eCoWorksV3.git - Gitblit

xinyb

10 天以前 658898d28cded745ca15ee0a89e3025358356259

提交 \| 用户 \| age
a6a76f	1	package com.yc.filter;
F	2
	3	import com.yc.api.schedule.AppVersion;
	4	import com.yc.api.utils.VersionUtils;
	5	import com.yc.currentThreadInfo.CurrentLocal;
	6	import com.yc.entity.DataSourceEntity;
	7	import com.yc.exception.CallBackMessage;
	8	import com.yc.factory.FactoryBean;
	9	import com.yc.listener.SessionListener;
	10	import com.yc.multiData.MultiDataSource;
	11	import com.yc.multiData.SpObserver;
	12	import com.yc.sdk.jedis.KryoUtils;
	13	import com.yc.sdk.shopping.action.Maintaince;
	14	import com.yc.sdk.shopping.util.SettingKey;
	15	import com.yc.sdk.weixincp.action.WxAuthSessionIfc;
	16	import com.yc.sdk.weixincp.entity.MyWxCpUser;
	17	import com.yc.sdk.weixincp.service.ERPUserIfc;
	18	import com.yc.sdk.weixinmp.entity.WxSessionEntity;
10aef8	19	import com.yc.service.BaseService;
a6a76f	20	import com.yc.service.build.FilterBuildFuncIfc;
F	21	import com.yc.service.build.FilterBuildFuncImpl;
	22	import com.yc.service.impl.DBHelper;
	23	import com.yc.service.impl.EnvHelper;
	24	import com.yc.servlet.BuildFormat;
	25	import com.yc.utils.EncodeUtil;
	26	import com.yc.utils.SessionKey;
bff6b6	27	import me.chanjar.weixin.common.bean.WxOAuth2UserInfo;
a6a76f	28	import me.chanjar.weixin.common.util.http.URIUtil;
F	29	import me.chanjar.weixin.cp.bean.WxCpUser;
	30	import me.chanjar.weixin.mp.bean.result.WxMpUser;
	31	import org.apache.commons.lang.StringUtils;
	32	import org.slf4j.Logger;
	33	import org.slf4j.LoggerFactory;
	34	import org.springframework.data.redis.core.RedisTemplate;
	35	import redis.clients.jedis.Jedis;
	36	import redis.clients.jedis.JedisPool;
	37
	38	import javax.servlet.*;
	39	import javax.servlet.http.HttpServletRequest;
	40	import javax.servlet.http.HttpServletResponse;
	41	import javax.servlet.http.HttpSession;
	42	import java.io.IOException;
	43	import java.io.PrintWriter;
	44	import java.util.Map;
	45
	46	public class LoginFilter implements Filter {
	47	protected final Logger log = LoggerFactory.getLogger(this.getClass());
	48
	49	@SuppressWarnings("unchecked")
	50	@Override
	51	public void doFilter(ServletRequest rep, ServletResponse resp,
	52	FilterChain chain) throws IOException, ServletException {
	53	HttpServletRequest request = (HttpServletRequest) rep;
	54	HttpServletResponse response = (HttpServletResponse) resp;
	55	HttpSession session = request.getSession();
	56	CallBackMessage callBackMessage=new CallBackMessage();
	57	request.setCharacterEncoding("utf-8");
	58	//** start *****检测是否存在加密锁
	59
	60	// if(!InitLicense.getInstance().checkInfo(request, response)){
	61	// return;
	62	// }
	63
	64	//****end *****
	65	if("".equals(EnvHelper.getPath())){//掉线后的访问
	66	String path = request.getServletContext().getRealPath("/");
	67	EnvHelper.setPath(path);//得到项目的地址，方便后面使用
	68	}
	69	String user = (String) session.getAttribute(SessionKey.HRCODE);
10aef8	70	String isSuperUser = (String) session.getAttribute(SessionKey.USERTYPE);
a6a76f	71	String queryString = request.getQueryString();
F	72	String hostUrl = SettingKey.getHostUrl(request) ;
	73
	74	String reqUri = request.getRequestURI();
	75	//System.out.println(this.getClass() +" 0 URL:"+ reqUri+"?"+queryString+ " session CorpId=" + session.getAttribute(SessionKey.WEIXIN_CORPID));
	76	//System.out.println(reqUri);
	77
	78	//如果demo datasource 为空，则必须先设置它 added by Johns Wang, 2019-09-24 dataSourceMap.put(dataSourceEntity.getDbId()+"", dataSourceEntity);
	79	boolean hasDemoDataSource = MultiDataSource.hasDemoDataSource();
	80	if (! hasDemoDataSource ) {
	81	if (reqUri.startsWith("/newsetXml.do")\|\|reqUri.startsWith("/demo/update1.jsp")) {
	82	chain.doFilter(request, response);
	83	return ;
	84	}
	85	if (!reqUri.startsWith("/demo/update.jsp") ) {
	86	session.setAttribute(SessionKey.DEMO_REF,SessionKey.DEMO_REF);
	87	request.getRequestDispatcher("/demo/update.jsp?demoConfig=demo").forward(request, response);
	88	return ;
	89	}else {
	90	chain.doFilter(request, response);
	91	return ;
	92	}
	93	}
	94
	95	//检测APP版本号，如果小于指定版本号，强制用户升级
	96
7786e3	97	if(VersionUtils.getAPPTypeName(request)!=null&&(reqUri.contains("/login.do")\|\|reqUri.contains("/autoLoginV2.do"))){//处理登录
a6a76f	98	try {
F	99	RedisTemplate redisTemplate = (RedisTemplate) FactoryBean.getBean("redisTemplate");
	100	Object object = redisTemplate.opsForValue().get("APP_Upgrade_Version");
	101	if (object != null) {
	102	AppVersion appVersion = (AppVersion) object;
	103	if (!VersionUtils.loginIfcVersoinV2(request, appVersion.getAndroid(), appVersion.getIos())) {
7786e3	104	//---当前版本小于强制更新版本，需要提示更新版本
a6a76f	105	CallBackMessage message = new CallBackMessage();
7786e3	106	message.sendErrorMessage("您的APP版本["+request.getHeader("x-app-version")+"]太低，请到应用商店下载最新版本");
a6a76f	107	message.setState(-1000);
F	108	printJson(response, VersionUtils.isAndroid(request) ? message.toString() : message.print());
	109	return;
	110	}
	111
	112	}
	113	}catch (Exception ex){
	114	CallBackMessage message = new CallBackMessage();
	115	message.sendErrorMessage(ex.getMessage());
	116	message.setState(-1);
	117	printJson(response, VersionUtils.isAndroid(request) ? message.toString() : message.print());
	118	return;
	119	}
	120	}
	121
	122
	123	if(reqUri.contains("/getdb.do")\|\|reqUri.contains("/weixin/")
	124	\|\|reqUri.contains("/wx/")\|\|reqUri.contains("/cgi-bin/")
	125	\|\|reqUri.contains("/logout.do")
	126	\|\| "/getDateDemo.do".equals(reqUri) //登录页面获取数据源
	127	\|\|reqUri.contains("/getImageedit.do") //微信需要用
	128	\|\|reqUri.contains("/getImage.do") //微信需要用
	129	\|\|reqUri.contains("/ShoppingImageRefresh.do") //清除网店缓存图片（磁盘文件）
	130	\|\|reqUri.contains("/SyncDataSource.do") //同步demo数据源到本地服务器map
	131	\|\|reqUri.contains("/build.do") //重新生成页面
	132	\|\|reqUri.contains("/buildv2.do") //重新生成页面
	133	\|\|reqUri.contains("/buildPersonlizedTemplate.do") //重新生成页面
	134	\|\|reqUri.contains("/shopping/maintaince/maintaince.do") //停止或启用某个数据源action
	135	\|\|reqUri.contains("/shopping/maintaince/maintaince.jsp") //停止或启用某个数据源页面
	136	\|\|reqUri.contains("/shopping/maintaince/systemconfig.jsp") //维护系统设置
	137	\|\|reqUri.contains("/shopping/maintaince/messagelist.jsp") //系统级消息发送列表
	138	\|\|reqUri.contains("/shopping/maintaince/messageedit.jsp") //发送系统级消息
83d963	139	\|\|reqUri.contains("/general/pdf/web/viewer.jsp") //pdf插件
a6a76f	140
F	141	/**
	142	* 微信支付(退款)通知，包括通知：
	143	* 商城订单通知120230，图片订单通知120236，成为会员订单通知120234(使用 .../wxordernotice.do)
	144	* 充值通知 (.../wxrechargenotice.do) , 提现通知(.../wxwithdrawalsnotice.do),退款通知(.../wxrefundnotice.do)
	145	*/
	146	\|\|reqUri.startsWith("/shopping/pay/notice/")
	147	\|\|reqUri.startsWith("/shopping/pay/refundMoney.do") //微信退款，在ERP系统使用外部URL方式调用
	148
	149	\|\|reqUri.contains("/shopping/pay/getSalesOrderWxPayConfig.do") //获取微信支付参数接口
	150	\|\|reqUri.contains("/404.jsp")
	151	\|\|reqUri.contains("/oauth2/") //第三方登录
	152	\|\|reqUri.contains("/CheckInvitationCode.do") //验证【注册验证码】
	153	\|\|reqUri.contains("/regUser.do") //注册接口
	154	\|\|reqUri.contains("/api/myCompany.do") //企业列表接口
	155	\|\|reqUri.contains("/api/sendSms.do") //发手机短信验证码
	156	\|\|reqUri.contains("/api/forgotPwd.do") //忘记密码
	157	\|\|reqUri.contains("/links.do")
	158	\|\|reqUri.contains("/app/getZip.do")
	159	\|\|reqUri.contains("/ws/") //websocket 接口
	160	\|\|reqUri.contains("/open/") //开放接口
	161	\|\|reqUri.contains("/shopping/generationMatCodeQrCode.do") //更新商品资料二维码，使微信扫码可以直接打开页面
	162	\|\|reqUri.contains("/shopping/websocket/index.jsp") //web socket
	163	\|\|reqUri.contains("/shopping/websocket/index1.jsp")
	164	\|\|reqUri.contains("/wx/CpAuthSession.do")
	165	\|\|reqUri.contains("/wx/MpAuthSession.do")
	166	\|\|reqUri.contains("/buildPersonlizedTemplateForAll.do") //生成所有数据库的浮动窗体页面，使其打开时保持最新 ,Added by Johns Wang, 20190-96-04
	167	\|\|reqUri.contains("/demo/update1.jsp") //设置用户的实体数据源
	168	\|\|reqUri.contains("/getInvitationCode.do")
	169	\|\|reqUri.startsWith("/changepwd.do") //改密码
	170	\|\|reqUri.startsWith("/autoLogin.do")
	171	\|\|reqUri.startsWith("/autoLoginV2.do")
	172	\|\| reqUri.startsWith("/getLogoIcon.do")//Logo图片
	173	\|\| reqUri.startsWith("/attachment/downLoadAttachment.do")//附件下载
	174	\|\| reqUri.startsWith("/attachment/uploadAttachment.do")//附件上传
	175	\|\| reqUri.startsWith("/attachment/deleteAttachment.do")//附件删除
	176	\|\| reqUri.startsWith("/attachment/uploadAttachmentV2.do")//附件上传
