+单点登录验证指定URI处理;

a2a54376 · 张国柄 · c605ea7e · a2a54376 · a2a54376
Commit a2a54376 authored Nov 08, 2021 by 张国柄
Showing with 67 additions and 11 deletions

GlobalAuthorityInterceptor.java ...quidnet/common/web/filter/GlobalAuthorityInterceptor.java +52 -11

liquidnet-service-kylin.yml ...t-bus-config/liquidnet-config/liquidnet-service-kylin.yml +15 -0

No files found.
--- a/liquidnet-bus-common/liquidnet-common-web/src/main/java/com/liquidnet/common/web/filter/GlobalAuthorityInterceptor.java
+++ b/liquidnet-bus-common/liquidnet-common-web/src/main/java/com/liquidnet/common/web/filter/GlobalAuthorityInterceptor.java
@@ -31,6 +31,15 @@ import java.util.List;
 @ConfigurationProperties(prefix = "global-auth")
 public class GlobalAuthorityInterceptor extends HandlerInterceptorAdapter {
    private static final Logger log = LoggerFactory.getLogger(GlobalAuthorityInterceptor.class);
+    /**
+     * 单点登录验证（与模式I、模式II并存）
+     * <p>
+     * 需要验证单点登录的URI.REGEX
+     * -    为空: 默认全不需要单点登录验证
+     * -    非空: 配置URI需要单点登录验证
+     * </p>
+     */
+    private List<String> oncheckUrlPattern;
    /**
     * 模式I（与模式II互斥）
     * <p>
@@ -99,7 +108,8 @@ public class GlobalAuthorityInterceptor extends HandlerInterceptorAdapter {
            if (StringUtils.isEmpty(currentUid)) {
                return this.responseHandlerRefuse(response, TOKEN_ILLEGAL);
            }
-            return this.authorityHandler(response, uri, token, currentUid, claims);
+            return !this.ssoOncheckOptional(uri) || this.authorityHandler(response, uri, token, currentUid, claims);
+//            return this.authorityHandler(response, uri, token, currentUid, claims);
        } else if (!CollectionUtils.isEmpty(includeUrlPattern)) {
            for (String urlPattern : includeUrlPattern) {
                if (antPathMatcher.match(urlPattern, uri)) {// 匹配到的需要鉴权
@@ -110,7 +120,8 @@ public class GlobalAuthorityInterceptor extends HandlerInterceptorAdapter {
                    if (StringUtils.isEmpty(currentUid)) {
                        return this.responseHandlerRefuse(response, TOKEN_ILLEGAL);
                    }
-                    return this.authorityHandler(response, uri, token, currentUid, claims);
+                    return !this.ssoOncheckOptional(uri) || this.authorityHandler(response, uri, token, currentUid, claims);
+//                    return this.authorityHandler(response, uri, token, currentUid, claims);
                }
            }
        }
@@ -134,6 +145,10 @@ public class GlobalAuthorityInterceptor extends HandlerInterceptorAdapter {
 //        return false;
    }
+    public void setOncheckUrlPattern(List<String> oncheckUrlPattern) {
+        this.oncheckUrlPattern = oncheckUrlPattern;
+    }
    public void setExcludeUrlPattern(List<String> excludeUrlPattern) {
        this.excludeUrlPattern = excludeUrlPattern;
    }
@@ -142,16 +157,23 @@ public class GlobalAuthorityInterceptor extends HandlerInterceptorAdapter {
        this.includeUrlPattern = includeUrlPattern;
    }
-    private void responseHandler(HttpServletResponse response, String responseCode) throws IOException {
+    /* -- - - -- - - -- - - -- - - -- - - -- - - -- - - -- - - -- - - -- - - -- - - -- - - -- - - -- - - -- - - - */
+//    private void responseHandler(HttpServletResponse response, String responseCode) throws IOException {
+//        ResponseDto<Object> responseDto = ResponseDto.failure(ErrorMapping.get(responseCode));
+//        response.setCharacterEncoding(StandardCharsets.UTF_8.name());
+//        response.setStatus(HttpServletResponse.SC_OK);
+//        response.setContentType(CONTENT_TYPE);
+//        response.getWriter().write(JsonUtils.toJson(responseDto));
+//    }
+    private boolean responseHandlerRefuse(HttpServletResponse response, String responseCode) throws IOException {
+//        this.responseHandler(response, responseCode);
        ResponseDto<Object> responseDto = ResponseDto.failure(ErrorMapping.get(responseCode));
        response.setCharacterEncoding(StandardCharsets.UTF_8.name());
        response.setStatus(HttpServletResponse.SC_OK);
        response.setContentType(CONTENT_TYPE);
        response.getWriter().write(JsonUtils.toJson(responseDto));
-    }
-    private boolean responseHandlerRefuse(HttpServletResponse response, String responseCode) throws IOException {
-        this.responseHandler(response, responseCode);
        return false;
    }
@@ -199,6 +221,25 @@ public class GlobalAuthorityInterceptor extends HandlerInterceptorAdapter {
        }
    }*/
+    /**
+     * 根据[oncheckUrlPattern]执行单点登录验证
+     *
+     * @param uri 请求URI
+     * @return true-需要单点验证
+     */
+    private boolean ssoOncheckOptional(String uri) {
+        if (!CollectionUtils.isEmpty(oncheckUrlPattern)) {
+            for (String urlPattern : oncheckUrlPattern) {
+                if (antPathMatcher.match(urlPattern, uri)) {// 匹配到的单点登录验证
+                    return true;
+                }
+            }
+            return false;
+        }
+        return false;
+    }
    private boolean authorityHandler(HttpServletResponse response, String uri, String token, String currentUid, Claims claims) throws IOException {
        String tokenType = (String) claims.get(CurrentUtil.TOKEN_TYPE);
        switch (tokenType) {
@@ -234,17 +275,17 @@ public class GlobalAuthorityInterceptor extends HandlerInterceptorAdapter {
        try {
            long s = System.currentTimeMillis();
            String encrypt = DESUtils.DES().encrypt(ssokey);
-            log.info("#ATH.ENCRYPT耗时:{}ms", System.currentTimeMillis() - s);
+//            log.info("#ATH.ENCRYPT耗时:{}ms", System.currentTimeMillis() - s);
-            s = System.currentTimeMillis();
+//            s = System.currentTimeMillis();
            ResponseDto<String> check = feignAuthorityClient.check(encrypt);
            log.info("#ATH.VALID耗时:{}ms", System.currentTimeMillis() - s);
            if (check.isSuccess()) {
                String valEncrypt = check.getData();
                if (!StringUtils.isEmpty(valEncrypt)) {
-                    s = System.currentTimeMillis();
+//                    s = System.currentTimeMillis();
                    val = DESUtils.DES().decrypt(valEncrypt);
-                    log.info("#ATH.DECRYPT耗时:{}ms", System.currentTimeMillis() - s);
+//                    log.info("#ATH.DECRYPT耗时:{}ms", System.currentTimeMillis() - s);
                }
            }
        } catch (Exception e) {

--- a/liquidnet-bus-config/liquidnet-config/liquidnet-service-kylin.yml
+++ b/liquidnet-bus-config/liquidnet-config/liquidnet-service-kylin.yml
@@ -148,6 +148,21 @@ global-auth:
    - ${liquidnet.info.context}/performance/calendarPerformances
    - ${liquidnet.info.context}/performance/*
    - ${liquidnet.info.context}/myPerformance/*
+  oncheck-url-pattern:
+    - ${liquidnet.info.context}/order/details
+    - ${liquidnet.info.context}/order/transfer*
+#    - ${liquidnet.info.context}/order/transfer
+#    - ${liquidnet.info.context}/order/transferWithDraw
+#    - ${liquidnet.info.context}/order/transferAccept
+#    - ${liquidnet.info.context}/order/transferReject
+#    - ${liquidnet.info.context}/order/transferBack
+    - ${liquidnet.info.context}/order*/sendOrderRefunds
+    - ${liquidnet.info.context}/order*/orderRefundWithdraw
+#    - ${liquidnet.info.context}/order/sendOrderRefunds
+#    - ${liquidnet.info.context}/order/orderRefundWithdraw
+#    - ${liquidnet.info.context}/orderRefund/sendOrderRefunds
+#    - ${liquidnet.info.context}/orderRefund/orderRefundWithdraw
+    - ${liquidnet.info.context}/station/out
 # -----------------------------------------------------------
 # -----------------------------------------------------------