v2.0.0RC1

2026-05-19 11:28:09 +08:00 · 2020-05-23 21:08:44 +08:00
parent bcbd926bbe
commit 1ad1db9846
14 changed files with 314 additions and 103 deletions
--- a/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java
+++ b/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java
@@ -1,16 +1,32 @@
 package org.maxkey;

+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Properties;
+
 import org.apache.catalina.Context;
 import org.apache.catalina.connector.Connector;
 import org.apache.tomcat.util.descriptor.web.SecurityCollection;
 import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
+import org.maxkey.authn.realm.jdbc.JdbcAuthenticationRealm;
+import org.maxkey.authn.support.kerberos.KerberosProxy;
+import org.maxkey.authn.support.kerberos.RemoteKerberosService;
+import org.maxkey.authn.support.socialsignon.service.JdbcSocialsAssociateService;
+import org.maxkey.authn.support.socialsignon.service.SocialSignOnProvider;
+import org.maxkey.authn.support.socialsignon.service.SocialSignOnProviderService;
 import org.maxkey.authz.oauth2.provider.endpoint.TokenEndpointAuthenticationFilter;
 import org.maxkey.crypto.password.opt.algorithm.KeyUriFormat;
+import org.maxkey.crypto.password.opt.impl.MailOtpAuthn;
+import org.maxkey.crypto.password.opt.impl.SmsOtpAuthn;
+import org.maxkey.crypto.password.opt.impl.TimeBasedOtpAuthn;
+import org.maxkey.crypto.password.opt.impl.sms.SmsOtpAuthnYunxin;
 import org.mybatis.spring.annotation.MapperScan;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
@@ -18,12 +34,15 @@ import org.springframework.context.annotation.ComponentScan;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.ImportResource;
 import org.springframework.context.annotation.PropertySource;
+import org.springframework.core.io.ClassPathResource;
+import org.springframework.core.io.Resource;
+import org.springframework.jdbc.core.JdbcTemplate;




@Configuration
-@ImportResource(locations = { "classpath:spring/maxkey.xml" })
+//@ImportResource(locations = { "classpath:spring/maxkey.xml" })
@PropertySource("classpath:/application.properties")
@PropertySource("classpath:/config/applicationConfig.properties")
@MapperScan("org.maxkey.dao.persistence,")
@@ -35,6 +54,7 @@ import org.springframework.context.annotation.PropertySource;
        "org.maxkey.api.v1.contorller",
        "org.maxkey.web.endpoint",
        "org.maxkey.web.contorller",
+        "org.maxkey.web.interceptor",
        //single sign on protocol
        "org.maxkey.authz.endpoint",
        "org.maxkey.authz.desktop.endpoint",
@@ -42,6 +62,7 @@ import org.springframework.context.annotation.PropertySource;
        "org.maxkey.authz.formbased.endpoint",
        "org.maxkey.authz.ltpa.endpoint",
        "org.maxkey.authz.token.endpoint",
+        "org.maxkey.web.authentication.support.socialsignon"
 })
 public class MaxKeyConfig  implements InitializingBean {
    private static final  Logger _logger = LoggerFactory.getLogger(MaxKeyConfig.class);
@@ -115,6 +136,101 @@ public class MaxKeyConfig  implements InitializingBean {
        return keyUriFormat;
    }

