TokenFilter -shiro

已于 2023-10-19 17:39:52 修改
阅读量81 收藏
点赞数
文章标签: shiro java 权限
于 2023-10-17 15:19:05 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/ma15732625261/article/details/133884927
版权 
import lombok.extern.slf4j.Slf4j;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.web.filter.authc.AuthenticatingFilter;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;

import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.HashMap;
import java.util.List;
import java.util.Map;


/**
 * 权限拦截器,校验每次请求是否有权限 token有没有过期
 */
@Slf4j
public class TokenFilter extends AuthenticatingFilter {
    @Value("${auth.white}")
    private String[] whiteList;
    @Value("${auth.open}")
    private Integer authOpen;

    @Autowired
    private UserService userService;
    @Autowired
    private LoginService loginService;
    @Autowired
    private AuthViewService authViewService;
    @Autowired
    private UserTokenService userTokenService;
    @Autowired
    private SysDictionaryService sysDictionaryService;
    @Autowired
    private UserChangePwdService userChangePwdService;
    @Autowired
    private ResourceI18nService resourceI18nService;


    /**
     * 创建Token, 支持自定义Token
     */
    @Override
    protected AuthenticationToken createToken(ServletRequest servletRequest, ServletResponse servletResponse) {
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        UserTokenCheckBO cookieUser = GetValueFromCookie.getInfoFromCookie(request.getCookies());
        return new UserToken(cookieUser.getUserId(), cookieUser.getToken(),
                cookieUser.getResTag(), cookieUser.getSystemId(),
                cookieUser.getSystemTag(), cookieUser.getUsername(), cookieUser.getStationCode());
    }

    @Override
    protected boolean isAccessAllowed(ServletRequest servletRequest, ServletResponse servletResponse, Object mappedValue) {
        if (null == authOpen || authOpen == 0) {
            log.info("当前关闭校验");
            return true;
        }
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        String uri = request.getRequestURI();
        log.info("当前url是{}", uri);
        if (!checkUrl(uri)) {
            UserTokenCheckBO cookieUser = GetValueFromCookie.getInfoFromCookie(request.getCookies());
            Long systemId = null;
            if (StringUtils.isNotBlank(cookieUser.getSystemId()) &&
                    !cookieUser.getSystemId().equalsIgnoreCase("undefined")) {
                systemId = Long.valueOf(cookieUser.getSystemId());
            }
            List<AuthViewBO> authViewBOS = authViewService.getWhiteList(cookieUser.getSystemTag(), systemId);
            if (CollUtil.isNotEmpty(authViewBOS)) {
                for (AuthViewBO auth : authViewBOS) {
                    if (null != auth.getUrl() && uri.contains(auth.getUrl())) {
                        return true;
                    }
                    if (null != cookieUser && StringUtils.isNotBlank(cookieUser.getResTag())
                            && StringUtils.isNotBlank(auth.getResTag())
                            && cookieUser.getResTag().equals(auth.getResTag())) {
                        return true;
                    }
                }
            }
        } else {
            return true;
        }
        return false;
    }

    private boolean checkUrl(String requestUri) {
        requestUri = requestUri.replaceAll(DOUBLE_SLASH, SINGLE_SLASH);
        if (null != whiteList && whiteList.length > 0) {
            for (String white : whiteList) {
                if (requestUri.endsWith(white)) {
                    return true;
                }
            }
        }
        return requestUri.contains("/login") || requestUri.contains("/logout")
                || requestUri.contains("/swagger-ui") || requestUri.contains("/me/password")
                || requestUri.contains("/webjars/") || requestUri.contains("/api-docs/")
                || requestUri.contains("swagger-resources/") || requestUri.contains("/v2/")
                || requestUri.contains("/forward/message/");
    }

    @Override
    protected boolean onAccessDenied(ServletRequest servletRequest, ServletResponse servletResponse) throws Exception {
        if (null == authOpen || authOpen == 0) {
            log.info("当前关闭校验");
            return true;
        }
        HttpServletResponse httpResponse = (HttpServletResponse) servletResponse;
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        httpResponse.setHeader("Access-Control-Allow-Credentials", "true");
        httpResponse.setCharacterEncoding("UTF-8");

        UserTokenCheckBO cookieUser = GetValueFromCookie.getInfoFromCookie(request.getCookies());
        String ipAddress = IpAddressUtil.getIpAddress(request);
        String langStr = sysDictionaryService.getCurUseSystemLang(ipAddress);
        log.info("shiro校验:当前用户cookie中信息{}", cookieUser);
        if (StringUtils.isBlank(cookieUser.getUserId()) ||
                StringUtils.isBlank(cookieUser.getToken())) {
            Map<String, Object> result = new HashMap<>();
            result.put("returnCode", AuthErrorCodes.NOT_LOGIN.exception().getCode());
            result.put("returnUserMsg",
                    getMsg(AuthErrorCodes.NOT_LOGIN.exception().getMsg(), langStr));
            httpResponse.getWriter().print(JSON.toJSONString(result));
            log.info("shiro校验:当前用户未登录{}", cookieUser);
            return false;
        }

        UserTokenExtBO userTokenBO = userService.getUserWithTokenById(cookieUser.getUserId());
        userTokenBO.setUsername(
                (null != userTokenBO.getUsername() && userTokenBO.getUsername().contains(";"))
                        ? userTokenBO.getUsername().split(";")[0] : userTokenBO.getUsername());

        log.info("当前获取用户信息为{}", userTokenBO);
        if (null == userTokenBO || null == userTokenBO.getUserId()) {
            Map<String, Object> result = new HashMap<>();
            result.put("returnCode", AuthErrorCodes.USER_CLOSE_NULL.exception().getCode());
            result.put("returnUserMsg",
                    getMsg(AuthErrorCodes.USER_CLOSE_NULL.exception().getMsg(), langStr));
            httpResponse.getWriter().print(JSON.toJSONString(result));
            log.info("shiro校验:根据cookie的userId用户不存在或者已停用{}", userTokenBO);
            return false;
        }
        if (userTokenBO.isExpire()) {
            Map<String, Object> result = new HashMap<>();
            result.put("returnCode", AuthErrorCodes.USER_EXPIRED_ERROR.exception().getCode());
            result.put("returnUserMsg",
                    getMsg(AuthErrorCodes.USER_EXPIRED_ERROR.exception().getMsg(), langStr));
            httpResponse.getWriter().print(JSON.toJSONString(result));
            log.info("shiro校验:根据cookie的userId获取当前用户但是已经过期{}", userTokenBO);
            return false;
        }

        if (null == userTokenBO.getToken() || !userTokenBO.getToken().equals(cookieUser.getToken())) {
            Map<String, Object> result = new HashMap<>();
            result.put("returnCode", AuthErrorCodes.LOGIN_REPEAT.exception().getCode());
            result.put("returnUserMsg",
                    getMsg(AuthErrorCodes.LOGIN_REPEAT.exception().getMsg(), langStr));
            httpResponse.getWriter().print(JSON.toJSONString(result));
            log.info("shiro校验:根据cookie的userId获取当前用户TOKEN不一致{}", userTokenBO);
            return false;
        }
        Long userId = Long.valueOf(cookieUser.getUserId());

        if (userChangePwdService.isExpire(userId,userTokenBO.getClientId())) {
            loginService.logout(
                    UserWithTerminalReqBO.builder()
                            .userId(userId)
                            .username(userTokenBO.getUsername())
                            .systemId(cookieUser.getSystemId())
                            .terminal(cookieUser.getTerminal())
                            .build(),
                    "密码失效",
                    false);
            Map<String, Object> result = new HashMap<>();
            result.put("returnCode", AuthErrorCodes.USER_PWD_EXPIRE.exception().getCode());
            result.put("returnUserMsg",
                    getMsg(AuthErrorCodes.USER_PWD_EXPIRE.exception().getMsg(), langStr));
            httpResponse.getWriter().print(JSON.toJSONString(result));
            log.info("shiro校验:当前用户密码失效{}", userTokenBO);
            return false;
        }

        if (userTokenBO.getUsername().equals(SUPER_USER)) {
            log.info("当前超级用户不需要限制");
            userTokenService.updateTime(userId);
            return true;
        }

        if (StringUtils.isNotBlank(cookieUser.getResTag())) {
            if (!userService.hasTheRight(cookieUser.getSystemId(), Long.valueOf(cookieUser.getUserId()), cookieUser.getResTag())) {
                Map<String, Object> result = new HashMap<>();
                result.put("returnCode", AuthErrorCodes.NO_RIGHT.exception().getCode());
                result.put("returnUserMsg",
                        getMsg(AuthErrorCodes.NO_RIGHT.exception().getMsg(), langStr));
                httpResponse.getWriter().print(JSON.toJSONString(result));
                log.info("shiro校验:当前用户没有权限{}", cookieUser);
                return false;
            }
        }

