删除 Api接口相关内容

2025-12-07 01:18:27 +08:00 · 2023-05-23 09:52:01 +08:00 · 2023-05-23 09:52:01 +08:00 · 973d715e47
commit 973d715e47
parent 5ce0b3ce58
4 changed files with 0 additions and 269 deletions
--- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/autoconfigure/MaxKeyMgtMvcConfig.java
+++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/autoconfigure/MaxKeyMgtMvcConfig.java
@ -23,7 +23,6 @@ import org.maxkey.authn.provider.AbstractAuthenticationProvider;
 import org.maxkey.authn.web.CurrentUserMethodArgumentResolver;
 import org.maxkey.authn.web.interceptor.PermissionInterceptor;
 import org.maxkey.configuration.ApplicationConfig;
 import org.maxkey.web.interceptor.RestApiPermissionAdapter;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@ -49,9 +48,6 @@ public class MaxKeyMgtMvcConfig implements WebMvcConfigurer {
    @Autowired
    PermissionInterceptor permissionInterceptor;
    @Autowired
    RestApiPermissionAdapter restApiPermissionAdapter;
    @Override
    public void addResourceHandlers(ResourceHandlerRegistry registry) {
    	_logger.debug("add Resource Handlers");
@ -116,19 +112,6 @@ public class MaxKeyMgtMvcConfig implements WebMvcConfigurer {
        _logger.debug("add Permission Adapter");
        /*
         * api
         * idm
         * scim
         * */
        registry.addInterceptor(restApiPermissionAdapter)
                .addPathPatterns("/api/**")
                .addPathPatterns("/api/idm/**")
                .addPathPatterns("/api/idm/scim/**")
                ;
        _logger.debug("add Rest Api Permission Adapter");
    }
    @Override
--- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/api/endpoint/RestTimeBasedOtpController.java
+++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/api/endpoint/RestTimeBasedOtpController.java
@ -1,60 +0,0 @@
 /*
 * Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
 * 
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * 
 *     http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.maxkey.web.api.endpoint;
 import org.maxkey.entity.UserInfo;
 import org.maxkey.password.onetimepwd.AbstractOtpAuthn;
 import org.maxkey.persistence.service.UserInfoService;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
 import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.ResponseBody;
 import io.swagger.v3.oas.annotations.Operation;
 import io.swagger.v3.oas.annotations.tags.Tag;
@Tag(name = "基于时间令牌验证 API文档模块")
@Controller
@RequestMapping(value={"/im/api/otp"})
 public class RestTimeBasedOtpController {
 	@Autowired
    protected AbstractOtpAuthn timeBasedOtpAuthn;
    @Autowired
    private UserInfoService userInfoService;
    @Operation(summary = "基于时间令牌验证 API文档模块", description = "传递参数username和token",method="GET")
    @ResponseBody
    @RequestMapping(value = "/timebased/validate", method = RequestMethod.GET)
    public boolean getUser(@RequestParam String username,
    							 @RequestParam String token) {
    	UserInfo validUserInfo = userInfoService.findByUsername(username);
    	if(validUserInfo != null) {
    		if(timeBasedOtpAuthn.validate(validUserInfo, token)) {
    			return true;
    		}
    	}
        return false;
    }
 }
--- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/interceptor/Oauth20ApiPermissionAdapter.java
+++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/interceptor/Oauth20ApiPermissionAdapter.java
@ -1,80 +0,0 @@
 /*
 * Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
 * 
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * 
 *     http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.maxkey.web.interceptor;
 import java.util.concurrent.ConcurrentHashMap;
 import javax.servlet.RequestDispatcher;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import org.maxkey.authz.oauth2.provider.OAuth2Authentication;
 import org.maxkey.authz.oauth2.provider.token.DefaultTokenServices;
 import org.maxkey.crypto.password.PasswordReciprocal;
 import org.maxkey.util.RequestTokenUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.stereotype.Component;
 import org.springframework.web.servlet.AsyncHandlerInterceptor;
 /**
 * OAuth v2.0 accessToken认证Interceptor处理.
 * @author Crystal.Sea
 *
 */
@Component
 public class Oauth20ApiPermissionAdapter  implements AsyncHandlerInterceptor  {
 	private static final Logger _logger = LoggerFactory.getLogger(Oauth20ApiPermissionAdapter.class);
 	@Autowired
    protected PasswordReciprocal passwordReciprocal;
 	@Autowired
    private DefaultTokenServices oauth20TokenServices;
 	static  ConcurrentHashMap<String ,String >navigationsMap=null;
 	/*
 	 * 请求前处理
 	 *  (non-Javadoc)
 	 * @see org.springframework.web.servlet.handler.HandlerInterceptorAdapter#preHandle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object)
 	 */
 	@Override
 	public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
 		 _logger.trace("OAuth20 API Permission Adapter pre handle");
 		 String accessToken =  RequestTokenUtils.resolveAccessToken(request);
 		 _logger.trace("access_token {} " , accessToken);
 		 try {
 			 OAuth2Authentication authentication = oauth20TokenServices.loadAuthentication(accessToken);
 			//判断应用的accessToken信息
 			if(authentication != null ){
 			    _logger.trace("authentication "+ authentication);
 			    return true;
 			}
 		 }catch(Exception e) {
 			 _logger.error("load Authentication Exception ! ",e);
 		 }
 		_logger.trace("No Authentication ... forward to /login");
        RequestDispatcher dispatcher = request.getRequestDispatcher("/login");
        dispatcher.forward(request, response);
 		return false;
 	}
 }
--- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/interceptor/RestApiPermissionAdapter.java
+++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/interceptor/RestApiPermissionAdapter.java
@ -1,112 +0,0 @@
 /*
 * Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
 * 
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 * 
 *     http://www.apache.org/licenses/LICENSE-2.0
 * 
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
 package org.maxkey.web.interceptor;
 import java.util.concurrent.ConcurrentHashMap;
 import javax.servlet.RequestDispatcher;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import org.maxkey.authn.web.AuthorizationUtils;
 import org.maxkey.authz.oauth2.provider.OAuth2Authentication;
 import org.maxkey.authz.oauth2.provider.token.DefaultTokenServices;
 import org.maxkey.util.AuthorizationHeader;
 import org.maxkey.util.AuthorizationHeaderUtils;
 import org.maxkey.util.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.authentication.ProviderManager;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.stereotype.Component;
 import org.springframework.web.servlet.AsyncHandlerInterceptor;
 /**
 * basic认证Interceptor处理.
 * @author Crystal.Sea
 *
 */
@Component
 public class RestApiPermissionAdapter  implements AsyncHandlerInterceptor  {
 	private static final Logger _logger = LoggerFactory.getLogger(RestApiPermissionAdapter.class);
 	@Autowired
 	DefaultTokenServices oauth20TokenServices;
 	@Autowired
 	ProviderManager oauth20ClientAuthenticationManager;
 	static  ConcurrentHashMap<String ,String >navigationsMap=null;
 	/*
 	 * 请求前处理
 	 *  (non-Javadoc)
 	 * @see org.springframework.web.servlet.handler.HandlerInterceptorAdapter#preHandle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object)
 	 */
 	@Override
 	public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
 		_logger.trace("Rest API Permission Adapter pre handle");
 		 AuthorizationHeader headerCredential = AuthorizationHeaderUtils.resolve(request);
 		//判断应用的AppId和Secret
 		if(headerCredential != null){
 			UsernamePasswordAuthenticationToken authenticationToken = null;
 			if(headerCredential.isBasic()) {
 			    if(StringUtils.isNotBlank(headerCredential.getUsername())&&
 			    		StringUtils.isNotBlank(headerCredential.getCredential())
 			    		) {
 			    	UsernamePasswordAuthenticationToken authRequest = 
 							new UsernamePasswordAuthenticationToken(
 									headerCredential.getUsername(),
 									headerCredential.getCredential());
 			    	authenticationToken= (UsernamePasswordAuthenticationToken)oauth20ClientAuthenticationManager.authenticate(authRequest);
 			    }
 			}else {
 				_logger.trace("Authentication bearer {}" , headerCredential.getCredential());
 				OAuth2Authentication oauth2Authentication = 
 						oauth20TokenServices.loadAuthentication(headerCredential.getCredential());
 				if(oauth2Authentication != null) {
 					_logger.trace("Authentication token {}" , oauth2Authentication.getPrincipal().toString());
 					authenticationToken= new UsernamePasswordAuthenticationToken(
 			    			new User(
 			    					oauth2Authentication.getPrincipal().toString(), 
 			    					"CLIENT_SECRET", 
 			    					oauth2Authentication.getAuthorities()), 
 	                        "PASSWORD", 
 	                        oauth2Authentication.getAuthorities()
 	                );
 				}else {
 					_logger.trace("Authentication token is null ");
 				}
 			}
 			if(authenticationToken !=null && authenticationToken.isAuthenticated()) {
 				AuthorizationUtils.setAuthentication(authenticationToken);
 				return true;
 			}
 		}
 		_logger.trace("No Authentication ... forward to /login");
        RequestDispatcher dispatcher = request.getRequestDispatcher("/login");
        dispatcher.forward(request, response);
 		return false;
 	}
 }