'commit'

10 months ago · 704c869b4a
parent a4e63f7809
commit 704c869b4a
8 changed files with 155 additions and 15 deletions
--- a/dsBase/src/main/java/com/dsideal/base/LoginPerson/Controller/LoginPersonController.java
+++ b/dsBase/src/main/java/com/dsideal/base/LoginPerson/Controller/LoginPersonController.java
@ -118,7 +118,6 @@ public class LoginPersonController extends Controller {
        Record r = bm.getBureauInfoByPersonId(loginMap.get("person_id").toString());
        if (r != null) resultJson.put("bureau_name", r.getStr("bureau_name"));
        renderJson(resultJson);
-
    }


--- a/dsGw/pom.xml
+++ b/dsGw/pom.xml
@ -99,5 +99,16 @@
            <artifactId>activation</artifactId>
            <version>1.1.1</version>
        </dependency>
+        <!--引用fastjson-->
+        <dependency>
+            <groupId>com.alibaba</groupId>
+            <artifactId>fastjson</artifactId>
+            <version>${fastjson.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>commons-codec</groupId>
+            <artifactId>commons-codec</artifactId>
+            <version>1.15</version> <!-- 可以选择最新版本 -->
+        </dependency>
    </dependencies>
 </project>
--- a/dsGw/src/main/java/com/dsideal/gw/Handler/RouterHandler.java
+++ b/dsGw/src/main/java/com/dsideal/gw/Handler/RouterHandler.java
@ -3,17 +3,20 @@ package com.dsideal.gw.Handler;
 import cn.hutool.json.JSONObject;
 import cn.hutool.json.JSONUtil;
 import com.dsideal.gw.GwApplication;
+import com.dsideal.gw.Util.CommonUtil;
+import com.dsideal.gw.Util.JwtUtil;
 import com.jfinal.handler.Handler;
+import com.jfinal.kit.StrKit;
 import com.jfinal.upload.MultipartRequest;
 import com.jfinal.upload.UploadFile;
+import io.jsonwebtoken.Claims;
 import okhttp3.*;

+import javax.servlet.http.Cookie;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 import java.io.*;
-import java.util.Enumeration;
-import java.util.List;
-import java.util.Objects;
+import java.util.*;

 /**
 * 测试用例：
@ -93,11 +96,66 @@ public class RouterHandler extends Handler {
            return;
        }
        //如果是白名单，不检查jwt,否则需要检查jwt
-        if (GwApplication.whiteSet.contains(servletPath)) {
-            // TODO
-            System.out.println("白名单内链接，不检查jwt!");
-        } else {
-            System.out.println("不包含在白名单内链接，检查jwt!");
+        if (!GwApplication.whiteSet.contains(servletPath)) {
+            //是不是通过了登录检查？
+            boolean canPass = true;
+
+            //1、存在Cookie,检查是不是正确的Cookie
+            Cookie[] cookies = req.getCookies();
+            String identity_id = null;
+            String person_id = null;
+            String bureau_id = null;
+            String token = null;
+            if (cookies != null) {
+                for (Cookie cookie : cookies) {
+                    if ("identity_id".equals(cookie.getName())) {
+                        String cookieValue = cookie.getValue();
+                        identity_id = cookieValue;
+                    }
+                    if ("person_id".equals(cookie.getName())) {
+                        person_id = cookie.getValue();
+                    }
+                    if ("bureau_id".equals(cookie.getName())) {
+                        bureau_id = cookie.getValue();
+                    }
+                    if ("token".equals(cookie.getName())) {
+                        token = cookie.getValue();
+                    }
+                }
+            }
+            //如果没有找到Cookie，那么直接不通过
+            if (StrKit.isBlank(token) || StrKit.isBlank(bureau_id) || StrKit.isBlank(identity_id) || StrKit.isBlank(person_id)) {
+                canPass = false;
+            }
+            //找到了Cookie,那是不是合法的Cookie呢？需要检查一下Token
+            if (canPass) {
+                Map<String, Object> loginMap = new HashMap<>();
+                loginMap.put("identity_id", identity_id);
+                loginMap.put("person_id", person_id);
+                loginMap.put("bureau_id", bureau_id);
+                String cookie_token = CommonUtil.Sign(loginMap, GwApplication.PropKit.get("jwt.CookieMd5SingPwd"));
+                if (!token.equals(cookie_token)) {//根据Cookie中的Token，和计算出来的Token是否一致
+                    canPass = false;
+                }
+            }
+            if (!canPass) {
+                //如果不存在Cookie,那么检查是不是存在JWT,并且JWT是不是正确的
+                if (req.getHeader("Authorization") != null) {
+                    String jwtToken = req.getHeader("Authorization");
+                    Claims claims = JwtUtil.getClaims(jwtToken);
+                    if (claims == null) {
+                        canPass = true;
+                    }
+                }
+            }
+            if(!canPass){
+                JSONObject jo = new JSONObject();
+                jo.put("success", false);
+                jo.put("message", "登录已过期，请重新登录！");
+                renderJson(res, jo);
+                isHandled[0] = true; //停止filter
+                return;
+            }
        }

