v2.0.0GA

v2.0.0GA

README.md

@@ -1,6 +1,6 @@
 # <img src="http://www.maxkey.top/images/logo.jpg" width="45px">MaxKey
 
-<b>MaxKey(马克思的钥匙)</b>用户单点登录认证系统(Sigle Sign On System)，寓意是最大钥匙,是<b>业界领先的企业级IAM身份管理和身份认证产品</b>,支持OAuth 2.0/OpenID Connect、SAML 2.0、JWT、CAS等标准化的开放协议，提供<b>简单、标准、安全和开放</b>的用户身份管理(IDM)、身份认证(AM)、单点登录(SSO)、资源管理和权限管理等。
+<b>MaxKey(马克思的钥匙)</b>用户单点登录认证系统(Sigle Sign On System)，寓意是最大钥匙,是<b>业界领先的企业级IAM身份管理和身份认证产品</b>,支持OAuth 2.0/OpenID Connect、SAML 2.0、JWT、CAS等标准化的开放协议，提供<b>简单、标准、安全和开放</b>的用户身份管理(IDM)、身份认证(AM)、单点登录(SSO)、RBAC权限管理和资源管理等。
 
 MaxKey  <a href="https://www.maxkey.top" target="_blank"><b>官方文档</b></a> | <a href="https://github.com/shimingxy/MaxKey" target="_blank"><b>GitHub</b></a> | <a href="https://gitee.com/shimingxy/MaxKey" target="_blank"><b>码云(Gitee)</b></a>
   
@@ -95,3 +95,9 @@ QQ交流群：<b>434469201</b> | 邮箱EMAIL: <b>shimingxy@163.com</b>
 SCIM 2 Support-System for Cross-domain Identity Management
 
 Apache Kafka Support 
+
+企业微信支持
+
+钉钉支持
+
+动态用户组实现(基于用户属性或机构)

ReleaseNotes.txt

@@ -19,7 +19,9 @@
 	*(MAXKEY-200618) 修复更新应用时状态问题
 	*(MAXKEY-200619) REST API 机构和用户接口实现
 	*(MAXKEY-200620) 代码优化及命名调整
-	*(MAXKEY-200621) 依赖jar升级,消除非必要依赖
+	*(MAXKEY-200621) CAS协议增强
+	*(MAXKEY-200622) 机构变更时JSON序列化错误修复
+	*(MAXKEY-200623) 依赖jar升级,消除非必要依赖
 	                spring 5.2.7.RELEASE
 					springBoot 2.3.1.RELEASE
 					springSecurity 5.3.2.RELEASE
@@ -29,6 +31,9 @@
 					tomcat-embed 9.0.35
 					mybatis 3.5.5
 					mybatis-jpa-extra 2.1
+					tomcat-embed 9.0.36
+					simple-http 1.0.2
+					JustAuth  1.15.6
 	
 MaxKey v 1.4.0 GA	2020/05/01  
 	*(MAXKEY-200501) 登录错误修复

build.gradle

@@ -188,6 +188,7 @@ subprojects {
          //compile group: 'org.springframework', name: 'spring-websocket', version: "${springVersion}"
 		 testCompile group: 'org.springframework', name: 'spring-test', version: "${springVersion}"
 		 
+		 //kafka support
 		 // https://mvnrepository.com/artifact/org.apache.kafka/kafka-clients
 		 compile group: 'org.apache.kafka', name: 'kafka-clients', version: '2.5.0'
 		 // https://mvnrepository.com/artifact/org.springframework.kafka/spring-kafka
@@ -195,7 +196,6 @@ subprojects {
 		 // https://mvnrepository.com/artifact/org.springframework.retry/spring-retry
 		 compile group: 'org.springframework.retry', name: 'spring-retry', version: '1.3.0'
 		 
-		 
          //spring-security
          compile group: 'org.springframework.security', name: 'spring-security-core', version: "${springSecurityVersion}"
          compile group: 'org.springframework.security', name: 'spring-security-web', version: "${springSecurityVersion}"
@@ -220,8 +220,8 @@ subprojects {
          compile group: 'net.minidev', name: 'json-smart', version: '2.3'
          compile group: 'net.minidev', name: 'asm', version: '1.0.2'
          //oauth third party JustAuth
-         compile group: 'com.xkcoding.http', name: 'simple-http', version: '1.0'
-         compile group: 'me.zhyd.oauth', name: 'JustAuth', version: '1.15.1'
+         compile group: 'com.xkcoding.http', name: 'simple-http', version: '1.0.2'
+         compile group: 'me.zhyd.oauth', name: 'JustAuth', version: '1.15.6'
          //common
          compile group: 'org.javassist', name: 'javassist', version: '3.23.0-GA'
          compile group: 'org.owasp.esapi', name: 'esapi', version: '2.2.0.0'
@@ -300,7 +300,7 @@ subprojects {
     	 compile group: 'com.tencentcloudapi', name: 'tencentcloud-sdk-java', version: '3.1.33'
     	 
     	 //tomcat embed
-    	 compile group: 'org.apache.tomcat.embed', name: 'tomcat-embed-core', version: '9.0.35'
+    	 compile group: 'org.apache.tomcat.embed', name: 'tomcat-embed-core', version: '9.0.36'
     	 compile group: 'org.apache.tomcat.embed', name: 'tomcat-embed-logging-juli', version: '8.5.2'
     }
     

maxkey-connectors/maxkey-connector-activedirectory/src/main/java/org/maxkey/connector/activedirectory/Organization2Activedirectory.java

@@ -31,7 +31,7 @@ public class Organization2Activedirectory  extends OrganizationConnector{
 			SearchControls constraints = new SearchControls();
 			constraints.setSearchScope(ldapUtils.getSearchScope());
 			NamingEnumeration<SearchResult> results = ldapUtils.getConnection()
-					.search(ldapUtils.getBaseDN(), "(&(objectClass=organizationalUnit)(description="+organization.getpId()+"))", constraints);
+					.search(ldapUtils.getBaseDN(), "(&(objectClass=organizationalUnit)(description="+organization.getParentId()+"))", constraints);
 			String rdn="";
 			if (results == null || !results.hasMore()) {
 				rdn=ldapUtils.getBaseDN();

maxkey-connectors/maxkey-connector-ldap/src/main/java/org/maxkey/connector/ldap/Organization2Ldap.java

@@ -31,7 +31,7 @@ public class Organization2Ldap  extends OrganizationConnector{
 			SearchControls constraints = new SearchControls();
 			constraints.setSearchScope(ldapUtils.getSearchScope());
 			NamingEnumeration<SearchResult> results = ldapUtils.getConnection()
-					.search(ldapUtils.getBaseDN(), "(&(objectClass=organizationalUnit)(description="+organization.getpId()+"))", constraints);
+					.search(ldapUtils.getBaseDN(), "(&(objectClass=organizationalUnit)(description="+organization.getParentId()+"))", constraints);
 			String rdn="";
 			if (results == null || !results.hasMore()) {
 				rdn=ldapUtils.getBaseDN();

maxkey-core/src/main/java/org/maxkey/constants/ContentType.java

@@ -0,0 +1,33 @@
+package org.maxkey.constants;
+
+public class ContentType {
+
+    public static final String TEXT_PLAIN = "text/plain";
+    
+    public static final String TEXT_PLAIN_UTF8 = "text/plain;charset=UTF-8";
+    
+    public static final String TEXT_XML = "text/xml";
+    
+    public static final String TEXT_XML_UTF8 = "text/xml;charset=UTF-8";
+    
+    public static final String APPLICATION_JSON = "application/json";
+    
+    public static final String APPLICATION_JSON_UTF8 = "application/json;charset=UTF-8";
+    
+    public static final String APPLICATION_JWT = "application/jwt";
+    
+    public static final String APPLICATION_JWT_UTF8 = "application/jwt;charset=UTF-8";
+    
+    public static final String APPLICATION_XML = "application/xml";
+    
+    public static final String APPLICATION_XML_UTF8 = "application/xml;charset=UTF-8";
+    
+    public static final String IMAGE_GIF = "image/gif";
+    
+    public static final String IMAGE_JPEG = "image/jpeg";
+
+    public static final String IMAGE_PNG = "image/png";
+    
+    
+    
+}

maxkey-core/src/main/java/org/maxkey/domain/Organizations.java

@@ -1,18 +1,18 @@
 package org.maxkey.domain;
 
 import java.io.Serializable;
-
 import javax.persistence.Column;
 import javax.persistence.GeneratedValue;
 import javax.persistence.GenerationType;
 import javax.persistence.Id;
 import javax.persistence.Table;
-
 import org.apache.mybatis.jpa.persistence.JpaBaseDomain;
 
