⚡ 优化

eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/authentication/IdpAuthenticationProvider.java

@@ -50,7 +50,7 @@ import jakarta.validation.constraints.NotBlank;
 /**
  *
  * @author TopIAM
- * Created by support@topiam.cn  on  2023/8/6 23:45
+ * Created by support@topiam.cn on 2023/8/6 23:45
  */
 public class IdpAuthenticationProvider implements AuthenticationProvider {
 

eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/authentication/IdpNotBindAuthentication.java

@@ -24,7 +24,7 @@ import org.springframework.security.authentication.AbstractAuthenticationToken;
 /**
  *
  * @author TopIAM
- * Created by support@topiam.cn  on  2023/8/7 21:47
+ * Created by support@topiam.cn on 2023/8/7 21:47
  */
 public class IdpNotBindAuthentication extends AbstractAuthenticationToken
                                       implements java.io.Serializable {

eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/configurer/IdpBindAuthenticationConfigurer.java

@@ -38,7 +38,7 @@ import static cn.topiam.employee.support.security.util.HttpSecurityFilterOrderRe
 /**
  *
  * @author TopIAM
- * Created by support@topiam.cn  on  2023/8/6 23:43
+ * Created by support@topiam.cn on 2023/8/6 23:43
  */
 public class IdpBindAuthenticationConfigurer extends
                                              AbstractAuthenticationFilterConfigurer<HttpSecurity, IdpBindAuthenticationConfigurer, IdpBindUserAuthenticationFilter> {

eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/filter/IdpBindUserAuthenticationFilter.java

@@ -47,7 +47,7 @@ import static cn.topiam.employee.support.exception.enums.ExceptionStatus.EX00010
 /**
  *
  * @author TopIAM
- * Created by support@topiam.cn  on  2023/8/6 23:43
+ * Created by support@topiam.cn on 2023/8/6 23:43
  */
 @Slf4j
 public class IdpBindUserAuthenticationFilter extends AbstractAuthenticationProcessingFilter {

eiam-authentication/eiam-authentication-core/src/main/java/cn/topiam/employee/authentication/common/jackjson/AuthenticationJacksonModule.java

@@ -29,7 +29,7 @@ import cn.topiam.employee.authentication.common.authentication.OtpAuthentication
 /**
  *
  * @author TopIAM
- * Created by support@topiam.cn  on  2023/7/14 21:45
+ * Created by support@topiam.cn on 2023/7/14 21:45
  */
 public class AuthenticationJacksonModule extends Module {
 

eiam-common/src/main/java/cn/topiam/employee/common/constant/UserConstants.java

@@ -19,8 +19,8 @@ package cn.topiam.employee.common.constant;
 
 /**
  *
- * @author SanLi
+ * @author TopIAM
- * Created by qinggang.zuo@gmail.com / 2689170096@qq.com on  2023/10/5 15:11
+ * Created by support@topiam.cn on 2023/10/5 15:11
  */
 public class UserConstants {
 

eiam-common/src/main/java/cn/topiam/employee/common/geo/ip2region/Ip2regionGeoLocationServiceImpl.java

@@ -37,8 +37,8 @@ import static cn.topiam.employee.common.geo.District.PROVINCE_DISTRICT;
 /**
  * Ip2regionGeo
  *
- * @author SanLi
+ * @author TopIAM
- * Created by qinggang.zuo@gmail.com / 2689170096@qq.com on  2023/10/30 19:11
+ * Created by support@topiam.cn on 2023/10/30 19:11
  */
 @Slf4j
 public class Ip2regionGeoLocationServiceImpl implements GeoLocationService, DisposableBean {

eiam-core/src/main/java/cn/topiam/employee/core/initializer/SystemInitializer.java

@@ -1,3 +1,20 @@
+/*
+ * eiam-core - Employee Identity and Access Management
+ * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
 package cn.topiam.employee.core.initializer;
 
 import java.util.Objects;

eiam-protocol/eiam-protocol-form/src/main/java/cn/topiam/employee/protocol/form/context/FormAuthorizationServerContextFilter.java

@@ -47,7 +47,7 @@ import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
-import static cn.topiam.employee.common.constant.ProtocolConstants.APP_CODE;
+import static cn.topiam.employee.common.constant.AppConstants.APP_CODE;
 import static cn.topiam.employee.support.util.HttpRequestUtils.getRequestHeaders;
 
 /**

eiam-protocol/eiam-protocol-jwt/src/main/java/cn/topiam/employee/protocol/jwt/authentication/JwtAuthenticationFailureHandler.java

@@ -36,8 +36,8 @@ import jakarta.servlet.http.HttpServletResponse;
 
 /**
  *
- * @author SanLi
+ * @author TopIAM
- * Created by qinggang.zuo@gmail.com / 2689170096@qq.com on  2023/9/4 13:03
+ * Created by support@topiam.cn on 2023/9/4 13:03
  */
 public class JwtAuthenticationFailureHandler implements AuthenticationFailureHandler {
     /**

eiam-protocol/eiam-protocol-jwt/src/main/java/cn/topiam/employee/protocol/jwt/authentication/JwtLogoutAuthenticationProvider.java

@@ -20,25 +20,18 @@ package cn.topiam.employee.protocol.jwt.authentication;
 import org.springframework.security.authentication.AuthenticationProvider;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.core.session.SessionInformation;
 import org.springframework.security.core.session.SessionRegistry;
 
 /**
  *
- * @author SanLi
+ * @author TopIAM
- * Created by qinggang.zuo@gmail.com / 2689170096@qq.com on  2023/9/4 16:11
+ * Created by support@topiam.cn on 2023/9/4 16:11
  */
 public final class JwtLogoutAuthenticationProvider implements AuthenticationProvider {
 
     @Override
     public Authentication authenticate(Authentication authentication) throws AuthenticationException {
         JwtLogoutAuthenticationToken logoutAuthenticationToken = (JwtLogoutAuthenticationToken) authentication;
-        SessionInformation sessionInformation = sessionRegistry
-            .getSessionInformation(logoutAuthenticationToken.getSessionId());
-        //        if (StringUtils.hasText(logoutAuthenticationToken.getPostLogoutRedirectUri()) &&
-        //                !registeredClient.getPostLogoutRedirectUris().contains(logoutAuthenticationToken.getPostLogoutRedirectUri())) {
-        //            throwError(new JwtError(JwtErrorCodes.INVALID_REQUEST, "post_logout_redirect_uri"));
-        //        }
         return logoutAuthenticationToken;
     }
 

eiam-protocol/eiam-protocol-jwt/src/main/java/cn/topiam/employee/protocol/jwt/authentication/JwtLogoutAuthenticationToken.java

@@ -27,8 +27,8 @@ import lombok.Getter;
 
 /**
  *
- * @author SanLi
+ * @author TopIAM
- * Created by qinggang.zuo@gmail.com / 2689170096@qq.com on  2023/9/4 13:43
+ * Created by support@topiam.cn on 2023/9/4 13:43
  */
 public class JwtLogoutAuthenticationToken extends AbstractAuthenticationToken {
 

eiam-protocol/eiam-protocol-jwt/src/main/java/cn/topiam/employee/protocol/jwt/authentication/JwtRequestAuthenticationTokenProvider.java

@@ -39,7 +39,7 @@ import cn.topiam.employee.protocol.jwt.token.IdTokenGenerator;
 import cn.topiam.employee.protocol.jwt.token.JwtIdTokenGenerator;
 import cn.topiam.employee.support.security.authentication.WebAuthenticationDetails;
 import cn.topiam.employee.support.security.userdetails.UserDetails;
-import static cn.topiam.employee.common.constant.ProtocolConstants.APP_CODE_VARIABLE;
+import static cn.topiam.employee.common.constant.AppConstants.APP_CODE_VARIABLE;
 import static cn.topiam.employee.common.constant.ProtocolConstants.JwtEndpointConstants.JWT_SSO_PATH;
 import static cn.topiam.employee.protocol.jwt.constant.JwtProtocolConstants.JWT_ERROR_URI;
 import static cn.topiam.employee.support.security.util.SecurityUtils.isPrincipalAuthenticated;

eiam-protocol/eiam-protocol-jwt/src/main/java/cn/topiam/employee/protocol/jwt/authorization/RedisJwtAuthorizationService.java

@@ -45,7 +45,7 @@ import static cn.topiam.employee.protocol.jwt.constant.JwtProtocolConstants.JWT_
  *
  * @author TopIAM
  *
- * Created by support@topiam.cn / 2689170096@qq.com on  2023/9/1 12:51
+ * Created by support@topiam.cn on 2023/9/1 12:51
  */
 public class RedisJwtAuthorizationService implements JwtAuthorizationService {
     private static final String CID_TO_AUTHORIZATIONS = "cid_to_authorizations:";

eiam-protocol/eiam-protocol-jwt/src/main/java/cn/topiam/employee/protocol/jwt/context/JwtAuthorizationServerContextFilter.java

@@ -47,7 +47,7 @@ import jakarta.servlet.FilterChain;
 import jakarta.servlet.ServletException;
 import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
-import static cn.topiam.employee.common.constant.ProtocolConstants.APP_CODE;
+import static cn.topiam.employee.common.constant.AppConstants.APP_CODE;
 import static cn.topiam.employee.support.util.HttpRequestUtils.getRequestHeaders;
 
 /**

eiam-protocol/eiam-protocol-jwt/src/main/java/cn/topiam/employee/protocol/jwt/endpoint/JwtAuthenticationEndpointFilter.java

@@ -21,7 +21,6 @@ import java.io.IOException;
 import java.util.*;
 
 import org.apache.commons.compress.utils.CharsetNames;
-import org.apache.commons.lang3.StringUtils;
 import org.apache.http.entity.ContentType;
 import org.springframework.core.log.LogMessage;
 import org.springframework.lang.NonNull;
@@ -217,7 +216,7 @@ public final class JwtAuthenticationEndpointFilter extends OncePerRequestFilter
             IdToken idToken = authenticationToken.getIdToken();
 
             JwtRequestAuthenticationToken requestAuthenticationToken= (JwtRequestAuthenticationToken) authenticationToken.getPrincipal();
-            String targetUri = StringUtils.defaultString(requestAuthenticationToken.getTargetUrl(), config.getTargetLinkUrl());
+            String targetUri = Objects.toString(requestAuthenticationToken.getTargetUrl(), config.getTargetLinkUrl());
             response.setCharacterEncoding(CharsetNames.UTF_8);
             response.setContentType(ContentType.TEXT_HTML.getMimeType());
 

eiam-protocol/eiam-protocol-jwt/src/main/java/cn/topiam/employee/protocol/jwt/endpoint/JwtAuthenticationEndpointUtils.java

@@ -22,8 +22,8 @@ import cn.topiam.employee.protocol.jwt.exception.JwtError;
 
 /**
  *
- * @author SanLi
+ * @author TopIAM
- * Created by qinggang.zuo@gmail.com / 2689170096@qq.com on  2023/9/4 13:05
+ * Created by support@topiam.cn on 2023/9/4 13:05
  */
 public class JwtAuthenticationEndpointUtils {
 

eiam-protocol/eiam-protocol-jwt/src/main/java/cn/topiam/employee/protocol/jwt/endpoint/authentication/JwtLogoutAuthenticationConverter.java

@@ -30,8 +30,8 @@ import jakarta.servlet.http.HttpSession;
 
 /**
  *
- * @author SanLi
+ * @author TopIAM
- * Created by qinggang.zuo@gmail.com / 2689170096@qq.com on  2023/9/4 16:01
+ * Created by support@topiam.cn on 2023/9/4 16:01
  */
 public final class JwtLogoutAuthenticationConverter implements AuthenticationConverter {
     private static final Authentication ANONYMOUS_AUTHENTICATION = new AnonymousAuthenticationToken(

eiam-protocol/eiam-protocol-jwt/src/main/java/cn/topiam/employee/protocol/jwt/endpoint/authentication/JwtRequestAuthenticationTokenConverter.java

@@ -35,9 +35,12 @@ import cn.topiam.employee.protocol.jwt.exception.JwtError;
 import cn.topiam.employee.protocol.jwt.exception.JwtErrorCodes;
 
 import jakarta.servlet.http.HttpServletRequest;
+import static org.springframework.http.HttpMethod.GET;
+
 import static cn.topiam.employee.protocol.jwt.constant.JwtProtocolConstants.JWT_ERROR_URI;
 import static cn.topiam.employee.protocol.jwt.constant.JwtProtocolConstants.TARGET_URL;
-import static cn.topiam.employee.support.util.HttpRequestUtils.getParameters;
+import static cn.topiam.employee.support.util.HttpRequestUtils.getFormParameters;
+import static cn.topiam.employee.support.util.HttpRequestUtils.getQueryParameters;
 
 /**
  * @author TopIAM
@@ -47,7 +50,9 @@ public final class JwtRequestAuthenticationTokenConverter implements Authenticat
 
     @Override
     public Authentication convert(HttpServletRequest request) {
-        MultiValueMap<String, String> parameters = getParameters(request);
+        MultiValueMap<String, String> parameters = GET.name().equals(request.getMethod())
+            ? getQueryParameters(request)
+            : getFormParameters(request);
         String targetUrl = parameters.getFirst(TARGET_URL);
 
         Authentication authentication = SecurityContextHolder.getContext().getAuthentication();

eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/eiam/protocol/oidc/context/OidcAuthorizationServerContextFilter.java

@@ -41,8 +41,8 @@ import cn.topiam.employee.application.context.ApplicationContextHolder;
 import cn.topiam.employee.application.oidc.OidcApplicationService;
 import cn.topiam.employee.application.oidc.model.OidcProtocolConfig;
 import cn.topiam.employee.core.help.ServerHelp;
-import cn.topiam.employee.support.util.HttpUrlUtils;
 import cn.topiam.employee.support.util.IpUtils;
+import cn.topiam.employee.support.util.UrlUtils;
 import cn.topiam.employee.support.web.servlet.RepeatedlyRequestWrapper;
 
 import lombok.Getter;
@@ -53,7 +53,7 @@ import jakarta.servlet.http.HttpServletRequest;
 import jakarta.servlet.http.HttpServletResponse;
 import static org.springframework.security.oauth2.server.authorization.settings.ConfigurationSettingNames.Token.ACCESS_TOKEN_FORMAT;
 
-import static cn.topiam.employee.common.constant.ProtocolConstants.APP_CODE;
+import static cn.topiam.employee.common.constant.AppConstants.APP_CODE;
 import static cn.topiam.employee.common.constant.ProtocolConstants.OidcEndpointConstants.*;
 import static cn.topiam.employee.support.util.HttpRequestUtils.getRequestHeaders;
 
@@ -111,7 +111,7 @@ public final class OidcAuthorizationServerContextFilter extends OncePerRequestFi
             //封装 ProviderSettings
             StringSubstitutor sub = new StringSubstitutor(variables, "{", "}");
             AuthorizationServerSettings providerSettings = AuthorizationServerSettings.builder()
-                    .issuer(sub.replace(HttpUrlUtils.format(ServerHelp.getPortalPublicBaseUrl() + OIDC_AUTHORIZE_PATH)))
+                    .issuer(sub.replace(UrlUtils.format(ServerHelp.getPortalPublicBaseUrl() + OIDC_AUTHORIZE_PATH)))
                     .authorizationEndpoint(sub.replace(AUTHORIZATION_ENDPOINT))
                     .tokenEndpoint(sub.replace(TOKEN_ENDPOINT))
                     .jwkSetEndpoint(sub.replace(JWK_SET_ENDPOINT))

eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/eiam/protocol/oidc/endpoint/authentication/OAuth2AuthorizationImplicitRequestAuthenticationConverter.java

@@ -41,7 +41,7 @@ import jakarta.servlet.http.HttpServletRequest;
 import static org.springframework.http.HttpMethod.GET;
 import static org.springframework.http.HttpMethod.POST;
 
-import static cn.topiam.employee.support.util.HttpRequestUtils.getParameters;
+import static cn.topiam.employee.support.util.HttpRequestUtils.*;
 
 /**
  * OAuth2 授权简化模式请求身份验证转换器
@@ -68,7 +68,9 @@ public final class OAuth2AuthorizationImplicitRequestAuthenticationConverter imp
             return null;
         }
 
-        MultiValueMap<String, String> parameters = getParameters(request);
+        MultiValueMap<String, String> parameters = GET.name().equals(request.getMethod())
+            ? getQueryParameters(request)
+            : getFormParameters(request);
 
         // response_type (必填)
         Set<String> responseTypes = null;

eiam-protocol/eiam-protocol-oidc/src/main/java/cn/topiam/eiam/protocol/oidc/endpoint/authentication/OAuth2AuthorizationResourceOwnerPasswordAuthenticationConverter.java

@@ -31,8 +31,10 @@ import org.springframework.util.StringUtils;
 import cn.topiam.eiam.protocol.oidc.authentication.OAuth2AuthorizationResourceOwnerPasswordAuthenticationToken;
 
 import jakarta.servlet.http.HttpServletRequest;
+import static org.springframework.http.HttpMethod.GET;
+
 import static cn.topiam.eiam.protocol.oidc.endpoint.OAuth2EndpointUtils.throwError;
-import static cn.topiam.employee.support.util.HttpRequestUtils.getParameters;
+import static cn.topiam.employee.support.util.HttpRequestUtils.*;
 
 /**
  * 密码模式认证转换器
@@ -56,7 +58,9 @@ public final class OAuth2AuthorizationResourceOwnerPasswordAuthenticationConvert
         }
         Authentication clientPrincipal = SecurityContextHolder.getContext().getAuthentication();
         //获取参数
-        MultiValueMap<String, String> parameters = getParameters(request);
+        MultiValueMap<String, String> parameters = GET.name().equals(request.getMethod())
+            ? getQueryParameters(request)
+            : getFormParameters(request);
         // username (必填)
         String username = parameters.getFirst(OAuth2ParameterNames.USERNAME);
         if (!StringUtils.hasText(username)

eiam-protocol/eiam-protocol-oidc/src/main/java/org/springframework/security/oauth2/server/authorization/package-info.java

@@ -0,0 +1,18 @@
+/*
+ * eiam-protocol-oidc - Employee Identity and Access Management
+ * Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn)
+ *
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU Affero General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU Affero General Public License for more details.
+ *
+ * You should have received a copy of the GNU Affero General Public License
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
+ */
+package org.springframework.security.oauth2.server.authorization;