@WebFilter(filterName = "authorizationfilter", urlPatterns = {"/*"}, initParams = {@WebInitParam(name = "enable", value = "true")})
public class AuthorizationFilter implements Filter {
private Map<String, String> requestUriMap;
private AuthorizationFilterProperties properties;
private Logger logger = LoggerFactory.getLogger(AuthorizationFilter.class);
@Resource
private VipAuthOpt vipAuthOpt;
@Override
public void init(FilterConfig arg0) throws ServletException {
}
@Override
public void destroy() {
}
@Override
public void doFilter(ServletRequest arg0, ServletResponse arg1, FilterChain arg2) throws IOException, ServletException {
if (null == requestUriMap || null == properties) {
requestUriMap = Maps.newHashMap();
properties = SpringBeansUtils.getContext().getBean(AuthorizationFilterProperties.class);
for (String requestUri : properties.getRequestUriList()) {
requestUriMap.put(requestUri, requestUri);
}
}
HttpServletRequest request = (HttpServletRequest) arg0;
HttpServletResponse response = (HttpServletResponse) arg1;
request.setCharacterEncoding("utf-8");
response.setCharacterEncoding("utf-8");
response.setContentType("text/html;charset=utf-8");
String accessToken = request.getParameter("access_token");
if (StringUtil.isEmpty(accessToken)) {
accessToken = request.getHeader("access_token");
}
logger.info("accessToken========================" + accessToken);
long time = NumberUtils.toLong(request.getParameter("time"), 0);
String secret = request.getParameter("secret");
//是否检验接口 老版客户端没有参数
boolean falg = !StringUtil.isEmpty(secret) && 0 < time;
logger.info("flag===============================" + falg);
String requestUri = request.getRequestURI();
if ("/favicon.ico".equals(requestUri)) {
return;
}
// DEBUG**************************************************DEBUG
StringBuffer sb = new StringBuffer();
sb.append(request.getMethod()).append(" 请求:" + request.getRequestURI());
logger.info(sb.toString());
// 如果访问的是控制台或资源目录
if (requestUri.startsWith("/console") || requestUri.startsWith("/pages")
|| requestUri.startsWith("/config/set") || requestUri.startsWith("/clientConfig/set") || requestUri.endsWith(".js") || requestUri.endsWith(".html") || requestUri.endsWith(".css") || requestUri.endsWith(".html") || requestUri.endsWith(".png")) {
Object obj = request.getSession().getAttribute(AdminController.LOGIN_USER_KEY);
// fixme 权限有问题 要保证登录之后才能访问 ,目前不登录还也可以访问
// 用户已登录或访问资源目录或访问登录页面
if (null != obj || requestUri.startsWith("/pages") || requestUri.startsWith("/console/login") || requestUri.startsWith("/console") || requestUri.startsWith("/config/set") || requestUri.startsWith("/clientConfig/set")) {
arg2.doFilter(arg0, arg1);
return;
} else {
response.sendRedirect("/console/login");
}
} else if (requestUri.startsWith("/mp")) {
Object obj = request.getSession().getAttribute("MP_USER");
if (null != obj || requestUri.startsWith("/pages") || requestUri.startsWith("/mp/login")) {
arg2.doFilter(arg0, arg1);
return;
} else {
response.sendRedirect("/mp/login");
}
} else if (requestUri.startsWith("/open")) {
Object obj = request.getSession().getAttribute("OPEN");
if (null != obj || requestUri.startsWith("/open/login") || requestUri.startsWith("/open")) {
arg2.doFilter(arg0, arg1);
return;
} else {
response.sendRedirect("/open/login");
}
} else {
if (requestUri.equals("/getImgCode")) {
arg2.doFilter(arg0, arg1);
return;
}
// 需要登录
if (isNeedLogin(request.getRequestURI())) {
// 请求令牌是否包含
if (StringUtil.isEmpty(accessToken)) {
logger.info("不包含请求令牌");
int tipsKey = 1030101;
renderByErrorKey(response, tipsKey);
} else {
String userId = getUserId(accessToken);
// 请求令牌是否有效
if (null == userId) {
logger.info("请求令牌无效或已过期...");
int tipsKey = 1030102;
renderByErrorKey(response, tipsKey);
} else {
if (falg) {
if (!AuthServiceUtils.authRequestApi(userId, time, accessToken, secret, requestUri)) {
renderByError(response, "授权认证失败");
return;
}
}
ReqUtil.setLoginedUserId(Integer.parseInt(userId));
arg2.doFilter(arg0, arg1);
return;
}
}
} else {
/*
* 校验没有登陆的接口
*/
if (null == accessToken) {
if (falg) {
if (!AuthServiceUtils.authOpenApiSecret(time, secret)) {
renderByError(response, "授权认证失败");
return;
}
}
}
//todo vip校验
//router room/add
String userId = getUserId(accessToken);
if (null != userId) {
ReqUtil.setLoginedUserId(Integer.parseInt(userId));
}
arg2.doFilter(arg0, arg1);
}
}
}
private boolean isNeedLogin(String requestUri) {
return !requestUriMap.containsKey(requestUri.trim());
}
private String getUserId(String _AccessToken) {
String userId = null;
try {
userId = KSessionUtil.getUserIdBytoken(_AccessToken);
} catch (Exception e) {
e.printStackTrace();
}
return userId;
}
private static final String template = "{\"resultCode\":%1$s,\"resultMsg\":\"%2$s\"}";
private static void renderByErrorKey(ServletResponse response, int tipsKey) {
String tipsValue = ConstantUtil.getMsgByCode(tipsKey + "", "zh").getValue();
String s = String.format(template, tipsKey, tipsValue);
ResponseUtil.output(response, s);
}
private static void renderByError(ServletResponse response, String errMsg) {
String s = String.format(template, 0, errMsg);
ResponseUtil.output(response, s);
}
}