/**
* 单一登录过滤器
*
* @author vernon.chen
*/
public class SsoFilter implements Filter {
private static Logger logger = LoggerFactory.getLogger(SsoFilter.class);
// @Autowired
private SsoManager ssoManager;
/**
* Default constructor.
*/
public SsoFilter() {
// nothing to do.
}
/**
* @see Filter#destroy()
*/
public void destroy() {
// nothing to do.
}
/**
* @see Filter#doFilter(ServletRequest, ServletResponse, FilterChain)
*/
public void doFilter(
ServletRequest request,
ServletResponse response,
FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpReq = (HttpServletRequest) request;
HttpServletResponse httpRes = (HttpServletResponse) response;
HttpSession session = httpReq.getSession();
String sessionId = session.getId();
UserDto userDto = (UserDto) SecurityUtils.getSubject().getSession().getAttribute(SysConstants.LOGIN_USER_INFO);
String requestURI = httpReq.getRequestURI();
if (null != userDto && //
(false == requestURI.startsWith(httpReq.getContextPath() + "/static/"))) {// 1-用户已登录
String accountId = "";// 登录账号ID
if (userDto instanceof AccountDto) {
accountId = ((AccountDto) userDto).getAccountId();
} else if (userDto instanceof CompanyAccountDto) {
accountId = ((CompanyAccountDto) userDto).getAccountId();
}
Sso sso = this.ssoManager.findByAccountId(accountId);
String sessionId4lastLogin = sso.getSessionId();
if (false == sessionId.equals(sessionId4lastLogin)) {// 2-但不是最后一次登录时的SessionId
boolean committed = httpRes.isCommitted();
if (false == committed) {
httpRes.sendRedirect(httpReq.getContextPath() + "/logout?isKickedOut=true");// 3-用户登出
return;
}
}
}
// pass the request along the filter chain
chain.doFilter(request, response);
}
/**
* @see Filter#init(FilterConfig)
*/
public void init(
FilterConfig fConfig) throws ServletException {
ServletContext context = fConfig.getServletContext();
ApplicationContext ctx = WebApplicationContextUtils.getWebApplicationContext(context);
ssoManager = (SsoManager) ctx.getBean("ssoManager");
}
单一登录过滤器
猜你喜欢
转载自vernonchen163.iteye.com/blog/2083092
今日推荐
周排行