~admin/kidgrow-microservices-platform.git

parent: c837c476 | patch | commit | ignore whitespace

zhaoxiaohao

2021-03-18 deb1110ca94cb0ac7bcdc51b4e8dd00407792a94

优化去除token的操作

2 files added

1 files modified

	kidgrow-springcloud/kidgrow-springcloud-zuul/src/main/java/com/kidgrow/zuul/filter/OrganizationFilter.java	48 ●●●●● patch \| view \| raw \| blame \| history
	kidgrow-springcloud/kidgrow-springcloud-zuul/src/main/java/com/kidgrow/zuul/service/TokenService.java	11 ●●●●● patch \| view \| raw \| blame \| history
	kidgrow-springcloud/kidgrow-springcloud-zuul/src/main/java/com/kidgrow/zuul/service/impl/TokenServiceImpl.java	42 ●●●●● patch \| view \| raw \| blame \| history

 kidgrow-springcloud/kidgrow-springcloud-zuul/src/main/java/com/kidgrow/zuul/filter/OrganizationFilter.java

@@ -1,8 +1,6 @@
package com.kidgrow.zuul.filter;

import cn.hutool.core.util.StrUtil;
import com.alibaba.fastjson.JSON;
import com.kidgrow.authclient.util.AuthUtils;
import com.kidgrow.common.model.ResultBody;
import com.kidgrow.common.model.SysOrganization;
import com.kidgrow.common.model.SysUser;
@@ -11,6 +9,7 @@
import com.kidgrow.redis.util.RedisUtils;
import com.kidgrow.zuul.feign.SysOrganizationService;
import com.kidgrow.zuul.feign.SysUserOrgService;
import com.kidgrow.zuul.service.TokenService;
import com.netflix.zuul.ZuulFilter;
import com.netflix.zuul.context.RequestContext;
import lombok.SneakyThrows;
@@ -21,12 +20,8 @@
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.context.SecurityContextImpl;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.OAuth2RefreshToken;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.stereotype.Component;
import org.springframework.util.Assert;

import javax.servlet.http.HttpServletRequest;
import java.util.*;
@@ -36,7 +31,7 @@
/**
 * 石家庄喜高科技有限责任公司 版权所有 © Copyright 2020<br>
 *
 * @Description: 将认证用户的相关信息放入header中, 后端服务可以直接读取使用     包含了----组织的拦截---<br>
 * @Description: 将认证用户的相关信息放入header中, 后端服务可以直接读取使用     包含了----组织的拦截--- 如果被拦截，将清除token<br>
 * @Project: <br>
 * @CreateDate: Created in 2020/2/21 10:12 <br>
 * @Author: <a href="4345453@kidgrow.com">liuke</a>
@@ -66,9 +61,7 @@
    @Autowired
    private SysOrganizationService sysOrganizationService;
    @Autowired
    private TokenStore tokenStore;

    private final String CLIENTID = "webApp";//运营端
    private TokenService tokenService;

