|
|
@@ -13,7 +13,6 @@ import com.uas.platform.b2b.service.EnterpriseService;
|
|
|
import com.uas.platform.b2b.service.RoleService;
|
|
|
import com.uas.platform.b2b.service.SigninLogService;
|
|
|
import com.uas.platform.b2b.service.UserService;
|
|
|
-import com.uas.platform.b2b.support.CollectionUtil;
|
|
|
import com.uas.platform.b2b.support.SecurityConstant;
|
|
|
import com.uas.platform.b2b.support.SysConf;
|
|
|
import com.uas.platform.b2b.support.SystemSession;
|
|
|
@@ -45,6 +44,7 @@ import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
|
|
import org.springframework.ui.ModelMap;
|
|
|
import org.springframework.util.StringUtils;
|
|
|
|
|
|
+import javax.servlet.ServletException;
|
|
|
import javax.servlet.http.HttpServletRequest;
|
|
|
import javax.servlet.http.HttpServletResponse;
|
|
|
import java.io.*;
|
|
|
@@ -57,11 +57,10 @@ import java.util.List;
|
|
|
import java.util.Map;
|
|
|
import java.util.Objects;
|
|
|
import java.util.Set;
|
|
|
-import java.util.stream.Collectors;
|
|
|
|
|
|
/**
|
|
|
* 访问拦截
|
|
|
- *
|
|
|
+ *
|
|
|
* @author hejq
|
|
|
* @date 2018-07-18 19:21
|
|
|
*/
|
|
|
@@ -108,10 +107,6 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
|
|
|
private HashMap<String, Collection<ConfigAttribute>> resourceMap;
|
|
|
private HashMap<Long, Collection<GrantedAuthority>> authorities;
|
|
|
|
|
|
- private final static String TOKEN_PARAM = "access_token";
|
|
|
- private final static String TYPE_PARAM = "client_type";
|
|
|
- private final static String MANAGER = "manage";
|
|
|
-
|
|
|
/**
|
|
|
* 从token获取用户信息
|
|
|
*
|
|
|
@@ -121,7 +116,7 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
|
|
|
private User getUserByToken(SSOToken token) {
|
|
|
// 授权登录用户
|
|
|
User authorizedUser = null;
|
|
|
- if (token.getData() != null) {
|
|
|
+ if (null != token && token.getData() != null) {
|
|
|
UserAccount tokenUser = FlexJsonUtils.fromJson(token.getData(), UserAccount.class);
|
|
|
if (!StringUtils.isEmpty(tokenUser.getUserUU())) {
|
|
|
// dialectUID表示client系统自己的唯一标识,比如user_uu,手机号没设置的情况下使用
|
|
|
@@ -163,23 +158,17 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
|
|
|
@Override
|
|
|
protected boolean onAuthenticateFailed(HttpServletRequest request, HttpServletResponse response) {
|
|
|
SystemSession.clear();
|
|
|
- String typeParam = request.getParameter(TYPE_PARAM);
|
|
|
- User user;
|
|
|
- if (null != typeParam && MANAGER.equals(typeParam)) {
|
|
|
- user = getUserByAccessToken(request);
|
|
|
- if (user != null) {
|
|
|
- user.setIp(AgentUtils.getIp(request));
|
|
|
- request.getSession().setAttribute("user", user);
|
|
|
- setGrantedAuthorities(user);
|
|
|
- SystemSession.setUser(user);
|
|
|
- return true;
|
|
|
- }
|
|
|
- } else {
|
|
|
- user = verifyUserInfo(request);
|
|
|
- if (null == user) {
|
|
|
- user = autoLogin(request);
|
|
|
- }
|
|
|
- }
|
|
|
+ User user = (User) request.getSession().getAttribute("user");
|
|
|
+ if (user == null) {
|
|
|
+ user = getUserByAccessToken(request);
|
|
|
+ if (user != null) {
|
|
|
+ user.setIp(AgentUtils.getIp(request));
|
|
|
+ request.getSession().setAttribute("user", user);
|
|
|
+ setGrantedAuthorities(user);
|
|
|
+ } else {
|
|
|
+ user = autoLogin(request);
|
|
|
+ }
|
|
|
+ }
|
|
|
if (user != null) {
|
|
|
checkIsPersonal(user);
|
|
|
// 登录之前判断在当前企业的角色信息
|
|
|
@@ -301,82 +290,46 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
|
|
|
*/
|
|
|
@Override
|
|
|
protected void onAuthenticateSuccess(HttpServletRequest request, HttpServletResponse response) {
|
|
|
- // 设置管理平台访问优先级最高
|
|
|
- String typeParam = request.getParameter(TYPE_PARAM);
|
|
|
- User user;
|
|
|
- if (null != typeParam && MANAGER.equals(typeParam)) {
|
|
|
- user = getUserByAccessToken(request);
|
|
|
- if (user != null) {
|
|
|
- user.setIp(AgentUtils.getIp(request));
|
|
|
- request.getSession().setAttribute("user", user);
|
|
|
- setGrantedAuthorities(user);
|
|
|
- SystemSession.setUser(user);
|
|
|
- }
|
|
|
- } else {
|
|
|
- user = verifyUserInfo(request);
|
|
|
- if (user != null) {
|
|
|
- // 判断是否个人用户
|
|
|
- checkIsPersonal(user);
|
|
|
- // 登录之前判断在当前企业的角色信息
|
|
|
- if (null != user.getEnterprise() && user.getEnterprise().getEnAdminuu().equals(user.getUserUU())) {
|
|
|
- Enterprise enterprise = user.getEnterprise();
|
|
|
- user = checkRoleAndReturnUserInfo(user, enterprise);
|
|
|
- user.setCurrentEnterprise(enterprise.getUu());
|
|
|
- }
|
|
|
- SystemSession.setUser(user);
|
|
|
- setResponseAuthorized(response, user, true);
|
|
|
- try {
|
|
|
- accessDecision(request, user);
|
|
|
- } catch (IOException e) {
|
|
|
- e.printStackTrace();
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
-
|
|
|
- private User verifyUserInfo(HttpServletRequest request) {
|
|
|
- User user = (User) request.getSession().getAttribute("user");
|
|
|
- SSOToken token = SSOHelper.attrToken(request);
|
|
|
- // cookie变化的情况下,session可能还未变化
|
|
|
+ User user = (User) request.getSession().getAttribute("user");
|
|
|
+ SSOToken token = SSOHelper.attrToken(request);
|
|
|
+ // cookie变化的情况下,session可能还未变化
|
|
|
boolean onAuthenticateFailed = user == null || (user.getUserTel() != null && !token.getUid().equals(user.getUserTel()));
|
|
|
- if (onAuthenticateFailed) {
|
|
|
- user = getUserByToken(token);
|
|
|
- if (user != null) {
|
|
|
- user.setIp(AgentUtils.getIp(request));
|
|
|
- request.getSession().setAttribute("user", user);
|
|
|
- setGrantedAuthorities(user);
|
|
|
- log(request, user);
|
|
|
- }
|
|
|
- } else {
|
|
|
- // 从其他应用切换了企业的情况
|
|
|
- if (token.getData() != null) {
|
|
|
- UserAccount tokenUser = FlexJsonUtils.fromJson(token.getData(), UserAccount.class);
|
|
|
- if (StringUtils.isEmpty(tokenUser.getSpaceUU()) && StringUtils.isEmpty(tokenUser.getBusinessCode())) {
|
|
|
- throw new AccessDeniedException("个人用户无法使用B2B商务平台");
|
|
|
- }
|
|
|
- Enterprise currentEnterprise = user.getEnterprise();
|
|
|
- boolean changeSpace = false;
|
|
|
- if (!StringUtils.isEmpty(tokenUser.getSpaceUU()) && !currentEnterprise.getUu().equals(tokenUser.getSpaceUU())) {
|
|
|
- user.setCurrentEnterprise(tokenUser.getSpaceUU());
|
|
|
- changeSpace = true;
|
|
|
- } else if (StringUtils.isEmpty(tokenUser.getSpaceUU()) && !StringUtils.isEmpty(tokenUser.getBusinessCode())
|
|
|
- && !currentEnterprise.getEnBussinessCode().equals(tokenUser.getBusinessCode())) {
|
|
|
- List<Enterprise> enterpriseList = user.getEnterprises().stream()
|
|
|
- .filter(userSpace -> tokenUser.getBusinessCode().equals(userSpace.getEnBussinessCode()))
|
|
|
- .collect(Collectors.toList());
|
|
|
- if (CollectionUtil.isEmpty(enterpriseList)) {
|
|
|
- throw new AccessDeniedException(String.format("未找到关于%s的企业信息,请更换企业或账号", tokenUser.getBusinessCode()));
|
|
|
- }
|
|
|
- user.setCurrentEnterprise(enterpriseList.get(0));
|
|
|
- changeSpace = true;
|
|
|
- }
|
|
|
- if (changeSpace) {
|
|
|
- SystemSession.clear();
|
|
|
- }
|
|
|
+ if (onAuthenticateFailed) {
|
|
|
+ user = getUserByToken(token);
|
|
|
+ if (user != null) {
|
|
|
+ user.setIp(AgentUtils.getIp(request));
|
|
|
+ request.getSession().setAttribute("user", user);
|
|
|
+ setGrantedAuthorities(user);
|
|
|
+ log(request, user);
|
|
|
+ }
|
|
|
+ } else {
|
|
|
+ // 从其他应用切换了企业的情况
|
|
|
+ if (token.getData() != null) {
|
|
|
+ UserAccount tokenUser = FlexJsonUtils.fromJson(token.getData(), UserAccount.class);
|
|
|
+ if (!StringUtils.isEmpty(tokenUser.getSpaceUU())
|
|
|
+ && !user.getEnterprise().getUu().equals(tokenUser.getSpaceUU())) {
|
|
|
+ user.setCurrentEnterprise(tokenUser.getSpaceUU());
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+ if (user != null) {
|
|
|
+ // 判断是否个人用户
|
|
|
+ checkIsPersonal(user);
|
|
|
+ // 登录之前判断在当前企业的角色信息
|
|
|
+ if (null != user.getEnterprise() && user.getEnterprise().getEnAdminuu().equals(user.getUserUU())) {
|
|
|
+ Enterprise enterprise = user.getEnterprise();
|
|
|
+ user = checkRoleAndReturnUserInfo(user, enterprise);
|
|
|
+ user.setCurrentEnterprise(enterprise.getUu());
|
|
|
}
|
|
|
- }
|
|
|
- return user;
|
|
|
- }
|
|
|
+ SystemSession.setUser(user);
|
|
|
+ setResponseAuthorized(response, user, true);
|
|
|
+ try {
|
|
|
+ accessDecision(request, user);
|
|
|
+ } catch (IOException e) {
|
|
|
+ e.printStackTrace();
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
|
|
|
/**
|
|
|
* 检验是否个人用户
|
|
|
@@ -386,7 +339,7 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
|
|
|
private void checkIsPersonal(User user) {
|
|
|
boolean personalAccount = null == user.getEnterprise() || (null != user.getEnterprise() && null == user.getEnterprise().getUu());
|
|
|
if (personalAccount) {
|
|
|
- throw new AccessDeniedException("个人用户无法使用B2B商务平台");
|
|
|
+ throw new IllegalAccessError("个人用户无法使用B2B商务平台");
|
|
|
}
|
|
|
}
|
|
|
|
|
|
@@ -437,7 +390,7 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
|
|
|
|
|
|
/**
|
|
|
* 加载资源,初始化资源变量
|
|
|
- *
|
|
|
+ *
|
|
|
*/
|
|
|
private void loadResourceDefine() {
|
|
|
if (resourceMap == null) {
|
|
|
@@ -501,44 +454,50 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
|
|
|
authorities.put(user.getUserUU(), authSet);
|
|
|
}
|
|
|
|
|
|
+ private final static String tokenParam = "access_token";
|
|
|
+ private final static String typeParam = "client_type";
|
|
|
+
|
|
|
/**
|
|
|
* access_token验证登录
|
|
|
- *
|
|
|
+ *
|
|
|
* @param request
|
|
|
*/
|
|
|
private User getUserByAccessToken(HttpServletRequest request) {
|
|
|
- // 发现有采用access_token方式
|
|
|
- // 清除上一次访问的数据
|
|
|
- String token = request.getParameter(TOKEN_PARAM);
|
|
|
- SystemSession.clear();
|
|
|
- Object sUser = request.getSession().getAttribute("user");
|
|
|
- User user = null;
|
|
|
- if (sUser != null) {
|
|
|
- // session里面原先存在user信息,接下来要判断此user是否与token绑定的user信息一致
|
|
|
- // 一致则跳过,无需再次验证;不一致则替换
|
|
|
- user = (User) sUser;
|
|
|
- }
|
|
|
- String type = request.getParameter(TYPE_PARAM);
|
|
|
- if (MANAGER.equals(type)) {
|
|
|
- if (user != null && UserCreater.isVirtual(user)) {
|
|
|
- return user;
|
|
|
- }
|
|
|
- Map<String, Object> data = accessTokenService.validFormManage(token);
|
|
|
- // user key
|
|
|
- String userKey = "user";
|
|
|
- // bind key
|
|
|
- String bindKey = "bind";
|
|
|
- if (data.containsKey(userKey) && data.containsKey(bindKey)) {
|
|
|
- long enUU = Long.parseLong(data.get("bind").toString());
|
|
|
- Enterprise enterprise = enterpriseService.findById(enUU);
|
|
|
- if (enterprise != null) {
|
|
|
- List<Role> roles = roleService.findByEnterprise(enUU);
|
|
|
- // 虚拟用户
|
|
|
- user = UserCreater.createVirtual(String.valueOf(data.get("user")), enterprise, roles);
|
|
|
- return user;
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
+ String token = request.getParameter(tokenParam);
|
|
|
+ // 发现有采用access_token方式
|
|
|
+ if (token != null) {
|
|
|
+ // 清除上一次访问的数据
|
|
|
+ SystemSession.clear();
|
|
|
+ Object sUser = request.getSession().getAttribute("user");
|
|
|
+ User user = null;
|
|
|
+ if (sUser != null) {
|
|
|
+ // session里面原先存在user信息,接下来要判断此user是否与token绑定的user信息一致
|
|
|
+ // 一致则跳过,无需再次验证;不一致则替换
|
|
|
+ user = (User) sUser;
|
|
|
+ }
|
|
|
+ String type = request.getParameter(typeParam);
|
|
|
+ String MANAGE_TYPE = "manage";
|
|
|
+ if (MANAGE_TYPE.equals(type)) {
|
|
|
+ if (user != null && UserCreater.isVirtual(user)) {
|
|
|
+ return user;
|
|
|
+ }
|
|
|
+ Map<String, Object> data = accessTokenService.validFormManage(token);
|
|
|
+ // user key
|
|
|
+ String USER_KEY = "user";
|
|
|
+ // bind key
|
|
|
+ String BIND_KEY = "bind";
|
|
|
+ if (data.containsKey(USER_KEY) && data.containsKey(BIND_KEY)) {
|
|
|
+ long enUU = Long.parseLong(data.get("bind").toString());
|
|
|
+ Enterprise enterprise = enterpriseService.findById(enUU);
|
|
|
+ if (enterprise != null) {
|
|
|
+ List<Role> roles = roleService.findByEnterprise(enUU);
|
|
|
+ // 虚拟用户
|
|
|
+ user = UserCreater.createVirtual(String.valueOf(data.get("user")), enterprise, roles);
|
|
|
+ return user;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
return null;
|
|
|
}
|
|
|
|
hejq