解决方案如图
因为这次项目用到了shiro+xxl-sso
所以必须自定义一个filter,并且在web.xml中加上filter拦截
过滤器如下
/**
* @description: xxlsso 过滤器
* @author: liandong
* @create: 2019-03-04 11:12
**/
public class XxlSsoWebFilter extends HttpServlet implements Filter {
private static Logger logger = LoggerFactory.getLogger(XxlSsoWebFilter.class);
private static final AntPathMatcher antPathMatcher = new AntPathMatcher();
private String ssoServer;
private String logoutPath;
private String excludedPaths;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
//ssoServer = filterConfig.getInitParameter(Conf.SSO_SERVER);
ssoServer = XxlSsoConfig.getLfSsoServer();
//logoutPath = filterConfig.getInitParameter(Conf.SSO_LOGOUT_PATH);
logoutPath = XxlSsoConfig.getLfSsoLogoutPath();
//excludedPaths = filterConfig.getInitParameter(Conf.SSO_EXCLUDED_PATHS);
excludedPaths = XxlSsoConfig.getLfSsoExcludedPaths();
logger.info("XxlSsoWebFilter init.");
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest req = (HttpServletRequest) request;
HttpServletResponse res = (HttpServletResponse) response;
// make url
String servletPath = req.getServletPath();
// excluded path check
if (excludedPaths!=null && excludedPaths.trim().length()>0) {
for (String excludedPath:excludedPaths.split(",")) {
String uriPattern = excludedPath.trim();
// 支持ANT表达式
if (antPathMatcher.match(uriPattern, servletPath)) {
// excluded path, allow
chain.doFilter(request, response);
return;
}
}
}
// logout path check
// if (logoutPath!=null
//
// && logoutPath.trim().length()>0
//
// && logoutPath.equals(servletPath)) {
//
//
remove cookie
//
// SsoWebLoginHelper.removeSessionIdByCookie(req, res);
//
//
//
redirect logout
//
// String logoutPageUrl = ssoServer.concat(Conf.SSO_LOGOUT);
//
// res.sendRedirect(logoutPageUrl);
//
//
//
// return;
//
// }
// valid login user, cookie + redirect
XxlSsoUser xxlUser = SsoWebLoginHelper.loginCheck(req, res);
// valid login fail
if (xxlUser == null) {
String header = req.getHeader("content-type");
boolean isJson= header!=null && header.contains("json");
if (isJson) {
// json msg
res.setContentType("application/json;charset=utf-8");
res.getWriter().println("{\"resultCode\":"+Conf.SSO_LOGIN_FAIL_RESULT.getResultCode()+", \"resultMsg\":\""+ Conf.SSO_LOGIN_FAIL_RESULT.getResultMsg() +"\"}");
return;
} else {
// total link
String link = req.getRequestURL().toString();
// redirect logout
String loginPageUrl = ssoServer.concat(Conf.SSO_LOGIN)
+ "?" + Conf.REDIRECT_URL + "=" + link;
res.sendRedirect(loginPageUrl);
return;
}
}
// ser sso user
request.setAttribute(Conf.SSO_USER, xxlUser);
// already login, allow
chain.doFilter(request, response);
return;
}
}
增加的XXLConfig类如下
/**
* @author xuxueli 2018-11-15
*/
@Configuration
public class XxlSsoConfig implements DisposableBean {
private static PropertiesLoader propertiesLoader = new PropertiesLoader("conf/XxlSso.properties");
private static final String lfSsoServer=propertiesLoader.getProperty("lf.sso.server");
private static final String lfSsoLogoutPath=propertiesLoader.getProperty("lf.sso.logout.path");
private static final String lfSsoExcludedPaths=propertiesLoader.getProperty("lf-sso.excluded.sellerpaths");
private static final String lfSsoRedisAddress=propertiesLoader.getProperty("lf.sso.redis.address");
public static String getLfSsoServer() {
return lfSsoServer;
}
public static String getLfSsoLogoutPath() {
return lfSsoLogoutPath;
}
public static String getLfSsoExcludedPaths() {
return lfSsoExcludedPaths;
}
public static String getLfSsoRedisAddress() {
return lfSsoRedisAddress;
}
@Bean
public FilterRegistrationBean lfSsoFilterRegistration() {
// xxl-sso, redis init
JedisUtil.init(lfSsoRedisAddress);
// xxl-sso, filter init
FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setName("XxlSsoWebFilter");
registration.setOrder(1);
registration.addUrlPatterns("/*");
registration.setFilter(new XxlSsoWebFilter());
registration.addInitParameter(Conf.SSO_SERVER, lfSsoServer);
registration.addInitParameter(Conf.SSO_LOGOUT_PATH, lfSsoLogoutPath);
registration.addInitParameter(Conf.SSO_EXCLUDED_PATHS, lfSsoExcludedPaths);
return registration;
}
@Override
public void destroy() throws Exception {
// xxl-sso, redis close
JedisUtil.close();
}
}
还有properties文件
#xxlsso网址
lf.sso.server=http://ssotest.test.com
#登出网址
lf.sso.logout.path=/logout
#排除网址
lf-sso.excluded.sellerpaths=/api/uc.php,/unionJD/**
#redis网址
lf.sso.redis.address=redis://localhost:6379/1
因为非springboot项目不会读@Configration注释
所以要在application-context.xml中配置config
<!--加载ssoconfig文件-->
<context:component-scan base-package="com.seller.sso"></context:component-scan>
在后台方法中获取,就变成了
//集成单点登陆
XxlSsoUser xxlUser = (XxlSsoUser) request.getAttribute(Conf.SSO_USER);