1、增加获取token、token与cookie同时为空的日志
2、调用山分验证token接口,增加临时token校验
This commit is contained in:
liuh
@ -1,6 +1,7 @@
|
||||
package com.chinaunicom.mall.ebtp.cloud.security.starter.filter;
|
||||
|
||||
import cn.hutool.core.bean.BeanUtil;
|
||||
import cn.hutool.core.util.StrUtil;
|
||||
import com.chinaunicom.mall.ebtp.cloud.security.starter.common.Constants;
|
||||
import com.chinaunicom.mall.ebtp.cloud.security.starter.entity.AuthAllows;
|
||||
import com.chinaunicom.mall.ebtp.cloud.security.starter.entity.RoleCodeAuthority;
|
||||
@ -19,6 +20,7 @@ import org.springframework.web.filter.OncePerRequestFilter;
|
||||
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.Cookie;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.io.IOException;
|
||||
@ -69,7 +71,7 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
|
||||
// 提取request头信息
|
||||
final String header = request.getHeader(AUTHORIZATION_HEADER);
|
||||
final String currentRoleCode = request.getHeader(CURRENT_ROLE_CODE);
|
||||
|
||||
log.debug("header:{},currentRoleCode:{}", header, currentRoleCode);
|
||||
|
||||
try {
|
||||
// 检查请求头是否包含 Bearer 前缀
|
||||
@ -78,12 +80,16 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
|
||||
}
|
||||
// 检查cookie
|
||||
else {
|
||||
Optional.ofNullable(request.getCookies())
|
||||
Optional<Cookie> optionalCookie = Optional.ofNullable(request.getCookies())
|
||||
.flatMap(cookies ->
|
||||
Stream.of(cookies)
|
||||
.filter(item -> StringUtils.equals(item.getName(), COOKIE_TOKEN_CODE))
|
||||
.findFirst())
|
||||
.ifPresent(cookie -> setAuthentication(currentRoleCode, cookie.getValue(), isWhite));
|
||||
.findFirst());
|
||||
if (optionalCookie.isPresent()) {
|
||||
setAuthentication(currentRoleCode, optionalCookie.get().getValue(), isWhite);
|
||||
} else {
|
||||
log.warn("cookie中没有token信息");
|
||||
}
|
||||
}
|
||||
|
||||
} catch (Exception e) {
|
||||
@ -127,14 +133,16 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
|
||||
private Authentication getAuthentication(final String token, final String currentRoleCode,
|
||||
final boolean isWhite) {
|
||||
BaseCacheUser userInfo = client.getUserInfo(token);
|
||||
|
||||
if (Objects.isNull(userInfo)) {// 对象为空, 则说明网络异常feign已熔断
|
||||
// 对象为空, 则说明网络异常feign已熔断
|
||||
if (Objects.isNull(userInfo)) {
|
||||
if (!isWhite) {
|
||||
throw new RemoteTimeoutException(REMOTE_ACCESS_FAILURE);
|
||||
} else {
|
||||
return new UsernamePasswordAuthenticationToken(new SecurityUser(), null, null);
|
||||
}
|
||||
|
||||
} else if (StrUtil.isBlank(userInfo.getUserId())) {
|
||||
return new UsernamePasswordAuthenticationToken(new SecurityUser(), null, null);
|
||||
}
|
||||
SecurityUser securityUser = BeanUtil.toBean(userInfo, SecurityUser.class);
|
||||
// 根据当前角色设定权限列表
|
||||
|
||||
@ -42,12 +42,15 @@ public class UserInfoServiceImpl implements UserInfoService {
|
||||
*/
|
||||
private BaseCacheUser convertToBusinessModel(SecurityEntity raw) {
|
||||
log.debug("userinfo: {}", raw);
|
||||
if (Objects.isNull(raw)) {// 对象为空, 则说明网络异常feign已熔断
|
||||
// 对象为空, 则说明网络异常feign已熔断
|
||||
if (Objects.isNull(raw)) {
|
||||
throw new RemoteTimeoutException(REMOTE_ACCESS_FAILURE);
|
||||
}
|
||||
|
||||
if (Objects.isNull(raw.getStaffId())) {// userid 为空则访问山分认证服务返回信息为null
|
||||
throw new AccessDeniedException(TOKEN_EXPIRED);
|
||||
// userid 为空则访问山分认证服务返回信息为null
|
||||
if (Objects.isNull(raw.getStaffId())) {
|
||||
// throw new AccessDeniedException(TOKEN_EXPIRED);
|
||||
//设置一个空userId,跳出后续不为空校验
|
||||
return new BaseCacheUser().setUserId("");
|
||||
}
|
||||
BaseCacheUser user = new BaseCacheUser().setUserId(raw.getStaffId()).setFullName(raw.getStaffName())
|
||||
.setLoginName(raw.getUsername()).setAuthorityList(filterByEBTP(raw.getAuthorityList()))
|
||||
|
||||
@ -65,7 +65,6 @@ public class FeignConfig implements RequestInterceptor {
|
||||
template.removeHeader(CURRENT_ROLE_CODE);
|
||||
template.header(CURRENT_ROLE_CODE, currentRoleCode);
|
||||
}
|
||||
|
||||
} {
|
||||
String accessToken = getAccessToken();
|
||||
log.info("token=======accessToken===" + accessToken);
|
||||
@ -115,9 +114,9 @@ public class FeignConfig implements RequestInterceptor {
|
||||
String authToken = cookie.get().getValue();
|
||||
template.header(AUTHORIZATION_HEADER, String.format("%s%s", TOKEN_PREFIX, authToken));
|
||||
} else {
|
||||
String access_token = getAccessToken();
|
||||
log.info("token=======access_token==="+access_token);
|
||||
template.header(HttpHeaders.AUTHORIZATION,String.format("%s%s", TOKEN_PREFIX, access_token));
|
||||
String accessToken = getAccessToken();
|
||||
log.info("token=======accessToken==="+accessToken);
|
||||
template.header(HttpHeaders.AUTHORIZATION,String.format("%s%s", TOKEN_PREFIX, accessToken));
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user