        userTokenService.updateTime(userId);
        return true;
    }

    @Override
    protected boolean onLoginFailure(AuthenticationToken token, AuthenticationException e, ServletRequest servletResponse, ServletResponse servletRequest) {
        HttpServletResponse httpResponse = (HttpServletResponse) servletResponse;
        httpResponse.setHeader("Access-Control-Allow-Credentials", "true");
        httpResponse.setCharacterEncoding("UTF-8");
        HttpServletRequest request = (HttpServletRequest) servletRequest;
        try {
            Map<String, Object> result = new HashMap<>();
            result.put("returnCode", AuthErrorCodes.LOGIN_FAIL.exception().getCode());
            result.put("returnUserMsg",
                    getMsg(AuthErrorCodes.LOGIN_FAIL.exception().getMsg(),
                            sysDictionaryService.getCurUseSystemLang(IpAddressUtil.getIpAddress(request))));
            httpResponse.getWriter().print(JSON.toJSONString(result));
        } catch (IOException ioException) {
            log.info("shiro校验:当前shiro解析出现了问题{}", e, e);
        }
        return false;
    }

    private String getMsg(String message, String lang) {
        return resourceI18nService.getResNameByLange(lang, message);
    }

}


import org.apache.shiro.authc.credential.HashedCredentialsMatcher;
import org.apache.shiro.crypto.hash.Sha512Hash;
import org.apache.shiro.realm.Realm;
import org.apache.shiro.session.InvalidSessionException;
import org.apache.shiro.session.Session;
import org.apache.shiro.session.mgt.SessionKey;
import org.apache.shiro.session.mgt.SessionManager;
import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
import org.apache.shiro.web.session.mgt.DefaultWebSessionManager;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.DependsOn;

import javax.servlet.Filter;
import java.util.HashMap;
import java.util.Map;

@Configuration
@DependsOn({ "userService", "authViewService"})
public class AuthConfig {
    @Autowired
    private UserService userService;
    @Autowired
    private AuthViewService authViewService;

    @Value("${session.update:300000}")
    private Integer sessionUpdateTime;

    @Bean
    public TokenFilter tokenFilter(){
        return new TokenFilter();
    }

    @Bean
    public HashedCredentialsMatcher hashedCredentialsMatcher() {
        HashedCredentialsMatcher hashMatcher = new HashedCredentialsMatcher();
        hashMatcher.setHashAlgorithmName(Sha512Hash.ALGORITHM_NAME);
        hashMatcher.setStoredCredentialsHexEncoded(false);
        hashMatcher.setHashIterations(1);
        return hashMatcher;
    }

    @Bean
    public Realm realm() {
        return new AuthRealm();
    }

    @Bean
    public ShiroService shiroService() {
        return new ShiroServiceImpl();
    }

    @Bean
    public DefaultWebSecurityManager securityManager(SessionManager sessionManager) {
        DefaultWebSecurityManager defaultSecurityManager = new DefaultWebSecurityManager();
        defaultSecurityManager.setRealm(realm());
        defaultSecurityManager.setSessionManager(sessionManager);
        return defaultSecurityManager;
    }

    @Bean
    public SessionManager sessionManager(AuthSessionDao sessionDao) {
        DefaultWebSessionManager sessionManager = new DefaultWebSessionManager() {
            @Override
            public void touch(SessionKey key) throws InvalidSessionException {
                Session session = doGetSession(key);
                if (session != null) {
                    long oldTime = session.getLastAccessTime().getTime();
                    session.touch(); // 更新访问时间
                    long newTime = session.getLastAccessTime().getTime();
                    if (newTime - oldTime >sessionUpdateTime ) { // 如果两次访问的时间间隔大于5分钟,主动持久化Session
                        onChange(session);
                    }
                }
            }
        };
        sessionManager.setSessionDAO(sessionDao);
        return sessionManager;
    }

    @Bean
    public ShiroFilterFactoryBean shiroFilterChainDefinition(DefaultWebSecurityManager securityManager) {
        ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();
        shiroFilterFactoryBean.setSecurityManager(securityManager);
        Map<String, Filter> filters = new HashMap<>(2);
        filters.put("tokenFilter", new TokenFilter());
        shiroFilterFactoryBean.setFilters(filters);
        shiroFilterFactoryBean.setFilterChainDefinitionMap(
                shiroService().loadFilterChainDefinitionMap());
        //authc表示需要验证身份才能访问,还有一些比如anon表示不需要验证身份就能访问等。
        shiroFilterFactoryBean.setLoginUrl("/login");
        return shiroFilterFactoryBean;
    }

}


@Slf4j
//@Component
public class AuthRealm extends AuthorizingRealm {
    @Lazy
    @Autowired
    private UserService userService;
    @Autowired
    private UserTokenService userTokenService;

    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
        return null;
    }

    @Override
    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
        UserTokenExtBO userTokenExtBO = new UserTokenExtBO();
        if (authenticationToken instanceof UserToken) {

            log.info("当前是userToken");
            UserToken token = (UserToken) authenticationToken;

            if (null == token || StringUtils.isBlank(token.getUserId())) {
                throw new UnknownAccountException("No account found for admin ");
            }

            userTokenExtBO = userService.getUserWithTokenById(token.getUserId());
            if (userTokenExtBO == null) {
                throw new UnknownAccountException("No account found for admin [" + Long.valueOf(token.getUserId()) + "]");
            }

            return new SimpleAuthenticationInfo(userTokenExtBO, token.getToken(), getName());

        } else {

            AuthUserToken wesUserToken = (AuthUserToken) authenticationToken;
            if (wesUserToken.getUsername() == null) {
                throw new AccountException("Null usernames are not allowed by this realm.");
            }

            String[] username = wesUserToken.getUsername().split(";");
            userTokenExtBO = userService.getUserWithTokenByName(username[0], username.length > 1 ? username[1] : "");
            if (userTokenExtBO == null) {
                throw new UnknownAccountException("No account found for admin [" + username[0] + "]");
            }

            SimpleAuthenticationInfo authenticationInfo =
                    new SimpleAuthenticationInfo(userTokenExtBO, userTokenExtBO.getPassword(), getName());

            if (userTokenExtBO.getSalt() != null) {
                authenticationInfo.setCredentialsSalt(ByteSource.Util.bytes(userTokenExtBO.getSalt()));
            }
            return authenticationInfo;
        }
    }

    @Override
    public boolean supports(AuthenticationToken token) {
        var superRs = super.supports(token);
        if (!superRs) {
            return token instanceof UserToken;
        }
        return true;
    }

}

星辰_mya
关注
  • 0
    点赞
  • 0
    收藏
    觉得还不错? 一键收藏
  • 0
    评论
auto-phrase-tokenfilter:Lucene自动短语TokenFilter实现
05-02
Lucene自动短语TokenFilter实现 对令牌流执行“自动短语编制”。 自动短语是指标记序列,旨在描述单个事物,因此应进行搜索。 当在令牌流中检测到这些短语时,将发出代表该短语的单个令牌,而不是组成该短语的各个...
03.analyzer-token_filter
寒夜
10-17 9089
文章目录1. token filters 概览1. lowercase token filter2. stemmer token filter3. stop1. 默认的情况下会干掉这些词2. 创建analyzer的时候使用3. 配置4. synonym1. 配置2. expand的作用3.样例解析5. remove deplicates6. unique token filter7. keyword repeat token filter8. keyword_marker filter9. n-grams
过滤器filter实现token拦截解析(亲测)
qq_53314126的博客
02-27 1352
1、什么是tokentoken令牌:是服务端生成的一串随机生成字符串(我们的例子用UUID生成),放在请求头作为客户端进行请求的一个标识。 当用户第一次登录,服务器生成一个token并将此token返回给客户端,以后客户端只需带上这个token前来请求数据即可判断是谁在调用接口,无需再要用户名和密码。 最近有一个需求是权限系统对另一个系统进行token验证权限管理。子系统并未引入权限框架。目前实现思路是前端将token传入子系统。通过共享redis去解决权限问题。故此子系统只
关于Tokenizer与TokenFilter的区别
weixin_34392906的博客
05-29 231
     TokenStream是一个能在被调用后产生语汇单元流的类,但是 TokenStream 类有两个不同的类型:Tokenizer 类和 TokenFilter 类。这两个类都是从抽象类TokenStream类继承而来。   Tokenizer 对象通过Java.io.Reader 对象读取字符创建语汇单元,而TokenFilter 类则负责处理输入的语汇单元,然后通过新增、删除或者修...
java过滤器验证app用户token_在过滤器中验证接口中的Token
weixin_39824801的博客
02-24 444
一、web.xml在web.xml中增加以下代码TokenFilter //过滤器名称com.seven.mp.contentmng.utils.TokenFilter //实现类路径TokenFilter/conference/* //目录前缀二、TokenFilter 实现类1. 过滤器必须实现Filter 接口 , 即TokenFilter implements Fil...
token认证过滤器实现(配合redis)
please93的博客
02-16 185
token过滤器认证
Lucene如何使用TokenFilter进行再分词
12-30
Lucene如何使用TokenFilter进行再分词,里面又我的源代码和注释!!
dubbo-go服务框架-其他
06-12
TokenFilter AccessLogFilter TpsLimitFilter ExecuteLimitFilter Auth/Sign Metrics filter Tracing filter 11、调用 泛化调用 12、监控 Opentracing API Prometheus 13、Tracing For jsonrpc For dubbo For grpc ...
spring-security-boot-preauth
05-05
TokenFilter从请求中获取令牌。 当前,这是通过获取名为token的cookie的值来实现的。 TokenFilter验证令牌。 这个简单的演示没有任何验证,这意味着该示例不安全。 在生产应用程序中,您需要确保令牌已验证。 ...
ban-geocode:Elasticsearch 中的禁止
07-06
你需要wordending-tokenfilter ES 插件: git clone https://github.com/ixxi-mobility/elasticsearch-wordending-tokenfilter.git cd elasticsearch-wordending-tokenfilter make package make install 安装...
聊聊dubbo的TokenFilter
chuoguo3754的博客
06-26 253
序 本文主要研究一下dubbo的TokenFilter TokenFilter dubbo-2.7.2/dubbo-rpc/dubbo-rpc-api/src/main/java/org/apache/dubbo/rpc/filter/TokenFilter.java @Activate(gr...
java token过滤器_Springboot实现filter拦截token验证和跨域
weixin_36018119的博客
02-26 1615
importjavax.servlet.annotation.WebFilter;importorg.slf4j.Logger;importorg.slf4j.LoggerFactory;importorg.springframework.stereotype.Component;importspringfox.documentation.spring.web.json.Json;importco...
Springboot实现filter拦截token验证和跨域
热门推荐
牧竹子
10-14 5万+
背景web验证授权合法的一般分为下面几种 1使用session作为验证合法用户访问的验证方式 使用自己实现的token 使用OCA标准 在使用API接口授权验证时,token是自定义的方式实现起来不需要引入其他东西,关键是简单实用。合法登陆后一般使用用户UID+盐值+时间戳使用多层对称加密生成token并放入分布式缓存中设置固定的过期时间长(和session的方式有些相同),这样当用户访问时使用to
JWT 生成 token 与 fliter 过滤器的简单应用
最新发布
qq_42649533的博客
05-31 236
这是一个比较简单易行的方式去实现token验证,不用将token放入session。
超详细! springboot整合Filter_拦截器_注解+aop的方式实现token校验
Think_and_work的博客
02-09 1646
超详细! springboot整合Filter_拦截器_注解+aop的方式实现token校验
SpringSecurity过滤器链中FilterSecurityInterceptor
江黎
01-07 710
// 添加JWT filter httpSecurity.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class); @Component public class JwtAuthenticationTokenFilter extends OncePerRequestFilter { @Autowired private TokenS...
深度解析dubbo过滤器之TokenFilter
猿上生活
08-04 1445
本文基于dubbo v2.6.x 我们首先说下dubbo的令牌验证,咱们这个TokenFilter 过滤器就是与之有关的。 1. 令牌验证 引用dubbo官方文档的介绍 通过令牌验证在注册中心控制权限,以决定要不要下发令牌给消费者,可以防止消费者绕过注册中心访问提供者,另外通过注册中心可灵活改变授权方式,而不需修改或升级提供者 我们可以了解到,这个token就是防止服务消费者绕过注册中心去访问服务提供者,同时能够使用注册中心进行权限控制。 dubbo官网关于token的流程图,我们拿过来分析下: 服
solr扩展自己的analyzer的tokenfilter
ITbasketplayer的专栏
11-03 2914
tokenfiter的概念是词语级别处理过滤器
Dubbo源码分析(TimeoutFilter、ExceptionFilterTokenFilter)
09-01 3261
上篇博客来分析了一下日志Filter,这篇来看一下以下几个Filter TimeOutFilter:如果执行timeout,则log记录下,不干涉服务的运行 ExceptionFilter:对执行的异常进行分类统计 具体代码就不贴了,就是用try...catch...来执行,得到result后,来分析result中的异常信息 TokenFilter:随机token令牌,需要做一下配置  Token
帮我在spring gateway中定义一个tokenFilter
04-01
在Spring Gateway中定义一个TokenFilter可以通过实现GatewayFilterFactory接口来实现。以下是一个示例代码: ```java @Component public class TokenFilter implements GatewayFilterFactory<TokenFilter.Config> {...

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值