本文共 25207 字,大约阅读时间需要 84 分钟。
package DesktopSSO; import java.io.*; import java.net.*; import java.text.*; import java.util.*; import java.util.concurrent.*; import javax.servlet.*; import javax.servlet.http.*; public class SSOAuth extends HttpServlet { static private ConcurrentMap accounts; static private ConcurrentMap SSOIDs; String cookiename="WangYuDesktopSSOID"; String domainname; public void init(ServletConfig config) throws ServletException { super.init(config); domainname= config.getInitParameter("domainname"); cookiename = config.getInitParameter("cookiename"); SSOIDs = new ConcurrentHashMap(); accounts=new ConcurrentHashMap(); accounts.put("wangyu", "wangyu"); accounts.put("paul", "paul"); accounts.put("carol", "carol"); } protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { PrintWriter out = response.getWriter(); String action = request.getParameter("action"); String result="failed"; if (action==null) { handlerFromLogin(request,response); } else if (action.equals("authcookie")){ String myCookie = request.getParameter("cookiename"); if (myCookie != null) result = authCookie(myCookie); out.print(result); out.close(); } else if (action.equals("authuser")) { result=authNameAndPasswd(request,response); out.print(result); out.close(); } else if (action.equals("logout")) { String myCookie = request.getParameter("cookiename"); logout(myCookie); out.close(); } } ..... } |
private void handlerFromLogin(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { String username = request.getParameter("username"); String password = request.getParameter("password"); String pass = (String)accounts.get(username); if ((pass==null)||(!pass.equals(password))) getServletContext().getRequestDispatcher("/failed.html").forward(request, response); else { String gotoURL = request.getParameter("goto"); String newID = createUID(); SSOIDs.put(newID, username); Cookie wangyu = new Cookie(cookiename, newID); wangyu.setDomain(domainname); wangyu.setMaxAge(60000); wangyu.setValue(newID); wangyu.setPath("/"); response.addCookie(wangyu); System.out.println("login success, goto back url:" + gotoURL); if (gotoURL != null) { PrintWriter out = response.getWriter(); response.sendRedirect(gotoURL); out.close(); } } } |
package SSO; import java.io.*; import java.net.*; import java.util.*; import java.text.*; import javax.servlet.*; import javax.servlet.http.*; import javax.servlet.*; import org.apache.commons.httpclient.*; import org.apache.commons.httpclient.methods.GetMethod; public class SSOFilter implements Filter { private FilterConfig filterConfig = null; private String cookieName="WangYuDesktopSSOID"; private String SSOServiceURL= "http://wangyu.prc.sun.com:8080/SSOAuth/SSOAuth"; private String SSOLoginPage= "http://wangyu.prc.sun.com:8080/SSOAuth/login.jsp"; public void init(FilterConfig filterConfig) { this.filterConfig = filterConfig; if (filterConfig != null) { if (debug) { log("SSOFilter:Initializing filter"); } } cookieName = filterConfig.getInitParameter("cookieName"); SSOServiceURL = filterConfig.getInitParameter("SSOServiceURL"); SSOLoginPage = filterConfig.getInitParameter("SSOLoginPage"); } ..... ..... } |
public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException { if (debug) log("SSOFilter:doFilter()"); HttpServletRequest request = (HttpServletRequest) req; HttpServletResponse response = (HttpServletResponse) res; String result="failed"; String url = request.getRequestURL().toString(); String qstring = request.getQueryString(); if (qstring == null) qstring =""; // 检查 http 请求的 head 是否有需要的 cookie String cookieValue =""; javax.servlet.http.Cookie[] diskCookies = request.getCookies(); if (diskCookies != null) { for (int i = 0; i < diskCookies.length; i++) { if(diskCookies[i].getName().equals(cookieName)){ cookieValue = diskCookies[i].getValue(); // 如果找到了相应的 cookie 则效验其有效性 result = SSOService(cookieValue); if (debug) log("found cookies!"); } } } if (result.equals("failed")) { // 效验失败或没有找到 cookie ,则需要登录 response.sendRedirect(SSOLoginPage+"?goto="+url); } else if (qstring.indexOf("logout") > 1) {//logout 服务 if (debug) log("logout action!"); logoutService(cookieValue); response.sendRedirect(SSOLoginPage+"?goto="+url); } else {// 效验成功 request.setAttribute("SSOUser",result); Throwable problem = null; try { chain.doFilter(req, res); } catch(Throwable t) { problem = t; t.printStackTrace(); } if (problem != null) { if (problem instanceof ServletException) throw (ServletException)problem; if (problem instanceof IOException) throw (IOException)problem; sendProcessingError(problem, res); } } } |
private String SSOService(String cookievalue) throws IOException { String authAction = "?action=authcookie&cookiename="; HttpClient httpclient = new HttpClient(); GetMethod httpget = new GetMethod(SSOServiceURL+authAction+cookievalue); try { httpclient.executeMethod(httpget); String result = httpget.getResponseBodyAsString(); return result; } finally { httpget.releaseConnection(); } } private void logoutService(String cookievalue) throws IOException { String authAction = "?action=logout&cookiename="; HttpClient httpclient = new HttpClient(); GetMethod httpget = new GetMethod(SSOServiceURL+authAction+cookievalue); try { httpclient.executeMethod(httpget); httpget.getResponseBodyAsString(); } finally { httpget.releaseConnection(); } } |
DesktopSSO { desktopsso.share.PasswordLoginModule required; desktopsso.share.DesktopSSOLoginModule required; }; |
public class DesktopSSOLoginModule implements LoginModule { .......... private String SSOServiceURL = ""; private String SSOLoginPage = ""; private static String cookiefilepath = ""; ......... |
SSOServiceURL=http://wangyu.prc.sun.com:8080/SSOAuth/SSOAuth SSOLoginPage=http://wangyu.prc.sun.com:8080/SSOAuth/login.jsp cookiefilepath=C://Documents and Settings//yw137672//Application Data//Mozilla//Profiles//default//hog6z1ji.slt//cookies.txt |
public boolean login() throws LoginException{ try { if (Cookielogin()) return true; } catch (IOException ex) { ex.printStackTrace(); } if (passwordlogin()) return true; throw new FailedLoginException(); } |
public boolean Cookielogin() throws LoginException,IOException { String cookieValue=""; int cookieIndex =foundCookie(); if (cookieIndex<0) return false; else cookieValue = getCookieValue(cookieIndex); username = cookieAuth(cookieValue); if (! username.equals("failed")) { loginSuccess = true; return true; } return false; } |
public boolean passwordlogin() throws LoginException { // // Since we need input from a user, we need a callback handler if (callbackHandler == null) { throw new LoginException("No CallbackHandler defined"); } Callback[] callbacks = new Callback[2]; callbacks[0] = new NameCallback("Username"); callbacks[1] = new PasswordCallback("Password", false); // // Call the callback handler to get the username and password try { callbackHandler.handle(callbacks); username = ((NameCallback)callbacks[0]).getName(); char[] temp = ((PasswordCallback)callbacks[1]).getPassword(); password = new char[temp.length]; System.arraycopy(temp, 0, password, 0, temp.length); ((PasswordCallback)callbacks[1]).clearPassword(); } catch (IOException ioe) { throw new LoginException(ioe.toString()); } catch (UnsupportedCallbackException uce) { throw new LoginException(uce.toString()); } System.out.println(); String authresult =""; try { authresult = userAuth(username, password); } catch (IOException ex) { ex.printStackTrace(); } if (! authresult.equals("failed")) { loginSuccess= true; clearPassword(); try { updateCookie(authresult); } catch (IOException ex) { ex.printStackTrace(); } return true; } loginSuccess = false; username = null; clearPassword(); System.out.println( "Login: PasswordLoginModule FAIL" ); throw new FailedLoginException(); } |
private String cookieAuth(String cookievalue) throws IOException{ String result = "failed"; HttpClient httpclient = new HttpClient(); GetMethod httpget = new GetMethod(SSOServiceURL+Action1+cookievalue); try { httpclient.executeMethod(httpget); result = httpget.getResponseBodyAsString(); } finally { httpget.releaseConnection(); } return result; } private String userAuth(String username, char[] password) throws IOException{ String result = "failed"; String passwd= new String(password); HttpClient httpclient = new HttpClient(); GetMethod httpget = new GetMethod(SSOServiceURL+Action2+username+"&password="+passwd); passwd = null; try { httpclient.executeMethod(httpget); result = httpget.getResponseBodyAsString(); } finally { httpget.releaseConnection(); } return result; } |