You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
88 lines
4.2 KiB
88 lines
4.2 KiB
package com.fr.plugin.decision.integration.filter; |
|
|
|
import com.fr.decision.fun.impl.AbstractEmbedRequestFilterProvider; |
|
import com.fr.decision.webservice.v10.login.LoginService; |
|
import com.fr.log.FineLoggerFactory; |
|
import com.fr.plugin.decision.integration.config.IntegrateConf; |
|
import com.fr.plugin.decision.integration.service.IntegrateAuthService; |
|
import com.fr.plugin.decision.integration.utils.CommonUtils; |
|
import com.fr.plugin.decision.integration.utils.LogUtils; |
|
import com.fr.stable.StringUtils; |
|
import com.fr.web.utils.WebUtils; |
|
|
|
import javax.servlet.ServletException; |
|
import javax.servlet.http.HttpServletRequest; |
|
import javax.servlet.http.HttpServletResponse; |
|
import java.io.IOException; |
|
|
|
import static org.apache.catalina.filters.CorsFilter.*; |
|
|
|
/** |
|
* @Author JianYe.Wang |
|
* @Data 2021/10/15 14:44 |
|
* @Description TODO |
|
* @Version 10.0 |
|
**/ |
|
public class RequestSsoFilter extends AbstractEmbedRequestFilterProvider { |
|
|
|
@Override |
|
public void filter(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { |
|
try { |
|
// 跨域判断 |
|
if (IntegrateConf.getInstance().getCrossDomain()) { |
|
String origin = request.getHeader(REQUEST_HEADER_ORIGIN); |
|
if (StringUtils.isNotEmpty(origin)) { |
|
response.addHeader(RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_ORIGIN, origin); |
|
response.addHeader(RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_CREDENTIALS, "true"); |
|
String headers = request.getHeader(REQUEST_HEADER_ACCESS_CONTROL_REQUEST_HEADERS); |
|
if (StringUtils.isNotEmpty(headers)) |
|
response.addHeader(RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_HEADERS, headers); |
|
response.addHeader(RESPONSE_HEADER_ACCESS_CONTROL_ALLOW_METHODS, "*"); |
|
response.addHeader(RESPONSE_HEADER_ACCESS_CONTROL_MAX_AGE, "3600"); |
|
} |
|
/*if (request.getMethod().equals("OPTIONS")) { |
|
response.setStatus(HttpServletResponse.SC_OK); |
|
}*/ |
|
} |
|
|
|
// url 携带 token 单点 |
|
String token = WebUtils.getHTTPRequestParameter(request, "third_token"); |
|
if (StringUtils.isNotEmpty(token)) { |
|
if (request.getRequestURI().endsWith("/third/auth/cross/login") |
|
|| request.getRequestURI().endsWith("third/auth/login") |
|
|| request.getRequestURI().endsWith("third/auth/login/iframe")) { |
|
return; |
|
} |
|
LogUtils.info("Request carried third_token:{}", token); |
|
String userName = IntegrateAuthService.getInstance().getUserNameFromToken(token); |
|
if (CommonUtils.isMobile(request)) { |
|
String frToken = doLoginFR(request, response, userName); |
|
String redirect = WebUtils.getOriginalURL(request).replaceAll("third_token=[^&]*", "fine_auth_token=" + frToken); |
|
LogUtils.info("Request is mobile, now will redirect to:{}", redirect); |
|
response.sendRedirect(redirect); |
|
return; |
|
} else { |
|
String curUserName = LoginService.getInstance().getCurrentUserNameFromRequestCookie(request); |
|
if (!LoginService.getInstance().isLogged(request) || !StringUtils.equals(userName, curUserName)) { |
|
doLoginFR(request, response, userName); |
|
} |
|
} |
|
} |
|
|
|
// 自定义登录页判断,/login 还保留 |
|
if (IntegrateConf.getInstance().getPortalURLTurnOn() && request.getRequestURI().endsWith(WebUtils.createServletURL(request)) && !LoginService.getInstance().isLogged(request)) { |
|
response.sendRedirect(IntegrateConf.getInstance().getPortalURL()); |
|
return; |
|
} |
|
|
|
} catch (Exception e) { |
|
FineLoggerFactory.getLogger().error(e.getMessage(), e); |
|
} |
|
} |
|
|
|
private String doLoginFR(HttpServletRequest request, HttpServletResponse response, String username) throws Exception { |
|
String frToken = LoginService.getInstance().login(request, response, username); |
|
request.setAttribute("fine_auth_token", frToken); |
|
return frToken; |
|
} |
|
}
|
|
|