加入Token是否有效验证

mrqcman-service/src/main/java/com/diagbot/client/UserServiceClient.java

@@ -0,0 +1,30 @@
+package com.diagbot.client;
+
+import com.diagbot.client.hystrix.UserServiceHystrix;
+import com.diagbot.dto.RespDTO;
+import com.diagbot.entity.Token;
+import org.springframework.cloud.openfeign.FeignClient;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+
+import java.util.List;
+import java.util.Map;
+
+
+/**
+ * @Description: 调用用户服务
+ * @author: gaodm
+ * @time: 2018/8/6 9:52
+ */
+@FeignClient(value = "user-service", fallback = UserServiceHystrix.class)
+public interface UserServiceClient {
+
+    @PostMapping(value = "/user/getUserInfoByIds")
+    RespDTO<Map<String, String>> getUserInfoByIds(@RequestBody List<String> ids);
+
+    @PostMapping("/user/verifyToken")
+    RespDTO<Boolean> verifyToken(@RequestBody Token token);
+}
+
+
+

mrqcman-service/src/main/java/com/diagbot/client/hystrix/UserServiceHystrix.java

@@ -0,0 +1,35 @@
+package com.diagbot.client.hystrix;
+
+import com.diagbot.client.UserServiceClient;
+import com.diagbot.dto.RespDTO;
+import com.diagbot.entity.Token;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Component;
+import org.springframework.web.bind.annotation.RequestBody;
+
+import java.util.List;
+import java.util.Map;
+
+
+/**
+ * @Description: 调用用户服务
+ * @author: gaodm
+ * @time: 2018/8/6 9:52
+ */
+@Component
+@Slf4j
+public class UserServiceHystrix implements UserServiceClient {
+
+    @Override
+    public RespDTO<Map<String, String>> getUserInfoByIds(@RequestBody List<String> ids) {
+        log.error("【hystrix】调用{}异常", "getUserInfoByIds");
+        return null;
+    }
+
+    @Override
+    public RespDTO<Boolean> verifyToken(Token token) {
+        log.error("【hystrix】调用{}异常", "verifyToken");
+        return null;
+    }
+
+}

mrqcman-service/src/main/java/com/diagbot/config/ResourceServerConfigurer.java

@@ -26,6 +26,7 @@ public class ResourceServerConfigurer extends ResourceServerConfigurerAdapter {
                 .csrf().disable()
                 .authorizeRequests()
                 .regexMatchers(".*swagger.*", ".*v2.*", ".*webjars.*", "/druid.*", "/actuator.*", "/hystrix.*").permitAll()
+                .antMatchers("/mrqc/test").permitAll()
                 .antMatchers("/**").authenticated();
 //                .antMatchers("/**").permitAll();
     }

mrqcman-service/src/main/java/com/diagbot/config/security/UrlAccessDecisionManager.java

@@ -1,8 +1,16 @@
 package com.diagbot.config.security;
 
+import com.diagbot.client.UserServiceClient;
+import com.diagbot.dto.RespDTO;
+import com.diagbot.entity.Token;
+import com.diagbot.exception.CommonErrorCode;
+import com.diagbot.util.HttpUtils;
+import com.diagbot.util.StringUtil;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.AccessDecisionManager;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.authentication.AccountExpiredException;
 import org.springframework.security.authentication.InsufficientAuthenticationException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
@@ -13,7 +21,6 @@ import org.springframework.stereotype.Service;
 import javax.servlet.http.HttpServletRequest;
 import java.util.Collection;
 
-
 /**
  * @Description: 自定义权限拦截
  * @author: gaodm
@@ -21,6 +28,9 @@ import java.util.Collection;
  */
 @Service
 public class UrlAccessDecisionManager implements AccessDecisionManager {
+    @Autowired
+    private UserServiceClient userServiceClient;
+
     @Override
     public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
         HttpServletRequest request = ((FilterInvocation) object).getHttpRequest();
@@ -31,6 +41,20 @@ public class UrlAccessDecisionManager implements AccessDecisionManager {
         if ("anonymousUser".equals(authentication.getPrincipal())) {
             throw new AccessDeniedException("no right");
         } else {
+            //验证token有效性
+            String tokenStr = HttpUtils.getHeaders(request).get("Authorization");
+            if (StringUtil.isNotEmpty(tokenStr)) {
+                Token token = new Token();
+                tokenStr = tokenStr.replaceFirst("Bearer ", "");
+                token.setToken(tokenStr);
+                RespDTO<Boolean> res = userServiceClient.verifyToken(token);
+                if (res == null || !CommonErrorCode.OK.getCode().equals(res.code)) {
+                    throw new AccountExpiredException("token expire");
+                }
+                if (!res.data) {
+                    throw new AccountExpiredException("token expire");
+                }
+            }
             for (GrantedAuthority ga : authentication.getAuthorities()) {
                 String[] authority = ga.getAuthority().split(";");
                 url = authority[0];
@@ -56,7 +80,7 @@ public class UrlAccessDecisionManager implements AccessDecisionManager {
         return true;
     }
 
-    private Boolean matchPermitAllUrl(HttpServletRequest request){
+    private Boolean matchPermitAllUrl(HttpServletRequest request) {
         if (matchers("/swagger/**", request)
                 || matchers("/v2/**", request)
                 || matchers("/swagger-ui.html/**", request)
@@ -65,6 +89,7 @@ public class UrlAccessDecisionManager implements AccessDecisionManager {
                 || matchers("/druid/**", request)
                 || matchers("/actuator/**", request)
                 || matchers("/hystrix/**", request)
+                || matchers("/mrqc/test", request)
                 || matchers("/", request)) {
             return true;
         }

mrqcman-service/src/main/java/com/diagbot/entity/Token.java

@@ -0,0 +1,21 @@
+package com.diagbot.entity;
+
+import lombok.Getter;
+import lombok.Setter;
+
+import java.io.Serializable;
+
+/**
+ * @Description: token
+ * @Author: ztg
+ * @Date: 2018/9/19 13:14
+ */
+@Getter
+@Setter
+public class Token implements Serializable {
+
+    private static final long serialVersionUID = 1L;
+
+    private String token;
+
+}