package com.fr.plugin.web.hander; import com.fr.decision.authority.data.User; import com.fr.decision.fun.impl.BaseHttpHandler; import com.fr.decision.webservice.v10.login.LoginService; import com.fr.decision.webservice.v10.user.UserService; import com.fr.json.JSONObject; import com.fr.log.FineLoggerFactory; import com.fr.log.FineLoggerProvider; import com.fr.plugin.config.MyConfig; import com.fr.plugin.transform.ExecuteFunctionRecord; import com.fr.plugin.transform.FunctionRecorder; import com.fr.plugin.utils.SertUtils; import com.fr.stable.CodeUtils; import com.fr.stable.StringUtils; import com.fr.third.springframework.web.bind.annotation.RequestMethod; import com.fr.web.utils.WebUtils; import org.w3c.dom.Document; import org.w3c.dom.Element; import org.w3c.dom.Node; import org.w3c.dom.NodeList; import org.xml.sax.InputSource; import javax.servlet.http.Cookie; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import javax.xml.crypto.dom.DOMStructure; import javax.xml.crypto.dsig.Reference; import javax.xml.crypto.dsig.XMLSignature; import javax.xml.crypto.dsig.XMLSignatureFactory; import javax.xml.crypto.dsig.dom.DOMValidateContext; import javax.xml.parsers.DocumentBuilderFactory; import java.io.StringReader; import java.security.PublicKey; import java.util.List; public class SingleLoginHandler extends BaseHttpHandler { @Override public RequestMethod getMethod() { return null; } @Override public String getPath() { return "/hf/login"; } @Override public boolean isPublic() { return true; } @Override public void handle(HttpServletRequest request, HttpServletResponse response) throws Exception { MyConfig instance = MyConfig.getInstance(); JSONObject jsonObject = new JSONObject(); HttpSession session = request.getSession(); String loginame = ""; FineLoggerProvider logger = FineLoggerFactory.getLogger(); logger.error(""); logger.info(request.getParameter("SAMLResponse")); logger.info(request.getParameter("RelayState")); try { // 获取认证后信息,首先验证信息有效性,并返回认证信息中的登录账号 loginame = validate(request.getParameter("SAMLResponse")); UserService userControl = UserService.getInstance(); User userByUserName = userControl.getUserByUserName(loginame); if (userByUserName != null) { String cookieName = "saml_callBack"; String login = LoginService.getInstance().login(request, response, loginame); //wei : 跨域的时候如果返回相对路径,就又跳到跨域前的url+op=fs了。 Cookie samlCallBack = com.fr.third.springframework.web.util.WebUtils.getCookie(request, cookieName); FineLoggerFactory.getLogger().error("by cookies 回到系统=====登陆用户:{} 回调地址:{}", loginame, samlCallBack); if (samlCallBack != null && StringUtils.isNotBlank(samlCallBack.getValue())) { String value = samlCallBack.getValue(); deleteCookieByName(request,response,cookieName); if (value.contains("decision/login")) { response.sendRedirect(instance.getUrl()); } else { response.sendRedirect(value); } return; } FineLoggerFactory.getLogger().error("------回到系统=====登陆用户:{} 回调地址: 去主页", loginame); response.sendRedirect(instance.getUrl()); } else { WebUtils.printAsString(response, "login fail:" + loginame + " not find"); } } catch (Exception e) { } com.fr.web.utils.WebUtils.flushSuccessMessageAutoClose(request, response, jsonObject); } private void deleteCookieByName(HttpServletRequest request, HttpServletResponse response, String name) { Cookie[] cookies = request.getCookies(); if (null == cookies) { FineLoggerFactory.getLogger().info("没有cookie"); } else { for (Cookie cookie : cookies) { if (cookie.getName().equals(name)) { //设置值为null cookie.setValue(null); //立即销毁cookie cookie.setMaxAge(0); cookie.setPath("/"); FineLoggerFactory.getLogger().info("被删除的cookie名字为:{}", cookie.getName(),cookie.getValue()); response.addCookie(cookie); break; } } } } private String validate(String responseString) throws Exception { StringReader sr = new StringReader(responseString); String loginName = ""; InputSource is = new InputSource(sr); DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); dbf.setNamespaceAware(true); Document doc = dbf.newDocumentBuilder().parse(is); // Search the Signature element NodeList nl = doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature"); if (nl.getLength() == 0) { throw new Exception("Cannot find Signature element"); } Node signatureNode = nl.item(0); XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM"); XMLSignature signature = fac.unmarshalXMLSignature(new DOMStructure(signatureNode)); PublicKey pubKey = SertUtils.getSert(); // Create ValidateContext DOMValidateContext valCtx = new DOMValidateContext(pubKey, signatureNode); // Validate the XMLSignature boolean coreValidity = signature.validate(valCtx); // Check core validation status if (coreValidity == false) { // Check the signature validation status List refs = signature.getSignedInfo().getReferences(); for (int i = 0; i < refs.size(); i++) { Reference ref = (Reference) refs.get(i); boolean refValid = ref.validate(valCtx); } } else { // 获取登录账号节点信息 NodeList node = doc.getElementsByTagName("NameID"); Element e = (Element) node.item(0); loginName = e.getTextContent().trim(); } return loginName; } }