SSO

shkd-cosmic-debug/src/main/java/shkd/plugin/SSOLoginPugin.java

@@ -0,0 +1,148 @@
+package shkd.plugin;
+
+import java.io.IOException;
+import java.util.Arrays;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import kd.bos.logging.Log;
+import kd.bos.logging.LogFactory;
+import kd.bos.login.thirdauth.ThirdSSOAuthHandler;
+import kd.bos.login.thirdauth.UserAuthResult;
+import kd.bos.login.thirdauth.UserProperType;
+import kd.bos.login.utils.StringUtils;
+import kd.bos.util.RevProxyUtil;
+import org.jasig.cas.client.Protocol;
+import org.jasig.cas.client.authentication.AuthenticationRedirectStrategy;
+import org.jasig.cas.client.authentication.DefaultAuthenticationRedirectStrategy;
+import org.jasig.cas.client.util.CommonUtils;
+import org.jasig.cas.client.validation.Assertion;
+import org.jasig.cas.client.validation.Cas10TicketValidator;
+
+public class SSOLoginPugin implements ThirdSSOAuthHandler {
+    private static Log logger = LogFactory.getLog(SSOLoginPugin.class);
+    private final Protocol protocol;
+    private String serverName;
+    private String service;
+    private boolean encodeServiceUrl;
+    private String casSeverLoginUrl;
+    Cas10TicketValidator ticketValidator;
+    private AuthenticationRedirectStrategy authenticationRedirectStrategy;
+
+    public SSOLoginPugin() {
+        this.protocol = Protocol.CAS1;
+        this.encodeServiceUrl = true;
+        this.authenticationRedirectStrategy = new DefaultAuthenticationRedirectStrategy();
+    }
+
+    // 该方法是用户没有登录的时候插件需要转移到正确的登录地址
+    public void callTrdSSOLogin(HttpServletRequest request, HttpServletResponse response, String backUrl) {
+        this.initialServiceData(request);
+        if (this.casSeverLoginUrl == null) {
+            this.casSeverLoginUrl = this.initCasLoginUrl();
+        }
+
+        String urlToRedirectTo = "";
+        String path = request.getRequestURI();
+        if (path.contains("/auth/logout.do")) {
+            urlToRedirectTo = StringUtils.getPathString(this.casSeverLoginUrl) + "logout?service=" + RevProxyUtil.getURLContextPath(request);
+        } else {
+            String serviceUrl = this.constructServiceUrl(request, response);
+            logger.debug(String.format("Constructed service url: %s", serviceUrl));
+            urlToRedirectTo = CommonUtils.constructRedirectUrl(this.casSeverLoginUrl, this.getProtocol().getServiceParameterName(), serviceUrl, false, false, (String) null);
+        }
+
+        logger.debug(String.format("redirecting to \"%s\"", urlToRedirectTo));
+
+        try {
+            this.authenticationRedirectStrategy.redirect(request, response, urlToRedirectTo);
+        } catch (IOException var7) {
+            var7.printStackTrace();
+        }
+
+    }
+
+    public String initCasLoginUrl() {
+        String configLoginUrl = System.getProperty("cas.sso.ca10.loginurl");
+        if (configLoginUrl == null) {
+            logger.error("没有配置 sso 登录cas.sso.ca10.loginurl");
+        }
+
+        return configLoginUrl;
+    }
+
+    // 该方法实现第三发插件认证及认证结果的返回
+    public UserAuthResult getTrdSSOAuth(HttpServletRequest request, HttpServletResponse response) {
+        UserAuthResult result = new UserAuthResult();
+        result.setSucess(false);
+        result.setUserType(UserProperType.UserName);
+        this.initialServiceData(request);
+        if (this.casSeverLoginUrl == null) {
+            this.casSeverLoginUrl = this.initCasLoginUrl();
+        }
+
+        String ticket = this.retrieveTicketFromRequest(request);
+        if (CommonUtils.isNotBlank(ticket)) {
+            try {
+                logger.debug(String.format("Attempting to validate ticket: %s", ticket));
+                if (this.ticketValidator == null) {
+                    this.ticketValidator = new Cas10TicketValidator(this.casSeverLoginUrl);
+                }
+
+                String userName = null;
+                Assertion assertion = this.ticketValidator.validate(ticket, this.constructServiceUrl(request, response));
+                logger.debug(String.format("Successfully authenticated user: %s", assertion.getPrincipal().getName()));
+                if (assertion != null) {
+                    userName = assertion.getPrincipal().getName();
+                    result.setUser(userName);
+                    result.setSucess(true);
+                }
+            } catch (Exception var7) {
+                logger.error(var7);
+            }
+        }
+
+        return result;
+    }
+
+    public void initialServiceData(HttpServletRequest request) {
+        if (this.serverName == null) {
+            this.serverName = RevProxyUtil.getURLContextPath(request);
+        }
+
+        if (this.service == null) {
+            this.service = this.serverName + "index.html";
+        }
+
+    }
+
+    protected final String constructServiceUrl(HttpServletRequest request, HttpServletResponse response) {
+        return CommonUtils.constructServiceUrl(request, response, this.service, this.serverName, this.protocol.getServiceParameterName(), this.protocol.getArtifactParameterName(), this.encodeServiceUrl);
+    }
+
+    public final void setServerName(String serverName) {
+        if (serverName != null && serverName.endsWith("/")) {
+            this.serverName = serverName.substring(0, serverName.length() - 1);
+            logger.info(String.format("Eliminated extra slash from serverName [%s].  It is now [%s]", serverName, this.serverName));
+        } else {
+            this.serverName = serverName;
+        }
+
+    }
+
+    public final void setService(String service) {
+        this.service = service;
+    }
+
+    public final void setEncodeServiceUrl(boolean encodeServiceUrl) {
+        this.encodeServiceUrl = encodeServiceUrl;
+    }
+
+    protected Protocol getProtocol() {
+        return this.protocol;
+    }
+
+    protected String retrieveTicketFromRequest(HttpServletRequest request) {
+        return CommonUtils.safeGetParameter(request, this.protocol.getArtifactParameterName(), Arrays.asList(this.protocol.getArtifactParameterName()));
+    }
+}