mirror of
https://gitee.com/dromara/MaxKey.git
synced 2025-12-07 01:18:27 +08:00
apps
This commit is contained in:
MaxKey
parent
0307d8752c
commit
e0e517d694
@ -0,0 +1,41 @@
|
|||||||
|
package org.maxkey.authn.web;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.util.HashMap;
|
||||||
|
import java.util.Map;
|
||||||
|
|
||||||
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
|
||||||
|
import org.slf4j.Logger;
|
||||||
|
import org.slf4j.LoggerFactory;
|
||||||
|
import org.springframework.http.MediaType;
|
||||||
|
import org.springframework.stereotype.Controller;
|
||||||
|
import org.springframework.web.bind.annotation.RequestMapping;
|
||||||
|
|
||||||
|
import com.fasterxml.jackson.core.exc.StreamWriteException;
|
||||||
|
import com.fasterxml.jackson.databind.DatabindException;
|
||||||
|
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||||
|
|
||||||
|
@Controller
|
||||||
|
public class AuthEntryPoint {
|
||||||
|
private static final Logger _logger = LoggerFactory.getLogger(AuthEntryPoint.class);
|
||||||
|
|
||||||
|
@RequestMapping(value={"/auth/entrypoint"})
|
||||||
|
public void entryPoint(
|
||||||
|
HttpServletRequest request, HttpServletResponse response)
|
||||||
|
throws StreamWriteException, DatabindException, IOException {
|
||||||
|
_logger.trace("AuthEntryPoint /entrypoint.");
|
||||||
|
response.setContentType(MediaType.APPLICATION_JSON_VALUE);
|
||||||
|
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
|
||||||
|
|
||||||
|
final Map<String, Object> body = new HashMap<>();
|
||||||
|
body.put("status", HttpServletResponse.SC_UNAUTHORIZED);
|
||||||
|
body.put("error", "Unauthorized");
|
||||||
|
body.put("message", "Unauthorized");
|
||||||
|
body.put("path", request.getServletPath());
|
||||||
|
|
||||||
|
final ObjectMapper mapper = new ObjectMapper();
|
||||||
|
mapper.writeValue(response.getOutputStream(), body);
|
||||||
|
}
|
||||||
|
}
|
||||||
@ -78,8 +78,8 @@ public class PermissionAdapter implements AsyncHandlerInterceptor {
|
|||||||
//判断用户是否登录
|
//判断用户是否登录
|
||||||
if(WebContext.getAuthentication()==null
|
if(WebContext.getAuthentication()==null
|
||||||
||WebContext.getAuthentication().getAuthorities()==null){//判断用户和角色,判断用户是否登录用户
|
||WebContext.getAuthentication().getAuthorities()==null){//判断用户和角色,判断用户是否登录用户
|
||||||
_logger.trace("No Authentication ... forward to /login");
|
_logger.trace("No Authentication ... forward to /auth/entrypoint");
|
||||||
RequestDispatcher dispatcher = request.getRequestDispatcher("/login");
|
RequestDispatcher dispatcher = request.getRequestDispatcher("/auth/entrypoint");
|
||||||
dispatcher.forward(request, response);
|
dispatcher.forward(request, response);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|||||||
@ -50,6 +50,10 @@ public class ConstsBoolean {
|
|||||||
public static boolean isTrue(int value) {
|
public static boolean isTrue(int value) {
|
||||||
return TRUE == value;
|
return TRUE == value;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static boolean isYes(String value) {
|
||||||
|
return "YES" == value.toUpperCase();
|
||||||
|
}
|
||||||
|
|
||||||
public static boolean isFalse(int value) {
|
public static boolean isFalse(int value) {
|
||||||
return FALSE == value;
|
return FALSE == value;
|
||||||
|
|||||||
@ -108,12 +108,16 @@ public class AppsOAuth20Details extends Apps {
|
|||||||
this.setAdapterName(application.getAdapterName());
|
this.setAdapterName(application.getAdapterName());
