pioneer
2 years ago
commit
863cd92bb9
16 changed files with 1882 additions and 0 deletions
@ -0,0 +1,6 @@
|
||||
# open-JSD-10008 |
||||
|
||||
JSD-10008 单点集成+内外网访问控制\ |
||||
免责说明:该源码为第三方爱好者提供,不保证源码和方案的可靠性,也不提供任何形式的源码教学指导和协助!\ |
||||
仅作为开发者学习参考使用!禁止用于任何商业用途!\ |
||||
为保护开发者隐私,开发者信息已隐去!若原开发者希望公开自己的信息,可联系【pioneer】处理。 |
||||
@ -0,0 +1,24 @@
|
||||
<?xml version="1.0" encoding="UTF-8" standalone="no"?><plugin> |
||||
<id>com.eco.plugin.xx.kdxfsso</id> |
||||
<name><![CDATA[单点登录及内外网权限控制]]></name> |
||||
<active>yes</active> |
||||
<version>1.0.3</version> |
||||
<env-version>10.0</env-version> |
||||
<jartime>2018-07-31</jartime> |
||||
<vendor>fr.open</vendor> |
||||
<description><![CDATA[单点登录及内外网权限控制]]></description> |
||||
<change-notes><![CDATA[ |
||||
]]></change-notes> |
||||
<main-package>com.eco.plugin.xx.kdxfsso</main-package> |
||||
<lifecycle-monitor class="com.eco.plugin.xx.kdxfsso.config.InitializeMonitor"/> |
||||
|
||||
<extra-decision> |
||||
<GlobalRequestFilterProvider class="com.eco.plugin.xx.kdxfsso.filter.SSOFilter"/> |
||||
</extra-decision> |
||||
|
||||
<extra-core> |
||||
<DBAccessProvider class="com.eco.plugin.xx.kdxfsso.db.controller.DBController"/> |
||||
</extra-core> |
||||
|
||||
<function-recorder class="com.eco.plugin.xx.kdxfsso.config.PluginSimpleConfig"/> |
||||
</plugin> |
||||
@ -0,0 +1,21 @@
|
||||
package com.eco.plugin.xx.kdxfsso.config; |
||||
|
||||
import com.fr.plugin.context.PluginContext; |
||||
import com.fr.plugin.observer.inner.AbstractPluginLifecycleMonitor; |
||||
|
||||
/** |
||||
* @author xx |
||||
* @version 10.0 |
||||
* Created by xx on 2021-12-03 |
||||
*/ |
||||
public class InitializeMonitor extends AbstractPluginLifecycleMonitor { |
||||
@Override |
||||
public void afterRun(PluginContext pluginContext) { |
||||
PluginSimpleConfig.getInstance(); |
||||
} |
||||
|
||||
@Override |
||||
public void beforeStop(PluginContext pluginContext) { |
||||
|
||||
} |
||||
} |
||||
@ -0,0 +1,68 @@
|
||||
package com.eco.plugin.xx.kdxfsso.config; |
||||
|
||||
import com.fr.config.*; |
||||
import com.fr.config.holder.Conf; |
||||
import com.fr.config.holder.factory.Holders; |
||||
import com.fr.intelli.record.Focus; |
||||
import com.fr.intelli.record.Original; |
||||
import com.fr.record.analyzer.EnableMetrics; |
||||
|
||||
@Visualization(category = "单点登录配置") |
||||
@EnableMetrics |
||||
public class PluginSimpleConfig extends DefaultConfiguration { |
||||
|
||||
private static volatile PluginSimpleConfig config = null; |
||||
|
||||
@Focus(id="com.eco.plugin.xx.kdxfsso.config", text = "单点登录配置", source = Original.PLUGIN) |
||||
public static PluginSimpleConfig getInstance() { |
||||
if (config == null) { |
||||
config = ConfigContext.getConfigInstance(PluginSimpleConfig.class); |
||||
} |
||||
return config; |
||||
} |
||||
|
||||
@Identifier(value = "privatekey", name = "解密秘钥", description = "解密秘钥", status = Status.SHOW) |
||||
private Conf<String> privatekey = Holders.simple(""); |
||||
|
||||
@Identifier(value = "timeout", name = "token超时时间(s)", description = "token超时时间(s)", status = Status.SHOW) |
||||
private Conf<String> timeout = Holders.simple(""); |
||||
|
||||
@Identifier(value = "paramname", name = "token参数名", description = "token参数名", status = Status.SHOW) |
||||
private Conf<String> paramname = Holders.simple(""); |
||||
|
||||
public String getPrivatekey() { |
||||
return privatekey.get(); |
||||
} |
||||
|
||||
public void setPrivatekey(String url) { |
||||
this.privatekey.set(url); |
||||
} |
||||
|
||||
public String getTimeout() { |
||||
return timeout.get(); |
||||
} |
||||
|
||||
public void setTimeout(String url) { |
||||
this.timeout.set(url); |
||||
} |
||||
|
||||
public String getParamname() { |
||||
return paramname.get(); |
||||
} |
||||
|
||||
public void setParamname(String url) { |
||||
this.paramname.set(url); |
||||
} |
||||
|
||||
@Override |
||||
public Object clone() throws CloneNotSupportedException { |
||||
PluginSimpleConfig cloned = (PluginSimpleConfig) super.clone(); |
||||
// cloned.text = (Conf<String>) text.clone();
|
||||
// cloned.count = (Conf<Integer>) count.clone();
|
||||
// cloned.price = (Conf<Double>) price.clone();
|
||||
// cloned.time = (Conf<Long>) time.clone();
|
||||
// cloned.student = (Conf<Boolean>) student.clone();
|
||||
return cloned; |
||||
} |
||||
|
||||
} |
||||
@ -0,0 +1,30 @@
|
||||
package com.eco.plugin.xx.kdxfsso.db.bean; |
||||
|
||||
import com.fr.stable.db.entity.BaseEntity; |
||||
import com.fr.stable.db.entity.TableAssociation; |
||||
import com.fr.third.javax.persistence.Column; |
||||
import com.fr.third.javax.persistence.Entity; |
||||
import com.fr.third.javax.persistence.Table; |
||||
|
||||
/** |
||||
* @author xx |
||||
* @version 10.0 |
||||
* Created by xx on 2021-07-29 |
||||
**/ |
||||
@Entity |
||||
@Table(name = "plugin_xx_entity_tokenrecord") |
||||
@TableAssociation(associated = true) |
||||
public class DBEntity extends BaseEntity { |
||||
|
||||
//token
|
||||
@Column(name = "token") |
||||
private String token = null; |
||||
|
||||
public String getToken() { |
||||
return token; |
||||
} |
||||
|
||||
public void setToken(String token) { |
||||
this.token = token; |
||||
} |
||||
} |
||||
@ -0,0 +1,177 @@
|
||||
package com.eco.plugin.xx.kdxfsso.db.controller; |
||||
|
||||
import com.eco.plugin.xx.kdxfsso.db.bean.DBEntity; |
||||
import com.eco.plugin.xx.kdxfsso.db.dao.DBDao; |
||||
import com.eco.plugin.xx.kdxfsso.utils.FRUtils; |
||||
import com.fr.db.fun.impl.AbstractDBAccessProvider; |
||||
import com.fr.plugin.transform.FunctionRecorder; |
||||
import com.fr.record.analyzer.EnableMetrics; |
||||
import com.fr.stable.db.accessor.DBAccessor; |
||||
import com.fr.stable.db.action.DBAction; |
||||
import com.fr.stable.db.dao.DAOContext; |
||||
import com.fr.stable.db.dao.DAOProvider; |
||||
|
||||
import java.util.List; |
||||
|
||||
/** |
||||
* @author xx |
||||
* @version 10.0 |
||||
* Created by xx on 2021-07-29 |
||||
**/ |
||||
@EnableMetrics |
||||
@FunctionRecorder |
||||
public class DBController extends AbstractDBAccessProvider { |
||||
|
||||
private static DBAccessor accessor; |
||||
|
||||
public static DBAccessor getAccessor() { |
||||
return accessor; |
||||
} |
||||
|
||||
@Override |
||||
public DAOProvider[] registerDAO() { |
||||
return new DAOProvider[]{ |
||||
DBDao.DAO |
||||
}; |
||||
} |
||||
|
||||
@Override |
||||
public void onDBAvailable(DBAccessor accessor) { |
||||
DBController.accessor = accessor; |
||||
} |
||||
|
||||
|
||||
/** |
||||
* 批量操作 |
||||
* @param addOrUpdate |
||||
* @param delete |
||||
* @return |
||||
*/ |
||||
public static boolean batch(List<DBEntity> addOrUpdate, List<DBEntity> delete){ |
||||
//新增或者删除
|
||||
if(addOrUpdate != null && addOrUpdate.size() > 0){ |
||||
for(final DBEntity dbe : addOrUpdate){ |
||||
|
||||
try{ |
||||
accessor.runDMLAction(new DBAction<Boolean>() { |
||||
@Override |
||||
public Boolean run(DAOContext context) throws Exception { |
||||
DBEntity ae =context.getDAO(DBDao.class).getById(dbe.getId()); |
||||
if(ae != null ){ |
||||
context.getDAO(DBDao.class).update(dbe); |
||||
}else{ |
||||
context.getDAO(DBDao.class).add(dbe); |
||||
} |
||||
return true; |
||||
} |
||||
}); |
