From 717dd1ab7c5665e2c814bb5e1808e7a129028b33 Mon Sep 17 00:00:00 2001 From: gaibu <1016771049@qq.com> Date: Fri, 6 Jan 2023 18:23:39 +0800 Subject: [PATCH 1/6] =?UTF-8?q?fix:=20=E7=A7=AF=E6=9C=A8=E6=8A=A5=E8=A1=A8?= =?UTF-8?q?=20API=20=E6=95=B0=E6=8D=AE=E9=9B=86=E8=A7=A3=E6=9E=90=E6=97=B6?= =?UTF-8?q?=20token=20=E6=9C=AA=E6=AD=A3=E7=A1=AE=E8=A7=A3=E6=9E=90?= =?UTF-8?q?=E7=9A=84=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../security/config/SecurityProperties.java | 2 ++ .../filter/TokenAuthenticationFilter.java | 26 ++++++++++++++++--- 2 files changed, 25 insertions(+), 3 deletions(-) diff --git a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/SecurityProperties.java b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/SecurityProperties.java index 7454b5ff6..dfc1113f0 100644 --- a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/SecurityProperties.java +++ b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/SecurityProperties.java @@ -20,6 +20,8 @@ public class SecurityProperties { @NotEmpty(message = "Token Header 不能为空") private String tokenHeader = "Authorization"; + private String jmTokenHeader = "X-Access-Token"; + /** * mock 模式的开关 */ diff --git a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/filter/TokenAuthenticationFilter.java b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/filter/TokenAuthenticationFilter.java index e87f5bc44..d6624a1de 100644 --- a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/filter/TokenAuthenticationFilter.java +++ b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/filter/TokenAuthenticationFilter.java @@ -21,6 +21,7 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; +import java.util.Optional; /** * Token 过滤器,验证 token 的有效性 @@ -62,6 +63,25 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter { return; } } + // 积木请求头 + String jmTokenHeader = request.getHeader(securityProperties.getJmTokenHeader()); + if (StrUtil.isNotEmpty(jmTokenHeader)) { + try { + OAuth2AccessTokenCheckRespDTO accessToken = oauth2TokenApi.checkAccessToken(jmTokenHeader); + Optional optUser = Optional.ofNullable(accessToken) + .map( + t -> new LoginUser().setId(t.getUserId()) + .setUserType(t.getUserType()) + .setTenantId(t.getTenantId()) + .setScopes(t.getScopes()) + ); + if (optUser.isPresent()) { + SecurityFrameworkUtils.setLoginUser(optUser.get(), request); + } + } catch (ServiceException ignored) { + // do nothing:如果报错,说明认证失败,忽略即可 + } + } // 继续过滤链 chain.doFilter(request, response); @@ -88,11 +108,11 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter { /** * 模拟登录用户,方便日常开发调试 - * + *

* 注意,在线上环境下,一定要关闭该功能!!! * - * @param request 请求 - * @param token 模拟的 token,格式为 {@link SecurityProperties#getMockSecret()} + 用户编号 + * @param request 请求 + * @param token 模拟的 token,格式为 {@link SecurityProperties#getMockSecret()} + 用户编号 * @param userType 用户类型 * @return 模拟的 LoginUser */ From ee454ace9d87dbad631c1c2b0fdd8a5ab2e6869a Mon Sep 17 00:00:00 2001 From: gaibu <1016771049@qq.com> Date: Sat, 7 Jan 2023 02:08:22 +0800 Subject: [PATCH 2/6] =?UTF-8?q?fix:=20=E7=A7=AF=E6=9C=A8=E6=8A=A5=E8=A1=A8?= =?UTF-8?q?=20API=20=E6=95=B0=E6=8D=AE=E9=9B=86=E8=A7=A3=E6=9E=90=E6=97=B6?= =?UTF-8?q?=20token=20=E6=9C=AA=E6=AD=A3=E7=A1=AE=E8=A7=A3=E6=9E=90?= =?UTF-8?q?=E7=9A=84=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../common/enums/WebFilterOrderEnum.java | 8 +- .../security/config/SecurityProperties.java | 2 - .../filter/TokenAuthenticationFilter.java | 26 +--- .../config/JmReportConfiguration.java | 11 ++ .../core/web/JmReportTokenFilter.java | 132 ++++++++++++++++++ 5 files changed, 151 insertions(+), 28 deletions(-) create mode 100644 yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/core/web/JmReportTokenFilter.java diff --git a/yudao-framework/yudao-common/src/main/java/cn/iocoder/yudao/framework/common/enums/WebFilterOrderEnum.java b/yudao-framework/yudao-common/src/main/java/cn/iocoder/yudao/framework/common/enums/WebFilterOrderEnum.java index 54d4be9d9..23a1f3b75 100644 --- a/yudao-framework/yudao-common/src/main/java/cn/iocoder/yudao/framework/common/enums/WebFilterOrderEnum.java +++ b/yudao-framework/yudao-common/src/main/java/cn/iocoder/yudao/framework/common/enums/WebFilterOrderEnum.java @@ -2,8 +2,8 @@ package cn.iocoder.yudao.framework.common.enums; /** * Web 过滤器顺序的枚举类,保证过滤器按照符合我们的预期 - * - * 考虑到每个 starter 都需要用到该工具类,所以放到 common 模块下的 enums 包下 + *

+ * 考虑到每个 starter 都需要用到该工具类,所以放到 common 模块下的 enums 包下 * * @author 芋道源码 */ @@ -17,7 +17,9 @@ public interface WebFilterOrderEnum { // OrderedRequestContextFilter 默认为 -105,用于国际化上下文等等 - int TENANT_CONTEXT_FILTER = - 104; // 需要保证在 ApiAccessLogFilter 前面 + int JM_TOKEN_FILTER = -105; // 需要保证在 Spring Security 过滤前面 + + int TENANT_CONTEXT_FILTER = -104; // 需要保证在 ApiAccessLogFilter 前面 int API_ACCESS_LOG_FILTER = -103; // 需要保证在 RequestBodyCacheFilter 后面 diff --git a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/SecurityProperties.java b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/SecurityProperties.java index dfc1113f0..7454b5ff6 100644 --- a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/SecurityProperties.java +++ b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/config/SecurityProperties.java @@ -20,8 +20,6 @@ public class SecurityProperties { @NotEmpty(message = "Token Header 不能为空") private String tokenHeader = "Authorization"; - private String jmTokenHeader = "X-Access-Token"; - /** * mock 模式的开关 */ diff --git a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/filter/TokenAuthenticationFilter.java b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/filter/TokenAuthenticationFilter.java index d6624a1de..e87f5bc44 100644 --- a/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/filter/TokenAuthenticationFilter.java +++ b/yudao-framework/yudao-spring-boot-starter-security/src/main/java/cn/iocoder/yudao/framework/security/core/filter/TokenAuthenticationFilter.java @@ -21,7 +21,6 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; -import java.util.Optional; /** * Token 过滤器,验证 token 的有效性 @@ -63,25 +62,6 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter { return; } } - // 积木请求头 - String jmTokenHeader = request.getHeader(securityProperties.getJmTokenHeader()); - if (StrUtil.isNotEmpty(jmTokenHeader)) { - try { - OAuth2AccessTokenCheckRespDTO accessToken = oauth2TokenApi.checkAccessToken(jmTokenHeader); - Optional optUser = Optional.ofNullable(accessToken) - .map( - t -> new LoginUser().setId(t.getUserId()) - .setUserType(t.getUserType()) - .setTenantId(t.getTenantId()) - .setScopes(t.getScopes()) - ); - if (optUser.isPresent()) { - SecurityFrameworkUtils.setLoginUser(optUser.get(), request); - } - } catch (ServiceException ignored) { - // do nothing:如果报错,说明认证失败,忽略即可 - } - } // 继续过滤链 chain.doFilter(request, response); @@ -108,11 +88,11 @@ public class TokenAuthenticationFilter extends OncePerRequestFilter { /** * 模拟登录用户,方便日常开发调试 - *

+ * * 注意,在线上环境下,一定要关闭该功能!!! * - * @param request 请求 - * @param token 模拟的 token,格式为 {@link SecurityProperties#getMockSecret()} + 用户编号 + * @param request 请求 + * @param token 模拟的 token,格式为 {@link SecurityProperties#getMockSecret()} + 用户编号 * @param userType 用户类型 * @return 模拟的 LoginUser */ diff --git a/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/config/JmReportConfiguration.java b/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/config/JmReportConfiguration.java index 59510b5ff..2b5d21806 100644 --- a/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/config/JmReportConfiguration.java +++ b/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/config/JmReportConfiguration.java @@ -1,8 +1,11 @@ package cn.iocoder.yudao.module.visualization.framework.jmreport.config; +import cn.iocoder.yudao.framework.common.enums.WebFilterOrderEnum; import cn.iocoder.yudao.module.system.api.oauth2.OAuth2TokenApi; import cn.iocoder.yudao.module.visualization.framework.jmreport.core.service.JmReportTokenServiceImpl; +import cn.iocoder.yudao.module.visualization.framework.jmreport.core.web.JmReportTokenFilter; import org.jeecg.modules.jmreport.api.JmReportTokenServiceI; +import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.Configuration; @@ -22,4 +25,12 @@ public class JmReportConfiguration { return new JmReportTokenServiceImpl(oAuth2TokenApi); } + @Bean + @SuppressWarnings("SpringJavaInjectionPointsAutowiringInspection") + public FilterRegistrationBean registerMyAnotherFilter(OAuth2TokenApi oAuth2TokenApi){ + FilterRegistrationBean bean = new FilterRegistrationBean<>(); + bean.setOrder(WebFilterOrderEnum.JM_TOKEN_FILTER); + bean.setFilter(new JmReportTokenFilter(oAuth2TokenApi)); + return bean; + } } diff --git a/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/core/web/JmReportTokenFilter.java b/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/core/web/JmReportTokenFilter.java new file mode 100644 index 000000000..55598141c --- /dev/null +++ b/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/core/web/JmReportTokenFilter.java @@ -0,0 +1,132 @@ +package cn.iocoder.yudao.module.visualization.framework.jmreport.core.web; + +import cn.hutool.core.util.StrUtil; +import cn.iocoder.yudao.framework.security.core.LoginUser; +import cn.iocoder.yudao.framework.web.core.util.WebFrameworkUtils; +import cn.iocoder.yudao.module.system.api.oauth2.OAuth2TokenApi; +import cn.iocoder.yudao.module.system.api.oauth2.dto.OAuth2AccessTokenCheckRespDTO; +import lombok.RequiredArgsConstructor; + +import javax.servlet.Filter; +import javax.servlet.FilterChain; +import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletRequestWrapper; +import java.io.IOException; +import java.util.Collections; +import java.util.Enumeration; +import java.util.HashMap; +import java.util.List; +import java.util.Map; +import java.util.Optional; + +/** + * 积木报表 token 处理,将积木报表请求头中的 token 转换成 spring security 的 auth head + */ +@RequiredArgsConstructor +public class JmReportTokenFilter implements Filter { + /** + * 积木 token 请求头 + */ + private static final String JM_TOKEN_HEADER = "X-Access-Token"; + /** + * 系统内置请求头 + */ + private static final String TOKEN_HEADER = "Authorization"; + /** + * auth 相关格式 + */ + private static final String AUTHORIZATION_FORMAT = "Bearer %s"; + + private final OAuth2TokenApi oauth2TokenApi; + + @Override + public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { + // 积木请求头 + HttpServletRequest req = (HttpServletRequest) servletRequest; + String token = req.getHeader(JM_TOKEN_HEADER); + if (StrUtil.isNotEmpty(token)) { + // 1. 增加请求头 + HeaderMapRequestWrapper requestWrapper = new HeaderMapRequestWrapper(req); + requestWrapper.addHeader(TOKEN_HEADER, String.format(AUTHORIZATION_FORMAT, token)); + + OAuth2AccessTokenCheckRespDTO resp = oauth2TokenApi.checkAccessToken(token); + Optional optUser = Optional.ofNullable(resp) + .map( + t -> new LoginUser().setId(t.getUserId()) + .setUserType(t.getUserType()) + .setTenantId(t.getTenantId()) + .setScopes(t.getScopes()) + ); + if (optUser.isPresent()) { + // 2. 设置登录用户类型 + WebFrameworkUtils.setLoginUserType(servletRequest, optUser.get().getUserType()); + filterChain.doFilter(requestWrapper, servletResponse); + return; + } + } + filterChain.doFilter(servletRequest, servletResponse); + } + + /** + * request 包装类,用于修改 head + * + * add request head + */ + public class HeaderMapRequestWrapper extends HttpServletRequestWrapper { + /** + * construct a wrapper for this request + * + * @param request + */ + public HeaderMapRequestWrapper(HttpServletRequest request) { + super(request); + } + + private Map headerMap = new HashMap(); + + /** + * add a header with given name and value + * + * @param name + * @param value + */ + public void addHeader(String name, String value) { + headerMap.put(name, value); + } + + @Override + public String getHeader(String name) { + String headerValue = super.getHeader(name); + if (headerMap.containsKey(name)) { + headerValue = headerMap.get(name); + } + return headerValue; + } + + /** + * get the Header names + */ + @Override + public Enumeration getHeaderNames() { + List names = Collections.list(super.getHeaderNames()); + for (String name : headerMap.keySet()) { + names.add(name); + } + return Collections.enumeration(names); + } + + @Override + public Enumeration getHeaders(String name) { + List values = Collections.list(super.getHeaders(name)); + if (headerMap.containsKey(name)) { + values.add(headerMap.get(name)); + } + return Collections.enumeration(values); + } + + } + +} From 93686c7b60ae896ce7235532a111ac7539f2346f Mon Sep 17 00:00:00 2001 From: gaibu <1016771049@qq.com> Date: Sat, 7 Jan 2023 10:11:48 +0800 Subject: [PATCH 3/6] =?UTF-8?q?fix:=20=E7=A7=AF=E6=9C=A8=E6=8A=A5=E8=A1=A8?= =?UTF-8?q?=20API=20=E6=95=B0=E6=8D=AE=E9=9B=86=E8=A7=A3=E6=9E=90=E6=97=B6?= =?UTF-8?q?=20token=20=E6=9C=AA=E6=AD=A3=E7=A1=AE=E8=A7=A3=E6=9E=90?= =?UTF-8?q?=E7=9A=84=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../config/JmReportConfiguration.java | 11 -- .../service/JmReportTokenServiceImpl.java | 30 +++- .../core/web/JmReportTokenFilter.java | 132 ------------------ 3 files changed, 29 insertions(+), 144 deletions(-) delete mode 100644 yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/core/web/JmReportTokenFilter.java diff --git a/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/config/JmReportConfiguration.java b/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/config/JmReportConfiguration.java index 2b5d21806..59510b5ff 100644 --- a/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/config/JmReportConfiguration.java +++ b/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/config/JmReportConfiguration.java @@ -1,11 +1,8 @@ package cn.iocoder.yudao.module.visualization.framework.jmreport.config; -import cn.iocoder.yudao.framework.common.enums.WebFilterOrderEnum; import cn.iocoder.yudao.module.system.api.oauth2.OAuth2TokenApi; import cn.iocoder.yudao.module.visualization.framework.jmreport.core.service.JmReportTokenServiceImpl; -import cn.iocoder.yudao.module.visualization.framework.jmreport.core.web.JmReportTokenFilter; import org.jeecg.modules.jmreport.api.JmReportTokenServiceI; -import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.ComponentScan; import org.springframework.context.annotation.Configuration; @@ -25,12 +22,4 @@ public class JmReportConfiguration { return new JmReportTokenServiceImpl(oAuth2TokenApi); } - @Bean - @SuppressWarnings("SpringJavaInjectionPointsAutowiringInspection") - public FilterRegistrationBean registerMyAnotherFilter(OAuth2TokenApi oAuth2TokenApi){ - FilterRegistrationBean bean = new FilterRegistrationBean<>(); - bean.setOrder(WebFilterOrderEnum.JM_TOKEN_FILTER); - bean.setFilter(new JmReportTokenFilter(oAuth2TokenApi)); - return bean; - } } diff --git a/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/core/service/JmReportTokenServiceImpl.java b/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/core/service/JmReportTokenServiceImpl.java index 511465786..d84ea03fb 100644 --- a/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/core/service/JmReportTokenServiceImpl.java +++ b/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/core/service/JmReportTokenServiceImpl.java @@ -2,6 +2,7 @@ package cn.iocoder.yudao.module.visualization.framework.jmreport.core.service; import cn.hutool.core.util.StrUtil; import cn.iocoder.yudao.framework.common.exception.ServiceException; +import cn.iocoder.yudao.framework.common.util.servlet.ServletUtils; import cn.iocoder.yudao.framework.security.core.LoginUser; import cn.iocoder.yudao.framework.security.core.util.SecurityFrameworkUtils; import cn.iocoder.yudao.framework.tenant.core.context.TenantContextHolder; @@ -10,6 +11,9 @@ import cn.iocoder.yudao.module.system.api.oauth2.OAuth2TokenApi; import cn.iocoder.yudao.module.system.api.oauth2.dto.OAuth2AccessTokenCheckRespDTO; import lombok.RequiredArgsConstructor; import org.jeecg.modules.jmreport.api.JmReportTokenServiceI; +import org.springframework.http.HttpHeaders; + +import javax.servlet.http.HttpServletRequest; /** * {@link JmReportTokenServiceI} 实现类,提供积木报表的 Token 校验、用户信息的查询等功能 @@ -18,9 +22,33 @@ import org.jeecg.modules.jmreport.api.JmReportTokenServiceI; */ @RequiredArgsConstructor public class JmReportTokenServiceImpl implements JmReportTokenServiceI { + private static final String JM_TOKEN_HEADER = "X-Access-Token"; + /** + * 系统内置请求头 + */ + private static final String TOKEN_HEADER = "Authorization"; + /** + * auth 相关格式 + */ + private static final String AUTHORIZATION_FORMAT = "Bearer %s"; private final OAuth2TokenApi oauth2TokenApi; + /** + * 修改请求的 head + * + * @return 新 head + */ + @Override + public HttpHeaders customApiHeader() { + HttpHeaders header = new HttpHeaders(); + HttpServletRequest request = ServletUtils.getRequest(); + String token = request.getHeader(JM_TOKEN_HEADER); + + header.add(TOKEN_HEADER, String.format(AUTHORIZATION_FORMAT, token)); + return header; + } + /** * 校验 Token 是否有效,即验证通过 * @@ -62,7 +90,7 @@ public class JmReportTokenServiceImpl implements JmReportTokenServiceI { /** * 获得用户编号 - * + *

* 虽然方法名获得的是 username,实际对应到项目中是用户编号 * * @param token JmReport 前端传递的 token diff --git a/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/core/web/JmReportTokenFilter.java b/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/core/web/JmReportTokenFilter.java deleted file mode 100644 index 55598141c..000000000 --- a/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/core/web/JmReportTokenFilter.java +++ /dev/null @@ -1,132 +0,0 @@ -package cn.iocoder.yudao.module.visualization.framework.jmreport.core.web; - -import cn.hutool.core.util.StrUtil; -import cn.iocoder.yudao.framework.security.core.LoginUser; -import cn.iocoder.yudao.framework.web.core.util.WebFrameworkUtils; -import cn.iocoder.yudao.module.system.api.oauth2.OAuth2TokenApi; -import cn.iocoder.yudao.module.system.api.oauth2.dto.OAuth2AccessTokenCheckRespDTO; -import lombok.RequiredArgsConstructor; - -import javax.servlet.Filter; -import javax.servlet.FilterChain; -import javax.servlet.ServletException; -import javax.servlet.ServletRequest; -import javax.servlet.ServletResponse; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletRequestWrapper; -import java.io.IOException; -import java.util.Collections; -import java.util.Enumeration; -import java.util.HashMap; -import java.util.List; -import java.util.Map; -import java.util.Optional; - -/** - * 积木报表 token 处理,将积木报表请求头中的 token 转换成 spring security 的 auth head - */ -@RequiredArgsConstructor -public class JmReportTokenFilter implements Filter { - /** - * 积木 token 请求头 - */ - private static final String JM_TOKEN_HEADER = "X-Access-Token"; - /** - * 系统内置请求头 - */ - private static final String TOKEN_HEADER = "Authorization"; - /** - * auth 相关格式 - */ - private static final String AUTHORIZATION_FORMAT = "Bearer %s"; - - private final OAuth2TokenApi oauth2TokenApi; - - @Override - public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { - // 积木请求头 - HttpServletRequest req = (HttpServletRequest) servletRequest; - String token = req.getHeader(JM_TOKEN_HEADER); - if (StrUtil.isNotEmpty(token)) { - // 1. 增加请求头 - HeaderMapRequestWrapper requestWrapper = new HeaderMapRequestWrapper(req); - requestWrapper.addHeader(TOKEN_HEADER, String.format(AUTHORIZATION_FORMAT, token)); - - OAuth2AccessTokenCheckRespDTO resp = oauth2TokenApi.checkAccessToken(token); - Optional optUser = Optional.ofNullable(resp) - .map( - t -> new LoginUser().setId(t.getUserId()) - .setUserType(t.getUserType()) - .setTenantId(t.getTenantId()) - .setScopes(t.getScopes()) - ); - if (optUser.isPresent()) { - // 2. 设置登录用户类型 - WebFrameworkUtils.setLoginUserType(servletRequest, optUser.get().getUserType()); - filterChain.doFilter(requestWrapper, servletResponse); - return; - } - } - filterChain.doFilter(servletRequest, servletResponse); - } - - /** - * request 包装类,用于修改 head - * - * add request head - */ - public class HeaderMapRequestWrapper extends HttpServletRequestWrapper { - /** - * construct a wrapper for this request - * - * @param request - */ - public HeaderMapRequestWrapper(HttpServletRequest request) { - super(request); - } - - private Map headerMap = new HashMap(); - - /** - * add a header with given name and value - * - * @param name - * @param value - */ - public void addHeader(String name, String value) { - headerMap.put(name, value); - } - - @Override - public String getHeader(String name) { - String headerValue = super.getHeader(name); - if (headerMap.containsKey(name)) { - headerValue = headerMap.get(name); - } - return headerValue; - } - - /** - * get the Header names - */ - @Override - public Enumeration getHeaderNames() { - List names = Collections.list(super.getHeaderNames()); - for (String name : headerMap.keySet()) { - names.add(name); - } - return Collections.enumeration(names); - } - - @Override - public Enumeration getHeaders(String name) { - List values = Collections.list(super.getHeaders(name)); - if (headerMap.containsKey(name)) { - values.add(headerMap.get(name)); - } - return Collections.enumeration(values); - } - - } - -} From d580d8f9ab40302e50831ef0ba99c2ae609e1bfb Mon Sep 17 00:00:00 2001 From: gaibu <1016771049@qq.com> Date: Sat, 7 Jan 2023 10:14:25 +0800 Subject: [PATCH 4/6] =?UTF-8?q?fix:=20=E7=A7=AF=E6=9C=A8=E6=8A=A5=E8=A1=A8?= =?UTF-8?q?=20API=20=E6=95=B0=E6=8D=AE=E9=9B=86=E8=A7=A3=E6=9E=90=E6=97=B6?= =?UTF-8?q?=20token=20=E6=9C=AA=E6=AD=A3=E7=A1=AE=E8=A7=A3=E6=9E=90?= =?UTF-8?q?=E7=9A=84=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../service/JmReportTokenServiceImpl.java | 28 +++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/core/service/JmReportTokenServiceImpl.java b/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/core/service/JmReportTokenServiceImpl.java index d690e28e5..fa387a6e9 100644 --- a/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/core/service/JmReportTokenServiceImpl.java +++ b/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/core/service/JmReportTokenServiceImpl.java @@ -3,6 +3,7 @@ package cn.iocoder.yudao.module.visualization.framework.jmreport.core.service; import cn.hutool.core.util.ObjectUtil; import cn.hutool.core.util.StrUtil; import