+    @Bean(name = "authenticationRealm")
+    public JdbcAuthenticationRealm JdbcAuthenticationRealm(
+                JdbcTemplate jdbcTemplate) {
+        JdbcAuthenticationRealm authenticationRealm = new JdbcAuthenticationRealm(jdbcTemplate);
+        _logger.debug("JdbcAuthenticationRealm inited.");
+        return authenticationRealm;
+    }
+    
+    @Bean(name = "tfaOptAuthn")
+    public TimeBasedOtpAuthn tfaOptAuthn() {
+        TimeBasedOtpAuthn tfaOptAuthn = new TimeBasedOtpAuthn();
+        _logger.debug("TimeBasedOtpAuthn inited.");
+        return tfaOptAuthn;
+    }
+    
+    @Bean(name = "tfaMailOptAuthn")
+    public MailOtpAuthn mailOtpAuthn() {
+        MailOtpAuthn mailOtpAuthn = new MailOtpAuthn();
+        _logger.debug("tfaMailOptAuthn inited.");
+        return mailOtpAuthn;
+    }
+    
+    @Bean(name = "tfaMobileOptAuthn")
+    public SmsOtpAuthn smsOtpAuthn() {
+        SmsOtpAuthnYunxin smsOtpAuthn = new SmsOtpAuthnYunxin();
+        _logger.debug("SmsOtpAuthn inited.");
+        return smsOtpAuthn;
+    }
+    
+    @Bean(name = "kerberosService")
+    public RemoteKerberosService kerberosService(
+            @Value("${config.support.kerberos.default.userdomain}")
+            String userDomain,
+            @Value("${config.support.kerberos.default.fulluserdomain}")
+            String fullUserDomain,
+            @Value("${config.support.kerberos.default.crypto}")
+            String crypto,
+            @Value("${config.support.kerberos.default.redirecturi}")
+            String redirectUri
+            ) {
+        RemoteKerberosService kerberosService = new RemoteKerberosService();
+        KerberosProxy kerberosProxy = new KerberosProxy();
+        
+        kerberosProxy.setCrypto(crypto);
+        kerberosProxy.setFullUserdomain(fullUserDomain);
+        kerberosProxy.setUserdomain(userDomain);
+        kerberosProxy.setRedirectUri(redirectUri);
+        
+        List<KerberosProxy> kerberosProxysList = new ArrayList<KerberosProxy>();
+        kerberosProxysList.add(kerberosProxy);
+        kerberosService.setKerberosProxys(kerberosProxysList);
+        
+        _logger.debug("RemoteKerberosService inited.");
+        return kerberosService;
+    }
+    
+    @Bean(name = "socialSignOnProviderService")
+    @ConditionalOnClass(SocialSignOnProvider.class)
+    public SocialSignOnProviderService socialSignOnProviderService() throws IOException {
+        SocialSignOnProviderService socialSignOnProviderService = new SocialSignOnProviderService();
+        
+        Resource resource = new ClassPathResource("/config/applicationConfig.properties");
+        Properties properties = new Properties();
+        properties.load(resource.getInputStream());
+        String [] providerList =properties.get("config.login.socialsignon.providers").toString().split(",");
+        List<SocialSignOnProvider> socialSignOnProviderList = new ArrayList<SocialSignOnProvider>();
+        for(String provider : providerList) {
+            String providerName = properties.getProperty("config.socialsignon."+provider+".provider.name");
+            String icon=properties.getProperty("config.socialsignon."+provider+".icon");
+            String clientId=properties.getProperty("config.socialsignon."+provider+".client.id");
+            String clientSecret=properties.getProperty("config.socialsignon."+provider+".client.secret");
+            String sortOrder = properties.getProperty("config.socialsignon."+provider+".sortorder");
+            SocialSignOnProvider socialSignOnProvider = new SocialSignOnProvider();
+            socialSignOnProvider.setProvider(provider);
+            socialSignOnProvider.setProviderName(providerName);
+            socialSignOnProvider.setIcon(icon);
+            socialSignOnProvider.setClientId(clientId);
+            socialSignOnProvider.setClientSecret(clientSecret);
+            socialSignOnProvider.setSortOrder(Integer.valueOf(sortOrder));
+            _logger.debug("socialSignOnProvider " + socialSignOnProvider);
+            socialSignOnProviderList.add(socialSignOnProvider);            
+        }
+        socialSignOnProviderService.setSocialSignOnProviders(socialSignOnProviderList);
+        _logger.debug("SocialSignOnProviderService inited.");
+        return socialSignOnProviderService;
+    }
+    
+    @Bean(name = "socialsAssociateService")
+    public JdbcSocialsAssociateService socialsAssociateService(
+                JdbcTemplate jdbcTemplate) {
+        JdbcSocialsAssociateService socialsAssociateService = new JdbcSocialsAssociateService(jdbcTemplate);
+        _logger.debug("JdbcSocialsAssociateService inited.");
+        return socialsAssociateService;
+    }
+    
    @Override
    public void afterPropertiesSet() throws Exception {
        // TODO Auto-generated method stub
--- a/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyMvcConfig.java
+++ b/maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyMvcConfig.java
@@ -0,0 +1,138 @@
+package org.maxkey;
+
+import org.maxkey.authn.support.basic.BasicEntryPoint;
+import org.maxkey.authn.support.httpheader.HttpHeaderConfig;
+import org.maxkey.authn.support.httpheader.HttpHeaderEntryPoint;
+import org.maxkey.web.interceptor.HistoryLoginAppAdapter;
+import org.maxkey.web.interceptor.HistoryLogsAdapter;
+import org.maxkey.web.interceptor.PermissionAdapter;
