You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
141 lines
4.4 KiB
141 lines
4.4 KiB
package com.eco.plugin.xx.gdtpsso.filter; |
|
|
|
import com.eco.plugin.xx.gdtpsso.config.PluginSimpleConfig; |
|
import com.eco.plugin.xx.gdtpsso.utils.FRUtils; |
|
import com.eco.plugin.xx.gdtpsso.utils.HttpUtils; |
|
import com.eco.plugin.xx.gdtpsso.utils.Utils; |
|
import com.fr.decision.fun.impl.AbstractGlobalRequestFilterProvider; |
|
import com.fr.json.JSONObject; |
|
import com.fr.plugin.context.PluginContexts; |
|
import com.fr.record.analyzer.EnableMetrics; |
|
import com.fr.stable.fun.Authorize; |
|
import javax.servlet.FilterChain; |
|
import javax.servlet.http.HttpServletRequest; |
|
import javax.servlet.http.HttpServletResponse; |
|
import java.io.IOException; |
|
|
|
@EnableMetrics |
|
@Authorize(callSignKey = "com.eco.plugin.xx.gdtpsso") |
|
public class SSOFilter extends AbstractGlobalRequestFilterProvider { |
|
@Override |
|
public String filterName() { |
|
return "gdtpssoFilter"; |
|
} |
|
|
|
@Override |
|
public String[] urlPatterns() { |
|
return new String[]{"/*"}; |
|
} |
|
|
|
@Override |
|
public void doFilter(HttpServletRequest req, HttpServletResponse res, FilterChain chain ){ |
|
|
|
if(PluginContexts.currentContext().isAvailable()){ |
|
PluginSimpleConfig psc = PluginSimpleConfig.getInstance(); |
|
|
|
//code |
|
|
|
//是否放行 |
|
boolean release = isRelease(req); |
|
|
|
if(release){ |
|
release(req,res,chain); |
|
return; |
|
} |
|
|
|
String code = req.getParameter("code"); |
|
|
|
if(Utils.isNullStr(code)){ |
|
//跳转认证中心 |
|
redirect(req,res,psc); |
|
return; |
|
} |
|
|
|
//获取token |
|
String token = getToken(code,psc); |
|
|
|
//获取userInfo |
|
String username = getUsername(token,psc); |
|
|
|
String url = Utils.encodeCH(Utils.removeParam(FRUtils.getAllUrl(req),"code")); |
|
//登录 |
|
FRUtils.login(req,res,username,url); |
|
} |
|
|
|
release(req,res,chain); |
|
} |
|
|
|
|
|
private boolean isRelease(HttpServletRequest req) { |
|
String url = FRUtils.getAllUrl(req); |
|
String reft = req.getParameter("ref_t"); |
|
|
|
boolean isLogin = FRUtils.isLogin(req); |
|
boolean isRemote = url.contains("remote"); |
|
boolean isLoginPage = url.contains("login")||url.contains("decision/file")||url.contains("decision/resource")||url.contains("decision/system")||url.contains("query/ip"); |
|
boolean isViewlt = url.contains("viewlet") || "design".equals(reft) || url.contains("view/report") || url.contains("view/form"); |
|
return isLogin || isRemote || isLoginPage || isViewlt; |
|
} |
|
|
|
//跳转认证中心 |
|
private void redirect(HttpServletRequest req,HttpServletResponse res, PluginSimpleConfig psc) { |
|
String authurl = psc.getAuthUrl()+"?redirect_uri="+psc.getIndex()+"&state=1&client_id="+psc.getClientId()+"&response_type=code"; |
|
|
|
FRUtils.FRLogInfo("url:"+authurl); |
|
try { |
|
res.sendRedirect(authurl); |
|
} catch (IOException e) { |
|
FRUtils.FRLogInfo("跳转认证中心异常:"+e.getMessage()); |
|
} |
|
} |
|
|
|
//获取token |
|
private String getToken(String code,PluginSimpleConfig psc) { |
|
String tokenurl = psc.getTokenUrl()+"?client_id="+psc.getClientId()+"&grant_type=authorization_code&code="+code+"&client_secret="+psc.getSecret(); |
|
|
|
String result = HttpUtils.HttpPostJson(tokenurl,"",null); |
|
|
|
if(Utils.isNullStr(result)){ |
|
return ""; |
|
} |
|
|
|
JSONObject json = new JSONObject(result); |
|
|
|
if(json == null ){ |
|
return ""; |
|
} |
|
|
|
String token = json.getString("access_token"); |
|
return token; |
|
} |
|
|
|
//获取用户名 |
|
private String getUsername(String openId,PluginSimpleConfig psc) { |
|
String tokenurl = psc.getUserUrl()+"?access_token="+openId+"&client_id="+psc.getClientId(); |
|
|
|
String result = HttpUtils.httpGet(tokenurl,null,null); |
|
|
|
if(Utils.isNullStr(result)){ |
|
return ""; |
|
} |
|
|
|
JSONObject json = new JSONObject(result); |
|
|
|
if(json == null ){ |
|
return ""; |
|
} |
|
|
|
String username = json.getJSONArray("spRoleList").getString(0); |
|
return username; |
|
} |
|
|
|
//放行拦截器 |
|
private void release(HttpServletRequest req, HttpServletResponse res, FilterChain chain) { |
|
try{ |
|
chain.doFilter(req,res); |
|
}catch (Exception e){ |
|
FRUtils.FRLogInfo("拦截失败"); |
|
} |
|
} |
|
} |
|
|
|
|