diff --git a/casic-web/lib/siam-am-agent-simple-3.3.RELEASE.jar b/casic-web/lib/siam-am-agent-simple-3.3.RELEASE.jar new file mode 100644 index 0000000..13d8fb6 --- /dev/null +++ b/casic-web/lib/siam-am-agent-simple-3.3.RELEASE.jar Binary files differ diff --git a/casic-web/lib/siam-am-agent-simple-3.3.RELEASE.jar b/casic-web/lib/siam-am-agent-simple-3.3.RELEASE.jar new file mode 100644 index 0000000..13d8fb6 --- /dev/null +++ b/casic-web/lib/siam-am-agent-simple-3.3.RELEASE.jar Binary files differ diff --git a/casic-web/src/main/java/com/casic/missiles/config/CasFilterConfig.java b/casic-web/src/main/java/com/casic/missiles/config/CasFilterConfig.java new file mode 100644 index 0000000..5c37ce8 --- /dev/null +++ b/casic-web/src/main/java/com/casic/missiles/config/CasFilterConfig.java @@ -0,0 +1,70 @@ +package com.casic.missiles.config; + + +import com.sinopec.siam.agent.common.ContextHolder; +import com.sinopec.siam.agent.web.AccessEnforcer; +import com.sinopec.siam.agent.web.SAMLProfileFilter; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; +import org.springframework.boot.web.servlet.FilterRegistrationBean; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; + +import javax.servlet.ServletContext; + +/** + * 单点集成配置 + */ +@Configuration +@ConditionalOnProperty(prefix = "casic", name = "cas-type", havingValue = "sso") +public class CasFilterConfig { + @Value("${casic.sso.noFilterURLs}") + private String ssoNoFilterURLs; +// @Value("${sso.client.serverName}") +// private String serverName; +// @Value("${sso.client.appId}") +// private String appId; +// @Value("${sso.client.logoutPath}") +// private String logoutPath; +// @Value("${sso.client.excludedPaths}") +// private String excludedPaths; +// @Value("${sso.client.initSystemImpl}") +// private String initSystemImpl; + + /** + * @return 登录过滤器 + */ + @Bean + public FilterRegistrationBean registerAuthFilter() { + FilterRegistrationBean registration = new FilterRegistrationBean(); + SAMLProfileFilter samlProfileFilter = new SAMLProfileFilter(); + registration.setFilter(samlProfileFilter); + registration.addUrlPatterns("/SSO/*"); + registration.setName("com.sinopec.siam.agent.web.SAMLProfileFilter"); + //值越小,Filter越靠前。 + registration.setOrder(0); + return registration; + } + + /** + * + * @return 认证过滤器 + */ + @Bean + public FilterRegistrationBean AccessEnforcerAuthen(ServletContext servletContext ) { + servletContext.setInitParameter("spSimpleConfigFile", "classpath:/conf/sp-simple-config.properties"); + FilterRegistrationBean registration = new FilterRegistrationBean(); + + AccessEnforcer accessEnforcer = new AccessEnforcer(); + registration.setFilter(accessEnforcer); + + registration.addUrlPatterns("/*"); + registration.setName("AccessEnforcerAuthen"); + + registration.addInitParameter("noFilterURLs", ssoNoFilterURLs); +// registration.addInitParameter("serverName", serverName); + //值越小,Filter越靠前。 + registration.setOrder(0); + return registration; + } +} \ No newline at end of file diff --git a/casic-web/lib/siam-am-agent-simple-3.3.RELEASE.jar b/casic-web/lib/siam-am-agent-simple-3.3.RELEASE.jar new file mode 100644 index 0000000..13d8fb6 --- /dev/null +++ b/casic-web/lib/siam-am-agent-simple-3.3.RELEASE.jar Binary files differ diff --git a/casic-web/src/main/java/com/casic/missiles/config/CasFilterConfig.java b/casic-web/src/main/java/com/casic/missiles/config/CasFilterConfig.java new file mode 100644 index 0000000..5c37ce8 --- /dev/null +++ b/casic-web/src/main/java/com/casic/missiles/config/CasFilterConfig.java @@ -0,0 +1,70 @@ +package com.casic.missiles.config; + + +import com.sinopec.siam.agent.common.ContextHolder; +import com.sinopec.siam.agent.web.AccessEnforcer; +import com.sinopec.siam.agent.web.SAMLProfileFilter; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; +import org.springframework.boot.web.servlet.FilterRegistrationBean; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; + +import javax.servlet.ServletContext; + +/** + * 单点集成配置 + */ +@Configuration +@ConditionalOnProperty(prefix = "casic", name = "cas-type", havingValue = "sso") +public class CasFilterConfig { + @Value("${casic.sso.noFilterURLs}") + private String ssoNoFilterURLs; +// @Value("${sso.client.serverName}") +// private String serverName; +// @Value("${sso.client.appId}") +// private String appId; +// @Value("${sso.client.logoutPath}") +// private String logoutPath; +// @Value("${sso.client.excludedPaths}") +// private String excludedPaths; +// @Value("${sso.client.initSystemImpl}") +// private String initSystemImpl; + + /** + * @return 登录过滤器 + */ + @Bean + public FilterRegistrationBean registerAuthFilter() { + FilterRegistrationBean registration = new FilterRegistrationBean(); + SAMLProfileFilter samlProfileFilter = new SAMLProfileFilter(); + registration.setFilter(samlProfileFilter); + registration.addUrlPatterns("/SSO/*"); + registration.setName("com.sinopec.siam.agent.web.SAMLProfileFilter"); + //值越小,Filter越靠前。 + registration.setOrder(0); + return registration; + } + + /** + * + * @return 认证过滤器 + */ + @Bean + public FilterRegistrationBean AccessEnforcerAuthen(ServletContext servletContext ) { + servletContext.setInitParameter("spSimpleConfigFile", "classpath:/conf/sp-simple-config.properties"); + FilterRegistrationBean registration = new FilterRegistrationBean(); + + AccessEnforcer accessEnforcer = new AccessEnforcer(); + registration.setFilter(accessEnforcer); + + registration.addUrlPatterns("/*"); + registration.setName("AccessEnforcerAuthen"); + + registration.addInitParameter("noFilterURLs", ssoNoFilterURLs); +// registration.addInitParameter("serverName", serverName); + //值越小,Filter越靠前。 + registration.setOrder(0); + return registration; + } +} \ No newline at end of file diff --git a/casic-web/src/main/java/com/casic/missiles/controller/TokenController.java b/casic-web/src/main/java/com/casic/missiles/controller/TokenController.java new file mode 100644 index 0000000..d159385 --- /dev/null +++ b/casic-web/src/main/java/com/casic/missiles/controller/TokenController.java @@ -0,0 +1,95 @@ +package com.casic.missiles.controller; + +import com.casic.missiles.core.application.enums.LoginType; +import com.casic.missiles.core.base.controller.BaseController; +import com.casic.missiles.core.model.auth.AuthUser; +import com.casic.missiles.core.model.auth.CasicCustomToken; +import com.casic.missiles.core.shiro.ShiroKit; +import com.casic.missiles.core.util.RSAUtils; +import com.casic.missiles.model.response.SuccessResponseData; +import com.casic.missiles.modular.domain.constants.PermissionConstants; +import com.casic.missiles.modular.interfaces.log.LogManager; +import com.casic.missiles.modular.interfaces.log.factory.LogTaskFactory; +import com.casic.missiles.modular.system.dto.LoginSuccessDTO; +import com.sinopec.siam.agent.common.SSOPrincipal; +import lombok.extern.slf4j.Slf4j; +import org.apache.shiro.subject.Subject; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RequestMapping; + +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import java.io.IOException; +import java.security.NoSuchAlgorithmException; +import java.util.Map; + +import static com.casic.missiles.core.util.HttpContext.getIp; +import static com.sinopec.siam.agent.common.SSOPrincipal.NAME_OF_SESSION_ATTR; + + +/** + * 登录使用 + * + * @author lenovo + */ +@Controller +@RequestMapping("/route") +@Slf4j +public class TokenController extends BaseController { + @Value("${casic.web.host}") + private String webHost; + /** + * 获取mockToken + */ + @GetMapping("/token") + public void token(HttpSession session, HttpServletResponse response) throws IOException { + + Object obj = session.getAttribute(NAME_OF_SESSION_ATTR); + if (obj != null) { + super.getSession().setAttribute(PermissionConstants.IS_APP, false); + SSOPrincipal ssoPrincipal = (SSOPrincipal) obj; + String account = ssoPrincipal.getUid(); + login(session, response, account); + } else { + //此处404 未登录 + response.sendRedirect(webHost + "/smartcity/#/"); + } + } + + private void login(HttpSession session, HttpServletResponse response, String account) throws IOException { + + Subject currentUser = ShiroKit.getSubject(); + try { + Map key = RSAUtils.genKeyPair(); + ShiroKit.getSession().setAttribute(PermissionConstants.PRIVATE_KEY, key.get(RSAUtils.RSAPrivateKey)); + } catch (NoSuchAlgorithmException e) { + e.printStackTrace(); + } + + CasicCustomToken token = new CasicCustomToken(account, ""); + token.setType(LoginType.NO_PASSWD); + token.setRememberMe(false); + + try { + currentUser.login(token); + } catch (Exception e) { + e.printStackTrace(); + //TODO 此处登录异常 + response.sendRedirect(webHost + "/smartcity/#/"); + } + AuthUser shiroUser = ShiroKit.getUser(); + super.getSession().setAttribute("shiroUser", shiroUser); + super.getSession().setAttribute("username", shiroUser.getAccount()); + super.getSession().setAttribute(PermissionConstants.SESSION_KEY, shiroUser.getId()); + + LogManager.me().executeLog(LogTaskFactory.loginLog(shiroUser.getId(), getIp())); + + ShiroKit.getSession().setAttribute("sessionFlag", true); + String sid = ShiroKit.getSession().getId().toString(); + //TODO 登录成功 + response.sendRedirect(webHost + "/smartcity/#/?sid=" + sid); + + } +} diff --git a/casic-web/lib/siam-am-agent-simple-3.3.RELEASE.jar b/casic-web/lib/siam-am-agent-simple-3.3.RELEASE.jar new file mode 100644 index 0000000..13d8fb6 --- /dev/null +++ b/casic-web/lib/siam-am-agent-simple-3.3.RELEASE.jar Binary files differ diff --git a/casic-web/src/main/java/com/casic/missiles/config/CasFilterConfig.java b/casic-web/src/main/java/com/casic/missiles/config/CasFilterConfig.java new file mode 100644 index 0000000..5c37ce8 --- /dev/null +++ b/casic-web/src/main/java/com/casic/missiles/config/CasFilterConfig.java @@ -0,0 +1,70 @@ +package com.casic.missiles.config; + + +import com.sinopec.siam.agent.common.ContextHolder; +import com.sinopec.siam.agent.web.AccessEnforcer; +import com.sinopec.siam.agent.web.SAMLProfileFilter; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; +import org.springframework.boot.web.servlet.FilterRegistrationBean; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; + +import javax.servlet.ServletContext; + +/** + * 单点集成配置 + */ +@Configuration +@ConditionalOnProperty(prefix = "casic", name = "cas-type", havingValue = "sso") +public class CasFilterConfig { + @Value("${casic.sso.noFilterURLs}") + private String ssoNoFilterURLs; +// @Value("${sso.client.serverName}") +// private String serverName; +// @Value("${sso.client.appId}") +// private String appId; +// @Value("${sso.client.logoutPath}") +// private String logoutPath; +// @Value("${sso.client.excludedPaths}") +// private String excludedPaths; +// @Value("${sso.client.initSystemImpl}") +// private String initSystemImpl; + + /** + * @return 登录过滤器 + */ + @Bean + public FilterRegistrationBean registerAuthFilter() { + FilterRegistrationBean registration = new FilterRegistrationBean(); + SAMLProfileFilter samlProfileFilter = new SAMLProfileFilter(); + registration.setFilter(samlProfileFilter); + registration.addUrlPatterns("/SSO/*"); + registration.setName("com.sinopec.siam.agent.web.SAMLProfileFilter"); + //值越小,Filter越靠前。 + registration.setOrder(0); + return registration; + } + + /** + * + * @return 认证过滤器 + */ + @Bean + public FilterRegistrationBean AccessEnforcerAuthen(ServletContext servletContext ) { + servletContext.setInitParameter("spSimpleConfigFile", "classpath:/conf/sp-simple-config.properties"); + FilterRegistrationBean registration = new FilterRegistrationBean(); + + AccessEnforcer accessEnforcer = new AccessEnforcer(); + registration.setFilter(accessEnforcer); + + registration.addUrlPatterns("/*"); + registration.setName("AccessEnforcerAuthen"); + + registration.addInitParameter("noFilterURLs", ssoNoFilterURLs); +// registration.addInitParameter("serverName", serverName); + //值越小,Filter越靠前。 + registration.setOrder(0); + return registration; + } +} \ No newline at end of file diff --git a/casic-web/src/main/java/com/casic/missiles/controller/TokenController.java b/casic-web/src/main/java/com/casic/missiles/controller/TokenController.java new file mode 100644 index 0000000..d159385 --- /dev/null +++ b/casic-web/src/main/java/com/casic/missiles/controller/TokenController.java @@ -0,0 +1,95 @@ +package com.casic.missiles.controller; + +import com.casic.missiles.core.application.enums.LoginType; +import com.casic.missiles.core.base.controller.BaseController; +import com.casic.missiles.core.model.auth.AuthUser; +import com.casic.missiles.core.model.auth.CasicCustomToken; +import com.casic.missiles.core.shiro.ShiroKit; +import com.casic.missiles.core.util.RSAUtils; +import com.casic.missiles.model.response.SuccessResponseData; +import com.casic.missiles.modular.domain.constants.PermissionConstants; +import com.casic.missiles.modular.interfaces.log.LogManager; +import com.casic.missiles.modular.interfaces.log.factory.LogTaskFactory; +import com.casic.missiles.modular.system.dto.LoginSuccessDTO; +import com.sinopec.siam.agent.common.SSOPrincipal; +import lombok.extern.slf4j.Slf4j; +import org.apache.shiro.subject.Subject; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RequestMapping; + +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import java.io.IOException; +import java.security.NoSuchAlgorithmException; +import java.util.Map; + +import static com.casic.missiles.core.util.HttpContext.getIp; +import static com.sinopec.siam.agent.common.SSOPrincipal.NAME_OF_SESSION_ATTR; + + +/** + * 登录使用 + * + * @author lenovo + */ +@Controller +@RequestMapping("/route") +@Slf4j +public class TokenController extends BaseController { + @Value("${casic.web.host}") + private String webHost; + /** + * 获取mockToken + */ + @GetMapping("/token") + public void token(HttpSession session, HttpServletResponse response) throws IOException { + + Object obj = session.getAttribute(NAME_OF_SESSION_ATTR); + if (obj != null) { + super.getSession().setAttribute(PermissionConstants.IS_APP, false); + SSOPrincipal ssoPrincipal = (SSOPrincipal) obj; + String account = ssoPrincipal.getUid(); + login(session, response, account); + } else { + //此处404 未登录 + response.sendRedirect(webHost + "/smartcity/#/"); + } + } + + private void login(HttpSession session, HttpServletResponse response, String account) throws IOException { + + Subject currentUser = ShiroKit.getSubject(); + try { + Map key = RSAUtils.genKeyPair(); + ShiroKit.getSession().setAttribute(PermissionConstants.PRIVATE_KEY, key.get(RSAUtils.RSAPrivateKey)); + } catch (NoSuchAlgorithmException e) { + e.printStackTrace(); + } + + CasicCustomToken token = new CasicCustomToken(account, ""); + token.setType(LoginType.NO_PASSWD); + token.setRememberMe(false); + + try { + currentUser.login(token); + } catch (Exception e) { + e.printStackTrace(); + //TODO 此处登录异常 + response.sendRedirect(webHost + "/smartcity/#/"); + } + AuthUser shiroUser = ShiroKit.getUser(); + super.getSession().setAttribute("shiroUser", shiroUser); + super.getSession().setAttribute("username", shiroUser.getAccount()); + super.getSession().setAttribute(PermissionConstants.SESSION_KEY, shiroUser.getId()); + + LogManager.me().executeLog(LogTaskFactory.loginLog(shiroUser.getId(), getIp())); + + ShiroKit.getSession().setAttribute("sessionFlag", true); + String sid = ShiroKit.getSession().getId().toString(); + //TODO 登录成功 + response.sendRedirect(webHost + "/smartcity/#/?sid=" + sid); + + } +} diff --git a/casic-web/src/main/resources/conf/sp-saml-Log4j.properties b/casic-web/src/main/resources/conf/sp-saml-Log4j.properties new file mode 100644 index 0000000..2723bf4 --- /dev/null +++ b/casic-web/src/main/resources/conf/sp-saml-Log4j.properties @@ -0,0 +1,72 @@ +#回滚日志配置 +#方式1:每日生成一个文件 +#DEBUG,INFO,ERROR,建议切换生产后使用INFO或ERROR +log4j.rootLogger=INFO,C3,A1 + + +### 应用于控制台 + +log4j.appender.A1=com.sinopec.siam.apache.log4j.ConsoleAppender +log4j.appender.A1.Threshold=INFO +log4j.appender.A1.Target=System.out +log4j.appender.A1.layout=com.sinopec.siam.apache.log4j.PatternLayout +log4j.appender.A1.layout.ConversionPattern=[%-5p] %d{yyyy-MM-dd HH\:mm\:ss,SSS}\:%c{2}[%M] %m%n +#log4j.appender.A1.logfile.File=d:/siamlogs/a.log +#log4j.appender.CONSOLE.layout.ConversionPattern=[start]%d{DATE}[DATE]%n%p[PRIORITY]%n%x[NDC]%n%t[THREAD] n%c[CATEGORY]%n%m[MESSAGE]%n%n + + +#应用于文件 + +#log4j.appender.B2=com.sinopec.siam.apache.log4j.FileAppender +#log4j.appender.B2.Threshold=WARN +#log4j.appender.B2.File=logs/hrcpom_ERROR.log +#log4j.appender.B2.Append=false +#log4j.appender.B2.layout=com.sinopec.siam.apache.log4j.PatternLayout +#log4j.appender.B2.layout.ConversionPattern=[%-5p] %d{yyyy-MM-dd HH\\\:mm\\\:ss}\\\: %c %m%n + + + + +#周期性生成日志 +#每天产生一个日志文件 +# 1)'.'yyyy-MM: 每月 +# 2)'.'yyyy-ww: 每周 +# 3)'.'yyyy-MM-dd: 每天 +# 4)'.'yyyy-MM-dd-a: 每天两次 +# 5)'.'yyyy-MM-dd-HH: 每小时 +# 6)'.'yyyy-MM-dd-HH-mm: 每分钟 + +com.sinopec.siam.apache.log4j.DailyRollingFileAppender +log4j.appender.C3=com.sinopec.siam.apache.log4j.DailyRollingFileAppender +log4j.appender.C3.Threshold=INFO +#log4j.appender.C3.File=logs/server1/sipc_sso.log +log4j.appender.C3.Encoding=utf-8 +log4j.appender.C3.File=${catalina.home}/logsSP/saml_auth.log +log4j.appender.C3.DatePattern='.'yyyy-MM-dd +log4j.appender.C3.layout=com.sinopec.siam.apache.log4j.PatternLayout +log4j.appender.C3.layout.ConversionPattern=[%-5p] %d{yyyy-MM-dd HH\:mm\:ss,SSS}\:%c{2}[%M] %m%n + + +log4j.logger.com.sinopec.siam.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider=DEBUG,C4 +log4j.appender.C4=com.sinopec.siam.apache.log4j.DailyRollingFileAppender +#log4j.appender.C3.File=logs/server1/sipc_sso.log +log4j.appender.C4.Encoding=utf-8 +log4j.appender.C4.File=${catalina.home}/logsSP/metadata_down.log +log4j.appender.C4.DatePattern='.'yyyy-MM-dd +log4j.appender.C4.layout=com.sinopec.siam.apache.log4j.PatternLayout +log4j.appender.C4.layout.ConversionPattern=[%-5p] %d{yyyy-MM-dd HH\:mm\:ss,SSS}\:%c{2}[%M] %m%n + +#timer_metadata.log + +# 应用于文件回滚 +log4j.appender.R=com.sinopec.siam.apache.log4j.RollingFileAppender +log4j.appender.R.Threshold=INFO +log4j.appender.R.File=${catalina.home}/logsSP/saml_authR.log +log4j.appender.R.Append=true +#文件大小按情况设置 +log4j.appender.R.MaxFileSize=100MB +#保留文件个数按情况配置 +log4j.appender.R.MaxBackupIndex=10 +log4j.appender.R.layout=com.sinopec.siam.apache.log4j.PatternLayout +log4j.appender.R.layout.ConversionPattern=[%-5p] %d{yyyy-MM-dd HH\:mm\:ss,SSS}\:%c{2}[%M] %m%n + diff --git a/casic-web/lib/siam-am-agent-simple-3.3.RELEASE.jar b/casic-web/lib/siam-am-agent-simple-3.3.RELEASE.jar new file mode 100644 index 0000000..13d8fb6 --- /dev/null +++ b/casic-web/lib/siam-am-agent-simple-3.3.RELEASE.jar Binary files differ diff --git a/casic-web/src/main/java/com/casic/missiles/config/CasFilterConfig.java b/casic-web/src/main/java/com/casic/missiles/config/CasFilterConfig.java new file mode 100644 index 0000000..5c37ce8 --- /dev/null +++ b/casic-web/src/main/java/com/casic/missiles/config/CasFilterConfig.java @@ -0,0 +1,70 @@ +package com.casic.missiles.config; + + +import com.sinopec.siam.agent.common.ContextHolder; +import com.sinopec.siam.agent.web.AccessEnforcer; +import com.sinopec.siam.agent.web.SAMLProfileFilter; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; +import org.springframework.boot.web.servlet.FilterRegistrationBean; +import org.springframework.context.annotation.Bean; +import org.springframework.context.annotation.Configuration; + +import javax.servlet.ServletContext; + +/** + * 单点集成配置 + */ +@Configuration +@ConditionalOnProperty(prefix = "casic", name = "cas-type", havingValue = "sso") +public class CasFilterConfig { + @Value("${casic.sso.noFilterURLs}") + private String ssoNoFilterURLs; +// @Value("${sso.client.serverName}") +// private String serverName; +// @Value("${sso.client.appId}") +// private String appId; +// @Value("${sso.client.logoutPath}") +// private String logoutPath; +// @Value("${sso.client.excludedPaths}") +// private String excludedPaths; +// @Value("${sso.client.initSystemImpl}") +// private String initSystemImpl; + + /** + * @return 登录过滤器 + */ + @Bean + public FilterRegistrationBean registerAuthFilter() { + FilterRegistrationBean registration = new FilterRegistrationBean(); + SAMLProfileFilter samlProfileFilter = new SAMLProfileFilter(); + registration.setFilter(samlProfileFilter); + registration.addUrlPatterns("/SSO/*"); + registration.setName("com.sinopec.siam.agent.web.SAMLProfileFilter"); + //值越小,Filter越靠前。 + registration.setOrder(0); + return registration; + } + + /** + * + * @return 认证过滤器 + */ + @Bean + public FilterRegistrationBean AccessEnforcerAuthen(ServletContext servletContext ) { + servletContext.setInitParameter("spSimpleConfigFile", "classpath:/conf/sp-simple-config.properties"); + FilterRegistrationBean registration = new FilterRegistrationBean(); + + AccessEnforcer accessEnforcer = new AccessEnforcer(); + registration.setFilter(accessEnforcer); + + registration.addUrlPatterns("/*"); + registration.setName("AccessEnforcerAuthen"); + + registration.addInitParameter("noFilterURLs", ssoNoFilterURLs); +// registration.addInitParameter("serverName", serverName); + //值越小,Filter越靠前。 + registration.setOrder(0); + return registration; + } +} \ No newline at end of file diff --git a/casic-web/src/main/java/com/casic/missiles/controller/TokenController.java b/casic-web/src/main/java/com/casic/missiles/controller/TokenController.java new file mode 100644 index 0000000..d159385 --- /dev/null +++ b/casic-web/src/main/java/com/casic/missiles/controller/TokenController.java @@ -0,0 +1,95 @@ +package com.casic.missiles.controller; + +import com.casic.missiles.core.application.enums.LoginType; +import com.casic.missiles.core.base.controller.BaseController; +import com.casic.missiles.core.model.auth.AuthUser; +import com.casic.missiles.core.model.auth.CasicCustomToken; +import com.casic.missiles.core.shiro.ShiroKit; +import com.casic.missiles.core.util.RSAUtils; +import com.casic.missiles.model.response.SuccessResponseData; +import com.casic.missiles.modular.domain.constants.PermissionConstants; +import com.casic.missiles.modular.interfaces.log.LogManager; +import com.casic.missiles.modular.interfaces.log.factory.LogTaskFactory; +import com.casic.missiles.modular.system.dto.LoginSuccessDTO; +import com.sinopec.siam.agent.common.SSOPrincipal; +import lombok.extern.slf4j.Slf4j; +import org.apache.shiro.subject.Subject; +import org.springframework.beans.factory.annotation.Value; +import org.springframework.stereotype.Controller; +import org.springframework.web.bind.annotation.GetMapping; +import org.springframework.web.bind.annotation.RequestMapping; + +import javax.servlet.http.HttpServletResponse; +import javax.servlet.http.HttpSession; +import java.io.IOException; +import java.security.NoSuchAlgorithmException; +import java.util.Map; + +import static com.casic.missiles.core.util.HttpContext.getIp; +import static com.sinopec.siam.agent.common.SSOPrincipal.NAME_OF_SESSION_ATTR; + + +/** + * 登录使用 + * + * @author lenovo + */ +@Controller +@RequestMapping("/route") +@Slf4j +public class TokenController extends BaseController { + @Value("${casic.web.host}") + private String webHost; + /** + * 获取mockToken + */ + @GetMapping("/token") + public void token(HttpSession session, HttpServletResponse response) throws IOException { + + Object obj = session.getAttribute(NAME_OF_SESSION_ATTR); + if (obj != null) { + super.getSession().setAttribute(PermissionConstants.IS_APP, false); + SSOPrincipal ssoPrincipal = (SSOPrincipal) obj; + String account = ssoPrincipal.getUid(); + login(session, response, account); + } else { + //此处404 未登录 + response.sendRedirect(webHost + "/smartcity/#/"); + } + } + + private void login(HttpSession session, HttpServletResponse response, String account) throws IOException { + + Subject currentUser = ShiroKit.getSubject(); + try { + Map key = RSAUtils.genKeyPair(); + ShiroKit.getSession().setAttribute(PermissionConstants.PRIVATE_KEY, key.get(RSAUtils.RSAPrivateKey)); + } catch (NoSuchAlgorithmException e) { + e.printStackTrace(); + } + + CasicCustomToken token = new CasicCustomToken(account, ""); + token.setType(LoginType.NO_PASSWD); + token.setRememberMe(false); + + try { + currentUser.login(token); + } catch (Exception e) { + e.printStackTrace(); + //TODO 此处登录异常 + response.sendRedirect(webHost + "/smartcity/#/"); + } + AuthUser shiroUser = ShiroKit.getUser(); + super.getSession().setAttribute("shiroUser", shiroUser); + super.getSession().setAttribute("username", shiroUser.getAccount()); + super.getSession().setAttribute(PermissionConstants.SESSION_KEY, shiroUser.getId()); + + LogManager.me().executeLog(LogTaskFactory.loginLog(shiroUser.getId(), getIp())); + + ShiroKit.getSession().setAttribute("sessionFlag", true); + String sid = ShiroKit.getSession().getId().toString(); + //TODO 登录成功 + response.sendRedirect(webHost + "/smartcity/#/?sid=" + sid); + + } +} diff --git a/casic-web/src/main/resources/conf/sp-saml-Log4j.properties b/casic-web/src/main/resources/conf/sp-saml-Log4j.properties new file mode 100644 index 0000000..2723bf4 --- /dev/null +++ b/casic-web/src/main/resources/conf/sp-saml-Log4j.properties @@ -0,0 +1,72 @@ +#回滚日志配置 +#方式1:每日生成一个文件 +#DEBUG,INFO,ERROR,建议切换生产后使用INFO或ERROR +log4j.rootLogger=INFO,C3,A1 + + +### 应用于控制台 + +log4j.appender.A1=com.sinopec.siam.apache.log4j.ConsoleAppender +log4j.appender.A1.Threshold=INFO +log4j.appender.A1.Target=System.out +log4j.appender.A1.layout=com.sinopec.siam.apache.log4j.PatternLayout +log4j.appender.A1.layout.ConversionPattern=[%-5p] %d{yyyy-MM-dd HH\:mm\:ss,SSS}\:%c{2}[%M] %m%n +#log4j.appender.A1.logfile.File=d:/siamlogs/a.log +#log4j.appender.CONSOLE.layout.ConversionPattern=[start]%d{DATE}[DATE]%n%p[PRIORITY]%n%x[NDC]%n%t[THREAD] n%c[CATEGORY]%n%m[MESSAGE]%n%n + + +#应用于文件 + +#log4j.appender.B2=com.sinopec.siam.apache.log4j.FileAppender +#log4j.appender.B2.Threshold=WARN +#log4j.appender.B2.File=logs/hrcpom_ERROR.log +#log4j.appender.B2.Append=false +#log4j.appender.B2.layout=com.sinopec.siam.apache.log4j.PatternLayout +#log4j.appender.B2.layout.ConversionPattern=[%-5p] %d{yyyy-MM-dd HH\\\:mm\\\:ss}\\\: %c %m%n + + + + +#周期性生成日志 +#每天产生一个日志文件 +# 1)'.'yyyy-MM: 每月 +# 2)'.'yyyy-ww: 每周 +# 3)'.'yyyy-MM-dd: 每天 +# 4)'.'yyyy-MM-dd-a: 每天两次 +# 5)'.'yyyy-MM-dd-HH: 每小时 +# 6)'.'yyyy-MM-dd-HH-mm: 每分钟 + +com.sinopec.siam.apache.log4j.DailyRollingFileAppender +log4j.appender.C3=com.sinopec.siam.apache.log4j.DailyRollingFileAppender +log4j.appender.C3.Threshold=INFO +#log4j.appender.C3.File=logs/server1/sipc_sso.log +log4j.appender.C3.Encoding=utf-8 +log4j.appender.C3.File=${catalina.home}/logsSP/saml_auth.log +log4j.appender.C3.DatePattern='.'yyyy-MM-dd +log4j.appender.C3.layout=com.sinopec.siam.apache.log4j.PatternLayout +log4j.appender.C3.layout.ConversionPattern=[%-5p] %d{yyyy-MM-dd HH\:mm\:ss,SSS}\:%c{2}[%M] %m%n + + +log4j.logger.com.sinopec.siam.opensaml.saml2.metadata.provider.AbstractReloadingMetadataProvider=DEBUG,C4 +log4j.appender.C4=com.sinopec.siam.apache.log4j.DailyRollingFileAppender +#log4j.appender.C3.File=logs/server1/sipc_sso.log +log4j.appender.C4.Encoding=utf-8 +log4j.appender.C4.File=${catalina.home}/logsSP/metadata_down.log +log4j.appender.C4.DatePattern='.'yyyy-MM-dd +log4j.appender.C4.layout=com.sinopec.siam.apache.log4j.PatternLayout +log4j.appender.C4.layout.ConversionPattern=[%-5p] %d{yyyy-MM-dd HH\:mm\:ss,SSS}\:%c{2}[%M] %m%n + +#timer_metadata.log + +# 应用于文件回滚 +log4j.appender.R=com.sinopec.siam.apache.log4j.RollingFileAppender +log4j.appender.R.Threshold=INFO +log4j.appender.R.File=${catalina.home}/logsSP/saml_authR.log +log4j.appender.R.Append=true +#文件大小按情况设置 +log4j.appender.R.MaxFileSize=100MB +#保留文件个数按情况配置 +log4j.appender.R.MaxBackupIndex=10 +log4j.appender.R.layout=com.sinopec.siam.apache.log4j.PatternLayout +log4j.appender.R.layout.ConversionPattern=[%-5p] %d{yyyy-MM-dd HH\:mm\:ss,SSS}\:%c{2}[%M] %m%n + diff --git a/casic-web/src/main/resources/conf/sp-simple-config.properties b/casic-web/src/main/resources/conf/sp-simple-config.properties new file mode 100644 index 0000000..9e647ef --- /dev/null +++ b/casic-web/src/main/resources/conf/sp-simple-config.properties @@ -0,0 +1,107 @@ +## +# config of SP +## + +#???????????????? +sp.auth.method.default=TAMUsernamePassword +#?? sp? idp? metadata ?????????????? +sp.metadata.ts.download.url=https://ts.uat.siam.sinopec.com +#SP????ID?????????? +sp.metadata.url.entityId=https://test.java.sinopec.com:9443 +#??code,????ASCII???????????? +sp.login.tsysAccount=\u793A\u4F8B +#?????????????????????????????? +sp.credential.keyStorePath=classpath:/certs/test.uat.siam.sinopec.com.jks +#??????????????,?help??DES??????????????????? +sp.credential.keyStorePassword=6ArCSisuIHxnzcT+/S8hHg== +# ???????????????help??DES??????????????????? +sp.credential.keyPassword=6ArCSisuIHxnzcT+/S8hHg== +#?????????????????????????????? +sp.credential.keyAlias=test.uat.siam.sinopec.com +#IDP????ID?????????? +sp.saml2.idp.entityId=https://auth.uat.siam.sinopec.com/idp +#metadata????????????????????? +ts.metadata.requestTimeout=30000 +#ts?????https +ts.metadata.disregardSSLCertificate=true +#metadata?????? true:?????false:????????????? +ts.metadata.download.auto=true +#metadata?????????????????????????10? ????23? +ts.metadata.minRefreshDelay=864000000 +#metadata?????????????????????????15?????23? +ts.metadata.maxRefreshDelay=1296000000 +# SP Key Store Type: jks +sp.credential.keyStoreType=jks + +#saml????????????????? +siam.reponse.safe.time.range=600 + +#???????? true +session.local=true + + + +#siam.sp.proxy.web.urls:?????url?? +#F5/nginx ??????????? flag=true +#????:siam.sp.proxy.web.urls=[http://java.uat.sinopec.com:8081/sp/SSO/SAML2/POST],[https://eai.siam.sinopec.com:8080],[https://cheng.siam.sinopec.com:8080] +#????:siam.sp.proxy.load.url=https://java.uat.sinopec.com:8443/proxy_path +#????:siam.sp.proxy.flag=true +siam.sp.proxy.web.urls=[http://java.uat.sinopec.com/SSO/SAML2/POST] +siam.sp.proxy.load.url=http://java.uat.sinopec.com:8090/route/token +siam.sp.proxy.flag=false + + +#------------------------------------------------------------------------------------ +# +# SAML SP JSP Error Handler +# +sp.jsp.error.handler.path=/error.jsp + +#------------------------------------------------------------------------------------ +# +# SSO Login Path +# +# +#SSO global logout after the redirec to login +# +sp.saml2.slo.redirectToLogin=true +sp.saml2.slo.requestPaths=/SSO/SLO/Redirect + +#------------------ +#sp.ParserPool +# xml??? ???? +sp.ParserPool.maxPoolSize=100 +sp.ParserPool.coalescing=true +sp.ParserPool.ignoreComments=true +sp.ParserPool.ignoreElementContentWhitespace=true +sp.ParserPool.namespaceAware=true + + +#sp.metadata.ts.download.url+sp.metadata.url+sp.metadata.url.entityId???metadata???? +#sp.metadata.backUpPath?idp.metadata.backUpPath?metadata???????? +sp.metadata.url=/ts/services/restful/topology/publisher/getEntityDescriptorByEntityID?entityID= +sp.metadata.backUpPath=classpath:sp-metadata.xml +idp.metadata.url=/ts/services/restful/topology/publisher/getIdPEntitiesDescriptor +idp.metadata.backUpPath=classpath:idp-metadata-all.xml + + +#------------------------------------------------------------------------------------ +# +# SAML SP Local Logout parameter +# +sp.saml2.self.LLO.I18N.path=com.sinopec.siam.agent.messages.messages +sp.saml2.self.LLO.image.path=/images/login/success1.jpg + +#------------------------------------------------------------------------------------ +# +# Theme Of IdP Login Page +# +sp.saml2.idp.themeOfIdPLoginPage=default + +# authentication level config file +sp.auth.method.level.file=classpath:/com/sinopec/siam/agent/web/siam-sp-authen-level.xml + + +#???? +sinopec.siam.version=3.6 +sinopec.siam.releasedate=2023-10-10 \ No newline at end of file