单点登录的实现
从第三方系统单点登录到目标系统,第三方系统会发送token进行验证,通过解析token,获取相应的用户信息的json串。将其set到自己系统的session中。
public class sessionFilter extends OncePerRequestFilter{
// 登录页面
private String LoginPage = Configure.getInstance().getProperty("com.zyzx.dmc.login.html");
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
throws ServletException, IOException {
HttpServletRequest hrequest = (HttpServletRequest) request;
HttpSession session = hrequest.getSession();
// 不过滤的uri
String[] notFilter = new String[] { "login.html", ".js", "/css","/images", "/logout", "/druid", "/login","/ssoAuth" };
// 请求的uri
String url = request.getRequestURL().toString();
//Token
String token = request.getParameter("token");
// String url = uri.replaceAll("html", "bak");
// 是否过滤
boolean doFilter = true;
for (String s : notFilter) {
if (url.indexOf(s) != -1) {
// 如果uri中包含不过滤的uri,则不进行过滤
doFilter = false;
break;
}
}
/*
* if(uri.contains("jsp") && uri.indexOf("login.jsp") == -1) { doFilter
* = true; }
*/
if (doFilter) {
// 执行过滤
// 从session中获取登录者实体
final IUserSession userSession = (IUserSession) session.getAttribute(IUserSession.ASIA_SESSION_NAME);
if (userSession == null) {
//未登录状态
if(null == token){
response.sendRedirect(LoginPage + "?goto=" + url);
return;
//token 存在则去保存session,验证用户信息
}else {
JSONObject result = checkTokenInfo(token);
if(null == result){
response.sendRedirect(LoginPage + "?goto=" + url);
return;
}
//验证成功
if("suc".equals(result.get("result"))){
//正常登录
Map<String,String> sessionUserInfo = new HashMap<String, String>();
UserMessage userMessage = new UserMessage();
sessionUserInfo = JsonUtil.json2HashMap(result.get("userInfo").toString());
sessionUserInfo.put("token", token);
String ip = request.getHeader("x-forwarded-for");
if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("Proxy-Client-IP");
}
if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("WL-Proxy-Client-IP");
}
if(ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getRemoteAddr();
}
userMessage.setUserID(sessionUserInfo.get("user_account"));
userMessage.setUserName(sessionUserInfo.get("user_name"));
userMessage.setSessionID(sessionUserInfo.get("token"));
userMessage.setClientIP(ip);
request.getSession().setAttribute(IUserSession.ASIA_SESSION_NAME,userMessage);
response.sendRedirect(url);
}else if("fail".equals(result.get("result"))){
response.sendRedirect(LoginPage + "?goto=" + url);
}
}
// 如果session中不存在登录者实体,则弹出框提示重新登录
boolean isAjaxRequest = isAjaxRequest(request);
if (isAjaxRequest) {
// 设置request和response的字符集,防止乱码
response.setContentType("text/html;charset=UTF-8");
response.sendError(HttpStatus.UNAUTHORIZED.value(), "您已经太长时间没有操作,请刷新页面");
return;
}
} else {
// 如果session中存在登录者实体,则继续
filterChain.doFilter(request, response);
}
} else {
// 如果不执行过滤,则继续
filterChain.doFilter(request, response);
}
}
/**
* 判断是否为Ajax请求 <功能详细描述>
*
* @param request
* @return 是true, 否false
* @see [类、类#方法、类#成员]
*/
public static boolean isAjaxRequest(HttpServletRequest request) {
String header = request.getHeader("X-Requested-With");
if (header != null && "XMLHttpRequest".equals(header))
return true;
else
return false;
}
/**
*
* 验证Token是否存在
* @param tokenValue
* @return
* @throws IOException
*/
private JSONObject checkTokenInfo(String tokenValue) throws IOException {
String checkUrl = Configure.getInstance().getProperty("xxxxxUrl")+tokenValue;
HttpClient httpclient = new HttpClient();
GetMethod httpget = new GetMethod(checkUrl);
try {
httpclient.executeMethod(httpget);
String result = httpget.getResponseBodyAsString();
JSONObject json = JSONObject.fromObject(result);
return json;
} finally {
httpget.releaseConnection();
}
}
}代码写完了,然后需要在web.xml中配置filter
<filter> <filter-name>sessionFilter</filter-name> <filter-class>代码路径.sessionFilter</filter-class> </filter>
随后配置filter-mapping
<filter-mapping> <filter-name>sessionFilter</filter-name> <url-pattern>/*</url-pattern> </filter-mapping>
OK结束。
本文参与 腾讯云自媒体分享计划,分享自作者个人站点/博客。
原始发表:2015-10-21 ,如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读