Skip to content
体验新版
项目
组织
正在加载...
登录
切换导航
打开侧边栏
zlt2000
microservices-platform
提交
fc87a132
microservices-platform
项目概览
zlt2000
/
microservices-platform
大约 1 年 前同步成功
通知
16
Star
4
Fork
3
代码
文件
提交
分支
Tags
贡献者
分支图
Diff
Issue
0
列表
看板
标记
里程碑
合并请求
0
Wiki
0
Wiki
分析
仓库
DevOps
项目成员
Pages
microservices-platform
项目概览
项目概览
详情
发布
仓库
仓库
文件
提交
分支
标签
贡献者
分支图
比较
Issue
0
Issue
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
Pages
分析
分析
仓库分析
DevOps
Wiki
0
Wiki
成员
成员
收起侧边栏
关闭侧边栏
动态
分支图
创建新Issue
提交
Issue看板
体验新版 GitCode,发现更多精彩内容 >>
提交
fc87a132
编写于
7月 25, 2020
作者:
zlt2000
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
添加state参数验证
上级
5bf1de3d
变更
3
隐藏空白更改
内联
并排
Showing
3 changed file
with
50 addition
and
17 deletion
+50
-17
zlt-demo/sso-demo/web-sso/src/main/resources/static/callback.html
.../sso-demo/web-sso/src/main/resources/static/callback.html
+11
-10
zlt-demo/sso-demo/web-sso/src/main/resources/static/index.html
...emo/sso-demo/web-sso/src/main/resources/static/index.html
+5
-7
zlt-demo/sso-demo/web-sso/src/main/resources/static/js/sso.js
...demo/sso-demo/web-sso/src/main/resources/static/js/sso.js
+34
-0
未找到文件。
zlt-demo/sso-demo/web-sso/src/main/resources/static/callback.html
浏览文件 @
fc87a132
...
...
@@ -5,23 +5,24 @@
<meta
charset=
"utf-8"
/>
<title>
zlt
</title>
<script
type=
"text/javascript"
src=
"js/jquery-3.2.1.min.js"
></script>
<script
type=
"text/javascript"
src=
"js/sso.js"
></script>
</head>
<body>
<script>
window
.
onload
=
function
()
{
//
获取url参数
function
getQueryVariable
(
variable
)
{
var
query
=
window
.
location
.
search
.
substring
(
1
);
var
vars
=
query
.
split
(
"
&
"
);
for
(
var
i
=
0
;
i
<
vars
.
length
;
i
++
)
{
var
pair
=
vars
[
i
].
split
(
"
=
"
);
if
(
pair
[
0
]
==
variable
){
return
pair
[
1
];}
}
return
''
;
//
url获取state
let
state
=
getQueryVariable
(
'
state
'
);
let
localState
=
sessionStorage
.
getItem
(
"
state
"
);
//判断state防止CSRF攻击
if
(
localState
!==
state
)
{
alert
(
'
state参数无效!
'
);
let
state
=
getState
();
sessionStorage
.
setItem
(
"
state
"
,
state
);
window
.
location
=
getAuthorizeUri
(
state
)
;
}
//url获取code
let
code
=
getQueryVariable
(
'
code
'
);
//获取token和用户信息
$
.
ajax
({
url
:
'
http://127.0.0.1:8081/token/
'
+
code
,
success
:
function
(
result
)
{
console
.
log
(
result
);
...
...
zlt-demo/sso-demo/web-sso/src/main/resources/static/index.html
浏览文件 @
fc87a132
...
...
@@ -5,6 +5,7 @@
<meta
charset=
"utf-8"
/>
<title>
zlt
</title>
<script
type=
"text/javascript"
src=
"js/jquery-3.2.1.min.js"
></script>
<script
type=
"text/javascript"
src=
"js/sso.js"
></script>
</head>
<body>
<div>
...
...
@@ -15,11 +16,6 @@
<p><input
type=
"button"
value=
"登出"
onclick=
"logout()"
/></p>
</div>
<script>
//应用id
let
clientId
=
'
app
'
;
//授权中心地址
let
uaaUri
=
'
http://127.0.0.1:9900/api-uaa/oauth/
'
;
window
.
onload
=
function
()
{
let
accessToken
=
sessionStorage
.
getItem
(
'
access_token
'
);
if
(
accessToken
)
{
//已登录
...
...
@@ -30,8 +26,10 @@
$
(
'
#roles
'
).
html
(
roles
);
$
(
'
#clientId
'
).
html
(
clientId
);
}
else
{
//未登录
let
state
=
getState
();
sessionStorage
.
setItem
(
"
visitUri
"
,
window
.
location
.
href
);
window
.
location
=
uaaUri
+
'
authorize?client_id=
'
+
clientId
+
'
&redirect_uri=http://127.0.0.1:8081/callback.html&response_type=code
'
;
sessionStorage
.
setItem
(
"
state
"
,
state
);
window
.
location
=
getAuthorizeUri
(
state
);
}
};
...
...
@@ -40,7 +38,7 @@
sessionStorage
.
removeItem
(
'
access_token
'
);
sessionStorage
.
removeItem
(
'
username
'
);
sessionStorage
.
removeItem
(
"
roles
"
);
window
.
location
=
uaaUri
+
'
remove/token?redirect_uri=http://127.0.0.1:8081/index.html&access_token=
'
+
accessToken
;
window
.
location
=
getLogoutUri
(
accessToken
)
;
}
</script>
</body>
...
...
zlt-demo/sso-demo/web-sso/src/main/resources/static/js/sso.js
0 → 100644
浏览文件 @
fc87a132
const
FULL_CHARTER
=
'
ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopgrstuvwxyz
'
;
//应用id
let
clientId
=
'
app
'
;
//授权中心地址
let
uaaUri
=
'
http://127.0.0.1:9900/api-uaa/oauth/
'
;
function
getAuthorizeUri
(
state
)
{
return
uaaUri
+
'
authorize?client_id=
'
+
clientId
+
'
&redirect_uri=http://127.0.0.1:8081/callback.html&response_type=code&state=
'
+
state
;
}
function
getLogoutUri
(
accessToken
)
{
return
uaaUri
+
'
remove/token?redirect_uri=http://127.0.0.1:8081/index.html&access_token=
'
+
accessToken
;
}
function
getState
()
{
let
state
=
''
;
for
(
let
i
=
0
;
i
<
6
;
i
++
)
{
state
+=
FULL_CHARTER
[
Math
.
floor
(
Math
.
random
()
*
52
)];
}
return
state
;
}
/**
* 获取url参数
*/
function
getQueryVariable
(
variable
)
{
var
query
=
window
.
location
.
search
.
substring
(
1
);
var
vars
=
query
.
split
(
"
&
"
);
for
(
var
i
=
0
;
i
<
vars
.
length
;
i
++
)
{
var
pair
=
vars
[
i
].
split
(
"
=
"
);
if
(
pair
[
0
]
==
variable
){
return
pair
[
1
];}
}
return
''
;
}
\ No newline at end of file
编辑
预览
Markdown
is supported
0%
请重试
或
添加新附件
.
添加附件
取消
You are about to add
0
people
to the discussion. Proceed with caution.
先完成此消息的编辑!
取消
想要评论请
注册
或
登录