单点登录(SSO)


用户登录到外部系统,隐式获得对Joget Workflow的访问,而不会再提示重新登录。


使用JSON API

  • 使用 '/web/json/directory/user/sso'  JSON API.
  • 您可以使用 JSON API 认证 or 
  • 直接传递用户名和密码,分别如下例所示的“用户名”和“密码”参数。

<script>

    $(document).ready(function(){

        $.ajax({

            type: "POST",

            url: 'http://localhost:8080/jw/web/json/directory/user/sso?callback=callbackFunction',

            data: {

                username: 'admin',

                password: 'admin'

            },

            success: function(res) {

                console.log("username (" + res.username + ") is " + ((res.isAdmin !== undefined && res.isAdmin === "true")?"admin":"not an admin"));

            },

            dataType: "json"

        });

    });

</script>

使用基本的Http身份验证和JSON API

  • 自V4以来,  支持Joget Workflow基本HTTP身份验证的JSON API身份验证中,您可以将凭据传递到头中。
  • 示例:  假设所需的用户名和密码分别为“user1”和“password1”,我们可以使用以下jQuery脚本将Basic Auth头设置为JSON API。

<script>

    $(document).ready(function(){

        $.ajax({

            type: "POST",

            url: 'http://localhost:8080/jw/web/json/directory/user/sso',

            beforeSend: function (xhr) {

                xhr.setRequestHeader ("Authorization""Basic dXNlcjE6cGFzc3dvcmQx");

            },

            success: function(res) {

                console.log("username (" + res.username + ") is " + ((res.isAdmin !== undefined && res.isAdmin === "true")?"admin":"not an admin"));

            },

            dataType: "json"

        });

    });

</script>

使用JavaScript API

  • 包含jQuery&util.js库。 
  • 使用AssignmentManager.login方法进行SSO。
  • 执行成功登录回调的操作。

<script type="text/javascript" src="http://localhost:8080/jw/js/jquery/jquery-1.9.1.min.js"></script>

<script type="text/javascript" src="http://localhost:8080/jw/js/json/util.js" ></script>

 

<script type="text/javascript" >

$(document).ready(function(){

    var loginCallback = {

        success : function(response){

            if(response.username != "roleAnonymous"){

                alert("login successfully");

            }else{

                alert("login fail");

            }

        }

    };

    AssignmentManager.login('http://localhost:8080/jw''admin''admin', loginCallback);

});

</script>

以编程方式登录用户

 

import org.joget.apps.workflow.security.WorkflowUserDetails;

import org.joget.directory.model.service.DirectoryManager;

import org.joget.workflow.model.service.WorkflowUserManager;

import org.joget.apps.app.service.AppUtil;

import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;

import org.springframework.security.core.Authentication;

import org.joget.directory.model.User;

import org.joget.workflow.util.WorkflowUtil;

import org.springframework.security.core.context.SecurityContextHolder;

import javax.servlet.http.HttpSession;

import javax.servlet.http.HttpServletRequest;

import org.springframework.security.web.savedrequest.HttpSessionRequestCache;

import org.springframework.security.web.savedrequest.SavedRequest;

 

//Get service beans

DirectoryManager dm = (DirectoryManager) AppUtil.getApplicationContext().getBean("directoryManager");

WorkflowUserManager workflowUserManager = (WorkflowUserManager) AppUtil.getApplicationContext().getBean("workflowUserManager");

 

//Login as "clark"

String username = "clark";

User user = dm.getUserByUsername(username);

 

if (user != null) {

    WorkflowUserDetails userDetail = new WorkflowUserDetails(user);

 

    //Generate an authentication token without a password

    Authentication auth = new UsernamePasswordAuthenticationToken(userDetail, userDetail.getUsername(), userDetail.getAuthorities());

    

    //Login the user

    SecurityContextHolder.getContext().setAuthentication(auth);

    workflowUserManager.setCurrentThreadUser(user.getUsername());

 

    // generate new session to avoid session fixation vulnerability

    HttpServletRequest httpRequest = WorkflowUtil.getHttpServletRequest();

    HttpSession session = httpRequest.getSession(false);

    if (session != null) {

        SavedRequest savedRequest = (SavedRequest) session.getAttribute("SPRING_SECURITY_SAVED_REQUEST_KEY");

        session.invalidate();

        session = httpRequest.getSession(true);

        if (savedRequest != null) {

            session.setAttribute("SPRING_SECURITY_SAVED_REQUEST_KEY", savedRequest);

        }

    }

}


文档更新时间: 2018-11-06 06:39   作者:钟锡伟