mirror of
https://gitee.com/dromara/MaxKey.git
synced 2025-12-07 01:18:27 +08:00
apps
This commit is contained in:
MaxKey
parent
0307d8752c
commit
e0e517d694
@ -0,0 +1,41 @@
|
||||
package org.maxkey.authn.web;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
|
||||
import com.fasterxml.jackson.core.exc.StreamWriteException;
|
||||
import com.fasterxml.jackson.databind.DatabindException;
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
|
||||
@Controller
|
||||
public class AuthEntryPoint {
|
||||
private static final Logger _logger = LoggerFactory.getLogger(AuthEntryPoint.class);
|
||||
|
||||
@RequestMapping(value={"/auth/entrypoint"})
|
||||
public void entryPoint(
|
||||
HttpServletRequest request, HttpServletResponse response)
|
||||
throws StreamWriteException, DatabindException, IOException {
|
||||
_logger.trace("AuthEntryPoint /entrypoint.");
|
||||
response.setContentType(MediaType.APPLICATION_JSON_VALUE);
|
||||
response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
|
||||
|
||||
final Map<String, Object> body = new HashMap<>();
|
||||
body.put("status", HttpServletResponse.SC_UNAUTHORIZED);
|
||||
body.put("error", "Unauthorized");
|
||||
body.put("message", "Unauthorized");
|
||||
body.put("path", request.getServletPath());
|
||||
|
||||
final ObjectMapper mapper = new ObjectMapper();
|
||||
mapper.writeValue(response.getOutputStream(), body);
|
||||
}
|
||||
}
|
||||
@ -78,8 +78,8 @@ public class PermissionAdapter implements AsyncHandlerInterceptor {
|
||||
//判断用户是否登录
|
||||
if(WebContext.getAuthentication()==null
|
||||
||WebContext.getAuthentication().getAuthorities()==null){//判断用户和角色,判断用户是否登录用户
|
||||
_logger.trace("No Authentication ... forward to /login");
|
||||
RequestDispatcher dispatcher = request.getRequestDispatcher("/login");
|
||||
_logger.trace("No Authentication ... forward to /auth/entrypoint");
|
||||
RequestDispatcher dispatcher = request.getRequestDispatcher("/auth/entrypoint");
|
||||
dispatcher.forward(request, response);
|
||||
return false;
|
||||
}
|
||||
|
||||
@ -50,6 +50,10 @@ public class ConstsBoolean {
|
||||
public static boolean isTrue(int value) {
|
||||
return TRUE == value;
|
||||
}
|
||||
|
||||
public static boolean isYes(String value) {
|
||||
return "YES" == value.toUpperCase();
|
||||
}
|
||||
|
||||
public static boolean isFalse(int value) {
|
||||
return FALSE == value;
|
||||
|
||||
@ -108,12 +108,16 @@ public class AppsOAuth20Details extends Apps {
|
||||
this.setAdapterName(application.getAdapterName());
|
||||
|
||||
this.clientSecret = baseClientDetails.getClientSecret();
|
||||
this.scope = baseClientDetails.getScope().toString();
|
||||
this.resourceIds = baseClientDetails.getResourceIds().toString();
|
||||
this.authorizedGrantTypes = baseClientDetails.getAuthorizedGrantTypes().toString();
|
||||
this.scope = StringUtils
|
||||
.collectionToCommaDelimitedString(baseClientDetails.getScope());
|
||||
this.resourceIds = StringUtils
|
||||
.collectionToCommaDelimitedString(baseClientDetails.getResourceIds());
|
||||
this.authorizedGrantTypes = StringUtils
|
||||
.collectionToCommaDelimitedString(baseClientDetails.getAuthorizedGrantTypes());
|
||||
this.registeredRedirectUris = StringUtils
|
||||
.collectionToCommaDelimitedString(baseClientDetails.getRegisteredRedirectUri());
|
||||
this.authorities = baseClientDetails.getAuthorities().toString();
|
||||
this.authorities = StringUtils
|
||||
.collectionToCommaDelimitedString(baseClientDetails.getAuthorities());
|
||||
this.accessTokenValiditySeconds = baseClientDetails.getAccessTokenValiditySeconds();
|
||||
this.refreshTokenValiditySeconds = baseClientDetails.getRefreshTokenValiditySeconds();
|
||||
this.approvalPrompt = baseClientDetails.isAutoApprove("all") + "";
|
||||
|
||||
@ -26,8 +26,6 @@ import javax.persistence.GenerationType;
|
||||
import javax.persistence.Id;
|
||||
import javax.persistence.Table;
|
||||
|
||||
import org.springframework.web.multipart.MultipartFile;
|
||||
|
||||
/**
|
||||
* @author Crystal.Sea
|
||||
*
|
||||
@ -79,17 +77,14 @@ public class AppsSAML20Details extends Apps {
|
||||
* 0 false 1 true
|
||||
*/
|
||||
@Column
|
||||
private int encrypted;
|
||||
|
||||
/**
|
||||
* for upload
|
||||
*/
|
||||
private MultipartFile metaFile;
|
||||
private String encrypted;
|
||||
/**
|
||||
* metadata_file metadata_url or certificate
|
||||
*/
|
||||
private String fileType;
|
||||
|
||||
String metaFileId;
|
||||
|
||||
X509Certificate trustCert = null;
|
||||
/**
|
||||
* metadata Url
|
||||
@ -101,7 +96,7 @@ public class AppsSAML20Details extends Apps {
|
||||
* 0 original 1 uppercase 2 lowercase
|
||||
*/
|
||||
@Column
|
||||
private int nameIdConvert;
|
||||
private String nameIdConvert;
|
||||
|
||||
@Column
|
||||
private String nameIdSuffix;
|
||||
@ -283,15 +278,7 @@ public class AppsSAML20Details extends Apps {
|
||||
this.validityInterval = validityInterval;
|
||||
}
|
||||
|
||||
|
||||
|
||||
public MultipartFile getMetaFile() {
|
||||
return metaFile;
|
||||
}
|
||||
|
||||
public void setMetaFile(MultipartFile metaFile) {
|
||||
this.metaFile = metaFile;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* @return the fileType
|
||||
@ -307,7 +294,15 @@ public class AppsSAML20Details extends Apps {
|
||||
this.fileType = fileType;
|
||||
}
|
||||
|
||||
public String getBinding() {
|
||||
public String getMetaFileId() {
|
||||
return metaFileId;
|
||||
}
|
||||
|
||||
public void setMetaFileId(String metaFileId) {
|
||||
this.metaFileId = metaFileId;
|
||||
}
|
||||
|
||||
public String getBinding() {
|
||||
return binding;
|
||||
}
|
||||
|
||||
@ -315,19 +310,19 @@ public class AppsSAML20Details extends Apps {
|
||||
this.binding = binding;
|
||||
}
|
||||
|
||||
public int getEncrypted() {
|
||||
public String getEncrypted() {
|
||||
return encrypted;
|
||||
}
|
||||
|
||||
public void setEncrypted(int encrypted) {
|
||||
public void setEncrypted(String encrypted) {
|
||||
this.encrypted = encrypted;
|
||||
}
|
||||
|
||||
public int getNameIdConvert() {
|
||||
public String getNameIdConvert() {
|
||||
return nameIdConvert;
|
||||
}
|
||||
|
||||
public void setNameIdConvert(int nameIdConvert) {
|
||||
public void setNameIdConvert(String nameIdConvert) {
|
||||
this.nameIdConvert = nameIdConvert;
|
||||
}
|
||||
|
||||
|
||||
@ -78,7 +78,7 @@ public class AuthnResponseGenerator {
|
||||
attributeMap);
|
||||
|
||||
//Encrypt
|
||||
if(ConstsBoolean.isTrue(saml20Details.getEncrypted())) {
|
||||
if(ConstsBoolean.isYes(saml20Details.getEncrypted())) {
|
||||
logger.info("begin to encrypt assertion");
|
||||
try {
|
||||
// Assume this contains a recipient's RSA public
|
||||
|
||||
@ -84,12 +84,12 @@ public class SubjectGenerator {
|
||||
nameIdValue = nameIdValue + saml20Details.getNameIdSuffix();
|
||||
}
|
||||
|
||||
if(saml20Details.getNameIdConvert()==0) {
|
||||
|
||||
}else if(saml20Details.getNameIdConvert()==1) {
|
||||
if(saml20Details.getNameIdConvert().equalsIgnoreCase("uppercase")) {
|
||||
nameIdValue = nameIdValue.toUpperCase();
|
||||
}else if(saml20Details.getNameIdConvert()==1) {
|
||||
}else if(saml20Details.getNameIdConvert().equalsIgnoreCase("lowercase")) {
|
||||
nameIdValue = nameIdValue.toLowerCase();
|
||||
}else {
|
||||
//do nothing
|
||||
}
|
||||
|
||||
NameID nameID =builderNameID(nameIdValue,assertionConsumerURL);
|
||||
|
||||
@ -17,10 +17,13 @@
|
||||
|
||||
package org.maxkey.web.apps.contorller;
|
||||
|
||||
import java.io.ByteArrayInputStream;
|
||||
import java.io.IOException;
|
||||
import java.io.InputStream;
|
||||
import java.security.KeyStore;
|
||||
import java.security.cert.X509Certificate;
|
||||
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.apache.http.client.methods.CloseableHttpResponse;
|
||||
import org.apache.http.client.methods.HttpPost;
|
||||
import org.apache.http.impl.client.CloseableHttpClient;
|
||||
@ -83,7 +86,6 @@ public class SAML20DetailsController extends BaseAppContorller {
|
||||
AppsSAML20Details saml20Details=saml20DetailsService.getAppDetails(id , false);
|
||||
decoderSecret(saml20Details);
|
||||
saml20Details.transIconBase64();
|
||||
//modelAndView.addObject("model",saml20Details);
|
||||
//modelAndView.addObject("authzURI",applicationConfig.getAuthzUri());
|
||||
return new Message<AppsSAML20Details>(saml20Details).buildResponse();
|
||||
}
|
||||
@ -142,60 +144,57 @@ public class SAML20DetailsController extends BaseAppContorller {
|
||||
}
|
||||
}
|
||||
|
||||
//////////////////////////////
|
||||
|
||||
|
||||
|
||||
protected AppsSAML20Details transform(AppsSAML20Details samlDetails) throws Exception{
|
||||
|
||||
super.transform(samlDetails);
|
||||
|
||||
if(null==samlDetails.getFileType()||samlDetails.getFileType().equals("certificate")){//certificate file
|
||||
try {
|
||||
if (null!=samlDetails.getMetaFile()&&!samlDetails.getMetaFile().isEmpty()) {
|
||||
InputStream isCert = samlDetails.getMetaFile().getInputStream();
|
||||
X509Certificate trustCert = X509CertUtils.loadCertFromInputStream(isCert);
|
||||
samlDetails.setTrustCert(trustCert);
|
||||
isCert.close();
|
||||
}
|
||||
} catch (IOException e) {
|
||||
_logger.error("read certificate file error .", e);
|
||||
throw new Exception("read certificate file error", e);
|
||||
if(StringUtils.isNotBlank(samlDetails.getFileType())){
|
||||
if(StringUtils.isNotBlank(samlDetails.getMetaFileId())) {
|
||||
ByteArrayInputStream bArrayInputStream = new ByteArrayInputStream(
|
||||
fileUploadService.get(samlDetails.getMetaFileId()).getUploaded());;
|
||||
if(samlDetails.getFileType().equals("certificate")){//certificate file
|
||||
try {
|
||||
X509Certificate trustCert = X509CertUtils.loadCertFromInputStream(bArrayInputStream);
|
||||
samlDetails.setTrustCert(trustCert);
|
||||
} catch (IOException e) {
|
||||
_logger.error("read certificate file error .", e);
|
||||
throw new Exception("read certificate file error", e);
|
||||
}
|
||||
}else if(samlDetails.getFileType().equals("metadata_file")){//metadata file
|
||||
samlDetails = resolveMetaData(samlDetails,bArrayInputStream);
|
||||
}
|
||||
}
|
