package com.zhjx.filter;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.regex.Matcher;
import java.util.regex.Pattern;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import com.alibaba.fastjson.JSON;
import com.zhjx.entity.SSOConfig;
import com.zhjx.response.ResultResponse;
/**
*
* @desc session管理的过滤器--filter
* @author zhjx-研发部-luobw
*
* 2019年3月14日
*/
@EnableConfigurationProperties(SSOConfig.class)
public class SessionFilter implements Filter{
protected static List<Pattern> patterns = new ArrayList<Pattern>();
@Value("${CLIENT_ID}")
private String CLIENT_ID;
// 认证服务器分配给应用的secret
@Value("${CLIENT_SECRET}")
private String CLIENT_SECRET;
// oes认证服务器的地址
// String OES_URL = "http://10.47.202.218:28002/";
@Value("${OES_URL}")
private String OES_URL;// 本地测试
// 回调地址(转码后)
// String REDIRECT_URI = "http://10.41.148.24:8080/index.html/callback";
@Value("${REDIRECT_URI}")
private String REDIRECT_URI;// 本地测试
// 获取accesstoken的url后缀
@Value("${OES_URL_ACCESSTOKEN_SUFFIX}")
private String OES_URL_ACCESSTOKEN_SUFFIX;
// 获取服务器认证的url后缀
@Value("${OES_URL_AUTH_SUFFIX}")
private String OES_URL_AUTH_SUFFIX;
// 获取服务器退出的url后缀
@Value("${OES_URL_LOGOUT_SUFFIX}")
private String OES_URL_LOGOUT_SUFFIX;
@Value("${URI}")
private String URI;// 本地测试
@Override
public void init(FilterConfig filterConfig) throws ServletException {
// TODO Auto-generated method stub
}
@Override
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest) request;
HttpServletResponse httpResponse = (HttpServletResponse) response;
HttpServletResponse re = (HttpServletResponse) response;
re.setHeader("Access-Control-Allow-Origin", "*");
re.setHeader("Access-Control-Allow-Methods", "POST, GET, OPTIONS, DELETE");
re.setHeader("Access-Control-Max-Age", "3600");
re.setHeader("Access-Control-Allow-Headers"," Origin, X-Requested-With, Content-Type, Accept");
String url =
httpRequest.getRequestURI().substring(httpRequest.getContextPath().length());
if (url.startsWith("/") && url.length() > 1) { url = url.substring(1); }
if (isInclude(url)){ chain.doFilter(httpRequest, httpResponse); return; }
else {
HttpSession session = httpRequest.getSession();
if (session.getAttribute("tokenId") != null){
// session存在
chain.doFilter(httpRequest, httpResponse);//放行
return;
} else {
String apiUrl = OES_URL+OES_URL_AUTH_SUFFIX+"?scope=user.role&response_type=code&redirect_uri="+REDIRECT_URI+"&client_id="+CLIENT_ID+"&stage=random";
((HttpServletResponse) response).sendRedirect(apiUrl);//重定向到认证服务器获取code
//chain.doFilter(request, re);//放行 本地测试放开
return;
}
}
}
@Override
public void destroy() {
// TODO Auto-generated method stub
}
/**
*
* @desc 过滤的url
* @author zhjx-研发部-luobw
*
* @param url
* @return
* 2019年3月14日
*/
private boolean isInclude(String url) {
for (Pattern pattern : patterns) {
Matcher matcher = pattern.matcher(url);
if (matcher.matches()) {
return true;
}
}
return false;
}
}
package com.zhjx.config;
import javax.servlet.Filter;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import com.zhjx.filter.SessionFilter;
/**
*
* @desc 配置session过滤器
* @author zhjx-研发部-luobw
*
* 2019年3月14日
*/
@Configuration
public class WebComponentConfig {
/**
* 配置过滤器
* @return
*/
@Bean
public FilterRegistrationBean someFilterRegistration() {
FilterRegistrationBean registration = new FilterRegistrationBean();
registration.setFilter(sessionFilter());
registration.addUrlPatterns("/*");
registration.addInitParameter("paramName", "paramValue");
registration.setName("sessionFilter");
registration.setOrder(1);
return registration;
}
/**
* 创建一个bean
* @return
*/
@Bean(name = "sessionFilter")
public Filter sessionFilter() {
return new SessionFilter();
}
}