mirror of
https://gitee.com/dromara/MaxKey.git
synced 2026-05-14 20:50:14 +08:00
v 3.3.0
This commit is contained in:
MaxKey
@@ -24,10 +24,11 @@ import org.maxkey.authn.online.OnlineTicketServices;
|
||||
import org.maxkey.authn.realm.AbstractAuthenticationRealm;
|
||||
import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
|
||||
import org.maxkey.configuration.ApplicationConfig;
|
||||
import org.maxkey.constants.ConstantsLoginType;
|
||||
import org.maxkey.constants.ConstantsStatus;
|
||||
import org.maxkey.constants.ConstsLoginType;
|
||||
import org.maxkey.constants.ConstsStatus;
|
||||
import org.maxkey.entity.UserInfo;
|
||||
import org.maxkey.password.onetimepwd.AbstractOtpAuthn;
|
||||
import org.maxkey.password.onetimepwd.OtpAuthnService;
|
||||
import org.maxkey.web.WebConstants;
|
||||
import org.maxkey.web.WebContext;
|
||||
import org.slf4j.Logger;
|
||||
@@ -59,7 +60,7 @@ public abstract class AbstractAuthenticationProvider {
|
||||
|
||||
protected AbstractOtpAuthn tfaOtpAuthn;
|
||||
|
||||
protected AbstractOtpAuthn smsOtpAuthn;
|
||||
protected OtpAuthnService otpAuthnService;
|
||||
|
||||
protected AbstractRemeberMeService remeberMeService;
|
||||
|
||||
@@ -118,7 +119,7 @@ public abstract class AbstractAuthenticationProvider {
|
||||
changeSession(authentication);
|
||||
|
||||
authenticationRealm.insertLoginHistory( WebContext.getUserInfo(),
|
||||
ConstantsLoginType.LOCAL,
|
||||
ConstsLoginType.LOCAL,
|
||||
"",
|
||||
"xe00000004",
|
||||
WebConstants.LOGIN_RESULT.SUCCESS);
|
||||
@@ -255,6 +256,7 @@ public abstract class AbstractAuthenticationProvider {
|
||||
UserInfo validUserInfo = new UserInfo();
|
||||
validUserInfo.setUsername(userInfo.getUsername());
|
||||
validUserInfo.setId(userInfo.getId());
|
||||
AbstractOtpAuthn smsOtpAuthn = otpAuthnService.getByInstId(userInfo.getInstId());
|
||||
if (password == null || !smsOtpAuthn.validate(validUserInfo, password)) {
|
||||
String message = WebContext.getI18nValue("login.error.captcha");
|
||||
_logger.debug("login captcha valid error.");
|
||||
@@ -336,13 +338,13 @@ public abstract class AbstractAuthenticationProvider {
|
||||
loginUser.setLoginCount(0);
|
||||
authenticationRealm.insertLoginHistory(
|
||||
loginUser,
|
||||
ConstantsLoginType.LOCAL,
|
||||
ConstsLoginType.LOCAL,
|
||||
"",
|
||||
i18nMessage,
|
||||
WebConstants.LOGIN_RESULT.USER_NOT_EXIST);
|
||||
throw new BadCredentialsException(i18nMessage);
|
||||
}else {
|
||||
if(userInfo.getIsLocked()==ConstantsStatus.LOCK) {
|
||||
if(userInfo.getIsLocked()==ConstsStatus.LOCK) {
|
||||
authenticationRealm.insertLoginHistory(
|
||||
userInfo,
|
||||
loginCredential.getAuthType(),
|
||||
@@ -350,7 +352,7 @@ public abstract class AbstractAuthenticationProvider {
|
||||
loginCredential.getCode(),
|
||||
WebConstants.LOGIN_RESULT.USER_LOCKED
|
||||
);
|
||||
}else if(userInfo.getStatus()!=ConstantsStatus.ACTIVE) {
|
||||
}else if(userInfo.getStatus()!=ConstsStatus.ACTIVE) {
|
||||
authenticationRealm.insertLoginHistory(
|
||||
userInfo,
|
||||
loginCredential.getAuthType(),
|
||||
@@ -383,7 +385,8 @@ public abstract class AbstractAuthenticationProvider {
|
||||
this.onlineTicketServices = onlineTicketServices;
|
||||
}
|
||||
|
||||
public void setSmsOtpAuthn(AbstractOtpAuthn smsOtpAuthn) {
|
||||
this.smsOtpAuthn = smsOtpAuthn;
|
||||
public void setOtpAuthnService(OtpAuthnService otpAuthnService) {
|
||||
this.otpAuthnService = otpAuthnService;
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -26,6 +26,7 @@ import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
|
||||
import org.maxkey.configuration.ApplicationConfig;
|
||||
import org.maxkey.entity.UserInfo;
|
||||
import org.maxkey.password.onetimepwd.AbstractOtpAuthn;
|
||||
import org.maxkey.password.onetimepwd.OtpAuthnService;
|
||||
import org.maxkey.web.WebConstants;
|
||||
import org.maxkey.web.WebContext;
|
||||
import org.slf4j.Logger;
|
||||
@@ -62,13 +63,13 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
|
||||
AbstractAuthenticationRealm authenticationRealm,
|
||||
ApplicationConfig applicationConfig,
|
||||
AbstractOtpAuthn tfaOtpAuthn,
|
||||
AbstractOtpAuthn smsOtpAuthn,
|
||||
OtpAuthnService otpAuthnService,
|
||||
AbstractRemeberMeService remeberMeService,
|
||||
OnlineTicketServices onlineTicketServices) {
|
||||
this.authenticationRealm = authenticationRealm;
|
||||
this.applicationConfig = applicationConfig;
|
||||
this.tfaOtpAuthn = tfaOtpAuthn;
|
||||
this.smsOtpAuthn = smsOtpAuthn;
|
||||
this.otpAuthnService = otpAuthnService;
|
||||
this.remeberMeService = remeberMeService;
|
||||
this.onlineTicketServices = onlineTicketServices;
|
||||
}
|
||||
|
||||
@@ -17,7 +17,7 @@
|
||||
|
||||
package org.maxkey.authn.online;
|
||||
|
||||
import org.maxkey.constants.ConstantsPersistence;
|
||||
import org.maxkey.constants.ConstsPersistence;
|
||||
import org.maxkey.persistence.redis.RedisConnectionFactory;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
@@ -33,12 +33,12 @@ public class OnlineTicketServicesFactory {
|
||||
RedisConnectionFactory redisConnFactory){
|
||||
|
||||
OnlineTicketServices onlineTicketServices = null;
|
||||
if (persistence == ConstantsPersistence.INMEMORY) {
|
||||
if (persistence == ConstsPersistence.INMEMORY) {
|
||||
onlineTicketServices = new InMemoryOnlineTicketServices();
|
||||
_logger.debug("InMemoryOnlineTicketServices");
|
||||
} else if (persistence == ConstantsPersistence.JDBC) {
|
||||
} else if (persistence == ConstsPersistence.JDBC) {
|
||||
_logger.debug("OnlineTicketServices not support ");
|
||||
} else if (persistence == ConstantsPersistence.REDIS) {
|
||||
} else if (persistence == ConstsPersistence.REDIS) {
|
||||
onlineTicketServices = new RedisOnlineTicketServices(redisConnFactory);
|
||||
_logger.debug("RedisOnlineTicketServices");
|
||||
}
|
||||
|
||||
@@ -22,6 +22,7 @@ import java.util.Date;
|
||||
import java.util.List;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.maxkey.authn.realm.ldap.LdapAuthenticationRealmService;
|
||||
import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
|
||||
import org.maxkey.entity.Groups;
|
||||
import org.maxkey.entity.HistoryLogin;
|
||||
@@ -58,12 +59,9 @@ public abstract class AbstractAuthenticationRealm {
|
||||
|
||||
protected AbstractRemeberMeService remeberMeService;
|
||||
|
||||
protected boolean ldapSupport;
|
||||
|
||||
protected AbstractAuthenticationRealm ldapAuthenticationRealm;
|
||||
|
||||
protected UserInfoService userInfoService;
|
||||
|
||||
protected LdapAuthenticationRealmService ldapAuthenticationRealmService;
|
||||
|
||||
|
||||
/**
|
||||
|
||||
@@ -1,74 +0,0 @@
|
||||
/*
|
||||
* Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
|
||||
|
||||
package org.maxkey.authn.realm.activedirectory;
|
||||
|
||||
import java.util.List;
|
||||
|
||||
import javax.validation.constraints.NotNull;
|
||||
import javax.validation.constraints.Size;
|
||||
|
||||
import org.maxkey.authn.realm.AbstractAuthenticationRealm;
|
||||
import org.maxkey.authn.realm.IAuthenticationServer;
|
||||
import org.maxkey.entity.UserInfo;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.jdbc.core.JdbcTemplate;
|
||||
|
||||
|
||||
public class ActiveDirectoryAuthenticationRealm extends AbstractAuthenticationRealm{
|
||||
private final static Logger _logger = LoggerFactory.getLogger(ActiveDirectoryAuthenticationRealm.class);
|
||||
|
||||
@NotNull
|
||||
@Size(min=1)
|
||||
private List<IAuthenticationServer> activeDirectoryServers;
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
public ActiveDirectoryAuthenticationRealm() {
|
||||
super();
|
||||
}
|
||||
|
||||
/**
|
||||
* @param jdbcTemplate
|
||||
*/
|
||||
public ActiveDirectoryAuthenticationRealm(JdbcTemplate jdbcTemplate) {
|
||||
super(jdbcTemplate);
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public boolean passwordMatches(UserInfo userInfo, String password) {
|
||||
boolean isAuthenticated=false;
|
||||
for (final IAuthenticationServer activeDirectoryServer : this.activeDirectoryServers) {
|
||||
_logger.debug("Attempting to authenticate {} at {}", userInfo.getUsername(), activeDirectoryServer);
|
||||
isAuthenticated= activeDirectoryServer.authenticate(userInfo.getUsername(), password);
|
||||
if (isAuthenticated ) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
|
||||
|
||||
public void setActiveDirectoryServers(
|
||||
List<IAuthenticationServer> activeDirectoryServers) {
|
||||
this.activeDirectoryServers = activeDirectoryServers;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -18,8 +18,10 @@
|
||||
package org.maxkey.authn.realm.jdbc;
|
||||
|
||||
import org.maxkey.authn.realm.AbstractAuthenticationRealm;
|
||||
import org.maxkey.authn.realm.ldap.LdapAuthenticationRealm;
|
||||
import org.maxkey.authn.realm.ldap.LdapAuthenticationRealmService;
|
||||
import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
|
||||
import org.maxkey.constants.ConstantsLoginType;
|
||||
import org.maxkey.constants.ConstsLoginType;
|
||||
import org.maxkey.entity.PasswordPolicy;
|
||||
import org.maxkey.entity.UserInfo;
|
||||
import org.maxkey.persistence.repository.LoginHistoryRepository;
|
||||
@@ -66,11 +68,10 @@ public class JdbcAuthenticationRealm extends AbstractAuthenticationRealm {
|
||||
this.loginRepository = loginRepository;
|
||||
this.loginHistoryRepository = loginHistoryRepository;
|
||||
this.remeberMeService = remeberMeService;
|
||||
this.userInfoService = userInfoService;
|
||||
this.userInfoService = userInfoService;
|
||||
this.jdbcTemplate = jdbcTemplate;
|
||||
}
|
||||
|
||||
|
||||
|
||||
public JdbcAuthenticationRealm(
|
||||
PasswordEncoder passwordEncoder,
|
||||
PasswordPolicyValidator passwordPolicyValidator,
|
||||
@@ -79,19 +80,15 @@ public class JdbcAuthenticationRealm extends AbstractAuthenticationRealm {
|
||||
AbstractRemeberMeService remeberMeService,
|
||||
UserInfoService userInfoService,
|
||||
JdbcTemplate jdbcTemplate,
|
||||
AbstractAuthenticationRealm ldapAuthenticationRealm,
|
||||
boolean ldapSupport
|
||||
) {
|
||||
|
||||
this.passwordEncoder =passwordEncoder;
|
||||
this.passwordPolicyValidator=passwordPolicyValidator;
|
||||
this.loginRepository = loginRepository;
|
||||
this.loginHistoryRepository = loginHistoryRepository;
|
||||
this.remeberMeService = remeberMeService;
|
||||
this.jdbcTemplate = jdbcTemplate;
|
||||
this.ldapAuthenticationRealm = ldapAuthenticationRealm;
|
||||
this.userInfoService = userInfoService;
|
||||
this.ldapSupport = ldapSupport;
|
||||
LdapAuthenticationRealmService ldapAuthenticationRealmService) {
|
||||
this.passwordEncoder = passwordEncoder;
|
||||
this.passwordPolicyValidator = passwordPolicyValidator;
|
||||
this.loginRepository = loginRepository;
|
||||
this.loginHistoryRepository = loginHistoryRepository;
|
||||
this.remeberMeService = remeberMeService;
|
||||
this.userInfoService = userInfoService;
|
||||
this.jdbcTemplate = jdbcTemplate;
|
||||
this.ldapAuthenticationRealmService = ldapAuthenticationRealmService;
|
||||
}
|
||||
|
||||
/**
|
||||
@@ -104,24 +101,26 @@ public class JdbcAuthenticationRealm extends AbstractAuthenticationRealm {
|
||||
// + PasswordReciprocal.getInstance().rawPassword(userInfo.getUsername(), password));
|
||||
passwordMatches = passwordEncoder.matches(password,userInfo.getPassword());
|
||||
|
||||
//passwordMatches == false and ldapSupport ==true
|
||||
//validate password with LDAP
|
||||
if(!passwordMatches && ldapSupport) {
|
||||
passwordMatches =this.ldapAuthenticationRealm.passwordMatches(userInfo, password);
|
||||
if(passwordMatches) {
|
||||
//init password to local Realm
|
||||
UserInfo changePasswordUser = new UserInfo();
|
||||
changePasswordUser.setId(userInfo.getId());
|
||||
changePasswordUser.setUsername(userInfo.getUsername());
|
||||
changePasswordUser.setPassword(password);
|
||||
userInfoService.changePassword(changePasswordUser, false);
|
||||
}
|
||||
if(ldapAuthenticationRealmService != null) {
|
||||
//passwordMatches == false and ldapSupport ==true
|
||||
//validate password with LDAP
|
||||
LdapAuthenticationRealm ldapRealm = ldapAuthenticationRealmService.getByInstId(userInfo.getInstId());
|
||||
if(!passwordMatches && ldapRealm != null && ldapRealm.isLdapSupport()) {
|
||||
passwordMatches = ldapRealm.passwordMatches(userInfo, password);
|
||||
if(passwordMatches) {
|
||||
//write password to database Realm
|
||||
UserInfo changePasswordUser = new UserInfo();
|
||||
changePasswordUser.setId(userInfo.getId());
|
||||
changePasswordUser.setUsername(userInfo.getUsername());
|
||||
changePasswordUser.setPassword(password);
|
||||
userInfoService.changePassword(changePasswordUser, false);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
_logger.debug("passwordvalid : {}" , passwordMatches);
|
||||
if (!passwordMatches) {
|
||||
passwordPolicyValidator.plusBadPasswordCount(userInfo);
|
||||
insertLoginHistory(userInfo, ConstantsLoginType.LOCAL, "", "xe00000004", WebConstants.LOGIN_RESULT.PASSWORD_ERROE);
|
||||
insertLoginHistory(userInfo, ConstsLoginType.LOCAL, "", "xe00000004", WebConstants.LOGIN_RESULT.PASSWORD_ERROE);
|
||||
PasswordPolicy passwordPolicy = passwordPolicyValidator.getPasswordPolicyRepository().getPasswordPolicy();
|
||||
if(userInfo.getBadPasswordCount()>=(passwordPolicy.getAttempts()/2)) {
|
||||
throw new BadCredentialsException(
|
||||
|
||||
@@ -18,7 +18,7 @@
|
||||
/**
|
||||
*
|
||||
*/
|
||||
package org.maxkey.authn.realm.activedirectory;
|
||||
package org.maxkey.authn.realm.ldap;
|
||||
|
||||
import org.maxkey.authn.realm.IAuthenticationServer;
|
||||
import org.maxkey.persistence.ldap.ActiveDirectoryUtils;
|
||||
@@ -36,6 +36,8 @@ public class LdapAuthenticationRealm extends AbstractAuthenticationRealm{
|
||||
@Size(min=1)
|
||||
private List<IAuthenticationServer> ldapServers;
|
||||
|
||||
private boolean ldapSupport;
|
||||
|
||||
/**
|
||||
*
|
||||
*/
|
||||
@@ -43,6 +45,10 @@ public class LdapAuthenticationRealm extends AbstractAuthenticationRealm{
|
||||
|
||||
}
|
||||
|
||||
public LdapAuthenticationRealm(boolean ldapSupport) {
|
||||
this.ldapSupport = ldapSupport;
|
||||
}
|
||||
|
||||
/**
|
||||
* @param jdbcTemplate
|
||||
*/
|
||||
@@ -68,5 +74,13 @@ public class LdapAuthenticationRealm extends AbstractAuthenticationRealm{
|
||||
this.ldapServers = ldapServers;
|
||||
}
|
||||
|
||||
public boolean isLdapSupport() {
|
||||
return ldapSupport;
|
||||
}
|
||||
|
||||
public void setLdapSupport(boolean ldapSupport) {
|
||||
this.ldapSupport = ldapSupport;
|
||||
}
|
||||
|
||||
|
||||
}
|
||||
|
||||
@@ -0,0 +1,84 @@
|
||||
/*
|
||||
* Copyright [2022] [MaxKey of copyright http://www.maxkey.top]
|
||||
*
|
||||
* Licensed under the Apache License, Version 2.0 (the "License");
|
||||
* you may not use this file except in compliance with the License.
|
||||
* You may obtain a copy of the License at
|
||||
*
|
||||
* http://www.apache.org/licenses/LICENSE-2.0
|
||||
*
|
||||
* Unless required by applicable law or agreed to in writing, software
|
||||
* distributed under the License is distributed on an "AS IS" BASIS,
|
||||
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
|
||||
* See the License for the specific language governing permissions and
|
||||
* limitations under the License.
|
||||
*/
|
||||
package org.maxkey.authn.realm.ldap;
|
||||
|
||||
import java.sql.Types;
|
||||
import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
import org.maxkey.authn.realm.IAuthenticationServer;
|
||||
import org.maxkey.entity.LdapContext;
|
||||
import org.maxkey.persistence.ldap.ActiveDirectoryUtils;
|
||||
import org.maxkey.persistence.ldap.LdapUtils;
|
||||
import org.maxkey.persistence.service.LdapContextService;
|
||||
|
||||
import com.github.benmanes.caffeine.cache.Cache;
|
||||
import com.github.benmanes.caffeine.cache.Caffeine;
|
||||
|
||||
public class LdapAuthenticationRealmService {
|
||||
protected static final Cache<String, LdapAuthenticationRealm> ldapRealmStore =
|
||||
Caffeine.newBuilder()
|
||||
.expireAfterWrite(60, TimeUnit.MINUTES)
|
||||
.build();
|
||||
|
||||
LdapContextService ldapContextService;
|
||||
|
||||
|
||||
public LdapAuthenticationRealmService(LdapContextService ldapContextService) {
|
||||
this.ldapContextService = ldapContextService;
|
||||
}
|
||||
|
||||
public LdapAuthenticationRealm getByInstId(String instId) {
|
||||
LdapAuthenticationRealm authenticationRealm = ldapRealmStore.getIfPresent(instId);
|
||||
if(authenticationRealm == null) {
|
||||
List<LdapContext> ldapContexts =
|
||||
ldapContextService.find("where instid = ? ", new Object[]{instId}, new int[]{Types.VARCHAR});
|
||||
authenticationRealm = new LdapAuthenticationRealm(false);
|
||||
if(ldapContexts != null && ldapContexts.size()>0) {
|
||||
authenticationRealm.setLdapSupport(true);
|
||||
List<IAuthenticationServer> ldapAuthenticationServers = new ArrayList<IAuthenticationServer>();
|
||||
for(LdapContext ldapContext : ldapContexts) {
|
||||
if(ldapContext.getProduct().equalsIgnoreCase("ActiveDirectory")) {
|
||||
ActiveDirectoryServer ldapServer = new ActiveDirectoryServer();
|
||||
ActiveDirectoryUtils ldapUtils = new ActiveDirectoryUtils(
|
||||
ldapContext.getProviderUrl(),
|
||||
ldapContext.getPrincipal(),
|
||||
ldapContext.getCredentials(),
|
||||
ldapContext.getMsadDomain());
|
||||
ldapServer.setActiveDirectoryUtils(ldapUtils);
|
||||
ldapAuthenticationServers.add(ldapServer);
|
||||
|
||||
}else {
|
||||
StandardLdapServer standardLdapServer=new StandardLdapServer();
|
||||
LdapUtils ldapUtils = new LdapUtils(
|
||||
ldapContext.getProviderUrl(),
|
||||
ldapContext.getPrincipal(),
|
||||
ldapContext.getCredentials(),
|
||||
ldapContext.getBasedn());
|
||||
standardLdapServer.setLdapUtils(ldapUtils);
|
||||
standardLdapServer.setFilterAttribute(ldapContext.getFilters());
|
||||
ldapAuthenticationServers.add(standardLdapServer);
|
||||
}
|
||||
}
|
||||
authenticationRealm.setLdapServers(ldapAuthenticationServers);
|
||||
}
|
||||
ldapRealmStore.put(instId, authenticationRealm);
|
||||
}
|
||||
return authenticationRealm;
|
||||
|
||||
}
|
||||
}
|
||||
@@ -34,8 +34,8 @@ import org.slf4j.LoggerFactory;
|
||||
* @author Crystal.Sea
|
||||
*
|
||||
*/
|
||||
public final class LdapServer implements IAuthenticationServer {
|
||||
private final static Logger _logger = LoggerFactory.getLogger(LdapServer.class);
|
||||
public final class StandardLdapServer implements IAuthenticationServer {
|
||||
private final static Logger _logger = LoggerFactory.getLogger(StandardLdapServer.class);
|
||||
|
||||
LdapUtils ldapUtils;
|
||||
|
||||
@@ -22,7 +22,7 @@ import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.maxkey.authn.AbstractAuthenticationProvider;
|
||||
import org.maxkey.authn.LoginCredential;
|
||||
import org.maxkey.constants.ConstantsLoginType;
|
||||
import org.maxkey.constants.ConstsLoginType;
|
||||
import org.maxkey.util.AuthorizationHeaderCredential;
|
||||
import org.maxkey.util.AuthorizationHeaderUtils;
|
||||
import org.slf4j.Logger;
|
||||
@@ -130,7 +130,7 @@ public class BasicEntryPoint implements AsyncHandlerInterceptor {
|
||||
}
|
||||
|
||||
if(!isAuthenticated){
|
||||
LoginCredential loginCredential =new LoginCredential(headerCredential.getUsername(),"",ConstantsLoginType.BASIC);
|
||||
LoginCredential loginCredential =new LoginCredential(headerCredential.getUsername(),"",ConstsLoginType.BASIC);
|
||||
authenticationProvider.authentication(loginCredential,true);
|
||||
_logger.info("Authentication "+headerCredential.getUsername()+" successful .");
|
||||
}
|
||||
|
||||
@@ -22,7 +22,7 @@ import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.maxkey.authn.AbstractAuthenticationProvider;
|
||||
import org.maxkey.authn.LoginCredential;
|
||||
import org.maxkey.constants.ConstantsLoginType;
|
||||
import org.maxkey.constants.ConstsLoginType;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
@@ -109,7 +109,7 @@ public class HttpHeaderEntryPoint implements AsyncHandlerInterceptor {
|
||||
}
|
||||
|
||||
if(!isAuthenticated){
|
||||
LoginCredential loginCredential =new LoginCredential(httpHeaderUsername,"",ConstantsLoginType.HTTPHEADER);
|
||||
LoginCredential loginCredential =new LoginCredential(httpHeaderUsername,"",ConstsLoginType.HTTPHEADER);
|
||||
authenticationProvider.authentication(loginCredential,true);
|
||||
_logger.info("Authentication "+httpHeaderUsername+" successful .");
|
||||
}
|
||||
|
||||
@@ -23,7 +23,7 @@ import javax.servlet.http.HttpServletResponse;
|
||||
import org.maxkey.authn.AbstractAuthenticationProvider;
|
||||
import org.maxkey.authn.LoginCredential;
|
||||
import org.maxkey.configuration.ApplicationConfig;
|
||||
import org.maxkey.constants.ConstantsLoginType;
|
||||
import org.maxkey.constants.ConstsLoginType;
|
||||
import org.maxkey.web.WebConstants;
|
||||
import org.maxkey.web.WebContext;
|
||||
import org.slf4j.Logger;
|
||||
@@ -78,7 +78,7 @@ public class HttpJwtEntryPoint implements AsyncHandlerInterceptor {
|
||||
SignedJWT signedJWT = jwtLoginService.jwtTokenValidation(jwt);
|
||||
if(signedJWT != null) {
|
||||
String username =signedJWT.getJWTClaimsSet().getSubject();
|
||||
LoginCredential loginCredential =new LoginCredential(username,"",ConstantsLoginType.JWT);
|
||||
LoginCredential loginCredential =new LoginCredential(username,"",ConstsLoginType.JWT);
|
||||
authenticationProvider.authentication(loginCredential,true);
|
||||
_logger.debug("JWT Logined in , username " + username);
|
||||
}
|
||||
|
||||
@@ -23,7 +23,7 @@ import org.joda.time.DateTime;
|
||||
import org.maxkey.authn.AbstractAuthenticationProvider;
|
||||
import org.maxkey.authn.LoginCredential;
|
||||
import org.maxkey.configuration.ApplicationConfig;
|
||||
import org.maxkey.constants.ConstantsLoginType;
|
||||
import org.maxkey.constants.ConstsLoginType;
|
||||
import org.maxkey.crypto.ReciprocalUtils;
|
||||
import org.maxkey.util.DateUtils;
|
||||
import org.maxkey.util.JsonUtils;
|
||||
@@ -95,7 +95,7 @@ public class HttpKerberosEntryPoint implements AsyncHandlerInterceptor {
|
||||
_logger.debug("Kerberos Token is After Now "+notOnOrAfter.isAfterNow());
|
||||
|
||||
if(notOnOrAfter.isAfterNow()){
|
||||
LoginCredential loginCredential =new LoginCredential(kerberosToken.getPrincipal(),"",ConstantsLoginType.KERBEROS);
|
||||
LoginCredential loginCredential =new LoginCredential(kerberosToken.getPrincipal(),"",ConstsLoginType.KERBEROS);
|
||||
loginCredential.setProvider(kerberosUserDomain);
|
||||
authenticationProvider.authentication(loginCredential,true);
|
||||
_logger.debug("Kerberos Logined in , username " + kerberosToken.getPrincipal());
|
||||
|
||||
@@ -23,7 +23,7 @@ import javax.servlet.http.Cookie;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import org.maxkey.configuration.ApplicationConfig;
|
||||
import org.maxkey.constants.ConstantsTimeInterval;
|
||||
import org.maxkey.constants.ConstsTimeInterval;
|
||||
import org.maxkey.crypto.Base64Utils;
|
||||
import org.maxkey.crypto.password.PasswordReciprocal;
|
||||
import org.maxkey.util.JsonUtils;
|
||||
@@ -37,7 +37,7 @@ import org.springframework.beans.factory.annotation.Qualifier;
|
||||
public abstract class AbstractRemeberMeService {
|
||||
private static final Logger _logger = LoggerFactory.getLogger(AbstractRemeberMeService.class);
|
||||
|
||||
protected Integer remeberMeValidity = ConstantsTimeInterval.TWO_WEEK;
|
||||
protected Integer remeberMeValidity = ConstsTimeInterval.TWO_WEEK;
|
||||
|
||||
protected String validity;
|
||||
|
||||
@@ -152,13 +152,13 @@ public abstract class AbstractRemeberMeService {
|
||||
if (Pattern.matches("[0-9]+", validity)) {
|
||||
remeberMeValidity = Integer.parseInt(validity);
|
||||
} else if (validity.equalsIgnoreCase("ONE_DAY")) {
|
||||
remeberMeValidity = ConstantsTimeInterval.ONE_DAY;
|
||||
remeberMeValidity = ConstsTimeInterval.ONE_DAY;
|
||||
} else if (validity.equalsIgnoreCase("ONE_WEEK")) {
|
||||
remeberMeValidity = ConstantsTimeInterval.ONE_WEEK;
|
||||
remeberMeValidity = ConstsTimeInterval.ONE_WEEK;
|
||||
} else if (validity.equalsIgnoreCase("TWO_WEEK")) {
|
||||
remeberMeValidity = ConstantsTimeInterval.TWO_WEEK;
|
||||
remeberMeValidity = ConstsTimeInterval.TWO_WEEK;
|
||||
} else if (validity.equalsIgnoreCase("ONE_YEAR")) {
|
||||
remeberMeValidity = ConstantsTimeInterval.ONE_YEAR;
|
||||
remeberMeValidity = ConstsTimeInterval.ONE_YEAR;
|
||||
}
|
||||
|
||||
_logger.debug("Remeber Me Validity : " + remeberMeValidity);
|
||||
|
||||
@@ -25,7 +25,7 @@ import org.joda.time.DateTime;
|
||||
import org.maxkey.authn.AbstractAuthenticationProvider;
|
||||
import org.maxkey.authn.LoginCredential;
|
||||
import org.maxkey.configuration.ApplicationConfig;
|
||||
import org.maxkey.constants.ConstantsLoginType;
|
||||
import org.maxkey.constants.ConstsLoginType;
|
||||
import org.maxkey.crypto.Base64Utils;
|
||||
import org.maxkey.crypto.password.PasswordReciprocal;
|
||||
import org.maxkey.util.JsonUtils;
|
||||
@@ -96,7 +96,7 @@ public class HttpRemeberMeEntryPoint implements AsyncHandlerInterceptor {
|
||||
DateTime now = new DateTime();
|
||||
if (now.isBefore(expiryDate)) {
|
||||
LoginCredential loginCredential =
|
||||
new LoginCredential(storeRemeberMe.getUsername(),"",ConstantsLoginType.REMEBER_ME);
|
||||
new LoginCredential(storeRemeberMe.getUsername(),"",ConstsLoginType.REMEBER_ME);
|
||||
authenticationProvider.authentication(loginCredential,true);
|
||||
remeberMeService.updateRemeberMe(remeberMeCookie, response);
|
||||
_logger.debug("RemeberMe Logined in , username " + storeRemeberMe.getUsername());
|
||||
|
||||
@@ -19,7 +19,7 @@ package org.maxkey.authn.support.rememberme;
|
||||
|
||||
import java.util.concurrent.TimeUnit;
|
||||
|
||||
import org.maxkey.constants.ConstantsTimeInterval;
|
||||
import org.maxkey.constants.ConstsTimeInterval;
|
||||
|
||||
import com.github.benmanes.caffeine.cache.Cache;
|
||||
import com.github.benmanes.caffeine.cache.Caffeine;
|
||||
@@ -28,7 +28,7 @@ public class InMemoryRemeberMeService extends AbstractRemeberMeService {
|
||||
|
||||
protected static final Cache<String, RemeberMe> remeberMeStore =
|
||||
Caffeine.newBuilder()
|
||||
.expireAfterWrite(ConstantsTimeInterval.TWO_WEEK, TimeUnit.MINUTES)
|
||||
.expireAfterWrite(ConstsTimeInterval.TWO_WEEK, TimeUnit.MINUTES)
|
||||
.build();
|
||||
|
||||
@Override
|
||||
|
||||
@@ -17,13 +17,13 @@
|
||||
|
||||
package org.maxkey.authn.support.rememberme;
|
||||
|
||||
import org.maxkey.constants.ConstantsTimeInterval;
|
||||
import org.maxkey.constants.ConstsTimeInterval;
|
||||
import org.maxkey.persistence.redis.RedisConnection;
|
||||
import org.maxkey.persistence.redis.RedisConnectionFactory;
|
||||
|
||||
public class RedisRemeberMeService extends AbstractRemeberMeService {
|
||||
|
||||
protected int serviceTicketValiditySeconds = ConstantsTimeInterval.TWO_WEEK;
|
||||
protected int serviceTicketValiditySeconds = ConstsTimeInterval.TWO_WEEK;
|
||||
|
||||
RedisConnectionFactory connectionFactory;
|
||||
|
||||
|
||||
@@ -17,7 +17,7 @@
|
||||
|
||||
package org.maxkey.authn.support.rememberme;
|
||||
|
||||
import org.maxkey.constants.ConstantsPersistence;
|
||||
import org.maxkey.constants.ConstsPersistence;
|
||||
import org.maxkey.persistence.redis.RedisConnectionFactory;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
@@ -33,13 +33,13 @@ public class RemeberMeServiceFactory {
|
||||
RedisConnectionFactory redisConnFactory){
|
||||
|
||||
AbstractRemeberMeService remeberMeService = null;
|
||||
if (persistence == ConstantsPersistence.INMEMORY) {
|
||||
if (persistence == ConstsPersistence.INMEMORY) {
|
||||
remeberMeService = new InMemoryRemeberMeService();
|
||||
_logger.debug("InMemoryRemeberMeService");
|
||||
} else if (persistence == ConstantsPersistence.JDBC) {
|
||||
} else if (persistence == ConstsPersistence.JDBC) {
|
||||
//remeberMeService = new JdbcRemeberMeService(jdbcTemplate);
|
||||
_logger.debug("JdbcRemeberMeService not support ");
|
||||
} else if (persistence == ConstantsPersistence.REDIS) {
|
||||
} else if (persistence == ConstsPersistence.REDIS) {
|
||||
remeberMeService = new RedisRemeberMeService(redisConnFactory);
|
||||
_logger.debug("RedisRemeberMeService");
|
||||
}
|
||||
|
||||
@@ -22,7 +22,7 @@ import javax.servlet.http.HttpServletResponse;
|
||||
import org.maxkey.authn.AbstractAuthenticationProvider;
|
||||
import org.maxkey.authn.LoginCredential;
|
||||
import org.maxkey.configuration.ApplicationConfig;
|
||||
import org.maxkey.constants.ConstantsLoginType;
|
||||
import org.maxkey.constants.ConstsLoginType;
|
||||
import org.maxkey.util.StringUtils;
|
||||
import org.maxkey.web.WebContext;
|
||||
import org.opensaml.saml1.core.impl.AssertionImpl;
|
||||
@@ -99,7 +99,7 @@ public class HttpWsFederationEntryPoint implements AsyncHandlerInterceptor {
|
||||
wsFederationService.getWsFederationConfiguration().getUpnSuffix());
|
||||
}
|
||||
LoginCredential loginCredential =new LoginCredential(
|
||||
wsFederationCredential.getAttributes().get("").toString(),"",ConstantsLoginType.WSFEDERATION);
|
||||
wsFederationCredential.getAttributes().get("").toString(),"",ConstsLoginType.WSFEDERATION);
|
||||
authenticationProvider.authentication(loginCredential,true);
|
||||
return true;
|
||||
} else {
|
||||
|
||||
@@ -26,11 +26,16 @@ import org.maxkey.authn.realm.AbstractAuthenticationRealm;
|
||||
import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
|
||||
import org.maxkey.authn.support.rememberme.RemeberMeServiceFactory;
|
||||
import org.maxkey.configuration.ApplicationConfig;
|
||||
import org.maxkey.constants.ConstsPersistence;
|
||||
import org.maxkey.password.onetimepwd.AbstractOtpAuthn;
|
||||
import org.maxkey.password.onetimepwd.OtpAuthnService;
|
||||
import org.maxkey.password.onetimepwd.token.RedisOtpTokenStore;
|
||||
import org.maxkey.persistence.redis.RedisConnectionFactory;
|
||||
import org.maxkey.persistence.repository.LoginHistoryRepository;
|
||||
import org.maxkey.persistence.repository.LoginRepository;
|
||||
import org.maxkey.persistence.repository.PasswordPolicyValidator;
|
||||
import org.maxkey.persistence.service.EmailSendersService;
|
||||
import org.maxkey.persistence.service.SmsProviderService;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.InitializingBean;
|
||||
@@ -58,7 +63,7 @@ public class AuthenticationAutoConfiguration implements InitializingBean {
|
||||
AbstractAuthenticationRealm authenticationRealm,
|
||||
ApplicationConfig applicationConfig,
|
||||
AbstractOtpAuthn tfaOtpAuthn,
|
||||
AbstractOtpAuthn smsOtpAuthn,
|
||||
OtpAuthnService otpAuthnService,
|
||||
AbstractRemeberMeService remeberMeService,
|
||||
OnlineTicketServices onlineTicketServices
|
||||
) {
|
||||
@@ -68,13 +73,33 @@ public class AuthenticationAutoConfiguration implements InitializingBean {
|
||||
authenticationRealm,
|
||||
applicationConfig,
|
||||
tfaOtpAuthn,
|
||||
smsOtpAuthn,
|
||||
otpAuthnService,
|
||||
remeberMeService,
|
||||
onlineTicketServices
|
||||
);
|
||||
|
||||
}
|
||||
|
||||
@Bean(name = "otpAuthnService")
|
||||
public OtpAuthnService otpAuthnService(
|
||||
@Value("${maxkey.server.persistence}") int persistence,
|
||||
SmsProviderService smsProviderService,
|
||||
EmailSendersService emailSendersService,
|
||||
RedisConnectionFactory redisConnFactory) {
|
||||
OtpAuthnService otpAuthnService =
|
||||
new OtpAuthnService(smsProviderService,emailSendersService);
|
||||
|
||||
if (persistence == ConstsPersistence.REDIS) {
|
||||
RedisOtpTokenStore redisOptTokenStore = new RedisOtpTokenStore(redisConnFactory);
|
||||
otpAuthnService.setRedisOptTokenStore(redisOptTokenStore);
|
||||
}
|
||||
|
||||
|
||||
_logger.debug("OneTimePasswordService {} inited." ,
|
||||
persistence == ConstsPersistence.REDIS ? "Redis" : "InMemory");
|
||||
return otpAuthnService;
|
||||
}
|
||||
|
||||
@Bean(name = "passwordPolicyValidator")
|
||||
public PasswordPolicyValidator passwordPolicyValidator(JdbcTemplate jdbcTemplate,MessageSource messageSource) {
|
||||
return new PasswordPolicyValidator(jdbcTemplate,messageSource);
|
||||
|
||||
Reference in New Issue
Block a user