Skip to content

L
loginservice
Commit 2ca98103 by chenzx
Options

教育局单点登陆

parent 35121208
Showing with 212 additions and 50 deletions
pom.xml
......@@ -98,6 +98,18 @@
<artifactId>fastjson</artifactId>
<version>1.2.73</version>
</dependency>
<!--json-lib -->
<dependency>
<groupId>net.sf.json-lib</groupId>
<artifactId>json-lib</artifactId>
<version>2.4</version>
<classifier>jdk15</classifier>
</dependency>
<dependency>
<groupId>net.sf.flexjson</groupId>
<artifactId>flexjson</artifactId>
<version>3.3</version>
</dependency>
</dependencies>
<dependencyManagement>
......
src/main/java/com/keymobile/proxy/conf/SecurityConfig.java
package com.keymobile.proxy.conf;
import com.alibaba.fastjson.JSONObject;
import com.keymobile.proxy.api.Constants;
import com.keymobile.proxy.api.SSOCtrl;
import com.keymobile.proxy.model.Author;
import com.keymobile.proxy.model.Domain;
import com.keymobile.proxy.model.Role;
import com.keymobile.proxy.service.AuthService;
import com.keymobile.proxy.util.HttpClientUtil;
import net.sf.json.JSONObject;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.http.*;
import org.springframework.http.client.SimpleClientHttpRequestFactory;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
......@@ -22,15 +20,16 @@ import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.util.MultiValueMap;
import org.springframework.web.client.RestTemplate;
import org.springframework.util.StringUtils;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
@Configuration
......@@ -42,8 +41,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
private RESTAuthenticationFailureHandler authenticationFailureHandler;
@Autowired
private RESTAuthenticationSuccessHandler authenticationSuccessHandler;
@Autowired
private RESTLogoutSuccessHandler logoutSuccessHandler;
// @Autowired
// private RESTLogoutSuccessHandler logoutSuccessHandler;
@Autowired
private AuthService authService;
......@@ -51,59 +50,70 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
@Value("${sso.url}")
private String ssoUrl;
@Value("${client.id}")
private String clientId;
@Value("${client.secret}")
private String clientSecret;
@Override
protected void configure(HttpSecurity http) throws Exception {
http.csrf().disable();
}
// 获取 code : http://cas.zua.edu.cn/oauth2.0/authorize?response_type=cod e&client_id=clientId&redirect_uri=ssoUrl 认证成功之后会跳转到 redirect_uri ,并且连接后面会带着code参数。
@Bean
public AbstractAuthenticationProcessingFilter authenticationFilter() throws Exception {
AbstractAuthenticationProcessingFilter authenticationFilter = new AbstractAuthenticationProcessingFilter("/sso") {
@Override
public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException, IOException, ServletException {
String loginName = "";
String token = httpServletRequest.getParameter("token");
if(null == token){
//单点登录唯一入口 /sso?code=xxxxxx
//回调到这里获取用户的code
String code = httpServletRequest.getParameter("code");
if(null == code){
httpServletResponse.sendRedirect("/refuse?code=401");
return null;
}
String flag = checkToken(ssoUrl+"?token="+token,HttpMethod.POST,null);
if("".equals(flag)){
//获取 accessToken
//http://cas.zua.edu.cn/oauth2.0/accessToken?grant_type=authorization_code&client_id=xxx&client_secret=xx&redirect_uri=xx&code=xxx
Map map=new HashMap();
map.put("grant_type","authorization_code");
map.put("client_id",clientId);
map.put("clientSecret",clientSecret);
map.put("redirect_uri",ssoUrl);
map.put("code",code);
JSONObject jsonObject = JSONObject.fromObject(HttpClientUtil.doPost("http://cas.zua.edu.cn/oauth2.0/accessToken",map));
//返回内容 access_token=AT-1-vDqPefqwHJl39iUtsAh19oI1vwAIQn6k&expires_in=28800
String accessToken=jsonObject.get("accessToken").toString();
if (!StringUtils.isEmpty(accessToken)){
