平台支持access_token直接认证登录

git-svn-id: svn+ssh://10.10.101.21/source/platform/platform-b2b@3033 f3bf4e98-0cf0-11e4-a00c-a99a8b9d557d

src/main/java/com/uas/platform/b2b/filter/SecurityInterceptor.java

@@ -3,6 +3,8 @@ package com.uas.platform.b2b.filter;
 import java.io.IOException;
 import java.util.Collection;
 import java.util.HashSet;
+import java.util.List;
+import java.util.Map;
 import java.util.Set;
 
 import javax.servlet.Filter;
@@ -36,15 +38,20 @@ import org.springframework.security.web.context.HttpSessionSecurityContextReposi
 import org.springframework.util.CollectionUtils;
 import org.springframework.util.StringUtils;
 
+import com.uas.platform.b2b.manage.service.AccessTokenService;
 import com.uas.platform.b2b.model.Enterprise;
 import com.uas.platform.b2b.model.ResourceItem;
 import com.uas.platform.b2b.model.Role;
 import com.uas.platform.b2b.model.SigninLog;
 import com.uas.platform.b2b.model.User;
+import com.uas.platform.b2b.service.EnterpriseService;
+import com.uas.platform.b2b.service.RoleService;
 import com.uas.platform.b2b.service.SigninLogService;
 import com.uas.platform.b2b.service.UserService;
+import com.uas.platform.b2b.support.TrustedAuthenticationToken;
 import com.uas.platform.b2b.support.SecurityConstant;
 import com.uas.platform.b2b.support.SystemSession;
+import com.uas.platform.b2b.support.UserCreater;
 import com.uas.platform.core.model.Constant;
 import com.uas.platform.core.util.AgentUtils;
 import com.uas.platform.core.util.encry.Md5Utils;
@@ -59,6 +66,10 @@ public class SecurityInterceptor extends AbstractSecurityInterceptor implements
 
 	private FilterInvocationSecurityMetadataSource securityMetadataSource;
 
+	private final static String tokenParam = "access_token";
+	private final static String typeParam = "client_type";
+	private final static String enParam = "en_uu";
+
 	@Autowired
 	@Qualifier("org.springframework.security.authenticationManager")
 	protected AuthenticationManager authenticationManager;
@@ -69,6 +80,15 @@ public class SecurityInterceptor extends AbstractSecurityInterceptor implements
 	@Autowired
 	private SigninLogService signinLogService;
 
+	@Autowired
+	private AccessTokenService accessTokenService;
+
+	@Autowired
+	private EnterpriseService enterpriseService;
+
+	@Autowired
+	private RoleService roleService;
+
 	private final DeviceResolver deviceResolver;
 
 	public SecurityInterceptor() {
@@ -85,7 +105,10 @@ public class SecurityInterceptor extends AbstractSecurityInterceptor implements
 	public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
 		HttpServletRequest httpRequest = (HttpServletRequest) request;
 		HttpServletResponse httpResponse = (HttpServletResponse) response;
+		// 账号密码自动登录
 		autoLogin(httpRequest);
+		// access_token验证登录
+		accessTokenLogin(httpRequest);
 		logSession(httpRequest);
 		User user = SystemSession.getUser();
 		if (user == null) {// 未登录则要求登录
@@ -252,6 +275,38 @@ public class SecurityInterceptor extends AbstractSecurityInterceptor implements
 		}
 	}
 
+	/**
+	 * access_token验证登录
+	 * 
+	 * @param request
+	 */
+	private void accessTokenLogin(HttpServletRequest request) {
+		if (request.getSession().getAttribute("user") == null) {
+			String token = request.getParameter(tokenParam);
+			// 发现有采用access_token方式
+			if (token != null) {
+				String type = request.getParameter(typeParam);
+				String enUU = request.getParameter(enParam);
+				if ("manage".equals(type) && enUU != null) {
+					Enterprise enterprise = enterpriseService.findById(Long.parseLong(enUU));
+					if (enterprise != null) {
+						Map<String, Object> data = accessTokenService.validFormManage(token);
+						List<Role> roles = roleService.findByEnterprise(enterprise.getUu());
+						// 虚拟用户
+						User user = UserCreater.createVirtual(String.valueOf(data.get("user")), enterprise, roles);
+						user.setIp(AgentUtils.getIp(request));
+						Collection<GrantedAuthority> array = getGrantedAuthorities(user);
+						TrustedAuthenticationToken authenticate = new TrustedAuthenticationToken(user.getUserUU(), array);
+						SecurityContextHolder.getContext().setAuthentication(authenticate);
+						request.getSession().setAttribute(HttpSessionSecurityContextRepository.SPRING_SECURITY_CONTEXT_KEY,
+								SecurityContextHolder.getContext());
+						request.getSession().setAttribute("user", user);
+					}
+				}
+			}
+		}
+	}
+
 	private void checkEnterprise(User user, String enUU) {
 		boolean choosed = false;
 		for (Enterprise enterprise : user.getEnterprises()) {

src/main/java/com/uas/platform/b2b/manage/service/AccessTokenService.java

@@ -0,0 +1,15 @@
+package com.uas.platform.b2b.manage.service;
+
+import java.util.Map;
+
+public interface AccessTokenService {
+
+	/**
+	 * 请求管理平台校验token串，并返回用户信息
+	 * 
+	 * @param accessToken
+	 * @return
+	 */
+	Map<String, Object> validFormManage(String accessToken);
+
+}

src/main/java/com/uas/platform/b2b/manage/service/impl/AccessTokenServiceImpl.java

@@ -0,0 +1,38 @@
+package com.uas.platform.b2b.manage.service.impl;
+
+import java.util.HashMap;
+import java.util.Map;
+
+import org.springframework.http.HttpStatus;
+import org.springframework.stereotype.Service;
+
+import com.uas.platform.b2b.manage.service.AccessTokenService;
+import com.uas.platform.core.exception.SystemException;
+import com.uas.platform.core.model.Constant;
+import com.uas.platform.core.util.HttpUtil;
+import com.uas.platform.core.util.HttpUtil.Response;
+import com.uas.platform.core.util.serializer.FlexJsonUtils;
+
+@Service
+public class AccessTokenServiceImpl implements AccessTokenService {
+
+	@Override
+	public Map<String, Object> validFormManage(String accessToken) {
+		Map<String, String> params = new HashMap<String, String>();
+		params.put("access_token", accessToken);
+		Response response = null;
+		try {
+			response = HttpUtil.sendGetRequest(Constant.MANAGER_WEBSITE + "/public/token", params);
+		} catch (Exception e) {
+			return null;
+		}
+		String body = response.getResponseText();
+		Map<String, Object> data = FlexJsonUtils.fromJson(body);
+		if (response.getStatusCode() == HttpStatus.OK.value()) {
+			return data;
+		} else {
+			throw new SystemException(String.valueOf(data.get("error")));
+		}
+	}
+
+}

src/main/java/com/uas/platform/b2b/service/RoleService.java

@@ -7,12 +7,19 @@ import com.uas.platform.b2b.model.Role;
 public interface RoleService {
 
 	/**
-	 * 查找企业下所有角色
+	 * 查找当前企业下所有角色
 	 * 
 	 * @return
 	 */
 	public List<Role> findAll();
 
+	/**
+	 * 查找指定企业下所有角色
+	 * 
+	 * @return
+	 */
+	public List<Role> findByEnterprise(long enUU);
+
 	/**
 	 * 保存角色信息
 	 * 
@@ -35,7 +42,7 @@ public interface RoleService {
 	 * @param role
 	 */
 	public void delete(Role role);
-	
+
 	/**
 	 * 删除角色
 	 * 

src/main/java/com/uas/platform/b2b/service/impl/RoleServiceImpl.java

@@ -31,7 +31,11 @@ public class RoleServiceImpl implements RoleService {
 
 	@Override
 	public List<Role> findAll() {
-		long enUU = SystemSession.getUser().getEnterprise().getUu();
+		return findByEnterprise(SystemSession.getUser().getEnterprise().getUu());
+	}
+
+	@Override
+	public List<Role> findByEnterprise(long enUU) {
 		List<Role> roles = roleDao.findByEnUU(enUU);
 		if (CollectionUtils.isEmpty(roles)) {
 			// 角色为空，说明资料未初始化或初始化失败，需重新init

src/main/java/com/uas/platform/b2b/support/TrustedAuthenticationToken.java

@@ -0,0 +1,79 @@
+package com.uas.platform.b2b.support;
+
+import java.util.ArrayList;
+import java.util.Collection;
+import java.util.Collections;
+
+import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.AuthorityUtils;
+
+/**
+ * 在可信赖的情况下，直接创建一个有效Authentication
+ * 
+ * @author yingp
+ *
+ */
+public class TrustedAuthenticationToken implements Authentication {
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = 6121839379503504657L;
+	private final Collection<GrantedAuthority> authorities;
+	private boolean authenticated = false;
+	private final Object principal;
+
+	public TrustedAuthenticationToken(Object principal, Collection<? extends GrantedAuthority> authorities) {
+		this.principal = principal;
+		if (authorities == null) {
+			this.authorities = AuthorityUtils.NO_AUTHORITIES;
+			return;
+		}
+		for (GrantedAuthority a : authorities) {
+			if (a == null) {
+				throw new IllegalArgumentException("Authorities collection cannot contain any null elements");
+			}
+		}
+		ArrayList<GrantedAuthority> temp = new ArrayList<GrantedAuthority>(authorities.size());
+		temp.addAll(authorities);
+		this.authorities = Collections.unmodifiableList(temp);
+		this.authenticated = true;
+	}
+
+	@Override
+	public String getName() {
+		return String.valueOf(this.principal);
+	}
+
+	@Override
+	public Collection<? extends GrantedAuthority> getAuthorities() {
+		return this.authorities;
+	}
+
+	@Override
+	public Object getCredentials() {
+		return null;
+	}
+
+	@Override
+	public Object getDetails() {
+		return null;
+	}
+
+	@Override
+	public Object getPrincipal() {
+		return this.principal;
+	}
+
+	@Override
+	public boolean isAuthenticated() {
+		return this.authenticated;
+	}
+
+	@Override
+	public void setAuthenticated(boolean paramBoolean) throws IllegalArgumentException {
+		this.authenticated = paramBoolean;
+	}
+
+}

src/main/java/com/uas/platform/b2b/support/UserCreater.java

@@ -0,0 +1,38 @@
+package com.uas.platform.b2b.support;
+
+import java.util.HashSet;
+import java.util.List;
+import java.util.Set;
+
+import com.uas.platform.b2b.model.Enterprise;
+import com.uas.platform.b2b.model.Role;
+import com.uas.platform.b2b.model.User;
+import com.uas.platform.core.model.Constant;
+
+public class UserCreater {
+
+	/**
+	 * 创建虚拟用户
+	 * 
+	 * @param userName
+	 * @param ernterprise
+	 * @return
+	 */
+	public static User createVirtual(String userName, Enterprise enterprise, List<Role> roles) {
+		User user = new User();
+		user.setUserName(userName);
+		user.setUserUU(-99999L);
+		user.setEnable(Constant.YES);
+		user.setIssys(Constant.YES);
+
+		Set<Enterprise> enterprises = new HashSet<Enterprise>();
+		enterprises.add(enterprise);
+		user.setEnterprises(enterprises);
+		user.setCurrentEnterprise();
+
+		user.setRoles(new HashSet<Role>(roles));
+
+		return user;
+	}
+
+}