Skip to content
项目
群组
代码片段
帮助
当前项目
正在载入...
登录 / 注册
切换导航面板
D
dataease
项目
项目
详情
活动
周期分析
仓库
仓库
文件
提交
分支
标签
贡献者
图表
比较
统计图
议题
0
议题
0
列表
看板
标记
里程碑
合并请求
0
合并请求
0
CI / CD
CI / CD
流水线
作业
日程
统计图
Wiki
Wiki
代码片段
代码片段
成员
成员
折叠边栏
关闭边栏
活动
图像
聊天
创建新问题
作业
提交
问题看板
Open sidebar
njgzx
dataease
Commits
3ea7da10
提交
3ea7da10
authored
8月 10, 2021
作者:
fit2cloud-chenyw
浏览文件
操作
浏览文件
下载
电子邮件补丁
差异文件
feat: 使用ak,sk访问api接口以及swagger
上级
91749926
隐藏空白字符变更
内嵌
并排
正在显示
7 个修改的文件
包含
205 行增加
和
14 行删除
+205
-14
F2CRealm.java
backend/src/main/java/io/dataease/auth/config/F2CRealm.java
+46
-8
ASKToken.java
backend/src/main/java/io/dataease/auth/entity/ASKToken.java
+25
-0
JWTFilter.java
backend/src/main/java/io/dataease/auth/filter/JWTFilter.java
+18
-1
ApiKeyHandler.java
...src/main/java/io/dataease/auth/handler/ApiKeyHandler.java
+88
-0
CodingUtil.java
...d/src/main/java/io/dataease/commons/utils/CodingUtil.java
+12
-0
Knife4jConfiguration.java
...rc/main/java/io/dataease/config/Knife4jConfiguration.java
+15
-4
application.properties
backend/src/main/resources/application.properties
+1
-1
没有找到文件。
backend/src/main/java/io/dataease/auth/config/F2CRealm.java
浏览文件 @
3ea7da10
...
@@ -2,18 +2,17 @@ package io.dataease.auth.config;
...
@@ -2,18 +2,17 @@ package io.dataease.auth.config;
import
io.dataease.auth.api.dto.CurrentRoleDto
;
import
io.dataease.auth.api.dto.CurrentRoleDto
;
import
io.dataease.auth.api.dto.CurrentUserDto
;
import
io.dataease.auth.api.dto.CurrentUserDto
;
import
io.dataease.auth.entity.ASKToken
;
import
io.dataease.auth.entity.JWTToken
;
import
io.dataease.auth.entity.JWTToken
;
import
io.dataease.auth.entity.SysUserEntity
;
import
io.dataease.auth.entity.SysUserEntity
;
import
io.dataease.auth.entity.TokenInfo
;
import
io.dataease.auth.entity.TokenInfo
;
import
io.dataease.auth.handler.ApiKeyHandler
;
import
io.dataease.auth.service.AuthUserService
;
import
io.dataease.auth.service.AuthUserService
;
import
io.dataease.auth.util.JWTUtils
;
import
io.dataease.auth.util.JWTUtils
;
import
io.dataease.commons.utils.BeanUtils
;
import
io.dataease.commons.utils.BeanUtils
;
import
io.dataease.commons.utils.LogUtil
;
import
io.dataease.commons.utils.LogUtil
;
import
io.dataease.listener.util.CacheUtils
;
import
io.dataease.listener.util.CacheUtils
;
import
org.apache.shiro.authc.AuthenticationException
;
import
org.apache.shiro.authc.*
;
import
org.apache.shiro.authc.AuthenticationInfo
;
import
org.apache.shiro.authc.AuthenticationToken
;
import
org.apache.shiro.authc.SimpleAuthenticationInfo
;
import
org.apache.shiro.authz.AuthorizationInfo
;
import
org.apache.shiro.authz.AuthorizationInfo
;
import
org.apache.shiro.authz.SimpleAuthorizationInfo
;
import
org.apache.shiro.authz.SimpleAuthorizationInfo
;
import
org.apache.shiro.realm.AuthorizingRealm
;
import
org.apache.shiro.realm.AuthorizingRealm
;
...
@@ -37,7 +36,7 @@ public class F2CRealm extends AuthorizingRealm {
...
@@ -37,7 +36,7 @@ public class F2CRealm extends AuthorizingRealm {
@Override
@Override
public
boolean
supports
(
AuthenticationToken
token
)
{
public
boolean
supports
(
AuthenticationToken
token
)
{
return
token
instanceof
JWTToken
;
return
token
instanceof
JWTToken
||
token
instanceof
ASKToken
;
}
}
//验证资源权限
//验证资源权限
...
@@ -56,12 +55,27 @@ public class F2CRealm extends AuthorizingRealm {
...
@@ -56,12 +55,27 @@ public class F2CRealm extends AuthorizingRealm {
@Override
@Override
protected
AuthenticationInfo
doGetAuthenticationInfo
(
AuthenticationToken
auth
)
throws
AuthenticationException
{
protected
AuthenticationInfo
doGetAuthenticationInfo
(
AuthenticationToken
auth
)
throws
AuthenticationException
{
if
(
auth
instanceof
ASKToken
)
{
Object
accessKey
=
auth
.
getPrincipal
();
Object
signature
=
auth
.
getCredentials
();
Long
userId
=
ApiKeyHandler
.
getUser
(
accessKey
.
toString
(),
signature
.
toString
());
SysUserEntity
userEntity
=
userWithId
(
userId
);
CurrentUserDto
currentUserDto
=
queryCacheUserDto
(
userEntity
);
return
new
SimpleAuthenticationInfo
(
currentUserDto
,
signature
,
"f2cReam"
);
}
try
{
try
{
CacheUtils
.
get
(
"lic_info"
,
"lic"
);
CacheUtils
.
get
(
"lic_info"
,
"lic"
);
}
catch
(
Exception
e
)
{
}
catch
(
Exception
e
)
{
LogUtil
.
error
(
e
);
LogUtil
.
error
(
e
);
throw
new
AuthenticationException
(
"lic error"
);
throw
new
AuthenticationException
(
"lic error"
);
}
}
TokenInfo
tokenInfo
=
null
;
TokenInfo
tokenInfo
=
null
;
String
token
=
null
;
String
token
=
null
;
try
{
try
{
...
@@ -78,13 +92,14 @@ public class F2CRealm extends AuthorizingRealm {
...
@@ -78,13 +92,14 @@ public class F2CRealm extends AuthorizingRealm {
throw
new
AuthenticationException
(
"token invalid"
);
throw
new
AuthenticationException
(
"token invalid"
);
}
}
// 使用缓存
// 使用缓存
SysUserEntity
user
=
authUserService
.
getUserById
(
userId
);
/*
SysUserEntity user = authUserService.getUserById(userId);
if (user == null) {
if (user == null) {
throw new AuthenticationException("User didn't existed!");
throw new AuthenticationException("User didn't existed!");
}
}
if (user.getEnabled()==0) {
if (user.getEnabled()==0) {
throw new AuthenticationException("User is valid!");
throw new AuthenticationException("User is valid!");
}
}*/
SysUserEntity
user
=
userWithId
(
userId
);
String
pass
=
null
;
String
pass
=
null
;
try
{
try
{
pass
=
user
.
getPassword
();
pass
=
user
.
getPassword
();
...
@@ -94,6 +109,29 @@ public class F2CRealm extends AuthorizingRealm {
...
@@ -94,6 +109,29 @@ public class F2CRealm extends AuthorizingRealm {
if
(!
JWTUtils
.
verify
(
token
,
tokenInfo
,
pass
))
{
if
(!
JWTUtils
.
verify
(
token
,
tokenInfo
,
pass
))
{
throw
new
AuthenticationException
(
"Username or password error"
);
throw
new
AuthenticationException
(
"Username or password error"
);
}
}
/*// 使用缓存
List<CurrentRoleDto> currentRoleDtos = authUserService.roleInfos(user.getUserId());
// 使用缓存
List<String> permissions = authUserService.permissions(user.getUserId());
CurrentUserDto currentUserDto = BeanUtils.copyBean(new CurrentUserDto(), user);
currentUserDto.setRoles(currentRoleDtos);
currentUserDto.setPermissions(permissions);*/
CurrentUserDto
currentUserDto
=
queryCacheUserDto
(
user
);
return
new
SimpleAuthenticationInfo
(
currentUserDto
,
token
,
"f2cReam"
);
}
public
SysUserEntity
userWithId
(
Long
userId
)
{
SysUserEntity
user
=
authUserService
.
getUserById
(
userId
);
if
(
user
==
null
)
{
throw
new
AuthenticationException
(
"User didn't existed!"
);
}
if
(
user
.
getEnabled
()==
0
)
{
throw
new
AuthenticationException
(
"User is valid!"
);
}
return
user
;
}
public
CurrentUserDto
queryCacheUserDto
(
SysUserEntity
user
)
{
// 使用缓存
// 使用缓存
List
<
CurrentRoleDto
>
currentRoleDtos
=
authUserService
.
roleInfos
(
user
.
getUserId
());
List
<
CurrentRoleDto
>
currentRoleDtos
=
authUserService
.
roleInfos
(
user
.
getUserId
());
// 使用缓存
// 使用缓存
...
@@ -101,6 +139,6 @@ public class F2CRealm extends AuthorizingRealm {
...
@@ -101,6 +139,6 @@ public class F2CRealm extends AuthorizingRealm {
CurrentUserDto
currentUserDto
=
BeanUtils
.
copyBean
(
new
CurrentUserDto
(),
user
);
CurrentUserDto
currentUserDto
=
BeanUtils
.
copyBean
(
new
CurrentUserDto
(),
user
);
currentUserDto
.
setRoles
(
currentRoleDtos
);
currentUserDto
.
setRoles
(
currentRoleDtos
);
currentUserDto
.
setPermissions
(
permissions
);
currentUserDto
.
setPermissions
(
permissions
);
return
new
SimpleAuthenticationInfo
(
currentUserDto
,
token
,
"f2cReam"
)
;
return
currentUserDto
;
}
}
}
}
backend/src/main/java/io/dataease/auth/entity/ASKToken.java
0 → 100644
浏览文件 @
3ea7da10
package
io
.
dataease
.
auth
.
entity
;
import
org.apache.shiro.authc.AuthenticationToken
;
public
class
ASKToken
implements
AuthenticationToken
{
private
String
accessKey
;
private
String
signature
;
public
ASKToken
(
String
accessKey
,
String
signature
)
{
this
.
accessKey
=
accessKey
;
this
.
signature
=
signature
;
}
@Override
public
Object
getPrincipal
()
{
return
accessKey
;
}
@Override
public
Object
getCredentials
()
{
return
signature
;
}
}
backend/src/main/java/io/dataease/auth/filter/JWTFilter.java
浏览文件 @
3ea7da10
package
io
.
dataease
.
auth
.
filter
;
package
io
.
dataease
.
auth
.
filter
;
import
io.dataease.auth.entity.ASKToken
;
import
io.dataease.auth.entity.JWTToken
;
import
io.dataease.auth.entity.JWTToken
;
import
io.dataease.auth.entity.SysUserEntity
;
import
io.dataease.auth.entity.SysUserEntity
;
import
io.dataease.auth.entity.TokenInfo
;
import
io.dataease.auth.entity.TokenInfo
;
import
io.dataease.auth.handler.ApiKeyHandler
;
import
io.dataease.auth.service.AuthUserService
;
import
io.dataease.auth.service.AuthUserService
;
import
io.dataease.auth.util.JWTUtils
;
import
io.dataease.auth.util.JWTUtils
;
import
io.dataease.commons.utils.CommonBeanFactory
;
import
io.dataease.commons.utils.CommonBeanFactory
;
...
@@ -48,6 +50,18 @@ public class JWTFilter extends BasicHttpAuthenticationFilter {
...
@@ -48,6 +50,18 @@ public class JWTFilter extends BasicHttpAuthenticationFilter {
@Override
@Override
protected
boolean
executeLogin
(
ServletRequest
request
,
ServletResponse
response
)
throws
Exception
{
protected
boolean
executeLogin
(
ServletRequest
request
,
ServletResponse
response
)
throws
Exception
{
HttpServletRequest
httpServletRequest
=
(
HttpServletRequest
)
request
;
HttpServletRequest
httpServletRequest
=
(
HttpServletRequest
)
request
;
if
(
ApiKeyHandler
.
isApiKeyCall
(
httpServletRequest
))
{
// Long userId = ApiKeyHandler.getUser(httpServletRequest);
ASKToken
askToken
=
ApiKeyHandler
.
buildToken
(
httpServletRequest
);
// UsernamePasswordToken usernamePasswordToken = new UsernamePasswordToken(userId.toString(), ApiKeyHandler.random);
getSubject
(
request
,
response
).
login
(
askToken
);
return
true
;
}
String
authorization
=
httpServletRequest
.
getHeader
(
"Authorization"
);
String
authorization
=
httpServletRequest
.
getHeader
(
"Authorization"
);
if
(
StringUtils
.
startsWith
(
authorization
,
"Basic"
))
{
if
(
StringUtils
.
startsWith
(
authorization
,
"Basic"
))
{
return
false
;
return
false
;
...
@@ -72,7 +86,10 @@ public class JWTFilter extends BasicHttpAuthenticationFilter {
...
@@ -72,7 +86,10 @@ public class JWTFilter extends BasicHttpAuthenticationFilter {
*/
*/
@Override
@Override
protected
boolean
isAccessAllowed
(
ServletRequest
request
,
ServletResponse
response
,
Object
mappedValue
)
{
protected
boolean
isAccessAllowed
(
ServletRequest
request
,
ServletResponse
response
,
Object
mappedValue
)
{
if
(
isLoginAttempt
(
request
,
response
))
{
// 先判断是不是api调用
HttpServletRequest
hRequest
=
(
HttpServletRequest
)
request
;
if
(
isLoginAttempt
(
request
,
response
)
||
ApiKeyHandler
.
isApiKeyCall
(
hRequest
))
{
try
{
try
{
boolean
loginSuccess
=
executeLogin
(
request
,
response
);
boolean
loginSuccess
=
executeLogin
(
request
,
response
);
return
loginSuccess
;
return
loginSuccess
;
...
...
backend/src/main/java/io/dataease/auth/handler/ApiKeyHandler.java
0 → 100644
浏览文件 @
3ea7da10
package
io
.
dataease
.
auth
.
handler
;
import
io.dataease.auth.entity.ASKToken
;
import
io.dataease.commons.utils.CodingUtil
;
import
io.dataease.plugins.config.SpringContextUtil
;
import
io.dataease.plugins.xpack.ukey.dto.request.XpackUkeyDto
;
import
io.dataease.plugins.xpack.ukey.service.UkeyXpackService
;
import
org.apache.commons.lang3.StringUtils
;
import
javax.servlet.http.HttpServletRequest
;
import
java.util.UUID
;
public
class
ApiKeyHandler
{
public
static
final
String
API_ACCESS_KEY
=
"accessKey"
;
public
static
final
String
API_SIGNATURE
=
"signature"
;
public
static
String
random
=
UUID
.
randomUUID
().
toString
()
+
UUID
.
randomUUID
().
toString
();
public
static
Long
getUser
(
HttpServletRequest
request
)
{
if
(
request
==
null
)
{
return
null
;
}
return
getUser
(
request
.
getHeader
(
API_ACCESS_KEY
),
request
.
getHeader
(
API_SIGNATURE
));
}
public
static
ASKToken
buildToken
(
HttpServletRequest
request
)
{
if
(
request
==
null
)
{
return
null
;
}
String
accessKey
=
request
.
getHeader
(
API_ACCESS_KEY
);
String
signature
=
request
.
