public/MaxKey
1
0
Fork 0
mirror of https://gitee.com/dromara/MaxKey.git synced 2026-06-15 06:41:43 +08:00
Code Issues Packages Projects Releases Wiki Activity

tab to 4 space

Browse Source
This commit is contained in:
MaxKey
2025-11-01 11:17:01 +08:00
parent e823cb1fec
commit dc5e773726
834 changed files with 43445 additions and 43445 deletions
Download Patch File Download Diff File Expand all files Collapse all files

144
maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/dromara/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java
View File

@@ -42,77 +42,77 @@ import org.springframework.web.servlet.ModelAndView;
*
*/
public class AuthorizeBaseEndpoint {
static final Logger _logger = LoggerFactory.getLogger(AuthorizeBaseEndpoint.class);
@Autowired
static final Logger _logger = LoggerFactory.getLogger(AuthorizeBaseEndpoint.class);
@Autowired
protected ApplicationConfig applicationConfig;
@Autowired
protected AppsService appsService;
@Autowired
protected AccountsService accountsService;
protected Apps getApp(String id){
Apps app=(Apps)WebContext.getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP);
if(StringUtils.isBlank(id)) {
_logger.error("parameter for app id {} is null.",id);
}else {
//session中为空或者id不一致重新加载
if(app == null || !app.getId().equalsIgnoreCase(id)) {
app = appsService.get(id,true);
}
WebContext.setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP, app);
}
if(app == null){
_logger.error("Applications id {} is not exist.",id);
}
return app;
}
protected Accounts getAccounts(Apps app,UserInfo userInfo){
Apps loadApp = getApp(app.getId());
Accounts account = new Accounts(userInfo.getId(),loadApp.getId());
account.setUsername(userInfo.getUsername());
account.setAppName(app.getAppName());
if(loadApp.getCredential().equalsIgnoreCase(Apps.CREDENTIALS.USER_DEFINED)){
account = accountsService.get( Query.builder().eq("appId", loadApp.getId()).eq("userid", userInfo.getId()));
if(account != null){
account.setRelatedPassword(
PasswordReciprocal.getInstance().decoder(account.getRelatedPassword()));
}
}else if(loadApp.getCredential().equalsIgnoreCase(Apps.CREDENTIALS.SHARED)){
account.setRelatedUsername(loadApp.getSharedUsername());
account.setRelatedPassword(PasswordReciprocal.getInstance().decoder(loadApp.getSharedPassword()));
}else if(loadApp.getCredential().equalsIgnoreCase( Apps.CREDENTIALS.SYSTEM)){
account.setUsername(
AbstractAuthorizeAdapter.getValueByUserAttr(userInfo, loadApp.getSystemUserAttr())
);
//decoder database stored encode password
account.setRelatedPassword(
PasswordReciprocal.getInstance().decoder(userInfo.getDecipherable()));
}else if(loadApp.getCredential().equalsIgnoreCase(Apps.CREDENTIALS.NONE)){
account.setUsername(userInfo.getUsername());
account.setRelatedPassword(userInfo.getUsername());
}
return account;
}
public ModelAndView initCredentialView(String appId,String redirect_uri){
String initCredentialURL =
"" +
applicationConfig.getFrontendUri() +
"/#/authz/credential?appId=%s&redirect_uri=%s";
initCredentialURL = String.format(initCredentialURL,appId, redirect_uri);
_logger.debug("redirect to {}.",initCredentialURL);
ModelAndView modelAndView =new ModelAndView("redirect");
modelAndView.addObject("redirect_uri", initCredentialURL);
return modelAndView;
}
@Autowired
protected AppsService appsService;
@Autowired
protected AccountsService accountsService;
protected Apps getApp(String id){
Apps app=(Apps)WebContext.getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP);
if(StringUtils.isBlank(id)) {
_logger.error("parameter for app id {} is null.",id);
}else {
//session中为空或者id不一致重新加载
if(app == null || !app.getId().equalsIgnoreCase(id)) {
app = appsService.get(id,true);
}
WebContext.setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP, app);
}
if(app == null){
_logger.error("Applications id {} is not exist.",id);
}
return app;
}
protected Accounts getAccounts(Apps app,UserInfo userInfo){
Apps loadApp = getApp(app.getId());
Accounts account = new Accounts(userInfo.getId(),loadApp.getId());
account.setUsername(userInfo.getUsername());
account.setAppName(app.getAppName());
if(loadApp.getCredential().equalsIgnoreCase(Apps.CREDENTIALS.USER_DEFINED)){
account = accountsService.get( Query.builder().eq("appId", loadApp.getId()).eq("userid", userInfo.getId()));
if(account != null){
account.setRelatedPassword(
PasswordReciprocal.getInstance().decoder(account.getRelatedPassword()));
}
}else if(loadApp.getCredential().equalsIgnoreCase(Apps.CREDENTIALS.SHARED)){
account.setRelatedUsername(loadApp.getSharedUsername());
account.setRelatedPassword(PasswordReciprocal.getInstance().decoder(loadApp.getSharedPassword()));
}else if(loadApp.getCredential().equalsIgnoreCase( Apps.CREDENTIALS.SYSTEM)){
account.setUsername(
AbstractAuthorizeAdapter.getValueByUserAttr(userInfo, loadApp.getSystemUserAttr())
);
//decoder database stored encode password
account.setRelatedPassword(
PasswordReciprocal.getInstance().decoder(userInfo.getDecipherable()));
}else if(loadApp.getCredential().equalsIgnoreCase(Apps.CREDENTIALS.NONE)){
account.setUsername(userInfo.getUsername());
account.setRelatedPassword(userInfo.getUsername());
}
return account;
}
public ModelAndView initCredentialView(String appId,String redirect_uri){
String initCredentialURL =
"" +
applicationConfig.getFrontendUri() +
"/#/authz/credential?appId=%s&redirect_uri=%s";
initCredentialURL = String.format(initCredentialURL,appId, redirect_uri);
_logger.debug("redirect to {}.",initCredentialURL);
ModelAndView modelAndView =new ModelAndView("redirect");
modelAndView.addObject("redirect_uri", initCredentialURL);
return modelAndView;
}
}

92
maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/dromara/maxkey/authz/endpoint/AuthorizeCredentialEndpoint.java
View File

@@ -38,50 +38,50 @@ import org.springframework.web.bind.annotation.*;
@RequestMapping(value = { "/authz/credential" })
public class AuthorizeCredentialEndpoint extends AuthorizeBaseEndpoint{
@GetMapping("/get/{appId}")
public Message<Accounts> get(
@PathVariable("appId") String appId,
@CurrentUser UserInfo currentUser){
Apps app = getApp(appId);
Accounts account = getAccounts(app,currentUser);
if(account == null) {
account =new Accounts ();
account.setId(account.generateId());
account.setUserId(currentUser.getId());
account.setUsername(currentUser.getUsername());
account.setDisplayName(currentUser.getDisplayName());
account.setAppId(appId);
account.setAppName(app.getAppName());
account.setInstId(currentUser.getInstId());
account.setCreateType("manual");
account.setStatus(ConstsStatus.ACTIVE);
}
return new Message<>(account);
}
@PutMapping("/update")
public Message<Accounts> update(
@RequestBody Accounts account,
@CurrentUser UserInfo currentUser){
if(StringUtils.isNotEmpty(account.getRelatedUsername())
&&StringUtils.isNotEmpty(account.getRelatedPassword())){
account.setInstId(currentUser.getInstId());
account.setRelatedPassword(
PasswordReciprocal.getInstance().encode(account.getRelatedPassword()));
if(accountsService.get(account.getId()) == null) {
if(accountsService.insert(account)){
return new Message<>();
}
}else {
if(accountsService.update(account)){
return new Message<>();
}
}
}
return new Message<>(Message.FAIL);
}
@GetMapping("/get/{appId}")
public Message<Accounts> get(
@PathVariable("appId") String appId,
@CurrentUser UserInfo currentUser){
Apps app = getApp(appId);
Accounts account = getAccounts(app,currentUser);
if(account == null) {
account =new Accounts ();
account.setId(account.generateId());
account.setUserId(currentUser.getId());
account.setUsername(currentUser.getUsername());
account.setDisplayName(currentUser.getDisplayName());
account.setAppId(appId);
account.setAppName(app.getAppName());
account.setInstId(currentUser.getInstId());
account.setCreateType("manual");
account.setStatus(ConstsStatus.ACTIVE);
}
return new Message<>(account);
}
@PutMapping("/update")
public Message<Accounts> update(
@RequestBody Accounts account,
@CurrentUser UserInfo currentUser){
if(StringUtils.isNotEmpty(account.getRelatedUsername())
&&StringUtils.isNotEmpty(account.getRelatedPassword())){
account.setInstId(currentUser.getInstId());
account.setRelatedPassword(
PasswordReciprocal.getInstance().encode(account.getRelatedPassword()));
if(accountsService.get(account.getId()) == null) {
if(accountsService.insert(account)){
return new Message<>();
}
}else {
if(accountsService.update(account)){
return new Message<>();
}
}
}
return new Message<>(Message.FAIL);
}
}

92
maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/dromara/maxkey/authz/endpoint/AuthorizeEndpoint.java
View File

@@ -45,55 +45,55 @@ import jakarta.servlet.http.HttpServletRequest;
@Tag(name = "1-2认证总地址文档模块")
@Controller
public class AuthorizeEndpoint extends AuthorizeBaseEndpoint{
static final Logger _logger = LoggerFactory.getLogger(AuthorizeEndpoint.class);
@Autowired
AppsCasDetailsService casDetailsService;
//all single sign on url
@Operation(summary = "认证总地址接口", description = "参数应用ID分发到不同应用的认证地址",method="GET")
@GetMapping("/authz/{id}")
public ModelAndView authorize(HttpServletRequest request,@PathVariable("id") String id){
Apps app = getApp(id);
WebContext.setAttribute(WebConstants.SINGLE_SIGN_ON_APP_ID, app.getId());
ModelAndView modelAndView = WebContext.redirect(app.getLoginUrl());
if(app.getProtocol().equalsIgnoreCase(ConstsProtocols.EXTEND_API)){
modelAndView=WebContext.forward("/authz/api/"+app.getId());
}else if (app.getProtocol().equalsIgnoreCase(ConstsProtocols.FORMBASED)){
modelAndView=WebContext.forward("/authz/formbased/"+app.getId());
}else if (app.getProtocol().equalsIgnoreCase(ConstsProtocols.OAUTH20)){
modelAndView=WebContext.forward("/authz/oauth/v20/"+app.getId());
}else if (app.getProtocol().equalsIgnoreCase(ConstsProtocols.OAUTH21)){
modelAndView=WebContext.redirect(app.getLoginUrl());
static final Logger _logger = LoggerFactory.getLogger(AuthorizeEndpoint.class);
@Autowired
AppsCasDetailsService casDetailsService;
//all single sign on url
@Operation(summary = "认证总地址接口", description = "参数应用ID分发到不同应用的认证地址",method="GET")
@GetMapping("/authz/{id}")
public ModelAndView authorize(HttpServletRequest request,@PathVariable("id") String id){
Apps app = getApp(id);
WebContext.setAttribute(WebConstants.SINGLE_SIGN_ON_APP_ID, app.getId());
ModelAndView modelAndView = WebContext.redirect(app.getLoginUrl());
if(app.getProtocol().equalsIgnoreCase(ConstsProtocols.EXTEND_API)){
modelAndView=WebContext.forward("/authz/api/"+app.getId());
}else if (app.getProtocol().equalsIgnoreCase(ConstsProtocols.FORMBASED)){
modelAndView=WebContext.forward("/authz/formbased/"+app.getId());
}else if (app.getProtocol().equalsIgnoreCase(ConstsProtocols.OAUTH20)){
modelAndView=WebContext.forward("/authz/oauth/v20/"+app.getId());
}else if (app.getProtocol().equalsIgnoreCase(ConstsProtocols.OAUTH21)){
modelAndView=WebContext.redirect(app.getLoginUrl());
}else if (app.getProtocol().equalsIgnoreCase(ConstsProtocols.OPEN_ID_CONNECT10)){
modelAndView=WebContext.forward("/authz/oauth/v20/"+app.getId());
}else if (app.getProtocol().equalsIgnoreCase(ConstsProtocols.SAML20)){
modelAndView=WebContext.forward("/authz/saml20/idpinit/"+app.getId());
}else if (app.getProtocol().equalsIgnoreCase(ConstsProtocols.TOKENBASED)){
modelAndView=WebContext.forward("/authz/tokenbased/"+app.getId());
}else if (app.getProtocol().equalsIgnoreCase(ConstsProtocols.CAS)){
modelAndView=WebContext.forward("/authz/cas/"+app.getId());
}else if (app.getProtocol().equalsIgnoreCase(ConstsProtocols.JWT)){
}else if (app.getProtocol().equalsIgnoreCase(ConstsProtocols.SAML20)){
modelAndView=WebContext.forward("/authz/saml20/idpinit/"+app.getId());
}else if (app.getProtocol().equalsIgnoreCase(ConstsProtocols.TOKENBASED)){
modelAndView=WebContext.forward("/authz/tokenbased/"+app.getId());
}else if (app.getProtocol().equalsIgnoreCase(ConstsProtocols.CAS)){
modelAndView=WebContext.forward("/authz/cas/"+app.getId());
}else if (app.getProtocol().equalsIgnoreCase(ConstsProtocols.JWT)){
modelAndView=WebContext.forward("/authz/jwt/"+app.getId());
}else if (app.getProtocol().equalsIgnoreCase(ConstsProtocols.BASIC)){
modelAndView=WebContext.redirect(app.getLoginUrl());
}
modelAndView=WebContext.redirect(app.getLoginUrl());
}
_logger.debug("redirect to view {}",modelAndView.getViewName());
return modelAndView;
}
@GetMapping("/authz/refused")
public ModelAndView refused(){
ModelAndView modelAndView = new ModelAndView("authorize/authorize_refused");
Apps app = (Apps)WebContext.getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP);
if(app != null) {
app.transIconBase64();
}
modelAndView.addObject("model", app);
return modelAndView;
}
_logger.debug("redirect to view {}",modelAndView.getViewName());
return modelAndView;
}
@GetMapping("/authz/refused")
public ModelAndView refused(){
ModelAndView modelAndView = new ModelAndView("authorize/authorize_refused");
Apps app = (Apps)WebContext.getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP);
if(app != null) {
app.transIconBase64();
}
modelAndView.addObject("model", app);
return modelAndView;
}
}

48
maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/dromara/maxkey/authz/endpoint/AuthorizeProtectedEndpoint.java
View File

@@ -39,28 +39,28 @@ import jakarta.servlet.http.HttpServletRequest;
@Controller
public class AuthorizeProtectedEndpoint{
@GetMapping("/authz/protected/forward")
public ModelAndView forwardProtectedForward(
HttpServletRequest request ){
String redirectUri=request.getAttribute("redirect_uri").toString();
ModelAndView modelAndView=new ModelAndView("authorize/protected/forward");
modelAndView.addObject("redirect_uri", redirectUri);
return modelAndView;
}
@GetMapping("/authz/protected")
public ModelAndView authorizeProtected(
@RequestParam("password") String password,
@RequestParam("redirect_uri") String redirectUri,
@CurrentUser UserInfo currentUser){
if( currentUser.getAppLoginPassword().equals(PasswordReciprocal.getInstance().encode(password))){
WebContext.setAttribute(WebConstants.CURRENT_SINGLESIGNON_URI, redirectUri);
return WebContext.redirect(redirectUri);
}
ModelAndView modelAndView=new ModelAndView("authorize/protected/forward");
modelAndView.addObject("redirect_uri", redirectUri);
return modelAndView;
}
@GetMapping("/authz/protected/forward")
public ModelAndView forwardProtectedForward(
HttpServletRequest request ){
String redirectUri=request.getAttribute("redirect_uri").toString();
ModelAndView modelAndView=new ModelAndView("authorize/protected/forward");
modelAndView.addObject("redirect_uri", redirectUri);
return modelAndView;
}
@GetMapping("/authz/protected")
public ModelAndView authorizeProtected(
@RequestParam("password") String password,
@RequestParam("redirect_uri") String redirectUri,
@CurrentUser UserInfo currentUser){
if( currentUser.getAppLoginPassword().equals(PasswordReciprocal.getInstance().encode(password))){
WebContext.setAttribute(WebConstants.CURRENT_SINGLESIGNON_URI, redirectUri);
return WebContext.redirect(redirectUri);
}
ModelAndView modelAndView=new ModelAndView("authorize/protected/forward");
modelAndView.addObject("redirect_uri", redirectUri);
return modelAndView;
}
}

202
maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/dromara/maxkey/authz/endpoint/adapter/AbstractAuthorizeAdapter.java
View File

@@ -36,108 +36,108 @@ import org.slf4j.LoggerFactory;
import org.springframework.web.servlet.ModelAndView;
public abstract class AbstractAuthorizeAdapter {
static final Logger _logger = LoggerFactory.getLogger(AbstractAuthorizeAdapter.class);
protected Apps app;
protected UserInfo userInfo;
protected Accounts account;
protected SignPrincipal principal;
public abstract Object generateInfo();
public ModelAndView authorize(ModelAndView modelAndView) {
return modelAndView;
}
public Object sign(Object data,String signatureKey,String signature){
if(ConstsBoolean.isTrue(app.getIsSignature())){
KeyStoreLoader keyStoreLoader = WebContext.getBean("keyStoreLoader",KeyStoreLoader.class);
try {
byte[] signData= CertSigner.sign(data.toString().getBytes(), keyStoreLoader.getKeyStore(), keyStoreLoader.getEntityName(), keyStoreLoader.getKeystorePassword());
_logger.debug("signed Token : {}",data);
_logger.debug("signature : {}",signData.toString());
return Base64Utils.base64UrlEncode(data.toString().getBytes("UTF-8"))+"."+Base64Utils.base64UrlEncode(signData);
} catch (UnsupportedEncodingException e) {
_logger.error("UnsupportedEncodingException " , e);
} catch (Exception e) {
_logger.error("Exception " , e);
}
_logger.debug("Token {}" , data);
}else{
_logger.debug("data not need sign .");
return data;
}
return null;
}
public Object encrypt(Object data,String algorithmKey,String algorithm){
algorithmKey = PasswordReciprocal.getInstance().decoder(algorithmKey);
_logger.debug("algorithm : {}",algorithm);
_logger.debug("algorithmKey : {}",algorithmKey);
//Chinese , encode data to HEX
try {
data = new String(Hex.encodeHex(data.toString().getBytes("UTF-8")));
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
byte[] encodeData = ReciprocalUtils.encode(data.toString(), algorithmKey, algorithm);
String tokenString = Base64Utils.base64UrlEncode(encodeData);
_logger.trace("Reciprocal then HEX Token : {}",tokenString);
return tokenString;
}
public static String getValueByUserAttr(UserInfo userInfo,String userAttr) {
String value = "";
if(StringUtils.isBlank(userAttr)) {
value = userInfo.getUsername();
}else if(userAttr.equalsIgnoreCase("username")){
value = userInfo.getUsername();
}else if(userAttr.equalsIgnoreCase("userId")){
value = userInfo.getId();
}else if(userAttr.equalsIgnoreCase("email")){
value = userInfo.getEmail();
}else if(userAttr.equalsIgnoreCase("mobile")){
value = userInfo.getMobile();
}else if(userAttr.equalsIgnoreCase("workEmail")) {
value = userInfo.getWorkEmail();
}else if(userAttr.equalsIgnoreCase("windowsAccount")){
value = userInfo.getWindowsAccount();
}else if(userAttr.equalsIgnoreCase("employeeNumber")){
value = userInfo.getEmployeeNumber();
}else {
value = userInfo.getId();
}
if(StringUtils.isBlank(value)) {
value = userInfo.getUsername();
}
return value;
}
public String serialize() {
return "";
};
static final Logger _logger = LoggerFactory.getLogger(AbstractAuthorizeAdapter.class);
protected Apps app;
protected UserInfo userInfo;
protected Accounts account;
protected SignPrincipal principal;
public abstract Object generateInfo();
public ModelAndView authorize(ModelAndView modelAndView) {
return modelAndView;
}
public Object sign(Object data,String signatureKey,String signature){
if(ConstsBoolean.isTrue(app.getIsSignature())){
KeyStoreLoader keyStoreLoader = WebContext.getBean("keyStoreLoader",KeyStoreLoader.class);
try {
byte[] signData= CertSigner.sign(data.toString().getBytes(), keyStoreLoader.getKeyStore(), keyStoreLoader.getEntityName(), keyStoreLoader.getKeystorePassword());
_logger.debug("signed Token : {}",data);
_logger.debug("signature : {}",signData.toString());
return Base64Utils.base64UrlEncode(data.toString().getBytes("UTF-8"))+"."+Base64Utils.base64UrlEncode(signData);
} catch (UnsupportedEncodingException e) {
_logger.error("UnsupportedEncodingException " , e);
} catch (Exception e) {
_logger.error("Exception " , e);
}
_logger.debug("Token {}" , data);
}else{
_logger.debug("data not need sign .");
return data;
}
return null;
}
public Object encrypt(Object data,String algorithmKey,String algorithm){
algorithmKey = PasswordReciprocal.getInstance().decoder(algorithmKey);
_logger.debug("algorithm : {}",algorithm);
_logger.debug("algorithmKey : {}",algorithmKey);
//Chinese , encode data to HEX
try {
data = new String(Hex.encodeHex(data.toString().getBytes("UTF-8")));
} catch (UnsupportedEncodingException e) {
e.printStackTrace();
}
byte[] encodeData = ReciprocalUtils.encode(data.toString(), algorithmKey, algorithm);
String tokenString = Base64Utils.base64UrlEncode(encodeData);
_logger.trace("Reciprocal then HEX Token : {}",tokenString);
return tokenString;
}
public static String getValueByUserAttr(UserInfo userInfo,String userAttr) {
String value = "";
if(StringUtils.isBlank(userAttr)) {
value = userInfo.getUsername();
}else if(userAttr.equalsIgnoreCase("username")){
value = userInfo.getUsername();
}else if(userAttr.equalsIgnoreCase("userId")){
value = userInfo.getId();
}else if(userAttr.equalsIgnoreCase("email")){
value = userInfo.getEmail();
}else if(userAttr.equalsIgnoreCase("mobile")){
value = userInfo.getMobile();
}else if(userAttr.equalsIgnoreCase("workEmail")) {
value = userInfo.getWorkEmail();
}else if(userAttr.equalsIgnoreCase("windowsAccount")){
value = userInfo.getWindowsAccount();
}else if(userAttr.equalsIgnoreCase("employeeNumber")){
value = userInfo.getEmployeeNumber();
}else {
value = userInfo.getId();
}
if(StringUtils.isBlank(value)) {
value = userInfo.getUsername();
}
return value;
}
public String serialize() {
return "";
};
public void setPrincipal(SignPrincipal principal) {
this.principal = principal;
this.userInfo = principal.getUserInfo();
}
public void setPrincipal(SignPrincipal principal) {
this.principal = principal;
this.userInfo = principal.getUserInfo();
}
public void setApp(Apps app) {
this.app = app;
}
public void setApp(Apps app) {
this.app = app;
}
public void setAccount(Accounts account) {
this.account = account;
}
public void setAccount(Accounts account) {
this.account = account;
}
}

4
maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/dromara/maxkey/authz/singlelogout/SingleLogout.java
View File

@@ -31,7 +31,7 @@ public abstract class SingleLogout {
public abstract void sendRequest(Authentication authentication,VisitedDto visited) ;
public void postMessage(String url,Map<String, Object> paramMap) {
_logger.debug("post logout message to url {}" , url);
(new HttpRequestAdapter()).post(url , paramMap);
_logger.debug("post logout message to url {}" , url);
(new HttpRequestAdapter()).post(url , paramMap);
}
}