From ca3d6e036b6bb4f19b75aae7515512369a55bbe7 Mon Sep 17 00:00:00 2001 From: shimingxy Date: Sat, 4 Jul 2020 09:43:15 +0800 Subject: [PATCH] v2.0.0GA v2.0.0GA --- README.md | 8 +- ReleaseNotes.txt | 7 +- build.gradle | 8 +- .../Organization2Activedirectory.java | 2 +- .../connector/ldap/Organization2Ldap.java | 2 +- .../org/maxkey/constants/ContentType.java | 33 + .../java/org/maxkey/domain/Organizations.java | 96 +- .../java/org/maxkey/domain/apps/Apps.java | 1079 ++++++++--------- .../maxkey/domain/apps/AppsCasDetails.java | 88 +- .../maxkey/domain/apps/AppsSAML20Details.java | 14 +- .../web/image/AbstractImageEndpoint.java | 3 +- .../mapper/xml/mysql/OrganizationsMapper.xml | 12 +- .../cas/endpoint/CasAuthorizeEndpoint.java | 13 +- .../endpoint/OAuthDefaultUserInfoAdapter.java | 1 - .../userinfo/endpoint/UserInfoEndpoint.java | 111 +- .../contorller/OrganizationsController.java | 2 +- .../src/main/resources/maxkey.properties | 4 +- .../resources/messages/message.properties | 4 +- .../resources/messages/message_en.properties | 2 +- .../messages/message_zh_CN.properties | 4 +- .../templates/views/apps/cas/appAdd.ftl | 4 +- .../templates/views/apps/cas/appUpdate.ftl | 4 +- .../templates/views/orgs/orgsAdd.ftl | 10 +- .../templates/views/orgs/orgsList.ftl | 2 +- .../templates/views/orgs/orgsUpdate.ftl | 10 +- .../src/main/resources/maxkey.properties | 4 +- 26 files changed, 730 insertions(+), 797 deletions(-) create mode 100644 maxkey-core/src/main/java/org/maxkey/constants/ContentType.java diff --git a/README.md b/README.md index ec045060..e8359dce 100644 --- a/README.md +++ b/README.md @@ -1,6 +1,6 @@ # MaxKey -MaxKey(马克思的钥匙)用户单点登录认证系统(Sigle Sign On System),寓意是最大钥匙,是业界领先的企业级IAM身份管理和身份认证产品,支持OAuth 2.0/OpenID Connect、SAML 2.0、JWT、CAS等标准化的开放协议,提供简单、标准、安全和开放的用户身份管理(IDM)、身份认证(AM)、单点登录(SSO)、资源管理和权限管理等。 +MaxKey(马克思的钥匙)用户单点登录认证系统(Sigle Sign On System),寓意是最大钥匙,是业界领先的企业级IAM身份管理和身份认证产品,支持OAuth 2.0/OpenID Connect、SAML 2.0、JWT、CAS等标准化的开放协议,提供简单、标准、安全和开放的用户身份管理(IDM)、身份认证(AM)、单点登录(SSO)、RBAC权限管理和资源管理等。 MaxKey 官方文档 | GitHub | 码云(Gitee) @@ -95,3 +95,9 @@ QQ交流群:434469201 | 邮箱EMAIL: shimingxy@163.com SCIM 2 Support-System for Cross-domain Identity Management Apache Kafka Support + +企业微信支持 + +钉钉支持 + +动态用户组实现(基于用户属性或机构) diff --git a/ReleaseNotes.txt b/ReleaseNotes.txt index 236cbaf9..816ec085 100644 --- a/ReleaseNotes.txt +++ b/ReleaseNotes.txt @@ -19,7 +19,9 @@ *(MAXKEY-200618) 修复更新应用时状态问题 *(MAXKEY-200619) REST API 机构和用户接口实现 *(MAXKEY-200620) 代码优化及命名调整 - *(MAXKEY-200621) 依赖jar升级,消除非必要依赖 + *(MAXKEY-200621) CAS协议增强 + *(MAXKEY-200622) 机构变更时JSON序列化错误修复 + *(MAXKEY-200623) 依赖jar升级,消除非必要依赖 spring 5.2.7.RELEASE springBoot 2.3.1.RELEASE springSecurity 5.3.2.RELEASE @@ -29,6 +31,9 @@ tomcat-embed 9.0.35 mybatis 3.5.5 mybatis-jpa-extra 2.1 + tomcat-embed 9.0.36 + simple-http 1.0.2 + JustAuth 1.15.6 MaxKey v 1.4.0 GA 2020/05/01 *(MAXKEY-200501) 登录错误修复 diff --git a/build.gradle b/build.gradle index 31531603..e1dba93f 100644 --- a/build.gradle +++ b/build.gradle @@ -188,6 +188,7 @@ subprojects { //compile group: 'org.springframework', name: 'spring-websocket', version: "${springVersion}" testCompile group: 'org.springframework', name: 'spring-test', version: "${springVersion}" + //kafka support // https://mvnrepository.com/artifact/org.apache.kafka/kafka-clients compile group: 'org.apache.kafka', name: 'kafka-clients', version: '2.5.0' // https://mvnrepository.com/artifact/org.springframework.kafka/spring-kafka @@ -195,7 +196,6 @@ subprojects { // https://mvnrepository.com/artifact/org.springframework.retry/spring-retry compile group: 'org.springframework.retry', name: 'spring-retry', version: '1.3.0' - //spring-security compile group: 'org.springframework.security', name: 'spring-security-core', version: "${springSecurityVersion}" compile group: 'org.springframework.security', name: 'spring-security-web', version: "${springSecurityVersion}" @@ -220,8 +220,8 @@ subprojects { compile group: 'net.minidev', name: 'json-smart', version: '2.3' compile group: 'net.minidev', name: 'asm', version: '1.0.2' //oauth third party JustAuth - compile group: 'com.xkcoding.http', name: 'simple-http', version: '1.0' - compile group: 'me.zhyd.oauth', name: 'JustAuth', version: '1.15.1' + compile group: 'com.xkcoding.http', name: 'simple-http', version: '1.0.2' + compile group: 'me.zhyd.oauth', name: 'JustAuth', version: '1.15.6' //common compile group: 'org.javassist', name: 'javassist', version: '3.23.0-GA' compile group: 'org.owasp.esapi', name: 'esapi', version: '2.2.0.0' @@ -300,7 +300,7 @@ subprojects { compile group: 'com.tencentcloudapi', name: 'tencentcloud-sdk-java', version: '3.1.33' //tomcat embed - compile group: 'org.apache.tomcat.embed', name: 'tomcat-embed-core', version: '9.0.35' + compile group: 'org.apache.tomcat.embed', name: 'tomcat-embed-core', version: '9.0.36' compile group: 'org.apache.tomcat.embed', name: 'tomcat-embed-logging-juli', version: '8.5.2' } diff --git a/maxkey-connectors/maxkey-connector-activedirectory/src/main/java/org/maxkey/connector/activedirectory/Organization2Activedirectory.java b/maxkey-connectors/maxkey-connector-activedirectory/src/main/java/org/maxkey/connector/activedirectory/Organization2Activedirectory.java index 2ffe3f12..90e4fb20 100644 --- a/maxkey-connectors/maxkey-connector-activedirectory/src/main/java/org/maxkey/connector/activedirectory/Organization2Activedirectory.java +++ b/maxkey-connectors/maxkey-connector-activedirectory/src/main/java/org/maxkey/connector/activedirectory/Organization2Activedirectory.java @@ -31,7 +31,7 @@ public class Organization2Activedirectory extends OrganizationConnector{ SearchControls constraints = new SearchControls(); constraints.setSearchScope(ldapUtils.getSearchScope()); NamingEnumeration results = ldapUtils.getConnection() - .search(ldapUtils.getBaseDN(), "(&(objectClass=organizationalUnit)(description="+organization.getpId()+"))", constraints); + .search(ldapUtils.getBaseDN(), "(&(objectClass=organizationalUnit)(description="+organization.getParentId()+"))", constraints); String rdn=""; if (results == null || !results.hasMore()) { rdn=ldapUtils.getBaseDN(); diff --git a/maxkey-connectors/maxkey-connector-ldap/src/main/java/org/maxkey/connector/ldap/Organization2Ldap.java b/maxkey-connectors/maxkey-connector-ldap/src/main/java/org/maxkey/connector/ldap/Organization2Ldap.java index bed80542..0d363805 100644 --- a/maxkey-connectors/maxkey-connector-ldap/src/main/java/org/maxkey/connector/ldap/Organization2Ldap.java +++ b/maxkey-connectors/maxkey-connector-ldap/src/main/java/org/maxkey/connector/ldap/Organization2Ldap.java @@ -31,7 +31,7 @@ public class Organization2Ldap extends OrganizationConnector{ SearchControls constraints = new SearchControls(); constraints.setSearchScope(ldapUtils.getSearchScope()); NamingEnumeration results = ldapUtils.getConnection() - .search(ldapUtils.getBaseDN(), "(&(objectClass=organizationalUnit)(description="+organization.getpId()+"))", constraints); + .search(ldapUtils.getBaseDN(), "(&(objectClass=organizationalUnit)(description="+organization.getParentId()+"))", constraints); String rdn=""; if (results == null || !results.hasMore()) { rdn=ldapUtils.getBaseDN(); diff --git a/maxkey-core/src/main/java/org/maxkey/constants/ContentType.java b/maxkey-core/src/main/java/org/maxkey/constants/ContentType.java new file mode 100644 index 00000000..a9690d1c --- /dev/null +++ b/maxkey-core/src/main/java/org/maxkey/constants/ContentType.java @@ -0,0 +1,33 @@ +package org.maxkey.constants; + +public class ContentType { + + public static final String TEXT_PLAIN = "text/plain"; + + public static final String TEXT_PLAIN_UTF8 = "text/plain;charset=UTF-8"; + + public static final String TEXT_XML = "text/xml"; + + public static final String TEXT_XML_UTF8 = "text/xml;charset=UTF-8"; + + public static final String APPLICATION_JSON = "application/json"; + + public static final String APPLICATION_JSON_UTF8 = "application/json;charset=UTF-8"; + + public static final String APPLICATION_JWT = "application/jwt"; + + public static final String APPLICATION_JWT_UTF8 = "application/jwt;charset=UTF-8"; + + public static final String APPLICATION_XML = "application/xml"; + + public static final String APPLICATION_XML_UTF8 = "application/xml;charset=UTF-8"; + + public static final String IMAGE_GIF = "image/gif"; + + public static final String IMAGE_JPEG = "image/jpeg"; + + public static final String IMAGE_PNG = "image/png"; + + + +} diff --git a/maxkey-core/src/main/java/org/maxkey/domain/Organizations.java b/maxkey-core/src/main/java/org/maxkey/domain/Organizations.java index b9695e59..39d35ebd 100644 --- a/maxkey-core/src/main/java/org/maxkey/domain/Organizations.java +++ b/maxkey-core/src/main/java/org/maxkey/domain/Organizations.java @@ -1,18 +1,18 @@ package org.maxkey.domain; import java.io.Serializable; - import javax.persistence.Column; import javax.persistence.GeneratedValue; import javax.persistence.GenerationType; import javax.persistence.Id; import javax.persistence.Table; - import org.apache.mybatis.jpa.persistence.JpaBaseDomain; @Table(name = "ORGANIZATIONS") public class Organizations extends JpaBaseDomain implements Serializable { + private static final long serialVersionUID = 5085413816404119803L; + @Id @Column @GeneratedValue(strategy = GenerationType.AUTO, generator = "uuid") @@ -24,15 +24,15 @@ public class Organizations extends JpaBaseDomain implements Serializable { @Column private String fullName; @Column - private String pId; + private String parentId; @Column - private String pName; + private String parentName; @Column private String type; @Column - private String xPath; + private String codePath; @Column - private String xNamePath; + private String namePath; @Column private String level; @Column @@ -60,15 +60,10 @@ public class Organizations extends JpaBaseDomain implements Serializable { @Column private String email; @Column - private String sortOrder; + private String sortIndex; @Column private String description; - /** - * - */ - private static final long serialVersionUID = 5085413816404119803L; - public Organizations() { // TODO Auto-generated constructor stub } @@ -105,20 +100,22 @@ public class Organizations extends JpaBaseDomain implements Serializable { this.fullName = fullName; } - public String getpId() { - return pId; + + + public String getParentId() { + return parentId; } - public void setpId(String pId) { - this.pId = pId; + public void setParentId(String parentId) { + this.parentId = parentId; } - public String getpName() { - return pName; + public String getParentName() { + return parentName; } - public void setpName(String pName) { - this.pName = pName; + public void setParentName(String parentName) { + this.parentName = parentName; } public String getType() { @@ -129,22 +126,6 @@ public class Organizations extends JpaBaseDomain implements Serializable { this.type = type; } - public String getxPath() { - return xPath; - } - - public void setxPath(String xPath) { - this.xPath = xPath; - } - - public String getxNamePath() { - return xNamePath; - } - - public void setxNamePath(String xNamePath) { - this.xNamePath = xNamePath; - } - public String getLevel() { return level; } @@ -265,14 +246,41 @@ public class Organizations extends JpaBaseDomain implements Serializable { this.description = description; } - @Override - public String toString() { - return "Organizations [id=" + id + ", code=" + code + ", name=" + name + ", fullName=" + fullName + ", pId=" - + pId + ", pName=" + pName + ", type=" + type + ", xPath=" + xPath + ", xNamePath=" + xNamePath - + ", level=" + level + ", hasChild=" + hasChild + ", division=" + division + ", country=" + country - + ", region=" + region + ", locality=" + locality + ", street=" + street + ", address=" + address - + ", contact=" + contact + ", postalCode=" + postalCode + ", phone=" + phone + ", fax=" + fax - + ", email=" + email + ", sortOrder=" + sortOrder + ", description=" + description + "]"; + public String getCodePath() { + return codePath; } + public void setCodePath(String codePath) { + this.codePath = codePath; + } + + public String getNamePath() { + return namePath; + } + + public void setNamePath(String namePath) { + this.namePath = namePath; + } + + public String getSortIndex() { + return sortIndex; + } + + public void setSortIndex(String sortIndex) { + this.sortIndex = sortIndex; + } + + @Override + public String toString() { + return "Organizations [id=" + id + ", code=" + code + ", name=" + name + ", fullName=" + fullName + + ", parentId=" + parentId + ", parentName=" + parentName + ", type=" + type + ", codePath=" + codePath + + ", namePath=" + namePath + ", level=" + level + ", hasChild=" + hasChild + ", division=" + division + + ", country=" + country + ", region=" + region + ", locality=" + locality + ", street=" + street + + ", address=" + address + ", contact=" + contact + ", postalCode=" + postalCode + ", phone=" + phone + + ", fax=" + fax + ", email=" + email + ", sortIndex=" + sortIndex + ", description=" + description + + "]"; + } + + + } diff --git a/maxkey-core/src/main/java/org/maxkey/domain/apps/Apps.java b/maxkey-core/src/main/java/org/maxkey/domain/apps/Apps.java index 93446631..48bd9fec 100644 --- a/maxkey-core/src/main/java/org/maxkey/domain/apps/Apps.java +++ b/maxkey-core/src/main/java/org/maxkey/domain/apps/Apps.java @@ -14,610 +14,479 @@ import org.maxkey.constants.Boolean; import org.maxkey.domain.Accounts; import org.springframework.web.multipart.MultipartFile; -@Table(name = "APPS") -public class Apps extends JpaBaseDomain implements Serializable{ - - /** - * - */ - private static final long serialVersionUID = -6264641546959620712L; - - public static final class CREDENTIALS{ - public static final int USER_DEFINED=3; - public static final int SHARED=2; - public static final int SYSTEM=1; - public static final int NONE=0; - } - - public static final class VISIBLE{ - public static final int HIDDEN=0; - public static final int ALL=1; - public static final int INTERNET=2; - public static final int INTRANET=3; - } - - @Id - @Column - @GeneratedValue(strategy=GenerationType.AUTO,generator="uuid") - protected String id; - /** - * - */ - @Column - private String name; - /* - * Login url - */ - @Column - private String loginUrl; - @Column - private String category; - @Column - private String protocol; - @Column - private String secret; - /* - * icon and icon upload field iconField - */ - @Column - private byte[] icon; - private MultipartFile iconFile; - @Column - private int visible; - /* - * vendor - */ - @Column - private String vendor; - @Column - private String vendorUrl; - - /* - * CREDENTIAL VALUES - * USER-DEFINED - * SYSTEM - * SHARED - * NONE - */ - @Column - private int credential; - @Column - private String sharedUsername; - @Column - private String sharedPassword; - @Column - private String systemUserAttr; - - //获取第三方token凭证 - @Column - private String principal; - @Column - private String credentials; - - /* - * extendAttr - */ - private int isExtendAttr; - private String extendAttr; - - /** - * Signature - * for client verify - * create by SignaturePublicKey & SignaturePrivateKey - * issuer is domain name - * subject is app id append domain name - */ - @Column - private int isSignature; - @Column - private int isAdapter; - @Column - private String adapter; - - protected Accounts appUser; - @Column - protected int sortIndex; - - @Column - protected int status; - @Column - protected String createdBy; - @Column - protected String createdDate; - @Column - protected String modifiedBy; - @Column - protected String modifiedDate; - @Column - protected String description; - - public Apps() { - super(); - isSignature=Boolean.FALSE; - credential=CREDENTIALS.NONE; - } - - /** - * @return the name - */ - public String getName() { - return name; - } - - - - - - /** - * @param name the name to set - */ - public void setName(String name) { - this.name = name; - } - - - - - - public String getId() { - return id; - } - - public void setId(String id) { - this.id = id; - } - - /** - * @return the loginUrl - */ - public String getLoginUrl() { - return loginUrl; - } - - - - - - /** - * @param loginUrl the loginUrl to set - */ - public void setLoginUrl(String loginUrl) { - this.loginUrl = loginUrl; - } - - - - - - /** - * @return the category - */ - public String getCategory() { - return category; - } - - - - - - /** - * @param category the category to set - */ - public void setCategory(String category) { - this.category = category; - } - - - - - - /** - * @return the protocol - */ - public String getProtocol() { - return protocol; - } - - - - - - /** - * @param protocol the protocol to set - */ - public void setProtocol(String protocol) { - this.protocol = protocol; - } - - - - - - /** - * @return the secret - */ - public String getSecret() { - return secret; - } - - - - - - /** - * @param secret the secret to set - */ - public void setSecret(String secret) { - this.secret = secret; - } - - - - - - /** - * @return the icon - */ - public byte[] getIcon() { - return icon; - } - - - public int getSortIndex() { - return sortIndex; - } - - public void setSortIndex(int sortIndex) { - this.sortIndex = sortIndex; - } - - /** - * @param icon the icon to set - */ - public void setIcon(byte[] icon) { - this.icon = icon; - } - - - - - - /** - * @return the iconFile - */ - public MultipartFile getIconFile() { - return iconFile; - } - - - - - - /** - * @return the description - */ - public String getDescription() { - return description; - } - - /** - * @param description the description to set - */ - public void setDescription(String description) { - this.description = description; - } - - /** - * @param iconFile the iconFile to set - */ - public void setIconFile(MultipartFile iconFile) { - this.iconFile = iconFile; - } - - - - - - /** - * @return the vendor - */ - public String getVendor() { - return vendor; - } - - - - - - /** - * @param vendor the vendor to set - */ - public void setVendor(String vendor) { - this.vendor = vendor; - } - - - - - - /** - * @return the vendorUrl - */ - public String getVendorUrl() { - return vendorUrl; - } - - - - - - /** - * @param vendorUrl the vendorUrl to set - */ - public void setVendorUrl(String vendorUrl) { - this.vendorUrl = vendorUrl; - } - - - - - - /** - * @return the credential - */ - public int getCredential() { - return credential; - } - - - - - - /** - * @param credential the credential to set - */ - public void setCredential(int credential) { - this.credential = credential; - } - - - - - - /** - * @return the sharedUsername - */ - public String getSharedUsername() { - return sharedUsername; - } - - - - - - /** - * @param sharedUsername the sharedUsername to set - */ - public void setSharedUsername(String sharedUsername) { - this.sharedUsername = sharedUsername; - } - - - - - - /** - * @return the sharedPassword - */ - public String getSharedPassword() { - return sharedPassword; - } - - - - - - /** - * @param sharedPassword the sharedPassword to set - */ - public void setSharedPassword(String sharedPassword) { - this.sharedPassword = sharedPassword; - } - - - - - - /** - * @return the systemUserAttr - */ - public String getSystemUserAttr() { - return systemUserAttr; - } - - - - - - /** - * @param systemUserAttr the systemUserAttr to set - */ - public void setSystemUserAttr(String systemUserAttr) { - this.systemUserAttr = systemUserAttr; - } - - - - - - /** - * @return the isExtendAttr - */ - public int getIsExtendAttr() { - return isExtendAttr; - } - - - - - - /** - * @param isExtendAttr the isExtendAttr to set - */ - public void setIsExtendAttr(int isExtendAttr) { - this.isExtendAttr = isExtendAttr; - } - - - - - - /** - * @return the extendAttr - */ - public String getExtendAttr() { - return extendAttr; - } - - - - - - /** - * @param extendAttr the extendAttr to set - */ - public void setExtendAttr(String extendAttr) { - this.extendAttr = extendAttr; - } - - public int getVisible() { - return visible; - } - - public void setVisible(int visible) { - this.visible = visible; - } - - - public int getIsSignature() { - return isSignature; - } - - public void setIsSignature(int isSignature) { - this.isSignature = isSignature; - } - - /** - * @return the isAdapter - */ - public int getIsAdapter() { - return isAdapter; - } - - - /** - * @param isAdapter the isAdapter to set - */ - public void setIsAdapter(int isAdapter) { - this.isAdapter = isAdapter; - } - - - /** - * @return the adapter - */ - public String getAdapter() { - return adapter; - } - - - /** - * @param adapter the adapter to set - */ - public void setAdapter(String adapter) { - this.adapter = adapter; - } - - - public Accounts getAppUser() { - return appUser; - } - - - public void setAppUser(Accounts appUser) { - this.appUser = appUser; - } - - - public String getPrincipal() { - return principal; - } - - public void setPrincipal(String principal) { - this.principal = principal; - } - - public String getCredentials() { - return credentials; - } - - public void setCredentials(String credentials) { - this.credentials = credentials; - } - - public String getCreatedBy() { - return createdBy; - } - - public void setCreatedBy(String createdBy) { - this.createdBy = createdBy; - } - - public String getCreatedDate() { - return createdDate; - } - - public void setCreatedDate(String createdDate) { - this.createdDate = createdDate; - } - - public String getModifiedBy() { - return modifiedBy; - } - - public void setModifiedBy(String modifiedBy) { - this.modifiedBy = modifiedBy; - } - - public String getModifiedDate() { - return modifiedDate; - } - - public void setModifiedDate(String modifiedDate) { - this.modifiedDate = modifiedDate; - } - - public int getStatus() { - return status; - } - - public void setStatus(int status) { - this.status = status; - } - - @Override - public String toString() { - return "Applications [name=" + name + ", loginUrl=" + loginUrl - + ", category=" + category + ", protocol=" + protocol - + ", secret=" + secret + ", icon=" + Arrays.toString(icon) - + ", iconFile=" + iconFile + ", visible=" + visible - + ", vendor=" + vendor + ", vendorUrl=" + vendorUrl - + ", credential=" + credential + ", sharedUsername=" - + sharedUsername + ", sharedPassword=" + sharedPassword - + ", systemUserAttr=" + systemUserAttr + ", isExtendAttr=" - + isExtendAttr + ", extendAttr=" + extendAttr - + ", isSignature=" + isSignature - + "]"; - } +@Table(name = "APPS") +public class Apps extends JpaBaseDomain implements Serializable { + + /** + * + */ + private static final long serialVersionUID = -6264641546959620712L; + + public static final class CREDENTIALS { + public static final int USER_DEFINED = 3; + public static final int SHARED = 2; + public static final int SYSTEM = 1; + public static final int NONE = 0; + } + + public static final class VISIBLE { + public static final int HIDDEN = 0; + public static final int ALL = 1; + public static final int INTERNET = 2; + public static final int INTRANET = 3; + } + + @Id + @Column + @GeneratedValue(strategy = GenerationType.AUTO, generator = "uuid") + protected String id; + /** + * + */ + @Column + private String name; + /* + * Login url + */ + @Column + private String loginUrl; + @Column + private String category; + @Column + private String protocol; + @Column + private String secret; + /* + * icon and icon upload field iconField + */ + @Column + private byte[] icon; + private MultipartFile iconFile; + @Column + private int visible; + /* + * vendor + */ + @Column + private String vendor; + @Column + private String vendorUrl; + + /* + * CREDENTIAL VALUES USER-DEFINED SYSTEM SHARED NONE + */ + @Column + private int credential; + @Column + private String sharedUsername; + @Column + private String sharedPassword; + @Column + private String systemUserAttr; + + // 获取第三方token凭证 + @Column + private String principal; + @Column + private String credentials; + + /* + * extendAttr + */ + private int isExtendAttr; + private String extendAttr; + + /** + * Signature for client verify create by SignaturePublicKey & + * SignaturePrivateKey issuer is domain name subject is app id append domain + * name + */ + @Column + private int isSignature; + @Column + private int isAdapter; + @Column + private String adapter; + + protected Accounts appUser; + @Column + protected int sortIndex; + + @Column + protected int status; + @Column + protected String createdBy; + @Column + protected String createdDate; + @Column + protected String modifiedBy; + @Column + protected String modifiedDate; + @Column + protected String description; + + public Apps() { + super(); + isSignature = Boolean.FALSE; + credential = CREDENTIALS.NONE; + } + + /** + * @return the name + */ + public String getName() { + return name; + } + + /** + * @param name the name to set + */ + public void setName(String name) { + this.name = name; + } + + public String getId() { + return id; + } + + public void setId(String id) { + this.id = id; + } + + /** + * @return the loginUrl + */ + public String getLoginUrl() { + return loginUrl; + } + + /** + * @param loginUrl the loginUrl to set + */ + public void setLoginUrl(String loginUrl) { + this.loginUrl = loginUrl; + } + + /** + * @return the category + */ + public String getCategory() { + return category; + } + + /** + * @param category the category to set + */ + public void setCategory(String category) { + this.category = category; + } + + /** + * @return the protocol + */ + public String getProtocol() { + return protocol; + } + + /** + * @param protocol the protocol to set + */ + public void setProtocol(String protocol) { + this.protocol = protocol; + } + + /** + * @return the secret + */ + public String getSecret() { + return secret; + } + + /** + * @param secret the secret to set + */ + public void setSecret(String secret) { + this.secret = secret; + } + + /** + * @return the icon + */ + public byte[] getIcon() { + return icon; + } + + public int getSortIndex() { + return sortIndex; + } + + public void setSortIndex(int sortIndex) { + this.sortIndex = sortIndex; + } + + /** + * @param icon the icon to set + */ + public void setIcon(byte[] icon) { + this.icon = icon; + } + + /** + * @return the iconFile + */ + public MultipartFile getIconFile() { + return iconFile; + } + + /** + * @return the description + */ + public String getDescription() { + return description; + } + + /** + * @param description the description to set + */ + public void setDescription(String description) { + this.description = description; + } + + /** + * @param iconFile the iconFile to set + */ + public void setIconFile(MultipartFile iconFile) { + this.iconFile = iconFile; + } + + /** + * @return the vendor + */ + public String getVendor() { + return vendor; + } + + /** + * @param vendor the vendor to set + */ + public void setVendor(String vendor) { + this.vendor = vendor; + } + + /** + * @return the vendorUrl + */ + public String getVendorUrl() { + return vendorUrl; + } + + /** + * @param vendorUrl the vendorUrl to set + */ + public void setVendorUrl(String vendorUrl) { + this.vendorUrl = vendorUrl; + } + + /** + * @return the credential + */ + public int getCredential() { + return credential; + } + + /** + * @param credential the credential to set + */ + public void setCredential(int credential) { + this.credential = credential; + } + + /** + * @return the sharedUsername + */ + public String getSharedUsername() { + return sharedUsername; + } + + /** + * @param sharedUsername the sharedUsername to set + */ + public void setSharedUsername(String sharedUsername) { + this.sharedUsername = sharedUsername; + } + + /** + * @return the sharedPassword + */ + public String getSharedPassword() { + return sharedPassword; + } + + /** + * @param sharedPassword the sharedPassword to set + */ + public void setSharedPassword(String sharedPassword) { + this.sharedPassword = sharedPassword; + } + + /** + * @return the systemUserAttr + */ + public String getSystemUserAttr() { + return systemUserAttr; + } + + /** + * @param systemUserAttr the systemUserAttr to set + */ + public void setSystemUserAttr(String systemUserAttr) { + this.systemUserAttr = systemUserAttr; + } + + /** + * @return the isExtendAttr + */ + public int getIsExtendAttr() { + return isExtendAttr; + } + + /** + * @param isExtendAttr the isExtendAttr to set + */ + public void setIsExtendAttr(int isExtendAttr) { + this.isExtendAttr = isExtendAttr; + } + + /** + * @return the extendAttr + */ + public String getExtendAttr() { + return extendAttr; + } + + /** + * @param extendAttr the extendAttr to set + */ + public void setExtendAttr(String extendAttr) { + this.extendAttr = extendAttr; + } + + public int getVisible() { + return visible; + } + + public void setVisible(int visible) { + this.visible = visible; + } + + public int getIsSignature() { + return isSignature; + } + + public void setIsSignature(int isSignature) { + this.isSignature = isSignature; + } + + /** + * @return the isAdapter + */ + public int getIsAdapter() { + return isAdapter; + } + + /** + * @param isAdapter the isAdapter to set + */ + public void setIsAdapter(int isAdapter) { + this.isAdapter = isAdapter; + } + + /** + * @return the adapter + */ + public String getAdapter() { + return adapter; + } + + /** + * @param adapter the adapter to set + */ + public void setAdapter(String adapter) { + this.adapter = adapter; + } + + public Accounts getAppUser() { + return appUser; + } + + public void setAppUser(Accounts appUser) { + this.appUser = appUser; + } + + public String getPrincipal() { + return principal; + } + + public void setPrincipal(String principal) { + this.principal = principal; + } + + public String getCredentials() { + return credentials; + } + + public void setCredentials(String credentials) { + this.credentials = credentials; + } + + public String getCreatedBy() { + return createdBy; + } + + public void setCreatedBy(String createdBy) { + this.createdBy = createdBy; + } + + public String getCreatedDate() { + return createdDate; + } + + public void setCreatedDate(String createdDate) { + this.createdDate = createdDate; + } + + public String getModifiedBy() { + return modifiedBy; + } + + public void setModifiedBy(String modifiedBy) { + this.modifiedBy = modifiedBy; + } + + public String getModifiedDate() { + return modifiedDate; + } + + public void setModifiedDate(String modifiedDate) { + this.modifiedDate = modifiedDate; + } + + public int getStatus() { + return status; + } + + public void setStatus(int status) { + this.status = status; + } + + @Override + public String toString() { + return "Applications [name=" + name + ", loginUrl=" + loginUrl + ", category=" + category + ", protocol=" + + protocol + ", secret=" + secret + ", icon=" + Arrays.toString(icon) + ", iconFile=" + iconFile + + ", visible=" + visible + ", vendor=" + vendor + ", vendorUrl=" + vendorUrl + ", credential=" + + credential + ", sharedUsername=" + sharedUsername + ", sharedPassword=" + sharedPassword + + ", systemUserAttr=" + systemUserAttr + ", isExtendAttr=" + isExtendAttr + ", extendAttr=" + extendAttr + + ", isSignature=" + isSignature + "]"; + } } diff --git a/maxkey-core/src/main/java/org/maxkey/domain/apps/AppsCasDetails.java b/maxkey-core/src/main/java/org/maxkey/domain/apps/AppsCasDetails.java index bc7d3bc6..ffa18975 100644 --- a/maxkey-core/src/main/java/org/maxkey/domain/apps/AppsCasDetails.java +++ b/maxkey-core/src/main/java/org/maxkey/domain/apps/AppsCasDetails.java @@ -6,55 +6,45 @@ import javax.persistence.GenerationType; import javax.persistence.Id; import javax.persistence.Table; -@Table(name = "APPS_CAS_DETAILS") +@Table(name = "APPS_CAS_DETAILS") public class AppsCasDetails extends Apps { - /** - * - */ - private static final long serialVersionUID = -4272290765948322084L; - @Id - @Column - @GeneratedValue(strategy=GenerationType.AUTO,generator="uuid") - private String id; - @Column - private String service; - @Column - private String validation; - - /** - * @return the service - */ - public String getService() { - return service; - } - /** - * @param service the service to set - */ - public void setService(String service) { - this.service = service; - } - /** - * @return the validation - */ - public String getValidation() { - return validation; - } - /** - * @param validation the validation to set - */ - public void setValidation(String validation) { - this.validation = validation; - } - /* (non-Javadoc) - * @see java.lang.Object#toString() - */ - @Override - public String toString() { - return "CASDetails [service=" + service + ", validation=" + validation - + "]"; - } - - - + /** + * + */ + private static final long serialVersionUID = -4272290765948322084L; + @Id + @Column + @GeneratedValue(strategy = GenerationType.AUTO, generator = "uuid") + private String id; + @Column + private String service; + @Column + private String callbackUrl; + + /** + * @return the service + */ + public String getService() { + return service; + } + + /** + * @param service the service to set + */ + public void setService(String service) { + this.service = service; + } + + public String getCallbackUrl() { + return callbackUrl; + } + + public void setCallbackUrl(String callbackUrl) { + this.callbackUrl = callbackUrl; + } + + + + } diff --git a/maxkey-core/src/main/java/org/maxkey/domain/apps/AppsSAML20Details.java b/maxkey-core/src/main/java/org/maxkey/domain/apps/AppsSAML20Details.java index d2b9c6e0..83c3aff6 100644 --- a/maxkey-core/src/main/java/org/maxkey/domain/apps/AppsSAML20Details.java +++ b/maxkey-core/src/main/java/org/maxkey/domain/apps/AppsSAML20Details.java @@ -77,13 +77,13 @@ public class AppsSAML20Details extends Apps { @Column private int nameIdConvert; - public static class BINDINGTYPE { - public String Redirect_Post = "Redirect-Post"; - public String Post_Post = "Post-Post"; - public String IdpInit_Post = "IdpInit-Post"; - public String Redirect_PostSimpleSign = "Redirect-PostSimpleSign"; - public String Post_PostSimpleSign = "Post-PostSimpleSign"; - public String IdpInit_PostSimpleSign = "IdpInit-PostSimpleSign"; + public static final class BindingType { + public static final String Redirect_Post = "Redirect-Post"; + public static final String Post_Post = "Post-Post"; + public static final String IdpInit_Post = "IdpInit-Post"; + public static final String Redirect_PostSimpleSign = "Redirect-PostSimpleSign"; + public static final String Post_PostSimpleSign = "Post-PostSimpleSign"; + public static final String IdpInit_PostSimpleSign = "IdpInit-PostSimpleSign"; } /** diff --git a/maxkey-core/src/main/java/org/maxkey/web/image/AbstractImageEndpoint.java b/maxkey-core/src/main/java/org/maxkey/web/image/AbstractImageEndpoint.java index 2eefdb7d..29324022 100644 --- a/maxkey-core/src/main/java/org/maxkey/web/image/AbstractImageEndpoint.java +++ b/maxkey-core/src/main/java/org/maxkey/web/image/AbstractImageEndpoint.java @@ -10,6 +10,7 @@ import javax.servlet.ServletOutputStream; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.maxkey.configuration.ApplicationConfig; +import org.maxkey.constants.ContentType; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; @@ -48,7 +49,7 @@ public class AbstractImageEndpoint { // Set standard HTTP/1.0 no-cache header. response.setHeader("Pragma", "no-cache"); // return a jpeg/gif - response.setContentType("image/gif"); + response.setContentType(ContentType.IMAGE_GIF); _logger.trace("create the image"); // create the image if (bufferedImage != null) { diff --git a/maxkey-persistence/src/main/resources/org/maxkey/persistence/mapper/xml/mysql/OrganizationsMapper.xml b/maxkey-persistence/src/main/resources/org/maxkey/persistence/mapper/xml/mysql/OrganizationsMapper.xml index 83d238e1..51f70e8f 100644 --- a/maxkey-persistence/src/main/resources/org/maxkey/persistence/mapper/xml/mysql/OrganizationsMapper.xml +++ b/maxkey-persistence/src/main/resources/org/maxkey/persistence/mapper/xml/mysql/OrganizationsMapper.xml @@ -9,11 +9,11 @@ AND NAME like '%#{name}%' - - AND PID = #{pId} + + AND PARENTID = #{parentId} - - AND PNAME like '%#{pName}%' + + AND PARENTNAME like '%#{parentName}%' @@ -41,8 +41,8 @@ ADN STATUS = '1' - - ADN XPATH = #{xPath} + + ADN CODEPATH = #{codePath} diff --git a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java index c8c3b082..e0dfedeb 100644 --- a/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java @@ -94,6 +94,17 @@ public class CasAuthorizeEndpoint extends AuthorizeBaseEndpoint{ String ticket=ticketServices.createTicket(serviceTicket); - return WebContext.redirect(casDetails.getService()+"?"+CasConstants.PARAMETER.TICKET+"="+ticket); + StringBuffer callbackUrl = new StringBuffer(casDetails.getCallbackUrl()); + if(casDetails.getCallbackUrl().indexOf("?")==-1) { + callbackUrl.append("?"); + } + + callbackUrl.append(CasConstants.PARAMETER.TICKET).append("=").append(ticket) + .append("&") + .append(CasConstants.PARAMETER.SERVICE).append("=").append(casDetails.getService()); + + _logger.debug("redirect to CAS Client URL " + callbackUrl); + + return WebContext.redirect(callbackUrl.toString()); } } diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/OAuthDefaultUserInfoAdapter.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/OAuthDefaultUserInfoAdapter.java index 4ccde7d6..9274a1cb 100644 --- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/OAuthDefaultUserInfoAdapter.java +++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/OAuthDefaultUserInfoAdapter.java @@ -4,7 +4,6 @@ import java.util.HashMap; import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter; import org.maxkey.domain.UserInfo; -import org.maxkey.util.DateUtils; import org.maxkey.util.JsonUtils; import org.maxkey.util.StringGenerator; import org.springframework.web.servlet.ModelAndView; diff --git a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/UserInfoEndpoint.java b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/UserInfoEndpoint.java index 5fd2f32e..d37e09f0 100644 --- a/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/UserInfoEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/UserInfoEndpoint.java @@ -6,12 +6,16 @@ import java.util.HashMap; import java.util.Set; import java.util.UUID; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter; import org.maxkey.authz.oauth2.common.exceptions.OAuth2Exception; import org.maxkey.authz.oauth2.provider.ClientDetailsService; import org.maxkey.authz.oauth2.provider.OAuth2Authentication; import org.maxkey.authz.oauth2.provider.token.DefaultTokenServices; import org.maxkey.constants.Boolean; +import org.maxkey.constants.ContentType; import org.maxkey.crypto.ReciprocalUtils; import org.maxkey.crypto.jwt.encryption.service.JwtEncryptionAndDecryptionService; import org.maxkey.crypto.jwt.encryption.service.impl.RecipientJwtEncryptionAndDecryptionServiceBuilder; @@ -76,6 +80,7 @@ public class UserInfoEndpoint { @Qualifier("jwtEncryptionService") private JwtEncryptionAndDecryptionService jwtEnDecryptionService; + private SymmetricSigningAndValidationServiceBuilder symmetricJwtSignerServiceBuilder =new SymmetricSigningAndValidationServiceBuilder(); @@ -85,13 +90,16 @@ public class UserInfoEndpoint { OAuthDefaultUserInfoAdapter defaultOAuthUserInfoAdapter=new OAuthDefaultUserInfoAdapter(); - @RequestMapping(value="/oauth/v20/me",produces="text/plain;charset=UTF-8") + @RequestMapping(value="/oauth/v20/me") @ResponseBody public String apiV20UserInfo( - @RequestParam(value = "access_token", required = true) String access_token) { + @RequestParam(value = "access_token", required = true) String access_token, + HttpServletRequest request, + HttpServletResponse response) { + response.setContentType(ContentType.APPLICATION_JSON_UTF8); String principal=""; if (!StringGenerator.uuidMatches(access_token)) { - return accessTokenFormatError(access_token); + return JsonUtils.gson2Json(accessTokenFormatError(access_token)); } OAuth2Authentication oAuth2Authentication =null; try{ @@ -103,8 +111,6 @@ public class UserInfoEndpoint { UserInfo userInfo=queryUserInfo(principal); Apps app=appsService.get(client_id); - String userJson=""; - AbstractAuthorizeAdapter adapter; if(Boolean.isTrue(app.getIsAdapter())){ adapter =(AbstractAuthorizeAdapter)Instance.newInstance(app.getAdapter()); @@ -112,28 +118,28 @@ public class UserInfoEndpoint { adapter =(AbstractAuthorizeAdapter)defaultOAuthUserInfoAdapter; } - String jsonData=adapter.generateInfo(userInfo, null); - userJson=adapter.sign(jsonData, app); - - return userJson; - + String jsonData=adapter.generateInfo(userInfo, app); + return jsonData; }catch(OAuth2Exception e){ HashMapauthzException=new HashMap(); authzException.put(OAuth2Exception.ERROR, e.getOAuth2ErrorCode()); authzException.put(OAuth2Exception.DESCRIPTION,e.getMessage()); - return JsonUtils.object2Json(authzException); + return JsonUtils.gson2Json(authzException); } } - @RequestMapping(value="/connect/v10/userinfo",produces="text/plain;charset=UTF-8") + @RequestMapping(value="/connect/v10/userinfo") @ResponseBody - public String apiConnect10aUserInfo( - @RequestHeader(value = "Authorization", required = true) String access_token) { + public String connect10aUserInfo( + @RequestHeader(value = "Authorization", required = true) String access_token, + HttpServletRequest request, + HttpServletResponse response) { String principal=""; if (!StringGenerator.uuidMatches(access_token)) { - return accessTokenFormatError(access_token); + return JsonUtils.gson2Json(accessTokenFormatError(access_token)); } + OAuth2Authentication oAuth2Authentication =null; try{ oAuth2Authentication = oauth20tokenServices.loadAuthentication(access_token); @@ -207,10 +213,14 @@ public class UserInfoEndpoint { JWTClaimsSet userInfoJWTClaims = jwtClaimsSetBuilder.build(); JWT userInfoJWT=null; JWSAlgorithm signingAlg = jwtSignerValidationService.getDefaultSigningAlgorithm(); - if (clientDetails.getUserInfoEncryptedAlgorithm() != null && !clientDetails.getUserInfoEncryptedAlgorithm().equals("none") - && clientDetails.getUserInfoEncryptionMethod() != null && !clientDetails.getUserInfoEncryptionMethod().equals("none") + if (clientDetails.getUserInfoEncryptedAlgorithm() != null + && !clientDetails.getUserInfoEncryptedAlgorithm().equals("none") + && clientDetails.getUserInfoEncryptionMethod() != null + && !clientDetails.getUserInfoEncryptionMethod().equals("none") &&clientDetails.getJwksUri()!=null&&clientDetails.getJwksUri().length()>4 ) { + //需要加密 + response.setContentType(ContentType.APPLICATION_JWT_UTF8); JwtEncryptionAndDecryptionService recipientJwtEnDecryptionService = recipientJwtEnDecryptionServiceBuilder.serviceBuilder(clientDetails.getJwksUri()); @@ -227,38 +237,41 @@ public class UserInfoEndpoint { authzException.put(OAuth2Exception.DESCRIPTION,"Couldn't find encrypter for client: " + clientDetails.getClientId()); return JsonUtils.gson2Json(authzException); } - } else { - if (clientDetails.getUserInfoSigningAlgorithm()==null||clientDetails.getUserInfoSigningAlgorithm().equals("none")) { - // unsigned ID token - //userInfoJWT = new PlainJWT(userInfoJWTClaims); - userJson=JsonUtils.gson2Json(jwtClaimsSetBuilder.getClaims()); - } else { - // signed ID token - if (signingAlg.equals(JWSAlgorithm.HS256) - || signingAlg.equals(JWSAlgorithm.HS384) - || signingAlg.equals(JWSAlgorithm.HS512)) { - // sign it with the client's secret - String client_secret=ReciprocalUtils.decoder(clientDetails.getClientSecret()); - - JwtSigningAndValidationService symmetricJwtSignerService =symmetricJwtSignerServiceBuilder.serviceBuilder(client_secret); - if(symmetricJwtSignerService!=null){ - userInfoJWTClaims = new JWTClaimsSet.Builder(userInfoJWTClaims).claim("kid", "SYMMETRIC-KEY").build(); - userInfoJWT = new SignedJWT(new JWSHeader(signingAlg), userInfoJWTClaims); - symmetricJwtSignerService.signJwt((SignedJWT) userInfoJWT); - }else{ - _logger.error("Couldn't create symmetric validator for client " + clientDetails.getClientId() + " without a client secret"); - } - } else { - userInfoJWTClaims = new JWTClaimsSet.Builder(userInfoJWTClaims).claim("kid", jwtSignerValidationService.getDefaultSignerKeyId()).build(); + }else if (clientDetails.getUserInfoSigningAlgorithm()!=null + && !clientDetails.getUserInfoSigningAlgorithm().equals("none")) { + //需要签名 + response.setContentType(ContentType.APPLICATION_JWT_UTF8); + // signed ID token + if (signingAlg.equals(JWSAlgorithm.HS256) + || signingAlg.equals(JWSAlgorithm.HS384) + || signingAlg.equals(JWSAlgorithm.HS512)) { + // sign it with the client's secret + String client_secret=ReciprocalUtils.decoder(clientDetails.getClientSecret()); + + JwtSigningAndValidationService symmetricJwtSignerService =symmetricJwtSignerServiceBuilder.serviceBuilder(client_secret); + if(symmetricJwtSignerService!=null){ + userInfoJWTClaims = new JWTClaimsSet.Builder(userInfoJWTClaims).claim("kid", "SYMMETRIC-KEY").build(); userInfoJWT = new SignedJWT(new JWSHeader(signingAlg), userInfoJWTClaims); - // sign it with the server's key - jwtSignerValidationService.signJwt((SignedJWT) userInfoJWT); + symmetricJwtSignerService.signJwt((SignedJWT) userInfoJWT); + }else{ + _logger.error("Couldn't create symmetric validator for client " + clientDetails.getClientId() + " without a client secret"); } - userJson=userInfoJWT.serialize(); + } else { + userInfoJWTClaims = new JWTClaimsSet.Builder(userInfoJWTClaims).claim("kid", jwtSignerValidationService.getDefaultSignerKeyId()).build(); + userInfoJWT = new SignedJWT(new JWSHeader(signingAlg), userInfoJWTClaims); + // sign it with the server's key + jwtSignerValidationService.signJwt((SignedJWT) userInfoJWT); } - } + userJson=userInfoJWT.serialize(); + }else { + //不需要加密和签名 + response.setContentType(ContentType.APPLICATION_JSON_UTF8); + // unsigned ID token + //userInfoJWT = new PlainJWT(userInfoJWTClaims); + userJson=JsonUtils.gson2Json(jwtClaimsSetBuilder.getClaims()); + } - return userJson; + return userJson; }catch(OAuth2Exception e){ HashMapauthzException=new HashMap(); @@ -267,17 +280,15 @@ public class UserInfoEndpoint { return JsonUtils.object2Json(authzException); } } - - - public String accessTokenFormatError(String access_token){ + + public HashMap accessTokenFormatError(String access_token){ HashMapatfe=new HashMap(); atfe.put(OAuth2Exception.ERROR, "token Format Invalid"); atfe.put(OAuth2Exception.DESCRIPTION, "access Token Format Invalid , access_token : "+access_token); - return JsonUtils.object2Json(atfe); + return atfe; } - public UserInfo queryUserInfo(String uid){ _logger.debug("uid : "+uid); UserInfo userInfo = (UserInfo) userInfoService.loadByUsername(uid); diff --git a/maxkey-web-manage/src/main/java/org/maxkey/web/contorller/OrganizationsController.java b/maxkey-web-manage/src/main/java/org/maxkey/web/contorller/OrganizationsController.java index 59388e6f..3fa1ec4b 100644 --- a/maxkey-web-manage/src/main/java/org/maxkey/web/contorller/OrganizationsController.java +++ b/maxkey-web-manage/src/main/java/org/maxkey/web/contorller/OrganizationsController.java @@ -48,7 +48,7 @@ public class OrganizationsController { } treeNode.setAttr("data", org); - treeNode.setPId(org.getpId()); + treeNode.setPId(org.getParentId()); if (org.getId().equals("1")) { treeNode.setAttr("open", Boolean.valueOf(true)); } else { diff --git a/maxkey-web-manage/src/main/resources/maxkey.properties b/maxkey-web-manage/src/main/resources/maxkey.properties