优化security代码,提取公共变量
This commit is contained in:
ajaxfan
@ -1,7 +1,9 @@
|
|||||||
package com.chinaunicom.mall.ebtp.cloud.security.starter;
|
package com.chinaunicom.mall.ebtp.cloud.security.starter;
|
||||||
|
|
||||||
|
import static com.chinaunicom.mall.ebtp.cloud.security.starter.common.Constants.REMOTE_ACCESS_FAILURE;
|
||||||
|
import static com.chinaunicom.mall.ebtp.cloud.security.starter.common.Constants.TOKEN_EXPIRED;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.util.Date;
|
|
||||||
import java.util.HashMap;
|
import java.util.HashMap;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
@ -16,29 +18,42 @@ import org.springframework.security.web.AuthenticationEntryPoint;
|
|||||||
|
|
||||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||||
|
|
||||||
|
import lombok.extern.slf4j.Slf4j;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 用户访问认证
|
* 通过实现EntryPoint接口,自定义spring security异常返回
|
||||||
*
|
*
|
||||||
* @author Administrator
|
* @author Administrator
|
||||||
*/
|
*/
|
||||||
|
@Slf4j
|
||||||
public class UserAuthenticationEntryPoint implements AuthenticationEntryPoint {
|
public class UserAuthenticationEntryPoint implements AuthenticationEntryPoint {
|
||||||
|
|
||||||
|
private static final String RESPONSE_CONTENT_TYPE = "application/json;charset=utf-8";
|
||||||
|
private static final String DEFAULT_ERROR_MESSAGE = "System Generic Error";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @param request
|
||||||
|
* @param response
|
||||||
|
* @param authException
|
||||||
|
* @throws IOException
|
||||||
|
* @throws ServletException
|
||||||
|
*/
|
||||||
@Override
|
@Override
|
||||||
public void commence(HttpServletRequest request, HttpServletResponse response,
|
public void commence(HttpServletRequest request, HttpServletResponse response,
|
||||||
AuthenticationException authException) throws IOException, ServletException {
|
AuthenticationException authException) throws IOException, ServletException {
|
||||||
response.setContentType("application/json;charset=utf-8");
|
response.setContentType(RESPONSE_CONTENT_TYPE);
|
||||||
|
|
||||||
String code = (String) request.getSession().getAttribute("code");
|
String code = (String) request.getSession().getAttribute("code");// security filter 返回的自定义状态码
|
||||||
|
|
||||||
Map<String, Object> map = adapterException(StringUtils.defaultIfBlank(code, "System Generic Error"), response);
|
Map<String, Object> map = adapterException(StringUtils.defaultIfBlank(code, DEFAULT_ERROR_MESSAGE), response);
|
||||||
map.put("success", "false");
|
map.put("success", false);
|
||||||
map.put("path", request.getServletPath());
|
map.put("path", request.getServletPath());
|
||||||
map.put("timestamp", String.valueOf(new Date().getTime()));
|
map.put("timestamp", String.valueOf(System.currentTimeMillis()));
|
||||||
|
|
||||||
try {
|
try {
|
||||||
new ObjectMapper().writeValue(response.getOutputStream(), map);
|
new ObjectMapper().writeValue(response.getOutputStream(), map);
|
||||||
} catch (Exception e) {
|
} catch (Exception e) {
|
||||||
throw new ServletException();
|
log.error(e.getMessage());
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -47,9 +62,9 @@ public class UserAuthenticationEntryPoint implements AuthenticationEntryPoint {
|
|||||||
*/
|
*/
|
||||||
private Map<String, Object> adapterException(String code, HttpServletResponse response) {
|
private Map<String, Object> adapterException(String code, HttpServletResponse response) {
|
||||||
switch (code) {
|
switch (code) {
|
||||||
case "90401":
|
case TOKEN_EXPIRED:
|
||||||
return accessDenidedException(code, response);
|
return accessDenidedException(code, response);
|
||||||
case "90500":
|
case REMOTE_ACCESS_FAILURE:
|
||||||
return remoteTimeoutException(code, response);
|
return remoteTimeoutException(code, response);
|
||||||
default:
|
default:
|
||||||
return globalException(code, response);
|
return globalException(code, response);
|
||||||
|
|||||||
@ -10,4 +10,7 @@ public interface Constants {
|
|||||||
public static final String CURRENT_ROLE_CODE = "currentRoleCode";
|
public static final String CURRENT_ROLE_CODE = "currentRoleCode";
|
||||||
public static final String COOKIE_TOKEN_CODE = "mall3_token";
|
public static final String COOKIE_TOKEN_CODE = "mall3_token";
|
||||||
|
|
||||||
|
public static final String TOKEN_EXPIRED = "90403";
|
||||||
|
public static final String REMOTE_ACCESS_FAILURE = "90500";
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -32,7 +32,7 @@ public class FeignClientConfiguration {
|
|||||||
|
|
||||||
int status = response.status();
|
int status = response.status();
|
||||||
|
|
||||||
if (status >= 400 && status <= 500) {// 客户端异常,启用feign的重试机制
|
if (status >= 400 && status < 500) {// 客户端异常,启用feign的重试机制
|
||||||
try {
|
try {
|
||||||
Thread.sleep(3000);// 设定重试延时
|
Thread.sleep(3000);// 设定重试延时
|
||||||
} catch (InterruptedException e) {
|
} catch (InterruptedException e) {
|
||||||
|
|||||||
@ -11,6 +11,7 @@ import lombok.AllArgsConstructor;
|
|||||||
*/
|
*/
|
||||||
@AllArgsConstructor
|
@AllArgsConstructor
|
||||||
public class RoleCodeAuthority implements GrantedAuthority {
|
public class RoleCodeAuthority implements GrantedAuthority {
|
||||||
|
|
||||||
private static final long serialVersionUID = -7881153326775335008L;
|
private static final long serialVersionUID = -7881153326775335008L;
|
||||||
|
|
||||||
private String roleCode;
|
private String roleCode;
|
||||||
|
|||||||
@ -1,6 +1,8 @@
|
|||||||
package com.chinaunicom.mall.ebtp.cloud.security.starter.filter;
|
package com.chinaunicom.mall.ebtp.cloud.security.starter.filter;
|
||||||
|
|
||||||
import static com.chinaunicom.mall.ebtp.cloud.security.starter.common.Constants.COOKIE_TOKEN_CODE;
|
import static com.chinaunicom.mall.ebtp.cloud.security.starter.common.Constants.COOKIE_TOKEN_CODE;
|
||||||
|
import static com.chinaunicom.mall.ebtp.cloud.security.starter.common.Constants.REMOTE_ACCESS_FAILURE;
|
||||||
|
import static com.chinaunicom.mall.ebtp.cloud.security.starter.common.Constants.TOKEN_EXPIRED;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
@ -104,11 +106,11 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
|
|||||||
SecurityUser securityUser = client.getUserInfo();
|
SecurityUser securityUser = client.getUserInfo();
|
||||||
|
|
||||||
if (Objects.isNull(securityUser)) {// 对象为空, 则说明网络异常feign已熔断
|
if (Objects.isNull(securityUser)) {// 对象为空, 则说明网络异常feign已熔断
|
||||||
throw new RemoteTimeoutException("90500");
|
throw new RemoteTimeoutException(REMOTE_ACCESS_FAILURE);
|
||||||
}
|
}
|
||||||
|
|
||||||
if (Objects.isNull(securityUser.getUserId())) {// userid 为空则访问山分认证服务返回信息为null
|
if (Objects.isNull(securityUser.getUserId())) {// userid 为空则访问山分认证服务返回信息为null
|
||||||
throw new AccessDeniedException("90401");
|
throw new AccessDeniedException(TOKEN_EXPIRED);
|
||||||
}
|
}
|
||||||
|
|
||||||
log.info("TokenAuthenticationFilter: token [{}]", token);
|
log.info("TokenAuthenticationFilter: token [{}]", token);
|
||||||
|
|||||||
Reference in New Issue
Block a user