||||
|
||||
if(samlDetails.getFileType().equals("metadata_url")
|
||||
&&StringUtils.isNotBlank(samlDetails.getMetaUrl())){//metadata url
|
||||
CloseableHttpClient httpClient = HttpClients.createDefault();
|
||||
HttpPost post = new HttpPost(samlDetails.getMetaUrl());
|
||||
CloseableHttpResponse response = httpClient.execute(post);
|
||||
samlDetails = resolveMetaData(samlDetails,response.getEntity().getContent());;
|
||||
response.close();
|
||||
httpClient.close();
|
||||
}
|
||||
|
||||
if(samlDetails.getTrustCert()!=null) {
|
||||
samlDetails.setCertSubject(samlDetails.getTrustCert().getSubjectDN().getName());
|
||||
samlDetails.setCertExpiration(samlDetails.getTrustCert().getNotAfter().toString());
|
||||
|
||||
samlDetails.setCertIssuer(X509CertUtils.getCommonName(samlDetails.getTrustCert().getIssuerX500Principal()));
|
||||
|
||||
KeyStore keyStore = KeyStoreUtil.clone(idpKeyStoreLoader.getKeyStore(),idpKeyStoreLoader.getKeystorePassword());
|
||||
|
||||
KeyStore trustKeyStore = null;
|
||||
if (!samlDetails.getEntityId().equals("")) {
|
||||
trustKeyStore = KeyStoreUtil.importTrustCertificate(keyStore,samlDetails.getTrustCert(), samlDetails.getEntityId());
|
||||
} else {
|
||||
trustKeyStore = KeyStoreUtil.importTrustCertificate(keyStore,samlDetails.getTrustCert());
|
||||
}
|
||||
|
||||
byte[] keyStoreByte = KeyStoreUtil.keyStore2Bytes(trustKeyStore,idpKeyStoreLoader.getKeystorePassword());
|
||||
|
||||
// store KeyStore content
|
||||
samlDetails.setKeyStore(keyStoreByte);
|
||||
}
|
||||
}else if(samlDetails.getFileType().equals("metadata_file")){//metadata file
|
||||
if (null!=samlDetails.getMetaFile()&&!samlDetails.getMetaFile().isEmpty()) {
|
||||
samlDetails = resolveMetaData(samlDetails,samlDetails.getMetaFile().getInputStream());
|
||||
}
|
||||
}else if(samlDetails.getFileType().equals("metadata_url")){//metadata url
|
||||
CloseableHttpClient httpClient = HttpClients.createDefault();
|
||||
HttpPost post = new HttpPost(samlDetails.getMetaUrl());
|
||||
CloseableHttpResponse response = httpClient.execute(post);
|
||||
samlDetails = resolveMetaData(samlDetails,response.getEntity().getContent());;
|
||||
response.close();
|
||||
httpClient.close();
|
||||
}
|
||||
|
||||
if(samlDetails.getTrustCert()!=null) {
|
||||
samlDetails.setCertSubject(samlDetails.getTrustCert().getSubjectDN().getName());
|
||||
samlDetails.setCertExpiration(samlDetails.getTrustCert().getNotAfter().toString());
|
||||
|
||||
samlDetails.setCertIssuer(X509CertUtils.getCommonName(samlDetails.getTrustCert().getIssuerX500Principal()));
|
||||
|
||||
KeyStore keyStore = KeyStoreUtil.clone(idpKeyStoreLoader.getKeyStore(),idpKeyStoreLoader.getKeystorePassword());
|
||||
|
||||
KeyStore trustKeyStore = null;
|
||||
if (!samlDetails.getEntityId().equals("")) {
|
||||
trustKeyStore = KeyStoreUtil.importTrustCertificate(keyStore,samlDetails.getTrustCert(), samlDetails.getEntityId());
|
||||
} else {
|
||||
trustKeyStore = KeyStoreUtil.importTrustCertificate(keyStore,samlDetails.getTrustCert());
|
||||
}
|
||||
|
||||
byte[] keyStoreByte = KeyStoreUtil.keyStore2Bytes(trustKeyStore,idpKeyStoreLoader.getKeystorePassword());
|
||||
|
||||
// store KeyStore content
|
||||
samlDetails.setKeyStore(keyStoreByte);
|
||||
}
|
||||
|
||||
return samlDetails;
|
||||
}
|
||||
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user