fix: 增加注册下拉鉴权

This commit is contained in:
tangwei 2026-06-09 16:30:14 +08:00
parent 685f0a7dd5
commit 79fbd51fca
6 changed files with 243 additions and 1 deletions

View File

@ -0,0 +1,69 @@
package com.yfd.platform.config;
import com.yfd.platform.system.service.RegisterAccessTokenService;
import jakarta.annotation.Resource;
import jakarta.servlet.FilterChain;
import jakarta.servlet.ServletException;
import jakarta.servlet.http.HttpServletRequest;
import jakarta.servlet.http.HttpServletResponse;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.stereotype.Component;
import org.springframework.web.filter.OncePerRequestFilter;
import java.io.IOException;
@Component
public class RegisterAccessTokenFilter extends OncePerRequestFilter {
private static final String ENG_INFO_PATH = "/register/dropdown/engInfo";
private static final String HBRV_PATH = "/register/dropdown/hbrv";
private static final String HYCD_PATH = "/register/dropdown/hycd";
@Resource
private RegisterAccessTokenService registerAccessTokenService;
@Override
protected void doFilterInternal(HttpServletRequest request,
HttpServletResponse response,
FilterChain filterChain) throws ServletException, IOException {
String requestPath = resolveRequestPath(request);
if (!needsRegisterAccessToken(requestPath)) {
filterChain.doFilter(request, response);
return;
}
String token = registerAccessTokenService.resolveToken(request);
if (!registerAccessTokenService.validateToken(token, request)) {
response.sendError(HttpServletResponse.SC_FORBIDDEN, "registerToken无效或已过期");
return;
}
UsernamePasswordAuthenticationToken authenticationToken =
new UsernamePasswordAuthenticationToken(
"register-access",
null,
AuthorityUtils.NO_AUTHORITIES
);
SecurityContextHolder.getContext().setAuthentication(authenticationToken);
filterChain.doFilter(request, response);
}
private boolean needsRegisterAccessToken(String uri) {
return ENG_INFO_PATH.equals(uri) || HBRV_PATH.equals(uri) || HYCD_PATH.equals(uri);
}
private String resolveRequestPath(HttpServletRequest request) {
String servletPath = request.getServletPath();
if (servletPath != null && !servletPath.isEmpty()) {
return servletPath;
}
String uri = request.getRequestURI();
String contextPath = request.getContextPath();
if (contextPath != null && !contextPath.isEmpty() && uri.startsWith(contextPath)) {
return uri.substring(contextPath.length());
}
return uri;
}
}

View File

@ -39,6 +39,9 @@ public class SecurityConfig {
@Autowired @Autowired
private JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter; private JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter;
@Autowired
private RegisterAccessTokenFilter registerAccessTokenFilter;
@Autowired @Autowired
private AuthenticationException authenticationException; private AuthenticationException authenticationException;
@ -57,6 +60,7 @@ public class SecurityConfig {
.requestMatchers("/data/fishDraft/previewFile").permitAll() .requestMatchers("/data/fishDraft/previewFile").permitAll()
.requestMatchers("/tempFile/**").permitAll() .requestMatchers("/tempFile/**").permitAll()
.requestMatchers("/system/user/auditUser").permitAll() .requestMatchers("/system/user/auditUser").permitAll()
.requestMatchers("/register/accessToken").permitAll()
// .requestMatchers("/eng/**").permitAll() // .requestMatchers("/eng/**").permitAll()
// .requestMatchers("/eq/**").permitAll() // .requestMatchers("/eq/**").permitAll()
// .requestMatchers("/env/**").permitAll() // .requestMatchers("/env/**").permitAll()
@ -93,6 +97,7 @@ public class SecurityConfig {
) )
.cors(cors -> {}); .cors(cors -> {});
http.addFilterBefore(registerAccessTokenFilter, UsernamePasswordAuthenticationFilter.class);
http.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class); http.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
http.exceptionHandling(ex -> ex http.exceptionHandling(ex -> ex

