diff --git a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/consumer/endpoint/ConsumerEndpoint.java b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/consumer/endpoint/ConsumerEndpoint.java index 92151cf2..96d160c8 100644 --- a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/consumer/endpoint/ConsumerEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/consumer/endpoint/ConsumerEndpoint.java @@ -130,7 +130,7 @@ public class ConsumerEndpoint { SAML2ValidatorSuite validatorSuite = new SAML2ValidatorSuite(); - @RequestMapping(value = "/consumer/saml/v20/{id}") + @RequestMapping(value = "/authz/saml20/consumer/{id}") public ModelAndView consumer(HttpServletRequest request, HttpServletResponse response, @PathVariable("id") String appId) throws Exception { diff --git a/maxkey-web-frontend/maxkey-web-app/src/app/routes/config/accouts/accouts.component.spec.ts b/maxkey-web-frontend/maxkey-web-app/src/app/routes/config/accouts/accouts.component.spec.ts index 5337d797..0a6743e4 100644 --- a/maxkey-web-frontend/maxkey-web-app/src/app/routes/config/accouts/accouts.component.spec.ts +++ b/maxkey-web-frontend/maxkey-web-app/src/app/routes/config/accouts/accouts.component.spec.ts @@ -1,3 +1,20 @@ +/* + * Copyright [2022] [MaxKey of copyright http://www.maxkey.top] + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + import { ComponentFixture, TestBed } from '@angular/core/testing'; import { AccoutsComponent } from './accouts.component'; diff --git a/maxkey-web-frontend/maxkey-web-app/src/app/routes/config/accouts/accouts.component.ts b/maxkey-web-frontend/maxkey-web-app/src/app/routes/config/accouts/accouts.component.ts index c76e722d..efbfcb02 100644 --- a/maxkey-web-frontend/maxkey-web-app/src/app/routes/config/accouts/accouts.component.ts +++ b/maxkey-web-frontend/maxkey-web-app/src/app/routes/config/accouts/accouts.component.ts @@ -1,3 +1,20 @@ +/* + * Copyright [2022] [MaxKey of copyright http://www.maxkey.top] + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + import { Component, ChangeDetectorRef, OnInit, Input } from '@angular/core'; import { AbstractControl, FormBuilder, FormGroup, Validators } from '@angular/forms'; import { Router, ActivatedRoute } from '@angular/router'; diff --git a/maxkey-web-frontend/maxkey-web-app/src/app/service/authn.service.ts b/maxkey-web-frontend/maxkey-web-app/src/app/service/authn.service.ts index 4f27ecea..3659e123 100644 --- a/maxkey-web-frontend/maxkey-web-app/src/app/service/authn.service.ts +++ b/maxkey-web-frontend/maxkey-web-app/src/app/service/authn.service.ts @@ -44,8 +44,9 @@ export class AuthnService { ) { } setRedirectUri(redirect_uri: string) { - this.redirect_uri = CryptoJS.enc.Base64url.parse(redirect_uri).toString(); - localStorage.setItem('redirect_uri', this.redirect_uri); + this.redirect_uri = CryptoJS.enc.Base64url.parse(redirect_uri).toString(CryptoJS.enc.Utf8); + console.log(`redirect_uri ${this.redirect_uri}`); + localStorage.setItem(CONSTS.REDIRECT_URI, this.redirect_uri); } get(authParam: any) { @@ -91,8 +92,8 @@ export class AuthnService { subHostName = `${hostnames[hostnames.length - 2]}.${hostnames[hostnames.length - 1]}`; } - this.cookieService.set(CONSTS.CONGRESS, authJwt.token); - this.cookieService.set(CONSTS.ONLINE_TICKET, authJwt.ticket, { domain: subHostName }); + this.cookieService.set(CONSTS.CONGRESS, authJwt.token, { path: '/' }); + this.cookieService.set(CONSTS.ONLINE_TICKET, authJwt.ticket, { domain: subHostName, path: '/' }); if (authJwt.remeberMe) { localStorage.setItem(CONSTS.REMEMBER, authJwt.remeberMe); @@ -152,10 +153,17 @@ export class AuthnService { if (url.includes('/passport')) { url = '/'; } - if (this.redirect_uri != '') { - url = this.redirect_uri; - this.redirect_uri = ''; + + if (localStorage.getItem(CONSTS.REDIRECT_URI) != null) { + this.redirect_uri = `${localStorage.getItem(CONSTS.REDIRECT_URI)}`; + localStorage.removeItem(CONSTS.REDIRECT_URI); } + + if (this.redirect_uri != '') { + console.log(`redirect_uri ${this.redirect_uri}`); + location.href = this.redirect_uri; + } + this.router.navigateByUrl(url); }); } diff --git