    @SneakyThrows
    @Override
@@ -80,10 +73,6 @@
//            获取request对象
            HttpServletRequest request = currentContext.getRequest();
            //security会把一个SecurityContextImpl对象存储到session中，此对象中有当前用户的各种资料
            String token = request.getParameter("token");
            if (StrUtil.isEmpty(token)) {
                token = AuthUtils.extractToken(request);
            }
            SecurityContextImpl securityContextImpl = (SecurityContextImpl) request
                    .getSession().getAttribute("SPRING_SECURITY_CONTEXT");
            authentication = securityContextImpl.getAuthentication();
@@ -92,8 +81,6 @@
            if (principal instanceof SysUser) {
                //运营端进行
                OAuth2Authentication oauth2Authentication = (OAuth2Authentication) authentication;
                String clientId = oauth2Authentication.getOAuth2Request().getClientId();
//                if (CLIENTID.equals(clientId)) {
                SysUser user = (SysUser) authentication.getPrincipal();
                /**
                 * 将组织中为空的拦截
@@ -101,7 +88,7 @@
                List<SysUserOrg> sysUserOrgs = this.getSysUserOrg(user.getId());
                if (sysUserOrgs == null || sysUserOrgs.isEmpty()) {
                    //退出的操作
                    this.logout(request);
                    this.tokenService.logout(request);
                    ctx.setSendZuulResponse(false);
                    ctx.addZuulResponseHeader("Content-Type", "application/json;charset=UTF-8");
//                        String str = new String("您的组织已经被禁用，请联系管理员".getBytes("utf-8"), "utf-8");
@@ -123,7 +110,7 @@
                            List<SysOrganization> sysOrganizations = JSON.parseArray(JSON.toJSONString(sysOrganizationService.getListByMap(map).getData()), SysOrganization.class);
                            if (sysOrganizations == null || sysOrganizations.size() <= 0) {
                                //退出的操作
                                this.logout(request);
                                this.tokenService.logout(request);
                                ctx.setSendZuulResponse(false);
                                ctx.addZuulResponseHeader("Content-Type", "application/json;charset=UTF-8");
                                ctx.setResponseBody(JSON.toJSONString(ResultBody.fail(1000, "您的组织已经被禁用，请联系管理员")));
@@ -131,7 +118,7 @@
                                for (SysOrganization sysOrganization : sysOrganizations) {
                                    if (!sysOrganization.getEnabled() || sysOrganization.getIsDel()) {
                                        //退出的操作
                                        this.logout(request);
                                        this.tokenService.logout(request);
                                        ctx.setSendZuulResponse(false);
                                        ctx.addZuulResponseHeader("Content-Type", "application/json;charset=UTF-8");
                                        ctx.setResponseBody(JSON.toJSONString(ResultBody.fail(1000, "您的组织已经被禁用，请联系管理员")));
@@ -145,27 +132,8 @@
        }
        return null;
    }
    //根据token退出
    public void logout(HttpServletRequest request) {
        Assert.notNull(tokenStore, "tokenStore must be set");
        String token = request.getParameter("token");
        if (StrUtil.isEmpty(token)) {
            token = AuthUtils.extractToken(request);
        }
        if(StrUtil.isNotEmpty(token)){
            OAuth2AccessToken existingAccessToken = tokenStore.readAccessToken(token);
            OAuth2RefreshToken refreshToken;
            if (existingAccessToken != null) {
                if (existingAccessToken.getRefreshToken() != null) {
                    log.info("remove refreshToken!", existingAccessToken.getRefreshToken());
                    refreshToken = existingAccessToken.getRefreshToken();
                    tokenStore.removeRefreshToken(refreshToken);
                }
                log.info("remove existingAccessToken!", existingAccessToken);
                tokenStore.removeAccessToken(existingAccessToken);
            }
        }
    }



    /**
     * 通过userID  获取组织的关系

 kidgrow-springcloud/kidgrow-springcloud-zuul/src/main/java/com/kidgrow/zuul/service/TokenService.java

New file
@@ -0,0 +1,11 @@
package com.kidgrow.zuul.service;

import javax.servlet.http.HttpServletRequest;

public interface TokenService {
    /**
     * 退出的接口
     * @param request
     */
    void logout(HttpServletRequest request);
}

 kidgrow-springcloud/kidgrow-springcloud-zuul/src/main/java/com/kidgrow/zuul/service/impl/TokenServiceImpl.java

New file
@@ -0,0 +1,42 @@
package com.kidgrow.zuul.service.impl;

import cn.hutool.core.util.StrUtil;
import com.kidgrow.authclient.util.AuthUtils;
import com.kidgrow.zuul.service.TokenService;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.OAuth2RefreshToken;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.stereotype.Service;
import org.springframework.util.Assert;

import javax.servlet.http.HttpServletRequest;
@Service
public class TokenServiceImpl implements TokenService {

    @Autowired
    private TokenStore tokenStore;
    /**
     * 退出的接口
     * @param request
     */
    @Override
    public void logout(HttpServletRequest request) {
        Assert.notNull(tokenStore, "tokenStore must be set");
        String token = request.getParameter("token");
        if (StrUtil.isEmpty(token)) {
            token = AuthUtils.extractToken(request);
        }
        if(StrUtil.isNotEmpty(token)){
            OAuth2AccessToken existingAccessToken = tokenStore.readAccessToken(token);
            OAuth2RefreshToken refreshToken;
            if (existingAccessToken != null) {
                if (existingAccessToken.getRefreshToken() != null) {
                    refreshToken = existingAccessToken.getRefreshToken();
                    tokenStore.removeRefreshToken(refreshToken);
                }
                tokenStore.removeAccessToken(existingAccessToken);
            }
        }
    }
}

			@@ -1,8 +1,6 @@
			package com.kidgrow.zuul.filter;

			import cn.hutool.core.util.StrUtil;
			import com.alibaba.fastjson.JSON;
			import com.kidgrow.authclient.util.AuthUtils;
			import com.kidgrow.common.model.ResultBody;
			import com.kidgrow.common.model.SysOrganization;
			import com.kidgrow.common.model.SysUser;
			@@ -11,6 +9,7 @@
			import com.kidgrow.redis.util.RedisUtils;
			import com.kidgrow.zuul.feign.SysOrganizationService;
			import com.kidgrow.zuul.feign.SysUserOrgService;
			import com.kidgrow.zuul.service.TokenService;
			import com.netflix.zuul.ZuulFilter;
			import com.netflix.zuul.context.RequestContext;
			import lombok.SneakyThrows;
			@@ -21,12 +20,8 @@
			import org.springframework.security.core.Authentication;
			import org.springframework.security.core.context.SecurityContextHolder;
			import org.springframework.security.core.context.SecurityContextImpl;
			import org.springframework.security.oauth2.common.OAuth2AccessToken;
			import org.springframework.security.oauth2.common.OAuth2RefreshToken;
			import org.springframework.security.oauth2.provider.OAuth2Authentication;
			import org.springframework.security.oauth2.provider.token.TokenStore;
			import org.springframework.stereotype.Component;
			import org.springframework.util.Assert;

			import javax.servlet.http.HttpServletRequest;
			import java.util.*;
			@@ -36,7 +31,7 @@
			/**
			* 石家庄喜高科技有限责任公司版权所有 © Copyright 2020<br>
			*
			* @Description: 将认证用户的相关信息放入header中, 后端服务可以直接读取使用包含了----组织的拦截---<br>
			* @Description: 将认证用户的相关信息放入header中, 后端服务可以直接读取使用包含了----组织的拦截--- 如果被拦截，将清除token<br>
			* @Project: <br>
			* @CreateDate: Created in 2020/2/21 10:12 <br>
			* @Author: <a href="4345453@kidgrow.com">liuke</a>
			@@ -66,9 +61,7 @@
			@Autowired
			private SysOrganizationService sysOrganizationService;
			@Autowired
			private TokenStore tokenStore;

			private final String CLIENTID = "webApp";//运营端
			private TokenService tokenService;

			@SneakyThrows
			@Override
			@@ -80,10 +73,6 @@
			// 获取request对象
			HttpServletRequest request = currentContext.getRequest();
			//security会把一个SecurityContextImpl对象存储到session中，此对象中有当前用户的各种资料
			String token = request.getParameter("token");
			if (StrUtil.isEmpty(token)) {
			token = AuthUtils.extractToken(request);
			}
			SecurityContextImpl securityContextImpl = (SecurityContextImpl) request
			.getSession().getAttribute("SPRING_SECURITY_CONTEXT");
			authentication = securityContextImpl.getAuthentication();
			@@ -92,8 +81,6 @@
			if (principal instanceof SysUser) {
			//运营端进行
			OAuth2Authentication oauth2Authentication = (OAuth2Authentication) authentication;
			String clientId = oauth2Authentication.getOAuth2Request().getClientId();
			// if (CLIENTID.equals(clientId)) {
			SysUser user = (SysUser) authentication.getPrincipal();
			/**
			* 将组织中为空的拦截
			@@ -101,7 +88,7 @@
			List<SysUserOrg> sysUserOrgs = this.getSysUserOrg(user.getId());
			if (sysUserOrgs == null \|\| sysUserOrgs.isEmpty()) {
			//退出的操作
			this.logout(request);
			this.tokenService.logout(request);
			ctx.setSendZuulResponse(false);
			ctx.addZuulResponseHeader("Content-Type", "application/json;charset=UTF-8");
			// String str = new String("您的组织已经被禁用，请联系管理员".getBytes("utf-8"), "utf-8");
			@@ -123,7 +110,7 @@
			List<SysOrganization> sysOrganizations = JSON.parseArray(JSON.toJSONString(sysOrganizationService.getListByMap(map).getData()), SysOrganization.class);
			if (sysOrganizations == null \|\| sysOrganizations.size() <= 0) {
			//退出的操作
			this.logout(request);
			this.tokenService.logout(request);
			ctx.setSendZuulResponse(false);
			ctx.addZuulResponseHeader("Content-Type", "application/json;charset=UTF-8");
			ctx.setResponseBody(JSON.toJSONString(ResultBody.fail(1000, "您的组织已经被禁用，请联系管理员")));
			@@ -131,7 +118,7 @@
			for (SysOrganization sysOrganization : sysOrganizations) {
			if (!sysOrganization.getEnabled() \|\| sysOrganization.getIsDel()) {
			//退出的操作
			this.logout(request);
			this.tokenService.logout(request);
			ctx.setSendZuulResponse(false);
			ctx.addZuulResponseHeader("Content-Type", "application/json;charset=UTF-8");
			ctx.setResponseBody(JSON.toJSONString(ResultBody.fail(1000, "您的组织已经被禁用，请联系管理员")));
			@@ -145,27 +132,8 @@
			}
			return null;
			}
			//根据token退出
			public void logout(HttpServletRequest request) {
			Assert.notNull(tokenStore, "tokenStore must be set");
			String token = request.getParameter("token");
			if (StrUtil.isEmpty(token)) {
			token = AuthUtils.extractToken(request);
			}
			if(StrUtil.isNotEmpty(token)){
			OAuth2AccessToken existingAccessToken = tokenStore.readAccessToken(token);
			OAuth2RefreshToken refreshToken;
			if (existingAccessToken != null) {
			if (existingAccessToken.getRefreshToken() != null) {
			log.info("remove refreshToken!", existingAccessToken.getRefreshToken());
			refreshToken = existingAccessToken.getRefreshToken();
			tokenStore.removeRefreshToken(refreshToken);
			}
			log.info("remove existingAccessToken!", existingAccessToken);
			tokenStore.removeAccessToken(existingAccessToken);
			}
			}
			}



			/**
			* 通过userID 获取组织的关系

New file
			@@ -0,0 +1,11 @@
			package com.kidgrow.zuul.service;

			import javax.servlet.http.HttpServletRequest;

			public interface TokenService {
			/**
			* 退出的接口
			* @param request
			*/
			void logout(HttpServletRequest request);
			}

New file
			@@ -0,0 +1,42 @@
			package com.kidgrow.zuul.service.impl;

			import cn.hutool.core.util.StrUtil;
			import com.kidgrow.authclient.util.AuthUtils;
			import com.kidgrow.zuul.service.TokenService;
			import org.springframework.beans.factory.annotation.Autowired;
			import org.springframework.security.oauth2.common.OAuth2AccessToken;
			import org.springframework.security.oauth2.common.OAuth2RefreshToken;
			import org.springframework.security.oauth2.provider.token.TokenStore;
			import org.springframework.stereotype.Service;
			import org.springframework.util.Assert;

			import javax.servlet.http.HttpServletRequest;
			@Service
			public class TokenServiceImpl implements TokenService {

			@Autowired
			private TokenStore tokenStore;
			/**
			* 退出的接口
			* @param request
			*/
			@Override
			public void logout(HttpServletRequest request) {
			Assert.notNull(tokenStore, "tokenStore must be set");
			String token = request.getParameter("token");
			if (StrUtil.isEmpty(token)) {
			token = AuthUtils.extractToken(request);
			}
			if(StrUtil.isNotEmpty(token)){
			OAuth2AccessToken existingAccessToken = tokenStore.readAccessToken(token);
			OAuth2RefreshToken refreshToken;
			if (existingAccessToken != null) {
			if (existingAccessToken.getRefreshToken() != null) {
			refreshToken = existingAccessToken.getRefreshToken();
			tokenStore.removeRefreshToken(refreshToken);
			}
			tokenStore.removeAccessToken(existingAccessToken);
			}
			}
			}
			}