wxz
5 years ago
21 changed files with 643 additions and 234 deletions
@ -0,0 +1,26 @@ |
|||||
|
package com.epmet.auth; |
||||
|
|
||||
|
import com.alibaba.fastjson.JSON; |
||||
|
import org.springframework.cloud.gateway.filter.GatewayFilterChain; |
||||
|
import org.springframework.core.io.buffer.DataBuffer; |
||||
|
import org.springframework.http.HttpStatus; |
||||
|
import org.springframework.http.MediaType; |
||||
|
import org.springframework.web.server.ServerWebExchange; |
||||
|
import reactor.core.publisher.Flux; |
||||
|
import reactor.core.publisher.Mono; |
||||
|
|
||||
|
import java.nio.charset.StandardCharsets; |
||||
|
|
||||
|
public abstract class AuthProcessor { |
||||
|
|
||||
|
abstract Mono<Void> auth(ServerWebExchange exchange, GatewayFilterChain chain); |
||||
|
|
||||
|
protected Mono<Void> response(ServerWebExchange exchange, Object object) { |
||||
|
String json = JSON.toJSONString(object); |
||||
|
DataBuffer buffer = exchange.getResponse().bufferFactory().wrap(json.getBytes(StandardCharsets.UTF_8)); |
||||
|
exchange.getResponse().getHeaders().setContentType(MediaType.APPLICATION_JSON_UTF8); |
||||
|
exchange.getResponse().setStatusCode(HttpStatus.OK); |
||||
|
return exchange.getResponse().writeWith(Flux.just(buffer)); |
||||
|
} |
||||
|
|
||||
|
} |
||||
@ -0,0 +1,30 @@ |
|||||
|
package com.epmet.auth; |
||||
|
|
||||
|
import org.slf4j.Logger; |
||||
|
import org.slf4j.LoggerFactory; |
||||
|
|
||||
|
|
||||
|
/** |
||||
|
* 外部应用认证处理器父类 |
||||
|
*/ |
||||
|
public abstract class ExtAppAuthProcessor { |
||||
|
|
||||
|
private Logger logger = LoggerFactory.getLogger(getClass()); |
||||
|
|
||||
|
private int diffMillins = 1000 * 60 * 5; |
||||
|
|
||||
|
public abstract void auth(String appId, String token, Long ts); |
||||
|
|
||||
|
/** |
||||
|
* 时间戳校验 |
||||
|
* @param timestamp |
||||
|
* @return |
||||
|
*/ |
||||
|
protected boolean validTimeStamp(Long timestamp) { |
||||
|
long now = System.currentTimeMillis(); |
||||
|
if (Math.abs(now - timestamp) > diffMillins) { |
||||
|
return false; |
||||
|
} |
||||
|
return true; |
||||
|
} |
||||
|
} |
||||
@ -0,0 +1,88 @@ |
|||||
|
package com.epmet.auth; |
||||
|
|
||||
|
import com.epmet.commons.tools.exception.EpmetErrorCode; |
||||
|
import com.epmet.commons.tools.exception.ExceptionUtils; |
||||
|
import com.epmet.commons.tools.exception.RenException; |
||||
|
import com.epmet.commons.tools.redis.RedisKeys; |
||||
|
import com.epmet.commons.tools.redis.RedisUtils; |
||||
|
import com.epmet.commons.tools.utils.Result; |
||||
|
import com.epmet.commons.tools.utils.SpringContextUtils; |
||||
|
import com.epmet.feign.EpmetCommonServiceOpenFeignClient; |
||||
|
import com.epmet.jwt.JwtTokenUtils; |
||||
|
import io.jsonwebtoken.Claims; |
||||
|
import org.apache.commons.lang3.StringUtils; |
||||
|
import org.slf4j.Logger; |
||||
|
import org.slf4j.LoggerFactory; |
||||
|
import org.springframework.beans.factory.annotation.Autowired; |
||||
|
import org.springframework.stereotype.Component; |
||||
|
|
||||
|
/** |
||||
|
* jwt 认证处理器 |
||||
|
*/ |
||||
|
@Component |
||||
|
public class ExtAppJwtAuthProcessor extends ExtAppAuthProcessor { |
||||
|
|
||||
|
private static Logger logger = LoggerFactory.getLogger(ExtAppJwtAuthProcessor.class); |
||||
|
|
||||
|
@Autowired |
||||
|
private JwtTokenUtils jwtTokenUtils; |
||||
|
|
||||
|
@Autowired |
||||
|
private RedisUtils redisUtils; |
||||
|
|
||||
|
@Override |
||||
|
public void auth(String appId, String token, Long ts) { |
||||
|
String secret; |
||||
|
if (StringUtils.isBlank(secret = getTokenFromCache(appId))) { |
||||
|
throw new RenException(EpmetErrorCode.OPER_EXTERNAL_APP_AUTH_ERROR.getCode(), String.format("根据AppId:【%s】没有找到对应的秘钥", appId)); |
||||
|
} |
||||
|
|
||||
|
Claims claim; |
||||
|
try { |
||||
|
claim = jwtTokenUtils.getClaimByToken(token, secret); |
||||
|
} catch (Exception e) { |
||||
|
String errorStackTrace = ExceptionUtils.getErrorStackTrace(e); |
||||
|
logger.error("解析token失败:{}", errorStackTrace); |
||||
|
throw new RenException(EpmetErrorCode.OPER_EXTERNAL_APP_AUTH_ERROR.getCode(), "解析token失败"); |
||||
|
} |
||||
|
|
||||
|
String appIdIn = (String)claim.get("appId"); |
||||
|
String customerId = (String)claim.get("customerId"); |
||||
|
Long timestamp = (Long)claim.get("ts"); |
||||
|
|
||||
|
//校验时间戳,允许5分钟误差
|
||||
|
if (StringUtils.isAnyBlank(appIdIn, customerId) || timestamp == null) { |
||||
|
logger.error("access token不完整。{},{},{}", appIdIn, customerId, timestamp); |
||||
|
throw new RenException(EpmetErrorCode.OPER_EXTERNAL_APP_AUTH_ERROR.getCode(), "AccessToken不完整"); |
||||
|
} |
||||
|
|
||||
|
if (!validTimeStamp(timestamp)) { |
||||
|
logger.error("extapp token已经超时,请求被拒绝"); |
||||
|
throw new RenException(EpmetErrorCode.OPER_EXTERNAL_APP_AUTH_ERROR.getCode(), "AccessToken已经超时"); |
||||
|
} |
||||
|
|
||||
|
if (!appId.equals(appIdIn)) { |
||||
|
logger.error("AppId不对应,token外部的:{}, token内部解析出来的:{}", appId, appIdIn); |
||||
|
throw new RenException(EpmetErrorCode.OPER_EXTERNAL_APP_AUTH_ERROR.getCode(), "AppId不匹配"); |
||||
|
} |
||||
|
} |
||||
|
|
||||
|
/** |
||||
|
* 通过APP ID查询对应的秘钥 |
||||
|
* @param appId |
||||
|
* @return |
||||
|
*/ |
||||
|
public String getTokenFromCache(String appId) { |
||||
|
String secret = (String)redisUtils.get(RedisKeys.getExternalAppSecretKey(appId)); |
||||
|
if (StringUtils.isBlank(secret)) { |
||||
|
EpmetCommonServiceOpenFeignClient commonService = SpringContextUtils.getBean(EpmetCommonServiceOpenFeignClient.class); |
||||
|
Result<String> result = commonService.getSecret(appId); |
||||
|
if (!result.success()) { |
||||
|
throw new RenException(EpmetErrorCode.OPER_EXTERNAL_APP_AUTH_ERROR.getCode(), result.getInternalMsg()); |
||||
|
} |
||||
|
secret = result.getData(); |
||||
|
redisUtils.set(RedisKeys.getExternalAppSecretKey(appId), secret); |
||||
|
} |
||||
|
return secret; |
||||
|
} |
||||
|
} |
||||
@ -0,0 +1,74 @@ |
|||||
|
package com.epmet.auth; |
||||
|
|
||||
|
import com.epmet.commons.tools.exception.EpmetErrorCode; |
||||
|
import com.epmet.commons.tools.exception.RenException; |
||||
|
