rongchao
/
epmet-cloud-rizhao
1
0
Fork 1
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

修复:用户的登录缓存删除之后,继续操作,提示无权限的问题

dev
wxz 4 years ago
parent
3a3a2caba4
commit
a2f7084122
2 changed files with 55 additions and 86 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Unified View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 139
      epmet-gateway/src/main/java/com/epmet/auth/InternalAuthProcessor.java
  2. 2
      epmet-gateway/src/main/java/com/epmet/jwt/JwtTokenUtils.java

139
epmet-gateway/src/main/java/com/epmet/auth/InternalAuthProcessor.java
View File

@ -5,8 +5,6 @@ import com.epmet.commons.tools.constant.Constant;
import com.epmet.commons.tools.exception.EpmetErrorCode; import com.epmet.commons.tools.exception.EpmetErrorCode;
import com.epmet.commons.tools.exception.RenException; import com.epmet.commons.tools.exception.RenException;
import com.epmet.commons.tools.security.dto.BaseTokenDto; import com.epmet.commons.tools.security.dto.BaseTokenDto;
import com.epmet.commons.tools.security.dto.GovTokenDto;
import com.epmet.commons.tools.security.dto.TokenDto;
import com.epmet.commons.tools.utils.CpUserDetailRedis; import com.epmet.commons.tools.utils.CpUserDetailRedis;
import com.epmet.filter.CpProperty; import com.epmet.filter.CpProperty;
import com.epmet.jwt.JwtTokenUtils; import com.epmet.jwt.JwtTokenUtils;
@ -22,6 +20,8 @@ import org.springframework.stereotype.Component;
import org.springframework.util.AntPathMatcher; import org.springframework.util.AntPathMatcher;
import org.springframework.web.server.ServerWebExchange; import org.springframework.web.server.ServerWebExchange;
import java.util.Date;
/** /**
* 内部认证处理器 * 内部认证处理器
*/ */
@ -47,93 +47,65 @@ public class InternalAuthProcessor extends AuthProcessor {
String requestUri = request.getPath().pathWithinApplication().value(); String requestUri = request.getPath().pathWithinApplication().value();
String token = getTokenFromRequest(request); String token = getTokenFromRequest(request);
//BaseTokenDto baseTokenDto = StringUtils.isNotBlank(token) ? getBaseTokenDto(token, jwtTokenUtils) : null; boolean needAuth = needAuth(requestUri);
BaseTokenDto baseTokenDto;
if(StringUtils.isNotBlank(token)){ if (needAuth && StringUtils.isBlank(token)) {
try{ // token不能为空
baseTokenDto = getBaseTokenDto(token, jwtTokenUtils); throw new RenException(EpmetErrorCode.ERR10005.getCode(), EpmetErrorCode.ERR10005.getMsg());
}catch(RenException e){
//return response(exchange,new Result<>().error(e.getCode(),e.getMsg()));
throw new RenException(e.getCode(), e.getInternalMsg());
}
}else{
baseTokenDto = null;
} }
BaseTokenDto baseTokenDto = null;
String app = "";
String client = "";
String userId = "";
String customerId = ""; String customerId = "";
Date expiration = null;
if (baseTokenDto != null) { if(StringUtils.isNotBlank(token)){
if (AppClientConstant.APP_RESI.equals(baseTokenDto.getApp())) { //是否过期
// 居民端 Claims claims = jwtTokenUtils.getClaimByToken(token);
TokenDto resiTokenDto = getLoginUserInfoByToken(token, jwtTokenUtils, TokenDto.class); if (claims != null) {
if (resiTokenDto != null) { app = (String) claims.get(AppClientConstant.APP);
customerId = resiTokenDto.getCustomerId(); client = (String) claims.get(AppClientConstant.CLIENT);
baseTokenDto = resiTokenDto; userId = (String) claims.get(AppClientConstant.USER_ID);
} expiration = claims.getExpiration();
} else if (AppClientConstant.APP_GOV.equals(baseTokenDto.getApp())) { baseTokenDto = cpUserDetailRedis.get(app, client, userId, BaseTokenDto.class);
// 政府端
GovTokenDto govTokenDto = getLoginUserInfoByToken(token, jwtTokenUtils, GovTokenDto.class);
if (govTokenDto != null) {
customerId = govTokenDto.getCustomerId();
baseTokenDto = govTokenDto;
}
} else if(AppClientConstant.APP_OPER.equals(baseTokenDto.getApp())){
//运营端
TokenDto resiTokenDto = getLoginUserInfoByToken(token, jwtTokenUtils, TokenDto.class);
if (resiTokenDto != null) {
customerId = resiTokenDto.getCustomerId();
baseTokenDto = resiTokenDto;
}
} }
} }
if (needAuth(requestUri)) { if (baseTokenDto != null) {
// 校验token customerId = baseTokenDto.getCustomerId();
if (StringUtils.isBlank(token)) { }
//return response(exchange, new Result<>().error(EpmetErrorCode.ERR10005.getCode(), EpmetErrorCode.ERR10005.getMsg()));
throw new RenException(EpmetErrorCode.ERR10005.getCode(), EpmetErrorCode.ERR10005.getMsg()); if (needAuth) {
} validateToken(baseTokenDto, token, expiration);
try {
validateTokenDto(baseTokenDto, token);
} catch (RenException e) {
//return response(exchange, new Result<>().error(e.getCode(), e.getMsg()));
throw new RenException(e.getCode(), e.getInternalMsg());
}
} }
// 添加header // 添加header
ServerHttpRequest.Builder builder = exchange.getRequest().mutate();
if (StringUtils.isNotBlank(app)) {
builder.header(AppClientConstant.APP, app);
}
if (StringUtils.isNotBlank(client)) {
builder.header(AppClientConstant.CLIENT, client);
}
if (StringUtils.isNotBlank(userId)) {
builder.header(AppClientConstant.USER_ID, userId);
}
if (baseTokenDto != null) { if (baseTokenDto != null) {
String redisKey = baseTokenDto.getApp() + "-" + baseTokenDto.getClient() + "-" + baseTokenDto.getUserId(); String redisKey = baseTokenDto.getApp() + "-" + baseTokenDto.getClient() + "-" + baseTokenDto.getUserId();
logger.info("redisKey=" + redisKey); logger.info("redisKey=" + redisKey);
ServerHttpRequest.Builder builder = exchange.getRequest().mutate();
builder.header(Constant.APP_USER_KEY, redisKey); builder.header(Constant.APP_USER_KEY, redisKey);
builder.header(AppClientConstant.APP,baseTokenDto.getApp()); }
builder.header(AppClientConstant.CLIENT,baseTokenDto.getClient());
builder.header(AppClientConstant.USER_ID,baseTokenDto.getUserId());
if(StringUtils.isNotBlank(customerId)){
if (StringUtils.equalsAny(baseTokenDto.getApp(), AppClientConstant.APP_GOV, AppClientConstant.APP_RESI, "public")) {//工作端/居民端
builder.header(AppClientConstant.CUSTOMER_ID, customerId);
}
}
//if (StringUtils.isNotBlank(baseTokenDto.getCustomerId())) { if(StringUtils.isNotBlank(customerId)){
// builder.header(AppClientConstant.CUSTOMER_ID,baseTokenDto.getCustomerId()); builder.header(AppClientConstant.CUSTOMER_ID, customerId);
//}
//
//if (StringUtils.equalsAny(baseTokenDto.getApp(), AppClientConstant.APP_GOV, AppClientConstant.APP_RESI)) {//工作端/居民端
// if(StringUtils.isNotBlank(customerId)){
// exchange.getRequest().mutate().header(AppClientConstant.CUSTOMER_ID, customerId);
// }
//} else if (StringUtils.equals(baseTokenDto.getApp(), "public")) {//公众号端
// exchange.getRequest().mutate().header(AppClientConstant.CUSTOMER_ID, customerId);
//}
ServerHttpRequest build = exchange.getRequest().mutate().build();
return exchange.mutate().request(build).build();
} }
return exchange; ServerHttpRequest shr = builder.build();
return exchange.mutate().request(shr).build();
} }
/** /**
@ -173,6 +145,12 @@ public class InternalAuthProcessor extends AuthProcessor {
return token; return token;
} }
/**
* @Description 从用户token中取app,client,userId三项数据
* @return
* @author wxz
* @date 2021.06.11 15:04
*/
private BaseTokenDto getBaseTokenDto(String token, JwtTokenUtils jwtTokenUtils) { private BaseTokenDto getBaseTokenDto(String token, JwtTokenUtils jwtTokenUtils) {
//是否过期 //是否过期
Claims claims = jwtTokenUtils.getClaimByToken(token); Claims claims = jwtTokenUtils.getClaimByToken(token);
@ -186,29 +164,20 @@ public class InternalAuthProcessor extends AuthProcessor {
return new BaseTokenDto(app, client, userId, token); return new BaseTokenDto(app, client, userId, token);
} }
private <T> T getLoginUserInfoByToken(String token, JwtTokenUtils jwtTokenUtils, Class<T> clz) {
BaseTokenDto baseTokenDto = getBaseTokenDto(token, jwtTokenUtils);
//查询Redis
return cpUserDetailRedis.get(baseTokenDto.getApp(), baseTokenDto.getClient(), baseTokenDto.getUserId(), clz);
}
/** /**
* 校验Token是否异常 * 校验Token是否异常
* @param tokenDto * @param tokenDto
* @param tokenStr * @param tokenStr
*/ */
private void validateTokenDto(BaseTokenDto tokenDto, String tokenStr) { private void validateToken(BaseTokenDto tokenDto, String tokenStr, Date expiration) {
if (null == tokenDto) { if (null == tokenDto || jwtTokenUtils.isTokenExpired(expiration)) {
//说明登录状态时效(超时) //说明登录状态时效(超时)
throw new RenException(EpmetErrorCode.ERR10006.getCode()); throw new RenException(EpmetErrorCode.ERR10006.getCode(), EpmetErrorCode.ERR10006.getMsg());
}else{ }else{
//Redis中存在数据,取出token,进行比对 //Redis中存在数据,取出token,进行比对
if(StringUtils.equals(tokenDto.getToken(),tokenStr)){ if(!StringUtils.equals(tokenDto.getToken(),tokenStr)){
//用户携带token与Redis中一致
}else{
//用户携带token与Redis中不一致,说明当前用户此次会话失效,提示重新登陆 //用户携带token与Redis中不一致,说明当前用户此次会话失效,提示重新登陆
throw new RenException(EpmetErrorCode.ERR10007.getCode()); throw new RenException(EpmetErrorCode.ERR10007.getCode(), EpmetErrorCode.ERR10007.getMsg());
} }
} }
} }

2
epmet-gateway/src/main/java/com/epmet/jwt/JwtTokenUtils.java
View File

@ -116,7 +116,7 @@ public class JwtTokenUtils {
* @return true过期 * @return true过期
*/ */
public boolean isTokenExpired(Date expiration) { public boolean isTokenExpired(Date expiration) {
return expiration.before(new Date()); return expiration == null || expiration.before(new Date());
} }
public static void main(String[] args) { public static void main(String[] args) {

Write Preview
Loading…
Cancel
Save