RefreshToken

2022-04-30 11:15:16 +08:00
parent 69aa4f27ad
commit eb748ac827
61 changed files with 542 additions and 342 deletions
--- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/MaxKeyMgtConfig.java
+++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/MaxKeyMgtConfig.java
@@ -37,7 +37,7 @@ public class MaxKeyMgtConfig  implements InitializingBean {
    private static final  Logger _logger = LoggerFactory.getLogger(MaxKeyMgtConfig.class);
    
 	//authenticationRealm for MaxKeyMgtApplication
-	@Bean(name = "authenticationRealm")
+	@Bean
 	public JdbcAuthenticationRealm authenticationRealm(
 			PasswordEncoder passwordEncoder,
 	    		PasswordPolicyValidator passwordPolicyValidator,
@@ -58,7 +58,7 @@ public class MaxKeyMgtConfig  implements InitializingBean {
        return authenticationRealm;
    }

-	@Bean(name = "timeBasedOtpAuthn")
+	@Bean
    public AbstractOtpAuthn timeBasedOtpAuthn() {
 		AbstractOtpAuthn tfaOtpAuthn = new TimeBasedOtpAuthn();
 	    _logger.debug("TimeBasedOtpAuthn inited.");
--- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/Oauth20ClientAutoConfiguration.java
+++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/Oauth20ClientAutoConfiguration.java
@@ -46,8 +46,8 @@ import org.springframework.security.crypto.password.PasswordEncoder;
 public class Oauth20ClientAutoConfiguration  implements InitializingBean {
    private static final  Logger _logger = LoggerFactory.getLogger(Oauth20ClientAutoConfiguration.class);
    
-    @Bean(name = "oauth20JdbcClientDetailsService")
-    public JdbcClientDetailsService jdbcClientDetailsService(
+    @Bean
+    public JdbcClientDetailsService oauth20JdbcClientDetailsService(
                DataSource dataSource,PasswordEncoder passwordReciprocal) {
 	    JdbcClientDetailsService clientDetailsService = new JdbcClientDetailsService(dataSource);
 	    clientDetailsService.setPasswordEncoder(passwordReciprocal);
@@ -60,7 +60,7 @@ public class Oauth20ClientAutoConfiguration  implements InitializingBean {
     * @param persistence int
     * @return oauth20TokenStore
     */
-    @Bean(name = "oauth20TokenStore")
+    @Bean
    public TokenStore oauth20TokenStore(
            @Value("${maxkey.server.persistence}") int persistence,
            JdbcTemplate jdbcTemplate,
@@ -81,8 +81,8 @@ public class Oauth20ClientAutoConfiguration  implements InitializingBean {
     * clientDetailsUserDetailsService. 
     * @return oauth20TokenServices
     */
-    @Bean(name = "oauth20TokenServices")
-    public DefaultTokenServices defaultTokenServices(
+    @Bean
+    public DefaultTokenServices oauth20TokenServices(
            JdbcClientDetailsService oauth20JdbcClientDetailsService,
            TokenStore oauth20TokenStore) {
        DefaultTokenServices tokenServices = new DefaultTokenServices();
@@ -96,7 +96,7 @@ public class Oauth20ClientAutoConfiguration  implements InitializingBean {
     * ProviderManager. 
     * @return oauth20ClientAuthenticationManager
     */
-    @Bean(name = "oauth20ClientAuthenticationManager")
+    @Bean
    public ProviderManager oauth20ClientAuthenticationManager(
            JdbcClientDetailsService oauth20JdbcClientDetailsService,
            PasswordEncoder passwordReciprocal
--- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/api/endpoint/RestTimeBasedOtpController.java
+++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/api/endpoint/RestTimeBasedOtpController.java
@@ -21,7 +21,6 @@ import org.maxkey.entity.UserInfo;
 import org.maxkey.password.onetimepwd.AbstractOtpAuthn;
 import org.maxkey.persistence.service.UserInfoService;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -36,11 +35,9 @@ import io.swagger.v3.oas.annotations.tags.Tag;
 public class RestTimeBasedOtpController {

 	@Autowired
-    @Qualifier("timeBasedOtpAuthn")
    protected AbstractOtpAuthn timeBasedOtpAuthn;
    
