public/MaxKey
1
0
Fork 0
mirror of https://gitee.com/dromara/MaxKey.git synced 2026-05-14 20:50:14 +08:00
Code Issues Packages Projects Releases Wiki Activity

SingleSignOn Interceptor

Browse Source
This commit is contained in:
MaxKey
2022-05-26 15:13:43 +08:00
parent 3a65a66620
commit 3377d957ed
14 changed files with 245 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

34
maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/HistorySignOnAppInterceptor.java
View File

@@ -32,7 +32,6 @@ import org.maxkey.web.WebContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.AsyncHandlerInterceptor;
import org.springframework.web.servlet.ModelAndView;
@@ -46,38 +45,7 @@ public class HistorySignOnAppInterceptor implements AsyncHandlerInterceptor {
@Autowired
protected AppsService appsService;
/**
* 判断应用访问权限
*/
@Override
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler)
throws Exception {
_logger.debug("preHandle {}",request.getRequestURI());
Apps app = (Apps)WebContext.getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP);
if(app == null) {
String appId ="";
//JWT
if(request.getRequestURI().contains("/authz/jwt/")) {
String [] requestURI = request.getRequestURI().split("/");
appId = requestURI[requestURI.length -1];
}
_logger.debug("appId {}",appId);
app = appsService.get(appId,true);
}
SignPrincipal principal = AuthorizationUtils.getPrincipal();
if(principal != null && app !=null) {
if(principal.getGrantedAuthorityApps().contains(new SimpleGrantedAuthority(app.getId()))) {
_logger.trace("preHandle have authority access " + app);
return true;
}
}
_logger.debug("preHandle not have authority access " + app);
return false;
}
/**
* postHandle .
* @see org.springframework.web.servlet.handler.HandlerInterceptorAdapter#preHandle(

60
maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/SingleSignOnInterceptor.java
View File

@@ -19,14 +19,23 @@ package org.maxkey.web.interceptor;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.maxkey.authn.SignPrincipal;
import org.maxkey.authn.jwt.AuthTokenService;
import org.maxkey.authn.session.SessionManager;
import org.maxkey.authn.web.AuthorizationUtils;
import org.maxkey.authz.cas.endpoint.ticket.CasConstants;
import org.maxkey.authz.oauth2.common.OAuth2Constants;
import org.maxkey.configuration.ApplicationConfig;
import org.maxkey.crypto.Base64Utils;
import org.maxkey.entity.apps.Apps;
import org.maxkey.persistence.service.AppsCasDetailsService;
import org.maxkey.persistence.service.AppsService;
import org.maxkey.web.WebConstants;
import org.maxkey.web.WebContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.web.util.UrlUtils;
import org.springframework.stereotype.Component;
import org.springframework.web.servlet.AsyncHandlerInterceptor;
@@ -44,6 +53,12 @@ public class SingleSignOnInterceptor implements AsyncHandlerInterceptor {
@Autowired
AuthTokenService authTokenService ;
@Autowired
AppsService appsService;
@Autowired
AppsCasDetailsService casDetailsService;
@Override
public boolean preHandle(HttpServletRequest request,
HttpServletResponse response, Object handler)
@@ -53,13 +68,54 @@ public class SingleSignOnInterceptor implements AsyncHandlerInterceptor {
AuthorizationUtils.authenticateWithCookie(
request,authTokenService,sessionManager);
if(AuthorizationUtils.isNotAuthenticated()){
if(AuthorizationUtils.isNotAuthenticated()) {
String loginUrl = applicationConfig.getFrontendUri() + "/#/passport/login?redirect_uri=%s";
String redirect_uri = UrlUtils.buildFullRequestUrl(request);
String base64RequestUrl = Base64Utils.base64UrlEncode(redirect_uri.getBytes());
_logger.debug("No Authentication ... Redirect to /passport/login , redirect_uri {}",redirect_uri);
_logger.debug("No Authentication ... Redirect to /passport/login , redirect_uri {} , base64 {}",
redirect_uri ,base64RequestUrl);
response.sendRedirect(String.format(loginUrl,base64RequestUrl));
return false;
}
//判断应用访问权限
if(AuthorizationUtils.isAuthenticated()){
_logger.debug("preHandle {}",request.getRequestURI());
Apps app = (Apps)WebContext.getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP);
if(app == null) {
String requestURI = request.getRequestURI();
if(requestURI.contains("/authz/cas/login")) {//for CAS service
app = casDetailsService.getAppDetails(
request.getParameter(CasConstants.PARAMETER.SERVICE), true);
}else if(requestURI.contains("/authz/jwt/")
||requestURI.contains("/authz/api/")
||requestURI.contains("/authz/formbased/")
||requestURI.contains("/authz/tokenbased/")
||requestURI.contains("/authz/api/")
||requestURI.contains("/authz/saml20/consumer/")
||requestURI.contains("/authz/saml20/idpinit/")
||requestURI.contains("/authz/cas/")
) {//for id end of URL
String [] requestURIs = requestURI.split("/");
String appId = requestURIs[requestURIs.length -1];
_logger.debug("appId {}",appId);
app = appsService.get(appId,true);
}else if(requestURI.contains("/authz/oauth/v20/authorize")) {//oauth
app = appsService.get(
request.getParameter(OAuth2Constants.PARAMETER.CLIENT_ID),true);
}
}
SignPrincipal principal = AuthorizationUtils.getPrincipal();
if(principal != null && app !=null) {
if(principal.getGrantedAuthorityApps().contains(new SimpleGrantedAuthority(app.getId()))) {
_logger.trace("preHandle have authority access {}" , app);
return true;
}
}
_logger.debug("preHandle not have authority access " + app);
return false;
}
return true;
}