From 798a5548f93219a7ebb397fb93c96bb35ea298b5 Mon Sep 17 00:00:00 2001
From: click33 <2393584716@qq.com>
Date: Mon, 16 Aug 2021 19:20:44 +0800
Subject: [PATCH] =?UTF-8?q?=E5=89=8D=E5=90=8E=E7=AB=AF=E5=88=86=E7=A6=BB?=
=?UTF-8?q?=E6=A8=A1=E5=BC=8F=E4=B8=8B=E6=8E=A5=E5=85=A5SSO=E7=9A=84?=
=?UTF-8?q?=E7=A4=BA=E4=BE=8B?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.../sa-token-demo-sso2-client-h5/index.html | 39 +++++++
.../sso-login.html | 91 +++++++++++++++
.../src/main/java/com/pj/h5/CorsFilter.java | 61 ++++++++++
.../src/main/java/com/pj/h5/H5Controller.java | 50 ++++++++
.../src/main/resources/application.yml | 3 +-
sa-token-doc/doc/sso/sso-cd.md | 107 +++++++++++++++++-
sa-token-doc/doc/sso/sso-type3.md | 2 +-
.../sa-token-solon-plugin/pom.xml | 2 +-
.../solon/model/SaRequestForSolon.java | 5 +
9 files changed, 356 insertions(+), 4 deletions(-)
create mode 100644 sa-token-demo/sa-token-demo-sso2-client-h5/index.html
create mode 100644 sa-token-demo/sa-token-demo-sso2-client-h5/sso-login.html
create mode 100644 sa-token-demo/sa-token-demo-sso2-client/src/main/java/com/pj/h5/CorsFilter.java
create mode 100644 sa-token-demo/sa-token-demo-sso2-client/src/main/java/com/pj/h5/H5Controller.java
diff --git a/sa-token-demo/sa-token-demo-sso2-client-h5/index.html b/sa-token-demo/sa-token-demo-sso2-client-h5/index.html
new file mode 100644
index 00000000..127a57d8
--- /dev/null
+++ b/sa-token-demo/sa-token-demo-sso2-client-h5/index.html
@@ -0,0 +1,39 @@
+
+
+
+
+ Sa-Token-SSO-Client端-测试页(前后端分离版)
+
+
+ Sa-Token SSO-Client 应用端(前后端分离版)
+ 当前是否登录:
+
+ 登录
+ 注销
+
+
+
+
+
diff --git a/sa-token-demo/sa-token-demo-sso2-client-h5/sso-login.html b/sa-token-demo/sa-token-demo-sso2-client-h5/sso-login.html
new file mode 100644
index 00000000..59092924
--- /dev/null
+++ b/sa-token-demo/sa-token-demo-sso2-client-h5/sso-login.html
@@ -0,0 +1,91 @@
+
+
+
+
+ Sa-Token-SSO-Client端-登录页
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/sa-token-demo/sa-token-demo-sso2-client/src/main/java/com/pj/h5/CorsFilter.java b/sa-token-demo/sa-token-demo-sso2-client/src/main/java/com/pj/h5/CorsFilter.java
new file mode 100644
index 00000000..02590e5a
--- /dev/null
+++ b/sa-token-demo/sa-token-demo-sso2-client/src/main/java/com/pj/h5/CorsFilter.java
@@ -0,0 +1,61 @@
+package com.pj.h5;
+
+import java.io.IOException;
+
+import javax.servlet.Filter;
+import javax.servlet.FilterChain;
+import javax.servlet.FilterConfig;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import org.springframework.core.annotation.Order;
+import org.springframework.stereotype.Component;
+
+/**
+ * 跨域过滤器
+ * @author kong
+ */
+@Component
+@Order(-200)
+public class CorsFilter implements Filter {
+
+ static final String OPTIONS = "OPTIONS";
+
+ @Override
+ public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain)
+ throws IOException, ServletException {
+ HttpServletRequest request = (HttpServletRequest) req;
+ HttpServletResponse response = (HttpServletResponse) res;
+
+ // 允许指定域访问跨域资源
+ response.setHeader("Access-Control-Allow-Origin", "*");
+ // 允许所有请求方式
+ response.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
+ // 有效时间
+ response.setHeader("Access-Control-Max-Age", "3600");
+ // 允许的header参数
+ response.setHeader("Access-Control-Allow-Headers", "x-requested-with,satoken");
+
+ // 如果是预检请求,直接返回
+ if (OPTIONS.equals(request.getMethod())) {
+ System.out.println("=======================浏览器发来了OPTIONS预检请求==========");
+ response.getWriter().print("");
+ return;
+ }
+
+ // System.out.println("*********************************过滤器被使用**************************");
+ chain.doFilter(req, res);
+ }
+
+ @Override
+ public void init(FilterConfig filterConfig) {
+ }
+
+ @Override
+ public void destroy() {
+ }
+
+}
diff --git a/sa-token-demo/sa-token-demo-sso2-client/src/main/java/com/pj/h5/H5Controller.java b/sa-token-demo/sa-token-demo-sso2-client/src/main/java/com/pj/h5/H5Controller.java
new file mode 100644
index 00000000..8fe645b3
--- /dev/null
+++ b/sa-token-demo/sa-token-demo-sso2-client/src/main/java/com/pj/h5/H5Controller.java
@@ -0,0 +1,50 @@
+package com.pj.h5;
+
+import org.springframework.web.bind.annotation.ExceptionHandler;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import cn.dev33.satoken.sso.SaSsoUtil;
+import cn.dev33.satoken.stp.StpUtil;
+import cn.dev33.satoken.util.SaResult;
+
+/**
+ * 前后台分离架构下集成SSO所需的代码
+ * @author kong
+ *
+ */
+@RestController
+public class H5Controller {
+
+ // 当前是否登录
+ @RequestMapping("/isLogin")
+ public Object isLogin() {
+ return SaResult.data(StpUtil.isLogin());
+ }
+
+ // 返回SSO认证中心登录地址
+ @RequestMapping("/getSsoAuthUrl")
+ public SaResult getSsoAuthUrl(String clientLoginUrl) {
+ String serverAuthUrl = SaSsoUtil.buildServerAuthUrl(clientLoginUrl, "");
+ return SaResult.data(serverAuthUrl);
+ }
+
+ // 根据ticket进行登录
+ @RequestMapping("/doLoginByTicket")
+ public SaResult doLoginByTicket(String ticket) {
+ Object loginId = SaSsoUtil.checkTicket(ticket);
+ if(loginId != null) {
+ StpUtil.login(loginId);
+ return SaResult.data(StpUtil.getTokenValue());
+ }
+ return SaResult.error("无效ticket:" + ticket);
+ }
+
+ // 全局异常拦截
+ @ExceptionHandler
+ public SaResult handlerException(Exception e) {
+ e.printStackTrace();
+ return SaResult.error(e.getMessage());
+ }
+
+}
diff --git a/sa-token-demo/sa-token-demo-sso2-server/src/main/resources/application.yml b/sa-token-demo/sa-token-demo-sso2-server/src/main/resources/application.yml
index c8b23222..672a5d0b 100644
--- a/sa-token-demo/sa-token-demo-sso2-server/src/main/resources/application.yml
+++ b/sa-token-demo/sa-token-demo-sso2-server/src/main/resources/application.yml
@@ -9,7 +9,8 @@ sa-token:
# Ticket有效期 (单位: 秒),默认五分钟
ticket-timeout: 300
# 所有允许的授权回调地址
- allow-url: http://sa-sso-client1.com:9001/sso/login, http://sa-sso-client2.com:9001/sso/login, http://sa-sso-client3.com:9001/sso/login
+ # allow-url: http://sa-sso-client1.com:9001/sso/login, http://sa-sso-client2.com:9001/sso/login, http://sa-sso-client3.com:9001/sso/login
+ allow-url: "*"
spring:
# Redis配置
diff --git a/sa-token-doc/doc/sso/sso-cd.md b/sa-token-doc/doc/sso/sso-cd.md
index 878cc3e8..e950031d 100644
--- a/sa-token-doc/doc/sso/sso-cd.md
+++ b/sa-token-doc/doc/sso/sso-cd.md
@@ -118,7 +118,112 @@ public SaResult ss(String name, String pwd) {
答:直接在前端更改点击按钮时 Ajax 的请求地址即可
-### 三、常见疑问
+### 三、前后端分离架构下的整合方案
+
+如果我们已有的系统是前后端分离模式,我们显然不能为了接入SSO而改造系统的基础架构,官方仓库的示例采用的是前后端一体方案,要将其改造为前后台分离架构模式非常简单
+
+以`sa-token-demo-sso2-client`为例:
+
+##### 3.1、新建`H5Controller`开放接口
+``` java
+/**
+ * 前后台分离架构下集成SSO所需的代码
+ */
+@RestController
+public class H5Controller {
+
+ // 当前是否登录
+ @RequestMapping("/isLogin")
+ public Object isLogin() {
+ return SaResult.data(StpUtil.isLogin());
+ }
+
+ // 返回SSO认证中心登录地址
+ @RequestMapping("/getSsoAuthUrl")
+ public SaResult getSsoAuthUrl(String clientLoginUrl) {
+ String serverAuthUrl = SaSsoUtil.buildServerAuthUrl(clientLoginUrl, "");
+ return SaResult.data(serverAuthUrl);
+ }
+
+ // 根据ticket进行登录
+ @RequestMapping("/doLoginByTicket")
+ public SaResult doLoginByTicket(String ticket) {
+ Object loginId = SaSsoUtil.checkTicket(ticket);
+ if(loginId != null) {
+ StpUtil.login(loginId);
+ return SaResult.data(StpUtil.getTokenValue());
+ }
+ return SaResult.error("无效ticket:" + ticket);
+ }
+
+ // 全局异常拦截
+ @ExceptionHandler
+ public SaResult handlerException(Exception e) {
+ e.printStackTrace();
+ return SaResult.error(e.getMessage());
+ }
+
+}
+```
+
+##### 3.2、增加跨域过滤器`CorsFilter.java`
+源码详见:[CorsFilter.java](https://gitee.com/dromara/sa-token/tree/master/sa-token-demo/sa-token-demo-sso2-client/src/main/java/com/pj/h5/CorsFilter.java),
+将其复制到项目中即可
+
+##### 3.3、新建前端项目
+任意文件夹新建前端项目:`sa-token-demo-sso2-client-h5`,在根目录添加测试文件:`index.html`
+``` xml
+
+
+
+
+ Sa-Token-SSO-Client端-测试页(前后端分离版)
+
+
+ Sa-Token SSO-Client 应用端(前后端分离版)
+ 当前是否登录:
+
+ 登录
+ 注销
+
+
+
+
+
+```
+
+##### 3.4、添加登录处理文件`sso-login.html`
+源码详见:[sso-login.html](https://gitee.com/dromara/sa-token/tree/master/sa-token-demo/sa-token-demo-sso2-client-h5/sso-login.html),
+将其复制到项目中即可,与`index.html`一样放在根目录下
+
+
+##### 3.5、测试
+先启动Server服务端与Client服务端,再随便找个能预览html的工具打开前端项目(比如[HBuilderX](https://www.dcloud.io/hbuilderx.html)),测试流程与一体版一致
+
+
+### 四、常见疑问
##### 问:在模式一与模式二中,Client端 必须通过 Alone-Redis 插件来访问Redis吗?
diff --git a/sa-token-doc/doc/sso/sso-type3.md b/sa-token-doc/doc/sso/sso-type3.md
index a97af5fd..15a810a4 100644
--- a/sa-token-doc/doc/sso/sso-type3.md
+++ b/sa-token-doc/doc/sso/sso-type3.md
@@ -116,7 +116,7 @@ public Object myinfo() {
}
```
-访问测试:[http://sa-sso-client2.com:9001/sso/myinfo](http://sa-sso-client2.com:9001/sso/myinfo)
+访问测试:[http://sa-sso-client1.com:9001/sso/myinfo](http://sa-sso-client1.com:9001/sso/myinfo)
diff --git a/sa-token-starter/sa-token-solon-plugin/pom.xml b/sa-token-starter/sa-token-solon-plugin/pom.xml
index 98fe5e49..a2eb342e 100644
--- a/sa-token-starter/sa-token-solon-plugin/pom.xml
+++ b/sa-token-starter/sa-token-solon-plugin/pom.xml
@@ -19,7 +19,7 @@
org.noear
solon
- 1.5.17
+ 1.5.24
diff --git a/sa-token-starter/sa-token-solon-plugin/src/main/java/cn/dev33/satoken/solon/model/SaRequestForSolon.java b/sa-token-starter/sa-token-solon-plugin/src/main/java/cn/dev33/satoken/solon/model/SaRequestForSolon.java
index 183e5ed8..2a491cf1 100644
--- a/sa-token-starter/sa-token-solon-plugin/src/main/java/cn/dev33/satoken/solon/model/SaRequestForSolon.java
+++ b/sa-token-starter/sa-token-solon-plugin/src/main/java/cn/dev33/satoken/solon/model/SaRequestForSolon.java
@@ -51,4 +51,9 @@ public class SaRequestForSolon implements SaRequest {
return ctx.method();
}
+ public Object forward(String path) {
+ ctx.forward(path);
+ return null;
+ }
+
}