up

lyfO_o

2022-06-27 7e7a275c0c4a07f5d27ec082538c25b838505998

 safePlatfrom-out-web/src/main/java/com/gkhy/safePlatform/config/security/TokenAuthenticationFilter.java

@@ -1,155 +1,147 @@
//package com.gkhy.safePlatform.config.security;
//
//import com.alibaba.fastjson.JSONArray;
//import com.alibaba.fastjson.JSONObject;
//import com.gkhy.safePlatform.account.model.cache.CacheUser;
//import com.gkhy.safePlatform.account.rpc.apimodel.NameService;
//import com.gkhy.safePlatform.commons.config.token.TokenConfig;
//import com.gkhy.safePlatform.commons.enums.RedisKeyEnum;
//import com.gkhy.safePlatform.commons.enums.ResultCodes;
//import com.gkhy.safePlatform.commons.exception.BusinessException;
//import com.gkhy.safePlatform.commons.utils.RedisUtils;
//import com.gkhy.safePlatform.commons.utils.StringUtils;
//import com.gkhy.safePlatform.commons.vo.ResultVO;
//import org.apache.dubbo.config.annotation.DubboReference;
//import org.springframework.beans.factory.annotation.Autowired;
//import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
//import org.springframework.security.core.GrantedAuthority;
//import org.springframework.security.core.authority.SimpleGrantedAuthority;
//import org.springframework.security.core.context.SecurityContextHolder;
//import org.springframework.stereotype.Component;
//import org.springframework.web.filter.OncePerRequestFilter;
//
//import javax.servlet.FilterChain;
//import javax.servlet.ServletException;
//import javax.servlet.http.HttpServletRequest;
//import javax.servlet.http.HttpServletResponse;
//import java.io.IOException;
//import java.io.PrintWriter;
//import java.util.ArrayList;
//import java.util.List;
//
///**
//* @Description: token登录过滤器
//*/
//@Component
//public class TokenAuthenticationFilter extends OncePerRequestFilter  {
//
//    @Autowired
//    private TokenConfig tokenConfig;
//    @Autowired
//    private RedisUtils redisUtil;
//    @DubboReference(check = false)
//    private NameService nameService;
//
//
//
//    @Override
//    protected void doFilterInternal(HttpServletRequest req, HttpServletResponse resp, FilterChain chain) throws IOException, ServletException {
//
//        try {
//            //获取当前认证成功用户权限信息
//            UsernamePasswordAuthenticationToken authRequest = getAuthentication(req, resp);
//            if (authRequest != null) {
//                SecurityContextHolder.getContext().setAuthentication(authRequest);
//            }
//            // 执行下一个 filter 过滤器链
//            chain.doFilter(req, resp);
//        } catch (BusinessException e) {
//            // 返回异常
//            this.writeJSON(req, resp, new ResultVO<>(e.getError()));
//        } catch (Exception e) {
//            e.printStackTrace();
//            this.writeJSON(req, resp, new ResultVO<>(ResultCodes.SERVER_ERROR));
//        }
//
//
//    }
//
//
//    private UsernamePasswordAuthenticationToken getAuthentication(HttpServletRequest req,HttpServletResponse resp) {
//        // header获取token
//        String authToken = req.getHeader(tokenConfig.getHeader());
//        String loginUserId = req.getHeader(tokenConfig.getLoginUserHeader());
//
//        if(authToken != null) {
//            // header 传入 userId
//            if (StringUtils.isBlank(loginUserId)) {
//                throw new BusinessException(ResultCodes.CLIENT_CREDENTIALS_LACK);
//            }
//            // 登录成功时，会将权限数据存入redis
//            // 这里是验证获取权限信息
//            // 1.从redis中获取对应该用户的权限信息
//            String accessTokenKey = RedisKeyEnum.authKey(RedisKeyEnum.AUTH_TOKEN, loginUserId);
//            Object o = redisUtil.get(accessTokenKey);
//            // 2.token是否存在
//            if (o == null) {
//                // 是否存在
//                throw new BusinessException(ResultCodes.CLIENT_CREDENTIALS_SIGN_INVALID);
//            }else{
//                Long userId = Long.valueOf(loginUserId);
//                CacheUser cacheUser = JSONObject.parseObject(o.toString(), CacheUser.class);
//                assert userId.equals(cacheUser.getUserId());
//                if ( !authToken.equals(cacheUser.getAccessToken())) {
//                    throw new BusinessException(ResultCodes.CLIENT_CREDENTIALS_TOKEN_INVALID);
//                }
//
//                // 3.redis获取权限
//                String authoritiesKey = RedisKeyEnum.authKey(RedisKeyEnum.AUTH_AUTHORITIES, userId);
//                Object oo = redisUtil.get(authoritiesKey);
//                List<GrantedAuthority> authorities;
//                // 4.redis中是否存在
//                if (oo != null) {
//                    // 5.存在
//                    String json = oo.toString();
//                    authorities = JSONArray.parseArray(json, GrantedAuthority.class);
//                }else {
//                    authorities = new ArrayList<>();
//                    // 6.不存在=>数据库查询
//                    List<String> roleCodes = nameService.getUserRoleCodeByUserId(userId);
//                    // role
//                    for (String roleCode : roleCodes) {
//                        SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority("ROLE_" + roleCode);
//                        authorities.add(simpleGrantedAuthority);
//                    }
//
//                    // permission
//                    List<String> permissions = nameService.getUserPermissionByUserId(userId);
//                    for (String permission : permissions) {
//                        SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority(permission);
//                        authorities.add(simpleGrantedAuthority);
//                    }
//                }
//
//                // security对象中存入登陆者信息
//                return new UsernamePasswordAuthenticationToken(userId,authToken,authorities);
//
//            }
//
//
//
//
//
//
//        }
//        return null;
//    }
//
//
//
//    protected void writeJSON(HttpServletRequest req,
//                             HttpServletResponse resp,
//                             ResultVO resultVO) throws IOException {
//        // 设置编码格式
//        resp.setContentType("text/json;charset=utf-8");
//        // 处理跨域问题
//        resp.setHeader("Access-Control-Allow-Origin", "*");
//        resp.setHeader("Access-Control-Allow-Methods", "POST, GET");
//
//        //输出JSON
//        PrintWriter out = resp.getWriter();
//        out.write(JSONObject.toJSONString(resultVO));
//        out.flush();
//        out.close();
//    }
//}
package com.gkhy.safePlatform.config.security;

import com.alibaba.fastjson.JSONArray;
import com.alibaba.fastjson.JSONObject;
import com.gkhy.safePlatform.account.rpc.apimodel.UserAccountService;
import com.gkhy.safePlatform.commons.co.CacheUser;
import com.gkhy.safePlatform.commons.enums.RedisKeyEnum;
import com.gkhy.safePlatform.commons.enums.ResultCodes;
import com.gkhy.safePlatform.commons.exception.BusinessException;
import com.gkhy.safePlatform.commons.utils.StringUtils;
import com.gkhy.safePlatform.commons.vo.ResultVO;
import org.apache.dubbo.config.annotation.DubboReference;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;

import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.PrintWriter;
import java.util.ArrayList;
import java.util.List;

/**
* @Description: token登录过滤器
*/
@Component
public class TokenAuthenticationFilter extends OncePerRequestFilter  {

    @Autowired
    private TokenConfig tokenConfig;
    @DubboReference(check = false)
    private UserAccountService userAccountService;



    @Override
    protected void doFilterInternal(HttpServletRequest req, HttpServletResponse resp, FilterChain chain) throws IOException, ServletException {

        try {
            //获取当前认证成功用户权限信息
            UsernamePasswordAuthenticationToken authRequest = getAuthentication(req, resp);
            if (authRequest != null) {
                SecurityContextHolder.getContext().setAuthentication(authRequest);
            }
            // 执行下一个 filter 过滤器链
            chain.doFilter(req, resp);
        } catch (BusinessException e) {
            // 返回异常
            this.writeJSON(req, resp, new ResultVO<>(e.getError()));
        } catch (Exception e) {
            e.printStackTrace();
            this.writeJSON(req, resp, new ResultVO<>(ResultCodes.SERVER_ERROR));
        }


    }


    private UsernamePasswordAuthenticationToken getAuthentication(HttpServletRequest req,HttpServletResponse resp) {
        // header获取token
        String authToken = req.getHeader(tokenConfig.getHeader());
        String loginUserId = req.getHeader(tokenConfig.getLoginUserHeader());

        if(authToken != null) {
            // header 传入 userId
            if (StringUtils.isBlank(loginUserId)) {
                throw new BusinessException(ResultCodes.CLIENT_CREDENTIALS_LACK);
            }
            // 登录成功时，会将权限数据存入redis
            // 这里是验证获取权限信息
            // 1.从redis中获取对应该用户的权限信息
            String accessTokenKey = RedisKeyEnum.authKey(RedisKeyEnum.AUTH_TOKEN, loginUserId);
            String o = userAccountService.getValueByKeyFromRedis(accessTokenKey);
            // 2.token是否存在
            if (o == null) {
                // 是否存在
                throw new BusinessException(ResultCodes.CLIENT_CREDENTIALS_SIGN_INVALID);
            }else{
                Long userId = Long.valueOf(loginUserId);
                CacheUser cacheUser = JSONObject.parseObject(o, CacheUser.class);
                assert userId.equals(cacheUser.getUserId());
                if ( !authToken.equals(cacheUser.getAccessToken())) {
                    throw new BusinessException(ResultCodes.CLIENT_CREDENTIALS_TOKEN_INVALID);
                }

                // 3.redis获取权限
                String authoritiesKey = RedisKeyEnum.authKey(RedisKeyEnum.AUTH_AUTHORITIES, userId);
                String oo = userAccountService.getValueByKeyFromRedis(authoritiesKey);
                List<GrantedAuthority> authorities;
                // 4.redis中是否存在
                if (oo != null) {
                    // 5.存在
                    authorities = JSONArray.parseArray(oo, GrantedAuthority.class);
                }else {
                    authorities = new ArrayList<>();
                    // 6.不存在=>数据库查询
                    String roleCode = userAccountService.getUserRoleCodeByUserId(userId);
                    // role
                    authorities.add(new SimpleGrantedAuthority("ROLE_" + roleCode));

                    // permission
                    List<String> permissions = userAccountService.getUserPermissionByUserId(userId);
                    for (String permission : permissions) {
                        SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority(permission);
                        authorities.add(simpleGrantedAuthority);
                    }
                }

                // security对象中存入登陆者信息
                return new UsernamePasswordAuthenticationToken(userId,authToken,authorities);

            }






        }
        return null;
    }



    protected void writeJSON(HttpServletRequest req,
                             HttpServletResponse resp,
                             ResultVO resultVO) throws IOException {
        // 设置编码格式
        resp.setContentType("text/json;charset=utf-8");
        // 处理跨域问题
        resp.setHeader("Access-Control-Allow-Origin", "*");
        resp.setHeader("Access-Control-Allow-Methods", "POST, GET");

        //输出JSON
        PrintWriter out = resp.getWriter();
        out.write(JSONObject.toJSONString(resultVO));
        out.flush();
        out.close();
    }
}