From 5ccb71e64df7ae358096fc6c9103d637fbee60be Mon Sep 17 00:00:00 2001 From: MaxKey Date: Wed, 17 Feb 2021 13:06:30 +0800 Subject: [PATCH] authentication jwt RemeberMe --- .../realm/AbstractAuthenticationRealm.java | 2 - .../authn/support/jwt/HttpJwtEntryPoint.java | 125 +++++++++++++++ .../authn/support/jwt/JwtLoginService.java | 131 ++++----------- .../rememberme/AbstractRemeberMeService.java | 39 ----- .../rememberme/HttpRemeberMeEntryPoint.java | 150 ++++++++++++++++++ .../JwtAuthnAutoConfiguration.java | 5 +- .../org/maxkey/web/InitializeContext.java | 17 +- .../Oauth20AutoConfiguration.java | 6 +- .../java/org/maxkey/MaxKeyMgtMvcConfig.java | 36 +++++ .../maxkey/web/endpoint/LoginEndpoint.java | 33 +--- .../main/java/org/maxkey/MaxKeyConfig.java | 10 -- .../main/java/org/maxkey/MaxKeyMvcConfig.java | 46 ++++-- .../maxkey/web/endpoint/LoginEndpoint.java | 21 --- 13 files changed, 388 insertions(+), 233 deletions(-) create mode 100644 maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/jwt/HttpJwtEntryPoint.java create mode 100644 maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/HttpRemeberMeEntryPoint.java diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/AbstractAuthenticationRealm.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/AbstractAuthenticationRealm.java index 383e3d4f5..2348ffa64 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/AbstractAuthenticationRealm.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/AbstractAuthenticationRealm.java @@ -32,8 +32,6 @@ import org.maxkey.web.WebConstants; import org.maxkey.web.WebContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.security.core.GrantedAuthority; diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/jwt/HttpJwtEntryPoint.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/jwt/HttpJwtEntryPoint.java new file mode 100644 index 000000000..0c0781eb3 --- /dev/null +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/jwt/HttpJwtEntryPoint.java @@ -0,0 +1,125 @@ +/* + * Copyright [2020] [MaxKey of copyright http://www.maxkey.top] + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +package org.maxkey.authn.support.jwt; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.maxkey.authn.AbstractAuthenticationProvider; +import org.maxkey.configuration.ApplicationConfig; +import org.maxkey.constants.ConstantsLoginType; +import org.maxkey.web.WebConstants; +import org.maxkey.web.WebContext; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.web.servlet.AsyncHandlerInterceptor; + +import com.nimbusds.jwt.SignedJWT; + + +public class HttpJwtEntryPoint implements AsyncHandlerInterceptor { + private static final Logger _logger = LoggerFactory.getLogger(HttpJwtEntryPoint.class); + + boolean enable; + + ApplicationConfig applicationConfig; + + AbstractAuthenticationProvider authenticationProvider ; + + JwtLoginService jwtLoginService; + + @Override + public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception { + boolean isAuthenticated= WebContext.isAuthenticated(); + + String jwt = request.getParameter(WebConstants.JWT_TOKEN_PARAMETER); + if(!enable || isAuthenticated || jwt == null){ + return true; + } + + _logger.debug("JWT Login Start ..."); + _logger.info("Request url : "+ request.getRequestURL()); + _logger.info("Request URI : "+ request.getRequestURI()); + _logger.info("Request ContextPath : "+ request.getContextPath()); + _logger.info("Request ServletPath : "+ request.getServletPath()); + _logger.debug("RequestSessionId : "+ request.getRequestedSessionId()); + _logger.debug("isRequestedSessionIdValid : "+ request.isRequestedSessionIdValid()); + _logger.debug("getSession : "+ request.getSession(false)); + + // session not exists,session timeout,recreate new session + if(request.getSession(false) == null) { + _logger.info("recreate new session ."); + request.getSession(true); + } + + _logger.info("getSession.getId : "+ request.getSession().getId()); + + //for jwt Login + if(!isAuthenticated){ + _logger.debug("jwt : " + jwt); + + SignedJWT signedJWT = jwtLoginService.jwtTokenValidation(jwt); + if(signedJWT != null) { + String username =signedJWT.getJWTClaimsSet().getSubject(); + authenticationProvider.trustAuthentication(username, ConstantsLoginType.JWT, "", "", "success"); + } + + } + + return true; + } + + public HttpJwtEntryPoint() { + super(); + } + + public HttpJwtEntryPoint (boolean enable) { + super(); + this.enable = enable; + } + + public HttpJwtEntryPoint(AbstractAuthenticationProvider authenticationProvider, JwtLoginService jwtLoginService, + ApplicationConfig applicationConfig, boolean enable) { + super(); + this.authenticationProvider = authenticationProvider; + this.jwtLoginService = jwtLoginService; + this.applicationConfig = applicationConfig; + this.enable = enable; + } + + public boolean isEnable() { + return enable; + } + + public void setEnable(boolean enable) { + this.enable = enable; + } + + public void setApplicationConfig(ApplicationConfig applicationConfig) { + this.applicationConfig = applicationConfig; + } + + public void setAuthenticationProvider(AbstractAuthenticationProvider authenticationProvider) { + this.authenticationProvider = authenticationProvider; + } + + public void setJwtLoginService(JwtLoginService jwtLoginService) { + this.jwtLoginService = jwtLoginService; + } + +} diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/jwt/JwtLoginService.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/jwt/JwtLoginService.java index 4f8638d5d..97bf77176 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/jwt/JwtLoginService.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/jwt/JwtLoginService.java @@ -28,11 +28,8 @@ import com.nimbusds.jwt.PlainJWT; import com.nimbusds.jwt.SignedJWT; import java.util.Date; import java.util.UUID; -import javax.servlet.http.HttpServletResponse; import org.joda.time.DateTime; -import org.maxkey.authn.AbstractAuthenticationProvider; import org.maxkey.configuration.oidc.OIDCProviderMetadataDetails; -import org.maxkey.constants.ConstantsLoginType; import org.maxkey.crypto.jwt.signer.service.impl.DefaultJwtSigningAndValidationService; import org.maxkey.web.WebContext; import org.slf4j.Logger; @@ -47,77 +44,14 @@ public class JwtLoginService { DefaultJwtSigningAndValidationService jwtSignerValidationService; - AbstractAuthenticationProvider authenticationProvider ; - - - public JwtLoginService(AbstractAuthenticationProvider authenticationProvider, + public JwtLoginService( OIDCProviderMetadataDetails jwtProviderMetadata, DefaultJwtSigningAndValidationService jwtSignerValidationService ) { - this.authenticationProvider = authenticationProvider; this.jwtProviderMetadata = jwtProviderMetadata; this.jwtSignerValidationService = jwtSignerValidationService; } - public boolean login(String jwt, HttpServletResponse response) { - _logger.debug("jwt : " + jwt); - - String username = null; - SignedJWT signedJWT = null; - - boolean loginResult = false; - JWTClaimsSet jwtClaimsSet = null; - try { - - RSASSAVerifier rsaSSAVerifier = new RSASSAVerifier(((RSAKey) jwtSignerValidationService.getAllPublicKeys() - .get(jwtSignerValidationService.getDefaultSignerKeyId())).toRSAPublicKey()); - - signedJWT = SignedJWT.parse(jwt); - if (signedJWT.verify(rsaSSAVerifier)) { - loginResult = true; - } else { - _logger.debug("verify false "); - return false; - } - jwtClaimsSet = signedJWT.getJWTClaimsSet(); - - _logger.debug("" + signedJWT.getPayload()); - _logger.debug("jwtClaimsSet Issuer " + jwtClaimsSet.getIssuer()); - _logger.debug("Metadata Issuer " + jwtProviderMetadata.getIssuer()); - - if (loginResult && jwtClaimsSet.getIssuer().equals(jwtProviderMetadata.getIssuer())) { - loginResult = true; - _logger.debug("Issuer equals "); - } else { - _logger.debug("Issuer not equals "); - return false; - } - - _logger.debug("username " + jwtClaimsSet.getSubject()); - - if (loginResult && jwtClaimsSet.getSubject() != null) { - username = jwtClaimsSet.getSubject(); - } else { - return false; - } - - DateTime now = new DateTime(); - - if (loginResult && now.isBefore(jwtClaimsSet.getExpirationTime().getTime())) { - authenticationProvider.trustAuthentication(username, ConstantsLoginType.JWT, "", "", "success"); - return true; - } - } catch (java.text.ParseException e) { - // Invalid signed JWT encoding - _logger.error("Invalid signed JWT encoding "); - } catch (JOSEException e) { - // TODO Auto-generated catch block - e.printStackTrace(); - _logger.error("JOSEException "); - } - - return false; - } public String buildLoginJwt() { _logger.debug("buildLoginJwt ."); @@ -144,10 +78,8 @@ public class JwtLoginService { return tokenString; } - public boolean jwtTokenValidation(String jwt) { + public SignedJWT jwtTokenValidation(String jwt) { SignedJWT signedJWT = null; - - boolean loginResult = false; JWTClaimsSet jwtClaimsSet = null; try { @@ -156,44 +88,34 @@ public class JwtLoginService { signedJWT = SignedJWT.parse(jwt); if (signedJWT.verify(rsaSSAVerifier)) { - loginResult = true; + jwtClaimsSet = signedJWT.getJWTClaimsSet(); + _logger.debug("" + signedJWT.getPayload()); + _logger.debug("username " + jwtClaimsSet.getSubject()); + _logger.debug("jwtClaimsSet Issuer " + jwtClaimsSet.getIssuer()); + _logger.debug("Metadata Issuer " + jwtProviderMetadata.getIssuer()); + if ( jwtClaimsSet.getIssuer().equals(jwtProviderMetadata.getIssuer())) { + _logger.debug("Issuer equals "); + DateTime now = new DateTime(); + if (now.isBefore(jwtClaimsSet.getExpirationTime().getTime())) { + _logger.debug("ExpirationTime Validation " + now.isBefore(jwtClaimsSet.getExpirationTime().getTime())); + return signedJWT; + } + } else { + _logger.debug("Issuer not equals "); + } } else { _logger.debug("verify false "); } - jwtClaimsSet = signedJWT.getJWTClaimsSet(); - - _logger.debug("" + signedJWT.getPayload()); - - _logger.debug("username " + jwtClaimsSet.getSubject()); - - _logger.debug("jwtClaimsSet Issuer " + jwtClaimsSet.getIssuer()); - _logger.debug("Metadata Issuer " + jwtProviderMetadata.getIssuer()); - - if (loginResult && jwtClaimsSet.getIssuer().equals(jwtProviderMetadata.getIssuer())) { - loginResult = true; - _logger.debug("Issuer equals "); - } else { - _logger.debug("Issuer not equals "); - return false; - } - - DateTime now = new DateTime(); - - if (loginResult && now.isBefore(jwtClaimsSet.getExpirationTime().getTime())) { - _logger.debug("ExpirationTime Validation " + now.isBefore(jwtClaimsSet.getExpirationTime().getTime())); - loginResult = true; - } else { - return false; - } + } catch (java.text.ParseException e) { // Invalid signed JWT encoding - _logger.debug("Invalid signed JWT encoding "); + _logger.error("Invalid signed JWT encoding ",e); } catch (JOSEException e) { // TODO Auto-generated catch block e.printStackTrace(); - _logger.debug("JOSEException "); + _logger.error("JOSEException ",e); } - return loginResult; + return null; } @@ -205,8 +127,13 @@ public class JwtLoginService { this.jwtSignerValidationService = jwtSignerValidationService; } - public void setAuthenticationProvider(AbstractAuthenticationProvider authenticationProvider) { - this.authenticationProvider = authenticationProvider; - } + public OIDCProviderMetadataDetails getJwtProviderMetadata() { + return jwtProviderMetadata; + } + public DefaultJwtSigningAndValidationService getJwtSignerValidationService() { + return jwtSignerValidationService; + } + + } diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/AbstractRemeberMeService.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/AbstractRemeberMeService.java index 7911b4064..b9b0b56c6 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/AbstractRemeberMeService.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/AbstractRemeberMeService.java @@ -22,10 +22,7 @@ import java.util.regex.Pattern; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; -import org.joda.time.DateTime; -import org.maxkey.authn.AbstractAuthenticationProvider; import org.maxkey.configuration.ApplicationConfig; -import org.maxkey.constants.ConstantsLoginType; import org.maxkey.constants.ConstantsTimeInterval; import org.maxkey.crypto.Base64Utils; import org.maxkey.crypto.ReciprocalUtils; @@ -47,10 +44,6 @@ public abstract class AbstractRemeberMeService { @Autowired @Qualifier("applicationConfig") protected ApplicationConfig applicationConfig; - - @Autowired - @Qualifier("authenticationProvider") - AbstractAuthenticationProvider authenticationProvider ; // follow function is for persist public abstract void save(RemeberMe remeberMe); @@ -97,38 +90,6 @@ public abstract class AbstractRemeberMeService { return true; } - public boolean login(String remeberMe, HttpServletResponse response) { - _logger.debug("RemeberMe : " + remeberMe); - - remeberMe = new String(Base64Utils.base64UrlDecode(remeberMe)); - - remeberMe = ReciprocalUtils.decoder(remeberMe); - - _logger.debug("decoder RemeberMe : " + remeberMe); - RemeberMe remeberMeCookie = new RemeberMe(); - remeberMeCookie = (RemeberMe) JsonUtils.json2Object(remeberMe, remeberMeCookie); - _logger.debug("Remeber Me Cookie : " + remeberMeCookie); - - RemeberMe storeRemeberMe = read(remeberMeCookie); - if (storeRemeberMe == null) { - return false; - } - DateTime loginDate = new DateTime(storeRemeberMe.getLastLogin()); - DateTime expiryDate = loginDate.plusSeconds(getRemeberMeValidity()); - DateTime now = new DateTime(); - if (now.isBefore(expiryDate)) { - authenticationProvider.trustAuthentication( - storeRemeberMe.getUsername(), - ConstantsLoginType.REMEBER_ME, - "", - "", - "success"); - return updateRemeberMe(remeberMeCookie, response); - - } - return false; - } - public boolean updateRemeberMe(RemeberMe remeberMe, HttpServletResponse response) { remeberMe.setAuthKey(WebContext.genId()); remeberMe.setLastLogin(new Date()); diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/HttpRemeberMeEntryPoint.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/HttpRemeberMeEntryPoint.java new file mode 100644 index 000000000..cbedd8baf --- /dev/null +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/HttpRemeberMeEntryPoint.java @@ -0,0 +1,150 @@ +/* + * Copyright [2020] [MaxKey of copyright http://www.maxkey.top] + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + +package org.maxkey.authn.support.rememberme; + +import javax.servlet.http.Cookie; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.joda.time.DateTime; +import org.maxkey.authn.AbstractAuthenticationProvider; +import org.maxkey.configuration.ApplicationConfig; +import org.maxkey.constants.ConstantsLoginType; +import org.maxkey.crypto.Base64Utils; +import org.maxkey.crypto.ReciprocalUtils; +import org.maxkey.util.JsonUtils; +import org.maxkey.web.WebConstants; +import org.maxkey.web.WebContext; +import org.slf4j.Logger; +import org.slf4j.LoggerFactory; +import org.springframework.web.servlet.AsyncHandlerInterceptor; + + +public class HttpRemeberMeEntryPoint implements AsyncHandlerInterceptor { + private static final Logger _logger = LoggerFactory.getLogger(HttpRemeberMeEntryPoint.class); + + boolean enable; + + ApplicationConfig applicationConfig; + + AbstractAuthenticationProvider authenticationProvider ; + + AbstractRemeberMeService remeberMeService; + + @Override + public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception { + boolean isAuthenticated= WebContext.isAuthenticated(); + + Cookie readRemeberMeCookie = WebContext.readCookieByName(request,WebConstants.REMEBER_ME_COOKIE); + if(!enable || isAuthenticated){ + return true; + } + + _logger.debug("RemeberMe Login Start ..."); + _logger.info("Request url : "+ request.getRequestURL()); + _logger.info("Request URI : "+ request.getRequestURI()); + _logger.info("Request ContextPath : "+ request.getContextPath()); + _logger.info("Request ServletPath : "+ request.getServletPath()); + _logger.debug("RequestSessionId : "+ request.getRequestedSessionId()); + _logger.debug("isRequestedSessionIdValid : "+ request.isRequestedSessionIdValid()); + _logger.debug("getSession : "+ request.getSession(false)); + + // session not exists,session timeout,recreate new session + if(request.getSession(false) == null) { + _logger.info("recreate new session ."); + request.getSession(true); + } + + _logger.info("getSession.getId : "+ request.getSession().getId()); + + if(applicationConfig.getLoginConfig().isRemeberMe()&&readRemeberMeCookie!=null){ + _logger.debug("Try RemeberMe login "); + String remeberMe = readRemeberMeCookie.getValue(); + _logger.debug("RemeberMe : " + remeberMe); + + remeberMe = new String(Base64Utils.base64UrlDecode(remeberMe)); + + remeberMe = ReciprocalUtils.decoder(remeberMe); + + _logger.debug("decoder RemeberMe : " + remeberMe); + RemeberMe remeberMeCookie = new RemeberMe(); + remeberMeCookie = (RemeberMe) JsonUtils.json2Object(remeberMe, remeberMeCookie); + _logger.debug("Remeber Me Cookie : " + remeberMeCookie); + + RemeberMe storeRemeberMe = remeberMeService.read(remeberMeCookie); + if (storeRemeberMe != null) { + DateTime loginDate = new DateTime(storeRemeberMe.getLastLogin()); + DateTime expiryDate = loginDate.plusSeconds(remeberMeService.getRemeberMeValidity()); + DateTime now = new DateTime(); + if (now.isBefore(expiryDate)) { + authenticationProvider.trustAuthentication( + storeRemeberMe.getUsername(), + ConstantsLoginType.REMEBER_ME, + "", + "", + "success"); + remeberMeService.updateRemeberMe(remeberMeCookie, response); + + } + } + } + + return true; + } + + public HttpRemeberMeEntryPoint() { + super(); + } + + public HttpRemeberMeEntryPoint (boolean enable) { + super(); + this.enable = enable; + } + + public HttpRemeberMeEntryPoint( + AbstractAuthenticationProvider authenticationProvider, AbstractRemeberMeService remeberMeService, + ApplicationConfig applicationConfig,boolean enable) { + super(); + this.enable = enable; + this.applicationConfig = applicationConfig; + this.authenticationProvider = authenticationProvider; + this.remeberMeService = remeberMeService; + } + + public boolean isEnable() { + return enable; + } + + public void setEnable(boolean enable) { + this.enable = enable; + } + + public void setApplicationConfig(ApplicationConfig applicationConfig) { + this.applicationConfig = applicationConfig; + } + + public void setAuthenticationProvider(AbstractAuthenticationProvider authenticationProvider) { + this.authenticationProvider = authenticationProvider; + } + + public void setRemeberMeService(AbstractRemeberMeService remeberMeService) { + this.remeberMeService = remeberMeService; + } + + +} diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/autoconfigure/JwtAuthnAutoConfiguration.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/autoconfigure/JwtAuthnAutoConfiguration.java index 889e45492..7eeced17b 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/autoconfigure/JwtAuthnAutoConfiguration.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/autoconfigure/JwtAuthnAutoConfiguration.java @@ -23,7 +23,6 @@ import java.net.URI; import java.security.NoSuchAlgorithmException; import java.security.spec.InvalidKeySpecException; -import org.maxkey.authn.AbstractAuthenticationProvider; import org.maxkey.authn.support.jwt.JwtLoginService; import org.maxkey.configuration.oidc.OIDCProviderMetadataDetails; import org.maxkey.constants.ConstantsProperties; @@ -126,11 +125,9 @@ public class JwtAuthnAutoConfiguration implements InitializingBean { @Bean(name = "jwtLoginService") public JwtLoginService jwtLoginService( DefaultJwtSigningAndValidationService jwtSignerValidationService, - OIDCProviderMetadataDetails oidcProviderMetadata, - AbstractAuthenticationProvider authenticationProvider) { + OIDCProviderMetadataDetails oidcProviderMetadata) { JwtLoginService jwtLoginService = new JwtLoginService( - authenticationProvider, oidcProviderMetadata, jwtSignerValidationService ); diff --git a/maxkey-core/src/main/java/org/maxkey/web/InitializeContext.java b/maxkey-core/src/main/java/org/maxkey/web/InitializeContext.java index 37ffbd398..ad52ca460 100644 --- a/maxkey-core/src/main/java/org/maxkey/web/InitializeContext.java +++ b/maxkey-core/src/main/java/org/maxkey/web/InitializeContext.java @@ -130,20 +130,20 @@ public class InitializeContext extends HttpServlet { + databaseMetaData.getDatabaseProductName()); _logger.debug("DatabaseProductVersion: " + databaseMetaData.getDatabaseProductVersion()); - _logger.debug("DatabaseMajorVersion : " + _logger.trace("DatabaseMajorVersion : " + databaseMetaData.getDatabaseMajorVersion()); - _logger.debug("DatabaseMinorVersion : " + _logger.trace("DatabaseMinorVersion : " + databaseMetaData.getDatabaseMinorVersion()); - _logger.debug("supportsTransactions : " + _logger.trace("supportsTransactions : " + databaseMetaData.supportsTransactions()); - _logger.debug("DefaultTransaction : " + _logger.trace("DefaultTransaction : " + databaseMetaData.getDefaultTransactionIsolation()); - _logger.debug("MaxConnections : " + _logger.trace("MaxConnections : " + databaseMetaData.getMaxConnections()); - _logger.debug(""); - _logger.debug("JDBCMajorVersion : " + _logger.trace(""); + _logger.trace("JDBCMajorVersion : " + databaseMetaData.getJDBCMajorVersion()); - _logger.debug("JDBCMinorVersion : " + _logger.trace("JDBCMinorVersion : " + databaseMetaData.getJDBCMinorVersion()); _logger.debug("DriverName : " + databaseMetaData.getDriverName()); @@ -157,6 +157,7 @@ public class InitializeContext extends HttpServlet { _logger.debug("-----------------------------------------------------------"); } catch (SQLException e) { e.printStackTrace(); + _logger.error("DatabaseMetaData Variables Error .",e); } } } diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/autoconfigure/Oauth20AutoConfiguration.