麦当劳sso单点登录默认角色

27b9e7f4 · xieshaohua · 8f87b98e · 27b9e7f4 · 27b9e7f4
Commit 27b9e7f4 authored Jan 30, 2024 by xieshaohua
Hide whitespace changes
Inline Side-by-side

Showing with 147 additions and 22 deletions

LoginManagement.java src/main/java/com/keymobile/login/api/LoginManagement.java +144 -22

application-local.yml src/main/resources/application-local.yml +3 -0

No files found.
--- a/src/main/java/com/keymobile/login/api/LoginManagement.java
+++ b/src/main/java/com/keymobile/login/api/LoginManagement.java
@@ -9,8 +9,7 @@ import org.apache.commons.lang3.StringUtils;
 import org.apache.http.client.methods.CloseableHttpResponse;
 import org.apache.http.client.methods.HttpGet;
 import org.apache.http.conn.ssl.NoopHostnameVerifier;
-import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
+import org.apache.http.conn.ssl.TrustStrategy;
-import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
 import org.apache.http.impl.client.CloseableHttpClient;
 import org.apache.http.impl.client.HttpClients;
 import org.apache.http.ssl.SSLContexts;
@@ -27,14 +26,15 @@ import org.springframework.security.web.authentication.WebAuthenticationDetails;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.util.UriComponentsBuilder;
+import javax.net.ssl.SSLContext;
+import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
-import java.util.ArrayList;
+import java.security.cert.CertificateException;
-import java.util.HashMap;
+import java.security.cert.X509Certificate;
-import java.util.List;
+import java.util.*;
-import java.util.Map;
 @RestController
 @RequestMapping(value = "/")
@@ -43,12 +43,18 @@ public class LoginManagement {
    @Value("${Mcd.sso.url}")
    private String ssoAuthUrl;
+    @Value("${Mcd.deepSso.url}")
+    private String deepSsoAuthUrl;
    @Value("${Mcd.sso.header}")
    private String ssoAuthHeader;
    @Value("${Mcd.sso.redirectUrl}")
    private String ssoRedirectUrl;
+    @Value("${Mcd.sso.defaultRoleId:3}")
+    private Long defaultRoleId;
    @Autowired
    private AuthService authService;
@@ -59,9 +65,10 @@ public class LoginManagement {
    @RequestMapping(value = "/sessionInfo", method = {RequestMethod.POST, RequestMethod.GET})
-    public @ResponseBody Map<String,Object> verifyLogin(HttpServletRequest request, HttpServletResponse response) {
+    public @ResponseBody
+    Map<String, Object> verifyLogin(HttpServletRequest request, HttpServletResponse response) {
        UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
-        Map<String,Object> rs = new HashMap<>();
+        Map<String, Object> rs = new HashMap<>();
        String userNameWithIdAttached = userDetails.getUsername();
        rs.put(Constants.Session_UserName, userNameWithIdAttached.split(":")[0]);
        rs.put(Constants.Session_UserId, userNameWithIdAttached.split(":")[1]);
@@ -79,14 +86,14 @@ public class LoginManagement {
    @RequestMapping(value = "/ssoLogin", method = {RequestMethod.POST, RequestMethod.GET})
    public void ssoLogin(HttpServletRequest request, HttpServletResponse response,
                         @RequestParam(required = false, value = "ssoToken") String ssoToken) {
-        if(StringUtils.isNotBlank(ssoToken)) {
+        if (StringUtils.isNotBlank(ssoToken)) {
            try {
                Map<String, String> headerMap = new HashMap<>();
                headerMap.put("Mcd-Site", ssoAuthHeader);
-                String result = sendGetSkipSSL(ssoAuthUrl+"?token="+ssoToken, headerMap);
+                String result = sendGetSkipSSL(ssoAuthUrl + "?token=" + ssoToken, headerMap);
-                log.info("boss用户数据返回："+ JSON.toJSONString(result));
+                log.info("boss用户数据返回：" + JSON.toJSONString(result));
-                JSONObject  resultJb = JSON.parseObject(result);
+                JSONObject resultJb = JSON.parseObject(result);
-                JSONObject resultData =  resultJb.getJSONObject("data");
+                JSONObject resultData = resultJb.getJSONObject("data");
                String userName = String.valueOf(resultData.get("employeeNumber"));
                String userDName = String.valueOf(resultData.get("chineseName"));
                List<Map<String, Object>> matchUser = authService.getUserByName(userName);
@@ -95,6 +102,11 @@ public class LoginManagement {
                    toAdd.put("dname", userDName);
