|
|
@@ -11,6 +11,7 @@ import com.inspur.smsb.gateway.config.AnonymousPathProperties;
|
|
|
import com.inspur.smsb.gateway.dto.KeycloakGroupsDto;
|
|
|
import com.inspur.smsb.gateway.dto.KeycloakUserDto;
|
|
|
import com.inspur.smsb.gateway.utils.HttpClientUtil;
|
|
|
+import com.inspur.smsb.gateway.utils.TokenParseUtil;
|
|
|
import com.nimbusds.jose.JWSObject;
|
|
|
import lombok.extern.slf4j.Slf4j;
|
|
|
import org.springframework.beans.factory.annotation.Autowired;
|
|
|
@@ -58,6 +59,7 @@ public class WebFluxUserRequestInfoFilter implements GlobalFilter {
|
|
|
private String adminUserId;
|
|
|
private static final String ROLE_SUPER_ADMIN = "ROLE_SUPER_ADMIN";
|
|
|
private static final String ROLE_ADMIN = "ROLE_ADMIN";
|
|
|
+ private static final String UNIFIED_TOKEN_HEADER = "UnifiedToken";
|
|
|
|
|
|
@Value("${wxapplet.secret}")
|
|
|
private String secret;
|
|
|
@@ -189,6 +191,10 @@ public class WebFluxUserRequestInfoFilter implements GlobalFilter {
|
|
|
if (isWxAppletRequest(exchange.getRequest()) && isEncryptedRequest(exchange.getRequest())) {
|
|
|
return chain.filter(exchange);
|
|
|
}
|
|
|
+ // 统管token鉴权
|
|
|
+ if (isValidUnifiedRequest(exchange.getRequest())) {
|
|
|
+ return chain.filter(exchange);
|
|
|
+ }
|
|
|
exchange.getResponse().setStatusCode(HttpStatus.FORBIDDEN);
|
|
|
return exchange.getResponse().setComplete();
|
|
|
}
|
|
|
@@ -285,6 +291,15 @@ public class WebFluxUserRequestInfoFilter implements GlobalFilter {
|
|
|
}
|
|
|
}
|
|
|
|
|
|
+ private boolean isValidUnifiedRequest(ServerHttpRequest request) {
|
|
|
+ String jwtToken = request.getHeaders().getFirst(UNIFIED_TOKEN_HEADER);
|
|
|
+ if (!StringUtils.hasText(jwtToken)) {
|
|
|
+ return false;
|
|
|
+ }
|
|
|
+
|
|
|
+ return TokenParseUtil.verityToken(jwtToken);
|
|
|
+ }
|
|
|
+
|
|
|
/**
|
|
|
* 无权限访问
|
|
|
*/
|
lijiaqi