网关与过滤器

gateway/ag-basic/src/main/java/com/yihu/jw/gateway/filter/BasicZuulFilter.java

@@ -10,12 +10,14 @@ import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Primary;
import org.springframework.data.redis.connection.jedis.JedisConnectionFactory;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.http.HttpStatus;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.provider.OAuth2Authentication;
import org.springframework.security.oauth2.provider.token.TokenStore;
import org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore;
import org.springframework.stereotype.Component;
import org.springframework.util.StringUtils;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
@@ -34,6 +36,8 @@ public class BasicZuulFilter extends ZuulFilter {
    private ObjectMapper objectMapper;
    @Autowired
    private TokenStore tokenStore;
    @Autowired
    private StringRedisTemplate redisTemplate;
    @Override
    public String filterType() {
@@ -64,6 +68,13 @@ public class BasicZuulFilter extends ZuulFilter {
        return this.authenticate(ctx, request, url);
    }
    /**
     * 验证token 权限地址
     * @param ctx
     * @param request
     * @param path
     * @return
     */
    private Object authenticate(RequestContext ctx, HttpServletRequest request, String path) {
        String accessToken = this.extractToken(request);
        if (null == accessToken) {
@@ -76,26 +87,32 @@ public class BasicZuulFilter extends ZuulFilter {
        if (oAuth2AccessToken.isExpired()) {
            return this.forbidden(ctx, HttpStatus.PAYMENT_REQUIRED.value(), "expired token"); //返回402 登陆过期
        }
//        //将token的认证信息附加到请求中，转发给下游微服务
//        OAuth2Authentication auth = tokenStore.readAuthentication(accessToken);
//        ctx.addZuulRequestHeader("x-auth-name", auth.getName());
//        //以下代码取消注释可开启Oauth2应用资源授权验证
        //将token的认证信息附加到请求中，转发给下游微服务
        OAuth2Authentication auth = tokenStore.readAuthentication(accessToken);
        ctx.addZuulRequestHeader("x-auth-name", auth.getName());
        //以下代码取消注释可开启Oauth2应用资源授权验证
//        Set<String> resourceIds = auth.getOAuth2Request().getResourceIds();
//        for (String resourceId : resourceIds) {
//            if (resourceId.equals("*")) {
//                return true;
//            }
//            if (!resourceId.startsWith("/")) {
//                resourceId = "/" + resourceId;
//            }
//            path = path.toLowerCase();
//            if (path.startsWith(resourceId)
//                    && (path.length() == resourceId.length() || path.charAt(resourceId.length()) == '/')) {
//                return true;
//            }
//        }
//        return this.forbidden(ctx, HttpStatus.FORBIDDEN.value(), "invalid token does not contain request resource " + path);
        return true;
        String urls = redisTemplate.opsForValue().get("wlyy2:auth:token:"+accessToken);
        if(StringUtils.isEmpty(urls)){
           return this.forbidden(ctx, HttpStatus.FORBIDDEN.value(), "invalid token does not contain request resource " + path);
        }
        //获取所有token资源
        String resourceIds[] = urls.split(",");
        for (String resourceId : resourceIds) {
            if (resourceId.equals("/**")) {
                return true;
            }
            if (!resourceId.startsWith("/")) {
                resourceId = "/" + resourceId;
            }
            path = path.toLowerCase();
            if (path.startsWith(resourceId)
                    && (path.length() == resourceId.length() || path.charAt(resourceId.length()) == '/')) {
                return true;
            }
        }
        return this.forbidden(ctx, HttpStatus.FORBIDDEN.value(), "invalid token does not contain request resource " + path);
    }
    private String extractToken(HttpServletRequest request) {

gateway/ag-basic/src/main/java/com/yihu/jw/security/core/userdetails/SaltUser.java

@@ -0,0 +1,232 @@
package com.yihu.jw.security.core.userdetails;
import org.springframework.security.core.CredentialsContainer;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.authority.AuthorityUtils;
import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.User;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.util.Assert;
import java.io.Serializable;
import java.util.*;
/**
 * Created by progr1mmer on 2018/8/29.
 */
public class SaltUser implements UserDetails, CredentialsContainer {
    private static final long serialVersionUID = 420L;
    private String password;
    private final String username;
    private final Set<GrantedAuthority> authorities;
    private final boolean accountNonExpired;
    private final boolean accountNonLocked;
    private final boolean credentialsNonExpired;
    private final boolean enabled;
    private final String salt;
    public SaltUser(String username, String password, String salt, Collection<? extends GrantedAuthority> authorities) {
        this(username, password, salt, true, true, true, true, authorities);
    }
    public SaltUser(String username, String password, String salt, boolean enabled, boolean locked, Collection<? extends GrantedAuthority> authorities) {
        this(username, password, salt, enabled, true, true, !locked, authorities);
    }
    public SaltUser(String username, String password, String salt, boolean enabled, boolean accountNonExpired, boolean credentialsNonExpired, boolean accountNonLocked, Collection<? extends GrantedAuthority> authorities) {
        if(username != null && !"".equals(username) && password != null) {
            this.username = username;
            this.password = password;
            this.salt = salt;
            this.enabled = enabled;
            this.accountNonExpired = accountNonExpired;
            this.credentialsNonExpired = credentialsNonExpired;
            this.accountNonLocked = accountNonLocked;
            this.authorities = Collections.unmodifiableSet(sortAuthorities(authorities));
        } else {
            throw new IllegalArgumentException("Cannot pass null or empty values to constructor");
        }
    }
    public Collection<GrantedAuthority> getAuthorities() {
        return this.authorities;
    }
    public String getPassword() {
        return this.password;
    }
    public String getUsername() {
        return this.username;
    }
    public String getSalt() {
        return salt;
    }
    public boolean isEnabled() {
        return this.enabled;
    }
    public boolean isAccountNonExpired() {
        return this.accountNonExpired;
    }
    public boolean isAccountNonLocked() {
        return this.accountNonLocked;
    }
    public boolean isCredentialsNonExpired() {
        return this.credentialsNonExpired;
    }
    public void eraseCredentials() {
        this.password = null;
    }
    private static SortedSet<GrantedAuthority> sortAuthorities(Collection<? extends GrantedAuthority> authorities) {
        Assert.notNull(authorities, "Cannot pass a null GrantedAuthority collection");
        SortedSet<GrantedAuthority> sortedAuthorities = new TreeSet(new SaltUser.AuthorityComparator());
        Iterator var2 = authorities.iterator();
        while(var2.hasNext()) {
            GrantedAuthority grantedAuthority = (GrantedAuthority)var2.next();
            Assert.notNull(grantedAuthority, "GrantedAuthority list cannot contain any null elements");
            sortedAuthorities.add(grantedAuthority);
        }
        return sortedAuthorities;
    }
    public boolean equals(Object rhs) {
        return rhs instanceof SaltUser ?this.username.equals(((SaltUser)rhs).username):false;
    }
    public int hashCode() {
        return this.username.hashCode();
    }
    public String toString() {
        StringBuilder sb = new StringBuilder();
        sb.append(super.toString()).append(": ");
        sb.append("Username: ").append(this.username).append("; ");
        sb.append("Password: [PROTECTED]; ");
        sb.append("Enabled: ").append(this.enabled).append("; ");
        sb.append("AccountNonExpired: ").append(this.accountNonExpired).append("; ");
        sb.append("credentialsNonExpired: ").append(this.credentialsNonExpired).append("; ");
        sb.append("AccountNonLocked: ").append(this.accountNonLocked).append("; ");
        if(!this.authorities.isEmpty()) {
            sb.append("Granted Authorities: ");
            boolean first = true;
            Iterator var3 = this.authorities.iterator();
            while(var3.hasNext()) {
                GrantedAuthority auth = (GrantedAuthority)var3.next();
                if(!first) {
                    sb.append(",");
                }
                first = false;
                sb.append(auth);
            }
        } else {
            sb.append("Not granted any authorities");
        }
        return sb.toString();
    }
    public static SaltUser.UserBuilder withUsername(String username) {
        return (new SaltUser.UserBuilder()).username(username);
    }
    public static class UserBuilder {
        private String username;
        private String password;
        private List<GrantedAuthority> authorities;
        private boolean accountExpired;
        private boolean accountLocked;
        private boolean credentialsExpired;
        private boolean disabled;
        private UserBuilder() {
        }
        private SaltUser.UserBuilder username(String username) {
            Assert.notNull(username, "username cannot be null");
            this.username = username;
            return this;
        }
        public SaltUser.UserBuilder password(String password) {
            Assert.notNull(password, "password cannot be null");
            this.password = password;
            return this;
        }
        public SaltUser.UserBuilder roles(String... roles) {
            List<GrantedAuthority> authorities = new ArrayList(roles.length);
            String[] var3 = roles;
            int var4 = roles.length;
            for(int var5 = 0; var5 < var4; ++var5) {
                String role = var3[var5];
                Assert.isTrue(!role.startsWith("ROLE_"), role + " cannot start with ROLE_ (it is automatically added)");
                authorities.add(new SimpleGrantedAuthority("ROLE_" + role));
            }
            return this.authorities((List)authorities);
        }
        public SaltUser.UserBuilder authorities(GrantedAuthority... authorities) {
            return this.authorities(Arrays.asList(authorities));
        }
        public SaltUser.UserBuilder authorities(List<? extends GrantedAuthority> authorities) {
            this.authorities = new ArrayList(authorities);
            return this;
        }
        public SaltUser.UserBuilder authorities(String... authorities) {
            return this.authorities(AuthorityUtils.createAuthorityList(authorities));
        }
        public SaltUser.UserBuilder accountExpired(boolean accountExpired) {
            this.accountExpired = accountExpired;
            return this;
        }
        public SaltUser.UserBuilder accountLocked(boolean accountLocked) {
            this.accountLocked = accountLocked;
            return this;
        }
        public SaltUser.UserBuilder credentialsExpired(boolean credentialsExpired) {
            this.credentialsExpired = credentialsExpired;
            return this;
        }
        public SaltUser.UserBuilder disabled(boolean disabled) {
            this.disabled = disabled;
            return this;
        }
        public UserDetails build() {
            return new User(this.username, this.password, !this.disabled, !this.accountExpired, !this.credentialsExpired, !this.accountLocked, this.authorities);
        }
    }
    private static class AuthorityComparator implements Comparator<GrantedAuthority>, Serializable {
        private static final long serialVersionUID = 420L;
        private AuthorityComparator() {
        }
        public int compare(GrantedAuthority g1, GrantedAuthority g2) {
            return g2.getAuthority() == null?-1:(g1.getAuthority() == null?1:g1.getAuthority().compareTo(g2.getAuthority()));
        }
    }
}

gateway/ag-basic/src/main/resources/application.yml

@@ -19,6 +19,15 @@ spring:
    test-while-idle: true #指明连接是否被空闲连接回收器(如果有)进行检验，如果检测失败，则连接将被从池中去除
    min-evictable-idle-time-millis: 3600000 #连接池中连接，在时间段内一直空闲，被逐出连接池的时间(1000*60*60)，以毫秒为单位
    time-between-eviction-runs-millis: 300000 #在空闲连接回收器线程运行期间休眠的时间值,以毫秒为单位，一般比minEvictableIdleTimeMillis小
  redis:
    database: 0 # Database index used by the connection factory.
    timeout: 0 # Connection timeout in milliseconds.
    pool:
      max-active: 8 # Max number of connections that can be allocated by the pool at a given time. Use a negative value for no limit.
      max-idle: 8 # Max number of "idle" connections in the pool. Use a negative value to indicate an unlimited number of idle connections.
      max-wait: -1 # Maximum amount of time (in milliseconds) a connection allocation should block before throwing an exception when the pool is exhausted. Use a negative value to block indefinitely.
      min-idle: 1 # Target for the minimum number of idle connections to maintain in the pool. This setting only has an effect if it is positive.
#  sleuth:
#    sampler:
#      percentage: 1.0 #采用需要的请求的百分比 默认是0.1 即 10%
@@ -33,10 +42,10 @@ zuul:
      serviceId: svr-iot
    svr-base:
      path: /base/**
      serviceId: svr-base
      serviceId: svr-base-lyx
    svr-authentication:
      path: /auth/**
      serviceId: svr-authentication
      serviceId: svr-authentication-lyx
---
spring:
@@ -45,6 +54,10 @@ spring:
    url: jdbc:mysql://172.19.103.77/base?useUnicode:true&characterEncoding=utf-8&autoReconnect=true
    username: root
    password: 123456
  redis:
    host: 172.19.103.88 # Redis server host.
    port: 6379 # Redis server port.
#    password: jkzl_ehr
#  zipkin:
#    base-url: http://localhost:9411 #日志追踪的地址

server/svr-authentication/src/main/java/com/yihu/jw/security/core/userdetails/jdbc/WlyyUserDetailsService.java

@@ -5,7 +5,7 @@ import com.yihu.jw.security.model.WlyyUserDetails;
import com.yihu.jw.security.model.WlyyUserSimple;
import org.apache.commons.lang.StringUtils;
import org.apache.commons.lang.time.DateUtils;
import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.jdbc.core.BeanPropertyRowMapper;
import org.springframework.jdbc.core.support.JdbcDaoSupport;
import org.springframework.security.core.GrantedAuthority;
@@ -13,6 +13,7 @@ import org.springframework.security.core.authority.SimpleGrantedAuthority;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.context.request.ServletRequestAttributes;
@@ -22,6 +23,7 @@ import java.util.ArrayList;
import java.util.Collection;
import java.util.Date;
import java.util.List;
import java.util.concurrent.TimeUnit;
/**
 * Service - 用户信息
@@ -243,10 +245,12 @@ public class WlyyUserDetailsService extends JdbcDaoSupport implements UserDetail
    }
    public boolean setRolePhth(String loginType, String token, String id, RedisTemplate redisTemplate){
    public boolean setRolePhth(String loginType, OAuth2AccessToken token, String id, StringRedisTemplate redisTemplate){
        if(org.apache.commons.lang.StringUtils.isBlank(loginType)||"1".equals(loginType)){ //1或默认查找user表，为平台管理员账号
            String key = "wlyy2:auth:token:"+token.getValue();
            redisTemplate.opsForValue().set(key,"/**");
            redisTemplate.expire(key,token.getExpiresIn(), TimeUnit.SECONDS);
        }else if("2".equals(loginType)){//2.为医生账号
        }else if("3".equals(loginType)){ //3.患者账号

server/svr-authentication/src/main/java/com/yihu/jw/security/oauth2/provider/endpoint/WlyyLoginEndpoint.java

@@ -1,23 +1,27 @@
package com.yihu.jw.security.oauth2.provider.endpoint;
import com.yihu.jw.security.core.userdetails.jdbc.WlyyUserDetailsService;
import com.yihu.jw.security.model.Captcha;
import com.yihu.jw.security.model.Oauth2Envelop;
import com.yihu.jw.security.model.PublicKey;
import com.yihu.jw.security.model.WlyyUserSimple;
import com.yihu.jw.security.oauth2.core.redis.WlyyRedisVerifyCodeService;
import com.yihu.jw.security.oauth2.provider.error.WlyyOAuth2ExceptionTranslator;
import com.yihu.jw.security.oauth2.provider.WlyyTokenGranter;
import com.yihu.jw.security.core.userdetails.jdbc.WlyyUserDetailsService;
import com.yihu.jw.security.model.Oauth2Envelop;
import com.yihu.jw.security.model.WlyyUserSimple;
import com.yihu.jw.security.oauth2.provider.error.WlyyOAuth2ExceptionTranslator;
import com.yihu.utils.security.RSAUtils;
import org.apache.commons.codec.binary.Base64;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.data.redis.core.StringRedisTemplate;
import org.springframework.http.*;
import org.springframework.security.authentication.AuthenticationManager;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.oauth2.common.OAuth2AccessToken;
import org.springframework.security.oauth2.common.exceptions.*;
import org.springframework.security.oauth2.common.exceptions.InvalidGrantException;
import org.springframework.security.oauth2.common.exceptions.InvalidRequestException;
import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
import org.springframework.security.oauth2.common.exceptions.UnsupportedGrantTypeException;
import org.springframework.security.oauth2.provider.*;
import org.springframework.security.oauth2.provider.endpoint.AbstractEndpoint;
import org.springframework.security.oauth2.provider.error.WebResponseExceptionTranslator;
@@ -80,6 +84,8 @@ public class WlyyLoginEndpoint extends AbstractEndpoint {
    private RestTemplate restTemplate;
    @Autowired
    private WlyyRedisVerifyCodeService wlyyRedisVerifyCodeService;
    @Autowired
    private StringRedisTemplate redisTemplate;
    @PostConstruct
    private void init() {
@@ -149,6 +155,11 @@ public class WlyyLoginEndpoint extends AbstractEndpoint {
        wlyyUserSimple.setRefreshToken(token.getRefreshToken().getValue());
        wlyyUserSimple.setUser(parameters.get("username"));
        wlyyUserSimple.setState(parameters.get("state"));
        String loginType = parameters.get("login_type");
        userDetailsService.setRolePhth(loginType,token,wlyyUserSimple.getId(),redisTemplate);
        return getResponse(wlyyUserSimple);
    }

server/svr-authentication/src/main/resources/application.yml

@@ -32,7 +32,7 @@ spring:
    username: root
    password: 123456
  redis:
    host: 172.19.103.47
    port: 6379
    password: redis!@456
    host: 172.19.103.88 # Redis server host.
    port: 6379 # Redis server port.
#    password: jkzl_ehr