|
|
@@ -107,6 +107,10 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
|
|
|
private HashMap<String, Collection<ConfigAttribute>> resourceMap;
|
|
|
private HashMap<Long, Collection<GrantedAuthority>> authorities;
|
|
|
|
|
|
+ private final static String TOKEN_PARAM = "access_token";
|
|
|
+ private final static String TYPE_PARAM = "client_type";
|
|
|
+ private final static String MANAGER = "manage";
|
|
|
+
|
|
|
/**
|
|
|
* 从token获取用户信息
|
|
|
*
|
|
|
@@ -158,17 +162,23 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
|
|
|
@Override
|
|
|
protected boolean onAuthenticateFailed(HttpServletRequest request, HttpServletResponse response) {
|
|
|
SystemSession.clear();
|
|
|
- User user = (User) request.getSession().getAttribute("user");
|
|
|
- if (user == null) {
|
|
|
- user = getUserByAccessToken(request);
|
|
|
- if (user != null) {
|
|
|
- user.setIp(AgentUtils.getIp(request));
|
|
|
- request.getSession().setAttribute("user", user);
|
|
|
- setGrantedAuthorities(user);
|
|
|
- } else {
|
|
|
- user = autoLogin(request);
|
|
|
- }
|
|
|
- }
|
|
|
+ String typeParam = request.getParameter(TYPE_PARAM);
|
|
|
+ User user;
|
|
|
+ if (null != typeParam && MANAGER.equals(typeParam)) {
|
|
|
+ user = getUserByAccessToken(request);
|
|
|
+ if (user != null) {
|
|
|
+ user.setIp(AgentUtils.getIp(request));
|
|
|
+ request.getSession().setAttribute("user", user);
|
|
|
+ setGrantedAuthorities(user);
|
|
|
+ SystemSession.setUser(user);
|
|
|
+ return true;
|
|
|
+ }
|
|
|
+ } else {
|
|
|
+ user = (User) request.getSession().getAttribute("user");
|
|
|
+ if (null == user) {
|
|
|
+ user = autoLogin(request);
|
|
|
+ }
|
|
|
+ }
|
|
|
if (user != null) {
|
|
|
checkIsPersonal(user);
|
|
|
// 登录之前判断在当前企业的角色信息
|
|
|
@@ -291,45 +301,58 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
|
|
|
*/
|
|
|
@Override
|
|
|
protected void onAuthenticateSuccess(HttpServletRequest request, HttpServletResponse response) {
|
|
|
- User user = (User) request.getSession().getAttribute("user");
|
|
|
- SSOToken token = SSOHelper.attrToken(request);
|
|
|
- // cookie变化的情况下,session可能还未变化
|
|
|
- boolean onAuthenticateFailed = user == null || (user.getUserTel() != null && !token.getUid().equals(user.getUserTel()));
|
|
|
- if (onAuthenticateFailed) {
|
|
|
- user = getUserByToken(token);
|
|
|
- if (user != null) {
|
|
|
- user.setIp(AgentUtils.getIp(request));
|
|
|
- request.getSession().setAttribute("user", user);
|
|
|
- setGrantedAuthorities(user);
|
|
|
- log(request, user);
|
|
|
- }
|
|
|
- } else {
|
|
|
- // 从其他应用切换了企业的情况
|
|
|
- if (token.getData() != null) {
|
|
|
- UserAccount tokenUser = FlexJsonUtils.fromJson(token.getData(), UserAccount.class);
|
|
|
- if (!StringUtils.isEmpty(tokenUser.getSpaceUU())
|
|
|
- && !user.getEnterprise().getUu().equals(tokenUser.getSpaceUU())) {
|
|
|
- user.setCurrentEnterprise(tokenUser.getSpaceUU());
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
- if (user != null) {
|
|
|
- // 判断是否个人用户
|
|
|
- checkIsPersonal(user);
|
|
|
- // 登录之前判断在当前企业的角色信息
|
|
|
- if (null != user.getEnterprise() && user.getEnterprise().getEnAdminuu().equals(user.getUserUU())) {
|
|
|
- Enterprise enterprise = user.getEnterprise();
|
|
|
- user = checkRoleAndReturnUserInfo(user, enterprise);
|
|
|
- user.setCurrentEnterprise(enterprise.getUu());
|
|
|
+ // 设置管理平台访问优先级最高
|
|
|
+ String typeParam = request.getParameter(TYPE_PARAM);
|
|
|
+ User user;
|
|
|
+ if (null != typeParam && MANAGER.equals(typeParam)) {
|
|
|
+ user = getUserByAccessToken(request);
|
|
|
+ if (user != null) {
|
|
|
+ user.setIp(AgentUtils.getIp(request));
|
|
|
+ request.getSession().setAttribute("user", user);
|
|
|
+ setGrantedAuthorities(user);
|
|
|
+ SystemSession.setUser(user);
|
|
|
}
|
|
|
- SystemSession.setUser(user);
|
|
|
- setResponseAuthorized(response, user, true);
|
|
|
- try {
|
|
|
- accessDecision(request, user);
|
|
|
- } catch (IOException e) {
|
|
|
- e.printStackTrace();
|
|
|
- }
|
|
|
- }
|
|
|
+ } else {
|
|
|
+ user = (User) request.getSession().getAttribute("user");
|
|
|
+ SSOToken token = SSOHelper.attrToken(request);
|
|
|
+ // cookie变化的情况下,session可能还未变化
|
|
|
+ boolean onAuthenticateFailed = user == null || (user.getUserTel() != null && !token.getUid().equals(user.getUserTel()));
|
|
|
+ if (onAuthenticateFailed) {
|
|
|
+ user = getUserByToken(token);
|
|
|
+ if (user != null) {
|
|
|
+ user.setIp(AgentUtils.getIp(request));
|
|
|
+ request.getSession().setAttribute("user", user);
|
|
|
+ setGrantedAuthorities(user);
|
|
|
+ log(request, user);
|
|
|
+ }
|
|
|
+ } else {
|
|
|
+ // 从其他应用切换了企业的情况
|
|
|
+ if (token.getData() != null) {
|
|
|
+ UserAccount tokenUser = FlexJsonUtils.fromJson(token.getData(), UserAccount.class);
|
|
|
+ if (!StringUtils.isEmpty(tokenUser.getSpaceUU())
|
|
|
+ && !user.getEnterprise().getUu().equals(tokenUser.getSpaceUU())) {
|
|
|
+ user.setCurrentEnterprise(tokenUser.getSpaceUU());
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
+ if (user != null) {
|
|
|
+ // 判断是否个人用户
|
|
|
+ checkIsPersonal(user);
|
|
|
+ // 登录之前判断在当前企业的角色信息
|
|
|
+ if (null != user.getEnterprise() && user.getEnterprise().getEnAdminuu().equals(user.getUserUU())) {
|
|
|
+ Enterprise enterprise = user.getEnterprise();
|
|
|
+ user = checkRoleAndReturnUserInfo(user, enterprise);
|
|
|
+ user.setCurrentEnterprise(enterprise.getUu());
|
|
|
+ }
|
|
|
+ SystemSession.setUser(user);
|
|
|
+ setResponseAuthorized(response, user, true);
|
|
|
+ try {
|
|
|
+ accessDecision(request, user);
|
|
|
+ } catch (IOException e) {
|
|
|
+ e.printStackTrace();
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
}
|
|
|
|
|
|
/**
|
|
|
@@ -455,50 +478,44 @@ public class SSOInterceptor extends AbstractSSOInterceptor {
|
|
|
authorities.put(user.getUserUU(), authSet);
|
|
|
}
|
|
|
|
|
|
- private final static String tokenParam = "access_token";
|
|
|
- private final static String typeParam = "client_type";
|
|
|
-
|
|
|
/**
|
|
|
* access_token验证登录
|
|
|
*
|
|
|
* @param request
|
|
|
*/
|
|
|
private User getUserByAccessToken(HttpServletRequest request) {
|
|
|
- String token = request.getParameter(tokenParam);
|
|
|
// 发现有采用access_token方式
|
|
|
- if (token != null) {
|
|
|
- // 清除上一次访问的数据
|
|
|
- SystemSession.clear();
|
|
|
- Object sUser = request.getSession().getAttribute("user");
|
|
|
- User user = null;
|
|
|
- if (sUser != null) {
|
|
|
- // session里面原先存在user信息,接下来要判断此user是否与token绑定的user信息一致
|
|
|
- // 一致则跳过,无需再次验证;不一致则替换
|
|
|
- user = (User) sUser;
|
|
|
- }
|
|
|
- String type = request.getParameter(typeParam);
|
|
|
- String MANAGE_TYPE = "manage";
|
|
|
- if (MANAGE_TYPE.equals(type)) {
|
|
|
- if (user != null && UserCreater.isVirtual(user)) {
|
|
|
- return user;
|
|
|
- }
|
|
|
- Map<String, Object> data = accessTokenService.validFormManage(token);
|
|
|
- // user key
|
|
|
- String USER_KEY = "user";
|
|
|
- // bind key
|
|
|
- String BIND_KEY = "bind";
|
|
|
- if (data.containsKey(USER_KEY) && data.containsKey(BIND_KEY)) {
|
|
|
- long enUU = Long.parseLong(data.get("bind").toString());
|
|
|
- Enterprise enterprise = enterpriseService.findById(enUU);
|
|
|
- if (enterprise != null) {
|
|
|
- List<Role> roles = roleService.findByEnterprise(enUU);
|
|
|
- // 虚拟用户
|
|
|
- user = UserCreater.createVirtual(String.valueOf(data.get("user")), enterprise, roles);
|
|
|
- return user;
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
- }
|
|
|
+ // 清除上一次访问的数据
|
|
|
+ String token = request.getParameter(TOKEN_PARAM);
|
|
|
+ SystemSession.clear();
|
|
|
+ Object sUser = request.getSession().getAttribute("user");
|
|
|
+ User user = null;
|
|
|
+ if (sUser != null) {
|
|
|
+ // session里面原先存在user信息,接下来要判断此user是否与token绑定的user信息一致
|
|
|
+ // 一致则跳过,无需再次验证;不一致则替换
|
|
|
+ user = (User) sUser;
|
|
|
+ }
|
|
|
+ String type = request.getParameter(TYPE_PARAM);
|
|
|
+ if (MANAGER.equals(type)) {
|
|
|
+ if (user != null && UserCreater.isVirtual(user)) {
|
|
|
+ return user;
|
|
|
+ }
|
|
|
+ Map<String, Object> data = accessTokenService.validFormManage(token);
|
|
|
+ // user key
|
|
|
+ String userKey = "user";
|
|
|
+ // bind key
|
|
|
+ String bindKey = "bind";
|
|
|
+ if (data.containsKey(userKey) && data.containsKey(bindKey)) {
|
|
|
+ long enUU = Long.parseLong(data.get("bind").toString());
|
|
|
+ Enterprise enterprise = enterpriseService.findById(enUU);
|
|
|
+ if (enterprise != null) {
|
|
|
+ List<Role> roles = roleService.findByEnterprise(enUU);
|
|
|
+ // 虚拟用户
|
|
|
+ user = UserCreater.createVirtual(String.valueOf(data.get("user")), enterprise, roles);
|
|
|
+ return user;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ }
|
|
|
return null;
|
|
|
}
|
|
|
|
shenjunjie