【统一单点】修改登录逻辑
This commit is contained in:
parent
fd0a070abc
commit
4815e9f3f5
|
@ -48,6 +48,7 @@ public class IdentityInterceptor implements HandlerInterceptor {
|
||||||
String keeperUrl = yaweiSSOProperties.getKeeperUrl();
|
String keeperUrl = yaweiSSOProperties.getKeeperUrl();
|
||||||
keeperUrl = keeperUrl + "?" + yaweiSSOProperties.getSsoKey() + "="
|
keeperUrl = keeperUrl + "?" + yaweiSSOProperties.getSsoKey() + "="
|
||||||
+ URLEncoder.encode(requeststr, "UTF-8");
|
+ URLEncoder.encode(requeststr, "UTF-8");
|
||||||
|
response.addHeader("REDIRECT", keeperUrl);
|
||||||
response.sendRedirect(keeperUrl);
|
response.sendRedirect(keeperUrl);
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
|
@ -9,8 +9,10 @@ import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSource
|
||||||
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
|
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
|
||||||
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
|
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
|
||||||
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
|
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
|
||||||
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
|
import org.springframework.stereotype.Component;
|
||||||
|
|
||||||
import javax.servlet.Filter;
|
import javax.servlet.Filter;
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
|
@ -23,6 +25,9 @@ import java.util.Map;
|
||||||
@Configuration
|
@Configuration
|
||||||
public class ShiroConfig {
|
public class ShiroConfig {
|
||||||
|
|
||||||
|
// @Autowired
|
||||||
|
// private Oauth2Filter oauth2Filter;
|
||||||
|
|
||||||
@Bean
|
@Bean
|
||||||
public DefaultWebSessionManager sessionManager() {
|
public DefaultWebSessionManager sessionManager() {
|
||||||
DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
|
DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
|
||||||
|
@ -42,13 +47,13 @@ public class ShiroConfig {
|
||||||
}
|
}
|
||||||
|
|
||||||
@Bean("shiroFilter")
|
@Bean("shiroFilter")
|
||||||
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) {
|
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager, Oauth2Filter oauth2Filter) {
|
||||||
ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
|
ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
|
||||||
shiroFilter.setSecurityManager(securityManager);
|
shiroFilter.setSecurityManager(securityManager);
|
||||||
|
|
||||||
//oauth过滤
|
//oauth过滤
|
||||||
Map<String, Filter> filters = new HashMap<>();
|
Map<String, Filter> filters = new HashMap<>();
|
||||||
filters.put("oauth2", new Oauth2Filter());
|
filters.put("oauth2", oauth2Filter);
|
||||||
shiroFilter.setFilters(filters);
|
shiroFilter.setFilters(filters);
|
||||||
|
|
||||||
Map<String, String> filterMap = new LinkedHashMap<>();
|
Map<String, String> filterMap = new LinkedHashMap<>();
|
||||||
|
|
|
@ -4,8 +4,10 @@ import com.fasterxml.jackson.databind.DeserializationFeature;
|
||||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||||
import com.fasterxml.jackson.databind.module.SimpleModule;
|
import com.fasterxml.jackson.databind.module.SimpleModule;
|
||||||
import com.fasterxml.jackson.databind.ser.std.ToStringSerializer;
|
import com.fasterxml.jackson.databind.ser.std.ToStringSerializer;
|
||||||
|
import io.renren.common.interceptor.IdentityInterceptor;
|
||||||
import io.renren.common.utils.DateUtils;
|
import io.renren.common.utils.DateUtils;
|
||||||
import io.renren.modules.pay.Interceptor.AliPayInterceptor;
|
import io.renren.modules.pay.Interceptor.AliPayInterceptor;
|
||||||
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
import org.springframework.http.converter.ByteArrayHttpMessageConverter;
|
import org.springframework.http.converter.ByteArrayHttpMessageConverter;
|
||||||
|
@ -25,6 +27,9 @@ import java.util.TimeZone;
|
||||||
@Configuration
|
@Configuration
|
||||||
public class WebMvcConfig implements WebMvcConfigurer {
|
public class WebMvcConfig implements WebMvcConfigurer {
|
||||||
|
|
||||||
|
@Autowired
|
||||||
|
private IdentityInterceptor identityInterceptor;
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void addCorsMappings(CorsRegistry registry) {
|
public void addCorsMappings(CorsRegistry registry) {
|
||||||
registry.addMapping("/**")
|
registry.addMapping("/**")
|
||||||
|
@ -37,7 +42,7 @@ public class WebMvcConfig implements WebMvcConfigurer {
|
||||||
@Override
|
@Override
|
||||||
public void addInterceptors(InterceptorRegistry registry) {
|
public void addInterceptors(InterceptorRegistry registry) {
|
||||||
registry.addInterceptor(new AliPayInterceptor()).addPathPatterns("/pay/alipay/**");
|
registry.addInterceptor(new AliPayInterceptor()).addPathPatterns("/pay/alipay/**");
|
||||||
// registry.addInterceptor(new IdentityInterceptor());
|
// registry.addInterceptor(identityInterceptor);
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
|
|
@ -1,8 +1,13 @@
|
||||||
package io.renren.modules.security.oauth2;
|
package io.renren.modules.security.oauth2;
|
||||||
|
|
||||||
import com.google.gson.Gson;
|
import com.google.gson.Gson;
|
||||||
|
import com.yawei.pso.PSORequest;
|
||||||
|
import com.yawei.pso.SSOResponse;
|
||||||
|
import com.yawei.pso.TicketManager;
|
||||||
import io.renren.common.constant.Constant;
|
import io.renren.common.constant.Constant;
|
||||||
import io.renren.common.exception.ErrorCode;
|
import io.renren.common.exception.ErrorCode;
|
||||||
|
import io.renren.common.interceptor.Validator;
|
||||||
|
import io.renren.common.interceptor.YaweiSSOProperties;
|
||||||
import io.renren.common.utils.HttpContextUtils;
|
import io.renren.common.utils.HttpContextUtils;
|
||||||
import io.renren.common.utils.Result;
|
import io.renren.common.utils.Result;
|
||||||
import org.apache.commons.lang3.StringUtils;
|
import org.apache.commons.lang3.StringUtils;
|
||||||
|
@ -10,20 +15,38 @@ import org.apache.http.HttpStatus;
|
||||||
import org.apache.shiro.authc.AuthenticationException;
|
import org.apache.shiro.authc.AuthenticationException;
|
||||||
import org.apache.shiro.authc.AuthenticationToken;
|
import org.apache.shiro.authc.AuthenticationToken;
|
||||||
import org.apache.shiro.web.filter.authc.AuthenticatingFilter;
|
import org.apache.shiro.web.filter.authc.AuthenticatingFilter;
|
||||||
|
import org.apache.shiro.web.servlet.ShiroHttpServletRequest;
|
||||||
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
|
import org.springframework.context.annotation.Configuration;
|
||||||
|
import org.springframework.context.annotation.Lazy;
|
||||||
|
import org.springframework.context.annotation.Scope;
|
||||||
|
import org.springframework.stereotype.Component;
|
||||||
import org.springframework.web.bind.annotation.RequestMethod;
|
import org.springframework.web.bind.annotation.RequestMethod;
|
||||||
|
|
||||||
import javax.servlet.ServletRequest;
|
import javax.servlet.ServletRequest;
|
||||||
import javax.servlet.ServletResponse;
|
import javax.servlet.ServletResponse;
|
||||||
|
import javax.servlet.http.Cookie;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import javax.servlet.http.HttpServletResponse;
|
import javax.servlet.http.HttpServletResponse;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
import java.lang.reflect.Field;
|
||||||
|
import java.net.URLEncoder;
|
||||||
|
import java.util.Iterator;
|
||||||
|
import java.util.Map;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* oauth2过滤器
|
* oauth2过滤器
|
||||||
*
|
*
|
||||||
*/
|
*/
|
||||||
|
@Component()
|
||||||
|
@Scope("prototype")
|
||||||
public class Oauth2Filter extends AuthenticatingFilter {
|
public class Oauth2Filter extends AuthenticatingFilter {
|
||||||
|
|
||||||
|
public final static String SEESION_USER = "seesion_user";
|
||||||
|
|
||||||
|
@Autowired
|
||||||
|
private YaweiSSOProperties yaweiSSOProperties;
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected AuthenticationToken createToken(ServletRequest request, ServletResponse response) throws Exception {
|
protected AuthenticationToken createToken(ServletRequest request, ServletResponse response) throws Exception {
|
||||||
//获取请求token
|
//获取请求token
|
||||||
|
@ -47,22 +70,28 @@ public class Oauth2Filter extends AuthenticatingFilter {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
|
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
|
||||||
|
|
||||||
|
|
||||||
//获取请求token,如果token不存在,直接返回401
|
//获取请求token,如果token不存在,直接返回401
|
||||||
String token = getRequestToken((HttpServletRequest) request);
|
String token = getRequestToken((HttpServletRequest) request);
|
||||||
if(StringUtils.isBlank(token)){
|
if(StringUtils.isBlank(token)){
|
||||||
HttpServletResponse httpResponse = (HttpServletResponse) response;
|
|
||||||
httpResponse.setContentType("application/json;charset=utf-8");
|
|
||||||
httpResponse.setHeader("Access-Control-Allow-Credentials", "true");
|
|
||||||
httpResponse.setHeader("Access-Control-Allow-Origin", HttpContextUtils.getOrigin());
|
|
||||||
|
|
||||||
String json = new Gson().toJson(new Result().error(ErrorCode.UNAUTHORIZED));
|
yaweiHandle((HttpServletRequest)request, (HttpServletResponse)response);
|
||||||
|
|
||||||
httpResponse.getWriter().print(json);
|
// HttpServletResponse httpResponse = (HttpServletResponse) response;
|
||||||
|
// httpResponse.setContentType("application/json;charset=utf-8");
|
||||||
|
// httpResponse.setHeader("Access-Control-Allow-Credentials", "true");
|
||||||
|
// httpResponse.setHeader("Access-Control-Allow-Origin", HttpContextUtils.getOrigin());
|
||||||
|
//
|
||||||
|
// String json = new Gson().toJson(new Result().error(ErrorCode.UNAUTHORIZED));
|
||||||
|
//
|
||||||
|
// httpResponse.getWriter().print(json);
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
}
|
}
|
||||||
|
|
||||||
return executeLogin(request, response);
|
boolean executeLogin = executeLogin(request, response);
|
||||||
|
return executeLogin;
|
||||||
}
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
|
@ -100,4 +129,86 @@ public class Oauth2Filter extends AuthenticatingFilter {
|
||||||
return token;
|
return token;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public boolean yaweiHandle(HttpServletRequest request, HttpServletResponse response) throws Exception {
|
||||||
|
// 获取当前请求的url
|
||||||
|
String requestUri = request.getHeader("REQUESTURI");
|
||||||
|
if (requestUri == null){
|
||||||
|
requestUri = request.getRequestURI();
|
||||||
|
}
|
||||||
|
|
||||||
|
Validator validator = Validator.getInstance();
|
||||||
|
|
||||||
|
String strResponse = request.getParameter(yaweiSSOProperties.getSsoKey());
|
||||||
|
if (org.apache.commons.lang.StringUtils.isEmpty(strResponse)) {
|
||||||
|
TicketManager tm = new TicketManager();
|
||||||
|
if (!tm.LoadTicket(request)) {
|
||||||
|
PSORequest psoRequest = new PSORequest(request);
|
||||||
|
//不建新类了,直接反射解决
|
||||||
|
Field returnUrl = psoRequest.getClass().getDeclaredField("returnUrl");
|
||||||
|
returnUrl.setAccessible(true);
|
||||||
|
returnUrl.set(psoRequest, requestUri);
|
||||||
|
String requeststr = psoRequest.CreateHash();
|
||||||
|
|
||||||
|
String keeperUrl = yaweiSSOProperties.getKeeperUrl();
|
||||||
|
keeperUrl = keeperUrl + "?" + yaweiSSOProperties.getSsoKey() + "="
|
||||||
|
+ URLEncoder.encode(requeststr, "UTF-8");
|
||||||
|
response.addHeader("REDIRECT", keeperUrl);
|
||||||
|
response.setStatus(HttpStatus.SC_UNAUTHORIZED);
|
||||||
|
response.getWriter().write(HttpStatus.SC_UNAUTHORIZED);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
// 如果服务器端通过认证后,会返回后执行改操作,然后写入cookie
|
||||||
|
SSOResponse ssoResp = new SSOResponse(strResponse);
|
||||||
|
TicketManager tm = ssoResp.CreatePSOTicket();
|
||||||
|
if (tm == null) {
|
||||||
|
PSORequest psoRequest = new PSORequest(request);
|
||||||
|
String requeststr = psoRequest.CreateHash();
|
||||||
|
|
||||||
|
String keeperUrl = yaweiSSOProperties.getKeeperUrl();
|
||||||
|
keeperUrl = keeperUrl + "?" + yaweiSSOProperties.getSsoKey() + "="
|
||||||
|
+ URLEncoder.encode(requeststr, "UTF-8");
|
||||||
|
response.sendRedirect(keeperUrl);
|
||||||
|
} else {
|
||||||
|
String domainName = yaweiSSOProperties.getDomain();
|
||||||
|
tm.SaveTicket(response, domainName);
|
||||||
|
|
||||||
|
//同时添加自己的token
|
||||||
|
// Cookie cookie = new Cookie(Constant.TOKEN_HEADER, createToken(request, response).toString());
|
||||||
|
// response.addCookie(cookie);
|
||||||
|
|
||||||
|
Iterator<Map.Entry<String, String[]>> iterator = request
|
||||||
|
.getParameterMap().entrySet().iterator();
|
||||||
|
StringBuffer param = new StringBuffer();
|
||||||
|
int i = 0;
|
||||||
|
while (iterator.hasNext()) {
|
||||||
|
Map.Entry<String, String[]> entry = (Map.Entry<String, String[]>) iterator
|
||||||
|
.next();
|
||||||
|
if (entry.getKey().equals(yaweiSSOProperties.getSsoKey()))
|
||||||
|
continue;
|
||||||
|
else {
|
||||||
|
i++;
|
||||||
|
if (i == 1)
|
||||||
|
param.append("?").append(entry.getKey())
|
||||||
|
.append("=");
|
||||||
|
else
|
||||||
|
param.append("&").append(entry.getKey())
|
||||||
|
.append("=");
|
||||||
|
|
||||||
|
if (entry.getValue() instanceof String[]) {
|
||||||
|
param.append(((String[]) entry.getValue())[0]);
|
||||||
|
} else {
|
||||||
|
param.append(entry.getValue());
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
response.sendRedirect(requestUri + param.toString());
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
validator.SetUserTicket(request);
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
Loading…
Reference in New Issue