前言–項目需求
在智慧校園系統中,加入一個超鏈接,直接跳轉到XX系統。
思路
前提:本系統同步了單點登錄服務器中的賬戶信息
點擊超鏈接時,訪問XX系統接口,由xx系統接口去訪問sos服務器,取得當前登錄賬戶的信息,
若與xx系統同步的信息匹配,則由sos服務器回調成功url。
(中間涉及在sos服務器配置xx系統信息和回調成功地址信息等)
1.導包
pom文件依賴:
<!--CAS Client-->
<dependency>
<groupId>org.jasig.cas.client</groupId>
<artifactId>cas-client-core</artifactId>
<version>3.4.1</version>
</dependency>
<!--CAS Client Autoconfig-Support-->
<!-- https://mvnrepository.com/artifact/net.unicon.cas/cas-client-autoconfig-support -->
<dependency>
<groupId>net.unicon.cas</groupId>
<artifactId>cas-client-autoconfig-support</artifactId>
<version>2.3.0-GA</version>
</dependency>
2.配置
application.properties 文件配置
#cas配置
#cas服務端前綴
cas.server-url-prefix=http://authserver.swun.edu.cn/authserver
#cas的登錄地址
cas.server-login-url=http://authserver.swun.edu.cn/authserver/login
#當前客戶端的地址(替換 me.local 爲域名或ip地址 ip或域名需要在cas server授權)
cas.client-host-url=http://me.local/meeting-web/casClient/loginByCasClient
#cas.client-host-url=http://172.18.0.246/meeting-web/casClient/loginByCasClient
cas.validation-type=CAS3
#設置攔截url地址
cas.authentication-url-patterns[0]=/casClient/loginByCasClient
cas.validation-url-patterns[0]=/casClient/loginByCasClient
cas.request-wrapper-url-patterns[0]=/casClient/loginByCasClient
cas.assertion-thread-local-url-patterns[0]=/casClient/loginByCasClient
3.編寫邏輯完成登錄
退出同理,xx系統採用jwt,邏輯類比。
/**
* 1. 人員組織已通過定時任務同步 2. cas已登錄 1.1 重定向
*
* @param request
* @param response
* @return
* @throws IOException
*/
@AuthIgnore
@ApiOperation("登錄 - loginByCasClient")
@GetMapping(value = "/loginByCasClient")
public String loginByCasClient(HttpServletRequest request, HttpServletResponse response, HttpSession sessions)
throws IOException {
String cas_token = (String) sessions.getAttribute("cas_token");
if ( !"".equals(cas_token)&&null!=cas_token) {
logger.info("直接登錄!");
return "<!--\n"
+ " @author : biuaxia\n"
+ " @date: 2020/1/15 10:42\n"
+ " @apiNote: contact [email protected],\n"
+ "-->\n"
+ "<!DOCTYPE html>\n"
+ "<html lang=\"en\">\n"
+ "<head>\n"
+ " <meta charset=\"utf-8\"/>\n"
+ " <title>引導頁</title>\n"
+ " <title>恭喜,站點創建成功!</title>\n"
+ " <style>\n"
+ " .container {\n"
+ " width: 60%;\n"
+ " margin: 10% auto 0;\n"
+ " background-color: #f0f0f0;\n"
+ " padding: 2% 5%;\n"
+ " border-radius: 10px;\n"
+ " }\n"
+ "\n"
+ " ul {\n"
+ " padding-left: 20px;\n"
+ " }\n"
+ "\n"
+ " ul li {\n"
+ " line-height: 2.3;\n"
+ " }\n"
+ "\n"
+ " a {\n"
+ " color: #20a53a;\n"
+ " }\n"
+ " </style>\n"
+ "</head>\n"
+ "<body>\n"
+ "<div class=\"container\">\n"
+ " <h1>恭喜, 登錄成功!</h1>\n"
+ " <h3>3秒後爲您跳轉到會議系統頁面,請耐心等待</h3>\n"
+ " <ul>\n"
+ " <li>本頁面由系統自動生成</li>\n"
+ " <li>您可以忽略本頁面,直接訪問會議系統/meeting-web</li>\n"
+ " <li>直接登錄</li>\n"
+ " </ul>\n"
+ "</div>\n"
+ "\n"
+ "<script>\n"
+ " localStorage.setItem(\"token\", \""
+ cas_token
+ "\");\n"
+ " setTimeout(function () {\n"
+ " window.location.href = '/meeting-web/#/personalSet'\n"
+ " }, 3000);\n"
+ "</script>\n"
+ "</body>\n"
+ "</html>";
}
String loginName = request.getRemoteUser();
String userName;
if (loginName == null || "".equals(loginName)) {
logger.info("未登錄、重定向到默認登錄頁面");
response.sendRedirect(context_path);
} else {
Principal principal = request.getUserPrincipal();
AttributePrincipal aPrincipal = (AttributePrincipal) principal;
Map<String, Object> map = aPrincipal.getAttributes();
userName = (String) map.get("cn");
logger.info(
String.format("login By CasClient -- loginName: %s, userName: %s", loginName, userName));
}
BaseUserinfo existUserInfo = baseUserinfoService.getByLoginName(loginName);
if (existUserInfo == null) {
throw new RequestParamException(String.format("用戶 %s 不存在.", loginName));
}
if (existUserInfo.getUserStatus().intValue() == 0) {
throw new RequestParamException("用戶被禁用");
}
UserInfo userInfo = new UserInfo();
userInfo.setId(existUserInfo.getId());
userInfo.setLoginName(existUserInfo.getLoginName());
userInfo.setUserName(existUserInfo.getUserName());
userInfo.setDeptId(existUserInfo.getOrgId());
cas_token = tokenService.generateToken(userInfo);
sessions.setAttribute("cas_token", cas_token);
logger.info("正常登錄!");
// TODO biuaxia 可以在登錄時檢查session,若存在直接登錄,反之跳轉cas,在退出時移除session的內容(僅供參考, 2020年1月15日14:33:53)
return "<!--\n"
+ " @author : biuaxia\n"
+ " @date: 2020/1/15 10:42\n"
+ " @apiNote: contact [email protected],\n"
+ "-->\n"
+ "<!DOCTYPE html>\n"
+ "<html lang=\"en\">\n"
+ "<head>\n"
+ " <meta charset=\"utf-8\"/>\n"
+ " <title>引導頁</title>\n"
+ " <title>恭喜,站點創建成功!</title>\n"
+ " <style>\n"
+ " .container {\n"
+ " width: 60%;\n"
+ " margin: 10% auto 0;\n"
+ " background-color: #f0f0f0;\n"
+ " padding: 2% 5%;\n"
+ " border-radius: 10px;\n"
+ " }\n"
+ "\n"
+ " ul {\n"
+ " padding-left: 20px;\n"
+ " }\n"
+ "\n"
+ " ul li {\n"
+ " line-height: 2.3;\n"
+ " }\n"
+ "\n"
+ " a {\n"
+ " color: #20a53a;\n"
+ " }\n"
+ " </style>\n"
+ "</head>\n"
+ "<body>\n"
+ "<div class=\"container\">\n"
+ " <h1>恭喜, 登錄成功!</h1>\n"
+ " <h3>3秒後爲您跳轉到會議系統頁面,請耐心等待</h3>\n"
+ " <ul>\n"
+ " <li>本頁面由系統自動生成</li>\n"
+ " <li>您可以忽略本頁面,直接訪問會議系統/meeting-web</li>\n"
+ " <li>正常登錄</li>\n"
+ " </ul>\n"
+ "</div>\n"
+ "\n"
+ "<script>\n"
+ " localStorage.setItem(\"token\", \""
+ cas_token
+ "\");\n"
+ " setTimeout(function () {\n"
+ " window.location.href = '/meeting-web/#/personalSet'\n"
+ " }, 3000);\n"
+ "</script>\n"
+ "</body>\n"
+ "</html>";
}
退出
@AuthIgnore
@ApiOperation("退出-logoutByCasClient")
@PostMapping("/logoutCasClient")
public void logoutByCas(HttpServletRequest request) throws ServletException {
tokenService.logout(request.getHeader("token"));
request.getSession().invalidate();
request.logout();
logger.info("logout By CasClient Success!");
}
注:退出只退出了xx系統,應考慮做單點退出。