import com.epmet.commons.tools.redis.RedisKeys; |
||||
|
import com.epmet.commons.tools.redis.RedisUtils; |
||||
|
import com.epmet.commons.tools.utils.Md5Util; |
||||
|
import com.epmet.commons.tools.utils.Result; |
||||
|
import com.epmet.commons.tools.utils.SpringContextUtils; |
||||
|
import com.epmet.feign.EpmetCommonServiceOpenFeignClient; |
||||
|
import org.apache.commons.lang3.StringUtils; |
||||
|
import org.slf4j.Logger; |
||||
|
import org.slf4j.LoggerFactory; |
||||
|
import org.springframework.beans.factory.annotation.Autowired; |
||||
|
import org.springframework.stereotype.Component; |
||||
|
|
||||
|
/** |
||||
|
* md5 认证处理器 |
||||
|
*/ |
||||
|
@Component |
||||
|
public class ExtAppMD5AuthProcessor extends ExtAppAuthProcessor { |
||||
|
|
||||
|
private static Logger logger = LoggerFactory.getLogger(ExtAppMD5AuthProcessor.class); |
||||
|
|
||||
|
//@Autowired
|
||||
|
//private EpmetCommonServiceOpenFeignClient commonServiceOpenFeignClient;
|
||||
|
|
||||
|
@Autowired |
||||
|
private RedisUtils redisUtils; |
||||
|
|
||||
|
@Override |
||||
|
public void auth(String appId, String token, Long ts) { |
||||
|
if (ts == null) { |
||||
|
throw new RenException(EpmetErrorCode.OPER_EXTERNAL_APP_AUTH_ERROR.getCode(), "需要传入时间戳参数"); |
||||
|
} |
||||
|
String secret; |
||||
|
if (StringUtils.isBlank(secret = getTokenFromCache(appId))) { |
||||
|
throw new RenException(EpmetErrorCode.OPER_EXTERNAL_APP_AUTH_ERROR.getCode(), String.format("根据AppId:%s没有找到对应的秘钥", appId)); |
||||
|
} |
||||
|
|
||||
|
String localDigest = Md5Util.md5(secret.concat(":") + ts); |
||||
|
if (!localDigest.equals(token)) { |
||||
|
// 调用方生成的摘要跟本地生成的摘要不匹配
|
||||
|
throw new RenException(EpmetErrorCode.OPER_EXTERNAL_APP_AUTH_ERROR.getCode(), "签名不匹配,认证失败"); |
||||
|
} |
||||
|
|
||||
|
if (!validTimeStamp(ts)) { |
||||
|
logger.error("AccessToken已经超时,请求被拒绝"); |
||||
|
throw new RenException(EpmetErrorCode.OPER_EXTERNAL_APP_AUTH_ERROR.getCode(), "AccessToken已经超时,请求被拒绝"); |
||||
|
} |
||||
|
} |
||||
|
|
||||
|
/** |
||||
|
* 通过APP ID查询对应的秘钥 |
||||
|
* |
||||
|
* @param appId |
||||
|
* @return |
||||
|
*/ |
||||
|
public String getTokenFromCache(String appId) { |
||||
|
String secret = (String) redisUtils.get(RedisKeys.getExternalAppSecretKey(appId)); |
||||
|
if (StringUtils.isBlank(secret)) { |
||||
|
EpmetCommonServiceOpenFeignClient commonService = SpringContextUtils.getBean(EpmetCommonServiceOpenFeignClient.class); |
||||
|
Result<String> result = commonService.getSecret(appId); |
||||
|
if (!result.success()) { |
||||
|
throw new RenException(EpmetErrorCode.OPER_EXTERNAL_APP_AUTH_ERROR.getCode(), result.getInternalMsg()); |
||||
|
} |
||||
|
|
||||
|
secret = result.getData(); |
||||
|
redisUtils.set(RedisKeys.getExternalAppSecretKey(appId), secret); |
||||
|
} |
||||
|
return secret; |
||||
|
} |
||||
|
|
||||
|
} |
||||
@ -0,0 +1,79 @@ |
|||||
|
package com.epmet.auth; |
||||
|
|
||||
|
import com.epmet.commons.tools.exception.EpmetErrorCode; |
||||
|
import com.epmet.commons.tools.exception.ExceptionUtils; |
||||
|
import com.epmet.commons.tools.exception.RenException; |
||||
|
import com.epmet.commons.tools.utils.Result; |
||||
|
import org.apache.commons.lang3.StringUtils; |
||||
|
import org.slf4j.Logger; |
||||
|
import org.slf4j.LoggerFactory; |
||||
|
import org.springframework.beans.factory.annotation.Autowired; |
||||
|
import org.springframework.cloud.gateway.filter.GatewayFilterChain; |
||||
|
import org.springframework.http.HttpHeaders; |
||||
|
import org.springframework.stereotype.Component; |
||||
|
import org.springframework.web.server.ServerWebExchange; |
||||
|
import reactor.core.publisher.Mono; |
||||
|
|
||||
|
/** |
||||
|
* 外部应用认证 |
||||
|
*/ |
||||
|
@Component |
||||
|
public class ExternalAuthProcessor extends AuthProcessor { |
||||
|
|
||||
|
private Logger logger = LoggerFactory.getLogger(getClass()); |
||||
|
|
||||
|
// 头s
|
||||
|
public static final String AUTHORIZATION_TOKEN_HEADER_KEY = "Authorization"; |
||||
|
public static final String ACCESS_TOKEN_HEADER_KEY = "AccessToken"; |
||||
|
public static final String APP_ID_HEADER_KEY = "appId"; |
||||
|
public static final String APP_ID_TIMESTAMP_KEY = "ts"; |
||||
|
public static final String APP_ID_CUSTOMER_ID_KEY = "CustomerId"; |
||||
|
public static final String APP_ID_AUTY_TYPE_KEY = "AuthType"; |
||||
|
|
||||
|
// 认证方式
|
||||
|
public static final String APP_AUTH_TYPE_JWT = "jwt"; |
||||
|
public static final String APP_AUTH_TYPE_MD5 = "md5"; |
||||
|
|
||||
|
|
||||
|
@Autowired |
||||
|
private ExtAppJwtAuthProcessor jwtAuthProcessor; |
||||
|
|
||||
|
@Autowired |
||||
|
private ExtAppMD5AuthProcessor md5AuthProcessor; |
||||
|
|
||||
|
@Override |
||||
|
public Mono<Void> auth(ServerWebExchange exchange, GatewayFilterChain chain) { |
||||
|
HttpHeaders headers = exchange.getRequest().getHeaders(); |
||||
|
|
||||
|
String token = headers.getFirst(ACCESS_TOKEN_HEADER_KEY); |
||||
|
String appId = headers.getFirst(APP_ID_HEADER_KEY); |
||||
|
String ts = headers.getFirst(APP_ID_TIMESTAMP_KEY); |
||||
|
String customerId = headers.getFirst(APP_ID_CUSTOMER_ID_KEY); |
||||
|
String authType = headers.getFirst(APP_ID_AUTY_TYPE_KEY); |
||||
|
|
||||
|
if (StringUtils.isAnyBlank(token, appId)) { |
||||
|
throw new RenException("请求头中的AccessToken和AppId不能为空"); |
||||
|
} |
||||
|
|
||||
|
logger.info("外部应用请求认证拦截Aspect执行,appId:{}, token:{}, ts:{}, customerId:{}, authType:{}", |
||||
|
appId, token, ts, customerId, authType); |
||||
|
|
||||
|
// 没传authType或者传的jwt都用jwtprocessor处理
|
||||
|
try { |
||||
|
if (StringUtils.isBlank(authType) || APP_AUTH_TYPE_JWT.equals(authType)) { |
||||
|
jwtAuthProcessor.auth(appId, token, StringUtils.isNotBlank(ts) ? new Long(ts) : null); |
||||
|
} else if (APP_AUTH_TYPE_MD5.equals(authType)) { |
||||
|
md5AuthProcessor.auth(appId, token, StringUtils.isNotBlank(ts) ? new Long(ts) : null); |
||||
|
} else { |
||||
|
throw new RenException(EpmetErrorCode.OPER_EXTERNAL_APP_AUTH_ERROR.getCode(), "未知的认证类型"); |
||||
|
} |
||||
|
} catch (RenException e) { |
||||
|
return response(exchange, new Result<>().error(e.getCode(), e.getMsg())); |
||||
|
} catch (Exception e) { |
||||
|
logger.error("外部应用请求认证发生未知错误:" + ExceptionUtils.getErrorStackTrace(e)); |
||||
|
return response(exchange, new Result<>().error("外部应用请求认证发生未知错误")); |
||||
|
} |
||||
|
|
||||
|
return chain.filter(exchange); |
||||
|
} |
||||
|
} |
||||
@ -0,0 +1,175 @@ |
|||||
|
package com.epmet.auth; |
||||
|
|
||||
|
import com.epmet.commons.tools.constant.AppClientConstant; |
||||
|
import com.epmet.commons.tools.constant.Constant; |
||||
|
import com.epmet.commons.tools.exception.EpmetErrorCode; |
||||
|
import com.epmet.commons.tools.exception.RenException; |
||||
|
import com.epmet.commons.tools.security.dto.BaseTokenDto; |
||||
|
import com.epmet.commons.tools.security.dto.GovTokenDto; |
||||
|
import com.epmet.commons.tools.security.dto.TokenDto; |
||||
|
import com.epmet.commons.tools.utils.CpUserDetailRedis; |
||||
|
import com.epmet.commons.tools.utils.Result; |
||||
|
import com.epmet.jwt.JwtTokenUtils; |
||||
|
import io.jsonwebtoken.Claims; |
||||
|
import org.apache.commons.lang3.StringUtils; |
||||
|
import org.slf4j.Logger; |
||||
|
import org.slf4j.LoggerFactory; |
||||
|
import org.springframework.beans.factory.annotation.Autowired; |
||||
|
import org.springframework.cloud.gateway.filter.GatewayFilterChain; |
||||
|
import org.springframework.http.HttpHeaders; |
||||
|
import org.springframework.http.server.reactive.ServerHttpRequest; |
||||
|
import org.springframework.stereotype.Component; |
||||
|
import org.springframework.web.server.ServerWebExchange; |
||||
|
import reactor.core.publisher.Mono; |
||||
|
|
||||
|
/** |
||||
|
* 内部认证处理器 |
||||
|
*/ |
||||
|
@Component |
||||
|
public class InternalAuthProcessor extends AuthProcessor { |
||||
|
|
||||
|
private Logger logger = LoggerFactory.getLogger(getClass()); |
||||
|
|
||||
|
@Autowired |
||||
|
private JwtTokenUtils jwtTokenUtils; |
||||
|
|
||||
|
@Autowired |
||||
|
private CpUserDetailRedis cpUserDetailRedis; |
||||
|
|
||||
|
@Override |
||||
|
public Mono<Void> auth(ServerWebExchange exchange, GatewayFilterChain chain) { |
||||
|
ServerHttpRequest request = exchange.getRequest(); |
||||
|
String requestUri = request.getPath().pathWithinApplication().value(); |
||||
|
|
||||
|
logger.info("CpAuthGatewayFilterFactory当前requestUri=[" + requestUri + "]CpAuthGatewayFilterFactory拦截成功"); |
||||
|
String token = getTokenFromRequest(request); |
||||
|
//BaseTokenDto baseTokenDto = StringUtils.isNotBlank(token) ? getBaseTokenDto(token, jwtTokenUtils) : null;
|
||||
|
BaseTokenDto baseTokenDto; |
||||
|
if(StringUtils.isNotBlank(token)){ |
||||
|
try{ |
||||
|
baseTokenDto = getBaseTokenDto(token, jwtTokenUtils); |
||||
|
}catch(RenException e){ |
||||
|
return response(exchange,new Result<>().error(e.getCode(),e.getMsg())); |
||||
|
} |
||||
|
}else{ |
||||
|
baseTokenDto = null; |
||||
|
} |
||||
|
|
||||
|
String customerId = ""; |
||||
|
|
||||
|
if (baseTokenDto != null) { |
||||
|
if (AppClientConstant.APP_RESI.equals(baseTokenDto.getApp())) { |
||||
|
// 居民端
|
||||
|
