luyan
/
epmet-cloud-rizhao0920
forked from rongchao/epmet-cloud-rizhao
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

修复:用户的登录缓存删除之后,继续操作,提示无权限的问题

dev
wxz 4 years ago
parent
3a3a2caba4
commit
a2f7084122
2 changed files with 55 additions and 86 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 129
      epmet-gateway/src/main/java/com/epmet/auth/InternalAuthProcessor.java
  2. 2
      epmet-gateway/src/main/java/com/epmet/jwt/JwtTokenUtils.java

129
epmet-gateway/src/main/java/com/epmet/auth/InternalAuthProcessor.java
View File

@ -5,8 +5,6 @@ import com.epmet.commons.tools.constant.Constant;
import com.epmet.commons.tools.exception.EpmetErrorCode;
import com.epmet.commons.tools.exception.RenException;
import com.epmet.commons.tools.security.dto.BaseTokenDto;
import com.epmet.commons.tools.security.dto.GovTokenDto;
import com.epmet.commons.tools.security.dto.TokenDto;
import com.epmet.commons.tools.utils.CpUserDetailRedis;
import com.epmet.filter.CpProperty;
import com.epmet.jwt.JwtTokenUtils;
@ -22,6 +20,8 @@ import org.springframework.stereotype.Component;
import org.springframework.util.AntPathMatcher;
import org.springframework.web.server.ServerWebExchange;
import java.util.Date;
/**
* 内部认证处理器
*/
@ -47,93 +47,65 @@ public class InternalAuthProcessor extends AuthProcessor {
String requestUri = request.getPath().pathWithinApplication().value();
String token = getTokenFromRequest(request);
//BaseTokenDto baseTokenDto = StringUtils.isNotBlank(token) ? getBaseTokenDto(token, jwtTokenUtils) : null;
BaseTokenDto baseTokenDto;
if(StringUtils.isNotBlank(token)){
try{
baseTokenDto = getBaseTokenDto(token, jwtTokenUtils);
}catch(RenException e){
//return response(exchange,new Result<>().error(e.getCode(),e.getMsg()));
throw new RenException(e.getCode(), e.getInternalMsg());
}
}else{
baseTokenDto = null;
boolean needAuth = needAuth(requestUri);
if (needAuth && StringUtils.isBlank(token)) {
// token不能为空
throw new RenException(EpmetErrorCode.ERR10005.getCode(), EpmetErrorCode.ERR10005.getMsg());
}
BaseTokenDto baseTokenDto = null;
String app = "";
String client = "";
String userId = "";
String customerId = "";
Date expiration = null;
if (baseTokenDto != null) {
if (AppClientConstant.APP_RESI.equals(baseTokenDto.getApp())) {
// 居民端
TokenDto resiTokenDto = getLoginUserInfoByToken(token, jwtTokenUtils, TokenDto.class);
if (resiTokenDto != null) {
customerId = resiTokenDto.getCustomerId();
baseTokenDto = resiTokenDto;
}
} else if (AppClientConstant.APP_GOV.equals(baseTokenDto.getApp())) {
// 政府端
GovTokenDto govTokenDto = getLoginUserInfoByToken(token, jwtTokenUtils, GovTokenDto.class);
if (govTokenDto != null) {
customerId = govTokenDto.getCustomerId();
baseTokenDto = govTokenDto;
if(StringUtils.isNotBlank(token)){
//是否过期
Claims claims = jwtTokenUtils.getClaimByToken(token);
if (claims != null) {
app = (String) claims.get(AppClientConstant.APP);
client = (String) claims.get(AppClientConstant.CLIENT);
userId = (String) claims.get(AppClientConstant.USER_ID);
expiration = claims.getExpiration();
baseTokenDto = cpUserDetailRedis.get(app, client, userId, BaseTokenDto.class);
}
} else if(AppClientConstant.APP_OPER.equals(baseTokenDto.getApp())){
//运营端
TokenDto resiTokenDto = getLoginUserInfoByToken(token, jwtTokenUtils, TokenDto.class);
if (resiTokenDto != null) {
customerId = resiTokenDto.getCustomerId();
baseTokenDto = resiTokenDto;
}
if (baseTokenDto != null) {
customerId = baseTokenDto.getCustomerId();
}
if (needAuth) {
validateToken(baseTokenDto, token, expiration);
}
if (needAuth(requestUri)) {
// 校验token
if (StringUtils.isBlank(token)) {
//return response(exchange, new Result<>().error(EpmetErrorCode.ERR10005.getCode(), EpmetErrorCode.ERR10005.getMsg()));
throw new RenException(EpmetErrorCode.ERR10005.getCode(), EpmetErrorCode.ERR10005.getMsg());
// 添加header
ServerHttpRequest.Builder builder = exchange.getRequest().mutate();
if (StringUtils.isNotBlank(app)) {
builder.header(AppClientConstant.APP, app);
}
try {
validateTokenDto(baseTokenDto, token);
} catch (RenException e) {
//return response(exchange, new Result<>().error(e.getCode(), e.getMsg()));
throw new RenException(e.getCode(), e.getInternalMsg());
if (StringUtils.isNotBlank(client)) {
builder.header(AppClientConstant.CLIENT, client);
}
if (StringUtils.isNotBlank(userId)) {
builder.header(AppClientConstant.USER_ID, userId);
}
// 添加header
if (baseTokenDto != null) {
String redisKey = baseTokenDto.getApp() + "-" + baseTokenDto.getClient() + "-" + baseTokenDto.getUserId();
logger.info("redisKey=" + redisKey);
ServerHttpRequest.Builder builder = exchange.getRequest().mutate();
builder.header(Constant.APP_USER_KEY, redisKey);
builder.header(AppClientConstant.APP,baseTokenDto.getApp());
builder.header(AppClientConstant.CLIENT,baseTokenDto.getClient());
builder.header(AppClientConstant.USER_ID,baseTokenDto.getUserId());
}
if(StringUtils.isNotBlank(customerId)){
if (StringUtils.equalsAny(baseTokenDto.getApp(), AppClientConstant.APP_GOV, AppClientConstant.APP_RESI, "public")) {//工作端/居民端
builder.header(AppClientConstant.CUSTOMER_ID, customerId);
}
}
//if (StringUtils.isNotBlank(baseTokenDto.getCustomerId())) {
// builder.header(AppClientConstant.CUSTOMER_ID,baseTokenDto.getCustomerId());
//}
//
//if (StringUtils.equalsAny(baseTokenDto.getApp(), AppClientConstant.APP_GOV, AppClientConstant.APP_RESI)) {//工作端/居民端
// if(StringUtils.isNotBlank(customerId)){
// exchange.getRequest().mutate().header(AppClientConstant.CUSTOMER_ID, customerId);
// }
//} else if (StringUtils.equals(baseTokenDto.getApp(), "public")) {//公众号端
// exchange.getRequest().mutate().header(AppClientConstant.CUSTOMER_ID, customerId);
//}
ServerHttpRequest build = exchange.getRequest().mutate().build();
return exchange.mutate().request(build).build();
}
return exchange;
ServerHttpRequest shr = builder.build();
return exchange.mutate().request(shr).build();
}
/**
@ -173,6 +145,12 @@ public class InternalAuthProcessor extends AuthProcessor {
return token;
}
/**
* @Description 从用户token中取app,client,userId三项数据
* @return
* @author wxz
* @date 2021.06.11 15:04
*/
private BaseTokenDto getBaseTokenDto(String token, JwtTokenUtils jwtTokenUtils) {
//是否过期
Claims claims = jwtTokenUtils.getClaimByToken(token);
@ -186,29 +164,20 @@ public class InternalAuthProcessor extends AuthProcessor {
return new BaseTokenDto(app, client, userId, token);
}
private <T> T getLoginUserInfoByToken(String token, JwtTokenUtils jwtTokenUtils, Class<T> clz) {
BaseTokenDto baseTokenDto = getBaseTokenDto(token, jwtTokenUtils);
//查询Redis
return cpUserDetailRedis.get(baseTokenDto.getApp(), baseTokenDto.getClient(), baseTokenDto.getUserId(), clz);
}
/**
* 校验Token是否异常
* @param tokenDto
* @param tokenStr
*/
private void validateTokenDto(BaseTokenDto tokenDto, String tokenStr) {
if (null == tokenDto) {
private void validateToken(BaseTokenDto tokenDto, String tokenStr, Date expiration) {
if (null == tokenDto || jwtTokenUtils.isTokenExpired(expiration)) {
//说明登录状态时效(超时)
throw new RenException(EpmetErrorCode.ERR10006.getCode());
throw new RenException(EpmetErrorCode.ERR10006.getCode(), EpmetErrorCode.ERR10006.getMsg());
}else{
//Redis中存在数据,取出token,进行比对
if(StringUtils.equals(tokenDto.getToken(),tokenStr)){
//用户携带token与Redis中一致
}else{
if(!StringUtils.equals(tokenDto.getToken(),tokenStr)){
//用户携带token与Redis中不一致,说明当前用户此次会话失效,提示重新登陆
throw new RenException(EpmetErrorCode.ERR10007.getCode());
throw new RenException(EpmetErrorCode.ERR10007.getCode(), EpmetErrorCode.ERR10007.getMsg());
}
}
}

2
epmet-gateway/src/main/java/com/epmet/jwt/JwtTokenUtils.java
View File

@ -116,7 +116,7 @@ public class JwtTokenUtils {
* @return true过期
*/
public boolean isTokenExpired(Date expiration) {
return expiration.before(new Date());
return expiration == null || expiration.before(new Date());
}
public static void main(String[] args) {

Write Preview
Loading…
Cancel
Save