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/autoconfigure/Oauth20AutoConfiguration.java index 87ed06af9..e254a6740 100644 --- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/autoconfigure/Oauth20AutoConfiguration.java +++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/autoconfigure/Oauth20AutoConfiguration.java @@ -23,8 +23,6 @@ import java.security.spec.InvalidKeySpecException; import javax.servlet.Filter; import javax.sql.DataSource; - -import org.maxkey.authn.AbstractAuthenticationProvider; import org.maxkey.authn.support.jwt.JwtLoginService; import org.maxkey.authz.oauth2.provider.ClientDetailsService; import org.maxkey.authz.oauth2.provider.OAuth2UserDetailsService; @@ -168,11 +166,9 @@ public class Oauth20AutoConfiguration implements InitializingBean { @Bean(name = "jwtLoginService") public JwtLoginService jwtLoginService( DefaultJwtSigningAndValidationService jwtSignerValidationService, - OIDCProviderMetadataDetails oidcProviderMetadata, - AbstractAuthenticationProvider authenticationProvider) { + OIDCProviderMetadataDetails oidcProviderMetadata) { JwtLoginService jwtLoginService = new JwtLoginService( - authenticationProvider, oidcProviderMetadata, jwtSignerValidationService ); diff --git a/maxkey-web-manage/src/main/java/org/maxkey/MaxKeyMgtMvcConfig.java b/maxkey-web-manage/src/main/java/org/maxkey/MaxKeyMgtMvcConfig.java index f1164981f..97ff982fd 100644 --- a/maxkey-web-manage/src/main/java/org/maxkey/MaxKeyMgtMvcConfig.java +++ b/maxkey-web-manage/src/main/java/org/maxkey/MaxKeyMgtMvcConfig.java @@ -17,12 +17,19 @@ package org.maxkey; +import org.maxkey.authn.AbstractAuthenticationProvider; +import org.maxkey.authn.support.jwt.HttpJwtEntryPoint; +import org.maxkey.authn.support.jwt.JwtLoginService; +import org.maxkey.authn.support.rememberme.AbstractRemeberMeService; +import org.maxkey.authn.support.rememberme.HttpRemeberMeEntryPoint; +import org.maxkey.configuration.ApplicationConfig; import org.maxkey.web.interceptor.HistoryLogsAdapter; import org.maxkey.web.interceptor.PermissionAdapter; import org.maxkey.web.interceptor.RestApiPermissionAdapter; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.context.annotation.Configuration; import org.springframework.web.servlet.config.annotation.EnableWebMvc; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; @@ -34,6 +41,23 @@ import org.springframework.web.servlet.i18n.LocaleChangeInterceptor; @EnableWebMvc public class MaxKeyMgtMvcConfig implements WebMvcConfigurer { private static final Logger _logger = LoggerFactory.getLogger(MaxKeyMgtMvcConfig.class); + + @Autowired + @Qualifier("applicationConfig") + ApplicationConfig applicationConfig; + + @Autowired + @Qualifier("authenticationProvider") + AbstractAuthenticationProvider authenticationProvider ; + + @Autowired + @Qualifier("remeberMeService") + AbstractRemeberMeService remeberMeService; + + @Autowired + @Qualifier("jwtLoginService") + JwtLoginService jwtLoginService; + @Autowired PermissionAdapter permissionAdapter; @@ -74,6 +98,17 @@ public class MaxKeyMgtMvcConfig implements WebMvcConfigurer { public void addInterceptors(InterceptorRegistry registry) { //addPathPatterns 用于添加拦截规则 , 先把所有路径都加入拦截, 再一个个排除 //excludePathPatterns 表示改路径不用拦截 + + _logger.debug("add HttpRemeberMeEntryPoint"); + registry.addInterceptor(new HttpRemeberMeEntryPoint( + authenticationProvider,remeberMeService,applicationConfig,true)) + .addPathPatterns("/login"); + + _logger.debug("add HttpJwtEntryPoint"); + registry.addInterceptor(new HttpJwtEntryPoint( + authenticationProvider,jwtLoginService,applicationConfig,true)) + .addPathPatterns("/login"); + registry.addInterceptor(permissionAdapter) .addPathPatterns("/main/**") .addPathPatterns("/orgs/**") @@ -110,6 +145,7 @@ public class MaxKeyMgtMvcConfig implements WebMvcConfigurer { _logger.debug("add LocaleChangeInterceptor"); + registry.addInterceptor(restApiPermissionAdapter) .addPathPatterns("/identity/api/**") ; diff --git a/maxkey-web-manage/src/main/java/org/maxkey/web/endpoint/LoginEndpoint.java b/maxkey-web-manage/src/main/java/org/maxkey/web/endpoint/LoginEndpoint.java index 8cd8efa30..9b395bae1 100644 --- a/maxkey-web-manage/src/main/java/org/maxkey/web/endpoint/LoginEndpoint.java +++ b/maxkey-web-manage/src/main/java/org/maxkey/web/endpoint/LoginEndpoint.java @@ -22,20 +22,15 @@ import javax.servlet.http.HttpServletResponse; import org.maxkey.authn.AbstractAuthenticationProvider; import org.maxkey.authn.LoginCredential; -import org.maxkey.authn.support.jwt.JwtLoginService; -import org.maxkey.authn.support.rememberme.AbstractRemeberMeService; import org.maxkey.configuration.ApplicationConfig; -import