public/MaxKey
1
0
Fork 0
mirror of https://gitee.com/dromara/MaxKey.git synced 2026-05-14 12:32:09 +08:00
Code Issues Packages Projects Releases Wiki Activity

CAS优化

Browse Source
This commit is contained in:
MaxKey
2020-08-03 15:02:31 +08:00
parent 2ce76db412
commit 108b37681d
7 changed files with 66 additions and 317 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java
View File

@@ -41,17 +41,17 @@ import org.springframework.web.servlet.ModelAndView;
public class AuthorizeBaseEndpoint {
final static Logger _logger = LoggerFactory.getLogger(AuthorizeBaseEndpoint.class);
@Autowired
@Qualifier("applicationConfig")
protected ApplicationConfig applicationConfig;
@Autowired
@Qualifier("appsService")
protected AppsService appsService;
@Autowired
@Qualifier("applicationConfig")
protected ApplicationConfig applicationConfig;
@Autowired
AccountsService accountsService;
@Qualifier("accountsService")
protected AccountsService accountsService;
protected Apps getApp(String id){
Apps app=(Apps)WebContext.getAttribute(AuthorizeBaseEndpoint.class.getName());

14
maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas10AuthorizeEndpoint.java
View File

@@ -27,13 +27,8 @@ import org.maxkey.authn.BasicAuthentication;
import org.maxkey.authz.cas.endpoint.response.Service10ResponseBuilder;
import org.maxkey.authz.cas.endpoint.ticket.CasConstants;
import org.maxkey.authz.cas.endpoint.ticket.Ticket;
import org.maxkey.authz.cas.endpoint.ticket.service.TicketServices;
import org.maxkey.authz.endpoint.AuthorizeBaseEndpoint;
import org.maxkey.configuration.ApplicationConfig;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
@@ -44,17 +39,10 @@ import org.springframework.web.bind.annotation.ResponseBody;
* https://apereo.github.io/cas/5.0.x/protocol/CAS-Protocol-V2-Specification.html
*/
@Controller
public class Cas10AuthorizeEndpoint extends AuthorizeBaseEndpoint{
public class Cas10AuthorizeEndpoint extends CasBaseAuthorizeEndpoint{
final static Logger _logger = LoggerFactory.getLogger(Cas10AuthorizeEndpoint.class);
@Autowired
ApplicationConfig applicationConfig;
@Autowired
@Qualifier("casTicketServices")
TicketServices ticketServices;
/**
* @param request
* @param response

33
maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas20AuthorizeEndpoint.java
View File

@@ -28,19 +28,12 @@ import org.maxkey.authz.cas.endpoint.response.ProxyServiceResponseBuilder;
import org.maxkey.authz.cas.endpoint.response.ServiceResponseBuilder;
import org.maxkey.authz.cas.endpoint.ticket.CasConstants;
import org.maxkey.authz.cas.endpoint.ticket.Ticket;
import org.maxkey.authz.cas.endpoint.ticket.service.TicketServices;
import org.maxkey.authz.endpoint.AuthorizeBaseEndpoint;
import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
import org.maxkey.configuration.ApplicationConfig;
import org.maxkey.constants.Boolean;
import org.maxkey.domain.UserInfo;
import org.maxkey.persistence.service.AppsCasDetailsService;
import org.maxkey.persistence.service.UserInfoService;
import org.maxkey.util.Instance;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
@@ -51,24 +44,9 @@ import org.springframework.web.bind.annotation.ResponseBody;
* https://apereo.github.io/cas/5.0.x/protocol/CAS-Protocol-V2-Specification.html
*/
@Controller
public class Cas20AuthorizeEndpoint extends AuthorizeBaseEndpoint{
public class Cas20AuthorizeEndpoint extends CasBaseAuthorizeEndpoint{
final static Logger _logger = LoggerFactory.getLogger(Cas20AuthorizeEndpoint.class);
@Autowired
AppsCasDetailsService casDetailsService;
@Autowired
ApplicationConfig applicationConfig;
@Autowired
@Qualifier("userInfoService")
private UserInfoService userInfoService;
@Autowired
@Qualifier("casTicketServices")
TicketServices ticketServices;
/**
* @param request
@@ -196,6 +174,7 @@ For all error codes, it is RECOMMENDED that CAS provide a more detailed message
@RequestParam(value = CasConstants.PARAMETER.RENEW,required=false) String renew,
@RequestParam(value = CasConstants.PARAMETER.FORMAT,required=false,defaultValue=CasConstants.FORMAT_TYPE.XML) String format){
setContentType(request,response,format);
Ticket storedTicket=null;
try {
@@ -222,8 +201,6 @@ For all error codes, it is RECOMMENDED that CAS provide a more detailed message
.setDescription("Ticket "+ticket+" not recognized");
}
return serviceResponseBuilder.serviceResponseBuilder();
}
@@ -298,6 +275,7 @@ Response on ticket validation failure:
@RequestParam(value = CasConstants.PARAMETER.RENEW,required=false) String renew,
@RequestParam(value = CasConstants.PARAMETER.FORMAT,required=false,defaultValue=CasConstants.FORMAT_TYPE.XML) String format){
setContentType(request,response,format);
Ticket storedTicket=null;
try {
@@ -380,7 +358,10 @@ For all error codes, it is RECOMMENDED that CAS provide a more detailed message
@RequestParam(value = CasConstants.PARAMETER.PROXY_GRANTING_TICKET) String pgt,
@RequestParam(value = CasConstants.PARAMETER.TARGET_SERVICE) String targetService,
@RequestParam(value = CasConstants.PARAMETER.FORMAT,required=false,defaultValue=CasConstants.FORMAT_TYPE.XML) String format){
ProxyServiceResponseBuilder proxyServiceResponseBuilder=new ProxyServiceResponseBuilder();
setContentType(request,response,format);
ProxyServiceResponseBuilder proxyServiceResponseBuilder=new ProxyServiceResponseBuilder();
return proxyServiceResponseBuilder.success().setTicket("").setFormat(format).serviceResponseBuilder();
}
}