 @Table(name = "ORGANIZATIONS")
 public class Organizations extends JpaBaseDomain implements Serializable {
 
+    private static final long serialVersionUID = 5085413816404119803L;
+    
     @Id
     @Column
     @GeneratedValue(strategy = GenerationType.AUTO, generator = "uuid")
@@ -24,15 +24,15 @@ public class Organizations extends JpaBaseDomain implements Serializable {
     @Column
     private String fullName;
     @Column
-    private String pId;
+    private String parentId;
     @Column
-    private String pName;
+    private String parentName;
     @Column
     private String type;
     @Column
-    private String xPath;
+    private String codePath;
     @Column
-    private String xNamePath;
+    private String namePath;
     @Column
     private String level;
     @Column
@@ -60,15 +60,10 @@ public class Organizations extends JpaBaseDomain implements Serializable {
     @Column
     private String email;
     @Column
-    private String sortOrder;
+    private String sortIndex;
     @Column
     private String description;
 
-    /**
-     * 
-     */
-    private static final long serialVersionUID = 5085413816404119803L;
-
     public Organizations() {
         // TODO Auto-generated constructor stub
     }
@@ -105,20 +100,22 @@ public class Organizations extends JpaBaseDomain implements Serializable {
         this.fullName = fullName;
     }
 
-    public String getpId() {
-        return pId;
+
+
+    public String getParentId() {
+        return parentId;
     }
 
-    public void setpId(String pId) {
-        this.pId = pId;
+    public void setParentId(String parentId) {
+        this.parentId = parentId;
     }
 
-    public String getpName() {
-        return pName;
+    public String getParentName() {
+        return parentName;
     }
 
-    public void setpName(String pName) {
-        this.pName = pName;
+    public void setParentName(String parentName) {
+        this.parentName = parentName;
     }
 
     public String getType() {
@@ -129,22 +126,6 @@ public class Organizations extends JpaBaseDomain implements Serializable {
         this.type = type;
     }
 
-    public String getxPath() {
-        return xPath;
-    }
-
-    public void setxPath(String xPath) {
-        this.xPath = xPath;
-    }
-
-    public String getxNamePath() {
-        return xNamePath;
-    }
-
-    public void setxNamePath(String xNamePath) {
-        this.xNamePath = xNamePath;
-    }
-
     public String getLevel() {
         return level;
     }
@@ -265,14 +246,41 @@ public class Organizations extends JpaBaseDomain implements Serializable {
         this.description = description;
     }
 
+    public String getCodePath() {
+        return codePath;
+    }
+
+    public void setCodePath(String codePath) {
+        this.codePath = codePath;
+    }
+
+    public String getNamePath() {
+        return namePath;
+    }
+
+    public void setNamePath(String namePath) {
+        this.namePath = namePath;
+    }
+
+    public String getSortIndex() {
+        return sortIndex;
+    }
+
+    public void setSortIndex(String sortIndex) {
+        this.sortIndex = sortIndex;
+    }
+
     @Override
     public String toString() {
-        return "Organizations [id=" + id + ", code=" + code + ", name=" + name + ", fullName=" + fullName + ", pId="
-                + pId + ", pName=" + pName + ", type=" + type + ", xPath=" + xPath + ", xNamePath=" + xNamePath
-                + ", level=" + level + ", hasChild=" + hasChild + ", division=" + division + ", country=" + country
-                + ", region=" + region + ", locality=" + locality + ", street=" + street + ", address=" + address
-                + ", contact=" + contact + ", postalCode=" + postalCode + ", phone=" + phone + ", fax=" + fax
-                + ", email=" + email + ", sortOrder=" + sortOrder + ", description=" + description + "]";
+        return "Organizations [id=" + id + ", code=" + code + ", name=" + name + ", fullName=" + fullName
+                + ", parentId=" + parentId + ", parentName=" + parentName + ", type=" + type + ", codePath=" + codePath
+                + ", namePath=" + namePath + ", level=" + level + ", hasChild=" + hasChild + ", division=" + division
+                + ", country=" + country + ", region=" + region + ", locality=" + locality + ", street=" + street
+                + ", address=" + address + ", contact=" + contact + ", postalCode=" + postalCode + ", phone=" + phone
+                + ", fax=" + fax + ", email=" + email + ", sortIndex=" + sortIndex + ", description=" + description
+                + "]";
     }
 
+
+
 }

maxkey-core/src/main/java/org/maxkey/domain/apps/Apps.java

@@ -14,610 +14,479 @@ import org.maxkey.constants.Boolean;
 import org.maxkey.domain.Accounts;
 import org.springframework.web.multipart.MultipartFile;
 
