mirror of
https://gitee.com/dromara/MaxKey.git
synced 2025-12-06 17:08:29 +08:00
changeSession login
This commit is contained in:
Crystal.Sea
parent
6e83568945
commit
a99ecf16f5
@ -18,6 +18,8 @@
|
||||
package org.maxkey.authn;
|
||||
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
|
||||
import org.maxkey.authn.online.OnlineTicketServices;
|
||||
import org.maxkey.authn.realm.AbstractAuthenticationRealm;
|
||||
import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
|
||||
@ -100,6 +102,8 @@ public abstract class AbstractAuthenticationProvider {
|
||||
throws AuthenticationException {
|
||||
_logger.debug("Trying to authenticate user '{}' via {}",
|
||||
loginCredential.getPrincipal(), getProviderName());
|
||||
// 登录SESSION
|
||||
_logger.debug("Login Session {}.", WebContext.getSession().getId());
|
||||
Authentication authentication = null;
|
||||
try {
|
||||
authentication = doInternalAuthenticate(loginCredential);
|
||||
@ -121,33 +125,34 @@ public abstract class AbstractAuthenticationProvider {
|
||||
// user authenticated
|
||||
_logger.debug("'{}' authenticated successfully by {}.",
|
||||
authentication.getPrincipal(), getProviderName());
|
||||
|
||||
final UserInfo userInfo = WebContext.getUserInfo();
|
||||
final Object passwordSetType = WebContext.getSession()
|
||||
.getAttribute(WebConstants.CURRENT_LOGIN_USER_PASSWORD_SET_TYPE);
|
||||
// 登录完成后切换SESSION
|
||||
_logger.debug("Login Session {}.", WebContext.getSession().getId());
|
||||
|
||||
final Object firstSavedRequest =
|
||||
WebContext.getAttribute(WebConstants.FIRST_SAVED_REQUEST_PARAMETER);
|
||||
//change Session
|
||||
changeSession(authentication);
|
||||
|
||||
authenticationRealm.insertLoginHistory(
|
||||
WebContext.getUserInfo(), ConstantsLoginType.LOCAL, "", "xe00000004", "success");
|
||||
|
||||
return authentication;
|
||||
}
|
||||
|
||||
protected void changeSession(Authentication authentication) {
|
||||
|
||||
HashMap<String,Object> sessionAttributeMap = new HashMap<String,Object>();
|
||||
for(String attributeName : WebContext.sessionAttributeNameList) {
|
||||
sessionAttributeMap.put(attributeName, WebContext.getAttribute(attributeName));
|
||||
}
|
||||
|
||||
//new Session
|
||||
WebContext.getSession().invalidate();
|
||||
|
||||
for(String attributeName : WebContext.sessionAttributeNameList) {
|
||||
WebContext.setAttribute(attributeName, sessionAttributeMap.get(attributeName));
|
||||
}
|
||||
|
||||
WebContext.setAttribute(
|
||||
WebConstants.CURRENT_USER_SESSION_ID, WebContext.getSession().getId());
|
||||
_logger.debug("Login Success Session {}.", WebContext.getSession().getId());
|
||||
|
||||
authenticationRealm.insertLoginHistory(
|
||||
userInfo, ConstantsLoginType.LOCAL, "", "xe00000004", "success");
|
||||
|
||||
WebContext.setAttribute(WebConstants.FIRST_SAVED_REQUEST_PARAMETER,firstSavedRequest);
|
||||
// 认证设置
|
||||
WebContext.setAuthentication(authentication);
|
||||
WebContext.setUserInfo(userInfo);
|
||||
WebContext.getSession().setAttribute(
|
||||
WebConstants.CURRENT_LOGIN_USER_PASSWORD_SET_TYPE, passwordSetType);
|
||||
|
||||
return authentication;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* session validate.
|
||||
|
||||
@ -54,7 +54,11 @@ public class WebConstants {
|
||||
public static final String KAPTCHA_SESSION_KEY = "kaptcha_session_key";
|
||||
|
||||
public static final String SINGLE_SIGN_ON_APP_ID = "single_sign_on_app_id";
|
||||
|
||||
|
||||
public static final String AUTHORIZE_SIGN_ON_APP = "authorize_sign_on_app";
|
||||
|
||||
public static final String AUTHORIZE_SIGN_ON_APP_SAMLV20_ADAPTER = "authorize_sign_on_app_samlv20_adapter";
|
||||
|
||||
public static final String REMEBER_ME_SESSION = "remeber_me_session";
|
||||
|
||||
public static final String KERBEROS_TOKEN_PARAMETER = "kerberosToken";
|
||||
|
||||
@ -19,6 +19,7 @@ package org.maxkey.web;
|
||||
|
||||
import java.io.UnsupportedEncodingException;
|
||||
import java.net.URLEncoder;
|
||||
import java.util.ArrayList;
|
||||
import java.util.HashMap;
|
||||
import java.util.Locale;
|
||||
import java.util.Map;
|
||||
@ -55,6 +56,17 @@ public final class WebContext {
|
||||
final static Logger _logger = LoggerFactory.getLogger(WebContext.class);
|
||||
|
||||
public static Properties properties;
|
||||
|
||||
public static ArrayList<String> sessionAttributeNameList = new ArrayList<String>();
|
||||
|
||||
static {
|
||||
sessionAttributeNameList.add(WebConstants.CURRENT_LOGIN_USER_PASSWORD_SET_TYPE);
|
||||
sessionAttributeNameList.add(WebConstants.FIRST_SAVED_REQUEST_PARAMETER);
|
||||
sessionAttributeNameList.add(WebConstants.AUTHENTICATION);
|
||||
sessionAttributeNameList.add(WebConstants.CURRENT_USER);
|
||||
sessionAttributeNameList.add(WebConstants.AUTHORIZE_SIGN_ON_APP_SAMLV20_ADAPTER);
|
||||
sessionAttributeNameList.add(WebConstants.AUTHORIZE_SIGN_ON_APP);
|
||||
}
|
||||
|
||||
/**
|
||||
* set Current login user to session.
|
||||
|
||||
@ -162,6 +162,7 @@
|
||||
WHERE
|
||||
APP.ID=GP.APPID
|
||||
AND GP.GROUPID=G.ID
|
||||
AND APP.VISIBLE != 0
|
||||
AND (
|
||||
G.ID='ROLE_ALL_USER'
|
||||
OR G.ID IN(
|
||||
|
||||
@ -27,6 +27,7 @@ import org.maxkey.domain.UserInfo;
|
||||
import org.maxkey.domain.apps.Apps;
|
||||
import org.maxkey.persistence.service.AccountsService;
|
||||
import org.maxkey.persistence.service.AppsService;
|
||||
import org.maxkey.web.WebConstants;
|
||||
import org.maxkey.web.WebContext;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
@ -54,11 +55,11 @@ public class AuthorizeBaseEndpoint {
|
||||
protected AccountsService accountsService;
|
||||
|
||||
protected Apps getApp(String id){
|
||||
Apps app=(Apps)WebContext.getAttribute(AuthorizeBaseEndpoint.class.getName());
|
||||
Apps app=(Apps)WebContext.getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP);
|
||||
//session中为空或者id不一致重新加载
|
||||
if(app==null||!app.getId().equalsIgnoreCase(id)) {
|
||||
app=appsService.get(id);
|
||||
WebContext.setAttribute(AuthorizeBaseEndpoint.class.getName(), app);
|
||||
WebContext.setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP, app);
|
||||
}
|
||||
if(app == null){
|
||||
_logger.error("Applications for id "+id + " is null");
|
||||
|
||||
@ -30,7 +30,6 @@ import org.maxkey.authn.SigninPrincipal;
|
||||
import org.maxkey.authn.online.OnlineTicket;
|
||||
import org.maxkey.authz.cas.endpoint.ticket.CasConstants;
|
||||
import org.maxkey.authz.cas.endpoint.ticket.ServiceTicketImpl;
|
||||
import org.maxkey.authz.endpoint.AuthorizeBaseEndpoint;
|
||||
import org.maxkey.authz.singlelogout.LogoutType;
|
||||
import org.maxkey.domain.apps.AppsCasDetails;
|
||||
import org.maxkey.web.WebConstants;
|
||||
@ -91,7 +90,7 @@ public class CasAuthorizeEndpoint extends CasBaseAuthorizeEndpoint{
|
||||
);
|
||||
WebContext.setAttribute(CasConstants.PARAMETER.ENDPOINT_CAS_DETAILS, casDetails);
|
||||
WebContext.setAttribute(WebConstants.SINGLE_SIGN_ON_APP_ID, casDetails.getId());
|
||||
WebContext.setAttribute(AuthorizeBaseEndpoint.class.getName(),casDetails);
|
||||
WebContext.setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP,casDetails);
|
||||
return WebContext.redirect("/authz/cas/granting");
|
||||
}
|
||||
|
||||
|
||||
@ -31,6 +31,7 @@ import org.maxkey.authz.oauth2.provider.approval.ApprovalStore;
|
||||
import org.maxkey.domain.apps.Apps;
|
||||
import org.maxkey.domain.apps.oauth2.provider.ClientDetails;
|
||||
import org.maxkey.persistence.service.AppsService;
|
||||
import org.maxkey.web.WebConstants;
|
||||
import org.maxkey.web.WebContext;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.beans.factory.annotation.Qualifier;
|
||||
@ -85,11 +86,11 @@ public class OAuth20AccessConfirmationController {
|
||||
AuthorizationRequest clientAuth =
|
||||
(AuthorizationRequest) WebContext.getAttribute("authorizationRequest");
|
||||
ClientDetails client = clientDetailsService.loadClientByClientId(clientAuth.getClientId());
|
||||
Apps app = (Apps)WebContext.getAttribute(AuthorizeBaseEndpoint.class.getName());
|
||||
Apps app = (Apps)WebContext.getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP);
|
||||
//session中为空或者id不一致重新加载
|
||||
if (app == null || !app.getId().equalsIgnoreCase(clientAuth.getClientId())) {
|
||||
app = appsService.get(clientAuth.getClientId());
|
||||
WebContext.setAttribute(AuthorizeBaseEndpoint.class.getName(), app);
|
||||
WebContext.setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP, app);
|
||||
WebContext.setAttribute(app.getId(), app.getIcon());
|
||||
}
|
||||
|
||||
|
||||
@ -59,7 +59,8 @@ public class AssertionEndpoint {
|
||||
@RequestMapping(value = "/authz/saml20/assertion")
|
||||
public ModelAndView assertion(HttpServletRequest request,HttpServletResponse response) throws Exception {
|
||||
logger.debug("saml20 assertion start.");
|
||||
bindingAdapter = (BindingAdapter) request.getSession().getAttribute("samlv20Adapter");
|
||||
bindingAdapter = (BindingAdapter) request.getSession().getAttribute(
|
||||
WebConstants.AUTHORIZE_SIGN_ON_APP_SAMLV20_ADAPTER);
|
||||
logger.debug("saml20 assertion get session samlv20Adapter "+bindingAdapter);
|
||||
AppsSAML20Details saml20Details = bindingAdapter.getSaml20Details();
|
||||
logger.debug("saml20Details "+saml20Details.getExtendAttr());
|
||||
|
||||
@ -21,7 +21,6 @@ import java.security.KeyStore;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.maxkey.authz.saml.common.AuthnRequestInfo;
|
||||
import org.maxkey.authz.saml20.binding.BindingAdapter;
|
||||
import org.maxkey.authz.saml20.binding.ExtractBindingAdapter;
|
||||
@ -29,6 +28,7 @@ import org.maxkey.crypto.keystore.KeyStoreLoader;
|
||||
import org.maxkey.crypto.keystore.KeyStoreUtil;
|
||||
import org.maxkey.domain.apps.AppsSAML20Details;
|
||||
import org.maxkey.persistence.service.AppsSaml20DetailsService;
|
||||
import org.maxkey.web.WebConstants;
|
||||
import org.maxkey.web.WebContext;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
@ -88,7 +88,7 @@ public class IdpInitEndpoint {
|
||||
@PathVariable("appid") String appId)throws Exception {
|
||||
logger.debug("SAML IDP init , app id is "+appId);
|
||||
AppsSAML20Details saml20Details = saml20DetailsService.getAppDetails(appId);
|
||||
|
||||
WebContext.setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP, saml20Details);
|
||||
if (saml20Details == null) {
|
||||
logger.error("samlId[" + appId + "] Error .");
|
||||
throw new Exception();
|
||||
@ -114,7 +114,7 @@ public class IdpInitEndpoint {
|
||||
|
||||
bindingAdapter.setExtractBindingAdapter(extractRedirectBindingAdapter);
|
||||
|
||||
request.getSession().setAttribute("samlv20Adapter", bindingAdapter);
|
||||
request.getSession().setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP_SAMLV20_ADAPTER, bindingAdapter);
|
||||
|
||||
logger.debug("idp init forwarding to assertion :","/authz/saml20/assertion");
|
||||
|
||||
|
||||
@ -21,7 +21,6 @@ import java.security.KeyStore;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.maxkey.authz.saml.common.AuthnRequestInfo;
|
||||
import org.maxkey.authz.saml20.binding.BindingAdapter;
|
||||
import org.maxkey.authz.saml20.binding.ExtractBindingAdapter;
|
||||
@ -29,6 +28,7 @@ import org.maxkey.authz.saml20.xml.SAML2ValidatorSuite;
|
||||
import org.maxkey.crypto.keystore.KeyStoreUtil;
|
||||
import org.maxkey.domain.apps.AppsSAML20Details;
|
||||
import org.maxkey.persistence.service.AppsSaml20DetailsService;
|
||||
import org.maxkey.web.WebConstants;
|
||||
import org.maxkey.web.WebContext;
|
||||
import org.opensaml.common.binding.SAMLMessageContext;
|
||||
import org.opensaml.saml2.core.AuthnRequest;
|
||||
@ -101,14 +101,14 @@ public class SingleSignOnEndpoint {
|
||||
|
||||
extractSAMLMessage(extractBindingAdapter,request);
|
||||
|
||||
request.getSession().setAttribute("samlv20Adapter", bindingAdapter);
|
||||
request.getSession().setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP_SAMLV20_ADAPTER, bindingAdapter);
|
||||
|
||||
return WebContext.forward("/authz/saml20/assertion");
|
||||
}
|
||||
|
||||
public void extractSaml20Detail(ExtractBindingAdapter extractBindingAdapter,String samlId) throws Exception{
|
||||
AppsSAML20Details saml20Details = saml20DetailsService.getAppDetails(samlId);
|
||||
|
||||
WebContext.setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP, saml20Details);
|
||||
if (saml20Details == null) {
|
||||
logger.error("Request SAML APPID [" + samlId + "] is not exist .");
|
||||
throw new Exception();
|
||||
|
||||
@ -58,7 +58,7 @@ public class HistoryLoginAppAdapter extends HandlerInterceptorAdapter {
|
||||
HttpServletResponse response, Object handler)
|
||||
throws Exception {
|
||||
_logger.debug("preHandle");
|
||||
final Apps app = (Apps)WebContext.getAttribute(AuthorizeBaseEndpoint.class.getName());
|
||||
final Apps app = (Apps)WebContext.getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP);
|
||||
Authentication authentication = WebContext.getAuthentication();
|
||||
if(authentication.getPrincipal() instanceof SigninPrincipal) {
|
||||
SigninPrincipal signinPrincipal = (SigninPrincipal)authentication.getPrincipal() ;
|
||||
@ -83,7 +83,7 @@ public class HistoryLoginAppAdapter extends HandlerInterceptorAdapter {
|
||||
Object handler,ModelAndView modelAndView) throws Exception {
|
||||
_logger.debug("postHandle");
|
||||
|
||||
final Apps app = (Apps)WebContext.getAttribute(AuthorizeBaseEndpoint.class.getName());
|
||||
final Apps app = (Apps)WebContext.getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP);
|
||||
String sessionId = (String)WebContext.getAttribute(WebConstants.CURRENT_USER_SESSION_ID);
|
||||
final UserInfo userInfo = WebContext.getUserInfo();
|
||||
_logger.debug("sessionId : " + sessionId + " ,appId : " + app.getId());
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user