You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
221 lines
7.5 KiB
221 lines
7.5 KiB
/* |
|
* Copyright (C), 2018-2021 |
|
* Project: starter |
|
* FileName: TokenLogin |
|
* Author: Louis |
|
* Date: 2021/3/30 22:09 |
|
*/ |
|
package com.fr.plugin.sso.request; |
|
|
|
import com.fanruan.api.decision.login.LoginKit; |
|
import com.fanruan.api.decision.user.UserKit; |
|
import com.fanruan.api.log.LogKit; |
|
import com.fanruan.api.net.NetworkKit; |
|
import com.fanruan.api.net.http.HttpKit; |
|
import com.fanruan.api.util.StringKit; |
|
import com.fr.decision.fun.impl.AbstractGlobalRequestFilterProvider; |
|
import com.fr.decision.webservice.utils.DecisionServiceConstants; |
|
import com.fr.decision.webservice.v10.login.LoginService; |
|
import com.fr.json.JSONObject; |
|
import com.fr.plugin.sso.config.SsoConfig; |
|
import com.fr.third.org.apache.http.client.utils.URIBuilder; |
|
|
|
import javax.servlet.FilterChain; |
|
import javax.servlet.FilterConfig; |
|
import javax.servlet.http.HttpServletRequest; |
|
import javax.servlet.http.HttpServletResponse; |
|
import java.io.IOException; |
|
import java.net.URISyntaxException; |
|
import java.util.HashMap; |
|
import java.util.Map; |
|
|
|
/** |
|
* <Function Description><br> |
|
* <TokenLogin> |
|
* |
|
* @author fr.open |
|
* @since 1.0.0 |
|
*/ |
|
public class OAuthLogin extends AbstractGlobalRequestFilterProvider { |
|
public static final String REMOTE_DESIGN = "/remote/design"; |
|
public static final String RESOURCES_PATH = "/resources"; |
|
public static final String FILE_PATH = "/file"; |
|
public static final String SYSTEM_INFO = "/system/info"; |
|
public static final String MATERIALS_MIN_JS_MAP = "/materials.min.js.map"; |
|
public static final String LOGIN_PATH = "/login"; |
|
public static final String LOGIN_OTHER = "/login/"; |
|
public static final String LOGOUT_PATH = "/logout"; |
|
public static final String USER_LANGUAGE = "/v10/user/language"; |
|
public static final String USER_SYN = "/syn"; |
|
|
|
public static final String CODE_URL = "/sso/oauth/authorize"; |
|
public static final String TOKEN_URL = "/sso/oauth/accessToken"; |
|
public static final String USER_URL = "/sso/oauth/userInfo"; |
|
public static final String CODE = "code"; |
|
|
|
private SsoConfig config; |
|
|
|
/** |
|
* 过滤器名称 |
|
* |
|
* @return |
|
*/ |
|
@Override |
|
public String filterName() { |
|
return "SsoFilter"; |
|
} |
|
|
|
/** |
|
* 过滤规则 |
|
* |
|
* @return |
|
*/ |
|
@Override |
|
public String[] urlPatterns() { |
|
return new String[]{"/*"}; |
|
} |
|
|
|
/** |
|
* 过滤器初始化 |
|
* |
|
* @param filterConfig |
|
*/ |
|
@Override |
|
public void init(FilterConfig filterConfig) { |
|
this.config = SsoConfig.getInstance(); |
|
super.init(filterConfig); |
|
} |
|
|
|
/** |
|
* 过滤器处理 |
|
* |
|
* @param request |
|
* @param response |
|
* @param filterChain |
|
*/ |
|
@Override |
|
public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) { |
|
try { |
|
if (operation(request, response)) { |
|
filterChain.doFilter(request, response); |
|
} |
|
} catch (Exception e) { |
|
LogKit.error(e.getMessage(), e); |
|
} |
|
} |
|
|
|
/** |
|
* 用户验证登陆操作 |
|
* |
|
* @param req |
|
* @param res |
|
* @throws Exception |
|
*/ |
|
private boolean operation(HttpServletRequest req, HttpServletResponse res) throws Exception { |
|
String pathInfo = (req.getPathInfo() != null) ? req.getPathInfo() : StringKit.EMPTY; |
|
LogKit.info("sso-OAuthLogin-operation-pathInfo:{}", pathInfo); |
|
if (pathInfo.startsWith(REMOTE_DESIGN) || pathInfo.startsWith(LOGIN_OTHER) |
|
|| StringKit.equals(LOGIN_PATH, pathInfo) || pathInfo.startsWith(USER_SYN) |
|
|| pathInfo.startsWith(RESOURCES_PATH) || pathInfo.startsWith(LOGOUT_PATH) |
|
|| pathInfo.startsWith(SYSTEM_INFO) || pathInfo.startsWith(MATERIALS_MIN_JS_MAP) |
|
|| pathInfo.startsWith(USER_LANGUAGE) || pathInfo.startsWith(FILE_PATH)) { |
|
return true; |
|
} |
|
// 已登录 |
|
if (LoginService.getInstance().isLogged(req)) { |
|
return true; |
|
} |
|
String code = NetworkKit.getHTTPRequestParameter(req, CODE); |
|
LogKit.info("sso-OAuthLogin-operation-code:{}", code); |
|
if (StringKit.isBlank(code)) { |
|
res.sendRedirect(getLoginUrl(req)); |
|
return false; |
|
} |
|
String accessToken = getAccessToken(code); |
|
if (StringKit.isEmpty(accessToken)) { |
|
res.sendRedirect(getLoginUrl(req)); |
|
return false; |
|
} |
|
String username = getUsername(accessToken); |
|
if (StringKit.isEmpty(username) || !UserKit.existUsername(username)) { |
|
return true; |
|
} |
|
String tokenFR = LoginKit.login(req, res, username); |
|
req.setAttribute(DecisionServiceConstants.FINE_AUTH_TOKEN_NAME, tokenFR); |
|
return true; |
|
} |
|
|
|
/** |
|
* 通过凭证获得username |
|
* |
|
* @param accessToken |
|
* @return |
|
*/ |
|
private String getUsername(String accessToken) throws IOException { |
|
Map<String, String> userInfoParams = new HashMap<>(); |
|
userInfoParams.put("access_token", accessToken); |
|
String userRes = HttpKit.get(this.config.getUriBase() + USER_URL, userInfoParams); |
|
LogKit.info("sso-OAuthLogin-getUsername-userRes:{}", userRes); |
|
return new JSONObject(userRes).getString("loginName"); |
|
} |
|
|
|
/** |
|
* 获取access_token |
|
* |
|
* @param code |
|
* @return |
|
* @throws Exception |
|
*/ |
|
private String getAccessToken(String code) throws Exception { |
|
Map<String, String> params = new HashMap<>(); |
|
params.put("client_id", this.config.getClientId()); |
|
params.put("client_secret", this.config.getClientSecret()); |
|
params.put("grant_type", "authorization_code"); |
|
params.put("oauth_timestamp", String.valueOf(System.currentTimeMillis())); |
|
params.put("redirect_uri", this.config.getFrUri()); |
|
params.put("code", code); |
|
String url = this.config.getUriBase() + TOKEN_URL; |
|
String res = HttpKit.post(url, params); |
|
LogKit.info("sso-OAuthLogin-getAccessToken-res:{}", res); |
|
if (StringKit.isEmpty(res)) { |
|
return StringKit.EMPTY; |
|
} |
|
String token = new JSONObject(res).getString("access_token"); |
|
if (StringKit.isNotBlank(token)) { |
|
return token; |
|
} |
|
return StringKit.EMPTY; |
|
} |
|
|
|
/** |
|
* 获取login_url |
|
* |
|
* @return |
|
*/ |
|
private String getLoginUrl(HttpServletRequest request) { |
|
String url = SsoConfig.getInstance().getUriBase() + CODE_URL; |
|
Map<String, String> params = new HashMap<>(); |
|
params.put("response_type", "code"); |
|
params.put("client_id", SsoConfig.getInstance().getClientId()); |
|
params.put("redirect_uri", this.config.getFrUri()); |
|
String loginUrl = buildUrl(url, params); |
|
LogKit.info("sso-OAuthLogin-getLoginUrl-loginUrl:{}", loginUrl); |
|
return loginUrl; |
|
} |
|
|
|
private String buildUrl(String url, Map<String, String> params) { |
|
if (params == null || params.isEmpty()) { |
|
return url; |
|
} |
|
try { |
|
URIBuilder builder = new URIBuilder(url); |
|
for (Map.Entry<String, String> entry : params.entrySet()) { |
|
builder.setParameter(entry.getKey(), entry.getValue()); |
|
} |
|
return builder.build().toString(); |
|
} catch (URISyntaxException e) { |
|
LogKit.debug("Error to build url, please check the arguments."); |
|
return url; |
|
} |
|
} |
|
} |