修改全局token有效性认证
This commit is contained in:
ajaxfan
@ -0,0 +1,45 @@
|
||||
package com.chinaunicom.mall.ebtp.cloud.security.starter;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Date;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.springframework.http.HttpStatus;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||
|
||||
import com.fasterxml.jackson.databind.ObjectMapper;
|
||||
|
||||
/**
|
||||
* 用户访问认证
|
||||
*
|
||||
* @author Administrator
|
||||
*/
|
||||
public class UserAuthenticationEntryPoint implements AuthenticationEntryPoint {
|
||||
|
||||
@Override
|
||||
public void commence(HttpServletRequest request, HttpServletResponse response,
|
||||
AuthenticationException authException) throws IOException, ServletException {
|
||||
response.setStatus(HttpStatus.UNAUTHORIZED.value());
|
||||
response.setContentType("application/json;charset=utf-8");
|
||||
|
||||
Map<String, Object> map = new HashMap<>();
|
||||
map.put("code", "90401");
|
||||
map.put("success", "false");
|
||||
map.put("message", "登录已超期");
|
||||
map.put("path", request.getServletPath());
|
||||
map.put("timestamp", String.valueOf(new Date().getTime()));
|
||||
|
||||
try {
|
||||
new ObjectMapper().writeValue(response.getOutputStream(), map);
|
||||
} catch (Exception e) {
|
||||
throw new ServletException();
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
@ -5,8 +5,10 @@ import org.springframework.security.config.annotation.method.configuration.Enabl
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
||||
|
||||
import com.chinaunicom.mall.ebtp.cloud.security.starter.UserAuthenticationEntryPoint;
|
||||
import com.chinaunicom.mall.ebtp.cloud.security.starter.filter.TokenAuthenticationFilter;
|
||||
|
||||
/**
|
||||
@ -23,6 +25,11 @@ public class BrowserSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
return new TokenAuthenticationFilter();
|
||||
}
|
||||
|
||||
@Bean
|
||||
public AuthenticationEntryPoint authenticationEntryPoint() {
|
||||
return new UserAuthenticationEntryPoint();
|
||||
}
|
||||
|
||||
/**
|
||||
* 向Filter链中插入自定义TokenFilter
|
||||
*
|
||||
@ -31,8 +38,9 @@ public class BrowserSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
*/
|
||||
@Override
|
||||
protected void configure(HttpSecurity http) throws Exception {
|
||||
http.csrf().disable();
|
||||
http.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
|
||||
http.exceptionHandling().authenticationEntryPoint(authenticationEntryPoint()).and()
|
||||
.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class)
|
||||
.authorizeRequests().antMatchers("/v1/**").authenticated().and().csrf().disable();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -18,6 +18,7 @@ import javax.servlet.http.HttpServletResponse;
|
||||
import org.apache.commons.lang3.RegExUtils;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.security.access.AccessDeniedException;
|
||||
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.context.SecurityContextHolder;
|
||||
@ -97,10 +98,13 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter {
|
||||
*/
|
||||
private Authentication getAuthentication(final String token, final String currentRoleCode) {
|
||||
SecurityUser securityUser = client.getUserInfo();
|
||||
|
||||
|
||||
log.info("TokenAuthenticationFilter: token [{}]", token);
|
||||
log.info("TokenAuthenticationFilter: userid [{}]", securityUser.getUserId());
|
||||
|
||||
if (Objects.isNull(securityUser.getUserId())) {
|
||||
throw new AccessDeniedException("token 已失效");
|
||||
}
|
||||
// 根据当前角色设定权限列表
|
||||
List<RoleCodeAuthority> authorities = Optional.ofNullable(securityUser.getAuthorityList()).map(list -> {
|
||||
return list.stream().filter(auth -> StringUtils.equals(auth.getRoleCode(), currentRoleCode))
|
||||
|
||||
@ -33,9 +33,6 @@ public class BaseCacheUserServiceImpl implements IBaseCacheUserService {
|
||||
BaseCacheUser buser = new BaseCacheUser();
|
||||
BeanUtils.copyProperties(SecurityContextHolder.getContext().getAuthentication().getPrincipal(), buser);
|
||||
|
||||
if (Objects.isNull(buser.getUserId())) {
|
||||
throw new AuthFailureException("登陆已超期");
|
||||
}
|
||||
log.debug("Current user principal: " + buser);
|
||||
|
||||
return buser;
|
||||
|
||||
Reference in New Issue
Block a user