修改token认证获取

9cd4cab6 · 袁伟铭 · f7f0a1c2 · 9cd4cab6 · 9cd4cab6 · 9cd4cab6
Commit 9cd4cab6 authored Jan 06, 2022 by 袁伟铭
12 changed files
--- a/oauth-server/src/main/java/com/zq/oauth/config/TokenFilter.java
+++ b/oauth-server/src/main/java/com/zq/oauth/config/TokenFilter.java
@@ -62,7 +62,7 @@ public class TokenFilter extends GenericFilterBean {
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
            throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
-        String token = resolveToken(httpServletRequest);
+        String token = tokenProvider.getToken(httpServletRequest);
        // 对于 Token 为空的不需要去查 Redis
        if (StrUtil.isNotBlank(token)) {
            OnlineUserDto onlineUserDto = null;
@@ -90,23 +90,4 @@ public class TokenFilter extends GenericFilterBean {
        filterChain.doFilter(servletRequest, servletResponse);
    }
-    /**
-     * 初步检测Token
-     *
-     * @param request /
-     * @return /
-     */
-    private String resolveToken(HttpServletRequest request) {
-        String bearerToken = request.getHeader(properties.getHeader());
-        if (StringUtils.isBlank(bearerToken)) {
-            return null;
-        }
-        if (bearerToken.startsWith(properties.getTokenStartWith())) {
-            // 去掉令牌前缀
-            return bearerToken.replace(properties.getTokenStartWith(), "");
-        } else {
-            log.debug("非法Token：{}", bearerToken);
-        }
-        return null;
-    }
 }
--- a/oauth-server/src/main/java/com/zq/oauth/config/TokenProvider.java
+++ b/oauth-server/src/main/java/com/zq/oauth/config/TokenProvider.java
@@ -25,6 +25,7 @@ import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
@@ -32,7 +33,6 @@ import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.stereotype.Component;
-import org.springframework.util.StringUtils;
 import javax.crypto.spec.SecretKeySpec;
 import javax.servlet.http.HttpServletRequest;
@@ -122,9 +122,14 @@ public class TokenProvider implements InitializingBean {
    public String getToken(HttpServletRequest request) {
        String bearerToken = request.getHeader(properties.getHeader());
-        if (StringUtils.hasText(bearerToken) && bearerToken.startsWith(properties.getTokenStartWith())) {
+        if (StringUtils.isBlank(bearerToken)) {
+            return null;
+        }
+        if (bearerToken.startsWith(properties.getTokenStartWith())) {
            // 去掉令牌前缀
            return bearerToken.replace(properties.getTokenStartWith(), "");
+        } else {
+            log.debug("非法Token：{}", bearerToken);
        }
        return null;
    }

--- a/open-server/src/main/java/com/zq/open/config/TokenFilter.java
+++ b/open-server/src/main/java/com/zq/open/config/TokenFilter.java
@@ -62,7 +62,7 @@ public class TokenFilter extends GenericFilterBean {
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
            throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
-        String token = resolveToken(httpServletRequest);
+        String token = tokenProvider.getToken(httpServletRequest);
        // 对于 Token 为空的不需要去查 Redis
        if (StrUtil.isNotBlank(token)) {
            OnlineUserDto onlineUserDto = null;
@@ -90,23 +90,4 @@ public class TokenFilter extends GenericFilterBean {
        filterChain.doFilter(servletRequest, servletResponse);
    }
-    /**
-     * 初步检测Token
-     *
-     * @param request /
-     * @return /
-     */
-    private String resolveToken(HttpServletRequest request) {
-        String bearerToken = request.getHeader(properties.getHeader());
-        if (StringUtils.isBlank(bearerToken)) {
-            return null;
-        }
-        if (bearerToken.startsWith(properties.getTokenStartWith())) {
-            // 去掉令牌前缀
-            return bearerToken.replace(properties.getTokenStartWith(), "");
-        } else {
-            log.debug("非法Token：{}", bearerToken);
-        }
-        return null;
-    }
 }
--- a/open-server/src/main/java/com/zq/open/config/TokenProvider.java
+++ b/open-server/src/main/java/com/zq/open/config/TokenProvider.java
@@ -25,6 +25,7 @@ import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
@@ -32,7 +33,6 @@ import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.stereotype.Component;
-import org.springframework.util.StringUtils;
 import javax.crypto.spec.SecretKeySpec;
 import javax.servlet.http.HttpServletRequest;
@@ -122,9 +122,14 @@ public class TokenProvider implements InitializingBean {
    public String getToken(HttpServletRequest request) {
        String bearerToken = request.getHeader(properties.getHeader());
-        if (StringUtils.hasText(bearerToken) && bearerToken.startsWith(properties.getTokenStartWith())) {
+        if (StringUtils.isBlank(bearerToken)) {
+            return null;
+        }
+        if (bearerToken.startsWith(properties.getTokenStartWith())) {
            // 去掉令牌前缀
            return bearerToken.replace(properties.getTokenStartWith(), "");
+        } else {
+            log.debug("非法Token：{}", bearerToken);
        }
        return null;
    }

--- a/portal-server/src/main/java/com/zq/portal/config/TokenFilter.java
+++ b/portal-server/src/main/java/com/zq/portal/config/TokenFilter.java
@@ -62,7 +62,7 @@ public class TokenFilter extends GenericFilterBean {
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
            throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
-        String token = resolveToken(httpServletRequest);
+        String token = tokenProvider.getToken(httpServletRequest);
        // 对于 Token 为空的不需要去查 Redis
        if (StrUtil.isNotBlank(token)) {
            OnlineUserDto onlineUserDto = null;
@@ -90,23 +90,4 @@ public class TokenFilter extends GenericFilterBean {
        filterChain.doFilter(servletRequest, servletResponse);
    }
-    /**
-     * 初步检测Token
-     *
-     * @param request /
-     * @return /
-     */
-    private String resolveToken(HttpServletRequest request) {
-        String bearerToken = request.getHeader(properties.getHeader());
-        if (StringUtils.isBlank(bearerToken)) {
-            return null;
-        }
-        if (bearerToken.startsWith(properties.getTokenStartWith())) {
-            // 去掉令牌前缀
-            return bearerToken.replace(properties.getTokenStartWith(), "");
-        } else {
-            log.debug("非法Token：{}", bearerToken);
-        }
-        return null;
-    }
 }
--- a/portal-server/src/main/java/com/zq/portal/config/TokenProvider.java
+++ b/portal-server/src/main/java/com/zq/portal/config/TokenProvider.java
@@ -25,6 +25,7 @@ import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
@@ -32,7 +33,6 @@ import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.stereotype.Component;
-import org.springframework.util.StringUtils;
 import javax.crypto.spec.SecretKeySpec;
 import javax.servlet.http.HttpServletRequest;
@@ -122,9 +122,14 @@ public class TokenProvider implements InitializingBean {
    public String getToken(HttpServletRequest request) {
        String bearerToken = request.getHeader(properties.getHeader());
-        if (StringUtils.hasText(bearerToken) && bearerToken.startsWith(properties.getTokenStartWith())) {
+        if (StringUtils.isBlank(bearerToken)) {
+            return null;
+        }
+        if (bearerToken.startsWith(properties.getTokenStartWith())) {
            // 去掉令牌前缀
            return bearerToken.replace(properties.getTokenStartWith(), "");
+        } else {
+            log.debug("非法Token：{}", bearerToken);
        }
        return null;
    }

--- a/resource-server/src/main/java/com/zq/resource/config/TokenFilter.java
+++ b/resource-server/src/main/java/com/zq/resource/config/TokenFilter.java
@@ -62,7 +62,7 @@ public class TokenFilter extends GenericFilterBean {
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
            throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
-        String token = resolveToken(httpServletRequest);
+        String token = tokenProvider.getToken(httpServletRequest);
        // 对于 Token 为空的不需要去查 Redis
        if (StrUtil.isNotBlank(token)) {
            OnlineUserDto onlineUserDto = null;
@@ -90,23 +90,4 @@ public class TokenFilter extends GenericFilterBean {
        filterChain.doFilter(servletRequest, servletResponse);
    }
-    /**
-     * 初步检测Token
-     *
-     * @param request /
-     * @return /
-     */
-    private String resolveToken(HttpServletRequest request) {
-        String bearerToken = request.getHeader(properties.getHeader());
-        if (StringUtils.isBlank(bearerToken)) {
-            return null;
-        }
-        if (bearerToken.startsWith(properties.getTokenStartWith())) {
-            // 去掉令牌前缀
-            return bearerToken.replace(properties.getTokenStartWith(), "");
-        } else {
-            log.debug("非法Token：{}", bearerToken);
-        }
-        return null;
-    }
 }
--- a/resource-server/src/main/java/com/zq/resource/config/TokenProvider.java
+++ b/resource-server/src/main/java/com/zq/resource/config/TokenProvider.java
@@ -25,6 +25,7 @@ import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
@@ -32,7 +33,6 @@ import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.stereotype.Component;
-import org.springframework.util.StringUtils;
 import javax.crypto.spec.SecretKeySpec;
 import javax.servlet.http.HttpServletRequest;
@@ -122,9 +122,14 @@ public class TokenProvider implements InitializingBean {
    public String getToken(HttpServletRequest request) {
        String bearerToken = request.getHeader(properties.getHeader());
-        if (StringUtils.hasText(bearerToken) && bearerToken.startsWith(properties.getTokenStartWith())) {
+        if (StringUtils.isBlank(bearerToken)) {
+            return null;
+        }
+        if (bearerToken.startsWith(properties.getTokenStartWith())) {
            // 去掉令牌前缀
            return bearerToken.replace(properties.getTokenStartWith(), "");
+        } else {
+            log.debug("非法Token：{}", bearerToken);
        }
        return null;
    }

--- a/sys-server/src/main/java/com/zq/system/config/security/TokenFilter.java
+++ b/sys-server/src/main/java/com/zq/system/config/security/TokenFilter.java
@@ -66,7 +66,7 @@ public class TokenFilter extends GenericFilterBean {
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
            throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
-        String token = resolveToken(httpServletRequest);
+        String token = tokenProvider.getToken(httpServletRequest);
        // 对于 Token 为空的不需要去查 Redis
        if (StrUtil.isNotBlank(token)) {
            OnlineUserDto onlineUserDto = null;
@@ -94,23 +94,4 @@ public class TokenFilter extends GenericFilterBean {
        filterChain.doFilter(servletRequest, servletResponse);
    }
-    /**
-     * 初步检测Token
-     *
-     * @param request /
-     * @return /
-     */
-    private String resolveToken(HttpServletRequest request) {
-        String bearerToken = request.getHeader(properties.getHeader());
-        if (StringUtils.isBlank(bearerToken)) {
-            return null;
-        }
-        if (bearerToken.startsWith(properties.getTokenStartWith())) {
-            // 去掉令牌前缀
-            return bearerToken.replace(properties.getTokenStartWith(), "");
-        } else {
-            log.debug("非法Token：{}", bearerToken);
-        }
-        return null;
-    }
 }
--- a/sys-server/src/main/java/com/zq/system/config/security/TokenProvider.java
+++ b/sys-server/src/main/java/com/zq/system/config/security/TokenProvider.java
@@ -27,6 +27,7 @@ import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
@@ -34,7 +35,6 @@ import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.stereotype.Component;
-import org.springframework.util.StringUtils;
 import javax.crypto.spec.SecretKeySpec;
 import javax.servlet.http.HttpServletRequest;
@@ -91,7 +91,10 @@ public class TokenProvider implements InitializingBean {
    }
    public Authentication getAuthentication(String token) {
-        Claims claims = getClaims(token);
+        Claims claims = Jwts.parser()
+                .setSigningKey(DatatypeConverter.parseBase64Binary(properties.getBase64Secret()))
+                .parseClaimsJws(token)
+                .getBody();
        // fix bug: 当前用户如果没有任何权限时，在输入用户名后，刷新验证码会抛IllegalArgumentException
        Object authoritiesStr = claims.get(AUTHORITIES_KEY);
@@ -129,9 +132,14 @@ public class TokenProvider implements InitializingBean {
    public String getToken(HttpServletRequest request) {
        String bearerToken = request.getHeader(properties.getHeader());
-        if (StringUtils.hasText(bearerToken) && bearerToken.startsWith(properties.getTokenStartWith())) {
+        if (StringUtils.isBlank(bearerToken)) {
+            return null;
+        }
+        if (bearerToken.startsWith(properties.getTokenStartWith())) {
            // 去掉令牌前缀
            return bearerToken.replace(properties.getTokenStartWith(), "");
+        } else {
+            log.debug("非法Token：{}", bearerToken);
        }
        return null;
    }

--- a/user-server/src/main/java/com/zq/user/config/TokenFilter.java
+++ b/user-server/src/main/java/com/zq/user/config/TokenFilter.java
@@ -62,7 +62,7 @@ public class TokenFilter extends GenericFilterBean {
    public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain)
            throws IOException, ServletException {
        HttpServletRequest httpServletRequest = (HttpServletRequest) servletRequest;
-        String token = resolveToken(httpServletRequest);
+        String token = tokenProvider.getToken(httpServletRequest);
        // 对于 Token 为空的不需要去查 Redis
        if (StrUtil.isNotBlank(token)) {
            OnlineUserDto onlineUserDto = null;
@@ -90,23 +90,4 @@ public class TokenFilter extends GenericFilterBean {
        filterChain.doFilter(servletRequest, servletResponse);
    }
-    /**
-     * 初步检测Token
-     *
-     * @param request /
-     * @return /
-     */
-    private String resolveToken(HttpServletRequest request) {
-        String bearerToken = request.getHeader(properties.getHeader());
-        if (StringUtils.isBlank(bearerToken)) {
-            return null;
-        }
-        if (bearerToken.startsWith(properties.getTokenStartWith())) {
-            // 去掉令牌前缀
-            return bearerToken.replace(properties.getTokenStartWith(), "");
-        } else {
-            log.debug("非法Token：{}", bearerToken);
-        }
-        return null;
-    }
 }
--- a/user-server/src/main/java/com/zq/user/config/TokenProvider.java
+++ b/user-server/src/main/java/com/zq/user/config/TokenProvider.java
@@ -25,6 +25,7 @@ import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.beans.factory.InitializingBean;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
@@ -32,7 +33,6 @@ import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.authority.SimpleGrantedAuthority;
 import org.springframework.security.core.userdetails.User;
 import org.springframework.stereotype.Component;
-import org.springframework.util.StringUtils;
 import javax.crypto.spec.SecretKeySpec;
 import javax.servlet.http.HttpServletRequest;
@@ -122,9 +122,14 @@ public class TokenProvider implements InitializingBean {
    public String getToken(HttpServletRequest request) {
        String bearerToken = request.getHeader(properties.getHeader());
-        if (StringUtils.hasText(bearerToken) && bearerToken.startsWith(properties.getTokenStartWith())) {
+        if (StringUtils.isBlank(bearerToken)) {
+            return null;
+        }
+        if (bearerToken.startsWith(properties.getTokenStartWith())) {
            // 去掉令牌前缀
            return bearerToken.replace(properties.getTokenStartWith(), "");
+        } else {
+            log.debug("非法Token：{}", bearerToken);
        }
        return null;
    }