diff --git a/CHANGELOG.md b/CHANGELOG.md index 2b68fce1..bddb9c5b 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -2,6 +2,29 @@ =========================== +## [2.3.1](https://github.com/buession/buession-security/releases/tag/v2.3.1) (2023-11-17) + +### 🔨依赖升级 + +- [依赖库版本升级和安全漏洞修复](https://github.com/buession/buession-parent/releases/tag/v2.3.1) +- [owasp antisamy](https://github.com/nahsra/antisamy) 版本升级至 1.7.3 + + +### ⭐ 新特性 + +- **buession-security-shiro:** 新增任意权限 jsp tag HasAnyPermissionsTag + + +### 🔔 变化 + +- **buession-security-mcrypt:** Base64 编码、解码使用 java 内置 API +- **buession-security-pac4j:** cas client 不再默认引用 +- **buession-security-web:** 移除 org.bouncycastle 依赖 + + +--- + + ## [2.3.0](https://github.com/buession/buession-security/releases/tag/v2.3.0) (2023-08-17) ### 🔨依赖升级 diff --git a/buession-security-captcha/pom.xml b/buession-security-captcha/pom.xml index 722c98b3..ab17bb33 100644 --- a/buession-security-captcha/pom.xml +++ b/buession-security-captcha/pom.xml @@ -7,7 +7,7 @@ com.buession.security buession-security-parent ../buession-security-parent - 2.3.0 + 2.3.1 buession-security-captcha https://security.buession.com/ diff --git a/buession-security-captcha/src/main/java/com/buession/security/captcha/aliyun/AliyunParametersBuilder.java b/buession-security-captcha/src/main/java/com/buession/security/captcha/aliyun/AliyunParametersBuilder.java index 9b02838d..99650643 100644 --- a/buession-security-captcha/src/main/java/com/buession/security/captcha/aliyun/AliyunParametersBuilder.java +++ b/buession-security-captcha/src/main/java/com/buession/security/captcha/aliyun/AliyunParametersBuilder.java @@ -19,7 +19,7 @@ * +-------------------------------------------------------------------------------------------------------+ * | License: http://www.apache.org/licenses/LICENSE-2.0.txt | * | Author: Yong.Teng | - * | Copyright @ 2013-2022 Buession.com Inc. | + * | Copyright @ 2013-2023 Buession.com Inc. | * +-------------------------------------------------------------------------------------------------------+ */ package com.buession.security.captcha.aliyun; @@ -35,8 +35,6 @@ import java.io.UnsupportedEncodingException; import java.net.URLEncoder; import java.nio.charset.StandardCharsets; -import java.security.InvalidKeyException; -import java.security.NoSuchAlgorithmException; import java.text.SimpleDateFormat; import java.util.Arrays; import java.util.Date; @@ -69,7 +67,7 @@ class AliyunParametersBuilder implements ParametersBuilder { private final AliYunCaptchaClient client; AliyunParametersBuilder(final String accessKeyId, final String accessKeySecret, final String appKey, - final AliYunCaptchaClient client){ + final AliYunCaptchaClient client) { this.accessKeyId = accessKeyId; this.accessKeySecret = accessKeySecret; this.appKey = appKey; @@ -77,7 +75,7 @@ class AliyunParametersBuilder implements ParametersBuilder { } @Override - public Map build(final AliYunRequestData requestData){ + public Map build(final AliYunRequestData requestData) { SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'"); Date date = new Date(); @@ -89,11 +87,8 @@ public Map build(final AliYunRequestData requestData){ .put("SignatureVersion", SIGNATURE_VERSION).put("AccessKeyId", accessKeyId) .put("AppKey", appKey).put("Timestamp", sdf.format(date)).put("Token", requestData.getToken()) .put("Sig", requestData.getSig()).put("SessionId", requestData.getSessionId()) - .put("Scene", requestData.getScene()); - - if(requestData.getClientIp() != null){ - builder.put("RemoteIp", requestData.getClientIp()); - } + .put("Scene", requestData.getScene()) + .putIfPresent("RemoteIp", requestData.getClientIp()); Map parameters = builder.build(); @@ -102,15 +97,11 @@ public Map build(final AliYunRequestData requestData){ return parameters; } - protected static String randomStr(final Date date){ - final StringBuilder sb = new StringBuilder(20); - - sb.append(StringUtils.random(7)).append('_').append(date.getTime()); - - return sb.toString(); + protected static String randomStr(final Date date) { + return StringUtils.random(7) + '_' + date.getTime(); } - protected static String percentEncode(final String value){ + protected static String percentEncode(final String value) { try{ return value != null ? URLEncoder.encode(value, "UTF-8").replace("+", "%20").replace("*", "%2A") .replace("%7E", "~") : null; @@ -119,7 +110,7 @@ protected static String percentEncode(final String value){ } } - protected static String signature(final String signKey, final Map parameters){ + protected static String signature(final String signKey, final Map parameters) { String[] sortedKeys = parameters.keySet().toArray(new String[0]); Arrays.sort(sortedKeys); diff --git a/buession-security-captcha/src/main/java/com/buession/security/captcha/geetest/api/v3/GeetestV3Client.java b/buession-security-captcha/src/main/java/com/buession/security/captcha/geetest/api/v3/GeetestV3Client.java index a333143c..c43f1ab8 100644 --- a/buession-security-captcha/src/main/java/com/buession/security/captcha/geetest/api/v3/GeetestV3Client.java +++ b/buession-security-captcha/src/main/java/com/buession/security/captcha/geetest/api/v3/GeetestV3Client.java @@ -67,7 +67,7 @@ public final class GeetestV3Client extends AbstractGeetestClient { * @param secretKey * 私钥 */ - public GeetestV3Client(final String appId, final String secretKey){ + public GeetestV3Client(final String appId, final String secretKey) { super(appId, secretKey); } @@ -81,12 +81,12 @@ public GeetestV3Client(final String appId, final String secretKey){ * @param httpClient * {@link HttpClient} */ - public GeetestV3Client(final String appId, final String secretKey, final HttpClient httpClient){ + public GeetestV3Client(final String appId, final String secretKey, final HttpClient httpClient) { super(appId, secretKey, httpClient); } @Override - public InitResponse initialize(RequestData requestData){ + public InitResponse initialize(RequestData requestData) { if(logger.isDebugEnabled()){ logger.debug("验证初始化"); } @@ -96,16 +96,13 @@ public InitResponse initialize(RequestData requestData){ .put("gt", appId) .put("json_format", "1") .put("digestmod", Algo.MD5.getName()) - .put("sdk", getSdkName()); + .put("sdk", getSdkName()) + .putIfPresent("ip_address", requestV3Data.getIpAddress()); if(requestV3Data.getClientType() != null){ parametersBuilder.put("client_type", requestV3Data.getClientType().getValue()); } - if(requestV3Data.getIpAddress() != null){ - parametersBuilder.put("ip_address", requestV3Data.getIpAddress()); - } - if(logger.isDebugEnabled()){ logger.debug("验证初始化, parameters:{}.", parametersBuilder.build()); } @@ -139,7 +136,7 @@ public InitResponse initialize(RequestData requestData){ } @Override - public Status validate(RequestData requestData) throws CaptchaException{ + public Status validate(RequestData requestData) throws CaptchaException { if(logger.isDebugEnabled()){ logger.debug("二次验证, 请求参数:{}.", requestData); } @@ -178,7 +175,7 @@ public Status validate(RequestData requestData) throws CaptchaException{ } @Override - public String getVersion(){ + public String getVersion() { return "v3"; } @@ -191,7 +188,7 @@ public String getVersion(){ * @return 检测结果 */ private static boolean checkParam(final GeetestV3RequestData requestData) - throws RequiredParameterCaptchaException{ + throws RequiredParameterCaptchaException { if(Validate.hasText(requestData.getChallenge()) == false){ throw new RequiredParameterCaptchaException("challenge"); } @@ -217,7 +214,7 @@ private static boolean checkParam(final GeetestV3RequestData requestData) * * @return 生成签名结果 */ - private String sign(final GeetestV3InitResponse initResponse){ + private String sign(final GeetestV3InitResponse initResponse) { MD5Mcrypt md5Mcrypt = new MD5Mcrypt(StandardCharsets.UTF_8, secretKey); return md5Mcrypt.encode(initResponse.getChallenge()); } diff --git a/buession-security-captcha/src/main/java/com/buession/security/captcha/geetest/api/v3/GeetestV3ParametersBuilder.java b/buession-security-captcha/src/main/java/com/buession/security/captcha/geetest/api/v3/GeetestV3ParametersBuilder.java index 8e2b8f16..e5fb29fe 100644 --- a/buession-security-captcha/src/main/java/com/buession/security/captcha/geetest/api/v3/GeetestV3ParametersBuilder.java +++ b/buession-security-captcha/src/main/java/com/buession/security/captcha/geetest/api/v3/GeetestV3ParametersBuilder.java @@ -19,7 +19,7 @@ * +-------------------------------------------------------------------------------------------------------+ * | License: http://www.apache.org/licenses/LICENSE-2.0.txt | * | Author: Yong.Teng | - * | Copyright @ 2013-2022 Buession.com Inc. | + * | Copyright @ 2013-2023 Buession.com Inc. | * +-------------------------------------------------------------------------------------------------------+ */ package com.buession.security.captcha.geetest.api.v3; @@ -41,34 +41,28 @@ class GeetestV3ParametersBuilder implements ParametersBuilder build(final GeetestV3RequestData requestData){ + public Map build(final GeetestV3RequestData requestData) { MapBuilder builder = MapBuilder.create(9) .put("captchaid", appId) .put("challenge", requestData.getChallenge()) .put("validate", requestData.getValidate()) .put("seccode", requestData.getSeccode()) .put("json_format", "1") - .put("sdk", sdkName); - - if(requestData.getUserId() != null){ - builder.put("user_id", requestData.getUserId()); - } + .put("sdk", sdkName) + .putIfPresent("user_id", requestData.getUserId()) + .putIfPresent("ip_address", requestData.getIpAddress()); if(requestData.getClientType() != null){ builder.put("client_type", requestData.getClientType().getValue()); } - if(requestData.getIpAddress() != null){ - builder.put("ip_address", requestData.getIpAddress()); - } - return builder.build(); } diff --git a/buession-security-captcha/src/main/java/com/buession/security/captcha/tencent/TencentParametersBuilder.java b/buession-security-captcha/src/main/java/com/buession/security/captcha/tencent/TencentParametersBuilder.java index 17f92e1b..a1b0c83d 100644 --- a/buession-security-captcha/src/main/java/com/buession/security/captcha/tencent/TencentParametersBuilder.java +++ b/buession-security-captcha/src/main/java/com/buession/security/captcha/tencent/TencentParametersBuilder.java @@ -19,7 +19,7 @@ * +-------------------------------------------------------------------------------------------------------+ * | License: http://www.apache.org/licenses/LICENSE-2.0.txt | * | Author: Yong.Teng | - * | Copyright @ 2013-2022 Buession.com Inc. | + * | Copyright @ 2013-2023 Buession.com Inc. | * +-------------------------------------------------------------------------------------------------------+ */ package com.buession.security.captcha.tencent; @@ -39,22 +39,19 @@ class TencentParametersBuilder implements ParametersBuilder private final String secretKey; - TencentParametersBuilder(final String secretId, final String secretKey){ + TencentParametersBuilder(final String secretId, final String secretKey) { this.secretId = secretId; this.secretKey = secretKey; } @Override - public Map build(final TencentRequestData requestData){ + public Map build(final TencentRequestData requestData) { MapBuilder builder = MapBuilder.create(5) .put("aid", secretId) .put("AppSecretKey", secretKey) .put("Ticket", requestData.getTicket()) - .put("Randstr", requestData.getRandstr()); - - if(requestData.getClientIp() != null){ - builder.put("UserIP", requestData.getClientIp()); - } + .put("Randstr", requestData.getRandstr()) + .putIfPresent("UserIP", requestData.getClientIp()); return builder.build(); } diff --git a/buession-security-core/pom.xml b/buession-security-core/pom.xml index 67a1253f..cce58a2e 100644 --- a/buession-security-core/pom.xml +++ b/buession-security-core/pom.xml @@ -7,7 +7,7 @@ com.buession.security buession-security-parent ../buession-security-parent - 2.3.0 + 2.3.1 buession-security-core https://security.buession.com/ diff --git a/buession-security-crypto/pom.xml b/buession-security-crypto/pom.xml index 44a41016..589d1294 100644 --- a/buession-security-crypto/pom.xml +++ b/buession-security-crypto/pom.xml @@ -7,7 +7,7 @@ com.buession.security buession-security-parent ../buession-security-parent - 2.3.0 + 2.3.1 buession-security-crypto https://security.buession.com/ @@ -75,7 +75,7 @@ org.bouncycastle - bcprov-jdk15on + bcprov-jdk18on diff --git a/buession-security-crypto/src/main/java/com/buession/security/crypto/AbstractCrypto.java b/buession-security-crypto/src/main/java/com/buession/security/crypto/AbstractCrypto.java index 2a4ca42f..ec332bb8 100644 --- a/buession-security-crypto/src/main/java/com/buession/security/crypto/AbstractCrypto.java +++ b/buession-security-crypto/src/main/java/com/buession/security/crypto/AbstractCrypto.java @@ -47,7 +47,7 @@ public abstract class AbstractCrypto implements Crypto { /** * 加密算法 */ - private Algorithm algorithm; + private final Algorithm algorithm; /** * 加密密钥 diff --git a/buession-security-mcrypt/pom.xml b/buession-security-mcrypt/pom.xml index 17088acd..5e14f141 100644 --- a/buession-security-mcrypt/pom.xml +++ b/buession-security-mcrypt/pom.xml @@ -7,7 +7,7 @@ com.buession.security buession-security-parent ../buession-security-parent - 2.3.0 + 2.3.1 buession-security-mcrypt https://security.buession.com/ @@ -80,7 +80,7 @@ org.bouncycastle - bcprov-jdk15on + bcprov-jdk18on diff --git a/buession-security-mcrypt/src/main/java/com/buession/security/mcrypt/AESMcrypt.java b/buession-security-mcrypt/src/main/java/com/buession/security/mcrypt/AESMcrypt.java index 398b73c1..5244b15b 100644 --- a/buession-security-mcrypt/src/main/java/com/buession/security/mcrypt/AESMcrypt.java +++ b/buession-security-mcrypt/src/main/java/com/buession/security/mcrypt/AESMcrypt.java @@ -612,6 +612,11 @@ public com.buession.security.crypto.Mode getOriginal() { return original; } + @Override + public String toString() { + return original.toString(); + } + } /** diff --git a/buession-security-mcrypt/src/main/java/com/buession/security/mcrypt/Base64Mcrypt.java b/buession-security-mcrypt/src/main/java/com/buession/security/mcrypt/Base64Mcrypt.java index dec699fe..d15c553b 100644 --- a/buession-security-mcrypt/src/main/java/com/buession/security/mcrypt/Base64Mcrypt.java +++ b/buession-security-mcrypt/src/main/java/com/buession/security/mcrypt/Base64Mcrypt.java @@ -28,7 +28,8 @@ import com.buession.core.utils.Assert; import com.buession.security.crypto.utils.ObjectUtils; -import org.apache.commons.codec.binary.Base64; + +import java.util.Base64; import java.nio.charset.Charset; @@ -94,13 +95,14 @@ public Base64Mcrypt(final Charset charset, final String salt) { @Override public String encrypt(final Object object) { Assert.isNull(object, "Mcrypt encrypt object could not