认证中心生成token回跳子系统后,隐藏url中的token参数

This commit is contained in:
shuzheng 2017-01-01 21:33:03 +08:00
parent 9c1c56ccd1
commit a2892a66f3
2 changed files with 31 additions and 2 deletions

View File

@ -24,6 +24,7 @@ import java.io.IOException;
import java.net.URLEncoder;
import java.util.ArrayList;
import java.util.List;
import java.util.Map;
/**
* Created by shuzheng on 2016/12/10.
@ -82,9 +83,21 @@ public class SSOFilter implements Filter {
RedisUtil.getJedis().sadd(token + "_subSessionIds", sessionId);
_log.info("当前token={},对应的注册系统有:{}个", token, RedisUtil.getJedis().scard(token + "_subSessionIds"));
// 移除url中的token参数
// TODO
StringBuffer backUrl = request.getRequestURL();
String params = "";
Map<String, String[]> parameterMap = request.getParameterMap();
for (Map.Entry<String, String[]> entry : parameterMap.entrySet()) {
if (!entry.getKey().equals("token")) {
if (params.equals("")) {
params = entry.getKey() + "=" + entry.getValue()[0];
} else {
params += "&" + entry.getKey() + "=" + entry.getValue()[0];
}
}
}
backUrl = backUrl.append("?").append(params);
// 返回请求资源
filterChain.doFilter(request, response);
response.sendRedirect(backUrl.toString());
return;
}
}

View File

@ -90,6 +90,22 @@ public class SSOController {
public String login(HttpServletRequest request) {
String sessionId = CookieUtil.getCookie(request, ZHENG_UPMS_SSO_SERVER_SESSION_ID);
_log.info("认证中心sessionId={}", sessionId);
String backurl = request.getParameter("backurl");
if (!StringUtils.isEmpty(sessionId) && !StringUtils.isEmpty(backurl)) {
String token = RedisUtil.get(sessionId + "_token");
// token校验值
if (!StringUtils.isEmpty(token)) {
// 回调子系统
String redirectUrl = backurl;
if (backurl.contains("?")) {
redirectUrl += "&token=" + token;
} else {
redirectUrl += "?token=" + token;
}
_log.info("认证中心帐号通过带token回跳{}", redirectUrl);
return "redirect:" + redirectUrl;
}
}
return "/sso/login";
}