From e9ad0dd7f89759a330b8ee56f292a061a1b50b15 Mon Sep 17 00:00:00 2001 From: ajaxfan <909938737@qq.com> Date: Fri, 14 May 2021 17:11:40 +0800 Subject: [PATCH] =?UTF-8?q?security=20filter=20=E5=A2=9E=E5=8A=A0=E5=BC=82?= =?UTF-8?q?=E5=B8=B8=E5=88=86=E7=B1=BB:=20feign=E8=B6=85=E6=97=B6=20?= =?UTF-8?q?=E5=92=8C=20token=E5=A4=B1=E6=95=88?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../starter/UserAuthenticationEntryPoint.java | 64 +++++++++++++++++-- .../fallback/UserCenterClientFallback.java | 2 +- .../filter/TokenAuthenticationFilter.java | 11 +++- 3 files changed, 70 insertions(+), 7 deletions(-) diff --git a/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/UserAuthenticationEntryPoint.java b/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/UserAuthenticationEntryPoint.java index cc6a9c9..2123721 100644 --- a/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/UserAuthenticationEntryPoint.java +++ b/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/UserAuthenticationEntryPoint.java @@ -28,10 +28,9 @@ public class UserAuthenticationEntryPoint implements AuthenticationEntryPoint { response.setStatus(HttpStatus.UNAUTHORIZED.value()); response.setContentType("application/json;charset=utf-8"); - Map map = new HashMap<>(); - map.put("code", "90401"); - map.put("success", "false"); - map.put("message", "登录已超期"); + String code = (String) request.getSession().getAttribute("code"); + + Map map = adapterException(code); map.put("path", request.getServletPath()); map.put("timestamp", String.valueOf(new Date().getTime())); @@ -42,4 +41,61 @@ public class UserAuthenticationEntryPoint implements AuthenticationEntryPoint { } } + /** + * @param code + */ + private Map adapterException(String code) { + if ("90403".equals(code)) { + return accessDenidedException(code); + } + + if ("90500".equals(code)) { + return remoteTimeoutException(code); + } + + return globalException(code); + } + + /** + * token 失效异常 + * + * @param code + * @return + */ + private Map accessDenidedException(String code) { + Map map = new HashMap<>(); + map.put("code", code); + map.put("success", "false"); + map.put("message", "登录已超期"); + + return map; + } + + /** + * Token 远程认证服务超时 + * + * @param code + * @return + */ + private Map remoteTimeoutException(String code) { + Map map = new HashMap<>(); + map.put("code", code); + map.put("success", "false"); + map.put("message", "token验证失败"); + + return map; + } + + /** + * @return + */ + private Map globalException(String code) { + Map map = new HashMap<>(); + map.put("code", 500); + map.put("success", "false"); + map.put("message", code); + + return map; + } + } diff --git a/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/fallback/UserCenterClientFallback.java b/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/fallback/UserCenterClientFallback.java index ce11a25..528898d 100644 --- a/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/fallback/UserCenterClientFallback.java +++ b/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/fallback/UserCenterClientFallback.java @@ -10,7 +10,7 @@ public class UserCenterClientFallback implements UserCenterClient { @Override public SecurityUser getUserInfo() { - return new SecurityUser(); + return null; } } diff --git a/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/filter/TokenAuthenticationFilter.java b/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/filter/TokenAuthenticationFilter.java index a9612ef..b8d7817 100644 --- a/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/filter/TokenAuthenticationFilter.java +++ b/mall-ebtp-cloud-security-starter/src/main/java/com/chinaunicom/mall/ebtp/cloud/security/starter/filter/TokenAuthenticationFilter.java @@ -18,6 +18,7 @@ import javax.servlet.http.HttpServletResponse; import org.apache.commons.lang3.RegExUtils; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.remoting.RemoteTimeoutException; import org.springframework.security.access.AccessDeniedException; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.Authentication; @@ -77,6 +78,7 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter { // TODO 临时放行未传递token且session中未包含access token信息的服务调用 isNullThenAssignDefault(); } catch (Exception e) { + request.getSession().setAttribute("code", e.getMessage()); log.error(e.getMessage()); } filterChain.doFilter(request, response); @@ -104,9 +106,14 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter { log.info("TokenAuthenticationFilter: token [{}]", token); log.info("TokenAuthenticationFilter: userid [{}]", securityUser.getUserId()); - if (Objects.isNull(securityUser.getUserId())) { - throw new AccessDeniedException("token 已失效"); + if (Objects.isNull(securityUser)) {// 对象为空, 则说明网络异常feign已熔断 + throw new RemoteTimeoutException("90500"); } + + if (Objects.isNull(securityUser.getUserId())) {// userid 为空则访问山分认证服务返回信息为null + throw new AccessDeniedException("90403"); + } + // 根据当前角色设定权限列表 List authorities = Optional.ofNullable(securityUser.getAuthorityList()).map(list -> { return list.stream().filter(auth -> StringUtils.equals(auth.getRoleCode(), currentRoleCode))