package com.panzhihua.zuul.filters;
|
|
import java.io.IOException;
|
import java.util.ArrayList;
|
import java.util.List;
|
import java.util.concurrent.atomic.AtomicBoolean;
|
|
import javax.servlet.*;
|
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletResponse;
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.context.ApplicationContext;
|
import org.springframework.data.redis.core.StringRedisTemplate;
|
import org.springframework.data.redis.core.ValueOperations;
|
import org.springframework.security.core.authority.SimpleGrantedAuthority;
|
import org.springframework.stereotype.Component;
|
import org.springframework.web.context.support.WebApplicationContextUtils;
|
|
import com.alibaba.fastjson.JSONArray;
|
import com.panzhihua.common.constants.HttpStatus;
|
import com.panzhihua.common.constants.SecurityConstants;
|
import com.panzhihua.common.constants.TokenConstant;
|
import com.panzhihua.common.model.vos.R;
|
import com.panzhihua.common.utlis.JWTTokenUtil;
|
import com.panzhihua.common.utlis.ResultUtil;
|
import com.panzhihua.zuul.config.RealNamedConfig;
|
|
import io.jsonwebtoken.Claims;
|
|
/**
|
* @program: springcloud_k8s_panzhihuazhihuishequ
|
* @description: 小程序权限验证
|
* @author: huang.hongfa weixin hhf9596 qq 959656820
|
* @create: 2020-11-25 16:35
|
**/
|
@Component
|
public class AppletAuthenticationFilter implements Filter {
|
private StringRedisTemplate stringRedisTemplate;
|
|
@Autowired
|
private RealNamedConfig realNamedConfig;
|
|
@Override
|
public void init(FilterConfig filterConfig) throws ServletException {
|
|
}
|
|
/**
|
* 用户是否登录校验
|
*
|
* @param servletRequest
|
* 请求
|
* @param servletResponse
|
* 返回
|
* @param filterChain
|
* 过滤器链条
|
* @throws IOException
|
* io
|
* @throws ServletException
|
* servlet
|
*/
|
@Override
|
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
|
throws IOException, ServletException {
|
HttpServletRequest request = (HttpServletRequest)servletRequest;
|
SafeboxRequestWrapper safeboxRequestWrapper = new SafeboxRequestWrapper(request);
|
HttpServletResponse response = (HttpServletResponse)servletResponse;
|
|
// 获取请求头中JWT的Token
|
String tokenHeader = request.getHeader(TokenConstant.TOKEN_HEADER);
|
if (null != tokenHeader && tokenHeader.startsWith(TokenConstant.TOKEN_PRE) && realNamedConfig != null
|
&& realNamedConfig.getVerify() != null && realNamedConfig.getVerify().size() > 0) {
|
String token = tokenHeader.replace(TokenConstant.TOKEN_PRE, "");
|
|
// token解析
|
Claims claims = JWTTokenUtil.getClaimsFromToken(token);
|
if (claims != null) {// 检查token有效
|
String username = claims.getSubject();
|
int type = (Integer)claims.get("type");
|
if (1 == type) {// 小程序用户统一角色
|
String requestURI = request.getRequestURI();
|
String requestMethod = request.getMethod().toLowerCase();
|
|
ServletContext context = request.getServletContext();
|
ApplicationContext ctx = WebApplicationContextUtils.getWebApplicationContext(context);
|
stringRedisTemplate = ctx.getBean(StringRedisTemplate.class);
|
ValueOperations<String, String> valueOperations = stringRedisTemplate.opsForValue();
|
String appletUserRoleKey = SecurityConstants.ROLE_APPLETS_USER + username;
|
Boolean userHasRole = stringRedisTemplate.hasKey(appletUserRoleKey);
|
|
boolean needCheck = false;
|
List<String> checkedUrl = realNamedConfig.getVerify();
|
checkedUrl = checkedUrl != null ? checkedUrl : new ArrayList<>();
|
for (int i = 0; i < checkedUrl.size(); i++) {
|
String url = checkedUrl.get(i);
|
if (url.toLowerCase().startsWith(requestMethod) && url.endsWith(requestURI)) {
|
needCheck = true;
|
} else {
|
continue;
|
}
|
}
|
if (needCheck) {
|
if (userHasRole) {
|
boolean userHashRight = false;
|
try {
|
String roles = valueOperations.get(appletUserRoleKey);
|
List<SimpleGrantedAuthority> authorities =
|
JSONArray.parseArray(roles, SimpleGrantedAuthority.class);
|
if (authorities != null && authorities.size() > 0) {
|
AtomicBoolean userHasRightRole = new AtomicBoolean(false);
|
authorities.forEach(authority -> {
|
if (authority.getAuthority()
|
.equals(SecurityConstants.ROLE_APPLETS_REAL_NAMED)) {
|
userHasRightRole.set(true);
|
}
|
});
|
if (userHasRightRole.get()) {
|
// 用户包含“已实名”角色,则放行 什么也不做
|
userHashRight = true;
|
}
|
}
|
} catch (Exception e) {
|
userHashRight = false;
|
}
|
|
if (!userHashRight) {
|
ResultUtil.responseJson(response, R.fail(HttpStatus.FORBIDDEN, "用户未实名"));
|
return;
|
}
|
} else {
|
ResultUtil.responseJson(response, R.fail(HttpStatus.FORBIDDEN, "用户未实名"));
|
return;
|
}
|
|
}
|
}
|
}
|
}
|
filterChain.doFilter(servletRequest, servletResponse);
|
}
|
|
@Override
|
public void destroy() {
|
|
}
|
}
|
