Skip to content
Projects
Groups
Snippets
Help
This project
Loading...
Sign in / Register
Toggle navigation
B
beyond-clouds
Overview
Overview
Details
Activity
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Issues
4
Issues
4
List
Board
Labels
Milestones
Merge Requests
0
Merge Requests
0
CI / CD
CI / CD
Pipelines
Jobs
Schedules
Charts
Wiki
Wiki
Snippets
Snippets
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Create a new issue
Jobs
Commits
Issue Boards
Open sidebar
段启岩
beyond-clouds
Commits
61fe7f51
Commit
61fe7f51
authored
Feb 03, 2020
by
段启岩
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
分离认证拦截器,修改认证逻辑
parent
5716c9ce
Hide whitespace changes
Inline
Side-by-side
Showing
5 changed files
with
151 additions
and
93 deletions
+151
-93
src/main/java/cn/meteor/beyondclouds/config/WebMvcConfig.java
+13
-5
src/main/java/cn/meteor/beyondclouds/core/constant/SysConstants.java
+5
-0
src/main/java/cn/meteor/beyondclouds/core/interceptor/AccessInterceptor.java
+60
-0
src/main/java/cn/meteor/beyondclouds/core/interceptor/SubjectInterceptor.java
+0
-88
src/main/java/cn/meteor/beyondclouds/core/interceptor/TokenInterceptor.java
+73
-0
No files found.
src/main/java/cn/meteor/beyondclouds/config/WebMvcConfig.java
View file @
61fe7f51
package
cn
.
meteor
.
beyondclouds
.
config
;
package
cn
.
meteor
.
beyondclouds
.
config
;
import
cn.meteor.beyondclouds.core.interceptor.SubjectInterceptor
;
import
cn.meteor.beyondclouds.core.interceptor.AccessInterceptor
;
import
cn.meteor.beyondclouds.core.interceptor.TokenInterceptor
;
import
cn.meteor.beyondclouds.core.resolver.CurrentSubjectResolver
;
import
cn.meteor.beyondclouds.core.resolver.CurrentSubjectResolver
;
import
org.springframework.context.annotation.Bean
;
import
org.springframework.context.annotation.Bean
;
import
org.springframework.context.annotation.Configuration
;
import
org.springframework.context.annotation.Configuration
;
...
@@ -9,7 +10,6 @@ import org.springframework.web.servlet.config.annotation.EnableWebMvc;
...
@@ -9,7 +10,6 @@ import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import
org.springframework.web.servlet.config.annotation.InterceptorRegistry
;
import
org.springframework.web.servlet.config.annotation.InterceptorRegistry
;
import
org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry
;
import
org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry
;
import
org.springframework.web.servlet.config.annotation.WebMvcConfigurer
;
import
org.springframework.web.servlet.config.annotation.WebMvcConfigurer
;
import
springfox.documentation.swagger2.annotations.EnableSwagger2
;
import
java.util.List
;
import
java.util.List
;
...
@@ -22,13 +22,21 @@ import java.util.List;
...
@@ -22,13 +22,21 @@ import java.util.List;
public
class
WebMvcConfig
implements
WebMvcConfigurer
{
public
class
WebMvcConfig
implements
WebMvcConfigurer
{
@Bean
@Bean
SubjectInterceptor
subjectInterceptor
()
{
TokenInterceptor
tokenInterceptor
()
{
return
new
SubjectInterceptor
();
return
new
TokenInterceptor
();
}
@Bean
AccessInterceptor
accessInterceptor
()
{
return
new
AccessInterceptor
();
}
}
@Override
@Override
public
void
addInterceptors
(
InterceptorRegistry
registry
)
{
public
void
addInterceptors
(
InterceptorRegistry
registry
)
{
registry
.
addInterceptor
(
subjectInterceptor
())
registry
.
addInterceptor
(
tokenInterceptor
())
.
addPathPatterns
(
"/**"
);
registry
.
addInterceptor
(
accessInterceptor
())
.
addPathPatterns
(
"/**"
)
.
addPathPatterns
(
"/**"
)
.
excludePathPatterns
(
"/error"
)
.
excludePathPatterns
(
"/error"
)
.
excludePathPatterns
(
"/swagger-resources/**"
,
"/webjars/**"
,
"/v2/**"
,
"/swagger-ui.html/**"
);
.
excludePathPatterns
(
"/swagger-resources/**"
,
"/webjars/**"
,
"/v2/**"
,
"/swagger-ui.html/**"
);
...
...
src/main/java/cn/meteor/beyondclouds/core/constant/SysConstants.java
View file @
61fe7f51
...
@@ -14,4 +14,9 @@ public class SysConstants {
...
@@ -14,4 +14,9 @@ public class SysConstants {
* 存储在HttpServletRequest里面当前登录的subject的键
* 存储在HttpServletRequest里面当前登录的subject的键
*/
*/
public
static
final
String
HTTP_ATTRIBUTE_SUBJECT
=
"current_subject"
;
public
static
final
String
HTTP_ATTRIBUTE_SUBJECT
=
"current_subject"
;
/**
* 存储在HttpServletRequest里面的认证错误的信息
*/
public
static
final
String
AUTHORIZATION_ERROR_CODE
=
"AUTHORIZATION_ERROR_CODE"
;
}
}
src/main/java/cn/meteor/beyondclouds/core/interceptor/AccessInterceptor.java
0 → 100644
View file @
61fe7f51
package
cn
.
meteor
.
beyondclouds
.
core
.
interceptor
;
import
cn.meteor.beyondclouds.core.bean.Subject
;
import
cn.meteor.beyondclouds.core.constant.SysConstants
;
import
cn.meteor.beyondclouds.core.emuns.AuthorizationErrorCode
;
import
cn.meteor.beyondclouds.modules.user.exception.AuthenticationServiceException
;
import
lombok.extern.java.Log
;
import
org.apache.http.HttpStatus
;
import
org.springframework.web.servlet.HandlerInterceptor
;
import
javax.servlet.http.HttpServletRequest
;
import
javax.servlet.http.HttpServletResponse
;
/** 访问拦截器
* 判断当前访问者是否经过认证
* 若没有经过认证,则阻止继续访问,并返回错误信息
* 若经过认证,则直接放行
* @author meteor
*/
@Log
public
class
AccessInterceptor
implements
HandlerInterceptor
{
@Override
public
boolean
preHandle
(
HttpServletRequest
request
,
HttpServletResponse
response
,
Object
handler
)
throws
Exception
{
Subject
currentSubject
=
(
Subject
)
request
.
getAttribute
(
SysConstants
.
HTTP_ATTRIBUTE_SUBJECT
);
// 1.目标接口需要认证且未经过认证,则抛出异常
if
(
null
==
currentSubject
||
!
currentSubject
.
authenticated
())
{
AuthorizationErrorCode
authorizationErrorCode
=
(
AuthorizationErrorCode
)
request
.
getAttribute
(
SysConstants
.
AUTHORIZATION_ERROR_CODE
);
if
(
null
==
authorizationErrorCode
)
{
authorizationErrorCode
=
AuthorizationErrorCode
.
NON_HEADER_AUTHORIZATION
;
}
// 设置http响应状态
int
httpStatus
;
switch
(
authorizationErrorCode
)
{
case
NON_HEADER_AUTHORIZATION:
httpStatus
=
HttpStatus
.
SC_NON_AUTHORITATIVE_INFORMATION
;
break
;
case
ILLEGAL_HEADER_AUTHORIZATION:
httpStatus
=
HttpStatus
.
SC_NON_AUTHORITATIVE_INFORMATION
;
break
;
case
SIGN_VERIFY_FAILURE:
httpStatus
=
HttpStatus
.
SC_UNAUTHORIZED
;
break
;
default
:
httpStatus
=
HttpStatus
.
SC_UNAUTHORIZED
;
}
response
.
setStatus
(
httpStatus
);
// 抛出异常
throw
new
AuthenticationServiceException
(
authorizationErrorCode
);
}
// 2.若不需要认证或者用户认证成功则直接放行
return
true
;
}
}
src/main/java/cn/meteor/beyondclouds/core/interceptor/SubjectInterceptor.java
deleted
100644 → 0
View file @
5716c9ce
package
cn
.
meteor
.
beyondclouds
.
core
.
interceptor
;
import
cn.meteor.beyondclouds.core.annotation.Anonymous
;
import
cn.meteor.beyondclouds.util.JwtUtils
;
import
cn.meteor.beyondclouds.core.bean.Subject
;
import
cn.meteor.beyondclouds.core.constant.HttpRequestHeaderNames
;
import
cn.meteor.beyondclouds.core.constant.SysConstants
;
import
cn.meteor.beyondclouds.core.emuns.AuthorizationErrorCode
;
import
cn.meteor.beyondclouds.core.exception.AuthorizationException
;
import
cn.meteor.beyondclouds.util.RequestUtils
;
import
com.auth0.jwt.interfaces.Claim
;
import
lombok.extern.java.Log
;
import
org.springframework.util.StringUtils
;
import
org.springframework.web.method.HandlerMethod
;
import
org.springframework.web.servlet.HandlerInterceptor
;
import
javax.servlet.http.HttpServletRequest
;
import
javax.servlet.http.HttpServletResponse
;
import
java.util.Map
;
/** 用户信息拦截器
* @author meteor
*/
@Log
public
class
SubjectInterceptor
implements
HandlerInterceptor
{
private
static
final
String
BEARER_AUTHORIZATION_START
=
"Bearer"
;
@Override
public
boolean
preHandle
(
HttpServletRequest
request
,
HttpServletResponse
response
,
Object
handler
)
throws
Exception
{
/**
* 判断该接口是否需要认证用户才能访问
* 如果目标接口方法上有Anonymous注解,则直接放行
*/
if
(((
HandlerMethod
)
handler
).
hasMethodAnnotation
(
Anonymous
.
class
))
{
// 构建一个匿名的subject
Subject
subject
=
Subject
.
anonymous
(
RequestUtils
.
getIpAddr
(
request
));
request
.
setAttribute
(
SysConstants
.
HTTP_ATTRIBUTE_SUBJECT
,
subject
);
return
true
;
}
// 获取请求头Authorization
String
authorization
=
request
.
getHeader
(
HttpRequestHeaderNames
.
AUTHORIZATION
);
// 未找到认证信息
if
(
StringUtils
.
isEmpty
(
authorization
))
{
response
.
setStatus
(
HttpServletResponse
.
SC_NON_AUTHORITATIVE_INFORMATION
);
throw
new
AuthorizationException
(
AuthorizationErrorCode
.
NON_HEADER_AUTHORIZATION
);
}
// 认证信息非法
if
(!
authorization
.
startsWith
(
BEARER_AUTHORIZATION_START
))
{
response
.
setStatus
(
HttpServletResponse
.
SC_NON_AUTHORITATIVE_INFORMATION
);
throw
new
AuthorizationException
(
AuthorizationErrorCode
.
ILLEGAL_HEADER_AUTHORIZATION
);
}
// 未找到认证信息
if
(
authorization
.
length
()
<=
BEARER_AUTHORIZATION_START
.
length
()
+
1
)
{
response
.
setStatus
(
HttpServletResponse
.
SC_NON_AUTHORITATIVE_INFORMATION
);
throw
new
AuthorizationException
(
AuthorizationErrorCode
.
NON_HEADER_AUTHORIZATION
);
}
// 获取token
String
token
=
authorization
.
substring
(
BEARER_AUTHORIZATION_START
.
length
()
+
1
);
// 未携带token
if
(
StringUtils
.
isEmpty
(
token
))
{
response
.
setStatus
(
HttpServletResponse
.
SC_UNAUTHORIZED
);
throw
new
AuthorizationException
(
AuthorizationErrorCode
.
NON_ACCESS_TOKEN
);
}
// 校验token
try
{
Map
<
String
,
Claim
>
claims
=
JwtUtils
.
verifyToken
(
token
);
// 构建一个经过系统认证的subject
Subject
subject
=
Subject
.
authenticated
(
claims
.
get
(
SysConstants
.
CLAIM_SUBJECT_ID
).
asString
(),
RequestUtils
.
getIpAddr
(
request
));
// 设置当前登录的 subject 到 HttpServletRequest里
request
.
setAttribute
(
SysConstants
.
HTTP_ATTRIBUTE_SUBJECT
,
subject
);
return
true
;
}
catch
(
Exception
e
)
{
e
.
printStackTrace
();
throw
new
AuthorizationException
(
AuthorizationErrorCode
.
