SecurityController添加

donate-service/src/main/java/com/uas/service/donate/controller/SecurityController.java

@@ -0,0 +1,201 @@
+package com.uas.service.donate.controller;
+
+import com.uas.account.entity.UserView;
+import com.uas.service.donate.core.support.SystemSession;
+import com.uas.service.donate.model.User;
+import com.uas.service.donate.service.UserService;
+import com.uas.service.donate.util.FastjsonUtils;
+import com.uas.service.donate.web.CommonController;
+import com.uas.sso.AuthToken;
+import com.uas.sso.SSOConfig;
+import com.uas.sso.SSOHelper;
+import com.uas.sso.SSOToken;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
+import org.springframework.ui.ModelMap;
+import org.springframework.util.StringUtils;
+import org.springframework.web.bind.annotation.*;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import java.io.IOException;
+
+/**
+ * 账号登录配置
+ *
+ * Created by hejq on 2017-11-15.
+ */
+@RequestMapping(value = "/sso")
+@RestController
+public class SecurityController extends CommonController {
+
+    @Autowired
+    private UserService userService;
+
+    /**
+     * 账户信息、SSO配置
+     *
+     * @return
+     */
+    @RequestMapping(value = "/account", method = RequestMethod.GET)
+    public ModelMap getAccountInfo() {
+        return success(SystemSession.getUser());
+    }
+
+    /**
+     * 跳转登录
+     *
+     * @throws IOException
+     */
+    @RequestMapping(value = "/login", method = RequestMethod.GET)
+    public ModelMap getLoginPage() throws IOException {
+        SSOHelper.clearLogin(request, response);
+        String url= SSOHelper.getRedirectRefererLoginUrl(request);
+        boolean cross = SSOHelper.isCrossDomain(request);
+        if (cross) {
+            // 跨域代理界面
+            url = "login/proxy";
+        }
+        return success(url);
+    }
+
+    /**
+     * 退出
+     *
+     * @throws IOException
+     */
+    @RequestMapping(value = "/logout", method = RequestMethod.GET, headers = "Accept=application/json")
+    @ResponseStatus(value= HttpStatus.OK)
+    public ModelMap logout(HttpServletRequest request, HttpServletResponse response, HttpSession session) throws IOException {
+        session.invalidate();
+        SSOHelper.clearLogin(request, response);
+        SystemSession.clear();
+        String returnUrl = request.getHeader("Referer");
+        boolean cross = SSOHelper.isCrossDomain(request);
+        if (cross) {
+            request.getSession().setAttribute(SSOConfig.SSOReferer, returnUrl);
+            // 跨域情况，需要再次询问账户中心
+            returnUrl = "logout/proxy";
+        }
+        return new ModelMap("content", returnUrl);
+    }
+
+    /**
+     * 获取跳转登录的url
+     *
+     * @param request
+     * @param response
+     * @return
+     * @throws IOException
+     */
+    @RequestMapping(value = "/login/page")
+    @ResponseBody
+    public ModelMap signin(HttpServletRequest request, HttpServletResponse response) throws IOException {
+        request.getSession().setAttribute(SSOConfig.SSOReferer, request.getHeader("Referer"));
+        SSOHelper.clearLogin(request, response);
+        String redirectUrl = SSOHelper.getRedirectRefererLoginUrl(request);
+        boolean cross = SSOHelper.isCrossDomain(request);
+        if (cross) {
+            // 跨域代理界面
+            redirectUrl = "login/proxy";
+        }
+        return new ModelMap("content", redirectUrl);
+    }
+
+    /**
+     * 获取跨域登录的参数
+     *
+     * @param request
+     * @param response
+     * @return
+     * @throws IOException
+     */
+    @RequestMapping(value = "/login/crossBefore")
+    public ModelMap getCrossLoginData(HttpServletRequest request, HttpServletResponse response) throws IOException {
+        ModelMap model = new ModelMap();
+        SSOConfig config = SSOHelper.getSSOService().getConfig();
+        // 业务系统私钥签名 authToken 自动设置临时会话 cookie 授权后自动销毁
+        AuthToken at = SSOHelper.askCiphertext(request, response, config.getClientPrivateKey());
+        // askUrl 询问 sso 是否登录地址
+        model.addAttribute("askUrl", config.getCrossAskUrl());
+        // askTxt 询问 token 密文
+        model.addAttribute("askData", at.encryptAuthToken());
+        // 未登录情况下，登录地址
+        Object loginUrl = null;
+        boolean cross = SSOHelper.isCrossDomain(request);
+        if (cross) {
+            loginUrl = SSOHelper.getRedirectRefererLoginUrl(request);
+        } else {
+            loginUrl = SSOHelper.getRedirectLoginUrl(request, String.valueOf(request.getSession().getAttribute("SSOReferer")));
+        }
+        model.addAttribute("loginUrl", loginUrl);
+        return model;
+    }
+
+    /**
+     * 跨域登录后
+     *
+     * @param request
+     * @param response
+     */
+    @RequestMapping(value = "/login/crossAfter")
+    public ModelMap afterCrossLogin(HttpServletRequest request, HttpServletResponse response, String replyTxt) {
+        if (!StringUtils.isEmpty(replyTxt)) {
+            Object returnUrl = request.getSession().getAttribute(SSOConfig.SSOReferer);
+            SSOConfig config = SSOHelper.getSSOService().getConfig();
+            AuthToken token = SSOHelper.ok(request, response, replyTxt, config.getClientPublicKey(), config.getCenterPublicKey());
+            if (token != null) {
+                SSOToken tk = new SSOToken();
+                tk.setUid(token.getUid());
+                tk.setTime(token.getTime());
+                tk.setData(token.getData());
+                SSOHelper.setSSOCookie(request, response, tk, true);
+                UserView user = getUserByToken(tk);
+                if (user != null) {
+                    request.getSession().setAttribute("user", user);
+                    User u = userService.findOne(Long.valueOf(user.getDialectUID()));
+                    SystemSession.setUser(u);
+                }
+                // returnUrl有时候为null，然后生成URL的时候会出现undefined
+                return new ModelMap("returnUrl", returnUrl==null?"":returnUrl);
+            }
+        }
+        return null;
+    }
+
+    private UserView getUserByToken(SSOToken token) {
+        UserView authedUser = null;
+        if (token.getData() != null) {
+            authedUser = FastjsonUtils.fromJson(token.getData(), UserView.class);
+        }
+        return authedUser;
+    }
+
+    /**
+     * 获取跨域登录的参数
+     *
+     * @param request
+     * @param response
+     * @return
+     * @throws IOException
+     */
+    @RequestMapping(value = "/logout/crossBefore")
+    public ModelMap getCrossLogoutData(HttpServletRequest request, HttpServletResponse response) throws IOException {
+        ModelMap model = new ModelMap();
+        SSOConfig config = SSOHelper.getSSOService().getConfig();
+        model.addAttribute("askUrl", config.getCrossAskOutUrl());
+        model.addAttribute("returnUrl", String.valueOf(request.getSession().getAttribute(SSOConfig.SSOReferer)));
+        // 登录情况下，登出地址
+        Object logoutUrl = null;
+        boolean cross = SSOHelper.isCrossDomain(request);
+        if (cross) {
+            logoutUrl = SSOHelper.getRedirectRefererLogoutUrl(request);
+        } else {
+            logoutUrl = SSOHelper.getRedirectLogoutUrl(request, String.valueOf(request.getSession().getAttribute("SSOReferer")));
+        }
+        model.addAttribute("logoutUrl", logoutUrl);
+        return model;
+    }
+
+}