-@Table(name = "APPS")  
-public class Apps extends JpaBaseDomain implements Serializable{
-	
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -6264641546959620712L;
-	
-	public static  final class CREDENTIALS{
-		public static final int USER_DEFINED=3;
-		public static final int SHARED=2;
-		public static final int SYSTEM=1;
-		public static final int NONE=0;
-	}
-	
-	public static final class VISIBLE{
-		public static final int HIDDEN=0;
-		public static final int ALL=1;
-		public static final int INTERNET=2;
-		public static final int INTRANET=3;
-	}
-	
-	@Id
-	@Column
-	@GeneratedValue(strategy=GenerationType.AUTO,generator="uuid")
-	protected String id;
-	/**
-	 * 
-	 */
-	@Column
-	private String name;
-	/*
-	 * Login url
-	 */
-	@Column
-	private String loginUrl;
-	@Column
-	private String category;
-	@Column
-	private String protocol;
-	@Column
-	private String secret;
-	/*
-	 * icon and icon upload field iconField
-	 */
-	@Column
-	private byte[] icon;
-	private MultipartFile iconFile;
-	@Column
-	private int visible;
-	/*
-	 * vendor
-	 */
-	@Column
-	private String vendor;
-	@Column
-	private String vendorUrl;
-
-	/*
-	 * CREDENTIAL VALUES
-	 * 		USER-DEFINED
-	 * 		SYSTEM
-	 *		SHARED
-	 *		NONE  
-	 */
-	@Column
-	private int credential;
-	@Column
-	private String sharedUsername;
-	@Column
-	private String sharedPassword;
-	@Column
-	private String systemUserAttr;
-	
-	//获取第三方token凭证
-	@Column
-	private String principal;
-	@Column
-	private String credentials;
-	
-	/*
-	 * extendAttr
-	 */
-	private int isExtendAttr;
-	private String extendAttr;
-	
-	/**
-	 * Signature
-	 * for client verify
-	 * create by SignaturePublicKey &  SignaturePrivateKey
-	 * issuer is domain name
-	 * subject is app id append domain name
-	 */
-	@Column
-	private int isSignature;
-	@Column
-	private int isAdapter;
-	@Column
-	private String adapter;
-
-	protected Accounts appUser;
-	@Column
-	protected int sortIndex;
-	
-	@Column
-	protected int status;
-	@Column
-	protected String createdBy;
-	@Column
-	protected String createdDate;
-	@Column
-	protected String modifiedBy;
-	@Column
-	protected String modifiedDate;
-	@Column
-	protected String description;
-	
-	public Apps() {
-		super();
-		isSignature=Boolean.FALSE;
-		credential=CREDENTIALS.NONE;
-	}
-
-	/**
-	 * @return the name
-	 */
-	public String getName() {
-		return name;
-	}
-
-
-
-
-
-	/**
-	 * @param name the name to set
-	 */
-	public void setName(String name) {
-		this.name = name;
-	}
-
-
-
-
-
-	public String getId() {
-		return id;
-	}
-
-	public void setId(String id) {
-		this.id = id;
-	}
-
-	/**
-	 * @return the loginUrl
-	 */
-	public String getLoginUrl() {
-		return loginUrl;
-	}
-
-
-
-
-
-	/**
-	 * @param loginUrl the loginUrl to set
-	 */
-	public void setLoginUrl(String loginUrl) {
-		this.loginUrl = loginUrl;
-	}
-
-
-
-
-
-	/**
-	 * @return the category
-	 */
-	public String getCategory() {
-		return category;
-	}
-
-
-
-
-
-	/**
-	 * @param category the category to set
-	 */
-	public void setCategory(String category) {
-		this.category = category;
-	}
-
-
-
-
-
-	/**
-	 * @return the protocol
-	 */
-	public String getProtocol() {
-		return protocol;
-	}
-
-
-
-
-
-	/**
-	 * @param protocol the protocol to set
-	 */
-	public void setProtocol(String protocol) {
-		this.protocol = protocol;
-	}
-
-
-
-
-
-	/**
-	 * @return the secret
-	 */
-	public String getSecret() {
-		return secret;
-	}
-
-
-
-
-
-	/**
-	 * @param secret the secret to set
-	 */
-	public void setSecret(String secret) {
-		this.secret = secret;
-	}
-
-
-
-
-
-	/**
-	 * @return the icon
-	 */
-	public byte[] getIcon() {
-		return icon;
-	}
-
-
-	public int getSortIndex() {
-		return sortIndex;
-	}
-
-	public void setSortIndex(int sortIndex) {
-		this.sortIndex = sortIndex;
-	}
-
-	/**
-	 * @param icon the icon to set
-	 */
-	public void setIcon(byte[] icon) {
-		this.icon = icon;
-	}
-
-
-
-
-
-	/**
-	 * @return the iconFile
-	 */
-	public MultipartFile getIconFile() {
-		return iconFile;
-	}
-
-
-
-
-
-	/**
-	 * @return the description
-	 */
-	public String getDescription() {
-		return description;
-	}
-
-	/**
-	 * @param description the description to set
-	 */
-	public void setDescription(String description) {
-		this.description = description;
-	}
-
-	/**
-	 * @param iconFile the iconFile to set
-	 */
-	public void setIconFile(MultipartFile iconFile) {
-		this.iconFile = iconFile;
-	}
-
-
-
-
-
-	/**
-	 * @return the vendor
-	 */
-	public String getVendor() {
-		return vendor;
-	}
-
-
-
-
-
-	/**
-	 * @param vendor the vendor to set
-	 */
-	public void setVendor(String vendor) {
-		this.vendor = vendor;
-	}
-
-
-
-
-
-	/**
-	 * @return the vendorUrl
-	 */
-	public String getVendorUrl() {
-		return vendorUrl;
-	}
-
-
-
-
-
-	/**
-	 * @param vendorUrl the vendorUrl to set
-	 */
-	public void setVendorUrl(String vendorUrl) {
-		this.vendorUrl = vendorUrl;
-	}
-
-
-
-
-
-	/**
-	 * @return the credential
-	 */
-	public int getCredential() {
-		return credential;
-	}
-
-
-
-
-
-	/**
-	 * @param credential the credential to set
-	 */
-	public void setCredential(int credential) {
-		this.credential = credential;
-	}
-
-
-
-
-
-	/**
-	 * @return the sharedUsername
-	 */
-	public String getSharedUsername() {
-		return sharedUsername;
-	}
-
-
-
-
-
-	/**
-	 * @param sharedUsername the sharedUsername to set
-	 */
-	public void setSharedUsername(String sharedUsername) {
-		this.sharedUsername = sharedUsername;
-	}
-
-
-
-
-
-	/**
-	 * @return the sharedPassword
-	 */
-	public String getSharedPassword() {
-		return sharedPassword;
-	}
-
-
-
-
-
-	/**
-	 * @param sharedPassword the sharedPassword to set
-	 */
-	public void setSharedPassword(String sharedPassword) {
-		this.sharedPassword = sharedPassword;
-	}
-
-
-
-
-
-	/**
-	 * @return the systemUserAttr
-	 */
-	public String getSystemUserAttr() {
-		return systemUserAttr;
-	}
-
-
-
-
-
-	/**
-	 * @param systemUserAttr the systemUserAttr to set
-	 */
-	public void setSystemUserAttr(String systemUserAttr) {
-		this.systemUserAttr = systemUserAttr;
-	}
-
-
-
-
-
-	/**
-	 * @return the isExtendAttr
-	 */
-	public int getIsExtendAttr() {
-		return isExtendAttr;
-	}
-
-
-
-
-
-	/**
-	 * @param isExtendAttr the isExtendAttr to set
-	 */
-	public void setIsExtendAttr(int isExtendAttr) {
-		this.isExtendAttr = isExtendAttr;
-	}
-
-
-
-
-
-	/**
-	 * @return the extendAttr
-	 */
-	public String getExtendAttr() {
-		return extendAttr;
-	}
-
-
-
-
-
-	/**
-	 * @param extendAttr the extendAttr to set
-	 */
-	public void setExtendAttr(String extendAttr) {
-		this.extendAttr = extendAttr;
-	}
-
-	public int getVisible() {
-		return visible;
-	}
-	
-	public void setVisible(int visible) {
-		this.visible = visible;
-	}
-
-
-	public int getIsSignature() {
-		return isSignature;
-	}
-
-	public void setIsSignature(int isSignature) {
-		this.isSignature = isSignature;
-	}
-
-	/**
-	 * @return the isAdapter
-	 */
-	public int getIsAdapter() {
-		return isAdapter;
-	}
-
-
-	/**
-	 * @param isAdapter the isAdapter to set
-	 */
-	public void setIsAdapter(int isAdapter) {
-		this.isAdapter = isAdapter;
-	}
-
-
-	/**
-	 * @return the adapter
-	 */
-	public String getAdapter() {
-		return adapter;
-	}
-
-
-	/**
-	 * @param adapter the adapter to set
-	 */
-	public void setAdapter(String adapter) {
-		this.adapter = adapter;
-	}
-
-
-	public Accounts getAppUser() {
-		return appUser;
-	}
-
-
-	public void setAppUser(Accounts appUser) {
-		this.appUser = appUser;
-	}
-
-
-	public String getPrincipal() {
-		return principal;
-	}
-
-	public void setPrincipal(String principal) {
-		this.principal = principal;
-	}
-
-	public String getCredentials() {
-		return credentials;
-	}
-
-	public void setCredentials(String credentials) {
-		this.credentials = credentials;
-	}
-
-	public String getCreatedBy() {
-		return createdBy;
-	}
-
-	public void setCreatedBy(String createdBy) {
-		this.createdBy = createdBy;
-	}
-
-	public String getCreatedDate() {
-		return createdDate;
-	}
-
-	public void setCreatedDate(String createdDate) {
-		this.createdDate = createdDate;
-	}
-
-	public String getModifiedBy() {
-		return modifiedBy;
-	}
-
-	public void setModifiedBy(String modifiedBy) {
-		this.modifiedBy = modifiedBy;
-	}
-
-	public String getModifiedDate() {
-		return modifiedDate;
-	}
-
-	public void setModifiedDate(String modifiedDate) {
-		this.modifiedDate = modifiedDate;
-	}
-
-	public int getStatus() {
-		return status;
-	}
-
-	public void setStatus(int status) {
-		this.status = status;
-	}
-
-	@Override
-	public String toString() {
-		return "Applications [name=" + name + ", loginUrl=" + loginUrl
-				+ ", category=" + category + ", protocol=" + protocol
-				+ ", secret=" + secret + ", icon=" + Arrays.toString(icon)
-				+ ", iconFile=" + iconFile + ", visible=" + visible
-				+ ", vendor=" + vendor + ", vendorUrl=" + vendorUrl
-				+ ", credential=" + credential + ", sharedUsername="
-				+ sharedUsername + ", sharedPassword=" + sharedPassword
-				+ ", systemUserAttr=" + systemUserAttr + ", isExtendAttr="
-				+ isExtendAttr + ", extendAttr=" + extendAttr 
-				+ ", isSignature=" + isSignature
-				+ "]";
-	}
+@Table(name = "APPS")
+public class Apps extends JpaBaseDomain implements Serializable {
+
+    /**
+     * 
+     */
+    private static final long serialVersionUID = -6264641546959620712L;
+
+    public static final class CREDENTIALS {
+        public static final int USER_DEFINED = 3;
+        public static final int SHARED = 2;
+        public static final int SYSTEM = 1;
+        public static final int NONE = 0;
+    }
+
+    public static final class VISIBLE {
+        public static final int HIDDEN = 0;
+        public static final int ALL = 1;
+        public static final int INTERNET = 2;
