| | |
|---|
| | | if (null == ue) { |
|---|
| | | return; |
|---|
| | | } |
|---|
| | | |
|---|
| | | // 9.获取资源实体 |
|---|
| | | // 9.获取资源实体,status:0-禁用,1-启用原始地址,2-启用代理地址 |
|---|
| | | ResEntity entity = getResEntity(ue, resId); |
|---|
| | | if (null == entity || StaticData.THREE != entity.getType() || StringHelper.isNull(entity.getProxy()) || StringHelper.isNull(entity.getUrl())) { |
|---|
| | | if (null == entity || StaticData.I1 > entity.getStatus() || StringHelper.isNull(entity.getProxy()) || StringHelper.isNull(entity.getUrl())) { |
|---|
| | | WebHelper.writeStr2Page(res, ILLEGAL_RESOURCE); |
|---|
| | | return; |
|---|
| | | } |
|---|
| | | |
|---|
| | | insertLog(req, ue, resId); |
|---|
| | | |
|---|
| | | String url = getSourceUrl(req, entity, token); |
|---|
| | | String url = getUrl(req, ue, entity, token, isRest); |
|---|
| | | res.setHeader("token", token); |
|---|
| | | forward(req, res, entity, url); |
|---|
| | | } |
|---|
| | |
|---|
| | | if (StringHelper.isEmpty(ip)) { |
|---|
| | | return WebHelper.writeStr2Page(res, AuthInterceptor.IP_NULL); |
|---|
| | | } |
|---|
| | | |
|---|
| | | // 5.检查黑名单 |
|---|
| | | if (!checkBlackList(ip, req)) { |
|---|
| | | return WebHelper.writeStr2Page(res, AuthInterceptor.BLACK_LIST); |
|---|
| | | } |
|---|
| | | |
|---|
| | | // 6.admin跳过权限检测 |
|---|
| | | if (StaticData.ADMIN.equals(ue.getUid())) { |
|---|
| | | return true; |
|---|
| | | } |
|---|
| | | |
|---|
| | | // 7.检查白名单 |
|---|
| | | // 7.检查白名单和IP一致性 |
|---|
| | | if (!checkWhiteList(ip, req)) { |
|---|
| | | // 检查IP一致性 |
|---|
| | | if (!checkIpSource(ip, token)) { |
|---|
| | | return WebHelper.writeStr2Page(res, AuthInterceptor.ILLEGAL_TOKEN); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | // 8.检查用户ID是否禁用 |
|---|
| | | if (sysService.tokenService.isUidDisable(ue)) { |
|---|
| | | return WebHelper.writeStr2Page(res, AuthInterceptor.USER_LOCK); |
|---|
| | |
|---|
| | | if (blackList == null || blackList.isEmpty()) { |
|---|
| | | return true; |
|---|
| | | } |
|---|
| | | if (blackList.contains(ip)) { |
|---|
| | | return false; |
|---|
| | | } |
|---|
| | | |
|---|
| | | return true; |
|---|
| | | return !blackList.contains(ip); |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 检查IP一致性 |
|---|
| | | * 检查IP一致性:固定令牌不检查 |
|---|
| | | */ |
|---|
| | | private boolean checkIpSource(String ip, String token) { |
|---|
| | | TokenEntity te = sysService.tokenService.getEntityByToken(token); |
|---|
| | | |
|---|
| | | return te.getIp().equals(ip); |
|---|
| | | return StaticData.I1 == te.getType() || te.getIp().equals(ip); |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 检查资源权限 |
|---|
| | | */ |
|---|
| | | private ResEntity getResEntity(UserEntity ue, int resId) { |
|---|
| | | String uid = StaticData.ADMIN.equals(ue.getUid()) ? null : ue.getUid(); |
|---|
| | | List<ResEntity> rs = permsService.selectRes(uid); |
|---|
| | | List<ResEntity> rs = StaticData.ADMIN.equals(ue.getUid()) ? permsService.selectAllRes() : permsService.selectRes(ue.getUid()); |
|---|
| | | if (null == rs || rs.isEmpty()) { |
|---|
| | | return null; |
|---|
| | | } |
|---|
| | | |
|---|
| | | // List<ResEntity> list = rs.stream().filter(resEntity -> resEntity.getId() == resId).collect(Collectors.toList()) |
|---|
| | | for (ResEntity entity : rs) { |
|---|
| | | if (resId == entity.getId()) { |
|---|
| | |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 获取原始Url |
|---|
| | | * 获取Url |
|---|
| | | */ |
|---|
| | | private String getSourceUrl(HttpServletRequest req, ResEntity entity, String token) { |
|---|
| | | private String getUrl(HttpServletRequest req, UserEntity ue, ResEntity entity, String token, boolean isRest) { |
|---|
| | | String proxyUrl = entity.getProxy().replace("{token}", token); |
|---|
| | | int end = req.getRequestURL().indexOf(proxyUrl) + proxyUrl.length(); |
|---|
| | | |
|---|
| | | String url = entity.getUrl() + req.getRequestURL().substring(end); |
|---|
| | | if (null != req.getQueryString()) { |
|---|
| | | url = url + (entity.getUrl().contains("?") ? "&" : "?") + req.getQueryString(); |
|---|
| | | String url = entity.getUrl().trim() + req.getRequestURL().substring(end); |
|---|
| | | // category:0-其他,1-GisServer,2-GeoServer,3-数简 |
|---|
| | | if (StaticData.I2 == entity.getCategory()) { |
|---|
| | | url = getGeoServerUrl(req, ue, entity, url); |
|---|
| | | } else if (StaticData.I3 == entity.getCategory()) { |
|---|
| | | if (null != req.getQueryString()) { |
|---|
| | | url = url + (url.contains("?") ? "&" : "?") + req.getQueryString(); |
|---|
| | | } |
|---|
| | | if (isRest) { |
|---|
| | | url = url.replace("/v6/wmts/", "/v6/rest/"); |
|---|
| | | } |
|---|
| | | if (!StringHelper.isNull(entity.getArgs())) { |
|---|
| | | url = url + (url.contains("?") ? "&" : "?") + entity.getArgs(); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | |
|---|
| | | return url; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 获取GeoServer地址 |
|---|
| | | */ |
|---|
| | | private String getGeoServerUrl(HttpServletRequest req, UserEntity ue, ResEntity entity, String url) { |
|---|
| | | if (null == req.getQueryString()) { |
|---|
| | | return url; |
|---|
| | | } |
|---|
| | | |
|---|
| | | String str = req.getQueryString(); |
|---|
| | | boolean isLower = str.contains(StaticData.SERVICE); |
|---|
| | | String layersKey = isLower ? StaticData.LAYERS : StaticData.LAYERS.toUpperCase(); |
|---|
| | | String layers = req.getParameter(layersKey); |
|---|
| | | String request = req.getParameter(isLower ? StaticData.REQUEST : StaticData.REQUEST.toUpperCase()); |
|---|
| | | if (!StaticData.GET_CAPABILITIES.equals(request)) { |
|---|
| | | int start = str.indexOf(layersKey); |
|---|
| | | int end = str.indexOf("&", start); |
|---|
| | | layers = filterGeoLayers(ue, layers); |
|---|
| | | |
|---|
| | | str = str.replace(str.substring(start, end > -1 ? end : str.length()), layersKey + "=" + layers); |
|---|
| | | } else { |
|---|
| | | List<String> tabs = StaticData.ADMIN.equals(ue.getUid()) ? permsService.selectAllTabs() : permsService.selectTabs(ue.getUid()); |
|---|
| | | entity.setTab(null == tabs ? "" : StringHelper.join(tabs, ",")); |
|---|
| | | entity.setBak(StaticData.GET_CAPABILITIES); |
|---|
| | | } |
|---|
| | | |
|---|
| | | return url + (url.contains("?") ? "&" : "?") + str; |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 过滤GeoServer图层 |
|---|
| | | */ |
|---|
| | | private String filterGeoLayers(UserEntity ue, String layers) { |
|---|
| | | List<String> tabs = StaticData.ADMIN.equals(ue.getUid()) ? permsService.selectAllTabs() : permsService.selectTabs(ue.getUid()); |
|---|
| | | if (null == tabs || tabs.isEmpty() || StringHelper.isEmpty(layers)) { |
|---|
| | | return ""; |
|---|
| | | } |
|---|
| | | |
|---|
| | | StringBuilder sb = new StringBuilder(); |
|---|
| | | String[] strs = layers.split(StaticData.COMMA); |
|---|
| | | for (String str : strs) { |
|---|
| | | if (tabs.contains(str)) { |
|---|
| | | sb.append(str).append(","); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | sb.deleteCharAt(sb.length() - 1); |
|---|
| | | |
|---|
| | | return sb.toString(); |
|---|
| | | } |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * 转发请求 |
|---|
| | | */ |
|---|
| | | private void forward(HttpServletRequest request, HttpServletResponse response, ResEntity entity, String url) throws Exception { |
|---|
