From e783031298ea239ce49b5f84bae55f0b2b57f71a Mon Sep 17 00:00:00 2001
From: Jason Song
Date: Fri, 24 Jun 2016 16:15:25 +0800
Subject: [PATCH] add mechanism to keep sso auto login
---
.../apollo/common/auth/WebSecurityConfig.java | 1 +
apollo-portal/pom.xml | 4 ++--
.../portal/auth/CtripLogoutHandler.java | 6 ++++-
.../configutation/AuthConfiguration.java | 8 +++++--
.../main/resources/static/scripts/AppUtils.js | 2 +-
.../main/resources/static/sso_heartbeat.html | 22 +++++++++++++++++++
.../resources/static/views/common/footer.html | 5 +----
pom.xml | 6 ++---
8 files changed, 41 insertions(+), 13 deletions(-)
create mode 100644 apollo-portal/src/main/resources/static/sso_heartbeat.html
diff --git a/apollo-common/src/main/java/com/ctrip/framework/apollo/common/auth/WebSecurityConfig.java b/apollo-common/src/main/java/com/ctrip/framework/apollo/common/auth/WebSecurityConfig.java
index 30af2e519..024bcc222 100644
--- a/apollo-common/src/main/java/com/ctrip/framework/apollo/common/auth/WebSecurityConfig.java
+++ b/apollo-common/src/main/java/com/ctrip/framework/apollo/common/auth/WebSecurityConfig.java
@@ -17,6 +17,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
protected void configure(HttpSecurity http) throws Exception {
http.httpBasic();
http.csrf().disable();
+ http.headers().frameOptions().sameOrigin();
}
@Autowired
diff --git a/apollo-portal/pom.xml b/apollo-portal/pom.xml
index 500e8c3db..d629868fa 100644
--- a/apollo-portal/pom.xml
+++ b/apollo-portal/pom.xml
@@ -66,8 +66,8 @@
- org.jasig.cas.client
- cas-client-core-infosec-credis
+ com.ctrip.framework.apollo-sso
+ apollo-sso-ctrip
diff --git a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/auth/CtripLogoutHandler.java b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/auth/CtripLogoutHandler.java
index 0c7dd188e..9e69a67bf 100644
--- a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/auth/CtripLogoutHandler.java
+++ b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/auth/CtripLogoutHandler.java
@@ -9,6 +9,7 @@ import java.io.IOException;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
public class CtripLogoutHandler implements LogoutHandler{
@@ -18,7 +19,10 @@ public class CtripLogoutHandler implements LogoutHandler{
@Override
public void logout(HttpServletRequest request, HttpServletResponse response) {
//将session销毁
- request.getSession().invalidate();
+ HttpSession session = request.getSession(false);
+ if (session != null) {
+ session.invalidate();
+ }
Cookie cookie = new Cookie("memCacheAssertionID", null);
//将cookie的有效期设置为0,命令浏览器删除该cookie
diff --git a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/configutation/AuthConfiguration.java b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/configutation/AuthConfiguration.java
index fbc89b36b..b552c6905 100644
--- a/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/configutation/AuthConfiguration.java
+++ b/apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/configutation/AuthConfiguration.java
@@ -73,9 +73,11 @@ public class AuthConfiguration {
filterInitParam.put("redisClusterName", "casClientPrincipal");
filterInitParam.put("serverName", serverConfigService.getValue("serverName"));
filterInitParam.put("casServerLoginUrl", serverConfigService.getValue("casServerLoginUrl"));
+ //we don't want to use session to store login information, since we will be deployed to a cluster, not a single instance
+ filterInitParam.put("useSession", "false");
casFilter.setInitParameters(filterInitParam);
- casFilter.setFilter(filter("org.jasig.cas.client.authentication.AuthenticationFilter"));
+ casFilter.setFilter(filter("com.ctrip.framework.apollo.sso.filter.ApolloAuthenticationFilter"));
casFilter.addUrlPatterns("/*");
return casFilter;
@@ -88,6 +90,8 @@ public class AuthConfiguration {
filterInitParam.put("casServerUrlPrefix", serverConfigService.getValue("casServerUrlPrefix"));
filterInitParam.put("serverName", serverConfigService.getValue("serverName"));
filterInitParam.put("encoding", "UTF-8");
+ //we don't want to use session to store login information, since we will be deployed to a cluster, not a single instance
+ filterInitParam.put("useSession", "false");
filterInitParam.put("useRedis", "true");
filterInitParam.put("redisClusterName", "casClientPrincipal");
@@ -105,7 +109,7 @@ public class AuthConfiguration {
public FilterRegistrationBean assertionHolder(){
FilterRegistrationBean assertionHolderFilter = new FilterRegistrationBean();
- assertionHolderFilter.setFilter(filter("org.jasig.cas.client.util.AssertionThreadLocalFilter"));
+ assertionHolderFilter.setFilter(filter("com.ctrip.framework.apollo.sso.filter.ApolloAssertionThreadLocalFilter"));
assertionHolderFilter.addUrlPatterns("/*");
return assertionHolderFilter;
diff --git a/apollo-portal/src/main/resources/static/scripts/AppUtils.js b/apollo-portal/src/main/resources/static/scripts/AppUtils.js
index 8a5e98982..0bb039976 100644
--- a/apollo-portal/src/main/resources/static/scripts/AppUtils.js
+++ b/apollo-portal/src/main/resources/static/scripts/AppUtils.js
@@ -3,7 +3,7 @@ appUtil.service('AppUtil', ['toastr', function (toastr) {
return {
errorMsg: function (response) {
if (response.status == -1) {
- return "您的登录信息已过期,请重新登录";
+ return "您的登录信息已过期,请刷新页面后重试";
}
var msg = "Code:" + response.status;
if (response.data.message != null) {
diff --git a/apollo-portal/src/main/resources/static/sso_heartbeat.html b/apollo-portal/src/main/resources/static/sso_heartbeat.html
new file mode 100644
index 000000000..0cdb13ce9
--- /dev/null
+++ b/apollo-portal/src/main/resources/static/sso_heartbeat.html
@@ -0,0 +1,22 @@
+
+
+
+
+ SSO Heartbeat
+
+
+
+
+
diff --git a/apollo-portal/src/main/resources/static/views/common/footer.html b/apollo-portal/src/main/resources/static/views/common/footer.html
index b4a386987..926c6596b 100644
--- a/apollo-portal/src/main/resources/static/views/common/footer.html
+++ b/apollo-portal/src/main/resources/static/views/common/footer.html
@@ -5,7 +5,4 @@
wiki
-
-
-
-
+
diff --git a/pom.xml b/pom.xml
index a90bc6245..9d81d9b45 100644
--- a/pom.xml
+++ b/pom.xml
@@ -177,9 +177,9 @@
- org.jasig.cas.client
- cas-client-core-infosec-credis
- 3.1.12
+ com.ctrip.framework.apollo-sso
+ apollo-sso-ctrip
+ 1.0.0
--
GitLab