3.3预研基于iportal新版UI实现sso登录
官网同步登录: 每次刷新尝试去做一次登录项目 mokeyking , sso , iportal ,iportal-webui
预研流程:
1. portal 点登录 出现sso的弹窗登录 portal对接sso, 新的webui如何修改?
2. mk 引入 portal 替换登录流程 新的webui如何修改?
大致思路
1. 登录前:弹窗登录
内网portal对接sso,看以前页面是如何修改的 来确定新webui如何修改
2. 登录后:进入mk登录##一、portal对接sso
###1.内网tomcat启动sso
由于portal源代码在内网,需要基于内网环境实现sso(内网环境没有外网,不能对接线上sso),只能本地tomcat启动sso####1.tomcat启动sso.war
1. 改名
accounts-1.2.0-SNAPSHOT.war 改为 cas.war
CASManager-1.2.0-SNAPSHOT.war 改为 accounts
反转名字的原因可能是打包时,项目名时 取名字反了(推测)
启动tomcat解压2. 修改配置文件
_____________________________________________________________
application.properties:
#extrct url config
#service.http-schema=${HTTP_SCHEME}
#service.domain=${SERVICE_DOMAIN}
# #´Ë´¦contextPathÈçΪ¿Õ£¬Ö»ÄÜÅäÖÃΪ"",²»ÄÜÅäÖÃΪ"/"
#cas-service.context-path=${CAS_SERVICE}
#account-service.context-path=${ACCOUNT_SERVICE}
# #ssoµÇ¼֮ºóµÄĬÈÏ»ØÌøµØÖ·
#icloud.default.serviceUrl=http\://${ONLINE_ROOT_URL}/shiro-cas
#onlineRootUrl=${HTTP_SCHEME}://${ONLINE_ROOT_URL}
#DB config
DBConfig.IP=39.100.90.131
DBConfig.PORT=8306
DBConfig.DBNAME=cas
DBConfig.USERNAME=root
DBConfig.PASSWORD=123456
#CreatUserIpWhiteList(value¸ñʽΪcfg4j¹æ¶¨µÄmap¸ñʽ ex: a=v1,b=v1)
ip-whitelist.account-create= liuchenyun=127.0.0.1
#ip°×Ãûµ¥
#ip-whitelist.account-update=127.0.0.1;182.92.192.70;123.56.98.26;123.57.138.204;47.93.119.7
ip-whitelist.account-update=127.0.0.1
#VT²âÊÔÕ˺Å
TEST_PHONE_LIST=10521693851,10296332424
TEST_EMAIL_LIST=10521693851_test@qq.com,10296332424_test@qq.com
TEST_VERIFYCODE=829180
#ä¯ÀÀÆ÷°×Ãûµ¥£ºÓÃÓڼǼÓû§»îÔ¾¶ÈÈÕÖ¾
browser-whitelist.user-activity=Mozilla,Opera,UC
_________________________________________________________-
cas.properties
#extrct url config
service.http-schema=http
service.domain=127.0.0.1:8080
cas-service.context-path=/cas
account-service.context-path=/account
cas-service.root-url=${service.http-schema}://${service.domain}${cas-service.context-path}
account-service.root-url=${service.http-schema}://${service.domain}${account-service.context-path}
serverName=${service.http-schema}://${service.domain}
onlineRootUrl=http://127.0.0.1:8099
#Created by JInto - www.guh-software.de
#Wed Oct 28 16:29:08 CST 2015
cas.securityContext.status.allowedSubnet=127.0.0.1
cas.themeResolver.defaultThemeName=cas-theme-default
cas.viewResolver.basename=default_views
host.name=${service.domain}
icloud.default.serviceUrl=http\://127.0.0.1:8099/shiro-cas
icloud.resultUrl=$(server.prefix)/result.html
icloud.usermanager.url=${account-service.root-url}/manager/manager.do?manager=accountInfo
password.policy.url=https\://password.example.edu/change
password.policy.warnAll=false
password.policy.warningDays=30
register.validateUrl=${server.prefix}/mailvalidate
server.name=${service.http-schema}://${service.domain}
server.prefix=${cas-service.root-url}
#ip白名单
ip-whitelist.account-update=127.0.0.1
# IPList=127.0.0.1;
IPList=${ip-whitelist.account-update}
#CreatUserIpWhiteList(value格式为cfg4j规定的map格式 ex: a=v1,b=v1)
ip-whitelist.account-create= DebugChengduLocal=127.0.0.1,liuyytest=119.6.63.64
#publicKeyForPass
publicKeyForPass=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQCzFy12JLb0MeyKiefVNEuU7kR0VH32rO38jyV1pruW727j6EbClyRHcGQagal5s+oGDN+gl3T72d7yT290crU9dVdet94aPPYfK3SPtpdfEB0dcUvCD1w0Yc/uybUoGe5L5Yl+lRa9u55xNpXfphEVYaSqr2j3RtpyJg49uz1s5QIDAQAB
privateKeyForPass=MIICdgIBADANBgkqhkiG9w0BAQEFAASCAmAwggJcAgEAAoGBALMXLXYktvQx7IqJ59U0S5TuRHRUffas7fyPJXWmu5bvbuPoRsKXJEdwZBqBqXmz6gYM36CXdPvZ3vJPb3RytT11V1633ho89h8rdI+2l18QHR1xS8IPXDRhz+7JtSgZ7kvliX6VFr27nnE2ld+mERVhpKqvaPdG2nImDj27PWzlAgMBAAECgYEAg0hYUST04OnABoa1Zfth9Jj9oXFWrX9zLhMZWLeTCEAYwAVD6d22AJCJMU0fmVGkGi9Rt32PihfacTJ995Um+d09Z74pR8Tnt4J3XT7Wyzrzy0yOKW8p5v7PILMMC9uDeiur41Ggz58USmamoNIjJF+W+H3U2IFL4eij6ZSbh8ECQQDrMbyB2o1aalJhBB0YjkMauyIRohXXfuwLK6bQVevfYA9x4drJ3UGRnx1Nbhxxd3AwUaZyDPBJ2Hp9lzCGfCTdAkEAwu7nJ9hFb+hmPq9T2/GhduKi0emQRIHtT2/L3lHYRp+OVi/eCe6BA4OhewRRqzH9QBlOfuqT/q3HVbupkVyDqQJAEeLeayGrzkx3p1kgvVVUVRwWIzEoaBMG8HKJZR6jqYEsq4R5lxB0hBaNq+3Ly/VBWutatSG2xGbqKdLtpcybIQJAQIF8HtRTjgeypfWw42yfSM8QoDQRGIqCNDJDnWsqDZzJJj4q1NCHAtmxOxsfx24AZxC4yAjqNnHdL8KtBzw9GQJAW4i4FVCdtY0VKJOls794VpPYM82JmpjtTL8O8HwWmWwQOCwxoSexhM5OpW4uCs8K/6WuLTIyYSzDwYi2ukO3yA==
_________________________________________________________________________
cas-service.properties
#extrct url config
service.http-schema=http
service.domain=127.0.0.1:8080
cas-service.context-path=/cas
account-service.context-path=/account
cas-service.root-url=${service.http-schema}://${service.domain}${cas-service.context-path}
account-service.root-url=${service.http-schema}://${service.domain}${account-service.context-path}
#adapt exsit url config
casServerUrlPrefix=${cas-service.root-url}
serverName=${service.http-schema}://${service.domain}
casServerLoginUrl=${cas-service.root-url}/login
casClientRedirectUrl=${account-service.root-url}/manager/manager.do?manager=accountInfo
onlineRootUrl=http://127.0.0.1:8080application.properties(主要):
DBConfig.IP=39.100.90.131
DBConfig.PORT=8306
DBConfig.DBNAME=cas
DBConfig.USERNAME=root
DBConfig.PASSWORD=123456
——————————————————————————————————————————
cas.properties
cas-service.context-path=/cas
account-service.context-path=/account
#portal的地址
onlineRootUrl=http://127.0.0.1:8099
icloud.default.serviceUrl=http\://127.0.0.1:8099/shiro-cas
______________________________________________
cas-service.properties
cas-service.context-path=/cas
account-service.context-path=/account
onlineRootUrl=http://127.0.0.1:8080http://127.0.0.1:8080/cas/login?service=http%3A%2F%2F127.0.0.1%3A8080%2Faccount%2Fmanager%2Fmanager.do%3Fmanager%3DaccountInfo####2.iportal内网转换online
看以前资料Online搭建
wiki: https://wiki.ispeco.com/pages/viewpage.action?pageId=58753143#app-switcher online产品调试配置
1.iserver-debug更改AppServer启动时为IPortal产品类型
2.profile更改iportal,
2.1启动路径:webAppContext.setContextPath("/");
3.iserver-debug工程下iportal.xml添加online定制标签,此处会启用online的ui,mapViewer和sceneViewer的版本也会切换到新版
<!--online定制标签,此处会启用online的ui,mapViewer和sceneViewer的版本也会切换到新版-->
<portalCustomSetting>
<customType>SuperMapOL</customType>
</portalCustomSetting>
4.复制ibase-modules\server-host-model\src\main\resources\com\supermap\server\host\webapp下的handlers.xml文件到iserver-debug\src\test\resources\iserver\WEB-INF下
添加
.......
<value>extendWebHandler</value>
<value>iCloudWebHandler</value>
......
<bean id="iCloudWebHandler" class="com.supermap.server.host.webapp.handlers.HandlerInfo">
<property name="classPath" value="com/supermap/icloud/web/ICloudWebHandler.xml"/>
<property name="standalone" value="true"/>
</bean>
<bean id="extendWebHandler" class="com.supermap.server.host.webapp.handlers.HandlerInfo">
<property name="type" value="com.supermap.server.host.webapp.handlers.ExtendWebHandler"/>
<property name="priority" value="500"/>
</bean>
5.
1)\distribution\online\jars\custom_files\IPortalWebHandler.xml 替换 \iportal-modules\iportal-web\src\main\resources\com\supermap\iportal\web\IPortalWebHandler.xml
2)\distribution\online\WEB-INF_online_iportal\IportalWebHandler.properties 复制 iserver-debug\src\test\resources\iserver\WEB-INF下
3)\distribution\online\jars\custom_files\extendManagerResources.xml 复制 \modules\services-rest-management\src\main\resources\config\rest\下
4) \distribution\online\jars\custom_files\ManagerConfigAppContext.xml 替换 \modules\services-rest-management\src\main\resources\config\rest\ManagerConfigAppContext.xml
5)\distribution\online\WEB-INF_online_basic_iserver\iserver-system.xml 替换 \iserver-debug\src\test\resources\iserver\WEB-INF\iserver-system.xml
6.iserver-debug下pom.xml添加
<!--online-->
<dependency>
<groupId>com.supermap.online</groupId>
<artifactId>sites-develop</artifactId>
<version>${online.version}</version>
</dependency>
<dependency>
<groupId>com.supermap.online</groupId>
<artifactId>supermap-online-services</artifactId>
<version>${online.version}</version>
</dependency>
<dependency>
<groupId>com.supermap.online</groupId>
<artifactId>hosteddata-portal</artifactId>
<version>${online.version}</version>
</dependency>
<dependency>
<groupId>com.supermap.online</groupId>
<artifactId>portal-extend</artifactId>
<version>${online.version}</version>
</dependency>
<!-- 包含新版的MapViewer和新版的sceneViwer -->
<dependency>
<groupId>com.supermap.iportal</groupId>
<artifactId>iportal-apps</artifactId>
<version>${iportal.version}</version>
</dependency>
7.\iserver-debug\src\test\resources\iserver\WEB-INF下shrio.ini
下列三行:
config = com.supermap.services.security.Config
pac4jSubjectFactory = com.supermap.services.security.DenySupportedWebSubjectFactory
修改为:
config = com.supermap.online.security.pac4j.config.Pac4jConfig
pac4jSubjectFactory = com.supermap.icloud.security.ICloudDenySupportedWebSubjectFactory
8.编辑iserver-debug\src\test\resources\iserver\WEB-INF\shiro.ini文件,添加如下配置:
在 /app/viewer/* 之前,添加 /apps/viewer/*/share** = anon
在 /web/maps/* 之前,添加/web/maps/*/share** = anon
问题:我看上一任是在 \icloud-modules\online-portal-extends\portal-extend\src\test\resources\config\compatible_with_pac4j\shiro.ini修改的
在 /apps/viewer/* 之前,添加/apps/viewer/*/share** = anon
在 /web/maps/* 之前,添加 /web/maps/*/share** = anon
9.复制distribution\online\Package\src\main\release_Online_Portal\webapps\iportal\resources\html 文件夹前端页面放在\iserver-debug\src\test\resources\iserver\resources下
10.shiro.ini替换\iserver-debug\src\test\resources\iserver\WEB-INF下shrio.ini
shiroCustomUrls.ini 赋值到 \iserver-debug\src\test\resources\iserver\WEB-INF下
11.\iserver-debug\src\test\resources\iserver\WEB-INF\iportaldata\iportal.db
\iserver-debug\src\test\resources\iserver\WEB-INF\iserver-security.db
users表:username 和cas库的users表id对应; user_roles表 roidid设置3,4,5
12.cas数据库
DBConfig.IP=127.0.0.1
DBConfig.PORT=3306
DBConfig.DBNAME=cas
DBConfig.USERNAME=root
DBConfig.PASSWORD=root####3.最简portal对接sso
1.
<portalCustomSetting>
<customType>SuperMapOL</customType>
</portalCustomSetting>
2.
<dependency>
<groupId>com.supermap.online</groupId>
<artifactId>hosteddata-portal</artifactId>
<version>${online.version}</version>
</dependency>
<dependency>
<groupId>com.supermap.online</groupId>
<artifactId>portal-extend</artifactId>
<version>${online.version}</version>
</dependency>
3.
shiro.ini和shirocusurl.ini是k8s的portal的配置文件替换###2、外网online-portal对接webui对接tomcat版sso
tomcat版sso的端口不要8080,会与webui重复###3.webui对接k8s
判断登录接口:http://127.0.0.1:8080/web/config/userprofile.json
登录:
{"editableWebApps":["DATAVIZ","DATAINSIGHTS","MAPSTYLER","EARTH","MAPDASHBOARD","APPBUILDER"],"nickName":"liuchenyun","modulePermissions":["portal:user:viewDashboards","portal:user:viewNotebooks","portal:user:createUpdateDeleteDashboards","portal:user:viewScenes","portal:user:viewMaps","portal:user:batchAddScenes","portal:creator:generalPrivilege","portal:user:createUpdateDeleteApps","portal:user:createUpdateDeleteGroups","portal:user:applyForAccessToResources","portal:user:addUpdateDeleteServices","portal:user:shareMaps","portal:user:viewGroups","portal:user:viewData","portal:user:batchAddMaps","portal:user:viewServices","portal:user:joinGroup","portal:user:viewApps","portal:user:shareScenes","portal:user:createUpdateDeleteScenes","portal:user:viewInsights","portal:user:createUpdateDeleteInsights","portal:user:createUpdateDeleteNotebooks","portal:user:shareDashboards","portal:user:generalPrivilege","portal:user:shareInsights","portal:user:shareApps","portal:viewer:generalPrivilege","portal:user:createUpdateDeleteMaps","portal:user:shareServices","portal:user:shareNotebooks"],"roles":["PORTAL_USER"],"theme":null,"userName":"liuchenyun","type":"CREATOR","version":"1.0.0"}
没登录:
{"editableWebApps":["DATAVIZ","DATAINSIGHTS","MAPSTYLER","EARTH","MAPDASHBOARD","APPBUILDER"],"nickName":"GUEST","modulePermissions":[],"roles":[],"theme":null,"userName":"GUEST","type":null,"version":"1.0.0"}
{"editableWebApps":["DATAVIZ","DATAINSIGHTS","MAPSTYLER","EARTH","MAPDASHBOARD","APPBUILDER"]}
注意:
故意在后面拼接参数,混淆response结果
https://itest.supermapol.com/web/config/userprofile.json?scope=%5B%22editableWebApps%22%5D####1.本地nginx
userprofile.json接口
因为登录的域是 192.168.13.117,所以在本地转发请求userprofile.json接口拿不到登录信息
####2.写死在前端
只有portal登录就行,只是####3.k8s修改nginx
192.168.13.117能拿到所以后端接口数据(因为在k8s环境中)
127.0.0.1本地机器,能拿到所有静态数据
so,k8s转发本地的静态资源
缺点慢
#webui
location /web-ui {
proxy_pass http://192.168.13.116:8080;
}
location /js {
proxy_pass http://192.168.13.116:8080;
}
location /css {
proxy_pass http://192.168.13.116:8080;
}
location /less {
proxy_pass http://192.168.13.116:8080;
}
location /sockjs-node {
proxy_pass http://192.168.13.116:8080;
}
location /resources/config {
proxy_pass http://192.168.13.116:8080;
}
location /resources/web-ui/extend/home {
proxy_pass http://192.168.13.116:8080;
}
location /sockjs-node/330/b3dslrmd {
proxy_pass http://192.168.13.116:8080;
}
location /images {
proxy_pass http://192.168.13.116:8080;
}
location /fonts {
proxy_pass http://192.168.13.116:8080;
}
location /rdc.ispeco.com {
proxy_pass http://192.168.13.116:8080;
}##二、弹窗登录
https://gitee.com/isupermap/authentication-ui
https://gitee.com/isupermap/js_commons_ssohttp://127.0.0.1:8190/iportal/web/login?popup=true&id=login_window981&callBackName=reCallBack
http://127.0.0.1:8190/iportal/web/login?popup=true&id=login_window951&callBackName=reCallBack
http://127.0.0.1:8190/iportal/web/login?popup=true&id=login_window871&callBackName=reCallBack
login_window981不同
loginWindow.js
iportalHeader.js
login.js
users.js
http://192.168.13.195:30880/v101/cas/login?service=http%3A%2F%2F192.168.13.117%2Fshiro-cas
http://192.168.13.117/web/login?popup=true&id=login_window749&callBackName=reCallBack####1.调试
访问url,login.vue里打断点
http://127.0.0.1:8080/web-ui/login
获取扩展登录配置
resources/web-ui/extend/login/config.json
sdk 生成 这个url,去访问portal下authentication-ui.jar的index.html
https://www.supermapol.com/apps/authentication-ui/index.html#rootUrl=https%3A%2F%2Fwww.supermapol.com%2F
docker exec -it 37c415b1311d /bin/bash
cd /etc/icloud/SuperMapOnlineiPortal/webapps/iportal/WEB-INF/lib
webjar-authentication-ui-11.0.0-20210222.011825-13.jar
docker cp /usr/local/k8s/webjar-authentication-ui-11.0.0-20210222.011825-13.jar a418f384b861:/etc/icloud/SuperMapOnlineiPortal/webapps/iportal/WEB-INF/lib
docker cp a418f384b861:/etc/icloud/SuperMapOnlineiPortal/webapps/iportal/WEB-INF/lib /usr/local/k8s/if (path === '/login') {
// if (this.systemConfig.keycloakEnable) {
// window.open(Utility.getRootUrl() + 'keycloak-login',"_self");
// } else if (this.systemConfig.casSetting.enabled && !this.systemConfig.casSetting.isReserveSystemAccount) {
// window.open(this.systemConfig.casSetting.loginUrl,"_self");
// } else {
// this.currentTab = 'login';
// }
window.isSuperMapOL = true;
window.casEnble = true;
if(window.casEnble){
new Authenticate({
loginOptions:{
rootUrl:"https://www.supermapol.com/"
},
onSucceed: (result) =>{
console.log("result:"+result);
},
destroyAfterSuccess: true
}).create();
}
window.parent.window.SuperMapSSO.closeMe("redirect_login_1615960686612","reCallBack");window.isSuperMapOL = true;
if(systemConfig.isSuperMapOL){
new Authenticate({
loginOptions:{
// rootUrl:"http://192.168.13.117/"
rootUrl:"https://www.supermapol.com/"
