华泰-傅里叶后端
blame | 历史 | 原始文档
zhangf
2024-08-08 71706ced3375f4c18148516d0477d8fd645de2ee 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148

package com.gkhy.huataiFourierSpecialGasMonitor.config.authorization;


 


import com.fasterxml.jackson.databind.ObjectMapper;


import com.gkhy.huataiFourierSpecialGasMonitor.application.account.dto.respDto.ContextUserDto;


import com.gkhy.huataiFourierSpecialGasMonitor.application.account.dto.respDto.TokenInfoDto;


import com.gkhy.huataiFourierSpecialGasMonitor.application.account.dto.respDto.UserInfoAppRespDTO;


import com.gkhy.huataiFourierSpecialGasMonitor.application.account.service.AccountAppService;


import com.gkhy.huataiFourierSpecialGasMonitor.application.account.service.TokenAppService;


import com.gkhy.huataiFourierSpecialGasMonitor.commons.domain.Result;


import com.gkhy.huataiFourierSpecialGasMonitor.commons.domain.SearchResult;


import com.gkhy.huataiFourierSpecialGasMonitor.commons.enums.ResultCode;


import com.gkhy.huataiFourierSpecialGasMonitor.commons.exception.BusinessException;


import org.redisson.api.RMapCache;


import org.redisson.api.RedissonClient;


import org.springframework.beans.BeanUtils;


import org.springframework.beans.factory.annotation.Autowired;


import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;


import org.springframework.security.core.GrantedAuthority;


import org.springframework.security.core.context.SecurityContextHolder;


import org.springframework.stereotype.Component;


import org.springframework.web.filter.OncePerRequestFilter;


 


import javax.annotation.Resource;


import javax.servlet.FilterChain;


import javax.servlet.ServletException;


import javax.servlet.http.HttpServletRequest;


import javax.servlet.http.HttpServletResponse;


import java.io.IOException;


import java.io.PrintWriter;


import java.util.ArrayList;


import java.util.List;


 


/**


* @Description: token登录过滤器


*/


@Component


public class TokenAuthenticationFilter extends OncePerRequestFilter  {


 


    @Resource


    private TokenConfig tokenConfig;


 


    @Autowired


    private RedissonClient redissonClient;


 


    @Autowired


    private AccountAppService accountAppService;


 


    @Autowired


    private TokenAppService tokenService;


 


 


 


    @Override


    protected void doFilterInternal(HttpServletRequest req, HttpServletResponse resp, FilterChain chain) throws IOException, ServletException {


 


        try {


            //获取当前认证成功用户权限信息


            UsernamePasswordAuthenticationToken authRequest = getAuthentication(req, resp);


            if (authRequest != null) {


                SecurityContextHolder.getContext().setAuthentication(authRequest);


            }


            // 执行下一个 filter 过滤器链


            chain.doFilter(req, resp);


        } catch (BusinessException e) {


            // 返回异常


            this.writeJSON(req, resp, new Result<>(e.getCode(),e.getMessage()));


        }


 


    }


 


 


    private UsernamePasswordAuthenticationToken getAuthentication(HttpServletRequest req,HttpServletResponse resp) {


        // header获取token


        String authToken = req.getHeader(tokenConfig.getHeader());


        String loginUserId = req.getHeader(tokenConfig.getLoginUserHeader());


 


        RMapCache<String,Object> tokenCacheMap = null;


 


        //外部接口只能携带专门token访问特定的几个接口


        if (req.getRequestURI().startsWith("/api")){


            if (tokenConfig.getExternalAccessKey().equals(req.getHeader(tokenConfig.getExternalAccessHeader()))){


                return new UsernamePasswordAuthenticationToken(null,null,null);


            }


            throw new BusinessException(this.getClass(),ResultCode.BUSINESS_ERROR_PERMISSION_DENIALED);


        }


 


        if(authToken != null) {


            // header 传入 userId


            if (loginUserId == null || loginUserId.isEmpty()) {


                throw new BusinessException(this.getClass(),ResultCode.PARAM_ERROR_NULL);


            }


            // 登录成功时,会将权限数据存入redis


            // 这里是验证获取权限信息


            // 1.从redis中获取对应该用户的权限信息


            Long userId = Long.parseLong(loginUserId);


            Result<TokenInfoDto> getTokenInfoResult = tokenService.getToken(userId);


            TokenInfoDto tokenInfoDto = null;


            if(getTokenInfoResult.isSuccess()){


                tokenInfoDto = (TokenInfoDto) getTokenInfoResult.getData();


                if(tokenInfoDto == null || tokenInfoDto.getTk() == null || !tokenInfoDto.getTk().equals(authToken)){


                    throw new BusinessException(this.getClass(),ResultCode.BUSINESS_ERROR_PERMISSION_DENIALED);


                }


            }else {


                throw new BusinessException(this.getClass(),ResultCode.BUSINESS_ERROR_PERMISSION_DENIALED);


            }


 


            SearchResult<UserInfoAppRespDTO> userResult = accountAppService.findUserByUserId(userId);


            if(!userResult.isSuccess() || userResult.getData() == null){


                throw new BusinessException(this.getClass(),ResultCode.BUSINESS_ERROR_ACCOUNT_NOT_EXIST);


            }


            UserInfoAppRespDTO user = (UserInfoAppRespDTO) userResult.getData();


            ContextUserDto contextUserDto = new ContextUserDto();


            BeanUtils.copyProperties(user,contextUserDto);


 


            //获取授权信息


            //todo


            List<GrantedAuthority> authorities = new ArrayList<>();


 


            //token续期,提前60分钟


            Long tokenRemainTimeToLive = tokenInfoDto.getRemainSecond();


            if(tokenRemainTimeToLive/60 <= 60){


                tokenService.resetTokenTime(userId);


            }


            // security对象中存入登陆者信息


            return new UsernamePasswordAuthenticationToken(contextUserDto,authToken,authorities);


        }


        return null;


    }


 


 


 


    protected void writeJSON(HttpServletRequest req,


                             HttpServletResponse resp,


                             Result result) throws IOException {


        // 设置编码格式


        resp.setContentType("text/json;charset=utf-8");


        // 处理跨域问题


        resp.setHeader("Access-Control-Allow-Origin", "*");


        resp.setHeader("Access-Control-Allow-Methods", "POST, GET");


 


        //输出JSON


        PrintWriter out = resp.getWriter();


        ObjectMapper om = new ObjectMapper();


        out.write(om.writeValueAsString(result));


        out.flush();


        out.close();


    }


}