hugh
/
open-JSD-8690
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
JSD-8690 开源任务材料
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
274 KiB
 
 
 
Tree: 37125633d6
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '37125633d6'
${ noResults }
open-JSD-8690/src/main/java/com/fr/plugin/web/hander/SingleLoginHandler.java

156 lines
6.4 KiB
Raw Blame History

package com.fr.plugin.web.hander;
import com.fr.decision.authority.data.User;
import com.fr.decision.fun.impl.BaseHttpHandler;
import com.fr.decision.webservice.v10.login.LoginService;
import com.fr.decision.webservice.v10.user.UserService;
import com.fr.json.JSONObject;
import com.fr.log.FineLoggerFactory;
import com.fr.log.FineLoggerProvider;
import com.fr.plugin.config.MyConfig;
import com.fr.plugin.transform.ExecuteFunctionRecord;
import com.fr.plugin.transform.FunctionRecorder;
import com.fr.plugin.utils.SertUtils;
import com.fr.stable.CodeUtils;
import com.fr.stable.StringUtils;
import com.fr.third.springframework.web.bind.annotation.RequestMethod;
import com.fr.web.utils.WebUtils;
import org.w3c.dom.Document;
import org.w3c.dom.Element;
import org.w3c.dom.Node;
import org.w3c.dom.NodeList;
import org.xml.sax.InputSource;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.xml.crypto.dom.DOMStructure;
import javax.xml.crypto.dsig.Reference;
import javax.xml.crypto.dsig.XMLSignature;
import javax.xml.crypto.dsig.XMLSignatureFactory;
import javax.xml.crypto.dsig.dom.DOMValidateContext;
import javax.xml.parsers.DocumentBuilderFactory;
import java.io.StringReader;
import java.security.PublicKey;
import java.util.List;
public class SingleLoginHandler extends BaseHttpHandler {
@Override
public RequestMethod getMethod() {
return null;
}
@Override
public String getPath() {
return "/hf/login";
}
@Override
public boolean isPublic() {
return true;
}
@Override
public void handle(HttpServletRequest request, HttpServletResponse response) throws Exception {
MyConfig instance = MyConfig.getInstance();
JSONObject jsonObject = new JSONObject();
HttpSession session = request.getSession();
String loginame = "";
FineLoggerProvider logger = FineLoggerFactory.getLogger();
logger.error("");
logger.info(request.getParameter("SAMLResponse"));
logger.info(request.getParameter("RelayState"));
try {
// 获取认证后信息,首先验证信息有效性,并返回认证信息中的登录账号
loginame = validate(request.getParameter("SAMLResponse"));
UserService userControl = UserService.getInstance();
User userByUserName = userControl.getUserByUserName(loginame);
if (userByUserName != null) {
String cookieName = "saml_callBack";
String login = LoginService.getInstance().login(request, response, loginame);
//wei : 跨域的时候如果返回相对路径,就又跳到跨域前的url+op=fs了。
Cookie samlCallBack = com.fr.third.springframework.web.util.WebUtils.getCookie(request, cookieName);
FineLoggerFactory.getLogger().error("by cookies 回到系统=====登陆用户:{} 回调地址:{}", loginame, samlCallBack);
if (samlCallBack != null && StringUtils.isNotBlank(samlCallBack.getValue())) {
String value = samlCallBack.getValue();
deleteCookieByName(request,response,cookieName);
if (value.contains("decision/login")) {
response.sendRedirect(instance.getUrl());
} else {
response.sendRedirect(value);
}
return;
}
FineLoggerFactory.getLogger().error("------回到系统=====登陆用户:{} 回调地址: 去主页", loginame);
response.sendRedirect(instance.getUrl());
} else {
WebUtils.printAsString(response, "login fail:" + loginame + " not find");
}
} catch (Exception e) {
}
com.fr.web.utils.WebUtils.flushSuccessMessageAutoClose(request, response, jsonObject);
}
private void deleteCookieByName(HttpServletRequest request, HttpServletResponse response, String name) {
Cookie[] cookies = request.getCookies();
if (null == cookies) {
FineLoggerFactory.getLogger().info("没有cookie");
} else {
for (Cookie cookie : cookies) {
if (cookie.getName().equals(name)) {
//设置值为null
cookie.setValue(null);
//立即销毁cookie
cookie.setMaxAge(0);
cookie.setPath("/");
FineLoggerFactory.getLogger().info("被删除的cookie名字为:{}", cookie.getName(),cookie.getValue());
response.addCookie(cookie);
break;
}
}
}
}
private String validate(String responseString) throws Exception {
StringReader sr = new StringReader(responseString);
String loginName = "";
InputSource is = new InputSource(sr);
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance();
dbf.setNamespaceAware(true);
Document doc = dbf.newDocumentBuilder().parse(is);
// Search the Signature element
NodeList nl = doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature");
if (nl.getLength() == 0) {
throw new Exception("Cannot find Signature element");
}
Node signatureNode = nl.item(0);
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM");
XMLSignature signature = fac.unmarshalXMLSignature(new DOMStructure(signatureNode));
PublicKey pubKey = SertUtils.getSert();
// Create ValidateContext
DOMValidateContext valCtx = new DOMValidateContext(pubKey, signatureNode);
// Validate the XMLSignature
boolean coreValidity = signature.validate(valCtx);
// Check core validation status
if (coreValidity == false) {
// Check the signature validation status
List refs = signature.getSignedInfo().getReferences();
for (int i = 0; i < refs.size(); i++) {
Reference ref = (Reference) refs.get(i);
boolean refValid = ref.validate(valCtx);
}
} else {
// 获取登录账号节点信息
NodeList node = doc.getElementsByTagName("NameID");
Element e = (Element) node.item(0);
loginName = e.getTextContent().trim();
}
return loginName;
}
}