mirror of
https://gitee.com/dromara/MaxKey.git
synced 2025-12-06 17:08:29 +08:00
代码优化
优化去掉spring.main.allow-bean-definition-overriding=true JWT配置文件和代码优化 机构管理新增和修改界面tab切换问题 其他优化和日志完善
This commit is contained in:
Crystal.Sea
parent
b7adb8a830
commit
9be6bad1b5
22
build.gradle
22
build.gradle
@ -67,14 +67,27 @@ allprojects {
|
||||
//apply plugin: "pmd"
|
||||
//apply plugin: "findbugs"
|
||||
//apply plugin: "jdepend"
|
||||
|
||||
/*
|
||||
plugins {
|
||||
java {
|
||||
toolchain {
|
||||
languageVersion = JavaLanguageVersion.of(16)
|
||||
}
|
||||
}
|
||||
}
|
||||
*/
|
||||
configurations.all {
|
||||
transitive = false// 为本依赖关闭依赖传递特性
|
||||
}
|
||||
//java Version
|
||||
sourceCompatibility = 1.8
|
||||
targetCompatibility = 1.8
|
||||
compileJava.options.encoding = 'UTF-8'
|
||||
sourceCompatibility = 8
|
||||
targetCompatibility = 8
|
||||
//compileJava.options.encoding = 'UTF-8'
|
||||
|
||||
compileJava {
|
||||
//options.release = 15
|
||||
options.encoding = 'UTF-8'
|
||||
}
|
||||
|
||||
eclipse {
|
||||
/* 第一次时请注释这段eclipse设置,可能报错,设置工程字符集
|
||||
@ -401,6 +414,7 @@ subprojects {
|
||||
implementation group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-yaml', version: "${jacksonVersion}"
|
||||
implementation group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-xml', version: "${jacksonVersion}"
|
||||
implementation group: 'com.fasterxml.jackson.module', name: 'jackson-module-parameter-names', version: "${jacksonVersion}"
|
||||
implementation group: 'com.fasterxml.jackson.module', name: 'jackson-module-jaxb-annotations', version: "${jacksonVersion}"
|
||||
implementation group: 'com.fasterxml', name: 'classmate', version: "${classmateVersion}"
|
||||
implementation group: 'com.alibaba', name: 'fastjson', version: "${fastjsonVersion}"
|
||||
//docs
|
||||
|
||||
@ -366,6 +366,7 @@ subprojects {
|
||||
implementation group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-yaml', version: "${jacksonVersion}"
|
||||
implementation group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-xml', version: "${jacksonVersion}"
|
||||
implementation group: 'com.fasterxml.jackson.module', name: 'jackson-module-parameter-names', version: "${jacksonVersion}"
|
||||
implementation group: 'com.fasterxml.jackson.module', name: 'jackson-module-jaxb-annotations', version: "${jacksonVersion}"
|
||||
implementation group: 'com.fasterxml', name: 'classmate', version: "${classmateVersion}"
|
||||
implementation group: 'com.alibaba', name: 'fastjson', version: "${fastjsonVersion}"
|
||||
//docs
|
||||
|
||||
@ -366,6 +366,7 @@ subprojects {
|
||||
implementation group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-yaml', version: "${jacksonVersion}"
|
||||
implementation group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-xml', version: "${jacksonVersion}"
|
||||
implementation group: 'com.fasterxml.jackson.module', name: 'jackson-module-parameter-names', version: "${jacksonVersion}"
|
||||
implementation group: 'com.fasterxml.jackson.module', name: 'jackson-module-jaxb-annotations', version: "${jacksonVersion}"
|
||||
implementation group: 'com.fasterxml', name: 'classmate', version: "${classmateVersion}"
|
||||
implementation group: 'com.alibaba', name: 'fastjson', version: "${fastjsonVersion}"
|
||||
//docs
|
||||
|
||||
@ -401,6 +401,7 @@ subprojects {
|
||||
implementation group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-yaml', version: "${jacksonVersion}"
|
||||
implementation group: 'com.fasterxml.jackson.dataformat', name: 'jackson-dataformat-xml', version: "${jacksonVersion}"
|
||||
implementation group: 'com.fasterxml.jackson.module', name: 'jackson-module-parameter-names', version: "${jacksonVersion}"
|
||||
implementation group: 'com.fasterxml.jackson.module', name: 'jackson-module-jaxb-annotations', version: "${jacksonVersion}"
|
||||
implementation group: 'com.fasterxml', name: 'classmate', version: "${classmateVersion}"
|
||||
implementation group: 'com.alibaba', name: 'fastjson', version: "${fastjsonVersion}"
|
||||
//docs
|
||||
|
||||
@ -29,7 +29,6 @@ import com.nimbusds.jwt.SignedJWT;
|
||||
import java.util.Date;
|
||||
import java.util.UUID;
|
||||
import org.joda.time.DateTime;
|
||||
import org.maxkey.configuration.oidc.OIDCProviderMetadataDetails;
|
||||
import org.maxkey.crypto.jwt.signer.service.impl.DefaultJwtSigningAndValidationService;
|
||||
import org.maxkey.web.WebContext;
|
||||
import org.slf4j.Logger;
|
||||
@ -39,33 +38,31 @@ import org.slf4j.LoggerFactory;
|
||||
public class JwtLoginService {
|
||||
private static final Logger _logger = LoggerFactory.getLogger(JwtLoginService.class);
|
||||
|
||||
|
||||
OIDCProviderMetadataDetails jwtProviderMetadata;
|
||||
String issuer;
|
||||
|
||||
DefaultJwtSigningAndValidationService jwtSignerValidationService;
|
||||
|
||||
public JwtLoginService(
|
||||
OIDCProviderMetadataDetails jwtProviderMetadata,
|
||||
DefaultJwtSigningAndValidationService jwtSignerValidationService
|
||||
DefaultJwtSigningAndValidationService jwtSignerValidationService,
|
||||
String issuer
|
||||
) {
|
||||
this.jwtProviderMetadata = jwtProviderMetadata;
|
||||
this.jwtSignerValidationService = jwtSignerValidationService;
|
||||
|
||||
this.issuer = issuer;
|
||||
}
|
||||
|
||||
public String buildLoginJwt() {
|
||||
_logger.debug("buildLoginJwt .");
|
||||
_logger.debug("build Login JWT .");
|
||||
|
||||
DateTime currentDateTime = DateTime.now();
|
||||
Date expirationTime = currentDateTime.plusMinutes(5).toDate();
|
||||
_logger.debug("expiration Time : " + expirationTime);
|
||||
_logger.debug("Expiration Time : " + expirationTime);
|
||||
JWTClaimsSet jwtClaims = new JWTClaimsSet.Builder().subject(WebContext.getSession().getId())
|
||||
.expirationTime(expirationTime).issuer(jwtProviderMetadata.getIssuer())
|
||||
.expirationTime(expirationTime).issuer(getIssuer())
|
||||
.issueTime(currentDateTime.toDate()).jwtID(UUID.randomUUID().toString()).build();
|
||||
|
||||
JWT jwtToken = new PlainJWT(jwtClaims);
|
||||
|
||||
_logger.info("jwt Claims : " + jwtClaims.toString());
|
||||
_logger.info("JWT Claims : " + jwtClaims.toString());
|
||||
|
||||
JWSAlgorithm signingAlg = jwtSignerValidationService.getDefaultSigningAlgorithm();
|
||||
|
||||
@ -74,7 +71,7 @@ public class JwtLoginService {
|
||||
jwtSignerValidationService.signJwt((SignedJWT) jwtToken);
|
||||
|
||||
String tokenString = jwtToken.serialize();
|
||||
_logger.debug("jwt Token : " + tokenString);
|
||||
_logger.debug("JWT Token : " + tokenString);
|
||||
return tokenString;
|
||||
}
|
||||
|
||||
@ -82,58 +79,56 @@ public class JwtLoginService {
|
||||
SignedJWT signedJWT = null;
|
||||
JWTClaimsSet jwtClaimsSet = null;
|
||||
try {
|
||||
|
||||
RSASSAVerifier rsaSSAVerifier = new RSASSAVerifier(((RSAKey) jwtSignerValidationService.getAllPublicKeys()
|
||||
.get(jwtSignerValidationService.getDefaultSignerKeyId())).toRSAPublicKey());
|
||||
RSASSAVerifier rsaSSAVerifier =
|
||||
new RSASSAVerifier(((RSAKey) jwtSignerValidationService.getAllPublicKeys()
|
||||
.get(jwtSignerValidationService.getDefaultSignerKeyId())).toRSAPublicKey());
|
||||
|
||||
signedJWT = SignedJWT.parse(jwt);
|
||||
|
||||
if (signedJWT.verify(rsaSSAVerifier)) {
|
||||
jwtClaimsSet = signedJWT.getJWTClaimsSet();
|
||||
_logger.debug("" + signedJWT.getPayload());
|
||||
_logger.debug("username " + jwtClaimsSet.getSubject());
|
||||
_logger.debug("jwtClaimsSet Issuer " + jwtClaimsSet.getIssuer());
|
||||
_logger.debug("Metadata Issuer " + jwtProviderMetadata.getIssuer());
|
||||
if ( jwtClaimsSet.getIssuer().equals(jwtProviderMetadata.getIssuer())) {
|
||||
_logger.debug("Issuer equals ");
|
||||
DateTime now = new DateTime();
|
||||
if (now.isBefore(jwtClaimsSet.getExpirationTime().getTime())) {
|
||||
_logger.debug("ExpirationTime Validation " + now.isBefore(jwtClaimsSet.getExpirationTime().getTime()));
|
||||
return signedJWT;
|
||||
}
|
||||
} else {
|
||||
_logger.debug("Issuer not equals ");
|
||||
}
|
||||
} else {
|
||||
_logger.debug("verify false ");
|
||||
}
|
||||
boolean isIssuerMatches = jwtClaimsSet.getIssuer().equals(getIssuer());
|
||||
boolean isExpiration = (new DateTime()).isBefore(
|
||||
jwtClaimsSet.getExpirationTime().getTime());
|
||||
|
||||
_logger.debug("Signed JWT {}" , signedJWT.getPayload());
|
||||
_logger.debug("Subject is {}" , jwtClaimsSet.getSubject());
|
||||
_logger.debug("ExpirationTime Validation {}" ,isExpiration);
|
||||
_logger.debug("JWT ClaimsSet Issuer {}, Metadata Issuer {}, Issuer is matches {}" ,
|
||||
jwtClaimsSet.getIssuer(), getIssuer(), isIssuerMatches
|
||||
);
|
||||
|
||||
if ( isIssuerMatches && isExpiration ) {
|
||||
return signedJWT;
|
||||
}
|
||||
}else {
|
||||
_logger.debug("JWT Signer Verify false.");
|
||||
}
|
||||
} catch (java.text.ParseException e) {
|
||||
// Invalid signed JWT encoding
|
||||
_logger.error("Invalid signed JWT encoding ",e);
|
||||
} catch (JOSEException e) {
|
||||
// TODO Auto-generated catch block
|
||||
e.printStackTrace();
|
||||
_logger.error("JOSEException ",e);
|
||||
}
|
||||
return null;
|
||||
}
|
||||
|
||||
|
||||
public void setJwtProviderMetadata(OIDCProviderMetadataDetails jwtProviderMetadata) {
|
||||
this.jwtProviderMetadata = jwtProviderMetadata;
|
||||
}
|
||||
|
||||
public void setJwtSignerValidationService(DefaultJwtSigningAndValidationService jwtSignerValidationService) {
|
||||
this.jwtSignerValidationService = jwtSignerValidationService;
|
||||
}
|
||||
|
||||
public OIDCProviderMetadataDetails getJwtProviderMetadata() {
|
||||
return jwtProviderMetadata;
|
||||
}
|
||||
public DefaultJwtSigningAndValidationService getJwtSignerValidationService() {
|
||||
return jwtSignerValidationService;
|
||||
}
|
||||
|
||||
public String getIssuer() {
|
||||
return issuer;
|
||||
}
|
||||
|
||||
public void setIssuer(String issuer) {
|
||||
this.issuer = issuer;
|
||||
}
|
||||
|
||||
|
||||
|
||||
}
|
||||
|
||||
@ -63,7 +63,7 @@ public class AuthenticationAutoConfiguration implements InitializingBean {
|
||||
OnlineTicketServices onlineTicketServices
|
||||
) {
|
||||
|
||||
_logger.debug("init authenticationProvider .");
|
||||
_logger.debug("init authentication Provider .");
|
||||
return new RealmAuthenticationProvider(
|
||||
authenticationRealm,
|
||||
applicationConfig,
|
||||
|
||||
@ -18,15 +18,11 @@
|
||||
package org.maxkey.autoconfigure;
|
||||
|
||||
import com.nimbusds.jose.JOSEException;
|
||||
import com.nimbusds.jose.JWEAlgorithm;
|
||||
import java.net.URI;
|
||||
import java.security.NoSuchAlgorithmException;
|
||||
import java.security.spec.InvalidKeySpecException;
|
||||
|
||||
import org.maxkey.authn.support.jwt.JwtLoginService;
|
||||
import org.maxkey.configuration.oidc.OIDCProviderMetadataDetails;
|
||||
import org.maxkey.crypto.jose.keystore.JWKSetKeyStore;
|
||||
import org.maxkey.crypto.jwt.encryption.service.impl.DefaultJwtEncryptionAndDecryptionService;
|
||||
import org.maxkey.crypto.jwt.signer.service.impl.DefaultJwtSigningAndValidationService;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
@ -42,92 +38,51 @@ public class JwtAuthnAutoConfiguration implements InitializingBean {
|
||||
private static final Logger _logger = LoggerFactory.getLogger(JwtAuthnAutoConfiguration.class);
|
||||
|
||||
/**
|
||||
* OIDCProviderMetadataDetails.
|
||||
* Self-issued Provider Metadata
|
||||
* http://openid.net/specs/openid-connect-core-1_0.html#SelfIssued
|
||||
*/
|
||||
@Bean(name = "oidcProviderMetadata")
|
||||
public OIDCProviderMetadataDetails OIDCProviderMetadataDetails(
|
||||
@Value("${maxkey.oidc.metadata.issuer}")
|
||||
String issuer,
|
||||
@Value("${maxkey.oidc.metadata.authorizationEndpoint}")
|
||||
URI authorizationEndpoint,
|
||||
@Value("${maxkey.oidc.metadata.tokenEndpoint}")
|
||||
URI tokenEndpoint,
|
||||
@Value("${maxkey.oidc.metadata.userinfoEndpoint}")
|
||||
URI userinfoEndpoint) {
|
||||
_logger.debug("RedisConnectionFactory init .");
|
||||
OIDCProviderMetadataDetails oidcProviderMetadata = new OIDCProviderMetadataDetails();
|
||||
oidcProviderMetadata.setIssuer(issuer);
|
||||
oidcProviderMetadata.setAuthorizationEndpoint(authorizationEndpoint);
|
||||
oidcProviderMetadata.setTokenEndpoint(tokenEndpoint);
|
||||
oidcProviderMetadata.setUserinfoEndpoint(userinfoEndpoint);
|
||||
return oidcProviderMetadata;
|
||||
}
|
||||
|
||||
/**
|
||||
* jwtSetKeyStore.
|
||||
* jwt Login JwkSetKeyStore.
|
||||
* @return
|
||||
*/
|
||||
@Bean(name = "jwkSetKeyStore")
|
||||
public JWKSetKeyStore jwtSetKeyStore() {
|
||||
@Bean(name = "jwtLoginJwkSetKeyStore")
|
||||
public JWKSetKeyStore jwtLoginJwkSetKeyStore() {
|
||||
JWKSetKeyStore jwkSetKeyStore = new JWKSetKeyStore();
|
||||
ClassPathResource classPathResource = new ClassPathResource("/config/keystore.jwks");
|
||||
ClassPathResource classPathResource = new ClassPathResource("/config/loginjwkkeystore.jwks");
|
||||
jwkSetKeyStore.setLocation(classPathResource);
|
||||
_logger.debug("JWT Login JwkSet KeyStore init.");
|
||||
return jwkSetKeyStore;
|
||||
}
|
||||
|
||||
/**
|
||||
* jwtSetKeyStore.
|
||||
* jwt Login ValidationService.
|
||||
* @return
|
||||
* @throws JOSEException
|
||||
* @throws InvalidKeySpecException
|
||||
* @throws NoSuchAlgorithmException
|
||||
*/
|
||||
@Bean(name = "jwtSignerValidationService")
|
||||
public DefaultJwtSigningAndValidationService jwtSignerValidationService(
|
||||
JWKSetKeyStore jwtSetKeyStore)
|
||||
@Bean(name = "jwtLoginValidationService")
|
||||
public DefaultJwtSigningAndValidationService jwtLoginValidationService(
|
||||
JWKSetKeyStore jwtLoginJwkSetKeyStore)
|
||||
throws NoSuchAlgorithmException, InvalidKeySpecException, JOSEException {
|
||||
DefaultJwtSigningAndValidationService jwtSignerValidationService =
|
||||
new DefaultJwtSigningAndValidationService(jwtSetKeyStore);
|
||||
new DefaultJwtSigningAndValidationService(jwtLoginJwkSetKeyStore);
|
||||
jwtSignerValidationService.setDefaultSignerKeyId("maxkey_rsa");
|
||||
jwtSignerValidationService.setDefaultSigningAlgorithmName("RS256");
|
||||
_logger.debug("JWT Login Signing and Validation init.");
|
||||
return jwtSignerValidationService;
|
||||
}
|
||||
|
||||
/**
|
||||
* jwtSetKeyStore.
|
||||
* @return
|
||||
* @throws JOSEException
|
||||
* @throws InvalidKeySpecException
|
||||
* @throws NoSuchAlgorithmException
|
||||
*/
|
||||
@Bean(name = "jwtEncryptionService")
|
||||
public DefaultJwtEncryptionAndDecryptionService jwtEncryptionService(
|
||||
JWKSetKeyStore jwtSetKeyStore)
|
||||
throws NoSuchAlgorithmException, InvalidKeySpecException, JOSEException {
|
||||
DefaultJwtEncryptionAndDecryptionService jwtEncryptionService =
|
||||
new DefaultJwtEncryptionAndDecryptionService(jwtSetKeyStore);
|
||||
jwtEncryptionService.setDefaultAlgorithm(JWEAlgorithm.RSA_OAEP_256);//RSA1_5
|
||||
jwtEncryptionService.setDefaultDecryptionKeyId("maxkey_rsa");
|
||||
jwtEncryptionService.setDefaultEncryptionKeyId("maxkey_rsa");
|
||||
return jwtEncryptionService;
|
||||
}
|
||||
|
||||
/**
|
||||
* JwtLoginService.
|
||||
* Jwt LoginService.
|
||||
* @return
|
||||
*/
|
||||
@Bean(name = "jwtLoginService")
|
||||
public JwtLoginService jwtLoginService(
|
||||
DefaultJwtSigningAndValidationService jwtSignerValidationService,
|
||||
OIDCProviderMetadataDetails oidcProviderMetadata) {
|
||||
|
||||
@Value("${maxkey.login.jwt.issuer}")
|
||||
String issuer,
|
||||
DefaultJwtSigningAndValidationService jwtLoginValidationService) {
|
||||
JwtLoginService jwtLoginService = new JwtLoginService(
|
||||
oidcProviderMetadata,
|
||||
jwtSignerValidationService
|
||||
jwtLoginValidationService,
|
||||
issuer
|
||||
);
|
||||
|
||||
_logger.debug("JWT Login Service init.");
|
||||
return jwtLoginService;
|
||||
}
|
||||
|
||||
|
||||
@ -17,10 +17,10 @@
|
||||
|
||||
package org.maxkey.autoconfigure;
|
||||
|
||||
import com.alibaba.druid.spring.boot.autoconfigure.DruidDataSourceBuilder;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
import javax.sql.DataSource;
|
||||
|
||||
import org.maxkey.crypto.keystore.KeyStoreLoader;
|
||||
import org.maxkey.crypto.password.LdapShaPasswordEncoder;
|
||||
import org.maxkey.crypto.password.Md4PasswordEncoder;
|
||||
@ -36,12 +36,9 @@ import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
import org.springframework.beans.factory.annotation.Value;
|
||||
import org.springframework.boot.context.properties.ConfigurationProperties;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.context.annotation.Primary;
|
||||
import org.springframework.core.io.Resource;
|
||||
import org.springframework.jdbc.core.JdbcTemplate;
|
||||
import org.springframework.jdbc.datasource.DataSourceTransactionManager;
|
||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||
import org.springframework.security.crypto.password.DelegatingPasswordEncoder;
|
||||
@ -50,36 +47,21 @@ import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.security.crypto.password.Pbkdf2PasswordEncoder;
|
||||
import org.springframework.security.crypto.scrypt.SCryptPasswordEncoder;
|
||||
|
||||
|
||||
@Configuration
|
||||
public class ApplicationAutoConfiguration implements InitializingBean {
|
||||
private static final Logger _logger =
|
||||
LoggerFactory.getLogger(ApplicationAutoConfiguration.class);
|
||||
|
||||
@Bean
|
||||
@Primary
|
||||
@ConfigurationProperties("spring.datasource")
|
||||
public DataSource dataSource() {
|
||||
return DruidDataSourceBuilder.create().build();
|
||||
}
|
||||
|
||||
@Bean(name = "passwordReciprocal")
|
||||
public PasswordReciprocal passwordReciprocal() {
|
||||
return new PasswordReciprocal();
|
||||
}
|
||||
|
||||
|
||||
@Bean(name = "jdbcTemplate")
|
||||
public JdbcTemplate jdbcTemplate(DataSource dataSource) {
|
||||
return new JdbcTemplate(dataSource);
|
||||
}
|
||||
|
||||
@Bean(name = "transactionManager")
|
||||
public DataSourceTransactionManager transactionManager(DataSource dataSource) {
|
||||
return new DataSourceTransactionManager(dataSource);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* Authentication Password Encoder .
|
||||
* @return
|
||||
@ -162,7 +144,6 @@ public class ApplicationAutoConfiguration implements InitializingBean {
|
||||
return spIssuingEntityName;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* spKeyStoreLoader .
|
||||
* @return
|
||||
|
||||
@ -17,7 +17,6 @@
|
||||
|
||||
package org.maxkey.autoconfigure;
|
||||
|
||||
import java.nio.charset.Charset;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
|
||||
@ -39,8 +38,6 @@ import org.springframework.boot.web.server.WebServerFactoryCustomizer;
|
||||
import org.springframework.boot.web.servlet.FilterRegistrationBean;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.context.annotation.DependsOn;
|
||||
import org.springframework.context.annotation.Primary;
|
||||
import org.springframework.context.support.ReloadableResourceBundleMessageSource;
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.http.MediaType;
|
||||
@ -53,6 +50,8 @@ import org.springframework.security.web.servletapi.SecurityContextHolderAwareReq
|
||||
import org.springframework.web.client.RestTemplate;
|
||||
import org.springframework.web.filter.DelegatingFilterProxy;
|
||||
import org.springframework.web.multipart.commons.CommonsMultipartResolver;
|
||||
import org.springframework.web.servlet.LocaleResolver;
|
||||
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
|
||||
import org.springframework.web.servlet.i18n.CookieLocaleResolver;
|
||||
import org.springframework.web.servlet.i18n.LocaleChangeInterceptor;
|
||||
import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerAdapter;
|
||||
@ -60,25 +59,9 @@ import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandl
|
||||
|
||||
|
||||
@Configuration
|
||||
public class MvcAutoConfiguration implements InitializingBean {
|
||||
public class MvcAutoConfiguration implements InitializingBean , WebMvcConfigurer {
|
||||
private static final Logger _logger = LoggerFactory.getLogger(MvcAutoConfiguration.class);
|
||||
|
||||
/**
|
||||
* cookieLocaleResolver .
|
||||
* @return cookieLocaleResolver
|
||||
*/
|
||||
@Primary
|
||||
@Bean (name = "localeResolver")
|
||||
public CookieLocaleResolver cookieLocaleResolver(
|
||||
@Value("${maxkey.server.domain:maxkey.top}")String domainName) {
|
||||
_logger.debug("DomainName " + domainName);
|
||||
CookieLocaleResolver cookieLocaleResolver = new CookieLocaleResolver();
|
||||
cookieLocaleResolver.setCookieName("maxkey_locale");
|
||||
cookieLocaleResolver.setCookieDomain(domainName);
|
||||
cookieLocaleResolver.setCookieMaxAge(ConstantsTimeInterval.TWO_WEEK);
|
||||
return cookieLocaleResolver;
|
||||
}
|
||||
|
||||
/**
|
||||
* 消息处理,可以直接使用properties的key值,返回的是对应的value值
|
||||
* messageSource .
|
||||
@ -188,14 +171,21 @@ public class MvcAutoConfiguration implements InitializingBean {
|
||||
}
|
||||
|
||||
/**
|
||||
* stringHttpMessageConverter .
|
||||
* @return stringHttpMessageConverter
|
||||
* cookieLocaleResolver .
|
||||
* @return cookieLocaleResolver
|
||||
*/
|
||||
@Bean (name = "stringHttpMessageConverter")
|
||||
public HttpMessageConverter<String> responseBodyConverter() {
|
||||
StringHttpMessageConverter stringHttpMessageConverter =
|
||||
new StringHttpMessageConverter(Charset.forName("UTF-8"));
|
||||
return stringHttpMessageConverter;
|
||||
|
||||
@Bean(name = "cookieLocaleResolver")
|
||||
public LocaleResolver cookieLocaleResolver(
|
||||
@Value("${maxkey.server.domain:maxkey.top}")
|
||||
String domainName
|
||||
) {
|
||||
_logger.debug("DomainName " + domainName);
|
||||
CookieLocaleResolver cookieLocaleResolver = new CookieLocaleResolver();
|
||||
cookieLocaleResolver.setCookieName("mxk_locale");
|
||||
cookieLocaleResolver.setCookieDomain(domainName);
|
||||
cookieLocaleResolver.setCookieMaxAge(ConstantsTimeInterval.TWO_WEEK);
|
||||
return cookieLocaleResolver;
|
||||
}
|
||||
|
||||
/**
|
||||
@ -203,20 +193,19 @@ public class MvcAutoConfiguration implements InitializingBean {
|
||||
* requestMappingHandlerAdapter .
|
||||
* @return requestMappingHandlerAdapter
|
||||
*/
|
||||
@DependsOn("stringHttpMessageConverter")
|
||||
@Bean (name = "requestMappingHandlerAdapter")
|
||||
@Bean (name = "addConverterRequestMappingHandlerAdapter")
|
||||
public RequestMappingHandlerAdapter requestMappingHandlerAdapter(
|
||||
MappingJackson2HttpMessageConverter mappingJacksonHttpMessageConverter,
|
||||
MarshallingHttpMessageConverter marshallingHttpMessageConverter,
|
||||
StringHttpMessageConverter stringHttpMessageConverter) {
|
||||
StringHttpMessageConverter stringHttpMessageConverter,
|
||||
RequestMappingHandlerAdapter requestMappingHandlerAdapter) {
|
||||
List<HttpMessageConverter<?>> httpMessageConverterList =
|
||||
new ArrayList<HttpMessageConverter<?>>();
|
||||
httpMessageConverterList.add(mappingJacksonHttpMessageConverter);
|
||||
httpMessageConverterList.add(marshallingHttpMessageConverter);
|
||||
httpMessageConverterList.add(stringHttpMessageConverter);
|
||||
_logger.debug("stringHttpMessageConverter {}",stringHttpMessageConverter.getDefaultCharset());
|
||||
|
||||
RequestMappingHandlerAdapter requestMappingHandlerAdapter =
|
||||
new RequestMappingHandlerAdapter();
|
||||
requestMappingHandlerAdapter.setMessageConverters(httpMessageConverterList);
|
||||
return requestMappingHandlerAdapter;
|
||||
}
|
||||
@ -295,9 +284,8 @@ public class MvcAutoConfiguration implements InitializingBean {
|
||||
LoginService loginService,
|
||||
LoginHistoryService loginHistoryService
|
||||
) {
|
||||
SessionListenerAdapter sessionListenerAdapter =new SessionListenerAdapter();
|
||||
sessionListenerAdapter.setLoginService(loginService);
|
||||
sessionListenerAdapter.setLoginHistoryService(loginHistoryService);
|
||||
SessionListenerAdapter sessionListenerAdapter =
|
||||
new SessionListenerAdapter(loginService,loginHistoryService);
|
||||
return sessionListenerAdapter;
|
||||
}
|
||||
|
||||
|
||||
@ -36,6 +36,7 @@ import org.maxkey.util.PathUtils;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.BeansException;
|
||||
import org.springframework.beans.factory.support.BeanDefinitionRegistry;
|
||||
import org.springframework.context.ApplicationContext;
|
||||
import org.springframework.context.ConfigurableApplicationContext;
|
||||
import org.springframework.context.support.PropertySourcesPlaceholderConfigurer;
|
||||
@ -95,6 +96,14 @@ public class InitializeContext extends HttpServlet {
|
||||
}
|
||||
|
||||
public InitializeContext(ConfigurableApplicationContext applicationContext) {
|
||||
if(applicationContext.containsBean("localeResolver") &&
|
||||
applicationContext.containsBean("cookieLocaleResolver")) {
|
||||
BeanDefinitionRegistry beanFactory = (BeanDefinitionRegistry)applicationContext.getBeanFactory();
|
||||
beanFactory.removeBeanDefinition("localeResolver");
|
||||
beanFactory.registerBeanDefinition("localeResolver",
|
||||
beanFactory.getBeanDefinition("cookieLocaleResolver"));
|
||||
_logger.debug("cookieLocaleResolver replaced localeResolver.");
|
||||
}
|
||||
this.applicationContext = applicationContext;
|
||||
}
|
||||
|
||||
|
||||
@ -44,6 +44,13 @@ public class SessionListenerAdapter implements HttpSessionListener {
|
||||
_logger.debug("SessionListenerAdapter inited . ");
|
||||
}
|
||||
|
||||
public SessionListenerAdapter(LoginService loginService, LoginHistoryService loginHistoryService) {
|
||||
super();
|
||||
this.loginService = loginService;
|
||||
this.loginHistoryService = loginHistoryService;
|
||||
_logger.debug("SessionListenerAdapter inited . ");
|
||||
}
|
||||
|
||||
public void init() {
|
||||
if(loginService == null ) {
|
||||
loginService = (LoginService)WebContext.getBean("loginService");
|
||||
|
||||
@ -77,7 +77,7 @@ public class WebConstants {
|
||||
|
||||
public static final String AUTHENTICATION = "current_authentication";
|
||||
|
||||
public static final String THEME_COOKIE_NAME = "theme_value";
|
||||
public static final String THEME_COOKIE_NAME = "mxk_theme_value";
|
||||
|
||||
public static final String LOGIN_ERROR_SESSION_MESSAGE
|
||||
= "login_error_session_message_key";
|
||||
|
||||
@ -23,7 +23,6 @@ import java.security.spec.InvalidKeySpecException;
|
||||
|
||||
import javax.servlet.Filter;
|
||||
import javax.sql.DataSource;
|
||||
import org.maxkey.authn.support.jwt.JwtLoginService;
|
||||
import org.maxkey.authz.oauth2.common.OAuth2Constants;
|
||||
import org.maxkey.authz.oauth2.provider.ClientDetailsService;
|
||||
import org.maxkey.authz.oauth2.provider.OAuth2UserDetailsService;
|
||||
@ -98,7 +97,7 @@ public class Oauth20AutoConfiguration implements InitializingBean {
|
||||
URI tokenEndpoint,
|
||||
@Value("${maxkey.oidc.metadata.userinfoEndpoint}")
|
||||
URI userinfoEndpoint) {
|
||||
_logger.debug("OIDCProviderMetadataDetails init .");
|
||||
_logger.debug("OIDC Provider Metadata Details init .");
|
||||
OIDCProviderMetadataDetails oidcProviderMetadata = new OIDCProviderMetadataDetails();
|
||||
oidcProviderMetadata.setIssuer(issuer);
|
||||
oidcProviderMetadata.setAuthorizationEndpoint(authorizationEndpoint);
|
||||
@ -112,10 +111,11 @@ public class Oauth20AutoConfiguration implements InitializingBean {
|
||||
* @return
|
||||
*/
|
||||
@Bean(name = "jwkSetKeyStore")
|
||||
public JWKSetKeyStore jwtSetKeyStore() {
|
||||
public JWKSetKeyStore jwkSetKeyStore() {
|
||||
JWKSetKeyStore jwkSetKeyStore = new JWKSetKeyStore();
|
||||
ClassPathResource classPathResource = new ClassPathResource("/config/keystore.jwks");
|
||||
jwkSetKeyStore.setLocation(classPathResource);
|
||||
_logger.debug("JWKSet KeyStore init.");
|
||||
return jwkSetKeyStore;
|
||||
}
|
||||
|
||||
@ -128,12 +128,13 @@ public class Oauth20AutoConfiguration implements InitializingBean {
|
||||
*/
|
||||
@Bean(name = "jwtSignerValidationService")
|
||||
public DefaultJwtSigningAndValidationService jwtSignerValidationService(
|
||||
JWKSetKeyStore jwtSetKeyStore)
|
||||
JWKSetKeyStore jwkSetKeyStore)
|
||||
throws NoSuchAlgorithmException, InvalidKeySpecException, JOSEException {
|
||||
DefaultJwtSigningAndValidationService jwtSignerValidationService =
|
||||
new DefaultJwtSigningAndValidationService(jwtSetKeyStore);
|
||||
new DefaultJwtSigningAndValidationService(jwkSetKeyStore);
|
||||
jwtSignerValidationService.setDefaultSignerKeyId("maxkey_rsa");
|
||||
jwtSignerValidationService.setDefaultSigningAlgorithmName("RS256");
|
||||
_logger.debug("JWT Signer and Validation Service init.");
|
||||
return jwtSignerValidationService;
|
||||
}
|
||||
|
||||
@ -146,33 +147,17 @@ public class Oauth20AutoConfiguration implements InitializingBean {
|
||||
*/
|
||||
@Bean(name = "jwtEncryptionService")
|
||||
public DefaultJwtEncryptionAndDecryptionService jwtEncryptionService(
|
||||
JWKSetKeyStore jwtSetKeyStore)
|
||||
JWKSetKeyStore jwkSetKeyStore)
|
||||
throws NoSuchAlgorithmException, InvalidKeySpecException, JOSEException {
|
||||
DefaultJwtEncryptionAndDecryptionService jwtEncryptionService =
|
||||
new DefaultJwtEncryptionAndDecryptionService(jwtSetKeyStore);
|
||||
new DefaultJwtEncryptionAndDecryptionService(jwkSetKeyStore);
|
||||
jwtEncryptionService.setDefaultAlgorithm(JWEAlgorithm.RSA_OAEP_256);//RSA1_5
|
||||
jwtEncryptionService.setDefaultDecryptionKeyId("maxkey_rsa");
|
||||
jwtEncryptionService.setDefaultEncryptionKeyId("maxkey_rsa");
|
||||
_logger.debug("JWT Encryption and Decryption Service init.");
|
||||
return jwtEncryptionService;
|
||||
}
|
||||
|
||||
/**
|
||||
* JwtLoginService.
|
||||
* @return
|
||||
*/
|
||||
@Bean(name = "jwtLoginService")
|
||||
public JwtLoginService jwtLoginService(
|
||||
DefaultJwtSigningAndValidationService jwtSignerValidationService,
|
||||
OIDCProviderMetadataDetails oidcProviderMetadata) {
|
||||
|
||||
JwtLoginService jwtLoginService = new JwtLoginService(
|
||||
oidcProviderMetadata,
|
||||
jwtSignerValidationService
|
||||
);
|
||||
return jwtLoginService;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* tokenEnhancer.
|
||||
* @return
|
||||
@ -188,6 +173,7 @@ public class Oauth20AutoConfiguration implements InitializingBean {
|
||||
tokenEnhancer.setJwtEnDecryptionService(jwtEncryptionService);
|
||||
tokenEnhancer.setClientDetailsService(oauth20JdbcClientDetailsService);
|
||||
tokenEnhancer.setProviderMetadata(oidcProviderMetadata);
|
||||
_logger.debug("OIDC IdToken Enhancer init.");
|
||||
return tokenEnhancer;
|
||||
}
|
||||
//以上部分为了支持OpenID Connect 1.0
|
||||
@ -203,6 +189,7 @@ public class Oauth20AutoConfiguration implements InitializingBean {
|
||||
@Value("${maxkey.server.persistence}") int persistence,
|
||||
JdbcTemplate jdbcTemplate,
|
||||
RedisConnectionFactory redisConnFactory) {
|
||||
_logger.debug("OAuth 2 Authorization Code Services init.");
|
||||
return new AuthorizationCodeServicesFactory().getService(persistence, jdbcTemplate, redisConnFactory);
|
||||
}
|
||||
|
||||
@ -216,7 +203,7 @@ public class Oauth20AutoConfiguration implements InitializingBean {
|
||||
@Value("${maxkey.server.persistence}") int persistence,
|
||||
JdbcTemplate jdbcTemplate,
|
||||
RedisConnectionFactory redisConnFactory) {
|
||||
|
||||
_logger.debug("OAuth 2 TokenStore init.");
|
||||
return new TokenStoreFactory().getTokenStore(persistence, jdbcTemplate, redisConnFactory);
|
||||
}
|
||||
|
||||
@ -227,6 +214,7 @@ public class Oauth20AutoConfiguration implements InitializingBean {
|
||||
@Bean(name = "converter")
|
||||
public JwtAccessTokenConverter jwtAccessTokenConverter() {
|
||||
JwtAccessTokenConverter jwtAccessTokenConverter = new JwtAccessTokenConverter();
|
||||
_logger.debug("OAuth 2 Jwt AccessToken Converter init.");
|
||||
return jwtAccessTokenConverter;
|
||||
}
|
||||
|
||||
@ -238,6 +226,7 @@ public class Oauth20AutoConfiguration implements InitializingBean {
|
||||
public JdbcClientDetailsService clientDetailsService(DataSource dataSource,PasswordEncoder passwordReciprocal) {
|
||||
JdbcClientDetailsService clientDetailsService = new JdbcClientDetailsService(dataSource);
|
||||
clientDetailsService.setPasswordEncoder(passwordReciprocal);
|
||||
_logger.debug("OAuth 2 Jdbc ClientDetails Service init.");
|
||||
return clientDetailsService;
|
||||
}
|
||||
|
||||
@ -255,6 +244,7 @@ public class Oauth20AutoConfiguration implements InitializingBean {
|
||||
tokenServices.setTokenEnhancer(tokenEnhancer);
|
||||
tokenServices.setTokenStore(oauth20TokenStore);
|
||||
tokenServices.setSupportRefreshToken(true);
|
||||
_logger.debug("OAuth 2 Token Services init.");
|
||||
return tokenServices;
|
||||
}
|
||||
|
||||
@ -268,6 +258,7 @@ public class Oauth20AutoConfiguration implements InitializingBean {
|
||||
TokenStore oauth20TokenStore) {
|
||||
TokenApprovalStore tokenApprovalStore = new TokenApprovalStore();
|
||||
tokenApprovalStore.setTokenStore(oauth20TokenStore);
|
||||
_logger.debug("OAuth 2 Approval Store init.");
|
||||
return tokenApprovalStore;
|
||||
}
|
||||
|
||||
@ -281,6 +272,7 @@ public class Oauth20AutoConfiguration implements InitializingBean {
|
||||
JdbcClientDetailsService oauth20JdbcClientDetailsService) {
|
||||
DefaultOAuth2RequestFactory oauth2RequestFactory =
|
||||
new DefaultOAuth2RequestFactory(oauth20JdbcClientDetailsService);
|
||||
_logger.debug("OAuth 2 Request Factory init.");
|
||||
return oauth2RequestFactory;
|
||||
}
|
||||
|
||||
@ -298,6 +290,7 @@ public class Oauth20AutoConfiguration implements InitializingBean {
|
||||
userApprovalHandler.setApprovalStore(oauth20ApprovalStore);
|
||||
userApprovalHandler.setRequestFactory(oAuth2RequestFactory);
|
||||
userApprovalHandler.setClientDetailsService(oauth20JdbcClientDetailsService);
|
||||
_logger.debug("OAuth 2 User Approval Handler init.");
|
||||
return userApprovalHandler;
|
||||
}
|
||||
|
||||
@ -318,6 +311,7 @@ public class Oauth20AutoConfiguration implements InitializingBean {
|
||||
daoAuthenticationProvider.setPasswordEncoder(passwordEncoder);
|
||||
daoAuthenticationProvider.setUserDetailsService(userDetailsService);
|
||||
ProviderManager authenticationManager = new ProviderManager(daoAuthenticationProvider);
|
||||
_logger.debug("OAuth 2 User Authentication Manager init.");
|
||||
return authenticationManager;
|
||||
}
|
||||
|
||||
@ -338,6 +332,7 @@ public class Oauth20AutoConfiguration implements InitializingBean {
|
||||
daoAuthenticationProvider.setPasswordEncoder(passwordReciprocal);
|
||||
daoAuthenticationProvider.setUserDetailsService(cientDetailsUserDetailsService);
|
||||
ProviderManager authenticationManager = new ProviderManager(daoAuthenticationProvider);
|
||||
_logger.debug("OAuth 2 Client Authentication Manager init.");
|
||||
return authenticationManager;
|
||||
}
|
||||
|
||||
|
||||
@ -157,15 +157,15 @@ public class MaxKeyConfig implements InitializingBean {
|
||||
AbstractRemeberMeService remeberMeService,
|
||||
UserInfoService userInfoService,
|
||||
JdbcTemplate jdbcTemplate,
|
||||
@Value("${maxkey.support.ldap.enable:false}")boolean ldapSupport,
|
||||
@Value("${maxkey.support.ldap.jit:false}")boolean ldapJit,
|
||||
@Value("${maxkey.support.ldap.providerurl}")String providerUrl,
|
||||
@Value("${maxkey.support.ldap.principal}")String principal,
|
||||
@Value("${maxkey.support.ldap.credentials}")String credentials,
|
||||
@Value("${maxkey.support.ldap.filter}")String filter,
|
||||
@Value("${maxkey.support.ldap.basedn}")String baseDN,
|
||||
@Value("${maxkey.support.ldap.activedirectory.domain}")String domain,
|
||||
@Value("${maxkey.support.ldap.product:openldap}")String product) {
|
||||
@Value("${maxkey.login.ldap.enable:false}")boolean ldapSupport,
|
||||
@Value("${maxkey.login.ldap.jit:false}")boolean ldapJit,
|
||||
@Value("${maxkey.login.ldap.providerurl}")String providerUrl,
|
||||
@Value("${maxkey.login.ldap.principal}")String principal,
|
||||
@Value("${maxkey.login.ldap.credentials}")String credentials,
|
||||
@Value("${maxkey.login.ldap.filter}")String filter,
|
||||
@Value("${maxkey.login.ldap.basedn}")String baseDN,
|
||||
@Value("${maxkey.login.ldap.activedirectory.domain}")String domain,
|
||||
@Value("${maxkey.login.ldap.product:openldap}")String product) {
|
||||
AbstractAuthenticationRealm ldapAuthenticationRealm =
|
||||
ldapAuthenticationRealm(
|
||||
ldapSupport,ldapJit,
|
||||
@ -281,13 +281,13 @@ public class MaxKeyConfig implements InitializingBean {
|
||||
|
||||
@Bean(name = "kerberosService")
|
||||
public RemoteKerberosService kerberosService(
|
||||
@Value("${maxkey.support.kerberos.default.userdomain}")
|
||||
@Value("${maxkey.login.kerberos.default.userdomain}")
|
||||
String userDomain,
|
||||
@Value("${maxkey.support.kerberos.default.fulluserdomain}")
|
||||
@Value("${maxkey.login.kerberos.default.fulluserdomain}")
|
||||
String fullUserDomain,
|
||||
@Value("${maxkey.support.kerberos.default.crypto}")
|
||||
@Value("${maxkey.login.kerberos.default.crypto}")
|
||||
String crypto,
|
||||
@Value("${maxkey.support.kerberos.default.redirecturi}")
|
||||
@Value("${maxkey.login.kerberos.default.redirecturi}")
|
||||
String redirectUri
|
||||
) {
|
||||
RemoteKerberosService kerberosService = new RemoteKerberosService();
|
||||
|
||||
@ -77,13 +77,13 @@ public class MaxKeyMvcConfig implements WebMvcConfigurer {
|
||||
@Autowired
|
||||
HistoryLoginAppAdapter historyLoginAppAdapter;
|
||||
|
||||
@Value("${maxkey.support.httpheader.enable:false}")
|
||||
@Value("${maxkey.login.httpheader.enable:false}")
|
||||
private boolean httpHeaderEnable;
|
||||
|
||||
@Value("${maxkey.support.httpheader.headername:iv-user}")
|
||||
@Value("${maxkey.login.httpheader.headername:iv-user}")
|
||||
private String httpHeaderName;
|
||||
|
||||
@Value("${maxkey.support.basic.enable:false}")
|
||||
@Value("${maxkey.login.basic.enable:false}")
|
||||
private boolean basicEnable;
|
||||
|
||||
@Override
|
||||
|
||||
@ -68,9 +68,13 @@ maxkey.login.wsfederation =false
|
||||
maxkey.login.remeberme =${LOGIN_REMEBERME:true}
|
||||
#validity
|
||||
maxkey.login.remeberme.validity =0
|
||||
#JWT support
|
||||
maxkey.login.jwt =${LOGIN_JWT:true}
|
||||
maxkey.login.jwt.issuer =${LOGIN_JWT_ISSUER:https://${maxkey.server.domain}/maxkey}
|
||||
#to default application web site
|
||||
maxkey.login.default.uri =appList
|
||||
maxkey.ipaddress.whitelist =false
|
||||
#notices show
|
||||
maxkey.notices.visible =false
|
||||
############################################################################
|
||||
#ssl configuration #
|
||||
@ -208,45 +212,45 @@ maxkey.otp.policy.period =30
|
||||
############################################################################
|
||||
#LDAP Login support configuration #
|
||||
############################################################################
|
||||
maxkey.support.ldap.enable =${LDAP_ENABLE:false}
|
||||
maxkey.support.ldap.jit =false
|
||||
maxkey.login.ldap.enable =${LDAP_ENABLE:false}
|
||||
maxkey.login.ldap.jit =false
|
||||
#openldap,activedirectory,normal
|
||||
maxkey.support.ldap.product =${LDAP_PRODUCT:openldap}
|
||||
maxkey.support.ldap.ssl =${LDAP_SSL:false}
|
||||
maxkey.support.ldap.providerurl =${LDAP_PROVIDERURL:ldap://localhost:389}
|
||||
maxkey.support.ldap.principal =${LDAP_PRINCIPAL:cn=Manager,dc=maxcrc,dc=com}
|
||||
maxkey.support.ldap.credentials =${LDAP_CREDENTIALS:secret}
|
||||
maxkey.support.ldap.basedn =${LDAP_BASEDN:dc=maxcrc,dc=com}
|
||||
maxkey.support.ldap.filter =(uid=%s)
|
||||
maxkey.support.ldap.truststore =${LDAP_TRUSTSTORE:maxkey}
|
||||
maxkey.support.ldap.truststorepassword =${LDAP_TRUSTSTORE_PASSWORD:maxkey}
|
||||
maxkey.login.ldap.product =${LDAP_PRODUCT:openldap}
|
||||
maxkey.login.ldap.ssl =${LDAP_SSL:false}
|
||||
maxkey.login.ldap.providerurl =${LDAP_PROVIDERURL:ldap://localhost:389}
|
||||
maxkey.login.ldap.principal =${LDAP_PRINCIPAL:cn=Manager,dc=maxcrc,dc=com}
|
||||
maxkey.login.ldap.credentials =${LDAP_CREDENTIALS:secret}
|
||||
maxkey.login.ldap.basedn =${LDAP_BASEDN:dc=maxcrc,dc=com}
|
||||
maxkey.login.ldap.filter =(uid=%s)
|
||||
maxkey.login.ldap.truststore =${LDAP_TRUSTSTORE:maxkey}
|
||||
maxkey.login.ldap.truststorepassword =${LDAP_TRUSTSTORE_PASSWORD:maxkey}
|
||||
#activedirectory effective
|
||||
maxkey.support.ldap.activedirectory.domain =${LDAP_AD_DOMAIN:MAXKEY.ORG}
|
||||
maxkey.login.ldap.activedirectory.domain =${LDAP_AD_DOMAIN:MAXKEY.ORG}
|
||||
|
||||
############################################################################
|
||||
#Kerberos Login configuration #
|
||||
#short name of user domain must be in upper case,eg:MAXKEY #
|
||||
############################################################################
|
||||
maxkey.support.kerberos.default.userdomain =MAXKEY
|
||||
maxkey.login.kerberos.default.userdomain =MAXKEY
|
||||
#short name of user domain must be in upper case,eg:MAXKEY.ORG
|
||||
maxkey.support.kerberos.default.fulluserdomain =MAXKEY.ORG
|
||||
maxkey.login.kerberos.default.fulluserdomain =MAXKEY.ORG
|
||||
#last 8Bit crypto for Kerberos web Authentication
|
||||
maxkey.support.kerberos.default.crypto =846KZSzYq56M6d5o
|
||||
maxkey.login.kerberos.default.crypto =846KZSzYq56M6d5o
|
||||
#Kerberos Authentication server RUL
|
||||
maxkey.support.kerberos.default.redirecturi =http://sso.maxkey.top/kerberos/authn/
|
||||
maxkey.login.kerberos.default.redirecturi =http://sso.maxkey.top/kerberos/authn/
|
||||
|
||||
############################################################################
|
||||
#HTTPHEADER Login configuration #
|
||||
############################################################################
|
||||
maxkey.support.httpheader.enable =false
|
||||
maxkey.support.httpheader.headername =header-user
|
||||
maxkey.login.httpheader.enable =false
|
||||
maxkey.login.httpheader.headername =header-user
|
||||
# iv-user is for IBM Security Access Manager
|
||||
#config.httpheader.headername=iv-user
|
||||
|
||||
############################################################################
|
||||
#BASIC Login support configuration #
|
||||
############################################################################
|
||||
maxkey.support.basic.enable =false
|
||||
maxkey.login.basic.enable =false
|
||||
|
||||
#############################################################################
|
||||
#WsFederation Login support configuration
|
||||
@ -258,14 +262,14 @@ maxkey.support.basic.enable =false
|
||||
#attributeMutator: (optional) a class (defined by you) that can modify the attributes/assertions returned by the ADFS server
|
||||
#signingCertificate: ADFS's signing certificate used to validate the token/assertions issued by ADFS.
|
||||
############################################################################
|
||||
maxkey.support.wsfederation.identifier =http://adfs.maxkey.top/adfs/services/trust
|
||||
maxkey.support.wsfederation.url =https://adfs.maxkey.top/adfs/ls/
|
||||
maxkey.support.wsfederation.principal =upn
|
||||
maxkey.support.wsfederation.relyingParty =urn:federation:connsec
|
||||
maxkey.support.wsfederation.signingCertificate =adfs-signing.crt
|
||||
maxkey.support.wsfederation.tolerance =10000
|
||||
maxkey.support.wsfederation.upn.suffix =maxkey.org
|
||||
maxkey.support.wsfederation.logoutUrl =https://adfs.maxkey.top/adfs/ls/?wa=wsignout1.0
|
||||
maxkey.login.wsfederation.identifier =http://adfs.maxkey.top/adfs/services/trust
|
||||
maxkey.login.wsfederation.url =https://adfs.maxkey.top/adfs/ls/
|
||||
maxkey.login.wsfederation.principal =upn
|
||||
maxkey.login.wsfederation.relyingParty =urn:federation:connsec
|
||||
maxkey.login.wsfederation.signingCertificate =adfs-signing.crt
|
||||
maxkey.login.wsfederation.tolerance =10000
|
||||
maxkey.login.wsfederation.upn.suffix =maxkey.org
|
||||
maxkey.login.wsfederation.logoutUrl =https://adfs.maxkey.top/adfs/ls/?wa=wsignout1.0
|
||||
|
||||
#############################################################################
|
||||
#OIDC V1.0 METADATA configuration #
|
||||
|
||||
@ -69,9 +69,13 @@ maxkey.login.wsfederation =false
|
||||
maxkey.login.remeberme =${LOGIN_REMEBERME:true}
|
||||
#validity
|
||||
maxkey.login.remeberme.validity =0
|
||||
#JWT support
|
||||
maxkey.login.jwt =${LOGIN_JWT:true}
|
||||
maxkey.login.jwt.issuer =${LOGIN_JWT_ISSUER:https://${maxkey.server.domain}/maxkey}
|
||||
#to default application web site
|
||||
maxkey.login.default.uri =appList
|
||||
maxkey.ipaddress.whitelist =false
|
||||
#notices show
|
||||
maxkey.notices.visible =false
|
||||
|
||||
############################################################################
|
||||
@ -210,45 +214,45 @@ maxkey.otp.policy.period =30
|
||||
############################################################################
|
||||
#LDAP Login support configuration #
|
||||
############################################################################
|
||||
maxkey.support.ldap.enable =${LDAP_ENABLE:false}
|
||||
maxkey.support.ldap.jit =false
|
||||
maxkey.login.ldap.enable =${LDAP_ENABLE:false}
|
||||
maxkey.login.ldap.jit =false
|
||||
#openldap,activedirectory,normal
|
||||
maxkey.support.ldap.product =${LDAP_PRODUCT:openldap}
|
||||
maxkey.support.ldap.ssl =${LDAP_SSL:false}
|
||||
maxkey.support.ldap.providerurl =${LDAP_PROVIDERURL:ldap://localhost:389}
|
||||
maxkey.support.ldap.principal =${LDAP_PRINCIPAL:cn=Manager,dc=maxcrc,dc=com}
|
||||
maxkey.support.ldap.credentials =${LDAP_CREDENTIALS:secret}
|
||||
maxkey.support.ldap.basedn =${LDAP_BASEDN:dc=maxcrc,dc=com}
|
||||
maxkey.support.ldap.filter =(uid=%s)
|
||||
maxkey.support.ldap.truststore =${LDAP_TRUSTSTORE:maxkey}
|
||||
maxkey.support.ldap.truststorepassword =${LDAP_TRUSTSTORE_PASSWORD:maxkey}
|
||||
maxkey.login.ldap.product =${LDAP_PRODUCT:openldap}
|
||||
maxkey.login.ldap.ssl =${LDAP_SSL:false}
|
||||
maxkey.login.ldap.providerurl =${LDAP_PROVIDERURL:ldap://localhost:389}
|
||||
maxkey.login.ldap.principal =${LDAP_PRINCIPAL:cn=Manager,dc=maxcrc,dc=com}
|
||||
maxkey.login.ldap.credentials =${LDAP_CREDENTIALS:secret}
|
||||
maxkey.login.ldap.basedn =${LDAP_BASEDN:dc=maxcrc,dc=com}
|
||||
maxkey.login.ldap.filter =(uid=%s)
|
||||
maxkey.login.ldap.truststore =${LDAP_TRUSTSTORE:maxkey}
|
||||
maxkey.login.ldap.truststorepassword =${LDAP_TRUSTSTORE_PASSWORD:maxkey}
|
||||
#activedirectory effective
|
||||
maxkey.support.ldap.activedirectory.domain =${LDAP_AD_DOMAIN:MAXKEY.ORG}
|
||||
maxkey.login.ldap.activedirectory.domain =${LDAP_AD_DOMAIN:MAXKEY.ORG}
|
||||
|
||||
############################################################################
|
||||
#Kerberos Login configuration #
|
||||
#short name of user domain must be in upper case,eg:MAXKEY #
|
||||
############################################################################
|
||||
maxkey.support.kerberos.default.userdomain =MAXKEY
|
||||
maxkey.login.kerberos.default.userdomain =MAXKEY
|
||||
#short name of user domain must be in upper case,eg:MAXKEY.ORG
|
||||
maxkey.support.kerberos.default.fulluserdomain =MAXKEY.ORG
|
||||
maxkey.login.kerberos.default.fulluserdomain =MAXKEY.ORG
|
||||
#last 8Bit crypto for Kerberos web Authentication
|
||||
maxkey.support.kerberos.default.crypto =846KZSzYq56M6d5o
|
||||
maxkey.login.kerberos.default.crypto =846KZSzYq56M6d5o
|
||||
#Kerberos Authentication server RUL
|
||||
maxkey.support.kerberos.default.redirecturi =http://sso.maxkey.top/kerberos/authn/
|
||||
maxkey.login.kerberos.default.redirecturi =http://sso.maxkey.top/kerberos/authn/
|
||||
|
||||
############################################################################
|
||||
#HTTPHEADER Login configuration #
|
||||
############################################################################
|
||||
maxkey.support.httpheader.enable =false
|
||||
maxkey.support.httpheader.headername =header-user
|
||||
maxkey.login.httpheader.enable =false
|
||||
maxkey.login.httpheader.headername =header-user
|
||||
# iv-user is for IBM Security Access Manager
|
||||
#config.httpheader.headername=iv-user
|
||||
|
||||
############################################################################
|
||||
#BASIC Login support configuration #
|
||||
############################################################################
|
||||
maxkey.support.basic.enable =false
|
||||
maxkey.login.basic.enable =false
|
||||
|
||||
#############################################################################
|
||||
#WsFederation Login support configuration
|
||||
@ -260,14 +264,14 @@ maxkey.support.basic.enable =false
|
||||
#attributeMutator: (optional) a class (defined by you) that can modify the attributes/assertions returned by the ADFS server
|
||||
#signingCertificate: ADFS's signing certificate used to validate the token/assertions issued by ADFS.
|
||||
############################################################################
|
||||
maxkey.support.wsfederation.identifier =http://adfs.maxkey.top/adfs/services/trust
|
||||
maxkey.support.wsfederation.url =https://adfs.maxkey.top/adfs/ls/
|
||||
maxkey.support.wsfederation.principal =upn
|
||||
maxkey.support.wsfederation.relyingParty =urn:federation:connsec
|
||||
maxkey.support.wsfederation.signingCertificate =adfs-signing.crt
|
||||
maxkey.support.wsfederation.tolerance =10000
|
||||
maxkey.support.wsfederation.upn.suffix =maxkey.org
|
||||
maxkey.support.wsfederation.logoutUrl =https://adfs.maxkey.top/adfs/ls/?wa=wsignout1.0
|
||||
maxkey.login.wsfederation.identifier =http://adfs.maxkey.top/adfs/services/trust
|
||||
maxkey.login.wsfederation.url =https://adfs.maxkey.top/adfs/ls/
|
||||
maxkey.login.wsfederation.principal =upn
|
||||
maxkey.login.wsfederation.relyingParty =urn:federation:connsec
|
||||
maxkey.login.wsfederation.signingCertificate =adfs-signing.crt
|
||||
maxkey.login.wsfederation.tolerance =10000
|
||||
maxkey.login.wsfederation.upn.suffix =maxkey.org
|
||||
maxkey.login.wsfederation.logoutUrl =https://adfs.maxkey.top/adfs/ls/?wa=wsignout1.0
|
||||
|
||||
#############################################################################
|
||||
#OIDC V1.0 METADATA configuration #
|
||||
|
||||
@ -23,7 +23,7 @@ spring.application.name =maxkey
|
||||
#Main.banner-mode configuration #
|
||||
############################################################################
|
||||
spring.main.banner-mode =log
|
||||
spring.main.allow-bean-definition-overriding=true
|
||||
#spring.main.allow-bean-definition-overriding=true
|
||||
############################################################################
|
||||
#spring.profiles.active https/http; default https #
|
||||
############################################################################
|
||||
|
||||
@ -96,9 +96,9 @@
|
||||
var currentSwitchTab="normalLogin";
|
||||
<#--submit form-->
|
||||
function doLoginSubmit(){
|
||||
$.cookie("username", $("#"+currentSwitchTab+"Form input[name=username]").val(), { expires: 7 });
|
||||
$.cookie("login_username", $("#"+currentSwitchTab+"Form input[name=username]").val(), { expires: 7 });
|
||||
$("#"+currentSwitchTab+"SubmitButton").click();
|
||||
$.cookie("switch_tab", currentSwitchTab, { expires: 7 });
|
||||
$.cookie("login_switch_tab", currentSwitchTab, { expires: 7 });
|
||||
};
|
||||
|
||||
<#--switch Login Form-->
|
||||
@ -127,12 +127,12 @@
|
||||
$(".doLoginSubmit").on("click",function(){
|
||||
doLoginSubmit();
|
||||
});
|
||||
|
||||
var cookieLoginUsername = $.cookie("login_username");
|
||||
<#--read username cookie for login e-->
|
||||
if($.cookie("username")!=undefined&&$.cookie("username")!=""){
|
||||
var switch_tab=$.cookie("switch_tab")==undefined?"normalLogin":$.cookie("switch_tab");
|
||||
if(cookieLoginUsername != undefined && cookieLoginUsername != ""){
|
||||
var switch_tab=$.cookie("switch_tab")==undefined?"normalLogin":$.cookie("login_switch_tab");
|
||||
$("#"+switch_tab).click();
|
||||
$("#"+switch_tab+"Form input[name=username]").val($.cookie("username")==undefined?"":$.cookie("username"));
|
||||
$("#"+switch_tab+"Form input[name=username]").val(cookieLoginUsername ==undefined ? "" : cookieLoginUsername);
|
||||
$("#div_"+switch_tab+" input[name=password]").focus();
|
||||
}else{
|
||||
$("#div_normalLogin input[name=username]").focus();
|
||||
@ -142,8 +142,8 @@
|
||||
if(captchaCount<60){
|
||||
return;
|
||||
}
|
||||
var loginName=$("#mobile_j_username").val();
|
||||
if(loginName==""){
|
||||
var loginName = $("#mobile_j_username").val();
|
||||
if(loginName == ""){
|
||||
return;
|
||||
}
|
||||
$.get("<@base />/login/sendsms/"+loginName,function(data,status){
|
||||
|
||||
@ -64,6 +64,9 @@ maxkey.login.remeberme.validity =0
|
||||
maxkey.login.default.uri =appList
|
||||
#ipaddress whitelist
|
||||
maxkey.ipaddress.whitelist =false
|
||||
#JWT support
|
||||
maxkey.login.jwt =${LOGIN_JWT:true}
|
||||
maxkey.login.jwt.issuer =${LOGIN_JWT_ISSUER:https://${maxkey.server.domain}/maxkey}
|
||||
|
||||
############################################################################
|
||||
#database configuration
|
||||
|
||||
@ -23,7 +23,7 @@ spring.application.name =maxkey-mgt
|
||||
#Main.banner-mode configuration #
|
||||
############################################################################
|
||||
spring.main.banner-mode =log
|
||||
spring.main.allow-bean-definition-overriding =true
|
||||
#spring.main.allow-bean-definition-overriding =true
|
||||
############################################################################
|
||||
#spring.profiles.active http; default http #
|
||||
############################################################################
|
||||
|
||||
@ -0,0 +1,13 @@
|
||||
{
|
||||
"keys": [
|
||||
{
|
||||
"kty": "RSA",
|
||||
"d": "K2VCm_6enq5uoFLZXUlWkgbCXj5m9X5uUX3_Ol3qcY9X1cP04TN98R8lpw-ASeFDRFRhe0FT-lYCYu_fqZcrNXVhyN3rgi27af5x4HdFMnHLTLMPvE6aEyTGmZjTF1AbiX5VOJAl6POI9FiyTbV1Uqt943ydJv8SH4NfcYhKBmpp8Fi1f58mon-bYwsIy8mzZjssc8KZy-GzpscKrc5ewb7106JY3uRQNprAHrpcGAPZ8uXUvVhrxp_FNn5Nf5KVxl2tm50L83_5nw0OZrbJ8Ceg7sZAw_Z41lbYbS9VDaST6TuKRb7W4XCKimZUn57LoQT2-Gkv6msJHCmqTgK02Q",
|
||||
"e": "AQAB",
|
||||
"use": "sig",
|
||||
"kid": "maxkey_rsa",
|
||||
"alg": "RS256",
|
||||
"n": "vyfZwQuBLNvJDhmziUCFuAfIv-bC6ivodcR6PfanTt8XLd6G63Yx10YChAdsDACjoLz1tEU56WPp_ee_vcTSsEZT3ouWJYghuGI2j4XclXlEj0S7DzdpcBBpI4n5dr8K3iKY-3JUMZR1AMBHI50UaMST9ZTZJAjUPIYxkhRdca5lWBo4wGUh1yj_80-Bq6al0ia9S5NTzNLaJ18jSxFqZ79BAkBm-KjkP248YUk6WBGtYEAV5Fws4dpse4hrqJ3RRHiMZV1o1iTmPHz_l55ZSDP3vpYf6iKqKzoK2RmdjfH5mGpbc4-PclTs4GKfwZ7cWfrny6B7sMnQfzujCH996Q"
|
||||
}
|
||||
]
|
||||
}
|
||||
@ -31,7 +31,7 @@ $(function () {
|
||||
</td>
|
||||
</tr>
|
||||
<tr><td>
|
||||
<table id="table_switch_common" class="table table-bordered">
|
||||
<table id="div_switch_common" class="table table-bordered">
|
||||
<tr style="display:none">
|
||||
<th ><input type="text" id="status" type="hidden" name="status" value="1"/>
|
||||
<input type="text" id="_method" type="hidden" name="_method" value="put"/></th>
|
||||
@ -89,7 +89,7 @@ $(function () {
|
||||
<td><input type="text" id="description" name="description" class="form-control"/></td>
|
||||
</tr>
|
||||
</table>
|
||||
<table id="table_switch_extra" class="table table-bordered" style="display:none">
|
||||
<table id="div_switch_extra" class="table table-bordered" style="display:none">
|
||||
<tr>
|
||||
<td > <@locale code="org.contact" />:</td>
|
||||
<td><input type="text" id="contact" name="contact" class="form-control"/></td>
|
||||
|
||||
@ -30,7 +30,7 @@ $(function () {
|
||||
</td>
|
||||
</tr>
|
||||
<tr><td>
|
||||
<table id="table_switch_common" class="table table-bordered">
|
||||
<table id="div_switch_common" class="table table-bordered">
|
||||
<tr style="display:none">
|
||||
<th ><input type="text" id="status" type="hidden" name="status" value="1"/>
|
||||
<input type="text" id="_method" type="hidden" name="_method" value="put"/></th>
|
||||
@ -88,7 +88,7 @@ $(function () {
|
||||
<td><input type="text" id="description" name="description" class="form-control" value="${model.description!}"/></td>
|
||||
</tr>
|
||||
</table>
|
||||
<table id="table_switch_extra" class="table table-bordered" style="display:none">
|
||||
<table id="div_switch_extra" class="table table-bordered" style="display:none">
|
||||
<tr>
|
||||
<td > <@locale code="org.contact" />:</td>
|
||||
<td><input type="text" id="contact" name="contact" class="form-control" value="${model.contact!}"/></td>
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user