gitee
/
eiam
mirror of https://gitee.com/topiam/eiam
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

优化

pull/82/head^2
awenes 2024-04-04 22:13:54 +08:00
parent 2a4865b8ec
commit 7adb8641c7
23 changed files with 79 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/authentication/IdpAuthenticationProvider.java
View File

@ -50,7 +50,7 @@ import jakarta.validation.constraints.NotBlank;
/**
*
* @author TopIAM
* Created by support@topiam.cn on 2023/8/6 23:45
* Created by support@topiam.cn on 2023/8/6 23:45
*/
public class IdpAuthenticationProvider implements AuthenticationProvider {

2
eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/authentication/IdpNotBindAuthentication.java
View File

@ -24,7 +24,7 @@ import org.springframework.security.authentication.AbstractAuthenticationToken;
/**
*
* @author TopIAM
* Created by support@topiam.cn on 2023/8/7 21:47
* Created by support@topiam.cn on 2023/8/7 21:47
*/
public class IdpNotBindAuthentication extends AbstractAuthenticationToken
implements java.io.Serializable {

2
eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/configurer/IdpBindAuthenticationConfigurer.java
View File

@ -38,7 +38,7 @@ import static cn.topiam.employee.support.security.util.HttpSecurityFilterOrderRe
/**
*
* @author TopIAM
* Created by support@topiam.cn on 2023/8/6 23:43
* Created by support@topiam.cn on 2023/8/6 23:43
*/
public class IdpBindAuthenticationConfigurer extends
AbstractAuthenticationFilterConfigurer<HttpSecurity, IdpBindAuthenticationConfigurer, IdpBindUserAuthenticationFilter> {

2
eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/filter/IdpBindUserAuthenticationFilter.java
View File

@ -47,7 +47,7 @@ import static cn.topiam.employee.support.exception.enums.ExceptionStatus.EX00010
/**
*
* @author TopIAM
* Created by support@topiam.cn on 2023/8/6 23:43
* Created by support@topiam.cn on 2023/8/6 23:43
*/
@Slf4j
public class IdpBindUserAuthenticationFilter extends AbstractAuthenticationProcessingFilter {

2
eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/jackjson/AuthenticationJacksonModule.java
View File

@ -29,7 +29,7 @@ import cn.topiam.employee.authentication.common.authentication.OtpAuthentication
/**
*
* @author TopIAM
* Created by support@topiam.cn on 2023/7/14 21:45
* Created by support@topiam.cn on 2023/7/14 21:45
*/
public class AuthenticationJacksonModule extends Module {

4
eiam-common/src/main/java/cn/topiam/employee/common/constant/UserConstants.java
View File

@ -19,8 +19,8 @@ package cn.topiam.employee.common.constant;
/**
*
* @author SanLi
* Created by qinggang.zuo@gmail.com / 2689170096@qq.com on 2023/10/5 15:11
* @author TopIAM
* Created by support@topiam.cn on 2023/10/5 15:11
*/
public class UserConstants {

4
eiam-common/src/main/java/cn/topiam/employee/common/geo/ip2region/Ip2regionGeoLocationServiceImpl.java
View File

@ -37,8 +37,8 @@ import static cn.topiam.employee.common.geo.District.PROVINCE_DISTRICT;
/**
* Ip2regionGeo
*
* @author SanLi
* Created by qinggang.zuo@gmail.com / 2689170096@qq.com on 2023/10/30 19:11
* @author TopIAM
* Created by support@topiam.cn on 2023/10/30 19:11
*/
@Slf4j
public class Ip2regionGeoLocationServiceImpl implements GeoLocationService, DisposableBean {

17
eiam-core/src/main/java/cn/topiam/employee/core/initializer/SystemInitializer.java
View File

@ -1,3 +1,20 @@
/*
* eiam-core - Employee Identity and Access Management
* Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.core.initializer;
import java.util.Objects;

2
eiam-protocol/eiam-protocol-form/src/main/java/cn/topiam/employee/protocol/form/context/FormAuthorizationServerContextFilter.java
View File

@ -47,7 +47,7 @@ import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import static cn.topiam.employee.common.constant.ProtocolConstants.APP_CODE;
import static cn.topiam.employee.common.constant.AppConstants.APP_CODE;
import static cn.topiam.employee.support.util.HttpRequestUtils.getRequestHeaders;
/**

4
eiam-protocol/eiam-protocol-jwt/src/main/java/cn/topiam/employee/protocol/jwt/authentication/JwtAuthenticationFailureHandler.java
View File

@ -36,8 +36,8 @@ import jakarta.servlet.http.HttpServletResponse;
/**
*
* @author SanLi
* Created by qinggang.zuo@gmail.com / 2689170096@qq.com on 2023/9/4 13:03
* @author TopIAM
* Created by support@topiam.cn on 2023/9/4 13:03
*/
public class JwtAuthenticationFailureHandler implements AuthenticationFailureHandler {
/**

11
eiam-protocol/eiam-protocol-jwt/src/main/java/cn/topiam/employee/protocol/jwt/authentication/JwtLogoutAuthenticationProvider.java
View File

@ -20,25 +20,18 @@ package cn.topiam.employee.protocol.jwt.authentication;
import org.springframework.security.authentication.AuthenticationProvider;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.session.SessionInformation;
import org.springframework.security.core.session.SessionRegistry;
/**
*
* @author SanLi
* Created by qinggang.zuo@gmail.com / 2689170096@qq.com on 2023/9/4 16:11
* @author TopIAM
* Created by support@topiam.cn on 2023/9/4 16:11
*/
public final class JwtLogoutAuthenticationProvider implements AuthenticationProvider {
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
JwtLogoutAuthenticationToken logoutAuthenticationToken = (JwtLogoutAuthenticationToken) authentication;
SessionInformation sessionInformation = sessionRegistry
.getSessionInformation(logoutAuthenticationToken.getSessionId());
// if (StringUtils.hasText(logoutAuthenticationToken.getPostLogoutRedirectUri()) &&
// !registeredClient.getPostLogoutRedirectUris().contains(logoutAuthenticationToken.getPostLogoutRedirectUri())) {
// throwError(new JwtError(JwtErrorCodes.INVALID_REQUEST, "post_logout_redirect_uri"));
// }
return logoutAuthenticationToken;
}

4
eiam-protocol/eiam-protocol-jwt/src/main/java/cn/topiam/employee/protocol/jwt/authentication/JwtLogoutAuthenticationToken.java
View File

@ -27,8 +27,8 @@ import lombok.Getter;
/**
*
* @author SanLi
* Created by qinggang.zuo@gmail.com / 2689170096@qq.com on 2023/9/4 13:43
* @author TopIAM
* Created by support@topiam.cn on 2023/9/4 13:43
*/
public class JwtLogoutAuthenticationToken extends AbstractAuthenticationToken {

2
eiam-protocol/eiam-protocol-jwt/src/main/java/cn/topiam/employee/protocol/jwt/authentication/JwtRequestAuthenticationTokenProvider.java
View File

@ -39,7 +39,7 @@ import cn.topiam.employee.protocol.jwt.token.IdTokenGenerator;
import cn.topiam.employee.protocol.jwt.token.JwtIdTokenGenerator;
import cn.topiam.employee.support.security.authentication.WebAuthenticationDetails;
import cn.topiam.employee.support.security.userdetails.UserDetails;
import static cn.topiam.employee.common.constant.ProtocolConstants.APP_CODE_VARIABLE;
import static cn.topiam.employee.common.constant.AppConstants.APP_CODE_VARIABLE;
import static cn.topiam.employee.common.constant.ProtocolConstants.JwtEndpointConstants.JWT_SSO_PATH;
import static cn.topiam.employee.protocol.jwt.constant.JwtProtocolConstants.JWT_ERROR_URI;
import static cn.topiam.employee.support.security.util.SecurityUtils.isPrincipalAuthenticated;

2
eiam-protocol/eiam-protocol-jwt/src/main/java/cn/topiam/employee/protocol/jwt/authorization/RedisJwtAuthorizationService.java
View File

@ -45,7 +45,7 @@ import static cn.topiam.employee.protocol.jwt.constant.JwtProtocolConstants.JWT_
*
* @author TopIAM
*
* Created by support@topiam.cn / 2689170096@qq.com on 2023/9/1 12:51
* Created by support@topiam.cn on 2023/9/1 12:51
*/
public class RedisJwtAuthorizationService implements JwtAuthorizationService {
private static final String CID_TO_AUTHORIZATIONS = "cid_to_authorizations:";

2
eiam-protocol/eiam-protocol-jwt/src/main/java/cn/topiam/employee/protocol/jwt/context/JwtAuthorizationServerContextFilter.java
View File

@ -47,7 +47,7 @@ import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import static cn.topiam.employee.common.constant.ProtocolConstants.APP_CODE;
import static cn.topiam.employee.common.constant.AppConstants.APP_CODE;
import static cn.topiam.employee.support.util.HttpRequestUtils.getRequestHeaders;
/**

3
eiam-protocol/eiam-protocol-jwt/src/main/java/cn/topiam/employee/protocol/jwt/endpoint/JwtAuthenticationEndpointFilter.java
View File

@ -21,7 +21,6 @@ import java.io.IOException;
import java.util.*;
import org.apache.commons.compress.utils.CharsetNames;
import org.apache.commons.lang3.StringUtils;
import org.apache.http.entity.ContentType;
import org.springframework.core.log.LogMessage;
import org.springframework.lang.NonNull;
@ -217,7 +216,7 @@ public final class JwtAuthenticationEndpointFilter extends OncePerRequestFilter
IdToken idToken = authenticationToken.getIdToken();
JwtRequestAuthenticationToken requestAuthenticationToken= (JwtRequestAuthenticationToken) authenticationToken.getPrincipal();
String targetUri = StringUtils.defaultString(requestAuthenticationToken.getTargetUrl(), config.getTargetLinkUrl());
String targetUri = Objects.toString(requestAuthenticationToken.getTargetUrl(), config.getTargetLinkUrl());
response.setCharacterEncoding(CharsetNames.UTF_8);
response.setContentType(ContentType.TEXT_HTML.getMimeType());

4
eiam-protocol/eiam-protocol-jwt/src/main/java/cn/topiam/employee/protocol/jwt/endpoint/JwtAuthenticationEndpointUtils.java
View File

@ -22,8 +22,8 @@ import cn.topiam.employee.protocol.jwt.exception.JwtError;
/**
*
* @author SanLi
* Created by qinggang.zuo@gmail.com / 2689170096@qq.com on 2023/9/4 13:05
* @author TopIAM
* Created by support@topiam.cn on 2023/9/4 13:05
*/
public class JwtAuthenticationEndpointUtils {

4
eiam-protocol/eiam-protocol-jwt/src/main/java/cn/topiam/employee/protocol/jwt/endpoint/authentication/JwtLogoutAuthenticationConverter.java
View File

@ -30,8 +30,8 @@ import jakarta.servlet.http.HttpSession;
/**
*
* @author SanLi
* Created by qinggang.zuo@gmail.com / 2689170096@qq.com on 2023/9/4 16:01
* @author TopIAM
* Created by support@topiam.cn on 2023/9/4 16:01
*/
public final class JwtLogoutAuthenticationConverter implements AuthenticationConverter {
private static final Authentication ANONYMOUS_AUTHENTICATION = new AnonymousAuthenticationToken(

9
eiam-protocol/eiam-protocol-jwt/src/main/java/cn/topiam/employee/protocol/jwt/endpoint/authentication/JwtRequestAuthenticationTokenConverter.java
View File

@ -35,9 +35,12 @@ import cn.topiam.employee.protocol.jwt.exception.JwtError;
import cn.topiam.employee.protocol.jwt.exception.JwtErrorCodes;
import jakarta.servlet.http.HttpServletRequest;
import static org.springframework.http.HttpMethod.GET;
import static cn.topiam.employee.protocol.jwt.constant.JwtProtocolConstants.JWT_ERROR_URI;
import static cn.topiam.employee.protocol.jwt.constant.JwtProtocolConstants.TARGET_URL;
import static cn.topiam.employee.support.util.HttpRequestUtils.getParameters;
import static cn.topiam.employee.support.util.HttpRequestUtils.getFormParameters;
import static cn.topiam.employee.support.util.HttpRequestUtils.getQueryParameters;
/**
* @author TopIAM
@ -47,7 +50,9 @@ public final class JwtRequestAuthenticationTokenConverter implements Authenticat
@Override
public Authentication convert(HttpServletRequest request) {
MultiValueMap<String, String> parameters = getParameters(request);
MultiValueMap<String, String> parameters = GET.name().equals(request.getMethod())
? getQueryParameters(request)
: getFormParameters(request);
String targetUrl = parameters.getFirst(TARGET_URL);
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();

6
eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/eiam/protocol/oidc/context/OidcAuthorizationServerContextFilter.java
View File

@ -41,8 +41,8 @@ import cn.topiam.employee.application.context.ApplicationContextHolder;
import cn.topiam.employee.application.oidc.OidcApplicationService;
import cn.topiam.employee.application.oidc.model.OidcProtocolConfig;
import cn.topiam.employee.core.help.ServerHelp;
import cn.topiam.employee.support.util.HttpUrlUtils;
import cn.topiam.employee.support.util.IpUtils;
import cn.topiam.employee.support.util.UrlUtils;
import cn.topiam.employee.support.web.servlet.RepeatedlyRequestWrapper;
import lombok.Getter;
@ -53,7 +53,7 @@ import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import static org.springframework.security.oauth2.server.authorization.settings.ConfigurationSettingNames.Token.ACCESS_TOKEN_FORMAT;
import static cn.topiam.employee.common.constant.ProtocolConstants.APP_CODE;
import static cn.topiam.employee.common.constant.AppConstants.APP_CODE;
import static cn.topiam.employee.common.constant.ProtocolConstants.OidcEndpointConstants.*;
import static cn.topiam.employee.support.util.HttpRequestUtils.getRequestHeaders;
@ -111,7 +111,7 @@ public final class OidcAuthorizationServerContextFilter extends OncePerRequestFi
//封装 ProviderSettings
StringSubstitutor sub = new StringSubstitutor(variables, "{", "}");
AuthorizationServerSettings providerSettings = AuthorizationServerSettings.builder()
.issuer(sub.replace(HttpUrlUtils.format(ServerHelp.getPortalPublicBaseUrl() + OIDC_AUTHORIZE_PATH)))
.issuer(sub.replace(UrlUtils.format(ServerHelp.getPortalPublicBaseUrl() + OIDC_AUTHORIZE_PATH)))
.authorizationEndpoint(sub.replace(AUTHORIZATION_ENDPOINT))
.tokenEndpoint(sub.replace(TOKEN_ENDPOINT))
.jwkSetEndpoint(sub.replace(JWK_SET_ENDPOINT))

6
eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/eiam/protocol/oidc/endpoint/authentication/OAuth2AuthorizationImplicitRequestAuthenticationConverter.java
View File

@ -41,7 +41,7 @@ import jakarta.servlet.http.HttpServletRequest;
import static org.springframework.http.HttpMethod.GET;
import static org.springframework.http.HttpMethod.POST;
import static cn.topiam.employee.support.util.HttpRequestUtils.getParameters;
import static cn.topiam.employee.support.util.HttpRequestUtils.*;
/**
* OAuth2
@ -68,7 +68,9 @@ public final class OAuth2AuthorizationImplicitRequestAuthenticationConverter imp
return null;
}
MultiValueMap<String, String> parameters = getParameters(request);
MultiValueMap<String, String> parameters = GET.name().equals(request.getMethod())
? getQueryParameters(request)
: getFormParameters(request);
// response_type (必填)
Set<String> responseTypes = null;

8
eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/eiam/protocol/oidc/endpoint/authentication/OAuth2AuthorizationResourceOwnerPasswordAuthenticationConverter.java
View File

@ -31,8 +31,10 @@ import org.springframework.util.StringUtils;
import cn.topiam.eiam.protocol.oidc.authentication.OAuth2AuthorizationResourceOwnerPasswordAuthenticationToken;
import jakarta.servlet.http.HttpServletRequest;
import static org.springframework.http.HttpMethod.GET;
import static cn.topiam.eiam.protocol.oidc.endpoint.OAuth2EndpointUtils.throwError;
import static cn.topiam.employee.support.util.HttpRequestUtils.getParameters;
import static cn.topiam.employee.support.util.HttpRequestUtils.*;
/**
*
@ -56,7 +58,9 @@ public final class OAuth2AuthorizationResourceOwnerPasswordAuthenticationConvert
}
Authentication clientPrincipal = SecurityContextHolder.getContext().getAuthentication();
//获取参数
MultiValueMap<String, String> parameters = getParameters(request);
MultiValueMap<String, String> parameters = GET.name().equals(request.getMethod())
? getQueryParameters(request)
: getFormParameters(request);
// username (必填)
String username = parameters.getFirst(OAuth2ParameterNames.USERNAME);
if (!StringUtils.hasText(username)

18
eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/package-info.java Normal file
View File

@ -0,0 +1,18 @@
/*
* eiam-protocol-oidc - Employee Identity and Access Management
* Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package org.springframework.security.oauth2.server.authorization;