Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Release 2.3.2 #17

Merged
merged 14 commits into from
Dec 27, 2023
Merged

Release 2.3.2 #17

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
14 commits
Select commit Hold shift + click to select a range
d9be8a9
Upgrade 2.3.2
Nov 19, 2023
502d45a
【ALL】依赖版本升级 && 依赖 javax.servlet.jsp-api 更换为 jakarta.servlet.jsp-api
Nov 19, 2023
85aa15c
【ALL】代码优化
Nov 20, 2023
744f2f2
升级 buession 版本 && 修复 CommonProfile 转 对象数据丢失的 BUG
Nov 22, 2023
8d72aa4
GeetestClient 增加 v3、v4 版本判断方法 && 代码质量优化
Nov 30, 2023
df7aa74
pac4j 修复 webflux 模式下 PrincipalMethodArgumentResolver 继承了错误类的 BUG && 代…
Nov 30, 2023
8eb38b3
代码格式化
Nov 30, 2023
d036489
代码格式化和优化
Nov 30, 2023
6391bd8
pac4j-cas 排除依赖 org.bouncycastle
Dec 5, 2023
dba4481
优化加密类库构造函数
Dec 23, 2023
795047f
mcrypt 逐步调用 crypto
Dec 23, 2023
5f24eae
优化 shiro 代码 && 是否有所有权限 HasAllPermissionsTag
Dec 23, 2023
368dc1f
代码优化
Dec 23, 2023
7249432
Release 2.3.2
Dec 27, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
43 changes: 43 additions & 0 deletions CHANGELOG.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2,6 +2,49 @@
===========================


## [2.3.2](https://github.com/buession/buession-security/releases/tag/v2.3.2) (2023-12-27)

### 🔨依赖升级

- [依赖库版本升级和安全漏洞修复](https://github.com/buession/buession-parent/releases/tag/v2.3.2)
- [owasp antisamy](https://github.com/nahsra/antisamy) 版本升级至 1.7.4


### ⭐ 新特性

- **buession-security-captcha:** GeetestClient 增加 v3、v4 版本判断方法
- **buession-security-shiro:** 增加判断是否具备所有权限 Tag HasAllPermissionsTag


### 🔔 变化

- **buession-security-shiro:** 依赖 javax.servlet.jsp-api 更换为 jakarta.servlet.jsp-api


### 🐞 Bug 修复

- **buession-security-pac4j:** 修复 webflux 模式下 PrincipalMethodArgumentResolver 继承了错误类的 BUG


### 漏洞修复

- [owasp antisamy](https://github.com/nahsra/antisamy) 修复 [CVE-2023-43643] 漏洞


### ⏪ 优化

- **buession-security-captcha:** 代码质量优化
- **buession-security-pac4j:** 代码质量优化


### 📔 文档

- **buession-security-shiro:** 完善注释


---


## [2.3.1](https://github.com/buession/buession-security/releases/tag/v2.3.1) (2023-11-17)

### 🔨依赖升级
Expand Down
2 changes: 1 addition & 1 deletion buession-security-captcha/pom.xml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -7,7 +7,7 @@
<groupId>com.buession.security</groupId>
<artifactId>buession-security-parent</artifactId>
<relativePath>../buession-security-parent</relativePath>
<version>2.3.1</version>
<version>2.3.2</version>
</parent>
<artifactId>buession-security-captcha</artifactId>
<url>https://security.buession.com/</url>
Expand Down
19 changes: 4 additions & 15 deletions ...urity-captcha/src/main/java/com/buession/security/captcha/aliyun/AliYunCaptchaClient.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -224,21 +224,10 @@ public String getEndpoint() {
* @return 检测结果
*/
private static boolean checkParam(final AliYunRequestData requestData) throws RequiredParameterCaptchaException {
if(Validate.hasText(requestData.getToken()) == false){
throw new RequiredParameterCaptchaException("Token");
}

if(Validate.hasText(requestData.getSig()) == false){
throw new RequiredParameterCaptchaException("Sig");
}

if(Validate.hasText(requestData.getSessionId()) == false){
throw new RequiredParameterCaptchaException("SessionId");
}

if(Validate.hasText(requestData.getScene()) == false){
throw new RequiredParameterCaptchaException("Scene");
}
Assert.isBlank(requestData.getToken(), ()->new RequiredParameterCaptchaException("Token"));
Assert.isBlank(requestData.getSig(), ()->new RequiredParameterCaptchaException("Sig"));
Assert.isBlank(requestData.getSessionId(), ()->new RequiredParameterCaptchaException("SessionId"));
Assert.isBlank(requestData.getScene(), ()->new RequiredParameterCaptchaException("Scene"));

return true;
}
Expand Down
13 changes: 7 additions & 6 deletions ...a/src/main/java/com/buession/security/captcha/core/RequiredParameterCaptchaException.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
* +-------------------------------------------------------------------------------------------------------+
* | License: http://www.apache.org/licenses/LICENSE-2.0.txt |
* | Author: Yong.Teng <webmaster@buession.com> |
* | Copyright @ 2013-2022 Buession.com Inc. |
* | Copyright @ 2013-2023 Buession.com Inc. |
* +-------------------------------------------------------------------------------------------------------+
*/
package com.buession.security.captcha.core;
Expand All @@ -34,27 +34,28 @@ public class RequiredParameterCaptchaException extends CaptchaException {

private final String parameter;

public RequiredParameterCaptchaException(String parameter){
public RequiredParameterCaptchaException(String parameter) {
super("Parameter \"" + parameter + "\" cloud not be empty or null.");
this.parameter = parameter;
}

public RequiredParameterCaptchaException(String parameter, String message){
public RequiredParameterCaptchaException(String parameter, String message) {
super(message);
this.parameter = parameter;
}

public RequiredParameterCaptchaException(String parameter, Throwable cause){
public RequiredParameterCaptchaException(String parameter, Throwable cause) {
super("Parameter \"" + parameter + "\" cloud not be empty or null.", cause);
this.parameter = parameter;
}

public RequiredParameterCaptchaException(String parameter, String message, Throwable cause){
public RequiredParameterCaptchaException(String parameter, String message, Throwable cause) {
super(message, cause);
this.parameter = parameter;
}

public String getParameter(){
public String getParameter() {
return parameter;
}

}
26 changes: 24 additions & 2 deletions ...n-security-captcha/src/main/java/com/buession/security/captcha/geetest/GeetestClient.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
* +-------------------------------------------------------------------------------------------------------+
* | License: http://www.apache.org/licenses/LICENSE-2.0.txt |
* | Author: Yong.Teng <webmaster@buession.com> |
* | Copyright @ 2013-2022 Buession.com Inc. |
* | Copyright @ 2013-2023 Buession.com Inc. |
* +-------------------------------------------------------------------------------------------------------+
*/
package com.buession.security.captcha.geetest;
Expand All @@ -37,8 +37,30 @@ public interface GeetestClient extends CaptchaClient {
void setHttpClient(HttpClient httpClient);

@Override
default Manufacturer getManufacturer(){
default Manufacturer getManufacturer() {
return Manufacturer.GEETEST;
}

/**
* 返回是否为 V3 版本
*
* @return true / false
*
* @since 2.3.2
*/
default boolean isV3() {
return "v3".equalsIgnoreCase(getVersion());
}

/**
* 返回是否为 V3 版本
*
* @return true / false
*
* @since 2.3.2
*/
default boolean isV4() {
return "v4".equalsIgnoreCase(getVersion());
}

}
15 changes: 4 additions & 11 deletions ...y-captcha/src/main/java/com/buession/security/captcha/geetest/api/v3/GeetestV3Client.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,7 @@

import com.buession.core.builder.MapBuilder;
import com.buession.core.id.SimpleIdGenerator;
import com.buession.core.utils.Assert;
import com.buession.core.validator.Validate;
import com.buession.httpclient.HttpClient;
import com.buession.httpclient.core.Response;
Expand Down Expand Up @@ -189,17 +190,9 @@ public String getVersion() {
*/
private static boolean checkParam(final GeetestV3RequestData requestData)
throws RequiredParameterCaptchaException {
if(Validate.hasText(requestData.getChallenge()) == false){
throw new RequiredParameterCaptchaException("challenge");
}

if(Validate.hasText(requestData.getValidate()) == false){
throw new RequiredParameterCaptchaException("validate");
}

if(Validate.hasText(requestData.getSeccode()) == false){
throw new RequiredParameterCaptchaException("seccode");
}
Assert.isBlank(requestData.getChallenge(), ()->new RequiredParameterCaptchaException("challenge"));
Assert.isBlank(requestData.getValidate(), ()->new RequiredParameterCaptchaException("validate"));
Assert.isBlank(requestData.getSeccode(), ()->new RequiredParameterCaptchaException("seccode"));

return true;
}
Expand Down
33 changes: 11 additions & 22 deletions ...y-captcha/src/main/java/com/buession/security/captcha/geetest/api/v4/GeetestV4Client.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,7 @@
package com.buession.security.captcha.geetest.api.v4;

import com.buession.core.builder.MapBuilder;
import com.buession.core.validator.Validate;
import com.buession.core.utils.Assert;
import com.buession.httpclient.HttpClient;
import com.buession.httpclient.core.EncodedFormRequestBody;
import com.buession.httpclient.core.Response;
Expand Down Expand Up @@ -62,7 +62,7 @@ public final class GeetestV4Client extends AbstractGeetestClient {
* @param secretKey
* 私钥
*/
public GeetestV4Client(final String appId, final String secretKey){
public GeetestV4Client(final String appId, final String secretKey) {
super(appId, secretKey);
}

Expand All @@ -76,12 +76,12 @@ public GeetestV4Client(final String appId, final String secretKey){
* @param httpClient
* {@link HttpClient}
*/
public GeetestV4Client(final String appId, final String secretKey, final HttpClient httpClient){
public GeetestV4Client(final String appId, final String secretKey, final HttpClient httpClient) {
super(appId, secretKey, httpClient);
}

@Override
public InitResponse initialize(RequestData requestData){
public InitResponse initialize(RequestData requestData) {
if(logger.isDebugEnabled()){
logger.debug("验证初始化");
}
Expand All @@ -90,7 +90,7 @@ public InitResponse initialize(RequestData requestData){
}

@Override
public Status validate(RequestData requestData) throws CaptchaException{
public Status validate(RequestData requestData) throws CaptchaException {
if(logger.isDebugEnabled()){
logger.debug("二次验证, 请求参数:{}.", requestData);
}
Expand Down Expand Up @@ -134,7 +134,7 @@ public Status validate(RequestData requestData) throws CaptchaException{
}

@Override
public String getVersion(){
public String getVersion() {
return "v4";
}

Expand All @@ -147,22 +147,11 @@ public String getVersion(){
* @return 检测结果
*/
private static boolean checkParam(final GeetestV4RequestData requestData)
throws RequiredParameterCaptchaException{
if(Validate.hasText(requestData.getLotNumber()) == false){
throw new RequiredParameterCaptchaException("lot_number");
}

if(Validate.hasText(requestData.getCaptchaOutput()) == false){
throw new RequiredParameterCaptchaException("captcha_output");
}

if(Validate.hasText(requestData.getPassToken()) == false){
throw new RequiredParameterCaptchaException("pass_token");
}

if(Validate.hasText(requestData.getGenTime()) == false){
throw new RequiredParameterCaptchaException("gen_time");
}
throws RequiredParameterCaptchaException {
Assert.isBlank(requestData.getLotNumber(), ()->new RequiredParameterCaptchaException("lot_number"));
Assert.isBlank(requestData.getCaptchaOutput(), ()->new RequiredParameterCaptchaException("captcha_output"));
Assert.isBlank(requestData.getPassToken(), ()->new RequiredParameterCaptchaException("pass_token"));
Assert.isBlank(requestData.getGenTime(), ()->new RequiredParameterCaptchaException("gen_time"));

return true;
}
Expand Down
22 changes: 8 additions & 14 deletions ...ity-captcha/src/main/java/com/buession/security/captcha/tencent/TencentCaptchaClient.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -25,7 +25,6 @@
package com.buession.security.captcha.tencent;

import com.buession.core.utils.Assert;
import com.buession.core.validator.Validate;
import com.buession.httpclient.HttpClient;
import com.buession.httpclient.core.Response;
import com.buession.lang.Status;
Expand Down Expand Up @@ -71,7 +70,7 @@ public class TencentCaptchaClient extends AbstractCaptchaClient {
* @param secretKey
* 原始的 SecretKey
*/
public TencentCaptchaClient(final String secretId, final String secretKey){
public TencentCaptchaClient(final String secretId, final String secretKey) {
Assert.isBlank(secretId, "Secret Id cloud not be empty or null");
Assert.isBlank(secretKey, "Secret Key cloud not be empty or null");
this.secretId = secretId;
Expand All @@ -88,13 +87,13 @@ public TencentCaptchaClient(final String secretId, final String secretKey){
* @param httpClient
* {@link HttpClient} 实例
*/
public TencentCaptchaClient(final String secretId, final String secretKey, final HttpClient httpClient){
public TencentCaptchaClient(final String secretId, final String secretKey, final HttpClient httpClient) {
this(secretId, secretKey);
setHttpClient(httpClient);
}

@Override
public Status validate(RequestData requestData) throws CaptchaException{
public Status validate(RequestData requestData) throws CaptchaException {
if(logger.isDebugEnabled()){
logger.debug("二次验证, 请求参数:{}.", requestData);
}
Expand Down Expand Up @@ -135,12 +134,12 @@ public Status validate(RequestData requestData) throws CaptchaException{
}

@Override
public Manufacturer getManufacturer(){
public Manufacturer getManufacturer() {
return Manufacturer.TENCENT;
}

@Override
public String getVersion(){
public String getVersion() {
return "2019-07-22";
}

Expand All @@ -153,14 +152,9 @@ public String getVersion(){
* @return 检测结果
*/
private static boolean checkParam(final TencentRequestData requestData)
throws RequiredParameterCaptchaException{
if(Validate.hasText(requestData.getTicket()) == false){
throw new RequiredParameterCaptchaException("Ticket");
}

if(Validate.hasText(requestData.getRandstr()) == false){
throw new RequiredParameterCaptchaException("Randstr");
}
throws RequiredParameterCaptchaException {
Assert.isBlank(requestData.getTicket(), ()->new RequiredParameterCaptchaException("Ticket"));
Assert.isBlank(requestData.getRandstr(), ()->new RequiredParameterCaptchaException("Randstr"));

return true;
}
Expand Down
10 changes: 5 additions & 5 deletions ...ava/com/buession/security/captcha/validator/reactive/ReactiveGeetestCaptchaValidator.java
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -19,7 +19,7 @@
* +-------------------------------------------------------------------------------------------------------+
* | License: http://www.apache.org/licenses/LICENSE-2.0.txt |
* | Author: Yong.Teng <webmaster@buession.com> |
* | Copyright @ 2013-2022 Buession.com Inc. |
* | Copyright @ 2013-2023 Buession.com Inc. |
* +-------------------------------------------------------------------------------------------------------+
*/
package com.buession.security.captcha.validator.reactive;
Expand Down Expand Up @@ -57,15 +57,15 @@ public class ReactiveGeetestCaptchaValidator extends GeetestCaptchaValidator imp
* {@link GeetestParameter} 实例
*/
public ReactiveGeetestCaptchaValidator(final GeetestCaptchaClient geetestCaptchaClient,
final GeetestParameter parameter){
final GeetestParameter parameter) {
super(geetestCaptchaClient, parameter);
}

@Override
public Status validate(final ServerHttpRequest request) throws CaptchaException{
public Status validate(final ServerHttpRequest request) throws CaptchaException {
MultiValueMap<String, String> parameters = request.getQueryParams();

if("v3".equals(captchaClient.getVersion())){
if(captchaClient.isV3()){
final GeetestV3Parameter geetestV3Parameter = (GeetestV3Parameter) parameter;
final GeetestV3RequestData requestData = new GeetestV3RequestData();

Expand All @@ -84,7 +84,7 @@ public Status validate(final ServerHttpRequest request) throws CaptchaException{
}

return validate(requestData);
}else if("v4".equals(captchaClient.getVersion())){
}else if(captchaClient.isV4()){
final GeetestV4Parameter geetestV4Parameter = (GeetestV4Parameter) parameter;
final GeetestV4RequestData requestData = new GeetestV4RequestData();

Expand Down
Loading