diff --git a/report-core/src/main/java/com/anjiplus/template/gaea/business/filter/TokenFilter.java b/report-core/src/main/java/com/anjiplus/template/gaea/business/filter/TokenFilter.java index 3e3d2eb8..e83e3840 100644 --- a/report-core/src/main/java/com/anjiplus/template/gaea/business/filter/TokenFilter.java +++ b/report-core/src/main/java/com/anjiplus/template/gaea/business/filter/TokenFilter.java @@ -5,10 +5,10 @@ import com.alibaba.fastjson.JSONObject; import com.anji.plus.gaea.bean.ResponseBean; import com.anji.plus.gaea.cache.CacheHelper; import com.anji.plus.gaea.utils.JwtBean; +import com.anjiplus.template.gaea.business.constant.BusinessConstant; import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; -import org.springframework.core.Ordered; import org.springframework.core.annotation.Order; import org.springframework.stereotype.Component; @@ -32,16 +32,89 @@ public class TokenFilter implements Filter { @Autowired private JwtBean jwtBean; - /**跳过token验证和权限验证的url清单*/ + // 跳过token验证和权限验证的url清单 @Value("#{'${customer.skip-authenticate-urls}'.split(',')}") private List skipAuthenticateUrls; private Pattern SKIP_AUTHENTICATE_PATTERN; @Override public void init(FilterConfig filterConfig) throws ServletException { + // 生成匹配正则,跳过token验证和权限验证的url + SKIP_AUTHENTICATE_PATTERN = fitByList(skipAuthenticateUrls); Filter.super.init(filterConfig); } + @Override + public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { + HttpServletRequest request = (HttpServletRequest) servletRequest; + HttpServletResponse response = (HttpServletResponse) servletResponse; + String uri = request.getRequestURI(); + + if(uri.equals("/")){ + response.sendRedirect("/index.html"); + return; + } + + // 不需要token验证和权限验证的url,直接放行 + boolean skipAuthenticate = SKIP_AUTHENTICATE_PATTERN.matcher(uri).matches(); + if(skipAuthenticate){ + filterChain.doFilter(request, response); + return; + } + + //获取token + String token = request.getHeader("Authorization"); + if (StringUtils.isBlank(token)) { + error(response); + return; + } + + // 判断token是否过期 + String loginName = jwtBean.getUsername(token); + String tokenKey = String.format(BusinessConstant.GAEA_SECURITY_LOGIN_TOKEN, loginName); + String userKey = String.format(BusinessConstant.GAEA_SECURITY_LOGIN_USER, loginName); + if (!cacheHelper.exist(tokenKey)) { + error(response); + return; + } + if (!cacheHelper.exist(userKey)) { + error(response); + return; + } + String gaeaUserJsonStr = cacheHelper.stringGet(userKey); + + // 延长有效期 + cacheHelper.stringSetExpire(tokenKey, token, 3600); + cacheHelper.stringSetExpire(userKey, gaeaUserJsonStr, 3600); + + //在线体验版本 + if (loginName.equals("guest") + && !uri.endsWith("/dataSet/testTransform") + && !uri.endsWith("/reportDashboard/getData") + && !uri.startsWith("/dict") + && !uri.startsWith("/dict") + ) { + //不允许删除 + String method = request.getMethod(); + if ("post".equalsIgnoreCase(method) + || "put".equalsIgnoreCase(method) + || "delete".equalsIgnoreCase(method) + ) { + ResponseBean responseBean = ResponseBean.builder().code("50001").message("在线体验版本,不允许此操作。请自行下载本地运行").build(); + response.getWriter().print(JSONObject.toJSONString(responseBean)); + return; + } + } + + //执行 + filterChain.doFilter(request, response); + } + + @Override + public void destroy() { + Filter.super.destroy(); + } + /** 根据名单,生成正则 * @param skipUrlList * @return @@ -65,76 +138,6 @@ public class TokenFilter implements Filter { return Pattern.compile(patternString.toString()); } - @PostConstruct - private void postConstruct() { - SKIP_AUTHENTICATE_PATTERN = fitByList(skipAuthenticateUrls); - } - - @Override - public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { - HttpServletRequest request = (HttpServletRequest) servletRequest; - HttpServletResponse response = (HttpServletResponse) servletResponse; - String uri = request.getRequestURI(); - - if(uri.equals("/")){ - response.sendRedirect("/index.html"); - return; - } - - // 不需要token验证和权限验证的url,直接放行 - boolean skipAuthenticate = SKIP_AUTHENTICATE_PATTERN.matcher(uri).matches(); - if(skipAuthenticate){ - filterChain.doFilter(request, response); - return; - } - - //获取token - String authorization = request.getHeader("Authorization"); - if (StringUtils.isBlank(authorization)) { - error(response); - return; - } - - String username = jwtBean.getUsername(authorization); -// String uuid = jwtBean.getUUID(authorization); - - if (!cacheHelper.exist(username)) { - error(response); - return; - } - - //延长有效期 - cacheHelper.stringSetExpire(username, authorization, 3600); - - //在线体验版本 - if (username.equals("guest") - && !uri.endsWith("/dataSet/testTransform") - && !uri.endsWith("/reportDashboard/getData") - && !uri.startsWith("/dict") - && !uri.startsWith("/dict") - ) { - //不允许删除 - String method = request.getMethod(); - if ("post".equalsIgnoreCase(method) - || "put".equalsIgnoreCase(method) - || "delete".equalsIgnoreCase(method) - ) { - ResponseBean responseBean = ResponseBean.builder().code("50001").message("在线体验版本,不允许此操作。请自行下载本地运行").build(); - response.getWriter().print(JSONObject.toJSONString(responseBean)); - return; - } - } - - //执行 - filterChain.doFilter(request, response); - - } - - @Override - public void destroy() { - Filter.super.destroy(); - } - private void error(HttpServletResponse response) throws IOException { ResponseBean responseBean = ResponseBean.builder().code("50014").message("The Token has expired").build(); response.getWriter().print(JSONObject.toJSONString(responseBean)); diff --git a/report-core/src/main/java/com/anjiplus/template/gaea/business/modules/accessauthority/service/AccessAuthorityService.java b/report-core/src/main/java/com/anjiplus/template/gaea/business/modules/accessauthority/service/AccessAuthorityService.java index 092bbb87..0e3e0238 100755 --- a/report-core/src/main/java/com/anjiplus/template/gaea/business/modules/accessauthority/service/AccessAuthorityService.java +++ b/report-core/src/main/java/com/anjiplus/template/gaea/business/modules/accessauthority/service/AccessAuthorityService.java @@ -21,4 +21,9 @@ public interface AccessAuthorityService extends GaeaBaseService getAuthorityTree(String loginName, boolean withActionNode); + + /** + * 扫描所有mvc url的需要权限码,建立拦截体系 + */ + void scanGaeaSecurityAuthorities(); } \ No newline at end of file diff --git a/report-core/src/main/java/com/anjiplus/template/gaea/business/modules/accessauthority/service/impl/AccessAuthorityServiceImpl.java b/report-core/src/main/java/com/anjiplus/template/gaea/business/modules/accessauthority/service/impl/AccessAuthorityServiceImpl.java index 52819e6c..b2618623 100755 --- a/report-core/src/main/java/com/anjiplus/template/gaea/business/modules/accessauthority/service/impl/AccessAuthorityServiceImpl.java +++ b/report-core/src/main/java/com/anjiplus/template/gaea/business/modules/accessauthority/service/impl/AccessAuthorityServiceImpl.java @@ -1,8 +1,13 @@ package com.anjiplus.template.gaea.business.modules.accessauthority.service.impl; +import com.alibaba.fastjson.JSONObject; import com.anji.plus.gaea.bean.TreeNode; +import com.anji.plus.gaea.cache.CacheHelper; +import com.anji.plus.gaea.constant.Enabled; import com.anji.plus.gaea.curd.mapper.GaeaBaseMapper; +import com.anji.plus.gaea.init.InitRequestUrlMappings; +import com.anjiplus.template.gaea.business.constant.BusinessConstant; import com.anjiplus.template.gaea.business.modules.accessauthority.dao.entity.AccessAuthority; import com.anjiplus.template.gaea.business.modules.accessauthority.service.AccessAuthorityService; import com.anjiplus.template.gaea.business.modules.accessauthority.dao.AccessAuthorityMapper; @@ -13,6 +18,7 @@ import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Service; import java.util.ArrayList; +import java.util.HashMap; import java.util.List; import java.util.Map; import java.util.stream.Collectors; @@ -25,6 +31,12 @@ import java.util.stream.Collectors; @Service public class AccessAuthorityServiceImpl implements AccessAuthorityService { + @Autowired + private InitRequestUrlMappings initRequestUrlMappings; + + @Autowired + private CacheHelper cacheHelper; + @Autowired private AccessAuthorityMapper accessAuthorityMapper; @@ -102,4 +114,27 @@ public class AccessAuthorityServiceImpl implements AccessAuthorityService { return parentNodes; } + + @Override + public void scanGaeaSecurityAuthorities() { + /* 获取当前应用中所有的请求信息 + { + "applicationName": "aj-report", + "authCode": "authorityManage:query", + "authName": "权限管理查询", + "beanName": "accessAuthorityController", + "menuCode": "authorityManage", + "path": "GET#/accessAuthority/menuTree" + }*/ + List requestInfos = initRequestUrlMappings.getRequestInfos(Enabled.YES.getValue()); + + // key="GET#/accessAuthority/menuTree" value="authorityManage:query" + Map securityAuthorityMap = new HashMap(); + requestInfos.stream().forEach(requestInfo -> { + securityAuthorityMap.put(requestInfo.getPath(), requestInfo.getAuthCode()); + }); + + // 将key存入到缓存中 + cacheHelper.hashSet(BusinessConstant.GAEA_SECURITY_AUTHORITIES, securityAuthorityMap); + } } \ No newline at end of file