cn.yerl.web.spring.sso

类 SSOClient

java.lang.Object

org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

cn.yerl.web.spring.sso.SSOClient

所有已实现的接口:

org.springframework.security.config.annotation.SecurityConfigurer<javax.servlet.Filter,org.springframework.security.config.annotation.web.builders.WebSecurity>, org.springframework.security.config.annotation.web.WebSecurityConfigurer<org.springframework.security.config.annotation.web.builders.WebSecurity>, org.springframework.security.web.authentication.AuthenticationFailureHandler, org.springframework.security.web.authentication.AuthenticationSuccessHandler

@Configuration
 @EnableConfigurationProperties(value=SSOProperties.class)
 @Controller
 @EnableScheduling
public class SSOClient
extends org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter
implements org.springframework.security.web.authentication.AuthenticationSuccessHandler, org.springframework.security.web.authentication.AuthenticationFailureHandler

Configuration for SSO Created by alan on 2017/3/13.

构造器概要

构造器

构造器和说明
SSOClient()

方法概要

限定符和类型	方法和说明
void	clearReturnUrls() 60秒清空一次未使用的return url
protected void	configure(org.springframework.security.config.annotation.web.builders.HttpSecurity http) 配置SSO拦截器
void	configureGlobal(org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder auth) 配置authenticationProvider，从认验中心中获取session
org.springframework.security.web.AuthenticationEntryPoint	loginUrlAuthenticationEntryPoint() 获取被登录时被拦截的请求, 并将其封装后保存到session中
void	onAuthenticationFailure(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.AuthenticationException exception) 处理登录失改
void	onAuthenticationSuccess(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, org.springframework.security.core.Authentication authentication) 处理登录成功，如果session中存有return_req，则重定向到/api/security/rewrite中，返回之前的结果 之后以不在这个方法中返回之前的结果，是因为要将session_id的cookie写到response中
void	rewrite(java.lang.String token, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) 回写被拦截的请求的结果
void	validate(java.lang.String token, java.lang.String authCode, javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response) 验证token Spring Security的login loginProcessingUrl必须使用post请求 而SSO通过redirect返回回来必定是GET请求，所以使用这个方法进行代理

从类继承的方法 org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

authenticationManager, authenticationManagerBean, configure, configure, getApplicationContext, getHttp, init, setApplicationContext, setAuthenticationConfiguration, setContentNegotationStrategy, setObjectPostProcessor, setTrustResolver, userDetailsService, userDetailsServiceBean

从类继承的方法 java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

构造器详细资料

SSOClient

public SSOClient()

方法详细资料

clearReturnUrls

@Scheduled(fixedRate=60000L)
public void clearReturnUrls()

60秒清空一次未使用的return url

configure

protected void configure(org.springframework.security.config.annotation.web.builders.HttpSecurity http)
                  throws java.lang.Exception

配置SSO拦截器

覆盖:

configure 在类中 org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter

抛出:

java.lang.Exception

validate

@GetMapping(value="/api/security/validate")
public void validate(@RequestParam(value="token")
                                                                 java.lang.String token,
                                                                 @RequestParam(value="auth_code")
                                                                 java.lang.String authCode,
                                                                 javax.servlet.http.HttpServletRequest request,
                                                                 javax.servlet.http.HttpServletResponse response)
                                                          throws java.lang.Exception

验证token Spring Security的login loginProcessingUrl必须使用post请求 而SSO通过redirect返回回来必定是GET请求，所以使用这个方法进行代理

抛出:

java.lang.Exception

rewrite

@GetMapping(value="/api/security/rewrite")
public void rewrite(@RequestParam(value="token")
                                                               java.lang.String token,
                                                               javax.servlet.http.HttpServletRequest request,
                                                               javax.servlet.http.HttpServletResponse response)

回写被拦截的请求的结果

loginUrlAuthenticationEntryPoint

public org.springframework.security.web.AuthenticationEntryPoint loginUrlAuthenticationEntryPoint()
                                                                                           throws java.lang.Exception

获取被登录时被拦截的请求, 并将其封装后保存到session中

抛出:

java.lang.Exception

onAuthenticationSuccess

public void onAuthenticationSuccess(javax.servlet.http.HttpServletRequest request,
                                    javax.servlet.http.HttpServletResponse response,
                                    org.springframework.security.core.Authentication authentication)
                             throws java.io.IOException,
                                    javax.servlet.ServletException

处理登录成功，如果session中存有return_req，则重定向到/api/security/rewrite中，返回之前的结果 之后以不在这个方法中返回之前的结果，是因为要将session_id的cookie写到response中

指定者:

onAuthenticationSuccess 在接口中 org.springframework.security.web.authentication.AuthenticationSuccessHandler

抛出:

java.io.IOException

javax.servlet.ServletException

onAuthenticationFailure

public void onAuthenticationFailure(javax.servlet.http.HttpServletRequest request,
                                    javax.servlet.http.HttpServletResponse response,
                                    org.springframework.security.core.AuthenticationException exception)
                             throws java.io.IOException,
                                    javax.servlet.ServletException

处理登录失改

指定者:

onAuthenticationFailure 在接口中 org.springframework.security.web.authentication.AuthenticationFailureHandler

抛出:

java.io.IOException

javax.servlet.ServletException

configureGlobal

@Autowired
public void configureGlobal(org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder auth)
                                throws java.lang.Exception

配置authenticationProvider，从认验中心中获取session

抛出:

java.lang.Exception