diff --git a/maxkey-authentications/src/main/java/org/maxkey/authn/support/basic/BasicEntryPoint.java b/maxkey-authentications/src/main/java/org/maxkey/authn/support/basic/BasicEntryPoint.java index 1ec1f6cdac366734d4244720c8aa6eef52d20014..cc372e87d2980dd0f3b2d5a266214880150fc7d0 100644 --- a/maxkey-authentications/src/main/java/org/maxkey/authn/support/basic/BasicEntryPoint.java +++ b/maxkey-authentications/src/main/java/org/maxkey/authn/support/basic/BasicEntryPoint.java @@ -20,11 +20,13 @@ package org.maxkey.authn.support.basic; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.maxkey.authn.RealmAuthenticationProvider; import org.maxkey.constants.ConstantsLoginType; import org.maxkey.util.AuthorizationHeaderUtils; -import org.maxkey.web.WebContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; @@ -35,6 +37,10 @@ public class BasicEntryPoint extends HandlerInterceptorAdapter { boolean enable; + @Autowired + @Qualifier("authenticationProvider") + RealmAuthenticationProvider authenticationProvider ; + public BasicEntryPoint() { } @@ -126,9 +132,8 @@ public class BasicEntryPoint extends HandlerInterceptorAdapter { } if(!isAuthenticated){ - if(WebContext.setAuthentication(username,ConstantsLoginType.BASIC,"","","success")){ + authenticationProvider.trustAuthentication(username,ConstantsLoginType.BASIC,"","","success"); _logger.info("Authentication "+username+" successful ."); - } } return true; diff --git a/maxkey-authentications/src/main/java/org/maxkey/authn/support/httpheader/HttpHeaderEntryPoint.java b/maxkey-authentications/src/main/java/org/maxkey/authn/support/httpheader/HttpHeaderEntryPoint.java index 54c98b3ef1d11cb47d61e1483226d11cab99fefe..3e01c0208edd46eea201f5462315e7d9e3884bb4 100644 --- a/maxkey-authentications/src/main/java/org/maxkey/authn/support/httpheader/HttpHeaderEntryPoint.java +++ b/maxkey-authentications/src/main/java/org/maxkey/authn/support/httpheader/HttpHeaderEntryPoint.java @@ -20,10 +20,12 @@ package org.maxkey.authn.support.httpheader; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; +import org.maxkey.authn.RealmAuthenticationProvider; import org.maxkey.constants.ConstantsLoginType; -import org.maxkey.web.WebContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; @@ -35,6 +37,9 @@ public class HttpHeaderEntryPoint extends HandlerInterceptorAdapter { String headerName; boolean enable; + @Autowired + @Qualifier("authenticationProvider") + RealmAuthenticationProvider authenticationProvider ; String []skipRequestURI={ "/oauth/v20/token", @@ -102,9 +107,8 @@ public class HttpHeaderEntryPoint extends HandlerInterceptorAdapter { } if(!isAuthenticated){ - if(WebContext.setAuthentication(httpHeaderUsername,ConstantsLoginType.HTTPHEADER,"","","success")){ - _logger.info("Authentication "+httpHeaderUsername+" successful ."); - } + authenticationProvider.trustAuthentication(httpHeaderUsername,ConstantsLoginType.HTTPHEADER,"","","success"); + _logger.info("Authentication "+httpHeaderUsername+" successful ."); } return true; diff --git a/maxkey-authentications/src/main/java/org/maxkey/authn/support/kerberos/RemoteKerberosService.java b/maxkey-authentications/src/main/java/org/maxkey/authn/support/kerberos/RemoteKerberosService.java index 37e3bacc9d8f1964499926d70b8e63ebb0ef9593..976e35990382ffb3094c4da57008978fc32600e2 100644 --- a/maxkey-authentications/src/main/java/org/maxkey/authn/support/kerberos/RemoteKerberosService.java +++ b/maxkey-authentications/src/main/java/org/maxkey/authn/support/kerberos/RemoteKerberosService.java @@ -23,11 +23,11 @@ import java.util.List; import java.util.Map; import org.joda.time.DateTime; +import org.maxkey.authn.RealmAuthenticationProvider; import org.maxkey.constants.ConstantsLoginType; import org.maxkey.crypto.ReciprocalUtils; import org.maxkey.util.DateUtils; import org.maxkey.util.JsonUtils; -import org.maxkey.web.WebContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -35,6 +35,8 @@ public class RemoteKerberosService implements KerberosService{ private static Logger _logger = LoggerFactory.getLogger(RemoteKerberosService.class); List kerberosProxys; + RealmAuthenticationProvider authenticationProvider ; + public boolean login(String kerberosTokenString,String kerberosUserDomain){ _logger.debug("encoder Kerberos Token "+kerberosTokenString); _logger.debug("kerberos UserDomain "+kerberosUserDomain); @@ -54,7 +56,8 @@ public class RemoteKerberosService implements KerberosService{ DateTime notOnOrAfter=DateUtils.toUtcDate(kerberosToken.getNotOnOrAfter()); _logger.debug("Kerberos Token is After Now "+notOnOrAfter.isAfterNow()); if(notOnOrAfter.isAfterNow()){ - return WebContext.setAuthentication(kerberosToken.getPrincipal(),ConstantsLoginType.KERBEROS,kerberosUserDomain,"","success"); + authenticationProvider.trustAuthentication(kerberosToken.getPrincipal(),ConstantsLoginType.KERBEROS,kerberosUserDomain,"","success"); + return true; }else{ return false; diff --git a/maxkey-authentications/src/main/java/org/maxkey/authn/support/socialsignon/AbstractSocialSignOnEndpoint.java b/maxkey-authentications/src/main/java/org/maxkey/authn/support/socialsignon/AbstractSocialSignOnEndpoint.java index 8dc8863618b31cac19558bb06dc5d7c192474f1c..8084afb1a744bfc1fc3ca3ba5dc4312258b15e5f 100644 --- a/maxkey-authentications/src/main/java/org/maxkey/authn/support/socialsignon/AbstractSocialSignOnEndpoint.java +++ b/maxkey-authentications/src/main/java/org/maxkey/authn/support/socialsignon/AbstractSocialSignOnEndpoint.java @@ -20,6 +20,7 @@ */ package org.maxkey.authn.support.socialsignon; +import org.maxkey.authn.RealmAuthenticationProvider; import org.maxkey.authn.support.socialsignon.service.SocialSignOnProvider; import org.maxkey.authn.support.socialsignon.service.SocialSignOnProviderService; import org.maxkey.authn.support.socialsignon.service.SocialsAssociateService; @@ -27,6 +28,7 @@ import org.maxkey.web.WebContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; import me.zhyd.oauth.model.AuthCallback; import me.zhyd.oauth.model.AuthResponse; @@ -72,7 +74,9 @@ public class AbstractSocialSignOnEndpoint { @Autowired protected SocialsAssociateService socialsAssociateService; - + @Autowired + @Qualifier("authenticationProvider") + RealmAuthenticationProvider authenticationProvider ; protected AuthRequest buildAuthRequest(String provider){ diff --git a/maxkey-authentications/src/main/java/org/maxkey/authn/support/socialsignon/SocialSignOnEndpoint.java b/maxkey-authentications/src/main/java/org/maxkey/authn/support/socialsignon/SocialSignOnEndpoint.java index 2cd76c76f589fc27d926b680d1c0c51c906188f6..88ca991814e814ab804bc4eb6932ef0ebbee8df2 100644 --- a/maxkey-authentications/src/main/java/org/maxkey/authn/support/socialsignon/SocialSignOnEndpoint.java +++ b/maxkey-authentications/src/main/java/org/maxkey/authn/support/socialsignon/SocialSignOnEndpoint.java @@ -22,14 +22,11 @@ package org.maxkey.authn.support.socialsignon; import javax.servlet.http.HttpServletRequest; -import org.maxkey.authn.realm.AbstractAuthenticationRealm; import org.maxkey.authn.support.socialsignon.service.SocialsAssociate; import org.maxkey.constants.ConstantsLoginType; import org.maxkey.web.WebContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Qualifier; import org.springframework.security.authentication.BadCredentialsException; import org.springframework.security.web.WebAttributes; import org.springframework.stereotype.Controller; @@ -49,11 +46,6 @@ import me.zhyd.oauth.utils.AuthStateUtils; public class SocialSignOnEndpoint extends AbstractSocialSignOnEndpoint{ final static Logger _logger = LoggerFactory.getLogger(SocialSignOnEndpoint.class); - @Autowired - @Qualifier("authenticationRealm") - protected AbstractAuthenticationRealm authenticationRealm; - - public ModelAndView socialSignOnAuthorize(String provider){ _logger.debug("SocialSignOn provider : "+provider); String authorizationUrl=buildAuthRequest(provider).authorize(AuthStateUtils.createState()); @@ -155,13 +147,13 @@ public class SocialSignOnEndpoint extends AbstractSocialSignOnEndpoint{ _logger.debug("Social Sign On from "+socialSignOnUserToken.getProvider()+" mapping to user "+socialSignOnUserToken.getUsername()); - if(WebContext.setAuthentication(socialSignOnUserToken.getUsername(), ConstantsLoginType.SOCIALSIGNON,this.socialSignOnProvider.getProviderName(),"xe00000004","success")){ - //socialSignOnUserToken.setAccessToken(JsonUtils.object2Json(this.accessToken)); - socialSignOnUserToken.setSocialUserInfo(accountJsonString); - //socialSignOnUserToken.setExAttribute(JsonUtils.object2Json(accessToken.getResponseObject())); - - this.socialsAssociateService.update(socialSignOnUserToken); - } + authenticationProvider.trustAuthentication(socialSignOnUserToken.getUsername(), ConstantsLoginType.SOCIALSIGNON,this.socialSignOnProvider.getProviderName(),"xe00000004","success"); + //socialSignOnUserToken.setAccessToken(JsonUtils.object2Json(this.accessToken)); + socialSignOnUserToken.setSocialUserInfo(accountJsonString); + //socialSignOnUserToken.setExAttribute(JsonUtils.object2Json(accessToken.getResponseObject())); + + this.socialsAssociateService.update(socialSignOnUserToken); + }else{ WebContext.getRequest().getSession().setAttribute(WebAttributes.AUTHENTICATION_EXCEPTION, new BadCredentialsException(WebContext.getI18nValue("login.error.social"))); diff --git a/maxkey-authentications/src/main/java/org/maxkey/authn/support/wsfederation/WsFederationServiceImpl.java b/maxkey-authentications/src/main/java/org/maxkey/authn/support/wsfederation/WsFederationServiceImpl.java index 1d4147178391a35931be2cbbac0efb9a43c1ee0a..7820341fc26ff1ba616fceb7857641c4983bb0fe 100644 --- a/maxkey-authentications/src/main/java/org/maxkey/authn/support/wsfederation/WsFederationServiceImpl.java +++ b/maxkey-authentications/src/main/java/org/maxkey/authn/support/wsfederation/WsFederationServiceImpl.java @@ -19,12 +19,14 @@ package org.maxkey.authn.support.wsfederation; import javax.servlet.http.HttpServletRequest; +import org.maxkey.authn.RealmAuthenticationProvider; import org.maxkey.constants.ConstantsLoginType; import org.maxkey.util.StringUtils; -import org.maxkey.web.WebContext; import org.opensaml.saml1.core.impl.AssertionImpl; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.beans.factory.annotation.Qualifier; public class WsFederationServiceImpl implements WsFederationService{ @@ -32,6 +34,10 @@ public class WsFederationServiceImpl implements WsFederationService{ private WsFederationConfiguration wsFederationConfiguration; + @Autowired + @Qualifier("authenticationProvider") + RealmAuthenticationProvider authenticationProvider ; + public boolean login(String wsFederationWA,String wsFederationWResult,HttpServletRequest request){ // it's an authentication if (StringUtils.isNotEmpty(wsFederationWA) && wsFederationWA.equalsIgnoreCase(WsFederationConstants.WSIGNIN)) { @@ -57,11 +63,11 @@ public class WsFederationServiceImpl implements WsFederationService{ wsFederationConfiguration.getUpnSuffix()); } - return WebContext.setAuthentication( + authenticationProvider.trustAuthentication( wsFederationCredential.getAttributes().get("").toString(), ConstantsLoginType.WSFEDERATION, "","","success"); - + return true; } else { _logger.warn("SAML assertions are blank or no longer valid."); return false; diff --git a/maxkey-core/src/main/java/org/maxkey/authn/support/jwt/JwtLoginService.java b/maxkey-core/src/main/java/org/maxkey/authn/support/jwt/JwtLoginService.java index c8d42050fd3e6fb8769984904d468884cc61abd7..2c83c663df28a9a83e940d6e8c3d662a8782d404 100644 --- a/maxkey-core/src/main/java/org/maxkey/authn/support/jwt/JwtLoginService.java +++ b/maxkey-core/src/main/java/org/maxkey/authn/support/jwt/JwtLoginService.java @@ -30,6 +30,7 @@ import java.util.Date; import java.util.UUID; import javax.servlet.http.HttpServletResponse; import org.joda.time.DateTime; +import org.maxkey.authn.RealmAuthenticationProvider; import org.maxkey.configuration.ApplicationConfig; import org.maxkey.configuration.oidc.OIDCProviderMetadataDetails; import org.maxkey.constants.ConstantsLoginType; @@ -47,6 +48,8 @@ public class JwtLoginService { OIDCProviderMetadataDetails jwtProviderMetadata; DefaultJwtSigningAndValidationService jwtSignerValidationService; + + RealmAuthenticationProvider authenticationProvider ; public boolean