Authentication 优化

maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java

@@ -18,7 +18,6 @@
 package org.maxkey.authn;
 
 import java.util.ArrayList;
-
 import org.maxkey.authn.online.OnlineTicketServices;
 import org.maxkey.authn.realm.AbstractAuthenticationRealm;
 import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
@@ -39,7 +38,6 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
-
 /**
  * login Authentication abstract class.
  * 
@@ -78,9 +76,9 @@ public abstract class AbstractAuthenticationProvider {
 
     protected abstract String getProviderName();
 
-    protected abstract Authentication doInternalAuthenticate(Authentication authentication);
+    protected abstract Authentication doInternalAuthenticate(LoginCredential authentication);
     
-    public abstract Authentication basicAuthenticate(Authentication authentication) ;
+    public abstract Authentication basicAuthenticate(LoginCredential authentication) ;
 
     public abstract Authentication trustAuthentication(
                                     String username, 
@@ -98,17 +96,18 @@ public abstract class AbstractAuthenticationProvider {
      * authenticate .
      * 
      */
-    public Authentication authenticate(Authentication authentication) 
+    public Authentication authenticate(LoginCredential loginCredential) 
             throws AuthenticationException {
         _logger.debug("Trying to authenticate user '{}' via {}", 
-                authentication.getPrincipal(), getProviderName());
-
+                loginCredential.getPrincipal(), getProviderName());
+        Authentication authentication = null;
         try {
-            authentication = doInternalAuthenticate(authentication);
+            authentication = doInternalAuthenticate(loginCredential);
         } catch (AuthenticationException e) {
             _logger.error("Failed to authenticate user {} via {}: {}",
-                    new Object[] { 
-                            authentication.getPrincipal(), getProviderName(), e.getMessage() });
+                    new Object[] {  loginCredential.getPrincipal(),
+                                    getProviderName(),
+                                    e.getMessage() });
             WebContext.setAttribute(
                     WebConstants.LOGIN_ERROR_SESSION_MESSAGE, e.getMessage());
         } catch (Exception e) {
@@ -131,7 +130,7 @@ public abstract class AbstractAuthenticationProvider {
         
         final Object firstSavedRequest =
                 WebContext.getAttribute(WebConstants.FIRST_SAVED_REQUEST_PARAMETER);
-        
+        //change Session
         WebContext.getSession().invalidate();
         WebContext.setAttribute(
                 WebConstants.CURRENT_USER_SESSION_ID, WebContext.getSession().getId());
@@ -147,14 +146,7 @@ public abstract class AbstractAuthenticationProvider {
         WebContext.getSession().setAttribute(
                 WebConstants.CURRENT_LOGIN_USER_PASSWORD_SET_TYPE, passwordSetType);
 
-        // create new authentication response containing the user and it's authorities
-        UsernamePasswordAuthenticationToken simpleUserAuthentication = 
-                new UsernamePasswordAuthenticationToken(
-                        userInfo.getUsername(), 
-                        authentication.getCredentials(), 
-                        authentication.getAuthorities()
-                );
-        return simpleUserAuthentication;
+        return authentication;
     }
 
     /**

maxkey-core/src/main/java/org/maxkey/authn/BasicAuthentication.java → maxkey-core/src/main/java/org/maxkey/authn/LoginCredential.java

@@ -1,32 +1,17 @@
-/*
- * Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
- * 
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- * 
- *     http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
- 
-
 package org.maxkey.authn;
 
 import java.util.ArrayList;
 import java.util.Collection;
 
-import org.maxkey.authn.online.OnlineTicket;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
 
-
-public class BasicAuthentication implements Authentication {
-    private static final long serialVersionUID = -110742975439268030L;
+public class LoginCredential  implements Authentication {
+    
+    /**
+     * 
+     */
+    private static final long serialVersionUID = 3125709257481600320L;
     String username;
     String password;
     String sessionId;
@@ -35,7 +20,7 @@ public class BasicAuthentication implements Authentication {
     String remeberMe;
     String authType;
     String jwtToken;
-    OnlineTicket onlineTicket;
+    String onlineTicket;
     ArrayList<GrantedAuthority> grantedAuthority;
     boolean authenticated;
     boolean roleAdministrators;
@@ -43,20 +28,21 @@ public class BasicAuthentication implements Authentication {
     /**
      * BasicAuthentication.
      */
-    public BasicAuthentication() {
+    public LoginCredential() {
     }
 
     /**
      * BasicAuthentication.
      */
-    public BasicAuthentication(String username,String password,String authType) {
+    public LoginCredential(String username,String password,String authType) {
         this.username = username;
         this.password = password;
         this.authType = authType;
     }
+    
     @Override
     public String getName() {
-        return "Basic Authentication";
+        return "Login Credential";
     }
 
     @Override
@@ -163,11 +149,11 @@ public class BasicAuthentication implements Authentication {
         this.grantedAuthority = grantedAuthority;
     }
 
-    public OnlineTicket getOnlineTicket() {
+    public String getOnlineTicket() {
         return onlineTicket;
     }
 
-    public void setOnlineTicket(OnlineTicket onlineTicket) {
+    public void setOnlineTicket(String onlineTicket) {
         this.onlineTicket = onlineTicket;
     }
 

maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java

@@ -49,41 +49,40 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
     }
 
     @Override
-    protected Authentication doInternalAuthenticate(Authentication authentication) {
-        BasicAuthentication auth = (BasicAuthentication)authentication;
+    protected Authentication doInternalAuthenticate(LoginCredential loginCredential) {
 
-        _logger.debug("authentication " + auth);
+        _logger.debug("authentication " + loginCredential);
 
-        sessionValid(auth.getSessionId());
+        sessionValid(loginCredential.getSessionId());
 
         //jwtTokenValid(j_jwtToken);
 
-        authTypeValid(auth.getAuthType());
+        authTypeValid(loginCredential.getAuthType());
 
-        captchaValid(auth.getCaptcha(),auth.getAuthType());
+        captchaValid(loginCredential.getCaptcha(),loginCredential.getAuthType());
 
-        emptyPasswordValid(auth.getPassword());
+        emptyPasswordValid(loginCredential.getPassword());
 
         UserInfo userInfo = null;
 
-        emptyUsernameValid(auth.getUsername());
+        emptyUsernameValid(loginCredential.getUsername());
 
-        userInfo =  loadUserInfo(auth.getUsername(),auth.getPassword());
+        userInfo =  loadUserInfo(loginCredential.getUsername(),loginCredential.getPassword());
 
-        userinfoValid(userInfo, auth.getPassword());
+        userinfoValid(userInfo, loginCredential.getPassword());
 
-        tftcaptchaValid(auth.getOtpCaptcha(),auth.getAuthType(),userInfo);
+        tftcaptchaValid(loginCredential.getOtpCaptcha(),loginCredential.getAuthType(),userInfo);
 
         authenticationRealm.getPasswordPolicyValidator().passwordPolicyValid(userInfo);
 
-        authenticationRealm.passwordMatches(userInfo, auth.getPassword());
+        authenticationRealm.passwordMatches(userInfo, loginCredential.getPassword());
         
-        UsernamePasswordAuthenticationToken authenticationToken = setOnline(auth,userInfo);
+        UsernamePasswordAuthenticationToken authenticationToken = setOnline(loginCredential,userInfo);
         //RemeberMe Config check then set  RemeberMe cookies
         if (applicationConfig.getLoginConfig().isRemeberMe()) {
-            if (auth.getRemeberMe() != null && auth.getRemeberMe().equals("remeberMe")) {
+            if (loginCredential.getRemeberMe() != null && loginCredential.getRemeberMe().equals("remeberMe")) {
                 WebContext.getSession().setAttribute(
-                        WebConstants.REMEBER_ME_SESSION,auth.getUsername());
+                        WebConstants.REMEBER_ME_SESSION,loginCredential.getUsername());
                 _logger.debug("do Remeber Me");
                 remeberMeService.createRemeberMe(
                         userInfo.getUsername(), 
@@ -98,20 +97,19 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
     }
     
     @Override
-    public Authentication basicAuthenticate(Authentication authentication) {
-        BasicAuthentication auth = (BasicAuthentication) authentication;
-        UserInfo loadeduserInfo = loadUserInfo(auth.getUsername(), "");
+    public Authentication basicAuthenticate(LoginCredential loginCredential) {
+        UserInfo loadeduserInfo = loadUserInfo(loginCredential.getUsername(), "");
         if (loadeduserInfo != null) {
-            authenticationRealm.passwordMatches(loadeduserInfo, auth.getPassword());
+            authenticationRealm.passwordMatches(loadeduserInfo, loginCredential.getPassword());
 
             authenticationRealm.getPasswordPolicyValidator().passwordPolicyValid(loadeduserInfo);
 
-            authenticationRealm.insertLoginHistory(loadeduserInfo, auth.getAuthType(), "", "", "SUCCESS");
+            authenticationRealm.insertLoginHistory(loadeduserInfo, loginCredential.getAuthType(), "", "", "SUCCESS");
                         
-            return setOnline(auth,loadeduserInfo);
+            return setOnline(loginCredential,loadeduserInfo);
         }else {
             String message = WebContext.getI18nValue("login.error.username");
-            _logger.debug("login user  " + auth.getUsername() + " not in this System ." + message);
+            _logger.debug("login user  " + loginCredential.getUsername() + " not in this System ." + message);
             throw new BadCredentialsException(WebContext.getI18nValue("login.error.username"));
         }
     }
@@ -133,12 +131,12 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
                                             String message) {
         UserInfo loadeduserInfo = loadUserInfo(username, "");
         if (loadeduserInfo != null) {
-            BasicAuthentication auth = new BasicAuthentication();
-            auth.setUsername(loadeduserInfo.getUsername());
+            LoginCredential loginCredential = new LoginCredential();
+            loginCredential.setUsername(loadeduserInfo.getUsername());
             
             authenticationRealm.insertLoginHistory(loadeduserInfo, type, provider, code, message);
             
-            return setOnline(auth,loadeduserInfo);
+            return setOnline(loginCredential,loadeduserInfo);
         }else {
             String i18nMessage = WebContext.getI18nValue("login.error.username");
             _logger.debug("login user  " + username + " not in this System ." + i18nMessage);
@@ -146,7 +144,7 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
         }
     }
     
-    public UsernamePasswordAuthenticationToken setOnline(BasicAuthentication authentication,UserInfo userInfo) {
+    public UsernamePasswordAuthenticationToken setOnline(LoginCredential credential,UserInfo userInfo) {
         //Online Tickit Id
         String onlineTickitId = WebConstants.ONLINE_TICKET_PREFIX + "-" + java.util.UUID.randomUUID().toString().toLowerCase();
         _logger.debug("set online Tickit Cookie " + onlineTickitId + " on domain "+ this.applicationConfig.getBaseDomainName());
@@ -157,27 +155,26 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
                 onlineTickitId, 
                 0);
         
+        SigninPrincipal signinPrincipal = new SigninPrincipal(userInfo);
         //set OnlineTicket
-        OnlineTicket onlineTicket = new OnlineTicket(onlineTickitId,authentication);
-        this.onlineTicketServices.store(onlineTickitId, onlineTicket);
-        authentication.setOnlineTicket(onlineTicket);
+        signinPrincipal.setOnlineTicket(onlineTickitId);
         ArrayList<GrantedAuthority> grantedAuthoritys = authenticationRealm.grantAuthority(userInfo);
         //set default roles
         grantedAuthoritys.add(new SimpleGrantedAuthority("ROLE_USER"));
         grantedAuthoritys.add(new SimpleGrantedAuthority("ROLE_ORDINARY_USER"));
         
-        authentication.setAuthenticated(true);
+        signinPrincipal.setAuthenticated(true);
         
         for(GrantedAuthority administratorsAuthority : grantedAdministratorsAuthoritys) {
             if(grantedAuthoritys.contains(administratorsAuthority)) {
-                authentication.setRoleAdministrators(true);
+                signinPrincipal.setRoleAdministrators(true);
                 _logger.trace("ROLE ADMINISTRATORS Authentication .");
             }
         }
         
         UsernamePasswordAuthenticationToken authenticationToken =
                 new UsernamePasswordAuthenticationToken(
-                        authentication, 
+                        signinPrincipal, 
                         "PASSWORD", 
                         grantedAuthoritys
                 );
@@ -185,12 +182,13 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
         authenticationToken.setDetails(
                 new WebAuthenticationDetails(WebContext.getRequest()));
         
+        OnlineTicket onlineTicket = new OnlineTicket(onlineTickitId,authenticationToken);
+        this.onlineTicketServices.store(onlineTickitId, onlineTicket);
         /*
          *  put userInfo to current session context
          */
         WebContext.setAuthentication(authenticationToken);
         
-        userInfo.setOnlineTicket(onlineTicket);
         WebContext.setUserInfo(userInfo);
         
         return authenticationToken;

maxkey-core/src/main/java/org/maxkey/authn/SigninPrincipal.java

@@ -0,0 +1,172 @@
+/*
+ * Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+ 
+
+package org.maxkey.authn;
+
+import java.util.ArrayList;
+import java.util.Collection;
+
+import org.maxkey.domain.UserInfo;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+
+
+public class SigninPrincipal implements  UserDetails {
+    private static final long serialVersionUID = -110742975439268030L;
+    UserInfo userInfo;
+    
+    UserDetails userDetails;
+    
+    String onlineTicket;
+    ArrayList<GrantedAuthority> grantedAuthority;
+    boolean authenticated;
+    boolean roleAdministrators;
+
+    /**
+     * SigninPrincipal.
+     */
+    public SigninPrincipal() {
+    }
+    
+    /**
+     * SigninPrincipal.
+     */
+    public SigninPrincipal(UserInfo userInfo) {
+        this.userInfo = userInfo;
+        this.authenticated = true;
+    }
+    
+    /**
+     * SigninPrincipal.
+     */
+    public SigninPrincipal(UserDetails userDetails) {
+        this.userDetails = userDetails;
+        this.authenticated = true;
+    }
+
+    public UserInfo getUserInfo() {
+        return userInfo;
+    }
+
+    public void setUserInfo(UserInfo userInfo) {
+        this.userInfo = userInfo;
+    }
+
+    public boolean isAuthenticated() {
+        return authenticated;
+    }
+
+    public void setAuthenticated(boolean authenticated) {
+        this.authenticated = authenticated;
+    }
+
+    @Override
+    public Collection<? extends GrantedAuthority> getAuthorities() {
+        return grantedAuthority;
+    }
+
+    public ArrayList<GrantedAuthority> getGrantedAuthority() {
+        return grantedAuthority;
+    }
+
+    public UserDetails getUserDetails() {
+        return userDetails;
+    }
+
+    public void setUserDetails(UserDetails userDetails) {
+        this.userDetails = userDetails;
+    }
+
+    public void setGrantedAuthority(ArrayList<GrantedAuthority> grantedAuthority) {
+        this.grantedAuthority = grantedAuthority;
+    }
+
+    public String getOnlineTicket() {
+        return onlineTicket;
+    }
+
+    public void setOnlineTicket(String onlineTicket) {
+        this.onlineTicket = onlineTicket;
+    }
+
+    public boolean isRoleAdministrators() {
+        return roleAdministrators;
+    }
+
+    public void setRoleAdministrators(boolean roleAdministrators) {
+        this.roleAdministrators = roleAdministrators;
+    }
+    
+
+    @Override
+    public boolean isAccountNonExpired() {
+        return false;
+    }
+
+    @Override
+    public boolean isAccountNonLocked() {
+        return false;
+    }
+
+    @Override
+    public boolean isCredentialsNonExpired() {
+        return false;
+    }
+
+    @Override
+    public boolean isEnabled() {
+        return false;
+    }
+
+    @Override
+    public String getUsername() {
+        if(this.userInfo != null) {
+            return this.userInfo.getUsername();
+        }else {
+            return this.userDetails.getUsername();
+        }        
+    }
+    
+    @Override
+    public String getPassword() {
+        if(this.userInfo != null) {
+            return this.userInfo.getPassword();
+        }else {
+            return this.userDetails.getPassword();
+        }  
+    }
+
+    @Override
+    public String toString() {
+        StringBuilder builder = new StringBuilder();
+        builder.append("SigninPrincipal [userInfo=");
+        builder.append(userInfo);
+        builder.append(", onlineTicket=");
+        builder.append(onlineTicket);
+        builder.append(", grantedAuthority=");
+        builder.append(grantedAuthority);
+        builder.append(", authenticated=");
+        builder.append(authenticated);
+        builder.append(", roleAdministrators=");
+        builder.append(roleAdministrators);
+        builder.append("]");
+        return builder.toString();
+    }
+
+
+
+}

maxkey-core/src/main/java/org/maxkey/autoconfigure/MvcAutoConfiguration.java

@@ -20,6 +20,9 @@ package org.maxkey.autoconfigure;
 import java.nio.charset.Charset;
 import java.util.ArrayList;
 import java.util.List;
+
+import javax.servlet.Filter;
+
 import org.maxkey.constants.ConstantsProperties;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -28,6 +31,7 @@ import org.springframework.beans.factory.annotation.Value;
 import org.springframework.boot.web.server.ConfigurableWebServerFactory;
 import org.springframework.boot.web.server.ErrorPage;
 import org.springframework.boot.web.server.WebServerFactoryCustomizer;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.PropertySource;
@@ -39,7 +43,9 @@ import org.springframework.http.converter.StringHttpMessageConverter;
 import org.springframework.http.converter.json.MappingJackson2HttpMessageConverter;
 import org.springframework.http.converter.xml.MarshallingHttpMessageConverter;
 import org.springframework.oxm.jaxb.Jaxb2Marshaller;
+import org.springframework.security.web.servletapi.SecurityContextHolderAwareRequestFilter;
 import org.springframework.web.client.RestTemplate;
+import org.springframework.web.filter.DelegatingFilterProxy;
 import org.springframework.web.multipart.commons.CommonsMultipartResolver;
 import org.springframework.web.servlet.i18n.CookieLocaleResolver;
 import org.springframework.web.servlet.i18n.LocaleChangeInterceptor;
@@ -244,6 +250,25 @@ public class MvcAutoConfiguration implements InitializingBean {
         };
     }
     
+    @Bean
+    public SecurityContextHolderAwareRequestFilter securityContextHolderAwareRequestFilter() {
+        _logger.debug("securityContextHolderAwareRequestFilter init ");
+        return new SecurityContextHolderAwareRequestFilter();
+    }
+    
+    @Bean
+    public FilterRegistrationBean<Filter> delegatingFilterProxy() {
+        _logger.debug("delegatingFilterProxy init for /* ");
+        FilterRegistrationBean<Filter> registrationBean = new FilterRegistrationBean<Filter>();
+        registrationBean.setFilter(new DelegatingFilterProxy("securityContextHolderAwareRequestFilter"));
+        registrationBean.addUrlPatterns("/*");
+        //registrationBean.
+        registrationBean.setName("delegatingFilterProxy");
+        registrationBean.setOrder(1);
+        
+        return registrationBean;
+    }
+    
     @Override
     public void afterPropertiesSet() throws Exception {
         // TODO Auto-generated method stub

maxkey-core/src/main/java/org/maxkey/domain/UserInfo.java

@@ -26,7 +26,6 @@ import javax.persistence.GenerationType;
 import javax.persistence.Id;
 import javax.persistence.Table;
 import org.apache.mybatis.jpa.persistence.JpaBaseDomain;
-import org.maxkey.authn.online.OnlineTicket;
 import org.maxkey.util.StringUtils;
 import org.springframework.web.multipart.MultipartFile;
 
@@ -230,8 +229,6 @@ public class UserInfo extends JpaBaseDomain {
     protected HashMap<String, String> extraAttributeMap;
 
     protected int online;
-    
-    OnlineTicket onlineTicket;
 
     protected String ldapDn;
 
@@ -1165,14 +1162,6 @@ public class UserInfo extends JpaBaseDomain {
         this.createdBy = createdBy;
     }
 
-    public OnlineTicket getOnlineTicket() {
-        return onlineTicket;
-    }
-
-    public void setOnlineTicket(OnlineTicket onlineTicket) {
-        this.onlineTicket = onlineTicket;
-    }
-
     /**
      * @return the createdDate
      */

maxkey-core/src/main/java/org/maxkey/domain/apps/Apps.java

@@ -153,6 +153,8 @@ public class Apps extends JpaBaseDomain implements Serializable {
     
     protected String loginDateTime;
 
+    protected String onlineTicket;
+    
     public Apps() {
         super();
         isSignature = Boolean.FALSE;
@@ -549,6 +551,14 @@ public class Apps extends JpaBaseDomain implements Serializable {
         this.loginDateTime = loginDateTime;
     }
 
+    public String getOnlineTicket() {
+        return onlineTicket;
+    }
+
+    public void setOnlineTicket(String onlineTicket) {
+        this.onlineTicket = onlineTicket;
+    }
+
     @Override
     public String toString() {
         StringBuilder builder = new StringBuilder();

maxkey-core/src/main/java/org/maxkey/web/InitializeContext.java

@@ -36,6 +36,7 @@ import org.springframework.beans.BeansException;
 import org.springframework.context.ApplicationContext;
 import org.springframework.context.ConfigurableApplicationContext;
 import org.springframework.context.support.PropertySourcesPlaceholderConfigurer;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.web.context.support.WebApplicationContextUtils;
 
 /**
@@ -57,7 +58,10 @@ public class InitializeContext extends HttpServlet {
     @Override
     public void init(ServletConfig config) throws ServletException {
         super.init(config);
-
+        
+        _logger.info("SecurityContextHolder StrategyName " + SessionSecurityContextHolderStrategy.class.getCanonicalName());
+        SecurityContextHolder.setStrategyName(SessionSecurityContextHolderStrategy.class.getCanonicalName());
+        
         // List Environment Variables
         listEnvVars();
 

maxkey-core/src/main/java/org/maxkey/web/SessionSecurityContextHolderStrategy.java

@@ -0,0 +1,51 @@
+package org.maxkey.web;
+
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.context.SecurityContextHolderStrategy;
+import org.springframework.security.core.context.SecurityContextImpl;
+
+/**
+ * SecurityContext Session for Request , use SecurityContextHolderAwareRequestFilter
+ * @author Crystal.Sea
+ *
+ */
+public class SessionSecurityContextHolderStrategy implements SecurityContextHolderStrategy {
+    private static final Logger _logger = 
+            LoggerFactory.getLogger(SessionSecurityContextHolderStrategy.class);
+    
+    @Override
+    public void clearContext() {
+        WebContext.removeAttribute(WebConstants.AUTHENTICATION);
+    }
+
+    @Override
+    public SecurityContext getContext() {
+        SecurityContext ctx =  createEmptyContext();
+        Authentication  authentication = null;
+        try {
+            authentication = (Authentication)WebContext.getAuthentication();
+            if (authentication != null) {
+                ctx.setAuthentication(authentication);
+            }
+        }catch(Exception e) {
+            _logger.trace("a session ", e);
+        }
+       
+       
+        return ctx;
+    }
+
+    @Override
+    public void setContext(SecurityContext context) {
+        WebContext.setAuthentication(context.getAuthentication());
+    }
+
+    @Override
+    public SecurityContext createEmptyContext() {
+        return new SecurityContextImpl();
+    }
+
+}

maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/adapter/AbstractAuthorizeAdapter.java

@@ -19,6 +19,7 @@ package org.maxkey.authz.endpoint.adapter;
 
 import java.io.UnsupportedEncodingException;
 import org.apache.commons.codec.binary.Hex;
+import org.maxkey.authn.SigninPrincipal;
 import org.maxkey.constants.Boolean;
 import org.maxkey.crypto.Base64Utils;
 import org.maxkey.crypto.ReciprocalUtils;
@@ -39,7 +40,7 @@ public abstract class AbstractAuthorizeAdapter {
 	
 	public abstract ModelAndView authorize(UserInfo userInfo,Object app,String data,ModelAndView modelAndView);
 	
-	public abstract String generateInfo(UserInfo userInfo,Object app);
+	public abstract String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app);
 	
 	public String  sign(String data,Apps app){
 		if(Boolean.isTrue(app.getIsSignature())){

maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas10AuthorizeEndpoint.java

@@ -23,7 +23,7 @@ package org.maxkey.authz.cas.endpoint;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.maxkey.authn.BasicAuthentication;
+import org.maxkey.authn.SigninPrincipal;
 import org.maxkey.authz.cas.endpoint.response.Service10ResponseBuilder;
 import org.maxkey.authz.cas.endpoint.ticket.CasConstants;
 import org.maxkey.authz.cas.endpoint.ticket.Ticket;
@@ -102,7 +102,7 @@ renew [OPTIONAL] - if this parameter is set, ticket validation will only succeed
 		}
 		
 		if(storedTicket!=null){
-			String principal=((BasicAuthentication)storedTicket.getAuthentication().getPrincipal()).getUsername();
+			String principal=((SigninPrincipal)storedTicket.getAuthentication().getPrincipal()).getUsername();
 			_logger.debug("principal "+principal);
 			return new Service10ResponseBuilder().success()
 					.setUser(principal)

maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas20AuthorizeEndpoint.java

@@ -23,7 +23,7 @@ package org.maxkey.authz.cas.endpoint;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.maxkey.authn.BasicAuthentication;
+import org.maxkey.authn.SigninPrincipal;
 import org.maxkey.authz.cas.endpoint.response.ProxyServiceResponseBuilder;
 import org.maxkey.authz.cas.endpoint.response.ServiceResponseBuilder;
 import org.maxkey.authz.cas.endpoint.ticket.CasConstants;
@@ -193,7 +193,7 @@ For all error codes, it is RECOMMENDED that CAS provide a more detailed message
 		ServiceResponseBuilder serviceResponseBuilder=new ServiceResponseBuilder();
 		
 		if(storedTicket!=null){
-		    BasicAuthentication authentication = ((BasicAuthentication)storedTicket.getAuthentication().getPrincipal());
+		    SigninPrincipal authentication = ((SigninPrincipal)storedTicket.getAuthentication().getPrincipal());
 			String principal=authentication.getUsername();
 			_logger.debug("principal "+principal);
 			serviceResponseBuilder.success().setUser(principal);
@@ -201,8 +201,7 @@ For all error codes, it is RECOMMENDED that CAS provide a more detailed message
 			if(Boolean.isTrue(storedTicket.getCasDetails().getIsAdapter())){
 				AbstractAuthorizeAdapter adapter =(AbstractAuthorizeAdapter)Instance.newInstance(storedTicket.getCasDetails().getAdapter());
 				UserInfo userInfo = (UserInfo) userInfoService.loadByUsername(principal);
-				userInfo.setOnlineTicket(authentication.getOnlineTicket());
-				adapter.generateInfo(userInfo, serviceResponseBuilder);
+				adapter.generateInfo(authentication,userInfo, serviceResponseBuilder);
 			}
 		}else{
 			serviceResponseBuilder.failure()

maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/Cas30AuthorizeEndpoint.java

@@ -23,7 +23,7 @@ package org.maxkey.authz.cas.endpoint;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.maxkey.authn.BasicAuthentication;
+import org.maxkey.authn.SigninPrincipal;
 import org.maxkey.authz.cas.endpoint.response.ServiceResponseBuilder;
 import org.maxkey.authz.cas.endpoint.ticket.CasConstants;
 import org.maxkey.authz.cas.endpoint.ticket.Ticket;
@@ -76,15 +76,14 @@ public class Cas30AuthorizeEndpoint  extends CasBaseAuthorizeEndpoint{
 		ServiceResponseBuilder serviceResponseBuilder=new ServiceResponseBuilder();
 		
 		if(storedTicket!=null){
-		    BasicAuthentication authentication = ((BasicAuthentication)storedTicket.getAuthentication().getPrincipal());
+		    SigninPrincipal authentication = ((SigninPrincipal)storedTicket.getAuthentication().getPrincipal());
 			String principal=authentication.getUsername();
 			serviceResponseBuilder.success().setUser(principal);
 			
 			if(Boolean.isTrue(storedTicket.getCasDetails().getIsAdapter())){
 				AbstractAuthorizeAdapter adapter =(AbstractAuthorizeAdapter)Instance.newInstance(storedTicket.getCasDetails().getAdapter());
 				UserInfo userInfo = (UserInfo) userInfoService.loadByUsername(principal);
-				userInfo.setOnlineTicket(authentication.getOnlineTicket());
-				adapter.generateInfo(userInfo, serviceResponseBuilder);
+				adapter.generateInfo(authentication,userInfo, serviceResponseBuilder);
 			}
 		}else{
 			serviceResponseBuilder.failure()
@@ -123,13 +122,14 @@ public class Cas30AuthorizeEndpoint  extends CasBaseAuthorizeEndpoint{
 		ServiceResponseBuilder serviceResponseBuilder=new ServiceResponseBuilder();
 		
 		if(storedTicket!=null){
-			String principal=((BasicAuthentication)storedTicket.getAuthentication().getPrincipal()).getUsername();
+		    SigninPrincipal authentication = ((SigninPrincipal)storedTicket.getAuthentication().getPrincipal());
+			String principal=authentication.getUsername();
 			serviceResponseBuilder.success().setUser(principal);
 			
 			if(Boolean.isTrue(storedTicket.getCasDetails().getIsAdapter())){
 				AbstractAuthorizeAdapter adapter =(AbstractAuthorizeAdapter)Instance.newInstance(storedTicket.getCasDetails().getAdapter());
 				UserInfo userInfo = (UserInfo) userInfoService.loadByUsername(principal);
-				adapter.generateInfo(userInfo, serviceResponseBuilder);
+				adapter.generateInfo(authentication,userInfo, serviceResponseBuilder);
 			}
 		}else{
 			serviceResponseBuilder.failure()

maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java

@@ -20,12 +20,13 @@
  */
 package org.maxkey.authz.cas.endpoint;
 
+import java.security.Principal;
 import java.util.Map;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.maxkey.authn.BasicAuthentication;
+import org.maxkey.authn.SigninPrincipal;
 import org.maxkey.authn.online.OnlineTicket;
 import org.maxkey.authz.cas.endpoint.ticket.CasConstants;
 import org.maxkey.authz.cas.endpoint.ticket.ServiceTicketImpl;
@@ -36,6 +37,9 @@ import org.maxkey.web.WebConstants;
 import org.maxkey.web.WebContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.annotation.AuthenticationPrincipal;
+import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
@@ -92,10 +96,12 @@ public class CasAuthorizeEndpoint  extends CasBaseAuthorizeEndpoint{
 	}
 	
 	@RequestMapping("/authz/cas/granting")
-	public ModelAndView grantingTicket(
+	public ModelAndView grantingTicket(Principal principal,
+	        @AuthenticationPrincipal Object user,
 			HttpServletRequest request,
 			HttpServletResponse response){
 		
+	    Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
 		AppsCasDetails casDetails=(AppsCasDetails)WebContext.getAttribute(CasConstants.PARAMETER.ENDPOINT_CAS_DETAILS);
 		ServiceTicketImpl serviceTicket=new ServiceTicketImpl(WebContext.getAuthentication(),casDetails);
 		
@@ -129,8 +135,10 @@ public class CasAuthorizeEndpoint  extends CasBaseAuthorizeEndpoint{
 		}
 		
 		if(casDetails.getLogoutType()==LogoutType.BACK_CHANNEL) {
-		    String onlineTicketId = ((BasicAuthentication)WebContext.getAuthentication().getPrincipal()).getOnlineTicket().getTicketId();
+		    String onlineTicketId = ((SigninPrincipal)WebContext.getAuthentication().getPrincipal()).getOnlineTicket();
 		    OnlineTicket onlineTicket  = onlineTicketServices.get(onlineTicketId);
+		    //set cas ticket as OnlineTicketId
+		    casDetails.setOnlineTicket(ticket);
 		    onlineTicket.setAuthorizedApp(casDetails);
 		    onlineTicketServices.store(onlineTicketId, onlineTicket);
 		}

maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasRestV1Endpoint.java

@@ -24,7 +24,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.maxkey.authn.AbstractAuthenticationProvider;
-import org.maxkey.authn.BasicAuthentication;
+import org.maxkey.authn.LoginCredential;
 import org.maxkey.authz.cas.endpoint.response.ServiceResponseBuilder;
 import org.maxkey.authz.cas.endpoint.ticket.CasConstants;
 import org.maxkey.authz.cas.endpoint.ticket.ServiceTicketImpl;
@@ -75,9 +75,9 @@ public class CasRestV1Endpoint  extends CasBaseAuthorizeEndpoint{
                 throw new BadCredentialsException("No credentials are provided or extracted to authenticate the REST request");
             }
     	    
-    	    BasicAuthentication authentication =new BasicAuthentication(username,password,"CASREST");
+    	    LoginCredential loginCredential =new LoginCredential(username,password,"CASREST");
     	    
-    	    authenticationProvider.basicAuthenticate(authentication);
+    	    authenticationProvider.basicAuthenticate(loginCredential);
             
             TicketGrantingTicketImpl ticketGrantingTicket=new TicketGrantingTicketImpl("Random",WebContext.getAuthentication(),null);
             
@@ -178,9 +178,9 @@ public class CasRestV1Endpoint  extends CasBaseAuthorizeEndpoint{
                 throw new BadCredentialsException("No credentials are provided or extracted to authenticate the REST request");
             }
             
-            BasicAuthentication authentication =new BasicAuthentication(username,password,"CASREST");
+            LoginCredential loginCredential =new LoginCredential(username,password,"CASREST");
             
-            authenticationProvider.basicAuthenticate(authentication);
+            authenticationProvider.basicAuthenticate(loginCredential);
             UserInfo userInfo =WebContext.getUserInfo();
             TicketGrantingTicketImpl ticketGrantingTicket=new TicketGrantingTicketImpl("Random",WebContext.getAuthentication(),null);
             

maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/adapter/CasDefaultAdapter.java

@@ -20,6 +20,7 @@ package org.maxkey.authz.cas.endpoint.adapter;
 import java.io.UnsupportedEncodingException;
 
 import org.apache.commons.codec.binary.Base64;
+import org.maxkey.authn.SigninPrincipal;
 import org.maxkey.authz.cas.endpoint.response.ServiceResponseBuilder;
 import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
 import org.maxkey.domain.UserInfo;
@@ -47,7 +48,7 @@ public class CasDefaultAdapter extends AbstractAuthorizeAdapter {
 	}
 	
 	@Override
-	public String generateInfo(UserInfo userInfo, Object serviceResponseObject) {
+	public String generateInfo(SigninPrincipal authentication,UserInfo userInfo, Object serviceResponseObject) {
 		ServiceResponseBuilder serviceResponseBuilder=(ServiceResponseBuilder)serviceResponseObject;
 		//for user
 		serviceResponseBuilder.setAttribute("uid", userInfo.getId());
@@ -66,7 +67,7 @@ public class CasDefaultAdapter extends AbstractAuthorizeAdapter {
 		serviceResponseBuilder.setAttribute("departmentId", userInfo.getDepartmentId());
 		serviceResponseBuilder.setAttribute("workRegion",base64Attr(userInfo.getWorkRegion()));
 		
-		serviceResponseBuilder.setAttribute(WebConstants.ONLINE_TICKET_NAME,userInfo.getOnlineTicket().getTicketId());
+		serviceResponseBuilder.setAttribute(WebConstants.ONLINE_TICKET_NAME,authentication.getOnlineTicket());
 	
 		return null;
 	}

maxkey-protocols/maxkey-protocol-desktop/src/main/java/org/maxkey/authz/desktop/endpoint/DesktopAuthorizeEndpoint.java

@@ -22,6 +22,7 @@ package org.maxkey.authz.desktop.endpoint;
 
 import javax.servlet.http.HttpServletRequest;
 
+import org.maxkey.authn.SigninPrincipal;
 import org.maxkey.authz.desktop.endpoint.adapter.DesktopDefaultAdapter;
 import org.maxkey.authz.endpoint.AuthorizeBaseEndpoint;
 import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
@@ -74,7 +75,9 @@ public class DesktopAuthorizeEndpoint  extends AuthorizeBaseEndpoint{
 				adapter =(AbstractAuthorizeAdapter)defaultDesktopAdapter;
 			}
 			
-			String paramString=adapter.generateInfo(WebContext.getUserInfo(), desktopDetails);
+			String paramString=adapter.generateInfo(
+			        (SigninPrincipal)WebContext.getAuthentication().getPrincipal(),
+			        WebContext.getUserInfo(), desktopDetails);
 			
 			String encryptParamString=adapter.encrypt(paramString, null, null);
 			

maxkey-protocols/maxkey-protocol-desktop/src/main/java/org/maxkey/authz/desktop/endpoint/adapter/DesktopDefaultAdapter.java

@@ -19,6 +19,7 @@ package org.maxkey.authz.desktop.endpoint.adapter;
 
 import java.util.HashMap;
 
+import org.maxkey.authn.SigninPrincipal;
 import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
 import org.maxkey.crypto.HexUtils;
 import org.maxkey.domain.UserInfo;
@@ -33,7 +34,7 @@ import org.springframework.web.servlet.ModelAndView;
 public class DesktopDefaultAdapter extends AbstractAuthorizeAdapter {
 	final static Logger _logger = LoggerFactory.getLogger(DesktopDefaultAdapter.class);
 	@Override
-	public String generateInfo(UserInfo userInfo,Object app) {
+	public String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app) {
 		AppsDesktopDetails details=(AppsDesktopDetails)app;
 		String parameter=details.getParameter()==null?"":details.getParameter();
 		

maxkey-protocols/maxkey-protocol-desktop/src/main/java/org/maxkey/authz/desktop/endpoint/adapter/DesktopQQAdapter.java

@@ -19,6 +19,7 @@ package org.maxkey.authz.desktop.endpoint.adapter;
 
 import java.util.HashMap;
 
+import org.maxkey.authn.SigninPrincipal;
 import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
 import org.maxkey.crypto.HexUtils;
 import org.maxkey.domain.UserInfo;
@@ -33,7 +34,7 @@ import org.springframework.web.servlet.ModelAndView;
 public class DesktopQQAdapter extends AbstractAuthorizeAdapter {
 	final static Logger _logger = LoggerFactory.getLogger(DesktopQQAdapter.class);
 	@Override
-	public String generateInfo(UserInfo userInfo,Object app) {
+	public String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app) {
 		AppsDesktopDetails details=(AppsDesktopDetails)app;
 		String parameter=details.getParameter()==null?"":details.getParameter();
 		

maxkey-protocols/maxkey-protocol-extendapi/src/main/java/org/maxkey/authz/exapi/endpoint/adapter/ExtendApiQQExmailDefaultAdapter.java

@@ -19,6 +19,7 @@ package org.maxkey.authz.exapi.endpoint.adapter;
 
 import java.util.HashMap;
 
+import org.maxkey.authn.SigninPrincipal;
 import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
 import org.maxkey.client.oauth.OAuthClient;
 import org.maxkey.client.oauth.model.Token;
@@ -38,7 +39,7 @@ public class ExtendApiQQExmailDefaultAdapter extends AbstractAuthorizeAdapter {
 	static String authkey_uri="http://openapi.exmail.qq.com:12211/openapi/mail/authkey";
 	
 	@Override
-	public String generateInfo(UserInfo userInfo,Object app) {
+	public String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app) {
 		return null;
 	}
 

maxkey-protocols/maxkey-protocol-formbased/src/main/java/org/maxkey/authz/formbased/endpoint/adapter/FormBasedDefaultAdapter.java

@@ -17,6 +17,7 @@
 
 package org.maxkey.authz.formbased.endpoint.adapter;
 
+import org.maxkey.authn.SigninPrincipal;
 import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
 import org.maxkey.constants.Boolean;
 import org.maxkey.crypto.DigestUtils;
@@ -27,7 +28,7 @@ import org.springframework.web.servlet.ModelAndView;
 public class FormBasedDefaultAdapter extends AbstractAuthorizeAdapter {
 
 	@Override
-	public String generateInfo(UserInfo userInfo,Object app) {
+	public String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app) {
 		return null;
 	}
 

maxkey-protocols/maxkey-protocol-formbased/src/main/java/org/maxkey/authz/formbased/endpoint/adapter/FormBasedNetease163EmailAdapter.java

@@ -17,6 +17,7 @@
 
 package org.maxkey.authz.formbased.endpoint.adapter;
 
+import org.maxkey.authn.SigninPrincipal;
 import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
 import org.maxkey.constants.Boolean;
 import org.maxkey.domain.UserInfo;
@@ -26,7 +27,7 @@ import org.springframework.web.servlet.ModelAndView;
 public class FormBasedNetease163EmailAdapter extends AbstractAuthorizeAdapter {
 
 	@Override
-	public String generateInfo(UserInfo userInfo,Object app) {
+	public String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app) {
 		return null;
 	}
 

maxkey-protocols/maxkey-protocol-formbased/src/main/java/org/maxkey/authz/formbased/endpoint/adapter/FormBasedNeteaseNoteYoudaoAdapter.java

@@ -19,6 +19,7 @@ package org.maxkey.authz.formbased.endpoint.adapter;
 
 import java.util.Date;
 
