private void writeResponse(HttpServletResponse resp, String response, int responseCode) {
try {
resp.setContentType("text/javascript; charset=UTF-8");
resp.setStatus(responseCode);
resp.getWriter().print(response);
} catch (IOException e) {
LOG.trace("输出API响应IO错误: " + e);
} catch (Exception e) {
if (!(e instanceof IllegalStateException)) {
LOG.error("输出API响应时出现了未知错误", e);
}
}
}
public String getSerializedApiError(ApiException ex) {
String responseText = null;
if (ex == null) {
return "{ \"errorCode\" : "
+ HttpServletResponse.SC_INTERNAL_SERVER_ERROR
+ ", \"errorText\" : \"发生了内部错误\" }";
}
try {
responseText = getSerializedApiError(ex.getErrorCode().getHttpCode(), ex.getMessage());
} catch (Exception e) {
LOG.error("响应HTTP请求出现错误", e);
}
return responseText;
}
private void processRequest(HttpServletRequest req, HttpServletResponse resp) {
StringBuffer auditTrailSb = new StringBuffer();
auditTrailSb.append(StringPool.SPACE + req.getRemoteAddr());
auditTrailSb.append(" -- " + req.getMethod() + " -- ");
Map<String, Object[]> params = Maps.newHashMap();
params.putAll(req.getParameterMap());
Map<String, String> cookies = cookiesToMap(req.getCookies());
String sessionKey = cookies.get(ApiConstants.SESSION_KEY);
String reqStr = auditTrailSb.toString();
LOG.debug("===START=== " + reqStr);
try {
Object[] commandObj = params.get("command");
if (commandObj != null && StringUtils.isNotBlank((String) commandObj[0])) {
String command = (String) commandObj[0];
if (ApiConstants.LOGOUT_COMMAND.equalsIgnoreCase(command)) {
_apiServer.userLogout(sessionKey);
auditTrailSb.append("command=" + ApiConstants.LOGOUT_COMMAND);
auditTrailSb.append(StringPool.SPACE + HttpServletResponse.SC_OK);
writeResponse(resp, getLogoutResponse(), HttpServletResponse.SC_OK);
return;
} else if (ApiConstants.LOGIN_COMMAND.equalsIgnoreCase(command)) {
auditTrailSb.append("command=" + ApiConstants.LOGIN_COMMAND);
String[] username = (String[]) params.get("username");
String[] password = (String[]) params.get("password");
if (username != null) {
String pwd = ((password == null) ? null : password[0]);
try {
String loginSessionKey = _apiServer.userLogin(username[0], pwd);
writeResponse(
resp,
"{\" " + ApiConstants.SESSION_KEY + " \":\"" + loginSessionKey + "\"}",
200);
return;
} catch (ApolloAuthenticationException e) {
auditTrailSb.append(e.getMessage() != null ? e.getMessage() : "无法验证用户,检查用户名/密码是正确的");
String serializedResponse =
getSerializedApiError(
ApiErrorCode.ACCOUNT_ERROR.getHttpCode(),
e.getMessage() != null ? e.getMessage() : "无法验证用户,检查用户名/密码是正确的");
writeResponse(resp, serializedResponse, ApiErrorCode.ACCOUNT_ERROR.getHttpCode());
return;
}
}
}
} else {
auditTrailSb.append(StringPool.SPACE + HttpServletResponse.SC_BAD_REQUEST + " command为空");
String serializedResponse =
getSerializedApiError(HttpServletResponse.SC_BAD_REQUEST, "command为空");
writeResponse(resp, serializedResponse, HttpServletResponse.SC_BAD_REQUEST);
return;
}
if (_apiServer.verifyUser(sessionKey)) {
// 验证sessionKey是否为null
if (StringUtils.isNotBlank(sessionKey)) {
params.put(ApiConstants.SESSION_KEY, new String[] {sessionKey});
}
if (_apiServer.verifyRequest(params)) {
params.put(ApiConstants.HTTP_METHOD, new String[] {req.getMethod()});
String response;
if (req.getContentType() != null
&& req.getContentType().toLowerCase(Locale.ENGLISH).startsWith(MULTIPART)) {
// 包含文件
Map<String, String> fileMap = UploadFile.uploadFile(req, WORKPATH);
response = _apiServer.handleFileRequest(params, auditTrailSb, fileMap);
} else {
response = _apiServer.handleRequest(params, auditTrailSb);
}
writeResponse(resp, response != null ? response : "", HttpServletResponse.SC_OK);
} else {
auditTrailSb.append(
StringPool.SPACE + HttpServletResponse.SC_UNAUTHORIZED + " 无法验证用户凭证或没有命令执行权限");
String serializedResponse =
getSerializedApiError(HttpServletResponse.SC_UNAUTHORIZED, "无法验证用户凭证或没有命令执行权限");
writeResponse(resp, serializedResponse, HttpServletResponse.SC_UNAUTHORIZED);
}
} else {
auditTrailSb.append(
StringPool.SPACE + HttpServletResponse.SC_UNAUTHORIZED + " sessionKey无效");
String serializedResponse =
getSerializedApiError(HttpServletResponse.SC_UNAUTHORIZED, "sessionKey无效");
writeResponse(resp, serializedResponse, HttpServletResponse.SC_UNAUTHORIZED);
}
} catch (ApiException e) {
String serializedResponseText = getSerializedApiError(e);
resp.setHeader("X-Description", e.getMessage());
writeResponse(resp, serializedResponseText, e.getErrorCode().getHttpCode());
auditTrailSb.append(StringPool.SPACE + e.getErrorCode() + StringPool.SPACE + e.getMessage());
} catch (Exception e) {
LOG.error("响应出现未知异常", e);
auditTrailSb.append("响应出现未知异常");
} finally {
ACCESS_LOG.info(auditTrailSb.toString());
LOG.debug("===END=== " + reqStr);
}
}
/** Created by markerking on 14-4-3. */
@Component
public class ApiServlet extends HttpServlet {
private static final Log LOG = Log.getLog(ApiServlet.class.getName());
private static final Log ACCESS_LOG = Log.getLog(ApiServlet.class);
public static final String MULTIPART = "multipart/";
private static String WORKPATH = "/";
@Autowired ApiServerService _apiServer;
public ApiServlet() {}
@Override
public void init(ServletConfig config) throws ServletException {
SpringBeanAutowiringSupport.processInjectionBasedOnServletContext(
this, config.getServletContext());
ServletContext servletCtx = config.getServletContext();
// 初始化路径
// 保存文件的目录
WORKPATH = servletCtx.getRealPath("/");
}
@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
processRequest(req, resp);
}
@Override
protected void doPost(HttpServletRequest req, HttpServletResponse resp)
throws ServletException, IOException {
processRequest(req, resp);
}
private void processRequest(HttpServletRequest req, HttpServletResponse resp) {
StringBuffer auditTrailSb = new StringBuffer();
auditTrailSb.append(StringPool.SPACE + req.getRemoteAddr());
auditTrailSb.append(" -- " + req.getMethod() + " -- ");
Map<String, Object[]> params = Maps.newHashMap();
params.putAll(req.getParameterMap());
Map<String, String> cookies = cookiesToMap(req.getCookies());
String sessionKey = cookies.get(ApiConstants.SESSION_KEY);
String reqStr = auditTrailSb.toString();
LOG.debug("===START=== " + reqStr);
try {
Object[] commandObj = params.get("command");
if (commandObj != null && StringUtils.isNotBlank((String) commandObj[0])) {
String command = (String) commandObj[0];
if (ApiConstants.LOGOUT_COMMAND.equalsIgnoreCase(command)) {
_apiServer.userLogout(sessionKey);
auditTrailSb.append("command=" + ApiConstants.LOGOUT_COMMAND);
auditTrailSb.append(StringPool.SPACE + HttpServletResponse.SC_OK);
writeResponse(resp, getLogoutResponse(), HttpServletResponse.SC_OK);
return;
} else if (ApiConstants.LOGIN_COMMAND.equalsIgnoreCase(command)) {
auditTrailSb.append("command=" + ApiConstants.LOGIN_COMMAND);
String[] username = (String[]) params.get("username");
String[] password = (String[]) params.get("password");
if (username != null) {
String pwd = ((password == null) ? null : password[0]);
try {
String loginSessionKey = _apiServer.userLogin(username[0], pwd);
writeResponse(
resp,
"{\" " + ApiConstants.SESSION_KEY + " \":\"" + loginSessionKey + "\"}",
200);
return;
} catch (ApolloAuthenticationException e) {
