|
@@ -1,8 +1,15 @@
|
|
package com.diagbot.config.security;
|
|
package com.diagbot.config.security;
|
|
|
|
|
|
|
|
+import com.diagbot.client.UserServiceClient;
|
|
|
|
+import com.diagbot.dto.RespDTO;
|
|
|
|
+import com.diagbot.entity.Token;
|
|
|
|
+import com.diagbot.util.HttpUtils;
|
|
|
|
+import com.diagbot.util.StringUtil;
|
|
|
|
+import org.springframework.beans.factory.annotation.Autowired;
|
|
import org.springframework.security.access.AccessDecisionManager;
|
|
import org.springframework.security.access.AccessDecisionManager;
|
|
import org.springframework.security.access.AccessDeniedException;
|
|
import org.springframework.security.access.AccessDeniedException;
|
|
import org.springframework.security.access.ConfigAttribute;
|
|
import org.springframework.security.access.ConfigAttribute;
|
|
|
|
+import org.springframework.security.authentication.AccountExpiredException;
|
|
import org.springframework.security.authentication.InsufficientAuthenticationException;
|
|
import org.springframework.security.authentication.InsufficientAuthenticationException;
|
|
import org.springframework.security.core.Authentication;
|
|
import org.springframework.security.core.Authentication;
|
|
import org.springframework.security.core.GrantedAuthority;
|
|
import org.springframework.security.core.GrantedAuthority;
|
|
@@ -21,6 +28,9 @@ import java.util.Collection;
|
|
*/
|
|
*/
|
|
@Service
|
|
@Service
|
|
public class UrlAccessDecisionManager implements AccessDecisionManager {
|
|
public class UrlAccessDecisionManager implements AccessDecisionManager {
|
|
|
|
+ @Autowired
|
|
|
|
+ private UserServiceClient userServiceClient;
|
|
|
|
+
|
|
@Override
|
|
@Override
|
|
public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
|
|
public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
|
|
HttpServletRequest request = ((FilterInvocation) object).getHttpRequest();
|
|
HttpServletRequest request = ((FilterInvocation) object).getHttpRequest();
|
|
@@ -31,6 +41,20 @@ public class UrlAccessDecisionManager implements AccessDecisionManager {
|
|
if ("anonymousUser".equals(authentication.getPrincipal())) {
|
|
if ("anonymousUser".equals(authentication.getPrincipal())) {
|
|
throw new AccessDeniedException("no right");
|
|
throw new AccessDeniedException("no right");
|
|
} else {
|
|
} else {
|
|
|
|
+ //验证token有效性
|
|
|
|
+ String tokenStr = HttpUtils.getHeaders(request).get("Authorization");
|
|
|
|
+ if (StringUtil.isNotEmpty(tokenStr)) {
|
|
|
|
+ Token token = new Token();
|
|
|
|
+ tokenStr = tokenStr.replaceFirst("Bearer ", "");
|
|
|
|
+ token.setToken(tokenStr);
|
|
|
|
+ RespDTO<Boolean> res = userServiceClient.verifyToken(token);
|
|
|
|
+ if (res == null || !"0".equals(res.code)) {
|
|
|
|
+ throw new AccountExpiredException("token expire");
|
|
|
|
+ }
|
|
|
|
+ if (!res.data) {
|
|
|
|
+ throw new AccountExpiredException("token expire");
|
|
|
|
+ }
|
|
|
|
+ }
|
|
for (GrantedAuthority ga : authentication.getAuthorities()) {
|
|
for (GrantedAuthority ga : authentication.getAuthorities()) {
|
|
String[] authority = ga.getAuthority().split(";");
|
|
String[] authority = ga.getAuthority().split(";");
|
|
url = authority[0];
|
|
url = authority[0];
|
|
@@ -56,7 +80,7 @@ public class UrlAccessDecisionManager implements AccessDecisionManager {
|
|
return true;
|
|
return true;
|
|
}
|
|
}
|
|
|
|
|
|
- private Boolean matchPermitAllUrl(HttpServletRequest request){
|
|
|
|
|
|
+ private Boolean matchPermitAllUrl(HttpServletRequest request) {
|
|
if (matchers("/swagger/**", request)
|
|
if (matchers("/swagger/**", request)
|
|
|| matchers("/v2/**", request)
|
|
|| matchers("/v2/**", request)
|
|
|| matchers("/swagger-ui.html/**", request)
|
|
|| matchers("/swagger-ui.html/**", request)
|