Home Explore Help
Register Sign In
lihao16
/
smsb-gateway-84
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

feat:修复退出登陆时,token不能即时失效问题,暂时注销,屏管家单台服务器专用

zhuyapeng 2 years ago
parent
471724935f
commit
26a5c57b5b
2 changed files with 109 additions and 0 deletions
Unified View Show Diff Stats
  1. 26 0
      src/main/java/com/inspur/smsb/gateway/filter/WebFluxUserRequestInfoFilter.java
  2. 83 0
      src/main/java/com/inspur/smsb/gateway/utils/ExpiredMapUtil.java

+ 26 - 0
src/main/java/com/inspur/smsb/gateway/filter/WebFluxUserRequestInfoFilter.java
View File 

@@ -2,6 +2,7 @@ package com.inspur.smsb.gateway.filter;
 
 
 
 import com.alibaba.fastjson.JSONArray;
 
 import com.alibaba.fastjson.JSONArray;
 
 import com.alibaba.fastjson.JSONObject;
 
 import com.alibaba.fastjson.JSONObject;
 
+import com.fasterxml.jackson.databind.ObjectMapper;
 
 import com.google.common.base.Strings;
 
 import com.google.common.base.Strings;
 
 import com.inspur.smsb.gateway.dto.KeycloakUserDto;
 
 import com.inspur.smsb.gateway.dto.KeycloakUserDto;
 
 import com.inspur.smsb.gateway.utils.HttpClientUtil;
 
 import com.inspur.smsb.gateway.utils.HttpClientUtil;
 
@@ -18,6 +19,7 @@ import org.springframework.util.StringUtils;
 
 import org.springframework.web.server.ServerWebExchange;
 
 import org.springframework.web.server.ServerWebExchange;
 
 import reactor.core.publisher.Mono;
 
 import reactor.core.publisher.Mono;
 
 
 
+import javax.annotation.Resource;
 
 import java.text.ParseException;
 
 import java.text.ParseException;
 
 import java.util.ArrayList;
 
 import java.util.ArrayList;
 
 import java.util.List;
 
 import java.util.List;
 
@@ -45,6 +47,9 @@ public class WebFluxUserRequestInfoFilter implements GlobalFilter {
 
     @Value("${keycloak.adminUserId}")
 
     @Value("${keycloak.adminUserId}")
 
     private String adminUserId;
 
     private String adminUserId;
 
 
 
+    @Resource
 
+    private ObjectMapper objectMapper;
 
+
 
     @Override
 
     @Override
 
     public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
 
     public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
 
         String wxAppletId = exchange.getRequest().getHeaders().getFirst("WxAppletId");
 
         String wxAppletId = exchange.getRequest().getHeaders().getFirst("WxAppletId");
 
@@ -85,6 +90,27 @@ public class WebFluxUserRequestInfoFilter implements GlobalFilter {
 
                 if (Strings.isNullOrEmpty(token)) {
 
                 if (Strings.isNullOrEmpty(token)) {
 
                     return chain.filter(exchange);
 
                     return chain.filter(exchange);
 
                 }
 
                 }
 
+                // 由于漏洞扫描发现退出登陆后,token在一定时间范围内还是有效,故此处做黑名单限制,
 
+                // 前端退出登陆时调用下/keycloak/userLogout接口,本接口仅做token存入黑名单操作,不涉及具体业务
 
+//                String logoutMd5 = DigestUtils.md5DigestAsHex(token.getBytes());
 
+//                if(exchange.getRequest().getURI().getPath().contains("userLogout")) {
 
+//                    log.warn("user logout logout={}",logoutMd5);
 
+//                    ExpiredMapUtil.put(logoutMd5,logoutMd5,ExpiredMapUtil.CACHE_HOLD_TIME_5M);
 
+//                }
 
+//                if(Objects.nonNull(ExpiredMapUtil.get(logoutMd5))) {
 
+//                    ServerHttpResponse response = exchange.getResponse();
 
+//                    response.getHeaders().setContentType(MediaType.APPLICATION_JSON);
 
+//                    return response.writeWith(Mono.fromSupplier(() -> {
 
+//                        DataBufferFactory bufferFactory = response.bufferFactory();
 
+//                        try {
 
+//                            return bufferFactory.wrap(objectMapper.writeValueAsBytes(Response.buildFailure(String.valueOf(HttpStatus.PRECONDITION_FAILED.value()), "无访问权限")));
 
+//                        } catch (JsonProcessingException e) {
 
+//                            log.error("Error writing response", e);
 
+//                            return bufferFactory.wrap(new byte[0]);
 
+//                        }
 
+//                    }));
 
+//                }
 
+
 
                 String realToken = token.replace("Bearer ", "");
 
                 String realToken = token.replace("Bearer ", "");
 
                 JWSObject jwsObject = JWSObject.parse(realToken);
 
                 JWSObject jwsObject = JWSObject.parse(realToken);

+ 83 - 0
src/main/java/com/inspur/smsb/gateway/utils/ExpiredMapUtil.java
View File 

@@ -0,0 +1,83 @@
 
+package com.inspur.smsb.gateway.utils;
 
+
 
+import java.util.Map;
 
+import java.util.concurrent.ConcurrentHashMap;
 
+
 
+/**
 
+ * @author zhuyapeng
 
+ * @time 2023/9/14 9:25
 
+ */
 
+public class ExpiredMapUtil {
 
+
 
+    /**
 
+     * 预缓存信息
 
+     */
 
+    private static final Map<String, Object> CACHE_MAP = new ConcurrentHashMap<>();
 
+
 
+    /**
 
+     * 每个缓存生效时间5分钟
 
+     */
 
+    public static final long CACHE_HOLD_TIME_5M = 5 * 60 * 1000L;
 
+
 
+    public static final String HOLD_TIME = "_HoldTime";
 
+
 
+    /**
 
+     * 存放一个缓存对象,保存时间为holdTime
 
+     *
 
+     * @param cacheName
 
+     * @param obj
 
+     * @param holdTime
 
+     */
 
+    public static void put(String cacheName, Object obj, long holdTime) {
 
+        if (checkCacheName(cacheName)) {
 
+            return;
 
+        }
 
+        CACHE_MAP.put(cacheName, obj);
 
+        //缓存失效时间
 
+        CACHE_MAP.put(cacheName + HOLD_TIME, System.currentTimeMillis() + holdTime);
 
+    }
 
+
 
+    /**
 
+     * 取出一个缓存对象
 
+     *
 
+     * @param cacheName
 
+     * @return
 
+     */
 
+    public static Object get(String cacheName) {
 
+        if (checkCacheName(cacheName)) {
 
+            return CACHE_MAP.get(cacheName);
 
+        }
 
+        return null;
 
+    }
 
+
 
+    /**
 
+     * 删除某个缓存
 
+     *
 
+     * @param cacheName
 
+     */
 
+    public static void remove(String cacheName) {
 
+        CACHE_MAP.remove(cacheName);
 
+        CACHE_MAP.remove(cacheName + HOLD_TIME);
 
+    }
 
+
 
+    /**
 
+     * 检查缓存对象是否存在,
 
+     * 若不存在,则返回false
 
+     * 若存在,检查其是否已过有效期,如果已经过了则删除该缓存并返回false
 
+     *
 
+     * @param cacheName
 
+     * @return
 
+     */
 
+    public static boolean checkCacheName(String cacheName) {
 
+        Long cacheHoldTime = (Long) CACHE_MAP.get(cacheName + HOLD_TIME);
 
+        if (cacheHoldTime == null || cacheHoldTime == 0L) {
 
+            return false;
 
+        }
 
+        if (cacheHoldTime < System.currentTimeMillis()) {
 
+            remove(cacheName);
 
+            return false;
 
+        }
 
+        return true;
 
+    }
 
+
 
+}