SIGN_VERIFY_FAILURE
);
}
}
}
src/main/java/cn/meteor/beyondclouds/core/interceptor/TokenInterceptor.java
0 → 100644
View file @
61fe7f51
package
cn
.
meteor
.
beyondclouds
.
core
.
interceptor
;
import
cn.meteor.beyondclouds.core.bean.Subject
;
import
cn.meteor.beyondclouds.core.constant.HttpRequestHeaderNames
;
import
cn.meteor.beyondclouds.core.constant.SysConstants
;
import
cn.meteor.beyondclouds.core.emuns.AuthorizationErrorCode
;
import
cn.meteor.beyondclouds.util.JwtUtils
;
import
cn.meteor.beyondclouds.util.RequestUtils
;
import
com.auth0.jwt.interfaces.Claim
;
import
org.springframework.util.StringUtils
;
import
org.springframework.web.servlet.HandlerInterceptor
;
import
javax.servlet.http.HttpServletRequest
;
import
javax.servlet.http.HttpServletResponse
;
import
java.util.Map
;
/**
* Token拦截器,根据token信息解析出subject
* 如果没有携带认证信息或认证信息错误,则在HttpServlet上下文设置一个匿名的Subject,并设置认证的错误信息,然后对请求进行放行
* 如果解析到正确的token,则在HttpServlet上下文设置一个经过认证的Subject,然后对请求进行放行
*
* @author meteor
*/
public
class
TokenInterceptor
implements
HandlerInterceptor
{
private
static
final
String
BEARER_AUTHORIZATION_START
=
"Bearer"
;
@Override
public
boolean
preHandle
(
HttpServletRequest
request
,
HttpServletResponse
response
,
Object
handler
)
throws
Exception
{
String
authorization
=
request
.
getHeader
(
HttpRequestHeaderNames
.
AUTHORIZATION
);
// 匿名subject
Subject
anonymousSubject
=
Subject
.
anonymous
(
RequestUtils
.
getIpAddr
(
request
));
// 1.未找到认证信息
if
(
StringUtils
.
isEmpty
(
authorization
))
{
request
.
setAttribute
(
SysConstants
.
HTTP_ATTRIBUTE_SUBJECT
,
anonymousSubject
);
request
.
setAttribute
(
SysConstants
.
AUTHORIZATION_ERROR_CODE
,
AuthorizationErrorCode
.
NON_HEADER_AUTHORIZATION
);
return
true
;
}
// 2.找到认证信息但是认证信息非法
if
(!
authorization
.
startsWith
(
BEARER_AUTHORIZATION_START
)
||
authorization
.
length
()
<=
BEARER_AUTHORIZATION_START
.
length
()
+
1
)
{
request
.
setAttribute
(
SysConstants
.
HTTP_ATTRIBUTE_SUBJECT
,
anonymousSubject
);
request
.
setAttribute
(
SysConstants
.
AUTHORIZATION_ERROR_CODE
,
AuthorizationErrorCode
.
ILLEGAL_HEADER_AUTHORIZATION
);
return
true
;
}
// 3.找到认证信息,进行认证信息正确性校验,并生成Subject
try
{
// 获取token
String
token
=
authorization
.
substring
(
BEARER_AUTHORIZATION_START
.
length
()
+
1
);
// 校验token
Map
<
String
,
Claim
>
claims
=
JwtUtils
.
verifyToken
(
token
);
// 构建一个经过系统认证的subject
Subject
authenticatedSubject
=
Subject
.
authenticated
(
claims
.
get
(
SysConstants
.
CLAIM_SUBJECT_ID
).
asString
(),
RequestUtils
.
getIpAddr
(
request
));
request
.
setAttribute
(
SysConstants
.
HTTP_ATTRIBUTE_SUBJECT
,
authenticatedSubject
);
return
true
;
}
catch
(
Exception
e
)
{
e
.
printStackTrace
();
// token校验失败
request
.
setAttribute
(
SysConstants
.
HTTP_ATTRIBUTE_SUBJECT
,
anonymousSubject
);
request
.
setAttribute
(
SysConstants
.
AUTHORIZATION_ERROR_CODE
,
AuthorizationErrorCode
.
SIGN_VERIFY_FAILURE
);
return
true
;
}
}
}
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment