package com.kidgrow.zuul.filter; import com.alibaba.fastjson.JSON; import com.kidgrow.common.model.ResultBody; import com.kidgrow.common.model.SysOrganization; import com.kidgrow.common.model.SysUser; import com.kidgrow.common.model.SysUserOrg; import com.kidgrow.redis.util.RedisConstant; import com.kidgrow.redis.util.RedisUtils; import com.kidgrow.zuul.feign.SysOrganizationService; import com.kidgrow.zuul.feign.SysUserOrgService; import com.kidgrow.zuul.service.TokenService; import com.netflix.zuul.ZuulFilter; import com.netflix.zuul.context.RequestContext; import lombok.SneakyThrows; import lombok.extern.slf4j.Slf4j; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.cloud.netflix.zuul.filters.support.FilterConstants; import org.springframework.security.authentication.AnonymousAuthenticationToken; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextImpl; import org.springframework.security.oauth2.provider.OAuth2Authentication; import org.springframework.stereotype.Component; import javax.servlet.http.HttpServletRequest; import java.util.*; import static org.springframework.cloud.netflix.zuul.filters.support.FilterConstants.PRE_DECORATION_FILTER_ORDER; /** * 石家庄喜高科技有限责任公司 版权所有 © Copyright 2020
* * @Description: 将认证用户的相关信息放入header中, 后端服务可以直接读取使用 包含了----组织的拦截--- 如果被拦截,将清除token
* @Project:
* @CreateDate: Created in 2020/2/21 10:12
* @Author: liuke */ @Slf4j @Component public class OrganizationFilter extends ZuulFilter { @Override public String filterType() { return FilterConstants.PRE_TYPE; } @Override public int filterOrder() { return PRE_DECORATION_FILTER_ORDER; } @Override public boolean shouldFilter() { return true; } @Autowired RedisUtils redisUtils; @Autowired private SysUserOrgService sysUserOrgService; @Autowired private SysOrganizationService sysOrganizationService; @Autowired private TokenService tokenService; @SneakyThrows @Override public Object run() { Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); if (authentication != null && !(authentication instanceof AnonymousAuthenticationToken)) { RequestContext currentContext = RequestContext.getCurrentContext(); // 获取request对象 HttpServletRequest request = currentContext.getRequest(); //security会把一个SecurityContextImpl对象存储到session中,此对象中有当前用户的各种资料 SecurityContextImpl securityContextImpl = (SecurityContextImpl) request .getSession().getAttribute("SPRING_SECURITY_CONTEXT"); authentication = securityContextImpl.getAuthentication(); Object principal = authentication.getPrincipal(); RequestContext ctx = RequestContext.getCurrentContext(); if (principal instanceof SysUser) { //运营端进行 OAuth2Authentication oauth2Authentication = (OAuth2Authentication) authentication; SysUser user = (SysUser) authentication.getPrincipal(); /** * 将组织中为空的拦截 */ List sysUserOrgs = this.getSysUserOrg(user.getId()); if (sysUserOrgs == null || sysUserOrgs.isEmpty()) { //退出的操作 this.tokenService.logout(request); ctx.setSendZuulResponse(false); ctx.addZuulResponseHeader("Content-Type", "application/json;charset=UTF-8"); // String str = new String("您的组织已经被禁用,请联系管理员".getBytes("utf-8"), "utf-8"); ctx.setResponseBody(JSON.toJSONString(ResultBody.fail(1000, "您的组织已经被禁用,请联系管理员"))); } else { // List collect = sysUserOrgs.stream().map(e -> e.getOrgId()).collect(Collectors.toList()); // List sysOrganizations = getSysOrganization(); // List orgIds = sysOrganizations.stream().filter(e -> e.getEnabled() == true && collect.contains(e.getId())).map(e -> e.getId()).collect(Collectors.toList()); // if (orgIds == null || orgIds.size() <= 0) { // ctx.setSendZuulResponse(false); // ctx.setResponseBody(JSON.toJSONString(ResultBody.fail(1000, "您的组织已经被禁用,请联系管理员"))); // } if (!request.getRequestURI().contains("ReportRecord/getImg")) { //根据fegin客户端查询状态 Map map; for (SysUserOrg sysUserOrg : sysUserOrgs) { map = new HashMap<>(); map.put("id", sysUserOrg.getOrgId()); List sysOrganizations = JSON.parseArray(JSON.toJSONString(sysOrganizationService.getListByMap(map).getData()), SysOrganization.class); if (sysOrganizations == null || sysOrganizations.size() <= 0) { //退出的操作 this.tokenService.logout(request); ctx.setSendZuulResponse(false); ctx.addZuulResponseHeader("Content-Type", "application/json;charset=UTF-8"); ctx.setResponseBody(JSON.toJSONString(ResultBody.fail(1000, "您的组织已经被禁用,请联系管理员"))); } else { for (SysOrganization sysOrganization : sysOrganizations) { if (!sysOrganization.getEnabled() || sysOrganization.getIsDel()) { //退出的操作 this.tokenService.logout(request); ctx.setSendZuulResponse(false); ctx.addZuulResponseHeader("Content-Type", "application/json;charset=UTF-8"); ctx.setResponseBody(JSON.toJSONString(ResultBody.fail(1000, "您的组织已经被禁用,请联系管理员"))); } } } } } } } } return null; } /** * 通过userID 获取组织的关系 * * @param str * @return */ public List getSysUserOrg(Long str) { //获取组织 Redis中获取 List sysUserOrgs = JSON.parseArray(JSON.toJSONString(redisUtils.hget(RedisConstant.USER_ORGANIZATION, str.toString())), SysUserOrg.class); if (sysUserOrgs == null || sysUserOrgs.size() <= 0) { //在数据库查询 Map map = new HashMap<>(); map.put("user_id", str); sysUserOrgs = sysUserOrgService.getListByMap(map); redisUtils.hset(RedisConstant.USER_ORGANIZATION, str.toString(), sysUserOrgs); } return sysUserOrgs; } public List getSysOrganization() { Map hmget = redisUtils.hmget(RedisConstant.ORGANIZATION); List sysOrganizations = new ArrayList<>(); if (hmget == null || hmget.size() <= 0) { Map map = new HashMap<>(); map.put("is_del", 0); sysOrganizations = JSON.parseArray(JSON.toJSONString(sysOrganizationService.getListByMap(map).getData()), SysOrganization.class); sysOrganizations.forEach(e -> { redisUtils.hset(RedisConstant.ORGANIZATION, e.getId().toString(), e); }); } else { Set objects = hmget.keySet(); Iterator iterator = objects.iterator(); while (iterator.hasNext()) { sysOrganizations.add((SysOrganization) hmget.get(iterator.next())); } } return sysOrganizations; } }