lbqms.git - Gitblit

			@@ -1,22 +1,26 @@
			package org.dromara.common.security.config;

			import cn.dev33.satoken.exception.NotLoginException;
			import cn.dev33.satoken.filter.SaServletFilter;
			import cn.dev33.satoken.httpauth.basic.SaHttpBasicUtil;
			import cn.dev33.satoken.interceptor.SaInterceptor;
			import cn.dev33.satoken.router.SaRouter;
			import cn.dev33.satoken.stp.StpUtil;
			import cn.dev33.satoken.util.SaResult;
			import jakarta.servlet.http.HttpServletRequest;
			import jakarta.servlet.http.HttpServletResponse;
			import lombok.RequiredArgsConstructor;
			import lombok.extern.slf4j.Slf4j;
			import org.dromara.common.core.constant.HttpStatus;
			import org.dromara.common.core.exception.SseException;
			import org.dromara.common.core.utils.ServletUtils;
			import org.dromara.common.core.utils.SpringUtils;
			import org.dromara.common.core.utils.StringUtils;
			import org.dromara.common.satoken.utils.LoginHelper;
			import org.dromara.common.core.context.ThreadLocalHolder;
			import org.dromara.common.security.config.properties.SecurityProperties;
			import org.dromara.common.security.handler.AllUrlHandler;
			import lombok.RequiredArgsConstructor;
			import lombok.extern.slf4j.Slf4j;
			import org.springframework.boot.autoconfigure.AutoConfiguration;
			import org.springframework.boot.context.properties.EnableConfigurationProperties;
			import org.springframework.context.annotation.Bean;
			import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
			import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;

			@@ -48,11 +52,20 @@
			.match(allUrlHandler.getUrls())
			// 对未排除的路径进行检查
			.check(() -> {
			HttpServletRequest request = ServletUtils.getRequest();
			// 检查是否登录是否有token
			StpUtil.checkLogin();
			try {
			StpUtil.checkLogin();
			} catch (NotLoginException e) {
			if (request.getRequestURI().contains("sse")) {
			throw new SseException(e.getMessage(), e.getCode());
			} else {
			throw e;
			}
			}

			// 检查 header 与 param 里的 clientid 与 token 里的是否一致
			String headerCid = ServletUtils.getRequest().getHeader(LoginHelper.CLIENT_KEY);
			String headerCid = request.getHeader(LoginHelper.CLIENT_KEY);
			String paramCid = ServletUtils.getParameter(LoginHelper.CLIENT_KEY);
			String clientId = StpUtil.getExtra(LoginHelper.CLIENT_KEY).toString();
			if (!StringUtils.equalsAny(clientId, headerCid, paramCid)) {
			@@ -62,9 +75,6 @@
			StpUtil.getTokenValue());
			}

			// 保存用户信息
			ThreadLocalHolder.set(LoginHelper.LOGIN_USER_KEY, LoginHelper.getLoginUser());

			// 有效率影响用于临时测试
			// if (log.isDebugEnabled()) {
			// log.info("剩余有效时间: {}", StpUtil.getTokenTimeout());
			@@ -72,15 +82,24 @@
			// }

			});
			})
			{
			@Override
			public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
			ThreadLocalHolder.remove(LoginHelper.LOGIN_USER_KEY);
			}
			}).addPathPatterns("/**")
			})).addPathPatterns("/**")
			// 排除不需要拦截的路径
			.excludePathPatterns(securityProperties.getExcludes());
			}

			/**
			* 对 actuator 健康检查接口做账号密码鉴权
			*/
			@Bean
			public SaServletFilter getSaServletFilter() {
			String username = SpringUtils.getProperty("spring.boot.admin.client.username");
			String password = SpringUtils.getProperty("spring.boot.admin.client.password");
			return new SaServletFilter()
			.addInclude("/actuator", "/actuator/**")
			.setAuth(obj -> {
			SaHttpBasicUtil.check(username + ":" + password);
			})
			.setError(e -> SaResult.error(e.getMessage()).setCode(HttpStatus.UNAUTHORIZED));
			}

			}