From 8105edfb88898b483f8e09ff3b3ca02d9b8856bb Mon Sep 17 00:00:00 2001 From: Tang Cheng Date: Wed, 15 Jan 2020 16:58:08 +0800 Subject: [PATCH] update multi-tenant library to 1.2.4 --- build.gradle | 12 ++----- .../controller/security_controller.kt | 31 +++++++++-------- .../service/impl/framework_service_impl.kt | 9 +++-- .../com/supwisdom/dlpay/mobile/MobileApi.kt | 22 +++++++------ .../kotlin/com/supwisdom/dlpay/security.kt | 33 ++++++++----------- 5 files changed, 49 insertions(+), 58 deletions(-) diff --git a/build.gradle b/build.gradle index 6f3c4df1..04479583 100644 --- a/build.gradle +++ b/build.gradle @@ -8,8 +8,8 @@ plugins { id 'org.jetbrains.kotlin.plugin.spring' version '1.3.31' apply false id 'org.jetbrains.kotlin.plugin.jpa' version '1.3.31' apply false id 'com.gradle.build-scan' version '2.0.2' - id "com.palantir.git-version" version "0.12.0-rc2" - id 'com.palantir.docker' version '0.22.1' apply false + id "com.palantir.git-version" version "0.12.2" + id 'com.palantir.docker' version '0.22.2' apply false } bootJar { @@ -102,7 +102,7 @@ subprojects { springSocialVersion = '1.1.6.RELEASE' springKafkaVersion = '2.2.8.RELEASE' postgresVersion = '42.2.5' - multiTenantLibVersion = '1.1.17' + multiTenantLibVersion = '1.2.4' } implementation "org.jetbrains.kotlin:kotlin-reflect" implementation "org.jetbrains.kotlin:kotlin-stdlib-jdk8" @@ -131,12 +131,6 @@ subprojects { annotationProcessor "org.projectlombok:lombok:${lombokVersion}" compileOnly "org.projectlombok:lombok:${lombokVersion}" - // implementation "javax.el:javax.el-api:${javaELVersion}" - // implementation "javax.servlet:javax.servlet-api:4.0.1" -// testImplementation 'org.springframework:spring-test' -// testImplementation 'org.springframework.boot:spring-boot-test' -// implementation "javax.servlet:jstl:1.2" -// implementation "taglibs:standard:1.1.2" testImplementation("org.springframework.boot:spring-boot-starter-test") { exclude group: "junit", module: "junit" diff --git a/payapi/src/main/kotlin/com/supwisdom/dlpay/framework/controller/security_controller.kt b/payapi/src/main/kotlin/com/supwisdom/dlpay/framework/controller/security_controller.kt index 22c14907..97e1782e 100644 --- a/payapi/src/main/kotlin/com/supwisdom/dlpay/framework/controller/security_controller.kt +++ b/payapi/src/main/kotlin/com/supwisdom/dlpay/framework/controller/security_controller.kt @@ -14,11 +14,14 @@ import com.supwisdom.dlpay.framework.security.validate.ImageCodeUtil import com.supwisdom.dlpay.framework.security.validate.VerifyCode import com.supwisdom.dlpay.framework.service.CommonService import com.supwisdom.dlpay.framework.service.SystemUtilService -import com.supwisdom.dlpay.framework.util.* +import com.supwisdom.dlpay.framework.util.Constants +import com.supwisdom.dlpay.framework.util.HmacUtil +import com.supwisdom.dlpay.framework.util.TradeDict +import com.supwisdom.dlpay.framework.util.TradeErrorCode import com.supwisdom.dlpay.system.service.FunctionService -import com.supwisdom.multitenant.jwt.JwtRequestData import com.supwisdom.multitenant.jwt.JwtTenantService import com.supwisdom.multitenant.jwt.JwtTokenBuilder +import com.supwisdom.multitenant.jwt.JwtTokenContext import mu.KotlinLogging import org.springframework.beans.factory.annotation.Autowired import org.springframework.data.redis.connection.RedisConnectionFactory @@ -38,7 +41,6 @@ import org.springframework.web.context.request.ServletWebRequest import java.io.IOException import java.time.Instant import java.util.