commit 4a2cc019939a8ac57e80222e8656d6ec8a057320 Author: wangyu <727842003@qq.com> Date: Fri Oct 11 18:04:09 2024 +0800 feat: 初始化仓库 diff --git a/.gitignore b/.gitignore new file mode 100644 index 0000000..549e00a --- /dev/null +++ b/.gitignore @@ -0,0 +1,33 @@ +HELP.md +target/ +!.mvn/wrapper/maven-wrapper.jar +!**/src/main/**/target/ +!**/src/test/**/target/ + +### STS ### +.apt_generated +.classpath +.factorypath +.project +.settings +.springBeans +.sts4-cache + +### IntelliJ IDEA ### +.idea +*.iws +*.iml +*.ipr + +### NetBeans ### +/nbproject/private/ +/nbbuild/ +/dist/ +/nbdist/ +/.nb-gradle/ +build/ +!**/src/main/**/build/ +!**/src/test/**/build/ + +### VS Code ### +.vscode/ diff --git a/.mvn/wrapper/maven-wrapper.properties b/.mvn/wrapper/maven-wrapper.properties new file mode 100644 index 0000000..d58dfb7 --- /dev/null +++ b/.mvn/wrapper/maven-wrapper.properties @@ -0,0 +1,19 @@ +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +wrapperVersion=3.3.2 +distributionType=only-script +distributionUrl=https://repo.maven.apache.org/maven2/org/apache/maven/apache-maven/3.9.9/apache-maven-3.9.9-bin.zip diff --git a/lib/cas-client-core-3.1.12.jar b/lib/cas-client-core-3.1.12.jar new file mode 100644 index 0000000..ab0d4ed Binary files /dev/null and b/lib/cas-client-core-3.1.12.jar differ diff --git a/lib/sso-client-java-7.0.8.jar b/lib/sso-client-java-7.0.8.jar new file mode 100644 index 0000000..75a8746 Binary files /dev/null and b/lib/sso-client-java-7.0.8.jar differ diff --git a/mvnw b/mvnw new file mode 100755 index 0000000..19529dd --- /dev/null +++ b/mvnw @@ -0,0 +1,259 @@ +#!/bin/sh +# ---------------------------------------------------------------------------- +# Licensed to the Apache Software Foundation (ASF) under one +# or more contributor license agreements. See the NOTICE file +# distributed with this work for additional information +# regarding copyright ownership. The ASF licenses this file +# to you under the Apache License, Version 2.0 (the +# "License"); you may not use this file except in compliance +# with the License. You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, +# software distributed under the License is distributed on an +# "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +# KIND, either express or implied. See the License for the +# specific language governing permissions and limitations +# under the License. +# ---------------------------------------------------------------------------- + +# ---------------------------------------------------------------------------- +# Apache Maven Wrapper startup batch script, version 3.3.2 +# +# Optional ENV vars +# ----------------- +# JAVA_HOME - location of a JDK home dir, required when download maven via java source +# MVNW_REPOURL - repo url base for downloading maven distribution +# MVNW_USERNAME/MVNW_PASSWORD - user and password for downloading maven +# MVNW_VERBOSE - true: enable verbose log; debug: trace the mvnw script; others: silence the output +# ---------------------------------------------------------------------------- + +set -euf +[ "${MVNW_VERBOSE-}" != debug ] || set -x + +# OS specific support. +native_path() { printf %s\\n "$1"; } +case "$(uname)" in +CYGWIN* | MINGW*) + [ -z "${JAVA_HOME-}" ] || JAVA_HOME="$(cygpath --unix "$JAVA_HOME")" + native_path() { cygpath --path --windows "$1"; } + ;; +esac + +# set JAVACMD and JAVACCMD +set_java_home() { + # For Cygwin and MinGW, ensure paths are in Unix format before anything is touched + if [ -n "${JAVA_HOME-}" ]; then + if [ -x "$JAVA_HOME/jre/sh/java" ]; then + # IBM's JDK on AIX uses strange locations for the executables + JAVACMD="$JAVA_HOME/jre/sh/java" + JAVACCMD="$JAVA_HOME/jre/sh/javac" + else + JAVACMD="$JAVA_HOME/bin/java" + JAVACCMD="$JAVA_HOME/bin/javac" + + if [ ! -x "$JAVACMD" ] || [ ! -x "$JAVACCMD" ]; then + echo "The JAVA_HOME environment variable is not defined correctly, so mvnw cannot run." >&2 + echo "JAVA_HOME is set to \"$JAVA_HOME\", but \"\$JAVA_HOME/bin/java\" or \"\$JAVA_HOME/bin/javac\" does not exist." >&2 + return 1 + fi + fi + else + JAVACMD="$( + 'set' +e + 'unset' -f command 2>/dev/null + 'command' -v java + )" || : + JAVACCMD="$( + 'set' +e + 'unset' -f command 2>/dev/null + 'command' -v javac + )" || : + + if [ ! -x "${JAVACMD-}" ] || [ ! -x "${JAVACCMD-}" ]; then + echo "The java/javac command does not exist in PATH nor is JAVA_HOME set, so mvnw cannot run." >&2 + return 1 + fi + fi +} + +# hash string like Java String::hashCode +hash_string() { + str="${1:-}" h=0 + while [ -n "$str" ]; do + char="${str%"${str#?}"}" + h=$(((h * 31 + $(LC_CTYPE=C printf %d "'$char")) % 4294967296)) + str="${str#?}" + done + printf %x\\n $h +} + +verbose() { :; } +[ "${MVNW_VERBOSE-}" != true ] || verbose() { printf %s\\n "${1-}"; } + +die() { + printf %s\\n "$1" >&2 + exit 1 +} + +trim() { + # MWRAPPER-139: + # Trims trailing and leading whitespace, carriage returns, tabs, and linefeeds. + # Needed for removing poorly interpreted newline sequences when running in more + # exotic environments such as mingw bash on Windows. + printf "%s" "${1}" | tr -d '[:space:]' +} + +# parse distributionUrl and optional distributionSha256Sum, requires .mvn/wrapper/maven-wrapper.properties +while IFS="=" read -r key value; do + case "${key-}" in + distributionUrl) distributionUrl=$(trim "${value-}") ;; + distributionSha256Sum) distributionSha256Sum=$(trim "${value-}") ;; + esac +done <"${0%/*}/.mvn/wrapper/maven-wrapper.properties" +[ -n "${distributionUrl-}" ] || die "cannot read distributionUrl property in ${0%/*}/.mvn/wrapper/maven-wrapper.properties" + +case "${distributionUrl##*/}" in +maven-mvnd-*bin.