From deb1110ca94cb0ac7bcdc51b4e8dd00407792a94 Mon Sep 17 00:00:00 2001
From: zhaoxiaohao <279049017@qq.com>
Date: Thu, 18 Mar 2021 15:11:54 +0800
Subject: [PATCH] 优化去除token的操作
---
kidgrow-springcloud/kidgrow-springcloud-zuul/src/main/java/com/kidgrow/zuul/filter/OrganizationFilter.java | 87 +++++++++++++++++++++++++++++--------------
1 files changed, 59 insertions(+), 28 deletions(-)
diff --git a/kidgrow-springcloud/kidgrow-springcloud-zuul/src/main/java/com/kidgrow/zuul/filter/OrganizationFilter.java b/kidgrow-springcloud/kidgrow-springcloud-zuul/src/main/java/com/kidgrow/zuul/filter/OrganizationFilter.java
index bcd7ade..630521a 100644
--- a/kidgrow-springcloud/kidgrow-springcloud-zuul/src/main/java/com/kidgrow/zuul/filter/OrganizationFilter.java
+++ b/kidgrow-springcloud/kidgrow-springcloud-zuul/src/main/java/com/kidgrow/zuul/filter/OrganizationFilter.java
@@ -1,43 +1,37 @@
package com.kidgrow.zuul.filter;
-import cn.hutool.core.collection.CollectionUtil;
import com.alibaba.fastjson.JSON;
-import com.kidgrow.common.constant.CommonConstant;
-import com.kidgrow.common.constant.SecurityConstants;
import com.kidgrow.common.model.ResultBody;
import com.kidgrow.common.model.SysOrganization;
import com.kidgrow.common.model.SysUser;
import com.kidgrow.common.model.SysUserOrg;
-import com.kidgrow.common.utils.AddrUtil;
import com.kidgrow.redis.util.RedisConstant;
import com.kidgrow.redis.util.RedisUtils;
import com.kidgrow.zuul.feign.SysOrganizationService;
import com.kidgrow.zuul.feign.SysUserOrgService;
+import com.kidgrow.zuul.service.TokenService;
import com.netflix.zuul.ZuulFilter;
import com.netflix.zuul.context.RequestContext;
-import eu.bitwalker.useragentutils.UserAgent;
import lombok.SneakyThrows;
import lombok.extern.slf4j.Slf4j;
-import org.hibernate.validator.constraints.NotBlank;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cloud.netflix.zuul.filters.support.FilterConstants;
-import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.security.authentication.AnonymousAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.context.SecurityContextImpl;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.stereotype.Component;
import javax.servlet.http.HttpServletRequest;
import java.util.*;
-import java.util.stream.Collectors;
import static org.springframework.cloud.netflix.zuul.filters.support.FilterConstants.PRE_DECORATION_FILTER_ORDER;
/**
* 石家庄喜高科技有限责任公司 版权所有 © Copyright 2020<br>
*
- * @Description: 将认证用户的相关信息放入header中, 后端服务可以直接读取使用 包含了----组织的拦截---<br>
+ * @Description: 将认证用户的相关信息放入header中, 后端服务可以直接读取使用 包含了----组织的拦截--- 如果被拦截,将清除token<br>
* @Project: <br>
* @CreateDate: Created in 2020/2/21 10:12 <br>
* @Author: <a href="4345453@kidgrow.com">liuke</a>
@@ -66,36 +60,71 @@
private SysUserOrgService sysUserOrgService;
@Autowired
private SysOrganizationService sysOrganizationService;
-
- private final String CLIENTID = "webApp";//运营端
+ @Autowired
+ private TokenService tokenService;
@SneakyThrows
@Override
public Object run() {
Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
+
if (authentication != null && !(authentication instanceof AnonymousAuthenticationToken)) {
+ RequestContext currentContext = RequestContext.getCurrentContext();
+// 获取request对象
+ HttpServletRequest request = currentContext.getRequest();
+ //security会把一个SecurityContextImpl对象存储到session中,此对象中有当前用户的各种资料
+ SecurityContextImpl securityContextImpl = (SecurityContextImpl) request
+ .getSession().getAttribute("SPRING_SECURITY_CONTEXT");
+ authentication = securityContextImpl.getAuthentication();
Object principal = authentication.getPrincipal();
RequestContext ctx = RequestContext.getCurrentContext();
if (principal instanceof SysUser) {
//运营端进行
OAuth2Authentication oauth2Authentication = (OAuth2Authentication) authentication;
- String clientId = oauth2Authentication.getOAuth2Request().getClientId();
- if (CLIENTID.equals(clientId)) {
- SysUser user = (SysUser) authentication.getPrincipal();
- /**
- * 将组织中为空的拦截
- */
- List<SysUserOrg> sysUserOrgs = getSysUserOrg(user.getId());
- if (sysUserOrgs == null || sysUserOrgs.isEmpty()) {
- ctx.setSendZuulResponse(false);
- ctx.setResponseBody(JSON.toJSONString(ResultBody.fail(1000, "您的组织已经被禁用,请联系管理员")));
- } else {
- List<Long> collect = sysUserOrgs.stream().map(e -> e.getOrgId()).collect(Collectors.toList());
- List<SysOrganization> sysOrganizations = getSysOrganization();
- List<Long> orgIds = sysOrganizations.stream().filter(e -> e.getEnabled() == true && collect.contains(e.getId())).map(e -> e.getId()).collect(Collectors.toList());
- if (orgIds == null || orgIds.size() <= 0) {
- ctx.setSendZuulResponse(false);
- ctx.setResponseBody(JSON.toJSONString(ResultBody.fail(1000, "您的组织已经被禁用,请联系管理员")));
+ SysUser user = (SysUser) authentication.getPrincipal();
+ /**
+ * 将组织中为空的拦截
+ */
+ List<SysUserOrg> sysUserOrgs = this.getSysUserOrg(user.getId());
+ if (sysUserOrgs == null || sysUserOrgs.isEmpty()) {
+ //退出的操作
+ this.tokenService.logout(request);
+ ctx.setSendZuulResponse(false);
+ ctx.addZuulResponseHeader("Content-Type", "application/json;charset=UTF-8");
+// String str = new String("您的组织已经被禁用,请联系管理员".getBytes("utf-8"), "utf-8");
+ ctx.setResponseBody(JSON.toJSONString(ResultBody.fail(1000, "您的组织已经被禁用,请联系管理员")));
+ } else {
+// List<Long> collect = sysUserOrgs.stream().map(e -> e.getOrgId()).collect(Collectors.toList());
+// List<SysOrganization> sysOrganizations = getSysOrganization();
+// List<Long> orgIds = sysOrganizations.stream().filter(e -> e.getEnabled() == true && collect.contains(e.getId())).map(e -> e.getId()).collect(Collectors.toList());
+// if (orgIds == null || orgIds.size() <= 0) {
+// ctx.setSendZuulResponse(false);
+// ctx.setResponseBody(JSON.toJSONString(ResultBody.fail(1000, "您的组织已经被禁用,请联系管理员")));
+// }
+ if (!request.getRequestURI().contains("ReportRecord/getImg")) {
+ //根据fegin客户端查询状态
+ Map<String, Object> map;
+ for (SysUserOrg sysUserOrg : sysUserOrgs) {
+ map = new HashMap<>();
+ map.put("id", sysUserOrg.getOrgId());
+ List<SysOrganization> sysOrganizations = JSON.parseArray(JSON.toJSONString(sysOrganizationService.getListByMap(map).getData()), SysOrganization.class);
+ if (sysOrganizations == null || sysOrganizations.size() <= 0) {
+ //退出的操作
+ this.tokenService.logout(request);
+ ctx.setSendZuulResponse(false);
+ ctx.addZuulResponseHeader("Content-Type", "application/json;charset=UTF-8");
+ ctx.setResponseBody(JSON.toJSONString(ResultBody.fail(1000, "您的组织已经被禁用,请联系管理员")));
+ } else {
+ for (SysOrganization sysOrganization : sysOrganizations) {
+ if (!sysOrganization.getEnabled() || sysOrganization.getIsDel()) {
+ //退出的操作
+ this.tokenService.logout(request);
+ ctx.setSendZuulResponse(false);
+ ctx.addZuulResponseHeader("Content-Type", "application/json;charset=UTF-8");
+ ctx.setResponseBody(JSON.toJSONString(ResultBody.fail(1000, "您的组织已经被禁用,请联系管理员")));
+ }
+ }
+ }
}
}
}
@@ -104,6 +133,8 @@
return null;
}
+
+
/**
* 通过userID 获取组织的关系
*
--
Gitblit v1.8.0