* -import javax.annotation.Resource import javax.imageio.ImageIO import javax.servlet.http.HttpServletRequest import javax.servlet.http.HttpServletResponse @@ -62,8 +64,8 @@ class ApiAuthController { @Autowired private lateinit var jwtTenantService: JwtTenantService - @Resource(name = "jwtRequestData") - private lateinit var jwtRequestData: JwtRequestData + @Autowired + private lateinit var jwtTokenContext: JwtTokenContext @GetMapping(value = ["/gettoken", "/gettoken/{clientid}"]) fun loginInit(appid: String, @PathVariable clientid: String?, @@ -133,10 +135,12 @@ class ApiAuthController { @GetMapping("/refresh") fun refresh(request: HttpServletRequest): ResponseEntity { - val jwt = jwtRequestData.jwtToken - ?: return ResponseEntity.ok(ResponseBodyBuilder.create().fail(TradeErrorCode.INPUT_DATA_ERROR, - "jwt unauthorized")) - + val jwt = if (jwtTokenContext.jwt.isPresent) { + jwtTokenContext.jwt.get() + } else { + return ResponseEntity.ok(ResponseBodyBuilder.create().fail(TradeErrorCode.INPUT_DATA_ERROR, + "jwt unauthorized")) + } val appid = jwt.uid // 新证书 val builder = JwtTokenBuilder.create() @@ -194,8 +198,7 @@ class UserInforController { @Autowired private lateinit var redisConnectionFactory: RedisConnectionFactory - @Resource(name = "jwtRequestData") - private lateinit var jwtRequestData: JwtRequestData + private lateinit var jwtTokenContext: JwtTokenContext @RequestMapping("/userinfor") fun user(@RequestParam("access_token") access_token: String?, @@ -203,10 +206,10 @@ class UserInforController { if (access_token.isNullOrEmpty() && auth.isNullOrEmpty()) { return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build() } - val jwt = if (!auth.isNullOrEmpty()) { - jwtRequestData.jwtToken.jwt - } else { + val jwt = if (auth.isNullOrEmpty()) { access_token!! + } else { + jwtTokenContext.jwt.orElseGet(null)?.jwt } val obj: OAuth2Authentication? = RedisTokenStore(redisConnectionFactory).readAuthentication(jwt) ?: return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build() diff --git a/payapi/src/main/kotlin/com/supwisdom/dlpay/framework/service/impl/framework_service_impl.kt b/payapi/src/main/kotlin/com/supwisdom/dlpay/framework/service/impl/framework_service_impl.kt index e5d2858e..93ad8e66 100644 --- a/payapi/src/main/kotlin/com/supwisdom/dlpay/framework/service/impl/framework_service_impl.kt +++ b/payapi/src/main/kotlin/com/supwisdom/dlpay/framework/service/impl/framework_service_impl.kt @@ -6,10 +6,9 @@ import com.supwisdom.dlpay.framework.dao.ApiClientDao import com.supwisdom.dlpay.framework.service.CommonService import com.supwisdom.dlpay.framework.util.StringUtil import com.supwisdom.dlpay.framework.util.TradeErrorCode -import com.supwisdom.multitenant.jwt.JwtRequestData +import com.supwisdom.multitenant.jwt.JwtTokenContext import org.springframework.beans.factory.annotation.Autowired import org.springframework.stereotype.Service -import javax.annotation.Resource import javax.servlet.http.HttpServletRequest @Service @@ -17,8 +16,8 @@ class CommonServiceImpl : CommonService { @Autowired lateinit var apiClientDao: ApiClientDao - @Resource(name = "jwtRequestData") - private lateinit var jwtRequestData: JwtRequestData + @Autowired + lateinit var jwtTokenContext: JwtTokenContext override fun getSystemVersion(): String { return try { @@ -31,7 +30,7 @@ class CommonServiceImpl : CommonService { } override fun getRequestAppid(request: HttpServletRequest): String { - jwtRequestData.jwtToken?.also { + jwtTokenContext.jwt.get()?.also { val uid = it.uid if (!StringUtil.isEmpty(uid)) { return uid as String diff --git a/payapi/src/main/kotlin/com/supwisdom/dlpay/mobile/MobileApi.kt b/payapi/src/main/kotlin/com/supwisdom/dlpay/mobile/MobileApi.kt index 26289f67..8b3c2dc6 100644 --- a/payapi/src/main/kotlin/com/supwisdom/dlpay/mobile/MobileApi.kt +++ b/payapi/src/main/kotlin/com/supwisdom/dlpay/mobile/MobileApi.kt @@ -14,9 +14,9 @@ import com.supwisdom.dlpay.mobile.service.MobileApiService import com.supwisdom.dlpay.system.service.DictionaryProxy import com.supwisdom.dlpay.util.ConstantUtil import com.supwisdom.dlpay.util.RSAKeysGenerate -import com.supwisdom.multitenant.jwt.JwtRequestData import com.supwisdom.multitenant.jwt.JwtTenantService import com.supwisdom.multitenant.jwt.JwtTokenBuilder +import com.supwisdom.multitenant.jwt.JwtTokenContext import mu.KotlinLogging import org.apache.commons.lang.StringUtils import org.jose4j.jwt.ReservedClaimNames @@ -249,8 +249,8 @@ class ApiV1 { @Autowired lateinit var jwtTenantService: JwtTenantService - @Resource(name = "jwtRequestData") - lateinit var jwtRequestData: JwtRequestData + @Autowired + lateinit var jwtTokenContext: JwtTokenContext val logger = KotlinLogging.logger { } @@ -263,8 +263,8 @@ class ApiV1 { @RequestMapping("/logout") fun logout(): ResponseEntity { SecurityContextHolder.clearContext() - jwtRequestData.jwtToken?.also { - jwtTenantService.revoke(it) + jwtTokenContext.jwt.ifPresent { token -> + jwtTenantService.revoke(token) } return ResponseEntity.status(HttpStatus.UNAUTHORIZED).build() } @@ -278,9 +278,9 @@ class ApiV1 { val user = mobileApiService.findUserById(p.name) ?: return JsonResult.error("用户不存在,请注册") var tk = "" - jwtRequestData.jwtToken?.also { + jwtTokenContext.jwt.ifPresent { oldToken -> val currentMillis = System.currentTimeMillis() - if (it.expiration - currentMillis < 60 * 60 * 12) { + if (oldToken.expiration - currentMillis < 60 * 60 * 12) { val exp = systemUtilService.getSysparaValueAsInt( SysparaUtil.MOBILE_LOGIN_EXPIRE_IN_SECONDS, 60 * 60 * 24 * 3) val builder = JwtTokenBuilder.create() @@ -294,9 +294,9 @@ class ApiV1 { user.jti = token.get().jti mobileApiService.saveUser(user) tk = token.get().jwt - jwtTenantService.revoke(jwtRequestData.jwtToken) + jwtTenantService.revoke(oldToken) } else { - tk = jwtRequestData.jwtToken.jwt + tk = oldToken.jwt } } } @@ -651,7 +651,9 @@ class ApiV1 { val pwdtimes = user.checkLoginpwdtime() if (pwdtimes == -1) { if (!user.jti.isNullOrEmpty()) { - jwtTenantService.revoke(jwtRequestData.jwtToken) + jwtTokenContext.jwt.ifPresent { token -> + jwtTenantService.revoke(token) + } } return JsonResult.error(-1, "原密码错误次数过多,将退出系统,请重新登录系统或点击忘记密码功能找回密码") } else if (pwdtimes == 1) { diff --git a/payapi/src/main/kotlin/com/supwisdom/dlpay/security.kt b/payapi/src/main/kotlin/com/supwisdom/dlpay/security.kt index 8e1892ae..7f127789 100644 --- a/payapi/src/main/kotlin/com/supwisdom/dlpay/security.kt +++ b/payapi/src/main/kotlin/com/supwisdom/dlpay/security.kt @@ -7,7 +7,7 @@ import com.supwisdom.dlpay.framework.service.impl.MultiTenantOperatorDetailServi import com.supwisdom.dlpay.mobile.AuthLoginFailHandler import com.supwisdom.dlpay.mobile.AuthLoginSuccessHandler import com.supwisdom.dlpay.mobile.service.MobileUserService -import com.supwisdom.multitenant.jwt.JwtRequestData +import com.supwisdom.multitenant.jwt.JwtTokenContext import org.jose4j.jwt.consumer.InvalidJwtException import org.jose4j.lang.JoseException import org.springframework.beans.factory.annotation.Autowired @@ -37,7 +37,6 @@ import org.springframework.web.cors.UrlBasedCorsConfigurationSource import org.springframework.web.filter.OncePerRequestFilter import java.security.SecureRandom import java.util.* -import javax.annotation.Resource import javax.servlet.FilterChain import javax.servlet.http.HttpServletRequest import javax.servlet.http.HttpServletResponse @@ -47,43 +46,40 @@ import javax.sql.DataSource @Component class ApiJwtAuthenticationFilter : OncePerRequestFilter() { - @Resource(name = "jwtRequestData") - private lateinit var jwtRequestData: JwtRequestData + @Autowired + private lateinit var jwtTokenContext: JwtTokenContext override fun doFilterInternal(request: HttpServletRequest, response: HttpServletResponse, filterChain: FilterChain) { - jwtRequestData.jwtToken?.let { jwt -> + jwtTokenContext.jwt.ifPresent { jwt -> try { val auth = UsernamePasswordAuthenticationToken(jwt.uid, null, (jwt.authorities as ArrayList<*>) .map { SimpleGrantedAuthority(it as String) }) SecurityContextHolder.getContext().authentication = auth + filterChain.doFilter(request, response) } catch (e: InvalidJwtException) { SecurityContextHolder.clearContext() response.status = HttpStatus.UNAUTHORIZED.value() - return } catch (e: JoseException) { SecurityContextHolder.clearContext() // jwt 失效后返回 401 response.status = HttpStatus.UNAUTHORIZED.value() response.contentType = "application/json;charset=UTF-8" - return } catch (e: Exception) { SecurityContextHolder.clearContext() // jwt 失效后返回 401 response.status = HttpStatus.UNAUTHORIZED.value() response.contentType = "application/json;charset=UTF-8" - return } } - filterChain.doFilter(request, response) } } @Component class MobileSecurityFilter : OncePerRequestFilter() { - @Resource(name = "jwtRequestData") - private lateinit var jwtRequestData: JwtRequestData + @Autowired + private lateinit var jwtTokenContext: JwtTokenContext override fun doFilterInternal(request: HttpServletRequest, response: HttpServletResponse, filterChain: FilterChain) { var context: String? = request.contextPath @@ -103,35 +99,32 @@ class MobileSecurityFilter : OncePerRequestFilter() { filterChain.doFilter(request, response) return } - jwtRequestData.jwtToken?.let { jwt -> + jwtTokenContext.jwt.ifPresent { jwt -> try { val auth = UsernamePasswordAuthenticationToken(jwt.uid, null, (jwt.authorities as ArrayList<*>) .map { SimpleGrantedAuthority(it as String) }) SecurityContextHolder.getContext().authentication = auth + response.setHeader("Access-Control-Allow-Origin", "*"); + response.setHeader("Access-Control-Allow-Methods", "GET,POST,DELETE,PUT,OPTIONS"); + response.setHeader("Access-Control-Allow-Headers", "*"); + response.setHeader("Access-Control-Allow-Credentials", "true") + filterChain.doFilter(request, response) } catch (e: InvalidJwtException) { SecurityContextHolder.clearContext() response.status = HttpStatus.UNAUTHORIZED.value() - return } catch (e: JoseException) { SecurityContextHolder.clearContext() // jwt 失效后返回 401 response.status = HttpStatus.UNAUTHORIZED.value() response.contentType = "application/json;charset=UTF-8" - return } catch (e: Exception) { SecurityContextHolder.clearContext() // jwt 失效后返回 401 response.status = HttpStatus.UNAUTHORIZED.value() response.contentType = "application/json;charset=UTF-8" - return } } - response.setHeader("Access-Control-Allow-Origin", "*"); - response.setHeader("Access-Control-Allow-Methods", "GET,POST,DELETE,PUT,OPTIONS"); - response.setHeader("Access-Control-Allow-Headers", "*"); - response.setHeader("Access-Control-Allow-Credentials", "true") - filterChain.doFilter(request, response) } } -- 2.17.1