public/MaxKey
1
0
Fork 0
mirror of https://gitee.com/dromara/MaxKey.git synced 2026-06-14 19:41:46 +08:00
Code Issues Packages Projects Releases Wiki Activity

EntryPoints

Browse Source
This commit is contained in:
MaxKey
2021-02-18 09:51:17 +08:00
parent 5ccb71e64d
commit d48750f24a
12 changed files with 450 additions and 268 deletions
Download Patch File Download Diff File Expand all files Collapse all files

22
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/jwt/HttpJwtEntryPoint.java
View File

@@ -46,9 +46,11 @@ public class HttpJwtEntryPoint implements AsyncHandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
boolean isAuthenticated= WebContext.isAuthenticated();
String jwt = request.getParameter(WebConstants.JWT_TOKEN_PARAMETER);
if(!enable || isAuthenticated || jwt == null){
if(!enable
|| isAuthenticated
|| jwt == null){
return true;
}
@@ -70,16 +72,14 @@ public class HttpJwtEntryPoint implements AsyncHandlerInterceptor {
_logger.info("getSession.getId : "+ request.getSession().getId());
//for jwt Login
if(!isAuthenticated){
_logger.debug("jwt : " + jwt);
_logger.debug("jwt : " + jwt);
SignedJWT signedJWT = jwtLoginService.jwtTokenValidation(jwt);
if(signedJWT != null) {
String username =signedJWT.getJWTClaimsSet().getSubject();
authenticationProvider.trustAuthentication(username, ConstantsLoginType.JWT, "", "", "success");
}
}
SignedJWT signedJWT = jwtLoginService.jwtTokenValidation(jwt);
if(signedJWT != null) {
String username =signedJWT.getJWTClaimsSet().getSubject();
authenticationProvider.trustAuthentication(username, ConstantsLoginType.JWT, "", "", "success");
_logger.debug("JWT Logined in , username " + username);
}
return true;
}

140
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/kerberos/HttpKerberosEntryPoint.java Normal file
View File

@@ -0,0 +1,140 @@
/*
* Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.maxkey.authn.support.kerberos;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.joda.time.DateTime;
import org.maxkey.authn.AbstractAuthenticationProvider;
import org.maxkey.configuration.ApplicationConfig;
import org.maxkey.constants.ConstantsLoginType;
import org.maxkey.crypto.ReciprocalUtils;
import org.maxkey.util.DateUtils;
import org.maxkey.util.JsonUtils;
import org.maxkey.web.WebConstants;
import org.maxkey.web.WebContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.servlet.AsyncHandlerInterceptor;
public class HttpKerberosEntryPoint implements AsyncHandlerInterceptor {
private static final Logger _logger = LoggerFactory.getLogger(HttpKerberosEntryPoint.class);
boolean enable;
ApplicationConfig applicationConfig;
AbstractAuthenticationProvider authenticationProvider ;
KerberosService kerberosService;
@Override
public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
boolean isAuthenticated= WebContext.isAuthenticated();
String kerberosTokenString = request.getParameter(WebConstants.KERBEROS_TOKEN_PARAMETER);
String kerberosUserDomain = request.getParameter(WebConstants.KERBEROS_USERDOMAIN_PARAMETER);
if(!enable
|| isAuthenticated
|| kerberosTokenString == null){
return true;
}
_logger.debug("Kerberos Login Start ...");
_logger.info("Request url : "+ request.getRequestURL());
_logger.info("Request URI : "+ request.getRequestURI());
_logger.info("Request ContextPath : "+ request.getContextPath());
_logger.info("Request ServletPath : "+ request.getServletPath());
_logger.debug("RequestSessionId : "+ request.getRequestedSessionId());
_logger.debug("isRequestedSessionIdValid : "+ request.isRequestedSessionIdValid());
_logger.debug("getSession : "+ request.getSession(false));
// session not existssession timeoutrecreate new session
if(request.getSession(false) == null) {
_logger.info("recreate new session .");
request.getSession(true);
}
_logger.info("getSession.getId : "+ request.getSession().getId());
//for Kerberos Login
_logger.debug("Try Kerberos login ");
_logger.debug("encoder Kerberos Token "+kerberosTokenString);
_logger.debug("kerberos UserDomain "+kerberosUserDomain);
String decoderKerberosToken=null;
for(KerberosProxy kerberosProxy : kerberosService.getKerberosProxys()){
if(kerberosProxy.getUserdomain().equalsIgnoreCase(kerberosUserDomain)){
decoderKerberosToken=ReciprocalUtils.aesDecoder(kerberosTokenString, kerberosProxy.getCrypto());
break;
}
}
_logger.debug("decoder Kerberos Token "+decoderKerberosToken);
KerberosToken kerberosToken=new KerberosToken();
kerberosToken=(KerberosToken)JsonUtils.json2Object(decoderKerberosToken, kerberosToken);
_logger.debug("Kerberos Token "+kerberosToken);
DateTime notOnOrAfter=DateUtils.toUtcDate(kerberosToken.getNotOnOrAfter());
_logger.debug("Kerberos Token is After Now "+notOnOrAfter.isAfterNow());
if(notOnOrAfter.isAfterNow()){
authenticationProvider.trustAuthentication(kerberosToken.getPrincipal(),ConstantsLoginType.KERBEROS,kerberosUserDomain,"","success");
_logger.debug("Kerberos Logined in , username " + kerberosToken.getPrincipal());
}
return true;
}
public HttpKerberosEntryPoint() {
super();
}
public HttpKerberosEntryPoint (boolean enable) {
super();
this.enable = enable;
}
public HttpKerberosEntryPoint(AbstractAuthenticationProvider authenticationProvider, KerberosService kerberosService,
ApplicationConfig applicationConfig, boolean enable) {
super();
this.authenticationProvider = authenticationProvider;
this.kerberosService = kerberosService;
this.applicationConfig = applicationConfig;
this.enable = enable;
}
public boolean isEnable() {
return enable;
}
public void setEnable(boolean enable) {
this.enable = enable;
}
public void setApplicationConfig(ApplicationConfig applicationConfig) {
this.applicationConfig = applicationConfig;
}
public void setAuthenticationProvider(AbstractAuthenticationProvider authenticationProvider) {
this.authenticationProvider = authenticationProvider;
}
}

4
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/kerberos/KerberosService.java
View File

@@ -17,9 +17,11 @@
package org.maxkey.authn.support.kerberos;
import java.util.List;
public interface KerberosService {
public boolean login(String kerberosTokenString,String kerberosUserDomain);
public List<KerberosProxy> getKerberosProxys();
public String buildKerberosProxys( );

36
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/kerberos/RemoteKerberosService.java
View File

@@ -21,12 +21,6 @@ import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import org.joda.time.DateTime;
import org.maxkey.authn.AbstractAuthenticationProvider;
import org.maxkey.constants.ConstantsLoginType;
import org.maxkey.crypto.ReciprocalUtils;
import org.maxkey.util.DateUtils;
import org.maxkey.util.JsonUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -34,36 +28,6 @@ import org.slf4j.LoggerFactory;
public class RemoteKerberosService implements KerberosService{
private static Logger _logger = LoggerFactory.getLogger(RemoteKerberosService.class);
List<KerberosProxy> kerberosProxys;
AbstractAuthenticationProvider authenticationProvider ;
public boolean login(String kerberosTokenString,String kerberosUserDomain){
_logger.debug("encoder Kerberos Token "+kerberosTokenString);
_logger.debug("kerberos UserDomain "+kerberosUserDomain);
String decoderKerberosToken=null;
for(KerberosProxy kerberosProxy : kerberosProxys){
if(kerberosProxy.getUserdomain().equalsIgnoreCase(kerberosUserDomain)){
decoderKerberosToken=ReciprocalUtils.aesDecoder(kerberosTokenString, kerberosProxy.getCrypto());
break;
}
}
_logger.debug("decoder Kerberos Token "+decoderKerberosToken);
KerberosToken kerberosToken=new KerberosToken();
kerberosToken=(KerberosToken)JsonUtils.json2Object(decoderKerberosToken, kerberosToken);
_logger.debug("Kerberos Token "+kerberosToken);
DateTime notOnOrAfter=DateUtils.toUtcDate(kerberosToken.getNotOnOrAfter());
_logger.debug("Kerberos Token is After Now "+notOnOrAfter.isAfterNow());
if(notOnOrAfter.isAfterNow()){
authenticationProvider.trustAuthentication(kerberosToken.getPrincipal(),ConstantsLoginType.KERBEROS,kerberosUserDomain,"","success");
return true;
}else{
return false;
}
}
public List<KerberosProxy> getKerberosProxys() {
return kerberosProxys;

