单点登录SSO项目配置

 

第三方系统SSO集成说明：

 

注: 文档中所有涉及到的域名均为示例使用，需要根据实际值替换(黄色标注)。如：http://sso.test.com:8080和http://my.web.com:8080，涉及到的接口地址也要根据实际项目的接口地址填写。

 

1.       系统引入所需jar包，kisso-3.6.13.jar和 fastjson-1.2.31.jar。

   

项目工程web.xml中添加配置：

<context-param>

        <param-name>kissoConfigLocation</param-name>

        <param-value>classpath:properties/sso.properties</param-value>

    </context-param>

<listener>

       <listener-class>com.baomidou.kisso.web.KissoConfigListener</listener-class>

</listener>

        

2.      sso.properties 文件配置内容如下：

sso.defined.askurl=http://sso.test.com:8080/replylogin.html

(待确定的域名地址，需要替换)

sso.defined.oklogin=http://my.web.com:8080/oklogin.html 

(待确定的域名地址，需要替换)

 

sso.defined.my_private_key=MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBAMp4ORF5r+mBfYrpX944JDyQiaKof5CQ43H65tWS8wT2avQjiUSU2vweXVDbMRD7PPjOAPI5aiIIHFLBqAE9Nq17Xloyz66mUkvvhJxbmB24FhyhB8dREL85EIUahrljrTj2nWWGjDfXIqQoY1NhBi6l2VHgcVuoRI48UzAWcbSBAgMBAAECgYAtLeaOH7lBQcPh23GpBJ4RZa9QvIi6mZonNPWNct0HnnT/RW67/vtehugLwt2QDH/uhQlxA57LOUQYs13p6N7qMZ+4YY592hw4hrJUEAuuORU+wKWnr+wVQNm6Qc9Qf7axM6B5NgtLPbf0R7M53vgHHMyJh2tJKrY3RUdBbsUugQJBAObj3+B7v2QVKKPZlYvICwbKZAUcb1qZtPjtw7+aDah0EEqkaYD0ytmjl2esoknPySN2gbouc+nDvYZopFLgiDMCQQDgfRqCYfMHhjHPHoOwco3ZAevDDe22QksBIkfgFB9srEJCWauFyvB5PTG6+wFv94zqy3R92C6AVaWn8Ae8uqx7AkBkroWXfB7PY7KfEGh31bmJMoQ+/lFIbrJNwlCTonfGNyZLhjpDc3tpQD7rhIoYKbWJ80lKiKsfCq4AiGzvft2lAkEAqcBQDGmu0XC7N2hWolVtR7x5H8znhNuKRfg7K4lr3cxAalXOKuSzhKoucbqecqFZsK5aj1Kqjya0llIeN6tdAwJAImLxsxLxhk6dc8slEo8ObLAWWWkRZNiXCpr+2aWspVx1cK3GRtAa+0Q7X0TiA62/CrlWR/xJHvDI/+I9mcxJKg==

sso.defined.my_public_key=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDKeDkRea/pgX2K6V/eOCQ8kImiqH+QkONx+ubVkvME9mr0I4lElNr8Hl1Q2zEQ+zz4zgDyOWoiCBxSwagBPTate15aMs+uplJL74ScW5gduBYcoQfHURC/ORCFGoa5Y6049p1lhow31yKkKGNTYQYupdlR4HFbqESOPFMwFnG0gQIDAQAB

sso.defined.sso_public_key=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCDZmAZgJcQV0XjBOk/CB2nR+AXXyVMdcErLgz5LYb/g/Ar7tiHhYlGk69/mlItDnvHxeV/t7ibEqwvQnlDiM6BsYW/9HBzYWiF54D7hxd2MUWqNit232pS5XlmzurrFmqhSomrR0KKJHoA3HIsIGJ/AT9xzDb93GqPtDm6Yt24fwIDAQAB

 

 

 

 

 

 

3.       所有登录请求都跳转到这个接口,登录只有这一个入口

如：http://my.web.com:8090/oa/login.htm

这是第三方平台的登录接口，当需要通过 sso 登录时，跳转到 sso 系统登录，并将回调接口 传给sso系统。

 

如下为示例代码：

@RequestMapping("/login.htm")

    public String login(HttpServletRequestrequest,HttpServletResponse response) {

        SSOToken token = SSOHelper.getToken(request);

        if(token == null) {

            //重定向至 sso系统登录页，以下跳转方法为示例方法，请根据项目使用框架实现跳转代码。

return " redirect:http://sso.test.com:8080/loginAction.html?ReturnURL=http%3A%2F%2Fmy.web.com%3A8090%2Fproxylogin.htm");

        } else {

            //从token中取出信息，进行相关信息初始化。

            String userId = token.getUid();

            //.......

        }

        return "index";

    }

注: 示例代码中

         http://sso.test.com:8080/login.html?ReturnURL=http%3A%2F%2Fmy.web.com%3A8090%2Fproxylogin.htm 由于域名待确定，需要替换为实际值。

 

 

4.       经SSO登录后，重定向回到第三方系统(上一步中的回调接口), 需要实现如下接口：

示例接口：http://my.web.com:8090/oa/proxylogin.htm

 

 

示例代码：

    @RequestMapping("/proxylogin.htm")

    public String proxylogin(HttpServletRequest request,HttpServletResponseresponse) {

        // 用户自定义配置获取

        PropertiesUtil prop =SSOConfig.getSSOProperties();

       

        //业务系统私钥签名 authToken

        AuthToken at =SSOHelper.askCiphertext(request, response, prop.get("sso.defined.my_private_key"));

       

        //askurl 询问 sso是否登录地址

        String askurl = prop.get("sso.defined.askurl");

        request.setAttribute("askurl", askurl);

 

        //askTxt 询问 token密文

        String askData =  at.encryptAuthToken();

        request.setAttribute("askData", askData);

 

        // 确定是否登录地址

        String okurl =  prop.get("sso.defined.oklogin");

        request.setAttribute("okurl", okurl);

 

        return "proxylogin";

    }

 

 

上述步骤登录sso 系统成功后，向sso系统询问第三方系统是否可以登录。

下面即为 向sso系统询问是否可以登录的示例代码。

向askurl(sso询问是否可以登录的接口) 发起请求, 此处请求一定要使用 jsonp 格式，通过返回值 d.msg 判断是否成功，如果 d.msg = oUiX6o6j9R59Zyyhq9HTZ9sEjClr6oecYISm8g9mYLqcFB4cT0UJp4yeOyYcmKT03rlRp6s0WkDrrJ4og,这样的加密字符串形式，代表成功； d.msg = -1 代表登录失败，-1为信息code值。

 

proxylogin.jsp页面中js

    $(function(){

        $.ajax({

            url: askurl,

            data:  {askData:askData},

            success: function(d){

                if(d.msg == "-1"){  (‘-1’为错误code值)

                        window.location.href = "http://sso.test.com:8080/ loginAction.html?ReturnURL=http%3A%2F%2Fmy.web.com%3A8090%2Fproxylogin.html";

                    }else{  (成功)

                    $.post(okurl, {replyTxt:d.msg}, function(e) {

                        window.location.href =e.returl;

                    }, "json");

                }

            },error:function(){

                window.location.href = "http://sso.test.com:8080/ loginAction.html?ReturnURL=http%3A%2F%2Fmy.web.com%3A8090%2Fproxylogin.htm"

            },

            dataType: jsonp

         });

    });

 

5.       询问sso是否可以登录，sso系统在经过处理后，将结果返回到这个接口。

示例： http://my.web.com:8090/oklogin.htm

 

 

示例代码：

    @ResponseBody

    @RequestMapping("/oklogin")

    public void oklogin(HttpServletRequestrequest,HttpServletResponse response) {

        String returl = "http://my.web.com:8090/timeout.html";

      

        String replyTxt = request.getParameter("replyTxt");

        if (replyTxt != null&& !"".equals(replyTxt)) {

            // 用户自定义配置获取

            PropertiesUtil prop =SSOConfig.getSSOProperties();

            AuthToken at =SSOHelper.ok(request, response, replyTxt, prop.get("sso.defined.my_public_key"),

            prop.get("sso.defined.sso_public_key"));

            if (at != null) {

                returl = "http://my.web.com:8090/index.html";

                SSOToken st = new SSOToken();

                st.setUid(at.getUid());

                st.setTime(at.getTime());

               

                //设置

                SSOHelper.setSSOCookie(request,response, st, true);

            }

        }

        try {

                response.setContentType("text/html;charset=" +"UTF-8");

            PrintWriter out = response.getWriter();

            out.print("{\"returl\":\"" + returl +"\"}");

            out.flush();

        } catch (IOException e) {

            e.printStackTrace();

        }

    }

 

 

6.       对外提供退出登录接口:

示例代码如下：

@ResponseBody

    @RequestMapping("/logout")

    public String logout() {

       

        SSOHelper.clearLogin(request,response);

        return "success";

    }