Merge branch 'master' of ssh://10.10.101.21/source/platform-b2b into dev

pom.xml

@@ -403,12 +403,10 @@
                     </execution>
                 </executions>
                 <configuration>
-                    <configuration>
-                        <format>{0,date,yyyy-MM-dd HH:mm:ss}</format>
-                        <items>
-                            <item>timestamp</item>
-                        </items>
-                    </configuration>
+                    <format>{0,date,yyyy-MM-dd HH:mm:ss}</format>
+                    <items>
+                        <item>timestamp</item>
+                    </items>
                 </configuration>
             </plugin>
             <plugin>

src/main/java/com/uas/platform/b2b/filter/SSOInterceptor.java

@@ -38,6 +38,7 @@ import org.springframework.util.StringUtils;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
+import java.io.PrintWriter;
 import java.util.*;
 
 /**
@@ -66,46 +67,71 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
 
 	private final DeviceResolver deviceResolver = new LiteDeviceResolver();
 
+    /**
+     * 手机号正则表达式
+     */
+    static final String TEL_REGEXP = "^((\\(\\d{3}\\))|(\\d{3}\\-))?(13|15|18)\\d{9}$";
+
+    /**
+     * UU号正则表达式
+     */
+    static final String UU_REGEXP = "^\\d{4,}$";
+
+
 	private HashMap<String, Collection<ConfigAttribute>> resourceMap;
 	private HashMap<Long, Collection<GrantedAuthority>> authorities;
 
+    /**
+     * 从token获取用户信息
+     *
+     * @param token token
+     * @return User
+     */
 	private User getUserByToken(SSOToken token) {
-		User authedUser = null;
+	    // 授权登录用户
+		User authorizedUser = null;
 		if (token.getData() != null) {
 			UserAccount tokenUser = FlexJsonUtils.fromJson(token.getData(), UserAccount.class);
 			if (!StringUtils.isEmpty(tokenUser.getUserUU())) {
 				// dialectUID表示client系统自己的唯一标识，比如user_uu，手机号没设置的情况下使用
-				authedUser = userService.findUserByUserUU(tokenUser.getUserUU());
+                authorizedUser = userService.findUserByUserUU(tokenUser.getUserUU());
 			} else if (!StringUtils.isEmpty(tokenUser.getMobile())) {
 				// UID表示所有系统公认的唯一标识，这里统一使用手机号
-				authedUser = userService.findUserByUserTel(tokenUser.getMobile());
+                authorizedUser = userService.findUserByUserTel(tokenUser.getMobile());
 			} else if (!StringUtils.isEmpty(tokenUser.getEmail())) {
 				// UID表示所有系统公认的唯一标识，这里统一使用手机号
-				authedUser = userService.findUserByUserEmail(tokenUser.getEmail());
+                authorizedUser = userService.findUserByUserEmail(tokenUser.getEmail());
 			} else {
 				logger.error(String.format("invalid user %s, please set uid or dialectUID", tokenUser.getVipName()));
 			}
-			if (authedUser != null && authedUser.getEnterprises() != null) {
+			if (authorizedUser != null && authorizedUser.getEnterprises() != null) {
 				// 企业资料在client系统自己的唯一标识，比如en_uu
 				if (tokenUser.getSpaceUU() != null) {
-					authedUser.setCurrentEnterprise(tokenUser.getSpaceUU());
+                    authorizedUser.setCurrentEnterprise(tokenUser.getSpaceUU());
 				} else if (StringUtils.isEmpty(tokenUser.getBusinessCode())) {
-					for (Enterprise enterprise : authedUser.getEnterprises()) {
+					for (Enterprise enterprise : authorizedUser.getEnterprises()) {
 						// 企业资料在所有系统公认的唯一标识，这里使用商业登记证号
 						if (tokenUser.getBusinessCode().equals(enterprise.getEnBussinessCode())) {
-							authedUser.setEnterprise(enterprise);
+                            authorizedUser.setEnterprise(enterprise);
 							break;
 						}
 					}
 				} else { // 如果这两个信息都不存在，判断未登录，因为存在个人账号能登录账户中心的情况
 					SystemSession.clear();
-					authedUser = null;
+                    authorizedUser = null;
 				}
 			}
 		}
-		return authedUser;
+		return authorizedUser;
 	}
 
+    /**
+     * 验证失败
+     *
+     * @param request request
+     * @param response response
+     * @return 验证结果
+     */
 	@Override
 	protected boolean onAuthenticateFailed(HttpServletRequest request, HttpServletResponse response) {
 		SystemSession.clear();
@@ -123,11 +149,12 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
 		if (user != null) {
 			SystemSession.setUser(user);
 			try {
-				accessDecision(request, user, response);
+				accessDecision(request, user);
 			} catch (IOException e) {
 				e.printStackTrace();
 			}
-			return true;
+            setResponseAuthorized(response, user, true);
+            return true;
 		} else {
 			if (SecurityConstant.AUTHENTICATION_URL.equals(request.getRequestURI())) {
 				return true;
@@ -136,17 +163,53 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
 			if (matcher.matches(request)) {
 				return true;
 			}
-			response.setStatus(HttpStatus.UNAUTHORIZED.value());
+            setResponseAuthorized(response, user, false);
 			return false;
 		}
 	}
 
+    /**
+     * 输出json格式
+     *
+     * @param obj
+     * @throws IOException
+     */
+    protected void printJson(HttpServletResponse response, Object obj) throws IOException {
+        response.addHeader("Content-Type", "application/json; charset=UTF-8");
+        PrintWriter printWriter = response.getWriter();
+        printWriter.append(FlexJsonUtils.toJson(obj));
+        printWriter.flush();
+        printWriter.close();
+    }
+
+    /**
+     * 设置response相关状态
+     *
+     * @param response response
+     * @param authorized 验证是否通过
+     */
+    protected void setResponseAuthorized(HttpServletResponse response, User user, boolean authorized) {
+        response.setStatus(authorized ? HttpStatus.OK.value() : HttpStatus.UNAUTHORIZED.value());
+        if (null != user && null != user.getEnterprise()) {
+            response.setStatus(authorized ? HttpStatus.OK.value() : HttpStatus.UNAUTHORIZED.value());
+            String authorizedValue = authorized ? HttpStatus.OK.name() : HttpStatus.UNAUTHORIZED.name();
+            response.setHeader("authorized", authorizedValue);
+        }
+    }
+
+    /**
+     * 验证成功
+     *
+     * @param request request
+     * @param response response
+     */
 	@Override
 	protected void onAuthenticateSuccess(HttpServletRequest request, HttpServletResponse response) {
 		User user = (User) request.getSession().getAttribute("user");
 		SSOToken token = SSOHelper.attrToken(request);
 		// cookie变化的情况下，session可能还未变化
-		if (user == null || (user.getUserTel() != null && !token.getUid().equals(user.getUserTel()))) {
+        boolean onAuthenticateFailed = user == null || (user.getUserTel() != null && !token.getUid().equals(user.getUserTel()));
+		if (onAuthenticateFailed) {
 			user = getUserByToken(token);
 			if (user != null) {
 				user.setIp(AgentUtils.getIp(request));
@@ -166,8 +229,9 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
 		}
 		if (user != null) {
 			SystemSession.setUser(user);
+            setResponseAuthorized(response, user, true);
 			try {
-				accessDecision(request, user, response);
+				accessDecision(request, user);
 			} catch (IOException e) {
 				e.printStackTrace();
 			}
@@ -177,14 +241,12 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
 	/**
 	 * 权限验证
 	 */
-	private void accessDecision(HttpServletRequest request, User user, HttpServletResponse response) throws IOException {
+	private void accessDecision(HttpServletRequest request, User user) throws IOException {
 		Collection<ConfigAttribute> configAttributes = getAttributes(request);
 		if (null == configAttributes || configAttributes.size() == 0 || user.isSys() || user.getUserUU() < 0) {
 			return;
 		}
-//		if (null == authorities || !authorities.containsKey(user.getUserUU())) {
-			setGrantedAuthorities(user);
-//		}
+        setGrantedAuthorities(user);
 		Iterator<ConfigAttribute> iterator = configAttributes.iterator();
 		String needPermission = null;
 		Collection<GrantedAuthority> userAuthorities = authorities.get(user.getUserUU());
@@ -207,21 +269,8 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
 		}
 
 		// 验证该用户是否被分配客户
-//		List<Vendor> myVendors = userService.findDistribute();
-//		if (!CollectionUtils.isEmpty(myVendors)) {
-//			return;
-//		}
 		if (needPermission != null) {
-//			if(needPermission.contains("导出")) {
-//				String retUrl = request.getContextPath();
-//				try {
-//					throw new AccessDeniedException("无法访问，没有 " + needPermission + " 权限！");
-//				} finally {
-////					response.sendRedirect(retUrl + "/static/tpl/start/index.html");
-//				}
-//			} else {
-				throw new AccessDeniedException("无法访问，没有 " + needPermission + " 权限！");
-//			}
+            throw new AccessDeniedException("无法访问，没有 " + needPermission + " 权限！");
 		}
 	}
 
@@ -240,7 +289,7 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
 	 */
 	private void loadResourceDefine() {
 		if (resourceMap == null) {
-			resourceMap = new HashMap<String, Collection<ConfigAttribute>>();
+			resourceMap = new HashMap<>(1);
 			List<ResourceItem> resources = resourceItemDao.findAll();
 			for (ResourceItem resource : resources) {
 				Collection<ConfigAttribute> configAttributes = new ArrayList<ConfigAttribute>();
@@ -262,8 +311,8 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
             loadResourceDefine();
         }
 
-		for (Iterator<String> iter = resourceMap.keySet().iterator(); iter.hasNext();) {
-			String resourceKey = iter.next();
+		for (Iterator<String> iterator = resourceMap.keySet().iterator(); iterator.hasNext();) {
+			String resourceKey = iterator.next();
 			String[] resourceParam = resourceKey.split(":");
 			String resourceMethod = resourceParam[0];
 			String resourceUrl = resourceParam[1];
@@ -281,7 +330,8 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
 		Set<Role> roles = user.getRoles();
 		if (!CollectionUtils.isEmpty(roles)) {
 			for (Role role : roles) {
-				if (role.isSys()) {// 超级账号
+				// 超级账号
+				if (role.isSys()) {
 					user.setIssys(Constant.YES);
 					break;
 				}
@@ -294,7 +344,7 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
 			}
 		}
 		if (authorities == null) {
-			authorities = new HashMap<Long, Collection<GrantedAuthority>>();
+			authorities = new HashMap<>(1);
 		}
 		authorities.put(user.getUserUU(), authSet);
 	}
@@ -319,12 +369,17 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
 				user = (User) sUser;
 			}
 			String type = request.getParameter(typeParam);
-			if ("manage".equals(type)) {
+			String MANAGE_TYPE = "manage";
+			if (MANAGE_TYPE.equals(type)) {
 				if (user != null && UserCreater.isVirtual(user)) {
 					return user;
 				}
 				Map<String, Object> data = accessTokenService.validFormManage(token);
-				if (data.containsKey("user") && data.containsKey("bind")) {
+				// user key
+				String USER_KEY = "user";
+				// bind key
+				String BIND_KEY = "bind";
+				if (data.containsKey(USER_KEY) && data.containsKey(BIND_KEY)) {
 					long enUU = Long.parseLong(data.get("bind").toString());
 					Enterprise enterprise = enterpriseService.findById(enUU);
 					if (enterprise != null) {
@@ -339,12 +394,23 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
 		return null;
 	}
 
+    /**
+     * 记录登录日志
+     *
+     * @param request request
+     * @param user 用户信息
+     */
 	private void log(HttpServletRequest request, User user) {
-		// 记录登录日志
 		SitePreference preference = getDefaultSitePreferenceForDevice(this.deviceResolver.resolveDevice(request));
 		signinLogService.save(new SigninLog(user, preference, true));
 	}
 
+    /**
+     * 判断登录来源
+     *
+     * @param device
+     * @return
+     */
 	private SitePreference getDefaultSitePreferenceForDevice(Device device) {
 		if (device == null) {
 			return null;
@@ -358,10 +424,6 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
 		return SitePreference.NORMAL;
 	}
 
-	static final String TEL_REGEXP = "^((\\(\\d{3}\\))|(\\d{3}\\-))?(13|15|18)\\d{9}$";
-
-	static final String UU_REGEXP = "^\\d{4,}$";
-
 	/**
 	 * 自动登录
 	 * 
@@ -376,9 +438,12 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
 		String password = request.getParameter("b_password");
 		User user = null;
 		if (StringUtils.hasText(username) && StringUtils.hasText(password)) {
-			if (username.contains("@")) { // 邮箱登录
+            // 邮箱登录
+            String MAIL_SIGN = "@";
+			if (username.contains(MAIL_SIGN)) {
 				user = userService.findUserByUserEmail(username);
-			} else if (username.matches(TEL_REGEXP)) {// 手机号登录
+			} else if (username.matches(TEL_REGEXP)) {
+                // 手机号登录
 				user = userService.findUserByUserTel(username);
 			} else if (username.matches(UU_REGEXP)) {
 				user = userService.findUserByUserUU(Long.parseLong(username));
@@ -395,16 +460,22 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
 		return user;
 	}
 
+    /**
+     * 绑定企业
+     *
+     * @param user 用户信息
+     * @param enUU 企业UU
+     */
 	private void checkEnterprise(User user, String enUU) {
-		boolean choosed = false;
+		boolean chosen  = false;
 		for (Enterprise enterprise : user.getEnterprises()) {
 			if (enterprise.getUu().toString().equals(enUU)) {
 				user.setEnterprise(enterprise);
-				choosed = true;
+                chosen  = true;
 				break;
 			}
 		}
-		if (!choosed) {
+		if (!chosen) {
 			throw new UsernameNotFoundException("企业与用户不匹配");
 		}
 	}

src/main/java/com/uas/platform/b2b/filter/SimpleCORSFilter.java

@@ -1,14 +1,9 @@
 package com.uas.platform.b2b.filter;
 
-import java.io.IOException;
-
-import javax.servlet.Filter;
-import javax.servlet.FilterChain;
-import javax.servlet.FilterConfig;
-import javax.servlet.ServletException;
-import javax.servlet.ServletRequest;
-import javax.servlet.ServletResponse;
+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
 
 public class SimpleCORSFilter implements Filter {
 
@@ -21,10 +16,13 @@ public class SimpleCORSFilter implements Filter {
 	public void doFilter(ServletRequest request, ServletResponse response,
 			FilterChain chain) throws IOException, ServletException {
 		HttpServletResponse res = (HttpServletResponse) response;
-		res.setHeader("Access-Control-Allow-Origin", "*");
+        HttpServletRequest req = (HttpServletRequest) request;
+        String origin = req.getHeader("Origin");
+		res.setHeader("Access-Control-Allow-Origin", origin);
 		res.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
 		res.setHeader("Access-Control-Max-Age", "3600");
-		res.setHeader("Access-Control-Allow-Headers", "x-requested-with");
+		res.setHeader("Access-Control-Allow-Headers", "Origin, No-Cache, X-Requested-With, If-Modified-Since, Pragma, Last-Modified, Cache-Control, Expires, Content-Type, X-E4M-With");
+		res.setHeader("Access-Control-Allow-Credentials", "true");
         chain.doFilter(request, res);
 	}
 

src/main/java/com/uas/platform/b2b/filter/SystemSessionInterceptor.java

@@ -0,0 +1,39 @@
+package com.uas.platform.b2b.filter;
+
+import com.uas.platform.b2b.model.User;
+import com.uas.platform.b2b.support.SystemSession;
+import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+
+/**
+ * 用户信息拦截器，对所有的请求，自动将Session 中的用户信息设置进
+ * @author hejq
+ * @date 2018-08-30 10:00
+ */
+public class SystemSessionInterceptor extends HandlerInterceptorAdapter {
+
+    /**
+     * 传入的attribute关键字 user
+     */
+    private final String USER_KEY = "user";
+
+    /**
+     * This implementation always returns {@code true}.
+     */
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler)
+            throws Exception {
+        if (SystemSession.getUser() == null) {
+            HttpSession session = request.getSession(false);
+            if (session != null && session.getAttribute(USER_KEY) != null) {
+                SystemSession.setUser((User) session.getAttribute("user"));
+                response.setStatus(HttpServletResponse.SC_OK);
+            }
+            SystemSession.setSession(session);
+        }
+        return true;
+    }
+}

src/main/java/com/uas/platform/b2b/support/SystemSession.java

@@ -2,6 +2,8 @@ package com.uas.platform.b2b.support;
 
 import com.uas.platform.b2b.model.User;
 
+import javax.servlet.http.HttpSession;
+
 /**
  * 每次请求服务器时，用户信息存放在本次线程中
  * 
@@ -12,6 +14,8 @@ public class SystemSession {
 
 	private static ThreadLocal<User> local = new ThreadLocal<User>();
 
+	private static ThreadLocal<HttpSession> loaclSession = new ThreadLocal<HttpSession>();
+
 	public static void setUser(User session) {
 		local.set(session);
 	}
@@ -24,4 +28,7 @@ public class SystemSession {
 		local.set(null);
 	}
 
+    public static void setSession(HttpSession session) {
+		loaclSession.set(session);
+    }
 }

src/main/webapp/WEB-INF/spring/webmvc.xml

@@ -91,6 +91,11 @@
 			<mvc:exclude-mapping path="/mobile/**" />
 			<bean class="com.uas.platform.b2b.filter.SSOInterceptor"></bean>
 		</mvc:interceptor>
+		<!-- 对所有的请求拦截，将Session中的User信息设置进SystemSession -->
+		<mvc:interceptor>
+			<mvc:mapping path="/**"></mvc:mapping>
+			<bean class="com.uas.platform.b2b.filter.SystemSessionInterceptor"></bean>
+		</mvc:interceptor>
 		<!-- 采用统一私钥签名、认证 -->
 		<mvc:interceptor>
 			<mvc:mapping path="/manage/user"></mvc:mapping>

src/main/webapp/resources/js/common/services.js

@@ -206,8 +206,11 @@ define(['angular', 'toaster', 'big'], function(angular, big) {
             getAuthentication: function() {
                 var request = $http.get(rootPath + '/authentication', {cache: true});
                 request.success(function(data) {
-                    if (data) cacheSession();
-                    else uncacheSession();
+                    if (data) {
+                        cacheSession();
+                    } else {
+                        uncacheSession();
+                    }
                 });
                 request.error(uncacheSession);
                 return request;

src/main/webapp/resources/js/index/app.js

@@ -7,14 +7,15 @@ define(['toaster', 'charts', 'ngTable', 'common/services', 'common/directives',
     app.config(['$httpProvider', function ($httpProvider) {
         // http拦截
         $httpProvider.interceptors.push('httpInterceptor');
+
     }]);
-    app.factory('httpInterceptor', ['$window', '$q', '$injector', 'BaseService', function ($window, $q, $injector, BaseService) {
+    app.factory('httpInterceptor', ['$window', '$q', function ($window, $q) {
         var httpInterceptor = {
-            'responseError': function (response) {
+            responseError: function (response) {
                 if (response.status == 401) {// UNAUTHORIZED
-                    // window.location.href = response.data.loginUrl || 'index';
                     // window.location.href = window.location.origin + window.location.pathname + '/login';
-                    window.location.reload();
+                    // window.location.reload();
+                    window.location.href = response.data.loginUrl || 'index';
                     return $q.reject(response);
                 }
                 return $q.reject(response);