You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
123 lines
5.5 KiB
123 lines
5.5 KiB
3 years ago
|
package com.fr.plugin.xx.ltqc.auth;
|
||
|
|
|
||
|
|
import com.fr.data.NetworkHelper;
|
||
|
|
import com.fr.decision.authority.data.User;
|
||
|
|
import com.fr.decision.fun.impl.AbstractGlobalRequestFilterProvider;
|
||
|
|
import com.fr.decision.webservice.Response;
|
||
|
|
import com.fr.decision.webservice.exception.login.UserPwdErrorException;
|
||
|
|
import com.fr.decision.webservice.exception.user.UserNotExistException;
|
||
|
|
import com.fr.decision.webservice.v10.remote.RemoteDesignStatusService;
|
||
|
|
import com.fr.decision.webservice.v10.user.UserService;
|
||
|
|
import com.fr.exception.RemoteDesignPermissionDeniedException;
|
||
|
|
import com.fr.general.ComparatorUtils;
|
||
|
|
import com.fr.json.JSONObject;
|
||
|
|
import com.fr.plugin.xx.ltqc.auth.conf.AuthSsoConfig;
|
||
|
|
import com.fr.plugin.xx.ltqc.auth.utils.CommonUtils;
|
||
|
|
import com.fr.plugin.xx.ltqc.auth.utils.HttpUtil;
|
||
|
|
import com.fr.plugin.xx.ltqc.auth.utils.LogUtils;
|
||
|
|
import com.fr.security.JwtUtils;
|
||
|
|
import com.fr.security.SecurityToolbox;
|
||
|
|
import com.fr.security.encryption.mode.EncryptionMode;
|
||
|
|
import com.fr.security.encryption.storage.StorageEncryptors;
|
||
|
|
import com.fr.stable.StringUtils;
|
||
|
|
import com.fr.web.service.RemoteDesignAuthorityDataService;
|
||
|
|
import com.fr.web.utils.WebUtils;
|
||
|
|
|
||
|
|
import javax.servlet.FilterChain;
|
||
|
|
import javax.servlet.http.HttpServletRequest;
|
||
|
|
import javax.servlet.http.HttpServletResponse;
|
||
|
|
import java.util.HashMap;
|
||
|
|
import java.util.Map;
|
||
|
|
|
||
|
|
/**
|
||
|
|
* @Author xx
|
||
|
|
* @Date 2022/5/9
|
||
|
|
* @Description
|
||
|
|
**/
|
||
|
|
public class RemoteFilter extends AbstractGlobalRequestFilterProvider {
|
||
|
|
@Override
|
||
|
|
public String filterName() {
|
||
|
|
return "design";
|
||
|
|
}
|
||
|
|
|
||
|
|
@Override
|
||
|
|
public String[] urlPatterns() {
|
||
|
|
return new String[]{"/decision/remote/design/token"};
|
||
|
|
}
|
||
|
|
|
||
|
|
@Override
|
||
|
|
public void doFilter(HttpServletRequest req, HttpServletResponse res, FilterChain filterChain) {
|
||
|
|
LogUtils.debug4plugin("捕获到远程设计器请求");
|
||
|
|
try {
|
||
|
|
String username, password, compatibleParameters0;
|
||
|
|
if (StringUtils.equalsIgnoreCase(req.getMethod(), "GET")) {
|
||
|
|
username = NetworkHelper.getHTTPRequestParameter(req, "username");
|
||
|
|
password = NetworkHelper.getHTTPRequestParameter(req, "password");
|
||
|
|
compatibleParameters0 = NetworkHelper.getHTTPRequestParameter(req, "compatibleParameters0");
|
||
|
|
} else {
|
||
|
|
username = NetworkHelper.getHTTPRequestParameter(req, "username");
|
||
|
|
password = SecurityToolbox.defaultDecrypt(NetworkHelper.getHTTPRequestParameter(req, "password"));
|
||
|
|
compatibleParameters0 = NetworkHelper.getHTTPRequestParameter(req, "compatibleParameters0");
|
||
|
|
}
|
||
|
|
if (StringUtils.isEmpty(compatibleParameters0) && !ComparatorUtils.equals(StorageEncryptors.getInstance().getCurrentEncryptionMode(), EncryptionMode.RSA)) {
|
||
|
|
throw new RemoteDesignPermissionDeniedException();
|
||
|
|
}
|
||
|
|
String token = StringUtils.EMPTY;
|
||
|
|
Map<String, Object> loginParam = new HashMap<>();
|
||
|
|
loginParam.put("username", username);
|
||
|
|
loginParam.put("password", password);
|
||
|
|
String loginRes = HttpUtil.doFormPost(AuthSsoConfig.getInstance().getEnvUrl(), null, loginParam, "UTF-8");
|
||
|
|
LogUtils.debug4plugin("login res is {}", loginRes);
|
||
|
|
JSONObject loginObject = new JSONObject(loginRes);
|
||
|
|
if (loginObject.has("data") && loginObject.getInt("__statusCode") == 1) {
|
||
|
|
token = loginObject.getString("data");
|
||
|
|
} else {
|
||
|
|
throw new UserPwdErrorException();
|
||
|
|
}
|
||
|
|
LogUtils.debug4plugin("get token is {}",token);
|
||
|
|
String validateUser = StringUtils.EMPTY;
|
||
|
|
Map<String, String> param = new HashMap<>();
|
||
|
|
param.put("ticketValue", token);
|
||
|
|
String result = HttpUtil.sendGet(AuthSsoConfig.getInstance().getValidateUrl(), param, null);
|
||
|
|
LogUtils.debug4plugin("validate cookie url is {}, param is {}, res is {}", AuthSsoConfig.getInstance().getValidateUrl(), param, res);
|
||
|
|
JSONObject object = new JSONObject(result);
|
||
|
|
if (object.has("data")) {
|
||
|
|
validateUser = object.getString("data");
|
||
|
|
if (CommonUtils.checkUser(validateUser)) {
|
||
|
|
login(res, username);
|
||
|
|
} else {
|
||
|
|
throw new UserNotExistException();
|
||
|
|
}
|
||
|
|
}
|
||
|
|
} catch (RemoteDesignPermissionDeniedException | UserNotExistException | UserPwdErrorException e) {
|
||
|
|
setRes(res, Response.error(e.errorCode(), e.getMessage()));
|
||
|
|
} catch (Exception e) {
|
||
|
|
LogUtils.error(e.getMessage(), e);
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
private void login(HttpServletResponse res, String username) throws Exception {
|
||
|
|
User user = UserService.getInstance().getUserByUserName(username);
|
||
|
|
if (user != null && RemoteDesignAuthorityDataService.getInstance().hasAuthority(user.getId())) {
|
||
|
|
setRes(res, Response.ok(this.generateToken(username)));
|
||
|
|
} else {
|
||
|
|
throw new RemoteDesignPermissionDeniedException();
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
private void setRes(HttpServletResponse res, Response body) {
|
||
|
|
try {
|
||
|
|
res.setContentType("application/json");
|
||
|
|
WebUtils.printAsJSON(res, JSONObject.mapFrom(body));
|
||
|
|
} catch (Exception e) {
|
||
|
|
LogUtils.error(e.getMessage(), e);
|
||
|
|
}
|
||
|
|
}
|
||
|
|
|
||
|
|
private String generateToken(String username) throws Exception {
|
||
|
|
String jwt = JwtUtils.createDefaultJWT(username);
|
||
|
|
RemoteDesignStatusService.loginStatusService().put(jwt, username, 1209600000);
|
||
|
|
return jwt;
|
||
|
|
}
|
||
|
|
}
|