changeSession login

maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java

@@ -18,6 +18,8 @@
 package org.maxkey.authn;
 
 import java.util.ArrayList;
+import java.util.HashMap;
+
 import org.maxkey.authn.online.OnlineTicketServices;
 import org.maxkey.authn.realm.AbstractAuthenticationRealm;
 import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
@@ -100,6 +102,8 @@ public abstract class AbstractAuthenticationProvider {
             throws AuthenticationException {
         _logger.debug("Trying to authenticate user '{}' via {}", 
                 loginCredential.getPrincipal(), getProviderName());
+        // 登录SESSION
+        _logger.debug("Login  Session {}.", WebContext.getSession().getId());
         Authentication authentication = null;
         try {
             authentication = doInternalAuthenticate(loginCredential);
@@ -121,33 +125,34 @@ public abstract class AbstractAuthenticationProvider {
         // user authenticated
         _logger.debug("'{}' authenticated successfully by {}.", 
                 authentication.getPrincipal(), getProviderName());
-
-        final UserInfo userInfo = WebContext.getUserInfo();
-        final Object passwordSetType = WebContext.getSession()
-                .getAttribute(WebConstants.CURRENT_LOGIN_USER_PASSWORD_SET_TYPE);
-        // 登录完成后切换SESSION
-        _logger.debug("Login  Session {}.", WebContext.getSession().getId());
         
-        final Object firstSavedRequest =
-                WebContext.getAttribute(WebConstants.FIRST_SAVED_REQUEST_PARAMETER);
-        //change Session
+        changeSession(authentication);
+        
+        authenticationRealm.insertLoginHistory(
+                WebContext.getUserInfo(), ConstantsLoginType.LOCAL, "", "xe00000004", "success");
+        
+        return authentication;
+    }
+    
+    protected void changeSession(Authentication authentication) {
+        
+        HashMap<String,Object> sessionAttributeMap = new HashMap<String,Object>();
+        for(String attributeName : WebContext.sessionAttributeNameList) {
+            sessionAttributeMap.put(attributeName, WebContext.getAttribute(attributeName));
+        }
+        
+        //new Session        
         WebContext.getSession().invalidate();
+        
+        for(String attributeName : WebContext.sessionAttributeNameList) {
+            WebContext.setAttribute(attributeName, sessionAttributeMap.get(attributeName));
+        }
+        
         WebContext.setAttribute(
                 WebConstants.CURRENT_USER_SESSION_ID, WebContext.getSession().getId());
         _logger.debug("Login Success Session {}.", WebContext.getSession().getId());
-
-        authenticationRealm.insertLoginHistory(
-                userInfo, ConstantsLoginType.LOCAL, "", "xe00000004", "success");
-
-        WebContext.setAttribute(WebConstants.FIRST_SAVED_REQUEST_PARAMETER,firstSavedRequest);
-        // 认证设置
-        WebContext.setAuthentication(authentication);
-        WebContext.setUserInfo(userInfo);
-        WebContext.getSession().setAttribute(
-                WebConstants.CURRENT_LOGIN_USER_PASSWORD_SET_TYPE, passwordSetType);
-
-        return authentication;
     }
+   
 
     /**
      * session validate.

maxkey-core/src/main/java/org/maxkey/web/WebConstants.java

@@ -54,7 +54,11 @@ public class WebConstants {
     public static final  String KAPTCHA_SESSION_KEY = "kaptcha_session_key";
 
     public static final String SINGLE_SIGN_ON_APP_ID = "single_sign_on_app_id";
-
+    
+    public static final String AUTHORIZE_SIGN_ON_APP = "authorize_sign_on_app";
+    
+    public static final String AUTHORIZE_SIGN_ON_APP_SAMLV20_ADAPTER = "authorize_sign_on_app_samlv20_adapter";
+    
     public static final String REMEBER_ME_SESSION = "remeber_me_session";
 
     public static final String KERBEROS_TOKEN_PARAMETER = "kerberosToken";

maxkey-core/src/main/java/org/maxkey/web/WebContext.java

@@ -19,6 +19,7 @@ package org.maxkey.web;
 
 import java.io.UnsupportedEncodingException;
 import java.net.URLEncoder;
+import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.Locale;
 import java.util.Map;
@@ -55,6 +56,17 @@ public final class WebContext {
     final static Logger _logger = LoggerFactory.getLogger(WebContext.class);
     
     public static Properties properties;
+    
+    public static ArrayList<String> sessionAttributeNameList = new ArrayList<String>();
+    
+    static {
+        sessionAttributeNameList.add(WebConstants.CURRENT_LOGIN_USER_PASSWORD_SET_TYPE);
+        sessionAttributeNameList.add(WebConstants.FIRST_SAVED_REQUEST_PARAMETER);
+        sessionAttributeNameList.add(WebConstants.AUTHENTICATION);
+        sessionAttributeNameList.add(WebConstants.CURRENT_USER);
+        sessionAttributeNameList.add(WebConstants.AUTHORIZE_SIGN_ON_APP_SAMLV20_ADAPTER);
+        sessionAttributeNameList.add(WebConstants.AUTHORIZE_SIGN_ON_APP);
+    }
      
     /**
      * set Current login user to session.

maxkey-persistence/src/main/resources/org/maxkey/persistence/mapper/xml/mysql/AppsMapper.xml

@@ -162,6 +162,7 @@
         WHERE
             APP.ID=GP.APPID
             AND GP.GROUPID=G.ID
+            AND APP.VISIBLE != 0
             AND (
             	 G.ID='ROLE_ALL_USER'
                  OR G.ID IN(

maxkey-protocols/maxkey-protocol-authorize/src/main/java/org/maxkey/authz/endpoint/AuthorizeBaseEndpoint.java

@@ -27,6 +27,7 @@ import org.maxkey.domain.UserInfo;
 import org.maxkey.domain.apps.Apps;
 import org.maxkey.persistence.service.AccountsService;
 import org.maxkey.persistence.service.AppsService;
+import org.maxkey.web.WebConstants;
 import org.maxkey.web.WebContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -54,11 +55,11 @@ public class AuthorizeBaseEndpoint {
 	protected AccountsService accountsService;
 		
 	protected Apps getApp(String id){
-		Apps  app=(Apps)WebContext.getAttribute(AuthorizeBaseEndpoint.class.getName());
+		Apps  app=(Apps)WebContext.getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP);
 		//session中为空或者id不一致重新加载
 		if(app==null||!app.getId().equalsIgnoreCase(id)) {
 			app=appsService.get(id);
-			WebContext.setAttribute(AuthorizeBaseEndpoint.class.getName(), app);
+			WebContext.setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP, app);
 		}
 		if(app	==	null){
 			_logger.error("Applications for id "+id + "  is null");

maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java

@@ -30,7 +30,6 @@ import org.maxkey.authn.SigninPrincipal;
 import org.maxkey.authn.online.OnlineTicket;
 import org.maxkey.authz.cas.endpoint.ticket.CasConstants;
 import org.maxkey.authz.cas.endpoint.ticket.ServiceTicketImpl;
-import org.maxkey.authz.endpoint.AuthorizeBaseEndpoint;
 import org.maxkey.authz.singlelogout.LogoutType;
 import org.maxkey.domain.apps.AppsCasDetails;
 import org.maxkey.web.WebConstants;
@@ -91,7 +90,7 @@ public class CasAuthorizeEndpoint  extends CasBaseAuthorizeEndpoint{
 		        );
 		WebContext.setAttribute(CasConstants.PARAMETER.ENDPOINT_CAS_DETAILS, casDetails);
 		WebContext.setAttribute(WebConstants.SINGLE_SIGN_ON_APP_ID, casDetails.getId());
-		WebContext.setAttribute(AuthorizeBaseEndpoint.class.getName(),casDetails);
+		WebContext.setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP,casDetails);
 		return WebContext.redirect("/authz/cas/granting");
 	}
 	

maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/approval/controller/OAuth20AccessConfirmationController.java

@@ -31,6 +31,7 @@ import org.maxkey.authz.oauth2.provider.approval.ApprovalStore;
 import org.maxkey.domain.apps.Apps;
 import org.maxkey.domain.apps.oauth2.provider.ClientDetails;
 import org.maxkey.persistence.service.AppsService;
+import org.maxkey.web.WebConstants;
 import org.maxkey.web.WebContext;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Qualifier;
@@ -85,11 +86,11 @@ public class OAuth20AccessConfirmationController {
         AuthorizationRequest clientAuth = 
                 (AuthorizationRequest) WebContext.getAttribute("authorizationRequest");
         ClientDetails client = clientDetailsService.loadClientByClientId(clientAuth.getClientId());
-        Apps  app = (Apps)WebContext.getAttribute(AuthorizeBaseEndpoint.class.getName());
+        Apps  app = (Apps)WebContext.getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP);
         //session中为空或者id不一致重新加载
         if (app == null || !app.getId().equalsIgnoreCase(clientAuth.getClientId())) {
             app = appsService.get(clientAuth.getClientId()); 
-            WebContext.setAttribute(AuthorizeBaseEndpoint.class.getName(), app);
+            WebContext.setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP, app);
             WebContext.setAttribute(app.getId(), app.getIcon());
         }
        

maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/AssertionEndpoint.java

@@ -59,7 +59,8 @@ public class AssertionEndpoint {
 	@RequestMapping(value = "/authz/saml20/assertion")
 	public ModelAndView assertion(HttpServletRequest request,HttpServletResponse response) throws Exception {
 		logger.debug("saml20 assertion start.");
-		bindingAdapter = (BindingAdapter) request.getSession().getAttribute("samlv20Adapter");
+		bindingAdapter = (BindingAdapter) request.getSession().getAttribute(
+		        WebConstants.AUTHORIZE_SIGN_ON_APP_SAMLV20_ADAPTER);
 		logger.debug("saml20 assertion get session samlv20Adapter "+bindingAdapter);
 		AppsSAML20Details saml20Details = bindingAdapter.getSaml20Details();
 		logger.debug("saml20Details "+saml20Details.getExtendAttr());

maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/IdpInitEndpoint.java

@@ -21,7 +21,6 @@ import java.security.KeyStore;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-
 import org.maxkey.authz.saml.common.AuthnRequestInfo;
 import org.maxkey.authz.saml20.binding.BindingAdapter;
 import org.maxkey.authz.saml20.binding.ExtractBindingAdapter;
@@ -29,6 +28,7 @@ import org.maxkey.crypto.keystore.KeyStoreLoader;
 import org.maxkey.crypto.keystore.KeyStoreUtil;
 import org.maxkey.domain.apps.AppsSAML20Details;
 import org.maxkey.persistence.service.AppsSaml20DetailsService;
+import org.maxkey.web.WebConstants;
 import org.maxkey.web.WebContext;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -88,7 +88,7 @@ public class IdpInitEndpoint {
 				@PathVariable("appid") String appId)throws Exception {
 		logger.debug("SAML IDP init , app id is "+appId);
 		AppsSAML20Details saml20Details = saml20DetailsService.getAppDetails(appId);
-		
+		WebContext.setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP, saml20Details);
 		if (saml20Details == null) {
 			logger.error("samlId[" + appId + "] Error .");
 			throw new Exception();
@@ -114,7 +114,7 @@ public class IdpInitEndpoint {
 
 		bindingAdapter.setExtractBindingAdapter(extractRedirectBindingAdapter);
 		
-		request.getSession().setAttribute("samlv20Adapter", bindingAdapter);
+		request.getSession().setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP_SAMLV20_ADAPTER, bindingAdapter);
 
 		logger.debug("idp init forwarding to assertion :","/authz/saml20/assertion");
 

maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/provider/endpoint/SingleSignOnEndpoint.java

@@ -21,7 +21,6 @@ import java.security.KeyStore;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-
 import org.maxkey.authz.saml.common.AuthnRequestInfo;
 import org.maxkey.authz.saml20.binding.BindingAdapter;
 import org.maxkey.authz.saml20.binding.ExtractBindingAdapter;
@@ -29,6 +28,7 @@ import org.maxkey.authz.saml20.xml.SAML2ValidatorSuite;
 import org.maxkey.crypto.keystore.KeyStoreUtil;
 import org.maxkey.domain.apps.AppsSAML20Details;
 import org.maxkey.persistence.service.AppsSaml20DetailsService;
+import org.maxkey.web.WebConstants;
 import org.maxkey.web.WebContext;
 import org.opensaml.common.binding.SAMLMessageContext;
 import org.opensaml.saml2.core.AuthnRequest;
@@ -101,14 +101,14 @@ public class SingleSignOnEndpoint {
 
 		extractSAMLMessage(extractBindingAdapter,request);
 		
-		request.getSession().setAttribute("samlv20Adapter", bindingAdapter);
+		request.getSession().setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP_SAMLV20_ADAPTER, bindingAdapter);
 		
 		return WebContext.forward("/authz/saml20/assertion");
 	}
 
 	public void extractSaml20Detail(ExtractBindingAdapter extractBindingAdapter,String samlId) throws Exception{
 		AppsSAML20Details  saml20Details  = saml20DetailsService.getAppDetails(samlId);
-		
+		WebContext.setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP, saml20Details);
 		if (saml20Details == null) {
 			logger.error("Request SAML APPID [" + samlId + "] is not exist .");
 			throw new Exception();

maxkey-web-maxkey/src/main/java/org/maxkey/web/interceptor/HistoryLoginAppAdapter.java

@@ -58,7 +58,7 @@ public class HistoryLoginAppAdapter extends HandlerInterceptorAdapter {
             HttpServletResponse response, Object handler)
             throws Exception {
         _logger.debug("preHandle");
-        final Apps app = (Apps)WebContext.getAttribute(AuthorizeBaseEndpoint.class.getName());
+        final Apps app = (Apps)WebContext.getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP);
         Authentication authentication = WebContext.getAuthentication();
         if(authentication.getPrincipal() instanceof SigninPrincipal) {
             SigninPrincipal signinPrincipal = (SigninPrincipal)authentication.getPrincipal() ;
@@ -83,7 +83,7 @@ public class HistoryLoginAppAdapter extends HandlerInterceptorAdapter {
             Object handler,ModelAndView modelAndView) throws Exception {
         _logger.debug("postHandle");
        
-        final Apps app = (Apps)WebContext.getAttribute(AuthorizeBaseEndpoint.class.getName());
+        final Apps app = (Apps)WebContext.getAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP);
         String sessionId = (String)WebContext.getAttribute(WebConstants.CURRENT_USER_SESSION_ID);
         final UserInfo userInfo = WebContext.getUserInfo();
         _logger.debug("sessionId : " + sessionId + " ,appId : " + app.getId());