	177	\|\| reqUri.startsWith("/attachment/deleteAttachmentV2.do")//附件删除
	178	\|\| reqUri.startsWith("/api/upPortraitV2.do")//上传头像
	179	\|\| reqUri.startsWith("/attachment/deleteAttachmentByGrid.do")
	180	\|\| reqUri.startsWith("/shopping/live/") //小程序直播
	181	//---卤江南
	182	\|\| reqUri.startsWith("/lujn/orderPayCallback.do") //农行支付通知回调
	183	// \|\| reqUri.startsWith("/shopping/updateMatCodeQrCode.do") //生成物料主数据二维码
245bbd	184	\|\| reqUri.startsWith("/shopping/export/getExportFile.do") //新版小程序导出文件excel下载
59319a	185	\|\| reqUri.startsWith("/mutual/unbind110203.do") //解绑客户
F	186	\|\| reqUri.startsWith("/mutual/unbind110302.do") //解绑供应商
81ff30	187	\|\| reqUri.endsWith("/orderPayCallback.do") //农行通用聚合支付回调接口
108577	188	\|\| reqUri.endsWith("/orderPayCallbackByEpay.do") //农行农行e收款回调接口
067ccf	189	\|\| reqUri.startsWith("/batchUpload/uploadImage.do") //批量上传物料主数据图片
d3ae0a	190
X	191	\|\| reqUri.startsWith("/payment/pay") //维护费回调
c054bc	192	\|\| reqUri.startsWith("/api/loginByCode.do") //限制多设备登录的短信验证
2335cc	193	\|\| reqUri.startsWith("/multilogin.do") //多账号登录
ff4ac3	194	\|\| reqUri.startsWith("/wyn/auth.do") //Wyn认证
8c3a7d	195	\|\| reqUri.startsWith("/app/v2/get9686.do") //颜色列表
2f071f	196	\|\| reqUri.startsWith("/WxExternalContact/")//企业微信客户管理
X	197	\|\| reqUri.startsWith("/afterSales/")//售后
	198
d3ae0a	199
a6a76f	200	){
F	201	chain.doFilter(request, response);
	202	return;
	203	}
	204	//解决导购（网店）没有登录的问题，主要是微信访问时，必须要带微信AppId或CorpId参数,例如从巴士软件公众号点击过来，则设为： wx=2&CorpId=wx258ad4bfa5a9d263
	205	//Added by Johns Wang, 2016-03-06
	206	String corpId = request.getParameter(SessionKey.WEIXIN_CORPID) ;
	207	if (corpId == null \|\| "".equals(corpId)) {
	208	corpId = request.getParameter(SessionKey.WEIXIN_APPID) ;
	209	}
	210
	211	String wx = request.getParameter(SessionKey.WEIXIN_FROM) ;
	212	//if (corpId!= null&&!"".equals(corpId)) System.out.println("reqUri="+reqUri + " queryString=" + queryString);
	213	String radarWarningPage = "/shopping/weixinby3rd/ai/home/warning.jsp" ;
	214
	215	JedisPool jedisPool = (JedisPool) FactoryBean.getBean("jedisPool");
	216	try (Jedis jedis = jedisPool.getResource()){
	217	//检查系统是否停用，如果被停用，则要删除会话 session ，然后重定向到 login.jsp 页面,Added by Johns Wang , 2017-05-26
	218	if (! reqUri.startsWith("/login.jsp") && !reqUri.endsWith("/") && !reqUri.startsWith("/newsetXml.do") && Maintaince.isSystemStop( request) ) {//,处理一个域名有多系统，其中一些系统过期的情况，by danaus 2020/4/10 16:11
	219	//session.invalidate(); //删除会话
8c3a7d	220	if(VersionUtils.getAPPTypeName(request)!=null){//增加对app的处理 by danaus 2019/12/19 16:15
a6a76f	221	callBackMessage.sendErrorMessage("会话失效");
F	222	this.printJson(response,callBackMessage.toString());
	223	}else {
	224	if(reqUri.contains("/login.do")) {
3e30bf	225	callBackMessage.sendErrorMessage("系统出现异常，请联络服务提供商！");
a6a76f	226	this.printJson(response, callBackMessage.toString());
F	227	}else{
	228	response.sendRedirect("/login.jsp");
	229	}
	230	}
	231	return ;
	232	}
	233	if ( corpId != null && ! "".equals(corpId)
	234	&& wx != null && !"".equals(wx)) {
	235	if ( "3".equals(wx)) { //3 是小程序
	236	session.setAttribute(SessionKey.WEIXIN_APPID,corpId) ;
	237	session.setAttribute(SessionKey.WEIXIN_FROM,wx) ;
	238
	239	Object dbId = session.getAttribute(SessionKey.SHOPPING_DBID);
	240	if (dbId != null && ! "".equals(dbId) ) {
	241	chain.doFilter(request, response);
	242	return ;
	243	}
	244	DataSourceEntity dataSourceEntity = null ;
	245
	246	dataSourceEntity = MultiDataSource.getDataSourceMapByMaAppId(corpId) ;
	247	if (dataSourceEntity != null) {
	248	//SpObserver.setDBtoInstance("_"+corpEntity.getDbId()) ; 这里不需要切换数据源，因为每次在访问数据库时，都自带数据源参数
	249	session.setAttribute(SessionKey.SHOPPING_DBID,dataSourceEntity.getDbId() + "") ;
	250	chain.doFilter(request, response);
	251	return ;
	252	}else {
	253	request.getRequestDispatcher("/10001.jsp").forward(request, response);
	254	return ;
	255	}
	256	}else { // wx: "1" 企业号， “2” 公众号
	257
	258	WxAuthSessionIfc wxAuthSessionIfc = null ;
	259	if (wx!=null && "1".equals(wx)) {
	260	wxAuthSessionIfc = (WxAuthSessionIfc)FactoryBean.getBean("CpAuthSession") ;
	261	}else {
	262	wxAuthSessionIfc = (WxAuthSessionIfc)FactoryBean.getBean("MpAuthSession") ;
	263	}
	264
	265	//System.out.println(this.getClass()+" " + (new java.text.SimpleDateFormat("yyyy-MM-dd HH:mm:ss:SSS")).format(new java.util.Date()) + " sessionid:" + session.getId() + " url:" + hostUrl+ reqUri + "?" + queryString);
	266
	267	//解决多个公众号使用同一个域名的问题（因为同一个域名，在tomcat上只有一个会话 session，不同公众号切换时，
	268	//必须要重建（reset) 会话 session,避免数据库混用 ) ,Added by Johns Wang, 2018-11-09
	269	String corpIdSessionValue = (String) session.getAttribute(SessionKey.WEIXIN_CORPID);
	270	if (corpIdSessionValue != null && !corpId.equals(corpIdSessionValue)) {
	271	// String openId = request.getParameter(SettingKey.FROMOPENID) ;
	272	// if (openId == null) {
	273	// WxSessionEntity.updateValueToSession(session, new WxSessionEntity()); //清空 session 值
	274	// response.sendRedirect(wxAuthSessionIfc.getAuthorizationUrl(request));
	275	// return ;
	276	// }
	277
	278	//从redis 取 session 对象
	279
	280	String newSession = jedis.get("wxSession:"+corpId+":"+session.getId()) ;
	281	if (newSession != null) {
	282	//System.out.println(this.getClass()+" 将 wxSessionEntity 对象反序列化... " );
	283	WxSessionEntity wxSessionEntity = KryoUtils.deserializationObject(newSession,WxSessionEntity.class) ;
	284	WxSessionEntity.updateValueToSession(session, wxSessionEntity);
	285	//System.out.println(this.getClass()+" 将 wxSessionEntity 对象反序列化...成功 " );
	286	corpIdSessionValue = (String) session.getAttribute(SessionKey.WEIXIN_CORPID);
	287	}else {
	288	WxSessionEntity.updateValueToSession(session, new WxSessionEntity()); //清空会话 session
	289	}
	290	}
	291
	292	String userCode = (String)session.getAttribute(SessionKey.USERCODE);
	293	if (userCode == null \|\| "".equals(userCode)) {
	294	userCode = (String)session.getAttribute(SettingKey.CLTCODE);
	295	}
	296	if (userCode == null \|\| "".equals(userCode)) {
	297	userCode = (String)session.getAttribute(SessionKey.HRCODE);
	298	}
	299	if (userCode == null \|\| "".equals(userCode)) {
	300	userCode = (String)session.getAttribute(SessionKey.WEIXIN_OPENID);
	301	}
	302	if (corpIdSessionValue == null \|\| "".equals(corpIdSessionValue) \|\| userCode == null \|\| "".equals(userCode)) {
	303	String code = request.getParameter("code"); //由微信传过来的 userid
	304	if (code == null\|\|"".equals(code)) {
	305	response.sendRedirect(wxAuthSessionIfc.getAuthorizationUrl(request));
	306	return ;
	307	}else {
	308	DataSourceEntity dataSourceEntity = MultiDataSource.getDataSourceMap( request) ;
	309	//System.out.println(this.getClass() +" 1 URL:"+ reqUri+"?"+queryString+ " session CorpId=" + session.getAttribute(SessionKey.WEIXIN_CORPID));
	310	if (wx!=null && "1".equals(wx) ) {
	311	WxCpUser wxCpUser = wxAuthSessionIfc.getAuthorizationCpUser( request, code);
	312	wxAuthSessionIfc.loginFromWxCpUser( request, response, wxCpUser);
	313
	314	//检查是否启用 ai 雷达功能
	315	if (reqUri.startsWith("/shopping/weixinby3rd/ai") && !reqUri.startsWith(radarWarningPage) && wxCpUser != null) {
	316	if (!isAiRadarUser(request,wxCpUser.getUserId())) {
	317	request.getRequestDispatcher(radarWarningPage+"?"+queryString).forward(request, response);
	318	return;
	319	}
	320	}
	321
	322	//检查是否启用 boss 雷达功能
	323	if (reqUri.startsWith("/shopping/weixinby3rd/boss") && !reqUri.startsWith(radarWarningPage) && wxCpUser != null) {
	324	if (!isBossRadarUser(request,wxCpUser.getUserId())) {
	325	request.getRequestDispatcher(radarWarningPage+"?"+queryString).forward(request, response);
	326	return;
	327	}
	328	}
	329
	330	SpObserver.setDBtoInstance("_"+dataSourceEntity.getDbId()) ; //切换数据源
	331	chain.doFilter(request, response);
	332	return ;
	333	}else {
bff6b6	334	WxOAuth2UserInfo wxOAuth2UserInfo = wxAuthSessionIfc.getAuthorizationMpUser( request, code);
J	335	WxMpUser wxMpUser = new WxMpUser();
	336	wxMpUser.setOpenId(wxOAuth2UserInfo.getOpenid()) ;
	337	wxMpUser.setNickname(wxOAuth2UserInfo.getNickname()) ;
a8d792	338	//wxMpUser.setCountry(wxOAuth2UserInfo.getCountry()) ;
bff6b6	339	wxMpUser.setHeadImgUrl(wxOAuth2UserInfo.getHeadImgUrl()) ;
a8d792	340	//wxMpUser.setSex(wxOAuth2UserInfo.getSex());
J	341	//wxMpUser.setCity(wxOAuth2UserInfo.getCity());
	342	//wxMpUser.setProvince(wxOAuth2UserInfo.getProvince());
bff6b6	343	wxMpUser.setUnionId(wxOAuth2UserInfo.getUnionId());
J	344	wxMpUser.setPrivileges(wxOAuth2UserInfo.getPrivileges());
a6a76f	345	wxAuthSessionIfc.loginFromWxMpUser( request, response, wxMpUser);
F	346
	347	//TODO
	348	//在 URL 后追加 fromOpenId 参数
	349	//url = StringURL.inputURL(url, SettingKey.FROMOPENID, wxMpUser.getOpenId()) ;
	350
	351	SpObserver.setDBtoInstance("_"+dataSourceEntity.getDbId()) ; //切换数据源
	352	chain.doFilter(request, response);
	353	return ;
	354	}
	355
	356	}
	357	}else {
	358	String userId = (String)session.getAttribute(SessionKey.WEIXIN_OPENID);
	359	//检查是否启用 ai 雷达功能
	360	if (reqUri.startsWith("/shopping/weixinby3rd/ai") && !reqUri.startsWith(radarWarningPage) && userId != null) {
	361	if (!isAiRadarUser(request,userId)) {
	362	request.getRequestDispatcher(radarWarningPage+"?"+queryString).forward(request, response);
	363	return;
	364	}
	365	}
	366
	367	//检查是否启用 boss 雷达功能
	368	if (reqUri.startsWith("/shopping/weixinby3rd/boss") && !reqUri.startsWith(radarWarningPage) && userId!= null) {
	369	if (!isBossRadarUser(request,userId)) {
	370	request.getRequestDispatcher(radarWarningPage+"?"+queryString).forward(request, response);
	371	return;
	372	}
	373	}
	374
	375	//System.out.println(this.getClass() +" 2 URL:"+ reqUri+"?"+queryString+ " session CorpId=" + session.getAttribute(SessionKey.WEIXIN_CORPID));
	376	chain.doFilter(request, response);
	377	return ;
	378	}
	379
	380	}
	381	}
	382
	383
	384	if (reqUri.contains("/shopping/")) { //2.如果不是微信过来的链接，有可能是网页直接访问或 ipad 访问 /shopping/ 目录，则使用主机名（或叫域名）取数据源
	385	//非微信入口，则需要按主机名来访问数据源，如： mp.onbus.cn （不包括http 和端口号）
	386	Object dbId = session.getAttribute(SessionKey.SHOPPING_DBID);
	387	if (dbId != null && ! "".equals(dbId) ) {
	388	chain.doFilter(request, response);
	389	return ;
	390	}
	391	DataSourceEntity dataSourceEntity = null ;
	392
	393	dataSourceEntity = MultiDataSource.getDataSourceMapByCorpURL(hostUrl) ;
	394	if (dataSourceEntity != null) {
	395	//SpObserver.setDBtoInstance("_"+corpEntity.getDbId()) ; 这里不需要切换数据源，因为每次在访问数据库时，都自带数据源参数
	396	session.setAttribute(SessionKey.SHOPPING_DBID,dataSourceEntity.getDbId() + "") ;
	397	chain.doFilter(request, response);
	398	return ;
	399	}else {
	400	//request.getRequestDispatcher("/10001.jsp").forward(request, response); //Commented By Johns Wang,2020-07-27
	401	chain.doFilter(request, response); //Added by Johns Wang,2020-07-27
	402	return ;
	403	}
	404	}
	405
	406	}catch (Exception e){
	407
	408	String msssage="执行url:" +hostUrl+ reqUri + "分析时出错" + this.getClass()+" URL:" +reqUri + "?" + queryString +";" + (e.getCause()!=null?e.getCause().getMessage(): e.getMessage());
	409	System.out.println(msssage);
	410	e.printStackTrace();
	411	this.log.debug(msssage);
	412	request.setAttribute("errormsg", msssage);
	413	if(request.getHeader("x-app-type")!=null) {
	414	this.printJson(response,callBackMessage.sendErrorMessage(e.getMessage()));
	415	}if (reqUri.startsWith("/shopping/")) {
	416	chain.doFilter(request, response); //Added by Johns Wang,2020-07-27
	417	return ;
	418	}else {
	419	request.getRequestDispatcher("/500.jsp").forward(request, response);
	420	return ;
	421	}
	422	}
	423
	424	if (StringUtils.isBlank(user)) {// 没有登录
	425	notLoggedInProcc(chain, request, response, session, reqUri,queryString);
	426	return ;
	427	}
	428
	429	try {
	430	//已经登录了
	431	SpObserver.setDBtoInstance("_"+session.getAttribute(SessionKey.DATA_BASE_ID)); //全局切换数据源
	432	}catch(Exception e) {
	433	String message="执行url:" +hostUrl+ reqUri + "分析时出错" + this.getClass()+" URL:" +reqUri + "?" + queryString +";" + (e.getCause()!=null?e.getCause().getMessage(): e.getMessage());
	434	System.out.println(message);
	435	e.printStackTrace();
	436
	437	request.setAttribute("errormsg", message);
	438	this.log.debug(message);
	439	if (reqUri.startsWith("/shopping/")) {
	440	chain.doFilter(request, response); //Added by Johns Wang,2020-07-27
	441	return ;
	442	}else {
	443	request.getRequestDispatcher("/500.jsp").forward(request, response);
	444	return ;
	445	}
	446
	447	}
	448	int dbid_formid[] = getFormid(reqUri);// 除了所有上面放行的特殊页面外所有页面的请求格式应该为 // 功能号_*.jsp
	449	setCurrentThreadInfo(dbid_formid==null?-1:dbid_formid[1],user,reqUri,queryString);
	450
	451	//---------------- 生成功能号页面, Added by johns Wang , 2016-07-31 -----------------------
	452	boolean isPrinter = FilterBuildFuncImpl.isPrinter(reqUri);
	453	//生成 /app目录下的主功能号和 /WEB-INF/report 目录下的打印页面
	454	try {
	455	//DataSourceEntity dataSourceEntity = MultiDataSource.getDataSourceMap( request);
	456	if (
	457	//暂时去掉禁止自动生成 by danaus 2020/12/7 10:45
	458	//dataSourceEntity.isAutoGenerateFormId()&&
	459	((dbid_formid != null
	460	&& dbid_formid.length == 2
	461	&& dbid_formid[1] != 0
	462	&& reqUri.contains("/app/"+dbid_formid[0]+"/")
	463	&& reqUri.endsWith("/index.jsp"))
	464	\|\| (reqUri.contains("/personalized/") && reqUri.endsWith("/index.jsp"))
	465	\|\| isPrinter )){
	466	int formId = 0;
	467	if (isPrinter) {
	468	queryString=EncodeUtil.base64Decode(queryString);//base64解密所有请求参数
	469	queryString = queryString.replace("FormID=", ""); //去掉 FormID= 开头的部分
	470	Map<String, String> mapParm = BuildFormat.getParamMap(queryString);
	471	formId = Integer.parseInt(DBHelper.isNull(mapParm.get("FormID"), 0));
	472	request.setAttribute("isPrinter",true);
	473	} else if (reqUri.contains("/gtGrid.do")){
	474	formId = (request.getParameter("formID")==null?null: Integer.parseInt( request.getParameter("formID"))) ;
	475	}
	476	else {
	477	formId = dbid_formid[1] ;
	478	}
	479	if (formId != 0) {
	480	request.setAttribute("formID",formId+"");
	481	FilterBuildFuncIfc bc = (FilterBuildFuncIfc)FactoryBean.getBean("FilterBuildFuncImpl");
	482	boolean result = bc.rebuildFormid(request, response);
	483	if (result) {
	484	chain.doFilter(request, response);// by danaus 处理url的参数被清空的问题
	485	return ;
	486	}
	487	}
	488	}
	489	} catch (Exception e) {
	490	e.printStackTrace();
	491	}
	492	// --------------- 生成功能号结束 ------------------------------------
	493
	494	// if (session.getAttribute("notTo") != null) {
	495	// String topath = session.getAttribute("notTo").toString();
	496	// session.setAttribute("notTo", null);
	497	// response.sendRedirect(topath);
	498	// return;
	499	// }
	500	//
	501	try {
	502	//复制链接需要到 2018-9-5 15:12:54 xin
	503	if(reqUri.equals("/copyurl.do") && queryString !=null){
f67fb2	504	String redirect ="/home.jsp?redirect="+queryString;
a6a76f	505	request.getRequestDispatcher(redirect).forward(request, response);
F	506	return ;
	507	}
	508	} catch (Exception e) {
	509	String message="执行url:" +hostUrl+ reqUri + "分析时出错" + this.getClass()+" URL:" +reqUri + "?" + queryString +";" + (e.getCause()!=null?e.getCause().getMessage(): e.getMessage());
	510	System.out.println(message);
	511	e.printStackTrace();
	512	this.log.debug(message);
	513	if (reqUri.startsWith("/shopping/")) {
	514	chain.doFilter(request, response); //Added by Johns Wang,2020-07-27
	515	return ;
	516	}else {
	517	request.getRequestDispatcher("/home.jsp").forward(request, response);
	518	return;
	519	}
	520	}
	521	if (reqUri.equals("/")\|\|reqUri.equals("/login.jsp") \|\| reqUri.equals("/index.jsp")) {// 添加重定项
	522	//DBHelper.getXml(reqUri, session);// 这个后加解决这个页面出错问题
	523	if(wx!=null&&"1".equalsIgnoreCase(wx)){
	524	request.setAttribute("wxUrl", request.getParameter("wx_parm"));
	525	request.setAttribute(SettingKey.REDIRECT, request.getParameter(SettingKey.REDIRECT));
	526	}
	527	request.getRequestDispatcher("/home.jsp").forward(request, response);
	528	return ;
	529	}else {
	530	String dbid = (String)session.getAttribute(SessionKey.DATA_BASE_ID);
	531
	532	//如果页面不存在，则给 404.jsp 页面使用这个变量，用来显示“尝试重新加载页面”的按钮，点击点生成功能号,Added by Johns Wang,2019-12-18
	533	if (dbid_formid!=null&&dbid_formid.length>0&&!"".equals(dbid_formid[1]+"")) {
	534	request.setAttribute("formid",dbid_formid[1]+"") ;
	535	}
	536
10aef8	537	if ("DeveloperUser".equalsIgnoreCase(isSuperUser) \|\| reqUri.contains("/personalized/")\|\|reqUri.equals("/savePanelUserLayout.do") ) {// 系统管理员有所有权限
a6a76f	538	if(dbid_formid==null\|\|dbid.equals(dbid_formid[0]+"")){//确保管理员访问的是当前数据库的页面
F	539	chain.doFilter(rep, resp);
	540	return ;
	541	} else {// 没权限
	542	request.getRequestDispatcher("/10000.jsp").forward(rep,resp);
	543	return ;
	544	}
10aef8	545	}else if("SuperUser".equalsIgnoreCase(isSuperUser)){
F	546	try{
	547	if(dbid_formid==null){
	548	chain.doFilter(rep, resp);
	549	return;
	550	}else {//是功能号页面
	551	SpObserver.setDBtoInstance("_" + dbid);
	552	BaseService baseService = (BaseService) FactoryBean.getBean("BaseService");
	553	final Integer result = baseService.getJdbcTemplate().queryForObject("set nocount on \n declare @formid int \n select @formid=formid from gform where formid = " + dbid_formid[1] + " and isnull(isAuthorizedForDeveloperUser, 0) = 0 \n select @formid", Integer.class);
	554	if (result != null) {//确保管理员访问的是当前数据库的页面
	555	chain.doFilter(rep, resp);
	556	return;
	557	} else {// 没权限
	558	request.getRequestDispatcher("/10000.jsp").forward(rep, resp);
	559	return;
	560	}
	561	}
	562	}catch(Exception ex){
	563	ex.printStackTrace();
	564	}finally {
	565	SpObserver.setDBtoInstance();
	566	}
	567
a6a76f	568	} else {
F	569	if (reqUri.endsWith(".jsp")) {
	570	/***************** 普通用户权限、没有功能号情况start *******************/
	571	if (dbid_formid == null) {// uri中没有功能号信息
	572	if (reqUri.indexOf("/general/") != -1
	573	\|\| reqUri.endsWith("/home.jsp")
	574	\|\|reqUri.endsWith("showFlowChart.jsp")
	575	\|\| reqUri.endsWith("dibang/InstallDiBangCert.jsp")
	576	\|\| reqUri.endsWith("dibang/InstallDiBangCert2.jsp")
	577	\|\| reqUri.endsWith("/personalized/template/0/fullcalendarte.jsp")
	578	\|\| reqUri.endsWith("swf.jsp")
	579	\|\| reqUri.contains("mail")) {
	580	chain.doFilter(rep, resp);
	581	return;
	582	}
	583	chain.doFilter(rep, resp); //必须加上这句，要不然导致其它jsp页页请求会失败,Added by Johns wang ,2016-03-02
	584	return;
	585	}
	586	/****************** 普通用户权限、没有功能号情况end ******************/
	587
	588	/***************** 普通用户权限、有功能号情况start *******************/
	589
	590	Map<String,Map<String,Object>> perssion=(Map<String,Map<String,Object>>)session.getAttribute(SessionKey.PERSSION);
	591	if (perssion.containsKey(dbid_formid[1]+"")&&dbid.equals(dbid_formid[0]+"")) {// 有权限
	592	chain.doFilter(rep, resp);
	593	return;
	594	} else {// 没权限
	595	request.getRequestDispatcher("/10000.jsp").forward(rep,resp);
	596	return ;
	597	}
	598	/***************** 普通用户权限、有功能号情况end *******************/
	599	} else {
	600	chain.doFilter(rep, resp);
	601	return ;
	602	}
	603	}
	604	}
	605
	606	}
	607
	608
	609	private boolean isAiRadarUser(HttpServletRequest request,String userId) throws Exception {
	610	DataSourceEntity dataSourceEntity = null ;
	611	try {
	612	dataSourceEntity = MultiDataSource.getDataSourceMap( request) ;
	613	}catch(Exception e) {
	614	throw e ;
	615	}
	616	try {
	617	SpObserver.setDBtoInstance("_"+dataSourceEntity.getDbId()) ; //切换数据源
	618	//检查是否启用 ai 雷达功能
	619	if (userId != null ) {
	620	ERPUserIfc erpUserIfc = (ERPUserIfc)FactoryBean.getBean("ERPUserImpl");
	621	MyWxCpUser myWxCpUser = null ;
	622	myWxCpUser = erpUserIfc.getWorkAppUser( userId) ;
	623	return (myWxCpUser != null && ( myWxCpUser.isAiRadarUser() ) ?true:false) ;
	624	}
	625	return false ;
	626	}finally {
	627	SpObserver.setDBtoInstance();
	628	}
	629	}
	630
	631	private boolean isBossRadarUser(HttpServletRequest request,String userId) throws Exception {
	632	DataSourceEntity dataSourceEntity = null ;
	633	try {
	634	dataSourceEntity = MultiDataSource.getDataSourceMap( request) ;
	635	}catch(Exception e) {
	636	throw e ;
	637	}
	638	try {
	639	SpObserver.setDBtoInstance("_"+dataSourceEntity.getDbId()) ; //切换数据源
	640	//检查是否启用 boss 雷达功能
	641	if (userId != null ) {
	642	ERPUserIfc erpUserIfc = (ERPUserIfc)FactoryBean.getBean("ERPUserImpl");
	643	MyWxCpUser myWxCpUser = null ;
	644	myWxCpUser = erpUserIfc.getWorkAppUser( userId) ;
	645	return (myWxCpUser != null && myWxCpUser.isBossRadarUser() ?true:false) ;
	646	}
	647	return false ;
	648	}finally {
	649	SpObserver.setDBtoInstance();
	650	}
	651	}
	652
	653	protected void printJson(HttpServletResponse resp, String s) {
	654	try {
	655	resp.setCharacterEncoding("utf-8");
	656	resp.setContentType("application/json;charset=utf-8");
	657	PrintWriter out = resp.getWriter();
	658	out.print(s);
	659	out.flush();
	660	out.close();
	661	} catch (IOException e) {
	662	e.printStackTrace();
	663	}
	664	}
	665	/**
	666	* 没有登录的处理
	667	*
	668	* @param chain
	669	* @param request
	670	* @param response
	671	* @param session
	672	* @param reqUri
	673	* @param queryString
	674	* @throws IOException
	675	* @throws ServletException
	676	*/
	677	private void notLoggedInProcc(FilterChain chain,
	678	HttpServletRequest request, HttpServletResponse response,
	679	HttpSession session, String reqUri, String queryString)
	680	throws IOException, ServletException {
	681	session=request.getSession();
	682	String hostUrl = SettingKey.getHostUrl(request) ;
	683	if(reqUri.endsWith("downBo.do")){
	684	chain.doFilter(request, response);
	685	return;
	686	}
	687	if(session.getAttribute(SessionKey.DEMO_REF)!=null&&session.getAttribute(SessionKey.DEMO_REF).equals(SessionKey.DEMO_REF)&&(reqUri.equals("/newsetXml.do")\|\|reqUri.indexOf("/demo/")!=-1)\|\|reqUri.endsWith("/doDelDemo.do")){
	688	chain.doFilter(request, response);
	689	return;
	690	}
	691	if ((reqUri.endsWith((request.getContextPath() + "/login.jsp"))
	692	\|\|reqUri.endsWith("login.do")
	693	\|\|reqUri.endsWith("getDateDemo.do")
	694	\|\|reqUri.endsWith("reg.jsp")
	695	\|\|reqUri.endsWith("registra.do")
	696	\|\|reqUri.endsWith("image.jsp")
	697	\|\|reqUri.endsWith("checkSession.do")
	698	\|\|reqUri.endsWith("sessionFail.jsp")
44407f	699	\|\|reqUri.endsWith("reloadsession.jsp")
a6a76f	700	\|\|reqUri.endsWith("againLogin.do")
F	701	\|\|reqUri.endsWith("default.jsp")
	702	\|\|reqUri.endsWith("/"))
	703	\|\|reqUri.contains("/regUser.do") //注册接口
	704	\|\|reqUri.contains("/api/myCompany.do") //企业列表接口
	705	\|\|reqUri.contains("/api/sendSms.do") //发手机短信验证码
	706	\|\|reqUri.contains("/api/forgotPwd.do") //忘记密码
	707	\|\|reqUri.contains("/links.do")
	708	\|\|reqUri.startsWith("/autoLogin.do")
	709	&& ! reqUri.startsWith("/shopping") ) {
	710	//这里要出来sessionId的问题
	711	chain.doFilter(request, response);// 登录页面和登录处理允许请求
	712	return;
	713	}else if(reqUri.endsWith("uploadAtta.do")
	714	\|\| reqUri.endsWith("updateAtta.do")
	715	\|\| reqUri.endsWith("picUpload.do")
	716	\|\| reqUri.endsWith("picUpdate.do")
	717	\|\| reqUri.endsWith("imageWaterMarkUpload.do")
	718	\|\| reqUri.endsWith("mailAttaUpload.do")){
	719	String sid = request.getParameter("sid");
	720	if(StringUtils.isBlank(sid)){
	721	return;
	722	}
	723	session = SessionListener.getSession(request,sid);
	724	if(null == session){
	725	return;
	726	}
	727	SpObserver.setDBtoInstance("_"+session.getAttribute(SessionKey.DATA_BASE_ID));
	728	chain.doFilter(request, response);// 登录页面和登录处理允许请求
	729	return;
	730	}else {
	731	if(request.getHeader("x-app-type")!=null) {
	732	response.setStatus(405);//表示会话过期或没会话
	733	this.printJson(response,"{\"error\":\"会话已过期\",\"statusCode\":405}");
f67fb2	734	}else if (reqUri.startsWith("/shopping")) { //shopping ，added by Johns Wang , 2016-02-17
a6a76f	735	String redirectUri = URIUtil.encodeURIComponent(hostUrl+reqUri+(queryString!=null?"?"+queryString:""));
F	736	//request.setAttribute("redirect", redirectUri);
	737	response.sendRedirect("/login.jsp"+"?redirect="+redirectUri);
f67fb2	738	}else if(reqUri.startsWith("/copyurl.do")){//复制链接执行
X	739	response.sendRedirect("/login.jsp"+"?redirect="+queryString);
a6a76f	740	}else {
F	741	response.sendRedirect("/login.jsp");
	742	}
	743	return;
	744	}
	745	}
	746
	747
	748	//获得数据库id和功能号[12,9801]
	749	// http://shenzhenlanshe.onbus.cn:9001/personalized/177/0/cnzh/219001/index.jsp?r=5773
	750	public int [] getFormid(String uri) {
	751	String [] strs = null;
	752	try {
	753	strs = uri.split("/");
	754	/*******第三个是数据库id第六个是功能号*******/
	755	return new int[]{Integer.parseInt(strs[2]),Integer.parseInt(strs[5])};
	756	} catch (Exception e) {
	757	return null;
	758	}
	759	}
	760
	761
	762
	763
	764	//设置当前线程的信息用于记录日志
	765	public void setCurrentThreadInfo(int formId,String userCode,String uri,String queryString){
	766	CurrentLocal.setCurrentFormid(String.valueOf(formId));
	767	CurrentLocal.setCurrentUser(userCode);
	768	if(queryString!=null && queryString.length()>1500){
	769	queryString = queryString.substring(0, 1500);
	770	}
	771	CurrentLocal.setURI(uri + "?" + queryString);
	772	}
	773
	774	@Override
	775	public void init(FilterConfig arg0) throws ServletException {
	776	System.out.println("----------页面访问服务已启动----------");
	777	}
	778	@Override
	779	public void destroy() {
	780	System.out.println("----------页面访问服务已停止----------");
	781	}
	782
	783	}