|
@@ -1,15 +1,19 @@
|
|
|
package com.ym.mec.auth.core.filter;
|
|
|
|
|
|
import java.io.IOException;
|
|
|
+import java.util.Map;
|
|
|
+import java.util.function.BiFunction;
|
|
|
|
|
|
import javax.servlet.FilterChain;
|
|
|
import javax.servlet.ServletException;
|
|
|
import javax.servlet.http.HttpServletRequest;
|
|
|
import javax.servlet.http.HttpServletResponse;
|
|
|
|
|
|
+import com.alibaba.fastjson.JSONObject;
|
|
|
import org.apache.commons.lang3.StringUtils;
|
|
|
import org.springframework.security.authentication.AbstractAuthenticationToken;
|
|
|
import org.springframework.security.authentication.AuthenticationServiceException;
|
|
|
+import org.springframework.security.authentication.InternalAuthenticationServiceException;
|
|
|
import org.springframework.security.core.Authentication;
|
|
|
import org.springframework.security.core.AuthenticationException;
|
|
|
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
|
|
@@ -20,23 +24,9 @@ import com.ym.mec.auth.config.token.PhoneAuthenticationToken;
|
|
|
import com.ym.mec.common.security.SecurityConstants;
|
|
|
|
|
|
public class PhoneLoginAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
|
|
|
-
|
|
|
- private static final String SPRING_SECURITY_RESTFUL_PHONE_KEY = "phone";
|
|
|
- private static final String SPRING_SECURITY_RESTFUL_VERIFY_CODE_KEY = "smsCode";
|
|
|
- private static final String clientIdParameter = "clientId";
|
|
|
- private static final String IS_LESSEE = "isLessee";
|
|
|
-
|
|
|
- private static final String TENANT_ID = "tenantId";
|
|
|
-
|
|
|
- private static final String ORGAN_ID = "organId";
|
|
|
-
|
|
|
- private static final String DEVICE_NUM = "deviceNum";
|
|
|
-
|
|
|
- private static final String SPRING_SECURITY_RESTFUL_LOGIN_URL = "/smsLogin";
|
|
|
private boolean postOnly = true;
|
|
|
-
|
|
|
public PhoneLoginAuthenticationFilter() {
|
|
|
- super(new AntPathRequestMatcher(SPRING_SECURITY_RESTFUL_LOGIN_URL, "POST"));
|
|
|
+ super(new AntPathRequestMatcher("/smsLogin", "POST"));
|
|
|
}
|
|
|
|
|
|
@Override
|
|
@@ -44,30 +34,43 @@ public class PhoneLoginAuthenticationFilter extends AbstractAuthenticationProces
|
|
|
if (postOnly && !request.getMethod().equals("POST")) {
|
|
|
throw new AuthenticationServiceException("Authentication method not supported: " + request.getMethod());
|
|
|
}
|
|
|
+ //拼装请求参数
|
|
|
+ LoginEntity loginEntity = getLoginEntity(request);
|
|
|
+ AbstractAuthenticationToken authRequest = new PhoneAuthenticationToken(SecurityConstants.PHONE_PRINCIPAL_PREFIX + loginEntity.getPhone(), loginEntity);
|
|
|
+ // Allow subclasses to set the "details" property
|
|
|
+ authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
|
|
|
+ return this.getAuthenticationManager().authenticate(authRequest);
|
|
|
+ }
|
|
|
+
|
|
|
+ @Override
|
|
|
+ protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult)
|
|
|
+ throws IOException, ServletException {
|
|
|
+ super.successfulAuthentication(request, response, chain, authResult);
|
|
|
+ // chain.doFilter(request, response);
|
|
|
+ }
|
|
|
|
|
|
- AbstractAuthenticationToken authRequest;
|
|
|
+ private String obtainParameter(HttpServletRequest request, String parameter) {
|
|
|
+ String result = request.getParameter(parameter);
|
|
|
+ return result == null ? "" : result;
|
|
|
+ }
|
|
|
+
|
|
|
+ private LoginEntity getLoginEntity(HttpServletRequest request){
|
|
|
// 手机验证码登陆
|
|
|
- String principal = obtainParameter(request, SPRING_SECURITY_RESTFUL_PHONE_KEY);
|
|
|
- String credentials = obtainParameter(request, SPRING_SECURITY_RESTFUL_VERIFY_CODE_KEY);
|
|
|
+ String principal = obtainParameter(request, "phone");
|
|
|
+ String credentials = obtainParameter(request, "smsCode");
|
|
|
// 是否是租户
|
|
|
- String isLessee = obtainParameter(request, IS_LESSEE);
|
|
|
-
|
|
|
- String tenantId = obtainParameter(request, TENANT_ID);
|
|
|
-
|
|
|
- String organId = obtainParameter(request, ORGAN_ID);
|
|
|
-
|
|
|
+ String isLessee = obtainParameter(request, "isLessee");
|
|
|
+ String tenantId = obtainParameter(request, "tenantId");
|
|
|
+ String organId = obtainParameter(request, "organId");
|
|
|
boolean isRegister = StringUtils.equals("1", isLessee) || StringUtils.equals("true", isLessee);
|
|
|
|
|
|
- String clientId = request.getParameter(clientIdParameter).toUpperCase();
|
|
|
-
|
|
|
+ String clientId = request.getParameter("clientId").toUpperCase();
|
|
|
if ("EDUCATION".equals(clientId)) {
|
|
|
clientId = "SYSTEM";
|
|
|
}
|
|
|
-
|
|
|
- String deviceNum = request.getParameter(DEVICE_NUM);
|
|
|
+ String deviceNum = request.getParameter("deviceNum");
|
|
|
|
|
|
principal = principal.trim();
|
|
|
-
|
|
|
LoginEntity loginEntity = new LoginEntity();
|
|
|
loginEntity.setClientId(clientId);
|
|
|
loginEntity.setPhone(principal);
|
|
@@ -78,28 +81,7 @@ public class PhoneLoginAuthenticationFilter extends AbstractAuthenticationProces
|
|
|
if(StringUtils.isNotEmpty(tenantId)){
|
|
|
loginEntity.setTenantId(Integer.parseInt(tenantId));
|
|
|
}
|
|
|
-
|
|
|
- authRequest = new PhoneAuthenticationToken(SecurityConstants.PHONE_PRINCIPAL_PREFIX + principal, loginEntity);
|
|
|
-
|
|
|
- // Allow subclasses to set the "details" property
|
|
|
- setDetails(request, authRequest);
|
|
|
- return this.getAuthenticationManager().authenticate(authRequest);
|
|
|
- }
|
|
|
-
|
|
|
- @Override
|
|
|
- protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response, FilterChain chain, Authentication authResult)
|
|
|
- throws IOException, ServletException {
|
|
|
- super.successfulAuthentication(request, response, chain, authResult);
|
|
|
- // chain.doFilter(request, response);
|
|
|
- }
|
|
|
-
|
|
|
- private void setDetails(HttpServletRequest request, AbstractAuthenticationToken authRequest) {
|
|
|
- authRequest.setDetails(authenticationDetailsSource.buildDetails(request));
|
|
|
- }
|
|
|
-
|
|
|
- private String obtainParameter(HttpServletRequest request, String parameter) {
|
|
|
- String result = request.getParameter(parameter);
|
|
|
- return result == null ? "" : result;
|
|
|
+ return loginEntity;
|
|
|
}
|
|
|
|
|
|
}
|