You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
122 lines
5.5 KiB
122 lines
5.5 KiB
package com.fr.plugin.xx.ltqc.auth; |
|
|
|
import com.fr.data.NetworkHelper; |
|
import com.fr.decision.authority.data.User; |
|
import com.fr.decision.fun.impl.AbstractGlobalRequestFilterProvider; |
|
import com.fr.decision.webservice.Response; |
|
import com.fr.decision.webservice.exception.login.UserPwdErrorException; |
|
import com.fr.decision.webservice.exception.user.UserNotExistException; |
|
import com.fr.decision.webservice.v10.remote.RemoteDesignStatusService; |
|
import com.fr.decision.webservice.v10.user.UserService; |
|
import com.fr.exception.RemoteDesignPermissionDeniedException; |
|
import com.fr.general.ComparatorUtils; |
|
import com.fr.json.JSONObject; |
|
import com.fr.plugin.xx.ltqc.auth.conf.AuthSsoConfig; |
|
import com.fr.plugin.xx.ltqc.auth.utils.CommonUtils; |
|
import com.fr.plugin.xx.ltqc.auth.utils.HttpUtil; |
|
import com.fr.plugin.xx.ltqc.auth.utils.LogUtils; |
|
import com.fr.security.JwtUtils; |
|
import com.fr.security.SecurityToolbox; |
|
import com.fr.security.encryption.mode.EncryptionMode; |
|
import com.fr.security.encryption.storage.StorageEncryptors; |
|
import com.fr.stable.StringUtils; |
|
import com.fr.web.service.RemoteDesignAuthorityDataService; |
|
import com.fr.web.utils.WebUtils; |
|
|
|
import javax.servlet.FilterChain; |
|
import javax.servlet.http.HttpServletRequest; |
|
import javax.servlet.http.HttpServletResponse; |
|
import java.util.HashMap; |
|
import java.util.Map; |
|
|
|
/** |
|
* @Author xx |
|
* @Date 2022/5/9 |
|
* @Description |
|
**/ |
|
public class RemoteFilter extends AbstractGlobalRequestFilterProvider { |
|
@Override |
|
public String filterName() { |
|
return "design"; |
|
} |
|
|
|
@Override |
|
public String[] urlPatterns() { |
|
return new String[]{"/decision/remote/design/token"}; |
|
} |
|
|
|
@Override |
|
public void doFilter(HttpServletRequest req, HttpServletResponse res, FilterChain filterChain) { |
|
LogUtils.debug4plugin("捕获到远程设计器请求"); |
|
try { |
|
String username, password, compatibleParameters0; |
|
if (StringUtils.equalsIgnoreCase(req.getMethod(), "GET")) { |
|
username = NetworkHelper.getHTTPRequestParameter(req, "username"); |
|
password = NetworkHelper.getHTTPRequestParameter(req, "password"); |
|
compatibleParameters0 = NetworkHelper.getHTTPRequestParameter(req, "compatibleParameters0"); |
|
} else { |
|
username = NetworkHelper.getHTTPRequestParameter(req, "username"); |
|
password = SecurityToolbox.defaultDecrypt(NetworkHelper.getHTTPRequestParameter(req, "password")); |
|
compatibleParameters0 = NetworkHelper.getHTTPRequestParameter(req, "compatibleParameters0"); |
|
} |
|
if (StringUtils.isEmpty(compatibleParameters0) && !ComparatorUtils.equals(StorageEncryptors.getInstance().getCurrentEncryptionMode(), EncryptionMode.RSA)) { |
|
throw new RemoteDesignPermissionDeniedException(); |
|
} |
|
String token = StringUtils.EMPTY; |
|
Map<String, Object> loginParam = new HashMap<>(); |
|
loginParam.put("username", username); |
|
loginParam.put("password", password); |
|
String loginRes = HttpUtil.doFormPost(AuthSsoConfig.getInstance().getEnvUrl(), null, loginParam, "UTF-8"); |
|
LogUtils.debug4plugin("login res is {}", loginRes); |
|
JSONObject loginObject = new JSONObject(loginRes); |
|
if (loginObject.has("data") && loginObject.getInt("__statusCode") == 1) { |
|
token = loginObject.getString("data"); |
|
} else { |
|
throw new UserPwdErrorException(); |
|
} |
|
LogUtils.debug4plugin("get token is {}",token); |
|
String validateUser = StringUtils.EMPTY; |
|
Map<String, String> param = new HashMap<>(); |
|
param.put("ticketValue", token); |
|
String result = HttpUtil.sendGet(AuthSsoConfig.getInstance().getValidateUrl(), param, null); |
|
LogUtils.debug4plugin("validate cookie url is {}, param is {}, res is {}", AuthSsoConfig.getInstance().getValidateUrl(), param, res); |
|
JSONObject object = new JSONObject(result); |
|
if (object.has("data")) { |
|
validateUser = object.getString("data"); |
|
if (CommonUtils.checkUser(validateUser)) { |
|
login(res, username); |
|
} else { |
|
throw new UserNotExistException(); |
|
} |
|
} |
|
} catch (RemoteDesignPermissionDeniedException | UserNotExistException | UserPwdErrorException e) { |
|
setRes(res, Response.error(e.errorCode(), e.getMessage())); |
|
} catch (Exception e) { |
|
LogUtils.error(e.getMessage(), e); |
|
} |
|
} |
|
|
|
private void login(HttpServletResponse res, String username) throws Exception { |
|
User user = UserService.getInstance().getUserByUserName(username); |
|
if (user != null && RemoteDesignAuthorityDataService.getInstance().hasAuthority(user.getId())) { |
|
setRes(res, Response.ok(this.generateToken(username))); |
|
} else { |
|
throw new RemoteDesignPermissionDeniedException(); |
|
} |
|
} |
|
|
|
private void setRes(HttpServletResponse res, Response body) { |
|
try { |
|
res.setContentType("application/json"); |
|
WebUtils.printAsJSON(res, JSONObject.mapFrom(body)); |
|
} catch (Exception e) { |
|
LogUtils.error(e.getMessage(), e); |
|
} |
|
} |
|
|
|
private String generateToken(String username) throws Exception { |
|
String jwt = JwtUtils.createDefaultJWT(username); |
|
RemoteDesignStatusService.loginStatusService().put(jwt, username, 1209600000); |
|
return jwt; |
|
} |
|
}
|
|
|