mirror of
https://gitee.com/dromara/MaxKey.git
synced 2025-12-06 17:08:29 +08:00
authentication jwt RemeberMe
This commit is contained in:
MaxKey
parent
aad4e7e878
commit
5ccb71e64d
@ -32,8 +32,6 @@ import org.maxkey.web.WebConstants;
|
||||
import org.maxkey.web.WebContext;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Qualifier;
|
||||
import org.springframework.jdbc.core.JdbcTemplate;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
|
||||
|
||||
@ -0,0 +1,125 @@
|
||||
/*
|
||||
* Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
|
||||
package org.maxkey.authn.support.jwt;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.maxkey.authn.AbstractAuthenticationProvider;
|
||||
import org.maxkey.configuration.ApplicationConfig;
|
||||
import org.maxkey.constants.ConstantsLoginType;
|
||||
import org.maxkey.web.WebConstants;
|
||||
import org.maxkey.web.WebContext;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.web.servlet.AsyncHandlerInterceptor;
|
||||
|
||||
import com.nimbusds.jwt.SignedJWT;
|
||||
|
||||
|
||||
public class HttpJwtEntryPoint implements AsyncHandlerInterceptor {
|
||||
private static final Logger _logger = LoggerFactory.getLogger(HttpJwtEntryPoint.class);
|
||||
|
||||
boolean enable;
|
||||
|
||||
ApplicationConfig applicationConfig;
|
||||
|
||||
AbstractAuthenticationProvider authenticationProvider ;
|
||||
|
||||
JwtLoginService jwtLoginService;
|
||||
|
||||
@Override
|
||||
public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
|
||||
boolean isAuthenticated= WebContext.isAuthenticated();
|
||||
|
||||
String jwt = request.getParameter(WebConstants.JWT_TOKEN_PARAMETER);
|
||||
if(!enable || isAuthenticated || jwt == null){
|
||||
return true;
|
||||
}
|
||||
|
||||
_logger.debug("JWT Login Start ...");
|
||||
_logger.info("Request url : "+ request.getRequestURL());
|
||||
_logger.info("Request URI : "+ request.getRequestURI());
|
||||
_logger.info("Request ContextPath : "+ request.getContextPath());
|
||||
_logger.info("Request ServletPath : "+ request.getServletPath());
|
||||
_logger.debug("RequestSessionId : "+ request.getRequestedSessionId());
|
||||
_logger.debug("isRequestedSessionIdValid : "+ request.isRequestedSessionIdValid());
|
||||
_logger.debug("getSession : "+ request.getSession(false));
|
||||
|
||||
// session not exists,session timeout,recreate new session
|
||||
if(request.getSession(false) == null) {
|
||||
_logger.info("recreate new session .");
|
||||
request.getSession(true);
|
||||
}
|
||||
|
||||
_logger.info("getSession.getId : "+ request.getSession().getId());
|
||||
|
||||
//for jwt Login
|
||||
if(!isAuthenticated){
|
||||
_logger.debug("jwt : " + jwt);
|
||||
|
||||
SignedJWT signedJWT = jwtLoginService.jwtTokenValidation(jwt);
|
||||
if(signedJWT != null) {
|
||||
String username =signedJWT.getJWTClaimsSet().getSubject();
|
||||
authenticationProvider.trustAuthentication(username, ConstantsLoginType.JWT, "", "", "success");
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
public HttpJwtEntryPoint() {
|
||||
super();
|
||||
}
|
||||
|
||||
public HttpJwtEntryPoint (boolean enable) {
|
||||
super();
|
||||
this.enable = enable;
|
||||
}
|
||||
|
||||
public HttpJwtEntryPoint(AbstractAuthenticationProvider authenticationProvider, JwtLoginService jwtLoginService,
|
||||
ApplicationConfig applicationConfig, boolean enable) {
|
||||
super();
|
||||
this.authenticationProvider = authenticationProvider;
|
||||
this.jwtLoginService = jwtLoginService;
|
||||
this.applicationConfig = applicationConfig;
|
||||
this.enable = enable;
|
||||
}
|
||||
|
||||
public boolean isEnable() {
|
||||
return enable;
|
||||
}
|
||||
|
||||
public void setEnable(boolean enable) {
|
||||
this.enable = enable;
|
||||
}
|
||||
|
||||
public void setApplicationConfig(ApplicationConfig applicationConfig) {
|
||||
this.applicationConfig = applicationConfig;
|
||||
}
|
||||
|
||||
public void setAuthenticationProvider(AbstractAuthenticationProvider authenticationProvider) {
|
||||
this.authenticationProvider = authenticationProvider;
|
||||
}
|
||||
|
||||
public void setJwtLoginService(JwtLoginService jwtLoginService) {
|
||||
this.jwtLoginService = jwtLoginService;
|
||||
}
|
||||
|
||||
}
|
||||
@ -28,11 +28,8 @@ import com.nimbusds.jwt.PlainJWT;
|
||||
import com.nimbusds.jwt.SignedJWT;
|
||||
import java.util.Date;
|
||||
import java.util.UUID;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import org.joda.time.DateTime;
|
||||
import org.maxkey.authn.AbstractAuthenticationProvider;
|
||||
import org.maxkey.configuration.oidc.OIDCProviderMetadataDetails;
|
||||
import org.maxkey.constants.ConstantsLoginType;
|
||||
import org.maxkey.crypto.jwt.signer.service.impl.DefaultJwtSigningAndValidationService;
|
||||
import org.maxkey.web.WebContext;
|
||||
import org.slf4j.Logger;
|
||||
@ -47,77 +44,14 @@ public class JwtLoginService {
|
||||
|
||||
DefaultJwtSigningAndValidationService jwtSignerValidationService;
|
||||
|
||||
AbstractAuthenticationProvider authenticationProvider ;
|
||||
|
||||
|
||||
public JwtLoginService(AbstractAuthenticationProvider authenticationProvider,
|
||||
public JwtLoginService(
|
||||
OIDCProviderMetadataDetails jwtProviderMetadata,
|
||||
DefaultJwtSigningAndValidationService jwtSignerValidationService
|
||||
) {
|
||||
this.authenticationProvider = authenticationProvider;
|
||||
this.jwtProviderMetadata = jwtProviderMetadata;
|
||||
this.jwtSignerValidationService = jwtSignerValidationService;
|
||||
|
||||
}
|
||||
public boolean login(String jwt, HttpServletResponse response) {
|
||||
_logger.debug("jwt : " + jwt);
|
||||
|
||||
String username = null;
|
||||
SignedJWT signedJWT = null;
|
||||
|
||||
boolean loginResult = false;
|
||||
JWTClaimsSet jwtClaimsSet = null;
|
||||
try {
|
||||
|
||||
RSASSAVerifier rsaSSAVerifier = new RSASSAVerifier(((RSAKey) jwtSignerValidationService.getAllPublicKeys()
|
||||
.get(jwtSignerValidationService.getDefaultSignerKeyId())).toRSAPublicKey());
|
||||
|
||||
signedJWT = SignedJWT.parse(jwt);
|
||||
if (signedJWT.verify(rsaSSAVerifier)) {
|
||||
loginResult = true;
|
||||
} else {
|
||||
_logger.debug("verify false ");
|
||||
return false;
|
||||
}
|
||||
jwtClaimsSet = signedJWT.getJWTClaimsSet();
|
||||
|
||||
_logger.debug("" + signedJWT.getPayload());
|
||||
_logger.debug("jwtClaimsSet Issuer " + jwtClaimsSet.getIssuer());
|
||||
_logger.debug("Metadata Issuer " + jwtProviderMetadata.getIssuer());
|
||||
|
||||
if (loginResult && jwtClaimsSet.getIssuer().equals(jwtProviderMetadata.getIssuer())) {
|
||||
loginResult = true;
|
||||
_logger.debug("Issuer equals ");
|
||||
} else {
|
||||
_logger.debug("Issuer not equals ");
|
||||
return false;
|
||||
}
|
||||
|
||||
_logger.debug("username " + jwtClaimsSet.getSubject());
|
||||
|
||||
if (loginResult && jwtClaimsSet.getSubject() != null) {
|
||||
username = jwtClaimsSet.getSubject();
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
|
||||
DateTime now = new DateTime();
|
||||
|
||||
if (loginResult && now.isBefore(jwtClaimsSet.getExpirationTime().getTime())) {
|
||||
authenticationProvider.trustAuthentication(username, ConstantsLoginType.JWT, "", "", "success");
|
||||
return true;
|
||||
}
|
||||
} catch (java.text.ParseException e) {
|
||||
// Invalid signed JWT encoding
|
||||
_logger.error("Invalid signed JWT encoding ");
|
||||
} catch (JOSEException e) {
|
||||
// TODO Auto-generated catch block
|
||||
e.printStackTrace();
|
||||
_logger.error("JOSEException ");
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
public String buildLoginJwt() {
|
||||
_logger.debug("buildLoginJwt .");
|
||||
@ -144,10 +78,8 @@ public class JwtLoginService {
|
||||
return tokenString;
|
||||
}
|
||||
|
||||
public boolean jwtTokenValidation(String jwt) {
|
||||
public SignedJWT jwtTokenValidation(String jwt) {
|
||||
SignedJWT signedJWT = null;
|
||||
|
||||
boolean loginResult = false;
|
||||
JWTClaimsSet jwtClaimsSet = null;
|
||||
try {
|
||||
|
||||
@ -156,44 +88,34 @@ public class JwtLoginService {
|
||||
|
||||
signedJWT = SignedJWT.parse(jwt);
|
||||
if (signedJWT.verify(rsaSSAVerifier)) {
|
||||
loginResult = true;
|
||||
jwtClaimsSet = signedJWT.getJWTClaimsSet();
|
||||
_logger.debug("" + signedJWT.getPayload());
|
||||
_logger.debug("username " + jwtClaimsSet.getSubject());
|
||||
_logger.debug("jwtClaimsSet Issuer " + jwtClaimsSet.getIssuer());
|
||||
_logger.debug("Metadata Issuer " + jwtProviderMetadata.getIssuer());
|
||||
if ( jwtClaimsSet.getIssuer().equals(jwtProviderMetadata.getIssuer())) {
|
||||
_logger.debug("Issuer equals ");
|
||||
