package com.vci.server.query.util; import java.sql.CallableStatement; import java.sql.Connection; import java.sql.PreparedStatement; import java.sql.ResultSet; import java.sql.SQLException; import java.util.HashMap; import java.util.Map; import org.hibernate.Session; import com.vci.corba.framework.data.CheckValue; import com.vci.corba.common.VCIError; import com.vci.corba.omd.btm.BtmItem; import com.vci.server.base.persistence.dao.HibernateSessionFactory; import com.vci.server.cache.ConfigCacheProvider; import com.vci.server.cache.OMCacheProvider; public class SecretUtil { private static final String PROP_SECURITY = "secret"; private static final String PROP_SECURITY2 = "secretgrade"; public String checkRight(CheckValue params) throws VCIError { // TODO on = ... 是否是三元角色,是的话不检查权限 if (isAdmin(params)) return ""; String where = getCheckSqlRes(params); if (where.replace(" ", "").contains("1=0")) { return where; } return where; } public String checkUserSecret(CheckValue params) throws VCIError { if (isAdmin(params)) return ""; //BtmItem btmItem = ServerServiceProvider.getOMDService(current).getBTMService().getBtmItemByName(params.businesstype); BtmItem btmItem = OMCacheProvider.getBizType(params.businesstype); String where = getUserCheck(params, btmItem); return where; } public String getUserCheck(CheckValue params, BtmItem btmItem) throws VCIError { //if (!isUserCheckOpen(current)) { if (!ConfigCacheProvider.isUserSecurity()) { return ""; } for (String arrName : btmItem.apNameArray) { if (PROP_SECURITY.equals(arrName) || PROP_SECURITY2.equals(arrName)) { String userSecret = getParamValue(params, "CURRENTUSER.SECRETGRADE"); if (userSecret != null && !"".equals(userSecret.trim())) { return " and PLATFORMBTM_" + params.businesstype + "." + arrName + "<=" + userSecret; } return " and 1=0 "; } } return ""; } public String checkIPSecret(CheckValue params) throws VCIError { if (isAdmin(params)) return ""; //BtmItem btmItem = ServerServiceProvider.getOMDService(current).getBTMService().getBtmItemByName(params.businesstype); BtmItem btmItem = OMCacheProvider.getBizType(params.businesstype); String where = getIPCheck(params, btmItem); return where; } private String getIPCheck(CheckValue params, BtmItem btmItem) throws VCIError { //if (!isUserCheckOpen(current) || !isIPCheckOpen(current)) { // 用户保密检测未开启就不作任何检查了 if (!ConfigCacheProvider.isIpSecurity() || !ConfigCacheProvider.isUserSecurity()) { // 用户保密检测未开启就不作任何检查了 return ""; } for (String arrName : btmItem.apNameArray) { if (PROP_SECURITY.equals(arrName) || PROP_SECURITY2.equals(arrName)) { String machineSecret = getParamValue(params, "CURRENTMACHINE.SECRET"); if (machineSecret != null && !"".equals(machineSecret.trim())) { return " and PLATFORMBTM_" + params.businesstype + "." + arrName + "<=" + machineSecret; } return " and 1=0 "; } } return ""; } private boolean isAdmin(CheckValue params) throws VCIError { if (params.users == null || "".equals(params.users.trim())) { return false; } String userName = params.users.split(",")[0]; try { String userType = getUserTypeByUserName(userName); if (userType != null && userType.matches("\\d")) { return Integer.parseInt(userType) <= 1; } } catch (SQLException e) { e.printStackTrace(); } return false; } private String getUserTypeByUserName(String userName) throws VCIError, SQLException { String sql = "select plusertype from pluser t where t.plusername=?"; Connection connection = HibernateSessionFactory.getSessionConnection(); PreparedStatement pst = connection.prepareStatement(sql); pst.setString(1, userName); ResultSet rs = pst.executeQuery(); String userType = ""; while (rs.next()) { userType = rs.getString("plusertype"); } rs.close(); pst.close(); return userType; } private String getParamValue(CheckValue params, String key) { String paramValues = params.paramValues; Map map = getValuesMap(paramValues); return map.get(key); } private Map getValuesMap(String paramValues) { Map map = new HashMap(); String[] split = paramValues.split(","); for (String kvStr : split) { String[] kv = kvStr.split("="); if (kv.length == 2) { map.put(kv[0], kv[1]); } } return map; } private String getCheckSqlRes(CheckValue params) throws VCIError { Session session = HibernateSessionFactory.getSession(); // procedure Connection conn = session.connection(); String where = ""; try { //String defaultHasRight = getDefaultRightConf(current); String defaultHasRight = ConfigCacheProvider.defaultHasRight() ? "1" : "0"; CallableStatement cs = null; if (params.objectoid != null && params.objectoid.split(",").length == 1 && params.opname.split(",").length == 1 && params.opname.equals("query")) { cs = conn.prepareCall("{call CheckQueryRight(?,?,?,?,?,?,?,?,?,?)}"); } else if (params.objectoid != null && params.objectoid.split(",").length == 1) { cs = conn.prepareCall("{call checkordinaryright(?,?,?,?,?,?,?,?,?,?)}"); } else { cs = conn.prepareCall("{call CHECHOBJECTSRIGHT(?,?,?,?,?,?,?,?,?,?)}"); } cs.setString(1, params.users); cs.setString(2, params.roles); cs.setString(3, params.userGroups); cs.setString(4, params.paramValues); cs.setString(5, params.businesstype); cs.setString(6, params.opname); cs.setString(7, params.objectoid); cs.setString(8, params.objectroid); cs.setString(9, params.objectmoid); cs.setString(10, defaultHasRight); cs.registerOutParameter(10, java.sql.Types.VARCHAR); cs.execute(); where = cs.getString(10); if (conn != null) { conn.close(); } // System.out.println("=====================RightValue======================="); // System.out.println(" " + defaultHasRight + " : " + where); // System.out.println("=====================RightValue======================="); } catch (SQLException e) { throw new VCIError("checkRight_0001", new String[] {e.getMessage()}); } return where; } }