package com.landtool.lanbase.common.shiro;
|
|
import com.google.gson.Gson;
|
import com.landtool.lanbase.common.utils.HttpUtils;
|
import com.landtool.lanbase.common.utils.Result;
|
|
import org.apache.commons.lang.StringUtils;
|
import org.apache.http.HttpStatus;
|
import org.apache.shiro.SecurityUtils;
|
import org.apache.shiro.authc.AuthenticationException;
|
import org.apache.shiro.authc.AuthenticationToken;
|
import org.apache.shiro.subject.Subject;
|
import org.apache.shiro.web.filter.authc.AuthenticatingFilter;
|
import org.springframework.web.bind.annotation.RequestMethod;
|
|
import javax.servlet.ServletRequest;
|
import javax.servlet.ServletResponse;
|
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletResponse;
|
import java.io.IOException;
|
|
/**
|
* @author lanbase
|
* @Description: TODO(shiro 认证过滤器)
|
* @date 2017-6-23 15:07
|
*/
|
public class ShiroAuthenticatingFilter extends AuthenticatingFilter {
|
|
// 创建shiro认证的token
|
@Override
|
protected AuthenticationToken createToken(ServletRequest request, ServletResponse response) throws Exception {
|
HttpServletRequest httpRequest = (HttpServletRequest) request;
|
String username = httpRequest.getRemoteUser();
|
// 获取请求token
|
String token = getRequestToken((HttpServletRequest) request);
|
ShiroToken shiroToken = null;
|
if (!StringUtils.isBlank(token)) {
|
shiroToken = new ShiroToken(token);
|
} else if (!StringUtils.isBlank(username)) {
|
shiroToken = new ShiroToken(username, true);
|
} else {
|
return null;
|
}
|
return shiroToken;
|
}
|
|
// protected boolean preHandle(ServletRequest request, ServletResponse
|
// response) throws Exception {
|
// HttpServletRequest httpRequest = WebUtils.toHttp(request);
|
// HttpServletResponse httpResponse = WebUtils.toHttp(response);
|
// if (httpRequest.getMethod().equals(RequestMethod.OPTIONS.name())) {
|
// httpResponse.setHeader("Access-control-Allow-Origin", origin);
|
// httpResponse.setHeader("Access-Control-Allow-Methods",
|
// httpRequest.getMethod());
|
// httpResponse.setHeader("Access-Control-Allow-Headers",
|
// httpRequest.getHeader("Access-Control-Request-Headers"));
|
// httpResponse.setStatus(HttpStatus.OK.value());
|
// return false;
|
// }
|
// return super.preHandle(request, response);
|
// }
|
|
// 是否允许访问
|
@Override
|
protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
|
return false;
|
}
|
|
private String getLoginNamefromXml(HttpServletRequest request) throws Exception {
|
String username = "";
|
// 判断ticket
|
String CASHOST = "https://spinach.lt.com:9443/cas/";
|
String ticket = request.getParameter("ticket");
|
String server = request.getRequestURL().toString();
|
if (!org.springframework.util.StringUtils.isEmpty(ticket)) {
|
String validateurl = CASHOST + "serviceValidate?ticket=" + ticket + "&service=" + server;
|
|
String casxml;
|
|
casxml = HttpUtils.get(validateurl);
|
Integer index = casxml.indexOf("<cas:user>");
|
Integer end = casxml.indexOf("</cas:user>");
|
|
if (index > 0) {
|
username = casxml.substring(index + 10, end);
|
}
|
|
}
|
return username;
|
}
|
// 拒绝访问的出来
|
@Override
|
protected boolean onAccessDenied(ServletRequest request, ServletResponse response) throws Exception {
|
HttpServletRequest httpRequest = (HttpServletRequest) request;
|
HttpServletResponse httpResponse = (HttpServletResponse) response;
|
// 处理CORS的options请求 by Tanbin
|
if (httpRequest.getMethod().equals(RequestMethod.OPTIONS.name())) {
|
String origin = httpRequest.getHeader("Origin");
|
httpResponse.setHeader("Access-control-Allow-Origin", origin);
|
httpResponse.setHeader("Access-Control-Allow-Methods", httpRequest.getMethod());
|
httpResponse.setHeader("Access-Control-Allow-Credentials", "true");
|
httpResponse.setHeader("Access-Control-Allow-Headers",
|
httpRequest.getHeader("Access-Control-Request-Headers"));
|
httpResponse.setStatus(HttpStatus.SC_OK);
|
return false;
|
}
|
|
String username = ((HttpServletRequest)request).getRemoteUser();
|
if(StringUtils.isEmpty(username))
|
{
|
username = getLoginNamefromXml((HttpServletRequest)request);
|
}
|
|
// 获取请求token,如果token不存在,直接返回401
|
String token = getRequestToken((HttpServletRequest) request);
|
|
if (!StringUtils.isBlank(token)) {
|
return executeLogin(request, response);
|
} else if (!StringUtils.isBlank(username)) {
|
// 如果已经登录,判读是否有权限
|
System.out.print(username);
|
Subject subject = SecurityUtils.getSubject();
|
ShiroToken up = new ShiroToken(username, true);
|
subject.login(up);
|
return true;
|
}
|
return false ;
|
}
|
|
@Override
|
protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest request,
|
ServletResponse response) {
|
HttpServletResponse httpResponse = (HttpServletResponse) response;
|
httpResponse.setContentType("application/json;charset=utf-8");
|
try {
|
// 处理登录失败的异常
|
Throwable throwable = e.getCause() == null ? e : e.getCause();
|
Result r = Result.error(HttpStatus.SC_UNAUTHORIZED, throwable.getMessage());
|
|
String json = new Gson().toJson(r);
|
httpResponse.getWriter().print(json);
|
} catch (IOException e1) {
|
|
}
|
|
return false;
|
}
|
|
/**
|
* 获取请求的token
|
*/
|
private String getRequestToken(HttpServletRequest httpRequest) {
|
// 从header中获取token
|
String token = httpRequest.getHeader("token");
|
|
// 如果header中不存在token,则从参数中获取token
|
if (StringUtils.isBlank(token)) {
|
token = httpRequest.getParameter("token");
|
}
|
|
return token;
|
}
|
|
}
|