+import org.maxkey.authn.SigninPrincipal;
 import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
 import org.maxkey.crypto.DigestUtils;
 import org.maxkey.domain.UserInfo;
@@ -28,7 +29,7 @@ import org.springframework.web.servlet.ModelAndView;
 public class FormBasedNeteaseNoteYoudaoAdapter extends AbstractAuthorizeAdapter {
 
 	@Override
-	public String generateInfo(UserInfo userInfo,Object app) {
+	public String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app) {
 		return null;
 	}
 

maxkey-protocols/maxkey-protocol-formbased/src/main/java/org/maxkey/authz/formbased/endpoint/adapter/FormBasedRedirectAdapter.java

@@ -17,6 +17,7 @@
 
 package org.maxkey.authz.formbased.endpoint.adapter;
 
+import org.maxkey.authn.SigninPrincipal;
 import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
 import org.maxkey.constants.Boolean;
 import org.maxkey.crypto.DigestUtils;
@@ -28,7 +29,7 @@ import org.springframework.web.servlet.ModelAndView;
 public class FormBasedRedirectAdapter extends AbstractAuthorizeAdapter {
 
 	@Override
-	public String generateInfo(UserInfo userInfo,Object app) {
+	public String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app) {
 		return null;
 	}
 

maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/controller/OAuth20AccessConfirmationController.java

@@ -20,7 +20,7 @@ package org.maxkey.authz.oauth2.provider.approval.controller;
 import java.util.HashMap;
 import java.util.LinkedHashMap;
 import java.util.Map;
-import org.maxkey.authn.BasicAuthentication;
+import org.maxkey.authn.SigninPrincipal;
 import org.maxkey.authz.endpoint.AuthorizeBaseEndpoint;
 import org.maxkey.authz.oauth2.common.util.OAuth2Utils;
 import org.maxkey.authz.oauth2.provider.AuthorizationRequest;
@@ -102,7 +102,7 @@ public class OAuth20AccessConfirmationController {
             scopes.put(OAuth2Utils.SCOPE_PREFIX + scope, "false");
         }
         String principal = 
-                ((BasicAuthentication) WebContext.getAuthentication().getPrincipal()).getUsername();
+                ((SigninPrincipal) WebContext.getAuthentication().getPrincipal()).getUsername();
         for (Approval approval : approvalStore.getApprovals(principal, client.getClientId())) {
             if (clientAuth.getScope().contains(approval.getScope())) {
                 scopes.put(OAuth2Utils.SCOPE_PREFIX + approval.getScope(),

maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/AuthorizationEndpoint.java

@@ -129,7 +129,7 @@ public class AuthorizationEndpoint extends AbstractEndpoint {
 	@RequestMapping(value = "/oauth/v20/authorize", method = RequestMethod.GET)
 	public ModelAndView authorize(Map<String, Object> model, @RequestParam Map<String, String> parameters,
 			SessionStatus sessionStatus) {
-		 Principal principal=(Principal)WebContext.getAuthentication().getPrincipal();
+		 Principal principal=(Principal)WebContext.getAuthentication();
 		// Pull out the authorization request first, using the OAuth2RequestFactory. All further logic should
 		// query off of the authorization request instead of referring back to the parameters map. The contents of the
 		// parameters map will be stored without change in the AuthorizationRequest object once it is created.
@@ -208,7 +208,7 @@ public class AuthorizationEndpoint extends AbstractEndpoint {
 	@RequestMapping(value = "/oauth/v20/authorize", method = RequestMethod.POST, params = OAuth2Utils.USER_OAUTH_APPROVAL)
 	public View approveOrDeny(@RequestParam Map<String, String> approvalParameters, Map<String, ?> model,
 			SessionStatus sessionStatus) {
-		Principal principal=(Principal)WebContext.getAuthentication().getPrincipal();
+		Principal principal=(Principal)WebContext.getAuthentication();
 		if (!(principal instanceof Authentication)) {
 			sessionStatus.setComplete();
 			throw new InsufficientAuthenticationException(

maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpoint.java

@@ -23,6 +23,7 @@ import java.util.HashSet;
 import java.util.Map;
 import java.util.Set;
 
+import org.maxkey.authn.SigninPrincipal;
 import org.maxkey.authz.oauth2.common.OAuth2AccessToken;
 import org.maxkey.authz.oauth2.common.exceptions.InvalidClientException;
 import org.maxkey.authz.oauth2.common.exceptions.InvalidGrantException;
@@ -41,6 +42,7 @@ import org.springframework.http.HttpMethod;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.security.authentication.InsufficientAuthenticationException;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.stereotype.Controller;
 import org.springframework.util.StringUtils;
@@ -98,9 +100,6 @@ public class TokenEndpoint extends AbstractEndpoint {
 	    
 	    Object principal = WebContext.getAuthentication();
 
-		if(parameters.get("code") != null) {
-		    principal=WebContext.getAuthentication().getPrincipal();
-		}
 		if (!(principal instanceof Authentication)) {
 			throw new InsufficientAuthenticationException(
 					"There is no client authentication. Try adding an appropriate authentication filter.");
@@ -174,6 +173,9 @@ public class TokenEndpoint extends AbstractEndpoint {
 			// Might be a client and user combined authentication
 			clientId = ((OAuth2Authentication) client).getOAuth2Request().getClientId();
 		}
+		if (client instanceof UsernamePasswordAuthenticationToken) {
+		    clientId = ((SigninPrincipal)client.getPrincipal()).getUsername();
+		}
 		return clientId;
 	}
 	

maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/endpoint/TokenEndpointAuthenticationFilter.java

@@ -33,7 +33,7 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.apache.commons.logging.Log;
 import org.apache.commons.logging.LogFactory;
-import org.maxkey.authn.BasicAuthentication;
+import org.maxkey.authn.SigninPrincipal;
 import org.maxkey.authz.oauth2.common.util.OAuth2Utils;
 import org.maxkey.authz.oauth2.provider.AuthorizationRequest;
 import org.maxkey.authz.oauth2.provider.OAuth2Authentication;
@@ -136,8 +136,7 @@ public class TokenEndpointAuthenticationFilter implements Filter {
 				usernamepassword(request,response);
 			}else {
 				Authentication authentication=ClientCredentials(request,response);
-				BasicAuthentication auth =new BasicAuthentication();
-				auth.setUsername(((User)authentication.getPrincipal()).getUsername());
+				SigninPrincipal auth =new SigninPrincipal((User)authentication.getPrincipal());
 				auth.setAuthenticated(true);
 				UsernamePasswordAuthenticationToken simpleUserAuthentication = new UsernamePasswordAuthenticationToken(auth, authentication.getCredentials(), authentication.getAuthorities());
 				WebContext.setAuthentication(simpleUserAuthentication);

maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/OAuthDefaultUserInfoAdapter.java

@@ -19,6 +19,7 @@ package org.maxkey.authz.oauth2.provider.userinfo.endpoint;
 
 import java.util.HashMap;
 
+import org.maxkey.authn.SigninPrincipal;
 import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
 import org.maxkey.domain.UserInfo;
 import org.maxkey.util.JsonUtils;
@@ -29,7 +30,7 @@ import org.springframework.web.servlet.ModelAndView;
 public class OAuthDefaultUserInfoAdapter extends AbstractAuthorizeAdapter {
 
 	@Override
-	public String generateInfo(UserInfo userInfo,Object app) {
+	public String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app) {
 		HashMap<String, Object> beanMap = new HashMap<String, Object>();
 		beanMap.put("randomId",(new StringGenerator()).uuidGenerate());
 		beanMap.put("uid", userInfo.getId());
@@ -44,7 +45,7 @@ public class OAuthDefaultUserInfoAdapter extends AbstractAuthorizeAdapter {
 		beanMap.put("title", userInfo.getJobTitle());
 		beanMap.put("state", userInfo.getWorkRegion());
 		beanMap.put("gender", userInfo.getGender());
-		beanMap.put(WebConstants.ONLINE_TICKET_NAME, userInfo.getOnlineTicket().getTicketId());
+		beanMap.put(WebConstants.ONLINE_TICKET_NAME, authentication.getOnlineTicket());
 		
 		String info= JsonUtils.object2Json(beanMap);
 		

maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/UserInfoEndpoint.java

@@ -26,7 +26,7 @@ import java.util.UUID;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.maxkey.authn.BasicAuthentication;
+import org.maxkey.authn.SigninPrincipal;
 import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
 import org.maxkey.authz.oauth2.common.exceptions.OAuth2Exception;
 import org.maxkey.authz.oauth2.provider.ClientDetailsService;
@@ -123,7 +123,7 @@ public class UserInfoEndpoint {
 			try{
 				 oAuth2Authentication = oauth20tokenServices.loadAuthentication(access_token);
 				 
-				 principal=oAuth2Authentication.getPrincipal().toString();
+				 principal=((SigninPrincipal)oAuth2Authentication.getUserAuthentication().getPrincipal()).getUsername();
 				 
 				 String client_id= oAuth2Authentication.getOAuth2Request().getClientId();
 				 UserInfo userInfo=queryUserInfo(principal);
@@ -135,9 +135,10 @@ public class UserInfoEndpoint {
 				 }else{
 					adapter =(AbstractAuthorizeAdapter)defaultOAuthUserInfoAdapter;
 				 }
-				 BasicAuthentication authentication = (BasicAuthentication)oAuth2Authentication.getUserAuthentication();
-				 userInfo.setOnlineTicket(authentication.getOnlineTicket());
-				String jsonData=adapter.generateInfo(userInfo, app);
+				 
+				String jsonData=adapter.generateInfo(
+				        (SigninPrincipal)oAuth2Authentication.getUserAuthentication().getPrincipal(),
+				        userInfo, app);
 				return jsonData;
 			}catch(OAuth2Exception e){
 				HashMap<String,Object>authzException=new HashMap<String,Object>();
@@ -163,7 +164,7 @@ public class UserInfoEndpoint {
 		try{
 			 oAuth2Authentication = oauth20tokenServices.loadAuthentication(access_token);
 			 
-			 principal=oAuth2Authentication.getPrincipal().toString();
+			 principal=((SigninPrincipal)oAuth2Authentication.getPrincipal()).getUsername();
 			 
 			 Set<String >scopes=oAuth2Authentication.getOAuth2Request().getScope();
 			 ClientDetails clientDetails = clientDetailsService.loadClientByClientId(oAuth2Authentication.getOAuth2Request().getClientId());
@@ -172,10 +173,10 @@ public class UserInfoEndpoint {
 			 String userJson="";
 			 Builder jwtClaimsSetBuilder= new JWTClaimsSet.Builder();
 			 
-			 BasicAuthentication authentication = (BasicAuthentication)oAuth2Authentication.getUserAuthentication();
+			 SigninPrincipal authentication = (SigninPrincipal)oAuth2Authentication.getUserAuthentication().getPrincipal();
 			 
 			 jwtClaimsSetBuilder.claim("sub", userInfo.getId());
-			 jwtClaimsSetBuilder.claim(WebConstants.ONLINE_TICKET_NAME, authentication.getOnlineTicket().getTicketId());
+			 jwtClaimsSetBuilder.claim(WebConstants.ONLINE_TICKET_NAME, authentication.getOnlineTicket());
 			 
 		 	if(scopes.contains("profile")){
 		 		jwtClaimsSetBuilder.claim("name", userInfo.getUsername());

maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/AssertionEndpoint.java

@@ -22,6 +22,7 @@ import java.util.HashMap;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.maxkey.authn.SigninPrincipal;
 import org.maxkey.authz.saml.common.AuthnRequestInfo;
 import org.maxkey.authz.saml.common.EndpointGenerator;
 import org.maxkey.authz.saml20.binding.BindingAdapter;
@@ -72,8 +73,7 @@ public class AssertionEndpoint {
 		logger.debug("AuthnRequestInfo: {}", authnRequestInfo);
 
 		HashMap <String,String>attributeMap=new HashMap<String,String>();
-		
-		attributeMap.put(WebConstants.ONLINE_TICKET_NAME, WebContext.getUserInfo().getOnlineTicket().getTicketId());
+		attributeMap.put(WebConstants.ONLINE_TICKET_NAME, ((SigninPrincipal)WebContext.getAuthentication().getPrincipal()).getOnlineTicket());
 		
 		//saml20Details
 		Response authResponse = authnResponseGenerator.generateAuthnResponse(

maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/TokenBasedAuthorizeEndpoint.java

@@ -24,6 +24,7 @@ import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
+import org.maxkey.authn.SigninPrincipal;
 import org.maxkey.authz.endpoint.AuthorizeBaseEndpoint;
 import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
 import org.maxkey.authz.token.endpoint.adapter.TokenBasedDefaultAdapter;
@@ -82,6 +83,7 @@ public class TokenBasedAuthorizeEndpoint  extends AuthorizeBaseEndpoint{
 		}
 		
 		String tokenData=adapter.generateInfo(
+		        (SigninPrincipal)WebContext.getAuthentication().getPrincipal(),
 				WebContext.getUserInfo(), 
 				tokenBasedDetails);
 		

maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedDefaultAdapter.java

@@ -20,6 +20,7 @@ package org.maxkey.authz.token.endpoint.adapter;
 import java.util.Date;
 import java.util.HashMap;
 
+import org.maxkey.authn.SigninPrincipal;
 import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
 import org.maxkey.domain.UserInfo;
 import org.maxkey.domain.apps.AppsTokenBasedDetails;
@@ -34,7 +35,7 @@ import org.springframework.web.servlet.ModelAndView;
 public class TokenBasedDefaultAdapter extends AbstractAuthorizeAdapter {
 	final static Logger _logger = LoggerFactory.getLogger(TokenBasedDefaultAdapter.class);
 	@Override
-	public String generateInfo(UserInfo userInfo,Object app) {
+	public String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app) {
 		AppsTokenBasedDetails details=(AppsTokenBasedDetails)app;
 		HashMap<String,String> beanMap=new HashMap<String,String>();
 		
@@ -71,7 +72,7 @@ public class TokenBasedDefaultAdapter extends AbstractAuthorizeAdapter {
 		}
 		
 		beanMap.put("displayName", userInfo.getDisplayName());
-		beanMap.put(WebConstants.ONLINE_TICKET_NAME, userInfo.getOnlineTicket().getTicketId());
+		beanMap.put(WebConstants.ONLINE_TICKET_NAME, authentication.getOnlineTicket());
 		
 		/*
 		 * use UTC date time format

maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedJWTAdapter.java

@@ -22,6 +22,7 @@ import java.util.Date;
 import java.util.UUID;
 
 import org.joda.time.DateTime;
+import org.maxkey.authn.SigninPrincipal;
 import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
 import org.maxkey.configuration.oidc.OIDCProviderMetadata;
 import org.maxkey.crypto.jwt.signer.service.JwtSigningAndValidationService;
@@ -44,7 +45,7 @@ import com.nimbusds.jwt.SignedJWT;
 public class TokenBasedJWTAdapter extends AbstractAuthorizeAdapter {
 	final static Logger _logger = LoggerFactory.getLogger(TokenBasedJWTAdapter.class);
 	@Override
-	public String generateInfo(UserInfo userInfo,Object app) {
+	public String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app) {
 		AppsTokenBasedDetails details=(AppsTokenBasedDetails)app;
 	
 		
@@ -68,7 +69,7 @@ public class TokenBasedJWTAdapter extends AbstractAuthorizeAdapter {
 				.claim("user_id", userInfo.getId())
 				.claim("external_id", userInfo.getId())
 				.claim("locale", userInfo.getLocale())
-				.claim(WebConstants.ONLINE_TICKET_NAME, userInfo.getOnlineTicket().getTicketId())
+				.claim(WebConstants.ONLINE_TICKET_NAME, authentication.getOnlineTicket())
 				.claim("kid", jwtSignerService.getDefaultSignerKeyId())
 				.build();
 		

maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedJWTHS256Adapter.java

@@ -22,6 +22,7 @@ import java.util.Date;
 import java.util.UUID;
 
 import org.joda.time.DateTime;
+import org.maxkey.authn.SigninPrincipal;
 import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
 import org.maxkey.configuration.oidc.OIDCProviderMetadata;
 import org.maxkey.crypto.ReciprocalUtils;
@@ -48,7 +49,7 @@ public class TokenBasedJWTHS256Adapter extends AbstractAuthorizeAdapter {
 	private SymmetricSigningAndValidationServiceBuilder symmetricJwtSignerServiceBuilder=new SymmetricSigningAndValidationServiceBuilder();
 
 	@Override
-	public String generateInfo(UserInfo userInfo,Object app) {
+	public String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app) {
 		AppsTokenBasedDetails details=(AppsTokenBasedDetails)app;
 		
 		OIDCProviderMetadata providerMetadata= (OIDCProviderMetadata)WebContext.getBean("oidcProviderMetadata");
@@ -68,7 +69,7 @@ public class TokenBasedJWTHS256Adapter extends AbstractAuthorizeAdapter {
 				.claim("email", userInfo.getWorkEmail())
 				.claim("name", userInfo.getUsername())
 				.claim("user_id", userInfo.getId())
-				.claim(WebConstants.ONLINE_TICKET_NAME, userInfo.getOnlineTicket().getTicketId())
+				.claim(WebConstants.ONLINE_TICKET_NAME, authentication.getOnlineTicket())
 				.claim("external_id", userInfo.getId())
 				.claim("locale", userInfo.getLocale())
 				.claim("kid", "SYMMETRIC-KEY")

maxkey-protocols/maxkey-protocol-tokenbased/src/main/java/org/maxkey/authz/token/endpoint/adapter/TokenBasedSimpleAdapter.java

@@ -19,6 +19,7 @@ package org.maxkey.authz.token.endpoint.adapter;
 
 import java.util.Date;
 
+import org.maxkey.authn.SigninPrincipal;
 import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
 import org.maxkey.domain.UserInfo;
 import org.maxkey.domain.apps.AppsTokenBasedDetails;
@@ -30,7 +31,7 @@ import org.springframework.web.servlet.ModelAndView;
 public class TokenBasedSimpleAdapter extends AbstractAuthorizeAdapter {
 	final static Logger _logger = LoggerFactory.getLogger(TokenBasedSimpleAdapter.class);
 	@Override
-	public String generateInfo(UserInfo userInfo,Object app) {
+	public String generateInfo(SigninPrincipal authentication,UserInfo userInfo,Object app) {
 		AppsTokenBasedDetails details=(AppsTokenBasedDetails)app;
 	
 		String tokenUsername = userInfo.getUsername();

maxkey-web-manage/src/main/java/org/maxkey/web/endpoint/LoginEndpoint.java

@@ -21,7 +21,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.maxkey.authn.AbstractAuthenticationProvider;
-import org.maxkey.authn.BasicAuthentication;
+import org.maxkey.authn.LoginCredential;
 import org.maxkey.authn.support.jwt.JwtLoginService;
 import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
 import org.maxkey.configuration.ApplicationConfig;
@@ -110,12 +110,12 @@ public class LoginEndpoint {
 	}
  	
  	@RequestMapping(value={"/logon.do"})
-	public ModelAndView logon(@ModelAttribute("authentication") BasicAuthentication authentication) {
+	public ModelAndView logon(@ModelAttribute("loginCredential") LoginCredential loginCredential) {
  		
  		if(WebContext.isAuthenticated()){
  			return WebContext.redirect("/main");
 		}else{
-			authenticationProvider.authenticate(authentication);
+			authenticationProvider.authenticate(loginCredential);
 			return WebContext.redirect("/login");
 		}
  	}

maxkey-web-manage/src/main/java/org/maxkey/web/interceptor/PermissionAdapter.java

@@ -23,7 +23,7 @@ import javax.servlet.RequestDispatcher;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import org.maxkey.authn.BasicAuthentication;
+import org.maxkey.authn.SigninPrincipal;
 import org.maxkey.configuration.ApplicationConfig;
 import org.maxkey.web.WebContext;
 import org.slf4j.Logger;
@@ -68,7 +68,7 @@ public class PermissionAdapter extends HandlerInterceptorAdapter {
         }
         
         //非管理员用户直接注销
-        if (!((BasicAuthentication) WebContext.getAuthentication().getPrincipal()).isRoleAdministrators()) {
+        if (!((SigninPrincipal) WebContext.getAuthentication().getPrincipal()).isRoleAdministrators()) {
             _logger.debug("Not ADMINISTRATORS Authentication .");
             RequestDispatcher dispatcher = request.getRequestDispatcher("/logout");
             dispatcher.forward(request, response);

maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/AppListController.java

@@ -17,6 +17,7 @@
 
 package org.maxkey.web.contorller;
 
+import java.security.Principal;
 import java.util.List;
 import org.maxkey.constants.ConstantsOperateMessage;
 import org.maxkey.constants.ConstantsProtocols;
@@ -67,7 +68,7 @@ public class AppListController {
      */
     @RequestMapping(value = { "/appList" })
     public ModelAndView appList(
-            @RequestParam(value = "gridList", required = false) String gridList) {
+            @RequestParam(value = "gridList", required = false) String gridList,Principal principal) {
         ModelAndView modelAndView = new ModelAndView("main/appList");
         userInfoService.updateGridList(gridList);
         modelAndView.addObject("appList", queryAccessableApps());

maxkey-web-maxkey/src/main/java/org/maxkey/web/endpoint/LoginEndpoint.java

@@ -25,13 +25,12 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.maxkey.authn.AbstractAuthenticationProvider;
-import org.maxkey.authn.BasicAuthentication;
+import org.maxkey.authn.LoginCredential;
 import org.maxkey.authn.support.kerberos.KerberosService;
 import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
 import org.maxkey.authn.support.socialsignon.service.SocialSignOnProviderService;
 import org.maxkey.authn.support.wsfederation.WsFederationConstants;
 import org.maxkey.configuration.ApplicationConfig;
-import org.maxkey.constants.ConstantsOperateMessage;
 import org.maxkey.constants.ConstantsStatus;
 import org.maxkey.crypto.password.opt.AbstractOptAuthn;
 import org.maxkey.domain.UserInfo;
@@ -185,9 +184,9 @@ public class LoginEndpoint {
 	public ModelAndView logon(
 	                    HttpServletRequest request,
 	                    HttpServletResponse response,
-	                    @ModelAttribute("authentication") BasicAuthentication authentication) throws ServletException, IOException {
+	                    @ModelAttribute("loginCredential") LoginCredential loginCredential) throws ServletException, IOException {
 
-        authenticationProvider.authenticate(authentication);
+        authenticationProvider.authenticate(loginCredential);
 
         if (WebContext.isAuthenticated()) {
             return WebContext.redirect("/forwardindex");

maxkey-web-maxkey/src/main/resources/application.properties

@@ -3,25 +3,28 @@
 application.title=MaxKey
 application.name=MaxKey
 application.formatted-version=v2.3.0 GA
-#server config
-#spring.profiles.active=dev
+
 #server port
 #server.port=80
 server.port=443
+
 #ssl
 server.ssl.key-store=maxkeyserver.keystore
 server.ssl.key-alias=maxkey
 server.ssl.enabled=true
 server.ssl.key-store-password=maxkey
 server.ssl.key-store-type=JKS
+
 #web app context path
 server.servlet.context-path=/maxkey
 spring.servlet.multipart.enabled=true
 spring.servlet.multipart.max-file-size=4194304
+
 #encoding
 #server.servlet.encoding.charset=UTF-8
 #server.servlet.encoding.enabled=true
 #server.servlet.encoding.force=true
+
 #datasource
 spring.datasource.username=root
 spring.datasource.password=maxkey
@@ -32,6 +35,7 @@ spring.datasource.type=com.alibaba.druid.pool.DruidDataSource
 mybatis.type-aliases-package=org.maxkey.domain,org.maxkey.domain.apps,
 mybatis.mapper-locations=classpath*:/org/maxkey/persistence/mapper/xml/mysql/*.xml
 mybatis.table-column-escape=true
+
 #redis
 spring.redis.host=127.0.0.1
 spring.redis.port=6379
@@ -53,6 +57,7 @@ spring.mail.properties.ssl=true
 spring.mail.properties.sender=maxkey@163.com
 spring.mail.properties.mailotp.message.subject=MaxKey One Time PassWord
 spring.mail.properties.mailotp.message.template={0} You Token is {1} , it validity in {2}  minutes.
+
 #for freemarker
 spring.freemarker.template-loader-path=classpath:/templates/views
 spring.freemarker.cache=false
@@ -63,10 +68,12 @@ spring.freemarker.expose-request-attributes=false
 spring.freemarker.expose-session-attributes=false
 spring.freemarker.request-context-attribute=request
 spring.freemarker.suffix=.ftl
+
 #static resources
 spring.mvc.static-path-pattern=/static/**
 spring.messages.basename=classpath:messages/message
 spring.messages.encoding=UTF-8
+
 #main
 spring.main.banner-mode=log
 spring.main.allow-bean-definition-overriding=true