|
||||||
|
|
||||||
this.clientSecret = baseClientDetails.getClientSecret();
|
this.clientSecret = baseClientDetails.getClientSecret();
|
||||||
this.scope = baseClientDetails.getScope().toString();
|
this.scope = StringUtils
|
||||||
this.resourceIds = baseClientDetails.getResourceIds().toString();
|
.collectionToCommaDelimitedString(baseClientDetails.getScope());
|
||||||
this.authorizedGrantTypes = baseClientDetails.getAuthorizedGrantTypes().toString();
|
this.resourceIds = StringUtils
|
||||||
|
.collectionToCommaDelimitedString(baseClientDetails.getResourceIds());
|
||||||
|
this.authorizedGrantTypes = StringUtils
|
||||||
|
.collectionToCommaDelimitedString(baseClientDetails.getAuthorizedGrantTypes());
|
||||||
this.registeredRedirectUris = StringUtils
|
this.registeredRedirectUris = StringUtils
|
||||||
.collectionToCommaDelimitedString(baseClientDetails.getRegisteredRedirectUri());
|
.collectionToCommaDelimitedString(baseClientDetails.getRegisteredRedirectUri());
|
||||||
this.authorities = baseClientDetails.getAuthorities().toString();
|
this.authorities = StringUtils
|
||||||
|
.collectionToCommaDelimitedString(baseClientDetails.getAuthorities());
|
||||||
this.accessTokenValiditySeconds = baseClientDetails.getAccessTokenValiditySeconds();
|
this.accessTokenValiditySeconds = baseClientDetails.getAccessTokenValiditySeconds();
|
||||||
this.refreshTokenValiditySeconds = baseClientDetails.getRefreshTokenValiditySeconds();
|
this.refreshTokenValiditySeconds = baseClientDetails.getRefreshTokenValiditySeconds();
|
||||||
this.approvalPrompt = baseClientDetails.isAutoApprove("all") + "";
|
this.approvalPrompt = baseClientDetails.isAutoApprove("all") + "";
|
||||||
|
|||||||
@ -26,8 +26,6 @@ import javax.persistence.GenerationType;
|
|||||||
import javax.persistence.Id;
|
import javax.persistence.Id;
|
||||||
import javax.persistence.Table;
|
import javax.persistence.Table;
|
||||||
|
|
||||||
import org.springframework.web.multipart.MultipartFile;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @author Crystal.Sea
|
* @author Crystal.Sea
|
||||||
*
|
*
|
||||||
@ -79,17 +77,14 @@ public class AppsSAML20Details extends Apps {
|
|||||||
* 0 false 1 true
|
* 0 false 1 true
|
||||||
*/
|
*/
|
||||||
@Column
|
@Column
|
||||||
private int encrypted;
|
private String encrypted;
|
||||||
|
|
||||||
/**
|
|
||||||
* for upload
|
|
||||||
*/
|
|
||||||
private MultipartFile metaFile;
|
|
||||||
/**
|
/**
|
||||||
* metadata_file metadata_url or certificate
|
* metadata_file metadata_url or certificate
|
||||||
*/
|
*/
|
||||||
private String fileType;
|
private String fileType;
|
||||||
|
|
||||||
|
String metaFileId;
|
||||||
|
|
||||||
X509Certificate trustCert = null;
|
X509Certificate trustCert = null;
|
||||||
/**
|
/**
|
||||||
* metadata Url
|
* metadata Url
|
||||||
@ -101,7 +96,7 @@ public class AppsSAML20Details extends Apps {
|
|||||||
* 0 original 1 uppercase 2 lowercase
|
* 0 original 1 uppercase 2 lowercase
|
||||||
*/
|
*/
|
||||||
@Column
|
@Column
|
||||||
private int nameIdConvert;
|
private String nameIdConvert;
|
||||||
|
|
||||||
@Column
|
@Column
|
||||||
private String nameIdSuffix;
|
private String nameIdSuffix;
|
||||||
@ -283,15 +278,7 @@ public class AppsSAML20Details extends Apps {
|
|||||||
this.validityInterval = validityInterval;
|
this.validityInterval = validityInterval;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
public MultipartFile getMetaFile() {
|
|
||||||
return metaFile;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void setMetaFile(MultipartFile metaFile) {
|
|
||||||
this.metaFile = metaFile;
|
|
||||||
}
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @return the fileType
|
* @return the fileType
|
||||||
@ -307,7 +294,15 @@ public class AppsSAML20Details extends Apps {
|
|||||||
this.fileType = fileType;
|
this.fileType = fileType;
|
||||||
}
|
}
|
||||||
|
|
||||||
public String getBinding() {
|
public String getMetaFileId() {
|
||||||
|
return metaFileId;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setMetaFileId(String metaFileId) {
|
||||||
|
this.metaFileId = metaFileId;
|
||||||
|
}
|
||||||
|
|
||||||
|
public String getBinding() {
|
||||||
return binding;
|
return binding;
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -315,19 +310,19 @@ public class AppsSAML20Details extends Apps {
|
|||||||
this.binding = binding;
|
this.binding = binding;
|
||||||
}
|
}
|
||||||
|
|
||||||
public int getEncrypted() {
|
public String getEncrypted() {
|
||||||
return encrypted;
|
return encrypted;
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setEncrypted(int encrypted) {
|
public void setEncrypted(String encrypted) {
|
||||||
this.encrypted = encrypted;
|
this.encrypted = encrypted;
|
||||||
}
|
}
|
||||||
|
|
||||||
public int getNameIdConvert() {
|
public String getNameIdConvert() {
|
||||||
return nameIdConvert;
|
return nameIdConvert;
|
||||||
}
|
}
|
||||||
|
|
||||||
public void setNameIdConvert(int nameIdConvert) {
|
public void setNameIdConvert(String nameIdConvert) {
|
||||||
this.nameIdConvert = nameIdConvert;
|
this.nameIdConvert = nameIdConvert;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -78,7 +78,7 @@ public class AuthnResponseGenerator {
|
|||||||
attributeMap);
|
attributeMap);
|
||||||
|
|
||||||
//Encrypt
|
//Encrypt
|
||||||
if(ConstsBoolean.isTrue(saml20Details.getEncrypted())) {
|
if(ConstsBoolean.isYes(saml20Details.getEncrypted())) {
|
||||||
logger.info("begin to encrypt assertion");
|
logger.info("begin to encrypt assertion");
|
||||||
try {
|
try {
|
||||||
// Assume this contains a recipient's RSA public
|
// Assume this contains a recipient's RSA public
|
||||||
|
|||||||
@ -84,12 +84,12 @@ public class SubjectGenerator {
|
|||||||
nameIdValue = nameIdValue + saml20Details.getNameIdSuffix();
|
nameIdValue = nameIdValue + saml20Details.getNameIdSuffix();
|
||||||
}
|
}
|
||||||
|
|
||||||
if(saml20Details.getNameIdConvert()==0) {
|
if(saml20Details.getNameIdConvert().equalsIgnoreCase("uppercase")) {
|
||||||
|
|
||||||
}else if(saml20Details.getNameIdConvert()==1) {
|
|
||||||
nameIdValue = nameIdValue.toUpperCase();
|
nameIdValue = nameIdValue.toUpperCase();
|
||||||
}else if(saml20Details.getNameIdConvert()==1) {
|
}else if(saml20Details.getNameIdConvert().equalsIgnoreCase("lowercase")) {
|
||||||
nameIdValue = nameIdValue.toLowerCase();
|
nameIdValue = nameIdValue.toLowerCase();
|
||||||
|
}else {
|
||||||
|
//do nothing
|
||||||
}
|
}
|
||||||
|
|
||||||
NameID nameID =builderNameID(nameIdValue,assertionConsumerURL);
|
NameID nameID =builderNameID(nameIdValue,assertionConsumerURL);
|
||||||
|
|||||||
@ -17,10 +17,13 @@
|
|||||||
|
|
||||||
package org.maxkey.web.apps.contorller;
|
package org.maxkey.web.apps.contorller;
|
||||||
|
|
||||||
|
import java.io.ByteArrayInputStream;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.InputStream;
|
import java.io.InputStream;
|
||||||
import java.security.KeyStore;
|
import java.security.KeyStore;
|
||||||
import java.security.cert.X509Certificate;
|
import java.security.cert.X509Certificate;
|
||||||
|
|
||||||
|
import org.apache.commons.lang3.StringUtils;
|
||||||
import org.apache.http.client.methods.CloseableHttpResponse;
|
import org.apache.http.client.methods.CloseableHttpResponse;
|
||||||
import org.apache.http.client.methods.HttpPost;
|
import org.apache.http.client.methods.HttpPost;
|
||||||
import org.apache.http.impl.client.CloseableHttpClient;
|
import org.apache.http.impl.client.CloseableHttpClient;
|
||||||
@ -83,7 +86,6 @@ public class SAML20DetailsController extends BaseAppContorller {
|
|||||||
AppsSAML20Details saml20Details=saml20DetailsService.getAppDetails(id , false);
|
AppsSAML20Details saml20Details=saml20DetailsService.getAppDetails(id , false);
|
||||||
decoderSecret(saml20Details);
|
decoderSecret(saml20Details);
|
||||||
saml20Details.transIconBase64();
|
saml20Details.transIconBase64();
|
||||||
//modelAndView.addObject("model",saml20Details);
|
|
||||||
//modelAndView.addObject("authzURI",applicationConfig.getAuthzUri());
|
//modelAndView.addObject("authzURI",applicationConfig.getAuthzUri());
|
||||||
return new Message<AppsSAML20Details>(saml20Details).buildResponse();
|
return new Message<AppsSAML20Details>(saml20Details).buildResponse();
|
||||||
}
|
}
|
||||||
@ -142,60 +144,57 @@ public class SAML20DetailsController extends BaseAppContorller {
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
//////////////////////////////
|
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
protected AppsSAML20Details transform(AppsSAML20Details samlDetails) throws Exception{
|
protected AppsSAML20Details transform(AppsSAML20Details samlDetails) throws Exception{
|
||||||
|
|
||||||
super.transform(samlDetails);
|
super.transform(samlDetails);
|
||||||
|
|
||||||
if(null==samlDetails.getFileType()||samlDetails.getFileType().equals("certificate")){//certificate file
|
if(StringUtils.isNotBlank(samlDetails.getFileType())){
|
||||||
try {
|
if(StringUtils.isNotBlank(samlDetails.getMetaFileId())) {
|
||||||
if (null!=samlDetails.getMetaFile()&&!samlDetails.getMetaFile().isEmpty()) {
|
ByteArrayInputStream bArrayInputStream = new ByteArrayInputStream(
|
||||||
InputStream isCert = samlDetails.getMetaFile().getInputStream();
|
fileUploadService.get(samlDetails.getMetaFileId()).getUploaded());;
|
||||||
X509Certificate trustCert = X509CertUtils.loadCertFromInputStream(isCert);
|
if(samlDetails.getFileType().equals("certificate")){//certificate file
|
||||||
samlDetails.setTrustCert(trustCert);
|
try {
|
||||||
isCert.close();
|
X509Certificate trustCert = X509CertUtils.loadCertFromInputStream(bArrayInputStream);
|
||||||
}
|
samlDetails.setTrustCert(trustCert);
|
||||||
} catch (IOException e) {
|
} catch (IOException e) {
|
||||||
_logger.error("read certificate file error .", e);
|
_logger.error("read certificate file error .", e);
|
||||||
throw new Exception("read certificate file error", e);
|
throw new Exception("read certificate file error", e);
|
||||||
|
}
|
||||||
|
}else if(samlDetails.getFileType().equals("metadata_file")){//metadata file
|
||||||
|
samlDetails = resolveMetaData(samlDetails,bArrayInputStream);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
if(samlDetails.getFileType().equals("metadata_url")
|
||||||
|
&&StringUtils.isNotBlank(samlDetails.getMetaUrl())){//metadata url
|
||||||
|
CloseableHttpClient httpClient = HttpClients.createDefault();
|
||||||
|
HttpPost post = new HttpPost(samlDetails.getMetaUrl());
|
||||||
|
CloseableHttpResponse response = httpClient.execute(post);
|
||||||
|
samlDetails = resolveMetaData(samlDetails,response.getEntity().getContent());;
|
||||||
|
response.close();
|
||||||
|
httpClient.close();
|
||||||
|
}
|
||||||
|
|
||||||
|
if(samlDetails.getTrustCert()!=null) {
|
||||||
|
samlDetails.setCertSubject(samlDetails.getTrustCert().getSubjectDN().getName());
|
||||||
|
samlDetails.setCertExpiration(samlDetails.getTrustCert().getNotAfter().toString());
|
||||||
|
|
||||||
|
samlDetails.setCertIssuer(X509CertUtils.getCommonName(samlDetails.getTrustCert().getIssuerX500Principal()));
|
||||||
|
|
||||||
|
KeyStore keyStore = KeyStoreUtil.clone(idpKeyStoreLoader.getKeyStore(),idpKeyStoreLoader.getKeystorePassword());
|
||||||
|
|
||||||
|
KeyStore trustKeyStore = null;
|
||||||
|
if (!samlDetails.getEntityId().equals("")) {
|
||||||
|
trustKeyStore = KeyStoreUtil.importTrustCertificate(keyStore,samlDetails.getTrustCert(), samlDetails.getEntityId());
|
||||||
|
} else {
|
||||||
|
trustKeyStore = KeyStoreUtil.importTrustCertificate(keyStore,samlDetails.getTrustCert());
|
||||||
|
}
|
||||||
|
|
||||||
|
byte[] keyStoreByte = KeyStoreUtil.keyStore2Bytes(trustKeyStore,idpKeyStoreLoader.getKeystorePassword());
|
||||||
|
|
||||||
|
// store KeyStore content
|
||||||
|
samlDetails.setKeyStore(keyStoreByte);
|
||||||
}
|
}
|
||||||
}else if(samlDetails.getFileType().equals("metadata_file")){//metadata file
|
|
||||||
if (null!=samlDetails.getMetaFile()&&!samlDetails.getMetaFile().isEmpty()) {
|
|
||||||
samlDetails = resolveMetaData(samlDetails,samlDetails.getMetaFile().getInputStream());
|
|
||||||
}
|
|
||||||
}else if(samlDetails.getFileType().equals("metadata_url")){//metadata url
|
|
||||||
CloseableHttpClient httpClient = HttpClients.createDefault();
|
|
||||||
HttpPost post = new HttpPost(samlDetails.getMetaUrl());
|
|
||||||
CloseableHttpResponse response = httpClient.execute(post);
|
|
||||||
samlDetails = resolveMetaData(samlDetails,response.getEntity().getContent());;
|
|
||||||
response.close();
|
|
||||||
httpClient.close();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if(samlDetails.getTrustCert()!=null) {
|
|
||||||
samlDetails.setCertSubject(samlDetails.getTrustCert().getSubjectDN().getName());
|
|
||||||
samlDetails.setCertExpiration(samlDetails.getTrustCert().getNotAfter().toString());
|
|
||||||
|
|
||||||
samlDetails.setCertIssuer(X509CertUtils.getCommonName(samlDetails.getTrustCert().getIssuerX500Principal()));
|
|
||||||
|
|
||||||
KeyStore keyStore = KeyStoreUtil.clone(idpKeyStoreLoader.getKeyStore(),idpKeyStoreLoader.getKeystorePassword());
|
|
||||||
|
|
||||||
KeyStore trustKeyStore = null;
|
|
||||||
if (!samlDetails.getEntityId().equals("")) {
|
|
||||||
trustKeyStore = KeyStoreUtil.importTrustCertificate(keyStore,samlDetails.getTrustCert(), samlDetails.getEntityId());
|
|
||||||
} else {
|
|
||||||
trustKeyStore = KeyStoreUtil.importTrustCertificate(keyStore,samlDetails.getTrustCert());
|
|
||||||
}
|
|
||||||
|
|
||||||
byte[] keyStoreByte = KeyStoreUtil.keyStore2Bytes(trustKeyStore,idpKeyStoreLoader.getKeystorePassword());
|
|
||||||
|
|
||||||
// store KeyStore content
|
|
||||||
samlDetails.setKeyStore(keyStoreByte);
|
|
||||||
}
|
|
||||||
|
|
||||||
return samlDetails;
|
return samlDetails;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user