usoft
/
donate-parent


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205
							package com.uas.console.donate.controller;

import com.uas.console.donate.core.support.SystemSession;
import com.uas.console.donate.model.UsageBufferedLogger;
import com.uas.console.donate.model.User;
import com.uas.console.donate.service.UserService;
import com.uas.console.donate.util.FastjsonUtils;
import com.uas.console.donate.web.CommonController;
import com.uas.platform.core.logging.BufferedLoggerManager;
import com.uas.sso.AuthToken;
import com.uas.sso.SSOConfig;
import com.uas.sso.SSOHelper;
import com.uas.sso.SSOToken;
import com.uas.sso.entity.UserAccount;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.http.HttpStatus;
import org.springframework.ui.ModelMap;
import org.springframework.util.StringUtils;
import org.springframework.web.bind.annotation.*;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;

/**
 * 账号登录配置
 *
 * Created by hejq on 2017-11-15.
 */
@RequestMapping(value = "/sso")
@RestController
public class SecurityController extends CommonController {

    @Autowired
    private UserService userService;

    private final static UsageBufferedLogger logger = BufferedLoggerManager.getLogger(UsageBufferedLogger.class);

    /**
     * 账户信息、SSO配置
     *
     * @return
     */
    @RequestMapping(value = "/account", method = RequestMethod.GET)
    public ModelMap getAccountInfo() {
        return success(SystemSession.getUser());
    }

    /**
     * 跳转登录
     *
     * @throws IOException
     */
    @RequestMapping(value = "/login", method = RequestMethod.GET)
    public ModelMap getLoginPage() throws IOException {
        SSOHelper.clearLogin(request, response);
        String url= SSOHelper.getRedirectRefererLoginUrl(request);
        boolean cross = SSOHelper.isCrossDomain(request);
        if (cross) {
            // 跨域代理界面
            url = "login/proxy";
        }
        return success(url);
    }

    /**
     * 退出
     *
     * @throws IOException
     */
    @RequestMapping(value = "/logout", method = RequestMethod.GET, headers = "Accept=application/json")
    @ResponseStatus(value= HttpStatus.OK)
    public ModelMap logout(HttpServletRequest request, HttpServletResponse response, HttpSession session) throws IOException {
        session.invalidate();
        SSOHelper.clearLogin(request, response);
        SystemSession.clear();
        String returnUrl = request.getHeader("Referer");
        boolean cross = SSOHelper.isCrossDomain(request);
        if (cross) {
            request.getSession().setAttribute(SSOConfig.SSOReferer, returnUrl);
            // 跨域情况，需要再次询问账户中心
            returnUrl = "logout/proxy";
        }
        return new ModelMap("content", returnUrl);
    }

    /**
     * 获取跳转登录的url
     *
     * @param request
     * @param response
     * @return
     * @throws IOException
     */
    @RequestMapping(value = "/login/page")
    @ResponseBody
    public ModelMap signin(HttpServletRequest request, HttpServletResponse response) throws IOException {
        request.getSession().setAttribute(SSOConfig.SSOReferer, request.getHeader("Referer"));
        SSOHelper.clearLogin(request, response);
        String redirectUrl = SSOHelper.getRedirectRefererLoginUrl(request);
        boolean cross = SSOHelper.isCrossDomain(request);
        if (cross) {
            // 跨域代理界面
            redirectUrl = "login/proxy";
        }
        return new ModelMap("content", redirectUrl);
    }

    /**
     * 获取跨域登录的参数
     *
     * @param request
     * @param response
     * @return
     * @throws IOException
     */
    @RequestMapping(value = "/login/crossBefore")
    public ModelMap getCrossLoginData(HttpServletRequest request, HttpServletResponse response) throws IOException {
        ModelMap model = new ModelMap();
        SSOConfig config = SSOHelper.getSSOService().getConfig();
        // 业务系统私钥签名 authToken 自动设置临时会话 cookie 授权后自动销毁
        AuthToken at = SSOHelper.askCiphertext(request, response, config.getClientPrivateKey());
        // askUrl 询问 sso 是否登录地址
        model.addAttribute("askUrl", config.getCrossAskUrl());
        // askTxt 询问 token 密文
        model.addAttribute("askData", at.encryptAuthToken());
        // 未登录情况下，登录地址
        Object loginUrl = null;
        boolean cross = SSOHelper.isCrossDomain(request);
        if (cross) {
            loginUrl = SSOHelper.getRedirectRefererLoginUrl(request);
        } else {
            loginUrl = SSOHelper.getRedirectLoginUrl(request, String.valueOf(request.getSession().getAttribute("SSOReferer")));
        }
        model.addAttribute("loginUrl", loginUrl);
        return model;
    }

    /**
     * 跨域登录后
     *
     * @param request
     * @param response
     */
    @RequestMapping(value = "/login/crossAfter")
    public ModelMap afterCrossLogin(HttpServletRequest request, HttpServletResponse response, String replyTxt) {
        if (!StringUtils.isEmpty(replyTxt)) {
            Object returnUrl = request.getSession().getAttribute(SSOConfig.SSOReferer);
            SSOConfig config = SSOHelper.getSSOService().getConfig();
            AuthToken token = SSOHelper.ok(request, response, replyTxt, config.getClientPublicKey(), config.getCenterPublicKey());
            if (token != null) {
                SSOToken tk = new SSOToken();
                tk.setUid(token.getUid());
                tk.setTime(token.getTime());
                tk.setData(token.getData());
                SSOHelper.setSSOCookie(request, response, tk, true);
                UserAccount user = getUserByToken(tk);
                if (user != null) {
                    request.getSession().setAttribute("user", user);
                    User u = userService.findOne(user.getUserUU());
                    SystemSession.setUser(u);
                }
                // returnUrl有时候为null，然后生成URL的时候会出现undefined
                return new ModelMap("returnUrl", returnUrl==null?"":returnUrl);
            }
        }
        return null;
    }

    private UserAccount getUserByToken(SSOToken token) {
        UserAccount authedUser = null;
        if (token.getData() != null) {
            authedUser = FastjsonUtils.fromJson(token.getData(), UserAccount.class);
        }
        return authedUser;
    }

    /**
     * 获取跨域登录的参数
     *
     * @param request
     * @param response
     * @return
     * @throws IOException
     */
    @RequestMapping(value = "/logout/crossBefore")
    public ModelMap getCrossLogoutData(HttpServletRequest request, HttpServletResponse response) throws IOException {
        ModelMap model = new ModelMap();
        SSOConfig config = SSOHelper.getSSOService().getConfig();
        model.addAttribute("askUrl", config.getCrossAskOutUrl());
        model.addAttribute("returnUrl", String.valueOf(request.getSession().getAttribute(SSOConfig.SSOReferer)));
        // 登录情况下，登出地址
        Object logoutUrl = null;
        boolean cross = SSOHelper.isCrossDomain(request);
        if (cross) {
            logoutUrl = SSOHelper.getRedirectRefererLogoutUrl(request);
        } else {
            logoutUrl = SSOHelper.getRedirectLogoutUrl(request, String.valueOf(request.getSession().getAttribute("SSOReferer")));
        }
        model.addAttribute("logoutUrl", logoutUrl);
        return model;
    }

}