315 lines
11 KiB
Java
315 lines
11 KiB
Java
package com.eactive.ext.kjb.sso;
|
|
|
|
import com.eactive.ext.kjb.common.KjbProperty;
|
|
import com.initech.eam.api.*;
|
|
import com.initech.eam.base.APIException;
|
|
import com.initech.eam.base.EmptyResultException;
|
|
import com.initech.eam.nls.CookieManager;
|
|
import com.initech.eam.smartenforcer.SECode;
|
|
import lombok.Getter;
|
|
import lombok.extern.slf4j.Slf4j;
|
|
|
|
import javax.servlet.http.HttpServletRequest;
|
|
import javax.servlet.http.HttpServletResponse;
|
|
import java.util.Collections;
|
|
import java.util.Iterator;
|
|
import java.util.Properties;
|
|
import java.util.Vector;
|
|
|
|
@Slf4j
|
|
public class KjbSsoModule {
|
|
private static KjbSsoModule instance;
|
|
|
|
private KjbProperty prop;
|
|
private final NXContext context;
|
|
@Getter
|
|
private final Vector<String> providerList;
|
|
|
|
|
|
/***[SERVICE CONFIGURATION]***********************************************************************/
|
|
private final String SERVICE_NAME = "eapim-admin";
|
|
@Getter
|
|
private final String ascpUrl;
|
|
|
|
/***[SSO CONFIGURATION]**]***********************************************************************/
|
|
private final String NLS_URL;
|
|
private final String NLS_PORT;
|
|
private final String NLS_LOGIN_URL;
|
|
private final String NLS_LOGOUT_URL;
|
|
private final String NLS_ERROR_URL;
|
|
|
|
/***[SSO ND LIST 운영]**]***********************************************************************/
|
|
private final String ND_URL1;
|
|
private final Vector PROVIDER_LIST = new Vector();
|
|
private final int COOKIE_SESSTION_TIME_OUT = 3000000;
|
|
|
|
// 인증 타입 (ID/PW 방식 : 1, 인증서 : 3)
|
|
private final String TOA = "1";
|
|
private final String PROVIDER_DOMAIN;
|
|
private final String SSO_DOMAIN = ".kjbank.com";
|
|
private final String COOKIE_PADDING = "_V42";
|
|
|
|
private static final int timeout = 15000;
|
|
|
|
|
|
public synchronized static KjbSsoModule getInstance(KjbProperty kjbProperty) {
|
|
if (instance == null) {
|
|
instance = new KjbSsoModule(kjbProperty);
|
|
}
|
|
return instance;
|
|
}
|
|
|
|
private KjbSsoModule(KjbProperty kjbProperty) {
|
|
this.prop = kjbProperty;
|
|
|
|
ascpUrl = prop.getUrl() + prop.getSsoAscpUri();
|
|
|
|
NLS_URL = "http://" + prop.getSsoDomain();
|
|
NLS_PORT = String.valueOf(prop.getSsoNlsPort());
|
|
NLS_LOGIN_URL = NLS_URL + ":" + NLS_PORT + "/nls3/clientLogin.jsp";
|
|
NLS_LOGOUT_URL = NLS_URL + ":" + NLS_PORT + "/nls3/NCLogout.jsp";
|
|
NLS_ERROR_URL = NLS_URL + ":" + NLS_PORT + "/nls3/error.jsp";
|
|
|
|
ND_URL1 = "http://" + prop.getSsoDomain() + ":5480";
|
|
|
|
PROVIDER_DOMAIN = prop.getSsoDomain();
|
|
|
|
this.providerList = new Vector<>();
|
|
providerList.add(PROVIDER_DOMAIN);
|
|
|
|
context = new NXContext(Collections.singletonList(ND_URL1), timeout);
|
|
CookieManager.setEncStatus(true);
|
|
SECode.setCookiePadding(COOKIE_PADDING);
|
|
|
|
|
|
log.debug("KjbProperty : {}", prop.toString());
|
|
}
|
|
|
|
|
|
/**
|
|
* 통합 SSO ID 조회
|
|
* @param request
