gitee
/
eiam
mirror of https://gitee.com/topiam/eiam
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

优化代码

pull/42/head
smallbun 2023-09-05 21:38:05 +08:00
parent 59365426ea
commit c50753b3bd
9 changed files with 144 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
eiam-protocol/eiam-protocol-form/src/main/java/cn/topiam/employee/protocol/form/endpoint/FormAuthenticationEndpointFilter.java
View File

@ -196,12 +196,12 @@ public final class FormAuthenticationEndpointFilter extends OncePerRequestFilter
}
this.authenticationFailureHandler.onAuthenticationFailure(request, response, ex);
} catch (Exception ex) {
FormError error = new FormError(SERVER_ERROR,ex.getMessage(),FORM_ERROR_URI);
FormError error = new FormError(SERVER_ERROR, ex.getMessage(), FORM_ERROR_URI);
if (this.logger.isTraceEnabled()) {
this.logger.trace(error, ex);
}
this.authenticationFailureHandler.onAuthenticationFailure(request, response,
new FormAuthenticationException(error));
new FormAuthenticationException(error));
}
}

17
eiam-protocol/eiam-protocol-jwt/src/main/java/cn/topiam/employee/protocol/jwt/authentication/JwtAuthenticationFailureHandler.java
View File

@ -1,3 +1,20 @@
/*
* eiam-protocol-jwt - Employee Identity and Access Management
* Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.protocol.jwt.authentication;
import java.io.IOException;

23
eiam-protocol/eiam-protocol-jwt/src/main/java/cn/topiam/employee/protocol/jwt/authentication/JwtLogoutAuthenticationToken.java
View File

@ -1,3 +1,20 @@
/*
* eiam-protocol-jwt - Employee Identity and Access Management
* Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.protocol.jwt.authentication;
import java.util.ArrayList;
@ -18,7 +35,7 @@ public class JwtLogoutAuthenticationToken extends AbstractAuthenticationToken {
private final Authentication principal;
@Getter
private final String sessionId;
private final String sessionId;
public JwtLogoutAuthenticationToken(Authentication principal, String sessionId) {
super(new ArrayList<>());
@ -62,7 +79,7 @@ public class JwtLogoutAuthenticationToken extends AbstractAuthenticationToken {
* @return {@code true} if {@link #getPrincipal()} is authenticated, {@code false} otherwise
*/
public boolean isPrincipalAuthenticated() {
return !AnonymousAuthenticationToken.class.isAssignableFrom(this.principal.getClass()) &&
this.principal.isAuthenticated();
return !AnonymousAuthenticationToken.class.isAssignableFrom(this.principal.getClass())
&& this.principal.isAuthenticated();
}
}

1
eiam-protocol/eiam-protocol-jwt/src/main/java/cn/topiam/employee/protocol/jwt/authentication/JwtRequestAuthenticationToken.java
View File

@ -56,7 +56,6 @@ public class JwtRequestAuthenticationToken extends AbstractAuthenticationToken {
@Getter
private final Map<String, Object> additionalParameters;
public JwtRequestAuthenticationToken(Authentication principal, String targetUrl,
JwtProtocolConfig config,
Map<String, Object> additionalParameters) {

59
eiam-protocol/eiam-protocol-jwt/src/main/java/cn/topiam/employee/protocol/jwt/authentication/OidcLogoutAuthenticationProvider.java
View File

@ -1,17 +1,19 @@
/*
* Copyright 2020-2023 the original author or authors.
* eiam-protocol-jwt - Employee Identity and Access Management
* Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn)
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* https://www.apache.org/licenses/LICENSE-2.0
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.protocol.jwt.authentication;
@ -28,28 +30,25 @@ import org.springframework.security.core.session.SessionRegistry;
*/
public final class OidcLogoutAuthenticationProvider implements AuthenticationProvider {
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
JwtLogoutAuthenticationToken logoutAuthenticationToken = (JwtLogoutAuthenticationToken) authentication;
SessionInformation sessionInformation = sessionRegistry
.getSessionInformation(logoutAuthenticationToken.getSessionId());
if (sessionInformation.isExpired()) {
}
return null;
}
@Override
public boolean supports(Class<?> authentication) {
return JwtLogoutAuthenticationToken.class.isAssignableFrom(authentication);
}
@Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException {
JwtLogoutAuthenticationToken logoutAuthenticationToken= (JwtLogoutAuthenticationToken) authentication;
SessionInformation sessionInformation=sessionRegistry.getSessionInformation(logoutAuthenticationToken.getSessionId());
if (sessionInformation.isExpired()){
private final SessionRegistry sessionRegistry;
}
return null;
}
@Override
public boolean supports(Class<?> authentication) {
return JwtLogoutAuthenticationToken.class.isAssignableFrom(authentication);
}
private final SessionRegistry sessionRegistry;
public OidcLogoutAuthenticationProvider(SessionRegistry sessionRegistry) {
this.sessionRegistry = sessionRegistry;
}
public OidcLogoutAuthenticationProvider(SessionRegistry sessionRegistry) {
this.sessionRegistry = sessionRegistry;
}
}

5
eiam-protocol/eiam-protocol-jwt/src/main/java/cn/topiam/employee/protocol/jwt/endpoint/JwtAuthenticationEndpointFilter.java
View File

@ -191,12 +191,13 @@ public final class JwtAuthenticationEndpointFilter extends OncePerRequestFilter
}
this.authenticationFailureHandler.onAuthenticationFailure(request, response, ex);
} catch (Exception ex) {
JwtError error = new JwtError(JwtErrorCodes.SERVER_ERROR,ex.getMessage(),JWT_ERROR_URI);
JwtError error = new JwtError(JwtErrorCodes.SERVER_ERROR, ex.getMessage(),
JWT_ERROR_URI);
if (this.logger.isTraceEnabled()) {
this.logger.trace(error, ex);
}
this.authenticationFailureHandler.onAuthenticationFailure(request, response,
new JwtAuthenticationException(error));
new JwtAuthenticationException(error));
}
}

17
eiam-protocol/eiam-protocol-jwt/src/main/java/cn/topiam/employee/protocol/jwt/endpoint/JwtAuthenticationEndpointUtils.java
View File

@ -1,3 +1,20 @@
/*
* eiam-protocol-jwt - Employee Identity and Access Management
* Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.protocol.jwt.endpoint;
import cn.topiam.employee.protocol.jwt.exception.JwtAuthenticationException;

44
eiam-protocol/eiam-protocol-jwt/src/main/java/cn/topiam/employee/protocol/jwt/endpoint/JwtLogoutAuthenticationEndpointFilter.java
View File

@ -60,48 +60,48 @@ public final class JwtLogoutAuthenticationEndpointFilter extends OncePerRequestF
/**
*
*/
private final RequestMatcher requestMatcher;
private final RequestMatcher requestMatcher;
/**
*
*/
private AuthenticationFailureHandler authenticationFailureHandler = new JwtAuthenticationFailureHandler();
private AuthenticationFailureHandler authenticationFailureHandler = new JwtAuthenticationFailureHandler();
/**
* AuthenticationSuccessHandler
*/
private AuthenticationSuccessHandler authenticationSuccessHandler=this::sendAuthorizationResponse;
private AuthenticationSuccessHandler authenticationSuccessHandler = this::sendAuthorizationResponse;
/**
* LogoutHandler
*/
private final LogoutHandler logoutHandler;
private final LogoutHandler logoutHandler;
/**
*
*/
private AuthenticationConverter authenticationConverter;
private AuthenticationConverter authenticationConverter;
/**
* AuthenticationDetailsSource
*/
private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource();
private AuthenticationDetailsSource<HttpServletRequest, ?> authenticationDetailsSource = new WebAuthenticationDetailsSource();
/**
*
*/
private final AuthenticationManager authenticationManager;
private final AuthenticationManager authenticationManager;
public JwtLogoutAuthenticationEndpointFilter(RequestMatcher requestMatcher,
SessionRegistry sessionRegistry, AuthenticationManager authenticationManager) {
SessionRegistry sessionRegistry,
AuthenticationManager authenticationManager) {
Assert.notNull(requestMatcher, "requestMatcher cannot be empty");
Assert.notNull(sessionRegistry, "sessionRegistry cannot be empty");
Assert.notNull(sessionRegistry, "authenticationManager cannot be empty");
this.authenticationManager = authenticationManager;
this.logoutHandler = new SecurityContextLogoutHandler();
this.requestMatcher = requestMatcher;
authenticationConverter=new JwtLogoutAuthenticationConverter();
authenticationConverter = new JwtLogoutAuthenticationConverter();
}
public void setAuthenticationFailureHandler(AuthenticationFailureHandler authenticationFailureHandler) {
@ -150,13 +150,15 @@ public final class JwtLogoutAuthenticationEndpointFilter extends OncePerRequestF
return;
}
try {
Authentication authentication= authenticationConverter.convert(request);
Authentication authentication = authenticationConverter.convert(request);
if (authentication instanceof AbstractAuthenticationToken) {
((AbstractAuthenticationToken) authentication)
.setDetails(this.authenticationDetailsSource.buildDetails(request));
.setDetails(this.authenticationDetailsSource.buildDetails(request));
}
Authentication authenticationResult= authenticationManager.authenticate(authentication);
authenticationSuccessHandler.onAuthenticationSuccess(request,response,authenticationResult);
Authentication authenticationResult = authenticationManager
.authenticate(authentication);
authenticationSuccessHandler.onAuthenticationSuccess(request, response,
authenticationResult);
} catch (JwtAuthenticationException ex) {
if (this.logger.isTraceEnabled()) {
this.logger.trace(LogMessage.format("JWT logout request failed: %s", ex.getError()),
@ -164,16 +166,16 @@ public final class JwtLogoutAuthenticationEndpointFilter extends OncePerRequestF
}
this.authenticationFailureHandler.onAuthenticationFailure(request, response, ex);
} catch (Exception ex) {
JwtError error = new JwtError(JwtErrorCodes.SERVER_ERROR,ex.getMessage(),JWT_ERROR_URI);
JwtError error = new JwtError(JwtErrorCodes.SERVER_ERROR, ex.getMessage(),
JWT_ERROR_URI);
if (this.logger.isTraceEnabled()) {
this.logger.trace(error, ex);
}
this.authenticationFailureHandler.onAuthenticationFailure(request, response,
new JwtAuthenticationException(error));
new JwtAuthenticationException(error));
}
}
/**
*
*
@ -183,13 +185,13 @@ public final class JwtLogoutAuthenticationEndpointFilter extends OncePerRequestF
*/
private void sendAuthorizationResponse(HttpServletRequest request, HttpServletResponse response,
Authentication authentication) {
JwtLogoutAuthenticationToken jwtLogoutAuthentication= (JwtLogoutAuthenticationToken) authentication;
JwtLogoutAuthenticationToken jwtLogoutAuthentication = (JwtLogoutAuthenticationToken) authentication;
// Check for active user session
if (jwtLogoutAuthentication.isPrincipalAuthenticated() &&
StringUtils.hasText(jwtLogoutAuthentication.getSessionId())) {
if (jwtLogoutAuthentication.isPrincipalAuthenticated()
&& StringUtils.hasText(jwtLogoutAuthentication.getSessionId())) {
// Perform logout
this.logoutHandler.logout(request, response,
(Authentication) jwtLogoutAuthentication.getPrincipal());
(Authentication) jwtLogoutAuthentication.getPrincipal());
}
}

64
eiam-protocol/eiam-protocol-jwt/src/main/java/cn/topiam/employee/protocol/jwt/endpoint/authentication/JwtLogoutAuthenticationConverter.java
View File

@ -1,17 +1,19 @@
/*
* Copyright 2020-2023 the original author or authors.
* eiam-protocol-jwt - Employee Identity and Access Management
* Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn)
*
* Licensed under the Apache License, Version 2.0 (the "License");
* you may not use this file except in compliance with the License.
* You may obtain a copy of the License at
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* https://www.apache.org/licenses/LICENSE-2.0
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.protocol.jwt.endpoint.authentication;
@ -37,31 +39,31 @@ import static cn.topiam.employee.protocol.jwt.endpoint.JwtAuthenticationEndpoint
* Created by qinggang.zuo@gmail.com / 2689170096@qq.com on 2023/9/4 16:01
*/
public final class JwtLogoutAuthenticationConverter implements AuthenticationConverter {
private static final Authentication ANONYMOUS_AUTHENTICATION = new AnonymousAuthenticationToken(
"anonymous", "anonymousUser", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
private static final Authentication ANONYMOUS_AUTHENTICATION = new AnonymousAuthenticationToken(
"anonymous", "anonymousUser", AuthorityUtils.createAuthorityList("ROLE_ANONYMOUS"));
@Override
public Authentication convert(HttpServletRequest request) {
@Override
public Authentication convert(HttpServletRequest request) {
if (request.getParameterValues(S_ID).length != 1) {
throwError(new JwtError(OAuth2ErrorCodes.INVALID_REQUEST,
"JWT Logout Request Parameter: " + S_ID));
}
if (request.getParameterValues(S_ID).length != 1) {
throwError(new JwtError(OAuth2ErrorCodes.INVALID_REQUEST,
"JWT Logout Request Parameter: " + S_ID));
}
String sessionId = request.getParameter(S_ID);
if (!StringUtils.hasText(sessionId)) {
HttpSession session = request.getSession(false);
if (session != null) {
sessionId = session.getId();
}
}
String sessionId = request.getParameter(S_ID);
if (!StringUtils.hasText(sessionId)) {
HttpSession session = request.getSession(false);
if (session != null) {
sessionId = session.getId();
}
}
Authentication principal = SecurityContextHolder.getContext().getAuthentication();
if (principal == null) {
principal = ANONYMOUS_AUTHENTICATION;
}
Authentication principal = SecurityContextHolder.getContext().getAuthentication();
if (principal == null) {
principal = ANONYMOUS_AUTHENTICATION;
}
return new JwtLogoutAuthenticationToken(principal,sessionId);
}
return new JwtLogoutAuthenticationToken(principal, sessionId);
}
}