1. 修复 token 过期时,网关继续网关

2. 修复 swagger 重复带了前缀
3. 修复 bpm 模块的 security 配置错误
pull/15/MERGE
YunaiV 2022-12-30 12:42:20 +08:00
parent 31bbcecb36
commit 380ef717d7
4 changed files with 59 additions and 2 deletions

View File

@ -16,12 +16,14 @@ import org.springframework.cloud.client.loadbalancer.reactive.ReactorLoadBalance
import org.springframework.cloud.gateway.filter.GatewayFilterChain; import org.springframework.cloud.gateway.filter.GatewayFilterChain;
import org.springframework.cloud.gateway.filter.GlobalFilter; import org.springframework.cloud.gateway.filter.GlobalFilter;
import org.springframework.core.Ordered; import org.springframework.core.Ordered;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import org.springframework.web.reactive.function.client.WebClient; import org.springframework.web.reactive.function.client.WebClient;
import org.springframework.web.server.ServerWebExchange; import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono; import reactor.core.publisher.Mono;
import java.time.Duration; import java.time.Duration;
import java.util.Objects;
import java.util.function.Function; import java.util.function.Function;
/** /**
@ -43,7 +45,9 @@ public class TokenAuthenticationFilter implements GlobalFilter, Ordered {
/** /**
* LoginUser * LoginUser
* *
* TODO getLoginUser Mono.empty() flatMap ing *
* 1. {@link #getLoginUser(ServerWebExchange, String)} Mono.empty() flatMap
* 2. {@link #buildUser(String)} Token LOGIN_USER_EMPTY
*/ */
private static final LoginUser LOGIN_USER_EMPTY = new LoginUser(); private static final LoginUser LOGIN_USER_EMPTY = new LoginUser();
@ -131,10 +135,19 @@ public class TokenAuthenticationFilter implements GlobalFilter, Ordered {
} }
private LoginUser buildUser(String body) { private LoginUser buildUser(String body) {
// 处理结果,结果不正确
CommonResult<OAuth2AccessTokenCheckRespDTO> result = JsonUtils.parseObject(body, CHECK_RESULT_TYPE_REFERENCE); CommonResult<OAuth2AccessTokenCheckRespDTO> result = JsonUtils.parseObject(body, CHECK_RESULT_TYPE_REFERENCE);
if (result == null || result.isError()) { if (result == null) {
return null; return null;
} }
if (result.isError()) {
// 特殊情况令牌已经过期code = 401需要返回 LOGIN_USER_EMPTY避免 Token 一直因为缓存,被误判为有效
if (Objects.equals(result.getCode(), HttpStatus.UNAUTHORIZED.value())) {
return LOGIN_USER_EMPTY;
}
return null;
}
// 创建登录用户 // 创建登录用户
OAuth2AccessTokenCheckRespDTO tokenInfo = result.getData(); OAuth2AccessTokenCheckRespDTO tokenInfo = result.getData();
return new LoginUser().setId(tokenInfo.getUserId()).setUserType(tokenInfo.getUserType()) return new LoginUser().setId(tokenInfo.getUserId()).setUserType(tokenInfo.getUserType())

View File

@ -37,3 +37,5 @@ spring:
- Path=/admin-api/bpm/** - Path=/admin-api/bpm/**
filters: filters:
- RewritePath=/admin-api/bpm/v2/api-docs, /v2/api-docs - RewritePath=/admin-api/bpm/v2/api-docs, /v2/api-docs
x-forwarded:
prefix-enabled: false # 避免 Swagger 重复带上额外的 /admin-api/system 前缀

View File

@ -0,0 +1,38 @@
package cn.iocoder.yudao.module.bpm.framework.security.config;
import cn.iocoder.yudao.framework.security.config.AuthorizeRequestsCustomizer;
import cn.iocoder.yudao.module.system.enums.ApiConstants;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
/**
* System Security
*/
@Configuration(proxyBeanMethods = false, value = "systemSecurityConfiguration")
public class SecurityConfiguration {
@Bean("systemAuthorizeRequestsCustomizer")
public AuthorizeRequestsCustomizer authorizeRequestsCustomizer() {
return new AuthorizeRequestsCustomizer() {
@Override
public void customize(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry) {
// TODO 芋艿:这个每个项目都需要重复配置,得捉摸有没通用的方案
// Swagger 接口文档
registry.antMatchers("/swagger-ui.html").anonymous()
.antMatchers("/swagger-resources/**").anonymous()
.antMatchers("/webjars/**").anonymous()
.antMatchers("/*/api-docs").anonymous();
// Spring Boot Actuator 的安全配置
registry.antMatchers("/actuator").anonymous()
.antMatchers("/actuator/**").anonymous();
// RPC 服务的安全配置
registry.antMatchers(ApiConstants.PREFIX + "/**").permitAll();
}
};
}
}

View File

@ -0,0 +1,4 @@
/**
*
*/
package cn.iocoder.yudao.module.bpm.framework.security.core;