mirror of
https://github.com/dataease/dataease.git
synced 2026-05-14 04:12:11 +08:00
perf(X-Pack): 完善 SAML2 对接签名过程
This commit is contained in:
fit2cloud-chenyw
committed by
fit2cloud-chenyw
fit2cloud-chenyw
parent
a85df0513f
commit
c0ce1ca428
@@ -0,0 +1 @@
|
||||
<?xml version="1.0" standalone="no"?><!DOCTYPE svg PUBLIC "-//W3C//DTD SVG 1.1//EN" "http://www.w3.org/Graphics/SVG/1.1/DTD/svg11.dtd"><svg t="1758852916058" class="icon" viewBox="0 0 1024 1024" version="1.1" xmlns="http://www.w3.org/2000/svg" p-id="2707" xmlns:xlink="http://www.w3.org/1999/xlink" width="256" height="256"><path d="M160 128a64 64 0 0 1 64-64h384.128L864 320v576a64 64 0 0 1-64 64H224a64 64 0 0 1-64-64V128z" fill="#63CF6A" p-id="2708"></path><path d="M863.68 320H656A48 48 0 0 1 608 272V64.32L863.68 320z" fill="#B8F9BC" p-id="2709"></path><path d="M572.928 681.216h33.024l63.744 146.432h0.768l63.488-146.432h33.024V864h-27.904v-130.56h-1.024L681.984 864h-24.064l-56.064-130.56h-1.024V864h-27.904v-182.784zM408.928 681.216h131.328v23.808H436.8v53.248h97.28v23.808h-97.28v58.112h107.776V864h-135.68v-182.784zM241.92 681.216h75.776c43.52 0 65.28 18.432 65.28 55.552 0 37.376-22.016 56.064-65.792 56.064h-47.36V864H241.92v-182.784z m27.904 23.808v64h45.568c13.824 0 23.808-2.56 30.208-7.68 6.144-5.12 9.472-13.312 9.472-24.576 0-11.264-3.328-19.456-9.728-24.064-6.4-5.12-16.384-7.68-29.952-7.68H269.824z" fill="#FFFFFF" p-id="2710"></path></svg>
|
||||
|
After Width: | Height: | Size: 1.1 KiB |
@@ -620,6 +620,8 @@ export default {
|
||||
field_mapping: 'Field Mapping',
|
||||
oauth2name:
|
||||
'For example: {\'{\'}"account": "oauth2Account", "name": "oauth2Name", "email": "email"{\'}\'}',
|
||||
saml2name:
|
||||
'For example: {\'{\'}"account": "saml2Account", "name": "saml2Name", "email": "email"{\'}\'}',
|
||||
oidc_settings: 'OIDC Settings',
|
||||
test_mail_recipient: 'Only used as a test email recipient',
|
||||
to_enable_ssl: 'If the SMTP port is 465, you usually need to enable SSL',
|
||||
|
||||
@@ -600,6 +600,8 @@ export default {
|
||||
field_mapping: '字段映射',
|
||||
oauth2name:
|
||||
'例如:{\'{\'}"account": "oauth2Account", "name": "oauth2Name", "email": "email"{\'}\'}',
|
||||
saml2name:
|
||||
'例如:{\'{\'}"account": "saml2Account", "name": "saml2Name", "email": "email"{\'}\'}',
|
||||
oidc_settings: 'OIDC設定',
|
||||
test_mail_recipient: '僅用來作為測試郵件收件者',
|
||||
to_enable_ssl: '如果SMTP連接埠是465 ,通常需要啟用SSL',
|
||||
|
||||
@@ -603,6 +603,8 @@ export default {
|
||||
field_mapping: '字段映射',
|
||||
oauth2name:
|
||||
'例如:{\'{\'}"account": "oauth2Account", "name": "oauth2Name", "email": "email"{\'}\'}',
|
||||
saml2name:
|
||||
'例如:{\'{\'}"account": "saml2Account", "name": "saml2Name", "email": "email"{\'}\'}',
|
||||
oidc_settings: 'OIDC设置',
|
||||
test_mail_recipient: '仅用来作为测试邮件收件人',
|
||||
to_enable_ssl: '如果SMTP端口是 465 ,通常需要启用SSL',
|
||||
|
||||
@@ -81,6 +81,10 @@ public interface XpackAuthenticationApi {
|
||||
@PostMapping("/validate/oauth2")
|
||||
String validateOauth2(@RequestBody XpackOauth2VO editor);
|
||||
|
||||
@Operation(summary = "验证SAML2")
|
||||
@PostMapping("/validate/saml2")
|
||||
String validateSaml2(@RequestBody XpackSaml2VO editor);
|
||||
|
||||
@Operation(summary = "验证")
|
||||
@PostMapping("/validateId/{id}")
|
||||
String validate(@PathVariable("id") Long id);
|
||||
|
||||
@@ -2,6 +2,7 @@ package io.dataease.api.xpack.settings;
|
||||
|
||||
import com.github.xiaoymin.knife4j.annotations.ApiSupport;
|
||||
import io.swagger.v3.oas.annotations.tags.Tag;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.PostMapping;
|
||||
|
||||
@@ -9,9 +10,12 @@ import org.springframework.web.bind.annotation.PostMapping;
|
||||
@ApiSupport(order = 899)
|
||||
public interface XpackSaml2Api {
|
||||
|
||||
@GetMapping("/login")
|
||||
void saml2Login();
|
||||
|
||||
@PostMapping("/sso")
|
||||
void saml2Callback() throws Exception;
|
||||
String sso();
|
||||
|
||||
@GetMapping(value = "/metadata", produces = MediaType.APPLICATION_XML_VALUE)
|
||||
String metadata();
|
||||
|
||||
@GetMapping("/login")
|
||||
void login();
|
||||
}
|
||||
|
||||
@@ -2,14 +2,16 @@ package io.dataease.api.xpack.settings.vo;
|
||||
|
||||
import com.fasterxml.jackson.annotation.JsonIgnore;
|
||||
import lombok.Data;
|
||||
import org.opensaml.security.x509.BasicX509Credential;
|
||||
import org.opensaml.xmlsec.signature.X509Certificate;
|
||||
|
||||
import java.io.Serializable;
|
||||
import java.security.PrivateKey;
|
||||
import java.security.cert.X509Certificate;
|
||||
|
||||
@Data
|
||||
public class XpackSaml2VO implements Serializable {
|
||||
|
||||
private String idpMetaUrl;
|
||||
private String spEntityId;
|
||||
private String spAcs;
|
||||
|
||||
@@ -17,15 +19,20 @@ public class XpackSaml2VO implements Serializable {
|
||||
private String idpEntityId;
|
||||
private String idpLogoutUrl;
|
||||
|
||||
private String privateKey;
|
||||
private String certificate;
|
||||
|
||||
private String mapping;
|
||||
|
||||
|
||||
@JsonIgnore
|
||||
private PrivateKey spPrivateKey;
|
||||
@JsonIgnore
|
||||
private X509Certificate spCertificate;
|
||||
private BasicX509Credential spCertificate;
|
||||
@JsonIgnore
|
||||
private X509Certificate idpCertificate;
|
||||
|
||||
private int assertionValidityTime = 300; // 5分钟
|
||||
private int assertionValidityTime = 300;
|
||||
private boolean wantAssertionsSigned = true;
|
||||
private boolean wantAuthnRequestsSigned = true;
|
||||
|
||||
|
||||
@@ -11,7 +11,9 @@
|
||||
|
||||
<artifactId>common</artifactId>
|
||||
|
||||
|
||||
<properties>
|
||||
<opensaml.version>3.4.6</opensaml.version>
|
||||
</properties>
|
||||
|
||||
<dependencies>
|
||||
<dependency>
|
||||
@@ -136,6 +138,18 @@
|
||||
<version>${project.version}</version>
|
||||
</dependency>
|
||||
|
||||
<dependency>
|
||||
<groupId>org.opensaml</groupId>
|
||||
<artifactId>opensaml-core</artifactId>
|
||||
<version>${opensaml.version}</version>
|
||||
</dependency>
|
||||
|
||||
<!-- OpenSAML SAML Impl -->
|
||||
<dependency>
|
||||
<groupId>org.opensaml</groupId>
|
||||
<artifactId>opensaml-saml-impl</artifactId>
|
||||
<version>${opensaml.version}</version>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
</project>
|
||||
|
||||
@@ -3,6 +3,7 @@ package io.dataease.result;
|
||||
import io.dataease.i18n.I18n;
|
||||
import io.dataease.i18n.Translator;
|
||||
import io.dataease.utils.JsonUtil;
|
||||
import org.apache.commons.lang3.ObjectUtils;
|
||||
import org.springframework.core.MethodParameter;
|
||||
import org.springframework.http.MediaType;
|
||||
import org.springframework.http.converter.HttpMessageConverter;
|
||||
@@ -32,6 +33,10 @@ public class ResultResponseBodyAdvice implements ResponseBodyAdvice<Object> {
|
||||
o = translate(o);
|
||||
}
|
||||
|
||||
if (ObjectUtils.isNotEmpty(mediaType) && MediaType.APPLICATION_XML_VALUE.equals(mediaType.toString())) {
|
||||
return o;
|
||||
}
|
||||
|
||||
if (!(o instanceof ResultMessage)) {
|
||||
ResultMessage resultMessage = ResultMessage.success(o);
|
||||
if (o instanceof String) {
|
||||
|
||||
Reference in New Issue
Block a user