public boolean authenticate(HttpServletRequest request, HttpServletResponse response) {
String path = request.getRequestURI().substring(request.getContextPath().length() + "/rest/".length());
this.initContext(request, response);
String ip = Strings.getRemoteAddr(request);
CtpRestLogs ctpLog = new CtpRestLogs();
ctpLog.setExeurl(path);
ctpLog.setLoginIp(ip);
boolean isAnonymousUrl = this.isIgnoreToken(path);
if (!isAnonymousUrl) {
String token = getToken(request);
if (!Strings.isEmpty(token) && !"null".equalsIgnoreCase(token) && ServiceManager.checkToken(token)) {
ctpLog.setToken(token);
AppContext.putThreadContext("THREAD_CONTEXT_SESSION_KEY", request.getSession(true));
AppContext.putSessionContext(SessionLocaleResolver.LOCALE_SESSION_ATTRIBUTE_NAME, request.getLocale());
ServiceManager.getInstance().initCurrentUser(request, token);
User currentUser = AppContext.getCurrentUser();
if (currentUser != null) {
if (currentUser.isGuest()) {
if (!this.isGuestAccessable(path)) {
this.unauthorized(request, "该资源不允许Guest访问:" + path);
log.info("该资源不允许Guest访问:" + path + ", " + ip);
return true;
}
} else if (currentUser.isVisitor() && !this.isVisitorAccessable(path)) {
this.unauthorized(request, "该资源不允许Visitor访问:" + path);
log.info("该资源不允许Visitor访问:" + path + ", " + ip);
return true;
}
}
String loginName = ServiceManager.getInstance().getUserNameByToken(token);
try {
RestUser user = this.getRestUserManager().getUserByLoginName(loginName);
if (user == null) {
if (!ServiceManager.CUSTOM_REST_USER_NAME.equals(loginName)) {
boolean isClusterRequest = false;
if (ClusterConfigBean.getInstance().isClusterEnabled()) {
String remoteAddr = Strings.getRemoteAddr(request);
if (ClusterConfigBean.getInstance().getHosts().indexOf(remoteAddr) > 0) {
isClusterRequest = true;
}
}
if (!isClusterRequest) {
ctpLog.setStatus("0获取REST用户失败!");
this.getCtpRestLogsManager().insertLog(ctpLog);
this.unauthorized(request, "获取REST用户失败!");
log.info("获取REST用户失败:" + path + ", " + ip);
return true;
}
}
} else {
AppContext.putThreadContext("THREAD_CONTEXT_REST_USER", user);
ctpLog.setUserId(user.getId());
ctpLog.setLoginType("T");
}
List<RestResourceGroupVO> resourceGroupVOS = this.getResourceGroupManager().getRestResourceGroupVO();
Map<String, String> ruiTypeMap = this.getResourceUri(resourceGroupVOS);
String uriKey = this.uriVerification(path, ruiTypeMap);
if (StringUtils.isNotBlank(uriKey)) {
String groupType = (String)ruiTypeMap.get(uriKey);
boolean falg = this.authorityVerification(user, groupType);
if (this.isSpecialUser(user)) {
falg = true;
}
if (!falg) {
String message = " " + loginName + "无权限访问" + path + "需授权";
this.unauthorized(request, "2248" + message);
log.info(message + "_1:" + path + ", " + ip);
return true;
}
} else if ((Boolean)SysFlag.sys_isA6Ver.getFlag() && !this.isSpecialUser(user)) {
String message = " " + loginName + "无权限访问" + path + "需授权";
this.unauthorized(request, "2248" + message);
log.info(message + "_2:" + path + ", " + ip);
return true;
}
if (currentUser != null) {
String accountLockMode = this.getSystemConfig().get("account_lock_mode");
if ("account".equals(accountLockMode)) {
int USER_LOGIN_COUNT = Integer.parseInt(this.getSystemConfig().get("account_lock_times"));
for(Constants.login_sign sign : login_sign.values()) {
LockLoginInfoFactory.LockLoginInfo info = LockLoginInfoFactory.getInstance().get(currentUser.getLoginName(), sign.value());
if ("enable".equals(this.getSystemConfig().get("is_open_lock_protect")) && info != null && info.getCount() >= USER_LOGIN_COUNT) {
String msg = "2248" + ResourceUtil.getString("loginUserState.accountLock");
this.unauthorized(request, msg);
log.info(msg + "_3:" + path + ", " + ip);
return true;
}
}
}
}
} catch (Throwable e1) {
ctpLog.setStatus("0获取REST用户失败!");
log.error("获取REST用户失败!" + e1.getLocalizedMessage() + ", " + path + ", " + ip, e1);
}
ctpLog.setStatus(ctpLog.getStatus() == null ? "1" : ctpLog.getStatus());
} else {
HttpSession session = request.getSession(false);
boolean hasCurrentUser = session != null && session.getAttribute("com.seeyon.current_user") != null;
if (!hasCurrentUser) {
LoginResult loginResult = LoginTokenUtil.checkLoginToken(request);
if (!loginResult.isOK()) {
ctpLog.setToken("invalid");
ctpLog.setUserId(0L);
ctpLog.setLoginType("S");
ctpLog.setStatus("0");
String error = loginResult.getStatus() == 1010 ? ResourceUtil.getString("loginUserState.unknown") : ResourceUtil.getString("login.label.ErrorCode." + loginResult.getStatus());
this.unauthorized(request, loginResult.getStatus() + ":" + error);
log.info(error + ":" + loginResult.getStatus() + ", " + path + ", " + ip);
return true;
}
ctpLog.setToken(request.getHeader("ltoken"));
ctpLog.setLoginType("L");
ctpLog.setStatus("1");
} else {
User currentUser = AppContext.getCurrentUser();
if (currentUser == null) {
this.unauthorized(request, "Session没有对应的登录用户");
log.info("Session没有对应的登录用户:" + path + ", " + ip);
return true;
}
if (currentUser.isGuest()) {
if (!this.isGuestAccessable(path)) {
this.unauthorized(request, "该资源不允许Guest访问:" + path);
log.info("该资源不允许Guest访问:" + path + ", " + ip);
return true;
}
} else if (currentUser.isVisitor() && !this.isVisitorAccessable(path)) {
this.unauthorized(request, "该资源不允许Visitor访问:" + path);
log.info("该资源不允许Visitor访问:" + path + ", " + ip);
return true;
}
String message1 = CurrentUserToSeeyonApp.getUserOnlineMessage(request, true);
if (message1 != null) {
this.unauthorized(request, message1);
log.info("在线状态异常:" + message1 + ", " + path + ", " + ip);
return true;
}
String input = request.getMethod() + " " + path;
for(Pattern p : sessionUserBlacklist) {
if (p.matcher(input).find()) {
this.unauthorized(request, "请使用Token,Session登录不允许访问该接口:" + path);
log.info("请使用Token,Session登录不允许访问该接口:" + path + ", " + ip);
return true;
}
}
AppContext.initSystemEnvironmentContext(request, response);
try {
String[] sessionMap = session.getAttribute("com.seeyon.current_user").toString().split("\t");
ctpLog.setUserId(Long.parseLong(sessionMap[0]));
} catch (Exception var22) {
this.unauthorized(request, "会话已失效。");
log.info("会话已失效:" + path + ", " + ip);
return true;
}
ctpLog.setToken(session.getId());
ctpLog.setLoginType("S");
ctpLog.setStatus("1");
}
}
this.getCtpRestLogsManager().insertLog(ctpLog);
}
HttpSession session = request.getSession(false);
if (session == null) {
session = request.getSession(true);
AppContext.putThreadContext("THREAD_CONTEXT_SESSION_KEY", session);
AppContext.putSessionContext(SessionLocaleResolver.LOCALE_SESSION_ATTRIBUTE_NAME, request.getLocale());
}
if (!"track/log".equals(path)) {
this.updateAccessTimestamp();
}
return true;
}