v3.0.0GA with authentication isTrusted

v3.0.0GA with authentication isTrusted
cas Parameter service fix

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/AbstractAuthenticationProvider.java

@@ -74,14 +74,7 @@ public abstract class AbstractAuthenticationProvider {
 
     protected abstract Authentication doInternalAuthenticate(LoginCredential authentication);
     
-    public abstract Authentication basicAuthenticate(LoginCredential authentication) ;
-
-    public abstract Authentication trustAuthentication(
-                                    String username, 
-                                    String type, 
-                                    String provider, 
-                                    String code,
-                                    String message);
+    public    abstract Authentication authentication(LoginCredential loginCredential,boolean isTrusted);
     
     @SuppressWarnings("rawtypes")
     public boolean supports(Class authentication) {

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/LoginCredential.java

@@ -38,6 +38,10 @@ public class LoginCredential  implements Authentication {
     String authType;
     String jwtToken;
     String onlineTicket;
+    String provider;
+    String code;
+    String message="SUCCESS";
+    
     ArrayList<GrantedAuthority> grantedAuthority;
     boolean authenticated;
     boolean roleAdministrators;
@@ -182,6 +186,30 @@ public class LoginCredential  implements Authentication {
         this.roleAdministrators = roleAdministrators;
     }
 
+    public String getProvider() {
+        return provider;
+    }
+
+    public void setProvider(String provider) {
+        this.provider = provider;
+    }
+
+    public String getCode() {
+        return code;
+    }
+
+    public void setCode(String code) {
+        this.code = code;
+    }
+
+    public String getMessage() {
+        return message;
+    }
+
+    public void setMessage(String message) {
+        this.message = message;
+    }
+
     @Override
     public String toString() {
         StringBuilder builder = new StringBuilder();

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/RealmAuthenticationProvider.java

@@ -95,19 +95,19 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
         userInfo =  loadUserInfo(loginCredential.getUsername(),loginCredential.getPassword());
 
         userinfoValid(userInfo, loginCredential.getUsername());
-
+        //mfa 
         tftcaptchaValid(loginCredential.getOtpCaptcha(),loginCredential.getAuthType(),userInfo);
-
+        
+        //Validate PasswordPolicy
+        authenticationRealm.getPasswordPolicyValidator().passwordPolicyValid(userInfo);
         if(loginCredential.getAuthType().equalsIgnoreCase(AuthType.MOBILE)) {
         	mobilecaptchaValid(loginCredential.getPassword(),loginCredential.getAuthType(),userInfo);
-        }else {
-            //Validate PasswordPolicy
-            authenticationRealm.getPasswordPolicyValidator().passwordPolicyValid(userInfo);
+        }else {            
             //Match password 
         	authenticationRealm.passwordMatches(userInfo, loginCredential.getPassword());
-        	//apply PasswordSetType and resetBadPasswordCount
-        	authenticationRealm.getPasswordPolicyValidator().applyPasswordPolicy(userInfo);
         }
+        //apply PasswordSetType and resetBadPasswordCount
+        authenticationRealm.getPasswordPolicyValidator().applyPasswordPolicy(userInfo);
         
         UsernamePasswordAuthenticationToken authenticationToken = createOnlineSession(loginCredential,userInfo);
         //RemeberMe Config check then set  RemeberMe cookies
@@ -127,26 +127,6 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
         
         return  authenticationToken;
     }
-    
-    @Override
-    public Authentication basicAuthenticate(LoginCredential loginCredential) {
-        UserInfo loadeduserInfo = loadUserInfo(loginCredential.getUsername(), "");
-        if (loadeduserInfo != null) {
-            authenticationRealm.passwordMatches(loadeduserInfo, loginCredential.getPassword());
-
-            authenticationRealm.getPasswordPolicyValidator().passwordPolicyValid(loadeduserInfo);
-            
-            Authentication authentication = createOnlineSession(loginCredential,loadeduserInfo);
-            
-            authenticationRealm.insertLoginHistory(loadeduserInfo, loginCredential.getAuthType(), "", "", "SUCCESS");
-                        
-            return authentication;
-        }else {
-            String message = WebContext.getI18nValue("login.error.username");
-            _logger.debug("login user  " + loginCredential.getUsername() + " not in this System ." + message);
-            throw new BadCredentialsException(WebContext.getI18nValue("login.error.username"));
-        }
-    }
 
     /**
      * trustAuthentication.
@@ -158,24 +138,29 @@ public class RealmAuthenticationProvider extends AbstractAuthenticationProvider
      * @return boolean
      */
     @Override
-    public  Authentication trustAuthentication(String username, 
-                                            String type, 
-                                            String provider, 
-                                            String code,
-                                            String message) {
-        UserInfo loadeduserInfo = loadUserInfo(username, "");
+    public  Authentication authentication(LoginCredential loginCredential,boolean isTrusted) {
+        UserInfo loadeduserInfo = loadUserInfo(loginCredential.getUsername(), "");
         if (loadeduserInfo != null) {
-            LoginCredential loginCredential = new LoginCredential();
-            loginCredential.setUsername(loadeduserInfo.getUsername());
-            
+            //Validate PasswordPolicy
+            authenticationRealm.getPasswordPolicyValidator().passwordPolicyValid(loadeduserInfo);
+            if(!isTrusted) {
+                authenticationRealm.passwordMatches(loadeduserInfo, loginCredential.getPassword());
+            }
+            //apply PasswordSetType and resetBadPasswordCount
+            authenticationRealm.getPasswordPolicyValidator().applyPasswordPolicy(loadeduserInfo);
             Authentication authentication = createOnlineSession(loginCredential,loadeduserInfo);
             
-            authenticationRealm.insertLoginHistory(loadeduserInfo, type, provider, code, message);
+            authenticationRealm.insertLoginHistory( loadeduserInfo, 
+                                                    loginCredential.getAuthType(), 
+                                                    loginCredential.getProvider(), 
+                                                    loginCredential.getCode(), 
+                                                    loginCredential.getMessage()
+                                                );
             
             return authentication;
         }else {
             String i18nMessage = WebContext.getI18nValue("login.error.username");
-            _logger.debug("login user  " + username + " not in this System ." + i18nMessage);
+            _logger.debug("login user  " + loginCredential.getUsername() + " not in this System ." + i18nMessage);
             throw new BadCredentialsException(WebContext.getI18nValue("login.error.username"));
         }
     }

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/basic/BasicEntryPoint.java

@@ -21,6 +21,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.maxkey.authn.AbstractAuthenticationProvider;
+import org.maxkey.authn.LoginCredential;
 import org.maxkey.constants.ConstantsLoginType;
 import org.maxkey.util.AuthorizationHeaderCredential;
 import org.maxkey.util.AuthorizationHeaderUtils;
@@ -129,8 +130,9 @@ public class BasicEntryPoint implements   AsyncHandlerInterceptor {
 		 }
 		 
 		 if(!isAuthenticated){
-			authenticationProvider.trustAuthentication(headerCredential.getUsername(),ConstantsLoginType.BASIC,"","","success");
-				_logger.info("Authentication  "+headerCredential.getUsername()+" successful .");
+		     LoginCredential loginCredential =new LoginCredential(headerCredential.getUsername(),"",ConstantsLoginType.BASIC);
+			 authenticationProvider.authentication(loginCredential,true);
+			 _logger.info("Authentication  "+headerCredential.getUsername()+" successful .");
 		 }
 		
 		 return true;

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/httpheader/HttpHeaderEntryPoint.java

@@ -21,6 +21,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.maxkey.authn.AbstractAuthenticationProvider;
+import org.maxkey.authn.LoginCredential;
 import org.maxkey.constants.ConstantsLoginType;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -107,7 +108,8 @@ public class HttpHeaderEntryPoint implements AsyncHandlerInterceptor {
 		 }
 		 
 		 if(!isAuthenticated){
-			authenticationProvider.trustAuthentication(httpHeaderUsername,ConstantsLoginType.HTTPHEADER,"","","success");
+			LoginCredential loginCredential =new LoginCredential(httpHeaderUsername,"",ConstantsLoginType.HTTPHEADER);
+            authenticationProvider.authentication(loginCredential,true);
 			_logger.info("Authentication  "+httpHeaderUsername+" successful .");
 		 }
 		

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/jwt/HttpJwtEntryPoint.java

@@ -21,6 +21,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
 import org.maxkey.authn.AbstractAuthenticationProvider;
+import org.maxkey.authn.LoginCredential;
 import org.maxkey.configuration.ApplicationConfig;
 import org.maxkey.constants.ConstantsLoginType;
 import org.maxkey.web.WebConstants;
@@ -77,7 +78,8 @@ public class HttpJwtEntryPoint implements AsyncHandlerInterceptor {
 		 SignedJWT signedJWT = jwtLoginService.jwtTokenValidation(jwt);
 		 if(signedJWT != null) {
 			 String username =signedJWT.getJWTClaimsSet().getSubject();
-			 authenticationProvider.trustAuthentication(username, ConstantsLoginType.JWT, "", "", "success"); 
+			 LoginCredential loginCredential =new LoginCredential(username,"",ConstantsLoginType.JWT);
+			 authenticationProvider.authentication(loginCredential,true);
 			 _logger.debug("JWT Logined in , username " + username);
 		 }
 		

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/kerberos/HttpKerberosEntryPoint.java

@@ -21,6 +21,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import org.joda.time.DateTime;
 import org.maxkey.authn.AbstractAuthenticationProvider;
+import org.maxkey.authn.LoginCredential;
 import org.maxkey.configuration.ApplicationConfig;
 import org.maxkey.constants.ConstantsLoginType;
 import org.maxkey.crypto.ReciprocalUtils;
@@ -94,7 +95,9 @@ public class HttpKerberosEntryPoint implements AsyncHandlerInterceptor {
 		_logger.debug("Kerberos Token is After Now  "+notOnOrAfter.isAfterNow());
 		
 		if(notOnOrAfter.isAfterNow()){
-	    	authenticationProvider.trustAuthentication(kerberosToken.getPrincipal(),ConstantsLoginType.KERBEROS,kerberosUserDomain,"","success");
+		    LoginCredential loginCredential =new LoginCredential(kerberosToken.getPrincipal(),"",ConstantsLoginType.KERBEROS);
+		    loginCredential.setProvider(kerberosUserDomain);
+            authenticationProvider.authentication(loginCredential,true);
 	    	_logger.debug("Kerberos Logined in , username " + kerberosToken.getPrincipal());
 		}
 		

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/HttpRemeberMeEntryPoint.java

@@ -23,6 +23,7 @@ import javax.servlet.http.HttpServletResponse;
 
 import org.joda.time.DateTime;
 import org.maxkey.authn.AbstractAuthenticationProvider;
+import org.maxkey.authn.LoginCredential;
 import org.maxkey.configuration.ApplicationConfig;
 import org.maxkey.constants.ConstantsLoginType;
 import org.maxkey.crypto.Base64Utils;
@@ -94,12 +95,8 @@ public class HttpRemeberMeEntryPoint implements AsyncHandlerInterceptor {
 	        DateTime expiryDate = loginDate.plusSeconds(remeberMeService.getRemeberMeValidity());
 	        DateTime now = new DateTime();
 	        if (now.isBefore(expiryDate)) {
-	            authenticationProvider.trustAuthentication(
-	                    storeRemeberMe.getUsername(), 
-	                    ConstantsLoginType.REMEBER_ME, 
-	                    "", 
-	                    "", 
-	                    "success");
+	            LoginCredential loginCredential =new LoginCredential(storeRemeberMe.getUsername(),"",ConstantsLoginType.REMEBER_ME);
+	            authenticationProvider.authentication(loginCredential,true);
 	            remeberMeService.updateRemeberMe(remeberMeCookie, response);
 	            _logger.debug("RemeberMe Logined in , username " + storeRemeberMe.getUsername());
 	        }

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/wsfederation/HttpWsFederationEntryPoint.java

@@ -20,6 +20,7 @@ package org.maxkey.authn.support.wsfederation;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import org.maxkey.authn.AbstractAuthenticationProvider;
+import org.maxkey.authn.LoginCredential;
 import org.maxkey.configuration.ApplicationConfig;
 import org.maxkey.constants.ConstantsLoginType;
 import org.maxkey.util.StringUtils;
@@ -97,11 +98,9 @@ public class HttpWsFederationEntryPoint implements AsyncHandlerInterceptor {
                     			wsFederationCredential.getAttributes(),
                     			wsFederationService.getWsFederationConfiguration().getUpnSuffix());
                     }
-
-                    authenticationProvider.trustAuthentication(
-                    		wsFederationCredential.getAttributes().get("").toString(),
-                    		ConstantsLoginType.WSFEDERATION,
-                    		"","","success");
+                    LoginCredential loginCredential =new LoginCredential(
+                            wsFederationCredential.getAttributes().get("").toString(),"",ConstantsLoginType.WSFEDERATION);
+                    authenticationProvider.authentication(loginCredential,true);
                     return true;
                 } else {
                     _logger.warn("SAML assertions are blank or no longer valid.");

maxkey-authentications/maxkey-authentication-social/src/main/java/org/maxkey/authn/support/socialsignon/SocialSignOnEndpoint.java

@@ -22,6 +22,7 @@ package org.maxkey.authn.support.socialsignon;
 
 import javax.servlet.http.HttpServletRequest;
 
+import org.maxkey.authn.LoginCredential;
 import org.maxkey.authn.support.socialsignon.service.SocialSignOnProvider;
 import org.maxkey.authn.support.socialsignon.service.SocialsAssociate;
 import org.maxkey.constants.ConstantsLoginType;
@@ -176,8 +177,11 @@ public class SocialSignOnEndpoint  extends AbstractSocialSignOnEndpoint{
 		
 		_logger.debug("Social Sign On from "+socialsAssociate.getProvider()+" mapping to user "+socialsAssociate.getUsername());
 		
-		authenticationProvider.trustAuthentication(socialsAssociate.getUsername(), ConstantsLoginType.SOCIALSIGNON,this.socialSignOnProvider.getProviderName(),"xe00000004","success");
-		//socialsAssociate.setAccessToken(JsonUtils.object2Json(this.accessToken));
+		LoginCredential loginCredential =new LoginCredential(
+		        socialsAssociate.getUsername(),"",ConstantsLoginType.SOCIALSIGNON);
+		loginCredential.setProvider(this.socialSignOnProvider.getProviderName());
+        authenticationProvider.authentication(loginCredential,true);
+        //socialsAssociate.setAccessToken(JsonUtils.object2Json(this.accessToken));
 		socialsAssociate.setSocialUserInfo(accountJsonString);
 		//socialsAssociate.setExAttribute(JsonUtils.object2Json(accessToken.getResponseObject()));
 		

maxkey-core/src/main/java/org/maxkey/web/WebXssRequestFilter.java

@@ -39,8 +39,12 @@ public class WebXssRequestFilter  extends GenericFilterBean {
 	final static ConcurrentHashMap <String,String> skipUrlMap = new  ConcurrentHashMap <String,String>();
 	
 	static {
-		skipUrlMap.put("/notices/add", "");
-		skipUrlMap.put("/notices/update", "");
+		skipUrlMap.put("/notices/add", "/notices/add");
+		skipUrlMap.put("/notices/update", "/notices/update");
+		skipUrlMap.put("/authz/cas", "/authz/cas");
+		skipUrlMap.put("/authz/cas/", "/authz/cas/");
+		skipUrlMap.put("/authz/cas/login", "/authz/cas/login");
+		skipUrlMap.put("/authz/oauth/v20/authorize", "/authz/oauth/v20/authorize");
 	}
 	
 	@Override

maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasAuthorizeEndpoint.java

@@ -64,7 +64,7 @@ public class CasAuthorizeEndpoint  extends CasBaseAuthorizeEndpoint{
 	    
 		AppsCasDetails  casDetails=casDetailsService.getAppDetails(casService);
 		
-		return buildCasModelAndView(request,response,casDetails);
+		return buildCasModelAndView(request,response,casDetails,casService);
 		
 	}
 	
@@ -77,20 +77,34 @@ public class CasAuthorizeEndpoint  extends CasBaseAuthorizeEndpoint{
 		
 		AppsCasDetails casDetails=casDetailsService.getAppDetails(id);
 		
-		return buildCasModelAndView(request,response,casDetails);
+		return buildCasModelAndView(request,response,casDetails,casDetails.getCallbackUrl());
 	}
 	
 	private  ModelAndView buildCasModelAndView(
 	                HttpServletRequest request,
 	                HttpServletResponse response,
-	                AppsCasDetails casDetails){
+	                AppsCasDetails casDetails,
+	                String casService){
 		
 		_logger.debug(""+casDetails);
-
+		Map<String, String> parameterMap = WebContext.getRequestParameterMap(request);
+		String service = casService;
+		_logger.debug("CAS Parameter service = " + service);
+		if(casService.indexOf("?") >-1 ) {
+		    service = casService.substring(casService.indexOf("?") + 1);
+		    if(service.indexOf("=") > -1) {
+		        String [] parameterValues = service.split("=");
+		        if(parameterValues.length == 2) {
+		            parameterMap.put(parameterValues[0], parameterValues[1]);
+		        }
+		    }
+		    _logger.debug("CAS service with Parameter : " + service);
+		}
 		WebContext.setAttribute(
     		        CasConstants.PARAMETER.PARAMETER_MAP, 
-    		        WebContext.getRequestParameterMap(request)
+    		        parameterMap
 		        );
+
 		WebContext.setAttribute(CasConstants.PARAMETER.ENDPOINT_CAS_DETAILS, casDetails);
 		WebContext.setAttribute(WebConstants.SINGLE_SIGN_ON_APP_ID, casDetails.getId());
 		WebContext.setAttribute(WebConstants.AUTHORIZE_SIGN_ON_APP,casDetails);
@@ -116,7 +130,6 @@ public class CasAuthorizeEndpoint  extends CasBaseAuthorizeEndpoint{
 		    callbackUrl.append("&");
 		}
 		
-		
 		//append ticket
 		callbackUrl.append(CasConstants.PARAMETER.TICKET).append("=").append(ticket);
 		

maxkey-protocols/maxkey-protocol-cas/src/main/java/org/maxkey/authz/cas/endpoint/CasRestV1Endpoint.java

@@ -82,7 +82,7 @@ public class CasRestV1Endpoint  extends CasBaseAuthorizeEndpoint{
     	    
     	    LoginCredential loginCredential =new LoginCredential(username,password,"CASREST");
     	    
-    	    authenticationProvider.basicAuthenticate(loginCredential);
+    	    authenticationProvider.authentication(loginCredential,false);
             
             TicketGrantingTicketImpl ticketGrantingTicket=new TicketGrantingTicketImpl("Random",WebContext.getAuthentication(),null);
             
@@ -189,7 +189,7 @@ public class CasRestV1Endpoint  extends CasBaseAuthorizeEndpoint{
             
             LoginCredential loginCredential =new LoginCredential(username,password,"CASREST");
             
-            authenticationProvider.basicAuthenticate(loginCredential);
+            authenticationProvider.authentication(loginCredential,false);
             UserInfo userInfo =WebContext.getUserInfo();
             TicketGrantingTicketImpl ticketGrantingTicket=new TicketGrantingTicketImpl("Random",WebContext.getAuthentication(),null);
             

maxkey-protocols/maxkey-protocol-saml-2.0/src/main/java/org/maxkey/authz/saml20/consumer/endpoint/ConsumerEndpoint.java

@@ -31,6 +31,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.lang.StringUtils;
 import org.apache.commons.lang.Validate;
 import org.maxkey.authn.AbstractAuthenticationProvider;
+import org.maxkey.authn.LoginCredential;
 import org.maxkey.authz.saml.common.EndpointGenerator;
 import org.maxkey.authz.saml.common.TrustResolver;
 import org.maxkey.authz.saml.service.IDService;
@@ -185,8 +186,9 @@ public class ConsumerEndpoint {
 		
 	
 		logger.debug("assertion.getID() ", assertion.getAuthnStatements());
-		
-		authenticationProvider.trustAuthentication(username, ConstantsLoginType.SAMLTRUST,"","","success");
+		LoginCredential loginCredential =new LoginCredential(
+		        username,"",ConstantsLoginType.SAMLTRUST);
+        authenticationProvider.authentication(loginCredential,true);
 
 		ModelAndView mav = new ModelAndView();
 		mav.addObject("username", username);

maxkey-webs/maxkey-web-maxkey/src/main/resources/templates/views/authorize/cas_sso_submint.ftl

@@ -5,7 +5,13 @@
     <#include  "authorize_common.ftl">
     <script type="text/javascript">
         function redirectToLogin(){
-            window.top.location.href ="${callbackUrl}";
+            var srcUrl = window.top.location.href;
+            srcUrl = srcUrl.substring(srcUrl.indexOf("#"));
+            var callbackUrl = "${callbackUrl}";
+            if(srcUrl.indexOf("#") >-1 ){
+                callbackUrl =callbackUrl.replace("?",srcUrl + "&");
+            }
+            window.top.location.href = callbackUrl;
        }
     </script>
 </head>