【单点登录】临时处理跨域名情况下没有session问题
This commit is contained in:
parent
e7b1b1cfd6
commit
d6f61c9fcc
|
|
@ -14,6 +14,7 @@ import io.renren.modules.security.service.SysUserTokenService;
|
||||||
import io.renren.modules.security.user.SecurityUser;
|
import io.renren.modules.security.user.SecurityUser;
|
||||||
import io.renren.modules.sys.dao.SysUserDao;
|
import io.renren.modules.sys.dao.SysUserDao;
|
||||||
import io.renren.modules.sys.entity.SysUserEntity;
|
import io.renren.modules.sys.entity.SysUserEntity;
|
||||||
|
import lombok.SneakyThrows;
|
||||||
import org.apache.commons.lang3.StringUtils;
|
import org.apache.commons.lang3.StringUtils;
|
||||||
import org.apache.http.HttpStatus;
|
import org.apache.http.HttpStatus;
|
||||||
import org.apache.shiro.authc.AuthenticationException;
|
import org.apache.shiro.authc.AuthenticationException;
|
||||||
|
|
@ -67,8 +68,16 @@ public class Oauth2Filter extends AuthenticatingFilter {
|
||||||
// return true;
|
// return true;
|
||||||
// }
|
// }
|
||||||
String currentToken = getRequestToken((HttpServletRequest) request);
|
String currentToken = getRequestToken((HttpServletRequest) request);
|
||||||
if (StringUtils.isBlank(currentToken) || SecurityUser.getUser().getUsername() == null)
|
if (StringUtils.isBlank(currentToken))
|
||||||
return false;
|
return false;
|
||||||
|
else if (SecurityUser.getUser().getUsername() == null){
|
||||||
|
//跨域名情况下使用,这种方法不大正经,再想想办法
|
||||||
|
try {
|
||||||
|
return executeLogin(request, response);
|
||||||
|
} catch (Exception e) {
|
||||||
|
e.printStackTrace();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
//亚威没有测试环境,不验证他了
|
//亚威没有测试环境,不验证他了
|
||||||
// if (currentToken == null || !(new TicketManager().LoadTicket((HttpServletRequest) request)))
|
// if (currentToken == null || !(new TicketManager().LoadTicket((HttpServletRequest) request)))
|
||||||
|
|
@ -156,7 +165,7 @@ public class Oauth2Filter extends AuthenticatingFilter {
|
||||||
Result r = new Result().error(HttpStatus.SC_UNAUTHORIZED, msg);
|
Result r = new Result().error(HttpStatus.SC_UNAUTHORIZED, msg);
|
||||||
|
|
||||||
String json = new Gson().toJson(r);
|
String json = new Gson().toJson(r);
|
||||||
response.getOutputStream().print(json);
|
response.getOutputStream().write(json.getBytes("utf-8"));
|
||||||
}
|
}
|
||||||
|
|
||||||
public boolean login(HttpServletRequest request, HttpServletResponse response) throws Exception {
|
public boolean login(HttpServletRequest request, HttpServletResponse response) throws Exception {
|
||||||
|
|
@ -167,11 +176,14 @@ public class Oauth2Filter extends AuthenticatingFilter {
|
||||||
* 获取请求的token
|
* 获取请求的token
|
||||||
*/
|
*/
|
||||||
private String getRequestToken(HttpServletRequest httpRequest) {
|
private String getRequestToken(HttpServletRequest httpRequest) {
|
||||||
//从header中获取token
|
|
||||||
String token = httpRequest.getHeader(Constant.TOKEN_HEADER);
|
|
||||||
|
//优先从属性里面取,这里是后台最新的
|
||||||
|
String token = (String) httpRequest.getAttribute(Constant.TOKEN_HEADER);
|
||||||
|
|
||||||
if (StringUtils.isBlank(token)) {
|
if (StringUtils.isBlank(token)) {
|
||||||
token = (String) httpRequest.getAttribute(Constant.TOKEN_HEADER);
|
//从header中获取token
|
||||||
|
token = httpRequest.getHeader(Constant.TOKEN_HEADER);
|
||||||
}
|
}
|
||||||
|
|
||||||
//如果header中不存在token,则从参数中获取token
|
//如果header中不存在token,则从参数中获取token
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue