open-JSD-10171/src/main/java/com/fr/plugin/fg/auth/filter/CasYaleFilter.java

package com.fr.plugin.fg.auth.filter;

import com.fr.data.NetworkHelper;
import com.fr.decision.fun.impl.AbstractGlobalRequestFilterProvider;
import com.fr.io.utils.ResourceIOUtils;
import com.fr.log.FineLoggerFactory;
import com.fr.stable.StringUtils;
import com.fr.web.utils.WebUtils;
import edu.yale.its.tp.cas.client.ProxyTicketValidator;
import edu.yale.its.tp.cas.client.Util;
import edu.yale.its.tp.cas.client.filter.CASFilterRequestWrapper;
import org.xml.sax.SAXException;

import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.xml.parsers.ParserConfigurationException;
import java.io.IOException;
import java.net.URLEncoder;
import java.util.Properties;
import java.util.StringTokenizer;

public class CasYaleFilter extends AbstractGlobalRequestFilterProvider {

    public static final String CAS_FILTER_USER = "edu.yale.its.tp.cas.client.filter.user";
    public static String IGNORE_URL;
    private String casLogin;
    private String casValidate;
    private String casAuthorizedProxy;
    private String casServiceUrl;
    private String casRenew;
    private String casServerName;
    private boolean wrapRequest;

    private Properties properties = new Properties();

    @Override
    public String filterName() {
        return "cas";
    }

    @Override
    public String[] urlPatterns() {
        return new String[]{ "/*"};
    }

    @Override
    public void init(FilterConfig filterConfig) {
        try {
            properties.load(ResourceIOUtils.read("/resources/fgAuth.properties"));
        } catch (IOException e) {
            FineLoggerFactory.getLogger().error(e.getLocalizedMessage(), e);
        }
        this.casLogin = properties.getProperty("loginUrl");
        this.casValidate = properties.getProperty("validateUrl");

        this.casServerName = properties.getProperty("serverName");

        this.IGNORE_URL = properties.getProperty("ignoreUrl"); // 逗号分隔
        FineLoggerFactory.getLogger().debug("IGNORE_URL: {}", IGNORE_URL);
    }

    @Override
    public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) {
        try {
            if (isIgnoreRequest(request)) {
                filterChain.doFilter(request, response);
                return;
            }

            if (this.wrapRequest) {
                request = new CASFilterRequestWrapper((HttpServletRequest)request);
            }

            HttpSession var4 = ((HttpServletRequest)request).getSession();
            if (var4 != null && var4.getAttribute("edu.yale.its.tp.cas.client.filter.user") != null) {
                filterChain.doFilter((ServletRequest)request, response);
            } else {
                String var5 = ((ServletRequest)request).getParameter("ticket");
                if (var5 != null && !var5.equals("")) {
                    String var6 = this.getAuthenticatedUser((HttpServletRequest)request);
                    if (var6 == null) {
                        throw new ServletException("Unexpected CAS authentication error");
                    } else {
                        if (var4 != null) {
                            var4.setAttribute("edu.yale.its.tp.cas.client.filter.user", var6);
                        }

                        filterChain.doFilter((ServletRequest)request, response);
                    }
                } else if (this.casLogin == null) {
                    throw new ServletException("When CASFilter protects pages that do not receive a 'ticket' parameter, it needs a edu.yale.its.tp.cas.client.filter.loginUrl filter parameter");
                } else {
                    ((HttpServletResponse)response).sendRedirect(this.casLogin + "?service=" + this.getService((HttpServletRequest)request) + (this.casRenew != null && !this.casRenew.equals("") ? "&renew=" + this.casRenew : ""));
                }
            }
        } catch (ServletException e) {
            FineLoggerFactory.getLogger().error(e.getLocalizedMessage(), e);
        } catch (IOException e) {
            FineLoggerFactory.getLogger().error(e.getLocalizedMessage(), e);
        }
    }

    private String getAuthenticatedUser(HttpServletRequest request) throws ServletException {
        ProxyTicketValidator var2 = null;

        String var4;
        try {
            var2 = new ProxyTicketValidator();
            var2.setCasValidateUrl(this.casValidate);
            var2.setServiceTicket(request.getParameter("ticket"));
            var2.setService(this.getService(request));
            var2.setRenew(Boolean.valueOf(this.casRenew));
            var2.validate();
            if (!var2.isAuthenticationSuccesful()) {
                throw new ServletException("CAS authentication error: " + var2.getErrorCode() + ": " + var2.getErrorMessage());
            } else {
                if (var2.getProxyList().size() != 0) {
                    if (this.casAuthorizedProxy == null) {
                        throw new ServletException("this page does not accept proxied tickets");
                    }

                    boolean var3 = false;
                    var4 = (String)var2.getProxyList().get(0);
                    StringTokenizer var5 = new StringTokenizer(this.casAuthorizedProxy);

                    while(var5.hasMoreTokens()) {
                        if (var4.equals(var5.nextToken())) {
                            var3 = true;
                            break;
                        }
                    }

                    if (!var3) {
                        throw new ServletException("unauthorized top-level proxy: '" + var2.getProxyList().get(0) + "'");
                    }
                }

                return var2.getUser();
            }
        } catch (SAXException var6) {
            var4 = "";
            if (var2 != null) {
                var4 = var2.getResponse();
            }

            throw new ServletException(var6 + " " + var4);
        } catch (ParserConfigurationException var7) {
            throw new ServletException(var7);
        } catch (IOException var8) {
            throw new ServletException(var8);
        }
    }

    private String getService(HttpServletRequest request) throws ServletException {
        if (this.casServerName == null && this.casServiceUrl == null) {
            throw new ServletException("need one of the following configuration parameters: edu.yale.its.tp.cas.client.filter.serviceUrl or edu.yale.its.tp.cas.client.filter.serverName");
        } else {
            return this.casServiceUrl != null ? URLEncoder.encode(this.casServiceUrl) : Util.getService(request, this.casServerName);
        }
    }

    @Override
    public void destroy() {

    }

    public static boolean isIgnoreRequest(HttpServletRequest request) {
        if (request.getRequestURI().contains("remote") ||
                isMobile(request) ||
                StringUtils.isNotBlank(WebUtils.getHTTPRequestParameter(request, "format"))) {
            return true;
        }

        String[] ignores = IGNORE_URL.split(",");
        FineLoggerFactory.getLogger().info("isIgnoreRequest uri: {}", request.getRequestURI());
        for (String ignore:ignores) {
            if (request.getRequestURI().contains(ignore)) {
                return true;
            }
        }

        return false;
    }

    public static boolean isMobile(HttpServletRequest req) {
        String[] mobileArray = {"iPhone", "iPad", "android", "windows phone", "xiaomi"};
        String userAgent = req.getHeader("user-agent");
        if (userAgent != null && userAgent.toUpperCase().contains("MOBILE")) {
            for(String mobile : mobileArray) {
                if(userAgent.toUpperCase().contains(mobile.toUpperCase())) {
                    return true;
                }
            }
        }
        return NetworkHelper.getDevice(req).isMobile();
    }
}
open 2 years ago			`package com.fr.plugin.fg.auth.filter;`

			`import com.fr.data.NetworkHelper;`
			`import com.fr.decision.fun.impl.AbstractGlobalRequestFilterProvider;`
			`import com.fr.io.utils.ResourceIOUtils;`
			`import com.fr.log.FineLoggerFactory;`
			`import com.fr.stable.StringUtils;`
			`import com.fr.web.utils.WebUtils;`
			`import edu.yale.its.tp.cas.client.ProxyTicketValidator;`
			`import edu.yale.its.tp.cas.client.Util;`
			`import edu.yale.its.tp.cas.client.filter.CASFilterRequestWrapper;`
			`import org.xml.sax.SAXException;`

			`import javax.servlet.FilterChain;`
			`import javax.servlet.FilterConfig;`
			`import javax.servlet.ServletException;`
			`import javax.servlet.ServletRequest;`
			`import javax.servlet.http.HttpServletRequest;`
			`import javax.servlet.http.HttpServletResponse;`
			`import javax.servlet.http.HttpSession;`
			`import javax.xml.parsers.ParserConfigurationException;`
			`import java.io.IOException;`
			`import java.net.URLEncoder;`
			`import java.util.Properties;`
			`import java.util.StringTokenizer;`

			`public class CasYaleFilter extends AbstractGlobalRequestFilterProvider {`

			`public static final String CAS_FILTER_USER = "edu.yale.its.tp.cas.client.filter.user";`
			`public static String IGNORE_URL;`
			`private String casLogin;`
			`private String casValidate;`
			`private String casAuthorizedProxy;`
			`private String casServiceUrl;`
			`private String casRenew;`
			`private String casServerName;`
			`private boolean wrapRequest;`

			`private Properties properties = new Properties();`

			`@Override`
			`public String filterName() {`
			`return "cas";`
			`}`

			`@Override`
			`public String[] urlPatterns() {`
			`return new String[]{ "/*"};`
			`}`

			`@Override`
			`public void init(FilterConfig filterConfig) {`
			`try {`
			`properties.load(ResourceIOUtils.read("/resources/fgAuth.properties"));`
			`} catch (IOException e) {`
			`FineLoggerFactory.getLogger().error(e.getLocalizedMessage(), e);`
			`}`
			`this.casLogin = properties.getProperty("loginUrl");`
			`this.casValidate = properties.getProperty("validateUrl");`

			`this.casServerName = properties.getProperty("serverName");`

			`this.IGNORE_URL = properties.getProperty("ignoreUrl"); // 逗号分隔`
			`FineLoggerFactory.getLogger().debug("IGNORE_URL: {}", IGNORE_URL);`
			`}`

			`@Override`
			`public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) {`
			`try {`
			`if (isIgnoreRequest(request)) {`
			`filterChain.doFilter(request, response);`
			`return;`
			`}`

			`if (this.wrapRequest) {`
			`request = new CASFilterRequestWrapper((HttpServletRequest)request);`
			`}`

			`HttpSession var4 = ((HttpServletRequest)request).getSession();`
			`if (var4 != null && var4.getAttribute("edu.yale.its.tp.cas.client.filter.user") != null) {`
			`filterChain.doFilter((ServletRequest)request, response);`
			`} else {`
			`String var5 = ((ServletRequest)request).getParameter("ticket");`
			`if (var5 != null && !var5.equals("")) {`
			`String var6 = this.getAuthenticatedUser((HttpServletRequest)request);`
			`if (var6 == null) {`
			`throw new ServletException("Unexpected CAS authentication error");`
			`} else {`
			`if (var4 != null) {`
			`var4.setAttribute("edu.yale.its.tp.cas.client.filter.user", var6);`
			`}`

			`filterChain.doFilter((ServletRequest)request, response);`
			`}`
			`} else if (this.casLogin == null) {`
			`throw new ServletException("When CASFilter protects pages that do not receive a 'ticket' parameter, it needs a edu.yale.its.tp.cas.client.filter.loginUrl filter parameter");`
			`} else {`
			`((HttpServletResponse)response).sendRedirect(this.casLogin + "?service=" + this.getService((HttpServletRequest)request) + (this.casRenew != null && !this.casRenew.equals("") ? "&renew=" + this.casRenew : ""));`
			`}`
			`}`
			`} catch (ServletException e) {`
			`FineLoggerFactory.getLogger().error(e.getLocalizedMessage(), e);`
			`} catch (IOException e) {`
			`FineLoggerFactory.getLogger().error(e.getLocalizedMessage(), e);`
			`}`
			`}`

			`private String getAuthenticatedUser(HttpServletRequest request) throws ServletException {`
			`ProxyTicketValidator var2 = null;`

			`String var4;`
			`try {`
			`var2 = new ProxyTicketValidator();`
			`var2.setCasValidateUrl(this.casValidate);`
			`var2.setServiceTicket(request.getParameter("ticket"));`
			`var2.setService(this.getService(request));`
			`var2.setRenew(Boolean.valueOf(this.casRenew));`
			`var2.validate();`
			`if (!var2.isAuthenticationSuccesful()) {`
			`throw new ServletException("CAS authentication error: " + var2.getErrorCode() + ": " + var2.getErrorMessage());`
			`} else {`
			`if (var2.getProxyList().size() != 0) {`
			`if (this.casAuthorizedProxy == null) {`
			`throw new ServletException("this page does not accept proxied tickets");`
			`}`

			`boolean var3 = false;`
			`var4 = (String)var2.getProxyList().get(0);`
			`StringTokenizer var5 = new StringTokenizer(this.casAuthorizedProxy);`

			`while(var5.hasMoreTokens()) {`
			`if (var4.equals(var5.nextToken())) {`
			`var3 = true;`
			`break;`
			`}`
			`}`

			`if (!var3) {`
			`throw new ServletException("unauthorized top-level proxy: '" + var2.getProxyList().get(0) + "'");`
			`}`
			`}`

			`return var2.getUser();`
			`}`
			`} catch (SAXException var6) {`
			`var4 = "";`
			`if (var2 != null) {`
			`var4 = var2.getResponse();`
			`}`

			`throw new ServletException(var6 + " " + var4);`
			`} catch (ParserConfigurationException var7) {`
			`throw new ServletException(var7);`
			`} catch (IOException var8) {`
			`throw new ServletException(var8);`
			`}`
			`}`

			`private String getService(HttpServletRequest request) throws ServletException {`
			`if (this.casServerName == null && this.casServiceUrl == null) {`
			`throw new ServletException("need one of the following configuration parameters: edu.yale.its.tp.cas.client.filter.serviceUrl or edu.yale.its.tp.cas.client.filter.serverName");`
			`} else {`
			`return this.casServiceUrl != null ? URLEncoder.encode(this.casServiceUrl) : Util.getService(request, this.casServerName);`
			`}`
			`}`

			`@Override`
			`public void destroy() {`

			`}`

			`public static boolean isIgnoreRequest(HttpServletRequest request) {`
			`if (request.getRequestURI().contains("remote") \|\|`
			`isMobile(request) \|\|`
			`StringUtils.isNotBlank(WebUtils.getHTTPRequestParameter(request, "format"))) {`
			`return true;`
			`}`

			`String[] ignores = IGNORE_URL.split(",");`
			`FineLoggerFactory.getLogger().info("isIgnoreRequest uri: {}", request.getRequestURI());`
			`for (String ignore:ignores) {`
			`if (request.getRequestURI().contains(ignore)) {`
			`return true;`
			`}`
			`}`

			`return false;`
			`}`

			`public static boolean isMobile(HttpServletRequest req) {`
			`String[] mobileArray = {"iPhone", "iPad", "android", "windows phone", "xiaomi"};`
			`String userAgent = req.getHeader("user-agent");`
			`if (userAgent != null && userAgent.toUpperCase().contains("MOBILE")) {`
			`for(String mobile : mobileArray) {`
			`if(userAgent.toUpperCase().contains(mobile.toUpperCase())) {`
			`return true;`
			`}`
			`}`
			`}`
			`return NetworkHelper.getDevice(req).isMobile();`
			`}`
			`}`