pioneer
/
open-JSD-9784
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
1 Commit
1 Branch
0 Tags
2.1 MiB
 
 
Branch: master
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from 'master'
${ noResults }
open-JSD-9784/src/main/java/com/eco/plugin/xx/addssso/filter/SSOFilter.java

207 lines
6.6 KiB
Raw Permalink Blame History

package com.eco.plugin.xx.addssso.filter;
import cn.hutool.jwt.JWT;
import cn.hutool.jwt.JWTPayload;
import cn.hutool.jwt.JWTUtil;
import com.eco.plugin.xx.addssso.config.PluginSimpleConfig;
import com.eco.plugin.xx.addssso.utils.FRUtils;
import com.eco.plugin.xx.addssso.utils.HttpUtils;
import com.eco.plugin.xx.addssso.utils.ResponseUtils;
import com.eco.plugin.xx.addssso.utils.Utils;
import com.fr.decision.fun.impl.AbstractGlobalRequestFilterProvider;
import com.fr.json.JSONObject;
import com.fr.plugin.context.PluginContexts;
import com.fr.record.analyzer.EnableMetrics;
import com.fr.stable.fun.Authorize;
import javax.servlet.FilterChain;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.net.URLEncoder;
import java.util.HashMap;
import java.util.Locale;
import java.util.Map;
@EnableMetrics
@Authorize(callSignKey = "com.eco.plugin.xx.addssso")
public class SSOFilter extends AbstractGlobalRequestFilterProvider {
@Override
public String filterName() {
return "addsssoFilter";
}
@Override
public String[] urlPatterns() {
return new String[]{"/*"};
}
@Override
public void doFilter(HttpServletRequest req, HttpServletResponse res, FilterChain chain ){
if(PluginContexts.currentContext().isAvailable()){
PluginSimpleConfig psc = PluginSimpleConfig.getInstance();
//是否放行
boolean release = isRelease(req);
if(release){
release(req,res,chain);
return;
}
String code = req.getParameter("code");
String token = "";
String username = "";
try{
if(Utils.isNullStr(code)){
//跳转认证中心
redirect(req,res,psc);
return;
}
//获取token
token = getToken(req,code,psc);
//获取userInfo
username = getUsername(token);
}catch(Exception e){
Utils.toErrorPage(res,"/com/eco/plugin/xx/addssso/error.html",null);
return ;
}
String url = Utils.getRedirectUrl(req,"code");
String viewlet = getTempId(req);
String result = syncAuth(username,token,url.split("decision")[0]+"decision/syncAuth",viewlet);
if("2".equals(result)){
ResponseUtils.failedResponse(res,"无权限查看");
return ;
}
if("3".equals(result)){
ResponseUtils.failedResponse(res,"系统异常,请联系管理员");
return ;
}
//登录
FRUtils.login(req,res,username,url);
}
release(req,res,chain);
}
private String getTempId(HttpServletRequest req){
String viewlet = req.getParameter("viewlet");
if(Utils.isNullStr(viewlet)){
String url = FRUtils.getAllUrl(req);
String[] array = url.split("/");
viewlet = array[array.length-2];
if(viewlet.length()!=32){
viewlet = "";
}
}
return viewlet;
}
private String syncAuth(String username,String token,String url,String viewlet) {
url += url.contains("?") ?"&email="+username : "?email="+username;
url += "&token="+token+"&tempId="+URLEncoder.encode(viewlet);
FRUtils.FRLogInfo("syncAuthUrl:"+url);
String result = HttpUtils.HttpPostJson(url,null,null);
JSONObject resultJson = new JSONObject(result);
return resultJson.getString("data");
}
private boolean isRelease(HttpServletRequest req) {
boolean release = false;
String token = req.getParameter("Token");
String accout = req.getParameter("UserAccount");
if (!Utils.isNullStr(token) || !Utils.isNullStr(accout)) {
release = true;
}
String url = FRUtils.getAllUrl(req);
String reft = req.getParameter("ref_t");
boolean isLogin = FRUtils.isLogin(req);
boolean isRemote = url.contains("remote");
boolean isLoginPage = url.contains("refreshMobileAuth")||url.contains("syncAuth") || url.contains("login")||url.contains("decision/file")||url.contains("decision/resource")||url.contains("decision/system")||url.contains("query/ip");
// boolean isViewlt = url.contains("viewlet") || "design".equals(reft) || url.contains("view/report") || url.contains("view/form");
boolean isViewlt = "design".equals(reft) ;
return isLogin || isRemote || isLoginPage || isViewlt || release;
}
//跳转认证中心
private void redirect(HttpServletRequest req,HttpServletResponse res, PluginSimpleConfig psc) {
String url = FRUtils.getAllUrl(req);
String authurl = psc.getAuthUrl()+"?response_type=code&client_id="+psc.getClientId()+"&redirect_uri="+URLEncoder.encode(url)+"&state=135caa68-2093-4f29-8234-89b8b5480d7a" ;
try {
res.sendRedirect(authurl);
} catch (IOException e) {
FRUtils.FRLogInfo("跳转认证中心异常:"+e.getMessage());
}
}
//获取token
private String getToken(HttpServletRequest req,String code,PluginSimpleConfig psc) {
String tokenurl = psc.getTokenUrl();
String url = FRUtils.getAllUrl(req);
url = Utils.removeParam(url,"state");
FRUtils.FRLogInfo("url:"+url);
Map<String,String> param = new HashMap<String,String>();
param.put("client_id",psc.getClientId());
param.put("client_secret",psc.getSecret());
param.put("grant_type","authorization_code");
param.put("code",code);
param.put("redirect_uri",url);
String result = HttpUtils.HttpPostWWWForm(tokenurl,null,param);
if(Utils.isNullStr(result)){
return "";
}
JSONObject json = new JSONObject(result);
if(json == null ){
return "";
}
String token = json.getString("access_token");
return token;
}
//获取用户名
private String getUsername(String token) {
JWT jwt = JWTUtil.parseToken(token);
JWTPayload p = jwt.getPayload();
String email = String.valueOf(p.getClaim("email"));
return email.toLowerCase(Locale.ROOT);
}
//放行拦截器
private void release(HttpServletRequest req, HttpServletResponse res, FilterChain chain) {
try{
chain.doFilter(req,res);
}catch (Exception e){
FRUtils.FRLogInfo("拦截失败");
}
}
}