import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import org.apache.commons.lang.StringUtils;
import org.apache.shiro.web.servlet.AdviceFilter;
import org.apache.shiro.web.util.WebUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import com.concom.security.infrastructure.helper.HttpHelper;
import com.concom.security.infrastructure.helper.ShiroSecurityHelper;
public class CasFilter extends AdviceFilter {
private final static Logger log = LoggerFactory.getLogger(CasFilter.class);
private String casServerURL; //重定向的目标位址,該位址用于擷取sessionId,如www.b.com/token
private String domain; //filter應用的域名,如www.a.com
@Override
protected boolean preHandle(ServletRequest request, ServletResponse response)throws Exception {
boolean hasSyn = (null == ShiroSecurityHelper.getSession().getAttribute("hasSyn") ? false : (Boolean) ShiroSecurityHelper.getSession().getAttribute("hasSyn"));
if(ShiroSecurityHelper.hasAuthenticated() || hasSyn){//當使用者已經登入或者從session中取得的hasSyn為true,說明已經同步session,不需要再重定向
return true;
}
String jsid = WebUtils.getCleanParam(request, "jsid");
HttpServletRequest httpRequest = WebUtils.toHttp(request);
String url = httpRequest.getRequestURL().toString();
url = StringUtils.remove(url, httpRequest.getContextPath());
if(StringUtils.isNotBlank(jsid)){//如果jsid不為空,說明是通過www.b.com重定向回來的,将從b域名拿到的sessionId寫回到自己域名下。
//以下兩句作用是将jsid,rememberMe寫到domain域名下的cookie中,讀者可以自己實作。
HttpHelper.setCookie(WebUtils.toHttp(httpRequest),WebUtils.toHttp(response), "jsid", jsid,domain,"/");
HttpHelper.setCookie(WebUtils.toHttp(httpRequest),WebUtils.toHttp(response), "rememberMe", WebUtils.getCleanParam(request, "rememberMe"),domain,"/");
WebUtils.issueRedirect(request, response, url);
log.info("redirect : " + url);
return false;
}
String uri = casServerURL + "?service=" + url; //重寫向到www.b.com/token下
WebUtils.issueRedirect(request, response, uri);
log.info("redirect : " + uri);
return false;
}
@Override
protected void postHandle(ServletRequest request, ServletResponse response)throws Exception {
super.postHandle(request, response);
}
public void setCasServerURL(String casServerURL) {
this.casServerURL = casServerURL;
}
public void setDomain(String domain) {
this.domain = domain;
}
}