pioneer
/
open-JSD-10171
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

open

master
pioneer 2 years ago
commit
ba3a72d86c
14 changed files with 691 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      README.md
  2. BIN
      dependence/authAPI.jar
  3. BIN
      dependence/cas-client-core-3.2.1.jar
  4. BIN
      dependence/casclient.jar
  5. 5
      fgAuth.properties
  6. BIN
      lib/authAPI.jar
  7. 21
      plugin.xml
  8. 53
      src/main/java/com/fr/plugin/fg/auth/FGAuthApi.java
  9. 17
      src/main/java/com/fr/plugin/fg/auth/TempAuthSyncJob.java
  10. 44
      src/main/java/com/fr/plugin/fg/auth/TempAuthSyncSchedule.java
  11. 202
      src/main/java/com/fr/plugin/fg/auth/filter/CasYaleFilter.java
  12. 164
      src/main/java/com/fr/plugin/fg/auth/filter/CheckTempleteAuth.java
  13. 73
      src/main/java/com/fr/plugin/fg/auth/filter/FGFilter.java
  14. 106
      src/main/java/com/fr/plugin/fg/auth/filter/LoginFilter.java

6
README.md
Unescape View File

@ -0,0 +1,6 @@
# open-JSD-10171
JSD-10171 单点和模板权限校验\
免责说明:该源码为第三方爱好者提供,不保证源码和方案的可靠性,也不提供任何形式的源码教学指导和协助!\
仅作为开发者学习参考使用!禁止用于任何商业用途!\
为保护开发者隐私,开发者信息已隐去!若原开发者希望公开自己的信息,可联系【pioneer】处理。

BIN
dependence/authAPI.jar
View File

Binary file not shown.

BIN
dependence/cas-client-core-3.2.1.jar
View File

Binary file not shown.

BIN
dependence/casclient.jar
View File

Binary file not shown.

5
fgAuth.properties
Unescape View File

@ -0,0 +1,5 @@
loginUrl=http://xx:7001/sso-server/login
validateUrl=http://xx:7001/sso-server/serviceValidate
serverName=xx
remoteChain=true
mobileChain=false

BIN
lib/authAPI.jar
View File

Binary file not shown.

21
plugin.xml
Unescape View File

@ -0,0 +1,21 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?>
<plugin>
<id>com.fr.plugin.fg</id>
<name><![CDATA[ xx权限集成 ]]></name>
<active>yes</active>
<version>1.9.4</version>
<env-version>10.0~11.0</env-version>
<vendor>fr.open</vendor>
<jartime>2018-07-03</jartime>
<description><![CDATA[xx权限集成]]></description>
<change-notes><![CDATA[
<p>[2022-06-10]1.9.4:修复定时调度启动入参不为空</p>
<p>[2020-12-11]新增导出请求放行,可配置放行url</p>
<p>兼容FR和BI模板预览地址权限过滤</p>
]]></change-notes>
<main-package>com.fr.plugin.fg.auth</main-package>
<function-recorder class="com.fr.plugin.fg.auth.filter.CheckTempleteAuth"/>
<extra-decision>
<GlobalRequestFilterProvider class="com.fr.plugin.fg.auth.filter.CheckTempleteAuth"/>
</extra-decision>
</plugin>

53
src/main/java/com/fr/plugin/fg/auth/FGAuthApi.java
Unescape View File

@ -0,0 +1,53 @@
package com.fr.plugin.fg.auth;
import com.fr.log.FineLoggerFactory;
import com.ytec.authAPI.interFace.AuthIF;
import com.ytec.authAPI.interFace.bean.AuthObjDtl;
import java.util.*;
public class FGAuthApi {
private static final String DMNS_TYPE_ALL = "d_pf_all";
public static Map<String, Map<String, Set<String>>> tempAuth = null;
static {
FineLoggerFactory.getLogger().info("FGAuth:报表工程启动,开始获取模板权限");
updateTempAuth();
}
public static boolean updateTempAuth(){
Map<String, Map<String, Set<String>>> menuAuthMap = new HashMap<String, Map<String, Set<String>>>();
try {
AuthIF authIF_ = AuthIF.getInstance();
List<AuthObjDtl> objList = authIF_.getAuthedDmnsVlByDmnsTyp(DMNS_TYPE_ALL);//AuthObjDtl为权限详细
if (objList.size() > 0) {
for (AuthObjDtl authObj : objList) {
Set<String> objIDList = menuAuthMap.get(authObj.getDmnsDtl().getDmnsVlCd()) == null ? null:
menuAuthMap.get(authObj.getDmnsDtl().getDmnsVlCd()).get(authObj.getObjTyp());//authObj.getDmnsDtl()为维度值详细,包括报表ID和报表名称
if (objIDList == null) {
Map<String, Set<String>> objAuthMap = new HashMap<String, Set<String>>();
objAuthMap.put(AuthObjDtl.OBJ_TYP_ROLE, new HashSet<String>()); // role
objAuthMap.put(AuthObjDtl.OBJ_TYP_USR, new HashSet<String>()); // usr
menuAuthMap.put(authObj.getDmnsDtl().getDmnsVlCd(), objAuthMap);
objIDList = objAuthMap.get(authObj.getObjTyp());//authObj.getObjTyp()为授权对象类型,包括role和usr两种类型,平台可以针对用户或者角色进行权限设置
}
objIDList.add(authObj.getObjId());//authObj.getObjId()既对应的授权对象ID,根据对象类型,是用户ID或者角色ID
}
//objAuthMap_ = menuAuthMap;
} else {
FineLoggerFactory.getLogger().error("FGAuth:从权限API取得菜单权限失败");
return false;
}
//lastUpdateTime_ = typeInfo.getLatestUpdateTime();
} catch (Exception e) {
FineLoggerFactory.getLogger().error("FGAuth:从权限API更新·权限设置失败", e);
return false;
}
FineLoggerFactory.getLogger().info("FGAuth:读取到的模板权限为 " + menuAuthMap);
tempAuth = menuAuthMap;
return true;
}
}

17
src/main/java/com/fr/plugin/fg/auth/TempAuthSyncJob.java
Unescape View File

@ -0,0 +1,17 @@
package com.fr.plugin.fg.auth;
import com.fr.cluster.core.ClusterNode;
import com.fr.log.FineLoggerFactory;
import com.fr.scheduler.job.FineScheduleJob;
import com.fr.third.v2.org.quartz.JobExecutionContext;
public class TempAuthSyncJob extends FineScheduleJob {
@Override
public void run(JobExecutionContext jobExecutionContext, ClusterNode clusterNode){
if (FGAuthApi.updateTempAuth()) {
FineLoggerFactory.getLogger().info("FGAuth:定时任务更新完成······");
} else {
FineLoggerFactory.getLogger().info("FGAuth:定时任务更新失败······");
}
}
}

44
src/main/java/com/fr/plugin/fg/auth/TempAuthSyncSchedule.java
Unescape View File

@ -0,0 +1,44 @@
package com.fr.plugin.fg.auth;
import com.fr.log.FineLoggerFactory;
import com.fr.scheduler.QuartzContext;
import com.fr.scheduler.ScheduleJobManager;
import com.fr.third.v2.org.quartz.JobKey;
import com.fr.third.v2.org.quartz.SimpleScheduleBuilder;
import com.fr.third.v2.org.quartz.TriggerBuilder;
import java.util.Map;
public class TempAuthSyncSchedule {
private static Long syncTime = 10000L;
private static String scheduleName = "FGTempAuthSync";
public static void startSchedule(String jobName, String jobGroup, Map<String, Object> parameters) throws Exception {
JobKey jobKey = new JobKey(jobName, jobGroup);
if (QuartzContext.getInstance().getScheduler().checkExists(jobKey)) {
ScheduleJobManager.getInstance().removeJob(jobKey.getName(), jobKey.getGroup());
}
TriggerBuilder triggerBuilder = TriggerBuilder.newTrigger();
triggerBuilder.forJob(jobKey.getName(), jobKey.getGroup())
.withIdentity(jobKey.getName(), jobKey.getGroup())
.startNow();
SimpleScheduleBuilder schedule = SimpleScheduleBuilder.simpleSchedule();
schedule.withMisfireHandlingInstructionNextWithExistingCount();
schedule.withIntervalInMilliseconds(syncTime);
schedule.repeatForever();
triggerBuilder.withSchedule(schedule);
ScheduleJobManager.getInstance().addJob(
jobKey.getName(),
jobKey.getGroup(),
scheduleName,
TempAuthSyncJob.class,
triggerBuilder.build(),
parameters);
FineLoggerFactory.getLogger().info("FGAuth:定时任务已启动完成,执行频率为 " + syncTime/1000 + "秒");
}
}

202
src/main/java/com/fr/plugin/fg/auth/filter/CasYaleFilter.java
Unescape View File

