Ad认证

320344be · hzc · 76de4ec6 · 320344be · 320344be · 320344be
Commit 320344be authored Jun 21, 2021 by hzc
4 changed files
--- a/src/main/java/com/keymobile/proxy/conf/RESTAuthenticationSuccessHandler.java
+++ b/src/main/java/com/keymobile/proxy/conf/RESTAuthenticationSuccessHandler.java
@@ -9,11 +9,14 @@ import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationSuccessHandler;
+import org.springframework.security.web.csrf.HttpSessionCsrfTokenRepository;
+import org.springframework.security.web.server.csrf.CsrfToken;
 import org.springframework.stereotype.Component;

 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 import java.io.IOException;
 import java.io.PrintWriter;

@@ -25,9 +28,24 @@ public class RESTAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuc
 	@Value("${security.allowRootLogin:true}")
 	private boolean rootAllowLogin = true;

+    @Value("${auth-login.adAuth}")
+    private Boolean authAdLogin;
+
+    @Value("${auth-login.isgo}")
+    private Boolean authAdIsgo;
+
+
+
    @Override
    public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response,
                                        Authentication authentication) throws IOException, ServletException {
+
+        HttpSession session = request.getSession();
+        Object csrf_token = session.getAttribute("_csrf");
+      // session.getAttribute("_csrf");
+      //  String headerName = csrf_token.getHeaderName();
+       // String parameterName = csrf_token.getParameterName();
+
        clearAuthenticationAttributes(request);
        String data = (String) request.getSession().getAttribute("ssoLogin");
        System.out.println("come onAuthenticationSuccess here");
@@ -43,16 +61,16 @@ public class RESTAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuc
        }else{
            logger.info("RESTAuthenticationSuccessHandler--SessionID-->"+request.getSession().getId());
        }
-
        UserDetails userDetails = (UserDetails) authentication.getPrincipal();
        String userNameWithIdAttached = userDetails.getUsername();
        if (userNameWithIdAttached.split(":")[0].equalsIgnoreCase("root")
-        		&& !rootAllowLogin) 
-        	returnStatus = "root not allow login";
+                && !rootAllowLogin)
+            returnStatus = "root not allow login";

        LogManager.logInfo(Constants.LOG_AUTH_LOGIN_API, "登录", null);
-        response.sendRedirect("/go");
-
+        if(authAdIsgo){
+            response.sendRedirect("/go");
+        }
        PrintWriter writer = response.getWriter();
        writer.write(returnStatus);
        writer.flush();

--- a/src/main/java/com/keymobile/proxy/conf/SecurityConfig.java
+++ b/src/main/java/com/keymobile/proxy/conf/SecurityConfig.java
@@ -32,6 +32,7 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.sql.DataSource;
 import java.io.IOException;
+import java.io.PrintWriter;
 import java.util.ArrayList;
 import java.util.List;
 import java.util.Properties;
@@ -92,12 +93,14 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
        http.formLogin().successHandler(authenticationSuccessHandler);
        http.formLogin().failureHandler(authenticationFailureHandler);
        http.formLogin().loginPage("/login");
-        http.formLogin().loginProcessingUrl("/signin");
+       // http.formLogin().loginProcessingUrl("/signin");
        http.logout().logoutUrl("/signout");
        http.logout().logoutSuccessHandler(logoutSuccessHandler);
        http.sessionManagement().maximumSessions(1).expiredUrl("/login");
    }

+
+
    @Bean
    public AbstractAuthenticationProcessingFilter authenticationFilter() throws Exception {
        AbstractAuthenticationProcessingFilter authenticationFilter = new AbstractAuthenticationProcessingFilter("/ssoauth") {
@@ -116,23 +119,37 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
                if (authAdLogin) {
                    Des des = new Des();
                    String pwd = des.strDec(portal_password, key);
-                    logger.info("sso login param->userName:"+username+" pwd:"+pwd);
+              //      logger.info("sso login param->userName:"+username+" pwd:"+pwd);
                    if(!authenticate(username,pwd)){
-                        httpServletResponse.sendError(200,CallBack+"({'query':{'results':{'postresult':'portal_ssologin_fali'}}});");
+                      //  httpServletResponse.sendError(200,CallBack+"({'query':{'results':{'postresult':'portal_ssologin_fali'}}});");
+                        PrintWriter writer = httpServletResponse.getWriter();
+                        writer.write(CallBack+"({'query':{'results':{'postresult':'portal_ssologin_fali'}}});");
+                        writer.flush();
+                        writer.close();
+
                        return null;
                    }
                }
                httpServletRequest.getSession().setAttribute("ssoLogin",CallBack+"({'query':{'results':{'postresult':'portal_ssologin_succeed'}}});");
+//
                com.keymobile.proxy.model.User user = portalService.getUserByUserId(username);
                if (user == null) {
                    logger.error(username + " is not exit");
-                    httpServletResponse.sendError(200,CallBack+"({'query':{'results':{'postresult':'portal_ssologin_fali'}}});");
+                 //   httpServletResponse.sendError(200,CallBack+"({'query':{'results':{'postresult':'portal_ssologin_fali'}}});");
+                    PrintWriter writer = httpServletResponse.getWriter();
+                    writer.write(CallBack+"({'query':{'results':{'postresult':'portal_ssologin_fali'}}});");
+                    writer.flush();
+                    writer.close();
                    return null;
                }
                if (! authAdLogin) {
                    if (! StringUtils.equals(user.getPassword(), portal_password)) {
-                        logger.error(username + " password:" + portal_password + " is error");
-                        httpServletResponse.sendError(200,CallBack+"({'query':{'results':{'postresult':'portal_ssologin_fali'}}});");
+                        logger.error(username + " password is error");
+                        //httpServletResponse.sendError(200,CallBack+"({'query':{'results':{'postresult':'portal_ssologin_fali'}}});");
+                        PrintWriter writer = httpServletResponse.getWriter();
+                        writer.write(CallBack+"({'query':{'results':{'postresult':'portal_ssologin_fali'}}});");
+                        writer.flush();
+                        writer.close();
                        return null;
                    }
                }
@@ -148,11 +165,84 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
                return new UsernamePasswordAuthenticationToken(new User(userName, user.getPassword(), authorities), null, authorities);
            }
        };
+
+
+
        authenticationFilter.setAuthenticationManager(authenticationManager());
        authenticationFilter.setAuthenticationSuccessHandler(authenticationSuccessHandler);
        return authenticationFilter;
    }
+    @Bean
+    public AbstractAuthenticationProcessingFilter authenticationFilter1() throws Exception {
+        AbstractAuthenticationProcessingFilter authenticationFilter = new AbstractAuthenticationProcessingFilter("/signin") {
+            @Override
+            public Authentication attemptAuthentication(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticationException, IOException, ServletException {
+                String portal_actionURL = httpServletRequest.getParameter("portal_actionURL");
+                String username = httpServletRequest.getParameter("username");
+                String portal_password = httpServletRequest.getParameter("password");
+                String CallBack = "";
+                if(null == username || null == portal_password){
+                   // httpServletResponse.sendError(200,"sso login url missing request param");
+                    httpServletResponse.setStatus(401);
+                    PrintWriter writer = httpServletResponse.getWriter();
+                    writer.write(CallBack+"({'query':{'results':{'postresult':'portal_ssologin_fali'}}});");
+                    writer.flush();
+                    writer.close();
+                    return null;
+                }
+                if (authAdLogin) {
+                   // logger.info("signin login param->userName:"+username+" pwd:"+portal_password);

+                    if(!authenticate(username,portal_password)){
+                        httpServletResponse.setStatus(401);
+                        PrintWriter writer = httpServletResponse.getWriter();
+                        writer.write(CallBack+"({'query':{'results':{'postresult':'portal_ssologin_fali'}}});");
+                        writer.flush();
+                        writer.close();
+                        //  httpServletResponse.sendError(200,CallBack+"({'query':{'results':{'postresult':'portal_ssologin_fali'}}});");
+                        return null;
+                    }
+                }
+               httpServletRequest.getSession().setAttribute("ssoLogin","ok");
+                com.keymobile.proxy.model.User user = portalService.getUserByUserId(username);
+                if (user == null) {
+                    logger.error(username + " is not exit");
+                   // httpServletResponse.sendError(200,CallBack+"({'query':{'results':{'postresult':'portal_ssologin_fali'}}});");
+                    httpServletResponse.setStatus(401);
+                    PrintWriter writer = httpServletResponse.getWriter();
+                    writer.write(CallBack+"({'query':{'results':{'postresult':'portal_ssologin_fali'}}});");
+                    writer.flush();
+                    writer.close();
+                    return null;
+                }
+                if (! authAdLogin) {
+                    if (! StringUtils.equals(user.getPassword(), portal_password)) {
+                        logger.error(username + " password is error");
+                        httpServletResponse.setStatus(401);
+                        PrintWriter writer = httpServletResponse.getWriter();
+                        writer.write(CallBack+"({'query':{'results':{'postresult':'portal_ssologin_fali'}}});");
+                        writer.flush();
+                        writer.close();
+                    //    httpServletResponse.sendError(200,CallBack+"({'query':{'results':{'postresult':'portal_ssologin_fali'}}});");
+                        return null;
+                    }
+                }
+                List<GrantedAuthority> authorities = new ArrayList<>();
+                String userName = user.getUserId() + ":" + user.getId() + ":" + user.getDisname() + ":" + user.getOrgNo();
+                List<String> authors = portalService.getByUserId(username);
+                if (! CollectionUtils.isEmpty(authors)) {
+                    for (String author : authors) {
+                        GrantedAuthority authorityInfo = new SimpleGrantedAuthority(Constants.ROLE_PREFIX + author);
+                        authorities.add(authorityInfo);
+                    }
+                }
+                return new UsernamePasswordAuthenticationToken(new User(userName, user.getPassword(), authorities), null, authorities);
+            }
+        };
+        authenticationFilter.setAuthenticationManager(authenticationManager());
+        authenticationFilter.setAuthenticationSuccessHandler(authenticationSuccessHandler);
+        return authenticationFilter;
+    }
    /**
     * 验证用户登录
     *

--- a/src/main/java/com/keymobile/proxy/service/PortalService.java
+++ b/src/main/java/com/keymobile/proxy/service/PortalService.java
@@ -18,4 +18,7 @@ public interface PortalService {
    @GetMapping("/author/getByUserId")
    List<String> getByUserId(@RequestParam String userId);

+    @GetMapping("/role/getByIds")
+    List<Object> getRolesByIds(@RequestParam("roleIds")List<String> roleIds);
+
 }
--- a/src/main/resources/application-local.yml
+++ b/src/main/resources/application-local.yml
@@ -9,8 +9,15 @@ spring:
    redis:
      namespace: hyycdev
  redis:
-    host: localhost
+    host: 127.0.0.1
    port: 6379
+#  session:
+#    store-type: redis
+#    redis:
+#      namespace: hyycdev
+#  redis:
+#    host: localhost
+#    port: 6379
  datasource:
    url: jdbc:mysql://139.198.127.54:9306/xchyindicators?autoReconnect=true&useUnicode=true&characterEncoding=UTF-8&rewriteBatchedStatements=true&useSSL=false&serverTimezone=UTC
    username: test
@@ -30,7 +37,7 @@ eureka:
    region: default
    registryFetchIntervalSeconds: 5
    serviceUrl:
-      defaultZone: http://localhost:8081/eureka/
+      defaultZone: http://127.0.0.1:9000/eureka/ #http://localhost:8081/eureka/

 zuul:
  prefix: /api
@@ -54,4 +61,5 @@ ad-authenticate:
  provider-url: ldap://hntobacco.com:389

 auth-login:
-  adAuth: false
\ No newline at end of file
+  adAuth: false
+  isgo: true
\ No newline at end of file