package com.panzhihua.zuul.filters; import java.io.IOException; import java.util.ArrayList; import java.util.List; import java.util.concurrent.TimeUnit; import javax.servlet.*; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import com.panzhihua.common.model.vos.user.SysAppConfigVO; import com.panzhihua.common.utlis.*; import org.springframework.context.ApplicationContext; import org.springframework.data.redis.core.StringRedisTemplate; import org.springframework.data.redis.core.ValueOperations; import org.springframework.security.authentication.UsernamePasswordAuthenticationToken; import org.springframework.security.core.authority.SimpleGrantedAuthority; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.stereotype.Component; import org.springframework.util.ObjectUtils; import org.springframework.web.context.support.WebApplicationContextUtils; import com.alibaba.fastjson.JSONArray; import com.alibaba.fastjson.JSONObject; import com.panzhihua.common.constants.*; import com.panzhihua.common.model.vos.LoginUserInfoVO; import com.panzhihua.common.model.vos.R; import com.panzhihua.common.service.user.UserService; import io.jsonwebtoken.Claims; /** * @program: springcloud_k8s_panzhihuazhihuishequ * @description: token校验 * @author: huang.hongfa weixin hhf9596 qq 959656820 * @create: 2020-11-25 16:35 **/ @Component public class JWTAuthenticationTokenFilter implements Filter { private StringRedisTemplate stringRedisTemplate; private UserService userService; @Override public void init(FilterConfig filterConfig) throws ServletException { } /** * 用户是否登录校验 * * @param servletRequest 请求 * @param servletResponse 返回 * @param filterChain 过滤器链条 * @throws IOException io * @throws ServletException servlet */ @Override public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { HttpServletRequest request = (HttpServletRequest) servletRequest; HttpServletResponse response = (HttpServletResponse) servletResponse; ServletContext context = request.getServletContext(); ApplicationContext ctx = WebApplicationContextUtils.getWebApplicationContext(context); stringRedisTemplate = ctx.getBean(StringRedisTemplate.class); ValueOperations valueOperations = stringRedisTemplate.opsForValue(); userService = ctx.getBean(UserService.class); String requestURI = request.getRequestURI(); boolean login = requestURI.contains("login"); boolean union = requestURI.contains("huacheng-union-applets"); boolean doc = requestURI.contains("doc.html"); boolean css = requestURI.contains(".css"); boolean js = requestURI.contains(".js"); boolean ui = requestURI.contains("/ui"); boolean swagger = requestURI.contains("swagger"); boolean ico = requestURI.contains(".ico"); boolean docs = requestURI.contains("-docs"); boolean error = requestURI.contains("error"); boolean useragreement = requestURI.contains("useragreement"); boolean refreshToken = requestURI.contains("refreshToken"); boolean logout = requestURI.contains("logout"); boolean wxPay = requestURI.contains("wxNotify"); boolean kaphtcha = requestURI.contains("kaphtcha"); boolean uuRepay = requestURI.contains("uuRepay"); boolean uuPush = requestURI.contains("uuPush"); boolean wsPush = requestURI.contains("wsPush"); boolean wxCgi = requestURI.contains("cgi"); boolean isShop = requestURI.contains("isShop"); boolean batteryActivityPayNotify = requestURI.contains("batteryActivityPayNotify"); boolean batteryPayNotify = requestURI.contains("batteryPayNotify"); boolean tfLogin = requestURI.contains("tfLogin"); boolean noToken = requestURI.contains("noToken"); boolean listadvertisement = requestURI.contains("listadvertisement"); boolean basicScreen = requestURI.contains("basicScreen"); boolean pageEasyPhotoAdminLC = requestURI.contains("pageEasyPhotoAdminLC"); boolean putmessage = requestURI.contains("putmessage"); boolean unionDoor = requestURI.contains("unionDoor"); boolean getNewToken = requestURI.contains("getNewToken"); // boolean bigscreen = requestURI.contains("/bigscreen/party"); // boolean pageworkguide = !requestURI.contains("workguide/pageworkguide"); // boolean detailworkguide = !requestURI.contains("workguide/detailworkguide"); // boolean pagedynamic = !requestURI.contains("partybuilding/pagedynamic"); // boolean infodynamic = !requestURI.contains("partybuilding/infodynamic"); SafeboxRequestWrapper safeboxRequestWrapper = new SafeboxRequestWrapper(request); safeboxRequestWrapper.addHeader("appid", request.getHeader("appid")); if (login || doc || css || js || ui || swagger || ico || docs || error || refreshToken || useragreement || wxPay // ||wxCgi||isShop||listadvertisement||noToken||bigscreen) { || wxCgi || isShop || listadvertisement || noToken || uuRepay || kaphtcha || uuPush || tfLogin || batteryActivityPayNotify || batteryPayNotify || wsPush || basicScreen || pageEasyPhotoAdminLC || union || putmessage || unionDoor || getNewToken) { if (union && !login ) { String token; String header = request.getHeader(Constant.AUTHORIZATION); String[] tokens = request.getHeader(Constant.AUTHORIZATION).split(" "); if (tokens.length >= 2) { token = request.getHeader(Constant.AUTHORIZATION).split(" ")[1]; } else { token = request.getHeader(Constant.AUTHORIZATION); } safeboxRequestWrapper.addHeader(Constant.UNION_AUTHORIZATION, token); } // 什么也不做 } else { // 获取请求头中JWT的Token String tokenHeader = request.getHeader(TokenConstant.TOKEN_HEADER); if (null != tokenHeader && tokenHeader.startsWith(TokenConstant.TOKEN_PRE)) { // token过期 String token = tokenHeader.replace(TokenConstant.TOKEN_PRE, ""); Boolean hasKey = stringRedisTemplate.hasKey(UserConstants.LOGOUT_TOKEN + token); if (hasKey) { ResultUtil.responseJson(response, R.fail(HttpStatus.UNAUTHORIZED, "用户已经登出")); return; } Boolean expired = JWTTokenUtil.isTokenExpired(token); if (expired) { if (logout) { ResultUtil.responseJson(response, R.fail(HttpStatus.UNAUTHORIZED, "登出成功")); } else { ResultUtil.responseJson(response, R.fail(HttpStatus.UNAUTHORIZED, "token过期")); } return; } // token解析 Claims claims = JWTTokenUtil.getClaimsFromToken(token); if (ObjectUtils.isEmpty(claims)) { ResultUtil.responseJson(response, R.fail(HttpStatus.UNAUTHORIZED, "token校验失败")); return; } String userId = claims.getSubject(); int type = (Integer) claims.get("type"); if (ObjectUtils.isEmpty(userId)) { ResultUtil.responseJson(response, R.fail(HttpStatus.UNAUTHORIZED, "token校验失败")); return; } List authorities = new ArrayList<>(); List authorities1 = new ArrayList<>(); if (1 == type) {// 小程序用户统一角色 String roleAppletKey = SecurityConstants.ROLE_APPLETS_USER + userId; if (stringRedisTemplate.hasKey(roleAppletKey)) { String roles = valueOperations.get(roleAppletKey); authorities = JSONArray.parseArray(roles, SimpleGrantedAuthority.class); } else { authorities.add(new SimpleGrantedAuthority(SecurityConstants.ROLE_APPLETS)); String userKey = UserConstants.LOGIN_USER_INFO + userId; Boolean hasKeyLoginUserInfo = stringRedisTemplate.hasKey(userKey); if (hasKeyLoginUserInfo) { String userInfo = valueOperations.get(userKey); LoginUserInfoVO loginUserInfoVO = JSONObject.parseObject(userInfo, LoginUserInfoVO.class); // 判断用户是否已实名制 if (loginUserInfoVO.getIsRealNamed() != null && loginUserInfoVO.getIsRealNamed()) { authorities.add(new SimpleGrantedAuthority(SecurityConstants.ROLE_APPLETS_REAL_NAMED)); } } else { // 查询登陆用户信息 R r = userService.getUserInfoByUserId(userId); if (!R.isOk(r)) { ResultUtil.responseJson(response, R.fail(HttpStatus.ERROR, "登录用户信息查询失败")); return; } LoginUserInfoVO data = r.getData(); // 判断用户是否已实名制 if (data.getIsRealNamed() != null && data.getIsRealNamed()) { authorities.add(new SimpleGrantedAuthority(SecurityConstants.ROLE_APPLETS_REAL_NAMED)); } } valueOperations.set(roleAppletKey, JSONArray.toJSONString(authorities), 24, TimeUnit.HOURS); } } else { String key = SecurityConstants.ROLE_USER + userId; Boolean aBoolean = stringRedisTemplate.hasKey(key); if (aBoolean) { String roles = valueOperations.get(key); authorities = JSONArray.parseArray(roles, SimpleGrantedAuthority.class); } else { R> r = userService.getUserRoles(userId); List data = r.getData(); if (!ObjectUtils.isEmpty(data)) { data.forEach(s -> { authorities1.add(new SimpleGrantedAuthority(s)); }); authorities = authorities1; valueOperations.set(key, JSONArray.toJSONString(authorities), 24, TimeUnit.HOURS); } } } UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(userId, userId, authorities);// 主要使用权限 账户 密码 不重要 SecurityContextHolder.getContext().setAuthentication(authentication); safeboxRequestWrapper.addHeader(TokenConstant.TOKEN_LOGOUT, tokenHeader); // 登录用户的所有信息 String userKey = UserConstants.LOGIN_USER_INFO + userId; Boolean hasKeyLoginUserInfo = stringRedisTemplate.hasKey(userKey); if (hasKeyLoginUserInfo) { String userInfo = valueOperations.get(userKey); byte[] encrypt = AES.encrypt(userInfo, Constants.AES_KEY); String hexStr = AES.parseByte2HexStr(encrypt); safeboxRequestWrapper.addHeader(TokenConstant.TOKEN_USERINFO, hexStr); } else { R r = userService.getUserInfoByUserId(userId); if (!R.isOk(r)) { ResultUtil.responseJson(response, R.fail(HttpStatus.ERROR, "登录用户信息查询失败")); return; } LoginUserInfoVO data = r.getData(); String userInfo = JSONObject.toJSONString(data); valueOperations.set(userKey, userInfo, 24, TimeUnit.HOURS); byte[] encrypt = AES.encrypt(userInfo, Constants.AES_KEY); String hexStr = AES.parseByte2HexStr(encrypt); safeboxRequestWrapper.addHeader(TokenConstant.TOKEN_USERINFO, hexStr); } } else { // 小程序无需登录也可访问地址列表 List noLoginUrl = new ArrayList<>(); noLoginUrl.add("/api/applets/community/detaildynamic"); noLoginUrl.add("/api/applets/community/detailactivity"); noLoginUrl.add("/api/applets/community/pagedynamic"); noLoginUrl.add("/api/applets/community/pageactivity"); noLoginUrl.add("/api/applets/community/listactivitysign"); noLoginUrl.add("/api/applets/common/uploadimages"); noLoginUrl.add("/api/applets/workguide/pageworkguide"); noLoginUrl.add("/api/applets/workguide/detailworkguide"); noLoginUrl.add("/api/applets/workguide/list"); noLoginUrl.add("/api/applets/workguide/list/classify"); noLoginUrl.add("/api/applets/partybuilding/pagedynamic"); noLoginUrl.add("/api/applets/partybuilding/infodynamic"); noLoginUrl.add("/api/applets/convenient/business/area/page"); noLoginUrl.add("/api/applets/convenient/business/get"); noLoginUrl.add("/api/applets/pagehouse"); noLoginUrl.add("/api/applets/house"); noLoginUrl.add("/api/applets/index/agreement"); noLoginUrl.add("/api/applets/index/pageeasyphoto"); noLoginUrl.add("/api/applets/index/getEasyPhotoActivity"); noLoginUrl.add("/api/applets/index/detaileasyphoto"); noLoginUrl.add("/api/applets/index/pagecomacteasyphotocomment"); noLoginUrl.add("/api/applets/index/pagemicrowish"); noLoginUrl.add("/api/applets/index/microwish"); noLoginUrl.add("/api/applets/index/easyphoto/classify/list"); noLoginUrl.add("/api/applets/index/getUserReward"); noLoginUrl.add("/api/applets/pagediscuss"); noLoginUrl.add("/api/applets/discuss"); noLoginUrl.add("/api/applets/pagediscusscomment"); noLoginUrl.add("/api/applets/neighbor/pageApp"); noLoginUrl.add("/api/applets/neighbor/detail"); noLoginUrl.add("/api/applets/neighbor/forward"); noLoginUrl.add("/api/applets/partybuilding/pageserviceteam"); noLoginUrl.add("/api/applets/partybuilding/pagepartycommittee"); noLoginUrl.add("/api/applets/partybuilding/pageactivity"); noLoginUrl.add("/api/applets/community/pagevolunteer"); noLoginUrl.add("/api/applets/community/volunteer"); noLoginUrl.add("/api/applets/discuss/increase-view-num"); noLoginUrl.add("/api/applets/community/evaluate/page"); noLoginUrl.add("/api/applets/convenient/service-category/suitable"); noLoginUrl.add("/api/applets/convenient/merchant/popular"); noLoginUrl.add("/api/applets/convenient/merchant/classify"); noLoginUrl.add("/api/applets/convenient/merchant/detail"); noLoginUrl.add("/api/applets/convenient/product/list"); noLoginUrl.add("/api/applets/convenient/product/detail"); noLoginUrl.add("/api/applets/convenient/merchant/search"); noLoginUrl.add("/api/applets/convenient/product/search"); noLoginUrl.add("/api/applets/convenient/merchant/incr-consult"); noLoginUrl.add("/api/applets/convenient/merchant/incr-view"); noLoginUrl.add("/api/applets/convenient/product/incr-view"); noLoginUrl.add("/api/shopbackstage/convenient/upload/file"); noLoginUrl.add("/api/shopbackstage/convenient/upload/files"); noLoginUrl.add("/api/applets/warehouse/donates/page"); noLoginUrl.add("/api/applets/warehouse/donates/get"); noLoginUrl.add("/api/applets/property/publicity/page"); noLoginUrl.add("/api/applets/property/publicity/get"); noLoginUrl.add("/api/applets/property/publicity/list/village"); noLoginUrl.add("/api/applets/property/publicity/incr-view"); noLoginUrl.add("/api/applets/renting/houses/get"); noLoginUrl.add("/api/applets/renting/houses/nearby"); noLoginUrl.add("/api/applets/renting/houses/houseList"); noLoginUrl.add("/api/applets/renting/houses/getConfig"); noLoginUrl.add("/api/applets/comActRaffle/queryAll"); noLoginUrl.add("/api/huacheng-communitybackstage/screen/comprehensive/street/list"); noLoginUrl.add("/api/huacheng-communitybackstage/screen/comprehensive/population"); noLoginUrl.add("/api/huacheng-communitybackstage/screen/getWestScreenStatics"); noLoginUrl.add("/api/huacheng-communitybackstage/screen/comprehensive/governance"); noLoginUrl.add("/api/huacheng-communitybackstage/screen/comprehensive/partydyn"); noLoginUrl.add("/api/huacheng-communitybackstage/screen/comprehensive/pagedynamic"); noLoginUrl.add("/api/huacheng-communitybackstage/screen/get/community/password"); noLoginUrl.add("/api/huacheng-communitybackstage/pudaScreen/autonomyDynamic"); noLoginUrl.add("/api/huacheng-communitybackstage/pudaScreen/propertyDynamic"); noLoginUrl.add("/api/huacheng-communitybackstage/pudaScreen/partyData"); noLoginUrl.add("/api/huacheng-communitybackstage/pudaScreen/peopleInfo"); noLoginUrl.add("/api/huacheng-communitybackstage/pudaScreen/countryard"); noLoginUrl.add("/api/huacheng-communitybackstage/pudaScreen/basicData"); noLoginUrl.add("/api/huacheng-communitybackstage/pudaScreen/specialPeople"); noLoginUrl.add("/api/huacheng-communitybackstage/pudaScreen/activity"); noLoginUrl.add("/api/shopbackstage/microcommercialstreet/verifyCode"); noLoginUrl.add("/api/shopbackstage/mcsOrder/wxNotify"); noLoginUrl.add("/api/shopbackstage/microcommercialstreet/bindPhone"); noLoginUrl.add("/api/shopbackstage/microcommercialstreet/bind/verifyCode"); noLoginUrl.add("/api/shopbackstage/microcommercialstreet/config/all"); noLoginUrl.add("/api/shopbackstage/microcommercialstreet/merchant/get"); noLoginUrl.add("/api/shopbackstage/microcommercialstreet/index/topData"); noLoginUrl.add("/api/shopbackstage/microcommercialstreet/information/pageH5"); noLoginUrl.add("/api/shopbackstage/microcommercialstreet/game/pageH5"); noLoginUrl.add("/api/shopbackstage/microcommercialstreet/game/get"); noLoginUrl.add("/api/shopbackstage/microcommercialstreet/info/get"); noLoginUrl.add("/api/shopbackstage/microcommercialstreet/merchant/pageH5"); noLoginUrl.add("/api/applets/fms/teamType/list"); noLoginUrl.add("/api/applets/fms/team/page"); noLoginUrl.add("/api/applets/fms/classroom/page"); noLoginUrl.add("/api/applets/fms/classroom/detail"); noLoginUrl.add("/api/applets/fms/event/page"); noLoginUrl.add("/api/applets/fms/event/detail"); noLoginUrl.add("/api/applets/fms/service/page"); noLoginUrl.add("/api/applets/fms/service/detail"); noLoginUrl.add("/api/applets/comActSocialOrgHatchAudit/process"); noLoginUrl.add("/api/applets/comActSocialProject/queryAll"); noLoginUrl.add("/api/applets/comActSocialProjectPublicity/queryAll"); noLoginUrl.add("/api/applets/comActSocialOrg/queryAll"); noLoginUrl.add("/api/applets/comactsocialworker"); noLoginUrl.add("/api/applets/enterprise/detail"); noLoginUrl.add("/api/applets/enterprise/page"); noLoginUrl.add("/api/applets/dpc/detail"); noLoginUrl.add("/api/applets/dpc/page"); noLoginUrl.add("/api/applets/wx/batteryPayNotify"); noLoginUrl.add("/api/applets/wx/batteryActivityPayNotify"); noLoginUrl.add("/api/communitybackstage/comBatteryCommodityOrder/syncCloseOrder"); noLoginUrl.add("/api/applets/uu/getQRCode"); noLoginUrl.add("/api/huacheng-applets/uu/getQRCode"); noLoginUrl.add("/api/applets/unionDoor/openDoorByPhone"); noLoginUrl.add("/api/huacheng-applets/unionDoor/openDoorByPhone"); // noLoginUrl.add("/api/huacheng-union-applets/unionInspection/query"); // noLoginUrl.add("/api/huacheng-union-applets/unionInspection/add"); // noLoginUrl.add("/api/huacheng-union-applets/unionOutdoorLaborDynamic/page"); // noLoginUrl.add("/api/huacheng-union-applets/unionOutdoorLaborDynamic/{id}"); // noLoginUrl.add("/api/huacheng-union-applets/unionOutdoorSite/page"); // noLoginUrl.add("/api/huacheng-union-applets/unionInspection/{id}"); // noLoginUrl.add("/api/huacheng-union-applets/unionReport/add"); // noLoginUrl.add("/api/huacheng-union-applets/unionReport/query"); // noLoginUrl.add("/api/huacheng-union-applets/unionUser/authentication"); // response.setHeader("Access-Control-Allow-Origin", "*"); // response.setHeader("Access-Control-Allow-Methods", "GET, POST, PUT, DELETE, OPTIONS"); // response.setHeader("Access-Control-Allow-Headers", "Content-Type, Authorization"); if (noLoginUrl.contains(requestURI)) { List authorities = new ArrayList<>(); authorities.add(new SimpleGrantedAuthority(SecurityConstants.ROLE_APPLETS)); UsernamePasswordAuthenticationToken authentication = new UsernamePasswordAuthenticationToken(null, null, authorities); SecurityContextHolder.getContext().setAuthentication(authentication); } else { ResultUtil.responseJson(response, R.fail(HttpStatus.UNAUTHORIZED, "token校验失败")); return; } } } // response.addHeader("Access-Control-Allow-Origin","*"); filterChain.doFilter(safeboxRequestWrapper, response); } @Override public void destroy() { } }