You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
143 lines
5.1 KiB
143 lines
5.1 KiB
package com.fr.plugin.sso.filter; |
|
|
|
import com.fr.decision.fun.impl.AbstractEmbedRequestFilterProvider; |
|
import com.fr.json.JSONObject; |
|
import com.fr.plugin.sso.config.simple.account.PluginSimpleConfig; |
|
import com.fr.plugin.sso.utils.FRUtils; |
|
import com.fr.plugin.sso.utils.HttpUtils; |
|
import com.fr.plugin.sso.utils.ResponseUtils; |
|
import com.fr.plugin.sso.utils.Utils; |
|
import javax.servlet.http.HttpServletRequest; |
|
import javax.servlet.http.HttpServletResponse; |
|
import java.io.IOException; |
|
import java.io.UnsupportedEncodingException; |
|
import java.net.URLEncoder; |
|
import java.util.HashMap; |
|
import java.util.Map; |
|
|
|
public class SSOFilter extends AbstractEmbedRequestFilterProvider { |
|
|
|
@Override |
|
public void filter(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) { |
|
boolean isLogin = FRUtils.isLogin(httpServletRequest); |
|
String url = FRUtils.getAllUrl(httpServletRequest); |
|
|
|
PluginSimpleConfig psc = PluginSimpleConfig.getInstance(); |
|
String clientId = psc.getClientId(); |
|
String clientSecret= psc.getSecret(); |
|
//认证中心地址 |
|
String authUrl = psc.getAuthUrl(); |
|
//获取token地址 |
|
String tokenUrl = psc.getTokenUrl(); |
|
//获取用户地址 |
|
String userInfoUrl = psc.getUserInfoUrl(); |
|
|
|
//开放接口放行 |
|
if(url.contains("/addOrg") || url.contains("/addUser") || url.contains("/changeOrg") || |
|
url.contains("/deleteUser") || url.contains("/forbidOrg") || url.contains("/forbidUser") || |
|
url.contains("/openUser") || url.contains("/updateOrg") || url.contains("/updateUser") || |
|
url.contains("/userGroup") ||url.contains("test")||url.contains("heartbeat")){ |
|
return ; |
|
} |
|
|
|
//如果已经登录则放行 |
|
if(isLogin){ |
|
return ; |
|
} |
|
|
|
//如果是自带登录页资源则放行 |
|
if(url.contains("login")||url.contains("decision/file")||url.contains("decision/resource")||url.contains("decision/system")||url.contains("query/ip")){ |
|
return; |
|
} |
|
|
|
if(url.contains("remote")){ |
|
return; |
|
} |
|
|
|
//获取code |
|
String code = httpServletRequest.getParameter("code"); |
|
if(Utils.isNullStr(code)){ |
|
String redirectURL = ""; |
|
try { |
|
redirectURL= URLEncoder.encode(url,"utf-8"); |
|
} catch (UnsupportedEncodingException e) { |
|
FRUtils.FRLogInfo("url编码异常:"+e.getMessage()); |
|
return; |
|
} |
|
|
|
authUrl+= "?redirect_uri="+redirectURL+"&client_id="+clientId+"&response_type=code"; |
|
FRUtils.FRLogInfo("authUrl:"+authUrl); |
|
try { |
|
httpServletResponse.sendRedirect(authUrl); |
|
} catch (IOException e) { |
|
FRUtils.FRLogInfo("跳转异常:"+e.getMessage()); |
|
} |
|
|
|
return ; |
|
} |
|
|
|
String redirectURL = ""; |
|
if(url.contains("?code")){ |
|
redirectURL = url.substring(0,url.indexOf("?code")); |
|
}else{ |
|
redirectURL = url.substring(0,url.indexOf("&code")); |
|
} |
|
|
|
//获取token |
|
Map<String,String> tokenParam = new HashMap<String,String>(); |
|
tokenParam.put("client_id",clientId); |
|
tokenParam.put("client_secret",clientSecret); |
|
tokenParam.put("code",code); |
|
tokenParam.put("grant_type","authorization_code"); |
|
tokenParam.put("redirect_uri",redirectURL); |
|
|
|
String tokenUrl2 = tokenUrl + "?client_id="+clientId+"&client_secret="+clientSecret+"&grant_type=authorization_code&redirect_uri="+redirectURL+"&code="+code; |
|
|
|
// String tokenParamStr = tokenParam.toString(); |
|
|
|
String tokenResult = HttpUtils.HttpPostWWWForm(tokenUrl,null,tokenParam); |
|
|
|
if(Utils.isNullStr(tokenResult)){ |
|
FRUtils.FRLogInfo("获取token异常"); |
|
ResponseUtils.failedResponse(httpServletResponse,"获取token异常"); |
|
|
|
return; |
|
} |
|
|
|
JSONObject tokenResultJson = new JSONObject(tokenResult); |
|
String token = tokenResultJson.getString("access_token"); |
|
|
|
if(Utils.isNullStr(token)){ |
|
FRUtils.FRLogInfo("获取token异常:"); |
|
ResponseUtils.failedResponse(httpServletResponse,"获取token异常"); |
|
|
|
return; |
|
} |
|
|
|
//获取用户信息 |
|
String uid = tokenResultJson.getString("uid"); |
|
userInfoUrl+="?access_token="+token+"&client_id="+clientId+"&uid="+uid; |
|
|
|
String userInfoResult = HttpUtils.get(userInfoUrl,null); |
|
|
|
if(Utils.isNullStr(userInfoResult)){ |
|
FRUtils.FRLogInfo("获取用户信息异常"); |
|
ResponseUtils.failedResponse(httpServletResponse,"获取用户信息异常"); |
|
|
|
return; |
|
} |
|
|
|
JSONObject userJsonObject = new JSONObject(userInfoResult); |
|
|
|
String loginName = userJsonObject.getString("accountNo"); |
|
|
|
if(Utils.isNullStr(loginName)){ |
|
FRUtils.FRLogInfo("获取用户信息异常:"); |
|
ResponseUtils.failedResponse(httpServletResponse,"获取用户信息异常:"); |
|
|
|
return; |
|
} |
|
|
|
FRUtils.login(httpServletRequest,httpServletResponse,loginName,""); |
|
} |
|
} |