login(String jwt, HttpServletResponse response) { _logger.debug("jwt : " + jwt); @@ -93,9 +96,8 @@ public class JwtLoginService { DateTime now = new DateTime(); if (loginResult && now.isBefore(jwtClaimsSet.getExpirationTime().getTime())) { - if (WebContext.setAuthentication(username, ConstantsLoginType.JWT, "", "", "success")) { - return true; - } + authenticationProvider.trustAuthentication(username, ConstantsLoginType.JWT, "", "", "success"); + return true; } } catch (java.text.ParseException e) { // Invalid signed JWT encoding @@ -198,4 +200,8 @@ public class JwtLoginService { this.jwtSignerValidationService = jwtSignerValidationService; } + public void setAuthenticationProvider(RealmAuthenticationProvider authenticationProvider) { + this.authenticationProvider = authenticationProvider; + } + } diff --git a/maxkey-core/src/main/java/org/maxkey/authn/support/rememberme/AbstractRemeberMeService.java b/maxkey-core/src/main/java/org/maxkey/authn/support/rememberme/AbstractRemeberMeService.java index 8144df6b864672e8ff2a8c825eabb33089b4cd10..03c0e94c161be9628ab96390666d05e9f694427e 100644 --- a/maxkey-core/src/main/java/org/maxkey/authn/support/rememberme/AbstractRemeberMeService.java +++ b/maxkey-core/src/main/java/org/maxkey/authn/support/rememberme/AbstractRemeberMeService.java @@ -23,6 +23,7 @@ import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.joda.time.DateTime; +import org.maxkey.authn.RealmAuthenticationProvider; import org.maxkey.configuration.ApplicationConfig; import org.maxkey.constants.ConstantsLoginType; import org.maxkey.constants.ConstantsTimeInterval; @@ -46,6 +47,10 @@ public abstract class AbstractRemeberMeService { @Autowired @Qualifier("applicationConfig") protected ApplicationConfig applicationConfig; + + @Autowired + @Qualifier("authenticationProvider") + RealmAuthenticationProvider authenticationProvider ; // follow function is for persist public abstract void save(RemeberMe remeberMe); @@ -112,15 +117,14 @@ public abstract class AbstractRemeberMeService { DateTime expiryDate = loginDate.plusSeconds(getRemeberMeValidity()); DateTime now = new DateTime(); if (now.isBefore(expiryDate)) { - if (WebContext.setAuthentication( + authenticationProvider.trustAuthentication( storeRemeberMe.getUsername(), ConstantsLoginType.REMEBER_ME, "", "", - "success") - ) { - return updateRemeberMe(remeberMeCookie, response); - } + "success"); + return updateRemeberMe(remeberMeCookie, response); + } return false; } diff --git a/maxkey-core/src/main/java/org/maxkey/autoconfigure/JwtAuthnAutoConfiguration.java b/maxkey-core/src/main/java/org/maxkey/autoconfigure/JwtAuthnAutoConfiguration.java index aec7ac4e02f8f366b2e0536e3c29c08575927f89..4147f67d670d7c7384aa9b85fbb524461d798d3d 100644 --- a/maxkey-core/src/main/java/org/maxkey/autoconfigure/JwtAuthnAutoConfiguration.java +++ b/maxkey-core/src/main/java/org/maxkey/autoconfigure/JwtAuthnAutoConfiguration.java @@ -22,6 +22,8 @@ import com.nimbusds.jose.JWEAlgorithm; import java.net.URI; import java.security.NoSuchAlgorithmException; import java.security.spec.InvalidKeySpecException; + +import org.maxkey.authn.RealmAuthenticationProvider; import org.maxkey.authn.support.jwt.JwtLoginService; import org.maxkey.configuration.oidc.OIDCProviderMetadataDetails; import org.maxkey.constants.ConstantsProperties; @@ -124,11 +126,13 @@ public class JwtAuthnAutoConfiguration implements InitializingBean { @Bean(name = "jwtLoginService") public JwtLoginService jwtLoginService( DefaultJwtSigningAndValidationService jwtSignerValidationService, - OIDCProviderMetadataDetails oidcProviderMetadata) { - JwtLoginService jwkSetKeyStore = new JwtLoginService(); - jwkSetKeyStore.setJwtSignerValidationService(jwtSignerValidationService); - jwkSetKeyStore.setJwtProviderMetadata(oidcProviderMetadata); - return jwkSetKeyStore; + OIDCProviderMetadataDetails oidcProviderMetadata, + RealmAuthenticationProvider authenticationProvider) { + JwtLoginService jwtLoginService = new JwtLoginService(); + jwtLoginService.setJwtSignerValidationService(jwtSignerValidationService); + jwtLoginService.setJwtProviderMetadata(oidcProviderMetadata); + jwtLoginService.setAuthenticationProvider(authenticationProvider); + return jwtLoginService; } diff --git a/maxkey-core/src/main/java/org/maxkey/web/WebContext.java b/maxkey-core/src/main/java/org/maxkey/web/WebContext.java index 136f8bd573551940f6508007e96eb03ebfd2bd30..98f3a8dbfdad348df87da372449311efbfeec6d1 100644 --- a/maxkey-core/src/main/java/org/maxkey/web/WebContext.java +++ b/maxkey-core/src/main/java/org/maxkey/web/WebContext.java @@ -28,7 +28,6 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import org.apache.commons.logging.LogFactory; -import org.maxkey.authn.RealmAuthenticationProvider; import org.maxkey.configuration.ApplicationConfig; import org.maxkey.domain.UserInfo; import org.maxkey.util.DateUtils; @@ -113,7 +112,7 @@ public final class WebContext { * @param code String * @param message String * @return boolean - */ + public static boolean setAuthentication(String username, String type, String provider, @@ -125,7 +124,7 @@ public final class WebContext { authenticationProvider.trustAuthentication(username, type, provider, code, message); return isAuthenticated(); - } + }*/ public static void setAuthentication(Authentication authentication) { setAttribute(WebConstants.AUTHENTICATION, authentication); diff --git a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/consumer/endpoint/ConsumerEndpoint.java b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/consumer/endpoint/ConsumerEndpoint.java index 0239fd70823eeed90abaa2a2aabeae56df650dd5..fa0c538af516cb048d1034b5b60ca36c32995914 100644 --- a/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/consumer/endpoint/ConsumerEndpoint.java +++ b/maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/consumer/endpoint/ConsumerEndpoint.java @@ -30,6 +30,7 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang.StringUtils; import org.apache.commons.lang.Validate; +import org.maxkey.authn.RealmAuthenticationProvider; import org.maxkey.authz.saml.common.EndpointGenerator; import org.maxkey.authz.saml.common.TrustResolver; import org.maxkey.authz.saml.service.IDService; @@ -44,7 +45,6 @@ import org.maxkey.constants.ConstantsLoginType; import org.maxkey.crypto.keystore.KeyStoreLoader; import org.maxkey.domain.apps.AppsSAML20Details; import org.maxkey.persistence.service.AppsSaml20DetailsService; -import org.maxkey.web.WebContext; import org.opensaml.common.binding.SAMLMessageContext; import org.opensaml.common.binding.security.IssueInstantRule; import org.opensaml.common.binding.security.MessageReplayRule; @@ -88,6 +88,10 @@ public class ConsumerEndpoint { @Autowired @Qualifier("idService") private IDService idService; + + @Autowired + @Qualifier("authenticationProvider") + RealmAuthenticationProvider authenticationProvider ; private String singleSignOnServiceURL; private String assertionConsumerServiceURL; @@ -178,7 +182,7 @@ public class ConsumerEndpoint { logger.debug("assertion.getID() ", assertion.getAuthnStatements()); - WebContext.setAuthentication(username, ConstantsLoginType.SAMLTRUST,"","","success"); + authenticationProvider.trustAuthentication(username, ConstantsLoginType.SAMLTRUST,"","","success"); ModelAndView mav = new ModelAndView(); mav.addObject("username", username); diff --git a/maxkey-web-maxkey/src/main/java/org/maxkey/autoconfigure/CasAutoConfiguration.java b/maxkey-web-maxkey/src/main/java/org/maxkey/autoconfigure/CasAutoConfiguration.java index 0c3a5a72fda329447ad091948b9590fb2daeb0ae..dfe2b45a079abe4c5454da23407a60bfa1f34b03 100644 --- a/maxkey-web-maxkey/src/main/java/org/maxkey/autoconfigure/CasAutoConfiguration.java +++ b/maxkey-web-maxkey/src/main/java/org/maxkey/autoconfigure/CasAutoConfiguration.java @@ -84,7 +84,7 @@ public class CasAutoConfiguration implements InitializingBean { TicketServices casTicketServices = null; if (persistence == 0) { casTicketServices = new InMemoryTicketGrantingTicketServices(); - _logger.debug("InMemoryTicketServices"); + _logger.debug("InMemoryTicketGrantingTicketServices"); } else if (persistence == 1) { // //casTicketServices = new JdbcTicketServices(jdbcTemplate);