OnlineTicket 优化

maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java

@@ -17,6 +17,7 @@
 
 package org.maxkey.authn;
 
+import org.maxkey.authn.online.OnlineTicketServices;
 import org.maxkey.authn.realm.AbstractAuthenticationRealm;
 import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
 import org.maxkey.configuration.ApplicationConfig;
@@ -60,6 +61,10 @@ public abstract class AbstractAuthenticationProvider {
     @Autowired
     @Qualifier("remeberMeService")
     protected AbstractRemeberMeService remeberMeService;
+    
+    @Autowired
+    @Qualifier("onlineTicketServices")
+    protected OnlineTicketServices onlineTicketServices;
 
     protected abstract String getProviderName();
 
@@ -251,8 +256,7 @@ public abstract class AbstractAuthenticationProvider {
             } else {
                 _logger.debug("User Login. ");
             }
-            //Online Tickit
-            userInfo.setOnlineTickit(WebConstants.ONLINE_TICKET_PREFIX + "-" +userInfo.generateId());
+            
         }
 
         return userInfo;
@@ -312,4 +316,26 @@ public abstract class AbstractAuthenticationProvider {
         return true;
     }
 
+    public void setApplicationConfig(ApplicationConfig applicationConfig) {
+        this.applicationConfig = applicationConfig;
+    }
+
+    public void setAuthenticationRealm(AbstractAuthenticationRealm authenticationRealm) {
+        this.authenticationRealm = authenticationRealm;
+    }
+
+    public void setTfaOptAuthn(AbstractOptAuthn tfaOptAuthn) {
+        this.tfaOptAuthn = tfaOptAuthn;
+    }
+
+    public void setRemeberMeService(AbstractRemeberMeService remeberMeService) {
+        this.remeberMeService = remeberMeService;
+    }
+
+    public void setOnlineTicketServices(OnlineTicketServices onlineTicketServices) {
+        this.onlineTicketServices = onlineTicketServices;
+    }
+    
+    
+
 }

maxkey-core/src/main/java/org/maxkey/authn/BasicAuthentication.java

@@ -19,6 +19,8 @@ package org.maxkey.authn;
 
 import java.util.ArrayList;
 import java.util.Collection;
+
+import org.maxkey.authn.online.OnlineTicket;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
@@ -34,7 +36,7 @@ public class BasicAuthentication implements Authentication {
     String remeberMe;
     String authType;
     String jwtToken;
-    String onlineTickit;
+    OnlineTicket onlineTicket;
     ArrayList<GrantedAuthority> grantedAuthority;
     boolean authenticated;
 
@@ -167,12 +169,12 @@ public class BasicAuthentication implements Authentication {
         this.grantedAuthority = grantedAuthority;
     }
 
-    public String getOnlineTickit() {
-        return onlineTickit;
+    public OnlineTicket getOnlineTicket() {
+        return onlineTicket;
     }
 
-    public void setOnlineTickit(String onlineTickit) {
-        this.onlineTickit = onlineTickit;
+    public void setOnlineTicket(OnlineTicket onlineTicket) {
+        this.onlineTicket = onlineTicket;
     }
 
     @Override

maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java

@@ -17,6 +17,7 @@
 
 package org.maxkey.authn;
 
+import org.maxkey.authn.online.OnlineTicket;
 import org.maxkey.domain.UserInfo;
 import org.maxkey.web.WebConstants;
 import org.maxkey.web.WebContext;
@@ -72,15 +73,10 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
         authenticationRealm.getPasswordPolicyValidator().passwordPolicyValid(userInfo);
 
         authenticationRealm.passwordMatches(userInfo, auth.getPassword());
-        authenticationRealm.grantAuthority(userInfo);
-        /*
-         *  put userInfo to current session context
-         */
-        WebContext.setUserInfo(userInfo);
-
-        auth.setAuthenticated(true);
-
-        if (auth.isAuthenticated() && applicationConfig.getLoginConfig().isRemeberMe()) {
+        
+        UsernamePasswordAuthenticationToken authenticationToken = setOnline(auth,userInfo);
+        //RemeberMe Config check then set  RemeberMe cookies
+        if (applicationConfig.getLoginConfig().isRemeberMe()) {
             if (auth.getRemeberMe() != null && auth.getRemeberMe().equals("remeberMe")) {
                 WebContext.getSession().setAttribute(
                         WebConstants.REMEBER_ME_SESSION,auth.getUsername());
@@ -93,47 +89,25 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
                 );
             }
         }
-        auth.setOnlineTickit(userInfo.getOnlineTickit());
-        UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken =
-                new UsernamePasswordAuthenticationToken(
-                auth,
-                "PASSWORD",
-                authenticationRealm.grantAuthority(userInfo));
-        usernamePasswordAuthenticationToken.setDetails(
-                new WebAuthenticationDetails(WebContext.getRequest()));
         
-        setOnlineTickit(userInfo.getOnlineTickit());
-        
-        return usernamePasswordAuthenticationToken;
+        return  authenticationToken;
     }
     
     @Override
     public Authentication basicAuthenticate(Authentication authentication) {
-        BasicAuthentication basicAuth = (BasicAuthentication) authentication;
-        UserInfo loadeduserInfo = loadUserInfo(basicAuth.getUsername(), "");
+        BasicAuthentication auth = (BasicAuthentication) authentication;
+        UserInfo loadeduserInfo = loadUserInfo(auth.getUsername(), "");
         if (loadeduserInfo != null) {
-            
-            authenticationRealm.passwordMatches(loadeduserInfo, basicAuth.getPassword());
+            authenticationRealm.passwordMatches(loadeduserInfo, auth.getPassword());
 
             authenticationRealm.getPasswordPolicyValidator().passwordPolicyValid(loadeduserInfo);
 
-            WebContext.setUserInfo(loadeduserInfo);
-
-            authentication.setAuthenticated(true);
-            basicAuth.setOnlineTickit(loadeduserInfo.getOnlineTickit());
-            UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(
-                    authentication, "PASSWORD", authenticationRealm.grantAuthority(loadeduserInfo));
-
-            WebContext.setAuthentication(authenticationToken);
-            WebContext.setUserInfo(loadeduserInfo);
-            authenticationRealm.insertLoginHistory(loadeduserInfo, basicAuth.getAuthType(), "", "", "SUCCESS");
-            
-            setOnlineTickit(loadeduserInfo.getOnlineTickit());
-            
-            return authenticationToken;
+            authenticationRealm.insertLoginHistory(loadeduserInfo, auth.getAuthType(), "", "", "SUCCESS");
+                        
+            return setOnline(auth,loadeduserInfo);
         }else {
             String message = WebContext.getI18nValue("login.error.username");
-            _logger.debug("login user  " + basicAuth.getUsername() + " not in this System ." + message);
+            _logger.debug("login user  " + auth.getUsername() + " not in this System ." + message);
             throw new BadCredentialsException(WebContext.getI18nValue("login.error.username"));
         }
     }
@@ -155,26 +129,12 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
                                             String message) {
         UserInfo loadeduserInfo = loadUserInfo(username, "");
         if (loadeduserInfo != null) {
-            WebContext.setUserInfo(loadeduserInfo);
-            BasicAuthentication authentication = new BasicAuthentication();
-            authentication.setUsername(loadeduserInfo.getUsername());
-            authentication.setOnlineTickit(loadeduserInfo.getOnlineTickit());
-            UsernamePasswordAuthenticationToken authenticationToken =
-                    new UsernamePasswordAuthenticationToken(
-                            authentication, 
-                            "PASSWORD", 
-                            authenticationRealm.grantAuthority(loadeduserInfo)
-                    );
-
-            authentication.setAuthenticated(true);
-            WebContext.setAuthentication(authenticationToken);
-            WebContext.setUserInfo(loadeduserInfo);
-
+            BasicAuthentication auth = new BasicAuthentication();
+            auth.setUsername(loadeduserInfo.getUsername());
+            
             authenticationRealm.insertLoginHistory(loadeduserInfo, type, provider, code, message);
             
-            setOnlineTickit(loadeduserInfo.getOnlineTickit());
-            
-            return authenticationToken;
+            return setOnline(auth,loadeduserInfo);
         }else {
             String i18nMessage = WebContext.getI18nValue("login.error.username");
             _logger.debug("login user  " + username + " not in this System ." + i18nMessage);
@@ -182,13 +142,42 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
         }
     }
     
-    public void setOnlineTickit(String tickit) {
-        _logger.debug("set online Tickit " + tickit + " on domain "+ this.applicationConfig.getBaseDomainName());
+    public UsernamePasswordAuthenticationToken setOnline(BasicAuthentication authentication,UserInfo userInfo) {
+        //Online Tickit Id
+        String onlineTickitId = WebConstants.ONLINE_TICKET_PREFIX + "-" + java.util.UUID.randomUUID().toString().toLowerCase();
+        _logger.debug("set online Tickit Cookie " + onlineTickitId + " on domain "+ this.applicationConfig.getBaseDomainName());
+        
         WebContext.setCookie(WebContext.getResponse(), 
                 this.applicationConfig.getBaseDomainName(), 
                 WebConstants.ONLINE_TICKET_NAME, 
-                tickit, 
+                onlineTickitId, 
                 0);
+        
+        //set OnlineTicket
+        OnlineTicket onlineTicket = new OnlineTicket(onlineTickitId,authentication);
+        this.onlineTicketServices.store(onlineTickitId, onlineTicket);
+        authentication.setOnlineTicket(onlineTicket);
+        
+        authentication.setAuthenticated(true);
+        UsernamePasswordAuthenticationToken authenticationToken =
+                new UsernamePasswordAuthenticationToken(
+                        authentication, 
+                        "PASSWORD", 
+                        authenticationRealm.grantAuthority(userInfo)
+                );
+        
+        authenticationToken.setDetails(
+                new WebAuthenticationDetails(WebContext.getRequest()));
+        
+        /*
+         *  put userInfo to current session context
+         */
+        WebContext.setAuthentication(authenticationToken);
+        
+        userInfo.setOnlineTicket(onlineTicket);
+        WebContext.setUserInfo(userInfo);
+        
+        return authenticationToken;
     }
   
 }

maxkey-core/src/main/java/org/maxkey/authn/online/InMemoryOnlineTicketServices.java

@@ -32,7 +32,11 @@ public class InMemoryOnlineTicketServices implements OnlineTicketServices{
 				.build(true);
 
 	
-	@Override
+	public InMemoryOnlineTicketServices() {
+        super();
+    }
+
+    @Override
 	public void store(String ticketId, OnlineTicket ticket) {
 	    onlineTicketStore.put(ticketId, ticket);
 	}
@@ -50,4 +54,10 @@ public class InMemoryOnlineTicketServices implements OnlineTicketServices{
         return ticket;
     }
 
+    @Override
+    public void setValiditySeconds(int validitySeconds) {
+        // TODO Auto-generated method stub
+        
+    }
+
 }

maxkey-core/src/main/java/org/maxkey/authn/online/OnlineTicket.java

@@ -1,8 +1,10 @@
 package org.maxkey.authn.online;
 
 import java.io.Serializable;
+import java.util.HashMap;
 
 import org.maxkey.domain.apps.Apps;
+import org.springframework.security.core.Authentication;
 
 public class OnlineTicket implements Serializable{
 
@@ -11,23 +13,66 @@ public class OnlineTicket implements Serializable{
      */
     private static final long serialVersionUID = 9008067569150338296L;
 
-    public String id;
+    public String ticketId;
     
-    private Apps authorizeApps;
+    public Authentication authentication;
+    
+    private HashMap<String , Apps> authorizedApps;
     
 
-    public OnlineTicket(String id) {
+    public OnlineTicket(String ticketId) {
         super();
-        this.id = id;
+        this.ticketId = ticketId;
+    }
+    
+    public OnlineTicket(String ticketId,Authentication authentication) {
+        super();
+        this.ticketId = ticketId;
+        this.authentication = authentication;
     }
     
     
 
+    public String getTicketId() {
+        return ticketId;
+    }
+
+
+
+    public void setTicketId(String ticketId) {
+        this.ticketId = ticketId;
+    }
+
+    
+    public Authentication getAuthentication() {
+        return authentication;
+    }
+
+
+
+    public void setAuthentication(Authentication authentication) {
+        this.authentication = authentication;
+    }
+
+  
+
+    public HashMap<String, Apps> getAuthorizedApps() {
+        return authorizedApps;
+    }
+
+
+
+    public void setAuthorizedApps(HashMap<String, Apps> authorizedApps) {
+        this.authorizedApps = authorizedApps;
+    }
+
+
+
     @Override
     public String toString() {
         StringBuilder builder = new StringBuilder();
-        builder.append("OnlineTicket [id=");
-        builder.append(id);
+        builder.append("OnlineTicket [ticketId=");
+        builder.append(ticketId);
         builder.append("]");
         return builder.toString();
     }

maxkey-core/src/main/java/org/maxkey/authn/online/OnlineTicketServices.java

@@ -26,4 +26,5 @@ public interface OnlineTicketServices {
     
     public  OnlineTicket get(String ticketId);
 
+    public void setValiditySeconds(int validitySeconds);
 }

maxkey-core/src/main/java/org/maxkey/authn/online/RedisOnlineTicketServices.java

@@ -72,5 +72,11 @@ public class RedisOnlineTicketServices implements OnlineTicketServices {
         return ticket;
     }
 
