elink-star
/
ShibeiWorkPlatform
12
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

外部应用鉴权增加时间戳判断,允许5分钟之内的请求

dev_shibei_match
wxz 5 years ago
parent
4376693053
commit
66aa7bfba5
2 changed files with 25 additions and 1 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 23
      epmet-module/epmet-common-service/common-service-server/src/main/java/com/epmet/service/impl/ExternalAppAuthServiceImpl.java
  2. 3
      epmet-module/epmet-common-service/common-service-server/src/main/java/com/epmet/utils/externalapp/ExtAppJwtTokenUtils.java

23
epmet-module/epmet-common-service/common-service-server/src/main/java/com/epmet/service/impl/ExternalAppAuthServiceImpl.java
View File

@ -29,6 +29,8 @@ public class ExternalAppAuthServiceImpl implements ExternalAppAuthService {
@Autowired @Autowired
private ExternalAppSecretDao externalAppSecretDao; private ExternalAppSecretDao externalAppSecretDao;
private int diffMillins = 1000 * 60 * 5;
@Override @Override
public ExternalAppAuthResultDTO auth(String appId, String token) { public ExternalAppAuthResultDTO auth(String appId, String token) {
String secret; String secret;
@ -47,6 +49,18 @@ public class ExternalAppAuthServiceImpl implements ExternalAppAuthService {
String appIdIn = (String)claim.get("appId"); String appIdIn = (String)claim.get("appId");
String customerId = (String)claim.get("customerId"); String customerId = (String)claim.get("customerId");
Long timestamp = (Long)claim.get("ts");
//校验时间戳,允许5分钟误差
if (StringUtils.isAnyBlank(appIdIn, customerId) || timestamp == null) {
logger.error("access token不完整。{},{},{}", appIdIn, customerId, timestamp);
return fillAuthResult(false, "access token不完整。", null);
}
if (!validTimeStamp(timestamp)) {
logger.error("服务器存在时差过大,请求被拒绝", appId, appIdIn);
return fillAuthResult(false, "服务器存在时差过大,请求被拒绝", null);
}
if (!appId.equals(appIdIn)) { if (!appId.equals(appIdIn)) {
logger.error("AppId不对应,token外部的:{}, token内部解析出来的:{}", appId, appIdIn); logger.error("AppId不对应,token外部的:{}, token内部解析出来的:{}", appId, appIdIn);
@ -55,6 +69,15 @@ public class ExternalAppAuthServiceImpl implements ExternalAppAuthService {
return fillAuthResult(true, "解析成功", customerId); return fillAuthResult(true, "解析成功", customerId);
} }
private boolean validTimeStamp(Long timestamp) {
long now = System.currentTimeMillis();
// System.out.println(new Date(timestamp));
if (Math.abs(now - timestamp) > diffMillins) {
return false;
}
return true;
}
/** /**
* 通过APP ID查询对应的秘钥 * 通过APP ID查询对应的秘钥
* @param appId * @param appId

3
epmet-module/epmet-common-service/common-service-server/src/main/java/com/epmet/utils/externalapp/ExtAppJwtTokenUtils.java
View File

@ -76,7 +76,8 @@ public class ExtAppJwtTokenUtils {
public static void genToken() { public static void genToken() {
HashMap<String, Object> claim = new HashMap<>(); HashMap<String, Object> claim = new HashMap<>();
claim.put("appId", "1"); claim.put("appId", "1");
// claim.put("customerId", "c1"); claim.put("customerId", "c1");
claim.put("ts", System.currentTimeMillis() - 1000 * 60 * 4);
String abc = new ExtAppJwtTokenUtils().createToken(claim, "4a762660254c57996343f8ee42fbc0a6"); String abc = new ExtAppJwtTokenUtils().createToken(claim, "4a762660254c57996343f8ee42fbc0a6");
System.out.println(abc); System.out.println(abc);

Write Preview
Loading…
Cancel
Save