|
@@ -3,10 +3,9 @@ package com.yaozhitech.spring5.intercept;
|
3
|
3
|
import javax.servlet.http.HttpServletRequest;
|
4
|
4
|
import javax.servlet.http.HttpServletResponse;
|
5
|
5
|
|
6
|
|
-import org.slf4j.Logger;
|
7
|
|
-import org.slf4j.LoggerFactory;
|
8
|
6
|
import org.springframework.beans.factory.annotation.Autowired;
|
9
|
7
|
import org.springframework.beans.factory.annotation.Value;
|
|
8
|
+import org.springframework.util.StringUtils;
|
10
|
9
|
import org.springframework.web.method.HandlerMethod;
|
11
|
10
|
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
|
12
|
11
|
|
|
@@ -24,7 +23,6 @@ import lombok.extern.slf4j.Slf4j;
|
24
|
23
|
*/
|
25
|
24
|
@Slf4j
|
26
|
25
|
public class ServiceAuthRestInterceptor extends HandlerInterceptorAdapter {
|
27
|
|
- private Logger logger = LoggerFactory.getLogger(ServiceAuthRestInterceptor.class);
|
28
|
26
|
|
29
|
27
|
@Autowired
|
30
|
28
|
private AuthServerProvider clientAuthProvider;
|
|
@@ -49,12 +47,29 @@ public class ServiceAuthRestInterceptor extends HandlerInterceptorAdapter {
|
49
|
47
|
return super.preHandle(request, response, handler);
|
50
|
48
|
}
|
51
|
49
|
|
|
50
|
+ String clientToken = request.getHeader("x-auth-client-" + applicationName);
|
52
|
51
|
String client = request.getHeader("x-auth-client");
|
53
|
52
|
|
54
|
53
|
try {
|
55
|
|
- String uniqueName = JwtUtils.getUsername(client);
|
56
|
|
- if (Boolean.TRUE.equals(clientAuthProvider.verify(applicationName, uniqueName.split("\\.")[0], uniqueName.split("\\.")[1]))) {
|
57
|
|
- return super.preHandle(request, response, handler);
|
|
54
|
+ if (StringUtils.isEmpty(clientToken)) {
|
|
55
|
+ String clientName = JwtUtils.getUsername(client);
|
|
56
|
+ // authServer校验 客户端是否合法&能否有权限访问
|
|
57
|
+ if (Boolean.TRUE.equals(clientAuthProvider.verify(applicationName, clientName.split("\\.")[0], clientName.split("\\.")[1]))) {
|
|
58
|
+ // 给该客户端签名
|
|
59
|
+ String signToken = JwtUtils.sign(JwtUtils.generateSalt(), "xP3La8IhZjl4fmWXD.AYVH5tor5bn-Rr", 3600*12);
|
|
60
|
+ response.addHeader("x-auth-client-response", signToken);
|
|
61
|
+
|
|
62
|
+ log.info("auth-server verify success, sign with {}", signToken);
|
|
63
|
+
|
|
64
|
+ return super.preHandle(request, response, handler);
|
|
65
|
+ }
|
|
66
|
+
|
|
67
|
+ } else {
|
|
68
|
+ // jwt校验
|
|
69
|
+ if (!JwtUtils.isTokenExpired(clientToken) && JwtUtils.verifyToken(clientToken, "xP3La8IhZjl4fmWXD.AYVH5tor5bn-Rr") != null) {
|
|
70
|
+ log.info("local service jwt verify success");
|
|
71
|
+ return super.preHandle(request, response, handler);
|
|
72
|
+ }
|
58
|
73
|
}
|
59
|
74
|
|
60
|
75
|
} catch (Exception e) {
|