59
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/HttpRemeberMeEntryPoint.java
View File

@@ -49,9 +49,12 @@ public class HttpRemeberMeEntryPoint implements AsyncHandlerInterceptor {
@Override
public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
boolean isAuthenticated= WebContext.isAuthenticated();
Cookie readRemeberMeCookie = WebContext.readCookieByName(request,WebConstants.REMEBER_ME_COOKIE);
if(!enable || isAuthenticated){
if(!enable
|| isAuthenticated
|| readRemeberMeCookie==null
|| !applicationConfig.getLoginConfig().isRemeberMe()){
return true;
}
@@ -72,37 +75,35 @@ public class HttpRemeberMeEntryPoint implements AsyncHandlerInterceptor {
_logger.info("getSession.getId : "+ request.getSession().getId());
if(applicationConfig.getLoginConfig().isRemeberMe()&&readRemeberMeCookie!=null){
_logger.debug("Try RemeberMe login ");
String remeberMe = readRemeberMeCookie.getValue();
_logger.debug("RemeberMe : " + remeberMe);
_logger.debug("Try RemeberMe login ");
String remeberMe = readRemeberMeCookie.getValue();
_logger.debug("RemeberMe : " + remeberMe);
remeberMe = new String(Base64Utils.base64UrlDecode(remeberMe));
remeberMe = new String(Base64Utils.base64UrlDecode(remeberMe));
remeberMe = ReciprocalUtils.decoder(remeberMe);
remeberMe = ReciprocalUtils.decoder(remeberMe);
_logger.debug("decoder RemeberMe : " + remeberMe);
RemeberMe remeberMeCookie = new RemeberMe();
remeberMeCookie = (RemeberMe) JsonUtils.json2Object(remeberMe, remeberMeCookie);
_logger.debug("Remeber Me Cookie : " + remeberMeCookie);
_logger.debug("decoder RemeberMe : " + remeberMe);
RemeberMe remeberMeCookie = new RemeberMe();
remeberMeCookie = (RemeberMe) JsonUtils.json2Object(remeberMe, remeberMeCookie);
_logger.debug("Remeber Me Cookie : " + remeberMeCookie);
RemeberMe storeRemeberMe = remeberMeService.read(remeberMeCookie);
if (storeRemeberMe != null) {
DateTime loginDate = new DateTime(storeRemeberMe.getLastLogin());
DateTime expiryDate = loginDate.plusSeconds(remeberMeService.getRemeberMeValidity());
DateTime now = new DateTime();
if (now.isBefore(expiryDate)) {
authenticationProvider.trustAuthentication(
storeRemeberMe.getUsername(),
ConstantsLoginType.REMEBER_ME,
"",
"",
"success");
remeberMeService.updateRemeberMe(remeberMeCookie, response);
}
}
}
RemeberMe storeRemeberMe = remeberMeService.read(remeberMeCookie);
if (storeRemeberMe != null) {
DateTime loginDate = new DateTime(storeRemeberMe.getLastLogin());
DateTime expiryDate = loginDate.plusSeconds(remeberMeService.getRemeberMeValidity());
DateTime now = new DateTime();
if (now.isBefore(expiryDate)) {
authenticationProvider.trustAuthentication(
storeRemeberMe.getUsername(),
ConstantsLoginType.REMEBER_ME,
"",
"",
"success");
remeberMeService.updateRemeberMe(remeberMeCookie, response);
_logger.debug("RemeberMe Logined in , username " + storeRemeberMe.getUsername());
}
}
return true;
}

157
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/wsfederation/HttpWsFederationEntryPoint.java Normal file
View File

@@ -0,0 +1,157 @@
/*
* Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.maxkey.authn.support.wsfederation;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.maxkey.authn.AbstractAuthenticationProvider;
import org.maxkey.configuration.ApplicationConfig;
import org.maxkey.constants.ConstantsLoginType;
import org.maxkey.util.StringUtils;
import org.maxkey.web.WebContext;
import org.opensaml.saml1.core.impl.AssertionImpl;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.web.servlet.AsyncHandlerInterceptor;
public class HttpWsFederationEntryPoint implements AsyncHandlerInterceptor {
private static final Logger _logger = LoggerFactory.getLogger(HttpWsFederationEntryPoint.class);
boolean enable;
ApplicationConfig applicationConfig;
AbstractAuthenticationProvider authenticationProvider ;
WsFederationService wsFederationService;
@Override
public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
boolean isAuthenticated= WebContext.isAuthenticated();
String wsFederationWA = request.getParameter(WsFederationConstants.WA);
String wsFederationWResult = request.getParameter(WsFederationConstants.WRESULT);
if(!enable
|| isAuthenticated
|| !applicationConfig.getLoginConfig().isWsFederation()
|| wsFederationWA == null){
return true;
}
_logger.debug("WsFederation Login Start ...");
_logger.info("Request url : "+ request.getRequestURL());
_logger.info("Request URI : "+ request.getRequestURI());
_logger.info("Request ContextPath : "+ request.getContextPath());
_logger.info("Request ServletPath : "+ request.getServletPath());
_logger.debug("RequestSessionId : "+ request.getRequestedSessionId());
_logger.debug("isRequestedSessionIdValid : "+ request.isRequestedSessionIdValid());
_logger.debug("getSession : "+ request.getSession(false));
// session not existssession timeoutrecreate new session
if(request.getSession(false) == null) {
_logger.info("recreate new session .");
request.getSession(true);
}
_logger.info("getSession.getId : "+ request.getSession().getId());
//for WsFederation Login
_logger.debug("WsFederation : " + wsFederationWA +" , wsFederationWResult : " + wsFederationWResult);
if(applicationConfig.getLoginConfig().isWsFederation()
&& StringUtils.isNotEmpty(wsFederationWA)
&& wsFederationWA.equalsIgnoreCase(WsFederationConstants.WSIGNIN)){
_logger.debug("wresult : {}"+wsFederationWResult);
final String wctx = request.getParameter(WsFederationConstants.WCTX);
_logger.debug("wctx : {}"+ wctx);
// create credentials
final AssertionImpl assertion = WsFederationUtils.parseTokenFromString(wsFederationWResult);
//Validate the signature
if (assertion != null && WsFederationUtils.validateSignature(assertion, wsFederationService.getWsFederationConfiguration().getSigningCertificates())) {
final WsFederationCredential wsFederationCredential = WsFederationUtils.createCredentialFromToken(assertion);
if (wsFederationCredential != null && wsFederationCredential.isValid(wsFederationService.getWsFederationConfiguration().getRelyingParty(),
wsFederationService.getWsFederationConfiguration().getIdentifier(),
wsFederationService.getWsFederationConfiguration().getTolerance())) {
//Give the library user a chance to change the attributes as necessary
if (wsFederationService.getWsFederationConfiguration().getAttributeMutator() != null) {
wsFederationService.getWsFederationConfiguration().getAttributeMutator().modifyAttributes(
wsFederationCredential.getAttributes(),
wsFederationService.getWsFederationConfiguration().getUpnSuffix());
}
authenticationProvider.trustAuthentication(
wsFederationCredential.getAttributes().get("").toString(),
ConstantsLoginType.WSFEDERATION,
"","","success");
return true;
} else {
_logger.warn("SAML assertions are blank or no longer valid.");
}
} else {
_logger.error("WS Requested Security Token is blank or the signature is not valid.");
}
}
return true;
}
public HttpWsFederationEntryPoint() {
super();
}
public HttpWsFederationEntryPoint (boolean enable) {
super();
this.enable = enable;
}
public HttpWsFederationEntryPoint(AbstractAuthenticationProvider authenticationProvider, WsFederationService wsFederationService,
ApplicationConfig applicationConfig, boolean enable) {
super();
this.authenticationProvider = authenticationProvider;
this.wsFederationService = wsFederationService;
this.applicationConfig = applicationConfig;
this.enable = enable;
}
public boolean isEnable() {
return enable;
}
public void setEnable(boolean enable) {
this.enable = enable;
}
public void setApplicationConfig(ApplicationConfig applicationConfig) {
this.applicationConfig = applicationConfig;
}
public void setAuthenticationProvider(AbstractAuthenticationProvider authenticationProvider) {
this.authenticationProvider = authenticationProvider;
}
public void setWsFederationService(WsFederationService wsFederationService) {
this.wsFederationService = wsFederationService;
}
}

4
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/wsfederation/WsFederationService.java
View File

@@ -17,9 +17,7 @@
package org.maxkey.authn.support.wsfederation;
import javax.servlet.http.HttpServletRequest;
public interface WsFederationService {
public boolean login(String wsFederationWA,String wsFederationWResult,HttpServletRequest request);
public WsFederationConfiguration getWsFederationConfiguration();
}

60
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/wsfederation/WsFederationServiceImpl.java
View File

@@ -17,72 +17,24 @@
package org.maxkey.authn.support.wsfederation;
import javax.servlet.http.HttpServletRequest;
import org.maxkey.authn.AbstractAuthenticationProvider;
import org.maxkey.constants.ConstantsLoginType;
import org.maxkey.util.StringUtils;
import org.opensaml.saml1.core.impl.AssertionImpl;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Qualifier;
public class WsFederationServiceImpl implements WsFederationService{
final static Logger _logger = LoggerFactory.getLogger(WsFederationServiceImpl.class);
private WsFederationConfiguration wsFederationConfiguration;
@Autowired
@Qualifier("authenticationProvider")
AbstractAuthenticationProvider authenticationProvider ;
public boolean login(String wsFederationWA,String wsFederationWResult,HttpServletRequest request){
// it's an authentication
if (StringUtils.isNotEmpty(wsFederationWA) && wsFederationWA.equalsIgnoreCase(WsFederationConstants.WSIGNIN)) {
_logger.debug("wresult : {}"+wsFederationWResult);
final String wctx = request.getParameter(WsFederationConstants.WCTX);
_logger.debug("wctx : {}"+ wctx);
// create credentials
final AssertionImpl assertion = WsFederationUtils.parseTokenFromString(wsFederationWResult);
//Validate the signature
if (assertion != null && WsFederationUtils.validateSignature(assertion, wsFederationConfiguration.getSigningCertificates())) {
final WsFederationCredential wsFederationCredential = WsFederationUtils.createCredentialFromToken(assertion);
if (wsFederationCredential != null && wsFederationCredential.isValid(wsFederationConfiguration.getRelyingParty(),
wsFederationConfiguration.getIdentifier(),
wsFederationConfiguration.getTolerance())) {
//Give the library user a chance to change the attributes as necessary
if (wsFederationConfiguration.getAttributeMutator() != null) {
wsFederationConfiguration.getAttributeMutator().modifyAttributes(
wsFederationCredential.getAttributes(),
wsFederationConfiguration.getUpnSuffix());
}
authenticationProvider.trustAuthentication(
wsFederationCredential.getAttributes().get("").toString(),
ConstantsLoginType.WSFEDERATION,
"","","success");
return true;
} else {
_logger.warn("SAML assertions are blank or no longer valid.");
return false;
}
} else {
_logger.error("WS Requested Security Token is blank or the signature is not valid.");
return false;
}
}
return false;
}
public void setWsFederationConfiguration(
WsFederationConfiguration wsFederationConfiguration) {
this.wsFederationConfiguration = wsFederationConfiguration;
}
public WsFederationConfiguration getWsFederationConfiguration() {
return wsFederationConfiguration;
}
}

24
maxkey-web-manage/src/main/java/org/maxkey/web/endpoint/LoginEndpoint.java
View File

@@ -17,9 +17,6 @@
package org.maxkey.web.endpoint;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.maxkey.authn.AbstractAuthenticationProvider;
import org.maxkey.authn.LoginCredential;
import org.maxkey.configuration.ApplicationConfig;
@@ -56,26 +53,19 @@ public class LoginEndpoint {
* @return
*/
@RequestMapping(value={"/login"})
public ModelAndView login(
HttpServletRequest request,
HttpServletResponse response) {
public ModelAndView login() {
_logger.debug("LoginController /login.");
ModelAndView modelAndView = new ModelAndView();
boolean isAuthenticated= WebContext.isAuthenticated();
//for normal login
if(!isAuthenticated){
modelAndView.addObject("isRemeberMe", applicationConfig.getLoginConfig().isRemeberMe());
modelAndView.addObject("isCaptcha", applicationConfig.getLoginConfig().isCaptcha());
modelAndView.addObject("sessionid", WebContext.getSession().getId());
if(isAuthenticated){
return WebContext.redirect("/main");
}
if(WebContext.isAuthenticated()){
return WebContext.redirect("/main");
}
ModelAndView modelAndView = new ModelAndView();
modelAndView.addObject("isRemeberMe", applicationConfig.getLoginConfig().isRemeberMe());
modelAndView.addObject("isCaptcha", applicationConfig.getLoginConfig().isCaptcha());
modelAndView.addObject("sessionid", WebContext.getSession().getId());
modelAndView.setViewName("login");
return modelAndView;
}

12
maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyMvcConfig.java
View File

@@ -20,6 +20,8 @@ package org.maxkey;
import org.maxkey.authn.AbstractAuthenticationProvider;
import org.maxkey.authn.support.basic.BasicEntryPoint;
import org.maxkey.authn.support.httpheader.HttpHeaderEntryPoint;
import org.maxkey.authn.support.kerberos.HttpKerberosEntryPoint;
import org.maxkey.authn.support.kerberos.KerberosService;
import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
import org.maxkey.authn.support.rememberme.HttpRemeberMeEntryPoint;
import org.maxkey.configuration.ApplicationConfig;
@@ -59,6 +61,10 @@ public class MaxKeyMvcConfig implements WebMvcConfigurer {
@Qualifier("remeberMeService")
AbstractRemeberMeService remeberMeService;
@Autowired
@Qualifier("kerberosService")
KerberosService kerberosService;
@Autowired
PermissionAdapter permissionAdapter;
@@ -115,6 +121,12 @@ public class MaxKeyMvcConfig implements WebMvcConfigurer {
authenticationProvider,remeberMeService,applicationConfig,true))
.addPathPatterns("/login");
_logger.debug("add HttpKerberosEntryPoint");
registry.addInterceptor(new HttpKerberosEntryPoint(
authenticationProvider,kerberosService,applicationConfig,true))
.addPathPatterns("/login");
if(httpHeaderEnable) {
registry.addInterceptor(new HttpHeaderEntryPoint(httpHeaderName,httpHeaderEnable))
.addPathPatterns("/*");

55
maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/RegistrationController.java
View File

@@ -17,8 +17,13 @@
package org.maxkey.web.contorller;
import java.io.IOException;
import java.util.Date;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.apache.commons.mail.DefaultAuthenticator;
import org.apache.commons.mail.EmailException;
import org.apache.commons.mail.HtmlEmail;
@@ -31,7 +36,10 @@ import org.maxkey.domain.UserInfo;
import org.maxkey.persistence.service.RegistrationService;
import org.maxkey.persistence.service.UserInfoService;
import org.maxkey.util.DateUtils;
import org.maxkey.util.StringUtils;
import org.maxkey.web.WebConstants;
import org.maxkey.web.WebContext;
import org.maxkey.web.message.Message;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@@ -42,6 +50,7 @@ import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.servlet.ModelAndView;
@@ -174,5 +183,51 @@ public class RegistrationController {
return modelAndView;
}
/**
* view register
* @return
*/
@RequestMapping(value={"/register"})
public ModelAndView register(HttpServletRequest request,HttpServletResponse response) {
_logger.debug("/register.");
ModelAndView modelAndView = new ModelAndView("registration/register");
Object loginErrorMessage=WebContext.getAttribute(WebConstants.LOGIN_ERROR_SESSION_MESSAGE);
modelAndView.addObject("loginErrorMessage", loginErrorMessage==null?"":loginErrorMessage);
WebContext.removeAttribute(WebConstants.LOGIN_ERROR_SESSION_MESSAGE);
return modelAndView;
}
@RequestMapping(value={"/registeron"})
@ResponseBody
public Message registeron(UserInfo userInfo,@RequestParam String emailMobile) throws ServletException, IOException {
if(StringUtils.isNullOrBlank(emailMobile)) {
return new Message(WebContext.getI18nValue("register.emailMobile.error"),"1");
}
if(StringUtils.isValidEmail(emailMobile)) {
userInfo.setEmail(emailMobile);
}
if(StringUtils.isValidMobileNo(emailMobile)) {
userInfo.setMobile(emailMobile);
}
if(!(StringUtils.isValidEmail(emailMobile)||StringUtils.isValidMobileNo(emailMobile))) {
return new Message(WebContext.getI18nValue("register.emailMobile.error"),"1");
}
UserInfo temp=userInfoService.queryUserInfoByEmailMobile(emailMobile);
if(temp!=null) {
return new Message(WebContext.getI18nValue("register.emailMobile.exist"),"1");
}
temp=userInfoService.loadByUsername(userInfo.getUsername());
if(temp!=null) {
return new Message(WebContext.getI18nValue("register.user.error"),"1");
}
userInfo.setStatus(ConstantsStatus.ACTIVE);
if(userInfoService.insert(userInfo)) {
return new Message(WebContext.getI18nValue("login.text.register.success"),"0");
}
return new Message(WebContext.getI18nValue("login.text.register.error"),"1");
}
}

145
maxkey-web-maxkey/src/main/java/org/maxkey/web/endpoint/LoginEndpoint.java
View File

@@ -19,25 +19,19 @@ package org.maxkey.web.endpoint;
import java.io.IOException;
import java.util.HashMap;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import org.maxkey.authn.AbstractAuthenticationProvider;
import org.maxkey.authn.LoginCredential;
import org.maxkey.authn.support.kerberos.KerberosService;
import org.maxkey.authn.support.socialsignon.service.SocialSignOnProviderService;
import org.maxkey.authn.support.wsfederation.WsFederationConstants;
import org.maxkey.configuration.ApplicationConfig;
import org.maxkey.constants.ConstantsStatus;
import org.maxkey.domain.UserInfo;
import org.maxkey.password.onetimepwd.AbstractOtpAuthn;
import org.maxkey.persistence.service.UserInfoService;
import org.maxkey.util.StringUtils;
import org.maxkey.web.WebConstants;
import org.maxkey.web.WebContext;
import org.maxkey.web.message.Message;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
@@ -46,11 +40,9 @@ import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.ModelAttribute;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.servlet.ModelAndView;
/**
* @author Crystal.Sea
*
@@ -63,6 +55,10 @@ public class LoginEndpoint {
@Qualifier("applicationConfig")
ApplicationConfig applicationConfig;
@Autowired
@Qualifier("authenticationProvider")
AbstractAuthenticationProvider authenticationProvider ;
@Autowired
@Qualifier("socialSignOnProviderService")
SocialSignOnProviderService socialSignOnProviderService;
@@ -75,14 +71,6 @@ public class LoginEndpoint {
@Qualifier("userInfoService")
UserInfoService userInfoService;
/*@Autowired
@Qualifier("wsFederationService")
WsFederationService wsFederationService;*/
@Autowired
@Qualifier("authenticationProvider")
AbstractAuthenticationProvider authenticationProvider ;
@Autowired
@Qualifier("tfaOtpAuthn")
protected AbstractOtpAuthn tfaOtpAuthn;
@@ -92,66 +80,35 @@ public class LoginEndpoint {
* @return
*/
@RequestMapping(value={"/login"})
public ModelAndView login(
HttpServletRequest request,
HttpServletResponse response,
@RequestParam(value=WebConstants.CAS_SERVICE_PARAMETER,required=false) String casService,
@RequestParam(value=WebConstants.KERBEROS_TOKEN_PARAMETER,required=false) String kerberosToken,
@RequestParam(value=WebConstants.KERBEROS_USERDOMAIN_PARAMETER,required=false) String kerberosUserDomain,
@RequestParam(value=WsFederationConstants.WA,required=false) String wsFederationWA,
@RequestParam(value=WsFederationConstants.WRESULT,required=false) String wsFederationWResult) {
public ModelAndView login() {
_logger.debug("LoginController /login.");
ModelAndView modelAndView = new ModelAndView("login");
boolean isAuthenticated= WebContext.isAuthenticated();
//for Kerberos login
if(!isAuthenticated){
if(applicationConfig.getLoginConfig().isKerberos()&&
kerberosUserDomain!=null&&!kerberosUserDomain.equals("")&&
kerberosToken!=null && !kerberosToken.equals("")){
_logger.debug("Try Kerberos login ");
isAuthenticated=kerberosService.login(kerberosToken,kerberosUserDomain);
}
}
//for WsFederation login
if(!isAuthenticated){
if(applicationConfig.getLoginConfig().isWsFederation()&&
StringUtils.isNotEmpty(wsFederationWA) &&
wsFederationWA.equalsIgnoreCase(WsFederationConstants.WSIGNIN)){
_logger.debug("Try WsFederation login ");
//isAuthenticated=wsFederationService.login(wsFederationWA,wsFederationWResult,request);
}
}
//for normal login
if(!isAuthenticated){
modelAndView.addObject("isRemeberMe", applicationConfig.getLoginConfig().isRemeberMe());
modelAndView.addObject("isKerberos", applicationConfig.getLoginConfig().isKerberos());
modelAndView.addObject("isMfa", applicationConfig.getLoginConfig().isMfa());
if(applicationConfig.getLoginConfig().isMfa()) {
modelAndView.addObject("otpType", tfaOtpAuthn.getOtpType());
modelAndView.addObject("otpInterval", tfaOtpAuthn.getInterval());
}
if( applicationConfig.getLoginConfig().isKerberos()){
modelAndView.addObject("userDomainUrlJson", kerberosService.buildKerberosProxys());
}
modelAndView.addObject("isCaptcha", applicationConfig.getLoginConfig().isCaptcha());
modelAndView.addObject("sessionid", WebContext.getSession().getId());
//modelAndView.addObject("jwtToken",jwtLoginService.buildLoginJwt());
//load Social Sign On Providers
if(applicationConfig.getLoginConfig().isSocialSignOn()){
_logger.debug("Load Social Sign On Providers ");
modelAndView.addObject("ssopList", socialSignOnProviderService.getSocialSignOnProviders());
}
}
if(isAuthenticated){
return WebContext.redirect("/forwardindex");
}
//for normal login
ModelAndView modelAndView = new ModelAndView("login");
modelAndView.addObject("isRemeberMe", applicationConfig.getLoginConfig().isRemeberMe());
modelAndView.addObject("isKerberos", applicationConfig.getLoginConfig().isKerberos());
modelAndView.addObject("isMfa", applicationConfig.getLoginConfig().isMfa());
if(applicationConfig.getLoginConfig().isMfa()) {
modelAndView.addObject("otpType", tfaOtpAuthn.getOtpType());
modelAndView.addObject("otpInterval", tfaOtpAuthn.getInterval());
}
if( applicationConfig.getLoginConfig().isKerberos()){
modelAndView.addObject("userDomainUrlJson", kerberosService.buildKerberosProxys());
}
modelAndView.addObject("isCaptcha", applicationConfig.getLoginConfig().isCaptcha());
modelAndView.addObject("sessionid", WebContext.getSession().getId());
//modelAndView.addObject("jwtToken",jwtLoginService.buildLoginJwt());
//load Social Sign On Providers
if(applicationConfig.getLoginConfig().isSocialSignOn()){
_logger.debug("Load Social Sign On Providers ");
modelAndView.addObject("ssopList", socialSignOnProviderService.getSocialSignOnProviders());
}
Object loginErrorMessage=WebContext.getAttribute(WebConstants.LOGIN_ERROR_SESSION_MESSAGE);
modelAndView.addObject("loginErrorMessage", loginErrorMessage==null?"":loginErrorMessage);
@@ -203,51 +160,5 @@ public class LoginEndpoint {
return "fail";
}
/**
* view register
* @return
*/
@RequestMapping(value={"/register"})
public ModelAndView register(HttpServletRequest request,HttpServletResponse response) {
_logger.debug("LoginController /register.");
ModelAndView modelAndView = new ModelAndView("registration/register");
Object loginErrorMessage=WebContext.getAttribute(WebConstants.LOGIN_ERROR_SESSION_MESSAGE);
modelAndView.addObject("loginErrorMessage", loginErrorMessage==null?"":loginErrorMessage);
WebContext.removeAttribute(WebConstants.LOGIN_ERROR_SESSION_MESSAGE);
return modelAndView;
}
@RequestMapping(value={"/registeron"})
@ResponseBody
public Message registeron(UserInfo userInfo,@RequestParam String emailMobile) throws ServletException, IOException {
if(StringUtils.isNullOrBlank(emailMobile)) {
return new Message(WebContext.getI18nValue("register.emailMobile.error"),"1");
}
if(StringUtils.isValidEmail(emailMobile)) {
userInfo.setEmail(emailMobile);
}
if(StringUtils.isValidMobileNo(emailMobile)) {
userInfo.setMobile(emailMobile);
}
if(!(StringUtils.isValidEmail(emailMobile)||StringUtils.isValidMobileNo(emailMobile))) {
return new Message(WebContext.getI18nValue("register.emailMobile.error"),"1");
}
UserInfo temp=userInfoService.queryUserInfoByEmailMobile(emailMobile);
if(temp!=null) {
return new Message(WebContext.getI18nValue("register.emailMobile.exist"),"1");
}
temp=userInfoService.loadByUsername(userInfo.getUsername());
if(temp!=null) {
return new Message(WebContext.getI18nValue("register.user.error"),"1");
}
userInfo.setStatus(ConstantsStatus.ACTIVE);
if(userInfoService.insert(userInfo)) {
return new Message(WebContext.getI18nValue("login.text.register.success"),"0");
}
return new Message(WebContext.getI18nValue("login.text.register.error"),"1");
}
}