其他系统通过公匙私钥单点登录本系统

安全认证工具类

import java.util.Date;
import org.apache.commons.codec.digest.DigestUtils;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.springframework.util.Assert;
import lombok.Data;
/**
 * 安全认证工具类 2019-4-10
 * 
 * @author zhengzc
 */
@Data
public class AppSign {

	/** 安全认证有效时间 10分钟 */
	private static final long TIME_DIFF = 10 * 60 * 1000L;
	protected static final Log logger = LogFactory.getLog(AppSign.class);

	/** 公匙（相当于接口账号） */
	private String appkey;
	/** 随机数 */
	private String nonce;
	/** 时间戳 */
	private String timestamp;
	/** 登录系统的账号 */
	private String account;

	public AppSign(String nonce, String timestamp, String appkey, String account) {
		Assert.hasText(appkey, "appkey为空！");
		Assert.hasText(nonce, "nonce为空！");
		Assert.hasText(timestamp, "timestamp为空！");
		Assert.hasText(account, "account为空！");
		this.nonce = nonce;
		this.timestamp = timestamp;
		this.appkey = appkey;
		this.account = account;
	}

	/**
	 * 校验是否超时
	 * 
	 * @param timestamp
	 */
	public static void checkTime(String timestamp) {
		if ((new Date().getTime() - Long.valueOf(timestamp).longValue()) > TIME_DIFF) {
			throw new RuntimeException("安全认证超时了！");
		}
	}

	/**
	 * 生成数字签名
	 * 
	 * @return
	 */
	public String getSignature(String appSecret) {
		StringBuilder sb = new StringBuilder();
		sb.append(appSecret);
		sb.append(nonce);
		sb.append(timestamp);
		sb.append(account);
		return DigestUtils.sha1Hex(sb.toString());
	}

	/**
	 * 校验数字签名
	 * 
	 * @param appSecret 密钥 相当于接口密码
	 * @param configAppKey 公钥 配置文件中的公钥
	 * @param urlSignature 从url中得到的数字签名
	 */
	public void checkSignature(String appSecret, String configAppKey, String urlSignature) {
		if (!StringUtils.equals(configAppKey, appkey)) {
			throw new RuntimeException("参数appkey不匹配出错！");
		}
		// 校验是否超时
		checkTime(timestamp);
		boolean flag = StringUtils.equals(getSignature(appSecret), urlSignature);
		if (flag == false) {
			System.err.println("getSignature=" + getSignature(appSecret));
			System.err.println("urlSignature=" + urlSignature);
			throw new RuntimeException("校验数字签名出错！");
		}
	}
}

具体接口调用工具类

public class App01SignUtil {
	public static void main(String[] args) {
		String url = App01SignUtil.getSsoUrl("100027");
		System.err.println("url=" + url);
	}

	/**
	 * 获取可以单点登录的url

	 * 该链接可以用于测试单点登录,登录本系统

	 * 
	 * @param tarAccount
	 * @return
	 */
	public static String getSsoUrl(String tarAccount) {
		String appkey = getAppkey();
		String nonce = Math.random() + "";
		String timestamp = System.currentTimeMillis() + "";
		String signature = App01SignUtil.getInstance(nonce, timestamp, appkey, tarAccount).getSignature();
		StringBuilder sb = new StringBuilder();
		sb.append("http://localhost:8080/sso.html");
		sb.append("?appkey=" + appkey);
		sb.append("&nonce=" + nonce);
		sb.append("×tamp=" + timestamp);
		sb.append("&signature=" + signature);
		sb.append("&tarAccount=" + tarAccount);
		return sb.toString();
	}

	private AppSign appSign;
	private App01SignUtil() {}
	public static App01SignUtil getInstance(String nonce, String timestamp, String appkey, String account) {
		App01SignUtil util = new App01SignUtil();
		AppSign appSign = new AppSign(nonce, timestamp, appkey, account);
		util.appSign = appSign;
		return util;
	}

	/**
	 * 校验数字签名
	 * 
	 * @param signature
	 */
	public void checkSignature(String urlSignature) {
		appSign.checkSignature(getAppSecret(), getAppkey(), urlSignature);
	}

	/**
	 * 生成数字签名
	 * 
	 * @return
	 */
	public String getSignature() {
		return appSign.getSignature(getAppSecret());
	}

	/**
	 * 公匙（相当于账号）
	 * 
	 * @return
	 */
	private static String getAppkey() {
		// 可以通过配置文件灵活指定
		return "my-app-key";
	}

	/**
	 * 私匙（相当于密码）
	 * 
	 * @return
	 */
	private static String getAppSecret() {
		// 可以通过配置文件灵活指定
		return "f6cea9ccbfbdaa8cf1284aeca32d7a8e4913cc8f";
	}
}