Skip to content

Commit

Permalink
Merge pull request #17 from buession/development
Browse files Browse the repository at this point in the history
Release 2.3.2
eduosi authored Dec 27, 2023

Verified

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
2 parents f13364a + 7249432 commit 6c68ee1
Showing 72 changed files with 3,809 additions and 618 deletions.
43 changes: 43 additions & 0 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -2,6 +2,49 @@
===========================


## [2.3.2](https://github.com/buession/buession-security/releases/tag/v2.3.2) (2023-12-27)

### 🔨依赖升级

- [依赖库版本升级和安全漏洞修复](https://github.com/buession/buession-parent/releases/tag/v2.3.2)
- [owasp antisamy](https://github.com/nahsra/antisamy) 版本升级至 1.7.4


### ⭐ 新特性

- **buession-security-captcha:** GeetestClient 增加 v3、v4 版本判断方法
- **buession-security-shiro:** 增加判断是否具备所有权限 Tag HasAllPermissionsTag


### 🔔 变化

- **buession-security-shiro:** 依赖 javax.servlet.jsp-api 更换为 jakarta.servlet.jsp-api


### 🐞 Bug 修复

- **buession-security-pac4j:** 修复 webflux 模式下 PrincipalMethodArgumentResolver 继承了错误类的 BUG


### 漏洞修复

- [owasp antisamy](https://github.com/nahsra/antisamy) 修复 [CVE-2023-43643] 漏洞


### ⏪ 优化

- **buession-security-captcha:** 代码质量优化
- **buession-security-pac4j:** 代码质量优化


### 📔 文档

- **buession-security-shiro:** 完善注释


---


## [2.3.1](https://github.com/buession/buession-security/releases/tag/v2.3.1) (2023-11-17)

### 🔨依赖升级
2 changes: 1 addition & 1 deletion buession-security-captcha/pom.xml
Original file line number Diff line number Diff line change
@@ -7,7 +7,7 @@
<groupId>com.buession.security</groupId>
<artifactId>buession-security-parent</artifactId>
<relativePath>../buession-security-parent</relativePath>
<version>2.3.1</version>
<version>2.3.2</version>
</parent>
<artifactId>buession-security-captcha</artifactId>
<url>https://security.buession.com/</url>
Original file line number Diff line number Diff line change
@@ -224,21 +224,10 @@ public String getEndpoint() {
* @return 检测结果
*/
private static boolean checkParam(final AliYunRequestData requestData) throws RequiredParameterCaptchaException {
if(Validate.hasText(requestData.getToken()) == false){
throw new RequiredParameterCaptchaException("Token");
}

if(Validate.hasText(requestData.getSig()) == false){
throw new RequiredParameterCaptchaException("Sig");
}

if(Validate.hasText(requestData.getSessionId()) == false){
throw new RequiredParameterCaptchaException("SessionId");
}

if(Validate.hasText(requestData.getScene()) == false){
throw new RequiredParameterCaptchaException("Scene");
}
Assert.isBlank(requestData.getToken(), ()->new RequiredParameterCaptchaException("Token"));
Assert.isBlank(requestData.getSig(), ()->new RequiredParameterCaptchaException("Sig"));
Assert.isBlank(requestData.getSessionId(), ()->new RequiredParameterCaptchaException("SessionId"));
Assert.isBlank(requestData.getScene(), ()->new RequiredParameterCaptchaException("Scene"));

return true;
}
Original file line number Diff line number Diff line change
@@ -19,7 +19,7 @@
* +-------------------------------------------------------------------------------------------------------+
* | License: http://www.apache.org/licenses/LICENSE-2.0.txt |
* | Author: Yong.Teng <webmaster@buession.com> |
* | Copyright @ 2013-2022 Buession.com Inc. |
* | Copyright @ 2013-2023 Buession.com Inc. |
* +-------------------------------------------------------------------------------------------------------+
*/
package com.buession.security.captcha.core;
@@ -34,27 +34,28 @@ public class RequiredParameterCaptchaException extends CaptchaException {

private final String parameter;

public RequiredParameterCaptchaException(String parameter){
public RequiredParameterCaptchaException(String parameter) {
super("Parameter \"" + parameter + "\" cloud not be empty or null.");
this.parameter = parameter;
}

public RequiredParameterCaptchaException(String parameter, String message){
public RequiredParameterCaptchaException(String parameter, String message) {
super(message);
this.parameter = parameter;
}

public RequiredParameterCaptchaException(String parameter, Throwable cause){
public RequiredParameterCaptchaException(String parameter, Throwable cause) {
super("Parameter \"" + parameter + "\" cloud not be empty or null.", cause);
this.parameter = parameter;
}

public RequiredParameterCaptchaException(String parameter, String message, Throwable cause){
public RequiredParameterCaptchaException(String parameter, String message, Throwable cause) {
super(message, cause);
this.parameter = parameter;
}

public String getParameter(){
public String getParameter() {
return parameter;
}

}
Original file line number Diff line number Diff line change
@@ -19,7 +19,7 @@
* +-------------------------------------------------------------------------------------------------------+
* | License: http://www.apache.org/licenses/LICENSE-2.0.txt |
* | Author: Yong.Teng <webmaster@buession.com> |
* | Copyright @ 2013-2022 Buession.com Inc. |
* | Copyright @ 2013-2023 Buession.com Inc. |
* +-------------------------------------------------------------------------------------------------------+
*/
package com.buession.security.captcha.geetest;
@@ -37,8 +37,30 @@ public interface GeetestClient extends CaptchaClient {
void setHttpClient(HttpClient httpClient);

@Override
default Manufacturer getManufacturer(){
default Manufacturer getManufacturer() {
return Manufacturer.GEETEST;
}

/**
* 返回是否为 V3 版本
*
* @return true / false
*
* @since 2.3.2
*/
default boolean isV3() {
return "v3".equalsIgnoreCase(getVersion());
}

/**
* 返回是否为 V3 版本
*
* @return true / false
*
* @since 2.3.2
*/
default boolean isV4() {
return "v4".equalsIgnoreCase(getVersion());
}

}
Original file line number Diff line number Diff line change
@@ -26,6 +26,7 @@

import com.buession.core.builder.MapBuilder;
import com.buession.core.id.SimpleIdGenerator;
import com.buession.core.utils.Assert;
import com.buession.core.validator.Validate;
import com.buession.httpclient.HttpClient;
import com.buession.httpclient.core.Response;
@@ -189,17 +190,9 @@ public String getVersion() {
*/
private static boolean checkParam(final GeetestV3RequestData requestData)
throws RequiredParameterCaptchaException {
if(Validate.hasText(requestData.getChallenge()) == false){
throw new RequiredParameterCaptchaException("challenge");
}

if(Validate.hasText(requestData.getValidate()) == false){
throw new RequiredParameterCaptchaException("validate");
}

if(Validate.hasText(requestData.getSeccode()) == false){
throw new RequiredParameterCaptchaException("seccode");
}
Assert.isBlank(requestData.getChallenge(), ()->new RequiredParameterCaptchaException("challenge"));
Assert.isBlank(requestData.getValidate(), ()->new RequiredParameterCaptchaException("validate"));
Assert.isBlank(requestData.getSeccode(), ()->new RequiredParameterCaptchaException("seccode"));

return true;
}
Original file line number Diff line number Diff line change
@@ -25,7 +25,7 @@
package com.buession.security.captcha.geetest.api.v4;

import com.buession.core.builder.MapBuilder;
import com.buession.core.validator.Validate;
import com.buession.core.utils.Assert;
import com.buession.httpclient.HttpClient;
import com.buession.httpclient.core.EncodedFormRequestBody;
import com.buession.httpclient.core.Response;
@@ -62,7 +62,7 @@ public final class GeetestV4Client extends AbstractGeetestClient {
* @param secretKey
* 私钥
*/
public GeetestV4Client(final String appId, final String secretKey){
public GeetestV4Client(final String appId, final String secretKey) {
super(appId, secretKey);
}

@@ -76,12 +76,12 @@ public GeetestV4Client(final String appId, final String secretKey){
* @param httpClient
* {@link HttpClient}
*/
public GeetestV4Client(final String appId, final String secretKey, final HttpClient httpClient){
public GeetestV4Client(final String appId, final String secretKey, final HttpClient httpClient) {
super(appId, secretKey, httpClient);
}

@Override
public InitResponse initialize(RequestData requestData){
public InitResponse initialize(RequestData requestData) {
if(logger.isDebugEnabled()){
logger.debug("验证初始化");
}
@@ -90,7 +90,7 @@ public InitResponse initialize(RequestData requestData){
}

@Override
public Status validate(RequestData requestData) throws CaptchaException{
public Status validate(RequestData requestData) throws CaptchaException {
if(logger.isDebugEnabled()){
logger.debug("二次验证, 请求参数:{}.", requestData);
}
@@ -134,7 +134,7 @@ public Status validate(RequestData requestData) throws CaptchaException{
}

@Override
public String getVersion(){
public String getVersion() {
return "v4";
}

@@ -147,22 +147,11 @@ public String getVersion(){
* @return 检测结果
*/
private static boolean checkParam(final GeetestV4RequestData requestData)
throws RequiredParameterCaptchaException{
if(Validate.hasText(requestData.getLotNumber()) == false){
throw new RequiredParameterCaptchaException("lot_number");
}

if(Validate.hasText(requestData.getCaptchaOutput()) == false){
throw new RequiredParameterCaptchaException("captcha_output");
}

if(Validate.hasText(requestData.getPassToken()) == false){
throw new RequiredParameterCaptchaException("pass_token");
}

if(Validate.hasText(requestData.getGenTime()) == false){
throw new RequiredParameterCaptchaException("gen_time");
}
throws RequiredParameterCaptchaException {
Assert.isBlank(requestData.getLotNumber(), ()->new RequiredParameterCaptchaException("lot_number"));
Assert.isBlank(requestData.getCaptchaOutput(), ()->new RequiredParameterCaptchaException("captcha_output"));
Assert.isBlank(requestData.getPassToken(), ()->new RequiredParameterCaptchaException("pass_token"));
Assert.isBlank(requestData.getGenTime(), ()->new RequiredParameterCaptchaException("gen_time"));

return true;
}
Original file line number Diff line number Diff line change
@@ -25,7 +25,6 @@
package com.buession.security.captcha.tencent;

import com.buession.core.utils.Assert;
import com.buession.core.validator.Validate;
import com.buession.httpclient.HttpClient;
import com.buession.httpclient.core.Response;
import com.buession.lang.Status;
@@ -71,7 +70,7 @@ public class TencentCaptchaClient extends AbstractCaptchaClient {
* @param secretKey
* 原始的 SecretKey
*/
public TencentCaptchaClient(final String secretId, final String secretKey){
public TencentCaptchaClient(final String secretId, final String secretKey) {
Assert.isBlank(secretId, "Secret Id cloud not be empty or null");
Assert.isBlank(secretKey, "Secret Key cloud not be empty or null");
this.secretId = secretId;
@@ -88,13 +87,13 @@ public TencentCaptchaClient(final String secretId, final String secretKey){
* @param httpClient
* {@link HttpClient} 实例
*/
public TencentCaptchaClient(final String secretId, final String secretKey, final HttpClient httpClient){
public TencentCaptchaClient(final String secretId, final String secretKey, final HttpClient httpClient) {
this(secretId, secretKey);
setHttpClient(httpClient);
}

@Override
public Status validate(RequestData requestData) throws CaptchaException{
public Status validate(RequestData requestData) throws CaptchaException {
if(logger.isDebugEnabled()){
logger.debug("二次验证, 请求参数:{}.", requestData);
}
@@ -135,12 +134,12 @@ public Status validate(RequestData requestData) throws CaptchaException{
}

@Override
public Manufacturer getManufacturer(){
public Manufacturer getManufacturer() {
return Manufacturer.TENCENT;
}

@Override
public String getVersion(){
public String getVersion() {
return "2019-07-22";
}

@@ -153,14 +152,9 @@ public String getVersion(){
* @return 检测结果
*/
private static boolean checkParam(final TencentRequestData requestData)
throws RequiredParameterCaptchaException{
if(Validate.hasText(requestData.getTicket()) == false){
throw new RequiredParameterCaptchaException("Ticket");
}

if(Validate.hasText(requestData.getRandstr()) == false){
throw new RequiredParameterCaptchaException("Randstr");
}
throws RequiredParameterCaptchaException {
Assert.isBlank(requestData.getTicket(), ()->new RequiredParameterCaptchaException("Ticket"));
Assert.isBlank(requestData.getRandstr(), ()->new RequiredParameterCaptchaException("Randstr"));

return true;
}
Original file line number Diff line number Diff line change
@@ -19,7 +19,7 @@
* +-------------------------------------------------------------------------------------------------------+
* | License: http://www.apache.org/licenses/LICENSE-2.0.txt |
* | Author: Yong.Teng <webmaster@buession.com> |
* | Copyright @ 2013-2022 Buession.com Inc. |
* | Copyright @ 2013-2023 Buession.com Inc. |
* +-------------------------------------------------------------------------------------------------------+
*/
package com.buession.security.captcha.validator.reactive;
@@ -57,15 +57,15 @@ public class ReactiveGeetestCaptchaValidator extends GeetestCaptchaValidator imp
* {@link GeetestParameter} 实例
*/
public ReactiveGeetestCaptchaValidator(final GeetestCaptchaClient geetestCaptchaClient,
final GeetestParameter parameter){
final GeetestParameter parameter) {
super(geetestCaptchaClient, parameter);
}

@Override
public Status validate(final ServerHttpRequest request) throws CaptchaException{
public Status validate(final ServerHttpRequest request) throws CaptchaException {
MultiValueMap<String, String> parameters = request.getQueryParams();

if("v3".equals(captchaClient.getVersion())){
if(captchaClient.isV3()){
final GeetestV3Parameter geetestV3Parameter = (GeetestV3Parameter) parameter;
final GeetestV3RequestData requestData = new GeetestV3RequestData();

@@ -84,7 +84,7 @@ public Status validate(final ServerHttpRequest request) throws CaptchaException{
}

return validate(requestData);
}else if("v4".equals(captchaClient.getVersion())){
}else if(captchaClient.isV4()){
final GeetestV4Parameter geetestV4Parameter = (GeetestV4Parameter) parameter;
final GeetestV4RequestData requestData = new GeetestV4RequestData();

Loading

0 comments on commit 6c68ee1

Please sign in to comment.