authentication jwt RemeberMe

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/AbstractAuthenticationRealm.java

@@ -32,8 +32,6 @@ import org.maxkey.web.WebConstants;
 import org.maxkey.web.WebContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.jdbc.core.JdbcTemplate;
 import org.springframework.security.core.GrantedAuthority;
 

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/jwt/HttpJwtEntryPoint.java

@@ -0,0 +1,125 @@
+/*
+ * Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+ 
+
+package org.maxkey.authn.support.jwt;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.maxkey.authn.AbstractAuthenticationProvider;
+import org.maxkey.configuration.ApplicationConfig;
+import org.maxkey.constants.ConstantsLoginType;
+import org.maxkey.web.WebConstants;
+import org.maxkey.web.WebContext;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.web.servlet.AsyncHandlerInterceptor;
+
+import com.nimbusds.jwt.SignedJWT;
+
+
+public class HttpJwtEntryPoint implements AsyncHandlerInterceptor {
+	private static final Logger _logger = LoggerFactory.getLogger(HttpJwtEntryPoint.class);
+	
+    boolean enable;
+    
+  	ApplicationConfig applicationConfig;
+    
+    AbstractAuthenticationProvider authenticationProvider ;
+    
+	JwtLoginService jwtLoginService;
+	
+	 @Override
+	 public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
+		 boolean isAuthenticated= WebContext.isAuthenticated();
+		 
+		 String jwt = request.getParameter(WebConstants.JWT_TOKEN_PARAMETER);
+		 if(!enable || isAuthenticated || jwt == null){
+			 return true;
+		 }
+		 
+		 _logger.debug("JWT Login Start ...");
+		 _logger.info("Request url : "+ request.getRequestURL());
+		 _logger.info("Request URI : "+ request.getRequestURI());
+		 _logger.info("Request ContextPath : "+ request.getContextPath());
+		 _logger.info("Request ServletPath : "+ request.getServletPath());
+		 _logger.debug("RequestSessionId : "+ request.getRequestedSessionId());
+		 _logger.debug("isRequestedSessionIdValid : "+ request.isRequestedSessionIdValid());
+		 _logger.debug("getSession : "+ request.getSession(false));
+		 
+		// session not exists，session timeout，recreate new session
+		 if(request.getSession(false) == null) {
+		    _logger.info("recreate new session .");
+			request.getSession(true);
+		 }
+		 
+		 _logger.info("getSession.getId : "+ request.getSession().getId());
+
+		//for jwt Login
+		if(!isAuthenticated){
+			 _logger.debug("jwt : " + jwt);
+
+			 SignedJWT signedJWT = jwtLoginService.jwtTokenValidation(jwt);
+			 if(signedJWT != null) {
+				 String username =signedJWT.getJWTClaimsSet().getSubject();
+				 authenticationProvider.trustAuthentication(username, ConstantsLoginType.JWT, "", "", "success"); 
+			 }
+	           
+		}
+		
+		return true;
+	}
+
+	 public HttpJwtEntryPoint() {
+	        super();
+	 }
+
+    public HttpJwtEntryPoint (boolean enable) {
+        super();
+        this.enable = enable;
+    }
+
+    public HttpJwtEntryPoint(AbstractAuthenticationProvider authenticationProvider, JwtLoginService jwtLoginService,
+			ApplicationConfig applicationConfig, boolean enable) {
+		super();
+		this.authenticationProvider = authenticationProvider;
+		this.jwtLoginService = jwtLoginService;
+		this.applicationConfig = applicationConfig;
+		this.enable = enable;
+	}
+
+	public boolean isEnable() {
+        return enable;
+    }
+
+    public void setEnable(boolean enable) {
+        this.enable = enable;
+    }
+
+	public void setApplicationConfig(ApplicationConfig applicationConfig) {
+		this.applicationConfig = applicationConfig;
+	}
+
+	public void setAuthenticationProvider(AbstractAuthenticationProvider authenticationProvider) {
+		this.authenticationProvider = authenticationProvider;
+	}
+
+	public void setJwtLoginService(JwtLoginService jwtLoginService) {
+		this.jwtLoginService = jwtLoginService;
+	}
+	
+}

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/jwt/JwtLoginService.java

@@ -28,11 +28,8 @@ import com.nimbusds.jwt.PlainJWT;
 import com.nimbusds.jwt.SignedJWT;
 import java.util.Date;
 import java.util.UUID;
-import javax.servlet.http.HttpServletResponse;
 import org.joda.time.DateTime;
-import org.maxkey.authn.AbstractAuthenticationProvider;
 import org.maxkey.configuration.oidc.OIDCProviderMetadataDetails;
-import org.maxkey.constants.ConstantsLoginType;
 import org.maxkey.crypto.jwt.signer.service.impl.DefaultJwtSigningAndValidationService;
 import org.maxkey.web.WebContext;
 import org.slf4j.Logger;
@@ -47,77 +44,14 @@ public class JwtLoginService {
 
