authutil.java

通过面向对象的对象-关系映射持久化技术

package com.faw_qm.ipa.service;

import org.apache.commons.logging.Log;
import org.apache.commons.logging.LogFactory;
import org.apache.log4j.Logger;

import java.util.*;

import javax.servlet.http.HttpServletRequest;

import com.faw_qm.ipa.servlet.HibernateFilter;
import com.faw_qm.ipa.bo.*;
import com.faw_qm.ipa.frame.util.*;
import com.fawvw.ldap.util.AppUtil;
import com.fawvw.ldap.util.User;
import com.vw.security.rbs.QMRBSService;
import com.vw.security.rbs.RBSUser;

public class AuthUtil {
	
	public static Logger log = Logger.getLogger(AuthUtil.class);
	static String connecturl;
	static ResourceBundle bundle;
	static String ldap_user;
	static String ldap_pass;
	static RBSUser rbsUser = new RBSUser();
	
	static {
		try {
			bundle = ResourceBundle.getBundle("system");
			connecturl = bundle.getString("ldap.host")+":"+
					bundle.getString("ldap.port");		
			ldap_user = bundle.getString("ldap.user");	
			ldap_pass = bundle.getString("ldap.pass");
		} catch (Exception e) {
			// TODO Auto-generated catch block
			log.error(e);
		}
	}
	
	public static String getConnecturl() {
		return connecturl;
	}

	public static String getLdap_user() {
		if (Util.NVL(ldap_user))
			ldap_user = "";
		return ldap_user;
	}	
	
	public static String getLdap_pass() {
		if (Util.NVL(ldap_pass))
			ldap_pass = "";		
		return ldap_pass;
	}
	
	/**
	 * IPA_P用到的LDAP身份校验
	 * 20080806
	 * @param userid
	 * @param password
	 * @param request
	 * @return
	 */
    public static boolean authenticate(String userid,String password,HttpServletRequest request) {
    	log.info("开始检查用户身份--"+userid+"--"+password);
    	boolean b = false;
		
		if (userid != "" && password != ""){
			rbsUser.setUID(userid);
			rbsUser.setPass(password); 
			
//			rbsUser.setScope(1);
		}
		log.info("connecturl--"+getConnecturl());
		log.info("ldap.base--"+bundle.getString("ldap.base"));
		
		rbsUser.setHostList(getConnecturl());
		rbsUser.setBase(bundle.getString("ldap.base"));
		try	{		
				User user = new User();
				user.setCode(userid);
				log.info("check--"+1);
//				log.info(rbsUser.authenticate());
				if (rbsUser.isAuthenticated()) {
						b = true;
						log.info("用户身份校验通过--"+userid+"--"+password);
						request.getSession().setAttribute(AppUtil.GlobalUser, user);
						log.info("isAuthenticated--"+rbsUser.getAttrValue("sn"));
				} 					
				 
		}catch(Exception e){
				log.error("登录---"+e);
		}
		return b;
    }
    
    public static RBSUser getRBSUser () {
    	return rbsUser;
    }
    
    
    /**
     * 20080808
     * 检查用户是否具有当前应用的访问权限
     * @param userid
     * @param item_parameter
     * @return
     */
    public static boolean checkAppFromLDAP(String userid,String item_parameter) {
    	log.info("checkAppFromLDAP开始检查用户是否具有当前应用的访问权限--"+userid+"--"+item_parameter);
//    	boolean b = false;    	
//		QMRBSService qmrbs = 
//			new QMRBSService("ldap://"+getConnecturl(),
//					getLdap_user(),getLdap_pass());
//		if (qmrbs.getAllAuthApps(userid).contains(item_parameter)) {
//			b = true;
//			log.info("恭喜你，当前用户具备这个应用的访问权限--"+userid+"--"+item_parameter);
//		}   
//		else
//			log.info("当前用户不具备这个应用的访问权限--"+userid+"--"+item_parameter);
//		return b;
    	return true;
    }
    
    /**
     * 20080812
     * @param userid
     * @param item_parameter
     * @return
     */
    public static boolean checkAppFromIPA(String userid,String item_parameter) throws Exception {
    	log.info("checkAppFromIPA开始检查用户是否具有当前应用的访问权限--"+userid+"--"+item_parameter);
    	boolean b = false;    	
    	BusinessService bs = 
			new BusinessService();
    	//UserInfo user = (UserInfo)bs.loadObject(UserInfo.class, userid);
    	UserInfo user = (UserInfo)bs.getObject("from UserInfo ui where ui.name='"+userid+"'");
    	for (Iterator it = user.getUsergroups().iterator();it.hasNext();) {
    		UserGroup ug = (UserGroup)it.next();
    		for (Iterator it_ = ug.getItems().iterator();it_.hasNext();) {
    			Item item = (Item)it_.next();
    			if (!Util.NVL(item.getParameter())&&item.getParameter().equalsIgnoreCase(item_parameter)) {
    				b = true;
    				log.info("恭喜你，当前用户具备这个应用的访问权限--"+userid+"--"+item_parameter);
    			}
    			else
    				log.info("当前用户不具备这个应用的访问权限--"+userid+"--"+item_parameter);
    		}
    	}
		return b;
    }
    
    /**
     * 20080812后来分析得出，这种方法没用！
     * 20080808
     * 奥运版
     * 检查当前用户是否具有访问当前菜单的权限
     * @param userid
     * @param item_parameter
     * @param requrl
     * @return
     */
    public static boolean checkItems(List items,String userid,String item_parameter,String requrl) {
    	log.info("检查当前用户是否具有访问当前菜单的权限--"+userid+"--"+item_parameter+"--"+requrl);
    	boolean b = false;    	
//    	try {
//    		if (items!=null) {
////				UserGroupService ugs = new UserGroupService();
////				Iterator it = ugs.getItemsFromUser(userid,item_parameter).iterator();
//    			Iterator it = items.iterator();
//				while (it.hasNext()) {
//					Item item = (Item)it.next();
//					if (!Util.NVL(item.getUrl())&&item.getUrl().equalsIgnoreCase(requrl)) {
//						b = true;
//						log.info("checkItems恭喜你，当前用户具备这个菜单的访问权限--"+userid+"--"+item_parameter+"--"+item.getUrl());
//					} 
//				}
//    		}
//		} catch (Exception e) {
//			// TODO Auto-generated catch block
//			e.printStackTrace();
//		} 
//		return b;
    	return true;
    }
}