sso社区系统单点登录对接
2017-07-04 本文已影响0人
wu_9f41
使用原理
- 1.1 社区系统点击进入被登录系统(psmp)时,传来的请求携带着session_id,psmp判断是否单点登录
- 2.1(携带session_id) YES:则像社区系统发送请求验证该session_id,验证通过则直接进入首页,否则进入登录页面
- 2.2(未携带session_id) NO:进入登录页面
注:社区系统和psmp的登录账号需要保持一致,否则无法登陆
具体实现
web.xml里面设置过滤器和分发器
过滤器
<filter>
<filter-name>SessionFilter</filter-name>
<filter-class>com.ztesoft.uboss.login.filter.SessionFilter</filter-class>
<init-param>
<param-name>ExcludeFile</param-name>
<param-value>/callremoteservice.do,/mcallremoteservice.do,/Login.jsp,/Login_chongqizongzhi.jsp,/Login_version20.jsp,/UlepLogin.jsp,loginservlet.do,ssologin.do, ssoeventNum.do,ssoeventList.do,logout.jsp,Error.jsp, /modules/bpmn/flowdesigner/draw/showFlow.jsp,/modules/bpmn/flowdesigner/draw/showView.jsp,/modules/bpmn/flowdesigner/draw/showFlow.jsp ,/modules/bpmn/flowdesigner/draw/showsubFlow.jsp,/modules/bpmn/flowdesigner/draw/flowActiviti.jsp,/modules/form ,modules/admin/report/release/reportTemplate.jsp,PreviewNotice.jsp,/sso.jsp
</param-value>
</init-param>
</filter>
servlet
<servlet id="Servlet_1172640229695">
<servlet-name>loginservlet</servlet-name>
<servlet-class>
<!-- com.ztesoft.uboss.web.servlet.LoginServlet -->
com.ztesoft.uboss.login.servlet.LoginServlet
</servlet-class>
</servlet>
<servlet-mapping id="ServletMapping_1172640229856">
<servlet-name>loginservlet</servlet-name>
<url-pattern>/loginservlet.do</url-pattern>
</servlet-mapping>
SessionFilter
在doFilter()方法里面,加上一句判断
String session_id = request.getParameter("session_id");
if (!StringUtils.isBlank(session_id)) { // 单点登录方式
String strWebRoot = getWebRoot(request);
String curURL = "loginservlet.do?action=login&sessionID=" + session_id;
response.sendRedirect(strWebRoot + curURL);
filterChain.doFilter(request, response);
return;
}
LoginServlet
在login()方法里面加上一句判断
// 天津一部单点登录
sessionId = request.getParameter("sessionID");
String responseBody = "";
if (StringUtil.isNotEmpty(sessionId)) {
String url = ConfigurationMgr.instance().getString("SSO_URL");
//String url ="http://10.45.8.27:8080/ccm/sso/entrance/sessionLoad?session_id=" + sessionId;
if (StringUtil.isEmpty(url)) {
SMSLoginState ssoResult = SMSLoginState.USRCODE_ERR;
logger.info("LOGIN FAILED TO GET AUTH URL.");
LoginUtil.gotoAnotherLink(request, response, ssoResult, loginJsp);
return;
}
responseBody = callHttpClientRequest(url, sessionId);
JSONObject jsonResponse = JSONObject.fromObject(responseBody);
if (jsonResponse.getBoolean("success")) {
ssoLoginUserCode = jsonResponse.getString("acc_login_name");
//ssoLoginUserCode="imcp";
// 代表sso登录成功
if (StringUtil.isNotEmpty(ssoLoginUserCode)) {
logger.debug("SSO Auth success. User Code: " + ssoLoginUserCode);
loginDict.set("SSO_AUTH_SUCCESS_CODE", ssoLoginUserCode);
loginDict.set("USER_CODE", ssoLoginUserCode);
loginDict.set("SESSION_ID", sessionId);
userCode = ssoLoginUserCode;
loginDict.setValueByName("LOGIN_PATTERN", 0);
loginServ.login(loginDict);
}
} else {
SMSLoginState ssoResult = SMSLoginState.USRCODE_ERR;
LoginUtil.gotoAnotherLink(request, response, ssoResult,
loginJsp);
logger.info("SSO AUTH FAILED.");
return;
}
} else {
loginServ.login(loginDict);
}
