|
|
@@ -9,12 +9,14 @@ import com.uas.platform.b2b.service.RoleService;
|
|
|
import com.uas.platform.b2b.service.SigninLogService;
|
|
|
import com.uas.platform.b2b.service.UserService;
|
|
|
import com.uas.platform.b2b.support.SecurityConstant;
|
|
|
+import com.uas.platform.b2b.support.SysConf;
|
|
|
import com.uas.platform.b2b.support.SystemSession;
|
|
|
import com.uas.platform.b2b.support.UserCreater;
|
|
|
import com.uas.platform.core.model.Constant;
|
|
|
import com.uas.platform.core.util.AgentUtils;
|
|
|
import com.uas.platform.core.util.encry.Md5Utils;
|
|
|
import com.uas.platform.core.util.serializer.FlexJsonUtils;
|
|
|
+import com.uas.sso.SSOConfig;
|
|
|
import com.uas.sso.SSOHelper;
|
|
|
import com.uas.sso.SSOToken;
|
|
|
import com.uas.sso.entity.UserAccount;
|
|
|
@@ -34,6 +36,7 @@ import org.springframework.security.core.GrantedAuthority;
|
|
|
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
|
|
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
|
|
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
|
|
+import org.springframework.ui.ModelMap;
|
|
|
import org.springframework.util.StringUtils;
|
|
|
|
|
|
import javax.servlet.http.HttpServletRequest;
|
|
|
@@ -68,6 +71,9 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
|
|
|
|
|
|
private final DeviceResolver deviceResolver = new LiteDeviceResolver();
|
|
|
|
|
|
+ @Autowired
|
|
|
+ private SysConf conf;
|
|
|
+
|
|
|
/**
|
|
|
* 手机号正则表达式
|
|
|
*/
|
|
|
@@ -137,7 +143,7 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
|
|
|
protected boolean onAuthenticateFailed(HttpServletRequest request, HttpServletResponse response) {
|
|
|
StringBuffer url = request.getRequestURL();
|
|
|
String ip = AgentUtils.getIp(request);
|
|
|
- logger.info("time: " + System.currentTimeMillis() + "; url: " + url + "ip: " + ip);
|
|
|
+ logger.info("onAuthenticateFailed, time: " + System.currentTimeMillis() + "; url: " + url + ", ip: " + ip);
|
|
|
SystemSession.clear();
|
|
|
User user = (User) request.getSession().getAttribute("user");
|
|
|
logger.info("user: " + user != null ? JSON.toJSON(user) : "error");
|
|
|
@@ -169,16 +175,40 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
|
|
|
return true;
|
|
|
}
|
|
|
setResponseAuthorized(response, user, false);
|
|
|
+ if (!isRedirectAble(request)) {
|
|
|
+ try {
|
|
|
+ printJson(response, new ModelMap("loginUrl", getLoginPage(request, response)));
|
|
|
+ } catch (IOException e) {
|
|
|
+ e.printStackTrace();
|
|
|
+ }
|
|
|
+ }
|
|
|
return false;
|
|
|
}
|
|
|
}
|
|
|
|
|
|
/**
|
|
|
- * 输出json格式
|
|
|
+ * 获取登录地址
|
|
|
*
|
|
|
- * @param obj
|
|
|
+ * @param request
|
|
|
+ * @param response
|
|
|
+ * @return
|
|
|
* @throws IOException
|
|
|
*/
|
|
|
+ private String getLoginPage(HttpServletRequest request, HttpServletResponse response) throws IOException {
|
|
|
+ // 引用页面
|
|
|
+ String refererSymbol = "Referer";
|
|
|
+ request.getSession().setAttribute(SSOConfig.SSOReferer, request.getHeader(refererSymbol));
|
|
|
+ SSOHelper.clearLogin(request, response);
|
|
|
+ String redirectUrl = (SSOHelper.getRedirectLoginUrl(request, conf.getB2b() + request.getRequestURI()));;
|
|
|
+ return redirectUrl;
|
|
|
+ }
|
|
|
+
|
|
|
+ /**
|
|
|
+ * 输出json格式
|
|
|
+ *
|
|
|
+ * @param obj 对象
|
|
|
+ * @throws IOException IO异常
|
|
|
+ */
|
|
|
protected void printJson(HttpServletResponse response, Object obj) throws IOException {
|
|
|
response.addHeader("Content-Type", "application/json; charset=UTF-8");
|
|
|
PrintWriter printWriter = response.getWriter();
|
|
|
@@ -201,6 +231,7 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
|
|
|
String authorizedValue = authorized ? HttpStatus.OK.name() : HttpStatus.UNAUTHORIZED.name();
|
|
|
response.setHeader("authorized", authorizedValue);
|
|
|
}
|
|
|
+ logger.info("setResponseAuthorized, user: " + (null != user ? JSON.toJSONString(user) : "error"));
|
|
|
logger.info("status: " + status);
|
|
|
}
|
|
|
|
|
|
@@ -214,7 +245,7 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
|
|
|
protected void onAuthenticateSuccess(HttpServletRequest request, HttpServletResponse response) {
|
|
|
StringBuffer url = request.getRequestURL();
|
|
|
String ip = AgentUtils.getIp(request);
|
|
|
- logger.info("time: " + System.currentTimeMillis() + "; url: " + url + "ip: " + ip);
|
|
|
+ logger.info("onAuthenticateSuccess, time: " + System.currentTimeMillis() + "; url: " + url + ", ip: " + ip);
|
|
|
User user = (User) request.getSession().getAttribute("user");
|
|
|
SSOToken token = SSOHelper.attrToken(request);
|
|
|
// cookie变化的情况下,session可能还未变化
|
hejq