*) + MVN_CMD=mvnd.sh _MVNW_REPO_PATTERN=/maven/mvnd/ + case "${PROCESSOR_ARCHITECTURE-}${PROCESSOR_ARCHITEW6432-}:$(uname -a)" in + *AMD64:CYGWIN* | *AMD64:MINGW*) distributionPlatform=windows-amd64 ;; + :Darwin*x86_64) distributionPlatform=darwin-amd64 ;; + :Darwin*arm64) distributionPlatform=darwin-aarch64 ;; + :Linux*x86_64*) distributionPlatform=linux-amd64 ;; + *) + echo "Cannot detect native platform for mvnd on $(uname)-$(uname -m), use pure java version" >&2 + distributionPlatform=linux-amd64 + ;; + esac + distributionUrl="${distributionUrl%-bin.*}-$distributionPlatform.zip" + ;; +maven-mvnd-*) MVN_CMD=mvnd.sh _MVNW_REPO_PATTERN=/maven/mvnd/ ;; +*) MVN_CMD="mvn${0##*/mvnw}" _MVNW_REPO_PATTERN=/org/apache/maven/ ;; +esac + +# apply MVNW_REPOURL and calculate MAVEN_HOME +# maven home pattern: ~/.m2/wrapper/dists/{apache-maven-,maven-mvnd--}/ +[ -z "${MVNW_REPOURL-}" ] || distributionUrl="$MVNW_REPOURL$_MVNW_REPO_PATTERN${distributionUrl#*"$_MVNW_REPO_PATTERN"}" +distributionUrlName="${distributionUrl##*/}" +distributionUrlNameMain="${distributionUrlName%.*}" +distributionUrlNameMain="${distributionUrlNameMain%-bin}" +MAVEN_USER_HOME="${MAVEN_USER_HOME:-${HOME}/.m2}" +MAVEN_HOME="${MAVEN_USER_HOME}/wrapper/dists/${distributionUrlNameMain-}/$(hash_string "$distributionUrl")" + +exec_maven() { + unset MVNW_VERBOSE MVNW_USERNAME MVNW_PASSWORD MVNW_REPOURL || : + exec "$MAVEN_HOME/bin/$MVN_CMD" "$@" || die "cannot exec $MAVEN_HOME/bin/$MVN_CMD" +} + +if [ -d "$MAVEN_HOME" ]; then + verbose "found existing MAVEN_HOME at $MAVEN_HOME" + exec_maven "$@" +fi + +case "${distributionUrl-}" in +*?-bin.zip | *?maven-mvnd-?*-?*.zip) ;; +*) die "distributionUrl is not valid, must match *-bin.zip or maven-mvnd-*.zip, but found '${distributionUrl-}'" ;; +esac + +# prepare tmp dir +if TMP_DOWNLOAD_DIR="$(mktemp -d)" && [ -d "$TMP_DOWNLOAD_DIR" ]; then + clean() { rm -rf -- "$TMP_DOWNLOAD_DIR"; } + trap clean HUP INT TERM EXIT +else + die "cannot create temp dir" +fi + +mkdir -p -- "${MAVEN_HOME%/*}" + +# Download and Install Apache Maven +verbose "Couldn't find MAVEN_HOME, downloading and installing it ..." +verbose "Downloading from: $distributionUrl" +verbose "Downloading to: $TMP_DOWNLOAD_DIR/$distributionUrlName" + +# select .zip or .tar.gz +if ! command -v unzip >/dev/null; then + distributionUrl="${distributionUrl%.zip}.tar.gz" + distributionUrlName="${distributionUrl##*/}" +fi + +# verbose opt +__MVNW_QUIET_WGET=--quiet __MVNW_QUIET_CURL=--silent __MVNW_QUIET_UNZIP=-q __MVNW_QUIET_TAR='' +[ "${MVNW_VERBOSE-}" != true ] || __MVNW_QUIET_WGET='' __MVNW_QUIET_CURL='' __MVNW_QUIET_UNZIP='' __MVNW_QUIET_TAR=v + +# normalize http auth +case "${MVNW_PASSWORD:+has-password}" in +'') MVNW_USERNAME='' MVNW_PASSWORD='' ;; +has-password) [ -n "${MVNW_USERNAME-}" ] || MVNW_USERNAME='' MVNW_PASSWORD='' ;; +esac + +if [ -z "${MVNW_USERNAME-}" ] && command -v wget >/dev/null; then + verbose "Found wget ... using wget" + wget ${__MVNW_QUIET_WGET:+"$__MVNW_QUIET_WGET"} "$distributionUrl" -O "$TMP_DOWNLOAD_DIR/$distributionUrlName" || die "wget: Failed to fetch $distributionUrl" +elif [ -z "${MVNW_USERNAME-}" ] && command -v curl >/dev/null; then + verbose "Found curl ... using curl" + curl ${__MVNW_QUIET_CURL:+"$__MVNW_QUIET_CURL"} -f -L -o "$TMP_DOWNLOAD_DIR/$distributionUrlName" "$distributionUrl" || die "curl: Failed to fetch $distributionUrl" +elif set_java_home; then + verbose "Falling back to use Java to download" + javaSource="$TMP_DOWNLOAD_DIR/Downloader.java" + targetZip="$TMP_DOWNLOAD_DIR/$distributionUrlName" + cat >"$javaSource" <<-END + public class Downloader extends java.net.Authenticator + { + protected java.net.PasswordAuthentication getPasswordAuthentication() + { + return new java.net.PasswordAuthentication( System.getenv( "MVNW_USERNAME" ), System.getenv( "MVNW_PASSWORD" ).toCharArray() ); + } + public static void main( String[] args ) throws Exception + { + setDefault( new Downloader() ); + java.nio.file.Files.copy( java.net.URI.create( args[0] ).toURL().openStream(), java.nio.file.Paths.get( args[1] ).toAbsolutePath().normalize() ); + } + } + END + # For Cygwin/MinGW, switch paths to Windows format before running javac and java + verbose " - Compiling Downloader.java ..." + "$(native_path "$JAVACCMD")" "$(native_path "$javaSource")" || die "Failed to compile Downloader.java" + verbose " - Running Downloader.java ..." + "$(native_path "$JAVACMD")" -cp "$(native_path "$TMP_DOWNLOAD_DIR")" Downloader "$distributionUrl" "$(native_path "$targetZip")" +fi + +# If specified, validate the SHA-256 sum of the Maven distribution zip file +if [ -n "${distributionSha256Sum-}" ]; then + distributionSha256Result=false + if [ "$MVN_CMD" = mvnd.sh ]; then + echo "Checksum validation is not supported for maven-mvnd." >&2 + echo "Please