liuchang/mall-ebtp-cloud
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

安全拦截器增加了cookie信息拦截

Browse Source
This commit is contained in:
ajaxfan
2021-04-23 15:17:36 +08:00
parent 9c870bc61a
commit bc00a89462
1 changed files with 25 additions and 8 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/filter/TokenAuthenticationFilter.java
View File

@ -1,11 +1,14 @@
package com.chinaunicom.mall.ebtp.cloud.security.starter.filter;
import static com.chinaunicom.mall.ebtp.cloud.security.starter.common.Constants.COOKIE_TOKEN_CODE;
import java.io.IOException;
import java.util.Collections;
import java.util.List;
import java.util.Objects;
import java.util.Optional;
import java.util.stream.Collectors;
import java.util.stream.Stream;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
@ -60,18 +63,32 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
// 检查请求头是否包含 Bearer 前缀
if (StringUtils.startsWith(header, Constants.TOKEN_PREFIX)) {
// 移除header的前缀提取出token字串
String authToken = RegExUtils.replaceAll(header, Constants.TOKEN_PREFIX, "");
try {// 通过token读取用户信息 (新增用户当前角色字段: 2021-03-05)
SecurityContextHolder.getContext().setAuthentication(getAuthentication(authToken, currentRoleCode));
} catch (Exception e) {
log.error(e.getMessage());
}
setAuthentication(currentRoleCode, RegExUtils.replaceAll(header, Constants.TOKEN_PREFIX, ""));// 移除header的前缀提取出token字串
}
// 检查cookie
else {
Optional.ofNullable(request.getCookies()).ifPresent(cookies -> {
Stream.of(cookies).filter(item -> StringUtils.equals(item.getName(), COOKIE_TOKEN_CODE)).findFirst()
.ifPresent(cookie -> setAuthentication(currentRoleCode, cookie.getValue()));
});
}
filterChain.doFilter(request, response);
}
/**
* 设置认证用户信息
*
* @param currentRoleCode
* @param authToken
*/
private void setAuthentication(final String currentRoleCode, final String authToken) {
try {// 通过token读取用户信息 (新增用户当前角色字段: 2021-03-05)
SecurityContextHolder.getContext().setAuthentication(getAuthentication(authToken, currentRoleCode));
} catch (Exception e) {
log.error(e.getMessage());
}
}
/**
* 调用山分的认证中心接口获取该token的绑定信息
*