package com.yami.trading.security.common.filter;
|
|
import cn.hutool.core.collection.CollectionUtil;
|
import cn.hutool.core.util.StrUtil;
|
import com.yami.trading.security.common.adapter.AuthConfigAdapter;
|
import com.yami.trading.security.common.manager.TokenStore;
|
import com.yami.trading.common.exception.YamiShopBindException;
|
import com.yami.trading.common.handler.HttpHandler;
|
import com.yami.trading.security.common.bo.UserInfoInTokenBO;
|
import com.yami.trading.security.common.util.AuthUserContext;
|
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.http.HttpStatus;
|
import org.springframework.stereotype.Component;
|
import org.springframework.util.AntPathMatcher;
|
|
import javax.servlet.*;
|
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletResponse;
|
import java.io.IOException;
|
import java.util.List;
|
|
/**
|
* 授权过滤,只要实现AuthConfigAdapter接口,添加对应路径即可:
|
*
|
* @author 菠萝凤梨
|
* @date 2022/3/25 17:33
|
*/
|
@Component
|
public class AuthFilter implements Filter {
|
|
@Autowired
|
private AuthConfigAdapter authConfigAdapter;
|
|
@Autowired
|
private HttpHandler httpHandler;
|
|
@Autowired
|
private TokenStore tokenStore;
|
|
@Override
|
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
|
throws IOException, ServletException {
|
HttpServletRequest req = (HttpServletRequest) request;
|
HttpServletResponse resp = (HttpServletResponse) response;
|
|
String requestUri = req.getRequestURI();
|
|
List<String> excludePathPatterns = authConfigAdapter.excludePathPatterns();
|
|
AntPathMatcher pathMatcher = new AntPathMatcher();
|
// 如果匹配不需要授权的路径,就不需要校验是否需要授权
|
if (CollectionUtil.isNotEmpty(excludePathPatterns)) {
|
for (String excludePathPattern : excludePathPatterns) {
|
if (pathMatcher.match(excludePathPattern, requestUri)) {
|
chain.doFilter(req, resp);
|
return;
|
}
|
}
|
}
|
|
String token = req.getHeader("token");
|
String accessToken = req.getHeader("Authorization");
|
|
|
if (StrUtil.isEmpty(accessToken)) {
|
accessToken = token;
|
}
|
if (StrUtil.isEmpty(accessToken)) {
|
accessToken = req.getParameter("token");
|
}
|
// 也许需要登录,不登陆也能用的uri
|
List<String> maybeAuthUris = authConfigAdapter.maybeAuthUri();
|
boolean mayAuth = false;
|
if (CollectionUtil.isNotEmpty(maybeAuthUris)) {
|
for (String maybe : maybeAuthUris) {
|
if (pathMatcher.match(maybe, requestUri)) {
|
mayAuth = true;
|
break;
|
}
|
}
|
}
|
|
|
UserInfoInTokenBO userInfoInToken = null;
|
|
try {
|
// 如果有token,就要获取token
|
if (StrUtil.isNotBlank(accessToken)) {
|
userInfoInToken = tokenStore.getUserInfoByAccessToken(accessToken, true);
|
} else if (!mayAuth) {
|
// 返回前端401
|
httpHandler.printServerResponseToWeb(HttpStatus.UNAUTHORIZED.getReasonPhrase(), HttpStatus.UNAUTHORIZED.value());
|
return;
|
}
|
// 保存上下文
|
AuthUserContext.set(userInfoInToken);
|
|
chain.doFilter(req, resp);
|
|
} catch (Exception e) {
|
// 手动捕获下非controller异常
|
if (e instanceof YamiShopBindException) {
|
httpHandler.printServerResponseToWeb(e.getMessage(), 200);
|
} else {
|
throw e;
|
}
|
} finally {
|
AuthUserContext.clean();
|
}
|
}
|
}
|
