java web项目利用Filter进行单点登录的简单实现(解决方案)

功能需求描述:点击打开链接

利用过滤器来过滤客户端的http请求,凡是统一门户网站发起的http请求(在url中可以辨识),对其进行处理,对url中的要素进行验证(

CZenithDecrypt
为解析请求的加解密数据处理类),通过验证则为合法请求,准予登录网站,通过自定义的加解密处理类解析出用户名密码,填入登陆页面的表单中,提交登录请求。

首先增加过滤器:

package sdses.filter;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.context.ApplicationContext;
import org.springframework.web.context.support.WebApplicationContextUtils;

import sdses.Service.TpiUserInfoService;
import sdses.business.common.StaticVars;
import sdses.models.TUser;

import com.apps.tools.CZenithDecrypt;

/**
 * @ClassName: SSOFilter
 * @Description: 通过sso登录的
 * @author sdses
 * @date 2009-6-22 上午11:57:31
 * 
 */

public class SSOFilter implements Filter {
	private Log log = LogFactory.getLog(this.getClass());

	/**
	 * 验证是否通过sso登录过来的。验证是则解密后直接进入登录页面
	 */
	public void doFilter(ServletRequest servletRequest,
			ServletResponse servletResponse, FilterChain filterChain)
			throws IOException, ServletException {
		HttpServletRequest request = (HttpServletRequest) servletRequest;
		HttpServletResponse response = (HttpServletResponse) servletResponse;
		ApplicationContext context =WebApplicationContextUtils.getWebApplicationContext(request.getSession().getServletContext());
		try{
			String sid = request.getParameter("sid");
			if (sid != null && sid.length() >= 0) {
				String referer = request.getHeader("Referer"); // 提交对象
				
				if (referer != null) {					
					if (!referer.startsWith(StaticVars.PortalUrl)) {
						log.error("referer =="+referer);
						showMessage(request, response,"不是从门户系统正常访问到本系统,禁此访问本系统!");
						return;
					}
				    String username=CZenithDecrypt.decrypt(sid);
					try {
						TpiUserInfoService service = (TpiUserInfoService) context
								.getBean("tpiUserInfoService");
						TUser user = service.doPortalUser(username);
						if(user==null){
							showMessage(request, response, "系统中不存在账号为"+username+"的用户!");
							return;
						}							
						request.getSession().setAttribute("ssoflag", "true");
						request.getSession().setAttribute("username",
								username);
						request.getSession().setAttribute("password",
								user.getPassword());
						response.sendRedirect(request.getContextPath()
								+ "/pages/login.jsp");
						return;
					} catch (Exception e) {
						showMessage(request, response, "解析门户帐户异常,禁此访问本系统!");
						return;
					}
				}
			}
		}catch(Exception e){
			showMessage(request, response, e.getMessage());
			return;
		}		
		filterChain.doFilter(request, response);
	}

	private void showMessage(HttpServletRequest request,
			HttpServletResponse response, String message) throws IOException {
		request.getSession().setAttribute("message",message);
		response.sendRedirect(request.getContextPath()+"/pages/message.jsp");
	}

	public void destroy() {
		
	}

	public void init(FilterConfig arg0) throws ServletException {
		
	}
}

利用js进行登录所需数据的处理,利用JQuery和JQuery md5进行用户名密码的处理。

$(function(){		
		if("${ssoflag}"=="true"){
		    var ajaxbg = $("#background,#progressBar");
	        ajaxbg.show(); 
			$("input[name='username']").val("${username}");
			$("input[name='password']").val("${password}");
			$("form").submit();
		}else{
			$("form").submit(function () {
				var pas=$("input[name='spassword']").val();
				var plen=pas.length;
				if(plen<6||plen>30){
					  alert("请输入6~30位正确密码!");
					  return false;
				}
				$("input[name='password']").val($.md5(pas));
			});
		}

最后在web.xml中增加filter的配置:


		SSOFilter
		sdses.filter.SSOFilter
	
	
		SSOFilter
		/*
	

在消息显示页面message.jsp中显示登录提示信息:

<%@ page language="java" contentType="text/html; charset=UTF-8" pageEncoding="UTF-8"%>


	<%=request.getSession().getAttribute("message")%>





你可能感兴趣的:(java)