+    @Override
+    public void setValiditySeconds(int validitySeconds) {
+       this.serviceTicketValiditySeconds = validitySeconds;
+        
+    }
+
 	
 }

maxkey-core/src/main/java/org/maxkey/autoconfigure/ApplicationAutoConfiguration.java

@@ -27,6 +27,9 @@ import javax.sql.DataSource;
 import org.maxkey.authn.AbstractAuthenticationProvider;
 import org.maxkey.authn.RealmAuthenticationProvider;
 import org.maxkey.authn.SavedRequestAwareAuthenticationSuccessHandler;
+import org.maxkey.authn.online.InMemoryOnlineTicketServices;
+import org.maxkey.authn.online.OnlineTicketServices;
+import org.maxkey.authn.online.RedisOnlineTicketServices;
 import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
 import org.maxkey.authn.support.rememberme.InMemoryRemeberMeService;
 import org.maxkey.authn.support.rememberme.RedisRemeberMeService;
@@ -204,6 +207,24 @@ public class ApplicationAutoConfiguration  implements InitializingBean {
         return remeberMeService;
     }
     
+    @Bean(name = "onlineTicketServices")
+    public OnlineTicketServices onlineTicketServices(
+            @Value("${config.server.persistence}") int persistence,
+            JdbcTemplate jdbcTemplate,
+            RedisConnectionFactory redisConnFactory) {
+        OnlineTicketServices onlineTicketServices = null;
+        if (persistence == ConstantsPersistence.INMEMORY) {
+            onlineTicketServices = new InMemoryOnlineTicketServices();
+            _logger.debug("InMemoryOnlineTicketServices");
+        } else if (persistence == ConstantsPersistence.JDBC) {
+            _logger.debug("OnlineTicketServices not support "); 
+        } else if (persistence == ConstantsPersistence.REDIS) {
+            onlineTicketServices = new RedisOnlineTicketServices(redisConnFactory);
+            _logger.debug("RedisOnlineTicketServices");
+        }
+        return onlineTicketServices;
+    }
+    
     /**
      * keyStoreLoader .
      * @return

maxkey-core/src/main/java/org/maxkey/domain/UserInfo.java

@@ -26,6 +26,7 @@ import javax.persistence.GenerationType;
 import javax.persistence.Id;
 import javax.persistence.Table;
 import org.apache.mybatis.jpa.persistence.JpaBaseDomain;
+import org.maxkey.authn.online.OnlineTicket;
 import org.maxkey.util.StringUtils;
 import org.springframework.web.multipart.MultipartFile;
 
@@ -230,7 +231,7 @@ public class UserInfo extends JpaBaseDomain {
 
     protected int online;
     
-    String onlineTickit;
+    OnlineTicket onlineTicket;
 
     protected String ldapDn;
 
@@ -1164,12 +1165,12 @@ public class UserInfo extends JpaBaseDomain {
         this.createdBy = createdBy;
     }
 
-    public String getOnlineTickit() {
-        return onlineTickit;
+    public OnlineTicket getOnlineTicket() {
+        return onlineTicket;
     }
 
-    public void setOnlineTickit(String onlineTickit) {
-        this.onlineTickit = onlineTickit;
+    public void setOnlineTicket(OnlineTicket onlineTicket) {
+        this.onlineTicket = onlineTicket;
     }
 
     /**
@@ -1407,8 +1408,6 @@ public class UserInfo extends JpaBaseDomain {
         builder.append(extraAttributeMap);
         builder.append(", online=");
         builder.append(online);
-        builder.append(", onlineTickit=");
-        builder.append(onlineTickit);
         builder.append(", ldapDn=");
         builder.append(ldapDn);
         builder.append(", gridList=");

maxkey-core/src/main/java/org/maxkey/domain/apps/Apps.java

@@ -149,6 +149,9 @@ public class Apps extends JpaBaseDomain implements Serializable {
     protected String modifiedDate;
     @Column
     protected String description;
+    
+    
+    protected String loginDateTime;
 
     public Apps() {
         super();
@@ -537,6 +540,15 @@ public class Apps extends JpaBaseDomain implements Serializable {
         this.logoutType = logoutType;
     }
 
+    
+    public String getLoginDateTime() {
+        return loginDateTime;
+    }
+
+    public void setLoginDateTime(String loginDateTime) {
+        this.loginDateTime = loginDateTime;
+    }
+
     @Override
     public String toString() {
         StringBuilder builder = new StringBuilder();