hugh
/
open-JSD-9155
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
JSD-9155 ticket单点+角色控制接口+模板列表接口
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
2 Commits
1 Branch
0 Tags
267 KiB
 
Branch: 10.0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '10.0'
${ noResults }
open-JSD-9155/src/main/java/com/fr/plugin/xxxx/auth/AuthFilter.java

171 lines
6.6 KiB
Raw Permalink Blame History

package com.fr.plugin.xxxx.auth;
import com.fr.decision.authority.AuthorityContext;
import com.fr.decision.authority.data.Authority;
import com.fr.decision.authority.data.CustomRole;
import com.fr.decision.authority.data.User;
import com.fr.decision.fun.impl.AbstractGlobalRequestFilterProvider;
import com.fr.decision.webservice.utils.WebServiceUtils;
import com.fr.decision.webservice.v10.user.CustomRoleService;
import com.fr.decision.webservice.v10.user.UserService;
import com.fr.json.JSONObject;
import com.fr.locale.InterProviderFactory;
import com.fr.log.FineLoggerFactory;
import com.fr.plugin.context.PluginContexts;
import com.fr.plugin.xxxx.auth.action.RolePathAuthService;
import com.fr.plugin.xxxx.auth.conf.AuthSsoConfig;
import com.fr.plugin.xxxx.auth.utils.CommonUtils;
import com.fr.plugin.xxxx.auth.utils.CookieUtils;
import com.fr.plugin.xxxx.auth.utils.HttpUtil;
import com.fr.plugin.xxxx.auth.utils.LogUtils;
import com.fr.stable.StringUtils;
import com.fr.stable.fun.Authorize;
import com.fr.web.utils.WebUtils;
import javax.servlet.FilterChain;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.PrintWriter;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import java.util.stream.Collectors;
/**
* @author fr.open
* @since 2021/12/04
*/
@Authorize(callSignKey = Constants.PLUGIN_ID)
public class AuthFilter extends AbstractGlobalRequestFilterProvider {
@Override
public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain chain) {
String validateUser = StringUtils.EMPTY;
Cookie cookie = CookieUtils.getCookie(request, AuthSsoConfig.getInstance().getCookieKey());
if(cookie != null && AuthSsoConfig.getInstance().isConfiged()){
Map<String, String> param = new HashMap<>();
param.put("ticketValue",cookie.getValue());
String res = HttpUtil.sendGet(AuthSsoConfig.getInstance().getValidateUrl(), param, null);
LogUtils.debug4plugin("validate cookie url is {}, param is {}, res is {}",AuthSsoConfig.getInstance().getValidateUrl(),param,res);
JSONObject object = new JSONObject(res);
if(object.has("data")){
validateUser = object.getString("data");
if(CommonUtils.checkUser(validateUser)){
CommonUtils.login(validateUser,request,response);
}else {
setError(response,"用户不存在");
return;
}
}
}
try {
User user = null;
if(StringUtils.isNotBlank(validateUser)){
user = UserService.getInstance().getUserByUserName(validateUser);
}else {
try {
user = UserService.getInstance().getUserByRequestCookie(request);
}catch (Exception e){
LogUtils.debug4plugin("current user not login");
}
}
if (user == null) {
next(request, response, chain);
return;
}
String let = getlet(request);
if(StringUtils.isBlank(let)){
next(request,response,chain);
return;
}
if (!let.startsWith("/")) {
let = "/" + let;
}
LogUtils.debug4plugin("current report is {}",let);
List<CustomRole> roles = CustomRoleService.getInstance().getCustomRolesByUser(user.getId());
LogUtils.debug4plugin("current user {} role is {}",user.getUserName(),roles);
if (roles == null || roles.isEmpty()) {
setError(response, "当前用户无权限");
return;
}
Set<String> paths = RolePathAuthService.getPathsByRole(roles.stream().map(CustomRole::getId).collect(Collectors.toSet()));
LogUtils.debug4plugin("current user {} role is {}",user.getUserName(),paths);
if (!paths.contains(let)) {
setError(response, "当前用户无权限");
return;
}
next(request, response, chain);
} catch (Exception e) {
LogUtils.error(e.getMessage(),e);
}
}
private String getlet(HttpServletRequest request) {
String let = WebUtils.getReportTitleFromRequest(request);
if(StringUtils.isNotBlank(let)){
return let;
}
String requestURI = request.getRequestURI();
if(!requestURI.contains("/v10/entry/access/")){
return StringUtils.EMPTY;
}
String uid = requestURI.substring(requestURI.indexOf("access/") + 7);
Authority authority = null;
try {
authority = (Authority) AuthorityContext.getInstance().getAuthorityController().getById(uid);
} catch (Exception e) {
}
if(authority != null ){
return authority.getPath();
}
return let;
}
public static void next(HttpServletRequest request, HttpServletResponse response, FilterChain chain) {
try {
chain.doFilter(request, response);
} catch (Exception e) {
FineLoggerFactory.getLogger().error(e.getMessage(), e);
}
}
@Override
public String filterName() {
return "sso";
}
@Override
public String[] urlPatterns() {
if (!PluginContexts.currentContext().isAvailable()) {
LogUtils.error("未注册或禁用");
return new String[]{"/neverbeused"};
}
return new String[]{
"/decision",
"/decision/view/report",
"/decision/view/form",
"/decision/v10/entry/access/*"
};
}
private void setError(HttpServletResponse res, String reason) {
try {
PrintWriter printWriter = WebUtils.createPrintWriter(res);
Map<String, Object> map = new HashMap<>();
map.put("result", InterProviderFactory.getProvider().getLocText("Fine-Engine_Error_Page_Result"));
map.put("reason", reason);
map.put("solution", InterProviderFactory.getProvider().getLocText("Fine-Engine_Please_Contact_Platform_Admin"));
String page = WebServiceUtils.parseWebPageResourceSafe("com/fr/web/controller/decision/entrance/resources/unavailable.html", map);
printWriter.write(page);
printWriter.flush();
printWriter.close();
} catch (Exception e) {
FineLoggerFactory.getLogger().error(e.getMessage(), e);
}
}
}