You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
97 lines
3.1 KiB
97 lines
3.1 KiB
package com.eco.plugin.xx.kdxfsso.filter; |
|
|
|
import com.eco.plugin.xx.kdxfsso.config.PluginSimpleConfig; |
|
import com.eco.plugin.xx.kdxfsso.utils.*; |
|
import com.fr.decision.fun.impl.AbstractGlobalRequestFilterProvider; |
|
import com.fr.json.JSONObject; |
|
import com.fr.plugin.context.PluginContexts; |
|
import com.fr.record.analyzer.EnableMetrics; |
|
import com.fr.stable.fun.Authorize; |
|
|
|
import javax.servlet.FilterChain; |
|
import javax.servlet.http.HttpServletRequest; |
|
import javax.servlet.http.HttpServletResponse; |
|
|
|
@EnableMetrics |
|
@Authorize(callSignKey = "com.eco.plugin.xx.kdxfsso") |
|
public class SSOFilter extends AbstractGlobalRequestFilterProvider { |
|
@Override |
|
public String filterName() { |
|
return "kdxfssoFilter"; |
|
} |
|
|
|
@Override |
|
public String[] urlPatterns() { |
|
return new String[]{"/*"}; |
|
} |
|
|
|
@Override |
|
public void doFilter(HttpServletRequest req, HttpServletResponse res, FilterChain chain ){ |
|
|
|
if(PluginContexts.currentContext().isAvailable()){ |
|
PluginSimpleConfig psc = PluginSimpleConfig.getInstance(); |
|
|
|
//没有token参数,放行 |
|
String token = req.getParameter(psc.getParamname()); |
|
if(Utils.isNullStr(token)){ |
|
release(req,res,chain); |
|
return ; |
|
} |
|
|
|
|
|
|
|
//检查是否为模板,如不是返回错误信息 |
|
String url = FRUtils.getAllUrl(req); |
|
boolean isTemp = (url.contains("view/report") && url.contains(".cpt")) || (url.contains("view/form") && url.contains(".frm")); |
|
if(!isTemp){ |
|
ResponseUtils.failedResponse(res,"不允许单点到决策系统!"); |
|
return; |
|
} |
|
|
|
|
|
//监测token是否超时 |
|
String decryptToken = null; |
|
try { |
|
decryptToken = EncryptUtils.rsaDecrypt(token,psc.getPrivatekey()); |
|
} catch (Exception e) { |
|
ResponseUtils.failedResponse(res,"token解密失败:"+e.getMessage()); |
|
return; |
|
} |
|
|
|
if(Utils.isNullStr(decryptToken)){ |
|
ResponseUtils.failedResponse(res,"token解密失败!"); |
|
return; |
|
} |
|
|
|
JSONObject tokenJson = new JSONObject(decryptToken); |
|
String username = tokenJson.getString("username"); |
|
Long timestamp = tokenJson.getLong("timestamp"); |
|
Long now = System.currentTimeMillis(); |
|
|
|
FRUtils.FRLogInfo("timestamp:"+timestamp+";now:"+now); |
|
if((now - timestamp)/1000 > Long.parseLong(psc.getTimeout())){ |
|
ResponseUtils.failedResponse(res,"token已超时,请重新生成!"); |
|
return; |
|
} |
|
|
|
String redirect = Utils.getRedirectUrl(req,psc.getParamname()).replace("http","https"); |
|
|
|
//登录 |
|
FRUtils.login(req,res,username,redirect); |
|
} |
|
|
|
release(req,res,chain); |
|
} |
|
|
|
|
|
|
|
//放行拦截器 |
|
private void release(HttpServletRequest req, HttpServletResponse res, FilterChain chain) { |
|
try{ |
|
chain.doFilter(req,res); |
|
}catch (Exception e){ |
|
FRUtils.FRLogInfo("拦截失败"); |
|
} |
|
} |
|
} |
|
|
|
|