尝试将URL参数从其他请求的URL移动到重定向的URL

时间:2019-06-27 12:40:36

标签: java spring-mvc redirect single-sign-on discourse

我正在尝试通过单点登录来设置Discourse平台的登录机制。在这一点上,它似乎正在运行,但是只有在用户已经登录到主站点后,该用户才能自动登录论坛。

我最终要实现的目标是;用户尝试登录论坛后,应立即重定向到主站点的“关于”页面,如果用户未登录主站点,则用户需要查看主站点的登录页面,并且在完成登录后,则需要再次将用户重定向到论坛。

因此,我在主站点中有一个专用于sso的url: example.com/ssoLogin 这是请求方法:

@GetMapping("/ssoLogin")
    String ssoRequest(RedirectAttributes redirectAttributes, @RequestParam String sso, @RequestParam String sig ) throws NoSuchAlgorithmException, InvalidKeyException, UnsupportedEncodingException {

        String a ="";

        if (checksum("I_love_sso", sso).equals(sig)){

            HttpSession session = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest().getSession();
            User loggedUser = (User) session.getAttribute("user");
            if(loggedUser!=null){

                String urlDecode = URLDecoder.decode(sso,"UTF-8");
                String nonce = new String(Base64.getUrlDecoder().decode(urlDecode.getBytes("UTF-8")));
                String urlEncode = nonce
                        + "&name=" + URLEncoder.encode(loggedUser.getName(),"UTF-8")
                        + "&username=" + URLEncoder.encode(loggedUser.getUsername(),"UTF-8")
                        + "&email=" + URLEncoder.encode(loggedUser.getEmail(),"UTF-8")
                        + "&external_id=" + URLEncoder.encode(Long.toString(loggedUser.getId()),"UTF-8");
                String urlBase64 = new String(Base64.getUrlEncoder().encode(urlEncode.getBytes("UTF-8")));
                int length = 0;
                int maxLength = urlBase64.length();
                final int STEP = 60;
                String urlBase64Encode = "";
                while (length < maxLength) {
                    urlBase64Encode += urlBase64.substring(length, length + STEP < maxLength ? length + STEP : maxLength) + "\n";
                    length += STEP;
                }
                a = "redirect:http://forum.example.com/session/sso_login?sso=" + URLEncoder.encode(urlBase64Encode,"UTF-8") + "&sig=" + checksum("I_love_sso",urlBase64Encode);
            }else{
                redirectAttributes.addAttribute("sso",sso);
                redirectAttributes.addAttribute("sig",sig);
                a="redirect:/login";
            }
        }
        return a;
    }

主站点登录页面的POST方法:

 @PostMapping("/login")
    ResponseEntity<?> loginRequest(@RequestParam String username, @RequestParam String password, @RequestParam(required = false)String sso, @RequestParam(required = false)String sig){

            try {
                authService.login(username, password);

                HttpSession session = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest().getSession();
                User loggedUser = (User) session.getAttribute("user");

            } catch (Exception e) {
                return ResponseEntity.ok(singletonMap("error", "Login credentials wrong!"));
            }
            if(sso==null && sig==null){
                return ResponseEntity.ok("/");
            }else{
                return ResponseEntity.ok("forum.example.com");
            }

    }

我的登录页面的GET方法:

@GetMapping("/login")
    String loginPage(@RequestParam(required = false) String sso, @RequestParam(required = false) String sig) {
        return "login";
    }

因此,在我的实现中,即使我认为sso和sig参数都已转换为重定向的URL,似乎也不起作用,因为我已重定向至主站点的主页。

0 个答案:

没有答案
相关问题
最新问题