12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273747576777879808182838485868788899091 |
- package com.yaozhitech.spring5.intercept;
- import javax.servlet.http.HttpServletRequest;
- import javax.servlet.http.HttpServletResponse;
- import org.springframework.beans.factory.annotation.Autowired;
- import org.springframework.beans.factory.annotation.Value;
- import org.springframework.util.StringUtils;
- import org.springframework.web.method.HandlerMethod;
- import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
- import com.yaozhitech.spring5.annotation.IgnoreClientToken;
- import com.yaozhitech.spring5.common.exception.auth.ClientForbiddenException;
- import com.yaozhitech.spring5.provider.AuthServerProvider;
- import com.yaozhitech.spring5.utils.JwtUtils;
- import lombok.extern.slf4j.Slf4j;
- /**
- * 微服务之间的认证
- * @author EDZ
- *
- */
- @Slf4j
- public class ServiceAuthRestInterceptor extends HandlerInterceptorAdapter {
- @Autowired
- private AuthServerProvider clientAuthProvider;
-
- @Value("${spring.application.name}")
- private String applicationName;
- @Override
- public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
- HandlerMethod handlerMethod = (HandlerMethod) handler;
- // ip
- // if (ClientUtil.isLocalhost(request)) {
- // return super.preHandle(request, response, handler);
- // }
-
- // 配置该注解,说明不进行服务拦截
- IgnoreClientToken annotation = handlerMethod.getBeanType().getAnnotation(IgnoreClientToken.class);
- if (annotation == null) {
- annotation = handlerMethod.getMethodAnnotation(IgnoreClientToken.class);
- }
- if (annotation != null) {
- return super.preHandle(request, response, handler);
- }
- if (request.getServletPath().startsWith("/actuator")) {
- return super.preHandle(request, response, handler);
- }
-
- String clientToken = request.getHeader("x-auth-client-" + applicationName);
- String client = request.getHeader("x-auth-client");
- try {
- if (StringUtils.isEmpty(clientToken)) {
- String clientName = JwtUtils.getUsername(client);
- // authServer校验 客户端是否合法&能否有权限访问
- if (Boolean.TRUE.equals(clientAuthProvider.verify(applicationName, clientName.split("\\.")[0],
- clientName.split("\\.")[1]))) {
- // 给该客户端签名
- String signToken = JwtUtils.sign(JwtUtils.generateSalt(), "xP3La8IhZjl4fmWXD.AYVH5tor5bn-Rr",
- 3600 * 12);
- response.addHeader("x-auth-client-response", signToken);
- log.info("auth-server verify success, sign with {}", signToken);
- return super.preHandle(request, response, handler);
- }
- } else {
- // jwt校验
- if (!JwtUtils.isTokenExpired(clientToken)
- && JwtUtils.verifyToken(clientToken, "xP3La8IhZjl4fmWXD.AYVH5tor5bn-Rr") != null) {
- log.info("local service jwt verify success");
- return super.preHandle(request, response, handler);
- }
- }
- } catch (Exception e) {
- log.error(e.getMessage(), e);
- throw new ClientForbiddenException("Client verfy error");
- }
- throw new ClientForbiddenException("Client is Forbidden!");
- }
- }
|