执行下面三个SQL脚本注册协同扩展信息。
insertinto pt_extension(classname, dr, i18name,id, isactive,module, pk_extension, pk_extpoint, pk_module,point, title, title2, title3, title4, title5, title6, ts)VALUES('nc.uap.portal.user.chain.SimpleMKeyLoginChain',0,NULL,'SimpleMKeyLoginChain','Y','websm','0000Z01000000000092H','0000Z01000000000002N','0002z0100000module14','UserVerifyChain','SimpleMKeyLoginChain','SimpleMKeyLoginChain', 'SimpleMKeyLoginChain', NULL, NULL,NULL,'2018-01-14 19:56:39');
update pt_extensionset isactive='N'wherepoint='UserVerifyChain';
update pt_extensionset isactive='Y'where classname='nc.uap.portal.user.chain.SimpleMKeyLoginChain';
配置MKEY。
在nchome\hotwebs\lfw\WEB-INF\conf\system.properties中添加一行:MKEY=mkey
mkey是单点登录使用的密钥,也可以设置成其他值,建议稍微复杂一点。
3、 部署单点登录补丁:class文件。
类路径:modules\websm\classes\nc\uap\portal\user\chain\ SimpleMKeyLoginChain.class
源码:
package nc.uap.portal.user.chain;
import java.security.MessageDigest;
import java.security.NoSuchAlgorithmException;
import javax.servlet.http.HttpServletRequest;
import sun.misc.BASE64Encoder;
import nc.uap.lfw.core.LfwRuntimeEnvironment;
import nc.uap.lfw.core.log.LfwLogger;
import nc.uap.portal.login.itf.LoginInterruptedException;
import nc.uap.portal.login.vo.AuthenticationUserVO;
public class SimpleMKeyLoginChain extends AbstractVerifyChain {
@Override
public void doVerify(HttpServletRequest request, VerifyAtomChain chain) {
String authKey = request.getParameter("AuthKey");
String userid = request.getParameter("userid");
String mKey = LfwRuntimeEnvironment.getServerConfig().get("MKEY");
String ret = buildAuthKey(userid, System.currentTimeMillis() , mKey);
if(ret.equals(authKey)){
AuthenticationUserVO userVO = new AuthenticationUserVO();
userVO.setUserID(userid);
try {
doLogin(userVO);
} catch (LoginInterruptedException e) {
LfwLogger.error(e.getMessage(), e);
}
if (hasLogin())
chain.doFilter(request);
}
}
@Override
public int compareTo(IUserVerifyChain o) {
return 0;
}
public static String buildAuthKey(String userid, long timeSpan, String mKey){
try {
String time = "0000";//(timeSpan + "").substring(0, 9);
String key = userid + time + mKey;
byte[] codes = MessageDigest.getInstance("SHA-1").digest(key.getBytes("UTF-8"));
return new BASE64Encoder().encode(codes).replace("+", "");
} catch (Exception e) {
LfwLogger.error(e);
}
return "";
}
}
4、 增加gtPortal.jsp文件。
文件放置路径:nchome \webapps\nc_web\gtPortal.jsp
gtPortal.jsp中request.getParameter(“user”);获取请求参数中的用户编码
request.getParameter(“mkey”);获取请求参数中的编码,该编码就是在步骤2中设置的MKEY值。
gtPortal.jsp源码:
<%@ page language="java" contentType="text/html; charset=utf-8"%>
<%@page import="java.io.BufferedReader"%>
<%@page import="java.io.InputStreamReader"%>
<%@page import="java.net.HttpURLConnection"%>
<%@page import="java.net.URL"%>
<%@page import="java.security.MessageDigest"%>
<%@page import="sun.misc.BASE64Encoder"%>
<%@page import="java.io.IOException"%>
<%
String user = request.getParameter("user");
String mkey = request.getParameter("mkey");
if(user.length() == 0){
return;
}
String time = "0000";//(timeSpan + "").substring(0, 9);
String key = user + time + mkey;
byte[] codes = MessageDigest.getInstance("SHA-1").digest(key.getBytes("UTF-8"));
BASE64Encoder BE = new BASE64Encoder();
String str = BE.encode(codes).replace("+", "");
String ssoPortalUrl = "http://127.0.0.1:9999/portal/pt/home/index?lrid=1&&userid="+user+"&AuthKey=" + str;
response.sendRedirect(ssoPortalUrl);
%>
5、 重启中间件后测试访问。
IE浏览访问地址:http://ip:port/gtPortal.jsp?user=usercode&mkey=mkey
其中:
user为登录用户编码。
mkey为步骤2中设置的MKEY值。
外部系统通过步骤5中访问地址,使用用户编码和MKEY值作为请求参数单点登录NC portal端。