Skip to content

L
loginservice
Commit 27b9e7f4 by xieshaohua
Options

麦当劳sso单点登录默认角色

parent 8f87b98e
Showing with 145 additions and 20 deletions
src/main/java/com/keymobile/login/api/LoginManagement.java
...@@ -9,8 +9,7 @@ import org.apache.commons.lang3.StringUtils; ...@@ -9,8 +9,7 @@ import org.apache.commons.lang3.StringUtils;
import org.apache.http.client.methods.CloseableHttpResponse; import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet; import org.apache.http.client.methods.HttpGet;
import org.apache.http.conn.ssl.NoopHostnameVerifier; import org.apache.http.conn.ssl.NoopHostnameVerifier;
import org.apache.http.conn.ssl.SSLConnectionSocketFactory; import org.apache.http.conn.ssl.TrustStrategy;
import org.apache.http.conn.ssl.TrustSelfSignedStrategy;
import org.apache.http.impl.client.CloseableHttpClient; import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients; import org.apache.http.impl.client.HttpClients;
import org.apache.http.ssl.SSLContexts; import org.apache.http.ssl.SSLContexts;
...@@ -27,14 +26,15 @@ import org.springframework.security.web.authentication.WebAuthenticationDetails; ...@@ -27,14 +26,15 @@ import org.springframework.security.web.authentication.WebAuthenticationDetails;
import org.springframework.web.bind.annotation.*; import org.springframework.web.bind.annotation.*;
import org.springframework.web.util.UriComponentsBuilder; import org.springframework.web.util.UriComponentsBuilder;
import javax.net.ssl.SSLContext;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession; import javax.servlet.http.HttpSession;
import java.util.ArrayList; import java.security.cert.CertificateException;
import java.util.HashMap; import java.security.cert.X509Certificate;
import java.util.List; import java.util.*;
import java.util.Map;
@RestController @RestController
@RequestMapping(value = "/") @RequestMapping(value = "/")
...@@ -43,12 +43,18 @@ public class LoginManagement { ...@@ -43,12 +43,18 @@ public class LoginManagement {
@Value("${Mcd.sso.url}") @Value("${Mcd.sso.url}")
private String ssoAuthUrl; private String ssoAuthUrl;
@Value("${Mcd.deepSso.url}")
private String deepSsoAuthUrl;
@Value("${Mcd.sso.header}") @Value("${Mcd.sso.header}")
private String ssoAuthHeader; private String ssoAuthHeader;
@Value("${Mcd.sso.redirectUrl}") @Value("${Mcd.sso.redirectUrl}")
private String ssoRedirectUrl; private String ssoRedirectUrl;
@Value("${Mcd.sso.defaultRoleId:3}")
private Long defaultRoleId;
@Autowired @Autowired
private AuthService authService; private AuthService authService;
...@@ -59,9 +65,10 @@ public class LoginManagement { ...@@ -59,9 +65,10 @@ public class LoginManagement {
@RequestMapping(value = "/sessionInfo", method = {RequestMethod.POST, RequestMethod.GET}) @RequestMapping(value = "/sessionInfo", method = {RequestMethod.POST, RequestMethod.GET})
public @ResponseBody Map<String,Object> verifyLogin(HttpServletRequest request, HttpServletResponse response) { public @ResponseBody
Map<String, Object> verifyLogin(HttpServletRequest request, HttpServletResponse response) {
UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal(); UserDetails userDetails = (UserDetails) SecurityContextHolder.getContext().getAuthentication().getPrincipal();
Map<String,Object> rs = new HashMap<>(); Map<String, Object> rs = new HashMap<>();
String userNameWithIdAttached = userDetails.getUsername(); String userNameWithIdAttached = userDetails.getUsername();
rs.put(Constants.Session_UserName, userNameWithIdAttached.split(":")[0]); rs.put(Constants.Session_UserName, userNameWithIdAttached.split(":")[0]);
rs.put(Constants.Session_UserId, userNameWithIdAttached.split(":")[1]); rs.put(Constants.Session_UserId, userNameWithIdAttached.split(":")[1]);
...@@ -79,12 +86,12 @@ public class LoginManagement { ...@@ -79,12 +86,12 @@ public class LoginManagement {
@RequestMapping(value = "/ssoLogin", method = {RequestMethod.POST, RequestMethod.GET}) @RequestMapping(value = "/ssoLogin", method = {RequestMethod.POST, RequestMethod.GET})
public void ssoLogin(HttpServletRequest request, HttpServletResponse response, public void ssoLogin(HttpServletRequest request, HttpServletResponse response,
@RequestParam(required = false, value = "ssoToken") String ssoToken) { @RequestParam(required = false, value = "ssoToken") String ssoToken) {
if(StringUtils.isNotBlank(ssoToken)) { if (StringUtils.isNotBlank(ssoToken)) {
try { try {
Map<String, String> headerMap = new HashMap<>(); Map<String, String> headerMap = new HashMap<>();
headerMap.put("Mcd-Site", ssoAuthHeader); headerMap.put("Mcd-Site", ssoAuthHeader);
String result = sendGetSkipSSL(ssoAuthUrl+"?token="+ssoToken, headerMap); String result = sendGetSkipSSL(ssoAuthUrl + "?token=" + ssoToken, headerMap);
log.info("boss用户数据返回:"+ JSON.toJSONString(result)); log.info("boss用户数据返回:" + JSON.toJSONString(result));
JSONObject resultJb = JSON.parseObject(result); JSONObject resultJb = JSON.parseObject(result);
JSONObject resultData = resultJb.getJSONObject("data"); JSONObject resultData = resultJb.getJSONObject("data");
String userName = String.valueOf(resultData.get("employeeNumber")); String userName = String.valueOf(resultData.get("employeeNumber"));
...@@ -95,6 +102,11 @@ public class LoginManagement { ...@@ -95,6 +102,11 @@ public class LoginManagement {
toAdd.put("dname", userDName); toAdd.put("dname", userDName);
toAdd.put("name", userName); toAdd.put("name", userName);
toAdd.put("password", "37fa265330ad83eaa879efb1e2db6380896cf639"); toAdd.put("password", "37fa265330ad83eaa879efb1e2db6380896cf639");
List<Map<String, Object>> dataRoleAbstracts = new ArrayList<>();
Map<String, Object> roleMap = new HashMap<>();
roleMap.put("id", defaultRoleId);
dataRoleAbstracts.add(roleMap);
toAdd.put("dataRoleAbstracts", dataRoleAbstracts);
authService.addUser(toAdd); authService.addUser(toAdd);
} }
UserDetails userDetails = customizedUserDetailService.loadUserByUsername(userName); UserDetails userDetails = customizedUserDetailService.loadUserByUsername(userName);
...@@ -104,19 +116,59 @@ public class LoginManagement { ...@@ -104,19 +116,59 @@ public class LoginManagement {
SecurityContextHolder.getContext().setAuthentication(authentication); SecurityContextHolder.getContext().setAuthentication(authentication);
HttpSession session = request.getSession(true); HttpSession session = request.getSession(true);
session.setAttribute("SPRING_SECURITY_CONTEXT", SecurityContextHolder.getContext()); session.setAttribute("SPRING_SECURITY_CONTEXT", SecurityContextHolder.getContext());
log.info("单点登录用户:" + userName);
MDC.put("user", userName); MDC.put("user", userName);
MDC.put("session", session.getId()); MDC.put("session", session.getId());
LogManager.logInfo(Constants.SSO_API,"登录"); LogManager.logInfo(Constants.SSO_API, "登录");
response.sendRedirect(ssoRedirectUrl); response.sendRedirect(ssoRedirectUrl);
} catch (Exception e) { } catch (Exception e) {
log.error("ssoLogin error", e); log.error("ssoLogin error", e);
} }
}else{ } else {
log.error("ssoLogin error", "no token"); log.error("ssoLogin error", "no token");
} }
} }
@RequestMapping(value = "/deepSsoLogin", method = {RequestMethod.POST, RequestMethod.GET})
public String deepSsoLogin(HttpServletRequest request, HttpServletResponse response,
@RequestParam(required = false, value = "ssoToken") String ssoToken) {
String result = "fail";
if (StringUtils.isNotBlank(ssoToken)) {
try {
String responseData = sendGetSkipSSL(deepSsoAuthUrl + "?Authorization=" + ssoToken, null);
log.info("boss用户数据返回:" + JSON.toJSONString(responseData));
JSONObject resultJb = JSON.parseObject(responseData);
JSONObject resultData = resultJb.getJSONObject("data");
String userName = String.valueOf(resultData.get("employeeNumber"));
String userDName = String.valueOf(resultData.get("chineseName"));
List<Map<String, Object>> matchUser = authService.getUserByName(userName);
if (null == matchUser || matchUser.isEmpty()) {
Map<String, Object> toAdd = new HashMap<>();
toAdd.put("dname", userDName);
toAdd.put("name", userName);
toAdd.put("password", "37fa265330ad83eaa879efb1e2db6380896cf639");
authService.addUser(toAdd);
}
UserDetails userDetails = customizedUserDetailService.loadUserByUsername(userName);
UsernamePasswordAuthenticationToken authentication =
new UsernamePasswordAuthenticationToken(userDetails, userDetails.getPassword(), userDetails.getAuthorities());
authentication.setDetails(new WebAuthenticationDetails(request));
SecurityContextHolder.getContext().setAuthentication(authentication);
HttpSession session = request.getSession(true);
session.setAttribute("SPRING_SECURITY_CONTEXT", SecurityContextHolder.getContext());
result = "ok";
} catch (Exception e) {
log.error("deepSsoLogin error", e);
}
} else {
log.error("deepSsoLogin error", "no token");
}
return result;
}
@RequestMapping(value = "/lang", method = {RequestMethod.POST, RequestMethod.GET}) @RequestMapping(value = "/lang", method = {RequestMethod.POST, RequestMethod.GET})
public String setLANG(HttpServletRequest request, @RequestParam(value = "LANG", required = true) String LANG) { public String setLANG(HttpServletRequest request, @RequestParam(value = "LANG", required = true) String LANG) {
HttpSession session = request.getSession(); HttpSession session = request.getSession();
...@@ -128,6 +180,70 @@ public class LoginManagement { ...@@ -128,6 +180,70 @@ public class LoginManagement {
return session.getAttribute(Constants.Session_Lang).toString(); return session.getAttribute(Constants.Session_Lang).toString();
} }
@RequestMapping(value = "/test", method = {RequestMethod.POST, RequestMethod.GET})
public String test(HttpServletRequest request) {
Cookie[] cookies = request.getCookies();
if (cookies != null) {
log.info("---------cookies------------");
for (Cookie cookie : cookies) {
log.info(cookie.getName() + "----" + cookie.getValue());
}
}
try {
Enumeration<String> headers = request.getHeaderNames();
log.info("---------headers------------");
while (headers.hasMoreElements()) {
String key = headers.nextElement();
log.info(key + "----" + request.getHeader(key));
}
} catch (Exception e) {
e.printStackTrace();
}
try {
HttpSession session = request.getSession();
log.info("---------seesions------------");
Enumeration<String> enumeration = session.getAttributeNames();
while (enumeration.hasMoreElements()) {
String key = enumeration.nextElement();
log.info(key + "----" + session.getAttribute(key));
}
} catch (Exception e) {
e.printStackTrace();
}
try {
Enumeration<String> attributes = request.getAttributeNames();
log.info("---------attributes------------");
while (attributes.hasMoreElements()) {
String key = attributes.nextElement();
log.info(key + "----" + request.getAttribute(key));
}
} catch (Exception e) {
e.printStackTrace();
}
try {
Enumeration<String> params = request.getParameterNames();
log.info("---------params------------");
while (params.hasMoreElements()) {
String key = params.nextElement();
log.info(key + "----" + request.getParameter(key));
}
} catch (Exception e) {
e.printStackTrace();
}
return "test";
}
@RequestMapping(value = "/testBody", method = {RequestMethod.POST, RequestMethod.GET})
public @ResponseBody
Map<String, Object> testBody(HttpServletRequest request, HttpServletResponse response) {
Map<String, Object> rs = new HashMap<>();
rs.put("test", "test");
return rs;
}
/** /**
* 发送https请求并跳过ssl证书验证 * 发送https请求并跳过ssl证书验证
* 条件:请求体格式为json * 条件:请求体格式为json
...@@ -139,13 +255,22 @@ public class LoginManagement { ...@@ -139,13 +255,22 @@ public class LoginManagement {
CloseableHttpResponse response = null; CloseableHttpResponse response = null;
// 处理请求路径 // 处理请求路径
url = UriComponentsBuilder.fromHttpUrl(url) .toUriString(); url = UriComponentsBuilder.fromHttpUrl(url).toUriString();
//创建httpclient对象 //创建httpclient对象
CloseableHttpClient client = null; CloseableHttpClient client = null;
String respBody; String respBody;
client = HttpClients.custom().setSSLSocketFactory(new SSLConnectionSocketFactory(SSLContexts.custom()
.loadTrustMaterial(null, new TrustSelfSignedStrategy()).build(), NoopHostnameVerifier.INSTANCE)).build(); SSLContext sslContext = SSLContexts.custom().loadTrustMaterial(null, new TrustStrategy() {
//创建post方式请求对象 @Override
public boolean isTrusted(X509Certificate[] x509Certificates, String s) throws CertificateException {
return true;
}
}).build();
client = HttpClients.custom().setSSLContext(sslContext).
setSSLHostnameVerifier(new NoopHostnameVerifier()).build();
// client = HttpClients.custom().setSSLSocketFactory(new SSLConnectionSocketFactory(SSLContexts.custom()
// .loadTrustMaterial(null, new TrustSelfSignedStrategy()).build(), NoopHostnameVerifier.INSTANCE)).build();
HttpGet httpGet = new HttpGet(url); HttpGet httpGet = new HttpGet(url);
// 请求头设置 // 请求头设置
httpGet.setHeader("Content-Type", "application/json"); httpGet.setHeader("Content-Type", "application/json");
...@@ -154,9 +279,6 @@ public class LoginManagement { ...@@ -154,9 +279,6 @@ public class LoginManagement {
httpGet.setHeader(s, header.get(s)); httpGet.setHeader(s, header.get(s));
} }
} }
// if (body != null) {
// httpPost.setEntity(new StringEntity(JSON.toJSONString(body), "utf-8"));
// }
response = client.execute(httpGet); response = client.execute(httpGet);
org.apache.http.HttpEntity entity = response.getEntity(); org.apache.http.HttpEntity entity = response.getEntity();
if (entity != null) { if (entity != null) {
......
src/main/resources/application-local.yml
...@@ -39,4 +39,7 @@ Mcd: ...@@ -39,4 +39,7 @@ Mcd:
url: https://boss.sit.mcd.com.cn/api/inner/boss-api/foundation/sso/authenticate url: https://boss.sit.mcd.com.cn/api/inner/boss-api/foundation/sso/authenticate
header: McD-BOSS;PC header: McD-BOSS;PC
redirectUrl: http://10.126.147.58/center-home/menu/index redirectUrl: http://10.126.147.58/center-home/menu/index
defaultRoleId: 3
deepSso:
url: https://boss.sit.mcd.com.cn/api/inner/boss-api/foundation/user/whoami
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment