5 лет назад · a3e1d98b24
--- a/o2server/x_base_core_project/src/main/java/com/x/base/core/project/http/HttpToken.java
+++ b/o2server/x_base_core_project/src/main/java/com/x/base/core/project/http/HttpToken.java
@@ -38,7 +38,7 @@ public class HttpToken {
 
				 
			
 
				 	public EffectivePerson who(HttpServletRequest request, HttpServletResponse response, String key) throws Exception {
			
 
				 		EffectivePerson effectivePerson = this.who(this.getToken(request), key);
			
 
				-		effectivePerson.setRemoteAddress(this.remoteAddress(request));
			
 
				+		effectivePerson.setRemoteAddress(HttpToken.remoteAddress(request));
			
 
				 		effectivePerson.setUserAgent(this.userAgent(request));
			
 
				 		effectivePerson.setUri(request.getRequestURI());
			
 
				 		// 加入调试标记
			
@@ -191,7 +191,7 @@ public class HttpToken {
 
				 		request.setAttribute(X_Person, effectivePerson);
			
 
				 	}
			
 
				 
			
 
				-	private String remoteAddress(HttpServletRequest request) {
			
 
				+	public static String remoteAddress(HttpServletRequest request) {
			
 
				 		String value = Objects.toString(request.getHeader("X-Forwarded-For"), "");
			
 
				 		if (StringUtils.isEmpty(value)) {
			
 
				 			value = Objects.toString(request.getRemoteAddr(), "");
			
--- a/o2server/x_organization_assemble_authentication/src/main/java/com/x/organization/assemble/authentication/jaxrs/authentication/BaseAction.java
+++ b/o2server/x_organization_assemble_authentication/src/main/java/com/x/organization/assemble/authentication/jaxrs/authentication/BaseAction.java
@@ -4,6 +4,8 @@ import java.util.ArrayList;
 
				 import java.util.Comparator;
			
 
				 import java.util.Date;
			
 
				 import java.util.List;
			
 
				+import java.util.regex.Matcher;
			
 
				+import java.util.regex.Pattern;
			
 
				 import java.util.stream.Collectors;
			
 
				 
			
 
				 import javax.servlet.http.HttpServletRequest;
			
@@ -72,6 +74,11 @@ abstract class BaseAction extends StandardJaxrsAction {
 
				 		EffectivePerson effectivePerson = new EffectivePerson(person.getDistinguishedName(), tokenType,
			
 
				 				Config.token().getCipher());
			
 
				 		if ((null != request) && (null != response)) {
			
 
				+			String clientIp = HttpToken.remoteAddress(request);
			
 
				+			logger.debug("{} client ip is : {}",person.getDistinguishedName(), clientIp);
			
 
				+			if(!this.checkIp(clientIp, person.getIpAddress())){
			
 
				+				throw new ExceptionInvalidIpAddress(clientIp);
			
 
				+			}
			
 
				 			httpToken.setToken(request, response, effectivePerson);
			
 
				 		}
			
 
				 		t.setToken(effectivePerson.getToken());
			
@@ -283,4 +290,25 @@ abstract class BaseAction extends StandardJaxrsAction {
 
				 		}
			
 
				 	}
			
 
				 
			
 
				+	protected boolean checkIp(String clientIp, String ipAddress){
			
 
				+		boolean returnValue = true;
			
 
				+		if(StringUtils.isNotEmpty(clientIp) && StringUtils.isNotEmpty(ipAddress)){
			
 
				+			try {
			
 
				+				String[] ipAddressArr = StringUtils.split(ipAddress, ",");
			
 
				+				for (String regIp : ipAddressArr) {
			
 
				+					if(StringUtils.isNotEmpty(regIp)) {
			
 
				+						Pattern pattern = Pattern.compile(regIp.trim());
			
 
				+						Matcher matcher = pattern.matcher(clientIp);
			
 
				+						returnValue = matcher.find();
			
 
				+						if(returnValue){
			
 
				+							break;
			
 
				+						}
			
 
				+					}
			
 
				+				}
			
 
				+			} catch (Exception e) {
			
 
				+			}
			
 
				+		}
			
 
				+		return returnValue;
			
 
				+	}
			
 
				+
			
 
				 }
			
--- a/o2server/x_organization_assemble_authentication/src/main/java/com/x/organization/assemble/authentication/jaxrs/authentication/ExceptionInvalidIpAddress.java
+++ b/o2server/x_organization_assemble_authentication/src/main/java/com/x/organization/assemble/authentication/jaxrs/authentication/ExceptionInvalidIpAddress.java
@@ -0,0 +1,12 @@
 
				+package com.x.organization.assemble.authentication.jaxrs.authentication;
			
 
				+
			
 
				+import com.x.base.core.project.exception.PromptException;
			
 
				+
			
 
				+class ExceptionInvalidIpAddress extends PromptException {
			
 
				+
			
 
				+	private static final long serialVersionUID = -4915257511363100070L;
			
 
				+
			
 
				+	ExceptionInvalidIpAddress(String ip) {
			
 
				+		super("客户端IP限制，当前IP：{}.", ip);
			
 
				+	}
			
 
				+}
			
--- a/o2server/x_organization_core_entity/src/main/java/com/x/organization/core/entity/Person.java
+++ b/o2server/x_organization_core_entity/src/main/java/com/x/organization/core/entity/Person.java
@@ -265,6 +265,13 @@ public class Person extends SliceJpaObject {
 
				 	@CheckPersist(allowEmpty = true)
			
 
				 	private String lastLoginClient;
			
 
				 
			
 
				+	public static final String ipAddress_FIELDNAME = "ipAddress";
			
 
				+	@FieldDescribe("允许登录的IP.")
			
 
				+	@Column(length = JpaObject.length_128B, name = ColumnNamePrefix + ipAddress_FIELDNAME)
			
 
				+	@Index(name = TABLE + IndexNameMiddle + ipAddress_FIELDNAME)
			
 
				+	@CheckPersist(allowEmpty = true)
			
 
				+	private String ipAddress;
			
 
				+
			
 
				 	public static final String mail_FIELDNAME = "mail";
			
 
				 	@Flag
			
 
				 	@FieldDescribe("邮件地址.")
			
@@ -818,4 +825,12 @@ public class Person extends SliceJpaObject {
 
				 	public void setWeLinkHash(String weLinkHash) {
			
 
				 		this.weLinkHash = weLinkHash;
			
 
				 	}
			
 
				+
			
 
				+	public String getIpAddress() {
			
 
				+		return ipAddress;
			
 
				+	}
			
 
				+
			
 
				+	public void setIpAddress(String ipAddress) {
			
 
				+		this.ipAddress = ipAddress;
			
 
				+	}
			
 
				 }