|
|
@@ -69,43 +69,57 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
|
|
|
private HashMap<String, Collection<ConfigAttribute>> resourceMap;
|
|
|
private HashMap<Long, Collection<GrantedAuthority>> authorities;
|
|
|
|
|
|
+ /**
|
|
|
+ * 从token获取用户信息
|
|
|
+ *
|
|
|
+ * @param token token
|
|
|
+ * @return User
|
|
|
+ */
|
|
|
private User getUserByToken(SSOToken token) {
|
|
|
- User authedUser = null;
|
|
|
+ // 授权登录用户
|
|
|
+ User authorizedUser = null;
|
|
|
if (token.getData() != null) {
|
|
|
UserAccount tokenUser = FlexJsonUtils.fromJson(token.getData(), UserAccount.class);
|
|
|
if (!StringUtils.isEmpty(tokenUser.getUserUU())) {
|
|
|
// dialectUID表示client系统自己的唯一标识,比如user_uu,手机号没设置的情况下使用
|
|
|
- authedUser = userService.findUserByUserUU(tokenUser.getUserUU());
|
|
|
+ authorizedUser = userService.findUserByUserUU(tokenUser.getUserUU());
|
|
|
} else if (!StringUtils.isEmpty(tokenUser.getMobile())) {
|
|
|
// UID表示所有系统公认的唯一标识,这里统一使用手机号
|
|
|
- authedUser = userService.findUserByUserTel(tokenUser.getMobile());
|
|
|
+ authorizedUser = userService.findUserByUserTel(tokenUser.getMobile());
|
|
|
} else if (!StringUtils.isEmpty(tokenUser.getEmail())) {
|
|
|
// UID表示所有系统公认的唯一标识,这里统一使用手机号
|
|
|
- authedUser = userService.findUserByUserEmail(tokenUser.getEmail());
|
|
|
+ authorizedUser = userService.findUserByUserEmail(tokenUser.getEmail());
|
|
|
} else {
|
|
|
logger.error(String.format("invalid user %s, please set uid or dialectUID", tokenUser.getVipName()));
|
|
|
}
|
|
|
- if (authedUser != null && authedUser.getEnterprises() != null) {
|
|
|
+ if (authorizedUser != null && authorizedUser.getEnterprises() != null) {
|
|
|
// 企业资料在client系统自己的唯一标识,比如en_uu
|
|
|
if (tokenUser.getSpaceUU() != null) {
|
|
|
- authedUser.setCurrentEnterprise(tokenUser.getSpaceUU());
|
|
|
+ authorizedUser.setCurrentEnterprise(tokenUser.getSpaceUU());
|
|
|
} else if (StringUtils.isEmpty(tokenUser.getBusinessCode())) {
|
|
|
- for (Enterprise enterprise : authedUser.getEnterprises()) {
|
|
|
+ for (Enterprise enterprise : authorizedUser.getEnterprises()) {
|
|
|
// 企业资料在所有系统公认的唯一标识,这里使用商业登记证号
|
|
|
if (tokenUser.getBusinessCode().equals(enterprise.getEnBussinessCode())) {
|
|
|
- authedUser.setEnterprise(enterprise);
|
|
|
+ authorizedUser.setEnterprise(enterprise);
|
|
|
break;
|
|
|
}
|
|
|
}
|
|
|
} else { // 如果这两个信息都不存在,判断未登录,因为存在个人账号能登录账户中心的情况
|
|
|
SystemSession.clear();
|
|
|
- authedUser = null;
|
|
|
+ authorizedUser = null;
|
|
|
}
|
|
|
}
|
|
|
}
|
|
|
- return authedUser;
|
|
|
+ return authorizedUser;
|
|
|
}
|
|
|
|
|
|
+ /**
|
|
|
+ * 验证失败
|
|
|
+ *
|
|
|
+ * @param request request
|
|
|
+ * @param response response
|
|
|
+ * @return 验证结果
|
|
|
+ */
|
|
|
@Override
|
|
|
protected boolean onAuthenticateFailed(HttpServletRequest request, HttpServletResponse response) {
|
|
|
SystemSession.clear();
|
|
|
@@ -123,7 +137,7 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
|
|
|
if (user != null) {
|
|
|
SystemSession.setUser(user);
|
|
|
try {
|
|
|
- accessDecision(request, user, response);
|
|
|
+ accessDecision(request, user);
|
|
|
} catch (IOException e) {
|
|
|
e.printStackTrace();
|
|
|
}
|
|
|
@@ -141,12 +155,19 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
|
|
|
}
|
|
|
}
|
|
|
|
|
|
+ /**
|
|
|
+ * 验证成功
|
|
|
+ *
|
|
|
+ * @param request request
|
|
|
+ * @param response response
|
|
|
+ */
|
|
|
@Override
|
|
|
protected void onAuthenticateSuccess(HttpServletRequest request, HttpServletResponse response) {
|
|
|
User user = (User) request.getSession().getAttribute("user");
|
|
|
SSOToken token = SSOHelper.attrToken(request);
|
|
|
// cookie变化的情况下,session可能还未变化
|
|
|
- if (user == null || (user.getUserTel() != null && !token.getUid().equals(user.getUserTel()))) {
|
|
|
+ boolean onAuthenticateFailed = user == null || (user.getUserTel() != null && !token.getUid().equals(user.getUserTel()));
|
|
|
+ if (onAuthenticateFailed) {
|
|
|
user = getUserByToken(token);
|
|
|
if (user != null) {
|
|
|
user.setIp(AgentUtils.getIp(request));
|
|
|
@@ -167,7 +188,7 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
|
|
|
if (user != null) {
|
|
|
SystemSession.setUser(user);
|
|
|
try {
|
|
|
- accessDecision(request, user, response);
|
|
|
+ accessDecision(request, user);
|
|
|
} catch (IOException e) {
|
|
|
e.printStackTrace();
|
|
|
}
|
|
|
@@ -177,14 +198,12 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
|
|
|
/**
|
|
|
* 权限验证
|
|
|
*/
|
|
|
- private void accessDecision(HttpServletRequest request, User user, HttpServletResponse response) throws IOException {
|
|
|
+ private void accessDecision(HttpServletRequest request, User user) throws IOException {
|
|
|
Collection<ConfigAttribute> configAttributes = getAttributes(request);
|
|
|
if (null == configAttributes || configAttributes.size() == 0 || user.isSys() || user.getUserUU() < 0) {
|
|
|
return;
|
|
|
}
|
|
|
-// if (null == authorities || !authorities.containsKey(user.getUserUU())) {
|
|
|
- setGrantedAuthorities(user);
|
|
|
-// }
|
|
|
+ setGrantedAuthorities(user);
|
|
|
Iterator<ConfigAttribute> iterator = configAttributes.iterator();
|
|
|
String needPermission = null;
|
|
|
Collection<GrantedAuthority> userAuthorities = authorities.get(user.getUserUU());
|
|
|
@@ -207,21 +226,8 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
|
|
|
}
|
|
|
|
|
|
// 验证该用户是否被分配客户
|
|
|
-// List<Vendor> myVendors = userService.findDistribute();
|
|
|
-// if (!CollectionUtils.isEmpty(myVendors)) {
|
|
|
-// return;
|
|
|
-// }
|
|
|
if (needPermission != null) {
|
|
|
-// if(needPermission.contains("导出")) {
|
|
|
-// String retUrl = request.getContextPath();
|
|
|
-// try {
|
|
|
-// throw new AccessDeniedException("无法访问,没有 " + needPermission + " 权限!");
|
|
|
-// } finally {
|
|
|
-//// response.sendRedirect(retUrl + "/static/tpl/start/index.html");
|
|
|
-// }
|
|
|
-// } else {
|
|
|
- throw new AccessDeniedException("无法访问,没有 " + needPermission + " 权限!");
|
|
|
-// }
|
|
|
+ throw new AccessDeniedException("无法访问,没有 " + needPermission + " 权限!");
|
|
|
}
|
|
|
}
|
|
|
|
|
|
@@ -240,7 +246,7 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
|
|
|
*/
|
|
|
private void loadResourceDefine() {
|
|
|
if (resourceMap == null) {
|
|
|
- resourceMap = new HashMap<String, Collection<ConfigAttribute>>();
|
|
|
+ resourceMap = new HashMap<>(1);
|
|
|
List<ResourceItem> resources = resourceItemDao.findAll();
|
|
|
for (ResourceItem resource : resources) {
|
|
|
Collection<ConfigAttribute> configAttributes = new ArrayList<ConfigAttribute>();
|
|
|
@@ -262,8 +268,8 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
|
|
|
loadResourceDefine();
|
|
|
}
|
|
|
|
|
|
- for (Iterator<String> iter = resourceMap.keySet().iterator(); iter.hasNext();) {
|
|
|
- String resourceKey = iter.next();
|
|
|
+ for (Iterator<String> iterator = resourceMap.keySet().iterator(); iterator.hasNext();) {
|
|
|
+ String resourceKey = iterator.next();
|
|
|
String[] resourceParam = resourceKey.split(":");
|
|
|
String resourceMethod = resourceParam[0];
|
|
|
String resourceUrl = resourceParam[1];
|
|
|
@@ -281,7 +287,8 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
|
|
|
Set<Role> roles = user.getRoles();
|
|
|
if (!CollectionUtils.isEmpty(roles)) {
|
|
|
for (Role role : roles) {
|
|
|
- if (role.isSys()) {// 超级账号
|
|
|
+ // 超级账号
|
|
|
+ if (role.isSys()) {
|
|
|
user.setIssys(Constant.YES);
|
|
|
break;
|
|
|
}
|
|
|
@@ -294,7 +301,7 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
|
|
|
}
|
|
|
}
|
|
|
if (authorities == null) {
|
|
|
- authorities = new HashMap<Long, Collection<GrantedAuthority>>();
|
|
|
+ authorities = new HashMap<>(1);
|
|
|
}
|
|
|
authorities.put(user.getUserUU(), authSet);
|
|
|
}
|
|
|
@@ -319,12 +326,17 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
|
|
|
user = (User) sUser;
|
|
|
}
|
|
|
String type = request.getParameter(typeParam);
|
|
|
- if ("manage".equals(type)) {
|
|
|
+ String MANAGE_TYPE = "manage";
|
|
|
+ if (MANAGE_TYPE.equals(type)) {
|
|
|
if (user != null && UserCreater.isVirtual(user)) {
|
|
|
return user;
|
|
|
}
|
|
|
Map<String, Object> data = accessTokenService.validFormManage(token);
|
|
|
- if (data.containsKey("user") && data.containsKey("bind")) {
|
|
|
+ // user key
|
|
|
+ String USER_KEY = "user";
|
|
|
+ // bind key
|
|
|
+ String BIND_KEY = "bind";
|
|
|
+ if (data.containsKey(USER_KEY) && data.containsKey(BIND_KEY)) {
|
|
|
long enUU = Long.parseLong(data.get("bind").toString());
|
|
|
Enterprise enterprise = enterpriseService.findById(enUU);
|
|
|
if (enterprise != null) {
|
|
|
@@ -339,12 +351,23 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
|
|
|
return null;
|
|
|
}
|
|
|
|
|
|
+ /**
|
|
|
+ * 记录登录日志
|
|
|
+ *
|
|
|
+ * @param request request
|
|
|
+ * @param user 用户信息
|
|
|
+ */
|
|
|
private void log(HttpServletRequest request, User user) {
|
|
|
- // 记录登录日志
|
|
|
SitePreference preference = getDefaultSitePreferenceForDevice(this.deviceResolver.resolveDevice(request));
|
|
|
signinLogService.save(new SigninLog(user, preference, true));
|
|
|
}
|
|
|
|
|
|
+ /**
|
|
|
+ * 判断登录来源
|
|
|
+ *
|
|
|
+ * @param device
|
|
|
+ * @return
|
|
|
+ */
|
|
|
private SitePreference getDefaultSitePreferenceForDevice(Device device) {
|
|
|
if (device == null) {
|
|
|
return null;
|
|
|
@@ -376,9 +399,12 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
|
|
|
String password = request.getParameter("b_password");
|
|
|
User user = null;
|
|
|
if (StringUtils.hasText(username) && StringUtils.hasText(password)) {
|
|
|
- if (username.contains("@")) { // 邮箱登录
|
|
|
+ // 邮箱登录
|
|
|
+ String MAIL_SIGN = "@";
|
|
|
+ if (username.contains(MAIL_SIGN)) {
|
|
|
user = userService.findUserByUserEmail(username);
|
|
|
- } else if (username.matches(TEL_REGEXP)) {// 手机号登录
|
|
|
+ } else if (username.matches(TEL_REGEXP)) {
|
|
|
+ // 手机号登录
|
|
|
user = userService.findUserByUserTel(username);
|
|
|
} else if (username.matches(UU_REGEXP)) {
|
|
|
user = userService.findUserByUserUU(Long.parseLong(username));
|
|
|
@@ -395,16 +421,22 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
|
|
|
return user;
|
|
|
}
|
|
|
|
|
|
+ /**
|
|
|
+ * 绑定企业
|
|
|
+ *
|
|
|
+ * @param user 用户信息
|
|
|
+ * @param enUU 企业UU
|
|
|
+ */
|
|
|
private void checkEnterprise(User user, String enUU) {
|
|
|
- boolean choosed = false;
|
|
|
+ boolean chosen = false;
|
|
|
for (Enterprise enterprise : user.getEnterprises()) {
|
|
|
if (enterprise.getUu().toString().equals(enUU)) {
|
|
|
user.setEnterprise(enterprise);
|
|
|
- choosed = true;
|
|
|
+ chosen = true;
|
|
|
break;
|
|
|
}
|
|
|
}
|
|
|
- if (!choosed) {
|
|
|
+ if (!chosen) {
|
|
|
throw new UsernameNotFoundException("企业与用户不匹配");
|
|
|
}
|
|
|
}
|
hejq