|
|
* @return
|
|
*/
|
|
public String getSsoId(HttpServletRequest request) {
|
|
String sso_id = null;
|
|
sso_id = CookieManager.getCookieValue(SECode.USER_ID, request);
|
|
return sso_id;
|
|
}
|
|
|
|
public String getSystemAccount(String sso_id) {
|
|
NXUserAPI userAPI = null;
|
|
String retValue = null;
|
|
|
|
try {
|
|
userAPI = new NXUserAPI(context);
|
|
log.info("##############################################");
|
|
log.info("sso_id 2: "+sso_id);
|
|
log.info("SERVICE_NAME : "+ SERVICE_NAME);
|
|
log.info("##############################################");
|
|
NXAccount account = userAPI.getUserAccount(sso_id, SERVICE_NAME);
|
|
log.info(account.toString());
|
|
retValue = account.getAccountName();
|
|
log.info("retValue = " + retValue);
|
|
} catch (Exception e) {
|
|
log.error("KjbSsoModule Exception", e);
|
|
}
|
|
return retValue;
|
|
}
|
|
|
|
/**
|
|
* 통합 SSO 로그인페이지 이동
|
|
* @param response
|
|
* @param uurl
|
|
* @throws Exception
|
|
*/
|
|
public void goLoginPage(HttpServletResponse response, String uurl)
|
|
throws Exception {
|
|
CookieManager.addCookie(SECode.USER_URL, uurl, ".kjbank.com", response);
|
|
CookieManager.addCookie(SECode.R_TOA, TOA, ".kjbank.com", response);
|
|
response.sendRedirect(NLS_LOGIN_URL + "?UURL=" + uurl);
|
|
}
|
|
|
|
/**
|
|
* 통합 SSO 로그인페이지 이동
|
|
* @param response
|
|
* @throws Exception
|
|
*/
|
|
public void goLoginPage(HttpServletResponse response) throws Exception {
|
|
CookieManager.addCookie(SECode.USER_URL, ascpUrl, SSO_DOMAIN, response);
|
|
CookieManager.addCookie(SECode.R_TOA, TOA, SSO_DOMAIN, response);
|
|
response.sendRedirect(NLS_LOGIN_URL);
|
|
}
|
|
|
|
/**
|
|
* 통합인증 세션을 체크 하기 위하여 사용되는 API
|
|
* @param request
|
|
* @param response
|
|
* @return
|
|
*/
|
|
public String getEamSessionCheck(HttpServletRequest request,HttpServletResponse response){
|
|
String retCode = "";
|
|
try {
|
|
retCode = CookieManager.verifyNexessCookie(request, response, 10, COOKIE_SESSTION_TIME_OUT,PROVIDER_LIST);
|
|
} catch(Exception npe) {
|
|
npe.printStackTrace();
|
|
}
|
|
return retCode;
|
|
}
|
|
|
|
/**
|
|
* ND API를 사용해서 쿠키검증하는것(현재 표준에서는 사용안함, 근데 해도 되기는 함)
|
|
* @param request
|
|
* @param response
|
|
* @return
|
|
*/
|
|
public String getEamSessionCheck2(HttpServletRequest request,HttpServletResponse response)
|
|
{
|
|
String retCode = "";
|
|
try {
|
|
NXNLSAPI nxNLSAPI = new NXNLSAPI(context);
|
|
retCode = nxNLSAPI.readNexessCookie(request, response, 0, 0);
|
|
} catch(Exception npe) {
|
|
log.error("KjbSsoModule-getEamSessionCheck2 Exception", npe);
|
|
}
|
|
return retCode;
|
|
}
|
|
|
|
/**
|
|
* SSO 에러페이지 URL
|
|
* @param response
|
|
* @param error_code
|
|
* @throws Exception
|
|
*/
|
|
public void goErrorPage(HttpServletResponse response, int error_code)throws Exception {
|
|
CookieManager.removeNexessCookie(SSO_DOMAIN, response);
|
|
CookieManager.addCookie(SECode.USER_URL, ascpUrl, SSO_DOMAIN, response);
|
|
response.sendRedirect(NLS_ERROR_URL + "?errorCode=" + error_code);
|
|
}
|
|
|
|
/**
|
|
* 사용자 기본정보 가져오기.
