单一登录过滤器

/**
* 单一登录过滤器
*
* @author vernon.chen
*/
public class SsoFilter implements Filter {

private static Logger logger = LoggerFactory.getLogger(SsoFilter.class);

// @Autowired
private SsoManager ssoManager;

/**
* Default constructor.
*/
public SsoFilter() {
// nothing to do.
}

/**
* @see Filter#destroy()
*/
public void destroy() {
// nothing to do.
}

/**
* @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
*/
public void doFilter(
ServletRequest request,
ServletResponse response,
FilterChain chain) throws IOException, ServletException {

HttpServletRequest httpReq = (HttpServletRequest) request;
HttpServletResponse httpRes = (HttpServletResponse) response;

HttpSession session = httpReq.getSession();

String sessionId = session.getId();

UserDto userDto = (UserDto) SecurityUtils.getSubject().getSession().getAttribute(SysConstants.LOGIN_USER_INFO);

String requestURI = httpReq.getRequestURI();

if (null != userDto && //
(false == requestURI.startsWith(httpReq.getContextPath() + "/static/"))) {// 1-用户已登录

String accountId = "";// 登录账号ID

if (userDto instanceof AccountDto) {
accountId = ((AccountDto) userDto).getAccountId();
} else if (userDto instanceof CompanyAccountDto) {
accountId = ((CompanyAccountDto) userDto).getAccountId();
}

Sso sso = this.ssoManager.findByAccountId(accountId);

String sessionId4lastLogin = sso.getSessionId();

if (false == sessionId.equals(sessionId4lastLogin)) {// 2-但不是最后一次登录时的SessionId

boolean committed = httpRes.isCommitted();

if (false == committed) {
httpRes.sendRedirect(httpReq.getContextPath() + "/logout?isKickedOut=true");// 3-用户登出
return;
}

}
}

// pass the request along the filter chain
chain.doFilter(request, response);
}

/**
* @see Filter#init(FilterConfig)
*/
public void init(
FilterConfig fConfig) throws ServletException {
ServletContext context = fConfig.getServletContext();
ApplicationContext ctx = WebApplicationContextUtils.getWebApplicationContext(context);
ssoManager = (SsoManager) ctx.getBean("ssoManager");
}