gitee
/
eiam
mirror of https://gitee.com/topiam/eiam
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

🎉 重磅发布

pull/1/MERGE
topiam 2022-12-12 00:41:27 +08:00
commit 20f442c776
1479 changed files with 143796 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

34
.gitignore vendored Normal file
View File

@ -0,0 +1,34 @@
HELP.md
target/
!.mvn/wrapper/maven-wrapper.jar
!**/src/main/**
!**/src/test/**
!**/target/generated-sources/**
**/logs/**
### STS ###
.apt_generated
.classpath
.factorypath
.project
.settings
.springBeans
.sts4-cache
### IntelliJ IDEA ###
.idea
*.iws
*.iml
*.ipr
### NetBeans ###
/nbproject/private/
/nbbuild/
/dist/
/nbdist/
/.nb-gradle/
build/
### VS Code ###
.vscode/
.DS_Store
*/.DS_Store

1
.mvn/jvm.config Normal file
View File

@ -0,0 +1 @@
-Xmx2048m -Xms1024m -Djava.awt.headless=true

1
.mvn/maven.config Normal file
View File

@ -0,0 +1 @@
-T 1C -Dskiptests=true -Dmaven.compile.fork=true

BIN
.mvn/wrapper/maven-wrapper.jar vendored Normal file
View File

Binary file not shown.

2
.mvn/wrapper/maven-wrapper.properties vendored Normal file
View File

@ -0,0 +1,2 @@
distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.8.6/apache-maven-3.8.6-bin.zip
wrapperUrl=https://repo.maven.apache.org/maven2/org/apache/maven/wrapper/maven-wrapper/3.1.1/maven-wrapper-3.1.1.jar

0
CHANGELOG.md Normal file
View File

661
LICENSE Normal file
View File

@ -0,0 +1,661 @@
GNU AFFERO GENERAL PUBLIC LICENSE
Version 3, 19 November 2007
Copyright (C) 2007 Free Software Foundation, Inc. <https://fsf.org/>
Everyone is permitted to copy and distribute verbatim copies
of this license document, but changing it is not allowed.
Preamble
The GNU Affero General Public License is a free, copyleft license for
software and other kinds of works, specifically designed to ensure
cooperation with the community in the case of network server software.
The licenses for most software and other practical works are designed
to take away your freedom to share and change the works. By contrast,
our General Public Licenses are intended to guarantee your freedom to
share and change all versions of a program--to make sure it remains free
software for all its users.
When we speak of free software, we are referring to freedom, not
price. Our General Public Licenses are designed to make sure that you
have the freedom to distribute copies of free software (and charge for
them if you wish), that you receive source code or can get it if you
want it, that you can change the software or use pieces of it in new
free programs, and that you know you can do these things.
Developers that use our General Public Licenses protect your rights
with two steps: (1) assert copyright on the software, and (2) offer
you this License which gives you legal permission to copy, distribute
and/or modify the software.
A secondary benefit of defending all users' freedom is that
improvements made in alternate versions of the program, if they
receive widespread use, become available for other developers to
incorporate. Many developers of free software are heartened and
encouraged by the resulting cooperation. However, in the case of
software used on network servers, this result may fail to come about.
The GNU General Public License permits making a modified version and
letting the public access it on a server without ever releasing its
source code to the public.
The GNU Affero General Public License is designed specifically to
ensure that, in such cases, the modified source code becomes available
to the community. It requires the operator of a network server to
provide the source code of the modified version running there to the
users of that server. Therefore, public use of a modified version, on
a publicly accessible server, gives the public access to the source
code of the modified version.
An older license, called the Affero General Public License and
published by Affero, was designed to accomplish similar goals. This is
a different license, not a version of the Affero GPL, but Affero has
released a new version of the Affero GPL which permits relicensing under
this license.
The precise terms and conditions for copying, distribution and
modification follow.
TERMS AND CONDITIONS
0. Definitions.
"This License" refers to version 3 of the GNU Affero General Public License.
"Copyright" also means copyright-like laws that apply to other kinds of
works, such as semiconductor masks.
"The Program" refers to any copyrightable work licensed under this
License. Each licensee is addressed as "you". "Licensees" and
"recipients" may be individuals or organizations.
To "modify" a work means to copy from or adapt all or part of the work
in a fashion requiring copyright permission, other than the making of an
exact copy. The resulting work is called a "modified version" of the
earlier work or a work "based on" the earlier work.
A "covered work" means either the unmodified Program or a work based
on the Program.
To "propagate" a work means to do anything with it that, without
permission, would make you directly or secondarily liable for
infringement under applicable copyright law, except executing it on a
computer or modifying a private copy. Propagation includes copying,
distribution (with or without modification), making available to the
public, and in some countries other activities as well.
To "convey" a work means any kind of propagation that enables other
parties to make or receive copies. Mere interaction with a user through
a computer network, with no transfer of a copy, is not conveying.
An interactive user interface displays "Appropriate Legal Notices"
to the extent that it includes a convenient and prominently visible
feature that (1) displays an appropriate copyright notice, and (2)
tells the user that there is no warranty for the work (except to the
extent that warranties are provided), that licensees may convey the
work under this License, and how to view a copy of this License. If
the interface presents a list of user commands or options, such as a
menu, a prominent item in the list meets this criterion.
1. Source Code.
The "source code" for a work means the preferred form of the work
for making modifications to it. "Object code" means any non-source
form of a work.
A "Standard Interface" means an interface that either is an official
standard defined by a recognized standards body, or, in the case of
interfaces specified for a particular programming language, one that
is widely used among developers working in that language.
The "System Libraries" of an executable work include anything, other
than the work as a whole, that (a) is included in the normal form of
packaging a Major Component, but which is not part of that Major
Component, and (b) serves only to enable use of the work with that
Major Component, or to implement a Standard Interface for which an
implementation is available to the public in source code form. A
"Major Component", in this context, means a major essential component
(kernel, window system, and so on) of the specific operating system
(if any) on which the executable work runs, or a compiler used to
produce the work, or an object code interpreter used to run it.
The "Corresponding Source" for a work in object code form means all
the source code needed to generate, install, and (for an executable
work) run the object code and to modify the work, including scripts to
control those activities. However, it does not include the work's
System Libraries, or general-purpose tools or generally available free
programs which are used unmodified in performing those activities but
which are not part of the work. For example, Corresponding Source
includes interface definition files associated with source files for
the work, and the source code for shared libraries and dynamically
linked subprograms that the work is specifically designed to require,
such as by intimate data communication or control flow between those
subprograms and other parts of the work.
The Corresponding Source need not include anything that users
can regenerate automatically from other parts of the Corresponding
Source.
The Corresponding Source for a work in source code form is that
same work.
2. Basic Permissions.
All rights granted under this License are granted for the term of
copyright on the Program, and are irrevocable provided the stated
conditions are met. This License explicitly affirms your unlimited
permission to run the unmodified Program. The output from running a
covered work is covered by this License only if the output, given its
content, constitutes a covered work. This License acknowledges your
rights of fair use or other equivalent, as provided by copyright law.
You may make, run and propagate covered works that you do not
convey, without conditions so long as your license otherwise remains
in force. You may convey covered works to others for the sole purpose
of having them make modifications exclusively for you, or provide you
with facilities for running those works, provided that you comply with
the terms of this License in conveying all material for which you do
not control copyright. Those thus making or running the covered works
for you must do so exclusively on your behalf, under your direction
and control, on terms that prohibit them from making any copies of
your copyrighted material outside their relationship with you.
Conveying under any other circumstances is permitted solely under
the conditions stated below. Sublicensing is not allowed; section 10
makes it unnecessary.
3. Protecting Users' Legal Rights From Anti-Circumvention Law.
No covered work shall be deemed part of an effective technological
measure under any applicable law fulfilling obligations under article
11 of the WIPO copyright treaty adopted on 20 December 1996, or
similar laws prohibiting or restricting circumvention of such
measures.
When you convey a covered work, you waive any legal power to forbid
circumvention of technological measures to the extent such circumvention
is effected by exercising rights under this License with respect to
the covered work, and you disclaim any intention to limit operation or
modification of the work as a means of enforcing, against the work's
users, your or third parties' legal rights to forbid circumvention of
technological measures.
4. Conveying Verbatim Copies.
You may convey verbatim copies of the Program's source code as you
receive it, in any medium, provided that you conspicuously and
appropriately publish on each copy an appropriate copyright notice;
keep intact all notices stating that this License and any
non-permissive terms added in accord with section 7 apply to the code;
keep intact all notices of the absence of any warranty; and give all
recipients a copy of this License along with the Program.
You may charge any price or no price for each copy that you convey,
and you may offer support or warranty protection for a fee.
5. Conveying Modified Source Versions.
You may convey a work based on the Program, or the modifications to
produce it from the Program, in the form of source code under the
terms of section 4, provided that you also meet all of these conditions:
a) The work must carry prominent notices stating that you modified
it, and giving a relevant date.
b) The work must carry prominent notices stating that it is
released under this License and any conditions added under section
7. This requirement modifies the requirement in section 4 to
"keep intact all notices".
c) You must license the entire work, as a whole, under this
License to anyone who comes into possession of a copy. This
License will therefore apply, along with any applicable section 7
additional terms, to the whole of the work, and all its parts,
regardless of how they are packaged. This License gives no
permission to license the work in any other way, but it does not
invalidate such permission if you have separately received it.
d) If the work has interactive user interfaces, each must display
Appropriate Legal Notices; however, if the Program has interactive
interfaces that do not display Appropriate Legal Notices, your
work need not make them do so.
A compilation of a covered work with other separate and independent
works, which are not by their nature extensions of the covered work,
and which are not combined with it such as to form a larger program,
in or on a volume of a storage or distribution medium, is called an
"aggregate" if the compilation and its resulting copyright are not
used to limit the access or legal rights of the compilation's users
beyond what the individual works permit. Inclusion of a covered work
in an aggregate does not cause this License to apply to the other
parts of the aggregate.
6. Conveying Non-Source Forms.
You may convey a covered work in object code form under the terms
of sections 4 and 5, provided that you also convey the
machine-readable Corresponding Source under the terms of this License,
in one of these ways:
a) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by the
Corresponding Source fixed on a durable physical medium
customarily used for software interchange.
b) Convey the object code in, or embodied in, a physical product
(including a physical distribution medium), accompanied by a
written offer, valid for at least three years and valid for as
long as you offer spare parts or customer support for that product
model, to give anyone who possesses the object code either (1) a
copy of the Corresponding Source for all the software in the
product that is covered by this License, on a durable physical
medium customarily used for software interchange, for a price no
more than your reasonable cost of physically performing this
conveying of source, or (2) access to copy the
Corresponding Source from a network server at no charge.
c) Convey individual copies of the object code with a copy of the
written offer to provide the Corresponding Source. This
alternative is allowed only occasionally and noncommercially, and
only if you received the object code with such an offer, in accord
with subsection 6b.
d) Convey the object code by offering access from a designated
place (gratis or for a charge), and offer equivalent access to the
Corresponding Source in the same way through the same place at no
further charge. You need not require recipients to copy the
Corresponding Source along with the object code. If the place to
copy the object code is a network server, the Corresponding Source
may be on a different server (operated by you or a third party)
that supports equivalent copying facilities, provided you maintain
clear directions next to the object code saying where to find the
Corresponding Source. Regardless of what server hosts the
Corresponding Source, you remain obligated to ensure that it is
available for as long as needed to satisfy these requirements.
e) Convey the object code using peer-to-peer transmission, provided
you inform other peers where the object code and Corresponding
Source of the work are being offered to the general public at no
charge under subsection 6d.
A separable portion of the object code, whose source code is excluded
from the Corresponding Source as a System Library, need not be
included in conveying the object code work.
A "User Product" is either (1) a "consumer product", which means any
tangible personal property which is normally used for personal, family,
or household purposes, or (2) anything designed or sold for incorporation
into a dwelling. In determining whether a product is a consumer product,
doubtful cases shall be resolved in favor of coverage. For a particular
product received by a particular user, "normally used" refers to a
typical or common use of that class of product, regardless of the status
of the particular user or of the way in which the particular user
actually uses, or expects or is expected to use, the product. A product
is a consumer product regardless of whether the product has substantial
commercial, industrial or non-consumer uses, unless such uses represent
the only significant mode of use of the product.
"Installation Information" for a User Product means any methods,
procedures, authorization keys, or other information required to install
and execute modified versions of a covered work in that User Product from
a modified version of its Corresponding Source. The information must
suffice to ensure that the continued functioning of the modified object
code is in no case prevented or interfered with solely because
modification has been made.
If you convey an object code work under this section in, or with, or
specifically for use in, a User Product, and the conveying occurs as
part of a transaction in which the right of possession and use of the
User Product is transferred to the recipient in perpetuity or for a
fixed term (regardless of how the transaction is characterized), the
Corresponding Source conveyed under this section must be accompanied
by the Installation Information. But this requirement does not apply
if neither you nor any third party retains the ability to install
modified object code on the User Product (for example, the work has
been installed in ROM).
The requirement to provide Installation Information does not include a
requirement to continue to provide support service, warranty, or updates
for a work that has been modified or installed by the recipient, or for
the User Product in which it has been modified or installed. Access to a
network may be denied when the modification itself materially and
adversely affects the operation of the network or violates the rules and
protocols for communication across the network.
Corresponding Source conveyed, and Installation Information provided,
in accord with this section must be in a format that is publicly
documented (and with an implementation available to the public in
source code form), and must require no special password or key for
unpacking, reading or copying.
7. Additional Terms.
"Additional permissions" are terms that supplement the terms of this
License by making exceptions from one or more of its conditions.
Additional permissions that are applicable to the entire Program shall
be treated as though they were included in this License, to the extent
that they are valid under applicable law. If additional permissions
apply only to part of the Program, that part may be used separately
under those permissions, but the entire Program remains governed by
this License without regard to the additional permissions.
When you convey a copy of a covered work, you may at your option
remove any additional permissions from that copy, or from any part of
it. (Additional permissions may be written to require their own
removal in certain cases when you modify the work.) You may place
additional permissions on material, added by you to a covered work,
for which you have or can give appropriate copyright permission.
Notwithstanding any other provision of this License, for material you
add to a covered work, you may (if authorized by the copyright holders of
that material) supplement the terms of this License with terms:
a) Disclaiming warranty or limiting liability differently from the
terms of sections 15 and 16 of this License; or
b) Requiring preservation of specified reasonable legal notices or
author attributions in that material or in the Appropriate Legal
Notices displayed by works containing it; or
c) Prohibiting misrepresentation of the origin of that material, or
requiring that modified versions of such material be marked in
reasonable ways as different from the original version; or
d) Limiting the use for publicity purposes of names of licensors or
authors of the material; or
e) Declining to grant rights under trademark law for use of some
trade names, trademarks, or service marks; or
f) Requiring indemnification of licensors and authors of that
material by anyone who conveys the material (or modified versions of
it) with contractual assumptions of liability to the recipient, for
any liability that these contractual assumptions directly impose on
those licensors and authors.
All other non-permissive additional terms are considered "further
restrictions" within the meaning of section 10. If the Program as you
received it, or any part of it, contains a notice stating that it is
governed by this License along with a term that is a further
restriction, you may remove that term. If a license document contains
a further restriction but permits relicensing or conveying under this
License, you may add to a covered work material governed by the terms
of that license document, provided that the further restriction does
not survive such relicensing or conveying.
If you add terms to a covered work in accord with this section, you
must place, in the relevant source files, a statement of the
additional terms that apply to those files, or a notice indicating
where to find the applicable terms.
Additional terms, permissive or non-permissive, may be stated in the
form of a separately written license, or stated as exceptions;
the above requirements apply either way.
8. Termination.
You may not propagate or modify a covered work except as expressly
provided under this License. Any attempt otherwise to propagate or
modify it is void, and will automatically terminate your rights under
this License (including any patent licenses granted under the third
paragraph of section 11).
However, if you cease all violation of this License, then your
license from a particular copyright holder is reinstated (a)
provisionally, unless and until the copyright holder explicitly and
finally terminates your license, and (b) permanently, if the copyright
holder fails to notify you of the violation by some reasonable means
prior to 60 days after the cessation.
Moreover, your license from a particular copyright holder is
reinstated permanently if the copyright holder notifies you of the
violation by some reasonable means, this is the first time you have
received notice of violation of this License (for any work) from that
copyright holder, and you cure the violation prior to 30 days after
your receipt of the notice.
Termination of your rights under this section does not terminate the
licenses of parties who have received copies or rights from you under
this License. If your rights have been terminated and not permanently
reinstated, you do not qualify to receive new licenses for the same
material under section 10.
9. Acceptance Not Required for Having Copies.
You are not required to accept this License in order to receive or
run a copy of the Program. Ancillary propagation of a covered work
occurring solely as a consequence of using peer-to-peer transmission
to receive a copy likewise does not require acceptance. However,
nothing other than this License grants you permission to propagate or
modify any covered work. These actions infringe copyright if you do
not accept this License. Therefore, by modifying or propagating a
covered work, you indicate your acceptance of this License to do so.
10. Automatic Licensing of Downstream Recipients.
Each time you convey a covered work, the recipient automatically
receives a license from the original licensors, to run, modify and
propagate that work, subject to this License. You are not responsible
for enforcing compliance by third parties with this License.
An "entity transaction" is a transaction transferring control of an
organization, or substantially all assets of one, or subdividing an
organization, or merging organizations. If propagation of a covered
work results from an entity transaction, each party to that
transaction who receives a copy of the work also receives whatever
licenses to the work the party's predecessor in interest had or could
give under the previous paragraph, plus a right to possession of the
Corresponding Source of the work from the predecessor in interest, if
the predecessor has it or can get it with reasonable efforts.
You may not impose any further restrictions on the exercise of the
rights granted or affirmed under this License. For example, you may
not impose a license fee, royalty, or other charge for exercise of
rights granted under this License, and you may not initiate litigation
(including a cross-claim or counterclaim in a lawsuit) alleging that
any patent claim is infringed by making, using, selling, offering for
sale, or importing the Program or any portion of it.
11. Patents.
A "contributor" is a copyright holder who authorizes use under this
License of the Program or a work on which the Program is based. The
work thus licensed is called the contributor's "contributor version".
A contributor's "essential patent claims" are all patent claims
owned or controlled by the contributor, whether already acquired or
hereafter acquired, that would be infringed by some manner, permitted
by this License, of making, using, or selling its contributor version,
but do not include claims that would be infringed only as a
consequence of further modification of the contributor version. For
purposes of this definition, "control" includes the right to grant
patent sublicenses in a manner consistent with the requirements of
this License.
Each contributor grants you a non-exclusive, worldwide, royalty-free
patent license under the contributor's essential patent claims, to
make, use, sell, offer for sale, import and otherwise run, modify and
propagate the contents of its contributor version.
In the following three paragraphs, a "patent license" is any express
agreement or commitment, however denominated, not to enforce a patent
(such as an express permission to practice a patent or covenant not to
sue for patent infringement). To "grant" such a patent license to a
party means to make such an agreement or commitment not to enforce a
patent against the party.
If you convey a covered work, knowingly relying on a patent license,
and the Corresponding Source of the work is not available for anyone
to copy, free of charge and under the terms of this License, through a
publicly available network server or other readily accessible means,
then you must either (1) cause the Corresponding Source to be so
available, or (2) arrange to deprive yourself of the benefit of the
patent license for this particular work, or (3) arrange, in a manner
consistent with the requirements of this License, to extend the patent
license to downstream recipients. "Knowingly relying" means you have
actual knowledge that, but for the patent license, your conveying the
covered work in a country, or your recipient's use of the covered work
in a country, would infringe one or more identifiable patents in that
country that you have reason to believe are valid.
If, pursuant to or in connection with a single transaction or
arrangement, you convey, or propagate by procuring conveyance of, a
covered work, and grant a patent license to some of the parties
receiving the covered work authorizing them to use, propagate, modify
or convey a specific copy of the covered work, then the patent license
you grant is automatically extended to all recipients of the covered
work and works based on it.
A patent license is "discriminatory" if it does not include within
the scope of its coverage, prohibits the exercise of, or is
conditioned on the non-exercise of one or more of the rights that are
specifically granted under this License. You may not convey a covered
work if you are a party to an arrangement with a third party that is
in the business of distributing software, under which you make payment
to the third party based on the extent of your activity of conveying
the work, and under which the third party grants, to any of the
parties who would receive the covered work from you, a discriminatory
patent license (a) in connection with copies of the covered work
conveyed by you (or copies made from those copies), or (b) primarily
for and in connection with specific products or compilations that
contain the covered work, unless you entered into that arrangement,
or that patent license was granted, prior to 28 March 2007.
Nothing in this License shall be construed as excluding or limiting
any implied license or other defenses to infringement that may
otherwise be available to you under applicable patent law.
12. No Surrender of Others' Freedom.
If conditions are imposed on you (whether by court order, agreement or
otherwise) that contradict the conditions of this License, they do not
excuse you from the conditions of this License. If you cannot convey a
covered work so as to satisfy simultaneously your obligations under this
License and any other pertinent obligations, then as a consequence you may
not convey it at all. For example, if you agree to terms that obligate you
to collect a royalty for further conveying from those to whom you convey
the Program, the only way you could satisfy both those terms and this
License would be to refrain entirely from conveying the Program.
13. Remote Network Interaction; Use with the GNU General Public License.
Notwithstanding any other provision of this License, if you modify the
Program, your modified version must prominently offer all users
interacting with it remotely through a computer network (if your version
supports such interaction) an opportunity to receive the Corresponding
Source of your version by providing access to the Corresponding Source
from a network server at no charge, through some standard or customary
means of facilitating copying of software. This Corresponding Source
shall include the Corresponding Source for any work covered by version 3
of the GNU General Public License that is incorporated pursuant to the
following paragraph.
Notwithstanding any other provision of this License, you have
permission to link or combine any covered work with a work licensed
under version 3 of the GNU General Public License into a single
combined work, and to convey the resulting work. The terms of this
License will continue to apply to the part which is the covered work,
but the work with which it is combined will remain governed by version
3 of the GNU General Public License.
14. Revised Versions of this License.
The Free Software Foundation may publish revised and/or new versions of
the GNU Affero General Public License from time to time. Such new versions
will be similar in spirit to the present version, but may differ in detail to
address new problems or concerns.
Each version is given a distinguishing version number. If the
Program specifies that a certain numbered version of the GNU Affero General
Public License "or any later version" applies to it, you have the
option of following the terms and conditions either of that numbered
version or of any later version published by the Free Software
Foundation. If the Program does not specify a version number of the
GNU Affero General Public License, you may choose any version ever published
by the Free Software Foundation.
If the Program specifies that a proxy can decide which future
versions of the GNU Affero General Public License can be used, that proxy's
public statement of acceptance of a version permanently authorizes you
to choose that version for the Program.
Later license versions may give you additional or different
permissions. However, no additional obligations are imposed on any
author or copyright holder as a result of your choosing to follow a
later version.
15. Disclaimer of Warranty.
THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY
APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY
OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM
IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF
ALL NECESSARY SERVICING, REPAIR OR CORRECTION.
16. Limitation of Liability.
IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING
WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS
THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY
GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE
USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF
DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD
PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS),
EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF
SUCH DAMAGES.
17. Interpretation of Sections 15 and 16.
If the disclaimer of warranty and limitation of liability provided
above cannot be given local legal effect according to their terms,
reviewing courts shall apply local law that most closely approximates
an absolute waiver of all civil liability in connection with the
Program, unless a warranty or assumption of liability accompanies a
copy of the Program in return for a fee.
END OF TERMS AND CONDITIONS
How to Apply These Terms to Your New Programs
If you develop a new program, and you want it to be of the greatest
possible use to the public, the best way to achieve this is to make it
free software which everyone can redistribute and change under these terms.
To do so, attach the following notices to the program. It is safest
to attach them to the start of each source file to most effectively
state the exclusion of warranty; and each file should have at least
the "copyright" line and a pointer to where the full notice is found.
<one line to give the program's name and a brief idea of what it does.>
Copyright (C) <year> <name of author>
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published
by the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
Also add information on how to contact you by electronic and paper mail.
If your software can interact with users remotely through a computer
network, you should also make sure that it provides a way for users to
get its source. For example, if your program is a web application, its
interface could display a "Source" link that leads users to an archive
of the code. There are many ways you could offer source, and different
solutions will be better for different programs; see section 13 for the
specific requirements.
You should also get your employer (if you work as a programmer) or school,
if any, to sign a "copyright disclaimer" for the program, if necessary.
For more information on this, and how to apply and follow the GNU AGPL, see
<https://www.gnu.org/licenses/>.

