一、准备SDK等集成环境
Warning |
---|
如果是标准OAuth2,可以跳过本步骤 |
...
Info | ||
---|---|---|
| ||
/opt/maco/tomcat8/lib |
Info | ||
---|---|---|
| ||
D:\maco\tomcat8\lib |
二、登录页面跳转脚本
一、登录页面跳转脚本
Code Block | ||
---|---|---|
| ||
importPackage(java.util); importPackage(org.apache.commons.lang); var app = request.getParameter("app"); var redirectUrl = request.getParameter("redirectUrl"); if(!StringUtils.isEmpty(app) && StringUtils.equalsIgnoreCase(app, "crm")){ result.setSuccess(true); var urlStr = "/view/user/sso.do?app="+app+"&redirectUrl="+redirectUrl; logger.debug("url str: "+urlStr); response.sendRedirect(urlStr); }else{ //忽略SSO,默认跳转到登录界面 result.setSuccess(false); } |
...
二、SSO登录脚本
Code Block | ||
---|---|---|
| ||
importPackage(java.util); importPackage(java.net); importPackage(org.apache.commons.codec.digest); importPackage(org.apache.commons.lang); importPackage(com.alibaba.fastjson); var app = request.getParameter("app"); var redirectUrl = request.getParameter("redirectUrl"); logger.error("app: "+app); logger.error("redirectUrl: "+redirectUrl); if(!StringUtils.isEmpty(app) && StringUtils.equalsIgnoreCase(app, "crm")){ var SSO_HOST = "http://www.abc.com:9080"; var CLIENT_ID = "abcdef"; var CLIENT_SECRET = ""; var accessTokenKey = "access_token"; var accessToken = request.getParameter(accessTokenKey); //accessToken如果是null,说明未登录 if (accessToken != null) { logger.debug("accessToken:"+accessToken); //获取用户信息 var oauthUrl = new StringBuilder().append(SSO_HOST).append("/auth/profile").toString(); var bearerClientRequest = new OAuthBearerClientRequest(oauthUrl).setAccessToken(accessToken).buildQueryMessage(); bearerClientRequest.setHeader("clientId", CLIENT_ID); var oAuthClient = new OAuthClient(new URLConnectionClient()); var resourceResponse = oAuthClient.resource(bearerClientRequest, "GET", OAuthResourceResponse); //解析用户信息 var status = resourceResponse.getResponseCode(); var body = resourceResponse.getBody(); logger.info("getUserProfileByToken", new StringBuilder().append("code:").append(status).append("body:").append(body).toString()); body = body.replaceAll("\\\\/", "/"); var obj = JSONObject.parseObject(body); logger.debug("user profile:"+obj); //获得用户名 var username = obj.getString("USER_LOGIN_NAME"); var redirectUrl = request.getParameter("redirectUrl"); logger.debug("redirectUrl: "+redirectUrl); var hasUser = userService.hasUser(username); if(!hasUser){ //redirect到错误消息提示 response.setContentType("text/html;charset=utf-8"); sessionService.putString("pageTitle", "登录失败"); sessionService.putString("message", "您的账号未与报表平台绑定,请联系管理员"); var urlStr = "/view/message.do"; response.sendRedirect(urlStr); }else{ userService.loginUser(username); response.sendRedirect(redirectUrl); } }else{ var uri = request.getRequestURI(); var callbackUrl = "#CURRENT_HOST#" + (uri.length() > 0 ? uri.substring(1) : ""); var queryString = request.getQueryString(); if (queryString != null) { callbackUrl += "?" + queryString.trim(); } else { callbackUrl += "?" + "clientID=" + CLIENT_ID; } logger.debug("callbackUrl: "+callbackUrl); //redirect_url必须作为第一个参数 var url = "/sso_listener.html?redirect_url=" + URLEncoder.encode(callbackUrl, "utf-8") +"&client_id="+CLIENT_ID; logger.debug("redirect to: "+url); response.sendRedirect(url); } }else{ //redirect到错误消息提示 sessionService.putString("pageTitle", "登录失败"); sessionService.putString("message", "登录失败,请联系管理员"); var urlStr = "/view/message.do"; response.sendRedirect(urlStr); } |
...