loginKey传值处理

mrqcman-service/src/main/java/com/diagbot/config/ResourceServerConfigurer.java

@@ -26,9 +26,8 @@ public class ResourceServerConfigurer extends ResourceServerConfigurerAdapter {
                 .csrf().disable()
                 .authorizeRequests()
                 .regexMatchers(".*swagger.*", ".*v2.*", ".*webjars.*", "/druid.*", "/actuator.*", "/hystrix.*").permitAll()
-                .antMatchers("/mrqc/test").permitAll()
-//                .antMatchers("/**").authenticated();
-                .antMatchers("/**").permitAll();
+                .antMatchers("/**").authenticated();
+//                .antMatchers("/**").permitAll();
     }
 
 

mrqcman-service/src/main/java/com/diagbot/config/security/UrlAccessDecisionManager.java

@@ -1,12 +1,20 @@
 package com.diagbot.config.security;
 
 import com.diagbot.client.UserServiceClient;
+import com.diagbot.dto.RespDTO;
+import com.diagbot.entity.Token;
+import com.diagbot.exception.CommonErrorCode;
+import com.diagbot.util.HttpUtils;
+import com.diagbot.util.StringUtil;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.AccessDecisionManager;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.authentication.AccountExpiredException;
 import org.springframework.security.authentication.InsufficientAuthenticationException;
 import org.springframework.security.core.Authentication;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.web.FilterInvocation;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.stereotype.Service;
 
@@ -25,40 +33,40 @@ public class UrlAccessDecisionManager implements AccessDecisionManager {
 
     @Override
     public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
-//        HttpServletRequest request = ((FilterInvocation) object).getHttpRequest();
-//        String url, method;
-//        if (matchPermitAllUrl(request)) {
-//            return;
-//        }
-//        if ("anonymousUser".equals(authentication.getPrincipal())) {
-//            throw new AccessDeniedException("no right");
-//        } else {
-//            //验证token有效性
-//            String tokenStr = HttpUtils.getHeaders(request).get("Authorization");
-//            if (StringUtil.isNotEmpty(tokenStr)) {
-//                Token token = new Token();
-//                tokenStr = tokenStr.replaceFirst("Bearer ", "");
-//                token.setToken(tokenStr);
-//                RespDTO<Boolean> res = userServiceClient.verifyToken(token);
-//                if (res == null || !CommonErrorCode.OK.getCode().equals(res.code)) {
-//                    throw new AccountExpiredException("token expire");
-//                }
-//                if (!res.data) {
-//                    throw new AccountExpiredException("token expire");
-//                }
-//            }
-//            for (GrantedAuthority ga : authentication.getAuthorities()) {
-//                String[] authority = ga.getAuthority().split(";");
-//                url = authority[0];
-//                method = authority[1];
-//                if (matchers(url, request)) {
-//                    if (method.equals(request.getMethod()) || "ALL".equals(method)) {
-//                        return;
-//                    }
-//                }
-//            }
-//        }
-//        throw new AccessDeniedException("no right");
+        HttpServletRequest request = ((FilterInvocation) object).getHttpRequest();
+        String url, method;
+        if (matchPermitAllUrl(request)) {
+            return;
+        }
+        if ("anonymousUser".equals(authentication.getPrincipal())) {
+            throw new AccessDeniedException("no right");
+        } else {
+            //验证token有效性
+            String tokenStr = HttpUtils.getHeaders(request).get("Authorization");
+            if (StringUtil.isNotEmpty(tokenStr)) {
+                Token token = new Token();
+                tokenStr = tokenStr.replaceFirst("Bearer ", "");
+                token.setToken(tokenStr);
+                RespDTO<Boolean> res = userServiceClient.verifyToken(token);
+                if (res == null || !CommonErrorCode.OK.getCode().equals(res.code)) {
+                    throw new AccountExpiredException("token expire");
+                }
+                if (!res.data) {
+                    throw new AccountExpiredException("token expire");
+                }
+            }
+            for (GrantedAuthority ga : authentication.getAuthorities()) {
+                String[] authority = ga.getAuthority().split(";");
+                url = authority[0];
+                method = authority[1];
+                if (matchers(url, request)) {
+                    if (method.equals(request.getMethod()) || "ALL".equals(method)) {
+                        return;
+                    }
+                }
+            }
+        }
+        throw new AccessDeniedException("no right");
     }
 
 

mrqcman-service/src/main/java/com/diagbot/facade/MrqcTokenFacade.java

@@ -60,23 +60,9 @@ public class MrqcTokenFacade extends MrqcTokenServiceImpl {
             throw new CommonException(CommonErrorCode.SERVER_IS_ERROR, "当前token信息已存在");
         }
         // id为空表示新增，只有新增时才生成loginKey
-        String uuid = "";
-        if (mrqcTokenVO.getId() != null) {
-            MrqcToken bean = this.getOne(new QueryWrapper<MrqcToken>()
-                    .eq("is_deleted", IsDeleteEnum.N.getKey())
-                    .eq("id", mrqcTokenVO.getId()), false
-            );
-            uuid = bean.getLoginKey();
-        }
         if (mrqcTokenVO.getId() == null) {
-            uuid = UUID.randomUUID().toString();
             mrqcToken.setGmtCreate(date);
-            try {
-                mrqcToken.setLoginKey(uuid);
-            } catch (Exception e) {
-                e.printStackTrace();
-            }
-            mrqcToken.setLoginKey(uuid); // 生成登录获取token需要的key
+            mrqcToken.setLoginKey(UUID.randomUUID().toString()); // 生成登录获取token需要的key
         }
         mrqcToken.setGmtModified(date);
         mrqcToken.setModifier(mrqcTokenVO.getCreator());
@@ -87,7 +73,7 @@ public class MrqcTokenFacade extends MrqcTokenServiceImpl {
             StringBuffer sb = new StringBuffer();
             sb.append("server.cpu=" + mrqcToken.getCpu()) // cpu信息
                 .append("$$")
-                .append("server.key=" + uuid)  // 加密key信息
+                .append("server.key=" + mrqcToken.getLoginKey())  // 加密key信息
                 .append("$$")
                 .append("server.remainday=" + mrqcToken.getRemainDay()) // 剩余天数
                 .append("$$")

mrqcman-service/src/main/java/com/diagbot/web/MrqcTokenController.java

@@ -82,8 +82,8 @@ public class MrqcTokenController {
 
     @ApiOperation(value = "token获取明细[by:zhoutg]",
             notes = "")
-    @PostMapping("/index")
-    @SysLogger("index")
+    @PostMapping("/getById")
+    @SysLogger("getById")
     public RespDTO<MrqcToken> index(@RequestBody MrqcTokenIndexVO mrqcTokenIndexVO) {
         MrqcToken data = mrqcTokenFacade.getById(mrqcTokenIndexVO);
         return RespDTO.onSuc(data);