diff --git a/maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java b/maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java index 6fbfec88e..84aca5b73 100644 --- a/maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java +++ b/maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java @@ -18,6 +18,8 @@ package org.maxkey.authn; import java.util.ArrayList; +import java.util.HashMap; + import org.maxkey.authn.online.OnlineTicketServices; import org.maxkey.authn.realm.AbstractAuthenticationRealm; import org.maxkey.authn.support.rememberme.AbstractRemeberMeService; @@ -100,6 +102,8 @@ public abstract class AbstractAuthenticationProvider { throws AuthenticationException { _logger.debug("Trying to authenticate user '{}' via {}", loginCredential.getPrincipal(), getProviderName()); + // 登录SESSION + _logger.debug("Login Session {}.", WebContext.getSession().getId()); Authentication authentication = null; try { authentication = doInternalAuthenticate(loginCredential); @@ -121,33 +125,34 @@ public abstract class AbstractAuthenticationProvider { // user authenticated _logger.debug("'{}' authenticated successfully by {}.", authentication.getPrincipal(), getProviderName()); - - final UserInfo userInfo = WebContext.getUserInfo(); - final Object passwordSetType = WebContext.getSession() - .getAttribute(WebConstants.CURRENT_LOGIN_USER_PASSWORD_SET_TYPE); - // 登录完成后切换SESSION - _logger.debug("Login Session {}.", WebContext.getSession().getId()); - final Object firstSavedRequest = - WebContext.getAttribute(WebConstants.FIRST_SAVED_REQUEST_PARAMETER); - //change Session + changeSession(authentication); + + authenticationRealm.insertLoginHistory( + WebContext.getUserInfo(), ConstantsLoginType.LOCAL, "", "xe00000004", "success"); + + return authentication; + } + + protected void changeSession(Authentication authentication) { + + HashMap sessionAttributeMap = new HashMap(); + for(String attributeName : WebContext.sessionAttributeNameList) { + sessionAttributeMap.put(attributeName, WebContext.getAttribute(attributeName)); + } + + //new Session WebContext.getSession().invalidate(); + + for(String attributeName : WebContext.sessionAttributeNameList) { + WebContext.setAttribute(attributeName, sessionAttributeMap.get(attributeName)); + } + WebContext.setAttribute( WebConstants.CURRENT_USER_SESSION_ID, WebContext.getSession().getId()); _logger.debug("Login Success Session {}.", WebContext.getSession().getId()); - - authenticationRealm.insertLoginHistory( - userInfo, ConstantsLoginType.LOCAL, "", "xe00000004", "success"); - - WebContext.setAttribute(WebConstants.FIRST_SAVED_REQUEST_PARAMETER,firstSavedRequest); - // 认证设置 - WebContext.setAuthentication(authentication); - WebContext.setUserInfo(userInfo); - WebContext.getSession().setAttribute( - WebConstants.CURRENT_LOGIN_USER_PASSWORD_SET_TYPE, passwordSetType); - - return authentication; } + /** * session validate. diff --git a/maxkey-core/src/main/java/org/maxkey/web/WebConstants.java b/maxkey-core/src/main/java/org/maxkey/web/WebConstants.java index 77cbe038d..d9d67999d 100644 --- a/maxkey-core/src/main/java/org/maxkey/web/WebConstants.java +++ b/maxkey-core/src/main/java/org/maxkey/web/WebConstants.java @@ -54,7 +54,11 @@ public class WebConstants { public static final String KAPTCHA_SESSION_KEY = "kaptcha_session_key"; public static final String SINGLE_SIGN_ON_APP_ID = "single_sign_on_app_id"; - + + public static final String AUTHORIZE_SIGN_ON_APP = "authorize_sign_on_app"; + + public static final String AUTHORIZE_SIGN_ON_APP_SAMLV20_ADAPTER = "authorize_sign_on_app_samlv20_adapter"; + public static final String REMEBER_ME_SESSION = "remeber_me_session"; public static final String KERBEROS_TOKEN_PARAMETER = "kerberosToken"; diff --git a/maxkey-core/src/main/java/org/maxkey/web/WebContext.java b/maxkey-core/src/main/java/org/maxkey/web/WebContext.java index 6886e57c0..d20476393 100644 --- a/maxkey-core/src/main/java/org/maxkey/web/WebContext.java +++ b/maxkey-core/src/main/java/org/maxkey/web/WebContext.java @@ -19,6 +19,7 @@ package org.maxkey.web; import java.io.UnsupportedEncodingException; import java.net.URLEncoder; +import java.util.ArrayList; import java.util.HashMap; import java.util.Locale; import java.util.Map; @@ -55,6 +56,17 @@ public final class WebContext { final static Logger _logger = LoggerFactory.getLogger(WebContext.class); public static Properties properties; + + public static ArrayList sessionAttributeNameList = new ArrayList(); + + static { + sessionAttributeNameList.add(WebConstants.CURRENT_LOGIN_USER_PASSWORD_SET_TYPE); + sessionAttributeNameList.add(WebConstants.FIRST_SAVED_REQUEST_PARAMETER); + sessionAttributeNameList.add(WebConstants.AUTHENTICATION); + sessionAttributeNameList.add(WebConstants.CURRENT_USER); + sessionAttributeNameList.add(WebConstants.AUTHORIZE_SIGN_ON_APP_SAMLV20_ADAPTER); + sessionAttributeNameList.add(WebConstants.AUTHORIZE_SIGN_ON_APP); + } /** * set Current login user to session. diff --git a/maxkey-persistence/src/main/resources/org/maxkey/persistence/mapper/xml/mysql/AppsMapper.xml b/maxkey-persistence/src/main/resources/org/maxkey/persistence/mapper/xml/mysql/AppsMapper.xml index d4d49d4c4..bbd1e5ebb 100644 --- a/maxkey-persistence/src/main/resources/org/maxkey/persistence/mapper/xml/mysql/AppsMapper.xml +++ b/maxkey-persistence/src/main/resources/org/maxkey/persistence/mapper/xml/mysql/AppsMapper.xml @@ -162,6 +162,7 @@ WHERE APP.ID=GP.APPID AND GP.GROUPID=G.ID + AND APP.VISIBLE != 0 AND ( G.ID='ROLE_ALL_USER' OR G.ID IN( diff --git a/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java b/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java index 595a59953..95f739f12 100644 --- a/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java @@ -27,6 +27,7 @@ import org.maxkey.domain.UserInfo; import org.maxkey.domain.apps.Apps; import org.maxkey.persistence.service.AccountsService; import org.maxkey.persistence.service.AppsService; +import org.maxkey.web.WebConstants; import org.maxkey.web.WebContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -54,11 +55,11 @@ public class AuthorizeBaseEndpoint { protected AccountsService accountsService; protected Apps getApp(String id){ - Apps app=(Apps)WebContext.getAttribute(AuthorizeBaseEndpoint.class.getName()); + Apps app=(Apps)WebContext.getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP); //session中为空或者id不一致重新加载 if(app==null||!app.getId().equalsIgnoreCase(id)) { app=appsService.get(id); - WebContext.setAttribute(AuthorizeBaseEndpoint.class.getName(), app); + WebContext.setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP, app); } if(app == null){ _logger.error("Applications for id "+id + " is null"); diff --git a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java index 34e3c444b..159f12185 100644 --- a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java @@ -30,7 +30,6 @@ import org.maxkey.authn.SigninPrincipal; import org.maxkey.authn.online.OnlineTicket; import org.maxkey.authz.cas.endpoint.ticket.CasConstants; import org.maxkey.authz.cas.endpoint.ticket.ServiceTicketImpl; -import org.maxkey.authz.endpoint.AuthorizeBaseEndpoint; import org.maxkey.authz.singlelogout.LogoutType; import org.maxkey.domain.apps.AppsCasDetails; import org.maxkey.web.WebConstants; @@ -91,7 +90,7 @@ public class CasAuthorizeEndpoint extends CasBaseAuthorizeEndpoint{ ); WebContext.setAttribute(CasConstants.PARAMETER.ENDPOINT_CAS_DETAILS, casDetails); WebContext.setAttribute(WebConstants.SINGLE_SIGN_ON_APP_ID, casDetails.getId()); - WebContext.setAttribute(AuthorizeBaseEndpoint.class.getName(),casDetails); + WebContext.setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP,casDetails); return WebContext.redirect("/authz/cas/granting"); } diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/controller/OAuth20AccessConfirmationController.