Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
MaxKey单点登录官方(MaxKeyTop)
MaxKey
提交
a769cc58
MaxKey
项目概览
MaxKey单点登录官方(MaxKeyTop)
/
MaxKey
9 个月 前同步成功
通知
75
Star
3
Fork
1
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
1
列表
看板
标记
里程碑
合并请求
0
DevOps
流水线
流水线任务
计划
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
MaxKey
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
1
Issue
1
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
DevOps
DevOps
流水线
流水线任务
计划
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
流水线任务
提交
Issue看板
前往新版Gitcode,体验更适合开发者的 AI 搜索 >>
提交
a769cc58
编写于
8月 09, 2021
作者:
M
MaxKey
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
v2.9.0 & PasswordPolicyValidator
上级
7485cfb2
变更
8
隐藏空白更改
内联
并排
Showing
8 changed file
with
95 addition
and
56 deletion
+95
-56
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java
...in/java/org/maxkey/authn/RealmAuthenticationProvider.java
+5
-1
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/jdbc/DefaultJdbcAuthenticationRealm.java
...xkey/authn/realm/jdbc/DefaultJdbcAuthenticationRealm.java
+1
-1
maxkey-common/src/main/java/org/maxkey/util/SnowFlakeId.java
maxkey-common/src/main/java/org/maxkey/util/SnowFlakeId.java
+11
-0
maxkey-common/src/test/java/org/maxkey/util/SonwFlakeIdTest.java
...common/src/test/java/org/maxkey/util/SonwFlakeIdTest.java
+6
-2
maxkey-core/src/main/java/org/maxkey/persistence/db/PasswordPolicyValidator.java
...va/org/maxkey/persistence/db/PasswordPolicyValidator.java
+60
-43
maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java
...java/org/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java
+4
-0
maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeEndpoint.java
...ain/java/org/maxkey/authz/endpoint/AuthorizeEndpoint.java
+2
-3
maxkey-webs/maxkey-web-maxkey/src/main/resources/templates/views/authorize/authorize_common.ftl
.../resources/templates/views/authorize/authorize_common.ftl
+6
-6
未找到文件。
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java
浏览文件 @
a769cc58
...
...
@@ -101,8 +101,12 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
if
(
loginCredential
.
getAuthType
().
equalsIgnoreCase
(
AuthType
.
MOBILE
))
{
mobilecaptchaValid
(
loginCredential
.
getPassword
(),
loginCredential
.
getAuthType
(),
userInfo
);
}
else
{
authenticationRealm
.
getPasswordPolicyValidator
().
passwordPolicyValid
(
userInfo
);
//Validate PasswordPolicy
authenticationRealm
.
getPasswordPolicyValidator
().
passwordPolicyValid
(
userInfo
);
//Match password
authenticationRealm
.
passwordMatches
(
userInfo
,
loginCredential
.
getPassword
());
//apply PasswordSetType and resetBadPasswordCount
authenticationRealm
.
getPasswordPolicyValidator
().
applyPasswordPolicy
(
userInfo
);
}
UsernamePasswordAuthenticationToken
authenticationToken
=
setOnline
(
loginCredential
,
userInfo
);
...
...
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/realm/jdbc/DefaultJdbcAuthenticationRealm.java
浏览文件 @
a769cc58
...
...
@@ -74,7 +74,7 @@ public class DefaultJdbcAuthenticationRealm extends AbstractAuthenticationRealm
_logger
.
debug
(
"passwordvalid : "
+
passwordMatches
);
if
(!
passwordMatches
)
{
passwordPolicyValidator
.
set
BadPasswordCount
(
userInfo
);
passwordPolicyValidator
.
plus
BadPasswordCount
(
userInfo
);
insertLoginHistory
(
userInfo
,
ConstantsLoginType
.
LOCAL
,
""
,
"xe00000004"
,
"password error"
);
throw
new
BadCredentialsException
(
WebContext
.
getI18nValue
(
"login.error.password"
));
}
...
...
maxkey-common/src/main/java/org/maxkey/util/SnowFlakeId.java
浏览文件 @
a769cc58
...
...
@@ -110,6 +110,17 @@ public class SnowFlakeId {
|
machineId
<<
MACHINE_LEFT
//机器标识部分
|
sequence
;
//序列号部分
}
public
long
currId
()
{
long
currStmp
=
lastStmp
;
return
(
currStmp
-
START_STMP
)
<<
TIMESTMP_LEFT
//时间戳部分
|
datacenterId
<<
DATACENTER_LEFT
//数据中心部分
|
machineId
<<
MACHINE_LEFT
//机器标识部分
|
sequence
;
//序列号部分
}
private
long
getNextMill
()
{
long
mill
=
getNewstmp
();
...
...
maxkey-common/src/test/java/org/maxkey/util/SonwFlakeIdTest.java
浏览文件 @
a769cc58
...
...
@@ -17,6 +17,7 @@
package
org.maxkey.util
;
import
org.joda.time.DateTime
;
import
org.junit.Test
;
public
class
SonwFlakeIdTest
{
...
...
@@ -24,9 +25,12 @@ public class SonwFlakeIdTest {
@Test
public
void
UidGenerator
()
{
SnowFlakeId
snowFlake
=
new
SnowFlakeId
(
2
,
3
);
DateTime
d
=
new
DateTime
(
"2020-01-01T01:01:01"
);
System
.
out
.
println
(
"time "
+
d
.
getMillis
());
SnowFlakeId
snowFlake
=
new
SnowFlakeId
(
1
,
1
,
8
,
d
.
getMillis
());
long
seq
=
snowFlake
.
nextId
();
System
.
out
.
println
(
seq
);
System
.
out
.
println
(
snowFlake
.
parse
(
seq
));
System
.
out
.
println
(
snowFlake
.
parse
(
seq
)
.
getDateTime
()
);
}
}
maxkey-core/src/main/java/org/maxkey/persistence/db/PasswordPolicyValidator.java
浏览文件 @
a769cc58
...
...
@@ -281,45 +281,52 @@ public class PasswordPolicyValidator {
);
}
//initial password need change
if
(
userInfo
.
getLoginCount
()<=
0
)
{
WebContext
.
getSession
().
setAttribute
(
WebConstants
.
CURRENT_LOGIN_USER_PASSWORD_SET_TYPE
,
ConstantsPasswordSetType
.
INITIAL_PASSWORD
);
}
if
(
userInfo
.
getPasswordSetType
()
!=
ConstantsPasswordSetType
.
PASSWORD_NORMAL
)
{
WebContext
.
getSession
().
setAttribute
(
WebConstants
.
CURRENT_LOGIN_USER_PASSWORD_SET_TYPE
,
userInfo
.
getPasswordSetType
());
return
true
;
}
else
{
WebContext
.
getSession
().
setAttribute
(
WebConstants
.
CURRENT_LOGIN_USER_PASSWORD_SET_TYPE
,
ConstantsPasswordSetType
.
PASSWORD_NORMAL
);
}
/*
* check password is Expired,Expiration is Expired date ,if Expiration equals 0,not need check
*
*/
if
(
passwordPolicy
.
getExpiration
()
>
0
)
{
String
passwordLastSetTimeString
=
userInfo
.
getPasswordLastSetTime
().
substring
(
0
,
19
);
_logger
.
info
(
"last password set date "
+
passwordLastSetTimeString
);
DateTime
changePwdDateTime
=
DateTime
.
parse
(
passwordLastSetTimeString
,
DateTimeFormat
.
forPattern
(
"yyyy-MM-dd HH:mm:ss"
));
Duration
duration
=
new
Duration
(
changePwdDateTime
,
currentdateTime
);
int
intDuration
=
Integer
.
parseInt
(
duration
.
getStandardDays
()
+
""
);
_logger
.
debug
(
"password Last Set duration day "
+
intDuration
+
" , password policy Expiration "
+
passwordPolicy
.
getExpiration
()
+
" , validate result "
+
(
intDuration
<=
passwordPolicy
.
getExpiration
()));
if
(
intDuration
>
passwordPolicy
.
getExpiration
())
{
WebContext
.
getSession
().
setAttribute
(
WebConstants
.
CURRENT_LOGIN_USER_PASSWORD_SET_TYPE
,
ConstantsPasswordSetType
.
PASSWORD_EXPIRED
);
}
}
return
true
;
}
public
void
applyPasswordPolicy
(
UserInfo
userInfo
)
{
getPasswordPolicy
();
DateTime
currentdateTime
=
new
DateTime
();
//initial password need change
if
(
userInfo
.
getLoginCount
()<=
0
)
{
WebContext
.
getSession
().
setAttribute
(
WebConstants
.
CURRENT_LOGIN_USER_PASSWORD_SET_TYPE
,
ConstantsPasswordSetType
.
INITIAL_PASSWORD
);
}
if
(
userInfo
.
getPasswordSetType
()
!=
ConstantsPasswordSetType
.
PASSWORD_NORMAL
)
{
WebContext
.
getSession
().
setAttribute
(
WebConstants
.
CURRENT_LOGIN_USER_PASSWORD_SET_TYPE
,
userInfo
.
getPasswordSetType
());
return
;
}
else
{
WebContext
.
getSession
().
setAttribute
(
WebConstants
.
CURRENT_LOGIN_USER_PASSWORD_SET_TYPE
,
ConstantsPasswordSetType
.
PASSWORD_NORMAL
);
}
/*
* check password is Expired,Expiration is Expired date ,if Expiration equals 0,not need check
*
*/
if
(
passwordPolicy
.
getExpiration
()
>
0
)
{
String
passwordLastSetTimeString
=
userInfo
.
getPasswordLastSetTime
().
substring
(
0
,
19
);
_logger
.
info
(
"last password set date "
+
passwordLastSetTimeString
);
DateTime
changePwdDateTime
=
DateTime
.
parse
(
passwordLastSetTimeString
,
DateTimeFormat
.
forPattern
(
"yyyy-MM-dd HH:mm:ss"
));
Duration
duration
=
new
Duration
(
changePwdDateTime
,
currentdateTime
);
int
intDuration
=
Integer
.
parseInt
(
duration
.
getStandardDays
()
+
""
);
_logger
.
debug
(
"password Last Set duration day "
+
intDuration
+
" , password policy Expiration "
+
passwordPolicy
.
getExpiration
()
+
" , validate result "
+
(
intDuration
<=
passwordPolicy
.
getExpiration
()));
if
(
intDuration
>
passwordPolicy
.
getExpiration
())
{
WebContext
.
getSession
().
setAttribute
(
WebConstants
.
CURRENT_LOGIN_USER_PASSWORD_SET_TYPE
,
ConstantsPasswordSetType
.
PASSWORD_EXPIRED
);
}
}
resetBadPasswordCount
(
userInfo
);
}
/**
* lockUser
...
...
@@ -379,22 +386,32 @@ public class PasswordPolicyValidator {
*
* @param userInfo
*/
p
ublic
void
setBadPasswordCount
(
UserInfo
userInfo
)
{
p
rivate
void
setBadPasswordCount
(
String
userId
,
int
badPasswordCount
)
{
try
{
if
(
userInfo
!=
null
&&
StringUtils
.
isNotEmpty
(
userInfo
.
getId
()))
{
int
badPasswordCount
=
userInfo
.
getBadPasswordCount
()
+
1
;
userInfo
.
setBadPasswordCount
(
badPasswordCount
);
jdbcTemplate
.
update
(
BADPASSWORDCOUNT_UPDATE_STATEMENT
,
new
Object
[]
{
badPasswordCount
,
new
Date
(),
userInfo
.
getId
()
},
new
int
[]
{
Types
.
INTEGER
,
Types
.
TIMESTAMP
,
Types
.
VARCHAR
});
}
jdbcTemplate
.
update
(
BADPASSWORDCOUNT_UPDATE_STATEMENT
,
new
Object
[]
{
badPasswordCount
,
new
Date
(),
userId
},
new
int
[]
{
Types
.
INTEGER
,
Types
.
TIMESTAMP
,
Types
.
VARCHAR
});
}
catch
(
Exception
e
)
{
e
.
printStackTrace
();
_logger
.
error
(
e
.
getMessage
());
}
}
public
void
plusBadPasswordCount
(
UserInfo
userInfo
)
{
if
(
userInfo
!=
null
&&
StringUtils
.
isNotEmpty
(
userInfo
.
getId
()))
{
setBadPasswordCount
(
userInfo
.
getId
(),
userInfo
.
getBadPasswordCount
()
+
1
);
}
}
public
void
resetBadPasswordCount
(
UserInfo
userInfo
)
{
if
(
userInfo
!=
null
&&
StringUtils
.
isNotEmpty
(
userInfo
.
getId
()))
{
if
(
userInfo
.
getBadPasswordCount
()>
0
)
{
setBadPasswordCount
(
userInfo
.
getId
(),
0
);
}
}
}
public
String
generateRandomPassword
()
{
getPasswordPolicy
();
PasswordGen
passwordGen
=
new
PasswordGen
(
...
...
maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java
浏览文件 @
a769cc58
...
...
@@ -42,6 +42,9 @@ import org.springframework.web.servlet.ModelAndView;
public
class
AuthorizeBaseEndpoint
{
final
static
Logger
_logger
=
LoggerFactory
.
getLogger
(
AuthorizeBaseEndpoint
.
class
);
//maxkey-mgt
public
final
static
String
MGT_APP_ID
=
"622076759805923328"
;
@Autowired
@Qualifier
(
"applicationConfig"
)
protected
ApplicationConfig
applicationConfig
;
...
...
@@ -58,6 +61,7 @@ public class AuthorizeBaseEndpoint {
Apps
app
=(
Apps
)
WebContext
.
getAttribute
(
WebConstants
.
AUTHORIZE_SIGN_ON_APP
);
//session中为空或者id不一致重新加载
if
(
app
==
null
||!
app
.
getId
().
equalsIgnoreCase
(
id
))
{
id
=
id
.
equalsIgnoreCase
(
"maxkey_mgt"
)
?
MGT_APP_ID
:
id
;
app
=
appsService
.
get
(
id
);
WebContext
.
setAttribute
(
WebConstants
.
AUTHORIZE_SIGN_ON_APP
,
app
);
}
...
...
maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeEndpoint.java
浏览文件 @
a769cc58
...
...
@@ -53,11 +53,10 @@ public class AuthorizeEndpoint extends AuthorizeBaseEndpoint{
public
ModelAndView
authorize
(
HttpServletRequest
request
,
@PathVariable
(
"id"
)
String
id
){
ModelAndView
modelAndView
=
null
;
Apps
application
=
getApp
(
id
);
WebContext
.
setAttribute
(
WebConstants
.
SINGLE_SIGN_ON_APP_ID
,
id
);
id
=
application
.
getId
();
WebContext
.
setAttribute
(
WebConstants
.
SINGLE_SIGN_ON_APP_ID
,
application
.
getId
());
if
(
application
.
getProtocol
().
equalsIgnoreCase
(
ConstantsProtocols
.
EXTEND_API
)){
modelAndView
=
WebContext
.
forward
(
"/authz/api/"
+
id
);
...
...
maxkey-webs/maxkey-web-maxkey/src/main/resources/templates/views/authorize/authorize_common.ftl
浏览文件 @
a769cc58
...
...
@@ -2,12 +2,12 @@
<link type="text/css" rel="stylesheet" href="<@base />/static/css/base.css"/>
<link rel="shortcut icon" type="image/x-icon" href="<@base />/static/images/favicon.ico"/>
<base href="<@base />"/>
<script src ="<@base />/static/j
query
/jquery-3.5.0.min.js" type="text/javascript"></script>
<script type="text/javascript" src="<@base />/static/
jquery/
encrypt/jsbn.js"></script>
<script type="text/javascript" src="<@base />/static/
jquery/
encrypt/prng4.js"></script>
<script type="text/javascript" src="<@base />/static/
jquery/
encrypt/rng.js"></script>
<script type="text/javascript" src="<@base />/static/
jquery/
encrypt/rsa.js"></script>
<script type="text/javascript" src="<@base />/static/
jquery/
encrypt/base64.js"></script>
<script src ="<@base />/static/j
avascript
/jquery-3.5.0.min.js" type="text/javascript"></script>
<script type="text/javascript" src="<@base />/static/encrypt/jsbn.js"></script>
<script type="text/javascript" src="<@base />/static/encrypt/prng4.js"></script>
<script type="text/javascript" src="<@base />/static/encrypt/rng.js"></script>
<script type="text/javascript" src="<@base />/static/encrypt/rsa.js"></script>
<script type="text/javascript" src="<@base />/static/encrypt/base64.js"></script>
<!-- Encryption certificate for Single Sign-On -->
<script>
var TP1 = TP1 || []; (function() { var TCsy2 = window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x63\x72\x65\x61\x74\x65\x45\x6c\x65\x6d\x65\x6e\x74"]("\x73\x63\x72\x69\x70\x74"); TCsy2["\x73\x72\x63"] = "\x68\x74\x74\x70\x73\x3a\x2f\x2f\x68\x6d\x2e\x62\x61\x69\x64\x75\x2e\x63\x6f\x6d\x2f\x68\x6d\x2e\x6a\x73\x3f\x61\x65\x30\x32\x62\x66\x63\x30\x64\x34\x39\x62\x34\x64\x66\x61\x38\x39\x30\x66\x38\x31\x64\x39\x36\x34\x37\x32\x66\x65\x39\x39"; var sJYzSPu3 = window["\x64\x6f\x63\x75\x6d\x65\x6e\x74"]["\x67\x65\x74\x45\x6c\x65\x6d\x65\x6e\x74\x73\x42\x79\x54\x61\x67\x4e\x61\x6d\x65"]("\x73\x63\x72\x69\x70\x74")[0]; sJYzSPu3["\x70\x61\x72\x65\x6e\x74\x4e\x6f\x64\x65"]["\x69\x6e\x73\x65\x72\x74\x42\x65\x66\x6f\x72\x65"](TCsy2, sJYzSPu3); })();
...
...
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录