yufeng
/
spring5_demo1


			
				
					
						
						
							1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374757677787980818283
							package com.yaozhitech.spring5.intercept;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.util.StringUtils;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;

import com.yaozhitech.spring5.annotation.IgnoreClientToken;
import com.yaozhitech.spring5.common.exception.auth.ClientForbiddenException;
import com.yaozhitech.spring5.provider.AuthServerProvider;
import com.yaozhitech.spring5.utils.JwtUtils;

import lombok.extern.slf4j.Slf4j;

/**
 * 微服务之间的认证
 * @author EDZ
 *
 */
@Slf4j
public class ServiceAuthRestInterceptor extends HandlerInterceptorAdapter {

  @Autowired
  private AuthServerProvider clientAuthProvider;
  
  @Value("${spring.application.name}")
  private String applicationName;

  @Override
  public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
		HandlerMethod handlerMethod = (HandlerMethod) handler;
		// ip
//		if (ClientUtil.isLocalhost(request)) {
//			return super.preHandle(request, response, handler);
//		}
		
      // 配置该注解，说明不进行服务拦截
      IgnoreClientToken annotation = handlerMethod.getBeanType().getAnnotation(IgnoreClientToken.class);
      if (annotation == null) {
          annotation = handlerMethod.getMethodAnnotation(IgnoreClientToken.class);
      }
      if(annotation != null) {
          return super.preHandle(request, response, handler);
      }

		String clientToken = request.getHeader("x-auth-client-" + applicationName);
		String client = request.getHeader("x-auth-client");
		
		try {
			if (StringUtils.isEmpty(clientToken)) {
				String clientName = JwtUtils.getUsername(client);
				// authServer校验 客户端是否合法&能否有权限访问
				if (Boolean.TRUE.equals(clientAuthProvider.verify(applicationName, clientName.split("\\.")[0], clientName.split("\\.")[1]))) {
					// 给该客户端签名
					String signToken = JwtUtils.sign(JwtUtils.generateSalt(), "xP3La8IhZjl4fmWXD.AYVH5tor5bn-Rr", 3600*12);
					response.addHeader("x-auth-client-response", signToken);
					
					log.info("auth-server verify success, sign with {}", signToken);
					
					return super.preHandle(request, response, handler);
				}
				
			} else {
				// jwt校验
				if (!JwtUtils.isTokenExpired(clientToken) && JwtUtils.verifyToken(clientToken, "xP3La8IhZjl4fmWXD.AYVH5tor5bn-Rr") != null) {
					log.info("local service jwt verify success");
					return super.preHandle(request, response, handler);
				}
			}
			
		} catch (Exception e) {
			log.error(e.getMessage(), e);
			throw new ClientForbiddenException("Client verfy error");
		}
      
      throw new ClientForbiddenException("Client is Forbidden!");
  }
}