Merge branch 'feature/BBS.Anonymous.config' into 'develop'

Merge for feature/BBS.Anonymous.config[企业社区]企业社区增加对匿名访问权限的相关配置

See merge request o2oa/o2oa!704

o2server/x_bbs_assemble_control/src/main/java/com/x/bbs/assemble/control/ThisApplication.java

@@ -27,6 +27,7 @@ public class ThisApplication {
 	public static final String BBSMANAGER = "BBSManager@CMSManagerSystemRole@R";
 	public static QueueNewReplyNotify queueNewReplyNotify;
 	public static QueueNewSubjectNotify queueNewSubjectNotify;
+	public static String CONFIG_BBS_ANONYMOUS_PERMISSION = "YES";
 
 	public static Context context() {
 		return context;
@@ -34,6 +35,7 @@ public class ThisApplication {
 
 	public static void init() throws Exception {
 		try {
+			CONFIG_BBS_ANONYMOUS_PERMISSION = (new BBSConfigSettingService()).getValueWithConfigCode("BBS_ANONYMOUS_PERMISSION");;
 			initAllSystemConfig();
 			queueNewReplyNotify = new QueueNewReplyNotify();
 			queueNewSubjectNotify = new QueueNewSubjectNotify();

o2server/x_bbs_assemble_control/src/main/java/com/x/bbs/assemble/control/jaxrs/BBSAnonyJaxrsFilter.java

@@ -1,8 +1,23 @@
 package com.x.bbs.assemble.control.jaxrs;
 
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
 import javax.servlet.annotation.WebFilter;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 
+import com.x.base.core.project.config.Config;
+import com.x.base.core.project.http.EffectivePerson;
+import com.x.base.core.project.http.FilterTools;
+import com.x.base.core.project.http.HttpToken;
+import com.x.base.core.project.http.TokenType;
 import com.x.base.core.project.jaxrs.AnonymousCipherManagerUserJaxrsFilter;
+import com.x.bbs.assemble.control.ThisApplication;
+import org.apache.commons.lang3.StringUtils;
+
+import java.io.IOException;
 
 @WebFilter(urlPatterns = { 
 		"/jaxrs/image/encode/*", 
@@ -11,4 +26,28 @@ import com.x.base.core.project.jaxrs.AnonymousCipherManagerUserJaxrsFilter;
 		"/jaxrs/uuid/*"
 		}, asyncSupported = true)
 public class BBSAnonyJaxrsFilter extends AnonymousCipherManagerUserJaxrsFilter {
+	@Override
+	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
+		try {
+			HttpServletRequest request = (HttpServletRequest) req;
+			HttpServletResponse response = (HttpServletResponse) res;
+			FilterTools.allow(request, response);
+			if (!request.getMethod().equalsIgnoreCase("options")) {
+				HttpToken httpToken = new HttpToken();
+				EffectivePerson effectivePerson = httpToken.who(request, response, Config.token().getCipher());
+
+				if ( TokenType.anonymous.equals(effectivePerson.getTokenType()) &&
+						StringUtils.equalsAnyIgnoreCase( ThisApplication.CONFIG_BBS_ANONYMOUS_PERMISSION, "NO")) {
+					response.setStatus(500);
+					response.setHeader("Content-Type", "application/json;charset=UTF-8");
+					response.getWriter().write(FilterTools.Application_Not_ManagerUser_Json);
+				}else{
+					chain.doFilter(request, response);
+				}
+
+			}
+		} catch (Exception e) {
+			e.printStackTrace();
+		}
+	}
 }

o2server/x_bbs_assemble_control/src/main/java/com/x/bbs/assemble/control/jaxrs/BBSJaxrsFilter.java

@@ -1,8 +1,23 @@
 package com.x.bbs.assemble.control.jaxrs;
 
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.ServletRequest;
+import javax.servlet.ServletResponse;
 import javax.servlet.annotation.WebFilter;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
 
+import com.x.base.core.project.config.Config;
+import com.x.base.core.project.http.EffectivePerson;
+import com.x.base.core.project.http.FilterTools;
+import com.x.base.core.project.http.HttpToken;
+import com.x.base.core.project.http.TokenType;
 import com.x.base.core.project.jaxrs.AnonymousCipherManagerUserJaxrsFilter;
+import com.x.bbs.assemble.control.ThisApplication;
+import org.apache.commons.lang3.StringUtils;
+
+import java.io.IOException;
 
 /**
  * web服务过滤器，匿名用户可以访问的服务
@@ -21,4 +36,30 @@ import com.x.base.core.project.jaxrs.AnonymousCipherManagerUserJaxrsFilter;
 		"/jaxrs/picture/*",
 		"/jaxrs/attachment/*"
 } , asyncSupported = true)
-public class BBSJaxrsFilter extends AnonymousCipherManagerUserJaxrsFilter {}
+public class BBSJaxrsFilter extends AnonymousCipherManagerUserJaxrsFilter {
+
+	@Override
+	public void doFilter(ServletRequest req, ServletResponse res, FilterChain chain) throws IOException, ServletException {
+		try {
+			HttpServletRequest request = (HttpServletRequest) req;
+			HttpServletResponse response = (HttpServletResponse) res;
+			FilterTools.allow(request, response);
+			if (!request.getMethod().equalsIgnoreCase("options")) {
+				HttpToken httpToken = new HttpToken();
+				EffectivePerson effectivePerson = httpToken.who(request, response, Config.token().getCipher());
+
+				if (TokenType.anonymous.equals(effectivePerson.getTokenType()) &&
+						StringUtils.equalsAnyIgnoreCase(ThisApplication.CONFIG_BBS_ANONYMOUS_PERMISSION, "NO")) {
+					response.setStatus(500);
+					response.setHeader("Content-Type", "application/json;charset=UTF-8");
+					response.getWriter().write( FilterTools.Application_Not_ManagerUser_Json );
+				} else {
+					chain.doFilter(request, response);
+				}
+
+			}
+		} catch (Exception e) {
+			e.printStackTrace();
+		}
+	}
+}

o2server/x_bbs_assemble_control/src/main/java/com/x/bbs/assemble/control/jaxrs/login/ActionLogin.java

@@ -14,11 +14,11 @@ import com.x.bbs.assemble.control.ThisApplication;
 import com.x.bbs.assemble.control.jaxrs.login.exception.ExceptionInsufficientPermissions;
 import com.x.bbs.assemble.control.jaxrs.login.exception.ExceptionUserLogin;
 import com.x.bbs.assemble.control.service.bean.RoleAndPermission;
+import org.apache.commons.lang3.StringUtils;
 
 /**
  * 手机用户访问论坛信息，首页所有的信息整合在一起 匿名用户可以访问
- * 
- * @param request
+ *
  * @return
  */
 public class ActionLogin extends BaseAction {
@@ -36,13 +36,18 @@ public class ActionLogin extends BaseAction {
 
 		if (check) {
 			if ("anonymous".equalsIgnoreCase(effectivePerson.getTokenType().name())) {
-				try {
-					operationRecordService.loginOperation("anonymous", hostIp, hostName);
-					result.setData(new RoleAndPermission());
-				} catch (Exception e) {
-					Exception exception = new ExceptionUserLogin(e, "anonymous");
+				if(StringUtils.equalsAnyIgnoreCase( ThisApplication.CONFIG_BBS_ANONYMOUS_PERMISSION, "YES")){
+					try {
+						operationRecordService.loginOperation("anonymous", hostIp, hostName);
+						result.setData(new RoleAndPermission());
+					} catch (Exception e) {
+						Exception exception = new ExceptionUserLogin(e, "anonymous");
+						result.error(exception);
+						logger.error(e, effectivePerson, request, null);
+					}
+				}else{
+					Exception exception = new ExceptionUserLogin("系统不允许匿名访问社区资源。");
 					result.error(exception);
-					logger.error(e, effectivePerson, request, null);
 				}
 			} else {
 				RoleAndPermission roleAndPermission = null;

o2server/x_bbs_assemble_control/src/main/java/com/x/bbs/assemble/control/jaxrs/login/BaseAction.java

@@ -2,13 +2,7 @@ package com.x.bbs.assemble.control.jaxrs.login;
 
 import com.x.base.core.project.cache.ApplicationCache;
 import com.x.base.core.project.jaxrs.StandardJaxrsAction;
-import com.x.bbs.assemble.control.service.BBSForumInfoServiceAdv;
-import com.x.bbs.assemble.control.service.BBSOperationRecordService;
-import com.x.bbs.assemble.control.service.BBSPermissionInfoService;
-import com.x.bbs.assemble.control.service.BBSRoleInfoService;
-import com.x.bbs.assemble.control.service.BBSSectionInfoServiceAdv;
-import com.x.bbs.assemble.control.service.UserManagerService;
-import com.x.bbs.assemble.control.service.UserPermissionService;
+import com.x.bbs.assemble.control.service.*;
 
 import net.sf.ehcache.Ehcache;
 
@@ -22,4 +16,5 @@ public class BaseAction extends StandardJaxrsAction{
 	protected BBSRoleInfoService roleInfoService = new BBSRoleInfoService();
 	protected BBSSectionInfoServiceAdv sectionInfoServiceAdv = new BBSSectionInfoServiceAdv();
 	protected BBSOperationRecordService operationRecordService = new BBSOperationRecordService();
+	protected BBSConfigSettingService configSettingService = new BBSConfigSettingService();
 }

o2server/x_bbs_assemble_control/src/main/java/com/x/bbs/assemble/control/jaxrs/login/exception/ExceptionUserLogin.java

@@ -9,4 +9,8 @@ public class ExceptionUserLogin extends PromptException {
 	public ExceptionUserLogin( Throwable e, String name ) {
 		super("用户进行系统登入时发生异常! Person:" + name, e );
 	}
+
+	public ExceptionUserLogin( String message ) {
+		super(message );
+	}
 }

o2server/x_bbs_assemble_control/src/main/java/com/x/bbs/assemble/control/service/BBSConfigSettingService.java

@@ -118,7 +118,7 @@ public class BBSConfigSettingService{
 	
 	/**
 	 * 根据传入的ID从数据库查询BBSConfigSetting对象
-	 * @param id
+	 * @param configCode
 	 * @return
 	 * @throws Exception
 	 */
@@ -317,5 +317,17 @@ public class BBSConfigSettingService{
 			logger.warn( "system init system config 'BBS_MYREPLY_SORTTYPE' got an exception." );
 			logger.error(e);
 		}
+
+		value = "YES";
+		type = "select";
+		selectContent = "YES|NO";
+		isMultiple = false;
+		description = "是否允许匿名访问资源：可选值：YES|NO（允许|不允许），单选。";
+		try {
+			checkAndInitSystemConfig("BBS_ANONYMOUS_PERMISSION", "是否允许匿名访问", value, description, type, selectContent, isMultiple, ++ordernumber );
+		} catch (Exception e) {
+			logger.warn( "system init system config 'BBS_ANONYMOUS_PERMISSION' got an exception." );
+			logger.error(e);
+		}
 	}
 }