AccessToken
对于一些具有统一登录模块的框架,比如使用常用的token值来标识用户身份,在与BaskServer系统整合时,会在访问BaskServer相关的URL中加入token值,比如:
http://192.168.18.100:8080/baskserver/home?tenantId=basksoft&accessToken=xxxxxxxxxxxx
希望BaskServer系统会根据token值来判断用户身份。
- 配置一个Filter,接收Request,判断token值是否正确,如果正确,则将用户信息放入Cookie或Session中。
- 在SecurityProvider 的getLoginUser方法中,判断Cookie或Session中是否有token用户信息,如果有则根据Token的值解析用户信息,并返回BaskServer的User对象。如果没有,则返回空对象。
Filter参考代码(Cookie):
public class BaskOriginFilter extends BaskFilter{
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletResponse res=(HttpServletResponse)response;
res.setHeader("Access-Control-Allow-Origin", "*");
res.setHeader("Access-Control-Allow-Headers", "*");
HttpServletRequest req = (HttpServletRequest)request;
String accessToken = req.getParameter("accessToken");
if (StringUtils.isNoneBlank(accessToken)) {
setAccessCookie(req, res, accessToken);
}
super.doFilter(request, response, chain);
}
private static final String COOKIE_KEY = "accessToken";
private void setAccessCookie(HttpServletRequest req, HttpServletResponse res, String accessToken) {
Cookie[] cookies = req.getCookies();
Cookie accessCookie = null;
if (cookies!=null) {
for(Cookie cookie : cookies){
if (COOKIE_KEY.equals(cookie.getName())) {
accessCookie = cookie;
break;
}
}
}
if (accessCookie==null) {
accessCookie = new Cookie(COOKIE_KEY, accessToken);
res.addCookie(accessCookie);
} else {
accessCookie.setValue(accessToken);
System.out.println(accessCookie.getValue());
}
}
}
Filter参考代码(Session):
public class BaskOriginFilter extends BaskFilter{
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletResponse res=(HttpServletResponse)response;
res.setHeader("Access-Control-Allow-Origin", "*");
res.setHeader("Access-Control-Allow-Headers", "*");
HttpServletRequest req = (HttpServletRequest)request;
String accessToken = req.getParameter("accessToken");
if (StringUtils.isNoneBlank(accessToken)) {
req.getSession().setAttribute("accessToken", accessToken);
}
super.doFilter(request, response, chain);
}
}
SecurityProvider参考代码(Cookie):
public class MockSecurityProvider extends DefaultSecurityProvider {
@Override
public User getLoginUser(HttpServletRequest req) {
User user=super.getLoginUser(req);
if(user==null) {
Cookie[] cookies = req.getCookies();
Cookie accessCookie = null;
if (cookies!=null) {
for(Cookie cookie : cookies){
if (COOKIE_KEY.equals(cookie.getName())) {
accessCookie = cookie;
break;
}
}
}
String accessToken = null;
if (accessCookie!=null) {
accessToken = accessCookie.getValue();
}
if(accessToken!=null) {
Object userObject = // 根据accessToken获取用户信息
ArrayList<Tenant> tenants = new ArrayList<Tenant>();
Tenant tenant=new Tenant();
tenant.setId(系统中已经创建的租户ID);
tenant.setCreateUser(系统管理员账号);
tenants.add(tenant);
return new DefaultUser(用户系统账号, 用户名称, true, tenants);
}
}
return user;
}
SecurityProvider参考代码(Session):
public class MockSecurityProvider extends DefaultSecurityProvider {
@Override
public User getLoginUser(HttpServletRequest req) {
User user=super.getLoginUser(req);
if(user==null) {
String accessToken = req.getSession().getAttribute("accessToken");
if(accessToken!=null) {
Object userObject = // 根据accessToken获取用户信息
ArrayList<Tenant> tenants = new ArrayList<Tenant>();
Tenant tenant=new Tenant();
tenant.setId(系统中已经创建的租户ID);
tenant.setCreateUser(系统管理员账号);
tenants.add(tenant);
return new DefaultUser(用户系统账号, 用户名称, true, tenants);
}
}
return user;
}