DateTime now = new DateTime();
|
||||
if (now.isBefore(jwtClaimsSet.getExpirationTime().getTime())) {
|
||||
_logger.debug("ExpirationTime Validation " + now.isBefore(jwtClaimsSet.getExpirationTime().getTime()));
|
||||
return signedJWT;
|
||||
}
|
||||
} else {
|
||||
_logger.debug("Issuer not equals ");
|
||||
}
|
||||
} else {
|
||||
_logger.debug("verify false ");
|
||||
}
|
||||
jwtClaimsSet = signedJWT.getJWTClaimsSet();
|
||||
|
||||
_logger.debug("" + signedJWT.getPayload());
|
||||
|
||||
_logger.debug("username " + jwtClaimsSet.getSubject());
|
||||
|
||||
_logger.debug("jwtClaimsSet Issuer " + jwtClaimsSet.getIssuer());
|
||||
_logger.debug("Metadata Issuer " + jwtProviderMetadata.getIssuer());
|
||||
|
||||
if (loginResult && jwtClaimsSet.getIssuer().equals(jwtProviderMetadata.getIssuer())) {
|
||||
loginResult = true;
|
||||
_logger.debug("Issuer equals ");
|
||||
} else {
|
||||
_logger.debug("Issuer not equals ");
|
||||
return false;
|
||||
}
|
||||
|
||||
DateTime now = new DateTime();
|
||||
|
||||
if (loginResult && now.isBefore(jwtClaimsSet.getExpirationTime().getTime())) {
|
||||
_logger.debug("ExpirationTime Validation " + now.isBefore(jwtClaimsSet.getExpirationTime().getTime()));
|
||||
loginResult = true;
|
||||
} else {
|
||||
return false;
|
||||
}
|
||||
|
||||
} catch (java.text.ParseException e) {
|
||||
// Invalid signed JWT encoding
|
||||
_logger.debug("Invalid signed JWT encoding ");
|
||||
_logger.error("Invalid signed JWT encoding ",e);
|
||||
} catch (JOSEException e) {
|
||||
// TODO Auto-generated catch block
|
||||
e.printStackTrace();
|
||||
_logger.debug("JOSEException ");
|
||||
_logger.error("JOSEException ",e);
|
||||
}
|
||||
return loginResult;
|
||||
return null;
|
||||
}
|
||||
|
||||
|
||||
@ -205,8 +127,13 @@ public class JwtLoginService {
|
||||
this.jwtSignerValidationService = jwtSignerValidationService;
|
||||
}
|
||||
|
||||
public void setAuthenticationProvider(AbstractAuthenticationProvider authenticationProvider) {
|
||||
this.authenticationProvider = authenticationProvider;
|
||||
}
|
||||
public OIDCProviderMetadataDetails getJwtProviderMetadata() {
|
||||
return jwtProviderMetadata;
|
||||
}
|
||||
public DefaultJwtSigningAndValidationService getJwtSignerValidationService() {
|
||||
return jwtSignerValidationService;
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
@ -22,10 +22,7 @@ import java.util.regex.Pattern;
|
||||
import javax.servlet.http.Cookie;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import org.joda.time.DateTime;
|
||||
import org.maxkey.authn.AbstractAuthenticationProvider;
|
||||
import org.maxkey.configuration.ApplicationConfig;
|
||||
import org.maxkey.constants.ConstantsLoginType;
|
||||
import org.maxkey.constants.ConstantsTimeInterval;
|
||||
import org.maxkey.crypto.Base64Utils;
|
||||
import org.maxkey.crypto.ReciprocalUtils;
|
||||
@ -47,10 +44,6 @@ public abstract class AbstractRemeberMeService {
|
||||
@Autowired
|
||||
@Qualifier("applicationConfig")
|
||||
protected ApplicationConfig applicationConfig;
|
||||
|
||||
@Autowired
|
||||
@Qualifier("authenticationProvider")
|
||||
AbstractAuthenticationProvider authenticationProvider ;
|
||||
|
||||
// follow function is for persist
|
||||
public abstract void save(RemeberMe remeberMe);
|
||||
@ -97,38 +90,6 @@ public abstract class AbstractRemeberMeService {
|
||||
return true;
|
||||
}
|
||||
|
||||
public boolean login(String remeberMe, HttpServletResponse response) {
|
||||
_logger.debug("RemeberMe : " + remeberMe);
|
||||
|
||||
remeberMe = new String(Base64Utils.base64UrlDecode(remeberMe));
|
||||
|
||||
remeberMe = ReciprocalUtils.decoder(remeberMe);
|
||||
|
||||
_logger.debug("decoder RemeberMe : " + remeberMe);
|
||||
RemeberMe remeberMeCookie = new RemeberMe();
|
||||
remeberMeCookie = (RemeberMe) JsonUtils.json2Object(remeberMe, remeberMeCookie);
|
||||
_logger.debug("Remeber Me Cookie : " + remeberMeCookie);
|
||||
|
||||
RemeberMe storeRemeberMe = read(remeberMeCookie);
|
||||
if (storeRemeberMe == null) {
|
||||
return false;
|
||||
}
|
||||
DateTime loginDate = new DateTime(storeRemeberMe.getLastLogin());
|
||||
DateTime expiryDate = loginDate.plusSeconds(getRemeberMeValidity());
|
||||
DateTime now = new DateTime();
|
||||
if (now.isBefore(expiryDate)) {
|
||||
authenticationProvider.trustAuthentication(
|
||||
storeRemeberMe.getUsername(),
|
||||
ConstantsLoginType.REMEBER_ME,
|
||||
"",
|
||||
"",
|
||||
"success");
|
||||
return updateRemeberMe(remeberMeCookie, response);
|
||||
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
public boolean updateRemeberMe(RemeberMe remeberMe, HttpServletResponse response) {
|
||||
remeberMe.setAuthKey(WebContext.genId());
|
||||
remeberMe.setLastLogin(new Date());
|
||||
|
||||
@ -0,0 +1,150 @@
|
||||
/*
|
||||
* Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
|
||||
package org.maxkey.authn.support.rememberme;
|
||||
|
||||
import javax.servlet.http.Cookie;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.joda.time.DateTime;
|
||||
import org.maxkey.authn.AbstractAuthenticationProvider;
|
||||
import org.maxkey.configuration.ApplicationConfig;
|
||||
import org.maxkey.constants.ConstantsLoginType;
|
||||
import org.maxkey.crypto.Base64Utils;
|
||||
import org.maxkey.crypto.ReciprocalUtils;
|
||||
import org.maxkey.util.JsonUtils;
|
||||
import org.maxkey.web.WebConstants;
|
||||
import org.maxkey.web.WebContext;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.web.servlet.AsyncHandlerInterceptor;
|
||||
|
||||
|
||||
public class HttpRemeberMeEntryPoint implements AsyncHandlerInterceptor {
|
||||
private static final Logger _logger = LoggerFactory.getLogger(HttpRemeberMeEntryPoint.class);
|
||||
|
||||
boolean enable;
|
||||
|
||||
ApplicationConfig applicationConfig;
|
||||
|
||||
AbstractAuthenticationProvider authenticationProvider ;
|
||||
|
||||
AbstractRemeberMeService remeberMeService;
|
||||
|
||||
@Override
|
||||
public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
|
||||
boolean isAuthenticated= WebContext.isAuthenticated();
|
||||
|
||||
Cookie readRemeberMeCookie = WebContext.readCookieByName(request,WebConstants.REMEBER_ME_COOKIE);
|
||||
if(!enable || isAuthenticated){
|
||||
return true;
|
||||
}
|
||||
|
||||
_logger.debug("RemeberMe Login Start ...");
|
||||
_logger.info("Request url : "+ request.getRequestURL());
|
||||
_logger.info("Request URI : "+ request.getRequestURI());
|
||||
_logger.info("Request ContextPath : "+ request.getContextPath());
|
||||
_logger.info("Request ServletPath : "+ request.getServletPath());
|
||||
_logger.debug("RequestSessionId : "+ request.getRequestedSessionId());
|
||||
_logger.debug("isRequestedSessionIdValid : "+ request.isRequestedSessionIdValid());
|
||||
_logger.debug("getSession : "+ request.getSession(false));
|
||||
|
||||
// session not exists,session timeout,recreate new session
|
||||
if(request.getSession(false) == null) {
|
||||
_logger.info("recreate new session .");
|
||||
request.getSession(true);
|
||||
}
|
||||
|
||||
_logger.info("getSession.getId : "+ request.getSession().getId());
|
||||
|
||||
if(applicationConfig.getLoginConfig().isRemeberMe()&&readRemeberMeCookie!=null){
|
||||
_logger.debug("Try RemeberMe login ");
|
||||
String remeberMe = readRemeberMeCookie.getValue();
|
||||
_logger.debug("RemeberMe : " + remeberMe);
|
||||
|
||||
remeberMe = new String(Base64Utils.base64UrlDecode(remeberMe));
|
||||
|
||||
remeberMe = ReciprocalUtils.decoder(remeberMe);
|
||||
|
||||
_logger.debug("decoder RemeberMe : " + remeberMe);
|
||||
RemeberMe remeberMeCookie = new RemeberMe();
|
||||
remeberMeCookie = (RemeberMe) JsonUtils.json2Object(remeberMe, remeberMeCookie);
|
||||
_logger.debug("Remeber Me Cookie : " + remeberMeCookie);
|
||||
|
||||
RemeberMe storeRemeberMe = remeberMeService.read(remeberMeCookie);
|
||||
if (storeRemeberMe != null) {
|
||||
DateTime loginDate = new DateTime(storeRemeberMe.getLastLogin());
|
||||
DateTime expiryDate = loginDate.plusSeconds(remeberMeService.getRemeberMeValidity());
|
||||
DateTime now = new DateTime();
|
||||
if (now.isBefore(expiryDate)) {
|
||||
authenticationProvider.trustAuthentication(
|
||||
storeRemeberMe.getUsername(),
|
||||
ConstantsLoginType.REMEBER_ME,
|
||||
"",
|
||||
"",
|
||||
"success");
|
||||
remeberMeService.updateRemeberMe(remeberMeCookie, response);
|
||||
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
public HttpRemeberMeEntryPoint() {
|
||||
super();
|
||||
}
|
||||
|
||||
public HttpRemeberMeEntryPoint (boolean enable) {
|
||||
super();
|
||||
this.enable = enable;
|
||||
}
|
||||
|
||||
public HttpRemeberMeEntryPoint(
|
||||
AbstractAuthenticationProvider authenticationProvider, AbstractRemeberMeService remeberMeService,
|
||||
ApplicationConfig applicationConfig,boolean enable) {
|
||||
super();
|
||||
this.enable = enable;
|
||||
this.applicationConfig = applicationConfig;
|
||||
this.authenticationProvider = authenticationProvider;
|
||||
this.remeberMeService = remeberMeService;
|
||||
}
|
||||
|
||||
public boolean isEnable() {
|
||||
return enable;
|
||||
}
|
||||
|
||||
public void setEnable(boolean enable) {
|
||||
this.enable = enable;
|
||||
}
|
||||
|
||||
public void setApplicationConfig(ApplicationConfig applicationConfig) {
|
||||
this.applicationConfig = applicationConfig;
|
||||
}
|
||||
|
||||
public void setAuthenticationProvider(AbstractAuthenticationProvider authenticationProvider) {
|
||||
this.authenticationProvider = authenticationProvider;
|
||||
}
|
||||
|
||||
public void setRemeberMeService(AbstractRemeberMeService remeberMeService) {
|
||||
this.remeberMeService = remeberMeService;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
@ -23,7 +23,6 @@ import java.net.URI;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.spec.InvalidKeySpecException;
|
||||
|
||||
import org.maxkey.authn.AbstractAuthenticationProvider;
|
||||
import org.maxkey.authn.support.jwt.JwtLoginService;
|
||||
import org.maxkey.configuration.oidc.OIDCProviderMetadataDetails;
|
||||
import org.maxkey.constants.ConstantsProperties;
|
||||
@ -126,11 +125,9 @@ public class JwtAuthnAutoConfiguration implements InitializingBean {
|
||||
@Bean(name = "jwtLoginService")
|
||||
public JwtLoginService jwtLoginService(
|
||||
DefaultJwtSigningAndValidationService jwtSignerValidationService,
|
||||
OIDCProviderMetadataDetails oidcProviderMetadata,
|
||||
AbstractAuthenticationProvider authenticationProvider) {
|
||||
OIDCProviderMetadataDetails oidcProviderMetadata) {
|
||||
|
||||
JwtLoginService jwtLoginService = new JwtLoginService(
|
||||
authenticationProvider,
|
||||
oidcProviderMetadata,
|
||||
jwtSignerValidationService
|
||||
);
|
||||
|
||||
@ -130,20 +130,20 @@ public class InitializeContext extends HttpServlet {
|
||||
+ databaseMetaData.getDatabaseProductName());
|
||||
_logger.debug("DatabaseProductVersion: "
|
||||
+ databaseMetaData.getDatabaseProductVersion());
|
||||
_logger.debug("DatabaseMajorVersion : "
|
||||
_logger.trace("DatabaseMajorVersion : "
|
||||
+ databaseMetaData.getDatabaseMajorVersion());
|
||||
_logger.debug("DatabaseMinorVersion : "
|
||||
_logger.trace("DatabaseMinorVersion : "
|
||||
+ databaseMetaData.getDatabaseMinorVersion());
|
||||
_logger.debug("supportsTransactions : "
|
||||
_logger.trace("supportsTransactions : "
|
||||
+ databaseMetaData.supportsTransactions());
|
||||
_logger.debug("DefaultTransaction : "
|
||||
_logger.trace("DefaultTransaction : "
|
||||
+ databaseMetaData.getDefaultTransactionIsolation());
|
||||
_logger.debug("MaxConnections : "
|
||||
_logger.trace("MaxConnections : "
|
||||
+ databaseMetaData.getMaxConnections());
|
||||
_logger.debug("");
|
||||
_logger.debug("JDBCMajorVersion : "
|
||||
_logger.trace("");
|
||||
_logger.trace("JDBCMajorVersion : "
|
||||
+ databaseMetaData.getJDBCMajorVersion());
|
||||
_logger.debug("JDBCMinorVersion : "
|
||||
_logger.trace("JDBCMinorVersion : "
|
||||
+ databaseMetaData.getJDBCMinorVersion());
|
||||
_logger.debug("DriverName : "
|
||||
+ databaseMetaData.getDriverName());
|
||||
@ -157,6 +157,7 @@ public class InitializeContext extends HttpServlet {
|
||||
_logger.debug("-----------------------------------------------------------");
|
||||
} catch (SQLException e) {
|
||||
e.printStackTrace();
|
||||
_logger.error("DatabaseMetaData Variables Error .",e);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -23,8 +23,6 @@ import java.security.spec.InvalidKeySpecException;
|
||||
|
||||
import javax.servlet.Filter;
|
||||
import javax.sql.DataSource;
|
||||
|
||||
import org.maxkey.authn.AbstractAuthenticationProvider;
|
||||
import org.maxkey.authn.support.jwt.JwtLoginService;
|
||||
import org.maxkey.authz.oauth2.provider.ClientDetailsService;
|
||||
import org.maxkey.authz.oauth2.provider.OAuth2UserDetailsService;
|
||||
@ -168,11 +166,9 @@ public class Oauth20AutoConfiguration implements InitializingBean {
|
||||
@Bean(name = "jwtLoginService")
|
||||
public JwtLoginService jwtLoginService(
|
||||
DefaultJwtSigningAndValidationService jwtSignerValidationService,
|
||||
OIDCProviderMetadataDetails oidcProviderMetadata,
|
||||
AbstractAuthenticationProvider authenticationProvider) {
|
||||
OIDCProviderMetadataDetails oidcProviderMetadata) {
|
||||
|
||||
JwtLoginService jwtLoginService = new JwtLoginService(
|
||||
authenticationProvider,
|
||||
oidcProviderMetadata,
|
||||
jwtSignerValidationService
|
||||
);
|
||||
|
||||
@ -17,12 +17,19 @@
|
||||
|
||||
package org.maxkey;
|
||||
|
||||
import org.maxkey.authn.AbstractAuthenticationProvider;
|
||||
import org.maxkey.authn.support.jwt.HttpJwtEntryPoint;
|
||||
import org.maxkey.authn.support.jwt.JwtLoginService;
|
||||
import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
|
||||
import org.maxkey.authn.support.rememberme.HttpRemeberMeEntryPoint;
|
||||
import org.maxkey.configuration.ApplicationConfig;
|
||||
import org.maxkey.web.interceptor.HistoryLogsAdapter;
|
||||
import org.maxkey.web.interceptor.PermissionAdapter;
|
||||
import org.maxkey.web.interceptor.RestApiPermissionAdapter;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Qualifier;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
|
||||
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
|
||||
@ -34,6 +41,23 @@ import org.springframework.web.servlet.i18n.LocaleChangeInterceptor;
|
||||
@EnableWebMvc
|
||||
public class MaxKeyMgtMvcConfig implements WebMvcConfigurer {
|
||||
private static final Logger _logger = LoggerFactory.getLogger(MaxKeyMgtMvcConfig.class);
|
||||
|
||||
@Autowired
|
||||
@Qualifier("applicationConfig")
|
||||
ApplicationConfig applicationConfig;
|
||||
|
||||
@Autowired
|
||||
@Qualifier("authenticationProvider")
|
||||
AbstractAuthenticationProvider authenticationProvider ;
|
||||
|
||||
@Autowired
|
||||
@Qualifier("remeberMeService")
|
||||
AbstractRemeberMeService remeberMeService;
|
||||
|
||||
@Autowired
|
||||
@Qualifier("jwtLoginService")
|
||||
JwtLoginService jwtLoginService;
|
||||
|
||||
@Autowired
|
||||
PermissionAdapter permissionAdapter;
|
||||
|
||||
@ -74,6 +98,17 @@ public class MaxKeyMgtMvcConfig implements WebMvcConfigurer {
|
||||
public void addInterceptors(InterceptorRegistry registry) {
|
||||
//addPathPatterns 用于添加拦截规则 , 先把所有路径都加入拦截, 再一个个排除
|
||||
//excludePathPatterns 表示改路径不用拦截
|
||||
|
||||
_logger.debug("add HttpRemeberMeEntryPoint");
|
||||
registry.addInterceptor(new HttpRemeberMeEntryPoint(
|
||||
authenticationProvider,remeberMeService,applicationConfig,true))
|
||||
.addPathPatterns("/login");
|
||||
|
||||
_logger.debug("add HttpJwtEntryPoint");
|
||||
registry.addInterceptor(new HttpJwtEntryPoint(
|
||||
authenticationProvider,jwtLoginService,applicationConfig,true))
|
||||
.addPathPatterns("/login");
|
||||
|
||||
registry.addInterceptor(permissionAdapter)
|
||||
.addPathPatterns("/main/**")
|
||||
.addPathPatterns("/orgs/**")
|
||||
@ -110,6 +145,7 @@ public class MaxKeyMgtMvcConfig implements WebMvcConfigurer {
|
||||
_logger.debug("add LocaleChangeInterceptor");
|
||||
|
||||
|
||||
|
||||
registry.addInterceptor(restApiPermissionAdapter)
|
||||
.addPathPatterns("/identity/api/**")
|
||||
;
|
||||
|
||||
@ -22,20 +22,15 @@ import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.maxkey.authn.AbstractAuthenticationProvider;
|
||||
import org.maxkey.authn.LoginCredential;
|
||||
import org.maxkey.authn.support.jwt.JwtLoginService;
|
||||
import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
|
||||
import org.maxkey.configuration.ApplicationConfig;
|
||||
import org.maxkey.web.WebConstants;
|
||||
import org.maxkey.web.WebContext;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Qualifier;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.web.bind.annotation.CookieValue;
|
||||
import org.springframework.web.bind.annotation.ModelAttribute;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestParam;
|
||||
import org.springframework.web.servlet.ModelAndView;
|
||||
|
||||
|
||||
@ -51,15 +46,7 @@ public class LoginEndpoint {
|
||||
@Qualifier("applicationConfig")
|
||||
protected ApplicationConfig applicationConfig;
|
||||
|
||||
|
||||
@Autowired
|
||||
@Qualifier("remeberMeService")
|
||||
protected AbstractRemeberMeService remeberMeService;
|
||||
|
||||
@Autowired
|
||||
@Qualifier("jwtLoginService")
|
||||
JwtLoginService jwtLoginService;
|
||||
|
||||
|
||||
@Autowired
|
||||
@Qualifier("authenticationProvider")
|
||||
AbstractAuthenticationProvider authenticationProvider ;
|
||||
@ -71,29 +58,13 @@ public class LoginEndpoint {
|
||||
@RequestMapping(value={"/login"})
|
||||
public ModelAndView login(
|
||||
HttpServletRequest request,
|
||||
HttpServletResponse response,
|
||||
@CookieValue(value=WebConstants.REMEBER_ME_COOKIE,required=false) String remeberMe,
|
||||
@RequestParam(value = WebConstants.JWT_TOKEN_PARAMETER, required = false) String jwt) {
|
||||
HttpServletResponse response) {
|
||||
|
||||
_logger.debug("LoginController /login.");
|
||||
ModelAndView modelAndView = new ModelAndView();
|
||||
|
||||
boolean isAuthenticated= WebContext.isAuthenticated();
|
||||
|
||||
//for jwt Login
|
||||
if(!isAuthenticated){
|
||||
if(jwt!=null&&!jwt.equals("")){
|
||||
isAuthenticated=jwtLoginService.login(jwt, response);
|
||||
}
|
||||
}
|
||||
|
||||
//for RemeberMe login
|
||||
if(!isAuthenticated){
|
||||
if(applicationConfig.getLoginConfig().isRemeberMe()&&remeberMe!=null&& !remeberMe.equals("")){
|
||||
isAuthenticated=remeberMeService.login(remeberMe,response);
|
||||
}
|
||||
}
|
||||
|
||||
//for normal login
|
||||
if(!isAuthenticated){
|
||||
modelAndView.addObject("isRemeberMe", applicationConfig.getLoginConfig().isRemeberMe());
|
||||
|
||||
@ -49,8 +49,6 @@ import org.mybatis.spring.annotation.MapperScan;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Qualifier;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.ComponentScan;
|
||||
@ -130,14 +128,6 @@ public class MaxKeyConfig implements InitializingBean {
|
||||
return authenticationRealm;
|
||||
}
|
||||
|
||||
//JdbcAuthenticationRealm
|
||||
public JdbcAuthenticationRealm jdbcAuthenticationRealm(
|
||||
JdbcTemplate jdbcTemplate) {
|
||||
JdbcAuthenticationRealm authenticationRealm = new JdbcAuthenticationRealm(jdbcTemplate);
|
||||
_logger.debug("JdbcAuthenticationRealm inited.");
|
||||
return authenticationRealm;
|
||||
}
|
||||
|
||||
//LdapAuthenticationRealm
|
||||
public LdapAuthenticationRealm ldapAuthenticationRealm(
|
||||
JdbcTemplate jdbcTemplate) {
|
||||
|
||||
@ -17,8 +17,12 @@
|
||||
|
||||
package org.maxkey;
|
||||
|
||||
import org.maxkey.authn.AbstractAuthenticationProvider;
|
||||
import org.maxkey.authn.support.basic.BasicEntryPoint;
|
||||
import org.maxkey.authn.support.httpheader.HttpHeaderEntryPoint;
|
||||
import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
|
||||
import org.maxkey.authn.support.rememberme.HttpRemeberMeEntryPoint;
|
||||
import org.maxkey.configuration.ApplicationConfig;
|
||||
import org.maxkey.constants.ConstantsProperties;
|
||||
import org.maxkey.web.interceptor.HistoryLoginAppAdapter;
|
||||
import org.maxkey.web.interceptor.HistoryLogsAdapter;
|
||||
@ -27,6 +31,7 @@ import org.maxkey.web.interceptor.PreLoginAppAdapter;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Qualifier;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.context.annotation.PropertySource;
|
||||
@ -42,6 +47,18 @@ import org.springframework.web.servlet.i18n.LocaleChangeInterceptor;
|
||||
public class MaxKeyMvcConfig implements WebMvcConfigurer {
|
||||
private static final Logger _logger = LoggerFactory.getLogger(MaxKeyMvcConfig.class);
|
||||
|
||||
@Autowired
|
||||
@Qualifier("applicationConfig")
|
||||
ApplicationConfig applicationConfig;
|
||||
|
||||
@Autowired
|
||||
@Qualifier("authenticationProvider")
|
||||
AbstractAuthenticationProvider authenticationProvider ;
|
||||
|
||||
@Autowired
|
||||
@Qualifier("remeberMeService")
|
||||
AbstractRemeberMeService remeberMeService;
|
||||
|
||||
@Autowired
|
||||
PermissionAdapter permissionAdapter;
|
||||
|
||||
@ -93,6 +110,23 @@ public class MaxKeyMvcConfig implements WebMvcConfigurer {
|
||||
public void addInterceptors(InterceptorRegistry registry) {
|
||||
//addPathPatterns 用于添加拦截规则 , 先把所有路径都加入拦截, 再一个个排除
|
||||
//excludePathPatterns 表示改路径不用拦截
|
||||
_logger.debug("add HttpRemeberMeEntryPoint");
|
||||
registry.addInterceptor(new HttpRemeberMeEntryPoint(
|
||||
authenticationProvider,remeberMeService,applicationConfig,true))
|
||||
.addPathPatterns("/login");
|
||||
|
||||
if(httpHeaderEnable) {
|
||||
registry.addInterceptor(new HttpHeaderEntryPoint(httpHeaderName,httpHeaderEnable))
|
||||
.addPathPatterns("/*");
|
||||
_logger.debug("add HttpHeaderEntryPoint");
|
||||
}
|
||||
|
||||
if(basicEnable) {
|
||||
registry.addInterceptor(new BasicEntryPoint(basicEnable))
|
||||
.addPathPatterns("/*");
|
||||
_logger.debug("add BasicEntryPoint");
|
||||
}
|
||||
|
||||
registry.addInterceptor(permissionAdapter)
|
||||
.addPathPatterns("/index/**")
|
||||
.addPathPatterns("/logs/**")
|
||||
@ -176,17 +210,7 @@ public class MaxKeyMvcConfig implements WebMvcConfigurer {
|
||||
registry.addInterceptor(localeChangeInterceptor);
|
||||
_logger.debug("add LocaleChangeInterceptor");
|
||||
|
||||
if(httpHeaderEnable) {
|
||||
registry.addInterceptor(new HttpHeaderEntryPoint(httpHeaderName,httpHeaderEnable))
|
||||
.addPathPatterns("/*");
|
||||
_logger.debug("add HttpHeaderEntryPoint");
|
||||
}
|
||||
|
||||
if(basicEnable) {
|
||||
registry.addInterceptor(new BasicEntryPoint(basicEnable))
|
||||
.addPathPatterns("/*");
|
||||
_logger.debug("add BasicEntryPoint");
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -27,7 +27,6 @@ import javax.servlet.http.HttpServletResponse;
|
||||
import org.maxkey.authn.AbstractAuthenticationProvider;
|
||||
import org.maxkey.authn.LoginCredential;
|
||||
import org.maxkey.authn.support.kerberos.KerberosService;
|
||||
import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
|
||||
import org.maxkey.authn.support.socialsignon.service.SocialSignOnProviderService;
|
||||
import org.maxkey.authn.support.wsfederation.WsFederationConstants;
|
||||
import org.maxkey.configuration.ApplicationConfig;
|
||||
@ -44,7 +43,6 @@ import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Qualifier;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.web.bind.annotation.CookieValue;
|
||||
import org.springframework.web.bind.annotation.ModelAttribute;
|
||||
import org.springframework.web.bind.annotation.PathVariable;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
@ -61,8 +59,6 @@ import org.springframework.web.servlet.ModelAndView;
|
||||
public class LoginEndpoint {
|
||||
private static Logger _logger = LoggerFactory.getLogger(LoginEndpoint.class);
|
||||
|
||||
|
||||
|
||||
@Autowired
|
||||
@Qualifier("applicationConfig")
|
||||
ApplicationConfig applicationConfig;
|
||||
@ -71,10 +67,6 @@ public class LoginEndpoint {
|
||||
@Qualifier("socialSignOnProviderService")
|
||||
SocialSignOnProviderService socialSignOnProviderService;
|
||||
|
||||
@Autowired
|
||||
@Qualifier("remeberMeService")
|
||||
AbstractRemeberMeService remeberMeService;
|
||||
|
||||
@Autowired
|
||||
@Qualifier("kerberosService")
|
||||
KerberosService kerberosService;
|
||||
@ -95,11 +87,6 @@ public class LoginEndpoint {
|
||||
@Qualifier("tfaOtpAuthn")
|
||||
protected AbstractOtpAuthn tfaOtpAuthn;
|
||||
|
||||
/*
|
||||
@Autowired
|
||||
@Qualifier("jwtLoginService")
|
||||
JwtLoginService jwtLoginService;
|
||||
*/
|
||||
/**
|
||||
* init login
|
||||
* @return
|
||||
@ -108,7 +95,6 @@ public class LoginEndpoint {
|
||||
public ModelAndView login(
|
||||
HttpServletRequest request,
|
||||
HttpServletResponse response,
|
||||
@CookieValue(value=WebConstants.REMEBER_ME_COOKIE,required=false) String remeberMe,
|
||||
@RequestParam(value=WebConstants.CAS_SERVICE_PARAMETER,required=false) String casService,
|
||||
@RequestParam(value=WebConstants.KERBEROS_TOKEN_PARAMETER,required=false) String kerberosToken,
|
||||
@RequestParam(value=WebConstants.KERBEROS_USERDOMAIN_PARAMETER,required=false) String kerberosUserDomain,
|
||||
@ -119,13 +105,6 @@ public class LoginEndpoint {
|
||||
ModelAndView modelAndView = new ModelAndView("login");
|
||||
|
||||
boolean isAuthenticated= WebContext.isAuthenticated();
|
||||
//for RemeberMe login
|
||||
if(!isAuthenticated){
|
||||
if(applicationConfig.getLoginConfig().isRemeberMe()&&remeberMe!=null&& !remeberMe.equals("")){
|
||||
_logger.debug("Try RemeberMe login ");
|
||||
isAuthenticated=remeberMeService.login(remeberMe,response);
|
||||
}
|
||||
}
|
||||
//for Kerberos login
|
||||
if(!isAuthenticated){
|
||||
if(applicationConfig.getLoginConfig().isKerberos()&&
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user