diff --git a/build.gradle b/build.gradle index d9e6691..f484f2c 100644 --- a/build.gradle +++ b/build.gradle @@ -19,6 +19,8 @@ dependencies { api 'com.eactive.elink.common:elink-common-data:4.5.5' + api fileTree(dir: "ext-libs/api", include: ["*.jar"]) + // api "org.springframework:spring-context:${springVersion}" // api "org.springframework:spring-webmvc:${springVersion}" // api "org.springframework.security.oauth:spring-security-oauth2:2.3.8.RELEASE" @@ -27,12 +29,16 @@ dependencies { implementation "org.apache.httpcomponents.client5:httpclient5:5.1" + compileOnly group: 'javax.servlet', name: 'javax.servlet-api', version: '4.0.1' + compileOnly 'org.slf4j:jul-to-slf4j:1.7.35' compileOnly 'org.slf4j:jcl-over-slf4j:1.7.35' compileOnly 'org.slf4j:log4j-over-slf4j:1.7.35' compileOnly 'org.slf4j:slf4j-api:1.7.35' - compileOnly fileTree(dir: "ext-libs/compileOnly", include: ["*.jar"]) + compileOnly "org.jdom:jdom:1.1" + + compileOnly fileTree(dir: "ext-libs/compileOnly", include: ["*.jar"]) testAnnotationProcessor "org.projectlombok:lombok:1.18.28" diff --git a/ext-libs/api/external_v4.2.0.02.jar b/ext-libs/api/external_v4.2.0.02.jar new file mode 100644 index 0000000..99afc6c Binary files /dev/null and b/ext-libs/api/external_v4.2.0.02.jar differ diff --git a/ext-libs/api/jdom.jar b/ext-libs/api/jdom.jar new file mode 100644 index 0000000..4736a4e Binary files /dev/null and b/ext-libs/api/jdom.jar differ diff --git a/ext-libs/api/poolit.jar b/ext-libs/api/poolit.jar new file mode 100644 index 0000000..272db37 Binary files /dev/null and b/ext-libs/api/poolit.jar differ diff --git a/ext-libs/api/xercesImpl.jar b/ext-libs/api/xercesImpl.jar new file mode 100644 index 0000000..33990e8 Binary files /dev/null and b/ext-libs/api/xercesImpl.jar differ diff --git a/kjb-docs/sso/WEB-INF/lib/INICrypto_v4.0.12.jar b/kjb-docs/sso/WEB-INF/lib/INICrypto_v4.0.12.jar new file mode 100644 index 0000000..09636c9 Binary files /dev/null and b/kjb-docs/sso/WEB-INF/lib/INICrypto_v4.0.12.jar differ diff --git a/kjb-docs/sso/WEB-INF/lib/external_v4.2.0.02.jar b/kjb-docs/sso/WEB-INF/lib/external_v4.2.0.02.jar new file mode 100644 index 0000000..99afc6c Binary files /dev/null and b/kjb-docs/sso/WEB-INF/lib/external_v4.2.0.02.jar differ diff --git a/kjb-docs/sso/WEB-INF/lib/jdom.jar b/kjb-docs/sso/WEB-INF/lib/jdom.jar new file mode 100644 index 0000000..4736a4e Binary files /dev/null and b/kjb-docs/sso/WEB-INF/lib/jdom.jar differ diff --git a/kjb-docs/sso/WEB-INF/lib/log4j-1.2.16.jar b/kjb-docs/sso/WEB-INF/lib/log4j-1.2.16.jar new file mode 100644 index 0000000..3f9d847 Binary files /dev/null and b/kjb-docs/sso/WEB-INF/lib/log4j-1.2.16.jar differ diff --git a/kjb-docs/sso/WEB-INF/lib/poolit.jar b/kjb-docs/sso/WEB-INF/lib/poolit.jar new file mode 100644 index 0000000..272db37 Binary files /dev/null and b/kjb-docs/sso/WEB-INF/lib/poolit.jar differ diff --git a/kjb-docs/sso/WEB-INF/lib/xercesImpl.jar b/kjb-docs/sso/WEB-INF/lib/xercesImpl.jar new file mode 100644 index 0000000..33990e8 Binary files /dev/null and b/kjb-docs/sso/WEB-INF/lib/xercesImpl.jar differ diff --git a/kjb-docs/sso/app01.jsp b/kjb-docs/sso/app01.jsp new file mode 100644 index 0000000..0a8e495 --- /dev/null +++ b/kjb-docs/sso/app01.jsp @@ -0,0 +1,48 @@ +<%@ page language="java" contentType="text/html; charset=EUC-KR" + pageEncoding="EUC-KR"%> + + +<% + String user_id = (String)session.getAttribute("SSO_ID"); + String app_id = (String)session.getAttribute("APP_ID"); + String ext_info = (String)session.getAttribute("EXT_INFO"); + String retCode = (String)session.getAttribute("RET_CODE"); + +%> + + + +Insert title here + + +

Single Sign On [<%=user_id %>]

+ + [ 업무시스템 - (SAMPLE_APP)] + + + + + + + + + + + + + + + + + + + + + + + + +
* 사용자ID<%=user_id%>
* SERVICE_NAME<%=app_id%>
* 확장정보<%=ext_info%>
* 인증토큰 상태retCode = [<%=retCode%>] (1000:누락, 1001:시간, 1002:비정상)
+
+ + \ No newline at end of file diff --git a/kjb-docs/sso/config.jsp b/kjb-docs/sso/config.jsp new file mode 100644 index 0000000..653d772 --- /dev/null +++ b/kjb-docs/sso/config.jsp @@ -0,0 +1,295 @@ +<%@ page + import="sun.misc.*, + java.util.*, + java.math.*, + java.net.*, + com.initech.eam.nls.*, + com.initech.eam.api.*, + com.initech.eam.base.*, + com.initech.eam.nls.command.*, + com.initech.eam.smartenforcer.*, + examples.api.*" +%> +<%@page import="com.initech.eam.nls.CookieManager"%> +<%! +/**[INISAFE NEXESS JAVA AGENT]********************************************************************** +* 업무시스템 설정 사항 (업무 환경에 맞게 변경) +***************************************************************************************************/ + + +/***[SERVICE CONFIGURATION]***********************************************************************/ + private String SERVICE_NAME = "Web"; + private String SERVER_URL = "http://test.kjbank.com"; + private String SERVER_PORT = "8080"; + private String ASCP_URL = SERVER_URL + ":" + SERVER_PORT + "/se/login_exec.jsp"; +/*************************************************************************************************/ + + +/***[SSO CONFIGURATION]**]***********************************************************************/ + private String NLS_URL = "http://sso.kjbank.com"; + private String NLS_PORT = "13890"; + private String NLS_LOGIN_URL = NLS_URL + ":" + NLS_PORT + "/nls3/clientLogin.jsp"; + private String NLS_LOGOUT_URL= NLS_URL + ":" + NLS_PORT + "/nls3/NCLogout.jsp"; + private String NLS_ERROR_URL = NLS_URL + ":" + NLS_PORT + "/nls3/error.jsp"; + +/***[SSO ND LIST 운영]**]***********************************************************************/ + private static String ND_URL1 = "http://sso.kjbank.com:5480"; + + + private static Vector PROVIDER_LIST = new Vector(); + + private static final int COOKIE_SESSTION_TIME_OUT = 3000000; + + // 인증 타입 (ID/PW 방식 : 1, 인증서 : 3) + private String TOA = "1"; + private String SSO_DOMAIN = ".kjbank.com"; + + private static final int timeout = 15000; + private static NXContext context = null; + static{ + List serverurlList = new ArrayList(); + serverurlList.add(ND_URL1); + + context = new NXContext(serverurlList,timeout); + CookieManager.setEncStatus(true); + + PROVIDER_LIST.add("sso.kjbank.com"); + SECode.setCookiePadding("_V42"); + } + + // by Kang + public NXContext getContext() + { + NXContext context = null; + try + { + List serverurlList = new ArrayList(); + serverurlList.add(ND_URL1); + context = new NXContext(serverurlList); + CookieManager.setEncStatus(true); + + PROVIDER_LIST.add("sso.kjbank.com"); + //NLS3 web.xml의 CookiePadding 값과 같아야 한다. 안그럼 검증 페일남 + SECode.setCookiePadding("_V42"); + } + catch (Exception e) + { + e.printStackTrace(); + } + return context; + } + + // 통합 SSO ID 조회 + public String getSsoId(HttpServletRequest request) { + String sso_id = null; + sso_id = CookieManager.getCookieValue(SECode.USER_ID, request); + return sso_id; + } + + public String getSystemAccount(String sso_id) { + NXContext context = null; + NXUserAPI userAPI = null; + String retValue = null; + + try { + context = getContext(); + userAPI = new NXUserAPI(context); + System.out.println("##############################################"); + System.out.println("sso_id 2: "+sso_id); + System.out.println("SERVICE_NAME : "+SERVICE_NAME); + System.out.println("##############################################"); + NXAccount account = userAPI.getUserAccount(sso_id, SERVICE_NAME); + System.out.println(account.toString()); + retValue = account.getAccountName(); + System.out.println("retValue = " + retValue); + } catch (Exception e) { + e.printStackTrace(); + } + return retValue; + } + + // 통합 SSO 로그인페이지 이동 + public void goLoginPage(HttpServletResponse response, String uurl) + throws Exception { + com.initech.eam.nls.CookieManager.addCookie(SECode.USER_URL, uurl, SSO_DOMAIN, response); + com.initech.eam.nls.CookieManager.addCookie(SECode.R_TOA, TOA, SSO_DOMAIN, response); + response.sendRedirect(NLS_LOGIN_URL + "?UURL=" + uurl); + } + + // 통합 SSO 로그인페이지 이동 + public void goLoginPage(HttpServletResponse response)throws Exception { + CookieManager.addCookie(SECode.USER_URL, ASCP_URL, SSO_DOMAIN, response); + CookieManager.addCookie(SECode.R_TOA, TOA, SSO_DOMAIN, response); + response.sendRedirect(NLS_LOGIN_URL); + } + + // 통합인증 세션을 체크 하기 위하여 사용되는 API + public String getEamSessionCheck(HttpServletRequest request,HttpServletResponse response){ + String retCode = ""; + try { + retCode = CookieManager.verifyNexessCookie(request, response, 10, COOKIE_SESSTION_TIME_OUT,PROVIDER_LIST); + } catch(Exception npe) { + npe.printStackTrace(); + } + return retCode; + } + + //ND API를 사용해서 쿠키검증하는것(현재 표준에서는 사용안함, 근데 해도 되기는 함) + public String getEamSessionCheck2(HttpServletRequest request,HttpServletResponse response) + { + String retCode = ""; + try { + NXNLSAPI nxNLSAPI = new NXNLSAPI(context); + retCode = nxNLSAPI.readNexessCookie(request, response, 0, 0); + } catch(Exception npe) { + npe.printStackTrace(); + } + return retCode; + } + + // SSO 에러페이지 URL + public void goErrorPage(HttpServletResponse response, int error_code)throws Exception { + CookieManager.removeNexessCookie(SSO_DOMAIN, response); + CookieManager.addCookie(SECode.USER_URL, ASCP_URL, SSO_DOMAIN, response); + response.sendRedirect(NLS_ERROR_URL + "?errorCode=" + error_code); + } + + /** + * 사용자 기본정보 가져오기. + * @param String userid + * @return Properties + */ + public Properties getUserInfos(String userid) throws Exception { + + NXContext context = null; + context = getContext(); + + NXUserAPI userAPI = new NXUserAPI(context); + Properties propt = null; + + if (userid==null || userid.length() <= 0) + return propt; + + try { + NXUserInfo userInfo = userAPI.getUserInfo(userid); + propt = new Properties(); + //System.out.println("userInfo.getName()=["+userInfo.getName()+"]"); + propt.setProperty("USERID", userInfo.getUserId()); + propt.setProperty("EMAIL", userInfo.getEmail()); + propt.setProperty("ENABLE", String.valueOf(userInfo.getEnable())); + propt.setProperty("STARTVALID", userInfo.getStartValid()); + propt.setProperty("ENDVALID", userInfo.getEndValid()); + propt.setProperty("NAME", userInfo.getName()); + propt.setProperty("ENCPASSWD", userInfo.getEncpasswd()); + propt.setProperty("LASTPASSWDCHANGE", userInfo.getLastpasswdchange()); + propt.setProperty("LastLoginIP", userInfo.getLastLoginIp()); + propt.setProperty("LastLoginTime", userInfo.getLastLoginTime()); + propt.setProperty("LastLoginAuthLevel", userInfo.getLastLoginAuthLevel()); + + } catch (EmptyResultException e) { + e.printStackTrace(); + } catch (APIException e) { + e.printStackTrace(); + } catch (Exception e) { + e.printStackTrace(); + } + return propt; + } + + /** + * 사용자의 기본정보 중에서 입력된 키 값만 가지고 온다. + * @param String userid + * @param String key + * @return String + */ + public String getUserInfo(String userid, String key) throws Exception { + if(userid==null||userid.length()<1) return null; + + String userInfo = ""; + + try{ + Properties propt = getUserInfos(userid); + userInfo = propt.getProperty(key); + } catch (Exception e) { + //throw e; + e.printStackTrace(); + } + return userInfo; + } + + /** + * 사용자 확장정보 조회 + * return : Properties + * 사용자가 존재하지 않거나 확장필드가 없다면 return null + */ + public Properties getUserExFields(String userid) + throws Exception { + NXContext context = getContext(); + NXUserAPI userAPI = new NXUserAPI(context); + Properties prop = null; + NXExternalFieldSet nxefs = null; + + try { + nxefs = userAPI.getUserExternalFields(userid); + prop = new Properties(); + + if (nxefs != null) { + Iterator iter = nxefs.iterator(); + while(iter.hasNext()) { + NXExternalField nxef = (NXExternalField) iter.next(); + if(nxef.getName().equals("PASSINIT")){ + String sPassintVal = (String) nxef.getValue(); + prop.setProperty(nxef.getName(), sPassintVal.equals("") ? "0" : sPassintVal); + } + else + prop.setProperty(nxef.getName(), (String) nxef.getValue()); + //System.out.println("확장 필드 " + nxef.getName() + " : " + nxef.getValue()); + } + } else { + // prop is null + } + } catch (EmptyResultException e) { + // 사용자가 존재하지 않거나 확장필드가 없음 + } catch (APIException e) { + throw e; + //e.printStackTrace(); + } + //System.out.println("getUserExFields:[" + prop + "]"); + return prop; + } + + /** + * 사용자의 특정 확장 필드 정보 조회 + * return : String + * 사용자가 존재하지 않거나 확장필드가 없다면 return null + */ + public String getUserExField(String userid, String exName) + throws Exception { + NXContext context = getContext(); + NXUserAPI userAPI = new NXUserAPI(context); + NXExternalField nxef = null; + String returnValue = null; + + try { + +System.out.println("getUserExField==="+ userid ) ; + nxef = userAPI.getUserExternalField(userid, exName); +System.out.println("nxef==="+ (String) nxef.getValue() ) ; + returnValue = (String) nxef.getValue(); + } catch (EmptyResultException e) { + // 사용자가 존재하지 않거나 확장필드가 없음 + } catch (APIException e) { + throw e; + //e.printStackTrace(); + } catch (IllegalArgumentException e) { + throw e; + //e.printStackTrace(); + } + /* + System.out.println("getUserExField:[" + userid + ":" + + exName + ":" + returnValue+ "]"); + */ + return returnValue; + } + +%> diff --git a/kjb-docs/sso/login_exec.jsp b/kjb-docs/sso/login_exec.jsp new file mode 100644 index 0000000..2d2b41f --- /dev/null +++ b/kjb-docs/sso/login_exec.jsp @@ -0,0 +1,69 @@ +<%@ page language="java" contentType="text/html;charset=EUC-KR" %> +<%@ include file="./config.jsp" %> +<% + + String uurl = null; + String sso_id = null; + String service_id = null; + String ext_info = null; + String retCode = null; + //http://test.kjbank.com:8080/se/login_exec.jsp : 꼭 도메인으로 호출해야 된다. + //1.SSO ID 수신 + sso_id = getSsoId(request); + + // 2. UURL 수신 + uurl = request.getParameter("UURL"); + + if (sso_id == null) { + //uurl 이 없다면, 근데 여기서 uurl 은 뭘 체크하는거지? uurl 에 test.kjbank.com:8080/se/login_exec.jsp 를 넣는구나. + if (uurl == null) uurl = ASCP_URL; + + // 3. SSO 인증 정보가 없으면 통합 로그인 페이지로 이동 + goLoginPage(response, uurl); + return; + } else { + + //4.