diff --git a/maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java b/maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java index 0138c10e..dda9adbd 100644 --- a/maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java +++ b/maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java @@ -251,6 +251,8 @@ public abstract class AbstractAuthenticationProvider { } else { _logger.debug("User Login. "); } + //Online Tickit + userInfo.setOnlineTickit(WebConstants.ONLINE_TICKET_PREFIX + "-" +userInfo.generateId()); } return userInfo; diff --git a/maxkey-core/src/main/java/org/maxkey/authn/BasicAuthentication.java b/maxkey-core/src/main/java/org/maxkey/authn/BasicAuthentication.java index 2b2cd775..8f752eec 100644 --- a/maxkey-core/src/main/java/org/maxkey/authn/BasicAuthentication.java +++ b/maxkey-core/src/main/java/org/maxkey/authn/BasicAuthentication.java @@ -34,6 +34,7 @@ public class BasicAuthentication implements Authentication { String remeberMe; String authType; String jwtToken; + String onlineTickit; ArrayList grantedAuthority; boolean authenticated; @@ -166,6 +167,14 @@ public class BasicAuthentication implements Authentication { this.grantedAuthority = grantedAuthority; } + public String getOnlineTickit() { + return onlineTickit; + } + + public void setOnlineTickit(String onlineTickit) { + this.onlineTickit = onlineTickit; + } + @Override public String toString() { StringBuilder builder = new StringBuilder(); diff --git a/maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java b/maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java index ca66ae8e..8ff17ae4 100644 --- a/maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java +++ b/maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java @@ -93,7 +93,7 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider ); } } - + auth.setOnlineTickit(userInfo.getOnlineTickit()); UsernamePasswordAuthenticationToken usernamePasswordAuthenticationToken = new UsernamePasswordAuthenticationToken( auth, @@ -101,7 +101,9 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider authenticationRealm.grantAuthority(userInfo)); usernamePasswordAuthenticationToken.setDetails( new WebAuthenticationDetails(WebContext.getRequest())); - + + setOnlineTickit(userInfo.getOnlineTickit()); + return usernamePasswordAuthenticationToken; } @@ -110,7 +112,7 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider BasicAuthentication basicAuth = (BasicAuthentication) authentication; UserInfo loadeduserInfo = loadUserInfo(basicAuth.getUsername(), ""); if (loadeduserInfo != null) { - + authenticationRealm.passwordMatches(loadeduserInfo, basicAuth.getPassword()); authenticationRealm.getPasswordPolicyValidator().passwordPolicyValid(loadeduserInfo); @@ -118,14 +120,16 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider WebContext.setUserInfo(loadeduserInfo); authentication.setAuthenticated(true); - + basicAuth.setOnlineTickit(loadeduserInfo.getOnlineTickit()); UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken( authentication, "PASSWORD", authenticationRealm.grantAuthority(loadeduserInfo)); WebContext.setAuthentication(authenticationToken); WebContext.setUserInfo(loadeduserInfo); authenticationRealm.insertLoginHistory(loadeduserInfo, basicAuth.getAuthType(), "", "", "SUCCESS"); - + + setOnlineTickit(loadeduserInfo.getOnlineTickit()); + return authenticationToken; }else { String message = WebContext.getI18nValue("login.error.username"); @@ -154,6 +158,7 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider WebContext.setUserInfo(loadeduserInfo); BasicAuthentication authentication = new BasicAuthentication(); authentication.setUsername(loadeduserInfo.getUsername()); + authentication.setOnlineTickit(loadeduserInfo.getOnlineTickit()); UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken( authentication, @@ -167,6 +172,8 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider authenticationRealm.insertLoginHistory(loadeduserInfo, type, provider, code, message); + setOnlineTickit(loadeduserInfo.getOnlineTickit()); + return authenticationToken; }else { String i18nMessage = WebContext.getI18nValue("login.error.username"); @@ -174,5 +181,14 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider throw new BadCredentialsException(WebContext.getI18nValue("login.error.username")); } } + + public void setOnlineTickit(String tickit) { + _logger.debug("set online Tickit " + tickit + " on domain "+ this.applicationConfig.getBaseDomainName()); + WebContext.setCookie(WebContext.getResponse(), + this.applicationConfig.getBaseDomainName(), + WebConstants.ONLINE_TICKET_NAME, + tickit, + 0); + } } diff --git a/maxkey-core/src/main/java/org/maxkey/autoconfigure/MvcAutoConfiguration.java b/maxkey-core/src/main/java/org/maxkey/autoconfigure/MvcAutoConfiguration.java index cea525ea..d30ae939 100644 --- a/maxkey-core/src/main/java/org/maxkey/autoconfigure/MvcAutoConfiguration.java +++ b/maxkey-core/src/main/java/org/maxkey/autoconfigure/MvcAutoConfiguration.java @@ -59,11 +59,11 @@ public class MvcAutoConfiguration implements InitializingBean { */ @Bean (name = "localeResolver") public CookieLocaleResolver cookieLocaleResolver( - @Value("${config.server.domain.sub:maxkey.top}")String subDomainName) { - _logger.debug("subDomainName " + subDomainName); + @Value("${config.server.domain:maxkey.top}")String domainName) { + _logger.debug("DomainName " + domainName); CookieLocaleResolver cookieLocaleResolver = new CookieLocaleResolver(); cookieLocaleResolver.setCookieName("maxkey_lang"); - cookieLocaleResolver.setCookieDomain(subDomainName); + cookieLocaleResolver.setCookieDomain(domainName); cookieLocaleResolver.setCookieMaxAge(604800); return cookieLocaleResolver; } diff --git a/maxkey-core/src/main/java/org/maxkey/web/WebConstants.java b/maxkey-core/src/main/java/org/maxkey/web/WebConstants.java index 495066dd..77cbe038 100644 --- a/maxkey-core/src/main/java/org/maxkey/web/WebConstants.java +++ b/maxkey-core/src/main/java/org/maxkey/web/WebConstants.java @@ -71,8 +71,12 @@ public class WebConstants { public static final String AUTHENTICATION = "current_authentication"; - public static final String THEME_COOKIE_NAME = "maxkey_theme"; + public static final String THEME_COOKIE_NAME = "theme_value"; public static final String LOGIN_ERROR_SESSION_MESSAGE = "login_error_session_message_key"; + + public static final String ONLINE_TICKET_NAME = "online_ticket"; + + public static final String ONLINE_TICKET_PREFIX = "OT"; } diff --git a/maxkey-core/src/main/java/org/maxkey/web/WebContext.java b/maxkey-core/src/main/java/org/maxkey/web/WebContext.java index 394ff9db..6886e57c 100644 --- a/maxkey-core/src/main/java/org/maxkey/web/WebContext.java +++ b/maxkey-core/src/main/java/org/maxkey/web/WebContext.java @@ -154,6 +154,11 @@ public final class WebContext { return ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest(); } + + public static HttpServletResponse getResponse() { + return ((ServletRequestAttributes) + RequestContextHolder.getRequestAttributes()).getResponse(); + } /** * get Http Context full Path. @@ -336,11 +341,14 @@ public final class WebContext { * @param time cookie的存在时间 */ public static HttpServletResponse setCookie( - HttpServletResponse response, String name, String value, int time) { + HttpServletResponse response, String domain ,String name, String value, int time) { // new一个Cookie对象,键值对为参数 Cookie cookie = new Cookie(name, value); // tomcat下多应用共享 cookie.setPath("/"); + if(domain != null) { + cookie.setDomain(domain); + } // 如果cookie的值中含有中文时,需要对cookie进行编码,不然会产生乱码 try { URLEncoder.encode(value, "utf-8"); @@ -348,7 +356,9 @@ public final class WebContext { e.printStackTrace(); } // 单位:秒 - cookie.setMaxAge(time); + if(time > 0) { + cookie.setMaxAge(time); + } // 将Cookie添加到Response中,使之生效 response.addCookie(cookie); // addCookie后,如果已经存在相同名字的cookie,则最新的覆盖旧的cookie return response; diff --git a/maxkey-core/src/main/java/org/maxkey/web/tag/ThemeTagDirective.java b/maxkey-core/src/main/java/org/maxkey/web/tag/ThemeTagDirective.java index ed943e21..a0c6a752 100644 --- a/maxkey-core/src/main/java/org/maxkey/web/tag/ThemeTagDirective.java +++ b/maxkey-core/src/main/java/org/maxkey/web/tag/ThemeTagDirective.java @@ -76,7 +76,7 @@ public class ThemeTagDirective implements TemplateDirectiveModel { if (request.getAttribute(WebConstants.THEME_COOKIE_NAME) == null && null != WebContext.getUserInfo()) { request.setAttribute(WebConstants.THEME_COOKIE_NAME, "theme"); - WebContext.setCookie(response, + WebContext.setCookie(response, null, WebConstants.THEME_COOKIE_NAME, theme, ConstantsTimeInterval.ONE_WEEK); } diff --git a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas10AuthorizeEndpoint.java b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas10AuthorizeEndpoint.java index 00fc8d60..bc30734e 100644 --- a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas10AuthorizeEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas10AuthorizeEndpoint.java @@ -86,12 +86,19 @@ renew [OPTIONAL] - if this parameter is set, ticket validation will only succeed @RequestParam(value = CasConstants.PARAMETER.SERVICE) String service, @RequestParam(value = CasConstants.PARAMETER.RENEW,required=false) String renew ){ + _logger.debug("serviceValidate " + + " ticket " + ticket + +" , service " + service + +" , renew " + renew + ); + Ticket storedTicket=null; try { storedTicket = ticketServices.consumeTicket(ticket); } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); + _logger.error("consume Ticket error " , e); } if(storedTicket!=null){ @@ -101,6 +108,7 @@ renew [OPTIONAL] - if this parameter is set, ticket validation will only succeed .setUser(principal) .serviceResponseBuilder(); }else{ + _logger.debug("Ticket not found ."); return new Service10ResponseBuilder().failure() .serviceResponseBuilder(); } diff --git a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas20AuthorizeEndpoint.java b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas20AuthorizeEndpoint.java index 1a8a3f40..499e640e 100644 --- a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas20AuthorizeEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas20AuthorizeEndpoint.java @@ -173,7 +173,14 @@ For all error codes, it is RECOMMENDED that CAS provide a more detailed message @RequestParam(value = CasConstants.PARAMETER.PROXY_CALLBACK_URL,required=false) String pgtUrl, @RequestParam(value = CasConstants.PARAMETER.RENEW,required=false) String renew, @RequestParam(value = CasConstants.PARAMETER.FORMAT,required=false,defaultValue=CasConstants.FORMAT_TYPE.XML) String format){ - + _logger.debug("serviceValidate " + + " ticket " + ticket + +" , service " + service + +" , pgtUrl " + pgtUrl + +" , renew " + renew + +" , format " + format + ); + setContentType(request,response,format); Ticket storedTicket=null; @@ -186,13 +193,15 @@ For all error codes, it is RECOMMENDED that CAS provide a more detailed message ServiceResponseBuilder serviceResponseBuilder=new ServiceResponseBuilder(); if(storedTicket!=null){ - String principal=((BasicAuthentication)storedTicket.getAuthentication().getPrincipal()).getUsername(); + BasicAuthentication authentication = ((BasicAuthentication)storedTicket.getAuthentication().getPrincipal()); + String principal=authentication.getUsername(); _logger.debug("principal "+principal); serviceResponseBuilder.success().setUser(principal); if(Boolean.isTrue(storedTicket.getCasDetails().getIsAdapter())){ AbstractAuthorizeAdapter adapter =(AbstractAuthorizeAdapter)Instance.newInstance(storedTicket.getCasDetails().getAdapter()); UserInfo userInfo = (UserInfo) userInfoService.loadByUsername(principal); + userInfo.setOnlineTickit(authentication.getOnlineTickit()); adapter.generateInfo(userInfo, serviceResponseBuilder); } }else{ @@ -274,7 +283,13 @@ Response on ticket validation failure: @RequestParam(value = CasConstants.PARAMETER.PROXY_CALLBACK_URL,required=false) String pgtUrl, @RequestParam(value = CasConstants.PARAMETER.RENEW,required=false) String renew, @RequestParam(value = CasConstants.PARAMETER.FORMAT,required=false,defaultValue=CasConstants.FORMAT_TYPE.XML) String format){ - + _logger.debug("proxyValidate " + + " ticket " + ticket + +" , service " + service + +" , pgtUrl " + pgtUrl + +" , renew " + renew + +" , format " + format + ); setContentType(request,response,format); Ticket