From 73b66252940ca8ab0b6ac60ff624bab76c871fb2 Mon Sep 17 00:00:00 2001 From: shimingxy Date: Tue, 26 May 2020 08:35:33 +0800 Subject: [PATCH] v2.0.RC1 v2.0.RC1 --- .../support/httpheader/HttpHeaderConfig.java | 33 -- .../httpheader/HttpHeaderEntryPoint.java | 35 +- .../ldap/ActiveDirectoryUtils.java | 159 +++--- .../maxkey/persistence/ldap/LdapUtils.java | 514 +++++++++--------- .../service/AppsDesktopDetailsService.java | 1 - .../service/AppsFormBasedDetailsService.java | 1 - .../dao/service/GroupMemberService.java | 2 - .../java/org/maxkey/MaxKeyMgtApplication.java | 2 - .../main/java/org/maxkey/MaxKeyConfig.java | 57 +- .../main/java/org/maxkey/MaxKeyMvcConfig.java | 10 +- 10 files changed, 424 insertions(+), 390 deletions(-) delete mode 100644 maxkey-authentications/src/main/java/org/maxkey/authn/support/httpheader/HttpHeaderConfig.java diff --git a/maxkey-authentications/src/main/java/org/maxkey/authn/support/httpheader/HttpHeaderConfig.java b/maxkey-authentications/src/main/java/org/maxkey/authn/support/httpheader/HttpHeaderConfig.java deleted file mode 100644 index 7b884f716..000000000 --- a/maxkey-authentications/src/main/java/org/maxkey/authn/support/httpheader/HttpHeaderConfig.java +++ /dev/null @@ -1,33 +0,0 @@ -package org.maxkey.authn.support.httpheader; - -public class HttpHeaderConfig { - String headerName; - boolean enable; - - - /** - * - */ - public HttpHeaderConfig() { - - } - public String getHeaderName() { - return headerName; - } - public void setHeaderName(String headerName) { - this.headerName = headerName; - } - public boolean isEnable() { - return enable; - } - public void setEnable(boolean enable) { - this.enable = enable; - } - public HttpHeaderConfig(String headerName, boolean enable) { - super(); - this.headerName = headerName; - this.enable = enable; - } - - -} diff --git a/maxkey-authentications/src/main/java/org/maxkey/authn/support/httpheader/HttpHeaderEntryPoint.java b/maxkey-authentications/src/main/java/org/maxkey/authn/support/httpheader/HttpHeaderEntryPoint.java index 222d28fc9..10e61afc6 100644 --- a/maxkey-authentications/src/main/java/org/maxkey/authn/support/httpheader/HttpHeaderEntryPoint.java +++ b/maxkey-authentications/src/main/java/org/maxkey/authn/support/httpheader/HttpHeaderEntryPoint.java @@ -15,8 +15,9 @@ import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; public class HttpHeaderEntryPoint extends HandlerInterceptorAdapter { private static final Logger _logger = LoggerFactory.getLogger(HttpHeaderEntryPoint.class); - - HttpHeaderConfig httpHeaderSupport; + String headerName; + boolean enable; + String []skipRequestURI={ "/oauth/v20/token", @@ -27,7 +28,7 @@ public class HttpHeaderEntryPoint extends HandlerInterceptorAdapter { @Override public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception { - if(!httpHeaderSupport.isEnable()){ + if(!enable){ return true; } String requestPath=request.getServletPath(); @@ -55,7 +56,7 @@ public class HttpHeaderEntryPoint extends HandlerInterceptorAdapter { } _logger.info("getSession.getId : "+ request.getSession().getId()); - String httpHeaderUsername = request.getHeader(httpHeaderSupport.getHeaderName()); + String httpHeaderUsername = request.getHeader(headerName); _logger.info("HttpHeader username : " + httpHeaderUsername); @@ -94,14 +95,28 @@ public class HttpHeaderEntryPoint extends HandlerInterceptorAdapter { public HttpHeaderEntryPoint() { super(); } - - public HttpHeaderEntryPoint(HttpHeaderConfig httpHeaderSupport) { + + public HttpHeaderEntryPoint(String headerName, boolean enable) { super(); - this.httpHeaderSupport = httpHeaderSupport; + this.headerName = headerName; + this.enable = enable; } - public void setHttpHeaderSupport(HttpHeaderConfig httpHeaderSupport) { - this.httpHeaderSupport = httpHeaderSupport; - } + public String getHeaderName() { + return headerName; + } + + public void setHeaderName(String headerName) { + this.headerName = headerName; + } + + public boolean isEnable() { + return