Examples with OnlineTicket - org.maxkey.authn.online.OnlineTicket

Example 1 with OnlineTicket

use of org.maxkey.authn.online.OnlineTicket in project MaxKey by dromara.

the class OAuth2UserDetailsService method loadUserByUsername.

public UserDetails loadUserByUsername(String username) throws UsernameNotFoundException {
    UserInfo userInfo;
    try {
        userInfo = loginRepository.find(username, "");
    } catch (NoSuchClientException e) {
        throw new UsernameNotFoundException(e.getMessage(), e);
    }
    String onlineTickitId = WebConstants.ONLINE_TICKET_PREFIX + "-" + java.util.UUID.randomUUID().toString().toLowerCase();
    SigninPrincipal signinPrincipal = new SigninPrincipal(userInfo);
    OnlineTicket onlineTicket = new OnlineTicket(onlineTickitId);
    // set OnlineTicket
    signinPrincipal.setOnlineTicket(onlineTicket);
    ArrayList<GrantedAuthority> grantedAuthoritys = loginRepository.grantAuthority(userInfo);
    signinPrincipal.setAuthenticated(true);
    for (GrantedAuthority administratorsAuthority : AbstractAuthenticationProvider.grantedAdministratorsAuthoritys) {
        if (grantedAuthoritys.contains(administratorsAuthority)) {
            signinPrincipal.setRoleAdministrators(true);
            _logger.trace("ROLE ADMINISTRATORS Authentication .");
        }
    }
    _logger.debug("Granted Authority " + grantedAuthoritys);
    signinPrincipal.setGrantedAuthorityApps(grantedAuthoritys);
    return signinPrincipal;
}

Also used : UsernameNotFoundException(org.springframework.security.core.userdetails.UsernameNotFoundException) OnlineTicket(org.maxkey.authn.online.OnlineTicket) GrantedAuthority(org.springframework.security.core.GrantedAuthority) SigninPrincipal(org.maxkey.authn.SigninPrincipal) UserInfo(org.maxkey.entity.UserInfo)

Example 2 with OnlineTicket

use of org.maxkey.authn.online.OnlineTicket in project MaxKey by dromara.

the class CasAuthorizeEndpoint method grantingTicket.

@RequestMapping(CasConstants.ENDPOINT.ENDPOINT_SERVICE_TICKET_GRANTING)
public ModelAndView grantingTicket(Principal principal, @AuthenticationPrincipal Object user, HttpServletRequest request, HttpServletResponse response) {
    AppsCasDetails casDetails = (AppsCasDetails) WebContext.getAttribute(CasConstants.PARAMETER.ENDPOINT_CAS_DETAILS);
    ServiceTicketImpl serviceTicket = new ServiceTicketImpl(WebContext.getAuthentication(), casDetails);
    String ticket = ticketServices.createTicket(serviceTicket, casDetails.getExpires());
    StringBuffer callbackUrl = new StringBuffer(casDetails.getCallbackUrl());
    if (casDetails.getCallbackUrl().indexOf("?") == -1) {
        callbackUrl.append("?");
    }
    if (callbackUrl.indexOf("&") != -1 || callbackUrl.indexOf("=") != -1) {
        callbackUrl.append("&");
    }
    // append ticket
    callbackUrl.append(CasConstants.PARAMETER.TICKET).append("=").append(ticket);
    callbackUrl.append("&");
    // append service
    callbackUrl.append(CasConstants.PARAMETER.SERVICE).append("=").append(casDetails.getService());
    // 增加可自定义的参数
    if (WebContext.getAttribute(CasConstants.PARAMETER.PARAMETER_MAP) != null) {
        @SuppressWarnings("unchecked") Map<String, String> parameterMap = (Map<String, String>) WebContext.getAttribute(CasConstants.PARAMETER.PARAMETER_MAP);
        parameterMap.remove(CasConstants.PARAMETER.TICKET);
        parameterMap.remove(CasConstants.PARAMETER.SERVICE);
        for (String key : parameterMap.keySet()) {
            callbackUrl.append("&").append(key).append("=").append(parameterMap.get(key));
        }
    }
    if (casDetails.getLogoutType() == LogoutType.BACK_CHANNEL) {
        String onlineTicketId = ((SigninPrincipal) WebContext.getAuthentication().getPrincipal()).getOnlineTicket().getTicketId();
        OnlineTicket onlineTicket = onlineTicketServices.get(onlineTicketId);
        // set cas ticket as OnlineTicketId
        casDetails.setOnlineTicket(ticket);
        onlineTicket.setAuthorizedApp(casDetails);
        onlineTicketServices.store(onlineTicketId, onlineTicket);
    }
    _logger.debug("redirect to CAS Client URL {}", callbackUrl);
    ModelAndView modelAndView = new ModelAndView("authorize/cas_sso_submint");
    modelAndView.addObject("callbackUrl", callbackUrl.toString());
    return modelAndView;
}

Also used : ServiceTicketImpl(org.maxkey.authz.cas.endpoint.ticket.ServiceTicketImpl) OnlineTicket(org.maxkey.authn.online.OnlineTicket) AppsCasDetails(org.maxkey.entity.apps.AppsCasDetails) ModelAndView(org.springframework.web.servlet.ModelAndView) Map(java.util.Map) RequestMapping(org.springframework.web.bind.annotation.RequestMapping)

Example 3 with OnlineTicket

use of org.maxkey.authn.online.OnlineTicket in project MaxKey by dromara.

the class RealmAuthenticationProvider method createOnlineSession.

public UsernamePasswordAuthenticationToken createOnlineSession(LoginCredential credential, UserInfo userInfo) {
    String currentUserSessionId = WebContext.genId();
    // Online Tickit Id
    String onlineTickitId = WebConstants.ONLINE_TICKET_PREFIX + "-" + currentUserSessionId;
    _logger.debug("set online Tickit Cookie {} on domain {}", onlineTickitId, this.applicationConfig.getBaseDomainName());
    OnlineTicket onlineTicket = new OnlineTicket(onlineTickitId);
    // set ONLINE_TICKET cookie
    WebContext.setCookie(WebContext.getResponse(), this.applicationConfig.getBaseDomainName(), WebConstants.ONLINE_TICKET_NAME, onlineTickitId);
    SigninPrincipal signinPrincipal = new SigninPrincipal(userInfo);
    // set OnlineTicket
    signinPrincipal.setOnlineTicket(onlineTicket);
    ArrayList<GrantedAuthority> grantedAuthoritys = authenticationRealm.grantAuthority(userInfo);
    signinPrincipal.setAuthenticated(true);
    for (GrantedAuthority administratorsAuthority : grantedAdministratorsAuthoritys) {
        if (grantedAuthoritys.contains(administratorsAuthority)) {
            signinPrincipal.setRoleAdministrators(true);
            _logger.trace("ROLE ADMINISTRATORS Authentication .");
        }
    }
    _logger.debug("Granted Authority {}", grantedAuthoritys);
    signinPrincipal.setGrantedAuthorityApps(authenticationRealm.queryAuthorizedApps(grantedAuthoritys));
    UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(signinPrincipal, "PASSWORD", grantedAuthoritys);
    authenticationToken.setDetails(new WebAuthenticationDetails(WebContext.getRequest()));
    onlineTicket.setAuthentication(authenticationToken);
    this.onlineTicketServices.store(onlineTickitId, onlineTicket);
    /*
         *  put userInfo to current session context
         */
    WebContext.setUserInfo(userInfo);
    WebContext.setAuthentication(authenticationToken);
    WebContext.setAttribute(WebConstants.CURRENT_USER_SESSION_ID, currentUserSessionId);
    if (!WebContext.getInst(WebContext.getRequest()).equalsIgnoreCase(userInfo.getInstId())) {
    // TODO :
    }
    return authenticationToken;
}

Also used : WebAuthenticationDetails(org.springframework.security.web.authentication.WebAuthenticationDetails) OnlineTicket(org.maxkey.authn.online.OnlineTicket) GrantedAuthority(org.springframework.security.core.GrantedAuthority) UsernamePasswordAuthenticationToken(org.springframework.security.authentication.UsernamePasswordAuthenticationToken)

Example 4 with OnlineTicket

use of org.maxkey.authn.online.OnlineTicket in project MaxKey by dromara.

the class LogoutEndpoint method logoutModelAndView.

private ModelAndView logoutModelAndView(HttpServletRequest request, HttpServletResponse response, String viewName, String reLoginUrl) {
    ModelAndView modelAndView = new ModelAndView();
    authenticationRealm.logout(response);
    if (reLoginUrl == null || reLoginUrl.equals("")) {
        SavedRequest firstSavedRequest = (SavedRequest) WebContext.getAttribute(WebConstants.FIRST_SAVED_REQUEST_PARAMETER);
        reLoginUrl = "/login";
        if (firstSavedRequest != null) {
            reLoginUrl = firstSavedRequest.getRedirectUrl();
            WebContext.removeAttribute(WebConstants.FIRST_SAVED_REQUEST_PARAMETER);
        }
    }
    // not start with http or https
    if (reLoginUrl != null && !reLoginUrl.toLowerCase().startsWith("http")) {
        if (reLoginUrl.startsWith("/")) {
            reLoginUrl = request.getContextPath() + reLoginUrl;
        } else {
            reLoginUrl = request.getContextPath() + "/" + reLoginUrl;
        }
    }
    _logger.debug("re Login URL : " + reLoginUrl);
    modelAndView.addObject("reloginUrl", reLoginUrl);
    // if logined in have onlineTicket ,need remove or logout back
    if (WebContext.getAuthentication() != null) {
        String onlineTicketId = ((SigninPrincipal) WebContext.getAuthentication().getPrincipal()).getOnlineTicket().getTicketId();
        OnlineTicket onlineTicket = onlineTicketServices.get(onlineTicketId);
        if (onlineTicket != null) {
            Set<Entry<String, Apps>> entrySet = onlineTicket.getAuthorizedApps().entrySet();
            Iterator<Entry<String, Apps>> iterator = entrySet.iterator();
            while (iterator.hasNext()) {
                Entry<String, Apps> mapEntry = iterator.next();
                _logger.debug("App Id : " + mapEntry.getKey() + " , " + mapEntry.getValue());
                if (mapEntry.getValue().getLogoutType() == LogoutType.BACK_CHANNEL) {
                    SingleLogout singleLogout;
                    if (mapEntry.getValue().getProtocol().equalsIgnoreCase(ConstsProtocols.CAS)) {
                        singleLogout = new SamlSingleLogout();
                    } else {
                        singleLogout = new DefaultSingleLogout();
                    }
                    singleLogout.sendRequest(onlineTicket.getAuthentication(), mapEntry.getValue());
                }
            }
            onlineTicketServices.remove(onlineTicketId);
        }
    }
    // remove ONLINE_TICKET cookie
    WebContext.expiryCookie(WebContext.getResponse(), this.applicationConfig.getBaseDomainName(), WebConstants.ONLINE_TICKET_NAME, UUID.randomUUID().toString());
    request.getSession().invalidate();
    // for(String removeAttribute : WebContext.logoutAttributeNameList) {
    // request.getSession().removeAttribute(removeAttribute);
    // }
    SecurityContextHolder.clearContext();
    modelAndView.setViewName(viewName);
    return modelAndView;
}

Also used : Entry(java.util.Map.Entry) OnlineTicket(org.maxkey.authn.online.OnlineTicket) ModelAndView(org.springframework.web.servlet.ModelAndView) DefaultSingleLogout(org.maxkey.authz.singlelogout.DefaultSingleLogout) SamlSingleLogout(org.maxkey.authz.singlelogout.SamlSingleLogout) SingleLogout(org.maxkey.authz.singlelogout.SingleLogout) DefaultSingleLogout(org.maxkey.authz.singlelogout.DefaultSingleLogout) Apps(org.maxkey.entity.apps.Apps) SamlSingleLogout(org.maxkey.authz.singlelogout.SamlSingleLogout) SavedRequest(org.springframework.security.web.savedrequest.SavedRequest)

Aggregations

OnlineTicket (org.maxkey.authn.online.OnlineTicket)4 GrantedAuthority (org.springframework.security.core.GrantedAuthority)2 ModelAndView (org.springframework.web.servlet.ModelAndView)2 Map (java.util.Map)1 Entry (java.util.Map.Entry)1 SigninPrincipal (org.maxkey.authn.SigninPrincipal)1 ServiceTicketImpl (org.maxkey.authz.cas.endpoint.ticket.ServiceTicketImpl)1 DefaultSingleLogout (org.maxkey.authz.singlelogout.DefaultSingleLogout)1 SamlSingleLogout (org.maxkey.authz.singlelogout.SamlSingleLogout)1 SingleLogout (org.maxkey.authz.singlelogout.SingleLogout)1 UserInfo (org.maxkey.entity.UserInfo)1 Apps (org.maxkey.entity.apps.Apps)1 AppsCasDetails (org.maxkey.entity.apps.AppsCasDetails)1 UsernamePasswordAuthenticationToken (org.springframework.security.authentication.UsernamePasswordAuthenticationToken)1 UsernameNotFoundException (org.springframework.security.core.userdetails.UsernameNotFoundException)1 WebAuthenticationDetails (org.springframework.security.web.authentication.WebAuthenticationDetails)1 SavedRequest (org.springframework.security.web.savedrequest.SavedRequest)1 RequestMapping (org.springframework.web.bind.annotation.RequestMapping)1