diff --git a/dsBase/src/main/java/com/dsideal/base/LoginPerson/Controller/LoginPersonController.java b/dsBase/src/main/java/com/dsideal/base/LoginPerson/Controller/LoginPersonController.java
index 6b9b75f2..87e82f16 100644
--- a/dsBase/src/main/java/com/dsideal/base/LoginPerson/Controller/LoginPersonController.java
+++ b/dsBase/src/main/java/com/dsideal/base/LoginPerson/Controller/LoginPersonController.java
@@ -118,7 +118,6 @@ public class LoginPersonController extends Controller {
Record r = bm.getBureauInfoByPersonId(loginMap.get("person_id").toString());
if (r != null) resultJson.put("bureau_name", r.getStr("bureau_name"));
renderJson(resultJson);
-
}
diff --git a/dsGw/pom.xml b/dsGw/pom.xml
index fee414f0..7ceef267 100644
--- a/dsGw/pom.xml
+++ b/dsGw/pom.xml
@@ -99,5 +99,16 @@
activation
1.1.1
+
+
+ com.alibaba
+ fastjson
+ ${fastjson.version}
+
+
+ commons-codec
+ commons-codec
+ 1.15
+
diff --git a/dsGw/src/main/java/com/dsideal/gw/Handler/RouterHandler.java b/dsGw/src/main/java/com/dsideal/gw/Handler/RouterHandler.java
index b939a945..131c084d 100644
--- a/dsGw/src/main/java/com/dsideal/gw/Handler/RouterHandler.java
+++ b/dsGw/src/main/java/com/dsideal/gw/Handler/RouterHandler.java
@@ -3,17 +3,20 @@ package com.dsideal.gw.Handler;
import cn.hutool.json.JSONObject;
import cn.hutool.json.JSONUtil;
import com.dsideal.gw.GwApplication;
+import com.dsideal.gw.Util.CommonUtil;
+import com.dsideal.gw.Util.JwtUtil;
import com.jfinal.handler.Handler;
+import com.jfinal.kit.StrKit;
import com.jfinal.upload.MultipartRequest;
import com.jfinal.upload.UploadFile;
+import io.jsonwebtoken.Claims;
import okhttp3.*;
+import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.*;
-import java.util.Enumeration;
-import java.util.List;
-import java.util.Objects;
+import java.util.*;
/**
* 测试用例:
@@ -93,11 +96,66 @@ public class RouterHandler extends Handler {
return;
}
//如果是白名单,不检查jwt,否则需要检查jwt
- if (GwApplication.whiteSet.contains(servletPath)) {
- // TODO
- System.out.println("白名单内链接,不检查jwt!");
- } else {
- System.out.println("不包含在白名单内链接,检查jwt!");
+ if (!GwApplication.whiteSet.contains(servletPath)) {
+ //是不是通过了登录检查?
+ boolean canPass = true;
+
+ //1、存在Cookie,检查是不是正确的Cookie
+ Cookie[] cookies = req.getCookies();
+ String identity_id = null;
+ String person_id = null;
+ String bureau_id = null;
+ String token = null;
+ if (cookies != null) {
+ for (Cookie cookie : cookies) {
+ if ("identity_id".equals(cookie.getName())) {
+ String cookieValue = cookie.getValue();
+ identity_id = cookieValue;
+ }
+ if ("person_id".equals(cookie.getName())) {
+ person_id = cookie.getValue();
+ }
+ if ("bureau_id".equals(cookie.getName())) {
+ bureau_id = cookie.getValue();
+ }
+ if ("token".equals(cookie.getName())) {
+ token = cookie.getValue();
+ }
+ }
+ }
+ //如果没有找到Cookie,那么直接不通过
+ if (StrKit.isBlank(token) || StrKit.isBlank(bureau_id) || StrKit.isBlank(identity_id) || StrKit.isBlank(person_id)) {
+ canPass = false;
+ }
+ //找到了Cookie,那是不是合法的Cookie呢?需要检查一下Token
+ if (canPass) {
+ Map loginMap = new HashMap<>();
+ loginMap.put("identity_id", identity_id);
+ loginMap.put("person_id", person_id);
+ loginMap.put("bureau_id", bureau_id);
+ String cookie_token = CommonUtil.Sign(loginMap, GwApplication.PropKit.get("jwt.CookieMd5SingPwd"));
+ if (!token.equals(cookie_token)) {//根据Cookie中的Token,和计算出来的Token是否一致
+ canPass = false;
+ }
+ }
+ if (!canPass) {
+ //如果不存在Cookie,那么检查是不是存在JWT,并且JWT是不是正确的
+ if (req.getHeader("Authorization") != null) {
+ String jwtToken = req.getHeader("Authorization");
+ Claims claims = JwtUtil.getClaims(jwtToken);
+ if (claims == null) {
+ canPass = true;
+ }
+ }
+ }
+ if(!canPass){
+ JSONObject jo = new JSONObject();
+ jo.put("success", false);
+ jo.put("message", "登录已过期,请重新登录!");
+ renderJson(res, jo);
+ isHandled[0] = true; //停止filter
+ return;
+ }
}
//路由到哪个微服务
diff --git a/dsGw/src/main/java/com/dsideal/gw/Util/CommonUtil.java b/dsGw/src/main/java/com/dsideal/gw/Util/CommonUtil.java
new file mode 100644
index 00000000..1585b2a1
--- /dev/null
+++ b/dsGw/src/main/java/com/dsideal/gw/Util/CommonUtil.java
@@ -0,0 +1,44 @@
+package com.dsideal.gw.Util;
+
+import com.alibaba.fastjson.JSONObject;
+import com.jfinal.kit.StrKit;
+import com.jfinal.plugin.activerecord.Page;
+import com.jfinal.plugin.activerecord.Record;
+import org.apache.commons.codec.binary.Base64;
+import org.apache.commons.codec.digest.DigestUtils;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+
+import java.util.*;
+import java.util.regex.Matcher;
+import java.util.regex.Pattern;
+
+@SuppressWarnings("unchecked")
+public class CommonUtil {
+ //在独立的main函数中,使用下面的方式进行声明logback对象
+ private static final Logger log = LoggerFactory.getLogger(CommonUtil.class);
+
+
+ /**
+ * 加签
+ *
+ * @param map
+ * @return
+ */
+ public static String Sign(Map map, String signKey) {
+ if (map == null) {
+ return null;
+ }
+ List keyList = new ArrayList<>(map.keySet());
+ Collections.sort(keyList);
+ StringBuffer sb = new StringBuffer();
+ for (int i = 0; i < keyList.size(); i++) {
+ String key = keyList.get(i);
+ Object value = map.get(key);
+ sb.append(key + "=" + value + "&");
+ }
+ String signStr = sb.substring(0, sb.length() - 1) + signKey;
+ String md5Str = DigestUtils.md5Hex(signStr);
+ return md5Str;
+ }
+}
diff --git a/dsGw/src/main/resources/application_dev.yaml b/dsGw/src/main/resources/application_dev.yaml
index 6c191946..47c05879 100644
--- a/dsGw/src/main/resources/application_dev.yaml
+++ b/dsGw/src/main/resources/application_dev.yaml
@@ -13,8 +13,15 @@ route:
dsResource:
url: http://dsResouce:8002
+jwt:
+ # 生成Token的密码
+ CookieMd5SingPwd: DsideaL4r5t6y7u
# 白名单
whitelist:
- - /dsBase/doLogin
- - /dsResource/doLogin
+ # 全局变量获取
+ - /dsBase/global/getGlobalValueByKey
+ # 登录
+ - /dsBase/loginPerson/doLogin
+ # 登录首页
+ - /dsBase/
diff --git a/dsGw/src/main/resources/application_pro.yaml b/dsGw/src/main/resources/application_pro.yaml
index 57965415..9714b581 100644
--- a/dsGw/src/main/resources/application_pro.yaml
+++ b/dsGw/src/main/resources/application_pro.yaml
@@ -13,7 +13,14 @@ route:
url: http://ds-resouce:8002
+jwt:
+ # 生成Token的密码
+ CookieMd5SingPwd: DsideaL4r5t6y7u
# 白名单
whitelist:
- - /dsBase/doLogin
+ # 全局变量获取
+ - /dsBase/global/getGlobalValueByKey
+ # 登录
+ - /dsBase/loginPerson/doLogin
+
diff --git a/dsGw/target/classes/application_dev.yaml b/dsGw/target/classes/application_dev.yaml
index 6c191946..47c05879 100644
--- a/dsGw/target/classes/application_dev.yaml
+++ b/dsGw/target/classes/application_dev.yaml
@@ -13,8 +13,15 @@ route:
dsResource:
url: http://dsResouce:8002
+jwt:
+ # 生成Token的密码
+ CookieMd5SingPwd: DsideaL4r5t6y7u
# 白名单
whitelist:
- - /dsBase/doLogin
- - /dsResource/doLogin
+ # 全局变量获取
+ - /dsBase/global/getGlobalValueByKey
+ # 登录
+ - /dsBase/loginPerson/doLogin
+ # 登录首页
+ - /dsBase/
diff --git a/dsGw/target/classes/application_pro.yaml b/dsGw/target/classes/application_pro.yaml
index 57965415..9714b581 100644
--- a/dsGw/target/classes/application_pro.yaml
+++ b/dsGw/target/classes/application_pro.yaml
@@ -13,7 +13,14 @@ route:
url: http://ds-resouce:8002
+jwt:
+ # 生成Token的密码
+ CookieMd5SingPwd: DsideaL4r5t6y7u
# 白名单
whitelist:
- - /dsBase/doLogin
+ # 全局变量获取
+ - /dsBase/global/getGlobalValueByKey
+ # 登录
+ - /dsBase/loginPerson/doLogin
+