||||
}catch(Throwable e){ |
||||
FRUtils.FRLogError("batch addOrUpdate exception ->"+e.getMessage() + dbe.toString()); |
||||
} |
||||
} |
||||
} |
||||
|
||||
if(delete != null && delete.size() > 0){ |
||||
for(final DBEntity dbe : delete){ |
||||
|
||||
try{ |
||||
accessor.runDMLAction(new DBAction<Boolean>() { |
||||
@Override |
||||
public Boolean run(DAOContext context) throws Exception { |
||||
context.getDAO(DBDao.class).remove(dbe.getId()); |
||||
return true; |
||||
} |
||||
}); |
||||
}catch(Throwable e){ |
||||
FRUtils.FRLogError("batch delete exception ->"+e.getMessage() + dbe.toString()); |
||||
} |
||||
} |
||||
} |
||||
|
||||
return true; |
||||
} |
||||
|
||||
|
||||
/** |
||||
* 单个操作 |
||||
* @param addOrUpdate |
||||
* @param delete |
||||
* @return |
||||
*/ |
||||
public static boolean single(DBEntity addOrUpdate,DBEntity delete){ |
||||
//新增或者删除
|
||||
if(addOrUpdate != null ){ |
||||
try{ |
||||
accessor.runDMLAction(new DBAction<Boolean>() { |
||||
@Override |
||||
public Boolean run(DAOContext context) throws Exception { |
||||
context.getDAO(DBDao.class).add(addOrUpdate); |
||||
return true; |
||||
} |
||||
}); |
||||
}catch(Throwable e){ |
||||
FRUtils.FRLogError("single addOrUpdate exception ->"+e.getMessage() + addOrUpdate.toString()); |
||||
} |
||||
} |
||||
|
||||
if(delete != null ){ |
||||
try{ |
||||
accessor.runDMLAction(new DBAction<Boolean>() { |
||||
@Override |
||||
public Boolean run(DAOContext context) throws Exception { |
||||
context.getDAO(DBDao.class).remove(delete.getId()); |
||||
return true; |
||||
} |
||||
}); |
||||
}catch(Throwable e){ |
||||
FRUtils.FRLogError("single delete exception ->"+e.getMessage() + delete.toString()); |
||||
} |
||||
} |
||||
|
||||
return true; |
||||
} |
||||
|
||||
/** |
||||
* 根据username获取信息 |
||||
* @param username |
||||
* @return |
||||
*/ |
||||
public static DBEntity getByUsername(final String username){ |
||||
try{ |
||||
return accessor.runQueryAction(new DBAction<DBEntity>() { |
||||
@Override |
||||
public DBEntity run(DAOContext context) throws Exception { |
||||
DBEntity result = context.getDAO(DBDao.class).getByUsername(username); |
||||
|
||||
return result == null ? new DBEntity() : result; |
||||
} |
||||
}); |
||||
}catch(Throwable e){ |
||||
FRUtils.FRLogError("exception getByUsername:"+e.getMessage()); |
||||
} |
||||
|
||||
return new DBEntity(); |
||||
} |
||||
|
||||
/** |
||||
* 根据id获取信息 |
||||
* @param id |
||||
* @return |
||||
*/ |
||||
public static DBEntity getById(final String id){ |
||||
try{ |
||||
return accessor.runQueryAction(new DBAction<DBEntity>() { |
||||
@Override |
||||
public DBEntity run(DAOContext context) throws Exception { |
||||
DBEntity result = context.getDAO(DBDao.class).getById(id); |
||||
|
||||
return result == null ? new DBEntity() : result; |
||||
} |
||||
}); |
||||
}catch(Throwable e){ |
||||
FRUtils.FRLogError("exception getById:"+e.getMessage()); |
||||
} |
||||
|
||||
return new DBEntity(); |
||||
} |
||||
} |
||||
@ -0,0 +1,68 @@
|
||||
package com.eco.plugin.xx.kdxfsso.db.dao; |
||||
|
||||
import com.eco.plugin.xx.kdxfsso.db.bean.DBEntity; |
||||
import com.fr.stable.db.dao.BaseDAO; |
||||
import com.fr.stable.db.dao.DAOProvider; |
||||
import com.fr.stable.db.session.DAOSession; |
||||
import com.fr.stable.query.QueryFactory; |
||||
import com.fr.stable.query.condition.QueryCondition; |
||||
import com.fr.stable.query.restriction.RestrictionFactory; |
||||
import java.util.List; |
||||
|
||||
/** |
||||
* @author xx |
||||
* @version 10.0 |
||||
* Created by xx on 2021-12-03 |
||||
**/ |
||||
public class DBDao extends BaseDAO<DBEntity> { |
||||
|
||||
public DBDao(DAOSession session) { |
||||
super(session); |
||||
} |
||||
|
||||
@Override |
||||
protected Class<DBEntity> getEntityClass() { |
||||
return DBEntity.class; |
||||
} |
||||
|
||||
public final static DAOProvider DAO = new DAOProvider() { |
||||
@Override |
||||
public Class getEntityClass() { |
||||
return DBEntity.class; |
||||
} |
||||
|
||||
@Override |
||||
public Class<? extends BaseDAO> getDAOClass() { |
||||
return DBDao.class; |
||||
} |
||||
}; |
||||
|
||||
public void add(DBEntity entity) throws Exception { |
||||
getSession().persist(entity); |
||||
} |
||||
|
||||
public void remove(String id) throws Exception { |
||||
getSession().remove(QueryFactory.create() |
||||
.addRestriction(RestrictionFactory.eq("id", id)), |
||||
this.getEntityClass()); |
||||
} |
||||
|
||||
public void update(DBEntity entity) throws Exception { |
||||
getSession().merge(entity); |
||||
} |
||||
|
||||
|
||||
public DBEntity getByUsername(String username) throws Exception { |
||||
QueryCondition condition = QueryFactory.create() |
||||
.addRestriction(RestrictionFactory.eq("token", username)); |
||||
|
||||
return findOne(condition); |
||||
} |
||||
|
||||
|
||||
public List<DBEntity> like(String pid, String type)throws Exception{ |
||||
QueryCondition condition = QueryFactory.create() |
||||
.addRestriction(RestrictionFactory.like("", pid)).addRestriction(RestrictionFactory.like(DBEntity.COLUMN_ID,type)); |
||||
return find(condition); |
||||
} |
||||
} |
||||
@ -0,0 +1,97 @@
|
||||
package com.eco.plugin.xx.kdxfsso.filter; |
||||
|
||||
import com.eco.plugin.xx.kdxfsso.config.PluginSimpleConfig; |
||||
import com.eco.plugin.xx.kdxfsso.utils.*; |
||||
import com.fr.decision.fun.impl.AbstractGlobalRequestFilterProvider; |
||||
import com.fr.json.JSONObject; |
||||
import com.fr.plugin.context.PluginContexts; |
||||
import com.fr.record.analyzer.EnableMetrics; |
||||
import com.fr.stable.fun.Authorize; |
||||
|
||||
import javax.servlet.FilterChain; |
||||
import javax.servlet.http.HttpServletRequest; |
||||
import javax.servlet.http.HttpServletResponse; |
||||
|
||||
@EnableMetrics |
||||
@Authorize(callSignKey = "com.eco.plugin.xx.kdxfsso") |
||||
public class SSOFilter extends AbstractGlobalRequestFilterProvider { |
||||
@Override |
||||
public String filterName() { |
||||
return "kdxfssoFilter"; |
||||
} |
||||
|
||||
@Override |
||||
public String[] urlPatterns() { |
||||
return new String[]{"/*"}; |
||||
} |
||||
|
||||
@Override |
||||
public void doFilter(HttpServletRequest req, HttpServletResponse res, FilterChain chain ){ |
||||
|
||||
if(PluginContexts.currentContext().isAvailable()){ |
||||
PluginSimpleConfig psc = PluginSimpleConfig.getInstance(); |
||||
|
||||
//没有token参数,放行
|
||||
String token = req.getParameter(psc.getParamname()); |
||||
if(Utils.isNullStr(token)){ |
||||
release(req,res,chain); |
||||
return ; |
||||
} |
||||
|
||||
|
||||
|
||||
//检查是否为模板,如不是返回错误信息
|
||||
String url = FRUtils.getAllUrl(req); |
||||
boolean isTemp = (url.contains("view/report") && url.contains(".cpt")) || (url.contains("view/form") && url.contains(".frm")); |
||||
if(!isTemp){ |
||||
ResponseUtils.failedResponse(res,"不允许单点到决策系统!"); |
||||
return; |
||||
} |
||||
|
||||
|
||||
//监测token是否超时
|
||||
String decryptToken = null; |
||||
try { |
||||
decryptToken = EncryptUtils.rsaDecrypt(token,psc.getPrivatekey()); |
||||
} catch (Exception e) { |
||||
ResponseUtils.failedResponse(res,"token解密失败:"+e.getMessage()); |
||||
return; |
||||
} |
||||
|
||||
if(Utils.isNullStr(decryptToken)){ |
||||
ResponseUtils.failedResponse(res,"token解密失败!"); |
||||
return; |
||||
} |
||||
|
||||
JSONObject tokenJson = new JSONObject(decryptToken); |
||||
String username = tokenJson.getString("username"); |
||||
Long timestamp = tokenJson.getLong("timestamp"); |
||||
Long now = System.currentTimeMillis(); |
||||
|
||||
FRUtils.FRLogInfo("timestamp:"+timestamp+";now:"+now); |
||||
if((now - timestamp)/1000 > Long.parseLong(psc.getTimeout())){ |
||||
ResponseUtils.failedResponse(res,"token已超时,请重新生成!"); |
||||
return; |
||||
} |
||||
|
||||
String redirect = Utils.getRedirectUrl(req,psc.getParamname()).replace("http","https"); |
||||
|
||||
//登录
|
||||
FRUtils.login(req,res,username,redirect); |
||||
} |
||||
|
||||
release(req,res,chain); |
||||
} |
||||
|
||||
|
||||
|
||||
//放行拦截器
|
||||
private void release(HttpServletRequest req, HttpServletResponse res, FilterChain chain) { |
||||
try{ |
||||
chain.doFilter(req,res); |
||||
}catch (Exception e){ |
||||
FRUtils.FRLogInfo("拦截失败"); |
||||
} |
||||
} |
||||
} |
||||
|
||||
@ -0,0 +1,330 @@
|
||||
package com.eco.plugin.xx.kdxfsso.utils; |
||||
|
||||
import com.fr.log.FineLoggerFactory; |
||||
import sun.misc.BASE64Decoder; |
||||
import sun.misc.BASE64Encoder; |
||||
import javax.crypto.Cipher; |
||||
import javax.crypto.KeyGenerator; |
||||
import javax.crypto.SecretKey; |
||||
import javax.crypto.SecretKeyFactory; |
||||
import javax.crypto.spec.DESKeySpec; |
||||
import java.io.IOException; |
||||
import java.net.URLEncoder; |
||||
import java.security.*; |
||||
import java.security.interfaces.RSAPrivateKey; |
||||
import java.security.interfaces.RSAPublicKey; |
||||
import java.security.spec.PKCS8EncodedKeySpec; |
||||
import java.security.spec.X509EncodedKeySpec; |
||||
import java.util.HashMap; |
||||
import java.util.Map; |
||||
|
||||
public class EncryptUtils { |
||||
|
||||
/** |
||||
* sha 加密 |
||||
* @param str |
||||
* @return |
||||
*/ |
||||
public static String sha(String str){ |
||||
String sha256Str = ""; |
||||
|
||||
try { |
||||
MessageDigest sha256Deget = MessageDigest.getInstance("SHA-256"); |
||||
byte[] sha256Encode = sha256Deget.digest(str.getBytes()); |
||||
sha256Str = ByteToHexStr(sha256Encode); |
||||
}catch (Exception e){ |
||||
FineLoggerFactory.getLogger().info("FRLOG:SHA256加密异常:"+e.getMessage()); |
||||
} |
||||
|
||||
return sha256Str; |
||||
} |
||||
|
||||
/** |
||||
* byte数组转16进制字符串 |
||||
* @param bytes |
||||
* @return |
||||
*/ |
||||
private static String ByteToHexStr(byte[] bytes) |
||||
{ |
||||
String hexStr = ""; |
||||
|
||||
for(int i =0;i<bytes.length;i++) |
||||
{ |
||||
int temp = bytes[i] & 0xff; |
||||
String tempHex = Integer.toHexString(temp); |
||||
if(tempHex.length() < 2) |
||||
{ |
||||
hexStr += "0"+tempHex; |
||||
} |
||||
else { |
||||
hexStr += tempHex; |
||||
} |
||||
} |
||||
|
||||
return hexStr; |
||||
} |
||||
|
||||
/** |
||||
* aes 加密 |
||||
* @param str |
||||
* @param privateKey |
||||
* @return |
||||
*/ |
||||
public static String aesEncrypt(String str,String privateKey){ |
||||
try { |
||||
// 生成密钥对象
|
||||
SecretKey secKey = generateAesKey(privateKey.getBytes()); |
||||
|
||||
// 获取 AES 密码器
|
||||
Cipher cipher = Cipher.getInstance("AES"); |
||||
// 初始化密码器(加密模型)
|
||||
cipher.init(Cipher.ENCRYPT_MODE, secKey); |
||||
|
||||
// 加密数据, 返回密文
|
||||
byte[] cipherBytes = cipher.doFinal(str.getBytes()); |
||||
return new BASE64Encoder().encodeBuffer(cipherBytes); |
||||
} catch (Throwable e) { |
||||
FRUtils.FRLogInfo("aes 加密异常 " + e.getMessage()); |
||||
} |
||||
|
||||
return null; |
||||
} |
||||
|
||||
/** |
||||
* 生成密钥对象 |
||||
*/ |
||||
private static SecretKey generateAesKey(byte[] key) throws Exception { |
||||
// 创建安全随机数生成器
|
||||
SecureRandom random = SecureRandom.getInstance("SHA1PRNG"); |
||||
// 设置 密钥key的字节数组 作为安全随机数生成器的种子
|
||||
random.setSeed(key); |
||||
|
||||
// 创建 AES算法生成器
|
||||
KeyGenerator gen = KeyGenerator.getInstance("AES"); |
||||
// 初始化算法生成器
|
||||
gen.init(128, random); |
||||
|
||||
// 生成 AES密钥对象, 也可以直接创建密钥对象: return new SecretKeySpec(key, ALGORITHM);
|
||||
return gen.generateKey(); |
||||
} |
||||
|
||||
/** |
||||
* aes 解密 |
||||
* @param str |
||||
* @param privateKey |
||||
* @return |
||||
*/ |
||||
public static String aesDecrypt(String str,String privateKey){ |
||||
try { |
||||
// 生成密钥对象
|
||||
SecretKey secKey = generateAesKey(privateKey.getBytes()); |
||||
|
||||
// 获取 AES 密码器
|
||||
Cipher cipher = Cipher.getInstance("AES"); |
||||
// 初始化密码器(加密模型)
|
||||
cipher.init(Cipher.DECRYPT_MODE, secKey); |
||||
|
||||
// 加密数据, 返回密文
|
||||
byte[] cipherBytes = cipher.doFinal(new BASE64Decoder().decodeBuffer(str)); |
||||
return new String(cipherBytes); |
||||
} catch (Throwable e) { |
||||
FRUtils.FRLogInfo("aes 解密异常 " + e.getMessage()); |
||||
} |
||||
|
||||
return null; |
||||
} |
||||
|
||||
/** |
||||
* base64加密 |
||||
* @param key |
||||
* @return |
||||
*/ |
||||
public static String base64Encode(String key){ |
||||
return (new BASE64Encoder()).encodeBuffer(key.getBytes()); |
||||
} |
||||
|
||||
/** |
||||
* base64加密 |
||||
* @param key |
||||
* @return |
||||
*/ |
||||
public static String base64Encode(byte[] key){ |
||||
return (new BASE64Encoder()).encodeBuffer(key); |
||||
} |
||||
|
||||
/** |
||||
* base64解密 |
||||
* @param key |
||||
* @return |
||||
*/ |
||||
public static String base64Decode(String key){ |
||||
String result = ""; |
||||
try { |
||||
result = new String((new BASE64Decoder()).decodeBuffer(key)); |
||||
} catch (IOException e) { |
||||
FineLoggerFactory.getLogger().info("FRLOG:BASE64解密异常:"+e.getMessage()); |
||||
} |
||||
|
||||
return result; |
||||
} |
||||
|
||||
/** |
||||
* base64解密 |
||||
* @param key |
||||
* @return |
||||
*/ |
||||
public static byte[] base64DecodeB(String key){ |
||||
byte[] result = null; |
||||
try { |
||||
result = (new BASE64Decoder()).decodeBuffer(key); |
||||
} catch (IOException e) { |
||||
FineLoggerFactory.getLogger().info("FRLOG:BASE64解密异常:"+e.getMessage()); |
||||
} |
||||
|
||||
return result; |
||||
} |
||||
|
||||
/** |
||||
* 是否被base64加密过 |
||||
* @param str |
||||
* @return |
||||
*/ |
||||
public static boolean isBase64(String str) { |
||||
if (str == null || str.trim().length() == 0) { |
||||
return false; |
||||
} |
||||
else { |
||||
if (str.length() % 4 != 0) { |
||||
return false; |
||||
} |
||||
|
||||
char[] strChars = str.toCharArray(); |
||||
|
||||
for (char c:strChars) { |
||||
if ((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z') || (c >= '0' && c <= '9') |
||||
|| c == '+' || c == '/' || c == '=') { |
||||
continue; |
||||
} |
||||
else { |
||||
return false; |
||||
} |
||||
} |
||||
|
||||
return true; |
||||
} |
||||
} |
||||
|
||||
/** |
||||
* des加密 |
||||
* @param datasource |
||||
* @param password |
||||
* @return |
||||
*/ |
||||
public static String desEncrypt(String datasource, String password) { |
||||
try { |
||||
SecureRandom random = new SecureRandom(); |
||||
DESKeySpec desKey = new DESKeySpec(password.getBytes()); |
||||
// 创建一个密匙工厂,然后用它把DESKeySpec转换成
|
||||
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES"); |
||||
SecretKey securekey = keyFactory.generateSecret(desKey); |
||||
// Cipher对象实际完成加密操作
|
||||
Cipher cipher = Cipher.getInstance("DES"); |
||||
// 用密匙初始化Cipher对象
|
||||
cipher.init(Cipher.ENCRYPT_MODE, securekey, random); |
||||
// 现在,获取数据并加密
|
||||
// 正式执行加密操作
|
||||
return base64Encode(cipher.doFinal(datasource.getBytes())); |
||||
} catch (Throwable e) { |
||||
FRUtils.FRLogInfo("des 加密异常 " + e.getMessage()); |
||||
} |
||||
|
||||
return null; |
||||
} |
||||
|
||||
/** |
||||
* des 解密 |
||||
* @param src |
||||
* @param password |
||||
* @return |
||||
* @throws Exception |
||||
*/ |
||||
public static String desDecrypt(String src, String password) throws Exception { |
||||
// DES算法要求有一个可信任的随机数源
|
||||
SecureRandom random = new SecureRandom(); |
||||
// 创建一个DESKeySpec对象
|
||||
DESKeySpec desKey = new DESKeySpec(password.getBytes("UTF-8")); |
||||
// 创建一个密匙工厂
|
||||
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES"); |
||||
// 将DESKeySpec对象转换成SecretKey对象
|
||||
SecretKey securekey = keyFactory.generateSecret(desKey); |
||||
// Cipher对象实际完成解密操作
|
||||
Cipher cipher = Cipher.getInstance("DES"); |
||||
// 用密匙初始化Cipher对象
|
||||
cipher.init(Cipher.DECRYPT_MODE, securekey, random); |
||||
// 真正开始解密操作
|
||||
return new String(cipher.doFinal(base64DecodeB(src))); |
||||
} |
||||
|
||||
/** |
||||
* 随机生成RSA密钥对 |
||||
* @throws NoSuchAlgorithmException |
||||
* @return privateKey,publicKey |
||||
*/ |
||||
public static Map<String,String> genRSAKeyPair() throws NoSuchAlgorithmException { |
||||
// KeyPairGenerator类用于生成公钥和私钥对,基于RSA算法生成对象
|
||||
KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("RSA"); |
||||
// 初始化密钥对生成器,密钥大小为96-1024位
|
||||
keyPairGen.initialize(1024,new SecureRandom()); |
||||
// 生成一个密钥对,保存在keyPair中
|
||||
KeyPair keyPair = keyPairGen.generateKeyPair(); |
||||
RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate(); // 得到私钥
|
||||
RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic(); // 得到公钥
|
||||
String publicKeyString = base64Encode(publicKey.getEncoded()); |
||||
// 得到私钥字符串
|
||||
String privateKeyString = base64Encode(privateKey.getEncoded()); |
||||
// 将公钥和私钥保存到Map
|
||||
Map<String,String> result = new HashMap<String,String>(); |
||||
result.put("publicKey",publicKeyString.replaceAll("\n","").replace("\r","").trim()); |
||||
result.put("privateKey",privateKeyString.replaceAll("\n","").replace("\r","").trim()); |
||||
|
||||
return result; |
||||
} |
||||
|
||||
/** |
||||
* rsa 加密 |
||||
* @param str |
||||
* @param publicKey |
||||
* @return |
||||
* @throws Exception |
||||
*/ |
||||
public static String rsaEncrypt(String str,String publicKey) throws Exception { |
||||
//base64编码的公钥
|
||||
byte[] decoded = base64DecodeB(publicKey); |
||||
RSAPublicKey pubKey = (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(decoded)); |
||||
//RSA加密
|
||||
Cipher cipher = Cipher.getInstance("RSA"); |
||||
cipher.init(Cipher.ENCRYPT_MODE, pubKey); |
||||
String outStr = base64Encode(cipher.doFinal(str.getBytes("UTF-8"))); |
||||
return outStr; |
||||
} |
||||
|
||||
/** |
||||
* rsa解密 |
||||
* @param str |
||||
* @param privateKey |
||||
* @return |
||||
* @throws Exception |
||||
*/ |
||||
public static String rsaDecrypt(String str,String privateKey) throws Exception { |
||||
//64位解码加密后的字符串
|
||||
byte[] inputByte = base64DecodeB(str); |
||||
//base64编码的私钥
|
||||
byte[] decoded = base64DecodeB(privateKey); |
||||
RSAPrivateKey priKey = (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(decoded)); |
||||
//RSA解密
|
||||
Cipher cipher = Cipher.getInstance("RSA"); |
||||
cipher.init(Cipher.DECRYPT_MODE, priKey); |
||||
String outStr = new String(cipher.doFinal(inputByte)); |
||||
return outStr; |
||||
} |
||||
} |
||||
@ -0,0 +1,305 @@
|
||||
package com.eco.plugin.xx.kdxfsso.utils; |
||||
|
||||
import com.fr.base.ServerConfig; |
||||
import com.fr.base.TableData; |
||||
import com.fr.base.TemplateUtils; |
||||
import com.fr.decision.authority.AuthorityContext; |
||||
import com.fr.decision.authority.data.User; |
||||
import com.fr.decision.webservice.bean.authentication.OriginUrlResponseBean; |
||||
import com.fr.decision.webservice.interceptor.handler.ReportTemplateRequestChecker; |
||||
import com.fr.decision.webservice.login.LogInOutResultInfo; |
||||
import com.fr.decision.webservice.utils.DecisionServiceConstants; |
||||
import com.fr.decision.webservice.utils.DecisionStatusService; |
||||
import com.fr.decision.webservice.v10.login.LoginService; |
||||
import com.fr.decision.webservice.v10.login.event.LogInOutEvent; |
||||
import com.fr.decision.webservice.v10.user.UserService; |
||||
import com.fr.event.EventDispatcher; |
||||
import com.fr.file.TableDataConfig; |
||||
import com.fr.general.data.DataModel; |
||||
import com.fr.log.FineLoggerFactory; |
||||
import com.fr.script.Calculator; |
||||
import com.fr.stable.StringUtils; |
||||
import com.fr.stable.query.QueryFactory; |
||||
import com.fr.stable.query.restriction.RestrictionFactory; |
||||
import com.fr.third.springframework.web.method.HandlerMethod; |
||||
import com.fr.web.controller.ReportRequestService; |
||||
import com.fr.web.utils.WebUtils; |
||||
|
||||
import javax.servlet.http.Cookie; |
||||
import javax.servlet.http.HttpServletRequest; |
||||
import javax.servlet.http.HttpServletResponse; |
||||
import javax.servlet.http.HttpSession; |
||||
import java.io.IOException; |
||||
import java.util.List; |
||||
|
||||
public class FRUtils { |
||||
/** |
||||
* 判断用户是否存在 |
||||
* @param userName |
||||
* @return |
||||
*/ |
||||
public static boolean isUserExist(String userName){ |
||||
if (StringUtils.isEmpty(userName)) { |
||||
return false; |
||||
} else { |
||||
try { |
||||
List param1 = AuthorityContext.getInstance().getUserController().find(QueryFactory.create().addRestriction(RestrictionFactory.eq("userName", userName))); |
||||
return param1 != null && !param1.isEmpty(); |
||||
} catch (Exception param2) { |
||||
FineLoggerFactory.getLogger().error(param2.getMessage()); |
||||
return false; |
||||
} |
||||
} |
||||
} |
||||
|
||||
/** |
||||
* 判断是否登录FR |
||||
* @param req |
||||
* @return |
||||
*/ |
||||
public static boolean isLogin(HttpServletRequest req){ |
||||
return LoginService.getInstance().isLogged(req); |
||||
} |
||||
|
||||
/** |
||||
* 帆软登录 |
||||
* @param httpServletRequest |
||||
* @param httpServletResponse |
||||
* @param userName |
||||
* @param url |
||||
*/ |
||||
public static void login(HttpServletRequest httpServletRequest,HttpServletResponse httpServletResponse,String userName,String url){ |
||||
|
||||
FineLoggerFactory.getLogger().info("FRLOG:用户名:"+userName); |
||||
FineLoggerFactory.getLogger().info("FRLOG:跳转链接:"+url); |
||||
|
||||
|
||||
//判断用户名是否为空
|
||||
if(!Utils.isNullStr(userName)){ |
||||
if(isUserExist(userName)){ |
||||
String FRToken = ""; |
||||
|
||||
try { |
||||
//HttpSession session = httpServletRequest.getSession(true);
|
||||
|
||||
FRToken = LoginService.getInstance().login(httpServletRequest, httpServletResponse, userName); |
||||
|
||||
//httpServletRequest.setAttribute(DecisionServiceConstants.FINE_AUTH_TOKEN_NAME,FRToken);
|
||||
|
||||
//session.setAttribute(DecisionServiceConstants.FINE_AUTH_TOKEN_NAME, FRToken);
|
||||
EventDispatcher.fire(LogInOutEvent.LOGIN,new LogInOutResultInfo(httpServletRequest,httpServletResponse,userName,true)); |
||||
FineLoggerFactory.getLogger().info("FRLOG:登陆成功!"); |
||||
|
||||
if(!Utils.isNullStr(url)){ |
||||
httpServletResponse.sendRedirect(url); |
||||
} |
||||
} catch (Exception e) { |
||||
ResponseUtils.failedResponse(httpServletResponse,"登录异常,请联系管理员!"); |
||||
FineLoggerFactory.getLogger().info("FRLOG:登录异常,请联系管理员!"); |
||||
FineLoggerFactory.getLogger().info("FRLOGException:"+e.getMessage()); |
||||
} |
||||
}else{ |
||||
ResponseUtils.failedResponse(httpServletResponse,"用户在报表系统中不存在!"); |
||||
FineLoggerFactory.getLogger().info("FRLOG:用户在报表系统中不存在!"); |
||||
} |
||||
}else{ |
||||
ResponseUtils.failedResponse(httpServletResponse,"用户名不能为空!"); |
||||
FineLoggerFactory.getLogger().info("FRLOG:用户名不能为空!"); |
||||
} |
||||
} |
||||
|
||||
/** |
||||
* 帆软登录 |
||||
* @param httpServletRequest |
||||
* @param httpServletResponse |
||||
* @param token |
||||
* @param url |
||||
*/ |
||||
public static void loginByToken(HttpServletRequest httpServletRequest,HttpServletResponse httpServletResponse,String token,String url){ |
||||
|
||||
FineLoggerFactory.getLogger().info("FRLOG:token:"+token); |
||||
FineLoggerFactory.getLogger().info("FRLOG:跳转链接:"+url); |
||||
|
||||
|
||||
//判断用户名是否为空
|
||||
if(!Utils.isNullStr(token)){ |
||||
writeToken2Cookie(httpServletResponse,token,-1); |
||||
|
||||
HttpSession session = httpServletRequest.getSession(true); |
||||
|
||||
httpServletRequest.setAttribute(DecisionServiceConstants.FINE_AUTH_TOKEN_NAME,token); |
||||
|
||||
session.setAttribute(DecisionServiceConstants.FINE_AUTH_TOKEN_NAME, token); |
||||
|
||||
if(!Utils.isNullStr(url)){ |
||||
try { |
||||
httpServletResponse.sendRedirect(url); |
||||
} catch (IOException e) { |
||||
ResponseUtils.failedResponse(httpServletResponse,"跳转异常!"); |
||||
FineLoggerFactory.getLogger().info("FRLOG:跳转异常!"); |
||||
} |
||||
} |
||||
}else{ |
||||
ResponseUtils.failedResponse(httpServletResponse,"token不能为空!"); |
||||
FineLoggerFactory.getLogger().info("FRLOG:token不能为空!"); |
||||
} |
||||
} |
||||
|
||||
/** |
||||
* 获取token |
||||
* @param httpServletRequest |
||||
* @param httpServletResponse |
||||
* @param username |
||||
* @return |
||||
*/ |
||||
public static String getToken(HttpServletRequest httpServletRequest,HttpServletResponse httpServletResponse,String username){ |
||||
String token = ""; |
||||
try { |
||||
token = LoginService.getInstance().login(httpServletRequest, httpServletResponse, username); |
||||
} catch (Exception e) { |
||||
FineLoggerFactory.getLogger().info("FRLOG:获取token失败"+e.getMessage()); |
||||
} |
||||
|
||||
return token; |
||||
} |
||||
|
||||
private static void writeToken2Cookie(HttpServletResponse param1, String param2, int param3) { |
||||
try { |
||||
if (StringUtils.isNotEmpty(param2)) { |
||||
Cookie param4 = new Cookie("fine_auth_token", param2); |
||||
long param5 = param3 == -2 ? 1209600000L : (long)param3; |
||||
param4.setMaxAge((int)param5); |
||||
param4.setPath(ServerConfig.getInstance().getCookiePath()); |
||||
param1.addCookie(param4); |
||||
Cookie param7 = new Cookie("fine_remember_login", String.valueOf(param3 == -2 ? -2 : -1)); |
||||
param7.setMaxAge((int)param5); |
||||
param7.setPath(ServerConfig.getInstance().getCookiePath()); |
||||
param1.addCookie(param7); |
||||
} else { |
||||
FineLoggerFactory.getLogger().error("empty token cannot save."); |
||||
} |
||||
} catch (Exception param8) { |
||||
FineLoggerFactory.getLogger().error(param8.getMessage(), param8); |
||||
} |
||||
|
||||
} |
||||
|
||||
/** |
||||
* |
||||
* @param httpServletRequest |
||||
* @param httpServletResponse |
||||
*/ |
||||
public static void logout(HttpServletRequest httpServletRequest,HttpServletResponse httpServletResponse) |
||||
{ |
||||
if(!isLogin(httpServletRequest)){ |
||||
return ; |
||||
} |
||||
|
||||
try { |
||||
LoginService.getInstance().logout(httpServletRequest,httpServletResponse); |
||||
} catch (Exception e) { |
||||
ResponseUtils.failedResponse(httpServletResponse,"登出异常,请联系管理员!"); |
||||
FineLoggerFactory.getLogger().info("FRLOG:登出异常,请联系管理员!"); |
||||
FineLoggerFactory.getLogger().info("FRLOGException:"+e.getMessage()); |
||||
} |
||||
} |
||||
|
||||
/** |
||||
* 打印FR日志 |
||||
* @param message |
||||
*/ |
||||
public static void FRLogInfo(String message){ |
||||
FineLoggerFactory.getLogger().info("FRLOG:"+message); |
||||
} |
||||
|
||||
/** |
||||
* 打印FR日志-error |
||||
* @param message |
||||
*/ |
||||
public static void FRLogError(String message){ |
||||
FineLoggerFactory.getLogger().error("FRLOG:"+message); |
||||
} |
||||
|
||||
|
||||
/** |
||||
* 根据用户名获取用户信息 |
||||
* @param userName |
||||
* @return |
||||
*/ |
||||
public static User getFRUserByUserName(String userName){ |
||||
try { |
||||
return UserService.getInstance().getUserByUserName(userName); |
||||
} catch (Exception e) { |
||||
FRLogInfo("获取用户信息异常:"+e.getMessage()); |
||||
} |
||||
|
||||
return null; |
||||
} |
||||
|
||||
/** |
||||
* 解密FR密码 |
||||
* @param password |
||||
* @return |
||||
*/ |
||||
// public static String decryptFRPsd(String password){
|
||||
// FRLogInfo("解密密码:"+password);
|
||||
// return TransmissionTool.decrypt(password);
|
||||
// }
|
||||
|
||||
/** |
||||
* 获取带参数的访问链接 |
||||
* @return |
||||
*/ |
||||
public static String getAllUrl(HttpServletRequest httpServletRequest){ |
||||
return WebUtils.getOriginalURL(httpServletRequest); |
||||
} |
||||
|
||||
/** |
||||
* 根据originKey获取源链接 |
||||
* @param originKey |
||||
* @return |
||||
* @throws Exception |
||||
*/ |
||||
public static String getOriginUrl(String originKey) throws Exception { |
||||
if (StringUtils.isNotEmpty(originKey)) { |
||||
OriginUrlResponseBean originUrlResponseBean = (OriginUrlResponseBean) DecisionStatusService.originUrlStatusService().get(originKey); |
||||
DecisionStatusService.originUrlStatusService().delete(originKey); |
||||
if (originUrlResponseBean != null) { |
||||
return originUrlResponseBean.getOriginUrl(); |
||||
} |
||||
} |
||||
|
||||
return new OriginUrlResponseBean(TemplateUtils.render("${fineServletURL}")).getOriginUrl(); |
||||
} |
||||
|
||||
/** |
||||
* 判断是否开启模板认证 |
||||
* @param |
||||
* @return |
||||
* @throws Exception |
||||
*/ |
||||
public static boolean isTempAuth(HttpServletRequest req,HttpServletResponse res) throws Exception { |
||||
ReportTemplateRequestChecker checker = new ReportTemplateRequestChecker(); |
||||
HandlerMethod hm = new HandlerMethod(new ReportRequestService(),ReportRequestService.class.getMethod("preview", HttpServletRequest.class, HttpServletResponse.class, String.class)); |
||||
return checker.checkRequest(req,res,hm); |
||||
} |
||||
|
||||
/** |
||||
* 获取数据集数据 |
||||
* @param serverDataSetName |
||||
* @return |
||||
*/ |
||||
public static DataModel getTableData(String serverDataSetName){ |
||||
TableData userInfo = TableDataConfig.getInstance().getTableData(serverDataSetName); |
||||
DataModel userInfoDM = userInfo.createDataModel(Calculator.createCalculator()); |
||||
// userInfoDM.getRowCount();
|
||||
// userInfoDM.getColumnIndex();
|
||||
// userInfoDM.getValueAt()
|
||||
return userInfoDM; |
||||
} |
||||
|
||||
public static String getIndex(HttpServletRequest req){ |
||||
String url = req.getScheme()+"://"+req.getServerName()+":"+String.valueOf(req.getServerPort())+req.getRequestURI(); |