index f1594aaa..f9f62443 100644 --- a/maxkey-web-manage/src/main/resources/maxkey.properties +++ b/maxkey-web-manage/src/main/resources/maxkey.properties @@ -12,7 +12,7 @@ config.maxkey.uri=${config.server.name}/maxkey #InMemory 0 , jdbc 1, Redis 2 config.server.persistence=0 #identity -config.identity.kafkasupport=true +config.identity.kafkasupport=false ############################################################################ # Login configuration #enable captcha @@ -62,7 +62,7 @@ config.saml.v20.sp.keystore=classpath\:config/samlClientKeystore.jks config.saml.v20.sp.issuing.entity.id=client.maxkey.org ############################################################################ -config.oidc.metadata.issuer=${config.server.name}/maxkey +config.oidc.metadata.issuer=https://${config.server.domain.sub}/maxkey config.oidc.metadata.authorizationEndpoint=${config.server.name}/maxkey/oauth/v20/authorize config.oidc.metadata.tokenEndpoint=${config.server.name}/maxkey/oauth/v20/token config.oidc.metadata.userinfoEndpoint=${config.server.name}/maxkey/api/connect/userinfo diff --git a/maxkey-web-manage/src/main/resources/messages/message.properties b/maxkey-web-manage/src/main/resources/messages/message.properties index d90a7eab..5cb51d0e 100644 --- a/maxkey-web-manage/src/main/resources/messages/message.properties +++ b/maxkey-web-manage/src/main/resources/messages/message.properties @@ -298,8 +298,8 @@ apps.formbased.parameter=\u53C2\u6570 apps.formbased.parameter.value=\u53C2\u6570\u503C #cas apps.cas.info=CAS\u8BA4\u8BC1 -apps.cas.service=\u670D\u52A1\u5730\u5740 -apps.cas.validation=\u9A8C\u8BC1\u5730\u5740 +apps.cas.service=\u670D\u52A1 +apps.cas.callbackUrl=\u56DE\u8C03\u5730\u5740 #desktop apps.desktop.info=\u684C\u9762\u8BA4\u8BC1 apps.desktop.programPath=\u5E94\u7528\u5B89\u88C5\u8DEF\u5F84 diff --git a/maxkey-web-manage/src/main/resources/messages/message_en.properties b/maxkey-web-manage/src/main/resources/messages/message_en.properties index 6f7ce6c0..48a2e48a 100644 --- a/maxkey-web-manage/src/main/resources/messages/message_en.properties +++ b/maxkey-web-manage/src/main/resources/messages/message_en.properties @@ -298,7 +298,7 @@ apps.formbased.authorizeView=authorizeView #cas apps.cas.info=CAS Info apps.cas.service=service -apps.cas.validation=validation +apps.cas.callbackUrl=CallbackUrl #desktop apps.desktop.info=Desktop Info apps.desktop.programPath=programPath diff --git a/maxkey-web-manage/src/main/resources/messages/message_zh_CN.properties b/maxkey-web-manage/src/main/resources/messages/message_zh_CN.properties index d90a7eab..5cb51d0e 100644 --- a/maxkey-web-manage/src/main/resources/messages/message_zh_CN.properties +++ b/maxkey-web-manage/src/main/resources/messages/message_zh_CN.properties @@ -298,8 +298,8 @@ apps.formbased.parameter=\u53C2\u6570 apps.formbased.parameter.value=\u53C2\u6570\u503C #cas apps.cas.info=CAS\u8BA4\u8BC1 -apps.cas.service=\u670D\u52A1\u5730\u5740 -apps.cas.validation=\u9A8C\u8BC1\u5730\u5740 +apps.cas.service=\u670D\u52A1 +apps.cas.callbackUrl=\u56DE\u8C03\u5730\u5740 #desktop apps.desktop.info=\u684C\u9762\u8BA4\u8BC1 apps.desktop.programPath=\u5E94\u7528\u5B89\u88C5\u8DEF\u5F84 diff --git a/maxkey-web-manage/src/main/resources/templates/views/apps/cas/appAdd.ftl b/maxkey-web-manage/src/main/resources/templates/views/apps/cas/appAdd.ftl index 2791ad5e..17c2040d 100644 --- a/maxkey-web-manage/src/main/resources/templates/views/apps/cas/appAdd.ftl +++ b/maxkey-web-manage/src/main/resources/templates/views/apps/cas/appAdd.ftl @@ -52,9 +52,9 @@ $(function(){ - <@locale code="apps.cas.validation"/>: + <@locale code="apps.cas.callbackUrl"/>: - + diff --git a/maxkey-web-manage/src/main/resources/templates/views/apps/cas/appUpdate.ftl b/maxkey-web-manage/src/main/resources/templates/views/apps/cas/appUpdate.ftl index 94ee9831..3b25f8c9 100644 --- a/maxkey-web-manage/src/main/resources/templates/views/apps/cas/appUpdate.ftl +++ b/maxkey-web-manage/src/main/resources/templates/views/apps/cas/appUpdate.ftl @@ -62,9 +62,9 @@ $(function(){ - <@locale code="apps.cas.validation"/>: + <@locale code="apps.cas.callbackUrl"/>: - + diff --git a/maxkey-web-manage/src/main/resources/templates/views/orgs/orgsAdd.ftl b/maxkey-web-manage/src/main/resources/templates/views/orgs/orgsAdd.ftl index ddbeb4f9..107f1780 100644 --- a/maxkey-web-manage/src/main/resources/templates/views/orgs/orgsAdd.ftl +++ b/maxkey-web-manage/src/main/resources/templates/views/orgs/orgsAdd.ftl @@ -39,11 +39,11 @@ $(function () { <@locale code="org.pid" />: - + <@locale code="org.pname" />: - + <@locale code="org.id" />: @@ -60,13 +60,13 @@ $(function () { <@locale code="org.xpath" /> : - + <@locale code="org.xnamepath" /> : - + @@ -81,7 +81,7 @@ $(function () { <@locale code="org.sortorder" /> : - + diff --git a/maxkey-web-manage/src/main/resources/templates/views/orgs/orgsList.ftl b/maxkey-web-manage/src/main/resources/templates/views/orgs/orgsList.ftl index 20837cd1..357059ac 100644 --- a/maxkey-web-manage/src/main/resources/templates/views/orgs/orgsList.ftl +++ b/maxkey-web-manage/src/main/resources/templates/views/orgs/orgsList.ftl @@ -177,7 +177,7 @@ $(function () {
- + "> " expandValue="<@locale code="button.text.expandsearch"/>" collapseValue="<@locale code="button.text.collapsesearch"/>">
diff --git a/maxkey-web-manage/src/main/resources/templates/views/orgs/orgsUpdate.ftl b/maxkey-web-manage/src/main/resources/templates/views/orgs/orgsUpdate.ftl index eb4b010c..c813b7f4 100644 --- a/maxkey-web-manage/src/main/resources/templates/views/orgs/orgsUpdate.ftl +++ b/maxkey-web-manage/src/main/resources/templates/views/orgs/orgsUpdate.ftl @@ -38,11 +38,11 @@ $(function () { <@locale code="org.pid" />: - + <@locale code="org.pname" />: - + <@locale code="org.id" />: @@ -59,13 +59,13 @@ $(function () { <@locale code="org.xpath" /> : - + <@locale code="org.xnamepath" /> : - + @@ -80,7 +80,7 @@ $(function () { <@locale code="org.sortorder" /> : - + diff --git a/maxkey-web-maxkey/src/main/resources/maxkey.properties b/maxkey-web-maxkey/src/main/resources/maxkey.properties index ec474877..ed597c6f 100644 --- a/maxkey-web-maxkey/src/main/resources/maxkey.properties +++ b/maxkey-web-maxkey/src/main/resources/maxkey.properties @@ -4,8 +4,8 @@ # domain name configuration config.server.domain=maxkey.top config.server.domain.sub=sso.${config.server.domain} -config.server.name=http://${config.server.domain.sub} -config.server.prefix.uri=${config.server.name}:80/maxkey +config.server.name=https://${config.server.domain.sub} +config.server.prefix.uri=${config.server.name}/maxkey #default.uri config.server.default.uri=${config.server.prefix.uri}/maxkey/appList config.server.management.uri=${config.server.name}:9521/maxkey-mgt/login