From 59e91a4e9ddaf23cebb12993c774aa899ab22d16 Mon Sep 17 00:00:00 2001
From: 郑永安 <zyazyz250@sina.com>
Date: Mon, 19 Jun 2023 14:22:45 +0800
Subject: [PATCH] 描述
---
src/main/java/com/gk/firework/Config/Oauth2/AccessTokenFilter.java | 214 +++++++++++++++++++++++++++++++++++++++++++++++++++++
1 files changed, 214 insertions(+), 0 deletions(-)
diff --git a/src/main/java/com/gk/firework/Config/Oauth2/AccessTokenFilter.java b/src/main/java/com/gk/firework/Config/Oauth2/AccessTokenFilter.java
new file mode 100644
index 0000000..9de36e0
--- /dev/null
+++ b/src/main/java/com/gk/firework/Config/Oauth2/AccessTokenFilter.java
@@ -0,0 +1,214 @@
+package com.gk.firework.Config.Oauth2;
+
+import cn.hutool.core.util.ObjectUtil;
+import cn.hutool.core.util.StrUtil;
+import com.alibaba.fastjson.JSON;
+import com.gk.firework.Domain.AuthorizationInfo;
+import com.gk.firework.Domain.Utils.CommonUtil;
+import com.gk.firework.Domain.Utils.Constants;
+import com.gk.firework.Domain.Utils.Msg;
+import com.gk.firework.Domain.Vo.UserVo;
+import com.gk.firework.Service.AuthorizationService;
+import com.gk.firework.Service.UserService;
+import io.jsonwebtoken.Claims;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.http.HttpHeaders;
+import org.springframework.http.HttpStatus;
+import org.springframework.util.AntPathMatcher;
+
+import javax.servlet.*;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.io.PrintWriter;
+import java.util.List;
+import java.util.Map;
+
+/**
+ * AccessToken filter
+ *
+ * @author zhangby
+ * @date 2019-05-20 20:32
+ */
+public class AccessTokenFilter implements Filter {
+ private final Logger logger = LoggerFactory.getLogger(this.getClass());
+
+ /**
+ * redis service
+ */
+ IRedisService redisService = SpringContextUtil.getBean(IRedisService.class);
+
+ UserService userService = SpringContextUtil.getBean(UserService.class);
+
+ AuthorizationService authorizationService = SpringContextUtil.getBean(AuthorizationService.class);
+
+ /**
+ * do filter
+ *
+ * @param servletRequest servletRequest
+ * @param servletResponse servletResponse
+ * @param filterChain filterChain
+ * @throws IOException IOException
+ * @throws ServletException ServletException
+ */
+ @Override
+ public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
+ HttpServletRequest request = (HttpServletRequest) servletRequest;
+ HttpServletResponse response = (HttpServletResponse) servletResponse;
+ response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
+ Msg msg = new Msg();
+ try {
+ // filter url && !request.getMethod().equals("OPTIONS")
+ if (urlMatcher(request.getRequestURI(), Constants.FILTER_EXCLUDE_PATH)){
+ String token = request.getHeader(HttpHeaders.AUTHORIZATION);
+ if (null != token && !token.equals("undefined")) {
+ /** 解析token */
+ Claims claims = CommonUtil.parseJWT(token);
+ if (ObjectUtil.isNotNull(claims)) {
+ //设置当前登录用户
+ System.setProperty(Constants.CURRENT_USER_ID, claims.get("user_id").toString());
+ try {
+ //获取redis 查询token是否有效 [jti]
+ String tokenKey = StrUtil.format(RedisKeyEnum.AUTH_TOKEN.getKey(), claims.getId());
+ Object userInfo = redisService.get(tokenKey);
+ if (ObjectUtil.isNotNull(userInfo)) {
+ Map map = JSON.parseObject(userInfo.toString(), Map.class);
+ UserVo userVo = userService.selectUserVoByName(map.get("username").toString());
+ if (null == userVo) {
+ msg.setCode("100");
+ msg.setMessage("用户不存在");
+ returnJson(response, msg);
+ return;
+ }
+ if (userVo.getIssale() == 1){
+ if (userVo.getStatus()!=null && userVo.getStatus() != 1){
+ msg.setCode("100");
+ msg.setMessage("用户已失效");
+ returnJson(response, msg);
+ return;
+ }
+ if (userVo.getExpiredate() != null && userVo.getExpiredate().getTime() < System.currentTimeMillis()){
+ msg.setCode("100");
+ msg.setMessage("用户已超期");
+ returnJson(response, msg);
+ return;
+ }
+
+ Object loginObj = map.get("logintime");
+ Object authObj = map.get("auth");
+ if (loginObj != null && authObj != null){
+ //通过auth查询授权码最后登录时间
+ AuthorizationInfo authInfo = authorizationService.selectByUser(userVo.getCompanynumber(),authObj.toString());
+ if (authInfo == null){
+ msg.setCode("100");
+ msg.setMessage("授权码无效");
+ returnJson(response, msg);
+ return;
+ }
+ if (authInfo.getLasttime().getTime() > Long.parseLong(loginObj.toString())){
+ redisService.set(tokenKey, userInfo, 0L);
+ msg.setCode("100");
+ msg.setMessage("登录失效,请重新登录");
+ returnJson(response, msg);
+ return;
+ }
+ }
+ }
+ //更新登录超时时间
+ redisService.set(tokenKey, userInfo, 60L*60L*18L);
+ } else {
+ logger.info("998:登录超时,无效认证");
+ msg.setCode("100");
+ msg.setMessage("登录超时,无效认证");
+ returnJson(response, msg);
+ return;
+ }
+ } catch (Exception e) {
+ logger.info("401:非授权访问,无效的token");
+ }
+ } else {
+ logger.info("500: 账户或密码不正确,登录失败");
+ }
+ }
+ else if(request.getMethod().equals("OPTIONS")) {
+ response.setHeader("Access-Control-Allow-Origin", request.getHeader("Origin"));
+ response.setHeader("Access-Control-Allow-Credentials", "true");
+ response.setHeader("Access-Control-Allow-Methods", "POST, GET, PATCH, DELETE, PUT, OPTIONS");
+ response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, X-Auth-Token, Authorization");
+ response.setHeader("Access-Control-Max-Age","3600");
+ response.setStatus(HttpStatus.OK.value());
+ return;
+ }
+ else {
+ logger.info("500: token不存在");
+ }
+ }
+ } catch (Exception e) {
+ e.printStackTrace();
+ //系统异常
+ msg.setCode("100");
+ msg.setMessage("系统异常请稍后重试");
+ returnJson(response, msg);
+ response.setStatus(HttpStatus.OK.value());
+ }
+ filterChain.doFilter(servletRequest, servletResponse);
+ //过滤器结束之后销毁
+ System.clearProperty(Constants.CURRENT_USER_ID);
+ }
+
+
+ @Override
+ public void init(FilterConfig filterConfig) throws ServletException {
+ }
+
+ @Override
+ public void destroy() {
+
+ }
+
+ /**
+ * 认证是否需要,验证session url
+ *
+ * @param real_url
+ * @return
+ */
+ private boolean urlMatcher(String real_url, String pathFilter) {
+ AntPathMatcher antPathMatcher = new AntPathMatcher();
+ /** 验证添加项url */
+ if (StrUtil.isNotBlank(pathFilter)) {
+ for (String path : pathFilter.split(",")) {
+ if (antPathMatcher.match(path.trim(), real_url.trim())) {
+ return false;
+ }
+ }
+ }
+ return true;
+ }
+
+ /**
+ * 返回url
+ *
+ * @param response
+ * @param json
+ */
+ private void returnJson(HttpServletResponse response, Msg msg) {
+ PrintWriter writer = null;
+ response.setCharacterEncoding("UTF-8");
+ response.setContentType("text/html; charset=utf-8");
+ response.setHeader("Access-Control-Allow-Credentials", "true");
+ response.setHeader("Access-Control-Allow-Methods", "POST, GET, PATCH, DELETE, PUT, OPTIONS");
+ response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, X-Auth-Token, Authorization");
+ response.setHeader("Access-Control-Max-Age","3600");
+ try {
+ writer = response.getWriter();
+ writer.print(JSON.toJSON(msg));
+ } catch (IOException e) {
+ } finally {
+ if (writer != null) {
+ writer.close();
+ }
+ }
+ }
+}
--
Gitblit v1.9.2