You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
157 lines
6.4 KiB
157 lines
6.4 KiB
3 years ago
|
package com.fr.plugin.web.hander;
|
||
|
|
||
|
import com.fr.decision.authority.data.User;
|
||
|
import com.fr.decision.fun.impl.BaseHttpHandler;
|
||
|
import com.fr.decision.webservice.v10.login.LoginService;
|
||
|
import com.fr.decision.webservice.v10.user.UserService;
|
||
|
import com.fr.json.JSONObject;
|
||
|
import com.fr.log.FineLoggerFactory;
|
||
|
import com.fr.log.FineLoggerProvider;
|
||
|
import com.fr.plugin.config.MyConfig;
|
||
|
import com.fr.plugin.transform.ExecuteFunctionRecord;
|
||
|
import com.fr.plugin.transform.FunctionRecorder;
|
||
|
import com.fr.plugin.utils.SertUtils;
|
||
|
import com.fr.stable.CodeUtils;
|
||
|
import com.fr.stable.StringUtils;
|
||
|
import com.fr.third.springframework.web.bind.annotation.RequestMethod;
|
||
|
import com.fr.web.utils.WebUtils;
|
||
|
import org.w3c.dom.Document;
|
||
|
import org.w3c.dom.Element;
|
||
|
import org.w3c.dom.Node;
|
||
|
import org.w3c.dom.NodeList;
|
||
|
import org.xml.sax.InputSource;
|
||
|
|
||
|
import javax.servlet.http.Cookie;
|
||
|
import javax.servlet.http.HttpServletRequest;
|
||
|
import javax.servlet.http.HttpServletResponse;
|
||
|
import javax.servlet.http.HttpSession;
|
||
|
import javax.xml.crypto.dom.DOMStructure;
|
||
|
import javax.xml.crypto.dsig.Reference;
|
||
|
import javax.xml.crypto.dsig.XMLSignature;
|
||
|
import javax.xml.crypto.dsig.XMLSignatureFactory;
|
||
|
import javax.xml.crypto.dsig.dom.DOMValidateContext;
|
||
|
import javax.xml.parsers.DocumentBuilderFactory;
|
||
|
import java.io.StringReader;
|
||
|
import java.security.PublicKey;
|
||
|
import java.util.List;
|
||
|
|
||
|
public class SingleLoginHandler extends BaseHttpHandler {
|
||
|
@Override
|
||
|
public RequestMethod getMethod() {
|
||
|
return null;
|
||
|
}
|
||
|
|
||
|
@Override
|
||
|
public String getPath() {
|
||
|
return "/hf/login";
|
||
|
}
|
||
|
|
||
|
@Override
|
||
|
public boolean isPublic() {
|
||
|
return true;
|
||
|
}
|
||
|
|
||
|
@Override
|
||
|
public void handle(HttpServletRequest request, HttpServletResponse response) throws Exception {
|
||
|
MyConfig instance = MyConfig.getInstance();
|
||
|
JSONObject jsonObject = new JSONObject();
|
||
|
HttpSession session = request.getSession();
|
||
|
String loginame = "";
|
||
|
FineLoggerProvider logger = FineLoggerFactory.getLogger();
|
||
|
logger.error("");
|
||
|
logger.info(request.getParameter("SAMLResponse"));
|
||
|
logger.info(request.getParameter("RelayState"));
|
||
|
try {
|
||
|
// 获取认证后信息,首先验证信息有效性,并返回认证信息中的登录账号
|
||
|
loginame = validate(request.getParameter("SAMLResponse"));
|
||
|
UserService userControl = UserService.getInstance();
|
||
|
User userByUserName = userControl.getUserByUserName(loginame);
|
||
|
if (userByUserName != null) {
|
||
|
String cookieName = "saml_callBack";
|
||
|
String login = LoginService.getInstance().login(request, response, loginame);
|
||
|
//wei : 跨域的时候如果返回相对路径,就又跳到跨域前的url+op=fs了。
|
||
|
Cookie samlCallBack = com.fr.third.springframework.web.util.WebUtils.getCookie(request, cookieName);
|
||
|
FineLoggerFactory.getLogger().error("by cookies 回到系统=====登陆用户:{} 回调地址:{}", loginame, samlCallBack);
|
||
|
if (samlCallBack != null && StringUtils.isNotBlank(samlCallBack.getValue())) {
|
||
|
String value = samlCallBack.getValue();
|
||
|
deleteCookieByName(request,response,cookieName);
|
||
|
if (value.contains("decision/login")) {
|
||
|
response.sendRedirect(instance.getUrl());
|
||
|
} else {
|
||
|
response.sendRedirect(value);
|
||
|
}
|
||
|
return;
|
||
|
}
|
||
|
FineLoggerFactory.getLogger().error("------回到系统=====登陆用户:{} 回调地址: 去主页", loginame);
|
||
|
response.sendRedirect(instance.getUrl());
|
||
|
} else {
|
||
|
WebUtils.printAsString(response, "login fail:" + loginame + " not find");
|
||
|
}
|
||
|
} catch (Exception e) {
|
||
|
}
|
||
|
com.fr.web.utils.WebUtils.flushSuccessMessageAutoClose(request, response, jsonObject);
|
||
|
}
|
||
|
|
||
|
private void deleteCookieByName(HttpServletRequest request, HttpServletResponse response, String name) {
|
||
|
Cookie[] cookies = request.getCookies();
|
||
|
if (null == cookies) {
|
||
|
FineLoggerFactory.getLogger().info("没有cookie");
|
||
|
} else {
|
||
|
for (Cookie cookie : cookies) {
|
||
|
if (cookie.getName().equals(name)) {
|
||
|
//设置值为null
|
||
|
cookie.setValue(null);
|
||
|
//立即销毁cookie
|
||
|
cookie.setMaxAge(0);
|
||
|
cookie.setPath("/");
|
||
|
FineLoggerFactory.getLogger().info("被删除的cookie名字为:{}", cookie.getName(),cookie.getValue());
|
||
|
response.addCookie(cookie);
|
||
|
break;
|
||
|
}
|
||
|
}
|
||
|
}
|
||
|
|
||
|
}
|
||
|
|
||
|
private String validate(String responseString) throws Exception {
|
||
|
StringReader sr = new StringReader(responseString);
|
||
|
String loginName = "";
|
||
|
InputSource is = new InputSource(sr);
|
||
|
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
|
||
|
dbf.setNamespaceAware(true);
|
||
|
Document doc = dbf.newDocumentBuilder().parse(is);
|
||
|
|
||
|
// Search the Signature element
|
||
|
NodeList nl = doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
|
||
|
if (nl.getLength() == 0) {
|
||
|
throw new Exception("Cannot find Signature element");
|
||
|
}
|
||
|
Node signatureNode = nl.item(0);
|
||
|
|
||
|
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
|
||
|
XMLSignature signature = fac.unmarshalXMLSignature(new DOMStructure(signatureNode));
|
||
|
PublicKey pubKey = SertUtils.getSert();
|
||
|
// Create ValidateContext
|
||
|
DOMValidateContext valCtx = new DOMValidateContext(pubKey, signatureNode);
|
||
|
|
||
|
// Validate the XMLSignature
|
||
|
boolean coreValidity = signature.validate(valCtx);
|
||
|
|
||
|
// Check core validation status
|
||
|
if (coreValidity == false) {
|
||
|
// Check the signature validation status
|
||
|
List refs = signature.getSignedInfo().getReferences();
|
||
|
for (int i = 0; i < refs.size(); i++) {
|
||
|
Reference ref = (Reference) refs.get(i);
|
||
|
boolean refValid = ref.validate(valCtx);
|
||
|
}
|
||
|
} else {
|
||
|
// 获取登录账号节点信息
|
||
|
NodeList node = doc.getElementsByTagName("NameID");
|
||
|
Element e = (Element) node.item(0);
|
||
|
loginName = e.getTextContent().trim();
|
||
|
}
|
||
|
return loginName;
|
||
|
}
|
||
|
}
|