Skip to content

J
jira-sso
提交 1c179f68 authored 作者: husishuai's avatar husishuai
浏览文件
操作

新增注释

上级 54fa72fc
隐藏空白字符变更
内嵌 并排
正在显示 包含 108 行增加74 行删除
atlassian-plugins-sso/src/main/java/com/atlassian/jira/security/sso/SSOSeraphAuthenticator.java
浏览文件 @ 1c179f68
......@@ -47,12 +47,13 @@ import java.util.*;
public class SSOSeraphAuthenticator extends DefaultAuthenticator {
// jira服务中的rest请求地址前缀
private static final String BASE_URL = "http://192.168.1.113:8080/rest/api/2";
// 管理员的用户密码拼接后生成的base64加密串。格式: base64(账号:密码)
private static final String AUTHORIZATION_HEADER = "Basic cm9vdDpBZG1pbkAxMjM="; // Replace with your base64 encoded auth header
// 本地缓存(客户要求需要加缓存),过期时间为一天
// 本地缓存,过期时间为一天
private static final TimedCache<Object, Object> GROUP_NAME_CACHE = CacheUtil.newTimedCache((60 * 60 * 24 * 1000L));
// 日志
private static final Logger log = LoggerFactory.getLogger(SSOSeraphAuthenticator.class);
private EventPublisher eventPublisher;
......@@ -61,12 +62,43 @@ public class SSOSeraphAuthenticator extends DefaultAuthenticator {
public SSOSeraphAuthenticator() {
}
/**
* 登出
* @param httpServletRequest
* @param httpServletResponse
* @return
* @throws AuthenticatorException
*/
@Override
public boolean logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws AuthenticatorException {
System.out.println("logout....");
return super.logout(httpServletRequest, httpServletResponse);
}
/**
* 登录
* @param httpServletRequest
* @param httpServletResponse
* @param username
* @param password
* @param setRememberMeCookie
* @return
* @throws AuthenticatorException
*/
@Override
public boolean login(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, String username, String password, boolean setRememberMeCookie) throws AuthenticatorException {
// jira请求标识
httpServletRequest.setAttribute("com.atlassian.confluence.login.direct", true);
// 登出时请求的地址 http://ip:port/login.html?isLogout=true
String isLogout = httpServletRequest.getParameter("isLogout");
System.out.println("isLogout = " + isLogout);
if (isLogout.equals("true")) {
System.out.println("开始退出...");
this.logout(httpServletRequest, httpServletResponse);
}else {
System.out.println("开始登录...");
// jira请求标识
httpServletRequest.setAttribute("com.atlassian.confluence.login.direct", true);
// 1 获取客户端ip地址
// 1 获取客户端ip地址
// String clientIp = IpUtil.getClientIp(httpServletRequest);
// if (StrUtil.isBlank(clientIp)) {
// // 重定向到auap登录页
......@@ -74,7 +106,7 @@ public class SSOSeraphAuthenticator extends DefaultAuthenticator {
// return false;
// }
// 2 检查当前ip是否在auap登录
// 2 检查当前ip是否在auap登录
// CheckLoginResult checkLoginResult = AuapUserService.checkLogin(clientIp);
// if (BeanUtil.isEmpty(checkLoginResult)) {
// // 重定向到auap登录页
......@@ -83,78 +115,80 @@ public class SSOSeraphAuthenticator extends DefaultAuthenticator {
// }
// 3. 判断:用户是否走了登录页进行登录(保证原有登录页可以正常登录)
// 如果是空,则表示未走登录页。那么从auap中获取用户名称
if (CharSequenceUtil.isBlank(username) && CharSequenceUtil.isBlank(password)) {
// 3.1 获取:用户、组信息
/**
* auap获取用户的代码
* 用户实体
* AuapUserInfo auapUserInfo = checkLoginResult.getContent();
*/
// 模拟用户信息
HashMap<String, Object> auapUserInfo = new HashMap<>();
auapUserInfo.put("username", "zhangsan");
auapUserInfo.put("staTruename", "张三");
auapUserInfo.put("deptId", "1813");
auapUserInfo.put("deptName", "分公司一-七组");
// auap账号名称
username = auapUserInfo.get("username").toString();
// 昵称
String userFullName = auapUserInfo.get("staTruename").toString();
// 部门id
String deptId = auapUserInfo.get("deptId").toString();
// 部门名称
String deptName = auapUserInfo.get("deptName").toString();
// 创建组名称
String groupName = deptName + "-" + deptId;
// 3. 判断:用户是否走了登录页进行登录(保证原有登录页可以正常登录)
// 如果是空,则表示未走登录页。那么从auap中获取用户名称
if (CharSequenceUtil.isBlank(username) && CharSequenceUtil.isBlank(password)) {
// 3.1 获取:用户、组信息
/**
* auap获取用户的代码
* 用户实体
* AuapUserInfo auapUserInfo = checkLoginResult.getContent();
*/
// 模拟用户信息
HashMap<String, Object> auapUserInfo = new HashMap<>();
auapUserInfo.put("username", "zhangsan");
auapUserInfo.put("staTruename", "张三");
auapUserInfo.put("deptId", "1813");
auapUserInfo.put("deptName", "分公司一-七组");
// auap账号名称
username = auapUserInfo.get("username").toString();
// 昵称
String userFullName = auapUserInfo.get("staTruename").toString();
// 部门id
String deptId = auapUserInfo.get("deptId").toString();
// 部门名称
String deptName = auapUserInfo.get("deptName").toString();
// 创建组名称
String groupName = deptName + "-" + deptId;
try {
// 3.2 查询用户是否存在(不存在则创建)
// 获取用户对象
Principal user = this.getUser(username);
// 如果用户不存在,则创建用户
if (ObjectUtils.isEmpty(user)) {
System.out.println("系统中不存在用户 = " + username);
// 3.3 判断是否存在组
GroupManager groupManager = ComponentAccessor.getGroupManager();
// 判断缓存中是否存在用户组
if (!GROUP_NAME_CACHE.containsKey(groupName)) {
System.out.println("缓存中不存在组 = " + groupName);
boolean groupExists = groupManager.groupExists(groupName);
// 不存在则创建组
if (!groupExists) {
System.out.println("系统中不存在组 = " + groupName);
groupManager.createGroup(groupName);
// 给组授予应用程序访问权,否则无法登陆(调用rest api实现)
addGroupApplicationRole(groupName);
try {
// 3.2 查询用户是否存在(不存在则创建)
// 获取用户对象
Principal user = this.getUser(username);
// 如果用户不存在,则创建用户
if (ObjectUtils.isEmpty(user)) {
System.out.println("系统中不存在用户 = " + username);
// 3.3 判断是否存在组
GroupManager groupManager = ComponentAccessor.getGroupManager();
// 判断缓存中是否存在用户组
if (!GROUP_NAME_CACHE.containsKey(groupName)) {
System.out.println("缓存中不存在组 = " + groupName);
boolean groupExists = groupManager.groupExists(groupName);
// 不存在则创建组
if (!groupExists) {
System.out.println("系统中不存在组 = " + groupName);
groupManager.createGroup(groupName);
// 给组授予应用程序访问权,否则无法登陆(调用rest api实现)
addGroupApplicationRole(groupName);
}
// 将组添加至缓存
GROUP_NAME_CACHE.put(groupName, groupName);
}
// 将组添加至缓存
GROUP_NAME_CACHE.put(groupName, groupName);
}
// 新增用户
UserManager userManager = getUserManager();
UserDetails userDetails = new UserDetails(username, userFullName).withPassword("123456").withEmail(username + "@test.com");
ApplicationUser applicationUser = userManager.createUser(userDetails);
// 新增用户
UserManager userManager = getUserManager();
UserDetails userDetails = new UserDetails(username, userFullName).withPassword("123456").withEmail(username + "@test.com");
ApplicationUser applicationUser = userManager.createUser(userDetails);
// 将用户添加到组
UserUtil userUtil = ComponentAccessor.getUserUtil();
Group group = groupManager.getGroup(groupName);
userUtil.addUserToGroup(group, applicationUser);
// 将用户添加到组
UserUtil userUtil = ComponentAccessor.getUserUtil();
Group group = groupManager.getGroup(groupName);
userUtil.addUserToGroup(group, applicationUser);
}
}catch (Exception e) {
e.printStackTrace();
}
}catch (Exception e) {
e.printStackTrace();
// 单点登录验证
return this.doLogin(httpServletRequest, httpServletResponse, username, password, setRememberMeCookie,true);
}else {
// 用户名及密码登录校验
return this.doLogin(httpServletRequest, httpServletResponse, username, password, setRememberMeCookie,false);
}
// 单点登录验证
return this.doLogin(httpServletRequest, httpServletResponse, username, password, setRememberMeCookie,true);
}else {
// 用户名及密码登录校验
return this.doLogin(httpServletRequest, httpServletResponse, username, password, setRememberMeCookie,false);
}
return false;
}
......@@ -397,7 +431,7 @@ public class SSOSeraphAuthenticator extends DefaultAuthenticator {
* 给组添加应用权限
*/
private void addGroupApplicationRole(String groupName) {
// 获取应用程序授权信息
// 获取应用程序授权信息(包含原本已授权的信息)
HashMap<String, List<String>> applicationRole = getApplicationRole();
System.out.println("addGroupApplicationRole - applicationRole: " + applicationRole);
List<String> groups = applicationRole.get("groups");
......@@ -405,7 +439,7 @@ public class SSOSeraphAuthenticator extends DefaultAuthenticator {
if (!groups.contains(groupName)) {
groups.add(groupName);
}
// 原本默认的组信息
List<String> defaultGroups = applicationRole.get("defaultGroups");
// 创建请求对象
......
Markdown 格式
0%
您添加了 0 到此讨论。请谨慎行事。
请先完成此评论的编辑!
注册 或者 后发表评论