Merge remote-tracking branch 'origin/feature/SUPPORT-9605_remove_finally' into develop
This commit is contained in:
adel.ka
commit
248a9a6155
2 changed files with 23 additions and 9 deletions
|
|
@ -45,7 +45,6 @@ import ru.micord.ervu.security.esia.EsiaAuthInfoStore;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
import org.springframework.security.core.context.SecurityContext;
|
import org.springframework.security.core.context.SecurityContext;
|
||||||
import org.springframework.util.StringUtils;
|
|
||||||
import ru.micord.ervu.security.esia.config.EsiaConfig;
|
import ru.micord.ervu.security.esia.config.EsiaConfig;
|
||||||
import org.springframework.beans.factory.annotation.Value;
|
import org.springframework.beans.factory.annotation.Value;
|
||||||
import ru.micord.ervu.kafka.model.Brhs;
|
import ru.micord.ervu.kafka.model.Brhs;
|
||||||
|
|
@ -63,6 +62,7 @@ import ru.micord.ervu.security.webbpm.jwt.helper.SecurityHelper;
|
||||||
import ru.micord.ervu.security.webbpm.jwt.service.JwtTokenService;
|
import ru.micord.ervu.security.webbpm.jwt.service.JwtTokenService;
|
||||||
import ru.micord.ervu.security.webbpm.jwt.model.Token;
|
import ru.micord.ervu.security.webbpm.jwt.model.Token;
|
||||||
import ru.micord.ervu.service.UploadAccessService;
|
import ru.micord.ervu.service.UploadAccessService;
|
||||||
|
import ru.micord.ervu.util.StringUtils;
|
||||||
|
|
||||||
import ru.cg.webbpm.modules.core.runtime.api.LocalizedException;
|
import ru.cg.webbpm.modules.core.runtime.api.LocalizedException;
|
||||||
import ru.cg.webbpm.modules.core.runtime.api.MessageBundleUtils;
|
import ru.cg.webbpm.modules.core.runtime.api.MessageBundleUtils;
|
||||||
|
|
@ -191,6 +191,7 @@ public class EsiaAuthService {
|
||||||
|
|
||||||
public void authEsiaTokensByCode(String esiaAuthCode, String state, HttpServletResponse response, HttpServletRequest request) {
|
public void authEsiaTokensByCode(String esiaAuthCode, String state, HttpServletResponse response, HttpServletRequest request) {
|
||||||
String esiaAccessTokenStr = null;
|
String esiaAccessTokenStr = null;
|
||||||
|
String esiaRefreshTokenStr = null;
|
||||||
String prnOid = null;
|
String prnOid = null;
|
||||||
Long expiresIn = null;
|
Long expiresIn = null;
|
||||||
boolean hasRole = false;
|
boolean hasRole = false;
|
||||||
|
|
@ -259,7 +260,7 @@ public class EsiaAuthService {
|
||||||
throw new EsiaException("Token invalid. State from request not equals with state from response.");
|
throw new EsiaException("Token invalid. State from request not equals with state from response.");
|
||||||
}
|
}
|
||||||
esiaAccessTokenStr = tokenResponse.getAccessToken();
|
esiaAccessTokenStr = tokenResponse.getAccessToken();
|
||||||
String esiaRefreshTokenStr = tokenResponse.getRefreshToken();
|
esiaRefreshTokenStr = tokenResponse.getRefreshToken();
|
||||||
startTime = System.currentTimeMillis();
|
startTime = System.currentTimeMillis();
|
||||||
String verifyResult = verifyToken(esiaAccessTokenStr);
|
String verifyResult = verifyToken(esiaAccessTokenStr);
|
||||||
timeVerifySecret = System.currentTimeMillis() - startTime;
|
timeVerifySecret = System.currentTimeMillis() - startTime;
|
||||||
|
|
@ -269,8 +270,6 @@ public class EsiaAuthService {
|
||||||
EsiaAccessToken esiaAccessToken = ulDataService.readToken(esiaAccessTokenStr);
|
EsiaAccessToken esiaAccessToken = ulDataService.readToken(esiaAccessTokenStr);
|
||||||
prnOid = esiaAccessToken.getSbjId();
|
prnOid = esiaAccessToken.getSbjId();
|
||||||
expiresIn = tokenResponse.getExpiresIn();
|
expiresIn = tokenResponse.getExpiresIn();
|
||||||
EsiaAuthInfoStore.addAccessToken(prnOid, esiaAccessTokenStr, expiresIn);
|
|
||||||
EsiaAuthInfoStore.addRefreshToken(prnOid, esiaRefreshTokenStr, expiresIn);
|
|
||||||
}
|
}
|
||||||
catch (Exception e) {
|
catch (Exception e) {
|
||||||
throw new EsiaException(e);
|
throw new EsiaException(e);
|
||||||
|
|
@ -280,7 +279,7 @@ public class EsiaAuthService {
|
||||||
Thread.currentThread().getId(), timeSignSecret, timeRequestAccessToken, timeVerifySecret);
|
Thread.currentThread().getId(), timeSignSecret, timeRequestAccessToken, timeVerifySecret);
|
||||||
}
|
}
|
||||||
OrgInfo orgInfo = null;
|
OrgInfo orgInfo = null;
|
||||||
String status = null, ervuId = null;
|
String status = null;
|
||||||
try {
|
try {
|
||||||
orgInfo = getOrgInfo(esiaAccessTokenStr);
|
orgInfo = getOrgInfo(esiaAccessTokenStr);
|
||||||
hasRole = ulDataService.checkRole(esiaAccessTokenStr);
|
hasRole = ulDataService.checkRole(esiaAccessTokenStr);
|
||||||
|
|
@ -289,8 +288,11 @@ public class EsiaAuthService {
|
||||||
LOGGER.error("The user with id = " + prnOid + " does not have the required role");
|
LOGGER.error("The user with id = " + prnOid + " does not have the required role");
|
||||||
throw new LocalizedException("access_denied", MESSAGE_SOURCE);
|
throw new LocalizedException("access_denied", MESSAGE_SOURCE);
|
||||||
}
|
}
|
||||||
ervuId = getErvuId(prnOid, orgInfo);
|
String ervuId = getErvuId(prnOid, orgInfo);
|
||||||
status = AuditConstants.SUCCESS_STATUS_TYPE;
|
status = AuditConstants.SUCCESS_STATUS_TYPE;
|
||||||
|
EsiaAuthInfoStore.addAccessToken(prnOid, esiaAccessTokenStr, expiresIn);
|
||||||
|
EsiaAuthInfoStore.addRefreshToken(prnOid, esiaRefreshTokenStr, expiresIn);
|
||||||
|
createTokenAndAddCookie(response, prnOid, ervuId, hasRole, fileUploadAllowed, expiresIn);
|
||||||
}
|
}
|
||||||
catch (JsonProcessingException e) {
|
catch (JsonProcessingException e) {
|
||||||
throw new EsiaException(e);
|
throw new EsiaException(e);
|
||||||
|
|
@ -303,7 +305,6 @@ public class EsiaAuthService {
|
||||||
auditService.processAuthEvent(request, orgInfo, prnOid, status,
|
auditService.processAuthEvent(request, orgInfo, prnOid, status,
|
||||||
AuditConstants.LOGIN_EVENT_TYPE);
|
AuditConstants.LOGIN_EVENT_TYPE);
|
||||||
}
|
}
|
||||||
createTokenAndAddCookie(response, prnOid, ervuId, hasRole, fileUploadAllowed, expiresIn);
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
@ -470,8 +471,8 @@ public class EsiaAuthService {
|
||||||
);
|
);
|
||||||
ErvuOrgResponse ervuOrgResponse = objectMapper.readValue(kafkaResponse, ErvuOrgResponse.class);
|
ErvuOrgResponse ervuOrgResponse = objectMapper.readValue(kafkaResponse, ErvuOrgResponse.class);
|
||||||
String ervuId = ervuOrgResponse.getData().getErvuId();
|
String ervuId = ervuOrgResponse.getData().getErvuId();
|
||||||
if (!StringUtils.hasText(ervuId)) {
|
if (!StringUtils.isValidUUID(ervuId)) {
|
||||||
throw new EsiaException("No ervuId for prnOid = " + prnOid);
|
throw new EsiaException("No valid ervuId for prnOid = " + prnOid);
|
||||||
}
|
}
|
||||||
return ervuId;
|
return ervuId;
|
||||||
}
|
}
|
||||||
|
|
|
||||||
|
|
@ -1,10 +1,16 @@
|
||||||
package ru.micord.ervu.util;
|
package ru.micord.ervu.util;
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
|
import java.util.regex.Pattern;
|
||||||
|
|
||||||
import static org.apache.commons.lang3.StringUtils.capitalize;
|
import static org.apache.commons.lang3.StringUtils.capitalize;
|
||||||
import static org.apache.commons.lang3.StringUtils.substring;
|
import static org.apache.commons.lang3.StringUtils.substring;
|
||||||
|
|
||||||
public final class StringUtils {
|
public final class StringUtils {
|
||||||
|
private static final Pattern UUID_PATTERN = Pattern.compile(
|
||||||
|
"^[0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12}$"
|
||||||
|
);
|
||||||
|
|
||||||
private StringUtils() {
|
private StringUtils() {
|
||||||
}
|
}
|
||||||
|
|
@ -18,4 +24,11 @@ public final class StringUtils {
|
||||||
middleNameInitial
|
middleNameInitial
|
||||||
);
|
);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public static boolean isValidUUID(String uuid) {
|
||||||
|
if (uuid == null) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
return UUID_PATTERN.matcher(uuid).matches();
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue