authn

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java

@@ -118,7 +118,7 @@ public abstract class AbstractAuthenticationProvider {
         
         changeSession(authentication);
         
-        authenticationRealm.insertLoginHistory( WebContext.getUserInfo(), 
+        authenticationRealm.insertLoginHistory(((SigninPrincipal) authentication.getPrincipal()).getUserInfo(), 
 						        				ConstsLoginType.LOCAL, 
 								                "", 
 								                "xe00000004", 
@@ -141,10 +141,6 @@ public abstract class AbstractAuthenticationProvider {
         for(String attributeName : WebContext.sessionAttributeNameList) {
             WebContext.setAttribute(attributeName, sessionAttributeMap.get(attributeName));
         }
-        
-        _logger.debug("Login Success Session {} Mapping to user Session {}.",
-                        WebContext.getSession().getId(),
-                        WebContext.getAttribute(WebConstants.CURRENT_USER_SESSION_ID));
     }
    
 

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java

@@ -189,6 +189,7 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
                 this.applicationConfig.getBaseDomainName(), 
                 WebConstants.ONLINE_TICKET_NAME, 
                 onlineTickitId);
+        userInfo.setOnlineTicket(currentUserSessionId);
         
         SigninPrincipal signinPrincipal = new SigninPrincipal(userInfo);
         //set OnlineTicket
@@ -218,20 +219,14 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
         
         onlineTicket.setAuthentication(authenticationToken);
         
+        //store onlineTicket
         this.onlineTicketServices.store(onlineTickitId, onlineTicket);
         
         /*
-         *  put userInfo to current session context
+         *  put Authentication to current session context
          */
-        WebContext.setUserInfo(userInfo);
-        
         WebContext.setAuthentication(authenticationToken);
-        
-        WebContext.setAttribute(WebConstants.CURRENT_USER_SESSION_ID, currentUserSessionId);
-        
-        if(!WebContext.getInst(WebContext.getRequest()).equalsIgnoreCase(userInfo.getInstId())){
-        	//TODO :
-        }
+     
         return authenticationToken;
     }
   

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/annotation/CurrentUser.java

@@ -1,4 +1,4 @@
-package org.maxkey.authn;
+package org.maxkey.authn.annotation;
 
 import java.lang.annotation.Documented;
 import java.lang.annotation.Retention;

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/annotation/package-info.java

@@ -0,0 +1 @@
+package org.maxkey.authn.annotation;

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/interceptor/package-info.java

@@ -1 +0,0 @@
-package org.maxkey.authn.interceptor;

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/AbstractAuthenticationRealm.java

@@ -22,6 +22,7 @@ import java.util.Date;
 import java.util.List;
 import javax.servlet.http.HttpServletResponse;
 
+import org.maxkey.authn.SigninPrincipal;
 import org.maxkey.authn.realm.ldap.LdapAuthenticationRealmService;
 import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
 import org.maxkey.entity.Groups;
@@ -38,6 +39,7 @@ import org.maxkey.web.ipregion.IpRegionFactory;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.jdbc.core.JdbcTemplate;
+import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
 
 /**
@@ -135,9 +137,10 @@ public abstract class AbstractAuthenticationRealm {
         HistoryLogin historyLogin = new HistoryLogin();
         historyLogin.setSessionId(WebContext.genId());
         historyLogin.setSessionStatus(7);
-        if(WebContext.getAttribute(WebConstants.CURRENT_USER_SESSION_ID) != null) {
-            historyLogin.setSessionStatus(1);
-            historyLogin.setSessionId(WebContext.getAttribute(WebConstants.CURRENT_USER_SESSION_ID).toString());
+        Authentication  authentication  = (Authentication ) WebContext.getAttribute(WebConstants.AUTHENTICATION);
+        if(authentication.getPrincipal() instanceof SigninPrincipal) {
+        	  historyLogin.setSessionStatus(1);
+              historyLogin.setSessionId(userInfo.getOnlineTicket());
         }
         
         _logger.debug("user session id is {} . ",historyLogin.getSessionId());
@@ -174,24 +177,23 @@ public abstract class AbstractAuthenticationRealm {
      * @return
      */
     public boolean logout(HttpServletResponse response) {
-        if (isAuthenticated()) {
-            Object sessionIdAttribute = WebContext.getAttribute(WebConstants.CURRENT_USER_SESSION_ID);
-            UserInfo userInfo = WebContext.getUserInfo();
+    	 Authentication  authentication  = (Authentication ) WebContext.getAttribute(WebConstants.AUTHENTICATION);
+    	 
+         if(authentication != null && authentication.getPrincipal() instanceof SigninPrincipal) {
+         	SigninPrincipal signinPrincipal = ((SigninPrincipal) authentication.getPrincipal());
+         	UserInfo userInfo = signinPrincipal.getUserInfo();
             userInfo.setLastLogoffTime(DateUtils.formatDateTime(new Date()));
             
-            if (sessionIdAttribute != null) {
-                remeberMeService.removeRemeberMe(response);
+            remeberMeService.removeRemeberMe(response);
+
+            loginHistoryRepository.logoff(userInfo.getLastLogoffTime(), signinPrincipal.getOnlineTicket().getTicketId());
 
-                loginHistoryRepository.logoff(userInfo.getLastLogoffTime(), sessionIdAttribute.toString());
-            }
             
             loginRepository.updateLastLogoff(userInfo);
             
-            _logger.debug("Session " + WebContext.getAttribute(WebConstants.CURRENT_USER_SESSION_ID) + ", user "
+            _logger.debug("Session " + signinPrincipal.getOnlineTicket().getTicketId() + ", user "
                     + userInfo.getUsername() + " Logout, datetime " + userInfo.getLastLogoffTime() + " .");
-          //remove login user session id
-            WebContext.removeAttribute(WebConstants.CURRENT_USER_SESSION_ID);
-        }
+         }
         return true;
 
     }

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/CurrentUserMethodArgumentResolver.java

@@ -1,5 +1,7 @@
-package org.maxkey.authn;
+package org.maxkey.authn.web;
 
+import org.maxkey.authn.SigninPrincipal;
+import org.maxkey.authn.annotation.CurrentUser;
 import org.maxkey.entity.UserInfo;
 import org.maxkey.web.WebConstants;
 import org.springframework.core.MethodParameter;

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/SessionListenerAdapter.java

@@ -0,0 +1,109 @@
+/*
+ * Copyright [2021] [MaxKey of copyright http://www.maxkey.top]
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+package org.maxkey.authn.web;
+
+import java.util.Date;
+
+import javax.servlet.annotation.WebListener;
+import javax.servlet.http.HttpSession;
+import javax.servlet.http.HttpSessionEvent;
+import javax.servlet.http.HttpSessionListener;
+
+import org.apache.mybatis.jpa.util.WebContext;
+import org.maxkey.authn.SigninPrincipal;
+import org.maxkey.entity.UserInfo;
+import org.maxkey.persistence.repository.LoginHistoryRepository;
+import org.maxkey.persistence.repository.LoginRepository;
+import org.maxkey.util.DateUtils;
+import org.maxkey.web.WebConstants;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContextHolder;
+
+@WebListener
+public class SessionListenerAdapter implements HttpSessionListener {
+
+    private static final Logger _logger = LoggerFactory.getLogger(SessionListenerAdapter.class);
+    
+    LoginRepository loginRepository;
+    
+    LoginHistoryRepository loginHistoryRepository;
+    
+    public SessionListenerAdapter() {
+        super();
+        _logger.debug("SessionListenerAdapter inited . ");
+    }
+
+    public SessionListenerAdapter(LoginRepository loginRepository, LoginHistoryRepository loginHistoryRepository) {
+        super();
+        this.loginRepository = loginRepository;
+        this.loginHistoryRepository = loginHistoryRepository;
+        _logger.debug("SessionListenerAdapter inited . ");
+    }
+
+    public void init() {
+        if(loginRepository == null ) {
+        	loginRepository = (LoginRepository)WebContext.getBean("loginRepository");
+        	loginHistoryRepository = (LoginHistoryRepository)WebContext.getBean("loginHistoryRepository");
+            _logger.debug("SessionListenerAdapter function inited . ");
+        }
+        _logger.info("SecurityContextHolder StrategyName " + SessionSecurityContextHolderStrategy.class.getCanonicalName());
+        SecurityContextHolder.setStrategyName(SessionSecurityContextHolderStrategy.class.getCanonicalName());
+    }
+    /**
+     * session Created
+     */
+    @Override
+    public void sessionCreated(HttpSessionEvent sessionEvent) {
+        _logger.trace("new session Created :" + sessionEvent.getSession().getId());
+    }
+
+    /**
+     * session Destroyed
+     */
+    @Override
+    public void sessionDestroyed(HttpSessionEvent sessionEvent) {
+        HttpSession session = sessionEvent.getSession();
+        Authentication  authentication  = (Authentication ) session.getAttribute(WebConstants.AUTHENTICATION);
+        if(authentication != null && authentication.getPrincipal() instanceof SigninPrincipal) {
+        	SigninPrincipal signinPrincipal = ((SigninPrincipal) authentication.getPrincipal());
+        	_logger.trace("session Id : " + session.getId());
+        	init();
+        	UserInfo userInfo = signinPrincipal.getUserInfo();
+        	userInfo.setLastLogoffTime(DateUtils.formatDateTime(new Date()));
+        	loginRepository.updateLastLogoff(userInfo);
+        	loginHistoryRepository.logoff(userInfo.getLastLogoffTime(), userInfo.getOnlineTicket());
+          
+        	_logger.debug(
+                  "session {} Destroyed as {} userId : {} , username : {}" ,
+                  userInfo.getOnlineTicket(),
+                  userInfo.getLastLogoffTime(),
+                  userInfo.getId(),
+                  userInfo.getUsername());
+        }
+        
+    }
+
+	public void setLoginRepository(LoginRepository loginRepository) {
+		this.loginRepository = loginRepository;
+	}
+
+	public void setLoginHistoryRepository(LoginHistoryRepository loginHistoryRepository) {
+		this.loginHistoryRepository = loginHistoryRepository;
+	}
+
+}

