SslConfig

maxkey-authentications/src/main/java/org/maxkey/authn/support/basic/BasicEntryPoint.java

@@ -60,6 +60,7 @@ public class BasicEntryPoint extends HandlerInterceptorAdapter {
 		 
 		// session not exists，session timeout，recreate new session
 		 if(request.getSession(false) == null) {
+		    _logger.info("recreate new session .");
 			request.getSession(true);
 		 }
 		 String basicCredential =request.getHeader(AuthorizationHeaderUtils.AUTHORIZATION_HEADERNAME);

maxkey-authentications/src/main/java/org/maxkey/authn/support/httpheader/HttpHeaderEntryPoint.java

@@ -52,6 +52,7 @@ public class HttpHeaderEntryPoint extends HandlerInterceptorAdapter {
 		 
 		// session not exists，session timeout，recreate new session
 		 if(request.getSession(false) == null) {
+		    _logger.info("recreate new session .");
 			request.getSession(true);
 		 }
 		 

maxkey-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java

@@ -123,8 +123,11 @@ public abstract class AbstractAuthenticationProvider {
      */
     protected void sessionValid(String sessionId) {
         if (sessionId == null || !sessionId.equals(WebContext.getSession().getId())) {
-            String message = WebContext.getI18nValue("login.error.session");
             _logger.debug("login session valid error.");
+            _logger.debug("login session sessionId " + sessionId);
+            _logger.debug("login getSession sessionId " + WebContext.getSession().getId());
+            
+            String message = WebContext.getI18nValue("login.error.session");
             throw new BadCredentialsException(message);
         }
     }

maxkey-core/src/main/java/org/maxkey/autoconfigure/MvcAutoConfiguration.java

@@ -149,7 +149,7 @@ public class MvcAutoConfiguration implements InitializingBean {
                 new MappingJackson2HttpMessageConverter();
         ArrayList<MediaType> mediaTypesList = new ArrayList<MediaType>();
         mediaTypesList.add(MediaType.APPLICATION_JSON);
-        mediaTypesList.add(MediaType.TEXT_PLAIN);
+        //mediaTypesList.add(MediaType.TEXT_PLAIN);
         mappingJacksonHttpMessageConverter.setSupportedMediaTypes(mediaTypesList);
         return mappingJacksonHttpMessageConverter;
     }

maxkey-core/src/main/java/org/maxkey/web/WebContext.java

@@ -220,6 +220,7 @@ public final class WebContext {
      * @return HttpSession
      */
     public static HttpSession getSession(boolean create) {
+        System.out.println("new Session created");
         return getRequest().getSession(create);
     }
 

maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyApplication.java

@@ -1,6 +1,7 @@
 package org.maxkey;
 
 import java.util.Date;
+
 import javax.servlet.ServletException;
 import org.apache.ibatis.io.VFS;
 import org.apache.mybatis.jpa.SpringBootVFS;
@@ -43,5 +44,13 @@ public class MaxKeyApplication extends SpringBootServletInitializer {
     protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
         return application.sources(MaxKeyApplication.class);
     }
+    
+    /*@Override
+    public void onStartup(ServletContext servletContext) throws ServletException {
+        super.onStartup(servletContext);
+        servletContext.setSessionTrackingModes(Collections.singleton(SessionTrackingMode.COOKIE));
+        SessionCookieConfig sessionCookieConfig = servletContext.getSessionCookieConfig();
+        sessionCookieConfig.setHttpOnly(true);
+    }*/
 
 }

maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyConfig.java

@@ -2,10 +2,6 @@ package org.maxkey;
 
 import java.util.ArrayList;
 import java.util.List;
-import org.apache.catalina.Context;
-import org.apache.catalina.connector.Connector;
-import org.apache.tomcat.util.descriptor.web.SecurityCollection;
-import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
 import org.maxkey.authn.realm.jdbc.JdbcAuthenticationRealm;
 import org.maxkey.authn.realm.ldap.LdapAuthenticationRealm;
 import org.maxkey.authn.realm.ldap.LdapServer;
@@ -31,7 +27,6 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.beans.factory.annotation.Value;
-import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
@@ -77,35 +72,7 @@ public class MaxKeyConfig  implements InitializingBean {
         registration.setOrder(1);
         return registration;
     }
-
-    @Bean
-    public Connector connector() {
-        Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
-        connector.setScheme("http");
-        connector.setPort(80);
-        connector.setSecure(false);
-        connector.setRedirectPort(443);
-        return connector;
-    }
-
-    @Bean
-    public TomcatServletWebServerFactory tomcatServletWebServerFactory(Connector connector) {
-        TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
-            @Override
-            protected void postProcessContext(Context context) {
-                SecurityConstraint securityConstraint = new SecurityConstraint();
-                securityConstraint.setUserConstraint("CONFIDENTIAL");
-                SecurityCollection collection = new SecurityCollection();
-                collection.addPattern("/*");
-                securityConstraint.addCollection(collection);
-                context.addConstraint(securityConstraint);
-            }
-        };
-        tomcat.addAdditionalTomcatConnectors(connector);
-        return tomcat;
-    }
    
-    
     @Bean(name = "keyUriFormat")
     public KeyUriFormat keyUriFormat(
             @Value("${config.otp.keyuri.format.type:totp}")

maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeySslConfig.java

@@ -0,0 +1,60 @@
+package org.maxkey;
+
+import org.apache.catalina.Context;
+import org.apache.catalina.connector.Connector;
+import org.apache.tomcat.util.descriptor.web.SecurityCollection;
+import org.apache.tomcat.util.descriptor.web.SecurityConstraint;
+import org.maxkey.constants.ConstantsProperties;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.InitializingBean;
+import org.springframework.boot.web.embedded.tomcat.TomcatServletWebServerFactory;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.PropertySource;
+
+
+@Configuration
+//@ImportResource(locations = { "classpath:spring/maxkey.xml" })
+@PropertySource(ConstantsProperties.applicationPropertySource)
+@PropertySource(ConstantsProperties.maxKeyPropertySource)
+public class MaxKeySslConfig  implements InitializingBean {
+    private static final  Logger _logger = LoggerFactory.getLogger(MaxKeySslConfig.class);
+
+    @Bean
+    public Connector connector() {
+        Connector connector = new Connector("org.apache.coyote.http11.Http11NioProtocol");
+        connector.setScheme("http");
+        connector.setPort(80);
+        connector.setSecure(true);
+        //connector.setRedirectPort(443);
+        _logger.debug("Ssl Support .");
+        return connector;
+    }
+
+    @Bean
+    public TomcatServletWebServerFactory tomcatServletWebServerFactory(Connector connector) {
+        TomcatServletWebServerFactory tomcat = new TomcatServletWebServerFactory() {
+            @Override
+            protected void postProcessContext(Context context) {
+                SecurityConstraint securityConstraint = new SecurityConstraint();
+                securityConstraint.setUserConstraint("CONFIDENTIAL");
+                SecurityCollection collection = new SecurityCollection();
+                collection.addPattern("/*");
+                securityConstraint.addCollection(collection);
+                context.addConstraint(securityConstraint);
+            }
+        };
+        tomcat.addAdditionalTomcatConnectors(connector);
+        return tomcat;
+    }
+
+
+    @Override
+    public void afterPropertiesSet() throws Exception {
+        
+    }
+
+
+    
+}

maxkey-web-maxkey/src/main/resources/maxkey.properties

@@ -5,7 +5,7 @@
 config.server.domain=maxkey.top
 config.server.domain.sub=sso.${config.server.domain}
 config.server.name=http://${config.server.domain.sub}
-config.server.prefix.uri=${config.server.name}/maxkey
+config.server.prefix.uri=${config.server.name}:80/maxkey
 #default.uri
 config.server.default.uri=${config.server.prefix.uri}/maxkey/appList
 config.server.management.uri=${config.server.name}:9521/maxkey-mgt/login