136
README.md Normal file
View File

@ -0,0 +1,136 @@
<div align="center">
<img src="https://user-images.githubusercontent.com/30397655/205442696-ccd32d07-2f7b-4335-8083-cac1d740b824.jpg" alt="logo" width="60%"/>
[![](https://img.shields.io/badge/JDK-11+-orange)](https://www.oracle.com/au/java/technologies/javase/jdk11-archive-downloads.html)
[![](https://img.shields.io/badge/MySQL-8.0%2B-brightgreen)](https://www.mysql.com/downloads/)
[![](https://img.shields.io/badge/License-AGPL%203.0-orange)](https://github.com/topaim/eiam/blob/master/LICENSE)
[![](https://img.shields.io/badge/Maven-3.5.0+-brightgreen.svg)](https://maven.apache.org)
[官方网站](https://eiam.topiam.cn) | [需求收集](https://github.com/topiam/eiam/issues/new) | [问题反馈](https://github.com/topiam/eiam/issues/new)
</div>
--------------------------
<div align="center">⭐️ 如果你喜欢 TopIAM请给它一个 Star您的支持将是我们前行的动力项目正在积极开发欢迎共建 👏🏻。</div>
--------------------------
## 项目介绍
**TopIAM** 数字身份管控平台简称EIAMEmployee Identity and Access Management
用于管理企业内员工账号、权限、身份认证、应用访问,帮助整合部署在本地或云端的内部办公系统、业务系统及三方 SaaS
系统的所有身份,实现一个账号打通所有应用的服务。
## 产品价值
传统企业 IT
大多采用烟囱式建设方式,各系统独立建设账号体系、权限体系,当企业团队人数达到数十人至数百人时,由于系统数量多,在账户、密码、权限管理上会出现瓶颈。员工入职、离职,转岗都需要进行账号权限分配等此类管理,操作低效、功能重复、价值低,员工需要记录多套系统密码,容易出现安全问题,导致数据外泄。用户身份认证安全存疑,敏感系统缺乏严格的身份认证机制。
`EIAM` 提供一套集中式账号、权限、认证、应用、审计等,帮助企业打通身份数据孤岛,实现用户全生命周期,实现一个账号打通所有应用的服务,强化企业安全体系,提升组织管理效率,助力企业数字化转型升级。
## 核心特性
+ 提供统一组织信息管理,多维度建立对应关系,实现在一个平台对企业人员、组织架构、应用信息的高效统一管理。
+ 支持钉钉、飞书、企业微信等身份源集成能力实现系统和企业OA平台数据联动以用户为管理基点结合入职、离职、调岗、兼职等人事事件关联其相关应用权限变化而变化保证应用访问权限的安全控制。
+ 支持多因素认证,行为验证码、社交认证,融合认证等机制,保证用户认证安全可靠。
+ 支持微信、微博、QQ等社交认证集成使企业具有快速纳入互联网化认证能力。
+ 支持 `SAML2``OAuth2``OIDC``CAS`,表单代填等认证协议及机制,实现单点登录功能,预配置大量 SaaS 应用及传统应用模板,开箱即用。
+ 完善的安全审计,详尽记录每一次用户行为,使每一步操作有据可循,实时记录企业信息安全状况,精准识别企业异常访问和潜在威胁的源头。
+ 提供标准`REST`和`SCIM2.0`接口轻松完成机构用户同步,实现企业对于账号生命周期的精细化管理。
+ 开源、安全、自主可控。
## 页面展示
> 仅展示部分UI页面
+ 管理端
![](https://user-images.githubusercontent.com/30397655/205442813-c5664670-aa12-4415-aa66-dadcddd04109.jpg)
![](https://user-images.githubusercontent.com/30397655/206887727-2e6449a9-b75a-46f8-9fab-f215e2d26a38.png)
![](https://user-images.githubusercontent.com/30397655/206887777-d1e6d138-8ab8-4d9b-87f6-08ea497a374e.png)
![](https://user-images.githubusercontent.com/30397655/206887895-8c204839-9a74-4167-87f3-a131a528d444.png)
--------------------------
+ 门户端
![](https://user-images.githubusercontent.com/30397655/206888201-93b1b261-40a6-4e83-b04c-8589da5f2f8a.jpg)
## 在线演示
+ 管理端https://eiam-console.topiam.cn
+ 用户端https://eiam-portal.topiam.cn
> 注意:演示环境已屏蔽敏感权限和相关操作
## 开源说明
一方面希望通过开源加强项目产品化程度;另一方面希望在社区中吸收更多的实践场景进而继续完善产品,也欢迎大家参与到项目中来。
为保证社区繁荣和项目自由健康发展,在开源许可证方面,`TopIAM` 选择采用 `AGPL-3.0` 开源协议,`AGPL-3.0` 是 OSI
批准的许可证,符合自由和开源软件的所有标准,**开源永远是我们的初心与核心,我们将始终不渝的坚持去做这件事,我们相信在社区的推动下,这件事我们一定会做的更好**。
或许很多开发者对此协议抱有一些疑问,开源社区目前也有很多采用 `AGPL-3.0` 协议的开源软件,例如 `MongoDB`、`Grafana`、`Loki`
等,维基百科还专门有一份列表列出了哪些[开源项目](https://en.wikipedia.org/wiki/Category:Software_using_the_GNU_AGPL_license)
采用了 `AGPL-3.0` 开源协议。
`AGPL-3.0` 协议有一个非常关键的点,即对修改上游开源项目代码后的二次分发版本必须也要开源,协议限制的是部分企业想 `Folk`
开源项目代码后进行闭源商业分发,跟上游开源项目的维护团队进行直接的商业竞争,如果仅仅只是企业内部自己使用而不进行任何层面修改,用户大可不必担心 `AGPL-3.0`
协议带来的限制, 这些条件旨在鼓励和希望修改软件的第三方也为项目和社区做出贡献。我们认为这是一种更公平的前进方式,我们相信这将有助于我们建立更强大的社区。
简单来讲:如果您修改了 `TopIAM` 项目源代码,那么您必须将这些修改贡献给社区,**绝不允许修改后和衍生的代码做为闭源的商业软件发布和销售
**。
我们也提供了商业授权,如果您**需要将本产品进行二次开发、更改并进行任何附带商业化性质行为使用**
,请联系我们进行商业授权,以遵守 `AGPL-3.0` 协议保证您的正常使用。
除此之外,我们也会酌情接受根据个人或企业需求的定制化开发。
目前在国内 `GPL` 协议**具备合同特征,是一种民事法律行为** ,属于我国《合同法》调整的范围。 `TopIAM` 项目团队保留诉讼权利。
[相关案例:违反 `GPL` 协议赔偿 50 万,国内首例!](https://mp.weixin.qq.com/s/YQ6sNjbDS-P7BViLZIsaoA)
> **TopIAM 开源团队拥有对本开源协议的最终解释权。**
## 技术架构
前端技术栈:`ES6`、`React`、`TypeScript`、`UmiJS`、`Axios`、`Ant Design`
后端技术栈:`JDK11`、`Spring Boot`、`Spring Data`、`Spring Security`、`Elasticsearch`、`Redis`、`MySQL`
## 联系我们
如果你想加入我们的开源交流群, 或在关于 `TopIAM` 产品上的任何想法、意见建议,商务上的合作需求,请扫码添加下方微信进一步沟通。
![](https://user-images.githubusercontent.com/30397655/205442835-cfcfbf2e-eefb-4e9f-8f36-72d91c240896.jpg)
欢迎关注 TopIAM 微信公众号,接收产品最新动态。
![](https://user-images.githubusercontent.com/30397655/206887629-faf77f3e-1681-4918-99bf-773ef434f088.png)
## 参与贡献
我们强烈欢迎有兴趣的开发者参与到项目建设中来,同时欢迎大家对项目提出宝贵意见建议和功能需求,项目正在积极开发,欢迎 PR 👏。
强烈推荐阅读 [《提问的智慧》](https://github.com/ryanhanwu/How-To-Ask-Questions-The-Smart-Way)、[《如何向开源社区提问题》](https://github.com/seajs/seajs/issues/545)
和 [《如何有效地报告 Bug》](http://www.chiark.greenend.org.uk/%7Esgtatham/bugs-cn.html)、[《如何向开源项目提交无法解答的问题》](https://zhuanlan.zhihu.com/p/25795393)
,更好的问题更容易获得帮助。
## License
<img src='https://www.gnu.org/graphics/agplv3-with-text-162x68.png' alt="license">
## 捐赠支持
如果您觉得我们的开源项目对您有帮助,那就请项目开发者们来一杯咖啡☕️吧!当前我们接受来自于**微信**、**支付宝**或者**码云**
的捐赠,请在捐赠时备注自己的昵称或附言。
您的捐赠将用于支付该项目的一些费用支出,并激励开发者们更好的推动项目的发展,同时欢迎捐赠**公网服务器**
用于提高开发基础设施环境及在线演示系统体验。
![](https://user-images.githubusercontent.com/30397655/205442840-1b54a95c-3d11-4542-ae51-040f849b26aa.jpg)

34
eiam-alert/pom.xml Normal file
View File

@ -0,0 +1,34 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
eiam-alert - Employee Identity and Access Management Program
Copyright © 2020-2022 TopIAM (support@topiam.cn)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<groupId>cn.topiam</groupId>
<artifactId>eiam</artifactId>
<version>1.0.0-beta1</version>
<relativePath>../pom.xml</relativePath>
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>eiam-alert</artifactId>
<packaging>pom</packaging>
</project>

67
eiam-application/eiam-application-all/pom.xml Normal file
View File

@ -0,0 +1,67 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
eiam-application-all - Employee Identity and Access Management Program
Copyright © 2020-2022 TopIAM (support@topiam.cn)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<groupId>cn.topiam</groupId>
<artifactId>eiam-application</artifactId>
<version>1.0.0-beta1</version>
<relativePath>../pom.xml</relativePath>
</parent>
<packaging>jar</packaging>
<modelVersion>4.0.0</modelVersion>
<artifactId>eiam-application-all</artifactId>
<dependencies>
<!-- cas-->
<dependency>
<groupId>cn.topiam</groupId>
<artifactId>eiam-application-cas</artifactId>
<version>${project.version}</version>
</dependency>
<!-- form-->
<dependency>
<groupId>cn.topiam</groupId>
<artifactId>eiam-application-form</artifactId>
<version>${project.version}</version>
</dependency>
<!-- jwt-->
<dependency>
<groupId>cn.topiam</groupId>
<artifactId>eiam-application-jwt</artifactId>
<version>${project.version}</version>
</dependency>
<!-- oidc-->
<dependency>
<groupId>cn.topiam</groupId>
<artifactId>eiam-application-oidc</artifactId>
<version>${project.version}</version>
</dependency>
<!-- saml2-->
<dependency>
<groupId>cn.topiam</groupId>
<artifactId>eiam-application-saml2</artifactId>
<version>${project.version}</version>
</dependency>
</dependencies>
</project>

41
eiam-application/eiam-application-cas/pom.xml Normal file
View File

@ -0,0 +1,41 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
eiam-application-cas - Employee Identity and Access Management Program
Copyright © 2020-2022 TopIAM (support@topiam.cn)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<groupId>cn.topiam</groupId>
<artifactId>eiam-application</artifactId>
<version>1.0.0-beta1</version>
<relativePath>../pom.xml</relativePath>
</parent>
<packaging>jar</packaging>
<modelVersion>4.0.0</modelVersion>
<artifactId>eiam-application-cas</artifactId>
<dependencies>
<dependency>
<groupId>cn.topiam</groupId>
<artifactId>eiam-application-core</artifactId>
<version>${project.version}</version>
</dependency>
</dependencies>
</project>

46
eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/cas/AbstractCasApplicationService.java Normal file
View File

@ -0,0 +1,46 @@
/*
* eiam-application-cas - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application.cas;
import cn.topiam.employee.application.ApplicationService;
import cn.topiam.employee.common.repository.app.AppCertRepository;
import cn.topiam.employee.common.repository.app.AppRepository;
/**
* CAS
*
* @author TopIAM
* Created by support@topiam.cn on 2022/8/23 20:58
*/
public abstract class AbstractCasApplicationService implements ApplicationService {
/**
* AppCertRepository
*/
protected final AppCertRepository appCertRepository;
/**
* ApplicationRepository
*/
protected final AppRepository appRepository;
protected AbstractCasApplicationService(AppCertRepository appCertRepository,
AppRepository appRepository) {
this.appCertRepository = appCertRepository;
this.appRepository = appRepository;
}
}

155
eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/cas/CasStandardApplicationServiceImpl.java Normal file
View File

File diff suppressed because one or more lines are too long

18
eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/cas/package-info.java Normal file
View File

@ -0,0 +1,18 @@
/*
* eiam-application-cas - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application.cas;

18
eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/package-info.java Normal file
View File

@ -0,0 +1,18 @@
/*
* eiam-application-cas - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application;

34
eiam-application/eiam-application-core/pom.xml Normal file
View File

@ -0,0 +1,34 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
eiam-application-core - Employee Identity and Access Management Program
Copyright © 2020-2022 TopIAM (support@topiam.cn)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<groupId>cn.topiam</groupId>
<artifactId>eiam-application</artifactId>
<version>1.0.0-beta1</version>
<relativePath>../pom.xml</relativePath>
</parent>
<packaging>jar</packaging>
<modelVersion>4.0.0</modelVersion>
<artifactId>eiam-application-core</artifactId>
</project>

136
eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/AbstractApplicationService.java Normal file
View File

@ -0,0 +1,136 @@
/*
* eiam-application-core - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application;
import java.math.BigInteger;
import java.time.LocalDateTime;
import java.time.ZoneId;
import java.util.Date;
import org.bouncycastle.asn1.x500.X500Name;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import cn.topiam.employee.common.entity.app.AppCertEntity;
import cn.topiam.employee.common.enums.app.AppCertUsingType;
import cn.topiam.employee.common.repository.app.AppAccessPolicyRepository;
import cn.topiam.employee.common.repository.app.AppAccountRepository;
import cn.topiam.employee.common.repository.app.AppCertRepository;
import cn.topiam.employee.common.repository.app.AppRepository;
import cn.topiam.employee.support.exception.TopIamException;
import cn.topiam.employee.support.util.CertUtils;
import cn.topiam.employee.support.util.RsaUtils;
import static cn.topiam.employee.support.util.CertUtils.encodePem;
import static cn.topiam.employee.support.util.CertUtils.getX500Name;
import static cn.topiam.employee.support.util.RsaUtils.getKeys;
/**
* AbstractApplicationService
*
* @author TopIAM
* Created by support@topiam.cn on 2022/8/31 22:34
*/
public abstract class AbstractApplicationService implements ApplicationService {
private final Logger logger = LoggerFactory.getLogger(AbstractApplicationService.class);
/**
*
*
* @param appId {@link Long}
* @param appCode {@link Long}
* @param usingType {@link AppCertUsingType}
*/
public void createCertificate(Long appId, String appCode, AppCertUsingType usingType) {
try {
AppCertEntity config = new AppCertEntity();
config.setAppId(appId);
//私钥长度
config.setKeyLong(2048);
//算法
config.setSignAlgo("SHA256WITHRSA");
RsaUtils.RsaResult keys = getKeys(config.getKeyLong());
X500Name x500Name = getX500Name("app_" + appCode, "TopIAM", "Jinan", "Shandong", "CN",
"EIAM");
//发行者
config.setIssuer(x500Name.toString());
//主题
config.setSubject(x500Name.toString());
//证书 起始日期 与 结束日期
LocalDateTime localDateTime = LocalDateTime.now();
//证书序列号
config.setSerial(BigInteger.valueOf(System.currentTimeMillis()));
//开始时间
Date notBefore = Date.from(localDateTime.atZone(ZoneId.systemDefault()).toInstant());
config.setBeginDate(
notBefore.toInstant().atZone(ZoneId.systemDefault()).toLocalDateTime());
//结束时间
Date notAfter = Date
.from(localDateTime.plusYears(10).atZone(ZoneId.systemDefault()).toInstant());
config
.setEndDate(notAfter.toInstant().atZone(ZoneId.systemDefault()).toLocalDateTime());
//相差天数
config
.setValidity((int) ((notAfter.getTime() - notBefore.getTime()) / 1000 / 3600 / 24));
//生成证书
String certificate = CertUtils.getCertificate(x500Name, x500Name, config.getSerial(),
notBefore, notAfter, keys.getPublicKey(), keys.getPrivateKey());
//私钥
config.setPrivateKey(encodePem(keys.getPrivateKey()));
//公钥
config.setPublicKey(encodePem(keys.getPublicKey()));
//证书
config.setCert(certificate);
//使用类型
config.setUsingType(usingType);
appCertRepository.save(config);
} catch (Exception e) {
logger.error("创建应用证书异常", e);
throw new TopIamException(e.getMessage(), e);
}
}
/**
* AppCertRepository
*/
protected final AppCertRepository appCertRepository;
/**
* AppAccountRepository
*/
protected final AppAccountRepository appAccountRepository;
/**
*AppAccessPolicyRepository
*/
protected final AppAccessPolicyRepository appAccessPolicyRepository;
/**
* ApplicationRepository
*/
protected final AppRepository appRepository;
protected AbstractApplicationService(AppCertRepository appCertRepository,
AppAccountRepository appAccountRepository,
AppAccessPolicyRepository appAccessPolicyRepository,
AppRepository appRepository) {
this.appCertRepository = appCertRepository;
this.appAccountRepository = appAccountRepository;
this.appAccessPolicyRepository = appAccessPolicyRepository;
this.appRepository = appRepository;
}
}

118
eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/ApplicationService.java Normal file
View File

@ -0,0 +1,118 @@
/*
* eiam-application-core - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application;
import java.util.List;
import java.util.Map;
import org.springframework.transaction.annotation.Transactional;
import cn.topiam.employee.common.enums.app.AppProtocol;
import cn.topiam.employee.common.enums.app.AppType;
/**
*
*
* @author TopIAM
* Created by support@topiam.cn on 2022/8/20 23:20
*/
public interface ApplicationService {
/**
*
*
* @return {@link String}
*/
String getCode();
/**
*
*
* @return {@link String}
*/
String getName();
/**
*
*
* @return {@link String}
*/
String getDescription();
/**
*
*
* @return {@link String}
*/
AppType getType();
/**
*
*
* @return {@link AppProtocol}
*/
AppProtocol getProtocol();
/**
* Schema
*
* @return {@link Map}
*/
List<Map> getFormSchema();
/**
* base64
*
* @return {@link String}
*/
String getBase64Icon();
/**
*
*
* @param name {@link String}
* @param remark {@link String}
* @return {@link String} ID
*/
@Transactional(rollbackFor = Exception.class)
String create(String name, String remark);
/**
*
*
* @param appId {@link String} ID
*/
void delete(String appId);
/**
*
*
* @param appId {@link String}
* @param config {@link Map}
*/
@Transactional(rollbackFor = Exception.class)
void saveConfig(String appId, Map<String, Object> config);
/**
*
*
* @param appId {@link String}
* @return {@link Map}
*/
Object getConfig(String appId);
}

104
eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/ApplicationServiceLoader.java Normal file
View File

@ -0,0 +1,104 @@
/*
* eiam-application-core - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application;
import java.util.*;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.BeanInitializationException;
import org.springframework.beans.factory.InitializingBean;
import org.springframework.context.*;
import org.springframework.context.annotation.Configuration;
import cn.topiam.employee.application.exception.AppTemplateNotExistException;
/**
*
*
* @author TopIAM
* Created by support@topiam.cn on 2022/8/20 19:08
*/
@Configuration
public class ApplicationServiceLoader implements ApplicationContextAware {
private final Logger logger = LoggerFactory
.getLogger(ApplicationServiceLoader.class);
/**
*
*/
private Map<String, ApplicationService> loadMap = new HashMap<>(16);
/**
* key: codevaluetemplateImpl
*/
private final Map<String, ApplicationService> applicationServiceMap = new HashMap<>(16);
/**
* Set the ApplicationContext that this object runs in.
* Normally this call will be used to initialize the object.
* <p>Invoked after population of normal bean properties but before an init callback such
* as {@link InitializingBean#afterPropertiesSet()}
* or a custom init-method. Invoked after {@link ResourceLoaderAware#setResourceLoader},
* {@link ApplicationEventPublisherAware#setApplicationEventPublisher} and
* {@link MessageSourceAware}, if applicable.
*
* @param applicationContext the ApplicationContext object to be used by this object
* @throws ApplicationContextException in case of context initialization errors
* @throws BeansException if thrown by application context methods
* @see BeanInitializationException
*/
@Override
public void setApplicationContext(org.springframework.context.ApplicationContext applicationContext) throws BeansException {
loadMap = applicationContext.getBeansOfType(ApplicationService.class);
getApplicationServiceList();
}
/**
*
*
* @return {@link List}
*/
public Set<ApplicationService> getApplicationServiceList() {
List<ApplicationService> values = loadMap.values().stream().toList();
return new HashSet<>(values);
}
/**
* CODE
*
* @param code {@link String}
* @return {@link List}
*/
public ApplicationService getApplicationService(String code) {
ApplicationService impl = applicationServiceMap.get(code);
if (Objects.isNull(impl)) {
for (ApplicationService service : getApplicationServiceList()) {
if (code.equals(service.getCode())) {
applicationServiceMap.put(code, service);
return service;
}
}
}
if (Objects.isNull(impl)) {
throw new AppTemplateNotExistException();
}
return impl;
}
}

46
eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/Saml2ApplicationService.java Normal file
View File

@ -0,0 +1,46 @@
/*
* eiam-application-core - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application;
import cn.topiam.employee.core.protocol.Saml2ProtocolConfig;
import cn.topiam.employee.core.protocol.Saml2SsoModel;
/**
*
*
* @author TopIAM
* Created by support@topiam.cn on 2022/8/20 23:20
*/
public interface Saml2ApplicationService extends ApplicationService {
/**
* SSO Modal
*
* @param appId {@link String}
* @return {@link Saml2SsoModel}
*/
Saml2SsoModel getSsoModel(String appId);
/**
*
*
* @param appId {@link String}
* @return {@link Saml2ProtocolConfig}
*/
Saml2ProtocolConfig getProtocolConfig(String appId);
}

44
eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/SamlRamRoleNameValueType.java Normal file
View File

@ -0,0 +1,44 @@
/*
* eiam-application-core - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application;
import com.fasterxml.jackson.annotation.JsonValue;
import lombok.Getter;
/**
* Ram
*
* @author TopIAM
* Created by support@topiam.cn on 2022/8/24 22:39
*/
public enum SamlRamRoleNameValueType {
/**
*
*/
APP_USERNAME("app_user.username");
@Getter
@JsonValue
private final String code;
SamlRamRoleNameValueType(String code) {
this.code = code;
}
}

71
eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/context/ApplicationContext.java Normal file
View File

@ -0,0 +1,71 @@
/*
* eiam-application-core - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application.context;
import java.util.Map;
import lombok.Data;
/**
* ApplicationContext
*
* @author TopIAM
* Created by support@topiam.cn on 2022/10/29 22:34
*/
@Data
public final class ApplicationContext {
/**
* ID
*/
private final Long appId;
/**
*
*/
private final String appCode;
/**
*
*/
private final String appTemplate;
/**
* ID
*/
private final String clientId;
/**
*
*/
private final String clientSecret;
/**
*
*/
private final Map<String, Object> config;
public ApplicationContext(Long appId, String appCode, String appTemplate, String clientId,
String clientSecret, Map<String, Object> config) {
this.appCode = appCode;
this.appId = appId;
this.appTemplate = appTemplate;
this.clientId = clientId;
this.clientSecret = clientSecret;
this.config = config;
}
}

62
eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/context/ApplicationContextHolder.java Normal file
View File

@ -0,0 +1,62 @@
/*
* eiam-application-core - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application.context;
/**
*
* ApplicationContextHolder
*
* @author TopIAM
* Created by support@topiam.cn on 2022/10/29 22:37
*/
public final class ApplicationContextHolder {
private static final ThreadLocal<ApplicationContext> HOLDER = new ThreadLocal<>();
private ApplicationContextHolder() {
}
/**
* Returns the {@link ApplicationContext} bound to the current thread.
*
* @return the {@link ApplicationContext}
*/
public static ApplicationContext getApplicationContext() {
return HOLDER.get();
}
/**
* Bind the given {@link ApplicationContext} to the current thread.
*
* @param applicationContext the {@link ApplicationContext}
*/
public static void setProviderContext(ApplicationContext applicationContext) {
if (applicationContext == null) {
resetProviderContext();
} else {
HOLDER.set(applicationContext);
}
}
/**
* Reset the {@link ApplicationContext} bound to the current thread.
*/
public static void resetProviderContext() {
HOLDER.remove();
}
}

18
eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/context/package-info.java Normal file
View File

@ -0,0 +1,18 @@
/*
* eiam-application-core - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application.context;

32
eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/exception/AppCertNotExistException.java Normal file
View File

@ -0,0 +1,32 @@
/*
* eiam-application-core - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application.exception;
import cn.topiam.employee.support.exception.TopIamException;
/**
*
*
* @author TopIAM
* Created by support@topiam.cn on 2022/7/8 22:21
*/
public class AppCertNotExistException extends TopIamException {
public AppCertNotExistException() {
super("应用证书不存在");
}
}

32
eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/exception/AppConfigNotExistException.java Normal file
View File

@ -0,0 +1,32 @@
/*
* eiam-application-core - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application.exception;
import cn.topiam.employee.support.exception.TopIamException;
/**
*
*
* @author TopIAM
* Created by support@topiam.cn on 2022/7/8 22:21
*/
public class AppConfigNotExistException extends TopIamException {
public AppConfigNotExistException() {
super("app_config_not_exist", "应用配置不存在", DEFAULT_STATUS);
}
}

32
eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/exception/AppNotEnableException.java Normal file
View File

@ -0,0 +1,32 @@
/*
* eiam-application-core - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application.exception;
import cn.topiam.employee.support.exception.TopIamException;
/**
*
*
* @author TopIAM
* Created by support@topiam.cn on 2022/7/8 22:23
*/
public class AppNotEnableException extends TopIamException {
public AppNotEnableException() {
super("app_not_enable", "应用未启用", DEFAULT_STATUS);
}
}

32
eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/exception/AppNotExistException.java Normal file
View File

@ -0,0 +1,32 @@
/*
* eiam-application-core - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application.exception;
import cn.topiam.employee.support.exception.TopIamException;
/**
*
*
* @author TopIAM
* Created by support@topiam.cn on 2022/7/8 22:23
*/
public class AppNotExistException extends TopIamException {
public AppNotExistException() {
super("app_not_exist", "应用不存在", DEFAULT_STATUS);
}
}

34
eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/exception/AppTemplateNotExistException.java Normal file
View File

@ -0,0 +1,34 @@
/*
* eiam-application-core - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application.exception;
import cn.topiam.employee.support.exception.TopIamException;
import static org.springframework.http.HttpStatus.BAD_REQUEST;
/**
*
*
* @author TopIAM
* Created by support@topiam.cn on 2022/7/8 22:49
*/
public class AppTemplateNotExistException extends TopIamException {
public AppTemplateNotExistException() {
super("app_template_not_exist", "应用模版不存在", BAD_REQUEST);
}
}

31
eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/exception/ParseSaml2MetadataException.java Normal file
View File

@ -0,0 +1,31 @@
/*
* eiam-application-core - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application.exception;
import cn.topiam.employee.support.exception.TopIamException;
/**
* SAML
*
* @author TopIAM
*/
public class ParseSaml2MetadataException extends TopIamException {
public ParseSaml2MetadataException() {
super("parse_saml2_metadata_error", "解析 SAML 元数据异常", DEFAULT_STATUS);
}
}

18
eiam-application/eiam-application-core/src/main/java/cn/topiam/employee/application/package-info.java Normal file
View File

@ -0,0 +1,18 @@
/*
* eiam-application-core - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application;

41
eiam-application/eiam-application-form/pom.xml Normal file
View File

@ -0,0 +1,41 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
eiam-application-form - Employee Identity and Access Management Program
Copyright © 2020-2022 TopIAM (support@topiam.cn)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<groupId>cn.topiam</groupId>
<artifactId>eiam-application</artifactId>
<version>1.0.0-beta1</version>
<relativePath>../pom.xml</relativePath>
</parent>
<packaging>jar</packaging>
<modelVersion>4.0.0</modelVersion>
<artifactId>eiam-application-form</artifactId>
<dependencies>
<dependency>
<groupId>cn.topiam</groupId>
<artifactId>eiam-application-core</artifactId>
<version>${project.version}</version>
</dependency>
</dependencies>
</project>

46
eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/AbstractFormApplicationService.java Normal file
View File

@ -0,0 +1,46 @@
/*
* eiam-application-form - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application.form;
import cn.topiam.employee.application.ApplicationService;
import cn.topiam.employee.common.repository.app.AppCertRepository;
import cn.topiam.employee.common.repository.app.AppRepository;
/**
* Form
*
* @author TopIAM
* Created by support@topiam.cn on 2022/8/23 20:58
*/
public abstract class AbstractFormApplicationService implements ApplicationService {
/**
* AppCertRepository
*/
protected final AppCertRepository appCertRepository;
/**
* ApplicationRepository
*/
protected final AppRepository appRepository;
protected AbstractFormApplicationService(AppCertRepository appCertRepository,
AppRepository appRepository) {
this.appCertRepository = appCertRepository;
this.appRepository = appRepository;
}
}

156
eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/FormStandardApplicationServiceImpl.java Normal file
View File

@ -0,0 +1,156 @@
/*
* eiam-application-form - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application.form;
import java.util.List;
import java.util.Map;
import org.springframework.stereotype.Component;
import cn.topiam.employee.common.enums.app.AppProtocol;
import cn.topiam.employee.common.enums.app.AppType;
import cn.topiam.employee.common.repository.app.AppCertRepository;
import cn.topiam.employee.common.repository.app.AppRepository;
/**
* Form
*
* @author TopIAM
* Created by support@topiam.cn on 2022/8/20 23:20
*/
@Component
public class FormStandardApplicationServiceImpl extends AbstractFormApplicationService {
/**
*
*
* @param appId {@link String}
* @param config {@link Map}
*/
@Override
public void saveConfig(String appId, Map<String, Object> config) {
}
/**
*
*
* @param appId {@link String}
* @return {@link Map}
*/
@Override
public Object getConfig(String appId) {
return null;
}
/**
*
*
* @return {@link String}
*/
@Override
public String getCode() {
return "form";
}
/**
*
*
* @return {@link String}
*/
@Override
public String getName() {
return "表单代填";
}
/**
*
*
* @return {@link String}
*/
@Override
public String getDescription() {
return "表单代填可以模拟用户在登录页输入用户名和密码,再通过表单提交的一种登录方式。应用的账号密码在 TopIAM 中使用 AES256 加密算法本地加密存储。很多旧系统、不支持标准认证协议的系统或不支持改造的系统可以使用表单代填实现统一身份管理。表单中有图片验证码、CSRF token、动态参数的场景不适用。";
}
/**
*
*
* @return {@link AppType}
*/
@Override
public AppType getType() {
return AppType.STANDARD;
}
/**
*
*
* @return {@link AppProtocol}
*/
@Override
public AppProtocol getProtocol() {
return AppProtocol.FORM;
}
/**
* Schema
*
* @return {@link Map}
*/
@Override
public List<Map> getFormSchema() {
return null;
}
/**
* base64
*
* @return {@link String}
*/
@Override
public String getBase64Icon() {
return "data:image/svg+xml;base64,PHN2ZyB0PSIxNjYwOTc4MDk3OTkyIiBjbGFzcz0iaWNvbiIgdmlld0JveD0iMCAwIDEwMjQgMTAyNCIgdmVyc2lvbj0iMS4xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHAtaWQ9IjMxNDMiIHdpZHRoPSIyMDAiIGhlaWdodD0iMjAwIj48cGF0aCBkPSJNMjk0LjkxMiA0MTQuMjA4aDg2LjUyOHYzNDIuMDE2SDI5NC45MTJ6TTQyNC45NiA0MTQuMjA4aDMwMy4xMDR2MzQyLjAxNkg0MjQuOTZ6TTI5NC45MTIgMjY3LjI2NGg0MzMuMTUydjk3Ljc5MkgyOTQuOTEyeiIgZmlsbD0iIzI3QTNGRiIgcC1pZD0iMzE0NCI+PC9wYXRoPjxwYXRoIGQ9Ik05MjEuNiAwSDEwMi40YTEwMi40IDEwMi40IDAgMCAwLTEwMi40IDEwMi40djgxOS4yYTEwMi40IDEwMi40IDAgMCAwIDEwMi40IDEwMi40aDgxOS4yYTEwMi40IDEwMi40IDAgMCAwIDEwMi40LTEwMi40VjEwMi40YTEwMi40IDEwMi40IDAgMCAwLTEwMi40LTEwMi40eiBtLTE1MC4wMTYgNzgwLjhhMjMuMDQgMjMuMDQgMCAwIDEtMjEuNTA0IDI0LjA2NEgyNzMuNDA4YTIzLjA0IDIzLjA0IDAgMCAxLTIxLjUwNC0yNC4wNjRWMjQyLjY4OGEyMy4wNCAyMy4wNCAwIDAgMSAyMS41MDQtMjQuMDY0aDQ3Ni42NzJhMjMuMDQgMjMuMDQgMCAwIDEgMjEuNTA0IDI0LjA2NHoiIGZpbGw9IiMyN0EzRkYiIHAtaWQ9IjMxNDUiPjwvcGF0aD48L3N2Zz4=";
}
/**
*
*
* @param name {@link String}
* @param remark {@link String}
*/
@Override
public String create(String name, String remark) {
return "";
}
/**
*
*
* @param appId {@link String} ID
*/
@Override
public void delete(String appId) {
}
protected FormStandardApplicationServiceImpl(AppCertRepository appCertRepository,
AppRepository appRepository) {
super(appCertRepository, appRepository);
}
}

56
eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/model/AppFormConfigGetResult.java Normal file
View File

@ -0,0 +1,56 @@
/*
* eiam-application-form - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application.form.model;
import java.io.Serializable;
import cn.topiam.employee.common.enums.app.AuthorizationType;
import cn.topiam.employee.common.enums.app.InitLoginType;
import lombok.Data;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.media.Schema;
/**
* Form
*
* @author TopIAM
* Created by support@topiam.cn on 2022/5/31 22:46
*/
@Data
@Schema(description = "Form 配置返回结果")
public class AppFormConfigGetResult implements Serializable {
/**
* SSO
*/
@Parameter(description = "SSO 发起方")
private InitLoginType initLoginType;
/**
* SSO
*/
@Parameter(description = "SSO 登录链接")
private String initLoginUrl;
/**
*
*/
@Parameter(description = "SSO 授权范围")
private AuthorizationType authorizationType;
}

18
eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/model/package-info.java Normal file
View File

@ -0,0 +1,18 @@
/*
* eiam-application-form - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application.form.model;

18
eiam-application/eiam-application-form/src/main/java/cn/topiam/employee/application/form/package-info.java Normal file
View File

@ -0,0 +1,18 @@
/*
* eiam-application-form - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application.form;

41
eiam-application/eiam-application-jwt/pom.xml Normal file
View File

@ -0,0 +1,41 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
eiam-application-jwt - Employee Identity and Access Management Program
Copyright © 2020-2022 TopIAM (support@topiam.cn)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<groupId>cn.topiam</groupId>
<artifactId>eiam-application</artifactId>
<version>1.0.0-beta1</version>
<relativePath>../pom.xml</relativePath>
</parent>
<packaging>jar</packaging>
<modelVersion>4.0.0</modelVersion>
<artifactId>eiam-application-jwt</artifactId>
<dependencies>
<dependency>
<groupId>cn.topiam</groupId>
<artifactId>eiam-application-core</artifactId>
<version>${project.version}</version>
</dependency>
</dependencies>
</project>

46
eiam-application/eiam-application-jwt/src/main/java/cn/topiam/employee/application/jwt/AbstractJwtApplicationService.java Normal file
View File

@ -0,0 +1,46 @@
/*
* eiam-application-jwt - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application.jwt;
import cn.topiam.employee.application.ApplicationService;
import cn.topiam.employee.common.repository.app.AppCertRepository;
import cn.topiam.employee.common.repository.app.AppRepository;
/**
* JWT
*
* @author TopIAM
* Created by support@topiam.cn on 2022/8/23 20:58
*/
public abstract class AbstractJwtApplicationService implements ApplicationService {
/**
* AppCertRepository
*/
protected final AppCertRepository appCertRepository;
/**
* ApplicationRepository
*/
protected final AppRepository appRepository;
protected AbstractJwtApplicationService(AppCertRepository appCertRepository,
AppRepository appRepository) {
this.appCertRepository = appCertRepository;
this.appRepository = appRepository;
}
}

155
eiam-application/eiam-application-jwt/src/main/java/cn/topiam/employee/application/jwt/JwtStandardApplicationServiceImpl.java Normal file
View File

@ -0,0 +1,155 @@
/*
* eiam-application-jwt - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application.jwt;
import java.util.List;
import java.util.Map;
import org.springframework.stereotype.Component;
import cn.topiam.employee.common.enums.app.AppProtocol;
import cn.topiam.employee.common.enums.app.AppType;
import cn.topiam.employee.common.repository.app.AppCertRepository;
import cn.topiam.employee.common.repository.app.AppRepository;
/**
* JWT
*
* @author TopIAM
* Created by support@topiam.cn on 2022/8/20 23:20
*/
@Component
public class JwtStandardApplicationServiceImpl extends AbstractJwtApplicationService {
/**
*
*
* @param appId {@link String}
* @param config {@link Map}
*/
@Override
public void saveConfig(String appId, Map<String, Object> config) {
}
/**
*
*
* @param appId {@link String}
* @return {@link Map}
*/
@Override
public Object getConfig(String appId) {
return null;
}
/**
*
*
* @return {@link String}
*/
@Override
public String getCode() {
return "jwt";
}
/**
*
*
* @return {@link String}
*/
@Override
public String getName() {
return "JWT";
}
/**
*
*
* @return {@link String}
*/
@Override
public String getDescription() {
return "JWTJSON Web Token是在网络应用环境声明的一种基于 JSON 的开放标准。TopIAM 使用 JWT 进行分布式站点的单点登录 SSO。JWT 单点登录基于非对称加密,由 TopIAM 将用户状态和信息使用私钥加密,传递给应用后,应用使用公钥解密并进行验证。使用场景非常广泛,集成简单。";
}
/**
*
*
* @return {@link AppType}
*/
@Override
public AppType getType() {
return AppType.STANDARD;
}
/**
*
*
* @return {@link AppProtocol}
*/
@Override
public AppProtocol getProtocol() {
return AppProtocol.JWT;
}
/**
* Schema
*
* @return {@link Map}
*/
@Override
public List<Map> getFormSchema() {
return null;
}
/**
* base64
*
* @return {@link String}
*/
@Override
public String getBase64Icon() {
return "data:image/svg+xml;base64,PHN2ZyB0PSIxNjYwOTc4MjExNDg3IiBjbGFzcz0iaWNvbiIgdmlld0JveD0iMCAwIDEwMjQgMTAyNCIgdmVyc2lvbj0iMS4xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHAtaWQ9IjM4NzEiIHdpZHRoPSIyMDAiIGhlaWdodD0iMjAwIj48cGF0aCBkPSJNNTg5LjMxMiAyNzUuNDU2TDU4OC4yODggMGgtMTUzLjZsMS4wMjQgMjc1LjQ1NiA3Ni44IDEwNS40NzJ6IG0tMTUzLjYgNDcyLjA2NHYyNzYuNDhoMTUzLjZ2LTI3Ni40OEw1MTIuNTEyIDY0Mi4wNDh6IiBmaWxsPSIjRkZGRkZGIiBwLWlkPSIzODcyIj48L3BhdGg+PHBhdGggZD0iTTU4OS4zMTIgNzQ3LjUybDE2MS43OTIgMjIzLjIzMiAxMjMuOTA0LTkwLjExMi0xNjEuNzkyLTIyMy4yMzItMTIzLjkwNC0zOS45MzZ6IG0tMTUzLjYtNDcyLjA2NEwyNzIuODk2IDUyLjIyNGwtMTIzLjkwNCA5MC4xMTJMMzEwLjc4NCAzNjUuNTY4bDEyNC45MjggMzkuOTM2eiIgZmlsbD0iIzAwRjJFNiIgcC1pZD0iMzg3MyI+PC9wYXRoPjxwYXRoIGQ9Ik0zMTAuNzg0IDM2NS41NjhMNDguNjQgMjgwLjU3NiAxLjUzNiA0MjUuOTg0IDI2My42OCA1MTJsMTIzLjkwNC00MC45NnogbTMyNS42MzIgMTg2LjM2OGw3Ni44IDEwNS40NzIgMjYyLjE0NCA4NC45OTIgNDcuMTA0LTE0NS40MDgtMjYyLjE0NC04NC45OTJ6IiBmaWxsPSIjMDBCOUYxIiBwLWlkPSIzODc0Ij48L3BhdGg+PHBhdGggZD0iTTc2MC4zMiA1MTJsMjYyLjE0NC04Ni4wMTYtNDcuMTA0LTE0NS40MDhMNzEzLjIxNiAzNjUuNTY4bC03Ni44IDEwNS40NzJ6IG0tNDk2LjY0IDBMMS41MzYgNTk2Ljk5MiA0OC42NCA3NDIuNGwyNjIuMTQ0LTg0Ljk5MiA3Ni44LTEwNS40NzJ6IiBmaWxsPSIjRDYzQUZGIiBwLWlkPSIzODc1Ij48L3BhdGg+PHBhdGggZD0iTTMxMC43ODQgNjU3LjQwOEwxNDguOTkyIDg4MC42NGwxMjMuOTA0IDkwLjExMiAxNjIuODE2LTIyMy4yMzJWNjE3LjQ3MnpNNzEzLjIxNiAzNjUuNTY4bDE2MS43OTItMjIzLjIzMi0xMjMuOTA0LTkwLjExMi0xNjEuNzkyIDIyMy4yMzJ2MTMwLjA0OHoiIGZpbGw9IiNGQjAxNUIiIHAtaWQ9IjM4NzYiPjwvcGF0aD48L3N2Zz4=";
}
/**
*
*
* @param name {@link String}
* @param remark {@link String}
*/
@Override
public String create(String name, String remark) {
return "";
}
/**
*
*
* @param appId {@link String} ID
*/
@Override
public void delete(String appId) {
}
public JwtStandardApplicationServiceImpl(AppCertRepository appCertRepository,
AppRepository appRepository) {
super(appCertRepository, appRepository);
}
}

56
eiam-application/eiam-application-jwt/src/main/java/cn/topiam/employee/application/jwt/model/AppJwtGetResult.java Normal file
View File

@ -0,0 +1,56 @@
/*
* eiam-application-jwt - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application.jwt.model;
import java.io.Serializable;
import cn.topiam.employee.common.enums.app.AuthorizationType;
import cn.topiam.employee.common.enums.app.InitLoginType;
import lombok.Data;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.media.Schema;
/**
* JWT
*
* @author TopIAM
* Created by support@topiam.cn on 2022/5/31 22:46
*/
@Data
@Schema(description = "JWT 配置返回结果")
public class AppJwtGetResult implements Serializable {
/**
* SSO
*/
@Parameter(description = "SSO 发起方")
private InitLoginType initLoginType;
/**
* SSO
*/
@Parameter(description = "SSO 登录链接")
private String initLoginUrl;
/**
*
*/
@Parameter(description = "SSO 授权范围")
private AuthorizationType authorizationType;
}

18
eiam-application/eiam-application-jwt/src/main/java/cn/topiam/employee/application/jwt/model/package-info.java Normal file
View File

@ -0,0 +1,18 @@
/*
* eiam-application-jwt - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application.jwt.model;

18
eiam-application/eiam-application-jwt/src/main/java/cn/topiam/employee/application/jwt/package-info.java Normal file
View File

@ -0,0 +1,18 @@
/*
* eiam-application-jwt - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application.jwt;

18
eiam-application/eiam-application-jwt/src/main/java/cn/topiam/employee/application/package-info.java Normal file
View File

@ -0,0 +1,18 @@
/*
* eiam-application-jwt - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application;

41
eiam-application/eiam-application-oidc/pom.xml Normal file
View File

@ -0,0 +1,41 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
eiam-application-oidc - Employee Identity and Access Management Program
Copyright © 2020-2022 TopIAM (support@topiam.cn)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<groupId>cn.topiam</groupId>
<artifactId>eiam-application</artifactId>
<version>1.0.0-beta1</version>
<relativePath>../pom.xml</relativePath>
</parent>
<packaging>jar</packaging>
<modelVersion>4.0.0</modelVersion>
<artifactId>eiam-application-oidc</artifactId>
<dependencies>
<dependency>
<groupId>cn.topiam</groupId>
<artifactId>eiam-application-core</artifactId>
<version>${project.version}</version>
</dependency>
</dependencies>
</project>

70
eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/AbstractOidcApplicationService.java Normal file
View File

@ -0,0 +1,70 @@
/*
* eiam-application-oidc - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application.oidc;
import cn.topiam.employee.application.AbstractApplicationService;
import cn.topiam.employee.application.ApplicationService;
import cn.topiam.employee.common.repository.app.*;
/**
* OIDC
*
* @author TopIAM
* Created by support@topiam.cn on 2022/8/23 20:58
*/
public abstract class AbstractOidcApplicationService extends AbstractApplicationService
implements ApplicationService {
@Override
public void delete(String appId) {
//删除应用
appRepository.deleteById(Long.valueOf(appId));
//删除证书
appCertRepository.deleteByAppId(Long.valueOf(appId));
//删除应用账户
appAccountRepository.deleteAllByAppId(Long.valueOf(appId));
//删除应用权限策略
appAccessPolicyRepository.deleteAllByAppId(Long.valueOf(appId));
//删除SAML2配置
appOidcConfigRepository.deleteByAppId(Long.valueOf(appId));
}
/**
* AppCertRepository
*/
protected final AppCertRepository appCertRepository;
/**
* ApplicationRepository
*/
protected final AppRepository appRepository;
/**
* AppOidcConfigRepository
*/
protected final AppOidcConfigRepository appOidcConfigRepository;
protected AbstractOidcApplicationService(AppCertRepository appCertRepository,
AppAccountRepository appAccountRepository,
AppAccessPolicyRepository appAccessPolicyRepository,
AppRepository appRepository,
AppOidcConfigRepository appOidcConfigRepository) {
super(appCertRepository, appAccountRepository, appAccessPolicyRepository, appRepository);
this.appCertRepository = appCertRepository;
this.appRepository = appRepository;
this.appOidcConfigRepository = appOidcConfigRepository;
}
}

291
eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/OidcStandardApplicationServiceImpl.java Normal file
View File

File diff suppressed because one or more lines are too long

130
eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/converter/AppOidcStandardConfigConverter.java Normal file
View File

@ -0,0 +1,130 @@
/*
* eiam-application-oidc - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application.oidc.converter;
import java.util.HashMap;
import java.util.Map;
import java.util.Objects;
import org.apache.commons.text.StringSubstitutor;
import org.mapstruct.Mapper;
import org.mapstruct.Mapping;
import cn.topiam.employee.application.oidc.model.AppOidcStandardConfigGetResult;
import cn.topiam.employee.application.oidc.model.AppOidcStandardSaveConfigParam;
import cn.topiam.employee.common.constants.ProtocolConstants;
import cn.topiam.employee.common.entity.app.AppOidcConfigEntity;
import cn.topiam.employee.common.entity.app.po.AppOidcConfigPO;
import cn.topiam.employee.core.context.ServerContextHelp;
import cn.topiam.employee.support.util.HttpUrlUtils;
import static cn.topiam.employee.common.constants.ProtocolConstants.APP_CODE;
import static cn.topiam.employee.common.constants.ProtocolConstants.OidcEndpointConstants.OIDC_AUTHORIZE_PATH;
import static cn.topiam.employee.common.constants.ProtocolConstants.OidcEndpointConstants.WELL_KNOWN_OPENID_CONFIGURATION;
/**
*
*
* @author TopIAM
* Created by support@topiam.cn on 2020/8/14 22:45
*/
@Mapper(componentModel = "spring")
public interface AppOidcStandardConfigConverter {
/**
* OIDC
*
* @param config {@link AppOidcConfigEntity}
* @return {@link AppOidcStandardConfigGetResult}
*/
default AppOidcStandardConfigGetResult entityConverterToOidcConfigResult(AppOidcConfigPO config) {
AppOidcStandardConfigGetResult result = new AppOidcStandardConfigGetResult();
if (Objects.isNull(config)) {
return result;
}
//协议端点域
result.setProtocolEndpoint(getProtocolEndpointDomain(config.getAppCode()));
//认证授权类型
result.setAuthGrantTypes(config.getAuthGrantTypes());
//重定向URI
result.setRedirectUris(config.getRedirectUris());
//授权范围
result.setGrantScopes(config.getGrantScopes());
//启用PKCE
result.setRequireProofKey(config.getRequireProofKey());
//访问令牌有效时间
result.setAccessTokenTimeToLive(config.getAccessTokenTimeToLive().toString());
//刷新令牌有效时间
result.setRefreshTokenTimeToLive(config.getRefreshTokenTimeToLive().toString());
//ID令牌有效时间
result.setIdTokenTimeToLive(config.getIdTokenTimeToLive().toString());
// id 令牌签名算法
result.setIdTokenSignatureAlgorithm(config.getIdTokenSignatureAlgorithm());
//SSO 发起方
result.setInitLoginType(config.getInitLoginType());
//登录发起地址
result.setInitLoginUrl(config.getInitLoginUrl());
//授权类型
result.setAuthorizationType(config.getAuthorizationType());
return result;
}
/**
* save entity
*
* @param config {@link AppOidcConfigEntity}
* @return {@link AppOidcConfigEntity}
*/
@Mapping(target = "updateTime", ignore = true)
@Mapping(target = "updateBy", ignore = true)
@Mapping(target = "remark", ignore = true)
@Mapping(target = "id", ignore = true)
@Mapping(target = "createTime", ignore = true)
@Mapping(target = "createBy", ignore = true)
@Mapping(target = "appId", ignore = true)
AppOidcConfigEntity appOidcStandardSaveConfigParamToEntity(AppOidcStandardSaveConfigParam config);
/**
*
*
* @param appCode {@link String}
* @return {@link AppOidcStandardConfigGetResult.ProtocolEndpoint}
*/
private AppOidcStandardConfigGetResult.ProtocolEndpoint getProtocolEndpointDomain(String appCode) {
//@formatter:off
AppOidcStandardConfigGetResult.ProtocolEndpoint domain = new AppOidcStandardConfigGetResult.ProtocolEndpoint();
//issues
Map<String,String> variables = new HashMap<>(16);
variables.put(APP_CODE,appCode);
StringSubstitutor sub = new StringSubstitutor(variables, "{", "}");
//Issuer
domain.setIssuer(sub.replace(ServerContextHelp.getPortalPublicBaseUrl()+OIDC_AUTHORIZE_PATH));
//发现端点
domain.setDiscoveryEndpoint(HttpUrlUtils.format(ServerContextHelp.getPortalPublicBaseUrl() + sub.replace(WELL_KNOWN_OPENID_CONFIGURATION)));
//认证端点
domain.setAuthorizationEndpoint(HttpUrlUtils.format(ServerContextHelp.getPortalPublicBaseUrl() + sub.replace(ProtocolConstants.OidcEndpointConstants.AUTHORIZATION_ENDPOINT)));
//Token端点
domain.setTokenEndpoint(HttpUrlUtils.format(ServerContextHelp.getPortalPublicBaseUrl() + sub.replace( ProtocolConstants.OidcEndpointConstants.TOKEN_ENDPOINT)));
//Jwks端点
domain.setJwksEndpoint(HttpUrlUtils.format(ServerContextHelp.getPortalPublicBaseUrl() + sub.replace(ProtocolConstants.OidcEndpointConstants.JWK_SET_ENDPOINT)));
//撤销端点
domain.setRevokeEndpoint(HttpUrlUtils.format(ServerContextHelp.getPortalPublicBaseUrl()+ sub.replace(ProtocolConstants.OidcEndpointConstants.TOKEN_REVOCATION_ENDPOINT)));
//UserInfo端点
domain.setUserinfoEndpoint(HttpUrlUtils.format(ServerContextHelp.getPortalPublicBaseUrl() + sub.replace(ProtocolConstants.OidcEndpointConstants.OIDC_USER_INFO_ENDPOINT)));
return domain;
//@formatter:on
}
}

202
eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/model/AppOidcStandardConfigGetResult.java Normal file
View File

@ -0,0 +1,202 @@
/*
* eiam-application-oidc - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application.oidc.model;
import java.io.Serial;
import java.io.Serializable;
import java.util.Set;
import cn.topiam.employee.common.enums.app.AuthorizationType;
import cn.topiam.employee.common.enums.app.InitLoginType;
import lombok.Data;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.media.Schema;
/**
* OIDC
*
* @author TopIAM
* Created by support@topiam.cn on 2022/5/31 22:46
*/
@Data
@Schema(description = "OIDC 配置返回结果")
public class AppOidcStandardConfigGetResult implements Serializable {
@Serial
private static final long serialVersionUID = 4177874005424703372L;
/**
* APP ID
*/
@Parameter(description = "appId")
private Long appId;
/**
* SSO
*/
@Parameter(description = "SSO 发起方")
private InitLoginType initLoginType;
/**
* SSO
*/
@Parameter(description = "SSO 登录链接")
private String initLoginUrl;
/**
*
*/
@Parameter(description = "SSO 授权范围")
private AuthorizationType authorizationType;
/**
* authorizationGrantTypes
*/
@Parameter(description = "认证授权类型")
private Set<String> authGrantTypes;
/**
*
*/
@Parameter(description = "客户端认证方式")
private Set<String> clientAuthMethods;
/**
* URI
*/
@Parameter(description = "重定向URI")
private Set<String> redirectUris;
/**
* scopes
*/
@Parameter(description = "授权范围")
private Set<String> grantScopes;
/**
* PKCE
*/
@Parameter(description = "启用PKCE")
private Boolean requireProofKey;
/**
* Endpoint
*/
@Parameter(description = "令牌 Endpoint 身份验证签名算法")
private String tokenEndpointAuthSigningAlgorithm;
/**
*
*/
@Parameter(description = "是否需要授权同意")
private Boolean requireAuthConsent;
/**
* 访
*/
@Parameter(description = "访问令牌有效时间")
private String accessTokenTimeToLive;
/**
*
*/
@Parameter(description = "刷新令牌有效时间")
private String refreshTokenTimeToLive;
/**
* ID token
*/
@Parameter(description = "ID 令牌有效时间")
private String idTokenTimeToLive;
/**
* id
*/
@Parameter(description = "Id令牌签名算法")
private String idTokenSignatureAlgorithm;
/**
*
*/
@Parameter(description = "协议端点域")
private ProtocolEndpoint protocolEndpoint;
/**
* Access Token
*/
@Parameter(description = "Access Token 格式")
private String accessTokenFormat;
/**
*
*/
@Parameter(description = "是否重用刷新令牌")
private Boolean reuseRefreshToken;
/**
*
*
* @author TopIAM
* Created by support@topiam.cn on 2022/6/4 23:37
*/
@Data
@Schema(description = "协议端点")
public static class ProtocolEndpoint implements Serializable {
@Serial
private static final long serialVersionUID = -2261602995152894964L;
/**
* oidcIssuer
*/
@Parameter(description = "Issuer")
private String issuer;
/**
* discoveryEndpoint
*/
@Parameter(description = "Discovery Endpoint")
private String discoveryEndpoint;
/**
* UserinfoEndpoint
*/
@Parameter(description = "UserInfo Endpoint")
private String userinfoEndpoint;
/**
* jwksEndpoint
*/
@Parameter(description = "Jwks Endpoint")
private String jwksEndpoint;
/**
* revokeEndpoint
*/
@Parameter(description = "Revoke Endpoint")
private String revokeEndpoint;
/**
* tokenEndpoint
*/
@Parameter(description = "Token Endpoint")
private String tokenEndpoint;
/**
* authorizationEndpoint
*/
@Parameter(description = "Authorization Endpoint")
private String authorizationEndpoint;
}
}

151
eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/model/AppOidcStandardSaveConfigParam.java Normal file
View File

