onlyxx
/
lean_789
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
第7-8-9章课程源码参考
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
0 Tags
1.7 MiB
Tree: 65480b16a0
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '65480b16a0'
${ noResults }
lean_789/src/main/java/com/fr/plugin/filter/IpGlobalRequestFilter.java

99 lines
3.6 KiB
Raw Normal View History Unescape

first commit
4 years ago
package com.fr.plugin.filter;
import com.fr.decision.authority.data.User;
import com.fr.decision.fun.impl.AbstractGlobalRequestFilterProvider;
import com.fr.decision.webservice.utils.DecisionServiceConstants;
import com.fr.decision.webservice.v10.login.LoginService;
import com.fr.decision.webservice.v10.user.UserService;
import com.fr.plugin.IPTokenPluginDecisionDBAccessProvider;
import com.fr.plugin.dao.UserIpRelationDao;
import com.fr.plugin.dao.UserTokenRelationDao;
import com.fr.plugin.entity.UserIpEntity;
import com.fr.plugin.entity.UserTokenEntity;
import com.fr.stable.StringUtils;
import com.fr.stable.db.accessor.DBAccessor;
import com.fr.stable.query.QueryFactory;
import com.fr.stable.query.restriction.RestrictionFactory;
import com.fr.web.utils.WebUtils;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.List;
public class IpGlobalRequestFilter extends AbstractGlobalRequestFilterProvider {
@Override
public String filterName() {
return "iptoken";
}
@Override
public String[] urlPatterns() {
return new String[]{
"/decision/*"
};
}
/**
* @param req
* @param res
* @param filterChain
*/
@Override
public void doFilter(HttpServletRequest req, HttpServletResponse res, FilterChain filterChain) {
try {
//未登录才获取token,这里登录成功或失败都交给下一步去处理
if (isLogin(req)) {
//使用loginService 获取当前登录的用户名
String currentUserName = LoginService.getInstance().getCurrentUserNameFromRequestCookie(req);
String currentUserId = UserService.getInstance().getCurrentUserId(currentUserName);
if(!UserService.getInstance().isAdmin(currentUserId)){
String ip = getIp(req);
if (!checkUserCanLoginOnIp(currentUserName,ip) ) {
WebUtils.printAsString(res,"对不起,您不能在:"+ip+" 登录");
return;
}
}
}
filterChain.doFilter(req, res);
} catch (IOException | ServletException ignored) {
} catch (Exception e) {
e.printStackTrace();
}
}
private String getIp(HttpServletRequest req) {
//这里忽略有前置代理服务器的情况,默认就是直接访问的
return req.getRemoteAddr();
}
/**
* 检查用户是否有权力在这个ip上登录
*
* @param userName
* @param ip
* @return
* @throws Exception
*/
private boolean checkUserCanLoginOnIp(String userName, String ip) throws Exception {
//获取访问器
DBAccessor dbAccessor = IPTokenPluginDecisionDBAccessProvider.getDbAccessor();
//通过dao查询数据库返回的时一个list
List<UserIpEntity> entities = dbAccessor.runQueryAction(daoContext ->
daoContext.getDAO(UserIpRelationDao.class)
.find(
QueryFactory.create()
.addRestriction(RestrictionFactory.eq("ip", ip))
.addRestriction(RestrictionFactory.eq("userName", userName))
));
//如果查询到有对应权限就直接返回允许登录
return !entities.isEmpty();
}
private boolean isLogin(HttpServletRequest request) {
return LoginService.getInstance().isLogged(request);
}
}