You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
235 lines
8.9 KiB
235 lines
8.9 KiB
package com.fr.plugin.filter; |
|
|
|
import com.fanruan.api.log.LogKit; |
|
import com.fanruan.api.net.http.HttpKit; |
|
import com.fr.base.ServerConfig; |
|
import com.fr.data.NetworkHelper; |
|
import com.fr.decision.authority.data.User; |
|
import com.fr.decision.fun.impl.AbstractGlobalRequestFilterProvider; |
|
import com.fr.decision.mobile.terminal.TerminalHandler; |
|
import com.fr.decision.webservice.v10.login.LoginService; |
|
import com.fr.decision.webservice.v10.login.TokenResource; |
|
import com.fr.decision.webservice.v10.user.UserService; |
|
import com.fr.json.JSONObject; |
|
import com.fr.log.FineLoggerFactory; |
|
import com.fr.plugin.DESUtil; |
|
import com.fr.plugin.LDYConfig; |
|
import com.fr.stable.StringUtils; |
|
import com.fr.stable.web.Device; |
|
import com.fr.web.utils.WebUtils; |
|
|
|
import javax.servlet.FilterChain; |
|
import javax.servlet.FilterConfig; |
|
import javax.servlet.http.Cookie; |
|
import javax.servlet.http.HttpServletRequest; |
|
import javax.servlet.http.HttpServletResponse; |
|
import java.io.IOException; |
|
import java.io.UnsupportedEncodingException; |
|
import java.net.URLDecoder; |
|
import java.net.URLEncoder; |
|
import java.util.Enumeration; |
|
import java.util.HashMap; |
|
import java.util.Map; |
|
|
|
public class LDY1Filter extends AbstractGlobalRequestFilterProvider { |
|
@Override |
|
public String filterName() { |
|
return "LDY1Filter"; |
|
} |
|
|
|
@Override |
|
public String[] urlPatterns() { |
|
return new String[]{ |
|
"/*", |
|
}; |
|
} |
|
|
|
@Override |
|
public void init(FilterConfig filterConfig) { |
|
super.init(filterConfig); |
|
} |
|
public static String decode(String s,String pwd) { |
|
try { |
|
byte[] basebak= java.util.Base64.getDecoder().decode(s); |
|
byte[] result=DESUtil.decrypt(basebak,pwd); |
|
return new String(result).trim(); |
|
} catch (Exception e) { |
|
LogKit.error("解密失败",e); |
|
return ""; |
|
} |
|
} |
|
|
|
@Override |
|
public void doFilter(HttpServletRequest req, HttpServletResponse res, FilterChain filterChain) { |
|
try { |
|
if (needFilter(req) && !isLogin(req)) { |
|
//oa 的登录 |
|
String loginid = req.getParameter("workcode"); |
|
UserService userService = UserService.getInstance(); |
|
if(StringUtils.isNotBlank(loginid)){ |
|
LogKit.info("收到OA单点:{}",loginid); |
|
LDYConfig ldyConfig = LDYConfig.getInstance(); |
|
String oaDesKey = ldyConfig.getOaDesKey(); |
|
String decodeJSON = decode(loginid, oaDesKey); |
|
JSONObject entries = new JSONObject(decodeJSON); |
|
String userName = entries.getString("workcode"); |
|
User user = userService.getUserByUserName(userName); |
|
if (user == null) { |
|
WebUtils.printAsString(res, userName+"用户不存在---OA登录"); |
|
return; |
|
} |
|
login(req, res, userName); |
|
sendRedirect(res,getUrl(req)); |
|
return; |
|
} |
|
|
|
String ticket = req.getParameter("ticket"); |
|
String token = req.getParameter("token"); |
|
if (StringUtils.isBlank(ticket)||StringUtils.isBlank(token)) { |
|
WebUtils.printAsString(res, "ticket or token is null"); |
|
return; |
|
} |
|
String userId = checkTicket(ticket, token); |
|
if (StringUtils.isBlank(userId)) { |
|
WebUtils.printAsString(res, "检查用户ID失败,请检查来源"); |
|
return; |
|
} |
|
User user = userService.getUserByUserName(userId); |
|
if (user == null) { |
|
WebUtils.printAsString(res, userId + "用户不存在"); |
|
return; |
|
} |
|
login(req, res, userId); |
|
sendRedirect(res,getUrl(req)); |
|
return; |
|
} |
|
filterChain.doFilter(req, res); |
|
} catch (Exception e) { |
|
FineLoggerFactory.getLogger().error(e.getMessage(), e); |
|
} |
|
} |
|
|
|
|
|
private String getUrl(HttpServletRequest request) { |
|
StringBuilder builder = new StringBuilder(); |
|
|
|
String url = "/"; |
|
try { |
|
url = request.getScheme() + "://" + request.getServerName()//服务器地址 |
|
+ ":" |
|
+ request.getServerPort() + request.getRequestURI(); |
|
builder.append(url); |
|
Enumeration<String> parameterNames = request.getParameterNames(); |
|
builder.append("?q=1"); |
|
while (parameterNames.hasMoreElements()) { |
|
String key = parameterNames.nextElement(); |
|
if (StringUtils.equals(key, "workcode")) { |
|
continue; |
|
} |
|
if (StringUtils.equals(key, "ticket")) { |
|
continue; |
|
} |
|
builder.append("&").append(key).append("=").append(request.getParameter(key)); |
|
} |
|
} catch (Exception e) { |
|
e.printStackTrace(); |
|
} |
|
return builder.toString(); |
|
} |
|
|
|
private String checkTicket(String ticket, String token) throws IOException { |
|
LDYConfig config = LDYConfig.getInstance(); |
|
String base = config.getApiUrl(); |
|
String url = base + "/open/api/exhibition/ticket/validate?ticket=" + ticket; |
|
Map<String, String> header = new HashMap<>(); |
|
header.put("Authorization", "Bearer " + token); |
|
String res = HttpKit.get(url, new HashMap<>(), header); |
|
LogKit.info("url:{} token :{} checkTicket res:{}" ,url,token,res); |
|
JSONObject entries = new JSONObject(res); |
|
if (StringUtils.equals(entries.getString("success"), "true")) { |
|
return entries.getString("data"); |
|
} |
|
return ""; |
|
} |
|
|
|
private boolean needFilter(HttpServletRequest request) { |
|
String requestURI = request.getRequestURI(); |
|
if (StringUtils.isNotBlank(requestURI) && request.getMethod().equals("GET") ) { |
|
if (requestURI.endsWith("decision")||requestURI.endsWith("decision/") ) { |
|
return true; |
|
} |
|
if (requestURI.endsWith("/url/patch/web/page")) { |
|
return true; |
|
} |
|
if (requestURI.endsWith("/view/form") || requestURI.endsWith("/view/report")) { |
|
if (StringUtils.isNotBlank(request.getParameter("viewlet"))) { |
|
return true; |
|
} |
|
} |
|
if (requestURI.contains("/v10/entry/access/") && request.getMethod().equals("GET")) { |
|
return true; |
|
} |
|
if (requestURI.contains("/v5/design/report") && (requestURI.endsWith("/edit") || requestURI.endsWith("/view"))) { |
|
return true; |
|
} |
|
} |
|
return false; |
|
} |
|
|
|
private void sendRedirect(HttpServletResponse res, String url) { |
|
res.setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY); |
|
res.setHeader("Location", url); |
|
} |
|
|
|
private void delLoginOut(HttpServletRequest req, HttpServletResponse res) { |
|
try { |
|
//执行帆软内部的退出 |
|
LoginService.getInstance().logout(req, res); |
|
JSONObject jsonObject = new JSONObject(); |
|
jsonObject.put("data", "login"); |
|
//调用外部接口注销accessToken |
|
WebUtils.printAsJSON(res, jsonObject); |
|
} catch (Exception e) { |
|
} |
|
} |
|
|
|
private boolean isLogOut(HttpServletRequest req) { |
|
String url = WebUtils.getOriginalURL(req); |
|
String servletNamePrefix = "/" + ServerConfig.getInstance().getServletName() + "/logout"; |
|
return url.contains(servletNamePrefix) && req.getMethod().equals("POST"); |
|
} |
|
|
|
private void login(HttpServletRequest req, HttpServletResponse res, String username) { |
|
String token = null; |
|
try { |
|
token = LoginService.getInstance().login(req, res, username); |
|
req.setAttribute("fine_auth_token", token); |
|
} catch (Exception e) { |
|
FineLoggerFactory.getLogger().error(e.getMessage(), e); |
|
FineLoggerFactory.getLogger().error("login failed"); |
|
} |
|
FineLoggerFactory.getLogger().error("login success"); |
|
} |
|
|
|
private boolean isLogin(HttpServletRequest request) { |
|
String oldToken = TokenResource.COOKIE.getToken(request); |
|
return oldToken != null && checkTokenValid(request, (String) oldToken); |
|
} |
|
|
|
private boolean checkTokenValid(HttpServletRequest req, String token) { |
|
try { |
|
Device device = NetworkHelper.getDevice(req); |
|
LoginService.getInstance().loginStatusValid(token, TerminalHandler.getTerminal(req, device)); |
|
return true; |
|
} catch (Exception ignore) { |
|
} |
|
return false; |
|
} |
|
|
|
private static void setCookie(HttpServletResponse response, String name, String value) { |
|
Cookie cookie = new Cookie(name, value); |
|
cookie.setPath("/"); |
|
response.addCookie(cookie); |
|
} |
|
|
|
}
|
|
|