mirror of https://gitee.com/topiam/eiam
⚡ JWT协议新增IDP SLO 端点
awenes
parent
ef4d8fae42
commit
b5980f8624
|
|
@ -43,4 +43,10 @@ public class AppJwtProtocolEndpoint implements Serializable {
|
|||
*/
|
||||
@Parameter(description = "IDP SSO 端点")
|
||||
private String idpSsoEndpoint;
|
||||
|
||||
/**
|
||||
* IDP SLO 端点
|
||||
*/
|
||||
@Parameter(description = "IDP SLO 端点")
|
||||
private String idpSloEndpoint;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -237,6 +237,11 @@ public final class ProtocolConstants {
|
|||
*/
|
||||
public static final String JWT_SSO_PATH = JWT_AUTHORIZE_BASE_PATH + "/sso";
|
||||
|
||||
/**
|
||||
* JWT_SLO
|
||||
*/
|
||||
public static final String JWT_SLO_PATH = JWT_AUTHORIZE_BASE_PATH + "/slo";
|
||||
|
||||
/**
|
||||
* JWT IDP SSO 发起
|
||||
*/
|
||||
|
|
|
|||
|
|
@ -141,6 +141,22 @@ export default (props: {
|
|||
}}
|
||||
fieldProps={{ autoComplete: 'off' }}
|
||||
/>
|
||||
<ProFormText
|
||||
label={intl.formatMessage({
|
||||
id: 'pages.app.config.detail.items.login_access.protocol_config.jwt.config_about.idp_slo_endpoint',
|
||||
})}
|
||||
name={'idpSloEndpoint'}
|
||||
extra={intl.formatMessage({
|
||||
id: 'pages.app.config.detail.items.login_access.protocol_config.jwt.config_about.idp_slo_endpoint.extra',
|
||||
})}
|
||||
readonly
|
||||
proFieldProps={{
|
||||
render: (value: string) => {
|
||||
return value && <Typography.Text copyable>{value}</Typography.Text>;
|
||||
},
|
||||
}}
|
||||
fieldProps={{ autoComplete: 'off' }}
|
||||
/>
|
||||
<ProFormTextArea
|
||||
label={intl.formatMessage({
|
||||
id: 'pages.app.config.detail.items.login_access.protocol_config.jwt.config_about.idp_encrypt_cert',
|
||||
|
|
|
|||
|
|
@ -160,7 +160,7 @@ export default {
|
|||
'pages.app.config.detail.items.login_access.protocol_config.jwt.config_about.idp_sso_endpoint.extra':
|
||||
'应用发起单点登录的地址。',
|
||||
'pages.app.config.detail.items.login_access.protocol_config.jwt.config_about.idp_slo_endpoint':
|
||||
'登出端点',
|
||||
'IdP SLO 地址',
|
||||
'pages.app.config.detail.items.login_access.protocol_config.jwt.config_about.idp_slo_endpoint.extra':
|
||||
'应用发起单点登出的地址。',
|
||||
'pages.app.config.detail.items.login_access.protocol_config.jwt.config_about.idp_encrypt_cert':
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@ import org.springframework.security.core.session.SessionRegistry;
|
|||
* @author SanLi
|
||||
* Created by qinggang.zuo@gmail.com / 2689170096@qq.com on 2023/9/4 16:11
|
||||
*/
|
||||
public final class OidcLogoutAuthenticationProvider implements AuthenticationProvider {
|
||||
public final class JwtLogoutAuthenticationProvider implements AuthenticationProvider {
|
||||
|
||||
@Override
|
||||
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
|
||||
|
|
@ -48,7 +48,7 @@ public final class OidcLogoutAuthenticationProvider implements AuthenticationPro
|
|||
|
||||
private final SessionRegistry sessionRegistry;
|
||||
|
||||
public OidcLogoutAuthenticationProvider(SessionRegistry sessionRegistry) {
|
||||
public JwtLogoutAuthenticationProvider(SessionRegistry sessionRegistry) {
|
||||
this.sessionRegistry = sessionRegistry;
|
||||
}
|
||||
}
|
||||
|
|
@ -111,6 +111,7 @@ public final class JwtAuthorizationServerConfigurer extends
|
|||
//@formatter:off
|
||||
Map<Class<? extends AbstractConfigurer>, AbstractConfigurer> configurers = new LinkedHashMap<>();
|
||||
configurers.put(JwtAuthorizationEndpointConfigurer.class, new JwtAuthorizationEndpointConfigurer(this::postProcess));
|
||||
configurers.put(JwtLogoutAuthorizationEndpointConfigurer.class, new JwtLogoutAuthorizationEndpointConfigurer(this::postProcess));
|
||||
//@formatter:on
|
||||
return configurers;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -0,0 +1,91 @@
|
|||
/*
|
||||
* eiam-protocol-jwt - Employee Identity and Access Management
|
||||
* Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn)
|
||||
*
|
||||
* This program is free software: you can redistribute it and/or modify
|
||||
* it under the terms of the GNU Affero General Public License as published by
|
||||
* the Free Software Foundation, either version 3 of the License, or
|
||||
* (at your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful,
|
||||
* but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
* GNU Affero General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU Affero General Public License
|
||||
* along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
*/
|
||||
package cn.topiam.employee.protocol.jwt.configurers;
|
||||
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.security.authentication.AuthenticationManager;
|
||||
import org.springframework.security.config.annotation.ObjectPostProcessor;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.core.session.SessionRegistry;
|
||||
import org.springframework.security.web.authentication.logout.LogoutFilter;
|
||||
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
||||
import org.springframework.security.web.util.matcher.OrRequestMatcher;
|
||||
import org.springframework.security.web.util.matcher.RequestMatcher;
|
||||
|
||||
import cn.topiam.employee.protocol.code.configurer.AbstractConfigurer;
|
||||
import cn.topiam.employee.protocol.code.util.ProtocolConfigUtils;
|
||||
import cn.topiam.employee.protocol.jwt.authentication.JwtLogoutAuthenticationProvider;
|
||||
import cn.topiam.employee.protocol.jwt.endpoint.JwtLogoutAuthenticationEndpointFilter;
|
||||
import static cn.topiam.employee.common.constant.ProtocolConstants.JwtEndpointConstants.*;
|
||||
import static cn.topiam.employee.protocol.code.util.ProtocolConfigUtils.getSessionRegistry;
|
||||
|
||||
/**
|
||||
*
|
||||
* @author TopIAM
|
||||
* Created by support@topiam.cn on 2023/7/5 21:58
|
||||
*/
|
||||
public class JwtLogoutAuthorizationEndpointConfigurer extends AbstractConfigurer {
|
||||
|
||||
private RequestMatcher requestMatcher;
|
||||
|
||||
public JwtLogoutAuthorizationEndpointConfigurer(ObjectPostProcessor<Object> objectPostProcessor) {
|
||||
super(objectPostProcessor);
|
||||
}
|
||||
|
||||
/**
|
||||
* init
|
||||
*
|
||||
* @param httpSecurity {@link HttpSecurity}
|
||||
*/
|
||||
@Override
|
||||
public void init(HttpSecurity httpSecurity) {
|
||||
requestMatcher = new OrRequestMatcher(
|
||||
new AntPathRequestMatcher(JWT_SLO_PATH, HttpMethod.POST.name()));
|
||||
httpSecurity.authenticationProvider(
|
||||
new JwtLogoutAuthenticationProvider(getSessionRegistry(httpSecurity)));
|
||||
}
|
||||
|
||||
/**
|
||||
* configure
|
||||
*
|
||||
* @param httpSecurity {@link HttpSecurity}
|
||||
*/
|
||||
@Override
|
||||
public void configure(HttpSecurity httpSecurity) {
|
||||
AuthenticationManager authenticationManager = httpSecurity
|
||||
.getSharedObject(AuthenticationManager.class);
|
||||
SessionRegistry sessionRegistry = getSessionRegistry(httpSecurity);
|
||||
//SLO
|
||||
JwtLogoutAuthenticationEndpointFilter jwtLogoutAuthenticationEndpointFilter = new JwtLogoutAuthenticationEndpointFilter(
|
||||
requestMatcher, sessionRegistry, authenticationManager);
|
||||
jwtLogoutAuthenticationEndpointFilter.setAuthenticationDetailsSource(
|
||||
ProtocolConfigUtils.getAuthenticationDetailsSource(httpSecurity));
|
||||
httpSecurity.addFilterBefore(postProcess(jwtLogoutAuthenticationEndpointFilter),
|
||||
LogoutFilter.class);
|
||||
}
|
||||
|
||||
/**
|
||||
* 获取请求匹配器
|
||||
*
|
||||
* @return {@link RequestMatcher}
|
||||
*/
|
||||
@Override
|
||||
public RequestMatcher getRequestMatcher() {
|
||||
return requestMatcher;
|
||||
}
|
||||
}
|
||||
Loading…
Reference in New Issue