Merge pull request #13 from buession/development

Release 2.3.0
buession · Aug 17, 2023 · a9b2de1 · a9b2de1
2 parents 13d08da + 2cf829c
commit a9b2de1
Show file tree

Hide file tree

Showing 87 changed files with 3,238 additions and 1,135 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -2,6 +2,29 @@
 ===========================
 
 
+## [2.3.0](https://github.com/buession/buession-security/releases/tag/v2.3.0) (2023-08-17)
+
+### 🔨依赖升级
+
+- [依赖库版本升级和安全漏洞修复](https://github.com/buession/buession-parent/releases/tag/v2.3.0)
+- [owasp antisamy](https://github.com/nahsra/antisamy) 版本升级至 1.7.2
+
+
+### ⭐ 新特性
+
+- **buession-security-crypto：** 新增该模块，逐步替代 buession-security-mcrypt
+- **buession-security-mcrypt：** 新增 SM3、SM4 加密
+- **buession-security-mcrypt：** 新增 ShaPasswordGenerator、Sm3PasswordGenerator、Sm4PasswordGenerator 密码生成器
+
+
+### ⏪ 优化
+
+- 其它优化
+
+
+---
+
+
 ## [2.2.1](https://github.com/buession/buession-security/releases/tag/v2.2.1) (2022-03-31)
 
 ### 🔨依赖升级

diff --git a/buession-security-captcha/pom.xml b/buession-security-captcha/pom.xml
@@ -7,7 +7,7 @@
 		<groupId>com.buession.security</groupId>
 		<artifactId>buession-security-parent</artifactId>
 		<relativePath>../buession-security-parent</relativePath>
-		<version>2.2.1</version>
+		<version>2.3.0</version>
 	</parent>
 	<artifactId>buession-security-captcha</artifactId>
 	<url>https://security.buession.com/</url>

diff --git a/...n-security-captcha/src/main/java/com/buession/security/captcha/AbstractCaptchaClient.java b/...n-security-captcha/src/main/java/com/buession/security/captcha/AbstractCaptchaClient.java
@@ -19,14 +19,17 @@
  * +-------------------------------------------------------------------------------------------------------+
  * | License: http://www.apache.org/licenses/LICENSE-2.0.txt 										       |
  * | Author: Yong.Teng <webmaster@buession.com> 													       |
- * | Copyright @ 2013-2022 Buession.com Inc.														       |
+ * | Copyright @ 2013-2023 Buession.com Inc.														       |
  * +-------------------------------------------------------------------------------------------------------+
  */
 package com.buession.security.captcha;
 
 import com.buession.core.utils.VersionUtils;
 import com.buession.httpclient.HttpClient;
 import com.buession.httpclient.core.Header;
+import com.fasterxml.jackson.core.JsonProcessingException;
+import com.fasterxml.jackson.databind.DeserializationFeature;
+import com.fasterxml.jackson.databind.ObjectMapper;
 
 import java.util.ArrayList;
 import java.util.List;
@@ -81,4 +84,12 @@ protected List<Header> getHeaders(){
 		return headers;
 	}
 
+	protected static <T> T parseObject(final String str, final Class<T> clazz) throws JsonProcessingException{
+		ObjectMapper objectMapper = new ObjectMapper();
+
+		objectMapper.configure(DeserializationFeature.FAIL_ON_UNKNOWN_PROPERTIES, false);
+
+		return objectMapper.readValue(str, clazz);
+	}
+
 }
diff --git a/...urity-captcha/src/main/java/com/buession/security/captcha/aliyun/AliYunCaptchaClient.java b/...urity-captcha/src/main/java/com/buession/security/captcha/aliyun/AliYunCaptchaClient.java
@@ -19,7 +19,7 @@
  * +-------------------------------------------------------------------------------------------------------+
  * | License: http://www.apache.org/licenses/LICENSE-2.0.txt 										       |
  * | Author: Yong.Teng <webmaster@buession.com> 													       |
- * | Copyright @ 2013-2022 Buession.com Inc.														       |
+ * | Copyright @ 2013-2023 Buession.com Inc.														       |
  * +-------------------------------------------------------------------------------------------------------+
  */
 package com.buession.security.captcha.aliyun;
@@ -34,7 +34,6 @@
 import com.buession.security.captcha.core.Manufacturer;
 import com.buession.security.captcha.core.RequestData;
 import com.buession.security.captcha.core.RequiredParameterCaptchaException;
-import com.buession.security.captcha.utils.ObjectMapperUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -81,7 +80,7 @@ public class AliYunCaptchaClient extends AbstractCaptchaClient {
 	 * @param appKey
 	 * 		服务使用的 App Key
 	 */
-	public AliYunCaptchaClient(final String accessKeyId, final String accessKeySecret, final String appKey){
+	public AliYunCaptchaClient(final String accessKeyId, final String accessKeySecret, final String appKey) {
 		Assert.isBlank(accessKeyId, "AccessKeyId cloud not be empty or null");
 		Assert.isBlank(accessKeySecret, "AccessKeySecret cloud not be empty or null");
 		Assert.isBlank(appKey, "AppKey cloud not be empty or null");
@@ -103,7 +102,7 @@ public AliYunCaptchaClient(final String accessKeyId, final String accessKeySecre
 	 *        {@link HttpClient} 实例
 	 */
 	public AliYunCaptchaClient(final String accessKeyId, final String accessKeySecret, final String appKey,
-							   final HttpClient httpClient){
+							   final HttpClient httpClient) {
 		this(accessKeyId, accessKeySecret, appKey);
 		setHttpClient(httpClient);
 	}
@@ -121,7 +120,7 @@ public AliYunCaptchaClient(final String accessKeyId, final String accessKeySecre
 	 * 		区域 ID
 	 */
 	public AliYunCaptchaClient(final String accessKeyId, final String accessKeySecret, final String appKey,
-							   final String regionId){
+							   final String regionId) {
 		this(accessKeyId, accessKeySecret, appKey);
 		if(Validate.hasText(regionId)){
 			endpoint = String.format("https://afs.%s.aliyuncs.com", regionId);
@@ -143,13 +142,13 @@ public AliYunCaptchaClient(final String accessKeyId, final String accessKeySecre
 	 * 		Http Client
 	 */
 	public AliYunCaptchaClient(final String accessKeyId, final String accessKeySecret, final String appKey,
-							   final String regionId, final HttpClient httpClient){
+							   final String regionId, final HttpClient httpClient) {
 		this(accessKeyId, accessKeySecret, appKey, regionId);
 		setHttpClient(httpClient);
 	}
 
 	@Override
-	public Status validate(RequestData requestData) throws CaptchaException{
+	public Status validate(RequestData requestData) throws CaptchaException {
 		if(logger.isDebugEnabled()){
 			logger.debug("二次验证, 请求参数：{}.", requestData);
 		}
@@ -176,8 +175,7 @@ public Status validate(RequestData requestData) throws CaptchaException{
 			}
 
 			if(response.isSuccessful()){
-				AliyunEnhencedResult result = ObjectMapperUtils.createObjectMapper().readValue(response.getBody(),
-						AliyunEnhencedResult.class);
+				AliyunEnhencedResult result = parseObject(response.getBody(), AliyunEnhencedResult.class);
 
 				if(result.getCode() == 100){
 					return Status.SUCCESS;
@@ -199,12 +197,12 @@ public Status validate(RequestData requestData) throws CaptchaException{
 	}
 
 	@Override
-	public Manufacturer getManufacturer(){
+	public Manufacturer getManufacturer() {
 		return Manufacturer.ALIYUN;
 	}
 
 	@Override
-	public String getVersion(){
+	public String getVersion() {
 		return "2018-01-12";
 	}
 
@@ -213,7 +211,7 @@ public String getVersion(){
 	 *
 	 * @return 端点
 	 */
-	public String getEndpoint(){
+	public String getEndpoint() {
 		return endpoint;
 	}
 
@@ -225,8 +223,7 @@ public String getEndpoint(){
 	 *
 	 * @return 检测结果
 	 */
-	private static boolean checkParam(final AliYunRequestData requestData)
-			throws RequiredParameterCaptchaException{
+	private static boolean checkParam(final AliYunRequestData requestData) throws RequiredParameterCaptchaException {
 		if(Validate.hasText(requestData.getToken()) == false){
 			throw new RequiredParameterCaptchaException("Token");
 		}

diff --git a/...aptcha/src/main/java/com/buession/security/captcha/geetest/api/AbstractGeetestClient.java b/...aptcha/src/main/java/com/buession/security/captcha/geetest/api/AbstractGeetestClient.java
@@ -19,7 +19,7 @@
  * +-------------------------------------------------------------------------------------------------------+
  * | License: http://www.apache.org/licenses/LICENSE-2.0.txt 										       |
  * | Author: Yong.Teng <webmaster@buession.com> 													       |
- * | Copyright @ 2013-2022 Buession.com Inc.														       |
+ * | Copyright @ 2013-2023 Buession.com Inc.														       |
  * +-------------------------------------------------------------------------------------------------------+
  */
 package com.buession.security.captcha.geetest.api;
@@ -57,7 +57,7 @@ public abstract class AbstractGeetestClient extends AbstractCaptchaClient implem
 	 * @param secretKey
 	 * 		私钥
 	 */
-	public AbstractGeetestClient(final String appId, final String secretKey){
+	public AbstractGeetestClient(final String appId, final String secretKey) {
 		this.appId = appId;
 		this.secretKey = secretKey;
 	}
@@ -72,18 +72,14 @@ public AbstractGeetestClient(final String appId, final String secretKey){
 	 * @param httpClient
 	 *        {@link HttpClient}
 	 */
-	public AbstractGeetestClient(final String appId, final String secretKey, final HttpClient httpClient){
+	public AbstractGeetestClient(final String appId, final String secretKey, final HttpClient httpClient) {
 		this(appId, secretKey);
 		setHttpClient(httpClient);
 	}
 
-	protected String getSdkName(){
+	protected String getSdkName() {
 		if(sdkName == null){
-			final StringBuilder sb = new StringBuilder("Geetest-Java-SDK-");
-
-			sb.append(getClass().getName()).append('/').append(VersionUtils.determineClassVersion(getClass()));
-
-			sdkName = sb.toString();
+			sdkName = "Geetest-Java-SDK-" + getClass().getName() + '/' + VersionUtils.determineClassVersion(getClass());
 		}
 
 		return sdkName;

diff --git a/...y-captcha/src/main/java/com/buession/security/captcha/geetest/api/v3/GeetestV3Client.java b/...y-captcha/src/main/java/com/buession/security/captcha/geetest/api/v3/GeetestV3Client.java
@@ -19,7 +19,7 @@
  * +-------------------------------------------------------------------------------------------------------+
  * | License: http://www.apache.org/licenses/LICENSE-2.0.txt 										       |
  * | Author: Yong.Teng <webmaster@buession.com> 													       |
- * | Copyright @ 2013-2022 Buession.com Inc.														       |
+ * | Copyright @ 2013-2023 Buession.com Inc.														       |
  * +-------------------------------------------------------------------------------------------------------+
  */
 package com.buession.security.captcha.geetest.api.v3;
@@ -36,7 +36,6 @@
 import com.buession.security.captcha.geetest.api.AbstractGeetestClient;
 import com.buession.security.captcha.core.InitResponse;
 import com.buession.security.captcha.core.RequestData;
-import com.buession.security.captcha.utils.ObjectMapperUtils;
 import com.buession.security.mcrypt.Algo;
 import com.buession.security.mcrypt.MD5Mcrypt;
 import org.slf4j.Logger;
@@ -115,8 +114,7 @@ public InitResponse initialize(RequestData requestData){
 		try{
 			Response response = getHttpClient().get(REGISTER_URL, parametersBuilder.build());
 
-			initResult = ObjectMapperUtils.createObjectMapper()
-					.readValue(response.getBody(), GeetestV3InitResponse.class);
+			initResult = parseObject(response.getBody(), GeetestV3InitResponse.class);
 
 			if(logger.isInfoEnabled()){
 				logger.info("register api return data: {}", initResult);
@@ -166,8 +164,7 @@ public Status validate(RequestData requestData) throws CaptchaException{
 				logger.info("二次验证 response: {}", response);
 			}
 
-			GeetestV3ValidateResponse resp = ObjectMapperUtils.createObjectMapper().readValue(response.getBody(),
-					GeetestV3ValidateResponse.class);
+			GeetestV3ValidateResponse resp = parseObject(response.getBody(), GeetestV3ValidateResponse.class);
 			if("false".equals(resp.getSeccode())){
 				logger.error("二次验证失败: {}", resp);
 				throw new CaptchaValidateFailureException(null, null);

diff --git a/...cha/src/main/java/com/buession/security/captcha/geetest/api/v3/GeetestV3InitResponse.java b/...cha/src/main/java/com/buession/security/captcha/geetest/api/v3/GeetestV3InitResponse.java
@@ -19,7 +19,7 @@
  * +-------------------------------------------------------------------------------------------------------+
  * | License: http://www.apache.org/licenses/LICENSE-2.0.txt 										       |
  * | Author: Yong.Teng <webmaster@buession.com> 													       |
- * | Copyright @ 2013-2022 Buession.com Inc.														       |
+ * | Copyright @ 2013-2023 Buession.com Inc.														       |
  * +-------------------------------------------------------------------------------------------------------+
  */
 package com.buession.security.captcha.geetest.api.v3;
@@ -86,7 +86,7 @@ public void setNewCaptcha(Boolean newCaptcha){
 
 	@Override
 	public String toString(){
-		return new StringJoiner(", ", GeetestV3InitResponse.class.getSimpleName() + "[", "]")
+		return new StringJoiner(", ", "[", "]")
 				.add("success=" + success)
 				.add("gt=" + gt)
 				.add("challenge=" + challenge)

diff --git a/...y-captcha/src/main/java/com/buession/security/captcha/geetest/api/v4/GeetestV4Client.java b/...y-captcha/src/main/java/com/buession/security/captcha/geetest/api/v4/GeetestV4Client.java
@@ -19,7 +19,7 @@
  * +-------------------------------------------------------------------------------------------------------+
  * | License: http://www.apache.org/licenses/LICENSE-2.0.txt 										       |
  * | Author: Yong.Teng <webmaster@buession.com> 													       |
- * | Copyright @ 2013-2022 Buession.com Inc.														       |
+ * | Copyright @ 2013-2023 Buession.com Inc.														       |
  * +-------------------------------------------------------------------------------------------------------+
  */
 package com.buession.security.captcha.geetest.api.v4;
@@ -36,7 +36,6 @@
 import com.buession.security.captcha.geetest.api.AbstractGeetestClient;
 import com.buession.security.captcha.core.InitResponse;
 import com.buession.security.captcha.core.RequestData;
-import com.buession.security.captcha.utils.ObjectMapperUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -120,8 +119,7 @@ public Status validate(RequestData requestData) throws CaptchaException{
 				logger.info("二次验证 response: {}", response);
 			}
 
-			GeetestV4ValidateResponse resp = ObjectMapperUtils.createObjectMapper()
-					.readValue(response.getBody(), GeetestV4ValidateResponse.class);
+			GeetestV4ValidateResponse resp = parseObject(response.getBody(), GeetestV4ValidateResponse.class);
 
 			if("success".equals(resp.getResult())){
 				return Status.SUCCESS;

diff --git a/...ity-captcha/src/main/java/com/buession/security/captcha/tencent/TencentCaptchaClient.java b/...ity-captcha/src/main/java/com/buession/security/captcha/tencent/TencentCaptchaClient.java
@@ -19,7 +19,7 @@
  * +-------------------------------------------------------------------------------------------------------+
  * | License: http://www.apache.org/licenses/LICENSE-2.0.txt 										       |
  * | Author: Yong.Teng <webmaster@buession.com> 													       |
- * | Copyright @ 2013-2022 Buession.com Inc.														       |
+ * | Copyright @ 2013-2023 Buession.com Inc.														       |
  * +-------------------------------------------------------------------------------------------------------+
  */
 package com.buession.security.captcha.tencent;
@@ -35,7 +35,6 @@
 import com.buession.security.captcha.core.Manufacturer;
 import com.buession.security.captcha.core.RequestData;
 import com.buession.security.captcha.core.RequiredParameterCaptchaException;
-import com.buession.security.captcha.utils.ObjectMapperUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 
@@ -120,8 +119,7 @@ public Status validate(RequestData requestData) throws CaptchaException{
 				logger.info("二次验证 response: {}", response);
 			}
 
-			TencentValidateResponse resp = ObjectMapperUtils.createObjectMapper().readValue(response.getBody(),
-					TencentValidateResponse.class);
+			TencentValidateResponse resp = parseObject(response.getBody(), TencentValidateResponse.class);
 
 			if(resp.getResponse() == 1){
 				return Status.SUCCESS;

diff --git a/buession-security-core/pom.xml b/buession-security-core/pom.xml
@@ -7,7 +7,7 @@
 		<groupId>com.buession.security</groupId>
 		<artifactId>buession-security-parent</artifactId>
 		<relativePath>../buession-security-parent</relativePath>
-		<version>2.2.1</version>
+		<version>2.3.0</version>
 	</parent>
 	<artifactId>buession-security-core</artifactId>
 	<url>https://security.buession.com/</url>