<pre name="code" class="java">package com.nb.org.controller;
import javax.annotation.Resource;
import javax.servlet.http.HttpSession;
import org.springframework.stereotype.Controller;
import org.springframework.ui.Model;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestMethod;
import org.springframework.web.bind.annotation.RequestParam;
import org.wso2.carbon.identity.sso.agent.bean.SSOAgentSessionBean;
import org.wso2.carbon.identity.sso.agent.util.SSOAgentConfigs;
import com.nb.org.domain.Department;
import com.nb.org.domain.Person;
import com.nb.org.domain.PersonDto;
import com.nb.org.domain.Position;
import com.nb.org.exception.PersonException;
import com.nb.org.service.IPersonService;
@Controller
public class LoginController {
@Resource
private IPersonService personService;
@RequestMapping("loginreturn")
public String loginReturn(HttpSession session){
// 取返回的用户名
String subject = null;
if (session.getAttribute(SSOAgentConfigs.getSessionBeanName()) != null) {
if (((SSOAgentSessionBean) session.getAttribute(SSOAgentConfigs.getSessionBeanName()))
.getSAMLSSOSessionBean() != null) {
subject = ((SSOAgentSessionBean) session.getAttribute(SSOAgentConfigs.getSessionBeanName()))
.getSAMLSSOSessionBean().getSubjectId();
System.out.println(subject);
session.setAttribute("subject", subject);
// 根据用户名取用户 Person
if(subject!=null){
try {
Person person = personService.getPersonByUserName(subject);
//获取用户的所属部门
Department department = person.getDeps().get(0);
//获取用户的职位
Position position = personService.selectPositionByPerDep(person.getId(), department.getId());
//判断用户是否为管理员
int adminFlag = position.getAdminFlag();
//将用户、部门、职位、是否为管理员村session
session.setAttribute("user", person);
session.setAttribute("dep", department);
session.setAttribute("adminFlag", adminFlag);
/*-1:表示操作出错;
* 0:表示没有弹框;
* 1:表示删除成功;
* 2:表示添加成功;
* 3:表示更新成功;
* 4:表示重置密码成功;
*/
session.setAttribute("attention", 0);
session.setAttribute("tree",null);
} catch (PersonException e) {
e.printStackTrace();
}
}
return "index";
} else {
return "redirect:login.jsp";
}
} else {
return "redirect:login.jsp";
}
}
@RequestMapping("logout")
public String logout(){
return "redirect:login.jsp";
}
@RequestMapping("/index")
public String Index(){
return "index";
}
@RequestMapping("permissionDeny")
public String permissionDeny(){
return "permissionDeny";
}
@RequestMapping("userinfo")
public String UserInfo(HttpSession session,Model model){
Department department=(Department) session.getAttribute("dep");
Person person=(Person) session.getAttribute("user");
PersonDto dto=PersonToPersonDto(person,department,department);
model.addAttribute("per", dto);
return "userinfo";
}
@RequestMapping("usersetting")
public String UserSetting(@RequestParam(required = true, defaultValue = "true") boolean usersetting,HttpSession session,Model model){
Department department=(Department) session.getAttribute("dep");
Person person=(Person) session.getAttribute("user");
PersonDto dto=PersonToPersonDto(person,department,department);
model.addAttribute("per", dto);
model.addAttribute("usersetting", usersetting);
return "userSetting";
}
@RequestMapping(value="updateuserinfo",method=RequestMethod.POST,produces = "text/html;charset=UTF-8")
public String UserInfoUpdate(Person person,HttpSession session,Model model){
Department department=(Department) session.getAttribute("dep");
try {
personService.updatePersonInfo(person);
session.setAttribute("attention", 3);
} catch (PersonException e) {
// TODO Auto-generated catch block
e.printStackTrace();
session.setAttribute("attention", -1);
}
PersonDto dto=PersonToPersonDto(person,department,department);
model.addAttribute("per", dto);
try {
Person p=personService.getPersonById(person.getId());
session.setAttribute("user", p);
} catch (PersonException e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
return "userinfo";
}
@RequestMapping(value="changepsw",method=RequestMethod.POST,produces = "text/html;charset=UTF-8")
public String ChangePsw(@RequestParam("oldpsw")String oldpsw,@RequestParam("newpsw")String newpsw,@RequestParam("confirm_newpsw")String confirm_newpsw,HttpSession session,Model model){
Person person=(Person) session.getAttribute("user");
if(newpsw.equals(confirm_newpsw)){
try {
personService.changePassword(person.getUsername(), newpsw, oldpsw);
session.setAttribute("attention", 5);
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
session.setAttribute("attention", -1);
}
}
return "redirect:/usersetting?usersetting=false";
}
private PersonDto PersonToPersonDto(Person p,Department d,Department department) {
if(p==null||d==null) return null;
String gender="不详";
if(p.getGender()==0) gender="男";
if(p.getGender()==1) gender="女";
Position pos=personService.selectPositionByPerDep(p.getId(), d.getId());
int isEdit=0;
PersonDto persondto=new PersonDto();
if(d.getSn().contains(department.getSn())) { isEdit=1;}
persondto=new PersonDto(p.getId(),p.getName(), p.getUsername(),gender, p.getTelephone(), p.getMobilephone(), p.getEmail(), d.getFullname(), pos.getName(),isEdit);
return persondto;
}
}
package com.nb.org.dao;
import com.nb.org.domain.AppOAuth;
/**
* @author huangxin
* xin
* 2016年1月22日
*/
public interface IAppOAuthDao {
public int insertOAuth(AppOAuth app);
public int updateOAuth(AppOAuth app);
public int deleteOAuth(int id);
public AppOAuth getOAuthById(int id);
public AppOAuth getOAuthByAppName(String name);
}
package com.nb.org.filter;
import java.io.IOException;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.annotation.Resource;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.stereotype.Component;
import org.wso2.carbon.identity.sso.agent.bean.SSOAgentSessionBean;
import org.wso2.carbon.identity.sso.agent.util.SSOAgentConfigs;
import com.nb.org.domain.Department;
import com.nb.org.domain.Person;
import com.nb.org.service.IAppInfoService;
import com.nb.org.service.IAppPermissionService;
import com.nb.org.service.IDepartmentPermissionService;
import com.nb.org.service.IDepartmentService;
import com.nb.org.service.IPersonPermissionService;
import com.nb.org.service.IPersonService;
@Component("SecurityFilter")
public class SecurityFilter implements Filter {
@Resource
private IDepartmentService departmentService;
@Resource
private IPersonService personService;
@Resource
private IDepartmentPermissionService departmantPermissionService;
@Resource
private IPersonPermissionService personPermissionService;
@Resource
private IAppInfoService appInfoService;
@Resource
private IAppPermissionService appPermissionService;
@Override
public void init(FilterConfig filterConfig) throws ServletException {
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
// 获得在下面代码中要用的request,response,session对象
HttpServletRequest servletRequest = (HttpServletRequest) request;
HttpServletResponse servletResponse = (HttpServletResponse) response;
HttpSession session = servletRequest.getSession();
// 获得用户请求的URI
String path = servletRequest.getRequestURI();
// 登陆页面无需过滤
if (path.indexOf("login.jsp")> -1||(path.matches("^/NbOrg/rest.*") == true)) {
chain.doFilter(servletRequest, servletResponse);
return;
}
String subject = null;
if (session.getAttribute(SSOAgentConfigs.getSessionBeanName()) != null) {
if (((SSOAgentSessionBean) session.getAttribute(SSOAgentConfigs.getSessionBeanName()))
.getSAMLSSOSessionBean() != null) {
subject = ((SSOAgentSessionBean) session.getAttribute(SSOAgentConfigs.getSessionBeanName()))
.getSAMLSSOSessionBean().getSubjectId();
// 判断如果没有取到用户信息,就跳转到登陆页面
if (subject == null || subject.equals("")) {
// 跳转到登陆页面
servletResponse.sendRedirect("/NbOrg/login.jsp");
return;
}
// 已经登陆,继续此次请求
else {
// 从session中取出user
Person person = (Person) session.getAttribute("user");
// 从session中取出 dep
Department department = (Department) session.getAttribute("dep");
// 校验部门和人员的权限
if (path.matches("^/NbOrg/(department|person)/(add|edit|delete|update).*") == true) {