disable validation by removing 'distributionSha256Sum' from your maven-wrapper.properties." >&2 + exit 1 + elif command -v sha256sum >/dev/null; then + if echo "$distributionSha256Sum $TMP_DOWNLOAD_DIR/$distributionUrlName" | sha256sum -c >/dev/null 2>&1; then + distributionSha256Result=true + fi + elif command -v shasum >/dev/null; then + if echo "$distributionSha256Sum $TMP_DOWNLOAD_DIR/$distributionUrlName" | shasum -a 256 -c >/dev/null 2>&1; then + distributionSha256Result=true + fi + else + echo "Checksum validation was requested but neither 'sha256sum' or 'shasum' are available." >&2 + echo "Please install either command, or disable validation by removing 'distributionSha256Sum' from your maven-wrapper.properties." >&2 + exit 1 + fi + if [ $distributionSha256Result = false ]; then + echo "Error: Failed to validate Maven distribution SHA-256, your Maven distribution might be compromised." >&2 + echo "If you updated your Maven version, you need to update the specified distributionSha256Sum property." >&2 + exit 1 + fi +fi + +# unzip and move +if command -v unzip >/dev/null; then + unzip ${__MVNW_QUIET_UNZIP:+"$__MVNW_QUIET_UNZIP"} "$TMP_DOWNLOAD_DIR/$distributionUrlName" -d "$TMP_DOWNLOAD_DIR" || die "failed to unzip" +else + tar xzf${__MVNW_QUIET_TAR:+"$__MVNW_QUIET_TAR"} "$TMP_DOWNLOAD_DIR/$distributionUrlName" -C "$TMP_DOWNLOAD_DIR" || die "failed to untar" +fi +printf %s\\n "$distributionUrl" >"$TMP_DOWNLOAD_DIR/$distributionUrlNameMain/mvnw.url" +mv -- "$TMP_DOWNLOAD_DIR/$distributionUrlNameMain" "$MAVEN_HOME" || [ -d "$MAVEN_HOME" ] || die "fail to move MAVEN_HOME" + +clean || : +exec_maven "$@" diff --git a/mvnw.cmd b/mvnw.cmd new file mode 100644 index 0000000..249bdf3 --- /dev/null +++ b/mvnw.cmd @@ -0,0 +1,149 @@ +<# : batch portion +@REM ---------------------------------------------------------------------------- +@REM Licensed to the Apache Software Foundation (ASF) under one +@REM or more contributor license agreements. See the NOTICE file +@REM distributed with this work for additional information +@REM regarding copyright ownership. The ASF licenses this file +@REM to you under the Apache License, Version 2.0 (the +@REM "License"); you may not use this file except in compliance +@REM with the License. You may obtain a copy of the License at +@REM +@REM http://www.apache.org/licenses/LICENSE-2.0 +@REM +@REM Unless required by applicable law or agreed to in writing, +@REM software distributed under the License is distributed on an +@REM "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY +@REM KIND, either express or implied. See the License for the +@REM specific language governing permissions and limitations +@REM under the License. +@REM ---------------------------------------------------------------------------- + +@REM ---------------------------------------------------------------------------- +@REM Apache Maven Wrapper startup batch script, version 3.3.2 +@REM +@REM Optional ENV vars +@REM MVNW_REPOURL - repo url base for downloading maven distribution +@REM MVNW_USERNAME/MVNW_PASSWORD - user and password for downloading maven +@REM MVNW_VERBOSE - true: enable verbose log; others: silence the output +@REM ---------------------------------------------------------------------------- + +@IF "%__MVNW_ARG0_NAME__%"=="" (SET __MVNW_ARG0_NAME__=%~nx0) +@SET __MVNW_CMD__= +@SET __MVNW_ERROR__= +@SET __MVNW_PSMODULEP_SAVE=%PSModulePath% +@SET PSModulePath= +@FOR /F "usebackq tokens=1* delims==" %%A IN (`powershell -noprofile "& {$scriptDir='%~dp0'; $script='%__MVNW_ARG0_NAME__%'; icm -ScriptBlock ([Scriptblock]::Create((Get-Content -Raw '%~f0'))) -NoNewScope}"`) DO @( + IF "%%A"=="MVN_CMD" (set __MVNW_CMD__=%%B) ELSE IF "%%B"=="" (echo %%A) ELSE (echo %%A=%%B) +) +@SET PSModulePath=%__MVNW_PSMODULEP_SAVE% +@SET __MVNW_PSMODULEP_SAVE= +@SET __MVNW_ARG0_NAME__= +@SET MVNW_USERNAME= +@SET MVNW_PASSWORD= +@IF NOT "%__MVNW_CMD__%"=="" (%__MVNW_CMD__% %*) +@echo Cannot start maven from wrapper >&2 && exit /b 1 +@GOTO :EOF +: end batch / begin powershell #> + +$ErrorActionPreference = "Stop" +if ($env:MVNW_VERBOSE -eq "true") { + $VerbosePreference = "Continue" +} + +# calculate distributionUrl, requires .mvn/wrapper/maven-wrapper.properties +$distributionUrl = (Get-Content -Raw "$scriptDir/.mvn/wrapper/maven-wrapper.properties" | ConvertFrom-StringData).distributionUrl +if (!$distributionUrl) { + Write-Error "cannot read distributionUrl property in $scriptDir/.mvn/wrapper/maven-wrapper.properties" +} + +switch -wildcard -casesensitive ( $($distributionUrl -replace '^.*/','') ) { + "maven-mvnd-*" { + $USE_MVND = $true + $distributionUrl = $distributionUrl -replace '-bin\.[^.]*$',"-windows-amd64.zip" + $MVN_CMD = "mvnd.cmd" + break + } + default { + $USE_MVND = $false + $MVN_CMD = $script -replace '^mvnw','mvn' + break + } +} + +# apply MVNW_REPOURL and calculate MAVEN_HOME +# maven home pattern: ~/.m2/wrapper/dists/{apache-maven-,maven-mvnd--}/ +if ($env:MVNW_REPOURL) { + $MVNW_REPO_PATTERN = if ($USE_MVND) { "/org/apache/maven/" } else { "/maven/mvnd/" } + $distributionUrl = "$env:MVNW_REPOURL$MVNW_REPO_PATTERN$($distributionUrl -replace '^.*'+$MVNW_REPO_PATTERN,'')" +} +$distributionUrlName = $distributionUrl -replace '^.*/','' +$distributionUrlNameMain = $distributionUrlName -replace '\.[^.]*$','' -replace '-bin$','' +$MAVEN_HOME_PARENT = "$HOME/.m2/wrapper/dists/$distributionUrlNameMain" +if ($env:MAVEN_USER_HOME) { + $MAVEN_HOME_PARENT = "$env:MAVEN_USER_HOME/wrapper/dists/$distributionUrlNameMain" +} +$MAVEN_HOME_NAME = ([System.Security.Cryptography.MD5]::Create().ComputeHash([byte[]][char[]]$distributionUrl) | ForEach-Object {$_.ToString("x2")}) -join '' +$MAVEN_HOME = "$MAVEN_HOME_PARENT/$MAVEN_HOME_NAME" + +if (Test-Path -Path "$MAVEN_HOME" -PathType Container) { + Write-Verbose "found existing MAVEN_HOME at $MAVEN_HOME" + Write-Output "MVN_CMD=$MAVEN_HOME/bin/$MVN_CMD" + exit $? +} + +if (! $distributionUrlNameMain -or ($distributionUrlName -eq $distributionUrlNameMain)) { + Write-Error "distributionUrl is not valid, must end with *-bin.zip, but found $distributionUrl" +} + +# prepare tmp dir +$TMP_DOWNLOAD_DIR_HOLDER = New-TemporaryFile +$TMP_DOWNLOAD_DIR = New-Item -Itemtype Directory -Path "$TMP_DOWNLOAD_DIR_HOLDER.dir" +$TMP_DOWNLOAD_DIR_HOLDER.Delete() | Out-Null +trap { + if ($TMP_DOWNLOAD_DIR.Exists) { + try { Remove-Item $TMP_DOWNLOAD_DIR -Recurse -Force | Out-Null } + catch { Write-Warning "Cannot remove $TMP_DOWNLOAD_DIR" } + } +} + +New-Item -Itemtype Directory -Path "$MAVEN_HOME_PARENT" -Force | Out-Null + +# Download and Install Apache Maven +Write-Verbose "Couldn't find MAVEN_HOME, downloading and installing it ..." +Write-Verbose "Downloading from: $distributionUrl" +Write-Verbose "Downloading to: $TMP_DOWNLOAD_DIR/$distributionUrlName" + +$webclient = New-Object System.Net.WebClient +if ($env:MVNW_USERNAME -and $env:MVNW_PASSWORD) { + $webclient.Credentials = New-Object System.Net.NetworkCredential($env:MVNW_USERNAME, $env:MVNW_PASSWORD) +} +[Net.ServicePointManager]::SecurityProtocol = [Net.SecurityProtocolType]::Tls12 +$webclient.DownloadFile($distributionUrl, "$TMP_DOWNLOAD_DIR/$distributionUrlName") | Out-Null + +# If specified, validate the SHA-256 sum of the Maven distribution zip file +$distributionSha256Sum = (Get-Content -Raw "$scriptDir/.mvn/wrapper/maven-wrapper.properties" | ConvertFrom-StringData).distributionSha256Sum +if ($distributionSha256Sum) { + if ($USE_MVND) { + Write-Error "Checksum validation is not supported for maven-mvnd. `nPlease disable validation by removing 'distributionSha256Sum' from your maven-wrapper.properties." + } + Import-Module $PSHOME\Modules\Microsoft.PowerShell.Utility -Function Get-FileHash + if ((Get-FileHash "$TMP_DOWNLOAD_DIR/$distributionUrlName" -Algorithm SHA256).Hash.ToLower() -ne $distributionSha256Sum) { + Write-Error "Error: Failed to validate Maven distribution SHA-256, your Maven distribution might be compromised. If you updated your Maven version, you need to update the specified distributionSha256Sum property." + } +} + +# unzip and move +Expand-Archive "$TMP_DOWNLOAD_DIR/$distributionUrlName" -DestinationPath "$TMP_DOWNLOAD_DIR" | Out-Null +Rename-Item -Path "$TMP_DOWNLOAD_DIR/$distributionUrlNameMain" -NewName $MAVEN_HOME_NAME | Out-Null +try { + Move-Item -Path "$TMP_DOWNLOAD_DIR/$MAVEN_HOME_NAME" -Destination $MAVEN_HOME_PARENT | Out-Null +} catch { + if (! (Test-Path -Path "$MAVEN_HOME" -PathType Container)) { + Write-Error "fail to move MAVEN_HOME" + } +} finally { + try { Remove-Item $TMP_DOWNLOAD_DIR -Recurse -Force | Out-Null } + catch { Write-Warning "Cannot remove $TMP_DOWNLOAD_DIR" } +} + +Write-Output "MVN_CMD=$MAVEN_HOME/bin/$MVN_CMD" diff --git a/pom.xml b/pom.xml new file mode 100644 index 0000000..5b0aae6 --- /dev/null +++ b/pom.xml @@ -0,0 +1,92 @@ + + + 4.0.0 + + org.springframework.boot + spring-boot-starter-parent + 3.3.4 + + + dev.flyfish.boot + cas + 0.0.1-SNAPSHOT + cas + cas + + + + + + + + + + + + + + + 21 + + + + org.springframework.boot + spring-boot-starter-webflux + + + + org.springframework.boot + spring-boot-configuration-processor + true + + + org.projectlombok + lombok + true + + + org.springframework.boot + spring-boot-starter-test + test + + + io.projectreactor + reactor-test + test + + + org.jasig.cas + cas-client-core + 3.1.12 + system + ${project.basedir}/lib/cas-client-core-3.1.12.jar + + + edu.yale.its + cas-client-java + 7.0.8 + system + ${project.basedir}/lib/sso-client-java-7.0.8.jar + + + + + + + + org.springframework.boot + spring-boot-maven-plugin + + + + org.projectlombok + lombok + + + + + + + + diff --git a/src/main/java/dev/flyfish/boot/cas/CasApplication.java b/src/main/java/dev/flyfish/boot/cas/CasApplication.java new file mode 100644 index 0000000..051f9c4 --- /dev/null +++ b/src/main/java/dev/flyfish/boot/cas/CasApplication.java @@ -0,0 +1,13 @@ +package dev.flyfish.boot.cas; + +import org.springframework.boot.SpringApplication; +import org.springframework.boot.autoconfigure.SpringBootApplication; + +@SpringBootApplication +public class CasApplication { + + public static void main(String[] args) { + SpringApplication.run(CasApplication.class, args); + } + +} diff --git a/src/main/java/dev/flyfish/boot/cas/filter/CASFilter.java b/src/main/java/dev/flyfish/boot/cas/filter/CASFilter.java new file mode 100644 index 0000000..4583589 --- /dev/null +++ b/src/main/java/dev/flyfish/boot/cas/filter/CASFilter.java @@ -0,0 +1,426 @@ +package dev.flyfish.boot.cas.filter; + +import edu.yale.its.tp.cas.client.