org.maxkey.web.WebConstants; import org.maxkey.web.WebContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Controller; -import org.springframework.web.bind.annotation.CookieValue; import org.springframework.web.bind.annotation.ModelAttribute; import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.servlet.ModelAndView; @@ -51,15 +46,7 @@ public class LoginEndpoint { @Qualifier("applicationConfig") protected ApplicationConfig applicationConfig; - - @Autowired - @Qualifier("remeberMeService") - protected AbstractRemeberMeService remeberMeService; - - @Autowired - @Qualifier("jwtLoginService") - JwtLoginService jwtLoginService; - + @Autowired @Qualifier("authenticationProvider") AbstractAuthenticationProvider authenticationProvider ; @@ -71,29 +58,13 @@ public class LoginEndpoint { @RequestMapping(value={"/login"}) public ModelAndView login( HttpServletRequest request, - HttpServletResponse response, - @CookieValue(value=WebConstants.REMEBER_ME_COOKIE,required=false) String remeberMe, - @RequestParam(value = WebConstants.JWT_TOKEN_PARAMETER, required = false) String jwt) { + HttpServletResponse response) { _logger.debug("LoginController /login."); ModelAndView modelAndView = new ModelAndView(); boolean isAuthenticated= WebContext.isAuthenticated(); - //for jwt Login - if(!isAuthenticated){ - if(jwt!=null&&!jwt.equals("")){ - isAuthenticated=jwtLoginService.login(jwt, response); - } - } - - //for RemeberMe login - if(!isAuthenticated){ - if(applicationConfig.getLoginConfig().isRemeberMe()&&remeberMe!=null&& !remeberMe.equals("")){ - isAuthenticated=remeberMeService.login(remeberMe,response); - } - } - //for normal login if(!isAuthenticated){ modelAndView.addObject("isRemeberMe", applicationConfig.getLoginConfig().isRemeberMe()); diff --git a/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java b/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java index 2312b36b7..02c89be5e 100644 --- a/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java +++ b/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java @@ -49,8 +49,6 @@ import org.mybatis.spring.annotation.MapperScan; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.InitializingBean; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.ComponentScan; @@ -130,14 +128,6 @@ public class MaxKeyConfig implements InitializingBean { return authenticationRealm; } - //JdbcAuthenticationRealm - public JdbcAuthenticationRealm jdbcAuthenticationRealm( - JdbcTemplate jdbcTemplate) { - JdbcAuthenticationRealm authenticationRealm = new JdbcAuthenticationRealm(jdbcTemplate); - _logger.debug("JdbcAuthenticationRealm inited."); - return authenticationRealm; - } - //LdapAuthenticationRealm public LdapAuthenticationRealm ldapAuthenticationRealm( JdbcTemplate jdbcTemplate) { diff --git a/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyMvcConfig.java b/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyMvcConfig.java index 1dbce7a16..c217c20df 100644 --- a/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyMvcConfig.java +++ b/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyMvcConfig.java @@ -17,8 +17,12 @@ package org.maxkey; +import org.maxkey.authn.AbstractAuthenticationProvider; import org.maxkey.authn.support.basic.BasicEntryPoint; import org.maxkey.authn.support.httpheader.HttpHeaderEntryPoint; +import org.maxkey.authn.support.rememberme.AbstractRemeberMeService; +import org.maxkey.authn.support.rememberme.HttpRemeberMeEntryPoint; +import org.maxkey.configuration.ApplicationConfig; import org.maxkey.constants.ConstantsProperties; import org.maxkey.web.interceptor.HistoryLoginAppAdapter; import org.maxkey.web.interceptor.HistoryLogsAdapter; @@ -27,6 +31,7 @@ import org.maxkey.web.interceptor.PreLoginAppAdapter; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.PropertySource; @@ -42,6 +47,18 @@ import org.springframework.web.servlet.i18n.LocaleChangeInterceptor; public class MaxKeyMvcConfig implements WebMvcConfigurer { private static final Logger _logger = LoggerFactory.getLogger(MaxKeyMvcConfig.class); + @Autowired + @Qualifier("applicationConfig") + ApplicationConfig applicationConfig; + + @Autowired + @Qualifier("authenticationProvider") + AbstractAuthenticationProvider authenticationProvider ; + + @Autowired + @Qualifier("remeberMeService") + AbstractRemeberMeService remeberMeService; + @Autowired PermissionAdapter permissionAdapter; @@ -93,6 +110,23 @@ public class MaxKeyMvcConfig implements WebMvcConfigurer { public void addInterceptors(InterceptorRegistry registry) { //addPathPatterns 用于添加拦截规则 , 先把所有路径都加入拦截, 再一个个排除 //excludePathPatterns 表示改路径不用拦截 + _logger.debug("add HttpRemeberMeEntryPoint"); + registry.addInterceptor(new HttpRemeberMeEntryPoint( + authenticationProvider,remeberMeService,applicationConfig,true)) + .addPathPatterns("/login"); + + if(httpHeaderEnable) { + registry.addInterceptor(new HttpHeaderEntryPoint(httpHeaderName,httpHeaderEnable)) + .addPathPatterns("/*"); + _logger.debug("add HttpHeaderEntryPoint"); + } + + if(basicEnable) { + registry.addInterceptor(new BasicEntryPoint(basicEnable)) + .addPathPatterns("/*"); + _logger.debug("add BasicEntryPoint"); + } + registry.addInterceptor(permissionAdapter) .addPathPatterns("/index/**") .addPathPatterns("/logs/**") @@ -176,17 +210,7 @@ public class MaxKeyMvcConfig implements WebMvcConfigurer { registry.addInterceptor(localeChangeInterceptor); _logger.debug("add LocaleChangeInterceptor"); - if(httpHeaderEnable) { - registry.addInterceptor(new HttpHeaderEntryPoint(httpHeaderName,httpHeaderEnable)) - .addPathPatterns("/*"); - _logger.debug("add HttpHeaderEntryPoint"); - } - - if(basicEnable) { - registry.addInterceptor(new BasicEntryPoint(basicEnable)) - .addPathPatterns("/*"); - _logger.debug("add BasicEntryPoint"); - } + } } diff --git a/maxkey-web-maxkey/src/main/java/org/maxkey/web/endpoint/LoginEndpoint.java b/maxkey-web-maxkey/src/main/java/org/maxkey/web/endpoint/LoginEndpoint.java index 5380d3216..72476286e 100644 --- a/maxkey-web-maxkey/src/main/java/org/maxkey/web/endpoint/LoginEndpoint.java +++ b/maxkey-web-maxkey/src/main/java/org/maxkey/web/endpoint/LoginEndpoint.java @@ -27,7 +27,6 @@ import javax.servlet.http.HttpServletResponse; import org.maxkey.authn.AbstractAuthenticationProvider; import org.maxkey.authn.LoginCredential; import org.maxkey.authn.support.kerberos.KerberosService; -import org.maxkey.authn.support.rememberme.AbstractRemeberMeService; import org.maxkey.authn.support.socialsignon.service.SocialSignOnProviderService; import org.maxkey.authn.support.wsfederation.WsFederationConstants; import org.maxkey.configuration.ApplicationConfig; @@ -44,7 +43,6 @@ import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.stereotype.Controller; -import org.springframework.web.bind.annotation.CookieValue; import org.springframework.web.bind.annotation.ModelAttribute; import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.RequestMapping; @@ -61,8 +59,6 @@ import org.springframework.web.servlet.ModelAndView; public class LoginEndpoint { private static Logger _logger = LoggerFactory.getLogger(LoginEndpoint.class); - - @Autowired @Qualifier("applicationConfig") ApplicationConfig applicationConfig; @@ -71,10 +67,6 @@ public class LoginEndpoint { @Qualifier("socialSignOnProviderService") SocialSignOnProviderService socialSignOnProviderService; - @Autowired - @Qualifier("remeberMeService") - AbstractRemeberMeService remeberMeService; - @Autowired @Qualifier("kerberosService") KerberosService kerberosService; @@ -95,11 +87,6 @@ public class LoginEndpoint { @Qualifier("tfaOtpAuthn") protected AbstractOtpAuthn tfaOtpAuthn; - /* - @Autowired - @Qualifier("jwtLoginService") - JwtLoginService jwtLoginService; - */ /** * init login * @return @@ -108,7 +95,6 @@ public class LoginEndpoint { public ModelAndView login( HttpServletRequest request, HttpServletResponse response, - @CookieValue(value=WebConstants.REMEBER_ME_COOKIE,required=false) String remeberMe, @RequestParam(value=WebConstants.CAS_SERVICE_PARAMETER,required=false) String casService, @RequestParam(value=WebConstants.KERBEROS_TOKEN_PARAMETER,required=false) String kerberosToken, @RequestParam(value=WebConstants.KERBEROS_USERDOMAIN_PARAMETER,required=false) String kerberosUserDomain, @@ -119,13 +105,6 @@ public class LoginEndpoint { ModelAndView modelAndView = new ModelAndView("login"); boolean isAuthenticated= WebContext.isAuthenticated(); - //for RemeberMe login - if(!isAuthenticated){ - if(applicationConfig.getLoginConfig().isRemeberMe()&&remeberMe!=null&& !remeberMe.equals("")){ - _logger.debug("Try RemeberMe login "); - isAuthenticated=remeberMeService.login(remeberMe,response); - } - } //for Kerberos login if(!isAuthenticated){ if(applicationConfig.getLoginConfig().isKerberos()&&