sso整合，原来的登陆有问题

c0315a76 · hzc · 320344be · c0315a76 · c0315a76 · c0315a76
Commit c0315a76 authored Jun 25, 2021 by hzc
9 changed files
--- a/lib/portal-sso-client-0.0.1-SNAPSHOT.jar
+++ b/lib/portal-sso-client-0.0.1-SNAPSHOT.jar
--- a/lib/portal-sso-core-0.0.1-SNAPSHOT.jar
+++ b/lib/portal-sso-core-0.0.1-SNAPSHOT.jar
--- a/pom.xml
+++ b/pom.xml
@@ -15,6 +15,7 @@
 		<groupId>org.springframework.boot</groupId>
 		<artifactId>spring-boot-starter-parent</artifactId>
 		<version>2.0.4.RELEASE</version>
+
 		<relativePath />
 	</parent>

@@ -23,6 +24,8 @@
 		<project.reporting.outputEncoding>UTF-8</project.reporting.outputEncoding>
 		<java.version>1.8</java.version>
 		<spring-cloud.version>Finchley.RELEASE</spring-cloud.version>
+		<hutool.version>5.6.3</hutool.version>
+		<bcprov-jdk.version>1.66</bcprov-jdk.version>
 	</properties>

 	<dependencies>
@@ -125,6 +128,36 @@
 			<scope>provided</scope>
 		</dependency>

+		<dependency>
+			<groupId>com.portal.sso</groupId>
+			<artifactId>portal-sso-client</artifactId>
+			<version>0.0.1-SNAPSHOT</version>
+			<scope>system</scope>
+			<systemPath>${project.basedir}/lib/portal-sso-client-0.0.1-SNAPSHOT.jar</systemPath>
+		</dependency>
+		<dependency>
+			<groupId>com.portal.sso</groupId>
+			<artifactId>portal-sso-core</artifactId>
+			<version>0.0.1-SNAPSHOT</version>
+			<scope>system</scope>
+			<systemPath>${project.basedir}/lib/portal-sso-core-0.0.1-SNAPSHOT.jar</systemPath>
+		</dependency>
+		<dependency>
+			<groupId>cn.hutool</groupId>
+			<artifactId>hutool-all</artifactId>
+			<version>${hutool.version}</version>
+		</dependency>
+		<!--国密算法支持包-->
+		<dependency>
+			<groupId>org.bouncycastle</groupId>
+			<artifactId>bcprov-jdk15to18</artifactId>
+			<version>${bcprov-jdk.version}</version>
+		</dependency>
+		<dependency>
+			<groupId>io.jsonwebtoken</groupId>
+			<artifactId>jjwt</artifactId>
+			<version>0.9.1</version>
+		</dependency>
 	</dependencies>

 	<dependencyManagement>
@@ -143,6 +176,21 @@
 		<finalName>mdslogin</finalName>
 		<plugins>
 			<plugin>
+			<groupId>org.apache.maven.plugins</groupId>
+			<artifactId>maven-war-plugin</artifactId>
+			<configuration>
+				<webResources>
+					<resource>
+						<directory>${project.basedir}/lib</directory>
+						<targetPath>WEB-INF/lib</targetPath>
+						<includes>
+							<include>**/*.jar</include>
+						</includes>
+					</resource>
+				</webResources>
+			</configuration>
+          </plugin>
+			<plugin>
 				<groupId>org.springframework.boot</groupId>
 				<artifactId>spring-boot-maven-plugin</artifactId>
 			</plugin>

--- a/src/main/java/com/keymobile/proxy/conf/ClientSsoConfig.java
+++ b/src/main/java/com/keymobile/proxy/conf/ClientSsoConfig.java
+package com.keymobile.proxy.conf;
+
+import com.keymobile.proxy.model.SsoServerProcesssor;
+import com.portal.sso.client.filter.WebAppFilter;
+import com.portal.sso.core.config.SsoConfig;
+import com.portal.sso.core.server.JwtServerHander;
+import com.portal.sso.core.server.RequestServerHandler;
+import com.portal.sso.core.server.VerificationTgtServer;
+import com.portal.sso.core.server.impl.JwtServerHanderImpl;
+import com.portal.sso.core.server.impl.RequestServerHandlerImpl;
+import com.portal.sso.core.server.impl.VerificationTgtServerImpl;
+import org.springframework.beans.factory.DisposableBean;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.boot.web.servlet.FilterRegistrationBean;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+
+@Configuration
+public class ClientSsoConfig implements DisposableBean {
+    @Autowired
+    SsoServerProcesssor ssoServerProcesssor;
+    @Value("${portal.sso.server}")
+    private String ssoServer;
+
+    @Value("${portal.sso.logout.path}")
+    private String ssoLogoutPath;
+
+    @Value("${portal.sso.excluded.paths}")
+    private String ssoExcludedPaths;
+
+
+    @Bean
+    public WebAppFilter webAppFilter(){
+        return new WebAppFilter();
+    }
+    @Bean
+    public RequestServerHandler requestServerHandler(){
+        return new RequestServerHandlerImpl();
+    }
+    @Bean
+    public VerificationTgtServer verificationTgtServer(){
+        VerificationTgtServer server = new VerificationTgtServerImpl();
+        server.setClientAppId(ssoServerProcesssor.getClientAppId());
+        server.setClientSecret(ssoServerProcesssor.getClientSecret());
+        server.setJwtServerHander(jwtServerHanderImpl());
+        return server;
+    }
+    @Bean
+    public JwtServerHander jwtServerHanderImpl(){
+        return new JwtServerHanderImpl();
+    }
+
+
+    @Bean
+    public FilterRegistrationBean PortalSsoFilterRegistration() {
+
+        // 注册拦截器
+        FilterRegistrationBean registration = new FilterRegistrationBean();
+
+        registration.setName("WebAppFilter");
+        registration.setOrder(1);
+        registration.addUrlPatterns("/*");
+        registration.setFilter(webAppFilter());
+        registration.addInitParameter(SsoConfig.SSO_CLIENT_SERVER, ssoServer);
+        registration.addInitParameter(SsoConfig.SSO_CLIENT_LOGOUT_PATH, ssoLogoutPath);
+        registration.addInitParameter(SsoConfig.SSO_CLIENT_EXCLUDED_PATHS, ssoExcludedPaths);
+        registration.addInitParameter(SsoConfig.SSO_APP_ID, ssoServerProcesssor.getClientAppId());
+        registration.addInitParameter(SsoConfig.SSO_SERVER_LOGIN_PATHS, ssoServerProcesssor.getLoginPath());
+
+        return registration;
+    }
+    @Override
+    public void destroy() throws Exception {
+        System.out.println("拦截器已执行完毕");
+    }
+}
--- a/src/main/java/com/keymobile/proxy/conf/RESTAuthenticationSuccessHandler.java
+++ b/src/main/java/com/keymobile/proxy/conf/RESTAuthenticationSuccessHandler.java
@@ -2,6 +2,7 @@ package com.keymobile.proxy.conf;

 import com.keymobile.proxy.api.Constants;
 import com.keymobile.proxy.util.LogManager;
+import org.apache.commons.lang.BooleanUtils;
 import org.apache.commons.lang.StringUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -28,12 +29,16 @@ public class RESTAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuc
 	@Value("${security.allowRootLogin:true}")
 	private boolean rootAllowLogin = true;

-    @Value("${auth-login.adAuth}")
+    @Value("${portal.ad-auth.enable}")
    private Boolean authAdLogin;

-    @Value("${auth-login.isgo}")
+    //@Value("${auth-login.isgo}")
+    @Value("${portal.ad-auth.isgo}")
    private Boolean authAdIsgo;

+    //首页
+    @Value("${redirect-url.data-platform}")
+    private String go;


    @Override
@@ -42,12 +47,11 @@ public class RESTAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuc

        HttpSession session = request.getSession();
        Object csrf_token = session.getAttribute("_csrf");
-      // session.getAttribute("_csrf");
-      //  String headerName = csrf_token.getHeaderName();
-       // String parameterName = csrf_token.getParameterName();
+

        clearAuthenticationAttributes(request);
-        String data = (String) request.getSession().getAttribute("ssoLogin");
+        String sso = (String) request.getSession().getAttribute("ssoLogin");
+        String data = (String) request.getSession().getAttribute("loginMsg");
        System.out.println("come onAuthenticationSuccess here");
        if(null == data){
            logger.info("getAttribute('ssoLogin') is null");
@@ -68,7 +72,15 @@ public class RESTAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuc
            returnStatus = "root not allow login";

        LogManager.logInfo(Constants.LOG_AUTH_LOGIN_API, "登录", null);
-        if(authAdIsgo){
+        System.out.println("ssoMsg="+sso);
+        if(null==sso || "".equals(sso.trim())){
+            System.out.println("走登录页面登录");
+        }else{
+            System.out.println("走单点登录");
+            response.sendRedirect(go);
+        }
+        if(BooleanUtils.isTrue(authAdIsgo)&&BooleanUtils.isTrue(authAdLogin)){
+            System.out.println("走AD跳转");
            response.sendRedirect("/go");
        }
        PrintWriter writer = response.getWriter();

--- a/src/main/java/com/keymobile/proxy/conf/SecurityConfig.java
+++ b/src/main/java/com/keymobile/proxy/conf/SecurityConfig.java
--- a/src/main/java/com/keymobile/proxy/model/SsoServerProcesssor.java
+++ b/src/main/java/com/keymobile/proxy/model/SsoServerProcesssor.java
+package com.keymobile.proxy.model;
+
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.stereotype.Component;
+
+@Component
+public class SsoServerProcesssor {
+    @Value("${portal.sso.appid}")
+    private String clientAppId;
+    @Value("${portal.sso.secret}")
+    private String clientSecret;
+    @Value("${portal.sso.login.path}")
+    private String loginPath;
+
+
+    public String getClientAppId() {
+        return clientAppId;
+    }
+
+    public void setClientAppId(String clientAppId) {
+        this.clientAppId = clientAppId;
+    }
+
+    public String getClientSecret() {
+        return clientSecret;
+    }
+
+    public void setClientSecret(String clientSecret) {
+        this.clientSecret = clientSecret;
+    }
+
+    public String getLoginPath() {
+        return loginPath;
+    }
+
+    public void setLoginPath(String loginPath) {
+        this.loginPath = loginPath;
+    }
+}
--- a/src/main/resources/application-local.yml
+++ b/src/main/resources/application-local.yml
@@ -9,8 +9,8 @@ spring:
    redis:
      namespace: hyycdev
  redis:
-    host: 127.0.0.1
-    port: 6379
+    host: 139.198.127.54
+    port: 9379
 #  session:
 #    store-type: redis
 #    redis:
@@ -37,7 +37,7 @@ eureka:
    region: default
    registryFetchIntervalSeconds: 5
    serviceUrl:
-      defaultZone: http://127.0.0.1:9000/eureka/ #http://localhost:8081/eureka/
+      defaultZone: http://192.168.0.230:7081/eureka/ #http://localhost:8081/eureka/

 zuul:
  prefix: /api
@@ -53,13 +53,33 @@ logging:
    com.keymobile.proxy: info
  config: classpath:logback-custom.xml

-redirect-url:
-  indicator: http://139.198.127.54:18580/hndb/view/index

-ad-authenticate:
-  domain: hntobacco.com
-  provider-url: ldap://hntobacco.com:389
+#ad-authenticate:
+#  domain: hntobacco.com
+#  provider-url: ldap://hntobacco.com:389

-auth-login:
-  adAuth: false
-  isgo: true
\ No newline at end of file
+#auth-login:
+#  adAuth: false
+#  isgo: true
+#  ssoAuth: true #ture走单点认证,,false就走原来的AD
+redirect-url:
+  data-platform: http://192.168.0.216:9090/center-home/view/index #sso登陆后跳转地址
+  indicator: http://139.198.127.54:18580/hndb/view/index #AD登陆后跳转的地址
+portal:
+  sso:
+    enable: true #是否开启
+    server: http://10.72.66.65/sso-server
+    appid: sj_sjzt
+    secret: b14ec16eac588f44cdb95aae477652db
+    logout:
+      path: /logout
+    login:
+      path: http://login.hntobacco.com
+    excluded:
+      paths: /api/auth/sessionInfo
+  ad-auth:
+    enable: false #是否AD认证 优先级低于sso
+    isgo: false #AD是否跳转
+    authenticate:
+      domain: hntobacco.com
+      provider-url: ldap://hntobacco.com:389
\ No newline at end of file
--- a/src/main/resources/application-test.yml
+++ b/src/main/resources/application-test.yml
@@ -61,4 +61,35 @@ redirect-url:
 security:
  permit: false
  authUser: root
-  authPwd: pwd
\ No newline at end of file
+  authPwd:
+portal:
+  ad-authenticate:
+    enable: false
+    domain: hntobacco.com
+    provider-url: ldap://hntobacco.com:389
+    success-redirect: true
+  success-url: http://10.72.0.117/hndb/view/index
+  error-url: http://10.72.0.117/hndb/
+    sso-authenticate:
+      enable: true
+      server: http://10.72.66.65/sso-server
+      appid: sj_dbgl
+      secret: 1b9d159ec247b18057fe6e3f53188c1a
+  excluded:
+    paths: /api/auth/sessionInfo,/api/auth/signin
+    logout:
+      path: /logout
+    login:
+      path: http://login.hntobacco.com
+    success-redirect: true
+      success-url:http://10.72.0.117/hndb/view/index
+    error-url:http://10.72.0.117/hndb/
+    pwd-authenticate:
+      enable: false
+      logout:
+        path: /logout
+      login:
+        path: http://10.72.0.117/api/auth/signin
+      success-redirect: true
+        success-url: http://10.72.0.117/hndb/view/index
+      error-url: http://10.72.0.117/hndb/
\ No newline at end of file