package com.dealer.filter;
import com.alibaba.fastjson.JSONObject;
import com.common.base.result.Result;
import com.dealer.config.Sso;
import com.dealer.util.SsoUtil;
import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.web.filter.AccessControlFilter;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.StringUtils;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
public class SIAPFilter extends AccessControlFilter {
private static final Logger logger = LoggerFactory.getLogger(SIAPFilter.class);
public SIAPFilter() {
}
@Override
public boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object object) throws Exception {
return false;
}
@Override
public boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
HttpSession session = request.getSession();
String tolUrl = request.getRequestURI();
this.logger.info("《请求的URL是:" + tolUrl + "》");
String code = request.getParameter("code");
this.logger.info("《请求的code是:" + code + "》");
this.logger.error("session的ID为:" + request.getSession().getId());
if (!StringUtils.isEmpty((String) request.getSession().getAttribute("token"))) {
Object uid = request.getSession().getAttribute("uid");
if (StringUtils.isEmpty(uid)) {
response.sendRedirect(Sso.oauthService + "/authorize?client_id=" + Sso.client_id + "&redirect_uri=" + Sso.redirect_uri + "&response_type=code&third_app=1");
}
return true;
} else {
if (StringUtils.isEmpty(code)) {
Object accessToken = session.getAttribute("accessToken");
if (StringUtils.isEmpty(accessToken)) {
this.logger.info("《session accessToken authentication fail》");
response.sendRedirect(Sso.oauthService + "/authorize?client_id=" + Sso.client_id + "&redirect_uri=" + Sso.redirect_uri + "&response_type=code&third_app=1");
return false;
} else {
if ("/siap4dealer".equals(tolUrl) || "/siap4dealer/".equals(tolUrl)) {
response.sendRedirect(response.encodeRedirectURL(Sso.vue_uri));
return false;
} else {
Object uid = request.getSession().getAttribute("uid");
this.logger.info("《uid》" + uid);
if (StringUtils.isEmpty(uid)) {
response.sendRedirect(response.encodeRedirectURL(Sso.oauthService + "/authorize?client_id=" + Sso.client_id + "&redirect_uri=" + Sso.redirect_uri + "&response_type=code&third_app=1"));
return false;
}
return true;
}
}
} else {
JSONObject accessTokenObj = SsoUtil.getAccessToken(code);
if (StringUtils.isEmpty(accessTokenObj)) {
this.logger.info("《sso code authentication fail》");
response.sendRedirect(response.encodeRedirectURL(Sso.oauthService + "/authorize?client_id=" + Sso.client_id + "&redirect_uri=" + Sso.redirect_uri + "&response_type=code&third_app=1"));
return false;
} else {
String accessToken = (String) accessTokenObj.get("access_token");
session.setAttribute("accessToken", accessToken);
this.logger.info("《sso code authentication success》");
String userName = SsoUtil.getUserInfo(accessToken);
this.logger.info("《sso userInfo authentication success》" + userName);
if (userName.contains("error")) {
response.sendRedirect(response.encodeRedirectURL(Sso.oauthService + "/authorize?client_id=" + Sso.client_id + "&redirect_uri=" + Sso.redirect_uri + "&response_type=code&third_app=1"));
return false;
} else {
try {
UsernamePasswordToken token = new UsernamePasswordToken(userName, "");
Subject currentUser = SecurityUtils.getSubject();
currentUser.login(token);
response.sendRedirect(response.encodeRedirectURL(Sso.vue_uri));
} catch (IncorrectCredentialsException ice) {
Result.error("shiro执行登录时报错");
}
}
if ("/siap4dealer".equals(tolUrl) || "/siap4dealer/".equals(tolUrl)) {
response.sendRedirect(response.encodeRedirectURL(Sso.vue_uri));
return false;
} else {
Object uid = request.getSession().getAttribute("uid");
if (StringUtils.isEmpty(uid)) {
response.sendRedirect(response.encodeRedirectURL(Sso.oauthService + "/authorize?client_id=" + Sso.client_id + "&redirect_uri=" + Sso.redirect_uri + "&response_type=code&third_app=1"));
return false;
}
return true;
}
}
}
}
}
}
package com.dealer.util;
import com.alibaba.fastjson.JSONObject;
import com.dealer.config.Sso;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.stereotype.Component;
import java.io.BufferedReader;
import java.io.IOException;
import java.io.InputStream;
import java.io.InputStreamReader;
import java.net.URL;
import java.nio.charset.Charset;
@Component
public class SsoUtil {
public static String getUserInfo(String accessToken) throws IOException {
Logger logger = LoggerFactory.getLogger(SsoUtil.class);
InputStream is = null;
try {
is = new URL(Sso.tokenUrl + "/userInfo?access_token=" + accessToken).openStream();
BufferedReader rd = new BufferedReader(new InputStreamReader(is, Charset.forName("UTF-8")));
StringBuilder sb = new StringBuilder();
int cp;
while ((cp = rd.read()) != -1) {
sb.append((char) cp);
}
String jsonText = sb.toString();
return jsonText;
} catch (Exception ex) {
ex.printStackTrace();
} finally {
is.close();
}
return null;
}
public static JSONObject getAccessToken(String code) throws IOException {
Logger logger = LoggerFactory.getLogger(SsoUtil.class);
InputStream is = null;
try {
is = new URL(Sso.tokenUrl + "/token?grant_type=authorization_code&code="
+ code + "&client_id=" + Sso.client_id + "&client_secret=" + Sso.client_secret).openStream();
logger.info("------------is------------------" + is.toString());
BufferedReader rd = new BufferedReader(new InputStreamReader(is, Charset.forName("UTF-8")));
StringBuilder sb = new StringBuilder();
int cp;
while ((cp = rd.read()) != -1) {
sb.append((char) cp);
}
String jsonText = sb.toString();
JSONObject json = JSONObject.parseObject(jsonText);
return json;
} catch (Exception ex) {
ex.printStackTrace();
} finally {
is.close();
}
return null;
}
}