最近公司再做前后端分离得项目,我负责设计前后端分离得登录流程,由于是前后端分离,所以传统得登录信息存入session就不适用了,这个时候登录信息 页面交互信息应该怎么办呢?
我暂时想到一种
用redis存入登录信息具体操作如下
1.流程图
2.账号信息存储以及数据格式
方案一.启动完之后查询数据库信息 初始化账号相关信息到redis
方案二.维护账号数据的时候同时修改redis账号信息数据
账号信息存储格式为 accinfo:账号的方式作为redis的key存储
例如:key为accinfo:zhangsan
value 类型为hash 里面的小key用账号作为小key
value 用json格式字符串来存储登陆人信息
例如:小key:zhangsan ,
value为
{“user_id”: “zhangsan”,
“name”: “张三”,
“age”: “20”,
“sex”: “1”,“code”: “132”}
3.前后台加密方式
1.前台动态salt获取(方案一) 输入账号密码之后提交前
调用后台接口同时存入redis 格式为salt:account 点击提交的时候 前台加密方式MD5(salt+md5(pwd)), 输入账号密码提交的之后根据账号 salt+account去获取动态salt,后台用同样的方式加密验证。
4.登录
1.登录接口
首先拿到账号去数据库查询是否存在?
不存在直接返回相关错误信息
GATEWAY_E_LOGIN_ACCOUNT_FAILED_CODE =”E_000244”
GATEWAY_E_LOGIN_ACCOUNT_FAILED_MSG=”Account_Not_Exist”
拿到该账号的密码(aes加密)之后的密码aespwd解密成pwd
MD5(salt+md5(pwd)); 得到passwordNow
和前台传来的加密数据password
不相等返回错误信息
GATEWAY_E_LOGIN_PASSWORD_FAILED_CODE =”E_000245”
GATEWAY_E_LOGIN_PASSWORD_FAILED_MSG=”Password_Mistake”
验证账号密码无误之后后台生成token返回给前台
并且把该token存入redis中并设置超时时间
存储格式为key为authToken:ip:token格式 例如authToken:192.168.0.9:2_7eba-db50-c9f4-351e-548b374_7
Value存账号如:zhangsan。
后台提供根据token获取用户信息接口。
5.登录失败返回信息(前台后台)
1.点击登录后台验证 如果账号不存在返回错误码暂定前台根据返回的错误码做相应的返回信息
code=”E_000244” msg=”Account_Not_Exist”
2.点击登录后台验证 如果密码验证不通过根据返回的错误码做相应的返回信息
code =”E_000245” msg=”Password_Mistake”
6.登录成功
前台将后台返回的token存入前台缓存(cookies或者其他缓存)
前台登录成功之后进入index页面
同时前台异步调用获取用户信息接口根据token获取登录账号信息。
7.前台接口调用
前台接口调用
所有的接口请求都需要将登录之后返回的token 放入header中传递过去key为GW_TOKEN value为token的值
后台处理所有请求之前需要验证ip+token是否合法有效
验证不通过返回对应的错误码前台返回登录页面
验证通过 直接重置当前token的失效时间并且返回response信息
获取动态盐接口
package com.dzq.processor.login;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.dzq.base.annotation.Processor;
import com.dzq.base.helper.Md5Helper;
import com.dzq.base.helper.RedisHelper;
import com.dzq.base.localcache.Cache;
import com.dzq.base.log.Logger;
import com.dzq.base.log.LoggerFactory;
import com.dzq.base.protocols.Constants;
import com.dzq.base.protocols.ErrorConstants;
import com.dzq.dispatch.api.DispatchException;
import com.dzq.dispatch.api.IRequestProcessor;
import com.dzq.dispatch.api.ServiceRequest;
import com.dzq.dispatch.api.ServiceResponse;
import org.apache.commons.lang.RandomStringUtils;
import org.springframework.stereotype.Component;
import java.util.concurrent.TimeUnit;
/**
* @Description 发布加密密码时的盐值, 盐值的长度为20, 格式为随机的字符和数字组合
* 该值为动态数据,有效期 10秒,有效次数 1次
* 输入数据:{"user_account":"zhangsan"} user_account: 用户登陆名
* 输出数据:{"key":salt}
* @Author chenlk
*/
@Component
@Processor(Constants.OPT_WEBCORE_GET_SALT)
public class GetSaltProcessor implements IRequestProcessor {
private static final Logger logger = LoggerFactory.getLogger(GetSaltProcessor.class);
// 动态盐值的有效时间,默认 10 秒钟
private static final Long saltExpire = 10000L;
@Override
public void doProcess(ServiceRequest request, ServiceResponse response) {
String userAccount = null;
String pw = null;
try {
JSONObject jsonObject = JSON.parseObject(String.valueOf(request.getDefaultParam()));
userAccount = jsonObject.getString("user_account");
pw = jsonObject.getString("pw");
if (userAccount == null || userAccount.equals("")) {
response.setException(new DispatchException(ErrorConstants.GATE_E_LOGIN_INVALIDLOGINMSG_CODE,
ErrorConstants.GATE_E_LOGIN_INVALIDLOGINMSG_MSG));
logger.info(request.getRequestId(), request.getSystemId(), request.getOperation(),
ErrorConstants.GATE_E_LOGIN_INVALIDLOGINMSG_MSG);
return;
}
} catch (Exception e) {
response.setException(new DispatchException(ErrorConstants.GATE_E_LOGIN_PARSELOGINMSG_EXCEPTION_CODE,
ErrorConstants.GATE_E_LOGIN_PARSELOGINMSG_EXCEPTION_MSG));
logger.error(request.getRequestId(), request.getSystemId(), request.getOperation(),
"Parse login msg has exception.", e);
return;
}
String salt = RandomStringUtils.randomAlphanumeric(20);
if (pw != null) {
logger.info(request.getRequestId(), request.getSystemId(), request.getOperation(),
Md5Helper.encrypt(salt + Md5Helper.encrypt(pw)));
}
boolean redisCacheResult = false;
try {
RedisHelper.psetex(userAccount, salt, saltExpire);
RedisHelper.psetex(salt, "false", saltExpire);
redisCacheResult = true;
} catch (Exception e) {
redisCacheResult = false;
logger.error(request.getRequestId(), request.getSystemId(), request.getOperation(),
"Cache Salt into redis has exception.", e);
}
boolean localCacheResult = false;
try {
Cache.instance().putString(userAccount, salt, saltExpire, TimeUnit.MILLISECONDS);
Cache.instance().putString(salt, "false", saltExpire, TimeUnit.MILLISECONDS);
localCacheResult = true;
} catch (Exception e) {
localCacheResult = false;
logger.error(request.getRequestId(), request.getSystemId(), request.getOperation(),
"Cache Salt into local has exception.", e);
}
if (redisCacheResult == false && localCacheResult == false) {
response.setException(new DispatchException(ErrorConstants.GATE_E_LOGIN_CACHESALT_EXCEPTION_CODE,
ErrorConstants.GATE_E_LOGIN_CACHESALT_EXCEPTION_MSG));
return;
}
JSONObject jsonObject = new JSONObject();
jsonObject.put("key", salt);
response.putDefaultResult(jsonObject);
}
@Override
public boolean validRequest(ServiceRequest request, ServiceResponse response) {
return true;
}
}
#登录接口
package com.dzq.processor.login;
import com.alibaba.fastjson.JSON;
import com.alibaba.fastjson.JSONObject;
import com.dzq.base.annotation.Processor;
import com.dzq.base.helper.Md5Helper;
import com.dzq.base.helper.PropertiesHelper;
import com.dzq.base.helper.RedisHelper;
import com.dzq.base.localcache.Cache;
import com.dzq.base.log.Logger;
import com.dzq.base.log.LoggerFactory;
import com.dzq.base.protocols.Constants;
import com.dzq.base.protocols.ErrorConstants;
import com.dzq.dao.login.mapper.LoginMapper;
import com.dzq.dispatch.api.DispatchException;
import com.dzq.dispatch.api.IRequestProcessor;
import com.dzq.dispatch.api.ServiceRequest;
import com.dzq.dispatch.api.ServiceResponse;
import com.dzq.goalie.token.TokenRelease;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.stereotype.Component;
import javax.servlet.http.HttpServletRequest;
import java.util.ArrayList;
import java.util.HashMap;
import java.util.List;
import java.util.Map;
/**
* @Description 登陆流程处理器
* pWord = md5(salt + md5(pwd))
* 输入数据:{"user_account":"","pass_word":""}
* @Author chenlk
*/
@Component
@Processor(Constants.OPT_WEBCORE_LOGIN)
public class LoginProcessor implements IRequestProcessor {
private static final Logger logger = LoggerFactory.getLogger(LoginProcessor.class);
@Autowired
LoginMapper loginMapper;
public Map<String, Object> accountInfo = null;
@Override
public void doProcess(ServiceRequest request, ServiceResponse response) {
String operationName = request.getOperation();
String systemId = request.getSystemId();
String requestId = request.getRequestId();
String userAccount = "";
String passWord = "";
try {
JSONObject jsonObject = JSON.parseObject(String.valueOf(request.getDefaultParam()));
userAccount = jsonObject.getString("user_account");
passWord = jsonObject.getString("pass_word");
} catch (Exception e) {
response.setException(new DispatchException(
ErrorConstants.GATE_E_LOGIN_PARSELOGINMSG_EXCEPTION_CODE,
ErrorConstants.GATE_E_LOGIN_PARSELOGINMSG_EXCEPTION_MSG));
logger.error(request.getRequestId(), request.getSystemId(), request.getOperation(),
"Parse login msg has exception.", e);
return;
}
if (userAccount == null || userAccount.equals("") || passWord == null || passWord.equals("")) {
response.setException(new DispatchException(
ErrorConstants.GATE_E_LOGIN_INVALIDLOGINMSG_CODE,
ErrorConstants.GATE_E_LOGIN_INVALIDLOGINMSG_MSG));
logger.error(request.getRequestId(), request.getSystemId(), request.getOperation(),
"UserName or passWord is empty.", null);
return;
}
String salt = "";
String isUse = "";
/**
*盐值同时存在于redis和本地缓存
* redis读取失败时,尝试读取本地缓存
*/
salt = RedisHelper.get(userAccount);
if (salt != null && !salt.equals("")) {
isUse = RedisHelper.get(salt);
} else {
try {
salt = Cache.instance().getString(userAccount);
isUse = Cache.instance().getString(salt);
} catch (Exception e) {
salt = null;
isUse = null;
}
}
/**
* 盐值不存在或已过期
* 盐值状态数据不存在或已过期
*/
if (salt == null || salt.equals("") || isUse == null || isUse.equals("")) {
response.setException(new DispatchException(
ErrorConstants.GATE_E_LOGIN_INVALIDSALTMSG_CODE,
ErrorConstants.GATE_E_LOGIN_INVALIDSALTMSG_MSG));
logger.error(request.getRequestId(), request.getSystemId(), request.getOperation(),
"Salt(isUse) is expired.", null);
return;
}
/**
* 如果盐值和盐值状态数据都正常:
* 1. 清空redis和本地缓存中的盐值数据
* 2. 进行密码的验证
* 3. 建立并保持登陆数据
*
* 对于密码的验证,由于涉及到查询数据库,
* 所以要及时进行用户ID、用户、密码的缓存,避免对数据库造成过多压力
*
* 如果有个小黑暴力破解登陆流程怎么办呢?会不会出现这种情况呢?需不需对登陆流程进行加锁控制呢?
*/
/**
* step 1:
* 清空redis和本地缓存中的盐值数据
*/
try {
RedisHelper.delKey(userAccount);
RedisHelper.delKey(salt);
Cache.instance().delCache(userAccount);
Cache.instance().delCache(salt);
logger.info(request.getRequestId(), request.getSystemId(), request.getOperation(),
"Clear the login data in the local cache and redis.");
} catch (Exception e) {
Cache.instance().delCache(userAccount);
Cache.instance().delCache(salt);
RedisHelper.delKey(userAccount);
RedisHelper.delKey(salt);
logger.error(request.getRequestId(), request.getSystemId(), request.getOperation(),
"Clear the login data in the local cache and redis has exception.", e);
}
/**
* step 2:
* 进行密码的验证
*/
String redisPassWord = "";
Boolean isLogin = false;
try {
/**
* 登录信息存在于redis
* redis读取失败时,查询数据库读取用户信息
*/
String redisAccountInfo = RedisHelper.hget(Constants.REDIS_PRELOAD_USERINFO + userAccount, "pass_word");
if (redisAccountInfo != null && !"".equals(redisAccountInfo)) {
redisPassWord = redisAccountInfo;
} else {
redisPassWord = getRedisPassWordByAccountInfo(request, response, userAccount);
/**
* 查询数据库读取用户信息
* 查询无数据
*/
if (redisPassWord == null || redisPassWord.equals("")) {
response.setException(new DispatchException(
ErrorConstants.GATE_E_LOGIN_ACCOUNT_FAILED_CODE,
ErrorConstants.GATE_E_LOGIN_ACCOUNT_FAILED_MSG));
logger.error(request.getRequestId(), request.getSystemId(), request.getOperation(),
"AccountInfo(isLogin) is expired.", null);
return;
}
}
// 加密 pWord = md5(salt + md5(pwd))
String pWord = Md5Helper.encrypt(salt + redisPassWord);
// TODO 待办事项 对接完成后需要放开注释
// 验证通过登录设为true
// if (passWord.equals(pWord)) {
isLogin = true;
// } else {
// response.setException(new DispatchException(
// ErrorConstants.GATEWAY_E_LOGIN_PASSWORD_FAILED_CODE,
// ErrorConstants.GATEWAY_E_LOGIN_PASSWORD_FAILED_MSG));
// logger.error(request.getRequestId(), request.getSystemId(), request.getOperation(),
// "Check passWord(isLogin) is Invalid.", null);
// return;
// }
} catch (Exception e) {
response.setException(new DispatchException(
ErrorConstants.GATEWAY_E_LOGIN_PASSWORD_EXCEPTION_CODE,
ErrorConstants.GATEWAY_E_LOGIN_PASSWORD_EXCEPTION_MSG));
logger.error(request.getRequestId(), request.getSystemId(), request.getOperation(),
"Check passWord(isLogin) has exception.", e);
}
/**
* step 3:
* 建立并保持登陆数据
*/
try {
if (isLogin) {
HttpServletRequest hsRequest = null;
hsRequest = (HttpServletRequest) request.getParam("httpServletRequest");
TokenRelease.releaseToken(request, response, hsRequest, userAccount);
logger.info(requestId, systemId, operationName,
"LoginProcessor:login:SUCCESS.");
}
/**
* step 4:
* TODO 登录成功获取角色信息
*/
if (isLogin) {
getRoleAuthInfobyAccount(request, response, userAccount, accountInfo);
}
} catch (Exception e) {
response.setException(new DispatchException(
ErrorConstants.GATEWAY_AUTH_TOKEN_EXCEPTION_CODE,
ErrorConstants.GATEWAY_AUTH_TOKEN_EXCEPTION_MSG));
logger.error(request.getRequestId(), request.getSystemId(), request.getOperation(),
"Create AuthToken has exception.", e);
}
}
@Override
public boolean validRequest(ServiceRequest request, ServiceResponse response) {
return true;
}
/**
* @param request
* @param response
* @param userAccount
* @return
* @Description 获取密码
*/
public String getRedisPassWordByAccountInfo(ServiceRequest request, ServiceResponse response, String userAccount) {
String redisPassWord = null;
try {
accountInfo = loginMapper.queryAccountInfoByUserId(userAccount);
if (accountInfo != null) {
redisPassWord = accountInfo.get("pass_word") == null ? "" : accountInfo.get("pass_word").toString();
}
} catch (Exception e) {
redisPassWord = null;
}
return redisPassWord;
}
/**
* 获取权限信息
*
* @param request
* @param response
* @param userAccount
* @return
*/
public void getRoleAuthInfobyAccount(ServiceRequest request, ServiceResponse response, String userAccount, Map<String, Object> accountInfo) {
try {
String preJsonRoleList = RedisHelper.hget(Constants.REDIS_PRELOAD_USERINFO + userAccount, "roleList");
String preJsonUserInfo = RedisHelper.hget(Constants.REDIS_PRELOAD_USERINFO + userAccount, userAccount);
String jsonRoleList = RedisHelper.hget(Constants.REDIS_ACCINFO + userAccount, "roleList");
String jsonUserInfo = RedisHelper.hget(Constants.REDIS_ACCINFO + userAccount, userAccount);
String now_role_id = "-1";
Boolean flag = false;
HashMap redisMap = new HashMap();
if (accountInfo != null) {
String orgid = accountInfo.get("orgid") == null ? "" : accountInfo.get("orgid").toString();
// 角色信息
List<HashMap<String, Object>> userRoleList = loginMapper.queryRoleListByUserId(userAccount);
List<Map<String, Object>> jsonUserRoleList = new ArrayList<Map<String, Object>>();
if (userRoleList != null && userRoleList.size() > 0) {
for (HashMap<String, Object> userRoleInfo : userRoleList) {
String role_id = userRoleInfo.get("role_id") == null ? "" : userRoleInfo.get("role_id").toString();
String role_name = userRoleInfo.get("role_name") == null ? "" : userRoleInfo.get("role_name").toString();
String role_type = userRoleInfo.get("role_type") == null ? "" : userRoleInfo.get("role_type").toString();
if (!flag) {
now_role_id = role_id;
flag = true;
}
Map<String, Object> userRoleMap = new HashMap<>();
userRoleMap.put("role_id", role_id);
userRoleMap.put("role_name", role_name);
userRoleMap.put("role_type", role_type);
jsonUserRoleList.add(userRoleMap);
}
}
String jsonUserRole = JSONObject.toJSONString(jsonUserRoleList);
if (jsonUserRoleList != null && jsonUserRoleList.size() > 0) {
redisMap.put("roleList", jsonUserRole);
}
if (orgid != null) {
accountInfo.put("is_system_user", "1");
} else {
accountInfo.put("is_system_user", "0");
String operator_id = accountInfo.get("operator_id") == null ? "-1" : accountInfo.get("operator_id").toString();
// HashMap<String, Object> roleInfo = loginMapper.queryRoleInfoByOperatorId(operator_id);
// now_role_id = roleInfo.get("role_id") == null ? "-1" : roleInfo.get("role_id").toString();
accountInfo.put("now_role_id", now_role_id);
}
String redisPassWord = accountInfo.get("pass_word") == null ? "" : accountInfo.get("pass_word").toString();
redisMap.put("pass_word", redisPassWord);
accountInfo.remove("pass_word");
redisMap.put(userAccount, JSON.toJSON(accountInfo).toString());
RedisHelper.hset(Constants.REDIS_ACCINFO + userAccount, redisMap);
RedisHelper.expire(Constants.REDIS_ACCINFO + userAccount, PropertiesHelper.getLongValue("gateway.login.expire"));
} else {
if (preJsonUserInfo != null && (jsonUserInfo == null || "".equals(jsonUserInfo))) {
redisMap.put(userAccount, JSON.toJSON(preJsonUserInfo).toString());
// RedisHelper.hset(Constants.REDIS_ACCINFO + userAccount, userAccount, jsonUserInfo);
}
if (preJsonRoleList != null && (jsonRoleList == null || "".equals(jsonRoleList))) {
redisMap.put("roleList", preJsonRoleList);
// RedisHelper.hset(Constants.REDIS_ACCINFO + userAccount, "roleList", preJsonRoleList);
}
RedisHelper.hset(Constants.REDIS_ACCINFO + userAccount, redisMap);
RedisHelper.expire(Constants.REDIS_ACCINFO + userAccount, PropertiesHelper.getLongValue("gateway.login.expire"));
}
} catch (Exception e) {
response.setException(new DispatchException(
ErrorConstants.GATEWAY_E_QUERY_USERROLE_EXCEPTION_CODE,
ErrorConstants.GATEWAY_E_QUERY_USERROLE_EXCEPTION_MSG));
logger.error(request.getRequestId(), request.getSystemId(), request.getOperation(),
"get getRoleAuthInfobyAccount has exception.", e);
}
}
/**
* 重新刷新登录信息数据
*
* @param request
* @param response
* @param userAccount
* @param loginMapper
*/
public static void flushRoleAuthInfobyAccount(ServiceRequest request, ServiceResponse response, String userAccount, LoginMapper loginMapper) {
if (loginMapper != null) {
Map<String, Object> accountInfo = loginMapper.queryAccountInfoByUserId(userAccount);
getRoleAuthInfobyAccount(request, response, userAccount, accountInfo, loginMapper);
}
}
/**
* 获取权限信息
*
* @param request
* @param response
* @param userAccount
* @return
*/
public static void getRoleAuthInfobyAccount(ServiceRequest request, ServiceResponse response, String userAccount, Map<String, Object> accountInfo, LoginMapper loginMapper) {
try {
String preJsonRoleList = RedisHelper.hget(Constants.REDIS_PRELOAD_USERINFO + userAccount, "roleList");
String preJsonUserInfo = RedisHelper.hget(Constants.REDIS_PRELOAD_USERINFO + userAccount, userAccount);
String jsonRoleList = RedisHelper.hget(Constants.REDIS_ACCINFO + userAccount, "roleList");
String jsonUserInfo = RedisHelper.hget(Constants.REDIS_ACCINFO + userAccount, userAccount);
String now_role_id = "-1";
Boolean flag = false;
HashMap redisMap = new HashMap();
if (accountInfo != null) {
String orgid = accountInfo.get("orgid") == null ? "" : accountInfo.get("orgid").toString();
