From d1a965ca9a5a880d8db026e213b3241861e9ac4f Mon Sep 17 00:00:00 2001
From: liuh <gipsyliu@163.com>
Date: Wed, 2 Mar 2022 14:54:44 +0800
Subject: [PATCH] =?UTF-8?q?1=E3=80=81=E5=A2=9E=E5=8A=A0=E8=8E=B7=E5=8F=96t?=
 =?UTF-8?q?oken=E3=80=81token=E4=B8=8Ecookie=E5=90=8C=E6=97=B6=E4=B8=BA?=
 =?UTF-8?q?=E7=A9=BA=E7=9A=84=E6=97=A5=E5=BF=97=202=E3=80=81=E8=B0=83?=
 =?UTF-8?q?=E7=94=A8=E5=B1=B1=E5=88=86=E9=AA=8C=E8=AF=81token=E6=8E=A5?=
 =?UTF-8?q?=E5=8F=A3=EF=BC=8C=E5=A2=9E=E5=8A=A0=E4=B8=B4=E6=97=B6token?=
 =?UTF-8?q?=E6=A0=A1=E9=AA=8C?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../filter/TokenAuthenticationFilter.java     | 20 +++++++++++++------
 .../service/impl/UserInfoServiceImpl.java     | 11 ++++++----
 .../mall/ebtp/common/config/FeignConfig.java  |  7 +++----
 3 files changed, 24 insertions(+), 14 deletions(-)

diff --git a/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/filter/TokenAuthenticationFilter.java b/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/filter/TokenAuthenticationFilter.java
index 96d7b37..6513063 100644
--- a/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/filter/TokenAuthenticationFilter.java
+++ b/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/filter/TokenAuthenticationFilter.java
@@ -1,6 +1,7 @@
 package com.chinaunicom.mall.ebtp.cloud.security.starter.filter;
 
 import cn.hutool.core.bean.BeanUtil;
+import cn.hutool.core.util.StrUtil;
 import com.chinaunicom.mall.ebtp.cloud.security.starter.common.Constants;
 import com.chinaunicom.mall.ebtp.cloud.security.starter.entity.AuthAllows;
 import com.chinaunicom.mall.ebtp.cloud.security.starter.entity.RoleCodeAuthority;
@@ -19,6 +20,7 @@ import org.springframework.web.filter.OncePerRequestFilter;
 
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
+import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.IOException;
@@ -69,7 +71,7 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
         // 提取request头信息
         final String header = request.getHeader(AUTHORIZATION_HEADER);
         final String currentRoleCode = request.getHeader(CURRENT_ROLE_CODE);
-
+        log.debug("header:{},currentRoleCode:{}", header, currentRoleCode);
 
         try {
             // 检查请求头是否包含 Bearer 前缀
@@ -78,12 +80,16 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
             }
             // 检查cookie
             else {
-                Optional.ofNullable(request.getCookies())
+                Optional<Cookie> optionalCookie = Optional.ofNullable(request.getCookies())
                         .flatMap(cookies ->
                                 Stream.of(cookies)
                                         .filter(item -> StringUtils.equals(item.getName(), COOKIE_TOKEN_CODE))
-                                        .findFirst())
-                        .ifPresent(cookie -> setAuthentication(currentRoleCode, cookie.getValue(), isWhite));
+                                        .findFirst());
+                if (optionalCookie.isPresent()) {
+                    setAuthentication(currentRoleCode, optionalCookie.get().getValue(), isWhite);
+                } else {
+                    log.warn("cookie中没有token信息");
+                }
             }
 
         } catch (Exception e) {
@@ -127,14 +133,16 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
     private Authentication getAuthentication(final String token, final String currentRoleCode,
                                              final boolean isWhite) {
         BaseCacheUser userInfo = client.getUserInfo(token);
-
-        if (Objects.isNull(userInfo)) {// 对象为空， 则说明网络异常feign已熔断
+        // 对象为空， 则说明网络异常feign已熔断
+        if (Objects.isNull(userInfo)) {
             if (!isWhite) {
                 throw new RemoteTimeoutException(REMOTE_ACCESS_FAILURE);
             } else {
                 return new UsernamePasswordAuthenticationToken(new SecurityUser(), null, null);
             }
 
+        } else if (StrUtil.isBlank(userInfo.getUserId())) {
+            return new UsernamePasswordAuthenticationToken(new SecurityUser(), null, null);
         }
         SecurityUser securityUser = BeanUtil.toBean(userInfo, SecurityUser.class);
         // 根据当前角色设定权限列表
diff --git a/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/cloud/userinfo/starter/service/impl/UserInfoServiceImpl.java b/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/cloud/userinfo/starter/service/impl/UserInfoServiceImpl.java
index 48cd23a..cba8a39 100644
--- a/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/cloud/userinfo/starter/service/impl/UserInfoServiceImpl.java
+++ b/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/cloud/userinfo/starter/service/impl/UserInfoServiceImpl.java
@@ -42,12 +42,15 @@ public class UserInfoServiceImpl implements UserInfoService {
      */
     private BaseCacheUser convertToBusinessModel(SecurityEntity raw) {
         log.debug("userinfo: {}", raw);
-        if (Objects.isNull(raw)) {// 对象为空， 则说明网络异常feign已熔断
+        // 对象为空， 则说明网络异常feign已熔断
+        if (Objects.isNull(raw)) {
             throw new RemoteTimeoutException(REMOTE_ACCESS_FAILURE);
         }
-
-        if (Objects.isNull(raw.getStaffId())) {// userid 为空则访问山分认证服务返回信息为null
-            throw new AccessDeniedException(TOKEN_EXPIRED);
+        // userid 为空则访问山分认证服务返回信息为null
+        if (Objects.isNull(raw.getStaffId())) {
+//            throw new AccessDeniedException(TOKEN_EXPIRED);
+            //设置一个空userId，跳出后续不为空校验
+            return new BaseCacheUser().setUserId("");
         }
         BaseCacheUser user = new BaseCacheUser().setUserId(raw.getStaffId()).setFullName(raw.getStaffName())
                 .setLoginName(raw.getUsername()).setAuthorityList(filterByEBTP(raw.getAuthorityList()))
diff --git a/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/common/config/FeignConfig.java b/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/common/config/FeignConfig.java
index af40aa0..4cc8e58 100644
--- a/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/common/config/FeignConfig.java
+++ b/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/common/config/FeignConfig.java
@@ -65,7 +65,6 @@ public class FeignConfig implements RequestInterceptor {
                 template.removeHeader(CURRENT_ROLE_CODE);
                 template.header(CURRENT_ROLE_CODE, currentRoleCode);
             }
-
         } {
             String accessToken = getAccessToken();
             log.info("token=======accessToken===" + accessToken);
@@ -115,9 +114,9 @@ public class FeignConfig implements RequestInterceptor {
                 String authToken = cookie.get().getValue();
                 template.header(AUTHORIZATION_HEADER, String.format("%s%s", TOKEN_PREFIX, authToken));
             } else {
-                String access_token = getAccessToken();
-                log.info("token=======access_token==="+access_token);
-                template.header(HttpHeaders.AUTHORIZATION,String.format("%s%s", TOKEN_PREFIX, access_token));
+                String accessToken = getAccessToken();
+                log.info("token=======accessToken==="+accessToken);
+                template.header(HttpHeaders.AUTHORIZATION,String.format("%s%s", TOKEN_PREFIX, accessToken));
             }
         }
     }