一次单点登录开发遇见的问题。。
Posted 1025804158ysb
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了一次单点登录开发遇见的问题。。相关的知识,希望对你有一定的参考价值。
因为业务需要,我所负责的系统需要做一个单点登录的功能。外面的大系统负责登录,然后通过url的形式链接到我们业务系统。
链接的url 会传递 一个token ,我通过token 去调用他们的接口,接口返回给我匹配我们业务系统中的用户名。
因为是政府办公的系统,这系统是比较老的ssh框架。
我所做的方案是,在本地的过滤器中实现 这个功能。获取得到的用户名,通过这个用户名去获取User对象,将这个User对象置于Session中,就实现了跳过本地的登录。
1.web.xml中过滤器的配置
<!-- 需要拦截的JSP -->
<filter> <filter-name>sessionFilter</filter-name> <filter-class>shjt.core.util.SessionFilter</filter-class> <init-param> <param-name>include</param-name> <!-- 文件夹下面的所有JSP页面,都需要有session才能访问,可以配置多个,用英文半角逗号分割 --> <param-value>securityJsp,flowcase,license,manage,statistics,enterprise,wechat</param-value> </init-param> </filter> <filter-mapping> <filter-name>sessionFilter</filter-name> <url-pattern>*.jsp</url-pattern> </filter-mapping>
2.过滤器代码
1 package shjt.core.util; 2 3 import java.io.IOException; 4 import java.util.ArrayList; 5 import java.util.List; 6 import java.util.StringTokenizer; 7 8 import javax.servlet.Filter; 9 import javax.servlet.FilterChain; 10 import javax.servlet.FilterConfig; 11 12 import javax.servlet.ServletException; 13 import javax.servlet.ServletRequest; 14 import javax.servlet.ServletResponse; 15 import javax.servlet.http.HttpServletRequest; 16 import javax.servlet.http.HttpServletResponse; 17 18 import org.apache.commons.lang3.StringUtils; 19 import org.apache.log4j.Logger; 20 import org.hibernate.Hibernate; 21 22 import org.springframework.context.ApplicationContext; 23 24 25 import org.springframework.web.context.support.WebApplicationContextUtils; 26 27 import shjt.security.model.SessionInfo; 28 import shjt.security.model.Syorganization; 29 import shjt.security.model.Syrole; 30 import shjt.security.model.Syuser; 31 import shjt.security.service.UserServiceI; 32 33 34 import shjt.security.utils.SsoUtil; 35 36 /** 37 * 用于过滤需要拦截的JSP文件 38 */ 39 40 public class SessionFilter implements Filter { 41 42 private static final Logger logger = Logger.getLogger(SessionFilter.class); 43 44 private List<String> list = new ArrayList<String>(); 45 46 private static ApplicationContext ctx = null; 47 48 public SessionFilter(){ 49 50 } 51 52 public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { 53 HttpServletRequest request = (HttpServletRequest) req; 54 HttpServletResponse response = (HttpServletResponse) res; 55 56 String servletPath = request.getServletPath(); 57 58 //判断获取的token 59 String token = request.getParameter("sso_ctk"); 60 if(token == null){ 61 //走的是本系统登录 62 System.out.println("本系统登录"); 63 }else{ 64 //一网通办的登录 65 System.out.println(token); 66 67 SsoUtil ssoUtil = new SsoUtil(); 68 String userName = ssoUtil.getUserNameByToken(token); 69 //通过用户名直接给予登录认证成功 70 userName = "admin"; 71 UserServiceI userService = (UserServiceI) ctx.getBean("userServiceImpl"); 72 HqlFilter hqlFilter = new HqlFilter(request); 73 hqlFilter.addFilter("QUERY_t#loginname_S_EQ", userName); 74 Syuser syuser = userService.getByFilter(hqlFilter); 75 if(syuser != null) { 76 SessionInfo sessionInfo = new SessionInfo(); 77 //因model设置为LAZY,hibernate强制加载集合 78 Hibernate.initialize(syuser.getSyroles()); 79 Hibernate.initialize(syuser.getSyorganizations()); 80 for(Syrole syrole: syuser.getSyroles()) { 81 Hibernate.initialize(syrole.getSyresources()); 82 } 83 for(Syorganization syorganization: syuser.getSyorganizations()) { 84 Hibernate.initialize(syorganization.getSyresources()); 85 } 86 syuser.setIp(IpUtil.getIpAddr(request)); 87 sessionInfo.setUser(syuser); 88 request.getSession().setAttribute(ConfigUtil.getSessionInfoName(), sessionInfo); 89 } 90 91 } 92 93 for (String url : list) { 94 if (servletPath.indexOf(url) > -1) {// 需要过滤 95 logger.info("进入session过滤器->访问路径为[" + servletPath + "]"); 96 97 if (request.getSession().getAttribute("sessionInfo") == null) {// session不存在需要拦截 98 request.setAttribute("msg", "您还没有登录或登录已超时,请重新登录,然后再刷新本功能!"); 99 // request.getRequestDispatcher("/error/noSession.jsp").forward(request, response); 100 request.getRequestDispatcher("/loginlocation.jsp").forward(request, response); 101 return; 102 } 103 break; 104 } 105 } 106 chain.doFilter(request, response); 107 } 108 109 public void init(FilterConfig filterConfig) throws ServletException { 110 111 ctx = WebApplicationContextUtils.getWebApplicationContext(filterConfig.getServletContext()); 112 // 初始化需要拦截的文件夹 113 String include = filterConfig.getInitParameter("include"); 114 if (!StringUtils.isBlank(include)) { 115 StringTokenizer st = new StringTokenizer(include, ","); 116 list.clear(); 117 while (st.hasMoreTokens()) { 118 list.add(st.nextToken()); 119 } 120 } 121 122 } 123 124 public void destroy() { 125 } 126 }
以上是关于一次单点登录开发遇见的问题。。的主要内容,如果未能解决你的问题,请参考以下文章