+        public static final int INTRANET = 3;
+    }
+
+    @Id
+    @Column
+    @GeneratedValue(strategy = GenerationType.AUTO, generator = "uuid")
+    protected String id;
+    /**
+     * 
+     */
+    @Column
+    private String name;
+    /*
+     * Login url
+     */
+    @Column
+    private String loginUrl;
+    @Column
+    private String category;
+    @Column
+    private String protocol;
+    @Column
+    private String secret;
+    /*
+     * icon and icon upload field iconField
+     */
+    @Column
+    private byte[] icon;
+    private MultipartFile iconFile;
+    @Column
+    private int visible;
+    /*
+     * vendor
+     */
+    @Column
+    private String vendor;
+    @Column
+    private String vendorUrl;
+
+    /*
+     * CREDENTIAL VALUES USER-DEFINED SYSTEM SHARED NONE
+     */
+    @Column
+    private int credential;
+    @Column
+    private String sharedUsername;
+    @Column
+    private String sharedPassword;
+    @Column
+    private String systemUserAttr;
+
+    // 获取第三方token凭证
+    @Column
+    private String principal;
+    @Column
+    private String credentials;
+
+    /*
+     * extendAttr
+     */
+    private int isExtendAttr;
+    private String extendAttr;
+
+    /**
+     * Signature for client verify create by SignaturePublicKey &
+     * SignaturePrivateKey issuer is domain name subject is app id append domain
+     * name
+     */
+    @Column
+    private int isSignature;
+    @Column
+    private int isAdapter;
+    @Column
+    private String adapter;
+
+    protected Accounts appUser;
+    @Column
+    protected int sortIndex;
+
+    @Column
+    protected int status;
+    @Column
+    protected String createdBy;
+    @Column
+    protected String createdDate;
+    @Column
+    protected String modifiedBy;
+    @Column
+    protected String modifiedDate;
+    @Column
+    protected String description;
+
+    public Apps() {
+        super();
+        isSignature = Boolean.FALSE;
+        credential = CREDENTIALS.NONE;
+    }
+
+    /**
+     * @return the name
+     */
+    public String getName() {
+        return name;
+    }
+
+    /**
+     * @param name the name to set
+     */
+    public void setName(String name) {
+        this.name = name;
+    }
+
+    public String getId() {
+        return id;
+    }
+
+    public void setId(String id) {
+        this.id = id;
+    }
+
+    /**
+     * @return the loginUrl
+     */
+    public String getLoginUrl() {
+        return loginUrl;
+    }
+
+    /**
+     * @param loginUrl the loginUrl to set
+     */
+    public void setLoginUrl(String loginUrl) {
+        this.loginUrl = loginUrl;
+    }
+
+    /**
+     * @return the category
+     */
+    public String getCategory() {
+        return category;
+    }
+
+    /**
+     * @param category the category to set
+     */
+    public void setCategory(String category) {
+        this.category = category;
+    }
+
+    /**
+     * @return the protocol
+     */
+    public String getProtocol() {
+        return protocol;
+    }
+
+    /**
+     * @param protocol the protocol to set
+     */
+    public void setProtocol(String protocol) {
+        this.protocol = protocol;
+    }
+
+    /**
+     * @return the secret
+     */
+    public String getSecret() {
+        return secret;
+    }
+
+    /**
+     * @param secret the secret to set
+     */
+    public void setSecret(String secret) {
+        this.secret = secret;
+    }
+
+    /**
+     * @return the icon
+     */
+    public byte[] getIcon() {
+        return icon;
+    }
+
+    public int getSortIndex() {
+        return sortIndex;
+    }
+
+    public void setSortIndex(int sortIndex) {
+        this.sortIndex = sortIndex;
+    }
+
+    /**
+     * @param icon the icon to set
+     */
+    public void setIcon(byte[] icon) {
+        this.icon = icon;
+    }
+
+    /**
+     * @return the iconFile
+     */
+    public MultipartFile getIconFile() {
+        return iconFile;
+    }
+
+    /**
+     * @return the description
+     */
+    public String getDescription() {
+        return description;
+    }
+
+    /**
+     * @param description the description to set
+     */
+    public void setDescription(String description) {
+        this.description = description;
+    }
+
+    /**
+     * @param iconFile the iconFile to set
+     */
+    public void setIconFile(MultipartFile iconFile) {
+        this.iconFile = iconFile;
+    }
+
+    /**
+     * @return the vendor
+     */
+    public String getVendor() {
+        return vendor;
+    }
+
+    /**
+     * @param vendor the vendor to set
+     */
+    public void setVendor(String vendor) {
+        this.vendor = vendor;
+    }
+
+    /**
+     * @return the vendorUrl
+     */
+    public String getVendorUrl() {
+        return vendorUrl;
+    }
+
+    /**
+     * @param vendorUrl the vendorUrl to set
+     */
+    public void setVendorUrl(String vendorUrl) {
+        this.vendorUrl = vendorUrl;
+    }
+
+    /**
+     * @return the credential
+     */
+    public int getCredential() {
+        return credential;
+    }
+
+    /**
+     * @param credential the credential to set
+     */
+    public void setCredential(int credential) {
+        this.credential = credential;
+    }
+
+    /**
+     * @return the sharedUsername
+     */
+    public String getSharedUsername() {
+        return sharedUsername;
+    }
+
+    /**
+     * @param sharedUsername the sharedUsername to set
+     */
+    public void setSharedUsername(String sharedUsername) {
+        this.sharedUsername = sharedUsername;
+    }
+
+    /**
+     * @return the sharedPassword
+     */
+    public String getSharedPassword() {
+        return sharedPassword;
+    }
+
+    /**
+     * @param sharedPassword the sharedPassword to set
+     */
+    public void setSharedPassword(String sharedPassword) {
+        this.sharedPassword = sharedPassword;
+    }
+
+    /**
+     * @return the systemUserAttr
+     */
+    public String getSystemUserAttr() {
+        return systemUserAttr;
+    }
+
+    /**
+     * @param systemUserAttr the systemUserAttr to set
+     */
+    public void setSystemUserAttr(String systemUserAttr) {
+        this.systemUserAttr = systemUserAttr;
+    }
+
+    /**
+     * @return the isExtendAttr
+     */
+    public int getIsExtendAttr() {
+        return isExtendAttr;
+    }
+
+    /**
+     * @param isExtendAttr the isExtendAttr to set
+     */
+    public void setIsExtendAttr(int isExtendAttr) {
+        this.isExtendAttr = isExtendAttr;
+    }
+
+    /**
+     * @return the extendAttr
+     */
+    public String getExtendAttr() {
+        return extendAttr;
+    }
+
+    /**
+     * @param extendAttr the extendAttr to set
+     */
+    public void setExtendAttr(String extendAttr) {
+        this.extendAttr = extendAttr;
+    }
+
+    public int getVisible() {
+        return visible;
+    }
+
+    public void setVisible(int visible) {
+        this.visible = visible;
+    }
+
+    public int getIsSignature() {
+        return isSignature;
+    }
+
+    public void setIsSignature(int isSignature) {
+        this.isSignature = isSignature;
+    }
+
+    /**
+     * @return the isAdapter
+     */
+    public int getIsAdapter() {
+        return isAdapter;
+    }
+
+    /**
+     * @param isAdapter the isAdapter to set
+     */
+    public void setIsAdapter(int isAdapter) {
+        this.isAdapter = isAdapter;
+    }
+
+    /**
+     * @return the adapter
+     */
+    public String getAdapter() {
+        return adapter;
+    }
+
+    /**
+     * @param adapter the adapter to set
+     */
+    public void setAdapter(String adapter) {
+        this.adapter = adapter;
+    }
+
+    public Accounts getAppUser() {
+        return appUser;
+    }
+
+    public void setAppUser(Accounts appUser) {
+        this.appUser = appUser;
+    }
+
+    public String getPrincipal() {
+        return principal;
+    }
+
+    public void setPrincipal(String principal) {
+        this.principal = principal;
+    }
+
+    public String getCredentials() {
+        return credentials;
+    }
+
+    public void setCredentials(String credentials) {
+        this.credentials = credentials;
+    }
+
+    public String getCreatedBy() {
+        return createdBy;
+    }
+
+    public void setCreatedBy(String createdBy) {
+        this.createdBy = createdBy;
+    }
+
+    public String getCreatedDate() {
+        return createdDate;
+    }
+
+    public void setCreatedDate(String createdDate) {
+        this.createdDate = createdDate;
+    }
+
+    public String getModifiedBy() {
+        return modifiedBy;
+    }
+
+    public void setModifiedBy(String modifiedBy) {
+        this.modifiedBy = modifiedBy;
+    }
+
+    public String getModifiedDate() {
+        return modifiedDate;
+    }
+
+    public void setModifiedDate(String modifiedDate) {
+        this.modifiedDate = modifiedDate;
+    }
+
+    public int getStatus() {
+        return status;
+    }
+
+    public void setStatus(int status) {
+        this.status = status;
+    }
+
+    @Override
+    public String toString() {
+        return "Applications [name=" + name + ", loginUrl=" + loginUrl + ", category=" + category + ", protocol="
+                + protocol + ", secret=" + secret + ", icon=" + Arrays.toString(icon) + ", iconFile=" + iconFile
+                + ", visible=" + visible + ", vendor=" + vendor + ", vendorUrl=" + vendorUrl + ", credential="
+                + credential + ", sharedUsername=" + sharedUsername + ", sharedPassword=" + sharedPassword
+                + ", systemUserAttr=" + systemUserAttr + ", isExtendAttr=" + isExtendAttr + ", extendAttr=" + extendAttr
+                + ", isSignature=" + isSignature + "]";
+    }
 
 }

maxkey-core/src/main/java/org/maxkey/domain/apps/AppsCasDetails.java

@@ -6,55 +6,45 @@ import javax.persistence.GenerationType;
 import javax.persistence.Id;
 import javax.persistence.Table;
 
-@Table(name = "APPS_CAS_DETAILS")  
+@Table(name = "APPS_CAS_DETAILS")
 public class AppsCasDetails extends Apps {
 
-	/**
-	 * 
-	 */
-	private static final long serialVersionUID = -4272290765948322084L;
-	@Id
-	@Column
-	@GeneratedValue(strategy=GenerationType.AUTO,generator="uuid")
-	private String id;
-	@Column
-	private String service;
-	@Column
-	private String validation;
-	
-	/**
-	 * @return the service
-	 */
-	public String getService() {
-		return service;
-	}
-	/**
-	 * @param service the service to set
-	 */
-	public void setService(String service) {
-		this.service = service;
-	}
-	/**
-	 * @return the validation
-	 */
-	public String getValidation() {
-		return validation;
-	}
-	/**
-	 * @param validation the validation to set
-	 */
-	public void setValidation(String validation) {
-		this.validation = validation;
-	}
-	/* (non-Javadoc)
-	 * @see java.lang.Object#toString()
-	 */
-	@Override
-	public String toString() {
-		return "CASDetails [service=" + service + ", validation=" + validation
-				+ "]";
-	}
-	
-	
-	
+    /**
+     * 
+     */
+    private static final long serialVersionUID = -4272290765948322084L;
+    @Id
+    @Column
+    @GeneratedValue(strategy = GenerationType.AUTO, generator = "uuid")
+    private String id;
+    @Column
+    private String service;
+    @Column
+    private String callbackUrl;
+
+    /**
+     * @return the service
+     */
+    public String getService() {
+        return service;
+    }
+
+    /**
+     * @param service the service to set
+     */
+    public void setService(String service) {
+        this.service = service;
+    }
+
+    public String getCallbackUrl() {
+        return callbackUrl;
+    }
+
+    public void setCallbackUrl(String callbackUrl) {
+        this.callbackUrl = callbackUrl;
+    }
+
+
+
+
 }

maxkey-core/src/main/java/org/maxkey/domain/apps/AppsSAML20Details.java

@@ -77,13 +77,13 @@ public class AppsSAML20Details extends Apps {
     @Column
     private int nameIdConvert;
 
-    public static class BINDINGTYPE {
-        public String Redirect_Post = "Redirect-Post";
-        public String Post_Post = "Post-Post";
-        public String IdpInit_Post = "IdpInit-Post";
-        public String Redirect_PostSimpleSign = "Redirect-PostSimpleSign";
-        public String Post_PostSimpleSign = "Post-PostSimpleSign";
-        public String IdpInit_PostSimpleSign = "IdpInit-PostSimpleSign";
+    public static final class BindingType {
+        public static final  String Redirect_Post = "Redirect-Post";
+        public static final  String Post_Post = "Post-Post";
+        public static final  String IdpInit_Post = "IdpInit-Post";
+        public static final  String Redirect_PostSimpleSign = "Redirect-PostSimpleSign";
+        public static final  String Post_PostSimpleSign = "Post-PostSimpleSign";
+        public static final  String IdpInit_PostSimpleSign = "IdpInit-PostSimpleSign";
     }
 
     /**

maxkey-core/src/main/java/org/maxkey/web/image/AbstractImageEndpoint.java

@@ -10,6 +10,7 @@ import javax.servlet.ServletOutputStream;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import org.maxkey.configuration.ApplicationConfig;
+import org.maxkey.constants.ContentType;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -48,7 +49,7 @@ public class AbstractImageEndpoint {
         // Set standard HTTP/1.0 no-cache header.
         response.setHeader("Pragma", "no-cache");
         // return a jpeg/gif
-        response.setContentType("image/gif");
+        response.setContentType(ContentType.IMAGE_GIF);
         _logger.trace("create the image");
         // create the image
         if (bufferedImage != null) {

maxkey-persistence/src/main/resources/org/maxkey/persistence/mapper/xml/mysql/OrganizationsMapper.xml

@@ -9,11 +9,11 @@
 		<if test="name != null and name != '' ">
 			AND	NAME	like	'%#{name}%'
 		</if>
-		<if test="pId != null and pId != '' ">
-			AND	PID	=	#{pId}
+		<if test="parentId != null and parentId != '' ">
+			AND	PARENTID	=	#{parentId}
 		</if>
-		<if test="pName != null and pName != ''">
-			AND	PNAME	like	'%#{pName}%'
+		<if test="parentName != null and parentName != ''">
+			AND	PARENTNAME	like	'%#{parentName}%'
 		</if>
 
     </sql>
@@ -41,8 +41,8 @@
 		<if test="enable != null">
 			ADN	STATUS	=	'1'
 		</if>
-		<if test="xPath != null">
-			ADN	XPATH	=	#{xPath}
+		<if test="codePath != null">
+			ADN	CODEPATH	=	#{codePath}
 		</if>
     </update>
     

maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java

@@ -94,6 +94,17 @@ public class CasAuthorizeEndpoint  extends AuthorizeBaseEndpoint{
 		
 		String ticket=ticketServices.createTicket(serviceTicket);
 		
-		return WebContext.redirect(casDetails.getService()+"?"+CasConstants.PARAMETER.TICKET+"="+ticket);
+		StringBuffer callbackUrl = new StringBuffer(casDetails.getCallbackUrl());
+		if(casDetails.getCallbackUrl().indexOf("?")==-1) {
+		    callbackUrl.append("?");
+		}
+		
+		callbackUrl.append(CasConstants.PARAMETER.TICKET).append("=").append(ticket)
+                .append("&")
+                .append(CasConstants.PARAMETER.SERVICE).append("=").append(casDetails.getService());
+		
+		_logger.debug("redirect to CAS Client URL " + callbackUrl);
+		
+		return WebContext.redirect(callbackUrl.toString());
 	}
 }

maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/OAuthDefaultUserInfoAdapter.java

@@ -4,7 +4,6 @@ import java.util.HashMap;
 
 import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
 import org.maxkey.domain.UserInfo;
-import org.maxkey.util.DateUtils;
 import org.maxkey.util.JsonUtils;
 import org.maxkey.util.StringGenerator;
 import org.springframework.web.servlet.ModelAndView;

maxkey-protocols/maxkey-protocol-oauth-2.0/src/main/java/org/maxkey/authz/oauth2/provider/userinfo/endpoint/UserInfoEndpoint.java

@@ -6,12 +6,16 @@ import java.util.HashMap;
 import java.util.Set;
 import java.util.UUID;
 
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.maxkey.authz.endpoint.adapter.AbstractAuthorizeAdapter;
 import org.maxkey.authz.oauth2.common.exceptions.OAuth2Exception;
 import org.maxkey.authz.oauth2.provider.ClientDetailsService;
 import org.maxkey.authz.oauth2.provider.OAuth2Authentication;
 import org.maxkey.authz.oauth2.provider.token.DefaultTokenServices;
 import org.maxkey.constants.Boolean;
+import org.maxkey.constants.ContentType;
 import org.maxkey.crypto.ReciprocalUtils;
 import org.maxkey.crypto.jwt.encryption.service.JwtEncryptionAndDecryptionService;
 import org.maxkey.crypto.jwt.encryption.service.impl.RecipientJwtEncryptionAndDecryptionServiceBuilder;
@@ -76,6 +80,7 @@ public class UserInfoEndpoint {
 	@Qualifier("jwtEncryptionService")
 	private JwtEncryptionAndDecryptionService jwtEnDecryptionService; 
 	
+	
 	private SymmetricSigningAndValidationServiceBuilder symmetricJwtSignerServiceBuilder
 					=new SymmetricSigningAndValidationServiceBuilder();
 
@@ -85,13 +90,16 @@ public class UserInfoEndpoint {
 	
 	OAuthDefaultUserInfoAdapter defaultOAuthUserInfoAdapter=new OAuthDefaultUserInfoAdapter();
 	
-	@RequestMapping(value="/oauth/v20/me",produces="text/plain;charset=UTF-8") 
+	@RequestMapping(value="/oauth/v20/me") 
 	@ResponseBody
 	public String apiV20UserInfo(
-			@RequestParam(value = "access_token", required = true) String access_token) {
+			@RequestParam(value = "access_token", required = true) String access_token,
+            HttpServletRequest request, 
+            HttpServletResponse response) {
+	        response.setContentType(ContentType.APPLICATION_JSON_UTF8);
 			String principal="";
 			if (!StringGenerator.uuidMatches(access_token)) {
-				return accessTokenFormatError(access_token);
+				return JsonUtils.gson2Json(accessTokenFormatError(access_token));
 			}
 			OAuth2Authentication oAuth2Authentication =null;
 			try{
@@ -103,8 +111,6 @@ public class UserInfoEndpoint {
 				 UserInfo userInfo=queryUserInfo(principal);
 				 Apps app=appsService.get(client_id);
 				 
-				 String userJson="";
-				 
 				 AbstractAuthorizeAdapter adapter;
 				 if(Boolean.isTrue(app.getIsAdapter())){
 					adapter =(AbstractAuthorizeAdapter)Instance.newInstance(app.getAdapter());
@@ -112,28 +118,28 @@ public class UserInfoEndpoint {
 					adapter =(AbstractAuthorizeAdapter)defaultOAuthUserInfoAdapter;
 				 }
 
-				 String jsonData=adapter.generateInfo(userInfo, null);
-				 userJson=adapter.sign(jsonData, app);
-				 
-				 return userJson;
-				 
+				String jsonData=adapter.generateInfo(userInfo, app);
+				return jsonData;
 			}catch(OAuth2Exception e){
 				HashMap<String,Object>authzException=new HashMap<String,Object>();
 				authzException.put(OAuth2Exception.ERROR, e.getOAuth2ErrorCode());
 				authzException.put(OAuth2Exception.DESCRIPTION,e.getMessage());
-				return JsonUtils.object2Json(authzException);
+				return JsonUtils.gson2Json(authzException);
 			}
 	}
 	
 	
-	@RequestMapping(value="/connect/v10/userinfo",produces="text/plain;charset=UTF-8")
+	@RequestMapping(value="/connect/v10/userinfo")
 	@ResponseBody
-	public String apiConnect10aUserInfo(
-			@RequestHeader(value = "Authorization", required = true) String access_token) {
+	public String connect10aUserInfo(
+			@RequestHeader(value = "Authorization", required = true) String access_token,
+			HttpServletRequest request, 
+			HttpServletResponse response) {
 		String principal="";
 		if (!StringGenerator.uuidMatches(access_token)) {
-			return accessTokenFormatError(access_token);
+			return JsonUtils.gson2Json(accessTokenFormatError(access_token));
 		}
+		
 		OAuth2Authentication oAuth2Authentication =null;
 		try{
 			 oAuth2Authentication = oauth20tokenServices.loadAuthentication(access_token);
@@ -207,10 +213,14 @@ public class UserInfoEndpoint {
 			JWTClaimsSet userInfoJWTClaims = jwtClaimsSetBuilder.build();
 			JWT userInfoJWT=null;
 			JWSAlgorithm signingAlg = jwtSignerValidationService.getDefaultSigningAlgorithm();
-			if (clientDetails.getUserInfoEncryptedAlgorithm() != null && !clientDetails.getUserInfoEncryptedAlgorithm().equals("none")
-					&& clientDetails.getUserInfoEncryptionMethod() != null && !clientDetails.getUserInfoEncryptionMethod().equals("none")
+			if (clientDetails.getUserInfoEncryptedAlgorithm() != null 
+			        && !clientDetails.getUserInfoEncryptedAlgorithm().equals("none")
+					&& clientDetails.getUserInfoEncryptionMethod() != null 
+					&& !clientDetails.getUserInfoEncryptionMethod().equals("none")
 					&&clientDetails.getJwksUri()!=null&&clientDetails.getJwksUri().length()>4
 					) {
+			    //需要加密
+			    response.setContentType(ContentType.APPLICATION_JWT_UTF8);
 				JwtEncryptionAndDecryptionService recipientJwtEnDecryptionService =
 						recipientJwtEnDecryptionServiceBuilder.serviceBuilder(clientDetails.getJwksUri());
 				
@@ -227,38 +237,41 @@ public class UserInfoEndpoint {
 					authzException.put(OAuth2Exception.DESCRIPTION,"Couldn't find encrypter for client: " + clientDetails.getClientId());
 					return JsonUtils.gson2Json(authzException);
 				}	
-			} else {
-				if (clientDetails.getUserInfoSigningAlgorithm()==null||clientDetails.getUserInfoSigningAlgorithm().equals("none")) {
-					// unsigned ID token
-					//userInfoJWT = new PlainJWT(userInfoJWTClaims);
-					userJson=JsonUtils.gson2Json(jwtClaimsSetBuilder.getClaims());
-				} else {
-					// signed ID token
-					if (signingAlg.equals(JWSAlgorithm.HS256)
-							|| signingAlg.equals(JWSAlgorithm.HS384)
-							|| signingAlg.equals(JWSAlgorithm.HS512)) {
-						// sign it with the client's secret
-						String client_secret=ReciprocalUtils.decoder(clientDetails.getClientSecret());
-						
-						JwtSigningAndValidationService symmetricJwtSignerService =symmetricJwtSignerServiceBuilder.serviceBuilder(client_secret);
-						if(symmetricJwtSignerService!=null){
-							userInfoJWTClaims = new JWTClaimsSet.Builder(userInfoJWTClaims).claim("kid", "SYMMETRIC-KEY").build();
-							userInfoJWT = new SignedJWT(new JWSHeader(signingAlg), userInfoJWTClaims);
-							symmetricJwtSignerService.signJwt((SignedJWT) userInfoJWT);
-						}else{
-							_logger.error("Couldn't create symmetric validator for client " + clientDetails.getClientId() + " without a client secret");
-						}
-					} else {
-						userInfoJWTClaims = new JWTClaimsSet.Builder(userInfoJWTClaims).claim("kid", jwtSignerValidationService.getDefaultSignerKeyId()).build();
+			}else if (clientDetails.getUserInfoSigningAlgorithm()!=null 
+			        && !clientDetails.getUserInfoSigningAlgorithm().equals("none")) {
+			    //需要签名
+			    response.setContentType(ContentType.APPLICATION_JWT_UTF8);
+				// signed ID token
+				if (signingAlg.equals(JWSAlgorithm.HS256)
+						|| signingAlg.equals(JWSAlgorithm.HS384)
+						|| signingAlg.equals(JWSAlgorithm.HS512)) {
+					// sign it with the client's secret
+					String client_secret=ReciprocalUtils.decoder(clientDetails.getClientSecret());
+					
+					JwtSigningAndValidationService symmetricJwtSignerService =symmetricJwtSignerServiceBuilder.serviceBuilder(client_secret);
+					if(symmetricJwtSignerService!=null){
+						userInfoJWTClaims = new JWTClaimsSet.Builder(userInfoJWTClaims).claim("kid", "SYMMETRIC-KEY").build();
 						userInfoJWT = new SignedJWT(new JWSHeader(signingAlg), userInfoJWTClaims);
-						// sign it with the server's key
-						jwtSignerValidationService.signJwt((SignedJWT) userInfoJWT);
+						symmetricJwtSignerService.signJwt((SignedJWT) userInfoJWT);
+					}else{
+						_logger.error("Couldn't create symmetric validator for client " + clientDetails.getClientId() + " without a client secret");
 					}
-					userJson=userInfoJWT.serialize();
+				} else {
+					userInfoJWTClaims = new JWTClaimsSet.Builder(userInfoJWTClaims).claim("kid", jwtSignerValidationService.getDefaultSignerKeyId()).build();
+					userInfoJWT = new SignedJWT(new JWSHeader(signingAlg), userInfoJWTClaims);
+					// sign it with the server's key
+					jwtSignerValidationService.signJwt((SignedJWT) userInfoJWT);
 				}
-			}
+				userJson=userInfoJWT.serialize();
+			}else {
+			    //不需要加密和签名
+                response.setContentType(ContentType.APPLICATION_JSON_UTF8);
+                // unsigned ID token
+                //userInfoJWT = new PlainJWT(userInfoJWTClaims);
+                userJson=JsonUtils.gson2Json(jwtClaimsSetBuilder.getClaims());
+            }
 			 
-			 return userJson;
+			return userJson;
 			 
 		}catch(OAuth2Exception e){
 			HashMap<String,Object>authzException=new HashMap<String,Object>();
@@ -267,17 +280,15 @@ public class UserInfoEndpoint {
 			return JsonUtils.object2Json(authzException);
 		}
 	}
-
-
-	public String accessTokenFormatError(String access_token){
+	
+	public HashMap<String,Object> accessTokenFormatError(String access_token){
 		HashMap<String,Object>atfe=new HashMap<String,Object>();
 		atfe.put(OAuth2Exception.ERROR, "token Format Invalid");
 		atfe.put(OAuth2Exception.DESCRIPTION, "access Token Format Invalid , access_token : "+access_token);
 		
-		return JsonUtils.object2Json(atfe);
+		return atfe;
 	}
 
-	
 	public  UserInfo queryUserInfo(String uid){
 		_logger.debug("uid : "+uid);
 		UserInfo userInfo = (UserInfo) userInfoService.loadByUsername(uid);

maxkey-web-manage/src/main/java/org/maxkey/web/contorller/OrganizationsController.java

@@ -48,7 +48,7 @@ public class OrganizationsController {
       }
       
       treeNode.setAttr("data", org);
-      treeNode.setPId(org.getpId());
+      treeNode.setPId(org.getParentId());
       if (org.getId().equals("1")) {
         treeNode.setAttr("open", Boolean.valueOf(true));
       } else {

maxkey-web-manage/src/main/resources/maxkey.properties

@@ -12,7 +12,7 @@ config.maxkey.uri=${config.server.name}/maxkey
 #InMemory 0 , jdbc  1, Redis 2 
 config.server.persistence=0
 #identity
-config.identity.kafkasupport=true
+config.identity.kafkasupport=false
 ############################################################################
 #                Login configuration
 #enable captcha
@@ -62,7 +62,7 @@ config.saml.v20.sp.keystore=classpath\:config/samlClientKeystore.jks
 config.saml.v20.sp.issuing.entity.id=client.maxkey.org
 
 ############################################################################ 
-config.oidc.metadata.issuer=${config.server.name}/maxkey
+config.oidc.metadata.issuer=https://${config.server.domain.sub}/maxkey
 config.oidc.metadata.authorizationEndpoint=${config.server.name}/maxkey/oauth/v20/authorize
 config.oidc.metadata.tokenEndpoint=${config.server.name}/maxkey/oauth/v20/token
 config.oidc.metadata.userinfoEndpoint=${config.server.name}/maxkey/api/connect/userinfo

maxkey-web-manage/src/main/resources/messages/message.properties

@@ -298,8 +298,8 @@ apps.formbased.parameter=\u53C2\u6570
 apps.formbased.parameter.value=\u53C2\u6570\u503C
 #cas
 apps.cas.info=CAS\u8BA4\u8BC1
-apps.cas.service=\u670D\u52A1\u5730\u5740
-apps.cas.validation=\u9A8C\u8BC1\u5730\u5740
+apps.cas.service=\u670D\u52A1
+apps.cas.callbackUrl=\u56DE\u8C03\u5730\u5740
 #desktop
 apps.desktop.info=\u684C\u9762\u8BA4\u8BC1
 apps.desktop.programPath=\u5E94\u7528\u5B89\u88C5\u8DEF\u5F84

maxkey-web-manage/src/main/resources/messages/message_en.properties

@@ -298,7 +298,7 @@ apps.formbased.authorizeView=authorizeView
 #cas
 apps.cas.info=CAS Info
 apps.cas.service=service
-apps.cas.validation=validation
+apps.cas.callbackUrl=CallbackUrl
 #desktop
 apps.desktop.info=Desktop Info
 apps.desktop.programPath=programPath

maxkey-web-manage/src/main/resources/messages/message_zh_CN.properties

@@ -298,8 +298,8 @@ apps.formbased.parameter=\u53C2\u6570
 apps.formbased.parameter.value=\u53C2\u6570\u503C
 #cas
 apps.cas.info=CAS\u8BA4\u8BC1
-apps.cas.service=\u670D\u52A1\u5730\u5740
-apps.cas.validation=\u9A8C\u8BC1\u5730\u5740
+apps.cas.service=\u670D\u52A1
+apps.cas.callbackUrl=\u56DE\u8C03\u5730\u5740
 #desktop
 apps.desktop.info=\u684C\u9762\u8BA4\u8BC1
 apps.desktop.programPath=\u5E94\u7528\u5B89\u88C5\u8DEF\u5F84

maxkey-web-manage/src/main/resources/templates/views/apps/cas/appAdd.ftl

@@ -52,9 +52,9 @@ $(function(){
 								</td>
 							</tr>
 							<tr>
-								<th style="width:15%;"><@locale code="apps.cas.validation"/>：</th>
+								<th style="width:15%;"><@locale code="apps.cas.callbackUrl"/>：</th>
 								<td  colspan=3>
-									<input type="text" class="form-control" id="validation" name="validation"  title="" value=""  required=""  />
+									<input type="text" class="form-control" id="callbackUrl" name="callbackUrl"  title="" value=""  required=""  />
 								</td>
 							</tr>
 							<tr>

maxkey-web-manage/src/main/resources/templates/views/apps/cas/appUpdate.ftl

@@ -62,9 +62,9 @@ $(function(){
 									</td>
 								</tr>
 								<tr>
-									<th style="width:15%;"><@locale code="apps.cas.validation"/>：</th>
+									<th style="width:15%;"><@locale code="apps.cas.callbackUrl"/>：</th>
 									<td  colspan=3>
-										<input type="text" class="form-control" id="redirectUri" name="validation"  title="" value="${model.validation}"  required="" />
+										<input type="text" class="form-control" id="callbackUrl" name="callbackUrl"  title="" value="${model.callbackUrl}"  required="" />
 							
 									</td>
 								</tr>

maxkey-web-manage/src/main/resources/templates/views/orgs/orgsAdd.ftl

@@ -39,11 +39,11 @@ $(function () {
            </tr>
            <tr >
               <td > <@locale code="org.pid" />：</td>
-              <td><input type="text"  id="pId" name="pId"  class="form-control"/></td>
+              <td><input type="text"  id="pId" name="parentId"  class="form-control"/></td>
            </tr>
            <tr>
               <th  width="200px"> <@locale code="org.pname" />：</td>
-              <td><input type="text"  id="pName" name="pName"    class="form-control"/></td>
+              <td><input type="text"  id="pName" name="parentName"    class="form-control"/></td>
            </tr>
            <tr >
               <td > <@locale code="org.id" />：</td>
@@ -60,13 +60,13 @@ $(function () {
             <tr >
               <td > <@locale code="org.xpath" /> ：
               </th>
-              <td><input type="text"  id="xPath" name="xPath"    class="form-control"/></td>
+              <td><input type="text"  id="xPath" name="codePath"    class="form-control"/></td>
            </tr>
            
             <tr >
               <td > <@locale code="org.xnamepath" /> ：
               </th>
-              <td><input type="text"  id="xNamePath" name="xNamePath"    class="form-control"/></td>
+              <td><input type="text"  id="xNamePath" name="namePath"    class="form-control"/></td>
            </tr>
            
            <tr>
@@ -81,7 +81,7 @@ $(function () {
               <th >
                  <@locale code="org.sortorder" /> ：
               </th>
-              <td><input type="text"  id="sortOrder" name="sortOrder"    class="form-control" value='1'/></td>
+              <td><input type="text"  id="sortIndex" name="sortIndex"    class="form-control" value='1'/></td>
            </tr>
           
            <tr>

maxkey-web-manage/src/main/resources/templates/views/orgs/orgsList.ftl

@@ -177,7 +177,7 @@ $(function () {
 				<td  width="375px">
 					<form id="basic_search_form">
 				 			<input  class="form-control"  name="name" type="text" style ="width:150px;float:left;">
-				 			<input id="pId"  class="form-control"  name="pId" type="hidden" style ="width:150px;float:left;">
+				 			<input id="pId"  class="form-control"  name="parentId" type="hidden" style ="width:150px;float:left;">
 				 			<input  class="button btn btn-primary mr-3"    id="searchBtn" type="button" size="50" value="<@locale code="button.text.search"/>">
 				 			<input  class="button btn btn-secondary"  id="advancedSearchExpandBtn" type="button" size="50"  value="<@locale code="button.text.expandsearch"/>" expandValue="<@locale code="button.text.expandsearch"/>"  collapseValue="<@locale code="button.text.collapsesearch"/>">
 					 	</form>

maxkey-web-manage/src/main/resources/templates/views/orgs/orgsUpdate.ftl

@@ -38,11 +38,11 @@ $(function () {
            </tr>
            <tr >
               <td > <@locale code="org.pid" />：</td>
-              <td><input type="text" readonly id="pId" name="pId"  class="form-control" value="${model.pId!}"/></td>
+              <td><input type="text" readonly id="pId" name="parentId"  class="form-control" value="${model.parentId!}"/></td>
            </tr>
            <tr>
               <th  width="200px"> <@locale code="org.pname" />：</td>
-              <td><input type="text" readonly  id="pName" name="pName"    class="form-control" value="${model.pName!}"/></td>
+              <td><input type="text" readonly  id="pName" name="parentName"    class="form-control" value="${model.parentName!}"/></td>
            </tr>
            <tr >
               <td > <@locale code="org.id" />：</td>
@@ -59,13 +59,13 @@ $(function () {
             <tr >
               <td > <@locale code="org.xpath" /> ：
               </th>
-              <td><input type="text"  id="xPath" name="xPath"    class="form-control" value="${model.xPath!}"/></td>
+              <td><input type="text"  id="xPath" name="codePath"    class="form-control" value="${model.codePath!}"/></td>
            </tr>
            
             <tr >
               <td > <@locale code="org.xnamepath" /> ：
               </th>
-              <td><input type="text"  id="xNamePath" name="xNamePath"    class="form-control" value="${model.xNamePath!}"/></td>
+              <td><input type="text"  id="xNamePath" name="namePath"    class="form-control" value="${model.namePath!}"/></td>
            </tr>
            
            <tr>
@@ -80,7 +80,7 @@ $(function () {
               <th >
                  <@locale code="org.sortorder" /> ：
               </th>
-              <td><input type="text"  id="sortOrder" name="sortOrder"    class="form-control" value="${model.sortOrder!}"/></td>
+              <td><input type="text"  id="sortOrder" name="sortIndex"    class="form-control" value="${model.sortIndex!}"/></td>
            </tr>
           
            <tr>

maxkey-web-maxkey/src/main/resources/maxkey.properties

@@ -4,8 +4,8 @@
 #                domain name configuration
 config.server.domain=maxkey.top
 config.server.domain.sub=sso.${config.server.domain}
-config.server.name=http://${config.server.domain.sub}
-config.server.prefix.uri=${config.server.name}:80/maxkey
+config.server.name=https://${config.server.domain.sub}
+config.server.prefix.uri=${config.server.name}/maxkey
 #default.uri
 config.server.default.uri=${config.server.prefix.uri}/maxkey/appList
 config.server.management.uri=${config.server.name}:9521/maxkey-mgt/login