You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
131 lines
4.7 KiB
131 lines
4.7 KiB
package com.fr.plugin.xxxx.saml.xxxx.saml.filter; |
|
|
|
import com.fr.plugin.xxxx.saml.xxxx.saml.SAMLException; |
|
import com.fr.plugin.xxxx.saml.xxxx.saml.SAMLResponseValidator; |
|
import com.fr.plugin.xxxx.saml.xxxx.saml.bean.UserInfoBean; |
|
import com.fr.plugin.xxxx.saml.xxxx.saml.constant.SsoConstants; |
|
import com.fr.plugin.xxxx.saml.xxxx.saml.impl.SAMLRequestImpl; |
|
import com.fr.plugin.xxxx.saml.xxxx.saml.impl.SAMLResponseValidatorImpl; |
|
import org.apache.commons.codec.binary.Base64; |
|
|
|
import javax.servlet.*; |
|
import javax.servlet.http.HttpServletRequest; |
|
import javax.servlet.http.HttpServletResponse; |
|
import javax.servlet.http.HttpSession; |
|
import java.io.IOException; |
|
import java.nio.charset.StandardCharsets; |
|
|
|
public class SAMLFilter implements Filter { |
|
private static final String returnPage = "/WEB-INF/pages/index.jsp"; |
|
private static final String logon = "/WEB-INF/pages/logon.jsp"; |
|
private String[] exclusions; |
|
|
|
|
|
|
|
public void init(FilterConfig filterConfig) throws ServletException { |
|
String exclusionsStr = filterConfig.getInitParameter("exclusions"); |
|
if (exclusionsStr.trim().length() > 0) { |
|
exclusions = exclusionsStr.split(","); |
|
} |
|
|
|
} |
|
|
|
/**判断是否绕过过滤器**/ |
|
private boolean isexclusion(String currentURL) { |
|
if (exclusions == null || exclusions.length < 1 || currentURL == null || currentURL.length() < 1) |
|
return false; |
|
for (int i = 0; i < exclusions.length; i++) |
|
if (currentURL.matches(exclusions[i].replaceAll("\\*", "\\.\\*"))) |
|
return true; |
|
|
|
return false; |
|
} |
|
|
|
public void doFilter(ServletRequest req, ServletResponse resp, FilterChain chain) |
|
throws IOException, ServletException { |
|
HttpServletRequest request = (HttpServletRequest) req; |
|
HttpServletResponse response = (HttpServletResponse) resp; |
|
|
|
HttpSession session = request.getSession(); |
|
|
|
//绕过过滤器 |
|
if (request.getRequestURL() != null && isexclusion(request.getRequestURL().toString())) { |
|
chain.doFilter(req, resp); |
|
return; |
|
} |
|
|
|
// 判断是否已经建立用户 |
|
if (session == null || session.getAttribute(SsoConstants.SESSION_USER_INFO_KEY) == null) { |
|
String samlResp = request.getParameter("SAMLResponse"); |
|
if (samlResp != null && !samlResp.equals("")) { |
|
byte[] buffer = new Base64().decode(samlResp.getBytes(StandardCharsets.UTF_8)); |
|
try { |
|
// System.out.println(new |
|
// String(buffer,StandardCharsets.UTF_8)); |
|
SAMLResponseValidator vld = new SAMLResponseValidatorImpl( |
|
new String(buffer, StandardCharsets.UTF_8)); |
|
vld.validate(); |
|
// 帐号 |
|
// System.err.println("登陆账号:" +vld.getNameId()); |
|
|
|
// 附加字段 |
|
UserInfoBean uiBean = vld.getUIBean(); |
|
// System.err.println("::::getCn=" + uiBean.getCn()); |
|
// System.err.println("::::getSn=" + uiBean.getSn()); |
|
// System.err.println("::::getGivenName=" + |
|
// uiBean.getGivenName()); |
|
// System.err.println("::::getEmployeeNumber=" + |
|
// uiBean.getEmployeeNumber()); |
|
// System.err.println("::::getEmployeeType=" + |
|
// uiBean.getEmployeeType()); |
|
// 需要注意,默认W3账号只返回工号,外网帐号返回帐号名 |
|
// System.err.println("::::getUid=" + uiBean.getUid()); |
|
// System.err.println("::::getUuid=" + |
|
// uiBean.getProperty("uuid")); |
|
// System.err.println("::::getTelephoneNumber=" + |
|
// uiBean.getProperty(UserInfoBean.KEY_TELEPHONENUMBER)); |
|
// System.err.println("::::getSource=" + vld.getSource()); |
|
// System.err.println("::::getMail=" + |
|
// uiBean.getFirstEmail()); |
|
// System.err.println("::::getRegisterPhone=" + |
|
// uiBean.getProperty("registerphone")); |
|
|
|
session.setAttribute(SsoConstants.SESSION_USER_INFO_KEY, uiBean); |
|
|
|
} catch (SAMLException e) { |
|
e.printStackTrace(); |
|
request.setAttribute("error", e.getMessage()); |
|
} |
|
} else { |
|
try { |
|
byte[] samlRequest = new SAMLRequestImpl().generate().getBytes(StandardCharsets.UTF_8); |
|
samlRequest = new Base64().encode(samlRequest); |
|
// System.out.println("samlRequest::::" + new |
|
// String(samlRequest)); |
|
// System.out.println("samlRequest::==::" + new |
|
// SAMLRequestImpl().generate()); |
|
request.setAttribute("SAMLRequest", new String(samlRequest, StandardCharsets.UTF_8)); |
|
|
|
request.getRequestDispatcher(returnPage).forward(request, response); |
|
return; |
|
} catch (SAMLException e) { |
|
e.printStackTrace(); |
|
request.setAttribute("SAMLRequest", e.getMessage()); |
|
} |
|
} |
|
} |
|
|
|
UserInfoBean uiBean = (UserInfoBean) session.getAttribute(SsoConstants.SESSION_USER_INFO_KEY); |
|
if (uiBean != null) { |
|
String nameId = uiBean.getNameId(); |
|
// System.err.println("uid=" + uid); |
|
request.setAttribute("nameId",nameId); |
|
} |
|
request.getRequestDispatcher(logon).forward(request, response); |
|
|
|
// chain.doFilter(req, resp); |
|
} |
|
|
|
public void destroy() { |
|
} |
|
}
|
|
|