@ -0,0 +1,202 @@
package com.fr.plugin.fg.auth.filter;
import com.fr.data.NetworkHelper;
import com.fr.decision.fun.impl.AbstractGlobalRequestFilterProvider;
import com.fr.io.utils.ResourceIOUtils;
import com.fr.log.FineLoggerFactory;
import com.fr.stable.StringUtils;
import com.fr.web.utils.WebUtils;
import edu.yale.its.tp.cas.client.ProxyTicketValidator;
import edu.yale.its.tp.cas.client.Util;
import edu.yale.its.tp.cas.client.filter.CASFilterRequestWrapper;
import org.xml.sax.SAXException;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.xml.parsers.ParserConfigurationException;
import java.io.IOException;
import java.net.URLEncoder;
import java.util.Properties;
import java.util.StringTokenizer;
public class CasYaleFilter extends AbstractGlobalRequestFilterProvider {
public static final String CAS_FILTER_USER = "edu.yale.its.tp.cas.client.filter.user";
public static String IGNORE_URL;
private String casLogin;
private String casValidate;
private String casAuthorizedProxy;
private String casServiceUrl;
private String casRenew;
private String casServerName;
private boolean wrapRequest;
private Properties properties = new Properties();
@Override
public String filterName() {
return "cas";
}
@Override
public String[] urlPatterns() {
return new String[]{ "/*"};
}
@Override
public void init(FilterConfig filterConfig) {
try {
properties.load(ResourceIOUtils.read("/resources/fgAuth.properties"));
} catch (IOException e) {
FineLoggerFactory.getLogger().error(e.getLocalizedMessage(), e);
}
this.casLogin = properties.getProperty("loginUrl");
this.casValidate = properties.getProperty("validateUrl");
this.casServerName = properties.getProperty("serverName");
this.IGNORE_URL = properties.getProperty("ignoreUrl"); // 逗号分隔
FineLoggerFactory.getLogger().debug("IGNORE_URL: {}", IGNORE_URL);
}
@Override
public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) {
try {
if (isIgnoreRequest(request)) {
filterChain.doFilter(request, response);
return;
}
if (this.wrapRequest) {
request = new CASFilterRequestWrapper((HttpServletRequest)request);
}
HttpSession var4 = ((HttpServletRequest)request).getSession();
if (var4 != null && var4.getAttribute("edu.yale.its.tp.cas.client.filter.user") != null) {
filterChain.doFilter((ServletRequest)request, response);
} else {
String var5 = ((ServletRequest)request).getParameter("ticket");
if (var5 != null && !var5.equals("")) {
String var6 = this.getAuthenticatedUser((HttpServletRequest)request);
if (var6 == null) {
throw new ServletException("Unexpected CAS authentication error");
} else {
if (var4 != null) {
var4.setAttribute("edu.yale.its.tp.cas.client.filter.user", var6);
}
filterChain.doFilter((ServletRequest)request, response);
}
} else if (this.casLogin == null) {
throw new ServletException("When CASFilter protects pages that do not receive a 'ticket' parameter, it needs a edu.yale.its.tp.cas.client.filter.loginUrl filter parameter");
} else {
((HttpServletResponse)response).sendRedirect(this.casLogin + "?service=" + this.getService((HttpServletRequest)request) + (this.casRenew != null && !this.casRenew.equals("") ? "&renew=" + this.casRenew : ""));
}
}
} catch (ServletException e) {
FineLoggerFactory.getLogger().error(e.getLocalizedMessage(), e);
} catch (IOException e) {
FineLoggerFactory.getLogger().error(e.getLocalizedMessage(), e);
}
}
private String getAuthenticatedUser(HttpServletRequest request) throws ServletException {
ProxyTicketValidator var2 = null;
String var4;
try {
var2 = new ProxyTicketValidator();
var2.setCasValidateUrl(this.casValidate);
var2.setServiceTicket(request.getParameter("ticket"));
var2.setService(this.getService(request));
var2.setRenew(Boolean.valueOf(this.casRenew));
var2.validate();
if (!var2.isAuthenticationSuccesful()) {
throw new ServletException("CAS authentication error: " + var2.getErrorCode() + ": " + var2.getErrorMessage());
} else {
if (var2.getProxyList().size() != 0) {
if (this.casAuthorizedProxy == null) {
throw new ServletException("this page does not accept proxied tickets");
}
boolean var3 = false;
var4 = (String)var2.getProxyList().get(0);
StringTokenizer var5 = new StringTokenizer(this.casAuthorizedProxy);
while(var5.hasMoreTokens()) {
if (var4.equals(var5.nextToken())) {
var3 = true;
break;
}
}
if (!var3) {
throw new ServletException("unauthorized top-level proxy: '" + var2.getProxyList().get(0) + "'");
}
}
return var2.getUser();
}
} catch (SAXException var6) {
var4 = "";
if (var2 != null) {
var4 = var2.getResponse();
}
throw new ServletException(var6 + " " + var4);
} catch (ParserConfigurationException var7) {
throw new ServletException(var7);
} catch (IOException var8) {
throw new ServletException(var8);
}
}
private String getService(HttpServletRequest request) throws ServletException {
if (this.casServerName == null && this.casServiceUrl == null) {
throw new ServletException("need one of the following configuration parameters: edu.yale.its.tp.cas.client.filter.serviceUrl or edu.yale.its.tp.cas.client.filter.serverName");
} else {
return this.casServiceUrl != null ? URLEncoder.encode(this.casServiceUrl) : Util.getService(request, this.casServerName);
}
}
@Override
public void destroy() {
}
public static boolean isIgnoreRequest(HttpServletRequest request) {
if (request.getRequestURI().contains("remote") ||
isMobile(request) ||
StringUtils.isNotBlank(WebUtils.getHTTPRequestParameter(request, "format"))) {
return true;
}
String[] ignores = IGNORE_URL.split(",");
FineLoggerFactory.getLogger().info("isIgnoreRequest uri: {}", request.getRequestURI());
for (String ignore:ignores) {
if (request.getRequestURI().contains(ignore)) {
return true;
}
}
return false;
}
public static boolean isMobile(HttpServletRequest req) {
String[] mobileArray = {"iPhone", "iPad", "android", "windows phone", "xiaomi"};
String userAgent = req.getHeader("user-agent");
if (userAgent != null && userAgent.toUpperCase().contains("MOBILE")) {
for(String mobile : mobileArray) {
if(userAgent.toUpperCase().contains(mobile.toUpperCase())) {
return true;
}
}
}
return NetworkHelper.getDevice(req).isMobile();
}
}

