open-JSD-10008/src/main/java/com/eco/plugin/xx/kdxfsso/filter/SSOFilter.java

package com.eco.plugin.xx.kdxfsso.filter;

import com.eco.plugin.xx.kdxfsso.config.PluginSimpleConfig;
import com.eco.plugin.xx.kdxfsso.utils.*;
import com.fr.decision.fun.impl.AbstractGlobalRequestFilterProvider;
import com.fr.json.JSONObject;
import com.fr.plugin.context.PluginContexts;
import com.fr.record.analyzer.EnableMetrics;
import com.fr.stable.fun.Authorize;

import javax.servlet.FilterChain;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@EnableMetrics
@Authorize(callSignKey = "com.eco.plugin.xx.kdxfsso")
public class SSOFilter extends AbstractGlobalRequestFilterProvider {
    @Override
    public String filterName() {
        return "kdxfssoFilter";
    }

    @Override
    public String[] urlPatterns() {
        return new String[]{"/*"};
    }

    @Override
    public void doFilter(HttpServletRequest req, HttpServletResponse res, FilterChain chain ){

        if(PluginContexts.currentContext().isAvailable()){
            PluginSimpleConfig psc = PluginSimpleConfig.getInstance();

            //没有token参数，放行
            String token = req.getParameter(psc.getParamname());
            if(Utils.isNullStr(token)){
                release(req,res,chain);
                return ;
            }



            //检查是否为模板，如不是返回错误信息
            String url = FRUtils.getAllUrl(req);
            boolean isTemp = (url.contains("view/report") && url.contains(".cpt")) || (url.contains("view/form") && url.contains(".frm"));
            if(!isTemp){
                ResponseUtils.failedResponse(res,"不允许单点到决策系统!");
                return;
            }


            //监测token是否超时
            String decryptToken = null;
            try {
                decryptToken = EncryptUtils.rsaDecrypt(token,psc.getPrivatekey());
            } catch (Exception e) {
                ResponseUtils.failedResponse(res,"token解密失败:"+e.getMessage());
                return;
            }

            if(Utils.isNullStr(decryptToken)){
                ResponseUtils.failedResponse(res,"token解密失败!");
                return;
            }

            JSONObject tokenJson = new JSONObject(decryptToken);
            String username = tokenJson.getString("username");
            Long timestamp = tokenJson.getLong("timestamp");
            Long now = System.currentTimeMillis();

            FRUtils.FRLogInfo("timestamp:"+timestamp+";now:"+now);
            if((now - timestamp)/1000 > Long.parseLong(psc.getTimeout())){
                ResponseUtils.failedResponse(res,"token已超时，请重新生成!");
                return;
            }

            String redirect = Utils.getRedirectUrl(req,psc.getParamname()).replace("http","https");

            //登录
            FRUtils.login(req,res,username,redirect);
        }

        release(req,res,chain);
    }



    //放行拦截器
    private void release(HttpServletRequest req, HttpServletResponse res, FilterChain chain) {
        try{
            chain.doFilter(req,res);
        }catch (Exception e){
            FRUtils.FRLogInfo("拦截失败");
        }
    }
}