admin/MaxKey
1
0
Fork 0
mirror of https://gitee.com/dromara/MaxKey.git synced 2025-12-07 01:18:27 +08:00
Code Issues Packages Projects Releases Wiki Activity

/sign/authz/cas/v1/tickets这个接口只要用户名正确,密码随便填都能通过 #I7LC07

Browse Source
This commit is contained in:
MaxKey 2023-07-17 11:22:40 +08:00
parent 32462ebeef
commit bf84b27fc0
1 changed files with 8 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasRestV1Endpoint.java
View File

@ -43,6 +43,7 @@ import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PathVariable;
@ -81,9 +82,13 @@ public class CasRestV1Endpoint extends CasBaseAuthorizeEndpoint{
throw new BadCredentialsException("No credentials are provided or extracted to authenticate the REST request");
}
LoginCredential loginCredential =new LoginCredential(username,password,"CASREST");
LoginCredential loginCredential =new LoginCredential(username,password,"normal");
authenticationProvider.authenticate(loginCredential,false);
Authentication authentication = authenticationProvider.authenticate(loginCredential);
if(authentication == null) {
_logger.debug("Bad Credentials Exception");
return new ResponseEntity<>("Bad Credentials", HttpStatus.BAD_REQUEST);
}
TicketGrantingTicketImpl ticketGrantingTicket=new TicketGrantingTicketImpl("Random",AuthorizationUtils.getAuthentication(),null);