*; +import edu.yale.its.tp.cas.util.XmlUtils; +import org.apache.commons.logging.Log; +import org.apache.commons.logging.LogFactory; +import org.springframework.http.HttpMethod; +import org.springframework.http.MediaType; +import org.springframework.http.codec.HttpMessageReader; +import org.springframework.http.codec.ServerCodecConfigurer; +import org.springframework.http.server.reactive.ServerHttpRequest; +import org.springframework.lang.NonNull; +import org.springframework.util.MultiValueMap; +import org.springframework.util.StringUtils; +import org.springframework.web.server.ServerWebExchange; +import org.springframework.web.server.WebFilter; +import org.springframework.web.server.WebFilterChain; +import org.springframework.web.server.WebSession; +import reactor.core.publisher.Mono; + +import java.io.IOException; +import java.lang.reflect.InvocationTargetException; +import java.lang.reflect.Method; +import java.net.URLEncoder; +import java.util.List; +import java.util.Objects; + +/** + * cas filter的webflux实现 + * + * @author wangyu + * 实现相关核心逻辑,完成鉴权信息抽取 + */ +public class CASFilter implements WebFilter { + + private static final Log log = LogFactory.getLog(CASFilter.class); + + public static final String LOGIN_INIT_PARAM = "edu.yale.its.tp.cas.client.filter.loginUrl"; + public static final String VALIDATE_INIT_PARAM = "edu.yale.its.tp.cas.client.filter.validateUrl"; + public static final String SERVICE_INIT_PARAM = "edu.yale.its.tp.cas.client.filter.serviceUrl"; + public static final String SERVERNAME_INIT_PARAM = "edu.yale.its.tp.cas.client.filter.serverName"; + public static final String RENEW_INIT_PARAM = "edu.yale.its.tp.cas.client.filter.renew"; + public static final String AUTHORIZED_PROXY_INIT_PARAM = "edu.yale.its.tp.cas.client.filter.authorizedProxy"; + public static final String PROXY_CALLBACK_INIT_PARAM = "edu.yale.its.tp.cas.client.filter.proxyCallbackUrl"; + public static final String WRAP_REQUESTS_INIT_PARAM = "edu.yale.its.tp.cas.client.filter.wrapRequest"; + public static final String GATEWAY_INIT_PARAM = "edu.yale.its.tp.cas.client.filter.gateway"; + public static final String CAS_FILTER_USER = "edu.yale.its.tp.cas.client.filter.user"; + public static final String CAS_FILTER_RECEIPT = "edu.yale.its.tp.cas.client.filter.receipt"; + + static final String CAS_FILTER_GATEWAYED = "edu.yale.its.tp.cas.client.filter.didGateway"; + static final String CAS_FILTER_INITCONTEXTCLASS = "edu.yale.its.tp.cas.client.filter.initContextClass"; + static final String CAS_FILTER_USERLOGINMARK = "edu.yale.its.tp.cas.client.filter.userLoginMark"; + static final String CAS_FILTER_EXCLUSION = "edu.yale.its.tp.cas.client.filter.filterExclusion"; + + private final CASParameter parameter; + + private static SessionMappingStorage SESSION_MAPPING_STORAGE = new HashMapBackedSessionMappingStorage(); + + private List> messageReaders; + + public CASFilter(CASParameter parameter, ServerCodecConfigurer codecConfigurer) { + parameter.check(); + this.parameter = parameter; + this.messageReaders = codecConfigurer.getReaders(); + } + + private boolean isReceiptAcceptable(CASReceipt receipt) { + if (receipt == null) { + throw new IllegalArgumentException("Cannot evaluate a null receipt."); + } else if (parameter.casRenew && !receipt.isPrimaryAuthentication()) { + return false; + } else { + return !receipt.isProxied() || parameter.authorizedProxies.contains(receipt.getProxyingService()); + } + } + + private CASReceipt getAuthenticatedUser(ServerWebExchange exchange, String ticket) throws CASAuthenticationException { + log.trace("entering getAuthenticatedUser()"); + ProxyTicketValidator pv = new ProxyTicketValidator(); + pv.setCasValidateUrl(parameter.casValidate); + pv.setServiceTicket(ticket); + pv.setService(this.getService(exchange.getRequest())); + pv.setRenew(parameter.casRenew); + if (parameter.casProxyCallbackUrl != null) { + pv.setProxyCallbackUrl(parameter.casProxyCallbackUrl); + } + + if (log.isDebugEnabled()) { + log.debug("about to validate ProxyTicketValidator: [" + pv + "]"); + } + + return CASReceipt.getReceipt(pv); + } + + private String getService(ServerHttpRequest request) throws ServletException { + log.trace("entering getService()"); + if (this.casServerName == null && this.casServiceUrl == null) { + throw new ServletException("need one of the following configuration parameters: edu.yale.its.tp.cas.client.filter.serviceUrl or edu.yale.its.tp.cas.client.filter.serverName"); + } else { + String serviceString; + if (this.casServiceUrl != null) { + serviceString = URLEncoder.encode(this.casServiceUrl); + } else { + serviceString = Util.getService(request, this.casServerName); + } + + if (log.isTraceEnabled()) { + log.trace("returning from getService() with service [" + serviceString + "]"); + } + + return serviceString; + } + } + + private void redirectToCAS(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { + if (log.isTraceEnabled()) { + log.trace("entering redirectToCAS()"); + } + + String casLoginString = this.casLogin + "?service=" + this.getService(request) + (this.casRenew ? "&renew=true" : "") + (this.casGateway ? "&gateway=true" : ""); + String