6 gadi atpakaļ · 52a0559507
--- a/diagbotman-service/src/main/java/com/diagbot/client/UserServiceClient.java
+++ b/diagbotman-service/src/main/java/com/diagbot/client/UserServiceClient.java
@@ -3,6 +3,7 @@ package com.diagbot.client;
 
				 import com.diagbot.client.hystrix.UserServiceHystrix;
			
 
				 import com.diagbot.dto.RespDTO;
			
 
				 import com.diagbot.dto.UserOrgDTO;
			
 
				+import com.diagbot.entity.Token;
			
 
				 import com.diagbot.entity.User;
			
 
				 import org.springframework.cloud.openfeign.FeignClient;
			
 
				 import org.springframework.web.bind.annotation.PostMapping;
			
@@ -35,6 +36,9 @@ public interface UserServiceClient {
 
				     @PostMapping(value = "/userAuthentication/getAuthInfoCount")
			
 
				     RespDTO<List<Integer>> getAuthInfoCount(@RequestBody Long userId);
			
 
				 
			
 
				+    @PostMapping("/user/verifyToken")
			
 
				+    RespDTO<Boolean> verifyToken(@RequestBody Token token);
			
 
				+
			
 
				 }
			
 
				 
			
 
				 
			
--- a/diagbotman-service/src/main/java/com/diagbot/client/hystrix/UserServiceHystrix.java
+++ b/diagbotman-service/src/main/java/com/diagbot/client/hystrix/UserServiceHystrix.java
@@ -3,6 +3,7 @@ package com.diagbot.client.hystrix;
 
				 import com.diagbot.client.UserServiceClient;
			
 
				 import com.diagbot.dto.RespDTO;
			
 
				 import com.diagbot.dto.UserOrgDTO;
			
 
				+import com.diagbot.entity.Token;
			
 
				 import com.diagbot.entity.User;
			
 
				 import lombok.extern.slf4j.Slf4j;
			
 
				 import org.springframework.stereotype.Component;
			
@@ -50,6 +51,11 @@ public class UserServiceHystrix implements UserServiceClient {
 
				 		log.error("【hystrix】调用{}异常", "getAuthInfoCount");
			
 
				 		return null;
			
 
				 	}
			
 
				-    
			
 
				-    
			
 
				+
			
 
				+    @Override
			
 
				+    public RespDTO<Boolean> verifyToken(Token token) {
			
 
				+        log.error("【hystrix】调用{}异常", "verifyToken");
			
 
				+        return null;
			
 
				+    }
			
 
				+
			
 
				 }
			
--- a/diagbotman-service/src/main/java/com/diagbot/config/security/UrlAccessDecisionManager.java
+++ b/diagbotman-service/src/main/java/com/diagbot/config/security/UrlAccessDecisionManager.java
@@ -1,8 +1,15 @@
 
				 package com.diagbot.config.security;
			
 
				 
			
 
				+import com.diagbot.client.UserServiceClient;
			
 
				+import com.diagbot.dto.RespDTO;
			
 
				+import com.diagbot.entity.Token;
			
 
				+import com.diagbot.util.HttpUtils;
			
 
				+import com.diagbot.util.StringUtil;
			
 
				+import org.springframework.beans.factory.annotation.Autowired;
			
 
				 import org.springframework.security.access.AccessDecisionManager;
			
 
				 import org.springframework.security.access.AccessDeniedException;
			
 
				 import org.springframework.security.access.ConfigAttribute;
			
 
				+import org.springframework.security.authentication.AccountExpiredException;
			
 
				 import org.springframework.security.authentication.InsufficientAuthenticationException;
			
 
				 import org.springframework.security.core.Authentication;
			
 
				 import org.springframework.security.core.GrantedAuthority;
			
@@ -21,6 +28,9 @@ import java.util.Collection;
 
				  */
			
 
				 @Service
			
 
				 public class UrlAccessDecisionManager implements AccessDecisionManager {
			
 
				+    @Autowired
			
 
				+    private UserServiceClient userServiceClient;
			
 
				+
			
 
				     @Override
			
 
				     public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
			
 
				         HttpServletRequest request = ((FilterInvocation) object).getHttpRequest();
			
@@ -31,6 +41,20 @@ public class UrlAccessDecisionManager implements AccessDecisionManager {
 
				         if ("anonymousUser".equals(authentication.getPrincipal())) {
			
 
				             throw new AccessDeniedException("no right");
			
 
				         } else {
			
 
				+            //验证token有效性
			
 
				+            String tokenStr = HttpUtils.getHeaders(request).get("Authorization");
			
 
				+            if (StringUtil.isNotEmpty(tokenStr)) {
			
 
				+                Token token = new Token();
			
 
				+                tokenStr = tokenStr.replaceFirst("Bearer ", "");
			
 
				+                token.setToken(tokenStr);
			
 
				+                RespDTO<Boolean> res = userServiceClient.verifyToken(token);
			
 
				+                if (res == null || !"0".equals(res.code)) {
			
 
				+                    throw new AccountExpiredException("token expire");
			
