package com.enterprise.web.filter; import java.io.IOException; import java.util.HashMap; import java.util.Map; import java.util.Properties; import javax.servlet.Filter; import javax.servlet.FilterChain; import javax.servlet.FilterConfig; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpSession; import net.sf.json.JSONObject; import org.apache.commons.lang.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.context.ApplicationContext; import org.springframework.core.io.ClassPathResource; import org.springframework.core.io.support.PropertiesLoaderUtils; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContext; import org.springframework.security.core.userdetails.UserDetails; import org.springframework.web.context.support.WebApplicationContextUtils; import com.enterprise.util.HttpClientUtil; import com.enterprise.util.RedisUtil; /** * 商家账号是否锁定 */ public class BizLoginCheckFilter implements Filter { private static final Logger LOG = LoggerFactory.getLogger(BizLoginCheckFilter.class); private final static String BIZ_LOCK = "BIZ_LOGIN_LOCK_"; private ApplicationContext ctx; private RedisUtil redisUtil; private String userDomain; public void destroy() {} public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest httpRequest = (HttpServletRequest)request; HttpServletResponse httpResponse = (HttpServletResponse)response; HttpSession session = httpRequest.getSession(false); if (session != null) { if (session.getAttribute("SPRING_SECURITY_CONTEXT") != null) { SecurityContext context = (SecurityContext) session.getAttribute("SPRING_SECURITY_CONTEXT"); Authentication authentication = context.getAuthentication(); if (authentication != null) { Object principal = authentication.getPrincipal(); if (principal instanceof UserDetails) { final String username = ((UserDetails) principal).getUsername(); if (StringUtils.isNotBlank(username)) { //是否被锁定 if (isLockedFromRedis(username)) { httpResponse.sendRedirect(userDomain + "/bizAccessDenied.html"); return; } } } } } } chain.doFilter(request, response); } private boolean isLockedFromRedis(final String username) { String bizLockVal = null; try { bizLockVal = redisUtil.get(BIZ_LOCK + username); } catch (Exception e) { LOG.error(">>>>>>>>>read "+username+" from redis isLocked failed:" + e.getMessage()); return isLockedFromDB(username); } if (StringUtils.isNotBlank(bizLockVal) && "1".equals(bizLockVal)) { return true; } return false; } private boolean isLockedFromDB(String username) { String url = userDomain + "/api/merchant/isLockedShop.html"; Map<String, String> params = new HashMap<String, String>(); params.put("username", username); try { String resultJson = HttpClientUtil.doPost(url, params, "UTF-8"); if (StringUtils.isNotBlank(resultJson)) { JSONObject jsonObject = JSONObject.fromObject(resultJson); //0:成功,1:失败 if (0 == jsonObject.getInt("code")) { //0:未锁定, 1:锁定 return jsonObject.getInt("data") == 1?true:false; } } LOG.info(">>>>>>>>>>>>>>[CAS] Biz isLocked接口[username="+username+"]返回值: " + resultJson); } catch (IOException e) { LOG.error(">>>>>>>>>>>>>>[CAS] Biz isLocked接口[username="+username+"]异常: " + e.getMessage()); } catch (Exception e) { LOG.error(">>>>>>>>>>>>>>[CAS] Biz isLocked接口[username="+username+"]异常: " + e.getMessage()); } return false; } public void init(FilterConfig filterConfig) throws ServletException { if(ctx == null){ ctx = WebApplicationContextUtils.getWebApplicationContext(filterConfig.getServletContext()); redisUtil = (RedisUtil)ctx.getBean("redisUtil"); try { Properties loaderUtils = PropertiesLoaderUtils.loadProperties(new ClassPathResource("domain.properties")); userDomain = loaderUtils.getProperty("user.domain"); } catch (IOException e) { userDomain = "http://user.qbao.com"; } } } }
判断商家是否被锁定,如果被锁定,直接跳转到出错页面, filter取到springConfig
猜你喜欢
转载自curious.iteye.com/blog/2295745
今日推荐
周排行