enable; + } + + public void setEnable(boolean enable) { + this.enable = enable; + } + } diff --git a/maxkey-core/src/main/java/org/maxkey/persistence/ldap/ActiveDirectoryUtils.java b/maxkey-core/src/main/java/org/maxkey/persistence/ldap/ActiveDirectoryUtils.java index 2ac72b391..732cc68fb 100644 --- a/maxkey-core/src/main/java/org/maxkey/persistence/ldap/ActiveDirectoryUtils.java +++ b/maxkey-core/src/main/java/org/maxkey/persistence/ldap/ActiveDirectoryUtils.java @@ -1,6 +1,5 @@ package org.maxkey.persistence.ldap; - import java.util.Properties; import javax.naming.Context; @@ -15,92 +14,86 @@ import org.slf4j.LoggerFactory; * */ public class ActiveDirectoryUtils extends LdapUtils { - private final static Logger _logger = LoggerFactory.getLogger(ActiveDirectoryUtils.class); - - public final static String sAMAccountName = "sAMAccountName"; - public final static String unicodePwd = "unicodePwd"; - public final static String CN = "CN"; - - public final static String servicePrincipalName = "servicePrincipalName"; - public final static String userPrincipalName = "userPrincipalName"; - public final static String userAccountControl = "userAccountControl"; - + private final static Logger _logger = LoggerFactory.getLogger(ActiveDirectoryUtils.class); - - - - protected String domain; + public final static String sAMAccountName = "sAMAccountName"; + public final static String unicodePwd = "unicodePwd"; + public final static String CN = "CN"; - /** - * - */ - public ActiveDirectoryUtils() { - super(); - } - - public ActiveDirectoryUtils(String providerUrl,String principal,String credentials,String baseDN,String domain) { - this.providerUrl=providerUrl; - this.principal=principal; - this.credentials=credentials; - this.searchScope=SearchControls.SUBTREE_SCOPE; - this.baseDN=baseDN; - this.domain=domain.toUpperCase(); - } - - public ActiveDirectoryUtils(String providerUrl,String principal,String credentials,String domain) { - this.providerUrl=providerUrl; - this.principal=principal; - this.credentials=credentials; - this.searchScope=SearchControls.SUBTREE_SCOPE; - this.domain=domain.toUpperCase(); - } - - public ActiveDirectoryUtils(DirContext dirContext) { - this.ctx=dirContext; - } - - //connect to ActiveDirectory server - @Override - public DirContext openConnection(){ - _logger.info("PROVIDER_URL:"+providerUrl); - _logger.info("SECURITY_PRINCIPAL:"+principal); - _logger.info("SECURITY_CREDENTIALS:"+credentials); - //LDAP - Properties props = new Properties(); - props.setProperty(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); - props.setProperty(Context.URL_PKG_PREFIXES, "com.sun.jndi.url"); - props.setProperty(Context.REFERRAL, referral); - props.setProperty(Context.SECURITY_AUTHENTICATION, "simple"); - - props.setProperty(Context.PROVIDER_URL, providerUrl); - if(domain.indexOf(".")>-1){ - domain=domain.substring(0, domain.indexOf(".")); - } - _logger.info("PROVIDER_DOMAIN:"+domain); - String activeDirectoryPrincipal=domain+"\\"+principal; - _logger.debug("Active Directory SECURITY_PRINCIPAL : "+activeDirectoryPrincipal); - props.setProperty(Context.SECURITY_PRINCIPAL,activeDirectoryPrincipal); - props.setProperty(Context.SECURITY_CREDENTIALS, credentials); - - if(ssl&&providerUrl.toLowerCase().startsWith("ldaps")){ - System.setProperty("javax.net.ssl.trustStore", trustStore); - System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword); - props.put(Context.SECURITY_PROTOCOL, "ssl"); - props.put(Context.REFERRAL, "follow"); - } - - return InitialDirContext(props); - } + public final static String servicePrincipalName = "servicePrincipalName"; + public final static String userPrincipalName = "userPrincipalName"; + public final static String userAccountControl = "userAccountControl"; - public String getDomain() { - return domain; - } + protected String domain; - public void setDomain(String domain) { - this.domain = domain.toUpperCase(); - } - + /** + * + */ + public ActiveDirectoryUtils() { + super(); + } - + public