private boolean preHandleTest(
HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
String ctx = request.getContextPath();
String uri = request.getRequestURI();
// 判断拦截器排除的请求集合中是否包含当前请求
if (excludes != null) {
boolean result = false;
for (String exclude : excludes) {
// 如果包含当前请求, 则不拦截
if (uri.startsWith(ctx + exclude)) {
result = true;
break;
}
}
if (result) {
logger.debug("身份认证拦截器排除的请求: {}", uri);
return result;
}
}
HttpSession session = request.getSession();
if (com.lefthand.comm.context.SecurityContextHolder.getHandler() == null) {
String loginName = (String) session.getAttribute(CASFilter.CAS_FILTER_USER);
// gzrd.wsclient.user.UserWebService userWebService=
// ApplicationContextHolder.getBean("UserWebService");
User user = userService.getUserByName(loginName);
Long curPosId = user.getPosId();
logger.debug("CASFilter.CAS_FILTER_USER="******"curPosId=" + curPosId);
try {
// 身份认证成功后, 获取的岗位信息
com.lefthand.security.organization.domain.Post post =
authenticateService.authenticateAfter(loginName, curPosId);
// 判断获取岗位信息是否成功
if (post == null) {
// 获取失败则重定向到错误页
logger.error("登录名:{}, 岗位:{}, 身份信息获取失败.", loginName, curPosId);
// return "redirect:/error/403";
}
/*Area area = areaService.getByUasId(post.getUnit().getUasId());
post.getUnit().setArea(area);
if (ObjectUtils.equals(post.getParent().getName(), gzrd.ssim.utils.Constants.DEPARTMENT_NAME_GRID)) {
post.getUnit().setLevel(new GridLevel());
} else {
post.getUnit().setLevel(levelService.getByArea(area));
}
Log log = new Log(post, LogModules.LOGIN, OperationType.DEFAULT, (long)0, ObjectType.DEFAULT, post.getUser().getName()+"登陆综治系统");
logService.insert(log);*/
// 将岗位信息设置到会话
com.lefthand.comm.context.SecurityContextHolder.setHandler(post);
} catch (Exception e) {
logger.error(e.getMessage(), e);
throw new com.lefthand.comm.exception.ApplicationException(e.getMessage(), e);
}
}
boolean result = super.preHandle(request, response, handler);
return result;
}
private boolean preHandleProduction(
HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
String ctx = request.getContextPath();
String uri = request.getRequestURI();
// 判断拦截器排除的请求集合中是否包含当前请求
if (excludes != null) {
boolean result = false;
for (String exclude : excludes) {
// 如果包含当前请求, 则不拦截
if (uri.startsWith(ctx + exclude)) {
result = true;
break;
}
}
if (result) {
logger.debug("身份认证拦截器排除的请求: {}", uri);
return result;
}
}
HttpSession session = request.getSession();
// String loginName = (String) session.getAttribute(CASFilter.CAS_FILTER_USER);
// User user = userService.getUserByName(loginName);
// Long curPosId = user.getPosId();
boolean result = true;
String curPosId = request.getParameter("curPosId"); // 传递的岗位编号
String loginName = request.getParameter("curuserId"); // 传递的用户名
logger.debug("CASFilter.CAS_FILTER_USER="******"curPosId=" + curPosId);
if (uri.equals(ctx + "/homePage")
&& StringUtils.isNotBlank(loginName)
&& StringUtils.isNotBlank(curPosId)) {
try {
// 身份认证成功后, 获取的岗位信息
com.lefthand.security.organization.domain.Post post =
authenticateService.authenticateAfter(loginName, Long.parseLong(curPosId));
// 判断获取岗位信息是否成功
if (post == null) {
result = false;
// 获取失败则重定向到错误页
logger.error("登录名:{}, 岗位:{}, 身份信息获取失败.", loginName, curPosId);
// return "redirect:/error/403";
}
// 将岗位信息设置到会话
com.lefthand.comm.context.SecurityContextHolder.setHandler(post);
} catch (Exception e) {
logger.error(e.getMessage(), e);
throw new com.lefthand.comm.exception.ApplicationException(e.getMessage(), e);
}
} else {
if (com.lefthand.comm.context.SecurityContextHolder.getHandler() == null) {
result = false;
}
}
if (!result) {
response.sendError(HttpServletResponse.SC_FORBIDDEN, "Session failure.");
}
response.addHeader("P3P", "CP=CAO PSA OUR");
return result;
}
