reception.java

网上找的很稀有的单点登陆资料,基于对称加密算法的.

package com.yayisoft.sso.client;

import java.io.IOException;
import java.io.PrintWriter;

import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import com.yayisoft.sso.util.Config;
import com.yayisoft.sso.util.SSOException;
import com.yayisoft.sso.util.CommonUtil;

public class Reception extends HttpServlet {


	private static final long serialVersionUID = 1L;

	/**
	 * Constructor of the object.
	 */
	public Reception() {
		super();
	}

	/**
	 * Destruction of the servlet. <br>
	 */
	public void destroy() {
		super.destroy(); // Just puts "destroy" string in log
		// Put your code here
	}

	/**
	 * The doGet method of the servlet. <br>
	 * 
	 * This method is called when a form has its tag value method equals to get.
	 * 
	 * @param request
	 *            the request send by the client to the server
	 * @param response
	 *            the response send by the server to the client
	 * @throws ServletException
	 *             if an error occurred
	 * @throws IOException
	 *             if an error occurred
	 */
	public void doGet(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {
		try {
			PrintWriter out = response.getWriter();

			//URI = ?target=????
			String url = request.getParameter("url");
			String ip_req = request.getRemoteAddr();
			// TODO 如果session.
// TODO 可以检测浏览器cookie,并set一个cookie,使用cookie加强安全,如果cookie不可用,使用sessionID保持通讯
			if (url == null || ip_req == null) {
				out.println("invalid request, U R bad Guy!!!");
				out.println("reason: null targetURL_req");
				out.flush();
				out.close();
				// response.sendRedirect(Config.PAGE_LOGIN);
				// session.invalidate();
				return;
			} else {

				HttpSession session = request.getSession(true);
// 				TODO ???如何防止浏览器前进后退?这将使系统认为是假重放,使用SSL加强链接比较可靠
// 				String sessionid = session.getId();
//				String user= (String) session.getAttribute("user");	
//				if(user!=null){
//					response.sendRedirect(target);//转向目的地
//				}
				
				String apply = CommonUtil.getGuid();
				String strips = CommonUtil.getStripsByApply(apply);

				session.setAttribute("url", url);
				session.setAttribute("apply", apply);
				session.setAttribute("strips", strips);
				
				String target = request.getLocalAddr()+ ":" + request.getLocalPort() + request.getContextPath();
				System.out.println("Reception.url="+url);
				String all = Config.ACTION_VALIDATE + "?target=" + target + "&apply=" + apply + "&strips=" + strips + "&url=" + url;
				System.out.println("Reception.全地址:all ="+all);
				response.sendRedirect(all);
				
				return;
			}
		} catch (SSOException e) {			
			e.printStackTrace();
		}
	}

	

	/**
	 * The doPost method of the servlet. <br>
	 * 
	 * This method is called when a form has its tag value method equals to
	 * post.
	 * 
	 * @param request
	 *            the request send by the client to the server
	 * @param response
	 *            the response send by the server to the client
	 * @throws ServletException
	 *             if an error occurred
	 * @throws IOException
	 *             if an error occurred
	 */
	public void doPost(HttpServletRequest request, HttpServletResponse response)
			throws ServletException, IOException {
		this.doGet(request, response);
	}

	/**
	 * Initialization of the servlet. <br>
	 * 
	 * @throws ServletException
	 *             if an error occurs
	 */
	public void init() throws ServletException {
		// Put your code here
	}

}