open-JSD-7706/src/main/java/com/fr/plugin/j7706/sso/request/GlobalRequestFilterBridge.java

 /*
  * Copyright (C), 2018-2021
  * Project: starter
  * FileName: GlobalRequestFilterBridge
  * Author:   Louis
  * Date:     2021/3/30 22:09
  */
 package com.fr.plugin.j7706.sso.request;

 import com.fanruan.api.decision.login.LoginKit;
import com.fanruan.api.log.LogKit;
 import com.fanruan.api.net.NetworkKit;
 import com.fanruan.api.net.http.HttpKit;
 import com.fanruan.api.util.CodeKit;
 import com.fanruan.api.util.RenderKit;
import com.fanruan.api.util.StringKit;
import com.fr.decision.fun.impl.AbstractGlobalRequestFilterProvider;
import com.fr.decision.webservice.utils.DecisionServiceConstants;
import com.fr.decision.webservice.v10.login.LoginService;
import com.fr.general.ComparatorUtils;
import com.fr.json.JSONObject;
import com.fr.plugin.j7706.sso.config.SsoConfig;
 import com.fr.plugin.j7706.sso.utils.AESUtil;
 import com.fr.third.org.apache.http.entity.StringEntity;
import com.fr.web.utils.WebUtils;

import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
 import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
 import java.net.URLDecoder;
import java.util.HashMap;
import java.util.Map;

 /**
  * <Function Description><br>
  * <GlobalRequestFilterBridge>
  *
  * @author Louis
  * @since 1.0.0
  */
 public class GlobalRequestFilterBridge extends AbstractGlobalRequestFilterProvider {
     public static final String OP_H5 = "H5";
     public static final String MOBILE_PATH = "/url/mobile";
     public static final String REMOTE_DESIGN = "/remote/design";
     public static final String RESOURCES_PATH = "/resources";
     public static final String VIEW_FORM = "/view/form";
     public static final String VIEW_REPORT = "/view/report";
     public static final String FILE_PATH = "/file";
     public static final String SYSTEM_INFO = "/system/info";
     public static final String MATERIALS_MIN_JS_MAP = "/materials.min.js.map";
     public static final String LOGIN_PATH = "/login";
     public static final String LOGIN_OTHER = "/login/";
     public static final String LOGOUT_PATH = "/logout";
     public static final String USER_LANGUAGE = "/v10/user/language";
     public static final String GLOBAL_EXPORT = "/v5/design/report/data/global/export";

     public static final String HOTBACK_HEALTH = "/plugin/public/com.finebi.plugin.bi.hotback/health";
     public static final String SYSTEM_HEALTH = "/system/health";
     public static final String CODE_URL = "${uriBase}/service-pt-unified-auth/pt-unified-auth/sso?source=Fin-BI&redirect=${uriRedirect}";
     public static final String TOKEN_URL = "/service-pt-unified-auth/pt-unified-auth/auth";
     public static final String USER_URL = "/service-cp-uc-extend/cp-uc-extend/Employee/queryUserByToken";
     public static final String COOKIE_TOKEN = "token";

     private SsoConfig config;

     /**
      * 过滤器名称
      *
      * @return
      */
     @Override
     public String filterName() {
         return "J7706Filter";
     }

     /**
      * 过滤规则
      *
      * @return
      */
     @Override
     public String[] urlPatterns() {
         return new String[]{"/decision/*"};
     }

     /**
      * 过滤器初始化
      *
      * @param filterConfig
      */
     @Override
     public void init(FilterConfig filterConfig) {
         this.config = SsoConfig.getInstance();
         super.init(filterConfig);
     }

     /**
      * 过滤器处理
      *
      * @param request
      * @param response
      * @param filterChain
      */
     @Override
     public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) {
         try {
             if (operation(request, response)) {
                 filterChain.doFilter(request, response);
             }
         } catch (Exception e) {
             LogKit.error(e.getMessage(), e);
         }
     }

     /**
      * 用户验证登陆操作
      *
      * @param req
      * @param res
      * @throws Exception
      */
     private boolean operation(HttpServletRequest req, HttpServletResponse res) throws Exception {
         String pathInfo = (req.getPathInfo() != null) ? req.getPathInfo() : StringKit.EMPTY;
         LogKit.info("sso-GlobalRequestFilterBridge-operation-pathInfo:{}", pathInfo);
         if (pathInfo.startsWith(REMOTE_DESIGN) || pathInfo.startsWith(LOGIN_OTHER)
                 || StringKit.equals(LOGIN_PATH, pathInfo)
                 || pathInfo.startsWith(HOTBACK_HEALTH) || pathInfo.startsWith(SYSTEM_HEALTH) || pathInfo.startsWith(GLOBAL_EXPORT)
                 || pathInfo.startsWith(RESOURCES_PATH) || pathInfo.startsWith(LOGOUT_PATH)
                 || pathInfo.startsWith(SYSTEM_INFO) || pathInfo.startsWith(MATERIALS_MIN_JS_MAP)
                 || pathInfo.startsWith(USER_LANGUAGE) || pathInfo.startsWith(FILE_PATH)) {
             return true;
         }
         // 已登录
         if (LoginService.getInstance().isLogged(req)) {
             return true;
         }
         // 请求code参数
         ParamBean paramBean;
         if (validateMobile(req, pathInfo)) {
             // 移动端解密参数
             paramBean = decryptQuery(req);
         } else {
             // PC请求decode参数
             paramBean = decodeQuery(req.getQueryString());
             if (paramBean == null) {
                 paramBean = paramByCookie(req);
             }
         }
         if (paramBean == null || StringKit.isEmpty(paramBean.getToken())) {
             res.sendRedirect(getLoginUrl(req));
             return false;
         }
         String accessToken = getAccessToken(paramBean.getToken());
         if (StringKit.isEmpty(accessToken)) {
             res.sendRedirect(getLoginUrl(req));
             return false;
         }
         String username = getUsername(accessToken);
         LogKit.info("sso-GlobalRequestFilterBridge-operation-username:{}, employeeNo:{}", username, paramBean.getEmpNo());
         if (StringKit.isEmpty(username)) {
             return true;
         }
         if (StringKit.isNotBlank(paramBean.getEmpNo()) && !StringKit.equals(username, paramBean.getEmpNo())) {
             return true;
         }
         String tokenFR = LoginKit.login(req, res, username);
         req.setAttribute(DecisionServiceConstants.FINE_AUTH_TOKEN_NAME, tokenFR);
         return true;
     }

     /**
      * 验证是否移动端请求
      *
      * @param req
      * @param pathInfo
      * @return
      */
     private Boolean validateMobile(HttpServletRequest req, String pathInfo) {
         String mtype = WebUtils.getHTTPRequestParameter(req, "mtype");
         return StringKit.equals(mtype, "1");
     }

     /**
      * 获取access_token
      *
      * @param code
      * @return
      * @throws Exception
      */
     private String getAccessToken(String code) throws Exception {
         Map<String, String> headers = new HashMap<>();
         headers.put("Content-Type", "application/json");
         JSONObject tokenParams = new JSONObject();
         tokenParams.put("token", code);
         StringEntity stringEntity = new StringEntity(tokenParams.encode(), "UTF-8");
         String res = HttpKit.executeAndParse(com.fanruan.api.net.http.rs.HttpRequest.custom()
                 .url(this.config.getUriBase() + TOKEN_URL)
                 .post(stringEntity).headers(headers).build());
         LogKit.info("sso-GlobalRequestFilterBridge-getAccessToken-res:{}", res);
         if (StringKit.isEmpty(res)) {
             return StringKit.EMPTY;
         }
         String resultCode = new JSONObject(res).getString("code");
         if (StringKit.equals(resultCode, "200")) {
             return code;
         }
         return StringKit.EMPTY;
     }

