4 年之前 · 0b441c1699
--- a/ReleaseNotes.txt
+++ b/ReleaseNotes.txt
@@ -9,7 +9,10 @@
 
				 	*(MAXKEY-200908)  应用修改时数字大于4为长度格式化问题
			
 
				 	*(MAXKEY-200910)  注销后，点击重新登陆跳转问题
			
 
				 	*(MAXKEY-200911)  增加SP登录跳转功能，支持knox的认证
			
 
				-	*(MAXKEY-200912) 构建脚本的优化和更新
			
 
				+	*(MAXKEY-200912)  构建脚本的优化和更新
			
 
				+	*(MAXKEY-200913)  权限控制 RoleAdministrators 
			
 
				+	*(MAXKEY-200914)  社交账号登录优化
			
 
				+	*(MAXKEY-200915)  列表界面中未”选择“情况下，弹出界面错误
			
 
				 	*(MAXKEY-200920)  依赖jar引用、更新和升级
			
 
				 	    druid 1.2.1
			
 
				 	    JustAuth 1.15.8
			
--- a/maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java
+++ b/maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java
@@ -17,6 +17,8 @@
 
				 
			
 
				 package org.maxkey.authn;
			
 
				 
			
 
				+import java.util.ArrayList;
			
 
				+
			
 
				 import org.maxkey.authn.online.OnlineTicketServices;
			
 
				 import org.maxkey.authn.realm.AbstractAuthenticationRealm;
			
 
				 import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
			
@@ -35,6 +37,8 @@ import org.springframework.security.authentication.BadCredentialsException;
 
				 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
			
 
				 import org.springframework.security.core.Authentication;
			
 
				 import org.springframework.security.core.AuthenticationException;
			
 
				+import org.springframework.security.core.GrantedAuthority;
			
 
				+import org.springframework.security.core.authority.SimpleGrantedAuthority;
			
 
				 
			
 
				 /**
			
 
				  * login Authentication abstract class.
			
@@ -65,6 +69,12 @@ public abstract class AbstractAuthenticationProvider {
 
				     @Autowired
			
 
				     @Qualifier("onlineTicketServices")
			
 
				     protected OnlineTicketServices onlineTicketServices;
			
 
				+    
			
 
				+    static  ArrayList<GrantedAuthority> grantedAdministratorsAuthoritys = new ArrayList<GrantedAuthority>();
			
 
				+    
			
 
				+    static {
			
 
				+        grantedAdministratorsAuthoritys.add(new SimpleGrantedAuthority("ROLE_ADMINISTRATORS"));
			
 
				+    }
			
 
				 
			
 
				     protected abstract String getProviderName();
			
 
				 
			
--- a/maxkey-core/src/main/java/org/maxkey/authn/BasicAuthentication.java
+++ b/maxkey-core/src/main/java/org/maxkey/authn/BasicAuthentication.java
@@ -23,7 +23,6 @@ import java.util.Collection;
 
				 import org.maxkey.authn.online.OnlineTicket;
			
 
				 import org.springframework.security.core.Authentication;
			
 
				 import org.springframework.security.core.GrantedAuthority;
			
 
				-import org.springframework.security.core.authority.SimpleGrantedAuthority;
			
 
				 
			
 
				 
			
 
				 public class BasicAuthentication implements Authentication {
			
@@ -39,14 +38,12 @@ public class BasicAuthentication implements Authentication {
 
				     OnlineTicket onlineTicket;
			
 
				     ArrayList<GrantedAuthority> grantedAuthority;
			
 
				     boolean authenticated;
			
 
				+    boolean roleAdministrators;
			
 
				 
			
 
				     /**
			
 
				      * BasicAuthentication.
			
 
				      */
			
 
				     public BasicAuthentication() {
			
 
				-        grantedAuthority = new ArrayList<GrantedAuthority>();
			
 
				-        grantedAuthority.add(new SimpleGrantedAuthority("ROLE_USER"));
			
 
				-        grantedAuthority.add(new SimpleGrantedAuthority("ORDINARY_USER"));
			
 
				     }
			
 
				 
			
 
				     /**
			
@@ -56,9 +53,6 @@ public class BasicAuthentication implements Authentication {
 
				         this.username = username;
			
 
				         this.password = password;
			
 
				         this.authType = authType;
			
 
				-        grantedAuthority = new ArrayList<GrantedAuthority>();
			
 
				-        grantedAuthority.add(new SimpleGrantedAuthority("ROLE_USER"));
			
 
				-        grantedAuthority.add(new SimpleGrantedAuthority("ORDINARY_USER"));
			
 
				     }
			
 
				     @Override
			
 
				     public String getName() {
			
@@ -177,6 +171,14 @@ public class BasicAuthentication implements Authentication {
 
				         this.onlineTicket = onlineTicket;
			
 
				     }
			
 
				 
			
 
				+    public boolean isRoleAdministrators() {
			
 
				+        return roleAdministrators;
			
 
				+    }
			
 
				+
			
 
				+    public void setRoleAdministrators(boolean roleAdministrators) {
			
 
				+        this.roleAdministrators = roleAdministrators;
			
 
				+    }
			
 
				+
			
 
				     @Override
			
 
				     public String toString() {
			
 
				         StringBuilder builder = new StringBuilder();
			
--- a/maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java
+++ b/maxkey-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java
@@ -17,6 +17,8 @@
 
				 
			
 
				 package org.maxkey.authn;
			
 
				 
			
 
				+import java.util.ArrayList;
			
 
				+
			
 
				 import org.maxkey.authn.online.OnlineTicket;
			
 
				 import org.maxkey.domain.UserInfo;
			
 
				 import org.maxkey.web.WebConstants;
			
@@ -26,6 +28,8 @@ import org.slf4j.LoggerFactory;
 
				 import org.springframework.security.authentication.BadCredentialsException;
			
 
				 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
			
 
				 import org.springframework.security.core.Authentication;
			
 
				+import org.springframework.security.core.GrantedAuthority;
			
 
				+import org.springframework.security.core.authority.SimpleGrantedAuthority;
			
 
				 import org.springframework.security.web.authentication.WebAuthenticationDetails;
			
 
				 import org.springframework.web.context.request.RequestContextHolder;
			
 
				 import org.springframework.web.context.request.ServletRequestAttributes;
			
@@ -157,13 +161,25 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
 
				         OnlineTicket onlineTicket = new OnlineTicket(onlineTickitId,authentication);
			
 
				         this.onlineTicketServices.store(onlineTickitId, onlineTicket);
			
 
				         authentication.setOnlineTicket(onlineTicket);
			
 
				+        ArrayList<GrantedAuthority> grantedAuthoritys = authenticationRealm.grantAuthority(userInfo);
			
 
				+        //set default roles
			
 
				+        grantedAuthoritys.add(new SimpleGrantedAuthority("ROLE_USER"));
			
 
				+        grantedAuthoritys.add(new SimpleGrantedAuthority("ROLE_ORDINARY_USER"));
			
 
				         
			
 
				         authentication.setAuthenticated(true);
			
 
				+        
			
 
				+        for(GrantedAuthority administratorsAuthority : grantedAdministratorsAuthoritys) {
			
 
				+            if(grantedAuthoritys.contains(administratorsAuthority)) {
			
 
				+                authentication.setRoleAdministrators(true);
			
 
				+                _logger.trace("ROLE ADMINISTRATORS Authentication .");
			
 
				+            }
			
 
				+        }
			
 
				+        
			
 
				         UsernamePasswordAuthenticationToken authenticationToken =
			
 
				                 new UsernamePasswordAuthenticationToken(
			
 
				                         authentication, 
			
 
				                         "PASSWORD", 
			
 
				-                        authenticationRealm.grantAuthority(userInfo)
			
 
				+                        grantedAuthoritys
			
 
				                 );
			
 
				         
			
 
				         authenticationToken.setDetails(
			
--- a/maxkey-web-manage/src/main/java/org/maxkey/web/interceptor/PermissionAdapter.java
+++ b/maxkey-web-manage/src/main/java/org/maxkey/web/interceptor/PermissionAdapter.java
@@ -23,13 +23,13 @@ import javax.servlet.RequestDispatcher;
 
				 import javax.servlet.http.HttpServletRequest;
			
 
				 import javax.servlet.http.HttpServletResponse;
			
 
				 
			
 
				+import org.maxkey.authn.BasicAuthentication;
			
 
				 import org.maxkey.configuration.ApplicationConfig;
			
 
				 import org.maxkey.web.WebContext;
			
 
				 import org.slf4j.Logger;
			
 
				 import org.slf4j.LoggerFactory;
			
 
				 import org.springframework.beans.factory.annotation.Autowired;
			
 
				 import org.springframework.beans.factory.annotation.Qualifier;
			
 
				-import org.springframework.context.annotation.Configuration;
			
 
				 import org.springframework.stereotype.Component;
			
 
				 import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
			
 
				 /**
			
@@ -48,6 +48,7 @@ public class PermissionAdapter extends HandlerInterceptorAdapter {
 
				 	private ApplicationConfig applicationConfig;
			
 
				 	
			
 
				 	static  ConcurrentHashMap<String ,String >navigationsMap=null;
			
 
				+	
			
 
				 	/*
			
 
				 	 * 请求前处理
			
 
				 	 *  (non-Javadoc)
			
@@ -58,13 +59,21 @@ public class PermissionAdapter extends HandlerInterceptorAdapter {
 
				 		 _logger.trace("PermissionAdapter preHandle");
			
 
				 		
			
 
				 		//判断用户是否登录
			
 
				-		if(WebContext.getAuthentication()==null||WebContext.getAuthentication().getAuthorities()==null){//判断用户和角色，判断用户是否登录用户
			
 
				-			_logger.trace("No Authentication ... forward to /login");
			
 
				-			RequestDispatcher dispatcher = request.getRequestDispatcher("/login");
			
 
				-			dispatcher.forward(request, response);
			
 
				-			return false;
			
 
				-		}
			
 
				-		
			
 
				+        if(WebContext.getAuthentication()==null
			
 
				+                ||WebContext.getAuthentication().getAuthorities()==null){//判断用户和角色，判断用户是否登录用户
			
 
				+            _logger.trace("No Authentication ... forward to /login");
			
 
				+            RequestDispatcher dispatcher = request.getRequestDispatcher("/login");
			
 
				+            dispatcher.forward(request, response);
			
 
				+            return false;
			
 
				+        }
			
 
				+        
			
 
				+        //非管理员用户直接注销
			
 
				+        if (!((BasicAuthentication) WebContext.getAuthentication().getPrincipal()).isRoleAdministrators()) {
			
 
				+            _logger.debug("Not ADMINISTRATORS Authentication .");
			
 
				+            RequestDispatcher dispatcher = request.getRequestDispatcher("/logout");
			
 
				+            dispatcher.forward(request, response);
			
 
				+            return false;
			
 
				+        }
			
 
				 		
			
 
				 		boolean hasAccess=true;
			
 
				 		
			
--- a/maxkey-web-manage/src/main/resources/templates/views/groupapp/groupAppsList.ftl
+++ b/maxkey-web-manage/src/main/resources/templates/views/groupapp/groupAppsList.ftl
@@ -11,6 +11,10 @@
 
				    	
			
 
				 	$(function () {
			
 
				 		$("#addGroupAppsBtn").on("click",function(){
			
 
				+			if($("#groupId").val()==""){
			
 
				+				$.alert({content:$.platform.messages.select.alertText});	
			
 
				+				return;
			
 
				+			}
			
 
				 			var settings={
			
 
				 					url		:	"<@base/>/groupPrivileges/addGroupAppsList/"+$("#groupId").val(),//window url
			
 
				 					title	:	"New",//title
			
--- a/maxkey-web-manage/src/main/resources/templates/views/groupuser/groupUsersList.ftl
+++ b/maxkey-web-manage/src/main/resources/templates/views/groupuser/groupUsersList.ftl
@@ -11,7 +11,11 @@
 
				 	
			
 
				 	
			
 
				 	$(function () {
			
 
				-		$("#insertGroupUserBtn").on("click",function(){		
			
 
				+		$("#insertGroupUserBtn").on("click",function(){	
			
 
				+			if($("#groupId").val()==""){
			
 
				+				$.alert({content:$.platform.messages.select.alertText});	
			
 
				+				return;
			
 
				+			}
			
 
				 			var settings={
			
 
				 							url		:	"<@base/>/groupMember/addGroupAppsList/"+$("#groupId").val(),//window url
			
 
				 							title	:	"New",//title
			
--- a/maxkey-web-manage/src/main/resources/templates/views/resources/resourceAdd.ftl
+++ b/maxkey-web-manage/src/main/resources/templates/views/resources/resourceAdd.ftl
@@ -15,6 +15,14 @@ $(function () {
 
				     $("#appId").val($.cookie("select_app_id"));
			
 
				     $("#parentId").val($.cookie("select_res_id"));
			
 
				     $("#parentName").val($.cookie("select_res_name"));
			
 
				+    
			
 
				+    if($("#parentId").val()==""){
			
 
				+		$.alert({
			
 
				+			content:$.platform.messages.select.alertText,
			
 
				+			callback:function (){$.closeWindow();}
			
 
				+		});	
			
 
				+		
			
 
				+	}
			
 
				 });
			
 
				 </script>
			
 
				 </head>
			
--- a/maxkey-web-manage/src/main/resources/templates/views/roleusers/roleUsersList.ftl
+++ b/maxkey-web-manage/src/main/resources/templates/views/roleusers/roleUsersList.ftl
@@ -12,6 +12,10 @@
 
				 	
			
 
				 	$(function () {
			
 
				 		$("#insertGroupUserBtn").on("click",function(){		
			
 
				+			if($("#roleId").val()==""){
			
 
				+				$.alert({content:$.platform.messages.select.alertText});	
			
 
				+				return;
			
 
				+			}
			
 
				 			var settings={
			
 
				 							url		:	"<@base/>/rolemembers/addRoleAppsList/"+$("#roleId").val(),//window url
			
 
				 							title	:	"New",//title
			
--- a/maxkey-web-manage/src/main/resources/templates/views/userinfo/userAdd.ftl
+++ b/maxkey-web-manage/src/main/resources/templates/views/userinfo/userAdd.ftl
@@ -51,7 +51,8 @@
 
				 	<tr>
			
 
				 		<td style="width:15%;"><@locale code="userinfo.username" />：</td>
			
 
				 		<td style="width:35%;">
			
 
				-		<input type="hidden" id="id" name="id" value=""/>
			
 
				+			<input type="hidden" id="id" name="id" value=""/>
			
 
				+			<input type="hidden" id="status" name="status" value="1"/>
			
 
				 			<input  class="form-control"  type="text" required="" id="username" name="username"  title="" value=""/>
			
 
				 		</td>
			
 
				 		<td style="width:15%;"><@locale code="login.text.password" />：</td>
			
--- a/maxkey-web-manage/src/main/resources/templates/views/userinfo/usersList.ftl
+++ b/maxkey-web-manage/src/main/resources/templates/views/userinfo/usersList.ftl
@@ -136,9 +136,13 @@ $(function () {
 
				 	    		}
			
 
				 	    	);//end tree
			
 
				 	    	
			
 
				-	$("#changepwdBtn").on("click",function(){	
			
 
				-			$("#changepwdBtnHidden").attr("wurl","<@base/>/userinfo/forwardChangePassword/"+$.dataGridSelRowsData("#datagrid")[0].id);
			
 
				-		   	$("#changepwdBtnHidden").click();	
			
 
				+	$("#changepwdBtn").on("click",function(){
			
 
				+	 	if($.dataGridSelRowsData("#datagrid")[0]==null){
			
 
				+			$.alert({content:$.platform.messages.select.alertText});
			
 
				+			return;
			
 
				+		}	
			
 
				+		$("#changepwdBtnHidden").attr("wurl","<@base/>/userinfo/forwardChangePassword/"+$.dataGridSelRowsData("#datagrid")[0].id);
			
 
				+		$("#changepwdBtnHidden").click();	
			
 
				 	});
			
 
				 	
			
 
				 });
			
--- a/maxkey-web-maxkey/src/main/resources/templates/views/layout/top.ftl
+++ b/maxkey-web-maxkey/src/main/resources/templates/views/layout/top.ftl
@@ -40,12 +40,13 @@
 
				 									<div  style="float:right;" >&nbsp;&nbsp;<@locale code="login.password.changepassword"/>&nbsp;&nbsp;</div>
			
 
				 								</a>
			
 
				 							</td>
			
 
				+							<#if  Session["current_authentication"].principal.roleAdministrators==true >
			
 
				 							<td id="manage" nowrap>
			
 
				 								<a target="_blank"  href="<@base/>/authz/maxkey_mgt">
			
 
				 									<div  style="float:right;" >&nbsp;&nbsp;<@locale code="global.text.manage"/>&nbsp;&nbsp;</div>
			
 
				 								</a>
			
 
				 							</td>
			
 
				-				
			
 
				+							</#if>
			
 
				 							<td id="logout" class="ui-widget-header" >
			
 
				 								<a  href="<@base/>/logout?reLoginUrl=login">
			
 
				 									<div  style="float:right;" >&nbsp;&nbsp;<@locale code="global.text.logout"/>&nbsp;&nbsp;</div>
			
--- a/sql/oldversions/maxkey_v2.2.0.GA.sql
+++ b/sql/oldversions/maxkey_v2.2.0.GA.sql