28
maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas30AuthorizeEndpoint.java
View File

@@ -27,19 +27,12 @@ import org.maxkey.authn.BasicAuthentication;
import org.maxkey.authz.cas.endpoint.response.ServiceResponseBuilder;
import org.maxkey.authz.cas.endpoint.ticket.CasConstants;
import org.maxkey.authz.cas.endpoint.ticket.Ticket;
import org.maxkey.authz.cas.endpoint.ticket.service.TicketServices;
import org.maxkey.authz.endpoint.AuthorizeBaseEndpoint;
import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
import org.maxkey.configuration.ApplicationConfig;
import org.maxkey.constants.Boolean;
import org.maxkey.domain.UserInfo;
import org.maxkey.persistence.service.AppsCasDetailsService;
import org.maxkey.persistence.service.UserInfoService;
import org.maxkey.util.Instance;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
@@ -50,22 +43,9 @@ import org.springframework.web.bind.annotation.ResponseBody;
* https://apereo.github.io/cas/5.0.x/protocol/CAS-Protocol.html
*/
@Controller
public class Cas30AuthorizeEndpoint extends AuthorizeBaseEndpoint{
public class Cas30AuthorizeEndpoint extends CasBaseAuthorizeEndpoint{
final static Logger _logger = LoggerFactory.getLogger(Cas30AuthorizeEndpoint.class);
@Autowired
AppsCasDetailsService casDetailsService;
@Autowired
ApplicationConfig applicationConfig;
@Autowired
@Qualifier("userInfoService")
private UserInfoService userInfoService;
@Autowired
@Qualifier("casTicketServices")
TicketServices ticketServices;
@RequestMapping("/authz/cas/p3/serviceValidate")
@ResponseBody
@@ -78,6 +58,7 @@ public class Cas30AuthorizeEndpoint extends AuthorizeBaseEndpoint{
@RequestParam(value = CasConstants.PARAMETER.RENEW,required=false) String renew,
@RequestParam(value = CasConstants.PARAMETER.FORMAT,required=false,defaultValue=CasConstants.FORMAT_TYPE.XML) String format){
setContentType(request,response,format);
Ticket storedTicket=null;
try {
@@ -102,8 +83,6 @@ public class Cas30AuthorizeEndpoint extends AuthorizeBaseEndpoint{
.setDescription("Ticket "+ticket+" not recognized");
}
return serviceResponseBuilder.serviceResponseBuilder();
}
@@ -118,6 +97,7 @@ public class Cas30AuthorizeEndpoint extends AuthorizeBaseEndpoint{
@RequestParam(value = CasConstants.PARAMETER.RENEW,required=false) String renew,
@RequestParam(value = CasConstants.PARAMETER.FORMAT,required=false,defaultValue=CasConstants.FORMAT_TYPE.XML) String format){
setContentType(request,response,format);
Ticket storedTicket=null;
try {
@@ -142,8 +122,6 @@ public class Cas30AuthorizeEndpoint extends AuthorizeBaseEndpoint{
.setDescription("Ticket "+ticket+" not recognized");
}
return serviceResponseBuilder.serviceResponseBuilder();
}
}

