?? validate.java
字號:
package com.yayisoft.sso.center;
import java.io.IOException;
import java.io.PrintWriter;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import com.yayisoft.sso.util.Config;
import com.yayisoft.sso.util.SSOException;
import com.yayisoft.sso.util.CommonUtil;
public class Validate extends HttpServlet {
/**
*
*/
private static final long serialVersionUID = 1L;
/**
* Constructor of the object.
*/
public Validate() {
super();
}
/**
* Destruction of the servlet. <br>
*/
public void destroy() {
super.destroy(); // Just puts "destroy" string in log
// Put your code here
}
/**
* The doGet method of the servlet. <br>
*
* This method is called when a form has its tag value method equals to get.
*
* @param request
* the request send by the client to the server
* @param response
* the response send by the server to the client
* @throws ServletException
* if an error occurred
* @throws IOException
* if an error occurred
*/
public void doGet(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
try {
response.setContentType("text/html");
PrintWriter out = response.getWriter();
HttpSession session = request.getSession(true);
String user = (String) session.getAttribute("user");
String sessionid = (String) session.getAttribute("sessionid");
if (user == null || sessionid == null) {// 如果user和session
// id是空的,那么會話不是連續的
// not a validate user, send 2 loginPage
// out.println("invalid request, U R bad Guy!!!");
// out.println("reason: not login,null user ");
// out.flush();
// out.close();
session.invalidate();
String url = request.getParameter("url");//
if (url != null) {
System.out.println("Validate:未認證用戶轉到認證頁面:"+ Config.PAGE_LOGIN + "&url=" + url);
response.sendRedirect(Config.PAGE_LOGIN + "?url=" + url);
return;
} else {
response.sendRedirect(Config.PAGE_LOGIN);
return;
}
}
// "?target=" + target + "&apply=" + apply + "&strips=" + strips);
String target = request.getParameter("target");// TODO 檢測是否是我們的子域內的,或者放入checkApply中驗證生成strips
String apply = request.getParameter("apply");
String strips = request.getParameter("strips");
if (target == null || apply == null || strips == null) {// put
out.println("invalid request, U R bad Guy!!!");
out.println("reason: apply == null ");
out.flush();
out.close();
// loginPage
return;
} else {
if (!CommonUtil.checkApply(apply, strips)) {
out.println("invalid request, U R bad Guy!!!");
out.println("reason: checkApply Failed ");
out.flush();
out.close();
return;
} else {
String domain = "http://" + target + "/Anchor";//
String intro = CommonUtil.getGuid();// put them into
// session.
strips = CommonUtil.getStripsByIntro(intro);// 重新產生一個strips腳本
// /TODO 用戶名通過client提供的apply與intro為密鑰,進行加密
String tokon = CommonUtil.EncryptUser(user, apply, intro);
String tips = CommonUtil.getTipsByTokon(tokon);// 用tokon生產tips
System.out.println("Validate:一個用戶驗證成功了\ntokon = " + tokon + "\nuser"
+ user + "\napply" + apply + "\nintro" + intro);
response.sendRedirect(domain + "?tokon=" + tokon
+ "&intro=" + intro + "&strips=" + strips
+ "&tips=" + tips);
// 認證通過,這個tokon是我(認證中心)頒發的!
// 我將給客戶端一個通知,你是合法的公民
// 可是這個通知如何安全給客戶呢?
// client客戶用socket請求嗎?socket是無法獲取session信息的!可以返回一個值,確定
// iframe,可以偽造
// cookie,同一個domain域名是可以操作的!
// 將tokon用特定算法加密,結果result發送給clinet(加key)
// client用用特定算法解密,如果兩個結果相同,那么認證成功!
}
}
out.flush();
out.close();
// TODO 要清空 String字符串,防止竊聽!!!
} catch (SSOException e) {
e.printStackTrace();
}
}
/**
* The doPost method of the servlet. <br>
*
* This method is called when a form has its tag value method equals to
* post.
*
* @param request
* the request send by the client to the server
* @param response
* the response send by the server to the client
* @throws ServletException
* if an error occurred
* @throws IOException
* if an error occurred
*/
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws ServletException, IOException {
this.doGet(request, response);
}
/**
* Initialization of the servlet. <br>
*
* @throws ServletException
* if an error occurs
*/
public void init() throws ServletException {
// Put your code here
}
}
?? 快捷鍵說明
復制代碼
Ctrl + C
搜索代碼
Ctrl + F
全屏模式
F11
切換主題
Ctrl + Shift + D
顯示快捷鍵
?
增大字號
Ctrl + =
減小字號
Ctrl + -