09zrk
/
product
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

网关验证码过滤器添加放行校验

product
RuoYi 2020-06-08 09:37:58 +08:00
parent 085e6631c6
commit 57723b9ca1
4 changed files with 26 additions and 41 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/SecurityConstants.java
View File

@ -7,6 +7,11 @@ package com.ruoyi.common.core.constant;
*/ */
public class SecurityConstants public class SecurityConstants
{ {
/**
*
*/
public static final String BEARER_TOKEN_TYPE = "Bearer";
/** /**
* token url * token url
*/ */

10
ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/feign/OAuth2FeignRequestInterceptor.java
View File

@ -1,10 +1,12 @@
package com.ruoyi.common.security.feign; package com.ruoyi.common.security.feign;
import org.springframework.http.HttpHeaders;
import org.springframework.security.core.Authentication; import org.springframework.security.core.Authentication;
import org.springframework.security.core.context.SecurityContext; import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails; import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import com.ruoyi.common.core.constant.SecurityConstants;
import feign.RequestInterceptor; import feign.RequestInterceptor;
import feign.RequestTemplate; import feign.RequestTemplate;
@ -16,10 +18,6 @@ import feign.RequestTemplate;
@Component @Component
public class OAuth2FeignRequestInterceptor implements RequestInterceptor public class OAuth2FeignRequestInterceptor implements RequestInterceptor
{ {
private final String AUTHORIZATION_HEADER = "Authorization";
private final String BEARER_TOKEN_TYPE = "Bearer";
@Override @Override
public void apply(RequestTemplate requestTemplate) public void apply(RequestTemplate requestTemplate)
{ {
@ -28,8 +26,8 @@ public class OAuth2FeignRequestInterceptor implements RequestInterceptor
if (authentication != null && authentication.getDetails() instanceof OAuth2AuthenticationDetails) if (authentication != null && authentication.getDetails() instanceof OAuth2AuthenticationDetails)
{ {
OAuth2AuthenticationDetails dateils = (OAuth2AuthenticationDetails) authentication.getDetails(); OAuth2AuthenticationDetails dateils = (OAuth2AuthenticationDetails) authentication.getDetails();
requestTemplate.header(AUTHORIZATION_HEADER, requestTemplate.header(HttpHeaders.AUTHORIZATION,
String.format("%s %s", BEARER_TOKEN_TYPE, dateils.getTokenValue())); String.format("%s %s", SecurityConstants.BEARER_TOKEN_TYPE, dateils.getTokenValue()));
} }
} }
} }

33
ruoyi-gateway/src/main/java/com/ruoyi/gateway/config/properties/IgnoreClientProperties.java
View File

@ -1,33 +0,0 @@
package com.ruoyi.gateway.config.properties;
import java.util.ArrayList;
import java.util.List;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.cloud.context.config.annotation.RefreshScope;
import org.springframework.context.annotation.Configuration;
/**
*
*
* @author ruoyi
*/
@Configuration
@RefreshScope
@ConfigurationProperties(prefix = "ignore")
public class IgnoreClientProperties
{
/**
*
*/
private List<String> clients = new ArrayList<>();
public List<String> getClients()
{
return clients;
}
public void setClients(List<String> clients)
{
this.clients = clients;
}
}

19
ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/ValidateCodeFilter.java
View File

@ -3,6 +3,7 @@ package com.ruoyi.gateway.filter;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.cloud.gateway.filter.GatewayFilter; import org.springframework.cloud.gateway.filter.GatewayFilter;
import org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory; import org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory;
import org.springframework.http.HttpHeaders;
import org.springframework.http.server.reactive.ServerHttpRequest; import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.http.server.reactive.ServerHttpResponse; import org.springframework.http.server.reactive.ServerHttpResponse;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
@ -25,6 +26,12 @@ public class ValidateCodeFilter extends AbstractGatewayFilterFactory<Object>
@Autowired @Autowired
private ValidateCodeService validateCodeService; private ValidateCodeService validateCodeService;
private static final String BASIC_ = "Basic ";
private static final String CODE = "code";
private static final String UUID = "uuid";
@Override @Override
public GatewayFilter apply(Object config) public GatewayFilter apply(Object config)
{ {
@ -36,10 +43,18 @@ public class ValidateCodeFilter extends AbstractGatewayFilterFactory<Object>
{ {
return chain.filter(exchange); return chain.filter(exchange);
} }
// 消息头存在内容,且不存在验证码参数,不处理
String header = request.getHeaders().getFirst(HttpHeaders.AUTHORIZATION);
if (StringUtils.isNotEmpty(header) && StringUtils.startsWith(header, BASIC_)
&& !request.getQueryParams().containsKey(CODE) && !request.getQueryParams().containsKey(UUID))
{
return chain.filter(exchange);
}
try try
{ {
validateCodeService.checkCapcha(request.getQueryParams().getFirst("code"), validateCodeService.checkCapcha(request.getQueryParams().getFirst(CODE),
request.getQueryParams().getFirst("uuid")); request.getQueryParams().getFirst(UUID));
} }
catch (Exception e) catch (Exception e)
{ {