    @Autowired
-    @Qualifier("userInfoService")
    private UserInfoService userInfoService;
    
    @Operation(summary = "基于时间令牌验证 API文档模块", description = "传递参数username和token",method="GET")
--- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/apps/contorller/SAML20DetailsController.java
+++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/apps/contorller/SAML20DetailsController.java
@@ -63,8 +63,7 @@ public class SAML20DetailsController   extends BaseAppContorller {
 	final static Logger _logger = LoggerFactory.getLogger(SAML20DetailsController.class);
 	
 	@Autowired
-	@Qualifier("keyStoreLoader")
-	private KeyStoreLoader idpKeyStoreLoader;
+	private KeyStoreLoader keyStoreLoader;
 	
 	@Autowired
 	AppsSaml20DetailsService saml20DetailsService;
@@ -184,7 +183,7 @@ public class SAML20DetailsController   extends BaseAppContorller {
 		
 			samlDetails.setCertIssuer(X509CertUtils.getCommonName(samlDetails.getTrustCert().getIssuerX500Principal()));
 			
-			KeyStore keyStore = KeyStoreUtil.clone(idpKeyStoreLoader.getKeyStore(),idpKeyStoreLoader.getKeystorePassword());
+			KeyStore keyStore = KeyStoreUtil.clone(keyStoreLoader.getKeyStore(),keyStoreLoader.getKeystorePassword());
 		
 			KeyStore trustKeyStore = null;
 			if (!samlDetails.getEntityId().equals("")) {
@@ -193,7 +192,7 @@ public class SAML20DetailsController   extends BaseAppContorller {
 				trustKeyStore = KeyStoreUtil.importTrustCertificate(keyStore,samlDetails.getTrustCert());
 			}
 		
-			byte[] keyStoreByte = KeyStoreUtil.keyStore2Bytes(trustKeyStore,idpKeyStoreLoader.getKeystorePassword());
+			byte[] keyStoreByte = KeyStoreUtil.keyStore2Bytes(trustKeyStore,keyStoreLoader.getKeystorePassword());
 		
 			// store KeyStore content
 			samlDetails.setKeyStore(keyStoreByte);
--- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/DashboardController.java
+++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/DashboardController.java
@@ -26,7 +26,6 @@ import org.maxkey.persistence.service.ReportService;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Controller;
@@ -41,7 +40,6 @@ public class DashboardController {
 	
 	private static Logger _logger = LoggerFactory.getLogger(DashboardController.class);
 	@Autowired
-	@Qualifier("reportService")
 	ReportService reportService;

 	@RequestMapping(value={"/dashboard"}, produces = {MediaType.APPLICATION_JSON_VALUE})
--- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/LoginEntryPoint.java
+++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/LoginEntryPoint.java
@@ -22,7 +22,7 @@ import java.util.HashMap;
 import org.maxkey.authn.AbstractAuthenticationProvider;
 import org.maxkey.authn.LoginCredential;
 import org.maxkey.authn.jwt.AuthJwt;
-import org.maxkey.authn.jwt.AuthJwtService;
+import org.maxkey.authn.jwt.AuthTokenService;
 import org.maxkey.configuration.ApplicationConfig;
 import org.maxkey.entity.Institutions;
 import org.maxkey.entity.Message;
@@ -50,13 +50,12 @@ public class LoginEntryPoint {
 	private static Logger _logger = LoggerFactory.getLogger(LoginEntryPoint.class);
 	
 	@Autowired
-	AuthJwtService authJwtService;
+	AuthTokenService authTokenService;
 	
 	@Autowired
  	protected ApplicationConfig applicationConfig;
 	
 	@Autowired
-	@Qualifier("authenticationProvider")
 	AbstractAuthenticationProvider authenticationProvider ;
 	
 	/**
@@ -77,15 +76,15 @@ public class LoginEntryPoint {
 			model.put("captcha", inst.getCaptchaSupport());
 			model.put("captchaType", inst.getCaptchaType());
 		}
-		model.put("state", authJwtService.genJwt());
+		model.put("state", authTokenService.genRandomJwt());
 		return new Message<HashMap<String , Object>>(model).buildResponse();
 	}
 	
 	@RequestMapping(value={"/signin"}, produces = {MediaType.APPLICATION_JSON_VALUE})
 	public ResponseEntity<?> signin( @RequestBody LoginCredential loginCredential) {
- 		if(authJwtService.validateJwtToken(loginCredential.getState())){
+ 		if(authTokenService.validateJwtToken(loginCredential.getState())){
 	 		Authentication  authentication  = authenticationProvider.authenticate(loginCredential);
-	 		AuthJwt authJwt = authJwtService.genAuthJwt(authentication);
+	 		AuthJwt authJwt = authTokenService.genAuthJwt(authentication);
 	 		return new Message<AuthJwt>(authJwt).buildResponse();
 		}
 		return new Message<AuthJwt>(Message.FAIL).buildResponse();
--- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/UserAdjointController.java
+++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/contorller/UserAdjointController.java
@@ -29,7 +29,6 @@ import org.maxkey.web.message.MessageType;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.PathVariable;
@@ -44,7 +43,6 @@ public class UserAdjointController {
 	final static Logger _logger = LoggerFactory.getLogger(UserAdjointController.class);
 	
 	@Autowired
-	@Qualifier("userInfoAdjointService")
 	UserInfoAdjointService userInfoAdjointService;

 	
--- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/historys/contorller/ConnectorHistoryController.java
+++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/historys/contorller/ConnectorHistoryController.java
@@ -52,7 +52,6 @@ public class ConnectorHistoryController {
 final static Logger _logger = LoggerFactory.getLogger(ConnectorHistoryController.class);

 	@Autowired
-    @Qualifier("historyConnectorService")
 	HistoryConnectorService historyConnectorService;
 	
 	/**
--- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/historys/contorller/SynchronizerHistoryController.java
+++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/historys/contorller/SynchronizerHistoryController.java
@@ -29,7 +29,6 @@ import org.maxkey.util.DateUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.beans.propertyeditors.CustomDateEditor;
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Controller;
@@ -52,7 +51,6 @@ public class SynchronizerHistoryController {
 final static Logger _logger = LoggerFactory.getLogger(SynchronizerHistoryController.class);

 	@Autowired
-    @Qualifier("historySynchronizerService")
 	HistorySynchronizerService historySynchronizerService;
 	
 	/**
--- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/interceptor/Oauth20ApiPermissionAdapter.java
+++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/interceptor/Oauth20ApiPermissionAdapter.java
@@ -30,7 +30,6 @@ import org.maxkey.util.AuthorizationHeaderUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.stereotype.Component;
 import org.springframework.web.servlet.AsyncHandlerInterceptor;

@@ -44,12 +43,10 @@ public class Oauth20ApiPermissionAdapter  implements AsyncHandlerInterceptor  {
 	private static final Logger _logger = LoggerFactory.getLogger(Oauth20ApiPermissionAdapter.class);
 	
 	@Autowired
-    @Qualifier("passwordReciprocal")
    protected PasswordReciprocal passwordReciprocal;
 	
 	@Autowired
-    @Qualifier("oauth20TokenServices")
-    private DefaultTokenServices oauth20tokenServices;
+    private DefaultTokenServices oauth20TokenServices;
 	
 	static  ConcurrentHashMap<String ,String >navigationsMap=null;
 	
@@ -64,7 +61,7 @@ public class Oauth20ApiPermissionAdapter  implements AsyncHandlerInterceptor  {
 		String  authorization = request.getHeader(AuthorizationHeaderUtils.HEADER_Authorization);
 		 
 		 String accessToken = AuthorizationHeaderUtils.resolveBearer(authorization);
-		 OAuth2Authentication authentication = oauth20tokenServices.loadAuthentication(accessToken);
+		 OAuth2Authentication authentication = oauth20TokenServices.loadAuthentication(accessToken);
 		 
 		//判断应用的accessToken信息
 		if(authentication != null ){
--- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/interceptor/RestApiPermissionAdapter.java
+++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/interceptor/RestApiPermissionAdapter.java
@@ -31,7 +31,6 @@ import org.maxkey.util.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.security.authentication.ProviderManager;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.userdetails.User;
@@ -48,12 +47,10 @@ public class RestApiPermissionAdapter  implements AsyncHandlerInterceptor  {
 	private static final Logger _logger = LoggerFactory.getLogger(RestApiPermissionAdapter.class);

