From 644bc7a94a78b45f17f51788799de526987ecd18 Mon Sep 17 00:00:00 2001 From: fengshuonan Date: Sun, 16 Oct 2022 23:58:09 +0800 Subject: [PATCH] =?UTF-8?q?=E3=80=907.2.5=E3=80=91=E3=80=90auth=E3=80=91?= =?UTF-8?q?=E6=9B=B4=E6=96=B0=E7=99=BB=E5=BD=95=E6=97=B6=E5=AF=86=E7=A0=81?= =?UTF-8?q?=E5=8A=A0=E5=AF=86=E7=9A=84=E6=A0=A1=E9=AA=8C=E5=BC=80=E5=85=B3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- kernel-d-auth/auth-api/pom.xml | 8 +++++++ .../roses/kernel/auth/api/AuthServiceApi.java | 4 +++- .../auth/api/expander/AuthConfigExpander.java | 12 ++++++++++ .../kernel/auth/auth/AuthServiceImpl.java | 23 +++++++++++++++---- 4 files changed, 41 insertions(+), 6 deletions(-) diff --git a/kernel-d-auth/auth-api/pom.xml b/kernel-d-auth/auth-api/pom.xml index 5fa36f9c4..260e0d4e8 100644 --- a/kernel-d-auth/auth-api/pom.xml +++ b/kernel-d-auth/auth-api/pom.xml @@ -17,6 +17,14 @@ + + + + cn.stylefeng.roses + jwt-api + ${roses.version} + + com.fasterxml.jackson.core diff --git a/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/AuthServiceApi.java b/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/AuthServiceApi.java index 9aa621e14..25b20e574 100644 --- a/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/AuthServiceApi.java +++ b/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/AuthServiceApi.java @@ -28,6 +28,7 @@ import cn.stylefeng.roses.kernel.auth.api.exception.AuthException; import cn.stylefeng.roses.kernel.auth.api.pojo.auth.LoginRequest; import cn.stylefeng.roses.kernel.auth.api.pojo.auth.LoginResponse; import cn.stylefeng.roses.kernel.auth.api.pojo.auth.LoginWithTokenRequest; +import cn.stylefeng.roses.kernel.jwt.api.pojo.payload.DefaultJwtPayload; /** * 认证服务的接口,包括基本的登录退出操作和校验token等操作 @@ -98,11 +99,12 @@ public interface AuthServiceApi { * 结果有三种,第一是jwt过期了,第二是用户随便写的错误token,第三种是token正确,token正确不会抛出异常 * * @param token 某个用户的登录token + * @return token解析出的用户基本信息 * @throws AuthException 认证异常,如果token错误或过期,会有相关的异常抛出 * @author fengshuonan * @date 2020/10/19 14:16 */ - void validateToken(String token) throws AuthException; + DefaultJwtPayload validateToken(String token) throws AuthException; /** * 校验用户是否认证通过,认证是校验token的过程,校验失败会抛出异常 diff --git a/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/expander/AuthConfigExpander.java b/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/expander/AuthConfigExpander.java index 49e333d00..7780d99fa 100644 --- a/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/expander/AuthConfigExpander.java +++ b/kernel-d-auth/auth-api/src/main/java/cn/stylefeng/roses/kernel/auth/api/expander/AuthConfigExpander.java @@ -235,4 +235,16 @@ public class AuthConfigExpander { return ConfigContext.me().getSysConfigValueWithDefault("SYS_AUTH_SSO_HOST", String.class, SYS_AUTH_SSO_HOST); } + /** + * 登录密码是否进行RSA加密校验,默认关闭 + *

+ * 需要前端配合加密后再打开开关 + * + * @author fengshuonan + * @date 2022/10/16 23:28 + */ + public static Boolean getPasswordRsaValidateFlag() { + return ConfigContext.me().getSysConfigValueWithDefault("SYS_AUTH_PASSWORD_RSA_VALIDATE", Boolean.class, false); + } + } diff --git a/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/auth/AuthServiceImpl.java b/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/auth/AuthServiceImpl.java index 34b69d08d..72e9fb186 100644 --- a/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/auth/AuthServiceImpl.java +++ b/kernel-d-auth/auth-sdk/src/main/java/cn/stylefeng/roses/kernel/auth/auth/AuthServiceImpl.java @@ -216,16 +216,26 @@ public class AuthServiceImpl implements AuthServiceApi { } @Override - public void validateToken(String token) throws AuthException { + public DefaultJwtPayload validateToken(String token) throws AuthException { try { // 1. 先校验jwt token本身是否有问题 JwtContext.me().validateTokenWithException(token); - // 2. 判断session里是否有这个token + // 2. 获取jwt的payload + DefaultJwtPayload defaultPayload = JwtContext.me().getDefaultPayload(token); + + // 3. 如果是7天免登陆,则不校验session过期 + if (defaultPayload.getRememberMe()) { + return defaultPayload; + } + + // 4. 判断session里是否有这个token LoginUser session = sessionManagerApi.getSession(token); if (session == null) { throw new AuthException(AUTH_EXPIRED_ERROR); } + + return defaultPayload; } catch (JwtException jwtException) { // jwt token本身过期的话,返回 AUTH_EXPIRED_ERROR if (JwtExceptionEnum.JWT_EXPIRED_ERROR.getErrorCode().equals(jwtException.getErrorCode())) { @@ -316,8 +326,11 @@ public class AuthServiceImpl implements AuthServiceApi { throw new ScannerException(ScannerExceptionEnum.SYSTEM_RESOURCE_URL_NOT_INIT); } - // 3. 解密密码的密文 - String decryptPassword = passwordTransferEncryptApi.decrypt(loginRequest.getPassword()); + // 3. 解密密码的密文,需要sys_config相关配置打开 + if (loginRequest.getPassword() != null && AuthConfigExpander.getPasswordRsaValidateFlag()) { + String decryptPassword = passwordTransferEncryptApi.decrypt(loginRequest.getPassword()); + loginRequest.setPassword(decryptPassword); + } // 4. 如果开启了单点登录,并且CaToken没有值,走单点登录,获取loginCode if (ssoProperties.getOpenFlag() && StrUtil.isEmpty(caToken)) { @@ -330,7 +343,7 @@ public class AuthServiceImpl implements AuthServiceApi { SsoServerApi ssoServerApi = SpringUtil.getBean(SsoServerApi.class); SsoLoginCodeRequest ssoLoginCodeRequest = new SsoLoginCodeRequest(); ssoLoginCodeRequest.setAccount(loginRequest.getAccount()); - ssoLoginCodeRequest.setPassword(decryptPassword); + ssoLoginCodeRequest.setPassword(loginRequest.getPassword()); String remoteLoginCode = ssoServerApi.createSsoLoginCode(ssoLoginCodeRequest); return new LoginResponse(remoteLoginCode); }