Search in sources :

Example 1 with Assertion

use of com.ctrip.infosec.sso.client.principal.Assertion in project x-pipe by ctripcorp.

the class CtripSSOFilter method getAssertionIncache.

private Assertion getAssertionIncache(HttpServletRequest request) {
    Cookie[] cookies = request.getCookies();
    if (cookies == null) {
        return null;
    }
    String memCacheAssertionID = null;
    String cookieName = generateCookieName(request.getContextPath());
    for (Cookie cookie : cookies) {
        if (cookie.getName().equalsIgnoreCase(cookieName)) {
            memCacheAssertionID = cookie.getValue();
            break;
        }
    }
    Assertion assertionInCache = null;
    try {
        CloseableHttpResponse response = httpClient.execute(new HttpGet(casServerUrlPrefix + "/client/principal?principalId=" + memCacheAssertionID + "&callback=" + serverName));
        String result = EntityUtils.toString(response.getEntity(), "utf-8");
        JSONObject jsonObject = JSON.parseObject(result);
        if (jsonObject.getJSONObject("result") != null) {
            Map user = jsonObject.getJSONObject("result");
            assertionInCache = new AssertionImpl(new AttributePrincipalImpl((String) user.get("name"), user));
        }
    } catch (Exception e) {
        logger.error(e.getMessage());
    }
    return assertionInCache;
}
Also used : Cookie(javax.servlet.http.Cookie) AssertionImpl(com.ctrip.infosec.sso.client.principal.AssertionImpl) JSONObject(com.alibaba.fastjson.JSONObject) HttpGet(org.apache.http.client.methods.HttpGet) Assertion(com.ctrip.infosec.sso.client.principal.Assertion) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) AttributePrincipalImpl(com.ctrip.infosec.sso.client.principal.AttributePrincipalImpl) TicketValidationException(com.ctrip.infosec.sso.client.validate.TicketValidationException) IOException(java.io.IOException)

Example 2 with Assertion

use of com.ctrip.infosec.sso.client.principal.Assertion in project x-pipe by ctripcorp.

the class CtripSSOFilter method doFilter.

@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
    final HttpServletRequest request = (HttpServletRequest) servletRequest;
    final HttpServletResponse response = (HttpServletResponse) servletResponse;
    if (!checkStopSsoContinue(request, servletResponse)) {
        return;
    }
    if (!this.needFilter(request)) {
        filterChain.doFilter(request, response);
        return;
    }
    /**
     * 这一部风是sso认证逻辑
     */
    Assertion assertion = null;
    if (!isCluster) {
        final HttpSession session = request.getSession(false);
        assertion = session != null ? (Assertion) session.getAttribute(CONST_CAS_ASSERTION) : null;
    } else {
        assertion = getAssertionIncache(request);
    }
    if (assertion != null) {
        AssertionHolder.setAssertion(assertion);
        filterChain.doFilter(request, response);
        return;
    }
    final String serviceUrl = constructServiceUrl(request, response);
    final String ticket = CommonUtils.safeGetParameter(request, getArtifactParameterName());
    if (CommonUtils.isNotBlank(ticket)) {
        validTicket(ticket, request, response);
        if (this.redirectAfterValidation) {
            logger.debug("Redirecting after successful ticket validation.");
            response.sendRedirect(constructServiceUrl(request, response));
            return;
        }
    } else {
        final String urlToRedirectTo = CommonUtils.constructRedirectUrl(this.casServerLoginUrl, getServiceParameterName(), serviceUrl);
        if (logger.isDebugEnabled()) {
            logger.debug("redirecting to \"" + urlToRedirectTo + "\"");
        }
        response.sendRedirect(urlToRedirectTo);
    }
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) HttpSession(javax.servlet.http.HttpSession) Assertion(com.ctrip.infosec.sso.client.principal.Assertion) HttpServletResponse(javax.servlet.http.HttpServletResponse)

Example 3 with Assertion

use of com.ctrip.infosec.sso.client.principal.Assertion in project x-pipe by ctripcorp.

the class CtripSSOFilter method validTicket.

