Inicio Explorar Ayuda
Registro Iniciar sesión
usoft
/
platform-b2b
1
0
Fork 0
Archivos Incidencias 0 Pull Requests 0 Wiki
Explorar el Código

从管理平台跳转的链接,改为不带en_uu,只包含无意义的token

git-svn-id: svn+ssh://10.10.101.21/source/platform/platform-b2b@3098 f3bf4e98-0cf0-11e4-a00c-a99a8b9d557d
yingp hace 10 años
padre
fcf49d05bd
commit
6b479d5e70
Se han modificado 1 ficheros con 18 adiciones y 17 borrados
Unificar vista Mostrar estadísticas de diff
  1. 18 17
      src/main/java/com/uas/platform/b2b/filter/SecurityInterceptor.java

+ 18 - 17
src/main/java/com/uas/platform/b2b/filter/SecurityInterceptor.java
Ver fichero 

@@ -70,7 +70,6 @@ public class SecurityInterceptor extends AbstractSecurityInterceptor implements
 
 

 

 	private final static String tokenParam = "access_token";

 	private final static String tokenParam = "access_token";

 	private final static String typeParam = "client_type";

 	private final static String typeParam = "client_type";

-	private final static String enParam = "en_uu";

 

 

 	@Autowired

 	@Autowired

 	@Qualifier("org.springframework.security.authenticationManager")

 	@Qualifier("org.springframework.security.authenticationManager")

@@ -314,23 +313,25 @@ public class SecurityInterceptor extends AbstractSecurityInterceptor implements
 
 				user = (User) sUser;

 				user = (User) sUser;

 			}

 			}

 			String type = request.getParameter(typeParam);

 			String type = request.getParameter(typeParam);

-			String enUU = request.getParameter(enParam);

-			if ("manage".equals(type) && enUU != null) {

-				if (user != null && UserCreater.isVirtual(user) && enUU.equals(String.valueOf(user.getEnterprise().getUu())))

+			if ("manage".equals(type)) {

+				if (user != null && UserCreater.isVirtual(user))

 					return;

 					return;

-				Enterprise enterprise = enterpriseService.findById(Long.parseLong(enUU));

-				if (enterprise != null) {

-					Map<String, Object> data = accessTokenService.validFormManage(token);

-					List<Role> roles = roleService.findByEnterprise(enterprise.getUu());

-					// 虚拟用户

-					user = UserCreater.createVirtual(String.valueOf(data.get("user")), enterprise, roles);

-					user.setIp(AgentUtils.getIp(request));

-					Collection<GrantedAuthority> array = getGrantedAuthorities(user);

-					TrustedAuthenticationToken authenticate = new TrustedAuthenticationToken(user.getUserUU(), array);

-					SecurityContextHolder.getContext().setAuthentication(authenticate);

-					request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,

-							SecurityContextHolder.getContext());

-					request.getSession().setAttribute("user", user);

+				Map<String, Object> data = accessTokenService.validFormManage(token);

+				if (data.containsKey("user") && data.containsKey("bind")) {

+					long enUU = Long.parseLong(data.get("bind").toString());

+					Enterprise enterprise = enterpriseService.findById(enUU);

+					if (enterprise != null) {

+						List<Role> roles = roleService.findByEnterprise(enUU);

+						// 虚拟用户

+						user = UserCreater.createVirtual(String.valueOf(data.get("user")), enterprise, roles);

+						user.setIp(AgentUtils.getIp(request));

+						Collection<GrantedAuthority> array = getGrantedAuthorities(user);

+						TrustedAuthenticationToken authenticate = new TrustedAuthenticationToken(user.getUserUU(), array);

+						SecurityContextHolder.getContext().setAuthentication(authenticate);

+						request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,

+								SecurityContextHolder.getContext());

+						request.getSession().setAttribute("user", user);

+					}

 				}

 				}

 			}

 			}

 		}

 		}