UserInfo userInfo
) { ) {
Assertion assertion = new AssertionBuilder().buildObject();; Assertion assertion = new AssertionBuilder().buildObject();;
@ -88,7 +91,8 @@ public class AssertionGenerator {
saml20Details, saml20Details,
assertionConsumerURL, assertionConsumerURL,
inResponseTo, inResponseTo,
validInSeconds); validInSeconds,
userInfo);
assertion.setSubject(subject); assertion.setSubject(subject);
//issuer //issuer
Issuer issuer = issuerGenerator.generateIssuer(); Issuer issuer = issuerGenerator.generateIssuer();
@ -100,11 +104,15 @@ public class AssertionGenerator {
//AttributeStatements //AttributeStatements
ArrayList<GrantedAuthority> grantedAuthoritys = new ArrayList<GrantedAuthority>(); ArrayList<GrantedAuthority> grantedAuthoritys = new ArrayList<GrantedAuthority>();
grantedAuthoritys.add(new SimpleGrantedAuthority("ROLE_USER")); grantedAuthoritys.add(new SimpleGrantedAuthority("ROLE_USER"));
for(GrantedAuthority anthGrantedAuthority: ((UsernamePasswordAuthenticationToken)WebContext.getAuthentication()).getAuthorities()){ for(GrantedAuthority anthGrantedAuthority: ((UsernamePasswordAuthenticationToken)AuthorizationUtils.getAuthentication()).getAuthorities()){
grantedAuthoritys.add(anthGrantedAuthority); grantedAuthoritys.add(anthGrantedAuthority);
} }
AttributeStatement attributeStatement =attributeStatementGenerator.generateAttributeStatement( AttributeStatement attributeStatement =
saml20Details, grantedAuthoritys,attributeMap); attributeStatementGenerator.generateAttributeStatement(
saml20Details,
grantedAuthoritys,
attributeMap,
userInfo);
assertion.getAttributeStatements().add(attributeStatement); assertion.getAttributeStatements().add(attributeStatement);
//ID //ID
assertion.setID(idService.generateID()); assertion.setID(idService.generateID());

19
maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/xml/AttributeStatementGenerator.java
View File

@ -30,7 +30,6 @@ import org.maxkey.entity.ExtraAttr;
import org.maxkey.entity.ExtraAttrs; import org.maxkey.entity.ExtraAttrs;
import org.maxkey.entity.UserInfo; import org.maxkey.entity.UserInfo;
import org.maxkey.entity.apps.AppsSAML20Details; import org.maxkey.entity.apps.AppsSAML20Details;
import org.maxkey.web.WebContext;
import org.opensaml.Configuration; import org.opensaml.Configuration;
import org.opensaml.saml2.core.Attribute; import org.opensaml.saml2.core.Attribute;
import org.opensaml.saml2.core.AttributeStatement; import org.opensaml.saml2.core.AttributeStatement;
@ -52,15 +51,20 @@ public class AttributeStatementGenerator {
public static String COMMA = ","; public static String COMMA = ",";
public static String COMMA_ISO8859_1 = "#44;"; //#44; ->, public static String COMMA_ISO8859_1 = "#44;"; //#44; ->,
public AttributeStatement generateAttributeStatement(AppsSAML20Details saml20Details,ArrayList<GrantedAuthority> grantedAuthoritys) { public AttributeStatement generateAttributeStatement(
return generateAttributeStatement(saml20Details, grantedAuthoritys,null); AppsSAML20Details saml20Details,
ArrayList<GrantedAuthority> grantedAuthoritys,
UserInfo userInfo) {
return generateAttributeStatement(
saml20Details, grantedAuthoritys,null,userInfo);
} }
public AttributeStatement generateAttributeStatement( public AttributeStatement generateAttributeStatement(
AppsSAML20Details saml20Details, AppsSAML20Details saml20Details,
ArrayList<GrantedAuthority> grantedAuthoritys, ArrayList<GrantedAuthority> grantedAuthoritys,
HashMap<String,String>attributeMap) { HashMap<String,String>attributeMap,
UserInfo userInfo) {
AttributeStatementBuilder attributeStatementBuilder = (AttributeStatementBuilder) builderFactory.getBuilder(AttributeStatement.DEFAULT_ELEMENT_NAME); AttributeStatementBuilder attributeStatementBuilder = (AttributeStatementBuilder) builderFactory.getBuilder(AttributeStatement.DEFAULT_ELEMENT_NAME);
AttributeStatement attributeStatement = attributeStatementBuilder.buildObject(); AttributeStatement attributeStatement = attributeStatementBuilder.buildObject();
@ -68,7 +72,7 @@ public class AttributeStatementGenerator {
Attribute attributeGrantedAuthority=builderGrantedAuthority(grantedAuthoritys); Attribute attributeGrantedAuthority=builderGrantedAuthority(grantedAuthoritys);
attributeStatement.getAttributes().add(attributeGrantedAuthority); attributeStatement.getAttributes().add(attributeGrantedAuthority);
putUserAttributes(attributeMap); putUserAttributes(attributeMap,userInfo);
if(null!=attributeMap){ if(null!=attributeMap){
Iterator<Entry<String, String>> iterator = attributeMap.entrySet().iterator(); Iterator<Entry<String, String>> iterator = attributeMap.entrySet().iterator();
@ -137,8 +141,9 @@ public class AttributeStatementGenerator {
return xsStringValue; return xsStringValue;
} }
public HashMap <String,String> putUserAttributes(HashMap <String,String> attributeMap){ public HashMap <String,String> putUserAttributes(
UserInfo userInfo = WebContext.getUserInfo(); HashMap <String,String> attributeMap,
UserInfo userInfo){
attributeMap.put(ActiveDirectoryUser.USERNAME, userInfo.getUsername()); attributeMap.put(ActiveDirectoryUser.USERNAME, userInfo.getUsername());
attributeMap.put(ActiveDirectoryUser.UID, userInfo.getUsername()); attributeMap.put(ActiveDirectoryUser.UID, userInfo.getUsername());

7
maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/xml/AuthnResponseGenerator.java
View File

@ -26,6 +26,7 @@ import org.maxkey.authz.saml.service.TimeService;
import org.maxkey.authz.saml20.binding.BindingAdapter; import org.maxkey.authz.saml20.binding.BindingAdapter;
import org.maxkey.authz.saml20.xml.IssuerGenerator; import org.maxkey.authz.saml20.xml.IssuerGenerator;
import org.maxkey.constants.ConstsBoolean; import org.maxkey.constants.ConstsBoolean;
import org.maxkey.entity.UserInfo;
import org.maxkey.entity.apps.AppsSAML20Details; import org.maxkey.entity.apps.AppsSAML20Details;
import org.opensaml.Configuration; import org.opensaml.Configuration;
import org.opensaml.saml2.core.Assertion; import org.opensaml.saml2.core.Assertion;
@ -64,7 +65,8 @@ public class AuthnResponseGenerator {
public Response generateAuthnResponse( AppsSAML20Details saml20Details, public Response generateAuthnResponse( AppsSAML20Details saml20Details,
AuthnRequestInfo authnRequestInfo, AuthnRequestInfo authnRequestInfo,
HashMap<String,String>attributeMap, HashMap<String,String>attributeMap,
BindingAdapter bindingAdapter){ BindingAdapter bindingAdapter,
UserInfo currentUser){
Response authResponse = new ResponseBuilder().buildObject(); Response authResponse = new ResponseBuilder().buildObject();
//builder Assertion //builder Assertion
@ -75,7 +77,8 @@ public class AuthnResponseGenerator {
authnRequestInfo.getAuthnRequestID(), authnRequestInfo.getAuthnRequestID(),
saml20Details.getAudience(), saml20Details.getAudience(),
Integer.parseInt(saml20Details.getValidityInterval()), Integer.parseInt(saml20Details.getValidityInterval()),
attributeMap); attributeMap,
currentUser);
//Encrypt //Encrypt
if(ConstsBoolean.isYes(saml20Details.getEncrypted())) { if(ConstsBoolean.isYes(saml20Details.getEncrypted())) {

4
maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/xml/SubjectGenerator.java
View File

@ -47,8 +47,8 @@ public class SubjectGenerator {
public Subject generateSubject( AppsSAML20Details saml20Details, public Subject generateSubject( AppsSAML20Details saml20Details,
String assertionConsumerURL, String assertionConsumerURL,
String inResponseTo, String inResponseTo,
int validInSeconds) { int validInSeconds,
UserInfo userInfo = WebContext.getUserInfo(); UserInfo userInfo) {
String nameIdValue = userInfo.getUsername(); String nameIdValue = userInfo.getUsername();
if(saml20Details.getNameidFormat().equalsIgnoreCase("persistent")) { if(saml20Details.getNameidFormat().equalsIgnoreCase("persistent")) {

11
maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/TokenBasedAuthorizeEndpoint.java
View File

@ -24,12 +24,14 @@ import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.maxkey.authn.SigninPrincipal; import org.maxkey.authn.annotation.CurrentUser;
import org.maxkey.authn.web.AuthorizationUtils;
import org.maxkey.authz.endpoint.AuthorizeBaseEndpoint; import org.maxkey.authz.endpoint.AuthorizeBaseEndpoint;
import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter; import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
import org.maxkey.authz.token.endpoint.adapter.TokenBasedDefaultAdapter; import org.maxkey.authz.token.endpoint.adapter.TokenBasedDefaultAdapter;
import org.maxkey.configuration.ApplicationConfig; import org.maxkey.configuration.ApplicationConfig;
import org.maxkey.constants.ConstsBoolean; import org.maxkey.constants.ConstsBoolean;
import org.maxkey.entity.UserInfo;
import org.maxkey.entity.apps.Apps; import org.maxkey.entity.apps.Apps;
import org.maxkey.entity.apps.AppsTokenBasedDetails; import org.maxkey.entity.apps.AppsTokenBasedDetails;
import org.maxkey.persistence.service.AppsTokenBasedDetailsService; import org.maxkey.persistence.service.AppsTokenBasedDetailsService;
@ -66,7 +68,8 @@ public class TokenBasedAuthorizeEndpoint extends AuthorizeBaseEndpoint{
public ModelAndView authorize( public ModelAndView authorize(
HttpServletRequest request, HttpServletRequest request,
HttpServletResponse response, HttpServletResponse response,
@PathVariable("id") String id){ @PathVariable("id") String id,
@CurrentUser UserInfo currentUser){
ModelAndView modelAndView=new ModelAndView(); ModelAndView modelAndView=new ModelAndView();
@ -84,8 +87,8 @@ public class TokenBasedAuthorizeEndpoint extends AuthorizeBaseEndpoint{
}else{ }else{
adapter =(AbstractAuthorizeAdapter)new TokenBasedDefaultAdapter(); adapter =(AbstractAuthorizeAdapter)new TokenBasedDefaultAdapter();
} }
adapter.setAuthentication((SigninPrincipal)WebContext.getAuthentication().getPrincipal()); adapter.setAuthentication(AuthorizationUtils.getPrincipal());
adapter.setUserInfo(WebContext.getUserInfo()); adapter.setUserInfo(currentUser);
adapter.setApp(tokenBasedDetails); adapter.setApp(tokenBasedDetails);
adapter.generateInfo(); adapter.generateInfo();

3
maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java
View File

@ -28,7 +28,6 @@ import org.maxkey.authn.realm.jdbc.JdbcAuthenticationRealm;
import org.maxkey.authn.realm.ldap.LdapAuthenticationRealmService; import org.maxkey.authn.realm.ldap.LdapAuthenticationRealmService;
import org.maxkey.authn.support.kerberos.KerberosProxy; import org.maxkey.authn.support.kerberos.KerberosProxy;
import org.maxkey.authn.support.kerberos.RemoteKerberosService; import org.maxkey.authn.support.kerberos.RemoteKerberosService;
import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
import org.maxkey.configuration.EmailConfig; import org.maxkey.configuration.EmailConfig;
import org.maxkey.constants.ConstsPersistence; import org.maxkey.constants.ConstsPersistence;
import org.maxkey.password.onetimepwd.AbstractOtpAuthn; import org.maxkey.password.onetimepwd.AbstractOtpAuthn;
@ -103,7 +102,6 @@ public class MaxKeyConfig implements InitializingBean {
PasswordPolicyValidator passwordPolicyValidator, PasswordPolicyValidator passwordPolicyValidator,
LoginRepository loginService, LoginRepository loginService,
LoginHistoryRepository loginHistoryService, LoginHistoryRepository loginHistoryService,
AbstractRemeberMeService remeberMeService,
UserInfoService userInfoService, UserInfoService userInfoService,
JdbcTemplate jdbcTemplate, JdbcTemplate jdbcTemplate,
OtpAuthnService otpAuthnService, OtpAuthnService otpAuthnService,
@ -114,7 +112,6 @@ public class MaxKeyConfig implements InitializingBean {
passwordPolicyValidator, passwordPolicyValidator,
loginService, loginService,
loginHistoryService, loginHistoryService,
remeberMeService,
userInfoService, userInfoService,
jdbcTemplate, jdbcTemplate,
ldapRealmService ldapRealmService

82
maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyMvcConfig.java
View File

@ -24,14 +24,12 @@ import org.maxkey.authn.support.basic.BasicEntryPoint;
import org.maxkey.authn.support.httpheader.HttpHeaderEntryPoint; import org.maxkey.authn.support.httpheader.HttpHeaderEntryPoint;
import org.maxkey.authn.support.kerberos.HttpKerberosEntryPoint; import org.maxkey.authn.support.kerberos.HttpKerberosEntryPoint;
import org.maxkey.authn.support.kerberos.KerberosService; import org.maxkey.authn.support.kerberos.KerberosService;
import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
import org.maxkey.authn.support.rememberme.HttpRemeberMeEntryPoint;
import org.maxkey.authn.web.CurrentUserMethodArgumentResolver; import org.maxkey.authn.web.CurrentUserMethodArgumentResolver;
import org.maxkey.authn.web.interceptor.PermissionAdapter; import org.maxkey.authn.web.interceptor.PermissionInterceptor;
import org.maxkey.configuration.ApplicationConfig; import org.maxkey.configuration.ApplicationConfig;
import org.maxkey.web.interceptor.HistoryLoginAppAdapter; import org.maxkey.web.interceptor.HistorySignOnAppInterceptor;
import org.maxkey.web.interceptor.HistoryLogsAdapter; import org.maxkey.web.interceptor.HistoryLogsInterceptor;
import org.maxkey.web.interceptor.PreLoginAppAdapter; import org.maxkey.web.interceptor.SingleSignOnInterceptor;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
@ -44,7 +42,6 @@ import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry; import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry; import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import org.springframework.web.servlet.i18n.LocaleChangeInterceptor;
@Configuration @Configuration
@EnableWebMvc @EnableWebMvc
@ -59,28 +56,22 @@ public class MaxKeyMvcConfig implements WebMvcConfigurer {
@Qualifier("authenticationProvider") @Qualifier("authenticationProvider")
AbstractAuthenticationProvider authenticationProvider ; AbstractAuthenticationProvider authenticationProvider ;
@Autowired
@Qualifier("remeberMeService")
AbstractRemeberMeService remeberMeService;
@Autowired @Autowired
@Qualifier("kerberosService") @Qualifier("kerberosService")
KerberosService kerberosService; KerberosService kerberosService;
@Autowired @Autowired
PermissionAdapter permissionAdapter; PermissionInterceptor permissionInterceptor;
@Autowired @Autowired
HistoryLogsAdapter historyLogsAdapter; HistoryLogsInterceptor historyLogsInterceptor;
@Autowired @Autowired
LocaleChangeInterceptor localeChangeInterceptor; SingleSignOnInterceptor singleSignOnInterceptor;
@Autowired @Autowired
PreLoginAppAdapter preLoginAppAdapter; HistorySignOnAppInterceptor historySignOnAppInterceptor;
@Autowired
HistoryLoginAppAdapter historyLoginAppAdapter;
@Value("${maxkey.login.httpheader.enable:false}") @Value("${maxkey.login.httpheader.enable:false}")
private boolean httpHeaderEnable; private boolean httpHeaderEnable;
@ -118,10 +109,6 @@ public class MaxKeyMvcConfig implements WebMvcConfigurer {
public void addInterceptors(InterceptorRegistry registry) { public void addInterceptors(InterceptorRegistry registry) {
//addPathPatterns 用于添加拦截规则 先把所有路径都加入拦截 再一个个排除 //addPathPatterns 用于添加拦截规则 先把所有路径都加入拦截 再一个个排除
//excludePathPatterns 表示改路径不用拦截 //excludePathPatterns 表示改路径不用拦截
_logger.debug("add HttpRemeberMeEntryPoint");
registry.addInterceptor(new HttpRemeberMeEntryPoint(
authenticationProvider,remeberMeService,applicationConfig,true))
.addPathPatterns("/login");
_logger.debug("add HttpKerberosEntryPoint"); _logger.debug("add HttpKerberosEntryPoint");
registry.addInterceptor(new HttpKerberosEntryPoint( registry.addInterceptor(new HttpKerberosEntryPoint(
@ -141,11 +128,8 @@ public class MaxKeyMvcConfig implements WebMvcConfigurer {
_logger.debug("add BasicEntryPoint"); _logger.debug("add BasicEntryPoint");
} }
registry.addInterceptor(permissionAdapter) //for frontend
.addPathPatterns("/index/**") registry.addInterceptor(permissionInterceptor)
.addPathPatterns("/logs/**")
.addPathPatterns("/userinfo/**")
.addPathPatterns("/profile/**")
.addPathPatterns("/config/**") .addPathPatterns("/config/**")
.addPathPatterns("/historys/**") .addPathPatterns("/historys/**")
.addPathPatterns("/access/session/**") .addPathPatterns("/access/session/**")
@ -153,9 +137,17 @@ public class MaxKeyMvcConfig implements WebMvcConfigurer {
.addPathPatterns("/appList") .addPathPatterns("/appList")
.addPathPatterns("/appList/**") .addPathPatterns("/appList/**")
.addPathPatterns("/socialsignon/**") .addPathPatterns("/socialsignon/**")
;
_logger.debug("add Permission Interceptor");
registry.addInterceptor(historyLogsInterceptor)
.addPathPatterns("/config/changePassword/**")
;
_logger.debug("add historyLogs Interceptor");
//for Single Sign On
registry.addInterceptor(singleSignOnInterceptor)
.addPathPatterns("/authz/basic/*") .addPathPatterns("/authz/basic/*")
.addPathPatterns("/authz/ltpa/*")
//Form based //Form based
.addPathPatterns("/authz/formbased/*") .addPathPatterns("/authz/formbased/*")
//Token based //Token based
@ -198,33 +190,9 @@ public class MaxKeyMvcConfig implements WebMvcConfigurer {
.excludePathPatterns("/onlineticket/ticketValidate") .excludePathPatterns("/onlineticket/ticketValidate")
.excludePathPatterns("/onlineticket/ticketValidate/*") .excludePathPatterns("/onlineticket/ticketValidate/*")
; ;
_logger.debug("add Single SignOn Interceptor");
_logger.debug("add PermissionAdapter"); registry.addInterceptor(historySignOnAppInterceptor)
registry.addInterceptor(historyLogsAdapter)
.addPathPatterns("/safe/changePassword/**")
;
_logger.debug("add HistoryLogsAdapter");
registry.addInterceptor(preLoginAppAdapter)
.addPathPatterns("/authz/basic/*")
.addPathPatterns("/authz/ltpa/*")
//Form based
.addPathPatterns("/authz/formbased/*")
//Token based
.addPathPatterns("/authz/tokenbased/*")
//JWT
.addPathPatterns("/authz/jwt/*")
//SAML
.addPathPatterns("/authz/saml20/idpinit/*")
.addPathPatterns("/authz/saml20/assertion")
//CAS
.addPathPatterns("/authz/cas/login")
.addPathPatterns("/authz/cas/granting")
;
_logger.debug("add PreLoginAppAdapter");
registry.addInterceptor(historyLoginAppAdapter)
.addPathPatterns("/authz/basic/*") .addPathPatterns("/authz/basic/*")
.addPathPatterns("/authz/ltpa/*") .addPathPatterns("/authz/ltpa/*")
//Extend api //Extend api
@ -243,11 +211,7 @@ public class MaxKeyMvcConfig implements WebMvcConfigurer {
//OAuth //OAuth
.addPathPatterns("/authz/oauth/v20/approval_confirm") .addPathPatterns("/authz/oauth/v20/approval_confirm")
; ;
_logger.debug("add HistoryLoginAppAdapter"); _logger.debug("add history SignOn App Interceptor");
registry.addInterceptor(localeChangeInterceptor);
_logger.debug("add LocaleChangeInterceptor");
} }

2
maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/AppListController.java
View File

@ -70,7 +70,7 @@ public class AppListController {
public ResponseEntity<?> appList( public ResponseEntity<?> appList(
@RequestParam(value = "gridList", required = false) String gridList, @RequestParam(value = "gridList", required = false) String gridList,
@CurrentUser UserInfo currentUser) { @CurrentUser UserInfo currentUser) {
userInfoService.updateGridList(gridList); userInfoService.updateGridList(gridList,currentUser);
UserApps userApps = new UserApps(); UserApps userApps = new UserApps();
userApps.setUsername(currentUser.getUsername()); userApps.setUsername(currentUser.getUsername());
userApps.setInstId(currentUser.getInstId()); userApps.setInstId(currentUser.getInstId());

74
maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/ChangePasswodController.java Normal file
View File

@ -0,0 +1,74 @@
/*
* Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.maxkey.web.contorller;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.maxkey.authn.annotation.CurrentUser;
import org.maxkey.constants.ConstsOperateMessage;
import org.maxkey.constants.ConstsPasswordSetType;
import org.maxkey.constants.ConstsTimeInterval;
import org.maxkey.entity.ChangePassword;
import org.maxkey.entity.UserInfo;
import org.maxkey.persistence.repository.PasswordPolicyValidator;
import org.maxkey.persistence.service.UserInfoService;
import org.maxkey.web.WebConstants;
import org.maxkey.web.WebContext;
import org.maxkey.web.message.Message;
import org.maxkey.web.message.MessageType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.servlet.ModelAndView;
@Controller
@RequestMapping(value={"/config"})
public class ChangePasswodController {
final static Logger _logger = LoggerFactory.getLogger(ChangePasswodController.class);
@Autowired
private UserInfoService userInfoService;
@ResponseBody
@RequestMapping(value="/changePassword")
public Message changePasswod(
@RequestBody ChangePassword changePassword,
@CurrentUser UserInfo currentUser) {
changePassword.setUserId(currentUser.getId());
changePassword.setUsername(currentUser.getUsername());
changePassword.setInstId(currentUser.getInstId());
changePassword.setPasswordSetType(ConstsPasswordSetType.PASSWORD_NORMAL);
if(userInfoService.changePassword(changePassword)) {
return new Message(WebContext.getI18nValue(ConstsOperateMessage.UPDATE_SUCCESS),MessageType.success);
}else {
return new Message(
WebContext.getI18nValue(ConstsOperateMessage.UPDATE_ERROR)+"<br>"
+WebContext.getAttribute(PasswordPolicyValidator.PASSWORD_POLICY_VALIDATE_RESULT),
MessageType.error);
}
}
}

3
maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/ForgotPasswordContorller.java
View File

@ -145,13 +145,14 @@ public class ForgotPasswordContorller {
if ((forgotType == ForgotType.EMAIL && mailOtpAuthn.validate(userInfo, captcha)) || if ((forgotType == ForgotType.EMAIL && mailOtpAuthn.validate(userInfo, captcha)) ||
(forgotType == ForgotType.MOBILE && smsOtpAuthn.validate(userInfo, captcha)) (forgotType == ForgotType.MOBILE && smsOtpAuthn.validate(userInfo, captcha))
) { ) {
/**
if(userInfoService.changePassword(userInfo,true)) { if(userInfoService.changePassword(userInfo,true)) {
modelAndView.addObject("passwordResetResult", PasswordResetResult.SUCCESS); modelAndView.addObject("passwordResetResult", PasswordResetResult.SUCCESS);
}else { }else {
; ;
modelAndView.addObject("validate_result", WebContext.getAttribute(PasswordPolicyValidator.PASSWORD_POLICY_VALIDATE_RESULT)); modelAndView.addObject("validate_result", WebContext.getAttribute(PasswordPolicyValidator.PASSWORD_POLICY_VALIDATE_RESULT));
modelAndView.addObject("passwordResetResult", PasswordResetResult.PASSWORDERROR); modelAndView.addObject("passwordResetResult", PasswordResetResult.PASSWORDERROR);
} }*/
} else { } else {
modelAndView.addObject("passwordResetResult", PasswordResetResult.CAPTCHAERROR); modelAndView.addObject("passwordResetResult", PasswordResetResult.CAPTCHAERROR);
} }

55
maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/ProfileController.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright [2020] [MaxKey of copyright http://www.maxkey.top] * Copyright [2022] [MaxKey of copyright http://www.maxkey.top]
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -17,45 +17,34 @@
package org.maxkey.web.contorller; package org.maxkey.web.contorller;
import javax.validation.Valid; import org.maxkey.authn.annotation.CurrentUser;
import org.maxkey.constants.ConstsOperateMessage; import org.maxkey.entity.Message;
import org.maxkey.entity.UserInfo; import org.maxkey.entity.UserInfo;
import org.maxkey.persistence.service.UserInfoService; import org.maxkey.persistence.service.UserInfoService;
import org.maxkey.web.WebContext;
import org.maxkey.web.message.Message;
import org.maxkey.web.message.MessageScope;
import org.maxkey.web.message.MessageType;
import org.maxkey.web.message.OperateType;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller; import org.springframework.stereotype.Controller;
import org.springframework.validation.BindingResult; import org.springframework.validation.BindingResult;
import org.springframework.web.bind.annotation.ModelAttribute; import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.servlet.ModelAndView; import org.springframework.web.bind.annotation.ResponseBody;
@Controller @Controller
@RequestMapping(value = { "/profile" }) @RequestMapping(value = { "/config/profile" })
public class ProfileController { public class ProfileController {
static final Logger _logger = LoggerFactory.getLogger(ProfileController.class); static final Logger _logger = LoggerFactory.getLogger(ProfileController.class);
@Autowired @Autowired
private UserInfoService userInfoService; private UserInfoService userInfoService;
@RequestMapping(value = { "/myProfile" }) @RequestMapping(value = { "/get" }, produces = {MediaType.APPLICATION_JSON_VALUE})
public ModelAndView forwardBasic() { public ResponseEntity<?> get(@CurrentUser UserInfo currentUser) {
ModelAndView modelAndView = new ModelAndView("profile/myProfile"); UserInfo userInfo = userInfoService.findByUsername(currentUser.getUsername());
UserInfo userInfo = userInfoService.findByUsername(WebContext.getUserInfo().getUsername()); userInfo.trans();
userInfo.transPictureBase64(); return new Message<UserInfo>(userInfo).buildResponse();
// HashMap<String,Object>extraAttributeMap=new HashMap<String,Object>();
// extraAttributeMap=(HashMap<String,Object>)JsonUtils.json2Object(userInfo.getExtraAttribute(),extraAttributeMap);
// modelAndView.addObject("extraAttributeMap", extraAttributeMap);
// _logger.info("extraAttributeMap : "+extraAttributeMap);
//
modelAndView.addObject("model", userInfo);
return modelAndView;
} }
/** /**
@ -65,9 +54,11 @@ public class ProfileController {
* @param result * @param result
* @return * @return
*/ */
@RequestMapping(value = "/update/myProfile") @ResponseBody
public ModelAndView updatebasic( @RequestMapping(value={"/update"}, produces = {MediaType.APPLICATION_JSON_VALUE})
@Valid @ModelAttribute("userInfo") UserInfo userInfo, public ResponseEntity<?> update(
@RequestBody UserInfo userInfo,
@CurrentUser UserInfo currentUser,
BindingResult result) { BindingResult result) {
_logger.debug(userInfo.toString()); _logger.debug(userInfo.toString());
@ -83,16 +74,10 @@ public class ProfileController {
// } // }
if (userInfoService.updateProfile(userInfo) > 0) { if (userInfoService.updateProfile(userInfo) > 0) {
new Message( return new Message<UserInfo>(Message.SUCCESS).buildResponse();
WebContext.getI18nValue(ConstsOperateMessage.UPDATE_SUCCESS),
userInfo, MessageType.success,
OperateType.add, MessageScope.DB);
} else {
new Message(WebContext.getI18nValue(ConstsOperateMessage.UPDATE_ERROR), MessageType.error);
} }
return WebContext.redirect("/profile/myProfile"); return new Message<UserInfo>(Message.FAIL).buildResponse();
} }

124
maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/SafeController.java
View File

@ -20,14 +20,11 @@ package org.maxkey.web.contorller;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.maxkey.authn.annotation.CurrentUser;
import org.maxkey.constants.ConstsOperateMessage; import org.maxkey.constants.ConstsOperateMessage;
import org.maxkey.constants.ConstsPasswordSetType;
import org.maxkey.constants.ConstsTimeInterval; import org.maxkey.constants.ConstsTimeInterval;
import org.maxkey.crypto.password.PasswordReciprocal;
import org.maxkey.entity.UserInfo; import org.maxkey.entity.UserInfo;
import org.maxkey.persistence.repository.PasswordPolicyValidator;
import org.maxkey.persistence.service.UserInfoService; import org.maxkey.persistence.service.UserInfoService;
import org.maxkey.util.StringUtils;
import org.maxkey.web.WebConstants; import org.maxkey.web.WebConstants;
import org.maxkey.web.WebContext; import org.maxkey.web.WebContext;
import org.maxkey.web.message.Message; import org.maxkey.web.message.Message;
@ -49,109 +46,13 @@ public class SafeController {
@Autowired @Autowired
private UserInfoService userInfoService; private UserInfoService userInfoService;
@ResponseBody
@RequestMapping(value="/forward/changePasswod")
public ModelAndView fowardChangePasswod() {
ModelAndView modelAndView=new ModelAndView("safe/changePassword");
modelAndView.addObject("model", WebContext.getUserInfo());
return modelAndView;
}
@ResponseBody
@RequestMapping(value="/changePassword")
public Message changePasswod(
@RequestParam(value ="oldPassword",required = true) String oldPassword,
@RequestParam("newPassword") String newPassword,
@RequestParam("confirmPassword") String confirmPassword) {
if(userInfoService.changePassword(oldPassword,newPassword,confirmPassword,ConstsPasswordSetType.PASSWORD_NORMAL)) {
return new Message(WebContext.getI18nValue(ConstsOperateMessage.UPDATE_SUCCESS),MessageType.success);
}else {
return new Message(
WebContext.getI18nValue(ConstsOperateMessage.UPDATE_ERROR)+"<br>"
+WebContext.getAttribute(PasswordPolicyValidator.PASSWORD_POLICY_VALIDATE_RESULT),
MessageType.error);
}
}
@RequestMapping(value="/changeExpiredPassword")
public ModelAndView changeExpiredPassword(
@RequestParam(value ="oldPassword" ,required = false) String oldPassword,
@RequestParam(value ="newPassword",required = false) String newPassword,
@RequestParam(value ="confirmPassword",required = false) String confirmPassword) {
ModelAndView modelAndView=new ModelAndView("passwordExpired");
if(newPassword ==null ||newPassword.equals("")) {
}else if(userInfoService.changePassword(oldPassword,newPassword,confirmPassword,ConstsPasswordSetType.PASSWORD_NORMAL)){
WebContext.getSession().setAttribute(WebConstants.CURRENT_USER_PASSWORD_SET_TYPE,ConstsPasswordSetType.PASSWORD_NORMAL);
return WebContext.redirect("/index");
}
Object errorMessage=WebContext.getAttribute(PasswordPolicyValidator.PASSWORD_POLICY_VALIDATE_RESULT);
UserInfo userInfo=WebContext.getUserInfo();
modelAndView.addObject("model", userInfo);
modelAndView.addObject("errorMessage", errorMessage==null?"":errorMessage);
return modelAndView;
}
@RequestMapping(value="/changeInitPassword")
public ModelAndView changeInitPassword(
@RequestParam(value ="oldPassword",required = false) String oldPassword,
@RequestParam(value ="newPassword",required = false) String newPassword,
@RequestParam(value ="confirmPassword",required = false) String confirmPassword) {
ModelAndView modelAndView=new ModelAndView("passwordInitial");
if(newPassword ==null ||newPassword.equals("")) {
}else if(userInfoService.changePassword(oldPassword,newPassword,confirmPassword,ConstsPasswordSetType.PASSWORD_NORMAL)){
WebContext.getSession().setAttribute(WebConstants.CURRENT_USER_PASSWORD_SET_TYPE,ConstsPasswordSetType.PASSWORD_NORMAL);
return WebContext.redirect("/index");
}
Object errorMessage=WebContext.getAttribute(PasswordPolicyValidator.PASSWORD_POLICY_VALIDATE_RESULT);
modelAndView.addObject("errorMessage", errorMessage==null?"":errorMessage);
UserInfo userInfo=WebContext.getUserInfo();
modelAndView.addObject("model", userInfo);
return modelAndView;
}
@ResponseBody
@RequestMapping(value="/forward/changeAppLoginPasswod")
public ModelAndView fowardChangeAppLoginPasswod() {
ModelAndView modelAndView=new ModelAndView("safe/changeAppLoginPasswod");
modelAndView.addObject("model", WebContext.getUserInfo());
return modelAndView;
}
@ResponseBody
@RequestMapping(value="/changeAppLoginPasswod")
public Message changeAppLoginPasswod(
@RequestParam("oldPassword") String oldPassword,
@RequestParam("newPassword") String newPassword,
@RequestParam("confirmPassword") String confirmPassword) {
UserInfo userInfo =WebContext.getUserInfo();
_logger.debug("App Login Password : "+userInfo.getAppLoginPassword());
_logger.debug("App Login new Password : "+PasswordReciprocal.getInstance().encode(newPassword));
if(newPassword.equals(confirmPassword)){
if(StringUtils.isEmpty(userInfo.getAppLoginPassword())||userInfo.getAppLoginPassword().equals(PasswordReciprocal.getInstance().encode(oldPassword))){
userInfo.setAppLoginPassword(PasswordReciprocal.getInstance().encode(newPassword));
boolean change= userInfoService.updateAppLoginPassword(userInfo);
_logger.debug(""+change);
return new Message(WebContext.getI18nValue(ConstsOperateMessage.UPDATE_SUCCESS),MessageType.prompt);
}
}
return new Message(WebContext.getI18nValue(ConstsOperateMessage.UPDATE_ERROR),MessageType.error);
}
@RequestMapping(value="/forward/setting") @RequestMapping(value="/forward/setting")
public ModelAndView fowardSetting() { public ModelAndView fowardSetting(@CurrentUser UserInfo currentUser) {
ModelAndView modelAndView=new ModelAndView("safe/setting"); ModelAndView modelAndView=new ModelAndView("safe/setting");
modelAndView.addObject("model", WebContext.getUserInfo()); modelAndView.addObject("model", currentUser);
return modelAndView; return modelAndView;
} }
@ -165,24 +66,25 @@ public class SafeController {
@RequestParam("mobileVerify") String mobileVerify, @RequestParam("mobileVerify") String mobileVerify,
@RequestParam("email") String email, @RequestParam("email") String email,
@RequestParam("emailVerify") String emailVerify, @RequestParam("emailVerify") String emailVerify,
@RequestParam("theme") String theme) { @RequestParam("theme") String theme,
UserInfo userInfo =WebContext.getUserInfo(); @CurrentUser UserInfo currentUser) {
userInfo.setAuthnType(Integer.parseInt(authnType)); currentUser.setAuthnType(Integer.parseInt(authnType));
userInfoService.updateAuthnType(userInfo); userInfoService.updateAuthnType(currentUser);
userInfo.setMobile(mobile); currentUser.setMobile(mobile);
userInfoService.updateMobile(userInfo); userInfoService.updateMobile(currentUser);
userInfo.setEmail(email); currentUser.setEmail(email);
userInfo.setTheme(theme); currentUser.setTheme(theme);
WebContext.setCookie(response,null, WebConstants.THEME_COOKIE_NAME, theme, ConstsTimeInterval.ONE_WEEK); WebContext.setCookie(response,null, WebConstants.THEME_COOKIE_NAME, theme, ConstsTimeInterval.ONE_WEEK);
userInfoService.updateEmail(userInfo); userInfoService.updateEmail(currentUser);
return new Message(WebContext.getI18nValue(ConstsOperateMessage.UPDATE_SUCCESS),MessageType.success); return new Message(WebContext.getI18nValue(ConstsOperateMessage.UPDATE_SUCCESS),MessageType.success);
} }
} }

8
maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/endpoint/LoginEntryPoint.java
View File

@ -30,6 +30,7 @@ import org.maxkey.authn.jwt.AuthJwt;
import org.maxkey.authn.jwt.AuthJwtService; import org.maxkey.authn.jwt.AuthJwtService;
import org.maxkey.authn.support.kerberos.KerberosService; import org.maxkey.authn.support.kerberos.KerberosService;
import org.maxkey.authn.support.socialsignon.service.SocialSignOnProviderService; import org.maxkey.authn.support.socialsignon.service.SocialSignOnProviderService;
import org.maxkey.authn.web.AuthorizationUtils;
import org.maxkey.configuration.ApplicationConfig; import org.maxkey.configuration.ApplicationConfig;
import org.maxkey.entity.Institutions; import org.maxkey.entity.Institutions;
import org.maxkey.entity.Message; import org.maxkey.entity.Message;
@ -110,7 +111,7 @@ public class LoginEntryPoint {
public ModelAndView login(HttpServletRequest request) { public ModelAndView login(HttpServletRequest request) {
_logger.debug("LoginController /login."); _logger.debug("LoginController /login.");
boolean isAuthenticated= WebContext.isAuthenticated(); boolean isAuthenticated= AuthorizationUtils.isAuthenticated();
if(isAuthenticated){ if(isAuthenticated){
return WebContext.redirect("/forwardindex"); return WebContext.redirect("/forwardindex");
@ -153,7 +154,7 @@ public class LoginEntryPoint {
authenticationProvider.authenticate(loginCredential); authenticationProvider.authenticate(loginCredential);
if (WebContext.isAuthenticated()) { if (AuthorizationUtils.isAuthenticated()) {
return WebContext.redirect("/forwardindex"); return WebContext.redirect("/forwardindex");
} else { } else {
return WebContext.redirect("/login"); return WebContext.redirect("/login");
@ -193,6 +194,9 @@ public class LoginEntryPoint {
@RequestMapping(value={"/signin"}, produces = {MediaType.APPLICATION_JSON_VALUE}) @RequestMapping(value={"/signin"}, produces = {MediaType.APPLICATION_JSON_VALUE})
public ResponseEntity<?> signin( @RequestBody LoginCredential loginCredential) { public ResponseEntity<?> signin( @RequestBody LoginCredential loginCredential) {
Authentication authentication = authenticationProvider.authenticate(loginCredential); Authentication authentication = authenticationProvider.authenticate(loginCredential);
if(authentication == null) {
return new Message<AuthJwt>(Message.FAIL).buildResponse();
}
String jwt = authJwtService.generateToken(authentication); String jwt = authJwtService.generateToken(authentication);
return new Message<AuthJwt>(new AuthJwt(jwt, authentication)).buildResponse(); return new Message<AuthJwt>(new AuthJwt(jwt, authentication)).buildResponse();
} }

6
maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/endpoint/LogoutEndpoint.java
View File

@ -24,10 +24,10 @@ import java.util.Map.Entry;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.maxkey.authn.SigninPrincipal;
import org.maxkey.authn.online.OnlineTicket; import org.maxkey.authn.online.OnlineTicket;
import org.maxkey.authn.online.OnlineTicketService; import org.maxkey.authn.online.OnlineTicketService;
import org.maxkey.authn.realm.AbstractAuthenticationRealm; import org.maxkey.authn.realm.AbstractAuthenticationRealm;
import org.maxkey.authn.web.AuthorizationUtils;
import org.maxkey.authz.singlelogout.SamlSingleLogout; import org.maxkey.authz.singlelogout.SamlSingleLogout;
import org.maxkey.authz.singlelogout.DefaultSingleLogout; import org.maxkey.authz.singlelogout.DefaultSingleLogout;
import org.maxkey.authz.singlelogout.LogoutType; import org.maxkey.authz.singlelogout.LogoutType;
@ -117,8 +117,8 @@ public class LogoutEndpoint {
modelAndView.addObject("reloginUrl",reLoginUrl); modelAndView.addObject("reloginUrl",reLoginUrl);
//if logined in have onlineTicket ,need remove or logout back //if logined in have onlineTicket ,need remove or logout back
if(WebContext.getAuthentication() != null) { if(AuthorizationUtils.getAuthentication() != null) {
String onlineTicketId = ((SigninPrincipal)WebContext.getAuthentication().getPrincipal()).getOnlineTicket().getTicketId(); String onlineTicketId = (AuthorizationUtils.getPrincipal()).getOnlineTicket().getTicketId();
OnlineTicket onlineTicket = onlineTicketService.get(onlineTicketId); OnlineTicket onlineTicket = onlineTicketService.get(onlineTicketId);
if(onlineTicket != null) { if(onlineTicket != null) {
Set<Entry<String, Apps>> entrySet = onlineTicket.getAuthorizedApps().entrySet(); Set<Entry<String, Apps>> entrySet = onlineTicket.getAuthorizedApps().entrySet();

69
maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/filter/SingleSignOnFilter.java
View File

@ -1,69 +0,0 @@
/*
* Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.maxkey.web.filter;
import java.io.IOException;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import org.maxkey.util.StringUtils;
import org.maxkey.web.WebConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
/**
* SingleSignOnFilter.
* @author Crystal.Sea
*/
public class SingleSignOnFilter implements Filter {
private static final Logger _logger = LoggerFactory.getLogger(SingleSignOnFilter.class);
/**
*doFilter.
*/
public void doFilter(ServletRequest request,
ServletResponse response, FilterChain chain)throws IOException, ServletException {
HttpServletRequest httpServletRequest = (HttpServletRequest) request;
HttpSession session = httpServletRequest.getSession();
// 浠巗ession涓幏鍙栧瓨鏀剧殑appid
String appId = (String) session.getAttribute(WebConstants.SINGLE_SIGN_ON_APP_ID);
// 鑾峰彇鏈<EFBFBD>鍚庝竴涓<EFBFBD>"/"鐨勬暟鎹綔涓篴ppid锛屼繚瀛樺湪session涓<EFBFBD>
if (StringUtils.isEmpty(appId)) {
String uir = httpServletRequest.getRequestURI();
session.setAttribute(WebConstants.SINGLE_SIGN_ON_APP_ID,
uir.substring(uir.lastIndexOf("/") + 1));
session.setAttribute("protocol", "formbase");
}
chain.doFilter(request, response);
}
public void destroy() {
_logger.debug(" destroy.");
}
public void init(FilterConfig config) throws ServletException {
_logger.debug(" init.");
}
}

16
maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/HistoryLogsAdapter.java → maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/HistoryLogsInterceptor.java
View File

@ -19,6 +19,8 @@ package org.maxkey.web.interceptor;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.maxkey.authn.web.AuthorizationUtils;
import org.maxkey.entity.HistorySystemLogs; import org.maxkey.entity.HistorySystemLogs;
import org.maxkey.entity.UserInfo; import org.maxkey.entity.UserInfo;
import org.maxkey.persistence.service.HistorySystemLogsService; import org.maxkey.persistence.service.HistorySystemLogsService;
@ -40,9 +42,9 @@ import org.springframework.web.servlet.ModelAndView;
* *
*/ */
@Component @Component
public class HistoryLogsAdapter implements AsyncHandlerInterceptor { public class HistoryLogsInterceptor implements AsyncHandlerInterceptor {
private static final Logger _logger = LoggerFactory.getLogger(HistoryLogsAdapter.class); private static final Logger _logger = LoggerFactory.getLogger(HistoryLogsInterceptor.class);
@Autowired @Autowired
private HistorySystemLogsService historySystemLogsService; private HistorySystemLogsService historySystemLogsService;
@ -60,13 +62,13 @@ public class HistoryLogsAdapter implements AsyncHandlerInterceptor {
//判断message类型 //判断message类型
if (message.getMessageScope() == MessageScope.DB if (message.getMessageScope() == MessageScope.DB
|| message.getMessageScope() == MessageScope.DB_CLIENT) { || message.getMessageScope() == MessageScope.DB_CLIENT) {
UserInfo userInfo = WebContext.getUserInfo();//取得当前用户信息 UserInfo userInfo = AuthorizationUtils.getUserInfo();//取得当前用户信息
//创建日志记录 //创建日志记录
HistorySystemLogs historyLogs = new HistorySystemLogs(); HistorySystemLogs historySystemLogs = new HistorySystemLogs();
historyLogs.setInstId(userInfo.getInstId()); historySystemLogs.setInstId(userInfo.getInstId());
_logger.debug("insert db historyLogs content : " + historyLogs); _logger.debug("insert db historyLogs content : " + historySystemLogs);
historySystemLogsService.insert(historyLogs);//日志插入数据库 historySystemLogsService.insert(historySystemLogs);//日志插入数据库
//message类型仅插入数据库 //message类型仅插入数据库
if (message.getMessageScope() == MessageScope.DB) { if (message.getMessageScope() == MessageScope.DB) {
WebContext.clearMessage();//清除message WebContext.clearMessage();//清除message

18
maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/HistoryLoginAppAdapter.java → maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/HistorySignOnAppInterceptor.java
View File

@ -21,6 +21,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.maxkey.authn.SigninPrincipal; import org.maxkey.authn.SigninPrincipal;
import org.maxkey.authn.web.AuthorizationUtils;
import org.maxkey.entity.HistoryLoginApps; import org.maxkey.entity.HistoryLoginApps;
import org.maxkey.entity.UserInfo; import org.maxkey.entity.UserInfo;
import org.maxkey.entity.apps.Apps; import org.maxkey.entity.apps.Apps;
@ -39,8 +40,8 @@ import org.springframework.web.servlet.AsyncHandlerInterceptor;
import org.springframework.web.servlet.ModelAndView; import org.springframework.web.servlet.ModelAndView;
@Component @Component
public class HistoryLoginAppAdapter implements AsyncHandlerInterceptor { public class HistorySignOnAppInterceptor implements AsyncHandlerInterceptor {
private static final Logger _logger = LoggerFactory.getLogger(HistoryLoginAppAdapter.class); private static final Logger _logger = LoggerFactory.getLogger(HistorySignOnAppInterceptor.class);
@Autowired @Autowired
HistoryLoginAppsService historyLoginAppsService; HistoryLoginAppsService historyLoginAppsService;
@ -58,7 +59,7 @@ public class HistoryLoginAppAdapter implements AsyncHandlerInterceptor {
throws Exception { throws Exception {
_logger.debug("preHandle"); _logger.debug("preHandle");
final Apps app = (Apps)WebContext.getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP); final Apps app = (Apps)WebContext.getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP);
Authentication authentication = WebContext.getAuthentication(); Authentication authentication = AuthorizationUtils.getAuthentication();
if(authentication.getPrincipal() instanceof SigninPrincipal) { if(authentication.getPrincipal() instanceof SigninPrincipal) {
SigninPrincipal signinPrincipal = (SigninPrincipal)authentication.getPrincipal() ; SigninPrincipal signinPrincipal = (SigninPrincipal)authentication.getPrincipal() ;
if(signinPrincipal.getGrantedAuthorityApps().contains(new SimpleGrantedAuthority(app.getId()))) { if(signinPrincipal.getGrantedAuthorityApps().contains(new SimpleGrantedAuthority(app.getId()))) {
@ -83,8 +84,13 @@ public class HistoryLoginAppAdapter implements AsyncHandlerInterceptor {
_logger.debug("postHandle"); _logger.debug("postHandle");
final Apps app = (Apps)WebContext.getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP); final Apps app = (Apps)WebContext.getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP);
String sessionId = "";//(String)WebContext.getAttribute(WebConstants.CURRENT_USER_SESSION_ID);
final UserInfo userInfo = WebContext.getUserInfo(); Authentication authentication = AuthorizationUtils.getAuthentication();
if((authentication != null)
&& (authentication.getPrincipal() instanceof SigninPrincipal)) {
SigninPrincipal signinPrincipal = AuthorizationUtils.getPrincipal();
final UserInfo userInfo = signinPrincipal.getUserInfo();
String sessionId = signinPrincipal.getOnlineTicket().getTicketId().substring(3);
_logger.debug("sessionId : " + sessionId + " ,appId : " + app.getId()); _logger.debug("sessionId : " + sessionId + " ,appId : " + app.getId());
HistoryLoginApps historyLoginApps = new HistoryLoginApps(); HistoryLoginApps historyLoginApps = new HistoryLoginApps();
historyLoginApps.setAppId(app.getId()); historyLoginApps.setAppId(app.getId());
@ -98,4 +104,6 @@ public class HistoryLoginAppAdapter implements AsyncHandlerInterceptor {
WebContext.removeAttribute(WebConstants.CURRENT_SINGLESIGNON_URI); WebContext.removeAttribute(WebConstants.CURRENT_SINGLESIGNON_URI);
WebContext.removeAttribute(WebConstants.SINGLE_SIGN_ON_APP_ID); WebContext.removeAttribute(WebConstants.SINGLE_SIGN_ON_APP_ID);
} }
}
} }

70
maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/PreLoginAppAdapter.java
View File

@ -1,70 +0,0 @@
/*
* Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.maxkey.web.interceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.maxkey.web.WebConstants;
import org.maxkey.web.WebContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.AsyncHandlerInterceptor;
@Component
public class PreLoginAppAdapter implements AsyncHandlerInterceptor {
private static final Logger _logger = LoggerFactory.getLogger(PreLoginAppAdapter.class);
@Override
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler)
throws Exception {
_logger.debug("preHandle");
String redirect_uri = request.getRequestURL().toString();
String appId = getAppIdFromRequestUrl(request);
_logger.debug("preHandle app Id " + appId);
Object singlesignon_uri = WebContext.getAttribute(WebConstants.CURRENT_SINGLESIGNON_URI);
if (singlesignon_uri != null && singlesignon_uri.equals(redirect_uri)) {
return true;
}
/*
* UserInfo userInfo = WebContext.getUserInfo();
* if(userInfo.getProtectedAppsMap().get(appId)!=null){
*
* request.setAttribute("redirect_uri",redirect_uri);
* _logger.debug(""+redirect_uri); RequestDispatcher dispatcher =
* request.getRequestDispatcher("/authorize/protected/forward");
* dispatcher.forward(request, response); return false; }
*/
return true;
}
/**
* Request URL .
* @param request http
* @return .
*/
public static String getAppIdFromRequestUrl(HttpServletRequest request) {
String[] uri = request.getRequestURI().split("/");
String appId = uri[uri.length - 1];
return appId;
}
}

70
maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/SingleSignOnInterceptor.java Normal file
View File

@ -0,0 +1,70 @@
/*
* Copyright [2022] [MaxKey of copyright http://www.maxkey.top]
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.maxkey.web.interceptor;
import javax.servlet.RequestDispatcher;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.maxkey.authn.jwt.AuthJwtService;
import org.maxkey.authn.online.OnlineTicketService;
import org.maxkey.authn.web.AuthorizationUtils;
import org.maxkey.crypto.Base64Utils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.web.util.UrlUtils;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.AsyncHandlerInterceptor;
@Component
public class SingleSignOnInterceptor implements AsyncHandlerInterceptor {
private static final Logger _logger = LoggerFactory.getLogger(SingleSignOnInterceptor.class);
@Autowired
OnlineTicketService onlineTicketService;
@Autowired
AuthJwtService authJwtService ;
@Override
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler)
throws Exception {
_logger.debug("Single Sign On Interceptor automatic Auth");
AuthorizationUtils.authenticateWithCookie(
request,authJwtService,onlineTicketService);
if(AuthorizationUtils.isAuthenticated()){
//http://sso.maxkey.top/sign/
String loginUrl = "http://sso.maxkey.top:4200/#/passport/login";
String savedRequestUrl = UrlUtils.buildFullRequestUrl(request);
String base64RequestUrl = Base64Utils.base64UrlEncode(savedRequestUrl.getBytes());
_logger.trace("No Authentication ... forward to /auth/entrypoint");
RequestDispatcher dispatcher = request.getRequestDispatcher(loginUrl + "?redirect_uri=" + base64RequestUrl);
dispatcher.forward(request, response);
return false;
}
return true;
}
}

3
maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/MaxKeyMgtConfig.java
View File

@ -24,7 +24,6 @@ import org.maxkey.persistence.repository.LoginRepository;
import org.maxkey.persistence.repository.PasswordPolicyValidator; import org.maxkey.persistence.repository.PasswordPolicyValidator;
import org.maxkey.persistence.service.UserInfoService; import org.maxkey.persistence.service.UserInfoService;
import org.maxkey.authn.realm.jdbc.JdbcAuthenticationRealm; import org.maxkey.authn.realm.jdbc.JdbcAuthenticationRealm;
import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.InitializingBean; import org.springframework.beans.factory.InitializingBean;
@ -44,7 +43,6 @@ public class MaxKeyMgtConfig implements InitializingBean {
PasswordPolicyValidator passwordPolicyValidator, PasswordPolicyValidator passwordPolicyValidator,
LoginRepository loginRepository, LoginRepository loginRepository,
LoginHistoryRepository loginHistoryRepository, LoginHistoryRepository loginHistoryRepository,
AbstractRemeberMeService remeberMeService,
UserInfoService userInfoService, UserInfoService userInfoService,
JdbcTemplate jdbcTemplate) { JdbcTemplate jdbcTemplate) {
@ -53,7 +51,6 @@ public class MaxKeyMgtConfig implements InitializingBean {
passwordPolicyValidator, passwordPolicyValidator,
loginRepository, loginRepository,
loginHistoryRepository, loginHistoryRepository,
remeberMeService,
userInfoService, userInfoService,
jdbcTemplate); jdbcTemplate);

22
maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/MaxKeyMgtMvcConfig.java
View File

@ -22,17 +22,14 @@ import java.util.List;
import org.maxkey.authn.AbstractAuthenticationProvider; import org.maxkey.authn.AbstractAuthenticationProvider;
import org.maxkey.authn.support.jwt.HttpJwtEntryPoint; import org.maxkey.authn.support.jwt.HttpJwtEntryPoint;
import org.maxkey.authn.support.jwt.JwtLoginService; import org.maxkey.authn.support.jwt.JwtLoginService;
import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
import org.maxkey.authn.support.rememberme.HttpRemeberMeEntryPoint;
import org.maxkey.authn.web.CurrentUserMethodArgumentResolver; import org.maxkey.authn.web.CurrentUserMethodArgumentResolver;
import org.maxkey.authn.web.interceptor.PermissionAdapter; import org.maxkey.authn.web.interceptor.PermissionInterceptor;
import org.maxkey.configuration.ApplicationConfig; import org.maxkey.configuration.ApplicationConfig;
import org.maxkey.web.interceptor.HistoryLogsAdapter; import org.maxkey.web.interceptor.HistoryLogsAdapter;
import org.maxkey.web.interceptor.RestApiPermissionAdapter; import org.maxkey.web.interceptor.RestApiPermissionAdapter;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.EnableWebMvc; import org.springframework.web.servlet.config.annotation.EnableWebMvc;
@ -48,23 +45,16 @@ public class MaxKeyMgtMvcConfig implements WebMvcConfigurer {
private static final Logger _logger = LoggerFactory.getLogger(MaxKeyMgtMvcConfig.class); private static final Logger _logger = LoggerFactory.getLogger(MaxKeyMgtMvcConfig.class);
@Autowired @Autowired
@Qualifier("applicationConfig")
ApplicationConfig applicationConfig; ApplicationConfig applicationConfig;
@Autowired @Autowired
@Qualifier("authenticationProvider")
AbstractAuthenticationProvider authenticationProvider ; AbstractAuthenticationProvider authenticationProvider ;
@Autowired @Autowired
@Qualifier("remeberMeService")
AbstractRemeberMeService remeberMeService;
@Autowired
@Qualifier("jwtLoginService")
JwtLoginService jwtLoginService; JwtLoginService jwtLoginService;
@Autowired @Autowired
PermissionAdapter permissionAdapter; PermissionInterceptor permissionInterceptor;
@Autowired @Autowired
HistoryLogsAdapter historyLogsAdapter; HistoryLogsAdapter historyLogsAdapter;
@ -103,18 +93,12 @@ public class MaxKeyMgtMvcConfig implements WebMvcConfigurer {
public void addInterceptors(InterceptorRegistry registry) { public void addInterceptors(InterceptorRegistry registry) {
//addPathPatterns 用于添加拦截规则 先把所有路径都加入拦截 再一个个排除 //addPathPatterns 用于添加拦截规则 先把所有路径都加入拦截 再一个个排除
//excludePathPatterns 表示改路径不用拦截 //excludePathPatterns 表示改路径不用拦截
_logger.debug("add HttpRemeberMeEntryPoint");
registry.addInterceptor(new HttpRemeberMeEntryPoint(
authenticationProvider,remeberMeService,applicationConfig,true))
.addPathPatterns("/login");
_logger.debug("add HttpJwtEntryPoint"); _logger.debug("add HttpJwtEntryPoint");
registry.addInterceptor(new HttpJwtEntryPoint( registry.addInterceptor(new HttpJwtEntryPoint(
authenticationProvider,jwtLoginService,applicationConfig,true)) authenticationProvider,jwtLoginService,applicationConfig,true))
.addPathPatterns("/login"); .addPathPatterns("/login");
registry.addInterceptor(permissionAdapter) registry.addInterceptor(permissionInterceptor)
.addPathPatterns("/dashboard/**") .addPathPatterns("/dashboard/**")
.addPathPatterns("/orgs/**") .addPathPatterns("/orgs/**")
.addPathPatterns("/users/**") .addPathPatterns("/users/**")

