package com.xcong.excoin.configurations.security;
|
|
import cn.hutool.core.util.StrUtil;
|
import cn.hutool.crypto.asymmetric.KeyType;
|
import cn.hutool.crypto.asymmetric.RSA;
|
import com.alibaba.fastjson.JSONObject;
|
import com.xcong.excoin.common.contants.AppContants;
|
import com.xcong.excoin.common.system.bean.LoginUserBean;
|
import com.xcong.excoin.configurations.properties.ApplicationProperties;
|
import com.xcong.excoin.configurations.properties.SecurityProperties;
|
import com.xcong.excoin.utils.RedisUtils;
|
import com.xcong.excoin.utils.SpringContextHolder;
|
import lombok.extern.slf4j.Slf4j;
|
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
|
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.context.SecurityContextHolder;
|
import org.springframework.util.StringUtils;
|
import org.springframework.web.filter.GenericFilterBean;
|
|
import javax.servlet.FilterChain;
|
import javax.servlet.ServletException;
|
import javax.servlet.ServletRequest;
|
import javax.servlet.ServletResponse;
|
import javax.servlet.http.HttpServletRequest;
|
import java.io.IOException;
|
import java.util.ArrayList;
|
|
/**
|
* @author wzy
|
* @date 2020-05-12
|
**/
|
@Slf4j
|
public class TokenFilter extends GenericFilterBean {
|
|
private final ApplicationProperties applicationProperties = SpringContextHolder.getBean(ApplicationProperties.class);
|
|
private final SecurityProperties securityProperties = SpringContextHolder.getBean(SecurityProperties.class);
|
|
private final RedisUtils redisUtils = SpringContextHolder.getBean(RedisUtils.class);
|
|
@Override
|
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
|
HttpServletRequest request = (HttpServletRequest) servletRequest;
|
String token = resolveToken(request);
|
if (StrUtil.isNotBlank(token)) {
|
String loginStr = (String) redisUtils.get(AppContants.APP_LOGIN_PREFIX + token);
|
if (StrUtil.isNotBlank(loginStr)) {
|
LoginUserBean loginUser = JSONObject.parseObject(loginStr, LoginUserBean.class);
|
Authentication authentication = new UsernamePasswordAuthenticationToken(loginUser.getMemberEntity(), token, new ArrayList<>());
|
SecurityContextHolder.getContext().setAuthentication(authentication);
|
redisUtils.expire(AppContants.APP_LOGIN_PREFIX + token, 300000);
|
} else {
|
SecurityContextHolder.clearContext();
|
}
|
} else {
|
SecurityContextHolder.clearContext();
|
}
|
|
filterChain.doFilter(servletRequest, servletResponse);
|
}
|
|
/**
|
* 解析前端传来的token,先去掉Bearer,在rsa解密得到token_time,返回token,并判断time与当前是否在5s内
|
*
|
* @param request
|
* @return
|
*/
|
private String resolveToken(HttpServletRequest request) {
|
try {
|
// TODO debug模式下写死用户
|
String bearerToken = "";
|
if (applicationProperties.isDebug()) {
|
bearerToken = "Bearer JSEre1ZUKEu2Ga5ORM+juxXv6yBwmt+FgLhxaeHf1EEJfIb3oRir4pXqe5JDhS6sXfLYOXRIAyBpq+SYBwAtGigxwzGVPn+k4Pt6vNxZ4h8Pk4IeG4+FqbFD0guzvu3WN2eRnnzYqCepl429v9Ju7n4jSG0Hj5ViM3MHQZs3qHo=";
|
} else {
|
bearerToken = request.getHeader(AppContants.TOKEN_HEADER);
|
}
|
if (StringUtils.hasText(bearerToken) && bearerToken.startsWith(AppContants.TOKEN_START_WITH)) {
|
// 去掉令牌前缀
|
String rsaToken = bearerToken.replace(AppContants.TOKEN_START_WITH, "");
|
RSA rsa = new RSA(securityProperties.getPrivateKey(), null);
|
String[] tokens = StrUtil.split(rsa.decryptStr(rsaToken, KeyType.PrivateKey), "_");
|
if (verifyTokenExpired(Long.parseLong(tokens[1]))) {
|
return tokens[0];
|
}
|
return null;
|
}
|
} catch (Exception e) {
|
log.error("#解析token异常#", e);
|
return null;
|
}
|
return null;
|
}
|
|
private Boolean verifyTokenExpired(Long time) {
|
boolean isDebug = applicationProperties.isDebug();
|
if (!isDebug) {
|
long currentTime = System.currentTimeMillis();
|
return currentTime - time <= 5000;
|
}
|
return true;
|
}
|
}
|