     /**
      * 通过凭证获得username
      *
      * @param accessToken
      * @return
      */
     private String getUsername(String accessToken) throws IOException {
         Map<String, String> userInfoParams = new HashMap<>();
         userInfoParams.put("token", accessToken);
         String userRes = HttpKit.get(this.config.getUriBase() + USER_URL, userInfoParams);
         LogKit.info("sso-GlobalRequestFilterBridge-getUsername-userRes:{}", userRes);
         return new JSONObject(userRes).getJSONObject("data").getString("employeeNo");
     }

     /**
      * 获取login_url
      *
      * @return
      * @throws Exception
      */
     public static String getLoginUrl(HttpServletRequest request) throws Exception {
         Map<String, Object> params = new HashMap<>();
         params.put("uriBase", SsoConfig.getInstance().getUriBase());
         params.put("uriRedirect", CodeKit.encodeURIComponent(request.getRequestURL().toString().replaceFirst("http://", "https://")
                 + "?" + request.getQueryString()));
         return RenderKit.renderParameter4Tpl(CODE_URL, params);
     }

     /**
      * cookie提取参数
      *
      * @param req
      * @return
      * @throws Exception
      */
     private ParamBean paramByCookie(HttpServletRequest req) throws Exception {
         String token = getParameterFromCookie(req, COOKIE_TOKEN);
         if (StringKit.isBlank(token)) {
             return null;
         }
         ParamBean paramBean = new ParamBean();
         paramBean.setToken(token);
         paramBean.setEmpNo(StringKit.EMPTY);
         LogKit.info("sso-GlobalRequestFilterBridge-paramByCookie-token:{}, employeeNo:{}", paramBean.getToken(), paramBean.getEmpNo());
         return paramBean;
     }

     /**
      * PC端解码参数
      *
      * @param queryString
      * @return
      * @throws Exception
      */
     public static ParamBean decodeQuery(String queryString) throws Exception {
         if (StringKit.isEmpty(queryString)) {
             return null;
         }
         String url = URLDecoder.decode(queryString, "utf-8");
         if (!url.contains("token=") || !url.contains("&rtoken")) {
             return null;
         }
         int startToken = url.indexOf("token=") + "token=".length();
         int endToken = url.indexOf("&rtoken");
         int startEmpNo = url.indexOf("employeeNo=") + "employeeNo=".length();
         int endEmpNo = url.indexOf("&lang");
         ParamBean paramBean = new ParamBean();
         paramBean.setToken(url.substring(startToken, endToken));
         paramBean.setEmpNo(url.substring(startEmpNo, endEmpNo));
         LogKit.info("sso-GlobalRequestFilterBridge-decodeQuery-token:{}, employeeNo:{}", paramBean.getToken(), paramBean.getEmpNo());
         return paramBean;
     }

     /**
      * 移动端端解密参数
      *
      * @param req
      * @return
      * @throws Exception
      */
     private ParamBean decryptQuery(HttpServletRequest req) {
         ParamBean paramBean = new ParamBean();
         String encryptToken = decodeStr(NetworkKit.getHTTPRequestParameter(req,"token"));
         String encryptEmpNo = decodeStr(NetworkKit.getHTTPRequestParameter(req,"empNo"));
         LogKit.info("sso-GlobalRequestFilterBridge-decryptQuery-encryptToken:{}, encryptEmpNo:{}, privateKey:{}", encryptToken, encryptEmpNo, this.config.getPrivateKey());
         String token = AESUtil.decrypt(encryptToken, this.config.getPrivateKey());
         String empNo = AESUtil.decrypt(encryptEmpNo, this.config.getPrivateKey());
         LogKit.info("sso-GlobalRequestFilterBridge-decryptQuery-token:{}, empNo:{}", token, empNo);
         paramBean.setToken(token);
         paramBean.setEmpNo(empNo);
         return paramBean;
     }

     /**
      * 处理加号和等号特殊字符
      *
      * @param str
      * @return
      */
     private String decodeStr(String str) {
         if (StringKit.isBlank(str)) {
             return str;
         }
         return str.replaceAll(" ", "+");
     }

     /**
      * 获取指定cookie值
      *
      * @param request
      * @param parameterName
      * @return
      */
     private String getParameterFromCookie(HttpServletRequest request, String parameterName) {
         Cookie[] cookies = request.getCookies();
         if (cookies == null) {
             return null;
         }
         for (Cookie cookie : cookies) {
             if (ComparatorUtils.equals(cookie.getName(), parameterName)) {
                 return cookie.getValue();
             }
         }
         return null;
     }

     public static void main(String[] args) {
         String str1 = "pUo4gVEuLQptqgN0HH9J1A==";
         String empNo = AESUtil.decrypt(str1, "dx&kdJF*12!.KKdf");
         System.out.println(empNo);
     }
 }
提交开源任务材料 4 years ago			`/*`
			`* Copyright (C), 2018-2021`
			`* Project: starter`
			`* FileName: GlobalRequestFilterBridge`
			`* Author: Louis`
			`* Date: 2021/3/30 22:09`
			`*/`
			`package com.fr.plugin.j7706.sso.request;`

			`import com.fanruan.api.decision.login.LoginKit;`
			`import com.fanruan.api.log.LogKit;`
			`import com.fanruan.api.net.NetworkKit;`
			`import com.fanruan.api.net.http.HttpKit;`
			`import com.fanruan.api.util.CodeKit;`
			`import com.fanruan.api.util.RenderKit;`
			`import com.fanruan.api.util.StringKit;`
			`import com.fr.decision.fun.impl.AbstractGlobalRequestFilterProvider;`
			`import com.fr.decision.webservice.utils.DecisionServiceConstants;`
			`import com.fr.decision.webservice.v10.login.LoginService;`
			`import com.fr.general.ComparatorUtils;`
			`import com.fr.json.JSONObject;`
			`import com.fr.plugin.j7706.sso.config.SsoConfig;`
			`import com.fr.plugin.j7706.sso.utils.AESUtil;`
			`import com.fr.third.org.apache.http.entity.StringEntity;`
			`import com.fr.web.utils.WebUtils;`

			`import javax.servlet.FilterChain;`
			`import javax.servlet.FilterConfig;`
			`import javax.servlet.http.Cookie;`
			`import javax.servlet.http.HttpServletRequest;`
			`import javax.servlet.http.HttpServletResponse;`
			`import java.io.IOException;`
			`import java.net.URLDecoder;`
			`import java.util.HashMap;`
			`import java.util.Map;`

			`/**`
			`* <Function Description><br>`
			`* <GlobalRequestFilterBridge>`
			`*`
			`* @author Louis`
			`* @since 1.0.0`
			`*/`
			`public class GlobalRequestFilterBridge extends AbstractGlobalRequestFilterProvider {`
			`public static final String OP_H5 = "H5";`
			`public static final String MOBILE_PATH = "/url/mobile";`
			`public static final String REMOTE_DESIGN = "/remote/design";`
			`public static final String RESOURCES_PATH = "/resources";`
			`public static final String VIEW_FORM = "/view/form";`
			`public static final String VIEW_REPORT = "/view/report";`
			`public static final String FILE_PATH = "/file";`
			`public static final String SYSTEM_INFO = "/system/info";`
			`public static final String MATERIALS_MIN_JS_MAP = "/materials.min.js.map";`
			`public static final String LOGIN_PATH = "/login";`
			`public static final String LOGIN_OTHER = "/login/";`
			`public static final String LOGOUT_PATH = "/logout";`
			`public static final String USER_LANGUAGE = "/v10/user/language";`
			`public static final String GLOBAL_EXPORT = "/v5/design/report/data/global/export";`

