diff --git a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/autoconfigure/MaxKeyMgtMvcConfig.java b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/autoconfigure/MaxKeyMgtMvcConfig.java index df921f66a..ed79133a2 100644 --- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/autoconfigure/MaxKeyMgtMvcConfig.java +++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/autoconfigure/MaxKeyMgtMvcConfig.java @@ -23,7 +23,6 @@ import org.maxkey.authn.provider.AbstractAuthenticationProvider; import org.maxkey.authn.web.CurrentUserMethodArgumentResolver; import org.maxkey.authn.web.interceptor.PermissionInterceptor; import org.maxkey.configuration.ApplicationConfig; -import org.maxkey.web.interceptor.RestApiPermissionAdapter; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -49,9 +48,6 @@ public class MaxKeyMgtMvcConfig implements WebMvcConfigurer { @Autowired PermissionInterceptor permissionInterceptor; - @Autowired - RestApiPermissionAdapter restApiPermissionAdapter; - @Override public void addResourceHandlers(ResourceHandlerRegistry registry) { _logger.debug("add Resource Handlers"); @@ -115,19 +111,6 @@ public class MaxKeyMgtMvcConfig implements WebMvcConfigurer { ; _logger.debug("add Permission Adapter"); - - /* - * api - * idm - * scim - * */ - registry.addInterceptor(restApiPermissionAdapter) - .addPathPatterns("/api/**") - .addPathPatterns("/api/idm/**") - .addPathPatterns("/api/idm/scim/**") - ; - - _logger.debug("add Rest Api Permission Adapter"); } diff --git a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/api/endpoint/RestTimeBasedOtpController.java b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/api/endpoint/RestTimeBasedOtpController.java deleted file mode 100644 index a7d2f71fb..000000000 --- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/api/endpoint/RestTimeBasedOtpController.java +++ /dev/null @@ -1,60 +0,0 @@ -/* - * Copyright [2020] [MaxKey of copyright http://www.maxkey.top] - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - - -package org.maxkey.web.api.endpoint; - -import org.maxkey.entity.UserInfo; -import org.maxkey.password.onetimepwd.AbstractOtpAuthn; -import org.maxkey.persistence.service.UserInfoService; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Controller; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RequestMethod; -import org.springframework.web.bind.annotation.RequestParam; -import org.springframework.web.bind.annotation.ResponseBody; -import io.swagger.v3.oas.annotations.Operation; -import io.swagger.v3.oas.annotations.tags.Tag; - -@Tag(name = "基于时间令牌验证 API文档模块") -@Controller -@RequestMapping(value={"/im/api/otp"}) -public class RestTimeBasedOtpController { - - @Autowired - protected AbstractOtpAuthn timeBasedOtpAuthn; - - @Autowired - private UserInfoService userInfoService; - - @Operation(summary = "基于时间令牌验证 API文档模块", description = "传递参数username和token",method="GET") - @ResponseBody - @RequestMapping(value = "/timebased/validate", method = RequestMethod.GET) - public boolean getUser(@RequestParam String username, - @RequestParam String token) { - - UserInfo validUserInfo = userInfoService.findByUsername(username); - if(validUserInfo != null) { - if(timeBasedOtpAuthn.validate(validUserInfo, token)) { - return true; - } - } - - return false; - } - - -} diff --git a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/interceptor/Oauth20ApiPermissionAdapter.java b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/interceptor/Oauth20ApiPermissionAdapter.java deleted file mode 100644 index d68d700c3..000000000 --- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/interceptor/Oauth20ApiPermissionAdapter.java +++ /dev/null @@ -1,80 +0,0 @@ -/* - * Copyright [2020] [MaxKey of copyright http://www.maxkey.top] - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - - -package org.maxkey.web.interceptor; - -import java.util.concurrent.ConcurrentHashMap; - -import javax.servlet.RequestDispatcher; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.maxkey.authz.oauth2.provider.OAuth2Authentication; -import org.maxkey.authz.oauth2.provider.token.DefaultTokenServices; -import org.maxkey.crypto.password.PasswordReciprocal; -import org.maxkey.util.RequestTokenUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.stereotype.Component; -import org.springframework.web.servlet.AsyncHandlerInterceptor; - -/** - * OAuth v2.0 accessToken认证Interceptor处理. - * @author Crystal.Sea - * - */ -@Component -public class Oauth20ApiPermissionAdapter implements AsyncHandlerInterceptor { - private static final Logger _logger = LoggerFactory.getLogger(Oauth20ApiPermissionAdapter.class); - - @Autowired - protected PasswordReciprocal passwordReciprocal; - - @Autowired - private DefaultTokenServices oauth20TokenServices; - - static ConcurrentHashMapnavigationsMap=null; - - /* - * 请求前处理 - * (non-Javadoc) - * @see org.springframework.web.servlet.handler.HandlerInterceptorAdapter#preHandle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object) - */ - @Override - public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception { - _logger.trace("OAuth20 API Permission Adapter pre handle"); - String accessToken = RequestTokenUtils.resolveAccessToken(request); - _logger.trace("access_token {} " , accessToken); - try { - OAuth2Authentication authentication = oauth20TokenServices.loadAuthentication(accessToken); - //判断应用的accessToken信息 - if(authentication != null ){ - _logger.trace("authentication "+ authentication); - return true; - } - }catch(Exception e) { - _logger.error("load Authentication Exception ! ",e); - } - - _logger.trace("No Authentication ... forward to /login"); - RequestDispatcher dispatcher = request.getRequestDispatcher("/login"); - dispatcher.forward(request, response); - - return false; - } -} diff --git a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/interceptor/RestApiPermissionAdapter.java b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/interceptor/RestApiPermissionAdapter.java deleted file mode 100644 index 68a52c89d..000000000 --- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/interceptor/RestApiPermissionAdapter.java +++ /dev/null @@ -1,112 +0,0 @@ -/* - * Copyright [2020] [MaxKey of copyright http://www.maxkey.top] - * - * Licensed under the Apache License, Version 2.0 (the "License"); - * you may not use this file except in compliance with the License. - * You may obtain a copy of the License at - * - * http://www.apache.org/licenses/LICENSE-2.0 - * - * Unless required by applicable law or agreed to in writing, software - * distributed under the License is distributed on an "AS IS" BASIS, - * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - * See the License for the specific language governing permissions and - * limitations under the License. - */ - - -package org.maxkey.web.interceptor; - -import java.util.concurrent.ConcurrentHashMap; -import javax.servlet.RequestDispatcher; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -import org.maxkey.authn.web.AuthorizationUtils; -import org.maxkey.authz.oauth2.provider.OAuth2Authentication; -import org.maxkey.authz.oauth2.provider.token.DefaultTokenServices; -import org.maxkey.util.AuthorizationHeader; -import org.maxkey.util.AuthorizationHeaderUtils; -import org.maxkey.util.StringUtils; -import org.slf4j.Logger; -import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.authentication.ProviderManager; -import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; -import org.springframework.security.core.userdetails.User; -import org.springframework.stereotype.Component; -import org.springframework.web.servlet.AsyncHandlerInterceptor; - -/** - * basic认证Interceptor处理. - * @author Crystal.Sea - * - */ -@Component -public class RestApiPermissionAdapter implements AsyncHandlerInterceptor { - private static final Logger _logger = LoggerFactory.getLogger(RestApiPermissionAdapter.class); - - @Autowired - DefaultTokenServices oauth20TokenServices; - - @Autowired - ProviderManager oauth20ClientAuthenticationManager; - - static ConcurrentHashMapnavigationsMap=null; - - /* - * 请求前处理 - * (non-Javadoc) - * @see org.springframework.web.servlet.handler.HandlerInterceptorAdapter#preHandle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object) - */ - @Override - public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception { - _logger.trace("Rest API Permission Adapter pre handle"); - AuthorizationHeader headerCredential = AuthorizationHeaderUtils.resolve(request); - - //判断应用的AppId和Secret - if(headerCredential != null){ - UsernamePasswordAuthenticationToken authenticationToken = null; - if(headerCredential.isBasic()) { - if(StringUtils.isNotBlank(headerCredential.getUsername())&& - StringUtils.isNotBlank(headerCredential.getCredential()) - ) { - UsernamePasswordAuthenticationToken authRequest = - new UsernamePasswordAuthenticationToken( - headerCredential.getUsername(), - headerCredential.getCredential()); - authenticationToken= (UsernamePasswordAuthenticationToken)oauth20ClientAuthenticationManager.authenticate(authRequest); - } - }else { - _logger.trace("Authentication bearer {}" , headerCredential.getCredential()); - OAuth2Authentication oauth2Authentication = - oauth20TokenServices.loadAuthentication(headerCredential.getCredential()); - - if(oauth2Authentication != null) { - _logger.trace("Authentication token {}" , oauth2Authentication.getPrincipal().toString()); - authenticationToken= new UsernamePasswordAuthenticationToken( - new User( - oauth2Authentication.getPrincipal().toString(), - "CLIENT_SECRET", - oauth2Authentication.getAuthorities()), - "PASSWORD", - oauth2Authentication.getAuthorities() - ); - }else { - _logger.trace("Authentication token is null "); - } - } - - if(authenticationToken !=null && authenticationToken.isAuthenticated()) { - AuthorizationUtils.setAuthentication(authenticationToken); - return true; - } - } - - _logger.trace("No Authentication ... forward to /login"); - RequestDispatcher dispatcher = request.getRequestDispatcher("/login"); - dispatcher.forward(request, response); - - return false; - } -}