llt

sh-authcenter-agent/src/main/java/com/chineseall/authcenter/agent/client/AuthUserInfo.java

@@ -10,7 +10,7 @@ public class AuthUserInfo {
 
     private String id;//uuid
     private String realName;//姓名
-    private String loginName;//姓名
+    private String loginName;//登陆名
     private String userType;//教师、学生
     private String source;//来源
     /**

sh-authcenter-agent/src/main/java/com/chineseall/authcenter/agent/controller/AuthController.java

@@ -6,6 +6,7 @@ import com.chineseall.authcenter.agent.client.AuthUserInfo;
 import com.chineseall.authcenter.agent.client.ClientDataInfo;
 import com.chineseall.authcenter.agent.client.ClientItem;
 import com.chineseall.authcenter.agent.client.OauthClient;
+import com.chineseall.authcenter.agent.oauth.OauthType;
 import com.chineseall.authcenter.agent.utils.CookiesUtil;
 import com.chineseall.authcenter.agent.utils.EncodeUtil;
 import com.chineseall.authcenter.log.enums.LogType;
@@ -43,6 +44,8 @@ public class AuthController {
 
     private static final String JSYD_CLIENT_ID = "jsydClentId";
 
+    private static final String LOGOUT_URL = "https://sp.etextbook.cn/Shibboleth.sso/Logout";
+
     /**
      * 登陆入口
      * @param request
@@ -56,6 +59,7 @@ public class AuthController {
         try {
             String clientId = request.getParameter("client_id");
             String returnUrl = request.getParameter("redirect_uri");
+            String authSource = request.getParameter("auth_source");
             ClientItem clientItem = clientItemMap.get(clientId);
             if (null == clientItem) {
                 modelAndView.setViewName("error");
@@ -76,9 +80,18 @@ public class AuthController {
                 modelAndView.addObject("message", "登录成功回调地址为空");
                 return modelAndView;
             }
-            if(clientItem.getLoginWay() !=null && clientItem.getLoginWay() == 1) {
+            if(StringUtils.isNotEmpty(authSource)){
+                OauthType oauthType = OauthType.valueOf(authSource);
+                if(oauthType==null) {
+                    modelAndView.setViewName("error");
+                    modelAndView.addObject("message", "参数错误");
+                    return modelAndView;
+                }
+                CookiesUtil.setCookie(response, null, COOKIE_LOGIN_TYPE, oauthType.getCode(), 1);
+            } if(clientItem.getLoginWay() !=null && clientItem.getLoginWay() == 1) {
                 CookiesUtil.setCookie(response, null, COOKIE_LOGIN_TYPE, clientItem.getLoginGoal().getCode(), 1);
             }
+
             AuthLog authLog = new AuthLog();
             authLog.setLogType(LogType.login);
             authLog.setReturnUrl(returnUrl);
@@ -90,7 +103,7 @@ public class AuthController {
             params.put("redirect_uri", returnUrl);
             params.put("auth_log_id", authLog.getId());
             params.put("client_id", clientId);
-            response.sendRedirect(appendUrl("/auth/index", params));
+            response.sendRedirect(appendUrl("/auth/idp", params));
             return null;
         } catch (Exception e) {
             e.printStackTrace();
@@ -161,14 +174,13 @@ public class AuthController {
         authLog.setShibProvider(shibProvider);
         authLogService.save(authLog);
         String clientId = request.getParameter("client_id");
-        if(clientId.equals(JSYD_CLIENT_ID)){
-            Map<String, String> params = new HashMap<>();
-            params.put("login_name", clientDataInfo.getAuthUserInfo().getLoginName());
-            response.sendRedirect(appendUrl(returnUrl, params));
-        }
-        modelAndView.addObject("successPostUrl", returnUrl);
-        modelAndView.addObject("clientDataInfo", clientDataInfo);
-        return modelAndView;
+
+        Map<String, String> params = new HashMap<>();
+        params.put("login_name", clientDataInfo.getAuthUserInfo().getLoginName());
+        params.put("real_name", clientDataInfo.getAuthUserInfo().getRealName());
+        params.put("user_type", clientDataInfo.getAuthUserInfo().getUserType());
+        response.sendRedirect(appendUrl(returnUrl, params));
+        return null;
     }
 
     private ClientDataInfo getUserInfoData(HttpServletRequest request){
@@ -177,6 +189,7 @@ public class AuthController {
         AuthUserInfo authUserInfo = new AuthUserInfo();
         authUserInfo.setLoginName(toUtf8(request.getAttribute("uid")));
         authUserInfo.setRealName(toUtf8(request.getAttribute("cn")));
+        authUserInfo.setUserType(toUtf8(request.getAttribute("typeOf")));
         authUserInfo.setId(toUtf8(request.getAttribute("uid")));
         clientDataInfo.setAuthUserInfo(authUserInfo);
 
