Skip to content

Commit

Permalink
Merge pull request #16 from buession/2.3.x
Browse files Browse the repository at this point in the history
Release 2.3.1
  • Loading branch information
eduosi authored Nov 17, 2023
2 parents a9b2de1 + f13364a commit 3b22bb9
Show file tree
Hide file tree
Showing 31 changed files with 384 additions and 220 deletions.
23 changes: 23 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,29 @@
===========================


## [2.3.1](https://github.com/buession/buession-security/releases/tag/v2.3.1) (2023-11-17)

### 🔨依赖升级

- [依赖库版本升级和安全漏洞修复](https://github.com/buession/buession-parent/releases/tag/v2.3.1)
- [owasp antisamy](https://github.com/nahsra/antisamy) 版本升级至 1.7.3


### ⭐ 新特性

- **buession-security-shiro:** 新增任意权限 jsp tag HasAnyPermissionsTag


### 🔔 变化

- **buession-security-mcrypt:** Base64 编码、解码使用 java 内置 API
- **buession-security-pac4j:** cas client 不再默认引用
- **buession-security-web:** 移除 org.bouncycastle 依赖


---


## [2.3.0](https://github.com/buession/buession-security/releases/tag/v2.3.0) (2023-08-17)

### 🔨依赖升级
Expand Down
2 changes: 1 addition & 1 deletion buession-security-captcha/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
<groupId>com.buession.security</groupId>
<artifactId>buession-security-parent</artifactId>
<relativePath>../buession-security-parent</relativePath>
<version>2.3.0</version>
<version>2.3.1</version>
</parent>
<artifactId>buession-security-captcha</artifactId>
<url>https://security.buession.com/</url>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
* +-------------------------------------------------------------------------------------------------------+
* | License: http://www.apache.org/licenses/LICENSE-2.0.txt |
* | Author: Yong.Teng <webmaster@buession.com> |
* | Copyright @ 2013-2022 Buession.com Inc. |
* | Copyright @ 2013-2023 Buession.com Inc. |
* +-------------------------------------------------------------------------------------------------------+
*/
package com.buession.security.captcha.aliyun;
Expand All @@ -35,8 +35,6 @@
import java.io.UnsupportedEncodingException;
import java.net.URLEncoder;
import java.nio.charset.StandardCharsets;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.text.SimpleDateFormat;
import java.util.Arrays;
import java.util.Date;
Expand Down Expand Up @@ -69,15 +67,15 @@ class AliyunParametersBuilder implements ParametersBuilder<AliYunRequestData> {
private final AliYunCaptchaClient client;

AliyunParametersBuilder(final String accessKeyId, final String accessKeySecret, final String appKey,
final AliYunCaptchaClient client){
final AliYunCaptchaClient client) {
this.accessKeyId = accessKeyId;
this.accessKeySecret = accessKeySecret;
this.appKey = appKey;
this.client = client;
}

@Override
public Map<String, String> build(final AliYunRequestData requestData){
public Map<String, String> build(final AliYunRequestData requestData) {
SimpleDateFormat sdf = new SimpleDateFormat("yyyy-MM-dd'T'HH:mm:ss'Z'");
Date date = new Date();

Expand All @@ -89,11 +87,8 @@ public Map<String, String> build(final AliYunRequestData requestData){
.put("SignatureVersion", SIGNATURE_VERSION).put("AccessKeyId", accessKeyId)
.put("AppKey", appKey).put("Timestamp", sdf.format(date)).put("Token", requestData.getToken())
.put("Sig", requestData.getSig()).put("SessionId", requestData.getSessionId())
.put("Scene", requestData.getScene());

if(requestData.getClientIp() != null){
builder.put("RemoteIp", requestData.getClientIp());
}
.put("Scene", requestData.getScene())
.putIfPresent("RemoteIp", requestData.getClientIp());

Map<String, String> parameters = builder.build();

Expand All @@ -102,15 +97,11 @@ public Map<String, String> build(final AliYunRequestData requestData){
return parameters;
}

protected static String randomStr(final Date date){
final StringBuilder sb = new StringBuilder(20);

sb.append(StringUtils.random(7)).append('_').append(date.getTime());

return sb.toString();
protected static String randomStr(final Date date) {
return StringUtils.random(7) + '_' + date.getTime();
}

protected static String percentEncode(final String value){
protected static String percentEncode(final String value) {
try{
return value != null ? URLEncoder.encode(value, "UTF-8").replace("+", "%20").replace("*", "%2A")
.replace("%7E", "~") : null;
Expand All @@ -119,7 +110,7 @@ protected static String percentEncode(final String value){
}
}

protected static String signature(final String signKey, final Map<String, String> parameters){
protected static String signature(final String signKey, final Map<String, String> parameters) {
String[] sortedKeys = parameters.keySet().toArray(new String[0]);
Arrays.sort(sortedKeys);

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -67,7 +67,7 @@ public final class GeetestV3Client extends AbstractGeetestClient {
* @param secretKey
* 私钥
*/
public GeetestV3Client(final String appId, final String secretKey){
public GeetestV3Client(final String appId, final String secretKey) {
super(appId, secretKey);
}

Expand All @@ -81,12 +81,12 @@ public GeetestV3Client(final String appId, final String secretKey){
* @param httpClient
* {@link HttpClient}
*/
public GeetestV3Client(final String appId, final String secretKey, final HttpClient httpClient){
public GeetestV3Client(final String appId, final String secretKey, final HttpClient httpClient) {
super(appId, secretKey, httpClient);
}

@Override
public InitResponse initialize(RequestData requestData){
public InitResponse initialize(RequestData requestData) {
if(logger.isDebugEnabled()){
logger.debug("验证初始化");
}
Expand All @@ -96,16 +96,13 @@ public InitResponse initialize(RequestData requestData){
.put("gt", appId)
.put("json_format", "1")
.put("digestmod", Algo.MD5.getName())
.put("sdk", getSdkName());
.put("sdk", getSdkName())
.putIfPresent("ip_address", requestV3Data.getIpAddress());

if(requestV3Data.getClientType() != null){
parametersBuilder.put("client_type", requestV3Data.getClientType().getValue());
}

if(requestV3Data.getIpAddress() != null){
parametersBuilder.put("ip_address", requestV3Data.getIpAddress());
}

if(logger.isDebugEnabled()){
logger.debug("验证初始化, parameters:{}.", parametersBuilder.build());
}
Expand Down Expand Up @@ -139,7 +136,7 @@ public InitResponse initialize(RequestData requestData){
}

@Override
public Status validate(RequestData requestData) throws CaptchaException{
public Status validate(RequestData requestData) throws CaptchaException {
if(logger.isDebugEnabled()){
logger.debug("二次验证, 请求参数:{}.", requestData);
}
Expand Down Expand Up @@ -178,7 +175,7 @@ public Status validate(RequestData requestData) throws CaptchaException{
}

@Override
public String getVersion(){
public String getVersion() {
return "v3";
}

Expand All @@ -191,7 +188,7 @@ public String getVersion(){
* @return 检测结果
*/
private static boolean checkParam(final GeetestV3RequestData requestData)
throws RequiredParameterCaptchaException{
throws RequiredParameterCaptchaException {
if(Validate.hasText(requestData.getChallenge()) == false){
throw new RequiredParameterCaptchaException("challenge");
}
Expand All @@ -217,7 +214,7 @@ private static boolean checkParam(final GeetestV3RequestData requestData)
*
* @return 生成签名结果
*/
private String sign(final GeetestV3InitResponse initResponse){
private String sign(final GeetestV3InitResponse initResponse) {
MD5Mcrypt md5Mcrypt = new MD5Mcrypt(StandardCharsets.UTF_8, secretKey);
return md5Mcrypt.encode(initResponse.getChallenge());
}
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
* +-------------------------------------------------------------------------------------------------------+
* | License: http://www.apache.org/licenses/LICENSE-2.0.txt |
* | Author: Yong.Teng <webmaster@buession.com> |
* | Copyright @ 2013-2022 Buession.com Inc. |
* | Copyright @ 2013-2023 Buession.com Inc. |
* +-------------------------------------------------------------------------------------------------------+
*/
package com.buession.security.captcha.geetest.api.v3;
Expand All @@ -41,34 +41,28 @@ class GeetestV3ParametersBuilder implements ParametersBuilder<GeetestV3RequestDa

private final String sdkName;

GeetestV3ParametersBuilder(final String appId, final String secretKey, final String sdkName){
GeetestV3ParametersBuilder(final String appId, final String secretKey, final String sdkName) {
this.appId = appId;
this.secretKey = secretKey;
this.sdkName = sdkName;
}

@Override
public Map<String, String> build(final GeetestV3RequestData requestData){
public Map<String, String> build(final GeetestV3RequestData requestData) {
MapBuilder<String, String> builder = MapBuilder.<String, String>create(9)
.put("captchaid", appId)
.put("challenge", requestData.getChallenge())
.put("validate", requestData.getValidate())
.put("seccode", requestData.getSeccode())
.put("json_format", "1")
.put("sdk", sdkName);

if(requestData.getUserId() != null){
builder.put("user_id", requestData.getUserId());
}
.put("sdk", sdkName)
.putIfPresent("user_id", requestData.getUserId())
.putIfPresent("ip_address", requestData.getIpAddress());

if(requestData.getClientType() != null){
builder.put("client_type", requestData.getClientType().getValue());
}

if(requestData.getIpAddress() != null){
builder.put("ip_address", requestData.getIpAddress());
}

return builder.build();
}

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
* +-------------------------------------------------------------------------------------------------------+
* | License: http://www.apache.org/licenses/LICENSE-2.0.txt |
* | Author: Yong.Teng <webmaster@buession.com> |
* | Copyright @ 2013-2022 Buession.com Inc. |
* | Copyright @ 2013-2023 Buession.com Inc. |
* +-------------------------------------------------------------------------------------------------------+
*/
package com.buession.security.captcha.tencent;
Expand All @@ -39,22 +39,19 @@ class TencentParametersBuilder implements ParametersBuilder<TencentRequestData>

private final String secretKey;

TencentParametersBuilder(final String secretId, final String secretKey){
TencentParametersBuilder(final String secretId, final String secretKey) {
this.secretId = secretId;
this.secretKey = secretKey;
}

@Override
public Map<String, String> build(final TencentRequestData requestData){
public Map<String, String> build(final TencentRequestData requestData) {
MapBuilder<String, String> builder = MapBuilder.<String, String>create(5)
.put("aid", secretId)
.put("AppSecretKey", secretKey)
.put("Ticket", requestData.getTicket())
.put("Randstr", requestData.getRandstr());

if(requestData.getClientIp() != null){
builder.put("UserIP", requestData.getClientIp());
}
.put("Randstr", requestData.getRandstr())
.putIfPresent("UserIP", requestData.getClientIp());

return builder.build();
}
Expand Down
2 changes: 1 addition & 1 deletion buession-security-core/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
<groupId>com.buession.security</groupId>
<artifactId>buession-security-parent</artifactId>
<relativePath>../buession-security-parent</relativePath>
<version>2.3.0</version>
<version>2.3.1</version>
</parent>
<artifactId>buession-security-core</artifactId>
<url>https://security.buession.com/</url>
Expand Down
4 changes: 2 additions & 2 deletions buession-security-crypto/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
<groupId>com.buession.security</groupId>
<artifactId>buession-security-parent</artifactId>
<relativePath>../buession-security-parent</relativePath>
<version>2.3.0</version>
<version>2.3.1</version>
</parent>
<artifactId>buession-security-crypto</artifactId>
<url>https://security.buession.com/</url>
Expand Down Expand Up @@ -75,7 +75,7 @@

<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<artifactId>bcprov-jdk18on</artifactId>
</dependency>

<dependency>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -47,7 +47,7 @@ public abstract class AbstractCrypto implements Crypto {
/**
* 加密算法
*/
private Algorithm algorithm;
private final Algorithm algorithm;

/**
* 加密密钥
Expand Down
4 changes: 2 additions & 2 deletions buession-security-mcrypt/pom.xml
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
<groupId>com.buession.security</groupId>
<artifactId>buession-security-parent</artifactId>
<relativePath>../buession-security-parent</relativePath>
<version>2.3.0</version>
<version>2.3.1</version>
</parent>
<artifactId>buession-security-mcrypt</artifactId>
<url>https://security.buession.com/</url>
Expand Down Expand Up @@ -80,7 +80,7 @@

<dependency>
<groupId>org.bouncycastle</groupId>
<artifactId>bcprov-jdk15on</artifactId>
<artifactId>bcprov-jdk18on</artifactId>
</dependency>

<dependency>
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -612,6 +612,11 @@ public com.buession.security.crypto.Mode getOriginal() {
return original;
}

@Override
public String toString() {
return original.toString();
}

}

/**
Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -28,7 +28,8 @@

import com.buession.core.utils.Assert;
import com.buession.security.crypto.utils.ObjectUtils;
import org.apache.commons.codec.binary.Base64;

import java.util.Base64;

import java.nio.charset.Charset;

Expand Down Expand Up @@ -94,13 +95,14 @@ public Base64Mcrypt(final Charset charset, final String salt) {
@Override
public String encrypt(final Object object) {
Assert.isNull(object, "Mcrypt encrypt object could not be null.");
return Base64.encodeBase64String((ObjectUtils.toString(object) + getRealSalt()).getBytes(getCharset()));
return Base64.getEncoder()
.encodeToString((ObjectUtils.toString(object) + getRealSalt()).getBytes(getCharset()));
}

@Override
public String decrypt(final CharSequence cs) {
Assert.isNull(cs, "Mcrypt decrypt object could not be null.");
return new String(Base64.decodeBase64(cs.toString()), getCharset());
return new String(Base64.getDecoder().decode(cs.toString()), getCharset());
}

}
Original file line number Diff line number Diff line change
Expand Up @@ -624,6 +624,11 @@ public com.buession.security.crypto.Mode getOriginal() {
return original;
}

@Override
public String toString() {
return original.toString();
}

}

/**
Expand Down
Loading

0 comments on commit 3b22bb9

Please sign in to comment.