删除 Api接口相关内容

maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/autoconfigure/MaxKeyMgtMvcConfig.java

@@ -23,7 +23,6 @@ import org.maxkey.authn.provider.AbstractAuthenticationProvider;
 import org.maxkey.authn.web.CurrentUserMethodArgumentResolver;
 import org.maxkey.authn.web.interceptor.PermissionInterceptor;
 import org.maxkey.configuration.ApplicationConfig;
-import org.maxkey.web.interceptor.RestApiPermissionAdapter;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -49,9 +48,6 @@ public class MaxKeyMgtMvcConfig implements WebMvcConfigurer {
     @Autowired
     PermissionInterceptor permissionInterceptor;
     
-    @Autowired
-    RestApiPermissionAdapter restApiPermissionAdapter;
-    
     @Override
     public void addResourceHandlers(ResourceHandlerRegistry registry) {
     	_logger.debug("add Resource Handlers");
@@ -115,19 +111,6 @@ public class MaxKeyMgtMvcConfig implements WebMvcConfigurer {
                 ;
         
         _logger.debug("add Permission Adapter");
-
-        /*
-         * api
-         * idm
-         * scim
-         * */
-        registry.addInterceptor(restApiPermissionAdapter)
-                .addPathPatterns("/api/**")
-                .addPathPatterns("/api/idm/**")
-                .addPathPatterns("/api/idm/scim/**")
-                ;
-		
-        _logger.debug("add Rest Api Permission Adapter");
         
     }
     

maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/api/endpoint/RestTimeBasedOtpController.java

@@ -1,60 +0,0 @@
-/*
- * Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
- * 
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- * 
- *     http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
- 
-
-package org.maxkey.web.api.endpoint;
-
-import org.maxkey.entity.UserInfo;
-import org.maxkey.password.onetimepwd.AbstractOtpAuthn;
-import org.maxkey.persistence.service.UserInfoService;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Controller;
-import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestMethod;
-import org.springframework.web.bind.annotation.RequestParam;
-import org.springframework.web.bind.annotation.ResponseBody;
-import io.swagger.v3.oas.annotations.Operation;
-import io.swagger.v3.oas.annotations.tags.Tag;
-
-@Tag(name = "基于时间令牌验证 API文档模块")
-@Controller
-@RequestMapping(value={"/im/api/otp"})
-public class RestTimeBasedOtpController {
-
-	@Autowired
-    protected AbstractOtpAuthn timeBasedOtpAuthn;
-    
-    @Autowired
-    private UserInfoService userInfoService;
-    
-    @Operation(summary = "基于时间令牌验证 API文档模块", description = "传递参数username和token",method="GET")
-    @ResponseBody
-    @RequestMapping(value = "/timebased/validate", method = RequestMethod.GET)
-    public boolean getUser(@RequestParam String username,
-    							 @RequestParam String token) {
-    	
-    	UserInfo validUserInfo = userInfoService.findByUsername(username);
-    	if(validUserInfo != null) {
-    		if(timeBasedOtpAuthn.validate(validUserInfo, token)) {
-    			return true;
-    		}
-    	}
-    	
-        return false;
-    }
-
- 
-}

maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/interceptor/Oauth20ApiPermissionAdapter.java

@@ -1,80 +0,0 @@
-/*
- * Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
- * 
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- * 
- *     http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
- 
-
-package org.maxkey.web.interceptor;
-
-import java.util.concurrent.ConcurrentHashMap;
-
-import javax.servlet.RequestDispatcher;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.maxkey.authz.oauth2.provider.OAuth2Authentication;
-import org.maxkey.authz.oauth2.provider.token.DefaultTokenServices;
-import org.maxkey.crypto.password.PasswordReciprocal;
-import org.maxkey.util.RequestTokenUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.stereotype.Component;
-import org.springframework.web.servlet.AsyncHandlerInterceptor;
-
-/**
- * OAuth v2.0 accessToken认证Interceptor处理.
- * @author Crystal.Sea
- *
- */
-@Component
-public class Oauth20ApiPermissionAdapter  implements AsyncHandlerInterceptor  {
-	private static final Logger _logger = LoggerFactory.getLogger(Oauth20ApiPermissionAdapter.class);
-	
-	@Autowired
-    protected PasswordReciprocal passwordReciprocal;
-	
-	@Autowired
-    private DefaultTokenServices oauth20TokenServices;
-	
-	static  ConcurrentHashMap<String ,String >navigationsMap=null;
-	
-	/*
-	 * 请求前处理
-	 *  (non-Javadoc)
-	 * @see org.springframework.web.servlet.handler.HandlerInterceptorAdapter#preHandle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object)
-	 */
-	@Override
-	public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
-		 _logger.trace("OAuth20 API Permission Adapter pre handle");
-		 String accessToken =  RequestTokenUtils.resolveAccessToken(request);
-		 _logger.trace("access_token {} " , accessToken);
-		 try {
-			 OAuth2Authentication authentication = oauth20TokenServices.loadAuthentication(accessToken);
-			//判断应用的accessToken信息
-			if(authentication != null ){
-			    _logger.trace("authentication "+ authentication);
-			    return true;
-			}
-		 }catch(Exception e) {
-			 _logger.error("load Authentication Exception ! ",e);
-		 }
-		
-		_logger.trace("No Authentication ... forward to /login");
-        RequestDispatcher dispatcher = request.getRequestDispatcher("/login");
-        dispatcher.forward(request, response);
-        
-		return false;
-	}
-}

maxkey-webs/maxkey-web-mgt/src/main/java/org/maxkey/web/interceptor/RestApiPermissionAdapter.java

