教育局单点登陆

pom.xml

@@ -98,6 +98,18 @@
 			<artifactId>fastjson</artifactId>
 			<version>1.2.73</version>
 		</dependency>
+		<!--json-lib -->
+		<dependency>
+			<groupId>net.sf.json-lib</groupId>
+			<artifactId>json-lib</artifactId>
+			<version>2.4</version>
+			<classifier>jdk15</classifier>
+		</dependency>
+		<dependency>
+			<groupId>net.sf.flexjson</groupId>
+			<artifactId>flexjson</artifactId>
+			<version>3.3</version>
+		</dependency>
 	</dependencies>
 
 	<dependencyManagement>

src/main/java/com/keymobile/proxy/conf/SecurityConfig.java

 package com.keymobile.proxy.conf;
 
-import com.alibaba.fastjson.JSONObject;
 import com.keymobile.proxy.api.Constants;
-import com.keymobile.proxy.api.SSOCtrl;
 import com.keymobile.proxy.model.Author;
 import com.keymobile.proxy.model.Domain;
 import com.keymobile.proxy.model.Role;
 import com.keymobile.proxy.service.AuthService;
+import com.keymobile.proxy.util.HttpClientUtil;
+import net.sf.json.JSONObject;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
-import org.springframework.http.*;
-import org.springframework.http.client.SimpleClientHttpRequestFactory;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
@@ -22,15 +20,16 @@ import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
-import org.springframework.util.MultiValueMap;
-import org.springframework.web.client.RestTemplate;
+import org.springframework.util.StringUtils;
 
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.util.ArrayList;
+import java.util.HashMap;
 import java.util.List;
+import java.util.Map;
 
 
 @Configuration
@@ -42,8 +41,8 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
     private RESTAuthenticationFailureHandler authenticationFailureHandler;
     @Autowired
     private RESTAuthenticationSuccessHandler authenticationSuccessHandler;
-    @Autowired
-    private RESTLogoutSuccessHandler logoutSuccessHandler;
+//    @Autowired
+//    private RESTLogoutSuccessHandler logoutSuccessHandler;
 
     @Autowired
     private AuthService authService;
@@ -51,59 +50,70 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
     @Value("${sso.url}")
     private String ssoUrl;
 
+    @Value("${client.id}")
+    private  String clientId;
+
+    @Value("${client.secret}")
+    private  String clientSecret;
+
     @Override
     protected void configure(HttpSecurity http) throws Exception {
         http.csrf().disable();
     }
 
+    // 获取 code ： http://cas.zua.edu.cn/oauth2.0/authorize?response_type=cod e&client_id=clientId&redirect_uri=ssoUrl   认证成功之后会跳转到 redirect_uri ,并且连接后面会带着code参数。
     @Bean
     public AbstractAuthenticationProcessingFilter authenticationFilter() throws Exception {
         AbstractAuthenticationProcessingFilter authenticationFilter = new AbstractAuthenticationProcessingFilter("/sso") {
             @Override
             public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException, IOException, ServletException {
-                String loginName = "";
-                String token = httpServletRequest.getParameter("token");
-                if(null == token){
+                //单点登录唯一入口 /sso?code=xxxxxx
+                //回调到这里获取用户的code
+                String code = httpServletRequest.getParameter("code");
+                if(null == code){
                     httpServletResponse.sendRedirect("/refuse?code=401");
                     return null;
                 }
-                String flag = checkToken(ssoUrl+"?token="+token,HttpMethod.POST,null);
-                if("".equals(flag)){
+                //获取 accessToken
+                //http://cas.zua.edu.cn/oauth2.0/accessToken?grant_type=authorization_code&client_id=xxx&client_secret=xx&redirect_uri=xx&code=xxx
+                Map map=new HashMap();
+                map.put("grant_type","authorization_code");
+                map.put("client_id",clientId);
+                map.put("clientSecret",clientSecret);
+                map.put("redirect_uri",ssoUrl);
+                map.put("code",code);
+                JSONObject jsonObject = JSONObject.fromObject(HttpClientUtil.doPost("http://cas.zua.edu.cn/oauth2.0/accessToken",map));
+                //返回内容 access_token=AT-1-vDqPefqwHJl39iUtsAh19oI1vwAIQn6k&expires_in=28800
+                String accessToken=jsonObject.get("accessToken").toString();
+                if (!StringUtils.isEmpty(accessToken)){
                     httpServletResponse.sendRedirect("/refuse?code=402");
                     return null;
-                }else{
-                    try {
-                        JSONObject jo = JSONObject.parseObject(flag);
-                        boolean success = jo.getBoolean("success");
-                        String message = jo.getString("message");
-                        if(!success){
-                            httpServletResponse.sendRedirect("/refuse?code=405");
-                            return null;
                 }
-                        JSONObject data = jo.getJSONObject("data");
-                        loginName = data.getString("loginName");
-                        String userName = data.getString("userName");
+                //根据token获取用户信息
+                Map map2=new HashMap();
+                map2.put("access_token=","authorization_code");
+                JSONObject object = JSONObject.fromObject(HttpClientUtil.doGet("http://cas.zua.edu.cn/oauth2.0/profile",map));
+                //返回内容 { "attributes" : { "changeCodeStatus" : "1", "credentialType" : "UsernamePasswordCredential", "id" : "1676604", "nickName" : "张凤元", "organizationId" : "104001000", "realName" : "张凤元", <真实姓名> "sex" : "0", <性别> "userNumber" : "003213" <学号/工号> },"id" : "003213" }
+                String loginName=object.get("id").toString();
+                if(!checkToken(loginName)){
+                    httpServletResponse.sendRedirect("/refuse?code=402");
+                    return null;
+                }else{
                     com.keymobile.proxy.model.User u = authService.getUserByName(loginName);
                     if (u == null) {
+                        //本系统用户不存在需要新增用户
                         u = new com.keymobile.proxy.model.User();
                         u.setName(loginName);
                         u.setPassword("37fa265330ad83eaa879efb1e2db6380896cf639");
-                            u.setDName(userName);
+                        u.setDName("userName");
                         u = authService.addUser(new Long[] { (long) 4 }, new Long[] {}, u);
                         this.logger.info("单点登录新增用户："+loginName);
                     }
                     this.logger.info(loginName+"单点登录成功");
-                    }catch (Exception e){
-                        e.printStackTrace();
-                        httpServletResponse.sendRedirect("/refuse?code=403");
-                        return null;
-                    }
                 }
 
