From 791a667b15825109d9887437b83fde49564cccc5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E5=88=98=E5=80=A1?= Date: Wed, 30 Apr 2025 16:39:30 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BF=AE=E6=94=B9=E4=BB=A3=E7=A0=81=EF=BC=8C?= =?UTF-8?q?=E5=8E=BB=E9=99=A4apollo=E3=80=81security=E5=92=8Cseata?= =?UTF-8?q?=E9=85=8D=E7=BD=AE=EF=BC=8C=E6=9B=BF=E6=8D=A2=E4=B8=BAnacos?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- mall-ebtp-cloud-jpa-starter/pom.xml | 10 +- pom.xml | 6 + uboot-common/pom.xml | 19 +- .../apollo/starter/ApolloHotLoading.java | 55 --- .../starter/ApolloStarterConfiguration.java | 18 - .../starter/EurekaStarterConfiguration.java | 16 - .../starter/UserAuthenticationEntryPoint.java | 136 -------- .../starter/config/BrowserSecurityConfig.java | 52 --- .../starter/entity/RoleCodeAuthority.java | 23 -- .../filter/TokenAuthenticationFilter.java | 324 ------------------ .../ebtp/common/UbootCommonApplication.java | 2 - .../impl/BaseCacheUserServiceImpl.java | 8 +- .../mall/ebtp/common/config/FeignConfig.java | 2 +- .../main/resources/META-INF/spring.factories | 6 +- .../mall/ebtp/core/UbootCoreApplication.java | 2 - .../ebtp/core/config/FeignSeataConfig.java | 20 -- .../config/SeataExceptionHandlerAdvice.java | 74 ---- 17 files changed, 22 insertions(+), 751 deletions(-) delete mode 100644 uboot-common/src/main/java/com/chinaunicom/mall/ebtp/cloud/apollo/starter/ApolloHotLoading.java delete mode 100644 uboot-common/src/main/java/com/chinaunicom/mall/ebtp/cloud/apollo/starter/ApolloStarterConfiguration.java delete mode 100644 uboot-common/src/main/java/com/chinaunicom/mall/ebtp/cloud/eureka/starter/EurekaStarterConfiguration.java delete mode 100644 uboot-common/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/UserAuthenticationEntryPoint.java delete mode 100644 uboot-common/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/config/BrowserSecurityConfig.java delete mode 100644 uboot-common/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/entity/RoleCodeAuthority.java delete mode 100644 uboot-common/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/filter/TokenAuthenticationFilter.java delete mode 100644 uboot-core/src/main/java/com/chinaunicom/mall/ebtp/core/config/FeignSeataConfig.java delete mode 100644 uboot-core/src/main/java/com/chinaunicom/mall/ebtp/core/config/SeataExceptionHandlerAdvice.java diff --git a/mall-ebtp-cloud-jpa-starter/pom.xml b/mall-ebtp-cloud-jpa-starter/pom.xml index 7965315..845d7bd 100644 --- a/mall-ebtp-cloud-jpa-starter/pom.xml +++ b/mall-ebtp-cloud-jpa-starter/pom.xml @@ -45,11 +45,11 @@ druid-spring-boot-starter - - - io.seata - seata-spring-boot-starter - + + + + + diff --git a/pom.xml b/pom.xml index 56a97ab..c55ea80 100644 --- a/pom.xml +++ b/pom.xml @@ -211,6 +211,12 @@ ${redisson.version} + + com.alibaba.cloud + spring-cloud-starter-alibaba-nacos-discovery + ${com.alibaba.cloud.version} + + diff --git a/uboot-common/pom.xml b/uboot-common/pom.xml index c309f9a..876007d 100644 --- a/uboot-common/pom.xml +++ b/uboot-common/pom.xml @@ -51,17 +51,14 @@ spring-boot-starter-data-redis - - - com.ctrip.framework.apollo - apollo-client + com.alibaba.cloud + spring-cloud-starter-alibaba-nacos-discovery - - org.springframework.cloud - spring-cloud-starter-netflix-eureka-client + org.hibernate.validator + hibernate-validator @@ -120,10 +117,10 @@ - - org.springframework.cloud - spring-cloud-security - + + + + diff --git a/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/cloud/apollo/starter/ApolloHotLoading.java b/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/cloud/apollo/starter/ApolloHotLoading.java deleted file mode 100644 index 12d6078..0000000 --- a/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/cloud/apollo/starter/ApolloHotLoading.java +++ /dev/null @@ -1,55 +0,0 @@ -package com.chinaunicom.mall.ebtp.cloud.apollo.starter; - - -import com.ctrip.framework.apollo.model.ConfigChange; -import com.ctrip.framework.apollo.model.ConfigChangeEvent; -import com.ctrip.framework.apollo.spring.annotation.ApolloConfigChangeListener; -import lombok.extern.slf4j.Slf4j; -import org.springframework.beans.BeansException; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.cloud.context.environment.EnvironmentChangeEvent; -import org.springframework.context.ApplicationContext; -import org.springframework.context.ApplicationContextAware; -import org.springframework.context.annotation.Configuration; -import org.springframework.stereotype.Component; - -/** - * @author f - */ -@Slf4j -@Component -@Configuration -public class ApolloHotLoading implements ApplicationContextAware { - - private ApplicationContext applicationContext; - @Value("${spring.application.name}") - private String applicationName; - - @Override - public void setApplicationContext(ApplicationContext applicationContext) throws BeansException { - this.applicationContext = applicationContext; - } - - - @ApolloConfigChangeListener() - private void someChangeHandler(ConfigChangeEvent changeEvent) { - log.info(" ------------------- {} apolloHotLoading start ------------------", applicationName); - - for (String changedKey : changeEvent.changedKeys()) { - - ConfigChange configChange = changeEvent.getChange(changedKey); - String oldValue = configChange.getOldValue(); - String newValue = configChange.getNewValue(); - log.info("changedKey:【{}】,oldValue=【{}】, newValue:【{}】", changedKey, oldValue, newValue); - } - - refreshProperties(changeEvent); - - log.info(" ------------------- {} apolloHotLoading end ------------------", applicationName); - } - - public void refreshProperties(ConfigChangeEvent changeEvent) { - // 更新相应的bean的属性值,主要是存在@ConfigurationProperties注解的bean - this.applicationContext.publishEvent(new EnvironmentChangeEvent(changeEvent.changedKeys())); - } -} diff --git a/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/cloud/apollo/starter/ApolloStarterConfiguration.java b/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/cloud/apollo/starter/ApolloStarterConfiguration.java deleted file mode 100644 index ded0523..0000000 --- a/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/cloud/apollo/starter/ApolloStarterConfiguration.java +++ /dev/null @@ -1,18 +0,0 @@ -package com.chinaunicom.mall.ebtp.cloud.apollo.starter; - -import com.ctrip.framework.apollo.spring.annotation.EnableApolloConfig; -import org.springframework.context.annotation.Configuration; -import org.springframework.context.annotation.PropertySource; - -/** - * apollo自动装配 - * - * @author ajaxfan - */ -@EnableApolloConfig -@Configuration -@PropertySource("classpath:configuration/apollo-configuration.properties") -public class ApolloStarterConfiguration { - - -} diff --git a/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/cloud/eureka/starter/EurekaStarterConfiguration.java b/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/cloud/eureka/starter/EurekaStarterConfiguration.java deleted file mode 100644 index 9396a68..0000000 --- a/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/cloud/eureka/starter/EurekaStarterConfiguration.java +++ /dev/null @@ -1,16 +0,0 @@ -package com.chinaunicom.mall.ebtp.cloud.eureka.starter; - -import org.springframework.cloud.netflix.eureka.EnableEurekaClient; -import org.springframework.context.annotation.Configuration; -import org.springframework.context.annotation.PropertySource; - -/** - * eureka 自动装配 - * - * @author ajaxfan - */ -@Configuration -@PropertySource("classpath:configuration/eureka-cofiguration.properties") -public class EurekaStarterConfiguration { - -} diff --git a/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/UserAuthenticationEntryPoint.java b/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/UserAuthenticationEntryPoint.java deleted file mode 100644 index 57766dc..0000000 --- a/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/UserAuthenticationEntryPoint.java +++ /dev/null @@ -1,136 +0,0 @@ -package com.chinaunicom.mall.ebtp.cloud.security.starter; - -import com.fasterxml.jackson.databind.ObjectMapper; -import lombok.extern.slf4j.Slf4j; -import org.apache.commons.lang3.StringUtils; -import org.springframework.http.HttpStatus; -import org.springframework.security.authentication.InsufficientAuthenticationException; -import org.springframework.security.core.AuthenticationException; -import org.springframework.security.web.AuthenticationEntryPoint; - -import javax.servlet.ServletException; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.io.IOException; -import java.util.HashMap; -import java.util.Map; - -import static com.chinaunicom.mall.ebtp.cloud.security.starter.common.Constants.*; - -/** - * 通过实现EntryPoint接口,自定义spring security异常返回 - * - * @author Administrator - */ -@Slf4j -public class UserAuthenticationEntryPoint implements AuthenticationEntryPoint { - - private static final String RESPONSE_CONTENT_TYPE = "application/json;charset=utf-8"; - private static final String DEFAULT_ERROR_MESSAGE = "System Generic Error"; - - /** - * @param request - * @param response - * @param authException - * @throws IOException - * @throws ServletException - */ - @Override - public void commence(HttpServletRequest request, HttpServletResponse response, - AuthenticationException authException) throws IOException, ServletException { - response.setContentType(RESPONSE_CONTENT_TYPE); - - String code = (String) request.getSession().getAttribute("code");// security filter 返回的自定义状态码 - log.info("commence :"+code); - //未获取到token 且不在白名单 - if (authException instanceof InsufficientAuthenticationException) { - code = REMOTE_ACCESS_FAILURE; - } - Map map = adapterException(StringUtils.defaultIfBlank(code, DEFAULT_ERROR_MESSAGE), response); - map.put("success", false); - map.put("path", request.getServletPath()); - map.put("timestamp", String.valueOf(System.currentTimeMillis())); - - try { - new ObjectMapper().writeValue(response.getOutputStream(), map); - } catch (Exception e) { - log.error(e.getMessage()); - } - } - - /** - * @param code - */ - private Map adapterException(String code, HttpServletResponse response) { - switch (code) { - case TOKEN_EXPIRED: - return accessDenidedException(code, response); - case REMOTE_ACCESS_FAILURE: - return remoteTimeoutException(code, response); - case REMOTE_ACCESS_CHECK: - return remoteCheckException(code, response); - default: - return globalException(code, response); - } - } - - /** - * token 已失效 - * - * @param code - * @return - */ - private Map accessDenidedException(String code, HttpServletResponse response) { - response.setStatus(HttpStatus.UNAUTHORIZED.value()); - - Map map = new HashMap<>(); - map.put("code", code); - map.put("message", "登录已超期"); - - return map; - } - - /** - * Token 远程认证服务超时 - * - * @param code - * @return - */ - private Map remoteTimeoutException(String code, HttpServletResponse response) { - response.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value()); - - Map map = new HashMap<>(); - map.put("code", code); - map.put("message", "网络繁忙,请稍后再试"); - - return map; - } - /** - * Token 远程认证服务超时 - * - * @param code - * @return - */ - private Map remoteCheckException(String code, HttpServletResponse response) { - response.setStatus(HttpStatus.INTERNAL_SERVER_ERROR.value()); - - Map map = new HashMap<>(); - map.put("code", code); - map.put("message", "无效请求"); - - return map; - } - /** - * @return - */ - private Map globalException(String code, HttpServletResponse response) { - response.setStatus(HttpStatus.UNAUTHORIZED.value()); - - Map map = new HashMap<>(); - map.put("code", -1); - map.put("message", code); - - return map; - } - -} diff --git a/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/config/BrowserSecurityConfig.java b/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/config/BrowserSecurityConfig.java deleted file mode 100644 index ba84f19..0000000 --- a/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/config/BrowserSecurityConfig.java +++ /dev/null @@ -1,52 +0,0 @@ -package com.chinaunicom.mall.ebtp.cloud.security.starter.config; - -import com.chinaunicom.mall.ebtp.cloud.security.starter.UserAuthenticationEntryPoint; -import com.chinaunicom.mall.ebtp.cloud.security.starter.filter.TokenAuthenticationFilter; -import org.springframework.context.annotation.Bean; -import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity; -import org.springframework.security.config.annotation.web.builders.HttpSecurity; -import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; -import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; -import org.springframework.security.config.http.SessionCreationPolicy; -import org.springframework.security.web.AuthenticationEntryPoint; -import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; - -/** - * 安全设置 - * - * @author Ajaxfan - */ -@EnableWebSecurity -@EnableGlobalMethodSecurity(prePostEnabled = false, jsr250Enabled = true, securedEnabled = true) -public class BrowserSecurityConfig extends WebSecurityConfigurerAdapter { - - @Bean - public TokenAuthenticationFilter authenticationTokenFilterBean() { - return new TokenAuthenticationFilter(); - } - - @Bean - public AuthenticationEntryPoint authenticationEntryPoint() { - return new UserAuthenticationEntryPoint(); - } - - /** - * 向Filter链中插入自定义TokenFilter - * - * @param http - * @throws Exception - */ - @Override - protected void configure(HttpSecurity http) throws Exception { - http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint()).and().sessionManagement() - // Spring security 默认是使用 HttpSessionSecurityContextRepository 来存储SecurityContext - // 的, 因我们的应用系统不是基于 login 认证模式, 如果开启session 则会产生 token 缓存问题(即新的请求可能使用的是过期token) - .sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() - .addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class) - // 只对业务节点请求做认证处理 -// .authorizeRequests().antMatchers("/v1/**").authenticated().and() - .authorizeRequests().anyRequest().authenticated().and() - .httpBasic().and().csrf().disable(); - } - -} diff --git a/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/entity/RoleCodeAuthority.java b/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/entity/RoleCodeAuthority.java deleted file mode 100644 index 8866251..0000000 --- a/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/entity/RoleCodeAuthority.java +++ /dev/null @@ -1,23 +0,0 @@ -package com.chinaunicom.mall.ebtp.cloud.security.starter.entity; - -import lombok.AllArgsConstructor; -import org.springframework.security.core.GrantedAuthority; - -/** - * 基于角色的权限信息 - * - * @author Ajaxfan - */ -@AllArgsConstructor -public class RoleCodeAuthority implements GrantedAuthority { - - private static final long serialVersionUID = -7881153326775335008L; - - private String roleCode; - - @Override - public String getAuthority() { - return roleCode; - } - -} diff --git a/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/filter/TokenAuthenticationFilter.java b/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/filter/TokenAuthenticationFilter.java deleted file mode 100644 index 23c95db..0000000 --- a/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/filter/TokenAuthenticationFilter.java +++ /dev/null @@ -1,324 +0,0 @@ -package com.chinaunicom.mall.ebtp.cloud.security.starter.filter; - -import cn.hutool.core.bean.BeanUtil; -import cn.hutool.core.exceptions.ExceptionUtil; -import com.chinaunicom.mall.ebtp.cloud.security.starter.common.Constants; -import com.chinaunicom.mall.ebtp.cloud.security.starter.common.RSAcheck; -import com.chinaunicom.mall.ebtp.cloud.security.starter.entity.AuthAllows; -import com.chinaunicom.mall.ebtp.cloud.security.starter.entity.ExternalAllows; -import com.chinaunicom.mall.ebtp.cloud.security.starter.entity.RoleCodeAuthority; -import com.chinaunicom.mall.ebtp.cloud.security.starter.entity.SecurityUser; -import com.chinaunicom.mall.ebtp.cloud.userinfo.starter.client.EbtpUserInfoClient; -import com.chinaunicom.mall.ebtp.cloud.userinfo.starter.entity.CheckTokenVo; -import com.chinaunicom.mall.ebtp.cloud.userinfo.starter.service.UserInfoService; -import com.chinaunicom.mall.ebtp.common.base.entity.BaseCacheUser; -import com.chinaunicom.mall.ebtp.common.base.entity.BaseResponse; -import com.chinaunicom.mall.ebtp.common.exception.common.CommonExceptionEnum; -import lombok.extern.slf4j.Slf4j; -import org.apache.commons.lang3.RegExUtils; -import org.apache.commons.lang3.StringUtils; -import org.springframework.beans.BeanUtils; -import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.beans.factory.annotation.Qualifier; -import org.springframework.beans.factory.annotation.Value; -import org.springframework.data.redis.core.RedisTemplate; -import org.springframework.http.ResponseEntity; -import org.springframework.remoting.RemoteTimeoutException; -import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; -import org.springframework.security.core.Authentication; -import org.springframework.security.core.context.SecurityContextHolder; -import org.springframework.stereotype.Component; -import org.springframework.web.filter.OncePerRequestFilter; - -import javax.servlet.FilterChain; -import javax.servlet.ServletException; -import javax.servlet.http.Cookie; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import java.io.IOException; -import java.util.*; -import java.util.concurrent.TimeUnit; -import java.util.regex.Pattern; -import java.util.stream.Collectors; -import java.util.stream.Stream; - -import static com.chinaunicom.mall.ebtp.cloud.security.starter.common.Constants.*; - -/** - * 请求Token拦截 - * - * @author Ajaxfan - */ -@Slf4j -@Component -public class TokenAuthenticationFilter extends OncePerRequestFilter { - @Autowired - private UserInfoService client; - - @Autowired - private AuthAllows allows; - @Autowired - private ExternalAllows eAllows; - - @Autowired - private EbtpUserInfoClient ebtpClient; - - @Autowired(required = false) - @Qualifier("userinfoRedisTemplate") - private RedisTemplate redisTemplate; - /** - * @param request - * @param response - * @param filterChain - * @throws ServletException - * @throws IOException - */ - @Override - protected void doFilterInternal(final HttpServletRequest request, final HttpServletResponse response, - final FilterChain filterChain) throws ServletException, IOException { - //解密 恢复请求参数 - //ParameterRequestWrapper requestWrapper = new ParameterRequestWrapper((HttpServletRequest) request,privateKey); - - String api = request.getRequestURI(); - String method = request.getMethod(); - if (!StringUtils.contains(api, ACTUATOR_PROMETHEUS)) { - log.info("--------" + method + " - " + api + "?" + Optional.ofNullable(request.getQueryString()).orElse("")); - } - //String check_header = request.getHeader(HEADER_CHECK_TOKEN); - if(api.contains(CHECK_TOKEN_CONFIG)){ - isNullThenAssignDefault(); - // 过滤链调用 - filterChain.doFilter(request, response); - return; - } - - CheckTokenVo checkTokenVo = client.getCheckTokenByRedis(); - - //校验是否是fegin请求 - String isFeginKey = request.getHeader("isFegin"); - String isFegin = null; - if(isFeginKey!=null&&!"".equals(isFeginKey)) { - try { - isFegin = RSAcheck.decrypt(isFeginKey, checkTokenVo.getCheckprivateKey());//checkprivateKey - } catch (Exception e) { - log.error("isFegin 解密异常", e); - } - } - // 清空上下文中的缓存信息, 防止二次请求时数据异常 (如此, 每次有新的请求进入,都会进行token的验证) - SecurityContextHolder.getContext().setAuthentication(null); - - boolean isWhite = checkWhiteList(api, method); - if (isWhite) { - isNullThenAssignDefault(); - } - - if (GET_USERINFO_API.equals(api)) { - filterChain.doFilter(request, response); - return; - } - - // 提取request头信息 - final String header = request.getHeader(AUTHORIZATION_HEADER); - final String currentRoleCode = request.getHeader(CURRENT_ROLE_CODE); - log.debug("header:{},currentRoleCode:{}", header, currentRoleCode); - Boolean tokenCheckB = false; - try { - - // 检查请求头是否包含 Bearer 前缀 - if (StringUtils.startsWith(header, Constants.TOKEN_PREFIX)) { - setAuthentication(currentRoleCode, RegExUtils.replaceAll(header, Constants.TOKEN_PREFIX, ""), isWhite);// 移除header的前缀,提取出token字串 - tokenCheckB = true; - } - // 检查cookie - else { - Optional optionalCookie = Optional.ofNullable(request.getCookies()) - .flatMap(cookies -> - Stream.of(cookies) - .filter(item -> StringUtils.equals(item.getName(), COOKIE_TOKEN_CODE)) - .findFirst()); - if (optionalCookie.isPresent()) { - setAuthentication(currentRoleCode, optionalCookie.get().getValue(), isWhite); - } else if (!api.contains(ACTUATOR_HEALTH) && !api.contains(ACTUATOR_PROMETHEUS)) { - log.warn("cookie中没有token信息:{}", api); - } - } - - } catch (Exception e) { - request.getSession().setAttribute("code", e.getMessage()); - ExceptionUtil.stacktraceToString(e); - log.error(e.getMessage()); - } - - boolean isExternal = externalCheckWhiteList(api, method); - log.info(api+"|"+isExternal); - //校验token 时间戳 - if(tokenCheckB&&!isExternal&&!isWhite) { - if (!api.contains(ACTUATOR_HEALTH) && !api.contains(ACTUATOR_PROMETHEUS) - && (isFegin == null || !"isFegin".equals(isFegin))) { - BaseCacheUser buser = new BaseCacheUser(); - BeanUtils.copyProperties(SecurityContextHolder.getContext().getAuthentication().getPrincipal(), buser); - log.info("获取用户信息:" + buser); - if (buser != null && buser.getUserId() != null && !"".equals(buser.getUserId())) { - if (!checkTokenTime(request, response, filterChain,checkTokenVo)) { - request.getSession().setAttribute("code", "90501"); - CommonExceptionEnum.FRAME_EXCEPTION_COMMON_DATA_OTHER_ERROR.customValidName("无效请求", true); - } - } - } - } - - // 过滤链调用 - filterChain.doFilter(request, response); - } - - /** - * 校验请求唯一性 - * @param request - */ - public Boolean checkTokenTime(HttpServletRequest request,HttpServletResponse response,FilterChain filterChain,CheckTokenVo checkTokenVo){ - - Boolean b = true; - String check_header = request.getHeader(HEADER_CHECK_TOKEN); - log.info("request check_header:"+check_header); - if("1".equals(checkTokenVo.getOnof())){//onof - return true; - } - - if (check_header!=null&&!"".equals(check_header)) { - String cookieKey = check_header;//optionalCookie.get().getValue(); - log.info("cookieKey:"+cookieKey); - Object o = redisTemplate.opsForValue().get(HEADER_CHECK_TOKEN+":"+cookieKey); - if (o != null) { - String num = String.valueOf(o); - log.info(HEADER_CHECK_TOKEN+":"+cookieKey+"= "+num); - if("2".equals(num)){ - log.error("请求连接已使用过"); - b = false; - }else{ - redisTemplate.opsForValue().set(HEADER_CHECK_TOKEN+":"+cookieKey, 2, 20, TimeUnit.SECONDS); - } - }else{ - redisTemplate.opsForValue().set(HEADER_CHECK_TOKEN+":"+cookieKey, 1, 20, TimeUnit.SECONDS); - } - - String header = request.getHeader(AUTHORIZATION_HEADER);//请求头token - header = RegExUtils.replaceAll(header, Constants.TOKEN_PREFIX, ""); - String cookieValue = ""; - try { - cookieValue = RSAcheck.decrypt(cookieKey, checkTokenVo.getCheckprivateKey());//checkprivateKey - }catch (Exception e){ - b = false; - } - log.info("header :"+header); - log.info("cookieValue :"+cookieValue); - String[] checkValues = String.valueOf(cookieValue).split("_");//0 token 1 token 时间 - if (!header.equals(checkValues[0])) { - log.error("请求连接token不一致"); - b = false; - } - //SimpleDateFormat format = new SimpleDateFormat("yyyyMMddHHmmss"); - long newDateLong = System.currentTimeMillis(); - long inDateLong = Long.valueOf(checkValues[1]).longValue(); - -// log.info("newDateLong:"+newDateLong); -// log.info("inDateLong:"+inDateLong); -// log.info("kswTimeLimit:"+checkTokenVo.getTimeLimit());//kswTimeLimit -// log.info("newDateLong - inDateLong :"+(newDateLong - inDateLong)); -// log.info("newDateLong - inDateLong 结果 :"+((newDateLong - inDateLong) > Long.valueOf(checkTokenVo.getTimeLimit()).longValue())); - if ((newDateLong - inDateLong) > Long.valueOf(checkTokenVo.getTimeLimit()).longValue()) {// - log.error("请求已超时"); - b = false; - } - - } else { - log.error("请求未授权"); - b = false; - } - return b; - } - - /** - * 白名单验证 - * - * @param method url地址 - * @param methodType 请求方式 GET - * @return - */ - private boolean checkWhiteList(String method, String methodType) { - return Optional.ofNullable(allows.getApis()).orElseGet(ArrayList::new) - .parallelStream().anyMatch(reg -> Pattern.compile(reg).matcher(methodType + "." + method).matches()) - || method.contains(ACTUATOR_HEALTH) //服务的就绪检测 - || method.contains(ACTUATOR_PROMETHEUS) //prometheus检测 - || method.contains(GET_USERINFO_API); //获取用户信息接口 - } - /** - * 外部接口白名单验证 - * - * @param method url地址 - * @param methodType 请求方式 GET - * @return - */ - private boolean externalCheckWhiteList(String method, String methodType) { - return Optional.ofNullable(eAllows.getApis()).orElseGet(ArrayList::new) - .parallelStream().anyMatch(reg -> Pattern.compile(reg).matcher(methodType + "." + method).matches()) - || method.contains(ACTUATOR_HEALTH) //服务的就绪检测 - || method.contains(ACTUATOR_PROMETHEUS) //prometheus检测 - || method.contains(GET_USERINFO_API); //获取用户信息接口 - } - - - /** - * 设置认证用户信息 - * - * @param currentRoleCode - * @param authToken - */ - private void setAuthentication(final String currentRoleCode, final String authToken, final boolean isWhite) { - SecurityContextHolder.getContext().setAuthentication(getAuthentication(authToken, currentRoleCode, isWhite)); - } - - /** - * 调用山分的认证中心接口,获取该token的绑定信息 - * - * @param token - * @return - */ - private Authentication getAuthentication(final String token, final String currentRoleCode, - final boolean isWhite) { - BaseCacheUser userInfo = client.getUserInfo(token); -// BaseCacheUser userInfo = ebtpClient.get(); - log.debug("getUserInfo:{}", userInfo.toString()); - // 对象为空, 则说明网络异常feign已熔断 - if (Objects.isNull(userInfo)) { - if (!isWhite) { - throw new RemoteTimeoutException(REMOTE_ACCESS_FAILURE); - } else { - return new UsernamePasswordAuthenticationToken(new SecurityUser(), null, null); - } - - } else if ("temporaryUser".equals(userInfo.getUserId())) { - return new UsernamePasswordAuthenticationToken(new SecurityUser(), null, null); - } - SecurityUser securityUser = BeanUtil.toBean(userInfo, SecurityUser.class); - // 根据当前角色设定权限列表 - List authorities = Optional.ofNullable(securityUser.getAuthorityList()).map(list -> { - return list.stream().filter(auth -> StringUtils.equals(auth.getRoleCode(), currentRoleCode)) - .map(auth -> new RoleCodeAuthority(auth.getRoleCode())).collect(Collectors.toList()); - }).orElse(Collections.emptyList()); - - return new UsernamePasswordAuthenticationToken(securityUser.setCurrentRoleCode(currentRoleCode), token, - authorities); - } - - /** - * 未发现token和session信息,则使用空的用户认证对象放行服务 - */ - private void isNullThenAssignDefault() { - if (Objects.isNull(SecurityContextHolder.getContext().getAuthentication())) { - SecurityContextHolder.getContext() - .setAuthentication(new UsernamePasswordAuthenticationToken(new SecurityUser(), null, null)); - } - } - - -} diff --git a/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/common/UbootCommonApplication.java b/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/common/UbootCommonApplication.java index abee84d..3dc3d69 100644 --- a/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/common/UbootCommonApplication.java +++ b/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/common/UbootCommonApplication.java @@ -3,8 +3,6 @@ package com.chinaunicom.mall.ebtp.common; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.autoconfigure.jdbc.DataSourceAutoConfiguration; -import org.springframework.cloud.netflix.eureka.EnableEurekaClient; -import org.springframework.cloud.openfeign.EnableFeignClients; /** * Hello world! diff --git a/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/common/base/service/impl/BaseCacheUserServiceImpl.java b/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/common/base/service/impl/BaseCacheUserServiceImpl.java index fbfddb0..55c365d 100644 --- a/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/common/base/service/impl/BaseCacheUserServiceImpl.java +++ b/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/common/base/service/impl/BaseCacheUserServiceImpl.java @@ -3,14 +3,8 @@ package com.chinaunicom.mall.ebtp.common.base.service.impl; import com.chinaunicom.mall.ebtp.common.base.entity.BaseCacheUser; import com.chinaunicom.mall.ebtp.common.base.service.IBaseCacheUserService; import lombok.extern.slf4j.Slf4j; -import org.springframework.beans.BeanUtils; -import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.stereotype.Service; -import java.util.Collection; -import java.util.Map; -import java.util.concurrent.ConcurrentHashMap; - /** * 缓存用户service实现层 获取缓存用户信息 * @@ -27,7 +21,7 @@ public class BaseCacheUserServiceImpl implements IBaseCacheUserService { public BaseCacheUser getCacheUser() { BaseCacheUser buser = new BaseCacheUser(); try { - BeanUtils.copyProperties(SecurityContextHolder.getContext().getAuthentication().getPrincipal(), buser); +// BeanUtils.copyProperties(SecurityContextHolder.getContext().getAuthentication().getPrincipal(), buser); } catch (Exception e) { log.error(e.getMessage()); } diff --git a/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/common/config/FeignConfig.java b/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/common/config/FeignConfig.java index fdb1037..48a485e 100644 --- a/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/common/config/FeignConfig.java +++ b/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/common/config/FeignConfig.java @@ -37,7 +37,7 @@ import static com.chinaunicom.mall.ebtp.cloud.security.starter.common.Constants. /** * 通过拦截器来为header注入token */ -@Configuration +//@Configuration @Slf4j public class FeignConfig implements RequestInterceptor { diff --git a/uboot-common/src/main/resources/META-INF/spring.factories b/uboot-common/src/main/resources/META-INF/spring.factories index 5282315..cb92c60 100644 --- a/uboot-common/src/main/resources/META-INF/spring.factories +++ b/uboot-common/src/main/resources/META-INF/spring.factories @@ -12,12 +12,8 @@ # security # swagger org.springframework.boot.autoconfigure.EnableAutoConfiguration=\ - com.chinaunicom.mall.ebtp.cloud.apollo.starter.ApolloStarterConfiguration,\ com.chinaunicom.ebtp.mall.cloud.attachment.sdk.config.SDKAutoConfiguration,\ - com.chinaunicom.mall.ebtp.cloud.eureka.starter.EurekaStarterConfiguration,\ com.chinaunicom.mall.ebtp.cloud.feign.starter.FeignStarterConfiguration,\ com.chinaunicom.mall.ebtp.cloud.log.starter.LogStarterConfiguration,\ com.chinaunicom.mall.ebtp.cloud.redis.starter.RedisStarterConfiguration,\ - com.chinaunicom.mall.ebtp.cloud.security.starter.SecurityStarterConfiguration,\ - com.chinaunicom.mall.ebtp.cloud.security.starter.config.BrowserSecurityConfig,\ - com.chinaunicom.mall.ebtp.cloud.swagger.starter.SwaggerStarterConfiguration \ No newline at end of file + com.chinaunicom.mall.ebtp.cloud.swagger.starter.SwaggerStarterConfiguration diff --git a/uboot-core/src/main/java/com/chinaunicom/mall/ebtp/core/UbootCoreApplication.java b/uboot-core/src/main/java/com/chinaunicom/mall/ebtp/core/UbootCoreApplication.java index 6ac56c8..9159678 100644 --- a/uboot-core/src/main/java/com/chinaunicom/mall/ebtp/core/UbootCoreApplication.java +++ b/uboot-core/src/main/java/com/chinaunicom/mall/ebtp/core/UbootCoreApplication.java @@ -3,8 +3,6 @@ package com.chinaunicom.mall.ebtp.core; import org.mybatis.spring.annotation.MapperScan; import org.springframework.boot.SpringApplication; import org.springframework.boot.autoconfigure.SpringBootApplication; -import org.springframework.cloud.netflix.eureka.EnableEurekaClient; -import org.springframework.cloud.openfeign.EnableFeignClients; import org.springframework.context.annotation.ComponentScan; @MapperScan({"com.chinaunicom.mall.ebtp.core.**.dao"}) diff --git a/uboot-core/src/main/java/com/chinaunicom/mall/ebtp/core/config/FeignSeataConfig.java b/uboot-core/src/main/java/com/chinaunicom/mall/ebtp/core/config/FeignSeataConfig.java deleted file mode 100644 index 743a107..0000000 --- a/uboot-core/src/main/java/com/chinaunicom/mall/ebtp/core/config/FeignSeataConfig.java +++ /dev/null @@ -1,20 +0,0 @@ -package com.chinaunicom.mall.ebtp.core.config; - -import com.chinaunicom.mall.ebtp.common.config.FeignConfig; -import feign.RequestTemplate; -import io.seata.core.context.RootContext; -import org.apache.commons.lang.StringUtils; -import org.springframework.context.annotation.Configuration; - -@Configuration -public class FeignSeataConfig extends FeignConfig { - - @Override - public void apply(RequestTemplate template) { - String xid = RootContext.getXID(); - if (StringUtils.isNotEmpty(xid)) { - template.header(RootContext.KEY_XID, xid); - } - } - -} diff --git a/uboot-core/src/main/java/com/chinaunicom/mall/ebtp/core/config/SeataExceptionHandlerAdvice.java b/uboot-core/src/main/java/com/chinaunicom/mall/ebtp/core/config/SeataExceptionHandlerAdvice.java deleted file mode 100644 index 127021e..0000000 --- a/uboot-core/src/main/java/com/chinaunicom/mall/ebtp/core/config/SeataExceptionHandlerAdvice.java +++ /dev/null @@ -1,74 +0,0 @@ -package com.chinaunicom.mall.ebtp.core.config; - -import cn.hutool.core.exceptions.ExceptionUtil; -import com.chinaunicom.mall.ebtp.common.base.entity.BaseResponse; -import io.seata.core.context.RootContext; -import io.seata.core.exception.RmTransactionException; -import lombok.Getter; -import lombok.Setter; -import lombok.extern.slf4j.Slf4j; -import org.apache.commons.lang3.StringUtils; -import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty; -import org.springframework.core.annotation.Order; -import org.springframework.http.HttpStatus; -import org.springframework.transaction.TransactionSystemException; -import org.springframework.web.bind.annotation.ControllerAdvice; -import org.springframework.web.bind.annotation.ExceptionHandler; -import org.springframework.web.bind.annotation.ResponseBody; -import org.springframework.web.bind.annotation.ResponseStatus; - -import javax.servlet.http.HttpServletRequest; -import java.util.Objects; - -/** - * 异常处理 拦截BindException异常,返回HttpStatus是400的绑定错误信息 - * 拦截FrameException异常,返回HttpStatus是406的业务处理错误信息(支持自定义状态码) - * 拦截Exception异常,返回HttpStatus是500服务器内部异常 - * - * @author fqj - * @date 2020年9月3日 11:42:25 - */ -@Slf4j -@ControllerAdvice -@Order(1) -@ResponseBody -@ConditionalOnProperty(name = "mconfig.io.seata.core.exception-handle-enabled", matchIfMissing = true) -public class SeataExceptionHandlerAdvice { - - @ExceptionHandler({TransactionSystemException.class, RmTransactionException.class}) - @ResponseStatus(HttpStatus.BAD_REQUEST) - public BaseResponse handleTransactionSystemException(HttpServletRequest request, - TransactionSystemException exception) { - log.info(ExceptionUtil.stacktraceToString(exception)); - if (((String) Objects.requireNonNull(exception.getMessage())).contains("may be has finished")) { - String xid = RootContext.getXID(); - if (StringUtils.isNotEmpty(xid)) { - RootContext.unbind(); - log.info("TransactionSystemException ----- suspending current transaction,xid = {}", xid); - - return BaseResponse.fail("系统繁忙,请重试", null); - } - } - return BaseResponse.fail("系统异常", exception.getMessage()); - } - - /** - * 参数异常 - */ - @Getter - @Setter - class ArgumentInvalidResult { - /** - * 字段名 - */ - private String field; - /** - * 输入的错误值 - */ - private Object rejectedValue; - /** - * 错误信息 - */ - private String defaultMessage; - } -} \ No newline at end of file