From c837c4767fa61bf636ba9d8bf2b7cb2ff9e0a4cb Mon Sep 17 00:00:00 2001
From: zhaoxiaohao <279049017@qq.com>
Date: Thu, 18 Mar 2021 11:01:23 +0800
Subject: [PATCH] 当拦截到无组织后,去除token
---
kidgrow-springcloud/kidgrow-springcloud-zuul/src/main/java/com/kidgrow/zuul/filter/OrganizationFilter.java | 39 +++++++++++++++++++++++++++++++++++++++
kidgrow-uaa/kidgrow-uaa-server/src/main/java/com/kidgrow/oauth2/handler/OauthLogoutHandler.java | 5 ++---
2 files changed, 41 insertions(+), 3 deletions(-)
diff --git a/kidgrow-springcloud/kidgrow-springcloud-zuul/src/main/java/com/kidgrow/zuul/filter/OrganizationFilter.java b/kidgrow-springcloud/kidgrow-springcloud-zuul/src/main/java/com/kidgrow/zuul/filter/OrganizationFilter.java
index e4a084b..26df49d 100644
--- a/kidgrow-springcloud/kidgrow-springcloud-zuul/src/main/java/com/kidgrow/zuul/filter/OrganizationFilter.java
+++ b/kidgrow-springcloud/kidgrow-springcloud-zuul/src/main/java/com/kidgrow/zuul/filter/OrganizationFilter.java
@@ -1,6 +1,8 @@
package com.kidgrow.zuul.filter;
+import cn.hutool.core.util.StrUtil;
import com.alibaba.fastjson.JSON;
+import com.kidgrow.authclient.util.AuthUtils;
import com.kidgrow.common.model.ResultBody;
import com.kidgrow.common.model.SysOrganization;
import com.kidgrow.common.model.SysUser;
@@ -19,8 +21,12 @@
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.core.context.SecurityContextImpl;
+import org.springframework.security.oauth2.common.OAuth2AccessToken;
+import org.springframework.security.oauth2.common.OAuth2RefreshToken;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
+import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.stereotype.Component;
+import org.springframework.util.Assert;
import javax.servlet.http.HttpServletRequest;
import java.util.*;
@@ -59,6 +65,8 @@
private SysUserOrgService sysUserOrgService;
@Autowired
private SysOrganizationService sysOrganizationService;
+ @Autowired
+ private TokenStore tokenStore;
private final String CLIENTID = "webApp";//运营端
@@ -72,6 +80,10 @@
// 获取request对象
HttpServletRequest request = currentContext.getRequest();
//security会把一个SecurityContextImpl对象存储到session中,此对象中有当前用户的各种资料
+ String token = request.getParameter("token");
+ if (StrUtil.isEmpty(token)) {
+ token = AuthUtils.extractToken(request);
+ }
SecurityContextImpl securityContextImpl = (SecurityContextImpl) request
.getSession().getAttribute("SPRING_SECURITY_CONTEXT");
authentication = securityContextImpl.getAuthentication();
@@ -88,6 +100,8 @@
*/
List<SysUserOrg> sysUserOrgs = this.getSysUserOrg(user.getId());
if (sysUserOrgs == null || sysUserOrgs.isEmpty()) {
+ //退出的操作
+ this.logout(request);
ctx.setSendZuulResponse(false);
ctx.addZuulResponseHeader("Content-Type", "application/json;charset=UTF-8");
// String str = new String("您的组织已经被禁用,请联系管理员".getBytes("utf-8"), "utf-8");
@@ -108,12 +122,16 @@
map.put("id", sysUserOrg.getOrgId());
List<SysOrganization> sysOrganizations = JSON.parseArray(JSON.toJSONString(sysOrganizationService.getListByMap(map).getData()), SysOrganization.class);
if (sysOrganizations == null || sysOrganizations.size() <= 0) {
+ //退出的操作
+ this.logout(request);
ctx.setSendZuulResponse(false);
ctx.addZuulResponseHeader("Content-Type", "application/json;charset=UTF-8");
ctx.setResponseBody(JSON.toJSONString(ResultBody.fail(1000, "您的组织已经被禁用,请联系管理员")));
} else {
for (SysOrganization sysOrganization : sysOrganizations) {
if (!sysOrganization.getEnabled() || sysOrganization.getIsDel()) {
+ //退出的操作
+ this.logout(request);
ctx.setSendZuulResponse(false);
ctx.addZuulResponseHeader("Content-Type", "application/json;charset=UTF-8");
ctx.setResponseBody(JSON.toJSONString(ResultBody.fail(1000, "您的组织已经被禁用,请联系管理员")));
@@ -127,6 +145,27 @@
}
return null;
}
+ //根据token退出
+ public void logout(HttpServletRequest request) {
+ Assert.notNull(tokenStore, "tokenStore must be set");
+ String token = request.getParameter("token");
+ if (StrUtil.isEmpty(token)) {
+ token = AuthUtils.extractToken(request);
+ }
+ if(StrUtil.isNotEmpty(token)){
+ OAuth2AccessToken existingAccessToken = tokenStore.readAccessToken(token);
+ OAuth2RefreshToken refreshToken;
+ if (existingAccessToken != null) {
+ if (existingAccessToken.getRefreshToken() != null) {
+ log.info("remove refreshToken!", existingAccessToken.getRefreshToken());
+ refreshToken = existingAccessToken.getRefreshToken();
+ tokenStore.removeRefreshToken(refreshToken);
+ }
+ log.info("remove existingAccessToken!", existingAccessToken);
+ tokenStore.removeAccessToken(existingAccessToken);
+ }
+ }
+ }
/**
* 通过userID 获取组织的关系
diff --git a/kidgrow-uaa/kidgrow-uaa-server/src/main/java/com/kidgrow/oauth2/handler/OauthLogoutHandler.java b/kidgrow-uaa/kidgrow-uaa-server/src/main/java/com/kidgrow/oauth2/handler/OauthLogoutHandler.java
index b35da2d..c347ee7 100644
--- a/kidgrow-uaa/kidgrow-uaa-server/src/main/java/com/kidgrow/oauth2/handler/OauthLogoutHandler.java
+++ b/kidgrow-uaa/kidgrow-uaa-server/src/main/java/com/kidgrow/oauth2/handler/OauthLogoutHandler.java
@@ -2,7 +2,6 @@
import cn.hutool.core.util.StrUtil;
import com.kidgrow.authclient.util.AuthUtils;
-import com.kidgrow.redis.util.RedisUtils;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
@@ -27,8 +26,8 @@
public class OauthLogoutHandler implements LogoutHandler {
@Autowired
private TokenStore tokenStore;
- @Autowired
- private RedisUtils redisUtils;
+// @Autowired
+// private RedisUtils redisUtils;
@Override
public void logout(HttpServletRequest request, HttpServletResponse response, Authentication authentication) {
--
Gitblit v1.8.0