1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283 |
- package com.yaozhitech.spring5.intercept;
- import javax.servlet.http.HttpServletRequest;
- import javax.servlet.http.HttpServletResponse;
- import org.springframework.beans.factory.annotation.Autowired;
- import org.springframework.beans.factory.annotation.Value;
- import org.springframework.util.StringUtils;
- import org.springframework.web.method.HandlerMethod;
- import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
- import com.yaozhitech.spring5.annotation.IgnoreClientToken;
- import com.yaozhitech.spring5.common.exception.auth.ClientForbiddenException;
- import com.yaozhitech.spring5.provider.AuthServerProvider;
- import com.yaozhitech.spring5.utils.JwtUtils;
- import lombok.extern.slf4j.Slf4j;
- /**
- * 微服务之间的认证
- * @author EDZ
- *
- */
- @Slf4j
- public class ServiceAuthRestInterceptor extends HandlerInterceptorAdapter {
- @Autowired
- private AuthServerProvider clientAuthProvider;
-
- @Value("${spring.application.name}")
- private String applicationName;
- @Override
- public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
- HandlerMethod handlerMethod = (HandlerMethod) handler;
- // ip
- // if (ClientUtil.isLocalhost(request)) {
- // return super.preHandle(request, response, handler);
- // }
-
- // 配置该注解,说明不进行服务拦截
- IgnoreClientToken annotation = handlerMethod.getBeanType().getAnnotation(IgnoreClientToken.class);
- if (annotation == null) {
- annotation = handlerMethod.getMethodAnnotation(IgnoreClientToken.class);
- }
- if(annotation != null) {
- return super.preHandle(request, response, handler);
- }
- String clientToken = request.getHeader("x-auth-client-" + applicationName);
- String client = request.getHeader("x-auth-client");
-
- try {
- if (StringUtils.isEmpty(clientToken)) {
- String clientName = JwtUtils.getUsername(client);
- // authServer校验 客户端是否合法&能否有权限访问
- if (Boolean.TRUE.equals(clientAuthProvider.verify(applicationName, clientName.split("\\.")[0], clientName.split("\\.")[1]))) {
- // 给该客户端签名
- String signToken = JwtUtils.sign(JwtUtils.generateSalt(), "xP3La8IhZjl4fmWXD.AYVH5tor5bn-Rr", 3600*12);
- response.addHeader("x-auth-client-response", signToken);
-
- log.info("auth-server verify success, sign with {}", signToken);
-
- return super.preHandle(request, response, handler);
- }
-
- } else {
- // jwt校验
- if (!JwtUtils.isTokenExpired(clientToken) && JwtUtils.verifyToken(clientToken, "xP3La8IhZjl4fmWXD.AYVH5tor5bn-Rr") != null) {
- log.info("local service jwt verify success");
- return super.preHandle(request, response, handler);
- }
- }
-
- } catch (Exception e) {
- log.error(e.getMessage(), e);
- throw new ClientForbiddenException("Client verfy error");
- }
-
- throw new ClientForbiddenException("Client is Forbidden!");
- }
- }
|