12
maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/config/contorller/LocalizationController.java
View File

@ -18,8 +18,10 @@
package org.maxkey.web.config.contorller; package org.maxkey.web.config.contorller;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.maxkey.authn.annotation.CurrentUser;
import org.maxkey.constants.ConstsOperateMessage; import org.maxkey.constants.ConstsOperateMessage;
import org.maxkey.entity.Localization; import org.maxkey.entity.Localization;
import org.maxkey.entity.UserInfo;
import org.maxkey.persistence.repository.LocalizationRepository; import org.maxkey.persistence.repository.LocalizationRepository;
import org.maxkey.web.WebContext; import org.maxkey.web.WebContext;
import org.maxkey.web.message.Message; import org.maxkey.web.message.Message;
@ -50,11 +52,11 @@ public class LocalizationController {
* @return * @return
*/ */
@RequestMapping(value={"/forward/{property}"}) @RequestMapping(value={"/forward/{property}"})
public ModelAndView forward(@PathVariable("property") String property){ public ModelAndView forward(@PathVariable("property") String property,@CurrentUser UserInfo currentUser){
Localization localization = localizationRepository.get(property,WebContext.getUserInfo().getInstId()); Localization localization = localizationRepository.get(property,currentUser.getInstId());
if(localization == null )localization = new Localization(); if(localization == null )localization = new Localization();
localization.setProperty(property); localization.setProperty(property);
localization.setInstId(WebContext.getUserInfo().getInstId()); localization.setInstId(currentUser.getInstId());
return new ModelAndView("localization/updateLocalization","model",localization); return new ModelAndView("localization/updateLocalization","model",localization);
} }
@ -65,9 +67,9 @@ public class LocalizationController {
*/ */
@RequestMapping(value={"/update"}) @RequestMapping(value={"/update"})
@ResponseBody @ResponseBody
public Message updat(@ModelAttribute("localization") Localization localization,BindingResult result) { public Message updat(@ModelAttribute("localization") Localization localization,@CurrentUser UserInfo currentUser,BindingResult result) {
_logger.debug("update localization : "+localization); _logger.debug("update localization : "+localization);
localization.setInstId(WebContext.getUserInfo().getInstId()); localization.setInstId(currentUser.getInstId());
if(StringUtils.isBlank(localization.getId())){ if(StringUtils.isBlank(localization.getId())){
localization.setId(localization.generateId()); localization.setId(localization.generateId());
if(localizationRepository.insert(localization)) { if(localizationRepository.insert(localization)) {

2
maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/LoginEntryPoint.java
View File

@ -68,7 +68,7 @@ public class LoginEntryPoint {
public ModelAndView login() { public ModelAndView login() {
_logger.debug("LoginController /login."); _logger.debug("LoginController /login.");
boolean isAuthenticated= WebContext.isAuthenticated(); boolean isAuthenticated= false;//WebContext.isAuthenticated();
//for normal login //for normal login
if(isAuthenticated){ if(isAuthenticated){
return WebContext.redirect("/main"); return WebContext.redirect("/main");

11
maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/OrganizationsController.java
View File

@ -35,7 +35,6 @@ import org.maxkey.entity.Organizations;
import org.maxkey.entity.UserInfo; import org.maxkey.entity.UserInfo;
import org.maxkey.persistence.service.OrganizationsService; import org.maxkey.persistence.service.OrganizationsService;
import org.maxkey.util.ExcelUtils; import org.maxkey.util.ExcelUtils;
import org.maxkey.web.WebContext;
import org.maxkey.web.component.TreeAttributes; import org.maxkey.web.component.TreeAttributes;
import org.maxkey.web.component.TreeNode; import org.maxkey.web.component.TreeNode;
import org.slf4j.Logger; import org.slf4j.Logger;
@ -161,7 +160,9 @@ public class OrganizationsController {
} }
@RequestMapping(value = "/import") @RequestMapping(value = "/import")
public ResponseEntity<?> importingOrganizations(@ModelAttribute("excelImportFile")ExcelImport excelImportFile) { public ResponseEntity<?> importingOrganizations(
@ModelAttribute("excelImportFile")ExcelImport excelImportFile,
@CurrentUser UserInfo currentUser) {
if (excelImportFile.isExcelNotEmpty() ) { if (excelImportFile.isExcelNotEmpty() ) {
try { try {
List<Organizations> orgsList = Lists.newArrayList(); List<Organizations> orgsList = Lists.newArrayList();
@ -176,7 +177,7 @@ public class OrganizationsController {
if (row == null || j <3 ) {//略过空行和前3行 if (row == null || j <3 ) {//略过空行和前3行
continue; continue;
} else {//其他行是数据行 } else {//其他行是数据行
orgsList.add(buildOrganizationsFromSheetRow(row)); orgsList.add(buildOrganizationsFromSheetRow(row,currentUser));
} }
} }
} }
@ -200,7 +201,7 @@ public class OrganizationsController {
} }
public Organizations buildOrganizationsFromSheetRow(Row row) { public Organizations buildOrganizationsFromSheetRow(Row row,UserInfo currentUser) {
Organizations organization = new Organizations(); Organizations organization = new Organizations();
// 上级编码 // 上级编码
organization.setParentId(ExcelUtils.getValue(row, 0)); organization.setParentId(ExcelUtils.getValue(row, 0));
@ -248,7 +249,7 @@ public class OrganizationsController {
organization.setDescription(ExcelUtils.getValue(row, 20)); organization.setDescription(ExcelUtils.getValue(row, 20));
organization.setStatus(1); organization.setStatus(1);
organization.setInstId(WebContext.getUserInfo().getInstId()); organization.setInstId(currentUser.getInstId());
return organization; return organization;
} }
} }

26
maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/UserAdjointController.java
View File

@ -18,7 +18,9 @@
package org.maxkey.web.contorller; package org.maxkey.web.contorller;
import org.apache.mybatis.jpa.persistence.JpaPageResults; import org.apache.mybatis.jpa.persistence.JpaPageResults;
import org.maxkey.authn.annotation.CurrentUser;
import org.maxkey.constants.ConstsOperateMessage; import org.maxkey.constants.ConstsOperateMessage;
import org.maxkey.entity.UserInfo;
import org.maxkey.entity.UserInfoAdjoint; import org.maxkey.entity.UserInfoAdjoint;
import org.maxkey.persistence.service.UserInfoAdjointService; import org.maxkey.persistence.service.UserInfoAdjointService;
import org.maxkey.web.WebContext; import org.maxkey.web.WebContext;
@ -56,9 +58,11 @@ public class UserAdjointController {
@RequestMapping(value = { "/grid" }) @RequestMapping(value = { "/grid" })
@ResponseBody @ResponseBody
public JpaPageResults<UserInfoAdjoint> queryDataGrid(@ModelAttribute("userInfoAdjoint") UserInfoAdjoint userInfoAdjoint) { public JpaPageResults<UserInfoAdjoint> queryDataGrid(
@ModelAttribute("userInfoAdjoint") UserInfoAdjoint userInfoAdjoint,
@CurrentUser UserInfo currentUser){
_logger.debug(""+userInfoAdjoint); _logger.debug(""+userInfoAdjoint);
userInfoAdjoint.setInstId(WebContext.getUserInfo().getInstId()); userInfoAdjoint.setInstId(currentUser.getInstId());
return userInfoAdjointService.queryPageResults(userInfoAdjoint); return userInfoAdjointService.queryPageResults(userInfoAdjoint);
} }
@ -80,9 +84,11 @@ public class UserAdjointController {
@ResponseBody @ResponseBody
@RequestMapping(value={"/add"}) @RequestMapping(value={"/add"})
public Message insert(@ModelAttribute("userInfoAdjoint") UserInfoAdjoint userInfoAdjoint) { public Message insert(
@ModelAttribute("userInfoAdjoint") UserInfoAdjoint userInfoAdjoint,
@CurrentUser UserInfo currentUser) {
_logger.debug("-Add :" + userInfoAdjoint); _logger.debug("-Add :" + userInfoAdjoint);
userInfoAdjoint.setInstId(WebContext.getUserInfo().getInstId()); userInfoAdjoint.setInstId(currentUser.getInstId());
if (userInfoAdjointService.insert(userInfoAdjoint)) { if (userInfoAdjointService.insert(userInfoAdjoint)) {
return new Message(WebContext.getI18nValue(ConstsOperateMessage.INSERT_SUCCESS),MessageType.success); return new Message(WebContext.getI18nValue(ConstsOperateMessage.INSERT_SUCCESS),MessageType.success);
@ -99,9 +105,11 @@ public class UserAdjointController {
*/ */
@ResponseBody @ResponseBody
@RequestMapping(value={"/query"}) @RequestMapping(value={"/query"})
public Message query(@ModelAttribute("userInfoAdjoint") UserInfoAdjoint userInfoAdjoint) { public Message query(
@ModelAttribute("userInfoAdjoint") UserInfoAdjoint userInfoAdjoint,
@CurrentUser UserInfo currentUser) {
_logger.debug("-query :" + userInfoAdjoint); _logger.debug("-query :" + userInfoAdjoint);
userInfoAdjoint.setInstId(WebContext.getUserInfo().getInstId()); userInfoAdjoint.setInstId(currentUser.getInstId());
if (userInfoAdjointService.load(userInfoAdjoint)!=null) { if (userInfoAdjointService.load(userInfoAdjoint)!=null) {
return new Message(WebContext.getI18nValue(ConstsOperateMessage.INSERT_SUCCESS),MessageType.success); return new Message(WebContext.getI18nValue(ConstsOperateMessage.INSERT_SUCCESS),MessageType.success);
@ -118,9 +126,11 @@ public class UserAdjointController {
*/ */
@ResponseBody @ResponseBody
@RequestMapping(value={"/update"}) @RequestMapping(value={"/update"})
public Message update(@ModelAttribute("userInfoAdjoint") UserInfoAdjoint userInfoAdjoint) { public Message update(
@ModelAttribute("userInfoAdjoint") UserInfoAdjoint userInfoAdjoint,
@CurrentUser UserInfo currentUser) {
_logger.debug("-update userInfoAdjoint :" + userInfoAdjoint); _logger.debug("-update userInfoAdjoint :" + userInfoAdjoint);
userInfoAdjoint.setInstId(WebContext.getUserInfo().getInstId()); userInfoAdjoint.setInstId(currentUser.getInstId());
if (userInfoAdjointService.update(userInfoAdjoint)) { if (userInfoAdjointService.update(userInfoAdjoint)) {
return new Message(WebContext.getI18nValue(ConstsOperateMessage.UPDATE_SUCCESS),MessageType.success); return new Message(WebContext.getI18nValue(ConstsOperateMessage.UPDATE_SUCCESS),MessageType.success);

29
maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/UserInfoController.java
View File

@ -1,5 +1,5 @@
/* /*
* Copyright [2020] [MaxKey of copyright http://www.maxkey.top] * Copyright [2022] [MaxKey of copyright http://www.maxkey.top]
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License. * you may not use this file except in compliance with the License.
@ -35,6 +35,7 @@ import org.apache.poi.ss.usermodel.Sheet;
import org.apache.poi.ss.usermodel.Workbook; import org.apache.poi.ss.usermodel.Workbook;
import org.maxkey.authn.annotation.CurrentUser; import org.maxkey.authn.annotation.CurrentUser;
import org.maxkey.constants.ConstsPasswordSetType; import org.maxkey.constants.ConstsPasswordSetType;
import org.maxkey.entity.ChangePassword;
import org.maxkey.entity.ExcelImport; import org.maxkey.entity.ExcelImport;
import org.maxkey.entity.Message; import org.maxkey.entity.Message;
import org.maxkey.entity.UserInfo; import org.maxkey.entity.UserInfo;
@ -102,11 +103,7 @@ public class UserInfoController {
@RequestMapping(value = { "/get/{id}" }, produces = {MediaType.APPLICATION_JSON_VALUE}) @RequestMapping(value = { "/get/{id}" }, produces = {MediaType.APPLICATION_JSON_VALUE})
public ResponseEntity<?> get(@PathVariable("id") String id) { public ResponseEntity<?> get(@PathVariable("id") String id) {
UserInfo userInfo=userInfoService.get(id); UserInfo userInfo=userInfoService.get(id);
if(userInfo.getPicture()!=null){ userInfo.trans();
userInfo.transPictureBase64();
}
userInfo.setPassword("");
userInfo.setDecipherable("");
return new Message<UserInfo>(userInfo).buildResponse(); return new Message<UserInfo>(userInfo).buildResponse();
} }
@ -187,10 +184,12 @@ public class UserInfoController {
@ResponseBody @ResponseBody
@RequestMapping(value="/changePassword", produces = {MediaType.APPLICATION_JSON_VALUE}) @RequestMapping(value="/changePassword", produces = {MediaType.APPLICATION_JSON_VALUE})
public ResponseEntity<?> changePassword( @ModelAttribute("userInfo")UserInfo userInfo) { public ResponseEntity<?> changePassword(
_logger.debug(userInfo.getId()); @ModelAttribute ChangePassword changePassword,
userInfo.setPasswordSetType(ConstsPasswordSetType.PASSWORD_NORMAL); @CurrentUser UserInfo currentUser) {
if(userInfoService.changePassword(userInfo,true)) { _logger.debug("UserId {}",changePassword.getUserId());
changePassword.setPasswordSetType(ConstsPasswordSetType.PASSWORD_NORMAL);
if(userInfoService.changePassword(changePassword,true)) {
return new Message<UserInfo>(Message.SUCCESS).buildResponse(); return new Message<UserInfo>(Message.SUCCESS).buildResponse();
} else { } else {
@ -199,7 +198,9 @@ public class UserInfoController {
} }
@RequestMapping(value = "/import") @RequestMapping(value = "/import")
public ResponseEntity<?> importingUsers(@ModelAttribute("excelImportFile")ExcelImport excelImportFile) { public ResponseEntity<?> importingUsers(
@ModelAttribute("excelImportFile")ExcelImport excelImportFile,
@CurrentUser UserInfo currentUser) {
if (excelImportFile.isExcelNotEmpty() ) { if (excelImportFile.isExcelNotEmpty() ) {
try { try {
List<UserInfo> userInfoList = Lists.newArrayList(); List<UserInfo> userInfoList = Lists.newArrayList();
@ -214,7 +215,7 @@ public class UserInfoController {
if (row == null || j <3 ) {//略过空行和前3行 if (row == null || j <3 ) {//略过空行和前3行
continue; continue;
} else {//其他行是数据行 } else {//其他行是数据行
UserInfo userInfo = buildUserFromSheetRow(row); UserInfo userInfo = buildUserFromSheetRow(row,currentUser);
userInfoList.add(userInfo); userInfoList.add(userInfo);
recordCount ++; recordCount ++;
_logger.debug("record {} user {} account {}",recordCount,userInfo.getDisplayName(),userInfo.getUsername()); _logger.debug("record {} user {} account {}",recordCount,userInfo.getDisplayName(),userInfo.getUsername());
@ -258,7 +259,7 @@ public class UserInfoController {
} }
public UserInfo buildUserFromSheetRow(Row row) { public UserInfo buildUserFromSheetRow(Row row,UserInfo currentUser) {
UserInfo userInfo = new UserInfo(); UserInfo userInfo = new UserInfo();
userInfo.setCreatedDate(DateUtils.formatDateTime(new Date())); userInfo.setCreatedDate(DateUtils.formatDateTime(new Date()));
// 登录账号 // 登录账号
@ -358,7 +359,7 @@ public class UserInfoController {
userInfo.setHomeEmail(ExcelUtils.getValue(row, 46)); userInfo.setHomeEmail(ExcelUtils.getValue(row, 46));
userInfoService.passwordEncoder(userInfo); userInfoService.passwordEncoder(userInfo);
userInfo.setStatus(1); userInfo.setStatus(1);
userInfo.setInstId(WebContext.getUserInfo().getInstId()); userInfo.setInstId(currentUser.getInstId());
return userInfo; return userInfo;
} }

4
maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/interceptor/HistoryLogsAdapter.java
View File

@ -19,6 +19,8 @@ package org.maxkey.web.interceptor;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.maxkey.authn.web.AuthorizationUtils;
import org.maxkey.entity.HistorySystemLogs; import org.maxkey.entity.HistorySystemLogs;
import org.maxkey.entity.UserInfo; import org.maxkey.entity.UserInfo;
import org.maxkey.persistence.service.HistorySystemLogsService; import org.maxkey.persistence.service.HistorySystemLogsService;
@ -55,7 +57,7 @@ public class HistoryLogsAdapter implements AsyncHandlerInterceptor {
if(message != null){ if(message != null){
if(message.getMessageScope() == MessageScope.DB || message.getMessageScope() == MessageScope.DB_CLIENT) {//判断message类型 if(message.getMessageScope() == MessageScope.DB || message.getMessageScope() == MessageScope.DB_CLIENT) {//判断message类型
UserInfo userInfo =WebContext.getUserInfo();//取得当前用户信息 UserInfo userInfo = AuthorizationUtils.getUserInfo();//取得当前用户信息
//创建日志记录 //创建日志记录
HistorySystemLogs historySystemLog = new HistorySystemLogs(); HistorySystemLogs historySystemLog = new HistorySystemLogs();
historySystemLog.setTopic(message.getTopic()); historySystemLog.setTopic(message.getTopic());

4
maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/interceptor/RestApiPermissionAdapter.java
View File

@ -22,12 +22,12 @@ import javax.servlet.RequestDispatcher;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import org.maxkey.authn.web.AuthorizationUtils;
import org.maxkey.authz.oauth2.provider.OAuth2Authentication; import org.maxkey.authz.oauth2.provider.OAuth2Authentication;
import org.maxkey.authz.oauth2.provider.token.DefaultTokenServices; import org.maxkey.authz.oauth2.provider.token.DefaultTokenServices;
import org.maxkey.util.AuthorizationHeaderCredential; import org.maxkey.util.AuthorizationHeaderCredential;
import org.maxkey.util.AuthorizationHeaderUtils; import org.maxkey.util.AuthorizationHeaderUtils;
import org.maxkey.util.StringUtils; import org.maxkey.util.StringUtils;
import org.maxkey.web.WebContext;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
@ -102,7 +102,7 @@ public class RestApiPermissionAdapter implements AsyncHandlerInterceptor {
} }
if(authenticationToken !=null && authenticationToken.isAuthenticated()) { if(authenticationToken !=null && authenticationToken.isAuthenticated()) {
WebContext.setAuthentication(authenticationToken); AuthorizationUtils.setAuthentication(authenticationToken);
return true; return true;
} }
} }