+import org.maxkey.web.interceptor.PreLoginAppAdapter;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.PropertySource;
+import org.springframework.web.servlet.config.annotation.EnableWebMvc;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+import org.springframework.web.servlet.i18n.LocaleChangeInterceptor;
+
+@Configuration
+@EnableWebMvc
+@PropertySource("classpath:/config/applicationConfig.properties")
+public class MaxKeyMvcConfig implements WebMvcConfigurer {
+    private static final  Logger _logger = LoggerFactory.getLogger(MaxKeyMvcConfig.class);
+    @Autowired
+    PermissionAdapter permissionAdapter;
+    
+    @Autowired
+    HistoryLogsAdapter historyLogsAdapter;
+    
+    @Autowired
+    LocaleChangeInterceptor localeChangeInterceptor;
+    
+    @Autowired
+    PreLoginAppAdapter preLoginAppAdapter;
+    
+    @Autowired
+    HistoryLoginAppAdapter historyLoginAppAdapter;
+    
+    @Value("${config.support.httpheader.enable:false}")
+    private boolean httpHeaderEnable;
+    
+    @Value("${config.support.httpheader.headername:iv-user}")
+    private String httpHeaderName;
+    
+    @Value("${config.support.basic.enable:false}")
+    private boolean basicEnable;
+    
+    @Override
+    public void addResourceHandlers(ResourceHandlerRegistry registry) {
+        registry.addResourceHandler("/static/**")
+                .addResourceLocations("classpath:/static/");
+        registry.addResourceHandler("/templates/**")
+                .addResourceLocations("classpath:/templates/");
+        _logger.debug("add addResourceHandler");
+    }
+
+    @Override
+    public void addInterceptors(InterceptorRegistry registry) {
+        //addPathPatterns 用于添加拦截规则 ， 先把所有路径都加入拦截， 再一个个排除
+        //excludePathPatterns 表示改路径不用拦截
+        registry.addInterceptor(permissionAdapter)
+                .addPathPatterns("/index/**")
+                .addPathPatterns("/logs/**")
+                .addPathPatterns("/userinfo/**")
+                .addPathPatterns("/profile/**")
+                .addPathPatterns("/safe/**")
+                .addPathPatterns("/historys/**")
+                .addPathPatterns("/appList/**")
+                .addPathPatterns("/socialsignon/**")
+                
+                .addPathPatterns("/authz/basic/*")
+                .addPathPatterns("/authz/ltpa/*")
+                .addPathPatterns("/authz/desktop/*")
+                .addPathPatterns("/authz/formbased/*")
+                .addPathPatterns("/authz/tokenbased/*")
+                .addPathPatterns("/authz/saml20/idpinit/*")
+                .addPathPatterns("/authz/saml20/assertion")
+                .addPathPatterns("/authz/cas/*")
+                .addPathPatterns("/authz/cas/*/*")
+                .addPathPatterns("/authz/cas/granting/*")
+                .addPathPatterns("/oauth/v20/authorize")
+                .addPathPatterns("/oauth/v20/authorize/*")
+                ;
+        
+        _logger.debug("add PermissionAdapter");
+        
+        registry.addInterceptor(historyLogsAdapter)
+                .addPathPatterns("/safe/changePassword/**")
+                ;
+        _logger.debug("add HistoryLogsAdapter");
+
+        registry.addInterceptor(preLoginAppAdapter)
+                .addPathPatterns("/authz/basic/*")
+                .addPathPatterns("/authz/ltpa/*")
+                .addPathPatterns("/authz/desktop/*")
+                .addPathPatterns("/authz/formbased/*")
+                .addPathPatterns("/authz/tokenbased/*")
+                .addPathPatterns("/authz/saml20/idpinit/*")
+                .addPathPatterns("/authz/saml20/assertion")
+                .addPathPatterns("/authz/cas/login")
+                .addPathPatterns("/authz/cas/granting")
+        ;
+        _logger.debug("add PreLoginAppAdapter");
+        
+        registry.addInterceptor(historyLoginAppAdapter)
+                .addPathPatterns("/authz/basic/*")
+                .addPathPatterns("/authz/ltpa/*")
+                .addPathPatterns("/authz/desktop/*")
+                .addPathPatterns("/authz/formbased/*")
+                .addPathPatterns("/authz/tokenbased/*")
+                .addPathPatterns("/authz/saml20/idpinit/*")
+                .addPathPatterns("/authz/saml20/assertion")
+                .addPathPatterns("/authz/cas/granting")
+        ;
+        _logger.debug("add HistoryLoginAppAdapter");
+        
+       
+        registry.addInterceptor(localeChangeInterceptor);
+        _logger.debug("add LocaleChangeInterceptor");
+        
+        if(httpHeaderEnable) {
+            HttpHeaderConfig httpHeaderConfig= new HttpHeaderConfig(this.httpHeaderName,httpHeaderEnable);
+            registry.addInterceptor(new HttpHeaderEntryPoint(httpHeaderConfig))
+                    .addPathPatterns("/*");
+            _logger.debug("add HttpHeaderEntryPoint");
+        }
+        
+        if(basicEnable) {
+            registry.addInterceptor(new BasicEntryPoint(basicEnable))
+                    .addPathPatterns("/*");
+            _logger.debug("add BasicEntryPoint");
+        }
+    }
+
+}
--- a/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/HistoryLoginAppAdapter.java
+++ b/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/HistoryLoginAppAdapter.java
@@ -14,9 +14,11 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.stereotype.Component;
 import org.springframework.web.servlet.ModelAndView;
 import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

+@Component
 public class HistoryLoginAppAdapter extends HandlerInterceptorAdapter {
    private static final Logger _logger = LoggerFactory.getLogger(HistoryLoginAppAdapter.class);

--- a/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/HistoryLogsAdapter.java
+++ b/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/HistoryLogsAdapter.java
@@ -13,6 +13,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.stereotype.Component;
 import org.springframework.web.servlet.ModelAndView;
 import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

@@ -23,6 +24,7 @@ import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
 * @author Crystal.Sea
 *
 */
+@Component
 public class HistoryLogsAdapter extends HandlerInterceptorAdapter {

    private static final Logger _logger = LoggerFactory.getLogger(HistoryLogsAdapter.class);
--- a/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/PermissionAdapter.java
+++ b/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/PermissionAdapter.java
@@ -16,6 +16,7 @@ import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.security.web.savedrequest.HttpSessionRequestCache;
 import org.springframework.security.web.savedrequest.RequestCache;
 import org.springframework.security.web.savedrequest.SavedRequest;
+import org.springframework.stereotype.Component;
 import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

 /**
@@ -24,7 +25,7 @@ import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
 * @author Crystal.Sea
 *
 */
-
+@Component
 public class PermissionAdapter extends HandlerInterceptorAdapter {
    private static final Logger _logger = LoggerFactory.getLogger(PermissionAdapter.class);
    // 无需Interceptor url
--- a/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/PreLoginAppAdapter.java
+++ b/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/PreLoginAppAdapter.java
@@ -7,8 +7,10 @@ import org.maxkey.web.WebConstants;
 import org.maxkey.web.WebContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.stereotype.Component;
 import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

+@Component
 public class PreLoginAppAdapter extends HandlerInterceptorAdapter {

    private static final Logger _logger = LoggerFactory.getLogger(PreLoginAppAdapter.class);