package com.yc.filter;
|
|
import com.yc.api.schedule.AppVersion;
|
import com.yc.api.utils.VersionUtils;
|
import com.yc.currentThreadInfo.CurrentLocal;
|
import com.yc.entity.DataSourceEntity;
|
import com.yc.exception.CallBackMessage;
|
import com.yc.factory.FactoryBean;
|
import com.yc.listener.SessionListener;
|
import com.yc.multiData.MultiDataSource;
|
import com.yc.multiData.SpObserver;
|
import com.yc.sdk.jedis.KryoUtils;
|
import com.yc.sdk.shopping.action.Maintaince;
|
import com.yc.sdk.shopping.util.SettingKey;
|
import com.yc.sdk.weixincp.action.WxAuthSessionIfc;
|
import com.yc.sdk.weixincp.entity.MyWxCpUser;
|
import com.yc.sdk.weixincp.service.ERPUserIfc;
|
import com.yc.sdk.weixinmp.entity.WxSessionEntity;
|
import com.yc.service.BaseService;
|
import com.yc.service.build.FilterBuildFuncIfc;
|
import com.yc.service.build.FilterBuildFuncImpl;
|
import com.yc.service.impl.DBHelper;
|
import com.yc.service.impl.EnvHelper;
|
import com.yc.servlet.BuildFormat;
|
import com.yc.utils.EncodeUtil;
|
import com.yc.utils.SessionKey;
|
import me.chanjar.weixin.common.bean.WxOAuth2UserInfo;
|
import me.chanjar.weixin.common.util.http.URIUtil;
|
import me.chanjar.weixin.cp.bean.WxCpUser;
|
import me.chanjar.weixin.mp.bean.result.WxMpUser;
|
import org.apache.commons.lang.StringUtils;
|
import org.slf4j.Logger;
|
import org.slf4j.LoggerFactory;
|
import org.springframework.data.redis.core.RedisTemplate;
|
import redis.clients.jedis.Jedis;
|
import redis.clients.jedis.JedisPool;
|
|
import javax.servlet.*;
|
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletResponse;
|
import javax.servlet.http.HttpSession;
|
import java.io.IOException;
|
import java.io.PrintWriter;
|
import java.util.Map;
|
|
public class LoginFilter implements Filter {
|
protected final Logger log = LoggerFactory.getLogger(this.getClass());
|
|
@SuppressWarnings("unchecked")
|
@Override
|
public void doFilter(ServletRequest rep, ServletResponse resp,
|
FilterChain chain) throws IOException, ServletException {
|
HttpServletRequest request = (HttpServletRequest) rep;
|
HttpServletResponse response = (HttpServletResponse) resp;
|
HttpSession session = request.getSession();
|
CallBackMessage callBackMessage=new CallBackMessage();
|
request.setCharacterEncoding("utf-8");
|
//**** start *******检测是否存在加密锁
|
|
// if(!InitLicense.getInstance().checkInfo(request, response)){
|
// return;
|
// }
|
|
//******end *******
|
if("".equals(EnvHelper.getPath())){//掉线后的访问
|
String path = request.getServletContext().getRealPath("/");
|
EnvHelper.setPath(path);//得到项目的地址,方便后面使用
|
}
|
String user = (String) session.getAttribute(SessionKey.HRCODE);
|
String isSuperUser = (String) session.getAttribute(SessionKey.USERTYPE);
|
String queryString = request.getQueryString();
|
String hostUrl = SettingKey.getHostUrl(request) ;
|
|
String reqUri = request.getRequestURI();
|
//System.out.println(this.getClass() +" 0 URL:"+ reqUri+"?"+queryString+ " session CorpId=" + session.getAttribute(SessionKey.WEIXIN_CORPID));
|
//System.out.println(reqUri);
|
|
//如果demo datasource 为空,则必须先设置它 added by Johns Wang, 2019-09-24 dataSourceMap.put(dataSourceEntity.getDbId()+"", dataSourceEntity);
|
boolean hasDemoDataSource = MultiDataSource.hasDemoDataSource();
|
if (! hasDemoDataSource ) {
|
if (reqUri.startsWith("/newsetXml.do")||reqUri.startsWith("/demo/update1.jsp")) {
|
chain.doFilter(request, response);
|
return ;
|
}
|
if (!reqUri.startsWith("/demo/update.jsp") ) {
|
session.setAttribute(SessionKey.DEMO_REF,SessionKey.DEMO_REF);
|
request.getRequestDispatcher("/demo/update.jsp?demoConfig=demo").forward(request, response);
|
return ;
|
}else {
|
chain.doFilter(request, response);
|
return ;
|
}
|
}
|
|
//检测APP版本号,如果小于指定版本号,强制用户升级
|
|
if(VersionUtils.getAPPTypeName(request)!=null&&(reqUri.contains("/login.do")||reqUri.contains("/autoLoginV2.do"))){//处理登录
|
try {
|
RedisTemplate redisTemplate = (RedisTemplate) FactoryBean.getBean("redisTemplate");
|
Object object = redisTemplate.opsForValue().get("APP_Upgrade_Version");
|
if (object != null) {
|
AppVersion appVersion = (AppVersion) object;
|
if (!VersionUtils.loginIfcVersoinV2(request, appVersion.getAndroid(), appVersion.getIos())) {
|
//---当前版本小于强制更新版本,需要提示更新版本
|
CallBackMessage message = new CallBackMessage();
|
message.sendErrorMessage("您的APP版本["+request.getHeader("x-app-version")+"]太低,请到应用商店下载最新版本");
|
message.setState(-1000);
|
printJson(response, VersionUtils.isAndroid(request) ? message.toString() : message.print());
|
return;
|
}
|
|
}
|
}catch (Exception ex){
|
CallBackMessage message = new CallBackMessage();
|
message.sendErrorMessage(ex.getMessage());
|
message.setState(-1);
|
printJson(response, VersionUtils.isAndroid(request) ? message.toString() : message.print());
|
return;
|
}
|
}
|
|
|
if(reqUri.contains("/getdb.do")||reqUri.contains("/weixin/")
|
||reqUri.contains("/wx/")||reqUri.contains("/cgi-bin/")
|
||reqUri.contains("/logout.do")
|
|| "/getDateDemo.do".equals(reqUri) //登录页面获取数据源
|
||reqUri.contains("/getImageedit.do") //微信需要用
|
||reqUri.contains("/getImage.do") //微信需要用
|
||reqUri.contains("/ShoppingImageRefresh.do") //清除网店缓存图片(磁盘文件)
|
||reqUri.contains("/SyncDataSource.do") //同步demo数据源到本地服务器map
|
||reqUri.contains("/build.do") //重新生成页面
|
||reqUri.contains("/buildv2.do") //重新生成页面
|
||reqUri.contains("/buildPersonlizedTemplate.do") //重新生成页面
|
||reqUri.contains("/shopping/maintaince/maintaince.do") //停止或启用某个数据源action
|
||reqUri.contains("/shopping/maintaince/maintaince.jsp") //停止或启用某个数据源页面
|
||reqUri.contains("/shopping/maintaince/systemconfig.jsp") //维护系统设置
|
||reqUri.contains("/shopping/maintaince/messagelist.jsp") //系统级消息发送列表
|
||reqUri.contains("/shopping/maintaince/messageedit.jsp") //发送系统级消息
|
||reqUri.contains("/general/pdf/web/viewer.jsp") //pdf插件
|
|
/**
|
* 微信支付(退款)通知,包括通知:
|
* 商城订单通知120230,图片订单通知120236,成为会员订单通知120234(使用 .../wxordernotice.do)
|
* 充值通知 (.../wxrechargenotice.do) , 提现通知(.../wxwithdrawalsnotice.do),退款通知(.../wxrefundnotice.do)
|
*/
|
||reqUri.startsWith("/shopping/pay/notice/")
|
||reqUri.startsWith("/shopping/pay/refundMoney.do") //微信退款,在ERP系统使用外部URL方式调用
|
|
||reqUri.contains("/shopping/pay/getSalesOrderWxPayConfig.do") //获取微信支付参数接口
|
||reqUri.contains("/404.jsp")
|
||reqUri.contains("/oauth2/") //第三方登录
|
||reqUri.contains("/CheckInvitationCode.do") //验证【注册验证码】
|
||reqUri.contains("/regUser.do") //注册接口
|
||reqUri.contains("/api/myCompany.do") //企业列表接口
|
||reqUri.contains("/api/sendSms.do") //发手机短信验证码
|
||reqUri.contains("/api/forgotPwd.do") //忘记密码
|
||reqUri.contains("/links.do")
|
||reqUri.contains("/app/getZip.do")
|
||reqUri.contains("/ws/") //websocket 接口
|
||reqUri.contains("/open/") //开放接口
|
||reqUri.contains("/shopping/generationMatCodeQrCode.do") //更新商品资料二维码,使微信扫码可以直接打开页面
|
||reqUri.contains("/shopping/websocket/index.jsp") //web socket
|
||reqUri.contains("/shopping/websocket/index1.jsp")
|
||reqUri.contains("/wx/CpAuthSession.do")
|
||reqUri.contains("/wx/MpAuthSession.do")
|
||reqUri.contains("/buildPersonlizedTemplateForAll.do") //生成所有数据库的浮动窗体页面,使其打开时保持最新 ,Added by Johns Wang, 20190-96-04
|
||reqUri.contains("/demo/update1.jsp") //设置用户的实体数据源
|
||reqUri.contains("/getInvitationCode.do")
|
||reqUri.startsWith("/changepwd.do") //改密码
|
||reqUri.startsWith("/autoLogin.do")
|
||reqUri.startsWith("/autoLoginV2.do")
|
|| reqUri.startsWith("/getLogoIcon.do")//Logo图片
|
|| reqUri.startsWith("/attachment/downLoadAttachment.do")//附件下载
|
|| reqUri.startsWith("/attachment/uploadAttachment.do")//附件上传
|
|| reqUri.startsWith("/attachment/deleteAttachment.do")//附件删除
|
|| reqUri.startsWith("/attachment/uploadAttachmentV2.do")//附件上传
|
|| reqUri.startsWith("/attachment/deleteAttachmentV2.do")//附件删除
|
|| reqUri.startsWith("/api/upPortraitV2.do")//上传头像
|
|| reqUri.startsWith("/attachment/deleteAttachmentByGrid.do")
|
|| reqUri.startsWith("/shopping/live/") //小程序直播
|
//---卤江南
|
|| reqUri.startsWith("/lujn/orderPayCallback.do") //农行支付通知回调
|
// || reqUri.startsWith("/shopping/updateMatCodeQrCode.do") //生成物料主数据二维码
|
|| reqUri.startsWith("/shopping/export/getExportFile.do") //新版小程序导出文件excel下载
|
|| reqUri.startsWith("/mutual/unbind110203.do") //解绑客户
|
|| reqUri.startsWith("/mutual/unbind110302.do") //解绑供应商
|
|| reqUri.endsWith("/orderPayCallback.do") //农行通用聚合支付回调接口
|
|| reqUri.endsWith("/orderPayCallbackByEpay.do") //农行农行e收款回调接口
|
|| reqUri.startsWith("/batchUpload/uploadImage.do") //批量上传物料主数据图片
|
|
|| reqUri.startsWith("/payment/pay") //维护费回调
|
|| reqUri.startsWith("/api/loginByCode.do") //限制多设备登录的短信验证
|
|| reqUri.startsWith("/multilogin.do") //多账号登录
|
|| reqUri.startsWith("/wyn/auth.do") //Wyn认证
|
|| reqUri.startsWith("/app/v2/get9686.do") //颜色列表
|
|| reqUri.startsWith("/WxExternalContact/")//企业微信客户管理
|
|| reqUri.startsWith("/afterSales/")//售后
|
|
|
){
|
chain.doFilter(request, response);
|
return;
|
}
|
//解决导购(网店)没有登录的问题,主要是微信访问时,必须要带微信AppId或CorpId参数,例如从巴士软件公众号点击过来,则设为: wx=2&CorpId=wx258ad4bfa5a9d263
|
//Added by Johns Wang, 2016-03-06
|
String corpId = request.getParameter(SessionKey.WEIXIN_CORPID) ;
|
if (corpId == null || "".equals(corpId)) {
|
corpId = request.getParameter(SessionKey.WEIXIN_APPID) ;
|
}
|
|
String wx = request.getParameter(SessionKey.WEIXIN_FROM) ;
|
//if (corpId!= null&&!"".equals(corpId)) System.out.println("reqUri="+reqUri + " queryString=" + queryString);
|
String radarWarningPage = "/shopping/weixinby3rd/ai/home/warning.jsp" ;
|
|
JedisPool jedisPool = (JedisPool) FactoryBean.getBean("jedisPool");
|
try (Jedis jedis = jedisPool.getResource()){
|
//检查系统是否停用,如果被停用,则要删除会话 session ,然后重定向到 login.jsp 页面,Added by Johns Wang , 2017-05-26
|
if (! reqUri.startsWith("/login.jsp") && !reqUri.endsWith("/") && !reqUri.startsWith("/newsetXml.do") && Maintaince.isSystemStop( request) ) {//,处理一个域名有多系统,其中一些系统过期的情况,by danaus 2020/4/10 16:11
|
//session.invalidate(); //删除会话
|
if(VersionUtils.getAPPTypeName(request)!=null){//增加对app的处理 by danaus 2019/12/19 16:15
|
callBackMessage.sendErrorMessage("会话失效");
|
this.printJson(response,callBackMessage.toString());
|
}else {
|
if(reqUri.contains("/login.do")) {
|
callBackMessage.sendErrorMessage("系统出现异常,请联络服务提供商!");
|
this.printJson(response, callBackMessage.toString());
|
}else{
|
response.sendRedirect("/login.jsp");
|
}
|
}
|
return ;
|
}
|
if ( corpId != null && ! "".equals(corpId)
|
&& wx != null && !"".equals(wx)) {
|
if ( "3".equals(wx)) { //3 是小程序
|
session.setAttribute(SessionKey.WEIXIN_APPID,corpId) ;
|
session.setAttribute(SessionKey.WEIXIN_FROM,wx) ;
|
|
Object dbId = session.getAttribute(SessionKey.SHOPPING_DBID);
|
if (dbId != null && ! "".equals(dbId) ) {
|
chain.doFilter(request, response);
|
return ;
|
}
|
DataSourceEntity dataSourceEntity = null ;
|
|
dataSourceEntity = MultiDataSource.getDataSourceMapByMaAppId(corpId) ;
|
if (dataSourceEntity != null) {
|
//SpObserver.setDBtoInstance("_"+corpEntity.getDbId()) ; 这里不需要切换数据源,因为每次在访问数据库时,都自带数据源参数
|
session.setAttribute(SessionKey.SHOPPING_DBID,dataSourceEntity.getDbId() + "") ;
|
chain.doFilter(request, response);
|
return ;
|
}else {
|
request.getRequestDispatcher("/10001.jsp").forward(request, response);
|
return ;
|
}
|
}else { // wx: "1" 企业号 , “2” 公众号
|
|
WxAuthSessionIfc wxAuthSessionIfc = null ;
|
if (wx!=null && "1".equals(wx)) {
|
wxAuthSessionIfc = (WxAuthSessionIfc)FactoryBean.getBean("CpAuthSession") ;
|
}else {
|
wxAuthSessionIfc = (WxAuthSessionIfc)FactoryBean.getBean("MpAuthSession") ;
|
}
|
|
//System.out.println(this.getClass()+" " + (new java.text.SimpleDateFormat("yyyy-MM-dd HH:mm:ss:SSS")).format(new java.util.Date()) + " sessionid:" + session.getId() + " url:" + hostUrl+ reqUri + "?" + queryString);
|
|
//解决多个公众号使用同一个域名的问题(因为同一个域名,在tomcat上只有一个会话 session,不同公众号切换时,
|
//必须要重建(reset) 会话 session,避免数据库混用 ) ,Added by Johns Wang, 2018-11-09
|
String corpIdSessionValue = (String) session.getAttribute(SessionKey.WEIXIN_CORPID);
|
if (corpIdSessionValue != null && !corpId.equals(corpIdSessionValue)) {
|
// String openId = request.getParameter(SettingKey.FROMOPENID) ;
|
// if (openId == null) {
|
// WxSessionEntity.updateValueToSession(session, new WxSessionEntity()); //清空 session 值
|
// response.sendRedirect(wxAuthSessionIfc.getAuthorizationUrl(request));
|
// return ;
|
// }
|
|
//从redis 取 session 对象
|
|
String newSession = jedis.get("wxSession:"+corpId+":"+session.getId()) ;
|
if (newSession != null) {
|
//System.out.println(this.getClass()+" 将 wxSessionEntity 对象反序列化... " );
|
WxSessionEntity wxSessionEntity = KryoUtils.deserializationObject(newSession,WxSessionEntity.class) ;
|
WxSessionEntity.updateValueToSession(session, wxSessionEntity);
|
//System.out.println(this.getClass()+" 将 wxSessionEntity 对象反序列化...成功 " );
|
corpIdSessionValue = (String) session.getAttribute(SessionKey.WEIXIN_CORPID);
|
}else {
|
WxSessionEntity.updateValueToSession(session, new WxSessionEntity()); //清空会话 session
|
}
|
}
|
|
String userCode = (String)session.getAttribute(SessionKey.USERCODE);
|
if (userCode == null || "".equals(userCode)) {
|
userCode = (String)session.getAttribute(SettingKey.CLTCODE);
|
}
|
if (userCode == null || "".equals(userCode)) {
|
userCode = (String)session.getAttribute(SessionKey.HRCODE);
|
}
|
if (userCode == null || "".equals(userCode)) {
|
userCode = (String)session.getAttribute(SessionKey.WEIXIN_OPENID);
|
}
|
if (corpIdSessionValue == null || "".equals(corpIdSessionValue) || userCode == null || "".equals(userCode)) {
|
String code = request.getParameter("code"); //由微信传过来的 userid
|
if (code == null||"".equals(code)) {
|
response.sendRedirect(wxAuthSessionIfc.getAuthorizationUrl(request));
|
return ;
|
}else {
|
DataSourceEntity dataSourceEntity = MultiDataSource.getDataSourceMap( request) ;
|
//System.out.println(this.getClass() +" 1 URL:"+ reqUri+"?"+queryString+ " session CorpId=" + session.getAttribute(SessionKey.WEIXIN_CORPID));
|
if (wx!=null && "1".equals(wx) ) {
|
WxCpUser wxCpUser = wxAuthSessionIfc.getAuthorizationCpUser( request, code);
|
wxAuthSessionIfc.loginFromWxCpUser( request, response, wxCpUser);
|
|
//检查是否启用 ai 雷达 功能
|
if (reqUri.startsWith("/shopping/weixinby3rd/ai") && !reqUri.startsWith(radarWarningPage) && wxCpUser != null) {
|
if (!isAiRadarUser(request,wxCpUser.getUserId())) {
|
request.getRequestDispatcher(radarWarningPage+"?"+queryString).forward(request, response);
|
return;
|
}
|
}
|
|
//检查是否启用 boss 雷达 功能
|
if (reqUri.startsWith("/shopping/weixinby3rd/boss") && !reqUri.startsWith(radarWarningPage) && wxCpUser != null) {
|
if (!isBossRadarUser(request,wxCpUser.getUserId())) {
|
request.getRequestDispatcher(radarWarningPage+"?"+queryString).forward(request, response);
|
return;
|
}
|
}
|
|
SpObserver.setDBtoInstance("_"+dataSourceEntity.getDbId()) ; //切换数据源
|
chain.doFilter(request, response);
|
return ;
|
}else {
|
WxOAuth2UserInfo wxOAuth2UserInfo = wxAuthSessionIfc.getAuthorizationMpUser( request, code);
|
WxMpUser wxMpUser = new WxMpUser();
|
wxMpUser.setOpenId(wxOAuth2UserInfo.getOpenid()) ;
|
wxMpUser.setNickname(wxOAuth2UserInfo.getNickname()) ;
|
//wxMpUser.setCountry(wxOAuth2UserInfo.getCountry()) ;
|
wxMpUser.setHeadImgUrl(wxOAuth2UserInfo.getHeadImgUrl()) ;
|
//wxMpUser.setSex(wxOAuth2UserInfo.getSex());
|
//wxMpUser.setCity(wxOAuth2UserInfo.getCity());
|
//wxMpUser.setProvince(wxOAuth2UserInfo.getProvince());
|
wxMpUser.setUnionId(wxOAuth2UserInfo.getUnionId());
|
wxMpUser.setPrivileges(wxOAuth2UserInfo.getPrivileges());
|
wxAuthSessionIfc.loginFromWxMpUser( request, response, wxMpUser);
|
|
//TODO
|
//在 URL 后追加 fromOpenId 参数
|
//url = StringURL.inputURL(url, SettingKey.FROMOPENID, wxMpUser.getOpenId()) ;
|
|
SpObserver.setDBtoInstance("_"+dataSourceEntity.getDbId()) ; //切换数据源
|
chain.doFilter(request, response);
|
return ;
|
}
|
|
}
|
}else {
|
String userId = (String)session.getAttribute(SessionKey.WEIXIN_OPENID);
|
//检查是否启用 ai 雷达 功能
|
if (reqUri.startsWith("/shopping/weixinby3rd/ai") && !reqUri.startsWith(radarWarningPage) && userId != null) {
|
if (!isAiRadarUser(request,userId)) {
|
request.getRequestDispatcher(radarWarningPage+"?"+queryString).forward(request, response);
|
return;
|
}
|
}
|
|
//检查是否启用 boss 雷达 功能
|
if (reqUri.startsWith("/shopping/weixinby3rd/boss") && !reqUri.startsWith(radarWarningPage) && userId!= null) {
|
if (!isBossRadarUser(request,userId)) {
|
request.getRequestDispatcher(radarWarningPage+"?"+queryString).forward(request, response);
|
return;
|
}
|
}
|
|
//System.out.println(this.getClass() +" 2 URL:"+ reqUri+"?"+queryString+ " session CorpId=" + session.getAttribute(SessionKey.WEIXIN_CORPID));
|
chain.doFilter(request, response);
|
return ;
|
}
|
|
}
|
}
|
|
|
if (reqUri.contains("/shopping/")) { //2.如果不是微信过来的链接,有可能是网页直接访问或 ipad 访问 /shopping/ 目录,则使用 主机名 (或叫 域名) 取数据源
|
//非微信入口,则需要按主机名来访问数据源,如: mp.onbus.cn (不包括http 和端口号)
|
Object dbId = session.getAttribute(SessionKey.SHOPPING_DBID);
|
if (dbId != null && ! "".equals(dbId) ) {
|
chain.doFilter(request, response);
|
return ;
|
}
|
DataSourceEntity dataSourceEntity = null ;
|
|
dataSourceEntity = MultiDataSource.getDataSourceMapByCorpURL(hostUrl) ;
|
if (dataSourceEntity != null) {
|
//SpObserver.setDBtoInstance("_"+corpEntity.getDbId()) ; 这里不需要切换数据源,因为每次在访问数据库时,都自带数据源参数
|
session.setAttribute(SessionKey.SHOPPING_DBID,dataSourceEntity.getDbId() + "") ;
|
chain.doFilter(request, response);
|
return ;
|
}else {
|
//request.getRequestDispatcher("/10001.jsp").forward(request, response); //Commented By Johns Wang,2020-07-27
|
chain.doFilter(request, response); //Added by Johns Wang,2020-07-27
|
return ;
|
}
|
}
|
|
}catch (Exception e){
|
|
String msssage="执行url:" +hostUrl+ reqUri + "分析时出错" + this.getClass()+" URL:" +reqUri + "?" + queryString +";" + (e.getCause()!=null?e.getCause().getMessage(): e.getMessage());
|
System.out.println(msssage);
|
e.printStackTrace();
|
this.log.debug(msssage);
|
request.setAttribute("errormsg", msssage);
|
if(request.getHeader("x-app-type")!=null) {
|
this.printJson(response,callBackMessage.sendErrorMessage(e.getMessage()));
|
}if (reqUri.startsWith("/shopping/")) {
|
chain.doFilter(request, response); //Added by Johns Wang,2020-07-27
|
return ;
|
}else {
|
request.getRequestDispatcher("/500.jsp").forward(request, response);
|
return ;
|
}
|
}
|
|
if (StringUtils.isBlank(user)) {// 没有登录
|
notLoggedInProcc(chain, request, response, session, reqUri,queryString);
|
return ;
|
}
|
|
try {
|
//已经登录了
|
SpObserver.setDBtoInstance("_"+session.getAttribute(SessionKey.DATA_BASE_ID)); //全局切换数据源
|
}catch(Exception e) {
|
String message="执行url:" +hostUrl+ reqUri + "分析时出错" + this.getClass()+" URL:" +reqUri + "?" + queryString +";" + (e.getCause()!=null?e.getCause().getMessage(): e.getMessage());
|
System.out.println(message);
|
e.printStackTrace();
|
|
request.setAttribute("errormsg", message);
|
this.log.debug(message);
|
if (reqUri.startsWith("/shopping/")) {
|
chain.doFilter(request, response); //Added by Johns Wang,2020-07-27
|
return ;
|
}else {
|
request.getRequestDispatcher("/500.jsp").forward(request, response);
|
return ;
|
}
|
|
}
|
int dbid_formid[] = getFormid(reqUri);// 除了所有上面放行的特殊页面外所有页面的请求格式应该为 // 功能号_*.jsp
|
setCurrentThreadInfo(dbid_formid==null?-1:dbid_formid[1],user,reqUri,queryString);
|
|
//---------------- 生成功能号页面, Added by johns Wang , 2016-07-31 -----------------------
|
boolean isPrinter = FilterBuildFuncImpl.isPrinter(reqUri);
|
//生成 /app目录下的主功能号和 /WEB-INF/report 目录下的打印页面
|
try {
|
//DataSourceEntity dataSourceEntity = MultiDataSource.getDataSourceMap( request);
|
if (
|
//暂时去掉禁止自动生成 by danaus 2020/12/7 10:45
|
//dataSourceEntity.isAutoGenerateFormId()&&
|
((dbid_formid != null
|
&& dbid_formid.length == 2
|
&& dbid_formid[1] != 0
|
&& reqUri.contains("/app/"+dbid_formid[0]+"/")
|
&& reqUri.endsWith("/index.jsp"))
|
|| (reqUri.contains("/personalized/") && reqUri.endsWith("/index.jsp"))
|
|| isPrinter )){
|
int formId = 0;
|
if (isPrinter) {
|
queryString=EncodeUtil.base64Decode(queryString);//base64解密所有请求参数
|
queryString = queryString.replace("FormID=", ""); //去掉 FormID= 开头的部分
|
Map<String, String> mapParm = BuildFormat.getParamMap(queryString);
|
formId = Integer.parseInt(DBHelper.isNull(mapParm.get("FormID"), 0));
|
request.setAttribute("isPrinter",true);
|
} else if (reqUri.contains("/gtGrid.do")){
|
formId = (request.getParameter("formID")==null?null: Integer.parseInt( request.getParameter("formID"))) ;
|
}
|
else {
|
formId = dbid_formid[1] ;
|
}
|
if (formId != 0) {
|
request.setAttribute("formID",formId+"");
|
FilterBuildFuncIfc bc = (FilterBuildFuncIfc)FactoryBean.getBean("FilterBuildFuncImpl");
|
boolean result = bc.rebuildFormid(request, response);
|
if (result) {
|
chain.doFilter(request, response);// by danaus 处理url的参数被清空的问题
|
return ;
|
}
|
}
|
}
|
} catch (Exception e) {
|
e.printStackTrace();
|
}
|
// --------------- 生成功能号结束 ------------------------------------
|
|
// if (session.getAttribute("notTo") != null) {
|
// String topath = session.getAttribute("notTo").toString();
|
// session.setAttribute("notTo", null);
|
// response.sendRedirect(topath);
|
// return;
|
// }
|
//
|
try {
|
//复制链接需要到 2018-9-5 15:12:54 xin
|
if(reqUri.equals("/copyurl.do") && queryString !=null){
|
String redirect ="/home.jsp?redirect="+queryString;
|
request.getRequestDispatcher(redirect).forward(request, response);
|
return ;
|
}
|
} catch (Exception e) {
|
String message="执行url:" +hostUrl+ reqUri + "分析时出错" + this.getClass()+" URL:" +reqUri + "?" + queryString +";" + (e.getCause()!=null?e.getCause().getMessage(): e.getMessage());
|
System.out.println(message);
|
e.printStackTrace();
|
this.log.debug(message);
|
if (reqUri.startsWith("/shopping/")) {
|
chain.doFilter(request, response); //Added by Johns Wang,2020-07-27
|
return ;
|
}else {
|
request.getRequestDispatcher("/home.jsp").forward(request, response);
|
return;
|
}
|
}
|
if (reqUri.equals("/")||reqUri.equals("/login.jsp") || reqUri.equals("/index.jsp")) {// 添加重定项
|
//DBHelper.getXml(reqUri, session);// 这个后加解决这个页面出错问题
|
if(wx!=null&&"1".equalsIgnoreCase(wx)){
|
request.setAttribute("wxUrl", request.getParameter("wx_parm"));
|
request.setAttribute(SettingKey.REDIRECT, request.getParameter(SettingKey.REDIRECT));
|
}
|
request.getRequestDispatcher("/home.jsp").forward(request, response);
|
return ;
|
}else {
|
String dbid = (String)session.getAttribute(SessionKey.DATA_BASE_ID);
|
|
//如果页面不存在,则给 404.jsp 页面使用这个变量,用来显示“尝试重新加载页面”的按钮,点击点生成功能号,Added by Johns Wang,2019-12-18
|
if (dbid_formid!=null&&dbid_formid.length>0&&!"".equals(dbid_formid[1]+"")) {
|
request.setAttribute("formid",dbid_formid[1]+"") ;
|
}
|
|
if ("DeveloperUser".equalsIgnoreCase(isSuperUser) || reqUri.contains("/personalized/")||reqUri.equals("/savePanelUserLayout.do") ) {// 系统管理员有所有权限
|
if(dbid_formid==null||dbid.equals(dbid_formid[0]+"")){//确保管理员访问的是当前数据库的页面
|
chain.doFilter(rep, resp);
|
return ;
|
} else {// 没权限
|
request.getRequestDispatcher("/10000.jsp").forward(rep,resp);
|
return ;
|
}
|
}else if("SuperUser".equalsIgnoreCase(isSuperUser)){
|
try{
|
if(dbid_formid==null){
|
chain.doFilter(rep, resp);
|
return;
|
}else {//是功能号页面
|
SpObserver.setDBtoInstance("_" + dbid);
|
BaseService baseService = (BaseService) FactoryBean.getBean("BaseService");
|
final Integer result = baseService.getJdbcTemplate().queryForObject("set nocount on \n declare @formid int \n select @formid=formid from gform where formid = " + dbid_formid[1] + " and isnull(isAuthorizedForDeveloperUser, 0) = 0 \n select @formid", Integer.class);
|
if (result != null) {//确保管理员访问的是当前数据库的页面
|
chain.doFilter(rep, resp);
|
return;
|
} else {// 没权限
|
request.getRequestDispatcher("/10000.jsp").forward(rep, resp);
|
return;
|
}
|
}
|
}catch(Exception ex){
|
ex.printStackTrace();
|
}finally {
|
SpObserver.setDBtoInstance();
|
}
|
|
} else {
|
if (reqUri.endsWith(".jsp")) {
|
/******************* 普通用户权限、没有功能号情况start *********************/
|
if (dbid_formid == null) {// uri中没有功能号信息
|
if (reqUri.indexOf("/general/") != -1
|
|| reqUri.endsWith("/home.jsp")
|
||reqUri.endsWith("showFlowChart.jsp")
|
|| reqUri.endsWith("dibang/InstallDiBangCert.jsp")
|
|| reqUri.endsWith("dibang/InstallDiBangCert2.jsp")
|
|| reqUri.endsWith("/personalized/template/0/fullcalendarte.jsp")
|
|| reqUri.endsWith("swf.jsp")
|
|| reqUri.contains("mail")) {
|
chain.doFilter(rep, resp);
|
return;
|
}
|
chain.doFilter(rep, resp); //必须加上这句,要不然导致其它jsp页页请求会失败,Added by Johns wang ,2016-03-02
|
return;
|
}
|
/******************** 普通用户权限、没有功能号情况end ********************/
|
|
/******************* 普通用户权限、有功能号情况start *********************/
|
|
Map<String,Map<String,Object>> perssion=(Map<String,Map<String,Object>>)session.getAttribute(SessionKey.PERSSION);
|
if (perssion.containsKey(dbid_formid[1]+"")&&dbid.equals(dbid_formid[0]+"")) {// 有权限
|
chain.doFilter(rep, resp);
|
return;
|
} else {// 没权限
|
request.getRequestDispatcher("/10000.jsp").forward(rep,resp);
|
return ;
|
}
|
/******************* 普通用户权限、有功能号情况end *********************/
|
} else {
|
chain.doFilter(rep, resp);
|
return ;
|
}
|
}
|
}
|
|
}
|
|
|
private boolean isAiRadarUser(HttpServletRequest request,String userId) throws Exception {
|
DataSourceEntity dataSourceEntity = null ;
|
try {
|
dataSourceEntity = MultiDataSource.getDataSourceMap( request) ;
|
}catch(Exception e) {
|
throw e ;
|
}
|
try {
|
SpObserver.setDBtoInstance("_"+dataSourceEntity.getDbId()) ; //切换数据源
|
//检查是否启用 ai 雷达 功能
|
if (userId != null ) {
|
ERPUserIfc erpUserIfc = (ERPUserIfc)FactoryBean.getBean("ERPUserImpl");
|
MyWxCpUser myWxCpUser = null ;
|
myWxCpUser = erpUserIfc.getWorkAppUser( userId) ;
|
return (myWxCpUser != null && ( myWxCpUser.isAiRadarUser() ) ?true:false) ;
|
}
|
return false ;
|
}finally {
|
SpObserver.setDBtoInstance();
|
}
|
}
|
|
private boolean isBossRadarUser(HttpServletRequest request,String userId) throws Exception {
|
DataSourceEntity dataSourceEntity = null ;
|
try {
|
dataSourceEntity = MultiDataSource.getDataSourceMap( request) ;
|
}catch(Exception e) {
|
throw e ;
|
}
|
try {
|
SpObserver.setDBtoInstance("_"+dataSourceEntity.getDbId()) ; //切换数据源
|
//检查是否启用 boss 雷达 功能
|
if (userId != null ) {
|
ERPUserIfc erpUserIfc = (ERPUserIfc)FactoryBean.getBean("ERPUserImpl");
|
MyWxCpUser myWxCpUser = null ;
|
myWxCpUser = erpUserIfc.getWorkAppUser( userId) ;
|
return (myWxCpUser != null && myWxCpUser.isBossRadarUser() ?true:false) ;
|
}
|
return false ;
|
}finally {
|
SpObserver.setDBtoInstance();
|
}
|
}
|
|
protected void printJson(HttpServletResponse resp, String s) {
|
try {
|
resp.setCharacterEncoding("utf-8");
|
resp.setContentType("application/json;charset=utf-8");
|
PrintWriter out = resp.getWriter();
|
out.print(s);
|
out.flush();
|
out.close();
|
} catch (IOException e) {
|
e.printStackTrace();
|
}
|
}
|
/**
|
* 没有登录的处理
|
*
|
* @param chain
|
* @param request
|
* @param response
|
* @param session
|
* @param reqUri
|
* @param queryString
|
* @throws IOException
|
* @throws ServletException
|
*/
|
private void notLoggedInProcc(FilterChain chain,
|
HttpServletRequest request, HttpServletResponse response,
|
HttpSession session, String reqUri, String queryString)
|
throws IOException, ServletException {
|
session=request.getSession();
|
String hostUrl = SettingKey.getHostUrl(request) ;
|
if(reqUri.endsWith("downBo.do")){
|
chain.doFilter(request, response);
|
return;
|
}
|
if(session.getAttribute(SessionKey.DEMO_REF)!=null&&session.getAttribute(SessionKey.DEMO_REF).equals(SessionKey.DEMO_REF)&&(reqUri.equals("/newsetXml.do")||reqUri.indexOf("/demo/")!=-1)||reqUri.endsWith("/doDelDemo.do")){
|
chain.doFilter(request, response);
|
return;
|
}
|
if ((reqUri.endsWith((request.getContextPath() + "/login.jsp"))
|
||reqUri.endsWith("login.do")
|
||reqUri.endsWith("getDateDemo.do")
|
||reqUri.endsWith("reg.jsp")
|
||reqUri.endsWith("registra.do")
|
||reqUri.endsWith("image.jsp")
|
||reqUri.endsWith("checkSession.do")
|
||reqUri.endsWith("sessionFail.jsp")
|
||reqUri.endsWith("reloadsession.jsp")
|
||reqUri.endsWith("againLogin.do")
|
||reqUri.endsWith("default.jsp")
|
||reqUri.endsWith("/"))
|
||reqUri.contains("/regUser.do") //注册接口
|
||reqUri.contains("/api/myCompany.do") //企业列表接口
|
||reqUri.contains("/api/sendSms.do") //发手机短信验证码
|
||reqUri.contains("/api/forgotPwd.do") //忘记密码
|
||reqUri.contains("/links.do")
|
||reqUri.startsWith("/autoLogin.do")
|
&& ! reqUri.startsWith("/shopping") ) {
|
//这里要出来sessionId的问题
|
chain.doFilter(request, response);// 登录页面和登录处理允许请求
|
return;
|
}else if(reqUri.endsWith("uploadAtta.do")
|
|| reqUri.endsWith("updateAtta.do")
|
|| reqUri.endsWith("picUpload.do")
|
|| reqUri.endsWith("picUpdate.do")
|
|| reqUri.endsWith("imageWaterMarkUpload.do")
|
|| reqUri.endsWith("mailAttaUpload.do")){
|
String sid = request.getParameter("sid");
|
if(StringUtils.isBlank(sid)){
|
return;
|
}
|
session = SessionListener.getSession(request,sid);
|
if(null == session){
|
return;
|
}
|
SpObserver.setDBtoInstance("_"+session.getAttribute(SessionKey.DATA_BASE_ID));
|
chain.doFilter(request, response);// 登录页面和登录处理允许请求
|
return;
|
}else {
|
if(request.getHeader("x-app-type")!=null) {
|
response.setStatus(405);//表示会话过期或没会话
|
this.printJson(response,"{\"error\":\"会话已过期\",\"statusCode\":405}");
|
}else if (reqUri.startsWith("/shopping")) { //shopping ,added by Johns Wang , 2016-02-17
|
String redirectUri = URIUtil.encodeURIComponent(hostUrl+reqUri+(queryString!=null?"?"+queryString:""));
|
//request.setAttribute("redirect", redirectUri);
|
response.sendRedirect("/login.jsp"+"?redirect="+redirectUri);
|
}else if(reqUri.startsWith("/copyurl.do")){//复制链接执行
|
response.sendRedirect("/login.jsp"+"?redirect="+queryString);
|
}else {
|
response.sendRedirect("/login.jsp");
|
}
|
return;
|
}
|
}
|
|
|
//获得数据库id和功能号[12,9801]
|
// http://shenzhenlanshe.onbus.cn:9001/personalized/177/0/cnzh/219001/index.jsp?r=5773
|
public int [] getFormid(String uri) {
|
String [] strs = null;
|
try {
|
strs = uri.split("/");
|
/*********第三个是数据库id第六个是功能号*********/
|
return new int[]{Integer.parseInt(strs[2]),Integer.parseInt(strs[5])};
|
} catch (Exception e) {
|
return null;
|
}
|
}
|
|
|
|
|
//设置当前线程的信息 用于记录日志
|
public void setCurrentThreadInfo(int formId,String userCode,String uri,String queryString){
|
CurrentLocal.setCurrentFormid(String.valueOf(formId));
|
CurrentLocal.setCurrentUser(userCode);
|
if(queryString!=null && queryString.length()>1500){
|
queryString = queryString.substring(0, 1500);
|
}
|
CurrentLocal.setURI(uri + "?" + queryString);
|
}
|
|
@Override
|
public void init(FilterConfig arg0) throws ServletException {
|
System.out.println("----------页面访问服务已启动----------");
|
}
|
@Override
|
public void destroy() {
|
System.out.println("----------页面访问服务已停止----------");
|
}
|
|
}
|