httpServletResponse.sendRedirect("/refuse?code=402");
return null;
}else{
try {
JSONObject jo = JSONObject.parseObject(flag);
boolean success = jo.getBoolean("success");
String message = jo.getString("message");
if(!success){
httpServletResponse.sendRedirect("/refuse?code=405");
return null;
}
JSONObject data = jo.getJSONObject("data");
loginName = data.getString("loginName");
String userName = data.getString("userName");
//根据token获取用户信息
Map map2=new HashMap();
map2.put("access_token=","authorization_code");
JSONObject object = JSONObject.fromObject(HttpClientUtil.doGet("http://cas.zua.edu.cn/oauth2.0/profile",map));
//返回内容 { "attributes" : { "changeCodeStatus" : "1", "credentialType" : "UsernamePasswordCredential", "id" : "1676604", "nickName" : "张凤元", "organizationId" : "104001000", "realName" : "张凤元", <真实姓名> "sex" : "0", <性别> "userNumber" : "003213" <学号/工号> },"id" : "003213" }
String loginName=object.get("id").toString();
if(!checkToken(loginName)){
httpServletResponse.sendRedirect("/refuse?code=402");
return null;
}else{
com.keymobile.proxy.model.User u = authService.getUserByName(loginName);
if (u == null) {
//本系统用户不存在需要新增用户
u = new com.keymobile.proxy.model.User();
u.setName(loginName);
u.setPassword("37fa265330ad83eaa879efb1e2db6380896cf639");
u.setDName(userName);
u.setDName("userName");
u = authService.addUser(new Long[] { (long) 4 }, new Long[] {}, u);
this.logger.info("单点登录新增用户:"+loginName);
}
this.logger.info(loginName+"单点登录成功");
}catch (Exception e){
e.printStackTrace();
httpServletResponse.sendRedirect("/refuse?code=403");
return null;
}
}
//设置用户登陆权限
com.keymobile.proxy.model.User u = authService.getUserByName(loginName);
// if (u == null) {
// // todo:
// }
List<GrantedAuthority> authorities = new ArrayList<>();
String userName = u.getName() + ":" + u.getId() + ":" + u.getDName();
......@@ -128,6 +138,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
Authentication auth = new UsernamePasswordAuthenticationToken(new User(userName, "whatever", authorities), null, authorities);
return auth;
//最后进入RESTAuthenticationSuccessHandler类,重定向首页。
}
};
authenticationFilter.setAuthenticationManager(authenticationManager());
......@@ -135,23 +146,10 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
return authenticationFilter;
}
private String checkToken(String url, HttpMethod method, MultiValueMap<String, String> params) {
try{
SimpleClientHttpRequestFactory requestFactory = new SimpleClientHttpRequestFactory();
requestFactory.setConnectTimeout(10*1000);
requestFactory.setReadTimeout(10*1000);
RestTemplate client = new RestTemplate(requestFactory);
HttpHeaders headers = new HttpHeaders();
// 请勿轻易改变此提交方式,大部分的情况下,提交方式都是表单提交
headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
HttpEntity<MultiValueMap<String, String>> requestEntity = new HttpEntity<MultiValueMap<String, String>>(params, headers);
// 执行HTTP请求
ResponseEntity<String> response = client.exchange(url, method, requestEntity, String.class);
return response.getBody();
}catch (Exception e){
e.printStackTrace();
return "";
}
private boolean checkToken(String token){
//具体项目需求,具体认证逻辑
return true;
}
}
src/main/java/com/keymobile/proxy/util/HttpClientUtil.java 0 → 100644
package com.keymobile.proxy.util;
import org.apache.http.NameValuePair;
import org.apache.http.client.entity.UrlEncodedFormEntity;
import org.apache.http.client.methods.CloseableHttpResponse;
import org.apache.http.client.methods.HttpGet;
import org.apache.http.client.methods.HttpPost;
import org.apache.http.client.utils.URIBuilder;
import org.apache.http.entity.ContentType;
import org.apache.http.entity.StringEntity;
import org.apache.http.impl.client.CloseableHttpClient;
import org.apache.http.impl.client.HttpClients;
import org.apache.http.message.BasicNameValuePair;
import org.apache.http.util.EntityUtils;
import java.io.IOException;
import java.net.URI;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
/**
* @author zhouzc@ewhale.com
* @version 1.0Z
* @description
* @data Created in 2018/11/17 0017 11:00
*/
public class HttpClientUtil {
public static String doGet(String url, Map<String, String> param) {
// 创建Httpclient对象
CloseableHttpClient httpclient = HttpClients.createDefault();
String resultString = "";
CloseableHttpResponse response = null;
try {
// 创建uri
URIBuilder builder = new URIBuilder(url);
if (param != null) {
for (String key : param.keySet()) {
builder.addParameter(key, param.get(key));
}
}
URI uri = builder.build();
// 创建http GET请求
HttpGet httpGet = new HttpGet(uri);
// 执行请求
response = httpclient.execute(httpGet);
// 判断返回状态是否为200
if (response.getStatusLine().getStatusCode() == 200) {
resultString = EntityUtils.toString(response.getEntity(), "UTF-8");
}
} catch (Exception e) {
e.printStackTrace();
} finally {
try {
if (response != null) {
response.close();
}
httpclient.close();
} catch (IOException e) {
e.printStackTrace();
}
}
return resultString;
}
public static String doGet(String url) {
return doGet(url, null);
}
public static String doPost(String url, Map<String, String> param) {
// 创建Httpclient对象
CloseableHttpClient httpClient = HttpClients.createDefault();
CloseableHttpResponse response = null;
String resultString = "";
try {
// 创建Http Post请求
HttpPost httpPost = new HttpPost(url);
// 创建参数列表
if (param != null) {
List<NameValuePair> paramList = new ArrayList<>();
for (String key : param.keySet()) {
paramList.add(new BasicNameValuePair(key, param.get(key)));
}
// 模拟表单
UrlEncodedFormEntity entity = new UrlEncodedFormEntity(paramList);
httpPost.setEntity(entity);
}
// 执行http请求
response = httpClient.execute(httpPost);
resultString = EntityUtils.toString(response.getEntity(), "utf-8");
} catch (Exception e) {
e.printStackTrace();
} finally {
try {
response.close();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
return resultString;
}
public static String doPost(String url) {
return doPost(url, null);
}
public static String doPostJson(String url, String json) {
// 创建Httpclient对象
CloseableHttpClient httpClient = HttpClients.createDefault();
CloseableHttpResponse response = null;
String resultString = "";
try {
// 创建Http Post请求
HttpPost httpPost = new HttpPost(url);
// 创建请求内容
StringEntity entity = new StringEntity(json, ContentType.APPLICATION_JSON);
httpPost.setEntity(entity);
// 执行http请求
response = httpClient.execute(httpPost);
resultString = EntityUtils.toString(response.getEntity(), "utf-8");
} catch (Exception e) {
e.printStackTrace();
} finally {
try {
response.close();
} catch (IOException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
}
return resultString;
}
public static void main(String[] args) {
String data = HttpClientUtil.doPost("https://openapi.bestsign.cn:443/openapi/v2/contract/download/?developerId=1865813619904610913&rtick=15361564521240&signType=token&sign=eyJkZXZlbG9wZXJJZCI6IjE4NjU4MTM2MTk5MDQ2MTA5MTMiLCJjYXRhbG9nSWQiOiIiLCJjb250cmFjdElkIjoiMTUzNjE1NjQ1MDAxMDAwMDE0IiwiZXhwaXJlQXQiOiIxNjkzODM2NDUyIiwiYWNjb3VudCI6IjEzOTc2ODI5MDA2In0uMTUzNjE1NjQ1MjEyNDk5ODk_.fff1696b916f709a7c812a4aa41a9a27&contractId=153615645001000014&expireTime=1693836452");
if (data.equals("Can't find any router. (requestPath: /openapi/v2/contract/download/)")){
System.out.println("11111111111111111");
}
System.out.println("data = " + data);
}
}
src/main/resources/application-test.yml
......@@ -59,3 +59,7 @@ security:
sso:
url: http://localhost:8764/token
client:
id: xxx
secret:
\ No newline at end of file
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment