From 7e7a275c0c4a07f5d27ec082538c25b838505998 Mon Sep 17 00:00:00 2001 From: lyfO_o <764716047@qq.com> Date: 星期一, 27 六月 2022 18:24:48 +0800 Subject: [PATCH] up --- safePlatfrom-out-web/src/main/java/com/gkhy/safePlatform/config/security/TokenAuthenticationFilter.java | 302 ++++++++++++++++++++++++------------------------- 1 files changed, 147 insertions(+), 155 deletions(-) diff --git a/safePlatfrom-out-web/src/main/java/com/gkhy/safePlatform/config/security/TokenAuthenticationFilter.java b/safePlatfrom-out-web/src/main/java/com/gkhy/safePlatform/config/security/TokenAuthenticationFilter.java index c9bd858..874b46f 100644 --- a/safePlatfrom-out-web/src/main/java/com/gkhy/safePlatform/config/security/TokenAuthenticationFilter.java +++ b/safePlatfrom-out-web/src/main/java/com/gkhy/safePlatform/config/security/TokenAuthenticationFilter.java @@ -1,155 +1,147 @@ -//package com.gkhy.safePlatform.config.security; -// -//import com.alibaba.fastjson.JSONArray; -//import com.alibaba.fastjson.JSONObject; -//import com.gkhy.safePlatform.account.model.cache.CacheUser; -//import com.gkhy.safePlatform.account.rpc.apimodel.NameService; -//import com.gkhy.safePlatform.commons.config.token.TokenConfig; -//import com.gkhy.safePlatform.commons.enums.RedisKeyEnum; -//import com.gkhy.safePlatform.commons.enums.ResultCodes; -//import com.gkhy.safePlatform.commons.exception.BusinessException; -//import com.gkhy.safePlatform.commons.utils.RedisUtils; -//import com.gkhy.safePlatform.commons.utils.StringUtils; -//import com.gkhy.safePlatform.commons.vo.ResultVO; -//import org.apache.dubbo.config.annotation.DubboReference; -//import org.springframework.beans.factory.annotation.Autowired; -//import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; -//import org.springframework.security.core.GrantedAuthority; -//import org.springframework.security.core.authority.SimpleGrantedAuthority; -//import org.springframework.security.core.context.SecurityContextHolder; -//import org.springframework.stereotype.Component; -//import org.springframework.web.filter.OncePerRequestFilter; -// -//import javax.servlet.FilterChain; -//import javax.servlet.ServletException; -//import javax.servlet.http.HttpServletRequest; -//import javax.servlet.http.HttpServletResponse; -//import java.io.IOException; -//import java.io.PrintWriter; -//import java.util.ArrayList; -//import java.util.List; -// -///** -//* @Description: token登录过滤器 -//*/ -//@Component -//public class TokenAuthenticationFilter extends OncePerRequestFilter { -// -// @Autowired -// private TokenConfig tokenConfig; -// @Autowired -// private RedisUtils redisUtil; -// @DubboReference(check = false) -// private NameService nameService; -// -// -// -// @Override -// protected void doFilterInternal(HttpServletRequest req, HttpServletResponse resp, FilterChain chain) throws IOException, ServletException { -// -// try { -// //获取当前认证成功用户权限信息 -// UsernamePasswordAuthenticationToken authRequest = getAuthentication(req, resp); -// if (authRequest != null) { -// SecurityContextHolder.getContext().setAuthentication(authRequest); -// } -// // 执行下一个 filter 过滤器链 -// chain.doFilter(req, resp); -// } catch (BusinessException e) { -// // 返回异常 -// this.writeJSON(req, resp, new ResultVO<>(e.getError())); -// } catch (Exception e) { -// e.printStackTrace(); -// this.writeJSON(req, resp, new ResultVO<>(ResultCodes.SERVER_ERROR)); -// } -// -// -// } -// -// -// private UsernamePasswordAuthenticationToken getAuthentication(HttpServletRequest req,HttpServletResponse resp) { -// // header获取token -// String authToken = req.getHeader(tokenConfig.getHeader()); -// String loginUserId = req.getHeader(tokenConfig.getLoginUserHeader()); -// -// if(authToken != null) { -// // header 传入 userId -// if (StringUtils.isBlank(loginUserId)) { -// throw new BusinessException(ResultCodes.CLIENT_CREDENTIALS_LACK); -// } -// // 登录成功时,会将权限数据存入redis -// // 这里是验证获取权限信息 -// // 1.从redis中获取对应该用户的权限信息 -// String accessTokenKey = RedisKeyEnum.authKey(RedisKeyEnum.AUTH_TOKEN, loginUserId); -// Object o = redisUtil.get(accessTokenKey); -// // 2.token是否存在 -// if (o == null) { -// // 是否存在 -// throw new BusinessException(ResultCodes.CLIENT_CREDENTIALS_SIGN_INVALID); -// }else{ -// Long userId = Long.valueOf(loginUserId); -// CacheUser cacheUser = JSONObject.parseObject(o.toString(), CacheUser.class); -// assert userId.equals(cacheUser.getUserId()); -// if ( !authToken.equals(cacheUser.getAccessToken())) { -// throw new BusinessException(ResultCodes.CLIENT_CREDENTIALS_TOKEN_INVALID); -// } -// -// // 3.redis获取权限 -// String authoritiesKey = RedisKeyEnum.authKey(RedisKeyEnum.AUTH_AUTHORITIES, userId); -// Object oo = redisUtil.get(authoritiesKey); -// List<GrantedAuthority> authorities; -// // 4.redis中是否存在 -// if (oo != null) { -// // 5.存在 -// String json = oo.toString(); -// authorities = JSONArray.parseArray(json, GrantedAuthority.class); -// }else { -// authorities = new ArrayList<>(); -// // 6.不存在=>数据库查询 -// List<String> roleCodes = nameService.getUserRoleCodeByUserId(userId); -// // role -// for (String roleCode : roleCodes) { -// SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority("ROLE_" + roleCode); -// authorities.add(simpleGrantedAuthority); -// } -// -// // permission -// List<String> permissions = nameService.getUserPermissionByUserId(userId); -// for (String permission : permissions) { -// SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority(permission); -// authorities.add(simpleGrantedAuthority); -// } -// } -// -// // security对象中存入登陆者信息 -// return new UsernamePasswordAuthenticationToken(userId,authToken,authorities); -// -// } -// -// -// -// -// -// -// } -// return null; -// } -// -// -// -// protected void writeJSON(HttpServletRequest req, -// HttpServletResponse resp, -// ResultVO resultVO) throws IOException { -// // 设置编码格式 -// resp.setContentType("text/json;charset=utf-8"); -// // 处理跨域问题 -// resp.setHeader("Access-Control-Allow-Origin", "*"); -// resp.setHeader("Access-Control-Allow-Methods", "POST, GET"); -// -// //输出JSON -// PrintWriter out = resp.getWriter(); -// out.write(JSONObject.toJSONString(resultVO)); -// out.flush(); -// out.close(); -// } -//} +package com.gkhy.safePlatform.config.security; + +import com.alibaba.fastjson.JSONArray; +import com.alibaba.fastjson.JSONObject; +import com.gkhy.safePlatform.account.rpc.apimodel.UserAccountService; +import com.gkhy.safePlatform.commons.co.CacheUser; +import com.gkhy.safePlatform.commons.enums.RedisKeyEnum; +import com.gkhy.safePlatform.commons.enums.ResultCodes; +import com.gkhy.safePlatform.commons.exception.BusinessException; +import com.gkhy.safePlatform.commons.utils.StringUtils; +import com.gkhy.safePlatform.commons.vo.ResultVO; +import org.apache.dubbo.config.annotation.DubboReference; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; +import org.springframework.security.core.GrantedAuthority; +import org.springframework.security.core.authority.SimpleGrantedAuthority; +import org.springframework.security.core.context.SecurityContextHolder; +import org.springframework.stereotype.Component; +import org.springframework.web.filter.OncePerRequestFilter; + +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; +import java.io.IOException; +import java.io.PrintWriter; +import java.util.ArrayList; +import java.util.List; + +/** +* @Description: token登录过滤器 +*/ +@Component +public class TokenAuthenticationFilter extends OncePerRequestFilter { + + @Autowired + private TokenConfig tokenConfig; + @DubboReference(check = false) + private UserAccountService userAccountService; + + + + @Override + protected void doFilterInternal(HttpServletRequest req, HttpServletResponse resp, FilterChain chain) throws IOException, ServletException { + + try { + //获取当前认证成功用户权限信息 + UsernamePasswordAuthenticationToken authRequest = getAuthentication(req, resp); + if (authRequest != null) { + SecurityContextHolder.getContext().setAuthentication(authRequest); + } + // 执行下一个 filter 过滤器链 + chain.doFilter(req, resp); + } catch (BusinessException e) { + // 返回异常 + this.writeJSON(req, resp, new ResultVO<>(e.getError())); + } catch (Exception e) { + e.printStackTrace(); + this.writeJSON(req, resp, new ResultVO<>(ResultCodes.SERVER_ERROR)); + } + + + } + + + private UsernamePasswordAuthenticationToken getAuthentication(HttpServletRequest req,HttpServletResponse resp) { + // header获取token + String authToken = req.getHeader(tokenConfig.getHeader()); + String loginUserId = req.getHeader(tokenConfig.getLoginUserHeader()); + + if(authToken != null) { + // header 传入 userId + if (StringUtils.isBlank(loginUserId)) { + throw new BusinessException(ResultCodes.CLIENT_CREDENTIALS_LACK); + } + // 登录成功时,会将权限数据存入redis + // 这里是验证获取权限信息 + // 1.从redis中获取对应该用户的权限信息 + String accessTokenKey = RedisKeyEnum.authKey(RedisKeyEnum.AUTH_TOKEN, loginUserId); + String o = userAccountService.getValueByKeyFromRedis(accessTokenKey); + // 2.token是否存在 + if (o == null) { + // 是否存在 + throw new BusinessException(ResultCodes.CLIENT_CREDENTIALS_SIGN_INVALID); + }else{ + Long userId = Long.valueOf(loginUserId); + CacheUser cacheUser = JSONObject.parseObject(o, CacheUser.class); + assert userId.equals(cacheUser.getUserId()); + if ( !authToken.equals(cacheUser.getAccessToken())) { + throw new BusinessException(ResultCodes.CLIENT_CREDENTIALS_TOKEN_INVALID); + } + + // 3.redis获取权限 + String authoritiesKey = RedisKeyEnum.authKey(RedisKeyEnum.AUTH_AUTHORITIES, userId); + String oo = userAccountService.getValueByKeyFromRedis(authoritiesKey); + List<GrantedAuthority> authorities; + // 4.redis中是否存在 + if (oo != null) { + // 5.存在 + authorities = JSONArray.parseArray(oo, GrantedAuthority.class); + }else { + authorities = new ArrayList<>(); + // 6.不存在=>数据库查询 + String roleCode = userAccountService.getUserRoleCodeByUserId(userId); + // role + authorities.add(new SimpleGrantedAuthority("ROLE_" + roleCode)); + + // permission + List<String> permissions = userAccountService.getUserPermissionByUserId(userId); + for (String permission : permissions) { + SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority(permission); + authorities.add(simpleGrantedAuthority); + } + } + + // security对象中存入登陆者信息 + return new UsernamePasswordAuthenticationToken(userId,authToken,authorities); + + } + + + + + + + } + return null; + } + + + + protected void writeJSON(HttpServletRequest req, + HttpServletResponse resp, + ResultVO resultVO) throws IOException { + // 设置编码格式 + resp.setContentType("text/json;charset=utf-8"); + // 处理跨域问题 + resp.setHeader("Access-Control-Allow-Origin", "*"); + resp.setHeader("Access-Control-Allow-Methods", "POST, GET"); + + //输出JSON + PrintWriter out = resp.getWriter(); + out.write(JSONObject.toJSONString(resultVO)); + out.flush(); + out.close(); + } +} -- Gitblit v1.9.2