|
|
@@ -4,6 +4,7 @@ import com.alibaba.fastjson.JSON;
|
|
|
import com.auth0.jwt.interfaces.Claim;
|
|
|
import com.auth0.jwt.interfaces.DecodedJWT;
|
|
|
import com.diagbot.util.JwtUtil;
|
|
|
+import com.diagbot.util.StringUtil;
|
|
|
import com.lantone.config.ExclusionUrl;
|
|
|
import com.lantone.facade.TokenFacade;
|
|
|
import com.lantone.security.dto.Result;
|
|
|
@@ -18,7 +19,6 @@ import org.springframework.http.MediaType;
|
|
|
import org.springframework.http.server.reactive.ServerHttpRequest;
|
|
|
import org.springframework.http.server.reactive.ServerHttpResponse;
|
|
|
import org.springframework.stereotype.Component;
|
|
|
-import org.springframework.util.AntPathMatcher;
|
|
|
import org.springframework.util.StringUtils;
|
|
|
import org.springframework.web.server.ServerWebExchange;
|
|
|
import reactor.core.publisher.Mono;
|
|
|
@@ -41,7 +41,6 @@ public class AuthGlobalFilter implements GlobalFilter, Ordered {
|
|
|
private ExclusionUrl exclusionUrl;
|
|
|
@Autowired
|
|
|
TokenFacade tokenFacade;
|
|
|
- AntPathMatcher antPathMatcher = new AntPathMatcher();
|
|
|
|
|
|
@Override
|
|
|
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
|
|
|
@@ -50,24 +49,24 @@ public class AuthGlobalFilter implements GlobalFilter, Ordered {
|
|
|
//1.swagger请求不要拦截
|
|
|
String path = request.getURI().getPath();
|
|
|
log.info("request path:{}", path);
|
|
|
- if (StringUtils.endsWithIgnoreCase(path,URI )) {
|
|
|
+ if (StringUtils.endsWithIgnoreCase(path, URI)) {
|
|
|
return chain.filter(exchange);
|
|
|
}
|
|
|
String headerToken = request.getHeaders().getFirst("Authorization");
|
|
|
- headerToken = headerToken.replaceFirst("Bearer ", "");
|
|
|
//2、只要带上了token, 就需要判断Token是否有效
|
|
|
- if ( !StringUtils.isEmpty(headerToken)){
|
|
|
+ if (!StringUtils.isEmpty(headerToken)) {
|
|
|
+ headerToken = headerToken.replaceFirst("Bearer ", "");
|
|
|
if (!tokenFacade.verifyToken(headerToken, 1)) {
|
|
|
- return getVoidMono(response,401, "token无效");
|
|
|
+ return getVoidMono(response, 401, "token无效");
|
|
|
}
|
|
|
}
|
|
|
//3、白名单无需权限判断
|
|
|
- if (isExclusionUrl(path) ){
|
|
|
+ if (isExclusionUrl(path)) {
|
|
|
return chain.filter(exchange);
|
|
|
}
|
|
|
//4、判断请求的URL是否有权限
|
|
|
- boolean permission = hasPermission(headerToken , path);
|
|
|
- if (!permission){
|
|
|
+ boolean permission = hasPermission(headerToken, path);
|
|
|
+ if (!permission) {
|
|
|
return getVoidMono(response, 403, "无访问权限");
|
|
|
}
|
|
|
return chain.filter(exchange);
|
|
|
@@ -78,27 +77,31 @@ public class AuthGlobalFilter implements GlobalFilter, Ordered {
|
|
|
return 0;
|
|
|
}
|
|
|
|
|
|
- private boolean isExclusionUrl(String path){
|
|
|
+ private boolean isExclusionUrl(String path) {
|
|
|
List<String> exclusions = exclusionUrl.getUrl();
|
|
|
- if (exclusions.size() == 0){
|
|
|
+ if (exclusions.size() == 0) {
|
|
|
return false;
|
|
|
}
|
|
|
- return exclusions.stream().anyMatch( action -> antPathMatcher.match(action , path));
|
|
|
-
|
|
|
+ for (String action:exclusions){
|
|
|
+ if (StringUtils.endsWithIgnoreCase(path, action)) {
|
|
|
+ return true;
|
|
|
+ }
|
|
|
+ }
|
|
|
+ return false;
|
|
|
}
|
|
|
|
|
|
- private boolean hasPermission(String headerToken, String path){
|
|
|
+ private boolean hasPermission(String headerToken, String path) {
|
|
|
String url, method;
|
|
|
try {
|
|
|
DecodedJWT jwt = JwtUtil.decodedJWT(headerToken);
|
|
|
Map<String, Claim> claims = jwt.getClaims();
|
|
|
- Claim claim = (Claim)claims.get("authorities");
|
|
|
- String[]permissinos = claim.asArray(String.class);
|
|
|
- for (Object permission :permissinos) {
|
|
|
- String[] authority =(permission+"").split(";");
|
|
|
+ Claim claim = (Claim) claims.get("authorities");
|
|
|
+ String[] permissinos = claim.asArray(String.class);
|
|
|
+ for (Object permission : permissinos) {
|
|
|
+ String[] authority = (permission + "").split(";");
|
|
|
url = authority[0];
|
|
|
method = authority[1];
|
|
|
- if (StringUtils.endsWithIgnoreCase(path,url)) {
|
|
|
+ if (StringUtils.endsWithIgnoreCase(path, url)) {
|
|
|
return true;
|
|
|
}
|
|
|
}
|
|
|
@@ -107,6 +110,7 @@ public class AuthGlobalFilter implements GlobalFilter, Ordered {
|
|
|
}
|
|
|
return false;
|
|
|
}
|
|
|
+
|
|
|
private Mono<Void> getVoidMono(ServerHttpResponse response, int i, String msg) {
|
|
|
response.getHeaders().setContentType(MediaType.APPLICATION_JSON);
|
|
|
response.setStatusCode(HttpStatus.OK);
|
songxinlu