Merge remote-tracking branch 'origin/dev/one' into dev/one

diagbotman-service/src/main/java/com/diagbot/client/UserServiceClient.java

@@ -3,6 +3,7 @@ package com.diagbot.client;
 import com.diagbot.client.hystrix.UserServiceHystrix;
 import com.diagbot.dto.RespDTO;
 import com.diagbot.dto.UserOrgDTO;
+import com.diagbot.entity.Token;
 import com.diagbot.entity.User;
 import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.web.bind.annotation.PostMapping;
@@ -35,6 +36,9 @@ public interface UserServiceClient {
     @PostMapping(value = "/userAuthentication/getAuthInfoCount")
     RespDTO<List<Integer>> getAuthInfoCount(@RequestBody Long userId);
 
+    @PostMapping("/user/verifyToken")
+    RespDTO<Boolean> verifyToken(@RequestBody Token token);
+
 }
 
 

diagbotman-service/src/main/java/com/diagbot/client/hystrix/UserServiceHystrix.java

@@ -3,6 +3,7 @@ package com.diagbot.client.hystrix;
 import com.diagbot.client.UserServiceClient;
 import com.diagbot.dto.RespDTO;
 import com.diagbot.dto.UserOrgDTO;
+import com.diagbot.entity.Token;
 import com.diagbot.entity.User;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Component;
@@ -50,6 +51,11 @@ public class UserServiceHystrix implements UserServiceClient {
 		log.error("【hystrix】调用{}异常", "getAuthInfoCount");
 		return null;
 	}
-    
-    
+
+    @Override
+    public RespDTO<Boolean> verifyToken(Token token) {
+        log.error("【hystrix】调用{}异常", "verifyToken");
+        return null;
+    }
+
 }

diagbotman-service/src/main/java/com/diagbot/config/security/UrlAccessDecisionManager.java

@@ -1,8 +1,15 @@
 package com.diagbot.config.security;
 
+import com.diagbot.client.UserServiceClient;
+import com.diagbot.dto.RespDTO;
+import com.diagbot.entity.Token;
+import com.diagbot.util.HttpUtils;
+import com.diagbot.util.StringUtil;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.AccessDecisionManager;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.authentication.AccountExpiredException;
 import org.springframework.security.authentication.InsufficientAuthenticationException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
@@ -21,6 +28,9 @@ import java.util.Collection;
  */
 @Service
 public class UrlAccessDecisionManager implements AccessDecisionManager {
+    @Autowired
+    private UserServiceClient userServiceClient;
+
     @Override
     public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
         HttpServletRequest request = ((FilterInvocation) object).getHttpRequest();
@@ -31,6 +41,20 @@ public class UrlAccessDecisionManager implements AccessDecisionManager {
         if ("anonymousUser".equals(authentication.getPrincipal())) {
             throw new AccessDeniedException("no right");
         } else {
+            //验证token有效性
+            String tokenStr = HttpUtils.getHeaders(request).get("Authorization");
+            if (StringUtil.isNotEmpty(tokenStr)) {
+                Token token = new Token();
+                tokenStr = tokenStr.replaceFirst("Bearer ", "");
+                token.setToken(tokenStr);
+                RespDTO<Boolean> res = userServiceClient.verifyToken(token);
+                if (res == null || !"0".equals(res.code)) {
+                    throw new AccountExpiredException("token expire");
+                }
+                if (!res.data) {
+                    throw new AccountExpiredException("token expire");
+                }
+            }
             for (GrantedAuthority ga : authentication.getAuthorities()) {
                 String[] authority = ga.getAuthority().split(";");
                 url = authority[0];
@@ -56,7 +80,7 @@ public class UrlAccessDecisionManager implements AccessDecisionManager {
         return true;
     }
 
-    private Boolean matchPermitAllUrl(HttpServletRequest request){
+    private Boolean matchPermitAllUrl(HttpServletRequest request) {
         if (matchers("/swagger/**", request)
                 || matchers("/v2/**", request)
                 || matchers("/swagger-ui.html/**", request)

diagbotman-service/src/main/java/com/diagbot/entity/Token.java

@@ -0,0 +1,21 @@
+package com.diagbot.entity;
+
+import lombok.Getter;
+import lombok.Setter;
+
+import java.io.Serializable;
+
+/**
+ * @Description: token
+ * @Author: ztg
+ * @Date: 2018/9/19 13:14
+ */
+@Getter
+@Setter
+public class Token implements Serializable {
+
+    private static final long serialVersionUID = 1L;
+
+    private String token;
+
+}

gateway-service/src/main/java/com/diagbot/client/UserServiceClient.java

@@ -2,11 +2,9 @@ package com.diagbot.client;
 
 import com.diagbot.client.hystrix.UserServiceHystrix;
 import com.diagbot.dto.RespDTO;
-import com.diagbot.entity.Token;
 import com.diagbot.entity.User;
 import org.springframework.cloud.openfeign.FeignClient;
 import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestBody;
 import org.springframework.web.bind.annotation.RequestParam;
 
 
@@ -21,8 +19,6 @@ public interface UserServiceClient {
     @PostMapping("/user/login")
     RespDTO<User> login(@RequestParam("username") String username, @RequestParam("password") String password);
 
-    @PostMapping("/user/verifyToken")
-    RespDTO<Boolean> verifyToken(@RequestBody Token token);
 }
 
 

gateway-service/src/main/java/com/diagbot/client/hystrix/UserServiceHystrix.java

@@ -3,7 +3,6 @@ package com.diagbot.client.hystrix;
 
 import com.diagbot.client.UserServiceClient;
 import com.diagbot.dto.RespDTO;
-import com.diagbot.entity.Token;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Component;
 
@@ -15,15 +14,11 @@ import org.springframework.stereotype.Component;
 @Component
 @Slf4j
 public class UserServiceHystrix implements UserServiceClient {
+
     @Override
     public RespDTO login(String username, String password) {
         log.error("【hystrix】调用{}异常", "login");
         return null;
     }
 
-    @Override
-    public RespDTO<Boolean> verifyToken(Token token) {
-        log.error("【hystrix】调用{}异常", "verifyToken");
-        return null;
-    }
 }

gateway-service/src/main/java/com/diagbot/filter/GlobalGatewayFilter.java

@@ -1,13 +1,9 @@
 package com.diagbot.filter;
 
 import com.diagbot.client.DiagbotmanServiceClient;
-import com.diagbot.client.UserServiceClient;
 import com.diagbot.dto.RespDTO;
 import com.diagbot.entity.ServiceToken;
-import com.diagbot.entity.Token;
-import com.diagbot.exception.CommonErrorCode;
 import com.diagbot.util.GsonUtil;
-import com.diagbot.util.StringUtil;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
@@ -47,8 +43,6 @@ public class GlobalGatewayFilter implements GlobalFilter {
     @Value("${lantone.product}")
     private String lantonePrduct;
 
-    @Autowired
-    UserServiceClient userServiceClient;
     @Autowired
     DiagbotmanServiceClient diagbotmanServiceClient;
 
@@ -73,23 +67,6 @@ public class GlobalGatewayFilter implements GlobalFilter {
         log.info("APIURL:{}", requestUri);
         log.info("SERVICENAME:{}", serviceName);
 
-        //验证token有效性
-        String tokenStr = request.getHeaders().getFirst("Authorization");
-        if(StringUtil.isNotEmpty(tokenStr)) {
-            Token token = new Token();
-            tokenStr = tokenStr.replaceFirst("Bearer ", "");
-            token.setToken(tokenStr);
-            RespDTO<Boolean> res = userServiceClient.verifyToken(token);
-            if (res == null || !RespDTO.TRUE_CODE.equals(res.code)) {
-                return getVoidMono(serverWebExchange, res);
-            }
-            if(!res.data) {
-                res.code = CommonErrorCode.TOKEN_PAST.getCode();
-                res.msg = CommonErrorCode.TOKEN_PAST.getMsg();
-                return getVoidMono(serverWebExchange, res);
-            }
-        }
-
         //        if(!IS_GENERATE) {
         //            RespDTO<List<ServiceFilter>> filter = diagbotmanServiceClient.getAll();
         //            if (filter != null){

user-service/src/main/java/com/diagbot/config/security/UrlAccessDecisionManager.java

@@ -1,8 +1,13 @@
 package com.diagbot.config.security;
 
+import com.diagbot.facade.TokenFacade;
+import com.diagbot.util.HttpUtils;
+import com.diagbot.util.StringUtil;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.AccessDecisionManager;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.authentication.AccountExpiredException;
 import org.springframework.security.authentication.InsufficientAuthenticationException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
@@ -21,6 +26,9 @@ import java.util.Collection;
  */
 @Service
 public class UrlAccessDecisionManager implements AccessDecisionManager {
+    @Autowired
+    private TokenFacade tokenFacade;
+
     @Override
     public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
         HttpServletRequest request = ((FilterInvocation) object).getHttpRequest();
@@ -31,6 +39,14 @@ public class UrlAccessDecisionManager implements AccessDecisionManager {
         if ("anonymousUser".equals(authentication.getPrincipal())) {
             throw new AccessDeniedException("no right");
         } else {
+            String tokenStr = HttpUtils.getHeaders(request).get("Authorization");
+            if (StringUtil.isNotEmpty(tokenStr)) {
+                tokenStr = tokenStr.replaceFirst("Bearer ", "");
+                Boolean res = tokenFacade.verifyToken(tokenStr, 1);
+                if (!res) {
+                    throw new AccountExpiredException("token expire");
+                }
+            }
             for (GrantedAuthority ga : authentication.getAuthorities()) {
                 String[] authority = ga.getAuthority().split(";");
                 url = authority[0];
@@ -56,7 +72,7 @@ public class UrlAccessDecisionManager implements AccessDecisionManager {
         return true;
     }
 
-    private Boolean matchPermitAllUrl(HttpServletRequest request){
+    private Boolean matchPermitAllUrl(HttpServletRequest request) {
         if (matchers("/swagger/**", request)
                 || matchers("/v2/**", request)
                 || matchers("/swagger-ui.html/**", request)