diff --git a/build.gradle b/build.gradle index 2877a5c02..f158b52a6 100644 --- a/build.gradle +++ b/build.gradle @@ -67,15 +67,28 @@ allprojects { //apply plugin: "pmd" //apply plugin: "findbugs" //apply plugin: "jdepend" - + /* + plugins { + java { + toolchain { + languageVersion = JavaLanguageVersion.of(16) + } + } + } + */ configurations.all { transitive = false// 为本依赖关闭依赖传递特性 } //java Version - sourceCompatibility = 1.8 - targetCompatibility = 1.8 - compileJava.options.encoding = 'UTF-8' + sourceCompatibility = 8 + targetCompatibility = 8 + //compileJava.options.encoding = 'UTF-8' + compileJava { + //options.release = 15 + options.encoding = 'UTF-8' + } + eclipse { /* 第一次时请注释这段eclipse设置,可能报错,设置工程字符集 jdt { @@ -401,6 +414,7 @@ subprojects { implementation group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-yaml', version: "${jacksonVersion}" implementation group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-xml', version: "${jacksonVersion}" implementation group: 'com.fasterxml.jackson.module', name: 'jackson-module-parameter-names', version: "${jacksonVersion}" + implementation group: 'com.fasterxml.jackson.module', name: 'jackson-module-jaxb-annotations', version: "${jacksonVersion}" implementation group: 'com.fasterxml', name: 'classmate', version: "${classmateVersion}" implementation group: 'com.alibaba', name: 'fastjson', version: "${fastjsonVersion}" //docs diff --git a/config/build_docker.gradle b/config/build_docker.gradle index f57761cdf..edb199b0b 100644 --- a/config/build_docker.gradle +++ b/config/build_docker.gradle @@ -366,6 +366,7 @@ subprojects { implementation group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-yaml', version: "${jacksonVersion}" implementation group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-xml', version: "${jacksonVersion}" implementation group: 'com.fasterxml.jackson.module', name: 'jackson-module-parameter-names', version: "${jacksonVersion}" + implementation group: 'com.fasterxml.jackson.module', name: 'jackson-module-jaxb-annotations', version: "${jacksonVersion}" implementation group: 'com.fasterxml', name: 'classmate', version: "${classmateVersion}" implementation group: 'com.alibaba', name: 'fastjson', version: "${fastjsonVersion}" //docs diff --git a/config/build_jar.gradle b/config/build_jar.gradle index a44bc2cc1..bf17e66b3 100644 --- a/config/build_jar.gradle +++ b/config/build_jar.gradle @@ -366,6 +366,7 @@ subprojects { implementation group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-yaml', version: "${jacksonVersion}" implementation group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-xml', version: "${jacksonVersion}" implementation group: 'com.fasterxml.jackson.module', name: 'jackson-module-parameter-names', version: "${jacksonVersion}" + implementation group: 'com.fasterxml.jackson.module', name: 'jackson-module-jaxb-annotations', version: "${jacksonVersion}" implementation group: 'com.fasterxml', name: 'classmate', version: "${classmateVersion}" implementation group: 'com.alibaba', name: 'fastjson', version: "${fastjsonVersion}" //docs diff --git a/config/build_standard.gradle b/config/build_standard.gradle index f998d5cd3..10201f655 100644 --- a/config/build_standard.gradle +++ b/config/build_standard.gradle @@ -401,6 +401,7 @@ subprojects { implementation group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-yaml', version: "${jacksonVersion}" implementation group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-xml', version: "${jacksonVersion}" implementation group: 'com.fasterxml.jackson.module', name: 'jackson-module-parameter-names', version: "${jacksonVersion}" + implementation group: 'com.fasterxml.jackson.module', name: 'jackson-module-jaxb-annotations', version: "${jacksonVersion}" implementation group: 'com.fasterxml', name: 'classmate', version: "${classmateVersion}" implementation group: 'com.alibaba', name: 'fastjson', version: "${fastjsonVersion}" //docs diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/jwt/JwtLoginService.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/jwt/JwtLoginService.java index 97bf77176..5f3421b47 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/jwt/JwtLoginService.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/jwt/JwtLoginService.java @@ -29,7 +29,6 @@ import com.nimbusds.jwt.SignedJWT; import java.util.Date; import java.util.UUID; import org.joda.time.DateTime; -import org.maxkey.configuration.oidc.OIDCProviderMetadataDetails; import org.maxkey.crypto.jwt.signer.service.impl.DefaultJwtSigningAndValidationService; import org.maxkey.web.WebContext; import org.slf4j.Logger; @@ -39,33 +38,31 @@ import org.slf4j.LoggerFactory; public class JwtLoginService { private static final Logger _logger = LoggerFactory.getLogger(JwtLoginService.class); - - OIDCProviderMetadataDetails jwtProviderMetadata; - + String issuer; + DefaultJwtSigningAndValidationService jwtSignerValidationService; public JwtLoginService( - OIDCProviderMetadataDetails jwtProviderMetadata, - DefaultJwtSigningAndValidationService jwtSignerValidationService + DefaultJwtSigningAndValidationService jwtSignerValidationService, + String issuer ) { - this.jwtProviderMetadata = jwtProviderMetadata; this.jwtSignerValidationService = jwtSignerValidationService; - + this.issuer = issuer; } public String buildLoginJwt() { - _logger.debug("buildLoginJwt ."); + _logger.debug("build Login JWT ."); DateTime currentDateTime = DateTime.now(); Date expirationTime = currentDateTime.plusMinutes(5).toDate(); - _logger.debug("expiration Time : " + expirationTime); + _logger.debug("Expiration Time : " + expirationTime); JWTClaimsSet jwtClaims = new JWTClaimsSet.Builder().subject(WebContext.getSession().getId()) - .expirationTime(expirationTime).issuer(jwtProviderMetadata.getIssuer()) + .expirationTime(expirationTime).issuer(getIssuer()) .issueTime(currentDateTime.toDate()).jwtID(UUID.randomUUID().toString()).build(); JWT jwtToken = new PlainJWT(jwtClaims); - _logger.info("jwt Claims : " + jwtClaims.toString()); + _logger.info("JWT Claims : " + jwtClaims.toString()); JWSAlgorithm signingAlg = jwtSignerValidationService.getDefaultSigningAlgorithm(); @@ -74,7 +71,7 @@ public class JwtLoginService { jwtSignerValidationService.signJwt((SignedJWT) jwtToken); String tokenString = jwtToken.serialize(); - _logger.debug("jwt Token : " + tokenString); + _logger.debug("JWT Token : " + tokenString); return tokenString; } @@ -82,57 +79,55 @@ public class JwtLoginService { SignedJWT signedJWT = null; JWTClaimsSet jwtClaimsSet = null; try { - - RSASSAVerifier rsaSSAVerifier = new RSASSAVerifier(((RSAKey) jwtSignerValidationService.getAllPublicKeys() - .get(jwtSignerValidationService.getDefaultSignerKeyId())).toRSAPublicKey()); + RSASSAVerifier rsaSSAVerifier = + new RSASSAVerifier(((RSAKey) jwtSignerValidationService.getAllPublicKeys() + .get(jwtSignerValidationService.getDefaultSignerKeyId())).toRSAPublicKey()); signedJWT = SignedJWT.parse(jwt); + if (signedJWT.verify(rsaSSAVerifier)) { jwtClaimsSet = signedJWT.getJWTClaimsSet(); - _logger.debug("" + signedJWT.getPayload()); - _logger.debug("username " + jwtClaimsSet.getSubject()); - _logger.debug("jwtClaimsSet Issuer " + jwtClaimsSet.getIssuer()); - _logger.debug("Metadata Issuer " + jwtProviderMetadata.getIssuer()); - if ( jwtClaimsSet.getIssuer().equals(jwtProviderMetadata.getIssuer())) { - _logger.debug("Issuer equals "); - DateTime now = new DateTime(); - if (now.isBefore(jwtClaimsSet.getExpirationTime().getTime())) { - _logger.debug("ExpirationTime Validation " + now.isBefore(jwtClaimsSet.getExpirationTime().getTime())); - return signedJWT; - } - } else { - _logger.debug("Issuer not equals "); + boolean isIssuerMatches = jwtClaimsSet.getIssuer().equals(getIssuer()); + boolean isExpiration = (new DateTime()).isBefore( + jwtClaimsSet.getExpirationTime().getTime()); + + _logger.debug("Signed JWT {}" , signedJWT.getPayload()); + _logger.debug("Subject is {}" , jwtClaimsSet.getSubject()); + _logger.debug("ExpirationTime Validation {}" ,isExpiration); + _logger.debug("JWT ClaimsSet Issuer {}, Metadata Issuer {}, Issuer is matches {}" , + jwtClaimsSet.getIssuer(), getIssuer(), isIssuerMatches + ); + + if ( isIssuerMatches && isExpiration ) { + return signedJWT; } - } else { - _logger.debug("verify false "); + }else { + _logger.debug("JWT Signer Verify false."); } - } catch (java.text.ParseException e) { // Invalid signed JWT encoding _logger.error("Invalid signed JWT encoding ",e); } catch (JOSEException e) { - // TODO Auto-generated catch block - e.printStackTrace(); _logger.error("JOSEException ",e); } return null; } - - public void setJwtProviderMetadata(OIDCProviderMetadataDetails jwtProviderMetadata) { - this.jwtProviderMetadata = jwtProviderMetadata; - } - public void setJwtSignerValidationService(DefaultJwtSigningAndValidationService jwtSignerValidationService) { this.jwtSignerValidationService = jwtSignerValidationService; } - public OIDCProviderMetadataDetails getJwtProviderMetadata() { - return jwtProviderMetadata; - } public DefaultJwtSigningAndValidationService getJwtSignerValidationService() { return jwtSignerValidationService; } + + public String getIssuer() { + return issuer; + } + + public void setIssuer(String issuer) { + this.issuer = issuer; + } diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/autoconfigure/AuthenticationAutoConfiguration.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/autoconfigure/AuthenticationAutoConfiguration.java index 60987b685..2a4467be5 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/autoconfigure/AuthenticationAutoConfiguration.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/autoconfigure/AuthenticationAutoConfiguration.java @@ -63,7 +63,7 @@ public class AuthenticationAutoConfiguration implements InitializingBean { OnlineTicketServices onlineTicketServices ) { - _logger.debug("init authenticationProvider ."); + _logger.debug("init authentication Provider ."); return new RealmAuthenticationProvider( authenticationRealm, applicationConfig, diff --git a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/autoconfigure/JwtAuthnAutoConfiguration.java b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/autoconfigure/JwtAuthnAutoConfiguration.java index 1c57e9c7f..f748365a7 100644 --- a/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/autoconfigure/JwtAuthnAutoConfiguration.java +++ b/maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/autoconfigure/JwtAuthnAutoConfiguration.java @@ -18,15 +18,11 @@ package org.maxkey.autoconfigure; import com.nimbusds.jose.JOSEException; -import com.nimbusds.jose.JWEAlgorithm; -import java.net.URI; import java.security.NoSuchAlgorithmException; import java.security.spec.InvalidKeySpecException; import org.maxkey.authn.support.jwt.JwtLoginService; -import org.maxkey.configuration.oidc.OIDCProviderMetadataDetails; import org.maxkey.crypto.jose.keystore.JWKSetKeyStore; -import org.maxkey.crypto.jwt.encryption.service.impl.DefaultJwtEncryptionAndDecryptionService; import org.maxkey.crypto.jwt.signer.service.impl.DefaultJwtSigningAndValidationService; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -40,94 +36,53 @@ import org.springframework.core.io.ClassPathResource; @Configuration public class JwtAuthnAutoConfiguration implements InitializingBean { private static final Logger _logger = LoggerFactory.getLogger(JwtAuthnAutoConfiguration.class); - - /** - * OIDCProviderMetadataDetails. - * Self-issued Provider Metadata - * http://openid.net/specs/openid-connect-core-1_0.html#SelfIssued - */ - @Bean(name = "oidcProviderMetadata") - public OIDCProviderMetadataDetails OIDCProviderMetadataDetails( - @Value("${maxkey.oidc.metadata.issuer}") - String issuer, - @Value("${maxkey.oidc.metadata.authorizationEndpoint}") - URI authorizationEndpoint, - @Value("${maxkey.oidc.metadata.tokenEndpoint}") - URI tokenEndpoint, - @Value("${maxkey.oidc.metadata.userinfoEndpoint}") - URI userinfoEndpoint) { - _logger.debug("RedisConnectionFactory init ."); - OIDCProviderMetadataDetails oidcProviderMetadata = new OIDCProviderMetadataDetails(); - oidcProviderMetadata.setIssuer(issuer); - oidcProviderMetadata.setAuthorizationEndpoint(authorizationEndpoint); - oidcProviderMetadata.setTokenEndpoint(tokenEndpoint); - oidcProviderMetadata.setUserinfoEndpoint(userinfoEndpoint); - return oidcProviderMetadata; - } /** - * jwtSetKeyStore. + * jwt Login JwkSetKeyStore. * @return */ - @Bean(name = "jwkSetKeyStore") - public JWKSetKeyStore jwtSetKeyStore() { + @Bean(name = "jwtLoginJwkSetKeyStore") + public JWKSetKeyStore jwtLoginJwkSetKeyStore() { JWKSetKeyStore jwkSetKeyStore = new JWKSetKeyStore(); - ClassPathResource classPathResource = new ClassPathResource("/config/keystore.jwks"); + ClassPathResource classPathResource = new ClassPathResource("/config/loginjwkkeystore.jwks"); jwkSetKeyStore.setLocation(classPathResource); + _logger.debug("JWT Login JwkSet KeyStore init."); return jwkSetKeyStore; } /** - * jwtSetKeyStore. + * jwt Login ValidationService. * @return * @throws JOSEException * @throws InvalidKeySpecException * @throws NoSuchAlgorithmException */ - @Bean(name = "jwtSignerValidationService") - public DefaultJwtSigningAndValidationService jwtSignerValidationService( - JWKSetKeyStore jwtSetKeyStore) + @Bean(name = "jwtLoginValidationService") + public DefaultJwtSigningAndValidationService jwtLoginValidationService( + JWKSetKeyStore jwtLoginJwkSetKeyStore) throws NoSuchAlgorithmException, InvalidKeySpecException, JOSEException { DefaultJwtSigningAndValidationService jwtSignerValidationService = - new DefaultJwtSigningAndValidationService(jwtSetKeyStore); + new DefaultJwtSigningAndValidationService(jwtLoginJwkSetKeyStore); jwtSignerValidationService.setDefaultSignerKeyId("maxkey_rsa"); jwtSignerValidationService.setDefaultSigningAlgorithmName("RS256"); + _logger.debug("JWT Login Signing and Validation init."); return jwtSignerValidationService; } - + /** - * jwtSetKeyStore. - * @return - * @throws JOSEException - * @throws InvalidKeySpecException - * @throws NoSuchAlgorithmException - */ - @Bean(name = "jwtEncryptionService") - public DefaultJwtEncryptionAndDecryptionService jwtEncryptionService( - JWKSetKeyStore jwtSetKeyStore) - throws NoSuchAlgorithmException, InvalidKeySpecException, JOSEException { - DefaultJwtEncryptionAndDecryptionService jwtEncryptionService = - new DefaultJwtEncryptionAndDecryptionService(jwtSetKeyStore); - jwtEncryptionService.setDefaultAlgorithm(JWEAlgorithm.RSA_OAEP_256);//RSA1_5 - jwtEncryptionService.setDefaultDecryptionKeyId("maxkey_rsa"); - jwtEncryptionService.setDefaultEncryptionKeyId("maxkey_rsa"); - return jwtEncryptionService; - } - - /** - * JwtLoginService. + * Jwt LoginService. * @return */ @Bean(name = "jwtLoginService") public JwtLoginService jwtLoginService( - DefaultJwtSigningAndValidationService jwtSignerValidationService, - OIDCProviderMetadataDetails oidcProviderMetadata) { - + @Value("${maxkey.login.jwt.issuer}") + String issuer, + DefaultJwtSigningAndValidationService jwtLoginValidationService) { JwtLoginService jwtLoginService = new JwtLoginService( - oidcProviderMetadata, - jwtSignerValidationService + jwtLoginValidationService, + issuer ); - + _logger.debug("JWT Login Service init."); return jwtLoginService; } diff --git a/maxkey-core/src/main/java/org/maxkey/autoconfigure/ApplicationAutoConfiguration.java b/maxkey-core/src/main/java/org/maxkey/autoconfigure/ApplicationAutoConfiguration.java index 344b0c627..6c08f9c73 100644 --- a/maxkey-core/src/main/java/org/maxkey/autoconfigure/ApplicationAutoConfiguration.java +++ b/maxkey-core/src/main/java/org/maxkey/autoconfigure/ApplicationAutoConfiguration.java @@ -17,10 +17,10 @@ package org.maxkey.autoconfigure; -import com.alibaba.druid.spring.boot.autoconfigure.DruidDataSourceBuilder; import java.util.HashMap; import java.util.Map; import javax.sql.DataSource; + import org.maxkey.crypto.keystore.KeyStoreLoader; import org.maxkey.crypto.password.LdapShaPasswordEncoder; import org.maxkey.crypto.password.Md4PasswordEncoder; @@ -36,12 +36,9 @@ import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.InitializingBean; import org.springframework.beans.factory.annotation.Value; -import org.springframework.boot.context.properties.ConfigurationProperties; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import org.springframework.context.annotation.Primary; import org.springframework.core.io.Resource; -import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.jdbc.datasource.DataSourceTransactionManager; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.password.DelegatingPasswordEncoder; @@ -50,36 +47,21 @@ import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.crypto.password.Pbkdf2PasswordEncoder; import org.springframework.security.crypto.scrypt.SCryptPasswordEncoder; - @Configuration public class ApplicationAutoConfiguration implements InitializingBean { private static final Logger _logger = LoggerFactory.getLogger(ApplicationAutoConfiguration.class); - - @Bean - @Primary - @ConfigurationProperties("spring.datasource") - public DataSource dataSource() { - return DruidDataSourceBuilder.create().build(); - } - + @Bean(name = "passwordReciprocal") public PasswordReciprocal passwordReciprocal() { return new PasswordReciprocal(); } - - @Bean(name = "jdbcTemplate") - public JdbcTemplate jdbcTemplate(DataSource dataSource) { - return new JdbcTemplate(dataSource); - } - @Bean(name = "transactionManager") public DataSourceTransactionManager transactionManager(DataSource dataSource) { return new DataSourceTransactionManager(dataSource); } - /** * Authentication Password Encoder . * @return @@ -162,7 +144,6 @@ public class ApplicationAutoConfiguration implements InitializingBean { return spIssuingEntityName; } - /** * spKeyStoreLoader . * @return diff --git a/maxkey-core/src/main/java/org/maxkey/autoconfigure/MvcAutoConfiguration.java b/maxkey-core/src/main/java/org/maxkey/autoconfigure/MvcAutoConfiguration.java index 3f83a381b..1ba704b3c 100644 --- a/maxkey-core/src/main/java/org/maxkey/autoconfigure/MvcAutoConfiguration.java +++ b/maxkey-core/src/main/java/org/maxkey/autoconfigure/MvcAutoConfiguration.java @@ -17,7 +17,6 @@ package org.maxkey.autoconfigure; -import java.nio.charset.Charset; import java.util.ArrayList; import java.util.List; @@ -39,8 +38,6 @@ import org.springframework.boot.web.server.WebServerFactoryCustomizer; import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; -import org.springframework.context.annotation.DependsOn; -import org.springframework.context.annotation.Primary; import org.springframework.context.support.ReloadableResourceBundleMessageSource; import org.springframework.http.HttpStatus; import org.springframework.http.MediaType; @@ -53,6 +50,8 @@ import org.springframework.security.web.servletapi.SecurityContextHolderAwareReq import org.springframework.web.client.RestTemplate; import org.springframework.web.filter.DelegatingFilterProxy; import org.springframework.web.multipart.commons.CommonsMultipartResolver; +import org.springframework.web.servlet.LocaleResolver; +import org.springframework.web.servlet.config.annotation.WebMvcConfigurer; import org.springframework.web.servlet.i18n.CookieLocaleResolver; import org.springframework.web.servlet.i18n.LocaleChangeInterceptor; import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter; @@ -60,24 +59,8 @@ import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandl @Configuration -public class MvcAutoConfiguration implements InitializingBean { +public class MvcAutoConfiguration implements InitializingBean , WebMvcConfigurer { private static final Logger _logger = LoggerFactory.getLogger(MvcAutoConfiguration.class); - - /** - * cookieLocaleResolver . - * @return cookieLocaleResolver - */ - @Primary - @Bean (name = "localeResolver") - public CookieLocaleResolver cookieLocaleResolver( - @Value("${maxkey.server.domain:maxkey.top}")String domainName) { - _logger.debug("DomainName " + domainName); - CookieLocaleResolver cookieLocaleResolver = new CookieLocaleResolver(); - cookieLocaleResolver.setCookieName("maxkey_locale"); - cookieLocaleResolver.setCookieDomain(domainName); - cookieLocaleResolver.setCookieMaxAge(ConstantsTimeInterval.TWO_WEEK); - return cookieLocaleResolver; - } /** * 消息处理,可以直接使用properties的key值,返回的是对应的value值 @@ -188,35 +171,41 @@ public class MvcAutoConfiguration implements InitializingBean { } /** - * stringHttpMessageConverter . - * @return stringHttpMessageConverter + * cookieLocaleResolver . + * @return cookieLocaleResolver */ - @Bean (name = "stringHttpMessageConverter") - public HttpMessageConverter responseBodyConverter() { - StringHttpMessageConverter stringHttpMessageConverter = - new StringHttpMessageConverter(Charset.forName("UTF-8")); - return stringHttpMessageConverter; + + @Bean(name = "cookieLocaleResolver") + public LocaleResolver cookieLocaleResolver( + @Value("${maxkey.server.domain:maxkey.top}") + String domainName + ) { + _logger.debug("DomainName " + domainName); + CookieLocaleResolver cookieLocaleResolver = new CookieLocaleResolver(); + cookieLocaleResolver.setCookieName("mxk_locale"); + cookieLocaleResolver.setCookieDomain(domainName); + cookieLocaleResolver.setCookieMaxAge(ConstantsTimeInterval.TWO_WEEK); + return cookieLocaleResolver; } - + /** * AnnotationMethodHandlerAdapter * requestMappingHandlerAdapter . * @return requestMappingHandlerAdapter */ - @DependsOn("stringHttpMessageConverter") - @Bean (name = "requestMappingHandlerAdapter") + @Bean (name = "addConverterRequestMappingHandlerAdapter") public RequestMappingHandlerAdapter requestMappingHandlerAdapter( MappingJackson2HttpMessageConverter mappingJacksonHttpMessageConverter, MarshallingHttpMessageConverter marshallingHttpMessageConverter, - StringHttpMessageConverter stringHttpMessageConverter) { + StringHttpMessageConverter stringHttpMessageConverter, + RequestMappingHandlerAdapter requestMappingHandlerAdapter) { List> httpMessageConverterList = new ArrayList>(); httpMessageConverterList.add(mappingJacksonHttpMessageConverter); httpMessageConverterList.add(marshallingHttpMessageConverter); httpMessageConverterList.add(stringHttpMessageConverter); + _logger.debug("stringHttpMessageConverter {}",stringHttpMessageConverter.getDefaultCharset()); - RequestMappingHandlerAdapter requestMappingHandlerAdapter = - new RequestMappingHandlerAdapter(); requestMappingHandlerAdapter.setMessageConverters(httpMessageConverterList); return requestMappingHandlerAdapter; } @@ -295,9 +284,8 @@ public class MvcAutoConfiguration implements InitializingBean { LoginService loginService, LoginHistoryService loginHistoryService ) { - SessionListenerAdapter sessionListenerAdapter =new SessionListenerAdapter(); - sessionListenerAdapter.setLoginService(loginService); - sessionListenerAdapter.setLoginHistoryService(loginHistoryService); + SessionListenerAdapter sessionListenerAdapter = + new SessionListenerAdapter(loginService,loginHistoryService); return sessionListenerAdapter; } diff --git a/maxkey-core/src/main/java/org/maxkey/web/InitializeContext.java b/maxkey-core/src/main/java/org/maxkey/web/InitializeContext.java index 724a689ba..84ddb0799 100644 --- a/maxkey-core/src/main/java/org/maxkey/web/InitializeContext.java +++ b/maxkey-core/src/main/java/org/maxkey/web/InitializeContext.java @@ -36,6 +36,7 @@ import org.maxkey.util.PathUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.BeansException; +import org.springframework.beans.factory.support.BeanDefinitionRegistry; import org.springframework.context.ApplicationContext; import org.springframework.context.ConfigurableApplicationContext; import org.springframework.context.support.PropertySourcesPlaceholderConfigurer; @@ -95,6 +96,14 @@ public class InitializeContext extends HttpServlet { } public InitializeContext(ConfigurableApplicationContext applicationContext) { + if(applicationContext.containsBean("localeResolver") && + applicationContext.containsBean("cookieLocaleResolver")) { + BeanDefinitionRegistry beanFactory = (BeanDefinitionRegistry)applicationContext.getBeanFactory(); + beanFactory.removeBeanDefinition("localeResolver"); + beanFactory.registerBeanDefinition("localeResolver", + beanFactory.getBeanDefinition("cookieLocaleResolver")); + _logger.debug("cookieLocaleResolver replaced localeResolver."); + } this.applicationContext = applicationContext; } diff --git a/maxkey-core/src/main/java/org/maxkey/web/SessionListenerAdapter.java b/maxkey-core/src/main/java/org/maxkey/web/SessionListenerAdapter.java index 57ae98586..308c51f06 100644 --- a/maxkey-core/src/main/java/org/maxkey/web/SessionListenerAdapter.java +++ b/maxkey-core/src/main/java/org/maxkey/web/SessionListenerAdapter.java @@ -44,6 +44,13 @@ public class SessionListenerAdapter implements HttpSessionListener { _logger.debug("SessionListenerAdapter inited . "); } + public SessionListenerAdapter(LoginService loginService, LoginHistoryService loginHistoryService) { + super(); + this.loginService = loginService; + this.loginHistoryService = loginHistoryService; + _logger.debug("SessionListenerAdapter inited . "); + } + public void init() { if(loginService == null ) { loginService = (LoginService)WebContext.getBean("loginService"); diff --git a/maxkey-core/src/main/java/org/maxkey/web/WebConstants.java b/maxkey-core/src/main/java/org/maxkey/web/WebConstants.java index 885b989a1..39e3c0378 100644 --- a/maxkey-core/src/main/java/org/maxkey/web/WebConstants.java +++ b/maxkey-core/src/main/java/org/maxkey/web/WebConstants.java @@ -77,7 +77,7 @@ public class WebConstants { public static final String AUTHENTICATION = "current_authentication"; - public static final String THEME_COOKIE_NAME = "theme_value"; + public static final String THEME_COOKIE_NAME = "mxk_theme_value"; public static final String LOGIN_ERROR_SESSION_MESSAGE = "login_error_session_message_key"; diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/autoconfigure/Oauth20AutoConfiguration.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/autoconfigure/Oauth20AutoConfiguration.java index 007452497..3c422839f 100644 --- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/autoconfigure/Oauth20AutoConfiguration.java +++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/autoconfigure/Oauth20AutoConfiguration.java @@ -23,7 +23,6 @@ import java.security.spec.InvalidKeySpecException; import javax.servlet.Filter; import javax.sql.DataSource; -import org.maxkey.authn.support.jwt.JwtLoginService; import org.maxkey.authz.oauth2.common.OAuth2Constants; import org.maxkey.authz.oauth2.provider.ClientDetailsService; import org.maxkey.authz.oauth2.provider.OAuth2UserDetailsService; @@ -98,7 +97,7 @@ public class Oauth20AutoConfiguration implements InitializingBean { URI tokenEndpoint, @Value("${maxkey.oidc.metadata.userinfoEndpoint}") URI userinfoEndpoint) { - _logger.debug("OIDCProviderMetadataDetails init ."); + _logger.debug("OIDC Provider Metadata Details init ."); OIDCProviderMetadataDetails oidcProviderMetadata = new OIDCProviderMetadataDetails(); oidcProviderMetadata.setIssuer(issuer); oidcProviderMetadata.setAuthorizationEndpoint(authorizationEndpoint); @@ -112,10 +111,11 @@ public class Oauth20AutoConfiguration implements InitializingBean { * @return */ @Bean(name = "jwkSetKeyStore") - public JWKSetKeyStore jwtSetKeyStore() { + public JWKSetKeyStore jwkSetKeyStore() { JWKSetKeyStore jwkSetKeyStore = new JWKSetKeyStore(); ClassPathResource classPathResource = new ClassPathResource("/config/keystore.jwks"); jwkSetKeyStore.setLocation(classPathResource); + _logger.debug("JWKSet KeyStore init."); return jwkSetKeyStore; } @@ -128,12 +128,13 @@ public class Oauth20AutoConfiguration implements InitializingBean { */ @Bean(name = "jwtSignerValidationService") public DefaultJwtSigningAndValidationService jwtSignerValidationService( - JWKSetKeyStore jwtSetKeyStore) + JWKSetKeyStore jwkSetKeyStore) throws NoSuchAlgorithmException, InvalidKeySpecException, JOSEException { DefaultJwtSigningAndValidationService jwtSignerValidationService = - new DefaultJwtSigningAndValidationService(jwtSetKeyStore); + new DefaultJwtSigningAndValidationService(jwkSetKeyStore); jwtSignerValidationService.setDefaultSignerKeyId("maxkey_rsa"); jwtSignerValidationService.setDefaultSigningAlgorithmName("RS256"); + _logger.debug("JWT Signer and Validation Service init."); return jwtSignerValidationService; } @@ -146,33 +147,17 @@ public class Oauth20AutoConfiguration implements InitializingBean { */ @Bean(name = "jwtEncryptionService") public DefaultJwtEncryptionAndDecryptionService jwtEncryptionService( - JWKSetKeyStore jwtSetKeyStore) + JWKSetKeyStore jwkSetKeyStore) throws NoSuchAlgorithmException, InvalidKeySpecException, JOSEException { DefaultJwtEncryptionAndDecryptionService jwtEncryptionService = - new DefaultJwtEncryptionAndDecryptionService(jwtSetKeyStore); + new DefaultJwtEncryptionAndDecryptionService(jwkSetKeyStore); jwtEncryptionService.setDefaultAlgorithm(JWEAlgorithm.RSA_OAEP_256);//RSA1_5 jwtEncryptionService.setDefaultDecryptionKeyId("maxkey_rsa"); jwtEncryptionService.setDefaultEncryptionKeyId("maxkey_rsa"); + _logger.debug("JWT Encryption and Decryption Service init."); return jwtEncryptionService; } - /** - * JwtLoginService. - * @return - */ - @Bean(name = "jwtLoginService") - public JwtLoginService jwtLoginService( - DefaultJwtSigningAndValidationService jwtSignerValidationService, - OIDCProviderMetadataDetails oidcProviderMetadata) { - - JwtLoginService jwtLoginService = new JwtLoginService( - oidcProviderMetadata, - jwtSignerValidationService - ); - return jwtLoginService; - } - - /** * tokenEnhancer. * @return @@ -188,6 +173,7 @@ public class Oauth20AutoConfiguration implements InitializingBean { tokenEnhancer.setJwtEnDecryptionService(jwtEncryptionService); tokenEnhancer.setClientDetailsService(oauth20JdbcClientDetailsService); tokenEnhancer.setProviderMetadata(oidcProviderMetadata); + _logger.debug("OIDC IdToken Enhancer init."); return tokenEnhancer; } //以上部分为了支持OpenID Connect 1.0 @@ -202,7 +188,8 @@ public class Oauth20AutoConfiguration implements InitializingBean { public AuthorizationCodeServices oauth20AuthorizationCodeServices( @Value("${maxkey.server.persistence}") int persistence, JdbcTemplate jdbcTemplate, - RedisConnectionFactory redisConnFactory) { + RedisConnectionFactory redisConnFactory) { + _logger.debug("OAuth 2 Authorization Code Services init."); return new AuthorizationCodeServicesFactory().getService(persistence, jdbcTemplate, redisConnFactory); } @@ -216,7 +203,7 @@ public class Oauth20AutoConfiguration implements InitializingBean { @Value("${maxkey.server.persistence}") int persistence, JdbcTemplate jdbcTemplate, RedisConnectionFactory redisConnFactory) { - + _logger.debug("OAuth 2 TokenStore init."); return new TokenStoreFactory().getTokenStore(persistence, jdbcTemplate, redisConnFactory); } @@ -227,6 +214,7 @@ public class Oauth20AutoConfiguration implements InitializingBean { @Bean(name = "converter") public JwtAccessTokenConverter jwtAccessTokenConverter() { JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter(); + _logger.debug("OAuth 2 Jwt AccessToken Converter init."); return jwtAccessTokenConverter; } @@ -238,6 +226,7 @@ public class Oauth20AutoConfiguration implements InitializingBean { public JdbcClientDetailsService clientDetailsService(DataSource dataSource,PasswordEncoder passwordReciprocal) { JdbcClientDetailsService clientDetailsService = new JdbcClientDetailsService(dataSource); clientDetailsService.setPasswordEncoder(passwordReciprocal); + _logger.debug("OAuth 2 Jdbc ClientDetails Service init."); return clientDetailsService; } @@ -255,6 +244,7 @@ public class Oauth20AutoConfiguration implements InitializingBean { tokenServices.setTokenEnhancer(tokenEnhancer); tokenServices.setTokenStore(oauth20TokenStore); tokenServices.setSupportRefreshToken(true); + _logger.debug("OAuth 2 Token Services init."); return tokenServices; } @@ -268,6 +258,7 @@ public class Oauth20AutoConfiguration implements InitializingBean { TokenStore oauth20TokenStore) { TokenApprovalStore tokenApprovalStore = new TokenApprovalStore(); tokenApprovalStore.setTokenStore(oauth20TokenStore); + _logger.debug("OAuth 2 Approval Store init."); return tokenApprovalStore; } @@ -281,6 +272,7 @@ public class Oauth20AutoConfiguration implements InitializingBean { JdbcClientDetailsService oauth20JdbcClientDetailsService) { DefaultOAuth2RequestFactory oauth2RequestFactory = new DefaultOAuth2RequestFactory(oauth20JdbcClientDetailsService); + _logger.debug("OAuth 2 Request Factory init."); return oauth2RequestFactory; } @@ -298,6 +290,7 @@ public class Oauth20AutoConfiguration implements InitializingBean { userApprovalHandler.setApprovalStore(oauth20ApprovalStore); userApprovalHandler.setRequestFactory(oAuth2RequestFactory); userApprovalHandler.setClientDetailsService(oauth20JdbcClientDetailsService); + _logger.debug("OAuth 2 User Approval Handler init."); return userApprovalHandler; } @@ -318,6 +311,7 @@ public class Oauth20AutoConfiguration implements InitializingBean { daoAuthenticationProvider.setPasswordEncoder(passwordEncoder); daoAuthenticationProvider.setUserDetailsService(userDetailsService); ProviderManager authenticationManager = new ProviderManager(daoAuthenticationProvider); + _logger.debug("OAuth 2 User Authentication Manager init."); return authenticationManager; } @@ -338,6 +332,7 @@ public class Oauth20AutoConfiguration implements InitializingBean { daoAuthenticationProvider.setPasswordEncoder(passwordReciprocal); daoAuthenticationProvider.setUserDetailsService(cientDetailsUserDetailsService); ProviderManager authenticationManager = new ProviderManager(daoAuthenticationProvider); + _logger.debug("OAuth 2 Client Authentication Manager init."); return authenticationManager; } diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java index 1cd8e6a4c..930f2a2cd 100644 --- a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java +++ b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java @@ -157,15 +157,15 @@ public class MaxKeyConfig implements InitializingBean { AbstractRemeberMeService remeberMeService, UserInfoService userInfoService, JdbcTemplate jdbcTemplate, - @Value("${maxkey.support.ldap.enable:false}")boolean ldapSupport, - @Value("${maxkey.support.ldap.jit:false}")boolean ldapJit, - @Value("${maxkey.support.ldap.providerurl}")String providerUrl, - @Value("${maxkey.support.ldap.principal}")String principal, - @Value("${maxkey.support.ldap.credentials}")String credentials, - @Value("${maxkey.support.ldap.filter}")String filter, - @Value("${maxkey.support.ldap.basedn}")String baseDN, - @Value("${maxkey.support.ldap.activedirectory.domain}")String domain, - @Value("${maxkey.support.ldap.product:openldap}")String product) { + @Value("${maxkey.login.ldap.enable:false}")boolean ldapSupport, + @Value("${maxkey.login.ldap.jit:false}")boolean ldapJit, + @Value("${maxkey.login.ldap.providerurl}")String providerUrl, + @Value("${maxkey.login.ldap.principal}")String principal, + @Value("${maxkey.login.ldap.credentials}")String credentials, + @Value("${maxkey.login.ldap.filter}")String filter, + @Value("${maxkey.login.ldap.basedn}")String baseDN, + @Value("${maxkey.login.ldap.activedirectory.domain}")String domain, + @Value("${maxkey.login.ldap.product:openldap}")String product) { AbstractAuthenticationRealm ldapAuthenticationRealm = ldapAuthenticationRealm( ldapSupport,ldapJit, @@ -281,13 +281,13 @@ public class MaxKeyConfig implements InitializingBean { @Bean(name = "kerberosService") public RemoteKerberosService kerberosService( - @Value("${maxkey.support.kerberos.default.userdomain}") + @Value("${maxkey.login.kerberos.default.userdomain}") String userDomain, - @Value("${maxkey.support.kerberos.default.fulluserdomain}") + @Value("${maxkey.login.kerberos.default.fulluserdomain}") String fullUserDomain, - @Value("${maxkey.support.kerberos.default.crypto}") + @Value("${maxkey.login.kerberos.default.crypto}") String crypto, - @Value("${maxkey.support.kerberos.default.redirecturi}") + @Value("${maxkey.login.kerberos.default.redirecturi}") String redirectUri ) { RemoteKerberosService kerberosService = new RemoteKerberosService(); diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyMvcConfig.java b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyMvcConfig.java index 6ee03b3f8..d345599c2 100644 --- a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyMvcConfig.java +++ b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyMvcConfig.java @@ -77,13 +77,13 @@ public class MaxKeyMvcConfig implements WebMvcConfigurer { @Autowired HistoryLoginAppAdapter historyLoginAppAdapter; - @Value("${maxkey.support.httpheader.enable:false}") + @Value("${maxkey.login.httpheader.enable:false}") private boolean httpHeaderEnable; - @Value("${maxkey.support.httpheader.headername:iv-user}") + @Value("${maxkey.login.httpheader.headername:iv-user}") private String httpHeaderName; - @Value("${maxkey.support.basic.enable:false}") + @Value("${maxkey.login.basic.enable:false}") private boolean basicEnable; @Override diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/resources/application-http.properties b/maxkey-webs/maxkey-web-maxkey/src/main/resources/application-http.properties index a3050bf48..dfda69406 100644 --- a/maxkey-webs/maxkey-web-maxkey/src/main/resources/application-http.properties +++ b/maxkey-webs/maxkey-web-maxkey/src/main/resources/application-http.properties @@ -68,9 +68,13 @@ maxkey.login.wsfederation =false maxkey.login.remeberme =${LOGIN_REMEBERME:true} #validity maxkey.login.remeberme.validity =0 +#JWT support +maxkey.login.jwt =${LOGIN_JWT:true} +maxkey.login.jwt.issuer =${LOGIN_JWT_ISSUER:https://${maxkey.server.domain}/maxkey} #to default application web site maxkey.login.default.uri =appList maxkey.ipaddress.whitelist =false +#notices show maxkey.notices.visible =false ############################################################################ #ssl configuration # @@ -208,45 +212,45 @@ maxkey.otp.policy.period =30 ############################################################################ #LDAP Login support configuration # ############################################################################ -maxkey.support.ldap.enable =${LDAP_ENABLE:false} -maxkey.support.ldap.jit =false +maxkey.login.ldap.enable =${LDAP_ENABLE:false} +maxkey.login.ldap.jit =false #openldap,activedirectory,normal -maxkey.support.ldap.product =${LDAP_PRODUCT:openldap} -maxkey.support.ldap.ssl =${LDAP_SSL:false} -maxkey.support.ldap.providerurl =${LDAP_PROVIDERURL:ldap://localhost:389} -maxkey.support.ldap.principal =${LDAP_PRINCIPAL:cn=Manager,dc=maxcrc,dc=com} -maxkey.support.ldap.credentials =${LDAP_CREDENTIALS:secret} -maxkey.support.ldap.basedn =${LDAP_BASEDN:dc=maxcrc,dc=com} -maxkey.support.ldap.filter =(uid=%s) -maxkey.support.ldap.truststore =${LDAP_TRUSTSTORE:maxkey} -maxkey.support.ldap.truststorepassword =${LDAP_TRUSTSTORE_PASSWORD:maxkey} +maxkey.login.ldap.product =${LDAP_PRODUCT:openldap} +maxkey.login.ldap.ssl =${LDAP_SSL:false} +maxkey.login.ldap.providerurl =${LDAP_PROVIDERURL:ldap://localhost:389} +maxkey.login.ldap.principal =${LDAP_PRINCIPAL:cn=Manager,dc=maxcrc,dc=com} +maxkey.login.ldap.credentials =${LDAP_CREDENTIALS:secret} +maxkey.login.ldap.basedn =${LDAP_BASEDN:dc=maxcrc,dc=com} +maxkey.login.ldap.filter =(uid=%s) +maxkey.login.ldap.truststore =${LDAP_TRUSTSTORE:maxkey} +maxkey.login.ldap.truststorepassword =${LDAP_TRUSTSTORE_PASSWORD:maxkey} #activedirectory effective -maxkey.support.ldap.activedirectory.domain =${LDAP_AD_DOMAIN:MAXKEY.ORG} +maxkey.login.ldap.activedirectory.domain =${LDAP_AD_DOMAIN:MAXKEY.ORG} ############################################################################ #Kerberos Login configuration # #short name of user domain must be in upper case,eg:MAXKEY # ############################################################################ -maxkey.support.kerberos.default.userdomain =MAXKEY +maxkey.login.kerberos.default.userdomain =MAXKEY #short name of user domain must be in upper case,eg:MAXKEY.ORG -maxkey.support.kerberos.default.fulluserdomain =MAXKEY.ORG +maxkey.login.kerberos.default.fulluserdomain =MAXKEY.ORG #last 8Bit crypto for Kerberos web Authentication -maxkey.support.kerberos.default.crypto =846KZSzYq56M6d5o +maxkey.login.kerberos.default.crypto =846KZSzYq56M6d5o #Kerberos Authentication server RUL -maxkey.support.kerberos.default.redirecturi =http://sso.maxkey.top/kerberos/authn/ +maxkey.login.kerberos.default.redirecturi =http://sso.maxkey.top/kerberos/authn/ ############################################################################ #HTTPHEADER Login configuration # ############################################################################ -maxkey.support.httpheader.enable =false -maxkey.support.httpheader.headername =header-user +maxkey.login.httpheader.enable =false +maxkey.login.httpheader.headername =header-user # iv-user is for IBM Security Access Manager #config.httpheader.headername=iv-user ############################################################################ #BASIC Login support configuration # ############################################################################ -maxkey.support.basic.enable =false +maxkey.login.basic.enable =false ############################################################################# #WsFederation Login support configuration @@ -258,14 +262,14 @@ maxkey.support.basic.enable =false #attributeMutator: (optional) a class (defined by you) that can modify the attributes/assertions returned by the ADFS server #signingCertificate: ADFS's signing certificate used to validate the token/assertions issued by ADFS. ############################################################################ -maxkey.support.wsfederation.identifier =http://adfs.maxkey.top/adfs/services/trust -maxkey.support.wsfederation.url =https://adfs.maxkey.top/adfs/ls/ -maxkey.support.wsfederation.principal =upn -maxkey.support.wsfederation.relyingParty =urn:federation:connsec -maxkey.support.wsfederation.signingCertificate =adfs-signing.crt -maxkey.support.wsfederation.tolerance =10000 -maxkey.support.wsfederation.upn.suffix =maxkey.org -maxkey.support.wsfederation.logoutUrl =https://adfs.maxkey.top/adfs/ls/?wa=wsignout1.0 +maxkey.login.wsfederation.identifier =http://adfs.maxkey.top/adfs/services/trust +maxkey.login.wsfederation.url =https://adfs.maxkey.top/adfs/ls/ +maxkey.login.wsfederation.principal =upn +maxkey.login.wsfederation.relyingParty =urn:federation:connsec +maxkey.login.wsfederation.signingCertificate =adfs-signing.crt +maxkey.login.wsfederation.tolerance =10000 +maxkey.login.wsfederation.upn.suffix =maxkey.org +maxkey.login.wsfederation.logoutUrl =https://adfs.maxkey.top/adfs/ls/?wa=wsignout1.0 ############################################################################# #OIDC V1.0 METADATA configuration # diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/resources/application-https.properties b/maxkey-webs/maxkey-web-maxkey/src/main/resources/application-https.properties index bf48e0dd9..0557d2785 100644 --- a/maxkey-webs/maxkey-web-maxkey/src/main/resources/application-https.properties +++ b/maxkey-webs/maxkey-web-maxkey/src/main/resources/application-https.properties @@ -69,9 +69,13 @@ maxkey.login.wsfederation =false maxkey.login.remeberme =${LOGIN_REMEBERME:true} #validity maxkey.login.remeberme.validity =0 +#JWT support +maxkey.login.jwt =${LOGIN_JWT:true} +maxkey.login.jwt.issuer =${LOGIN_JWT_ISSUER:https://${maxkey.server.domain}/maxkey} #to default application web site maxkey.login.default.uri =appList maxkey.ipaddress.whitelist =false +#notices show maxkey.notices.visible =false ############################################################################ @@ -210,45 +214,45 @@ maxkey.otp.policy.period =30 ############################################################################ #LDAP Login support configuration # ############################################################################ -maxkey.support.ldap.enable =${LDAP_ENABLE:false} -maxkey.support.ldap.jit =false +maxkey.login.ldap.enable =${LDAP_ENABLE:false} +maxkey.login.ldap.jit =false #openldap,activedirectory,normal -maxkey.support.ldap.product =${LDAP_PRODUCT:openldap} -maxkey.support.ldap.ssl =${LDAP_SSL:false} -maxkey.support.ldap.providerurl =${LDAP_PROVIDERURL:ldap://localhost:389} -maxkey.support.ldap.principal =${LDAP_PRINCIPAL:cn=Manager,dc=maxcrc,dc=com} -maxkey.support.ldap.credentials =${LDAP_CREDENTIALS:secret} -maxkey.support.ldap.basedn =${LDAP_BASEDN:dc=maxcrc,dc=com} -maxkey.support.ldap.filter =(uid=%s) -maxkey.support.ldap.truststore =${LDAP_TRUSTSTORE:maxkey} -maxkey.support.ldap.truststorepassword =${LDAP_TRUSTSTORE_PASSWORD:maxkey} +maxkey.login.ldap.product =${LDAP_PRODUCT:openldap} +maxkey.login.ldap.ssl =${LDAP_SSL:false} +maxkey.login.ldap.providerurl =${LDAP_PROVIDERURL:ldap://localhost:389} +maxkey.login.ldap.principal =${LDAP_PRINCIPAL:cn=Manager,dc=maxcrc,dc=com} +maxkey.login.ldap.credentials =${LDAP_CREDENTIALS:secret} +maxkey.login.ldap.basedn =${LDAP_BASEDN:dc=maxcrc,dc=com} +maxkey.login.ldap.filter =(uid=%s) +maxkey.login.ldap.truststore =${LDAP_TRUSTSTORE:maxkey} +maxkey.login.ldap.truststorepassword =${LDAP_TRUSTSTORE_PASSWORD:maxkey} #activedirectory effective -maxkey.support.ldap.activedirectory.domain =${LDAP_AD_DOMAIN:MAXKEY.ORG} +maxkey.login.ldap.activedirectory.domain =${LDAP_AD_DOMAIN:MAXKEY.ORG} ############################################################################ #Kerberos Login configuration # #short name of user domain must be in upper case,eg:MAXKEY # ############################################################################ -maxkey.support.kerberos.default.userdomain =MAXKEY +maxkey.login.kerberos.default.userdomain =MAXKEY #short name of user domain must be in upper case,eg:MAXKEY.ORG -maxkey.support.kerberos.default.fulluserdomain =MAXKEY.ORG +maxkey.login.kerberos.default.fulluserdomain =MAXKEY.ORG #last 8Bit crypto for Kerberos web Authentication -maxkey.support.kerberos.default.crypto =846KZSzYq56M6d5o +maxkey.login.kerberos.default.crypto =846KZSzYq56M6d5o #Kerberos Authentication server RUL -maxkey.support.kerberos.default.redirecturi =http://sso.maxkey.top/kerberos/authn/ +maxkey.login.kerberos.default.redirecturi =http://sso.maxkey.top/kerberos/authn/ ############################################################################ #HTTPHEADER Login configuration # ############################################################################ -maxkey.support.httpheader.enable =false -maxkey.support.httpheader.headername =header-user +maxkey.login.httpheader.enable =false +maxkey.login.httpheader.headername =header-user # iv-user is for IBM Security Access Manager #config.httpheader.headername=iv-user ############################################################################ #BASIC Login support configuration # ############################################################################ -maxkey.support.basic.enable =false +maxkey.login.basic.enable =false ############################################################################# #WsFederation Login support configuration @@ -260,14 +264,14 @@ maxkey.support.basic.enable =false #attributeMutator: (optional) a class (defined by you) that can modify the attributes/assertions returned by the ADFS server #signingCertificate: ADFS's signing certificate used to validate the token/assertions issued by ADFS. ############################################################################ -maxkey.support.wsfederation.identifier =http://adfs.maxkey.top/adfs/services/trust -maxkey.support.wsfederation.url =https://adfs.maxkey.top/adfs/ls/ -maxkey.support.wsfederation.principal =upn -maxkey.support.wsfederation.relyingParty =urn:federation:connsec -maxkey.support.wsfederation.signingCertificate =adfs-signing.crt -maxkey.support.wsfederation.tolerance =10000 -maxkey.support.wsfederation.upn.suffix =maxkey.org -maxkey.support.wsfederation.logoutUrl =https://adfs.maxkey.top/adfs/ls/?wa=wsignout1.0 +maxkey.login.wsfederation.identifier =http://adfs.maxkey.top/adfs/services/trust +maxkey.login.wsfederation.url =https://adfs.maxkey.top/adfs/ls/ +maxkey.login.wsfederation.principal =upn +maxkey.login.wsfederation.relyingParty =urn:federation:connsec +maxkey.login.wsfederation.signingCertificate =adfs-signing.crt +maxkey.login.wsfederation.tolerance =10000 +maxkey.login.wsfederation.upn.suffix =maxkey.org +maxkey.login.wsfederation.logoutUrl =https://adfs.maxkey.top/adfs/ls/?wa=wsignout1.0 ############################################################################# #OIDC V1.0 METADATA configuration # diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/resources/application.properties b/maxkey-webs/maxkey-web-maxkey/src/main/resources/application.properties index 1920eece0..d542846d4 100644 --- a/maxkey-webs/maxkey-web-maxkey/src/main/resources/application.properties +++ b/maxkey-webs/maxkey-web-maxkey/src/main/resources/application.properties @@ -23,7 +23,7 @@ spring.application.name =maxkey #Main.banner-mode configuration # ############################################################################ spring.main.banner-mode =log -spring.main.allow-bean-definition-overriding=true +#spring.main.allow-bean-definition-overriding=true ############################################################################ #spring.profiles.active https/http; default https # ############################################################################ diff --git a/maxkey-webs/maxkey-web-mgt/src/main/resources/config/keystore.jwks b/maxkey-webs/maxkey-web-maxkey/src/main/resources/config/loginjwkkeystore.jwks similarity index 100% rename from maxkey-webs/maxkey-web-mgt/src/main/resources/config/keystore.jwks rename to maxkey-webs/maxkey-web-maxkey/src/main/resources/config/loginjwkkeystore.jwks diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/resources/templates/views/login.ftl b/maxkey-webs/maxkey-web-maxkey/src/main/resources/templates/views/login.ftl index 72117a3c2..d095c7b41 100644 --- a/maxkey-webs/maxkey-web-maxkey/src/main/resources/templates/views/login.ftl +++ b/maxkey-webs/maxkey-web-maxkey/src/main/resources/templates/views/login.ftl @@ -96,9 +96,9 @@ var currentSwitchTab="normalLogin"; <#--submit form--> function doLoginSubmit(){ - $.cookie("username", $("#"+currentSwitchTab+"Form input[name=username]").val(), { expires: 7 }); + $.cookie("login_username", $("#"+currentSwitchTab+"Form input[name=username]").val(), { expires: 7 }); $("#"+currentSwitchTab+"SubmitButton").click(); - $.cookie("switch_tab", currentSwitchTab, { expires: 7 }); + $.cookie("login_switch_tab", currentSwitchTab, { expires: 7 }); }; <#--switch Login Form--> @@ -127,12 +127,12 @@ $(".doLoginSubmit").on("click",function(){ doLoginSubmit(); }); - + var cookieLoginUsername = $.cookie("login_username"); <#--read username cookie for login e--> - if($.cookie("username")!=undefined&&$.cookie("username")!=""){ - var switch_tab=$.cookie("switch_tab")==undefined?"normalLogin":$.cookie("switch_tab"); + if(cookieLoginUsername != undefined && cookieLoginUsername != ""){ + var switch_tab=$.cookie("switch_tab")==undefined?"normalLogin":$.cookie("login_switch_tab"); $("#"+switch_tab).click(); - $("#"+switch_tab+"Form input[name=username]").val($.cookie("username")==undefined?"":$.cookie("username")); + $("#"+switch_tab+"Form input[name=username]").val(cookieLoginUsername ==undefined ? "" : cookieLoginUsername); $("#div_"+switch_tab+" input[name=password]").focus(); }else{ $("#div_normalLogin input[name=username]").focus(); @@ -142,8 +142,8 @@ if(captchaCount<60){ return; } - var loginName=$("#mobile_j_username").val(); - if(loginName==""){ + var loginName = $("#mobile_j_username").val(); + if(loginName == ""){ return; } $.get("<@base />/login/sendsms/"+loginName,function(data,status){ diff --git a/maxkey-webs/maxkey-web-mgt/src/main/resources/application-http.properties b/maxkey-webs/maxkey-web-mgt/src/main/resources/application-http.properties index 625194edf..f00caf5ee 100644 --- a/maxkey-webs/maxkey-web-mgt/src/main/resources/application-http.properties +++ b/maxkey-webs/maxkey-web-mgt/src/main/resources/application-http.properties @@ -64,6 +64,9 @@ maxkey.login.remeberme.validity =0 maxkey.login.default.uri =appList #ipaddress whitelist maxkey.ipaddress.whitelist =false +#JWT support +maxkey.login.jwt =${LOGIN_JWT:true} +maxkey.login.jwt.issuer =${LOGIN_JWT_ISSUER:https://${maxkey.server.domain}/maxkey} ############################################################################ #database configuration diff --git a/maxkey-webs/maxkey-web-mgt/src/main/resources/application.properties b/maxkey-webs/maxkey-web-mgt/src/main/resources/application.properties index 1d9da5062..58b8849e0 100644 --- a/maxkey-webs/maxkey-web-mgt/src/main/resources/application.properties +++ b/maxkey-webs/maxkey-web-mgt/src/main/resources/application.properties @@ -23,7 +23,7 @@ spring.application.name =maxkey-mgt #Main.banner-mode configuration # ############################################################################ spring.main.banner-mode =log -spring.main.allow-bean-definition-overriding =true +#spring.main.allow-bean-definition-overriding =true ############################################################################ #spring.profiles.active http; default http # ############################################################################ diff --git a/maxkey-webs/maxkey-web-mgt/src/main/resources/config/loginjwkkeystore.jwks b/maxkey-webs/maxkey-web-mgt/src/main/resources/config/loginjwkkeystore.jwks new file mode 100644 index 000000000..c06f46eaf --- /dev/null +++ b/maxkey-webs/maxkey-web-mgt/src/main/resources/config/loginjwkkeystore.jwks @@ -0,0 +1,13 @@ +{ + "keys": [ + { + "kty": "RSA", + "d": "K2VCm_6enq5uoFLZXUlWkgbCXj5m9X5uUX3_Ol3qcY9X1cP04TN98R8lpw-ASeFDRFRhe0FT-lYCYu_fqZcrNXVhyN3rgi27af5x4HdFMnHLTLMPvE6aEyTGmZjTF1AbiX5VOJAl6POI9FiyTbV1Uqt943ydJv8SH4NfcYhKBmpp8Fi1f58mon-bYwsIy8mzZjssc8KZy-GzpscKrc5ewb7106JY3uRQNprAHrpcGAPZ8uXUvVhrxp_FNn5Nf5KVxl2tm50L83_5nw0OZrbJ8Ceg7sZAw_Z41lbYbS9VDaST6TuKRb7W4XCKimZUn57LoQT2-Gkv6msJHCmqTgK02Q", + "e": "AQAB", + "use": "sig", + "kid": "maxkey_rsa", + "alg": "RS256", + "n": "vyfZwQuBLNvJDhmziUCFuAfIv-bC6ivodcR6PfanTt8XLd6G63Yx10YChAdsDACjoLz1tEU56WPp_ee_vcTSsEZT3ouWJYghuGI2j4XclXlEj0S7DzdpcBBpI4n5dr8K3iKY-3JUMZR1AMBHI50UaMST9ZTZJAjUPIYxkhRdca5lWBo4wGUh1yj_80-Bq6al0ia9S5NTzNLaJ18jSxFqZ79BAkBm-KjkP248YUk6WBGtYEAV5Fws4dpse4hrqJ3RRHiMZV1o1iTmPHz_l55ZSDP3vpYf6iKqKzoK2RmdjfH5mGpbc4-PclTs4GKfwZ7cWfrny6B7sMnQfzujCH996Q" + } + ] +} diff --git a/maxkey-webs/maxkey-web-mgt/src/main/resources/templates/views/orgs/orgsAdd.ftl b/maxkey-webs/maxkey-web-mgt/src/main/resources/templates/views/orgs/orgsAdd.ftl index 107f17804..db84f72cd 100644 --- a/maxkey-webs/maxkey-web-mgt/src/main/resources/templates/views/orgs/orgsAdd.ftl +++ b/maxkey-webs/maxkey-web-mgt/src/main/resources/templates/views/orgs/orgsAdd.ftl @@ -31,7 +31,7 @@ $(function () { - +
@@ -89,7 +89,7 @@ $(function () {
- + diff --git a/maxkey-webs/maxkey-web-mgt/src/main/resources/templates/views/orgs/orgsUpdate.ftl b/maxkey-webs/maxkey-web-mgt/src/main/resources/templates/views/orgs/orgsUpdate.ftl index c813b7f47..08d97d3c2 100644 --- a/maxkey-webs/maxkey-web-mgt/src/main/resources/templates/views/orgs/orgsUpdate.ftl +++ b/maxkey-webs/maxkey-web-mgt/src/main/resources/templates/views/orgs/orgsUpdate.ftl @@ -30,7 +30,7 @@ $(function () {