EntryPoints

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/jwt/HttpJwtEntryPoint.java

@@ -46,9 +46,11 @@ public class HttpJwtEntryPoint implements AsyncHandlerInterceptor {
 	 @Override
 	 public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
 		 boolean isAuthenticated= WebContext.isAuthenticated();
-		 
 		 String jwt = request.getParameter(WebConstants.JWT_TOKEN_PARAMETER);
-		 if(!enable || isAuthenticated || jwt == null){
+		 
+		 if(!enable 
+				 || isAuthenticated 
+				 || jwt == null){
 			 return true;
 		 }
 		 
@@ -70,16 +72,14 @@ public class HttpJwtEntryPoint implements AsyncHandlerInterceptor {
 		 _logger.info("getSession.getId : "+ request.getSession().getId());
 
 		//for jwt Login
-		if(!isAuthenticated){
-			 _logger.debug("jwt : " + jwt);
-
-			 SignedJWT signedJWT = jwtLoginService.jwtTokenValidation(jwt);
-			 if(signedJWT != null) {
-				 String username =signedJWT.getJWTClaimsSet().getSubject();
-				 authenticationProvider.trustAuthentication(username, ConstantsLoginType.JWT, "", "", "success"); 
-			 }
-	           
-		}
+		 _logger.debug("jwt : " + jwt);
+
+		 SignedJWT signedJWT = jwtLoginService.jwtTokenValidation(jwt);
+		 if(signedJWT != null) {
+			 String username =signedJWT.getJWTClaimsSet().getSubject();
+			 authenticationProvider.trustAuthentication(username, ConstantsLoginType.JWT, "", "", "success"); 
+			 _logger.debug("JWT Logined in , username " + username);
+		 }
 		
 		return true;
 	}

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/kerberos/HttpKerberosEntryPoint.java

@@ -0,0 +1,140 @@
+/*
+ * Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+ 
+
+package org.maxkey.authn.support.kerberos;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import org.joda.time.DateTime;
+import org.maxkey.authn.AbstractAuthenticationProvider;
+import org.maxkey.configuration.ApplicationConfig;
+import org.maxkey.constants.ConstantsLoginType;
+import org.maxkey.crypto.ReciprocalUtils;
+import org.maxkey.util.DateUtils;
+import org.maxkey.util.JsonUtils;
+import org.maxkey.web.WebConstants;
+import org.maxkey.web.WebContext;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.web.servlet.AsyncHandlerInterceptor;
+
+
+public class HttpKerberosEntryPoint implements AsyncHandlerInterceptor {
+	private static final Logger _logger = LoggerFactory.getLogger(HttpKerberosEntryPoint.class);
+	
+    boolean enable;
+    
+  	ApplicationConfig applicationConfig;
+    
+    AbstractAuthenticationProvider authenticationProvider ;
+    
+	KerberosService kerberosService;
+	
+	 @Override
+	 public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
+		 boolean isAuthenticated= WebContext.isAuthenticated();
+		 String kerberosTokenString = request.getParameter(WebConstants.KERBEROS_TOKEN_PARAMETER);
+		 String kerberosUserDomain = request.getParameter(WebConstants.KERBEROS_USERDOMAIN_PARAMETER);
+		 
+		 if(!enable 
+				 || isAuthenticated 
+				 || kerberosTokenString == null){
+			 return true;
+		 }
+		 
+		 _logger.debug("Kerberos Login Start ...");
+		 _logger.info("Request url : "+ request.getRequestURL());
+		 _logger.info("Request URI : "+ request.getRequestURI());
+		 _logger.info("Request ContextPath : "+ request.getContextPath());
+		 _logger.info("Request ServletPath : "+ request.getServletPath());
+		 _logger.debug("RequestSessionId : "+ request.getRequestedSessionId());
+		 _logger.debug("isRequestedSessionIdValid : "+ request.isRequestedSessionIdValid());
+		 _logger.debug("getSession : "+ request.getSession(false));
+		 
+		// session not exists，session timeout，recreate new session
+		 if(request.getSession(false) == null) {
+		    _logger.info("recreate new session .");
+			request.getSession(true);
+		 }
+		 
+		 _logger.info("getSession.getId : "+ request.getSession().getId());
+
+		//for Kerberos Login
+		_logger.debug("Try Kerberos login ");
+		_logger.debug("encoder Kerberos Token "+kerberosTokenString);
+		_logger.debug("kerberos UserDomain "+kerberosUserDomain);
+		
+		String decoderKerberosToken=null;
+		for(KerberosProxy kerberosProxy : kerberosService.getKerberosProxys()){
+			if(kerberosProxy.getUserdomain().equalsIgnoreCase(kerberosUserDomain)){
+				decoderKerberosToken=ReciprocalUtils.aesDecoder(kerberosTokenString, kerberosProxy.getCrypto());
+				break;
+			}
+		}
+		_logger.debug("decoder Kerberos Token "+decoderKerberosToken);
+		KerberosToken  kerberosToken=new KerberosToken();
+		kerberosToken=(KerberosToken)JsonUtils.json2Object(decoderKerberosToken, kerberosToken);
+		_logger.debug("Kerberos Token "+kerberosToken);
+		
+		DateTime notOnOrAfter=DateUtils.toUtcDate(kerberosToken.getNotOnOrAfter());
+		_logger.debug("Kerberos Token is After Now  "+notOnOrAfter.isAfterNow());
+		
+		if(notOnOrAfter.isAfterNow()){
+	    	authenticationProvider.trustAuthentication(kerberosToken.getPrincipal(),ConstantsLoginType.KERBEROS,kerberosUserDomain,"","success");
+	    	_logger.debug("Kerberos Logined in , username " + kerberosToken.getPrincipal());
+		}
+		
+		return true;
+	}
+
+	 public HttpKerberosEntryPoint() {
+	        super();
+	 }
+
+    public HttpKerberosEntryPoint (boolean enable) {
+        super();
+        this.enable = enable;
+    }
+
+    public HttpKerberosEntryPoint(AbstractAuthenticationProvider authenticationProvider, KerberosService kerberosService,
+			ApplicationConfig applicationConfig, boolean enable) {
+		super();
+		this.authenticationProvider = authenticationProvider;
+		this.kerberosService = kerberosService;
+		this.applicationConfig = applicationConfig;
+		this.enable = enable;
+	}
+
+	public boolean isEnable() {
+        return enable;
+    }
+
+    public void setEnable(boolean enable) {
+        this.enable = enable;
+    }
+
+	public void setApplicationConfig(ApplicationConfig applicationConfig) {
+		this.applicationConfig = applicationConfig;
+	}
+
+	public void setAuthenticationProvider(AbstractAuthenticationProvider authenticationProvider) {
+		this.authenticationProvider = authenticationProvider;
+	}
+
+
+	
+}

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/kerberos/KerberosService.java

@@ -17,9 +17,11 @@
 
 package org.maxkey.authn.support.kerberos;
 
+import java.util.List;
+
 public interface KerberosService {
 	
-	public boolean login(String kerberosTokenString,String kerberosUserDomain);
+	public List<KerberosProxy> getKerberosProxys();
 	
 	public  String buildKerberosProxys( );
 	

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/kerberos/RemoteKerberosService.java

@@ -21,12 +21,6 @@ import java.util.ArrayList;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Map;
-
-import org.joda.time.DateTime;
-import org.maxkey.authn.AbstractAuthenticationProvider;
-import org.maxkey.constants.ConstantsLoginType;
-import org.maxkey.crypto.ReciprocalUtils;
-import org.maxkey.util.DateUtils;
 import org.maxkey.util.JsonUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -34,36 +28,6 @@ import org.slf4j.LoggerFactory;
 public class RemoteKerberosService  implements KerberosService{
 	private static Logger _logger = LoggerFactory.getLogger(RemoteKerberosService.class);
 	List<KerberosProxy> kerberosProxys;
-	
-	AbstractAuthenticationProvider authenticationProvider ;
-	
-	public boolean login(String kerberosTokenString,String kerberosUserDomain){
-		_logger.debug("encoder Kerberos Token "+kerberosTokenString);
-		_logger.debug("kerberos UserDomain "+kerberosUserDomain);
-		
-		String decoderKerberosToken=null;
-		for(KerberosProxy kerberosProxy : kerberosProxys){
-			if(kerberosProxy.getUserdomain().equalsIgnoreCase(kerberosUserDomain)){
-				decoderKerberosToken=ReciprocalUtils.aesDecoder(kerberosTokenString, kerberosProxy.getCrypto());
-				break;
-			}
-		}
-		_logger.debug("decoder Kerberos Token "+decoderKerberosToken);
-		KerberosToken  kerberosToken=new KerberosToken();
-		kerberosToken=(KerberosToken)JsonUtils.json2Object(decoderKerberosToken, kerberosToken);
-		_logger.debug("Kerberos Token "+kerberosToken);
-		
-		DateTime notOnOrAfter=DateUtils.toUtcDate(kerberosToken.getNotOnOrAfter());
-		_logger.debug("Kerberos Token is After Now  "+notOnOrAfter.isAfterNow());
-		if(notOnOrAfter.isAfterNow()){
-	    	authenticationProvider.trustAuthentication(kerberosToken.getPrincipal(),ConstantsLoginType.KERBEROS,kerberosUserDomain,"","success");
-	    	return true;
-		}else{
-			
-			return false;
-		}
-			
-	}
 
 	public List<KerberosProxy> getKerberosProxys() {
 		return kerberosProxys;

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/rememberme/HttpRemeberMeEntryPoint.java

@@ -49,9 +49,12 @@ public class HttpRemeberMeEntryPoint implements AsyncHandlerInterceptor {
 	 @Override
 	 public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
 		 boolean isAuthenticated= WebContext.isAuthenticated();
-		 
 		 Cookie readRemeberMeCookie = WebContext.readCookieByName(request,WebConstants.REMEBER_ME_COOKIE);
-		 if(!enable || isAuthenticated){
+		 
+		 if(!enable 
+				 || isAuthenticated 
+				 || readRemeberMeCookie==null 
+				 || !applicationConfig.getLoginConfig().isRemeberMe()){
 			 return true;
 		 }
 		 
@@ -72,37 +75,35 @@ public class HttpRemeberMeEntryPoint implements AsyncHandlerInterceptor {
 		 
 		 _logger.info("getSession.getId : "+ request.getSession().getId());
 
-		 if(applicationConfig.getLoginConfig().isRemeberMe()&&readRemeberMeCookie!=null){
-				_logger.debug("Try RemeberMe login ");
-				String remeberMe = readRemeberMeCookie.getValue();
-				 _logger.debug("RemeberMe : " + remeberMe);
-
-		        remeberMe = new String(Base64Utils.base64UrlDecode(remeberMe));
-
-		        remeberMe = ReciprocalUtils.decoder(remeberMe);
-
-		        _logger.debug("decoder RemeberMe : " + remeberMe);
-		        RemeberMe remeberMeCookie = new RemeberMe();
-		        remeberMeCookie = (RemeberMe) JsonUtils.json2Object(remeberMe, remeberMeCookie);
-		        _logger.debug("Remeber Me Cookie : " + remeberMeCookie);
-
-		        RemeberMe storeRemeberMe = remeberMeService.read(remeberMeCookie);
-		        if (storeRemeberMe != null)  {
-			        DateTime loginDate = new DateTime(storeRemeberMe.getLastLogin());
-			        DateTime expiryDate = loginDate.plusSeconds(remeberMeService.getRemeberMeValidity());
-			        DateTime now = new DateTime();
-			        if (now.isBefore(expiryDate)) {
-			            authenticationProvider.trustAuthentication(
-			                    storeRemeberMe.getUsername(), 
-			                    ConstantsLoginType.REMEBER_ME, 
-			                    "", 
-			                    "", 
-			                    "success");
-			            remeberMeService.updateRemeberMe(remeberMeCookie, response);
-
-			        }
-		        }
-		}
+		_logger.debug("Try RemeberMe login ");
+		String remeberMe = readRemeberMeCookie.getValue();
+		 _logger.debug("RemeberMe : " + remeberMe);
+
+        remeberMe = new String(Base64Utils.base64UrlDecode(remeberMe));
+
+        remeberMe = ReciprocalUtils.decoder(remeberMe);
+
+        _logger.debug("decoder RemeberMe : " + remeberMe);
+        RemeberMe remeberMeCookie = new RemeberMe();
+        remeberMeCookie = (RemeberMe) JsonUtils.json2Object(remeberMe, remeberMeCookie);
+        _logger.debug("Remeber Me Cookie : " + remeberMeCookie);
+
+        RemeberMe storeRemeberMe = remeberMeService.read(remeberMeCookie);
+        if (storeRemeberMe != null)  {
+	        DateTime loginDate = new DateTime(storeRemeberMe.getLastLogin());
+	        DateTime expiryDate = loginDate.plusSeconds(remeberMeService.getRemeberMeValidity());
+	        DateTime now = new DateTime();
+	        if (now.isBefore(expiryDate)) {
+	            authenticationProvider.trustAuthentication(
+	                    storeRemeberMe.getUsername(), 
+	                    ConstantsLoginType.REMEBER_ME, 
+	                    "", 
+	                    "", 
+	                    "success");
+	            remeberMeService.updateRemeberMe(remeberMeCookie, response);
+	            _logger.debug("RemeberMe Logined in , username " + storeRemeberMe.getUsername());
+	        }
+        }
 		
 		 return true;
 	}

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/wsfederation/HttpWsFederationEntryPoint.java

@@ -0,0 +1,157 @@
+/*
+ * Copyright [2020] [MaxKey of copyright http://www.maxkey.top]
+ * 
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ * 
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ * 
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+ 
+
+package org.maxkey.authn.support.wsfederation;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import org.maxkey.authn.AbstractAuthenticationProvider;
+import org.maxkey.configuration.ApplicationConfig;
+import org.maxkey.constants.ConstantsLoginType;
+import org.maxkey.util.StringUtils;
+import org.maxkey.web.WebContext;
+import org.opensaml.saml1.core.impl.AssertionImpl;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.web.servlet.AsyncHandlerInterceptor;
+
+
+public class HttpWsFederationEntryPoint implements AsyncHandlerInterceptor {
+	private static final Logger _logger = LoggerFactory.getLogger(HttpWsFederationEntryPoint.class);
+	
+    boolean enable;
+    
+  	ApplicationConfig applicationConfig;
+    
+    AbstractAuthenticationProvider authenticationProvider ;
+    
+	WsFederationService wsFederationService;
+	
+	 @Override
+	 public boolean preHandle(HttpServletRequest request,HttpServletResponse response, Object handler) throws Exception {
+		 boolean isAuthenticated= WebContext.isAuthenticated();
+		 String wsFederationWA = request.getParameter(WsFederationConstants.WA);
+		 String wsFederationWResult = request.getParameter(WsFederationConstants.WRESULT);
+		 
+		 if(!enable 
+				 || isAuthenticated 
+				 || !applicationConfig.getLoginConfig().isWsFederation()
+				 || wsFederationWA == null){
+			 return true;
+		 }
+		 
+		 _logger.debug("WsFederation Login Start ...");
+		 _logger.info("Request url : "+ request.getRequestURL());
+		 _logger.info("Request URI : "+ request.getRequestURI());
+		 _logger.info("Request ContextPath : "+ request.getContextPath());
+		 _logger.info("Request ServletPath : "+ request.getServletPath());
+		 _logger.debug("RequestSessionId : "+ request.getRequestedSessionId());
+		 _logger.debug("isRequestedSessionIdValid : "+ request.isRequestedSessionIdValid());
+		 _logger.debug("getSession : "+ request.getSession(false));
+		 
+		// session not exists，session timeout，recreate new session
+		 if(request.getSession(false) == null) {
+		    _logger.info("recreate new session .");
+			request.getSession(true);
+		 }
+		 
+		 _logger.info("getSession.getId : "+ request.getSession().getId());
+
+		//for WsFederation Login
+		 _logger.debug("WsFederation : " + wsFederationWA +" , wsFederationWResult : " + wsFederationWResult);
+		 if(applicationConfig.getLoginConfig().isWsFederation()
+				 && StringUtils.isNotEmpty(wsFederationWA) 
+				 && wsFederationWA.equalsIgnoreCase(WsFederationConstants.WSIGNIN)){
+			 _logger.debug("wresult : {}"+wsFederationWResult);
+
+			 final String wctx = request.getParameter(WsFederationConstants.WCTX);
+			 _logger.debug("wctx : {}"+ wctx);
+
+            // create credentials
+            final AssertionImpl assertion = WsFederationUtils.parseTokenFromString(wsFederationWResult);
+            //Validate the signature
+            if (assertion != null && WsFederationUtils.validateSignature(assertion, wsFederationService.getWsFederationConfiguration().getSigningCertificates())) {
+                final WsFederationCredential wsFederationCredential = WsFederationUtils.createCredentialFromToken(assertion);
+
+                if (wsFederationCredential != null && wsFederationCredential.isValid(wsFederationService.getWsFederationConfiguration().getRelyingParty(),
+                		wsFederationService.getWsFederationConfiguration().getIdentifier(),
+                		wsFederationService.getWsFederationConfiguration().getTolerance())) {
+
+                    //Give the library user a chance to change the attributes as necessary
+                    if (wsFederationService.getWsFederationConfiguration().getAttributeMutator() != null) {
+                    	wsFederationService.getWsFederationConfiguration().getAttributeMutator().modifyAttributes(
+                    			wsFederationCredential.getAttributes(),
+                    			wsFederationService.getWsFederationConfiguration().getUpnSuffix());
+                    }
+
+                    authenticationProvider.trustAuthentication(
+                    		wsFederationCredential.getAttributes().get("").toString(),
+                    		ConstantsLoginType.WSFEDERATION,
+                    		"","","success");
+                    return true;
+                } else {
+                    _logger.warn("SAML assertions are blank or no longer valid.");
+                }
+            } else {
+                _logger.error("WS Requested Security Token is blank or the signature is not valid.");
+            }
+		 }
+		
+		 return true;
+	 }
+
+	 public HttpWsFederationEntryPoint() {
+	        super();
+	 }
+
+    public HttpWsFederationEntryPoint (boolean enable) {
+        super();
+        this.enable = enable;
+    }
+
+    public HttpWsFederationEntryPoint(AbstractAuthenticationProvider authenticationProvider, WsFederationService wsFederationService,
+			ApplicationConfig applicationConfig, boolean enable) {
+		super();
+		this.authenticationProvider = authenticationProvider;
+		this.wsFederationService = wsFederationService;
+		this.applicationConfig = applicationConfig;
+		this.enable = enable;
+	}
+
+	public boolean isEnable() {
+        return enable;
+    }
+
+    public void setEnable(boolean enable) {
+        this.enable = enable;
+    }
+
+	public void setApplicationConfig(ApplicationConfig applicationConfig) {
+		this.applicationConfig = applicationConfig;
+	}
+
+	public void setAuthenticationProvider(AbstractAuthenticationProvider authenticationProvider) {
+		this.authenticationProvider = authenticationProvider;
+	}
+
+	public void setWsFederationService(WsFederationService wsFederationService) {
+		this.wsFederationService = wsFederationService;
+	}
+
+
+	
+}

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/wsfederation/WsFederationService.java

@@ -17,9 +17,7 @@
 
 package org.maxkey.authn.support.wsfederation;
 
-import javax.servlet.http.HttpServletRequest;
-
 public interface WsFederationService {
-	public boolean login(String wsFederationWA,String wsFederationWResult,HttpServletRequest request);
+	public WsFederationConfiguration getWsFederationConfiguration();
 	
 }

maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/support/wsfederation/WsFederationServiceImpl.java

@@ -17,72 +17,24 @@
 
 package org.maxkey.authn.support.wsfederation;
 
-import javax.servlet.http.HttpServletRequest;
-
-import org.maxkey.authn.AbstractAuthenticationProvider;
-import org.maxkey.constants.ConstantsLoginType;
-import org.maxkey.util.StringUtils;
-import org.opensaml.saml1.core.impl.AssertionImpl;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.beans.factory.annotation.Qualifier;
 
 
 public class WsFederationServiceImpl implements   WsFederationService{
 	final static Logger _logger = LoggerFactory.getLogger(WsFederationServiceImpl.class);
 	
 	private WsFederationConfiguration wsFederationConfiguration;
-	
-	@Autowired
-    @Qualifier("authenticationProvider")
-	AbstractAuthenticationProvider authenticationProvider ;
-	
-	public boolean login(String wsFederationWA,String wsFederationWResult,HttpServletRequest request){
-		// it's an authentication
-        if (StringUtils.isNotEmpty(wsFederationWA) && wsFederationWA.equalsIgnoreCase(WsFederationConstants.WSIGNIN)) {
-            _logger.debug("wresult : {}"+wsFederationWResult);
-
-            final String wctx = request.getParameter(WsFederationConstants.WCTX);
-            _logger.debug("wctx : {}"+ wctx);
-
-            // create credentials
-            final AssertionImpl assertion = WsFederationUtils.parseTokenFromString(wsFederationWResult);
-            //Validate the signature
-            if (assertion != null && WsFederationUtils.validateSignature(assertion, wsFederationConfiguration.getSigningCertificates())) {
-                final WsFederationCredential wsFederationCredential = WsFederationUtils.createCredentialFromToken(assertion);
-
-                if (wsFederationCredential != null && wsFederationCredential.isValid(wsFederationConfiguration.getRelyingParty(),
-                		wsFederationConfiguration.getIdentifier(),
-                		wsFederationConfiguration.getTolerance())) {
-
-                    //Give the library user a chance to change the attributes as necessary
-                    if (wsFederationConfiguration.getAttributeMutator() != null) {
-                    	wsFederationConfiguration.getAttributeMutator().modifyAttributes(
-                    			wsFederationCredential.getAttributes(),
-                    			wsFederationConfiguration.getUpnSuffix());
-                    }
-
-                    authenticationProvider.trustAuthentication(
-                    		wsFederationCredential.getAttributes().get("").toString(),
-                    		ConstantsLoginType.WSFEDERATION,
-                    		"","","success");
-                    return true;
-                } else {
-                    _logger.warn("SAML assertions are blank or no longer valid.");
-                    return false;
-                }
-            } else {
-                _logger.error("WS Requested Security Token is blank or the signature is not valid.");
-                return false;
-            }
-        }
-		return false;
-	}
 
 	public void setWsFederationConfiguration(
 			WsFederationConfiguration wsFederationConfiguration) {
 		this.wsFederationConfiguration = wsFederationConfiguration;
 	}
+
+	public WsFederationConfiguration getWsFederationConfiguration() {
+		return wsFederationConfiguration;
+	}
+	
+	
 	
 }

maxkey-web-manage/src/main/java/org/maxkey/web/endpoint/LoginEndpoint.java

@@ -17,9 +17,6 @@
 
 package org.maxkey.web.endpoint;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
 import org.maxkey.authn.AbstractAuthenticationProvider;
 import org.maxkey.authn.LoginCredential;
 import org.maxkey.configuration.ApplicationConfig;
@@ -56,26 +53,19 @@ public class LoginEndpoint {
 	 * @return
 	 */
  	@RequestMapping(value={"/login"})
-	public ModelAndView login(
-			HttpServletRequest request,
-			HttpServletResponse response) {
- 		
+	public ModelAndView login() {
 		_logger.debug("LoginController /login.");
-		ModelAndView modelAndView = new ModelAndView();
 		
 		boolean isAuthenticated= WebContext.isAuthenticated();
-		
 		//for normal login
-		if(!isAuthenticated){
-			modelAndView.addObject("isRemeberMe", applicationConfig.getLoginConfig().isRemeberMe());
-			
-			modelAndView.addObject("isCaptcha", applicationConfig.getLoginConfig().isCaptcha());
-			modelAndView.addObject("sessionid", WebContext.getSession().getId());
+		if(isAuthenticated){
+			return WebContext.redirect("/main");
 		}
 		
-		if(WebContext.isAuthenticated()){
- 			return WebContext.redirect("/main");
-		}
+		ModelAndView modelAndView = new ModelAndView();
+		modelAndView.addObject("isRemeberMe", applicationConfig.getLoginConfig().isRemeberMe());
+		modelAndView.addObject("isCaptcha", applicationConfig.getLoginConfig().isCaptcha());
+		modelAndView.addObject("sessionid", WebContext.getSession().getId());
 		modelAndView.setViewName("login");
 		return modelAndView;
 	}

maxkey-web-maxkey/src/main/java/org/maxkey/MaxKeyMvcConfig.java

@@ -20,6 +20,8 @@ package org.maxkey;
 import org.maxkey.authn.AbstractAuthenticationProvider;
 import org.maxkey.authn.support.basic.BasicEntryPoint;
 import org.maxkey.authn.support.httpheader.HttpHeaderEntryPoint;
+import org.maxkey.authn.support.kerberos.HttpKerberosEntryPoint;
+import org.maxkey.authn.support.kerberos.KerberosService;
 import org.maxkey.authn.support.rememberme.AbstractRemeberMeService;
 import org.maxkey.authn.support.rememberme.HttpRemeberMeEntryPoint;
 import org.maxkey.configuration.ApplicationConfig;
@@ -60,6 +62,10 @@ public class MaxKeyMvcConfig implements WebMvcConfigurer {
 	AbstractRemeberMeService remeberMeService;
     
     @Autowired
+	@Qualifier("kerberosService")
+    KerberosService kerberosService;
+    
+    @Autowired
     PermissionAdapter permissionAdapter;
     
     @Autowired
@@ -115,6 +121,12 @@ public class MaxKeyMvcConfig implements WebMvcConfigurer {
         			authenticationProvider,remeberMeService,applicationConfig,true))
         		.addPathPatterns("/login");
         
+        _logger.debug("add HttpKerberosEntryPoint");
+        registry.addInterceptor(new HttpKerberosEntryPoint(
+    			authenticationProvider,kerberosService,applicationConfig,true))
+    		.addPathPatterns("/login");
+        
+        
         if(httpHeaderEnable) {
             registry.addInterceptor(new HttpHeaderEntryPoint(httpHeaderName,httpHeaderEnable))
                     .addPathPatterns("/*");

maxkey-web-maxkey/src/main/java/org/maxkey/web/contorller/RegistrationController.java

@@ -17,8 +17,13 @@
 
 package org.maxkey.web.contorller;
 
+import java.io.IOException;
 import java.util.Date;
 
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.apache.commons.mail.DefaultAuthenticator;
 import org.apache.commons.mail.EmailException;
 import org.apache.commons.mail.HtmlEmail;
@@ -31,7 +36,10 @@ import org.maxkey.domain.UserInfo;
 import org.maxkey.persistence.service.RegistrationService;
 import org.maxkey.persistence.service.UserInfoService;
 import org.maxkey.util.DateUtils;
+import org.maxkey.util.StringUtils;
+import org.maxkey.web.WebConstants;
 import org.maxkey.web.WebContext;
+import org.maxkey.web.message.Message;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -42,6 +50,7 @@ import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.servlet.ModelAndView;
 
 
@@ -174,5 +183,51 @@ public class RegistrationController {
 		return  modelAndView;
 	}
 	
+	
+	/**
+	 * view register
+	 * @return
+	 */
+ 	@RequestMapping(value={"/register"})
+	public ModelAndView register(HttpServletRequest request,HttpServletResponse response) {
+		_logger.debug("/register.");
+		ModelAndView modelAndView = new ModelAndView("registration/register");
+		Object loginErrorMessage=WebContext.getAttribute(WebConstants.LOGIN_ERROR_SESSION_MESSAGE);
+        modelAndView.addObject("loginErrorMessage", loginErrorMessage==null?"":loginErrorMessage);
+        WebContext.removeAttribute(WebConstants.LOGIN_ERROR_SESSION_MESSAGE);
+		return modelAndView;
+	}
+ 	
+ 	@RequestMapping(value={"/registeron"})
+ 	@ResponseBody
+	public Message registeron(UserInfo userInfo,@RequestParam String emailMobile) throws ServletException, IOException {
+ 		if(StringUtils.isNullOrBlank(emailMobile)) {
+ 			return new Message(WebContext.getI18nValue("register.emailMobile.error"),"1");
+ 		}
+ 		if(StringUtils.isValidEmail(emailMobile)) {
+ 			userInfo.setEmail(emailMobile);
+ 		}
+ 		if(StringUtils.isValidMobileNo(emailMobile)) {
+ 			userInfo.setMobile(emailMobile);
+ 		}
+ 		if(!(StringUtils.isValidEmail(emailMobile)||StringUtils.isValidMobileNo(emailMobile))) {
+ 			return new Message(WebContext.getI18nValue("register.emailMobile.error"),"1");
+ 		}
+ 		UserInfo temp=userInfoService.queryUserInfoByEmailMobile(emailMobile);
+ 		if(temp!=null) {
+ 			return new Message(WebContext.getI18nValue("register.emailMobile.exist"),"1");
+ 		}
+ 		
+ 		temp=userInfoService.loadByUsername(userInfo.getUsername());
+ 		if(temp!=null) {
+ 			return new Message(WebContext.getI18nValue("register.user.error"),"1");
+ 		}
+ 		userInfo.setStatus(ConstantsStatus.ACTIVE);
+ 		if(userInfoService.insert(userInfo)) {
+ 			return new Message(WebContext.getI18nValue("login.text.register.success"),"0");
+ 		}
+ 		return new Message(WebContext.getI18nValue("login.text.register.error"),"1");
+ 		
+ 	}
 
 }

maxkey-web-maxkey/src/main/java/org/maxkey/web/endpoint/LoginEndpoint.java

@@ -19,25 +19,19 @@ package org.maxkey.web.endpoint;
 
 import java.io.IOException;
 import java.util.HashMap;
-
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
-
 import org.maxkey.authn.AbstractAuthenticationProvider;
 import org.maxkey.authn.LoginCredential;
 import org.maxkey.authn.support.kerberos.KerberosService;
 import org.maxkey.authn.support.socialsignon.service.SocialSignOnProviderService;
-import org.maxkey.authn.support.wsfederation.WsFederationConstants;
 import org.maxkey.configuration.ApplicationConfig;
-import org.maxkey.constants.ConstantsStatus;
 import org.maxkey.domain.UserInfo;
 import org.maxkey.password.onetimepwd.AbstractOtpAuthn;
 import org.maxkey.persistence.service.UserInfoService;
-import org.maxkey.util.StringUtils;
 import org.maxkey.web.WebConstants;
 import org.maxkey.web.WebContext;
-import org.maxkey.web.message.Message;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
@@ -46,11 +40,9 @@ import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.ModelAttribute;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
-import org.springframework.web.bind.annotation.RequestParam;
 import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.servlet.ModelAndView;
 
-
 /**
  * @author Crystal.Sea
  *
@@ -64,6 +56,10 @@ public class LoginEndpoint {
   	ApplicationConfig applicationConfig;
  	
 	@Autowired
+	@Qualifier("authenticationProvider")
+	AbstractAuthenticationProvider authenticationProvider ;
+	
+	@Autowired
 	@Qualifier("socialSignOnProviderService")
 	SocialSignOnProviderService socialSignOnProviderService;
 	
@@ -75,14 +71,6 @@ public class LoginEndpoint {
 	@Qualifier("userInfoService")
 	UserInfoService userInfoService;
 	
-	/*@Autowired
-	@Qualifier("wsFederationService")
-	WsFederationService wsFederationService;*/
-	
-	@Autowired
-	@Qualifier("authenticationProvider")
-	AbstractAuthenticationProvider authenticationProvider ;
-	
 	@Autowired
     @Qualifier("tfaOtpAuthn")
     protected AbstractOtpAuthn tfaOtpAuthn;
@@ -92,65 +80,34 @@ public class LoginEndpoint {
 	 * @return
 	 */
  	@RequestMapping(value={"/login"})
-	public ModelAndView login(
-			HttpServletRequest request,
-			HttpServletResponse response,
-			@RequestParam(value=WebConstants.CAS_SERVICE_PARAMETER,required=false) String casService,
-			@RequestParam(value=WebConstants.KERBEROS_TOKEN_PARAMETER,required=false) String kerberosToken,
-			@RequestParam(value=WebConstants.KERBEROS_USERDOMAIN_PARAMETER,required=false) String kerberosUserDomain,
-			@RequestParam(value=WsFederationConstants.WA,required=false) String wsFederationWA,
-			@RequestParam(value=WsFederationConstants.WRESULT,required=false) String wsFederationWResult) {
- 		
+	public ModelAndView login() {
 		_logger.debug("LoginController /login.");
-		ModelAndView modelAndView = new ModelAndView("login");
-		
 		boolean isAuthenticated= WebContext.isAuthenticated();
-		//for Kerberos login
-		if(!isAuthenticated){
-			if(applicationConfig.getLoginConfig().isKerberos()&&
-					kerberosUserDomain!=null&&!kerberosUserDomain.equals("")&&
-					kerberosToken!=null && !kerberosToken.equals("")){
-				_logger.debug("Try Kerberos login ");
-				isAuthenticated=kerberosService.login(kerberosToken,kerberosUserDomain);
-			}
-		}
-		//for WsFederation login
-		if(!isAuthenticated){
-			if(applicationConfig.getLoginConfig().isWsFederation()&&
-					StringUtils.isNotEmpty(wsFederationWA) && 
-					wsFederationWA.equalsIgnoreCase(WsFederationConstants.WSIGNIN)){
-				_logger.debug("Try WsFederation login ");
-				//isAuthenticated=wsFederationService.login(wsFederationWA,wsFederationWResult,request);
-			}
+		
+		if(isAuthenticated){
+			return  WebContext.redirect("/forwardindex");
 		}
 				
 		//for normal login
-		if(!isAuthenticated){
-			modelAndView.addObject("isRemeberMe", applicationConfig.getLoginConfig().isRemeberMe());
-			modelAndView.addObject("isKerberos", applicationConfig.getLoginConfig().isKerberos());
-			modelAndView.addObject("isMfa", applicationConfig.getLoginConfig().isMfa());
-			if(applicationConfig.getLoginConfig().isMfa()) {
-			    modelAndView.addObject("otpType", tfaOtpAuthn.getOtpType());
-			    modelAndView.addObject("otpInterval", tfaOtpAuthn.getInterval());
-			}
-			
-			if( applicationConfig.getLoginConfig().isKerberos()){
-				modelAndView.addObject("userDomainUrlJson", kerberosService.buildKerberosProxys());
-				
-			}
-			modelAndView.addObject("isCaptcha", applicationConfig.getLoginConfig().isCaptcha());
-			modelAndView.addObject("sessionid", WebContext.getSession().getId());
-			//modelAndView.addObject("jwtToken",jwtLoginService.buildLoginJwt());
-			//load Social Sign On Providers
-			if(applicationConfig.getLoginConfig().isSocialSignOn()){
-				_logger.debug("Load Social Sign On Providers ");
-				modelAndView.addObject("ssopList", socialSignOnProviderService.getSocialSignOnProviders());
-			}
+		ModelAndView modelAndView = new ModelAndView("login");
+		modelAndView.addObject("isRemeberMe", applicationConfig.getLoginConfig().isRemeberMe());
+		modelAndView.addObject("isKerberos", applicationConfig.getLoginConfig().isKerberos());
+		modelAndView.addObject("isMfa", applicationConfig.getLoginConfig().isMfa());
+		if(applicationConfig.getLoginConfig().isMfa()) {
+		    modelAndView.addObject("otpType", tfaOtpAuthn.getOtpType());
+		    modelAndView.addObject("otpInterval", tfaOtpAuthn.getInterval());
 		}
 		
-		
-		if(isAuthenticated){
-			return  WebContext.redirect("/forwardindex");
+		if( applicationConfig.getLoginConfig().isKerberos()){
+			modelAndView.addObject("userDomainUrlJson", kerberosService.buildKerberosProxys());
+		}
+		modelAndView.addObject("isCaptcha", applicationConfig.getLoginConfig().isCaptcha());
+		modelAndView.addObject("sessionid", WebContext.getSession().getId());
+		//modelAndView.addObject("jwtToken",jwtLoginService.buildLoginJwt());
+		//load Social Sign On Providers
+		if(applicationConfig.getLoginConfig().isSocialSignOn()){
+			_logger.debug("Load Social Sign On Providers ");
+			modelAndView.addObject("ssopList", socialSignOnProviderService.getSocialSignOnProviders());
 		}
 		
 		Object loginErrorMessage=WebContext.getAttribute(WebConstants.LOGIN_ERROR_SESSION_MESSAGE);
@@ -203,51 +160,5 @@ public class LoginEndpoint {
         
         return "fail";
     }
- 	
- 	/**
-	 * view register
-	 * @return
-	 */
- 	@RequestMapping(value={"/register"})
-	public ModelAndView register(HttpServletRequest request,HttpServletResponse response) {
- 		
-		_logger.debug("LoginController /register.");
-		ModelAndView modelAndView = new ModelAndView("registration/register");
-		Object loginErrorMessage=WebContext.getAttribute(WebConstants.LOGIN_ERROR_SESSION_MESSAGE);
-        modelAndView.addObject("loginErrorMessage", loginErrorMessage==null?"":loginErrorMessage);
-        WebContext.removeAttribute(WebConstants.LOGIN_ERROR_SESSION_MESSAGE);
-		return modelAndView;
-	}
- 	
- 	@RequestMapping(value={"/registeron"})
- 	@ResponseBody
-	public Message registeron(UserInfo userInfo,@RequestParam String emailMobile) throws ServletException, IOException {
- 		if(StringUtils.isNullOrBlank(emailMobile)) {
- 			return new Message(WebContext.getI18nValue("register.emailMobile.error"),"1");
- 		}
- 		if(StringUtils.isValidEmail(emailMobile)) {
- 			userInfo.setEmail(emailMobile);
- 		}
- 		if(StringUtils.isValidMobileNo(emailMobile)) {
- 			userInfo.setMobile(emailMobile);
- 		}
- 		if(!(StringUtils.isValidEmail(emailMobile)||StringUtils.isValidMobileNo(emailMobile))) {
- 			return new Message(WebContext.getI18nValue("register.emailMobile.error"),"1");
- 		}
- 		UserInfo temp=userInfoService.queryUserInfoByEmailMobile(emailMobile);
- 		if(temp!=null) {
- 			return new Message(WebContext.getI18nValue("register.emailMobile.exist"),"1");
- 		}
- 		
- 		temp=userInfoService.loadByUsername(userInfo.getUsername());
- 		if(temp!=null) {
- 			return new Message(WebContext.getI18nValue("register.user.error"),"1");
- 		}
- 		userInfo.setStatus(ConstantsStatus.ACTIVE);
- 		if(userInfoService.insert(userInfo)) {
- 			return new Message(WebContext.getI18nValue("login.text.register.success"),"0");
- 		}
- 		return new Message(WebContext.getI18nValue("login.text.register.error"),"1");
- 		
- 	}
+
 }