use of com.netsteadfast.greenstep.sys.GreenStepBaseUsernamePasswordToken in project bamboobsc by billchen198318.
the class UserLoginInterceptor method intercept.
@Override
public String intercept(ActionInvocation actionInvocation) throws Exception {
ActionContext actionContext = actionInvocation.getInvocationContext();
Map<String, Object> session = actionContext.getSession();
this.accountObj = (AccountObj) session.get(Constants.SESS_ACCOUNT);
boolean fromCookieCheckOrRetySubjectLogin = false;
// 有 sysCurrentId 的 cookie, 但用這個cookie資料count tb_sys_usess 又與 core-web 的資料不符
boolean getUserCurrentCookieFail = false;
String contextPath = ServletActionContext.getServletContext().getContextPath();
if (!contextPath.endsWith(ApplicationSiteUtils.getContextPathFromMap(Constants.getMainSystem()))) {
/**
* 1. 先用admin登入
* 2. 登出admin 改用 tester登入
* 這樣的話 gsbsc-web 的 http-session 還是admin , 所以非core-web 要檢查當前CURRENT cookie 中的帳戶是否與 gsbsc-web 一樣
* 要是不同的話就讓這個 http-session 失效掉
*/
this.invalidCurrentSessionForDifferentAccount(actionContext);
SecurityUtils.setSecurityManager((DefaultSecurityManager) AppContext.getBean("securityManager"));
Subject subject = SecurityUtils.getSubject();
if (accountObj == null) {
fromCookieCheckOrRetySubjectLogin = getUserCurrentCookie(actionContext);
if (!fromCookieCheckOrRetySubjectLogin && UserCurrentCookie.foundCurrent((HttpServletRequest) actionContext.get(StrutsStatics.HTTP_REQUEST))) {
// 有 sysCurrentId 的 cookie, 但用這個cookie資料count tb_sys_usess 又與 core-web 的資料不符
getUserCurrentCookieFail = true;
}
}
if (accountObj != null && !subject.isAuthenticated()) {
fromCookieCheckOrRetySubjectLogin = true;
}
}
if (accountObj != null && !StringUtils.isBlank(accountObj.getAccount())) {
if (uSessLogHelper.countByAccount(accountObj.getAccount()) < 1) {
return this.redirectLogin(session, getUserCurrentCookieFail);
}
if (fromCookieCheckOrRetySubjectLogin) {
// core-web 有 session了, 但gsbsc-web 沒有session, 所以產生gsbsc-web 的 http session
SecurityUtils.setSecurityManager((DefaultSecurityManager) AppContext.getBean("securityManager"));
Subject subject = SecurityUtils.getSubject();
GreenStepBaseUsernamePasswordToken token = new GreenStepBaseUsernamePasswordToken();
token.setRememberMe(false);
token.setCaptcha("");
token.setUsername(accountObj.getAccount());
token.setPassword(((AccountVO) accountObj).getPassword().toCharArray());
if (!subject.isAuthenticated()) {
subject.login(token);
}
UserAccountHttpSessionSupport.create(actionContext, accountObj);
}
return actionInvocation.invoke();
}
return this.redirectLogin(session, getUserCurrentCookieFail);
}
Aggregations