@@ -1,112 +0,0 @@
-/*
- * Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
- * 
- * Licensed under the Apache License, Version 2.0 (the "License");
- * you may not use this file except in compliance with the License.
- * You may obtain a copy of the License at
- * 
- *     http://www.apache.org/licenses/LICENSE-2.0
- * 
- * Unless required by applicable law or agreed to in writing, software
- * distributed under the License is distributed on an "AS IS" BASIS,
- * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- * See the License for the specific language governing permissions and
- * limitations under the License.
- */
- 
-
-package org.maxkey.web.interceptor;
-
-import java.util.concurrent.ConcurrentHashMap;
-import javax.servlet.RequestDispatcher;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import org.maxkey.authn.web.AuthorizationUtils;
-import org.maxkey.authz.oauth2.provider.OAuth2Authentication;
-import org.maxkey.authz.oauth2.provider.token.DefaultTokenServices;
-import org.maxkey.util.AuthorizationHeader;
-import org.maxkey.util.AuthorizationHeaderUtils;
-import org.maxkey.util.StringUtils;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.authentication.ProviderManager;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.userdetails.User;
-import org.springframework.stereotype.Component;
-import org.springframework.web.servlet.AsyncHandlerInterceptor;
-
-/**
- * basic认证Interceptor处理.
- * @author Crystal.Sea
- *
- */
-@Component
-public class RestApiPermissionAdapter  implements AsyncHandlerInterceptor  {
-	private static final Logger _logger = LoggerFactory.getLogger(RestApiPermissionAdapter.class);
-
-	@Autowired
-	DefaultTokenServices oauth20TokenServices;
-
-	@Autowired
-	ProviderManager oauth20ClientAuthenticationManager;
-	
-	static  ConcurrentHashMap<String ,String >navigationsMap=null;
-	
-	/*
-	 * 请求前处理
-	 *  (non-Javadoc)
-	 * @see org.springframework.web.servlet.handler.HandlerInterceptorAdapter#preHandle(javax.servlet.http.HttpServletRequest, javax.servlet.http.HttpServletResponse, java.lang.Object)
-	 */
-	@Override
-	public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
-		_logger.trace("Rest API Permission Adapter pre handle");
-		 AuthorizationHeader headerCredential = AuthorizationHeaderUtils.resolve(request);
-		 
-		//判断应用的AppId和Secret
-		if(headerCredential != null){
-			UsernamePasswordAuthenticationToken authenticationToken = null;
-			if(headerCredential.isBasic()) {
-			    if(StringUtils.isNotBlank(headerCredential.getUsername())&&
-			    		StringUtils.isNotBlank(headerCredential.getCredential())
-			    		) {
-			    	UsernamePasswordAuthenticationToken authRequest = 
-							new UsernamePasswordAuthenticationToken(
-									headerCredential.getUsername(),
-									headerCredential.getCredential());
-			    	authenticationToken= (UsernamePasswordAuthenticationToken)oauth20ClientAuthenticationManager.authenticate(authRequest);
-			    }
-			}else {
-				_logger.trace("Authentication bearer {}" , headerCredential.getCredential());
-				OAuth2Authentication oauth2Authentication = 
-						oauth20TokenServices.loadAuthentication(headerCredential.getCredential());
-				
-				if(oauth2Authentication != null) {
-					_logger.trace("Authentication token {}" , oauth2Authentication.getPrincipal().toString());
-					authenticationToken= new UsernamePasswordAuthenticationToken(
-			    			new User(
-			    					oauth2Authentication.getPrincipal().toString(), 
-			    					"CLIENT_SECRET", 
-			    					oauth2Authentication.getAuthorities()), 
-	                        "PASSWORD", 
-	                        oauth2Authentication.getAuthorities()
-	                );
-				}else {
-					_logger.trace("Authentication token is null ");
-				}
-			}
-			
-			if(authenticationToken !=null && authenticationToken.isAuthenticated()) {
-				AuthorizationUtils.setAuthentication(authenticationToken);
-				return true;
-			}
-		}
-		
-		_logger.trace("No Authentication ... forward to /login");
-        RequestDispatcher dispatcher = request.getRequestDispatcher("/login");
-        dispatcher.forward(request, response);
-        
-		return false;
-	}
-}