        //路由到哪个微服务
--- a/dsGw/src/main/java/com/dsideal/gw/Util/CommonUtil.java
+++ b/dsGw/src/main/java/com/dsideal/gw/Util/CommonUtil.java
@ -0,0 +1,44 @@
+package com.dsideal.gw.Util;
+
+import com.alibaba.fastjson.JSONObject;
+import com.jfinal.kit.StrKit;
+import com.jfinal.plugin.activerecord.Page;
+import com.jfinal.plugin.activerecord.Record;
+import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.codec.digest.DigestUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.*;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+@SuppressWarnings("unchecked")
+public class CommonUtil {
+    //在独立的main函数中，使用下面的方式进行声明logback对象
+    private static final Logger log = LoggerFactory.getLogger(CommonUtil.class);
+
+
+    /**
+     * 加签
+     *
+     * @param map
+     * @return
+     */
+    public static String Sign(Map<String, Object> map, String signKey) {
+        if (map == null) {
+            return null;
+        }
+        List<String> keyList = new ArrayList<>(map.keySet());
+        Collections.sort(keyList);
+        StringBuffer sb = new StringBuffer();
+        for (int i = 0; i < keyList.size(); i++) {
+            String key = keyList.get(i);
+            Object value = map.get(key);
+            sb.append(key + "=" + value + "&");
+        }
+        String signStr = sb.substring(0, sb.length() - 1) + signKey;
+        String md5Str = DigestUtils.md5Hex(signStr);
+        return md5Str;
+    }
+}
--- a/dsGw/src/main/resources/application_dev.yaml
+++ b/dsGw/src/main/resources/application_dev.yaml
@ -13,8 +13,15 @@ route:
  dsResource:
    url: http://dsResouce:8002

+jwt:
+  # 生成Token的密码
+  CookieMd5SingPwd: DsideaL4r5t6y7u

 # 白名单
 whitelist:
-  - /dsBase/doLogin
-  - /dsResource/doLogin
+  # 全局变量获取
+  - /dsBase/global/getGlobalValueByKey
+  # 登录
+  - /dsBase/loginPerson/doLogin
+  # 登录首页
+  - /dsBase/
--- a/dsGw/src/main/resources/application_pro.yaml
+++ b/dsGw/src/main/resources/application_pro.yaml
@ -13,7 +13,14 @@ route:
    url: http://ds-resouce:8002


+jwt:
+  # 生成Token的密码
+  CookieMd5SingPwd: DsideaL4r5t6y7u

 # 白名单
 whitelist:
-  - /dsBase/doLogin
+  # 全局变量获取
+  - /dsBase/global/getGlobalValueByKey
+  # 登录
+  - /dsBase/loginPerson/doLogin
+
--- a/dsGw/target/classes/application_dev.yaml
+++ b/dsGw/target/classes/application_dev.yaml
@ -13,8 +13,15 @@ route:
  dsResource:
    url: http://dsResouce:8002

+jwt:
+  # 生成Token的密码
+  CookieMd5SingPwd: DsideaL4r5t6y7u

 # 白名单
 whitelist:
-  - /dsBase/doLogin
-  - /dsResource/doLogin
+  # 全局变量获取
+  - /dsBase/global/getGlobalValueByKey
+  # 登录
+  - /dsBase/loginPerson/doLogin
+  # 登录首页
+  - /dsBase/
--- a/dsGw/target/classes/application_pro.yaml
+++ b/dsGw/target/classes/application_pro.yaml
@ -13,7 +13,14 @@ route:
    url: http://ds-resouce:8002


+jwt:
+  # 生成Token的密码
+  CookieMd5SingPwd: DsideaL4r5t6y7u

 # 白名单
 whitelist:
-  - /dsBase/doLogin
+  # 全局变量获取
+  - /dsBase/global/getGlobalValueByKey
+  # 登录
+  - /dsBase/loginPerson/doLogin
+