【统一单点】修改登录逻辑

This commit is contained in:
huangweixiong 2022-05-09 15:31:24 +08:00
parent fd0a070abc
commit 4815e9f3f5
4 changed files with 132 additions and 10 deletions

View File

@ -48,6 +48,7 @@ public class IdentityInterceptor implements HandlerInterceptor {
String keeperUrl = yaweiSSOProperties.getKeeperUrl(); String keeperUrl = yaweiSSOProperties.getKeeperUrl();
keeperUrl = keeperUrl + "?" + yaweiSSOProperties.getSsoKey() + "=" keeperUrl = keeperUrl + "?" + yaweiSSOProperties.getSsoKey() + "="
+ URLEncoder.encode(requeststr, "UTF-8"); + URLEncoder.encode(requeststr, "UTF-8");
response.addHeader("REDIRECT", keeperUrl);
response.sendRedirect(keeperUrl); response.sendRedirect(keeperUrl);
return false; return false;
} }

View File

@ -9,8 +9,10 @@ import org.apache.shiro.spring.security.interceptor.AuthorizationAttributeSource
import org.apache.shiro.spring.web.ShiroFilterFactoryBean; import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager; import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager; import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.stereotype.Component;
import javax.servlet.Filter; import javax.servlet.Filter;
import java.util.HashMap; import java.util.HashMap;
@ -23,6 +25,9 @@ import java.util.Map;
@Configuration @Configuration
public class ShiroConfig { public class ShiroConfig {
// @Autowired
// private Oauth2Filter oauth2Filter;
@Bean @Bean
public DefaultWebSessionManager sessionManager() { public DefaultWebSessionManager sessionManager() {
DefaultWebSessionManager sessionManager = new DefaultWebSessionManager(); DefaultWebSessionManager sessionManager = new DefaultWebSessionManager();
@ -42,13 +47,13 @@ public class ShiroConfig {
} }
@Bean("shiroFilter") @Bean("shiroFilter")
public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager) { public ShiroFilterFactoryBean shirFilter(SecurityManager securityManager, Oauth2Filter oauth2Filter) {
ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean(); ShiroFilterFactoryBean shiroFilter = new ShiroFilterFactoryBean();
shiroFilter.setSecurityManager(securityManager); shiroFilter.setSecurityManager(securityManager);
//oauth过滤 //oauth过滤
Map<String, Filter> filters = new HashMap<>(); Map<String, Filter> filters = new HashMap<>();
filters.put("oauth2", new Oauth2Filter()); filters.put("oauth2", oauth2Filter);
shiroFilter.setFilters(filters); shiroFilter.setFilters(filters);
Map<String, String> filterMap = new LinkedHashMap<>(); Map<String, String> filterMap = new LinkedHashMap<>();

View File

@ -4,8 +4,10 @@ import com.fasterxml.jackson.databind.DeserializationFeature;
import com.fasterxml.jackson.databind.ObjectMapper; import com.fasterxml.jackson.databind.ObjectMapper;
import com.fasterxml.jackson.databind.module.SimpleModule; import com.fasterxml.jackson.databind.module.SimpleModule;
import com.fasterxml.jackson.databind.ser.std.ToStringSerializer; import com.fasterxml.jackson.databind.ser.std.ToStringSerializer;
import io.renren.common.interceptor.IdentityInterceptor;
import io.renren.common.utils.DateUtils; import io.renren.common.utils.DateUtils;
import io.renren.modules.pay.Interceptor.AliPayInterceptor; import io.renren.modules.pay.Interceptor.AliPayInterceptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Configuration;
import org.springframework.http.converter.ByteArrayHttpMessageConverter; import org.springframework.http.converter.ByteArrayHttpMessageConverter;
@ -25,6 +27,9 @@ import java.util.TimeZone;
@Configuration @Configuration
public class WebMvcConfig implements WebMvcConfigurer { public class WebMvcConfig implements WebMvcConfigurer {
@Autowired
private IdentityInterceptor identityInterceptor;
@Override @Override
public void addCorsMappings(CorsRegistry registry) { public void addCorsMappings(CorsRegistry registry) {
registry.addMapping("/**") registry.addMapping("/**")
@ -37,7 +42,7 @@ public class WebMvcConfig implements WebMvcConfigurer {
@Override @Override
public void addInterceptors(InterceptorRegistry registry) { public void addInterceptors(InterceptorRegistry registry) {
registry.addInterceptor(new AliPayInterceptor()).addPathPatterns("/pay/alipay/**"); registry.addInterceptor(new AliPayInterceptor()).addPathPatterns("/pay/alipay/**");
// registry.addInterceptor(new IdentityInterceptor()); // registry.addInterceptor(identityInterceptor);
} }
@Override @Override

View File

@ -1,8 +1,13 @@
package io.renren.modules.security.oauth2; package io.renren.modules.security.oauth2;
import com.google.gson.Gson; import com.google.gson.Gson;
import com.yawei.pso.PSORequest;
import com.yawei.pso.SSOResponse;
import com.yawei.pso.TicketManager;
import io.renren.common.constant.Constant; import io.renren.common.constant.Constant;
import io.renren.common.exception.ErrorCode; import io.renren.common.exception.ErrorCode;
import io.renren.common.interceptor.Validator;
import io.renren.common.interceptor.YaweiSSOProperties;
import io.renren.common.utils.HttpContextUtils; import io.renren.common.utils.HttpContextUtils;
import io.renren.common.utils.Result; import io.renren.common.utils.Result;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
@ -10,20 +15,38 @@ import org.apache.http.HttpStatus;
import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken; import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.web.filter.authc.AuthenticatingFilter; import org.apache.shiro.web.filter.authc.AuthenticatingFilter;
import org.apache.shiro.web.servlet.ShiroHttpServletRequest;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Lazy;
import org.springframework.context.annotation.Scope;
import org.springframework.stereotype.Component;
import org.springframework.web.bind.annotation.RequestMethod; import org.springframework.web.bind.annotation.RequestMethod;
import javax.servlet.ServletRequest; import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse; import javax.servlet.ServletResponse;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import java.io.IOException; import java.io.IOException;
import java.lang.reflect.Field;
import java.net.URLEncoder;
import java.util.Iterator;
import java.util.Map;
/** /**
* oauth2过滤器 * oauth2过滤器
* *
*/ */
@Component()
@Scope("prototype")
public class Oauth2Filter extends AuthenticatingFilter { public class Oauth2Filter extends AuthenticatingFilter {
public final static String SEESION_USER = "seesion_user";
@Autowired
private YaweiSSOProperties yaweiSSOProperties;
@Override @Override
protected AuthenticationToken createToken(ServletRequest request, ServletResponse response) throws Exception { protected AuthenticationToken createToken(ServletRequest request, ServletResponse response) throws Exception {
//获取请求token //获取请求token
@ -47,22 +70,28 @@ public class Oauth2Filter extends AuthenticatingFilter {
@Override @Override
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception { protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
//获取请求token如果token不存在直接返回401 //获取请求token如果token不存在直接返回401
String token = getRequestToken((HttpServletRequest) request); String token = getRequestToken((HttpServletRequest) request);
if(StringUtils.isBlank(token)){ if(StringUtils.isBlank(token)){
HttpServletResponse httpResponse = (HttpServletResponse) response;
httpResponse.setContentType("application/json;charset=utf-8");
httpResponse.setHeader("Access-Control-Allow-Credentials", "true");
httpResponse.setHeader("Access-Control-Allow-Origin", HttpContextUtils.getOrigin());
String json = new Gson().toJson(new Result().error(ErrorCode.UNAUTHORIZED)); yaweiHandle((HttpServletRequest)request, (HttpServletResponse)response);
httpResponse.getWriter().print(json); // HttpServletResponse httpResponse = (HttpServletResponse) response;
// httpResponse.setContentType("application/json;charset=utf-8");
// httpResponse.setHeader("Access-Control-Allow-Credentials", "true");
// httpResponse.setHeader("Access-Control-Allow-Origin", HttpContextUtils.getOrigin());
//
// String json = new Gson().toJson(new Result().error(ErrorCode.UNAUTHORIZED));
//
// httpResponse.getWriter().print(json);
return false; return false;
} }
return executeLogin(request, response); boolean executeLogin = executeLogin(request, response);
return executeLogin;
} }
@Override @Override
@ -100,4 +129,86 @@ public class Oauth2Filter extends AuthenticatingFilter {
return token; return token;
} }
public boolean yaweiHandle(HttpServletRequest request, HttpServletResponse response) throws Exception {
// 获取当前请求的url
String requestUri = request.getHeader("REQUESTURI");
if (requestUri == null){
requestUri = request.getRequestURI();
}
Validator validator = Validator.getInstance();
String strResponse = request.getParameter(yaweiSSOProperties.getSsoKey());
if (org.apache.commons.lang.StringUtils.isEmpty(strResponse)) {
TicketManager tm = new TicketManager();
if (!tm.LoadTicket(request)) {
PSORequest psoRequest = new PSORequest(request);
//不建新类了直接反射解决
Field returnUrl = psoRequest.getClass().getDeclaredField("returnUrl");
returnUrl.setAccessible(true);
returnUrl.set(psoRequest, requestUri);
String requeststr = psoRequest.CreateHash();
String keeperUrl = yaweiSSOProperties.getKeeperUrl();
keeperUrl = keeperUrl + "?" + yaweiSSOProperties.getSsoKey() + "="
+ URLEncoder.encode(requeststr, "UTF-8");
response.addHeader("REDIRECT", keeperUrl);
response.setStatus(HttpStatus.SC_UNAUTHORIZED);
response.getWriter().write(HttpStatus.SC_UNAUTHORIZED);
return false;
}
} else {
// 如果服务器端通过认证后会返回后执行改操作然后写入cookie
SSOResponse ssoResp = new SSOResponse(strResponse);
TicketManager tm = ssoResp.CreatePSOTicket();
if (tm == null) {
PSORequest psoRequest = new PSORequest(request);
String requeststr = psoRequest.CreateHash();
String keeperUrl = yaweiSSOProperties.getKeeperUrl();
keeperUrl = keeperUrl + "?" + yaweiSSOProperties.getSsoKey() + "="
+ URLEncoder.encode(requeststr, "UTF-8");
response.sendRedirect(keeperUrl);
} else {
String domainName = yaweiSSOProperties.getDomain();
tm.SaveTicket(response, domainName);
//同时添加自己的token
// Cookie cookie = new Cookie(Constant.TOKEN_HEADER, createToken(request, response).toString());
// response.addCookie(cookie);
Iterator<Map.Entry<String, String[]>> iterator = request
.getParameterMap().entrySet().iterator();
StringBuffer param = new StringBuffer();
int i = 0;
while (iterator.hasNext()) {
Map.Entry<String, String[]> entry = (Map.Entry<String, String[]>) iterator
.next();
if (entry.getKey().equals(yaweiSSOProperties.getSsoKey()))
continue;
else {
i++;
if (i == 1)
param.append("?").append(entry.getKey())
.append("=");
else
param.append("&").append(entry.getKey())
.append("=");
if (entry.getValue() instanceof String[]) {
param.append(((String[]) entry.getValue())[0]);
} else {
param.append(entry.getValue());
}
}
}
response.sendRedirect(requestUri + param.toString());
return false;
}
}
validator.SetUserTicket(request);
return true;
}
} }