鉴权调整;

liquidnet-bus-common/liquidnet-common-base/src/main/java/com/liquidnet/commons/lang/util/DESUtils.java

-/**
- * $Id: DESUtils.java 2152 2015-12-14 10:18:50Z yupengfei $
- * Copyright(C) 2014-2020 netease - easegame, All Rights Reserved.
- */
 package com.liquidnet.commons.lang.util;
 
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
 import javax.crypto.Cipher;
 import java.security.Key;
 
-/**
- *
- * @author <a href="mailto:yupengfei@kowlone.com">kowlone</a>
- * @version 1.0 2015年12月14日 下午6:05:38
- */
 public class DESUtils {
+	private static final Logger log = LoggerFactory.getLogger(DESUtils.class);
 
-	/** 字符串默认键值     */
-	  private static String strDefaultKey = "national";
+    /**
+     * 字符串默认键值
+     */
+    private static final String strDefaultKey = "national";
 
-	  /** 加密工具     */
+    /**
+     * 加密工具
+     */
     private Cipher encryptCipher = null;
 
-	  /** 解密工具     */
+    /**
+     * 解密工具
+     */
     private Cipher decryptCipher = null;
 
+    /* ------------------------------------ 初始加解密类 ------------------------------------ */
+
+	private static DESUtils DES;
+
+	static {
+		try {
+			DES = new DESUtils();
+		} catch (Exception e) {
+			log.error("初始化DESUtils失败", e);
+		}
+	}
+
+	public static DESUtils DES() {
+		return DES;
+	}
+
+	/* ------------------------------------ ---------- ------------------------------------ */
+
     /**
      * 将byte数组转换为表示16进制值的字符串， 如：byte[]{8,18}转换为：0813， 和public static byte[]
      * hexStr2ByteArr(String strIn) 互为可逆的转换过程
      *
-	   * @param arrB
-	   *            需要转换的byte数组
+     * @param arrB 需要转换的byte数组
      * @return 转换后的字符串
-	   * @throws Exception
-	   *             本方法不处理任何异常，所有异常全部抛出
+     * @throws Exception 本方法不处理任何异常，所有异常全部抛出
      */
     public static String byteArr2HexStr(byte[] arrB) throws Exception {
         int iLen = arrB.length;
@@ -56,11 +73,9 @@ public class DESUtils {
      * 将表示16进制值的字符串转换为byte数组， 和public static String byteArr2HexStr(byte[] arrB)
      * 互为可逆的转换过程
      *
-	   * @param strIn
-	   *            需要转换的字符串
+     * @param strIn 需要转换的字符串
      * @return 转换后的byte数组
-	   * @throws Exception
-	   *             本方法不处理任何异常，所有异常全部抛出
+     * @throws Exception 本方法不处理任何异常，所有异常全部抛出
      * @author <a href="mailto:leo841001@163.com">LiGuoQing</a>
      */
     public static byte[] hexStr2ByteArr(String strIn) throws Exception {
@@ -88,8 +103,7 @@ public class DESUtils {
     /**
      * 指定密钥构造方法
      *
-	   * @param strKey
-	   *            指定的密钥
+     * @param strKey 指定的密钥
      * @throws Exception
      */
     public DESUtils(String strKey) throws Exception {
@@ -105,8 +119,7 @@ public class DESUtils {
     /**
      * 加密字节数组
      *
-	   * @param arrB
-	   *            需加密的字节数组
+     * @param arrB 需加密的字节数组
      * @return 加密后的字节数组
      * @throws Exception
      */
@@ -117,8 +130,7 @@ public class DESUtils {
     /**
      * 加密字符串
      *
-	   * @param strIn
-	   *            需加密的字符串
+     * @param strIn 需加密的字符串
      * @return 加密后的字符串
      * @throws Exception
      */
@@ -129,8 +141,7 @@ public class DESUtils {
     /**
      * 解密字节数组
      *
-	   * @param arrB
-	   *            需解密的字节数组
+     * @param arrB 需解密的字节数组
      * @return 解密后的字节数组
      * @throws Exception
      */
@@ -141,8 +152,7 @@ public class DESUtils {
     /**
      * 解密字符串
      *
-	   * @param strIn
-	   *            需解密的字符串
+     * @param strIn 需解密的字符串
      * @return 解密后的字符串
      * @throws Exception
      */
@@ -153,8 +163,7 @@ public class DESUtils {
     /**
      * 从指定字符串生成密钥，密钥所需的字节数组长度为8位 不足8位时后面补0，超出8位只取前8位
      *
-	   * @param arrBTmp
-	   *            构成该字符串的字节数组
+     * @param arrBTmp 构成该字符串的字节数组
      * @return 生成的密钥
      * @throws Exception
      */

liquidnet-bus-common/liquidnet-common-web/pom.xml

@@ -24,6 +24,11 @@
             <artifactId>liquidnet-common-cache-redis</artifactId>
             <version>1.0-SNAPSHOT</version>
         </dependency>
+        <dependency>
+            <groupId>com.liquidnet</groupId>
+            <artifactId>liquidnet-api-feign-auth</artifactId>
+            <version>1.0-SNAPSHOT</version>
+        </dependency>
     </dependencies>
 
 </project>

liquidnet-bus-common/liquidnet-common-web/src/main/java/com/liquidnet/common/web/filter/GlobalAuthorityInterceptor.java

 package com.liquidnet.common.web.filter;
 
-import com.liquidnet.common.cache.redis.util.RedisUtil;
 import com.liquidnet.commons.lang.core.JwtValidator;
 import com.liquidnet.commons.lang.util.CurrentUtil;
+import com.liquidnet.commons.lang.util.DESUtils;
 import com.liquidnet.commons.lang.util.JsonUtils;
 import com.liquidnet.service.base.ErrorMapping;
 import com.liquidnet.service.base.ResponseDto;
+import com.liquidnet.service.feign.auth.rsc.FeignAuthorityClient;
 import io.jsonwebtoken.Claims;
 import io.jsonwebtoken.ExpiredJwtException;
-import lombok.Data;
-import lombok.extern.slf4j.Slf4j;
 import org.apache.commons.lang3.StringUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.context.properties.ConfigurationProperties;
-import org.springframework.core.env.Environment;
 import org.springframework.stereotype.Component;
 import org.springframework.util.AntPathMatcher;
 import org.springframework.util.DigestUtils;
@@ -25,12 +25,12 @@ import java.io.IOException;
 import java.nio.charset.StandardCharsets;
 import java.util.List;
 
-@Slf4j
-@Data
 @Component
 @ConfigurationProperties(prefix = "global-auth")
 public class GlobalAuthorityInterceptor extends HandlerInterceptorAdapter {
-    private List<String> includeUrlPattern;
+    private static final Logger log = LoggerFactory.getLogger(GlobalAuthorityInterceptor.class);
+
+    //private List<String> includeUrlPattern;
     private List<String> excludeUrlPattern;
 
     private static final String CONTENT_TYPE = "application/json;charset=utf-8";
@@ -38,16 +38,12 @@ public class GlobalAuthorityInterceptor extends HandlerInterceptorAdapter {
     private static final String TOKEN_KICK = "40002";
     private static final String TOKEN_INVALID = "40003";
 
-//    private static final String KYLIN_STATION_JWT_VALID = "/*/station/**";
-
     private final static AntPathMatcher antPathMatcher = new AntPathMatcher();
 
-    @Autowired
-    Environment env;
     @Autowired
     JwtValidator jwtValidator;
     @Autowired
-    RedisUtil redisUtil;
+    FeignAuthorityClient feignAuthorityClient;
 
     @Override
     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
@@ -68,11 +64,9 @@ public class GlobalAuthorityInterceptor extends HandlerInterceptorAdapter {
                 request.setAttribute(CurrentUtil.uTag, JsonUtils.toJson(claims));
 
             } catch (ExpiredJwtException expiredJwtEx) {
-                responseCode = TOKEN_INVALID;
-                log.error("Ex.ExpiredJwtException:{},responseCode:{}", expiredJwtEx.getMessage(), responseCode);
+                log.error("Ex.ExpiredJwtException:{},responseCode:{}", expiredJwtEx.getMessage(), responseCode = TOKEN_INVALID);
             } catch (Exception ex) {
-                responseCode = TOKEN_ILLEGAL;
-                log.error("Ex.Exception:{},responseCode:{}", ex.getMessage(), responseCode);
+                log.error("Ex.Exception:{},responseCode:{}", ex.getMessage(), responseCode = TOKEN_ILLEGAL);
             }
         } else {
             responseCode = TOKEN_ILLEGAL;
@@ -84,13 +78,11 @@ public class GlobalAuthorityInterceptor extends HandlerInterceptorAdapter {
             }
         }
         if (StringUtils.isNotEmpty(responseCode)) {
-            this.responseHandler(response, responseCode);
             log.warn("Authority failed:{},uri:[{}],authorization:{}", responseCode, uri, authorization);
-            return false;
+            return this.responseHandlerRefuse(response, responseCode);
         }
         if (StringUtils.isEmpty(currentUid)) {
-            this.responseHandler(response, TOKEN_ILLEGAL);
-            return false;
+            return this.responseHandlerRefuse(response, TOKEN_ILLEGAL);
         }
         if (this.authorityHandler(response, uri, token, currentUid, claims)) {
             return true;
@@ -98,6 +90,10 @@ public class GlobalAuthorityInterceptor extends HandlerInterceptorAdapter {
         return false;
     }
 
+    public void setExcludeUrlPattern(List<String> excludeUrlPattern) {
+        this.excludeUrlPattern = excludeUrlPattern;
+    }
+
     private void responseHandler(HttpServletResponse response, String responseCode) throws IOException {
         ResponseDto<Object> responseDto = ResponseDto.failure(ErrorMapping.get(responseCode));
         response.setCharacterEncoding(StandardCharsets.UTF_8.name());
@@ -106,44 +102,12 @@ public class GlobalAuthorityInterceptor extends HandlerInterceptorAdapter {
         response.getWriter().write(JsonUtils.toJson(responseDto));
     }
 
-    private boolean authorityHandler(HttpServletResponse response, String uri, String token, String currentUid, Claims claims) throws IOException {
-//        if (antPathMatcher.match(KYLIN_STATION_JWT_VALID, uri)) {// 专业版APP
-//            // adam:identity:sso:${uid}:MD5(${token})=${1-在线|0-离线}
-//            String ssoUidM5TokenKey = jwtValidator.getMsoRedisKey()
-//                    .concat(currentUid).concat(":").concat(DigestUtils.md5DigestAsHex(token.getBytes(StandardCharsets.UTF_8)));
-//            Integer online = (Integer) redisUtil.get(ssoUidM5TokenKey);
-//            if (null == online || online != 1) {
-//                // 已离线
-//                this.responseHandler(response, TOKEN_INVALID);
-//
-//                return false;
-//            } else {
-//                return true;
-//            }
-//        } else {
-//            // adam:identity:sso:${uid}=MD5(${token})
-//            String ssoKey = jwtValidator.getSsoRedisKey().concat(currentUid), md5Token;
-//
-//            if (StringUtils.isEmpty(md5Token = (String) redisUtil.get(ssoKey))) {
-//                // 已离线
-//                this.responseHandler(response, TOKEN_INVALID);
-//
-//                return false;
-//            } else {
-//                // 与在线TOKEN比对
-//                if (md5Token.equals(DigestUtils.md5DigestAsHex(token.getBytes(StandardCharsets.UTF_8)))) {
-//                    // 一致则放行
-//                    return true;
-//                } else {
-//                    // 不一致则被踢下线
-//                    this.responseHandler(response, TOKEN_KICK);
-//
-//                    return false;
-//                }
-//            }
-//        }
-
+    private boolean responseHandlerRefuse(HttpServletResponse response, String responseCode) throws IOException {
+        this.responseHandler(response, responseCode);
+        return false;
+    }
 
+    /*private boolean authorityHandler(HttpServletResponse response, String uri, String token, String currentUid, Claims claims) throws IOException {
         String tokenType = (String) claims.get(CurrentUtil.TOKEN_TYPE);
         switch (tokenType) {
             case CurrentUtil.TOKEN_TYPE_VAL_STATION:// 专业版APP
@@ -185,5 +149,52 @@ public class GlobalAuthorityInterceptor extends HandlerInterceptorAdapter {
                 this.responseHandler(response, TOKEN_ILLEGAL);
                 return false;
         }
+    }*/
+
+    private boolean authorityHandler(HttpServletResponse response, String uri, String token, String currentUid, Claims claims) throws IOException {
+        String tokenType = (String) claims.get(CurrentUtil.TOKEN_TYPE);
+        switch (tokenType) {
+            case CurrentUtil.TOKEN_TYPE_VAL_STATION:// [专业版APP] adam:identity:sso:${uid}:MD5(${token})=${1-在线|0-离线}
+                String ssoUidM5TokenKey = jwtValidator.getMsoRedisKey()
+                        .concat(currentUid).concat(":").concat(DigestUtils.md5DigestAsHex(token.getBytes(StandardCharsets.UTF_8)));
+
+                String val = this.getAccessToken(ssoUidM5TokenKey);
+                Integer online = null == val ? null : Integer.valueOf(val);
+
+                return null != online && online == 1 || this.responseHandlerRefuse(response, TOKEN_INVALID);
+            case CurrentUtil.TOKEN_TYPE_VAL_USER:// adam:identity:sso:${uid}=MD5(${token})
+                String ssoKey = jwtValidator.getSsoRedisKey().concat(currentUid);
+
+                String md5Token = this.getAccessToken(ssoKey);
+
+                return StringUtils.isEmpty(md5Token) ? this.responseHandlerRefuse(response, TOKEN_INVALID)
+                        : (md5Token.equals(DigestUtils.md5DigestAsHex(token.getBytes(StandardCharsets.UTF_8))) || this.responseHandlerRefuse(response, TOKEN_KICK));
+            default:
+                log.warn("Authority failed:{} (Unknown token type).uri:[{}],token:{}", TOKEN_ILLEGAL, uri, token);
+                return this.responseHandlerRefuse(response, TOKEN_ILLEGAL);
+        }
+    }
+
+    /**
+     * 查取服务器令牌票据
+     *
+     * @param ssokey 用户令牌KEY
+     * @return String 令牌票据
+     */
+    public String getAccessToken(String ssokey) {
+        String val = null;
+        try {
+            ResponseDto<String> check = feignAuthorityClient.check(DESUtils.DES().encrypt(ssokey));
+            if (check.isSuccess()) {
+                String valEncrypt = check.getData();
+
+                if (!StringUtils.isEmpty(valEncrypt)) {
+                    val = DESUtils.DES().decrypt(valEncrypt);
+                }
+            }
+        } catch (Exception e) {
+            log.error("Authority.check exception", e);
+        }
+        return val;
     }
 }

liquidnet-bus-feign/liquidnet-api-feign-auth/pom.xml

+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>liquidnet-bus-feign</artifactId>
+        <groupId>com.liquidnet</groupId>
+        <version>1.0-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>liquidnet-api-feign-auth</artifactId>
+
+    <properties>
+        <maven.compiler.source>8</maven.compiler.source>
+        <maven.compiler.target>8</maven.compiler.target>
+    </properties>
+
+</project>
\ No newline at end of file

liquidnet-bus-feign/liquidnet-api-feign-auth/src/main/java/com/liquidnet/service/feign/auth/rsc/FeignAuthorityClient.java

+package com.liquidnet.service.feign.auth.rsc;
+
+import com.liquidnet.service.base.ResponseDto;
+import feign.hystrix.FallbackFactory;
+import org.springframework.cloud.openfeign.FeignClient;
+import org.springframework.stereotype.Component;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+
+@Component
+@FeignClient(name = "liquidnet-service-adam",
+        contextId = "FeignAuthorityClient", path = "adam",
+        url = "${liquidnet.service.adam.url}",
+        fallback = FallbackFactory.Default.class)
+public interface FeignAuthorityClient {
+
+    @PostMapping("ath/check")
+    ResponseDto<String> check(@RequestParam(value = "seal") String seal);
+}

liquidnet-bus-feign/pom.xml

@@ -11,13 +11,14 @@
     <artifactId>liquidnet-bus-feign</artifactId>
     <packaging>pom</packaging>
     <modules>
+        <module>liquidnet-api-feign-auth</module>
         <module>liquidnet-api-feign-adam</module>
         <module>liquidnet-api-feign-kylin</module>
         <module>liquidnet-api-feign-dragon</module>
         <module>liquidnet-api-feign-platform</module>
         <module>liquidnet-api-feign-sweet</module>
         <module>liquidnet-api-feign-chime</module>
-        <!--        <module>liquidnet-api-feign-sequence</module>-->
+<!--        <module>liquidnet-api-feign-sequence</module>-->
 <!--        <module>liquidnet-api-feign-example</module>-->
 <!--        <module>liquidnet-api-feign-account</module>-->
 <!--        <module>liquidnet-api-feign-bank</module>-->

liquidnet-bus-service/liquidnet-service-adam/liquidnet-service-adam-impl/src/main/java/com/liquidnet/service/adam/config/AdamWebMvcConfig.java

 package com.liquidnet.service.adam.config;
 
 import com.liquidnet.common.web.config.WebMvcConfig;
-import com.liquidnet.common.web.filter.GlobalAuthorityInterceptor;
+import com.liquidnet.service.adam.interceptor.AdamAuthorityInterceptor;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
@@ -9,11 +9,11 @@ import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 @Configuration
 public class AdamWebMvcConfig extends WebMvcConfig {
     @Autowired
-    GlobalAuthorityInterceptor globalAuthorityInterceptor;
+    AdamAuthorityInterceptor adamAuthorityInterceptor;
 
     @Override
     protected void addInterceptors(InterceptorRegistry registry) {
-        registry.addInterceptor(globalAuthorityInterceptor).addPathPatterns("/**");
+        registry.addInterceptor(adamAuthorityInterceptor).addPathPatterns("/**");
         super.addInterceptors(registry);
     }
 }

liquidnet-bus-service/liquidnet-service-adam/liquidnet-service-adam-impl/src/main/java/com/liquidnet/service/adam/controller/GlobalAuthorityController.java

+package com.liquidnet.service.adam.controller;
+
+import com.liquidnet.common.cache.redis.util.RedisUtil;
+import com.liquidnet.commons.lang.util.DESUtils;
+import com.liquidnet.service.base.ResponseDto;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RequestParam;
+import org.springframework.web.bind.annotation.RestController;
+
+@Slf4j
+@RestController
+@RequestMapping("ath")
+public class GlobalAuthorityController {
+    @Autowired
+    RedisUtil redisUtil;
+
+    @PostMapping("check")
+    public ResponseDto<String> check(@RequestParam String seal) {
+        try {
+            String sealDecrypt = DESUtils.DES().decrypt(seal);
+
+            Object valObj = redisUtil.get(sealDecrypt);
+
+            String valEncrypt = null;
+            if (null != valObj) {
+                if (valObj instanceof String) {
+                    valEncrypt = DESUtils.DES().encrypt((String) valObj);
+                } else if (valObj instanceof Integer) {
+                    valEncrypt = DESUtils.DES().encrypt(valObj.toString());
+                }
+            }
+
+            return ResponseDto.success(valEncrypt);
+        } catch (Exception e) {
+            log.error("auth.check decrypt exception", e);
+            return ResponseDto.failure("Invalid seal");
+        }
+    }
+}

liquidnet-bus-service/liquidnet-service-adam/liquidnet-service-adam-impl/src/main/java/com/liquidnet/service/adam/interceptor/AdamAuthorityInterceptor.java

+package com.liquidnet.service.adam.interceptor;
+
+import com.liquidnet.common.cache.redis.util.RedisUtil;
+import com.liquidnet.common.web.filter.GlobalAuthorityInterceptor;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+@Component
+public class AdamAuthorityInterceptor extends GlobalAuthorityInterceptor {
+    private static final Logger log = LoggerFactory.getLogger(GlobalAuthorityInterceptor.class);
+
+    @Autowired
+    RedisUtil redisUtil;
+
+    @Override
+    public String getAccessToken(String ssokey) {
+        String val = null;
+        try {
+            val = (String) redisUtil.get(ssokey);
+        } catch (Exception e) {
+            log.error("Authority.check exception", e);
+        }
+        return val;
+    }
+}

liquidnet-bus-service/liquidnet-service-kylin/liquidnet-service-kylin-impl/src/main/java/com/liquidnet/service/ServiceKylinApplication.java

@@ -5,6 +5,7 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.CommandLineRunner;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.cloud.openfeign.EnableFeignClients;
 import org.springframework.core.env.Environment;
 import org.springframework.scheduling.annotation.EnableAsync;
 
@@ -13,6 +14,7 @@ import java.util.Arrays;
 
 @EnableAsync
 @Slf4j
+@EnableFeignClients
 @SpringBootApplication(scanBasePackages = {"com.liquidnet"})
 public class ServiceKylinApplication implements CommandLineRunner {
     @Autowired

liquidnet-bus-service/liquidnet-service-order/liquidnet-service-order-impl/src/main/java/com/liquidnet/service/ServiceOrderApplication.java

@@ -5,12 +5,14 @@ import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.CommandLineRunner;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
+import org.springframework.cloud.openfeign.EnableFeignClients;
 import org.springframework.core.env.Environment;
 
 import java.net.InetAddress;
 import java.util.Arrays;
 
 @Slf4j
+@EnableFeignClients
 @SpringBootApplication(scanBasePackages = {"com.liquidnet"})
 public class ServiceOrderApplication implements CommandLineRunner {
     @Autowired