BI初版加入权限控制

bi-service/src/main/java/com/diagbot/client/UserServiceClient.java

@@ -2,11 +2,13 @@ package com.diagbot.client;
 
 import com.diagbot.client.hystrix.UserServiceHystrix;
 import com.diagbot.dto.RespDTO;
-import com.diagbot.entity.User;
+import com.diagbot.entity.Token;
 import org.springframework.cloud.openfeign.FeignClient;
-import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
-import org.springframework.web.bind.annotation.RequestHeader;
+import org.springframework.web.bind.annotation.RequestBody;
+
+import java.util.List;
+import java.util.Map;
 
 
 /**
@@ -17,8 +19,11 @@ import org.springframework.web.bind.annotation.RequestHeader;
 @FeignClient(value = "user-service", fallback = UserServiceHystrix.class)
 public interface UserServiceClient {
 
-    @PostMapping(value = "/user/{username}")
-    RespDTO<User> getUser(@RequestHeader(value = "Authorization") String token, @PathVariable("username") String username);
+    @PostMapping(value = "/user/getUserInfoByIds")
+    RespDTO<Map<String, String>> getUserInfoByIds(@RequestBody List<String> ids);
+
+    @PostMapping("/user/verifyToken")
+    RespDTO<Boolean> verifyToken(@RequestBody Token token);
 }
 
 

bi-service/src/main/java/com/diagbot/client/hystrix/UserServiceHystrix.java

@@ -2,8 +2,13 @@ package com.diagbot.client.hystrix;
 
 import com.diagbot.client.UserServiceClient;
 import com.diagbot.dto.RespDTO;
-import com.diagbot.entity.User;
+import com.diagbot.entity.Token;
+import lombok.extern.slf4j.Slf4j;
 import org.springframework.stereotype.Component;
+import org.springframework.web.bind.annotation.RequestBody;
+
+import java.util.List;
+import java.util.Map;
 
 
 /**
@@ -12,12 +17,19 @@ import org.springframework.stereotype.Component;
  * @time: 2018/8/6 9:52
  */
 @Component
+@Slf4j
 public class UserServiceHystrix implements UserServiceClient {
 
     @Override
-    public RespDTO<User> getUser(String token, String username) {
-        System.out.println(token);
-        System.out.println(username);
+    public RespDTO<Map<String, String>> getUserInfoByIds(@RequestBody List<String> ids) {
+        log.error("【hystrix】调用{}异常", "getUserInfoByIds");
+        return null;
+    }
+
+    @Override
+    public RespDTO<Boolean> verifyToken(Token token) {
+        log.error("【hystrix】调用{}异常", "verifyToken");
         return null;
     }
+
 }

bi-service/src/main/java/com/diagbot/config/security/UrlAccessDecisionManager.java

@@ -1,8 +1,16 @@
 package com.diagbot.config.security;
 
+import com.diagbot.client.UserServiceClient;
+import com.diagbot.dto.RespDTO;
+import com.diagbot.entity.Token;
+import com.diagbot.exception.CommonErrorCode;
+import com.diagbot.util.HttpUtils;
+import com.diagbot.util.StringUtil;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.AccessDecisionManager;
 import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.access.ConfigAttribute;
+import org.springframework.security.authentication.AccountExpiredException;
 import org.springframework.security.authentication.InsufficientAuthenticationException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.GrantedAuthority;
@@ -13,7 +21,6 @@ import org.springframework.stereotype.Service;
 import javax.servlet.http.HttpServletRequest;
 import java.util.Collection;
 
-
 /**
  * @Description: 自定义权限拦截
  * @author: gaodm
@@ -21,6 +28,9 @@ import java.util.Collection;
  */
 @Service
 public class UrlAccessDecisionManager implements AccessDecisionManager {
+    @Autowired
+    private UserServiceClient userServiceClient;
+
     @Override
     public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
         HttpServletRequest request = ((FilterInvocation) object).getHttpRequest();
@@ -31,6 +41,20 @@ public class UrlAccessDecisionManager implements AccessDecisionManager {
         if ("anonymousUser".equals(authentication.getPrincipal())) {
             throw new AccessDeniedException("no right");
         } else {
+            //验证token有效性
+            String tokenStr = HttpUtils.getHeaders(request).get("Authorization");
+            if (StringUtil.isNotEmpty(tokenStr)) {
+                Token token = new Token();
+                tokenStr = tokenStr.replaceFirst("Bearer ", "");
+                token.setToken(tokenStr);
+                RespDTO<Boolean> res = userServiceClient.verifyToken(token);
+                if (res == null || !CommonErrorCode.OK.getCode().equals(res.code)) {
+                    throw new AccountExpiredException("token expire");
+                }
+                if (!res.data) {
+                    throw new AccountExpiredException("token expire");
+                }
+            }
             for (GrantedAuthority ga : authentication.getAuthorities()) {
                 String[] authority = ga.getAuthority().split(";");
                 url = authority[0];
@@ -56,7 +80,7 @@ public class UrlAccessDecisionManager implements AccessDecisionManager {
         return true;
     }
 
-    private Boolean matchPermitAllUrl(HttpServletRequest request){
+    private Boolean matchPermitAllUrl(HttpServletRequest request) {
         if (matchers("/swagger/**", request)
                 || matchers("/v2/**", request)
                 || matchers("/swagger-ui.html/**", request)

bi-service/src/main/java/com/diagbot/entity/Token.java

@@ -0,0 +1,21 @@
+package com.diagbot.entity;
+
+import lombok.Getter;
+import lombok.Setter;
+
+import java.io.Serializable;
+
+/**
+ * @Description: token
+ * @Author: ztg
+ * @Date: 2018/9/19 13:14
+ */
+@Getter
+@Setter
+public class Token implements Serializable {
+
+    private static final long serialVersionUID = 1L;
+
+    private String token;
+
+}