修改全局token有效性认证
This commit is contained in:
ajaxfan
@ -0,0 +1,45 @@
|
|||||||
|
package com.chinaunicom.mall.ebtp.cloud.security.starter;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
import java.util.Date;
|
||||||
|
import java.util.HashMap;
|
||||||
|
import java.util.Map;
|
||||||
|
|
||||||
|
import javax.servlet.ServletException;
|
||||||
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
import javax.servlet.http.HttpServletResponse;
|
||||||
|
|
||||||
|
import org.springframework.http.HttpStatus;
|
||||||
|
import org.springframework.security.core.AuthenticationException;
|
||||||
|
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||||
|
|
||||||
|
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 用户访问认证
|
||||||
|
*
|
||||||
|
* @author Administrator
|
||||||
|
*/
|
||||||
|
public class UserAuthenticationEntryPoint implements AuthenticationEntryPoint {
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void commence(HttpServletRequest request, HttpServletResponse response,
|
||||||
|
AuthenticationException authException) throws IOException, ServletException {
|
||||||
|
response.setStatus(HttpStatus.UNAUTHORIZED.value());
|
||||||
|
response.setContentType("application/json;charset=utf-8");
|
||||||
|
|
||||||
|
Map<String, Object> map = new HashMap<>();
|
||||||
|
map.put("code", "90401");
|
||||||
|
map.put("success", "false");
|
||||||
|
map.put("message", "登录已超期");
|
||||||
|
map.put("path", request.getServletPath());
|
||||||
|
map.put("timestamp", String.valueOf(new Date().getTime()));
|
||||||
|
|
||||||
|
try {
|
||||||
|
new ObjectMapper().writeValue(response.getOutputStream(), map);
|
||||||
|
} catch (Exception e) {
|
||||||
|
throw new ServletException();
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
@ -5,8 +5,10 @@ import org.springframework.security.config.annotation.method.configuration.Enabl
|
|||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||||
|
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
||||||
|
|
||||||
|
import com.chinaunicom.mall.ebtp.cloud.security.starter.UserAuthenticationEntryPoint;
|
||||||
import com.chinaunicom.mall.ebtp.cloud.security.starter.filter.TokenAuthenticationFilter;
|
import com.chinaunicom.mall.ebtp.cloud.security.starter.filter.TokenAuthenticationFilter;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -23,6 +25,11 @@ public class BrowserSecurityConfig extends WebSecurityConfigurerAdapter {
|
|||||||
return new TokenAuthenticationFilter();
|
return new TokenAuthenticationFilter();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
public AuthenticationEntryPoint authenticationEntryPoint() {
|
||||||
|
return new UserAuthenticationEntryPoint();
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 向Filter链中插入自定义TokenFilter
|
* 向Filter链中插入自定义TokenFilter
|
||||||
*
|
*
|
||||||
@ -31,8 +38,9 @@ public class BrowserSecurityConfig extends WebSecurityConfigurerAdapter {
|
|||||||
*/
|
*/
|
||||||
@Override
|
@Override
|
||||||
protected void configure(HttpSecurity http) throws Exception {
|
protected void configure(HttpSecurity http) throws Exception {
|
||||||
http.csrf().disable();
|
http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint()).and()
|
||||||
http.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
|
.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class)
|
||||||
|
.authorizeRequests().antMatchers("/v1/**").authenticated().and().csrf().disable();
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -18,6 +18,7 @@ import javax.servlet.http.HttpServletResponse;
|
|||||||
import org.apache.commons.lang3.RegExUtils;
|
import org.apache.commons.lang3.RegExUtils;
|
||||||
import org.apache.commons.lang3.StringUtils;
|
import org.apache.commons.lang3.StringUtils;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
|
import org.springframework.security.access.AccessDeniedException;
|
||||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.context.SecurityContextHolder;
|
import org.springframework.security.core.context.SecurityContextHolder;
|
||||||
@ -101,6 +102,9 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
|
|||||||
log.info("TokenAuthenticationFilter: token [{}]", token);
|
log.info("TokenAuthenticationFilter: token [{}]", token);
|
||||||
log.info("TokenAuthenticationFilter: userid [{}]", securityUser.getUserId());
|
log.info("TokenAuthenticationFilter: userid [{}]", securityUser.getUserId());
|
||||||
|
|
||||||
|
if (Objects.isNull(securityUser.getUserId())) {
|
||||||
|
throw new AccessDeniedException("token 已失效");
|
||||||
|
}
|
||||||
// 根据当前角色设定权限列表
|
// 根据当前角色设定权限列表
|
||||||
List<RoleCodeAuthority> authorities = Optional.ofNullable(securityUser.getAuthorityList()).map(list -> {
|
List<RoleCodeAuthority> authorities = Optional.ofNullable(securityUser.getAuthorityList()).map(list -> {
|
||||||
return list.stream().filter(auth -> StringUtils.equals(auth.getRoleCode(), currentRoleCode))
|
return list.stream().filter(auth -> StringUtils.equals(auth.getRoleCode(), currentRoleCode))
|
||||||
|
|||||||
@ -33,9 +33,6 @@ public class BaseCacheUserServiceImpl implements IBaseCacheUserService {
|
|||||||
BaseCacheUser buser = new BaseCacheUser();
|
BaseCacheUser buser = new BaseCacheUser();
|
||||||
BeanUtils.copyProperties(SecurityContextHolder.getContext().getAuthentication().getPrincipal(), buser);
|
BeanUtils.copyProperties(SecurityContextHolder.getContext().getAuthentication().getPrincipal(), buser);
|
||||||
|
|
||||||
if (Objects.isNull(buser.getUserId())) {
|
|
||||||
throw new AuthFailureException("登陆已超期");
|
|
||||||
}
|
|
||||||
log.debug("Current user principal: " + buser);
|
log.debug("Current user principal: " + buser);
|
||||||
|
|
||||||
return buser;
|
return buser;
|
||||||
|
|||||||
Reference in New Issue
Block a user