pioneer
/
open-JSD-9765
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
0 Tags
1.6 MiB
 
Tree: d09b1bde68
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'd09b1bde68'
${ noResults }
open-JSD-9765/src/main/java/com/fr/plugin/xx/saml/LoginFilter.java

227 lines
8.5 KiB
Raw Blame History

package com.fr.plugin.xx.saml;/*
* The contents of this file are subject to the Mozilla Public
* License Version 1.1 (the "License"); you may not use this
* file except in compliance with the License. You may obtain
* a copy of the License at http://www.mozilla.org/MPL/
*
* Software distributed under the License is distributed on an
* "AS IS" basis, WITHOUT WARRANTY OF ANY KIND, either express
* or implied. See the License for the specific language governing
* rights and limitations under the License.
*
*
* The Original Code is OIOSAML Java Service Provider.
*
* The Initial Developer of the Original Code is Trifork A/S. Portions
* created by Trifork A/S are Copyright (C) 2008 Danish National IT
* and Telecom Agency (http://www.itst.dk). All Rights Reserved.
*
* Contributor(s):
* Joakim Recht <jre@trifork.com>
* Rolf Njor Jensen <rolf@trifork.com>
* Aage Nielsen <ani@openminds.dk>
*
*/
import com.fr.data.NetworkHelper;
import com.fr.decision.authority.data.User;
import com.fr.decision.fun.impl.AbstractGlobalRequestFilterProvider;
import com.fr.decision.mobile.terminal.TerminalHandler;
import com.fr.decision.webservice.utils.DecisionServiceConstants;
import com.fr.decision.webservice.utils.WebServiceUtils;
import com.fr.decision.webservice.v10.config.ConfigService;
import com.fr.decision.webservice.v10.login.LoginService;
import com.fr.decision.webservice.v10.login.TokenResource;
import com.fr.decision.webservice.v10.user.UserService;
import com.fr.intelli.record.Focus;
import com.fr.intelli.record.Original;
import com.fr.locale.InterProviderFactory;
import com.fr.plugin.context.PluginContexts;
import com.fr.plugin.xx.saml.conf.SamlSsoConfig;
import com.fr.plugin.xx.saml.util.LogUtils;
import com.fr.plugin.transform.FunctionRecorder;
import com.fr.record.analyzer.EnableMetrics;
import com.fr.stable.StringUtils;
import com.fr.stable.fun.Authorize;
import com.fr.stable.web.Device;
import com.fr.web.utils.WebUtils;
import javax.servlet.FilterChain;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.time.Instant;
import java.util.HashMap;
import java.util.Map;
/**
* @author xx
* @date 2020/11/11
*/
@FunctionRecorder
@Authorize(callSignKey = Constants.PLUGIN_ID)
@EnableMetrics
public class LoginFilter extends AbstractGlobalRequestFilterProvider {
@Override
public String filterName() {
return "xx";
}
@Override
@Focus(id = Constants.PLUGIN_ID, text = "迈瑞smal", source = Original.PLUGIN)
public String[] urlPatterns() {
if (PluginContexts.currentContext().isAvailable()) {
String servletPathName = "decision";
try {
servletPathName = ConfigService.getInstance().getBasicParam().getServletPathName();
} catch (Exception e) {
LogUtils.error(e.getMessage(), e);
}
return new String[]{
"/" + servletPathName,
"/" + servletPathName + "/view/report",
"/" + servletPathName + "/view/form",
};
} else {
return new String[]{"/neverbeused"};
}
}
@Override
public void doFilter(HttpServletRequest req, HttpServletResponse res, FilterChain filterChain) {
String samlToken = req.getParameter("samlToken");
SamlSsoConfig config = SamlSsoConfig.getInstance();
try {
if (isAccept(req) || isLogin(req)) {
next(req, res, filterChain);
return;
}
if (StringUtils.isNotBlank(samlToken)) {
if(!config.isAccept()){
setError(res, String.format("单点登录配置未完成"));
return;
}
String key = config.getKey();
LogUtils.debug4plugin("get key config is {}", key);
String format = DesECBUtil.decryptDES(samlToken, key);
LogUtils.debug4plugin("decode format is {}", format);
String user = format.split("_")[0];
String timeout = format.split("_")[1];
Integer out = config.getTimeout();
LogUtils.debug4plugin("get timeout config is {}", out);
if (Instant.ofEpochMilli(Long.valueOf(timeout)).plusSeconds((out)).isBefore(Instant.now())) {
setError(res, "format timeout!");
return;
}
if (!checkUser(user)) {
setError(res, "user: 【" + user + "】 not exist !");
return;
}
loginFromToken(req, res, user);
}
} catch (Exception e) {
LogUtils.error(e.getMessage(), e);
}
LogUtils.debug4plugin("current request {} not login send redirect login", getUrl(req));
String saml = config.getSamlUrl();
try {
res.sendRedirect(saml);
} catch (IOException e) {
LogUtils.error(e.getMessage(), e);
}
}
private String getUrl(HttpServletRequest req) {
String requestURL = req.getRequestURL().toString();
String queryString = req.getQueryString();
if (StringUtils.isNotBlank(queryString)) {
requestURL += "?" + queryString;
}
return requestURL;
}
private boolean isLogin(HttpServletRequest request) throws Exception {
String oldToken = TokenResource.COOKIE.getToken(request);
return oldToken != null && checkTokenValid(request, (String) oldToken);
}
private boolean checkTokenValid(HttpServletRequest req, String token) {
try {
Device device = NetworkHelper.getDevice(req);
LoginService.getInstance().loginStatusValid(token, TerminalHandler.getTerminal(req, device));
return true;
} catch (Exception ignore) {
}
return false;
}
private boolean isAccept(HttpServletRequest req) {
if (req.getRequestURI().endsWith("/view/form") || req.getRequestURI().endsWith("/view/report")) {
return StringUtils.isBlank(WebUtils.getHTTPRequestParameter(req, "viewlet")) && StringUtils.isNotBlank(req.getParameter("samlToken"));
}
return false;
}
private void next(HttpServletRequest request, HttpServletResponse response, FilterChain chain) {
try {
chain.doFilter(request, response);
} catch (Exception e) {
throw new RuntimeException(e);
}
}
private boolean checkUser(String username) {
User user = null;
try {
user = UserService.getInstance().getUserByUserName(username);
LogUtils.debug4plugin("get user:" + user);
if (user != null) {
return true;
}
} catch (Exception e) {
LogUtils.error(e.getMessage(), e);
}
return false;
}
private boolean loginFromToken(HttpServletRequest req, HttpServletResponse res, String username) throws Exception {
try {
if (StringUtils.isNotEmpty(username)) {
LogUtils.debug4plugin("current username:" + username);
String token = LoginService.getInstance().login(req, res, username);
LogUtils.debug4plugin("get login token:" + token);
req.setAttribute(DecisionServiceConstants.FINE_AUTH_TOKEN_NAME, token);
LogUtils.debug4plugin("username:" + username + "login success");
return true;
} else {
LogUtils.warn("username is null!");
return false;
}
} catch (Exception e) {
LogUtils.error(e.getMessage(), e);
}
return false;
}
private void setError(HttpServletResponse res, String reason) {
try {
PrintWriter printWriter = WebUtils.createPrintWriter(res);
Map<String, Object> map = new HashMap<>();
map.put("result", InterProviderFactory.getProvider().getLocText("Fine-Engine_Error_Page_Result"));
map.put("reason", reason);
map.put("solution", InterProviderFactory.getProvider().getLocText("Fine-Engine_Please_Contact_Platform_Admin"));
String page = WebServiceUtils.parseWebPageResourceSafe("com/fr/web/controller/decision/entrance/resources/unavailable.html", map);
printWriter.write(page);
printWriter.flush();
printWriter.close();
} catch (Exception e) {
LogUtils.error(e.getMessage(), e);
}
}
}