1. 修复 token 过期时,网关继续网关

2. 修复 swagger 重复带了前缀
3. 修复 bpm 模块的 security 配置错误
This commit is contained in:
YunaiV 2022-12-30 12:42:20 +08:00
parent 31bbcecb36
commit 380ef717d7
4 changed files with 59 additions and 2 deletions

View File

@ -16,12 +16,14 @@ import org.springframework.cloud.client.loadbalancer.reactive.ReactorLoadBalance
import org.springframework.cloud.gateway.filter.GatewayFilterChain; import org.springframework.cloud.gateway.filter.GatewayFilterChain;
import org.springframework.cloud.gateway.filter.GlobalFilter; import org.springframework.cloud.gateway.filter.GlobalFilter;
import org.springframework.core.Ordered; import org.springframework.core.Ordered;
import org.springframework.http.HttpStatus;
import org.springframework.stereotype.Component; import org.springframework.stereotype.Component;
import org.springframework.web.reactive.function.client.WebClient; import org.springframework.web.reactive.function.client.WebClient;
import org.springframework.web.server.ServerWebExchange; import org.springframework.web.server.ServerWebExchange;
import reactor.core.publisher.Mono; import reactor.core.publisher.Mono;
import java.time.Duration; import java.time.Duration;
import java.util.Objects;
import java.util.function.Function; import java.util.function.Function;
/** /**
@ -43,7 +45,9 @@ public class TokenAuthenticationFilter implements GlobalFilter, Ordered {
/** /**
* 空的 LoginUser 的结果 * 空的 LoginUser 的结果
* *
* TODO 芋艿用于解决 getLoginUser 返回 Mono.empty() 的时候会导致后续的 flatMap 无法进行处理的问题先暂时这么解决寻找更优解 ing * 用于解决如下问题
* 1. {@link #getLoginUser(ServerWebExchange, String)} 返回 Mono.empty() 会导致后续的 flatMap 无法进行处理的问题
* 2. {@link #buildUser(String)} 如果 Token 已经过期返回 LOGIN_USER_EMPTY 对象避免缓存无法刷新
*/ */
private static final LoginUser LOGIN_USER_EMPTY = new LoginUser(); private static final LoginUser LOGIN_USER_EMPTY = new LoginUser();
@ -131,10 +135,19 @@ public class TokenAuthenticationFilter implements GlobalFilter, Ordered {
} }
private LoginUser buildUser(String body) { private LoginUser buildUser(String body) {
// 处理结果结果不正确
CommonResult<OAuth2AccessTokenCheckRespDTO> result = JsonUtils.parseObject(body, CHECK_RESULT_TYPE_REFERENCE); CommonResult<OAuth2AccessTokenCheckRespDTO> result = JsonUtils.parseObject(body, CHECK_RESULT_TYPE_REFERENCE);
if (result == null || result.isError()) { if (result == null) {
return null; return null;
} }
if (result.isError()) {
// 特殊情况令牌已经过期code = 401需要返回 LOGIN_USER_EMPTY避免 Token 一直因为缓存被误判为有效
if (Objects.equals(result.getCode(), HttpStatus.UNAUTHORIZED.value())) {
return LOGIN_USER_EMPTY;
}
return null;
}
// 创建登录用户 // 创建登录用户
OAuth2AccessTokenCheckRespDTO tokenInfo = result.getData(); OAuth2AccessTokenCheckRespDTO tokenInfo = result.getData();
return new LoginUser().setId(tokenInfo.getUserId()).setUserType(tokenInfo.getUserType()) return new LoginUser().setId(tokenInfo.getUserId()).setUserType(tokenInfo.getUserType())

View File

@ -37,3 +37,5 @@ spring:
- Path=/admin-api/bpm/** - Path=/admin-api/bpm/**
filters: filters:
- RewritePath=/admin-api/bpm/v2/api-docs, /v2/api-docs - RewritePath=/admin-api/bpm/v2/api-docs, /v2/api-docs
x-forwarded:
prefix-enabled: false # 避免 Swagger 重复带上额外的 /admin-api/system 前缀

View File

@ -0,0 +1,38 @@
package cn.iocoder.yudao.module.bpm.framework.security.config;
import cn.iocoder.yudao.framework.security.config.AuthorizeRequestsCustomizer;
import cn.iocoder.yudao.module.system.enums.ApiConstants;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
/**
* System 模块的 Security 配置
*/
@Configuration(proxyBeanMethods = false, value = "systemSecurityConfiguration")
public class SecurityConfiguration {
@Bean("systemAuthorizeRequestsCustomizer")
public AuthorizeRequestsCustomizer authorizeRequestsCustomizer() {
return new AuthorizeRequestsCustomizer() {
@Override
public void customize(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry) {
// TODO 芋艿这个每个项目都需要重复配置得捉摸有没通用的方案
// Swagger 接口文档
registry.antMatchers("/swagger-ui.html").anonymous()
.antMatchers("/swagger-resources/**").anonymous()
.antMatchers("/webjars/**").anonymous()
.antMatchers("/*/api-docs").anonymous();
// Spring Boot Actuator 的安全配置
registry.antMatchers("/actuator").anonymous()
.antMatchers("/actuator/**").anonymous();
// RPC 服务的安全配置
registry.antMatchers(ApiConstants.PREFIX + "/**").permitAll();
}
};
}
}

View File

@ -0,0 +1,4 @@
/**
* 占位
*/
package cn.iocoder.yudao.module.bpm.framework.security.core;