admin/MaxKey
1
0
Fork 0
mirror of https://gitee.com/dromara/MaxKey.git synced 2025-12-06 17:08:29 +08:00
Code Issues Packages Projects Releases Wiki Activity

/sign/authz/cas/v1/tickets这个接口只要用户名正确,密码随便填都能通过 #I7LC07

Browse Source
This commit is contained in:
MaxKey 2023-07-17 11:22:40 +08:00
parent 32462ebeef
commit bf84b27fc0
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasRestV1Endpoint.java
View File

@ -43,6 +43,7 @@ import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType; import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity; import org.springframework.http.ResponseEntity;
import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException; import org.springframework.security.core.AuthenticationException;
import org.springframework.stereotype.Controller; import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PathVariable; import org.springframework.web.bind.annotation.PathVariable;
@ -81,10 +82,14 @@ public class CasRestV1Endpoint extends CasBaseAuthorizeEndpoint{
throw new BadCredentialsException("No credentials are provided or extracted to authenticate the REST request"); throw new BadCredentialsException("No credentials are provided or extracted to authenticate the REST request");
} }
LoginCredential loginCredential =new LoginCredential(username,password,"CASREST"); LoginCredential loginCredential =new LoginCredential(username,password,"normal");
Authentication authentication = authenticationProvider.authenticate(loginCredential);
if(authentication == null) {
_logger.debug("Bad Credentials Exception");
return new ResponseEntity<>("Bad Credentials", HttpStatus.BAD_REQUEST);
}
authenticationProvider.authenticate(loginCredential,false);
TicketGrantingTicketImpl ticketGrantingTicket=new TicketGrantingTicketImpl("Random",AuthorizationUtils.getAuthentication(),null); TicketGrantingTicketImpl ticketGrantingTicket=new TicketGrantingTicketImpl("Random",AuthorizationUtils.getAuthentication(),null);
String ticket=casTicketGrantingTicketServices.createTicket(ticketGrantingTicket); String ticket=casTicketGrantingTicketServices.createTicket(ticketGrantingTicket);