diff --git a/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/UserAuthenticationEntryPoint.java b/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/UserAuthenticationEntryPoint.java new file mode 100644 index 0000000..cc6a9c9 --- /dev/null +++ b/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/UserAuthenticationEntryPoint.java @@ -0,0 +1,45 @@ +package com.chinaunicom.mall.ebtp.cloud.security.starter; + +import java.io.IOException; +import java.util.Date; +import java.util.HashMap; +import java.util.Map; + +import javax.servlet.ServletException; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletResponse; + +import org.springframework.http.HttpStatus; +import org.springframework.security.core.AuthenticationException; +import org.springframework.security.web.AuthenticationEntryPoint; + +import com.fasterxml.jackson.databind.ObjectMapper; + +/** + * 用户访问认证 + * + * @author Administrator + */ +public class UserAuthenticationEntryPoint implements AuthenticationEntryPoint { + + @Override + public void commence(HttpServletRequest request, HttpServletResponse response, + AuthenticationException authException) throws IOException, ServletException { + response.setStatus(HttpStatus.UNAUTHORIZED.value()); + response.setContentType("application/json;charset=utf-8"); + + Map map = new HashMap<>(); + map.put("code", "90401"); + map.put("success", "false"); + map.put("message", "登录已超期"); + map.put("path", request.getServletPath()); + map.put("timestamp", String.valueOf(new Date().getTime())); + + try { + new ObjectMapper().writeValue(response.getOutputStream(), map); + } catch (Exception e) { + throw new ServletException(); + } + } + +} diff --git a/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/config/BrowserSecurityConfig.java b/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/config/BrowserSecurityConfig.java index c88a279..5165a80 100644 --- a/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/config/BrowserSecurityConfig.java +++ b/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/config/BrowserSecurityConfig.java @@ -5,8 +5,10 @@ import org.springframework.security.config.annotation.method.configuration.Enabl import org.springframework.security.config.annotation.web.builders.HttpSecurity; import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity; import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter; +import org.springframework.security.web.AuthenticationEntryPoint; import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter; +import com.chinaunicom.mall.ebtp.cloud.security.starter.UserAuthenticationEntryPoint; import com.chinaunicom.mall.ebtp.cloud.security.starter.filter.TokenAuthenticationFilter; /** @@ -23,6 +25,11 @@ public class BrowserSecurityConfig extends WebSecurityConfigurerAdapter { return new TokenAuthenticationFilter(); } + @Bean + public AuthenticationEntryPoint authenticationEntryPoint() { + return new UserAuthenticationEntryPoint(); + } + /** * 向Filter链中插入自定义TokenFilter * @@ -31,8 +38,9 @@ public class BrowserSecurityConfig extends WebSecurityConfigurerAdapter { */ @Override protected void configure(HttpSecurity http) throws Exception { - http.csrf().disable(); - http.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class); + http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint()).and() + .addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class) + .authorizeRequests().antMatchers("/v1/**").authenticated().and().csrf().disable(); } } diff --git a/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/filter/TokenAuthenticationFilter.java b/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/filter/TokenAuthenticationFilter.java index 2e49941..3c95176 100644 --- a/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/filter/TokenAuthenticationFilter.java +++ b/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/filter/TokenAuthenticationFilter.java @@ -18,6 +18,7 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang3.RegExUtils; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.security.access.AccessDeniedException; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; @@ -97,10 +98,13 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter { */ private Authentication getAuthentication(final String token, final String currentRoleCode) { SecurityUser securityUser = client.getUserInfo(); - + log.info("TokenAuthenticationFilter: token [{}]", token); log.info("TokenAuthenticationFilter: userid [{}]", securityUser.getUserId()); + if (Objects.isNull(securityUser.getUserId())) { + throw new AccessDeniedException("token 已失效"); + } // 根据当前角色设定权限列表 List authorities = Optional.ofNullable(securityUser.getAuthorityList()).map(list -> { return list.stream().filter(auth -> StringUtils.equals(auth.getRoleCode(), currentRoleCode)) diff --git a/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/common/base/service/impl/BaseCacheUserServiceImpl.java b/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/common/base/service/impl/BaseCacheUserServiceImpl.java index 4459d72..9d53804 100644 --- a/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/common/base/service/impl/BaseCacheUserServiceImpl.java +++ b/uboot-common/src/main/java/com/chinaunicom/mall/ebtp/common/base/service/impl/BaseCacheUserServiceImpl.java @@ -33,9 +33,6 @@ public class BaseCacheUserServiceImpl implements IBaseCacheUserService { BaseCacheUser buser = new BaseCacheUser(); BeanUtils.copyProperties(SecurityContextHolder.getContext().getAuthentication().getPrincipal(), buser); - if (Objects.isNull(buser.getUserId())) { - throw new AuthFailureException("登陆已超期"); - } log.debug("Current user principal: " + buser); return buser;