164
src/main/java/com/fr/plugin/fg/auth/filter/CheckTempleteAuth.java
Unescape View File

@ -0,0 +1,164 @@
package com.fr.plugin.fg.auth.filter;
import com.fr.data.NetworkHelper;
import com.fr.decision.authority.data.User;
import com.fr.decision.fun.impl.AbstractGlobalRequestFilterProvider;
import com.fr.decision.mobile.terminal.TerminalHandler;
import com.fr.decision.webservice.utils.WebServiceUtils;
import com.fr.decision.webservice.v10.login.LoginService;
import com.fr.decision.webservice.v10.login.TokenResource;
import com.fr.decision.webservice.v10.user.UserService;
import com.fr.general.ComparatorUtils;
import com.fr.locale.InterProviderFactory;
import com.fr.log.FineLoggerFactory;
import com.fr.plugin.fg.auth.TempAuthSyncSchedule;
import com.fr.plugin.transform.ExecuteFunctionRecord;
import com.fr.plugin.transform.FunctionRecorder;
import com.fr.security.JwtUtils;
import com.fr.stable.StringUtils;
import com.fr.stable.web.Device;
import com.fr.web.utils.WebUtils;
import com.ytec.authAPI.interFace.AuthIF;
import com.ytec.authAPI.interFace.bean.AuthObjDtl;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.PrintWriter;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import static com.fr.plugin.fg.auth.FGAuthApi.tempAuth;
@FunctionRecorder
public class CheckTempleteAuth extends AbstractGlobalRequestFilterProvider{
private String name = "fineFgAuth";
private String cpt_path = "/decision/view/report";
private String frm_path = "/decision/view/form";
private String bi_path = "/decision/v5/design/report/";
@Override
public String filterName() {
return name;
}
@Override
public String[] urlPatterns() {
return new String[]{cpt_path, frm_path, bi_path};
}
@Override
public void init(FilterConfig filterConfig) {
super.init(filterConfig);
try {
FineLoggerFactory.getLogger().info("FGAuth:Schedule开始启动");
TempAuthSyncSchedule.startSchedule(name, name, new HashMap<String, Object>());
} catch (Exception e) {
FineLoggerFactory.getLogger().error("FGAuth:Schedule启动失败" + e.getMessage(), e);
}
}
@ExecuteFunctionRecord
@Override
public void doFilter(HttpServletRequest req, HttpServletResponse res, FilterChain filterChain) {
try {
// 未登录请求 直接放行
if (!LoginService.getInstance().isLogged(req)) {
filterChain.doFilter(req, res);
return;
}
String viewlet = WebUtils.getHTTPRequestParameter(req, "viewlet");
// 客户报表分两类, 以【我的报表】开头的报表走验证, 其他的都不走验证
if ((StringUtils.isNotBlank(viewlet) && viewlet.startsWith("我的报表")) || isBiViewUrl(req)) {
//String userName = getUser(req);
String userName = LoginService.getInstance().getCurrentUserNameFromRequestCookie(req);
User user = UserService.getInstance().getUserByUserName(userName);
FineLoggerFactory.getLogger().info("FGAuth:用户 {}, 模板名称 {}", userName, viewlet);
if (!checkUserAuth(userName, viewlet, user)) {
FineLoggerFactory.getLogger().info("FGAuth:用户 {} 没有模板权限 {}", userName, viewlet);
showError(res);
return;
}
}
filterChain.doFilter(req, res);
} catch (Exception e) {
FineLoggerFactory.getLogger().error("FGAuth: CheckTemplateAuth#doFilter执行异常" + e.getMessage(), e);
}
}
private boolean isBiViewUrl(HttpServletRequest req){
if (req.getRequestURI().contains(bi_path)) {
FineLoggerFactory.getLogger().info("FGAuth: BI的预览请求" + req.getRequestURI());
return true;
}
return false;
}
private void showError(HttpServletResponse res){
try {
PrintWriter printWriter = WebUtils.createPrintWriter(res);
Map<String, Object> map = new HashMap<>();
map.put("result", InterProviderFactory.getProvider().getLocText("Fine-Engine_Error_Page_Result"));
map.put("reason", InterProviderFactory.getProvider().getLocText("Fine-Engine_Report_No_Priviledege"));
map.put("solution", InterProviderFactory.getProvider().getLocText("Fine-Engine_Please_Contact_Platform_Admin"));
String page = WebServiceUtils.parseWebPageResourceSafe("com/fr/web/controller/decision/entrance/resources/unavailable.html", map);
printWriter.write(page);
printWriter.flush();
printWriter.close();
} catch (Exception e) {
FineLoggerFactory.getLogger().error("FGAuth: CheckTempleteAuth#showError执行异常" + e.getMessage(), e);
}
}
/**
* 校验tempAuth中是否包含当前用户
* @param userName
* @param viewlet
* @return
*/
private boolean checkUserAuth(String userName, String viewlet, User user) throws Exception {
// 超管
if (UserService.getInstance().isAdmin(user.getId())){
return true;
}
/**
* 只取模板的编号
* 我的报表/dept_019/rpt_0005.frm 转换为 bi_rpt_0005
*/
viewlet = "bi_" + viewlet.substring(viewlet.lastIndexOf("/") + 1).replace(".cpt", "").replace(".frm", "");
if (!tempAuth.containsKey(viewlet)) {
return false;
}
// 用户名校验
Set<String> userInfo = tempAuth.get(viewlet).get(AuthObjDtl.OBJ_TYP_USR);
FineLoggerFactory.getLogger().info("FGAuth: {} 的userInfo为 {}", viewlet, userInfo);
if (userInfo != null && userInfo.contains(userName)) {
return true;
}
// 角色校验
//List<String> roles = UserService.getInstance().getUserDetailInfoByUsername(userName).getCustomRoleNames();
Set<String> roles = AuthIF.getInstance().getUserRoles(userName);
Set<String> roleInfo = tempAuth.get(viewlet).get(AuthObjDtl.OBJ_TYP_ROLE);
FineLoggerFactory.getLogger().info("FGAuth: {} 的roleInfo为 {}", viewlet, roleInfo);
FineLoggerFactory.getLogger().info("FGAuth: 当前用户 {} 的角色信息为 {}", userName, roles);
if (roles != null && roleInfo != null){
for (String role : roles) {
if (roleInfo.contains(role)) {
return true;
}
}
}
return false;
}
}

73
src/main/java/com/fr/plugin/fg/auth/filter/FGFilter.java
Unescape View File

@ -0,0 +1,73 @@
package com.fr.plugin.fg.auth.filter;
import com.fr.data.NetworkHelper;
import com.fr.decision.fun.impl.AbstractGlobalRequestFilterProvider;
import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.List;
public class FGFilter extends AbstractGlobalRequestFilterProvider {
@Override
public String filterName() {
return "FGFilter";
}
@Override
public String[] urlPatterns() {
return new String[]{
"/*"
};
}
@Override
public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) {
// 远程设计 and 移动端请求放行
try {
if (request.getRequestURI().contains("remote")) {
filterChain.doFilter(request, response);
return;
}
if (NetworkHelper.getDevice(request).isMobile()
|| "h5".equals(request.getParameter("op"))
|| request.getRequestURI().contains("/weixin/single/login")
|| request.getRequestURI().contains("mobile")) {
filterChain.doFilter(request, response);
return;
}
} catch (Exception e) {
e.printStackTrace();
}
}
private static class VirtualFilterChain implements FilterChain {
private List<Filter> filters;
private FilterChain originChain;
private int count;
VirtualFilterChain(List<Filter> filters, FilterChain originChain) {
this.filters = filters;
this.originChain = originChain;
}
@Override
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse) throws IOException, ServletException {
if (count == filters.size()) {
originChain.doFilter(servletRequest, servletResponse);
} else {
filters.get(count++).doFilter(servletRequest, servletResponse, this);
}
}
}
}

106
src/main/java/com/fr/plugin/fg/auth/filter/LoginFilter.java
Unescape View File

@ -0,0 +1,106 @@
package com.fr.plugin.fg.auth.filter;
import com.fr.data.NetworkHelper;
import com.fr.decision.fun.impl.AbstractGlobalRequestFilterProvider;
import com.fr.decision.mobile.terminal.TerminalHandler;
import com.fr.decision.webservice.utils.DecisionServiceConstants;
import com.fr.decision.webservice.v10.login.LoginService;
import com.fr.general.ComparatorUtils;
import com.fr.log.FineLoggerFactory;
import com.fr.security.JwtUtils;
import com.fr.stable.StringUtils;
import com.fr.stable.web.Device;
import org.jasig.cas.client.validation.Assertion;
import javax.servlet.FilterChain;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class LoginFilter extends AbstractGlobalRequestFilterProvider {
@Override
public String filterName() {
return "fineCasLogin";
}
@Override
public String[] urlPatterns() {
return new String[]{ "/*"};
}
@Override
public void doFilter(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) {
try {
if (CasYaleFilter.isIgnoreRequest(request)) {
filterChain.doFilter(request, response);
return;
}
HttpSession session = request.getSession(true);
FineLoggerFactory.getLogger().info("URL:" + request.getRequestURI());
String username;
//获取cas传递过来的username
Object object = request.getSession().getAttribute("_const_cas_assertion_");
if (object != null) {
Assertion assertion = (Assertion) object;
username = assertion.getPrincipal().getName();
} else {
username = (String) session.getAttribute("edu.yale.its.tp.cas.client.filter.user");
}
try {
//用户名为空,登录请求有问题,直接报错
if (StringUtils.isNotEmpty(username)) {
FineLoggerFactory.getLogger().info("username:" + username);
//获取请求携带的token
Object oldToken = session.getAttribute(DecisionServiceConstants.FINE_AUTH_TOKEN_NAME);
//token不存在,或者token过期了,走后台登录方法
if (oldToken == null || !checkTokenValid(request, (String) oldToken, username)) {
login(request, response, session, username);
filterChain.doFilter(request, response);
} else {
//放行
filterChain.doFilter(request, response);
FineLoggerFactory.getLogger().info("no need");
}
} else {
throw new Exception("username is empty");
}
} catch (Exception e) {
FineLoggerFactory.getLogger().error(e.getMessage(), e);
}
} catch (Exception e) {
FineLoggerFactory.getLogger().error(e.getMessage(), e);
}
}
/**
* 后台登录方法
*/
private void login(HttpServletRequest req, HttpServletResponse res, HttpSession session, String username) throws Exception {
String token = LoginService.getInstance().login(req, res, username);
session.setAttribute("fine_auth_token", token);
req.setAttribute("fine_auth_token", token);
FineLoggerFactory.getLogger().info("fr FrFilter is over with username is ###" + username);
}
/**
* 校验token是否有效
*/
private boolean checkTokenValid(HttpServletRequest req, String token, String currentUserName) {
try {
//当前登录用户和token对应的用户名不同,需要重新生成token
if (!ComparatorUtils.equals(currentUserName, JwtUtils.parseJWT(token).getSubject())) {
FineLoggerFactory.getLogger().info("username changed:" + currentUserName);
return false;
}
Device device = NetworkHelper.getDevice(req);
LoginService.getInstance().loginStatusValid(token, TerminalHandler.getTerminal(req, device));
return true;
} catch (Exception ignore) {
}
return false;
}
}
Write Preview
Loading…
Cancel
Save