一元捐单点登录配置

donate-console/pom.xml

@@ -148,6 +148,11 @@
             <artifactId>activation</artifactId>
             <version>1.1</version>
         </dependency>
+        <dependency>
+            <groupId>com.uas.account</groupId>
+            <artifactId>account-common</artifactId>
+            <version>0.0.1-SNAPSHOT</version>
+        </dependency>
     </dependencies>
 
     <build>

donate-console/src/main/java/com/uas/console/donate/Application.java

@@ -1,8 +1,10 @@
 package com.uas.console.donate;
 
+import com.uas.console.donate.util.ContextUtils;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
-
+import org.springframework.boot.context.event.ApplicationPreparedEvent;
+import org.springframework.context.ApplicationListener;
 import org.springframework.context.annotation.ImportResource;
 import org.springframework.web.bind.annotation.RestController;
 
@@ -13,6 +15,12 @@ public class Application {
 
     public static void main(String[] args){
         SpringApplication application=new SpringApplication(Application.class);
+        application.addListeners(new ApplicationListener<ApplicationPreparedEvent>() {
+            @Override
+            public void onApplicationEvent(ApplicationPreparedEvent event) {
+                ContextUtils.setApplicationContext(event.getApplicationContext());
+            }
+        });
         application.run(args);
     }
 }

donate-console/src/main/java/com/uas/console/donate/SSOConfiguration.java

@@ -0,0 +1,63 @@
+package com.uas.console.donate;
+
+import com.uas.account.web.AccountConfigurer;
+import com.uas.console.donate.profile.Dev;
+import com.uas.console.donate.profile.Prod;
+import com.uas.console.donate.profile.Test;
+import com.uas.console.donate.util.ContextUtils;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
+
+
+/**
+ * SSOconfig 配置
+ *
+ * @author hejq
+ */
+@Configuration
+public class SSOConfiguration extends WebMvcConfigurerAdapter {
+
+
+    @Override
+    public void addInterceptors(InterceptorRegistry registry) {
+        /**
+         * 拦截器配置
+         */
+//        registry.addInterceptor(new SSOInterceptor()).addPathPatterns("/**").
+//                excludePathPatterns("/WEB-INF/**","/**/static/**", "/login/**", "/logout/**");
+    }
+
+    @Bean
+    @Dev
+    public AccountConfigurer devAccountConfigurer() {
+        return accountConfigurer("dev");
+    }
+
+    @Bean
+    @Test
+    public AccountConfigurer testAccountConfigurer() {
+        return accountConfigurer("test");
+    }
+
+    @Bean
+    @Prod
+    public AccountConfigurer prodAccountConfigurer() {
+        return accountConfigurer("prod");
+    }
+
+    /**
+     * 获取当前环境下的配置
+     *
+     * @param profile
+     * @return
+     */
+    private AccountConfigurer accountConfigurer(String profile) {
+        AccountConfigurer accountConfigurer = new AccountConfigurer("classpath:" + profile + "/account.properties");
+        accountConfigurer.setApplicationContext(ContextUtils.getApplicationContext());
+        accountConfigurer.init();
+        return accountConfigurer;
+    }
+
+}

donate-console/src/main/java/com/uas/console/donate/controller/SecurityController.java

@@ -0,0 +1,162 @@
+package com.uas.console.donate.controller;
+
+import com.uas.account.entity.UserView;
+import com.uas.console.donate.core.support.SystemSession;
+import com.uas.console.donate.util.FastjsonUtils;
+import com.uas.console.donate.web.CommonController;
+import com.uas.sso.AuthToken;
+import com.uas.sso.SSOConfig;
+import com.uas.sso.SSOHelper;
+import com.uas.sso.SSOToken;
+import org.springframework.ui.ModelMap;
+import org.springframework.util.StringUtils;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.RestController;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+
+/**
+ * 账号登录配置
+ *
+ * Created by hejq on 2017-11-15.
+ */
+@RequestMapping(value = "/account")
+@RestController
+public class SecurityController extends CommonController {
+
+    /**
+     * 账户信息、SSO配置
+     *
+     * @return
+     */
+    @RequestMapping(method = RequestMethod.GET)
+    public ModelMap getAccountInfo() {
+        return success(SystemSession.getUser());
+    }
+
+    /**
+     * 跳转登录
+     *
+     * @throws IOException
+     */
+    @RequestMapping(value = "/login", method = RequestMethod.GET)
+    public ModelMap getLoginPage() throws IOException {
+        SSOHelper.clearLogin(request, response);
+        String url= SSOHelper.getRedirectRefererLoginUrl(request);
+        boolean cross = SSOHelper.isCrossDomain(request);
+        if (cross) {
+            // 跨域代理界面
+            url = "login/proxy";
+        }
+        return success(url);
+    }
+
+    /**
+     * 退出
+     *
+     * @throws IOException
+     */
+    @RequestMapping(value = "/logout", method = RequestMethod.GET)
+    public ModelMap logout() throws IOException {
+        SSOHelper.clearLogin(request, response);
+        return success();
+    }
+
+    /**
+     * 获取跨域登录的参数
+     *
+     * @param request
+     * @param response
+     * @return
+     * @throws IOException
+     */
+    @RequestMapping(value = "/login/crossBefore")
+    public ModelMap getCrossLoginData(HttpServletRequest request, HttpServletResponse response) throws IOException {
+        ModelMap model = new ModelMap();
+        SSOConfig config = SSOHelper.getSSOService().getConfig();
+        // 业务系统私钥签名 authToken 自动设置临时会话 cookie 授权后自动销毁
+        AuthToken at = SSOHelper.askCiphertext(request, response, config.getClientPrivateKey());
+        // askUrl 询问 sso 是否登录地址
+        model.addAttribute("askUrl", config.getCrossAskUrl());
+        // askTxt 询问 token 密文
+        model.addAttribute("askData", at.encryptAuthToken());
+        // 未登录情况下，登录地址
+        Object loginUrl = null;
+        boolean cross = SSOHelper.isCrossDomain(request);
+        if (cross) {
+            loginUrl = SSOHelper.getRedirectRefererLoginUrl(request);
+        } else {
+            loginUrl = SSOHelper.getRedirectLoginUrl(request, String.valueOf(request.getSession().getAttribute("SSOReferer")));
+        }
+        model.addAttribute("loginUrl", loginUrl);
+        return model;
+    }
+
+    /**
+     * 跨域登录后
+     *
+     * @param request
+     * @param response
+     */
+    @RequestMapping(value = "/login/crossAfter")
+    public ModelMap afterCrossLogin(HttpServletRequest request, HttpServletResponse response, String replyTxt) {
+        if (!StringUtils.isEmpty(replyTxt)) {
+            Object returnUrl = request.getSession().getAttribute(SSOConfig.SSOReferer);
+            SSOConfig config = SSOHelper.getSSOService().getConfig();
+            AuthToken token = SSOHelper.ok(request, response, replyTxt, config.getClientPublicKey(), config.getCenterPublicKey());
+            if (token != null) {
+                SSOToken tk = new SSOToken();
+                tk.setUid(token.getUid());
+                tk.setTime(token.getTime());
+                tk.setData(token.getData());
+                SSOHelper.setSSOCookie(request, response, tk, true);
+                UserView user = getUserByToken(tk);
+                if (user != null) {
+                    request.getSession().setAttribute("user", user);
+                    SystemSession.setUser(user);
+                }
+                // returnUrl有时候为null，然后生成URL的时候会出现undefined
+                return new ModelMap("returnUrl", returnUrl==null?"":returnUrl);
+            }
+        }
+        return null;
+    }
+
+    private UserView getUserByToken(SSOToken token) {
+        UserView authedUser = null;
+        if (token.getData() != null) {
+            authedUser = FastjsonUtils.fromJson(token.getData(), UserView.class);
+        }
+        return authedUser;
+    }
+
+    /**
+     * 获取跨域登录的参数
+     *
+     * @param request
+     * @param response
+     * @return
+     * @throws IOException
+     */
+    @RequestMapping(value = "/logout/crossBefore")
+    public ModelMap getCrossLogoutData(HttpServletRequest request, HttpServletResponse response) throws IOException {
+        ModelMap model = new ModelMap();
+        SSOConfig config = SSOHelper.getSSOService().getConfig();
+        model.addAttribute("askUrl", config.getCrossAskOutUrl());
+        model.addAttribute("returnUrl", String.valueOf(request.getSession().getAttribute(SSOConfig.SSOReferer)));
+        // 登录情况下，登出地址
+        Object logoutUrl = null;
+        boolean cross = SSOHelper.isCrossDomain(request);
+        if (cross) {
+            logoutUrl = SSOHelper.getRedirectRefererLogoutUrl(request);
+        } else {
+            logoutUrl = SSOHelper.getRedirectLogoutUrl(request, String.valueOf(request.getSession().getAttribute("SSOReferer")));
+        }
+        model.addAttribute("logoutUrl", logoutUrl);
+        return model;
+    }
+
+}

donate-console/src/main/java/com/uas/console/donate/core/support/SystemSession.java

@@ -0,0 +1,27 @@
+package com.uas.console.donate.core.support;
+
+import com.uas.account.entity.UserView;
+
+/**
+ * 每次请求服务器时，用户信息存放在本次线程中
+ * 
+ * @author yingp
+ * 
+ */
+public class SystemSession {
+
+	private static ThreadLocal<UserView> local = new ThreadLocal<UserView>();
+
+	public static void setUser(UserView session) {
+		local.set(session);
+	}
+
+	public static UserView getUser() {
+		return local.get();
+	}
+
+	public static void clear() {
+		local.set(null);
+	}
+
+}

donate-console/src/main/java/com/uas/console/donate/profile/Dev.java

@@ -0,0 +1,14 @@
+package com.uas.console.donate.profile;
+
+import org.springframework.context.annotation.Profile;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Target({ ElementType.TYPE, ElementType.METHOD })
+@Retention(RetentionPolicy.RUNTIME)
+@Profile("dev")
+public @interface Dev {
+}

donate-console/src/main/java/com/uas/console/donate/profile/Prod.java

@@ -0,0 +1,14 @@
+package com.uas.console.donate.profile;
+
+import org.springframework.context.annotation.Profile;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Target({ ElementType.TYPE, ElementType.METHOD })
+@Retention(RetentionPolicy.RUNTIME)
+@Profile("prod")
+public @interface Prod {
+}

donate-console/src/main/java/com/uas/console/donate/profile/Test.java

@@ -0,0 +1,14 @@
+package com.uas.console.donate.profile;
+
+import org.springframework.context.annotation.Profile;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+@Target({ ElementType.TYPE, ElementType.METHOD })
+@Retention(RetentionPolicy.RUNTIME)
+@Profile("test")
+public @interface Test {
+}

donate-console/src/main/java/com/uas/console/donate/web/CommonController.java

@@ -0,0 +1,78 @@
+package com.uas.console.donate.web;
+
+import com.alibaba.fastjson.JSON;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpStatus;
+import org.springframework.http.MediaType;
+import org.springframework.http.ResponseEntity;
+import org.springframework.ui.ModelMap;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.io.PrintWriter;
+
+/**
+ * controller基础类
+ * 
+ * @author yingp
+ *
+ */
+public class CommonController {
+
+	protected static final String defultCharset = "UTF-8";
+
+	@Autowired
+	protected HttpServletRequest request;
+
+	@Autowired
+	protected HttpServletResponse response;
+
+	protected static ModelMap success() {
+		return new ModelMap("success", true);
+	}
+
+	protected static ModelMap success(Object data) {
+		return new ModelMap("success", true).addAttribute("content", data);
+	}
+
+	protected static ModelMap error(String errMsg) {
+		return new ModelMap("error", true).addAttribute("errMsg", errMsg);
+	}
+
+	protected static ModelMap error(String errCode, String errMsg) {
+		return new ModelMap("error", true).addAttribute("errCode", errCode).addAttribute("errMsg", errMsg);
+	}
+
+	/**
+	 * 输出json格式
+	 * 
+	 * @param obj
+	 * @throws IOException
+	 */
+	protected void printJson(Object obj) throws IOException {
+		response.setStatus(HttpStatus.FORBIDDEN.value());
+		response.addHeader("Content-Type", "application/json; charset=" + defultCharset);
+		PrintWriter printWriter = response.getWriter();
+		printWriter.append(JSON.toJSONString(obj));
+		printWriter.flush();
+		printWriter.close();
+	}
+
+	/**
+	 * 输出流
+	 * 
+	 * @param fileName
+	 *            文件名
+	 * @param bytes
+	 * @throws IOException
+	 */
+	protected ResponseEntity<byte[]> outputStream(String fileName, byte[] bytes) {
+		HttpHeaders headers = new HttpHeaders();
+		headers.setContentType(MediaType.APPLICATION_OCTET_STREAM);
+		headers.setContentDispositionFormData("attachment", fileName);
+		return new ResponseEntity<byte[]>(bytes, headers, HttpStatus.CREATED);
+	}
+
+}

donate-console/src/main/java/com/uas/console/donate/web/filter/AbstractSSOInterceptor.java

