v2.0.RC1

2025-12-06 17:08:29 +08:00 · 2020-05-26 08:35:33 +08:00 · 2020-05-26 08:35:33 +08:00 · 73b6625294
commit 73b6625294
parent 1ad1db9846
10 changed files with 424 additions and 390 deletions
--- a/maxkey-authentications/src/main/java/org/maxkey/authn/support/httpheader/HttpHeaderConfig.java
+++ b/maxkey-authentications/src/main/java/org/maxkey/authn/support/httpheader/HttpHeaderConfig.java
@ -1,33 +0,0 @@
 package org.maxkey.authn.support.httpheader;
 public class HttpHeaderConfig {
 	String headerName;
 	boolean enable;
 	/**
 	 * 
 	 */
 	public HttpHeaderConfig() {
 	}
 	public String getHeaderName() {
 		return headerName;
 	}
 	public void setHeaderName(String headerName) {
 		this.headerName = headerName;
 	}
 	public boolean isEnable() {
 		return enable;
 	}
 	public void setEnable(boolean enable) {
 		this.enable = enable;
 	}
    public HttpHeaderConfig(String headerName, boolean enable) {
        super();
        this.headerName = headerName;
        this.enable = enable;
    }
 }
--- a/maxkey-authentications/src/main/java/org/maxkey/authn/support/httpheader/HttpHeaderEntryPoint.java
+++ b/maxkey-authentications/src/main/java/org/maxkey/authn/support/httpheader/HttpHeaderEntryPoint.java
@ -15,8 +15,9 @@ import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
 public class HttpHeaderEntryPoint extends HandlerInterceptorAdapter {
 	private static final Logger _logger = LoggerFactory.getLogger(HttpHeaderEntryPoint.class);
-	
+	String headerName;
-	HttpHeaderConfig httpHeaderSupport;
+    boolean enable;
 	String []skipRequestURI={
 			"/oauth/v20/token",
@ -27,7 +28,7 @@ public class HttpHeaderEntryPoint extends HandlerInterceptorAdapter {
 	 @Override
 	 public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
-		 if(!httpHeaderSupport.isEnable()){
+		 if(!enable){
 			 return true;
 		 }
 		 String requestPath=request.getServletPath();
@ -55,7 +56,7 @@ public class HttpHeaderEntryPoint extends HandlerInterceptorAdapter {
 		 }
 		 _logger.info("getSession.getId : "+ request.getSession().getId());
-		 String httpHeaderUsername = request.getHeader(httpHeaderSupport.getHeaderName());
+		 String httpHeaderUsername = request.getHeader(headerName);
 		 _logger.info("HttpHeader username : " + httpHeaderUsername);
@ -94,14 +95,28 @@ public class HttpHeaderEntryPoint extends HandlerInterceptorAdapter {
 	 public HttpHeaderEntryPoint() {
 	        super();
 	 }
-	 
+
-	public HttpHeaderEntryPoint(HttpHeaderConfig httpHeaderSupport) {
+    public HttpHeaderEntryPoint(String headerName, boolean enable) {
        super();
-        this.httpHeaderSupport = httpHeaderSupport;
+        this.headerName = headerName;
        this.enable = enable;
    }
-    public void setHttpHeaderSupport(HttpHeaderConfig httpHeaderSupport) {
+    public String getHeaderName() {
-		this.httpHeaderSupport = httpHeaderSupport;
+        return headerName;
-	}
+    }
    public void setHeaderName(String headerName) {
        this.headerName = headerName;
    }
    public boolean isEnable() {
        return enable;
    }
    public void setEnable(boolean enable) {
        this.enable = enable;
    }
 }
--- a/maxkey-core/src/main/java/org/maxkey/persistence/ldap/ActiveDirectoryUtils.java
+++ b/maxkey-core/src/main/java/org/maxkey/persistence/ldap/ActiveDirectoryUtils.java
@ -1,6 +1,5 @@
 package org.maxkey.persistence.ldap;
 import java.util.Properties;
 import javax.naming.Context;
@ -15,92 +14,86 @@ import org.slf4j.LoggerFactory;
 *
 */
 public class ActiveDirectoryUtils extends LdapUtils {
-	private final static Logger _logger = LoggerFactory.getLogger(ActiveDirectoryUtils.class);
+    private final static Logger _logger = LoggerFactory.getLogger(ActiveDirectoryUtils.class);
 	public final static String sAMAccountName		=		"sAMAccountName";
 	public final static String unicodePwd			=		"unicodePwd";
 	public final static String CN					=		"CN";
 	public final static String servicePrincipalName	=		"servicePrincipalName";
