package com.fr.plugin.handler; import com.fanruan.api.net.http.HttpKit; import com.fr.data.NetworkHelper; import com.fr.decision.authority.data.User; import com.fr.decision.fun.impl.BaseHttpHandler; import com.fr.decision.mobile.terminal.TerminalHandler; import com.fr.decision.webservice.v10.login.LoginService; import com.fr.decision.webservice.v10.login.TokenResource; import com.fr.decision.webservice.v10.user.UserService; import com.fr.general.ComparatorUtils; import com.fr.json.JSONObject; import com.fr.log.FineLoggerFactory; import com.fr.plugin.FLConfig; import com.fr.security.JwtUtils; import com.fr.stable.StringUtils; import com.fr.stable.web.Device; import com.fr.third.springframework.web.bind.annotation.RequestMethod; import com.fr.web.utils.WebUtils; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import java.io.IOException; import java.util.HashMap; import java.util.Map; public class FLLoginCallBackHander extends BaseHttpHandler { @Override public RequestMethod getMethod() { return null; } @Override public String getPath() { return "/login"; } @Override public boolean isPublic() { return true; } @Override public void handle(HttpServletRequest req, HttpServletResponse res) throws Exception { String token = req.getParameter("code"); if (StringUtils.isNotBlank(token)) { String accessToken = getAccessToken(token); if (StringUtils.isEmpty(accessToken)) { WebUtils.printAsString(res, " 通过" + token + "获取accessToken失败返回内容无效"); return; } String userId = getUserId(accessToken); if (StringUtils.isEmpty(userId)) { WebUtils.printAsString(res, " 通过" + accessToken + "获取用户失败返回内容无效"); return; } UserService userService = UserService.getInstance(); User user = userService.getUserByUserName(userId); if (user != null) { login(req, res, userId); FLConfig xtlConfig = FLConfig.getInstance(); String frUrl = xtlConfig.getFrUrl(); sendRedirect(res, frUrl); return; } else { WebUtils.printAsString(res, "用户" + userId + "在帆软系统中不存在"); return; } } else { sendRedirect(res, goAuth()); } } private String getUserId(String accessToken) throws IOException { FLConfig xtlConfig = FLConfig.getInstance(); String valAddr = xtlConfig.getValAddr(); String url = String.format("%s/am/oauth2/tokeninfo?access_token=%s", valAddr,accessToken); Map header = new HashMap<>(); String resp = HttpKit.get(url, new HashMap<>(), header); FineLoggerFactory.getLogger().info("访问getUserInfo返回:{}", resp); JSONObject entries = new JSONObject(resp); return entries.getString("uid"); } private String getAccessToken(String code) throws IOException { FLConfig xtlConfig = FLConfig.getInstance(); String valAddr = xtlConfig.getValAddr(); String appid = xtlConfig.getAppid(); String loginClientSecret = xtlConfig.getLoginClientSecret(); String url = String.format("%s/am/oauth2/access_token", valAddr); Map header = new HashMap<>(); Map params = new HashMap<>(); params.put("client_id", appid); String frurl = xtlConfig.getFrUrl() + "/url/oauth2/login"; params.put("redirect_uri", frurl); params.put("scope", "uid+cn+userIdCode"); params.put("client_secret", loginClientSecret); params.put("grant_type", "authorization_code"); params.put("code", code); String resp = HttpKit.post(url, params, "utf-8", "utf-8", header); FineLoggerFactory.getLogger().info("访问getAccessToken返回:{}", resp); JSONObject entries = new JSONObject(resp); return entries.getString("access_token"); } private String goAuth() { FLConfig xtlConfig = FLConfig.getInstance(); String valAddr = xtlConfig.getValAddr(); String service = xtlConfig.getService(); String appid = xtlConfig.getAppid(); String frurl = xtlConfig.getFrUrl() + "/url/oauth2/login"; String url = String.format("%s/am/oauth2/authorize?service=%s&" + "response_type=code&client_id=%s&" + "scope=uid+cn+userIdCode&redirect_uri=%s&decision=Allow", valAddr, service,appid, frurl); return url; } private void sendRedirect(HttpServletResponse res, String url) { res.setStatus(HttpServletResponse.SC_MOVED_TEMPORARILY); res.setHeader("Location", url); } private boolean login(HttpServletRequest req, HttpServletResponse res, String username) { try { String oldToken = TokenResource.COOKIE.getToken(req); if ((oldToken == null) || (!checkTokenValid(req, oldToken, username))) { HttpSession session = req.getSession(true); String token = LoginService.getInstance().login(req, res, username); session.setAttribute("fine_auth_token", token); FineLoggerFactory.getLogger().error("fr CookieFilter is over with username is ###" + username); return true; } else { FineLoggerFactory.getLogger().error("no need login: {}", username); return true; } } catch (Exception e) { FineLoggerFactory.getLogger().error(e.getMessage(), e); return false; } } private boolean checkTokenValid(HttpServletRequest req, String token, String currentUserName) { try { if (!ComparatorUtils.equals(currentUserName, JwtUtils.parseJWT(token).getSubject())) { FineLoggerFactory.getLogger().info("username changed:" + currentUserName); return false; } else { Device device = NetworkHelper.getDevice(req); LoginService.getInstance().loginStatusValid(token, TerminalHandler.getTerminal(req, device)); return true; } } catch (Exception var5) { return false; } } }