pioneer
/
open-JSD-9921
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

open

master
pioneer 2 years ago
commit
4366fb8821
15 changed files with 2213 additions and 0 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 6
      README.md
  2. 21
      plugin.xml
  3. 21
      src/main/java/com/eco/plugin/xx/hlzjsso/config/InitializeMonitor.java
  4. 134
      src/main/java/com/eco/plugin/xx/hlzjsso/config/PluginSimpleConfig.java
  5. 14
      src/main/java/com/eco/plugin/xx/hlzjsso/controller/ControllerRegisterProvider.java
  6. 57
      src/main/java/com/eco/plugin/xx/hlzjsso/controller/ControllerSelf.java
  7. 233
      src/main/java/com/eco/plugin/xx/hlzjsso/filter/SSOFilter.java
  8. 333
      src/main/java/com/eco/plugin/xx/hlzjsso/utils/EncryptUtils.java
  9. 321
      src/main/java/com/eco/plugin/xx/hlzjsso/utils/FRUtils.java
  10. 341
      src/main/java/com/eco/plugin/xx/hlzjsso/utils/IPUtils.java
  11. 76
      src/main/java/com/eco/plugin/xx/hlzjsso/utils/IPWhiteUtils.java
  12. 108
      src/main/java/com/eco/plugin/xx/hlzjsso/utils/ResponseUtils.java
  13. 275
      src/main/java/com/eco/plugin/xx/hlzjsso/utils/Utils.java
  14. 35
      src/main/java/com/eco/plugin/xx/hlzjsso/webresourceProvider/WebResourceProvider.java
  15. 238
      src/main/resources/com/eco/plugin/xx/hlzjsso/js/ui.js

6
README.md
Unescape View File

@ -0,0 +1,6 @@
# open-JSD-9921
JSD-9921 URL单点并实现屏蔽外网\
免责说明:该源码为第三方爱好者提供,不保证源码和方案的可靠性,也不提供任何形式的源码教学指导和协助!\
仅作为开发者学习参考使用!禁止用于任何商业用途!\
为保护开发者隐私,开发者信息已隐去!若原开发者希望公开自己的信息,可联系【pioneer】处理。

21
plugin.xml
Unescape View File

@ -0,0 +1,21 @@
<?xml version="1.0" encoding="UTF-8" standalone="no"?><plugin>
<id>com.eco.plugin.xx.hlzjsso</id>
<name><![CDATA[单点登录]]></name>
<active>yes</active>
<version>1.0.7</version>
<env-version>10.0</env-version>
<jartime>2018-07-31</jartime>
<vendor>fr.open</vendor>
<description><![CDATA[单点登录]]></description>
<change-notes><![CDATA[
]]></change-notes>
<main-package>com.eco.plugin.xx.hlzjsso</main-package>
<lifecycle-monitor class="com.eco.plugin.xx.hlzjsso.config.InitializeMonitor"/>
<extra-decision>
<GlobalRequestFilterProvider class="com.eco.plugin.xx.hlzjsso.filter.SSOFilter"/>
<ControllerRegisterProvider class="com.eco.plugin.xx.hlzjsso.controller.ControllerRegisterProvider"/>
<WebResourceProvider class="com.eco.plugin.xx.hlzjsso.webresourceProvider.WebResourceProvider"/>
</extra-decision>
<function-recorder class="com.eco.plugin.xx.hlzjsso.config.PluginSimpleConfig"/>
</plugin>

21
src/main/java/com/eco/plugin/xx/hlzjsso/config/InitializeMonitor.java
Unescape View File

@ -0,0 +1,21 @@
package com.eco.plugin.xx.hlzjsso.config;
import com.fr.plugin.context.PluginContext;
import com.fr.plugin.observer.inner.AbstractPluginLifecycleMonitor;
/**
* @author xx
* @version 10.0
* Created by xx on 2021-12-03
*/
public class InitializeMonitor extends AbstractPluginLifecycleMonitor {
@Override
public void afterRun(PluginContext pluginContext) {
PluginSimpleConfig.getInstance();
}
@Override
public void beforeStop(PluginContext pluginContext) {
}
}

134
src/main/java/com/eco/plugin/xx/hlzjsso/config/PluginSimpleConfig.java
Unescape View File

@ -0,0 +1,134 @@
package com.eco.plugin.xx.hlzjsso.config;
import com.fr.config.*;
import com.fr.config.holder.Conf;
import com.fr.config.holder.factory.Holders;
import com.fr.intelli.record.Focus;
import com.fr.intelli.record.Original;
import com.fr.record.analyzer.EnableMetrics;
@Visualization(category = "单点登录配置")
@EnableMetrics
public class PluginSimpleConfig extends DefaultConfiguration {
private static volatile PluginSimpleConfig config = null;
@Focus(id="com.eco.plugin.xx.hlzjsso.config", text = "单点登录配置", source = Original.PLUGIN)
public static PluginSimpleConfig getInstance() {
if (config == null) {
config = ConfigContext.getConfigInstance(PluginSimpleConfig.class);
}
return config;
}
@Identifier(value = "secret", name = "私钥", description = "私钥", status = Status.SHOW)
private Conf<String> secret = Holders.simple("");
@Identifier(value = "paramname", name = "token参数名", description = "token参数名", status = Status.SHOW)
private Conf<String> paramname = Holders.simple("");
@Identifier(value = "timeout", name = "token超时时间(s)", description = "token超时时间(s)", status = Status.SHOW)
private Conf<String> timeout = Holders.simple("");
@Identifier(value = "hz", name = "账号转化后缀", description = "账号转化后缀", status = Status.SHOW)
private Conf<String> hz = Holders.simple("A");
@Identifier(value = "isAll", name = "白名单功能开关", description = "白名单功能开关", status = Status.SHOW)
private Conf<Boolean> isAll = Holders.simple(true);
@Identifier(value = "isPt", name = "普通用户权限控制开关", description = "普通用户权限控制开关", status = Status.SHOW)
private Conf<Boolean> isPt = Holders.simple(true);
@Identifier(value = "isAdmin", name = "管理员权限控制开关", description = "管理员权限控制开关", status = Status.SHOW)
private Conf<Boolean> isAdmin = Holders.simple(true);
@Identifier(value = "zhzh", name = "账户转化开关", description = "账户转化开关", status = Status.SHOW)
private Conf<Boolean> zhzh = Holders.simple(true);
@Identifier(value = "白名单配置", name = "白名单配置", description = "白名单配置", status = Status.SHOW)
private Conf<String> white = Holders.simple("");
public String getHz() {
return hz.get();
}
public void setHz(String url) {
this.hz.set(url);
}
public Boolean getIsAll() {
return isAll.get();
}
public void setIsAll(Boolean url) {
this.isAll.set(url);
}
public Boolean getIsPt() {
return isPt.get();
}
public void setIsPt(Boolean url) {
this.isPt.set(url);
}
public Boolean getIsAdmin() {
return isAdmin.get();
}
public void setIsAdmin(Boolean url) {
this.isAdmin.set(url);
}
public Boolean getZhzh() {
return zhzh.get();
}
public void setZhzh(Boolean url) {
this.zhzh.set(url);
}
public String getWhite() {
return white.get();
}
public void setWhite(String url) {
this.white.set(url);
}
public String getSecret() {
return secret.get();
}
public void setSecret(String url) {
this.secret.set(url);
}
public String getParamname() {
return paramname.get();
}
public void setParamname(String url) {
this.paramname.set(url);
}
public String getTimeout() {
return timeout.get();
}
public void setTimeout(String url) {
this.timeout.set(url);
}
@Override
public Object clone() throws CloneNotSupportedException {
PluginSimpleConfig cloned = (PluginSimpleConfig) super.clone();
// cloned.text = (Conf<String>) text.clone();
// cloned.count = (Conf<Integer>) count.clone();
// cloned.price = (Conf<Double>) price.clone();
// cloned.time = (Conf<Long>) time.clone();
// cloned.student = (Conf<Boolean>) student.clone();
return cloned;
}
}

14
src/main/java/com/eco/plugin/xx/hlzjsso/controller/ControllerRegisterProvider.java
Unescape View File

@ -0,0 +1,14 @@
package com.eco.plugin.xx.hlzjsso.controller;
import com.fr.decision.fun.impl.AbstractControllerRegisterProvider;
import com.fr.plugin.transform.FunctionRecorder;
@FunctionRecorder
public class ControllerRegisterProvider extends AbstractControllerRegisterProvider {
@Override
public Class<?>[] getControllers() {
return new Class[]{
ControllerSelf.class
};
}
}

57
src/main/java/com/eco/plugin/xx/hlzjsso/controller/ControllerSelf.java
Unescape View File

@ -0,0 +1,57 @@
package com.eco.plugin.xx.hlzjsso.controller;
import com.eco.plugin.xx.hlzjsso.config.PluginSimpleConfig;
import com.eco.plugin.xx.hlzjsso.utils.IPWhiteUtils;
import com.eco.plugin.xx.hlzjsso.utils.ResponseUtils;
import com.eco.plugin.xx.hlzjsso.utils.Utils;
import com.fr.decision.webservice.annotation.LoginStatusChecker;
import com.fr.json.JSONObject;
import com.fr.third.springframework.stereotype.Controller;
import com.fr.third.springframework.web.bind.annotation.PostMapping;
import com.fr.third.springframework.web.bind.annotation.ResponseBody;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@Controller
@LoginStatusChecker(required = false)
public class ControllerSelf {
@PostMapping(value = "/canLogin")
@ResponseBody
public void canLogin(HttpServletRequest req,HttpServletResponse res){
JSONObject param = Utils.getRequestBody(req);
String username = param.getString("username");
PluginSimpleConfig psc = PluginSimpleConfig.getInstance();
boolean isWhite = IPWhiteUtils.inWhite(req,psc.getWhite());
if(isWhite || !psc.getIsAll()){
ResponseUtils.successResponse(res,"");
return ;
}
boolean isAdmin = false;
try {
isAdmin = Utils.isAdmin(username);
} catch (Exception e) {
ResponseUtils.failedResponse(res,"判断管理员失败!");
return ;
}
//管理员且管理员权限控制开启
if(isAdmin && psc.getIsAdmin()){
ResponseUtils.failedResponse(res,"外网环境管理员禁止登陆!");
return ;
}
//普通用户权限开始
if(!isAdmin && psc.getIsPt()){
ResponseUtils.failedResponse(res,"外网环境普通账户禁止登陆!");
return ;
}
ResponseUtils.successResponse(res,"");
}
}

233
src/main/java/com/eco/plugin/xx/hlzjsso/filter/SSOFilter.java
Unescape View File

@ -0,0 +1,233 @@
package com.eco.plugin.xx.hlzjsso.filter;
import com.eco.plugin.xx.hlzjsso.config.PluginSimpleConfig;
import com.eco.plugin.xx.hlzjsso.utils.*;
import com.fr.decision.authority.data.User;
import com.fr.decision.fun.impl.AbstractGlobalRequestFilterProvider;
import com.fr.json.JSONArray;
import com.fr.json.JSONObject;
import com.fr.plugin.context.PluginContexts;
import com.fr.record.analyzer.EnableMetrics;
import com.fr.stable.fun.Authorize;
import javax.servlet.FilterChain;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
@EnableMetrics
@Authorize(callSignKey = "com.eco.plugin.xx.hlzjsso")
public class SSOFilter extends AbstractGlobalRequestFilterProvider {
@Override
public String filterName() {
return "hlzjssoFilter";
}
@Override
public String[] urlPatterns() {
return new String[]{"/*"};
}
@Override
public void doFilter(HttpServletRequest req, HttpServletResponse res, FilterChain chain ){
if(PluginContexts.currentContext().isAvailable()){
PluginSimpleConfig psc = PluginSimpleConfig.getInstance();
//token为空,不做拦截
String token = req.getParameter(psc.getParamname());
String url = FRUtils.getAllUrl(req);
String method = req.getMethod();
//登陆事件
if(url.endsWith("decision/login") && method.equals("POST")){
login(req,res);
return ;
}
if(Utils.isNullStr(token)){
release(req,res,chain);
return;
}
String decryptToken = null;
try {
decryptToken = EncryptUtils.rsaDecrypt(token,psc.getSecret());
} catch (Exception e) {
ResponseUtils.failedResponse(res,"token解密失败:"+e.getMessage());
return ;
}
if(Utils.isNullStr(decryptToken)){
ResponseUtils.failedResponse(res,"token解密失败!");
return ;
}
JSONObject tokenJson = new JSONObject(decryptToken);
String username = tokenJson.getString("username");
Long timestamp = tokenJson.getLong("timestamp");
Long now = System.currentTimeMillis();
boolean isWhite = IPWhiteUtils.inWhite(req,psc.getWhite());
//外网而且权限控制功能开关为开
if(!isWhite && psc.getIsAll()){
boolean isAdmin = false;
try {
isAdmin = Utils.isAdmin(username);
} catch (Exception e) {
ResponseUtils.failedResponse(res,"判断管理员失败!");
return ;
}
//外网环境且管理员控制为开,管理员不允许单点登陆
if(isAdmin && psc.getIsAdmin()){
ResponseUtils.failedResponse(res,"外网环境管理员账户不允许单点登陆!");
return ;
}
//外网环境切账户转换为开,对普通用户进行转换
//判断是否以A结尾,A结尾为外网账户,如果不是将A添加到用户名结尾
boolean endwithA = username.endsWith(psc.getHz());
if(!isAdmin && psc.getZhzh()&&!endwithA){
username+=psc.getHz();
}
}
if((now - timestamp)/1000 > Long.parseLong(psc.getTimeout())){
ResponseUtils.failedResponse(res,"token超时,请重新生成!");
return ;
}
String redirect = Utils.getRedirectUrl(req,psc.getParamname());
//登录
FRUtils.login(req,res,username,redirect);
}
release(req,res,chain);
}
//放行拦截器
private void release(HttpServletRequest req, HttpServletResponse res, FilterChain chain) {
try{
chain.doFilter(req,res);
}catch (Exception e){
FRUtils.FRLogInfo("拦截失败");
}
}
/**
* 拦截登录事件
* @param res
*/
private void login(HttpServletRequest req,HttpServletResponse res){
JSONObject json = Utils.getRequestBody(req);
String username =json.getString("username");
String psd = json.getString("password");
String dbpsd = FRUtils.getDBPsd(username,FRUtils.decryptFRPsd(psd));
PluginSimpleConfig psc = PluginSimpleConfig.getInstance();
boolean isWhite = IPWhiteUtils.inWhite(req,psc.getWhite());
//返回信息
JSONObject result = new JSONObject();
if(!FRUtils.isUserExist(username)){
result.put("errorCode","21300007");
result.put("errorMsg","User not exist,or wrong password!");
ResponseUtils.response(res,result);
return ;
}
if(isWhite || !psc.getIsAll()){
User user = FRUtils.getFRUserByUserName(username);
if(!user.getPassword().equals(dbpsd)){
result.put("errorCode","21300007");
result.put("errorMsg","User not exist,or wrong password!");
ResponseUtils.response(res,result);
return ;
}
String token = FRUtils.getToken(req,res,username);
result.put("username",username);
result.put("validity",-1);
result.put("callback","");
result.put("accessToken",token);
JSONObject origin = new JSONObject();
origin.put("originUrl","/webroot/decision");
origin.put("method","GET");
origin.put("parameters",new JSONArray());
result.put("originUrlResponse",origin);
result.put("url","/webroot/decision");
JSONObject data = new JSONObject();
data.put("data",result);
ResponseUtils.response(res,data);
return ;
}
boolean isAdmin = false;
try {
isAdmin = Utils.isAdmin(username);
} catch (Exception e) {
result.put("errorMsg","9999");
result.put("errorCode","判断管理员失败!");
ResponseUtils.response(res,result);
return ;
}
//管理员且管理员权限控制开启
if(isAdmin && psc.getIsAdmin()){
result.put("errorMsg","9999");
result.put("errorCode","外网环境管理员禁止登陆!");
ResponseUtils.response(res,result);
return ;
}
//普通用户权限开始
if(!isAdmin && psc.getIsPt()){
result.put("errorMsg","9999");
result.put("errorCode","外网环境普通账户禁止登陆!");
ResponseUtils.response(res,result);
return ;
}
User user = FRUtils.getFRUserByUserName(username);
if(!user.getPassword().equals(dbpsd)){
result.put("errorCode","21300007");
result.put("errorMsg","User not exist,or wrong password!");
ResponseUtils.response(res,result);
return ;
}
String token = FRUtils.getToken(req,res,username);
result.put("username",username);
result.put("validity",-1);
result.put("callback","");
result.put("accessToken",token);
JSONObject origin = new JSONObject();
origin.put("originUrl","/webroot/decision");
origin.put("method","GET");
origin.put("parameters",new JSONArray());
result.put("originUrlResponse",origin);
result.put("url","/webroot/decision");
JSONObject data = new JSONObject();
data.put("data",result);
ResponseUtils.response(res,data);
}
}

333
src/main/java/com/eco/plugin/xx/hlzjsso/utils/EncryptUtils.java
Unescape View File

@ -0,0 +1,333 @@
package com.eco.plugin.xx.hlzjsso.utils;
import com.fr.json.JSONObject;
import com.fr.log.FineLoggerFactory;
import sun.misc.BASE64Decoder;
import sun.misc.BASE64Encoder;
import javax.crypto.Cipher;
import javax.crypto.KeyGenerator;
import javax.crypto.SecretKey;
import javax.crypto.SecretKeyFactory;
import javax.crypto.spec.DESKeySpec;
import java.io.IOException;
import java.net.URLEncoder;
import java.security.*;
import java.security.interfaces.RSAPrivateKey;
import java.security.interfaces.RSAPublicKey;
import java.security.spec.PKCS8EncodedKeySpec;
import java.security.spec.X509EncodedKeySpec;
import java.util.HashMap;
import java.util.Map;
public class EncryptUtils {
/**
* sha 加密
* @param str
* @return
*/
public static String sha(String str){
String sha256Str = "";
try {
MessageDigest sha256Deget = MessageDigest.getInstance("SHA-256");
byte[] sha256Encode = sha256Deget.digest(str.getBytes());
sha256Str = ByteToHexStr(sha256Encode);
}catch (Exception e){
FineLoggerFactory.getLogger().info("FRLOG:SHA256加密异常:"+e.getMessage());
}
return sha256Str;
}
/**
* byte数组转16进制字符串
* @param bytes
* @return
*/
private static String ByteToHexStr(byte[] bytes)
{
String hexStr = "";
for(int i =0;i<bytes.length;i++)
{
int temp = bytes[i] & 0xff;
String tempHex = Integer.toHexString(temp);
if(tempHex.length() < 2)
{
hexStr += "0"+tempHex;
}
else {
hexStr += tempHex;
}
}
return hexStr;
}
/**
* aes 加密
* @param str
* @param privateKey
* @return
*/
public static String aesEncrypt(String str,String privateKey){
try {
// 生成密钥对象
SecretKey secKey = generateAesKey(privateKey.getBytes());
// 获取 AES 密码器
Cipher cipher = Cipher.getInstance("AES");
// 初始化密码器(加密模型)
cipher.init(Cipher.ENCRYPT_MODE, secKey);
// 加密数据, 返回密文
byte[] cipherBytes = cipher.doFinal(str.getBytes());
return new BASE64Encoder().encodeBuffer(cipherBytes);
} catch (Throwable e) {
FRUtils.FRLogInfo("aes 加密异常 " + e.getMessage());
}
return null;
}
/**
* 生成密钥对象
*/
private static SecretKey generateAesKey(byte[] key) throws Exception {
// 创建安全随机数生成器
SecureRandom random = SecureRandom.getInstance("SHA1PRNG");
// 设置 密钥key的字节数组 作为安全随机数生成器的种子
random.setSeed(key);
// 创建 AES算法生成器
KeyGenerator gen = KeyGenerator.getInstance("AES");
// 初始化算法生成器
gen.init(128, random);
// 生成 AES密钥对象, 也可以直接创建密钥对象: return new SecretKeySpec(key, ALGORITHM);
return gen.generateKey();
}
/**
* aes 解密
* @param str
* @param privateKey
* @return
*/
public static String aesDecrypt(String str,String privateKey){
try {
// 生成密钥对象
SecretKey secKey = generateAesKey(privateKey.getBytes());
// 获取 AES 密码器
Cipher cipher = Cipher.getInstance("AES");
// 初始化密码器(加密模型)
cipher.init(Cipher.DECRYPT_MODE, secKey);
// 加密数据, 返回密文
byte[] cipherBytes = cipher.doFinal(new BASE64Decoder().decodeBuffer(str));
return new String(cipherBytes);
} catch (Throwable e) {
FRUtils.FRLogInfo("aes 解密异常 " + e.getMessage());
}
return null;
}
/**
* base64加密
* @param key
* @return
*/
public static String base64Encode(String key){
return (new BASE64Encoder()).encodeBuffer(key.getBytes());
}
/**
* base64加密
* @param key
* @return
*/
public static String base64Encode(byte[] key){
return (new BASE64Encoder()).encodeBuffer(key);
}
/**
* base64解密
* @param key
* @return
*/
public static String base64Decode(String key){
String result = "";
try {
result = new String((new BASE64Decoder()).decodeBuffer(key));
} catch (IOException e) {
FineLoggerFactory.getLogger().info("FRLOG:BASE64解密异常:"+e.getMessage());
}
return result;
}
/**
* base64解密
* @param key
* @return
*/
public static byte[] base64DecodeB(String key){
byte[] result = null;
try {
result = (new BASE64Decoder()).decodeBuffer(key);
} catch (IOException e) {
FineLoggerFactory.getLogger().info("FRLOG:BASE64解密异常:"+e.getMessage());
}
return result;
}
/**
* 是否被base64加密过
* @param str
* @return
*/
public static boolean isBase64(String str) {
if (str == null || str.trim().length() == 0) {
return false;
}
else {
if (str.length() % 4 != 0) {
return false;
}
char[] strChars = str.toCharArray();
for (char c:strChars) {
if ((c >= 'a' && c <= 'z') || (c >= 'A' && c <= 'Z') || (c >= '0' && c <= '9')
|| c == '+' || c == '/' || c == '=') {
continue;
}
else {
return false;
}
}
return true;
}
}
/**
* des加密
* @param datasource
* @param password
* @return
*/
public static String desEncrypt(String datasource, String password) {
try {
SecureRandom random = new SecureRandom();
DESKeySpec desKey = new DESKeySpec(password.getBytes());
// 创建一个密匙工厂,然后用它把DESKeySpec转换成
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES");
SecretKey securekey = keyFactory.generateSecret(desKey);
// Cipher对象实际完成加密操作
Cipher cipher = Cipher.getInstance("DES");
// 用密匙初始化Cipher对象
cipher.init(Cipher.ENCRYPT_MODE, securekey, random);
// 现在,获取数据并加密
// 正式执行加密操作
return base64Encode(cipher.doFinal(datasource.getBytes()));
} catch (Throwable e) {
FRUtils.FRLogInfo("des 加密异常 " + e.getMessage());
}
return null;
}
/**
* des 解密
* @param src
* @param password
* @return
* @throws Exception
*/
public static String desDecrypt(String src, String password) throws Exception {
// DES算法要求有一个可信任的随机数源
SecureRandom random = new SecureRandom();
// 创建一个DESKeySpec对象
DESKeySpec desKey = new DESKeySpec(password.getBytes("UTF-8"));
// 创建一个密匙工厂
SecretKeyFactory keyFactory = SecretKeyFactory.getInstance("DES");
// 将DESKeySpec对象转换成SecretKey对象
SecretKey securekey = keyFactory.generateSecret(desKey);
// Cipher对象实际完成解密操作
Cipher cipher = Cipher.getInstance("DES");
// 用密匙初始化Cipher对象
cipher.init(Cipher.DECRYPT_MODE, securekey, random);
// 真正开始解密操作
return new String(cipher.doFinal(base64DecodeB(src)));
}
/**
* 随机生成RSA密钥对
* @throws NoSuchAlgorithmException
* @return privateKey,publicKey
*/
public static Map<String,String> genRSAKeyPair() throws NoSuchAlgorithmException {
// KeyPairGenerator类用于生成公钥和私钥对,基于RSA算法生成对象
KeyPairGenerator keyPairGen = KeyPairGenerator.getInstance("RSA");
// 初始化密钥对生成器,密钥大小为96-1024位
keyPairGen.initialize(1024,new SecureRandom());
// 生成一个密钥对,保存在keyPair中
KeyPair keyPair = keyPairGen.generateKeyPair();
RSAPrivateKey privateKey = (RSAPrivateKey) keyPair.getPrivate(); // 得到私钥
RSAPublicKey publicKey = (RSAPublicKey) keyPair.getPublic(); // 得到公钥
String publicKeyString = base64Encode(publicKey.getEncoded());
// 得到私钥字符串
String privateKeyString = base64Encode(privateKey.getEncoded());
// 将公钥和私钥保存到Map
Map<String,String> result = new HashMap<String,String>();
result.put("publicKey",publicKeyString.replaceAll("\n","").replace("\r","").trim());
result.put("privateKey",privateKeyString.replaceAll("\n","").replace("\r","").trim());
return result;
}
/**
* rsa 加密
* @param str
* @param publicKey
* @return
* @throws Exception
*/
public static String rsaEncrypt(String str,String publicKey) throws Exception {
//base64编码的公钥
byte[] decoded = base64DecodeB(publicKey);
RSAPublicKey pubKey = (RSAPublicKey) KeyFactory.getInstance("RSA").generatePublic(new X509EncodedKeySpec(decoded));
//RSA加密
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.ENCRYPT_MODE, pubKey);
String outStr = base64Encode(cipher.doFinal(str.getBytes("UTF-8")));
return outStr;
}
/**
* rsa解密
* @param str
* @param privateKey
* @return
* @throws Exception
*/
public static String rsaDecrypt(String str,String privateKey) throws Exception {
//64位解码加密后的字符串
byte[] inputByte = base64DecodeB(str);
//base64编码的私钥
byte[] decoded = base64DecodeB(privateKey);
RSAPrivateKey priKey = (RSAPrivateKey) KeyFactory.getInstance("RSA").generatePrivate(new PKCS8EncodedKeySpec(decoded));
//RSA解密
Cipher cipher = Cipher.getInstance("RSA");
cipher.init(Cipher.DECRYPT_MODE, priKey);
String outStr = new String(cipher.doFinal(inputByte));
return outStr;
}
}

321
src/main/java/com/eco/plugin/xx/hlzjsso/utils/FRUtils.java
Unescape View File

@ -0,0 +1,321 @@
package com.eco.plugin.xx.hlzjsso.utils;
import com.fr.base.ServerConfig;
import com.fr.base.TableData;
import com.fr.base.TemplateUtils;
import com.fr.decision.authority.AuthorityContext;
import com.fr.decision.authority.base.constant.type.operation.ManualOperationType;
import com.fr.decision.authority.data.User;
import com.fr.decision.base.util.UUIDUtil;
import com.fr.decision.privilege.TransmissionTool;
import com.fr.decision.privilege.encrpt.PasswordValidator;
import com.fr.decision.webservice.bean.authentication.OriginUrlResponseBean;
import com.fr.decision.webservice.interceptor.handler.ReportTemplateRequestChecker;
import com.fr.decision.webservice.login.LogInOutResultInfo;
import com.fr.decision.webservice.utils.DecisionServiceConstants;
import com.fr.decision.webservice.utils.DecisionStatusService;
import com.fr.decision.webservice.utils.UserSourceFactory;
import com.fr.decision.webservice.v10.login.LoginService;
import com.fr.decision.webservice.v10.login.event.LogInOutEvent;
import com.fr.decision.webservice.v10.user.UserService;
import com.fr.event.EventDispatcher;
import com.fr.file.TableDataConfig;
import com.fr.general.data.DataModel;
import com.fr.log.FineLoggerFactory;
import com.fr.script.Calculator;
import com.fr.stable.StringUtils;
import com.fr.stable.query.QueryFactory;
import com.fr.stable.query.restriction.RestrictionFactory;
import com.fr.third.springframework.web.method.HandlerMethod;
import com.fr.web.controller.ReportRequestService;
import com.fr.web.utils.WebUtils;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import java.io.IOException;
import java.util.List;
public class FRUtils {
/**
* 判断用户是否存在
* @param userName
* @return
*/
public static boolean isUserExist(String userName){
if (StringUtils.isEmpty(userName)) {
return false;
} else {
try {
List var1 = AuthorityContext.getInstance().getUserController().find(QueryFactory.create().addRestriction(RestrictionFactory.eq("userName", userName)));
return var1 != null && !var1.isEmpty();
} catch (Exception var2) {
FineLoggerFactory.getLogger().error(var2.getMessage());
return false;
}
}
}
/**
* 判断是否登录FR
* @param req
* @return
*/
public static boolean isLogin(HttpServletRequest req){
return LoginService.getInstance().isLogged(req);
}
/**
* 帆软登录
* @param httpServletRequest
* @param httpServletResponse
* @param userName
* @param url
*/
public static void login(HttpServletRequest httpServletRequest,HttpServletResponse httpServletResponse,String userName,String url){
FineLoggerFactory.getLogger().info("FRLOG:用户名:"+userName);
FineLoggerFactory.getLogger().info("FRLOG:跳转链接:"+url);
//判断用户名是否为空
if(!Utils.isNullStr(userName)){
if(isUserExist(userName)){
String FRToken = "";
try {
//HttpSession session = httpServletRequest.getSession(true);
FRToken = LoginService.getInstance().login(httpServletRequest, httpServletResponse, userName);
//httpServletRequest.setAttribute(DecisionServiceConstants.FINE_AUTH_TOKEN_NAME,FRToken);
//session.setAttribute(DecisionServiceConstants.FINE_AUTH_TOKEN_NAME, FRToken);
EventDispatcher.fire(LogInOutEvent.LOGIN,new LogInOutResultInfo(httpServletRequest,httpServletResponse,userName,true));
FineLoggerFactory.getLogger().info("FRLOG:登陆成功!");
if(!Utils.isNullStr(url)){
httpServletResponse.sendRedirect(url);
}
} catch (Exception e) {
ResponseUtils.failedResponse(httpServletResponse,"登录异常,请联系管理员!");
FineLoggerFactory.getLogger().info("FRLOG:登录异常,请联系管理员!");
FineLoggerFactory.getLogger().info("FRLOGException:"+e.getMessage());
}
}else{
ResponseUtils.failedResponse(httpServletResponse,"用户在报表系统中不存在!");
FineLoggerFactory.getLogger().info("FRLOG:用户在报表系统中不存在!");
}
}else{
ResponseUtils.failedResponse(httpServletResponse,"用户名不能为空!");
FineLoggerFactory.getLogger().info("FRLOG:用户名不能为空!");
}
}
/**
* 帆软登录
* @param httpServletRequest
* @param httpServletResponse
* @param token
* @param url
*/
public static void loginByToken(HttpServletRequest httpServletRequest,HttpServletResponse httpServletResponse,String token,String url){
FineLoggerFactory.getLogger().info("FRLOG:token:"+token);
FineLoggerFactory.getLogger().info("FRLOG:跳转链接:"+url);
//判断用户名是否为空
if(!Utils.isNullStr(token)){
writeToken2Cookie(httpServletResponse,token,-1);
HttpSession session = httpServletRequest.getSession(true);
httpServletRequest.setAttribute(DecisionServiceConstants.FINE_AUTH_TOKEN_NAME,token);
session.setAttribute(DecisionServiceConstants.FINE_AUTH_TOKEN_NAME, token);
if(!Utils.isNullStr(url)){
try {
httpServletResponse.sendRedirect(url);
} catch (IOException e) {
ResponseUtils.failedResponse(httpServletResponse,"跳转异常!");
FineLoggerFactory.getLogger().info("FRLOG:跳转异常!");
}
}
}else{
ResponseUtils.failedResponse(httpServletResponse,"token不能为空!");
FineLoggerFactory.getLogger().info("FRLOG:token不能为空!");
}
}
/**
* 获取token
* @param httpServletRequest
* @param httpServletResponse
* @param username
* @return
*/
public static String getToken(HttpServletRequest httpServletRequest,HttpServletResponse httpServletResponse,String username){
String token = "";
try {
token = LoginService.getInstance().login(httpServletRequest, httpServletResponse, username);
} catch (Exception e) {
FineLoggerFactory.getLogger().info("FRLOG:获取token失败"+e.getMessage());
}
return token;
}
private static void writeToken2Cookie(HttpServletResponse var1, String var2, int var3) {
try {
if (StringUtils.isNotEmpty(var2)) {
Cookie var4 = new Cookie("fine_auth_token", var2);
long var5 = var3 == -2 ? 1209600000L : (long)var3;
var4.setMaxAge((int)var5);
var4.setPath(ServerConfig.getInstance().getCookiePath());
var1.addCookie(var4);
Cookie var7 = new Cookie("fine_remember_login", String.valueOf(var3 == -2 ? -2 : -1));
var7.setMaxAge((int)var5);
var7.setPath(ServerConfig.getInstance().getCookiePath());
var1.addCookie(var7);
} else {
FineLoggerFactory.getLogger().error("empty token cannot save.");
}
} catch (Exception var8) {
FineLoggerFactory.getLogger().error(var8.getMessage(), var8);
}
}
/**
*
* @param httpServletRequest
* @param httpServletResponse
*/
public static void logout(HttpServletRequest httpServletRequest,HttpServletResponse httpServletResponse)
{
if(!isLogin(httpServletRequest)){
return ;
}
try {
LoginService.getInstance().logout(httpServletRequest,httpServletResponse);
} catch (Exception e) {
ResponseUtils.failedResponse(httpServletResponse,"登出异常,请联系管理员!");
FineLoggerFactory.getLogger().info("FRLOG:登出异常,请联系管理员!");
FineLoggerFactory.getLogger().info("FRLOGException:"+e.getMessage());
}
}
/**
* 打印FR日志
* @param message
*/
public static void FRLogInfo(String message){
FineLoggerFactory.getLogger().info("FRLOG:"+message);
}
/**
* 打印FR日志-error
* @param message
*/
public static void FRLogError(String message){
FineLoggerFactory.getLogger().error("FRLOG:"+message);
}
/**
* 根据用户名获取用户信息
* @param userName
* @return
*/
public static User getFRUserByUserName(String userName){
try {
return UserService.getInstance().getUserByUserName(userName);
} catch (Exception e) {
FRLogInfo("获取用户信息异常:"+e.getMessage());
}
return null;
}
/**
* 解密FR密码
* @param password
* @return
*/
public static String decryptFRPsd(String password){
FRLogInfo("解密密码:"+password);
return TransmissionTool.decrypt(password);
}
/**
* 根据明文密码生成数据库中的密码用户密码校验用
* @return
*/
public static String getDBPsd(String username,String password){
PasswordValidator pv = UserSourceFactory.getInstance().getUserSource(ManualOperationType.KEY).getPasswordValidator();
String uuid = UUIDUtil.generate();
return pv.encode(username, password, uuid);
}
/**
* 获取带参数的访问链接
* @return
*/
public static String getAllUrl(HttpServletRequest httpServletRequest){
return WebUtils.getOriginalURL(httpServletRequest);
}
/**
* 根据originKey获取源链接
* @param originKey
* @return
* @throws Exception
*/
public static String getOriginUrl(String originKey) throws Exception {
if (StringUtils.isNotEmpty(originKey)) {
OriginUrlResponseBean originUrlResponseBean = (OriginUrlResponseBean) DecisionStatusService.originUrlStatusService().get(originKey);
DecisionStatusService.originUrlStatusService().delete(originKey);
if (originUrlResponseBean != null) {
return originUrlResponseBean.getOriginUrl();
}
}
return new OriginUrlResponseBean(TemplateUtils.render("${fineServletURL}")).getOriginUrl();
}
/**
* 判断是否开启模板认证
* @param
* @return
* @throws Exception
*/
public static boolean isTempAuth(HttpServletRequest req,HttpServletResponse res) throws Exception {
ReportTemplateRequestChecker checker = new ReportTemplateRequestChecker();
HandlerMethod hm = new HandlerMethod(new ReportRequestService(),ReportRequestService.class.getMethod("preview", HttpServletRequest.class, HttpServletResponse.class, String.class));
return checker.checkRequest(req,res,hm);
}
/**
* 获取数据集数据
* @param serverDataSetName
* @return
*/
public static DataModel getTableData(String serverDataSetName){
TableData userInfo = TableDataConfig.getInstance().getTableData(serverDataSetName);
DataModel userInfoDM = userInfo.createDataModel(Calculator.createCalculator());
// userInfoDM.getRowCount();
// userInfoDM.getColumnIndex();
// userInfoDM.getValueAt()
return userInfoDM;
}
public static String getIndex(HttpServletRequest req){
String url = req.getScheme()+"://"+req.getServerName()+":"+String.valueOf(req.getServerPort())+req.getRequestURI();
return url;
}
}

