first commit
This commit is contained in:
@ -3,12 +3,13 @@ package com.qiaoba.auth.config;
|
||||
import cn.hutool.core.util.RandomUtil;
|
||||
import cn.hutool.crypto.SecureUtil;
|
||||
import com.qiaoba.auth.constants.SecurityConstant;
|
||||
import com.qiaoba.auth.filters.JwtAuthenticationTokenFilter;
|
||||
import com.qiaoba.auth.filters.AuthenticationCoreFilter;
|
||||
import com.qiaoba.auth.handler.AccessDeniedHandler;
|
||||
import com.qiaoba.auth.handler.LogoutHandler;
|
||||
import com.qiaoba.auth.properties.AuthConfigProperties;
|
||||
import com.qiaoba.auth.utils.TokenUtil;
|
||||
import com.qiaoba.common.base.constants.BaseConstant;
|
||||
import com.qiaoba.common.base.constants.ConfigConstant;
|
||||
import com.qiaoba.common.redis.service.RedisService;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
@ -42,7 +43,7 @@ public class SpringSecurityConfig {
|
||||
|
||||
private final AuthConfigProperties authConfigProperties;
|
||||
private final AccessDeniedHandler accessDeniedHandler;
|
||||
private final JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter;
|
||||
private final AuthenticationCoreFilter authenticationCoreFilter;
|
||||
private final RedisService redisService;
|
||||
private final LogoutHandler logoutHandler;
|
||||
|
||||
@ -52,8 +53,8 @@ public class SpringSecurityConfig {
|
||||
@PostConstruct
|
||||
public void init() {
|
||||
|
||||
if (redisService.hasKey(SecurityConstant.TOKEN_EXPIRE_TIME_KEY)) {
|
||||
TokenUtil.expireTime = Integer.parseInt(redisService.get(SecurityConstant.TOKEN_EXPIRE_TIME_KEY).toString());
|
||||
if (redisService.hasKey(ConfigConstant.TOKEN_EXPIRE_TIME_KEY)) {
|
||||
TokenUtil.expireTime = Integer.parseInt(redisService.get(ConfigConstant.TOKEN_EXPIRE_TIME_KEY).toString());
|
||||
}
|
||||
|
||||
if (redisService.hasKey(SecurityConstant.REDIS_SECRET_KEY)) {
|
||||
@ -95,10 +96,10 @@ public class SpringSecurityConfig {
|
||||
// 禁用缓存
|
||||
httpSecurity.headers().cacheControl();
|
||||
// 退出处理
|
||||
httpSecurity.logout().logoutUrl(SecurityConstant.LOGOUT_URL).logoutSuccessHandler(logoutHandler);
|
||||
httpSecurity.logout().logoutUrl(SecurityConstant.LOGOUT_URI).logoutSuccessHandler(logoutHandler);
|
||||
// 添加JWT filter
|
||||
httpSecurity.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
|
||||
httpSecurity.addFilterBefore(jwtAuthenticationTokenFilter, LogoutFilter.class);
|
||||
httpSecurity.addFilterBefore(authenticationCoreFilter, UsernamePasswordAuthenticationFilter.class);
|
||||
httpSecurity.addFilterBefore(authenticationCoreFilter, LogoutFilter.class);
|
||||
return httpSecurity.build();
|
||||
}
|
||||
}
|
||||
|
||||
@ -21,34 +21,23 @@ public class SecurityConstant {
|
||||
public static final int HTTP_SQUEEZED_OFFLINE = 4011;
|
||||
|
||||
|
||||
|
||||
|
||||
public static final int MAX_ERROR_COUNT = 5;
|
||||
public static final String LOGOUT_URL = "/logout";
|
||||
public static final String LOGOUT_URI = "/logout";
|
||||
public static final String HAS_BEEN_PULLED_BLACK = "您的IP已经被系统拉黑";
|
||||
public static final String ACCESS_DENIED = "暂无权限访问, 请重新登录";
|
||||
public static final String BLACKLIST_KEY = "login:blacklist";
|
||||
public static final String LOGIN_ERROR_COUNT = "login:errorCount:";
|
||||
public static final String BLACKLIST_ON = "true";
|
||||
public static final String BLACKLIST_ON_OFF_KEY = ConfigConstant.SYS_CONFIG_KEY_PREFIX + "sys.account.blacklistOnOff";
|
||||
|
||||
public static final String CAPTCHA_KEY = "login:captcha:";
|
||||
public static final String CAPTCHA_ON_OFF_KEY = ConfigConstant.SYS_CONFIG_KEY_PREFIX + "sys.account.captchaOnOff";
|
||||
public static final String CAPTCHA_ON = "true";
|
||||
public static final String REGISTER_ON_OFF_KEY = ConfigConstant.SYS_CONFIG_KEY_PREFIX + "sys.account.registerUser";
|
||||
public static final String REGISTER_ON = "true";
|
||||
|
||||
public static final String REDIS_SECRET_KEY = "sys:secret:secret";
|
||||
public static final String USER_DETAILS_REDIS_KEY = "user_details:";
|
||||
public static final String ONLINE_USER_REDIS_KEY = "online_user:";
|
||||
public static final String LOGGED_USER_REDIS_KEY = "logged_user:";
|
||||
public static final String TOKEN_EXPIRE_TIME_KEY = ConfigConstant.SYS_CONFIG_KEY_PREFIX + "sys.token.expireTime";
|
||||
/**
|
||||
* 登录成功
|
||||
*/
|
||||
public static final String LOGIN_SUCCESS = "登录成功";
|
||||
/**
|
||||
* 登录失败
|
||||
*/
|
||||
public static final String LOGIN_FAIL = "登录失败";
|
||||
|
||||
|
||||
|
||||
/**
|
||||
* 密码错误
|
||||
*/
|
||||
@ -65,33 +54,4 @@ public class SecurityConstant {
|
||||
public static final String TOKEN_HEAD = "Bearer ";
|
||||
|
||||
|
||||
/**
|
||||
* Xss过滤白名单
|
||||
*/
|
||||
public final static List<String> XSS_WHITELIST = Arrays.asList(
|
||||
"/captchaImage",
|
||||
"/login",
|
||||
"/workflow/process/start",
|
||||
"/workflow/model/save"
|
||||
);
|
||||
|
||||
/**
|
||||
* 需要限流的接口
|
||||
*/
|
||||
public final static List<String> LIMIT_URI = Arrays.asList(
|
||||
"/captchaImage",
|
||||
"/login",
|
||||
"/register"
|
||||
);
|
||||
|
||||
/**
|
||||
* 限流的RedisKey
|
||||
*/
|
||||
public final static String RATE_LIMIT_KEY = "rateLimit:";
|
||||
|
||||
/**
|
||||
* 同IP每秒最大允许访问次数
|
||||
*/
|
||||
public final static Integer MAX_RATE_LIMIT_TOTAL = 5;
|
||||
|
||||
}
|
||||
|
||||
@ -0,0 +1,33 @@
|
||||
package com.qiaoba.auth.entity.dto;
|
||||
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.Data;
|
||||
import lombok.NoArgsConstructor;
|
||||
|
||||
import java.io.Serializable;
|
||||
|
||||
/**
|
||||
* 在线用户
|
||||
*
|
||||
* @author ailanyin
|
||||
* @version 1.0
|
||||
* @since 2023/5/22 17:08
|
||||
*/
|
||||
@Data
|
||||
@AllArgsConstructor
|
||||
@NoArgsConstructor
|
||||
public class OnlineUserDto implements Serializable {
|
||||
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
/**
|
||||
* 登录账号
|
||||
*/
|
||||
private String username;
|
||||
|
||||
/**
|
||||
* 设备号 暂用UUID
|
||||
*/
|
||||
private String deviceSn;
|
||||
|
||||
}
|
||||
@ -2,6 +2,8 @@ package com.qiaoba.auth.entity.dto;
|
||||
|
||||
import lombok.Data;
|
||||
|
||||
import java.io.Serializable;
|
||||
|
||||
/**
|
||||
* 角色
|
||||
*
|
||||
@ -10,7 +12,9 @@ import lombok.Data;
|
||||
* @since 2023/5/22 17:08
|
||||
*/
|
||||
@Data
|
||||
public class RoleDto {
|
||||
public class RoleDto implements Serializable {
|
||||
|
||||
private static final long serialVersionUID = 1L;
|
||||
|
||||
private String roleId;
|
||||
private String roleKey;
|
||||
|
||||
@ -1,8 +1,8 @@
|
||||
package com.qiaoba.auth.filters;
|
||||
|
||||
import cn.hutool.core.util.StrUtil;
|
||||
import com.qiaoba.api.auth.service.AuthConfigApiService;
|
||||
import com.qiaoba.auth.constants.SecurityConstant;
|
||||
import com.qiaoba.auth.entity.OnlineUser;
|
||||
import com.qiaoba.auth.entity.dto.OnlineUserDto;
|
||||
import com.qiaoba.auth.properties.AuthConfigProperties;
|
||||
import com.qiaoba.auth.service.OnlineUserService;
|
||||
import com.qiaoba.auth.utils.TokenUtil;
|
||||
@ -24,20 +24,20 @@ import java.io.IOException;
|
||||
import java.util.Objects;
|
||||
|
||||
/**
|
||||
* JwtAuthenticationTokenFilter
|
||||
* 为了保证 SecurityContext 上下文中 userInfo 是最新的
|
||||
* 鉴权核心过滤器
|
||||
*
|
||||
* @author ailanyin
|
||||
* @version 1.0
|
||||
* @since 2021/10/21 0021 下午 14:13
|
||||
* @since 2023-05-28 15:31:55
|
||||
*/
|
||||
@RequiredArgsConstructor
|
||||
public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
|
||||
public class AuthenticationCoreFilter extends OncePerRequestFilter {
|
||||
|
||||
private final RedisService redisService;
|
||||
private final UserDetailsService userDetailsService;
|
||||
private final OnlineUserService onlineUserService;
|
||||
private final AuthConfigProperties authConfigProperties;
|
||||
private final AuthConfigApiService authConfigApiService;
|
||||
|
||||
@Override
|
||||
protected void doFilterInternal(HttpServletRequest request,
|
||||
@ -49,18 +49,21 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
|
||||
return;
|
||||
}
|
||||
|
||||
// 取Header中的Token
|
||||
String authHeader = request.getHeader(SecurityConstant.TOKEN_HEADER);
|
||||
if (StrUtil.isNotBlank(authHeader) && authHeader.startsWith(SecurityConstant.TOKEN_HEAD)) {
|
||||
String authToken = authHeader.substring(SecurityConstant.TOKEN_HEAD.length());
|
||||
String username = authToken.split(":")[0];
|
||||
String deviceSn = authToken.split(":")[1];
|
||||
String authToken = TokenUtil.getToken(request, false);
|
||||
|
||||
if (!"/logout".equals(request.getRequestURI())) {
|
||||
OnlineUserDto onlineUserDto = TokenUtil.getUsernameAndDeviceSn(authToken);
|
||||
String username = onlineUserDto.getUsername();
|
||||
String deviceSn = onlineUserDto.getDeviceSn();
|
||||
UserDetails userDetails = userDetailsService.loadUserByUsername(username);
|
||||
|
||||
// 不是退出请求
|
||||
if (!SecurityConstant.LOGOUT_URI.equals(request.getRequestURI())) {
|
||||
// 不允许同时在线
|
||||
if (!authConfigApiService.checkAllowBothOnline()) {
|
||||
if (redisService.hasKey(SecurityConstant.LOGGED_USER_REDIS_KEY + username)) {
|
||||
if (!onlineUserService.checkIsLastLogged(username, deviceSn)) {
|
||||
onlineUserService.deleteOne(username, deviceSn, true);
|
||||
ResponseUtil.errorAuth(response, 4012, "被挤下线");
|
||||
onlineUserService.deleteOne(username, deviceSn);
|
||||
return;
|
||||
}
|
||||
} else {
|
||||
@ -68,15 +71,22 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
|
||||
return;
|
||||
}
|
||||
}
|
||||
|
||||
if (username != null && SecurityContextHolder.getContext().getAuthentication() == null) {
|
||||
UserDetails userDetails = userDetailsService.loadUserByUsername(username);
|
||||
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
|
||||
authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
|
||||
SecurityContextHolder.getContext().setAuthentication(authentication);
|
||||
// 允许同时在线
|
||||
else {
|
||||
if (Objects.isNull(userDetails)) {
|
||||
ResponseUtil.errorAuth(response, 4011, "登陆过期");
|
||||
return;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// 更新 SecurityContextHolder Authentication, 为了保证 SecurityContext 上下文中 userDetails 是最新的
|
||||
if (Objects.isNull(SecurityContextHolder.getContext().getAuthentication())) {
|
||||
UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userDetails, null, userDetails.getAuthorities());
|
||||
authentication.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
|
||||
SecurityContextHolder.getContext().setAuthentication(authentication);
|
||||
}
|
||||
|
||||
chain.doFilter(request, response);
|
||||
}
|
||||
}
|
||||
@ -2,7 +2,6 @@ package com.qiaoba.auth.handler;
|
||||
|
||||
import com.qiaoba.auth.entity.LoginUser;
|
||||
import com.qiaoba.auth.service.OnlineUserService;
|
||||
import com.qiaoba.common.redis.service.RedisService;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
|
||||
@ -24,13 +23,12 @@ import java.io.IOException;
|
||||
@RequiredArgsConstructor
|
||||
public class LogoutHandler implements LogoutSuccessHandler {
|
||||
|
||||
private final RedisService redisService;
|
||||
private final OnlineUserService onlineUserService;
|
||||
|
||||
@Override
|
||||
public void onLogoutSuccess(HttpServletRequest request, HttpServletResponse response, Authentication authentication) throws IOException, ServletException {
|
||||
// 删除缓存中的用户信息
|
||||
LoginUser user = (LoginUser) authentication.getPrincipal();
|
||||
onlineUserService.deleteOne(user.getUsername(), user.getDeviceSn());
|
||||
onlineUserService.deleteOne(user.getUsername(), user.getDeviceSn(), true);
|
||||
}
|
||||
}
|
||||
|
||||
@ -25,8 +25,9 @@ public interface OnlineUserService {
|
||||
*
|
||||
* @param username 登录账号
|
||||
* @param deviceSn 设备号
|
||||
* @param deleteOwn 是否是删除自己
|
||||
*/
|
||||
void deleteOne(String username, String deviceSn);
|
||||
void deleteOne(String username, String deviceSn, Boolean deleteOwn);
|
||||
|
||||
/**
|
||||
* 删除(强退)
|
||||
@ -60,4 +61,5 @@ public interface OnlineUserService {
|
||||
* @return 结果
|
||||
*/
|
||||
Boolean checkIsLastLogged(String username, String deviceSn);
|
||||
|
||||
}
|
||||
|
||||
@ -0,0 +1,60 @@
|
||||
package com.qiaoba.auth.service.impl;
|
||||
|
||||
import cn.hutool.core.util.StrUtil;
|
||||
import com.qiaoba.api.auth.service.AuthConfigApiService;
|
||||
import com.qiaoba.auth.constants.SecurityConstant;
|
||||
import com.qiaoba.common.base.constants.ConfigConstant;
|
||||
import com.qiaoba.common.base.exceptions.ServiceException;
|
||||
import com.qiaoba.common.redis.service.RedisService;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
/**
|
||||
* 安全配置 服务层实现
|
||||
*
|
||||
* @author ailanyin
|
||||
* @version 1.0
|
||||
* @since 2023-05-28 15:09:34
|
||||
*/
|
||||
@Service
|
||||
@RequiredArgsConstructor
|
||||
public class AuthConfigServiceImpl implements AuthConfigApiService {
|
||||
|
||||
private final RedisService redisService;
|
||||
|
||||
@Override
|
||||
public Boolean checkAllowBothOnline() {
|
||||
return ConfigConstant.COMMON_ON_VALUE.equals(redisService.get(ConfigConstant.ALLOW_BOTH_ONLINE_KEY));
|
||||
}
|
||||
|
||||
@Override
|
||||
public Boolean getCaptchaConfig() {
|
||||
return ConfigConstant.COMMON_ON_VALUE.equals(redisService.get(ConfigConstant.CAPTCHA_ON_OFF_KEY));
|
||||
}
|
||||
|
||||
@Override
|
||||
public Boolean getRegisterConfig() {
|
||||
return ConfigConstant.COMMON_ON_VALUE.equals(redisService.get(ConfigConstant.REGISTER_ON_OFF_KEY));
|
||||
}
|
||||
|
||||
@Override
|
||||
public void validateCaptcha(String code, String uuid) {
|
||||
if (getCaptchaConfig()) {
|
||||
if (StrUtil.isBlank(code) || StrUtil.isBlank(uuid)) {
|
||||
throw new ServiceException("验证码或uuid获取失败!");
|
||||
}
|
||||
try {
|
||||
if (!redisService.hasKey(SecurityConstant.CAPTCHA_KEY + uuid)) {
|
||||
throw new ServiceException("验证码已经过期失效!");
|
||||
} else {
|
||||
if (!code.equalsIgnoreCase(redisService.get(SecurityConstant.CAPTCHA_KEY + uuid).toString())) {
|
||||
throw new ServiceException("验证码输入错误!");
|
||||
}
|
||||
}
|
||||
|
||||
} finally {
|
||||
redisService.del(SecurityConstant.CAPTCHA_KEY + uuid);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
@ -4,13 +4,16 @@ import cn.hutool.core.util.StrUtil;
|
||||
import com.qiaoba.api.auth.service.SysUserDetailsApiService;
|
||||
import com.qiaoba.auth.constants.SecurityConstant;
|
||||
import com.qiaoba.auth.entity.OnlineUser;
|
||||
import com.qiaoba.auth.entity.dto.OnlineUserDto;
|
||||
import com.qiaoba.auth.service.OnlineUserService;
|
||||
import com.qiaoba.auth.utils.TokenUtil;
|
||||
import com.qiaoba.common.base.constants.BaseConstant;
|
||||
import com.qiaoba.common.base.exceptions.ServiceException;
|
||||
import com.qiaoba.common.redis.service.RedisService;
|
||||
import lombok.RequiredArgsConstructor;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import java.util.ArrayList;
|
||||
import java.util.Collection;
|
||||
import java.util.List;
|
||||
@ -28,16 +31,21 @@ public class OnlineUserServiceImpl implements OnlineUserService {
|
||||
|
||||
private final RedisService redisService;
|
||||
private final SysUserDetailsApiService sysUserDetailsApiService;
|
||||
private final HttpServletRequest request;
|
||||
|
||||
|
||||
@Override
|
||||
public void insert(OnlineUser onlineUser) {
|
||||
// key: username:deviceSn
|
||||
// value: onlineUser
|
||||
redisService.set(handleKey(onlineUser.getUsername(), onlineUser.getDeviceSn()), onlineUser, TokenUtil.expireTime * 3600);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void deleteOne(String username, String deviceSn) {
|
||||
public void deleteOne(String username, String deviceSn, Boolean deleteOwn) {
|
||||
|
||||
if (!deleteOwn && isOwn(deviceSn)) {
|
||||
throw new ServiceException("禁止踢出自己!");
|
||||
}
|
||||
|
||||
if (deviceSn.equals(redisService.get(SecurityConstant.LOGGED_USER_REDIS_KEY + username))) {
|
||||
redisService.del(SecurityConstant.LOGGED_USER_REDIS_KEY + username);
|
||||
}
|
||||
@ -69,8 +77,7 @@ public class OnlineUserServiceImpl implements OnlineUserService {
|
||||
List<OnlineUser> users = new ArrayList<>();
|
||||
Collection<String> keys = redisService.getKeys(key);
|
||||
for (String temp : keys) {
|
||||
temp = temp.replace("tenant_1:", "");
|
||||
users.add(redisService.getObject(temp, OnlineUser.class));
|
||||
users.add(redisService.getObject(redisService.removeTenantPrefix(temp), OnlineUser.class));
|
||||
}
|
||||
return users;
|
||||
}
|
||||
@ -84,4 +91,10 @@ public class OnlineUserServiceImpl implements OnlineUserService {
|
||||
private String handleKey(String key, String deviceSn) {
|
||||
return SecurityConstant.ONLINE_USER_REDIS_KEY + key + BaseConstant.COLON_JOIN_STR + deviceSn;
|
||||
}
|
||||
|
||||
private Boolean isOwn(String deviceSn) {
|
||||
String token = TokenUtil.getToken(request, false);
|
||||
OnlineUserDto dto = TokenUtil.getUsernameAndDeviceSn(token);
|
||||
return deviceSn.equals(dto.getDeviceSn());
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,12 +1,12 @@
|
||||
package com.qiaoba.auth.utils;
|
||||
|
||||
import cn.hutool.core.date.DateField;
|
||||
import cn.hutool.core.date.DateTime;
|
||||
import cn.hutool.jwt.JWTPayload;
|
||||
import cn.hutool.jwt.JWTUtil;
|
||||
import cn.hutool.core.util.StrUtil;
|
||||
import com.qiaoba.auth.constants.SecurityConstant;
|
||||
import com.qiaoba.auth.entity.dto.OnlineUserDto;
|
||||
import com.qiaoba.common.base.constants.BaseConstant;
|
||||
import com.qiaoba.common.base.exceptions.ServiceException;
|
||||
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
/**
|
||||
* TokenUtil
|
||||
@ -23,47 +23,32 @@ public class TokenUtil {
|
||||
*/
|
||||
public static String secret;
|
||||
public static Integer expireTime = 72;
|
||||
private static final String TOKEN_TEMPLATE = "{}:{}";
|
||||
|
||||
public static String generateToken(String username) {
|
||||
DateTime now = DateTime.now();
|
||||
|
||||
DateTime newTime = now.offsetNew(DateField.HOUR, expireTime);
|
||||
|
||||
Map<String, Object> payload = new HashMap<String, Object>(4);
|
||||
//签发时间
|
||||
payload.put(JWTPayload.ISSUED_AT, now);
|
||||
//过期时间
|
||||
payload.put(JWTPayload.EXPIRES_AT, newTime);
|
||||
//生效时间
|
||||
payload.put(JWTPayload.NOT_BEFORE, now);
|
||||
//载荷
|
||||
payload.put(JWTPayload.SUBJECT, username);
|
||||
return JWTUtil.createToken(payload, secret.getBytes());
|
||||
public static String generateToken(String username, String deviceSn) {
|
||||
return StrUtil.format(TOKEN_TEMPLATE, username, deviceSn);
|
||||
}
|
||||
|
||||
public static String getUserNameFromToken(String token) {
|
||||
try {
|
||||
return JWTUtil.parseToken(token).getPayload(JWTPayload.SUBJECT).toString();
|
||||
} catch (Exception e) {
|
||||
public static String getToken(HttpServletRequest request, boolean allowNull) {
|
||||
// 取Header中的Token
|
||||
String authHeader = request.getHeader(SecurityConstant.TOKEN_HEADER);
|
||||
if (StrUtil.isNotBlank(authHeader) && authHeader.startsWith(SecurityConstant.TOKEN_HEAD)) {
|
||||
return authHeader.substring(SecurityConstant.TOKEN_HEAD.length());
|
||||
}
|
||||
|
||||
if (allowNull) {
|
||||
return null;
|
||||
}
|
||||
|
||||
throw new ServiceException("Token不存在");
|
||||
}
|
||||
|
||||
/**
|
||||
* 验证Token是否有效
|
||||
*
|
||||
* @param token token
|
||||
* @return 是/否
|
||||
*/
|
||||
public static boolean validateToken(String token) {
|
||||
public static OnlineUserDto getUsernameAndDeviceSn(String token) {
|
||||
try {
|
||||
if (!JWTUtil.verify(token, secret.getBytes())) {
|
||||
return false;
|
||||
}
|
||||
long expireTime = Long.parseLong(JWTUtil.parseToken(token).getPayload(JWTPayload.EXPIRES_AT).toString() + "000");
|
||||
return new DateTime(expireTime).after(DateTime.now());
|
||||
String[] split = token.split(BaseConstant.COLON_JOIN_STR);
|
||||
return new OnlineUserDto(split[0], split[1]);
|
||||
} catch (Exception e) {
|
||||
return false;
|
||||
throw new ServiceException("Token解析失败");
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@ -2,8 +2,9 @@ org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
|
||||
com.qiaoba.auth.properties.AuthConfigProperties,\
|
||||
com.qiaoba.auth.handler.AccessDeniedHandler,\
|
||||
com.qiaoba.auth.handler.LogoutHandler,\
|
||||
com.qiaoba.auth.filters.JwtAuthenticationTokenFilter,\
|
||||
com.qiaoba.auth.filters.AuthenticationCoreFilter,\
|
||||
com.qiaoba.auth.advice.SecurityExceptionAdvice,\
|
||||
com.qiaoba.auth.aspectj.DataScopeAspect,\
|
||||
com.qiaoba.auth.service.impl.OnlineUserServiceImpl,\
|
||||
com.qiaoba.auth.service.impl.AuthConfigServiceImpl,\
|
||||
com.qiaoba.auth.config.SpringSecurityConfig
|
||||
|
||||
Reference in New Issue
Block a user