代码修改

gateway/ag-basic/src/main/java/com/yihu/jw/gateway/filter/CsrfFilter.java

@@ -72,7 +72,7 @@ public class CsrfFilter implements Filter {
        // 不启用或者已忽略的URL不拦截
        if(!getEnable() ||referer == null||referer.indexOf("http://ehr.yihu.com")==0
                ||referer.indexOf("https://zhyzh.gongshu.gov.cn")==0
                ||referer.indexOf("https://yyfbxt.szhz.hangzhou.gov.cn")>0
                ||referer.indexOf("https://yyfbxt.szhz.hangzhou.gov.cn")==0
                ||referer.indexOf("27.154.233.186")>0
                ||referer.indexOf(host)>0){
            filterChain.doFilter(servletRequest, servletResponse);

server/svr-authentication/src/main/java/com/yihu/jw/security/oauth2/provider/endpoint/WlyyLoginEndpoint.java

@@ -334,7 +334,8 @@ public class WlyyLoginEndpoint extends AbstractEndpoint {
     * @throws Exception
     */
    @RequestMapping(value = "/oauth/login", method = RequestMethod.POST)
    public ResponseEntity<Oauth2Envelop<WlyyUserSimple>> login(@RequestParam Map<String, String> parameters, HttpSession httpSession) throws Exception {
    public ResponseEntity<Oauth2Envelop<WlyyUserSimple>> login(@RequestParam Map<String, String> parameters,
                                                               HttpSession httpSession,HttpServletRequest request) throws Exception {
        logger.info("login:登录进入1");
        //图形验证码验证
        String key = parameters.get("key");
@@ -409,7 +410,8 @@ public class WlyyLoginEndpoint extends AbstractEndpoint {
            }
        } else if("1".equals(parameters.get("pwdAndCaptcha"))){
            parameters.put("grant_type", "pwdAndCaptcha");
            KeyPair keyPair = (KeyPair) httpSession.getAttribute("privateKey");
//            KeyPair keyPair = (KeyPair) httpSession.getAttribute("privateKey");
            KeyPair keyPair = getKeyPair(httpSession,request);
            String password = com.yihu.jw.security.utils.RSAUtils.decryptBase64(parameters.get("password"), keyPair);
            parameters.put("password", password);
            if (!testPwd(parameters.get("password"))) {
@@ -419,7 +421,8 @@ public class WlyyLoginEndpoint extends AbstractEndpoint {
            parameters.put("grant_type", "password");
            //解密密码
            if (parameters.get("password") != null) {
                KeyPair keyPair = (KeyPair) httpSession.getAttribute("privateKey");
//                KeyPair keyPair = (KeyPair) httpSession.getAttribute("privateKey");
                KeyPair keyPair = getKeyPair(httpSession,request);
                String password = com.yihu.jw.security.utils.RSAUtils.decryptBase64(parameters.get("password"), keyPair);
                parameters.put("password", password);
            } else {
@@ -461,7 +464,7 @@ public class WlyyLoginEndpoint extends AbstractEndpoint {
        在网关处通过HTTP状态码告知前端是过期（402）还是账号在别处登陆（403），
        实现同一账号只能在一处登陆*/
        if("1".equals(kickEachOther)){
            HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
//            HttpServletRequest request = ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
            if (request.getHeader("login-device") != null && (request.getHeader("login-device").equalsIgnoreCase("mobile")||request.getHeader("login-device").equalsIgnoreCase("pc"))) {
                if (tokenStore.readAccessToken(token.getValue())!=null){
                    tokenStore.removeAccessToken(token.getValue());
@@ -707,8 +710,38 @@ public class WlyyLoginEndpoint extends AbstractEndpoint {
        return new ResponseEntity<>(oauth2Envelop, headers, HttpStatus.OK);
    }
    //获取私钥
    public KeyPair getKeyPair(HttpSession httpSession,HttpServletRequest request){
        String referer = request.getHeader("Referer");
        if(referer.indexOf("https://yyfbxt.szhz.hangzhou.gov.cn")==0){
            OauthKeypairDO keypairDO = oauthKeypairDao.findByCode("yyfbxtKey");
            KeyPair keyPair = (KeyPair) SerializeUtil.unSerialize(keypairDO.getKeyPair());
            return keyPair;
        }
        KeyPair keyPair = (KeyPair) httpSession.getAttribute("privateKey");
        return keyPair;
    }
    @RequestMapping(value = "/oauth/getPublicKey", method = RequestMethod.GET)
    public ObjEnvelop<PublickeyVO> getPublicKey(HttpSession httpSession, HttpServletResponse httpServletResponse) {
    public ObjEnvelop<PublickeyVO> getPublicKey(HttpSession httpSession, HttpServletRequest request) {
        String referer = request.getHeader("Referer");
        if(referer.indexOf("https://yyfbxt.szhz.hangzhou.gov.cn")==0){
            //跨域时公钥固定
            OauthKeypairDO keypairDO = oauthKeypairDao.findByCode("yyfbxtKey");
            if (keypairDO == null) {
                KeyPair keyPair = com.yihu.jw.security.utils.RSAUtils.getKey();
                byte[] bytekey = SerializeUtil.ObjTOSerialize(keyPair);
                OauthKeypairDO kpDO = new OauthKeypairDO();
                kpDO.setCode("yyfbxtKey");
                kpDO.setKeyPair(bytekey);
                keypairDO = oauthKeypairDao.save(kpDO);
            }
            KeyPair keyPair = (KeyPair) SerializeUtil.unSerialize(keypairDO.getKeyPair());
            PublickeyVO pk = new PublickeyVO();
            pk.setPublicKey(com.yihu.jw.security.utils.RSAUtils.generateBase64PublicKey(keyPair));
            return ObjEnvelop.getSuccess("success", pk);
        }
        KeyPair keyPair = com.yihu.jw.security.utils.RSAUtils.getKey();
        httpSession.setAttribute("privateKey", keyPair);
        PublickeyVO pk = new PublickeyVO();