feat: 增加access_token过滤器

2025-03-28 11:13:03 +08:00 · 2025-03-28 11:13:03 +08:00 · 56f821d534
commit 56f821d534
parent fb1a5b0211
3 changed files with 88 additions and 2 deletions
--- a/common/pom.xml
+++ b/common/pom.xml
@ -77,6 +77,11 @@
            <artifactId>spring-security-web</artifactId>
        </dependency>
        <!-- spring end -->
+        <dependency>
+            <groupId>com.auth0</groupId>
+            <artifactId>java-jwt</artifactId>
+            <version>4.2.1</version>
+        </dependency>

    </dependencies>

--- a/login-oauth2-client/src/main/java/ink/wgink/login/oauth2/client/auth/filter/UserTokenFilter.java
+++ b/login-oauth2-client/src/main/java/ink/wgink/login/oauth2/client/auth/filter/UserTokenFilter.java
@ -28,7 +28,7 @@ import java.io.IOException;

@Order(value = Ordered.HIGHEST_PRECEDENCE)
@Component
-@WebFilter(filterName = "ContentCachingFilter", urlPatterns = "/*")
+@WebFilter(filterName = "UserTokenFilter", urlPatterns = "/*")
 public class UserTokenFilter extends OncePerRequestFilter {
    private static final Logger LOG = LoggerFactory.getLogger(UserTokenFilter.class);
    private static final AntPathMatcher ANT_PATH_MATCHER = new AntPathMatcher();
@ -39,7 +39,7 @@ public class UserTokenFilter extends OncePerRequestFilter {
        String source = request.getHeader("X-SOURCE");
        if (StringUtils.isBlank(userId)) {
            Object springSecurityContext = request.getSession().getAttribute("SPRING_SECURITY_CONTEXT");
-            if(!StringUtils.equals(source, "page")) {
+            if (!StringUtils.equals(source, "page")) {
                filterChain.doFilter(request, response);
                return;
            }
--- a/module-oauth2-client/src/main/java/ink/wgink/module/oauth2/filter/AccessTokenFilter.java
+++ b/module-oauth2-client/src/main/java/ink/wgink/module/oauth2/filter/AccessTokenFilter.java
@ -0,0 +1,81 @@
+package ink.wgink.module.oauth2.filter;
+
+import ink.wgink.exceptions.SearchException;
+import ink.wgink.pojo.bos.RoleGrantedAuthorityBO;
+import ink.wgink.pojo.bos.UserInfoBO;
+import org.jsoup.internal.StringUtil;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.core.Ordered;
+import org.springframework.core.annotation.Order;
+import org.springframework.http.HttpStatus;
+import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.context.SecurityContext;
+import org.springframework.security.core.context.SecurityContextHolder;
+import org.springframework.security.core.context.SecurityContextHolderStrategy;
+import org.springframework.stereotype.Component;
+import org.springframework.web.filter.OncePerRequestFilter;
+
+import javax.servlet.FilterChain;
+import javax.servlet.ServletException;
+import javax.servlet.annotation.WebFilter;
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+import java.io.IOException;
+import java.util.ArrayList;
+import java.util.Collections;
+import java.util.HashSet;
+import java.util.Set;
+
+@Order(value = Ordered.HIGHEST_PRECEDENCE)
+@Component
+@WebFilter(filterName = "AccessTokenFilter", urlPatterns = "/*")
+public class AccessTokenFilter extends OncePerRequestFilter {
+
+    private static final Logger LOG = LoggerFactory.getLogger(AccessTokenFilter.class);
+    @Autowired(required = false)
+    private IAccessTokenCheckFilter accessTokenCheckFilter;
+
+    @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
+        if (accessTokenCheckFilter == null) {
+            filterChain.doFilter(request, response);
+            return;
+        }
+        String authorization = request.getHeader("Auth");
+        if (StringUtil.isBlank(authorization)) {
+            filterChain.doFilter(request, response);
+            return;
+        }
+        if (!authorization.startsWith("Bearer ")) {
+            LOG.error("用户未登录，authorization异常");
+            response.setStatus(HttpStatus.UNAUTHORIZED.value());
+        }
+        String accessToken = authorization.replace("Bearer ", "");
+        UserInfoBO userInfo = accessTokenCheckFilter.getUserInfo(accessToken);
+        Set<GrantedAuthority> grantedAuthorities = new HashSet<>();
+        userInfo.getRoles().forEach(role -> {
+            RoleGrantedAuthorityBO roleGrantedAuthorityBO = new RoleGrantedAuthorityBO(role.getRoleId(), role.getRoleName(), Collections.emptyList(), Collections.emptyList(), Collections.emptyList(), Collections.emptyList(), Collections.emptyList());
+            grantedAuthorities.add(roleGrantedAuthorityBO);
+        });
+        UsernamePasswordAuthenticationToken userAuthenticationTokenResult = new UsernamePasswordAuthenticationToken(userInfo, null, grantedAuthorities);
+        SecurityContextHolderStrategy securityContextHolderStrategy = SecurityContextHolder.getContextHolderStrategy();
+        SecurityContext context = securityContextHolderStrategy.createEmptyContext();
+        context.setAuthentication(userAuthenticationTokenResult);
+        securityContextHolderStrategy.setContext(context);
+        request.getSession().setAttribute("SPRING_SECURITY_CONTEXT", context);
+        filterChain.doFilter(request, response);
+    }
+
+    /**
+     * AccessToken校验过滤器
+     */
+    public interface IAccessTokenCheckFilter {
+
+        UserInfoBO getUserInfo(String accessToken);
+
+    }
+
+}