Skip to content

L
loginservice
Commit 27b9e7f4 by xieshaohua
Options

麦当劳sso单点登录默认角色

parent 8f87b98e
Showing with 147 additions and 22 deletions
src/main/java/com/keymobile/login/api/LoginManagement.java
......@@ -9,8 +9,7 @@ import org.apache.commons.lang3.StringUtils;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.conn.ssl.TrustStrategy;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContexts;
......@@ -27,14 +26,15 @@ import org.springframework.security.web.authentication.WebAuthenticationDetails;
import org.springframework.web.bind.annotation.*;
import org.springframework.web.util.UriComponentsBuilder;
import javax.net.ssl.SSLContext;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.security.cert.CertificateException;
import java.security.cert.X509Certificate;
import java.util.*;
@RestController
@RequestMapping(value = "/")
......@@ -43,12 +43,18 @@ public class LoginManagement {
@Value("${Mcd.sso.url}")
private String ssoAuthUrl;
@Value("${Mcd.deepSso.url}")
private String deepSsoAuthUrl;
@Value("${Mcd.sso.header}")
private String ssoAuthHeader;
@Value("${Mcd.sso.redirectUrl}")
private String ssoRedirectUrl;
@Value("${Mcd.sso.defaultRoleId:3}")
private Long defaultRoleId;
@Autowired
private AuthService authService;
......@@ -59,9 +65,10 @@ public class LoginManagement {
@RequestMapping(value = "/sessionInfo", method = {RequestMethod.POST, RequestMethod.GET})
public @ResponseBody Map<String,Object> verifyLogin(HttpServletRequest request, HttpServletResponse response) {
public @ResponseBody
Map<String, Object> verifyLogin(HttpServletRequest request, HttpServletResponse response) {
UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
Map<String,Object> rs = new HashMap<>();
Map<String, Object> rs = new HashMap<>();
String userNameWithIdAttached = userDetails.getUsername();
rs.put(Constants.Session_UserName, userNameWithIdAttached.split(":")[0]);
rs.put(Constants.Session_UserId, userNameWithIdAttached.split(":")[1]);
......@@ -79,14 +86,14 @@ public class LoginManagement {
@RequestMapping(value = "/ssoLogin", method = {RequestMethod.POST, RequestMethod.GET})
public void ssoLogin(HttpServletRequest request, HttpServletResponse response,
@RequestParam(required = false, value = "ssoToken") String ssoToken) {
if(StringUtils.isNotBlank(ssoToken)) {
if (StringUtils.isNotBlank(ssoToken)) {
try {
Map<String, String> headerMap = new HashMap<>();
headerMap.put("Mcd-Site", ssoAuthHeader);
String result = sendGetSkipSSL(ssoAuthUrl+"?token="+ssoToken, headerMap);
log.info("boss用户数据返回:"+ JSON.toJSONString(result));
JSONObject resultJb = JSON.parseObject(result);
JSONObject resultData = resultJb.getJSONObject("data");
String result = sendGetSkipSSL(ssoAuthUrl + "?token=" + ssoToken, headerMap);
log.info("boss用户数据返回:" + JSON.toJSONString(result));
JSONObject resultJb = JSON.parseObject(result);
JSONObject resultData = resultJb.getJSONObject("data");
String userName = String.valueOf(resultData.get("employeeNumber"));
String userDName = String.valueOf(resultData.get("chineseName"));
List<Map<String, Object>> matchUser = authService.getUserByName(userName);
......@@ -95,6 +102,11 @@ public class LoginManagement {
toAdd.put("dname", userDName);
toAdd.put("name", userName);
toAdd.put("password", "37fa265330ad83eaa879efb1e2db6380896cf639");
List<Map<String, Object>> dataRoleAbstracts = new ArrayList<>();
Map<String, Object> roleMap = new HashMap<>();
roleMap.put("id", defaultRoleId);
dataRoleAbstracts.add(roleMap);
toAdd.put("dataRoleAbstracts", dataRoleAbstracts);
authService.addUser(toAdd);
}
UserDetails userDetails = customizedUserDetailService.loadUserByUsername(userName);
......@@ -104,19 +116,59 @@ public class LoginManagement {
SecurityContextHolder.getContext().setAuthentication(authentication);
HttpSession session = request.getSession(true);
session.setAttribute("SPRING_SECURITY_CONTEXT", SecurityContextHolder.getContext());
log.info("单点登录用户:" + userName);
MDC.put("user", userName);
MDC.put("session", session.getId());
LogManager.logInfo(Constants.SSO_API,"登录");
LogManager.logInfo(Constants.SSO_API, "登录");
response.sendRedirect(ssoRedirectUrl);
} catch (Exception e) {
log.error("ssoLogin error", e);
}
}else{
} else {
log.error("ssoLogin error", "no token");
}
}
@RequestMapping(value = "/deepSsoLogin", method = {RequestMethod.POST, RequestMethod.GET})
public String deepSsoLogin(HttpServletRequest request, HttpServletResponse response,
@RequestParam(required = false, value = "ssoToken") String ssoToken) {
String result = "fail";
if (StringUtils.isNotBlank(ssoToken)) {
try {
String responseData = sendGetSkipSSL(deepSsoAuthUrl + "?Authorization=" + ssoToken, null);
log.info("boss用户数据返回:" + JSON.toJSONString(responseData));
JSONObject resultJb = JSON.parseObject(responseData);
JSONObject resultData = resultJb.getJSONObject("data");
String userName = String.valueOf(resultData.get("employeeNumber"));
String userDName = String.valueOf(resultData.get("chineseName"));
List<Map<String, Object>> matchUser = authService.getUserByName(userName);
if (null == matchUser || matchUser.isEmpty()) {
Map<String, Object> toAdd = new HashMap<>();
toAdd.put("dname", userDName);
toAdd.put("name", userName);
toAdd.put("password", "37fa265330ad83eaa879efb1e2db6380896cf639");
authService.addUser(toAdd);
}
UserDetails userDetails = customizedUserDetailService.loadUserByUsername(userName);
UsernamePasswordAuthenticationToken authentication =
new UsernamePasswordAuthenticationToken(userDetails, userDetails.getPassword(), userDetails.getAuthorities());
authentication.setDetails(new WebAuthenticationDetails(request));
SecurityContextHolder.getContext().setAuthentication(authentication);
HttpSession session = request.getSession(true);
session.setAttribute("SPRING_SECURITY_CONTEXT", SecurityContextHolder.getContext());
result = "ok";
} catch (Exception e) {
log.error("deepSsoLogin error", e);
}
} else {
log.error("deepSsoLogin error", "no token");
}
return result;
}
@RequestMapping(value = "/lang", method = {RequestMethod.POST, RequestMethod.GET})
public String setLANG(HttpServletRequest request, @RequestParam(value = "LANG", required = true) String LANG) {
HttpSession session = request.getSession();
......@@ -128,6 +180,70 @@ public class LoginManagement {
return session.getAttribute(Constants.Session_Lang).toString();
}
@RequestMapping(value = "/test", method = {RequestMethod.POST, RequestMethod.GET})
public String test(HttpServletRequest request) {
Cookie[] cookies = request.getCookies();
if (cookies != null) {
log.info("---------cookies------------");
for (Cookie cookie : cookies) {
log.info(cookie.getName() + "----" + cookie.getValue());
}
}
try {
Enumeration<String> headers = request.getHeaderNames();
log.info("---------headers------------");
while (headers.hasMoreElements()) {
String key = headers.nextElement();
log.info(key + "----" + request.getHeader(key));
}
} catch (Exception e) {
e.printStackTrace();
}
try {
HttpSession session = request.getSession();
log.info("---------seesions------------");
Enumeration<String> enumeration = session.getAttributeNames();
while (enumeration.hasMoreElements()) {
String key = enumeration.nextElement();
log.info(key + "----" + session.getAttribute(key));
}
} catch (Exception e) {
e.printStackTrace();
}
try {
Enumeration<String> attributes = request.getAttributeNames();
log.info("---------attributes------------");
while (attributes.hasMoreElements()) {
String key = attributes.nextElement();
log.info(key + "----" + request.getAttribute(key));
}
} catch (Exception e) {
e.printStackTrace();
}
try {
Enumeration<String> params = request.getParameterNames();
log.info("---------params------------");
while (params.hasMoreElements()) {
String key = params.nextElement();
log.info(key + "----" + request.getParameter(key));
}
} catch (Exception e) {
e.printStackTrace();
}
return "test";
}
@RequestMapping(value = "/testBody", method = {RequestMethod.POST, RequestMethod.GET})
public @ResponseBody
Map<String, Object> testBody(HttpServletRequest request, HttpServletResponse response) {
Map<String, Object> rs = new HashMap<>();
rs.put("test", "test");
return rs;
}
/**
* 发送https请求并跳过ssl证书验证
* 条件:请求体格式为json
......@@ -139,13 +255,22 @@ public class LoginManagement {
CloseableHttpResponse response = null;
// 处理请求路径
url = UriComponentsBuilder.fromHttpUrl(url) .toUriString();
url = UriComponentsBuilder.fromHttpUrl(url).toUriString();
//创建httpclient对象
CloseableHttpClient client = null;
String respBody;
client = HttpClients.custom().setSSLSocketFactory(new SSLConnectionSocketFactory(SSLContexts.custom()
.loadTrustMaterial(null, new TrustSelfSignedStrategy()).build(), NoopHostnameVerifier.INSTANCE)).build();
//创建post方式请求对象
SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(null, new TrustStrategy() {
@Override
public boolean isTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
return true;
}
}).build();
client = HttpClients.custom().setSSLContext(sslContext).
setSSLHostnameVerifier(new NoopHostnameVerifier()).build();
// client = HttpClients.custom().setSSLSocketFactory(new SSLConnectionSocketFactory(SSLContexts.custom()
// .loadTrustMaterial(null, new TrustSelfSignedStrategy()).build(), NoopHostnameVerifier.INSTANCE)).build();
HttpGet httpGet = new HttpGet(url);
// 请求头设置
httpGet.setHeader("Content-Type", "application/json");
......@@ -154,9 +279,6 @@ public class LoginManagement {
httpGet.setHeader(s, header.get(s));
}
}
// if (body != null) {
// httpPost.setEntity(new StringEntity(JSON.toJSONString(body), "utf-8"));
// }
response = client.execute(httpGet);
org.apache.http.HttpEntity entity = response.getEntity();
if (entity != null) {
......
src/main/resources/application-local.yml
......@@ -39,4 +39,7 @@ Mcd:
url: https://boss.sit.mcd.com.cn/api/inner/boss-api/foundation/sso/authenticate
header: McD-BOSS;PC
redirectUrl: http://10.126.147.58/center-home/menu/index
defaultRoleId: 3
deepSso:
url: https://boss.sit.mcd.com.cn/api/inner/boss-api/foundation/user/whoami
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment