You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
143 lines
5.1 KiB
143 lines
5.1 KiB
3 years ago
|
package com.fr.plugin.sso.filter;
|
||
|
|
|
||
|
|
import com.fr.decision.fun.impl.AbstractEmbedRequestFilterProvider;
|
||
|
|
import com.fr.json.JSONObject;
|
||
|
|
import com.fr.plugin.sso.config.simple.account.PluginSimpleConfig;
|
||
|
|
import com.fr.plugin.sso.utils.FRUtils;
|
||
|
|
import com.fr.plugin.sso.utils.HttpUtils;
|
||
|
|
import com.fr.plugin.sso.utils.ResponseUtils;
|
||
|
|
import com.fr.plugin.sso.utils.Utils;
|
||
|
|
import javax.servlet.http.HttpServletRequest;
|
||
|
|
import javax.servlet.http.HttpServletResponse;
|
||
|
|
import java.io.IOException;
|
||
|
|
import java.io.UnsupportedEncodingException;
|
||
|
|
import java.net.URLEncoder;
|
||
|
|
import java.util.HashMap;
|
||
|
|
import java.util.Map;
|
||
|
|
|
||
|
|
public class SSOFilter extends AbstractEmbedRequestFilterProvider {
|
||
|
|
|
||
|
|
@Override
|
||
|
|
public void filter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) {
|
||
|
|
boolean isLogin = FRUtils.isLogin(httpServletRequest);
|
||
|
|
String url = FRUtils.getAllUrl(httpServletRequest);
|
||
|
|
|
||
|
|
PluginSimpleConfig psc = PluginSimpleConfig.getInstance();
|
||
|
|
String clientId = psc.getClientId();
|
||
|
|
String clientSecret= psc.getSecret();
|
||
|
|
//认证中心地址
|
||
|
|
String authUrl = psc.getAuthUrl();
|
||
|
|
//获取token地址
|
||
|
|
String tokenUrl = psc.getTokenUrl();
|
||
|
|
//获取用户地址
|
||
|
|
String userInfoUrl = psc.getUserInfoUrl();
|
||
|
|
|
||
|
|
//开放接口放行
|
||
|
|
if(url.contains("/addOrg") || url.contains("/addUser") || url.contains("/changeOrg") ||
|
||
|
|
url.contains("/deleteUser") || url.contains("/forbidOrg") || url.contains("/forbidUser") ||
|
||
|
|
url.contains("/openUser") || url.contains("/updateOrg") || url.contains("/updateUser") ||
|
||
|
|
url.contains("/userGroup") ||url.contains("test")||url.contains("heartbeat")){
|
||
|
|
return ;
|
||
|
|
}
|
||
|
|
|
||
|
|
//如果已经登录则放行
|
||
|
|
if(isLogin){
|
||
|
|
return ;
|
||
|
|
}
|
||
|
|
|
||
|
|
//如果是自带登录页资源则放行
|
||
|
|
if(url.contains("login")||url.contains("decision/file")||url.contains("decision/resource")||url.contains("decision/system")||url.contains("query/ip")){
|
||
|
|
return;
|
||
|
|
}
|
||
|
|
|
||
|
|
if(url.contains("remote")){
|
||
|
|
return;
|
||
|
|
}
|
||
|
|
|
||
|
|
//获取code
|
||
|
|
String code = httpServletRequest.getParameter("code");
|
||
|
|
if(Utils.isNullStr(code)){
|
||
|
|
String redirectURL = "";
|
||
|
|
try {
|
||
|
|
redirectURL= URLEncoder.encode(url,"utf-8");
|
||
|
|
} catch (UnsupportedEncodingException e) {
|
||
|
|
FRUtils.FRLogInfo("url编码异常:"+e.getMessage());
|
||
|
|
return;
|
||
|
|
}
|
||
|
|
|
||
|
|
authUrl+= "?redirect_uri="+redirectURL+"&client_id="+clientId+"&response_type=code";
|
||
|
|
FRUtils.FRLogInfo("authUrl:"+authUrl);
|
||
|
|
try {
|
||
|
|
httpServletResponse.sendRedirect(authUrl);
|
||
|
|
} catch (IOException e) {
|
||
|
|
FRUtils.FRLogInfo("跳转异常:"+e.getMessage());
|
||
|
|
}
|
||
|
|
|
||
|
|
return ;
|
||
|
|
}
|
||
|
|
|
||
|
|
String redirectURL = "";
|
||
|
|
if(url.contains("?code")){
|
||
|
|
redirectURL = url.substring(0,url.indexOf("?code"));
|
||
|
|
}else{
|
||
|
|
redirectURL = url.substring(0,url.indexOf("&code"));
|
||
|
|
}
|
||
|
|
|
||
|
|
//获取token
|
||
|
|
Map<String,String> tokenParam = new HashMap<String,String>();
|
||
|
|
tokenParam.put("client_id",clientId);
|
||
|
|
tokenParam.put("client_secret",clientSecret);
|
||
|
|
tokenParam.put("code",code);
|
||
|
|
tokenParam.put("grant_type","authorization_code");
|
||
|
|
tokenParam.put("redirect_uri",redirectURL);
|
||
|
|
|
||
|
|
String tokenUrl2 = tokenUrl + "?client_id="+clientId+"&client_secret="+clientSecret+"&grant_type=authorization_code&redirect_uri="+redirectURL+"&code="+code;
|
||
|
|
|
||
|
|
// String tokenParamStr = tokenParam.toString();
|
||
|
|
|
||
|
|
String tokenResult = HttpUtils.HttpPostWWWForm(tokenUrl,null,tokenParam);
|
||
|
|
|
||
|
|
if(Utils.isNullStr(tokenResult)){
|
||
|
|
FRUtils.FRLogInfo("获取token异常");
|
||
|
|
ResponseUtils.failedResponse(httpServletResponse,"获取token异常");
|
||
|
|
|
||
|
|
return;
|
||
|
|
}
|
||
|
|
|
||
|
|
JSONObject tokenResultJson = new JSONObject(tokenResult);
|
||
|
|
String token = tokenResultJson.getString("access_token");
|
||
|
|
|
||
|
|
if(Utils.isNullStr(token)){
|
||
|
|
FRUtils.FRLogInfo("获取token异常:");
|
||
|
|
ResponseUtils.failedResponse(httpServletResponse,"获取token异常");
|
||
|
|
|
||
|
|
return;
|
||
|
|
}
|
||
|
|
|
||
|
|
//获取用户信息
|
||
|
|
String uid = tokenResultJson.getString("uid");
|
||
|
|
userInfoUrl+="?access_token="+token+"&client_id="+clientId+"&uid="+uid;
|
||
|
|
|
||
|
|
String userInfoResult = HttpUtils.get(userInfoUrl,null);
|
||
|
|
|
||
|
|
if(Utils.isNullStr(userInfoResult)){
|
||
|
|
FRUtils.FRLogInfo("获取用户信息异常");
|
||
|
|
ResponseUtils.failedResponse(httpServletResponse,"获取用户信息异常");
|
||
|
|
|
||
|
|
return;
|
||
|
|
}
|
||
|
|
|
||
|
|
JSONObject userJsonObject = new JSONObject(userInfoResult);
|
||
|
|
|
||
|
|
String loginName = userJsonObject.getString("accountNo");
|
||
|
|
|
||
|
|
if(Utils.isNullStr(loginName)){
|
||
|
|
FRUtils.FRLogInfo("获取用户信息异常:");
|
||
|
|
ResponseUtils.failedResponse(httpServletResponse,"获取用户信息异常:");
|
||
|
|
|
||
|
|
return;
|
||
|
|
}
|
||
|
|
|
||
|
|
FRUtils.login(httpServletRequest,httpServletResponse,loginName,"");
|
||
|
|
}
|
||
|
|
}
|