【单点登录】临时处理跨域名情况下没有session问题

This commit is contained in:
huangweixiong 2022-06-02 15:07:36 +08:00
parent e7b1b1cfd6
commit d6f61c9fcc
1 changed files with 17 additions and 5 deletions

View File

@ -14,6 +14,7 @@ import io.renren.modules.security.service.SysUserTokenService;
import io.renren.modules.security.user.SecurityUser; import io.renren.modules.security.user.SecurityUser;
import io.renren.modules.sys.dao.SysUserDao; import io.renren.modules.sys.dao.SysUserDao;
import io.renren.modules.sys.entity.SysUserEntity; import io.renren.modules.sys.entity.SysUserEntity;
import lombok.SneakyThrows;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import org.apache.http.HttpStatus; import org.apache.http.HttpStatus;
import org.apache.shiro.authc.AuthenticationException; import org.apache.shiro.authc.AuthenticationException;
@ -67,8 +68,16 @@ public class Oauth2Filter extends AuthenticatingFilter {
// return true; // return true;
// } // }
String currentToken = getRequestToken((HttpServletRequest) request); String currentToken = getRequestToken((HttpServletRequest) request);
if (StringUtils.isBlank(currentToken) || SecurityUser.getUser().getUsername() == null) if (StringUtils.isBlank(currentToken))
return false; return false;
else if (SecurityUser.getUser().getUsername() == null){
//跨域名情况下使用这种方法不大正经再想想办法
try {
return executeLogin(request, response);
} catch (Exception e) {
e.printStackTrace();
}
}
//亚威没有测试环境不验证他了 //亚威没有测试环境不验证他了
// if (currentToken == null || !(new TicketManager().LoadTicket((HttpServletRequest) request))) // if (currentToken == null || !(new TicketManager().LoadTicket((HttpServletRequest) request)))
@ -156,7 +165,7 @@ public class Oauth2Filter extends AuthenticatingFilter {
Result r = new Result().error(HttpStatus.SC_UNAUTHORIZED, msg); Result r = new Result().error(HttpStatus.SC_UNAUTHORIZED, msg);
String json = new Gson().toJson(r); String json = new Gson().toJson(r);
response.getOutputStream().print(json); response.getOutputStream().write(json.getBytes("utf-8"));
} }
public boolean login(HttpServletRequest request, HttpServletResponse response) throws Exception { public boolean login(HttpServletRequest request, HttpServletResponse response) throws Exception {
@ -167,11 +176,14 @@ public class Oauth2Filter extends AuthenticatingFilter {
* 获取请求的token * 获取请求的token
*/ */
private String getRequestToken(HttpServletRequest httpRequest) { private String getRequestToken(HttpServletRequest httpRequest) {
//从header中获取token
String token = httpRequest.getHeader(Constant.TOKEN_HEADER);
//优先从属性里面取这里是后台最新的
String token = (String) httpRequest.getAttribute(Constant.TOKEN_HEADER);
if (StringUtils.isBlank(token)) { if (StringUtils.isBlank(token)) {
token = (String) httpRequest.getAttribute(Constant.TOKEN_HEADER); //从header中获取token
token = httpRequest.getHeader(Constant.TOKEN_HEADER);
} }
//如果header中不存在token则从参数中获取token //如果header中不存在token则从参数中获取token