// 校验部门添加的权限
if (path.matches("^/NbOrg/department/add") == true) {
HttpServletRequest res = (HttpServletRequest) request;
String id = (String) res.getParameter("deplist");
if (id == null || id.equals("")) {
chain.doFilter(request, response);
return;
} else {
int depId = Integer.parseInt(id);
int permission = 0;
try {
permission = departmantPermissionService.getDepartmantOperationPermission(depId,
person.getId(), department.getId());
} catch (NumberFormatException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
if (permission == 1) {
chain.doFilter(request, response);
return;
} else {
servletResponse.sendRedirect("/NbOrg/permissionDeny");
return;
}
}
}
// 校验部门编辑、删除、更新的权限
if (path.matches("^/NbOrg/department/(edit|delete|update)/[0-9]{1,}") == true) {
// 从url中取出部门id
String regex = "(\\d+)";
Pattern p = Pattern.compile(regex);
Matcher m = p.matcher(path);
String id = null;
if (m.find()) {
id = m.group(1);
}
if (id == null || id.equals("")) {
chain.doFilter(request, response);
return;
} else {
int depId = Integer.parseInt(id);
int permission = 0;
try {
permission = departmantPermissionService.getDepartmantOperationPermission(depId,
person.getId(), department.getId());
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
if (permission == 1) {
chain.doFilter(request, response);
return;
} else {
servletResponse.sendRedirect("/NbOrg/permissionDeny");
return;
}
}
}
// 校验人员删除的权限
else if (path.matches("^/NbOrg/person/delete/[0-9]{1,}") == true) {
// 从url中取出人员id
String regex = "(\\d+)";
Pattern p = Pattern.compile(regex);
Matcher m = p.matcher(path);
String id = null;
if (m.find()) {
id = m.group(1);
}
if (id == null || id.equals("")) {
chain.doFilter(request, response);
return;
} else {
int perId = Integer.parseInt(id);
int permission = 0;
try {
permission = personPermissionService.getPersonOperationPermission(perId,
person.getId(), department.getId());
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
if (permission == 1) {
chain.doFilter(request, response);
return;
} else {
servletResponse.sendRedirect("/NbOrg/permissionDeny");
return;
}
}
}
// 校验人员编辑、更新的权限
else if(path.matches("^/NbOrg/person/(edit|update)/[0-9]{1,}.*")== true) {
String depName = (String)request.getParameter("dep");
Department dep = departmentService.selectDepByFullName(depName);
if (dep == null || dep.equals("")) {
chain.doFilter(request, response);
return;
} else {
int depId = dep.getId();
int permission = 0;
try {
permission = departmantPermissionService.getDepartmantOperationPermission(depId,
person.getId(), department.getId());
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
if (permission == 1) {
chain.doFilter(request, response);
return;
} else {
servletResponse.sendRedirect("/NbOrg/permissionDeny");
return;
}
}
}
// 其他链接直接通过
else {
chain.doFilter(request, response);
return;
}
}
// 验证应用和角色的权限
else if (path.matches("^/NbOrg/application/(edit|delete|finishEdit|listRoles|editRole|deleteRole|addRole|updateRole).*") == true) {
if(path.matches("^/NbOrg/application/(edit|delete|listRoles|editRole|addRole|deleteRole|updateRole).*") == true) {
String appId = null;
appId = (String) request.getParameter("app");
if(appId== null){
appId = (String) request.getParameter("appId");
}
if(appId!=null){
int permission = 0;
try {
permission = appPermissionService.getAppOperationPermission(Integer.parseInt(appId),
person.getId(), department.getId());
} catch (NumberFormatException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
if (permission == 1) {
chain.doFilter(request, response);
return;
} else {
servletResponse.sendRedirect("/NbOrg/permissionDeny");
return;
}
}else{
chain.doFilter(request, response);
}
}
else if(path.matches("^/NbOrg/application/finishEdit.*") == true) {
String appId = (String) request.getParameter("id");
System.out.println(appId);
if(appId!=null){
int permission = 0;
try {
permission = appPermissionService.getAppOperationPermission(Integer.parseInt(appId),
person.getId(), department.getId());
} catch (NumberFormatException e) {
// TODO Auto-generated catch block
e.printStackTrace();
} catch (Exception e) {
// TODO Auto-generated catch block
e.printStackTrace();
}
if (permission == 1) {
chain.doFilter(request, response);
return;
} else {
servletResponse.sendRedirect("/NbOrg/permissionDeny");
return;
}
}else{
chain.doFilter(request, response);
return;
}
}
}
// 如果访问的页面不需要进行权限控制,则直接访问
else {
chain.doFilter(request, response);
return;
}
}
} else {
servletResponse.sendRedirect("/NbOrg/login.jsp");
return;
}
} else {
servletResponse.sendRedirect("/NbOrg/login.jsp");
return;
}
}
@Override
public void destroy() {
}
}
package com.nb.org.application.client;import java.rmi.RemoteException;import org.apache.axis2.AxisFault;import org.wso2.carbon.identity.oauth.stub.OAuthAdminServiceException;import org.wso2.carbon.identity.oauth.stub.OAuthAdminServiceStub;import org.wso2.carbon.identity.oauth.stub.dto.OAuthConsumerAppDTO;import com.nb.org.exception.AppUpdateException;import com.nb.org.exception.AuthenticationException;import com.nb.org.util.ServiceAuthenticator;public class OAuthMgtClient {private OAuthAdminServiceStub stub;public OAuthMgtClient(String url) throws AppUpdateException {try {stub = new OAuthAdminServiceStub(null, url + "/services/OAuthAdminService");ServiceAuthenticator authenticator = ServiceAuthenticator.getInstance();authenticator.authenticate(stub._getServiceClient());} catch (AxisFault | AuthenticationException e) {// TODO Auto-generated catch blocke.printStackTrace();throw new AppUpdateException("请确保认证服务器配置正确。");}}public OAuthMgtClient() throws AppUpdateException {try {stub = new OAuthAdminServiceStub();ServiceAuthenticator authenticator = ServiceAuthenticator.getInstance();authenticator.authenticate(stub._getServiceClient());} catch (AxisFault | AuthenticationException e) {// TODO Auto-generated catch blocke.printStackTrace();throw new AppUpdateException("请确保认证服务器配置正确。");}}public void registerOAuthApplicationData(OAuthConsumerAppDTO app) {try {stub.registerOAuthApplicationData(app);} catch (RemoteException | OAuthAdminServiceException e) {e.printStackTrace();}}public OAuthConsumerAppDTO getOAuthApplicationDataByAppName(String applicationName) throws AppUpdateException {try {return stub.getOAuthApplicationDataByAppName(applicationName);} catch (RemoteException e) {// TODO Auto-generated catch blocke.printStackTrace();throw new AppUpdateException("远程获取OAuth配置时,连接认证服务器失败。");} catch (OAuthAdminServiceException e) {// TODO Auto-generated catch blocke.printStackTrace();throw new AppUpdateException("远程获取OAuth配置时,认证服务器处理失败,请确保信息正确。");}}public void updateConsumerApplication(OAuthConsumerAppDTO dto) throws AppUpdateException {try {stub.updateConsumerApplication(dto);} catch (RemoteException e) {e.printStackTrace();throw new AppUpdateException("远程更新OAuth配置时,连接认证服务器失败。");} catch (OAuthAdminServiceException e) {// TODO Auto-generated catch blocke.printStackTrace();throw new AppUpdateException("OAuth配置更新时,认证服务器处理失败,请确保信息正确。");}}public void removeOAuthApplicationData(String key) throws AppUpdateException {try {stub.removeOAuthApplicationData(key);} catch (RemoteException e) {// TODO Auto-generated catch blocke.printStackTrace();throw new AppUpdateException("远程删除OAuth配置的时候失败,连接认证服务器失败。");} catch (OAuthAdminServiceException e) {// TODO Auto-generated catch blocke.printStackTrace();throw new AppUpdateException("OAuth配置删除时,认证服务器处理失败,请确保信息正确。");}}public OAuthConsumerAppDTO getOAuthApplicationData(String key) throws AppUpdateException {try {return stub.getOAuthApplicationData(key);} catch (RemoteException e) {// TODO Auto-generated catch blocke.printStackTrace();throw new AppUpdateException("远程获取OAuth配置时,连接认证服务器失败。");} catch (OAuthAdminServiceException e) {// TODO Auto-generated catch blocke.printStackTrace();throw new AppUpdateException("远程获取OAuth配置时,认证服务器处理失败,请确保信息正确。");}}}