v2.0.RC1

2025-12-06 08:59:10 +08:00 · 2020-05-26 08:35:33 +08:00 · 2020-05-26 08:35:33 +08:00 · 73b6625294
commit 73b6625294
parent 1ad1db9846
10 changed files with 424 additions and 390 deletions
--- a/maxkey-authentications/src/main/java/org/maxkey/authn/support/httpheader/HttpHeaderConfig.java
+++ b/maxkey-authentications/src/main/java/org/maxkey/authn/support/httpheader/HttpHeaderConfig.java
@ -1,33 +0,0 @@
-package org.maxkey.authn.support.httpheader;
-
-public class HttpHeaderConfig {
-	String headerName;
-	boolean enable;
-	
-	
-	/**
-	 * 
-	 */
-	public HttpHeaderConfig() {
-
-	}
-	public String getHeaderName() {
-		return headerName;
-	}
-	public void setHeaderName(String headerName) {
-		this.headerName = headerName;
-	}
-	public boolean isEnable() {
-		return enable;
-	}
-	public void setEnable(boolean enable) {
-		this.enable = enable;
-	}
-    public HttpHeaderConfig(String headerName, boolean enable) {
-        super();
-        this.headerName = headerName;
-        this.enable = enable;
-    }
-	
-	
-}
--- a/maxkey-authentications/src/main/java/org/maxkey/authn/support/httpheader/HttpHeaderEntryPoint.java
+++ b/maxkey-authentications/src/main/java/org/maxkey/authn/support/httpheader/HttpHeaderEntryPoint.java
@ -15,8 +15,9 @@ import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
 public class HttpHeaderEntryPoint extends HandlerInterceptorAdapter {
 	private static final Logger _logger = LoggerFactory.getLogger(HttpHeaderEntryPoint.class);
 	
-	
-	HttpHeaderConfig httpHeaderSupport;
+	String headerName;
+    boolean enable;
+    
 	
 	String []skipRequestURI={
 			"/oauth/v20/token",
@ -27,7 +28,7 @@ public class HttpHeaderEntryPoint extends HandlerInterceptorAdapter {
 	 @Override
 	 public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
 		 
-		 if(!httpHeaderSupport.isEnable()){
+		 if(!enable){
 			 return true;
 		 }
 		 String requestPath=request.getServletPath();
@ -55,7 +56,7 @@ public class HttpHeaderEntryPoint extends HandlerInterceptorAdapter {
 		 }
 		 
 		 _logger.info("getSession.getId : "+ request.getSession().getId());
-		 String httpHeaderUsername = request.getHeader(httpHeaderSupport.getHeaderName());
+		 String httpHeaderUsername = request.getHeader(headerName);

 		 _logger.info("HttpHeader username : " + httpHeaderUsername);
 		
@ -94,14 +95,28 @@ public class HttpHeaderEntryPoint extends HandlerInterceptorAdapter {
 	 public HttpHeaderEntryPoint() {
 	        super();
 	 }
-	 
-	public HttpHeaderEntryPoint(HttpHeaderConfig httpHeaderSupport) {
+
+    public HttpHeaderEntryPoint(String headerName, boolean enable) {
        super();
-        this.httpHeaderSupport = httpHeaderSupport;
+        this.headerName = headerName;
+        this.enable = enable;
    }

-    public void setHttpHeaderSupport(HttpHeaderConfig httpHeaderSupport) {
-		this.httpHeaderSupport = httpHeaderSupport;
-	}
+    public String getHeaderName() {
+        return headerName;
+    }
+
+    public void setHeaderName(String headerName) {
+        this.headerName = headerName;
+    }
+
+    public boolean isEnable() {
+        return enable;
+    }
+
+    public void setEnable(boolean enable) {
+        this.enable = enable;
+    }
+	 
 	
 }
--- a/maxkey-core/src/main/java/org/maxkey/persistence/ldap/ActiveDirectoryUtils.java
+++ b/maxkey-core/src/main/java/org/maxkey/persistence/ldap/ActiveDirectoryUtils.java
@ -1,6 +1,5 @@
 package org.maxkey.persistence.ldap;

-
 import java.util.Properties;

 import javax.naming.Context;
@ -15,92 +14,86 @@ import org.slf4j.LoggerFactory;
 *
 */
 public class ActiveDirectoryUtils extends LdapUtils {
-	private final static Logger _logger = LoggerFactory.getLogger(ActiveDirectoryUtils.class);
-	
-	public final static String sAMAccountName		=		"sAMAccountName";
-	public final static String unicodePwd			=		"unicodePwd";
-	public final static String CN					=		"CN";
-	
-	public final static String servicePrincipalName	=		"servicePrincipalName";
-	public final static String userPrincipalName	=		"userPrincipalName";
-	public final static String userAccountControl	=		"userAccountControl";
-	
+    private final static Logger _logger = LoggerFactory.getLogger(ActiveDirectoryUtils.class);

-	
-	
-	
-	protected String domain;
+    public final static String sAMAccountName = "sAMAccountName";
+    public final static String unicodePwd = "unicodePwd";
+    public final static String CN = "CN";

-	/**
-	 * 
-	 */
-	public ActiveDirectoryUtils() {
-		super();
-	}
-	
-	public ActiveDirectoryUtils(String providerUrl,String principal,String credentials,String baseDN,String domain) {
-		this.providerUrl=providerUrl;
-		this.principal=principal;
-		this.credentials=credentials;
-		this.searchScope=SearchControls.SUBTREE_SCOPE;
-		this.baseDN=baseDN;
-		this.domain=domain.toUpperCase();
-	}
-	
-	public ActiveDirectoryUtils(String providerUrl,String principal,String credentials,String domain) {
-		this.providerUrl=providerUrl;
-		this.principal=principal;
-		this.credentials=credentials;
-		this.searchScope=SearchControls.SUBTREE_SCOPE;
-		this.domain=domain.toUpperCase();
-	}
-	
-	public ActiveDirectoryUtils(DirContext dirContext) {
-		this.ctx=dirContext;
-	}
-	
-	//connect to ActiveDirectory server
-	@Override
-	public DirContext openConnection(){	     
-		_logger.info("PROVIDER_URL:"+providerUrl);
-		_logger.info("SECURITY_PRINCIPAL:"+principal);
-		_logger.info("SECURITY_CREDENTIALS:"+credentials);
-		//LDAP
-		Properties props = new Properties();
-		props.setProperty(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
-		props.setProperty(Context.URL_PKG_PREFIXES, "com.sun.jndi.url");
-		props.setProperty(Context.REFERRAL, referral);
-		props.setProperty(Context.SECURITY_AUTHENTICATION, "simple");
-		
-		props.setProperty(Context.PROVIDER_URL, providerUrl);
-		if(domain.indexOf(".")>-1){
-			domain=domain.substring(0, domain.indexOf("."));
-		}
-		_logger.info("PROVIDER_DOMAIN:"+domain);
-		String activeDirectoryPrincipal=domain+"\\"+principal;
-		_logger.debug("Active Directory SECURITY_PRINCIPAL : "+activeDirectoryPrincipal);
-		props.setProperty(Context.SECURITY_PRINCIPAL,activeDirectoryPrincipal);
-		props.setProperty(Context.SECURITY_CREDENTIALS, credentials);
-		
-		if(ssl&&providerUrl.toLowerCase().startsWith("ldaps")){
-			System.setProperty("javax.net.ssl.trustStore", trustStore);
-			System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword);
-			props.put(Context.SECURITY_PROTOCOL, "ssl");  
-			props.put(Context.REFERRAL, "follow"); 
-		}
-		
-		return InitialDirContext(props);
-	}
+    public final static String servicePrincipalName = "servicePrincipalName";
+    public final static String userPrincipalName = "userPrincipalName";
+    public final static String userAccountControl = "userAccountControl";

-	public String getDomain() {
-		return domain;
-	}
+    protected String domain;

-	public void setDomain(String domain) {
-		this.domain = domain.toUpperCase();
-	}
-	
+    /**
+     * 
+     */
+    public ActiveDirectoryUtils() {
+        super();
+    }

-	
+    public ActiveDirectoryUtils(String providerUrl, String principal, String credentials, String baseDN,
+            String domain) {
+        this.providerUrl = providerUrl;
+        this.principal = principal;
+        this.credentials = credentials;
+        this.searchScope = SearchControls.SUBTREE_SCOPE;
+        this.baseDN = baseDN;
+        this.domain = domain.toUpperCase();
+    }
+
+    public ActiveDirectoryUtils(String providerUrl, String principal, String credentials, String domain) {
+        this.providerUrl = providerUrl;
+        this.principal = principal;
+        this.credentials = credentials;
+        this.searchScope = SearchControls.SUBTREE_SCOPE;
+        this.domain = domain.toUpperCase();
+    }
+
+    public ActiveDirectoryUtils(DirContext dirContext) {
+        this.ctx = dirContext;
+    }
+
+    // connect to ActiveDirectory server
+    @Override
+    public DirContext openConnection() {
+        _logger.info("PROVIDER_URL:" + providerUrl);
+        _logger.info("SECURITY_PRINCIPAL:" + principal);
+        _logger.info("SECURITY_CREDENTIALS:" + credentials);
+        // LDAP
+        Properties props = new Properties();
+        props.setProperty(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
+        props.setProperty(Context.URL_PKG_PREFIXES, "com.sun.jndi.url");
+        props.setProperty(Context.REFERRAL, referral);
+        props.setProperty(Context.SECURITY_AUTHENTICATION, "simple");
+
+        props.setProperty(Context.PROVIDER_URL, providerUrl);
+        if (domain.indexOf(".") > -1) {
+            domain = domain.substring(0, domain.indexOf("."));
+        }
+        _logger.info("PROVIDER_DOMAIN:" + domain);
+        String activeDirectoryPrincipal = domain + "\\" + principal;
+        _logger.debug("Active Directory SECURITY_PRINCIPAL : " + activeDirectoryPrincipal);
+        props.setProperty(Context.SECURITY_PRINCIPAL, activeDirectoryPrincipal);
+        props.setProperty(Context.SECURITY_CREDENTIALS, credentials);
+
+        if (ssl && providerUrl.toLowerCase().startsWith("ldaps")) {
+            System.setProperty("javax.net.ssl.trustStore", trustStore);
+            System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword);
+            props.put(Context.SECURITY_PROTOCOL, "ssl");
+            props.put(Context.REFERRAL, "follow");
+        }
+
+        return InitialDirContext(props);
+    }
+
+    public String getDomain() {
+        return domain;
+    }
+
+    public void setDomain(String domain) {
+        this.domain = domain.toUpperCase();
+    }

 }
--- a/maxkey-core/src/main/java/org/maxkey/persistence/ldap/LdapUtils.java
+++ b/maxkey-core/src/main/java/org/maxkey/persistence/ldap/LdapUtils.java
@ -1,6 +1,5 @@
 package org.maxkey.persistence.ldap;

-
 import java.util.Properties;

 import javax.naming.Context;
@ -18,259 +17,268 @@ import org.slf4j.LoggerFactory;
 *
 */
 public class LdapUtils {
-	private final static Logger _logger = LoggerFactory.getLogger(LdapUtils.class);
-	
-	public final static String propertyBaseDN				=		"baseDN";
-	public final static String propertyDomain				=		"domain";
-	public final static String propertyTrustStore			=		"trustStore";
-	public final static String propertyTrustStorePassword	=		"trustStorePassword";
-	
-	public final static String uid					=		"uid";
-	public final static String userPassword			=		"userPassword";
-	public final static String cn					=		"cn";
-	public final static String displayName			=		"displayName";
-	public final static String givenName			=		"givenName";
-	public final static String sn					=		"sn";
-	public final static String mobile				=		"mobile";
-	public final static String mail					=		"mail";
-	public final static String employeeNumber		=		"employeeNumber";
-	public final static String ou					=		"ou";
-	public final static String manager				=		"manager";
-	public final static String department			=		"department";
-	public final static String departmentNumber		=		"departmentNumber";
-	public final static String title				=		"title";
-	
-	
-	protected DirContext 	ctx;
-	protected String 		baseDN;
-	protected String 		providerUrl;
-	protected String 		principal;
-	protected String 		credentials;
-	protected String 		referral="ignore";
-	protected String 		trustStore;
-	protected String 		trustStorePassword;
-	protected boolean 		ssl;
-	protected int 			searchScope;
+    private static  final Logger _logger = LoggerFactory.getLogger(LdapUtils.class);

-	/**
-	 * 
-	 */
-	public LdapUtils() {
-		super();
-		this.searchScope=SearchControls.SUBTREE_SCOPE;
-	}
-	public LdapUtils(String providerUrl,String principal,String credentials) {
-		this.providerUrl=providerUrl;
-		this.principal=principal;
-		this.credentials=credentials;
-		this.searchScope=SearchControls.SUBTREE_SCOPE;
-	}
-	public LdapUtils(String providerUrl,String principal,String credentials,String baseDN) {
-		this.providerUrl=providerUrl;
-		this.principal=principal;
-		this.credentials=credentials;
-		this.searchScope=SearchControls.SUBTREE_SCOPE;
-		this.baseDN=baseDN;
-	}
-	
-	public LdapUtils(DirContext dirContext) {
-		this.ctx=dirContext;
-	}
-	
-	public void setSearchSubTreeScope(){
-		this.searchScope=SearchControls.SUBTREE_SCOPE;
-	}
-	
-	public void setSearchOneLevelScope(){
-		this.searchScope=SearchControls.ONELEVEL_SCOPE;
-	}
-	
-	protected DirContext InitialDirContext(Properties properties){
-		try {
-			ctx = new InitialDirContext(properties);
-			_logger.info("connect to ldap "+providerUrl+" seccessful.");
-		} catch (NamingException e) {
-			_logger.error("connect to ldap "+providerUrl+" fail.");
-			e.printStackTrace();
-			_logger.error(e.getMessage());
-		}
+    public static final  String propertyBaseDN = "baseDN";
+    public static final  String propertyDomain = "domain";
+    public static final  String propertyTrustStore = "trustStore";
+    public static final  String propertyTrustStorePassword = "trustStorePassword";
+            
+    public static final  String uid = "uid";
+    public static final  String userPassword = "userPassword";
+    public static final  String cn = "cn";
+    public static final  String displayName = "displayName";
+    public static final  String givenName = "givenName";
+    public static final  String sn = "sn";
+    public static final  String mobile = "mobile";
+    public static final  String mail = "mail";
+    public static final  String employeeNumber = "employeeNumber";
+    public static final  String ou = "ou";
+    public static final  String manager = "manager";
+    public static final  String department = "department";
+    public static final  String departmentNumber = "departmentNumber";
+    public static final  String title = "title";
+
+    protected DirContext ctx;
+    protected String baseDN;
+    protected String providerUrl;
+    protected String principal;
+    protected String credentials;
+    protected String referral = "ignore";
+    protected String trustStore;
+    protected String trustStorePassword;
+    protected boolean ssl;
+    protected int searchScope;
+
+    /**
+     * 
+     */
+    public LdapUtils() {
+        super();
+        this.searchScope = SearchControls.SUBTREE_SCOPE;
+    }
+
+    public LdapUtils(String providerUrl, String principal, String credentials) {
+        this.providerUrl = providerUrl;
+        this.principal = principal;
+        this.credentials = credentials;
+        this.searchScope = SearchControls.SUBTREE_SCOPE;
+    }
+
+    public LdapUtils(String providerUrl, String principal, String credentials, String baseDN) {
+        this.providerUrl = providerUrl;
+        this.principal = principal;
+        this.credentials = credentials;
+        this.searchScope = SearchControls.SUBTREE_SCOPE;
+        this.baseDN = baseDN;
+    }
+
+    public LdapUtils(DirContext dirContext) {
+        this.ctx = dirContext;
+    }
+
+    public void setSearchSubTreeScope() {
+        this.searchScope = SearchControls.SUBTREE_SCOPE;
+    }
+
+    public void setSearchOneLevelScope() {
+        this.searchScope = SearchControls.ONELEVEL_SCOPE;
+    }
+
+    protected DirContext InitialDirContext(Properties properties) {
+        try {
+            ctx = new InitialDirContext(properties);
+            _logger.info("connect to ldap " + providerUrl + " seccessful.");
+        } catch (NamingException e) {
+            _logger.error("connect to ldap " + providerUrl + " fail.");
+            e.printStackTrace();
+            _logger.error(e.getMessage());
+        }
        return ctx;
-	}
-	
-	
-	//connect to ldap server
-	public DirContext openConnection(){	     
-		_logger.info("PROVIDER_URL:"+providerUrl);
-		_logger.info("SECURITY_PRINCIPAL:"+principal);
-		_logger.info("SECURITY_CREDENTIALS:"+credentials);
-		//LDAP
-		Properties props = new Properties();
-		props.setProperty(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
-		props.setProperty(Context.URL_PKG_PREFIXES, "com.sun.jndi.url");
-		props.setProperty(Context.REFERRAL, referral);
-		props.setProperty(Context.SECURITY_AUTHENTICATION, "simple");
-		
-		props.setProperty(Context.PROVIDER_URL, providerUrl);
-		props.setProperty(Context.SECURITY_PRINCIPAL,principal);
-		props.setProperty(Context.SECURITY_CREDENTIALS, credentials);
-		
-		if(ssl&&providerUrl.toLowerCase().startsWith("ldaps")){
-			System.setProperty("javax.net.ssl.trustStore", trustStore);
-			System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword);
-			props.put(Context.SECURITY_PROTOCOL, "ssl");  
-			props.put(Context.REFERRAL, "follow");  
-		}
-		
-        return InitialDirContext(props);
-	}
-	
-	
-	public boolean authenticate(){
-		openConnection();
-		if(this.ctx!=null){
-			close();
-			return true;
-		}else{
-			return false;
-		}
-	}
-	
-	public void  close(){
-		close(this.ctx);
-	}
-	
-	public void  close( DirContext ctx){
-		if (null != ctx) {
-			try{
-				ctx.close();
-			}catch(Exception e){
-				e.printStackTrace();
-				_logger.error(e.getMessage());
-			}finally{
-				ctx=null;
-			}
-		}
-	}
-	
-	public DirContext getCtx() {
-		return ctx;
-	}
-	
-	public DirContext  getConnection(){
-		if(ctx==null){
-			openConnection();
-		}
-		
-		return ctx;
-	}
+    }

-	/**
-	 * @return the baseDN
-	 */
-	public String getBaseDN() {
-		return baseDN;
-	}
-	/**
-	 * @param baseDN the baseDN to set
-	 */
-	public void setBaseDN(String baseDN) {
-		this.baseDN = baseDN;
-	}
-	/**
-	 * @return the searchScope
-	 */
-	public int getSearchScope() {
-		return searchScope;
-	}
-	/**
-	 * @return the providerUrl
-	 */
-	public String getProviderUrl() {
-		return providerUrl;
-	}
-	
-	public String getPrincipal() {
-		return principal;
-	}
-	public void setPrincipal(String principal) {
-		this.principal = principal;
-	}
-	public String getCredentials() {
-		return credentials;
-	}
-	public void setCredentials(String credentials) {
-		this.credentials = credentials;
-	}
-	public void setProviderUrl(String providerUrl) {
-		this.providerUrl = providerUrl;
-	}
-	
-	
-	/**
-	 * @return the trustStore
-	 */
-	public String getTrustStore() {
-		return trustStore;
-	}
-	/**
-	 * @param trustStore the trustStore to set
-	 */
-	public void setTrustStore(String trustStore) {
-		this.trustStore = trustStore;
-	}
-	/**
-	 * @return the ssl
-	 */
-	public boolean isSsl() {
-		return ssl;
-	}
-	/**
-	 * @param ssl the ssl to set
-	 */
-	public void setSsl(boolean ssl) {
-		this.ssl = ssl;
-	}
-	/**
-	 * @return the referral
-	 */
-	public String getReferral() {
-		return referral;
-	}
-	/**
-	 * @param referral the referral to set
-	 */
-	public void setReferral(String referral) {
-		this.referral = referral;
-	}
-	
-	
-	/**
-	 * @return the trustStorePassword
-	 */
-	public String getTrustStorePassword() {
-		return trustStorePassword;
-	}
-	/**
-	 * @param trustStorePassword the trustStorePassword to set
-	 */
-	public void setTrustStorePassword(String trustStorePassword) {
-		this.trustStorePassword = trustStorePassword;
-	}
-	
-	
-	public static String getAttrStringValue(Attributes attrs, String elem) {
-		String value = "";
-		try {
-			if (attrs.get(elem) != null) {
-				for (int i = 0; i < attrs.get(elem).size(); i++) {
-					value += "," + attrs.get(elem).get(i).toString();
-				}
-				value = value.substring(1);
-			}
-		} catch (NamingException e) {
-			e.printStackTrace();
-			_logger.error(e.getMessage());
-		}
-		return value;
-	}
+    // connect to ldap server
+    public DirContext openConnection() {
+        _logger.info("PROVIDER_URL:" + providerUrl);
+        _logger.info("SECURITY_PRINCIPAL:" + principal);
+        _logger.info("SECURITY_CREDENTIALS:" + credentials);
+        // LDAP
+        Properties props = new Properties();
+        props.setProperty(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
+        props.setProperty(Context.URL_PKG_PREFIXES, "com.sun.jndi.url");
+        props.setProperty(Context.REFERRAL, referral);
+        props.setProperty(Context.SECURITY_AUTHENTICATION, "simple");
+
+        props.setProperty(Context.PROVIDER_URL, providerUrl);
+        props.setProperty(Context.SECURITY_PRINCIPAL, principal);
+        props.setProperty(Context.SECURITY_CREDENTIALS, credentials);
+
+        if (ssl && providerUrl.toLowerCase().startsWith("ldaps")) {
+            System.setProperty("javax.net.ssl.trustStore", trustStore);
+            System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword);
+            props.put(Context.SECURITY_PROTOCOL, "ssl");
+            props.put(Context.REFERRAL, "follow");
+        }
+
+        return InitialDirContext(props);
+    }
+
+    public boolean authenticate() {
+        openConnection();
+        if (this.ctx != null) {
+            close();
+            return true;
+        } else {
+            return false;
+        }
+    }
+
+    public void close() {
+        close(this.ctx);
+    }
+
+    public void close(DirContext ctx) {
+        if (null != ctx) {
+            try {
+                ctx.close();
+            } catch (Exception e) {
+                e.printStackTrace();
+                _logger.error(e.getMessage());
+            } finally {
+                ctx = null;
+            }
+        }
+    }
+
+    public DirContext getCtx() {
+        return ctx;
+    }
+
+    public DirContext getConnection() {
+        if (ctx == null) {
+            openConnection();
+        }
+
+        return ctx;
+    }
+
+    /**
+     * @return the baseDN
+     */
+    public String getBaseDN() {
+        return baseDN;
+    }
+
+    /**
+     * @param baseDN the baseDN to set
+     */
+    public void setBaseDN(String baseDN) {
+        this.baseDN = baseDN;
+    }
+
+    /**
+     * @return the searchScope
+     */
+    public int getSearchScope() {
+        return searchScope;
+    }
+
+    /**
+     * @return the providerUrl
+     */
+    public String getProviderUrl() {
+        return providerUrl;
+    }
+
+    public String getPrincipal() {
+        return principal;
+    }
+
+    public void setPrincipal(String principal) {
+        this.principal = principal;
+    }
+
+    public String getCredentials() {
+        return credentials;
+    }
+
+    public void setCredentials(String credentials) {
+        this.credentials = credentials;
+    }
+
+    public void setProviderUrl(String providerUrl) {
+        this.providerUrl = providerUrl;
+    }
+
+    /**
+     * @return the trustStore
+     */
+    public String getTrustStore() {
+        return trustStore;
+    }
+
+    /**
+     * @param trustStore the trustStore to set
+     */
+    public void setTrustStore(String trustStore) {
+        this.trustStore = trustStore;
+    }
+
+    /**
+     * @return the ssl
+     */
+    public boolean isSsl() {
+        return ssl;
+    }
+
+    /**
+     * @param ssl the ssl to set
+     */
+    public void setSsl(boolean ssl) {
+        this.ssl = ssl;
+    }
+
+    /**
+     * @return the referral
+     */
+    public String getReferral() {
+        return referral;
+    }
+
+    /**
+     * @param referral the referral to set
+     */
+    public void setReferral(String referral) {
+        this.referral = referral;
+    }
+
+    /**
+     * @return the trustStorePassword
+     */
+    public String getTrustStorePassword() {
+        return trustStorePassword;
+    }
+
+    /**
+     * @param trustStorePassword the trustStorePassword to set
+     */
+    public void setTrustStorePassword(String trustStorePassword) {
+        this.trustStorePassword = trustStorePassword;
+    }
+
+    public static String getAttrStringValue(Attributes attrs, String elem) {
+        String value = "";
+        try {
+            if (attrs.get(elem) != null) {
+                for (int i = 0; i < attrs.get(elem).size(); i++) {
+                    value += "," + attrs.get(elem).get(i).toString();
+                }
+                value = value.substring(1);
+            }
+        } catch (NamingException e) {
+            e.printStackTrace();
+            _logger.error(e.getMessage());
+        }
+        return value;
+    }
 }
--- a/maxkey-dao/src/main/java/org/maxkey/dao/service/AppsDesktopDetailsService.java
+++ b/maxkey-dao/src/main/java/org/maxkey/dao/service/AppsDesktopDetailsService.java
@ -2,7 +2,6 @@ package org.maxkey.dao.service;

 import org.apache.mybatis.jpa.persistence.JpaBaseService;
 import org.maxkey.dao.persistence.AppsDesktopDetailsMapper;
-import org.maxkey.domain.apps.AppsCasDetails;
 import org.maxkey.domain.apps.AppsDesktopDetails;
 import org.springframework.stereotype.Service;

--- a/maxkey-dao/src/main/java/org/maxkey/dao/service/AppsFormBasedDetailsService.java
+++ b/maxkey-dao/src/main/java/org/maxkey/dao/service/AppsFormBasedDetailsService.java
@ -2,7 +2,6 @@ package org.maxkey.dao.service;

 import org.apache.mybatis.jpa.persistence.JpaBaseService;
 import org.maxkey.dao.persistence.AppsFormBasedDetailsMapper;
-import org.maxkey.domain.apps.AppsCasDetails;
 import org.maxkey.domain.apps.AppsFormBasedDetails;
 import org.springframework.stereotype.Service;

--- a/maxkey-dao/src/main/java/org/maxkey/dao/service/GroupMemberService.java
+++ b/maxkey-dao/src/main/java/org/maxkey/dao/service/GroupMemberService.java
@ -1,10 +1,8 @@
 package org.maxkey.dao.service;

 import org.apache.mybatis.jpa.persistence.JpaBaseService;
-import org.apache.mybatis.jpa.persistence.JpaPageResults;
 import org.maxkey.dao.persistence.GroupMemberMapper;
 import org.maxkey.domain.GroupMember;
-import org.maxkey.domain.UserInfo;
 import org.springframework.stereotype.Service;

@Service
--- a/maxkey-web-manage/src/main/java/org/maxkey/MaxKeyMgtApplication.java
+++ b/maxkey-web-manage/src/main/java/org/maxkey/MaxKeyMgtApplication.java
@ -53,11 +53,9 @@ public class MaxKeyMgtApplication extends SpringBootServletInitializer {
 		_logger.info("MaxKeyMgt Server Port "+applicationContext.getBean(MaxKeyMgtConfig.class).getPort());
 		_logger.info("MaxKeyMgt started.");
 		
-		
 	}

 	protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
-		
 		return application.sources(MaxKeyMgtApplication.class);
 	}

--- a/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java
+++ b/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java
@ -10,6 +10,11 @@ import org.apache.catalina.connector.Connector;
 import org.apache.tomcat.util.descriptor.web.SecurityCollection;
 import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
 import org.maxkey.authn.realm.jdbc.JdbcAuthenticationRealm;
+import org.maxkey.authn.realm.ldap.LdapAuthenticationRealm;
+import org.maxkey.authn.realm.ldap.LdapServer;
+import org.maxkey.authn.realm.IAuthenticationServer;
+import org.maxkey.authn.realm.activedirectory.ActiveDirectoryAuthenticationRealm;
+import org.maxkey.authn.realm.activedirectory.ActiveDirectoryServer;
 import org.maxkey.authn.support.kerberos.KerberosProxy;
 import org.maxkey.authn.support.kerberos.RemoteKerberosService;
 import org.maxkey.authn.support.socialsignon.service.JdbcSocialsAssociateService;
@ -21,6 +26,8 @@ import org.maxkey.crypto.password.opt.impl.MailOtpAuthn;
 import org.maxkey.crypto.password.opt.impl.SmsOtpAuthn;
 import org.maxkey.crypto.password.opt.impl.TimeBasedOtpAuthn;
 import org.maxkey.crypto.password.opt.impl.sms.SmsOtpAuthnYunxin;
+import org.maxkey.persistence.ldap.ActiveDirectoryUtils;
+import org.maxkey.persistence.ldap.LdapUtils;
 import org.mybatis.spring.annotation.MapperScan;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@ -135,15 +142,61 @@ public class MaxKeyConfig  implements InitializingBean {
        _logger.debug("KeyUri Format " + keyUriFormat);
        return keyUriFormat;
    }
-
+    
+    //可以在此实现其他的登陆认证方式，请实现AbstractAuthenticationRealm
    @Bean(name = "authenticationRealm")
-    public JdbcAuthenticationRealm JdbcAuthenticationRealm(
+    public JdbcAuthenticationRealm authenticationRealm(
+                JdbcTemplate jdbcTemplate) {
+        JdbcAuthenticationRealm authenticationRealm = jdbcAuthenticationRealm(jdbcTemplate);
+        return authenticationRealm;
+    }
+    
+    //JdbcAuthenticationRealm
+    public JdbcAuthenticationRealm jdbcAuthenticationRealm(
                JdbcTemplate jdbcTemplate) {
        JdbcAuthenticationRealm authenticationRealm = new JdbcAuthenticationRealm(jdbcTemplate);
        _logger.debug("JdbcAuthenticationRealm inited.");
        return authenticationRealm;
    }
    
+    //LdapAuthenticationRealm
+    public LdapAuthenticationRealm ldapAuthenticationRealm(
+                JdbcTemplate jdbcTemplate) {
+        LdapAuthenticationRealm authenticationRealm = new LdapAuthenticationRealm(jdbcTemplate);
+        LdapServer ldapServer=new LdapServer();
+        String providerUrl = "ldap://localhost:389";
+        String principal = "cn=root";
+        String credentials = "maxkey";
+        String baseDN = "dc=maxkey,dc=top";
+        LdapUtils ldapUtils = new LdapUtils(providerUrl,principal,credentials,baseDN);
+        ldapServer.setLdapUtils(ldapUtils);
+        ldapServer.setFilterAttribute("uid");
+        List<IAuthenticationServer> ldapServers = new ArrayList<IAuthenticationServer>();
+        ldapServers.add(ldapServer);
+        authenticationRealm.setLdapServers(ldapServers);
+        _logger.debug("LdapAuthenticationRealm inited.");
+        return authenticationRealm;
+    }
+    
+    //ActiveDirectoryAuthenticationRealm
+    public ActiveDirectoryAuthenticationRealm activeDirectoryAuthenticationRealm(
+                JdbcTemplate jdbcTemplate) {
+        ActiveDirectoryAuthenticationRealm authenticationRealm = new ActiveDirectoryAuthenticationRealm(jdbcTemplate);
+        ActiveDirectoryServer ldapServer=new ActiveDirectoryServer();
+        String providerUrl = "ldap://localhost:389";
+        String principal = "cn=root";
+        String credentials = "maxkey";
+        String domain = "maxkey";
+        ActiveDirectoryUtils ldapUtils = new ActiveDirectoryUtils(providerUrl,principal,credentials,domain);
+        ldapServer.setActiveDirectoryUtils(ldapUtils);
+        
+        List<IAuthenticationServer> ldapServers = new ArrayList<IAuthenticationServer>();
+        ldapServers.add(ldapServer);
+        authenticationRealm.setActiveDirectoryServers(ldapServers);
+        _logger.debug("LdapAuthenticationRealm inited.");
+        return authenticationRealm;
+    }
+    
    @Bean(name = "tfaOptAuthn")
    public TimeBasedOtpAuthn tfaOptAuthn() {
        TimeBasedOtpAuthn tfaOptAuthn = new TimeBasedOtpAuthn();
--- a/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyMvcConfig.java
+++ b/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyMvcConfig.java
@ -1,7 +1,6 @@
 package org.maxkey;

 import org.maxkey.authn.support.basic.BasicEntryPoint;
-import org.maxkey.authn.support.httpheader.HttpHeaderConfig;
 import org.maxkey.authn.support.httpheader.HttpHeaderEntryPoint;
 import org.maxkey.web.interceptor.HistoryLoginAppAdapter;
 import org.maxkey.web.interceptor.HistoryLogsAdapter;
@ -76,11 +75,17 @@ public class MaxKeyMvcConfig implements WebMvcConfigurer {
                .addPathPatterns("/authz/desktop/*")
                .addPathPatterns("/authz/formbased/*")
                .addPathPatterns("/authz/tokenbased/*")
+                //SAML
                .addPathPatterns("/authz/saml20/idpinit/*")
                .addPathPatterns("/authz/saml20/assertion")
+                .addPathPatterns("/authz/saml20/assertion/")
+                //CAS
                .addPathPatterns("/authz/cas/*")
                .addPathPatterns("/authz/cas/*/*")
+                .addPathPatterns("/authz/cas/login")
+                .addPathPatterns("/authz/cas/login/")
                .addPathPatterns("/authz/cas/granting/*")
+                //OAuth
                .addPathPatterns("/oauth/v20/authorize")
                .addPathPatterns("/oauth/v20/authorize/*")
                ;
@ -122,8 +127,7 @@ public class MaxKeyMvcConfig implements WebMvcConfigurer {
        _logger.debug("add LocaleChangeInterceptor");
        
        if(httpHeaderEnable) {
-            HttpHeaderConfig httpHeaderConfig= new HttpHeaderConfig(this.httpHeaderName,httpHeaderEnable);
-            registry.addInterceptor(new HttpHeaderEntryPoint(httpHeaderConfig))
+            registry.addInterceptor(new HttpHeaderEntryPoint(httpHeaderName,httpHeaderEnable))
                    .addPathPatterns("/*");
            _logger.debug("add HttpHeaderEntryPoint");
        }