hugh
/
open-JSD-7963
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
JSD-7963 复合单点登录+登录时增量更新用户组织和权限信息
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
131 KiB
 
 
Branch: 10.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '10.0'
${ noResults }
open-JSD-7963/src/com/fr/plugin/RemoteFilter.java

348 lines
16 KiB
Raw Permalink Blame History

package com.fr.plugin;
import com.fr.data.NetworkHelper;
import com.fr.decision.authority.AuthorityContext;
import com.fr.decision.authority.base.constant.type.operation.ManualOperationType;
import com.fr.decision.authority.controller.CustomRoleController;
import com.fr.decision.authority.controller.DepartmentController;
import com.fr.decision.authority.controller.PostController;
import com.fr.decision.authority.controller.UserController;
import com.fr.decision.authority.data.CustomRole;
import com.fr.decision.authority.data.Department;
import com.fr.decision.authority.data.Post;
import com.fr.decision.authority.data.User;
import com.fr.decision.fun.impl.AbstractEmbedRequestFilterProvider;
import com.fr.decision.privilege.encrpt.PasswordValidator;
import com.fr.decision.webservice.Response;
import com.fr.decision.webservice.impl.user.type.UserProductType;
import com.fr.decision.webservice.utils.UserSourceFactory;
import com.fr.decision.webservice.v10.user.UserService;
import com.fr.exception.RemoteDesignPermissionDeniedException;
import com.fr.io.utils.ResourceIOUtils;
import com.fr.json.JSONArray;
import com.fr.json.JSONObject;
import com.fr.log.FineLoggerFactory;
import com.fr.security.JwtUtils;
import com.fr.stable.StringUtils;
import com.fr.stable.query.QueryFactory;
import com.fr.stable.query.restriction.RestrictionFactory;
import com.fr.web.service.RemoteDesignAuthorityDataService;
import com.fr.web.utils.WebUtils;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.InputStream;
import java.io.PrintWriter;
import java.io.StringWriter;
import java.util.*;
public class RemoteFilter extends AbstractEmbedRequestFilterProvider {
@Override
public void init(FilterConfig filterConfig) {
FineLoggerFactory.getLogger().info("RemoteFilter 拦截器启动");
FilterMeConfig instance = FilterMeConfig.getInstance();
}
@Override
public void filter(HttpServletRequest request, HttpServletResponse httpServletResponse) throws IOException, ServletException {
String uri = request.getRequestURI();
if (uri != null && uri.contains("remote/design/token") && request.getMethod().equalsIgnoreCase("GET")) {
FineLoggerFactory.getLogger().info("拦截器捕获一个请求,design/token {}", uri);
String username = NetworkHelper.getHTTPRequestParameter(request, "username");
String password = NetworkHelper.getHTTPRequestParameter(request, "password");
try {
FineLoggerFactory.getLogger().info("登录的用户名{} 密码:{}", username, password);
JSONObject apilogin = apilogin(username, password);
if (apilogin != null) {
String remoteToken = tokenLogin(apilogin);
FineLoggerFactory.getLogger().info("响应的token: {} ", remoteToken);
if (StringUtils.isNotBlank(remoteToken)) {
WebUtils.printAsString(httpServletResponse, com.fr.plugin.JSONUtils.serialize(Response.ok(remoteToken)));
return;
}
FineLoggerFactory.getLogger().info("登录异常{}", remoteToken);
} else {
renderError(httpServletResponse, "21300007", "User password error!");
}
} catch (Exception e) {
printException2Frlog(e);
if (e instanceof RemoteDesignPermissionDeniedException) {
renderError(httpServletResponse, "31300101", "Fine-Engine_Remote_Design_Permission_Denied");
}
}
}
return;
}
private List<String> getAdminFlags() {
InputStream inputStream = ResourceIOUtils.read("/config-all/adminflag.properties");
if (inputStream != null) {
Properties properties = new Properties();
try {
properties.load(inputStream);
String adminflag = properties.getProperty("adminflag");
if (StringUtils.isNotBlank(adminflag)) {
String[] split = adminflag.split(",");
return Arrays.asList(split);
}
} catch (IOException e) {
e.printStackTrace();
}
}
return Collections.emptyList();
}
private static boolean isAdminFlags(String flag, List<String> flags) {
return flags.contains(flag);
}
private String tokenLogin(JSONObject jsonObject) {
JSONObject entries = jsonObject.getJSONObject("data");
// String usrNm = entries.getString("usrNm");
JSONArray rlNoList = entries.getJSONArray("rlNoList");
int size = rlNoList.size();
List<String> adminFlags = getAdminFlags();
boolean isAdmin = false;
for (int i = 0; i < size; i++) {
String adminPost = rlNoList.getString(i);
if (isAdminFlags(adminPost, adminFlags)) {
isAdmin = true;
break;
}
}
if (isAdmin) {
FineLoggerFactory.getLogger().info("remote 本次为管理员登录 ");
try {
return getRemoteToken("admin");
} catch (Exception e) {
printException2Frlog(e);
}
}
String usrNo = entries.getString("usrNo");
String instNo = entries.getString("instNo");//部门id
String realUserName = usrNo + "_" + instNo;//更改后的用户名
String fullName = entries.getString("fullName");
String alias = fullName + "(" + realUserName + ")";
try {
User user = UserService.getInstance().getUserByUserName(realUserName);
UserController userController = AuthorityContext.getInstance().getUserController();
CustomRoleController customRoleController = AuthorityContext.getInstance().getCustomRoleController();
if (user == null) {
FineLoggerFactory.getLogger().info("设计器拦截 拦截器新增一个用户 :{}", usrNo);
//如果usrNo的用户不存在则检查realUserName的用户是否存在
user = UserService.getInstance().getUserByUserName(realUserName);
if (user == null) {
FineLoggerFactory.getLogger().info("拦截器新增一个用户 用户名称 :{}", realUserName);
PasswordValidator passwordValidator = UserSourceFactory.getInstance().getUserSource(ManualOperationType.KEY).getPasswordValidator();
user = (new User()).userName(realUserName).userAlias(alias).realName(fullName).password(passwordValidator.encode(realUserName, UUID.randomUUID().toString()))
.creationType(ManualOperationType.KEY).lastOperationType(ManualOperationType.KEY).enable(true);
userController.add(user);
}
}
String userId = user.getId();
// List<String> adminFlags = getAdminFlags();
FineLoggerFactory.getLogger().info(" 设计器拦截 当前的管理员标识符 :{}", adminFlags);
List<String> remoteRoles = new ArrayList<>();
String pstNo = entries.getString("pstNo");//角色id
String pstNm = entries.getString("pstNm");//角色名称
String realRoleName = pstNm + "(" + pstNo + ")";
remoteRoles.add(pstNo);
//先判断传过来的的角色是不是本地都有,没有要加上
List<CustomRole> controllerOne = customRoleController.find(QueryFactory.create().addRestriction(RestrictionFactory.eq("name", pstNo)));
if (!controllerOne.isEmpty()) {
try {
FineLoggerFactory.getLogger().info(" 设计器拦截 传送过来的角色在本地已存在,添加到用户{} 到角色:{}", userId, pstNo);
CustomRole customRole = controllerOne.get(0);
customRole.setName(realRoleName);
customRole.setAlias(pstNo);
customRole.setEnable(true);
customRole.setDescription("通过xcontent添加");
customRoleController.update(customRole);
userController.addUserToCustomRole(userId, customRole.getId());
} catch (Exception e) {
}
} else {
FineLoggerFactory.getLogger().info(" 设计器拦截 传送过来的角色在本地不存在,添加到本地:{}", pstNo);
CustomRole addRole = new CustomRole();
addRole.setId(pstNo);
addRole.setName(realRoleName);
addRole.setAlias(pstNo);
addRole.setEnable(true);
addRole.setDescription("通过xcontent添加");
try {
customRoleController.add(addRole);
userController.addUserToCustomRole(userId, addRole.getId());
} catch (Exception e) {
}
}
//在判断本地的角色是不是远程没有了,要移除掉
List<CustomRole> roles = customRoleController.findByUser(userId, QueryFactory.create());
for (CustomRole customRole : roles) {
if (!remoteRoles.contains(customRole.getId())) {
if ("superusers".equals((customRole.getName()))) {
continue;
}
FineLoggerFactory.getLogger().info("远端没有的角色本地移除:{}", customRole.getName());
userController.removeUserFromCustomRole(userId, customRole.getId());
}
}
DepartmentController departmentController = AuthorityContext.getInstance().getDepartmentController();
//移除原来的部门
List<Department> departmentList = departmentController.findByUser(userId, QueryFactory.create());
for (Department department : departmentList) {
userController.removeUserFromDepartment(userId, department.getId());
}
String instNm = entries.getString("instNm");
Department department = departmentController.findOne(QueryFactory.create().addRestriction(RestrictionFactory.eq("id", instNo)));
if (department == null) {
FineLoggerFactory.getLogger().info("添加 部门,dep: {}: name {}", instNo, instNo, instNm + "(" + pstNo + "" + ")");
department = new Department();
department.setName(instNm + "(" + pstNo + ")");
department.setId(instNo);
department.setEnable(true);
department.description("通过x-content创建");
departmentController.add(department);
} else {
department.setName(instNm + "(" + pstNo + ")");
department.setParentId(null);
department.setEnable(true);
departmentController.update(department);
FineLoggerFactory.getLogger().info("设计器节点 已存在部门,dep: {}: name {}", department.getId(), department.getName());
}
PostController postController = AuthorityContext.getInstance().getPostController();
List<Post> byUser = postController.findByUser(userId, QueryFactory.create());
//移除原来职位
for (Post post : byUser) {
userController.removeUserFromPost(userId, post.getId());
}
Post post = postController.findOne(QueryFactory.create().addRestriction(RestrictionFactory.eq("id", pstNo)));
if (post == null) {
post = new Post();
post.setId(pstNo);
post.setName(pstNm + "(" + pstNo + ")");
post.setEnable(true);
postController.add(post);
} else {
post.setName(pstNm + "(" + pstNo + ")");
post.setEnable(true);
postController.update(post);
}
try {
FineLoggerFactory.getLogger().info("添加职位到部门,post: {}: dep {}", pstNo, instNo);
postController.addPostToDepartment(pstNo, instNo);
} catch (Exception e) {
}
try {
FineLoggerFactory.getLogger().info("添加用户到部门,post: {}: dep {} ,userId:{}", pstNo, instNo, userId);
userController.addUserToDepartmentAndPost(userId, instNo, pstNo);
} catch (Exception e) {
}
boolean isDesignUser = false;
List<String> designFlags = getDesignFlags();
if (!designFlags.isEmpty()) {
for (CustomRole role : roles) {
String name = role.getName();
//如果是有
if (isAdminFlags(name, designFlags)) {
isDesignUser = true;
break;
}
}
}
try {
UserProductType userProductType = UserProductType.fromInteger(6);//数据处理用户
if (isDesignUser) {
userController.addUserProductType(userId, userProductType.transProductKey());
} else {
userController.removeUserProductType(userId, userProductType.transProductKey());
}
} catch (Exception e) {
}
// if (isAdmin) {
// FineLoggerFactory.getLogger().info("设计器拦截 本次为管理员登录");
// return getRemoteToken("admin");
// } else {
FineLoggerFactory.getLogger().info("设计器拦截 本次为普通用户登录:{}", realUserName);
return getRemoteToken(realUserName);
// }
} catch (Exception e) {
e.printStackTrace();
}
return "";
}
private static List<String> getDesignFlags() {
String adminFlags = FilterMeConfig.getInstance().getDesignFlags();
FineLoggerFactory.getLogger().info("remote本地设计角色获取:{}", adminFlags);
if (StringUtils.isNotBlank(adminFlags)) {
String[] split = adminFlags.split(";");
return Arrays.asList(split);
}
return Collections.emptyList();
}
private void renderError(HttpServletResponse httpServletResponse, String code, String msg) {
try {
WebUtils.printAsString(httpServletResponse, JSONUtils.serialize(Response.error(code, msg)));
} catch (Exception e) {
e.printStackTrace();
}
}
private JSONObject apilogin(String username, String pwd) throws Exception {
String baseUrl = getBaseUrl();
if (StringUtils.isBlank(baseUrl)) {
throw new Exception("未配置接口地址");
}
String api = getBaseUrl() + "check/pwd/finebi";
FineLoggerFactory.getLogger().info("remote访问的接口地址为 {}", api);
JSONObject parm = new JSONObject();
parm.put("userName", username);
parm.put("verifyCode", pwd);
String resp = HttpApi.sendJsonPost(api, parm, "UTF-8");
FineLoggerFactory.getLogger().info("接口响应 {}", resp);
JSONObject jsonObject = new JSONObject(resp);
return jsonObject;
}
public String getRemoteToken(String var1) throws Exception {
User var4 = UserService.getInstance().getUserByUserName(var1);
if (var4 != null && RemoteDesignAuthorityDataService.getInstance().hasAuthority(var4.getId())) {
return JwtUtils.createDefaultJWT(var1);
} else {
throw new RemoteDesignPermissionDeniedException();
}
}
private String getBaseUrl() {
FilterMeConfig instance = FilterMeConfig.getInstance();
String baseUrl = instance.getBaseUrl();
if (StringUtils.isNotBlank(baseUrl)) {
String[] split = baseUrl.split(";");
List<String> strings = Arrays.asList(split);
Collections.shuffle(strings);
return strings.get(0);
}
return "";
}
public static void printException2Frlog(Exception e) {
StringWriter writer = new StringWriter();
e.printStackTrace(new PrintWriter(writer));
String s = writer.toString();
FineLoggerFactory.getLogger().error("错误:{}", s);
}
}