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/controller/OAuth20AccessConfirmationController.java index 4a7f690c2..962fb6eb4 100644 --- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/controller/OAuth20AccessConfirmationController.java +++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/controller/OAuth20AccessConfirmationController.java @@ -31,6 +31,7 @@ import org.maxkey.authz.oauth2.provider.approval.ApprovalStore; import org.maxkey.domain.apps.Apps; import org.maxkey.domain.apps.oauth2.provider.ClientDetails; import org.maxkey.persistence.service.AppsService; +import org.maxkey.web.WebConstants; import org.maxkey.web.WebContext; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Qualifier; @@ -85,11 +86,11 @@ public class OAuth20AccessConfirmationController { AuthorizationRequest clientAuth = (AuthorizationRequest) WebContext.getAttribute("authorizationRequest"); ClientDetails client = clientDetailsService.loadClientByClientId(clientAuth.getClientId()); - Apps app = (Apps)WebContext.getAttribute(AuthorizeBaseEndpoint.class.getName()); + Apps app = (Apps)WebContext.getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP); //session中为空或者id不一致重新加载 if (app == null || !app.getId().equalsIgnoreCase(clientAuth.getClientId())) { app = appsService.get(clientAuth.getClientId()); - WebContext.setAttribute(AuthorizeBaseEndpoint.class.getName(), app); + WebContext.setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP, app); WebContext.setAttribute(app.getId(), app.getIcon()); } diff --git a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/AssertionEndpoint.java b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/AssertionEndpoint.java index d5fbf98c9..35aff0491 100644 --- a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/AssertionEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/AssertionEndpoint.java @@ -59,7 +59,8 @@ public class AssertionEndpoint { @RequestMapping(value = "/authz/saml20/assertion") public ModelAndView assertion(HttpServletRequest request,HttpServletResponse response) throws Exception { logger.debug("saml20 assertion start."); - bindingAdapter = (BindingAdapter) request.getSession().getAttribute("samlv20Adapter"); + bindingAdapter = (BindingAdapter) request.getSession().getAttribute( + WebConstants.AUTHORIZE_SIGN_ON_APP_SAMLV20_ADAPTER); logger.debug("saml20 assertion get session samlv20Adapter "+bindingAdapter); AppsSAML20Details saml20Details = bindingAdapter.getSaml20Details(); logger.debug("saml20Details "+saml20Details.getExtendAttr()); diff --git a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/IdpInitEndpoint.java b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/IdpInitEndpoint.java index b04d01855..4cd695c0e 100644 --- a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/IdpInitEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/IdpInitEndpoint.java @@ -21,7 +21,6 @@ import java.security.KeyStore; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; - import org.maxkey.authz.saml.common.AuthnRequestInfo; import org.maxkey.authz.saml20.binding.BindingAdapter; import org.maxkey.authz.saml20.binding.ExtractBindingAdapter; @@ -29,6 +28,7 @@ import org.maxkey.crypto.keystore.KeyStoreLoader; import org.maxkey.crypto.keystore.KeyStoreUtil; import org.maxkey.domain.apps.AppsSAML20Details; import org.maxkey.persistence.service.AppsSaml20DetailsService; +import org.maxkey.web.WebConstants; import org.maxkey.web.WebContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -88,7 +88,7 @@ public class IdpInitEndpoint { @PathVariable("appid") String appId)throws Exception { logger.debug("SAML IDP init , app id is "+appId); AppsSAML20Details saml20Details = saml20DetailsService.getAppDetails(appId); - + WebContext.setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP, saml20Details); if (saml20Details == null) { logger.error("samlId[" + appId + "] Error ."); throw new Exception(); @@ -114,7 +114,7 @@ public class IdpInitEndpoint { bindingAdapter.setExtractBindingAdapter(extractRedirectBindingAdapter); - request.getSession().setAttribute("samlv20Adapter", bindingAdapter); + request.getSession().setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP_SAMLV20_ADAPTER, bindingAdapter); logger.debug("idp init forwarding to assertion :","/authz/saml20/assertion"); diff --git a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/SingleSignOnEndpoint.java b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/SingleSignOnEndpoint.java index 73e24a876..1d88060bc 100644 --- a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/SingleSignOnEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/SingleSignOnEndpoint.java @@ -21,7 +21,6 @@ import java.security.KeyStore; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; - import org.maxkey.authz.saml.common.AuthnRequestInfo; import org.maxkey.authz.saml20.binding.BindingAdapter; import org.maxkey.authz.saml20.binding.ExtractBindingAdapter; @@ -29,6 +28,7 @@ import org.maxkey.authz.saml20.xml.SAML2ValidatorSuite; import org.maxkey.crypto.keystore.KeyStoreUtil; import org.maxkey.domain.apps.AppsSAML20Details; import org.maxkey.persistence.service.AppsSaml20DetailsService; +import org.maxkey.web.WebConstants; import org.maxkey.web.WebContext; import org.opensaml.common.binding.SAMLMessageContext; import org.opensaml.saml2.core.AuthnRequest; @@ -101,14 +101,14 @@ public class SingleSignOnEndpoint { extractSAMLMessage(extractBindingAdapter,request); - request.getSession().setAttribute("samlv20Adapter", bindingAdapter); + request.getSession().setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP_SAMLV20_ADAPTER, bindingAdapter); return WebContext.forward("/authz/saml20/assertion"); } public void extractSaml20Detail(ExtractBindingAdapter extractBindingAdapter,String samlId) throws Exception{ AppsSAML20Details saml20Details = saml20DetailsService.getAppDetails(samlId); - + WebContext.setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP, saml20Details); if (saml20Details == null) { logger.error("Request SAML APPID [" + samlId + "] is not exist ."); throw new Exception(); diff --git a/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/HistoryLoginAppAdapter.java b/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/HistoryLoginAppAdapter.java index dabf42c60..82c91ea2b 100644 --- a/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/HistoryLoginAppAdapter.java +++ b/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/HistoryLoginAppAdapter.java @@ -58,7 +58,7 @@ public class HistoryLoginAppAdapter extends HandlerInterceptorAdapter { HttpServletResponse response, Object handler) throws Exception { _logger.debug("preHandle"); - final Apps app = (Apps)WebContext.getAttribute(AuthorizeBaseEndpoint.class.getName()); + final Apps app = (Apps)WebContext.getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP); Authentication authentication = WebContext.getAuthentication(); if(authentication.getPrincipal() instanceof SigninPrincipal) { SigninPrincipal signinPrincipal = (SigninPrincipal)authentication.getPrincipal() ; @@ -83,7 +83,7 @@ public class HistoryLoginAppAdapter extends HandlerInterceptorAdapter { Object handler,ModelAndView modelAndView) throws Exception { _logger.debug("postHandle"); - final Apps app = (Apps)WebContext.getAttribute(AuthorizeBaseEndpoint.class.getName()); + final Apps app = (Apps)WebContext.getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP); String sessionId = (String)WebContext.getAttribute(WebConstants.CURRENT_USER_SESSION_ID); final UserInfo userInfo = WebContext.getUserInfo(); _logger.debug("sessionId : " + sessionId + " ,appId : " + app.getId());