【单点登录】临时处理跨域名情况下没有session问题

2022-06-02 15:07:36 +08:00 · 2022-06-02 15:07:36 +08:00 · d6f61c9fcc
parent e7b1b1cfd6
commit d6f61c9fcc
1 changed files with 17 additions and 5 deletions
--- a/renren-admin/src/main/java/io/renren/modules/security/oauth2/Oauth2Filter.java
+++ b/renren-admin/src/main/java/io/renren/modules/security/oauth2/Oauth2Filter.java
@ -14,6 +14,7 @@ import io.renren.modules.security.service.SysUserTokenService;
 import io.renren.modules.security.user.SecurityUser;
 import io.renren.modules.sys.dao.SysUserDao;
 import io.renren.modules.sys.entity.SysUserEntity;
+import lombok.SneakyThrows;
 import org.apache.commons.lang3.StringUtils;
 import org.apache.http.HttpStatus;
 import org.apache.shiro.authc.AuthenticationException;
@ -67,8 +68,16 @@ public class Oauth2Filter extends AuthenticatingFilter {
 //            return true;
 //        }
        String currentToken = getRequestToken((HttpServletRequest) request);
-        if (StringUtils.isBlank(currentToken) || SecurityUser.getUser().getUsername() == null)
+        if (StringUtils.isBlank(currentToken))
            return false;
+        else if (SecurityUser.getUser().getUsername() == null){
+            //跨域名情况下使用，这种方法不大正经，再想想办法
+            try {
+                return executeLogin(request, response);
+            } catch (Exception e) {
+                e.printStackTrace();
+            }
+        }

        //亚威没有测试环境，不验证他了
 //        if (currentToken == null || !(new TicketManager().LoadTicket((HttpServletRequest) request)))
@ -156,7 +165,7 @@ public class Oauth2Filter extends AuthenticatingFilter {
        Result r = new Result().error(HttpStatus.SC_UNAUTHORIZED, msg);

        String json = new Gson().toJson(r);
-        response.getOutputStream().print(json);
+        response.getOutputStream().write(json.getBytes("utf-8"));
    }

    public boolean login(HttpServletRequest request, HttpServletResponse response) throws Exception {
@ -167,11 +176,14 @@ public class Oauth2Filter extends AuthenticatingFilter {
     * 获取请求的token
     */
    private String getRequestToken(HttpServletRequest httpRequest) {
-        //从header中获取token
-        String token = httpRequest.getHeader(Constant.TOKEN_HEADER);
+
+
+        //优先从属性里面取，这里是后台最新的
+        String token = (String) httpRequest.getAttribute(Constant.TOKEN_HEADER);

        if (StringUtils.isBlank(token)) {
-            token = (String) httpRequest.getAttribute(Constant.TOKEN_HEADER);
+            //从header中获取token
+            token = httpRequest.getHeader(Constant.TOKEN_HEADER);
        }

        //如果header中不存在token，则从参数中获取token