Commit 764c5731 by 宋祥

1.移动端token串号问题修复

parent 09827b42
package com.baosight.iplat4j.core.security;
import com.baosight.iplat4j.core.ei.EiConstant;
import com.baosight.iplat4j.core.ei.EiInfo;
import com.baosight.iplat4j.core.service.soa.XLocalManager;
import com.baosight.iplat4j.core.service.soa.XServiceManager;
import com.baosight.iplat4j.core.util.StringUtils;
import com.baosight.iplat4j.core.web.WebUtils;
import org.apache.logging.log4j.LogManager;
import org.apache.logging.log4j.Logger;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.util.matcher.OrRequestMatcher;
import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Collection;
import java.util.Enumeration;
import java.util.HashMap;
import java.util.Iterator;
import java.util.Map;
/**
* @author:songx
* @date:2024/8/26,17:01
*/
public class PlatServiceValidateFilter implements Filter {
private final Logger logger = LogManager.getLogger(PlatServiceValidateFilter.class);
protected ITokenValidateFilter iTokenValidateFilter = null;
private AuthenticationEntryPoint entryPoint;
private String filterServiceId = null;
private OrRequestMatcher orRequestMatcher;
public PlatServiceValidateFilter() {
}
public void setFilterServiceId(String filterServiceId) {
this.filterServiceId = filterServiceId;
}
protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse,
FilterChain filterChain) throws ServletException, IOException {
String ip = WebUtils.getRemoteAddr(httpServletRequest);
this.logger.debug("******cached ip:" + ip + "**********");
boolean authed = false;
String uri = httpServletRequest.getServletPath();
SecurityContext context = SecurityContextHolder.getContext();
if (context != null && context.getAuthentication() != null) {
Collection<? extends GrantedAuthority> authoritis = context.getAuthentication().getAuthorities();
if (authoritis != null && !authoritis.isEmpty()) {
Iterator var9 = authoritis.iterator();
while (var9.hasNext()) {
GrantedAuthority authority = (GrantedAuthority) var9.next();
authed = authority.getAuthority().equals("ROLE_VERIFIED");
if (!authed && authority.getAuthority().equals("CHANGEPASS")) {
authed = uri.indexOf("service/XS0104/") >= 0;
}
if (authed) {
break;
}
}
}
}
if (uri.indexOf("service") < 0) {
authed = true;
}
// modify by songx at 20240826 if条件去掉authed,否则token会串
if (this.iTokenValidateFilter != null) {
this.iTokenValidateFilter.doFilter(httpServletRequest, httpServletResponse);
if (!authed) {
authed = this.isAuthedByJwt(httpServletRequest);
}
}
Map headerMap = new HashMap();
Enumeration<String> headerNames = httpServletRequest.getHeaderNames();
String headValue;
String serviceParam;
boolean hasXPlatHeader;
for (hasXPlatHeader = false; headerNames.hasMoreElements(); headerMap.put(serviceParam, headValue)) {
String name = (String) headerNames.nextElement();
headValue = httpServletRequest.getHeader(name);
this.logger.debug("******cached header:" + name + "****** value:" + headValue + "********");
serviceParam = name.toLowerCase();
if (serviceParam.contains("xplat")) {
hasXPlatHeader = true;
}
}
if (authed) {
filterChain.doFilter(httpServletRequest, httpServletResponse);
} else {
try {
EiInfo securityInfo = new EiInfo();
securityInfo.set("headerMap", headerMap);
securityInfo.set("clientIp", ip);
if (uri.indexOf("service/") > 0) {
String[] uriParts = uri.split("service/");
serviceParam = uriParts[uriParts.length - 1];
if (serviceParam.contains("/")) {
String[] serviceInfos = serviceParam.split("/");
securityInfo.set("paramServiceName", serviceInfos[0]);
securityInfo.set("paramMethodName", serviceInfos[1]);
} else {
securityInfo.set("paramServiceId", serviceParam);
}
}
securityInfo.set("uri", uri);
EiInfo outInfo = null;
if (StringUtils.isNotEmpty(this.filterServiceId)) {
securityInfo.set(EiConstant.serviceId, this.filterServiceId);
outInfo = XServiceManager.call(securityInfo);
} else {
if (!hasXPlatHeader) {
throw new AccessDeniedException("Access is denied, reason: no service validate public key!");
}
securityInfo.set(EiConstant.serviceName, "EPFI01");
securityInfo.set(EiConstant.methodName, "validate");
outInfo = XLocalManager.call(securityInfo);
}
if (outInfo.getStatus() < 0) {
throw new AccessDeniedException("Access is denied, reason:" + outInfo.getMsg());
}
Object jwtMapObj = outInfo.get("jwt_map");
if (jwtMapObj != null && jwtMapObj instanceof Map) {
httpServletRequest.setAttribute("jwt_map", jwtMapObj);
}
filterChain.doFilter(httpServletRequest, httpServletResponse);
} catch (Exception var15) {
if (this.orRequestMatcher != null && this.orRequestMatcher.matches(httpServletRequest)) {
filterChain.doFilter(httpServletRequest, httpServletResponse);
} else {
this.logger.warn(var15.getMessage());
if (this.entryPoint == null) {
if (var15 instanceof AccessDeniedException) {
throw var15;
}
throw new AccessDeniedException("Access is denied, reason:" + var15.getMessage());
}
this.entryPoint.commence(httpServletRequest, httpServletResponse, (AuthenticationException) null);
}
}
}
}
private boolean isAuthedByJwt(HttpServletRequest httpServletRequest) {
boolean authed = false;
Object jwtMapObj = httpServletRequest.getAttribute("jwt_map");
if (jwtMapObj != null && jwtMapObj instanceof Map) {
Map jwtMap = (Map) jwtMapObj;
String s_loginName = (String) jwtMap.get("sub");
if (s_loginName != null) {
authed = true;
}
}
return authed;
}
public void init(FilterConfig filterConfig) throws ServletException {
}
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
throws IOException, ServletException {
this.doFilterInternal((HttpServletRequest) request, (HttpServletResponse) response, chain);
}
public void destroy() {
}
public OrRequestMatcher getOrRequestMatcher() {
return this.orRequestMatcher;
}
public void setOrRequestMatcher(OrRequestMatcher orRequestMatcher) {
this.orRequestMatcher = orRequestMatcher;
}
public AuthenticationEntryPoint getEntryPoint() {
return this.entryPoint;
}
public void setEntryPoint(AuthenticationEntryPoint entryPoint) {
this.entryPoint = entryPoint;
}
public void setITokenValidateFilter(ITokenValidateFilter iTokenValidateFilter) {
this.iTokenValidateFilter = iTokenValidateFilter;
}
}
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment