Search in sources :

Example 1 with GreenStepBaseUsernamePasswordToken

use of com.netsteadfast.greenstep.sys.GreenStepBaseUsernamePasswordToken in project bamboobsc by billchen198318.

the class UserLoginInterceptor method intercept.

@Override
public String intercept(ActionInvocation actionInvocation) throws Exception {
    ActionContext actionContext = actionInvocation.getInvocationContext();
    Map<String, Object> session = actionContext.getSession();
    this.accountObj = (AccountObj) session.get(Constants.SESS_ACCOUNT);
    boolean fromCookieCheckOrRetySubjectLogin = false;
    // 有 sysCurrentId 的 cookie, 但用這個cookie資料count tb_sys_usess 又與 core-web 的資料不符
    boolean getUserCurrentCookieFail = false;
    String contextPath = ServletActionContext.getServletContext().getContextPath();
    if (!contextPath.endsWith(ApplicationSiteUtils.getContextPathFromMap(Constants.getMainSystem()))) {
        /**
			 * 1. 先用admin登入
			 * 2. 登出admin 改用 tester登入
			 * 這樣的話 gsbsc-web 的 http-session 還是admin , 所以非core-web 要檢查當前CURRENT cookie 中的帳戶是否與 gsbsc-web 一樣
			 * 要是不同的話就讓這個 http-session 失效掉
			 */
        this.invalidCurrentSessionForDifferentAccount(actionContext);
        SecurityUtils.setSecurityManager((DefaultSecurityManager) AppContext.getBean("securityManager"));
        Subject subject = SecurityUtils.getSubject();
        if (accountObj == null) {
            fromCookieCheckOrRetySubjectLogin = getUserCurrentCookie(actionContext);
            if (!fromCookieCheckOrRetySubjectLogin && UserCurrentCookie.foundCurrent((HttpServletRequest) actionContext.get(StrutsStatics.HTTP_REQUEST))) {
                // 有 sysCurrentId 的 cookie, 但用這個cookie資料count tb_sys_usess 又與 core-web 的資料不符
                getUserCurrentCookieFail = true;
            }
        }
        if (accountObj != null && !subject.isAuthenticated()) {
            fromCookieCheckOrRetySubjectLogin = true;
        }
    }
    if (accountObj != null && !StringUtils.isBlank(accountObj.getAccount())) {
        if (uSessLogHelper.countByAccount(accountObj.getAccount()) < 1) {
            return this.redirectLogin(session, getUserCurrentCookieFail);
        }
        if (fromCookieCheckOrRetySubjectLogin) {
            // core-web 有 session了, 但gsbsc-web 沒有session, 所以產生gsbsc-web 的 http session		
            SecurityUtils.setSecurityManager((DefaultSecurityManager) AppContext.getBean("securityManager"));
            Subject subject = SecurityUtils.getSubject();
            GreenStepBaseUsernamePasswordToken token = new GreenStepBaseUsernamePasswordToken();
            token.setRememberMe(false);
            token.setCaptcha("");
            token.setUsername(accountObj.getAccount());
            token.setPassword(((AccountVO) accountObj).getPassword().toCharArray());
            if (!subject.isAuthenticated()) {
                subject.login(token);
            }
            UserAccountHttpSessionSupport.create(actionContext, accountObj);
        }
        return actionInvocation.invoke();
    }
    return this.redirectLogin(session, getUserCurrentCookieFail);
}
Also used : HttpServletRequest(javax.servlet.http.HttpServletRequest) GreenStepBaseUsernamePasswordToken(com.netsteadfast.greenstep.sys.GreenStepBaseUsernamePasswordToken) ActionContext(com.opensymphony.xwork2.ActionContext) ServletActionContext(org.apache.struts2.ServletActionContext) AccountVO(com.netsteadfast.greenstep.vo.AccountVO) Subject(org.apache.shiro.subject.Subject)

Aggregations

GreenStepBaseUsernamePasswordToken (com.netsteadfast.greenstep.sys.GreenStepBaseUsernamePasswordToken)1 AccountVO (com.netsteadfast.greenstep.vo.AccountVO)1 ActionContext (com.opensymphony.xwork2.ActionContext)1 HttpServletRequest (javax.servlet.http.HttpServletRequest)1 Subject (org.apache.shiro.subject.Subject)1 ServletActionContext (org.apache.struts2.ServletActionContext)1