ActiveDirectoryUtils(String providerUrl, String principal, String credentials, String baseDN, + String domain) { + this.providerUrl = providerUrl; + this.principal = principal; + this.credentials = credentials; + this.searchScope = SearchControls.SUBTREE_SCOPE; + this.baseDN = baseDN; + this.domain = domain.toUpperCase(); + } + + public ActiveDirectoryUtils(String providerUrl, String principal, String credentials, String domain) { + this.providerUrl = providerUrl; + this.principal = principal; + this.credentials = credentials; + this.searchScope = SearchControls.SUBTREE_SCOPE; + this.domain = domain.toUpperCase(); + } + + public ActiveDirectoryUtils(DirContext dirContext) { + this.ctx = dirContext; + } + + // connect to ActiveDirectory server + @Override + public DirContext openConnection() { + _logger.info("PROVIDER_URL:" + providerUrl); + _logger.info("SECURITY_PRINCIPAL:" + principal); + _logger.info("SECURITY_CREDENTIALS:" + credentials); + // LDAP + Properties props = new Properties(); + props.setProperty(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); + props.setProperty(Context.URL_PKG_PREFIXES, "com.sun.jndi.url"); + props.setProperty(Context.REFERRAL, referral); + props.setProperty(Context.SECURITY_AUTHENTICATION, "simple"); + + props.setProperty(Context.PROVIDER_URL, providerUrl); + if (domain.indexOf(".") > -1) { + domain = domain.substring(0, domain.indexOf(".")); + } + _logger.info("PROVIDER_DOMAIN:" + domain); + String activeDirectoryPrincipal = domain + "\\" + principal; + _logger.debug("Active Directory SECURITY_PRINCIPAL : " + activeDirectoryPrincipal); + props.setProperty(Context.SECURITY_PRINCIPAL, activeDirectoryPrincipal); + props.setProperty(Context.SECURITY_CREDENTIALS, credentials); + + if (ssl && providerUrl.toLowerCase().startsWith("ldaps")) { + System.setProperty("javax.net.ssl.trustStore", trustStore); + System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword); + props.put(Context.SECURITY_PROTOCOL, "ssl"); + props.put(Context.REFERRAL, "follow"); + } + + return InitialDirContext(props); + } + + public String getDomain() { + return domain; + } + + public void setDomain(String domain) { + this.domain = domain.toUpperCase(); + } } diff --git a/maxkey-core/src/main/java/org/maxkey/persistence/ldap/LdapUtils.java b/maxkey-core/src/main/java/org/maxkey/persistence/ldap/LdapUtils.java index c5d6735b5..3cfdd828c 100644 --- a/maxkey-core/src/main/java/org/maxkey/persistence/ldap/LdapUtils.java +++ b/maxkey-core/src/main/java/org/maxkey/persistence/ldap/LdapUtils.java @@ -1,6 +1,5 @@ package org.maxkey.persistence.ldap; - import java.util.Properties; import javax.naming.Context; @@ -18,259 +17,268 @@ import org.slf4j.LoggerFactory; * */ public class LdapUtils { - private final static Logger _logger = LoggerFactory.getLogger(LdapUtils.class); - - public final static String propertyBaseDN = "baseDN"; - public final static String propertyDomain = "domain"; - public final static String propertyTrustStore = "trustStore"; - public final static String propertyTrustStorePassword = "trustStorePassword"; - - public final static String uid = "uid"; - public final static String userPassword = "userPassword"; - public final static String cn = "cn"; - public final static String displayName = "displayName"; - public final static String givenName = "givenName"; - public final static String sn = "sn"; - public final static String mobile = "mobile"; - public final static String mail = "mail"; - public final static String employeeNumber = "employeeNumber"; - public final static String ou = "ou"; - public final static String manager = "manager"; - public final static String department = "department"; - public final static String departmentNumber = "departmentNumber"; - public final static String title = "title"; - - - protected DirContext ctx; - protected String baseDN; - protected String providerUrl; - protected String principal; - protected String credentials; - protected String referral="ignore"; - protected