pioneer
/
open-JSD-10171
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
0 Tags
311 KiB
 
Tree: ba3a72d86c
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'ba3a72d86c'
${ noResults }
open-JSD-10171/src/main/java/com/fr/plugin/fg/auth/filter/CheckTempleteAuth.java

164 lines
6.6 KiB
Raw Blame History

package com.fr.plugin.fg.auth.filter;
import com.fr.data.NetworkHelper;
import com.fr.decision.authority.data.User;
import com.fr.decision.fun.impl.AbstractGlobalRequestFilterProvider;
import com.fr.decision.mobile.terminal.TerminalHandler;
import com.fr.decision.webservice.utils.WebServiceUtils;
import com.fr.decision.webservice.v10.login.LoginService;
import com.fr.decision.webservice.v10.login.TokenResource;
import com.fr.decision.webservice.v10.user.UserService;
import com.fr.general.ComparatorUtils;
import com.fr.locale.InterProviderFactory;
import com.fr.log.FineLoggerFactory;
import com.fr.plugin.fg.auth.TempAuthSyncSchedule;
import com.fr.plugin.transform.ExecuteFunctionRecord;
import com.fr.plugin.transform.FunctionRecorder;
import com.fr.security.JwtUtils;
import com.fr.stable.StringUtils;
import com.fr.stable.web.Device;
import com.fr.web.utils.WebUtils;
import com.ytec.authAPI.interFace.AuthIF;
import com.ytec.authAPI.interFace.bean.AuthObjDtl;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.PrintWriter;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
import java.util.Set;
import static com.fr.plugin.fg.auth.FGAuthApi.tempAuth;
@FunctionRecorder
public class CheckTempleteAuth extends AbstractGlobalRequestFilterProvider{
private String name = "fineFgAuth";
private String cpt_path = "/decision/view/report";
private String frm_path = "/decision/view/form";
private String bi_path = "/decision/v5/design/report/";
@Override
public String filterName() {
return name;
}
@Override
public String[] urlPatterns() {
return new String[]{cpt_path, frm_path, bi_path};
}
@Override
public void init(FilterConfig filterConfig) {
super.init(filterConfig);
try {
FineLoggerFactory.getLogger().info("FGAuth:Schedule开始启动");
TempAuthSyncSchedule.startSchedule(name, name, new HashMap<String, Object>());
} catch (Exception e) {
FineLoggerFactory.getLogger().error("FGAuth:Schedule启动失败" + e.getMessage(), e);
}
}
@ExecuteFunctionRecord
@Override
public void doFilter(HttpServletRequest req, HttpServletResponse res, FilterChain filterChain) {
try {
// 未登录请求 直接放行
if (!LoginService.getInstance().isLogged(req)) {
filterChain.doFilter(req, res);
return;
}
String viewlet = WebUtils.getHTTPRequestParameter(req, "viewlet");
// 客户报表分两类, 以【我的报表】开头的报表走验证, 其他的都不走验证
if ((StringUtils.isNotBlank(viewlet) && viewlet.startsWith("我的报表")) || isBiViewUrl(req)) {
//String userName = getUser(req);
String userName = LoginService.getInstance().getCurrentUserNameFromRequestCookie(req);
User user = UserService.getInstance().getUserByUserName(userName);
FineLoggerFactory.getLogger().info("FGAuth:用户 {}, 模板名称 {}", userName, viewlet);
if (!checkUserAuth(userName, viewlet, user)) {
FineLoggerFactory.getLogger().info("FGAuth:用户 {} 没有模板权限 {}", userName, viewlet);
showError(res);
return;
}
}
filterChain.doFilter(req, res);
} catch (Exception e) {
FineLoggerFactory.getLogger().error("FGAuth: CheckTemplateAuth#doFilter执行异常" + e.getMessage(), e);
}
}
private boolean isBiViewUrl(HttpServletRequest req){
if (req.getRequestURI().contains(bi_path)) {
FineLoggerFactory.getLogger().info("FGAuth: BI的预览请求" + req.getRequestURI());
return true;
}
return false;
}
private void showError(HttpServletResponse res){
try {
PrintWriter printWriter = WebUtils.createPrintWriter(res);
Map<String, Object> map = new HashMap<>();
map.put("result", InterProviderFactory.getProvider().getLocText("Fine-Engine_Error_Page_Result"));
map.put("reason", InterProviderFactory.getProvider().getLocText("Fine-Engine_Report_No_Priviledege"));
map.put("solution", InterProviderFactory.getProvider().getLocText("Fine-Engine_Please_Contact_Platform_Admin"));
String page = WebServiceUtils.parseWebPageResourceSafe("com/fr/web/controller/decision/entrance/resources/unavailable.html", map);
printWriter.write(page);
printWriter.flush();
printWriter.close();
} catch (Exception e) {
FineLoggerFactory.getLogger().error("FGAuth: CheckTempleteAuth#showError执行异常" + e.getMessage(), e);
}
}
/**
* 校验tempAuth中是否包含当前用户
* @param userName
* @param viewlet
* @return
*/
private boolean checkUserAuth(String userName, String viewlet, User user) throws Exception {
// 超管
if (UserService.getInstance().isAdmin(user.getId())){
return true;
}
/**
* 只取模板的编号
* 我的报表/dept_019/rpt_0005.frm 转换为 bi_rpt_0005
*/
viewlet = "bi_" + viewlet.substring(viewlet.lastIndexOf("/") + 1).replace(".cpt", "").replace(".frm", "");
if (!tempAuth.containsKey(viewlet)) {
return false;
}
// 用户名校验
Set<String> userInfo = tempAuth.get(viewlet).get(AuthObjDtl.OBJ_TYP_USR);
FineLoggerFactory.getLogger().info("FGAuth: {} 的userInfo为 {}", viewlet, userInfo);
if (userInfo != null && userInfo.contains(userName)) {
return true;
}
// 角色校验
//List<String> roles = UserService.getInstance().getUserDetailInfoByUsername(userName).getCustomRoleNames();
Set<String> roles = AuthIF.getInstance().getUserRoles(userName);
Set<String> roleInfo = tempAuth.get(viewlet).get(AuthObjDtl.OBJ_TYP_ROLE);
FineLoggerFactory.getLogger().info("FGAuth: {} 的roleInfo为 {}", viewlet, roleInfo);
FineLoggerFactory.getLogger().info("FGAuth: 当前用户 {} 的角色信息为 {}", userName, roles);
if (roles != null && roleInfo != null){
for (String role : roles) {
if (roleInfo.contains(role)) {
return true;
}
}
}
return false;
}
}