storedTicket=null; @@ -358,7 +373,11 @@ For all error codes, it is RECOMMENDED that CAS provide a more detailed message @RequestParam(value = CasConstants.PARAMETER.PROXY_GRANTING_TICKET) String pgt, @RequestParam(value = CasConstants.PARAMETER.TARGET_SERVICE) String targetService, @RequestParam(value = CasConstants.PARAMETER.FORMAT,required=false,defaultValue=CasConstants.FORMAT_TYPE.XML) String format){ - + _logger.debug("proxy " + + " pgt " + pgt + +" , targetService " + targetService + +" , format " + format + ); setContentType(request,response,format); ProxyServiceResponseBuilder proxyServiceResponseBuilder=new ProxyServiceResponseBuilder(); diff --git a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas30AuthorizeEndpoint.java b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas30AuthorizeEndpoint.java index 6bb2dda9..9354102e 100644 --- a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas30AuthorizeEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas30AuthorizeEndpoint.java @@ -57,7 +57,14 @@ public class Cas30AuthorizeEndpoint extends CasBaseAuthorizeEndpoint{ @RequestParam(value = CasConstants.PARAMETER.PROXY_CALLBACK_URL,required=false) String pgtUrl, @RequestParam(value = CasConstants.PARAMETER.RENEW,required=false) String renew, @RequestParam(value = CasConstants.PARAMETER.FORMAT,required=false,defaultValue=CasConstants.FORMAT_TYPE.XML) String format){ - + _logger.debug("serviceValidate " + + " ticket " + ticket + +" , service " + service + +" , pgtUrl " + pgtUrl + +" , renew " + renew + +" , format " + format + ); + setContentType(request,response,format); Ticket storedTicket=null; @@ -69,12 +76,14 @@ public class Cas30AuthorizeEndpoint extends CasBaseAuthorizeEndpoint{ ServiceResponseBuilder serviceResponseBuilder=new ServiceResponseBuilder(); if(storedTicket!=null){ - String principal=((BasicAuthentication)storedTicket.getAuthentication().getPrincipal()).getUsername(); + BasicAuthentication authentication = ((BasicAuthentication)storedTicket.getAuthentication().getPrincipal()); + String principal=authentication.getUsername(); serviceResponseBuilder.success().setUser(principal); if(Boolean.isTrue(storedTicket.getCasDetails().getIsAdapter())){ AbstractAuthorizeAdapter adapter =(AbstractAuthorizeAdapter)Instance.newInstance(storedTicket.getCasDetails().getAdapter()); UserInfo userInfo = (UserInfo) userInfoService.loadByUsername(principal); + userInfo.setOnlineTickit(authentication.getOnlineTickit()); adapter.generateInfo(userInfo, serviceResponseBuilder); } }else{ @@ -96,7 +105,13 @@ public class Cas30AuthorizeEndpoint extends CasBaseAuthorizeEndpoint{ @RequestParam(value = CasConstants.PARAMETER.PROXY_CALLBACK_URL,required=false) String pgtUrl, @RequestParam(value = CasConstants.PARAMETER.RENEW,required=false) String renew, @RequestParam(value = CasConstants.PARAMETER.FORMAT,required=false,defaultValue=CasConstants.FORMAT_TYPE.XML) String format){ - + _logger.debug("proxyValidate " + + " ticket " + ticket + +" , service " + service + +" , pgtUrl " + pgtUrl + +" , renew " + renew + +" , format " + format + ); setContentType(request,response,format); Ticket storedTicket=null; diff --git a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java index 8390b702..8546a22b 100644 --- a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java @@ -103,6 +103,10 @@ public class CasAuthorizeEndpoint extends CasBaseAuthorizeEndpoint{ callbackUrl.append("?"); } + if(callbackUrl.indexOf("&") != -1) { + callbackUrl.append("&"); + } + //append ticket callbackUrl.append(CasConstants.PARAMETER.TICKET).append("=").append(ticket); diff --git a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/adapter/CasDefaultAdapter.java b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/adapter/CasDefaultAdapter.java index aea86403..154cb2b9 100644 --- a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/adapter/CasDefaultAdapter.java +++ b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/adapter/CasDefaultAdapter.java @@ -23,6 +23,7 @@ import org.apache.commons.codec.binary.Base64; import org.maxkey.authz.cas.endpoint.response.ServiceResponseBuilder; import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter; import org.maxkey.domain.UserInfo; +import org.maxkey.web.WebConstants; import org.springframework.web.servlet.ModelAndView; public class CasDefaultAdapter extends AbstractAuthorizeAdapter { @@ -65,6 +66,7 @@ public class CasDefaultAdapter extends AbstractAuthorizeAdapter { serviceResponseBuilder.setAttribute("departmentId", userInfo.getDepartmentId()); serviceResponseBuilder.setAttribute("workRegion",base64Attr(userInfo.getWorkRegion())); + serviceResponseBuilder.setAttribute(WebConstants.ONLINE_TICKET_NAME,userInfo.getOnlineTickit()); return null; } diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/OAuthDefaultUserInfoAdapter.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/OAuthDefaultUserInfoAdapter.java index 1e11943f..4bc8b03e 100644 --- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/OAuthDefaultUserInfoAdapter.java +++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/OAuthDefaultUserInfoAdapter.java @@ -23,6 +23,7 @@ import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter; import org.maxkey.domain.UserInfo; import org.maxkey.util.JsonUtils; import org.maxkey.util.StringGenerator; +import org.maxkey.web.WebConstants; import org.springframework.web.servlet.ModelAndView; public class OAuthDefaultUserInfoAdapter extends AbstractAuthorizeAdapter { @@ -43,6 +44,7 @@ public class OAuthDefaultUserInfoAdapter extends AbstractAuthorizeAdapter { beanMap.put("title", userInfo.getJobTitle()); beanMap.put("state", userInfo.getWorkRegion()); beanMap.put("gender", userInfo.getGender()); + beanMap.put(WebConstants.ONLINE_TICKET_NAME, userInfo.getOnlineTickit()); String info= JsonUtils.object2Json(beanMap); diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/UserInfoEndpoint.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/UserInfoEndpoint.java index 3f7c3615..217d2e7d 100644 --- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/UserInfoEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/UserInfoEndpoint.java @@ -26,6 +26,7 @@ import java.util.UUID; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.maxkey.authn.BasicAuthentication; import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter; import org.maxkey.authz.oauth2.common.exceptions.OAuth2Exception; import org.maxkey.authz.oauth2.provider.ClientDetailsService; @@ -46,7 +47,7 @@ import org.maxkey.persistence.service.UserInfoService; import org.maxkey.util.Instance; import org.maxkey.util.JsonUtils; import org.maxkey.util.StringGenerator; - +import org.maxkey.web.WebConstants; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -134,7 +135,8 @@ public class UserInfoEndpoint { }else{ adapter =(AbstractAuthorizeAdapter)defaultOAuthUserInfoAdapter; } - + BasicAuthentication authentication = (BasicAuthentication)oAuth2Authentication.getUserAuthentication(); + userInfo.setOnlineTickit(authentication.getOnlineTickit()); String jsonData=adapter.generateInfo(userInfo, app); return jsonData; }catch(OAuth2Exception e){ @@ -170,8 +172,11 @@ public class UserInfoEndpoint { String userJson=""; Builder jwtClaimsSetBuilder= new JWTClaimsSet.Builder(); + BasicAuthentication authentication = (BasicAuthentication)oAuth2Authentication.getUserAuthentication(); + jwtClaimsSetBuilder.claim("sub", userInfo.getId()); - + jwtClaimsSetBuilder.claim(WebConstants.ONLINE_TICKET_NAME, authentication.getOnlineTickit()); + if(scopes.contains("profile")){ jwtClaimsSetBuilder.claim("name", userInfo.getUsername()); jwtClaimsSetBuilder.claim("preferred_username", userInfo.getDisplayName()); diff --git a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/AssertionEndpoint.java b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/AssertionEndpoint.java index ba581fcd..fa1d2ae7 100644 --- a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/AssertionEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/AssertionEndpoint.java @@ -27,6 +27,8 @@ import org.maxkey.authz.saml.common.EndpointGenerator; import org.maxkey.authz.saml20.binding.BindingAdapter; import org.maxkey.authz.saml20.provider.xml.AuthnResponseGenerator; import