Merge pull request #289 from nobodyiam/sso-auto-login

apollo-common/src/main/java/com/ctrip/framework/apollo/common/auth/WebSecurityConfig.java

@@ -17,6 +17,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
   protected void configure(HttpSecurity http) throws Exception {
     http.httpBasic();
     http.csrf().disable();
+    http.headers().frameOptions().sameOrigin();
   }
 
   @Autowired

apollo-portal/pom.xml

@@ -66,8 +66,8 @@
 			</properties>
 			<dependencies>
 				<dependency>
-					<groupId>org.jasig.cas.client</groupId>
-					<artifactId>cas-client-core-infosec-credis</artifactId>
+					<groupId>com.ctrip.framework.apollo-sso</groupId>
+					<artifactId>apollo-sso-ctrip</artifactId>
 				</dependency>
 			</dependencies>
 		</profile>

apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/auth/CtripLogoutHandler.java

@@ -9,6 +9,7 @@ import java.io.IOException;
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
 
 public class CtripLogoutHandler implements LogoutHandler{
 
@@ -18,7 +19,10 @@ public class CtripLogoutHandler implements LogoutHandler{
   @Override
   public void logout(HttpServletRequest request, HttpServletResponse response) {
     //将session销毁
-    request.getSession().invalidate();
+    HttpSession session = request.getSession(false);
+    if (session != null) {
+      session.invalidate();
+    }
 
     Cookie cookie = new Cookie("memCacheAssertionID", null);
     //将cookie的有效期设置为0，命令浏览器删除该cookie

apollo-portal/src/main/java/com/ctrip/framework/apollo/portal/configutation/AuthConfiguration.java

@@ -73,9 +73,11 @@ public class AuthConfiguration {
       filterInitParam.put("redisClusterName", "casClientPrincipal");
       filterInitParam.put("serverName", serverConfigService.getValue("serverName"));
       filterInitParam.put("casServerLoginUrl", serverConfigService.getValue("casServerLoginUrl"));
+      //we don't want to use session to store login information, since we will be deployed to a cluster, not a single instance
+      filterInitParam.put("useSession", "false");
 
       casFilter.setInitParameters(filterInitParam);
-      casFilter.setFilter(filter("org.jasig.cas.client.authentication.AuthenticationFilter"));
+      casFilter.setFilter(filter("com.ctrip.framework.apollo.sso.filter.ApolloAuthenticationFilter"));
       casFilter.addUrlPatterns("/*");
 
       return casFilter;
@@ -88,6 +90,8 @@ public class AuthConfiguration {
       filterInitParam.put("casServerUrlPrefix", serverConfigService.getValue("casServerUrlPrefix"));
       filterInitParam.put("serverName", serverConfigService.getValue("serverName"));
       filterInitParam.put("encoding", "UTF-8");
+      //we don't want to use session to store login information, since we will be deployed to a cluster, not a single instance
+      filterInitParam.put("useSession", "false");
       filterInitParam.put("useRedis", "true");
       filterInitParam.put("redisClusterName", "casClientPrincipal");
 
@@ -105,7 +109,7 @@ public class AuthConfiguration {
     public FilterRegistrationBean assertionHolder(){
       FilterRegistrationBean assertionHolderFilter = new FilterRegistrationBean();
 
-      assertionHolderFilter.setFilter(filter("org.jasig.cas.client.util.AssertionThreadLocalFilter"));
+      assertionHolderFilter.setFilter(filter("com.ctrip.framework.apollo.sso.filter.ApolloAssertionThreadLocalFilter"));
       assertionHolderFilter.addUrlPatterns("/*");
 
       return assertionHolderFilter;

apollo-portal/src/main/resources/static/scripts/AppUtils.js

@@ -3,7 +3,7 @@ appUtil.service('AppUtil', ['toastr', function (toastr) {
     return {
         errorMsg: function (response) {
             if (response.status == -1) {
-                return "您的登录信息已过期,请重新登录";
+                return "您的登录信息已过期,请刷新页面后重试";
             }
             var msg = "Code:" + response.status;
             if (response.data.message != null) {

apollo-portal/src/main/resources/static/sso_heartbeat.html

+<!DOCTYPE html>
+<html lang="en">
+<head>
+    <meta charset="UTF-8">
+    <title>SSO Heartbeat</title>
+    <script type="text/javascript">
+        var reloading = false;
+        setInterval(function () {
+            if (document.cookie.indexOf('memCacheAssertionID=') == -1) {
+                if (reloading) {
+                    return;
+                }
+                reloading = true;
+                console.log("sso memCacheAssertionID expires, try reloading");
+                location.reload(true);
+            }
+        }, 1000);
+    </script>
+</head>
+<body>
+</body>
+</html>

apollo-portal/src/main/resources/static/views/common/footer.html

@@ -5,7 +5,4 @@
         <a href="http://conf.ctripcorp.com/display/FRAM/Apollo" target="_blank">wiki</a>
     </p>
 </div>
-
-
-
-
+<iframe src="/sso_heartbeat.html" class="hide"></iframe>

pom.xml

@@ -177,9 +177,9 @@
 				</exclusions>
 			</dependency>
 			<dependency>
-				<groupId>org.jasig.cas.client</groupId>
-				<artifactId>cas-client-core-infosec-credis</artifactId>
-				<version>3.1.12</version>
+				<groupId>com.ctrip.framework.apollo-sso</groupId>
+				<artifactId>apollo-sso-ctrip</artifactId>
+				<version>1.0.0</version>
 			</dependency>
 			<!--third party -->
 			<dependency>