shimingxy 1 giorno fa
parent
commit
6cda394ec1

+ 19 - 45
maxkey-authentications/maxkey-authentication-provider/src/main/java/org/dromara/maxkey/authn/support/jwt/HttpJwtEntryPoint.java

@@ -43,12 +43,12 @@ public class HttpJwtEntryPoint {
     private static final Logger _logger = LoggerFactory.getLogger(HttpJwtEntryPoint.class);
     
     @Autowired
-      ApplicationConfig applicationConfig;
+    ApplicationConfig applicationConfig;
     
-      @Autowired
+    @Autowired
     AbstractAuthenticationProvider authenticationProvider ;
       
-      @Autowired
+    @Autowired
     AuthTokenService authTokenService;
       
     @Autowired
@@ -57,53 +57,27 @@ public class HttpJwtEntryPoint {
     @RequestMapping(value={"/jwt"}, produces = {MediaType.APPLICATION_JSON_VALUE},method={RequestMethod.GET,RequestMethod.POST})
     public Message<AuthJwt> jwt(@RequestParam(value = WebConstants.JWT_TOKEN_PARAMETER, required = true) String jwt) {
         try {
-            //for jwt Login
-             _logger.debug("jwt : {}" , jwt);
-    
-             SignedJWT signedJWT = jwtLoginService.jwtTokenValidation(jwt);
-             
-             if(signedJWT != null) {
-                 String username =signedJWT.getJWTClaimsSet().getSubject();
-                 LoginCredential loginCredential =new LoginCredential(username,"",ConstsLoginType.JWT);
-                 Authentication  authentication = authenticationProvider.authenticate(loginCredential,true);
-                 _logger.debug("JWT Logined in , username {}" , username);
-                 AuthJwt authJwt = authTokenService.genAuthJwt(authentication);
-                  return new Message<>(authJwt);
-             }
+        	if(applicationConfig.getLoginConfig().isJwt()) {
+	            //for jwt Login
+	             _logger.debug("jwt : {}" , jwt);
+	             SignedJWT signedJWT = jwtLoginService.jwtTokenValidation(jwt);
+	             if(signedJWT != null) {
+	                 String subject =signedJWT.getJWTClaimsSet().getSubject();
+	                 LoginCredential loginCredential =new LoginCredential(subject,"",ConstsLoginType.JWT);
+	                 Authentication  authentication = authenticationProvider.authenticate(loginCredential,true);
+	                 _logger.debug("JWT Logined in , subject {}" , subject);
+	                 AuthJwt authJwt = authTokenService.genAuthJwt(authentication);
+	                  return new Message<>(authJwt);
+	             }
+        	}else {
+				_logger.debug("JWT Login is not enabled.");
+        	}
         }catch(Exception e) {
             _logger.error("Exception ",e);
         }
-        
-         return new Message<>(Message.FAIL);
+        return new Message<>(Message.FAIL);
     }
     
-    /**
-     * trust same HS512
-     * @param jwt
-     * @return
-     */
-    @RequestMapping(value={"/jwt/trust"}, produces = {MediaType.APPLICATION_JSON_VALUE},method={RequestMethod.GET,RequestMethod.POST})
-    public Message<AuthJwt> jwtTrust(@RequestParam(value = WebConstants.JWT_TOKEN_PARAMETER, required = true) String jwt) {
-        try {
-            //for jwt Login
-             _logger.debug("jwt : {}" , jwt);
-
-             if(authTokenService.validateJwtToken(jwt)) {
-                 String username =authTokenService.resolve(jwt).getSubject();
-                 LoginCredential loginCredential =new LoginCredential(username,"",ConstsLoginType.JWT);
-                 Authentication  authentication = authenticationProvider.authenticate(loginCredential,true);
-                 _logger.debug("JWT Logined in , username {}" , username);
-                 AuthJwt authJwt = authTokenService.genAuthJwt(authentication);
-                  return new Message<>(authJwt);
-             }
-        }catch(Exception e) {
-            _logger.error("Exception ",e);
-        }
-        
-         return new Message<>(Message.FAIL);
-    }
-
-
     public void setApplicationConfig(ApplicationConfig applicationConfig) {
         this.applicationConfig = applicationConfig;
     }

+ 12 - 1
maxkey-commons/maxkey-core/src/main/java/org/dromara/maxkey/configuration/LoginConfig.java

@@ -41,6 +41,9 @@ public class LoginConfig {
     @Value("${maxkey.login.wsfederation:false}")
     boolean wsFederation;
     
+    @Value("${maxkey.login.jwt:false}")
+    boolean jwt;
+    
     @Value("${maxkey.login.cas.serverUrlPrefix:http://sso.maxkey.top/sign/authz/cas}")
     String casServerUrlPrefix;
     
@@ -119,7 +122,15 @@ public class LoginConfig {
         this.captchaType = captchaType;
     }
 
-    @Override
+    public boolean isJwt() {
+		return jwt;
+	}
+
+	public void setJwt(boolean jwt) {
+		this.jwt = jwt;
+	}
+
+	@Override
     public String toString() {
         StringBuilder builder = new StringBuilder();
         builder.append("LoginConfig [mfa=");

+ 1 - 1
maxkey-webs/maxkey-web-maxkey/src/main/resources/application-maxkey.properties

@@ -79,7 +79,7 @@ maxkey.login.remeberme                          =${LOGIN_REMEBERME:true}
 #validity day          
 maxkey.login.remeberme.validity                 =0
 #JWT support
-maxkey.login.jwt                                =${LOGIN_JWT:true}
+maxkey.login.jwt                                =${LOGIN_JWT:false}
 maxkey.login.jwt.issuer                         =${LOGIN_JWT_ISSUER:${maxkey.server.authz.uri}}
 #whitelist       
 maxkey.ipaddress.whitelist                      =false

+ 1 - 1
maxkey-webs/maxkey-web-mgt/src/main/resources/application-maxkey-mgt.properties

@@ -64,7 +64,7 @@ maxkey.login.remeberme.validity                 =0
 #ipaddress whitelist
 maxkey.ipaddress.whitelist                      =false
 #JWT support
-maxkey.login.jwt                                =${LOGIN_JWT:true}
+maxkey.login.jwt                                =${LOGIN_JWT:false}
 maxkey.login.jwt.issuer                         =${LOGIN_JWT_ISSUER:${maxkey.server.authz.uri}}
 #CAS support
 maxkey.login.cas.serverUrlPrefix			    =${LOGIN_CAS_SERVER:http://sso.maxkey.top/sign/authz/cas}