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/SessionSecurityContextHolderStrategy.java

@@ -0,0 +1,70 @@
+/*
+ * Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+ 
+
+package org.maxkey.authn.web;
+
+import org.maxkey.web.WebConstants;
+import org.maxkey.web.WebContext;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.context.SecurityContextHolderStrategy;
+import org.springframework.security.core.context.SecurityContextImpl;
+
+/**
+ * SecurityContext Session for Request , use SecurityContextHolderAwareRequestFilter
+ * @author Crystal.Sea
+ *
+ */
+public class SessionSecurityContextHolderStrategy implements SecurityContextHolderStrategy {
+    private static final Logger _logger = 
+            LoggerFactory.getLogger(SessionSecurityContextHolderStrategy.class);
+    
+    @Override
+    public void clearContext() {
+        WebContext.removeAttribute(WebConstants.AUTHENTICATION);
+    }
+
+    @Override
+    public SecurityContext getContext() {
+        SecurityContext ctx =  createEmptyContext();
+        Authentication  authentication = null;
+        try {
+            authentication = (Authentication)WebContext.getAuthentication();
+            if (authentication != null) {
+                ctx.setAuthentication(authentication);
+            }
+        }catch(Exception e) {
+            _logger.trace("a session ", e);
+        }
+       
+       
+        return ctx;
+    }
+
+    @Override
+    public void setContext(SecurityContext context) {
+        WebContext.setAuthentication(context.getAuthentication());
+    }
+
+    @Override
+    public SecurityContext createEmptyContext() {
+        return new SecurityContextImpl();
+    }
+
+}

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/interceptor/PermissionAdapter.java

@@ -15,7 +15,7 @@
  */
  
 
-package org.maxkey.authn.interceptor;
+package org.maxkey.authn.web.interceptor;
 
 import javax.servlet.RequestDispatcher;
 import javax.servlet.http.HttpServletRequest;

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/interceptor/package-info.java

@@ -0,0 +1 @@
+package org.maxkey.authn.web.interceptor;

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/package-info.java

@@ -0,0 +1 @@
+package org.maxkey.authn.web;

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/autoconfigure/AuthenticationAutoConfiguration.java

@@ -26,6 +26,7 @@ import org.maxkey.authn.online.OnlineTicketServiceFactory;
 import org.maxkey.authn.realm.AbstractAuthenticationRealm;
 import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
 import org.maxkey.authn.support.rememberme.RemeberMeServiceFactory;
+import org.maxkey.authn.web.SessionListenerAdapter;
 import org.maxkey.configuration.ApplicationConfig;
 import org.maxkey.configuration.AuthJwkConfig;
 import org.maxkey.constants.ConstsPersistence;
@@ -151,6 +152,16 @@ public class AuthenticationAutoConfiguration  implements InitializingBean {
         return onlineTicketService;
     }
     
+    @Bean(name = "sessionListenerAdapter")
+    public SessionListenerAdapter sessionListenerAdapter(
+                LoginRepository loginRepository,
+                LoginHistoryRepository loginHistoryRepository
+            ) {
+        SessionListenerAdapter sessionListenerAdapter =
+                new SessionListenerAdapter(loginRepository,loginHistoryRepository);
+        return sessionListenerAdapter;
+    }
+    
     @Override
     public void afterPropertiesSet() throws Exception {