// rootUrl:"http:127.0.0.1/"
},
onSucceed: (result) =>{
}
// destroyAfterSuccess: true
}).create();
}
http://192.168.13.117/apps/authentication-ui/index.html####2.原来流程
Header.vue
<!-- 未登录时显示登录注册按钮 -->
<div v-if="!userState || userState.userName === 'GUEST'" class="no-login">
<span @click="openLoginPage">{{$t("signIn")}}</span>
<span @click="openRegisterPage" v-if="showRegisterBtn">{{$t("signUp")}}</span>
</div>
// 打开用户登录页面
openLoginPage(){
let systemConfig = this.$store.getters['portalConfig/getSystemConfig'];
if (systemConfig.casSetting.enabled && !systemConfig.casSetting.isReserveSystemAccount){
let url = systemConfig.casSetting.loginUrl;
window.location.href = url;
} else {
let query = {};
if (window.location.href.indexOf('error-page') !== -1){
query["backUrl"] = this.$route.query.backUrl;
} else {
query = this.$route.query;
query["backUrl"] = this.$route.path;
}
this.$router.push({path:'/login',query:query});
}
},####3.成功回调
{type: "AUTHENTICATION", data: {…}}
data:
success: true
user:
name: "1"
nickname: "111111"
theme: null
__proto__: Object
__proto__: Object
type: "AUTHENTICATION"
__proto__: Object二、现有mokeyking项目如何登录
2016/4/8
2016/4/14
2016/6/8##三、部署在k8s
FX-魏周杰 9:52:35
registry.cn-hangzhou.aliyuncs.com/weizhoujie/iportal-web-ui:latest
FX-魏周杰 9:53:14
docker login --username=今天不想写代码a registry.cn-hangzhou.aliyuncs.com
FX-魏周杰 9:53:23
密码是WZJ011216a
docker run -e IPORTAL_SERVER=http://192.168.13.195:30003 -d -p 9090:80 registry.cn-hangzhou.aliyuncs.com/weizhoujie/iportal-web-ui:latest1. 把静态文件放入nginx里,配置一些资源转发(本地用node没有转发)
server {
listen 80;
server_name localhost;
port_in_redirect off;
autoindex on;
location /gateway {
proxy_pass iportal_server;
}
location /web {
proxy_pass iportal_server;
}
location ^~/resources/thumbnail{
proxy_pass iportal_server;
}
location /resources {
proxy_set_header Host $http_host;
proxy_pass iportal_server;
}
location / {
root /usr/share/nginx/html/web-ui;
index index.html index.htm;
}
location /web-ui {
root /usr/share/nginx/html;
index index.html index.htm;
#if ( -d $request_filename ){
#rewrite ^/(.*)([^/])$ http://$host/$1$2/ permanent;
#}
#try_files $uri $uri/ /web-ui/index.html;
}
location /web-ui/home {
try_files $uri $uri/ /index.html;
}
error_page 500 502 503 504 /50x.html;
location = /50x.html {
root /usr/share/nginx/html;
}
}
2. docker run -e IPORTAL_SERVER=http://192.168.13.195:30003 -d -p 9090:80 registry.cn-hangzhou.aliyuncs.com/weizhoujie/iportal-web-ui:latest
替换nginx里的 iportal_server
#webui
location /web-ui {
proxy_pass http://192.168.13.117:9090;
}
location /resources/web-ui {
proxy_pass http://192.168.13.117:9090;
}##四、构建
http://ci.ispeco.com:90/buildConfiguration/Webapps_AuthenticationUiDistribute?mode=branches#all-projects##五、调试登录组件
1.Header.vue 现在换成了OnlineHeader.vue
openLoginPage
new Authenticate({
loginOptions:{
rootUrl:"http://192.168.13.117/"
// rootUrl:"https://itest.supermapol.com/"
// rootUrl:"http://127.0.0.1:8190/"
},
2.@ispeco
authentication-sdk/es 的 index.d.tx index.js