认证中心生成token回跳子系统后，隐藏url中的token参数

2017-01-01 21:33:03 +08:00 · 2017-01-01 21:33:03 +08:00 · a2892a66f3
parent 9c1c56ccd1
commit a2892a66f3
2 changed files with 31 additions and 2 deletions
--- a/zheng-upms/zheng-upms-client/src/main/java/com/zheng/upms/client/filter/SSOFilter.java
+++ b/zheng-upms/zheng-upms-client/src/main/java/com/zheng/upms/client/filter/SSOFilter.java
@ -24,6 +24,7 @@ import java.io.IOException;
 import java.net.URLEncoder;
 import java.util.ArrayList;
 import java.util.List;
+import java.util.Map;

 /**
 * Created by shuzheng on 2016/12/10.
@ -82,9 +83,21 @@ public class SSOFilter implements Filter {
                            RedisUtil.getJedis().sadd(token + "_subSessionIds", sessionId);
                            _log.info("当前token={}，对应的注册系统有：{}个", token, RedisUtil.getJedis().scard(token + "_subSessionIds"));
                            // 移除url中的token参数
-                            // TODO
+                            StringBuffer backUrl = request.getRequestURL();
+                            String params = "";
+                            Map<String, String[]> parameterMap = request.getParameterMap();
+                            for (Map.Entry<String, String[]> entry : parameterMap.entrySet()) {
+                                if (!entry.getKey().equals("token")) {
+                                    if (params.equals("")) {
+                                        params = entry.getKey() + "=" + entry.getValue()[0];
+                                    } else {
+                                        params += "&" + entry.getKey() + "=" + entry.getValue()[0];
+                                    }
+                                }
+                            }
+                            backUrl = backUrl.append("?").append(params);
                            // 返回请求资源
-                            filterChain.doFilter(request, response);
+                            response.sendRedirect(backUrl.toString());
                            return;
                        }
                    }
--- a/zheng-upms/zheng-upms-server/src/main/java/com/zheng/upms/admin/controller/SSOController.java
+++ b/zheng-upms/zheng-upms-server/src/main/java/com/zheng/upms/admin/controller/SSOController.java
@ -90,6 +90,22 @@ public class SSOController {
 	public String login(HttpServletRequest request) {
 		String sessionId = CookieUtil.getCookie(request, ZHENG_UPMS_SSO_SERVER_SESSION_ID);
 		_log.info("认证中心sessionId={}", sessionId);
+		String backurl = request.getParameter("backurl");
+		if (!StringUtils.isEmpty(sessionId) && !StringUtils.isEmpty(backurl)) {
+			String token = RedisUtil.get(sessionId + "_token");
+			// token校验值
+			if (!StringUtils.isEmpty(token)) {
+				// 回调子系统
+				String redirectUrl = backurl;
+				if (backurl.contains("?")) {
+					redirectUrl += "&token=" + token;
+				} else {
+					redirectUrl += "?token=" + token;
+				}
+				_log.info("认证中心帐号通过，带token回跳：{}", redirectUrl);
+				return "redirect:" + redirectUrl;
+			}
+		}
 		return "/sso/login";
 	}