private void validTicket(String ticket, final HttpServletRequest request, final HttpServletResponse response) throws ServletException {
    if (logger.isDebugEnabled()) {
        logger.debug("Attempting to validate ticket: " + ticket);
    }
    try {
        final Assertion assertion = this.validator.validate(ticket, constructServiceUrl(request, response));
        if (logger.isDebugEnabled()) {
            logger.debug("Successfully authenticated user: " + assertion.getPrincipal().getName());
        }
        AssertionHolder.setAssertion(assertion);
        if (this.isCluster) {
            /**
             * 用户认证信息写 sso server端接口
             */
            AttributePrincipal principal = assertion.getPrincipal();
            String uuid = getUUID(principal);
            // 设置编码
            try {
                HttpPost httppost = new HttpPost(casServerUrlPrefix + "/client/principal");
                Map<String, Object> map = new HashMap<>();
                map.put("id", uuid);
                map.put("principal", JSON.toJSONString(principal.getAttributes()));
                map.put("expire", EXPIRE_TIME_ASSERTION);
                StringEntity entity = new StringEntity(JSON.toJSONString(map), "UTF-8");
                entity.setContentEncoding("UTF-8");
                entity.setContentType("application/json");
                httppost.setEntity(entity);
                CloseableHttpResponse httpResponse = httpClient.execute(httppost);
                String result = EntityUtils.toString(httpResponse.getEntity(), "UTF-8");
                JSONObject jsonObject = JSON.parseObject(result);
                if ((Integer) jsonObject.get("code") == 0) {
                    Cookie cookie = new Cookie(generateCookieName(request.getContextPath()), uuid);
                    cookie.setMaxAge(EXPIRE_TIME_ASSERTION);
                    cookie.setPath(StringUtils.isNotBlank(request.getContextPath()) ? request.getContextPath() : "/");
                    response.addCookie(cookie);
                }
            } catch (Exception e) {
                logger.error(e.getMessage());
            }
        } else {
            /**
             * 用户认证信息写session
             */
            request.setAttribute(CONST_CAS_ASSERTION, assertion);
            request.getSession().setAttribute(CONST_CAS_ASSERTION, assertion);
        }
    } catch (final TicketValidationException e) {
        response.setStatus(HttpServletResponse.SC_FORBIDDEN);
        logger.warn(e.getMessage(), e);
        if (this.exceptionOnValidationFailure) {
            throw new ServletException(e);
        }
    } catch (Exception e) {
        throw new ServletException(e);
    }
}
Also used : Cookie(javax.servlet.http.Cookie) HttpPost(org.apache.http.client.methods.HttpPost) Assertion(com.ctrip.infosec.sso.client.principal.Assertion) TicketValidationException(com.ctrip.infosec.sso.client.validate.TicketValidationException) IOException(java.io.IOException) StringEntity(org.apache.http.entity.StringEntity) JSONObject(com.alibaba.fastjson.JSONObject) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) JSONObject(com.alibaba.fastjson.JSONObject) AttributePrincipal(com.ctrip.infosec.sso.client.principal.AttributePrincipal) TicketValidationException(com.ctrip.infosec.sso.client.validate.TicketValidationException)

Example 4 with Assertion

use of com.ctrip.infosec.sso.client.principal.Assertion in project x-pipe by ctripcorp.

the class CtripUserInfoHolder method getUser.

@Override
public UserInfo getUser() {
    try {
        Assertion assertion = AssertionHolder.getAssertion();
        if (assertion != null) {
            AttributePrincipal principal = assertion.getPrincipal();
            String userId = principal.getName();
            UserInfo userInfo = new CtripUserInfo();
            userInfo.setUserId(userId);
            return userInfo;
        }
    } catch (Exception e) {
        throw new RuntimeException("get user info from assertion holder error", e);
    }
    return CtripUserInfo.noBody();
}
Also used : Assertion(com.ctrip.infosec.sso.client.principal.Assertion) UserInfo(com.ctrip.xpipe.api.sso.UserInfo) AttributePrincipal(com.ctrip.infosec.sso.client.principal.AttributePrincipal)

Aggregations

Assertion (com.ctrip.infosec.sso.client.principal.Assertion)4 JSONObject (com.alibaba.fastjson.JSONObject)2 AttributePrincipal (com.ctrip.infosec.sso.client.principal.AttributePrincipal)2 TicketValidationException (com.ctrip.infosec.sso.client.validate.TicketValidationException)2 IOException (java.io.IOException)2 Cookie (javax.servlet.http.Cookie)2 CloseableHttpResponse (org.apache.http.client.methods.CloseableHttpResponse)2 AssertionImpl (com.ctrip.infosec.sso.client.principal.AssertionImpl)1 AttributePrincipalImpl (com.ctrip.infosec.sso.client.principal.AttributePrincipalImpl)1 UserInfo (com.ctrip.xpipe.api.sso.UserInfo)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 HttpServletResponse (javax.servlet.http.HttpServletResponse)1 HttpSession (javax.servlet.http.HttpSession)1 HttpGet (org.apache.http.client.methods.HttpGet)1 HttpPost (org.apache.http.client.methods.HttpPost)1 StringEntity (org.apache.http.entity.StringEntity)1