sCookie; + if (request.getAttribute("sessionId") != null) { + sCookie = this.casServerName + request.getContextPath(); + casLoginString = casLoginString + "&appId=" + sCookie + "&sessionId=" + request.getAttribute("sessionId"); + } + + sCookie = request.getHeader("Cookie"); + String cookie = null; + if (sCookie != null) { + String[] sCookies = sCookie.split(";"); + + for (int i = 0; i < sCookies.length; ++i) { + if (sCookies[i].indexOf("JSESSIONID=") != -1) { + cookie = sCookies[i].split("JSESSIONID=")[1]; + } + } + } + + if (cookie != null && !cookie.equals("null") && !cookie.equals(request.getSession().getId())) { + casLoginString = casLoginString + "&timeOut=" + cookie; + if (log.isDebugEnabled()) { + log.debug("Session is timeout. The timeout session is " + cookie); + } + } + + if (log.isDebugEnabled()) { + log.debug("Redirecting browser to [" + casLoginString + ")"); + } + + response.sendRedirect(casLoginString); + if (log.isTraceEnabled()) { + log.trace("returning from redirectToCAS()"); + } + + } + + private void redirectToInitFailure(HttpServletRequest request, HttpServletResponse response, String cause) throws IOException, ServletException { + if (log.isTraceEnabled()) { + log.trace("entering redirectToInitFailure()"); + } + + String casLoginString = this.casLogin + "?action=initFailure"; + if (cause != null && cause.equals("Illegal user")) { + casLoginString = casLoginString + "&userIllegal=true"; + } + + String locale = request.getParameter("locale"); + if (locale != null) { + casLoginString = casLoginString + "&locale=" + locale; + } + + if (log.isDebugEnabled()) { + log.debug("Redirecting browser to [" + casLoginString + ")"); + } + + response.sendRedirect(casLoginString); + if (log.isTraceEnabled()) { + log.trace("returning from redirectToInitFailure()"); + } + + } + + public static SessionMappingStorage getSessionMappingStorage() { + return SESSION_MAPPING_STORAGE; + } + + private boolean isExclusion(ServerHttpRequest request) { + if (parameter.exclusions == null) { + return false; + } else { + String url = request.getPath().value(); + return parameter.exclusions.contains(url); + } + } + + private Mono translate(ServerWebExchange exchange, WebFilterChain chain, WebSession session) { + ServerHttpRequest request = exchange.getRequest(); + MultiValueMap params = request.getQueryParams(); + String userName; + String artifact; + + if (parameter.casProxyCallbackUrl != null && parameter.casProxyCallbackUrl.endsWith(request.getPath().value()) + && params.getFirst("pgtId") != null && params.getFirst("pgtIou") != null) { + log.trace("passing through what we hope is CAS's request for proxy ticket receptor."); + return chain.filter(exchange); + } else { + if (parameter.wrapRequest) { + log.trace("Wrapping request with CASFilterRequestWrapper."); + // todo 暂时啥也不干,看看有无问题 +// request = new CASFilterRequestWrapper((HttpServletRequest) request); + } + + // 使用了用户标记,快速跳过 + if (parameter.userLoginMark != null && session.getAttribute(parameter.userLoginMark) != null) { + return chain.filter(exchange); + } + + // 获取receipt + CASReceipt receipt = session.getAttribute(CAS_FILTER_RECEIPT); + if (receipt != null && this.isReceiptAcceptable(receipt)) { + log.trace("CAS_FILTER_RECEIPT attribute was present and acceptable - passing request through filter.."); + return chain.filter(exchange); + } + // 跳过请求 + if (this.isExclusion(request)) { + return chain.filter(exchange); + } + + return getParameter(exchange, "ticket") + .flatMap(ticket -> { + if (StringUtils.hasText(ticket)) { + try { + receipt = this.getAuthenticatedUser(exchange, ticket); + } catch (CASAuthenticationException var22) { + ((HttpServletRequest) request).setAttribute("sessionId", session.getId()); + this.redirectToCAS((HttpServletRequest) request, (HttpServletResponse) response); + return; + } + + if (!this.isReceiptAcceptable(receipt)) { + throw new ServletException("Authentication was technically successful but rejected as a matter of policy. [" + receipt + "]"); + } else { + if (pt != null && pt != "") { + session.setAttribute(pt, receipt); + } + + if (session != null) { + userName = receipt.getUserName(); + if (this.casInitContextClass != null && !"".equals(this.casInitContextClass)) { + try { + Class cls = Class.forName(this.casInitContextClass); + Object obj = cls.newInstance(); + if (obj instanceof IContextInit) { + Method translatorMethod = cls.getMethod("getTranslatorUser", String.class); + userName = (String) translatorMethod.invoke(obj, userName); + Method initContextMethod = cls.getMethod("initContext", ServletRequest.class, ServletResponse.class, FilterChain.class, String.class); + initContextMethod.invoke(obj, request, response, fc, userName); + } + } catch (ClassNotFoundException var15) { + ClassNotFoundException e = var15; + e.printStackTrace(); + } catch (InstantiationException var16) { + InstantiationException e = var16; + e.printStackTrace(); + } catch (IllegalAccessException var17) { + IllegalAccessException e = var17; + e.printStackTrace(); + } catch (IllegalArgumentException var18) { + IllegalArgumentException e = var18; + e.printStackTrace(); + } catch (InvocationTargetException var19) { + InvocationTargetException e = var19; + String cause = e.getCause().getMessage(); + session.setAttribute("initFailure", cause); + this.redirectToInitFailure((HttpServletRequest) request, (HttpServletResponse) response, cause); + e.printStackTrace(); + return; + } catch (SecurityException var20) { + SecurityException e = var20; + e.printStackTrace(); + } catch (NoSuchMethodException var21) { + NoSuchMethodException e = var21; + e.printStackTrace(); + } + } + + session.setAttribute("edu.yale.its.tp.cas.client.filter.user", userName); + session.setAttribute("edu.yale.its.tp.cas.client.filter.receipt", receipt); + session.removeAttribute("edu.yale.its.tp.cas.client.filter.didGateway"); + } + + if (log.isTraceEnabled()) { + log.trace("validated ticket to get authenticated receipt [" + receipt + "], now passing request along filter chain."); + } + + fc.doFilter((ServletRequest) request, response); + log.trace("returning from doFilter()"); + } + } else { + log.trace("CAS ticket was not present on request."); + boolean didGateway = Boolean.valueOf((String) session.getAttribute("edu.yale.its.tp.cas.client.filter.didGateway")); + if (this.casLogin == null) { + log.fatal("casLogin was not set, so filter cannot redirect request for authentication."); + throw new ServletException("When CASFilter protects pages that do not receive a 'ticket' parameter, it needs a edu.yale.its.tp.cas.client.filter.loginUrl filter parameter"); + } else if (!didGateway) { + log.trace("Did not previously gateway. Setting session attribute to true."); + ((HttpServletRequest) request).setAttribute("sessionId", session.getId()); + session.setAttribute("edu.yale.its.tp.cas.client.filter.didGateway", "true"); + this.redirectToCAS((HttpServletRequest) request, (HttpServletResponse) response); + } else { + log.trace("Previously gatewayed."); + if (!this.casGateway && session.getAttribute("edu.yale.its.tp.cas.client.filter.user") == null) { + if (session.getAttribute("initFailure") != null) { + String cause = (String) session.getAttribute("initFailure"); + this.redirectToInitFailure((HttpServletRequest) request, (HttpServletResponse) response, cause); + } else { + ((HttpServletRequest) request).setAttribute("sessionId", session.getId()); + session.setAttribute("edu.yale.its.tp.cas.client.filter.didGateway", "true"); + this.redirectToCAS((HttpServletRequest) request, (HttpServletResponse) response); + } + + } else { + log.trace("casGateway was true and CAS_FILTER_USER set: passing request along filter chain."); + fc.doFilter((ServletRequest) request, response); + } + } + } + }) + + } + } + + /** + * 二阶段处理,预处理特殊情况,提前中断请求 + * + * @param exchange 交换信息 + * @param chain 过滤器链 + * @param session 会话 + * @return 结果 + */ + private Mono handle(ServerWebExchange exchange, WebFilterChain chain, @NonNull WebSession session) { + // 下一步处理信号,提前生成 + Mono translate = this.translate(exchange, chain, session); + + // post请求需要特殊处理 + if (exchange.getRequest().getMethod() == HttpMethod.POST) { + // 此处可能要求安全的获取参数(单独针对退出请求) + return exchange.getFormData() + .flatMap(formData -> { + String payload = formData.getFirst("logoutRequest"); + if (StringUtils.hasText(payload)) { + if (log.isTraceEnabled()) { + log.trace("Logout request=[" + payload + "]"); + } + String sessionIdentifier = XmlUtils.getTextForElement(payload, "SessionIndex"); + if (StringUtils.hasText(sessionIdentifier)) { + // 命中该请求,中断执行 + return SESSION_MAPPING_STORAGE.removeSessionByMappingId(sessionIdentifier) + .filter(Objects::nonNull) + .flatMap(savedSession -> { + String sessionId = savedSession.getId(); + if (log.isDebugEnabled()) { + log.debug("Invalidating session [" + sessionId + "] for ST [" + sessionIdentifier + "]"); + } + try { + return savedSession.invalidate(); + } catch (IllegalStateException e) { + log.debug(e, e); + } + // 中断处理 + return Mono.empty(); + }); + } + } + return translate; + }); + } else { + String ticket = exchange.getRequest().getQueryParams().getFirst("ticket"); + if (log.isDebugEnabled()) { + log.debug("Storing session identifier for " + session.getId()); + } + + // 包括ticket,尝试重新替换session + if (StringUtils.hasText(ticket)) { + return SESSION_MAPPING_STORAGE.removeBySessionById(session.getId()) + .onErrorResume(e -> SESSION_MAPPING_STORAGE.addSessionById(ticket, session)) + .then(translate); + } + + return translate; + } + } + + private Mono getParameter(ServerWebExchange exchange, String key) { + ServerHttpRequest request = exchange.getRequest(); + String query = request.getQueryParams().getFirst(key); + if (StringUtils.hasText(query)) { + return Mono.just(query); + } + MediaType mediaType = request.getHeaders().getContentType(); + if (null != mediaType && mediaType.isCompatibleWith(MediaType.APPLICATION_FORM_URLENCODED)) { + return exchange.getFormData().mapNotNull(formData -> formData.getFirst(key)); + } + return Mono.empty(); + } + + @Override + public Mono filter(ServerWebExchange exchange, WebFilterChain chain) { + // 拦截器需要基于session判定,故提前使用 + return exchange.getSession() + .flatMap(session -> { + if (log.isTraceEnabled()) { + log.trace("entering doFilter()"); + } + // 执行中断策略 + String pt = exchange.getRequest().getQueryParams().getFirst("pt"); + if (StringUtils.hasText(pt)) { + if (session.getAttribute(pt) != null) { + return chain.filter(exchange); + } + } + return handle(exchange, chain, session); + }); + } + +} diff --git a/src/main/java/dev/flyfish/boot/cas/filter/CASParameter.java b/src/main/java/dev/flyfish/boot/cas/filter/CASParameter.java new file mode 100644 index 0000000..7fdef3c --- /dev/null +++ b/src/main/java/dev/flyfish/boot/cas/filter/CASParameter.java @@ -0,0 +1,77 @@ +package dev.flyfish.boot.cas.filter; + +import com.fasterxml.jackson.annotation.JsonAlias; +import lombok.Data; + +import java.util.ArrayList; +import java.util.List; +import java.util.Set; +import java.util.StringTokenizer; + +@Data +public class CASParameter { + + // 排除的过滤地址 + @JsonAlias(CASFilter.CAS_FILTER_EXCLUSION) + Set exclusions; + + @JsonAlias(CASFilter.LOGIN_INIT_PARAM) + String casLogin; + + @JsonAlias(CASFilter.VALIDATE_INIT_PARAM) + String casValidate; + + @JsonAlias(CASFilter.SERVICE_INIT_PARAM) + String casServiceUrl; + + @JsonAlias(CASFilter.SERVERNAME_INIT_PARAM) + String casServerName; + + @JsonAlias(CASFilter.PROXY_CALLBACK_INIT_PARAM) + String casProxyCallbackUrl; + + @JsonAlias(CASFilter.CAS_FILTER_INITCONTEXTCLASS) + String casInitContextClass; + + @JsonAlias(CASFilter.RENEW_INIT_PARAM) + boolean casRenew; + + @JsonAlias(CASFilter.WRAP_REQUESTS_INIT_PARAM) + boolean wrapRequest; + + @JsonAlias(CASFilter.GATEWAY_INIT_PARAM) + boolean casGateway = false; + + @JsonAlias(CASFilter.CAS_FILTER_USERLOGINMARK) + String userLoginMark = null; + + // 已授权的代理地址列表 + @JsonAlias(CASFilter.AUTHORIZED_PROXY_INIT_PARAM) + List authorizedProxies = new ArrayList<>(); + + public void setAuthorizedProxies(String casAuthorizedProxy) { + if (casAuthorizedProxy != null) { + StringTokenizer casProxies = new StringTokenizer(casAuthorizedProxy); + + while (casProxies.hasMoreTokens()) { + String anAuthorizedProxy = casProxies.nextToken(); + this.authorizedProxies.add(anAuthorizedProxy); + } + } + } + + /** + * 检查配置参数是否有误 + */ + public void check() { + if (this.casGateway && this.casRenew) { + throw new IllegalArgumentException("gateway and renew cannot both be true in filter configuration"); + } else if (this.casServerName != null && this.casServiceUrl != null) { + throw new IllegalArgumentException("serverName and serviceUrl cannot both be set: choose one."); + } else if (this.casServerName == null && this.casServiceUrl == null) { + throw new IllegalArgumentException("one of serverName or serviceUrl must be set."); + } else if (this.casValidate == null) { + throw new IllegalArgumentException("validateUrl parameter must be set."); + } + } +} diff --git a/src/main/java/dev/flyfish/boot/cas/filter/SessionMappingStorage.java b/src/main/java/dev/flyfish/boot/cas/filter/SessionMappingStorage.java new file mode 100644 index 0000000..393cd89 --- /dev/null +++ b/src/main/java/dev/flyfish/boot/cas/filter/SessionMappingStorage.java @@ -0,0 +1,65 @@ +package dev.flyfish.boot.cas.filter; + +import lombok.extern.slf4j.Slf4j; +import org.springframework.web.server.WebSession; +import reactor.core.publisher.Mono; + +import java.util.HashMap; +import java.util.Map; + +/** + * webflux的session mapping存储 + * + * @author wangyu + */ +public interface SessionMappingStorage { + + Mono removeSessionByMappingId(String mappingId); + + Mono removeBySessionById(String mappingId); + + Mono addSessionById(String mappingId, WebSession session); + + @Slf4j + class HashMapBackedSessionStorage implements SessionMappingStorage { + + private final Map MANAGED_SESSIONS = new HashMap<>(); + private final Map ID_TO_SESSION_KEY_MAPPING = new HashMap<>(); + + @Override + public Mono removeSessionByMappingId(String mappingId) { + WebSession session = this.MANAGED_SESSIONS.get(mappingId); + if (session != null) { + this.removeBySessionById(session.getId()); + } + return Mono.just(session); + } + + @Override + public Mono removeBySessionById(String sessionId) { + if (log.isDebugEnabled()) { + log.debug("Attempting to remove Session=[" + sessionId + "]"); + } + + String key = this.ID_TO_SESSION_KEY_MAPPING.get(sessionId); + if (log.isDebugEnabled()) { + if (key != null) { + log.debug("Found mapping for session. Session Removed."); + } else { + log.debug("No mapping for session found. Ignoring."); + } + } + + this.MANAGED_SESSIONS.remove(key); + this.ID_TO_SESSION_KEY_MAPPING.remove(sessionId); + return Mono.empty(); + } + + @Override + public Mono addSessionById(String mappingId, WebSession session) { + this.ID_TO_SESSION_KEY_MAPPING.put(session.getId(), mappingId); + this.MANAGED_SESSIONS.put(mappingId, session); + return Mono.empty(); + } + } +} diff --git a/src/main/resources/application.properties b/src/main/resources/application.properties new file mode 100644 index 0000000..401009c --- /dev/null +++ b/src/main/resources/application.properties @@ -0,0 +1 @@ +spring.application.name=cas diff --git a/src/test/java/dev/flyfish/boot/cas/CasApplicationTests.java b/src/test/java/dev/flyfish/boot/cas/CasApplicationTests.java new file mode 100644 index 0000000..3daeb1c --- /dev/null +++ b/src/test/java/dev/flyfish/boot/cas/CasApplicationTests.java @@ -0,0 +1,13 @@ +package dev.flyfish.boot.cas; + +import org.junit.jupiter.api.Test; +import org.springframework.boot.test.context.SpringBootTest; + +@SpringBootTest +class CasApplicationTests { + + @Test + void contextLoads() { + } + +}