@@ -222,7 +235,6 @@ public class AuthController {
         }
     }
 
-
     @RequestMapping("logout")
     public ModelAndView logout(HttpServletRequest request, HttpServletResponse response) {
         ModelAndView modelAndView = new ModelAndView();
@@ -257,7 +269,9 @@ public class AuthController {
             authLog.setClientId(clientId);
             authLog.setClientName(clientItem.getClientName());
             authLogService.save(authLog);
-            response.sendRedirect("/Shibboleth.sso/Logout?return="+URLEncoder.encode(service));
+            //response.sendRedirect("/Shibboleth.sso/Logout?return="+URLEncoder.encode(service));
+            modelAndView.addObject("logoutUrl", LOGOUT_URL);
+            modelAndView.addObject("returnUrl", service);
         } catch (Exception e) {
             e.printStackTrace();
             modelAndView.setViewName("error");

sh-authcenter-agent/src/main/java/com/chineseall/authcenter/agent/oauth/OauthType.java

@@ -5,6 +5,12 @@ import lombok.Getter;
 public enum OauthType {
 
     jsyd("jsyd","金山阅读"),
+    qpjy("qpjy","青浦教育"),
+    hpjy("hpjy","黄浦教育"),
+    fxjy("fxjy","奉贤教育"),
+    pdjy("pdjy","浦东教育"),
+    ypjy("ypjy","杨浦教育"),
+    cnjy("cnjy","长宁教育"),
     other("other","其它");
 
 

sh-authcenter-agent/src/main/java/com/chineseall/authcenter/agent/utils/EncodeUtil.java

 package com.chineseall.authcenter.agent.utils;
 
+import cn.sh.chineseall.framework.api.random.RandomUtils;
 import org.apache.commons.codec.binary.Base64;
 import org.apache.commons.codec.digest.DigestUtils;
 
@@ -297,6 +298,11 @@ public class EncodeUtil {
 		return DigestUtils.md5Hex(content);
 	}
 
+	public static void main(String[] args) {
+		System.out.println(md5("jsydClentId$$jsydClientSecret"));
+		System.out.println(RandomUtils.randomString(12));
+	}
+
 	public static String sha(String content) {
 		return DigestUtils.shaHex(content);
 	}

sh-authcenter-agent/src/main/resources/application.yml

@@ -47,6 +47,9 @@ oauthclient:
       clientSecret: jsydClientSecret
       loginWay: 1
       loginGoal: jsyd
+    - clientName: DS认证中心
+      clientId: dsClentId
+      clientSecret: VjyqUkkM5Znu
     - clientName: 接入样例
       clientId: testClentId2
       clientSecret: testClientSecret2

sh-authcenter-agent/src/main/resources/templates/idp.html

@@ -27,6 +27,36 @@
 <script>
   //判断是否为金山教育阅读平台访问
   if (loginType === "jsyd") {
+    var url = genLoginUrl("https://idp.jsedu.sh.cn/idp/shibboleth");
+    var idp = '金山教育';
+    window.location.href = ctxPath + "auth/tologin?idp="+idp+"&loginUrl=" + encodeURIComponent(url);
+  } else if (loginType === "qpjy") {
+    var url = genLoginUrl("https://idp.qpedu.cn/idp/shibboleth");
+    var idp = '青浦教育';
+    window.location.href = ctxPath + "auth/tologin?idp="+idp+"&loginUrl=" + encodeURIComponent(url);
+  } else if (loginType === "hpjy") {
+    var url = genLoginUrl("https://idp.qpedu.cn/idp/shibboleth");
+    var idp = '黄浦教育';
+    window.location.href = ctxPath + "auth/tologin?idp="+idp+"&loginUrl=" + encodeURIComponent(url);
+  } else if (loginType === "fxjy") {
+    var url = genLoginUrl("https://idp.qpedu.cn/idp/shibboleth");
+    var idp = '奉贤教育';
+    window.location.href = ctxPath + "auth/tologin?idp="+idp+"&loginUrl=" + encodeURIComponent(url);
+  } else if (loginType === "pdjy") {
+    var url = genLoginUrl("https://idp.qpedu.cn/idp/shibboleth");
+    var idp = '浦东教育';
+    window.location.href = ctxPath + "auth/tologin?idp="+idp+"&loginUrl=" + encodeURIComponent(url);
+  } else if (loginType === "ypjy") {
+    var url = genLoginUrl("https://idp.qpedu.cn/idp/shibboleth");
+    var idp = '杨浦教育';
+    window.location.href = ctxPath + "auth/tologin?idp="+idp+"&loginUrl=" + encodeURIComponent(url);
+  } else if (loginType === "cnjy") {
+    var url = genLoginUrl("https://idp.qpedu.cn/idp/shibboleth");
+    var idp = '长宁教育';
+    window.location.href = ctxPath + "auth/tologin?idp="+idp+"&loginUrl=" + encodeURIComponent(url);
+  }
+
+  function genLoginUrl(baseurl) {
     var args = new Object();
     var query = location.search.substring(1);
     var param = query.split("&");
@@ -39,10 +69,8 @@
       var value = param[i].substring(pos + 1);
       args[argname] = unescape(value);
     }
-    var url = unescape(args['return']) + "&entityID=https://idp.jsedu.sh.cn/idp/shibboleth";
-    var idp = '金山教育';
-    //document.location = url;
-    window.location.href = ctxPath + "auth/tologin?idp="+idp+"&loginUrl=" + encodeURIComponent(url);
+    var url = unescape(args['return']) + "&entityID="+baseurl;
+    return url;
   }
 
   // 列表选择idp跳转事件

sh-authcenter-agent/src/main/resources/templates/index2.html

-<!DOCTYPE html>
-<!--[if lt IE 7]>      <html class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
-<!--[if IE 7]>         <html class="no-js lt-ie9 lt-ie8"> <![endif]-->
-<!--[if IE 8]>         <html class="no-js lt-ie9"> <![endif]-->
-
-<html class="no-js" xmlns:th="http://www.w3.org/1999/xhtml"> <!--<![endif]-->
-<head>
-  <meta charset="utf-8" />
-  <!--<meta http-equiv="X-UA-Compatible" content="IE=edge">-->
-  <meta content="" name="description" />
-  <meta content="width=device-width, initial-scale=1" name="viewport" />
-  <title>上海数字教材运营管理中心</title>
-  <link rel="stylesheet" th:href="@{/static/css/main_0216.css}"/>
-  <link rel="stylesheet" th:href="@{/static/css/bootstrap.min.css}"/>
-  <link rel="stylesheet" th:href="@{/static/css/normalize.css}"/>
-  <script type="text/javascript" th:src="@{/static/js/jquery-1.10.2.min.js}"></script>
-  <!--<script src="../js/vendor/modernizr-2.6.2.min.js"></script>-->
-</head>
-<body>
-<!--[if lt IE 7]>
-<p class="browsehappy">You are using an <strong>outdated</strong> browser. Please <a
-        href="http://browsehappy.com/">upgrade your browser</a> to improve your experience.</p>
-<![endif]-->
-
-<div class="bg">
-  <div class="bg-form">
-    <div class="loginContainer">
-      <!--<h1>上海数字教材运营管理中心</h1>-->
-      <div class="login-box">
-        <!-- <div class="bg-form" style="width: 80%;margin: 0 auto"></div> -->
-        <button onclick="toLogin(1)" accesskey="l" class="login-btn" id="login-button" name="button" style="outline:0;" type="button">登录
-        </button>
-        <div class="login-span"><span>如果您曾经参与上海市中小学数字教材试验项目，</span><span><a style="color:red;"onclick="toLogin(2)">请点击此处使用数字教材账号登录>></a></span></div>        <!-- </div> -->
-      </div>
-    </div>
-  </div>
-</div>
-<script th:inline="javascript">
-  /*<![CDATA[*/
-  var loginUrl1 = [[${loginUrl1}]];
-  var loginUrl2 = [[${loginUrl2}]];
-  var logId = [[${logId}]];
-  var ctxPath = /*[[@{/}]]*/ '';
-  /*]]>*/
-</script>
-
-<script type="text/javascript">
-  function toLogin (num) {
-
-    var baseUrl = ctxPath + "auth/tologin?logId="+logId+"&oauthType=";
-    //var baseUrl = ctxPath + "auth/tologin?oauthType=";
-    if (num === 1) {
-      window.location.href = baseUrl+ "dianjiaoguan&loginUrl=" + encodeURIComponent(loginUrl1);
-    } else if (num === 2) {
-      window.location.href = baseUrl+ "edenoperation&loginUrl=" + encodeURIComponent(loginUrl2);
-    }
-    return false;
-  }
-
-</script>
-</body></html>
\ No newline at end of file

sh-authcenter-agent/src/main/resources/templates/loginsuccess.html

-<!DOCTYPE html>
-<!--[if lt IE 7]>      <html class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
-<!--[if IE 7]>         <html class="no-js lt-ie9 lt-ie8"> <![endif]-->
-<!--[if IE 8]>         <html class="no-js lt-ie9"> <![endif]-->
-
-<html class="no-js" xmlns:th="http://www.w3.org/1999/xhtml"> <!--<![endif]-->
-<head>
-  <meta charset="utf-8" />
-  <!--<meta http-equiv="X-UA-Compatible" content="IE=edge">-->
-  <meta content="" name="description" />
-  <meta content="width=device-width, initial-scale=1" name="viewport" />
-  <title>上海数字教材运营管理中心</title>
-
-  <script type="text/javascript" th:src="@{/static/js/jquery.js}"></script>
-  <!--<script src="../js/vendor/modernizr-2.6.2.min.js"></script>-->
-</head>
-<body>
-<form th:action="${successPostUrl}" method="post" th:object="${clientDataInfo}">
-  <input type="hidden" th:value="${clientDataInfo.authUserInfo.id}" name="authUserInfo.id"/>
-  <input type="hidden" th:value="${clientDataInfo.authUserInfo.loginName}" name="authUserInfo.loginName"/>
-  <input type="hidden" th:value="${clientDataInfo.authUserInfo.realName}" name="authUserInfo.realName"/>
-  <input type="hidden" th:value="${clientDataInfo.authUserInfo.userType}" name="authUserInfo.userType"/>
-  <input type="hidden" th:value="${clientDataInfo.authUserInfo.source}" name="authUserInfo.source"/>
-  <input type="hidden" th:value="${clientDataInfo.authUserInfo.studentId}" name="authUserInfo.studentId"/>
-  <input type="hidden" th:value="${clientDataInfo.authUserInfo.studentCode}" name="authUserInfo.studentCode"/>
-  <input type="hidden" th:value="${clientDataInfo.authUserInfo.studentStage}" name="authUserInfo.studentStage"/>
-  <input type="hidden" th:value="${clientDataInfo.authUserInfo.studentGrade}" name="authUserInfo.studentGrade"/>
-  <input type="hidden" th:value="${clientDataInfo.authUserInfo.studentClass}" name="authUserInfo.studentClass"/>
-  <input type="hidden" th:value="${clientDataInfo.authUserInfo.studentStageName}" name="authUserInfo.studentStageName"/>
-  <input type="hidden" th:value="${clientDataInfo.authUserInfo.studentGradeName}" name="authUserInfo.studentGradeName"/>
-  <input type="hidden" th:value="${clientDataInfo.authUserInfo.studentClassName}" name="authUserInfo.studentClassName"/>
-  <input type="hidden" th:value="${clientDataInfo.authUserInfo.studentSchoolId}" name="authUserInfo.studentSchoolId"/>
-  <input type="hidden" th:value="${clientDataInfo.authUserInfo.studentCodeStatus}" name="authUserInfo.studentCodeStatus"/>
-  <input type="hidden" th:value="${clientDataInfo.authUserInfo.studentSchoolCode}" name="authUserInfo.studentSchoolCode"/>
-  <input type="hidden" th:value="${clientDataInfo.authUserInfo.studentSchoolName}" name="authUserInfo.studentSchoolName"/>
-  <input type="hidden" th:value="${clientDataInfo.authUserInfo.studentRegionCode}" name="authUserInfo.studentRegionCode"/>
-  <input type="hidden" th:value="${clientDataInfo.authUserInfo.studentRegionName}" name="authUserInfo.studentRegionName"/>
-  <input type="hidden" th:value="${clientDataInfo.authUserInfo.teacherTrainingNo}" name="authUserInfo.teacherTrainingNo"/>
-  <input type="hidden" th:value="${clientDataInfo.authUserInfo.teacherTrainingUserName}" name="authUserInfo.teacherTrainingUserName"/>
-  <input type="hidden" th:value="${clientDataInfo.authUserInfo.teacherRegionCode}" name="authUserInfo.teacherRegionCode"/>
-  <input type="hidden" th:value="${clientDataInfo.authUserInfo.teacherCampusCode}" name="authUserInfo.teacherCampusCode"/>
-  <input type="hidden" th:value="${clientDataInfo.authUserInfo.teacherTrainingSchoolType}" name="authUserInfo.teacherTrainingSchoolType"/>
-  <input type="hidden" th:value="${clientDataInfo.authUserInfo.teacherStage}" name="authUserInfo.teacherStage"/>
-  <input type="hidden" th:value="${clientDataInfo.authUserInfo.teacherGrade}" name="authUserInfo.teacherGrade"/>
-  <input type="hidden" th:value="${clientDataInfo.authUserInfo.teacherSubject}" name="authUserInfo.teacherSubject"/>
-  <input type="hidden" th:value="${clientDataInfo.authUserInfo.teacherSchoolId}" name="authUserInfo.teacherSchoolId"/>
-  <input type="hidden" th:value="${clientDataInfo.authUserInfo.teacherSchoolName}" name="authUserInfo.teacherSchoolName"/>
-  <input type="hidden" th:value="${clientDataInfo.returnUrl}" name="returnUrl"/>
-  <input type="hidden" th:value="${clientDataInfo.oauthType}" name="oauthType"/>
-</form>
-<script type="text/javascript">
-  $(function(){
-    $("form").submit();
-  })
-</script>
-
-
-</body></html>
\ No newline at end of file

sh-authcenter-agent/src/main/resources/templates/logout.html

+<!DOCTYPE html>
+<!--[if lt IE 7]>      <html class="no-js lt-ie9 lt-ie8 lt-ie7"> <![endif]-->
+<!--[if IE 7]>         <html class="no-js lt-ie9 lt-ie8"> <![endif]-->
+<!--[if IE 8]>         <html class="no-js lt-ie9"> <![endif]-->
+
+<html class="no-js" xmlns:th="http://www.w3.org/1999/xhtml"> <!--<![endif]-->
+<head>
+  <meta charset="utf-8" />
+  <!--<meta http-equiv="X-UA-Compatible" content="IE=edge">-->
+  <meta content="" name="description" />
+  <meta content="width=device-width, initial-scale=1" name="viewport" />
+  <title>登出</title>
+</head>
+
+<body>
+  <div style="text-align: center;">
+    <h1>登出中，请稍后...</h1>
+  </div>
+  <iframe id="sp" src="" frameborder="0" style="display: none;"></iframe>
+  <iframe id="idp" src="" frameborder="0" style="display: none;"></iframe>
+
+  <script th:inline="javascript">
+    /*<![CDATA[*/
+    var spLogoutUrl = [[${logoutUrl}]];
+    //var idpLogoutUrl = [[${idpLogoutUrl}]];
+    var returnUrl = [[${returnUrl}]];
+    /*]]>*/
+  </script>
+
+  <script>
+    // var spLogoutUrl = 'https://sp.etextbook.cn/Shibboleth.sso/Logout';
+    // var idpLogoutUrl = 'https://idp.jsedu.sh.cn/idp/profile/Logout';
+    // var returnUrl = 'http://180.167.91.206:5710';
+
+    function samlLogout() {
+      console.log(window.frames['sp'], window.frames['idp'])
+      //console.log(spLogoutUrl, idpLogoutUrl)
+      window.frames[0].location.href = spLogoutUrl;
+      //window.frames[1].location.href = idpLogoutUrl;
+      setTimeout(() => {
+        window.location.href = returnUrl;
+      }, 100);
+    }
+
+    samlLogout();
+  </script>
+</body>
+
+</html>
\ No newline at end of file