From f71158e3277ebf55f830ede626043b6465658652 Mon Sep 17 00:00:00 2001 From: CaptainB Date: Mon, 9 Jan 2023 19:58:14 +0800 Subject: [PATCH] =?UTF-8?q?refactor:=20=E5=90=8E=E5=8F=B0=E6=9C=8D?= =?UTF-8?q?=E5=8A=A1=E9=97=B4=E8=B0=83=E7=94=A8=E5=8C=BA=E5=88=86sso=20tok?= =?UTF-8?q?en?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../commons/constants/SessionConstants.java | 1 + .../metersphere/commons/utils/HttpHeaderUtils.java | 1 + .../java/io/metersphere/security/ApiKeyFilter.java | 14 ++++++++++---- ...ySessionHandler.java => SSOSessionHandler.java} | 2 +- 4 files changed, 13 insertions(+), 5 deletions(-) rename framework/sdk-parent/sdk/src/main/java/io/metersphere/security/{ApiKeySessionHandler.java => SSOSessionHandler.java} (97%) diff --git a/framework/sdk-parent/sdk/src/main/java/io/metersphere/commons/constants/SessionConstants.java b/framework/sdk-parent/sdk/src/main/java/io/metersphere/commons/constants/SessionConstants.java index a64dfbddae..f41ce3fad3 100644 --- a/framework/sdk-parent/sdk/src/main/java/io/metersphere/commons/constants/SessionConstants.java +++ b/framework/sdk-parent/sdk/src/main/java/io/metersphere/commons/constants/SessionConstants.java @@ -7,6 +7,7 @@ public class SessionConstants { public final static String HEADER_TOKEN = "X-AUTH-TOKEN"; public final static String CSRF_TOKEN = "CSRF-TOKEN"; + public final static String SSO_TOKEN = "SSO-TOKEN"; public final static String CURRENT_PROJECT = "PROJECT"; public final static String CURRENT_WORKSPACE = "WORKSPACE"; public final static String ACCESS_KEY = "accessKey"; diff --git a/framework/sdk-parent/sdk/src/main/java/io/metersphere/commons/utils/HttpHeaderUtils.java b/framework/sdk-parent/sdk/src/main/java/io/metersphere/commons/utils/HttpHeaderUtils.java index bca8ac1d00..c837e67520 100644 --- a/framework/sdk-parent/sdk/src/main/java/io/metersphere/commons/utils/HttpHeaderUtils.java +++ b/framework/sdk-parent/sdk/src/main/java/io/metersphere/commons/utils/HttpHeaderUtils.java @@ -60,6 +60,7 @@ public class HttpHeaderUtils { headers.add(SessionConstants.HEADER_TOKEN, sessionUser.getSessionId()); headers.add(SessionConstants.CSRF_TOKEN, sessionUser.getCsrfToken()); + headers.add(SessionConstants.SSO_TOKEN, sessionUser.getId()); headers.add(SessionConstants.CURRENT_PROJECT, sessionUser.getLastProjectId()); headers.add(SessionConstants.CURRENT_WORKSPACE, sessionUser.getLastWorkspaceId()); } diff --git a/framework/sdk-parent/sdk/src/main/java/io/metersphere/security/ApiKeyFilter.java b/framework/sdk-parent/sdk/src/main/java/io/metersphere/security/ApiKeyFilter.java index 2bf9ed8242..c8783da3dc 100644 --- a/framework/sdk-parent/sdk/src/main/java/io/metersphere/security/ApiKeyFilter.java +++ b/framework/sdk-parent/sdk/src/main/java/io/metersphere/security/ApiKeyFilter.java @@ -1,7 +1,6 @@ package io.metersphere.security; import io.metersphere.commons.constants.SessionConstants; -import io.metersphere.commons.utils.LogUtil; import org.apache.commons.lang3.StringUtils; import org.apache.shiro.SecurityUtils; import org.apache.shiro.authc.UsernamePasswordToken; @@ -21,9 +20,9 @@ public class ApiKeyFilter extends AnonymousFilter { // 不是apikey的通过 if (!ApiKeyHandler.isApiKeyCall(httpRequest) && !SecurityUtils.getSubject().isAuthenticated()) { // sso 带了token的 - String userId = ApiKeySessionHandler.validate(httpRequest); + String userId = SSOSessionHandler.validate(httpRequest); if (StringUtils.isNotBlank(userId)) { - SecurityUtils.getSubject().login(new UsernamePasswordToken(userId, ApiKeySessionHandler.random)); + SecurityUtils.getSubject().login(new UsernamePasswordToken(userId, SSOSessionHandler.random)); } return true; } @@ -32,7 +31,7 @@ public class ApiKeyFilter extends AnonymousFilter { if (!SecurityUtils.getSubject().isAuthenticated()) { String userId = ApiKeyHandler.getUser(WebUtils.toHttp(request)); if (StringUtils.isNotBlank(userId)) { - SecurityUtils.getSubject().login(new UsernamePasswordToken(userId, ApiKeySessionHandler.random)); + SecurityUtils.getSubject().login(new UsernamePasswordToken(userId, SSOSessionHandler.random)); } } @@ -45,6 +44,13 @@ public class ApiKeyFilter extends AnonymousFilter { @Override protected void postHandle(ServletRequest request, ServletResponse response) throws Exception { + HttpServletRequest httpRequest = WebUtils.toHttp(request); + // sso 带了token的 退出 + String userId = httpRequest.getHeader(SessionConstants.SSO_TOKEN); + if (StringUtils.isNotBlank(userId) && SecurityUtils.getSubject().isAuthenticated()) { + SecurityUtils.getSubject().logout(); + } + // apikey 退出 if (ApiKeyHandler.isApiKeyCall(WebUtils.toHttp(request)) && SecurityUtils.getSubject().isAuthenticated()) { SecurityUtils.getSubject().logout(); } diff --git a/framework/sdk-parent/sdk/src/main/java/io/metersphere/security/ApiKeySessionHandler.java b/framework/sdk-parent/sdk/src/main/java/io/metersphere/security/SSOSessionHandler.java similarity index 97% rename from framework/sdk-parent/sdk/src/main/java/io/metersphere/security/ApiKeySessionHandler.java rename to framework/sdk-parent/sdk/src/main/java/io/metersphere/security/SSOSessionHandler.java index e027df954f..68300c2306 100644 --- a/framework/sdk-parent/sdk/src/main/java/io/metersphere/security/ApiKeySessionHandler.java +++ b/framework/sdk-parent/sdk/src/main/java/io/metersphere/security/SSOSessionHandler.java @@ -9,7 +9,7 @@ import org.apache.commons.lang3.StringUtils; import javax.servlet.http.HttpServletRequest; import java.util.UUID; -public class ApiKeySessionHandler { +public class SSOSessionHandler { public static String random = UUID.randomUUID() + UUID.randomUUID().toString();