permission.java

简单的sso实现

/**
 * 
 */
package org.yqing.sso;

import java.io.IOException;
import java.math.BigInteger;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.sql.Connection;
import java.sql.PreparedStatement;
import java.sql.ResultSet;
import java.sql.SQLException;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.bouncycastle.util.encoders.Base64;
import org.yqing.util.DataBaseUtil;
import org.yqing.util.RSAUtil;

/**
 * @author cabby
 *	client
 */
public class Permission {
	private static final Log log = LogFactory.getLog(Permission.class);
	
	public final static String SESSION_KEY="session_key";
	
	public final static String SESSION_USER_KEY="sso_server_session_user_key";
	
	public final static String PROFIX="##";
	
	public final static int LOGIN_SUCCESS=1;
	
	public final static int NO_USER = -2;
	
	public final static int PASSWD_ERROR=-3;
	
	public final static int LOGIN_ERROR=-1;
	
	private HttpServletRequest request;
	
	private HttpServletResponse response;
	
	private String preurl=null;
	
	private String clientSessionId =null;
	
	public static Permission getInstance(HttpServletRequest request, HttpServletResponse response){
		return new Permission(request,response);
	}
	
	public Permission(HttpServletRequest request, HttpServletResponse response){
		this.request = request;
		this.response = response;
		String query = request.getQueryString();
		if(query!=null && query.length()>0){
			query = new String(Base64.decode(query));
			clientSessionId = query.substring(0, query.indexOf(PROFIX));
			preurl = query.substring(query.indexOf(PROFIX)+2);
		}
	}
	
	
	
	public boolean isLogin(){
		HttpSession session = request.getSession();
		String v = (String)session.getAttribute(SESSION_USER_KEY);
		if(v!=null && !"".equals(v)){
			return true;
		}
		return false;
	}
	
	public String getLoginUrl(){
		return new String(Base64.encode(("0##"+this.preurl).getBytes()));
//		return new String(Base64.encode(("0##"+Constant.HINT_PAGE).getBytes()));
	}
	
	public String getRedirectUrl(String modulus,String priExponent){
		String username = this.getLoginUserName();
		byte[] modBytes = new BigInteger(modulus).toByteArray();
		byte[] priPriExpBytes = new BigInteger(priExponent).toByteArray();
		RSAPrivateKey priKey = RSAUtil.generateRSAPrivateKey(modBytes, priPriExpBytes);
		byte[] entryStringBytes = RSAUtil.encrypt(priKey, (clientSessionId+Permission.PROFIX+username).getBytes());
		String entryString = new BigInteger(entryStringBytes).toString();
		String encodePreurl = preurl;
		if(encodePreurl.indexOf("?")!=-1){
			encodePreurl+="&entryKey="+entryString;
		}else{
			encodePreurl+="?entryKey="+entryString;
		}
		return encodePreurl;
	}
	
	public String getLoginUserName(){
		HttpSession session = request.getSession();
		if(isLogin()){
			return (String)session.getAttribute(SESSION_USER_KEY);
		}else{
			return "";
		}
	}
	
	public String getPreUrl(String query){
		return null;
	}
	
	public String getClientSessionId(){
		return clientSessionId;
	}
	
	public String getPreUrl(){
		if(preurl==null || "".equals(preurl) || "null".equals(preurl)){
			preurl = Constant.PRE_URL;
		}
		return preurl;
	}
	
	public void login() throws Exception{
		String username = request.getParameter("username");
		
		if(username==null){
			throw new RuntimeException("用户名不能为空");
		}
		
		int result = loginCheck();
		if(result==LOGIN_SUCCESS){
			log.info("登录成功，转到主页面："+this.getPreUrl());
			response.sendRedirect(this.getPreUrl());
			response.flushBuffer();
			return;
		}else if(result==NO_USER){
			throw new RuntimeException("<div class='hint'>用户名错误，没有该用户名</div>");
		}else if(result==PASSWD_ERROR){
			throw new RuntimeException("<div class='hint'>密码错误</div>");
		}else{
			throw new RuntimeException("<div class='hint'>未知错误</div>");
		}
	}
	
	public int loginCheck(){
		HttpSession session = request.getSession();
		String username = request.getParameter("username");
		String passwd = request.getParameter("passwd");
		String md5pwd = org.yqing.util.MD5.encode(passwd);
		Connection conn = null;
		String storepwd = null;
		try {
			conn = DataBaseUtil.getConnection();
			PreparedStatement stat = conn.prepareStatement(Constant.QUERY_STRING);
			stat.setString(1, username);
			ResultSet rs = stat.executeQuery();
			if(!rs.next()){
				return NO_USER;
			}else{
				storepwd = rs.getString(2);
			}
		} catch (SQLException e) {
			e.printStackTrace();
			log.error("QueryString is Error:"+e.getMessage());
			return LOGIN_ERROR;
		}finally{
			try{
				conn.close();
			}catch(Exception e){
				log.info(e.getMessage());
			}
		}
		
		if(storepwd==null){
			return PASSWD_ERROR;
		}
		if(storepwd.equalsIgnoreCase(md5pwd)){
			session.setAttribute(SESSION_USER_KEY, username);
			return LOGIN_SUCCESS;
		}else{
			return PASSWD_ERROR;
		}
		
	}
	
	private String getPassword(){
		return "";
	}
	
	public static void main(String a[]){
		String modulus="177570394976734340709287574189189236587";
		String pub_exponent="65537";
		String priExponent="91238620633330060700314152927261858593";
		
		byte[] modBytes = new BigInteger(modulus).toByteArray();
		byte[] pubPubExpBytes = new BigInteger(pub_exponent).toByteArray();
		byte[] priPriExpBytes = new BigInteger(priExponent).toByteArray();
		RSAPublicKey pubKey = RSAUtil.generateRSAPublicKey(modBytes,pubPubExpBytes);
		RSAPrivateKey priKey = RSAUtil.generateRSAPrivateKey(modBytes, priPriExpBytes);
		byte[] raw=RSAUtil.encrypt(priKey, "cabby".getBytes());
		
		byte[] ds = RSAUtil.decrypt(pubKey, raw);
		
		System.out.println(new String(ds));
		
		
	}

}