||||
return url; |
||||
} |
||||
} |
||||
@ -0,0 +1,309 @@
|
||||
package com.eco.plugin.xx.kdxfsso.utils; |
||||
|
||||
import com.fr.data.NetworkHelper; |
||||
import com.fr.decision.mobile.terminal.TerminalHandler; |
||||
import com.fr.decision.webservice.v10.login.LoginService; |
||||
import com.fr.stable.web.Device; |
||||
|
||||
import javax.servlet.http.HttpServletRequest; |
||||
import java.io.IOException; |
||||
import java.util.ArrayList; |
||||
import java.util.HashSet; |
||||
import java.util.List; |
||||
import java.util.Set; |
||||
import java.util.regex.Matcher; |
||||
import java.util.regex.Pattern; |
||||
|
||||
public class IPUtils { |
||||
|
||||
|
||||
/** |
||||
* 私有IP: |
||||
* A类 10.0.0.0-10.255.255.255 |
||||
* B类 172.16.0.0-172.31.255.255 |
||||
* C类 192.168.0.0-192.168.255.255 |
||||
* |
||||
* 127这个网段是环回地址 |
||||
* localhost |
||||
*/ |
||||
static List<Pattern> ipFilterRegexList = new ArrayList<>(); |
||||
|
||||
static { |
||||
Set<String> ipFilter = new HashSet<String>(); |
||||
ipFilter.add("^10\\.(1\\d{2}|2[0-4]\\d|25[0-5]|[1-9]\\d|[0-9])" |
||||
+ "\\.(1\\d{2}|2[0-4]\\d|25[0-5]|[1-9]\\d|[0-9])" + "\\.(1\\d{2}|2[0-4]\\d|25[0-5]|[1-9]\\d|[0-9])$"); |
||||
// B类地址范围: 172.16.0.0---172.31.255.255
|
||||
ipFilter.add("^172\\.(1[6789]|2[0-9]|3[01])\\" + ".(1\\d{2}|2[0-4]\\d|25[0-5]|[1-9]\\d|[0-9])\\" |
||||
+ ".(1\\d{2}|2[0-4]\\d|25[0-5]|[1-9]\\d|[0-9])$"); |
||||
// C类地址范围: 192.168.0.0---192.168.255.255
|
||||
ipFilter.add("^192\\.168\\.(1\\d{2}|2[0-4]\\d|25[0-5]|[1-9]\\d|[0-9])\\" |
||||
+ ".(1\\d{2}|2[0-4]\\d|25[0-5]|[1-9]\\d|[0-9])$"); |
||||
ipFilter.add("127.0.0.1"); |
||||
ipFilter.add("0.0.0.0"); |
||||
ipFilter.add("localhost"); |
||||
for (String tmp : ipFilter) { |
||||
ipFilterRegexList.add(Pattern.compile(tmp)); |
||||
} |
||||
} |
||||
|
||||
|
||||
// IP的正则,这个正则不能验证第一组数字为0的情况
|
||||
private static Pattern pattern = Pattern |
||||
.compile("([1-9]\\d?|1\\d{2}|2[01]\\d|22[0-3])\\." |
||||
+ "(1\\d{1,2}|2[0-4]\\d|25[0-5]|\\d{1,2})\\." |
||||
+ "(1\\d{1,2}|2[0-4]\\d|25[0-5]|\\d{1,2})\\." |
||||
+ "(1\\d{1,2}|2[0-4]\\d|25[0-5]|\\d{1,2})"); |
||||
|
||||
/** |
||||
* |
||||
* getAvaliIpList:(根据IP白名单设置获取可用的IP列表). |
||||
* |
||||
* @date 2020-11-11 下午02:50:20 |
||||
* @return |
||||
*/ |
||||
|
||||
private static Set<String> getAvaliIpList(String allowIp) { |
||||
|
||||
Set<String> ipList = new HashSet<String>(); |
||||
for (String allow : allowIp.replaceAll("\\s", "").split(",")) { |
||||
if (allow.indexOf("*") > -1) { |
||||
String[] ips = allow.split("\\."); |
||||
String[] from = new String[] { "0", "0", "0", "0" }; |
||||
String[] end = new String[] { "255", "255", "255", "255" }; |
||||
List<String> tem = new ArrayList<String>(); |
||||
for (int i = 0; i < ips.length; i++) |
||||
if (ips[i].indexOf("*") > -1) { |
||||
//todo 直接用等于,不能正确获取类似192.168.**.*这种格式的ip段
|
||||
tem = complete(ips[i]); |
||||
from[i] = null; |
||||
end[i] = null; |
||||
} else { |
||||
from[i] = ips[i]; |
||||
end[i] = ips[i]; |
||||
} |
||||
|
||||
StringBuffer fromIP = new StringBuffer(); |
||||
StringBuffer endIP = new StringBuffer(); |
||||
for (int i = 0; i < 4; i++) |
||||
if (from[i] != null) { |
||||
fromIP.append(from[i]).append("."); |
||||
endIP.append(end[i]).append("."); |
||||
} else { |
||||
fromIP.append("[*]."); |
||||
endIP.append("[*]."); |
||||
} |
||||
fromIP.deleteCharAt(fromIP.length() - 1); |
||||
endIP.deleteCharAt(endIP.length() - 1); |
||||
|
||||
for (String s : tem) { |
||||
String ip = fromIP.toString().replace("[*]", |
||||
s.split(";")[0]) |
||||
+ "-" |
||||
+ endIP.toString().replace("[*]", s.split(";")[1]); |
||||
if (validate(ip)) { |
||||
ipList.add(ip); |
||||
} |
||||
} |
||||
} else { |
||||
if (validate(allow)) { |
||||
ipList.add(allow); |
||||
} |
||||
} |
||||
|
||||
} |
||||
|
||||
return ipList; |
||||
} |
||||
|
||||
/** |
||||
* 对单个IP节点进行范围限定 |
||||
* |
||||
* @param arg |
||||
* @return 返回限定后的IP范围,格式为List[10;19, 100;199] |
||||
*/ |
||||
private static List<String> complete(String arg) { |
||||
List<String> com = new ArrayList<String>(); |
||||
if (arg.length() == 1) { |
||||
com.add("0;255"); |
||||
} else if (arg.length() == 2) { |
||||
String s1 = complete(arg, 1); |
||||
if (s1 != null) |
||||
com.add(s1); |
||||
String s2 = complete(arg, 2); |
||||
if (s2 != null) |
||||
com.add(s2); |
||||
} else { |
||||
String s1 = complete(arg, 1); |
||||
if (s1 != null) |
||||
com.add(s1); |
||||
} |
||||
return com; |
||||
} |
||||
|
||||
private static String complete(String arg, int length) { |
||||
String from = ""; |
||||
String end = ""; |
||||
if (length == 1) { |
||||
from = arg.replace("*", "0"); |
||||
end = arg.replace("*", "9"); |
||||
} else { |
||||
from = arg.replace("*", "00"); |
||||
end = arg.replace("*", "99"); |
||||
} |
||||
if (Integer.valueOf(from) > 255) |
||||
return null; |
||||
if (Integer.valueOf(end) > 255) |
||||
end = "255"; |
||||
return from + ";" + end; |
||||
} |
||||
|
||||
/** |
||||
* 在添加至白名单时进行格式校验 |
||||
* |
||||
* @param ip |
||||
* @return |
||||
*/ |
||||
private static boolean validate(String ip) { |
||||
for (String s : ip.split("-")) |
||||
if (!pattern.matcher(s).matches()) { |
||||
return false; |
||||
} |
||||
return true; |
||||
} |
||||
|
||||
/** |
||||
* |
||||
* checkLoginIP:(根据IP,及可用Ip列表来判断ip是否包含在白名单之中). |
||||
* @date 2017-4-17 下午03:01:03 |
||||
* @param ip |
||||
* @param ipList |
||||
* @return |
||||
*/ |
||||
private static boolean checkLoginIP(String ip, Set<String> ipList) { |
||||
if (ipList.isEmpty() || ipList.contains(ip)) |
||||
return true; |
||||
else { |
||||
for (String allow : ipList) { |
||||
if (allow.indexOf("-") > -1) { |
||||
String[] from = allow.split("-")[0].split("\\."); |
||||
String[] end = allow.split("-")[1].split("\\."); |
||||
String[] tag = ip.split("\\."); |
||||
|
||||
// 对IP从左到右进行逐段匹配
|
||||
boolean check = true; |
||||
for (int i = 0; i < 4; i++) { |
||||
int s = Integer.valueOf(from[i]); |
||||
int t = Integer.valueOf(tag[i]); |
||||
int e = Integer.valueOf(end[i]); |
||||
if (!(s <= t && t <= e)) { |
||||
check = false; |
||||
break; |
||||
} |
||||
} |
||||
if (check) { |
||||
return true; |
||||
} |
||||
} |
||||
} |
||||
} |
||||
return false; |
||||
} |
||||
|
||||
/** |
||||
* |
||||
* checkLoginIP:(根据IP地址,及IP白名单设置规则判断IP是否包含在白名单). |
||||
* @date 2017-4-17 下午03:01:37 |
||||
* @param ip |
||||
* @param ipWhiteConfig |
||||
* @return |
||||
*/ |
||||
public static boolean checkLoginIP(String ip,String ipWhiteConfig){ |
||||
Set<String> ipList = getAvaliIpList(ipWhiteConfig); |
||||
return checkLoginIP(ip, ipList); |
||||
} |
||||
|
||||
/** |
||||
* 获取真实IP 原逻辑 |
||||
* @param request |
||||
* @return |
||||
*/ |
||||
public static String getRealIp(HttpServletRequest request) { |
||||
// 这个一般是Nginx反向代理设置的参数
|
||||
String ip = request.getHeader("X-Real-IP"); |
||||
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { |
||||
ip = request.getHeader("X-Forwarded-For"); |
||||
} |
||||
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { |
||||
ip = request.getHeader("Proxy-Client-IP"); |
||||
} |
||||
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { |
||||
ip = request.getHeader("WL-Proxy-Client-IP"); |
||||
} |
||||
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) { |
||||
ip = request.getRemoteAddr(); |
||||
} |
||||
|
||||
// 处理多IP的情况(只取最后一个IP)
|
||||
if (ip != null && ip.contains(",")) { |
||||
String[] ipArray = ip.split(","); |
||||
ip = ipArray[ipArray.length-1]; |
||||
} |
||||
return ip; |
||||
} |
||||
|
||||
|
||||
|
||||
|
||||
|
||||
/** |
||||
* 判断IP是否内网IP |
||||
* @Title: ipIsInner |
||||
* @param ip |
||||
* @return: boolean |
||||
*/ |
||||
public static boolean ipIsInner(String ip) { |
||||
FRUtils.FRLogInfo("ip:"+ip); |
||||
boolean isInnerIp = false; |
||||
for (Pattern tmp : ipFilterRegexList) { |
||||
Matcher matcher = tmp.matcher(ip); |
||||
if (matcher.find()) { |
||||
isInnerIp = true; |
||||
break; |
||||
} |
||||
} |
||||
return isInnerIp; |
||||
} |
||||
|
||||
|
||||
// token有效性检验
|
||||
public static boolean checkTokenValid(HttpServletRequest req, String token) { |
||||
|
||||
// 判断该token是否还保存在状态服务器中,也就是判断该token是否还有用
|
||||
try { |
||||
Device device = NetworkHelper.getDevice(req); |
||||
LoginService.getInstance().loginStatusValid(token, TerminalHandler.getTerminal(req, device)); |
||||
return true; |
||||
} catch (Exception e) { |
||||
} |
||||
return false; |
||||
} |
||||
|
||||
|
||||
/** |
||||
* 判断是否是内网IP "192.168.1.1," + //设置单个IP的白名单
|
||||
* "192.168.*.2," + //设置ip通配符,对一个ip段进行匹配
|
||||
* "192.168.3.17-192.168.3.38"; //设置一个IP范围
|
||||
* @param ip |
||||
* @return |
||||
*/ |
||||
public static boolean isInnerIP(String ip,String ipWhite) throws IOException { |
||||
String ip4[]=ip.split("\\."); |
||||
if(ip4.length==4) { |
||||
return checkLoginIP(ip,ipWhite); |
||||
}else{ |
||||
return false; |
||||
} |
||||
} |
||||
|
||||
|
||||
} |
||||
@ -0,0 +1,108 @@
|
||||
package com.eco.plugin.xx.kdxfsso.utils; |
||||
|
||||
import com.fr.json.JSONObject; |
||||
import com.fr.log.FineLoggerFactory; |
||||
import com.fr.web.utils.WebUtils; |
||||
|
||||
import javax.servlet.http.HttpServletRequest; |
||||
import javax.servlet.http.HttpServletResponse; |
||||
import java.io.PrintWriter; |
||||
|
||||
public class ResponseUtils { |
||||
private static final int SUCCESS = 200; |
||||
private static final int FAILED = -1; |
||||
|
||||
public static void successResponse(HttpServletResponse res, String body) { |
||||
response(res, body, SUCCESS); |
||||
} |
||||
|
||||
public static void failedResponse(HttpServletResponse res, String body) { |
||||
response(res, body, FAILED); |
||||
} |
||||
|
||||
private static void response(HttpServletResponse res, String body, int code) { |
||||
JSONObject object = new JSONObject(); |
||||
PrintWriter pw; |
||||
try { |
||||
object.put("code", code); |
||||
object.put("data", body); |
||||
pw = WebUtils.createPrintWriter(res); |
||||
} catch (Exception e) { |
||||
FineLoggerFactory.getLogger().info(e.getMessage()); |
||||
return; |
||||
} |
||||
res.setContentType("application/json;charset=utf-8"); |
||||
String result = object.toString(); |
||||
pw.println(result); |
||||
pw.flush(); |
||||
pw.close(); |
||||
} |
||||
|
||||
public static void response(HttpServletResponse res,JSONObject json){ |
||||
PrintWriter pw; |
||||
try { |
||||
pw = WebUtils.createPrintWriter(res); |
||||
} catch (Exception e) { |
||||
FineLoggerFactory.getLogger().info(e.getMessage()); |
||||
return; |
||||
} |
||||
res.setContentType("application/json;charset=utf-8"); |
||||
String result = json.toString(); |
||||
pw.println(result); |
||||
pw.flush(); |
||||
pw.close(); |
||||
} |
||||
|
||||
public static void responseText(HttpServletResponse res,String text){ |
||||
PrintWriter pw; |
||||
try { |
||||
pw = WebUtils.createPrintWriter(res); |
||||
} catch (Exception e) { |
||||
FineLoggerFactory.getLogger().info(e.getMessage()); |
||||
return; |
||||
} |
||||
res.setContentType("text/html;charset=utf-8"); |
||||
pw.println(text); |
||||
pw.flush(); |
||||
pw.close(); |
||||
} |
||||
|
||||
public static void responseXml(HttpServletResponse res,String xml){ |
||||
PrintWriter pw; |
||||
try { |
||||
pw = WebUtils.createPrintWriter(res); |
||||
} catch (Exception e) { |
||||
FineLoggerFactory.getLogger().info(e.getMessage()); |
||||
return; |
||||
} |
||||
res.setContentType("text/xml;charset=utf-8"); |
||||
pw.println(xml); |
||||
pw.flush(); |
||||
pw.close(); |
||||
} |
||||
|
||||
public static void setCSRFHeader(HttpServletResponse httpServletResponse){ |
||||
httpServletResponse.setHeader("Access-Control-Allow-Origin", "*"); |
||||
httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST,GET,OPTIONS,DELETE,HEAD,PUT,PATCH"); |
||||
httpServletResponse.setHeader("Access-Control-Max-Age", "36000"); |
||||
httpServletResponse.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept,Authorization,authorization"); |
||||
} |
||||
|
||||
public static void responseJsonp(HttpServletRequest req, HttpServletResponse res, JSONObject json){ |
||||
PrintWriter pw; |
||||
try { |
||||
pw = WebUtils.createPrintWriter(res); |
||||
} catch (Exception e) { |
||||
FineLoggerFactory.getLogger().info(e.getMessage()); |
||||
return; |
||||
} |
||||
res.setContentType("text/javascript;charset=utf-8;charset=utf-8"); |
||||
String result = json.toString(); |
||||
|
||||
String jsonp=req.getParameter("callback"); |
||||
|
||||
pw.println(jsonp+"("+result+")"); |
||||
pw.flush(); |
||||
pw.close(); |
||||
} |
||||
} |
||||
@ -0,0 +1,275 @@
|
||||
package com.eco.plugin.xx.kdxfsso.utils; |
||||
|
||||
import com.fr.base.TemplateUtils; |
||||
import com.fr.data.NetworkHelper; |
||||
import com.fr.decision.webservice.v10.user.UserService; |
||||
import com.fr.io.utils.ResourceIOUtils; |
||||
import com.fr.json.JSONObject; |
||||
import com.fr.stable.CodeUtils; |
||||
import com.fr.stable.StringUtils; |
||||
import com.fr.third.org.apache.commons.codec.digest.DigestUtils; |
||||
import com.fr.web.utils.WebUtils; |
||||
|
||||
import javax.servlet.http.Cookie; |
||||
import javax.servlet.http.HttpServletRequest; |
||||
import javax.servlet.http.HttpServletResponse; |
||||
import java.io.BufferedReader; |
||||
import java.io.InputStream; |
||||
import java.net.URLEncoder; |
||||
import java.util.HashMap; |
||||
import java.util.Map; |
||||
import java.util.UUID; |
||||
import java.util.regex.Matcher; |
||||
import java.util.regex.Pattern; |
||||
|
||||
public class Utils { |
||||
|
||||
/** |
||||
* 判断字符串是否为空 |
||||
* @param str |
||||
* @return true 空字符串 false 非空字符串 |
||||
*/ |
||||
public static boolean isNullStr(String str){ |
||||
return !(str != null && !str.isEmpty() && !"null".equals(str)); |
||||
} |
||||
|
||||
/** |
||||
* 判断字符串是否非空 |
||||
* @param str |
||||
* @return |
||||
*/ |
||||
public static boolean isNotNullStr(String str){ |
||||
return !isNullStr(str); |
||||
} |
||||
|
||||
/** |
||||
* MD5加密 |
||||
* @param str |
||||
* @return |
||||
*/ |
||||
public static String getMd5Str(String str) |
||||
{ |
||||
return DigestUtils.md5Hex(str); |
||||
} |
||||
|
||||
/** |
||||
* 帆软shaEncode加密 |
||||
*/ |
||||
|
||||
public static String shaEncode(String str){ |
||||
return CodeUtils.sha256Encode(str); |
||||
} |
||||
|
||||
/** |
||||
* 获取uuid |
||||
*/ |
||||
public static String uuid(){ |
||||
return UUID.randomUUID().toString(); |
||||
} |
||||
|
||||
/** |
||||
* 替换空字符串 |
||||
* @param str |
||||
* @param replace |
||||
* @return |
||||
*/ |
||||
public static String replaceNullStr(String str,String replace){ |
||||
if(isNullStr(str)){ |
||||
return replace; |
||||
} |
||||
|
||||
return str; |
||||
} |
||||
|
||||
/** |
||||
* 获取请求体 |
||||
* @param req |
||||
* @return |
||||
*/ |
||||
public static JSONObject getRequestBody(HttpServletRequest req){ |
||||
StringBuffer sb = new StringBuffer(); |
||||
String line = null; |
||||
try { |
||||
BufferedReader reader = req.getReader(); |
||||
while ((line = reader.readLine()) != null) |
||||
sb.append(line); |
||||
} catch (Exception e) { |
||||
FRUtils.FRLogInfo("getRequestBody:exception:"+e.getMessage()); |
||||
} |
||||
//将空格和换行符替换掉避免使用反序列化工具解析对象时失败
|
||||
String jsonString = sb.toString().replaceAll("\\s","").replaceAll("\n",""); |
||||
|
||||
JSONObject json = new JSONObject(jsonString); |
||||
|
||||
return json; |
||||
} |
||||
|
||||
/** |
||||
* 获取ip |
||||
* @return |
||||
*/ |
||||
public static String getIp(HttpServletRequest req){ |
||||
String realIp = req.getHeader("X-Real-IP"); |
||||
String fw = req.getHeader("X-Forwarded-For"); |
||||
if (StringUtils.isNotEmpty(fw) && !"unKnown".equalsIgnoreCase(fw)) { |
||||
int param3 = fw.indexOf(","); |
||||
return param3 != -1 ? fw.substring(0, param3) : fw; |
||||
} else { |
||||
fw = realIp; |
||||
if (StringUtils.isNotEmpty(realIp) && !"unKnown".equalsIgnoreCase(realIp)) { |
||||
return realIp; |
||||
} else { |
||||
if (StringUtils.isBlank(realIp) || "unknown".equalsIgnoreCase(realIp)) { |
||||
fw = req.getHeader("Proxy-Client-IP"); |
||||
} |
||||
|
||||
if (StringUtils.isBlank(fw) || "unknown".equalsIgnoreCase(fw)) { |
||||
fw = req.getHeader("WL-Proxy-Client-IP"); |
||||
} |
||||
|
||||
if (StringUtils.isBlank(fw) || "unknown".equalsIgnoreCase(fw)) { |
||||
fw = req.getHeader("HTTP_CLIENT_IP"); |
||||
} |
||||
|
||||
if (StringUtils.isBlank(fw) || "unknown".equalsIgnoreCase(fw)) { |
||||
fw = req.getHeader("HTTP_X_FORWARDED_FOR"); |
||||
} |
||||
|
||||
if (StringUtils.isBlank(fw) || "unknown".equalsIgnoreCase(fw)) { |
||||
fw = req.getRemoteAddr(); |
||||
} |
||||
|
||||
return fw; |
||||
} |
||||
} |
||||
} |
||||
|
||||
/** |
||||
* 根据key获取cookie |
||||
* @param req |
||||
* @return |
||||
*/ |
||||
public static String getCookieByKey(HttpServletRequest req,String key){ |
||||
Cookie[] cookies = req.getCookies(); |
||||
String cookie = ""; |
||||
|
||||
if(cookies == null || cookies.length <=0){ |
||||
return ""; |
||||
} |
||||
|
||||
for(int i = 0; i < cookies.length; i++) { |
||||
Cookie item = cookies[i]; |
||||
if (item.getName().equalsIgnoreCase(key)) { |
||||
cookie = item.getValue(); |
||||
} |
||||
} |
||||
|
||||
FRUtils.FRLogInfo("cookie:"+cookie); |
||||
|
||||
return cookie; |
||||
} |
||||
|
||||
/** |
||||
* 判断是否是手机端的链接 |
||||
* @param req |
||||
* @return |
||||
*/ |
||||
public static boolean isMobile(HttpServletRequest req) { |
||||
String[] mobileArray = {"iPhone", "iPad", "android", "windows phone", "xiaomi"}; |
||||
String userAgent = req.getHeader("user-agent"); |
||||
if (userAgent != null && userAgent.toUpperCase().contains("MOBILE")) { |
||||
for(String mobile : mobileArray) { |
||||
if(userAgent.toUpperCase().contains(mobile.toUpperCase())) { |
||||
return true; |
||||
} |
||||
} |
||||
} |
||||
return NetworkHelper.getDevice(req).isMobile(); |
||||
} |
||||
|
||||
/** |
||||
* 只编码中文 |
||||
* @param url |
||||
* @return |
||||
*/ |
||||
public static String encodeCH(String url ){ |
||||
Matcher matcher = Pattern.compile("[\\u4e00-\\u9fa5]").matcher(url); |
||||
|
||||
while(matcher.find()){ |
||||
String chn = matcher.group(); |
||||
url = url.replaceAll(chn, URLEncoder.encode(chn)); |
||||
} |
||||
|
||||
return url; |
||||
} |
||||
|
||||
/** |
||||
* 获取web-inf文件夹下的文件 |
||||
* filename /resources/ip4enc.properties |
||||
*/ |
||||
public static InputStream getResourcesFile(String filename){ |
||||
return ResourceIOUtils.read(filename); |
||||
} |
||||
|
||||
/** |
||||
* |
||||
* @param res |
||||
* @param path /com/fr/plugin/loginAuth/html/getMac.html |
||||
* @param parameterMap |
||||
*/ |
||||
public static void toErrorPage(HttpServletResponse res,String path,Map<String, String> parameterMap){ |
||||
if(parameterMap == null){ |
||||
parameterMap = new HashMap<String, String>(); |
||||
} |
||||
|
||||
try { |
||||
String macPage = TemplateUtils.renderTemplate(path, parameterMap); |
||||
WebUtils.printAsString(res, macPage); |
||||
}catch (Exception e){ |
||||
FRUtils.FRLogError("跳转页面异常"); |
||||
} |
||||
|
||||
} |
||||
|
||||
/** |
||||
* 判断是否是管理员 |
||||
* @param username |
||||
* @return |
||||
*/ |
||||
public static boolean isAdmin(String username) throws Exception{ |
||||
return UserService.getInstance().isAdmin(UserService.getInstance().getUserByUserName(username).getId()); |
||||
} |
||||
|
||||
/** |
||||
* 去掉浏览器中的参数 |
||||
* @param url |
||||
* @param param |
||||
* @return |
||||
*/ |
||||
public static String removeParam(String url,String param){ |
||||
if(!url.contains("?"+param) && !url.contains("&"+param)){ |
||||
return url; |
||||
} |
||||
|
||||
return url.substring(0,url.indexOf(url.contains("?"+param) ? "?"+param : "&"+param)); |
||||
} |
||||
|
||||
/** |
||||
* 获取跳转链接 |
||||
* @param req |
||||
* @param param |
||||
* @return |
||||
*/ |
||||
public static String getRedirectUrl(HttpServletRequest req,String param){ |
||||
String url = FRUtils.getAllUrl(req); |
||||
|
||||
if(isNotNullStr(param)){ |
||||
url = removeParam(url,param); |
||||
} |
||||
|
||||
url = encodeCH(url); |
||||
|
||||
return url; |
||||
} |
||||
|
||||
} |
||||
|
After Width: | Height: | Size: 2.0 KiB |
|
After Width: | Height: | Size: 241 KiB |
@ -0,0 +1,64 @@
|
||||
<!DOCTYPE html> |
||||
<html> |
||||
<head> |
||||
<meta charset="utf-8"> |
||||
<title></title> |
||||
</head> |
||||
<body> |
||||
<div class="content_err"> |
||||
<div class="img_box"> |
||||
<img class="img" src="img/ifly-error-img.png" /> |
||||
</div> |
||||
|
||||
<div class="font_err"> |
||||
<p class="font_warn"><i class="icon_warn"></i>您访问的页面在公司内网环境,如果您在互联网环境, 请通过VPN访问</p> |
||||
<p class="font_msg">VPN软件地址请见<b>快捷链接</b>模块,使用说明请见<b>FAQ</b>模块</p> |
||||
</div> |
||||
</div> |
||||
</body> |
||||
</html> |
||||
<style> |
||||
body { |
||||
background: #fff; |
||||
max-width: 1200px; |
||||
margin: 0 auto; |
||||
} |
||||
.content_err { |
||||
margin-top: 5%; |
||||
} |
||||
.content_err .img_box { |
||||
width: 40%; |
||||
float: left; |
||||
text-align: right; |
||||
} |
||||
.content_err .img_box img { |
||||
width: 500px; |
||||
height: 500px; |
||||
} |
||||
.font_err { |
||||
width: 58%; |
||||
float: left; |
||||
margin-top: 14%; |
||||
margin-left: 1%; |
||||
} |
||||
.font_warn { |
||||
font-size: 26px; |
||||
font-weight: bold; |
||||
color: #ffa113; |
||||
padding-left: 50px; |
||||
position: relative; |
||||
} |
||||
.font_warn .icon_warn { |
||||
width: 40px; |
||||
height: 40px; |
||||
background: url(img/ifly-error-bg.png) no-repeat; |
||||
display: inline-block; |
||||
position: absolute; |
||||
top: 1px; |
||||
left: 0; |
||||
} |
||||
.font_msg { |
||||
margin-left: 50px; |
||||
color: #1f2545; |
||||
} |
||||
</style> |
||||
Loading…
Reference in new issue