@@ -0,0 +1,92 @@
+package com.uas.console.donate.web.filter;
+
+import com.uas.sso.SSOConfig;
+import com.uas.sso.SSOHelper;
+import com.uas.sso.SSOToken;
+import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.logging.Logger;
+
+/**
+ * spring mvc 接口，SSO 过滤器验证登录状态
+ * 
+ * @author yingp
+ *
+ */
+public abstract class AbstractSSOInterceptor extends HandlerInterceptorAdapter {
+
+	private static final Logger logger = Logger.getLogger(com.uas.sso.web.spring.AbstractSSOInterceptor.class.getName());
+
+	/**
+	 * 未登录情况下的处理
+	 * 
+	 * @param request
+	 * @param response
+	 * @return true继续，false跳转登录
+	 */
+	protected abstract boolean onAuthenticateFailed(HttpServletRequest request, HttpServletResponse response);
+
+	/**
+	 * 已登录情况下的处理
+	 * 
+	 * @param request
+	 * @param response
+	 * @return
+	 */
+	protected abstract void onAuthenticateSuccess(HttpServletRequest request, HttpServletResponse response);
+
+	/**
+	 * 跳转登录
+	 * 
+	 * @param request
+	 * @param response
+	 * @throws IOException
+	 */
+	protected void sendRedirect(HttpServletRequest request, HttpServletResponse response) throws IOException {
+		boolean cross = SSOHelper.isCrossDomain(request);
+		if (cross) {
+			request.getSession().setAttribute(SSOConfig.SSOReferer, request.getRequestURL());
+			response.sendRedirect(SSOHelper.getSSOService().getConfig().getCrossProxyUri());
+		} else {
+			SSOHelper.clearRedirectLogin(request, response);
+		}
+	}
+
+	private final boolean authenticate(HttpServletRequest request, HttpServletResponse response) throws IOException {
+		SSOToken token = SSOHelper.getToken(request);
+		if (token == null) {
+			// 返回false表示需要跳转登录
+			if (!onAuthenticateFailed(request, response)) {
+				if (isRedirectAble(request)) {
+					/**
+					 * 重新登录
+					 */
+					logger.fine("logout. request url:" + request.getRequestURL());
+					sendRedirect(request, response);
+				}
+				return false;
+			} else {
+				return true;
+			}
+		}
+		request.setAttribute(SSOConfig.SSO_TOKEN_ATTR, token);
+		onAuthenticateSuccess(request, response);
+		return true;
+	}
+
+	@Override
+	public final boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+		if (super.preHandle(request, response, handler)) {
+			return authenticate(request, response);
+		}
+		return false;
+	}
+
+	protected boolean isRedirectAble(HttpServletRequest request) {
+		return null == request.getHeader("x-requested-with")
+				&& (null == request.getHeader("Accept") || !request.getHeader("Accept").contains("application/json"));
+	}
+}

donate-console/src/main/java/com/uas/console/donate/web/filter/SSOInterceptor.java

@@ -0,0 +1,54 @@
+package com.uas.console.donate.web.filter;
+
+import com.uas.account.entity.UserView;
+import com.uas.console.donate.core.support.SystemSession;
+import com.uas.console.donate.util.FastjsonUtils;
+import com.uas.sso.SSOHelper;
+import com.uas.sso.SSOToken;
+import com.uas.sso.web.spring.AbstractSSOInterceptor;
+import org.springframework.util.StringUtils;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * 登录拦截
+ */
+public class SSOInterceptor extends AbstractSSOInterceptor {
+
+	@Override
+	protected boolean onAuthenticateFailed(HttpServletRequest request, HttpServletResponse response) {
+		return false;
+	}
+
+	@Override
+	protected void onAuthenticateSuccess(HttpServletRequest request, HttpServletResponse response) {
+		UserView user = (UserView) request.getSession().getAttribute("user");
+		if (user == null) {
+			SSOToken token = SSOHelper.attrToken(request);
+			user = getUserByToken(token);
+			if (user != null) {
+				request.getSession().setAttribute("user", user);
+			}
+		}
+		if (user != null) {
+			SystemSession.setUser(user);
+		}
+	}
+
+	@Override
+	public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex)
+			throws Exception {
+		super.afterCompletion(request, response, handler, ex);
+		SystemSession.clear();
+	}
+
+	private UserView getUserByToken(SSOToken token) {
+        UserView user = null;
+		if (token != null && !StringUtils.isEmpty(token.getData())) {
+			user = FastjsonUtils.fromJson(token.getData(), UserView.class);
+		}
+		return user;
+	}
+
+}

donate-console/src/main/java/test/SmsTestApplication.java

@@ -1,22 +0,0 @@
-package test;
-
-import com.uas.console.donate.model.SmsMessage;
-import com.uas.platform.core.util.HttpUtil;
-import com.uas.platform.core.util.serializer.FlexJsonUtils;
-
-import java.util.ArrayList;
-import java.util.List;
-
-public class SmsTestApplication {
-    public static void main(String[] args) {
-        SmsMessage sms = new SmsMessage();
-        String messageUrl = "http://message.ubtob.com/sms/send";
-        sms.setReceiver("18702604604");
-        List<Object> obj = new ArrayList<Object>();
-        obj.add("史晨如");
-        obj.add("测试");
-        sms.setParams(obj);
-        sms.setTemplateId("72cc98e4-0c2b-4d16-944b-2e0515048b8d");
-        HttpUtil.sendPost(messageUrl, FlexJsonUtils.toJsonDeep(sms));
-    }
-}

donate-console/src/main/resources/dev/account.properties

@@ -0,0 +1,32 @@
+### sso config
+sso.app=donate
+token secretkey
+sso.secretkey=0taQcW073Z7G628g5H
+sso.cookie.secure=false
+
+#Õýʽ
+#sso.cookie.domain=.ubtob.com
+#sso.login.url=https://account.ubtob.com/sso/login
+
+##²âÊÔ
+#sso.cookie.domain=.ubtob.com
+#sso.login.url=http://account.xyz.hjq:8090/account/sso/login
+
+±¾µØ
+sso.cookie.domain=http://hejq.ubtob.com:8899/index
+sso.login.url=http://hejq.ubtob.com:8090/account/sso/login
+
+### account center config,
+account.us.save.url=http://10.10.100.133:8080/api/userspace
+account.user.save.url=http://10.10.100.133:8080/api/user
+account.user.getPartners.url = http://10.10.100.133:8080/api/partners
+account.user.getContactPage.url=https://account.ubtob.com/business/groups
+
+#cross domain
+sso.ask.url=http://hejq.ubtob.com:8090/account/sso/login/ask
+sso.askout.url=http://hejq.ubtob.com:8090/account/sso/logout/ask
+sso.proxy.uri=login/proxy
+sso.authcookie.secretkey=Z318866alN6gA0piuO
+sso.client.private_key=MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAIquTH9rOygR1iyMzU1CSQDXG+lJpMQgWkRWMwO3lzS+UJ3GRq1yxxD8mPFZCuItMRxP4Mvu3nvxDvsJx8lfRXk4MGswROIBPcdBAnasphN7wS5mDvDe/VBIKv+fg4j4VEnak9VUAQhS1gDtp+ZmQpCc9/gz8vueF1ueIXspAoUhAgMBAAECgYBfMP8PY1KK0Zt6nvd5NauYqQ7elg9EFJUBXU3NGmLu8Eez1NrEygk8braoy57921lffrDmKsOKvc+zn2YEoqGzbHCOuYsTDBXFCGLkj8oPeHyrs02+XuJe9j2ejhq2N04oP/TMxerFeyWnHdRCNXECrthqhwTRmGitnj2/+FLVAQJBAM93HY/5HoFlfRv9zjFy72ft/ZC60jHERXwyumbFs8z/x8sHCY1GWfgGhm1ShE1bDWAPY3W9WCFsx6nOETsHajECQQCrH8Dl7IIIHJ5D0TDisFkePnYELxpmOGlPwPOQ7hyLAdW4aB1fVIpjsWmgGOyPvmhK+b99XeLUbwpxVU7AAB3xAkAJNxJCFd+sAbUH7EMfYSqPJDwSFKpHeZ9Yf+xVqkxtO6NFOl/LPae7Y5bO/k5QHU4/yQ8y6KEkgu9vdG7Bf3fRAkEAiDlX6vDytphpmN0PyHXQC9Z3Rm9k2ZjwpM+aVXZn/HSyeQFQ2JHJNQGHby5IK0nNZloYiSlTJ/9ZVc0uSoQNUQJBAJFix2tD7b0Zq82xpeGt81rhXsofuerq1x9WM5UyYILCKJMHZw5lt58snINVzA7JxV+l60dbIgJjmRYm0yxQIAY=
+sso.client.public_key=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCKrkx/azsoEdYsjM1NQkkA1xvpSaTEIFpEVjMDt5c0vlCdxkatcscQ/JjxWQriLTEcT+DL7t578Q77CcfJX0V5ODBrMETiAT3HQQJ2rKYTe8EuZg7w3v1QSCr/n4OI+FRJ2pPVVAEIUtYA7afmZkKQnPf4M/L7nhdbniF7KQKFIQIDAQAB
+sso.center.public_key=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL2g7CEfuPZtEDy7Iz5AL6iwbHZewWGUBYUWxKnFAwAW4lY8mMavn5Ke5mB25eKj5bvUsB48r8gWTvJNsKRGEw8CAwEAAQ==

donate-console/src/main/resources/prod/account.properties

@@ -0,0 +1,15 @@
+### sso config
+sso.app=donate
+token secretkey
+sso.secretkey=0taQcW073Z7G628g5H
+sso.cookie.secure=false
+
+#Õýʽ
+sso.cookie.domain=.ubtob.com
+sso.login.url=https://account.ubtob.com/sso/login
+
+### account center config,
+account.us.save.url=http://10.10.100.133:8080/api/userspace
+account.user.save.url=http://10.10.100.133:8080/api/user
+account.user.getPartners.url = http://10.10.100.133:8080/api/partners
+account.user.getContactPage.url=https://account.ubtob.com/business/groups

donate-console/src/main/resources/test/account.properties

@@ -0,0 +1,24 @@
+### sso config
+sso.app=donate
+token secretkey
+sso.secretkey=0taQcW073Z7G628g5H
+sso.cookie.secure=false
+
+#测试
+sso.cookie.domain=.ubtob.com
+sso.login.url=http://113.105.74.135:8001/sso/login
+
+### account center config,
+account.us.save.url=http://10.10.100.133:8080/api/userspace
+account.user.save.url=http://10.10.100.133:8080/api/user
+account.user.getPartners.url = http://10.10.100.133:8080/api/partners
+account.user.getContactPage.url=https://account.ubtob.com/business/groups
+
+#cross domain
+sso.ask.url=http://113.105.74.135:8001/sso/login/ask
+sso.askout.url=http://113.105.74.135:8001/sso/logout/ask
+sso.proxy.uri=login/proxy
+sso.authcookie.secretkey=Z318866alN6gA0piuO
+sso.client.private_key=MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAIquTH9rOygR1iyMzU1CSQDXG+lJpMQgWkRWMwO3lzS+UJ3GRq1yxxD8mPFZCuItMRxP4Mvu3nvxDvsJx8lfRXk4MGswROIBPcdBAnasphN7wS5mDvDe/VBIKv+fg4j4VEnak9VUAQhS1gDtp+ZmQpCc9/gz8vueF1ueIXspAoUhAgMBAAECgYBfMP8PY1KK0Zt6nvd5NauYqQ7elg9EFJUBXU3NGmLu8Eez1NrEygk8braoy57921lffrDmKsOKvc+zn2YEoqGzbHCOuYsTDBXFCGLkj8oPeHyrs02+XuJe9j2ejhq2N04oP/TMxerFeyWnHdRCNXECrthqhwTRmGitnj2/+FLVAQJBAM93HY/5HoFlfRv9zjFy72ft/ZC60jHERXwyumbFs8z/x8sHCY1GWfgGhm1ShE1bDWAPY3W9WCFsx6nOETsHajECQQCrH8Dl7IIIHJ5D0TDisFkePnYELxpmOGlPwPOQ7hyLAdW4aB1fVIpjsWmgGOyPvmhK+b99XeLUbwpxVU7AAB3xAkAJNxJCFd+sAbUH7EMfYSqPJDwSFKpHeZ9Yf+xVqkxtO6NFOl/LPae7Y5bO/k5QHU4/yQ8y6KEkgu9vdG7Bf3fRAkEAiDlX6vDytphpmN0PyHXQC9Z3Rm9k2ZjwpM+aVXZn/HSyeQFQ2JHJNQGHby5IK0nNZloYiSlTJ/9ZVc0uSoQNUQJBAJFix2tD7b0Zq82xpeGt81rhXsofuerq1x9WM5UyYILCKJMHZw5lt58snINVzA7JxV+l60dbIgJjmRYm0yxQIAY=
+sso.client.public_key=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCKrkx/azsoEdYsjM1NQkkA1xvpSaTEIFpEVjMDt5c0vlCdxkatcscQ/JjxWQriLTEcT+DL7t578Q77CcfJX0V5ODBrMETiAT3HQQJ2rKYTe8EuZg7w3v1QSCr/n4OI+FRJ2pPVVAEIUtYA7afmZkKQnPf4M/L7nhdbniF7KQKFIQIDAQAB
+sso.center.public_key=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL2g7CEfuPZtEDy7Iz5AL6iwbHZewWGUBYUWxKnFAwAW4lY8mMavn5Ke5mB25eKj5bvUsB48r8gWTvJNsKRGEw8CAwEAAQ==

donate-console/src/main/webapp/WEB-INF/views/index.html

@@ -53,6 +53,9 @@
                                 <div class="pull-left">
                                     <a href="" class="btn btn-default btn-flat">资料</a>
                                 </div>
+                                <div class="pull-left">
+                                    <a href="#" id="login" class="btn btn-default btn-flat">登录</a>
+                                </div>
                                 <div class="pull-right">
                                     <a href="" class="btn btn-default btn-flat">退出</a>
                                 </div>
@@ -143,5 +146,12 @@
 <script src="static/lib/js/app.min.js"></script>
 <script type="text/javascript" src="static/lib/require.js"
         data-main="static/js/index/main.js"></script>
+<script type="text/javascript">
+    $('#login').on('click', function () {
+        $.get('account/login', function(data) {
+            data.content && (window.location.href = data.content);
+        });
+    });
+</script>
 </body>
 </html>

donate-console/src/main/webapp/WEB-INF/views/proxyLogin.html

@@ -0,0 +1,45 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
+<meta name="renderer" content="webkit">
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<meta name="robots" content="none">
+<base href="../" />
+<link href="static/img/icon/u.png" rel="icon" type="image/x-icon" />
+<script type="text/javascript" src="static/lib/jquery/jquery.min.js"></script>
+</head>
+<body>
+	<script type="text/javascript">
+		function proxyLogin(askUrl, askData, loginUrl) {
+			$.getJSON(askUrl + "?callback=?", {
+				askData : askData
+			}, function(d) {
+				if (d.error) {
+					// 跳转登录页面
+					window.location.href = loginUrl;
+				} else {
+					$.post('account/login/crossAfter', {
+						replyTxt : d.content
+					}, function(e) {
+						
+						// 已登录
+						if (e.returnUrl.indexOf('/index')) {
+							window.location.href = e.returnUrl.replace("/index", "/");
+						} else {
+							window.location.href = e.returnUrl;
+						}
+					}, "json");
+				}
+			});
+		}
+		$.getJSON('account/login/crossBefore', function(data) {
+			proxyLogin(data.askUrl, data.askData, data.loginUrl);
+		});
+	</script>
+	<div align="center" style="margin-top: 180px;">
+		<img src="static/img/all/loading.gif">
+		<p style="color: #888">正在加载中，请稍候……</p>
+	</div>
+</body>
+</html>

donate-console/src/main/webapp/WEB-INF/views/proxyLogout.html

@@ -0,0 +1,33 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+<meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
+<meta name="renderer" content="webkit">
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<meta name="robots" content="none">
+<base href="../" />
+<link href="static/img/icon/u.png" rel="icon" type="image/x-icon" />
+<script type="text/javascript" src="static/lib/jquery/jquery.min.js"></script>
+</head>
+<body>
+<script type="text/javascript">
+	function proxyLogout(askUrl, logoutUrl, retUrl) {
+	    $.getJSON(askUrl + "?callback=?", function(d){
+			if (d.error) {
+				// 跳转登出页面
+				window.location.href = logoutUrl;
+			} else {
+				window.location.href = retUrl;
+			}
+	    });
+	}
+	$.getJSON('account/logout/crossBefore', function(data){
+		proxyLogout(data.askUrl, data.logoutUrl, data.returnUrl);
+	});
+</script>
+<div align="center" style="margin-top: 180px;">
+	<img src="static/img/all/loading.gif"> 
+	<p style="color: #888">正在加载中，请稍候……</p>
+</div>
+</body>
+</html>