 
				+                }
			
 
				+                if (!res.data) {
			
 
				+                    throw new AccountExpiredException("token expire");
			
 
				+                }
			
 
				+            }
			
 
				             for (GrantedAuthority ga : authentication.getAuthorities()) {
			
 
				                 String[] authority = ga.getAuthority().split(";");
			
 
				                 url = authority[0];
			
@@ -56,7 +80,7 @@ public class UrlAccessDecisionManager implements AccessDecisionManager {
 
				         return true;
			
 
				     }
			
 
				 
			
 
				-    private Boolean matchPermitAllUrl(HttpServletRequest request){
			
 
				+    private Boolean matchPermitAllUrl(HttpServletRequest request) {
			
 
				         if (matchers("/swagger/**", request)
			
 
				                 || matchers("/v2/**", request)
			
 
				                 || matchers("/swagger-ui.html/**", request)
			
--- a/diagbotman-service/src/main/java/com/diagbot/entity/Token.java
+++ b/diagbotman-service/src/main/java/com/diagbot/entity/Token.java
@@ -0,0 +1,21 @@
 
				+package com.diagbot.entity;
			
 
				+
			
 
				+import lombok.Getter;
			
 
				+import lombok.Setter;
			
 
				+
			
 
				+import java.io.Serializable;
			
 
				+
			
 
				+/**
			
 
				+ * @Description: token
			
 
				+ * @Author: ztg
			
 
				+ * @Date: 2018/9/19 13:14
			
 
				+ */
			
 
				+@Getter
			
 
				+@Setter
			
 
				+public class Token implements Serializable {
			
 
				+
			
 
				+    private static final long serialVersionUID = 1L;
			
 
				+
			
 
				+    private String token;
			
 
				+
			
 
				+}
			
--- a/gateway-service/src/main/java/com/diagbot/client/UserServiceClient.java
+++ b/gateway-service/src/main/java/com/diagbot/client/UserServiceClient.java
@@ -2,11 +2,9 @@ package com.diagbot.client;
 
				 
			
 
				 import com.diagbot.client.hystrix.UserServiceHystrix;
			
 
				 import com.diagbot.dto.RespDTO;
			
 
				-import com.diagbot.entity.Token;
			
 
				 import com.diagbot.entity.User;
			
 
				 import org.springframework.cloud.openfeign.FeignClient;
			
 
				 import org.springframework.web.bind.annotation.PostMapping;
			
 
				-import org.springframework.web.bind.annotation.RequestBody;
			
 
				 import org.springframework.web.bind.annotation.RequestParam;
			
 
				 
			
 
				 
			
@@ -21,8 +19,6 @@ public interface UserServiceClient {
 
				     @PostMapping("/user/login")
			
 
				     RespDTO<User> login(@RequestParam("username") String username, @RequestParam("password") String password);
			
 
				 
			
 
				-    @PostMapping("/user/verifyToken")
			
 
				-    RespDTO<Boolean> verifyToken(@RequestBody Token token);
			
 
				 }
			
 
				 
			
 
				 
			
--- a/gateway-service/src/main/java/com/diagbot/client/hystrix/UserServiceHystrix.java
+++ b/gateway-service/src/main/java/com/diagbot/client/hystrix/UserServiceHystrix.java
@@ -3,7 +3,6 @@ package com.diagbot.client.hystrix;
 
				 
			
 
				 import com.diagbot.client.UserServiceClient;
			
 
				 import com.diagbot.dto.RespDTO;
			
 
				-import com.diagbot.entity.Token;
			
 
				 import lombok.extern.slf4j.Slf4j;
			
 
				 import org.springframework.stereotype.Component;
			
 
				 
			
@@ -15,15 +14,11 @@ import org.springframework.stereotype.Component;
 
				 @Component
			
 
				 @Slf4j
			
 
				 public class UserServiceHystrix implements UserServiceClient {
			
 
				+
			
 
				     @Override
			
 
				     public RespDTO login(String username, String password) {
			
 
				         log.error("【hystrix】调用{}异常", "login");
			
 
				         return null;
			
 
				     }
			
 
				 
			
 
				-    @Override
			
 
				-    public RespDTO<Boolean> verifyToken(Token token) {
			
 
				-        log.error("【hystrix】调用{}异常", "verifyToken");
			
 
				-        return null;
			
 
				-    }
			
 
				 }
			
--- a/gateway-service/src/main/java/com/diagbot/filter/GlobalGatewayFilter.java
+++ b/gateway-service/src/main/java/com/diagbot/filter/GlobalGatewayFilter.java
@@ -1,13 +1,9 @@
 
				 package com.diagbot.filter;
			
 
				 
			
 
				 import com.diagbot.client.DiagbotmanServiceClient;
			
 
				-import com.diagbot.client.UserServiceClient;
			
 
				 import com.diagbot.dto.RespDTO;
			
 
				 import com.diagbot.entity.ServiceToken;
			
 
				-import com.diagbot.entity.Token;
			
 
				-import com.diagbot.exception.CommonErrorCode;
			
 
				 import com.diagbot.util.GsonUtil;
			
 
				-import com.diagbot.util.StringUtil;
			
 
				 import lombok.extern.slf4j.Slf4j;
			
 
				 import org.springframework.beans.factory.annotation.Autowired;
			
 
				 import org.springframework.beans.factory.annotation.Value;
			
@@ -47,8 +43,6 @@ public class GlobalGatewayFilter implements GlobalFilter {
 
				     @Value("${lantone.product}")
			
 
				     private String lantonePrduct;
			
 
				 
			
 
				-    @Autowired
			
 
				-    UserServiceClient userServiceClient;
			
 
				     @Autowired
			
 
				     DiagbotmanServiceClient diagbotmanServiceClient;
			
 
				 
			
@@ -73,23 +67,6 @@ public class GlobalGatewayFilter implements GlobalFilter {
 
				         log.info("APIURL:{}", requestUri);
			
 
				         log.info("SERVICENAME:{}", serviceName);
			
 
				 
			
 
				-        //验证token有效性
			
 
				-        String tokenStr = request.getHeaders().getFirst("Authorization");
			
 
				-        if(StringUtil.isNotEmpty(tokenStr)) {
			
 
				-            Token token = new Token();
			
 
				-            tokenStr = tokenStr.replaceFirst("Bearer ", "");
			
 
				-            token.setToken(tokenStr);
			
 
				-            RespDTO<Boolean> res = userServiceClient.verifyToken(token);
			
 
				-            if (res == null || !RespDTO.TRUE_CODE.equals(res.code)) {
			
 
				-                return getVoidMono(serverWebExchange, res);
			
 
				-            }
			
 
				-            if(!res.data) {
			
 
				-                res.code = CommonErrorCode.TOKEN_PAST.getCode();
			
 
				-                res.msg = CommonErrorCode.TOKEN_PAST.getMsg();
			
 
				-                return getVoidMono(serverWebExchange, res);
			
 
				-            }
			
 
				-        }
			
 
				-
			
 
				         //        if(!IS_GENERATE) {
			
 
				         //            RespDTO<List<ServiceFilter>> filter = diagbotmanServiceClient.getAll();
			
 
				         //            if (filter != null){
			
--- a/user-service/src/main/java/com/diagbot/config/security/UrlAccessDecisionManager.java
+++ b/user-service/src/main/java/com/diagbot/config/security/UrlAccessDecisionManager.java
@@ -1,8 +1,13 @@
 
				 package com.diagbot.config.security;
			
 
				 
			
 
				+import com.diagbot.facade.TokenFacade;
			
 
				+import com.diagbot.util.HttpUtils;
			
 
				+import com.diagbot.util.StringUtil;
			
 
				+import org.springframework.beans.factory.annotation.Autowired;
			
 
				 import org.springframework.security.access.AccessDecisionManager;
			
 
				 import org.springframework.security.access.AccessDeniedException;
			
 
				 import org.springframework.security.access.ConfigAttribute;
			
 
				+import org.springframework.security.authentication.AccountExpiredException;
			
 
				 import org.springframework.security.authentication.InsufficientAuthenticationException;
			
 
				 import org.springframework.security.core.Authentication;
			
 
				 import org.springframework.security.core.GrantedAuthority;
			
@@ -21,6 +26,9 @@ import java.util.Collection;
 
				  */
			
 
				 @Service
			
 
				 public class UrlAccessDecisionManager implements AccessDecisionManager {
			
 
				+    @Autowired
			
 
				+    private TokenFacade tokenFacade;
			
 
				+
			
 
				     @Override
			
 
				     public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
			
 
				         HttpServletRequest request = ((FilterInvocation) object).getHttpRequest();
			
@@ -31,6 +39,14 @@ public class UrlAccessDecisionManager implements AccessDecisionManager {
 
				         if ("anonymousUser".equals(authentication.getPrincipal())) {
			
 
				             throw new AccessDeniedException("no right");
			
 
				         } else {
			
 
				+            String tokenStr = HttpUtils.getHeaders(request).get("Authorization");
			
 
				+            if (StringUtil.isNotEmpty(tokenStr)) {
			
 
				+                tokenStr = tokenStr.replaceFirst("Bearer ", "");
			
 
				+                Boolean res = tokenFacade.verifyToken(tokenStr, 1);
			
 
				+                if (!res) {
			
 
				+                    throw new AccountExpiredException("token expire");
			
 
				+                }
			
 
				+            }
			
 
				             for (GrantedAuthority ga : authentication.getAuthorities()) {
			
 
				                 String[] authority = ga.getAuthority().split(";");
			
 
				                 url = authority[0];
			
@@ -56,7 +72,7 @@ public class UrlAccessDecisionManager implements AccessDecisionManager {
 
				         return true;
			
 
				     }
			
 
				 
			
 
				-    private Boolean matchPermitAllUrl(HttpServletRequest request){
			
 
				+    private Boolean matchPermitAllUrl(HttpServletRequest request) {
			
 
				         if (matchers("/swagger/**", request)
			
 
				                 || matchers("/v2/**", request)
			
 
				                 || matchers("/swagger-ui.html/**", request)