a/maxkey-web-frontend/maxkey-web-app/src/app/shared/utils/knowhost.ts b/maxkey-web-frontend/maxkey-web-app/src/app/shared/utils/knowhost.ts index b39a1d6b..4736c93b 100644 --- a/maxkey-web-frontend/maxkey-web-app/src/app/shared/utils/knowhost.ts +++ b/maxkey-web-frontend/maxkey-web-app/src/app/shared/utils/knowhost.ts @@ -1,3 +1,20 @@ +/* + * Copyright [2022] [MaxKey of copyright http://www.maxkey.top] + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + export function knowHost() { let hostArray: string[] = new Array('localhost', 'sso.maxkey.top', 'mgt.maxkey.top', 'sso.maxsso.net', 'mgt.maxsso.net'); for (var i = 0; i < hostArray.length; i++) { diff --git a/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/access/group-members/member-groups-editer/member-groups-editer.component.spec.ts b/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/access/group-members/member-groups-editer/member-groups-editer.component.spec.ts index 9473fa60..fc4c9057 100644 --- a/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/access/group-members/member-groups-editer/member-groups-editer.component.spec.ts +++ b/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/access/group-members/member-groups-editer/member-groups-editer.component.spec.ts @@ -1,3 +1,20 @@ +/* + * Copyright [2022] [MaxKey of copyright http://www.maxkey.top] + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + import { ComponentFixture, TestBed } from '@angular/core/testing'; import { MemberGroupsEditerComponent } from './member-groups-editer.component'; diff --git a/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/access/group-members/member-groups-editer/member-groups-editer.component.ts b/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/access/group-members/member-groups-editer/member-groups-editer.component.ts index 53db89a6..6d23d0b7 100644 --- a/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/access/group-members/member-groups-editer/member-groups-editer.component.ts +++ b/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/access/group-members/member-groups-editer/member-groups-editer.component.ts @@ -1,3 +1,20 @@ +/* + * Copyright [2022] [MaxKey of copyright http://www.maxkey.top] + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + import { ChangeDetectionStrategy, ViewContainerRef, ChangeDetectorRef, Component, OnInit, Input } from '@angular/core'; import { FormBuilder, FormGroup, Validators } from '@angular/forms'; import { _HttpClient } from '@delon/theme'; diff --git a/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/permissions/role-members/member-roles-editer/member-roles-editer.component.spec.ts b/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/permissions/role-members/member-roles-editer/member-roles-editer.component.spec.ts index c0b42b46..f092b566 100644 --- a/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/permissions/role-members/member-roles-editer/member-roles-editer.component.spec.ts +++ b/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/permissions/role-members/member-roles-editer/member-roles-editer.component.spec.ts @@ -1,3 +1,20 @@ +/* + * Copyright [2022] [MaxKey of copyright http://www.maxkey.top] + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + import { ComponentFixture, TestBed } from '@angular/core/testing'; import { MemberRolesEditerComponent } from './member-roles-editer.component'; diff --git a/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/permissions/role-members/member-roles-editer/member-roles-editer.component.ts b/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/permissions/role-members/member-roles-editer/member-roles-editer.component.ts index 16969e31..070d60b1 100644 --- a/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/permissions/role-members/member-roles-editer/member-roles-editer.component.ts +++ b/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/permissions/role-members/member-roles-editer/member-roles-editer.component.ts @@ -1,3 +1,20 @@ +/* + * Copyright [2022] [MaxKey of copyright http://www.maxkey.top] + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + import { ChangeDetectionStrategy, ViewContainerRef, ChangeDetectorRef, Component, OnInit, Input } from '@angular/core'; import { FormBuilder, FormGroup, Validators } from '@angular/forms'; import { _HttpClient } from '@delon/theme'; diff --git a/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/users/password/password.component.spec.ts b/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/users/password/password.component.spec.ts index 5bbde294..e477b0ba 100644 --- a/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/users/password/password.component.spec.ts +++ b/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/users/password/password.component.spec.ts @@ -1,3 +1,20 @@ +/* + * Copyright [2022] [MaxKey of copyright http://www.maxkey.top] + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + import { ComponentFixture, TestBed } from '@angular/core/testing'; import { PasswordComponent } from './password.component'; diff --git a/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/users/password/password.component.ts b/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/users/password/password.component.ts index 3d9a3da5..c558603d 100644 --- a/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/users/password/password.component.ts +++ b/maxkey-web-frontend/maxkey-web-mgt-app/src/app/routes/users/password/password.component.ts @@ -1,3 +1,20 @@ +/* + * Copyright [2022] [MaxKey of copyright http://www.maxkey.top] + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + import { Component, ChangeDetectorRef, OnInit, Input } from '@angular/core'; import { FormBuilder, FormGroup, Validators } from '@angular/forms'; import { NzMessageService } from 'ng-zorro-antd/message'; diff --git a/maxkey-web-frontend/maxkey-web-mgt-app/src/app/shared/utils/knowhost.ts b/maxkey-web-frontend/maxkey-web-mgt-app/src/app/shared/utils/knowhost.ts index b39a1d6b..4736c93b 100644 --- a/maxkey-web-frontend/maxkey-web-mgt-app/src/app/shared/utils/knowhost.ts +++ b/maxkey-web-frontend/maxkey-web-mgt-app/src/app/shared/utils/knowhost.ts @@ -1,3 +1,20 @@ +/* + * Copyright [2022] [MaxKey of copyright http://www.maxkey.top] + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + + export function knowHost() { let hostArray: string[] = new Array('localhost', 'sso.maxkey.top', 'mgt.maxkey.top', 'sso.maxsso.net', 'mgt.maxsso.net'); for (var i = 0; i < hostArray.length; i++) { diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/HistorySignOnAppInterceptor.java b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/HistorySignOnAppInterceptor.java index f4be0c01..359c6aa2 100644 --- a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/HistorySignOnAppInterceptor.java +++ b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/HistorySignOnAppInterceptor.java @@ -32,7 +32,6 @@ import org.maxkey.web.WebContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.stereotype.Component; import org.springframework.web.servlet.AsyncHandlerInterceptor; import org.springframework.web.servlet.ModelAndView; @@ -46,38 +45,7 @@ public class HistorySignOnAppInterceptor implements AsyncHandlerInterceptor { @Autowired protected AppsService appsService; - - /** - * 判断应用访问权限 - */ - @Override - public boolean preHandle(HttpServletRequest request, - HttpServletResponse response, Object handler) - throws Exception { - _logger.debug("preHandle {}",request.getRequestURI()); - Apps app = (Apps)WebContext.getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP); - if(app == null) { - String appId =""; - //JWT - if(request.getRequestURI().contains("/authz/jwt/")) { - String [] requestURI = request.getRequestURI().split("/"); - appId = requestURI[requestURI.length -1]; - } - _logger.debug("appId {}",appId); - app = appsService.get(appId,true); - } - SignPrincipal principal = AuthorizationUtils.getPrincipal(); - if(principal != null && app !=null) { - if(principal.getGrantedAuthorityApps().contains(new SimpleGrantedAuthority(app.getId()))) { - _logger.trace("preHandle have authority access " + app); - return true; - } - } - _logger.debug("preHandle not have authority access " + app); - return false; - } - - + /** * postHandle . * @see org.springframework.web.servlet.handler.HandlerInterceptorAdapter#preHandle( diff --git a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/SingleSignOnInterceptor.java b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/SingleSignOnInterceptor.java index b88986a1..25ebf02b 100644 --- a/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/SingleSignOnInterceptor.java +++ b/maxkey-webs/maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/SingleSignOnInterceptor.java @@ -19,14 +19,23 @@ package org.maxkey.web.interceptor; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.maxkey.authn.SignPrincipal; import org.maxkey.authn.jwt.AuthTokenService; import org.maxkey.authn.session.SessionManager; import org.maxkey.authn.web.AuthorizationUtils; +import org.maxkey.authz.cas.endpoint.ticket.CasConstants; +import org.maxkey.authz.oauth2.common.OAuth2Constants; import org.maxkey.configuration.ApplicationConfig; import org.maxkey.crypto.Base64Utils; +import org.maxkey.entity.apps.Apps; +import org.maxkey.persistence.service.AppsCasDetailsService; +import org.maxkey.persistence.service.AppsService; +import org.maxkey.web.WebConstants; +import org.maxkey.web.WebContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.web.util.UrlUtils; import org.springframework.stereotype.Component; import org.springframework.web.servlet.AsyncHandlerInterceptor; @@ -44,6 +53,12 @@ public class SingleSignOnInterceptor implements AsyncHandlerInterceptor { @Autowired AuthTokenService authTokenService ; + @Autowired + AppsService appsService; + + @Autowired + AppsCasDetailsService casDetailsService; + @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) @@ -53,13 +68,54 @@ public class SingleSignOnInterceptor implements AsyncHandlerInterceptor { AuthorizationUtils.authenticateWithCookie( request,authTokenService,sessionManager); - if(AuthorizationUtils.isNotAuthenticated()){ + if(AuthorizationUtils.isNotAuthenticated()) { String loginUrl = applicationConfig.getFrontendUri() + "/#/passport/login?redirect_uri=%s"; String redirect_uri = UrlUtils.buildFullRequestUrl(request); String base64RequestUrl = Base64Utils.base64UrlEncode(redirect_uri.getBytes()); - _logger.debug("No Authentication ... Redirect to /passport/login , redirect_uri {}",redirect_uri); + _logger.debug("No Authentication ... Redirect to /passport/login , redirect_uri {} , base64 {}", + redirect_uri ,base64RequestUrl); response.sendRedirect(String.format(loginUrl,base64RequestUrl)); + return false; } + + //判断应用访问权限 + if(AuthorizationUtils.isAuthenticated()){ + _logger.debug("preHandle {}",request.getRequestURI()); + Apps app = (Apps)WebContext.getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP); + if(app == null) { + + String requestURI = request.getRequestURI(); + if(requestURI.contains("/authz/cas/login")) {//for CAS service + app = casDetailsService.getAppDetails( + request.getParameter(CasConstants.PARAMETER.SERVICE), true); + }else if(requestURI.contains("/authz/jwt/") + ||requestURI.contains("/authz/api/") + ||requestURI.contains("/authz/formbased/") + ||requestURI.contains("/authz/tokenbased/") + ||requestURI.contains("/authz/api/") + ||requestURI.contains("/authz/saml20/consumer/") + ||requestURI.contains("/authz/saml20/idpinit/") + ||requestURI.contains("/authz/cas/") + ) {//for id end of URL + String [] requestURIs = requestURI.split("/"); + String appId = requestURIs[requestURIs.length -1]; + _logger.debug("appId {}",appId); + app = appsService.get(appId,true); + }else if(requestURI.contains("/authz/oauth/v20/authorize")) {//oauth + app = appsService.get( + request.getParameter(OAuth2Constants.PARAMETER.CLIENT_ID),true); + } + } + SignPrincipal principal = AuthorizationUtils.getPrincipal(); + if(principal != null && app !=null) { + if(principal.getGrantedAuthorityApps().contains(new SimpleGrantedAuthority(app.getId()))) { + _logger.trace("preHandle have authority access {}" , app); + return true; + } + } + _logger.debug("preHandle not have authority access " + app); + return false; + } return true; }