use of com.ctrip.infosec.sso.client.principal.Assertion in project x-pipe by ctripcorp.
the class CtripSSOFilter method getAssertionIncache.
private Assertion getAssertionIncache(HttpServletRequest request) {
Cookie[] cookies = request.getCookies();
if (cookies == null) {
return null;
}
String memCacheAssertionID = null;
String cookieName = generateCookieName(request.getContextPath());
for (Cookie cookie : cookies) {
if (cookie.getName().equalsIgnoreCase(cookieName)) {
memCacheAssertionID = cookie.getValue();
break;
}
}
Assertion assertionInCache = null;
try {
CloseableHttpResponse response = httpClient.execute(new HttpGet(casServerUrlPrefix + "/client/principal?principalId=" + memCacheAssertionID + "&callback=" + serverName));
String result = EntityUtils.toString(response.getEntity(), "utf-8");
JSONObject jsonObject = JSON.parseObject(result);
if (jsonObject.getJSONObject("result") != null) {
Map user = jsonObject.getJSONObject("result");
assertionInCache = new AssertionImpl(new AttributePrincipalImpl((String) user.get("name"), user));
}
} catch (Exception e) {
logger.error(e.getMessage());
}
return assertionInCache;
}
use of com.ctrip.infosec.sso.client.principal.Assertion in project x-pipe by ctripcorp.
the class CtripSSOFilter method doFilter.
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
final HttpServletRequest request = (HttpServletRequest) servletRequest;
final HttpServletResponse response = (HttpServletResponse) servletResponse;
if (!checkStopSsoContinue(request, servletResponse)) {
return;
}
if (!this.needFilter(request)) {
filterChain.doFilter(request, response);
return;
}
/**
* 这一部风是sso认证逻辑
*/
Assertion assertion = null;
if (!isCluster) {
final HttpSession session = request.getSession(false);
assertion = session != null ? (Assertion) session.getAttribute(CONST_CAS_ASSERTION) : null;
} else {
assertion = getAssertionIncache(request);
}
if (assertion != null) {
AssertionHolder.setAssertion(assertion);
filterChain.doFilter(request, response);
return;
}
final String serviceUrl = constructServiceUrl(request, response);
final String ticket = CommonUtils.safeGetParameter(request, getArtifactParameterName());
if (CommonUtils.isNotBlank(ticket)) {
validTicket(ticket, request, response);
if (this.redirectAfterValidation) {
logger.debug("Redirecting after successful ticket validation.");
response.sendRedirect(constructServiceUrl(request, response));
return;
}
} else {
final String urlToRedirectTo = CommonUtils.constructRedirectUrl(this.casServerLoginUrl, getServiceParameterName(), serviceUrl);
if (logger.isDebugEnabled()) {
logger.debug("redirecting to \"" + urlToRedirectTo + "\"");
}
response.sendRedirect(urlToRedirectTo);
}
}
use of com.ctrip.infosec.sso.client.principal.Assertion in project x-pipe by ctripcorp.
the class CtripSSOFilter method validTicket.
private void validTicket(String ticket, final HttpServletRequest request, final HttpServletResponse response) throws ServletException {
if (logger.isDebugEnabled()) {
logger.debug("Attempting to validate ticket: " + ticket);
}
try {
final Assertion assertion = this.validator.validate(ticket, constructServiceUrl(request, response));
if (logger.isDebugEnabled()) {
logger.debug("Successfully authenticated user: " + assertion.getPrincipal().getName());
}
AssertionHolder.setAssertion(assertion);
if (this.isCluster) {
/**
* 用户认证信息写 sso server端接口
*/
AttributePrincipal principal = assertion.getPrincipal();
String uuid = getUUID(principal);
// 设置编码
try {
HttpPost httppost = new HttpPost(casServerUrlPrefix + "/client/principal");
Map<String, Object> map = new HashMap<>();
map.put("id", uuid);
map.put("principal", JSON.toJSONString(principal.getAttributes()));
map.put("expire", EXPIRE_TIME_ASSERTION);
StringEntity entity = new StringEntity(JSON.toJSONString(map), "UTF-8");
entity.setContentEncoding("UTF-8");
entity.setContentType("application/json");
httppost.setEntity(entity);
CloseableHttpResponse httpResponse = httpClient.execute(httppost);
String result = EntityUtils.toString(httpResponse.getEntity(), "UTF-8");
JSONObject jsonObject = JSON.parseObject(result);
if ((Integer) jsonObject.get("code") == 0) {
Cookie cookie = new Cookie(generateCookieName(request.getContextPath()), uuid);
cookie.setMaxAge(EXPIRE_TIME_ASSERTION);
cookie.setPath(StringUtils.isNotBlank(request.getContextPath()) ? request.getContextPath() : "/");
response.addCookie(cookie);
}
} catch (Exception e) {
logger.error(e.getMessage());
}
} else {
/**
* 用户认证信息写session
*/
request.setAttribute(CONST_CAS_ASSERTION, assertion);
request.getSession().setAttribute(CONST_CAS_ASSERTION, assertion);
}
} catch (final TicketValidationException e) {
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
logger.warn(e.getMessage(), e);
if (this.exceptionOnValidationFailure) {
throw new ServletException(e);
}
} catch (Exception e) {
throw new ServletException(e);
}
}
use of com.ctrip.infosec.sso.client.principal.Assertion in project x-pipe by ctripcorp.
the class CtripUserInfoHolder method getUser.
@Override
public UserInfo getUser() {
try {
Assertion assertion = AssertionHolder.getAssertion();
if (assertion != null) {
AttributePrincipal principal = assertion.getPrincipal();
String userId = principal.getName();
UserInfo userInfo = new CtripUserInfo();
userInfo.setUserId(userId);
return userInfo;
}
} catch (Exception e) {
throw new RuntimeException("get user info from assertion holder error", e);
}
return CtripUserInfo.noBody();
}
Aggregations