String trustStore; - protected String trustStorePassword; - protected boolean ssl; - protected int searchScope; + private static final Logger _logger = LoggerFactory.getLogger(LdapUtils.class); - /** - * - */ - public LdapUtils() { - super(); - this.searchScope=SearchControls.SUBTREE_SCOPE; - } - public LdapUtils(String providerUrl,String principal,String credentials) { - this.providerUrl=providerUrl; - this.principal=principal; - this.credentials=credentials; - this.searchScope=SearchControls.SUBTREE_SCOPE; - } - public LdapUtils(String providerUrl,String principal,String credentials,String baseDN) { - this.providerUrl=providerUrl; - this.principal=principal; - this.credentials=credentials; - this.searchScope=SearchControls.SUBTREE_SCOPE; - this.baseDN=baseDN; - } - - public LdapUtils(DirContext dirContext) { - this.ctx=dirContext; - } - - public void setSearchSubTreeScope(){ - this.searchScope=SearchControls.SUBTREE_SCOPE; - } - - public void setSearchOneLevelScope(){ - this.searchScope=SearchControls.ONELEVEL_SCOPE; - } - - protected DirContext InitialDirContext(Properties properties){ - try { - ctx = new InitialDirContext(properties); - _logger.info("connect to ldap "+providerUrl+" seccessful."); - } catch (NamingException e) { - _logger.error("connect to ldap "+providerUrl+" fail."); - e.printStackTrace(); - _logger.error(e.getMessage()); - } + public static final String propertyBaseDN = "baseDN"; + public static final String propertyDomain = "domain"; + public static final String propertyTrustStore = "trustStore"; + public static final String propertyTrustStorePassword = "trustStorePassword"; + + public static final String uid = "uid"; + public static final String userPassword = "userPassword"; + public static final String cn = "cn"; + public static final String displayName = "displayName"; + public static final String givenName = "givenName"; + public static final String sn = "sn"; + public static final String mobile = "mobile"; + public static final String mail = "mail"; + public static final String employeeNumber = "employeeNumber"; + public static final String ou = "ou"; + public static final String manager = "manager"; + public static final String department = "department"; + public static final String departmentNumber = "departmentNumber"; + public static final String title = "title"; + + protected DirContext ctx; + protected String baseDN; + protected String providerUrl; + protected String principal; + protected String credentials; + protected String referral = "ignore"; + protected String trustStore; + protected String trustStorePassword; + protected boolean ssl; + protected int searchScope; + + /** + * + */ + public LdapUtils() { + super(); + this.searchScope = SearchControls.SUBTREE_SCOPE; + } + + public LdapUtils(String providerUrl, String principal, String credentials) { + this.providerUrl = providerUrl; + this.principal = principal; + this.credentials = credentials; + this.searchScope = SearchControls.SUBTREE_SCOPE; + } + + public LdapUtils(String providerUrl, String principal, String credentials, String baseDN) { + this.providerUrl = providerUrl; + this.principal = principal; + this.credentials = credentials; + this.searchScope = SearchControls.SUBTREE_SCOPE; + this.baseDN = baseDN; + } + + public LdapUtils(DirContext dirContext) { + this.ctx = dirContext; + } + + public void setSearchSubTreeScope() { + this.searchScope = SearchControls.SUBTREE_SCOPE; + } + + public void setSearchOneLevelScope() { + this.searchScope = SearchControls.ONELEVEL_SCOPE; + } + + protected DirContext InitialDirContext(Properties properties) { + try { + ctx = new InitialDirContext(properties); + _logger.info("connect to ldap " + providerUrl + " seccessful."); + } catch (NamingException e) { + _logger.error("connect to ldap " + providerUrl + " fail."); + e.printStackTrace(); + _logger.error(e.getMessage()); + } return ctx; - } - - - //connect to ldap server - public DirContext openConnection(){ - _logger.info("PROVIDER_URL:"+providerUrl); - _logger.info("SECURITY_PRINCIPAL:"+principal); - _logger.info("SECURITY_CREDENTIALS:"+credentials); - //LDAP - Properties props = new Properties(); - props.setProperty(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); - props.setProperty(Context.URL_PKG_PREFIXES, "com.sun.jndi.url"); - props.setProperty(Context.REFERRAL, referral); - props.setProperty(Context.SECURITY_AUTHENTICATION, "simple"); - - props.setProperty(Context.PROVIDER_URL, providerUrl); - props.setProperty(Context.SECURITY_PRINCIPAL,principal); - props.setProperty(Context.SECURITY_CREDENTIALS, credentials); - - if(ssl&&providerUrl.toLowerCase().startsWith("ldaps")){ - System.setProperty("javax.net.ssl.trustStore", trustStore); - System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword); - props.put(Context.SECURITY_PROTOCOL, "ssl"); - props.put(Context.REFERRAL, "follow"); - } - - return InitialDirContext(props); - } - - - public boolean authenticate(){ - openConnection(); - if(this.ctx!=null){ - close(); - return true; - }else{ - return false; - } - } - - public void close(){ - close(this.ctx); - } - - public void close( DirContext ctx){ - if (null != ctx) { - try{ - ctx.close(); - }catch(Exception e){ - e.printStackTrace(); - _logger.error(e.getMessage()); - }finally{ - ctx=null; - } - } - } - - public DirContext getCtx() { - return ctx; - } - - public DirContext getConnection(){ - if(ctx==null){ - openConnection(); - } - - return ctx; - } + } - /** - * @return the baseDN - */ - public String getBaseDN() { - return baseDN; - } - /** - * @param baseDN the baseDN to set - */ - public void setBaseDN(String baseDN) { - this.baseDN = baseDN; - } - /** - * @return the searchScope - */ - public int getSearchScope() { - return searchScope; - } - /** - * @return the providerUrl - */ - public String getProviderUrl() { - return providerUrl; - } - - public String getPrincipal() { - return principal; - } - public void setPrincipal(String principal) { - this.principal = principal; - } - public String getCredentials() { - return credentials; - } - public void setCredentials(String credentials) { - this.credentials = credentials; - } - public void setProviderUrl(String providerUrl) { - this.providerUrl = providerUrl; - } - - - /** - * @return the trustStore - */ - public String getTrustStore() { - return trustStore; - } - /** - * @param trustStore the trustStore to set - */ - public void setTrustStore(String trustStore) { - this.trustStore = trustStore; - } - /** - * @return the ssl - */ - public boolean isSsl() { - return ssl; - } - /** - * @param ssl the ssl to set - */ - public void setSsl(boolean ssl) { - this.ssl = ssl; - } - /** - * @return the referral - */ - public String getReferral() { - return referral; - } - /** - * @param referral the referral to set - */ - public void setReferral(String referral) { - this.referral = referral; - } - - - /** - * @return the trustStorePassword - */ - public String getTrustStorePassword() { - return trustStorePassword; - } - /** - * @param trustStorePassword the trustStorePassword to set - */ - public void setTrustStorePassword(String trustStorePassword) { - this.trustStorePassword = trustStorePassword; - } - - - public static String getAttrStringValue(Attributes attrs, String elem) { - String value = ""; - try { - if (attrs.get(elem) != null) { - for (int i = 0; i < attrs.get(elem).size(); i++) { - value += "," + attrs.get(elem).get(i).toString(); - } - value = value.substring(1); - } - } catch (NamingException e) { - e.printStackTrace(); - _logger.error(e.getMessage()); - } - return value; - } + // connect to ldap server + public DirContext openConnection() { + _logger.info("PROVIDER_URL:" + providerUrl); + _logger.info("SECURITY_PRINCIPAL:" + principal); + _logger.info("SECURITY_CREDENTIALS:" + credentials); + // LDAP + Properties props = new Properties(); + props.setProperty(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory"); + props.setProperty(Context.URL_PKG_PREFIXES, "com.sun.jndi.url"); + props.setProperty(Context.REFERRAL, referral); + props.setProperty(Context.SECURITY_AUTHENTICATION, "simple"); + + props.setProperty(Context.PROVIDER_URL, providerUrl); + props.setProperty(Context.SECURITY_PRINCIPAL, principal); + props.setProperty(Context.SECURITY_CREDENTIALS, credentials); + + if (ssl && providerUrl.toLowerCase().startsWith("ldaps")) { + System.setProperty("javax.net.ssl.trustStore", trustStore); + System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword); + props.put(Context.SECURITY_PROTOCOL, "ssl"); + props.put(Context.REFERRAL, "follow"); + } + + return InitialDirContext(props); + } + + public boolean authenticate() { + openConnection(); + if (this.ctx != null) { + close(); + return true; + } else { + return false; + } + } + + public void close() { + close(this.ctx); + } + + public void close(DirContext ctx) { + if (null != ctx) { + try { + ctx.close(); + } catch (Exception e) { + e.printStackTrace(); + _logger.error(e.getMessage()); + } finally { + ctx = null; + } + } + } + + public DirContext getCtx() { + return ctx; + } + + public DirContext getConnection() { + if (ctx == null) { + openConnection(); + } + + return ctx; + } + + /** + * @return the baseDN + */ + public String getBaseDN() { + return baseDN; + } + + /** + * @param baseDN the baseDN to set + */ + public void setBaseDN(String baseDN) { + this.baseDN = baseDN; + } + + /** + * @return the searchScope + */ + public int getSearchScope() { + return searchScope; + } + + /** + * @return the providerUrl + */ + public String getProviderUrl() { + return providerUrl; + } + + public String getPrincipal() { + return principal; + } + + public void setPrincipal(String principal) { + this.principal = principal; + } + + public String getCredentials() { + return credentials; + } + + public void setCredentials(String credentials) { + this.credentials = credentials; + } + + public void setProviderUrl(String providerUrl) { + this.providerUrl = providerUrl; + } + + /** + * @return the trustStore + */ + public String getTrustStore() { + return trustStore; + } + + /** + * @param trustStore the trustStore to set + */ + public void setTrustStore(String trustStore) { + this.trustStore = trustStore; + } + + /** + * @return the ssl + */ + public boolean isSsl() { + return ssl; + } + + /** + * @param ssl the ssl to set + */ + public void setSsl(boolean ssl) { + this.ssl = ssl; + } + + /** + * @return the referral + */ + public String getReferral() { + return referral; + } + + /** + * @param referral the referral to set + */ + public void setReferral(String referral) { + this.referral = referral; + } + + /** + * @return the trustStorePassword + */ + public String getTrustStorePassword() { + return trustStorePassword; + } + + /** + * @param trustStorePassword the trustStorePassword to set + */ + public void setTrustStorePassword(String trustStorePassword) { + this.trustStorePassword = trustStorePassword; + } + + public static String getAttrStringValue(Attributes attrs, String elem) { + String value = ""; + try { + if (attrs.get(elem) != null) { + for (int i = 0; i < attrs.get(elem).size(); i++) { + value += "," + attrs.get(elem).get(i).toString(); + } + value = value.substring(1); + } + } catch (NamingException e) { + e.printStackTrace(); + _logger.error(e.getMessage()); + } + return value; + } } diff --git a/maxkey-dao/src/main/java/org/maxkey/dao/service/AppsDesktopDetailsService.java b/maxkey-dao/src/main/java/org/maxkey/dao/service/AppsDesktopDetailsService.java index 16538d4a7..57e94078a 100644 --- a/maxkey-dao/src/main/java/org/maxkey/dao/service/AppsDesktopDetailsService.java +++ b/maxkey-dao/src/main/java/org/maxkey/dao/service/AppsDesktopDetailsService.java @@ -2,7 +2,6 @@ package org.maxkey.dao.service; import org.apache.mybatis.jpa.persistence.JpaBaseService; import org.maxkey.dao.persistence.AppsDesktopDetailsMapper; -import org.maxkey.domain.apps.AppsCasDetails; import org.maxkey.domain.apps.AppsDesktopDetails; import org.springframework.stereotype.Service; diff --git a/maxkey-dao/src/main/java/org/maxkey/dao/service/AppsFormBasedDetailsService.java b/maxkey-dao/src/main/java/org/maxkey/dao/service/AppsFormBasedDetailsService.java index fe5f06f69..ffe827c41 100644 --- a/maxkey-dao/src/main/java/org/maxkey/dao/service/AppsFormBasedDetailsService.java +++ b/maxkey-dao/src/main/java/org/maxkey/dao/service/AppsFormBasedDetailsService.java @@ -2,7 +2,6 @@ package org.maxkey.dao.service; import org.apache.mybatis.jpa.persistence.JpaBaseService; import org.maxkey.dao.persistence.AppsFormBasedDetailsMapper; -import org.maxkey.domain.apps.AppsCasDetails; import org.maxkey.domain.apps.AppsFormBasedDetails; import org.springframework.stereotype.Service; diff --git a/maxkey-dao/src/main/java/org/maxkey/dao/service/GroupMemberService.java b/maxkey-dao/src/main/java/org/maxkey/dao/service/GroupMemberService.java index a71c081db..0ee975d92 100644 --- a/maxkey-dao/src/main/java/org/maxkey/dao/service/GroupMemberService.java +++ b/maxkey-dao/src/main/java/org/maxkey/dao/service/GroupMemberService.java @@ -1,10 +1,8 @@ package org.maxkey.dao.service; import org.apache.mybatis.jpa.persistence.JpaBaseService; -import org.apache.mybatis.jpa.persistence.JpaPageResults; import org.maxkey.dao.persistence.GroupMemberMapper; import org.maxkey.domain.GroupMember; -import org.maxkey.domain.UserInfo; import org.springframework.stereotype.Service; @Service diff --git a/maxkey-web-manage/src/main/java/org/maxkey/MaxKeyMgtApplication.java b/maxkey-web-manage/src/main/java/org/maxkey/MaxKeyMgtApplication.java index c3c6f6268..864033972 100644 --- a/maxkey-web-manage/src/main/java/org/maxkey/MaxKeyMgtApplication.java +++ b/maxkey-web-manage/src/main/java/org/maxkey/MaxKeyMgtApplication.java @@ -53,11 +53,9 @@ public class MaxKeyMgtApplication extends SpringBootServletInitializer { _logger.info("MaxKeyMgt Server Port "+applicationContext.getBean(MaxKeyMgtConfig.class).getPort()); _logger.info("MaxKeyMgt started."); - } protected SpringApplicationBuilder configure(SpringApplicationBuilder application) { - return application.sources(MaxKeyMgtApplication.class); } diff --git a/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java b/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java index ad1f47dce..00063dd76 100644 --- a/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java +++ b/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java @@ -10,6 +10,11 @@ import org.apache.catalina.connector.Connector; import org.apache.tomcat.util.descriptor.web.SecurityCollection; import org.apache.tomcat.util.descriptor.web.SecurityConstraint; import org.maxkey.authn.realm.jdbc.JdbcAuthenticationRealm; +import org.maxkey.authn.realm.ldap.LdapAuthenticationRealm; +import org.maxkey.authn.realm.ldap.LdapServer; +import org.maxkey.authn.realm.IAuthenticationServer; +import org.maxkey.authn.realm.activedirectory.ActiveDirectoryAuthenticationRealm; +import org.maxkey.authn.realm.activedirectory.ActiveDirectoryServer; import org.maxkey.authn.support.kerberos.KerberosProxy; import org.maxkey.authn.support.kerberos.RemoteKerberosService; import org.maxkey.authn.support.socialsignon.service.JdbcSocialsAssociateService; @@ -21,6 +26,8 @@ import org.maxkey.crypto.password.opt.impl.MailOtpAuthn; import org.maxkey.crypto.password.opt.impl.SmsOtpAuthn; import org.maxkey.crypto.password.opt.impl.TimeBasedOtpAuthn; import org.maxkey.crypto.password.opt.impl.sms.SmsOtpAuthnYunxin; +import org.maxkey.persistence.ldap.ActiveDirectoryUtils; +import org.maxkey.persistence.ldap.LdapUtils; import org.mybatis.spring.annotation.MapperScan; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -135,15 +142,61 @@ public class MaxKeyConfig implements InitializingBean { _logger.debug("KeyUri Format " + keyUriFormat); return keyUriFormat; } - + + //可以在此实现其他的登陆认证方式,请实现AbstractAuthenticationRealm @Bean(name = "authenticationRealm") - public JdbcAuthenticationRealm JdbcAuthenticationRealm( + public JdbcAuthenticationRealm authenticationRealm( + JdbcTemplate jdbcTemplate) { + JdbcAuthenticationRealm authenticationRealm = jdbcAuthenticationRealm(jdbcTemplate); + return authenticationRealm; + } + + //JdbcAuthenticationRealm + public JdbcAuthenticationRealm jdbcAuthenticationRealm( JdbcTemplate jdbcTemplate) { JdbcAuthenticationRealm authenticationRealm = new JdbcAuthenticationRealm(jdbcTemplate); _logger.debug("JdbcAuthenticationRealm inited."); return authenticationRealm; } + //LdapAuthenticationRealm + public LdapAuthenticationRealm ldapAuthenticationRealm( + JdbcTemplate jdbcTemplate) { + LdapAuthenticationRealm authenticationRealm = new LdapAuthenticationRealm(jdbcTemplate); + LdapServer ldapServer=new LdapServer(); + String providerUrl = "ldap://localhost:389"; + String principal = "cn=root"; + String credentials = "maxkey"; + String baseDN = "dc=maxkey,dc=top"; + LdapUtils ldapUtils = new LdapUtils(providerUrl,principal,credentials,baseDN); + ldapServer.setLdapUtils(ldapUtils); + ldapServer.setFilterAttribute("uid"); + List ldapServers = new ArrayList(); + ldapServers.add(ldapServer); + authenticationRealm.setLdapServers(ldapServers); + _logger.debug("LdapAuthenticationRealm inited."); + return authenticationRealm; + } + + //ActiveDirectoryAuthenticationRealm + public ActiveDirectoryAuthenticationRealm activeDirectoryAuthenticationRealm( + JdbcTemplate jdbcTemplate) { + ActiveDirectoryAuthenticationRealm authenticationRealm = new ActiveDirectoryAuthenticationRealm(jdbcTemplate); + ActiveDirectoryServer ldapServer=new ActiveDirectoryServer(); + String providerUrl = "ldap://localhost:389"; + String principal = "cn=root"; + String credentials = "maxkey"; + String domain = "maxkey"; + ActiveDirectoryUtils ldapUtils = new ActiveDirectoryUtils(providerUrl,principal,credentials,domain); + ldapServer.setActiveDirectoryUtils(ldapUtils); + + List ldapServers = new ArrayList(); + ldapServers.add(ldapServer); + authenticationRealm.setActiveDirectoryServers(ldapServers); + _logger.debug("LdapAuthenticationRealm inited."); + return authenticationRealm; + } + @Bean(name = "tfaOptAuthn") public TimeBasedOtpAuthn tfaOptAuthn() { TimeBasedOtpAuthn tfaOptAuthn = new TimeBasedOtpAuthn(); diff --git a/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyMvcConfig.java b/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyMvcConfig.java index 60f08045e..9ce67068e 100644 --- a/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyMvcConfig.java +++ b/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyMvcConfig.java @@ -1,7 +1,6 @@ package org.maxkey; import org.maxkey.authn.support.basic.BasicEntryPoint; -import org.maxkey.authn.support.httpheader.HttpHeaderConfig; import org.maxkey.authn.support.httpheader.HttpHeaderEntryPoint; import org.maxkey.web.interceptor.HistoryLoginAppAdapter; import org.maxkey.web.interceptor.HistoryLogsAdapter; @@ -76,11 +75,17 @@ public class MaxKeyMvcConfig implements WebMvcConfigurer { .addPathPatterns("/authz/desktop/*") .addPathPatterns("/authz/formbased/*") .addPathPatterns("/authz/tokenbased/*") + //SAML .addPathPatterns("/authz/saml20/idpinit/*") .addPathPatterns("/authz/saml20/assertion") + .addPathPatterns("/authz/saml20/assertion/") + //CAS .addPathPatterns("/authz/cas/*") .addPathPatterns("/authz/cas/*/*") + .addPathPatterns("/authz/cas/login") + .addPathPatterns("/authz/cas/login/") .addPathPatterns("/authz/cas/granting/*") + //OAuth .addPathPatterns("/oauth/v20/authorize") .addPathPatterns("/oauth/v20/authorize/*") ; @@ -122,8 +127,7 @@ public class MaxKeyMvcConfig implements WebMvcConfigurer { _logger.debug("add LocaleChangeInterceptor"); if(httpHeaderEnable) { - HttpHeaderConfig httpHeaderConfig= new HttpHeaderConfig(this.httpHeaderName,httpHeaderEnable); - registry.addInterceptor(new HttpHeaderEntryPoint(httpHeaderConfig)) + registry.addInterceptor(new HttpHeaderEntryPoint(httpHeaderName,httpHeaderEnable)) .addPathPatterns("/*"); _logger.debug("add HttpHeaderEntryPoint"); }