update-20220630-fuqj:修改SpringSecurity过滤器中获取人员信息接口,调用extend服务,extend服务实现在山分接口基础上扩展本地角色信息

This commit is contained in:
fuqingji
2022-06-30 10:48:02 +08:00
parent 9db6c905fa
commit 2bff91ac81
6 changed files with 54 additions and 7 deletions

View File

@ -11,4 +11,5 @@
- add日志添加事务排除、try/catch拦截异常 `common.log.service.impl.OperationLogServiceImpl` - add日志添加事务排除、try/catch拦截异常 `common.log.service.impl.OperationLogServiceImpl`
- add: kafka日志发送service添加@Async注解 `common.log.producer.OperationLogKafkaProducer` - add: kafka日志发送service添加@Async注解 `common.log.producer.OperationLogKafkaProducer`
- add: 文件sdk新增修改文件名称接口 `cloud.attachment.sdk.api.AttachmentClient` - add: 文件sdk新增修改文件名称接口 `cloud.attachment.sdk.api.AttachmentClient`
- add: 新增角色-审查人员 `common.constant.EbtpRoleEnum` - add: 新增角色-审查人员 `common.constant.EbtpRoleEnum`
- update-20220630-fuqj修改SpringSecurity过滤器中获取人员信息接口调用extend服务,extend服务实现在山分接口基础上扩展本地角色信息。 `cloud.security.starter.filter.TokenAuthenticationFilter`

View File

@ -15,4 +15,5 @@ public interface Constants {
String ACTUATOR_HEALTH = "actuator/health"; String ACTUATOR_HEALTH = "actuator/health";
String ACTUATOR_PROMETHEUS = "actuator/prometheus"; String ACTUATOR_PROMETHEUS = "actuator/prometheus";
String GET_USERINFO_API = "/v1/userinfo/get";
} }

View File

@ -1,11 +1,11 @@
package com.chinaunicom.mall.ebtp.cloud.security.starter.filter; package com.chinaunicom.mall.ebtp.cloud.security.starter.filter;
import cn.hutool.core.bean.BeanUtil; import cn.hutool.core.bean.BeanUtil;
import cn.hutool.core.util.StrUtil;
import com.chinaunicom.mall.ebtp.cloud.security.starter.common.Constants; import com.chinaunicom.mall.ebtp.cloud.security.starter.common.Constants;
import com.chinaunicom.mall.ebtp.cloud.security.starter.entity.AuthAllows; import com.chinaunicom.mall.ebtp.cloud.security.starter.entity.AuthAllows;
import com.chinaunicom.mall.ebtp.cloud.security.starter.entity.RoleCodeAuthority; import com.chinaunicom.mall.ebtp.cloud.security.starter.entity.RoleCodeAuthority;
import com.chinaunicom.mall.ebtp.cloud.security.starter.entity.SecurityUser; import com.chinaunicom.mall.ebtp.cloud.security.starter.entity.SecurityUser;
import com.chinaunicom.mall.ebtp.cloud.userinfo.starter.client.EbtpUserInfoClient;
import com.chinaunicom.mall.ebtp.cloud.userinfo.starter.service.UserInfoService; import com.chinaunicom.mall.ebtp.cloud.userinfo.starter.service.UserInfoService;
import com.chinaunicom.mall.ebtp.common.base.entity.BaseCacheUser; import com.chinaunicom.mall.ebtp.common.base.entity.BaseCacheUser;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
@ -40,6 +40,8 @@ import static com.chinaunicom.mall.ebtp.cloud.security.starter.common.Constants.
public class TokenAuthenticationFilter extends OncePerRequestFilter { public class TokenAuthenticationFilter extends OncePerRequestFilter {
@Autowired @Autowired
private UserInfoService client; private UserInfoService client;
@Autowired
private EbtpUserInfoClient ebtpClient;
@Autowired @Autowired
@ -68,6 +70,11 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
isNullThenAssignDefault(); isNullThenAssignDefault();
} }
if (GET_USERINFO_API.equals(api)) {
filterChain.doFilter(request, response);
return;
}
// 提取request头信息 // 提取request头信息
final String header = request.getHeader(AUTHORIZATION_HEADER); final String header = request.getHeader(AUTHORIZATION_HEADER);
final String currentRoleCode = request.getHeader(CURRENT_ROLE_CODE); final String currentRoleCode = request.getHeader(CURRENT_ROLE_CODE);
@ -88,7 +95,7 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
if (optionalCookie.isPresent()) { if (optionalCookie.isPresent()) {
setAuthentication(currentRoleCode, optionalCookie.get().getValue(), isWhite); setAuthentication(currentRoleCode, optionalCookie.get().getValue(), isWhite);
} else if (!api.contains(ACTUATOR_HEALTH) && !api.contains(ACTUATOR_PROMETHEUS)) { } else if (!api.contains(ACTUATOR_HEALTH) && !api.contains(ACTUATOR_PROMETHEUS)) {
log.warn("cookie中没有token信息:{}",api); log.warn("cookie中没有token信息:{}", api);
} }
} }
@ -110,7 +117,8 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
return Optional.ofNullable(allows.getApis()).orElseGet(ArrayList::new) return Optional.ofNullable(allows.getApis()).orElseGet(ArrayList::new)
.parallelStream().anyMatch(reg -> Pattern.compile(reg).matcher(methodType + "." + method).matches()) .parallelStream().anyMatch(reg -> Pattern.compile(reg).matcher(methodType + "." + method).matches())
|| method.contains(ACTUATOR_HEALTH) //服务的就绪检测 || method.contains(ACTUATOR_HEALTH) //服务的就绪检测
|| method.contains(ACTUATOR_PROMETHEUS); //prometheus检测 || method.contains(ACTUATOR_PROMETHEUS) //prometheus检测
|| method.contains(GET_USERINFO_API); //获取用户信息接口
} }
@ -132,8 +140,9 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
*/ */
private Authentication getAuthentication(final String token, final String currentRoleCode, private Authentication getAuthentication(final String token, final String currentRoleCode,
final boolean isWhite) { final boolean isWhite) {
BaseCacheUser userInfo = client.getUserInfo(token); // BaseCacheUser userInfo = client.getUserInfo(token);
log.debug("getUserInfo:{}",userInfo.toString()); BaseCacheUser userInfo = ebtpClient.get();
log.debug("getUserInfo:{}", userInfo.toString());
// 对象为空, 则说明网络异常feign已熔断 // 对象为空, 则说明网络异常feign已熔断
if (Objects.isNull(userInfo)) { if (Objects.isNull(userInfo)) {
if (!isWhite) { if (!isWhite) {

View File

@ -0,0 +1,20 @@
package com.chinaunicom.mall.ebtp.cloud.userinfo.starter.client;
import com.chinaunicom.mall.ebtp.cloud.userinfo.starter.fallback.EbtpUserInfoClientFallbackFactory;
import com.chinaunicom.mall.ebtp.common.base.entity.BaseCacheUser;
import org.springframework.cloud.openfeign.FeignClient;
import org.springframework.web.bind.annotation.GetMapping;
/**
* 文档中心数据服务客户端
*
* @author Ajaxfan
*/
@FeignClient(value = "biz-service-ebtp-extend",
fallbackFactory = EbtpUserInfoClientFallbackFactory.class)
public interface EbtpUserInfoClient {
@GetMapping("/v1/userinfo/get")
BaseCacheUser get();
}

View File

@ -1,7 +1,6 @@
package com.chinaunicom.mall.ebtp.cloud.userinfo.starter.client; package com.chinaunicom.mall.ebtp.cloud.userinfo.starter.client;
import com.chinaunicom.mall.ebtp.cloud.security.starter.entity.SecurityEntity; import com.chinaunicom.mall.ebtp.cloud.security.starter.entity.SecurityEntity;
import com.chinaunicom.mall.ebtp.cloud.userinfo.starter.config.UnifastOAuthFeignConfig;
import com.chinaunicom.mall.ebtp.cloud.userinfo.starter.fallback.UnifastOAuthClientFallbackFactory; import com.chinaunicom.mall.ebtp.cloud.userinfo.starter.fallback.UnifastOAuthClientFallbackFactory;
import org.springframework.cloud.openfeign.FeignClient; import org.springframework.cloud.openfeign.FeignClient;
import org.springframework.web.bind.annotation.GetMapping; import org.springframework.web.bind.annotation.GetMapping;

View File

@ -0,0 +1,17 @@
package com.chinaunicom.mall.ebtp.cloud.userinfo.starter.fallback;
import com.chinaunicom.mall.ebtp.cloud.userinfo.starter.client.EbtpUserInfoClient;
import feign.hystrix.FallbackFactory;
import lombok.extern.slf4j.Slf4j;
import org.springframework.stereotype.Component;
@Slf4j
@Component
public class EbtpUserInfoClientFallbackFactory implements FallbackFactory<EbtpUserInfoClient> {
@Override
public EbtpUserInfoClient create(Throwable throwable) {
log.error("EbtpUserInfoClient error : " + throwable.getMessage());
return () -> null;
}
}