getHeader
(
API_SIGNATURE
);
ASKToken
askToken
=
new
ASKToken
(
accessKey
,
signature
);
return
askToken
;
}
public
static
Boolean
isApiKeyCall
(
HttpServletRequest
request
)
{
if
(
request
==
null
)
{
return
false
;
}
if
(
StringUtils
.
isBlank
(
request
.
getHeader
(
API_ACCESS_KEY
))
||
StringUtils
.
isBlank
(
request
.
getHeader
(
API_SIGNATURE
)))
{
return
false
;
}
return
true
;
}
public
static
XpackUkeyDto
ukey
(
String
accessKey
)
{
UkeyXpackService
ukeyXpackService
=
SpringContextUtil
.
getBean
(
UkeyXpackService
.
class
);
XpackUkeyDto
userKey
=
ukeyXpackService
.
getUserKey
(
accessKey
);
return
userKey
;
}
public
static
Long
getUser
(
String
accessKey
,
String
signature
)
{
if
(
StringUtils
.
isBlank
(
accessKey
)
||
StringUtils
.
isBlank
(
signature
))
{
return
null
;
}
XpackUkeyDto
userKey
=
ukey
(
accessKey
);
if
(
userKey
==
null
)
{
throw
new
RuntimeException
(
"invalid accessKey"
);
}
String
signatureDecrypt
;
try
{
signatureDecrypt
=
CodingUtil
.
aesDecrypt
(
signature
,
userKey
.
getSecretKey
(),
accessKey
);
}
catch
(
Throwable
t
)
{
throw
new
RuntimeException
(
"invalid signature"
);
}
String
[]
signatureArray
=
StringUtils
.
split
(
StringUtils
.
trimToNull
(
signatureDecrypt
),
"|"
);
if
(
signatureArray
.
length
<
2
)
{
throw
new
RuntimeException
(
"invalid signature"
);
}
if
(!
StringUtils
.
equals
(
accessKey
,
signatureArray
[
0
]))
{
throw
new
RuntimeException
(
"invalid signature"
);
}
long
signatureTime
=
0
l
;
try
{
signatureTime
=
Long
.
valueOf
(
signatureArray
[
signatureArray
.
length
-
1
]).
longValue
();
}
catch
(
Exception
e
)
{
throw
new
RuntimeException
(
e
);
}
if
(
Math
.
abs
(
System
.
currentTimeMillis
()
-
signatureTime
)
>
1800000
)
{
//签名30分钟超时
throw
new
RuntimeException
(
"expired signature"
);
}
return
userKey
.
getUserId
();
}
}
backend/src/main/java/io/dataease/commons/utils/CodingUtil.java
浏览文件 @
3ea7da10
...
@@ -7,6 +7,7 @@ import javax.crypto.*;
...
@@ -7,6 +7,7 @@ import javax.crypto.*;
import
javax.crypto.spec.IvParameterSpec
;
import
javax.crypto.spec.IvParameterSpec
;
import
javax.crypto.spec.SecretKeySpec
;
import
javax.crypto.spec.SecretKeySpec
;
import
java.security.MessageDigest
;
import
java.security.MessageDigest
;
import
java.util.UUID
;
/**
/**
* 加密解密工具
* 加密解密工具
...
@@ -153,6 +154,17 @@ public class CodingUtil {
...
@@ -153,6 +154,17 @@ public class CodingUtil {
}
}
}
}
/*public static String getSignature(String accessKey, String secretKey) throws Exception {
return aesEncrypt(accessKey + "|" + UUID.randomUUID().toString() + "|" + System.currentTimeMillis(), secretKey, accessKey);
}
public static void main(String[] args) throws Exception{
String accessKey = "gnPFmtAsdLhUEWPA";
String secretKey = "TfK5FGUle0KRfJJJ";
String signature = getSignature(accessKey, secretKey);
System.out.println(signature);
}*/
public
static
String
secretKey
()
{
public
static
String
secretKey
()
{
try
{
try
{
KeyGenerator
keyGen
=
KeyGenerator
.
getInstance
(
"AES"
);
KeyGenerator
keyGen
=
KeyGenerator
.
getInstance
(
"AES"
);
...
...
backend/src/main/java/io/dataease/config/Knife4jConfiguration.java
浏览文件 @
3ea7da10
...
@@ -77,7 +77,9 @@ public class Knife4jConfiguration {
...
@@ -77,7 +77,9 @@ public class Knife4jConfiguration {
private
Docket
defaultApi
(
String
groupName
,
String
packageName
)
{
private
Docket
defaultApi
(
String
groupName
,
String
packageName
)
{
List
<
SecurityScheme
>
securitySchemes
=
new
ArrayList
<>();
List
<
SecurityScheme
>
securitySchemes
=
new
ArrayList
<>();
securitySchemes
.
add
(
apiKey
());
securitySchemes
.
add
(
accessKey
());
securitySchemes
.
add
(
signature
());
List
<
SecurityContext
>
securityContexts
=
new
ArrayList
<>();
List
<
SecurityContext
>
securityContexts
=
new
ArrayList
<>();
securityContexts
.
add
(
securityContext
());
securityContexts
.
add
(
securityContext
());
...
@@ -100,8 +102,12 @@ public class Knife4jConfiguration {
...
@@ -100,8 +102,12 @@ public class Knife4jConfiguration {
.
build
();
.
build
();
}
}
private
ApiKey
apiKey
()
{
private
ApiKey
accessKey
()
{
return
new
ApiKey
(
"Authorization"
,
"Authorization"
,
"header"
);
return
new
ApiKey
(
"accessKey"
,
"accessKey"
,
"header"
);
}
private
ApiKey
signature
()
{
return
new
ApiKey
(
"signature"
,
"signature"
,
"header"
);
}
}
...
@@ -109,7 +115,12 @@ public class Knife4jConfiguration {
...
@@ -109,7 +115,12 @@ public class Knife4jConfiguration {
AuthorizationScope
authorizationScope
=
new
AuthorizationScope
(
"global"
,
"accessEverything"
);
AuthorizationScope
authorizationScope
=
new
AuthorizationScope
(
"global"
,
"accessEverything"
);
AuthorizationScope
[]
authorizationScopes
=
new
AuthorizationScope
[
1
];
AuthorizationScope
[]
authorizationScopes
=
new
AuthorizationScope
[
1
];
authorizationScopes
[
0
]
=
authorizationScope
;
authorizationScopes
[
0
]
=
authorizationScope
;
return
CollectionUtil
.
newArrayList
(
new
SecurityReference
(
"Authorization"
,
authorizationScopes
));
List
<
SecurityReference
>
results
=
new
ArrayList
<>();
results
.
add
(
new
SecurityReference
(
"accessKey"
,
authorizationScopes
));
results
.
add
(
new
SecurityReference
(
"signature"
,
authorizationScopes
));
return
results
;
}
}
}
}
backend/src/main/resources/application.properties
浏览文件 @
3ea7da10
...
@@ -28,7 +28,7 @@ knife4j.enable=true
...
@@ -28,7 +28,7 @@ knife4j.enable=true
knife4j.setting.enableFooter
=
false
knife4j.setting.enableFooter
=
false
knife4j.setting.enableFooterCustom
=
false
knife4j.setting.enableFooterCustom
=
false
knife4j.setting.footerCustomContent
=
fit2cloud 1.0-b9
knife4j.setting.footerCustomContent
=
fit2cloud 1.0-b9
knife4j.setting.enableSwaggerModels
=
false
#
knife4j.setting.enableSwaggerModels=false
knife4j.setting.enableDocumentManage
=
false
knife4j.setting.enableDocumentManage
=
false
knife4j.setting.enableSearch
=
false
knife4j.setting.enableSearch
=
false
knife4j.setting.enableOpenApi
=
false
knife4j.setting.enableOpenApi
=
false
...
...
编写
预览
Markdown
格式
0%
重试
或
添加新文件
添加附件
取消
您添加了
0
人
到此讨论。请谨慎行事。
请先完成此评论的编辑!
取消
请
注册
或者
登录
后发表评论