be null."); - return Base64.encodeBase64String((ObjectUtils.toString(object) + getRealSalt()).getBytes(getCharset())); + return Base64.getEncoder() + .encodeToString((ObjectUtils.toString(object) + getRealSalt()).getBytes(getCharset())); } @Override public String decrypt(final CharSequence cs) { Assert.isNull(cs, "Mcrypt decrypt object could not be null."); - return new String(Base64.decodeBase64(cs.toString()), getCharset()); + return new String(Base64.getDecoder().decode(cs.toString()), getCharset()); } } \ No newline at end of file diff --git a/buession-security-mcrypt/src/main/java/com/buession/security/mcrypt/DESMcrypt.java b/buession-security-mcrypt/src/main/java/com/buession/security/mcrypt/DESMcrypt.java index 45984fae..9c6e408f 100644 --- a/buession-security-mcrypt/src/main/java/com/buession/security/mcrypt/DESMcrypt.java +++ b/buession-security-mcrypt/src/main/java/com/buession/security/mcrypt/DESMcrypt.java @@ -624,6 +624,11 @@ public com.buession.security.crypto.Mode getOriginal() { return original; } + @Override + public String toString() { + return original.toString(); + } + } /** diff --git a/buession-security-mcrypt/src/test/java/com/buession/security/mcrypt/Base64McryptTest.java b/buession-security-mcrypt/src/test/java/com/buession/security/mcrypt/Base64McryptTest.java new file mode 100644 index 00000000..b6308e14 --- /dev/null +++ b/buession-security-mcrypt/src/test/java/com/buession/security/mcrypt/Base64McryptTest.java @@ -0,0 +1,43 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. + * See the NOTICE file distributed with this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License is + * distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and limitations under the License. + * + * ========================================================================================================= + * + * This software consists of voluntary contributions made by many individuals on behalf of the + * Apache Software Foundation. For more information on the Apache Software Foundation, please see + * . + * + * +-------------------------------------------------------------------------------------------------------+ + * | License: http://www.apache.org/licenses/LICENSE-2.0.txt | + * | Author: Yong.Teng | + * | Copyright @ 2013-2023 Buession.com Inc. | + * +-------------------------------------------------------------------------------------------------------+ + */ +package com.buession.security.mcrypt; + +import org.junit.Assert; +import org.junit.Test; + +/** + * @author Yong.Teng + * @since 2.3.1 + */ +public class Base64McryptTest { + + @Test + public void encode() { + String a = "A"; + Base64Mcrypt mcrypt = new Base64Mcrypt(); + Assert.assertTrue("QQ==".equals(mcrypt.encode(a))); + } + +} diff --git a/buession-security-pac4j/pom.xml b/buession-security-pac4j/pom.xml index ffcc029d..06e0ef76 100644 --- a/buession-security-pac4j/pom.xml +++ b/buession-security-pac4j/pom.xml @@ -7,7 +7,7 @@ com.buession.security buession-security-parent ../buession-security-parent - 2.3.0 + 2.3.1 buession-security-pac4j https://security.buession.com/ @@ -51,6 +51,10 @@ https://github.com/buession/buession-security/issues + + 3.6.4 + + com.buession.security @@ -100,12 +104,51 @@ org.jasig.cas.client cas-client-core - 3.6.4 + ${cas.client.version} + provided + true + + commons-codec + commons-codec + + + org.bouncycastle + * + + + javax.xml.bind + jaxb-api + + + org.glassfish.jaxb + * + + + + + org.jasig.cas.client + cas-client-support-saml + ${cas.client.version} + provided + true + + + commons-codec + commons-codec + + + org.bouncycastle + * + javax.xml.bind jaxb-api + + org.glassfish.jaxb + * + @@ -129,6 +172,12 @@ org.pac4j pac4j-jwt + + + org.bouncycastle + * + + org.pac4j @@ -163,6 +212,11 @@ + + org.bouncycastle + bcprov-jdk18on + + jakarta.servlet jakarta.servlet-api @@ -196,15 +250,6 @@ aspectjweaver - - org.bouncycastle - bcpkix-jdk15on - - - org.bouncycastle - bcprov-jdk15on - - joda-time joda-time diff --git a/buession-security-pac4j/src/main/java/com/buession/security/pac4j/annotation/PrincipalAnnotationUtils.java b/buession-security-pac4j/src/main/java/com/buession/security/pac4j/annotation/PrincipalAnnotationUtils.java index 0f41ce79..0d0f7d6d 100644 --- a/buession-security-pac4j/src/main/java/com/buession/security/pac4j/annotation/PrincipalAnnotationUtils.java +++ b/buession-security-pac4j/src/main/java/com/buession/security/pac4j/annotation/PrincipalAnnotationUtils.java @@ -26,10 +26,8 @@ import com.buession.security.pac4j.profile.ProfileUtils; import io.buji.pac4j.subject.Pac4jPrincipal; -import org.pac4j.core.profile.CommonProfile; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.springframework.beans.BeanUtils; import org.springframework.core.MethodParameter; /** diff --git a/buession-security-pac4j/src/main/java/com/buession/security/pac4j/annotation/reactive/PrincipalMethodArgumentResolver.java b/buession-security-pac4j/src/main/java/com/buession/security/pac4j/annotation/reactive/PrincipalMethodArgumentResolver.java index f4d8ebcd..fc44a168 100644 --- a/buession-security-pac4j/src/main/java/com/buession/security/pac4j/annotation/reactive/PrincipalMethodArgumentResolver.java +++ b/buession-security-pac4j/src/main/java/com/buession/security/pac4j/annotation/reactive/PrincipalMethodArgumentResolver.java @@ -45,32 +45,32 @@ */ public class PrincipalMethodArgumentResolver extends AbstractNamedValueArgumentResolver { - public PrincipalMethodArgumentResolver(ConfigurableBeanFactory factory, ReactiveAdapterRegistry registry){ + public PrincipalMethodArgumentResolver(ConfigurableBeanFactory factory, ReactiveAdapterRegistry registry) { super(factory, registry); } @Override - public boolean supportsParameter(MethodParameter parameter){ + public boolean supportsParameter(MethodParameter parameter) { return parameter.hasParameterAnnotation(Principal.class); } @Override - protected NamedValueInfo createNamedValueInfo(MethodParameter parameter){ + protected NamedValueInfo createNamedValueInfo(MethodParameter parameter) { Principal principal = parameter.getParameterAnnotation(Principal.class); Assert.isNull(principal, "No Principal annotation"); return new PrincipalNamedValueInfo(principal, parameter.getNestedParameterType()); } @Override - protected Mono resolveName(String name, MethodParameter parameter, ServerWebExchange exchange){ + protected Mono resolveName(String name, MethodParameter parameter, ServerWebExchange exchange) { return exchange.getPrincipal() .map((principal)->PrincipalAnnotationUtils.resolve(parameter, (Pac4jPrincipal) principal)); } private final static class PrincipalNamedValueInfo extends NamedValueInfo { - private PrincipalNamedValueInfo(Principal annotation, Class paramType){ - super(Principal.class.getName() + "_" + paramType.getName(), annotation.required(), null); + private PrincipalNamedValueInfo(Principal annotation, Class paramType) { + super(Principal.class.getName() + '_' + paramType.getName(), annotation.required(), null); } } diff --git a/buession-security-pac4j/src/main/java/com/buession/security/pac4j/annotation/servlet/PrincipalMethodArgumentResolver.java b/buession-security-pac4j/src/main/java/com/buession/security/pac4j/annotation/servlet/PrincipalMethodArgumentResolver.java index 8562bd1e..cdffbcbe 100644 --- a/buession-security-pac4j/src/main/java/com/buession/security/pac4j/annotation/servlet/PrincipalMethodArgumentResolver.java +++ b/buession-security-pac4j/src/main/java/com/buession/security/pac4j/annotation/servlet/PrincipalMethodArgumentResolver.java @@ -21,7 +21,7 @@ * +------------------------------------------------------------------------------------------------+ * | License: http://www.apache.org/licenses/LICENSE-2.0.txt | * | Author: Yong.Teng | - * | Copyright @ 2013-2022 Buession.com Inc. | + * | Copyright @ 2013-2023 Buession.com Inc. | * +------------------------------------------------------------------------------------------------+ */ package com.buession.security.pac4j.annotation.servlet; @@ -43,21 +43,21 @@ */ public class PrincipalMethodArgumentResolver extends AbstractNamedValueMethodArgumentResolver { - public PrincipalMethodArgumentResolver(){ + public PrincipalMethodArgumentResolver() { super(); } - public PrincipalMethodArgumentResolver(@Nullable ConfigurableBeanFactory beanFactory){ + public PrincipalMethodArgumentResolver(@Nullable ConfigurableBeanFactory beanFactory) { super(beanFactory); } @Override - public boolean supportsParameter(MethodParameter parameter){ + public boolean supportsParameter(MethodParameter parameter) { return parameter.hasParameterAnnotation(Principal.class); } @Override - protected NamedValueInfo createNamedValueInfo(MethodParameter parameter){ + protected NamedValueInfo createNamedValueInfo(MethodParameter parameter) { Principal principal = parameter.getParameterAnnotation(Principal.class); Assert.isNull(principal, "No Principal annotation"); return new PrincipalNamedValueInfo(principal, parameter.getNestedParameterType()); @@ -65,14 +65,14 @@ protected NamedValueInfo createNamedValueInfo(MethodParameter parameter){ @Override @Nullable - protected Object resolveName(String name, MethodParameter parameter, NativeWebRequest request){ + protected Object resolveName(String name, MethodParameter parameter, NativeWebRequest request) { return PrincipalAnnotationUtils.resolve(parameter, (Pac4jPrincipal) request.getUserPrincipal()); } private final static class PrincipalNamedValueInfo extends NamedValueInfo { - private PrincipalNamedValueInfo(Principal annotation, Class paramType){ - super(Principal.class.getName() + "_" + paramType.getName(), annotation.required(), null); + private PrincipalNamedValueInfo(Principal annotation, Class paramType) { + super(Principal.class.getName() + '_' + paramType.getName(), annotation.required(), null); } } diff --git a/buession-security-pac4j/src/main/java/com/buession/security/pac4j/http/JsonAjaxRequestResolver.java b/buession-security-pac4j/src/main/java/com/buession/security/pac4j/http/JsonAjaxRequestResolver.java index 39b4ac86..9f4b4f9e 100644 --- a/buession-security-pac4j/src/main/java/com/buession/security/pac4j/http/JsonAjaxRequestResolver.java +++ b/buession-security-pac4j/src/main/java/com/buession/security/pac4j/http/JsonAjaxRequestResolver.java @@ -65,7 +65,7 @@ public HttpAction buildAjaxResponse(final WebContext context, final StringBuilder buffer = new StringBuilder("{\"redirect\":{"); if(CommonHelper.isNotBlank(url)){ - buffer.append("\"url\":\"").append(url).append("\""); + buffer.append("\"url\":\"").append(url).append('"'); } buffer.append("}}"); diff --git a/buession-security-parent/pom.xml b/buession-security-parent/pom.xml index 008ba774..852ec1a8 100644 --- a/buession-security-parent/pom.xml +++ b/buession-security-parent/pom.xml @@ -7,13 +7,13 @@ com.buession parent - 2.3.0 + 2.3.1 com.buession.security buession-security-parent https://security.buession.com/ Buession Security Framework Parent - 2.3.0 + 2.3.1 pom @@ -65,7 +65,7 @@ - 2.3.0 + 2.3.1 diff --git a/buession-security-shiro/pom.xml b/buession-security-shiro/pom.xml index 1cd30b2c..50643204 100644 --- a/buession-security-shiro/pom.xml +++ b/buession-security-shiro/pom.xml @@ -7,7 +7,7 @@ com.buession.security buession-security-parent ../buession-security-parent - 2.3.0 + 2.3.1 buession-security-shiro https://security.buession.com/ @@ -94,6 +94,13 @@ provided true + + javax.servlet.jsp + javax.servlet.jsp-api + 2.3.3 + provided + true + org.apache.velocity diff --git a/buession-security-shiro/src/main/java/com/buession/security/shiro/cache/RedisCache.java b/buession-security-shiro/src/main/java/com/buession/security/shiro/cache/RedisCache.java index 5daa82c7..1b166c17 100644 --- a/buession-security-shiro/src/main/java/com/buession/security/shiro/cache/RedisCache.java +++ b/buession-security-shiro/src/main/java/com/buession/security/shiro/cache/RedisCache.java @@ -68,14 +68,14 @@ public class RedisCache extends AbstractCache { /** * 值序列化对象 */ - private RedisSerializer valueSerializer = new ObjectSerializer<>(); + private RedisSerializer valueSerializer = new ObjectSerializer<>(); private final static Logger logger = LoggerFactory.getLogger(RedisCache.class); /** * 构造函数 */ - public RedisCache(){ + public RedisCache() { } /** @@ -86,7 +86,7 @@ public RedisCache(){ * @param expire * 有效期(单位:秒) */ - public RedisCache(String keyPrefix, int expire){ + public RedisCache(String keyPrefix, int expire) { super(keyPrefix, expire); } @@ -100,7 +100,7 @@ public RedisCache(String keyPrefix, int expire){ * @param principalIdFieldName * 身份信息 ID 字段名称 */ - public RedisCache(String keyPrefix, int expire, String principalIdFieldName){ + public RedisCache(String keyPrefix, int expire, String principalIdFieldName) { super(keyPrefix, expire, principalIdFieldName); } @@ -114,7 +114,7 @@ public RedisCache(String keyPrefix, int expire, String principalIdFieldName){ * @param expire * 有效期(单位:秒) */ - public RedisCache(RedisManager redisManager, String keyPrefix, int expire){ + public RedisCache(RedisManager redisManager, String keyPrefix, int expire) { this(keyPrefix, expire); setRedisManager(redisManager); } @@ -131,7 +131,7 @@ public RedisCache(RedisManager redisManager, String keyPrefix, int expire){ * @param principalIdFieldName * 身份信息 ID 字段名称 */ - public RedisCache(RedisManager redisManager, String keyPrefix, int expire, String principalIdFieldName){ + public RedisCache(RedisManager redisManager, String keyPrefix, int expire, String principalIdFieldName) { this(keyPrefix, expire, principalIdFieldName); setRedisManager(redisManager); } @@ -146,7 +146,7 @@ public RedisCache(RedisManager redisManager, String keyPrefix, int expire, Strin * * @since 1.2.2 */ - public RedisCache(RedisSerializer keySerializer, RedisSerializer valueSerializer){ + public RedisCache(RedisSerializer keySerializer, RedisSerializer valueSerializer) { setKeySerializer(keySerializer); setValueSerializer(valueSerializer); } @@ -166,7 +166,7 @@ public RedisCache(RedisSerializer keySerializer, RedisSerializer * @since 1.2.2 */ public RedisCache(String keyPrefix, int expire, RedisSerializer keySerializer, - RedisSerializer valueSerializer){ + RedisSerializer valueSerializer) { super(keyPrefix, expire); setKeySerializer(keySerializer); setValueSerializer(valueSerializer); @@ -189,7 +189,7 @@ public RedisCache(String keyPrefix, int expire, RedisSerializer keySeria * @since 1.2.2 */ public RedisCache(String keyPrefix, int expire, String principalIdFieldName, RedisSerializer keySerializer - , RedisSerializer valueSerializer){ + , RedisSerializer valueSerializer) { super(keyPrefix, expire, principalIdFieldName); setKeySerializer(keySerializer); setValueSerializer(valueSerializer); @@ -212,7 +212,7 @@ public RedisCache(String keyPrefix, int expire, String principalIdFieldName, Red * @since 1.2.2 */ public RedisCache(RedisManager redisManager, String keyPrefix, int expire, RedisSerializer keySerializer, - RedisSerializer valueSerializer){ + RedisSerializer valueSerializer) { this(keyPrefix, expire); setRedisManager(redisManager); setKeySerializer(keySerializer); @@ -238,18 +238,18 @@ public RedisCache(RedisManager redisManager, String keyPrefix, int expire, Redis * @since 1.2.2 */ public RedisCache(RedisManager redisManager, String keyPrefix, int expire, String principalIdFieldName, - RedisSerializer keySerializer, RedisSerializer valueSerializer){ + RedisSerializer keySerializer, RedisSerializer valueSerializer) { this(keyPrefix, expire, principalIdFieldName); setRedisManager(redisManager); setKeySerializer(keySerializer); setValueSerializer(valueSerializer); } - public RedisManager getRedisManager(){ + public RedisManager getRedisManager() { return redisManager; } - public void setRedisManager(final RedisManager redisManager){ + public void setRedisManager(final RedisManager redisManager) { Assert.isNull(redisManager, "RedisManager could not be null."); this.redisManager = redisManager; } @@ -261,7 +261,7 @@ public void setRedisManager(final RedisManager redisManager){ * * @since 1.2.2 */ - public RedisSerializer getKeySerializer(){ + public RedisSerializer getKeySerializer() { return keySerializer; } @@ -273,7 +273,7 @@ public RedisSerializer getKeySerializer(){ * * @since 1.2.2 */ - public void setKeySerializer(RedisSerializer keySerializer){ + public void setKeySerializer(RedisSerializer keySerializer) { Assert.isNull(keySerializer, "Key serializer could not be null."); this.keySerializer = keySerializer; } @@ -285,8 +285,9 @@ public void setKeySerializer(RedisSerializer keySerializer){ * * @since 1.2.2 */ - public RedisSerializer getValueSerializer(){ - return valueSerializer; + @SuppressWarnings({"unchecked"}) + public RedisSerializer getValueSerializer() { + return (RedisSerializer) valueSerializer; } /** @@ -297,14 +298,15 @@ public RedisSerializer getValueSerializer(){ * * @since 1.2.2 */ - public void setValueSerializer(RedisSerializer valueSerializer){ + @SuppressWarnings({"unchecked"}) + public void setValueSerializer(RedisSerializer valueSerializer) { Assert.isNull(valueSerializer, "Value serializer could not be null."); - this.valueSerializer = valueSerializer; + this.valueSerializer = (RedisSerializer) valueSerializer; } @Override @SuppressWarnings({"unchecked"}) - public Set keys(){ + public Set keys() { logger.debug("Get RedisCache Keys"); Set keys; @@ -333,8 +335,7 @@ public Set keys(){ } @Override - @SuppressWarnings({"unchecked"}) - public V get(K key) throws CacheException{ + public V get(K key) throws CacheException { logger.debug("Get RedisCache: {}", key); if(key == null){ return null; @@ -342,18 +343,15 @@ public V get(K key) throws CacheException{ try{ byte[] rawValue = redisManager.get(makeKey(key)); - return rawValue == null ? null : (V) valueSerializer.deserialize(rawValue); - }catch(SerializerException e){ - logger.error("Get cache error", e); - throw new CacheException(e); - }catch(DeserializerException e){ + return rawValue == null ? null : valueSerializer.deserialize(rawValue); + }catch(Exception e){ logger.error("Get cache error", e); throw new CacheException(e); } } @Override - public V put(K key, V value) throws CacheException{ + public V put(K key, V value) throws CacheException { logger.debug("Put RedisCache: {} => {}", key, value); if(key == null){ logger.warn("Saving a null key is meaningless, return value directly without call Redis."); @@ -373,8 +371,7 @@ public V put(K key, V value) throws CacheException{ } @Override - @SuppressWarnings({"unchecked"}) - public V remove(K key) throws CacheException{ + public V remove(K key) throws CacheException { logger.debug("Remove RedisCache: {}", key); if(key == null){ return null; @@ -383,22 +380,19 @@ public V remove(K key) throws CacheException{ try{ byte[] cacheKey = makeKey(key); byte[] rawValue = redisManager.get(cacheKey); - V previous = (V) valueSerializer.deserialize(rawValue); + V previous = valueSerializer.deserialize(rawValue); redisManager.delete(cacheKey); return previous; - }catch(SerializerException e){ - logger.error("Get cache error", e); - throw new CacheException(e); - }catch(DeserializerException e){ + }catch(Exception e){ logger.error("Remove cache error", e); throw new CacheException(e); } } @Override - public void clear() throws CacheException{ + public void clear() throws CacheException { logger.debug("Clear RedisCache"); Set keys = null; @@ -416,7 +410,7 @@ public void clear() throws CacheException{ } @Override - public int size(){ + public int size() { try{ Long longSize = redisManager.dbSize(); return longSize.intValue(); @@ -426,8 +420,7 @@ public int size(){ } @Override - @SuppressWarnings({"unchecked"}) - public Collection values(){ + public Collection values() { logger.debug("Get RedisCache Values"); Set keys; @@ -443,7 +436,7 @@ public Collection values(){ try{ for(byte[] key : keys){ - V value = (V) valueSerializer.deserialize(redisManager.get(key)); + V value = valueSerializer.deserialize(redisManager.get(key)); values.add(value); } }catch(DeserializerException e){ @@ -453,7 +446,7 @@ public Collection values(){ return Collections.unmodifiableList(values); } - protected final byte[] makeKey(K key) throws SerializerException{ + protected final byte[] makeKey(K key) throws SerializerException { if(key == null){ return null; } @@ -462,7 +455,7 @@ protected final byte[] makeKey(K key) throws SerializerException{ return makeKey(redisKey); } - protected final byte[] makeKey(String key) throws SerializerException{ + protected final byte[] makeKey(String key) throws SerializerException { if(key == null){ return null; } @@ -479,36 +472,30 @@ protected final byte[] makeKey(String key) throws SerializerException{ return keySerializer.serialize(sb.toString()); } - protected String getStringRedisKey(K key){ + protected String getStringRedisKey(K key) { return key instanceof PrincipalCollection ? getRedisKeyFromPrincipalCollection((PrincipalCollection) key) : key.toString(); } - protected String getRedisKeyFromPrincipalCollection(final PrincipalCollection principalCollection){ + protected String getRedisKeyFromPrincipalCollection(final PrincipalCollection principalCollection) { Object principalObject = principalCollection.getPrimaryPrincipal(); if(principalObject instanceof String){ return principalObject.toString(); } - Method principalIdGetter = getPrincipalIdGetter(principalObject); - return getIdObj(principalObject, principalIdGetter); + return getIdObj(principalObject, getPrincipalIdGetter(principalObject)); } - private Method getPrincipalIdGetter(Object principalObject){ - Method principalIdGetter = null; - String principalIdMethodName = getPrincipalIdMethodName(); - + private Method getPrincipalIdGetter(Object principalObject) { try{ - principalIdGetter = principalObject.getClass().getMethod(principalIdMethodName); + return principalObject.getClass().getMethod(getPrincipalIdMethodName()); }catch(NoSuchMethodException e){ throw new PrincipalInstanceException(principalObject.getClass(), getPrincipalIdFieldName(), e); } - - return principalIdGetter; } - private String getPrincipalIdMethodName(){ + private