     DefaultJwtSigningAndValidationService jwtSignerValidationService;
     
-    AbstractAuthenticationProvider authenticationProvider ;
+    public JwtLoginService(
-
-    
-    public JwtLoginService(AbstractAuthenticationProvider authenticationProvider,
             OIDCProviderMetadataDetails jwtProviderMetadata,
             DefaultJwtSigningAndValidationService jwtSignerValidationService
             ) {
-        this.authenticationProvider = authenticationProvider;
         this.jwtProviderMetadata = jwtProviderMetadata;
         this.jwtSignerValidationService = jwtSignerValidationService;
         
     }
-    public boolean login(String jwt, HttpServletResponse response) {
-        _logger.debug("jwt : " + jwt);
-
-        String username = null;
-        SignedJWT signedJWT = null;
-
-        boolean loginResult = false;
-        JWTClaimsSet jwtClaimsSet = null;
-        try {
-
-            RSASSAVerifier rsaSSAVerifier = new RSASSAVerifier(((RSAKey) jwtSignerValidationService.getAllPublicKeys()
-                    .get(jwtSignerValidationService.getDefaultSignerKeyId())).toRSAPublicKey());
-
-            signedJWT = SignedJWT.parse(jwt);
-            if (signedJWT.verify(rsaSSAVerifier)) {
-                loginResult = true;
-            } else {
-                _logger.debug("verify false ");
-                return false;
-            }
-            jwtClaimsSet = signedJWT.getJWTClaimsSet();
-
-            _logger.debug("" + signedJWT.getPayload());
-            _logger.debug("jwtClaimsSet Issuer " + jwtClaimsSet.getIssuer());
-            _logger.debug("Metadata Issuer " + jwtProviderMetadata.getIssuer());
-
-            if (loginResult && jwtClaimsSet.getIssuer().equals(jwtProviderMetadata.getIssuer())) {
-                loginResult = true;
-                _logger.debug("Issuer equals ");
-            } else {
-                _logger.debug("Issuer not equals ");
-                return false;
-            }
-
-            _logger.debug("username " + jwtClaimsSet.getSubject());
-
-            if (loginResult && jwtClaimsSet.getSubject() != null) {
-                username = jwtClaimsSet.getSubject();
-            } else {
-                return false;
-            }
-
-            DateTime now = new DateTime();
-
-            if (loginResult && now.isBefore(jwtClaimsSet.getExpirationTime().getTime())) {
-                authenticationProvider.trustAuthentication(username, ConstantsLoginType.JWT, "", "", "success");
-                return true;
-            }
-        } catch (java.text.ParseException e) {
-            // Invalid signed JWT encoding
-            _logger.error("Invalid signed JWT encoding ");
-        } catch (JOSEException e) {
-            // TODO Auto-generated catch block
-            e.printStackTrace();
-            _logger.error("JOSEException ");
-        }
-
-        return false;
-    }
 
     public String buildLoginJwt() {
         _logger.debug("buildLoginJwt .");
@@ -144,10 +78,8 @@ public class JwtLoginService {
         return tokenString;
     }
 
-    public boolean jwtTokenValidation(String jwt) {
+    public SignedJWT jwtTokenValidation(String jwt) {
         SignedJWT signedJWT = null;
-
-        boolean loginResult = false;
         JWTClaimsSet jwtClaimsSet = null;
         try {
 
@@ -156,44 +88,34 @@ public class JwtLoginService {
 
             signedJWT = SignedJWT.parse(jwt);
             if (signedJWT.verify(rsaSSAVerifier)) {
-                loginResult = true;
+            	 jwtClaimsSet = signedJWT.getJWTClaimsSet();
+                 _logger.debug("" + signedJWT.getPayload());
+                 _logger.debug("username " + jwtClaimsSet.getSubject());
+                 _logger.debug("jwtClaimsSet Issuer " + jwtClaimsSet.getIssuer());
+                 _logger.debug("Metadata Issuer " + jwtProviderMetadata.getIssuer());
+                 if ( jwtClaimsSet.getIssuer().equals(jwtProviderMetadata.getIssuer())) {
+                     _logger.debug("Issuer equals ");
+                     DateTime now = new DateTime();
+                     if (now.isBefore(jwtClaimsSet.getExpirationTime().getTime())) {
+                         _logger.debug("ExpirationTime  Validation " + now.isBefore(jwtClaimsSet.getExpirationTime().getTime()));
+                        return signedJWT;
+                     } 
+                 } else {
+                     _logger.debug("Issuer not equals ");
+                 }
             } else {
                 _logger.debug("verify false ");
             }
-            jwtClaimsSet = signedJWT.getJWTClaimsSet();
            
-            _logger.debug("" + signedJWT.getPayload());
-
-            _logger.debug("username " + jwtClaimsSet.getSubject());
-
-            _logger.debug("jwtClaimsSet Issuer " + jwtClaimsSet.getIssuer());
-            _logger.debug("Metadata Issuer " + jwtProviderMetadata.getIssuer());
-
-            if (loginResult && jwtClaimsSet.getIssuer().equals(jwtProviderMetadata.getIssuer())) {
-                loginResult = true;
-                _logger.debug("Issuer equals ");
-            } else {
-                _logger.debug("Issuer not equals ");
-                return false;
-            }
-
-            DateTime now = new DateTime();
-
-            if (loginResult && now.isBefore(jwtClaimsSet.getExpirationTime().getTime())) {
-                _logger.debug("ExpirationTime  Validation " + now.isBefore(jwtClaimsSet.getExpirationTime().getTime()));
-                loginResult = true;
-            } else {
-                return false;
-            }
         } catch (java.text.ParseException e) {
             // Invalid signed JWT encoding
-            _logger.debug("Invalid signed JWT encoding ");
+            _logger.error("Invalid signed JWT encoding ",e);
         } catch (JOSEException e) {
             // TODO Auto-generated catch block
             e.printStackTrace();
-            _logger.debug("JOSEException ");
+            _logger.error("JOSEException ",e);
         }
-        return loginResult;
+        return null;
     }
 
 
@@ -205,8 +127,13 @@ public class JwtLoginService {
         this.jwtSignerValidationService = jwtSignerValidationService;
     }
 
-    public void setAuthenticationProvider(AbstractAuthenticationProvider authenticationProvider) {
+	public OIDCProviderMetadataDetails getJwtProviderMetadata() {
-        this.authenticationProvider = authenticationProvider;
+		return jwtProviderMetadata;
-    }
+	}
+	public DefaultJwtSigningAndValidationService getJwtSignerValidationService() {
+		return jwtSignerValidationService;
+	}
+    
+    
 
 }

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/AbstractRemeberMeService.java

@@ -22,10 +22,7 @@ import java.util.regex.Pattern;
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-import org.joda.time.DateTime;
-import org.maxkey.authn.AbstractAuthenticationProvider;
 import org.maxkey.configuration.ApplicationConfig;
-import org.maxkey.constants.ConstantsLoginType;
 import org.maxkey.constants.ConstantsTimeInterval;
 import org.maxkey.crypto.Base64Utils;
 import org.maxkey.crypto.ReciprocalUtils;
@@ -48,10 +45,6 @@ public abstract class AbstractRemeberMeService {
     @Qualifier("applicationConfig")
     protected ApplicationConfig applicationConfig;
 
-    @Autowired
-    @Qualifier("authenticationProvider")
-    AbstractAuthenticationProvider authenticationProvider ;
-
     // follow function is for persist
     public abstract void save(RemeberMe remeberMe);
 
@@ -97,38 +90,6 @@ public abstract class AbstractRemeberMeService {
         return true;
     }
 
-    public boolean login(String remeberMe, HttpServletResponse response) {
-        _logger.debug("RemeberMe : " + remeberMe);
-
-        remeberMe = new String(Base64Utils.base64UrlDecode(remeberMe));
-
-        remeberMe = ReciprocalUtils.decoder(remeberMe);
-
-        _logger.debug("decoder RemeberMe : " + remeberMe);
-        RemeberMe remeberMeCookie = new RemeberMe();
-        remeberMeCookie = (RemeberMe) JsonUtils.json2Object(remeberMe, remeberMeCookie);
-        _logger.debug("Remeber Me Cookie : " + remeberMeCookie);
-
-        RemeberMe storeRemeberMe = read(remeberMeCookie);
-        if (storeRemeberMe == null)  {
-            return false;
-        }
-        DateTime loginDate = new DateTime(storeRemeberMe.getLastLogin());
-        DateTime expiryDate = loginDate.plusSeconds(getRemeberMeValidity());
-        DateTime now = new DateTime();
-        if (now.isBefore(expiryDate)) {
-            authenticationProvider.trustAuthentication(
-                    storeRemeberMe.getUsername(), 
-                    ConstantsLoginType.REMEBER_ME, 
-                    "", 
-                    "", 
-                    "success");
-            return updateRemeberMe(remeberMeCookie, response);
-
-        }
-        return false;
-    }
-
     public boolean updateRemeberMe(RemeberMe remeberMe, HttpServletResponse response) {
         remeberMe.setAuthKey(WebContext.genId());
         remeberMe.setLastLogin(new Date());

