From 398bda40b1b624da64798c9b7682c7b48067dd5a Mon Sep 17 00:00:00 2001 From: ajaxfan <909938737@qq.com> Date: Mon, 17 May 2021 14:16:52 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96security=E4=BB=A3=E7=A0=81?= =?UTF-8?q?=EF=BC=8C=E6=8F=90=E5=8F=96=E5=85=AC=E5=85=B1=E5=8F=98=E9=87=8F?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../starter/UserAuthenticationEntryPoint.java | 35 +++++++++++++------ .../security/starter/common/Constants.java | 3 ++ .../config/FeignClientConfiguration.java | 2 +- .../starter/entity/RoleCodeAuthority.java | 1 + .../filter/TokenAuthenticationFilter.java | 8 +++-- 5 files changed, 35 insertions(+), 14 deletions(-) diff --git a/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/UserAuthenticationEntryPoint.java b/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/UserAuthenticationEntryPoint.java index 2a31ed2..a32d200 100644 --- a/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/UserAuthenticationEntryPoint.java +++ b/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/UserAuthenticationEntryPoint.java @@ -1,7 +1,9 @@ package com.chinaunicom.mall.ebtp.cloud.security.starter; +import static com.chinaunicom.mall.ebtp.cloud.security.starter.common.Constants.REMOTE_ACCESS_FAILURE; +import static com.chinaunicom.mall.ebtp.cloud.security.starter.common.Constants.TOKEN_EXPIRED; + import java.io.IOException; -import java.util.Date; import java.util.HashMap; import java.util.Map; @@ -16,29 +18,42 @@ import org.springframework.security.web.AuthenticationEntryPoint; import com.fasterxml.jackson.databind.ObjectMapper; +import lombok.extern.slf4j.Slf4j; + /** - * 用户访问认证 + * 通过实现EntryPoint接口,自定义spring security异常返回 * * @author Administrator */ +@Slf4j public class UserAuthenticationEntryPoint implements AuthenticationEntryPoint { + private static final String RESPONSE_CONTENT_TYPE = "application/json;charset=utf-8"; + private static final String DEFAULT_ERROR_MESSAGE = "System Generic Error"; + + /** + * @param request + * @param response + * @param authException + * @throws IOException + * @throws ServletException + */ @Override public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException) throws IOException, ServletException { - response.setContentType("application/json;charset=utf-8"); + response.setContentType(RESPONSE_CONTENT_TYPE); - String code = (String) request.getSession().getAttribute("code"); + String code = (String) request.getSession().getAttribute("code");// security filter 返回的自定义状态码 - Map map = adapterException(StringUtils.defaultIfBlank(code, "System Generic Error"), response); - map.put("success", "false"); + Map map = adapterException(StringUtils.defaultIfBlank(code, DEFAULT_ERROR_MESSAGE), response); + map.put("success", false); map.put("path", request.getServletPath()); - map.put("timestamp", String.valueOf(new Date().getTime())); + map.put("timestamp", String.valueOf(System.currentTimeMillis())); try { new ObjectMapper().writeValue(response.getOutputStream(), map); } catch (Exception e) { - throw new ServletException(); + log.error(e.getMessage()); } } @@ -47,9 +62,9 @@ public class UserAuthenticationEntryPoint implements AuthenticationEntryPoint { */ private Map adapterException(String code, HttpServletResponse response) { switch (code) { - case "90401": + case TOKEN_EXPIRED: return accessDenidedException(code, response); - case "90500": + case REMOTE_ACCESS_FAILURE: return remoteTimeoutException(code, response); default: return globalException(code, response); diff --git a/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/common/Constants.java b/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/common/Constants.java index 4621c1f..46ea1f2 100644 --- a/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/common/Constants.java +++ b/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/common/Constants.java @@ -10,4 +10,7 @@ public interface Constants { public static final String CURRENT_ROLE_CODE = "currentRoleCode"; public static final String COOKIE_TOKEN_CODE = "mall3_token"; + public static final String TOKEN_EXPIRED = "90403"; + public static final String REMOTE_ACCESS_FAILURE = "90500"; + } diff --git a/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/config/FeignClientConfiguration.java b/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/config/FeignClientConfiguration.java index f65dcd5..ee5b899 100644 --- a/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/config/FeignClientConfiguration.java +++ b/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/config/FeignClientConfiguration.java @@ -32,7 +32,7 @@ public class FeignClientConfiguration { int status = response.status(); - if (status >= 400 && status <= 500) {// 客户端异常,启用feign的重试机制 + if (status >= 400 && status < 500) {// 客户端异常,启用feign的重试机制 try { Thread.sleep(3000);// 设定重试延时 } catch (InterruptedException e) { diff --git a/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/entity/RoleCodeAuthority.java b/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/entity/RoleCodeAuthority.java index cd8af06..9adf76b 100644 --- a/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/entity/RoleCodeAuthority.java +++ b/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/entity/RoleCodeAuthority.java @@ -11,6 +11,7 @@ import lombok.AllArgsConstructor; */ @AllArgsConstructor public class RoleCodeAuthority implements GrantedAuthority { + private static final long serialVersionUID = -7881153326775335008L; private String roleCode; diff --git a/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/filter/TokenAuthenticationFilter.java b/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/filter/TokenAuthenticationFilter.java index 44522cf..a5c10bb 100644 --- a/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/filter/TokenAuthenticationFilter.java +++ b/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/filter/TokenAuthenticationFilter.java @@ -1,6 +1,8 @@ package com.chinaunicom.mall.ebtp.cloud.security.starter.filter; import static com.chinaunicom.mall.ebtp.cloud.security.starter.common.Constants.COOKIE_TOKEN_CODE; +import static com.chinaunicom.mall.ebtp.cloud.security.starter.common.Constants.REMOTE_ACCESS_FAILURE; +import static com.chinaunicom.mall.ebtp.cloud.security.starter.common.Constants.TOKEN_EXPIRED; import java.io.IOException; import java.util.Collections; @@ -102,13 +104,13 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter { */ private Authentication getAuthentication(final String token, final String currentRoleCode) { SecurityUser securityUser = client.getUserInfo(); - + if (Objects.isNull(securityUser)) {// 对象为空, 则说明网络异常feign已熔断 - throw new RemoteTimeoutException("90500"); + throw new RemoteTimeoutException(REMOTE_ACCESS_FAILURE); } if (Objects.isNull(securityUser.getUserId())) {// userid 为空则访问山分认证服务返回信息为null - throw new AccessDeniedException("90401"); + throw new AccessDeniedException(TOKEN_EXPIRED); } log.info("TokenAuthenticationFilter: token [{}]", token);