 	public final static String userPrincipalName	=		"userPrincipalName";
 	public final static String userAccountControl	=		"userAccountControl";
-	
+    public final static String sAMAccountName = "sAMAccountName";
-	
+    public final static String unicodePwd = "unicodePwd";
-	
+    public final static String CN = "CN";
 	protected String domain;
-	/**
+    public final static String servicePrincipalName = "servicePrincipalName";
-	 * 
+    public final static String userPrincipalName = "userPrincipalName";
-	 */
+    public final static String userAccountControl = "userAccountControl";
 	public ActiveDirectoryUtils() {
 		super();
 	}
 	public ActiveDirectoryUtils(String providerUrl,String principal,String credentials,String baseDN,String domain) {
 		this.providerUrl=providerUrl;
 		this.principal=principal;
 		this.credentials=credentials;
 		this.searchScope=SearchControls.SUBTREE_SCOPE;
 		this.baseDN=baseDN;
 		this.domain=domain.toUpperCase();
 	}
 	public ActiveDirectoryUtils(String providerUrl,String principal,String credentials,String domain) {
 		this.providerUrl=providerUrl;
 		this.principal=principal;
 		this.credentials=credentials;
 		this.searchScope=SearchControls.SUBTREE_SCOPE;
 		this.domain=domain.toUpperCase();
 	}
 	public ActiveDirectoryUtils(DirContext dirContext) {
 		this.ctx=dirContext;
 	}
 	//connect to ActiveDirectory server
 	@Override
 	public DirContext openConnection(){	     
 		_logger.info("PROVIDER_URL:"+providerUrl);
 		_logger.info("SECURITY_PRINCIPAL:"+principal);
 		_logger.info("SECURITY_CREDENTIALS:"+credentials);
 		//LDAP
 		Properties props = new Properties();
 		props.setProperty(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
 		props.setProperty(Context.URL_PKG_PREFIXES, "com.sun.jndi.url");
 		props.setProperty(Context.REFERRAL, referral);
 		props.setProperty(Context.SECURITY_AUTHENTICATION, "simple");
 		props.setProperty(Context.PROVIDER_URL, providerUrl);
 		if(domain.indexOf(".")>-1){
 			domain=domain.substring(0, domain.indexOf("."));
 		}
 		_logger.info("PROVIDER_DOMAIN:"+domain);
 		String activeDirectoryPrincipal=domain+"\\"+principal;
 		_logger.debug("Active Directory SECURITY_PRINCIPAL : "+activeDirectoryPrincipal);
 		props.setProperty(Context.SECURITY_PRINCIPAL,activeDirectoryPrincipal);
 		props.setProperty(Context.SECURITY_CREDENTIALS, credentials);
 		if(ssl&&providerUrl.toLowerCase().startsWith("ldaps")){
 			System.setProperty("javax.net.ssl.trustStore", trustStore);
 			System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword);
 			props.put(Context.SECURITY_PROTOCOL, "ssl");  
 			props.put(Context.REFERRAL, "follow"); 
 		}
 		return InitialDirContext(props);
 	}
-	public String getDomain() {
+    protected String domain;
 		return domain;
 	}
-	public void setDomain(String domain) {
+    /**
-		this.domain = domain.toUpperCase();
+     * 
-	}
+     */
-	
+    public ActiveDirectoryUtils() {
        super();
    }
-	
+    public ActiveDirectoryUtils(String providerUrl, String principal, String credentials, String baseDN,
            String domain) {
        this.providerUrl = providerUrl;
        this.principal = principal;
        this.credentials = credentials;
        this.searchScope = SearchControls.SUBTREE_SCOPE;
        this.baseDN = baseDN;
        this.domain = domain.toUpperCase();
    }
    public ActiveDirectoryUtils(String providerUrl, String principal, String credentials, String domain) {
        this.providerUrl = providerUrl;
        this.principal = principal;
        this.credentials = credentials;
        this.searchScope = SearchControls.SUBTREE_SCOPE;
        this.domain = domain.toUpperCase();
    }
    public ActiveDirectoryUtils(DirContext dirContext) {
        this.ctx = dirContext;
    }
    // connect to ActiveDirectory server
    @Override
    public DirContext openConnection() {
        _logger.info("PROVIDER_URL:" + providerUrl);
        _logger.info("SECURITY_PRINCIPAL:" + principal);
        _logger.info("SECURITY_CREDENTIALS:" + credentials);
