package com.panzhihua.zuul.filters; import java.io.IOException; import java.util.ArrayList; import java.util.List; import java.util.concurrent.atomic.AtomicBoolean; import javax.servlet.*; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.context.ApplicationContext; import org.springframework.data.redis.core.StringRedisTemplate; import org.springframework.data.redis.core.ValueOperations; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.stereotype.Component; import org.springframework.web.context.support.WebApplicationContextUtils; import com.alibaba.fastjson.JSONArray; import com.panzhihua.common.constants.HttpStatus; import com.panzhihua.common.constants.SecurityConstants; import com.panzhihua.common.constants.TokenConstant; import com.panzhihua.common.model.vos.R; import com.panzhihua.common.utlis.JWTTokenUtil; import com.panzhihua.common.utlis.ResultUtil; import com.panzhihua.zuul.config.RealNamedConfig; import io.jsonwebtoken.Claims; /** * @program: springcloud_k8s_panzhihuazhihuishequ * @description: 小程序权限验证 * @author: huang.hongfa weixin hhf9596 qq 959656820 * @create: 2020-11-25 16:35 **/ @Component public class AppletAuthenticationFilter implements Filter { private StringRedisTemplate stringRedisTemplate; @Autowired private RealNamedConfig realNamedConfig; @Override public void init(FilterConfig filterConfig) throws ServletException { } /** * 用户是否登录校验 * * @param servletRequest * 请求 * @param servletResponse * 返回 * @param filterChain * 过滤器链条 * @throws IOException * io * @throws ServletException * servlet */ @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest)servletRequest; SafeboxRequestWrapper safeboxRequestWrapper = new SafeboxRequestWrapper(request); HttpServletResponse response = (HttpServletResponse)servletResponse; // 获取请求头中JWT的Token String tokenHeader = request.getHeader(TokenConstant.TOKEN_HEADER); if (null != tokenHeader && tokenHeader.startsWith(TokenConstant.TOKEN_PRE) && realNamedConfig != null && realNamedConfig.getVerify() != null && realNamedConfig.getVerify().size() > 0) { String token = tokenHeader.replace(TokenConstant.TOKEN_PRE, ""); // token解析 Claims claims = JWTTokenUtil.getClaimsFromToken(token); if (claims != null) {// 检查token有效 String username = claims.getSubject(); int type = (Integer)claims.get("type"); if (1 == type) {// 小程序用户统一角色 String requestURI = request.getRequestURI(); String requestMethod = request.getMethod().toLowerCase(); ServletContext context = request.getServletContext(); ApplicationContext ctx = WebApplicationContextUtils.getWebApplicationContext(context); stringRedisTemplate = ctx.getBean(StringRedisTemplate.class); ValueOperations valueOperations = stringRedisTemplate.opsForValue(); String appletUserRoleKey = SecurityConstants.ROLE_APPLETS_USER + username; Boolean userHasRole = stringRedisTemplate.hasKey(appletUserRoleKey); boolean needCheck = false; List checkedUrl = realNamedConfig.getVerify(); checkedUrl = checkedUrl != null ? checkedUrl : new ArrayList<>(); for (int i = 0; i < checkedUrl.size(); i++) { String url = checkedUrl.get(i); if (url.toLowerCase().startsWith(requestMethod) && url.endsWith(requestURI)) { needCheck = true; } else { continue; } } if (needCheck) { if (userHasRole) { boolean userHashRight = false; try { String roles = valueOperations.get(appletUserRoleKey); List authorities = JSONArray.parseArray(roles, SimpleGrantedAuthority.class); if (authorities != null && authorities.size() > 0) { AtomicBoolean userHasRightRole = new AtomicBoolean(false); authorities.forEach(authority -> { if (authority.getAuthority() .equals(SecurityConstants.ROLE_APPLETS_REAL_NAMED)) { userHasRightRole.set(true); } }); if (userHasRightRole.get()) { // 用户包含“已实名”角色,则放行 什么也不做 userHashRight = true; } } } catch (Exception e) { userHashRight = false; } if (!userHashRight) { ResultUtil.responseJson(response, R.fail(HttpStatus.FORBIDDEN, "用户未实名")); return; } } else { ResultUtil.responseJson(response, R.fail(HttpStatus.FORBIDDEN, "用户未实名")); return; } } } } } filterChain.doFilter(servletRequest, servletResponse); } @Override public void destroy() { } }