Skip to content

L
lcj-btp-java-app
Commit e49df974 authored by guozhipeng's avatar guozhipeng
Browse files
Options

去除注解@(requires: 'any')

parent e2364153
Hide whitespace changes
Inline Side-by-side
Showing with 76 additions and 124 deletions
srv/masterService.cds
View file @ e49df974
......@@ -4,7 +4,7 @@ using { db.productStore as productStoreDb } from '../db/cds/master/productStore'
service masterService @(requires: 'any'){
service masterService {
entity Uom as projection on masterDb.Uom;
entity UomType as projection on masterDb.UomType;
entity StatusItem as projection on masterDb.StatusItem;
......
srv/src/main/java/customer/lianchuangjie/common/filter/OperateAuthFilter.java
View file @ e49df974
......@@ -21,11 +21,13 @@ import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.userdetails.User;
import org.springframework.stereotype.Component;
import java.util.*;
import java.util.Arrays;
import java.util.Collection;
import java.util.List;
import java.io.IOException;
import java.io.PrintWriter;
import java.nio.charset.StandardCharsets;
import java.util.Map;
import java.util.regex.Pattern;
import java.util.stream.Collectors;
......@@ -57,11 +59,7 @@ public class OperateAuthFilter implements Filter {
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
String language = request.getHeader("language");
String appKey = request.getHeader("appKey"); //用户appKey
if (appKey == null || "".equals(appKey)) {
appKey = request.getParameter("appKey");
}
String uri = request.getRequestURI();
String ip = request.getRemoteAddr();
log.info("requestIP:{}, requestURI:{}, method:{}, appKey:{}", ip, uri, request.getMethod(), appKey);
......@@ -77,96 +75,20 @@ public class OperateAuthFilter implements Filter {
}
authorities = authentication.getAuthorities();//角色集合[]
}
if (username == null || "".equals(username)) {
Result<Object> wrapResult = Result.error("未登录系统,禁止访问!");
writeResult(response, wrapResult);
return;
} else if (
!StringUtils.isEmpty(appKey) &&
CommonConstant.userAuthenticationMap.containsKey(appKey) &&
CommonConstant.userAuthenticationMap.get(appKey).getIsPassAuth() == Boolean.TRUE
) {
// 返回请求体数据 是否通过鉴权(True: 通过, Flase: 失败)
Result<Object> wrapResult = Result.error("未登录系统,禁止访问!");
writeResult(response, wrapResult);
return;
}
log.info("登录用户 username:{}", username);
log.info("角色集合 authorities:{}", authorities);
log.info("权限认证 authorization: {}", request.getHeader("authorization"));
if (request.getHeader("authorization") == null || "".equals(request.getHeader("authorization"))) {
Result<Object> wrapResult = Result.error("authorization is null 未登录系统,禁止访问!");
writeResult(response, wrapResult);
return;
}
//appKey partyId4Rule roleTypeId4Rule language
String partyId4Rule = null;
String roleTypeId4Rule = null;
log.info("[OperateAuthFilter.doFilter]登录用户 username:{}", username);
log.info("[OperateAuthFilter.doFilter]角色集合 authorities:{}", authorities);
log.info("[OperateAuthFilter.doFilter]权限认证 authorization: {}", request.getHeader("authorization"));
Cookie[] cookies = request.getCookies();
if ((appKey == null || "".equals(appKey))) {
if ((cookies != null && cookies.length > 0)) {
for (Cookie cookie : cookies) {
//重新赋值
if ("appKey".equals(cookie.getName())) {
appKey = cookie.getValue();
}
if ("partyId4Rule".equals(cookie.getName())) {
partyId4Rule = cookie.getValue();
}
if ("roleTypeId4Rule".equals(cookie.getName())) {
roleTypeId4Rule = cookie.getValue();
}
if ("language".equals(cookie.getName())) {
language = cookie.getValue();
}
}
/*if (partyId4Rule == null || "".equals(partyId4Rule)) {
Result<Object> wrapResult = Result.error("partyId4Rule 不能为空!");
writeResult(response, wrapResult);
return;
}*/
if (appKey == null || "".equals(appKey)) {
Result<Object> wrapResult = Result.error("appKey 不能为空!");
writeResult(response, wrapResult);
return;
}
if (roleTypeId4Rule == null || "".equals(roleTypeId4Rule)) {
Result<Object> wrapResult = Result.error("roleTypeId4Rule 不能为空!");
writeResult(response, wrapResult);
return;
}
if (language == null || "".equals(language)) {
Result<Object> wrapResult = Result.error("language 不能为空!");
writeResult(response, wrapResult);
return;
}
} else {
Result<Object> wrapResult = Result.error("cookies 不能为空!");
writeResult(response, wrapResult);
return;
if (cookies != null && cookies.length > 0) {
for (Cookie cookie : cookies) {
log.info("[OperateAuthFilter.doFilter]cookie: {}", cookie.getName() + "=" + cookie.getValue());
}
} else {
if (!CommonConstant.userAuthenticationMap.containsKey(appKey)
|| CommonConstant.userAuthenticationMap.get(appKey).getIsPassAuth() != Boolean.TRUE) {
String requestParamStr = request.getReader().lines().collect(Collectors.joining(System.lineSeparator()));
Map<String, String> requestValueMap = JsonUtil.convertJsonToMap(requestParamStr);
log.info("paramStr:{}, isJson:{}", requestParamStr, JsonUtil.isJsonObject(requestParamStr));
//用户角色鉴权校验
Result wrapResult = OperateAuthUtil.verifyRequestPermission(requestParamStr, requestValueMap.get("roleTypeId"));
if (!ResponseConstant.SUCCESS_CODE.equals(wrapResult.getCode())) {
writeResult(response, wrapResult);
return;
}
} else {
Result<Object> wrapResult = Result.error("appKey 不能为空。。。!");
writeResult(response, wrapResult);
return;
}
log.info("[OperateAuthFilter.doFilter]cookie: null");
}
// IP白名单
if (ipWhitelist) {
String language = request.getHeader("language");
if (ipWhitelistMap.isEmpty()) {
response.setCharacterEncoding(StandardCharsets.UTF_8.name());
response.setContentType("text/html; charset=utf-8");
......@@ -190,42 +112,65 @@ public class OperateAuthFilter implements Filter {
}
}
}
//TODO 处理ODATA接口 使用权限控制数据显示
if (Pattern.matches("(.*/odata/v4/.*)", uri)) {
String requestParamStr = request.getReader().lines().collect(Collectors.joining(System.lineSeparator()));
//GET OrderHeaderItemView?$count=true&$select=createdBy_Text,docId,headerId,lineNo,modifiedBy_Text&$skip=0&$top=30 HTTP/1.1
String[] gets = requestParamStr.split("GET ");
String[] https = gets[1].split(" HTTP");
String cdsView = https[0];
JSONObject param = new JSONObject();
//"url": "orderService/OrderHeaderItemView",
// "param": "$filter=(contains(ID, '61fe46ab-8226-4735-8384-f612ed648819'))",
String[] urlparam = cdsView.split("\\?");
param.put("url", urlparam[0]);
param.put("param", urlparam.length>1?urlparam[1]:"");
param.put("partyId4Rule", partyId4Rule);
param.put("roleTypeId4Rule", roleTypeId4Rule);
Result<?> requestResult = commonService.getRequestParamRuleCdsList(param, language);
String requestParamStrNew = requestParamStr;
if (requestResult.isSuccess()) {
requestParamStrNew = gets[0] + "GET " + requestResult.getResult() + " HTTP" + https[1];
} else {
writeResult(response, requestResult);
return;// 跳过后面的认证
//TODO 郭智朋 测试中 处理ODATA接口
/*Cookie[] cookies = request.getCookies();
if (appKey == null && cookies != null && cookies.length > 0 && "/odata/v4/orderService/$batch".equals(uri)) {
List<Cookie> cookiesList = Arrays.asList(cookies);
//appKey partyId4Rule roleTypeId4Rule language
String partyId4Rule = null;
String roleTypeId4Rule = null;
String language = null;
for (Cookie cookie : cookiesList) {
if ("appKey".equals(cookie.getName())) {
appKey = cookie.getValue();
}
if ("partyId4Rule".equals(cookie.getName())) {
partyId4Rule = cookie.getValue();
}
if ("roleTypeId4Rule".equals(cookie.getName())) {
roleTypeId4Rule = cookie.getValue();
}
if ("language".equals(cookie.getName())) {
language = cookie.getValue();
}
}
// 返回请求体数据 是否通过鉴权(True: 通过, Flase: 失败)
if (
!StringUtils.isEmpty(appKey) &&
CommonConstant.userAuthenticationMap.containsKey(appKey) &&
CommonConstant.userAuthenticationMap.get(appKey).getIsPassAuth() == Boolean.TRUE
) {
String requestParamStr = request.getReader().lines().collect(Collectors.joining(System.lineSeparator()));
//GET OrderHeaderItemView?$count=true&$select=createdBy_Text,docId,headerId,lineNo,modifiedBy_Text&$skip=0&$top=30 HTTP/1.1
String[] gets = requestParamStr.split("GET ");
String[] https = gets[1].split(" HTTP");
String cdsView = https[0];
JSONObject param = new JSONObject();
//"url": "orderService/OrderHeaderItemView",
// "param": "$filter=(contains(ID, '61fe46ab-8226-4735-8384-f612ed648819'))",
String[] urlparam = cdsView.split("\\?");
param.put("url", urlparam[0]);
param.put("param", urlparam.length>1?urlparam[1]:"");
param.put("partyId4Rule", partyId4Rule);
param.put("roleTypeId4Rule", roleTypeId4Rule);
Result<?> requestResult = commonService.getRequestParamRuleCdsList(param, language);
String requestParamStrNew = requestParamStr;
if (requestResult.isSuccess()) {
requestParamStrNew = gets[0] + "GET " + requestResult.getResult() + " HTTP" + https[1];
} else {
return;// 跳过后面的认证
}
log.info("paramStr:{}, isJson:{}", requestParamStrNew, JsonUtil.isJsonObject(requestParamStr));
request = new AuthHttpServletRequest(request, requestParamStrNew, "appKey", appKey);
}
log.info("paramStr:{}, isJson:{}", requestParamStrNew, JsonUtil.isJsonObject(requestParamStr));
request = new AuthHttpServletRequest(request, requestParamStrNew, "appKey", appKey);
}
log.info("requestIP:{}, requestURI:{}, method:{}, appKey:{}", ip, uri, request.getMethod(), appKey);
log.info("requestIP:{}, requestURI:{}, method:{}, appKey:{}", ip, uri, request.getMethod(), appKey);*/
// 日志文件认证
if (uri.startsWith("/logs/")) {
if (StringUtils.isBlank(tokenForLogs)) {
throw new BtpException("init error!");
}
if (!tokenForLogs.equals(request.getParameter("appKey"))) {
Result<Object> wrapResult = Result.error("appKey 不能为空!");
writeResult(response, wrapResult);
return;
}
}
......@@ -234,13 +179,20 @@ public class OperateAuthFilter implements Filter {
filterChain.doFilter(request, servletResponse);
return;// 跳过后面的认证
}
// OData接口仅允许本机访问
if (Pattern.matches("(.*/odata/v4/.*)", uri)) {
if ("127.0.0.1".equals(ip) || "0:0:0:0:0:0:0:1".equals(ip)) {// 本机访问
} else {
if (!Pattern.matches("(.*exampleService/ExampleView.*)", uri)) {
return;
}
}
}
// 禁止非POST/GET方式访问
if (!request.getMethod().equals("POST") && !request.getMethod().equals("GET")) {
Result<Object> wrapResult = Result.error("禁止非POST/GET方式访问");
writeResult(response, wrapResult);
/*if (!request.getMethod().equals("POST") && !request.getMethod().equals("GET")) {
return;
}
/*if (request.getMethod().equals("GET") && ("/index.html".equals(uri))) {// "/index.html"跳转到"/"
if (request.getMethod().equals("GET") && ("/index.html".equals(uri))) {// "/index.html"跳转到"/"
response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate");
response.setHeader("Pragma", "no-cache");
response.setHeader("Expires", "0");
......@@ -254,7 +206,7 @@ public class OperateAuthFilter implements Filter {
request.getServletContext().getRequestDispatcher("/index.html").forward(request, response);//重定向
return;
}*/
boolean allowUri = Pattern.matches("(.*/login/.*|.*/oauth2Login/.*|.*/odata/v4/.*)", uri);
boolean allowUri = Pattern.matches("(.*/login/.*|.*/odata/v4/.*)", uri);
//排除用户登录和非Post请求
if (!allowUri && request.getMethod().equals("POST")) {
//校验请求头中appKey参数: appKey为空或其不存在于系统中,或状态未鉴权通过均拦截
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment