Merge branch 'dev' of http://192.168.1.220:10080/Amoy2/wlyy2.0 into dev

common/common-rest-model/src/main/java/com/yihu/jw/restmodel/ResultStatus.java

@@ -0,0 +1,26 @@
package com.yihu.jw.restmodel;
public class ResultStatus {
    /**
     *   1000多错误码 用户,应用相关的
     */
    public static final Integer USER_NO_EXIST = 1000;//用户不存在
    public static final Integer APP_NO_EXIST = 1001;//应用不存在
    /**
     * 1100多错误码 与授权相关的
     */
    public static final Integer ERROR_TOKEN = 1100; //token有误,错误的token  或者 过期的token
    public static final Integer NULL_TOKEN = 1101;// token为空
    public static final Integer INVALID_GRANT = 1102; //授权失败,看具体报错信息,如验证码错误,密码错误等
    public static final Integer NO_PERMI = 1103; //无权限访问
    /**
     *  1200多错误码
     */
    public static final Integer ERROR_PARA = 1200;//错误参数等
    public static final Integer FAILED_RESP = 1201;//返回出错
}

gateway/ag-basic/src/main/java/com/yihu/jw/gateway/filter/BasicZuulFilter.java

@@ -3,6 +3,7 @@ package com.yihu.jw.gateway.filter;
import com.fasterxml.jackson.databind.ObjectMapper;
import com.netflix.zuul.ZuulFilter;
import com.netflix.zuul.context.RequestContext;
import com.yihu.jw.restmodel.ResultStatus;
import com.yihu.jw.restmodel.web.Envelop;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -11,7 +12,6 @@ import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Primary;
import org.springframework.data.redis.connection.jedis.JedisConnectionFactory;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.http.HttpStatus;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.token.TokenStore;
@@ -21,7 +21,6 @@ import org.springframework.util.StringUtils;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.util.Set;
/**
 * Created by progr1mmer on 2017/12/27
@@ -85,14 +84,14 @@ public class BasicZuulFilter extends ZuulFilter {
    private Object authenticate(RequestContext ctx, HttpServletRequest request, String path) {
        String accessToken = this.extractToken(request);
        if (null == accessToken) {
            return this.forbidden(ctx, HttpStatus.FORBIDDEN.value(), "token can not be null");
            return this.forbidden(ctx, ResultStatus.NULL_TOKEN, "token can not be null");
        }
        OAuth2AccessToken oAuth2AccessToken = tokenStore.readAccessToken(accessToken);
        if (null == oAuth2AccessToken) {
            return this.forbidden(ctx, HttpStatus.FORBIDDEN.value(), "invalid token");
            return this.forbidden(ctx, ResultStatus.ERROR_TOKEN, "invalid token");
        }
        if (oAuth2AccessToken.isExpired()) {
            return this.forbidden(ctx, HttpStatus.PAYMENT_REQUIRED.value(), "expired token"); //返回402 登陆过期
            return this.forbidden(ctx, ResultStatus.ERROR_TOKEN, "expired token");
        }
        //将token的认证信息附加到请求中，转发给下游微服务
        OAuth2Authentication auth = tokenStore.readAuthentication(accessToken);
@@ -101,7 +100,7 @@ public class BasicZuulFilter extends ZuulFilter {
//        Set<String> resourceIds = auth.getOAuth2Request().getResourceIds();
        String urls = redisTemplate.opsForValue().get("wlyy2:auth:token:"+accessToken);
        if(StringUtils.isEmpty(urls)){
           return this.forbidden(ctx, HttpStatus.FORBIDDEN.value(), "invalid token does not contain request resource " + path);
           return this.forbidden(ctx, ResultStatus.NO_PERMI, "invalid token does not contain request resource " + path);
        }
        //获取所有token资源
        String resourceIds[] = urls.split(",");
@@ -119,7 +118,7 @@ public class BasicZuulFilter extends ZuulFilter {
                return true;
            }
        }
        return this.forbidden(ctx, HttpStatus.FORBIDDEN.value(), "invalid token does not contain request resource " + path);
        return this.forbidden(ctx, ResultStatus.NO_PERMI, "invalid token does not contain request resource " + path);
    }
    private String extractToken(HttpServletRequest request) {
@@ -139,7 +138,7 @@ public class BasicZuulFilter extends ZuulFilter {
            //requestContext.setResponseStatusCode(status);
            requestContext.getResponse().getWriter().write(objectMapper.writeValueAsString(envelop));
        } catch (IOException e) {
            requestContext.setResponseStatusCode(HttpStatus.INTERNAL_SERVER_ERROR.value());
            requestContext.setResponseStatusCode(ResultStatus.FAILED_RESP);
            logger.error(e.getMessage());
        }
        return false;

server/svr-authentication/src/main/java/com/yihu/jw/security/oauth2/provider/endpoint/WlyyLoginEndpoint.java

@@ -2,6 +2,7 @@ package com.yihu.jw.security.oauth2.provider.endpoint;
import com.alibaba.fastjson.JSONObject;
import com.yihu.jw.entity.base.login.BaseLoginLogDO;
import com.yihu.jw.restmodel.ResultStatus;
import com.yihu.jw.restmodel.web.ObjEnvelop;
import com.yihu.jw.security.core.userdetails.jdbc.WlyyUserDetailsService;
import com.yihu.jw.security.login.service.BaseLoginLogService;
@@ -409,7 +410,7 @@ public class WlyyLoginEndpoint extends AbstractEndpoint {
        if (wlyyRedisVerifyCodeService.verification(client_id, username, captcha)) {
            oauth2Envelop = new Oauth2Envelop<>("验证码正确", 200, true);
        } else {
            oauth2Envelop = new Oauth2Envelop<>("验证码错误", 200, false);
            oauth2Envelop = new Oauth2Envelop<>("验证码错误", ResultStatus.INVALID_GRANT, false);
        }
        HttpHeaders headers = new HttpHeaders();
        headers.set("Cache-Control", "no-store");
@@ -554,15 +555,15 @@ public class WlyyLoginEndpoint extends AbstractEndpoint {
    public ResponseEntity<Oauth2Envelop> handleException(Exception e) throws Exception {
        LOG.debug(e.getMessage(), e);
        if (e instanceof UsernameNotFoundException) {
            return handleOAuth2Exception(new Oauth2Envelop("用户不存在!", HttpStatus.UNAUTHORIZED.value()), e);
            return handleOAuth2Exception(new Oauth2Envelop("用户不存在!", ResultStatus.USER_NO_EXIST), e);
        } else if (e instanceof NoSuchClientException) {
            return handleOAuth2Exception(new Oauth2Envelop("应用未注册!", HttpStatus.UNAUTHORIZED.value()), e);
            return handleOAuth2Exception(new Oauth2Envelop("应用未注册!", ResultStatus.APP_NO_EXIST), e);
        } else if (e instanceof InvalidGrantException) {
            return handleOAuth2Exception(new Oauth2Envelop(invalidGrantMessage((InvalidGrantException)e), HttpStatus.UNAUTHORIZED.value()), e);
            return handleOAuth2Exception(new Oauth2Envelop(invalidGrantMessage((InvalidGrantException)e), ResultStatus.INVALID_GRANT), e);
        } else if (e instanceof InvalidTokenException) {
            return handleOAuth2Exception(new Oauth2Envelop("Token有误/过期!", HttpStatus.FORBIDDEN.value()), e);
            return handleOAuth2Exception(new Oauth2Envelop("Token有误/过期!", ResultStatus.ERROR_TOKEN), e);
        } else if (e instanceof InvalidRequestException) {
            return handleOAuth2Exception(new Oauth2Envelop("参数" + e.getMessage() + "缺失!", HttpStatus.UNAUTHORIZED.value()), e);
            return handleOAuth2Exception(new Oauth2Envelop("参数" + e.getMessage() + "缺失!", ResultStatus.ERROR_PARA), e);
        } else if (e instanceof IllegalAccessException) {
            return handleOAuth2Exception(new Oauth2Envelop("短信请求频率过快,请稍后再试!", -1), e);
        } else if (e instanceof IllegalStateException) {

server/svr-authentication/src/main/java/com/yihu/jw/security/oauth2/provider/error/WlyyOAuth2ExceptionTranslator.java

@@ -1,5 +1,6 @@
package com.yihu.jw.security.oauth2.provider.error;
import com.yihu.jw.restmodel.ResultStatus;
import org.springframework.http.HttpHeaders;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
@@ -63,12 +64,16 @@ public class WlyyOAuth2ExceptionTranslator implements WebResponseExceptionTransl
        HttpHeaders headers = new HttpHeaders();
        headers.set("Cache-Control", "no-store");
        headers.set("Pragma", "no-cache");
        if (status == HttpStatus.UNAUTHORIZED.value() || (e instanceof InsufficientScopeException)) {
        if (status == ResultStatus.USER_NO_EXIST
                || status == ResultStatus.APP_NO_EXIST
                || status == ResultStatus.ERROR_TOKEN
                || status == ResultStatus.NULL_TOKEN
                || status == ResultStatus.INVALID_GRANT
                || e instanceof InsufficientScopeException) {
            headers.set("WWW-Authenticate", String.format("%s %s", OAuth2AccessToken.BEARER_TYPE, e.getSummary()));
        }
        ResponseEntity<OAuth2Exception> response = new ResponseEntity<>(e, headers,
                HttpStatus.valueOf(status));
                HttpStatus.OK);
        return response;