⚡ 优化会话ID获取

2023-01-03 13:44:40 +08:00 · 2023-01-03 13:44:40 +08:00 · e75606c011
parent 4b9cf1e4c6
commit e75606c011
2 changed files with 7 additions and 32 deletions
--- a/eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/package-info.java
+++ b/eiam-application/eiam-application-cas/src/main/java/cn/topiam/employee/application/package-info.java
@ -1,18 +0,0 @@
 /*
 * eiam-application-cas - Employee Identity and Access Management Program
 * Copyright © 2020-2023 TopIAM (support@topiam.cn)
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */
 package cn.topiam.employee.application;
--- a/eiam-protocol/eiam-protocol-cas/src/main/java/cn/topiam/employee/protocol/cas/idp/endpoint/CasIdpSingleSignOnEndpointFilter.java
+++ b/eiam-protocol/eiam-protocol-cas/src/main/java/cn/topiam/employee/protocol/cas/idp/endpoint/CasIdpSingleSignOnEndpointFilter.java
@ -18,19 +18,18 @@
 package cn.topiam.employee.protocol.cas.idp.endpoint;
 import java.io.IOException;
 import java.util.List;
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import org.jetbrains.annotations.NotNull;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.boot.web.servlet.filter.OrderedFilter;
 import org.springframework.core.Ordered;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.core.session.SessionInformation;
 import org.springframework.security.core.session.SessionRegistry;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.security.web.util.matcher.RequestMatcher;
@ -48,12 +47,10 @@ import cn.topiam.employee.core.context.ServerContextHelp;
 import cn.topiam.employee.core.protocol.CasSsoModel;
 import cn.topiam.employee.core.security.savedredirect.HttpSessionRedirectCache;
 import cn.topiam.employee.core.security.savedredirect.RedirectCache;
 import cn.topiam.employee.core.security.userdetails.UserDetails;
 import cn.topiam.employee.core.security.util.SecurityUtils;
 import cn.topiam.employee.protocol.cas.idp.auth.CentralAuthenticationService;
 import cn.topiam.employee.protocol.cas.idp.tickets.ServiceTicket;
 import cn.topiam.employee.protocol.cas.idp.tickets.TicketGrantingTicket;
 import cn.topiam.employee.support.exception.TopIamException;
 import static cn.topiam.employee.common.constants.AuthorizeConstants.FE_LOGIN;
 import static cn.topiam.employee.core.security.util.SecurityUtils.isAuthenticated;
 import static cn.topiam.employee.protocol.cas.idp.constant.ProtocolConstants.SERVICE;
@ -97,8 +94,10 @@ public class CasIdpSingleSignOnEndpointFilter extends OncePerRequestFilter
    }
    @Override
-    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
+    protected void doFilterInternal(@NotNull HttpServletRequest request,
-                                    FilterChain filterChain) throws ServletException, IOException {
+                                    @NotNull HttpServletResponse response,
                                    @NotNull FilterChain filterChain) throws ServletException,
                                                                      IOException {
        if (CAS_SSO_REQUEST_MATCHER.matches(request)) {
            if (!isAuthenticated()) {
                //Saved Redirect
@ -110,13 +109,7 @@ public class CasIdpSingleSignOnEndpointFilter extends OncePerRequestFilter
                response.sendRedirect(ServerContextHelp.getPortalPublicBaseUrl() + FE_LOGIN);
                return;
            }
-            UserDetails userDetails = SecurityUtils.getCurrentUser();
+            String sessionId = request.getSession(false).getId();
            List<SessionInformation> sessionInformations = sessionRegistry
                .getAllSessions(userDetails.getUsername(), false);
            if (sessionInformations.size() != 1) {
                throw new TopIamException("用户身份出现异常");
            }
            String sessionId = sessionInformations.get(0).getSessionId();
            //获取应用配置
            ApplicationContext applicationContext = ApplicationContextHolder
                .getApplicationContext();
@ -132,7 +125,7 @@ public class CasIdpSingleSignOnEndpointFilter extends OncePerRequestFilter
            if (ticketGrantingTicket == null) {
                ticketGrantingTicket = centralAuthenticationService
-                    .createTicketGrantingTicket(userDetails, sessionId);
+                    .createTicketGrantingTicket(SecurityUtils.getCurrentUser(), sessionId);
            }
            ServiceTicket serviceTicket = centralAuthenticationService
                .grantServiceTicket(ticketGrantingTicket.getId(), service);