341
src/main/java/com/eco/plugin/xx/hlzjsso/utils/IPUtils.java
Unescape View File

@ -0,0 +1,341 @@
package com.eco.plugin.xx.hlzjsso.utils;
import com.fr.data.NetworkHelper;
import com.fr.decision.mobile.terminal.TerminalHandler;
import com.fr.decision.webservice.v10.login.LoginService;
import com.fr.stable.web.Device;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.util.ArrayList;
import java.util.HashSet;
import java.util.List;
import java.util.Set;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
public class IPUtils {
/**
* 私有IP
* A类 10.0.0.0-10.255.255.255
* B类 172.16.0.0-172.31.255.255
* C类 192.168.0.0-192.168.255.255
*
* 127这个网段是环回地址
* localhost
*/
static List<Pattern> ipFilterRegexList = new ArrayList<>();
static {
Set<String> ipFilter = new HashSet<String>();
ipFilter.add("^10\\.(1\\d{2}|2[0-4]\\d|25[0-5]|[1-9]\\d|[0-9])"
+ "\\.(1\\d{2}|2[0-4]\\d|25[0-5]|[1-9]\\d|[0-9])" + "\\.(1\\d{2}|2[0-4]\\d|25[0-5]|[1-9]\\d|[0-9])$");
// B类地址范围: 172.16.0.0---172.31.255.255
ipFilter.add("^172\\.(1[6789]|2[0-9]|3[01])\\" + ".(1\\d{2}|2[0-4]\\d|25[0-5]|[1-9]\\d|[0-9])\\"
+ ".(1\\d{2}|2[0-4]\\d|25[0-5]|[1-9]\\d|[0-9])$");
// C类地址范围: 192.168.0.0---192.168.255.255
ipFilter.add("^192\\.168\\.(1\\d{2}|2[0-4]\\d|25[0-5]|[1-9]\\d|[0-9])\\"
+ ".(1\\d{2}|2[0-4]\\d|25[0-5]|[1-9]\\d|[0-9])$");
ipFilter.add("127.0.0.1");
ipFilter.add("0.0.0.0");
ipFilter.add("localhost");
for (String tmp : ipFilter) {
ipFilterRegexList.add(Pattern.compile(tmp));
}
}
// IP的正则,这个正则不能验证第一组数字为0的情况
private static Pattern pattern = Pattern
.compile("([1-9]\\d?|1\\d{2}|2[01]\\d|22[0-3])\\."
+ "(1\\d{1,2}|2[0-4]\\d|25[0-5]|\\d{1,2})\\."
+ "(1\\d{1,2}|2[0-4]\\d|25[0-5]|\\d{1,2})\\."
+ "(1\\d{1,2}|2[0-4]\\d|25[0-5]|\\d{1,2})");
/**
*
* getAvaliIpList:(根据IP白名单设置获取可用的IP列表).
*
* @date 2020-11-11 下午02:50:20
* @return
*/
private static Set<String> getAvaliIpList(String allowIp) {
Set<String> ipList = new HashSet<String>();
for (String allow : allowIp.replaceAll("\\s", "").split(",")) {
if (allow.indexOf("*") > -1) {
String[] ips = allow.split("\\.");
String[] from = new String[] { "0", "0", "0", "0" };
String[] end = new String[] { "255", "255", "255", "255" };
List<String> tem = new ArrayList<String>();
for (int i = 0; i < ips.length; i++)
if (ips[i].indexOf("*") > -1) {
//todo 直接用等于,不能正确获取类似192.168.**.*这种格式的ip段
tem = complete(ips[i]);
from[i] = null;
end[i] = null;
} else {
from[i] = ips[i];
end[i] = ips[i];
}
StringBuffer fromIP = new StringBuffer();
StringBuffer endIP = new StringBuffer();
for (int i = 0; i < 4; i++)
if (from[i] != null) {
fromIP.append(from[i]).append(".");
endIP.append(end[i]).append(".");
} else {
fromIP.append("[*].");
endIP.append("[*].");
}
fromIP.deleteCharAt(fromIP.length() - 1);
endIP.deleteCharAt(endIP.length() - 1);
for (String s : tem) {
String ip = fromIP.toString().replace("[*]",
s.split(";")[0])
+ "-"
+ endIP.toString().replace("[*]", s.split(";")[1]);
if (validate(ip)) {
ipList.add(ip);
}
}
} else {
if (validate(allow)) {
ipList.add(allow);
}
}
}
return ipList;
}
/**
* 对单个IP节点进行范围限定
*
* @param arg
* @return 返回限定后的IP范围格式为List[10;19, 100;199]
*/
private static List<String> complete(String arg) {
List<String> com = new ArrayList<String>();
if (arg.length() == 1) {
com.add("0;255");
} else if (arg.length() == 2) {
String s1 = complete(arg, 1);
if (s1 != null)
com.add(s1);
String s2 = complete(arg, 2);
if (s2 != null)
com.add(s2);
} else {
String s1 = complete(arg, 1);
if (s1 != null)
com.add(s1);
}
return com;
}
private static String complete(String arg, int length) {
String from = "";
String end = "";
if (length == 1) {
from = arg.replace("*", "0");
end = arg.replace("*", "9");
} else {
from = arg.replace("*", "00");
end = arg.replace("*", "99");
}
if (Integer.valueOf(from) > 255)
return null;
if (Integer.valueOf(end) > 255)
end = "255";
return from + ";" + end;
}
/**
* 在添加至白名单时进行格式校验
*
* @param ip
* @return
*/
private static boolean validate(String ip) {
for (String s : ip.split("-"))
if (!pattern.matcher(s).matches()) {
return false;
}
return true;
}
/**
*
* checkLoginIP:(根据IP,及可用Ip列表来判断ip是否包含在白名单之中).
* @date 2017-4-17 下午03:01:03
* @param ip
* @param ipList
* @return
*/
private static boolean checkLoginIP(String ip, Set<String> ipList) {
if (ipList.isEmpty() || ipList.contains(ip))
return true;
else {
for (String allow : ipList) {
if (allow.indexOf("-") > -1) {
String[] from = allow.split("-")[0].split("\\.");
String[] end = allow.split("-")[1].split("\\.");
String[] tag = ip.split("\\.");
// 对IP从左到右进行逐段匹配
boolean check = true;
for (int i = 0; i < 4; i++) {
int s = Integer.valueOf(from[i]);
int t = Integer.valueOf(tag[i]);
int e = Integer.valueOf(end[i]);
if (!(s <= t && t <= e)) {
check = false;
break;
}
}
if (check) {
return true;
}
}
}
}
return false;
}
/**
*
* checkLoginIP:(根据IP地址及IP白名单设置规则判断IP是否包含在白名单).
* @date 2017-4-17 下午03:01:37
* @param ip
* @param ipWhiteConfig
* @return
*/
public static boolean checkLoginIP(String ip,String ipWhiteConfig){
Set<String> ipList = getAvaliIpList(ipWhiteConfig);
return checkLoginIP(ip, ipList);
}
/**
* 获取真实IP 原逻辑
* @param request
* @return
*/
public static String getRealIp2(HttpServletRequest request) {
// 这个一般是Nginx反向代理设置的参数
String ip = request.getHeader("X-Real-IP");
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("X-Forwarded-For");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("Proxy-Client-IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("WL-Proxy-Client-IP");
}
if (ip == null || ip.length() == 0 || "unknown".equalsIgnoreCase(ip)) {
ip = request.getRemoteAddr();
}
// 处理多IP的情况(只取第一个IP)
if (ip != null && ip.contains(",")) {
String[] ipArray = ip.split(",");
ip = ipArray[0];
}
//FineLoggerFactory.getLogger().info("[ENC]客户端IP为[{}]",ip);
return ip;
}
/**
* 获取真实IP 客户逻辑
* @param request
* @return
*/
public static String getRealIp(HttpServletRequest request) {
String ip = request.getHeader("X-Forwarded-For");
if (ip==null||ip.length()==0||"unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("X-Real-IP");
}
if (ip==null||ip.length()==0||"unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("Proxy-Client-IP");
}
if (ip==null||ip.length()==0||"unknown".equalsIgnoreCase(ip)) {
ip = request.getHeader("WL-Proxy-Client-IP");
}
if (ip==null||ip.length()==0||"unknown".equalsIgnoreCase(ip)) {
ip = request.getRemoteAddr();
}
// 处理多IP的情况(只取第一个IP)
if (ip != null && ip.contains(",")) {
String[] ipArray = ip.split(",");
ip = ipArray[0];
}
return ip;
}
/**
* 判断IP是否内网IP
* @Title: ipIsInner
* @param ip
* @return: boolean
*/
public static boolean ipIsInner(String ip) {
boolean isInnerIp = false;
for (Pattern tmp : ipFilterRegexList) {
Matcher matcher = tmp.matcher(ip);
if (matcher.find()) {
isInnerIp = true;
break;
}
}
return isInnerIp;
}
// token有效性检验
public static boolean checkTokenValid(HttpServletRequest req, String token) {
// 判断该token是否还保存在状态服务器中,也就是判断该token是否还有用
try {
Device device = NetworkHelper.getDevice(req);
LoginService.getInstance().loginStatusValid(token, TerminalHandler.getTerminal(req, device));
return true;
} catch (Exception e) {
}
return false;
}
/**
* 判断是否是内网IP "192.168.1.1," + //设置单个IP的白名单
* "192.168.*.2," + //设置ip通配符,对一个ip段进行匹配
* "192.168.3.17-192.168.3.38"; //设置一个IP范围
* @param ip
* @return
*/
public static boolean isInnerIP(String ip,String ipWhite) throws IOException {
String ip4[]=ip.split("\\.");
if(ip4.length==4) {
return checkLoginIP(ip,ipWhite);
}else{
return false;
}
}
}

76
src/main/java/com/eco/plugin/xx/hlzjsso/utils/IPWhiteUtils.java
Unescape View File

@ -0,0 +1,76 @@
package com.eco.plugin.xx.hlzjsso.utils;
import com.fr.data.NetworkHelper;
import com.fr.decision.webservice.v10.config.ConfigService;
import com.fr.decision.webservice.v10.login.TokenResource;
import com.fr.log.FineLoggerFactory;
import com.fr.stable.StringUtils;
import com.fr.third.springframework.web.util.WebUtils;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
public class IPWhiteUtils{
private static String ipWhite;
private static String servletName="decision";
/**
* 判断是否是白名单IP "192.168.1.1," + //设置单个IP的白名单
* "192.168.*.2," + //设置ip通配符,对一个ip段进行匹配
* "192.168.3.17-192.168.3.38"; //设置一个IP范围
* @param req
* @return
*/
public static boolean inWhite(HttpServletRequest req,String ip2) {
try {
servletName = ConfigService.getInstance().getBasicParam().getServletPathName();
} catch (Exception e) {
FineLoggerFactory.getLogger().error("[ENC]获取servletName失败");
e.printStackTrace();
}
ipWhite= ip2;
String ip= req.getRemoteAddr();
FRUtils.FRLogInfo("white:"+ip2+";ip:"+ip);
//内网标记
boolean isInnerIPFlag= false;
try {
isInnerIPFlag = IPUtils.isInnerIP(ip,ipWhite);
} catch (IOException e) {
FineLoggerFactory.getLogger().error("[ENC]判断IP失败");
}
//移动设备标记
boolean isMobileFlag=NetworkHelper.getDevice(req).isMobile();
//移动端原生登陆标记
boolean isMobileLoginFlag=req.getRequestURI().contains(servletName+"/login") && !isInnerIPFlag;
//微信登陆标记
boolean isDingLoginFlag=req.getRequestURI().contains("weixin/single/login") && isMobileFlag;
String token = TokenResource.COOKIE.getToken(req);
//是否登陆标记
boolean isHasTokenFlag=!StringUtils.isEmpty(token) && IPUtils.checkTokenValid(req, token);
//移动端原生登陆标记
boolean isResourcesFlag=req.getRequestURI().contains(servletName+"/resources");
boolean isHasDingCookie=WebUtils.getCookie(req, "LOGIN_TYPE") != null;
FineLoggerFactory.getLogger().debug("[ENC]内网[{}]|移动设备[{}]|移动原生登陆[{}]|微信登陆[{}]|是否登陆[{}]|请求[{}]",isInnerIPFlag,isMobileFlag,isMobileLoginFlag,isDingLoginFlag,isHasTokenFlag,req.getRequestURI());
if(isInnerIPFlag || isResourcesFlag || isHasDingCookie){
return true;
}
else if(isDingLoginFlag){
return true;
} else{
return false;
}
}
}

108
src/main/java/com/eco/plugin/xx/hlzjsso/utils/ResponseUtils.java
Unescape View File

@ -0,0 +1,108 @@
package com.eco.plugin.xx.hlzjsso.utils;
import com.fr.json.JSONObject;
import com.fr.log.FineLoggerFactory;
import com.fr.web.utils.WebUtils;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.PrintWriter;
public class ResponseUtils {
private static final int SUCCESS = 200;
private static final int FAILED = -1;
public static void successResponse(HttpServletResponse res, String body) {
response(res, body, SUCCESS);
}
public static void failedResponse(HttpServletResponse res, String body) {
response(res, body, FAILED);
}
private static void response(HttpServletResponse res, String body, int code) {
JSONObject object = new JSONObject();
PrintWriter pw;
try {
object.put("code", code);
object.put("data", body);
pw = WebUtils.createPrintWriter(res);
} catch (Exception e) {
FineLoggerFactory.getLogger().info(e.getMessage());
return;
}
res.setContentType("application/json;charset=utf-8");
String result = object.toString();
pw.println(result);
pw.flush();
pw.close();
}
public static void response(HttpServletResponse res,JSONObject json){
PrintWriter pw;
try {
pw = WebUtils.createPrintWriter(res);
} catch (Exception e) {
FineLoggerFactory.getLogger().info(e.getMessage());
return;
}
res.setContentType("application/json;charset=utf-8");
String result = json.toString();
pw.println(result);
pw.flush();
pw.close();
}
public static void responseText(HttpServletResponse res,String text){
PrintWriter pw;
try {
pw = WebUtils.createPrintWriter(res);
} catch (Exception e) {
FineLoggerFactory.getLogger().info(e.getMessage());
return;
}
res.setContentType("text/html;charset=utf-8");
pw.println(text);
pw.flush();
pw.close();
}
public static void responseXml(HttpServletResponse res,String xml){
PrintWriter pw;
try {
pw = WebUtils.createPrintWriter(res);
} catch (Exception e) {
FineLoggerFactory.getLogger().info(e.getMessage());
return;
}
res.setContentType("text/xml;charset=utf-8");
pw.println(xml);
pw.flush();
pw.close();
}
public static void setCSRFHeader(HttpServletResponse httpServletResponse){
httpServletResponse.setHeader("Access-Control-Allow-Origin", "*");
httpServletResponse.setHeader("Access-Control-Allow-Methods", "POST,GET,OPTIONS,DELETE,HEAD,PUT,PATCH");
httpServletResponse.setHeader("Access-Control-Max-Age", "36000");
httpServletResponse.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept,Authorization,authorization");
}
public static void responseJsonp(HttpServletRequest req, HttpServletResponse res, JSONObject json){
PrintWriter pw;
try {
pw = WebUtils.createPrintWriter(res);
} catch (Exception e) {
FineLoggerFactory.getLogger().info(e.getMessage());
return;
}
res.setContentType("text/javascript;charset=utf-8;charset=utf-8");
String result = json.toString();
String jsonp=req.getParameter("callback");
pw.println(jsonp+"("+result+")");
pw.flush();
pw.close();
}
}

275
src/main/java/com/eco/plugin/xx/hlzjsso/utils/Utils.java
Unescape View File

@ -0,0 +1,275 @@
package com.eco.plugin.xx.hlzjsso.utils;
import com.fr.base.TemplateUtils;
import com.fr.data.NetworkHelper;
import com.fr.decision.webservice.v10.user.UserService;
import com.fr.io.utils.ResourceIOUtils;
import com.fr.json.JSONObject;
import com.fr.stable.CodeUtils;
import com.fr.stable.StringUtils;
import com.fr.third.org.apache.commons.codec.digest.DigestUtils;
import com.fr.web.utils.WebUtils;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.BufferedReader;
import java.io.InputStream;
import java.net.URLEncoder;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
public class Utils {
/**
* 判断字符串是否为空
* @param str
* @return true 空字符串 false 非空字符串
*/
public static boolean isNullStr(String str){
return !(str != null && !str.isEmpty() && !"null".equals(str));
}
/**
* 判断字符串是否非空
* @param str
* @return
*/
public static boolean isNotNullStr(String str){
return !isNullStr(str);
}
/**
* MD5加密
* @param str
* @return
*/
public static String getMd5Str(String str)
{
return DigestUtils.md5Hex(str);
}
/**
* 帆软shaEncode加密
*/
public static String shaEncode(String str){
return CodeUtils.sha256Encode(str);
}
/**
* 获取uuid
*/
public static String uuid(){
return UUID.randomUUID().toString();
}
/**
* 替换空字符串
* @param str
* @param replace
* @return
*/
public static String replaceNullStr(String str,String replace){
if(isNullStr(str)){
return replace;
}
return str;
}
/**
* 获取请求体
* @param req
* @return
*/
public static JSONObject getRequestBody(HttpServletRequest req){
StringBuffer sb = new StringBuffer();
String line = null;
try {
BufferedReader reader = req.getReader();
while ((line = reader.readLine()) != null)
sb.append(line);
} catch (Exception e) {
FRUtils.FRLogInfo("getRequestBody:exception:"+e.getMessage());
}
//将空格和换行符替换掉避免使用反序列化工具解析对象时失败
String jsonString = sb.toString().replaceAll("\\s","").replaceAll("\n","");
JSONObject json = new JSONObject(jsonString);
return json;
}
/**
* 获取ip
* @return
*/
public static String getIp(HttpServletRequest req){
String realIp = req.getHeader("X-Real-IP");
String fw = req.getHeader("X-Forwarded-For");
if (StringUtils.isNotEmpty(fw) && !"unKnown".equalsIgnoreCase(fw)) {
int var3 = fw.indexOf(",");
return var3 != -1 ? fw.substring(0, var3) : fw;
} else {
fw = realIp;
if (StringUtils.isNotEmpty(realIp) && !"unKnown".equalsIgnoreCase(realIp)) {
return realIp;
} else {
if (StringUtils.isBlank(realIp) || "unknown".equalsIgnoreCase(realIp)) {
fw = req.getHeader("Proxy-Client-IP");
}
if (StringUtils.isBlank(fw) || "unknown".equalsIgnoreCase(fw)) {
fw = req.getHeader("WL-Proxy-Client-IP");
}
if (StringUtils.isBlank(fw) || "unknown".equalsIgnoreCase(fw)) {
fw = req.getHeader("HTTP_CLIENT_IP");
}
if (StringUtils.isBlank(fw) || "unknown".equalsIgnoreCase(fw)) {
fw = req.getHeader("HTTP_X_FORWARDED_FOR");
}
if (StringUtils.isBlank(fw) || "unknown".equalsIgnoreCase(fw)) {
fw = req.getRemoteAddr();
}
return fw;
}
}
}
/**
* 根据key获取cookie
* @param req
* @return
*/
public static String getCookieByKey(HttpServletRequest req,String key){
Cookie[] cookies = req.getCookies();
String cookie = "";
if(cookies == null || cookies.length <=0){
return "";
}
for(int i = 0; i < cookies.length; i++) {
Cookie item = cookies[i];
if (item.getName().equalsIgnoreCase(key)) {
cookie = item.getValue();
}
}
FRUtils.FRLogInfo("cookie:"+cookie);
return cookie;
}
/**
* 判断是否是手机端的链接
* @param req
* @return
*/
public static boolean isMobile(HttpServletRequest req) {
String[] mobileArray = {"iPhone", "iPad", "android", "windows phone", "xiaomi"};
String userAgent = req.getHeader("user-agent");
if (userAgent != null && userAgent.toUpperCase().contains("MOBILE")) {
for(String mobile : mobileArray) {
if(userAgent.toUpperCase().contains(mobile.toUpperCase())) {
return true;
}
}
}
return NetworkHelper.getDevice(req).isMobile();
}
/**
* 只编码中文
* @param url
* @return
*/
public static String encodeCH(String url ){
Matcher matcher = Pattern.compile("[\\u4e00-\\u9fa5]").matcher(url);
while(matcher.find()){
String chn = matcher.group();
url = url.replaceAll(chn, URLEncoder.encode(chn));
}
return url;
}
/**
* 获取web-inf文件夹下的文件
* filename /resources/ip4enc.properties
*/
public static InputStream getResourcesFile(String filename){
return ResourceIOUtils.read(filename);
}
/**
*
* @param res
* @param path /com/fr/plugin/loginAuth/html/getMac.html
* @param parameterMap
*/
public static void toErrorPage(HttpServletResponse res,String path,Map<String, String> parameterMap){
if(parameterMap == null){
parameterMap = new HashMap<String, String>();
}
try {
String macPage = TemplateUtils.renderTemplate(path, parameterMap);
WebUtils.printAsString(res, macPage);
}catch (Exception e){
FRUtils.FRLogError("跳转页面异常");
}
}
/**
* 判断是否是管理员
* @param username
* @return
*/
public static boolean isAdmin(String username) throws Exception{
return UserService.getInstance().isAdmin(UserService.getInstance().getUserByUserName(username).getId());
}
/**
* 去掉浏览器中的参数
* @param url
* @param param
* @return
*/
public static String removeParam(String url,String param){
if(!url.contains("?"+param) && !url.contains("&"+param)){
return url;
}
return url.substring(0,url.indexOf(url.contains("?"+param) ? "?"+param : "&"+param));
}
/**
* 获取跳转链接
* @param req
* @param param
* @return
*/
public static String getRedirectUrl(HttpServletRequest req,String param){
String url = FRUtils.getAllUrl(req);
if(isNotNullStr(param)){
url = removeParam(url,param);
}
url = encodeCH(url);
return url;
}
}

35
src/main/java/com/eco/plugin/xx/hlzjsso/webresourceProvider/WebResourceProvider.java
Unescape View File

@ -0,0 +1,35 @@
package com.eco.plugin.xx.hlzjsso.webresourceProvider;
import com.fr.decision.fun.impl.AbstractWebResourceProvider;
import com.fr.decision.web.LoginComponent;
import com.fr.web.struct.Atom;
import com.fr.web.struct.Component;
import com.fr.web.struct.browser.RequestClient;
import com.fr.web.struct.category.ScriptPath;
import com.fr.web.struct.category.StylePath;
/**
* Created by xx on 2021-12-03
*/
public class WebResourceProvider extends AbstractWebResourceProvider {
@Override
public Atom attach() {
return LoginComponent.KEY;
}
@Override
public Atom client() {
return new Component() {
@Override
public ScriptPath script(RequestClient requestClient) {
return ScriptPath.build("/com/eco/plugin/xx/hlzjsso/js/ui.js");
}
@Override
public StylePath style(RequestClient requestClient) {
return StylePath.EMPTY;
// return StylePath.build("/com/fr/plugin/jdfSSO/css/icon.css");
}
};
}
}

238
src/main/resources/com/eco/plugin/xx/hlzjsso/js/ui.js
Unescape View File

@ -0,0 +1,238 @@
var e = BI.inherit(BI.Widget, {
props: {
baseCls: "dec-login-login"
},
_store: function () {
return BI.Models.getModel("dec.model.login.login")
},
watch: {
supportForgetPwd: function (e) {
this.forgetPasswordRow.setVisible(e)
},
needSlider: function (e) {
this.sliderMasker.setVisible(e)
}
},
render: function () {
var t = this;
this.options;
return {
type: "bi.absolute",
items: [{
el: {
type: "bi.vertical",
items: [{
type: "dec.login.login.item",
$testId: "dec-login-username",
iconCls: "login-username-font",
tgap: 50,
watermark: BI.i18nText("Dec-User_Name"),
ref: function (e) {
t.usernameRow = e
}
}, {
type: "dec.login.login.item",
$testId: "dec-login-password",
iconCls: "login-password-font",
watermark: BI.i18nText("Dec-Password"),
inputType: "password",
ref: function (e) {
t.passwordRow = e
}
}, {
type: "bi.left_right_vertical_adapt",
bgap: 30,
items: {
left: [{
type: "bi.multi_select_item",
$testId: "dec-login-remember",
textLgap: 5,
iconWrapperWidth: 16,
height: 16,
text: BI.i18nText("Dec-Login_Remember"),
logic: {
dynamic: !0
},
ref: function (e) {
t.rememberRow = e
}
}
],
right: [{
type: "bi.button",
$testId: "dec-login-forget-password",
clear: !0,
height: 16,
invisible: !this.model.supportForgetPwd,
text: BI.i18nText("Dec-Basic_Forget_Password"),
ref: function (e) {
t.forgetPasswordRow = e
},
handler: function () {
t.store.setSelectedTab(DecCst.Login.Tabs.FORGET_PASSWORD)
}
}
].concat(this._createItems())
}
}, {
type: "bi.horizontal_auto",
items: [{
type: "bi.button",
cls: "login-button",
text: BI.i18nText("Dec-Basic_Login"),
width: 190,
height: 40,
handler: function () {
t._start()
}
}
]
}, {
el: {
type: "bi.vertical",
$testId: "dec-login-logged-chang-text",
cls: "login-error",
invisible: !0,
scrolly: !1,
items: [{
type: "bi.text",
tagName: "span",
whiteSpace: "normal",
text: BI.i18nText("Dec-Login_Other_Logged_Tip")
}, {
type: "bi.text",
$testId: "dec-login-logged-chang-password",
tagName: "span",
cls: "password-btn",
text: BI.i18nText("Dec-Login_Change_Password"),
handler: function () {
t.model.isNeedVerify ? t.store.setSelectedTab(DecCst.Login.Tabs.VERIFY_BING) : t.store.setSelectedTab(DecCst.Login.Tabs.PASSWORD_OLD)
}
}
],
ref: function (e) {
t.loginErrorRow = e
}
},
tgap: 20
}, {
el: {
type: "bi.text",
$testId: "dec-login-logged-text",
cls: "login-error",
invisible: !0,
whiteSpace: "normal",
text: BI.i18nText("Dec-Login_Normal_Other_Logged_Tip"),
ref: function (e) {
t.loginNormalErrorRow = e
}
},
tgap: 20
}
]
},
top: 0,
right: 40,
bottom: 0,
left: 40
}, {
el: {
type: "bi.center_adapt",
cls: "slider-masker",
invisible: !0,
items: [{
type: "dec.login.slider",
listeners: [{
eventName: "EVENT_SUCCESS",
action: function () {
t._start()
}
}, {
eventName: "EVENT_CLOSE",
action: function () {
t.store.resetSlider()
}
}
],
ref: function (e) {
t.sliderBar = e
}
}
],
ref: function (e) {
t.sliderMasker = e
}
},
top: 0,
right: 40,
bottom: 0,
left: 40
}
]
}
},
mounted: function () {
var t = this;
this.store.initData(),
this.element.keyup(function (e) {
13 === e.keyCode && t._start()
})
},
_createItems: function () {
return BI.map(BI.Constants.getConstant("dec.constant.login.way.extend"), function (e, t) {
return {
type: t.cardType
}
})
},
_start: function () {
var t = this,
e = this.usernameRow.getValue(),
i = this.passwordRow.getValue(),
n = this.rememberRow.isSelected() ? -2 : -1,
userC = this.usernameRow;
t.loginErrorRow.invisible(),
t.loginNormalErrorRow.invisible(),
"" !== e ? "" !== i ? (this.store.setLoginInfo({
username: e,
validity: n,
phone: "",
captcha: ""
}), this.store.login({
username: e,
password: this.passwordRow.getCipher(),
validity: n,
sliderToken: this.model.sliderToken,
origin: Dec.Utils.getUrlQuery("origin"),
encrypted: !0
}, function (e) {
// var result = canLogin(userC.getValue());
// var code = result.code;
t.store.resetSlider(),
e.data && e.data.accessToken ? t.fireEvent("EVENT_LOGIN", e.data) :(e.errorMsg == 9999 ? userC.showError(e.errorCode) : BI.bind(BI.Services.getService("dec.service.login.login").getHandler(e.errorCode), t)(e))
}
)) : this.passwordRow.showError(BI.i18nText("Dec-Error_Password_Not_Null")) : this.usernameRow.showError(BI.i18nText("Dec-Error_Username_Not_Null"))
}
});
BI.shortcut("dec.login.login", e)
function canLogin(username){
var result = {};
$.ajax({
async:false,
type:"post",
url:"/webroot/decision/canLogin",
contentType:"application/json;charset=utf-8",
data:JSON.stringify({username:username}),
success:function(data){
result = data;
}
})
return result;
}
Write Preview
Loading…
Cancel
Save