Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
H
hp-smart
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
0
Issues
0
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
platform
hp-smart
Commits
611d5009
Commit
611d5009
authored
Sep 05, 2024
by
宋祥
Browse files
Options
Browse Files
Download
Plain Diff
Merge branch 'dev-sx' of
http://129.211.46.84:8800/platform/hp-smart
into dev
parents
36353c81
764c5731
Hide whitespace changes
Inline
Side-by-side
Showing
1 changed file
with
215 additions
and
0 deletions
+215
-0
PlatServiceValidateFilter.java
...ight/iplat4j/core/security/PlatServiceValidateFilter.java
+215
-0
No files found.
src/main/java/com/baosight/iplat4j/core/security/PlatServiceValidateFilter.java
0 → 100644
View file @
611d5009
package
com
.
baosight
.
iplat4j
.
core
.
security
;
import
com.baosight.iplat4j.core.ei.EiConstant
;
import
com.baosight.iplat4j.core.ei.EiInfo
;
import
com.baosight.iplat4j.core.service.soa.XLocalManager
;
import
com.baosight.iplat4j.core.service.soa.XServiceManager
;
import
com.baosight.iplat4j.core.util.StringUtils
;
import
com.baosight.iplat4j.core.web.WebUtils
;
import
org.apache.logging.log4j.LogManager
;
import
org.apache.logging.log4j.Logger
;
import
org.springframework.security.access.AccessDeniedException
;
import
org.springframework.security.core.AuthenticationException
;
import
org.springframework.security.core.GrantedAuthority
;
import
org.springframework.security.core.context.SecurityContext
;
import
org.springframework.security.core.context.SecurityContextHolder
;
import
org.springframework.security.web.AuthenticationEntryPoint
;
import
org.springframework.security.web.util.matcher.OrRequestMatcher
;
import
javax.servlet.Filter
;
import
javax.servlet.FilterChain
;
import
javax.servlet.FilterConfig
;
import
javax.servlet.ServletException
;
import
javax.servlet.ServletRequest
;
import
javax.servlet.ServletResponse
;
import
javax.servlet.http.HttpServletRequest
;
import
javax.servlet.http.HttpServletResponse
;
import
java.io.IOException
;
import
java.util.Collection
;
import
java.util.Enumeration
;
import
java.util.HashMap
;
import
java.util.Iterator
;
import
java.util.Map
;
/**
* @author:songx
* @date:2024/8/26,17:01
*/
public
class
PlatServiceValidateFilter
implements
Filter
{
private
final
Logger
logger
=
LogManager
.
getLogger
(
PlatServiceValidateFilter
.
class
);
protected
ITokenValidateFilter
iTokenValidateFilter
=
null
;
private
AuthenticationEntryPoint
entryPoint
;
private
String
filterServiceId
=
null
;
private
OrRequestMatcher
orRequestMatcher
;
public
PlatServiceValidateFilter
()
{
}
public
void
setFilterServiceId
(
String
filterServiceId
)
{
this
.
filterServiceId
=
filterServiceId
;
}
protected
void
doFilterInternal
(
HttpServletRequest
httpServletRequest
,
HttpServletResponse
httpServletResponse
,
FilterChain
filterChain
)
throws
ServletException
,
IOException
{
String
ip
=
WebUtils
.
getRemoteAddr
(
httpServletRequest
);
this
.
logger
.
debug
(
"******cached ip:"
+
ip
+
"**********"
);
boolean
authed
=
false
;
String
uri
=
httpServletRequest
.
getServletPath
();
SecurityContext
context
=
SecurityContextHolder
.
getContext
();
if
(
context
!=
null
&&
context
.
getAuthentication
()
!=
null
)
{
Collection
<?
extends
GrantedAuthority
>
authoritis
=
context
.
getAuthentication
().
getAuthorities
();
if
(
authoritis
!=
null
&&
!
authoritis
.
isEmpty
())
{
Iterator
var9
=
authoritis
.
iterator
();
while
(
var9
.
hasNext
())
{
GrantedAuthority
authority
=
(
GrantedAuthority
)
var9
.
next
();
authed
=
authority
.
getAuthority
().
equals
(
"ROLE_VERIFIED"
);
if
(!
authed
&&
authority
.
getAuthority
().
equals
(
"CHANGEPASS"
))
{
authed
=
uri
.
indexOf
(
"service/XS0104/"
)
>=
0
;
}
if
(
authed
)
{
break
;
}
}
}
}
if
(
uri
.
indexOf
(
"service"
)
<
0
)
{
authed
=
true
;
}
// modify by songx at 20240826 if条件去掉authed,否则token会串
if
(
this
.
iTokenValidateFilter
!=
null
)
{
this
.
iTokenValidateFilter
.
doFilter
(
httpServletRequest
,
httpServletResponse
);
if
(!
authed
)
{
authed
=
this
.
isAuthedByJwt
(
httpServletRequest
);
}
}
Map
headerMap
=
new
HashMap
();
Enumeration
<
String
>
headerNames
=
httpServletRequest
.
getHeaderNames
();
String
headValue
;
String
serviceParam
;
boolean
hasXPlatHeader
;
for
(
hasXPlatHeader
=
false
;
headerNames
.
hasMoreElements
();
headerMap
.
put
(
serviceParam
,
headValue
))
{
String
name
=
(
String
)
headerNames
.
nextElement
();
headValue
=
httpServletRequest
.
getHeader
(
name
);
this
.
logger
.
debug
(
"******cached header:"
+
name
+
"****** value:"
+
headValue
+
"********"
);
serviceParam
=
name
.
toLowerCase
();
if
(
serviceParam
.
contains
(
"xplat"
))
{
hasXPlatHeader
=
true
;
}
}
if
(
authed
)
{
filterChain
.
doFilter
(
httpServletRequest
,
httpServletResponse
);
}
else
{
try
{
EiInfo
securityInfo
=
new
EiInfo
();
securityInfo
.
set
(
"headerMap"
,
headerMap
);
securityInfo
.
set
(
"clientIp"
,
ip
);
if
(
uri
.
indexOf
(
"service/"
)
>
0
)
{
String
[]
uriParts
=
uri
.
split
(
"service/"
);
serviceParam
=
uriParts
[
uriParts
.
length
-
1
];
if
(
serviceParam
.
contains
(
"/"
))
{
String
[]
serviceInfos
=
serviceParam
.
split
(
"/"
);
securityInfo
.
set
(
"paramServiceName"
,
serviceInfos
[
0
]);
securityInfo
.
set
(
"paramMethodName"
,
serviceInfos
[
1
]);
}
else
{
securityInfo
.
set
(
"paramServiceId"
,
serviceParam
);
}
}
securityInfo
.
set
(
"uri"
,
uri
);
EiInfo
outInfo
=
null
;
if
(
StringUtils
.
isNotEmpty
(
this
.
filterServiceId
))
{
securityInfo
.
set
(
EiConstant
.
serviceId
,
this
.
filterServiceId
);
outInfo
=
XServiceManager
.
call
(
securityInfo
);
}
else
{
if
(!
hasXPlatHeader
)
{
throw
new
AccessDeniedException
(
"Access is denied, reason: no service validate public key!"
);
}
securityInfo
.
set
(
EiConstant
.
serviceName
,
"EPFI01"
);
securityInfo
.
set
(
EiConstant
.
methodName
,
"validate"
);
outInfo
=
XLocalManager
.
call
(
securityInfo
);
}
if
(
outInfo
.
getStatus
()
<
0
)
{
throw
new
AccessDeniedException
(
"Access is denied, reason:"
+
outInfo
.
getMsg
());
}
Object
jwtMapObj
=
outInfo
.
get
(
"jwt_map"
);
if
(
jwtMapObj
!=
null
&&
jwtMapObj
instanceof
Map
)
{
httpServletRequest
.
setAttribute
(
"jwt_map"
,
jwtMapObj
);
}
filterChain
.
doFilter
(
httpServletRequest
,
httpServletResponse
);
}
catch
(
Exception
var15
)
{
if
(
this
.
orRequestMatcher
!=
null
&&
this
.
orRequestMatcher
.
matches
(
httpServletRequest
))
{
filterChain
.
doFilter
(
httpServletRequest
,
httpServletResponse
);
}
else
{
this
.
logger
.
warn
(
var15
.
getMessage
());
if
(
this
.
entryPoint
==
null
)
{
if
(
var15
instanceof
AccessDeniedException
)
{
throw
var15
;
}
throw
new
AccessDeniedException
(
"Access is denied, reason:"
+
var15
.
getMessage
());
}
this
.
entryPoint
.
commence
(
httpServletRequest
,
httpServletResponse
,
(
AuthenticationException
)
null
);
}
}
}
}
private
boolean
isAuthedByJwt
(
HttpServletRequest
httpServletRequest
)
{
boolean
authed
=
false
;
Object
jwtMapObj
=
httpServletRequest
.
getAttribute
(
"jwt_map"
);
if
(
jwtMapObj
!=
null
&&
jwtMapObj
instanceof
Map
)
{
Map
jwtMap
=
(
Map
)
jwtMapObj
;
String
s_loginName
=
(
String
)
jwtMap
.
get
(
"sub"
);
if
(
s_loginName
!=
null
)
{
authed
=
true
;
}
}
return
authed
;
}
public
void
init
(
FilterConfig
filterConfig
)
throws
ServletException
{
}
public
void
doFilter
(
ServletRequest
request
,
ServletResponse
response
,
FilterChain
chain
)
throws
IOException
,
ServletException
{
this
.
doFilterInternal
((
HttpServletRequest
)
request
,
(
HttpServletResponse
)
response
,
chain
);
}
public
void
destroy
()
{
}
public
OrRequestMatcher
getOrRequestMatcher
()
{
return
this
.
orRequestMatcher
;
}
public
void
setOrRequestMatcher
(
OrRequestMatcher
orRequestMatcher
)
{
this
.
orRequestMatcher
=
orRequestMatcher
;
}
public
AuthenticationEntryPoint
getEntryPoint
()
{
return
this
.
entryPoint
;
}
public
void
setEntryPoint
(
AuthenticationEntryPoint
entryPoint
)
{
this
.
entryPoint
=
entryPoint
;
}
public
void
setITokenValidateFilter
(
ITokenValidateFilter
iTokenValidateFilter
)
{
this
.
iTokenValidateFilter
=
iTokenValidateFilter
;
}
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment