|
|
@@ -13,6 +13,7 @@ import com.uas.platform.b2b.service.EnterpriseService;
|
|
|
import com.uas.platform.b2b.service.RoleService;
|
|
|
import com.uas.platform.b2b.service.SigninLogService;
|
|
|
import com.uas.platform.b2b.service.UserService;
|
|
|
+import com.uas.platform.b2b.support.CollectionUtil;
|
|
|
import com.uas.platform.b2b.support.SecurityConstant;
|
|
|
import com.uas.platform.b2b.support.SysConf;
|
|
|
import com.uas.platform.b2b.support.SystemSession;
|
|
|
@@ -44,7 +45,6 @@ import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
|
|
import org.springframework.ui.ModelMap;
|
|
|
import org.springframework.util.StringUtils;
|
|
|
|
|
|
-import javax.servlet.ServletException;
|
|
|
import javax.servlet.http.HttpServletRequest;
|
|
|
import javax.servlet.http.HttpServletResponse;
|
|
|
import java.io.*;
|
|
|
@@ -57,6 +57,7 @@ import java.util.List;
|
|
|
import java.util.Map;
|
|
|
import java.util.Objects;
|
|
|
import java.util.Set;
|
|
|
+import java.util.stream.Collectors;
|
|
|
|
|
|
/**
|
|
|
* 访问拦截
|
|
|
@@ -174,7 +175,7 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
|
|
|
return true;
|
|
|
}
|
|
|
} else {
|
|
|
- user = (User) request.getSession().getAttribute("user");
|
|
|
+ user = verifyUserInfo(request);
|
|
|
if (null == user) {
|
|
|
user = autoLogin(request);
|
|
|
}
|
|
|
@@ -259,8 +260,7 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
|
|
|
String referSymbol = "Referer";
|
|
|
request.getSession().setAttribute(SSOConfig.SSOReferer, request.getHeader(referSymbol));
|
|
|
SSOHelper.clearLogin(request, response);
|
|
|
- String redirectUrl = (SSOHelper.getRedirectLoginUrl(request, conf.getB2b()));
|
|
|
- return redirectUrl;
|
|
|
+ return (SSOHelper.getRedirectLoginUrl(request, conf.getB2b()));
|
|
|
}
|
|
|
|
|
|
/**
|
|
|
@@ -313,28 +313,7 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
|
|
|
SystemSession.setUser(user);
|
|
|
}
|
|
|
} else {
|
|
|
- user = (User) request.getSession().getAttribute("user");
|
|
|
- SSOToken token = SSOHelper.attrToken(request);
|
|
|
- // cookie变化的情况下,session可能还未变化
|
|
|
- boolean onAuthenticateFailed = user == null || (user.getUserTel() != null && !token.getUid().equals(user.getUserTel()));
|
|
|
- if (onAuthenticateFailed) {
|
|
|
- user = getUserByToken(token);
|
|
|
- if (user != null) {
|
|
|
- user.setIp(AgentUtils.getIp(request));
|
|
|
- request.getSession().setAttribute("user", user);
|
|
|
- setGrantedAuthorities(user);
|
|
|
- log(request, user);
|
|
|
- }
|
|
|
- } else {
|
|
|
- // 从其他应用切换了企业的情况
|
|
|
- if (token.getData() != null) {
|
|
|
- UserAccount tokenUser = FlexJsonUtils.fromJson(token.getData(), UserAccount.class);
|
|
|
- if (!StringUtils.isEmpty(tokenUser.getSpaceUU())
|
|
|
- && !user.getEnterprise().getUu().equals(tokenUser.getSpaceUU())) {
|
|
|
- user.setCurrentEnterprise(tokenUser.getSpaceUU());
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
+ user = verifyUserInfo(request);
|
|
|
if (user != null) {
|
|
|
// 判断是否个人用户
|
|
|
checkIsPersonal(user);
|
|
|
@@ -355,6 +334,50 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
|
|
|
}
|
|
|
}
|
|
|
|
|
|
+ private User verifyUserInfo(HttpServletRequest request) {
|
|
|
+ User user = (User) request.getSession().getAttribute("user");
|
|
|
+ SSOToken token = SSOHelper.attrToken(request);
|
|
|
+ // cookie变化的情况下,session可能还未变化
|
|
|
+ boolean onAuthenticateFailed = user == null || (user.getUserTel() != null && !token.getUid().equals(user.getUserTel()));
|
|
|
+ if (onAuthenticateFailed) {
|
|
|
+ user = getUserByToken(token);
|
|
|
+ if (user != null) {
|
|
|
+ user.setIp(AgentUtils.getIp(request));
|
|
|
+ request.getSession().setAttribute("user", user);
|
|
|
+ setGrantedAuthorities(user);
|
|
|
+ log(request, user);
|
|
|
+ }
|
|
|
+ } else {
|
|
|
+ // 从其他应用切换了企业的情况
|
|
|
+ if (token.getData() != null) {
|
|
|
+ UserAccount tokenUser = FlexJsonUtils.fromJson(token.getData(), UserAccount.class);
|
|
|
+ if (StringUtils.isEmpty(tokenUser.getSpaceUU()) && StringUtils.isEmpty(tokenUser.getBusinessCode())) {
|
|
|
+ throw new AccessDeniedException("个人用户无法使用B2B商务平台");
|
|
|
+ }
|
|
|
+ Enterprise currentEnterprise = user.getEnterprise();
|
|
|
+ boolean changeSpace = false;
|
|
|
+ if (!StringUtils.isEmpty(tokenUser.getSpaceUU()) && !currentEnterprise.getUu().equals(tokenUser.getSpaceUU())) {
|
|
|
+ user.setCurrentEnterprise(tokenUser.getSpaceUU());
|
|
|
+ changeSpace = true;
|
|
|
+ } else if (StringUtils.isEmpty(tokenUser.getSpaceUU()) && !StringUtils.isEmpty(tokenUser.getBusinessCode())
|
|
|
+ && !currentEnterprise.getEnBussinessCode().equals(tokenUser.getBusinessCode())) {
|
|
|
+ List<Enterprise> enterpriseList = user.getEnterprises().stream()
|
|
|
+ .filter(userSpace -> tokenUser.getBusinessCode().equals(userSpace.getEnBussinessCode()))
|
|
|
+ .collect(Collectors.toList());
|
|
|
+ if (CollectionUtil.isEmpty(enterpriseList)) {
|
|
|
+ throw new AccessDeniedException(String.format("未找到关于%s的企业信息,请更换企业或账号", tokenUser.getBusinessCode()));
|
|
|
+ }
|
|
|
+ user.setCurrentEnterprise(enterpriseList.get(0));
|
|
|
+ changeSpace = true;
|
|
|
+ }
|
|
|
+ if (changeSpace) {
|
|
|
+ SystemSession.clear();
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+ return user;
|
|
|
+ }
|
|
|
+
|
|
|
/**
|
|
|
* 检验是否个人用户
|
|
|
*
|
|
|
@@ -363,7 +386,7 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
|
|
|
private void checkIsPersonal(User user) {
|
|
|
boolean personalAccount = null == user.getEnterprise() || (null != user.getEnterprise() && null == user.getEnterprise().getUu());
|
|
|
if (personalAccount) {
|
|
|
- throw new IllegalAccessError("个人用户无法使用B2B商务平台");
|
|
|
+ throw new AccessDeniedException("个人用户无法使用B2B商务平台");
|
|
|
}
|
|
|
}
|
|
|
|
hejq