gitee
/
eiam
mirror of https://gitee.com/topiam/eiam
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

优化代码

pull/42/head
smallbun 2023-09-05 21:38:05 +08:00
parent 59365426ea
commit c50753b3bd
9 changed files with 144 additions and 90 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
eiam-protocol/eiam-protocol-jwt/src/main/java/cn/topiam/employee/protocol/jwt/authentication/JwtAuthenticationFailureHandler.java
View File

@ -1,3 +1,20 @@
/*
* eiam-protocol-jwt - Employee Identity and Access Management
* Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.protocol.jwt.authentication; package cn.topiam.employee.protocol.jwt.authentication;
import java.io.IOException; import java.io.IOException;

21
eiam-protocol/eiam-protocol-jwt/src/main/java/cn/topiam/employee/protocol/jwt/authentication/JwtLogoutAuthenticationToken.java
View File

@ -1,3 +1,20 @@
/*
* eiam-protocol-jwt - Employee Identity and Access Management
* Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.protocol.jwt.authentication; package cn.topiam.employee.protocol.jwt.authentication;
import java.util.ArrayList; import java.util.ArrayList;
@ -62,7 +79,7 @@ public class JwtLogoutAuthenticationToken extends AbstractAuthenticationToken {
* @return {@code true} if {@link #getPrincipal()} is authenticated, {@code false} otherwise * @return {@code true} if {@link #getPrincipal()} is authenticated, {@code false} otherwise
*/ */
public boolean isPrincipalAuthenticated() { public boolean isPrincipalAuthenticated() {
return !AnonymousAuthenticationToken.class.isAssignableFrom(this.principal.getClass()) && return !AnonymousAuthenticationToken.class.isAssignableFrom(this.principal.getClass())
this.principal.isAuthenticated(); && this.principal.isAuthenticated();
} }
} }

1
eiam-protocol/eiam-protocol-jwt/src/main/java/cn/topiam/employee/protocol/jwt/authentication/JwtRequestAuthenticationToken.java
View File

@ -56,7 +56,6 @@ public class JwtRequestAuthenticationToken extends AbstractAuthenticationToken {
@Getter @Getter
private final Map<String, Object> additionalParameters; private final Map<String, Object> additionalParameters;
public JwtRequestAuthenticationToken(Authentication principal, String targetUrl, public JwtRequestAuthenticationToken(Authentication principal, String targetUrl,
JwtProtocolConfig config, JwtProtocolConfig config,
Map<String, Object> additionalParameters) { Map<String, Object> additionalParameters) {

29
eiam-protocol/eiam-protocol-jwt/src/main/java/cn/topiam/employee/protocol/jwt/authentication/OidcLogoutAuthenticationProvider.java
View File

@ -1,17 +1,19 @@
/* /*
* Copyright 2020-2023 the original author or authors. * eiam-protocol-jwt - Employee Identity and Access Management
* Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn)
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * This program is free software: you can redistribute it and/or modify
* you may not use this file except in compliance with the License. * it under the terms of the GNU Affero General Public License as published by
* You may obtain a copy of the License at * the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* *
* https://www.apache.org/licenses/LICENSE-2.0 * This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
* *
* Unless required by applicable law or agreed to in writing, software * You should have received a copy of the GNU Affero General Public License
* distributed under the License is distributed on an "AS IS" BASIS, * along with this program. If not, see <http://www.gnu.org/licenses/>.
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/ */
package cn.topiam.employee.protocol.jwt.authentication; package cn.topiam.employee.protocol.jwt.authentication;
@ -28,20 +30,17 @@ import org.springframework.security.core.session.SessionRegistry;
*/ */
public final class OidcLogoutAuthenticationProvider implements AuthenticationProvider { public final class OidcLogoutAuthenticationProvider implements AuthenticationProvider {
@Override @Override
public Authentication authenticate(Authentication authentication) throws AuthenticationException { public Authentication authenticate(Authentication authentication) throws AuthenticationException {
JwtLogoutAuthenticationToken logoutAuthenticationToken = (JwtLogoutAuthenticationToken) authentication; JwtLogoutAuthenticationToken logoutAuthenticationToken = (JwtLogoutAuthenticationToken) authentication;
SessionInformation sessionInformation=sessionRegistry.getSessionInformation(logoutAuthenticationToken.getSessionId()); SessionInformation sessionInformation = sessionRegistry
.getSessionInformation(logoutAuthenticationToken.getSessionId());
if (sessionInformation.isExpired()) { if (sessionInformation.isExpired()) {
} }
return null; return null;
} }
@Override @Override
public boolean supports(Class<?> authentication) { public boolean supports(Class<?> authentication) {
return JwtLogoutAuthenticationToken.class.isAssignableFrom(authentication); return JwtLogoutAuthenticationToken.class.isAssignableFrom(authentication);

3
eiam-protocol/eiam-protocol-jwt/src/main/java/cn/topiam/employee/protocol/jwt/endpoint/JwtAuthenticationEndpointFilter.java
View File

@ -191,7 +191,8 @@ public final class JwtAuthenticationEndpointFilter extends OncePerRequestFilter
} }
this.authenticationFailureHandler.onAuthenticationFailure(request, response, ex); this.authenticationFailureHandler.onAuthenticationFailure(request, response, ex);
} catch (Exception ex) { } catch (Exception ex) {
JwtError error = new JwtError(JwtErrorCodes.SERVER_ERROR,ex.getMessage(),JWT_ERROR_URI); JwtError error = new JwtError(JwtErrorCodes.SERVER_ERROR, ex.getMessage(),
JWT_ERROR_URI);
if (this.logger.isTraceEnabled()) { if (this.logger.isTraceEnabled()) {
this.logger.trace(error, ex); this.logger.trace(error, ex);
} }

17
eiam-protocol/eiam-protocol-jwt/src/main/java/cn/topiam/employee/protocol/jwt/endpoint/JwtAuthenticationEndpointUtils.java
View File

@ -1,3 +1,20 @@
/*
* eiam-protocol-jwt - Employee Identity and Access Management
* Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.protocol.jwt.endpoint; package cn.topiam.employee.protocol.jwt.endpoint;
import cn.topiam.employee.protocol.jwt.exception.JwtAuthenticationException; import cn.topiam.employee.protocol.jwt.exception.JwtAuthenticationException;

18
eiam-protocol/eiam-protocol-jwt/src/main/java/cn/topiam/employee/protocol/jwt/endpoint/JwtLogoutAuthenticationEndpointFilter.java
View File

@ -92,9 +92,9 @@ public final class JwtLogoutAuthenticationEndpointFilter extends OncePerRequestF
*/ */
private final AuthenticationManager authenticationManager; private final AuthenticationManager authenticationManager;
public JwtLogoutAuthenticationEndpointFilter(RequestMatcher requestMatcher, public JwtLogoutAuthenticationEndpointFilter(RequestMatcher requestMatcher,
SessionRegistry sessionRegistry, AuthenticationManager authenticationManager) { SessionRegistry sessionRegistry,
AuthenticationManager authenticationManager) {
Assert.notNull(requestMatcher, "requestMatcher cannot be empty"); Assert.notNull(requestMatcher, "requestMatcher cannot be empty");
Assert.notNull(sessionRegistry, "sessionRegistry cannot be empty"); Assert.notNull(sessionRegistry, "sessionRegistry cannot be empty");
Assert.notNull(sessionRegistry, "authenticationManager cannot be empty"); Assert.notNull(sessionRegistry, "authenticationManager cannot be empty");
@ -155,8 +155,10 @@ public final class JwtLogoutAuthenticationEndpointFilter extends OncePerRequestF
((AbstractAuthenticationToken) authentication) ((AbstractAuthenticationToken) authentication)
.setDetails(this.authenticationDetailsSource.buildDetails(request)); .setDetails(this.authenticationDetailsSource.buildDetails(request));
} }
Authentication authenticationResult= authenticationManager.authenticate(authentication); Authentication authenticationResult = authenticationManager
authenticationSuccessHandler.onAuthenticationSuccess(request,response,authenticationResult); .authenticate(authentication);
authenticationSuccessHandler.onAuthenticationSuccess(request, response,
authenticationResult);
} catch (JwtAuthenticationException ex) { } catch (JwtAuthenticationException ex) {
if (this.logger.isTraceEnabled()) { if (this.logger.isTraceEnabled()) {
this.logger.trace(LogMessage.format("JWT logout request failed: %s", ex.getError()), this.logger.trace(LogMessage.format("JWT logout request failed: %s", ex.getError()),
@ -164,7 +166,8 @@ public final class JwtLogoutAuthenticationEndpointFilter extends OncePerRequestF
} }
this.authenticationFailureHandler.onAuthenticationFailure(request, response, ex); this.authenticationFailureHandler.onAuthenticationFailure(request, response, ex);
} catch (Exception ex) { } catch (Exception ex) {
JwtError error = new JwtError(JwtErrorCodes.SERVER_ERROR,ex.getMessage(),JWT_ERROR_URI); JwtError error = new JwtError(JwtErrorCodes.SERVER_ERROR, ex.getMessage(),
JWT_ERROR_URI);
if (this.logger.isTraceEnabled()) { if (this.logger.isTraceEnabled()) {
this.logger.trace(error, ex); this.logger.trace(error, ex);
} }
@ -173,7 +176,6 @@ public final class JwtLogoutAuthenticationEndpointFilter extends OncePerRequestF
} }
} }
/** /**
* *
* *
@ -185,8 +187,8 @@ public final class JwtLogoutAuthenticationEndpointFilter extends OncePerRequestF
Authentication authentication) { Authentication authentication) {
JwtLogoutAuthenticationToken jwtLogoutAuthentication = (JwtLogoutAuthenticationToken) authentication; JwtLogoutAuthenticationToken jwtLogoutAuthentication = (JwtLogoutAuthenticationToken) authentication;
// Check for active user session // Check for active user session
if (jwtLogoutAuthentication.isPrincipalAuthenticated() && if (jwtLogoutAuthentication.isPrincipalAuthenticated()
StringUtils.hasText(jwtLogoutAuthentication.getSessionId())) { && StringUtils.hasText(jwtLogoutAuthentication.getSessionId())) {
// Perform logout // Perform logout
this.logoutHandler.logout(request, response, this.logoutHandler.logout(request, response,
(Authentication) jwtLogoutAuthentication.getPrincipal()); (Authentication) jwtLogoutAuthentication.getPrincipal());

22
eiam-protocol/eiam-protocol-jwt/src/main/java/cn/topiam/employee/protocol/jwt/endpoint/authentication/JwtLogoutAuthenticationConverter.java
View File

@ -1,17 +1,19 @@
/* /*
* Copyright 2020-2023 the original author or authors. * eiam-protocol-jwt - Employee Identity and Access Management
* Copyright © 2022-Present Jinan Yuanchuang Network Technology Co., Ltd. (support@topiam.cn)
* *
* Licensed under the Apache License, Version 2.0 (the "License"); * This program is free software: you can redistribute it and/or modify
* you may not use this file except in compliance with the License. * it under the terms of the GNU Affero General Public License as published by
* You may obtain a copy of the License at * the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
* *
* https://www.apache.org/licenses/LICENSE-2.0 * This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
* *
* Unless required by applicable law or agreed to in writing, software * You should have received a copy of the GNU Affero General Public License
* distributed under the License is distributed on an "AS IS" BASIS, * along with this program. If not, see <http://www.gnu.org/licenses/>.
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/ */
package cn.topiam.employee.protocol.jwt.endpoint.authentication; package cn.topiam.employee.protocol.jwt.endpoint.authentication;