쿠키 유효성 확인 :0(정상) + retCode = getEamSessionCheck(request,response); + + if(!retCode.equals("0")){ + goErrorPage(response, Integer.parseInt(retCode)); + return; + } + /*********************************************************************************** + * < TO-DO > + * SSO 통합 인증이 완료되었으므로, 업무 시스템 로그인은 건너뛰도록 코드를 수정합니다. + * SSO 에서 제공한 사번은 sso_id 변수에 저장되어 있습니다. + * 시스템에서 필요로 하는 세션 정보를 세팅 코드를 여기에 작성합니다. + ************************************************************************************/ + + //5 확장 정보 조회 + ext_info = getUserExField(sso_id, "CELLPHONENO"); + service_id = SERVICE_NAME; + System.out.println ("SERVICE_NAME : " + service_id); + // + //6.업무시스템에 읽을 사용자 아이디를 세션으로 생성 + /* 변경 전 + String EAM_ID = (String)session.getAttribute("SSO_ID"); + if(EAM_ID == null || EAM_ID.equals("")) { + session.setAttribute("SSO_ID", sso_id); + session.setAttribute("APP_ID", service_id); + session.setAttribute("EXT_INFO", ext_info); + session.setAttribute("RET_CODE", retCode); + } + */ + + + /*변경 후*/ + if(!sso_id.replace(" ", "").equals("")) { + session.setAttribute("SSO_ID", sso_id); + session.setAttribute("APP_ID", service_id); + session.setAttribute("EXT_INFO", ext_info); + session.setAttribute("RET_CODE", retCode); + } + + //7.업무시스템 페이지 호출(세션 페이지 또는 메인페이지 지정) --> 업무시스템에 맞게 URL 수정! + response.sendRedirect(SERVER_URL + ":" + SERVER_PORT + "/se/app01.jsp"); + } +%> + diff --git a/kjb-docs/sso/광주은행_SSO연동가이드.zip b/kjb-docs/sso/광주은행_SSO연동가이드.zip new file mode 100644 index 0000000..6e533e9 Binary files /dev/null and b/kjb-docs/sso/광주은행_SSO연동가이드.zip differ diff --git a/src/main/java/com/eactive/ext/kjb/common/KjbProperty.java b/src/main/java/com/eactive/ext/kjb/common/KjbProperty.java index 7b3459b..8e14209 100644 --- a/src/main/java/com/eactive/ext/kjb/common/KjbProperty.java +++ b/src/main/java/com/eactive/ext/kjb/common/KjbProperty.java @@ -73,7 +73,7 @@ public class KjbProperty { @KjbPropertyValue(key = "kjb.obp.url") @Pattern(regexp = "^(https?://[^\\s/$.?#][^\\s]*)|\\s*$", message = "kjb.obp.url 는 유효한 URL 형식이거나 공백이어야 합니다. 예: http://example.com/api") - private int obpUrl; + private String obpUrl; @KjbPropertyValue(key = "kjb.obp.trust_system.key", defaultValue = "x-obp-trust-system") @NotEmpty @@ -103,6 +103,37 @@ public class KjbProperty { @KjbPropertyValue(key = "kjb.obp.url.organization_fmt", defaultValue = "/api/customer/findCustomerByBusinessManRegistrationNo/%s") @NotEmpty private String obpUrlOrganizationFmt = "/api/customer/findCustomerByBusinessManRegistrationNo/%s"; + + + // 광주은행 SSO + + @KjbPropertyValue(key = "kjb.url", defaultValue = "https://manage-eapim.kjbank.com") + @NotEmpty + private String url = "https://manage-eapim.kjbank.com"; + + @KjbPropertyValue(key = "kjb.sso.ascp_url", defaultValue = "/sso/login.do") + @NotEmpty + private String ssoAscpUri = "/sso/login.do"; + +// @KjbPropertyValue(key = "kjb.sso.domain", defaultValue = "sso.kjbank.com") +// @NotEmpty +// private String ssoDomain = "sso.kjbank.com"; +// +// @KjbPropertyValue(key = "kjb.sso.nd_server", defaultValue = "http://sso.kjbank.com:5480") +// @NotEmpty +// private String ssoNdServer = "http://sso.kjbank.com:5480"; +// +// @KjbPropertyValue(key = "kjb.sso.timeout", defaultValue = "15000") +// @Min(1) +// private int ssoTimeout = 15000; +// +// @KjbPropertyValue(key = "kjb.sso.cookie_padding", defaultValue = "_V42") +// @Min(1) +// private String ssoCookiePadding = "_V42"; +// +// @KjbPropertyValue(key = "kjb.sso.service_name", defaultValue = "eapim-admin") +// @Min(1) +// private String ssoServiceName = "eapim-admin"; } diff --git a/src/main/java/com/eactive/ext/kjb/sso/ExtendedInfo.java b/src/main/java/com/eactive/ext/kjb/sso/ExtendedInfo.java new file mode 100644 index 0000000..686012f --- /dev/null +++ b/src/main/java/com/eactive/ext/kjb/sso/ExtendedInfo.java @@ -0,0 +1,38 @@ +package com.eactive.ext.kjb.sso; + +import lombok.Getter; + +public enum ExtendedInfo { + DATEOFBIRTH("생년월일 + 성별"), + CELLPHONENO("핸드폰"), + UPPERTCODE("모점점번코드"), + PARTCODE("소속부점코드"), + LEGACYDEPTCODE("인사부서코드"), + LEGACYDEPTNAME("인사부서명"), + LEGACYPOSITIONCODE("인사직위코드"), + LEGACYPOSITIONNAME("인사직위명"), + LEGACYFUNCTIONCODE("인사직책코드"), + LEGACYFUNCTIONNAME("인사직책명"), + LEGACYROLLCODE("인사직무코드"), + LEGACYROLLNAME("인사직무명"), + LEGACYOFCLEVELCODE("인사직급코드"), + LEGACYOFCLEVELNAME("인사직급명"), + PART_GBN("본부(1), 영업점(2)"), + STATUS("재직(1),휴가(2),퇴직(9)"), + CEF_APPOINTDATE("최종방령일"), + OTHERDEPTCODE("겸직/파견 부서코드"), + OTHERDEPTNAME("겸직/파견 부서명"), + OTHERPOSITIONCODE("겸직/파견 직위코드"), + OTHERFIUNCTIONCODE("겸직/파견 직책코드"), + OTHERROLLCODE("겸직/파견 직무코드"), + OTHEROFCLEVELCODE("겸직/파견 직급코드") + ; + + + @Getter + private final String description; + + ExtendedInfo(String description) { + this.description = description; + } +} diff --git a/src/main/java/com/eactive/ext/kjb/sso/KjbSsoModule.java b/src/main/java/com/eactive/ext/kjb/sso/KjbSsoModule.java new file mode 100644 index 0000000..7d1b6df --- /dev/null +++ b/src/main/java/com/eactive/ext/kjb/sso/KjbSsoModule.java @@ -0,0 +1,302 @@ +package com.eactive.ext.kjb.sso; + +import com.eactive.ext.kjb.common.KjbProperty; +import com.initech.eam.api.*; +import com.initech.eam.base.APIException; +import com.initech.eam.base.EmptyResultException; +import com.initech.eam.nls.CookieManager; +import com.initech.eam.smartenforcer.SECode; +import lombok.Getter; +import lombok.extern.slf4j.Slf4j; + +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.util.Collections; +import java.util.Iterator; +import java.util.Properties; +import java.util.Vector; + +@Slf4j +public class KjbSsoModule { + private static KjbSsoModule instance; + + private KjbProperty prop; + private final NXContext context; + @Getter + private final Vector providerList; + + + /***[SERVICE CONFIGURATION]***********************************************************************/ + private final String SERVICE_NAME = "eapim-admin"; + @Getter + private final String ascpUrl; + + /***[SSO CONFIGURATION]**]***********************************************************************/ + private final String NLS_URL = "http://sso.kjbank.com"; + private final String NLS_PORT = "13890"; + private final String NLS_LOGIN_URL = NLS_URL + ":" + NLS_PORT + "/nls3/clientLogin.jsp"; + private final String NLS_LOGOUT_URL= NLS_URL + ":" + NLS_PORT + "/nls3/NCLogout.jsp"; + private final String NLS_ERROR_URL = NLS_URL + ":" + NLS_PORT + "/nls3/error.jsp"; + + /***[SSO ND LIST 운영]**]***********************************************************************/ + private final static String ND_URL1 = "http://sso.kjbank.com:5480"; + private final static Vector PROVIDER_LIST = new Vector(); + private final static int COOKIE_SESSTION_TIME_OUT = 3000000; + + // 인증 타입 (ID/PW 방식 : 1, 인증서 : 3) + private final String TOA = "1"; + private final String PROVIDER_DOMAIN = "sso.kjbank.com"; + private final String SSO_DOMAIN = ".kjbank.com"; + private final String COOKIE_PADDING = "_V42"; + + private static final int timeout = 15000; + + + public synchronized static KjbSsoModule getInstance(KjbProperty kjbProperty) { + if (instance == null) { + instance = new KjbSsoModule(kjbProperty); + } + return instance; + } + + private KjbSsoModule(KjbProperty kjbProperty) { + this.prop = kjbProperty; + + context = new NXContext(Collections.singletonList(ND_URL1), timeout); + + ascpUrl = prop.getUrl() + prop.getSsoAscpUri(); + + this.providerList = new Vector<>(); + providerList.add(PROVIDER_DOMAIN); + + CookieManager.setEncStatus(true); + SECode.setCookiePadding(COOKIE_PADDING); + } + + + /** + * 통합 SSO ID 조회 + * @param request + * @return + */ + public String getSsoId(HttpServletRequest request) { + String sso_id = null; + sso_id = CookieManager.getCookieValue(SECode.USER_ID, request); + return sso_id; + } + + public String getSystemAccount(String sso_id) { + NXUserAPI userAPI = null; + String retValue = null; + + try { + userAPI = new NXUserAPI(context); + log.info("##############################################"); + log.info("sso_id 2: "+sso_id); + log.info("SERVICE_NAME : "+ SERVICE_NAME); + log.info("##############################################"); + NXAccount account = userAPI.getUserAccount(sso_id, SERVICE_NAME); + log.info(account.toString()); + retValue = account.getAccountName(); + log.info("retValue = " + retValue); + } catch (Exception e) { + log.error("KjbSsoModule Exception", e); + } + return retValue; + } + + /** + * 통합 SSO 로그인페이지 이동 + * @param response + * @param uurl + * @throws Exception + */ + public void goLoginPage(HttpServletResponse response, String uurl) + throws Exception { + CookieManager.addCookie(SECode.USER_URL, uurl, ".kjbank.com", response); + CookieManager.addCookie(SECode.R_TOA, TOA, ".kjbank.com", response); + response.sendRedirect(NLS_LOGIN_URL + "?UURL=" + uurl); + } + + /** + * 통합 SSO 로그인페이지 이동 + * @param response + * @throws Exception + */ + public void goLoginPage(HttpServletResponse response) throws Exception { + CookieManager.addCookie(SECode.USER_URL, ascpUrl, SSO_DOMAIN, response); + CookieManager.addCookie(SECode.R_TOA, TOA, SSO_DOMAIN, response); + response.sendRedirect(NLS_LOGIN_URL); + } + + /** + * 통합인증 세션을 체크 하기 위하여 사용되는 API + * @param request + * @param response + * @return + */ + public String getEamSessionCheck(HttpServletRequest request,HttpServletResponse response){ + String retCode = ""; + try { + retCode = CookieManager.verifyNexessCookie(request, response, 10, COOKIE_SESSTION_TIME_OUT,PROVIDER_LIST); + } catch(Exception npe) { + npe.printStackTrace(); + } + return retCode; + } + + /** + * ND API를 사용해서 쿠키검증하는것(현재 표준에서는 사용안함, 근데 해도 되기는 함) + * @param request + * @param response + * @return + */ + public String getEamSessionCheck2(HttpServletRequest request,HttpServletResponse response) + { + String retCode = ""; + try { + NXNLSAPI nxNLSAPI = new NXNLSAPI(context); + retCode = nxNLSAPI.readNexessCookie(request, response, 0, 0); + } catch(Exception npe) { + log.error("KjbSsoModule-getEamSessionCheck2 Exception", npe); + } + return retCode; + } + + /** + * SSO 에러페이지 URL + * @param response + * @param error_code + * @throws Exception + */ + public void goErrorPage(HttpServletResponse response, int error_code)throws Exception { + CookieManager.removeNexessCookie(SSO_DOMAIN, response); + CookieManager.addCookie(SECode.USER_URL, ascpUrl, SSO_DOMAIN, response); + response.sendRedirect(NLS_ERROR_URL + "?errorCode=" + error_code); + } + + /** + * 사용자 기본정보 가져오기. + * @param userid + * @return Properties + */ + public Properties getUserInfos(String userid) throws Exception { + NXUserAPI userAPI = new NXUserAPI(context); + Properties propt = null; + + if (userid==null || userid.length() <= 0) + return propt; + + try { + NXUserInfo userInfo = userAPI.getUserInfo(userid); + propt = new Properties(); + propt.setProperty("USERID", userInfo.getUserId()); + propt.setProperty("EMAIL", userInfo.getEmail()); + propt.setProperty("ENABLE", String.valueOf(userInfo.getEnable())); + propt.setProperty("STARTVALID", userInfo.getStartValid()); + propt.setProperty("ENDVALID", userInfo.getEndValid()); + propt.setProperty("NAME", userInfo.getName()); + propt.setProperty("ENCPASSWD", userInfo.getEncpasswd()); + propt.setProperty("LASTPASSWDCHANGE", userInfo.getLastpasswdchange()); + propt.setProperty("LastLoginIP", userInfo.getLastLoginIp()); + propt.setProperty("LastLoginTime", userInfo.getLastLoginTime()); + propt.setProperty("LastLoginAuthLevel", userInfo.getLastLoginAuthLevel()); + + } catch (Exception e) { + log.error("KjbSsoModule-getUserInfos Exception", e); + throw e; + } + + return propt; + } + + /** + * 사용자의 기본정보 중에서 입력된 키 값만 가지고 온다. + * @param userid + * @param key + * @return + * @throws Exception + */ + public String getUserInfo(String userid, String key) throws Exception { + if(userid==null|| userid.isEmpty()) return null; + + String userInfo = ""; + + try{ + Properties propt = getUserInfos(userid); + userInfo = propt.getProperty(key); + } catch (Exception e) { + log.error("KjbSsoModule-getUserInfos Exception", e); + throw e; + } + return userInfo; + } + + /** + * 사용자 확장정보 조회 + * return : Properties + * 사용자가 존재하지 않거나 확장필드가 없다면 return null + */ + @SuppressWarnings("rawtypes") + public Properties getUserExFields(String userid) + throws Exception { + NXUserAPI userAPI = new NXUserAPI(context); + Properties prop = null; + NXExternalFieldSet nxefs = null; + + try { + nxefs = userAPI.getUserExternalFields(userid); + prop = new Properties(); + + if (nxefs != null) { + Iterator iter = nxefs.iterator(); + while(iter.hasNext()) { + NXExternalField nxef = (NXExternalField) iter.next(); + if(nxef.getName().equals("PASSINIT")){ + String sPassintVal = (String) nxef.getValue(); + prop.setProperty(nxef.getName(), sPassintVal.equals("") ? "0" : sPassintVal); + } + else + prop.setProperty(nxef.getName(), (String) nxef.getValue()); + //System.out.println("확장 필드 " + nxef.getName() + " : " + nxef.getValue()); + } + } else { + // prop is null + log.debug("KjbSsoModule-getUserExFields property is null"); + } + } catch (EmptyResultException e) { + // 사용자가 존재하지 않거나 확장필드가 없음 + } catch (APIException e) { + throw e; + //e.printStackTrace(); + } + //System.out.println("getUserExFields:[" + prop + "]"); + return prop; + } + + /** + * 사용자의 특정 확장 필드 정보 조회 + * return : String + * 사용자가 존재하지 않거나 확장필드가 없다면 return null + */ + public String getUserExField(String userid, String exName) + throws Exception { + NXUserAPI userAPI = new NXUserAPI(context); + NXExternalField nxef = null; + String returnValue = null; + + try { + log.debug("KjbSsoModule-getUserExField userid : {}", userid); + nxef = userAPI.getUserExternalField(userid, exName); + log.debug("KjbSsoModule-getUserExField nxef === {}", nxef.getValue()); + returnValue = (String) nxef.getValue(); + } catch (EmptyResultException e) { + // 사용자가 존재하지 않거나 확장필드가 없음 + } catch (Exception e) { + log.error("KjbSsoModule-getUserExField Exception", e); + throw e; + } + + return returnValue; + } +}