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/HttpRemeberMeEntryPoint.java

@@ -0,0 +1,150 @@
+/*
+ * Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+ 
+
+package org.maxkey.authn.support.rememberme;
+
+import javax.servlet.http.Cookie;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.joda.time.DateTime;
+import org.maxkey.authn.AbstractAuthenticationProvider;
+import org.maxkey.configuration.ApplicationConfig;
+import org.maxkey.constants.ConstantsLoginType;
+import org.maxkey.crypto.Base64Utils;
+import org.maxkey.crypto.ReciprocalUtils;
+import org.maxkey.util.JsonUtils;
+import org.maxkey.web.WebConstants;
+import org.maxkey.web.WebContext;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.web.servlet.AsyncHandlerInterceptor;
+
+
+public class HttpRemeberMeEntryPoint implements AsyncHandlerInterceptor {
+	private static final Logger _logger = LoggerFactory.getLogger(HttpRemeberMeEntryPoint.class);
+	
+    boolean enable;
+    
+  	ApplicationConfig applicationConfig;
+    
+    AbstractAuthenticationProvider authenticationProvider ;
+    
+	AbstractRemeberMeService remeberMeService;
+	
+	 @Override
+	 public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
+		 boolean isAuthenticated= WebContext.isAuthenticated();
+		 
+		 Cookie readRemeberMeCookie = WebContext.readCookieByName(request,WebConstants.REMEBER_ME_COOKIE);
+		 if(!enable || isAuthenticated){
+			 return true;
+		 }
+		 
+		 _logger.debug("RemeberMe Login Start ...");
+		 _logger.info("Request url : "+ request.getRequestURL());
+		 _logger.info("Request URI : "+ request.getRequestURI());
+		 _logger.info("Request ContextPath : "+ request.getContextPath());
+		 _logger.info("Request ServletPath : "+ request.getServletPath());
+		 _logger.debug("RequestSessionId : "+ request.getRequestedSessionId());
+		 _logger.debug("isRequestedSessionIdValid : "+ request.isRequestedSessionIdValid());
+		 _logger.debug("getSession : "+ request.getSession(false));
+		 
+		// session not exists，session timeout，recreate new session
+		 if(request.getSession(false) == null) {
+		    _logger.info("recreate new session .");
+			request.getSession(true);
+		 }
+		 
+		 _logger.info("getSession.getId : "+ request.getSession().getId());
+
+		 if(applicationConfig.getLoginConfig().isRemeberMe()&&readRemeberMeCookie!=null){
+				_logger.debug("Try RemeberMe login ");
+				String remeberMe = readRemeberMeCookie.getValue();
+				 _logger.debug("RemeberMe : " + remeberMe);
+
+		        remeberMe = new String(Base64Utils.base64UrlDecode(remeberMe));
+
+		        remeberMe = ReciprocalUtils.decoder(remeberMe);
+
+		        _logger.debug("decoder RemeberMe : " + remeberMe);
+		        RemeberMe remeberMeCookie = new RemeberMe();
+		        remeberMeCookie = (RemeberMe) JsonUtils.json2Object(remeberMe, remeberMeCookie);
+		        _logger.debug("Remeber Me Cookie : " + remeberMeCookie);
+
+		        RemeberMe storeRemeberMe = remeberMeService.read(remeberMeCookie);
+		        if (storeRemeberMe != null)  {
+			        DateTime loginDate = new DateTime(storeRemeberMe.getLastLogin());
+			        DateTime expiryDate = loginDate.plusSeconds(remeberMeService.getRemeberMeValidity());
+			        DateTime now = new DateTime();
+			        if (now.isBefore(expiryDate)) {
+			            authenticationProvider.trustAuthentication(
+			                    storeRemeberMe.getUsername(), 
+			                    ConstantsLoginType.REMEBER_ME, 
+			                    "", 
+			                    "", 
+			                    "success");
+			            remeberMeService.updateRemeberMe(remeberMeCookie, response);
+
+			        }
+		        }
+		}
+		
+		 return true;
+	}
+
+	 public HttpRemeberMeEntryPoint() {
+	        super();
+	 }
+
+    public HttpRemeberMeEntryPoint (boolean enable) {
+        super();
+        this.enable = enable;
+    }
+
+    public HttpRemeberMeEntryPoint(
+			AbstractAuthenticationProvider authenticationProvider, AbstractRemeberMeService remeberMeService,
+			ApplicationConfig applicationConfig,boolean enable) {
+		super();
+		this.enable = enable;
+		this.applicationConfig = applicationConfig;
+		this.authenticationProvider = authenticationProvider;
+		this.remeberMeService = remeberMeService;
+	}
+
+	public boolean isEnable() {
+        return enable;
+    }
+
+    public void setEnable(boolean enable) {
+        this.enable = enable;
+    }
+
+	public void setApplicationConfig(ApplicationConfig applicationConfig) {
+		this.applicationConfig = applicationConfig;
+	}
+
+	public void setAuthenticationProvider(AbstractAuthenticationProvider authenticationProvider) {
+		this.authenticationProvider = authenticationProvider;
+	}
+
+	public void setRemeberMeService(AbstractRemeberMeService remeberMeService) {
+		this.remeberMeService = remeberMeService;
+	}
+	 
+	
+}

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/autoconfigure/JwtAuthnAutoConfiguration.java

@@ -23,7 +23,6 @@ import java.net.URI;
 import java.security.NoSuchAlgorithmException;
 import java.security.spec.InvalidKeySpecException;
 
-import org.maxkey.authn.AbstractAuthenticationProvider;
 import org.maxkey.authn.support.jwt.JwtLoginService;
 import org.maxkey.configuration.oidc.OIDCProviderMetadataDetails;
 import org.maxkey.constants.ConstantsProperties;
@@ -126,11 +125,9 @@ public class JwtAuthnAutoConfiguration implements InitializingBean {
     @Bean(name = "jwtLoginService")
     public JwtLoginService jwtLoginService(
             DefaultJwtSigningAndValidationService jwtSignerValidationService,
-            OIDCProviderMetadataDetails oidcProviderMetadata,
+            OIDCProviderMetadataDetails oidcProviderMetadata) {
-            AbstractAuthenticationProvider authenticationProvider) {
         
         JwtLoginService jwtLoginService = new JwtLoginService(
-                authenticationProvider,
                 oidcProviderMetadata,
                 jwtSignerValidationService
                 );

maxkey-core/src/main/java/org/maxkey/web/InitializeContext.java

@@ -130,20 +130,20 @@ public class InitializeContext extends HttpServlet {
                         + databaseMetaData.getDatabaseProductName());
                 _logger.debug("DatabaseProductVersion:   " 
                         + databaseMetaData.getDatabaseProductVersion());
-                _logger.debug("DatabaseMajorVersion  :   " 
+                _logger.trace("DatabaseMajorVersion  :   " 
                         + databaseMetaData.getDatabaseMajorVersion());
-                _logger.debug("DatabaseMinorVersion  :   " 
+                _logger.trace("DatabaseMinorVersion  :   " 
                         + databaseMetaData.getDatabaseMinorVersion());
-                _logger.debug("supportsTransactions  :   " 
+                _logger.trace("supportsTransactions  :   " 
                         + databaseMetaData.supportsTransactions());
-                _logger.debug("DefaultTransaction    :   " 
+                _logger.trace("DefaultTransaction    :   " 
                         + databaseMetaData.getDefaultTransactionIsolation());
-                _logger.debug("MaxConnections        :   " 
+                _logger.trace("MaxConnections        :   " 
                         + databaseMetaData.getMaxConnections());
-                _logger.debug("");
+                _logger.trace("");
-                _logger.debug("JDBCMajorVersion      :   " 
+                _logger.trace("JDBCMajorVersion      :   " 
                         + databaseMetaData.getJDBCMajorVersion());
-                _logger.debug("JDBCMinorVersion      :   " 
+                _logger.trace("JDBCMinorVersion      :   " 
                         + databaseMetaData.getJDBCMinorVersion());
                 _logger.debug("DriverName            :   " 
                         + databaseMetaData.getDriverName());
@@ -157,6 +157,7 @@ public class InitializeContext extends HttpServlet {
                 _logger.debug("-----------------------------------------------------------");
             } catch (SQLException e) {
                 e.printStackTrace();
+                _logger.error("DatabaseMetaData Variables Error .",e);
             }
         }
     }

maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/autoconfigure/Oauth20AutoConfiguration.java

@@ -23,8 +23,6 @@ import java.security.spec.InvalidKeySpecException;
 
 import javax.servlet.Filter;
 import javax.sql.DataSource;
-
-import org.maxkey.authn.AbstractAuthenticationProvider;
 import org.maxkey.authn.support.jwt.JwtLoginService;
 import org.maxkey.authz.oauth2.provider.ClientDetailsService;
 import org.maxkey.authz.oauth2.provider.OAuth2UserDetailsService;
@@ -168,11 +166,9 @@ public class Oauth20AutoConfiguration implements InitializingBean {
     @Bean(name = "jwtLoginService")
     public JwtLoginService jwtLoginService(
             DefaultJwtSigningAndValidationService jwtSignerValidationService,
-            OIDCProviderMetadataDetails oidcProviderMetadata,
+            OIDCProviderMetadataDetails oidcProviderMetadata) {
-            AbstractAuthenticationProvider authenticationProvider) {
         
         JwtLoginService jwtLoginService = new JwtLoginService(
-                authenticationProvider,
                 oidcProviderMetadata,
                 jwtSignerValidationService
                 );

maxkey-web-manage/src/main/java/org/maxkey/MaxKeyMgtMvcConfig.java

@@ -17,12 +17,19 @@
 
 package org.maxkey;
 
+import org.maxkey.authn.AbstractAuthenticationProvider;
+import org.maxkey.authn.support.jwt.HttpJwtEntryPoint;
+import org.maxkey.authn.support.jwt.JwtLoginService;
+import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
+import org.maxkey.authn.support.rememberme.HttpRemeberMeEntryPoint;
+import org.maxkey.configuration.ApplicationConfig;
 import org.maxkey.web.interceptor.HistoryLogsAdapter;
 import org.maxkey.web.interceptor.PermissionAdapter;
 import org.maxkey.web.interceptor.RestApiPermissionAdapter;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
@@ -34,6 +41,23 @@ import org.springframework.web.servlet.i18n.LocaleChangeInterceptor;
 @EnableWebMvc
 public class MaxKeyMgtMvcConfig implements WebMvcConfigurer {
     private static final  Logger _logger = LoggerFactory.getLogger(MaxKeyMgtMvcConfig.class);
+    
+    @Autowired
+  	@Qualifier("applicationConfig")
+  	ApplicationConfig applicationConfig;
+    
+    @Autowired
+    @Qualifier("authenticationProvider")
+    AbstractAuthenticationProvider authenticationProvider ;
+    
+    @Autowired
+	@Qualifier("remeberMeService")
+	AbstractRemeberMeService remeberMeService;
+    
+    @Autowired
+   	@Qualifier("jwtLoginService")
+    JwtLoginService jwtLoginService;
+    
     @Autowired
     PermissionAdapter permissionAdapter;
     
@@ -74,6 +98,17 @@ public class MaxKeyMgtMvcConfig implements WebMvcConfigurer {
     public void addInterceptors(InterceptorRegistry registry) {
         //addPathPatterns 用于添加拦截规则 ， 先把所有路径都加入拦截， 再一个个排除
         //excludePathPatterns 表示改路径不用拦截
+    	
+    	_logger.debug("add HttpRemeberMeEntryPoint");
+        registry.addInterceptor(new HttpRemeberMeEntryPoint(
+        			authenticationProvider,remeberMeService,applicationConfig,true))
+        		.addPathPatterns("/login");
+        
+        _logger.debug("add HttpJwtEntryPoint");
+        registry.addInterceptor(new HttpJwtEntryPoint(
+        		authenticationProvider,jwtLoginService,applicationConfig,true))
+        	.addPathPatterns("/login");
+        
         registry.addInterceptor(permissionAdapter)
                 .addPathPatterns("/main/**")
                 .addPathPatterns("/orgs/**")
@@ -110,6 +145,7 @@ public class MaxKeyMgtMvcConfig implements WebMvcConfigurer {
         _logger.debug("add LocaleChangeInterceptor");
         
         
+        
         registry.addInterceptor(restApiPermissionAdapter)
                 .addPathPatterns("/identity/api/**")
                 ;

maxkey-web-manage/src/main/java/org/maxkey/web/endpoint/LoginEndpoint.java

@@ -22,20 +22,15 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.maxkey.authn.AbstractAuthenticationProvider;
 import org.maxkey.authn.LoginCredential;
-import org.maxkey.authn.support.jwt.JwtLoginService;
-import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
 import org.maxkey.configuration.ApplicationConfig;
-import org.maxkey.web.WebConstants;
 import org.maxkey.web.WebContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.CookieValue;
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.servlet.ModelAndView;
 
 
@@ -52,14 +47,6 @@ public class LoginEndpoint {
   	protected ApplicationConfig applicationConfig;
  	
 
-	@Autowired
-	@Qualifier("remeberMeService")
-	protected AbstractRemeberMeService remeberMeService;
-	
-	@Autowired
-	@Qualifier("jwtLoginService")
-	JwtLoginService jwtLoginService;
-	
 	@Autowired
 	@Qualifier("authenticationProvider")
 	AbstractAuthenticationProvider authenticationProvider ;
@@ -71,29 +58,13 @@ public class LoginEndpoint {
  	@RequestMapping(value={"/login"})
 	public ModelAndView login(
 			HttpServletRequest request,
-			HttpServletResponse response,
+			HttpServletResponse response) {
-			@CookieValue(value=WebConstants.REMEBER_ME_COOKIE,required=false) String remeberMe,
-			@RequestParam(value = WebConstants.JWT_TOKEN_PARAMETER, required = false) String jwt) {
  		
 		_logger.debug("LoginController /login.");
 		ModelAndView modelAndView = new ModelAndView();
 		
 		boolean isAuthenticated= WebContext.isAuthenticated();
 		
-		//for jwt Login
-		if(!isAuthenticated){
-			if(jwt!=null&&!jwt.equals("")){
-				isAuthenticated=jwtLoginService.login(jwt, response);
-			}
-		}
-				
-		//for RemeberMe login
-		if(!isAuthenticated){
-			if(applicationConfig.getLoginConfig().isRemeberMe()&&remeberMe!=null&& !remeberMe.equals("")){
-				isAuthenticated=remeberMeService.login(remeberMe,response);
-			}
-		}
-
 		//for normal login
 		if(!isAuthenticated){
 			modelAndView.addObject("isRemeberMe", applicationConfig.getLoginConfig().isRemeberMe());

maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java

@@ -49,8 +49,6 @@ import org.mybatis.spring.annotation.MapperScan;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.InitializingBean;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
@@ -130,14 +128,6 @@ public class MaxKeyConfig  implements InitializingBean {
         return authenticationRealm;
     }
     
-    //JdbcAuthenticationRealm
-    public JdbcAuthenticationRealm jdbcAuthenticationRealm(
-                JdbcTemplate jdbcTemplate) {
-        JdbcAuthenticationRealm authenticationRealm = new JdbcAuthenticationRealm(jdbcTemplate);
-        _logger.debug("JdbcAuthenticationRealm inited.");
-        return authenticationRealm;
-    }
-    
     //LdapAuthenticationRealm
     public LdapAuthenticationRealm ldapAuthenticationRealm(
                 JdbcTemplate jdbcTemplate) {

maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyMvcConfig.java

@@ -17,8 +17,12 @@
 
 package org.maxkey;
 
+import org.maxkey.authn.AbstractAuthenticationProvider;
 import org.maxkey.authn.support.basic.BasicEntryPoint;
 import org.maxkey.authn.support.httpheader.HttpHeaderEntryPoint;
+import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
+import org.maxkey.authn.support.rememberme.HttpRemeberMeEntryPoint;
+import org.maxkey.configuration.ApplicationConfig;
 import org.maxkey.constants.ConstantsProperties;
 import org.maxkey.web.interceptor.HistoryLoginAppAdapter;
 import org.maxkey.web.interceptor.HistoryLogsAdapter;
@@ -27,6 +31,7 @@ import org.maxkey.web.interceptor.PreLoginAppAdapter;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.PropertySource;
@@ -42,6 +47,18 @@ import org.springframework.web.servlet.i18n.LocaleChangeInterceptor;
 public class MaxKeyMvcConfig implements WebMvcConfigurer {
     private static final  Logger _logger = LoggerFactory.getLogger(MaxKeyMvcConfig.class);
     
+    @Autowired
+  	@Qualifier("applicationConfig")
+  	ApplicationConfig applicationConfig;
+    
+    @Autowired
+    @Qualifier("authenticationProvider")
+    AbstractAuthenticationProvider authenticationProvider ;
+    
+    @Autowired
+	@Qualifier("remeberMeService")
+	AbstractRemeberMeService remeberMeService;
+    
     @Autowired
     PermissionAdapter permissionAdapter;
     
@@ -93,6 +110,23 @@ public class MaxKeyMvcConfig implements WebMvcConfigurer {
     public void addInterceptors(InterceptorRegistry registry) {
         //addPathPatterns 用于添加拦截规则 ， 先把所有路径都加入拦截， 再一个个排除
         //excludePathPatterns 表示改路径不用拦截
+        _logger.debug("add HttpRemeberMeEntryPoint");
+        registry.addInterceptor(new HttpRemeberMeEntryPoint(
+        			authenticationProvider,remeberMeService,applicationConfig,true))
+        		.addPathPatterns("/login");
+        
+        if(httpHeaderEnable) {
+            registry.addInterceptor(new HttpHeaderEntryPoint(httpHeaderName,httpHeaderEnable))
+                    .addPathPatterns("/*");
+            _logger.debug("add HttpHeaderEntryPoint");
+        }
+        
+        if(basicEnable) {
+            registry.addInterceptor(new BasicEntryPoint(basicEnable))
+                    .addPathPatterns("/*");
+            _logger.debug("add BasicEntryPoint");
+        }
+        
         registry.addInterceptor(permissionAdapter)
                 .addPathPatterns("/index/**")
                 .addPathPatterns("/logs/**")
@@ -176,17 +210,7 @@ public class MaxKeyMvcConfig implements WebMvcConfigurer {
         registry.addInterceptor(localeChangeInterceptor);
         _logger.debug("add LocaleChangeInterceptor");
         
-        if(httpHeaderEnable) {
-            registry.addInterceptor(new HttpHeaderEntryPoint(httpHeaderName,httpHeaderEnable))
-                    .addPathPatterns("/*");
-            _logger.debug("add HttpHeaderEntryPoint");
-        }
 
-        if(basicEnable) {
-            registry.addInterceptor(new BasicEntryPoint(basicEnable))
-                    .addPathPatterns("/*");
-            _logger.debug("add BasicEntryPoint");
-        }
     }
 
 }

maxkey-web-maxkey/src/main/java/org/maxkey/web/endpoint/LoginEndpoint.java

@@ -27,7 +27,6 @@ import javax.servlet.http.HttpServletResponse;
 import org.maxkey.authn.AbstractAuthenticationProvider;
 import org.maxkey.authn.LoginCredential;
 import org.maxkey.authn.support.kerberos.KerberosService;
-import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
 import org.maxkey.authn.support.socialsignon.service.SocialSignOnProviderService;
 import org.maxkey.authn.support.wsfederation.WsFederationConstants;
 import org.maxkey.configuration.ApplicationConfig;
@@ -44,7 +43,6 @@ import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.CookieValue;
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -61,8 +59,6 @@ import org.springframework.web.servlet.ModelAndView;
 public class LoginEndpoint {
 	private static Logger _logger = LoggerFactory.getLogger(LoginEndpoint.class);
 	
-	
-	
 	@Autowired
   	@Qualifier("applicationConfig")
   	ApplicationConfig applicationConfig;
@@ -71,10 +67,6 @@ public class LoginEndpoint {
 	@Qualifier("socialSignOnProviderService")
 	SocialSignOnProviderService socialSignOnProviderService;
 	
-	@Autowired
-	@Qualifier("remeberMeService")
-	AbstractRemeberMeService remeberMeService;
-	
 	@Autowired
 	@Qualifier("kerberosService")
 	KerberosService kerberosService;
@@ -95,11 +87,6 @@ public class LoginEndpoint {
     @Qualifier("tfaOtpAuthn")
     protected AbstractOtpAuthn tfaOtpAuthn;
 	
-	/*
-	@Autowired
-	@Qualifier("jwtLoginService")
-	JwtLoginService jwtLoginService;
-	*/
 	/**
 	 * init login
 	 * @return
@@ -108,7 +95,6 @@ public class LoginEndpoint {
 	public ModelAndView login(
 			HttpServletRequest request,
 			HttpServletResponse response,
-			@CookieValue(value=WebConstants.REMEBER_ME_COOKIE,required=false) String remeberMe,
 			@RequestParam(value=WebConstants.CAS_SERVICE_PARAMETER,required=false) String casService,
 			@RequestParam(value=WebConstants.KERBEROS_TOKEN_PARAMETER,required=false) String kerberosToken,
 			@RequestParam(value=WebConstants.KERBEROS_USERDOMAIN_PARAMETER,required=false) String kerberosUserDomain,
@@ -119,13 +105,6 @@ public class LoginEndpoint {
 		ModelAndView modelAndView = new ModelAndView("login");
 		
 		boolean isAuthenticated= WebContext.isAuthenticated();
-		//for RemeberMe login
-		if(!isAuthenticated){
-			if(applicationConfig.getLoginConfig().isRemeberMe()&&remeberMe!=null&& !remeberMe.equals("")){
-				_logger.debug("Try RemeberMe login ");
-				isAuthenticated=remeberMeService.login(remeberMe,response);
-			}
-		}
 		//for Kerberos login
 		if(!isAuthenticated){
 			if(applicationConfig.getLoginConfig().isKerberos()&&