外部应用，打开token时间戳校验

5 years ago · 44d81a9845
3 changed files with 10 additions and 11 deletions
--- a/epmet-commons/epmet-commons-extapp-auth/src/main/java/com/epmet/commons/extappauth/aspect/ExternalAppRequestAuthAspect.java
+++ b/epmet-commons/epmet-commons-extapp-auth/src/main/java/com/epmet/commons/extappauth/aspect/ExternalAppRequestAuthAspect.java
@ -63,7 +63,8 @@ public class ExternalAppRequestAuthAspect {
            throw new RenException("请求头中的token和appId不能为空");
        }

-        logger.info("外部应用请求认证拦截Aspect执行，appId:{}, token:{}", appId, token);
+        logger.info("外部应用请求认证拦截Aspect执行，appId:{}, token:{}, ts:{}, customerId:{}, authType:{}",
+                appId, token, ts, customerId, authType);

        ExternalAppAuthFormDTO form = new ExternalAppAuthFormDTO();
        form.setAppId(appId);
--- a/epmet-module/epmet-common-service/common-service-server/src/main/java/com/epmet/utils/externalapp/ExtAppJwtAuthProcessor.java
+++ b/epmet-module/epmet-common-service/common-service-server/src/main/java/com/epmet/utils/externalapp/ExtAppJwtAuthProcessor.java
@ -45,11 +45,10 @@ public class ExtAppJwtAuthProcessor extends ExtAppAuthProcessor {
            return fillAuthResult(false, "access token不完整。", null);
        }

-        // TODO 暂时去掉时间差判断
-        //if (!validTimeStamp(timestamp)) {
-        //    logger.error("服务器存在时差过大，请求被拒绝");
-        //    return fillAuthResult(false, "服务器存在时差过大，请求被拒绝", null);
-        //}
+        if (!validTimeStamp(timestamp)) {
+            logger.error("extapp token已经超时，请求被拒绝");
+            return fillAuthResult(false, "extapp token已经超时，请求被拒绝", null);
+        }

        if (!appId.equals(appIdIn)) {
            logger.error("AppId不对应，token外部的:{}, token内部解析出来的:{}", appId, appIdIn);
--- a/epmet-module/epmet-common-service/common-service-server/src/main/java/com/epmet/utils/externalapp/ExtAppMD5AuthProcessor.java
+++ b/epmet-module/epmet-common-service/common-service-server/src/main/java/com/epmet/utils/externalapp/ExtAppMD5AuthProcessor.java
@ -30,11 +30,10 @@ public class ExtAppMD5AuthProcessor extends ExtAppAuthProcessor {
            return fillAuthResult(false, "签名不匹配，认证失败", null);
        }

-        // TODO 暂时去掉时间差判断
-        //if (!validTimeStamp(ts)) {
-        //    logger.error("服务器存在时差过大，请求被拒绝");
-        //    return fillAuthResult(false, "服务器存在时差过大，请求被拒绝", null);
-        //}
+        if (!validTimeStamp(ts)) {
+            logger.error("extapp token已经超时，请求被拒绝");
+            return fillAuthResult(false, "extapp token已经超时，请求被拒绝", null);
+        }

        return fillAuthResult(true, "签名匹配，认证成功", null);
    }