+                //设置用户登陆权限
                 com.keymobile.proxy.model.User u = authService.getUserByName(loginName);
-//                if (u == null) {
-//                   // todo:
-//                }
 
                 List<GrantedAuthority> authorities = new ArrayList<>();
                 String userName = u.getName() + ":" + u.getId() + ":" + u.getDName();
@@ -128,6 +138,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
                 Authentication auth = new UsernamePasswordAuthenticationToken(new User(userName, "whatever", authorities), null, authorities);
                 return auth;
+                //最后进入RESTAuthenticationSuccessHandler类，重定向首页。
             }
         };
         authenticationFilter.setAuthenticationManager(authenticationManager());
@@ -135,23 +146,10 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
         return authenticationFilter;
     }
 
-    private String checkToken(String url, HttpMethod method, MultiValueMap<String, String> params) {
-        try{
-            SimpleClientHttpRequestFactory requestFactory = new SimpleClientHttpRequestFactory();
-            requestFactory.setConnectTimeout(10*1000);
-            requestFactory.setReadTimeout(10*1000);
-            RestTemplate client = new RestTemplate(requestFactory);
-            HttpHeaders headers = new HttpHeaders();
-            //  请勿轻易改变此提交方式，大部分的情况下，提交方式都是表单提交
-            headers.setContentType(MediaType.APPLICATION_FORM_URLENCODED);
-            HttpEntity<MultiValueMap<String, String>> requestEntity = new HttpEntity<MultiValueMap<String, String>>(params, headers);
-            //  执行HTTP请求
-            ResponseEntity<String> response = client.exchange(url, method, requestEntity, String.class);
-            return response.getBody();
-        }catch (Exception e){
-            e.printStackTrace();
-            return "";
-        }
+    private boolean checkToken(String token){
+        //具体项目需求，具体认证逻辑
+        return true;
     }
 
+
 }

src/main/java/com/keymobile/proxy/util/HttpClientUtil.java

+package com.keymobile.proxy.util;
+
+import org.apache.http.NameValuePair;
+import org.apache.http.client.entity.UrlEncodedFormEntity;
+import org.apache.http.client.methods.CloseableHttpResponse;
+import org.apache.http.client.methods.HttpGet;
+import org.apache.http.client.methods.HttpPost;
+import org.apache.http.client.utils.URIBuilder;
+import org.apache.http.entity.ContentType;
+import org.apache.http.entity.StringEntity;
+import org.apache.http.impl.client.CloseableHttpClient;
+import org.apache.http.impl.client.HttpClients;
+import org.apache.http.message.BasicNameValuePair;
+import org.apache.http.util.EntityUtils;
+
+import java.io.IOException;
+import java.net.URI;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * @author zhouzc@ewhale.com
+ * @version 1.0Z
+ * @description
+ * @data Created in 2018/11/17 0017 11:00
+ */
+public class HttpClientUtil {
+
+
+    public static String doGet(String url, Map<String, String> param) {
+
+        // 创建Httpclient对象
+        CloseableHttpClient httpclient = HttpClients.createDefault();
+
+        String resultString = "";
+        CloseableHttpResponse response = null;
+        try {
+            // 创建uri
+            URIBuilder builder = new URIBuilder(url);
+            if (param != null) {
+                for (String key : param.keySet()) {
+                    builder.addParameter(key, param.get(key));
+                }
+            }
+            URI uri = builder.build();
+
+            // 创建http GET请求
+            HttpGet httpGet = new HttpGet(uri);
+
+            // 执行请求
+            response = httpclient.execute(httpGet);
+            // 判断返回状态是否为200
+            if (response.getStatusLine().getStatusCode() == 200) {
+                resultString = EntityUtils.toString(response.getEntity(), "UTF-8");
+            }
+        } catch (Exception e) {
+            e.printStackTrace();
+        } finally {
+            try {
+                if (response != null) {
+                    response.close();
+                }
+                httpclient.close();
+            } catch (IOException e) {
+                e.printStackTrace();
+            }
+        }
+        return resultString;
+    }
+    public static String doGet(String url) {
+        return doGet(url, null);
+    }
+    public static String doPost(String url, Map<String, String> param) {
+        // 创建Httpclient对象
+        CloseableHttpClient httpClient = HttpClients.createDefault();
+        CloseableHttpResponse response = null;
+        String resultString = "";
+        try {
+            // 创建Http Post请求
+            HttpPost httpPost = new HttpPost(url);
+            // 创建参数列表
+            if (param != null) {
+                List<NameValuePair> paramList = new ArrayList<>();
+                for (String key : param.keySet()) {
+                    paramList.add(new BasicNameValuePair(key, param.get(key)));
+                }
+                // 模拟表单
+                UrlEncodedFormEntity entity = new UrlEncodedFormEntity(paramList);
+                httpPost.setEntity(entity);
+            }
+            // 执行http请求
+            response = httpClient.execute(httpPost);
+            resultString = EntityUtils.toString(response.getEntity(), "utf-8");
+        } catch (Exception e) {
+            e.printStackTrace();
+        } finally {
+            try {
+                response.close();
+            } catch (IOException e) {
+                // TODO Auto-generated catch block
+                e.printStackTrace();
+            }
+        }
+
+        return resultString;
+    }
+
+    public static String doPost(String url) {
+        return doPost(url, null);
+    }
+
+    public static String doPostJson(String url, String json) {
+        // 创建Httpclient对象
+        CloseableHttpClient httpClient = HttpClients.createDefault();
+        CloseableHttpResponse response = null;
+        String resultString = "";
+        try {
+            // 创建Http Post请求
+            HttpPost httpPost = new HttpPost(url);
+            // 创建请求内容
+            StringEntity entity = new StringEntity(json, ContentType.APPLICATION_JSON);
+            httpPost.setEntity(entity);
+            // 执行http请求
+            response = httpClient.execute(httpPost);
+            resultString = EntityUtils.toString(response.getEntity(), "utf-8");
+        } catch (Exception e) {
+            e.printStackTrace();
+        } finally {
+            try {
+                response.close();
+            } catch (IOException e) {
+                // TODO Auto-generated catch block
+                e.printStackTrace();
+            }
+        }
+        return resultString;
+    }
+
+    public static void main(String[] args) {
+        String data = HttpClientUtil.doPost("https://openapi.bestsign.cn:443/openapi/v2/contract/download/?developerId=1865813619904610913&rtick=15361564521240&signType=token&sign=eyJkZXZlbG9wZXJJZCI6IjE4NjU4MTM2MTk5MDQ2MTA5MTMiLCJjYXRhbG9nSWQiOiIiLCJjb250cmFjdElkIjoiMTUzNjE1NjQ1MDAxMDAwMDE0IiwiZXhwaXJlQXQiOiIxNjkzODM2NDUyIiwiYWNjb3VudCI6IjEzOTc2ODI5MDA2In0uMTUzNjE1NjQ1MjEyNDk5ODk_.fff1696b916f709a7c812a4aa41a9a27&contractId=153615645001000014&expireTime=1693836452");
+        if (data.equals("Can't find any router. (requestPath: /openapi/v2/contract/download/)")){
+            System.out.println("11111111111111111");
+        }
+        System.out.println("data = " + data);
+    }
+}

src/main/resources/application-test.yml

@@ -59,3 +59,7 @@ security:
 
 sso:
   url: http://localhost:8764/token
+
+client:
+  id: xxx
+  secret:
\ No newline at end of file