SecurityInterceptor4Long.java 5.55 KB
Newer Older
zhangxiaoyan committed
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157
package com.cy.report.action;

import java.util.List;
import java.util.Map;

import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;

import org.apache.commons.lang.StringUtils;
import org.apache.log4j.Logger;
import org.apache.struts2.StrutsStatics;

import com.cy.report.pojo.AppInfo;
import com.cy.report.pojo.User;
import com.cy.report.service.ServiceFactory;
import com.cy.report.utils.AuthUtil;
import com.cy.report.utils.Constant;
import com.cy.report.utils.StringUtil;
import com.opensymphony.xwork2.ActionContext;
import com.opensymphony.xwork2.ActionInvocation;
import com.opensymphony.xwork2.interceptor.AbstractInterceptor;


/**
 * All operations have to login system, The logged user must be verified.
 *
 *
 */
public class SecurityInterceptor4Long extends AbstractInterceptor  {

	private static final String LOGIN_KEY = "login";
	
	@Override
	public String intercept(ActionInvocation invocation) throws Exception {
		Logger logger = Logger.getLogger(SecurityInterceptor.class);
		
		
		ActionContext actionContext = invocation.getInvocationContext();
		HttpServletRequest req = (HttpServletRequest) actionContext.get(StrutsStatics.HTTP_REQUEST);
		HttpSession session = req.getSession();
		Map sessions = actionContext.getSession();
		if(session != null && session.getAttribute(Constant.SESSION_KEY) != null) {
			System.out.println("session 不为空,USER_SESSION不为空");
			logger.info("verified user operation");
			//System.out.println(session.getAttribute(Constant.SESSION_KEY));
			User user = (User) sessions.get(Constant.SESSION_KEY);
			String appOS = (String) sessions.get("APPOS_SESSION");
			//System.out.println(user.getEmail());
			if(user==null) {
				//System.out.println("SecurityInterceptorNoApp-----------------------"+LOGIN_KEY+"--------------------------");
				return LOGIN_KEY;
			} if (!user.getEmail().equals("lizhenlong_ry@reyun.com")) {
				return LOGIN_KEY;
			}
			
			return invocation.invoke();
		} else {
			System.out.println("session 为空,USER_SESSION为空,判断cookie");
			Cookie[] cookies = req.getCookies();
			if(cookies != null) {
				boolean hasauth = false;
				User user = null;
				String keyvalue = null;
				for(Cookie cookie : cookies) {
					System.out.println("cookie值::::::::::::::"+cookie.getName()+"_________________"+cookie.getValue());
					if(Constant.COOKIE_USERNAME.equals(cookie.getName())) {
						System.out.println("Cookie 不为空,REYUN_USERNAME不为空");
						String value = cookie.getValue();
						//System.out.println("SecurityInterceptor-----------------------"+value);
						if(StringUtils.isNotBlank(value)) {
							String[] values = value.split(Constant.splitStr);
							user = ServiceFactory.getUserService().getUserByEmailAndPassword(values[0],values[1]);
							if(user != null) {
//								String auth = ServiceFactory.getManagerService().getReportsByUserId(user.getId());
//								user.setUser_authority(auth);
								user.setAuthmap(ServiceFactory.getManagerService().getAuthMapByUserId(user.getId()));
								req.getSession().setAttribute(Constant.SESSION_KEY, user);
								req.getSession().setAttribute("isoriginaluser", user.getIsoriginaluser());
								req.getSession().setAttribute("ismanager", user.getIsmanager());
								String username = user.getUsername();
								if (StringUtil.isEmpty(username)) {
									username = user.getEmail();
								}
								req.getSession().setAttribute("user_name", username);
								
								if (InitListener.accountList.contains(user.getEmail())) {
									req.getSession()
									.setAttribute("isspecialaccount", "1");
								} else {
									req.getSession()
									.setAttribute("isspecialaccount", "0");
								}
								
								
								hasauth = true;
								
							}else{
								logger.info("user didn't exist");
								//System.out.println("SecurityInterceptorNoApp-----------------------"+LOGIN_KEY+"--------------------------");
								return LOGIN_KEY;						
							}
							
						}else{
							logger.info("unavailable user cookie");
							//System.out.println("SecurityInterceptorNoApp-----------------------"+LOGIN_KEY+"--------------------------");
							return LOGIN_KEY;
						}
					}
				}
				
				if (user == null) {
					if (req.getSession().getAttribute(Constant.SESSION_KEY) != null)
					{
						req.getSession().removeAttribute(Constant.SESSION_KEY);
					}
					if (req.getSession().getAttribute("isoriginaluser") != null) {
						req.getSession().removeAttribute("isoriginaluser");
					}
					if (req.getSession().getAttribute("user_name") != null) {
						req.getSession().removeAttribute("user_name");
					}
					if (req.getSession().getAttribute("isspecialaccount") != null) {
						req.getSession().removeAttribute("isspecialaccount");
					}
					//System.out.println("SecurityInterceptorNoChannel--------------------user cookie is null");
				}


				if (hasauth) {
					return invocation.invoke();
				}
			} else {
				System.out.println("cookie is null");
				if (req.getSession().getAttribute(Constant.SESSION_KEY) != null)
				{
					req.getSession().removeAttribute(Constant.SESSION_KEY);
				}
				if (req.getSession().getAttribute("isoriginaluser") != null) {
					req.getSession().removeAttribute("isoriginaluser");
				}
				if (req.getSession().getAttribute("user_name") != null) {
					req.getSession().removeAttribute("user_name");
				}
			}
		}
		
		
		
		//Cookies support
		logger.info("login first please");
		//System.out.println("SecurityInterceptorNoApp-----------------------"+LOGIN_KEY+"--------------------------");
		return LOGIN_KEY;
	}
	
	
}