cn.iocoder.yudao.framework.common.exception.ServiceException; +import cn.iocoder.yudao.framework.common.util.servlet.ServletUtils; import cn.iocoder.yudao.framework.security.core.LoginUser; import cn.iocoder.yudao.framework.security.core.util.SecurityFrameworkUtils; import cn.iocoder.yudao.framework.tenant.core.context.TenantContextHolder; @@ -11,7 +12,9 @@ import cn.iocoder.yudao.module.system.api.oauth2.OAuth2TokenApi; import cn.iocoder.yudao.module.system.api.oauth2.dto.OAuth2AccessTokenCheckRespDTO; import lombok.RequiredArgsConstructor; import org.jeecg.modules.jmreport.api.JmReportTokenServiceI; +import org.springframework.http.HttpHeaders; +import javax.servlet.http.HttpServletRequest; import java.util.Objects; /** @@ -22,8 +25,33 @@ import java.util.Objects; @RequiredArgsConstructor public class JmReportTokenServiceImpl implements JmReportTokenServiceI { + private static final String JM_TOKEN_HEADER = "X-Access-Token"; + /** + * 系统内置请求头 + */ + private static final String TOKEN_HEADER = "Authorization"; + /** + * auth 相关格式 + */ + private static final String AUTHORIZATION_FORMAT = "Bearer %s"; + private final OAuth2TokenApi oauth2TokenApi; + /** + * 修改请求的 head + * + * @return 新 head + */ + @Override + public HttpHeaders customApiHeader() { + HttpHeaders header = new HttpHeaders(); + HttpServletRequest request = ServletUtils.getRequest(); + String token = request.getHeader(JM_TOKEN_HEADER); + + header.add(TOKEN_HEADER, String.format(AUTHORIZATION_FORMAT, token)); + return header; + } + /** * 校验 Token 是否有效,即验证通过 * From eadb564a75b3375d401570137b68a06c15a0cd4e Mon Sep 17 00:00:00 2001 From: gaibu <1016771049@qq.com> Date: Sat, 7 Jan 2023 10:15:10 +0800 Subject: [PATCH 5/6] =?UTF-8?q?fix:=20=E7=A7=AF=E6=9C=A8=E6=8A=A5=E8=A1=A8?= =?UTF-8?q?=20API=20=E6=95=B0=E6=8D=AE=E9=9B=86=E8=A7=A3=E6=9E=90=E6=97=B6?= =?UTF-8?q?=20token=20=E6=9C=AA=E6=AD=A3=E7=A1=AE=E8=A7=A3=E6=9E=90?= =?UTF-8?q?=E7=9A=84=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../yudao/framework/common/enums/WebFilterOrderEnum.java | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/yudao-framework/yudao-common/src/main/java/cn/iocoder/yudao/framework/common/enums/WebFilterOrderEnum.java b/yudao-framework/yudao-common/src/main/java/cn/iocoder/yudao/framework/common/enums/WebFilterOrderEnum.java index 23a1f3b75..54d4be9d9 100644 --- a/yudao-framework/yudao-common/src/main/java/cn/iocoder/yudao/framework/common/enums/WebFilterOrderEnum.java +++ b/yudao-framework/yudao-common/src/main/java/cn/iocoder/yudao/framework/common/enums/WebFilterOrderEnum.java @@ -2,8 +2,8 @@ package cn.iocoder.yudao.framework.common.enums; /** * Web 过滤器顺序的枚举类,保证过滤器按照符合我们的预期 - *

- * 考虑到每个 starter 都需要用到该工具类,所以放到 common 模块下的 enums 包下 + * + * 考虑到每个 starter 都需要用到该工具类,所以放到 common 模块下的 enums 包下 * * @author 芋道源码 */ @@ -17,9 +17,7 @@ public interface WebFilterOrderEnum { // OrderedRequestContextFilter 默认为 -105,用于国际化上下文等等 - int JM_TOKEN_FILTER = -105; // 需要保证在 Spring Security 过滤前面 - - int TENANT_CONTEXT_FILTER = -104; // 需要保证在 ApiAccessLogFilter 前面 + int TENANT_CONTEXT_FILTER = - 104; // 需要保证在 ApiAccessLogFilter 前面 int API_ACCESS_LOG_FILTER = -103; // 需要保证在 RequestBodyCacheFilter 后面 From 73b1649b75dece37d078fe63fb925dcedbf12995 Mon Sep 17 00:00:00 2001 From: gaibu <1016771049@qq.com> Date: Sat, 7 Jan 2023 12:39:46 +0800 Subject: [PATCH 6/6] =?UTF-8?q?fix:=20=E7=A7=AF=E6=9C=A8=E6=8A=A5=E8=A1=A8?= =?UTF-8?q?=20API=20=E6=95=B0=E6=8D=AE=E9=9B=86=E8=A7=A3=E6=9E=90=E6=97=B6?= =?UTF-8?q?=20token=20=E6=9C=AA=E6=AD=A3=E7=A1=AE=E8=A7=A3=E6=9E=90?= =?UTF-8?q?=E7=9A=84=E9=97=AE=E9=A2=98?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../config/JmReportConfiguration.java | 5 +++-- .../service/JmReportTokenServiceImpl.java | 21 ++++++++++++------- 2 files changed, 16 insertions(+), 10 deletions(-) diff --git a/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/config/JmReportConfiguration.java b/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/config/JmReportConfiguration.java index 59510b5ff..c679d1112 100644 --- a/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/config/JmReportConfiguration.java +++ b/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/config/JmReportConfiguration.java @@ -1,5 +1,6 @@ package cn.iocoder.yudao.module.visualization.framework.jmreport.config; +import cn.iocoder.yudao.framework.security.config.SecurityProperties; import cn.iocoder.yudao.module.system.api.oauth2.OAuth2TokenApi; import cn.iocoder.yudao.module.visualization.framework.jmreport.core.service.JmReportTokenServiceImpl; import org.jeecg.modules.jmreport.api.JmReportTokenServiceI; @@ -18,8 +19,8 @@ public class JmReportConfiguration { @Bean @SuppressWarnings("SpringJavaInjectionPointsAutowiringInspection") - public JmReportTokenServiceI jmReportTokenService(OAuth2TokenApi oAuth2TokenApi) { - return new JmReportTokenServiceImpl(oAuth2TokenApi); + public JmReportTokenServiceI jmReportTokenService(OAuth2TokenApi oAuth2TokenApi, SecurityProperties securityProperties) { + return new JmReportTokenServiceImpl(oAuth2TokenApi, securityProperties); } } diff --git a/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/core/service/JmReportTokenServiceImpl.java b/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/core/service/JmReportTokenServiceImpl.java index fa387a6e9..22c4a19c8 100644 --- a/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/core/service/JmReportTokenServiceImpl.java +++ b/yudao-module-visualization/yudao-module-visualization-biz/src/main/java/cn/iocoder/yudao/module/visualization/framework/jmreport/core/service/JmReportTokenServiceImpl.java @@ -4,6 +4,7 @@ import cn.hutool.core.util.ObjectUtil; import cn.hutool.core.util.StrUtil; import cn.iocoder.yudao.framework.common.exception.ServiceException; import cn.iocoder.yudao.framework.common.util.servlet.ServletUtils; +import cn.iocoder.yudao.framework.security.config.SecurityProperties; import cn.iocoder.yudao.framework.security.core.LoginUser; import cn.iocoder.yudao.framework.security.core.util.SecurityFrameworkUtils; import cn.iocoder.yudao.framework.tenant.core.context.TenantContextHolder; @@ -25,31 +26,35 @@ import java.util.Objects; @RequiredArgsConstructor public class JmReportTokenServiceImpl implements JmReportTokenServiceI { - private static final String JM_TOKEN_HEADER = "X-Access-Token"; /** - * 系统内置请求头 + * 积木 token head 头 */ - private static final String TOKEN_HEADER = "Authorization"; + private static final String JM_TOKEN_HEADER = "X-Access-Token"; /** * auth 相关格式 */ - private static final String AUTHORIZATION_FORMAT = "Bearer %s"; + private static final String AUTHORIZATION_FORMAT = SecurityFrameworkUtils.AUTHORIZATION_BEARER + " %s"; private final OAuth2TokenApi oauth2TokenApi; + private final SecurityProperties securityProperties; + /** - * 修改请求的 head + * 自定义 API 数据集appian自定义 Header,解决 Token 传递。 + * 参考 api数据集token机制详解 文档 * * @return 新 head */ @Override public HttpHeaders customApiHeader() { - HttpHeaders header = new HttpHeaders(); + // 读取积木标标系统的 token HttpServletRequest request = ServletUtils.getRequest(); String token = request.getHeader(JM_TOKEN_HEADER); - header.add(TOKEN_HEADER, String.format(AUTHORIZATION_FORMAT, token)); - return header; + // 设置到 yudao 系统的 token + HttpHeaders headers = new HttpHeaders(); + headers.add(securityProperties.getTokenHeader(), String.format(AUTHORIZATION_FORMAT, token)); + return headers; } /**