From b591b26cc9290e1469281e3bc22b8aea4f8d061a Mon Sep 17 00:00:00 2001
From: songhuangfeng123 <shf18767906695@163.com>
Date: 星期三, 06 七月 2022 15:30:05 +0800
Subject: [PATCH] 应急队伍
---
safePlatfrom-out-web/src/main/java/com/gkhy/safePlatform/config/security/TokenAuthenticationFilter.java | 334 +++++++++++++++++++++++++++++-------------------------
1 files changed, 179 insertions(+), 155 deletions(-)
diff --git a/safePlatfrom-out-web/src/main/java/com/gkhy/safePlatform/config/security/TokenAuthenticationFilter.java b/safePlatfrom-out-web/src/main/java/com/gkhy/safePlatform/config/security/TokenAuthenticationFilter.java
index c9bd858..8617cb2 100644
--- a/safePlatfrom-out-web/src/main/java/com/gkhy/safePlatform/config/security/TokenAuthenticationFilter.java
+++ b/safePlatfrom-out-web/src/main/java/com/gkhy/safePlatform/config/security/TokenAuthenticationFilter.java
@@ -1,155 +1,179 @@
-//package com.gkhy.safePlatform.config.security;
-//
-//import com.alibaba.fastjson.JSONArray;
-//import com.alibaba.fastjson.JSONObject;
-//import com.gkhy.safePlatform.account.model.cache.CacheUser;
-//import com.gkhy.safePlatform.account.rpc.apimodel.NameService;
-//import com.gkhy.safePlatform.commons.config.token.TokenConfig;
-//import com.gkhy.safePlatform.commons.enums.RedisKeyEnum;
-//import com.gkhy.safePlatform.commons.enums.ResultCodes;
-//import com.gkhy.safePlatform.commons.exception.BusinessException;
-//import com.gkhy.safePlatform.commons.utils.RedisUtils;
-//import com.gkhy.safePlatform.commons.utils.StringUtils;
-//import com.gkhy.safePlatform.commons.vo.ResultVO;
-//import org.apache.dubbo.config.annotation.DubboReference;
-//import org.springframework.beans.factory.annotation.Autowired;
-//import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-//import org.springframework.security.core.GrantedAuthority;
-//import org.springframework.security.core.authority.SimpleGrantedAuthority;
-//import org.springframework.security.core.context.SecurityContextHolder;
-//import org.springframework.stereotype.Component;
-//import org.springframework.web.filter.OncePerRequestFilter;
-//
-//import javax.servlet.FilterChain;
-//import javax.servlet.ServletException;
-//import javax.servlet.http.HttpServletRequest;
-//import javax.servlet.http.HttpServletResponse;
-//import java.io.IOException;
-//import java.io.PrintWriter;
-//import java.util.ArrayList;
-//import java.util.List;
-//
-///**
-//* @Description: token登录过滤器
-//*/
-//@Component
-//public class TokenAuthenticationFilter extends OncePerRequestFilter {
-//
-// @Autowired
-// private TokenConfig tokenConfig;
-// @Autowired
-// private RedisUtils redisUtil;
-// @DubboReference(check = false)
-// private NameService nameService;
-//
-//
-//
-// @Override
-// protected void doFilterInternal(HttpServletRequest req, HttpServletResponse resp, FilterChain chain) throws IOException, ServletException {
-//
-// try {
-// //获取当前认证成功用户权限信息
-// UsernamePasswordAuthenticationToken authRequest = getAuthentication(req, resp);
-// if (authRequest != null) {
-// SecurityContextHolder.getContext().setAuthentication(authRequest);
-// }
-// // 执行下一个 filter 过滤器链
-// chain.doFilter(req, resp);
-// } catch (BusinessException e) {
-// // 返回异常
-// this.writeJSON(req, resp, new ResultVO<>(e.getError()));
-// } catch (Exception e) {
-// e.printStackTrace();
-// this.writeJSON(req, resp, new ResultVO<>(ResultCodes.SERVER_ERROR));
-// }
-//
-//
-// }
-//
-//
-// private UsernamePasswordAuthenticationToken getAuthentication(HttpServletRequest req,HttpServletResponse resp) {
-// // header获取token
-// String authToken = req.getHeader(tokenConfig.getHeader());
-// String loginUserId = req.getHeader(tokenConfig.getLoginUserHeader());
-//
-// if(authToken != null) {
-// // header 传入 userId
-// if (StringUtils.isBlank(loginUserId)) {
-// throw new BusinessException(ResultCodes.CLIENT_CREDENTIALS_LACK);
-// }
-// // 登录成功时,会将权限数据存入redis
-// // 这里是验证获取权限信息
-// // 1.从redis中获取对应该用户的权限信息
-// String accessTokenKey = RedisKeyEnum.authKey(RedisKeyEnum.AUTH_TOKEN, loginUserId);
-// Object o = redisUtil.get(accessTokenKey);
-// // 2.token是否存在
-// if (o == null) {
-// // 是否存在
-// throw new BusinessException(ResultCodes.CLIENT_CREDENTIALS_SIGN_INVALID);
-// }else{
-// Long userId = Long.valueOf(loginUserId);
-// CacheUser cacheUser = JSONObject.parseObject(o.toString(), CacheUser.class);
-// assert userId.equals(cacheUser.getUserId());
-// if ( !authToken.equals(cacheUser.getAccessToken())) {
-// throw new BusinessException(ResultCodes.CLIENT_CREDENTIALS_TOKEN_INVALID);
-// }
-//
-// // 3.redis获取权限
-// String authoritiesKey = RedisKeyEnum.authKey(RedisKeyEnum.AUTH_AUTHORITIES, userId);
-// Object oo = redisUtil.get(authoritiesKey);
-// List<GrantedAuthority> authorities;
-// // 4.redis中是否存在
-// if (oo != null) {
-// // 5.存在
-// String json = oo.toString();
-// authorities = JSONArray.parseArray(json, GrantedAuthority.class);
-// }else {
-// authorities = new ArrayList<>();
-// // 6.不存在=>数据库查询
-// List<String> roleCodes = nameService.getUserRoleCodeByUserId(userId);
-// // role
-// for (String roleCode : roleCodes) {
-// SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority("ROLE_" + roleCode);
-// authorities.add(simpleGrantedAuthority);
-// }
-//
-// // permission
-// List<String> permissions = nameService.getUserPermissionByUserId(userId);
-// for (String permission : permissions) {
-// SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority(permission);
-// authorities.add(simpleGrantedAuthority);
-// }
-// }
-//
-// // security对象中存入登陆者信息
-// return new UsernamePasswordAuthenticationToken(userId,authToken,authorities);
-//
-// }
-//
-//
-//
-//
-//
-//
-// }
-// return null;
-// }
-//
-//
-//
-// protected void writeJSON(HttpServletRequest req,
-// HttpServletResponse resp,
-// ResultVO resultVO) throws IOException {
-// // 设置编码格式
-// resp.setContentType("text/json;charset=utf-8");
-// // 处理跨域问题
-// resp.setHeader("Access-Control-Allow-Origin", "*");
-// resp.setHeader("Access-Control-Allow-Methods", "POST, GET");
-//
-// //输出JSON
-// PrintWriter out = resp.getWriter();
-// out.write(JSONObject.toJSONString(resultVO));
-// out.flush();
-// out.close();
-// }
-//}
+package com.gkhy.safePlatform.config.security;
+
+import com.alibaba.fastjson.JSONArray;
+import com.alibaba.fastjson.JSONObject;
+import com.gkhy.safePlatform.account.rpc.apimodel.AccountAuthService;
+import com.gkhy.safePlatform.account.rpc.apimodel.AccountAuthService;
+import com.gkhy.safePlatform.commons.co.CacheAuthority;
+import com.gkhy.safePlatform.commons.co.CacheUser;
+import com.gkhy.safePlatform.commons.enums.RedisKeyEnum;
+import com.gkhy.safePlatform.commons.enums.ResultCodes;
+import com.gkhy.safePlatform.commons.exception.BusinessException;
+import com.gkhy.safePlatform.commons.utils.RPCUtils;
+import com.gkhy.safePlatform.commons.utils.StringUtils;
+import com.gkhy.safePlatform.commons.vo.ResultVO;
+import com.gkhy.safePlatform.config.redis.RedisUtils;
+import org.apache.dubbo.config.annotation.DubboReference;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+* @Description: token登录过滤器
+*/
+@Component
+public class TokenAuthenticationFilter extends OncePerRequestFilter {
+
+ @Autowired
+ private TokenConfig tokenConfig;
+ @DubboReference(check = false)
+ private AccountAuthService userAccountService;
+ @Autowired
+ private RedisUtils redisUtils;
+
+
+
+ @Override
+ protected void doFilterInternal(HttpServletRequest req, HttpServletResponse resp, FilterChain chain) throws IOException, ServletException {
+
+ try {
+ //获取当前认证成功用户权限信息
+ UsernamePasswordAuthenticationToken authRequest = getAuthentication(req, resp);
+ if (authRequest != null) {
+ SecurityContextHolder.getContext().setAuthentication(authRequest);
+ }
+ // 执行下一个 filter 过滤器链
+ chain.doFilter(req, resp);
+ } catch (BusinessException e) {
+ // 返回异常
+ this.writeJSON(req, resp, new ResultVO<>(e.getCode(),e.getMessage()));
+ }
+
+ }
+
+
+ private UsernamePasswordAuthenticationToken getAuthentication(HttpServletRequest req,HttpServletResponse resp) {
+ // header获取token
+ String authToken = req.getHeader(tokenConfig.getHeader());
+ String loginUserId = req.getHeader(tokenConfig.getLoginUserHeader());
+
+ if(authToken != null) {
+ // header 传入 userId
+ if (StringUtils.isBlank(loginUserId)) {
+ throw new BusinessException(ResultCodes.CLIENT_CREDENTIALS_LACK);
+ }
+ // 登录成功时,会将权限数据存入redis
+ // 这里是验证获取权限信息
+ // 1.从redis中获取对应该用户的权限信息
+ String accessTokenKey = RedisKeyEnum.authKey(RedisKeyEnum.AUTH_TOKEN, loginUserId);
+ Object o = redisUtils.get(accessTokenKey);
+ // 2.token是否存在
+ if (o == null) {
+ // 是否存在
+ throw new BusinessException(ResultCodes.CLIENT_CREDENTIALS_TOKEN_INVALID);
+ }else{
+ Long userId = Long.valueOf(loginUserId);
+ CacheUser cacheUser = JSONObject.parseObject(o.toString(), CacheUser.class);
+ assert userId.equals(cacheUser.getUserId());
+ if ( !authToken.equals(cacheUser.getAccessToken())) {
+ throw new BusinessException(ResultCodes.CLIENT_CREDENTIALS_TOKEN_INVALID);
+ }
+
+ // 3.redis获取权限
+ String authoritiesKey = RedisKeyEnum.authKey(RedisKeyEnum.AUTH_AUTHORITIES, userId);
+ Object oo = redisUtils.get(authoritiesKey);
+ List<GrantedAuthority> authorities = new ArrayList<>();
+ // 4.redis中是否存在
+ if (oo != null) {
+ // 5.存在
+ List<CacheAuthority> cacheAuthorities = JSONArray.parseArray(oo.toString(), CacheAuthority.class);
+ for (CacheAuthority cacheAuthority: cacheAuthorities) {
+ authorities.add(new SimpleGrantedAuthority(cacheAuthority.getAuthority()));
+ }
+ }else {
+ // 6.不存在=>数据库查询
+ ResultVO<String> rpcResultRole = userAccountService.getUserRoleCodeByUserId(userId);
+
+ if (rpcResultRole == null) {
+ throw new BusinessException(ResultCodes.RPC_RESULT_NULL);
+ }
+ if (!ResultCodes.OK.getCode().equals(rpcResultRole.getCode())) {
+ throw new BusinessException(rpcResultRole.getCode(), rpcResultRole.getMsg());
+ }
+ if (rpcResultRole.getData() == null) {
+ throw new BusinessException(ResultCodes.RPC_DATA_NULL);
+ }
+ if (!(rpcResultRole.getData() instanceof String)) {
+ throw new BusinessException(ResultCodes.RPC_DATA_TYPE_NOT_MATCH);
+ }
+ // role
+ authorities.add(new SimpleGrantedAuthority("ROLE_" + rpcResultRole.getData().toString()));
+
+ // permission
+ ResultVO<List<String>> rpcResultPermission = userAccountService.getUserPermissionByUserId(userId);
+
+ if (rpcResultPermission == null) {
+ throw new BusinessException(ResultCodes.RPC_RESULT_NULL);
+ }
+ if (!ResultCodes.OK.getCode().equals(rpcResultPermission.getCode())) {
+ throw new BusinessException(rpcResultRole.getCode(), rpcResultRole.getMsg());
+ }
+ if (rpcResultPermission.getData() == null) {
+ throw new BusinessException(ResultCodes.RPC_DATA_NULL);
+ }
+ if (!(rpcResultPermission.getData() instanceof List)) {
+ throw new BusinessException(ResultCodes.RPC_DATA_TYPE_NOT_MATCH);
+ }
+
+ List<String> permissions = RPCUtils.castList(rpcResultPermission.getData(), String.class);
+ for (String permission : permissions) {
+ SimpleGrantedAuthority simpleGrantedAuthority = new SimpleGrantedAuthority(permission);
+ authorities.add(simpleGrantedAuthority);
+ }
+ }
+
+ // security对象中存入登陆者信息
+ return new UsernamePasswordAuthenticationToken(userId,authToken,authorities);
+
+ }
+
+
+
+
+
+
+ }
+ return null;
+ }
+
+
+
+ protected void writeJSON(HttpServletRequest req,
+ HttpServletResponse resp,
+ ResultVO resultVO) throws IOException {
+ // 设置编码格式
+ resp.setContentType("text/json;charset=utf-8");
+ // 处理跨域问题
+ resp.setHeader("Access-Control-Allow-Origin", "*");
+ resp.setHeader("Access-Control-Allow-Methods", "POST, GET");
+
+ //输出JSON
+ PrintWriter out = resp.getWriter();
+ out.write(JSONObject.toJSONString(resultVO));
+ out.flush();
+ out.close();
+ }
+}
--
Gitblit v1.9.2