gitee
/
eiam
mirror of https://gitee.com/topiam/eiam
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

增加CAS登出功能

pull/21/MERGE
yzyunzhang 2023-05-22 00:33:57 +00:00 committed by smallbun
parent 8efdb1c3f6
commit eb65d69e07
2 changed files with 108 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

7
eiam-protocol/eiam-protocol-cas/src/main/java/cn/topiam/employee/protocol/cas/idp/CasIdpConfigurer.java
View File

@ -35,6 +35,7 @@ import cn.topiam.employee.protocol.cas.idp.auth.CentralAuthenticationService;
import cn.topiam.employee.protocol.cas.idp.endpoint.Cas10IdpValidateEndpointFilter;
import cn.topiam.employee.protocol.cas.idp.endpoint.Cas30IdpValidateEndpointFilter;
import cn.topiam.employee.protocol.cas.idp.endpoint.CasIdpSingleSignOnEndpointFilter;
import cn.topiam.employee.protocol.cas.idp.endpoint.CasIdpSingleSignOutEndpointFilter;
import cn.topiam.employee.protocol.cas.idp.filter.CasAuthorizationServerContextFilter;
import cn.topiam.employee.protocol.cas.idp.util.CasUtils;
import static cn.topiam.employee.protocol.cas.idp.util.CasUtils.*;
@ -60,6 +61,11 @@ public class CasIdpConfigurer<B extends HttpSecurityBuilder<B>>
http.addFilterAfter(new CasIdpSingleSignOnEndpointFilter(applicationServiceLoader,
centralAuthenticationService), UsernamePasswordAuthenticationFilter.class);
//CAS 登出过滤器
http.addFilterAfter(
new CasIdpSingleSignOutEndpointFilter(applicationServiceLoader, sessionRegistry),
CasIdpSingleSignOnEndpointFilter.class);
//cas 1.0 验证过滤器
http.addFilterBefore(
new Cas10IdpValidateEndpointFilter(applicationServiceLoader, sessionRegistry,
@ -83,6 +89,7 @@ public class CasIdpConfigurer<B extends HttpSecurityBuilder<B>>
requestMatchers.add(CasIdpSingleSignOnEndpointFilter.getRequestMatcher());
requestMatchers.add(Cas30IdpValidateEndpointFilter.getRequestMatcher());
requestMatchers.add(Cas10IdpValidateEndpointFilter.getRequestMatcher());
requestMatchers.add(CasIdpSingleSignOutEndpointFilter.getRequestMatcher());
return new OrRequestMatcher(requestMatchers);
}
}

101
eiam-protocol/eiam-protocol-cas/src/main/java/cn/topiam/employee/protocol/cas/idp/endpoint/CasIdpSingleSignOutEndpointFilter.java Normal file
View File

@ -0,0 +1,101 @@
/*
* eiam-protocol-cas - Employee Identity and Access Management Program
* Copyright © 2020-2023 TopIAM (support@topiam.cn)
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as published by
* the Free Software Foundation, either version 3 of the License, or
* (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
package cn.topiam.employee.protocol.cas.idp.endpoint;
import java.io.IOException;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.boot.web.servlet.filter.OrderedFilter;
import org.springframework.core.Ordered;
import org.springframework.http.HttpMethod;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import org.springframework.security.web.util.matcher.RequestMatcher;
import org.springframework.web.filter.OncePerRequestFilter;
import cn.topiam.employee.application.ApplicationService;
import cn.topiam.employee.application.ApplicationServiceLoader;
import cn.topiam.employee.application.cas.CasApplicationService;
import cn.topiam.employee.application.cas.model.CasSsoModel;
import cn.topiam.employee.application.context.ApplicationContext;
import cn.topiam.employee.application.context.ApplicationContextHolder;
import cn.topiam.employee.common.constants.ProtocolConstants;
import cn.topiam.employee.core.context.ServerContextHelp;
import lombok.RequiredArgsConstructor;
import static cn.topiam.employee.common.constants.AuthorizeConstants.FE_LOGIN;
import static cn.topiam.employee.protocol.cas.idp.constant.ProtocolConstants.SERVICE;
/**
* @author yunzhang
*/
@RequiredArgsConstructor
public class CasIdpSingleSignOutEndpointFilter extends OncePerRequestFilter
implements OrderedFilter {
private static final RequestMatcher REQUEST_MATCHER = new AntPathRequestMatcher(
ProtocolConstants.CasEndpointConstants.CAS_LOGOUT_PATH);
private final ApplicationServiceLoader applicationServiceLoader;
private final SessionRegistry sessionRegistry;
@Override
public int getOrder() {
return Ordered.LOWEST_PRECEDENCE;
}
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response,
FilterChain filterChain) throws ServletException, IOException {
if (REQUEST_MATCHER.matches(request) && HttpMethod.GET.matches(request.getMethod())) {
//获取应用配置
ApplicationContext applicationContext = ApplicationContextHolder
.getApplicationContext();
ApplicationService applicationService = applicationServiceLoader
.getApplicationService(applicationContext.getAppTemplate());
CasSsoModel casSsoModel = ((CasApplicationService) applicationService)
.getSsoModel(applicationContext.getAppId());
//登出用户
HttpSession session = request.getSession(false);
if (session != null) {
sessionRegistry.removeSessionInformation(session.getId());
}
String service = request.getParameter(SERVICE);
//all service urls be filtered via the service management tool
if (service != null && service.equals(casSsoModel.getClientServiceUrl())) {
response.sendRedirect(service);
} else {
//跳转登录
response.sendRedirect(ServerContextHelp.getPortalPublicBaseUrl() + FE_LOGIN);
}
}
}
public static RequestMatcher getRequestMatcher() {
return REQUEST_MATCHER;
}
}