/* * Copyright 2009 by primedata Corporation. Address:TianChuang Technology Building, CaiHeFang * Road,Haidian District, Beijing * * All rights reserved. * * This software is the confidential and proprietary information of primedata * Corporation ("Confidential Information"). You shall not disclose such * Confidential Information and shall use it only in accordance with the terms * of the license agreement you entered into with primedata. */ package com.primeton.dgs.kernel.core.web; import java.io.IOException; import java.util.HashSet; import java.util.Set; import javax.servlet.ServletException; import javax.servlet.http.HttpServlet; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import net.sf.json.JSONArray; import com.eos.data.datacontext.UserObject; import com.primeton.dgs.kernel.core.common.ActionHelper; import com.primeton.dgs.kernel.core.common.ActionResult; import com.primeton.dgs.kernel.core.util.ExUtils; import com.primeton.licensemanager.checklicense.VerifyHLicenseException; import org.apache.commons.lang.StringUtils; import org.slf4j.Logger; import org.slf4j.LoggerFactory; import org.springframework.util.AntPathMatcher; import org.springframework.util.PathMatcher; /** * mvc主控 Servlet * * @author user * @version 1.0 2006-9-18 */ public class MainServlet extends HttpServlet { private static final long serialVersionUID = 1L; private Logger log = LoggerFactory.getLogger(MainServlet.class); public static final String ENCODE = "UTF-8"; String loginPath = "/login.do"; /** * 无需认证即可访问的白名单 */ protected Set authWriteList = new HashSet<>(); /** * Initialize global variables */ public void init() throws ServletException { log.info("MainServlet init."); } /** * Process the HTTP Get request */ public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { perform(request, response); } /** * Process the HTTP Post request */ public void doPost(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { perform(request, response); } /** * Process the HTTP request */ public void perform(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { response.setCharacterEncoding(ENCODE); String next = ""; try { String path = request.getServletPath(); String name = request.getParameter("invoke"); // 获取登录信息 Object userObject = request.getSession().getAttribute("userObject"); // 登录动作,不要拦截 //解决当session失效时,请求报错,后台报空指针,页面跳转到非登录页面 Object userProfile = request.getSession().getAttribute("com.primeton.dgs.workspace.system.common.UserProfile"); // 检查是否已经登录 if ((null == userObject && null == userProfile) || name == null) { // 未登录,是否在白名单 String resourcePath = request.getRequestURI().replaceAll(request.getContextPath(), ""); boolean cross = false; PathMatcher matcher = new AntPathMatcher(); for (String s : authWriteList) { cross = matcher.match(s, resourcePath); if(cross) { // 一旦通过一个,则进行下一步校验 break; } } // name is null 或者 不通过 if(name == null || !cross) { dispatch(request, response, WebViewer.LONGIN_PAGE); return; } } request.setAttribute("invoke", name); AbstractCommand cmd = CommandFactory.getInstance().getCommand(path); cmd.init(request, response, getServletConfig()); next = cmd.execute(); if (null != next) { dispatch(request, response, next); } } catch (VerifyHLicenseException e) { if (isExt(request)) { performOnError(request, response, e); return; } request.setAttribute("javax.servlet.jspException", e); dispatch(request, response, WebViewer.LICENSE_PAGE); } catch (Exception e) { log.error("MainServlet catch an error:", e); if (isExt(request)) { performOnError(request, response, e); return; } request.setAttribute("_CommandExecuteException_", ExUtils.getMessage(request, e)); request.setAttribute("javax.servlet.jspException", e); dispatch(request, response, WebViewer.VIEW_ERROR); } } public void performOnError(HttpServletRequest request, HttpServletResponse response, Exception e) throws ServletException, IOException { String msg = ExUtils.getMessage(request, e); ActionResult rs = new ActionResult(false, msg); rs.put("list", new JSONArray()); try { if (isReturnXml(request)) { ActionHelper.outputXmlList(response, null, 0, rs); } else { ActionHelper.output(response, rs); } } catch (Exception er) { throw new ServletException(er); } } public void dispatch(HttpServletRequest request, HttpServletResponse response, String page) throws ServletException, IOException { log.info("Command dispath request to: " + page); if (page.toLowerCase().startsWith("http:") || page.toLowerCase().startsWith("https:")) { response.sendRedirect(page); } else { request.getRequestDispatcher(page).forward(request, response); } } /** * 添加排除 * @param s * @return */ public boolean addExclude(String s) { if(StringUtils.isBlank(s)) { return false; } return authWriteList.add(StringUtils.trim(s)); } public static boolean isExt(HttpServletRequest request) { return "Ext".equalsIgnoreCase(request.getHeader("Request-By")); } public static boolean isReturnXml(HttpServletRequest request) { return "XML".equalsIgnoreCase(request.getHeader("Response-By")); } }