|
|
* @param userid
|
|
* @return Properties
|
|
*/
|
|
public Properties getUserInfos(String userid) throws Exception {
|
|
NXUserAPI userAPI = new NXUserAPI(context);
|
|
Properties propt = null;
|
|
|
|
if (userid==null || userid.length() <= 0)
|
|
return propt;
|
|
|
|
try {
|
|
NXUserInfo userInfo = userAPI.getUserInfo(userid);
|
|
propt = new Properties();
|
|
propt.setProperty("USERID", userInfo.getUserId());
|
|
propt.setProperty("EMAIL", userInfo.getEmail());
|
|
propt.setProperty("ENABLE", String.valueOf(userInfo.getEnable()));
|
|
propt.setProperty("STARTVALID", userInfo.getStartValid());
|
|
propt.setProperty("ENDVALID", userInfo.getEndValid());
|
|
propt.setProperty("NAME", userInfo.getName());
|
|
propt.setProperty("ENCPASSWD", userInfo.getEncpasswd());
|
|
propt.setProperty("LASTPASSWDCHANGE", userInfo.getLastpasswdchange());
|
|
propt.setProperty("LastLoginIP", userInfo.getLastLoginIp());
|
|
propt.setProperty("LastLoginTime", userInfo.getLastLoginTime());
|
|
propt.setProperty("LastLoginAuthLevel", userInfo.getLastLoginAuthLevel());
|
|
|
|
} catch (Exception e) {
|
|
log.error("KjbSsoModule-getUserInfos Exception", e);
|
|
throw e;
|
|
}
|
|
|
|
return propt;
|
|
}
|
|
|
|
/**
|
|
* 사용자의 기본정보 중에서 입력된 키 값만 가지고 온다.
|
|
* @param userid
|
|
* @param key
|
|
* @return
|
|
* @throws Exception
|
|
*/
|
|
public String getUserInfo(String userid, String key) throws Exception {
|
|
if(userid==null|| userid.isEmpty()) return null;
|
|
|
|
String userInfo = "";
|
|
|
|
try {
|
|
Properties propt = getUserInfos(userid);
|
|
userInfo = propt.getProperty(key);
|
|
} catch (Exception e) {
|
|
log.error("KjbSsoModule-getUserInfos Exception", e);
|
|
throw e;
|
|
}
|
|
return userInfo;
|
|
}
|
|
|
|
/**
|
|
* 사용자 확장정보 조회
|
|
* return : Properties
|
|
* 사용자가 존재하지 않거나 확장필드가 없다면 return null
|
|
*/
|
|
@SuppressWarnings("rawtypes")
|
|
public Properties getUserExFields(String userid)
|
|
throws Exception {
|
|
NXUserAPI userAPI = new NXUserAPI(context);
|
|
Properties prop = null;
|
|
NXExternalFieldSet nxefs = null;
|
|
|
|
try {
|
|
nxefs = userAPI.getUserExternalFields(userid);
|
|
prop = new Properties();
|
|
|
|
if (nxefs != null) {
|
|
Iterator iter = nxefs.iterator();
|
|
while(iter.hasNext()) {
|
|
NXExternalField nxef = (NXExternalField) iter.next();
|
|
if(nxef.getName().equals("PASSINIT")){
|
|
String sPassintVal = (String) nxef.getValue();
|
|
prop.setProperty(nxef.getName(), sPassintVal.equals("") ? "0" : sPassintVal);
|
|
}
|
|
else
|
|
prop.setProperty(nxef.getName(), (String) nxef.getValue());
|
|
//System.out.println("확장 필드 " + nxef.getName() + " : " + nxef.getValue());
|
|
}
|
|
} else {
|
|
// prop is null
|
|
log.debug("KjbSsoModule-getUserExFields property is null");
|
|
}
|
|
} catch (EmptyResultException e) {
|
|
// 사용자가 존재하지 않거나 확장필드가 없음
|
|
} catch (APIException e) {
|
|
throw e;
|
|
//e.printStackTrace();
|
|
}
|
|
//System.out.println("getUserExFields:[" + prop + "]");
|
|
return prop;
|
|
}
|
|
|
|
/**
|
|
* 사용자의 특정 확장 필드 정보 조회
|
|
* return : String
|
|
* 사용자가 존재하지 않거나 확장필드가 없다면 return null
|
|
*/
|
|
public String getUserExField(String userid, String exName)
|
|
throws Exception {
|
|
NXUserAPI userAPI = new NXUserAPI(context);
|
|
NXExternalField nxef = null;
|
|
String returnValue = null;
|
|
|
|
try {
|
|
log.debug("KjbSsoModule-getUserExField userid : {}", userid);
|
|
nxef = userAPI.getUserExternalField(userid, exName);
|
|
log.debug("KjbSsoModule-getUserExField nxef === {}", nxef.getValue());
|
|
returnValue = (String) nxef.getValue();
|
|
} catch (EmptyResultException e) {
|
|
// 사용자가 존재하지 않거나 확장필드가 없음
|
|
} catch (Exception e) {
|
|
log.error("KjbSsoModule-getUserExField Exception", e);
|
|
throw e;
|
|
}
|
|
|
|
return returnValue;
|
|
}
|
|
}
|