2.3.0版本

2024-04-16 17:05:15 +08:00
parent 5d1a6227e8
commit adeb21fa9e
3 changed files with 66 additions and 22 deletions
--- a/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/common/RSAcheck.java
+++ b/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/common/RSAcheck.java
@ -299,25 +299,29 @@ public class RSAcheck {
            System.out.println("字符类型私钥:" + privateKey);

            System.out.println("公钥加密——私钥解密---------------");
-            SimpleDateFormat format = new SimpleDateFormat("yyyyMMddHHmmss");
-            String source = "831357ef-3a80-40b3-9563-6451a7a8d605_"+(format.format(new Date()));
-//            System.out.println("\r加密前文字：\r\n" + source);
-//            byte[] data = source.getBytes();
-//            byte[] encodedData = encryptByPublicKey(data, publicKey);
-//
-//            System.out.println("加密后文字：\r\n" + encryptBASE64(encodedData));
-//            byte[] decodedData = decryptByPrivateKey(encodedData, privateKey);
-//            String target = new String(decodedData);
-//            System.out.println("解密后文字: \r\n" + target);
-
+            long newDateLong = System.currentTimeMillis();
+            String source = "831357ef-3a80-40b3-9563-6451a7a8d605_"+(newDateLong);
+            System.out.println(source);
            System.out.println("\r加密前文字：\r\n" + source);
-            String ciphertext = encryptDatafd(source, publicKey);
-            System.out.println(ciphertext);
+            byte[] data = source.getBytes();
+            byte[] encodedData = encryptByPublicKey(data, publicKey);
+//
+            System.out.println("加密后文字：\r\n" + encryptBASE64(encodedData));
+            //byte[] encodedData2 = Base64.getDecoder().decode("");
+//            byte[] decodedData = decryptByPrivateKey(encodedData2, privateKey);
+//            String target = new String(decodedData);
+            String s = encryptBASE64(encodedData);//
+            String v = decrypt(s,privateKey);
+            System.out.println("解密后文字: \r\n" + v);

-            String data = decryptDatafd(ciphertext, privateKey);
-            System.out.println(data);
-            String data2 = decryptDatafd("IaDxV6UytgKPh2g/4fh2jvuiKJV7bRrbaSG7jqZ+94oOsCsxvL1wMl09tAF8B2N2Eex4vKtt/LQvouLJXdlBVg==", privateKey);
-            System.out.println(data2);
+//            System.out.println("\r加密前文字：\r\n" + source);
+//            String ciphertext = encryptDatafd(source, publicKey);
+//            System.out.println(ciphertext);
+//
+//            String data = decryptDatafd(ciphertext, privateKey);
+//            System.out.println(data);
+//            String data2 = decryptDatafd("IaDxV6UytgKPh2g/4fh2jvuiKJV7bRrbaSG7jqZ+94oOsCsxvL1wMl09tAF8B2N2Eex4vKtt/LQvouLJXdlBVg==", privateKey);
+//            System.out.println(data2);

        } catch (Exception e) {
            e.printStackTrace();
--- a/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/entity/ExternalAllows.java
+++ b/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/entity/ExternalAllows.java
@ -0,0 +1,22 @@
+package com.chinaunicom.mall.ebtp.cloud.security.starter.entity;
+
+
+import lombok.Data;
+import lombok.experimental.Accessors;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+
+import java.util.List;
+
+/**
+ * @author f
+ */
+@Data
+@Configuration
+@ConfigurationProperties(prefix = "external")
+@Accessors(chain = true)
+public class ExternalAllows {
+
+    private List<String> apis;
+
+}
--- a/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/filter/TokenAuthenticationFilter.java
+++ b/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/filter/TokenAuthenticationFilter.java
@ -5,6 +5,7 @@ import cn.hutool.core.exceptions.ExceptionUtil;
 import com.chinaunicom.mall.ebtp.cloud.security.starter.common.Constants;
 import com.chinaunicom.mall.ebtp.cloud.security.starter.common.RSAcheck;
 import com.chinaunicom.mall.ebtp.cloud.security.starter.entity.AuthAllows;
+import com.chinaunicom.mall.ebtp.cloud.security.starter.entity.ExternalAllows;
 import com.chinaunicom.mall.ebtp.cloud.security.starter.entity.RoleCodeAuthority;
 import com.chinaunicom.mall.ebtp.cloud.security.starter.entity.SecurityUser;
 import com.chinaunicom.mall.ebtp.cloud.userinfo.starter.service.UserInfoService;
@ -63,6 +64,9 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {

    @Autowired
    private AuthAllows allows;
+    @Autowired
+    private ExternalAllows eAllows;
+

    //private String checkprivateKey="MIIBVAIBADANBgkqhkiG9w0BAQEFAASCAT4wggE6AgEAAkEAk7N3OeQS9WJa/v5dX/s9/DCKpJ8kOjR1Zrh1X+TF98udqGbGBWmiyVk2SqGPA4Q9kUCWw46CocjE047gx5AFrQIDAQABAkAIHG/stvCvlxImNLPOBI8X3VaPycmEhML5vCF9/aM9g1SuFa298Q5W8FqAmm8SE5lRpw2yyToWtLbufJtAa7wFAiEAxViJBkLU4wfPCwiPiAn17owXbocC9rj3fAzEH9DYDdcCIQC/mZp4ujO035Qqw2QQeFWpDc/vITx1OTWaxq6/LvvwGwIgXTZLSmzItw9aKOD7QotJ4UnES41zxetp4er5u/leA3MCIGcRw2ZEjII1b+hdOdweT75kfsId9/77apm7Xc/c/4yXAiEAnBrCiVXRNN+slO0MYaxynr4eIiPG/EjYBYxXlwBpeOc=";

@ -88,10 +92,7 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
            log.info("--------" + method + " - " + api + "?" + Optional.ofNullable(request.getQueryString()).orElse(""));
        }
        String check_header = request.getHeader(HEADER_CHECK_TOKEN);
-        log.info("HEADER_CHECK_TOKEN:"+HEADER_CHECK_TOKEN);
-        log.info("check_header:"+check_header);
        String isFeginKey = request.getHeader("isFegin");
-        log.info("isFeginKey: " + isFeginKey);
        String isFegin = null;
        if(isFeginKey!=null&&!"".equals(isFeginKey)) {
            try {
@ -144,9 +145,12 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
            ExceptionUtil.stacktraceToString(e);
            log.error(e.getMessage());
        }
+
+        boolean isExternal = externalCheckWhiteList(api, method);
+        log.info(api+"|"+isExternal);
+        log.info("check白名单|"+eAllows.getApis());
        //校验token 时间戳
-        log.info("校验token时间戳");
-        if(tokenCheckB) {
+        if(tokenCheckB&&!isExternal&&!isWhite) {
            if (!api.contains(ACTUATOR_HEALTH) && !api.contains(ACTUATOR_PROMETHEUS)
                    && (isFegin == null || !"isFegin".equals(isFegin))) {
                BaseCacheUser buser = new BaseCacheUser();
@ -262,6 +266,20 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
                || method.contains(ACTUATOR_PROMETHEUS) //prometheus检测
                || method.contains(GET_USERINFO_API); //获取用户信息接口
    }
+    /**
+     * 外部接口白名单验证
+     *
+     * @param method     url地址
+     * @param methodType 请求方式 GET
+     * @return
+     */
+    private boolean externalCheckWhiteList(String method, String methodType) {
+        return Optional.ofNullable(eAllows.getApis()).orElseGet(ArrayList::new)
+                .parallelStream().anyMatch(reg -> Pattern.compile(reg).matcher(methodType + "." + method).matches())
+                || method.contains(ACTUATOR_HEALTH) //服务的就绪检测
+                || method.contains(ACTUATOR_PROMETHEUS) //prometheus检测
+                || method.contains(GET_USERINFO_API); //获取用户信息接口
+    }


    /**