17
maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java
View File

@@ -27,17 +27,12 @@ import javax.servlet.http.HttpServletResponse;
import org.maxkey.authz.cas.endpoint.ticket.CasConstants;
import org.maxkey.authz.cas.endpoint.ticket.ServiceTicketImpl;
import org.maxkey.authz.cas.endpoint.ticket.service.TicketServices;
import org.maxkey.authz.endpoint.AuthorizeBaseEndpoint;
import org.maxkey.configuration.ApplicationConfig;
import org.maxkey.domain.apps.AppsCasDetails;
import org.maxkey.persistence.service.AppsCasDetailsService;
import org.maxkey.web.WebConstants;
import org.maxkey.web.WebContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
@@ -49,20 +44,10 @@ import org.springframework.web.servlet.ModelAndView;
* https://apereo.github.io/cas/5.0.x/protocol/CAS-Protocol-V2-Specification.html
*/
@Controller
public class CasAuthorizeEndpoint extends AuthorizeBaseEndpoint{
public class CasAuthorizeEndpoint extends CasBaseAuthorizeEndpoint{
final static Logger _logger = LoggerFactory.getLogger(CasAuthorizeEndpoint.class);
@Autowired
AppsCasDetailsService casDetailsService;
@Autowired
ApplicationConfig applicationConfig;
@Autowired
@Qualifier("casTicketServices")
TicketServices ticketServices;
@RequestMapping("/authz/cas/login")
public ModelAndView casLogin(
HttpServletRequest request,

43
maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasBaseAuthorizeEndpoint.java Normal file
View File

@@ -0,0 +1,43 @@
package org.maxkey.authz.cas.endpoint;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.maxkey.authz.cas.endpoint.ticket.CasConstants;
import org.maxkey.authz.cas.endpoint.ticket.service.TicketServices;
import org.maxkey.authz.endpoint.AuthorizeBaseEndpoint;
import org.maxkey.constants.ContentType;
import org.maxkey.persistence.service.AppsCasDetailsService;
import org.maxkey.persistence.service.UserInfoService;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
public class CasBaseAuthorizeEndpoint extends AuthorizeBaseEndpoint{
final static Logger _logger = LoggerFactory.getLogger(CasBaseAuthorizeEndpoint.class);
@Autowired
@Qualifier("appsCasDetailsService")
protected AppsCasDetailsService casDetailsService;
@Autowired
@Qualifier("userInfoService")
protected UserInfoService userInfoService;
@Autowired
@Qualifier("casTicketServices")
protected TicketServices ticketServices;
public void setContentType(
HttpServletRequest request,
HttpServletResponse response,
String format) {
if(format == null || format.equalsIgnoreCase("") || format.equalsIgnoreCase(CasConstants.FORMAT_TYPE.XML)) {
//response.setContentType(ContentType.APPLICATION_XML_UTF8);
}else {
response.setContentType(ContentType.APPLICATION_JSON_UTF8);
}
}
}

226
maxkey-web-maxkey/src/main/resources/spring/maxkey.xml
View File

@@ -1,226 +0,0 @@
<?xml version="1.0" encoding="UTF-8"?>
<beans xmlns="http://www.springframework.org/schema/beans"
xmlns:context="http://www.springframework.org/schema/context"
xmlns:mvc="http://www.springframework.org/schema/mvc"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xmlns:p="http://www.springframework.org/schema/p"
xmlns:tx="http://www.springframework.org/schema/tx"
xmlns:util="http://www.springframework.org/schema/util"
xsi:schemaLocation="
http://www.springframework.org/schema/beans
http://www.springframework.org/schema/beans/spring-beans.xsd
http://www.springframework.org/schema/context
http://www.springframework.org/schema/context/spring-context.xsd
http://www.springframework.org/schema/tx
http://www.springframework.org/schema/tx/spring-tx.xsd
http://www.springframework.org/schema/util
http://www.springframework.org/schema/util/spring-util.xsd
http://www.springframework.org/schema/mvc
http://www.springframework.org/schema/mvc/spring-mvc.xsd">
<!-- Authentication Extends support -->
<!-- HttpHeader Support Start-->
<bean id="httpHeaderSupport" class="org.maxkey.authn.support.httpheader.HttpHeaderConfig">
<property name="enable" value="${config.support.httpheader.enable}"></property>
<property name="headerName" value="${config.support.httpheader.headername}"></property>
</bean>
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/*" />
<bean class="org.maxkey.authn.support.httpheader.HttpHeaderEntryPoint" />
</mvc:interceptor>
</mvc:interceptors>
<!-- HttpHeader Support End-->
<!-- BASIC Support Start-->
<mvc:interceptors>
<mvc:interceptor>
<mvc:mapping path="/*" />
<bean class="org.maxkey.authn.support.basic.BasicEntryPoint" >
<property name="enable" value="${config.support.basic.enable}"></property>
</bean>
</mvc:interceptor>
</mvc:interceptors>
<!-- BASIC Support End-->
<!-- KERBEROS Support Start
<bean id="kerberosService" class="org.maxkey.authn.support.kerberos.RemoteKerberosService">
<property name="kerberosProxys" >
<list>
<bean class="org.maxkey.authn.support.kerberos.KerberosProxy">
<property name="userdomain" value="${config.support.kerberos.default.userdomain}"/>
<property name="fullUserdomain" value="${config.support.kerberos.default.fulluserdomain}"/>
<property name="crypto" value="${config.support.kerberos.default.crypto}"/>
<property name="redirectUri" value="${config.support.kerberos.default.redirecturi}"/>
</bean>
</list>
</property>
</bean>-->
<!-- KERBEROS Support End-->
<!-- WsFederation Support Start -->
<!--
#identifier: the identifer for the ADFS server
#url: the login url for ADFS
#principal: the name of the attribute/assertion returned by ADFS that contains the principal's username.
#relyingParty: the identifier of the CAS Server as it has been configured in ADFS.
#tolerance: (optional) the amount of drift to allow when validating the timestamp on the token. Default: 10000 (ms)
#attributeMutator: (optional) a class (defined by you) that can modify the attributes/assertions returned by the ADFS server
#signingCertificate: ADFS's signing certificate used to validate the token/assertions issued by ADFS.
-->
<!--
<bean id="wsFederationConfiguration" class="org.maxkey.authn.support.wsfederation.WsFederationConfiguration">
<property name="identifier" value="${config.support.wsfederation.identifier}" />
<property name="url" value="${config.support.wsfederation.url}" />
<property name="logoutUrl" value="${config.support.wsfederation.logoutUrl}" />
<property name="principal" value="${config.support.wsfederation.principal}" />
<property name="relyingParty" value="${config.support.wsfederation.relyingParty}" />
<property name="tolerance" value="${config.support.wsfederation.tolerance}" />
<property name="upnSuffix" value="${config.support.wsfederation.upn.suffix}" />
<property name="attributeMutator">
<bean class="org.maxkey.authn.support.wsfederation.WsFedAttributeMutatorImpl" />
</property>
<property name="signingCertificates">
<list>
<value>classpath:${config.support.wsfederation.signingCertificate}</value>
</list>
</property>
</bean>
<bean id="wsFederationService" class="org.maxkey.authn.support.wsfederation.WsFederationServiceImpl">
<property name="wsFederationConfiguration" ref="wsFederationConfiguration" />
</bean>
-->
<!-- WsFederation Support End -->
<!-- Web URL InterceptorAdapter -->
<mvc:interceptors>
<!-- InterceptorAdapter for platform permission -->
<mvc:interceptor>
<!-- for permission -->
<mvc:mapping path="/index/**" />
<mvc:mapping path="/logs/**" />
<mvc:mapping path="/userinfo/**" />
<mvc:mapping path="/profile/**" />
<mvc:mapping path="/safe/**" />
<mvc:mapping path="/historys/**" />
<mvc:mapping path="/appList/**" />
<mvc:mapping path="/socialsignon/**" />
<mvc:mapping path="/authz/basic/*" />
<mvc:mapping path="/authz/ltpa/*" />
<mvc:mapping path="/authz/desktop/*" />
<mvc:mapping path="/authz/formbased/*" />
<mvc:mapping path="/authz/tokenbased/*"/>
<mvc:mapping path="/authz/saml20/idpinit/*"/>
<mvc:mapping path="/authz/saml20/assertion"/>
<mvc:mapping path="/authz/cas/*"/>
<mvc:mapping path="/authz/cas/*/*"/>
<mvc:mapping path="/authz/cas/granting/*"/>
<mvc:mapping path="/oauth/v20/authorize/*"/>
<bean class="org.maxkey.web.interceptor.PermissionAdapter" />
</mvc:interceptor>
<!-- InterceptorAdapter for platform log -->
<mvc:interceptor>
<mvc:mapping path="/userinfo/*" />
<mvc:mapping path="//safe/changePassword/**"/>
<bean class="org.maxkey.web.interceptor.HistoryLogsAdapter" />
</mvc:interceptor>
<!-- Interceptor LoginAppAdapter sso Adapter -->
<mvc:interceptor>
<mvc:mapping path="/authz/basic/*" />
<mvc:mapping path="/authz/ltpa/*" />
<mvc:mapping path="/authz/desktop/*" />
<mvc:mapping path="/authz/formbased/*" />
<mvc:mapping path="/authz/tokenbased/*"/>
<mvc:mapping path="/authz/saml20/idpinit/*"/>
<mvc:mapping path="/authz/saml20/assertion"/>
<mvc:mapping path="/authz/cas/login"/>
<mvc:mapping path="/authz/cas/granting"/>
<bean class="org.maxkey.web.interceptor.PreLoginAppAdapter" />
</mvc:interceptor>
<!-- Interceptor LoginApp History Logs -->
<mvc:interceptor>
<mvc:mapping path="/authz/basic/*" />
<mvc:mapping path="/authz/ltpa/*" />
<mvc:mapping path="/authz/desktop/*" />
<mvc:mapping path="/authz/formbased/*" />
<mvc:mapping path="/authz/tokenbased/*"/>
<mvc:mapping path="/authz/saml20/idpinit/*"/>
<mvc:mapping path="/authz/saml20/assertion"/>
<mvc:mapping path="/authz/cas/granting"/>
<bean class="org.maxkey.web.interceptor.HistoryLoginAppAdapter" />
</mvc:interceptor>
<ref bean="localeChangeInterceptor" />
</mvc:interceptors>
<!-- for Forgot Password
<bean id="tfaMailOptAuthn" class="org.maxkey.crypto.password.opt.impl.MailOtpAuthn">
</bean>
<bean id="tfaMobileOptAuthn" class="org.maxkey.crypto.password.opt.impl.sms.SmsOtpAuthnYunxin">
</bean>
-->
<!-- LDAP Realm
<bean id="authenticationRealm" class="org.maxkey.web.authentication.realm.ldap.LdapAuthenticationRealm">
<constructor-arg ref="jdbcTemplate"/>
<property name="ldapServers">
<list>
<bean id="ldapServer1" class="org.maxkey.web.authentication.realm.ldap.LdapServer">
<property name="ldapUtils">
<bean id="ldapUtils" class="org.maxkey.ldap.LdapUtils">
<property name="providerUrl" value="ldap://localhost:389"></property>
<property name="principal" value="cn=root"></property>
<property name="credentials" value="rootroot"></property>
<property name="baseDN" value="dc=connsec,dc=com"></property>
</bean>
</property>
<property name="filterAttribute" value="uid"></property>
</bean>
</list>
</property>
</bean> -->
<!-- Active Directory Realm
<bean id="authenticationRealm" class="org.maxkey.web.authentication.realm.activedirectory.ActiveDirectoryAuthenticationRealm">
<constructor-arg ref="jdbcTemplate"/>
<property name="activeDirectoryServers">
<list>
<bean id="activeDirectory1" class="org.maxkey.web.authentication.realm.activedirectory.ActiveDirectoryServer">
<property name="activeDirectoryUtils">
<bean id="ldapUtils" class="org.maxkey.ldap.ActiveDirectoryUtils">
<property name="providerUrl" value="ldap://localhost:389"></property>
<property name="principal" value="cn=root"></property>
<property name="credentials" value="rootroot"></property>
<property name="domain" value="connsec"></property>
</bean>
</property>
</bean>
</list>
</property>
</bean> -->
<!-- Default Realm-->
<!-- realm use jdbc
<bean id="authenticationRealm" class="org.maxkey.authn.realm.jdbc.JdbcAuthenticationRealm">
<constructor-arg ref="jdbcTemplate"/>
</bean>
<bean id="tfaOptAuthn" class="org.maxkey.crypto.password.opt.impl.TimeBasedOtpAuthn">
</bean>
-->
<!-- enable autowire -->
<context:annotation-config />
<mvc:annotation-driven />
<mvc:default-servlet-handler />
</beans>