View File

@ -0,0 +1,53 @@
package com.yfd.platform.qgc_base.controller;
import com.yfd.platform.config.ResponseResult;
import com.yfd.platform.qgc_base.domain.SdEngInfoBHRequest;
import com.yfd.platform.qgc_base.service.ISdEngInfoBHService;
import com.yfd.platform.qgc_base.service.ISdHbrvDicService;
import com.yfd.platform.qgc_base.service.ISdHycdDicService;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.tags.Tag;
import jakarta.annotation.Resource;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestBody;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
@RestController
@RequestMapping("/register/dropdown")
@Tag(name = "注册下拉数据")
public class RegisterDropdownController {
@Resource
private ISdEngInfoBHService engInfoBHService;
@Resource
private ISdHbrvDicService hbrvDicService;
@Resource
private ISdHycdDicService hycdDicService;
@PostMapping("/engInfo")
@Operation(summary = "注册场景电站下拉")
public ResponseResult engInfoDropdown(@RequestBody SdEngInfoBHRequest request) {
return ResponseResult.successData(engInfoBHService.selectRegDropdown(request));
}
@GetMapping("/hbrv")
@Operation(summary = "注册场景基地流域下拉")
public ResponseResult hbrvDropdown(@RequestParam(required = false) String hbrvnm,
@RequestParam(required = false) String baseid) {
return ResponseResult.successData(hbrvDicService.regDropdown(hbrvnm, baseid));
}
@GetMapping("/hycd")
@Operation(summary = "注册场景公司下拉")
public ResponseResult hycdDropdown(@RequestParam(required = false) String hynm,
@RequestParam(required = false) Integer grd,
@RequestParam(required = false) Integer lx,
@RequestParam(required = false) String phycd) {
return ResponseResult.successData(hycdDicService.regDropdown(hynm, grd, lx, phycd));
}
}

View File

@ -0,0 +1,26 @@
package com.yfd.platform.system.controller;
import com.yfd.platform.config.ResponseResult;
import com.yfd.platform.system.service.RegisterAccessTokenService;
import io.swagger.v3.oas.annotations.Operation;
import io.swagger.v3.oas.annotations.tags.Tag;
import jakarta.annotation.Resource;
import jakarta.servlet.http.HttpServletRequest;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@RestController
@RequestMapping("/register")
@Tag(name = "注册访问控制")
public class RegisterAccessController {
@Resource
private RegisterAccessTokenService registerAccessTokenService;
@GetMapping("/accessToken")
@Operation(summary = "获取注册场景临时访问令牌")
public ResponseResult getRegisterAccessToken(HttpServletRequest request) {
return ResponseResult.successData(registerAccessTokenService.createToken(request));
}
}

View File

@ -0,0 +1,89 @@
package com.yfd.platform.system.service;
import cn.hutool.core.util.StrUtil;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.yfd.platform.config.WebConfig;
import jakarta.annotation.Resource;
import jakarta.servlet.http.HttpServletRequest;
import org.springframework.stereotype.Service;
import java.util.HashMap;
import java.util.Map;
import java.util.UUID;
@Service
public class RegisterAccessTokenService {
public static final String TOKEN_HEADER = "register-token";
public static final String TOKEN_PARAM = "registerToken";
public static final long EXPIRE_MILLIS = 5 * 60 * 1000L;
private static final String CACHE_PREFIX = "register:access:";
@Resource
private WebConfig webConfig;
public Map<String, Object> createToken(HttpServletRequest request) {
String token = UUID.randomUUID().toString().replace("-", "");
long expireAt = System.currentTimeMillis() + EXPIRE_MILLIS;
Map<String, Object> payload = new HashMap<>();
payload.put("ip", getClientIp(request));
payload.put("userAgent", getUserAgent(request));
payload.put("expireAt", expireAt);
webConfig.loginuserCache().put(CACHE_PREFIX + token, JSON.toJSONString(payload), EXPIRE_MILLIS);
Map<String, Object> result = new HashMap<>();
result.put("registerToken", token);
result.put("headerName", TOKEN_HEADER);
result.put("expireIn", EXPIRE_MILLIS / 1000);
result.put("expireAt", expireAt);
return result;
}
public boolean validateToken(String token, HttpServletRequest request) {
if (StrUtil.isBlank(token)) {
return false;
}
String cacheValue = webConfig.loginuserCache().get(CACHE_PREFIX + token);
if (StrUtil.isBlank(cacheValue)) {
return false;
}
JSONObject payload = JSON.parseObject(cacheValue);
if (payload == null) {
return false;
}
Long expireAt = payload.getLong("expireAt");
if (expireAt == null || expireAt < System.currentTimeMillis()) {
webConfig.loginuserCache().remove(CACHE_PREFIX + token);
return false;
}
String ip = payload.getString("ip");
String userAgent = payload.getString("userAgent");
String clientIp = getClientIp(request);
String userAgent1 = getUserAgent(request);
return StrUtil.equals(ip,clientIp )
&& StrUtil.equals(userAgent, userAgent1);
}
public String resolveToken(HttpServletRequest request) {
String token = request.getHeader(TOKEN_HEADER);
if (StrUtil.isBlank(token)) {
token = request.getParameter(TOKEN_PARAM);
}
return token;
}
private String getClientIp(HttpServletRequest request) {
String ip = request.getHeader("X-Forwarded-For");
if (StrUtil.isNotBlank(ip)) {
return ip.split(",")[0].trim();
}
return request.getRemoteAddr();
}
private String getUserAgent(HttpServletRequest request) {
return StrUtil.nullToDefault(request.getHeader("User-Agent"), "");
}
}

View File

@ -1,6 +1,6 @@
spring: spring:
profiles: profiles:
active: devtw active: prod
jasypt: jasypt:
encryptor: encryptor: