You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
164 lines
6.6 KiB
164 lines
6.6 KiB
package com.fr.plugin.fg.auth.filter; |
|
|
|
import com.fr.data.NetworkHelper; |
|
import com.fr.decision.authority.data.User; |
|
import com.fr.decision.fun.impl.AbstractGlobalRequestFilterProvider; |
|
import com.fr.decision.mobile.terminal.TerminalHandler; |
|
import com.fr.decision.webservice.utils.WebServiceUtils; |
|
import com.fr.decision.webservice.v10.login.LoginService; |
|
import com.fr.decision.webservice.v10.login.TokenResource; |
|
import com.fr.decision.webservice.v10.user.UserService; |
|
import com.fr.general.ComparatorUtils; |
|
import com.fr.locale.InterProviderFactory; |
|
import com.fr.log.FineLoggerFactory; |
|
import com.fr.plugin.fg.auth.TempAuthSyncSchedule; |
|
import com.fr.plugin.transform.ExecuteFunctionRecord; |
|
import com.fr.plugin.transform.FunctionRecorder; |
|
import com.fr.security.JwtUtils; |
|
import com.fr.stable.StringUtils; |
|
import com.fr.stable.web.Device; |
|
import com.fr.web.utils.WebUtils; |
|
import com.ytec.authAPI.interFace.AuthIF; |
|
import com.ytec.authAPI.interFace.bean.AuthObjDtl; |
|
|
|
import javax.servlet.FilterChain; |
|
import javax.servlet.FilterConfig; |
|
import javax.servlet.http.HttpServletRequest; |
|
import javax.servlet.http.HttpServletResponse; |
|
import javax.servlet.http.HttpSession; |
|
import java.io.PrintWriter; |
|
import java.util.HashMap; |
|
import java.util.List; |
|
import java.util.Map; |
|
import java.util.Set; |
|
|
|
import static com.fr.plugin.fg.auth.FGAuthApi.tempAuth; |
|
|
|
@FunctionRecorder |
|
public class CheckTempleteAuth extends AbstractGlobalRequestFilterProvider{ |
|
|
|
private String name = "fineFgAuth"; |
|
private String cpt_path = "/decision/view/report"; |
|
private String frm_path = "/decision/view/form"; |
|
private String bi_path = "/decision/v5/design/report/"; |
|
|
|
@Override |
|
public String filterName() { |
|
return name; |
|
} |
|
|
|
@Override |
|
public String[] urlPatterns() { |
|
return new String[]{cpt_path, frm_path, bi_path}; |
|
} |
|
|
|
@Override |
|
public void init(FilterConfig filterConfig) { |
|
super.init(filterConfig); |
|
try { |
|
FineLoggerFactory.getLogger().info("FGAuth:Schedule开始启动"); |
|
TempAuthSyncSchedule.startSchedule(name, name, new HashMap<String, Object>()); |
|
} catch (Exception e) { |
|
FineLoggerFactory.getLogger().error("FGAuth:Schedule启动失败" + e.getMessage(), e); |
|
} |
|
} |
|
|
|
@ExecuteFunctionRecord |
|
@Override |
|
public void doFilter(HttpServletRequest req, HttpServletResponse res, FilterChain filterChain) { |
|
try { |
|
|
|
// 未登录请求 直接放行 |
|
if (!LoginService.getInstance().isLogged(req)) { |
|
filterChain.doFilter(req, res); |
|
return; |
|
} |
|
|
|
String viewlet = WebUtils.getHTTPRequestParameter(req, "viewlet"); |
|
// 客户报表分两类, 以【我的报表】开头的报表走验证, 其他的都不走验证 |
|
if ((StringUtils.isNotBlank(viewlet) && viewlet.startsWith("我的报表")) || isBiViewUrl(req)) { |
|
//String userName = getUser(req); |
|
String userName = LoginService.getInstance().getCurrentUserNameFromRequestCookie(req); |
|
User user = UserService.getInstance().getUserByUserName(userName); |
|
|
|
FineLoggerFactory.getLogger().info("FGAuth:用户 {}, 模板名称 {}", userName, viewlet); |
|
if (!checkUserAuth(userName, viewlet, user)) { |
|
FineLoggerFactory.getLogger().info("FGAuth:用户 {} 没有模板权限 {}", userName, viewlet); |
|
showError(res); |
|
return; |
|
} |
|
} |
|
|
|
filterChain.doFilter(req, res); |
|
} catch (Exception e) { |
|
FineLoggerFactory.getLogger().error("FGAuth: CheckTemplateAuth#doFilter执行异常" + e.getMessage(), e); |
|
} |
|
} |
|
|
|
private boolean isBiViewUrl(HttpServletRequest req){ |
|
if (req.getRequestURI().contains(bi_path)) { |
|
FineLoggerFactory.getLogger().info("FGAuth: BI的预览请求" + req.getRequestURI()); |
|
return true; |
|
} |
|
return false; |
|
} |
|
|
|
private void showError(HttpServletResponse res){ |
|
try { |
|
PrintWriter printWriter = WebUtils.createPrintWriter(res); |
|
Map<String, Object> map = new HashMap<>(); |
|
map.put("result", InterProviderFactory.getProvider().getLocText("Fine-Engine_Error_Page_Result")); |
|
map.put("reason", InterProviderFactory.getProvider().getLocText("Fine-Engine_Report_No_Priviledege")); |
|
map.put("solution", InterProviderFactory.getProvider().getLocText("Fine-Engine_Please_Contact_Platform_Admin")); |
|
String page = WebServiceUtils.parseWebPageResourceSafe("com/fr/web/controller/decision/entrance/resources/unavailable.html", map); |
|
printWriter.write(page); |
|
printWriter.flush(); |
|
printWriter.close(); |
|
} catch (Exception e) { |
|
FineLoggerFactory.getLogger().error("FGAuth: CheckTempleteAuth#showError执行异常" + e.getMessage(), e); |
|
} |
|
} |
|
|
|
/** |
|
* 校验tempAuth中是否包含当前用户 |
|
* @param userName |
|
* @param viewlet |
|
* @return |
|
*/ |
|
private boolean checkUserAuth(String userName, String viewlet, User user) throws Exception { |
|
// 超管 |
|
if (UserService.getInstance().isAdmin(user.getId())){ |
|
return true; |
|
} |
|
/** |
|
* 只取模板的编号 |
|
* 我的报表/dept_019/rpt_0005.frm 转换为 bi_rpt_0005 |
|
*/ |
|
viewlet = "bi_" + viewlet.substring(viewlet.lastIndexOf("/") + 1).replace(".cpt", "").replace(".frm", ""); |
|
if (!tempAuth.containsKey(viewlet)) { |
|
return false; |
|
} |
|
|
|
// 用户名校验 |
|
Set<String> userInfo = tempAuth.get(viewlet).get(AuthObjDtl.OBJ_TYP_USR); |
|
FineLoggerFactory.getLogger().info("FGAuth: {} 的userInfo为 {}", viewlet, userInfo); |
|
if (userInfo != null && userInfo.contains(userName)) { |
|
return true; |
|
} |
|
// 角色校验 |
|
//List<String> roles = UserService.getInstance().getUserDetailInfoByUsername(userName).getCustomRoleNames(); |
|
Set<String> roles = AuthIF.getInstance().getUserRoles(userName); |
|
Set<String> roleInfo = tempAuth.get(viewlet).get(AuthObjDtl.OBJ_TYP_ROLE); |
|
FineLoggerFactory.getLogger().info("FGAuth: {} 的roleInfo为 {}", viewlet, roleInfo); |
|
FineLoggerFactory.getLogger().info("FGAuth: 当前用户 {} 的角色信息为 {}", userName, roles); |
|
if (roles != null && roleInfo != null){ |
|
for (String role : roles) { |
|
if (roleInfo.contains(role)) { |
|
return true; |
|
} |
|
} |
|
} |
|
|
|
return false; |
|
} |
|
}
|
|
|