From 7ae23e17d8e90dc634f3f86e2eee209cbacaace3 Mon Sep 17 00:00:00 2001
From: xiaoyong931011 <15274802129@163.com>
Date: Mon, 30 Nov 2020 17:15:53 +0800
Subject: [PATCH] 20201130
---
src/main/java/com/xcong/excoin/configurations/security/TokenFilter.java | 42 ++++++++++++++++++++++++++++++++++++++----
1 files changed, 38 insertions(+), 4 deletions(-)
diff --git a/src/main/java/com/xcong/excoin/configurations/security/TokenFilter.java b/src/main/java/com/xcong/excoin/configurations/security/TokenFilter.java
index 938b6cd..e98bac2 100644
--- a/src/main/java/com/xcong/excoin/configurations/security/TokenFilter.java
+++ b/src/main/java/com/xcong/excoin/configurations/security/TokenFilter.java
@@ -48,16 +48,16 @@
public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpServletResponse response = (HttpServletResponse) servletResponse;
- String token = resolveToken(request);
+ String token = resolveTokenOutCenter(request);
if (!AppContants.TIME_OUT.equals(token)) {
if (StrUtil.isNotBlank(token)) {
String redisKey = "";
// 根据user-agent判断pc端还是app端
if (LoginUserUtils.isBrowser(request)) {
- redisKey = AppContants.PC_LOGIN_PREFIX + token;
+ redisKey = token;;
} else {
- redisKey = AppContants.APP_LOGIN_PREFIX + token;
+ redisKey = token;;
}
String loginStr = (String) redisUtils.get(redisKey);
@@ -65,7 +65,6 @@
MemberEntity loginUser = JSONObject.parseObject(loginStr, MemberEntity.class);
Authentication authentication = new UsernamePasswordAuthenticationToken(loginUser, token, new ArrayList<>());
SecurityContextHolder.getContext().setAuthentication(authentication);
- redisUtils.expire(redisKey, 36000);
} else {
log.info("token无法查询:{}", token);
SecurityContextHolder.clearContext();
@@ -80,6 +79,41 @@
}
filterChain.doFilter(servletRequest, servletResponse);
}
+
+ /**
+ * 解析前端传来的token,md5加密后的地址_设备iD_/api
+ *
+ * @param request
+ * @return
+ */
+ private String resolveTokenOutCenter(HttpServletRequest request) {
+ try {
+ String bearerToken = request.getHeader(AppContants.TOKEN_HEADER);
+ //获取请求的完整路径
+ StringBuffer requestURL = request.getRequestURL();
+
+ if (StringUtils.hasText(bearerToken) && bearerToken.startsWith(AppContants.TOKEN_START_WITH)) {
+ // 去掉令牌前缀
+ String rsaToken = bearerToken.replace(AppContants.TOKEN_START_WITH, "");
+ RSA rsa = new RSA(securityProperties.getPrivateKey(), null);
+ String decryptStr = rsa.decryptStr(rsaToken, KeyType.PrivateKey);
+ String[] tokens = StrUtil.split(decryptStr, "_");
+
+ if (StrUtil.isNotEmpty(requestURL) && requestURL.toString().contains(tokens[2])) {
+ return tokens[0];
+ } else {
+// log.info("前面token为{}", tokens[0]);
+// log.info("时间为:{}, 当前时间为:{}", tokens[1], System.currentTimeMillis());
+ return AppContants.TIME_OUT;
+ }
+ }
+// log.info("bearerToken---->{}", bearerToken);
+ } catch (Exception e) {
+ log.error("#解析token异常#", e);
+ return null;
+ }
+ return null;
+ }
/**
* 解析前端传来的token,先去掉Bearer,在rsa解密得到token_time,返回token,并判断time与当前是否在5s内
--
Gitblit v1.9.1