eCoWorksV3.git - Gitblit

xinyb_

2021-09-16 f67fb245619e380c883410fd65b90d4c871a84dd

提交 \| 用户 \| age
a6a76f	1	package com.yc.filter;
F	2
	3	import com.yc.api.schedule.AppVersion;
	4	import com.yc.api.utils.VersionUtils;
	5	import com.yc.currentThreadInfo.CurrentLocal;
	6	import com.yc.entity.DataSourceEntity;
	7	import com.yc.exception.CallBackMessage;
	8	import com.yc.factory.FactoryBean;
251add	9	import com.yc.license.InitLicense;
a6a76f	10	import com.yc.listener.SessionListener;
F	11	import com.yc.multiData.MultiDataSource;
	12	import com.yc.multiData.SpObserver;
	13	import com.yc.sdk.jedis.KryoUtils;
	14	import com.yc.sdk.shopping.action.Maintaince;
	15	import com.yc.sdk.shopping.util.SettingKey;
	16	import com.yc.sdk.weixincp.action.WxAuthSessionIfc;
	17	import com.yc.sdk.weixincp.entity.MyWxCpUser;
	18	import com.yc.sdk.weixincp.service.ERPUserIfc;
	19	import com.yc.sdk.weixinmp.entity.WxSessionEntity;
	20	import com.yc.service.build.FilterBuildFuncIfc;
	21	import com.yc.service.build.FilterBuildFuncImpl;
	22	import com.yc.service.impl.DBHelper;
	23	import com.yc.service.impl.EnvHelper;
	24	import com.yc.servlet.BuildFormat;
	25	import com.yc.utils.EncodeUtil;
	26	import com.yc.utils.SessionKey;
bff6b6	27
J	28	import me.chanjar.weixin.common.bean.WxOAuth2UserInfo;
a6a76f	29	import me.chanjar.weixin.common.util.http.URIUtil;
F	30	import me.chanjar.weixin.cp.bean.WxCpUser;
	31	import me.chanjar.weixin.mp.bean.result.WxMpUser;
	32	import org.apache.commons.lang.StringUtils;
	33	import org.slf4j.Logger;
	34	import org.slf4j.LoggerFactory;
	35	import org.springframework.data.redis.core.RedisTemplate;
	36	import redis.clients.jedis.Jedis;
	37	import redis.clients.jedis.JedisPool;
	38
	39	import javax.servlet.*;
	40	import javax.servlet.http.HttpServletRequest;
	41	import javax.servlet.http.HttpServletResponse;
	42	import javax.servlet.http.HttpSession;
	43	import java.io.IOException;
	44	import java.io.PrintWriter;
	45	import java.net.URLDecoder;
	46	import java.util.Map;
	47
	48	public class LoginFilter implements Filter {
	49	protected final Logger log = LoggerFactory.getLogger(this.getClass());
	50
	51	@SuppressWarnings("unchecked")
	52	@Override
	53	public void doFilter(ServletRequest rep, ServletResponse resp,
	54	FilterChain chain) throws IOException, ServletException {
	55	HttpServletRequest request = (HttpServletRequest) rep;
	56	HttpServletResponse response = (HttpServletResponse) resp;
	57	HttpSession session = request.getSession();
	58	CallBackMessage callBackMessage=new CallBackMessage();
	59	request.setCharacterEncoding("utf-8");
	60	//** start *****检测是否存在加密锁
	61
	62	// if(!InitLicense.getInstance().checkInfo(request, response)){
	63	// return;
	64	// }
	65
	66	//****end *****
	67	if("".equals(EnvHelper.getPath())){//掉线后的访问
	68	String path = request.getServletContext().getRealPath("/");
	69	EnvHelper.setPath(path);//得到项目的地址，方便后面使用
	70	}
	71	String user = (String) session.getAttribute(SessionKey.HRCODE);
	72	String isSuperUser = (String) session.getAttribute(SessionKey.SUPPER_USER);
	73	String queryString = request.getQueryString();
	74	String hostUrl = SettingKey.getHostUrl(request) ;
	75
	76	String reqUri = request.getRequestURI();
	77	//System.out.println(this.getClass() +" 0 URL:"+ reqUri+"?"+queryString+ " session CorpId=" + session.getAttribute(SessionKey.WEIXIN_CORPID));
	78	//System.out.println(reqUri);
	79
	80	//如果demo datasource 为空，则必须先设置它 added by Johns Wang, 2019-09-24 dataSourceMap.put(dataSourceEntity.getDbId()+"", dataSourceEntity);
	81	boolean hasDemoDataSource = MultiDataSource.hasDemoDataSource();
	82	if (! hasDemoDataSource ) {
	83	if (reqUri.startsWith("/newsetXml.do")\|\|reqUri.startsWith("/demo/update1.jsp")) {
	84	chain.doFilter(request, response);
	85	return ;
	86	}
	87	if (!reqUri.startsWith("/demo/update.jsp") ) {
	88	session.setAttribute(SessionKey.DEMO_REF,SessionKey.DEMO_REF);
	89	request.getRequestDispatcher("/demo/update.jsp?demoConfig=demo").forward(request, response);
	90	return ;
	91	}else {
	92	chain.doFilter(request, response);
	93	return ;
	94	}
	95	}
	96
	97	//检测APP版本号，如果小于指定版本号，强制用户升级
	98
	99	if(VersionUtils.getAPPTypeName(request)!=null&&(reqUri.contains("/login.do")\|\|reqUri.contains("/autoLogin.do"))){//处理登录
	100	try {
	101	RedisTemplate redisTemplate = (RedisTemplate) FactoryBean.getBean("redisTemplate");
	102	Object object = redisTemplate.opsForValue().get("APP_Upgrade_Version");
	103	if (object != null) {
	104	AppVersion appVersion = (AppVersion) object;
	105	if (!VersionUtils.loginIfcVersoinV2(request, appVersion.getAndroid(), appVersion.getIos())) {
	106	CallBackMessage message = new CallBackMessage();
	107	message.sendErrorMessage("您的APP版本太低，请更新到最新版本");
	108	message.setState(-1000);
	109	printJson(response, VersionUtils.isAndroid(request) ? message.toString() : message.print());
	110	return;
	111	}
	112
	113	}
	114	}catch (Exception ex){
	115	CallBackMessage message = new CallBackMessage();
	116	message.sendErrorMessage(ex.getMessage());
	117	message.setState(-1);
	118	printJson(response, VersionUtils.isAndroid(request) ? message.toString() : message.print());
	119	return;
	120	}
	121	}
	122
	123
	124	if(reqUri.contains("/getdb.do")\|\|reqUri.contains("/weixin/")
	125	\|\|reqUri.contains("/wx/")\|\|reqUri.contains("/cgi-bin/")
	126	\|\|reqUri.contains("/logout.do")
	127	\|\| "/getDateDemo.do".equals(reqUri) //登录页面获取数据源
	128	\|\|reqUri.contains("/getImageedit.do") //微信需要用
	129	\|\|reqUri.contains("/getImage.do") //微信需要用
	130	\|\|reqUri.contains("/ShoppingImageRefresh.do") //清除网店缓存图片（磁盘文件）
	131	\|\|reqUri.contains("/SyncDataSource.do") //同步demo数据源到本地服务器map
	132	\|\|reqUri.contains("/build.do") //重新生成页面
	133	\|\|reqUri.contains("/buildv2.do") //重新生成页面
	134	\|\|reqUri.contains("/buildPersonlizedTemplate.do") //重新生成页面
	135	\|\|reqUri.contains("/shopping/maintaince/maintaince.do") //停止或启用某个数据源action
	136	\|\|reqUri.contains("/shopping/maintaince/maintaince.jsp") //停止或启用某个数据源页面
	137	\|\|reqUri.contains("/shopping/maintaince/systemconfig.jsp") //维护系统设置
	138	\|\|reqUri.contains("/shopping/maintaince/messagelist.jsp") //系统级消息发送列表
	139	\|\|reqUri.contains("/shopping/maintaince/messageedit.jsp") //发送系统级消息
	140
	141	/**
	142	* 微信支付(退款)通知，包括通知：
	143	* 商城订单通知120230，图片订单通知120236，成为会员订单通知120234(使用 .../wxordernotice.do)
	144	* 充值通知 (.../wxrechargenotice.do) , 提现通知(.../wxwithdrawalsnotice.do),退款通知(.../wxrefundnotice.do)
	145	*/
	146	\|\|reqUri.startsWith("/shopping/pay/notice/")
	147	\|\|reqUri.startsWith("/shopping/pay/refundMoney.do") //微信退款，在ERP系统使用外部URL方式调用
	148
	149	\|\|reqUri.contains("/shopping/pay/getSalesOrderWxPayConfig.do") //获取微信支付参数接口
	150	\|\|reqUri.contains("/404.jsp")
	151	\|\|reqUri.contains("/oauth2/") //第三方登录
	152	\|\|reqUri.contains("/CheckInvitationCode.do") //验证【注册验证码】
	153	\|\|reqUri.contains("/regUser.do") //注册接口
	154	\|\|reqUri.contains("/api/myCompany.do") //企业列表接口
	155	\|\|reqUri.contains("/api/sendSms.do") //发手机短信验证码
	156	\|\|reqUri.contains("/api/forgotPwd.do") //忘记密码
	157	\|\|reqUri.contains("/links.do")
	158	\|\|reqUri.contains("/app/getZip.do")
	159	\|\|reqUri.contains("/v") //app 更新接口
	160	\|\|reqUri.contains("/ws/") //websocket 接口
	161	\|\|reqUri.contains("/open/") //开放接口
	162	\|\|reqUri.contains("/shopping/generationMatCodeQrCode.do") //更新商品资料二维码，使微信扫码可以直接打开页面
	163	\|\|reqUri.contains("/shopping/websocket/index.jsp") //web socket
	164	\|\|reqUri.contains("/shopping/websocket/index1.jsp")
	165	\|\|reqUri.contains("/wx/CpAuthSession.do")
	166	\|\|reqUri.contains("/wx/MpAuthSession.do")
	167	\|\|reqUri.contains("/buildPersonlizedTemplateForAll.do") //生成所有数据库的浮动窗体页面，使其打开时保持最新 ,Added by Johns Wang, 20190-96-04
	168	\|\|reqUri.contains("/demo/update1.jsp") //设置用户的实体数据源
	169	\|\|reqUri.contains("/getInvitationCode.do")
	170	\|\|reqUri.startsWith("/changepwd.do") //改密码
	171	\|\|reqUri.startsWith("/autoLogin.do")
	172	\|\|reqUri.startsWith("/autoLoginV2.do")
	173	\|\| reqUri.startsWith("/getLogoIcon.do")//Logo图片
	174	\|\| reqUri.startsWith("/attachment/downLoadAttachment.do")//附件下载
	175	\|\| reqUri.startsWith("/attachment/uploadAttachment.do")//附件上传
	176	\|\| reqUri.startsWith("/attachment/deleteAttachment.do")//附件删除
	177	\|\| reqUri.startsWith("/attachment/uploadAttachmentV2.do")//附件上传
	178	\|\| reqUri.startsWith("/attachment/deleteAttachmentV2.do")//附件删除
	179	\|\| reqUri.startsWith("/api/upPortraitV2.do")//上传头像
	180	\|\| reqUri.startsWith("/attachment/deleteAttachmentByGrid.do")
	181	\|\| reqUri.startsWith("/shopping/live/") //小程序直播
	182	//---卤江南
	183	\|\| reqUri.startsWith("/lujn/orderPayCallback.do") //农行支付通知回调
	184	// \|\| reqUri.startsWith("/shopping/updateMatCodeQrCode.do") //生成物料主数据二维码
245bbd	185	\|\| reqUri.startsWith("/shopping/export/getExportFile.do") //新版小程序导出文件excel下载
59319a	186	\|\| reqUri.startsWith("/mutual/unbind110203.do") //解绑客户
F	187	\|\| reqUri.startsWith("/mutual/unbind110302.do") //解绑供应商
81ff30	188	\|\| reqUri.endsWith("/orderPayCallback.do") //农行通用聚合支付回调接口
a6a76f	189
F	190	){
	191	chain.doFilter(request, response);
	192	return;
	193	}
	194	//解决导购（网店）没有登录的问题，主要是微信访问时，必须要带微信AppId或CorpId参数,例如从巴士软件公众号点击过来，则设为： wx=2&CorpId=wx258ad4bfa5a9d263
	195	//Added by Johns Wang, 2016-03-06
	196	String corpId = request.getParameter(SessionKey.WEIXIN_CORPID) ;
	197	if (corpId == null \|\| "".equals(corpId)) {
	198	corpId = request.getParameter(SessionKey.WEIXIN_APPID) ;
	199	}
	200
	201	String wx = request.getParameter(SessionKey.WEIXIN_FROM) ;
	202	//if (corpId!= null&&!"".equals(corpId)) System.out.println("reqUri="+reqUri + " queryString=" + queryString);
	203	String radarWarningPage = "/shopping/weixinby3rd/ai/home/warning.jsp" ;
	204
	205	JedisPool jedisPool = (JedisPool) FactoryBean.getBean("jedisPool");
	206	try (Jedis jedis = jedisPool.getResource()){
	207	//检查系统是否停用，如果被停用，则要删除会话 session ，然后重定向到 login.jsp 页面,Added by Johns Wang , 2017-05-26
	208	if (! reqUri.startsWith("/login.jsp") && !reqUri.endsWith("/") && !reqUri.startsWith("/newsetXml.do") && Maintaince.isSystemStop( request) ) {//,处理一个域名有多系统，其中一些系统过期的情况，by danaus 2020/4/10 16:11
	209	//session.invalidate(); //删除会话
	210	if(VersionUtils.getAPPTypeName(request)!=null){//增加对app的处理 by by danaus 2019/12/19 16:15
	211	callBackMessage.sendErrorMessage("会话失效");
	212	this.printJson(response,callBackMessage.toString());
	213	}else {
	214	if(reqUri.contains("/login.do")) {
	215	callBackMessage.sendErrorMessage("系统已过期，请联络服务提供商！");
	216	this.printJson(response, callBackMessage.toString());
	217	}else{
	218	response.sendRedirect("/login.jsp");
	219	}
	220	}
	221	return ;
	222	}
	223	if ( corpId != null && ! "".equals(corpId)
	224	&& wx != null && !"".equals(wx)) {
	225	if ( "3".equals(wx)) { //3 是小程序
	226	session.setAttribute(SessionKey.WEIXIN_APPID,corpId) ;
	227	session.setAttribute(SessionKey.WEIXIN_FROM,wx) ;
	228
	229	Object dbId = session.getAttribute(SessionKey.SHOPPING_DBID);
	230	if (dbId != null && ! "".equals(dbId) ) {
	231	chain.doFilter(request, response);
	232	return ;
	233	}
	234	DataSourceEntity dataSourceEntity = null ;
	235
	236	dataSourceEntity = MultiDataSource.getDataSourceMapByMaAppId(corpId) ;
	237	if (dataSourceEntity != null) {
	238	//SpObserver.setDBtoInstance("_"+corpEntity.getDbId()) ; 这里不需要切换数据源，因为每次在访问数据库时，都自带数据源参数
	239	session.setAttribute(SessionKey.SHOPPING_DBID,dataSourceEntity.getDbId() + "") ;
	240	chain.doFilter(request, response);
	241	return ;
	242	}else {
	243	request.getRequestDispatcher("/10001.jsp").forward(request, response);
	244	return ;
	245	}
	246	}else { // wx: "1" 企业号， “2” 公众号
	247
	248	WxAuthSessionIfc wxAuthSessionIfc = null ;
	249	if (wx!=null && "1".equals(wx)) {
	250	wxAuthSessionIfc = (WxAuthSessionIfc)FactoryBean.getBean("CpAuthSession") ;
	251	}else {
	252	wxAuthSessionIfc = (WxAuthSessionIfc)FactoryBean.getBean("MpAuthSession") ;
	253	}
	254
	255	//System.out.println(this.getClass()+" " + (new java.text.SimpleDateFormat("yyyy-MM-dd HH:mm:ss:SSS")).format(new java.util.Date()) + " sessionid:" + session.getId() + " url:" + hostUrl+ reqUri + "?" + queryString);
	256
	257	//解决多个公众号使用同一个域名的问题（因为同一个域名，在tomcat上只有一个会话 session，不同公众号切换时，
	258	//必须要重建（reset) 会话 session,避免数据库混用 ) ,Added by Johns Wang, 2018-11-09
	259	String corpIdSessionValue = (String) session.getAttribute(SessionKey.WEIXIN_CORPID);
	260	if (corpIdSessionValue != null && !corpId.equals(corpIdSessionValue)) {
	261	// String openId = request.getParameter(SettingKey.FROMOPENID) ;
	262	// if (openId == null) {
	263	// WxSessionEntity.updateValueToSession(session, new WxSessionEntity()); //清空 session 值
	264	// response.sendRedirect(wxAuthSessionIfc.getAuthorizationUrl(request));
	265	// return ;
	266	// }
	267
	268	//从redis 取 session 对象
	269
	270	String newSession = jedis.get("wxSession:"+corpId+":"+session.getId()) ;
	271	if (newSession != null) {
	272	//System.out.println(this.getClass()+" 将 wxSessionEntity 对象反序列化... " );
	273	WxSessionEntity wxSessionEntity = KryoUtils.deserializationObject(newSession,WxSessionEntity.class) ;
	274	WxSessionEntity.updateValueToSession(session, wxSessionEntity);
	275	//System.out.println(this.getClass()+" 将 wxSessionEntity 对象反序列化...成功 " );
	276	corpIdSessionValue = (String) session.getAttribute(SessionKey.WEIXIN_CORPID);
	277	}else {
	278	WxSessionEntity.updateValueToSession(session, new WxSessionEntity()); //清空会话 session
	279	}
	280	}
	281
	282	String userCode = (String)session.getAttribute(SessionKey.USERCODE);
	283	if (userCode == null \|\| "".equals(userCode)) {
	284	userCode = (String)session.getAttribute(SettingKey.CLTCODE);
	285	}
	286	if (userCode == null \|\| "".equals(userCode)) {
	287	userCode = (String)session.getAttribute(SessionKey.HRCODE);
	288	}
	289	if (userCode == null \|\| "".equals(userCode)) {
	290	userCode = (String)session.getAttribute(SessionKey.WEIXIN_OPENID);
	291	}
	292	if (corpIdSessionValue == null \|\| "".equals(corpIdSessionValue) \|\| userCode == null \|\| "".equals(userCode)) {
	293	String code = request.getParameter("code"); //由微信传过来的 userid
	294	if (code == null\|\|"".equals(code)) {
	295	response.sendRedirect(wxAuthSessionIfc.getAuthorizationUrl(request));
	296	return ;
	297	}else {
	298	DataSourceEntity dataSourceEntity = MultiDataSource.getDataSourceMap( request) ;
	299	//System.out.println(this.getClass() +" 1 URL:"+ reqUri+"?"+queryString+ " session CorpId=" + session.getAttribute(SessionKey.WEIXIN_CORPID));
	300	if (wx!=null && "1".equals(wx) ) {
	301	WxCpUser wxCpUser = wxAuthSessionIfc.getAuthorizationCpUser( request, code);
	302	wxAuthSessionIfc.loginFromWxCpUser( request, response, wxCpUser);
	303
	304	//检查是否启用 ai 雷达功能
	305	if (reqUri.startsWith("/shopping/weixinby3rd/ai") && !reqUri.startsWith(radarWarningPage) && wxCpUser != null) {
	306	if (!isAiRadarUser(request,wxCpUser.getUserId())) {
	307	request.getRequestDispatcher(radarWarningPage+"?"+queryString).forward(request, response);
	308	return;
	309	}
	310	}
	311
	312	//检查是否启用 boss 雷达功能
	313	if (reqUri.startsWith("/shopping/weixinby3rd/boss") && !reqUri.startsWith(radarWarningPage) && wxCpUser != null) {
	314	if (!isBossRadarUser(request,wxCpUser.getUserId())) {
	315	request.getRequestDispatcher(radarWarningPage+"?"+queryString).forward(request, response);
	316	return;
	317	}
	318	}
	319
	320	SpObserver.setDBtoInstance("_"+dataSourceEntity.getDbId()) ; //切换数据源
	321	chain.doFilter(request, response);
	322	return ;
	323	}else {
bff6b6	324	WxOAuth2UserInfo wxOAuth2UserInfo = wxAuthSessionIfc.getAuthorizationMpUser( request, code);
J	325	WxMpUser wxMpUser = new WxMpUser();
	326	wxMpUser.setOpenId(wxOAuth2UserInfo.getOpenid()) ;
	327	wxMpUser.setNickname(wxOAuth2UserInfo.getNickname()) ;
	328	wxMpUser.setCountry(wxOAuth2UserInfo.getCountry()) ;
	329	wxMpUser.setHeadImgUrl(wxOAuth2UserInfo.getHeadImgUrl()) ;
	330	wxMpUser.setSex(wxOAuth2UserInfo.getSex());
	331	wxMpUser.setCity(wxOAuth2UserInfo.getCity());
	332	wxMpUser.setProvince(wxOAuth2UserInfo.getProvince());
	333	wxMpUser.setUnionId(wxOAuth2UserInfo.getUnionId());
	334	wxMpUser.setPrivileges(wxOAuth2UserInfo.getPrivileges());
a6a76f	335	wxAuthSessionIfc.loginFromWxMpUser( request, response, wxMpUser);
F	336
	337	//TODO
	338	//在 URL 后追加 fromOpenId 参数
	339	//url = StringURL.inputURL(url, SettingKey.FROMOPENID, wxMpUser.getOpenId()) ;
	340
	341	SpObserver.setDBtoInstance("_"+dataSourceEntity.getDbId()) ; //切换数据源
	342	chain.doFilter(request, response);
	343	return ;
	344	}
	345
	346	}
	347	}else {
	348	String userId = (String)session.getAttribute(SessionKey.WEIXIN_OPENID);
	349	//检查是否启用 ai 雷达功能
	350	if (reqUri.startsWith("/shopping/weixinby3rd/ai") && !reqUri.startsWith(radarWarningPage) && userId != null) {
	351	if (!isAiRadarUser(request,userId)) {
	352	request.getRequestDispatcher(radarWarningPage+"?"+queryString).forward(request, response);
	353	return;
	354	}
	355	}
	356
	357	//检查是否启用 boss 雷达功能
	358	if (reqUri.startsWith("/shopping/weixinby3rd/boss") && !reqUri.startsWith(radarWarningPage) && userId!= null) {
	359	if (!isBossRadarUser(request,userId)) {
	360	request.getRequestDispatcher(radarWarningPage+"?"+queryString).forward(request, response);
	361	return;
	362	}
	363	}
	364
	365	//System.out.println(this.getClass() +" 2 URL:"+ reqUri+"?"+queryString+ " session CorpId=" + session.getAttribute(SessionKey.WEIXIN_CORPID));
	366	chain.doFilter(request, response);
	367	return ;
	368	}
	369
	370	}
	371	}
	372
	373
	374	if (reqUri.contains("/shopping/")) { //2.如果不是微信过来的链接，有可能是网页直接访问或 ipad 访问 /shopping/ 目录，则使用主机名（或叫域名）取数据源
	375	//非微信入口，则需要按主机名来访问数据源，如： mp.onbus.cn （不包括http 和端口号）
	376	Object dbId = session.getAttribute(SessionKey.SHOPPING_DBID);
	377	if (dbId != null && ! "".equals(dbId) ) {
	378	chain.doFilter(request, response);
	379	return ;
	380	}
	381	DataSourceEntity dataSourceEntity = null ;
	382
	383	dataSourceEntity = MultiDataSource.getDataSourceMapByCorpURL(hostUrl) ;
	384	if (dataSourceEntity != null) {
	385	//SpObserver.setDBtoInstance("_"+corpEntity.getDbId()) ; 这里不需要切换数据源，因为每次在访问数据库时，都自带数据源参数
	386	session.setAttribute(SessionKey.SHOPPING_DBID,dataSourceEntity.getDbId() + "") ;
	387	chain.doFilter(request, response);
	388	return ;
	389	}else {
	390	//request.getRequestDispatcher("/10001.jsp").forward(request, response); //Commented By Johns Wang,2020-07-27
	391	chain.doFilter(request, response); //Added by Johns Wang,2020-07-27
	392	return ;
	393	}
	394	}
	395
	396	}catch (Exception e){
	397
	398	String msssage="执行url:" +hostUrl+ reqUri + "分析时出错" + this.getClass()+" URL:" +reqUri + "?" + queryString +";" + (e.getCause()!=null?e.getCause().getMessage(): e.getMessage());
	399	System.out.println(msssage);
	400	e.printStackTrace();
	401	this.log.debug(msssage);
	402	request.setAttribute("errormsg", msssage);
	403	if(request.getHeader("x-app-type")!=null) {
	404	this.printJson(response,callBackMessage.sendErrorMessage(e.getMessage()));
	405	}if (reqUri.startsWith("/shopping/")) {
	406	chain.doFilter(request, response); //Added by Johns Wang,2020-07-27
	407	return ;
	408	}else {
	409	request.getRequestDispatcher("/500.jsp").forward(request, response);
	410	return ;
	411	}
	412	}
	413
	414	if (StringUtils.isBlank(user)) {// 没有登录
	415	notLoggedInProcc(chain, request, response, session, reqUri,queryString);
	416	return ;
	417	}
	418
	419	try {
	420	//已经登录了
	421	SpObserver.setDBtoInstance("_"+session.getAttribute(SessionKey.DATA_BASE_ID)); //全局切换数据源
	422	}catch(Exception e) {
	423	String message="执行url:" +hostUrl+ reqUri + "分析时出错" + this.getClass()+" URL:" +reqUri + "?" + queryString +";" + (e.getCause()!=null?e.getCause().getMessage(): e.getMessage());
	424	System.out.println(message);
	425	e.printStackTrace();
	426
	427	request.setAttribute("errormsg", message);
	428	this.log.debug(message);
	429	if (reqUri.startsWith("/shopping/")) {
	430	chain.doFilter(request, response); //Added by Johns Wang,2020-07-27
	431	return ;
	432	}else {
	433	request.getRequestDispatcher("/500.jsp").forward(request, response);
	434	return ;
	435	}
	436
	437	}
	438	int dbid_formid[] = getFormid(reqUri);// 除了所有上面放行的特殊页面外所有页面的请求格式应该为 // 功能号_*.jsp
	439	setCurrentThreadInfo(dbid_formid==null?-1:dbid_formid[1],user,reqUri,queryString);
	440
	441	//---------------- 生成功能号页面, Added by johns Wang , 2016-07-31 -----------------------
	442	boolean isPrinter = FilterBuildFuncImpl.isPrinter(reqUri);
	443	//生成 /app目录下的主功能号和 /WEB-INF/report 目录下的打印页面
	444	try {
	445	//DataSourceEntity dataSourceEntity = MultiDataSource.getDataSourceMap( request);
	446	if (
	447	//暂时去掉禁止自动生成 by danaus 2020/12/7 10:45
	448	//dataSourceEntity.isAutoGenerateFormId()&&
	449	((dbid_formid != null
	450	&& dbid_formid.length == 2
	451	&& dbid_formid[1] != 0
	452	&& reqUri.contains("/app/"+dbid_formid[0]+"/")
	453	&& reqUri.endsWith("/index.jsp"))
	454	\|\| (reqUri.contains("/personalized/") && reqUri.endsWith("/index.jsp"))
	455	\|\| isPrinter )){
	456	int formId = 0;
	457	if (isPrinter) {
	458	queryString=EncodeUtil.base64Decode(queryString);//base64解密所有请求参数
	459	queryString = queryString.replace("FormID=", ""); //去掉 FormID= 开头的部分
	460	Map<String, String> mapParm = BuildFormat.getParamMap(queryString);
	461	formId = Integer.parseInt(DBHelper.isNull(mapParm.get("FormID"), 0));
	462	request.setAttribute("isPrinter",true);
	463	} else if (reqUri.contains("/gtGrid.do")){
	464	formId = (request.getParameter("formID")==null?null: Integer.parseInt( request.getParameter("formID"))) ;
	465	}
	466	else {
	467	formId = dbid_formid[1] ;
	468	}
	469	if (formId != 0) {
	470	request.setAttribute("formID",formId+"");
	471	FilterBuildFuncIfc bc = (FilterBuildFuncIfc)FactoryBean.getBean("FilterBuildFuncImpl");
	472	boolean result = bc.rebuildFormid(request, response);
	473	if (result) {
	474	chain.doFilter(request, response);// by danaus 处理url的参数被清空的问题
	475	return ;
	476	}
	477	}
	478	}
	479	} catch (Exception e) {
	480	e.printStackTrace();
	481	}
	482	// --------------- 生成功能号结束 ------------------------------------
	483
	484	// if (session.getAttribute("notTo") != null) {
	485	// String topath = session.getAttribute("notTo").toString();
	486	// session.setAttribute("notTo", null);
	487	// response.sendRedirect(topath);
	488	// return;
	489	// }
	490	//
	491	try {
	492	//复制链接需要到 2018-9-5 15:12:54 xin
	493	if(reqUri.equals("/copyurl.do") && queryString !=null){
f67fb2	494	String redirect ="/home.jsp?redirect="+queryString;
a6a76f	495	request.getRequestDispatcher(redirect).forward(request, response);
F	496	return ;
	497	}
	498	} catch (Exception e) {
	499	String message="执行url:" +hostUrl+ reqUri + "分析时出错" + this.getClass()+" URL:" +reqUri + "?" + queryString +";" + (e.getCause()!=null?e.getCause().getMessage(): e.getMessage());
	500	System.out.println(message);
	501	e.printStackTrace();
	502	this.log.debug(message);
	503	if (reqUri.startsWith("/shopping/")) {
	504	chain.doFilter(request, response); //Added by Johns Wang,2020-07-27
	505	return ;
	506	}else {
	507	request.getRequestDispatcher("/home.jsp").forward(request, response);
	508	return;
	509	}
	510	}
	511	if (reqUri.equals("/")\|\|reqUri.equals("/login.jsp") \|\| reqUri.equals("/index.jsp")) {// 添加重定项
	512	//DBHelper.getXml(reqUri, session);// 这个后加解决这个页面出错问题
	513	if(wx!=null&&"1".equalsIgnoreCase(wx)){
	514	request.setAttribute("wxUrl", request.getParameter("wx_parm"));
	515	request.setAttribute(SettingKey.REDIRECT, request.getParameter(SettingKey.REDIRECT));
	516	}
	517	request.getRequestDispatcher("/home.jsp").forward(request, response);
	518	return ;
	519	}else {
	520	String dbid = (String)session.getAttribute(SessionKey.DATA_BASE_ID);
	521
	522	//如果页面不存在，则给 404.jsp 页面使用这个变量，用来显示“尝试重新加载页面”的按钮，点击点生成功能号,Added by Johns Wang,2019-12-18
	523	if (dbid_formid!=null&&dbid_formid.length>0&&!"".equals(dbid_formid[1]+"")) {
	524	request.setAttribute("formid",dbid_formid[1]+"") ;
	525	}
	526
	527	if ("1".equalsIgnoreCase(isSuperUser) \|\| reqUri.contains("/personalized/")\|\|reqUri.equals("/savePanelUserLayout.do") ) {// 系统管理员有所有权限
	528	if(dbid_formid==null\|\|dbid.equals(dbid_formid[0]+"")){//确保管理员访问的是当前数据库的页面
	529	chain.doFilter(rep, resp);
	530	return ;
	531	} else {// 没权限
	532	request.getRequestDispatcher("/10000.jsp").forward(rep,resp);
	533	return ;
	534	}
	535	} else {
	536	if (reqUri.endsWith(".jsp")) {
	537	/***************** 普通用户权限、没有功能号情况start *******************/
	538	if (dbid_formid == null) {// uri中没有功能号信息
	539	if (reqUri.indexOf("/general/") != -1
	540	\|\| reqUri.endsWith("/home.jsp")
	541	\|\|reqUri.endsWith("showFlowChart.jsp")
	542	\|\| reqUri.endsWith("dibang/InstallDiBangCert.jsp")
	543	\|\| reqUri.endsWith("dibang/InstallDiBangCert2.jsp")
	544	\|\| reqUri.endsWith("/personalized/template/0/fullcalendarte.jsp")
	545	\|\| reqUri.endsWith("swf.jsp")
	546	\|\| reqUri.contains("mail")) {
	547	chain.doFilter(rep, resp);
	548	return;
	549	}
	550	chain.doFilter(rep, resp); //必须加上这句，要不然导致其它jsp页页请求会失败,Added by Johns wang ,2016-03-02
	551	return;
	552	}
	553	/****************** 普通用户权限、没有功能号情况end ******************/
	554
	555	/***************** 普通用户权限、有功能号情况start *******************/
	556
	557	Map<String,Map<String,Object>> perssion=(Map<String,Map<String,Object>>)session.getAttribute(SessionKey.PERSSION);
	558	if (perssion.containsKey(dbid_formid[1]+"")&&dbid.equals(dbid_formid[0]+"")) {// 有权限
	559	chain.doFilter(rep, resp);
	560	return;
	561	} else {// 没权限
	562	request.getRequestDispatcher("/10000.jsp").forward(rep,resp);
	563	return ;
	564	}
	565	/***************** 普通用户权限、有功能号情况end *******************/
	566	} else {
	567	chain.doFilter(rep, resp);
	568	return ;
	569	}
	570	}
	571	}
	572
	573	}
	574
	575
	576	private boolean isAiRadarUser(HttpServletRequest request,String userId) throws Exception {
	577	DataSourceEntity dataSourceEntity = null ;
	578	try {
	579	dataSourceEntity = MultiDataSource.getDataSourceMap( request) ;
	580	}catch(Exception e) {
	581	throw e ;
	582	}
	583	try {
	584	SpObserver.setDBtoInstance("_"+dataSourceEntity.getDbId()) ; //切换数据源
	585	//检查是否启用 ai 雷达功能
	586	if (userId != null ) {
	587	ERPUserIfc erpUserIfc = (ERPUserIfc)FactoryBean.getBean("ERPUserImpl");
	588	MyWxCpUser myWxCpUser = null ;
	589	myWxCpUser = erpUserIfc.getWorkAppUser( userId) ;
	590	return (myWxCpUser != null && ( myWxCpUser.isAiRadarUser() ) ?true:false) ;
	591	}
	592	return false ;
	593	}finally {
	594	SpObserver.setDBtoInstance();
	595	}
	596	}
	597
	598	private boolean isBossRadarUser(HttpServletRequest request,String userId) throws Exception {
	599	DataSourceEntity dataSourceEntity = null ;
	600	try {
	601	dataSourceEntity = MultiDataSource.getDataSourceMap( request) ;
	602	}catch(Exception e) {
	603	throw e ;
	604	}
	605	try {
	606	SpObserver.setDBtoInstance("_"+dataSourceEntity.getDbId()) ; //切换数据源
	607	//检查是否启用 boss 雷达功能
	608	if (userId != null ) {
	609	ERPUserIfc erpUserIfc = (ERPUserIfc)FactoryBean.getBean("ERPUserImpl");
	610	MyWxCpUser myWxCpUser = null ;
	611	myWxCpUser = erpUserIfc.getWorkAppUser( userId) ;
	612	return (myWxCpUser != null && myWxCpUser.isBossRadarUser() ?true:false) ;
	613	}
	614	return false ;
	615	}finally {
	616	SpObserver.setDBtoInstance();
	617	}
	618	}
	619
	620	protected void printJson(HttpServletResponse resp, String s) {
	621	try {
	622	resp.setCharacterEncoding("utf-8");
	623	resp.setContentType("application/json;charset=utf-8");
	624	PrintWriter out = resp.getWriter();
	625	out.print(s);
	626	out.flush();
	627	out.close();
	628	} catch (IOException e) {
	629	e.printStackTrace();
	630	}
	631	}
	632	/**
	633	* 没有登录的处理
	634	*
	635	* @param chain
	636	* @param request
	637	* @param response
	638	* @param session
	639	* @param reqUri
	640	* @param queryString
	641	* @throws IOException
	642	* @throws ServletException
	643	*/
	644	private void notLoggedInProcc(FilterChain chain,
	645	HttpServletRequest request, HttpServletResponse response,
	646	HttpSession session, String reqUri, String queryString)
	647	throws IOException, ServletException {
	648	session=request.getSession();
	649	String hostUrl = SettingKey.getHostUrl(request) ;
	650	if(reqUri.endsWith("downBo.do")){
	651	chain.doFilter(request, response);
	652	return;
	653	}
	654	if(session.getAttribute(SessionKey.DEMO_REF)!=null&&session.getAttribute(SessionKey.DEMO_REF).equals(SessionKey.DEMO_REF)&&(reqUri.equals("/newsetXml.do")\|\|reqUri.indexOf("/demo/")!=-1)\|\|reqUri.endsWith("/doDelDemo.do")){
	655	chain.doFilter(request, response);
	656	return;
	657	}
	658	if ((reqUri.endsWith((request.getContextPath() + "/login.jsp"))
	659	\|\|reqUri.endsWith("login.do")
	660	\|\|reqUri.endsWith("getDateDemo.do")
	661	\|\|reqUri.endsWith("reg.jsp")
	662	\|\|reqUri.endsWith("registra.do")
	663	\|\|reqUri.endsWith("image.jsp")
	664	\|\|reqUri.endsWith("checkSession.do")
	665	\|\|reqUri.endsWith("sessionFail.jsp")
	666	\|\|reqUri.endsWith("againLogin.do")
	667	\|\|reqUri.endsWith("default.jsp")
	668	\|\|reqUri.endsWith("/"))
	669	\|\|reqUri.contains("/regUser.do") //注册接口
	670	\|\|reqUri.contains("/api/myCompany.do") //企业列表接口
	671	\|\|reqUri.contains("/api/sendSms.do") //发手机短信验证码
	672	\|\|reqUri.contains("/api/forgotPwd.do") //忘记密码
	673	\|\|reqUri.contains("/links.do")
	674	\|\|reqUri.startsWith("/autoLogin.do")
	675	&& ! reqUri.startsWith("/shopping") ) {
	676	//这里要出来sessionId的问题
	677	chain.doFilter(request, response);// 登录页面和登录处理允许请求
	678	return;
	679	}else if(reqUri.endsWith("uploadAtta.do")
	680	\|\| reqUri.endsWith("updateAtta.do")
	681	\|\| reqUri.endsWith("picUpload.do")
	682	\|\| reqUri.endsWith("picUpdate.do")
	683	\|\| reqUri.endsWith("imageWaterMarkUpload.do")
	684	\|\| reqUri.endsWith("mailAttaUpload.do")){
	685	String sid = request.getParameter("sid");
	686	if(StringUtils.isBlank(sid)){
	687	return;
	688	}
	689	session = SessionListener.getSession(request,sid);
	690	if(null == session){
	691	return;
	692	}
	693	SpObserver.setDBtoInstance("_"+session.getAttribute(SessionKey.DATA_BASE_ID));
	694	chain.doFilter(request, response);// 登录页面和登录处理允许请求
	695	return;
	696	}else {
	697	// queryString = (queryString == null ? "" : ("?" + queryString));
	698	// session.setAttribute("notTo", (reqUri + queryString));
	699
	700	if(request.getHeader("x-app-type")!=null) {
	701	response.setStatus(405);//表示会话过期或没会话
	702	this.printJson(response,"{\"error\":\"会话已过期\",\"statusCode\":405}");
f67fb2	703	}else if (reqUri.startsWith("/shopping")) { //shopping ，added by Johns Wang , 2016-02-17
a6a76f	704	String redirectUri = URIUtil.encodeURIComponent(hostUrl+reqUri+(queryString!=null?"?"+queryString:""));
F	705	//request.setAttribute("redirect", redirectUri);
	706	response.sendRedirect("/login.jsp"+"?redirect="+redirectUri);
f67fb2	707	}else if(reqUri.startsWith("/copyurl.do")){//复制链接执行
X	708	response.sendRedirect("/login.jsp"+"?redirect="+queryString);
a6a76f	709	}else {
F	710	response.sendRedirect("/login.jsp");
	711	}
	712	return;
	713	}
	714	}
	715
	716
	717	//获得数据库id和功能号[12,9801]
	718	// http://shenzhenlanshe.onbus.cn:9001/personalized/177/0/cnzh/219001/index.jsp?r=5773
	719	public int [] getFormid(String uri) {
	720	String [] strs = null;
	721	try {
	722	strs = uri.split("/");
	723	/*******第三个是数据库id第六个是功能号*******/
	724	return new int[]{Integer.parseInt(strs[2]),Integer.parseInt(strs[5])};
	725	} catch (Exception e) {
	726	return null;
	727	}
	728	}
	729
	730
	731
	732
	733	//设置当前线程的信息用于记录日志
	734	public void setCurrentThreadInfo(int formId,String userCode,String uri,String queryString){
	735	CurrentLocal.setCurrentFormid(String.valueOf(formId));
	736	CurrentLocal.setCurrentUser(userCode);
	737	if(queryString!=null && queryString.length()>1500){
	738	queryString = queryString.substring(0, 1500);
	739	}
	740	CurrentLocal.setURI(uri + "?" + queryString);
	741	}
	742
	743	@Override
	744	public void init(FilterConfig arg0) throws ServletException {
	745	System.out.println("----------页面访问服务已启动----------");
	746	}
	747	@Override
	748	public void destroy() {
	749	System.out.println("----------页面访问服务已停止----------");
	750	}
	751
	752	}