切换登录

git-svn-id: svn+ssh://10.10.101.21/source/platform/platform-b2b@5785 f3bf4e98-0cf0-11e4-a00c-a99a8b9d557d

src/main/java/com/uas/platform/b2b/controller/SecurityController.java

@@ -6,31 +6,213 @@ import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import javax.servlet.http.HttpSession;
 
+import org.apache.commons.lang3.StringUtils;
+import org.apache.log4j.Logger;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.HttpStatus;
+import org.springframework.mobile.device.Device;
+import org.springframework.mobile.device.DeviceResolver;
+import org.springframework.mobile.device.LiteDeviceResolver;
+import org.springframework.mobile.device.site.SitePreference;
 import org.springframework.ui.ModelMap;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RequestMethod;
+import org.springframework.web.bind.annotation.ResponseBody;
 import org.springframework.web.bind.annotation.ResponseStatus;
 import org.springframework.web.bind.annotation.RestController;
 
+import com.uas.platform.b2b.model.Enterprise;
+import com.uas.platform.b2b.model.SigninLog;
+import com.uas.platform.b2b.model.User;
+import com.uas.platform.b2b.service.SigninLogService;
+import com.uas.platform.b2b.service.UserService;
 import com.uas.platform.b2b.support.SystemSession;
+import com.uas.platform.core.util.AgentUtils;
+import com.uas.platform.core.util.serializer.FlexJsonUtils;
+import com.uas.sso.AuthToken;
+import com.uas.sso.SSOConfig;
 import com.uas.sso.SSOHelper;
+import com.uas.sso.SSOToken;
 
 @RestController
 public class SecurityController {
 
+	private static final Logger logger = Logger.getLogger(SecurityController.class);
+
+	@Autowired
+	private UserService userService;
+	@Autowired
+	private SigninLogService signinLogService;
+	private final DeviceResolver deviceResolver = new LiteDeviceResolver();
+
 	@RequestMapping(value = "/logout", method = RequestMethod.GET, headers = "Accept=application/json")
 	@ResponseStatus(value = HttpStatus.OK)
-	public void logout(HttpServletRequest request, HttpServletResponse response, HttpSession session) {
+	@ResponseBody
+	public ModelMap logout(HttpServletRequest request, HttpServletResponse response, HttpSession session) throws IOException {
 		session.invalidate();
 		SSOHelper.clearLogin(request, response);
 		SystemSession.clear();
+		String returnUrl = request.getHeader("Referer");
+		boolean cross = SSOHelper.isCrossDomain(request);
+		if (cross) {
+			request.getSession().setAttribute("SSOReferer", returnUrl);
+			// 跨域情况，需要再次询问账户中心
+			returnUrl = "/logout/proxy";
+		}
+		return new ModelMap("content", returnUrl);
 	}
 
+	/**
+	 * 获取跳转登录的url
+	 * 
+	 * @param request
+	 * @param response
+	 * @return
+	 * @throws IOException
+	 */
 	@RequestMapping(value = "/login/page")
+	@ResponseBody
 	public ModelMap signin(HttpServletRequest request, HttpServletResponse response) throws IOException {
+		request.getSession().setAttribute("SSOReferer", request.getHeader("Referer"));
 		SSOHelper.clearLogin(request, response);
-		return new ModelMap("content", SSOHelper.getRedirectRefererLoginUrl(request));
+		String redirectUrl = SSOHelper.getRedirectRefererLoginUrl(request);
+		boolean cross = SSOHelper.isCrossDomain(request);
+		if (cross) {
+			// 跨域代理界面
+			redirectUrl = "/login/proxy";
+		}
+		return new ModelMap("content", redirectUrl);
+	}
+
+	/**
+	 * 获取跨域登录的参数
+	 * 
+	 * @param request
+	 * @param response
+	 * @return
+	 * @throws IOException
+	 */
+	@RequestMapping(value = "/login/crossBefore")
+	@ResponseBody
+	public ModelMap getCrossLoginData(HttpServletRequest request, HttpServletResponse response) throws IOException {
+		ModelMap model = new ModelMap();
+		SSOConfig config = SSOHelper.getSSOService().getConfig();
+		// 业务系统私钥签名 authToken 自动设置临时会话 cookie 授权后自动销毁
+		AuthToken at = SSOHelper.askCiphertext(request, response, config.getClientPrivateKey());
+		// askUrl 询问 sso 是否登录地址
+		model.addAttribute("askUrl", config.getCrossAskUrl());
+		// askTxt 询问 token 密文
+		model.addAttribute("askData", at.encryptAuthToken());
+		// 未登录情况下，登录地址
+		Object loginUrl = null;
+		boolean cross = SSOHelper.isCrossDomain(request);
+		if (cross) {
+			loginUrl = SSOHelper.getRedirectRefererLoginUrl(request);
+		} else {
+			loginUrl = SSOHelper.getRedirectLoginUrl(request, String.valueOf(request.getSession().getAttribute("SSOReferer")));
+		}
+		model.addAttribute("loginUrl", loginUrl);
+		return model;
+	}
+
+	/**
+	 * 跨域登录后
+	 * 
+	 * @param request
+	 * @param response
+	 */
+	@RequestMapping(value = "/login/crossAfter")
+	@ResponseBody
+	public ModelMap afterCrossLogin(HttpServletRequest request, HttpServletResponse response, String replyTxt) {
+		if (!StringUtils.isEmpty(replyTxt)) {
+			Object returnUrl = request.getSession().getAttribute("SSOReferer");
+			SSOConfig config = SSOHelper.getSSOService().getConfig();
+			AuthToken token = SSOHelper.ok(request, response, replyTxt, config.getClientPublicKey(), config.getCenterPublicKey());
+			if (token != null) {
+				SSOToken tk = new SSOToken();
+				tk.setUid(token.getUid());
+				tk.setTime(token.getTime());
+				tk.setData(token.getData());
+				SSOHelper.setSSOCookie(request, response, tk, true);
+				User user = getUserByToken(tk);
+				if (user != null) {
+					user.setIp(AgentUtils.getIp(request));
+					request.getSession().setAttribute("user", user);
+					SystemSession.setUser(user);
+					log(request, user);
+				}
+				return new ModelMap("returnUrl", returnUrl);
+			}
+		}
+		return null;
+	}
+
+	/**
+	 * 获取跨域登录的参数
+	 * 
+	 * @param request
+	 * @param response
+	 * @return
+	 * @throws IOException
+	 */
+	@RequestMapping(value = "/logout/crossBefore")
+	@ResponseBody
+	public ModelMap getCrossLogoutData(HttpServletRequest request, HttpServletResponse response) throws IOException {
+		ModelMap model = new ModelMap();
+		SSOConfig config = SSOHelper.getSSOService().getConfig();
+		model.addAttribute("askUrl", config.getCrossAskOutUrl());
+		model.addAttribute("returnUrl", String.valueOf(request.getSession().getAttribute("SSOReferer")));
+		return model;
+	}
+
+	private User getUserByToken(SSOToken token) {
+		User authedUser = null;
+		if (token.getData() != null) {
+			com.uas.account.entity.User tokenUser = FlexJsonUtils.fromJson(token.getData(), com.uas.account.entity.User.class);
+			if (tokenUser.getUid() != null) {
+				// UID表示所有系统公认的唯一标识，这里统一使用手机号
+				authedUser = userService.findUserByUserTel(tokenUser.getUid());
+			} else if (tokenUser.getDialectUID() != null) {
+				// dialectUID表示client系统自己的唯一标识，比如user_uu，手机号没设置的情况下使用
+				authedUser = userService.findUserByUserUU(Long.parseLong(tokenUser.getDialectUID()));
+			} else {
+				logger.error(String.format("invalid user %s, please set uid or dialectUID", tokenUser.getName()));
+			}
+			if (authedUser != null && authedUser.getEnterprises() != null) {
+				// 企业资料在client系统自己的唯一标识，比如en_uu
+				if (tokenUser.getSpaceDialectUID() != null) {
+					authedUser.setCurrentEnterprise(Long.parseLong(tokenUser.getSpaceDialectUID()));
+				} else if (tokenUser.getSpaceUID() != null) {
+					for (Enterprise enterprise : authedUser.getEnterprises()) {
+						// 企业资料在所有系统公认的唯一标识，这里使用商业登记证号
+						if (tokenUser.getSpaceUID().equals(enterprise.getEnBussinessCode())) {
+							authedUser.setEnterprise(enterprise);
+							break;
+						}
+					}
+				}
+			}
+		}
+		return authedUser;
+	}
+
+	private void log(HttpServletRequest request, User user) {
+		// 记录登录日志
+		SitePreference preference = getDefaultSitePreferenceForDevice(this.deviceResolver.resolveDevice(request));
+		signinLogService.save(new SigninLog(user, preference, true));
+	}
+
+	private SitePreference getDefaultSitePreferenceForDevice(Device device) {
+		if (device == null) {
+			return null;
+		}
+		if (device.isMobile()) {
+			return SitePreference.MOBILE;
+		}
+		if (device.isTablet()) {
+			return SitePreference.TABLET;
+		}
+		return SitePreference.NORMAL;
 	}
 
 }

src/main/java/com/uas/platform/b2b/filter/SSOInterceptor.java

@@ -15,6 +15,7 @@ import javax.servlet.http.HttpServletResponse;
 import org.apache.commons.collections.CollectionUtils;
 import org.apache.log4j.Logger;
 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpStatus;
 import org.springframework.mobile.device.Device;
 import org.springframework.mobile.device.DeviceResolver;
 import org.springframework.mobile.device.LiteDeviceResolver;
@@ -37,6 +38,7 @@ import com.uas.platform.b2b.service.EnterpriseService;
 import com.uas.platform.b2b.service.RoleService;
 import com.uas.platform.b2b.service.SigninLogService;
 import com.uas.platform.b2b.service.UserService;
+import com.uas.platform.b2b.support.SecurityConstant;
 import com.uas.platform.b2b.support.SystemSession;
 import com.uas.platform.b2b.support.UserCreater;
 import com.uas.platform.core.model.Constant;
@@ -115,6 +117,10 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
 			accessDecision(request, user);
 			return true;
 		} else {
+			if (SecurityConstant.AUTHENTICATION_URL.equals(request.getRequestURI())) {
+				return true;
+			}
+			response.setStatus(HttpStatus.UNAUTHORIZED.value());
 			return false;
 		}
 	}

src/main/resources/dev/account.properties

@@ -1,11 +1,19 @@
 ### account center config, 
-account.us.save.url=https://account.ubtob.com/api/userspace
-account.user.save.url=https://account.ubtob.com/api/user
+account.us.save.url=http://113.105.74.135:8001/api/userspace
+account.user.save.url=http://113.105.74.135:8001/api/user
 
 ### sso config
 sso.app=b2b
 # token secretkey
 sso.secretkey=0taQcW073Z7G628g5H
-sso.cookie.domain=.ubtob.com
 sso.cookie.secure=false
-sso.login.url=https://account.ubtob.com/sso/login
+sso.login.url=http://113.105.74.135:8001/sso/login
+
+#cross domain
+sso.ask.url=http://113.105.74.135:8001/sso/login/ask
+sso.askout.url=http://113.105.74.135:8001/sso/logout/ask
+sso.proxy.uri=/login/proxy
+sso.authcookie.secretkey=Z318866alN6gA0piuO
+sso.client.private_key=MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAIquTH9rOygR1iyMzU1CSQDXG+lJpMQgWkRWMwO3lzS+UJ3GRq1yxxD8mPFZCuItMRxP4Mvu3nvxDvsJx8lfRXk4MGswROIBPcdBAnasphN7wS5mDvDe/VBIKv+fg4j4VEnak9VUAQhS1gDtp+ZmQpCc9/gz8vueF1ueIXspAoUhAgMBAAECgYBfMP8PY1KK0Zt6nvd5NauYqQ7elg9EFJUBXU3NGmLu8Eez1NrEygk8braoy57921lffrDmKsOKvc+zn2YEoqGzbHCOuYsTDBXFCGLkj8oPeHyrs02+XuJe9j2ejhq2N04oP/TMxerFeyWnHdRCNXECrthqhwTRmGitnj2/+FLVAQJBAM93HY/5HoFlfRv9zjFy72ft/ZC60jHERXwyumbFs8z/x8sHCY1GWfgGhm1ShE1bDWAPY3W9WCFsx6nOETsHajECQQCrH8Dl7IIIHJ5D0TDisFkePnYELxpmOGlPwPOQ7hyLAdW4aB1fVIpjsWmgGOyPvmhK+b99XeLUbwpxVU7AAB3xAkAJNxJCFd+sAbUH7EMfYSqPJDwSFKpHeZ9Yf+xVqkxtO6NFOl/LPae7Y5bO/k5QHU4/yQ8y6KEkgu9vdG7Bf3fRAkEAiDlX6vDytphpmN0PyHXQC9Z3Rm9k2ZjwpM+aVXZn/HSyeQFQ2JHJNQGHby5IK0nNZloYiSlTJ/9ZVc0uSoQNUQJBAJFix2tD7b0Zq82xpeGt81rhXsofuerq1x9WM5UyYILCKJMHZw5lt58snINVzA7JxV+l60dbIgJjmRYm0yxQIAY=
+sso.client.public_key=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCKrkx/azsoEdYsjM1NQkkA1xvpSaTEIFpEVjMDt5c0vlCdxkatcscQ/JjxWQriLTEcT+DL7t578Q77CcfJX0V5ODBrMETiAT3HQQJ2rKYTe8EuZg7w3v1QSCr/n4OI+FRJ2pPVVAEIUtYA7afmZkKQnPf4M/L7nhdbniF7KQKFIQIDAQAB
+sso.center.public_key=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL2g7CEfuPZtEDy7Iz5AL6iwbHZewWGUBYUWxKnFAwAW4lY8mMavn5Ke5mB25eKj5bvUsB48r8gWTvJNsKRGEw8CAwEAAQ==

src/main/resources/prod/account.properties

@@ -8,4 +8,13 @@ sso.app=b2b
 sso.secretkey=0taQcW073Z7G628g5H
 sso.cookie.domain=.ubtob.com
 sso.cookie.secure=false
-sso.login.url=https://account.ubtob.com/sso/login
+sso.login.url=https://account.ubtob.com/sso/login
+
+#cross domain
+sso.ask.url=https://account.ubtob.com/sso/login/ask
+sso.askout.url=https://account.ubtob.com/sso/logout/ask
+sso.proxy.uri=/login/proxy
+sso.authcookie.secretkey=Z318866alN6gA0piuO
+sso.client.private_key=MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAIquTH9rOygR1iyMzU1CSQDXG+lJpMQgWkRWMwO3lzS+UJ3GRq1yxxD8mPFZCuItMRxP4Mvu3nvxDvsJx8lfRXk4MGswROIBPcdBAnasphN7wS5mDvDe/VBIKv+fg4j4VEnak9VUAQhS1gDtp+ZmQpCc9/gz8vueF1ueIXspAoUhAgMBAAECgYBfMP8PY1KK0Zt6nvd5NauYqQ7elg9EFJUBXU3NGmLu8Eez1NrEygk8braoy57921lffrDmKsOKvc+zn2YEoqGzbHCOuYsTDBXFCGLkj8oPeHyrs02+XuJe9j2ejhq2N04oP/TMxerFeyWnHdRCNXECrthqhwTRmGitnj2/+FLVAQJBAM93HY/5HoFlfRv9zjFy72ft/ZC60jHERXwyumbFs8z/x8sHCY1GWfgGhm1ShE1bDWAPY3W9WCFsx6nOETsHajECQQCrH8Dl7IIIHJ5D0TDisFkePnYELxpmOGlPwPOQ7hyLAdW4aB1fVIpjsWmgGOyPvmhK+b99XeLUbwpxVU7AAB3xAkAJNxJCFd+sAbUH7EMfYSqPJDwSFKpHeZ9Yf+xVqkxtO6NFOl/LPae7Y5bO/k5QHU4/yQ8y6KEkgu9vdG7Bf3fRAkEAiDlX6vDytphpmN0PyHXQC9Z3Rm9k2ZjwpM+aVXZn/HSyeQFQ2JHJNQGHby5IK0nNZloYiSlTJ/9ZVc0uSoQNUQJBAJFix2tD7b0Zq82xpeGt81rhXsofuerq1x9WM5UyYILCKJMHZw5lt58snINVzA7JxV+l60dbIgJjmRYm0yxQIAY=
+sso.client.public_key=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCKrkx/azsoEdYsjM1NQkkA1xvpSaTEIFpEVjMDt5c0vlCdxkatcscQ/JjxWQriLTEcT+DL7t578Q77CcfJX0V5ODBrMETiAT3HQQJ2rKYTe8EuZg7w3v1QSCr/n4OI+FRJ2pPVVAEIUtYA7afmZkKQnPf4M/L7nhdbniF7KQKFIQIDAQAB
+sso.center.public_key=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL2g7CEfuPZtEDy7Iz5AL6iwbHZewWGUBYUWxKnFAwAW4lY8mMavn5Ke5mB25eKj5bvUsB48r8gWTvJNsKRGEw8CAwEAAQ==

src/main/resources/test/account.properties

@@ -1,11 +1,18 @@
 ### account center config, 
-account.us.save.url=https://account.ubtob.com/api/userspace
-account.user.save.url=https://account.ubtob.com/api/user
+account.us.save.url=http://113.105.74.135:8001/api/userspace
+account.user.save.url=http://113.105.74.135:8001/api/user
 
 ### sso config
 sso.app=b2b
 # token secretkey
 sso.secretkey=0taQcW073Z7G628g5H
-sso.cookie.domain=.ubtob.com
 sso.cookie.secure=false
-sso.login.url=https://account.ubtob.com/sso/login
+sso.login.url=http://113.105.74.135:8001/sso/login
+
+#cross domain
+sso.ask.url=http://113.105.74.135:8001/sso/login/ask
+sso.askout.url=http://113.105.74.135:8001/sso/logout/ask
+sso.authcookie.secretkey=Z318866alN6gA0piuO
+sso.client.private_key=MIICdwIBADANBgkqhkiG9w0BAQEFAASCAmEwggJdAgEAAoGBAIquTH9rOygR1iyMzU1CSQDXG+lJpMQgWkRWMwO3lzS+UJ3GRq1yxxD8mPFZCuItMRxP4Mvu3nvxDvsJx8lfRXk4MGswROIBPcdBAnasphN7wS5mDvDe/VBIKv+fg4j4VEnak9VUAQhS1gDtp+ZmQpCc9/gz8vueF1ueIXspAoUhAgMBAAECgYBfMP8PY1KK0Zt6nvd5NauYqQ7elg9EFJUBXU3NGmLu8Eez1NrEygk8braoy57921lffrDmKsOKvc+zn2YEoqGzbHCOuYsTDBXFCGLkj8oPeHyrs02+XuJe9j2ejhq2N04oP/TMxerFeyWnHdRCNXECrthqhwTRmGitnj2/+FLVAQJBAM93HY/5HoFlfRv9zjFy72ft/ZC60jHERXwyumbFs8z/x8sHCY1GWfgGhm1ShE1bDWAPY3W9WCFsx6nOETsHajECQQCrH8Dl7IIIHJ5D0TDisFkePnYELxpmOGlPwPOQ7hyLAdW4aB1fVIpjsWmgGOyPvmhK+b99XeLUbwpxVU7AAB3xAkAJNxJCFd+sAbUH7EMfYSqPJDwSFKpHeZ9Yf+xVqkxtO6NFOl/LPae7Y5bO/k5QHU4/yQ8y6KEkgu9vdG7Bf3fRAkEAiDlX6vDytphpmN0PyHXQC9Z3Rm9k2ZjwpM+aVXZn/HSyeQFQ2JHJNQGHby5IK0nNZloYiSlTJ/9ZVc0uSoQNUQJBAJFix2tD7b0Zq82xpeGt81rhXsofuerq1x9WM5UyYILCKJMHZw5lt58snINVzA7JxV+l60dbIgJjmRYm0yxQIAY=
+sso.client.public_key=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCKrkx/azsoEdYsjM1NQkkA1xvpSaTEIFpEVjMDt5c0vlCdxkatcscQ/JjxWQriLTEcT+DL7t578Q77CcfJX0V5ODBrMETiAT3HQQJ2rKYTe8EuZg7w3v1QSCr/n4OI+FRJ2pPVVAEIUtYA7afmZkKQnPf4M/L7nhdbniF7KQKFIQIDAQAB
+sso.center.public_key=MFwwDQYJKoZIhvcNAQEBBQADSwAwSAJBAL2g7CEfuPZtEDy7Iz5AL6iwbHZewWGUBYUWxKnFAwAW4lY8mMavn5Ke5mB25eKj5bvUsB48r8gWTvJNsKRGEw8CAwEAAQ==

src/main/webapp/WEB-INF/spring/webmvc.xml

@@ -54,20 +54,26 @@
 	<mvc:view-controller path="/changeAdmin" view-name="/changeAdmin" />
 	<mvc:view-controller path="/public/app" view-name="client" />
 	<mvc:view-controller path="/authen" view-name="authen" />
+	<mvc:view-controller path="/login/proxy" view-name="proxyLogin" />
+	<mvc:view-controller path="/logout/proxy"
+		view-name="proxyLogout" />
 	<mvc:interceptors>
 		<!-- SSO过滤 -->
 		<mvc:interceptor>
 			<mvc:mapping path="/**"></mvc:mapping>
-			<mvc:exclude-mapping path="/**/static/**"/>
-			<mvc:mapping path="/login/**"></mvc:mapping>
-			<mvc:exclude-mapping path="/file/**"/>
-			<mvc:exclude-mapping path="/public/**"/>
-			<mvc:exclude-mapping path="/erp/**"/>
-			<mvc:exclude-mapping path="/manage/**"/>
-			<mvc:exclude-mapping path="/openapi/**"/>
-			<mvc:exclude-mapping path="/serve/**"/>
-			<mvc:exclude-mapping path="/changeAdmin/**"/>
-			<mvc:exclude-mapping path="/authen/**"/>
+			<mvc:exclude-mapping path="/WEB-INF/**" />
+			<mvc:exclude-mapping path="/**/static/**" />
+			<mvc:exclude-mapping path="/login/**" />
+			<mvc:exclude-mapping path="/logout/**" />
+			<mvc:exclude-mapping path="/file/**" />
+			<mvc:exclude-mapping path="/file/**" />
+			<mvc:exclude-mapping path="/public/**" />
+			<mvc:exclude-mapping path="/erp/**" />
+			<mvc:exclude-mapping path="/manage/**" />
+			<mvc:exclude-mapping path="/openapi/**" />
+			<mvc:exclude-mapping path="/serve/**" />
+			<mvc:exclude-mapping path="/changeAdmin/**" />
+			<mvc:exclude-mapping path="/authen/**" />
 			<bean class="com.uas.platform.b2b.filter.SSOInterceptor"></bean>
 		</mvc:interceptor>
 		<!-- 采用统一私钥签名、认证 -->

src/main/webapp/WEB-INF/views/normal/proxyLogin.html

@@ -0,0 +1,35 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<meta name="robots" content="none">
+<link type="image/x-icon" rel="shortcut icon" href="/static/favicon.ico" />
+<script type="text/javascript" src="/static/lib/jquery/jquery.min.js"></script>
+</head>
+<body>
+<script type="text/javascript">
+	function proxyLogin(askUrl, askData, loginUrl) {
+	    $.getJSON(askUrl + "?callback=?", {
+	    	askData: askData
+	    }, function(d){
+	    	if (d.error) {
+	    		// 跳转登录页面
+		    	window.location.href = loginUrl;
+	    	} else {
+	    		$.post('/login/crossAfter', {replyTxt: d.content} , function(e) {
+	    			// 已登录
+		    		window.location.href = e.returnUrl;
+			    }, "json");
+	    	}
+	    });
+	}
+	$.getJSON('/login/crossBefore', function(data){
+		proxyLogin(data.askUrl, data.askData, data.loginUrl);
+	});
+</script>
+<div align="center" style="margin-top: 180px;">
+	<img src="/static/img/all/loading.gif"> 
+	<p style="color: #888">正在加载中，请稍候……</p>
+</div>
+</body>
+</html>

src/main/webapp/WEB-INF/views/normal/proxyLogout.html

@@ -0,0 +1,25 @@
+<!DOCTYPE HTML>
+<html>
+<head>
+<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
+<meta name="robots" content="none">
+<link type="image/x-icon" rel="shortcut icon" href="/static/favicon.ico" />
+<script type="text/javascript" src="/static/lib/jquery/jquery.min.js"></script>
+</head>
+<body>
+<script type="text/javascript">
+	function proxyLogout(askUrl, retUrl) {
+	    $.getJSON(askUrl + "?callback=?", function(d){
+	    	window.location.href = retUrl;
+	    });
+	}
+	$.getJSON('/logout/crossBefore', function(data){
+		proxyLogout(data.askUrl, data.returnUrl);
+	});
+</script>
+<div align="center" style="margin-top: 180px;">
+	<img src="/static/img/all/loading.gif"> 
+	<p style="color: #888">正在加载中，请稍候……</p>
+</div>
+</body>
+</html>