 	@Autowired
-	@Qualifier("oauth20TokenServices")
 	DefaultTokenServices oauth20TokenServices;

 	@Autowired
-    @Qualifier("oauth20ClientAuthenticationManager")
-	ProviderManager authenticationManager;
+	ProviderManager oauth20ClientAuthenticationManager;
 	
 	static  ConcurrentHashMap<String ,String >navigationsMap=null;
 	
@@ -79,7 +76,7 @@ public class RestApiPermissionAdapter  implements AsyncHandlerInterceptor  {
 							new UsernamePasswordAuthenticationToken(
 									headerCredential.getUsername(),
 									headerCredential.getCredential());
-			    	authenticationToken= (UsernamePasswordAuthenticationToken)authenticationManager.authenticate(authRequest);
+			    	authenticationToken= (UsernamePasswordAuthenticationToken)oauth20ClientAuthenticationManager.authenticate(authRequest);
 			    }
 			}else {
 				_logger.trace("Authentication bearer " + headerCredential.getCredential());
--- a/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/permissions/contorller/RolePrivilegesController.java
+++ b/maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/permissions/contorller/RolePrivilegesController.java
@@ -30,7 +30,6 @@ import org.maxkey.util.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
 import org.springframework.http.MediaType;
 import org.springframework.http.ResponseEntity;
 import org.springframework.stereotype.Controller;
@@ -46,7 +45,6 @@ public class RolePrivilegesController {
 	final static Logger _logger = LoggerFactory.getLogger(RolePrivilegesController.class);
 	
 	@Autowired
-    @Qualifier("rolesService")
    RolesService rolesService;
 	
 	@ResponseBody
--- a/maxkey-webs/maxkey-web-mgt/src/main/resources/application-http.properties
+++ b/maxkey-webs/maxkey-web-mgt/src/main/resources/application-http.properties
@@ -40,9 +40,11 @@ maxkey.server.persistence                       =0
 #identity none, Kafka ,RocketMQ
 maxkey.server.message.queue                     =${SERVER_MESSAGE_QUEUE:none}

-maxkey.auth.jwt.expire                          =86400
+maxkey.session.timeout                          =${SERVER_SESSION_TIMEOUT:1800}
+maxkey.auth.jwt.expires                         =86400
 maxkey.auth.jwt.issuer                          =${maxkey.server.uri}
 maxkey.auth.jwt.secret                          =7heM-14BtxjyKPuH3ITIm7q2-ps5MuBirWCsrrdbzzSAOuSPrbQYiaJ54AeA0uH2XdkYy3hHAkTFIsieGkyqxOJZ_dQzrCbaYISH9rhUZAKYx8tUY0wkE4ArOC6LqHDJarR6UIcMsARakK9U4dhoOPO1cj74XytemI-w6ACYfzRUn_Rn4e-CQMcnD1C56oNEukwalf06xVgXl41h6K8IBEzLVod58y_VfvFn-NGWpNG0fy_Qxng6dg8Dgva2DobvzMN2eejHGLGB-x809MvC4zbG7CKNVlcrzMYDt2Gt2sOVDrt2l9YqJNfgaLFjrOEVw5cuXemGkX1MvHj6TAsbLg
+maxkey.auth.jwt.refresh.secret                  =7heM-14BtxjyKPuH3ITIm7q2-ps5MuBirWCsrrdbzzSAOuSPrbQYiaJ54AeA0uH2XdkYy3hHAkTFIsieGkyqxOJZ_dQzrCbaYISH9rhUZAKYx8tUY0wkE4ArOC6LqHDJarR6UIcMsARakK9U4dhoOPO1cj74XytemI-w6ACYfzRUn_Rn4e-CQMcnD1C56oNEukwalf06xVgXl41h6K8IBEzLVod58y_VfvFn-NGWpNG0fy_Qxng6dg8Dgva2DobvzMN2eejHGLGB-x809MvC4zbG7CKNVlcrzMYDt2Gt2sOVDrt2l9YqJNfgaLFjrOEVw5cuXemGkX1MvHj6TAsbLg
 ############################################################################
 #Login configuration                                                       #
 ############################################################################