From 93686c7b60ae896ce7235532a111ac7539f2346f Mon Sep 17 00:00:00 2001 From: gaibu <1016771049@qq.com> Date: Sat, 7 Jan 2023 10:11:48 +0800 Subject: [PATCH] =?UTF-8?q?fix:=20=E7=A7=AF=E6=9C=A8=E6=8A=A5=E8=A1=A8=20A?= =?UTF-8?q?PI=20=E6=95=B0=E6=8D=AE=E9=9B=86=E8=A7=A3=E6=9E=90=E6=97=B6=20t?= =?UTF-8?q?oken=20=E6=9C=AA=E6=AD=A3=E7=A1=AE=E8=A7=A3=E6=9E=90=E7=9A=84?= =?UTF-8?q?=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../config/JmReportConfiguration.java | 11 -- .../service/JmReportTokenServiceImpl.java | 30 +++- .../core/web/JmReportTokenFilter.java | 132 ------------------ 3 files changed, 29 insertions(+), 144 deletions(-) delete mode 100644 yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/core/web/JmReportTokenFilter.java diff --git a/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/config/JmReportConfiguration.java b/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/config/JmReportConfiguration.java index 2b5d21806..59510b5ff 100644 --- a/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/config/JmReportConfiguration.java +++ b/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/config/JmReportConfiguration.java @@ -1,11 +1,8 @@ package cn.iocoder.yudao.module.visualization.framework.jmreport.config; -import cn.iocoder.yudao.framework.common.enums.WebFilterOrderEnum; import cn.iocoder.yudao.module.system.api.oauth2.OAuth2TokenApi; import cn.iocoder.yudao.module.visualization.framework.jmreport.core.service.JmReportTokenServiceImpl; -import cn.iocoder.yudao.module.visualization.framework.jmreport.core.web.JmReportTokenFilter; import org.jeecg.modules.jmreport.api.JmReportTokenServiceI; -import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.Configuration; @@ -25,12 +22,4 @@ public class JmReportConfiguration { return new JmReportTokenServiceImpl(oAuth2TokenApi); } - @Bean - @SuppressWarnings("SpringJavaInjectionPointsAutowiringInspection") - public FilterRegistrationBean registerMyAnotherFilter(OAuth2TokenApi oAuth2TokenApi){ - FilterRegistrationBean bean = new FilterRegistrationBean<>(); - bean.setOrder(WebFilterOrderEnum.JM_TOKEN_FILTER); - bean.setFilter(new JmReportTokenFilter(oAuth2TokenApi)); - return bean; - } } diff --git a/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/core/service/JmReportTokenServiceImpl.java b/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/core/service/JmReportTokenServiceImpl.java index 511465786..d84ea03fb 100644 --- a/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/core/service/JmReportTokenServiceImpl.java +++ b/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/core/service/JmReportTokenServiceImpl.java @@ -2,6 +2,7 @@ package cn.iocoder.yudao.module.visualization.framework.jmreport.core.service; import cn.hutool.core.util.StrUtil; import cn.iocoder.yudao.framework.common.exception.ServiceException; +import cn.iocoder.yudao.framework.common.util.servlet.ServletUtils; import cn.iocoder.yudao.framework.security.core.LoginUser; import cn.iocoder.yudao.framework.security.core.util.SecurityFrameworkUtils; import cn.iocoder.yudao.framework.tenant.core.context.TenantContextHolder; @@ -10,6 +11,9 @@ import cn.iocoder.yudao.module.system.api.oauth2.OAuth2TokenApi; import cn.iocoder.yudao.module.system.api.oauth2.dto.OAuth2AccessTokenCheckRespDTO; import lombok.RequiredArgsConstructor; import org.jeecg.modules.jmreport.api.JmReportTokenServiceI; +import org.springframework.http.HttpHeaders; + +import javax.servlet.http.HttpServletRequest; /** * {@link JmReportTokenServiceI} 实现类,提供积木报表的 Token 校验、用户信息的查询等功能 @@ -18,9 +22,33 @@ import org.jeecg.modules.jmreport.api.JmReportTokenServiceI; */ @RequiredArgsConstructor public class JmReportTokenServiceImpl implements JmReportTokenServiceI { + private static final String JM_TOKEN_HEADER = "X-Access-Token"; + /** + * 系统内置请求头 + */ + private static final String TOKEN_HEADER = "Authorization"; + /** + * auth 相关格式 + */ + private static final String AUTHORIZATION_FORMAT = "Bearer %s"; private final OAuth2TokenApi oauth2TokenApi; + /** + * 修改请求的 head + * + * @return 新 head + */ + @Override + public HttpHeaders customApiHeader() { + HttpHeaders header = new HttpHeaders(); + HttpServletRequest request = ServletUtils.getRequest(); + String token = request.getHeader(JM_TOKEN_HEADER); + + header.add(TOKEN_HEADER, String.format(AUTHORIZATION_FORMAT, token)); + return header; + } + /** * 校验 Token 是否有效,即验证通过 * @@ -62,7 +90,7 @@ public class JmReportTokenServiceImpl implements JmReportTokenServiceI { /** * 获得用户编号 - * + *

* 虽然方法名获得的是 username,实际对应到项目中是用户编号 * * @param token JmReport 前端传递的 token diff --git a/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/core/web/JmReportTokenFilter.java b/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/core/web/JmReportTokenFilter.java deleted file mode 100644 index 55598141c..000000000 --- a/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/core/web/JmReportTokenFilter.java +++ /dev/null @@ -1,132 +0,0 @@ -package cn.iocoder.yudao.module.visualization.framework.jmreport.core.web; - -import cn.hutool.core.util.StrUtil; -import cn.iocoder.yudao.framework.security.core.LoginUser; -import cn.iocoder.yudao.framework.web.core.util.WebFrameworkUtils; -import cn.iocoder.yudao.module.system.api.oauth2.OAuth2TokenApi; -import cn.iocoder.yudao.module.system.api.oauth2.dto.OAuth2AccessTokenCheckRespDTO; -import lombok.RequiredArgsConstructor; - -import javax.servlet.Filter; -import javax.servlet.FilterChain; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletRequestWrapper; -import java.io.IOException; -import java.util.Collections; -import java.util.Enumeration; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.Optional; - -/** - * 积木报表 token 处理,将积木报表请求头中的 token 转换成 spring security 的 auth head - */ -@RequiredArgsConstructor -public class JmReportTokenFilter implements Filter { - /** - * 积木 token 请求头 - */ - private static final String JM_TOKEN_HEADER = "X-Access-Token"; - /** - * 系统内置请求头 - */ - private static final String TOKEN_HEADER = "Authorization"; - /** - * auth 相关格式 - */ - private static final String AUTHORIZATION_FORMAT = "Bearer %s"; - - private final OAuth2TokenApi oauth2TokenApi; - - @Override - public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { - // 积木请求头 - HttpServletRequest req = (HttpServletRequest) servletRequest; - String token = req.getHeader(JM_TOKEN_HEADER); - if (StrUtil.isNotEmpty(token)) { - // 1. 增加请求头 - HeaderMapRequestWrapper requestWrapper = new HeaderMapRequestWrapper(req); - requestWrapper.addHeader(TOKEN_HEADER, String.format(AUTHORIZATION_FORMAT, token)); - - OAuth2AccessTokenCheckRespDTO resp = oauth2TokenApi.checkAccessToken(token); - Optional optUser = Optional.ofNullable(resp) - .map( - t -> new LoginUser().setId(t.getUserId()) - .setUserType(t.getUserType()) - .setTenantId(t.getTenantId()) - .setScopes(t.getScopes()) - ); - if (optUser.isPresent()) { - // 2. 设置登录用户类型 - WebFrameworkUtils.setLoginUserType(servletRequest, optUser.get().getUserType()); - filterChain.doFilter(requestWrapper, servletResponse); - return; - } - } - filterChain.doFilter(servletRequest, servletResponse); - } - - /** - * request 包装类,用于修改 head - * - * add request head - */ - public class HeaderMapRequestWrapper extends HttpServletRequestWrapper { - /** - * construct a wrapper for this request - * - * @param request - */ - public HeaderMapRequestWrapper(HttpServletRequest request) { - super(request); - } - - private Map headerMap = new HashMap(); - - /** - * add a header with given name and value - * - * @param name - * @param value - */ - public void addHeader(String name, String value) { - headerMap.put(name, value); - } - - @Override - public String getHeader(String name) { - String headerValue = super.getHeader(name); - if (headerMap.containsKey(name)) { - headerValue = headerMap.get(name); - } - return headerValue; - } - - /** - * get the Header names - */ - @Override - public Enumeration getHeaderNames() { - List names = Collections.list(super.getHeaderNames()); - for (String name : headerMap.keySet()) { - names.add(name); - } - return Collections.enumeration(names); - } - - @Override - public Enumeration getHeaders(String name) { - List values = Collections.list(super.getHeaders(name)); - if (headerMap.containsKey(name)) { - values.add(headerMap.get(name)); - } - return Collections.enumeration(values); - } - - } - -}