fix: 增加注册下拉鉴权
This commit is contained in:
parent
685f0a7dd5
commit
79fbd51fca
@ -0,0 +1,69 @@
|
|||||||
|
package com.yfd.platform.config;
|
||||||
|
|
||||||
|
import com.yfd.platform.system.service.RegisterAccessTokenService;
|
||||||
|
import jakarta.annotation.Resource;
|
||||||
|
import jakarta.servlet.FilterChain;
|
||||||
|
import jakarta.servlet.ServletException;
|
||||||
|
import jakarta.servlet.http.HttpServletRequest;
|
||||||
|
import jakarta.servlet.http.HttpServletResponse;
|
||||||
|
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
||||||
|
import org.springframework.security.core.authority.AuthorityUtils;
|
||||||
|
import org.springframework.security.core.context.SecurityContextHolder;
|
||||||
|
import org.springframework.stereotype.Component;
|
||||||
|
import org.springframework.web.filter.OncePerRequestFilter;
|
||||||
|
|
||||||
|
import java.io.IOException;
|
||||||
|
|
||||||
|
@Component
|
||||||
|
public class RegisterAccessTokenFilter extends OncePerRequestFilter {
|
||||||
|
|
||||||
|
private static final String ENG_INFO_PATH = "/register/dropdown/engInfo";
|
||||||
|
private static final String HBRV_PATH = "/register/dropdown/hbrv";
|
||||||
|
private static final String HYCD_PATH = "/register/dropdown/hycd";
|
||||||
|
|
||||||
|
@Resource
|
||||||
|
private RegisterAccessTokenService registerAccessTokenService;
|
||||||
|
|
||||||
|
@Override
|
||||||
|
protected void doFilterInternal(HttpServletRequest request,
|
||||||
|
HttpServletResponse response,
|
||||||
|
FilterChain filterChain) throws ServletException, IOException {
|
||||||
|
String requestPath = resolveRequestPath(request);
|
||||||
|
if (!needsRegisterAccessToken(requestPath)) {
|
||||||
|
filterChain.doFilter(request, response);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
String token = registerAccessTokenService.resolveToken(request);
|
||||||
|
if (!registerAccessTokenService.validateToken(token, request)) {
|
||||||
|
response.sendError(HttpServletResponse.SC_FORBIDDEN, "registerToken无效或已过期");
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
UsernamePasswordAuthenticationToken authenticationToken =
|
||||||
|
new UsernamePasswordAuthenticationToken(
|
||||||
|
"register-access",
|
||||||
|
null,
|
||||||
|
AuthorityUtils.NO_AUTHORITIES
|
||||||
|
);
|
||||||
|
SecurityContextHolder.getContext().setAuthentication(authenticationToken);
|
||||||
|
filterChain.doFilter(request, response);
|
||||||
|
}
|
||||||
|
|
||||||
|
private boolean needsRegisterAccessToken(String uri) {
|
||||||
|
return ENG_INFO_PATH.equals(uri) || HBRV_PATH.equals(uri) || HYCD_PATH.equals(uri);
|
||||||
|
}
|
||||||
|
|
||||||
|
private String resolveRequestPath(HttpServletRequest request) {
|
||||||
|
String servletPath = request.getServletPath();
|
||||||
|
if (servletPath != null && !servletPath.isEmpty()) {
|
||||||
|
return servletPath;
|
||||||
|
}
|
||||||
|
String uri = request.getRequestURI();
|
||||||
|
String contextPath = request.getContextPath();
|
||||||
|
if (contextPath != null && !contextPath.isEmpty() && uri.startsWith(contextPath)) {
|
||||||
|
return uri.substring(contextPath.length());
|
||||||
|
}
|
||||||
|
return uri;
|
||||||
|
}
|
||||||
|
}
|
||||||
@ -39,6 +39,9 @@ public class SecurityConfig {
|
|||||||
@Autowired
|
@Autowired
|
||||||
private JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter;
|
private JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter;
|
||||||
|
|
||||||
|
@Autowired
|
||||||
|
private RegisterAccessTokenFilter registerAccessTokenFilter;
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
private AuthenticationException authenticationException;
|
private AuthenticationException authenticationException;
|
||||||
|
|
||||||
@ -57,6 +60,7 @@ public class SecurityConfig {
|
|||||||
.requestMatchers("/data/fishDraft/previewFile").permitAll()
|
.requestMatchers("/data/fishDraft/previewFile").permitAll()
|
||||||
.requestMatchers("/tempFile/**").permitAll()
|
.requestMatchers("/tempFile/**").permitAll()
|
||||||
.requestMatchers("/system/user/auditUser").permitAll()
|
.requestMatchers("/system/user/auditUser").permitAll()
|
||||||
|
.requestMatchers("/register/accessToken").permitAll()
|
||||||
// .requestMatchers("/eng/**").permitAll()
|
// .requestMatchers("/eng/**").permitAll()
|
||||||
// .requestMatchers("/eq/**").permitAll()
|
// .requestMatchers("/eq/**").permitAll()
|
||||||
// .requestMatchers("/env/**").permitAll()
|
// .requestMatchers("/env/**").permitAll()
|
||||||
@ -93,6 +97,7 @@ public class SecurityConfig {
|
|||||||
)
|
)
|
||||||
.cors(cors -> {});
|
.cors(cors -> {});
|
||||||
|
|
||||||
|
http.addFilterBefore(registerAccessTokenFilter, UsernamePasswordAuthenticationFilter.class);
|
||||||
http.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
|
http.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
|
||||||
|
|
||||||
http.exceptionHandling(ex -> ex
|
http.exceptionHandling(ex -> ex
|
||||||
|
|||||||
@ -0,0 +1,53 @@
|
|||||||
|
package com.yfd.platform.qgc_base.controller;
|
||||||
|
|
||||||
|
import com.yfd.platform.config.ResponseResult;
|
||||||
|
import com.yfd.platform.qgc_base.domain.SdEngInfoBHRequest;
|
||||||
|
import com.yfd.platform.qgc_base.service.ISdEngInfoBHService;
|
||||||
|
import com.yfd.platform.qgc_base.service.ISdHbrvDicService;
|
||||||
|
import com.yfd.platform.qgc_base.service.ISdHycdDicService;
|
||||||
|
import io.swagger.v3.oas.annotations.Operation;
|
||||||
|
import io.swagger.v3.oas.annotations.tags.Tag;
|
||||||
|
import jakarta.annotation.Resource;
|
||||||
|
import org.springframework.web.bind.annotation.GetMapping;
|
||||||
|
import org.springframework.web.bind.annotation.PostMapping;
|
||||||
|
import org.springframework.web.bind.annotation.RequestBody;
|
||||||
|
import org.springframework.web.bind.annotation.RequestMapping;
|
||||||
|
import org.springframework.web.bind.annotation.RequestParam;
|
||||||
|
import org.springframework.web.bind.annotation.RestController;
|
||||||
|
|
||||||
|
@RestController
|
||||||
|
@RequestMapping("/register/dropdown")
|
||||||
|
@Tag(name = "注册下拉数据")
|
||||||
|
public class RegisterDropdownController {
|
||||||
|
|
||||||
|
@Resource
|
||||||
|
private ISdEngInfoBHService engInfoBHService;
|
||||||
|
|
||||||
|
@Resource
|
||||||
|
private ISdHbrvDicService hbrvDicService;
|
||||||
|
|
||||||
|
@Resource
|
||||||
|
private ISdHycdDicService hycdDicService;
|
||||||
|
|
||||||
|
@PostMapping("/engInfo")
|
||||||
|
@Operation(summary = "注册场景电站下拉")
|
||||||
|
public ResponseResult engInfoDropdown(@RequestBody SdEngInfoBHRequest request) {
|
||||||
|
return ResponseResult.successData(engInfoBHService.selectRegDropdown(request));
|
||||||
|
}
|
||||||
|
|
||||||
|
@GetMapping("/hbrv")
|
||||||
|
@Operation(summary = "注册场景基地流域下拉")
|
||||||
|
public ResponseResult hbrvDropdown(@RequestParam(required = false) String hbrvnm,
|
||||||
|
@RequestParam(required = false) String baseid) {
|
||||||
|
return ResponseResult.successData(hbrvDicService.regDropdown(hbrvnm, baseid));
|
||||||
|
}
|
||||||
|
|
||||||
|
@GetMapping("/hycd")
|
||||||
|
@Operation(summary = "注册场景公司下拉")
|
||||||
|
public ResponseResult hycdDropdown(@RequestParam(required = false) String hynm,
|
||||||
|
@RequestParam(required = false) Integer grd,
|
||||||
|
@RequestParam(required = false) Integer lx,
|
||||||
|
@RequestParam(required = false) String phycd) {
|
||||||
|
return ResponseResult.successData(hycdDicService.regDropdown(hynm, grd, lx, phycd));
|
||||||
|
}
|
||||||
|
}
|
||||||
@ -0,0 +1,26 @@
|
|||||||
|
package com.yfd.platform.system.controller;
|
||||||
|
|
||||||
|
import com.yfd.platform.config.ResponseResult;
|
||||||
|
import com.yfd.platform.system.service.RegisterAccessTokenService;
|
||||||
|
import io.swagger.v3.oas.annotations.Operation;
|
||||||
|
import io.swagger.v3.oas.annotations.tags.Tag;
|
||||||
|
import jakarta.annotation.Resource;
|
||||||
|
import jakarta.servlet.http.HttpServletRequest;
|
||||||
|
import org.springframework.web.bind.annotation.GetMapping;
|
||||||
|
import org.springframework.web.bind.annotation.RequestMapping;
|
||||||
|
import org.springframework.web.bind.annotation.RestController;
|
||||||
|
|
||||||
|
@RestController
|
||||||
|
@RequestMapping("/register")
|
||||||
|
@Tag(name = "注册访问控制")
|
||||||
|
public class RegisterAccessController {
|
||||||
|
|
||||||
|
@Resource
|
||||||
|
private RegisterAccessTokenService registerAccessTokenService;
|
||||||
|
|
||||||
|
@GetMapping("/accessToken")
|
||||||
|
@Operation(summary = "获取注册场景临时访问令牌")
|
||||||
|
public ResponseResult getRegisterAccessToken(HttpServletRequest request) {
|
||||||
|
return ResponseResult.successData(registerAccessTokenService.createToken(request));
|
||||||
|
}
|
||||||
|
}
|
||||||
@ -0,0 +1,89 @@
|
|||||||
|
package com.yfd.platform.system.service;
|
||||||
|
|
||||||
|
import cn.hutool.core.util.StrUtil;
|
||||||
|
import com.alibaba.fastjson.JSON;
|
||||||
|
import com.alibaba.fastjson.JSONObject;
|
||||||
|
import com.yfd.platform.config.WebConfig;
|
||||||
|
import jakarta.annotation.Resource;
|
||||||
|
import jakarta.servlet.http.HttpServletRequest;
|
||||||
|
import org.springframework.stereotype.Service;
|
||||||
|
|
||||||
|
import java.util.HashMap;
|
||||||
|
import java.util.Map;
|
||||||
|
import java.util.UUID;
|
||||||
|
|
||||||
|
@Service
|
||||||
|
public class RegisterAccessTokenService {
|
||||||
|
|
||||||
|
public static final String TOKEN_HEADER = "register-token";
|
||||||
|
public static final String TOKEN_PARAM = "registerToken";
|
||||||
|
public static final long EXPIRE_MILLIS = 5 * 60 * 1000L;
|
||||||
|
private static final String CACHE_PREFIX = "register:access:";
|
||||||
|
|
||||||
|
@Resource
|
||||||
|
private WebConfig webConfig;
|
||||||
|
|
||||||
|
public Map<String, Object> createToken(HttpServletRequest request) {
|
||||||
|
String token = UUID.randomUUID().toString().replace("-", "");
|
||||||
|
long expireAt = System.currentTimeMillis() + EXPIRE_MILLIS;
|
||||||
|
|
||||||
|
Map<String, Object> payload = new HashMap<>();
|
||||||
|
payload.put("ip", getClientIp(request));
|
||||||
|
payload.put("userAgent", getUserAgent(request));
|
||||||
|
payload.put("expireAt", expireAt);
|
||||||
|
|
||||||
|
webConfig.loginuserCache().put(CACHE_PREFIX + token, JSON.toJSONString(payload), EXPIRE_MILLIS);
|
||||||
|
|
||||||
|
Map<String, Object> result = new HashMap<>();
|
||||||
|
result.put("registerToken", token);
|
||||||
|
result.put("headerName", TOKEN_HEADER);
|
||||||
|
result.put("expireIn", EXPIRE_MILLIS / 1000);
|
||||||
|
result.put("expireAt", expireAt);
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
|
||||||
|
public boolean validateToken(String token, HttpServletRequest request) {
|
||||||
|
if (StrUtil.isBlank(token)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
String cacheValue = webConfig.loginuserCache().get(CACHE_PREFIX + token);
|
||||||
|
if (StrUtil.isBlank(cacheValue)) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
JSONObject payload = JSON.parseObject(cacheValue);
|
||||||
|
if (payload == null) {
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
Long expireAt = payload.getLong("expireAt");
|
||||||
|
if (expireAt == null || expireAt < System.currentTimeMillis()) {
|
||||||
|
webConfig.loginuserCache().remove(CACHE_PREFIX + token);
|
||||||
|
return false;
|
||||||
|
}
|
||||||
|
String ip = payload.getString("ip");
|
||||||
|
String userAgent = payload.getString("userAgent");
|
||||||
|
String clientIp = getClientIp(request);
|
||||||
|
String userAgent1 = getUserAgent(request);
|
||||||
|
return StrUtil.equals(ip,clientIp )
|
||||||
|
&& StrUtil.equals(userAgent, userAgent1);
|
||||||
|
}
|
||||||
|
|
||||||
|
public String resolveToken(HttpServletRequest request) {
|
||||||
|
String token = request.getHeader(TOKEN_HEADER);
|
||||||
|
if (StrUtil.isBlank(token)) {
|
||||||
|
token = request.getParameter(TOKEN_PARAM);
|
||||||
|
}
|
||||||
|
return token;
|
||||||
|
}
|
||||||
|
|
||||||
|
private String getClientIp(HttpServletRequest request) {
|
||||||
|
String ip = request.getHeader("X-Forwarded-For");
|
||||||
|
if (StrUtil.isNotBlank(ip)) {
|
||||||
|
return ip.split(",")[0].trim();
|
||||||
|
}
|
||||||
|
return request.getRemoteAddr();
|
||||||
|
}
|
||||||
|
|
||||||
|
private String getUserAgent(HttpServletRequest request) {
|
||||||
|
return StrUtil.nullToDefault(request.getHeader("User-Agent"), "");
|
||||||
|
}
|
||||||
|
}
|
||||||
@ -1,6 +1,6 @@
|
|||||||
spring:
|
spring:
|
||||||
profiles:
|
profiles:
|
||||||
active: devtw
|
active: prod
|
||||||
|
|
||||||
jasypt:
|
jasypt:
|
||||||
encryptor:
|
encryptor:
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user