diff --git a/renren-admin/src/main/java/io/renren/common/interceptor/IdentityInterceptor.java b/renren-admin/src/main/java/io/renren/common/interceptor/IdentityInterceptor.java index 5e4920f2..fbba7ca1 100644 --- a/renren-admin/src/main/java/io/renren/common/interceptor/IdentityInterceptor.java +++ b/renren-admin/src/main/java/io/renren/common/interceptor/IdentityInterceptor.java @@ -48,6 +48,7 @@ public class IdentityInterceptor implements HandlerInterceptor { String keeperUrl = yaweiSSOProperties.getKeeperUrl(); keeperUrl = keeperUrl + "?" + yaweiSSOProperties.getSsoKey() + "=" + URLEncoder.encode(requeststr, "UTF-8"); + response.addHeader("REDIRECT", keeperUrl); response.sendRedirect(keeperUrl); return false; } diff --git a/renren-admin/src/main/java/io/renren/modules/security/config/ShiroConfig.java b/renren-admin/src/main/java/io/renren/modules/security/config/ShiroConfig.java index c07aa65d..94536f7c 100644 --- a/renren-admin/src/main/java/io/renren/modules/security/config/ShiroConfig.java +++ b/renren-admin/src/main/java/io/renren/modules/security/config/ShiroConfig.java @@ -9,8 +9,10 @@ import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSource import org.apache.shiro.spring.web.ShiroFilterFactoryBean; import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.apache.shiro.web.session.mgt.DefaultWebSessionManager; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; +import org.springframework.stereotype.Component; import javax.servlet.Filter; import java.util.HashMap; @@ -23,6 +25,9 @@ import java.util.Map; @Configuration public class ShiroConfig { +// @Autowired +// private Oauth2Filter oauth2Filter; + @Bean public DefaultWebSessionManager sessionManager() { DefaultWebSessionManager sessionManager = new DefaultWebSessionManager(); @@ -42,13 +47,13 @@ public class ShiroConfig { } @Bean("shiroFilter") - public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) { + public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager, Oauth2Filter oauth2Filter) { ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean(); shiroFilter.setSecurityManager(securityManager); //oauth过滤 Map filters = new HashMap<>(); - filters.put("oauth2", new Oauth2Filter()); + filters.put("oauth2", oauth2Filter); shiroFilter.setFilters(filters); Map filterMap = new LinkedHashMap<>(); diff --git a/renren-admin/src/main/java/io/renren/modules/security/config/WebMvcConfig.java b/renren-admin/src/main/java/io/renren/modules/security/config/WebMvcConfig.java index df41a497..34de09e8 100644 --- a/renren-admin/src/main/java/io/renren/modules/security/config/WebMvcConfig.java +++ b/renren-admin/src/main/java/io/renren/modules/security/config/WebMvcConfig.java @@ -4,8 +4,10 @@ import com.fasterxml.jackson.databind.DeserializationFeature; import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.module.SimpleModule; import com.fasterxml.jackson.databind.ser.std.ToStringSerializer; +import io.renren.common.interceptor.IdentityInterceptor; import io.renren.common.utils.DateUtils; import io.renren.modules.pay.Interceptor.AliPayInterceptor; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.http.converter.ByteArrayHttpMessageConverter; @@ -25,6 +27,9 @@ import java.util.TimeZone; @Configuration public class WebMvcConfig implements WebMvcConfigurer { + @Autowired + private IdentityInterceptor identityInterceptor; + @Override public void addCorsMappings(CorsRegistry registry) { registry.addMapping("/**") @@ -37,7 +42,7 @@ public class WebMvcConfig implements WebMvcConfigurer { @Override public void addInterceptors(InterceptorRegistry registry) { registry.addInterceptor(new AliPayInterceptor()).addPathPatterns("/pay/alipay/**"); -// registry.addInterceptor(new IdentityInterceptor()); +// registry.addInterceptor(identityInterceptor); } @Override diff --git a/renren-admin/src/main/java/io/renren/modules/security/oauth2/Oauth2Filter.java b/renren-admin/src/main/java/io/renren/modules/security/oauth2/Oauth2Filter.java index 1e07ae14..b229ea06 100644 --- a/renren-admin/src/main/java/io/renren/modules/security/oauth2/Oauth2Filter.java +++ b/renren-admin/src/main/java/io/renren/modules/security/oauth2/Oauth2Filter.java @@ -1,8 +1,13 @@ package io.renren.modules.security.oauth2; import com.google.gson.Gson; +import com.yawei.pso.PSORequest; +import com.yawei.pso.SSOResponse; +import com.yawei.pso.TicketManager; import io.renren.common.constant.Constant; import io.renren.common.exception.ErrorCode; +import io.renren.common.interceptor.Validator; +import io.renren.common.interceptor.YaweiSSOProperties; import io.renren.common.utils.HttpContextUtils; import io.renren.common.utils.Result; import org.apache.commons.lang3.StringUtils; @@ -10,20 +15,38 @@ import org.apache.http.HttpStatus; import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.web.filter.authc.AuthenticatingFilter; +import org.apache.shiro.web.servlet.ShiroHttpServletRequest; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.annotation.Configuration; +import org.springframework.context.annotation.Lazy; +import org.springframework.context.annotation.Scope; +import org.springframework.stereotype.Component; import org.springframework.web.bind.annotation.RequestMethod; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; +import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; +import java.lang.reflect.Field; +import java.net.URLEncoder; +import java.util.Iterator; +import java.util.Map; /** * oauth2过滤器 * */ +@Component() +@Scope("prototype") public class Oauth2Filter extends AuthenticatingFilter { + public final static String SEESION_USER = "seesion_user"; + + @Autowired + private YaweiSSOProperties yaweiSSOProperties; + @Override protected AuthenticationToken createToken(ServletRequest request, ServletResponse response) throws Exception { //获取请求token @@ -47,22 +70,28 @@ public class Oauth2Filter extends AuthenticatingFilter { @Override protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception { + + //获取请求token,如果token不存在,直接返回401 String token = getRequestToken((HttpServletRequest) request); if(StringUtils.isBlank(token)){ - HttpServletResponse httpResponse = (HttpServletResponse) response; - httpResponse.setContentType("application/json;charset=utf-8"); - httpResponse.setHeader("Access-Control-Allow-Credentials", "true"); - httpResponse.setHeader("Access-Control-Allow-Origin", HttpContextUtils.getOrigin()); - String json = new Gson().toJson(new Result().error(ErrorCode.UNAUTHORIZED)); + yaweiHandle((HttpServletRequest)request, (HttpServletResponse)response); - httpResponse.getWriter().print(json); +// HttpServletResponse httpResponse = (HttpServletResponse) response; +// httpResponse.setContentType("application/json;charset=utf-8"); +// httpResponse.setHeader("Access-Control-Allow-Credentials", "true"); +// httpResponse.setHeader("Access-Control-Allow-Origin", HttpContextUtils.getOrigin()); +// +// String json = new Gson().toJson(new Result().error(ErrorCode.UNAUTHORIZED)); +// +// httpResponse.getWriter().print(json); return false; } - return executeLogin(request, response); + boolean executeLogin = executeLogin(request, response); + return executeLogin; } @Override @@ -100,4 +129,86 @@ public class Oauth2Filter extends AuthenticatingFilter { return token; } + public boolean yaweiHandle(HttpServletRequest request, HttpServletResponse response) throws Exception { + // 获取当前请求的url + String requestUri = request.getHeader("REQUESTURI"); + if (requestUri == null){ + requestUri = request.getRequestURI(); + } + + Validator validator = Validator.getInstance(); + + String strResponse = request.getParameter(yaweiSSOProperties.getSsoKey()); + if (org.apache.commons.lang.StringUtils.isEmpty(strResponse)) { + TicketManager tm = new TicketManager(); + if (!tm.LoadTicket(request)) { + PSORequest psoRequest = new PSORequest(request); + //不建新类了,直接反射解决 + Field returnUrl = psoRequest.getClass().getDeclaredField("returnUrl"); + returnUrl.setAccessible(true); + returnUrl.set(psoRequest, requestUri); + String requeststr = psoRequest.CreateHash(); + + String keeperUrl = yaweiSSOProperties.getKeeperUrl(); + keeperUrl = keeperUrl + "?" + yaweiSSOProperties.getSsoKey() + "=" + + URLEncoder.encode(requeststr, "UTF-8"); + response.addHeader("REDIRECT", keeperUrl); + response.setStatus(HttpStatus.SC_UNAUTHORIZED); + response.getWriter().write(HttpStatus.SC_UNAUTHORIZED); + return false; + } + } else { + // 如果服务器端通过认证后,会返回后执行改操作,然后写入cookie + SSOResponse ssoResp = new SSOResponse(strResponse); + TicketManager tm = ssoResp.CreatePSOTicket(); + if (tm == null) { + PSORequest psoRequest = new PSORequest(request); + String requeststr = psoRequest.CreateHash(); + + String keeperUrl = yaweiSSOProperties.getKeeperUrl(); + keeperUrl = keeperUrl + "?" + yaweiSSOProperties.getSsoKey() + "=" + + URLEncoder.encode(requeststr, "UTF-8"); + response.sendRedirect(keeperUrl); + } else { + String domainName = yaweiSSOProperties.getDomain(); + tm.SaveTicket(response, domainName); + + //同时添加自己的token +// Cookie cookie = new Cookie(Constant.TOKEN_HEADER, createToken(request, response).toString()); +// response.addCookie(cookie); + + Iterator> iterator = request + .getParameterMap().entrySet().iterator(); + StringBuffer param = new StringBuffer(); + int i = 0; + while (iterator.hasNext()) { + Map.Entry entry = (Map.Entry) iterator + .next(); + if (entry.getKey().equals(yaweiSSOProperties.getSsoKey())) + continue; + else { + i++; + if (i == 1) + param.append("?").append(entry.getKey()) + .append("="); + else + param.append("&").append(entry.getKey()) + .append("="); + + if (entry.getValue() instanceof String[]) { + param.append(((String[]) entry.getValue())[0]); + } else { + param.append(entry.getValue()); + } + } + } + response.sendRedirect(requestUri + param.toString()); + return false; + } + } + validator.SetUserTicket(request); + return true; + } + + } \ No newline at end of file