        // LDAP
        Properties props = new Properties();
        props.setProperty(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
        props.setProperty(Context.URL_PKG_PREFIXES, "com.sun.jndi.url");
        props.setProperty(Context.REFERRAL, referral);
        props.setProperty(Context.SECURITY_AUTHENTICATION, "simple");
        props.setProperty(Context.PROVIDER_URL, providerUrl);
        if (domain.indexOf(".") > -1) {
            domain = domain.substring(0, domain.indexOf("."));
        }
        _logger.info("PROVIDER_DOMAIN:" + domain);
        String activeDirectoryPrincipal = domain + "\\" + principal;
        _logger.debug("Active Directory SECURITY_PRINCIPAL : " + activeDirectoryPrincipal);
        props.setProperty(Context.SECURITY_PRINCIPAL, activeDirectoryPrincipal);
        props.setProperty(Context.SECURITY_CREDENTIALS, credentials);
        if (ssl && providerUrl.toLowerCase().startsWith("ldaps")) {
            System.setProperty("javax.net.ssl.trustStore", trustStore);
            System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword);
            props.put(Context.SECURITY_PROTOCOL, "ssl");
            props.put(Context.REFERRAL, "follow");
        }
        return InitialDirContext(props);
    }
    public String getDomain() {
        return domain;
    }
    public void setDomain(String domain) {
        this.domain = domain.toUpperCase();
    }
 }
--- a/maxkey-core/src/main/java/org/maxkey/persistence/ldap/LdapUtils.java
+++ b/maxkey-core/src/main/java/org/maxkey/persistence/ldap/LdapUtils.java
@ -1,6 +1,5 @@
 package org.maxkey.persistence.ldap;
 import java.util.Properties;
 import javax.naming.Context;
@ -18,259 +17,268 @@ import org.slf4j.LoggerFactory;
 *
 */
 public class LdapUtils {
-	private final static Logger _logger = LoggerFactory.getLogger(LdapUtils.class);
+    private static  final Logger _logger = LoggerFactory.getLogger(LdapUtils.class);
 	public final static String propertyBaseDN				=		"baseDN";
 	public final static String propertyDomain				=		"domain";
 	public final static String propertyTrustStore			=		"trustStore";
 	public final static String propertyTrustStorePassword	=		"trustStorePassword";
 	public final static String uid					=		"uid";
 	public final static String userPassword			=		"userPassword";
 	public final static String cn					=		"cn";
 	public final static String displayName			=		"displayName";
 	public final static String givenName			=		"givenName";
 	public final static String sn					=		"sn";
 	public final static String mobile				=		"mobile";
 	public final static String mail					=		"mail";
 	public final static String employeeNumber		=		"employeeNumber";
 	public final static String ou					=		"ou";
 	public final static String manager				=		"manager";
 	public final static String department			=		"department";
 	public final static String departmentNumber		=		"departmentNumber";
 	public final static String title				=		"title";
 	protected DirContext 	ctx;
 	protected String 		baseDN;
 	protected String 		providerUrl;
 	protected String 		principal;
 	protected String 		credentials;
 	protected String 		referral="ignore";
 	protected String 		trustStore;
 	protected String 		trustStorePassword;
 	protected boolean 		ssl;
 	protected int 			searchScope;
-	/**
+    public static final  String propertyBaseDN = "baseDN";
-	 * 
+    public static final  String propertyDomain = "domain";
-	 */
+    public static final  String propertyTrustStore = "trustStore";
-	public LdapUtils() {
+    public static final  String propertyTrustStorePassword = "trustStorePassword";
-		super();
+            
-		this.searchScope=SearchControls.SUBTREE_SCOPE;
+    public static final  String uid = "uid";
-	}
+    public static final  String userPassword = "userPassword";
-	public LdapUtils(String providerUrl,String principal,String credentials) {
+    public static final  String cn = "cn";
-		this.providerUrl=providerUrl;
+    public static final  String displayName = "displayName";
-		this.principal=principal;
+    public static final  String givenName = "givenName";
-		this.credentials=credentials;
+    public static final  String sn = "sn";
-		this.searchScope=SearchControls.SUBTREE_SCOPE;
+    public static final  String mobile = "mobile";
-	}
+    public static final  String mail = "mail";
-	public LdapUtils(String providerUrl,String principal,String credentials,String baseDN) {
+    public static final  String employeeNumber = "employeeNumber";
-		this.providerUrl=providerUrl;
+    public static final  String ou = "ou";
-		this.principal=principal;
+    public static final  String manager = "manager";
-		this.credentials=credentials;
+    public static final  String department = "department";
-		this.searchScope=SearchControls.SUBTREE_SCOPE;
+    public static final  String departmentNumber = "departmentNumber";
-		this.baseDN=baseDN;
+    public static final  String title = "title";
-	}
+
-	
+    protected DirContext ctx;
-	public LdapUtils(DirContext dirContext) {
+    protected String baseDN;
-		this.ctx=dirContext;
+    protected String providerUrl;
-	}
+    protected String principal;
-	
+    protected String credentials;
-	public void setSearchSubTreeScope(){
+    protected String referral = "ignore";
-		this.searchScope=SearchControls.SUBTREE_SCOPE;
+    protected String trustStore;
-	}
+    protected String trustStorePassword;
-	
+    protected boolean ssl;
-	public void setSearchOneLevelScope(){
+    protected int searchScope;
-		this.searchScope=SearchControls.ONELEVEL_SCOPE;
+
-	}
+    /**
-	
+     * 
-	protected DirContext InitialDirContext(Properties properties){
+     */
-		try {
+    public LdapUtils() {
-			ctx = new InitialDirContext(properties);
+        super();
-			_logger.info("connect to ldap "+providerUrl+" seccessful.");
+        this.searchScope = SearchControls.SUBTREE_SCOPE;
-		} catch (NamingException e) {
+    }
-			_logger.error("connect to ldap "+providerUrl+" fail.");
+
-			e.printStackTrace();
+    public LdapUtils(String providerUrl, String principal, String credentials) {
-			_logger.error(e.getMessage());
+        this.providerUrl = providerUrl;
-		}
+        this.principal = principal;
        this.credentials = credentials;
        this.searchScope = SearchControls.SUBTREE_SCOPE;
    }
    public LdapUtils(String providerUrl, String principal, String credentials, String baseDN) {
        this.providerUrl = providerUrl;
        this.principal = principal;
        this.credentials = credentials;
        this.searchScope = SearchControls.SUBTREE_SCOPE;
        this.baseDN = baseDN;
    }
    public LdapUtils(DirContext dirContext) {
        this.ctx = dirContext;
    }
    public void setSearchSubTreeScope() {
        this.searchScope = SearchControls.SUBTREE_SCOPE;
    }
    public void setSearchOneLevelScope() {
        this.searchScope = SearchControls.ONELEVEL_SCOPE;
    }
    protected DirContext InitialDirContext(Properties properties) {
        try {
            ctx = new InitialDirContext(properties);
            _logger.info("connect to ldap " + providerUrl + " seccessful.");
        } catch (NamingException e) {
            _logger.error("connect to ldap " + providerUrl + " fail.");
            e.printStackTrace();
            _logger.error(e.getMessage());
        }
        return ctx;
-	}
+    }
 	//connect to ldap server
 	public DirContext openConnection(){	     
 		_logger.info("PROVIDER_URL:"+providerUrl);
 		_logger.info("SECURITY_PRINCIPAL:"+principal);
 		_logger.info("SECURITY_CREDENTIALS:"+credentials);
 		//LDAP
 		Properties props = new Properties();
 		props.setProperty(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
 		props.setProperty(Context.URL_PKG_PREFIXES, "com.sun.jndi.url");
 		props.setProperty(Context.REFERRAL, referral);
 		props.setProperty(Context.SECURITY_AUTHENTICATION, "simple");
 		props.setProperty(Context.PROVIDER_URL, providerUrl);
 		props.setProperty(Context.SECURITY_PRINCIPAL,principal);
 		props.setProperty(Context.SECURITY_CREDENTIALS, credentials);
 		if(ssl&&providerUrl.toLowerCase().startsWith("ldaps")){
 			System.setProperty("javax.net.ssl.trustStore", trustStore);
 			System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword);
 			props.put(Context.SECURITY_PROTOCOL, "ssl");  
 			props.put(Context.REFERRAL, "follow");  
 		}
        return InitialDirContext(props);
 	}
 	public boolean authenticate(){
 		openConnection();
 		if(this.ctx!=null){
 			close();
 			return true;
 		}else{
 			return false;
 		}
 	}
 	public void  close(){
 		close(this.ctx);
 	}
 	public void  close( DirContext ctx){
 		if (null != ctx) {
 			try{
 				ctx.close();
 			}catch(Exception e){
 				e.printStackTrace();
 				_logger.error(e.getMessage());
 			}finally{
 				ctx=null;
 			}
 		}
 	}
 	public DirContext getCtx() {
 		return ctx;
 	}
 	public DirContext  getConnection(){
 		if(ctx==null){
 			openConnection();
 		}
 		return ctx;
 	}
-	/**
+    // connect to ldap server
-	 * @return the baseDN
+    public DirContext openConnection() {
-	 */
+        _logger.info("PROVIDER_URL:" + providerUrl);
-	public String getBaseDN() {
+        _logger.info("SECURITY_PRINCIPAL:" + principal);
-		return baseDN;
+        _logger.info("SECURITY_CREDENTIALS:" + credentials);
-	}
+        // LDAP
-	/**
+        Properties props = new Properties();
-	 * @param baseDN the baseDN to set
+        props.setProperty(Context.INITIAL_CONTEXT_FACTORY, "com.sun.jndi.ldap.LdapCtxFactory");
-	 */
+        props.setProperty(Context.URL_PKG_PREFIXES, "com.sun.jndi.url");
-	public void setBaseDN(String baseDN) {
+        props.setProperty(Context.REFERRAL, referral);
-		this.baseDN = baseDN;
+        props.setProperty(Context.SECURITY_AUTHENTICATION, "simple");
-	}
+
-	/**
+        props.setProperty(Context.PROVIDER_URL, providerUrl);
-	 * @return the searchScope
+        props.setProperty(Context.SECURITY_PRINCIPAL, principal);
-	 */
+        props.setProperty(Context.SECURITY_CREDENTIALS, credentials);
-	public int getSearchScope() {
+
-		return searchScope;
+        if (ssl && providerUrl.toLowerCase().startsWith("ldaps")) {
-	}
+            System.setProperty("javax.net.ssl.trustStore", trustStore);
-	/**
+            System.setProperty("javax.net.ssl.trustStorePassword", trustStorePassword);
-	 * @return the providerUrl
+            props.put(Context.SECURITY_PROTOCOL, "ssl");
-	 */
+            props.put(Context.REFERRAL, "follow");
-	public String getProviderUrl() {
+        }
-		return providerUrl;
+
-	}
+        return InitialDirContext(props);
-	
+    }
-	public String getPrincipal() {
+
-		return principal;
+    public boolean authenticate() {
-	}
+        openConnection();
-	public void setPrincipal(String principal) {
+        if (this.ctx != null) {
-		this.principal = principal;
+            close();
-	}
+            return true;
-	public String getCredentials() {
+        } else {
-		return credentials;
+            return false;
-	}
+        }
-	public void setCredentials(String credentials) {
+    }
-		this.credentials = credentials;
+
-	}
+    public void close() {
-	public void setProviderUrl(String providerUrl) {
+        close(this.ctx);
-		this.providerUrl = providerUrl;
+    }
-	}
+
-	
+    public void close(DirContext ctx) {
-	
+        if (null != ctx) {
-	/**
+            try {
-	 * @return the trustStore
+                ctx.close();
-	 */
+            } catch (Exception e) {
-	public String getTrustStore() {
+                e.printStackTrace();
-		return trustStore;
+                _logger.error(e.getMessage());
-	}
+            } finally {
-	/**
+                ctx = null;
-	 * @param trustStore the trustStore to set
+            }
-	 */
+        }
-	public void setTrustStore(String trustStore) {
+    }
-		this.trustStore = trustStore;
+
-	}
+    public DirContext getCtx() {
-	/**
+        return ctx;
-	 * @return the ssl
+    }
-	 */
+
-	public boolean isSsl() {
+    public DirContext getConnection() {
-		return ssl;
+        if (ctx == null) {
-	}
+            openConnection();
-	/**
+        }
-	 * @param ssl the ssl to set
+
-	 */
+        return ctx;
-	public void setSsl(boolean ssl) {
+    }
-		this.ssl = ssl;
+
-	}
+    /**
-	/**
+     * @return the baseDN
-	 * @return the referral
+     */
-	 */
+    public String getBaseDN() {
-	public String getReferral() {
+        return baseDN;
-		return referral;
+    }
-	}
+
-	/**
+    /**
-	 * @param referral the referral to set
+     * @param baseDN the baseDN to set
-	 */
+     */
-	public void setReferral(String referral) {
+    public void setBaseDN(String baseDN) {
-		this.referral = referral;
+        this.baseDN = baseDN;
-	}
+    }
-	
+
-	
+    /**
-	/**
+     * @return the searchScope
-	 * @return the trustStorePassword
+     */
-	 */
+    public int getSearchScope() {
-	public String getTrustStorePassword() {
+        return searchScope;
-		return trustStorePassword;
+    }
-	}
+
-	/**
+    /**
-	 * @param trustStorePassword the trustStorePassword to set
+     * @return the providerUrl
-	 */
+     */
-	public void setTrustStorePassword(String trustStorePassword) {
+    public String getProviderUrl() {
-		this.trustStorePassword = trustStorePassword;
+        return providerUrl;
-	}
+    }
-	
+
-	
+    public String getPrincipal() {
-	public static String getAttrStringValue(Attributes attrs, String elem) {
+        return principal;
-		String value = "";
+    }
-		try {
+
-			if (attrs.get(elem) != null) {
+    public void setPrincipal(String principal) {
-				for (int i = 0; i < attrs.get(elem).size(); i++) {
+        this.principal = principal;
-					value += "," + attrs.get(elem).get(i).toString();
+    }
-				}
+
-				value = value.substring(1);
+    public String getCredentials() {
-			}
+        return credentials;
-		} catch (NamingException e) {
+    }
-			e.printStackTrace();
+
-			_logger.error(e.getMessage());
+    public void setCredentials(String credentials) {
-		}
+        this.credentials = credentials;
-		return value;
+    }
-	}
+
    public void setProviderUrl(String providerUrl) {
        this.providerUrl = providerUrl;
    }
    /**
     * @return the trustStore
     */
    public String getTrustStore() {
        return trustStore;
    }
    /**
     * @param trustStore the trustStore to set
     */
    public void setTrustStore(String trustStore) {
        this.trustStore = trustStore;
    }
    /**
     * @return the ssl
     */
    public boolean isSsl() {
        return ssl;
    }
    /**
     * @param ssl the ssl to set
     */
    public void setSsl(boolean ssl) {
        this.ssl = ssl;
    }
    /**
     * @return the referral
     */
    public String getReferral() {
        return referral;
    }
    /**
     * @param referral the referral to set
     */
    public void setReferral(String referral) {
        this.referral = referral;
    }
    /**
     * @return the trustStorePassword
     */
    public String getTrustStorePassword() {
        return trustStorePassword;
    }
    /**
     * @param trustStorePassword the trustStorePassword to set
     */
    public void setTrustStorePassword(String trustStorePassword) {
        this.trustStorePassword = trustStorePassword;
    }
    public static String getAttrStringValue(Attributes attrs, String elem) {
        String value = "";
        try {
            if (attrs.get(elem) != null) {
                for (int i = 0; i < attrs.get(elem).size(); i++) {
                    value += "," + attrs.get(elem).get(i).toString();
                }
                value = value.substring(1);
            }
        } catch (NamingException e) {
            e.printStackTrace();
            _logger.error(e.getMessage());
        }
        return value;
    }
 }
--- a/maxkey-dao/src/main/java/org/maxkey/dao/service/AppsDesktopDetailsService.java
+++ b/maxkey-dao/src/main/java/org/maxkey/dao/service/AppsDesktopDetailsService.java
@ -2,7 +2,6 @@ package org.maxkey.dao.service;
 import org.apache.mybatis.jpa.persistence.JpaBaseService;
 import org.maxkey.dao.persistence.AppsDesktopDetailsMapper;
 import org.maxkey.domain.apps.AppsCasDetails;
 import org.maxkey.domain.apps.AppsDesktopDetails;
 import org.springframework.stereotype.Service;
--- a/maxkey-dao/src/main/java/org/maxkey/dao/service/AppsFormBasedDetailsService.java
+++ b/maxkey-dao/src/main/java/org/maxkey/dao/service/AppsFormBasedDetailsService.java
@ -2,7 +2,6 @@ package org.maxkey.dao.service;
 import org.apache.mybatis.jpa.persistence.JpaBaseService;
 import org.maxkey.dao.persistence.AppsFormBasedDetailsMapper;
 import org.maxkey.domain.apps.AppsCasDetails;
 import org.maxkey.domain.apps.AppsFormBasedDetails;
 import org.springframework.stereotype.Service;
--- a/maxkey-dao/src/main/java/org/maxkey/dao/service/GroupMemberService.java
+++ b/maxkey-dao/src/main/java/org/maxkey/dao/service/GroupMemberService.java
@ -1,10 +1,8 @@
 package org.maxkey.dao.service;
 import org.apache.mybatis.jpa.persistence.JpaBaseService;
 import org.apache.mybatis.jpa.persistence.JpaPageResults;
 import org.maxkey.dao.persistence.GroupMemberMapper;
 import org.maxkey.domain.GroupMember;
 import org.maxkey.domain.UserInfo;
 import org.springframework.stereotype.Service;
@Service
--- a/maxkey-web-manage/src/main/java/org/maxkey/MaxKeyMgtApplication.java
+++ b/maxkey-web-manage/src/main/java/org/maxkey/MaxKeyMgtApplication.java
@ -53,11 +53,9 @@ public class MaxKeyMgtApplication extends SpringBootServletInitializer {
 		_logger.info("MaxKeyMgt Server Port "+applicationContext.getBean(MaxKeyMgtConfig.class).getPort());
 		_logger.info("MaxKeyMgt started.");
 	}
 	protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
 		return application.sources(MaxKeyMgtApplication.class);
 	}
--- a/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java
+++ b/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java
@ -10,6 +10,11 @@ import org.apache.catalina.connector.Connector;
 import org.apache.tomcat.util.descriptor.web.SecurityCollection;
 import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
 import org.maxkey.authn.realm.jdbc.JdbcAuthenticationRealm;
 import org.maxkey.authn.realm.ldap.LdapAuthenticationRealm;
 import org.maxkey.authn.realm.ldap.LdapServer;
 import org.maxkey.authn.realm.IAuthenticationServer;
 import org.maxkey.authn.realm.activedirectory.ActiveDirectoryAuthenticationRealm;
 import org.maxkey.authn.realm.activedirectory.ActiveDirectoryServer;
 import org.maxkey.authn.support.kerberos.KerberosProxy;
 import org.maxkey.authn.support.kerberos.RemoteKerberosService;
 import org.maxkey.authn.support.socialsignon.service.JdbcSocialsAssociateService;
@ -21,6 +26,8 @@ import org.maxkey.crypto.password.opt.impl.MailOtpAuthn;
 import org.maxkey.crypto.password.opt.impl.SmsOtpAuthn;
 import org.maxkey.crypto.password.opt.impl.TimeBasedOtpAuthn;
 import org.maxkey.crypto.password.opt.impl.sms.SmsOtpAuthnYunxin;
 import org.maxkey.persistence.ldap.ActiveDirectoryUtils;
 import org.maxkey.persistence.ldap.LdapUtils;
 import org.mybatis.spring.annotation.MapperScan;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@ -135,15 +142,61 @@ public class MaxKeyConfig  implements InitializingBean {
        _logger.debug("KeyUri Format " + keyUriFormat);
        return keyUriFormat;
    }
-
+    
    //可以在此实现其他的登陆认证方式，请实现AbstractAuthenticationRealm
    @Bean(name = "authenticationRealm")
-    public JdbcAuthenticationRealm JdbcAuthenticationRealm(
+    public JdbcAuthenticationRealm authenticationRealm(
                JdbcTemplate jdbcTemplate) {
        JdbcAuthenticationRealm authenticationRealm = jdbcAuthenticationRealm(jdbcTemplate);
        return authenticationRealm;
    }
    //JdbcAuthenticationRealm
    public JdbcAuthenticationRealm jdbcAuthenticationRealm(
                JdbcTemplate jdbcTemplate) {
        JdbcAuthenticationRealm authenticationRealm = new JdbcAuthenticationRealm(jdbcTemplate);
        _logger.debug("JdbcAuthenticationRealm inited.");
        return authenticationRealm;
    }
    //LdapAuthenticationRealm
    public LdapAuthenticationRealm ldapAuthenticationRealm(
                JdbcTemplate jdbcTemplate) {
        LdapAuthenticationRealm authenticationRealm = new LdapAuthenticationRealm(jdbcTemplate);
        LdapServer ldapServer=new LdapServer();
        String providerUrl = "ldap://localhost:389";
        String principal = "cn=root";
        String credentials = "maxkey";
        String baseDN = "dc=maxkey,dc=top";
        LdapUtils ldapUtils = new LdapUtils(providerUrl,principal,credentials,baseDN);
        ldapServer.setLdapUtils(ldapUtils);
        ldapServer.setFilterAttribute("uid");
        List<IAuthenticationServer> ldapServers = new ArrayList<IAuthenticationServer>();
        ldapServers.add(ldapServer);
        authenticationRealm.setLdapServers(ldapServers);
        _logger.debug("LdapAuthenticationRealm inited.");
        return authenticationRealm;
    }
    //ActiveDirectoryAuthenticationRealm
    public ActiveDirectoryAuthenticationRealm activeDirectoryAuthenticationRealm(
                JdbcTemplate jdbcTemplate) {
        ActiveDirectoryAuthenticationRealm authenticationRealm = new ActiveDirectoryAuthenticationRealm(jdbcTemplate);
        ActiveDirectoryServer ldapServer=new ActiveDirectoryServer();
        String providerUrl = "ldap://localhost:389";
        String principal = "cn=root";
        String credentials = "maxkey";
        String domain = "maxkey";
        ActiveDirectoryUtils ldapUtils = new ActiveDirectoryUtils(providerUrl,principal,credentials,domain);
        ldapServer.setActiveDirectoryUtils(ldapUtils);
        List<IAuthenticationServer> ldapServers = new ArrayList<IAuthenticationServer>();
        ldapServers.add(ldapServer);
        authenticationRealm.setActiveDirectoryServers(ldapServers);
        _logger.debug("LdapAuthenticationRealm inited.");
        return authenticationRealm;
    }
    @Bean(name = "tfaOptAuthn")
    public TimeBasedOtpAuthn tfaOptAuthn() {
        TimeBasedOtpAuthn tfaOptAuthn = new TimeBasedOtpAuthn();
--- a/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyMvcConfig.java
+++ b/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyMvcConfig.java
@ -1,7 +1,6 @@
 package org.maxkey;
 import org.maxkey.authn.support.basic.BasicEntryPoint;
 import org.maxkey.authn.support.httpheader.HttpHeaderConfig;
 import org.maxkey.authn.support.httpheader.HttpHeaderEntryPoint;
 import org.maxkey.web.interceptor.HistoryLoginAppAdapter;
 import org.maxkey.web.interceptor.HistoryLogsAdapter;
@ -76,11 +75,17 @@ public class MaxKeyMvcConfig implements WebMvcConfigurer {
                .addPathPatterns("/authz/desktop/*")
                .addPathPatterns("/authz/formbased/*")
                .addPathPatterns("/authz/tokenbased/*")
                //SAML
                .addPathPatterns("/authz/saml20/idpinit/*")
                .addPathPatterns("/authz/saml20/assertion")
                .addPathPatterns("/authz/saml20/assertion/")
                //CAS
                .addPathPatterns("/authz/cas/*")
                .addPathPatterns("/authz/cas/*/*")
                .addPathPatterns("/authz/cas/login")
                .addPathPatterns("/authz/cas/login/")
                .addPathPatterns("/authz/cas/granting/*")
                //OAuth
                .addPathPatterns("/oauth/v20/authorize")
                .addPathPatterns("/oauth/v20/authorize/*")
                ;
@ -122,8 +127,7 @@ public class MaxKeyMvcConfig implements WebMvcConfigurer {
        _logger.debug("add LocaleChangeInterceptor");
        if(httpHeaderEnable) {
-            HttpHeaderConfig httpHeaderConfig= new HttpHeaderConfig(this.httpHeaderName,httpHeaderEnable);
+            registry.addInterceptor(new HttpHeaderEntryPoint(httpHeaderName,httpHeaderEnable))
            registry.addInterceptor(new HttpHeaderEntryPoint(httpHeaderConfig))
                    .addPathPatterns("/*");
            _logger.debug("add HttpHeaderEntryPoint");
        }