项目集成单点登录
1、web.xml集成单点
<?xml version="1.0" encoding="UTF-8"?>
<web-appversion="2.5"xmlns="http://java.sun.com/xml/ns/javaee"xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
xsi:schemaLocation="http://java.sun.com/xml/ns/javaee http://java.sun.com/xml/ns/javaee/web-app_2_5.xsd">
<display-name>smartcity base Application</display-name>
<description>smartcity base web</description>
<context-param>
<param-name>casServerLogoutUrl</param-name>
<param-value>http://192.168.21.46:8080/cas/logout</param-value>
</context-param>
<listener>
<listener-class>org.jasig.cas.client.session.SingleSignOutHttpSessionListener</listener-class>
</listener>
<filter>
<filter-name>CAS Single Sign Out Filter</filter-name>
<filter-class>org.jasig.cas.client.session.SingleSignOutFilter</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Single Sign Out Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!-- CAS 客户端配置 这个filter负责对请求进行登录验证拦截,-->
<filter>
<filter-name>CAS Authentication Filter</filter-name>
<filter-class>
cn.com.bmsoft.smartcity.survey.filter.AuthenticationFilterWithExcludeUrl
</filter-class>
<!-- CAS验证服务器地址,有域名填写域名 -->
<init-param>
<param-name>casServerLoginUrl</param-name>
<param-value>
http://192.168.21.46:8080/cas
</param-value>
</init-param>
<init-param>
<param-name>renew</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>gateway</param-name>
<param-value>false</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:8080</param-value>
</init-param>
<init-param>
<description>排除路径</description>
<param-name>excludePaths</param-name>
<param-value>/management/questionnaire/*,/management/stat/*,/account/*,/resources/*</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Authentication Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--负责Ticket校验 这个filter负责对请求参数ticket进行验证(ticket参数是负责子系统与CAS进行验证交互的凭证)-->
<filter>
<filter-name>CAS Validation Filter</filter-name>
<filter-class>
org.jasig.cas.client.validation.Cas20ProxyReceivingTicketValidationFilter
</filter-class>
<init-param>
<param-name>casServerUrlPrefix</param-name>
<param-value>http://192.168.21.46:8080/cas/</param-value>
</init-param>
<init-param>
<param-name>serverName</param-name>
<param-value>http://localhost:8080</param-value>
</init-param>
<init-param>
<param-name>useSession</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>redirectAfterValidation</param-name>
<param-value>true</param-value>
</init-param>
<init-param>
<param-name>encoding</param-name>
<param-value>UTF-8</param-value>
</init-param>
</filter>
<filter-mapping>
<filter-name>CAS Validation Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<filter-class>
org.jasig.cas.client.util.HttpServletRequestWrapperFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS HttpServletRequest Wrapper Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<filter>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<filter-class>
org.jasig.cas.client.util.AssertionThreadLocalFilter
</filter-class>
</filter>
<filter-mapping>
<filter-name>CAS Assertion Thread Local Filter</filter-name>
<url-pattern>/*</url-pattern>
</filter-mapping>
<!--<filter-mapping>-->
<!--<filter-name>login</filter-name>-->
<!--<url-pattern>/*</url-pattern>-->
<!--</filter-mapping>-->
<listener>
<listener-class>
org.springframework.web.context.request.RequestContextListener
</listener-class>
</listener>
<!--<filter>-->
<!--<filter-name>login</filter-name>-->
<!--<filter-class>cn.com.bmsoft.smartcity.common.LoginFilter</filter-class>-->
<!--<init-param>-->
<!--<param-name>loginUrl</param-name>-->
<!--<!–下面是未登录跳转和超时跳转代理页面–>-->
<!--<param-value>/account/login</param-value>-->
<!--</init-param>-->
<!--</filter>-->
<!--<filter-mapping>-->
<!--<filter-name>login</filter-name>-->
<!--<url-pattern>/*</url-pattern>-->
<!--</filter-mapping>-->
<servlet>
<servlet-name>smartcity springMvc </servlet-name>
<servlet-class>org.springframework.web.servlet.DispatcherServlet</servlet-class>
<init-param>
<param-name>contextConfigLocation</param-name>
<param-value>classpath*:servlet-context.xml,classpath*:spring-mybatis.xml,classpath*:spring-rbac.xml</param-value>
</init-param>
<load-on-startup>1</load-on-startup>
</servlet>
<servlet-mapping>
<servlet-name>smartcity springMvc</servlet-name>
<url-pattern>/</url-pattern>
</servlet-mapping>
<session-config>
<session-timeout>60</session-timeout>
</session-config>
<welcome-file-list>
<welcome-file>/</welcome-file>
</welcome-file-list>
</web-app>
2、权限和单点配置信息
sso.enable=true
rbac.enable=true
rbac.url=http://192.168.21.46:8080/
weixin.url=http://192.168.28.111:8181/
sso.casServerUrlPrefix = http://192.168.21.46:8080/cas/
sso.logoutUrl = ${sso.casServerUrlPrefix}logout
sso.client.serverName=http://localhost:8080
3、登录拦截filter,将单点系统存放在session中的用户信息拿到后做处理再添加系统所需用户信息在session中
publicfinalvoid doFilter(ServletRequest servletRequest,ServletResponse servletResponse,FilterChain filterChain)throwsIOException,ServletException{
HttpServletRequest request =(HttpServletRequest)servletRequest;
HttpServletResponse response =(HttpServletResponse)servletResponse;
HttpSession session = request.getSession(false);
Assertion assertion = session !=null?(Assertion)session.getAttribute("_const_cas_assertion_"):null;
if(assertion !=null){
String username = assertion.getPrincipal().getName();
IUserService userService =(IUserService)ServiceLocator.getService("userService");
Map<String,Object> queryParams =newHashMap<String,Object>();
queryParams.put("username",username);
List<User> users = userService.find(queryParams);
SessionUtil.set(request,SessionUtil.USER_SESSION_NAME,users.get(0));
filterChain.doFilter(request, response);
}else{
String serviceUrl =this.constructServiceUrl(request, response);
boolean isInWhiteList =false;
if(excludePaths!=null&& excludePaths.size()>0&& serviceUrl !=null){
for(String path : excludePaths){
if(CommonUtils.isNotBlank(path)){
isInWhiteList =StringUtil.isIn(path,serviceUrl);
if(isInWhiteList){
break;
}
}
}
}
String ticket =CommonUtils.safeGetParameter(request,this.getArtifactParameterName());
boolean wasGatewayed =this.gatewayStorage.hasGatewayedAlready(request, serviceUrl);
if(isInWhiteList){
filterChain.doFilter(request, response);
}elseif(!CommonUtils.isNotBlank(ticket)&&!wasGatewayed){
this.log.debug("no ticket and no assertion found");
String modifiedServiceUrl;
if(this.gateway){
this.log.debug("setting gateway attribute in session");
modifiedServiceUrl =this.gatewayStorage.storeGatewayInformation(request, serviceUrl);
}else{
modifiedServiceUrl = serviceUrl;
}
if(this.log.isDebugEnabled()){
this.log.debug("Constructed service url: "+ modifiedServiceUrl);
}
String urlToRedirectTo =CommonUtils.constructRedirectUrl(this.casServerLoginUrl,this.getServiceParameterName(), modifiedServiceUrl,this.renew,this.gateway);
if(this.log.isDebugEnabled()){
this.log.debug("redirecting to ""+ urlToRedirectTo +""");
}
response.sendRedirect(urlToRedirectTo);
}else{
filterChain.doFilter(request, response);
}
}
}
4、修改我们的首页控制器,获取session中的用户信息,处理存放到变量集合
package cn.com.bmsoft.smartcity.common.controller;
import cn.com.bmsoft.smartcity.common.IContextService;
import cn.com.bmsoft.smartcity.common.TreeModel;
import cn.com.bmsoft.smartcity.common.domain.User;
import cn.com.bmsoft.smartcity.common.util.SessionUtil;
import com.bmsoft.jasig.cas.client.util.CASClientUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.ResponseBody;
import org.springframework.web.servlet.ModelAndView;
import javax.servlet.http.HttpServletRequest;
import java.util.HashMap;
import java.util.Map;
@Controller("home")
publicclassHomeController{
@Autowired
privateIContextService contextService;
@RequestMapping(value={"","/home/index","/home"})
publicModelAndView home(HttpServletRequest request){
Map<String,String> map=newHashMap<String,String>();
User user =(User)SessionUtil.get(request,SessionUtil.USER_SESSION_NAME);
map.put("userName", user.getName());
returnnewModelAndView("home/index",map);
}
@ResponseBody
@RequestMapping(value ={"/home/menu"}, method =RequestMethod.GET)
publicTreeModel getMenu(HttpServletRequest request){
User user =(User)SessionUtil.get(request,SessionUtil.USER_SESSION_NAME);
returnthis.contextService.getMenu(user.getUsername());
}
}
5、退出控制器,退出按钮方法修改
package cn.com.bmsoft.smartcity.common.controller;
import cn.com.bmsoft.smartcity.common.util.SessionUtil;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.servlet.ModelAndView;
import org.springframework.web.servlet.view.RedirectView;
import javax.servlet.http.HttpServletRequest;
/**
* Created by Administrator on 2016/4/18.
*/
@Controller
@RequestMapping(value ="/accounts")
publicclassLogoutController{
@Value("${sso.logoutUrl}")
privateString logoutUrl;
@Value("${sso.client.serverName}")
privateString serverName;
// @RequestMapping("/logout")
// public ModelAndView logout(ModelAndView view, HttpServletRequest request) {
// SessionUtil.destroy(request,SessionUtil.USER_SESSION_NAME);
//// request.getSession().invalidate();
// request.setAttribute("message","");
// String logout = logoutUrl+"?service="+serverName+request.getContextPath()+"/";
// view.setView(new RedirectView(logout, false));
// return view;
// }
@RequestMapping("/logout")
publicString logout(HttpServletRequest request){
SessionUtil.destroy(request,SessionUtil.USER_SESSION_NAME);
// request.getSession().invalidate();
request.setAttribute("message","");
return"account/login";
}
}