From 57723b9ca18f987710bd1499e10f895381ce13c7 Mon Sep 17 00:00:00 2001 From: RuoYi Date: Mon, 8 Jun 2020 09:37:58 +0800 Subject: [PATCH] =?UTF-8?q?=E7=BD=91=E5=85=B3=E9=AA=8C=E8=AF=81=E7=A0=81?= =?UTF-8?q?=E8=BF=87=E6=BB=A4=E5=99=A8=E6=B7=BB=E5=8A=A0=E6=94=BE=E8=A1=8C?= =?UTF-8?q?=E6=A0=A1=E9=AA=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../core/constant/SecurityConstants.java | 5 +++ .../feign/OAuth2FeignRequestInterceptor.java | 10 +++--- .../properties/IgnoreClientProperties.java | 33 ------------------- .../gateway/filter/ValidateCodeFilter.java | 19 +++++++++-- 4 files changed, 26 insertions(+), 41 deletions(-) delete mode 100644 ruoyi-gateway/src/main/java/com/ruoyi/gateway/config/properties/IgnoreClientProperties.java diff --git a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/SecurityConstants.java b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/SecurityConstants.java index d0c5cbb31..87f4735b9 100644 --- a/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/SecurityConstants.java +++ b/ruoyi-common/ruoyi-common-core/src/main/java/com/ruoyi/common/core/constant/SecurityConstants.java @@ -7,6 +7,11 @@ package com.ruoyi.common.core.constant; */ public class SecurityConstants { + /** + * 令牌类型 + */ + public static final String BEARER_TOKEN_TYPE = "Bearer"; + /** * 授权token url */ diff --git a/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/feign/OAuth2FeignRequestInterceptor.java b/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/feign/OAuth2FeignRequestInterceptor.java index 6009916af..baf60835b 100644 --- a/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/feign/OAuth2FeignRequestInterceptor.java +++ b/ruoyi-common/ruoyi-common-security/src/main/java/com/ruoyi/common/security/feign/OAuth2FeignRequestInterceptor.java @@ -1,10 +1,12 @@ package com.ruoyi.common.security.feign; +import org.springframework.http.HttpHeaders; import org.springframework.security.core.Authentication; import org.springframework.security.core.context.SecurityContext; import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails; import org.springframework.stereotype.Component; +import com.ruoyi.common.core.constant.SecurityConstants; import feign.RequestInterceptor; import feign.RequestTemplate; @@ -16,10 +18,6 @@ import feign.RequestTemplate; @Component public class OAuth2FeignRequestInterceptor implements RequestInterceptor { - private final String AUTHORIZATION_HEADER = "Authorization"; - - private final String BEARER_TOKEN_TYPE = "Bearer"; - @Override public void apply(RequestTemplate requestTemplate) { @@ -28,8 +26,8 @@ public class OAuth2FeignRequestInterceptor implements RequestInterceptor if (authentication != null && authentication.getDetails() instanceof OAuth2AuthenticationDetails) { OAuth2AuthenticationDetails dateils = (OAuth2AuthenticationDetails) authentication.getDetails(); - requestTemplate.header(AUTHORIZATION_HEADER, - String.format("%s %s", BEARER_TOKEN_TYPE, dateils.getTokenValue())); + requestTemplate.header(HttpHeaders.AUTHORIZATION, + String.format("%s %s", SecurityConstants.BEARER_TOKEN_TYPE, dateils.getTokenValue())); } } } \ No newline at end of file diff --git a/ruoyi-gateway/src/main/java/com/ruoyi/gateway/config/properties/IgnoreClientProperties.java b/ruoyi-gateway/src/main/java/com/ruoyi/gateway/config/properties/IgnoreClientProperties.java deleted file mode 100644 index 7d6c98508..000000000 --- a/ruoyi-gateway/src/main/java/com/ruoyi/gateway/config/properties/IgnoreClientProperties.java +++ /dev/null @@ -1,33 +0,0 @@ -package com.ruoyi.gateway.config.properties; - -import java.util.ArrayList; -import java.util.List; -import org.springframework.boot.context.properties.ConfigurationProperties; -import org.springframework.cloud.context.config.annotation.RefreshScope; -import org.springframework.context.annotation.Configuration; - -/** - * 放行终端配置 - * - * @author ruoyi - */ -@Configuration -@RefreshScope -@ConfigurationProperties(prefix = "ignore") -public class IgnoreClientProperties -{ - /** - * 放行终端配置,网关不校验此处的终端 - */ - private List clients = new ArrayList<>(); - - public List getClients() - { - return clients; - } - - public void setClients(List clients) - { - this.clients = clients; - } -} diff --git a/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/ValidateCodeFilter.java b/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/ValidateCodeFilter.java index 8d6a8a56a..cc4d673cc 100644 --- a/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/ValidateCodeFilter.java +++ b/ruoyi-gateway/src/main/java/com/ruoyi/gateway/filter/ValidateCodeFilter.java @@ -3,6 +3,7 @@ package com.ruoyi.gateway.filter; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.cloud.gateway.filter.GatewayFilter; import org.springframework.cloud.gateway.filter.factory.AbstractGatewayFilterFactory; +import org.springframework.http.HttpHeaders; import org.springframework.http.server.reactive.ServerHttpRequest; import org.springframework.http.server.reactive.ServerHttpResponse; import org.springframework.stereotype.Component; @@ -25,6 +26,12 @@ public class ValidateCodeFilter extends AbstractGatewayFilterFactory @Autowired private ValidateCodeService validateCodeService; + private static final String BASIC_ = "Basic "; + + private static final String CODE = "code"; + + private static final String UUID = "uuid"; + @Override public GatewayFilter apply(Object config) { @@ -36,10 +43,18 @@ public class ValidateCodeFilter extends AbstractGatewayFilterFactory { return chain.filter(exchange); } + + // 消息头存在内容,且不存在验证码参数,不处理 + String header = request.getHeaders().getFirst(HttpHeaders.AUTHORIZATION); + if (StringUtils.isNotEmpty(header) && StringUtils.startsWith(header, BASIC_) + && !request.getQueryParams().containsKey(CODE) && !request.getQueryParams().containsKey(UUID)) + { + return chain.filter(exchange); + } try { - validateCodeService.checkCapcha(request.getQueryParams().getFirst("code"), - request.getQueryParams().getFirst("uuid")); + validateCodeService.checkCapcha(request.getQueryParams().getFirst(CODE), + request.getQueryParams().getFirst(UUID)); } catch (Exception e) {