最近在使用shiro可以免密登錄,還是方便與其它web應用集成的。同樣Domino也要與其它第三方集成,如微信、釘釘、集成企業應用等。Domino自帶的LtpaToken是實現相當安全、便捷實現SSO功能。通過幾篇文章綜合分析實現,可參考。SSO配置實例、Domino單點登錄、剖析LtpaToken。
以下是測試的幾張圖片,可以參考交流:
function sso(){
var b=window.location.href;//全路徑
var URL=b.substring(0,b.indexOf('.nsf')+4);
$.ajax({
url: URL+"/SSO?openagent&username="+escape($('#username').val())+"&id="+Math.random()
, dataType:"json"
, error:function(errTXT){
alert(errTXT);
}
, success:function(json){
var Days = 30;
var exp = new Date();
exp.setTime(exp.getTime() + Days*24*60*60*1000);
var token = json.token;
if(token!=""){
// 創建單點cookie
document.cookie = "LtpaToken="+ token + ";expires=" + exp.toGMTString() + ";path=/;domain=.whs.com";
location.href = "http://www.whs.com/xpages/Bootstrap_demo.nsf/x_index.xsp";
}
}
});
}
$(function(){
$("#token").click(function(){
sso();
});
})
public void NotesMain() {
Session session = null;
AgentContext agentContext = null;
Document doc = null;
PrintWriter pw = null;
String token = "";
String sReturn = "false";
String sJson = "";
try {
pw = getAgentOutput();
session = getSession();
agentContext = session.getAgentContext();
doc = agentContext.getDocumentContext();
String sPara = doc.getItemValueString("query_string_decoded");
// 單點用戶名loginName
//String canonicalUser = sPara.substring(sPara.indexOf("sPara=")+6);
Hashtable ht = parseQueryString(sPara);
String canonicalUser=(String) ht.get("username");
//canonicalUser = "CN=ADMIN/O=oas";
System.out.println("username-->"+canonicalUser);
// 單點起始時間
Date tokenCreation = new Date(new Date().getTime() - 60000 * 10);
String timeLimit="720";
// 單點到期時間
Date tokenExpires = new Date(tokenCreation.getTime() + Long.parseLong(timeLimit) * 60000);
// domino SSO 密鑰(domino SSO配置文檔的LTPA_DominoSecret域值)
String dominoSecret = "XbX+********w=";
token = LtpaToken.generate(canonicalUser, tokenCreation, tokenExpires,"abc","def", dominoSecret).getLtpaToken();
//System.out.println("token==ssobak==="+token);
//if(LtpaToken.isValid()){
sReturn = "true";
//}else{
// sReturn = "false";
//}
//DominoTokenParser tokenParser = new DominoTokenParser();
//System.out.println("用戶名:"+tokenParser.parse(token,dominoSecret));
} catch(Exception e) {
e.printStackTrace();
}finally{
pw.println("Content-type: text/plain;charset=GB2312");
sJson = "{\"oResult\":\""+sReturn+"\",\"token\":\""+token+"\"}";
System.out.println("sJson="+sJson);
pw.println(sJson);
//回收domino對象
fnRecycle(doc);
fnRecycle(agentContext);
fnRecycle(session);
if(pw!=null){
pw.close();
}
}
}