mirror of
https://gitee.com/dromara/MaxKey.git
synced 2026-05-15 04:52:09 +08:00
v3.0.0GA with authentication isTrusted
v3.0.0GA with authentication isTrusted cas Parameter service fix
This commit is contained in:
Crystal.Sea
@@ -74,14 +74,7 @@ public abstract class AbstractAuthenticationProvider {
|
||||
|
||||
protected abstract Authentication doInternalAuthenticate(LoginCredential authentication);
|
||||
|
||||
public abstract Authentication basicAuthenticate(LoginCredential authentication) ;
|
||||
|
||||
public abstract Authentication trustAuthentication(
|
||||
String username,
|
||||
String type,
|
||||
String provider,
|
||||
String code,
|
||||
String message);
|
||||
public abstract Authentication authentication(LoginCredential loginCredential,boolean isTrusted);
|
||||
|
||||
@SuppressWarnings("rawtypes")
|
||||
public boolean supports(Class authentication) {
|
||||
|
||||
@@ -38,6 +38,10 @@ public class LoginCredential implements Authentication {
|
||||
String authType;
|
||||
String jwtToken;
|
||||
String onlineTicket;
|
||||
String provider;
|
||||
String code;
|
||||
String message="SUCCESS";
|
||||
|
||||
ArrayList<GrantedAuthority> grantedAuthority;
|
||||
boolean authenticated;
|
||||
boolean roleAdministrators;
|
||||
@@ -182,6 +186,30 @@ public class LoginCredential implements Authentication {
|
||||
this.roleAdministrators = roleAdministrators;
|
||||
}
|
||||
|
||||
public String getProvider() {
|
||||
return provider;
|
||||
}
|
||||
|
||||
public void setProvider(String provider) {
|
||||
this.provider = provider;
|
||||
}
|
||||
|
||||
public String getCode() {
|
||||
return code;
|
||||
}
|
||||
|
||||
public void setCode(String code) {
|
||||
this.code = code;
|
||||
}
|
||||
|
||||
public String getMessage() {
|
||||
return message;
|
||||
}
|
||||
|
||||
public void setMessage(String message) {
|
||||
this.message = message;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String toString() {
|
||||
StringBuilder builder = new StringBuilder();
|
||||
|
||||
@@ -95,19 +95,19 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
|
||||
userInfo = loadUserInfo(loginCredential.getUsername(),loginCredential.getPassword());
|
||||
|
||||
userinfoValid(userInfo, loginCredential.getUsername());
|
||||
|
||||
//mfa
|
||||
tftcaptchaValid(loginCredential.getOtpCaptcha(),loginCredential.getAuthType(),userInfo);
|
||||
|
||||
|
||||
//Validate PasswordPolicy
|
||||
authenticationRealm.getPasswordPolicyValidator().passwordPolicyValid(userInfo);
|
||||
if(loginCredential.getAuthType().equalsIgnoreCase(AuthType.MOBILE)) {
|
||||
mobilecaptchaValid(loginCredential.getPassword(),loginCredential.getAuthType(),userInfo);
|
||||
}else {
|
||||
//Validate PasswordPolicy
|
||||
authenticationRealm.getPasswordPolicyValidator().passwordPolicyValid(userInfo);
|
||||
}else {
|
||||
//Match password
|
||||
authenticationRealm.passwordMatches(userInfo, loginCredential.getPassword());
|
||||
//apply PasswordSetType and resetBadPasswordCount
|
||||
authenticationRealm.getPasswordPolicyValidator().applyPasswordPolicy(userInfo);
|
||||
}
|
||||
//apply PasswordSetType and resetBadPasswordCount
|
||||
authenticationRealm.getPasswordPolicyValidator().applyPasswordPolicy(userInfo);
|
||||
|
||||
UsernamePasswordAuthenticationToken authenticationToken = createOnlineSession(loginCredential,userInfo);
|
||||
//RemeberMe Config check then set RemeberMe cookies
|
||||
@@ -127,26 +127,6 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
|
||||
|
||||
return authenticationToken;
|
||||
}
|
||||
|
||||
@Override
|
||||
public Authentication basicAuthenticate(LoginCredential loginCredential) {
|
||||
UserInfo loadeduserInfo = loadUserInfo(loginCredential.getUsername(), "");
|
||||
if (loadeduserInfo != null) {
|
||||
authenticationRealm.passwordMatches(loadeduserInfo, loginCredential.getPassword());
|
||||
|
||||
authenticationRealm.getPasswordPolicyValidator().passwordPolicyValid(loadeduserInfo);
|
||||
|
||||
Authentication authentication = createOnlineSession(loginCredential,loadeduserInfo);
|
||||
|
||||
authenticationRealm.insertLoginHistory(loadeduserInfo, loginCredential.getAuthType(), "", "", "SUCCESS");
|
||||
|
||||
return authentication;
|
||||
}else {
|
||||
String message = WebContext.getI18nValue("login.error.username");
|
||||
_logger.debug("login user " + loginCredential.getUsername() + " not in this System ." + message);
|
||||
throw new BadCredentialsException(WebContext.getI18nValue("login.error.username"));
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* trustAuthentication.
|
||||
@@ -158,24 +138,29 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
|
||||
* @return boolean
|
||||
*/
|
||||
@Override
|
||||
public Authentication trustAuthentication(String username,
|
||||
String type,
|
||||
String provider,
|
||||
String code,
|
||||
String message) {
|
||||
UserInfo loadeduserInfo = loadUserInfo(username, "");
|
||||
public Authentication authentication(LoginCredential loginCredential,boolean isTrusted) {
|
||||
UserInfo loadeduserInfo = loadUserInfo(loginCredential.getUsername(), "");
|
||||
if (loadeduserInfo != null) {
|
||||
LoginCredential loginCredential = new LoginCredential();
|
||||
loginCredential.setUsername(loadeduserInfo.getUsername());
|
||||
|
||||
//Validate PasswordPolicy
|
||||
authenticationRealm.getPasswordPolicyValidator().passwordPolicyValid(loadeduserInfo);
|
||||
if(!isTrusted) {
|
||||
authenticationRealm.passwordMatches(loadeduserInfo, loginCredential.getPassword());
|
||||
}
|
||||
//apply PasswordSetType and resetBadPasswordCount
|
||||
authenticationRealm.getPasswordPolicyValidator().applyPasswordPolicy(loadeduserInfo);
|
||||
Authentication authentication = createOnlineSession(loginCredential,loadeduserInfo);
|
||||
|
||||
authenticationRealm.insertLoginHistory(loadeduserInfo, type, provider, code, message);
|
||||
authenticationRealm.insertLoginHistory( loadeduserInfo,
|
||||
loginCredential.getAuthType(),
|
||||
loginCredential.getProvider(),
|
||||
loginCredential.getCode(),
|
||||
loginCredential.getMessage()
|
||||
);
|
||||
|
||||
return authentication;
|
||||
}else {
|
||||
String i18nMessage = WebContext.getI18nValue("login.error.username");
|
||||
_logger.debug("login user " + username + " not in this System ." + i18nMessage);
|
||||
_logger.debug("login user " + loginCredential.getUsername() + " not in this System ." + i18nMessage);
|
||||
throw new BadCredentialsException(WebContext.getI18nValue("login.error.username"));
|
||||
}
|
||||
}
|
||||
|
||||
@@ -21,6 +21,7 @@ import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.maxkey.authn.AbstractAuthenticationProvider;
|
||||
import org.maxkey.authn.LoginCredential;
|
||||
import org.maxkey.constants.ConstantsLoginType;
|
||||
import org.maxkey.util.AuthorizationHeaderCredential;
|
||||
import org.maxkey.util.AuthorizationHeaderUtils;
|
||||
@@ -129,8 +130,9 @@ public class BasicEntryPoint implements AsyncHandlerInterceptor {
|
||||
}
|
||||
|
||||
if(!isAuthenticated){
|
||||
authenticationProvider.trustAuthentication(headerCredential.getUsername(),ConstantsLoginType.BASIC,"","","success");
|
||||
_logger.info("Authentication "+headerCredential.getUsername()+" successful .");
|
||||
LoginCredential loginCredential =new LoginCredential(headerCredential.getUsername(),"",ConstantsLoginType.BASIC);
|
||||
authenticationProvider.authentication(loginCredential,true);
|
||||
_logger.info("Authentication "+headerCredential.getUsername()+" successful .");
|
||||
}
|
||||
|
||||
return true;
|
||||
|
||||
@@ -21,6 +21,7 @@ import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.maxkey.authn.AbstractAuthenticationProvider;
|
||||
import org.maxkey.authn.LoginCredential;
|
||||
import org.maxkey.constants.ConstantsLoginType;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
@@ -107,7 +108,8 @@ public class HttpHeaderEntryPoint implements AsyncHandlerInterceptor {
|
||||
}
|
||||
|
||||
if(!isAuthenticated){
|
||||
authenticationProvider.trustAuthentication(httpHeaderUsername,ConstantsLoginType.HTTPHEADER,"","","success");
|
||||
LoginCredential loginCredential =new LoginCredential(httpHeaderUsername,"",ConstantsLoginType.HTTPHEADER);
|
||||
authenticationProvider.authentication(loginCredential,true);
|
||||
_logger.info("Authentication "+httpHeaderUsername+" successful .");
|
||||
}
|
||||
|
||||
|
||||
@@ -21,6 +21,7 @@ import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.maxkey.authn.AbstractAuthenticationProvider;
|
||||
import org.maxkey.authn.LoginCredential;
|
||||
import org.maxkey.configuration.ApplicationConfig;
|
||||
import org.maxkey.constants.ConstantsLoginType;
|
||||
import org.maxkey.web.WebConstants;
|
||||
@@ -77,7 +78,8 @@ public class HttpJwtEntryPoint implements AsyncHandlerInterceptor {
|
||||
SignedJWT signedJWT = jwtLoginService.jwtTokenValidation(jwt);
|
||||
if(signedJWT != null) {
|
||||
String username =signedJWT.getJWTClaimsSet().getSubject();
|
||||
authenticationProvider.trustAuthentication(username, ConstantsLoginType.JWT, "", "", "success");
|
||||
LoginCredential loginCredential =new LoginCredential(username,"",ConstantsLoginType.JWT);
|
||||
authenticationProvider.authentication(loginCredential,true);
|
||||
_logger.debug("JWT Logined in , username " + username);
|
||||
}
|
||||
|
||||
|
||||
@@ -21,6 +21,7 @@ import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import org.joda.time.DateTime;
|
||||
import org.maxkey.authn.AbstractAuthenticationProvider;
|
||||
import org.maxkey.authn.LoginCredential;
|
||||
import org.maxkey.configuration.ApplicationConfig;
|
||||
import org.maxkey.constants.ConstantsLoginType;
|
||||
import org.maxkey.crypto.ReciprocalUtils;
|
||||
@@ -94,7 +95,9 @@ public class HttpKerberosEntryPoint implements AsyncHandlerInterceptor {
|
||||
_logger.debug("Kerberos Token is After Now "+notOnOrAfter.isAfterNow());
|
||||
|
||||
if(notOnOrAfter.isAfterNow()){
|
||||
authenticationProvider.trustAuthentication(kerberosToken.getPrincipal(),ConstantsLoginType.KERBEROS,kerberosUserDomain,"","success");
|
||||
LoginCredential loginCredential =new LoginCredential(kerberosToken.getPrincipal(),"",ConstantsLoginType.KERBEROS);
|
||||
loginCredential.setProvider(kerberosUserDomain);
|
||||
authenticationProvider.authentication(loginCredential,true);
|
||||
_logger.debug("Kerberos Logined in , username " + kerberosToken.getPrincipal());
|
||||
}
|
||||
|
||||
|
||||
@@ -23,6 +23,7 @@ import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.joda.time.DateTime;
|
||||
import org.maxkey.authn.AbstractAuthenticationProvider;
|
||||
import org.maxkey.authn.LoginCredential;
|
||||
import org.maxkey.configuration.ApplicationConfig;
|
||||
import org.maxkey.constants.ConstantsLoginType;
|
||||
import org.maxkey.crypto.Base64Utils;
|
||||
@@ -94,12 +95,8 @@ public class HttpRemeberMeEntryPoint implements AsyncHandlerInterceptor {
|
||||
DateTime expiryDate = loginDate.plusSeconds(remeberMeService.getRemeberMeValidity());
|
||||
DateTime now = new DateTime();
|
||||
if (now.isBefore(expiryDate)) {
|
||||
authenticationProvider.trustAuthentication(
|
||||
storeRemeberMe.getUsername(),
|
||||
ConstantsLoginType.REMEBER_ME,
|
||||
"",
|
||||
"",
|
||||
"success");
|
||||
LoginCredential loginCredential =new LoginCredential(storeRemeberMe.getUsername(),"",ConstantsLoginType.REMEBER_ME);
|
||||
authenticationProvider.authentication(loginCredential,true);
|
||||
remeberMeService.updateRemeberMe(remeberMeCookie, response);
|
||||
_logger.debug("RemeberMe Logined in , username " + storeRemeberMe.getUsername());
|
||||
}
|
||||
|
||||
@@ -20,6 +20,7 @@ package org.maxkey.authn.support.wsfederation;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import org.maxkey.authn.AbstractAuthenticationProvider;
|
||||
import org.maxkey.authn.LoginCredential;
|
||||
import org.maxkey.configuration.ApplicationConfig;
|
||||
import org.maxkey.constants.ConstantsLoginType;
|
||||
import org.maxkey.util.StringUtils;
|
||||
@@ -97,11 +98,9 @@ public class HttpWsFederationEntryPoint implements AsyncHandlerInterceptor {
|
||||
wsFederationCredential.getAttributes(),
|
||||
wsFederationService.getWsFederationConfiguration().getUpnSuffix());
|
||||
}
|
||||
|
||||
authenticationProvider.trustAuthentication(
|
||||
wsFederationCredential.getAttributes().get("").toString(),
|
||||
ConstantsLoginType.WSFEDERATION,
|
||||
"","","success");
|
||||
LoginCredential loginCredential =new LoginCredential(
|
||||
wsFederationCredential.getAttributes().get("").toString(),"",ConstantsLoginType.WSFEDERATION);
|
||||
authenticationProvider.authentication(loginCredential,true);
|
||||
return true;
|
||||
} else {
|
||||
_logger.warn("SAML assertions are blank or no longer valid.");
|
||||
|
||||
Reference in New Issue
Block a user