优化security代码,提取公共变量
This commit is contained in:
ajaxfan
@ -1,7 +1,9 @@
|
||||
package com.chinaunicom.mall.ebtp.cloud.security.starter;
|
||||
|
||||
import static com.chinaunicom.mall.ebtp.cloud.security.starter.common.Constants.REMOTE_ACCESS_FAILURE;
|
||||
import static com.chinaunicom.mall.ebtp.cloud.security.starter.common.Constants.TOKEN_EXPIRED;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Date;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
@ -16,29 +18,42 @@ import org.springframework.security.web.AuthenticationEntryPoint;
|
||||
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
|
||||
/**
|
||||
* 用户访问认证
|
||||
* 通过实现EntryPoint接口,自定义spring security异常返回
|
||||
*
|
||||
* @author Administrator
|
||||
*/
|
||||
@Slf4j
|
||||
public class UserAuthenticationEntryPoint implements AuthenticationEntryPoint {
|
||||
|
||||
private static final String RESPONSE_CONTENT_TYPE = "application/json;charset=utf-8";
|
||||
private static final String DEFAULT_ERROR_MESSAGE = "System Generic Error";
|
||||
|
||||
/**
|
||||
* @param request
|
||||
* @param response
|
||||
* @param authException
|
||||
* @throws IOException
|
||||
* @throws ServletException
|
||||
*/
|
||||
@Override
|
||||
public void commence(HttpServletRequest request, HttpServletResponse response,
|
||||
AuthenticationException authException) throws IOException, ServletException {
|
||||
response.setContentType("application/json;charset=utf-8");
|
||||
response.setContentType(RESPONSE_CONTENT_TYPE);
|
||||
|
||||
String code = (String) request.getSession().getAttribute("code");
|
||||
String code = (String) request.getSession().getAttribute("code");// security filter 返回的自定义状态码
|
||||
|
||||
Map<String, Object> map = adapterException(StringUtils.defaultIfBlank(code, "System Generic Error"), response);
|
||||
map.put("success", "false");
|
||||
Map<String, Object> map = adapterException(StringUtils.defaultIfBlank(code, DEFAULT_ERROR_MESSAGE), response);
|
||||
map.put("success", false);
|
||||
map.put("path", request.getServletPath());
|
||||
map.put("timestamp", String.valueOf(new Date().getTime()));
|
||||
map.put("timestamp", String.valueOf(System.currentTimeMillis()));
|
||||
|
||||
try {
|
||||
new ObjectMapper().writeValue(response.getOutputStream(), map);
|
||||
} catch (Exception e) {
|
||||
throw new ServletException();
|
||||
log.error(e.getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
@ -47,9 +62,9 @@ public class UserAuthenticationEntryPoint implements AuthenticationEntryPoint {
|
||||
*/
|
||||
private Map<String, Object> adapterException(String code, HttpServletResponse response) {
|
||||
switch (code) {
|
||||
case "90401":
|
||||
case TOKEN_EXPIRED:
|
||||
return accessDenidedException(code, response);
|
||||
case "90500":
|
||||
case REMOTE_ACCESS_FAILURE:
|
||||
return remoteTimeoutException(code, response);
|
||||
default:
|
||||
return globalException(code, response);
|
||||
|
||||
@ -10,4 +10,7 @@ public interface Constants {
|
||||
public static final String CURRENT_ROLE_CODE = "currentRoleCode";
|
||||
public static final String COOKIE_TOKEN_CODE = "mall3_token";
|
||||
|
||||
public static final String TOKEN_EXPIRED = "90403";
|
||||
public static final String REMOTE_ACCESS_FAILURE = "90500";
|
||||
|
||||
}
|
||||
|
||||
@ -32,7 +32,7 @@ public class FeignClientConfiguration {
|
||||
|
||||
int status = response.status();
|
||||
|
||||
if (status >= 400 && status <= 500) {// 客户端异常,启用feign的重试机制
|
||||
if (status >= 400 && status < 500) {// 客户端异常,启用feign的重试机制
|
||||
try {
|
||||
Thread.sleep(3000);// 设定重试延时
|
||||
} catch (InterruptedException e) {
|
||||
|
||||
@ -11,6 +11,7 @@ import lombok.AllArgsConstructor;
|
||||
*/
|
||||
@AllArgsConstructor
|
||||
public class RoleCodeAuthority implements GrantedAuthority {
|
||||
|
||||
private static final long serialVersionUID = -7881153326775335008L;
|
||||
|
||||
private String roleCode;
|
||||
|
||||
@ -1,6 +1,8 @@
|
||||
package com.chinaunicom.mall.ebtp.cloud.security.starter.filter;
|
||||
|
||||
import static com.chinaunicom.mall.ebtp.cloud.security.starter.common.Constants.COOKIE_TOKEN_CODE;
|
||||
import static com.chinaunicom.mall.ebtp.cloud.security.starter.common.Constants.REMOTE_ACCESS_FAILURE;
|
||||
import static com.chinaunicom.mall.ebtp.cloud.security.starter.common.Constants.TOKEN_EXPIRED;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Collections;
|
||||
@ -102,13 +104,13 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
|
||||
*/
|
||||
private Authentication getAuthentication(final String token, final String currentRoleCode) {
|
||||
SecurityUser securityUser = client.getUserInfo();
|
||||
|
||||
|
||||
if (Objects.isNull(securityUser)) {// 对象为空, 则说明网络异常feign已熔断
|
||||
throw new RemoteTimeoutException("90500");
|
||||
throw new RemoteTimeoutException(REMOTE_ACCESS_FAILURE);
|
||||
}
|
||||
|
||||
if (Objects.isNull(securityUser.getUserId())) {// userid 为空则访问山分认证服务返回信息为null
|
||||
throw new AccessDeniedException("90401");
|
||||
throw new AccessDeniedException(TOKEN_EXPIRED);
|
||||
}
|
||||
|
||||
log.info("TokenAuthenticationFilter: token [{}]", token);
|
||||
|
||||
Reference in New Issue
Block a user