org.maxkey.domain.apps.AppsSAML20Details; +import org.maxkey.web.WebConstants; +import org.maxkey.web.WebContext; import org.opensaml.saml2.core.Response; import org.opensaml.saml2.metadata.Endpoint; import org.opensaml.ws.message.encoder.MessageEncodingException; @@ -70,6 +72,9 @@ public class AssertionEndpoint { logger.debug("AuthnRequestInfo: {}", authnRequestInfo); HashMap attributeMap=new HashMap(); + + attributeMap.put(WebConstants.ONLINE_TICKET_NAME, WebContext.getUserInfo().getOnlineTickit()); + //saml20Details Response authResponse = authnResponseGenerator.generateAuthnResponse( saml20Details, diff --git a/maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedDefaultAdapter.java b/maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedDefaultAdapter.java index 87c2233b..44251fc2 100644 --- a/maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedDefaultAdapter.java +++ b/maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedDefaultAdapter.java @@ -26,6 +26,7 @@ import org.maxkey.domain.apps.AppsTokenBasedDetails; import org.maxkey.util.DateUtils; import org.maxkey.util.JsonUtils; import org.maxkey.util.StringGenerator; +import org.maxkey.web.WebConstants; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.web.servlet.ModelAndView; @@ -70,6 +71,7 @@ public class TokenBasedDefaultAdapter extends AbstractAuthorizeAdapter { } beanMap.put("displayName", userInfo.getDisplayName()); + beanMap.put(WebConstants.ONLINE_TICKET_NAME, userInfo.getOnlineTickit()); /* * use UTC date time format diff --git a/maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedJWTAdapter.java b/maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedJWTAdapter.java index ff890dd4..addf8f13 100644 --- a/maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedJWTAdapter.java +++ b/maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedJWTAdapter.java @@ -28,6 +28,7 @@ import org.maxkey.crypto.jwt.signer.service.JwtSigningAndValidationService; import org.maxkey.domain.UserInfo; import org.maxkey.domain.apps.Apps; import org.maxkey.domain.apps.AppsTokenBasedDetails; +import org.maxkey.web.WebConstants; import org.maxkey.web.WebContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -67,6 +68,7 @@ public class TokenBasedJWTAdapter extends AbstractAuthorizeAdapter { .claim("user_id", userInfo.getId()) .claim("external_id", userInfo.getId()) .claim("locale", userInfo.getLocale()) + .claim(WebConstants.ONLINE_TICKET_NAME, userInfo.getOnlineTickit()) .claim("kid", jwtSignerService.getDefaultSignerKeyId()) .build(); diff --git a/maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedJWTHS256Adapter.java b/maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedJWTHS256Adapter.java index 6429a549..141c366a 100644 --- a/maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedJWTHS256Adapter.java +++ b/maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedJWTHS256Adapter.java @@ -30,6 +30,7 @@ import org.maxkey.crypto.jwt.signer.service.impl.SymmetricSigningAndValidationSe import org.maxkey.domain.UserInfo; import org.maxkey.domain.apps.Apps; import org.maxkey.domain.apps.AppsTokenBasedDetails; +import org.maxkey.web.WebConstants; import org.maxkey.web.WebContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -67,6 +68,7 @@ public class TokenBasedJWTHS256Adapter extends AbstractAuthorizeAdapter { .claim("email", userInfo.getWorkEmail()) .claim("name", userInfo.getUsername()) .claim("user_id", userInfo.getId()) + .claim(WebConstants.ONLINE_TICKET_NAME, userInfo.getOnlineTickit()) .claim("external_id", userInfo.getId()) .claim("locale", userInfo.getLocale()) .claim("kid", "SYMMETRIC-KEY") diff --git a/maxkey-web-manage/src/main/resources/application.properties b/maxkey-web-manage/src/main/resources/application.properties index 7ebaba7d..a29a9c02 100644 --- a/maxkey-web-manage/src/main/resources/application.properties +++ b/maxkey-web-manage/src/main/resources/application.properties @@ -2,7 +2,7 @@ #application application.title=MaxKey application.name=MaxKey-Mgt -application.formatted-version=v2.2.1 GA +application.formatted-version=v2.3.0 GA #server config #server port server.port=9521 diff --git a/maxkey-web-manage/src/main/resources/maxkey.properties b/maxkey-web-manage/src/main/resources/maxkey.properties index cdb334e4..d3a21d1e 100644 --- a/maxkey-web-manage/src/main/resources/maxkey.properties +++ b/maxkey-web-manage/src/main/resources/maxkey.properties @@ -2,13 +2,13 @@ # MaxKey Management ############################################################################ # domain name configuration -config.server.domain=maxkey.top -config.server.domain.sub=sso.${config.server.domain} -config.server.name=http://${config.server.domain.sub} -config.server.prefix.uri=${config.server.name}:9521/maxkey-mgt +config.server.basedomain=maxkey.top +config.server.domain=sso.${config.server.basedomain} +config.server.name=http://${config.server.domain} +config.server.uri=${config.server.name}:9521/maxkey-mgt #default.uri -config.server.default.uri=${config.server.prefix.uri}/main -config.maxkey.uri=https://${config.server.domain.sub}/maxkey +config.server.default.uri=${config.server.uri}/main +config.maxkey.uri=https://${config.server.domain}/maxkey #InMemory 0 , Redis 2 config.server.persistence=0 #identity @@ -62,7 +62,7 @@ config.saml.v20.sp.keystore=classpath\:config/samlClientKeystore.jks config.saml.v20.sp.issuing.entity.id=client.maxkey.org ############################################################################ -config.oidc.metadata.issuer=https://${config.server.domain.sub}/maxkey +config.oidc.metadata.issuer=https://${config.server.domain}/maxkey config.oidc.metadata.authorizationEndpoint=${config.server.name}/maxkey/oauth/v20/authorize config.oidc.metadata.tokenEndpoint=${config.server.name}/maxkey/oauth/v20/token config.oidc.metadata.userinfoEndpoint=${config.server.name}/maxkey/api/connect/userinfo diff --git a/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/SafeController.java b/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/SafeController.java index c85a53a7..197c8ff1 100644 --- a/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/SafeController.java +++ b/maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/SafeController.java @@ -176,7 +176,7 @@ public class SafeController { userInfo.setEmail(email); userInfo.setTheme(theme); - WebContext.setCookie(response, WebConstants.THEME_COOKIE_NAME, theme, ConstantsTimeInterval.ONE_WEEK); + WebContext.setCookie(response,null, WebConstants.THEME_COOKIE_NAME, theme, ConstantsTimeInterval.ONE_WEEK); userInfoService.changeEmail(userInfo); diff --git a/maxkey-web-maxkey/src/main/resources/application.properties b/maxkey-web-maxkey/src/main/resources/application.properties index 24063735..7575e0e1 100644 --- a/maxkey-web-maxkey/src/main/resources/application.properties +++ b/maxkey-web-maxkey/src/main/resources/application.properties @@ -2,7 +2,7 @@ #application application.title=MaxKey application.name=MaxKey -application.formatted-version=v2.2.1 GA +application.formatted-version=v2.3.0 GA #server config #spring.profiles.active=dev #server port diff --git a/maxkey-web-maxkey/src/main/resources/maxkey.properties b/maxkey-web-maxkey/src/main/resources/maxkey.properties index f975af85..dea771bd 100644 --- a/maxkey-web-maxkey/src/main/resources/maxkey.properties +++ b/maxkey-web-maxkey/src/main/resources/maxkey.properties @@ -2,12 +2,12 @@ # MaxKey ############################################################################ # domain name configuration -config.server.domain=maxkey.top -config.server.domain.sub=sso.${config.server.domain} -config.server.name=https://${config.server.domain.sub} -config.server.prefix.uri=${config.server.name}/maxkey +config.server.basedomain=maxkey.top +config.server.domain=sso.${config.server.basedomain} +config.server.name=https://${config.server.domain} +config.server.uri=${config.server.name}/maxkey #default.uri -config.server.default.uri=${config.server.prefix.uri}/maxkey/appList +config.server.default.uri=${config.server.uri}/maxkey/appList config.server.management.uri=${config.server.name}:9521/maxkey-mgt/login #InMemory 0 , Redis 2 config.server.persistence=0