Merge pull request #7 from buession/2.1.x

release 2.1.1
buession · Aug 18, 2022 · c2c0fcb · c2c0fcb
2 parents 538d999 + c0705b4
commit c2c0fcb
Show file tree

Hide file tree

Showing 20 changed files with 71 additions and 34 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,6 +1,28 @@
  Buession Security Changelog
 ===========================
 
+
+## [2.1.1](https://github.com/buession/buession-parent/releases/tag/v2.1.1) (2022-08-18)
+
+### 🔨依赖升级
+
+- [依赖库版本升级和安全漏洞修复](https://github.com/buession/buession-parent/releases/tag/v2.1.1)
+
+
+### 🔔 变化
+
+- **buession-security-pac4j：** ProfileUtils.toMap(CommonProfile profile) 从 CommonProfile 转换为 Map 由首先写入 CommonProfile.getAttributes() 的数据，再也入固有字段的数据转换为先写入固有字段的数据，再写入 CommonProfile.getAttributes() 的数据，该变化影响注解 @Principal 的转换结果
+- **buession-security-pac4j：** 废弃注解 @Principal 的 id、realName 属性
+
+
+### 🐞 Bug 修复
+
+- **buession-security-pac4j：** 修复 JsonAjaxRequestResolver 返回值不是合法 JSON 字符的 BUG
+
+
+---
+
+
 ## [2.1.0](https://github.com/buession/buession-security/releases/tag/v2.1.0) (2022-08-07)
 
 ### 🔨依赖升级

diff --git a/README.md b/README.md
@@ -14,7 +14,7 @@
 
 
 <p align="center">
-	<img src="docs/images/logo.png" alt="Buession Security" title="Buession Security" width="280px" />
+	<img src="logo.png" alt="Buession Security" title="Buession Security" width="280px" />
 </p>
 
 ## Requirements

diff --git a/buession-security-captcha/pom.xml b/buession-security-captcha/pom.xml
@@ -7,7 +7,7 @@
 		<groupId>com.buession.security</groupId>
 		<artifactId>buession-security-parent</artifactId>
 		<relativePath>../buession-security-parent</relativePath>
-		<version>2.1.0</version>
+		<version>2.1.1</version>
 	</parent>
 	<artifactId>buession-security-captcha</artifactId>
 	<url>https://github.com/buession/buession-security</url>

diff --git a/buession-security-core/pom.xml b/buession-security-core/pom.xml
@@ -7,7 +7,7 @@
 		<groupId>com.buession.security</groupId>
 		<artifactId>buession-security-parent</artifactId>
 		<relativePath>../buession-security-parent</relativePath>
-		<version>2.1.0</version>
+		<version>2.1.1</version>
 	</parent>
 	<artifactId>buession-security-core</artifactId>
 	<url>https://github.com/buession/buession-security</url>

diff --git a/buession-security-mcrypt/pom.xml b/buession-security-mcrypt/pom.xml
@@ -7,7 +7,7 @@
 		<groupId>com.buession.security</groupId>
 		<artifactId>buession-security-parent</artifactId>
 		<relativePath>../buession-security-parent</relativePath>
-		<version>2.1.0</version>
+		<version>2.1.1</version>
 	</parent>
 	<artifactId>buession-security-mcrypt</artifactId>
 	<url>https://github.com/buession/buession-security</url>

diff --git a/buession-security-pac4j/pom.xml b/buession-security-pac4j/pom.xml
@@ -7,7 +7,7 @@
 		<groupId>com.buession.security</groupId>
 		<artifactId>buession-security-parent</artifactId>
 		<relativePath>../buession-security-parent</relativePath>
-		<version>2.1.0</version>
+		<version>2.1.1</version>
 	</parent>
 	<artifactId>buession-security-pac4j</artifactId>
 	<url>https://github.com/buession/buession-security</url>
@@ -71,6 +71,13 @@
 			<scope>compile</scope>
 		</dependency>
 
+		<dependency>
+			<groupId>com.buession.cas</groupId>
+			<artifactId>buession-cas-client</artifactId>
+			<version>${buession.cas.version}</version>
+			<scope>compile</scope>
+		</dependency>
+
 		<dependency>
 			<groupId>org.springframework</groupId>
 			<artifactId>spring-beans</artifactId>

diff --git a/buession-security-pac4j/src/main/java/com/buession/security/pac4j/annotation/Principal.java b/buession-security-pac4j/src/main/java/com/buession/security/pac4j/annotation/Principal.java
@@ -40,8 +40,10 @@
 @Documented
 public @interface Principal {
 
+	@Deprecated
 	String id() default ValueConstants.DEFAULT_NONE;
 
+	@Deprecated
 	String realName() default ValueConstants.DEFAULT_NONE;
 
 	/**

diff --git a/...-pac4j/src/main/java/com/buession/security/pac4j/annotation/PrincipalAnnotationUtils.java b/...-pac4j/src/main/java/com/buession/security/pac4j/annotation/PrincipalAnnotationUtils.java
@@ -29,6 +29,8 @@
 import org.pac4j.core.profile.CommonProfile;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
+import org.springframework.beans.BeanUtils;
+import org.springframework.core.MethodParameter;
 
 import java.util.Map;
 
@@ -51,7 +53,7 @@ public static <T> T toObject(final Pac4jPrincipal principal, final Principal ann
 		}
 
 		try{
-			T instance = org.springframework.beans.BeanUtils.instantiateClass(paramType);
+			T instance = BeanUtils.instantiateClass(paramType);
 			Map<String, Object> attributes = ProfileUtils.toMap(profile);
 
 			com.buession.beans.BeanUtils.populate(instance, attributes);
@@ -67,4 +69,11 @@ public static <T> T toObject(final Pac4jPrincipal principal, final Principal ann
 		}
 	}
 
+	public static Object resolve(final MethodParameter parameter, final Pac4jPrincipal principal){
+		Principal annotation = parameter.getParameterAnnotation(Principal.class);
+		Class<?> paramType = parameter.getParameterType();
+
+		return toObject(principal, annotation, paramType);
+	}
+
 }
diff --git a/...java/com/buession/security/pac4j/annotation/reactive/PrincipalMethodArgumentResolver.java b/...java/com/buession/security/pac4j/annotation/reactive/PrincipalMethodArgumentResolver.java
@@ -64,13 +64,8 @@ protected NamedValueInfo createNamedValueInfo(MethodParameter parameter){
 
 	@Override
 	protected Mono<Object> resolveName(String name, MethodParameter parameter, ServerWebExchange exchange){
-		return exchange.getPrincipal().map((principal)->{
-			Principal annotation = parameter.getParameterAnnotation(Principal.class);
-			Class<?> paramType = parameter.getParameterType();
-
-			return PrincipalAnnotationUtils.toObject((Pac4jPrincipal) principal, annotation,
-					paramType);
-		});
+		return exchange.getPrincipal()
+				.map((principal)->PrincipalAnnotationUtils.resolve(parameter, (Pac4jPrincipal) principal));
 	}
 
 	private final static class PrincipalNamedValueInfo extends NamedValueInfo {

diff --git a/...ity-pac4j/src/main/java/com/buession/security/pac4j/annotation/reactive/package-info.java b/...ity-pac4j/src/main/java/com/buession/security/pac4j/annotation/reactive/package-info.java
@@ -26,4 +26,7 @@
  * @author Yong.Teng
  * @since 2.1.0
  */
-package com.buession.security.pac4j.annotation.reactive;
+@NonNullApi
+package com.buession.security.pac4j.annotation.reactive;
+
+import org.springframework.lang.NonNullApi;
diff --git a/.../java/com/buession/security/pac4j/annotation/servlet/PrincipalMethodArgumentResolver.java b/.../java/com/buession/security/pac4j/annotation/servlet/PrincipalMethodArgumentResolver.java
@@ -66,11 +66,7 @@ protected NamedValueInfo createNamedValueInfo(MethodParameter parameter){
 	@Override
 	@Nullable
 	protected Object resolveName(String name, MethodParameter parameter, NativeWebRequest request){
-		Principal annotation = parameter.getParameterAnnotation(Principal.class);
-		Class<?> paramType = parameter.getParameterType();
-
-		return PrincipalAnnotationUtils.toObject((Pac4jPrincipal) request.getUserPrincipal(), annotation,
-				paramType);
+		return PrincipalAnnotationUtils.resolve(parameter, (Pac4jPrincipal) request.getUserPrincipal());
 	}
 
 	private final static class PrincipalNamedValueInfo extends NamedValueInfo {

diff --git a/...rity-pac4j/src/main/java/com/buession/security/pac4j/annotation/servlet/package-info.java b/...rity-pac4j/src/main/java/com/buession/security/pac4j/annotation/servlet/package-info.java
@@ -19,7 +19,10 @@
  * +-------------------------------------------------------------------------------------------------------+
  * | License: http://www.apache.org/licenses/LICENSE-2.0.txt 										       |
  * | Author: Yong.Teng <webmaster@buession.com> 													       |
- * | Copyright @ 2013-2020 Buession.com Inc.														       |
+ * | Copyright @ 2013-2022 Buession.com Inc.														       |
  * +-------------------------------------------------------------------------------------------------------+
  */
-package com.buession.security.pac4j.annotation.servlet;
+@NonNullApi
+package com.buession.security.pac4j.annotation.servlet;
+
+import org.springframework.lang.NonNullApi;
diff --git a/...ecurity-pac4j/src/main/java/com/buession/security/pac4j/http/JsonAjaxRequestResolver.java b/...ecurity-pac4j/src/main/java/com/buession/security/pac4j/http/JsonAjaxRequestResolver.java
@@ -62,16 +62,12 @@ public HttpAction buildAjaxResponse(final WebContext context,
 			throw UnauthorizedAction.INSTANCE;
 		}
 
-		final StringBuilder buffer = new StringBuilder();
-		buffer.append("{\"redirect\":");
+		final StringBuilder buffer = new StringBuilder("{\"redirect\":{");
 
 		if(CommonHelper.isNotBlank(url)){
-			buffer.append('{');
 			buffer.append("\"url\":\"").append(url).append("\"");
-			buffer.append('}');
-		}else{
-			buffer.append("{}");
 		}
+		buffer.append("}}");
 
 		return RedirectionActionHelper.buildFormPostContentAction(context, buffer.toString());
 	}

diff --git a/...ecurity-pac4j/src/main/java/com/buession/security/pac4j/http/TextAjaxRequestResolver.java b/...ecurity-pac4j/src/main/java/com/buession/security/pac4j/http/TextAjaxRequestResolver.java
@@ -24,6 +24,7 @@
  */
 package com.buession.security.pac4j.http;
 
+import com.buession.lang.Constants;
 import org.pac4j.core.context.HttpConstants;
 import org.pac4j.core.context.WebContext;
 import org.pac4j.core.exception.http.HttpAction;
@@ -64,7 +65,8 @@ public HttpAction buildAjaxResponse(final WebContext context,
 			throw UnauthorizedAction.INSTANCE;
 		}
 
-		return RedirectionActionHelper.buildFormPostContentAction(context, Optional.ofNullable(url).orElse(""));
+		return RedirectionActionHelper.buildFormPostContentAction(context,
+				Optional.ofNullable(url).orElse(Constants.EMPTY_STRING));
 	}
 
 }
diff --git a/buession-security-pac4j/src/main/java/com/buession/security/pac4j/profile/ProfileUtils.java b/buession-security-pac4j/src/main/java/com/buession/security/pac4j/profile/ProfileUtils.java
@@ -60,7 +60,7 @@ public static CommonProfile getProfileFromPac4jPrincipal(Pac4jPrincipal principa
 	 * @return Map
 	 */
 	public static Map<String, Object> toMap(final CommonProfile profile){
-		final Map<String, Object> attributes = new LinkedHashMap<>(profile.getAttributes());
+		final Map<String, Object> attributes = new LinkedHashMap<>(profile.getAttributes().size() + 15);
 
 		attributes.put("id", profile.getId());
 		attributes.put("email", profile.getEmail());
@@ -78,6 +78,8 @@ public static Map<String, Object> toMap(final CommonProfile profile){
 		attributes.put("roles", profile.getRoles());
 		attributes.put("permissions", profile.getPermissions());
 
+		attributes.putAll(profile.getAttributes());
+
 		return attributes;
 	}
 

diff --git a/buession-security-parent/pom.xml b/buession-security-parent/pom.xml
@@ -7,13 +7,13 @@
 		<groupId>com.buession</groupId>
 		<artifactId>parent</artifactId>
 		<relativePath/>
-		<version>2.1.0</version>
+		<version>2.1.1</version>
 	</parent>
 	<groupId>com.buession.security</groupId>
 	<artifactId>buession-security-parent</artifactId>
 	<url>https://github.com/buession/buession-security</url>
 	<description>Buession Security Framework Parent</description>
-	<version>2.1.0</version>
+	<version>2.1.1</version>
 	<packaging>pom</packaging>
 
 	<organization>

diff --git a/buession-security-shiro/pom.xml b/buession-security-shiro/pom.xml
@@ -7,7 +7,7 @@
 		<groupId>com.buession.security</groupId>
 		<artifactId>buession-security-parent</artifactId>
 		<relativePath>../buession-security-parent</relativePath>
-		<version>2.1.0</version>
+		<version>2.1.1</version>
 	</parent>
 	<artifactId>buession-security-shiro</artifactId>
 	<url>https://github.com/buession/buession-security</url>

diff --git a/buession-security-spring/pom.xml b/buession-security-spring/pom.xml
@@ -7,7 +7,7 @@
 		<groupId>com.buession.security</groupId>
 		<artifactId>buession-security-parent</artifactId>
 		<relativePath>../buession-security-parent</relativePath>
-		<version>2.1.0</version>
+		<version>2.1.1</version>
 	</parent>
 	<artifactId>buession-security-spring</artifactId>
 	<url>https://github.com/buession/buession-security</url>

diff --git a/buession-security-web/pom.xml b/buession-security-web/pom.xml
@@ -7,7 +7,7 @@
 		<groupId>com.buession.security</groupId>
 		<artifactId>buession-security-parent</artifactId>
 		<relativePath>../buession-security-parent</relativePath>
-		<version>2.1.0</version>
+		<version>2.1.1</version>
 	</parent>
 	<artifactId>buession-security-web</artifactId>
 	<url>https://github.com/buession/buession-security</url>

diff --git a/docs/images/logo.png → logo.png b/docs/images/logo.png → logo.png