                    toAdd.put("name", userName);
                    toAdd.put("password", "37fa265330ad83eaa879efb1e2db6380896cf639");
+                    List<Map<String, Object>> dataRoleAbstracts = new ArrayList<>();
+                    Map<String, Object> roleMap = new HashMap<>();
+                    roleMap.put("id", defaultRoleId);
+                    dataRoleAbstracts.add(roleMap);
+                    toAdd.put("dataRoleAbstracts", dataRoleAbstracts);
                    authService.addUser(toAdd);
                }
                UserDetails userDetails = customizedUserDetailService.loadUserByUsername(userName);
@@ -104,19 +116,59 @@ public class LoginManagement {
                SecurityContextHolder.getContext().setAuthentication(authentication);
                HttpSession session = request.getSession(true);
                session.setAttribute("SPRING_SECURITY_CONTEXT", SecurityContextHolder.getContext());
+                log.info("单点登录用户：" + userName);
                MDC.put("user", userName);
                MDC.put("session", session.getId());
-                LogManager.logInfo(Constants.SSO_API,"登录");
+                LogManager.logInfo(Constants.SSO_API, "登录");
                response.sendRedirect(ssoRedirectUrl);
            } catch (Exception e) {
                log.error("ssoLogin error", e);
            }
-        }else{
+        } else {
            log.error("ssoLogin error", "no token");
        }
    }
+    @RequestMapping(value = "/deepSsoLogin", method = {RequestMethod.POST, RequestMethod.GET})
+    public String deepSsoLogin(HttpServletRequest request, HttpServletResponse response,
+                         @RequestParam(required = false, value = "ssoToken") String ssoToken) {
+        String result = "fail";
+        if (StringUtils.isNotBlank(ssoToken)) {
+            try {
+                String responseData = sendGetSkipSSL(deepSsoAuthUrl + "?Authorization=" + ssoToken, null);
+                log.info("boss用户数据返回：" + JSON.toJSONString(responseData));
+                JSONObject resultJb = JSON.parseObject(responseData);
+                JSONObject resultData = resultJb.getJSONObject("data");
+                String userName = String.valueOf(resultData.get("employeeNumber"));
+                String userDName = String.valueOf(resultData.get("chineseName"));
+                List<Map<String, Object>> matchUser = authService.getUserByName(userName);
+                if (null == matchUser || matchUser.isEmpty()) {
+                    Map<String, Object> toAdd = new HashMap<>();
+                    toAdd.put("dname", userDName);
+                    toAdd.put("name", userName);
+                    toAdd.put("password", "37fa265330ad83eaa879efb1e2db6380896cf639");
+                    authService.addUser(toAdd);
+                }
+                UserDetails userDetails = customizedUserDetailService.loadUserByUsername(userName);
+                UsernamePasswordAuthenticationToken authentication =
+                        new UsernamePasswordAuthenticationToken(userDetails, userDetails.getPassword(), userDetails.getAuthorities());
+                authentication.setDetails(new WebAuthenticationDetails(request));
+                SecurityContextHolder.getContext().setAuthentication(authentication);
+                HttpSession session = request.getSession(true);
+                session.setAttribute("SPRING_SECURITY_CONTEXT", SecurityContextHolder.getContext());
+                result = "ok";
+            } catch (Exception e) {
+                log.error("deepSsoLogin error", e);
+            }
+        } else {
+            log.error("deepSsoLogin error", "no token");
+        }
+        return result;
+    }
    @RequestMapping(value = "/lang", method = {RequestMethod.POST, RequestMethod.GET})
    public String setLANG(HttpServletRequest request, @RequestParam(value = "LANG", required = true) String LANG) {
        HttpSession session = request.getSession();
@@ -128,6 +180,70 @@ public class LoginManagement {
        return session.getAttribute(Constants.Session_Lang).toString();
    }
+    @RequestMapping(value = "/test", method = {RequestMethod.POST, RequestMethod.GET})
+    public String test(HttpServletRequest request) {
+        Cookie[] cookies = request.getCookies();
+        if (cookies != null) {
+            log.info("---------cookies------------");
+            for (Cookie cookie : cookies) {
+                log.info(cookie.getName() + "----" + cookie.getValue());
+            }
+        }
+        try {
+            Enumeration<String> headers = request.getHeaderNames();
+            log.info("---------headers------------");
+            while (headers.hasMoreElements()) {
+                String key = headers.nextElement();
+                log.info(key + "----" + request.getHeader(key));
+            }
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+        try {
+            HttpSession session = request.getSession();
+            log.info("---------seesions------------");
+            Enumeration<String> enumeration = session.getAttributeNames();
+            while (enumeration.hasMoreElements()) {
+                String key = enumeration.nextElement();
+                log.info(key + "----" + session.getAttribute(key));
+            }
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+        try {
+            Enumeration<String> attributes = request.getAttributeNames();
+            log.info("---------attributes------------");
+            while (attributes.hasMoreElements()) {
+                String key = attributes.nextElement();
+                log.info(key + "----" + request.getAttribute(key));
+            }
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+        try {
+            Enumeration<String> params = request.getParameterNames();
+            log.info("---------params------------");
+            while (params.hasMoreElements()) {
+                String key = params.nextElement();
+                log.info(key + "----" + request.getParameter(key));
+            }
+        } catch (Exception e) {
+            e.printStackTrace();
+        }
+        return "test";
+    }
+    @RequestMapping(value = "/testBody", method = {RequestMethod.POST, RequestMethod.GET})
+    public @ResponseBody
+    Map<String, Object> testBody(HttpServletRequest request, HttpServletResponse response) {
+        Map<String, Object> rs = new HashMap<>();
+        rs.put("test", "test");
+        return rs;
+    }
    /**
     * 发送https请求并跳过ssl证书验证
     * 条件：请求体格式为json
@@ -139,13 +255,22 @@ public class LoginManagement {
        CloseableHttpResponse response = null;
        // 处理请求路径
-        url = UriComponentsBuilder.fromHttpUrl(url) .toUriString();
+        url = UriComponentsBuilder.fromHttpUrl(url).toUriString();
        //创建httpclient对象
        CloseableHttpClient client = null;
        String respBody;
-        client = HttpClients.custom().setSSLSocketFactory(new SSLConnectionSocketFactory(SSLContexts.custom()
-                .loadTrustMaterial(null, new TrustSelfSignedStrategy()).build(), NoopHostnameVerifier.INSTANCE)).build();
+        SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(null, new TrustStrategy() {
-        //创建post方式请求对象
+            @Override
+            public boolean isTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
+                return true;
+            }
+        }).build();
+        client = HttpClients.custom().setSSLContext(sslContext).
+                setSSLHostnameVerifier(new NoopHostnameVerifier()).build();
+//        client = HttpClients.custom().setSSLSocketFactory(new SSLConnectionSocketFactory(SSLContexts.custom()
+//                .loadTrustMaterial(null, new TrustSelfSignedStrategy()).build(), NoopHostnameVerifier.INSTANCE)).build();
        HttpGet httpGet = new HttpGet(url);
        // 请求头设置
        httpGet.setHeader("Content-Type", "application/json");
@@ -154,9 +279,6 @@ public class LoginManagement {
                httpGet.setHeader(s, header.get(s));
            }
        }
-//        if (body != null) {
-//            httpPost.setEntity(new StringEntity(JSON.toJSONString(body), "utf-8"));
-//        }
        response = client.execute(httpGet);
        org.apache.http.HttpEntity entity = response.getEntity();
        if (entity != null) {

--- a/src/main/resources/application-local.yml
+++ b/src/main/resources/application-local.yml
@@ -39,4 +39,7 @@ Mcd:
    url: https://boss.sit.mcd.com.cn/api/inner/boss-api/foundation/sso/authenticate
    header: McD-BOSS;PC
    redirectUrl: http://10.126.147.58/center-home/menu/index
+    defaultRoleId: 3
+  deepSso:
+    url: https://boss.sit.mcd.com.cn/api/inner/boss-api/foundation/user/whoami