TokenDto resiTokenDto = getLoginUserInfoByToken(token, jwtTokenUtils, TokenDto.class); |
||||
|
if (resiTokenDto != null) { |
||||
|
customerId = resiTokenDto.getCustomerId(); |
||||
|
baseTokenDto = resiTokenDto; |
||||
|
} |
||||
|
} else if (AppClientConstant.APP_GOV.equals(baseTokenDto.getApp())) { |
||||
|
// 政府端
|
||||
|
GovTokenDto govTokenDto = getLoginUserInfoByToken(token, jwtTokenUtils, GovTokenDto.class); |
||||
|
if (govTokenDto != null) { |
||||
|
customerId = govTokenDto.getCustomerId(); |
||||
|
baseTokenDto = govTokenDto; |
||||
|
} |
||||
|
} else if(AppClientConstant.APP_OPER.equals(baseTokenDto.getApp())){ |
||||
|
//运营端
|
||||
|
TokenDto resiTokenDto = getLoginUserInfoByToken(token, jwtTokenUtils, TokenDto.class); |
||||
|
if (resiTokenDto != null) { |
||||
|
customerId = resiTokenDto.getCustomerId(); |
||||
|
baseTokenDto = resiTokenDto; |
||||
|
} |
||||
|
} |
||||
|
} |
||||
|
|
||||
|
// 校验token
|
||||
|
if (StringUtils.isBlank(token)) { |
||||
|
return response(exchange,new Result<>().error(EpmetErrorCode.ERR10005.getCode(),EpmetErrorCode.ERR10005.getMsg())); |
||||
|
} |
||||
|
try { |
||||
|
validateTokenDto(baseTokenDto, token); |
||||
|
} catch (RenException e) { |
||||
|
return response(exchange,new Result<>().error(e.getCode(),e.getMsg())); |
||||
|
} |
||||
|
|
||||
|
// 添加header
|
||||
|
if (baseTokenDto != null) { |
||||
|
String redisKey = baseTokenDto.getApp() + "-" + baseTokenDto.getClient() + "-" + baseTokenDto.getUserId(); |
||||
|
logger.info("redisKey=" + redisKey); |
||||
|
exchange.getRequest().mutate() |
||||
|
.header(Constant.APP_USER_KEY, redisKey) |
||||
|
.header(AppClientConstant.APP,baseTokenDto.getApp()) |
||||
|
.header(AppClientConstant.CLIENT,baseTokenDto.getClient()) |
||||
|
.header(AppClientConstant.USER_ID,baseTokenDto.getUserId()); |
||||
|
|
||||
|
if (StringUtils.equals(baseTokenDto.getApp(), "gov")) {//工作端
|
||||
|
if(StringUtils.isNotBlank(customerId)){ |
||||
|
exchange.getRequest().mutate().header(AppClientConstant.CUSTOMER_ID, customerId); |
||||
|
} |
||||
|
} else if (StringUtils.equals(baseTokenDto.getApp(), "public")) {//公众号端
|
||||
|
exchange.getRequest().mutate().header(AppClientConstant.CUSTOMER_ID, customerId); |
||||
|
} |
||||
|
ServerHttpRequest build = exchange.getRequest().mutate().build(); |
||||
|
return chain.filter(exchange.mutate().request(build).build()); |
||||
|
} |
||||
|
|
||||
|
return chain.filter(exchange); |
||||
|
} |
||||
|
|
||||
|
/** |
||||
|
* 从请求中获取token |
||||
|
* @param request |
||||
|
* @return |
||||
|
*/ |
||||
|
private String getTokenFromRequest(ServerHttpRequest request) { |
||||
|
HttpHeaders headers = request.getHeaders(); |
||||
|
String token = headers.getFirst(Constant.AUTHORIZATION_HEADER); |
||||
|
if (StringUtils.isBlank(token)) { |
||||
|
token = headers.getFirst(Constant.TOKEN_HEADER); |
||||
|
} |
||||
|
if (StringUtils.isBlank(token)) { |
||||
|
token = request.getQueryParams().getFirst(Constant.AUTHORIZATION_HEADER); |
||||
|
} |
||||
|
return token; |
||||
|
} |
||||
|
|
||||
|
private BaseTokenDto getBaseTokenDto(String token, JwtTokenUtils jwtTokenUtils) { |
||||
|
//是否过期
|
||||
|
Claims claims = jwtTokenUtils.getClaimByToken(token); |
||||
|
if (claims == null || jwtTokenUtils.isTokenExpired(claims.getExpiration())) { |
||||
|
return null; |
||||
|
} |
||||
|
//获取用户ID
|
||||
|
String app = (String) claims.get("app"); |
||||
|
String client = (String) claims.get("client"); |
||||
|
String userId = (String) claims.get("userId"); |
||||
|
return new BaseTokenDto(app, client, userId, token); |
||||
|
} |
||||
|
|
||||
|
private <T> T getLoginUserInfoByToken(String token, JwtTokenUtils jwtTokenUtils, Class<T> clz) { |
||||
|
BaseTokenDto baseTokenDto = getBaseTokenDto(token, jwtTokenUtils); |
||||
|
//查询Redis
|
||||
|
return cpUserDetailRedis.get(baseTokenDto.getApp(), baseTokenDto.getClient(), baseTokenDto.getUserId(), clz); |
||||
|
} |
||||
|
|
||||
|
/** |
||||
|
* 校验Token是否异常 |
||||
|
* @param tokenDto |
||||
|
* @param tokenStr |
||||
|
*/ |
||||
|
private void validateTokenDto(BaseTokenDto tokenDto, String tokenStr) { |
||||
|
if (null == tokenDto) { |
||||
|
//说明登录状态时效(超时)
|
||||
|
throw new RenException(EpmetErrorCode.ERR10006.getCode()); |
||||
|
}else{ |
||||
|
//Redis中存在数据,取出token,进行比对
|
||||
|
if(StringUtils.equals(tokenDto.getToken(),tokenStr)){ |
||||
|
//用户携带token与Redis中一致
|
||||
|
|
||||
|
}else{ |
||||
|
//用户携带token与Redis中不一致,说明当前用户此次会话失效,提示重新登陆
|
||||
|
throw new RenException(EpmetErrorCode.ERR10007.getCode()); |
||||
|
} |
||||
|
} |
||||
|
} |
||||
|
} |
||||
@ -1,35 +0,0 @@ |
|||||
package com.epmet.filter; |
|
||||
|
|
||||
import com.epmet.commons.tools.exception.EpmetErrorCode; |
|
||||
import com.epmet.commons.tools.exception.RenException; |
|
||||
import com.epmet.commons.tools.security.dto.BaseTokenDto; |
|
||||
import com.epmet.commons.tools.utils.CpUserDetailRedis; |
|
||||
import com.epmet.jwt.JwtTokenUtils; |
|
||||
import io.jsonwebtoken.Claims; |
|
||||
|
|
||||
/** |
|
||||
* 用户token的过滤器接口,提供通用的默认方法 |
|
||||
*/ |
|
||||
public interface UserTokenFilter { |
|
||||
|
|
||||
default BaseTokenDto getBaseTokenDto(String token, JwtTokenUtils jwtTokenUtils) { |
|
||||
//是否过期
|
|
||||
Claims claims = jwtTokenUtils.getClaimByToken(token); |
|
||||
if (claims == null || jwtTokenUtils.isTokenExpired(claims.getExpiration())) { |
|
||||
// throw new RenException(EpmetErrorCode.ERR401.getCode());
|
|
||||
return null; |
|
||||
} |
|
||||
//获取用户ID
|
|
||||
String app = (String) claims.get("app"); |
|
||||
String client = (String) claims.get("client"); |
|
||||
String userId = (String) claims.get("userId"); |
|
||||
return new BaseTokenDto(app, client, userId, token); |
|
||||
} |
|
||||
|
|
||||
default <T> T getLoginUserInfoByToken(String token, JwtTokenUtils jwtTokenUtils, CpUserDetailRedis cpUserDetailRedis, Class<T> clz) { |
|
||||
BaseTokenDto baseTokenDto = getBaseTokenDto(token, jwtTokenUtils); |
|
||||
//查询Redis
|
|
||||
return cpUserDetailRedis.get(baseTokenDto.getApp(), baseTokenDto.getClient(), baseTokenDto.getUserId(), clz); |
|
||||
} |
|
||||
|
|
||||
} |
|
||||
Loading…
Reference in new issue