You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
122 lines
5.1 KiB
122 lines
5.1 KiB
package com.fr.plugin; |
|
|
|
import com.fanruan.api.net.http.HttpKit; |
|
import com.fr.decision.authority.data.User; |
|
import com.fr.decision.fun.impl.BaseHttpHandler; |
|
import com.fr.decision.webservice.utils.DecisionStatusService; |
|
import com.fr.decision.webservice.v10.login.LoginService; |
|
import com.fr.decision.webservice.v10.user.UserService; |
|
import com.fr.json.JSONObject; |
|
import com.fr.log.FineLoggerFactory; |
|
import com.fr.store.StateHubService; |
|
import com.fr.third.jodd.util.StringUtil; |
|
import com.fr.third.org.apache.commons.lang3.StringUtils; |
|
import com.fr.third.springframework.web.bind.annotation.RequestMethod; |
|
import com.fr.web.utils.WebUtils; |
|
import org.dom4j.Document; |
|
import org.dom4j.DocumentException; |
|
import org.dom4j.DocumentHelper; |
|
import org.dom4j.Element; |
|
|
|
import javax.servlet.http.HttpServletRequest; |
|
import javax.servlet.http.HttpServletResponse; |
|
import java.io.IOException; |
|
import java.nio.charset.StandardCharsets; |
|
import java.util.Base64; |
|
import java.util.HashMap; |
|
import java.util.Map; |
|
|
|
public class TCAuthCallbackApi extends BaseHttpHandler { |
|
@Override |
|
public RequestMethod getMethod() { |
|
return null; |
|
} |
|
|
|
@Override |
|
public String getPath() { |
|
return "/authCallBack"; |
|
} |
|
|
|
@Override |
|
public boolean isPublic() { |
|
return true; |
|
} |
|
|
|
@Override |
|
public void handle(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws Exception { |
|
String code = WebUtils.getHTTPRequestParameter(httpServletRequest, "code"); |
|
if (StringUtils.isBlank(code)) { |
|
WebUtils.printAsString(httpServletResponse, "code授权码不存在"); |
|
return; |
|
} |
|
//第一步获取token |
|
|
|
String accessToken = getAccessToken(code); |
|
if (StringUtils.isBlank(accessToken)) { |
|
WebUtils.printAsString(httpServletResponse, "授权码无效,请重新授权"); |
|
return; |
|
} |
|
String uid = getUserInfo(accessToken); |
|
User user = UserService.getInstance().getUserByUserName(uid); |
|
if (user == null) { |
|
WebUtils.printAsString(httpServletResponse, "登录失败:" + uid + " 在帆软用户体系不存在,请联系管理员添加"); |
|
return; |
|
} |
|
login(httpServletRequest, httpServletResponse, uid); |
|
StateHubService stateHubService = DecisionStatusService.originUrlStatusService(); |
|
Object callback = stateHubService.get("loginCallBack"); |
|
if (callback != null) { |
|
sendRedirect(httpServletResponse, callback.toString()); |
|
return; |
|
} |
|
sendRedirect(httpServletResponse, HttpUtils.getDefaultUrl(httpServletRequest)); |
|
} |
|
|
|
private String getAccessToken(String code) throws IOException { |
|
Oauth2Config config = Oauth2Config.getInstance(); |
|
String valAddr = config.getValAddr(); |
|
String appId = config.getAppId(); |
|
String clientSecret = config.getClientSecret(); |
|
String frUrl = Oauth2Config.getInstance().getFrUrl(); |
|
String redirectUrl = String.format("%s/url/iam/authCallBack", frUrl); |
|
Map<String, String> params = new HashMap<>(); |
|
String tokenUrl = String.format("%s/oauth2/rest/token", valAddr); |
|
params.put("redirect_uri", redirectUrl); |
|
params.put("grant_type", "AUTHORIZATION_CODE"); |
|
params.put("code", code); |
|
Map<String, String> header = new HashMap<>(); |
|
header.put("X-OAUTH-IDENTITY-DOMAIN-NAME", "IdmDomain"); |
|
header.put("Authorization", "Basic " + Base64.getEncoder().encodeToString(String.format("%s:%s", appId, clientSecret).getBytes(StandardCharsets.UTF_8))); |
|
String json = HttpKit.post(tokenUrl, params, "utf-8", "utf-8", header); |
|
FineLoggerFactory.getLogger().info("获取AccessToken 请求返回:{}", json); |
|
JSONObject obj = new JSONObject(json); |
|
return obj.getString("access_token"); |
|
} |
|
|
|
public static String getUserInfo(String accessToken) throws DocumentException, IOException { |
|
Map<String, String> header = new HashMap<>(); |
|
Oauth2Config config = Oauth2Config.getInstance(); |
|
String valAddr = config.getValAddr(); |
|
String url = String.format("%s/oauth2/rest/userinfo?access_token=%s", valAddr, accessToken); |
|
header.put("Authorization", "Bearer " + accessToken); |
|
String json = HttpKit.get(url, new HashMap<>(), header); |
|
FineLoggerFactory.getLogger().info("获取userinfo 请求返回:{}", json); |
|
JSONObject obj = new JSONObject(json); |
|
return obj.getString("sub"); |
|
} |
|
|
|
|
|
private String login(HttpServletRequest req, HttpServletResponse res, String username) throws Exception { |
|
String token = LoginService.getInstance().login(req, res, username); |
|
req.setAttribute("fine_auth_token", token); |
|
FineLoggerFactory.getLogger().info("fr FrFilter is over with username is ###" + username); |
|
return token; |
|
} |
|
|
|
private void sendRedirect(HttpServletResponse res, String url) throws IOException { |
|
Map<String, String> params = new HashMap<>(); |
|
params.put("callBack", url); |
|
WebUtils.writeOutTemplate("com/fr/plugin/redirect.html", res, params); |
|
} |
|
|
|
}
|
|
|