auditTrailSb.append(e.getMessage() != null ? e.getMessage() : "无法验证用户,检查用户名/密码是正确的");
String serializedResponse =
getSerializedApiError(
ApiErrorCode.ACCOUNT_ERROR.getHttpCode(),
e.getMessage() != null ? e.getMessage() : "无法验证用户,检查用户名/密码是正确的");
writeResponse(resp, serializedResponse, ApiErrorCode.ACCOUNT_ERROR.getHttpCode());
return;
}
}
}
} else {
auditTrailSb.append(StringPool.SPACE + HttpServletResponse.SC_BAD_REQUEST + " command为空");
String serializedResponse =
getSerializedApiError(HttpServletResponse.SC_BAD_REQUEST, "command为空");
writeResponse(resp, serializedResponse, HttpServletResponse.SC_BAD_REQUEST);
return;
}
if (_apiServer.verifyUser(sessionKey)) {
// 验证sessionKey是否为null
if (StringUtils.isNotBlank(sessionKey)) {
params.put(ApiConstants.SESSION_KEY, new String[] {sessionKey});
}
if (_apiServer.verifyRequest(params)) {
params.put(ApiConstants.HTTP_METHOD, new String[] {req.getMethod()});
String response;
if (req.getContentType() != null
&& req.getContentType().toLowerCase(Locale.ENGLISH).startsWith(MULTIPART)) {
// 包含文件
Map<String, String> fileMap = UploadFile.uploadFile(req, WORKPATH);
response = _apiServer.handleFileRequest(params, auditTrailSb, fileMap);
} else {
response = _apiServer.handleRequest(params, auditTrailSb);
}
writeResponse(resp, response != null ? response : "", HttpServletResponse.SC_OK);
} else {
auditTrailSb.append(
StringPool.SPACE + HttpServletResponse.SC_UNAUTHORIZED + " 无法验证用户凭证或没有命令执行权限");
String serializedResponse =
getSerializedApiError(HttpServletResponse.SC_UNAUTHORIZED, "无法验证用户凭证或没有命令执行权限");
writeResponse(resp, serializedResponse, HttpServletResponse.SC_UNAUTHORIZED);
}
} else {
auditTrailSb.append(
StringPool.SPACE + HttpServletResponse.SC_UNAUTHORIZED + " sessionKey无效");
String serializedResponse =
getSerializedApiError(HttpServletResponse.SC_UNAUTHORIZED, "sessionKey无效");
writeResponse(resp, serializedResponse, HttpServletResponse.SC_UNAUTHORIZED);
}
} catch (ApiException e) {
String serializedResponseText = getSerializedApiError(e);
resp.setHeader("X-Description", e.getMessage());
writeResponse(resp, serializedResponseText, e.getErrorCode().getHttpCode());
auditTrailSb.append(StringPool.SPACE + e.getErrorCode() + StringPool.SPACE + e.getMessage());
} catch (Exception e) {
LOG.error("响应出现未知异常", e);
auditTrailSb.append("响应出现未知异常");
} finally {
ACCESS_LOG.info(auditTrailSb.toString());
LOG.debug("===END=== " + reqStr);
}
}
private void writeResponse(HttpServletResponse resp, String response, int responseCode) {
try {
resp.setContentType("text/javascript; charset=UTF-8");
resp.setStatus(responseCode);
resp.getWriter().print(response);
} catch (IOException e) {
LOG.trace("输出API响应IO错误: " + e);
} catch (Exception e) {
if (!(e instanceof IllegalStateException)) {
LOG.error("输出API响应时出现了未知错误", e);
}
}
}
private Map<String, String> cookiesToMap(Cookie[] cookies) {
Map<String, String> map = Maps.newHashMap();
if (cookies == null) {
return map;
}
for (Cookie cookie : cookies) {
map.put(cookie.getName(), cookie.getValue());
}
return map;
}
public String getSerializedApiError(int errorCode, String errorText) {
return "{ \"errorCode\" : " + errorCode + ", \"errorText\" : \"" + errorText + "\" }";
}
public String getSerializedApiError(ApiException ex) {
String responseText = null;
if (ex == null) {
return "{ \"errorCode\" : "
+ HttpServletResponse.SC_INTERNAL_SERVER_ERROR
+ ", \"errorText\" : \"发生了内部错误\" }";
}
try {
responseText = getSerializedApiError(ex.getErrorCode().getHttpCode(), ex.getMessage());
} catch (Exception e) {
LOG.error("响应HTTP请求出现错误", e);
}
return responseText;
}
private String getLogoutResponse() {
return "{ \"success\": true }";
}
}
