springsession & logout fix

springsession & logout fix

build.gradle

@@ -211,6 +211,10 @@ subprojects {
          compile group: 'org.springframework.boot', name: 'spring-boot-starter-tomcat', version:  "${springBootVersion}"
          compile group: 'org.springframework.boot', name: 'spring-boot-starter-data-redis', version: "${springBootVersion}"
          testCompile group: 'org.springframework.boot', name: 'spring-boot-starter-test', version:  "${springBootVersion}"
+         //spring-data
+         compile group: 'org.springframework.data', name: 'spring-data-commons', version: "${springDataVersion}"
+         compile group: 'org.springframework.data', name: 'spring-data-keyvalue', version: "${springDataVersion}"
+		 compile group: 'org.springframework.data', name: 'spring-data-redis', version: "${springDataVersion}"
          //spring-session
          compile group: 'org.springframework.session', name: 'spring-session-core', version: "${springSessionVersion}"
          compile group: 'org.springframework.session', name: 'spring-session-data-redis', version: "${springSessionVersion}"

gradle.properties

@@ -7,6 +7,7 @@ log4jVersion         	=2.13.3
 springVersion        	=5.2.9.RELEASE
 springBootVersion    	=2.3.4.RELEASE
 springSecurityVersion	=5.4.0
+springDataVersion    	=2.3.4.RELEASE
 springSessionVersion    =2.3.1.RELEASE
 hibernateVersion	 	=6.1.5.Final
 slf4jVersion	 	 	=1.7.30

maxkey-core/src/main/java/org/maxkey/autoconfigure/ApplicationAutoConfiguration.java

@@ -29,8 +29,8 @@ import org.maxkey.authn.RealmAuthenticationProvider;
 import org.maxkey.authn.SavedRequestAwareAuthenticationSuccessHandler;
 import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
 import org.maxkey.authn.support.rememberme.InMemoryRemeberMeService;
-import org.maxkey.authn.support.rememberme.JdbcRemeberMeService;
 import org.maxkey.authn.support.rememberme.RedisRemeberMeService;
+import org.maxkey.constants.ConstantsPersistence;
 import org.maxkey.constants.ConstantsProperties;
 import org.maxkey.crypto.keystore.KeyStoreLoader;
 import org.maxkey.crypto.password.LdapShaPasswordEncoder;
@@ -189,16 +189,16 @@ public class ApplicationAutoConfiguration  implements InitializingBean {
             @Value("${config.server.persistence}") int persistence,
             @Value("${config.login.remeberme.validity}") int validity,
             JdbcTemplate jdbcTemplate,
-            RedisConnectionFactory jedisConnectionFactory) {
+            RedisConnectionFactory redisConnFactory) {
         AbstractRemeberMeService remeberMeService = null;
-        if (persistence == 0) {
+        if (persistence == ConstantsPersistence.INMEMORY) {
             remeberMeService = new InMemoryRemeberMeService();
             _logger.debug("InMemoryRemeberMeService");
-        } else if (persistence == 1) {
-            remeberMeService = new JdbcRemeberMeService(jdbcTemplate);
-            _logger.debug("JdbcRemeberMeService");
-        } else if (persistence == 2) {
-            remeberMeService = new RedisRemeberMeService(jedisConnectionFactory);
+        } else if (persistence == ConstantsPersistence.JDBC) {
+            //remeberMeService = new JdbcRemeberMeService(jdbcTemplate);
+            _logger.debug("JdbcRemeberMeService not support "); 
+        } else if (persistence == ConstantsPersistence.REDIS) {
+            remeberMeService = new RedisRemeberMeService(redisConnFactory);
             _logger.debug("RedisRemeberMeService");
         }
         return remeberMeService;

maxkey-core/src/main/java/org/maxkey/autoconfigure/RedisAutoConfiguration.java

@@ -46,7 +46,7 @@ public class RedisAutoConfiguration implements InitializingBean {
      * @return RedisConnectionFactory
      */
     @Bean
-    public RedisConnectionFactory redisConnectionFactory(
+    public RedisConnectionFactory redisConnFactory(
             @Value("${spring.redis.host}")
             String host,
             @Value("${spring.redis.port}")
@@ -63,7 +63,7 @@ public class RedisAutoConfiguration implements InitializingBean {
             int maxIdle,
             @Value("${spring.redis.lettuce.pool.min-idle}")
             int minIdle) {
-        _logger.debug("RedisConnectionFactory init .");
+        _logger.debug("redisConnFactory init .");
         RedisConnectionFactory factory = new RedisConnectionFactory();
         factory.setHostName(host);
         factory.setPort(port);

maxkey-core/src/main/java/org/maxkey/autoconfigure/SessionRedisAutoConfiguration.java

@@ -23,6 +23,7 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.beans.factory.ObjectProvider;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.context.annotation.PropertySource;
@@ -31,6 +32,7 @@ import org.springframework.session.web.http.CookieSerializer;
 import org.springframework.session.web.http.DefaultCookieSerializer;
 
 @Configuration
+@ConditionalOnProperty(value = "spring.session.store-type", havingValue = "redis", matchIfMissing = false)
 @EnableRedisHttpSession
 @PropertySource(ConstantsProperties.applicationPropertySource)
 public class SessionRedisAutoConfiguration implements InitializingBean {
@@ -44,6 +46,7 @@ public class SessionRedisAutoConfiguration implements InitializingBean {
 
     @Bean
     public CookieSerializer cookieSerializer() {
+        _logger.debug("CookieSerializer Default .");
         DefaultCookieSerializer serializer = new DefaultCookieSerializer();
         serializer.setCookieName("JSESSIONID"); 
         serializer.setCookiePath("/"); 

maxkey-core/src/main/java/org/maxkey/constants/ConstantsPersistence.java

@@ -0,0 +1,33 @@
+/*
+ * Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+ 
+
+package org.maxkey.constants;
+
+/**
+ * PROTOCOLS.
+ * @author Crystal.Sea
+ *
+ */
+public final class ConstantsPersistence {
+
+    public static final int INMEMORY = 0;
+
+    public static final int JDBC = 1;
+
+    public static final int REDIS = 2;
+
+}

maxkey-web-manage/src/main/resources/application.properties

@@ -2,7 +2,7 @@
 #application
 application.title=MaxKey
 application.name=MaxKey-Mgt
-application.formatted-version=v2.2.0 GA
+application.formatted-version=v2.2.1 GA
 #server config
 #server port
 server.port=9521
@@ -33,6 +33,7 @@ spring.redis.jedis.pool.max-wait=1000
 spring.redis.jedis.pool.max-idle=200
 spring.redis.lettuce.pool.max-active=-1
 spring.redis.lettuce.pool.min-idle=0
+
 #mail
 spring.mail.default-encoding=utf-8
 spring.mail.host=smtp.163.com
@@ -62,6 +63,7 @@ spring.messages.encoding=UTF-8
 spring.main.banner-mode=log
 spring.main.allow-bean-definition-overriding=true
 # Session store type.
+spring.session.store-type=none
 #spring.session.store-type=redis
 # Session timeout. If a duration suffix is not specified, seconds is used.
 #server.servlet.session.timeout=1800

maxkey-web-maxkey/src/main/java/org/maxkey/autoconfigure/CasAutoConfiguration.java

@@ -19,10 +19,10 @@ package org.maxkey.autoconfigure;
 
 import org.maxkey.authz.cas.endpoint.ticket.service.InMemoryTicketGrantingTicketServices;
 import org.maxkey.authz.cas.endpoint.ticket.service.InMemoryTicketServices;
-import org.maxkey.authz.cas.endpoint.ticket.service.JdbcTicketServices;
 import org.maxkey.authz.cas.endpoint.ticket.service.RedisTicketGrantingTicketServices;
 import org.maxkey.authz.cas.endpoint.ticket.service.RedisTicketServices;
 import org.maxkey.authz.cas.endpoint.ticket.service.TicketServices;
+import org.maxkey.constants.ConstantsPersistence;
 import org.maxkey.constants.ConstantsProperties;
 import org.maxkey.persistence.redis.RedisConnectionFactory;
 import org.slf4j.Logger;
@@ -54,16 +54,16 @@ public class CasAutoConfiguration implements InitializingBean {
             @Value("${config.server.persistence}") int persistence,
             @Value("${config.login.remeberme.validity}") int validity,
             JdbcTemplate jdbcTemplate,
-            RedisConnectionFactory jedisConnectionFactory) {
+            RedisConnectionFactory redisConnFactory) {
         TicketServices casTicketServices = null;
-        if (persistence == 0) {
+        if (persistence == ConstantsPersistence.INMEMORY) {
             casTicketServices = new InMemoryTicketServices();
             _logger.debug("InMemoryTicketServices");
-        } else if (persistence == 1) {
-            casTicketServices = new JdbcTicketServices(jdbcTemplate);
-            _logger.debug("JdbcTicketServices");
-        } else if (persistence == 2) {
-            casTicketServices = new RedisTicketServices(jedisConnectionFactory);
+        } else if (persistence == ConstantsPersistence.JDBC) {
+            //casTicketServices = new JdbcTicketServices(jdbcTemplate);
+            _logger.debug("JdbcTicketServices not support ");
+        } else if (persistence == ConstantsPersistence.REDIS) {
+            casTicketServices = new RedisTicketServices(redisConnFactory);
             _logger.debug("RedisTicketServices");
         }
         return casTicketServices;
@@ -80,17 +80,17 @@ public class CasAutoConfiguration implements InitializingBean {
             @Value("${config.server.persistence}") int persistence,
             @Value("${config.login.remeberme.validity}") int validity,
             JdbcTemplate jdbcTemplate,
-            RedisConnectionFactory jedisConnectionFactory) {
+            RedisConnectionFactory redisConnFactory) {
         TicketServices casTicketServices = null;
-        if (persistence == 0) {
+        if (persistence == ConstantsPersistence.INMEMORY) {
             casTicketServices = new InMemoryTicketGrantingTicketServices();
             _logger.debug("InMemoryTicketGrantingTicketServices");
-        } else if (persistence == 1) {
+        } else if (persistence == ConstantsPersistence.JDBC) {
             //
-            //casTicketServices = new JdbcTicketServices(jdbcTemplate);
-            _logger.debug("JdbcTicketServices not support ");
-        } else if (persistence == 2) {
-            casTicketServices = new RedisTicketGrantingTicketServices(jedisConnectionFactory);
+            //casTicketServices = new JdbcTicketGrantingTicketServices(jdbcTemplate);
+            _logger.debug("JdbcTicketGrantingTicketServices not support ");
+        } else if (persistence == ConstantsPersistence.REDIS) {
+            casTicketServices = new RedisTicketGrantingTicketServices(redisConnFactory);
             _logger.debug("RedisTicketServices");
         }
         return casTicketServices;

maxkey-web-maxkey/src/main/java/org/maxkey/autoconfigure/Oauth20AutoConfiguration.java

@@ -34,18 +34,17 @@ import org.maxkey.authz.oauth2.provider.client.ClientDetailsUserDetailsService;
 import org.maxkey.authz.oauth2.provider.client.JdbcClientDetailsService;
 import org.maxkey.authz.oauth2.provider.code.AuthorizationCodeServices;
 import org.maxkey.authz.oauth2.provider.code.InMemoryAuthorizationCodeServices;
-import org.maxkey.authz.oauth2.provider.code.JdbcAuthorizationCodeServices;
 import org.maxkey.authz.oauth2.provider.code.RedisAuthorizationCodeServices;
 import org.maxkey.authz.oauth2.provider.endpoint.TokenEndpointAuthenticationFilter;
 import org.maxkey.authz.oauth2.provider.request.DefaultOAuth2RequestFactory;
 import org.maxkey.authz.oauth2.provider.token.TokenStore;
 import org.maxkey.authz.oauth2.provider.token.DefaultTokenServices;
 import org.maxkey.authz.oauth2.provider.token.store.InMemoryTokenStore;
-import org.maxkey.authz.oauth2.provider.token.store.JdbcTokenStore;
 import org.maxkey.authz.oauth2.provider.token.store.JwtAccessTokenConverter;
 import org.maxkey.authz.oauth2.provider.token.store.RedisTokenStore;
 import org.maxkey.authz.oidc.idtoken.OIDCIdTokenEnhancer;
 import org.maxkey.configuration.oidc.OIDCProviderMetadataDetails;
+import org.maxkey.constants.ConstantsPersistence;
 import org.maxkey.constants.ConstantsProperties;
 import org.maxkey.crypto.jose.keystore.JWKSetKeyStore;
 import org.maxkey.crypto.jwt.encryption.service.impl.DefaultJwtEncryptionAndDecryptionService;
@@ -107,7 +106,7 @@ public class Oauth20AutoConfiguration implements InitializingBean {
             URI tokenEndpoint,
             @Value("${config.oidc.metadata.userinfoEndpoint}")
             URI userinfoEndpoint) {
-        _logger.debug("RedisConnectionFactory init .");
+        _logger.debug("OIDCProviderMetadataDetails init .");
         OIDCProviderMetadataDetails oidcProviderMetadata = new OIDCProviderMetadataDetails();
         oidcProviderMetadata.setIssuer(issuer);
         oidcProviderMetadata.setAuthorizationEndpoint(authorizationEndpoint);
@@ -213,16 +212,16 @@ public class Oauth20AutoConfiguration implements InitializingBean {
     public AuthorizationCodeServices oauth20AuthorizationCodeServices(
             @Value("${config.server.persistence}") int persistence,
             JdbcTemplate jdbcTemplate,
-            RedisConnectionFactory jedisConnectionFactory) {
+            RedisConnectionFactory redisConnFactory) {
         AuthorizationCodeServices authorizationCodeServices = null;
-        if (persistence == 0) {
+        if (persistence == ConstantsPersistence.INMEMORY) {
             authorizationCodeServices = new InMemoryAuthorizationCodeServices();
             _logger.debug("InMemoryAuthorizationCodeServices");
-        } else if (persistence == 1) {
-            authorizationCodeServices = new JdbcAuthorizationCodeServices(jdbcTemplate);
-            _logger.debug("JdbcAuthorizationCodeServices");
-        } else if (persistence == 2) {
-            authorizationCodeServices = new RedisAuthorizationCodeServices(jedisConnectionFactory);
+        } else if (persistence == ConstantsPersistence.JDBC) {
+            //authorizationCodeServices = new JdbcAuthorizationCodeServices(jdbcTemplate);
+            _logger.debug("JdbcAuthorizationCodeServices not support "); 
+        } else if (persistence == ConstantsPersistence.REDIS) {
+            authorizationCodeServices = new RedisAuthorizationCodeServices(redisConnFactory);
             _logger.debug("RedisAuthorizationCodeServices");
         }
         return authorizationCodeServices;
@@ -237,16 +236,16 @@ public class Oauth20AutoConfiguration implements InitializingBean {
     public TokenStore oauth20TokenStore(
             @Value("${config.server.persistence}") int persistence,
             JdbcTemplate jdbcTemplate,
-            RedisConnectionFactory jedisConnectionFactory) {
+            RedisConnectionFactory redisConnFactory) {
         TokenStore tokenStore = null;
-        if (persistence == 0) {
+        if (persistence == ConstantsPersistence.INMEMORY) {
             tokenStore = new InMemoryTokenStore();
             _logger.debug("InMemoryTokenStore");
-        } else if (persistence == 1) {
-            tokenStore = new JdbcTokenStore(jdbcTemplate);
-            _logger.debug("JdbcTokenStore");
-        } else if (persistence == 2) {
-            tokenStore = new RedisTokenStore(jedisConnectionFactory);
+        } else if (persistence == ConstantsPersistence.JDBC) {
+            //tokenStore = new JdbcTokenStore(jdbcTemplate);
+            _logger.debug("JdbcTokenStore not support "); 
+        } else if (persistence == ConstantsPersistence.REDIS) {
+            tokenStore = new RedisTokenStore(redisConnFactory);
             _logger.debug("RedisTokenStore");
         }
         return tokenStore;

maxkey-web-maxkey/src/main/java/org/maxkey/web/endpoint/LogoutEndpoint.java

@@ -81,6 +81,11 @@ public class LogoutEndpoint {
 	 		}
  		}
  		
+ 		//not start with http or https
+ 		if(reLoginUrl!=null && !reLoginUrl.toLowerCase().startsWith("http")) {
+ 		   reLoginUrl=WebContext.getHttpContextPath()+"/"+reLoginUrl;
+ 		}
+ 		
  		_logger.debug("re Login URL : "+ reLoginUrl);
  		
  		modelAndView.addObject("reloginUrl",reLoginUrl);

maxkey-web-maxkey/src/main/resources/application.properties

@@ -2,7 +2,7 @@
 #application
 application.title=MaxKey
 application.name=MaxKey
-application.formatted-version=v2.2.0 GA
+application.formatted-version=v2.2.1 GA
 #server config
 #spring.profiles.active=dev
 #server port
@@ -41,6 +41,7 @@ spring.redis.jedis.pool.max-wait=1000
 spring.redis.jedis.pool.max-idle=200
 spring.redis.lettuce.pool.max-active=-1
 spring.redis.lettuce.pool.min-idle=0
+
 #mail
 spring.mail.default-encoding=utf-8
 spring.mail.host=smtp.163.com
@@ -69,7 +70,9 @@ spring.messages.encoding=UTF-8
 #main
 spring.main.banner-mode=log
 spring.main.allow-bean-definition-overriding=true
+ 
 # Session store type.
+spring.session.store-type=none
 #spring.session.store-type=redis
 # Session timeout. If a duration suffix is not specified, seconds is used.
 #server.servlet.session.timeout=1800