与O2OA实现指定用户的SSO登录
在 token.json中配置{
"ssos": [
{
"enable": false,
"client": "",
"key": "",
"###enable": "是否启用###",
"###client": "名称###",
"###key": "密钥###"
}
],
}
有两个服务提供单点登录对接
GET方法 test.o2oa.net:20020/x_organization_assemble_authentication/jaxrs/sso/client/{client}/token/{token}
POST方法 test.o2oa.net:20020/x_organization_assemble_authentication/jaxrs/sso
POST body json:
{
"client":"XXXXXXX",
"token":"XXXXXXXXXXXXXX"
}
token的生成: 3DES加密(用户标识#1970年1月1日0时0分0秒到当前时间的毫秒数),加密口令为token.json中指定的key
将强制使用指定的用户作为当前登录用户
Java 加密样例:
public class TestClient {
public static String encrypt(String data, String key) throws Exception {
byte[] bt = encrypt(data.getBytes(), key.getBytes());
String str = Base64.encodeBase64URLSafeString(bt);
return URLEncoder.encode(str, "UTF-8");
}
public static byte[] encrypt(byte[] data, byte[] key) throws Exception {
// 生成一个可信任的随机数源
SecureRandom sr = new SecureRandom();
// 从原始密钥数据创建DESKeySpec对象
DESKeySpec dks = new DESKeySpec(key);
// 创建一个密钥工厂,然后用它把DESKeySpec转换成SecretKey对象
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES");
SecretKey securekey = keyFactory.generateSecret(dks);
// Cipher对象实际完成加密操作
Cipher cipher = Cipher.getInstance("DES");
// 用密钥初始化Cipher对象
cipher.init(Cipher.ENCRYPT_MODE, securekey, sr);
return cipher.doFinal(data);
}
@Test
public void test() throws Exception {
String text = "张三" + "#" + (new Date()).getTime();
String key = "12345678";
System.out.println(encrypt(text, key));
}
}
页:
[1]