package org.apereo.cas.web.flow; import java.net.URISyntaxException; import java.util.HashMap; import java.util.Map; import org.apache.http.client.utils.URIBuilder; import org.apereo.cas.CentralAuthenticationService; import org.apereo.cas.authentication.Authentication; import org.apereo.cas.authentication.AuthenticationException; import org.apereo.cas.authentication.AuthenticationResult; import org.apereo.cas.authentication.AuthenticationResultBuilder; import org.apereo.cas.authentication.AuthenticationSystemSupport; import org.apereo.cas.authentication.Credential; import org.apereo.cas.authentication.DefaultAuthenticationSystemSupport; import org.apereo.cas.authentication.principal.WebApplicationService; import org.apereo.cas.services.RegisteredService; import org.apereo.cas.services.ServicesManager; import org.apereo.cas.ticket.AbstractTicketException; import org.apereo.cas.ticket.InvalidTicketException; import org.apereo.cas.ticket.ServiceTicket; import org.apereo.cas.ticket.registry.TicketRegistrySupport; import org.apereo.cas.web.landtool.terra.TerraProperties; import org.apereo.cas.web.landtool.utils.HttpUtils; import org.apereo.cas.web.support.WebUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.util.StringUtils; import org.springframework.webflow.action.AbstractAction; import org.springframework.webflow.action.EventFactorySupport; import org.springframework.webflow.core.collection.LocalAttributeMap; import org.springframework.webflow.execution.Event; import org.springframework.webflow.execution.RequestContext; /** * @author Tanbin * @date 2018-12-12 */ public class GenerateServiceTicketAction extends AbstractAction { private CentralAuthenticationService centralAuthenticationService; private AuthenticationSystemSupport authenticationSystemSupport = new DefaultAuthenticationSystemSupport(); private TicketRegistrySupport ticketRegistrySupport; private ServicesManager servicesManager; @Autowired public TerraProperties properties; private static String mFalse="false"; @Override protected Event doExecute(RequestContext context) { WebApplicationService webApplicationService = WebUtils.getService(context); String ticketGrantingTicket = WebUtils.getTicketGrantingTicketId(context); try { Authentication authentication = this.ticketRegistrySupport.getAuthenticationFrom(ticketGrantingTicket); //进行判断,判断service是可以被该用户访问 String url=properties.getAdmissionQueryUrl(); //String url="http://192.168.1.40:8081/api/sys/systeminfo/isAdmitSysByUserid"; Map map =new HashMap<>(5); String rep = null; map.put("userid", authentication.getPrincipal().getId()); URIBuilder uriBuilder = null; try { uriBuilder = new URIBuilder(webApplicationService.getOriginalUrl()); } catch (URISyntaxException e1) { // TODO Auto-generated catch block e1.printStackTrace(); } String serv=uriBuilder.getHost(); try { rep= HttpUtils.get(url,map); } catch (Exception e) { // TODO Auto-generated catch block e.printStackTrace(); } if(rep==null||mFalse.equals(rep)){ System.out.print(rep); return new Event(this,"error"); } if (authentication == null) { throw new InvalidTicketException(new AuthenticationException("No authentication found for ticket " + ticketGrantingTicket), ticketGrantingTicket); } RegisteredService registeredService = this.servicesManager.findServiceBy(webApplicationService); WebUtils.putRegisteredService(context, registeredService); WebUtils.putService(context, webApplicationService); WebUtils.putUnauthorizedRedirectUrlIntoFlowScope(context, registeredService .getAccessStrategy().getUnauthorizedRedirectUrl()); if (WebUtils.getWarningCookie(context)) { return result("warn"); } Credential credential = WebUtils.getCredential(context); AuthenticationResultBuilder builder = this.authenticationSystemSupport.establishAuthenticationContextFromInitial(authentication, credential); AuthenticationResult authenticationResult = builder.build(webApplicationService); ServiceTicket serviceTicketId = this.centralAuthenticationService.grantServiceTicket(ticketGrantingTicket, webApplicationService, authenticationResult); WebUtils.putServiceTicketInRequestScope(context, serviceTicketId); return success(); } catch (AbstractTicketException e) { if (e instanceof InvalidTicketException) { this.centralAuthenticationService.destroyTicketGrantingTicket(ticketGrantingTicket); } if (isGatewayPresent(context)) { return result("gateway"); } return newEvent("authenticationFailure", e); } } public void setCentralAuthenticationService(CentralAuthenticationService centralAuthenticationService) { this.centralAuthenticationService = centralAuthenticationService; } public void setAuthenticationSystemSupport(AuthenticationSystemSupport authenticationSystemSupport) { this.authenticationSystemSupport = authenticationSystemSupport; } public void setTicketRegistrySupport(TicketRegistrySupport ticketRegistrySupport) { this.ticketRegistrySupport = ticketRegistrySupport; } public void setServicesManager(ServicesManager servicesManager) { this.servicesManager = servicesManager; } protected boolean isGatewayPresent(RequestContext context) { return StringUtils.hasText(context.getExternalContext() .getRequestParameterMap().get("gateway")); } private Event newEvent(String id, Exception error) { return (new EventFactorySupport()).event(this, id, new LocalAttributeMap("error", error)); } }