From e783031298ea239ce49b5f84bae55f0b2b57f71a Mon Sep 17 00:00:00 2001
From: Jason Song <nobodyiam@gmail.com>
Date: Fri, 24 Jun 2016 16:15:25 +0800
Subject: [PATCH] add mechanism to keep sso auto login

---
 .../apollo/common/auth/WebSecurityConfig.java |  1 +
 apollo-portal/pom.xml                         |  4 ++--
 .../portal/auth/CtripLogoutHandler.java       |  6 ++++-
 .../configutation/AuthConfiguration.java      |  8 +++++--
 .../main/resources/static/scripts/AppUtils.js |  2 +-
 .../main/resources/static/sso_heartbeat.html  | 22 +++++++++++++++++++
 .../resources/static/views/common/footer.html |  5 +----
 pom.xml                                       |  6 ++---
 8 files changed, 41 insertions(+), 13 deletions(-)
 create mode 100644 apollo-portal/src/main/resources/static/sso_heartbeat.html

diff --git a/apollo-common/src/main/java/com/ctrip/framework/apollo/common/auth/WebSecurityConfig.java b/apollo-common/src/main/java/com/ctrip/framework/apollo/common/auth/WebSecurityConfig.java
index 30af2e519..024bcc222 100644
--- a/apollo-common/src/main/java/com/ctrip/framework/apollo/common/auth/WebSecurityConfig.java
+++ b/apollo-common/src/main/java/com/ctrip/framework/apollo/common/auth/WebSecurityConfig.java
@@ -17,6 +17,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
   protected void configure(HttpSecurity http) throws Exception {
     http.httpBasic();
     http.csrf().disable();
+    http.headers().frameOptions().sameOrigin();
   }
 
   @Autowired
diff --git a/apollo-portal/pom.xml b/apollo-portal/pom.xml
index 500e8c3db..d629868fa 100644
--- a/apollo-portal/pom.xml
+++ b/apollo-portal/pom.xml
@@ -66,8 +66,8 @@
 			</properties>
 			<dependencies>
 				<dependency>
-					<groupId>org.jasig.cas.client</groupId>
-					<artifactId>cas-client-core-infosec-credis</artifactId>
+					<groupId>com.ctrip.framework.apollo-sso</groupId>
+					<artifactId>apollo-sso-ctrip</artifactId>
 				</dependency>
 			</dependencies>
 		</profile>
diff --git a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/auth/CtripLogoutHandler.java b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/auth/CtripLogoutHandler.java
index 0c7dd188e..9e69a67bf 100644
--- a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/auth/CtripLogoutHandler.java
+++ b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/auth/CtripLogoutHandler.java
@@ -9,6 +9,7 @@ import java.io.IOException;
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 
 public class CtripLogoutHandler implements LogoutHandler{
 
@@ -18,7 +19,10 @@ public class CtripLogoutHandler implements LogoutHandler{
   @Override
   public void logout(HttpServletRequest request, HttpServletResponse response) {
     //将session销毁
-    request.getSession().invalidate();
+    HttpSession session = request.getSession(false);
+    if (session != null) {
+      session.invalidate();
+    }
 
     Cookie cookie = new Cookie("memCacheAssertionID", null);
     //将cookie的有效期设置为0，命令浏览器删除该cookie
diff --git a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/configutation/AuthConfiguration.java b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/configutation/AuthConfiguration.java
index fbc89b36b..b552c6905 100644
--- a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/configutation/AuthConfiguration.java
+++ b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/configutation/AuthConfiguration.java
@@ -73,9 +73,11 @@ public class AuthConfiguration {
       filterInitParam.put("redisClusterName", "casClientPrincipal");
       filterInitParam.put("serverName", serverConfigService.getValue("serverName"));
       filterInitParam.put("casServerLoginUrl", serverConfigService.getValue("casServerLoginUrl"));
+      //we don't want to use session to store login information, since we will be deployed to a cluster, not a single instance
+      filterInitParam.put("useSession", "false");
 
       casFilter.setInitParameters(filterInitParam);
-      casFilter.setFilter(filter("org.jasig.cas.client.authentication.AuthenticationFilter"));
+      casFilter.setFilter(filter("com.ctrip.framework.apollo.sso.filter.ApolloAuthenticationFilter"));
       casFilter.addUrlPatterns("/*");
 
       return casFilter;
@@ -88,6 +90,8 @@ public class AuthConfiguration {
       filterInitParam.put("casServerUrlPrefix", serverConfigService.getValue("casServerUrlPrefix"));
       filterInitParam.put("serverName", serverConfigService.getValue("serverName"));
       filterInitParam.put("encoding", "UTF-8");
+      //we don't want to use session to store login information, since we will be deployed to a cluster, not a single instance
+      filterInitParam.put("useSession", "false");
       filterInitParam.put("useRedis", "true");
       filterInitParam.put("redisClusterName", "casClientPrincipal");
 
@@ -105,7 +109,7 @@ public class AuthConfiguration {
     public FilterRegistrationBean assertionHolder(){
       FilterRegistrationBean assertionHolderFilter = new FilterRegistrationBean();
 
-      assertionHolderFilter.setFilter(filter("org.jasig.cas.client.util.AssertionThreadLocalFilter"));
+      assertionHolderFilter.setFilter(filter("com.ctrip.framework.apollo.sso.filter.ApolloAssertionThreadLocalFilter"));
       assertionHolderFilter.addUrlPatterns("/*");
 
       return assertionHolderFilter;
diff --git a/apollo-portal/src/main/resources/static/scripts/AppUtils.js b/apollo-portal/src/main/resources/static/scripts/AppUtils.js
index 8a5e98982..0bb039976 100644
--- a/apollo-portal/src/main/resources/static/scripts/AppUtils.js
+++ b/apollo-portal/src/main/resources/static/scripts/AppUtils.js
@@ -3,7 +3,7 @@ appUtil.service('AppUtil', ['toastr', function (toastr) {
     return {
         errorMsg: function (response) {
             if (response.status == -1) {
-                return "您的登录信息已过期,请重新登录";
+                return "您的登录信息已过期,请刷新页面后重试";
             }
             var msg = "Code:" + response.status;
             if (response.data.message != null) {
diff --git a/apollo-portal/src/main/resources/static/sso_heartbeat.html b/apollo-portal/src/main/resources/static/sso_heartbeat.html
new file mode 100644
index 000000000..0cdb13ce9
--- /dev/null
+++ b/apollo-portal/src/main/resources/static/sso_heartbeat.html
@@ -0,0 +1,22 @@
+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>SSO Heartbeat</title>
+    <script type="text/javascript">
+        var reloading = false;
+        setInterval(function () {
+            if (document.cookie.indexOf('memCacheAssertionID=') == -1) {
+                if (reloading) {
+                    return;
+                }
+                reloading = true;
+                console.log("sso memCacheAssertionID expires, try reloading");
+                location.reload(true);
+            }
+        }, 1000);
+    </script>
+</head>
+<body>
+</body>
+</html>
diff --git a/apollo-portal/src/main/resources/static/views/common/footer.html b/apollo-portal/src/main/resources/static/views/common/footer.html
index b4a386987..926c6596b 100644
--- a/apollo-portal/src/main/resources/static/views/common/footer.html
+++ b/apollo-portal/src/main/resources/static/views/common/footer.html
@@ -5,7 +5,4 @@
         <a href="http://conf.ctripcorp.com/display/FRAM/Apollo" target="_blank">wiki</a>
     </p>
 </div>
-
-
-
-
+<iframe src="/sso_heartbeat.html" class="hide"></iframe>
diff --git a/pom.xml b/pom.xml
index a90bc6245..9d81d9b45 100644
--- a/pom.xml
+++ b/pom.xml
@@ -177,9 +177,9 @@
 				</exclusions>
 			</dependency>
 			<dependency>
-				<groupId>org.jasig.cas.client</groupId>
-				<artifactId>cas-client-core-infosec-credis</artifactId>
-				<version>3.1.12</version>
+				<groupId>com.ctrip.framework.apollo-sso</groupId>
+				<artifactId>apollo-sso-ctrip</artifactId>
+				<version>1.0.0</version>
 			</dependency>
 			<!--third party -->
 			<dependency>
-- 
GitLab