/* * Copyright [2020] [MaxKey of copyright http://www.maxkey.top] * * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ package org.maxkey; import java.util.ArrayList; import java.util.List; import org.maxkey.authn.realm.jdbc.JdbcAuthenticationRealm; import org.maxkey.authn.realm.ldap.LdapAuthenticationRealm; import org.maxkey.authn.realm.ldap.LdapServer; import org.maxkey.authn.realm.IAuthenticationServer; import org.maxkey.authn.realm.activedirectory.ActiveDirectoryAuthenticationRealm; import org.maxkey.authn.realm.activedirectory.ActiveDirectoryServer; import org.maxkey.authn.support.kerberos.KerberosProxy; import org.maxkey.authn.support.kerberos.RemoteKerberosService; import org.maxkey.authn.support.rememberme.AbstractRemeberMeService; import org.maxkey.constants.ConstantsPersistence; import org.maxkey.constants.ConstantsProperties; import org.maxkey.password.onetimepwd.AbstractOtpAuthn; import org.maxkey.password.onetimepwd.algorithm.KeyUriFormat; import org.maxkey.password.onetimepwd.impl.MailOtpAuthn; import org.maxkey.password.onetimepwd.impl.SmsOtpAuthn; import org.maxkey.password.onetimepwd.impl.TimeBasedOtpAuthn; import org.maxkey.password.onetimepwd.impl.sms.SmsOtpAuthnAliyun; import org.maxkey.password.onetimepwd.impl.sms.SmsOtpAuthnTencentCloud; import org.maxkey.password.onetimepwd.impl.sms.SmsOtpAuthnYunxin; import org.maxkey.password.onetimepwd.token.RedisOtpTokenStore; import org.maxkey.persistence.db.LoginHistoryService; import org.maxkey.persistence.db.LoginService; import org.maxkey.persistence.db.PasswordPolicyValidator; import org.maxkey.persistence.ldap.ActiveDirectoryUtils; import org.maxkey.persistence.ldap.LdapUtils; import org.maxkey.persistence.redis.RedisConnectionFactory; import org.mybatis.spring.annotation.MapperScan; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.beans.factory.InitializingBean; import org.springframework.beans.factory.annotation.Value; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.PropertySource; import org.springframework.jdbc.core.JdbcTemplate; import org.springframework.security.crypto.password.PasswordEncoder; @Configuration //@ImportResource(locations = { "classpath:spring/maxkey.xml" }) @PropertySource(ConstantsProperties.applicationPropertySource) @PropertySource(ConstantsProperties.maxKeyPropertySource) @ComponentScan(basePackages = { "org.maxkey.configuration", "org.maxkey.domain", "org.maxkey.domain.apps", "org.maxkey.domain.userinfo", "org.maxkey.api.v1.contorller", "org.maxkey.web.endpoint", "org.maxkey.web.contorller", "org.maxkey.web.interceptor", //single sign on protocol "org.maxkey.authz.endpoint", "org.maxkey.authz.desktop.endpoint", "org.maxkey.authz.exapi.endpoint", "org.maxkey.authz.formbased.endpoint", "org.maxkey.authz.ltpa.endpoint", "org.maxkey.authz.token.endpoint" }) public class MaxKeyConfig implements InitializingBean { private static final Logger _logger = LoggerFactory.getLogger(MaxKeyConfig.class); @Bean(name = "keyUriFormat") public KeyUriFormat keyUriFormat( @Value("${config.otp.keyuri.format.type:totp}") String keyuriFormatType, @Value("${config.otp.keyuri.format.domain:MaxKey.top}") String keyuriFormatDomain, @Value("${config.otp.keyuri.format.issuer:MaxKey}") String keyuriFormatIssuer, @Value("${config.otp.keyuri.format.digits:6}") int keyuriFormatDigits, @Value("${config.otp.keyuri.format.period:30}") int keyuriFormatPeriod) { KeyUriFormat keyUriFormat=new KeyUriFormat(); keyUriFormat.setType(keyuriFormatType); keyUriFormat.setDomain(keyuriFormatDomain); keyUriFormat.setIssuer(keyuriFormatIssuer); keyUriFormat.setDigits(keyuriFormatDigits); keyUriFormat.setPeriod(keyuriFormatPeriod); _logger.debug("KeyUri Format " + keyUriFormat); return keyUriFormat; } //可以在此实现其他的登陆认证方式,请实现AbstractAuthenticationRealm @Bean(name = "authenticationRealm") public JdbcAuthenticationRealm authenticationRealm( PasswordEncoder passwordEncoder, PasswordPolicyValidator passwordPolicyValidator, LoginService loginService, LoginHistoryService loginHistoryService, AbstractRemeberMeService remeberMeService, JdbcTemplate jdbcTemplate) { JdbcAuthenticationRealm authenticationRealm = new JdbcAuthenticationRealm( passwordEncoder, passwordPolicyValidator, loginService, loginHistoryService, remeberMeService, jdbcTemplate); return authenticationRealm; } //LdapAuthenticationRealm public LdapAuthenticationRealm ldapAuthenticationRealm( JdbcTemplate jdbcTemplate) { LdapAuthenticationRealm authenticationRealm = new LdapAuthenticationRealm(jdbcTemplate); LdapServer ldapServer=new LdapServer(); String providerUrl = "ldap://localhost:389"; String principal = "cn=root"; String credentials = "maxkey"; String baseDN = "dc=maxkey,dc=top"; LdapUtils ldapUtils = new LdapUtils(providerUrl,principal,credentials,baseDN); ldapServer.setLdapUtils(ldapUtils); ldapServer.setFilterAttribute("uid"); List ldapServers = new ArrayList(); ldapServers.add(ldapServer); authenticationRealm.setLdapServers(ldapServers); _logger.debug("LdapAuthenticationRealm inited."); return authenticationRealm; } //ActiveDirectoryAuthenticationRealm public ActiveDirectoryAuthenticationRealm activeDirectoryAuthenticationRealm( JdbcTemplate jdbcTemplate) { ActiveDirectoryAuthenticationRealm authenticationRealm = new ActiveDirectoryAuthenticationRealm(jdbcTemplate); ActiveDirectoryServer ldapServer=new ActiveDirectoryServer(); String providerUrl = "ldap://localhost:389"; String principal = "cn=root"; String credentials = "maxkey"; String domain = "maxkey"; ActiveDirectoryUtils ldapUtils = new ActiveDirectoryUtils(providerUrl,principal,credentials,domain); ldapServer.setActiveDirectoryUtils(ldapUtils); List ldapServers = new ArrayList(); ldapServers.add(ldapServer); authenticationRealm.setActiveDirectoryServers(ldapServers); _logger.debug("LdapAuthenticationRealm inited."); return authenticationRealm; } @Bean(name = "timeBasedOtpAuthn") public TimeBasedOtpAuthn timeBasedOtpAuthn() { TimeBasedOtpAuthn tfaOtpAuthn = new TimeBasedOtpAuthn(); _logger.debug("TimeBasedOtpAuthn inited."); return tfaOtpAuthn; } //default tfaOtpAuthn @Bean(name = "tfaOtpAuthn") public AbstractOtpAuthn tfaOptAuthn( @Value("${config.login.mfa.type}")String mfaType, @Value("${config.server.persistence}") int persistence, MailOtpAuthn tfaMailOtpAuthn, RedisConnectionFactory redisConnFactory) { AbstractOtpAuthn tfaOtpAuthn = null; if(mfaType.equalsIgnoreCase("SmsOtpAuthnAliyun")) { tfaOtpAuthn = new SmsOtpAuthnAliyun(); _logger.debug("SmsOtpAuthnAliyun inited."); }else if(mfaType.equalsIgnoreCase("SmsOtpAuthnTencentCloud")) { tfaOtpAuthn = new SmsOtpAuthnTencentCloud(); _logger.debug("SmsOtpAuthnTencentCloud inited."); }else if(mfaType.equalsIgnoreCase("SmsOtpAuthnYunxin")) { tfaOtpAuthn = new SmsOtpAuthnYunxin(); _logger.debug("SmsOtpAuthnYunxin inited."); }else if(mfaType.equalsIgnoreCase("MailOtpAuthn")) { tfaOtpAuthn = tfaMailOtpAuthn; _logger.debug("MailOtpAuthn inited."); }else { tfaOtpAuthn = new TimeBasedOtpAuthn(); _logger.debug("TimeBasedOtpAuthn inited."); } if (persistence == ConstantsPersistence.REDIS) { RedisOtpTokenStore redisOptTokenStore = new RedisOtpTokenStore(redisConnFactory); tfaOtpAuthn.setOptTokenStore(redisOptTokenStore); } tfaOtpAuthn.initPropertys(); return tfaOtpAuthn; } @Bean(name = "tfaMailOtpAuthn") public MailOtpAuthn mailOtpAuthn( @Value("${spring.mail.properties.mailotp.message.subject}") String messageSubject, @Value("${spring.mail.properties.mailotp.message.template}") String messageTemplate ) { MailOtpAuthn mailOtpAuthn = new MailOtpAuthn(); mailOtpAuthn.setSubject(messageSubject); mailOtpAuthn.setMessageTemplate(messageTemplate); _logger.debug("tfaMailOtpAuthn inited."); return mailOtpAuthn; } @Bean(name = "tfaMobileOtpAuthn") public SmsOtpAuthn smsOtpAuthn( @Value("${config.otp.sms}")String optSmsProvider, @Value("${config.server.persistence}") int persistence, RedisConnectionFactory redisConnFactory) { SmsOtpAuthn smsOtpAuthn = null; if(optSmsProvider.equalsIgnoreCase("SmsOtpAuthnAliyun")) { smsOtpAuthn = new SmsOtpAuthnAliyun(); }else if(optSmsProvider.equalsIgnoreCase("SmsOtpAuthnTencentCloud")) { smsOtpAuthn = new SmsOtpAuthnTencentCloud(); }else { smsOtpAuthn = new SmsOtpAuthnYunxin(); } if (persistence == ConstantsPersistence.REDIS) { RedisOtpTokenStore redisOptTokenStore = new RedisOtpTokenStore(redisConnFactory); smsOtpAuthn.setOptTokenStore(redisOptTokenStore); } smsOtpAuthn.initPropertys(); _logger.debug("SmsOtpAuthn inited."); return smsOtpAuthn; } @Bean(name = "kerberosService") public RemoteKerberosService kerberosService( @Value("${config.support.kerberos.default.userdomain}") String userDomain, @Value("${config.support.kerberos.default.fulluserdomain}") String fullUserDomain, @Value("${config.support.kerberos.default.crypto}") String crypto, @Value("${config.support.kerberos.default.redirecturi}") String redirectUri ) { RemoteKerberosService kerberosService = new RemoteKerberosService(); KerberosProxy kerberosProxy = new KerberosProxy(); kerberosProxy.setCrypto(crypto); kerberosProxy.setFullUserdomain(fullUserDomain); kerberosProxy.setUserdomain(userDomain); kerberosProxy.setRedirectUri(redirectUri); List kerberosProxysList = new ArrayList(); kerberosProxysList.add(kerberosProxy); kerberosService.setKerberosProxys(kerberosProxysList); _logger.debug("RemoteKerberosService inited."); return kerberosService; } @Override public void afterPropertiesSet() throws Exception { // TODO Auto-generated method stub } }