// 角色信息
List<HashMap<String, Object>> userRoleList = loginMapper.queryRoleListByUserId(userAccount);
List<Map<String, Object>> jsonUserRoleList = new ArrayList<Map<String, Object>>();
if (userRoleList != null && userRoleList.size() > 0) {
for (HashMap<String, Object> userRoleInfo : userRoleList) {
String role_id = userRoleInfo.get("role_id") == null ? "" : userRoleInfo.get("role_id").toString();
String role_name = userRoleInfo.get("role_name") == null ? "" : userRoleInfo.get("role_name").toString();
String role_type = userRoleInfo.get("role_type") == null ? "" : userRoleInfo.get("role_type").toString();
if (!flag) {
now_role_id = role_id;
flag = true;
}
Map<String, Object> userRoleMap = new HashMap<>();
userRoleMap.put("role_id", role_id);
userRoleMap.put("role_name", role_name);
userRoleMap.put("role_type", role_type);
jsonUserRoleList.add(userRoleMap);
}
}
String jsonUserRole = JSONObject.toJSONString(jsonUserRoleList);
if (jsonUserRoleList != null && jsonUserRoleList.size() > 0) {
redisMap.put("roleList", jsonUserRole);
}
if (orgid != null) {
accountInfo.put("is_system_user", "1");
} else {
accountInfo.put("is_system_user", "0");
String operator_id = accountInfo.get("operator_id") == null ? "-1" : accountInfo.get("operator_id").toString();
// HashMap<String, Object> roleInfo = loginMapper.queryRoleInfoByOperatorId(operator_id);
// now_role_id = roleInfo.get("role_id") == null ? "-1" : roleInfo.get("role_id").toString();
accountInfo.put("now_role_id", now_role_id);
}
String redisPassWord = accountInfo.get("pass_word") == null ? "" : accountInfo.get("pass_word").toString();
redisMap.put("pass_word", redisPassWord);
accountInfo.remove("pass_word");
redisMap.put(userAccount, JSON.toJSON(accountInfo).toString());
RedisHelper.hset(Constants.REDIS_ACCINFO + userAccount, redisMap);
RedisHelper.expire(Constants.REDIS_ACCINFO + userAccount, PropertiesHelper.getLongValue("gateway.login.expire"));
} else {
if (preJsonUserInfo != null && (jsonUserInfo == null || "".equals(jsonUserInfo))) {
redisMap.put(userAccount, JSON.toJSON(preJsonUserInfo).toString());
// RedisHelper.hset(Constants.REDIS_ACCINFO + userAccount, userAccount, jsonUserInfo);
}
if (preJsonRoleList != null && (jsonRoleList == null || "".equals(jsonRoleList))) {
redisMap.put("roleList", preJsonRoleList);
// RedisHelper.hset(Constants.REDIS_ACCINFO + userAccount, "roleList", preJsonRoleList);
}
RedisHelper.hset(Constants.REDIS_ACCINFO + userAccount, redisMap);
RedisHelper.expire(Constants.REDIS_ACCINFO + userAccount, PropertiesHelper.getLongValue("gateway.login.expire"));
}
} catch (Exception e) {
response.setException(new DispatchException(
ErrorConstants.GATEWAY_E_QUERY_USERINFO_EXCEPTION_CODE,
ErrorConstants.GATEWAY_E_QUERY_USERINFO_EXCEPTION_MSG));
logger.error(request.getRequestId(), request.getSystemId(), request.getOperation(),
"userInfo get getRoleAuthInfobyAccount has exception.", e);
}
}
public static List<?> parseJsonToArray(String json, Class<?> clazz) {
List<?> gameList = JSONObject.parseArray(json, clazz);
return gameList;
}
public static void main(String[] args) {
System.out.println(Boolean.valueOf(""));
}
}
token发布
package com.dzq.goalie.token;
import com.alibaba.fastjson.JSONObject;
import com.dzq.base.helper.IpAdressHelper;
import com.dzq.base.helper.PropertiesHelper;
import com.dzq.base.helper.RedisHelper;
import com.dzq.base.log.Logger;
import com.dzq.base.log.LoggerFactory;
import com.dzq.base.protocols.Constants;
import com.dzq.dispatch.api.ServiceRequest;
import com.dzq.dispatch.api.ServiceResponse;
import org.springframework.stereotype.Component;
import javax.servlet.http.HttpServletRequest;
import java.util.Calendar;
import java.util.UUID;
/**
* @Description token 发布
* @Author slg
*/
@Component
public class TokenRelease {
private static final Logger logger = LoggerFactory.getLogger(TokenRelease.class);
/**
* 发布 token
*
* @param request
* @param response
*/
public static void releaseToken(ServiceRequest request, ServiceResponse response, HttpServletRequest req, String account) {
/**
* 通过当前毫秒数,获取UUID
*/
String token = UUID.randomUUID().toString().substring(2, 23);
//String expire = System.currentTimeMillis() + "";
// 对token添加特殊混淆
Calendar cal = Calendar.getInstance();
String salt = Constants.GATEWAY_TOKEN_SALT[cal.get(Calendar.DAY_OF_WEEK) - 1];
String salt_start = salt.split(",")[0];
String salt_end = salt.split(",")[1];
token = salt_start + token + salt_end;
String ip = "";
if (req != null) {
ip = IpAdressHelper.getRemoteAddr(req);
} else {
ip = "127.0.0.1";
}
/**
* 将token存入redis格式ip+token,value为当前时间毫秒数
* 并返回token
* {"token":""}
*/
RedisHelper.psetex(Constants.AUTH_TOKEN + ip + ":" + token, account, PropertiesHelper.getLongValue("gateway.token.expire"));
JSONObject jsonObject = new JSONObject();
jsonObject.put("token", token);
response.setRetCode(Constants.GATEWAY_HTTP_SUCCESS_CODE);
response.setRetMsg(Constants.GATEWAY_HTTP_SUCCESS_MSG);
response.putDefaultResult(jsonObject);
}
}
token验证
package com.dzq.goalie.token;
import com.dzq.base.helper.IpAdressHelper;
import com.dzq.base.helper.PropertiesHelper;
import com.dzq.base.helper.RedisHelper;
import com.dzq.base.log.Logger;
import com.dzq.base.log.LoggerFactory;
import com.dzq.base.protocols.Constants;
import com.dzq.base.protocols.ErrorConstants;
import com.dzq.dispatch.api.ServiceRequest;
import com.dzq.dispatch.api.ServiceResponse;
import org.springframework.stereotype.Component;
import javax.servlet.http.HttpServletRequest;
/**
* @Description token 验证
* @Author
*/
@Component
public class TokenVerify {
private static final Logger logger = LoggerFactory.getLogger(TokenRelease.class);
/**
* 统一token校验
*
* @param request
* @param response
* @return
*/
public static boolean tokenVerify(ServiceRequest request, ServiceResponse response) {
/**
* token验证包括:有效性、有效期、接口访问权等
* 有效性验证方式为:判断redis是否存在该key
* 有效期验证方式为:判断redis中value的时间戳是否超时
* 接口访问权验证方式为:暂时跳过
*
* {"requestID":"","operation":"","token":"","requestTime":""}
*/
HttpServletRequest req = (HttpServletRequest) request.getDefaultParam();
String token = req.getHeader(Constants.GATEWAY_HTTP_HEADER_TOKEN);
String referer = req.getHeader("referer");
if (token == null) {
response.setRetCode(ErrorConstants.GATEWAY_AUTH_TOKEN_NO_TRANSMIT_CODE);
response.setRetMsg(ErrorConstants.GATEWAY_AUTH_TOKEN_NO_TRANSMIT_MSG);
return false;
}
/**
* Step 1:
* 判断token是否存在redis中
* tokenValue 为发布时的毫秒数
*/
String ip = IpAdressHelper.getRemoteAddr(req);
String tokenValue = RedisHelper.get(Constants.AUTH_TOKEN + ip + ":" + token);
if (tokenValue == null || tokenValue.equals("")) {
response.setRetCode(ErrorConstants.GATEWAY_AUTH_TOKEN_NO_EXIST_CODE);
response.setRetMsg(ErrorConstants.GATEWAY_AUTH_TOKEN_NO_EXIST_MSG);
return false;
}
//重置过期时间
RedisHelper.expire(Constants.AUTH_TOKEN + ip + ":" + token, PropertiesHelper.getLongValue("gateway.token.expire"));
return true;
}
}