SsoTokenAuthenticationProvider.java

package org.beanfuse.security.providers.sso;

import java.util.Date;

import javax.servlet.http.HttpServletRequest;

import org.beanfuse.security.codec.EncryptUtil;
import org.beanfuse.utils.web.RequestUtils;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;

public class SsoTokenAuthenticationProvider extends AbstractSsoAuthenticationProvider {

	private boolean enableExpired = true;

	// default 10min second
	private int expiredTime = 600;

	private String timeParam = "t";

	private String userParam = "cid";

	private String digestParam = "s";

	private String extra = "123456!";

	private final static Logger logger = LoggerFactory
			.getLogger(SsoTokenAuthenticationProvider.class);

	protected String doGetUserLoginName(HttpServletRequest request) {
		String ip = RequestUtils.getIpAddr(request);
		String cid = request.getParameter(userParam);
		String timeParamStr = request.getParameter(timeParam);
		Long t = null;
		if (null != timeParamStr) {
			t = Long.valueOf(timeParamStr);
		}
		String s = request.getParameter(digestParam);
		if (null == t || null == s || null == cid || null == ip)
			return null;
		String full = cid + "," + ip + "," + t + "," + extra;
		String digest = EncryptUtil.encode(full, "MD5");
		if (logger.isDebugEnabled()) {
			logger.debug("user {} at :{}", cid, ip);
			logger.debug("time:{} digest:{} ", t, s);
			logger.debug("full:{}", full);
			logger.debug("my_digest:{}", digest);
		}
		if (digest.equals(s)) {
			long time = t.longValue() * 1000;
			Date now = new Date();
			if (enableExpired && (Math.abs(now.getTime() - time) > (expiredTime * 1000))) {
				logger.debug("user " + cid + " time expired:server time:{} and given time :{}",
						now, new Date(time));
				return null;
			} else {
				logger.debug("user {} login at server time:{}", cid, now);
				return cid;
			}
		} else {
			return null;
		}
	}

	public boolean isEnableExpired() {
		return enableExpired;
	}

	public void setEnableExpired(boolean enableTime) {
		this.enableExpired = enableTime;
	}

	public int getExpiredTime() {
		return expiredTime;
	}

	public void setExpiredTime(int expiredTime) {
		this.expiredTime = expiredTime;
	}

	public String getTimeParam() {
		return timeParam;
	}

	public void setTimeParam(String timeParam) {
		this.timeParam = timeParam;
	}

	public String getUserParam() {
		return userParam;
	}

	public void setUserParam(String userParam) {
		this.userParam = userParam;
	}

	public String getDigestParam() {
		return digestParam;
	}

	public void setDigestParam(String digestParam) {
		this.digestParam = digestParam;
	}

	public String getExtra() {
		return extra;
	}

	public void setExtra(String extra) {
		this.extra = extra;
	}

}