This commit is contained in:
李靖 2024-05-23 16:43:10 +08:00
parent b425cea10c
commit 81db2c0de5
1 changed files with 148 additions and 0 deletions

View File

@ -0,0 +1,148 @@
package shkd.plugin;
import java.io.IOException;
import java.util.Arrays;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import kd.bos.logging.Log;
import kd.bos.logging.LogFactory;
import kd.bos.login.thirdauth.ThirdSSOAuthHandler;
import kd.bos.login.thirdauth.UserAuthResult;
import kd.bos.login.thirdauth.UserProperType;
import kd.bos.login.utils.StringUtils;
import kd.bos.util.RevProxyUtil;
import org.jasig.cas.client.Protocol;
import org.jasig.cas.client.authentication.AuthenticationRedirectStrategy;
import org.jasig.cas.client.authentication.DefaultAuthenticationRedirectStrategy;
import org.jasig.cas.client.util.CommonUtils;
import org.jasig.cas.client.validation.Assertion;
import org.jasig.cas.client.validation.Cas10TicketValidator;
public class SSOLoginPugin implements ThirdSSOAuthHandler {
private static Log logger = LogFactory.getLog(SSOLoginPugin.class);
private final Protocol protocol;
private String serverName;
private String service;
private boolean encodeServiceUrl;
private String casSeverLoginUrl;
Cas10TicketValidator ticketValidator;
private AuthenticationRedirectStrategy authenticationRedirectStrategy;
public SSOLoginPugin() {
this.protocol = Protocol.CAS1;
this.encodeServiceUrl = true;
this.authenticationRedirectStrategy = new DefaultAuthenticationRedirectStrategy();
}
// 该方法是用户没有登录的时候插件需要转移到正确的登录地址
public void callTrdSSOLogin(HttpServletRequest request, HttpServletResponse response, String backUrl) {
this.initialServiceData(request);
if (this.casSeverLoginUrl == null) {
this.casSeverLoginUrl = this.initCasLoginUrl();
}
String urlToRedirectTo = "";
String path = request.getRequestURI();
if (path.contains("/auth/logout.do")) {
urlToRedirectTo = StringUtils.getPathString(this.casSeverLoginUrl) + "logout?service=" + RevProxyUtil.getURLContextPath(request);
} else {
String serviceUrl = this.constructServiceUrl(request, response);
logger.debug(String.format("Constructed service url: %s", serviceUrl));
urlToRedirectTo = CommonUtils.constructRedirectUrl(this.casSeverLoginUrl, this.getProtocol().getServiceParameterName(), serviceUrl, false, false, (String) null);
}
logger.debug(String.format("redirecting to \"%s\"", urlToRedirectTo));
try {
this.authenticationRedirectStrategy.redirect(request, response, urlToRedirectTo);
} catch (IOException var7) {
var7.printStackTrace();
}
}
public String initCasLoginUrl() {
String configLoginUrl = System.getProperty("cas.sso.ca10.loginurl");
if (configLoginUrl == null) {
logger.error("没有配置 sso 登录cas.sso.ca10.loginurl");
}
return configLoginUrl;
}
// 该方法实现第三发插件认证及认证结果的返回
public UserAuthResult getTrdSSOAuth(HttpServletRequest request, HttpServletResponse response) {
UserAuthResult result = new UserAuthResult();
result.setSucess(false);
result.setUserType(UserProperType.UserName);
this.initialServiceData(request);
if (this.casSeverLoginUrl == null) {
this.casSeverLoginUrl = this.initCasLoginUrl();
}
String ticket = this.retrieveTicketFromRequest(request);
if (CommonUtils.isNotBlank(ticket)) {
try {
logger.debug(String.format("Attempting to validate ticket: %s", ticket));
if (this.ticketValidator == null) {
this.ticketValidator = new Cas10TicketValidator(this.casSeverLoginUrl);
}
String userName = null;
Assertion assertion = this.ticketValidator.validate(ticket, this.constructServiceUrl(request, response));
logger.debug(String.format("Successfully authenticated user: %s", assertion.getPrincipal().getName()));
if (assertion != null) {
userName = assertion.getPrincipal().getName();
result.setUser(userName);
result.setSucess(true);
}
} catch (Exception var7) {
logger.error(var7);
}
}
return result;
}
public void initialServiceData(HttpServletRequest request) {
if (this.serverName == null) {
this.serverName = RevProxyUtil.getURLContextPath(request);
}
if (this.service == null) {
this.service = this.serverName + "index.html";
}
}
protected final String constructServiceUrl(HttpServletRequest request, HttpServletResponse response) {
return CommonUtils.constructServiceUrl(request, response, this.service, this.serverName, this.protocol.getServiceParameterName(), this.protocol.getArtifactParameterName(), this.encodeServiceUrl);
}
public final void setServerName(String serverName) {
if (serverName != null && serverName.endsWith("/")) {
this.serverName = serverName.substring(0, serverName.length() - 1);
logger.info(String.format("Eliminated extra slash from serverName [%s]. It is now [%s]", serverName, this.serverName));
} else {
this.serverName = serverName;
}
}
public final void setService(String service) {
this.service = service;
}
public final void setEncodeServiceUrl(boolean encodeServiceUrl) {
this.encodeServiceUrl = encodeServiceUrl;
}
protected Protocol getProtocol() {
return this.protocol;
}
protected String retrieveTicketFromRequest(HttpServletRequest request) {
return CommonUtils.safeGetParameter(request, this.protocol.getArtifactParameterName(), Arrays.asList(this.protocol.getArtifactParameterName()));
}
}