String getPrincipalIdMethodName() { if(Validate.isEmpty(getPrincipalIdFieldName())){ throw new CacheManagerPrincipalIdNotAssignedException(); } @@ -516,8 +503,7 @@ private String getPrincipalIdMethodName(){ return "get" + getPrincipalIdFieldName().substring(0, 1).toUpperCase() + getPrincipalIdFieldName().substring(1); } - private String getIdObj(Object principalObject, Method principalIdGetter){ - String str; + private String getIdObj(Object principalObject, Method principalIdGetter) { try{ Object idObj = principalIdGetter.invoke(principalObject); @@ -525,12 +511,10 @@ private String getIdObj(Object principalObject, Method principalIdGetter){ throw new PrincipalIdNullException(principalObject.getClass(), getPrincipalIdFieldName()); } - str = idObj.toString(); + return idObj.toString(); }catch(Exception e){ throw new PrincipalInstanceException(principalObject.getClass(), getPrincipalIdFieldName(), e); } - - return str; } } \ No newline at end of file diff --git a/buession-security-shiro/src/main/java/com/buession/security/shiro/cache/RedisCacheManager.java b/buession-security-shiro/src/main/java/com/buession/security/shiro/cache/RedisCacheManager.java index 659d761f..96df3dbf 100644 --- a/buession-security-shiro/src/main/java/com/buession/security/shiro/cache/RedisCacheManager.java +++ b/buession-security-shiro/src/main/java/com/buession/security/shiro/cache/RedisCacheManager.java @@ -68,7 +68,7 @@ public class RedisCacheManager extends AbstractCacheManager { /** * 构造函数 */ - public RedisCacheManager(){ + public RedisCacheManager() { super(); } @@ -80,7 +80,7 @@ public RedisCacheManager(){ * @param expire * 有效期(单位:秒) */ - public RedisCacheManager(String keyPrefix, int expire){ + public RedisCacheManager(String keyPrefix, int expire) { super(keyPrefix, expire); } @@ -94,7 +94,7 @@ public RedisCacheManager(String keyPrefix, int expire){ * @param principalIdFieldName * 身份信息 ID 字段名称 */ - public RedisCacheManager(String keyPrefix, int expire, String principalIdFieldName){ + public RedisCacheManager(String keyPrefix, int expire, String principalIdFieldName) { super(keyPrefix, expire, principalIdFieldName); } @@ -108,7 +108,7 @@ public RedisCacheManager(String keyPrefix, int expire, String principalIdFieldNa * @param expire * 有效期(单位:秒) */ - public RedisCacheManager(RedisManager redisManager, String keyPrefix, int expire){ + public RedisCacheManager(RedisManager redisManager, String keyPrefix, int expire) { this(keyPrefix, expire); setRedisManager(redisManager); } @@ -125,7 +125,7 @@ public RedisCacheManager(RedisManager redisManager, String keyPrefix, int expire * @param principalIdFieldName * 身份信息 ID 字段名称 */ - public RedisCacheManager(RedisManager redisManager, String keyPrefix, int expire, String principalIdFieldName){ + public RedisCacheManager(RedisManager redisManager, String keyPrefix, int expire, String principalIdFieldName) { this(keyPrefix, expire, principalIdFieldName); setRedisManager(redisManager); } @@ -140,7 +140,7 @@ public RedisCacheManager(RedisManager redisManager, String keyPrefix, int expire * * @since 1.2.2 */ - public RedisCacheManager(RedisSerializer keySerializer, RedisSerializer valueSerializer){ + public RedisCacheManager(RedisSerializer keySerializer, RedisSerializer valueSerializer) { setKeySerializer(keySerializer); setValueSerializer(valueSerializer); } @@ -160,7 +160,7 @@ public RedisCacheManager(RedisSerializer keySerializer, RedisSerializer< * @since 1.2.2 */ public RedisCacheManager(String keyPrefix, int expire, RedisSerializer keySerializer, - RedisSerializer valueSerializer){ + RedisSerializer valueSerializer) { super(keyPrefix, expire); setKeySerializer(keySerializer); setValueSerializer(valueSerializer); @@ -183,7 +183,7 @@ public RedisCacheManager(String keyPrefix, int expire, RedisSerializer k * @since 1.2.2 */ public RedisCacheManager(String keyPrefix, int expire, String principalIdFieldName, - RedisSerializer keySerializer, RedisSerializer valueSerializer){ + RedisSerializer keySerializer, RedisSerializer valueSerializer) { super(keyPrefix, expire, principalIdFieldName); setKeySerializer(keySerializer); setValueSerializer(valueSerializer); @@ -206,7 +206,7 @@ public RedisCacheManager(String keyPrefix, int expire, String principalIdFieldNa * @since 1.2.2 */ public RedisCacheManager(RedisManager redisManager, String keyPrefix, int expire, - RedisSerializer keySerializer, RedisSerializer valueSerializer){ + RedisSerializer keySerializer, RedisSerializer valueSerializer) { this(keyPrefix, expire); setRedisManager(redisManager); setKeySerializer(keySerializer); @@ -232,7 +232,7 @@ public RedisCacheManager(RedisManager redisManager, String keyPrefix, int expire * @since 1.2.2 */ public RedisCacheManager(RedisManager redisManager, String keyPrefix, int expire, String principalIdFieldName, - RedisSerializer keySerializer, RedisSerializer valueSerializer){ + RedisSerializer keySerializer, RedisSerializer valueSerializer) { this(keyPrefix, expire, principalIdFieldName); setRedisManager(redisManager); setKeySerializer(keySerializer); @@ -244,7 +244,7 @@ public RedisCacheManager(RedisManager redisManager, String keyPrefix, int expire * * @return Redis 管理器 {@link RedisManager} 实例 */ - public RedisManager getRedisManager(){ + public RedisManager getRedisManager() { return redisManager; } @@ -254,7 +254,7 @@ public RedisManager getRedisManager(){ * @param redisManager * Redis 管理器 {@link RedisManager} 实例 */ - public void setRedisManager(RedisManager redisManager){ + public void setRedisManager(RedisManager redisManager) { Assert.isNull(redisManager, "RedisManager could not be null."); this.redisManager = redisManager; } @@ -266,7 +266,7 @@ public void setRedisManager(RedisManager redisManager){ * * @since 1.2.2 */ - public RedisSerializer getKeySerializer(){ + public RedisSerializer getKeySerializer() { return keySerializer; } @@ -278,7 +278,7 @@ public RedisSerializer getKeySerializer(){ * * @since 1.2.2 */ - public void setKeySerializer(RedisSerializer keySerializer){ + public void setKeySerializer(RedisSerializer keySerializer) { Assert.isNull(keySerializer, "Key serializer could not be null."); this.keySerializer = keySerializer; } @@ -290,7 +290,7 @@ public void setKeySerializer(RedisSerializer keySerializer){ * * @since 1.2.2 */ - public RedisSerializer getValueSerializer(){ + public RedisSerializer getValueSerializer() { return valueSerializer; } @@ -302,14 +302,14 @@ public RedisSerializer getValueSerializer(){ * * @since 1.2.2 */ - public void setValueSerializer(RedisSerializer valueSerializer){ + public void setValueSerializer(RedisSerializer valueSerializer) { Assert.isNull(valueSerializer, "Value serializer could not be null."); this.valueSerializer = valueSerializer; } @Override @SuppressWarnings({"unchecked"}) - public Cache getCache(String name) throws CacheException{ + public Cache getCache(String name) throws CacheException { if(logger.isDebugEnabled()){ logger.debug("Get cache name: {}", name); } @@ -327,8 +327,8 @@ public Cache getCache(String name) throws CacheException{ return cache; } - protected String makeKey(final String key){ - return Validate.isEmpty(getKeyPrefix()) ? key + ":" : getKeyPrefix() + key + ":"; + protected String makeKey(final String key) { + return getKeyPrefix() == null ? key + ':' : getKeyPrefix() + key + ':'; } } \ No newline at end of file diff --git a/buession-security-shiro/src/main/java/com/buession/security/shiro/session/RedisSessionDAO.java b/buession-security-shiro/src/main/java/com/buession/security/shiro/session/RedisSessionDAO.java index c4feca80..85781892 100644 --- a/buession-security-shiro/src/main/java/com/buession/security/shiro/session/RedisSessionDAO.java +++ b/buession-security-shiro/src/main/java/com/buession/security/shiro/session/RedisSessionDAO.java @@ -24,7 +24,6 @@ */ package com.buession.security.shiro.session; -import com.buession.core.deserializer.DeserializerException; import com.buession.core.serializer.SerializerException; import com.buession.core.utils.Assert; import com.buession.core.validator.Validate; @@ -69,7 +68,7 @@ public class RedisSessionDAO extends AbstractSessionDAO { /** * 构造函数 */ - public RedisSessionDAO(){ + public RedisSessionDAO() { super(); } @@ -81,7 +80,7 @@ public RedisSessionDAO(){ * @param expire * 过期时间(单位:秒){@link #expire} */ - public RedisSessionDAO(String keyPrefix, int expire){ + public RedisSessionDAO(String keyPrefix, int expire) { super(keyPrefix, expire); } @@ -97,7 +96,7 @@ public RedisSessionDAO(String keyPrefix, int expire){ * @param sessionInMemoryTimeout * SESSION 存储在内存中的过期时间 */ - public RedisSessionDAO(String keyPrefix, int expire, boolean sessionInMemoryEnabled, long sessionInMemoryTimeout){ + public RedisSessionDAO(String keyPrefix, int expire, boolean sessionInMemoryEnabled, long sessionInMemoryTimeout) { super(keyPrefix, expire, sessionInMemoryEnabled, sessionInMemoryTimeout); } @@ -111,7 +110,7 @@ public RedisSessionDAO(String keyPrefix, int expire, boolean sessionInMemoryEnab * @param expire * 过期时间(单位:秒){@link #expire} */ - public RedisSessionDAO(RedisManager redisManager, String keyPrefix, int expire){ + public RedisSessionDAO(RedisManager redisManager, String keyPrefix, int expire) { this(keyPrefix, expire); setRedisManager(redisManager); } @@ -131,7 +130,7 @@ public RedisSessionDAO(RedisManager redisManager, String keyPrefix, int expire){ * SESSION 存储在内存中的过期时间 */ public RedisSessionDAO(RedisManager redisManager, String keyPrefix, int expire, boolean sessionInMemoryEnabled, - long sessionInMemoryTimeout){ + long sessionInMemoryTimeout) { this(keyPrefix, expire, sessionInMemoryEnabled, sessionInMemoryTimeout); this.redisManager = redisManager; } @@ -141,7 +140,7 @@ public RedisSessionDAO(RedisManager redisManager, String keyPrefix, int expire, * * @return {@link RedisManager} 实例 */ - public RedisManager getRedisManager(){ + public RedisManager getRedisManager() { return redisManager; } @@ -151,7 +150,7 @@ public RedisManager getRedisManager(){ * @param redisManager * {@link RedisManager} 实例 */ - public void setRedisManager(RedisManager redisManager){ + public void setRedisManager(RedisManager redisManager) { Assert.isNull(redisManager, "RedisManager could not be null."); this.redisManager = redisManager; } @@ -163,7 +162,7 @@ public void setRedisManager(RedisManager redisManager){ * * @since 1.2.2 */ - public RedisSerializer getKeySerializer(){ + public RedisSerializer getKeySerializer() { return keySerializer; } @@ -175,7 +174,7 @@ public RedisSerializer getKeySerializer(){ * * @since 1.2.2 */ - public void setKeySerializer(RedisSerializer keySerializer){ + public void setKeySerializer(RedisSerializer keySerializer) { Assert.isNull(keySerializer, "Key serializer could not be null."); this.keySerializer = keySerializer; } @@ -187,7 +186,7 @@ public void setKeySerializer(RedisSerializer keySerializer){ * * @since 1.2.2 */ - public RedisSerializer getValueSerializer(){ + public RedisSerializer getValueSerializer() { return valueSerializer; } @@ -199,13 +198,13 @@ public RedisSerializer getValueSerializer(){ * * @since 1.2.2 */ - public void setValueSerializer(RedisSerializer valueSerializer){ + public void setValueSerializer(RedisSerializer valueSerializer) { Assert.isNull(valueSerializer, "Value serializer could not be null."); this.valueSerializer = valueSerializer; } @Override - protected void doSaveSession(final Session session) throws UnknownSessionException{ + protected void doSaveSession(final Session session) throws UnknownSessionException { byte[] key; byte[] value; @@ -237,7 +236,7 @@ protected void doSaveSession(final Session session) throws UnknownSessionExcepti } @Override - protected Session doReadSpecialSession(Serializable sessionId){ + protected Session doReadSpecialSession(Serializable sessionId) { Session session = null; try{ @@ -247,9 +246,7 @@ protected Session doReadSpecialSession(Serializable sessionId){ if(value != null){ session = valueSerializer.deserialize(value); } - }catch(SerializerException e){ - logger.error("read session: {} error: {}.", sessionId, e.getMessage()); - }catch(DeserializerException e){ + }catch(Exception e){ logger.error("read session: {} error: {}.", sessionId, e.getMessage()); } @@ -257,7 +254,7 @@ protected Session doReadSpecialSession(Serializable sessionId){ } @Override - protected Collection doGetActiveSessions(){ + protected Collection doGetActiveSessions() { Set sessions = new HashSet<>(); byte[] pattern; @@ -272,9 +269,7 @@ protected Collection doGetActiveSessions(){ sessions.add(session); } } - }catch(SerializerException e){ - logger.error("get active sessions error: {}.", e.getMessage()); - }catch(DeserializerException e){ + }catch(Exception e){ logger.error("get active sessions error: {}.", e.getMessage()); } @@ -282,7 +277,7 @@ protected Collection doGetActiveSessions(){ } @Override - protected void doDeleteSession(Session session){ + protected void doDeleteSession(Session session) { try{ redisManager.delete(getSessionKey(session.getId())); }catch(SerializerException e){ @@ -290,11 +285,11 @@ protected void doDeleteSession(Session session){ } } - protected byte[] getSessionKey(Serializable sessionId) throws SerializerException{ + protected byte[] getSessionKey(Serializable sessionId) throws SerializerException { return keySerializer.serialize(makeKey(sessionId.toString())); } - protected String makeKey(final String key){ + protected String makeKey(final String key) { return getKeyPrefix() == null ? key : getKeyPrefix() + key; } diff --git a/buession-security-shiro/src/main/java/com/buession/security/shiro/session/mgt/DefaultWebSessionManager.java b/buession-security-shiro/src/main/java/com/buession/security/shiro/session/mgt/DefaultWebSessionManager.java index 1af7bf2d..b9ee2084 100644 --- a/buession-security-shiro/src/main/java/com/buession/security/shiro/session/mgt/DefaultWebSessionManager.java +++ b/buession-security-shiro/src/main/java/com/buession/security/shiro/session/mgt/DefaultWebSessionManager.java @@ -49,12 +49,12 @@ public class DefaultWebSessionManager extends org.apache.shiro.web.session.mgt.D /** * 构造函数 */ - public DefaultWebSessionManager(){ + public DefaultWebSessionManager() { super(); } @Override - protected Session retrieveSession(SessionKey sessionKey) throws UnknownSessionException{ + protected Session retrieveSession(SessionKey sessionKey) throws UnknownSessionException { Serializable sessionId = getSessionId(sessionKey); if(sessionId == null){ logger.debug( @@ -70,9 +70,9 @@ protected Session retrieveSession(SessionKey sessionKey) throws UnknownSessionEx request = WebUtils.getHttpRequest(sessionKey); if(request != null){ - Object s = request.getAttribute(sessionIdValue); - if(s != null){ - return (Session) s; + Object session = request.getAttribute(sessionIdValue); + if(session != null){ + return (Session) session; } } } diff --git a/buession-security-shiro/src/main/java/org/apache/shiro/web/tags/HasAnyPermissionsTag.java b/buession-security-shiro/src/main/java/org/apache/shiro/web/tags/HasAnyPermissionsTag.java new file mode 100644 index 00000000..1fc22c81 --- /dev/null +++ b/buession-security-shiro/src/main/java/org/apache/shiro/web/tags/HasAnyPermissionsTag.java @@ -0,0 +1,55 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. + * See the NOTICE file distributed with this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License is + * distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and limitations under the License. + * + * ========================================================================================================= + * + * This software consists of voluntary contributions made by many individuals on behalf of the + * Apache Software Foundation. For more information on the Apache Software Foundation, please see + * . + * + * +-------------------------------------------------------------------------------------------------------+ + * | License: http://www.apache.org/licenses/LICENSE-2.0.txt | + * | Author: Yong.Teng | + * | Copyright @ 2013-2023 Buession.com Inc. | + * +-------------------------------------------------------------------------------------------------------+ + */ +package org.apache.shiro.web.tags; + +import com.buession.core.utils.StringUtils; +import org.apache.shiro.subject.Subject; + +/** + * 判断是否具备任意权限,多个权限名称以","分割 + * + * @author Yong.Teng + * @since 2.3.1 + */ +public class HasAnyPermissionsTag extends PermissionTag { + + private final static char PERMISSION_NAMES_SEPARATOR = ','; + + @Override + protected boolean showTagBody(String permissionNames) { + Subject subject = getSubject(); + + if(subject != null){ + for(String permission : StringUtils.split(permissionNames, PERMISSION_NAMES_SEPARATOR)){ + if(subject.isPermitted(permission.trim())){ + return true; + } + } + } + + return false; + } + +} diff --git a/buession-security-shiro/src/main/java/org/apache/shiro/web/tags/package-info.java b/buession-security-shiro/src/main/java/org/apache/shiro/web/tags/package-info.java new file mode 100644 index 00000000..05a30b42 --- /dev/null +++ b/buession-security-shiro/src/main/java/org/apache/shiro/web/tags/package-info.java @@ -0,0 +1,29 @@ +/* + * Licensed to the Apache Software Foundation (ASF) under one or more contributor license agreements. + * See the NOTICE file distributed with this work for additional information regarding copyright ownership. + * The ASF licenses this file to you under the Apache License, Version 2.0 (the "License"); you may not + * use this file except in compliance with the License. You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software distributed under the License is + * distributed on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and limitations under the License. + * + * ========================================================================================================= + * + * This software consists of voluntary contributions made by many individuals on behalf of the + * Apache Software Foundation. For more information on the Apache Software Foundation, please see + * . + * + * +-------------------------------------------------------------------------------------------------------+ + * | License: http://www.apache.org/licenses/LICENSE-2.0.txt | + * | Author: Yong.Teng | + * | Copyright @ 2013-2023 Buession.com Inc. | + * +-------------------------------------------------------------------------------------------------------+ + */ +/** + * @author Yong.Teng + * @since 2.3.1 + */ +package org.apache.shiro.web.tags; \ No newline at end of file diff --git a/buession-security-spring/pom.xml b/buession-security-spring/pom.xml index ceacb526..cfd99f4e 100644 --- a/buession-security-spring/pom.xml +++ b/buession-security-spring/pom.xml @@ -7,7 +7,7 @@ com.buession.security buession-security-parent ../buession-security-parent - 2.3.0 + 2.3.1 buession-security-spring https://security.buession.com/ @@ -87,11 +87,11 @@ org.bouncycastle - bcprov-jdk15on + bcprov-jdk18on org.bouncycastle - bcpkix-jdk15on + bcpkix-jdk18on diff --git a/buession-security-web/pom.xml b/buession-security-web/pom.xml index a4dc6901..66f6a2d3 100644 --- a/buession-security-web/pom.xml +++ b/buession-security-web/pom.xml @@ -7,7 +7,7 @@ com.buession.security buession-security-parent ../buession-security-parent - 2.3.0 + 2.3.1 buession-security-web https://security.buession.com/ @@ -122,19 +122,10 @@ provided - - org.bouncycastle - bcprov-jdk15on - - - org.bouncycastle - bcpkix-jdk15on - - org.owasp.antisamy antisamy - 1.7.2 + 1.7.3 org.slf4j diff --git a/buession-security-web/src/main/java/com/buession/security/web/xss/reactive/XssFilter.java b/buession-security-web/src/main/java/com/buession/security/web/xss/reactive/XssFilter.java index 67c87200..54111eb4 100644 --- a/buession-security-web/src/main/java/com/buession/security/web/xss/reactive/XssFilter.java +++ b/buession-security-web/src/main/java/com/buession/security/web/xss/reactive/XssFilter.java @@ -25,6 +25,7 @@ package com.buession.security.web.xss.reactive; import org.owasp.validator.html.Policy; +import org.springframework.lang.Nullable; import org.springframework.web.server.ServerWebExchange; import org.springframework.web.server.WebFilter; import org.springframework.web.server.WebFilterChain; @@ -40,16 +41,16 @@ public class XssFilter implements WebFilter { private Policy policy; - public Policy getPolicy(){ + public Policy getPolicy() { return policy; } - public void setPolicy(Policy policy){ + public void setPolicy(Policy policy) { this.policy = policy; } @Override - public Mono filter(ServerWebExchange exchange, WebFilterChain chain){ + public Mono filter(@Nullable ServerWebExchange exchange, WebFilterChain chain) { return chain.filter(exchange); } diff --git a/buession-security-web/src/main/java/com/buession/security/web/xss/servlet/XssFilter.java b/buession-security-web/src/main/java/com/buession/security/web/xss/servlet/XssFilter.java index 0c182756..995f8ccf 100644 --- a/buession-security-web/src/main/java/com/buession/security/web/xss/servlet/XssFilter.java +++ b/buession-security-web/src/main/java/com/buession/security/web/xss/servlet/XssFilter.java @@ -27,6 +27,7 @@ package com.buession.security.web.xss.servlet; import org.owasp.validator.html.Policy; +import org.springframework.lang.Nullable; import org.springframework.web.filter.OncePerRequestFilter; import javax.servlet.FilterChain; @@ -45,17 +46,18 @@ public class XssFilter extends OncePerRequestFilter { private Policy policy; - public Policy getPolicy(){ + public Policy getPolicy() { return policy; } - public void setPolicy(Policy policy){ + public void setPolicy(Policy policy) { this.policy = policy; } @Override - protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) - throws ServletException, IOException{ + protected void doFilterInternal(@Nullable HttpServletRequest request, @Nullable HttpServletResponse response, + FilterChain filterChain) + throws ServletException, IOException { XssServletRequestWrapper xssServletRequestWrapper = new XssServletRequestWrapper(request, getPolicy()); filterChain.doFilter(xssServletRequestWrapper, response); }