Example 1 with TicketValidationException
use of com.ctrip.infosec.sso.client.validate.TicketValidationException in project x-pipe by ctripcorp.
the class CtripSSOFilter method validTicket.
private void validTicket(String ticket, final HttpServletRequest request, final HttpServletResponse response) throws ServletException {
if (logger.isDebugEnabled()) {
logger.debug("Attempting to validate ticket: " + ticket);
}
try {
final Assertion assertion = this.validator.validate(ticket, constructServiceUrl(request, response));
if (logger.isDebugEnabled()) {
logger.debug("Successfully authenticated user: " + assertion.getPrincipal().getName());
}
AssertionHolder.setAssertion(assertion);
if (this.isCluster) {
/**
* 用户认证信息写 sso server端接口
*/
AttributePrincipal principal = assertion.getPrincipal();
String uuid = getUUID(principal);
// 设置编码
try {
HttpPost httppost = new HttpPost(casServerUrlPrefix + "/client/principal");
Map<String, Object> map = new HashMap<>();
map.put("id", uuid);
map.put("principal", JSON.toJSONString(principal.getAttributes()));
map.put("expire", EXPIRE_TIME_ASSERTION);
StringEntity entity = new StringEntity(JSON.toJSONString(map), "UTF-8");
entity.setContentEncoding("UTF-8");
entity.setContentType("application/json");
httppost.setEntity(entity);
CloseableHttpResponse httpResponse = httpClient.execute(httppost);
String result = EntityUtils.toString(httpResponse.getEntity(), "UTF-8");
JSONObject jsonObject = JSON.parseObject(result);
if ((Integer) jsonObject.get("code") == 0) {
Cookie cookie = new Cookie(generateCookieName(request.getContextPath()), uuid);
cookie.setMaxAge(EXPIRE_TIME_ASSERTION);
cookie.setPath(StringUtils.isNotBlank(request.getContextPath()) ? request.getContextPath() : "/");
response.addCookie(cookie);
}
} catch (Exception e) {
logger.error(e.getMessage());
}
} else {
/**
* 用户认证信息写session
*/
request.setAttribute(CONST_CAS_ASSERTION, assertion);
request.getSession().setAttribute(CONST_CAS_ASSERTION, assertion);
}
} catch (final TicketValidationException e) {
response.setStatus(HttpServletResponse.SC_FORBIDDEN);
logger.warn(e.getMessage(), e);
if (this.exceptionOnValidationFailure) {
throw new ServletException(e);
}
} catch (Exception e) {
throw new ServletException(e);
}
}
Also used :
Cookie(javax.servlet.http.Cookie)
HttpPost(org.apache.http.client.methods.HttpPost)
Assertion(com.ctrip.infosec.sso.client.principal.Assertion)
TicketValidationException(com.ctrip.infosec.sso.client.validate.TicketValidationException)
IOException(java.io.IOException)
StringEntity(org.apache.http.entity.StringEntity)
JSONObject(com.alibaba.fastjson.JSONObject)
CloseableHttpResponse(org.apache.http.client.methods.CloseableHttpResponse)
JSONObject(com.alibaba.fastjson.JSONObject)
AttributePrincipal(com.ctrip.infosec.sso.client.principal.AttributePrincipal)
TicketValidationException(com.ctrip.infosec.sso.client.validate.TicketValidationException)
Aggregations
JSONObject (com.alibaba.fastjson.JSONObject)1
Assertion (com.ctrip.infosec.sso.client.principal.Assertion)1
AttributePrincipal (com.ctrip.infosec.sso.client.principal.AttributePrincipal)1
TicketValidationException (com.ctrip.infosec.sso.client.validate.TicketValidationException)1
IOException (java.io.IOException)1
Cookie (javax.servlet.http.Cookie)1
CloseableHttpResponse (org.apache.http.client.methods.CloseableHttpResponse)1
HttpPost (org.apache.http.client.methods.HttpPost)1
StringEntity (org.apache.http.entity.StringEntity)1