			`public static final String HOTBACK_HEALTH = "/plugin/public/com.finebi.plugin.bi.hotback/health";`
			`public static final String SYSTEM_HEALTH = "/system/health";`
			`public static final String CODE_URL = "${uriBase}/service-pt-unified-auth/pt-unified-auth/sso?source=Fin-BI&redirect=${uriRedirect}";`
			`public static final String TOKEN_URL = "/service-pt-unified-auth/pt-unified-auth/auth";`
			`public static final String USER_URL = "/service-cp-uc-extend/cp-uc-extend/Employee/queryUserByToken";`
			`public static final String COOKIE_TOKEN = "token";`

			`private SsoConfig config;`

			`/**`
			`* 过滤器名称`
			`*`
			`* @return`
			`*/`
			`@Override`
			`public String filterName() {`
			`return "J7706Filter";`
			`}`

			`/**`
			`* 过滤规则`
			`*`
			`* @return`
			`*/`
			`@Override`
			`public String[] urlPatterns() {`
			`return new String[]{"/decision/*"};`
			`}`

			`/**`
			`* 过滤器初始化`
			`*`
			`* @param filterConfig`
			`*/`
			`@Override`
			`public void init(FilterConfig filterConfig) {`
			`this.config = SsoConfig.getInstance();`
			`super.init(filterConfig);`
			`}`

			`/**`
			`* 过滤器处理`
			`*`
			`* @param request`
			`* @param response`
			`* @param filterChain`
			`*/`
			`@Override`
			`public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) {`
			`try {`
			`if (operation(request, response)) {`
			`filterChain.doFilter(request, response);`
			`}`
			`} catch (Exception e) {`
			`LogKit.error(e.getMessage(), e);`
			`}`
			`}`

			`/**`
			`* 用户验证登陆操作`
			`*`
			`* @param req`
			`* @param res`
			`* @throws Exception`
			`*/`
			`private boolean operation(HttpServletRequest req, HttpServletResponse res) throws Exception {`
			`String pathInfo = (req.getPathInfo() != null) ? req.getPathInfo() : StringKit.EMPTY;`
			`LogKit.info("sso-GlobalRequestFilterBridge-operation-pathInfo:{}", pathInfo);`
			`if (pathInfo.startsWith(REMOTE_DESIGN) \|\| pathInfo.startsWith(LOGIN_OTHER)`
			`\|\| StringKit.equals(LOGIN_PATH, pathInfo)`
			`\|\| pathInfo.startsWith(HOTBACK_HEALTH) \|\| pathInfo.startsWith(SYSTEM_HEALTH) \|\| pathInfo.startsWith(GLOBAL_EXPORT)`
			`\|\| pathInfo.startsWith(RESOURCES_PATH) \|\| pathInfo.startsWith(LOGOUT_PATH)`
			`\|\| pathInfo.startsWith(SYSTEM_INFO) \|\| pathInfo.startsWith(MATERIALS_MIN_JS_MAP)`
			`\|\| pathInfo.startsWith(USER_LANGUAGE) \|\| pathInfo.startsWith(FILE_PATH)) {`
			`return true;`
			`}`
			`// 已登录`
			`if (LoginService.getInstance().isLogged(req)) {`
			`return true;`
			`}`
			`// 请求code参数`
			`ParamBean paramBean;`
			`if (validateMobile(req, pathInfo)) {`
			`// 移动端解密参数`
			`paramBean = decryptQuery(req);`
			`} else {`
			`// PC请求decode参数`
			`paramBean = decodeQuery(req.getQueryString());`
			`if (paramBean == null) {`
			`paramBean = paramByCookie(req);`
			`}`
			`}`
			`if (paramBean == null \|\| StringKit.isEmpty(paramBean.getToken())) {`
			`res.sendRedirect(getLoginUrl(req));`
			`return false;`
			`}`
			`String accessToken = getAccessToken(paramBean.getToken());`
			`if (StringKit.isEmpty(accessToken)) {`
			`res.sendRedirect(getLoginUrl(req));`
			`return false;`
			`}`
			`String username = getUsername(accessToken);`
			`LogKit.info("sso-GlobalRequestFilterBridge-operation-username:{}, employeeNo:{}", username, paramBean.getEmpNo());`
			`if (StringKit.isEmpty(username)) {`
			`return true;`
			`}`
			`if (StringKit.isNotBlank(paramBean.getEmpNo()) && !StringKit.equals(username, paramBean.getEmpNo())) {`
			`return true;`
			`}`
			`String tokenFR = LoginKit.login(req, res, username);`
			`req.setAttribute(DecisionServiceConstants.FINE_AUTH_TOKEN_NAME, tokenFR);`
			`return true;`
			`}`

			`/**`
			`* 验证是否移动端请求`
			`*`
			`* @param req`
			`* @param pathInfo`
			`* @return`
			`*/`
			`private Boolean validateMobile(HttpServletRequest req, String pathInfo) {`
			`String mtype = WebUtils.getHTTPRequestParameter(req, "mtype");`
			`return StringKit.equals(mtype, "1");`
			`}`

			`/**`
			`* 获取access_token`
			`*`
			`* @param code`
			`* @return`
			`* @throws Exception`
			`*/`
			`private String getAccessToken(String code) throws Exception {`
			`Map<String, String> headers = new HashMap<>();`
			`headers.put("Content-Type", "application/json");`
			`JSONObject tokenParams = new JSONObject();`
			`tokenParams.put("token", code);`
			`StringEntity stringEntity = new StringEntity(tokenParams.encode(), "UTF-8");`
			`String res = HttpKit.executeAndParse(com.fanruan.api.net.http.rs.HttpRequest.custom()`
			`.url(this.config.getUriBase() + TOKEN_URL)`
			`.post(stringEntity).headers(headers).build());`
			`LogKit.info("sso-GlobalRequestFilterBridge-getAccessToken-res:{}", res);`
			`if (StringKit.isEmpty(res)) {`
			`return StringKit.EMPTY;`
			`}`
			`String resultCode = new JSONObject(res).getString("code");`
			`if (StringKit.equals(resultCode, "200")) {`
			`return code;`
			`}`
			`return StringKit.EMPTY;`
			`}`

			`/**`
			`* 通过凭证获得username`
			`*`
			`* @param accessToken`
			`* @return`
			`*/`
			`private String getUsername(String accessToken) throws IOException {`
			`Map<String, String> userInfoParams = new HashMap<>();`
			`userInfoParams.put("token", accessToken);`
			`String userRes = HttpKit.get(this.config.getUriBase() + USER_URL, userInfoParams);`
			`LogKit.info("sso-GlobalRequestFilterBridge-getUsername-userRes:{}", userRes);`
			`return new JSONObject(userRes).getJSONObject("data").getString("employeeNo");`
			`}`

			`/**`
			`* 获取login_url`
			`*`
			`* @return`
			`* @throws Exception`
			`*/`
			`public static String getLoginUrl(HttpServletRequest request) throws Exception {`
			`Map<String, Object> params = new HashMap<>();`
			`params.put("uriBase", SsoConfig.getInstance().getUriBase());`
			`params.put("uriRedirect", CodeKit.encodeURIComponent(request.getRequestURL().toString().replaceFirst("http://", "https://")`
			`+ "?" + request.getQueryString()));`
			`return RenderKit.renderParameter4Tpl(CODE_URL, params);`
			`}`

			`/**`
			`* cookie提取参数`
			`*`
			`* @param req`
			`* @return`
			`* @throws Exception`
			`*/`
			`private ParamBean paramByCookie(HttpServletRequest req) throws Exception {`
			`String token = getParameterFromCookie(req, COOKIE_TOKEN);`
			`if (StringKit.isBlank(token)) {`
			`return null;`
			`}`
			`ParamBean paramBean = new ParamBean();`
			`paramBean.setToken(token);`
			`paramBean.setEmpNo(StringKit.EMPTY);`
			`LogKit.info("sso-GlobalRequestFilterBridge-paramByCookie-token:{}, employeeNo:{}", paramBean.getToken(), paramBean.getEmpNo());`
			`return paramBean;`
			`}`

			`/**`
			`* PC端解码参数`
			`*`
			`* @param queryString`
			`* @return`
			`* @throws Exception`
			`*/`
			`public static ParamBean decodeQuery(String queryString) throws Exception {`
			`if (StringKit.isEmpty(queryString)) {`
			`return null;`
			`}`
			`String url = URLDecoder.decode(queryString, "utf-8");`
			`if (!url.contains("token=") \|\| !url.contains("&rtoken")) {`
			`return null;`
			`}`
			`int startToken = url.indexOf("token=") + "token=".length();`
			`int endToken = url.indexOf("&rtoken");`
			`int startEmpNo = url.indexOf("employeeNo=") + "employeeNo=".length();`
			`int endEmpNo = url.indexOf("&lang");`
			`ParamBean paramBean = new ParamBean();`
			`paramBean.setToken(url.substring(startToken, endToken));`
			`paramBean.setEmpNo(url.substring(startEmpNo, endEmpNo));`
			`LogKit.info("sso-GlobalRequestFilterBridge-decodeQuery-token:{}, employeeNo:{}", paramBean.getToken(), paramBean.getEmpNo());`
			`return paramBean;`
			`}`

			`/**`
			`* 移动端端解密参数`
			`*`
			`* @param req`
			`* @return`
			`* @throws Exception`
			`*/`
			`private ParamBean decryptQuery(HttpServletRequest req) {`
			`ParamBean paramBean = new ParamBean();`
			`String encryptToken = decodeStr(NetworkKit.getHTTPRequestParameter(req,"token"));`
			`String encryptEmpNo = decodeStr(NetworkKit.getHTTPRequestParameter(req,"empNo"));`
			`LogKit.info("sso-GlobalRequestFilterBridge-decryptQuery-encryptToken:{}, encryptEmpNo:{}, privateKey:{}", encryptToken, encryptEmpNo, this.config.getPrivateKey());`
			`String token = AESUtil.decrypt(encryptToken, this.config.getPrivateKey());`
			`String empNo = AESUtil.decrypt(encryptEmpNo, this.config.getPrivateKey());`
			`LogKit.info("sso-GlobalRequestFilterBridge-decryptQuery-token:{}, empNo:{}", token, empNo);`
			`paramBean.setToken(token);`
			`paramBean.setEmpNo(empNo);`
			`return paramBean;`
			`}`

			`/**`
			`* 处理加号和等号特殊字符`
			`*`
			`* @param str`
			`* @return`
			`*/`
			`private String decodeStr(String str) {`
			`if (StringKit.isBlank(str)) {`
			`return str;`
			`}`
			`return str.replaceAll(" ", "+");`
			`}`

			`/**`
			`* 获取指定cookie值`
			`*`
			`* @param request`
			`* @param parameterName`
			`* @return`
			`*/`
			`private String getParameterFromCookie(HttpServletRequest request, String parameterName) {`
			`Cookie[] cookies = request.getCookies();`
			`if (cookies == null) {`
			`return null;`
			`}`
			`for (Cookie cookie : cookies) {`
			`if (ComparatorUtils.equals(cookie.getName(), parameterName)) {`
			`return cookie.getValue();`
			`}`
			`}`
			`return null;`
			`}`

			`public static void main(String[] args) {`
			`String str1 = "pUo4gVEuLQptqgN0HH9J1A==";`
			`String empNo = AESUtil.decrypt(str1, "dx&kdJF*12!.KKdf");`
			`System.out.println(empNo);`
			`}`
			`}`