admin/MaxKey
1
0
Fork 0
mirror of https://gitee.com/dromara/MaxKey.git synced 2025-12-06 17:08:29 +08:00
Code Issues Packages Projects Releases Wiki Activity

v3.0.0GA with authentication isTrusted

Browse Source 
v3.0.0GA with authentication isTrusted
cas Parameter service fix
This commit is contained in:
Crystal.Sea 2021-09-26 21:28:11 +08:00
parent 9c10a5aad1
commit d1cf180412
15 changed files with 117 additions and 77 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java
View File

@ -74,14 +74,7 @@ public abstract class AbstractAuthenticationProvider {
protected abstract Authentication doInternalAuthenticate(LoginCredential authentication);
public abstract Authentication basicAuthenticate(LoginCredential authentication) ;
public abstract Authentication trustAuthentication(
String username,
String type,
String provider,
String code,
String message);
public abstract Authentication authentication(LoginCredential loginCredential,boolean isTrusted);
@SuppressWarnings("rawtypes")
public boolean supports(Class authentication) {

28
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/LoginCredential.java
View File

@ -38,6 +38,10 @@ public class LoginCredential implements Authentication {
String authType;
String jwtToken;
String onlineTicket;
String provider;
String code;
String message="SUCCESS";
ArrayList<GrantedAuthority> grantedAuthority;
boolean authenticated;
boolean roleAdministrators;
@ -182,6 +186,30 @@ public class LoginCredential implements Authentication {
this.roleAdministrators = roleAdministrators;
}
public String getProvider() {
return provider;
}
public void setProvider(String provider) {
this.provider = provider;
}
public String getCode() {
return code;
}
public void setCode(String code) {
this.code = code;
}
public String getMessage() {
return message;
}
public void setMessage(String message) {
this.message = message;
}
@Override
public String toString() {
StringBuilder builder = new StringBuilder();

57
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java
View File

@ -95,19 +95,19 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
userInfo = loadUserInfo(loginCredential.getUsername(),loginCredential.getPassword());
userinfoValid(userInfo, loginCredential.getUsername());
//mfa
tftcaptchaValid(loginCredential.getOtpCaptcha(),loginCredential.getAuthType(),userInfo);
//Validate PasswordPolicy
authenticationRealm.getPasswordPolicyValidator().passwordPolicyValid(userInfo);
if(loginCredential.getAuthType().equalsIgnoreCase(AuthType.MOBILE)) {
mobilecaptchaValid(loginCredential.getPassword(),loginCredential.getAuthType(),userInfo);
}else {
//Validate PasswordPolicy
authenticationRealm.getPasswordPolicyValidator().passwordPolicyValid(userInfo);
//Match password
authenticationRealm.passwordMatches(userInfo, loginCredential.getPassword());
//apply PasswordSetType and resetBadPasswordCount
authenticationRealm.getPasswordPolicyValidator().applyPasswordPolicy(userInfo);
}
//apply PasswordSetType and resetBadPasswordCount
authenticationRealm.getPasswordPolicyValidator().applyPasswordPolicy(userInfo);
UsernamePasswordAuthenticationToken authenticationToken = createOnlineSession(loginCredential,userInfo);
//RemeberMe Config check then set RemeberMe cookies
@ -128,26 +128,6 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
return authenticationToken;
}
@Override
public Authentication basicAuthenticate(LoginCredential loginCredential) {
UserInfo loadeduserInfo = loadUserInfo(loginCredential.getUsername(), "");
if (loadeduserInfo != null) {
authenticationRealm.passwordMatches(loadeduserInfo, loginCredential.getPassword());
authenticationRealm.getPasswordPolicyValidator().passwordPolicyValid(loadeduserInfo);
Authentication authentication = createOnlineSession(loginCredential,loadeduserInfo);
authenticationRealm.insertLoginHistory(loadeduserInfo, loginCredential.getAuthType(), "", "", "SUCCESS");
return authentication;
}else {
String message = WebContext.getI18nValue("login.error.username");
_logger.debug("login user " + loginCredential.getUsername() + " not in this System ." + message);
throw new BadCredentialsException(WebContext.getI18nValue("login.error.username"));
}
}
/**
* trustAuthentication.
* @param username String
@ -158,24 +138,29 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
* @return boolean
*/
@Override
public Authentication trustAuthentication(String username,
String type,
String provider,
String code,
String message) {
UserInfo loadeduserInfo = loadUserInfo(username, "");
public Authentication authentication(LoginCredential loginCredential,boolean isTrusted) {
UserInfo loadeduserInfo = loadUserInfo(loginCredential.getUsername(), "");
if (loadeduserInfo != null) {
LoginCredential loginCredential = new LoginCredential();
loginCredential.setUsername(loadeduserInfo.getUsername());
//Validate PasswordPolicy
authenticationRealm.getPasswordPolicyValidator().passwordPolicyValid(loadeduserInfo);
if(!isTrusted) {
authenticationRealm.passwordMatches(loadeduserInfo, loginCredential.getPassword());
}
//apply PasswordSetType and resetBadPasswordCount
authenticationRealm.getPasswordPolicyValidator().applyPasswordPolicy(loadeduserInfo);
Authentication authentication = createOnlineSession(loginCredential,loadeduserInfo);
authenticationRealm.insertLoginHistory(loadeduserInfo, type, provider, code, message);
authenticationRealm.insertLoginHistory( loadeduserInfo,
loginCredential.getAuthType(),
loginCredential.getProvider(),
loginCredential.getCode(),
loginCredential.getMessage()
);
return authentication;
}else {
String i18nMessage = WebContext.getI18nValue("login.error.username");
_logger.debug("login user " + username + " not in this System ." + i18nMessage);
_logger.debug("login user " + loginCredential.getUsername() + " not in this System ." + i18nMessage);
throw new BadCredentialsException(WebContext.getI18nValue("login.error.username"));
}
}

6
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/basic/BasicEntryPoint.java
View File

@ -21,6 +21,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.maxkey.authn.AbstractAuthenticationProvider;
import org.maxkey.authn.LoginCredential;
import org.maxkey.constants.ConstantsLoginType;
import org.maxkey.util.AuthorizationHeaderCredential;
import org.maxkey.util.AuthorizationHeaderUtils;
@ -129,8 +130,9 @@ public class BasicEntryPoint implements AsyncHandlerInterceptor {
}
if(!isAuthenticated){
authenticationProvider.trustAuthentication(headerCredential.getUsername(),ConstantsLoginType.BASIC,"","","success");
_logger.info("Authentication "+headerCredential.getUsername()+" successful .");
LoginCredential loginCredential =new LoginCredential(headerCredential.getUsername(),"",ConstantsLoginType.BASIC);
authenticationProvider.authentication(loginCredential,true);
_logger.info("Authentication "+headerCredential.getUsername()+" successful .");
}
return true;

4
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/httpheader/HttpHeaderEntryPoint.java
View File

@ -21,6 +21,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.maxkey.authn.AbstractAuthenticationProvider;
import org.maxkey.authn.LoginCredential;
import org.maxkey.constants.ConstantsLoginType;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@ -107,7 +108,8 @@ public class HttpHeaderEntryPoint implements AsyncHandlerInterceptor {
}
if(!isAuthenticated){
authenticationProvider.trustAuthentication(httpHeaderUsername,ConstantsLoginType.HTTPHEADER,"","","success");
LoginCredential loginCredential =new LoginCredential(httpHeaderUsername,"",ConstantsLoginType.HTTPHEADER);
authenticationProvider.authentication(loginCredential,true);
_logger.info("Authentication "+httpHeaderUsername+" successful .");
}

4
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/jwt/HttpJwtEntryPoint.java
View File

@ -21,6 +21,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.maxkey.authn.AbstractAuthenticationProvider;
import org.maxkey.authn.LoginCredential;
import org.maxkey.configuration.ApplicationConfig;
import org.maxkey.constants.ConstantsLoginType;
import org.maxkey.web.WebConstants;
@ -77,7 +78,8 @@ public class HttpJwtEntryPoint implements AsyncHandlerInterceptor {
SignedJWT signedJWT = jwtLoginService.jwtTokenValidation(jwt);
if(signedJWT != null) {
String username =signedJWT.getJWTClaimsSet().getSubject();
authenticationProvider.trustAuthentication(username, ConstantsLoginType.JWT, "", "", "success");
LoginCredential loginCredential =new LoginCredential(username,"",ConstantsLoginType.JWT);
authenticationProvider.authentication(loginCredential,true);
_logger.debug("JWT Logined in , username " + username);
}

5
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/kerberos/HttpKerberosEntryPoint.java
View File

@ -21,6 +21,7 @@ import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.joda.time.DateTime;
import org.maxkey.authn.AbstractAuthenticationProvider;
import org.maxkey.authn.LoginCredential;
import org.maxkey.configuration.ApplicationConfig;
import org.maxkey.constants.ConstantsLoginType;
import org.maxkey.crypto.ReciprocalUtils;
@ -94,7 +95,9 @@ public class HttpKerberosEntryPoint implements AsyncHandlerInterceptor {
_logger.debug("Kerberos Token is After Now "+notOnOrAfter.isAfterNow());
if(notOnOrAfter.isAfterNow()){
authenticationProvider.trustAuthentication(kerberosToken.getPrincipal(),ConstantsLoginType.KERBEROS,kerberosUserDomain,"","success");
LoginCredential loginCredential =new LoginCredential(kerberosToken.getPrincipal(),"",ConstantsLoginType.KERBEROS);
loginCredential.setProvider(kerberosUserDomain);
authenticationProvider.authentication(loginCredential,true);
_logger.debug("Kerberos Logined in , username " + kerberosToken.getPrincipal());
}

9
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/HttpRemeberMeEntryPoint.java
View File

@ -23,6 +23,7 @@ import javax.servlet.http.HttpServletResponse;
import org.joda.time.DateTime;
import org.maxkey.authn.AbstractAuthenticationProvider;
import org.maxkey.authn.LoginCredential;
import org.maxkey.configuration.ApplicationConfig;
import org.maxkey.constants.ConstantsLoginType;
import org.maxkey.crypto.Base64Utils;
@ -94,12 +95,8 @@ public class HttpRemeberMeEntryPoint implements AsyncHandlerInterceptor {
DateTime expiryDate = loginDate.plusSeconds(remeberMeService.getRemeberMeValidity());
DateTime now = new DateTime();
if (now.isBefore(expiryDate)) {
authenticationProvider.trustAuthentication(
storeRemeberMe.getUsername(),
ConstantsLoginType.REMEBER_ME,
"",
"",
"success");
LoginCredential loginCredential =new LoginCredential(storeRemeberMe.getUsername(),"",ConstantsLoginType.REMEBER_ME);
authenticationProvider.authentication(loginCredential,true);
remeberMeService.updateRemeberMe(remeberMeCookie, response);
_logger.debug("RemeberMe Logined in , username " + storeRemeberMe.getUsername());
}

9
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/wsfederation/HttpWsFederationEntryPoint.java
View File

@ -20,6 +20,7 @@ package org.maxkey.authn.support.wsfederation;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.maxkey.authn.AbstractAuthenticationProvider;
import org.maxkey.authn.LoginCredential;
import org.maxkey.configuration.ApplicationConfig;
import org.maxkey.constants.ConstantsLoginType;
import org.maxkey.util.StringUtils;
@ -97,11 +98,9 @@ public class HttpWsFederationEntryPoint implements AsyncHandlerInterceptor {
wsFederationCredential.getAttributes(),
wsFederationService.getWsFederationConfiguration().getUpnSuffix());
}
authenticationProvider.trustAuthentication(
wsFederationCredential.getAttributes().get("").toString(),
ConstantsLoginType.WSFEDERATION,
"","","success");
LoginCredential loginCredential =new LoginCredential(
wsFederationCredential.getAttributes().get("").toString(),"",ConstantsLoginType.WSFEDERATION);
authenticationProvider.authentication(loginCredential,true);
return true;
} else {
_logger.warn("SAML assertions are blank or no longer valid.");

8
maxkey-authentications/maxkey-authentication-social/src/main/java/org/maxkey/authn/support/socialsignon/SocialSignOnEndpoint.java
View File

@ -22,6 +22,7 @@ package org.maxkey.authn.support.socialsignon;
import javax.servlet.http.HttpServletRequest;
import org.maxkey.authn.LoginCredential;
import org.maxkey.authn.support.socialsignon.service.SocialSignOnProvider;
import org.maxkey.authn.support.socialsignon.service.SocialsAssociate;
import org.maxkey.constants.ConstantsLoginType;
@ -176,8 +177,11 @@ public class SocialSignOnEndpoint extends AbstractSocialSignOnEndpoint{
_logger.debug("Social Sign On from "+socialsAssociate.getProvider()+" mapping to user "+socialsAssociate.getUsername());
authenticationProvider.trustAuthentication(socialsAssociate.getUsername(), ConstantsLoginType.SOCIALSIGNON,this.socialSignOnProvider.getProviderName(),"xe00000004","success");
//socialsAssociate.setAccessToken(JsonUtils.object2Json(this.accessToken));
LoginCredential loginCredential =new LoginCredential(
socialsAssociate.getUsername(),"",ConstantsLoginType.SOCIALSIGNON);
loginCredential.setProvider(this.socialSignOnProvider.getProviderName());
authenticationProvider.authentication(loginCredential,true);
//socialsAssociate.setAccessToken(JsonUtils.object2Json(this.accessToken));
socialsAssociate.setSocialUserInfo(accountJsonString);
//socialsAssociate.setExAttribute(JsonUtils.object2Json(accessToken.getResponseObject()));

8
maxkey-core/src/main/java/org/maxkey/web/WebXssRequestFilter.java
View File

@ -39,8 +39,12 @@ public class WebXssRequestFilter extends GenericFilterBean {
final static ConcurrentHashMap <String,String> skipUrlMap = new ConcurrentHashMap <String,String>();
static {
skipUrlMap.put("/notices/add", "");
skipUrlMap.put("/notices/update", "");
skipUrlMap.put("/notices/add", "/notices/add");
skipUrlMap.put("/notices/update", "/notices/update");
skipUrlMap.put("/authz/cas", "/authz/cas");
skipUrlMap.put("/authz/cas/", "/authz/cas/");
skipUrlMap.put("/authz/cas/login", "/authz/cas/login");
skipUrlMap.put("/authz/oauth/v20/authorize", "/authz/oauth/v20/authorize");
}
@Override

25
maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java
View File

@ -64,7 +64,7 @@ public class CasAuthorizeEndpoint extends CasBaseAuthorizeEndpoint{
AppsCasDetails casDetails=casDetailsService.getAppDetails(casService);
return buildCasModelAndView(request,response,casDetails);
return buildCasModelAndView(request,response,casDetails,casService);
}
@ -77,20 +77,34 @@ public class CasAuthorizeEndpoint extends CasBaseAuthorizeEndpoint{
AppsCasDetails casDetails=casDetailsService.getAppDetails(id);
return buildCasModelAndView(request,response,casDetails);
return buildCasModelAndView(request,response,casDetails,casDetails.getCallbackUrl());
}
private ModelAndView buildCasModelAndView(
HttpServletRequest request,
HttpServletResponse response,
AppsCasDetails casDetails){
AppsCasDetails casDetails,
String casService){
_logger.debug(""+casDetails);
Map<String, String> parameterMap = WebContext.getRequestParameterMap(request);
String service = casService;
_logger.debug("CAS Parameter service = " + service);
if(casService.indexOf("?") >-1 ) {
service = casService.substring(casService.indexOf("?") + 1);
if(service.indexOf("=") > -1) {
String [] parameterValues = service.split("=");
if(parameterValues.length == 2) {
parameterMap.put(parameterValues[0], parameterValues[1]);
}
}
_logger.debug("CAS service with Parameter : " + service);
}
WebContext.setAttribute(
CasConstants.PARAMETER.PARAMETER_MAP,
WebContext.getRequestParameterMap(request)
parameterMap
);
WebContext.setAttribute(CasConstants.PARAMETER.ENDPOINT_CAS_DETAILS, casDetails);
WebContext.setAttribute(WebConstants.SINGLE_SIGN_ON_APP_ID, casDetails.getId());
WebContext.setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP,casDetails);
@ -116,7 +130,6 @@ public class CasAuthorizeEndpoint extends CasBaseAuthorizeEndpoint{
callbackUrl.append("&");
}
//append ticket
callbackUrl.append(CasConstants.PARAMETER.TICKET).append("=").append(ticket);

4
maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasRestV1Endpoint.java
View File

@ -82,7 +82,7 @@ public class CasRestV1Endpoint extends CasBaseAuthorizeEndpoint{
LoginCredential loginCredential =new LoginCredential(username,password,"CASREST");
authenticationProvider.basicAuthenticate(loginCredential);
authenticationProvider.authentication(loginCredential,false);
TicketGrantingTicketImpl ticketGrantingTicket=new TicketGrantingTicketImpl("Random",WebContext.getAuthentication(),null);
@ -189,7 +189,7 @@ public class CasRestV1Endpoint extends CasBaseAuthorizeEndpoint{
LoginCredential loginCredential =new LoginCredential(username,password,"CASREST");
authenticationProvider.basicAuthenticate(loginCredential);
authenticationProvider.authentication(loginCredential,false);
UserInfo userInfo =WebContext.getUserInfo();
TicketGrantingTicketImpl ticketGrantingTicket=new TicketGrantingTicketImpl("Random",WebContext.getAuthentication(),null);

6
maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/consumer/endpoint/ConsumerEndpoint.java
View File

@ -31,6 +31,7 @@ import javax.servlet.http.HttpServletResponse;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.Validate;
import org.maxkey.authn.AbstractAuthenticationProvider;
import org.maxkey.authn.LoginCredential;
import org.maxkey.authz.saml.common.EndpointGenerator;
import org.maxkey.authz.saml.common.TrustResolver;
import org.maxkey.authz.saml.service.IDService;
@ -185,8 +186,9 @@ public class ConsumerEndpoint {
logger.debug("assertion.getID() ", assertion.getAuthnStatements());
authenticationProvider.trustAuthentication(username, ConstantsLoginType.SAMLTRUST,"","","success");
LoginCredential loginCredential =new LoginCredential(
username,"",ConstantsLoginType.SAMLTRUST);
authenticationProvider.authentication(loginCredential,true);
ModelAndView mav = new ModelAndView();
mav.addObject("username", username);

8
maxkey-webs/maxkey-web-maxkey/src/main/resources/templates/views/authorize/cas_sso_submint.ftl
View File

@ -5,7 +5,13 @@
<#include "authorize_common.ftl">
<script type="text/javascript">
function redirectToLogin(){
window.top.location.href ="${callbackUrl}";
var srcUrl = window.top.location.href;
srcUrl = srcUrl.substring(srcUrl.indexOf("#"));
var callbackUrl = "${callbackUrl}";
if(srcUrl.indexOf("#") >-1 ){
callbackUrl =callbackUrl.replace("?",srcUrl + "&");
}
window.top.location.href = callbackUrl;
}
</script>
</head>