Rest Api for Orgs and Users

2026-05-18 22:38:09 +08:00 · 2020-06-25 10:13:00 +08:00
parent 670b2376a0
commit e2071a291c
20 changed files with 537 additions and 57 deletions
--- a/maxkey-web-manage/src/main/java/org/maxkey/MaxKeyMgtApplication.java
+++ b/maxkey-web-manage/src/main/java/org/maxkey/MaxKeyMgtApplication.java
@@ -35,7 +35,8 @@ import org.springframework.context.annotation.ImportResource;
    "org.maxkey.web",
    "org.maxkey.web.tag",
    "org.maxkey.identity.kafka",
-    "org.maxkey.identity.scim.controller"
+    "org.maxkey.identity.scim.controller",
+    "org.maxkey.identity.rest"
 })
@MapperScan("org.maxkey.dao.persistence,")
 public class MaxKeyMgtApplication extends SpringBootServletInitializer {
--- a/maxkey-web-manage/src/main/java/org/maxkey/MaxKeyMgtConfig.java
+++ b/maxkey-web-manage/src/main/java/org/maxkey/MaxKeyMgtConfig.java
@@ -2,8 +2,15 @@ package org.maxkey;

 import javax.sql.DataSource;
 import org.maxkey.authz.oauth2.provider.client.JdbcClientDetailsService;
+import org.maxkey.authz.oauth2.provider.token.DefaultTokenServices;
+import org.maxkey.authz.oauth2.provider.token.TokenStore;
+import org.maxkey.authz.oauth2.provider.token.store.InMemoryTokenStore;
+import org.maxkey.authz.oauth2.provider.token.store.JdbcTokenStore;
+import org.maxkey.authz.oauth2.provider.token.store.RedisTokenStore;
+import org.maxkey.authz.oidc.idtoken.OIDCIdTokenEnhancer;
 import org.maxkey.constants.ConstantsProperties;
 import org.maxkey.crypto.password.opt.impl.TimeBasedOtpAuthn;
+import org.maxkey.persistence.redis.RedisConnectionFactory;
 import org.maxkey.authn.realm.jdbc.JdbcAuthenticationRealm;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -31,6 +38,46 @@ public class MaxKeyMgtConfig  implements InitializingBean {
        return clientDetailsService;
    }
 	
+    /**
+     * TokenStore. 
+     * @param persistence int
+     * @return oauth20TokenStore
+     */
+    @Bean(name = "oauth20TokenStore")
+    public TokenStore oauth20TokenStore(
+            @Value("${config.server.persistence}") int persistence,
+            JdbcTemplate jdbcTemplate,
+            RedisConnectionFactory jedisConnectionFactory) {
+        TokenStore tokenStore = null;
+        if (persistence == 0) {
+            tokenStore = new InMemoryTokenStore();
+            _logger.debug("InMemoryTokenStore");
+        } else if (persistence == 1) {
+            tokenStore = new JdbcTokenStore(jdbcTemplate);
+            _logger.debug("JdbcTokenStore");
+        } else if (persistence == 2) {
+            tokenStore = new RedisTokenStore(jedisConnectionFactory);
+            _logger.debug("RedisTokenStore");
+        }
+        return tokenStore;
+    }
+    
+    /**
+     * clientDetailsUserDetailsService. 
+     * @return oauth20TokenServices
+     */
+    @Bean(name = "oauth20TokenServices")
+    public DefaultTokenServices DefaultTokenServices(
+            JdbcClientDetailsService oauth20JdbcClientDetailsService,
+            TokenStore oauth20TokenStore) {
+        DefaultTokenServices tokenServices = new DefaultTokenServices();
+        tokenServices.setClientDetailsService(oauth20JdbcClientDetailsService);
+        tokenServices.setTokenStore(oauth20TokenStore);
+        tokenServices.setSupportRefreshToken(true);
+        return tokenServices;
+    }
+    
+	
 	//以下内容可以注释掉后再xml中配置,xml引入在MaxKeyMgtApplication中
 	@Bean(name = "authenticationRealm")
    public JdbcAuthenticationRealm JdbcAuthenticationRealm(
--- a/maxkey-web-manage/src/main/java/org/maxkey/MaxKeyMgtMvcConfig.java
+++ b/maxkey-web-manage/src/main/java/org/maxkey/MaxKeyMgtMvcConfig.java
@@ -2,6 +2,7 @@ package org.maxkey;

 import org.maxkey.web.interceptor.HistoryLogsAdapter;
 import org.maxkey.web.interceptor.PermissionAdapter;
+import org.maxkey.web.interceptor.RestApiPermissionAdapter;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -25,6 +26,9 @@ public class MaxKeyMgtMvcConfig implements WebMvcConfigurer {
    @Autowired
    LocaleChangeInterceptor localeChangeInterceptor;
    
+    @Autowired
+    RestApiPermissionAdapter restApiPermissionAdapter;
+    
    @Override
    public void addResourceHandlers(ResourceHandlerRegistry registry) {
        registry.addResourceHandler("/static/**")
@@ -73,6 +77,13 @@ public class MaxKeyMgtMvcConfig implements WebMvcConfigurer {
        registry.addInterceptor(localeChangeInterceptor);
        _logger.debug("add LocaleChangeInterceptor");
        
+        
+        registry.addInterceptor(restApiPermissionAdapter)
+                .addPathPatterns("/identity/api/**")
+                ;
+
+        _logger.debug("add RestApiPermissionAdapter");
+        
    }

 }
--- a/maxkey-web-manage/src/main/java/org/maxkey/web/interceptor/Oauth20ApiPermissionAdapter.java
+++ b/maxkey-web-manage/src/main/java/org/maxkey/web/interceptor/Oauth20ApiPermissionAdapter.java
@@ -0,0 +1,64 @@
+package org.maxkey.web.interceptor;
+
+import java.util.concurrent.ConcurrentHashMap;
+
+import javax.servlet.RequestDispatcher;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.maxkey.authz.oauth2.provider.OAuth2Authentication;
+import org.maxkey.authz.oauth2.provider.token.DefaultTokenServices;
+import org.maxkey.crypto.password.PasswordReciprocal;
+import org.maxkey.util.AuthorizationHeaderUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.stereotype.Component;
+import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
+
+/**
+ * OAuth v2.0 accessToken认证Interceptor处理.
+ * @author Crystal.Sea
+ *
+ */
+@Component
+public class Oauth20ApiPermissionAdapter extends HandlerInterceptorAdapter {
+	private static final Logger _logger = LoggerFactory.getLogger(Oauth20ApiPermissionAdapter.class);
+	
+	@Autowired
+    @Qualifier("passwordReciprocal")
+    protected PasswordReciprocal passwordReciprocal;
+	
+	@Autowired
+    @Qualifier("oauth20TokenServices")
+    private DefaultTokenServices oauth20tokenServices;
+	
+	static  ConcurrentHashMap<String ,String >navigationsMap=null;
+	
+	/*
+	 * 请求前处理
+	 *  (non-Javadoc)
+	 * @see org.springframework.web.servlet.handler.HandlerInterceptorAdapter#preHandle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object)
+	 */
+	@Override
+	public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
+		 _logger.trace("Oauth20ApiPermissionAdapter preHandle");
+		String  authorization = request.getHeader(AuthorizationHeaderUtils.AUTHORIZATION_HEADERNAME);
+		 
+		 String accessToken = AuthorizationHeaderUtils.resolveBearer(authorization);
+		 OAuth2Authentication authentication = oauth20tokenServices.loadAuthentication(accessToken);
+		 
+		//判断应用的accessToken信息
+		if(authentication != null ){
+		    _logger.trace("authentication "+ authentication);
+		    return true;
+		}
+		
+		_logger.trace("No Authentication ... forward to /login");
+        RequestDispatcher dispatcher = request.getRequestDispatcher("/login");
+        dispatcher.forward(request, response);
+        
+		return false;
+	}
+}
--- a/maxkey-web-manage/src/main/java/org/maxkey/web/interceptor/RestApiPermissionAdapter.java
+++ b/maxkey-web-manage/src/main/java/org/maxkey/web/interceptor/RestApiPermissionAdapter.java
@@ -0,0 +1,67 @@
+package org.maxkey.web.interceptor;
+
+import java.util.concurrent.ConcurrentHashMap;
+
+import javax.servlet.RequestDispatcher;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import org.maxkey.crypto.password.PasswordReciprocal;
+import org.maxkey.dao.service.AppsService;
+import org.maxkey.domain.apps.Apps;
+import org.maxkey.util.AuthorizationHeaderUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Qualifier;
+import org.springframework.stereotype.Component;
+import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
+
+/**
+ * basic认证Interceptor处理.
+ * @author Crystal.Sea
+ *
+ */
+@Component
+public class RestApiPermissionAdapter extends HandlerInterceptorAdapter {
+	private static final Logger _logger = LoggerFactory.getLogger(RestApiPermissionAdapter.class);
+	
+	@Autowired
+    AppsService appsService;
+	
+	@Autowired
+    @Qualifier("passwordReciprocal")
+    protected PasswordReciprocal passwordReciprocal;
+	
+	static  ConcurrentHashMap<String ,String >navigationsMap=null;
+	
+	/*
+	 * 请求前处理
+	 *  (non-Javadoc)
+	 * @see org.springframework.web.servlet.handler.HandlerInterceptorAdapter#preHandle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object)
+	 */
+	@Override
+	public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
+		 _logger.trace("RestApiPermissionAdapter preHandle");
+		String  authorization = request.getHeader(AuthorizationHeaderUtils.AUTHORIZATION_HEADERNAME);
+		 
+		 String [] basicUserPass = AuthorizationHeaderUtils.resolveBasic(authorization);
+		 
+		//判断应用的AppId和Secret
+		if(basicUserPass != null && basicUserPass.length==2){
+		    _logger.trace(""+ basicUserPass[0]+":"+basicUserPass[1]);
+		    Apps app = appsService.get(basicUserPass[0]);
+		    
+		    _logger.debug("App Info "+ app.getSecret());
+		    if(app != null && passwordReciprocal.encode(basicUserPass[1]).equalsIgnoreCase(app.getSecret())) {
+		        return true;
+		    }
+		}
+		
+		
+		_logger.trace("No Authentication ... forward to /login");
+        RequestDispatcher dispatcher = request.getRequestDispatcher("/login");
+        dispatcher.forward(request, response);
+        
+		return false;
+	}
+}