@ -0,0 +1,151 @@
/*
* eiam-application-oidc - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application.oidc.model;
import java.io.Serial;
import java.io.Serializable;
import java.util.List;
import javax.validation.constraints.NotBlank;
import javax.validation.constraints.NotNull;
import cn.topiam.employee.common.enums.app.AuthorizationType;
import cn.topiam.employee.common.enums.app.InitLoginType;
import lombok.Data;
import io.swagger.v3.oas.annotations.media.Schema;
/**
* @author TopIAM
* Created by support@topiam.cn on 2022/7/10 01:45
*/
@Data
@Schema(description = "保存 OIDC 应用配置参数")
public class AppOidcStandardSaveConfigParam implements Serializable {
@Serial
private static final long serialVersionUID = 7257798528680745281L;
/**
*
*/
@NotNull(message = "授权类型不能为空")
@Schema(description = "授权类型")
private List<String> authGrantTypes;
/**
*
*/
@NotNull(message = "授权类型不能为空")
@Schema(description = "授权类型")
private List<String> redirectUris;
/**
* SSO
*/
@NotNull(message = "SSO范围不能为空")
@Schema(description = "SSO范围")
private AuthorizationType authorizationType;
/**
* SSO
*/
@NotNull(message = "SSO发起方不能为空")
@Schema(description = "SSO发起方")
private InitLoginType initLoginType;
/**
* SSO URL
*/
@Schema(description = "SSO 发起登录URL")
private String initLoginUrl;
/**
*
*/
@NotNull(message = "授予范围不能为空")
@Schema(description = "授予范围")
private List<String> grantScopes;
/**
*
*/
@Schema(description = "客户端身份验证方法")
private List<String> clientAuthMethods;
/**
* PKCE
*/
@NotNull(message = "请选择是否需要PKCE")
@Schema(description = "是否需要PKCE")
private Boolean requireProofKey;
/**
* Access Token
*/
@NotBlank(message = "Access Token 生存时间不能为空")
@Schema(description = "Access Token 生存时间")
private String accessTokenTimeToLive;
/**
* Access Token
*/
@Schema(description = "Access Token 格式")
private String accessTokenFormat;
/**
* Refresh Token
*/
@NotBlank(message = "Refresh Token 生存时间不能为空")
@Schema(description = "Refresh Token 生存时间")
private String refreshTokenTimeToLive;
/**
* Id Token
*/
@NotBlank(message = "Id Token 生存时间不能为空")
@Schema(description = "Id Token 生存时间")
private String idTokenTimeToLive;
/**
* ID Token
*/
@NotBlank(message = "ID Token签名算法不能为空")
@Schema(description = "ID Token签名算法")
private String idTokenSignatureAlgorithm;
/**
* Token
*/
@Schema(description = "令牌端点身份验证签名算法")
private String tokenEndpointAuthSigningAlgorithm;
/**
*
*/
@Schema(description = "重用刷新令牌")
private Boolean reuseRefreshToken;
/**
*
*/
@Schema(description = "需要授权同意")
private Boolean requireAuthConsent;
}

18
eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/model/package-info.java Normal file
View File

@ -0,0 +1,18 @@
/*
* eiam-application-oidc - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application.oidc.model;

18
eiam-application/eiam-application-oidc/src/main/java/cn/topiam/employee/application/oidc/package-info.java Normal file
View File

@ -0,0 +1,18 @@
/*
* eiam-application-oidc - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application.oidc;

41
eiam-application/eiam-application-saml2/pom.xml Normal file
View File

@ -0,0 +1,41 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
eiam-application-saml2 - Employee Identity and Access Management Program
Copyright © 2020-2022 TopIAM (support@topiam.cn)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<groupId>cn.topiam</groupId>
<artifactId>eiam-application</artifactId>
<version>1.0.0-beta1</version>
<relativePath>../pom.xml</relativePath>
</parent>
<packaging>jar</packaging>
<modelVersion>4.0.0</modelVersion>
<artifactId>eiam-application-saml2</artifactId>
<dependencies>
<dependency>
<groupId>cn.topiam</groupId>
<artifactId>eiam-application-core</artifactId>
<version>${project.version}</version>
</dependency>
</dependencies>
</project>

18
eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/package-info.java Normal file
View File

@ -0,0 +1,18 @@
/*
* eiam-application-saml2 - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application;

348
eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/AbstractSamlAppService.java Normal file
View File

@ -0,0 +1,348 @@
/*
* eiam-application-saml2 - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application.saml2;
import java.util.*;
import org.apache.commons.lang3.StringUtils;
import org.apache.commons.text.StringSubstitutor;
import org.mapstruct.Mapper;
import org.mapstruct.Mapping;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.transaction.annotation.Transactional;
import org.springframework.util.AlternativeJdkIdGenerator;
import org.springframework.util.CollectionUtils;
import org.springframework.util.IdGenerator;
import cn.topiam.employee.application.AbstractApplicationService;
import cn.topiam.employee.application.Saml2ApplicationService;
import cn.topiam.employee.application.exception.AppCertNotExistException;
import cn.topiam.employee.common.entity.account.UserEntity;
import cn.topiam.employee.common.entity.app.AppAccountEntity;
import cn.topiam.employee.common.entity.app.AppCertEntity;
import cn.topiam.employee.common.entity.app.AppSaml2ConfigEntity;
import cn.topiam.employee.common.entity.app.po.AppSaml2ConfigPO;
import cn.topiam.employee.common.enums.app.AppCertUsingType;
import cn.topiam.employee.common.enums.app.SamlAttributeStatementValueType;
import cn.topiam.employee.common.enums.app.SamlNameIdValueType;
import cn.topiam.employee.common.exception.app.AppAccountNotExistException;
import cn.topiam.employee.common.repository.account.UserRepository;
import cn.topiam.employee.common.repository.app.*;
import cn.topiam.employee.common.util.SamlKeyStoreProvider;
import cn.topiam.employee.core.protocol.Saml2ProtocolConfig;
import cn.topiam.employee.core.protocol.Saml2SsoModel;
import cn.topiam.employee.core.security.util.SecurityUtils;
import cn.topiam.employee.support.context.ApplicationContextHelp;
import static cn.topiam.employee.common.enums.app.SamlNameIdValueType.*;
import static cn.topiam.employee.core.security.util.UserUtils.getUser;
/**
* SAML
*
* @author TopIAM
* Created by support@topiam.cn on 2022/8/23 20:58
*/
public abstract class AbstractSamlAppService extends AbstractApplicationService
implements Saml2ApplicationService {
private static final Logger logger = LoggerFactory.getLogger(AbstractSamlAppService.class);
/**
*
*
* @param appId {@link String} ID
*/
@Override
@Transactional(rollbackFor = Exception.class)
public void delete(String appId) {
//删除应用
appRepository.deleteById(Long.valueOf(appId));
//删除证书
appCertRepository.deleteByAppId(Long.valueOf(appId));
//删除应用账户
appAccountRepository.deleteAllByAppId(Long.valueOf(appId));
//删除应用权限策略
appAccessPolicyRepository.deleteAllByAppId(Long.valueOf(appId));
//删除SAML2配置
appSaml2ConfigRepository.deleteByAppId(Long.valueOf(appId));
}
/**
* SAML2
*
* @param appId {@link String}
* @return {@link Saml2ProtocolConfig}
*/
@Override
public Saml2ProtocolConfig getProtocolConfig(String appId) {
//根据提供商ID查询配置
AppSaml2ConfigPO saml2Config = appSaml2ConfigRepository.getByAppId(Long.valueOf(appId));
Optional<AppCertEntity> signCert = appCertRepository
.findByAppIdAndUsingType(Long.valueOf(appId), AppCertUsingType.SAML_SIGN);
Optional<AppCertEntity> encryptCert = appCertRepository
.findByAppIdAndUsingType(Long.valueOf(appId), AppCertUsingType.SAML_ENCRYPT);
if (signCert.isEmpty()) {
logger.error("SAML2 应用证书不存在 [{}] ", appId);
throw new AppCertNotExistException();
}
//构建配置
Saml2ProtocolConfig config = getSamlAppConverter()
.appSaml2ConfigPoToSaml2ProtocolConfig(saml2Config);
//签名证书
signCert
.ifPresent(appCertEntity -> config.setIdpSignCert(SamlKeyStoreProvider.getCredential(
StringUtils.defaultString(saml2Config.getSpEntityId(),
UUID.randomUUID().toString()),
appCertEntity.getPrivateKey(), appCertEntity.getCert(), "")));
//加密证书存在
encryptCert
.ifPresent(appCertEntity -> config.setIdpEncryptCert(SamlKeyStoreProvider.getCredential(
StringUtils.defaultString(saml2Config.getSpEntityId(),
UUID.randomUUID().toString()),
appCertEntity.getPrivateKey(), appCertEntity.getCert(), "")));
return config;
}
@Override
public Saml2SsoModel getSsoModel(String appId) {
//根据提供商ID查询配置
Saml2ProtocolConfig saml2Config = getProtocolConfig(appId);
//构建配置
return getSamlAppConverter().saml2ProtocolConfigToSaml2SsoModel(saml2Config);
}
private SamlAppConverter getSamlAppConverter() {
return ApplicationContextHelp.getBean(SamlAppConverter.class);
}
/**
* AppSaml2ConfigRepository
*/
protected final AppSaml2ConfigRepository appSaml2ConfigRepository;
/**
* IdGenerator
*/
protected final IdGenerator idGenerator;
protected AbstractSamlAppService(AppCertRepository appCertRepository,
AppAccountRepository appAccountRepository,
AppAccessPolicyRepository appAccessPolicyRepository,
AppRepository appRepository,
AppSaml2ConfigRepository appSaml2ConfigRepository) {
super(appCertRepository, appAccountRepository, appAccessPolicyRepository, appRepository);
this.appSaml2ConfigRepository = appSaml2ConfigRepository;
this.idGenerator = new AlternativeJdkIdGenerator();
}
@Mapper(componentModel = "spring")
interface SamlAppConverter {
/**
* Saml 2 Saml 2
*
* @param entity {@link AppSaml2ConfigEntity}
* @return {@link Saml2ProtocolConfig}
*/
@Mapping(target = "idpSignCert", ignore = true)
@Mapping(target = "idpEncryptCert", ignore = true)
Saml2ProtocolConfig appSaml2ConfigPoToSaml2ProtocolConfig(AppSaml2ConfigPO entity);
/**
* Saml 2 Saml 2
*
* @param config {@link Saml2ProtocolConfig}
* @return {@link Saml2SsoModel}
*/
default Saml2SsoModel saml2ProtocolConfigToSaml2SsoModel(Saml2ProtocolConfig config) {
if (config == null) {
return null;
}
Saml2SsoModel.Saml2SsoModelBuilder saml2SsoModel = Saml2SsoModel.builder();
saml2SsoModel.appId(config.getAppId());
saml2SsoModel.appCode(config.getAppCode());
saml2SsoModel.spEntityId(config.getSpEntityId());
saml2SsoModel.spAcsUrl(config.getSpAcsUrl());
saml2SsoModel.recipient(config.getRecipient());
//Audience为空默认使用 SP EntityId
saml2SsoModel
.audience(StringUtils.defaultString(config.getAudience(), config.getSpEntityId()));
saml2SsoModel.spSlsUrl(config.getSpSloUrl());
saml2SsoModel.spRequestsSigned(config.getSpRequestsSigned());
saml2SsoModel.spSignCert(config.getSpSignCert());
saml2SsoModel.acsBinding(config.getAcsBinding());
saml2SsoModel.slsBinding(config.getSlsBinding());
saml2SsoModel.nameIdFormat(config.getNameIdFormat());
//NameID 值
saml2SsoModel
.nameIdValue(getNameIdValue(config.getAppId(), config.getNameIdValueType()));
//断言签名相关
saml2SsoModel.assertSigned(config.getAssertSigned());
saml2SsoModel.assertSignAlgorithm(config.getAssertSignAlgorithm());
//断言签名相关
saml2SsoModel.assertEncrypted(config.getAssertEncrypted());
saml2SsoModel.assertEncryptAlgorithm(config.getAssertEncryptAlgorithm());
//响应签名相关
saml2SsoModel.responseSigned(config.getResponseSigned());
saml2SsoModel.responseSignAlgorithm(config.getResponseSignAlgorithm());
saml2SsoModel.authnContextClassRef(config.getAuthnContextClassRef());
saml2SsoModel.relayState(config.getRelayState());
//加密、签名相关证书
saml2SsoModel.idpSignCert(config.getIdpSignCert());
saml2SsoModel.idpEncryptCert(config.getIdpEncryptCert());
//处理属性
saml2SsoModel.attributeStatements(
getAttributeStatementList(config.getAppId(), config.getAttributeStatements()));
return saml2SsoModel.build();
}
/**
* NameId value
*
* @param appId {@link String} ID
* @param nameIdValueType {@link SamlNameIdValueType}
* @return {@link String}
*/
private String getNameIdValue(String appId, SamlNameIdValueType nameIdValueType) {
UserEntity user = getUser();
//@formatter:off
//用户名
if (USER_USERNAME.equals(nameIdValueType)) {
return user.getUsername();
}
//姓名
if (USER_FULL_NAME.equals(nameIdValueType)) {
return user.getFullName();
}
//用户名
if (USER_NICK_NAME.equals(nameIdValueType)) {
return user.getNickName();
}
//邮箱
if (USER_EMAIL.equals(nameIdValueType)) {
return user.getEmail();
}
//应用用户名
Long userId = Long.valueOf(SecurityUtils.getCurrentUserId());
Optional<AppAccountEntity> optional = getAppAccountRepository().findByAppIdAndUserId(Long.valueOf(appId), userId);
if (optional.isEmpty()) {
logger.error("用户: " + SecurityUtils.getCurrentUserName() + "应用账户不存在");
throw new AppAccountNotExistException();
}
return optional.get().getAccount();
//@formatter:on
}
/**
* List
*
* @param appId {@link String} ID
* @param attributeStatements {@link List}
* @return {@link Saml2SsoModel.AttributeStatement}
*/
private List<Saml2SsoModel.AttributeStatement> getAttributeStatementList(String appId,
List<AppSaml2ConfigEntity.AttributeStatement> attributeStatements) {
if (!CollectionUtils.isEmpty(attributeStatements)) {
List<Saml2SsoModel.AttributeStatement> list = new ArrayList<>();
UserEntity user = getUser();
//@formatter:off
//封装变量
for (AppSaml2ConfigEntity.AttributeStatement attributeStatement : attributeStatements) {
Saml2SsoModel.AttributeStatement attributeStatementModal = new Saml2SsoModel.AttributeStatement();
attributeStatementModal.setKey(attributeStatement.getName());
attributeStatementModal.setNameFormat(attributeStatement.getNameFormat());
//用户名
if (attributeStatement.getValueExpression().contains(SamlAttributeStatementValueType.USERNAME.getExpression())){
HashMap<String, Object> values = new HashMap<>(16);
values.put(SamlAttributeStatementValueType.USERNAME.getCode(), user.getUsername());
attributeStatementModal.setValue(new StringSubstitutor(values).replace(attributeStatement.getValueExpression()));
list.add(attributeStatementModal);
}
//昵称
else if (attributeStatement.getValueExpression().contains(SamlAttributeStatementValueType.NICK_NAME.getExpression())){
if (StringUtils.isNotBlank(user.getNickName())) {
HashMap<String, Object> values = new HashMap<>(16);
values.put(SamlAttributeStatementValueType.NICK_NAME.getCode(), user.getNickName());
attributeStatementModal.setValue(new StringSubstitutor(values).replace(attributeStatement.getValueExpression()));
list.add(attributeStatementModal);
}
}
//手机号
else if (attributeStatement.getValueExpression().contains(SamlAttributeStatementValueType.PHONE.getExpression())){
if (StringUtils.isNotBlank(user.getPhone())) {
HashMap<String, Object> values = new HashMap<>(16);
values.put(SamlAttributeStatementValueType.PHONE.getCode(), user.getPhone());
attributeStatementModal.setValue(new StringSubstitutor(values).replace(attributeStatement.getValueExpression()));
list.add(attributeStatementModal);
}
}
//邮箱
else if (attributeStatement.getValueExpression().contains(SamlAttributeStatementValueType.EMAIL.getExpression())){
if (StringUtils.isNotBlank(user.getEmail())){
HashMap<String, Object> values = new HashMap<>(16);
values.put(SamlAttributeStatementValueType.EMAIL.getCode(), user.getEmail());
attributeStatementModal.setValue(new StringSubstitutor(values).replace(attributeStatement.getValueExpression()));
list.add(attributeStatementModal);
}
}
//应用用户
else if (attributeStatement.getValueExpression().contains(SamlAttributeStatementValueType.APP_USERNAME.getExpression())){
//应用用户名
Long userId = Long.valueOf(SecurityUtils.getCurrentUserId());
Optional<AppAccountEntity> optional = getAppAccountRepository().findByAppIdAndUserId(Long.valueOf(appId), userId);
if (optional.isEmpty()) {
logger.error("用户 [{}] 应用账户不存在",SecurityUtils.getCurrentUserName() );
throw new AppAccountNotExistException();
}
HashMap<String, Object> values = new HashMap<>(16);
values.put(SamlAttributeStatementValueType.APP_USERNAME.getCode(), optional.get().getAccount());
attributeStatementModal.setValue(new StringSubstitutor(values).replace(attributeStatement.getValueExpression()));
list.add(attributeStatementModal);
} else {
attributeStatementModal.setValue(attributeStatement.getValueExpression());
list.add(attributeStatementModal);
}
}
//@formatter:on
return list;
}
return new ArrayList<>();
}
/**
* AppAccountRepository
*
* @return {@link AppAccountRepository}
*/
private AppAccountRepository getAppAccountRepository() {
return ApplicationContextHelp.getBean(AppAccountRepository.class);
}
/**
* UserRepository
*
* @return {@link UserRepository}
*/
private UserRepository getUserRepository() {
return ApplicationContextHelp.getBean(UserRepository.class);
}
}
}

256
eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/Saml2StandardApplicationServiceImpl.java Normal file
View File

@ -0,0 +1,256 @@
/*
* eiam-application-saml2 - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application.saml2;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
import java.util.Optional;
import javax.validation.ConstraintViolationException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;
import com.fasterxml.jackson.databind.ObjectMapper;
import cn.topiam.employee.application.exception.AppNotExistException;
import cn.topiam.employee.application.saml2.converter.AppSaml2StandardConfigConverter;
import cn.topiam.employee.application.saml2.model.AppSaml2StandardSaveConfigParam;
import cn.topiam.employee.audit.context.AuditContext;
import cn.topiam.employee.common.entity.app.AppEntity;
import cn.topiam.employee.common.entity.app.AppSaml2ConfigEntity;
import cn.topiam.employee.common.entity.app.po.AppSaml2ConfigPO;
import cn.topiam.employee.common.enums.app.*;
import cn.topiam.employee.common.repository.app.*;
import cn.topiam.employee.support.exception.TopIamException;
import cn.topiam.employee.support.util.BeanUtils;
import cn.topiam.employee.support.validation.ValidationHelp;
import static org.opensaml.saml.common.xml.SAMLConstants.SAML2_POST_BINDING_URI;
import static com.fasterxml.jackson.databind.DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES;
import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_BY;
import static cn.topiam.employee.support.repository.domain.BaseEntity.LAST_MODIFIED_TIME;
/**
* SAML2
*
* @author TopIAM
* Created by support@topiam.cn on 2022/8/20 23:20
*/
@SuppressWarnings({ "rawtypes", "DuplicatedCode" })
@Component
public class Saml2StandardApplicationServiceImpl extends AbstractSamlAppService {
private final Logger logger = LoggerFactory
.getLogger(Saml2StandardApplicationServiceImpl.class);
/**
*
*
* @param appId {@link String}
* @param config {@link Map}
*/
@Override
public void saveConfig(String appId, Map<String, Object> config) {
AppSaml2StandardSaveConfigParam model;
try {
ObjectMapper mapper = new ObjectMapper();
String value = mapper.writeValueAsString(config);
// 指定序列化输入的类型
mapper.configure(FAIL_ON_UNKNOWN_PROPERTIES, false);
model = mapper.readValue(value, AppSaml2StandardSaveConfigParam.class);
} catch (Exception e) {
throw new TopIamException(e.getMessage());
}
//@formatter:off
ValidationHelp.ValidationResult<AppSaml2StandardSaveConfigParam> validationResult = ValidationHelp.validateEntity(model);
if (validationResult.isHasErrors()) {
throw new ConstraintViolationException(validationResult.getConstraintViolations());
}
//@formatter:on
//1、修改基本信息
Optional<AppEntity> optional = appRepository.findById(Long.valueOf(appId));
if (optional.isEmpty()) {
AuditContext.setContent("保存配置失败,应用 [" + appId + "] 不存在!");
logger.error(AuditContext.getContent());
throw new AppNotExistException();
}
AppEntity appEntity = optional.get();
appEntity.setAuthorizationType(model.getAuthorizationType());
appEntity.setInitLoginUrl(model.getInitLoginUrl());
appEntity.setInitLoginType(model.getInitLoginType());
appRepository.save(appEntity);
//2、修改SAML2配置
Optional<AppSaml2ConfigEntity> saml = appSaml2ConfigRepository
.findByAppId(Long.valueOf(appId));
if (saml.isEmpty()) {
AuditContext.setContent("保存配置失败,应用 [" + appId + "] 不存在!");
logger.error(AuditContext.getContent());
throw new AppNotExistException();
}
AppSaml2ConfigEntity entity = saml.get();
AppSaml2ConfigEntity saml2Config = appSaml2StandardConfigConverter
.saveSaml2ConfigConverterToEntity(model);
BeanUtils.merge(saml2Config, entity, LAST_MODIFIED_BY, LAST_MODIFIED_TIME);
appSaml2ConfigRepository.save(entity);
}
/**
*
*
* @param appId {@link String}
* @return {@link Map}
*/
@Override
public Object getConfig(String appId) {
AppSaml2ConfigPO po = appSaml2ConfigRepository.getByAppId(Long.valueOf(appId));
return appSaml2StandardConfigConverter.entityConverterToSaml2ConfigResult(po);
}
/**
*
*
* @return {@link String}
*/
@Override
public String getCode() {
return "saml2";
}
/**
*
*
* @return {@link String}
*/
@Override
public String getName() {
return "SAML2";
}
/**
*
*
* @return {@link String}
*/
@Override
public String getDescription() {
return "SAMLSecurity Assertion Markup Language安全断言标记语言版本 2.0)基于 XML 协议使用包含断言Assertion的安全令牌在授权方TopIAM和消费方应用之间传递身份信息实现基于网络跨域的单点登录。SAML 协议是成熟的认证协议,在国内外的公有云和私有云中有非常广泛的运用。";
}
/**
*
*
* @return {@link AppType}
*/
@Override
public AppType getType() {
return AppType.STANDARD;
}
/**
*
*
* @return {@link AppProtocol}
*/
@Override
public AppProtocol getProtocol() {
return AppProtocol.SAML2;
}
/**
* Schema
*
* @return {@link Map}
*/
@Override
public List<Map> getFormSchema() {
return new ArrayList<>();
}
/**
* base64
*
* @return {@link String}
*/
@Override
public String getBase64Icon() {
return "data:image/svg+xml;base64,PHN2ZyB0PSIxNjYwOTc4ODM3NTM4IiBjbGFzcz0iaWNvbiIgdmlld0JveD0iMCAwIDEwMjQgMTAyNCIgdmVyc2lvbj0iMS4xIiB4bWxucz0iaHR0cDovL3d3dy53My5vcmcvMjAwMC9zdmciIHAtaWQ9IjIyMzIiIHdpZHRoPSIyMDAiIGhlaWdodD0iMjAwIj48cGF0aCBkPSJNNTc3LjgwODQxIDE4Ni4yOTkwNzdjLTU3LjA2NTAyNiAyNy42OTM5NDktMTU0LjMzODQ2MiAyNDAuNjMzNDM2LTE5OS41NDIxNTQgMzQ0LjU5MjQxIDI4LjgzOTM4NS02My44Njg3MTggMTQ4LjYxNDU2NC0yMTIuNDI3NDg3IDIwNi4wOTk2OTMtMjAzLjUyIDk2Ljk4Nzg5NyAyLjg0ODgyMSAyNDQuMTQxOTQ5IDI0OS42MDY1NjQgMzAzLjM3OTY5MiAzNzMuODA5MjMxLTM2LjYwOC04MS40ODY3NjktNzQuMzU0ODcyLTE4OC4yMDU5NDktMTM1LjExNTQ4Ny0yODAuNzUzMjMxLTYwLjc2Mzg5Ny05Mi41NDQtMTQzLjk0MDkyMy0yMTUuODYwNTEzLTE3NC44MjE3NDQtMjM0LjEyODQxeiIgZmlsbD0iI0NCMzkzOSIgcC1pZD0iMjIzMyI+PC9wYXRoPjxwYXRoIGQ9Ik04MjUuNDg4NDEgODMxLjgwMzA3N2M2LjAxOTI4Mi02My4xNDMzODUtMTI1LjI3OTE3OS0yNTYuOTY4MjA1LTE5MC41NjU3NDMtMzQ5LjYzNjkyMyAzOS41NTIgNTcuODQ2MTU0IDEwNC4xNTkxNzkgMjM3LjQwNzE3OSA2Ni42NTg0NjEgMjgxLjg3NTY5Mi01Mi44NzM4NDYgODEuMzYyMDUxLTM0MC4xNjQ5MjMgNzguNzI5ODQ2LTQ3Ny4wNTYgNjQuNzQxNzQ0IDg4LjYzODM1OSAxMS4xMDY0NjIgMTk5LjQyNCAzNC4zNTk3OTUgMzEwLjA2ODUxMyAzMC41ODg3MTggMTEwLjY0NDUxMy0zLjc3NDM1OSAyNTkuMjMyODIxLTEwLjY5MjkyMyAyOTAuODk0NzY5LTI3LjU2OTIzMXoiIGZpbGw9IiNDQjM5MzkiIHAtaWQ9IjIyMzQiPjwvcGF0aD48cGF0aCBkPSJNMTM3Ljg0NjE1NCA2OTYuMTkyYzUyLjg3NzEyOCAzNS4wMzU4OTcgMjg1LjY4OTQzNiAxMC40MjA1MTMgMzk4LjE4MTc0My0zLjU2NDMwOC02OS42NTQ5NzQgNy42NzAxNTQtMjU4LjQ5NDM1OS0xOS44NDY1NjQtMjgwLjA3Mzg0Ni03My44NjI1NjRDMjA5LjA1MzUzOCA1MzMuODE5MDc3IDM0Ni42MDEwMjYgMjgxLjU4MDMwOCA0MjMuMzc4MDUxIDE2Ny4zODQ2MTUgMzcxLjg1NjQxIDI0MC4zNjQzMDggMjk5LjE5MTc5NSAzMjcuMTYxNDM2IDI1MC40NDM0ODcgNDI2LjU2MTY0MSAyMDEuNjkxODk3IDUyNS45NjE4NDYgMTM3Ljg1OTI4MiA2NjAuMzE1ODk3IDEzNy44NDYxNTQgNjk2LjE5MnoiIGZpbGw9IiNDQjM5MzkiIHAtaWQ9IjIyMzUiPjwvcGF0aD48L3N2Zz4=";
}
/**
*
*
* @param name {@link String}
* @param remark {@link String}
*/
@Override
public String create(String name, String remark) {
//1、创建基础信息
AppEntity appEntity = new AppEntity();
appEntity.setName(name);
appEntity.setCode(
org.apache.commons.lang3.RandomStringUtils.randomAlphanumeric(32).toLowerCase());
appEntity.setTemplate(getCode());
appEntity.setType(AppType.STANDARD);
appEntity.setEnabled(true);
appEntity.setProtocol(getProtocol());
appEntity.setClientId(idGenerator.generateId().toString().replace("-", ""));
appEntity.setClientSecret(idGenerator.generateId().toString().replace("-", ""));
appEntity.setInitLoginType(InitLoginType.PORTAL_OR_APP);
appEntity.setAuthorizationType(AuthorizationType.AUTHORIZATION);
appEntity.setRemark(remark);
appRepository.save(appEntity);
//2、创建证书
createCertificate(appEntity.getId(), appEntity.getCode(), AppCertUsingType.SAML_SIGN);
createCertificate(appEntity.getId(), appEntity.getCode(), AppCertUsingType.SAML_ENCRYPT);
//3、创建配置
AppSaml2ConfigEntity entity = new AppSaml2ConfigEntity();
entity.setAppId(appEntity.getId());
//Binding POST
entity.setAcsBinding(SAML2_POST_BINDING_URI);
//NameID
entity.setNameIdFormat(SamlNameIdFormatType.PERSISTENT);
//应用账户名
entity.setNameIdValueType(SamlNameIdValueType.APP_USERNAME);
//签名非对称算法
entity.setAssertSigned(true);
entity.setAssertSignAlgorithm(SamlSignAssertAlgorithmType.RSA_SHA256);
//加密使用的非对称算法
entity.setAssertEncrypted(false);
entity.setAssertEncryptAlgorithm(SamlEncryptAssertAlgorithmType.RSA_SHA256);
//SAML 身份认证上下文
entity.setAuthnContextClassRef(AuthnContextClassRefType.UNSPECIFIED_AUTHN_CTX);
appSaml2ConfigRepository.save(entity);
return appEntity.getId().toString();
}
private final AppSaml2StandardConfigConverter appSaml2StandardConfigConverter;
public Saml2StandardApplicationServiceImpl(AppRepository appRepository,
AppCertRepository appCertRepository,
AppAccountRepository appAccountRepository,
AppAccessPolicyRepository appAccessPolicyRepository,
AppSaml2ConfigRepository appSaml2ConfigRepository,
AppSaml2StandardConfigConverter appSaml2StandardConfigConverter) {
super(appCertRepository, appAccountRepository, appAccessPolicyRepository, appRepository,
appSaml2ConfigRepository);
this.appSaml2StandardConfigConverter = appSaml2StandardConfigConverter;
}
}

117
eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/converter/AppSaml2StandardConfigConverter.java Normal file
View File

@ -0,0 +1,117 @@
/*
* eiam-application-saml2 - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application.saml2.converter;
import java.util.List;
import org.mapstruct.Mapper;
import org.mapstruct.Mapping;
import cn.topiam.employee.application.saml2.model.AppSaml2StandardConfigGetResult;
import cn.topiam.employee.application.saml2.model.AppSaml2StandardSaveConfigParam;
import cn.topiam.employee.application.saml2.model.Saml2ConverterUtils;
import cn.topiam.employee.common.entity.app.AppSaml2ConfigEntity;
import cn.topiam.employee.common.entity.app.po.AppSaml2ConfigPO;
/**
*
*
* @author TopIAM
* Created by support@topiam.cn on 2020/8/14 22:45
*/
@Mapper(componentModel = "spring")
public interface AppSaml2StandardConfigConverter {
/**
* Saml2
*
* @param config {@link AppSaml2ConfigPO}
* @return {@link AppSaml2StandardConfigGetResult}
*/
default AppSaml2StandardConfigGetResult entityConverterToSaml2ConfigResult(AppSaml2ConfigPO config) {
if (config == null) {
return null;
}
AppSaml2StandardConfigGetResult result = new AppSaml2StandardConfigGetResult();
//协议端点域
result.setProtocolEndpoint(
Saml2ConverterUtils.getProtocolEndpointDomain(config.getAppCode().toString()));
//SpEntityId
result.setSpEntityId(config.getSpEntityId());
//SP 单点登录 ACS URL
result.setSpAcsUrl(config.getSpAcsUrl());
//单点登录 ACS BINDING
result.setAcsBinding(config.getAcsBinding());
//是否对 SAML Request 签名进行验证 用来对SAML Request签名进行验证对应SP元数据文件中“AuthnRequestsSigned”值
result.setSpRequestsSigned(config.getSpRequestsSigned());
//SP公钥证书用来验证SAML request的签名对应SP元数据文件中 use='signing' 证书内容
result.setSpSignCert(config.getSpSignCert());
//Audience
result.setSpAudience(config.getAudience());
//NameId 值类型
result.setNameIdValueType(config.getNameIdValueType());
//SAML Response 中指定账户标识 NameID 字段格式。
result.setNameIdFormat(config.getNameIdFormat());
//是否对断言签名
result.setAssertSigned(config.getAssertSigned());
//断言签名使用的非对称算法
result.setAssertSignAlgorithm(config.getAssertSignAlgorithm());
//是否对断言加密
result.setAssertEncrypted(config.getAssertEncrypted());
//断言加密使用的非对称算法
result.setAssertEncryptAlgorithm(config.getAssertEncryptAlgorithm());
//是否对响应加密
result.setResponseSigned(config.getResponseSigned());
//响应加密使用的非对称算法
result.setResponseSignAlgorithm(config.getResponseSignAlgorithm());
//SAML 身份认证上下文
result.setAuthnContextClassRef(config.getAuthnContextClassRef());
//IDP 发起 SSO 登录成功后,应用应自动跳转的地址。在 SAML Response 中会在 RelayState 参数中传递,应用读取后实现跳转。
result.setRelayState(config.getRelayState());
//SSO 发起方
result.setInitLoginType(config.getInitLoginType());
//登录发起地址
result.setInitLoginUrl(config.getInitLoginUrl());
//授权类型
result.setAuthorizationType(config.getAuthorizationType());
//属性声明
List<AppSaml2ConfigEntity.AttributeStatement> list = config.getAttributeStatements();
if (list != null) {
result.setAttributeStatements(list);
}
result.setAdditionalConfig(config.getAdditionalConfig());
return result;
}
/**
* Saml 2
*
* @param param {@link AppSaml2StandardSaveConfigParam}
* @return {@link AppSaml2ConfigEntity}
*/
@Mapping(target = "slsBinding", ignore = true)
@Mapping(target = "recipient", ignore = true)
@Mapping(target = "appId", ignore = true)
@Mapping(target = "updateTime", ignore = true)
@Mapping(target = "updateBy", ignore = true)
@Mapping(target = "spMetadata", ignore = true)
@Mapping(target = "remark", ignore = true)
@Mapping(target = "id", ignore = true)
@Mapping(target = "createTime", ignore = true)
@Mapping(target = "createBy", ignore = true)
AppSaml2ConfigEntity saveSaml2ConfigConverterToEntity(AppSaml2StandardSaveConfigParam param);
}

170
eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/model/AppSaml2StandardConfigGetResult.java Normal file
View File

@ -0,0 +1,170 @@
/*
* eiam-application-saml2 - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application.saml2.model;
import java.util.List;
import java.util.Map;
import cn.topiam.employee.common.entity.app.AppSaml2ConfigEntity;
import cn.topiam.employee.common.enums.app.*;
import lombok.Data;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.media.Schema;
/**
* Saml2
*
* @author TopIAM
* Created by support@topiam.cn on 2022/5/31 22:46
*/
@Data
@Schema(description = "Saml2 配置返回结果")
public class AppSaml2StandardConfigGetResult {
/**
* SSO
*/
@Parameter(description = "SSO 发起方")
private InitLoginType initLoginType;
/**
* SSO
*/
@Parameter(description = "SSO 登录链接")
private String initLoginUrl;
/**
*
*/
@Parameter(description = "SSO 授权范围")
private AuthorizationType authorizationType;
/**
* SpEntityId
*/
@Parameter(description = "SP Entity ID")
private String spEntityId;
/**
* SP ACS URL
*/
@Parameter(description = "SP 单点登录 ACS URL")
private String spAcsUrl;
/**
* 使SAMLSP Entity ID
*/
@Parameter(description = "Audience")
private String spAudience;
/**
* SAML Request SAML RequestSPAuthnRequestsSigned
*/
@Parameter(description = "是否对 SAML Request 签名进行验证")
private Boolean spRequestsSigned;
/**
* SPSAML requestSP use='signing'
*/
@Parameter(description = "SP公钥证书用来验证SAML request的签名request的签名")
private String spSignCert;
/**
* ACS BINDING
*/
@Parameter(name = "单点登录 ACS BINDING")
private String acsBinding;
/**
* NameId
*/
@Parameter(description = "NameIdType")
private SamlNameIdValueType nameIdValueType;
/**
* SAML Response NameID
*/
@Parameter(description = "NameIdFormat")
private SamlNameIdFormatType nameIdFormat;
/**
*
*/
@Parameter(description = "是否对断言签名")
private Boolean assertSigned;
/**
* 使
*/
@Parameter(description = "断言签名使用的非对称算法")
private SamlSignAssertAlgorithmType assertSignAlgorithm;
/**
*
*/
@Parameter(description = "是否对断言加密")
private Boolean assertEncrypted;
/**
* 使
*/
@Parameter(description = "加密使用的非对称算法")
private SamlEncryptAssertAlgorithmType assertEncryptAlgorithm;
/**
*
*/
@Parameter(description = "响应是否加密")
private Boolean responseSigned;
/**
* 使
*/
@Parameter(description = "响应签名使用的非对称算法")
private SamlSignAssertAlgorithmType responseSignAlgorithm;
/**
* SAML
*/
@Parameter(description = "AuthnContextClassRef")
private AuthnContextClassRefType authnContextClassRef;
/**
* IDP SSO SAML Response RelayState
*/
@Parameter(description = "RelayState")
private String relayState;
/**
* SAML Response
*/
@Parameter(description = "AttributeStatements")
private List<AppSaml2ConfigEntity.AttributeStatement> attributeStatements;
/**
*
*/
@Parameter(description = "协议端点域")
private Saml2ProtocolEndpoint protocolEndpoint;
/**
*
*/
private Map<String, Object> additionalConfig;
}

175
eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/model/AppSaml2StandardSaveConfigParam.java Normal file
View File

@ -0,0 +1,175 @@
/*
* eiam-application-saml2 - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application.saml2.model;
import java.io.Serial;
import java.io.Serializable;
import java.util.List;
import java.util.Map;
import cn.topiam.employee.common.entity.app.AppSaml2ConfigEntity;
import cn.topiam.employee.common.enums.app.*;
import lombok.Data;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.media.Schema;
/**
* @author TopIAM
* Created by support@topiam.cn on 2022/7/10 01:45
*/
@Data
@Schema(description = "保存 SAML2 应用配置参数")
public class AppSaml2StandardSaveConfigParam implements Serializable {
@Serial
private static final long serialVersionUID = 7257798528680745281L;
/**
* ID
*/
@Schema(description = "授权类型")
private AuthorizationType authorizationType;
/**
* SSO
*/
@Schema(description = "SSO 发起登录类型")
private InitLoginType initLoginType;
/**
* SSO URL
*/
@Schema(description = "SSO 发起登录URL")
private String initLoginUrl;
/**
* ACS URL
*/
@Schema(description = "ACS URL")
private String spAcsUrl;
/**
* SLO URL
*/
@Schema(description = "SLO URL")
private String spSloUrl;
/**
* SP Entity ID
*/
@Schema(description = "SP Entity ID")
private String spEntityId;
/**
* Name ID
*/
@Schema(description = "Name ID 类型")
private SamlNameIdValueType nameIdValueType;
/**
* RelayState
*/
@Schema(description = "RelayState")
private String relayState;
/**
* Audience
*/
@Schema(description = "Audience")
private String audience;
/**
* NameID
*/
@Schema(description = "NameID 格式")
private SamlNameIdFormatType nameIdFormat;
/**
* Acs Binding
*/
@Schema(description = "ACS Binding 格式")
private String acsBinding;
/**
*
*/
@Schema(description = "是否签名断言")
private Boolean assertSigned;
/**
*
*/
@Schema(description = "签名断言算法")
private SamlSignAssertAlgorithmType assertSignAlgorithm;
/**
*
*/
@Schema(description = "是否加密断言")
private Boolean assertEncrypted;
/**
*
*/
@Schema(description = "加密断言算法")
private SamlEncryptAssertAlgorithmType assertEncryptAlgorithm;
/**
*
*/
@Schema(description = "身份认证上下文")
private AuthnContextClassRefType authnContextClassRef;
/**
*
*/
@Parameter(description = "响应是否加密")
private Boolean responseSigned;
/**
* 使
*/
@Parameter(description = "响应签名使用的非对称算法")
private SamlSignAssertAlgorithmType responseSignAlgorithm;
/**
* SAML Response
*/
@Schema(description = "Attribute Statements")
private List<AppSaml2ConfigEntity.AttributeStatement> attributeStatements;
/**
*
*/
@Schema(description = "验证请求签名")
private Boolean spRequestsSigned;
/**
*
*/
@Schema(description = "请求验证证书")
private String spSignCert;
/**
*
*/
@Schema(description = "模版配置")
private Map<String, String> additionalConfig;
}

54
eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/model/Saml2ConverterUtils.java Normal file
View File

@ -0,0 +1,54 @@
/*
* eiam-application-saml2 - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application.saml2.model;
import cn.topiam.employee.core.context.ServerContextHelp;
import static cn.topiam.employee.common.constants.ProtocolConstants.*;
/**
* Saml2ConverterUtils
*
* @author TopIAM
* Created by support@topiam.cn on 2022/8/23 22:57
*/
public class Saml2ConverterUtils {
/**
* ID
*
* @param appCode {@link String}
* @return {@link Saml2ProtocolEndpoint}
*/
public static Saml2ProtocolEndpoint getProtocolEndpointDomain(String appCode) {
Saml2ProtocolEndpoint domain = new Saml2ProtocolEndpoint();
//IDP
String baseUrl = ServerContextHelp.getPortalPublicBaseUrl();
//元数据端点
domain.setIdpMetaEndpoint(baseUrl + Saml2EndpointConstants.SAML_METADATA_PATH
.replace(APP_CODE_VARIABLE, appCode));
//EntityId端点
domain.setIdpEntityIdEndpoint(baseUrl + Saml2EndpointConstants.SAML_METADATA_PATH
.replace(APP_CODE_VARIABLE, appCode));
//Sso端点
domain.setIdpSsoEndpoint(
baseUrl + Saml2EndpointConstants.SAML_SSO_PATH.replace(APP_CODE_VARIABLE, appCode));
//Slo端点
domain.setIdpSloEndpoint(
baseUrl + Saml2EndpointConstants.SAML_LOGOUT_PATH.replace(APP_CODE_VARIABLE, appCode));
return domain;
}
}

64
eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/model/Saml2ProtocolEndpoint.java Normal file
View File

@ -0,0 +1,64 @@
/*
* eiam-application-saml2 - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application.saml2.model;
import java.io.Serial;
import java.io.Serializable;
import lombok.Data;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.media.Schema;
/**
*
*
* @author TopIAM
* Created by support@topiam.cn on 2022/6/4 23:37
*/
@Data
@Schema(description = "协议端点")
public class Saml2ProtocolEndpoint implements Serializable {
@Serial
private static final long serialVersionUID = -2261602995152894964L;
/**
* IDP
*/
@Parameter(description = "IDP 元数据端点")
private String idpMetaEndpoint;
/**
* IDP EntityId
*/
@Parameter(description = "IDP EntityId 端点")
private String idpEntityIdEndpoint;
/**
* IDP SSO
*/
@Parameter(description = "IDP SSO 端点")
private String idpSsoEndpoint;
/**
* IDP SLO
*/
@Parameter(description = "IDP SLO 端点")
private String idpSloEndpoint;
}

18
eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/model/package-info.java Normal file
View File

@ -0,0 +1,18 @@
/*
* eiam-application-saml2 - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application.saml2.model;

18
eiam-application/eiam-application-saml2/src/main/java/cn/topiam/employee/application/saml2/package-info.java Normal file
View File

@ -0,0 +1,18 @@
/*
* eiam-application-saml2 - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.application.saml2;

66
eiam-application/pom.xml Normal file
View File

@ -0,0 +1,66 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
eiam-application - Employee Identity and Access Management Program
Copyright © 2020-2022 TopIAM (support@topiam.cn)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<groupId>cn.topiam</groupId>
<artifactId>eiam</artifactId>
<version>1.0.0-beta1</version>
<relativePath>../pom.xml</relativePath>
</parent>
<packaging>pom</packaging>
<modelVersion>4.0.0</modelVersion>
<artifactId>eiam-application</artifactId>
<modules>
<module>eiam-application-core</module>
<module>eiam-application-saml2</module>
<module>eiam-application-oidc</module>
<module>eiam-application-cas</module>
<module>eiam-application-jwt</module>
<module>eiam-application-form</module>
<module>eiam-application-all</module>
</modules>
<dependencies>
<!--审计-->
<dependency>
<groupId>cn.topiam</groupId>
<artifactId>eiam-audit</artifactId>
<version>${project.version}</version>
</dependency>
</dependencies>
<build>
<resources>
<resource>
<directory>src/main/java</directory>
<includes>
<include>**</include>
</includes>
<excludes>
<exclude>**/*.java</exclude>
</excludes>
<filtering>false</filtering>
</resource>
</resources>
</build>
</project>

42
eiam-audit/pom.xml Normal file
View File

@ -0,0 +1,42 @@
<?xml version="1.0" encoding="UTF-8"?>
<!--
eiam-audit - Employee Identity and Access Management Program
Copyright © 2020-2022 TopIAM (support@topiam.cn)
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU Affero General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU Affero General Public License for more details.
You should have received a copy of the GNU Affero General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
-->
<project xmlns="http://maven.apache.org/POM/4.0.0"
xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
<parent>
<groupId>cn.topiam</groupId>
<artifactId>eiam</artifactId>
<version>1.0.0-beta1</version>
<relativePath>../pom.xml</relativePath>
</parent>
<packaging>jar</packaging>
<modelVersion>4.0.0</modelVersion>
<artifactId>eiam-audit</artifactId>
<dependencies>
<!-- core -->
<dependency>
<groupId>cn.topiam</groupId>
<artifactId>eiam-core</artifactId>
<version>${project.version}</version>
</dependency>
</dependencies>
</project>

49
eiam-audit/src/main/java/cn/topiam/employee/audit/annotation/Audit.java Normal file
View File

@ -0,0 +1,49 @@
/*
* eiam-audit - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.audit.annotation;
import java.lang.annotation.*;
import cn.topiam.employee.audit.enums.EventType;
/**
* Audit
*
* @author TopIAM
* Created by support@topiam.cn on 2021/9/28 21:56
*/
@Target({ ElementType.METHOD })
@Retention(RetentionPolicy.RUNTIME)
@Inherited
@Documented
public @interface Audit {
/**
*
*
* @return {@link Class}
*/
EventType type();
/**
* SPEL
*
* @return {@link String}
*/
String content() default "";
}

177
eiam-audit/src/main/java/cn/topiam/employee/audit/annotation/AuditAspect.java Normal file
View File

@ -0,0 +1,177 @@
/*
* eiam-audit - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.audit.annotation;
import java.util.Map;
import java.util.Objects;
import org.apache.commons.lang3.ObjectUtils;
import org.apache.commons.lang3.StringUtils;
import org.aspectj.lang.ProceedingJoinPoint;
import org.aspectj.lang.annotation.Around;
import org.aspectj.lang.annotation.Aspect;
import org.aspectj.lang.reflect.MethodSignature;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.context.expression.BeanFactoryResolver;
import org.springframework.core.DefaultParameterNameDiscoverer;
import org.springframework.expression.spel.standard.SpelExpressionParser;
import org.springframework.expression.spel.support.StandardEvaluationContext;
import org.springframework.stereotype.Component;
import com.alibaba.fastjson2.JSON;
import com.alibaba.fastjson2.JSONWriter;
import com.beust.jcommander.internal.Maps;
import cn.topiam.employee.audit.context.AuditContext;
import cn.topiam.employee.audit.enums.EventStatus;
import cn.topiam.employee.audit.event.AuditEventPublish;
import cn.topiam.employee.support.result.ApiRestResult;
import lombok.AllArgsConstructor;
import static cn.topiam.employee.support.constant.EiamConstants.COLON;
/**
*
*
* @author TopIAM
* Created by support@topiam.cn on 2021/9/28 19:20
*/
@Component
@Aspect
@AllArgsConstructor
public class AuditAspect {
private final Logger logger = LoggerFactory
.getLogger(AuditAspect.class);
/**
* SpelExpressionParser
*/
private final SpelExpressionParser spelExpressionParser = new SpelExpressionParser();
/**
*
*/
private final DefaultParameterNameDiscoverer parameterNameDiscoverer = new DefaultParameterNameDiscoverer();
private final ApplicationContext applicationContext;
private final AuditEventPublish auditEventPublish;
private static final String RESULT = "result";
private static final String METHOD = "method";
private static final String ARGS = "args";
private static final String P = "p";
private static final String ERROR = "error";
/**
* Controller
*
* @param pjp {@link ProceedingJoinPoint}
*/
@Around(value = "@annotation(audit)", argNames = "pjp,audit")
public Object around(ProceedingJoinPoint pjp, Audit audit) throws Throwable {
boolean success = true;
Object[] parameter;
String result = "";
StandardEvaluationContext context = new StandardEvaluationContext();
context.setRootObject(new AuditExpressionRoot());
context.setBeanResolver(new BeanFactoryResolver(applicationContext));
MethodSignature signature = (MethodSignature) pjp.getSignature();
String[] parameterNames = parameterNameDiscoverer.getParameterNames(signature.getMethod());
Map<String, Object> parameterMap = Maps.newHashMap();
if (parameterNames != null && parameterNames.length > 0) {
//获取方法参数值
parameter = pjp.getArgs();
for (int i = 0; i < parameter.length; i++) {
if (ObjectUtils.isNotEmpty(parameter[i])) {
context.setVariable(METHOD, signature.getMethod());
context.setVariable(ARGS, pjp.getArgs());
// #参数名
context.setVariable(parameterNames[i], parameter[i]);
// #p0.
context.setVariable(P + i, parameter[i]);
parameterMap.put(parameterNames[i], parameter[i]);
}
}
}
Object proceed;
try {
proceed = pjp.proceed();
//结果
context.setVariable(RESULT, proceed);
} catch (Throwable e) {
success = false;
context.setVariable(ERROR, e);
throw e;
}
//正常、还是异常,都会走以下逻辑
finally {
//@formatter:off
//内容
Object content = null;
if (StringUtils.isNoneBlank(audit.content())) {
content = spelExpressionParser.parseExpression(audit.content()).getValue(context);
if (!Objects.isNull(content)) {
try {
content = audit.type().getDesc() + COLON + JSON.toJSONString(content);
} catch (Exception e) {
content = audit.type().getDesc() + COLON + content;
}
}
//后面有设置的内容,拼接
if (!Objects.isNull(content) && StringUtils.isNoneBlank(AuditContext.getContent())) {
content = content + "," + spelExpressionParser.parseExpression(AuditContext.getContent()).getValue(context);
}
}
//上下文内容,自动拼接事件类型描述
if (Objects.isNull(content) && StringUtils.isNoneBlank(AuditContext.getContent())) {
content = audit.type().getDesc() +COLON + AuditContext.getContent();
}
if (Objects.isNull(content) && StringUtils.isBlank(AuditContext.getContent())) {
content = audit.type().getDesc();
}
content=(content == null) ? "" : content.toString();
//结果
Object resultObject = spelExpressionParser.parseExpression("#" + RESULT).getValue(context);
if (!Objects.isNull(resultObject)) {
try {
if (resultObject instanceof ApiRestResult) {
success=((ApiRestResult<?>) resultObject).getSuccess();
}
result = JSON.toJSONString(resultObject);
} catch (Exception e) {
result = resultObject.toString();
}
}
//错误
if (!success) {
Object error = spelExpressionParser.parseExpression("#" + ERROR).getValue(context);
if (!Objects.isNull(error)) {
result= JSON.toJSONString(error, JSONWriter.Feature.PrettyFormat);
}
}
//@formatter:on
auditEventPublish.publish(audit.type(), parameterMap, content.toString(),
AuditContext.getTarget(), result, success ? EventStatus.SUCCESS : EventStatus.FAIL);
}
//Remove AuditContext
AuditContext.removeAuditContext();
return proceed;
}
}

45
eiam-audit/src/main/java/cn/topiam/employee/audit/annotation/AuditExpressionOperations.java Normal file
View File

@ -0,0 +1,45 @@
/*
* eiam-audit - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.audit.annotation;
import org.springframework.security.core.Authentication;
/**
* Audit
*
* @author TopIAM
* Created by support@topiam.cn on 2021/9/28 22:45
*/
public interface AuditExpressionOperations {
/**
* Gets the {@link Authentication} used for evaluating the expressions
*
* @return the {@link Authentication} for evaluating the expressions
*/
Authentication getAuthentication();
/**
* JSON
*
* @param object {@link Object}
* @return {@link String}
*/
String toJsonString(Object object);
}

57
eiam-audit/src/main/java/cn/topiam/employee/audit/annotation/AuditExpressionRoot.java Normal file
View File

@ -0,0 +1,57 @@
/*
* eiam-audit - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.audit.annotation;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import com.alibaba.fastjson2.JSON;
import lombok.AllArgsConstructor;
/**
* AuditExpressionRoot
*
* @author TopIAM
* Created by support@topiam.cn on 2021/9/28 22:48
*/
@AllArgsConstructor
public class AuditExpressionRoot implements AuditExpressionOperations {
/**
* Gets the {@link Authentication} used for evaluating the expressions
*
* @return the {@link Authentication} for evaluating the expressions
*/
@Override
public Authentication getAuthentication() {
return SecurityContextHolder.getContext().getAuthentication();
}
/**
* JSON
*
* @param object {@link Object}
* @return {@link String}
*/
@Override
public String toJsonString(Object object) {
return JSON.toJSONString(object);
}
}

18
eiam-audit/src/main/java/cn/topiam/employee/audit/annotation/package-info.java Normal file
View File

@ -0,0 +1,18 @@
/*
* eiam-audit - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.audit.annotation;

217
eiam-audit/src/main/java/cn/topiam/employee/audit/configuration/ElasticsearchConfiguration.java Normal file
View File

@ -0,0 +1,217 @@
/*
* eiam-audit - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.audit.configuration;
import java.util.Map;
import org.jetbrains.annotations.NotNull;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.core.convert.converter.Converter;
import org.springframework.data.convert.ReadingConverter;
import org.springframework.data.convert.WritingConverter;
import org.springframework.data.elasticsearch.core.convert.ElasticsearchCustomConversions;
import com.fasterxml.jackson.core.type.TypeReference;
import com.google.common.collect.Lists;
import cn.topiam.employee.audit.enums.EventStatus;
import cn.topiam.employee.audit.enums.EventType;
import cn.topiam.employee.audit.enums.TargetType;
import cn.topiam.employee.common.enums.UserType;
import cn.topiam.employee.common.geo.maxmind.enums.GeoLocationProvider;
import cn.topiam.employee.support.util.JsonUtils;
/**
* ElasticsearchConfiguration
*
* @author TopIAM
* Created by support@topiam.cn on 2022/11/3 23:31
*/
@Configuration
public class ElasticsearchConfiguration {
@Bean
public ElasticsearchCustomConversions elasticsearchCustomConversions() {
return new ElasticsearchCustomConversions(
Lists.newArrayList(AuditTypeToStringConverter.INSTANCE,
StringToAuditTypeConverter.INSTANCE, EventStatusToStringConverter.INSTANCE,
StringToEventStatusConverter.INSTANCE, ActorTypeToStringConverter.INSTANCE,
StringToActorTypeConverter.INSTANCE, GeoLocationProviderToStringConverter.INSTANCE,
StringToGeoLocationProviderConverter.INSTANCE, TargetTypeToStringConverter.INSTANCE,
StringToTargetTypeConverter.INSTANCE, StringToMapConverter.INSTANCE,
MapToStringConverter.INSTANCE));
}
@WritingConverter
enum AuditTypeToStringConverter implements Converter<EventType, String> {
/**
* INSTANCE
*/
INSTANCE,;
@Override
public String convert(EventType source) {
return source.getCode();
}
}
@ReadingConverter
enum StringToAuditTypeConverter implements Converter<String, EventType> {
/**
*INSTANCE
*/
INSTANCE;
@Override
public EventType convert(@NotNull String source) {
return EventType.getType(source);
}
}
@WritingConverter
enum ActorTypeToStringConverter implements Converter<UserType, String> {
/**
* INSTANCE
*/
INSTANCE,;
@Override
public String convert(UserType source) {
return source.getCode();
}
}
@ReadingConverter
enum StringToActorTypeConverter implements Converter<String, UserType> {
/**
*INSTANCE
*/
INSTANCE;
@Override
public UserType convert(@NotNull String source) {
return UserType.getType(source);
}
}
@WritingConverter
enum TargetTypeToStringConverter implements Converter<TargetType, String> {
/**
* INSTANCE
*/
INSTANCE,;
@Override
public String convert(TargetType source) {
return source.getCode();
}
}
@ReadingConverter
enum StringToTargetTypeConverter implements Converter<String, TargetType> {
/**
*INSTANCE
*/
INSTANCE;
@Override
public TargetType convert(@NotNull String source) {
return TargetType.getType(source);
}
}
@WritingConverter
enum GeoLocationProviderToStringConverter implements Converter<GeoLocationProvider, String> {
/**
* INSTANCE
*/
INSTANCE,;
@Override
public String convert(GeoLocationProvider source) {
return source.getCode();
}
}
@ReadingConverter
enum StringToGeoLocationProviderConverter implements Converter<String, GeoLocationProvider> {
/**
*INSTANCE
*/
INSTANCE;
@Override
public GeoLocationProvider convert(@NotNull String source) {
return GeoLocationProvider.getType(source);
}
}
@WritingConverter
enum MapToStringConverter implements Converter<Map<String, Object>, String> {
/**
* INSTANCE
*/
INSTANCE,;
@Override
public String convert(@NotNull Map<String, Object> source) {
return JsonUtils.writeValueAsString(source);
}
}
@ReadingConverter
enum StringToMapConverter implements Converter<String, Map<String, Object>> {
/**
*INSTANCE
*/
INSTANCE;
@Override
public Map<String, Object> convert(@NotNull String source) {
return JsonUtils.readValue(source, new TypeReference<>() {
});
}
}
@WritingConverter
enum EventStatusToStringConverter implements Converter<EventStatus, String> {
/**
* INSTANCE
*/
INSTANCE,;
@Override
public String convert(@NotNull EventStatus source) {
return source.getCode();
}
}
@ReadingConverter
enum StringToEventStatusConverter implements Converter<String, EventStatus> {
/**
*INSTANCE
*/
INSTANCE;
@Override
public EventStatus convert(@NotNull String source) {
return EventStatus.getType(source);
}
}
}

186
eiam-audit/src/main/java/cn/topiam/employee/audit/context/AuditContext.java Normal file
View File

@ -0,0 +1,186 @@
/*
* eiam-audit - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.audit.context;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import org.springframework.util.CollectionUtils;
import com.alibaba.ttl.TransmittableThreadLocal;
import cn.topiam.employee.audit.entity.Target;
/**
* AuditContext
*
* @author TopIAM
* Created by support@topiam.cn on 2021/11/23 22:39
*/
public class AuditContext {
/**
*
*/
private static final TransmittableThreadLocal<String> CONTENT = new TransmittableThreadLocal<>();
/**
*
*/
private static final TransmittableThreadLocal<List<Target>> TARGET_LIST = new TransmittableThreadLocal<>();
/**
*
*/
private static final TransmittableThreadLocal<Map<String, Object>> ADDITIONAL_DATA = new TransmittableThreadLocal<>();
/**
* Get Content
*
* @return {@link Object}
*/
public static String getContent() {
return CONTENT.get();
}
/**
* Set Content
*/
public static void setContent(String content) {
CONTENT.set(content);
}
/**
* Remove Content
*/
public static void removeContent() {
CONTENT.remove();
}
/**
* Get Additional Content
*
* @return {@link Object}
*/
public static Object getAdditionalData(String key) {
return getAdditionalData().get(key);
}
/**
* Get
*
* @return {@link Map}
*/
public static Map<String, Object> getAdditionalData() {
Map<String, Object> values = ADDITIONAL_DATA.get();
if (CollectionUtils.isEmpty(values)) {
ADDITIONAL_DATA.set(new HashMap<>(16));
}
return values;
}
/**
* PUT
*
* @param key {@link String}
* @param value {@link Object}
*/
public static void putAdditionalData(String key, Object value) {
Map<String, Object> values = ADDITIONAL_DATA.get();
if (CollectionUtils.isEmpty(values)) {
HashMap<String, Object> map = new HashMap<>(16);
map.put(key, value);
ADDITIONAL_DATA.set(map);
return;
}
values.put(key, value);
}
/**
* PUT
*
* @param value {@link Map}
*/
public static void putAdditionalData(Map<String, Object> value) {
ADDITIONAL_DATA.set(value);
}
/**
* Get Target
*
* @return {@link Object}
*/
public static List<Target> getTarget() {
return TARGET_LIST.get();
}
/**
* Set Target
*/
public static void setTarget(Target... target) {
if (!Objects.isNull(target)) {
TARGET_LIST.set(List.of(target));
}
}
/**
* Set Target
*/
public static void setTarget(List<Target> targets) {
if (!CollectionUtils.isEmpty(targets)) {
TARGET_LIST.set(targets);
}
}
/**
* Remove Content
*/
public static void removeTarget() {
TARGET_LIST.remove();
}
/**
* remove
*/
public static void removeAdditionalData() {
ADDITIONAL_DATA.remove();
}
/**
* remove
*
* @param key {@link String}
*/
public static void removeAdditionalData(String key) {
Map<String, Object> values = ADDITIONAL_DATA.get();
if (!CollectionUtils.isEmpty(values)) {
values.remove(key);
}
}
/**
* remove
*/
public static void removeAuditContext() {
removeAdditionalData();
removeContent();
removeTarget();
}
}

91
eiam-audit/src/main/java/cn/topiam/employee/audit/controller/AuditController.java Normal file
View File

@ -0,0 +1,91 @@
/*
* eiam-audit - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.audit.controller;
import java.util.List;
import javax.validation.constraints.NotNull;
import org.springframework.http.MediaType;
import org.springframework.validation.annotation.Validated;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PathVariable;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import cn.topiam.employee.audit.controller.pojo.AuditDictResult;
import cn.topiam.employee.audit.controller.pojo.AuditListQuery;
import cn.topiam.employee.audit.controller.pojo.AuditListResult;
import cn.topiam.employee.audit.service.AuditService;
import cn.topiam.employee.common.constants.AuditConstants;
import cn.topiam.employee.common.enums.UserType;
import cn.topiam.employee.support.repository.page.domain.Page;
import cn.topiam.employee.support.repository.page.domain.PageModel;
import cn.topiam.employee.support.result.ApiRestResult;
import lombok.AllArgsConstructor;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.tags.Tag;
/**
*
*
* @author TopIAM
* Created by support@topiam.cn on 2021/9/23 21:12
*/
@Validated
@Tag(name = "系统审计")
@RestController
@RequestMapping(value = AuditConstants.AUDIT_PATH, produces = MediaType.APPLICATION_JSON_VALUE)
@AllArgsConstructor
public class AuditController {
/**
*
*
* @param query {@link AuditListQuery}
* @param pageModel {@link PageModel}
* @return {@link ApiRestResult}
*/
@Operation(description = "查询审计列表")
@GetMapping(value = "/list")
public ApiRestResult<Page<AuditListResult>> getAuditList(@Validated AuditListQuery query,
PageModel pageModel) {
Page<AuditListResult> list = auditService.getAuditList(query, pageModel);
return ApiRestResult.ok(list);
}
/**
*
*
* @return {@link ApiRestResult}
*/
@Validated
@Operation(description = "获取审计类型")
@GetMapping(value = "/types/{user_type}")
public ApiRestResult<List<AuditDictResult>> getAuditDict(@PathVariable(name = "user_type") @NotNull(message = "用户类型不能为空!") UserType userType) {
List<AuditDictResult> dict = auditService.getAuditDict(userType);
return ApiRestResult.ok(dict);
}
/**
* AuditService
*/
private final AuditService auditService;
}

63
eiam-audit/src/main/java/cn/topiam/employee/audit/controller/pojo/AuditDictResult.java Normal file
View File

@ -0,0 +1,63 @@
/*
* eiam-audit - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.audit.controller.pojo;
import java.util.Set;
import org.springdoc.api.annotations.ParameterObject;
import lombok.Data;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.media.Schema;
/**
*
*
* @author TopIAM
* Created by support@topiam.cn on 2021/11/27 22:35
*/
@Data
@Schema(description = "审计字典结果")
@ParameterObject
public class AuditDictResult {
@Parameter(description = "分组名")
private String name;
@Parameter(description = "分组编码")
private String code;
@Parameter(description = "类型")
private Set<AuditType> types;
@Data
@Schema(description = "审计类型")
public static class AuditType {
/**
*
*/
@Parameter(description = "名称")
private String name;
/**
* CODE
*/
@Parameter(description = "CODE")
private String code;
}
}

80
eiam-audit/src/main/java/cn/topiam/employee/audit/controller/pojo/AuditListQuery.java Normal file
View File

@ -0,0 +1,80 @@
/*
* eiam-audit - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.audit.controller.pojo;
import java.io.Serializable;
import java.time.LocalDateTime;
import java.util.List;
import javax.validation.constraints.NotNull;
import org.springdoc.api.annotations.ParameterObject;
import org.springframework.format.annotation.DateTimeFormat;
import cn.topiam.employee.audit.enums.EventType;
import cn.topiam.employee.common.enums.UserType;
import lombok.Data;
import io.swagger.v3.oas.annotations.Parameter;
import io.swagger.v3.oas.annotations.media.Schema;
import static cn.topiam.employee.support.constant.EiamConstants.DEFAULT_DATE_TIME_FORMATTER_PATTERN;
/**
*
*
* @author TopIAM
* Created by support@topiam.cn on 2021/9/23 21:22
*/
@Data
@Schema(description = "查询审计日志列表入参")
@ParameterObject
public class AuditListQuery implements Serializable {
/**
*
*/
@Parameter(description = "用户名")
private String username;
/**
*
*/
@Parameter(description = "审计类型")
private List<EventType> eventType;
/**
*
*/
@NotNull(message = "用户类型不能为空")
@Parameter(description = "用户类型")
private UserType userType;
/**
*
*/
@Parameter(description = "事件开始时间")
@DateTimeFormat(pattern = DEFAULT_DATE_TIME_FORMATTER_PATTERN)
private LocalDateTime startEventTime;
/**
*
*/
@Parameter(description = "事件结束时间")
@DateTimeFormat(pattern = DEFAULT_DATE_TIME_FORMATTER_PATTERN)
private LocalDateTime endEventTime;
}

105
eiam-audit/src/main/java/cn/topiam/employee/audit/controller/pojo/AuditListResult.java Normal file
View File

@ -0,0 +1,105 @@
/*
* eiam-audit - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.audit.controller.pojo;
import java.io.Serializable;
import java.time.LocalDateTime;
import java.util.List;
import com.fasterxml.jackson.annotation.JsonFormat;
import cn.topiam.employee.audit.entity.GeoLocation;
import cn.topiam.employee.audit.entity.Target;
import cn.topiam.employee.audit.entity.UserAgent;
import cn.topiam.employee.audit.enums.EventStatus;
import lombok.Data;
import io.swagger.v3.oas.annotations.media.Schema;
import static cn.topiam.employee.support.constant.EiamConstants.DEFAULT_DATE_TIME_FORMATTER_PATTERN;
/**
*
*
* @author TopIAM
* Created by support@topiam.cn on 2021/9/24 22:07
*/
@Data
@Schema(description = "审计日志列表结果")
public class AuditListResult implements Serializable {
/**
* ID
*/
@Schema(description = "ID")
private String id;
/**
*
*/
@Schema(description = "用户名")
private String username;
/**
* ID
*/
@Schema(description = "用户ID")
private String userId;
/**
*
*/
@Schema(description = "用户类型")
private String userType;
/**
*
*/
@Schema(description = "用户代理")
private UserAgent userAgent;
/**
* IP
*/
@Schema(description = "地理位置")
private GeoLocation geoLocation;
/**
*
*/
@Schema(description = "事件类型")
private String eventType;
/**
*
*/
@JsonFormat(pattern = DEFAULT_DATE_TIME_FORMATTER_PATTERN)
@Schema(description = "事件时间")
private LocalDateTime eventTime;
/**
*
*/
@Schema(description = "事件状态")
private EventStatus eventStatus;
/**
*
*/
@Schema(description = "目标")
private List<Target> targets;
}

57
eiam-audit/src/main/java/cn/topiam/employee/audit/entity/Actor.java Normal file
View File

@ -0,0 +1,57 @@
/*
* eiam-audit - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.audit.entity;
import java.io.Serial;
import java.io.Serializable;
import org.springframework.data.elasticsearch.annotations.Field;
import org.springframework.data.elasticsearch.annotations.FieldType;
import cn.topiam.employee.common.enums.UserType;
import lombok.Builder;
import lombok.Data;
/**
* Actor
* @author TopIAM
* Created by support@topiam.cn on 2022/11/5 23:30
*/
@Data
@Builder
public class Actor implements Serializable {
public static final String ACTOR_ID = "actor.id";
public static final String ACTOR_TYPE = "actor.type";
@Serial
private static final long serialVersionUID = -1144169992714000310L;
/**
* ID
*/
@Field(type = FieldType.Keyword, name = "id")
private String id;
/**
*
*/
@Field(type = FieldType.Keyword, name = "type")
private UserType type;
}

98
eiam-audit/src/main/java/cn/topiam/employee/audit/entity/AuditElasticSearchEntity.java Normal file
View File

@ -0,0 +1,98 @@
/*
* eiam-audit - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.audit.entity;
import java.io.Serial;
import java.io.Serializable;
import java.time.Instant;
import java.util.List;
import org.springframework.data.annotation.Id;
import org.springframework.data.elasticsearch.annotations.Field;
import org.springframework.data.elasticsearch.annotations.FieldType;
import lombok.Builder;
import lombok.Data;
import static org.springframework.data.elasticsearch.annotations.DateFormat.date_hour_minute_second_millis;
/**
* elasticsearch
*
* @author TopIAM
* Created by support@topiam.cn on 2022/10/13 23:22
*/
@Data
@Builder
public class AuditElasticSearchEntity implements Serializable {
@Serial
private static final long serialVersionUID = 6589338521638519634L;
@Id
@Field(type = FieldType.Keyword, name = "id")
private String id;
/**
* Request Id
*/
@Field(type = FieldType.Keyword, name = "request_id")
private String requestId;
/**
* Session Id
*/
@Field(type = FieldType.Keyword, name = "session_id")
private String sessionId;
/**
*
*/
@Field(type = FieldType.Object, name = "actor")
private Actor actor;
/**
*
*/
@Field(type = FieldType.Object, name = "event")
private Event event;
/**
*
*/
@Field(type = FieldType.Object, name = "target")
private List<Target> targets;
/**
* UserAgent
*/
@Field(type = FieldType.Object, name = "user_agent")
private UserAgent userAgent;
/**
*
*/
@Field(type = FieldType.Object, name = "geo_location")
private GeoLocation geoLocation;
/**
*
*/
@Field(type = FieldType.Date, name = "@timestamp", format = date_hour_minute_second_millis)
private Instant timestamp;
}

139
eiam-audit/src/main/java/cn/topiam/employee/audit/entity/AuditEntity.java Normal file
View File

@ -0,0 +1,139 @@
/*
* eiam-audit - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.audit.entity;
import java.io.Serial;
import java.time.Instant;
import java.util.List;
import javax.persistence.Column;
import javax.persistence.Entity;
import javax.persistence.Table;
import org.hibernate.annotations.Type;
import cn.topiam.employee.audit.enums.EventStatus;
import cn.topiam.employee.audit.enums.EventType;
import cn.topiam.employee.common.enums.UserType;
import cn.topiam.employee.support.repository.domain.BaseEntity;
import lombok.Getter;
import lombok.RequiredArgsConstructor;
import lombok.Setter;
import lombok.ToString;
import lombok.experimental.Accessors;
/**
*
*
* @author TopIAM
* Created by support@topiam.cn on 2021/8/1 21:41
*/
@Getter
@Setter
@ToString
@RequiredArgsConstructor
@Accessors(chain = true)
@Entity
@Table(name = "audit")
public class AuditEntity extends BaseEntity<Long> {
@Serial
private static final long serialVersionUID = -3119319193111206582L;
/**
* Request Id
*/
@Column(name = "request_id")
private String requestId;
/**
* Session Id
*/
@Column(name = "session_id")
private String sessionId;
/**
*
*/
@Type(type = "json")
@Column(name = "target_")
private List<Target> targets;
/**
* UserAgent
*/
@Type(type = "json")
@Column(name = "user_agent")
private UserAgent userAgent;
/**
*
*/
@Type(type = "json")
@Column(name = "geo_location")
private GeoLocation geoLocation;
/**
*
*/
@Column(name = "event_type")
private EventType eventType;
/**
*
*/
@Column(name = "event_param")
private String eventParam;
/**
*
*/
@Column(name = "event_content")
private String eventContent;
/**
*
*/
@Column(name = "event_result")
private String eventResult;
/**
*
*/
@Column(name = "event_time")
private Instant eventTime;
/**
*
*/
@Column(name = "event_status")
private EventStatus eventStatus;
/**
* ID
*/
@Column(name = "actor_id")
private String actorId;
/**
*
*/
@Column(name = "actor_type")
private UserType actorType;
}

88
eiam-audit/src/main/java/cn/topiam/employee/audit/entity/Event.java Normal file
View File

@ -0,0 +1,88 @@
/*
* eiam-audit - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.audit.entity;
import java.io.Serial;
import java.io.Serializable;
import java.time.Instant;
import org.springframework.data.elasticsearch.annotations.DateFormat;
import org.springframework.data.elasticsearch.annotations.Field;
import org.springframework.data.elasticsearch.annotations.FieldType;
import cn.topiam.employee.audit.enums.EventStatus;
import cn.topiam.employee.audit.enums.EventType;
import lombok.Builder;
import lombok.Data;
/**
* Event
*
* @author TopIAM
* Created by support@topiam.cn on 2022/11/5 23:33
*/
@Data
@Builder
public class Event implements Serializable {
@Serial
private static final long serialVersionUID = -1144169992714000310L;
public static final String EVENT_TYPE = "event.type";
public static final String EVENT_TIME = "event.time";
public static final String EVENT_STATUS = "event.status.keyword";
/**
*
*/
@Field(type = FieldType.Keyword, name = "type")
private EventType type;
/**
*
*/
@Field(type = FieldType.Text, name = "param")
private String param;
/**
*
*/
@Field(type = FieldType.Text, name = "content")
private String content;
/**
*
*/
@Field(type = FieldType.Text, name = "result")
private String result;
/**
*
*/
@Field(type = FieldType.Date, name = "time", format = DateFormat.date_hour_minute_second_millis)
private Instant time;
/**
*
*/
@Field(type = FieldType.Keyword, name = "status")
private EventStatus status;
}

112
eiam-audit/src/main/java/cn/topiam/employee/audit/entity/GeoLocation.java Normal file
View File

@ -0,0 +1,112 @@
/*
* eiam-audit - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.audit.entity;
import java.io.Serial;
import java.io.Serializable;
import org.springframework.data.elasticsearch.annotations.Field;
import org.springframework.data.elasticsearch.annotations.FieldType;
import org.springframework.data.elasticsearch.annotations.GeoPointField;
import org.springframework.data.elasticsearch.core.geo.GeoPoint;
import cn.topiam.employee.common.geo.maxmind.enums.GeoLocationProvider;
import lombok.Builder;
import lombok.Data;
/**
*
*
* @author TopIAM
* Created by support@topiam.cn on 2022/11/5 23:31
*/
@Data
@Builder
public class GeoLocation implements Serializable {
@Serial
private static final long serialVersionUID = -1144169992714000310L;
/**
* IP
*/
@Field(type = FieldType.Ip, name = "ip")
private String ip;
/**
* continent code
*/
@Field(type = FieldType.Keyword, name = "continent_code")
private String continentCode;
/**
* continent Name
*/
@Field(type = FieldType.Text, name = "continent_code")
private String continentName;
/**
* code
*/
@Field(type = FieldType.Keyword, name = "country_code")
private String countryCode;
/**
*
*/
@Field(type = FieldType.Text, name = "country_name")
private String countryName;
/**
* code
*/
@Field(type = FieldType.Keyword, name = "province_code")
private String provinceCode;
/**
*
*/
@Field(type = FieldType.Text, name = "province_name")
private String provinceName;
/**
* code
*/
@Field(type = FieldType.Keyword, name = "city_code")
private String cityCode;
/**
*
*/
@Field(type = FieldType.Text, name = "city_name")
private String cityName;
/**
*
*/
@GeoPointField
private GeoPoint point;
/**
*
*/
@Field(type = FieldType.Keyword, name = "provider")
private GeoLocationProvider provider;
}

58
eiam-audit/src/main/java/cn/topiam/employee/audit/entity/Target.java Normal file
View File

@ -0,0 +1,58 @@
/*
* eiam-audit - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.audit.entity;
import java.io.Serial;
import java.io.Serializable;
import org.springframework.data.elasticsearch.annotations.Field;
import org.springframework.data.elasticsearch.annotations.FieldType;
import cn.topiam.employee.audit.enums.TargetType;
import lombok.Builder;
import lombok.Data;
/**
* Target
*
* @author TopIAM
* Created by support@topiam.cn on 2022/11/5 23:34
*/
@Data
@Builder
public class Target implements Serializable {
@Serial
private static final long serialVersionUID = -1144169992714000310L;
public static final String TARGET_ID_KEYWORD = "target.id.keyword";
/**
* ID
*/
@Field(type = FieldType.Keyword, name = "id")
private String id;
/**
*
*
*/
@Field(type = FieldType.Keyword, name = "type")
private TargetType type;
}

54
eiam-audit/src/main/java/cn/topiam/employee/audit/entity/UserAgent.java Normal file
View File

@ -0,0 +1,54 @@
/*
* eiam-audit - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.audit.entity;
import java.io.Serializable;
import org.springframework.data.elasticsearch.annotations.Field;
import org.springframework.data.elasticsearch.annotations.FieldType;
import lombok.Builder;
import lombok.Data;
/**
* UserAgent
* @author TopIAM
* Created by support@topiam.cn on 2022/11/5 23:31
*/
@Data
@Builder
public class UserAgent implements Serializable {
@Field(type = FieldType.Keyword, name = "device_type")
private String deviceType;
@Field(type = FieldType.Keyword, name = "platform")
private String platform;
@Field(type = FieldType.Keyword, name = "platform_version")
private String platformVersion;
@Field(type = FieldType.Keyword, name = "browser")
private String browser;
@Field(type = FieldType.Keyword, name = "browser_type")
private String browserType;
@Field(type = FieldType.Keyword, name = "browser_major_version")
private String browserMajorVersion;
}

68
eiam-audit/src/main/java/cn/topiam/employee/audit/enums/EventStatus.java Normal file
View File

@ -0,0 +1,68 @@
/*
* eiam-audit - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.audit.enums;
import com.fasterxml.jackson.annotation.JsonValue;
import cn.topiam.employee.support.web.converter.EnumConvert;
import lombok.Getter;
/**
*
*
* @author TopIAM
* Created by support@topiam.cn on 2022/11/6 19:57
*/
@Getter
public enum EventStatus {
/**
*
*/
SUCCESS("success", "成功"),
/**
*
*/
FAIL("fail", "失败");
@JsonValue
private final String code;
private final String desc;
EventStatus(String code, String desc) {
this.code = code;
this.desc = desc;
}
/**
*
*
* @param code {@link String}
* @return {@link EventStatus}
*/
@EnumConvert
public static EventStatus getType(String code) {
EventStatus[] values = values();
for (EventStatus status : values) {
if (String.valueOf(status.getCode()).equals(code)) {
return status;
}
}
return null;
}
}

551
eiam-audit/src/main/java/cn/topiam/employee/audit/enums/EventType.java Normal file
View File

@ -0,0 +1,551 @@
/*
* eiam-audit - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.audit.enums;
import java.util.List;
import com.fasterxml.jackson.annotation.JsonValue;
import cn.topiam.employee.audit.event.type.*;
import cn.topiam.employee.common.enums.UserType;
import cn.topiam.employee.support.web.converter.EnumConvert;
import lombok.Getter;
/**
*
*
* @author TopIAM
* Created by support@topiam.cn on 2021/9/29 21:00
*/
@Getter
public enum EventType {
/**
*
*/
LOGIN_PORTAL(AuthenticationEventType.LOGIN_PORTAL),
/**
*
*/
LOGIN_CONSOLE(AuthenticationEventType.LOGIN_CONSOLE),
/**
* 退
*/
LOGOUT_PORTAL(AuthenticationEventType.LOGOUT_PORTAL),
/**
* 退
*/
LOGOUT_CONSOLE(AuthenticationEventType.LOGOUT_CONSOLE),
/**
*
*/
USER_REGISTER(AccountEventType.USER_REGISTER),
/**
*
*/
MODIFY_ACCOUNT_INFO(AccountEventType.MODIFY_ACCOUNT_INFO),
/**
*
*/
MODIFY_USER_EMAIL(AccountEventType.MODIFY_USER_EMAIL),
/**
*
*/
MODIFY_USER_PHONE(AccountEventType.MODIFY_USER_PHONE),
/**
*
*/
MODIFY_USER_PASSWORD(AccountEventType.MODIFY_USER_PASSWORD),
/**
*
*/
CREATE_USER(AccountEventType.CREATE_USER),
/**
*
*/
UPDATE_USER(AccountEventType.UPDATE_USER),
/**
*
*/
DELETE_USER(AccountEventType.DELETE_USER),
/**
*
*/
DISABLE_USER(AccountEventType.DISABLE_USER),
/**
*
*/
ENABLE_USER(AccountEventType.ENABLE_USER),
/**
*
*/
BIND_IDP_USER(AccountEventType.BIND_IDP_USER),
/**
*
*/
UNBIND_IDP_USER(AccountEventType.UNBIND_IDP_USER),
/**
*
*/
UNBIND_APPLICATION_USER(AccountEventType.UNBIND_APPLICATION_USER),
/**
*
*/
CREATE_ORG(AccountEventType.CREATE_ORG),
/**
*
*/
UPDATE_ORG(AccountEventType.UPDATE_ORG),
/**
*
*/
DELETE_ORG(AccountEventType.DELETE_ORGANIZATION),
/**
*
*/
MOVE_ORGANIZATION(AccountEventType.MOVE_ORGANIZATION),
/**
*
*/
USER_ADD_ORG(AccountEventType.USER_ADD_ORG),
/**
*
*/
USER_TRANSFER_ORG(AccountEventType.USER_TRANSFER_ORG),
/**
*
*/
ORG_REMOVE_USER(AccountEventType.ORG_REMOVE_USER),
/**
*
*/
APP_SSO(AppEventType.APP_SSO),
/**
* 退
*/
SIGN_OUT_APP(AppEventType.SIGN_OUT_APP),
/**
*
*/
ADD_APP(AppEventType.ADD_APP),
/**
*
*/
ENABLE_APP(AppEventType.ENABLE_APP),
/**
*
*/
DISABLE_APP(AppEventType.DISABLE_APP),
/**
*
*/
UPDATE_APP(AppEventType.UPDATE_APP),
/**
*
*/
SAVE_APP_CONFIG(AppEventType.SAVE_APP_CONFIG),
/**
*
*/
DELETE_APP(AppEventType.DELETE_APP),
/**
*
*/
APP_AUTHORIZATION(AppEventType.APP_ACCESS_POLICY),
/**
*
*/
APP_DELETE_ACCESS_POLICY(AppEventType.APP_DELETE_ACCESS_POLICY),
/**
*
*/
ADD_APP_ACCOUNT(AppEventType.ADD_APP_ACCOUNT),
/**
*
*/
DELETE_APP_ACCOUNT(AppEventType.DELETE_APP_ACCOUNT),
/**
* SSO
*/
SAVE_SSO_CONFIG(AppEventType.SAVE_SSO_CONFIG),
/**
*
*/
ADD_IDP(AuthenticationEventType.ADD_IDP),
/**
*
*/
UPDATE_IDP(AuthenticationEventType.UPDATE_IDP),
/**
*
*/
ENABLE_IDP(AuthenticationEventType.ENABLE_IDP),
/**
*
*/
DISABLE_IDP(AuthenticationEventType.DISABLE_IDP),
/**
*
*/
DELETE_IDP(AuthenticationEventType.DELETE_IDP),
/**
*
*/
SAVE_LOGIN_SECURITY_BASIC_SETTINGS(SettingEventType.SAVE_LOGIN_SECURITY_BASIC_SETTINGS),
/**
*
*/
SAVE_PASSWORD_POLICY_SETTINGS(SettingEventType.SAVE_PASSWORD_POLICY_SETTINGS),
/**
*
*/
SAVE_MFA_SETTINGS(SettingEventType.SAVE_MFA_SETTINGS),
/**
*
*/
SAVE_CAPTCHA_PROVIDER(SettingEventType.SAVE_CAPTCHA_PROVIDER),
/**
*
*/
OFF_CAPTCHA_PROVIDER(SettingEventType.OFF_CAPTCHA_PROVIDER),
/**
*
*/
ADD_ADMINISTRATOR(SettingEventType.ADD_ADMINISTRATOR),
/**
*
*/
DELETE_ADMINISTRATOR(SettingEventType.DELETE_ADMINISTRATOR),
/**
*
*/
UPDATE_ADMINISTRATOR(SettingEventType.UPDATE_ADMINISTRATOR),
/**
*
*/
ENABLE_ADMINISTRATOR(SettingEventType.ENABLE_ADMINISTRATOR),
/**
*
*/
DISABLE_ADMINISTRATOR(SettingEventType.DISABLE_ADMINISTRATOR),
/**
*
*/
RESET_ADMINISTRATOR_PASSWORD(SettingEventType.RESET_ADMINISTRATOR_PASSWORD),
/**
*
*/
ON_CUSTOMIZE_CHANGE_PASSWORD_MAIL(SettingEventType.ON_CUSTOMIZE_CHANGE_PASSWORD_MAIL),
/**
*
*/
ON_CUSTOMIZE_RESET_PASSWORD_MAIL(SettingEventType.ON_CUSTOMIZE_RESET_PASSWORD_MAIL),
/**
*
*/
ON_CUSTOMIZE_CONFIRM_RESET_PASSWORD_MAIL(SettingEventType.ON_CUSTOMIZE_CONFIRM_RESET_PASSWORD_MAIL),
/**
*
*/
ON_CUSTOMIZE_VERIFY_MAIL(SettingEventType.ON_CUSTOMIZE_VERIFY_MAIL),
/**
*
*/
ON_CUSTOMIZE_WELCOME_MAIL(SettingEventType.ON_CUSTOMIZE_WELCOME_MAIL),
/**
*
*/
ON_CUSTOMIZE_MODIFY_BINDING_MAIL(SettingEventType.ON_CUSTOMIZE_MODIFY_BINDING_MAIL),
/**
*
*/
OFF_CUSTOMIZE_CHANGE_PASSWORD_MAIL(SettingEventType.OFF_CUSTOMIZE_CHANGE_PASSWORD_MAIL),
/**
*
*/
OFF_CUSTOMIZE_RESET_PASSWORD_MAIL(SettingEventType.OFF_CUSTOMIZE_RESET_PASSWORD_MAIL),
/**
*
*/
OFF_CUSTOMIZE_CONFIRM_RESET_PASSWORD_MAIL(SettingEventType.OFF_CUSTOMIZE_CONFIRM_RESET_PASSWORD_MAIL),
/**
*
*/
OFF_CUSTOMIZE_VERIFY_MAIL(SettingEventType.OFF_CUSTOMIZE_VERIFY_MAIL),
/**
*
*/
OFF_CUSTOMIZE_WELCOME_MAIL(SettingEventType.OFF_CUSTOMIZE_WELCOME_MAIL),
/**
*
*/
OFF_CUSTOMIZE_MODIFY_BINDING_MAIL(SettingEventType.OFF_CUSTOMIZE_MODIFY_BINDING_MAIL),
/**
*
*/
SAVE_CUSTOMIZE_CHANGE_PASSWORD_MAIL(SettingEventType.SAVE_CUSTOMIZE_CHANGE_PASSWORD_MAIL),
/**
*
*/
SAVE_CUSTOMIZE_RESET_PASSWORD_MAIL(SettingEventType.SAVE_CUSTOMIZE_RESET_PASSWORD_MAIL),
/**
*
*/
SAVE_CUSTOMIZE_CONFIRM_RESET_PASSWORD_MAIL(SettingEventType.SAVE_CUSTOMIZE_CONFIRM_RESET_PASSWORD_MAIL),
/**
*
*/
SAVE_CUSTOMIZE_VERIFY_MAIL(SettingEventType.SAVE_CUSTOMIZE_VERIFY_MAIL),
/**
*
*/
SAVE_CUSTOMIZE_WELCOME_MAIL(SettingEventType.SAVE_CUSTOMIZE_WELCOME_MAIL),
/**
*
*/
SAVE_CUSTOMIZE_MODIFY_BINDING_MAIL(SettingEventType.SAVE_CUSTOMIZE_MODIFY_BINDING_MAIL),
/**
*
*/
ON_MAIL_SERVICE(SettingEventType.ON_MAIL_SERVICE),
/**
*
*/
OFF_MAIL_SERVICE(SettingEventType.OFF_MAIL_SERVICE),
/**
*
*/
SAVE_MAIL_SERVICE(SettingEventType.SAVE_MAIL_SERVICE),
/**
*
*/
ON_SMS_SERVICE(SettingEventType.ON_SMS_SERVICE),
/**
*
*/
OFF_SMS_SERVICE(SettingEventType.OFF_SMS_SERVICE),
/**
*
*/
SAVE_SMS_SERVICE(SettingEventType.SAVE_SMS_SERVICE),
/**
*
*/
ON_STORAGE_SERVICE(SettingEventType.ON_STORAGE_SERVICE),
/**
*
*/
OFF_STORAGE_SERVICE(SettingEventType.OFF_STORAGE_SERVICE),
/**
*
*/
SAVE_STORAGE_SERVICE(SettingEventType.SAVE_STORAGE_SERVICE),
/**
*
*/
ON_GEO_LOCATION_SERVICE(SettingEventType.ON_GEO_LOCATION_SERVICE),
/**
*
*/
OFF_GEO_LOCATION_SERVICE(SettingEventType.OFF_GEO_LOCATION_SERVICE),
/**
*
*/
SAVE_GEO_LOCATION_SERVICE(SettingEventType.SAVE_GEO_LOCATION_SERVICE),
/**
* 线
*/
DOWN_LINE_SESSION(OtherEventType.DOWN_LINE_SESSION),
/**
* 线
*/
BATCH_DOWN_LINE_SESSION(OtherEventType.BATCH_DOWN_LINE_SESSION),
/**
*
*/
CREATE_USER_GROUP(AccountEventType.CREATE_USER_GROUP),
/**
*
*/
UPDATE_USER_GROUP(AccountEventType.UPDATE_USER_GROUP),
/**
*
*/
DELETE_USER_GROUP(AccountEventType.DELETE_USER_GROUP),
/**
*
*/
ADD_USER_GROUP_MEMBER(AccountEventType.ADD_USER_GROUP_MEMBER),
/**
*
*/
REMOVE_USER_GROUP_MEMBER(AccountEventType.REMOVE_USER_GROUP_MEMBER),
/**
*
*/
CREATE_IDENTITY_RESOURCE(AccountEventType.CREATE_IDENTITY_RESOURCE),
/**
*
*/
UPDATE_IDENTITY_RESOURCE(AccountEventType.UPDATE_IDENTITY_RESOURCE),
/**
*
*/
DELETE_IDENTITY_RESOURCE(AccountEventType.DELETE_IDENTITY_RESOURCE),
/**
*
*/
ENABLE_IDENTITY_RESOURCE(AccountEventType.ENABLE_IDENTITY_RESOURCE),
/**
*
*/
DISABLE_IDENTITY_RESOURCE(AccountEventType.DISABLE_IDENTITY_RESOURCE),
/**
*
*/
IDENTITY_RESOURCE_SYNC(AccountEventType.IDENTITY_RESOURCE_SYNC),
/**
*
*/
SAVE_APP_PERMISSION_RESOURCE(AppEventType.SAVE_APP_PERMISSION_RESOURCE),
/**
*
*/
UPDATE_APP_PERMISSION_RESOURCE(AppEventType.UPDATE_APP_PERMISSION_RESOURCE),
/**
*
*/
DELETE_APP_PERMISSION_RESOURCE(AppEventType.DELETE_APP_PERMISSION_RESOURCE),
/**
*
*/
ENABLE_APP_PERMISSION_RESOURCE(AppEventType.ENABLE_APP_PERMISSION_RESOURCE),
/**
*
*/
DISABLE_APP_PERMISSION_RESOURCE(AppEventType.DISABLE_APP_PERMISSION_RESOURCE),
/**
*
*/
DELETE_USER_IDP_BIND(AppEventType.DELETE_APP_ACCOUNT),
/**
*
*/
SAVE_APP_PERMISSION_ROLE(AppEventType.SAVE_APP_PERMISSION_ROLE),
/**
*
*/
UPDATE_APP_PERMISSION_ROLE(AppEventType.UPDATE_APP_PERMISSION_ROLE),
/**
*
*/
DELETE_APP_PERMISSION_ROLE(AppEventType.DELETE_APP_PERMISSION_ROLE);
/**
* code
*/
@JsonValue
private final String code;
/**
* desc
*/
private final String desc;
/**
*
*/
private final List<UserType> userTypes;
/**
*
*/
private final Resource resource;
EventType(Type type) {
this.code = type.getCode();
this.desc = type.getName();
this.resource = type.getResource();
this.userTypes = type.getUserTypes();
}
/**
*
*
* @param code {@link String}
* @return {@link EventType}
*/
@EnumConvert
public static EventType getType(String code) {
EventType[] values = values();
for (EventType status : values) {
if (String.valueOf(status.getCode()).equals(code)) {
return status;
}
}
return null;
}
}

145
eiam-audit/src/main/java/cn/topiam/employee/audit/enums/TargetType.java Normal file
View File

@ -0,0 +1,145 @@
/*
* eiam-audit - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.audit.enums;
import com.fasterxml.jackson.annotation.JsonValue;
import cn.topiam.employee.support.web.converter.EnumConvert;
import lombok.Getter;
/**
*
*
* @author TopIAM
* Created by support@topiam.cn on 2022/10/27 23:46
*/
@Getter
public enum TargetType {
/**
*
*/
USER("user", "用户"),
/**
*
*/
USER_DETAIL("user_detail", "用户详情"),
/**
*
*/
USER_GROUP("user_group", "用户组"),
/**
*
*/
USER_GROUP_MEMBER("user_group_member", "用户组成员"),
/**
*
*/
IDENTITY_SOURCE("identity_source", "身份源"),
/**
*
*/
ORGANIZATION("organization", "组织机构"),
/**
*
*/
APPLICATION("application", "应用"),
/**
*
*/
APPLICATION_ACCOUNT("application_account", "应用账户"),
/**
*
*/
SESSION("session", "会话管理"),
/**
*
*/
APP_PERMISSION_RESOURCE("app_permission_resource", "应用权限"),
/**
*
*/
APP_PERMISSION_POLICY("app_permission_policy", "应用权限策略"),
/**
*
*/
APP_PERMISSION_ROLE("app_permission_role", "应用权限角色"),
/**
*
*/
ADMINISTRATOR("administrator", "管理员"),
/**
*
*/
MAIL_TEMPLATE("mail_template", "邮件模版"),
/**
*
*/
IDENTITY_PROVIDER("identity_provider", "身份认证提供商"),
/**
*
*/
CONSOLE("console", "控制台"),
/**
*
*/
PORTAL("portal", "门户端");
@JsonValue
private final String code;
private final String desc;
TargetType(String code, String desc) {
this.code = code;
this.desc = desc;
}
/**
*
*
* @param code {@link String}
* @return {@link EventType}
*/
@EnumConvert
public static TargetType getType(String code) {
TargetType[] values = values();
for (TargetType status : values) {
if (String.valueOf(status.getCode()).equals(code)) {
return status;
}
}
return null;
}
}

67
eiam-audit/src/main/java/cn/topiam/employee/audit/enums/converter/AuditTypeConverter.java Normal file
View File

@ -0,0 +1,67 @@
/*
* eiam-audit - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.audit.enums.converter;
import java.util.Objects;
import javax.persistence.AttributeConverter;
import javax.persistence.Converter;
import cn.topiam.employee.audit.enums.EventType;
/**
* @author TopIAM
* Created by support@topiam.cn on 2021/11/10 23:02
*/
@Converter(autoApply = true)
public class AuditTypeConverter implements AttributeConverter<EventType, String> {
/**
* Converts the value stored in the entity attribute into the
* data representation to be stored in the database.
*
* @param attribute the entity attribute value to be converted
* @return the converted data to be stored in the database
* column
*/
@Override
public String convertToDatabaseColumn(EventType attribute) {
if (Objects.isNull(attribute)) {
return null;
}
return attribute.getCode();
}
/**
* Converts the data stored in the database column into the
* value to be stored in the entity attribute.
* Note that it is the responsibility of the converter writer to
* specify the correct <code>dbData</code> type for the corresponding
* column for use by the JDBC driver: i.e., persistence providers are
* not expected to do such type conversion.
*
* @param dbData the data from the database column to be
* converted
* @return the converted value to be stored in the entity
* attribute
*/
@Override
public EventType convertToEntityAttribute(String dbData) {
return EventType.getType(dbData);
}
}

67
eiam-audit/src/main/java/cn/topiam/employee/audit/enums/converter/EventStatusConverter.java Normal file
View File

@ -0,0 +1,67 @@
/*
* eiam-audit - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.audit.enums.converter;
import java.util.Objects;
import javax.persistence.AttributeConverter;
import javax.persistence.Converter;
import cn.topiam.employee.audit.enums.EventStatus;
/**
* @author TopIAM
* Created by support@topiam.cn on 2021/11/10 23:02
*/
@Converter(autoApply = true)
public class EventStatusConverter implements AttributeConverter<EventStatus, String> {
/**
* Converts the value stored in the entity attribute into the
* data representation to be stored in the database.
*
* @param attribute the entity attribute value to be converted
* @return the converted data to be stored in the database
* column
*/
@Override
public String convertToDatabaseColumn(EventStatus attribute) {
if (Objects.isNull(attribute)) {
return null;
}
return attribute.getCode();
}
/**
* Converts the data stored in the database column into the
* value to be stored in the entity attribute.
* Note that it is the responsibility of the converter writer to
* specify the correct <code>dbData</code> type for the corresponding
* column for use by the JDBC driver: i.e., persistence providers are
* not expected to do such type conversion.
*
* @param dbData the data from the database column to be
* converted
* @return the converted value to be stored in the entity
* attribute
*/
@Override
public EventStatus convertToEntityAttribute(String dbData) {
return EventStatus.getType(dbData);
}
}

67
eiam-audit/src/main/java/cn/topiam/employee/audit/enums/converter/TargetTypeConverter.java Normal file
View File

@ -0,0 +1,67 @@
/*
* eiam-audit - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.audit.enums.converter;
import java.util.Objects;
import javax.persistence.AttributeConverter;
import javax.persistence.Converter;
import cn.topiam.employee.audit.enums.TargetType;
/**
* @author TopIAM
* Created by support@topiam.cn on 2021/11/10 23:02
*/
@Converter(autoApply = true)
public class TargetTypeConverter implements AttributeConverter<TargetType, String> {
/**
* Converts the value stored in the entity attribute into the
* data representation to be stored in the database.
*
* @param attribute the entity attribute value to be converted
* @return the converted data to be stored in the database
* column
*/
@Override
public String convertToDatabaseColumn(TargetType attribute) {
if (Objects.isNull(attribute)) {
return null;
}
return attribute.getCode();
}
/**
* Converts the data stored in the database column into the
* value to be stored in the entity attribute.
* Note that it is the responsibility of the converter writer to
* specify the correct <code>dbData</code> type for the corresponding
* column for use by the JDBC driver: i.e., persistence providers are
* not expected to do such type conversion.
*
* @param dbData the data from the database column to be
* converted
* @return the converted value to be stored in the entity
* attribute
*/
@Override
public TargetType convertToEntityAttribute(String dbData) {
return TargetType.getType(dbData);
}
}

59
eiam-audit/src/main/java/cn/topiam/employee/audit/event/AuditEvent.java Normal file
View File

@ -0,0 +1,59 @@
/*
* eiam-audit - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.audit.event;
import java.io.Serial;
import java.util.*;
import org.springframework.context.ApplicationEvent;
import cn.topiam.employee.audit.entity.*;
import lombok.Getter;
/**
*
*
* @author TopIAM
* Created by support@topiam.cn on 2021/8/1 21:56
*/
@Getter
public class AuditEvent extends ApplicationEvent {
@Serial
private static final long serialVersionUID = 3425943796938543659L;
private final String requestId;
private final String sessionId;
private final Actor actor;
private final Event event;
private final List<Target> target;
private final UserAgent userAgent;
private final GeoLocation geoLocationModal;
public AuditEvent(String requestId, String sessionId, Actor actor, Event event,
UserAgent userAgent, GeoLocation geoLocation, List<Target> targets) {
super(requestId);
this.requestId = requestId;
this.sessionId = sessionId;
this.actor = actor;
this.event = event;
this.target = targets;
this.userAgent = userAgent;
this.geoLocationModal = geoLocation;
}
}

125
eiam-audit/src/main/java/cn/topiam/employee/audit/event/AuditEventListener.java Normal file
View File

@ -0,0 +1,125 @@
/*
* eiam-audit - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.audit.event;
import java.time.LocalDate;
import java.time.ZoneId;
import java.time.format.DateTimeFormatter;
import java.util.List;
import java.util.Objects;
import org.springframework.context.ApplicationListener;
import org.springframework.data.elasticsearch.core.ElasticsearchOperations;
import org.springframework.data.elasticsearch.core.mapping.IndexCoordinates;
import org.springframework.lang.NonNull;
import org.springframework.stereotype.Component;
import cn.topiam.employee.audit.entity.*;
import cn.topiam.employee.audit.repository.*;
import cn.topiam.employee.core.configuration.EiamSupportProperties;
import static cn.topiam.employee.common.constants.AuditConstants.getAuditIndexPrefix;
import static cn.topiam.employee.support.constant.EiamConstants.DEFAULT_DATE_FORMATTER_PATTERN;
/**
*
*
* @author TopIAM
* Created by support@topiam.cn on 2021/9/12 22:49
*/
@Component
public class AuditEventListener implements ApplicationListener<AuditEvent> {
/**
* onApplicationEvent
*
* @param auditEvent {@link AuditEvent}
*/
@Override
public void onApplicationEvent(@NonNull AuditEvent auditEvent) {
Event event = auditEvent.getEvent();
Actor actor = auditEvent.getActor();
List<Target> target = auditEvent.getTarget();
GeoLocation geoLocation = auditEvent.getGeoLocationModal();
UserAgent userAgent = auditEvent.getUserAgent();
//保存数据库
AuditEntity entity = new AuditEntity();
try {
entity.setRequestId(auditEvent.getRequestId());
entity.setSessionId(auditEvent.getSessionId());
//事件
entity.setEventType(event.getType());
entity.setEventContent(event.getContent());
entity.setEventParam(event.getParam());
entity.setEventStatus(event.getStatus());
entity.setEventResult(event.getResult());
entity.setEventTime(event.getTime());
//操作目标
entity.setTargets(target);
entity.setGeoLocation(geoLocation);
entity.setUserAgent(userAgent);
entity.setActorId(actor.getId());
entity.setActorType(actor.getType());
auditRepository.save(entity);
} catch (Exception ignored) {
} finally {
if (!Objects.isNull(entity.getId())) {
//保存 Elasticsearch
AuditElasticSearchEntity audit = AuditElasticSearchEntity.builder().build();
audit.setRequestId(auditEvent.getRequestId());
audit.setSessionId(auditEvent.getSessionId());
audit.setId(entity.getId().toString());
audit.setEvent(event);
audit.setTargets(target);
audit.setGeoLocation(geoLocation);
audit.setUserAgent(userAgent);
audit.setActor(actor);
audit.setTimestamp(
entity.getCreateTime().atZone(ZoneId.systemDefault()).toInstant());
String auditIndex = getAuditIndexPrefix(eiamSupportProperties.getDemo().isOpen())
+ LocalDate.now().format(DateTimeFormatter
.ofPattern(DEFAULT_DATE_FORMATTER_PATTERN));
elasticsearchOperations.save(audit, IndexCoordinates.of(auditIndex));
}
}
}
/**
* EiamSupportProperties
*/
private final EiamSupportProperties eiamSupportProperties;
/**
* AuditRepository
*/
private final AuditRepository auditRepository;
/**
* ElasticsearchOperations
*/
private final ElasticsearchOperations elasticsearchOperations;
public AuditEventListener(EiamSupportProperties eiamSupportProperties,
AuditRepository auditRepository,
ElasticsearchOperations elasticsearchOperations) {
this.eiamSupportProperties = eiamSupportProperties;
this.auditRepository = auditRepository;
this.elasticsearchOperations = elasticsearchOperations;
}
}

327
eiam-audit/src/main/java/cn/topiam/employee/audit/event/AuditEventPublish.java Normal file
View File

@ -0,0 +1,327 @@
/*
* eiam-audit - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.audit.event;
import java.time.Instant;
import java.util.List;
import java.util.Map;
import java.util.Objects;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang3.StringUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.ApplicationEventPublisher;
import org.springframework.data.elasticsearch.core.geo.GeoPoint;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import com.alibaba.fastjson2.JSONObject;
import cn.topiam.employee.audit.entity.*;
import cn.topiam.employee.audit.enums.EventStatus;
import cn.topiam.employee.audit.enums.EventType;
import cn.topiam.employee.common.enums.UserType;
import cn.topiam.employee.common.geo.GeoLocationService;
import cn.topiam.employee.core.security.userdetails.UserDetails;
import cn.topiam.employee.support.context.ServletContextHelp;
import cn.topiam.employee.support.trace.TraceUtils;
import cn.topiam.employee.support.util.IpUtils;
import cn.topiam.employee.support.web.useragent.UserAgentUtils;
import lombok.AllArgsConstructor;
import static cn.topiam.employee.core.logger.LogAspect.replaceBlank;
/**
*
*
* @author TopIAM
* Created by support@topiam.cn on 2021/8/1 21:04
*/
@Component
@AllArgsConstructor
public class AuditEventPublish {
private final Logger logger = LoggerFactory.getLogger(AuditEventPublish.class);
/**
*
*
* @param eventType {@link EventType}
*/
public void publish(EventType eventType, String content, EventStatus eventStatus) {
//@formatter:off
//封装操作事件
Event event = Event.builder()
.type(eventType)
.time(Instant.now())
.content(content)
.status(eventStatus).build();
//封装地理位置
GeoLocation geoLocationModal = getGeoLocation();
//封装用户代理
UserAgent userAgent = getUserAgent();
//封装操作人
Actor actor = getActor();
//Publish AuditEvent
applicationEventPublisher.publishEvent(new AuditEvent(TraceUtils.get(), ServletContextHelp.getSession().getId(), actor, event, userAgent, geoLocationModal, null));
//@formatter:on
}
/**
*
*
* @param eventType {@link EventType}
*/
public void publish(EventType eventType, Authentication authentication, EventStatus eventStatus,
List<Target> targets) {
//@formatter:off
//封装操作事件
Event event = Event.builder()
.type(eventType)
.time(Instant.now())
.status(eventStatus).build();
if (authentication.getPrincipal() instanceof UserDetails){
String username = ((UserDetails) authentication.getPrincipal()).getUsername();
event.setContent(username+""+event.getType().getDesc());
}
//封装地理位置
GeoLocation geoLocationModal = getGeoLocation();
//封装用户代理
UserAgent userAgent = getUserAgent();
//封装操作人
Actor actor = getActor(authentication);
//Publish AuditEvent
applicationEventPublisher.publishEvent(new AuditEvent(TraceUtils.get(), ServletContextHelp.getSession().getId(), actor, event, userAgent, geoLocationModal, targets));
//@formatter:on
}
/**
*
*
* @param eventType {@link EventType}
*/
public void publish(EventType eventType, String content, Actor actor, EventStatus eventStatus) {
//@formatter:off
//封装操作事件
Event event = Event.builder()
.type(eventType)
.time(Instant.now())
.content(content)
.status(eventStatus).build();
//封装地理位置
GeoLocation geoLocationModal = getGeoLocation();
//封装用户代理
UserAgent userAgent = getUserAgent();
//Publish AuditEvent
applicationEventPublisher.publishEvent(new AuditEvent(TraceUtils.get(), ServletContextHelp.getSession().getId(), actor, event, userAgent, geoLocationModal, null));
//@formatter:on
}
/**
*
*
* @param eventType {@link EventType}
*/
public void publish(EventType eventType, Map<String, Object> parameters, String content,
List<Target> target, String result, EventStatus eventStatus) {
//@formatter:off
//封装操作事件
Event event = Event.builder()
.type(eventType)
.time(Instant.now())
.status(eventStatus).build();
if (!Objects.isNull(parameters)){
try {
event.setParam(replaceBlank(JSONObject.toJSONString(parameters)));
} catch (Exception e) {
event.setParam(parameters.toString());
}
}
//描述
if (StringUtils.isNotBlank(content)){
event.setContent(content);
}
//事件结果
if (StringUtils.isNotBlank(result)){
event.setResult(result);
}
//封装地理位置
GeoLocation geoLocationModal = getGeoLocation();
//封装用户代理
UserAgent userAgent = getUserAgent();
//封装操作人
Actor actor = getActor();
//Publish AuditEvent
applicationEventPublisher.publishEvent(new AuditEvent(TraceUtils.get(), ServletContextHelp.getSession().getId(), actor, event, userAgent, geoLocationModal, target));
//@formatter:on
}
/**
*
*
* @param eventType {@link EventType}
*/
public void publish(EventType eventType, List<Target> target, String result,
EventStatus eventStatus) {
//@formatter:off
//封装操作事件
Event event = Event.builder()
.type(eventType)
.time(Instant.now())
.status(eventStatus).build();
//事件结果
event.setResult(result);
//封装地理位置
GeoLocation geoLocationModal = getGeoLocation();
//封装用户代理
UserAgent userAgent = getUserAgent();
//封装操作人
Actor actor = getActor();
//Publish AuditEvent
applicationEventPublisher.publishEvent(new AuditEvent(TraceUtils.get(), ServletContextHelp.getSession().getId(), actor, event, userAgent, geoLocationModal, target));
//@formatter:on
}
/**
*
* @return {@link Actor}
*/
private Actor getActor() {
//@formatter:off
SecurityContext securityContext = SecurityContextHolder.getContext();
Authentication authentication = securityContext.getAuthentication();
return Actor.builder()
.id(getActorId(authentication))
.type(getActorType(authentication))
.build();
//@formatter:on
}
/**
*
* @param authentication {@link Authentication}
* @return {@link Actor}
*/
private Actor getActor(Authentication authentication) {
//@formatter:off
return Actor.builder()
.id(getActorId(authentication))
.type(getActorType(authentication))
.build();
//@formatter:on
}
private String getActorId(Authentication authentication) {
//@formatter:off
Object principal = authentication.getPrincipal();
if (principal instanceof UserDetails) {
return ((UserDetails) principal).getId();
}
return null;
//@formatter:on
}
/**
*
*
* @param authentication {@link Authentication}
* @return {@link UserType}
*/
private UserType getActorType(Authentication authentication) {
//@formatter:off
Object principal = authentication.getPrincipal();
if (principal instanceof UserDetails) {
return ((UserDetails) principal).getUserType();
}
return null;
//@formatter:on
}
/**
*
*
* @return {@link UserAgent}
*/
private UserAgent getUserAgent() {
//@formatter:off
HttpServletRequest request = ServletContextHelp.getRequest();
cn.topiam.employee.support.web.useragent.UserAgent ua = UserAgentUtils.getUserAgent(request);
return UserAgent.builder()
.browser(ua.getBrowser())
.browserType(ua.getBrowserType())
.browserMajorVersion(ua.getBrowserMajorVersion())
.platform(ua.getPlatform())
.platformVersion(ua.getPlatformVersion())
.deviceType(ua.getDeviceType())
.build();
//@formatter:on
}
/**
*
*
* @return {@link GeoLocation}
*/
private GeoLocation getGeoLocation() {
//@formatter:off
HttpServletRequest request = ServletContextHelp.getRequest();
String ip = IpUtils.getIpAddr(request);
cn.topiam.employee.common.geo.GeoLocation geoLocation = geoLocationService.getGeoLocation(ip);
if (Objects.isNull(geoLocation)){
return null;
}
if (IpUtils.isInternalIp(ip)){
return GeoLocation.builder()
.ip(geoLocation.getIp())
.provider(geoLocation.getProvider())
.build();
}
GeoPoint geoPoint = null;
if (!Objects.isNull(geoLocation.getLatitude()) && !Objects.isNull(geoLocation.getLongitude())) {
geoPoint = new GeoPoint(geoLocation.getLatitude(), geoLocation.getLongitude());
}
return GeoLocation.builder()
.ip(ip)
.continentCode(geoLocation.getContinentCode())
.continentName(geoLocation.getContinentName())
.countryCode(geoLocation.getCountryCode())
.countryName(geoLocation.getCountryName())
.provinceCode(geoLocation.getProvinceCode())
.provinceName(geoLocation.getProvinceName())
.cityCode(geoLocation.getCityCode())
.cityName(geoLocation.getCityName())
.point(geoPoint)
.provider(geoLocation.getProvider())
.build();
//@formatter:on
}
/**
* ApplicationEventPublisher
*/
private final ApplicationEventPublisher applicationEventPublisher;
/**
*
*/
private final GeoLocationService geoLocationService;
}

213
eiam-audit/src/main/java/cn/topiam/employee/audit/event/type/AccountEventType.java Normal file
View File

@ -0,0 +1,213 @@
/*
* eiam-audit - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.audit.event.type;
import java.util.List;
import cn.topiam.employee.common.enums.UserType;
import static cn.topiam.employee.audit.event.type.Resource.ACCOUNT_RESOURCE;
/**
*
*
* @author TopIAM
* Created by support@topiam.cn on 2021/11/24 22:58
*/
public class AccountEventType {
/**
*
*/
public static Type CREATE_USER = new Type("eiam:event:account:create_user",
"创建用户", ACCOUNT_RESOURCE, List.of(UserType.ADMIN));
/**
*
*/
public static Type UPDATE_USER = new Type("eiam:event:account:update_user",
"修改用户", ACCOUNT_RESOURCE, List.of(UserType.ADMIN));
/**
*
*/
public static Type DELETE_USER = new Type("eiam:event:account:delete_user",
"删除用户", ACCOUNT_RESOURCE, List.of(UserType.ADMIN));
/**
*
*/
public static Type DISABLE_USER = new Type("eiam:event:account:disabled_user",
"禁用用户", ACCOUNT_RESOURCE, List.of(UserType.ADMIN));
/**
*
*/
public static Type ENABLE_USER = new Type("eiam:event:account:enabled_user",
"启用用户", ACCOUNT_RESOURCE, List.of(UserType.ADMIN));
/**
*
*/
public static Type CREATE_ORG = new Type(
"eiam:event:account:create_organization", "创建组织", ACCOUNT_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type UPDATE_ORG = new Type(
"eiam:event:account:update_organization", "修改组织", ACCOUNT_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type DELETE_ORGANIZATION = new Type(
"eiam:event:account:delete_organization", "删除组织", ACCOUNT_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type MOVE_ORGANIZATION = new Type("eiam:event:account:move_organization",
"移动组织", ACCOUNT_RESOURCE, List.of(UserType.ADMIN));
/**
*
*/
public static Type USER_TRANSFER_ORG = new Type("eiam:event:account:transfer_user",
"用户转岗", ACCOUNT_RESOURCE, List.of(UserType.ADMIN));
/**
*
*/
public static Type ORG_REMOVE_USER = new Type(
"eiam:event:account:delete_user_organization", "移除组织用户", ACCOUNT_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type USER_ADD_ORG = new Type(
"eiam:event:account:user_add_organization", "组织添加用户", ACCOUNT_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type BIND_IDP_USER = new Type("eiam:event:account:bind_idp_user",
"绑定 IDP", ACCOUNT_RESOURCE, List.of(UserType.ADMIN, UserType.USER));
/**
*
*/
public static Type UNBIND_IDP_USER = new Type("eiam:event:account:unbind_idp_user",
"解绑 IDP", ACCOUNT_RESOURCE, List.of(UserType.ADMIN, UserType.USER));
/**
*
*/
public static Type UNBIND_APPLICATION_USER = new Type(
"eiam:event:account:unbind_application_user", "解绑应用账户", ACCOUNT_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type USER_REGISTER = new Type("eiam:event:account:user_register",
"用户注册", ACCOUNT_RESOURCE, List.of(UserType.USER));
/**
*
*/
public static Type MODIFY_ACCOUNT_INFO = new Type(
"eiam:event:account:update_account_info", "修改账户", ACCOUNT_RESOURCE,
List.of(UserType.ADMIN, UserType.USER));
/**
*
*/
public static Type MODIFY_USER_EMAIL = new Type("eiam:event:account:update_email",
"修改邮箱", ACCOUNT_RESOURCE, List.of(UserType.ADMIN, UserType.USER));
/**
*
*/
public static Type MODIFY_USER_PHONE = new Type("eiam:event:account:update_phone",
"修改手机号", ACCOUNT_RESOURCE, List.of(UserType.ADMIN, UserType.USER));
/**
*
*/
public static Type MODIFY_USER_PASSWORD = new Type("eiam:event:account:update_password",
"修改密码", ACCOUNT_RESOURCE, List.of(UserType.ADMIN, UserType.USER));
/**
*
*/
public static Type CREATE_USER_GROUP = new Type("eiam:event:account:create_user_group",
"创建用户组", ACCOUNT_RESOURCE, List.of(UserType.ADMIN));
/**
*
*/
public static Type UPDATE_USER_GROUP = new Type("eiam:event:account:update_user_group",
"修改用户组", ACCOUNT_RESOURCE, List.of(UserType.ADMIN));
/**
*
*/
public static Type DELETE_USER_GROUP = new Type("eiam:event:account:delete_user_group",
"删除用户组", ACCOUNT_RESOURCE, List.of(UserType.ADMIN));
/**
*
*/
public static Type ADD_USER_GROUP_MEMBER = new Type(
"eiam:event:account:add_user_group_member", "添加用户组成员", ACCOUNT_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type REMOVE_USER_GROUP_MEMBER = new Type(
"eiam:event:account:remove_user_group_member", "移除用户组成员", ACCOUNT_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type CREATE_IDENTITY_RESOURCE = new Type(
"eiam:event:account:create_identity_resource", "创建身份源", ACCOUNT_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type UPDATE_IDENTITY_RESOURCE = new Type(
"eiam:event:account:update_identity_resource", "修改身份源", ACCOUNT_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type DELETE_IDENTITY_RESOURCE = new Type(
"eiam:event:account:delete_identity_resource", "删除身份源", ACCOUNT_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type ENABLE_IDENTITY_RESOURCE = new Type(
"eiam:event:account:enable_identity_resource", "启用身份源", ACCOUNT_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type DISABLE_IDENTITY_RESOURCE = new Type(
"eiam:event:account:disable_identity_resource", "禁用身份源", ACCOUNT_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type IDENTITY_RESOURCE_SYNC = new Type(
"eiam:event:account:identity_resource_sync", "身份源同步", ACCOUNT_RESOURCE,
List.of(UserType.ADMIN));
}

165
eiam-audit/src/main/java/cn/topiam/employee/audit/event/type/AppEventType.java Normal file
View File

@ -0,0 +1,165 @@
/*
* eiam-audit - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.audit.event.type;
import java.util.List;
import cn.topiam.employee.common.enums.UserType;
import static cn.topiam.employee.audit.event.type.Resource.APP_RESOURCE;
/**
*
*
* @author TopIAM
* Created by support@topiam.cn on 2021/11/24 23:00
*/
public class AppEventType {
/**
*
*/
public static Type APP_SSO = new Type("eiam:event:app:sso", "单点登录",
APP_RESOURCE, List.of(UserType.USER));
/**
* 退
*/
public static Type SIGN_OUT_APP = new Type("eiam:event:app:login", "退出应用",
APP_RESOURCE, List.of(UserType.USER));
/**
*
*/
public static Type ADD_APP = new Type("eiam:event:app:create", "添加应用",
APP_RESOURCE, List.of(UserType.ADMIN));
/**
*
*/
public static Type ENABLE_APP = new Type("eiam:event:app:enabled", "启用应用",
APP_RESOURCE, List.of(UserType.ADMIN));
/**
*
*/
public static Type DISABLE_APP = new Type("eiam:event:app:disabled", "禁用应用",
APP_RESOURCE, List.of(UserType.ADMIN));
/**
*
*/
public static Type UPDATE_APP = new Type("eiam:event:app:update", "修改应用",
APP_RESOURCE, List.of(UserType.ADMIN));
/**
*
*/
public static Type SAVE_APP_CONFIG = new Type("eiam:event:app:save:config",
"保存应用配置", APP_RESOURCE, List.of(UserType.ADMIN));
/**
*
*/
public static Type DELETE_APP = new Type("eiam:event:app:delete", "删除应用",
APP_RESOURCE, List.of(UserType.ADMIN));
/**
* 访
*/
public static Type APP_ACCESS_POLICY = new Type("eiam:event:app:access_policy",
"应用访问授权", APP_RESOURCE, List.of(UserType.ADMIN));
/**
* 访
*/
public static Type APP_DELETE_ACCESS_POLICY = new Type(
"eiam:event:app:delete_access_policy", "应用访问授权", APP_RESOURCE, List.of(UserType.ADMIN));
/**
*
*/
public static Type ADD_APP_ACCOUNT = new Type("eiam:event:app:add_app_account",
"添加应用账户", APP_RESOURCE, List.of(UserType.ADMIN));
/**
*
*/
public static Type DELETE_APP_ACCOUNT = new Type(
"eiam:event:app:delete_app_account", "删除应用账户", APP_RESOURCE, List.of(UserType.ADMIN));
/**
* SSO
*/
public static Type SAVE_SSO_CONFIG = new Type("eiam:event:app:save_sso_config",
"保存SSO配置", APP_RESOURCE, List.of(UserType.ADMIN));
/**
*
*/
public static Type SAVE_APP_PERMISSION_RESOURCE = new Type(
"eiam:event:app:save_app_permission_resource", "保存应用权限资源", APP_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type UPDATE_APP_PERMISSION_RESOURCE = new Type(
"eiam:event:app:update_app_permission_resource", "修改应用权限资源", APP_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type DELETE_APP_PERMISSION_RESOURCE = new Type(
"eiam:event:app:delete_app_permission_resource", "删除应用权限资源", APP_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type ENABLE_APP_PERMISSION_RESOURCE = new Type(
"eiam:event:app:enable_app_permission_resource", "启用应用权限资源", APP_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type DISABLE_APP_PERMISSION_RESOURCE = new Type(
"eiam:event:app:disable_app_permission_resource", "禁用应用权限资源", APP_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type DELETE_USER_IDP_BIND = new Type(
"eiam:event:app:delete_user_idp_bind", "删除用户身份提供商绑定", APP_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type SAVE_APP_PERMISSION_ROLE = new Type(
"eiam:event:app:save_app_permission_role", "添加应用角色", APP_RESOURCE, List.of(UserType.ADMIN));
/**
*
*/
public static Type UPDATE_APP_PERMISSION_ROLE = new Type(
"eiam:event:app:update_app_permission_role", "修改应用角色", APP_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type DELETE_APP_PERMISSION_ROLE = new Type(
"eiam:event:app:delete_app_permission_role", "删除应用角色", APP_RESOURCE,
List.of(UserType.ADMIN));
}

82
eiam-audit/src/main/java/cn/topiam/employee/audit/event/type/AuthenticationEventType.java Normal file
View File

@ -0,0 +1,82 @@
/*
* eiam-audit - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.audit.event.type;
import java.util.List;
import cn.topiam.employee.common.enums.UserType;
import static cn.topiam.employee.audit.event.type.Resource.AUTHENTICATION_RESOURCE;
/**
*
*
* @author TopIAM
* Created by support@topiam.cn on 2021/11/24 22:59
*/
public class AuthenticationEventType {
/**
*
*/
public static Type ADD_IDP = new Type("eiam:event:idp_add", "添加身份提供商",
AUTHENTICATION_RESOURCE, List.of(UserType.ADMIN));
/**
*
*/
public static Type UPDATE_IDP = new Type("eiam:event:idp_update", "修改身份提供商",
AUTHENTICATION_RESOURCE, List.of(UserType.ADMIN));
/**
*
*/
public static Type ENABLE_IDP = new Type("eiam:event:idp_enabled", "启用身份提供商",
AUTHENTICATION_RESOURCE, List.of(UserType.ADMIN));
/**
*
*/
public static Type DISABLE_IDP = new Type("eiam:event:idp_disabled", "禁用身份提供商",
AUTHENTICATION_RESOURCE, List.of(UserType.ADMIN));
/**
*
*/
public static Type DELETE_IDP = new Type("eiam:event:idp_delete", "删除身份提供商",
AUTHENTICATION_RESOURCE, List.of(UserType.ADMIN));
/**
*
*/
public static Type LOGIN_CONSOLE = new Type("eiam:event:login:console", "登录控制台",
AUTHENTICATION_RESOURCE, List.of(UserType.ADMIN, UserType.USER));
/**
*
*/
public static Type LOGIN_PORTAL = new Type("eiam:event:login:portal", "登录门户",
AUTHENTICATION_RESOURCE, List.of(UserType.ADMIN, UserType.USER));
/**
* 退
*/
public static Type LOGOUT_CONSOLE = new Type("eiam:event:logout:console", "退出控制台",
AUTHENTICATION_RESOURCE, List.of(UserType.ADMIN, UserType.USER));
/**
* 退
*/
public static Type LOGOUT_PORTAL = new Type("eiam:event:logout:portal", "退出门户",
AUTHENTICATION_RESOURCE, List.of(UserType.ADMIN, UserType.USER));
}

46
eiam-audit/src/main/java/cn/topiam/employee/audit/event/type/OtherEventType.java Normal file
View File

@ -0,0 +1,46 @@
/*
* eiam-audit - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.audit.event.type;
import java.util.List;
import cn.topiam.employee.common.enums.UserType;
import static cn.topiam.employee.audit.event.type.Resource.OTHER_RESOURCE;
/**
*
*
* @author TopIAM
* Created by support@topiam.cn on 2021/11/24 22:58
*/
public class OtherEventType {
/**
* 线
*/
public static Type DOWN_LINE_SESSION = new Type("eiam:event:other:down_line_session",
"下线会话", OTHER_RESOURCE, List.of(UserType.ADMIN));
/**
* 线
*/
public static Type BATCH_DOWN_LINE_SESSION = new Type(
"eiam:event:other:batch_down_line_session", "批量下线会话", OTHER_RESOURCE,
List.of(UserType.ADMIN));
}

75
eiam-audit/src/main/java/cn/topiam/employee/audit/event/type/Resource.java Normal file
View File

@ -0,0 +1,75 @@
/*
* eiam-audit - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.audit.event.type;
import lombok.AllArgsConstructor;
import lombok.Data;
/**
*
*
* @author TopIAM
* Created by support@topiam.cn on 2021/9/29 21:07
*/
@Data
@AllArgsConstructor
public class Resource {
/**
*
*/
private String code;
/**
*
*/
private String name;
@Override
public String toString() {
return String.format("[%s](%s)", name, code);
}
/**
*
*/
public static Resource ACCOUNT_RESOURCE = new Resource("eiam:event:resource:account",
"账户管理");
/**
*
*/
public static Resource AUTHENTICATION_RESOURCE = new Resource(
"eiam:event:resource:authentication", "认证管理");
/**
*
*/
public static Resource APP_RESOURCE = new Resource("eiam:event:resource:application",
"应用管理");
/**
*
*/
public static Resource OTHER_RESOURCE = new Resource("eiam:event:resource:other",
"其他管理");
/**
*
*/
public static Resource SETTING_RESOURCE = new Resource("eiam:event:resource:settings",
"系统设置");
}

314
eiam-audit/src/main/java/cn/topiam/employee/audit/event/type/SettingEventType.java Normal file
View File

@ -0,0 +1,314 @@
/*
* eiam-audit - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.audit.event.type;
import java.util.List;
import cn.topiam.employee.common.enums.UserType;
import static cn.topiam.employee.audit.event.type.Resource.SETTING_RESOURCE;
/**
*
*
* @author TopIAM
* Created by support@topiam.cn on 2021/11/24 22:58
*/
public class SettingEventType {
/**
*
*/
public static Type SAVE_LOGIN_SECURITY_BASIC_SETTINGS = new Type(
"eiam:event:setting:save_security_basic", "保存安全基础设置", SETTING_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type SAVE_PASSWORD_POLICY_SETTINGS = new Type(
"eiam:event:setting:save_password_policy", "保存密码策略", SETTING_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type SAVE_MFA_SETTINGS = new Type(
"eiam:event:setting:save_mfa", "保存多因素认证", SETTING_RESOURCE, List.of(UserType.ADMIN));
/**
*
*/
public static Type SAVE_CAPTCHA_PROVIDER = new Type(
"eiam:event:setting:save_captcha_provider", "保存行为验证码", SETTING_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type OFF_CAPTCHA_PROVIDER = new Type(
"eiam:event:setting:off_captcha_provider", "禁用行为验证码", SETTING_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type ADD_ADMINISTRATOR = new Type(
"eiam:event:setting:add_administrator", "添加管理员", SETTING_RESOURCE, List.of(UserType.ADMIN));
/**
*
*/
public static Type DELETE_ADMINISTRATOR = new Type(
"eiam:event:setting:delete_administrator", "删除管理员", SETTING_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type UPDATE_ADMINISTRATOR = new Type(
"eiam:event:setting:update_administrator", "修改管理员", SETTING_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type ENABLE_ADMINISTRATOR = new Type(
"eiam:event:setting:enable_administrator", "启用管理员", SETTING_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type DISABLE_ADMINISTRATOR = new Type(
"eiam:event:setting:disable_administrator", "禁用管理员", SETTING_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type RESET_ADMINISTRATOR_PASSWORD = new Type(
"eiam:event:setting:reset_administrator_password", "重置管理员密码", SETTING_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type ON_CUSTOMIZE_CHANGE_PASSWORD_MAIL = new Type(
"eiam:event:setting:on_customize_change_password_mail", "开启自定义修改密码邮件模板", SETTING_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type ON_CUSTOMIZE_RESET_PASSWORD_MAIL = new Type(
"eiam:event:setting:on_customize_reset_password_mail", "开启自定义重置密码邮件模板", SETTING_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type ON_CUSTOMIZE_CONFIRM_RESET_PASSWORD_MAIL = new Type(
"eiam:event:setting:on_customize_confirm_reset_password_mail", "开启自定义确认重置密码邮件模板",
SETTING_RESOURCE, List.of(UserType.ADMIN));
/**
*
*/
public static Type ON_CUSTOMIZE_VERIFY_MAIL = new Type(
"eiam:event:setting:on_customize_verify_mail", "开启自定义验证邮件模板", SETTING_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type ON_CUSTOMIZE_WELCOME_MAIL = new Type(
"eiam:event:setting:on_customize_welcome_mail", "开启自定义欢迎邮件模板", SETTING_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type ON_CUSTOMIZE_MODIFY_BINDING_MAIL = new Type(
"eiam:event:setting:on_customize_modify_binding:_mail", "开启自定义修改绑定邮件模板", SETTING_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type OFF_CUSTOMIZE_CHANGE_PASSWORD_MAIL = new Type(
"eiam:event:setting:off_customize_change_password_mail", "关闭自定义修改密码邮件模板", SETTING_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type OFF_CUSTOMIZE_RESET_PASSWORD_MAIL = new Type(
"eiam:event:setting:off_customize_reset_password_mail", "关闭自定义重置密码邮件模板", SETTING_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type OFF_CUSTOMIZE_CONFIRM_RESET_PASSWORD_MAIL = new Type(
"eiam:event:setting:off_customize_confirm_reset_password_mail", "关闭自定义确认重置密码邮件模板",
SETTING_RESOURCE, List.of(UserType.ADMIN));
/**
*
*/
public static Type OFF_CUSTOMIZE_VERIFY_MAIL = new Type(
"eiam:event:setting:off_customize_verify_mail", "关闭自定义验证邮件模板", SETTING_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type OFF_CUSTOMIZE_WELCOME_MAIL = new Type(
"eiam:event:setting:off_customize_welcome_mail", "关闭自定义欢迎邮件模板", SETTING_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type OFF_CUSTOMIZE_MODIFY_BINDING_MAIL = new Type(
"eiam:event:setting:off_customize_modify_binding_mail", "关闭自定义修改绑定邮件模板", SETTING_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type SAVE_CUSTOMIZE_CHANGE_PASSWORD_MAIL = new Type(
"eiam:event:setting:save_customize_change_password_mail", "保存自定义修改密码邮件模板", SETTING_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type SAVE_CUSTOMIZE_RESET_PASSWORD_MAIL = new Type(
"eiam:event:setting:save_customize_reset_password_mail", "保存自定义重置密码邮件模板", SETTING_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type SAVE_CUSTOMIZE_CONFIRM_RESET_PASSWORD_MAIL = new Type(
"eiam:event:setting:save_customize_confirm_reset_password_mail", "保存自定义确认重置密码邮件模板",
SETTING_RESOURCE, List.of(UserType.ADMIN));
/**
*
*/
public static Type SAVE_CUSTOMIZE_VERIFY_MAIL = new Type(
"eiam:event:setting:save_customize_verify_mail", "保存自定义验证邮件模板", SETTING_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type SAVE_CUSTOMIZE_WELCOME_MAIL = new Type(
"eiam:event:setting:save_customize_welcome_mail", "保存自定义欢迎邮件模板", SETTING_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type SAVE_CUSTOMIZE_MODIFY_BINDING_MAIL = new Type(
"eiam:event:setting:save_customize_modify_binding_mail", "保存自定义修改绑定邮件模板", SETTING_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type ON_MAIL_SERVICE = new Type(
"eiam:event:setting:on_mail_service", "开启邮件服务", SETTING_RESOURCE, List.of(UserType.ADMIN));
/**
*
*/
public static Type OFF_MAIL_SERVICE = new Type(
"eiam:event:setting:off_mail_service", "关闭邮件服务", SETTING_RESOURCE, List.of(UserType.ADMIN));
/**
*
*/
public static Type SAVE_MAIL_SERVICE = new Type(
"eiam:event:setting:save_mail_service", "保存邮件服务", SETTING_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type ON_SMS_SERVICE = new Type(
"eiam:event:setting:on_sms_verify_service", "开启短信验证服务", SETTING_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type OFF_SMS_SERVICE = new Type(
"eiam:event:setting:off_sms_verify_service", "关闭短信验证服务", SETTING_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type SAVE_SMS_SERVICE = new Type(
"eiam:event:setting:save_sms_verify_service", "保存短信验证服务", SETTING_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type ON_STORAGE_SERVICE = new Type(
"eiam:event:setting:on_storage_service", "开启存储服务", SETTING_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type OFF_STORAGE_SERVICE = new Type(
"eiam:event:setting:off_storage_service", "关闭存储服务", SETTING_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type SAVE_STORAGE_SERVICE = new Type(
"eiam:event:setting:save_storage_service", "保存存储服务", SETTING_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type ON_GEO_LOCATION_SERVICE = new Type(
"eiam:event:setting:on_geoip_service", "开启地理位置服务", SETTING_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type OFF_GEO_LOCATION_SERVICE = new Type(
"eiam:event:setting:off_geoip_service", "关闭地理位置服务", SETTING_RESOURCE,
List.of(UserType.ADMIN));
/**
*
*/
public static Type SAVE_GEO_LOCATION_SERVICE = new Type(
"eiam:event:setting:save_geoip_service", "保存地理位置服务", SETTING_RESOURCE,
List.of(UserType.ADMIN));
}

58
eiam-audit/src/main/java/cn/topiam/employee/audit/event/type/Type.java Normal file
View File

@ -0,0 +1,58 @@
/*
* eiam-audit - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.audit.event.type;
import java.util.List;
import cn.topiam.employee.common.enums.UserType;
import lombok.AllArgsConstructor;
import lombok.Data;
/**
*
*
* @author TopIAM
* Created by support@topiam.cn on 2021/11/24 23:06
*/
@Data
@AllArgsConstructor
public class Type {
/**
*
*/
private String code;
/**
*
*/
private String name;
/**
*
*/
private Resource resource;
/**
*
*/
private List<UserType> userTypes;
@Override
public String toString() {
return String.format("[%s](%s) %s", name, code, resource);
}
}

24
eiam-audit/src/main/java/cn/topiam/employee/audit/package-info.java Normal file
View File

@ -0,0 +1,24 @@
/*
* eiam-audit - Employee Identity and Access Management Program
* Copyright © 2020-2022 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
/**
*
*
* @author TopIAM
* Created by support@topiam.cn on 2021/9/11 22:10
*/
package cn.topiam.employee.audit;

Some files were not shown because too many files have changed in this diff Show More