From ee454ace9d87dbad631c1c2b0fdd8a5ab2e6869a Mon Sep 17 00:00:00 2001 From: gaibu <1016771049@qq.com> Date: Sat, 7 Jan 2023 02:08:22 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E7=A7=AF=E6=9C=A8=E6=8A=A5=E8=A1=A8=20A?= =?UTF-8?q?PI=20=E6=95=B0=E6=8D=AE=E9=9B=86=E8=A7=A3=E6=9E=90=E6=97=B6=20t?= =?UTF-8?q?oken=20=E6=9C=AA=E6=AD=A3=E7=A1=AE=E8=A7=A3=E6=9E=90=E7=9A=84?= =?UTF-8?q?=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../common/enums/WebFilterOrderEnum.java | 8 +- .../security/config/SecurityProperties.java | 2 - .../filter/TokenAuthenticationFilter.java | 26 +--- .../config/JmReportConfiguration.java | 11 ++ .../core/web/JmReportTokenFilter.java | 132 ++++++++++++++++++ 5 files changed, 151 insertions(+), 28 deletions(-) create mode 100644 yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/core/web/JmReportTokenFilter.java diff --git a/yudao-framework/yudao-common/src/main/java/cn/iocoder/yudao/framework/common/enums/WebFilterOrderEnum.java b/yudao-framework/yudao-common/src/main/java/cn/iocoder/yudao/framework/common/enums/WebFilterOrderEnum.java index 54d4be9d9..23a1f3b75 100644 --- a/yudao-framework/yudao-common/src/main/java/cn/iocoder/yudao/framework/common/enums/WebFilterOrderEnum.java +++ b/yudao-framework/yudao-common/src/main/java/cn/iocoder/yudao/framework/common/enums/WebFilterOrderEnum.java @@ -2,8 +2,8 @@ package cn.iocoder.yudao.framework.common.enums; /** * Web 过滤器顺序的枚举类,保证过滤器按照符合我们的预期 - * - * 考虑到每个 starter 都需要用到该工具类,所以放到 common 模块下的 enums 包下 + *

+ * 考虑到每个 starter 都需要用到该工具类,所以放到 common 模块下的 enums 包下 * * @author 芋道源码 */ @@ -17,7 +17,9 @@ public interface WebFilterOrderEnum { // OrderedRequestContextFilter 默认为 -105,用于国际化上下文等等 - int TENANT_CONTEXT_FILTER = - 104; // 需要保证在 ApiAccessLogFilter 前面 + int JM_TOKEN_FILTER = -105; // 需要保证在 Spring Security 过滤前面 + + int TENANT_CONTEXT_FILTER = -104; // 需要保证在 ApiAccessLogFilter 前面 int API_ACCESS_LOG_FILTER = -103; // 需要保证在 RequestBodyCacheFilter 后面 diff --git a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/SecurityProperties.java b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/SecurityProperties.java index dfc1113f0..7454b5ff6 100644 --- a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/SecurityProperties.java +++ b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/SecurityProperties.java @@ -20,8 +20,6 @@ public class SecurityProperties { @NotEmpty(message = "Token Header 不能为空") private String tokenHeader = "Authorization"; - private String jmTokenHeader = "X-Access-Token"; - /** * mock 模式的开关 */ diff --git a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/filter/TokenAuthenticationFilter.java b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/filter/TokenAuthenticationFilter.java index d6624a1de..e87f5bc44 100644 --- a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/filter/TokenAuthenticationFilter.java +++ b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/filter/TokenAuthenticationFilter.java @@ -21,7 +21,6 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; -import java.util.Optional; /** * Token 过滤器,验证 token 的有效性 @@ -63,25 +62,6 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter { return; } } - // 积木请求头 - String jmTokenHeader = request.getHeader(securityProperties.getJmTokenHeader()); - if (StrUtil.isNotEmpty(jmTokenHeader)) { - try { - OAuth2AccessTokenCheckRespDTO accessToken = oauth2TokenApi.checkAccessToken(jmTokenHeader); - Optional optUser = Optional.ofNullable(accessToken) - .map( - t -> new LoginUser().setId(t.getUserId()) - .setUserType(t.getUserType()) - .setTenantId(t.getTenantId()) - .setScopes(t.getScopes()) - ); - if (optUser.isPresent()) { - SecurityFrameworkUtils.setLoginUser(optUser.get(), request); - } - } catch (ServiceException ignored) { - // do nothing:如果报错,说明认证失败,忽略即可 - } - } // 继续过滤链 chain.doFilter(request, response); @@ -108,11 +88,11 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter { /** * 模拟登录用户,方便日常开发调试 - *

+ * * 注意,在线上环境下,一定要关闭该功能!!! * - * @param request 请求 - * @param token 模拟的 token,格式为 {@link SecurityProperties#getMockSecret()} + 用户编号 + * @param request 请求 + * @param token 模拟的 token,格式为 {@link SecurityProperties#getMockSecret()} + 用户编号 * @param userType 用户类型 * @return 模拟的 LoginUser */ diff --git a/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/config/JmReportConfiguration.java b/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/config/JmReportConfiguration.java index 59510b5ff..2b5d21806 100644 --- a/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/config/JmReportConfiguration.java +++ b/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/config/JmReportConfiguration.java @@ -1,8 +1,11 @@ package cn.iocoder.yudao.module.visualization.framework.jmreport.config; +import cn.iocoder.yudao.framework.common.enums.WebFilterOrderEnum; import cn.iocoder.yudao.module.system.api.oauth2.OAuth2TokenApi; import cn.iocoder.yudao.module.visualization.framework.jmreport.core.service.JmReportTokenServiceImpl; +import cn.iocoder.yudao.module.visualization.framework.jmreport.core.web.JmReportTokenFilter; import org.jeecg.modules.jmreport.api.JmReportTokenServiceI; +import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.Configuration; @@ -22,4 +25,12 @@ public class JmReportConfiguration { return new JmReportTokenServiceImpl(oAuth2TokenApi); } + @Bean + @SuppressWarnings("SpringJavaInjectionPointsAutowiringInspection") + public FilterRegistrationBean registerMyAnotherFilter(OAuth2TokenApi oAuth2TokenApi){ + FilterRegistrationBean bean = new FilterRegistrationBean<>(); + bean.setOrder(WebFilterOrderEnum.JM_TOKEN_FILTER); + bean.setFilter(new JmReportTokenFilter(oAuth2TokenApi)); + return bean; + } } diff --git a/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/core/web/JmReportTokenFilter.java b/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/core/web/JmReportTokenFilter.java new file mode 100644 index 000000000..55598141c --- /dev/null +++ b/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/core/web/JmReportTokenFilter.java @@ -0,0 +1,132 @@ +package cn.iocoder.yudao.module.visualization.framework.jmreport.core.web; + +import cn.hutool.core.util.StrUtil; +import cn.iocoder.yudao.framework.security.core.LoginUser; +import cn.iocoder.yudao.framework.web.core.util.WebFrameworkUtils; +import cn.iocoder.yudao.module.system.api.oauth2.OAuth2TokenApi; +import cn.iocoder.yudao.module.system.api.oauth2.dto.OAuth2AccessTokenCheckRespDTO; +import lombok.RequiredArgsConstructor; + +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletRequestWrapper; +import java.io.IOException; +import java.util.Collections; +import java.util.Enumeration; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Optional; + +/** + * 积木报表 token 处理,将积木报表请求头中的 token 转换成 spring security 的 auth head + */ +@RequiredArgsConstructor +public class JmReportTokenFilter implements Filter { + /** + * 积木 token 请求头 + */ + private static final String JM_TOKEN_HEADER = "X-Access-Token"; + /** + * 系统内置请求头 + */ + private static final String TOKEN_HEADER = "Authorization"; + /** + * auth 相关格式 + */ + private static final String AUTHORIZATION_FORMAT = "Bearer %s"; + + private final OAuth2TokenApi oauth2TokenApi; + + @Override + public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { + // 积木请求头 + HttpServletRequest req = (HttpServletRequest) servletRequest; + String token = req.getHeader(JM_TOKEN_HEADER); + if (StrUtil.isNotEmpty(token)) { + // 1. 增加请求头 + HeaderMapRequestWrapper requestWrapper = new HeaderMapRequestWrapper(req); + requestWrapper.addHeader(TOKEN_HEADER, String.format(AUTHORIZATION_FORMAT, token)); + + OAuth2AccessTokenCheckRespDTO resp = oauth2TokenApi.checkAccessToken(token); + Optional optUser = Optional.ofNullable(resp) + .map( + t -> new LoginUser().setId(t.getUserId()) + .setUserType(t.getUserType()) + .setTenantId(t.getTenantId()) + .setScopes(t.getScopes()) + ); + if (optUser.isPresent()) { + // 2. 设置登录用户类型 + WebFrameworkUtils.setLoginUserType(servletRequest, optUser.get().getUserType()); + filterChain.doFilter(requestWrapper, servletResponse); + return; + } + } + filterChain.doFilter(servletRequest, servletResponse); + } + + /** + * request 包装类,用于修改 head + * + * add request head + */ + public class HeaderMapRequestWrapper extends HttpServletRequestWrapper { + /** + * construct a wrapper for this request + * + * @param request + */ + public HeaderMapRequestWrapper(HttpServletRequest request) { + super(request); + } + + private Map headerMap = new HashMap(); + + /** + * add a header with given name and value + * + * @param name + * @param value + */ + public void addHeader(String name, String value) { + headerMap.put(name, value); + } + + @Override + public String getHeader(String name) { + String headerValue = super.getHeader(name); + if (headerMap.containsKey(name)) { + headerValue = headerMap.get(name); + } + return headerValue; + } + + /** + * get the Header names + */ + @Override + public Enumeration getHeaderNames() { + List names = Collections.list(super.getHeaderNames()); + for (String name : headerMap.keySet()) { + names.add(name); + } + return Collections.enumeration(names); + } + + @Override + public Enumeration getHeaders(String name) { + List values = Collections.list(super.getHeaders(name)); + if (headerMap.containsKey(name)) { + values.add(headerMap.get(name)); + } + return Collections.enumeration(values); + } + + } + +}