#1.5试用许可微服务化
内部接口:
https://sso.supermap.com/v101/cas/ua/getinfo?userId=592862
现有解决方案: https://my.oschina.net/huangyong/blog/198519登录跨域问题
https://blog.csdn.net/fireofjava/article/details/82392260?utm_medium=distribute.pc_relevant_bbs_down.none-task-blog-baidujs-2.nonecase&depth_1-utm_source=distribute.pc_relevant_bbs_down.none-task-blog-baidujs-2.nonecase
解决1:https://www.iteye.com/blog/gogo1217-2425080
https://blog.csdn.net/qq_26769513/article/details/102835031
https://blog.csdn.net/sd5156990/article/details/85777149?utm_medium=distribute.pc_relevant.none-task-blog-baidujs_title-2&spm=1001.2101.3001.4242
Access to XMLHttpRequest at 'https://sso.supermap.com/v101/cas/login?service=http%3A%2F%2F127.0.0.1%3A8080%2Fapi%2Fweb%2Ftimelicense%2Ftrial%2Fumail' (redirected from 'http://127.0.0.1:8030/api/web/timelicense/trial/umail') from origin 'http://127.0.0.1:8030' has been blocked by CORS policy: Response to preflight request doesn't pass access control check: No 'Access-Control-Allow-Origin' header is present on the requested resource.bug
select * from online_timelicensetrial where date=(select max(date) from online_timelicensetrial where userId= 592937)
时间如果一样,会查询出多条导致sql异常
select id,name,phone,email,signature,product,series,date,userName,company,zone,userId from online_timelicensetrial where userId = 592937 order by date,id desc limit 1
select * from online_timelicensetrial where date=(select max(date) from online_timelicensetrial where userId=#{userId});1.接口
umail接口
http://127.0.0.1:8030/api/web/timelicense/trial/umail
1. 根据userId查询SSO的User信息(内部接口)
2. 根据userId查询数据库表online_timelicensetrial信息(亚运新加的202006月),最新时间的试用许可记录
3. 返回user信息给页面
applyTrialLicense接口
http://127.0.0.1:8030/api/web/timelicense/trial
1. 前端文件传输类型(页面信息),后端解析
2. 日志记录(亚运写的)
3. 申请试用许可
1. 试用许可信息存入online_timelicensetrial
2. 访问许可服务,返回xml文件内容,写入file中(根据勾选的文件组成files数组)
3. 发送邮件2.sql
onlinegishost数据库:
online_timelicensetrial3.js
前端页面刷新
TrailLicenseResource.js => umail接口1. umail接口从request里拿userId
3. 发邮件
5. 与前端交互 (nigix) √
6. 登录
4. 日志及之日输出
2. 文件上传、下载
https://github.com/apereo/java-cas-client本地mk登录本地SSO
cloudmanagementsetting.properties
#setting.ssoDomain=http://127.0.0.1:8080
setting.ssoDomain=https://sso.supermap.com
account-service.context-path=/v101/cas
#account-service.context-path=/cas
shiro.ini
casConfiguration.loginUrl = https://sso.supermap.com/v101/cas/login
#casConfiguration.loginUrl = http://127.0.0.1:8080/cas/loginspringboot整合cas流程
1. 访问umail接口,启动类有@EnableCasClient,一系列filter拦截
SingleSignOutFilter -> 自定义filter -> AbstractTicketValidationFilter(判断连接是否带有ticket) -> AuthenticationFilter
AbstractTicketValidationFilter 从request中取链接是否带有ticket,有则带着ticket访问cas服务
AuthenticationFilter 从session中取username,没有则重定向到cas服务端登录
流程
第一次登录
(1)
http://127.0.0.1:8030/api/web/timelicense/trial/umail
AbstractTicketValidationFilter 从request中取链接是否带有ticket,没有;
AuthenticationFilter 从session中取username,没有则重定向到cas服务端登录:
https://sso.supermap.com/v101/cas/login?service=http%3A%2F%2F127.0.0.1%3A8080%2Fapi%2Fweb%2Ftimelicense%2Ftrial%2Fumail
(2)
http://127.0.0.1:8080/api/web/timelicense/trial/umail?ticket=ST-54-99e5zE95XekHbkplPmyw-sso.supermap.com
有ticket被AbstractTicketValidationFilter拦截,访问CAS服务端的验证ticket的接口serviceValidate:
https://sso.supermap.com/v101/cas/serviceValidate?ticket=ST-54-99e5zE95XekHbkplPmyw-sso.supermap.com&service=http%3A%2F%2F127.0.0.1%3A8080%2Fapi%2Fweb%2Ftimelicense%2Ftrial%2Fumail
返回:
错误:
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
<cas:authenticationFailure code='INVALID_TICKET'>
Ticket 'ST-54-99e5zE95XekHbkplPmyw-sso.supermap.com' not recognized
</cas:authenticationFailure>
</cas:serviceResponse>
正确:
<cas:serviceResponse xmlns:cas='http://www.yale.edu/tp/cas'>
<cas:authenticationSuccess>
<cas:user>liuchenyun</cas:user>
<cas:attributes>
<cas:nickname>liuchenyun</cas:nickname>
<cas:tel>13883190518</cas:tel>
<cas:userId>592862</cas:userId>
<cas:email></cas:email>
</cas:attributes>
</cas:authenticationSuccess>
</cas:serviceResponse>
赋值session
request.setAttribute("_const_cas_assertion_", assertion);
request.getSession().setAttribute("_const_cas_assertion_", assertion);
Set-Cookie: JSESSIONID=277FD27D9E1974DF546251910D092F48;
再次redirect:http://127.0.0.1:8080/api/web/timelicense/trial/umail
AuthenticationFilter,session有usernmae,直接访问接口环境变量
${TRIALLICENSE_SSO_SERVER_URL} https://sso.supermap.com/v101
${TRIALLICENSE_CAS_CLIENT_HOST_URL} http://127.0.0.1:8080
${TRIALLICENSE_DATABASE_URL} 39.100.90.131
${TRIALLICENSE_DATABASE_PORT} 8306
${TRIALLICENSE_DATABASE_USERNAME} root
${TRIALLICENSE_DATABASE_PASSWORD} 123456
#本地sso
#cas:
# #客户端访问地址
# client-host-url: http://127.0.0.1:8081
# redirect-after-validation: true
# #cas服务端的登录地址
# server-login-url: http://127.0.0.1:8080/cas/login
# #cas服务端的地址
# server-url-prefix: http://127.0.0.1:8080/cas
# single-logout:
# enabled: true
# validation-type: CAS尝试jsonp
TrailLicenseResource.js
umail : function(successHandle, failureHandle) {
var url = this.resourceUrl + "umail123";
// var url = "http://127.0.0.1:8080/api/web/timelicense/trial/umail"
this.sendRequest(url, "GET", "jsonp", null, successHandle, failureHandle);
},
showData: function (data) {
console.info("调用showData");
var result = JSON.stringify(data);
}
***************
CommonResource.js
sendRequest123 : function(url, type, dataType, data, successHandle, failureHandle) {
this.sendRequestSync123(url, type, true, dataType, data, successHandle, failureHandle);
},
sendRequestSync : function(url, type, async, dataType, data, successHandle, failureHandle) {
var options = {
url : url,
type : type || "GET",
async : async,
dataType : dataType || this.dataType,
contentType : "application/json; charset=UTF-8",
data : data,
jsonp: "theFunction",
jsonpCallback: "showData",
success: function (data) {
var result = JSON.stringify(data)
alert(result)
}
};
$.ajax(options).done(function(datas) {
if (successHandle) {
successHandle(datas);
}
}).fail(function(xhr, textStatus, errorThrown) {
if (failureHandle) {
failureHandle(xhr, textStatus, errorThrown);
}
});
}解决方案
sendRequestSync123 : function(url, type, async, dataType, data, successHandle, failureHandle) {
var options = {
url : url,
type : type || "GET",
async : async,
dataType : dataType || this.dataType,
contentType : "application/json; charset=UTF-8",
data : data,
};
$.ajax(options).done(function(datas) {
if (successHandle) {
successHandle(datas);
}
}).fail(function(xhr, textStatus, errorThrown) {
if (failureHandle) {
failureHandle(xhr, textStatus, errorThrown);
if (textStatus === 'error' && errorThrown === '' && xhr.status === 0) {
let iFrame = $('<iframe>', {
src: url,
style: 'display: none'
});
iFrame.appendTo('body');
iFrame.load(function() {
location.reload();
})
}
}
});
},2.文件类型拿不到
1. 以前是jersey接口通过,apache的文件类获取request
2. 现在是springmvc接口,apache的file拿不到,springnvc封装了,所以特使处理3.登录信息拿不到
1. 以前是从jersey提供的provider获取
2. 现在是直接从session里拿