切换登录

git-svn-id: svn+ssh://10.10.101.21/source/platform/platform-b2b@5777 f3bf4e98-0cf0-11e4-a00c-a99a8b9d557d

src/main/java/com/uas/platform/b2b/controller/AuthenticationController.java

@@ -3,7 +3,6 @@ package com.uas.platform.b2b.controller;
 import javax.servlet.http.HttpSession;
 
 import org.springframework.http.HttpStatus;
-import org.springframework.security.core.Authentication;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
@@ -22,8 +21,8 @@ public class AuthenticationController {
 	@RequestMapping(method = RequestMethod.GET, headers = "Accept=application/json")
 	@ResponseBody
 	@ResponseStatus(value = HttpStatus.OK)
-	public UserInfo getAuthentication(Authentication authentication, HttpSession session) {
-		if (authentication == null) {
+	public UserInfo getAuthentication(HttpSession session) {
+		if (SystemSession.getUser() == null) {
 			return null;
 		}
 		return new UserInfo(SystemSession.getUser());

src/main/java/com/uas/platform/b2b/controller/SecurityController.java

@@ -0,0 +1,36 @@
+package com.uas.platform.b2b.controller;
+
+import java.io.IOException;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.ui.ModelMap;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.ResponseStatus;
+import org.springframework.web.bind.annotation.RestController;
+
+import com.uas.platform.b2b.support.SystemSession;
+import com.uas.sso.SSOHelper;
+
+@RestController
+public class SecurityController {
+
+	@RequestMapping(value = "/logout", method = RequestMethod.GET, headers = "Accept=application/json")
+	@ResponseStatus(value = HttpStatus.OK)
+	public void logout(HttpServletRequest request, HttpServletResponse response, HttpSession session) {
+		session.invalidate();
+		SSOHelper.clearLogin(request, response);
+		SystemSession.clear();
+	}
+
+	@RequestMapping(value = "/signin")
+	public ModelMap signin(HttpServletRequest request, HttpServletResponse response) throws IOException {
+		SSOHelper.clearLogin(request, response);
+		return new ModelMap("content", SSOHelper.getRedirectRefererLoginUrl(request));
+	}
+
+}

src/main/java/com/uas/platform/b2b/filter/SSOInterceptor.java

@@ -0,0 +1,295 @@
+package com.uas.platform.b2b.filter;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.HashMap;
+import java.util.HashSet;
+import java.util.Iterator;
+import java.util.List;
+import java.util.Map;
+import java.util.Set;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.apache.commons.collections.CollectionUtils;
+import org.apache.log4j.Logger;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.mobile.device.Device;
+import org.springframework.mobile.device.DeviceResolver;
+import org.springframework.mobile.device.LiteDeviceResolver;
+import org.springframework.mobile.device.site.SitePreference;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.access.SecurityConfig;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
+
+import com.uas.platform.b2b.dao.ResourceItemDao;
+import com.uas.platform.b2b.manage.service.AccessTokenService;
+import com.uas.platform.b2b.model.Enterprise;
+import com.uas.platform.b2b.model.ResourceItem;
+import com.uas.platform.b2b.model.Role;
+import com.uas.platform.b2b.model.SigninLog;
+import com.uas.platform.b2b.model.User;
+import com.uas.platform.b2b.service.EnterpriseService;
+import com.uas.platform.b2b.service.RoleService;
+import com.uas.platform.b2b.service.SigninLogService;
+import com.uas.platform.b2b.service.UserService;
+import com.uas.platform.b2b.support.SystemSession;
+import com.uas.platform.b2b.support.UserCreater;
+import com.uas.platform.core.model.Constant;
+import com.uas.platform.core.util.AgentUtils;
+import com.uas.platform.core.util.serializer.FlexJsonUtils;
+import com.uas.sso.SSOHelper;
+import com.uas.sso.SSOToken;
+import com.uas.sso.web.spring.AbstractSSOInterceptor;
+
+public class SSOInterceptor extends AbstractSSOInterceptor {
+
+	private static final Logger logger = Logger.getLogger(SSOInterceptor.class);
+
+	@Autowired
+	private UserService userService;
+	@Autowired
+	private ResourceItemDao resourceItemDao;
+	@Autowired
+	private AccessTokenService accessTokenService;
+	@Autowired
+	private EnterpriseService enterpriseService;
+	@Autowired
+	private RoleService roleService;
+	@Autowired
+	private SigninLogService signinLogService;
+
+	private final DeviceResolver deviceResolver = new LiteDeviceResolver();
+
+	private HashMap<String, Collection<ConfigAttribute>> resourceMap;
+	private HashMap<Long, Collection<GrantedAuthority>> authorities;
+
+	private User getUserByToken(SSOToken token) {
+		User authedUser = null;
+		if (token.getData() != null) {
+			com.uas.account.entity.User tokenUser = FlexJsonUtils.fromJson(token.getData(), com.uas.account.entity.User.class);
+			if (tokenUser.getUid() != null) {
+				// UID表示所有系统公认的唯一标识，这里统一使用手机号
+				authedUser = userService.findUserByUserTel(tokenUser.getUid());
+			} else if (tokenUser.getDialectUID() != null) {
+				// dialectUID表示client系统自己的唯一标识，比如user_uu，手机号没设置的情况下使用
+				authedUser = userService.findUserByUserUU(Long.parseLong(tokenUser.getDialectUID()));
+			} else {
+				logger.error(String.format("invalid user %s, please set uid or dialectUID", tokenUser.getName()));
+			}
+			if (authedUser != null && authedUser.getEnterprises() != null) {
+				// 企业资料在client系统自己的唯一标识，比如en_uu
+				if (tokenUser.getSpaceDialectUID() != null) {
+					authedUser.setCurrentEnterprise(Long.parseLong(tokenUser.getSpaceDialectUID()));
+				} else if (tokenUser.getSpaceUID() != null) {
+					for (Enterprise enterprise : authedUser.getEnterprises()) {
+						// 企业资料在所有系统公认的唯一标识，这里使用商业登记证号
+						if (tokenUser.getSpaceUID().equals(enterprise.getEnBussinessCode())) {
+							authedUser.setEnterprise(enterprise);
+							break;
+						}
+					}
+				}
+			}
+		}
+		return authedUser;
+	}
+
+	@Override
+	protected boolean onAuthenticateFailed(HttpServletRequest request, HttpServletResponse response) {
+		User user = (User) request.getSession().getAttribute("user");
+		if (user == null) {
+			user = getUserByAccessToken(request);
+			if (user != null) {
+				user.setIp(AgentUtils.getIp(request));
+				request.getSession().setAttribute("user", user);
+				setGrantedAuthorities(user);
+			}
+		}
+		if (user != null) {
+			SystemSession.setUser(user);
+			accessDecision(request, user);
+			return true;
+		} else {
+			return false;
+		}
+	}
+
+	@Override
+	protected void onAuthenticateSuccess(HttpServletRequest request, HttpServletResponse response) {
+		User user = (User) request.getSession().getAttribute("user");
+		if (user == null) {
+			SSOToken token = SSOHelper.attrToken(request);
+			user = getUserByToken(token);
+			if (user != null) {
+				user.setIp(AgentUtils.getIp(request));
+				request.getSession().setAttribute("user", user);
+				setGrantedAuthorities(user);
+				log(request, user);
+			}
+		}
+		if (user != null) {
+			SystemSession.setUser(user);
+			accessDecision(request, user);
+		}
+	}
+
+	/**
+	 * 权限验证
+	 */
+	private void accessDecision(HttpServletRequest request, User user) {
+		Collection<ConfigAttribute> configAttributes = getAttributes(request);
+		if (null == configAttributes || configAttributes.size() == 0 || user.isSys()) {
+			return;
+		}
+		Iterator<ConfigAttribute> iterator = configAttributes.iterator();
+		String needPermission = null;
+		Collection<GrantedAuthority> userAuthorities = authorities.get(user.getUserUU());
+		while (iterator.hasNext()) {
+			ConfigAttribute configAttribute = iterator.next();
+			needPermission = configAttribute.getAttribute();
+			if (userAuthorities != null) {
+				for (GrantedAuthority ga : userAuthorities) {
+					if (needPermission.equals(ga.getAuthority())) {
+						return;
+					}
+				}
+			}
+		}
+		if (needPermission != null)
+			throw new AccessDeniedException("无法访问，没有 " + needPermission + " 权限！");
+	}
+
+	@Override
+	public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
+		super.afterCompletion(request, response, handler, ex);
+		SystemSession.clear();
+	}
+
+	/**
+	 * 加载资源，初始化资源变量
+	 * 
+	 */
+	private void loadResourceDefine() {
+		if (resourceMap == null) {
+			resourceMap = new HashMap<String, Collection<ConfigAttribute>>();
+			List<ResourceItem> resources = resourceItemDao.findAll();
+			for (ResourceItem resource : resources) {
+				Collection<ConfigAttribute> configAttributes = new ArrayList<ConfigAttribute>();
+				ConfigAttribute configAttribute = new SecurityConfig(resource.getName());
+				configAttributes.add(configAttribute);
+				resourceMap.put(resource.getMethod() + ":" + resource.getUrl(), configAttributes);
+			}
+		}
+	}
+
+	/**
+	 * 根据路径获取访问权限的集合接口
+	 * 
+	 * @param object
+	 * @return
+	 * @throws IllegalArgumentException
+	 */
+	public Collection<ConfigAttribute> getAttributes(HttpServletRequest request) throws IllegalArgumentException {
+		if (resourceMap == null)
+			loadResourceDefine();
+
+		for (Iterator<String> iter = resourceMap.keySet().iterator(); iter.hasNext();) {
+			String resourceKey = iter.next();
+			String[] resourceParam = resourceKey.split(":");
+			String resourceMethod = resourceParam[0];
+			String resourceUrl = resourceParam[1];
+			AntPathRequestMatcher matcher = new AntPathRequestMatcher(resourceUrl);
+			if (null != resourceUrl && request.getMethod().equals(resourceMethod) && matcher.matches(request)) {
+				return resourceMap.get(resourceKey);
+			}
+		}
+		return null;
+	}
+
+	private void setGrantedAuthorities(User user) {
+		Set<GrantedAuthority> authSet = new HashSet<GrantedAuthority>();
+		Set<Role> roles = user.getRoles();
+		if (!CollectionUtils.isEmpty(roles)) {
+			for (Role role : roles) {
+				if (role.isSys()) {// 超级账号
+					user.setIssys(Constant.YES);
+					break;
+				}
+				Set<ResourceItem> resourceItems = role.getResourceItems();
+				if (!CollectionUtils.isEmpty(resourceItems)) {
+					for (ResourceItem res : resourceItems) {
+						authSet.add(new SimpleGrantedAuthority(res.getName()));
+					}
+				}
+			}
+		}
+		if (authorities == null) {
+			authorities = new HashMap<Long, Collection<GrantedAuthority>>();
+		}
+		authorities.put(user.getUserUU(), authSet);
+	}
+
+	private final static String tokenParam = "access_token";
+	private final static String typeParam = "client_type";
+
+	/**
+	 * access_token验证登录
+	 * 
+	 * @param request
+	 */
+	private User getUserByAccessToken(HttpServletRequest request) {
+		String token = request.getParameter(tokenParam);
+		// 发现有采用access_token方式
+		if (token != null) {
+			Object sUser = request.getSession().getAttribute("user");
+			User user = null;
+			if (sUser != null) {
+				// session里面原先存在user信息，接下来要判断此user是否与token绑定的user信息一致
+				// 一致则跳过，无需再次验证；不一致则替换
+				user = (User) sUser;
+			}
+			String type = request.getParameter(typeParam);
+			if ("manage".equals(type)) {
+				if (user != null && UserCreater.isVirtual(user))
+					return user;
+				Map<String, Object> data = accessTokenService.validFormManage(token);
+				if (data.containsKey("user") && data.containsKey("bind")) {
+					long enUU = Long.parseLong(data.get("bind").toString());
+					Enterprise enterprise = enterpriseService.findById(enUU);
+					if (enterprise != null) {
+						List<Role> roles = roleService.findByEnterprise(enUU);
+						// 虚拟用户
+						user = UserCreater.createVirtual(String.valueOf(data.get("user")), enterprise, roles);
+						return user;
+					}
+				}
+			}
+		}
+		return null;
+	}
+
+	private void log(HttpServletRequest request, User user) {
+		// 记录登录日志
+		SitePreference preference = getDefaultSitePreferenceForDevice(this.deviceResolver.resolveDevice(request));
+		signinLogService.save(new SigninLog(user, preference, true));
+	}
+
+	private SitePreference getDefaultSitePreferenceForDevice(Device device) {
+		if (device == null) {
+			return null;
+		}
+		if (device.isMobile()) {
+			return SitePreference.MOBILE;
+		}
+		if (device.isTablet()) {
+			return SitePreference.TABLET;
+		}
+		return SitePreference.NORMAL;
+	}
+
+}

src/main/java/com/uas/platform/b2b/filter/SecurityInterceptor.java

@@ -59,11 +59,13 @@ import com.uas.platform.core.util.AgentUtils;
 import com.uas.platform.core.util.encry.Md5Utils;
 
 /**
- * 
+ * @date 2016年8月31日上午10:55:13
+ *       <p>
+ *       切换到单点登录
+ *       </p>
  * @author yingp
- * @version 1.0
- * 
  */
+@Deprecated
 public class SecurityInterceptor extends AbstractSecurityInterceptor implements Filter {
 
 	private FilterInvocationSecurityMetadataSource securityMetadataSource;

src/main/java/com/uas/platform/b2b/support/AsyncService.java

@@ -1,34 +0,0 @@
-package com.uas.platform.b2b.support;
-
-/**
- * 异步服务接口
- * 
- * @author yingp
- *
- */
-public interface AsyncService {
-	/**
-	 * 异步操作
-	 *
-	 * @param cacheKey
-	 * @throws Exception
-	 */
-	void doAsync(String cacheKey) throws Exception;
-
-	/**
-	 * 获取执行进度信息
-	 *
-	 * @param cacheKey
-	 * @return
-	 * @throws Exception
-	 */
-	Object getProcess(String cacheKey) throws Exception;
-
-	/**
-	 * 执行完成后
-	 *
-	 * @param cacheKey
-	 * @throws Exception
-	 */
-	void afterCompletion(String cacheKey) throws Exception;
-}

src/main/java/com/uas/platform/b2b/support/CustomAuthenticationFailureHandler.java

@@ -10,10 +10,19 @@ import javax.servlet.http.HttpServletResponse;
 import org.springframework.security.core.AuthenticationException;
 import org.springframework.security.web.authentication.SimpleUrlAuthenticationFailureHandler;
 
+/**
+ * @date 2016年8月31日上午10:55:13
+ *       <p>
+ *       切换到单点登录
+ *       </p>
+ * @author yingp
+ *
+ */
+@Deprecated
 public class CustomAuthenticationFailureHandler extends SimpleUrlAuthenticationFailureHandler {
 	@Override
-	public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response,
-			AuthenticationException exception) throws IOException, ServletException {
+	public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception)
+			throws IOException, ServletException {
 		response.setHeader("Content-Type", "application/text;charset=UTF-8");
 		response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
 		PrintWriter printWriter = response.getWriter();

src/main/java/com/uas/platform/b2b/support/CustomAuthenticationSuccessHandler.java

@@ -36,6 +36,15 @@ import com.uas.platform.core.model.Constant;
 import com.uas.platform.core.util.AgentUtils;
 import com.uas.platform.core.util.serializer.FlexJsonUtils;
 
+/**
+ * @date 2016年8月31日上午10:55:13
+ *       <p>
+ *       切换到单点登录
+ *       </p>
+ * @author yingp
+ *
+ */
+@Deprecated
 public class CustomAuthenticationSuccessHandler extends SimpleUrlAuthenticationSuccessHandler {
 
 	@Autowired

src/main/java/com/uas/platform/b2b/support/CustomLogoutSuccessHandler.java

@@ -10,6 +10,16 @@ import org.springframework.security.core.Authentication;
 import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
 import org.springframework.security.web.authentication.logout.SimpleUrlLogoutSuccessHandler;
 
+/**
+ * 
+ * @since 2016年8月31日上午10:55:13
+ *        <p>
+ *        切换到单点登录
+ *        </p>
+ * @author yingp
+ *
+ */
+@Deprecated
 public class CustomLogoutSuccessHandler extends SimpleUrlLogoutSuccessHandler implements LogoutSuccessHandler {
 	@Override
 	public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication)

src/main/java/com/uas/platform/b2b/support/CustomUserDetailsService.java

@@ -20,13 +20,16 @@ import com.uas.platform.b2b.service.UserService;
 import com.uas.platform.core.model.Constant;
 
 /**
- * 
  * 获得用户验证信息
  * 
  * @author yingp
- * @version 1.0
  * 
+ * @since 2016年8月31日上午10:55:13
+ *        <p>
+ *        切换到单点登录
+ *        </p>
  */
+@Deprecated
 public class CustomUserDetailsService implements UserDetailsService {
 
 	private ThreadLocal<User> currentUser = new ThreadLocal<User>();

src/main/resources/dev/account.properties

@@ -0,0 +1,11 @@
+### account center config, 
+account.us.save.url=https://account.ubtob.com/api/userspace
+account.user.save.url=https://account.ubtob.com/api/user
+
+### sso config
+sso.app=b2b
+# token secretkey
+sso.secretkey=0taQcW073Z7G628g5H
+sso.cookie.domain=.ubtob.com
+sso.cookie.secure=false
+sso.login.url=https://account.ubtob.com/sso/login

src/main/resources/prod/account.properties

@@ -0,0 +1,11 @@
+### account center config, 
+account.us.save.url=https://account.ubtob.com/api/userspace
+account.user.save.url=https://account.ubtob.com/api/user
+
+### sso config
+sso.app=b2b
+# token secretkey
+sso.secretkey=0taQcW073Z7G628g5H
+sso.cookie.domain=.ubtob.com
+sso.cookie.secure=false
+sso.login.url=https://account.ubtob.com/sso/login

src/main/resources/spring/context.xml

@@ -218,4 +218,8 @@
 		class="org.springframework.web.multipart.commons.CommonsMultipartResolver">
 		<property name="defaultEncoding" value="utf-8"></property>
 	</bean>
+	<!-- 账户中心配置-->
+	<bean id="accountConfigurer" class="com.uas.account.web.AccountConfigurer" init-method="init">
+		<property name="configPath" value="classpath:${profile}/account.properties"/>
+	</bean>
 </beans>

src/main/resources/test/account.properties

@@ -0,0 +1,11 @@
+### account center config, 
+account.us.save.url=https://account.ubtob.com/api/userspace
+account.user.save.url=https://account.ubtob.com/api/user
+
+### sso config
+sso.app=b2b
+# token secretkey
+sso.secretkey=0taQcW073Z7G628g5H
+sso.cookie.domain=.ubtob.com
+sso.cookie.secure=false
+sso.login.url=https://account.ubtob.com/sso/login

src/main/webapp/WEB-INF/spring/webmvc.xml

@@ -48,16 +48,27 @@
 	</bean>
 
 	<mvc:view-controller path="/" view-name="index" />
-	<mvc:view-controller path="/signin" view-name="signin" />
-	<mvc:view-controller path="/signup" view-name="signup" />
 	<mvc:view-controller path="/storage" view-name="storage" />
 	<mvc:view-controller path="/public" view-name="public" />
 	<mvc:view-controller path="/serve" view-name="serve" />
 	<mvc:view-controller path="/changeAdmin" view-name="/changeAdmin" />
 	<mvc:view-controller path="/public/app" view-name="client" />
 	<mvc:view-controller path="/authen" view-name="authen" />
-
 	<mvc:interceptors>
+		<!-- SSO过滤 -->
+		<mvc:interceptor>
+			<mvc:mapping path="/**"></mvc:mapping>
+			<mvc:exclude-mapping path="/**/static/**"/>
+			<mvc:exclude-mapping path="/file/**"/>
+			<mvc:exclude-mapping path="/public/**"/>
+			<mvc:exclude-mapping path="/erp/**"/>
+			<mvc:exclude-mapping path="/manage/**"/>
+			<mvc:exclude-mapping path="/openapi/**"/>
+			<mvc:exclude-mapping path="/serve/**"/>
+			<mvc:exclude-mapping path="/changeAdmin/**"/>
+			<mvc:exclude-mapping path="/authen/**"/>
+			<bean class="com.uas.platform.b2b.filter.SSOInterceptor"></bean>
+		</mvc:interceptor>
 		<!-- 采用统一私钥签名、认证 -->
 		<mvc:interceptor>
 			<mvc:mapping path="/manage/user"></mvc:mapping>

src/main/webapp/WEB-INF/web.xml

@@ -29,7 +29,8 @@
 
 	<filter>
 		<filter-name>CharacterEncodingFilter</filter-name>
-		<filter-class>org.springframework.web.filter.CharacterEncodingFilter</filter-class>
+		<filter-class>org.springframework.web.filter.CharacterEncodingFilter
+		</filter-class>
 		<async-supported>true</async-supported>
 		<init-param>
 			<param-name>encoding</param-name>
@@ -43,7 +44,8 @@
 
 	<filter>
 		<filter-name>HttpMethodFilter</filter-name>
-		<filter-class>org.springframework.web.filter.HiddenHttpMethodFilter</filter-class>
+		<filter-class>org.springframework.web.filter.HiddenHttpMethodFilter
+		</filter-class>
 		<async-supported>true</async-supported>
 	</filter>
 	<filter-mapping>
@@ -58,14 +60,17 @@
 
 	<!-- Creates the Spring Container shared by all Servlets and Filters -->
 	<listener>
-		<listener-class>org.springframework.web.util.Log4jConfigListener</listener-class>
-		<listener-class>org.springframework.web.context.ContextLoaderListener</listener-class>
+		<listener-class>org.springframework.web.util.Log4jConfigListener
+		</listener-class>
+		<listener-class>org.springframework.web.context.ContextLoaderListener
+		</listener-class>
 	</listener>
 
 	<!-- Handles Spring requests -->
 	<servlet>
 		<servlet-name>spring-mvc-dispatcher</servlet-name>
-		<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
+		<servlet-class>org.springframework.web.servlet.DispatcherServlet
+		</servlet-class>
 		<init-param>
 			<param-name>contextConfigLocation</param-name>
 			<param-value>WEB-INF/spring/webmvc.xml</param-value>
@@ -81,7 +86,8 @@
 	<!-- Spring localization -->
 	<filter>
 		<filter-name>localizationFilter</filter-name>
-		<filter-class>org.springframework.web.filter.RequestContextFilter</filter-class>
+		<filter-class>org.springframework.web.filter.RequestContextFilter
+		</filter-class>
 		<async-supported>true</async-supported>
 	</filter>
 
@@ -90,20 +96,22 @@
 		<url-pattern>/*</url-pattern>
 	</filter-mapping>
 	<!-- Spring Secutiry -->
-	<filter>
+	<!-- <filter>
 		<filter-name>springSecurityFilterChain</filter-name>
-		<filter-class>org.springframework.web.filter.DelegatingFilterProxy</filter-class>
+		<filter-class>org.springframework.web.filter.DelegatingFilterProxy
+		</filter-class>
 		<async-supported>true</async-supported>
 	</filter>
 
 	<filter-mapping>
 		<filter-name>springSecurityFilterChain</filter-name>
 		<url-pattern>/*</url-pattern>
-	</filter-mapping>
+	</filter-mapping> -->
 	<!-- spring mobile -->
 	<filter>
 		<filter-name>deviceResolverRequestFilter</filter-name>
-		<filter-class>org.springframework.mobile.device.DeviceResolverRequestFilter</filter-class>
+		<filter-class>org.springframework.mobile.device.DeviceResolverRequestFilter
+		</filter-class>
 		<async-supported>true</async-supported>
 	</filter>
 
@@ -111,11 +119,12 @@
 		<filter-name>deviceResolverRequestFilter</filter-name>
 		<url-pattern>/*</url-pattern>
 	</filter-mapping>
-	
+
 	<!-- CORS 跨域 -->
 	<filter>
 		<filter-name>cors</filter-name>
-		<filter-class>com.uas.platform.b2b.filter.SimpleCORSFilter</filter-class>
+		<filter-class>com.uas.platform.b2b.filter.SimpleCORSFilter
+		</filter-class>
 	</filter>
 	<filter-mapping>
 		<filter-name>cors</filter-name>

src/main/webapp/resources/js/common/services.js

@@ -102,7 +102,7 @@ define(['angular', 'toaster'], function(angular) {
             root: function() {
                 return rootPath;
             },
-            login: function(user) {
+            /*login: function(user) {
                 var payload = SerializerUtil.param(user);
                 var config = {
                     headers: {
@@ -112,12 +112,23 @@ define(['angular', 'toaster'], function(angular) {
                 var login = $http.post(rootPath + "/j_spring_security_check", payload, config);
                 login.success(cacheSession);
                 return login;
-            },
+            },*/
             logout: function() {
-                var logout = $http.get(rootPath + "/j_spring_security_logout");
+                var logout = $http.get(rootPath + "/logout");
                 logout.success(uncacheSession);
                 return logout;
             },
+            redirectSignin: function() {
+            	$http.get(rootPath + '/signin').success(function(data) {
+                    if (data.content) {
+                    	window.location.href = data.content;
+                    } else {
+                        toaster.pop('error', '系统错误');
+                    }
+                }).error(function() {
+                    toaster.pop('error', '系统错误');
+                });
+            },
             isAuthed: function() {
                 return SessionService.get('authenticated');
             },

src/main/webapp/resources/js/index/app.js

@@ -12,7 +12,7 @@ define([ 'toaster', 'charts', 'ngTable', 'common/services', 'service/Purc', 'ser
 	    var httpInterceptor = {
 	        'responseError': function(response) {
 	            if (response.status == 401) {// UNAUTHORIZED
-	            	$window.location.href = BaseService.getRootPath() + "/signin";
+	            	AuthenticationService.redirectSignin();
 	                return $q.reject(response);
 	            }
 	            return $q.reject(response);
@@ -516,7 +516,7 @@ define([ 'toaster', 'charts', 'ngTable', 'common/services', 'service/Purc', 'ser
 			$scope.userInfo = data;
 			if (data == null || !data.userUU) {
 				$scope.isAuthed = false;
-				$window.location.href = BaseService.getRootPath() + "/signin";
+				AuthenticationService.redirectSignin();
 			} else {
 				//跳转到手机号码验证
 //				checkTel($scope.userInfo);
@@ -524,7 +524,7 @@ define([ 'toaster', 'charts', 'ngTable', 'common/services', 'service/Purc', 'ser
 	});
 		$scope.logout = function() {
 			AuthenticationService.logout().success(function() {
-				$window.location.href = BaseService.getRootPath() + "/signin";
+				AuthenticationService.redirectSignin();
 			});
 		};
 		$scope.switchto = function(enUU) {// 切换企业

src/main/webapp/resources/js/serve/app.js

@@ -620,7 +620,7 @@ define([ 'toaster', 'ngTable', 'common/services', 'ui.router', 'ui.bootstrap', '
 			}
 			//未登录
 			else{
-				window.location.href = "signin#/account/user";
+				AuthenticationService.redirectSignin();
 			}
 		}
 	}]);
@@ -645,7 +645,7 @@ define([ 'toaster', 'ngTable', 'common/services', 'ui.router', 'ui.bootstrap', '
 			}
 			//未登录
 			else{
-				window.location.href="signin#/account/enterprise";
+				AuthenticationService.redirectSignin();
 			}
 		}
 	}]);