Search in sources :

Example 1 with AttributePrincipal

use of com.ctrip.infosec.sso.client.principal.AttributePrincipal in project x-pipe by ctripcorp.

the class CtripSSOFilter method validTicket.

private void validTicket(String ticket, final HttpServletRequest request, final HttpServletResponse response) throws ServletException {
    if (logger.isDebugEnabled()) {
        logger.debug("Attempting to validate ticket: " + ticket);
    }
    try {
        final Assertion assertion = this.validator.validate(ticket, constructServiceUrl(request, response));
        if (logger.isDebugEnabled()) {
            logger.debug("Successfully authenticated user: " + assertion.getPrincipal().getName());
        }
        AssertionHolder.setAssertion(assertion);
        if (this.isCluster) {
            /**
             * 用户认证信息写 sso server端接口
             */
            AttributePrincipal principal = assertion.getPrincipal();
            String uuid = getUUID(principal);
            // 设置编码
            try {
                HttpPost httppost = new HttpPost(casServerUrlPrefix + "/client/principal");
                Map<String, Object> map = new HashMap<>();
                map.put("id", uuid);
                map.put("principal", JSON.toJSONString(principal.getAttributes()));
                map.put("expire", EXPIRE_TIME_ASSERTION);
                StringEntity entity = new StringEntity(JSON.toJSONString(map), "UTF-8");
                entity.setContentEncoding("UTF-8");
                entity.setContentType("application/json");
                httppost.setEntity(entity);
                CloseableHttpResponse httpResponse = httpClient.execute(httppost);
                String result = EntityUtils.toString(httpResponse.getEntity(), "UTF-8");
                JSONObject jsonObject = JSON.parseObject(result);
                if ((Integer) jsonObject.get("code") == 0) {
                    Cookie cookie = new Cookie(generateCookieName(request.getContextPath()), uuid);
                    cookie.setMaxAge(EXPIRE_TIME_ASSERTION);
                    cookie.setPath(StringUtils.isNotBlank(request.getContextPath()) ? request.getContextPath() : "/");
                    response.addCookie(cookie);
                }
            } catch (Exception e) {
                logger.error(e.getMessage());
            }
        } else {
            /**
             * 用户认证信息写session
             */
            request.setAttribute(CONST_CAS_ASSERTION, assertion);
            request.getSession().setAttribute(CONST_CAS_ASSERTION, assertion);
        }
    } catch (final TicketValidationException e) {
        response.setStatus(HttpServletResponse.SC_FORBIDDEN);
        logger.warn(e.getMessage(), e);
        if (this.exceptionOnValidationFailure) {
            throw new ServletException(e);
        }
    } catch (Exception e) {
        throw new ServletException(e);
    }
}
Also used : Cookie(javax.servlet.http.Cookie) HttpPost(org.apache.http.client.methods.HttpPost) Assertion(com.ctrip.infosec.sso.client.principal.Assertion) TicketValidationException(com.ctrip.infosec.sso.client.validate.TicketValidationException) IOException(java.io.IOException) StringEntity(org.apache.http.entity.StringEntity) JSONObject(com.alibaba.fastjson.JSONObject) CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse) JSONObject(com.alibaba.fastjson.JSONObject) AttributePrincipal(com.ctrip.infosec.sso.client.principal.AttributePrincipal) TicketValidationException(com.ctrip.infosec.sso.client.validate.TicketValidationException)

Example 2 with AttributePrincipal

use of com.ctrip.infosec.sso.client.principal.AttributePrincipal in project x-pipe by ctripcorp.

the class CtripUserInfoHolder method getUser.

@Override
public UserInfo getUser() {
    try {
        Assertion assertion = AssertionHolder.getAssertion();
        if (assertion != null) {
            AttributePrincipal principal = assertion.getPrincipal();
            String userId = principal.getName();
            UserInfo userInfo = new CtripUserInfo();
            userInfo.setUserId(userId);
            return userInfo;
        }
    } catch (Exception e) {
        throw new RuntimeException("get user info from assertion holder error", e);
    }
    return CtripUserInfo.noBody();
}
Also used : Assertion(com.ctrip.infosec.sso.client.principal.Assertion) UserInfo(com.ctrip.xpipe.api.sso.UserInfo) AttributePrincipal(com.ctrip.infosec.sso.client.principal.AttributePrincipal)

Aggregations

Assertion (com.ctrip.infosec.sso.client.principal.Assertion)2 AttributePrincipal (com.ctrip.infosec.sso.client.principal.AttributePrincipal)2 JSONObject (com.alibaba.fastjson.JSONObject)1 TicketValidationException (com.ctrip.infosec.sso.client.validate.TicketValidationException)1 UserInfo (com.ctrip.xpipe.api.sso.UserInfo)1 IOException (java.io.IOException)1 Cookie (javax.servlet.http.Cookie)1 CloseableHttpResponse (org.apache.http.client.methods.CloseableHttpResponse)1 HttpPost (org.apache.http.client.methods.HttpPost)1 StringEntity (org.apache.http.entity.StringEntity)1