You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
156 lines
6.4 KiB
156 lines
6.4 KiB
package com.fr.plugin.web.hander; |
|
|
|
import com.fr.decision.authority.data.User; |
|
import com.fr.decision.fun.impl.BaseHttpHandler; |
|
import com.fr.decision.webservice.v10.login.LoginService; |
|
import com.fr.decision.webservice.v10.user.UserService; |
|
import com.fr.json.JSONObject; |
|
import com.fr.log.FineLoggerFactory; |
|
import com.fr.log.FineLoggerProvider; |
|
import com.fr.plugin.config.MyConfig; |
|
import com.fr.plugin.transform.ExecuteFunctionRecord; |
|
import com.fr.plugin.transform.FunctionRecorder; |
|
import com.fr.plugin.utils.SertUtils; |
|
import com.fr.stable.CodeUtils; |
|
import com.fr.stable.StringUtils; |
|
import com.fr.third.springframework.web.bind.annotation.RequestMethod; |
|
import com.fr.web.utils.WebUtils; |
|
import org.w3c.dom.Document; |
|
import org.w3c.dom.Element; |
|
import org.w3c.dom.Node; |
|
import org.w3c.dom.NodeList; |
|
import org.xml.sax.InputSource; |
|
|
|
import javax.servlet.http.Cookie; |
|
import javax.servlet.http.HttpServletRequest; |
|
import javax.servlet.http.HttpServletResponse; |
|
import javax.servlet.http.HttpSession; |
|
import javax.xml.crypto.dom.DOMStructure; |
|
import javax.xml.crypto.dsig.Reference; |
|
import javax.xml.crypto.dsig.XMLSignature; |
|
import javax.xml.crypto.dsig.XMLSignatureFactory; |
|
import javax.xml.crypto.dsig.dom.DOMValidateContext; |
|
import javax.xml.parsers.DocumentBuilderFactory; |
|
import java.io.StringReader; |
|
import java.security.PublicKey; |
|
import java.util.List; |
|
|
|
public class SingleLoginHandler extends BaseHttpHandler { |
|
@Override |
|
public RequestMethod getMethod() { |
|
return null; |
|
} |
|
|
|
@Override |
|
public String getPath() { |
|
return "/hf/login"; |
|
} |
|
|
|
@Override |
|
public boolean isPublic() { |
|
return true; |
|
} |
|
|
|
@Override |
|
public void handle(HttpServletRequest request, HttpServletResponse response) throws Exception { |
|
MyConfig instance = MyConfig.getInstance(); |
|
JSONObject jsonObject = new JSONObject(); |
|
HttpSession session = request.getSession(); |
|
String loginame = ""; |
|
FineLoggerProvider logger = FineLoggerFactory.getLogger(); |
|
logger.error(""); |
|
logger.info(request.getParameter("SAMLResponse")); |
|
logger.info(request.getParameter("RelayState")); |
|
try { |
|
// 获取认证后信息,首先验证信息有效性,并返回认证信息中的登录账号 |
|
loginame = validate(request.getParameter("SAMLResponse")); |
|
UserService userControl = UserService.getInstance(); |
|
User userByUserName = userControl.getUserByUserName(loginame); |
|
if (userByUserName != null) { |
|
String cookieName = "saml_callBack"; |
|
String login = LoginService.getInstance().login(request, response, loginame); |
|
//wei : 跨域的时候如果返回相对路径,就又跳到跨域前的url+op=fs了。 |
|
Cookie samlCallBack = com.fr.third.springframework.web.util.WebUtils.getCookie(request, cookieName); |
|
FineLoggerFactory.getLogger().error("by cookies 回到系统=====登陆用户:{} 回调地址:{}", loginame, samlCallBack); |
|
if (samlCallBack != null && StringUtils.isNotBlank(samlCallBack.getValue())) { |
|
String value = samlCallBack.getValue(); |
|
deleteCookieByName(request,response,cookieName); |
|
if (value.contains("decision/login")) { |
|
response.sendRedirect(instance.getUrl()); |
|
} else { |
|
response.sendRedirect(value); |
|
} |
|
return; |
|
} |
|
FineLoggerFactory.getLogger().error("------回到系统=====登陆用户:{} 回调地址: 去主页", loginame); |
|
response.sendRedirect(instance.getUrl()); |
|
} else { |
|
WebUtils.printAsString(response, "login fail:" + loginame + " not find"); |
|
} |
|
} catch (Exception e) { |
|
} |
|
com.fr.web.utils.WebUtils.flushSuccessMessageAutoClose(request, response, jsonObject); |
|
} |
|
|
|
private void deleteCookieByName(HttpServletRequest request, HttpServletResponse response, String name) { |
|
Cookie[] cookies = request.getCookies(); |
|
if (null == cookies) { |
|
FineLoggerFactory.getLogger().info("没有cookie"); |
|
} else { |
|
for (Cookie cookie : cookies) { |
|
if (cookie.getName().equals(name)) { |
|
//设置值为null |
|
cookie.setValue(null); |
|
//立即销毁cookie |
|
cookie.setMaxAge(0); |
|
cookie.setPath("/"); |
|
FineLoggerFactory.getLogger().info("被删除的cookie名字为:{}", cookie.getName(),cookie.getValue()); |
|
response.addCookie(cookie); |
|
break; |
|
} |
|
} |
|
} |
|
|
|
} |
|
|
|
private String validate(String responseString) throws Exception { |
|
StringReader sr = new StringReader(responseString); |
|
String loginName = ""; |
|
InputSource is = new InputSource(sr); |
|
DocumentBuilderFactory dbf = DocumentBuilderFactory.newInstance(); |
|
dbf.setNamespaceAware(true); |
|
Document doc = dbf.newDocumentBuilder().parse(is); |
|
|
|
// Search the Signature element |
|
NodeList nl = doc.getElementsByTagNameNS(XMLSignature.XMLNS, "Signature"); |
|
if (nl.getLength() == 0) { |
|
throw new Exception("Cannot find Signature element"); |
|
} |
|
Node signatureNode = nl.item(0); |
|
|
|
XMLSignatureFactory fac = XMLSignatureFactory.getInstance("DOM"); |
|
XMLSignature signature = fac.unmarshalXMLSignature(new DOMStructure(signatureNode)); |
|
PublicKey pubKey = SertUtils.getSert(); |
|
// Create ValidateContext |
|
DOMValidateContext valCtx = new DOMValidateContext(pubKey, signatureNode); |
|
|
|
// Validate the XMLSignature |
|
boolean coreValidity = signature.validate(valCtx); |
|
|
|
// Check core validation status |
|
if (coreValidity == false) { |
|
// Check the signature validation status |
|
List refs = signature.getSignedInfo().getReferences(); |
|
for (int i = 0; i < refs.size(); i++) { |
|
Reference ref = (Reference) refs.get(i); |
|
boolean refValid = ref.validate(valCtx); |
|
} |
|
} else { |
|
// 获取登录账号节点信息 |
|
NodeList node = doc.getElementsByTagName("NameID"); |
|
Element e = (Element) node.item(0); |
|
loginName = e.getTextContent().trim(); |
|
} |
|
return loginName; |
|
} |
|
}
|
|
|