From 81db2c0de55037a18820a18c5cc3c1ff5a733838 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E6=9D=8E=E9=9D=96?= Date: Thu, 23 May 2024 16:43:10 +0800 Subject: [PATCH] SSO --- .../main/java/shkd/plugin/SSOLoginPugin.java | 148 ++++++++++++++++++ 1 file changed, 148 insertions(+) create mode 100644 shkd-cosmic-debug/src/main/java/shkd/plugin/SSOLoginPugin.java diff --git a/shkd-cosmic-debug/src/main/java/shkd/plugin/SSOLoginPugin.java b/shkd-cosmic-debug/src/main/java/shkd/plugin/SSOLoginPugin.java new file mode 100644 index 0000000..e9763b5 --- /dev/null +++ b/shkd-cosmic-debug/src/main/java/shkd/plugin/SSOLoginPugin.java @@ -0,0 +1,148 @@ +package shkd.plugin; + +import java.io.IOException; +import java.util.Arrays; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import kd.bos.logging.Log; +import kd.bos.logging.LogFactory; +import kd.bos.login.thirdauth.ThirdSSOAuthHandler; +import kd.bos.login.thirdauth.UserAuthResult; +import kd.bos.login.thirdauth.UserProperType; +import kd.bos.login.utils.StringUtils; +import kd.bos.util.RevProxyUtil; +import org.jasig.cas.client.Protocol; +import org.jasig.cas.client.authentication.AuthenticationRedirectStrategy; +import org.jasig.cas.client.authentication.DefaultAuthenticationRedirectStrategy; +import org.jasig.cas.client.util.CommonUtils; +import org.jasig.cas.client.validation.Assertion; +import org.jasig.cas.client.validation.Cas10TicketValidator; + +public class SSOLoginPugin implements ThirdSSOAuthHandler { + private static Log logger = LogFactory.getLog(SSOLoginPugin.class); + private final Protocol protocol; + private String serverName; + private String service; + private boolean encodeServiceUrl; + private String casSeverLoginUrl; + Cas10TicketValidator ticketValidator; + private AuthenticationRedirectStrategy authenticationRedirectStrategy; + + public SSOLoginPugin() { + this.protocol = Protocol.CAS1; + this.encodeServiceUrl = true; + this.authenticationRedirectStrategy = new DefaultAuthenticationRedirectStrategy(); + } + + // 该方法是用户没有登录的时候插件需要转移到正确的登录地址 + public void callTrdSSOLogin(HttpServletRequest request, HttpServletResponse response, String backUrl) { + this.initialServiceData(request); + if (this.casSeverLoginUrl == null) { + this.casSeverLoginUrl = this.initCasLoginUrl(); + } + + String urlToRedirectTo = ""; + String path = request.getRequestURI(); + if (path.contains("/auth/logout.do")) { + urlToRedirectTo = StringUtils.getPathString(this.casSeverLoginUrl) + "logout?service=" + RevProxyUtil.getURLContextPath(request); + } else { + String serviceUrl = this.constructServiceUrl(request, response); + logger.debug(String.format("Constructed service url: %s", serviceUrl)); + urlToRedirectTo = CommonUtils.constructRedirectUrl(this.casSeverLoginUrl, this.getProtocol().getServiceParameterName(), serviceUrl, false, false, (String) null); + } + + logger.debug(String.format("redirecting to \"%s\"", urlToRedirectTo)); + + try { + this.authenticationRedirectStrategy.redirect(request, response, urlToRedirectTo); + } catch (IOException var7) { + var7.printStackTrace(); + } + + } + + public String initCasLoginUrl() { + String configLoginUrl = System.getProperty("cas.sso.ca10.loginurl"); + if (configLoginUrl == null) { + logger.error("没有配置 sso 登录cas.sso.ca10.loginurl"); + } + + return configLoginUrl; + } + + // 该方法实现第三发插件认证及认证结果的返回 + public UserAuthResult getTrdSSOAuth(HttpServletRequest request, HttpServletResponse response) { + UserAuthResult result = new UserAuthResult(); + result.setSucess(false); + result.setUserType(UserProperType.UserName); + this.initialServiceData(request); + if (this.casSeverLoginUrl == null) { + this.casSeverLoginUrl = this.initCasLoginUrl(); + } + + String ticket = this.retrieveTicketFromRequest(request); + if (CommonUtils.isNotBlank(ticket)) { + try { + logger.debug(String.format("Attempting to validate ticket: %s", ticket)); + if (this.ticketValidator == null) { + this.ticketValidator = new Cas10TicketValidator(this.casSeverLoginUrl); + } + + String userName = null; + Assertion assertion = this.ticketValidator.validate(ticket, this.constructServiceUrl(request, response)); + logger.debug(String.format("Successfully authenticated user: %s", assertion.getPrincipal().getName())); + if (assertion != null) { + userName = assertion.getPrincipal().getName(); + result.setUser(userName); + result.setSucess(true); + } + } catch (Exception var7) { + logger.error(var7); + } + } + + return result; + } + + public void initialServiceData(HttpServletRequest request) { + if (this.serverName == null) { + this.serverName = RevProxyUtil.getURLContextPath(request); + } + + if (this.service == null) { + this.service = this.serverName + "index.html"; + } + + } + + protected final String constructServiceUrl(HttpServletRequest request, HttpServletResponse response) { + return CommonUtils.constructServiceUrl(request, response, this.service, this.serverName, this.protocol.getServiceParameterName(), this.protocol.getArtifactParameterName(), this.encodeServiceUrl); + } + + public final void setServerName(String serverName) { + if (serverName != null && serverName.endsWith("/")) { + this.serverName = serverName.substring(0, serverName.length() - 1); + logger.info(String.format("Eliminated extra slash from serverName [%s]. It is now [%s]", serverName, this.serverName)); + } else { + this.serverName = serverName; + } + + } + + public final void setService(String service) { + this.service = service; + } + + public final void setEncodeServiceUrl(boolean encodeServiceUrl) { + this.encodeServiceUrl = encodeServiceUrl; + } + + protected Protocol getProtocol() { + return this.protocol; + } + + protected String retrieveTicketFromRequest(HttpServletRequest request) { + return CommonUtils.safeGetParameter(request, this.protocol.getArtifactParameterName(), Arrays.asList(this.protocol.getArtifactParameterName())); + } +} \ No newline at end of file