Commit 33398807cd8d264a089ce5f70559108aee14dbd3
1 parent
81cf11ad
API TOKEN/系统激活码跟随 artifactId
Signed-off-by: TanYibin <5491541@qq.com>
Showing
14 changed files
with
264 additions
and
116 deletions
huaheng-wms-core/pom.xml
| ... | ... | @@ -9,7 +9,7 @@ |
| 9 | 9 | <version>4.0.1</version> |
| 10 | 10 | </parent> |
| 11 | 11 | |
| 12 | - <artifactId>huaheng-wms-core</artifactId> | |
| 12 | + <artifactId>HUAHENG-WMS4</artifactId> | |
| 13 | 13 | <packaging>jar</packaging> |
| 14 | 14 | |
| 15 | 15 | <properties> |
| ... | ... | @@ -117,7 +117,11 @@ |
| 117 | 117 | <artifactId>swagger-bootstrap-ui</artifactId> |
| 118 | 118 | <version>1.8.7</version> |
| 119 | 119 | </dependency> |
| 120 | - | |
| 120 | + <dependency> | |
| 121 | + <groupId>org.springframework.boot</groupId> | |
| 122 | + <artifactId>spring-boot-configuration-processor</artifactId> | |
| 123 | + <optional>true</optional> | |
| 124 | + </dependency> | |
| 121 | 125 | </dependencies> |
| 122 | 126 | |
| 123 | 127 | <build> |
| ... | ... | @@ -218,8 +222,6 @@ |
| 218 | 222 | <directory>src/main/java</directory> |
| 219 | 223 | <includes> |
| 220 | 224 | <include>**/*.xml</include> |
| 221 | - <include>**/*.json</include> | |
| 222 | - <include>**/*.ftl</include> | |
| 223 | 225 | </includes> |
| 224 | 226 | </resource> |
| 225 | 227 | </resources> |
| ... | ... |
huaheng-wms-core/src/main/java/org/jeecg/modules/system/controller/LoginController.java
| ... | ... | @@ -46,6 +46,7 @@ import org.jeecg.modules.system.util.RandImageUtil; |
| 46 | 46 | import org.jeecg.utils.HuahengJwtUtil; |
| 47 | 47 | import org.jeecg.utils.HuahengRedisUtil; |
| 48 | 48 | import org.jeecg.utils.StringUtils; |
| 49 | +import org.jeecg.utils.config.ApplicationConfig; | |
| 49 | 50 | import org.jeecg.utils.support.SystemRSA256Key; |
| 50 | 51 | import org.springframework.beans.BeanUtils; |
| 51 | 52 | import org.springframework.beans.factory.annotation.Autowired; |
| ... | ... | @@ -118,6 +119,9 @@ public class LoginController { |
| 118 | 119 | |
| 119 | 120 | @Autowired |
| 120 | 121 | private HuahengRedisUtil huahengRedisUtil; |
| 122 | + | |
| 123 | + @Autowired | |
| 124 | + private ApplicationConfig applicationConfig; | |
| 121 | 125 | |
| 122 | 126 | @ApiOperation("登录接口") |
| 123 | 127 | @RequestMapping(value = "/login", method = RequestMethod.POST) |
| ... | ... | @@ -198,7 +202,7 @@ public class LoginController { |
| 198 | 202 | try { |
| 199 | 203 | Algorithm algorithm = Algorithm.RSA256(new SystemRSA256Key().getPublicKey(), new SystemRSA256Key().getPrivateKey()); |
| 200 | 204 | JWTVerifier verifier = |
| 201 | - JWT.require(algorithm).withClaim("operator", HuahengJwtUtil.HUAHENG_SYSTEM_ID).withIssuer(HuahengJwtUtil.HUAHENG_SYSTEM_ID).build(); | |
| 205 | + JWT.require(algorithm).withClaim("operator", applicationConfig.getArtifactId()).withIssuer(applicationConfig.getArtifactId()).build(); | |
| 202 | 206 | DecodedJWT jwt = verifier.verify(systemActivationModel.getActivationCode()); |
| 203 | 207 | // 验证通过写入文件 |
| 204 | 208 | File file = new File(System.getProperties().getProperty("user.dir") + File.separatorChar + HuahengJwtUtil.SYSTEM_ACTIVATION_CODE_FILE_NAME); |
| ... | ... | @@ -251,7 +255,7 @@ public class LoginController { |
| 251 | 255 | // 验证激活码 |
| 252 | 256 | Algorithm algorithm = Algorithm.RSA256(new SystemRSA256Key().getPublicKey(), new SystemRSA256Key().getPrivateKey()); |
| 253 | 257 | JWTVerifier verifier = |
| 254 | - JWT.require(algorithm).withClaim("operator", HuahengJwtUtil.HUAHENG_SYSTEM_ID).withIssuer(HuahengJwtUtil.HUAHENG_SYSTEM_ID).build(); | |
| 258 | + JWT.require(algorithm).withClaim("operator", applicationConfig.getArtifactId()).withIssuer(applicationConfig.getArtifactId()).build(); | |
| 255 | 259 | DecodedJWT jwt = verifier.verify(activationCode); |
| 256 | 260 | // 如果redis中不存在激活码或与激活码不一致 则写入redis |
| 257 | 261 | if (StringUtils.isEmpty(redisActivationCode) || !redisActivationCode.equals(activationCode)) { |
| ... | ... |
huaheng-wms-core/src/main/java/org/jeecg/modules/wms/api/system/controller/WmsController.java
0 → 100644
| 1 | +package org.jeecg.modules.wms.api.system.controller; | |
| 2 | + | |
| 3 | +import java.util.Arrays; | |
| 4 | + | |
| 5 | +import javax.servlet.http.HttpServletRequest; | |
| 6 | + | |
| 7 | +import org.jeecg.common.api.vo.Result; | |
| 8 | +import org.jeecg.modules.wms.api.system.entity.ApiTokenDto; | |
| 9 | +import org.jeecg.modules.wms.api.system.entity.SystemAuthenticationDto; | |
| 10 | +import org.jeecg.modules.wms.framework.controller.HuahengBaseController; | |
| 11 | +import org.jeecg.utils.HuahengJwtUtil; | |
| 12 | +import org.jeecg.utils.config.ApplicationConfig; | |
| 13 | +import org.jeecg.utils.support.ApiAuthentication; | |
| 14 | +import org.jeecg.utils.support.ApiLogger; | |
| 15 | +import org.jeecg.utils.support.RSA256Key; | |
| 16 | +import org.jeecg.utils.support.SystemAuthentication; | |
| 17 | +import org.jeecg.utils.support.SystemRSA256Key; | |
| 18 | +import org.springframework.beans.factory.annotation.Autowired; | |
| 19 | +import org.springframework.validation.annotation.Validated; | |
| 20 | +import org.springframework.web.bind.annotation.PostMapping; | |
| 21 | +import org.springframework.web.bind.annotation.RequestBody; | |
| 22 | +import org.springframework.web.bind.annotation.RequestMapping; | |
| 23 | +import org.springframework.web.bind.annotation.ResponseBody; | |
| 24 | +import org.springframework.web.bind.annotation.RestController; | |
| 25 | + | |
| 26 | +import com.auth0.jwt.JWT; | |
| 27 | +import com.auth0.jwt.JWTVerifier; | |
| 28 | +import com.auth0.jwt.algorithms.Algorithm; | |
| 29 | +import com.auth0.jwt.interfaces.DecodedJWT; | |
| 30 | + | |
| 31 | +import cn.hutool.core.date.DatePattern; | |
| 32 | +import cn.hutool.core.date.DateUtil; | |
| 33 | +import io.swagger.annotations.Api; | |
| 34 | +import lombok.extern.slf4j.Slf4j; | |
| 35 | + | |
| 36 | +@Slf4j | |
| 37 | +@RestController | |
| 38 | +@Api(tags = "WMS接口") | |
| 39 | +@RequestMapping("/api/system") | |
| 40 | +public class WmsController extends HuahengBaseController { | |
| 41 | + | |
| 42 | + @Autowired | |
| 43 | + private ApplicationConfig applicationConfig; | |
| 44 | + | |
| 45 | + @ResponseBody | |
| 46 | + @PostMapping("/generateApiToken") | |
| 47 | + @ApiLogger(apiName = "生成系统TOKEN", from = "WMS") | |
| 48 | + public Result generateApiToken(@RequestBody @Validated ApiTokenDto apiTokenDto, HttpServletRequest request) { | |
| 49 | + Result<String> result = new Result<String>(); | |
| 50 | + // 生成API TOKEN | |
| 51 | + ApiAuthentication apiAuthentication = new ApiAuthentication(); | |
| 52 | + // 生成TOKEN必填参数 | |
| 53 | + apiAuthentication.setOperator(apiTokenDto.getOperator()); // Token提供方 | |
| 54 | + apiAuthentication.setAudience(apiTokenDto.getAudience()); // Token使用方 | |
| 55 | + apiAuthentication.setIssuer(applicationConfig.getArtifactId()); // Token签发方 | |
| 56 | + apiAuthentication.setExpireDateTime(DateUtil.parse(apiTokenDto.getExpirationTime(), DatePattern.NORM_DATETIME_PATTERN)); // Token失效时间 | |
| 57 | + | |
| 58 | + String tokenString = HuahengJwtUtil.sign(apiAuthentication); | |
| 59 | + result.setResult(tokenString); | |
| 60 | + Algorithm algorithm = Algorithm.RSA256(new RSA256Key().getPublicKey(), new RSA256Key().getPrivateKey()); | |
| 61 | + // Reusable verifier instance 可复用的验证实例 | |
| 62 | + JWTVerifier verifier = JWT.require(algorithm).withIssuer().build(); | |
| 63 | + DecodedJWT jwt = verifier.verify(tokenString); | |
| 64 | + log.info("-------------------------------------API TOKEN-------------------------------------"); | |
| 65 | + log.info("API Token:" + tokenString); | |
| 66 | + log.info("jwt.getId():" + jwt.getId()); | |
| 67 | + log.info("jwt.getClaim(operator):" + jwt.getClaim("operator").asString()); | |
| 68 | + log.info("jwt.getIssuer():" + jwt.getIssuer()); | |
| 69 | + log.info("jwt.getAudience():" + Arrays.toString(jwt.getAudience().toArray())); | |
| 70 | + log.info("jwt.getIssuedAt():" + DateUtil.format(jwt.getIssuedAt(), DatePattern.NORM_DATETIME_PATTERN)); | |
| 71 | + log.info("jwt.getExpiresAt():" + DateUtil.format(jwt.getExpiresAt(), DatePattern.NORM_DATETIME_PATTERN)); | |
| 72 | + log.info("-------------------------------------API TOKEN-------------------------------------"); | |
| 73 | + return result; | |
| 74 | + } | |
| 75 | + | |
| 76 | + @ResponseBody | |
| 77 | + @PostMapping("/generateSystemAuthentication") | |
| 78 | + @ApiLogger(apiName = "生成系统激活码", from = "WMS") | |
| 79 | + public Result generateSystemAuthentication(@RequestBody @Validated SystemAuthenticationDto systemAuthenticationDto, HttpServletRequest request) { | |
| 80 | + Result<String> result = new Result<String>(); | |
| 81 | + // 生成系统激活码TOKEN | |
| 82 | + SystemAuthentication systemAuthentication = new SystemAuthentication(); | |
| 83 | + // 生成TOKEN必填参数 | |
| 84 | + systemAuthentication.setAudience(systemAuthenticationDto.getAudience()); // 激活码使用方 | |
| 85 | + systemAuthentication.setIssuer(applicationConfig.getArtifactId()); // 激活码签发方 | |
| 86 | + systemAuthentication.setOperator(applicationConfig.getArtifactId()); // 激活码提供方 | |
| 87 | + systemAuthentication.setExpireDateTime(DateUtil.parse(systemAuthenticationDto.getExpirationTime(), DatePattern.NORM_DATETIME_PATTERN)); // Token失效时间 | |
| 88 | + | |
| 89 | + String systemAuthenticationCode = HuahengJwtUtil.sign(systemAuthentication); | |
| 90 | + result.setResult(systemAuthenticationCode); | |
| 91 | + log.info("-------------------------------------系统激活码-------------------------------------"); | |
| 92 | + log.info("System Authentication Code:" + systemAuthenticationCode); | |
| 93 | + | |
| 94 | + Algorithm systemAlgorithm = Algorithm.RSA256(new SystemRSA256Key().getPublicKey(), new SystemRSA256Key().getPrivateKey()); | |
| 95 | + // Reusable verifier instance 可复用的验证实例 | |
| 96 | + JWTVerifier systemVerifier = JWT.require(systemAlgorithm).withIssuer().build(); | |
| 97 | + DecodedJWT systemJwt = systemVerifier.verify(systemAuthenticationCode); | |
| 98 | + log.info("systemJwt.getId():" + systemJwt.getId()); | |
| 99 | + log.info("systemJwt.getClaim(operator):" + systemJwt.getClaim("operator").asString()); | |
| 100 | + log.info("systemJwt.getIssuer():" + systemJwt.getIssuer()); | |
| 101 | + log.info("systemJwt.getAudience():" + Arrays.toString(systemJwt.getAudience().toArray())); | |
| 102 | + log.info("systemJwt.getIssuedAt():" + DateUtil.format(systemJwt.getIssuedAt(), DatePattern.NORM_DATETIME_PATTERN)); | |
| 103 | + log.info("systemJwt.getExpiresAt():" + DateUtil.format(systemJwt.getExpiresAt(), DatePattern.NORM_DATETIME_PATTERN)); | |
| 104 | + log.info("-------------------------------------系统激活码-------------------------------------"); | |
| 105 | + return result; | |
| 106 | + } | |
| 107 | + | |
| 108 | +} | |
| ... | ... |
huaheng-wms-core/src/main/java/org/jeecg/modules/wms/api/system/entity/ApiTokenDto.java
0 → 100644
| 1 | +package org.jeecg.modules.wms.api.system.entity; | |
| 2 | + | |
| 3 | +import javax.validation.constraints.NotNull; | |
| 4 | +import javax.validation.constraints.Pattern; | |
| 5 | + | |
| 6 | +import lombok.Data; | |
| 7 | + | |
| 8 | +@Data | |
| 9 | +public class ApiTokenDto { | |
| 10 | + | |
| 11 | + /** TOKEN提供方 */ | |
| 12 | + @NotNull(message = "operator is empty") | |
| 13 | + private String operator; | |
| 14 | + | |
| 15 | + /** TOKEN使用方 */ | |
| 16 | + @NotNull(message = "audience is empty") | |
| 17 | + private String audience; | |
| 18 | + | |
| 19 | + /** 过期时间 yyyy-MM-dd HH:mm:ss */ | |
| 20 | + @NotNull(message = "expirationTime is empty") | |
| 21 | + @Pattern(message = "expirationTime format: yyyy-MM-dd HH:mm:ss", | |
| 22 | + regexp = "^((([0-9]{3}[1-9]|[0-9]{2}[1-9][0-9]{1}|[0-9]{1}[1-9][0-9]{2}|[1-9][0-9]{3})-(((0[13578]|1[02])-(0[1-9]|[12][0-9]|3[01]))|" | |
| 23 | + + "((0[469]|11)-(0[1-9]|[12][0-9]|30))|(02-(0[1-9]|[1][0-9]|2[0-8]))))|((([0-9]{2})(0[48]|[2468][048]|[13579][26])|((0[48]|[2468][048]|" | |
| 24 | + + "[3579][26])00))-02-29))\\s+([0-1]?[0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9])$") | |
| 25 | + private String expirationTime; | |
| 26 | +} | |
| ... | ... |
huaheng-wms-core/src/main/java/org/jeecg/modules/wms/api/system/entity/SystemAuthenticationDto.java
0 → 100644
| 1 | +package org.jeecg.modules.wms.api.system.entity; | |
| 2 | + | |
| 3 | +import javax.validation.constraints.NotNull; | |
| 4 | +import javax.validation.constraints.Pattern; | |
| 5 | + | |
| 6 | +import lombok.Data; | |
| 7 | + | |
| 8 | +@Data | |
| 9 | +public class SystemAuthenticationDto { | |
| 10 | + | |
| 11 | + /** 激活码使用方 */ | |
| 12 | + @NotNull(message = "audience is empty") | |
| 13 | + private String audience; | |
| 14 | + | |
| 15 | + /** 过期时间 yyyy-MM-dd HH:mm:ss */ | |
| 16 | + @NotNull(message = "expirationTime is empty") | |
| 17 | + @Pattern(message = "expirationTime format: yyyy-MM-dd HH:mm:ss", | |
| 18 | + regexp = "^((([0-9]{3}[1-9]|[0-9]{2}[1-9][0-9]{1}|[0-9]{1}[1-9][0-9]{2}|[1-9][0-9]{3})-(((0[13578]|1[02])-(0[1-9]|[12][0-9]|3[01]))|" | |
| 19 | + + "((0[469]|11)-(0[1-9]|[12][0-9]|30))|(02-(0[1-9]|[1][0-9]|2[0-8]))))|((([0-9]{2})(0[48]|[2468][048]|[13579][26])|((0[48]|[2468][048]|" | |
| 20 | + + "[3579][26])00))-02-29))\\s+([0-1]?[0-9]|2[0-3]):([0-5][0-9]):([0-5][0-9])$") | |
| 21 | + private String expirationTime; | |
| 22 | +} | |
| ... | ... |
huaheng-wms-core/src/main/java/org/jeecg/modules/wms/framework/controller/TestController.java
| ... | ... | @@ -11,6 +11,7 @@ import org.jeecg.common.api.vo.Result; |
| 11 | 11 | import org.jeecg.modules.system.service.ISysDataLogService; |
| 12 | 12 | import org.jeecg.modules.wms.receipt.receiptContainerHeader.entity.ReceiptContainerDetail; |
| 13 | 13 | import org.jeecg.utils.HuahengRedisUtil; |
| 14 | +import org.jeecg.utils.config.ApplicationConfig; | |
| 14 | 15 | import org.springframework.beans.factory.annotation.Autowired; |
| 15 | 16 | import org.springframework.web.bind.annotation.PostMapping; |
| 16 | 17 | import org.springframework.web.bind.annotation.RequestBody; |
| ... | ... | @@ -20,7 +21,6 @@ import org.springframework.web.bind.annotation.RestController; |
| 20 | 21 | |
| 21 | 22 | import com.alibaba.fastjson.JSON; |
| 22 | 23 | |
| 23 | -import cn.monitor4all.logRecord.annotation.OperationLog; | |
| 24 | 24 | import cn.monitor4all.logRecord.context.LogRecordContext; |
| 25 | 25 | import lombok.extern.slf4j.Slf4j; |
| 26 | 26 | |
| ... | ... | @@ -39,6 +39,10 @@ public class TestController extends HuahengBaseController { |
| 39 | 39 | |
| 40 | 40 | @Autowired |
| 41 | 41 | private ISysDataLogService sysDataLogService; |
| 42 | + | |
| 43 | + @Autowired | |
| 44 | + private ApplicationConfig applicationConfig; | |
| 45 | + | |
| 42 | 46 | |
| 43 | 47 | // @ApiLogger(apiName = "API接口第三方Token校验测试", from = "TEST") |
| 44 | 48 | // @ResponseBody |
| ... | ... | @@ -52,10 +56,9 @@ public class TestController extends HuahengBaseController { |
| 52 | 56 | // @AutoLog(value = "TestController-testRedis") |
| 53 | 57 | @ResponseBody |
| 54 | 58 | @PostMapping(value = "/testRedis") |
| 55 | - @OperationLog(bizId = "''", bizType = "'入库单追踪'", tag = "'详情分配库位'", extra = "#extraJsonString", msg = "'库位编码:' + #locationCode", | |
| 56 | - condition = "#receiptContainerDetailList.size() > 0", recordReturnValue = true) | |
| 57 | 59 | public Result<?> testRedis(@RequestBody Map<String, String> paramMap, HttpServletRequest request) throws InterruptedException { |
| 58 | 60 | Result result = new Result<>(); |
| 61 | + System.out.println(applicationConfig.getArtifactId()); | |
| 59 | 62 | List<ReceiptContainerDetail> receiptContainerDetailList = new ArrayList<>(); |
| 60 | 63 | ReceiptContainerDetail receiptContainerDetail = new ReceiptContainerDetail(); |
| 61 | 64 | receiptContainerDetail.setReceiptCode("SDH10101"); |
| ... | ... |
huaheng-wms-core/src/main/java/org/jeecg/utils/HuahengJwtUtil.java
| 1 | 1 | package org.jeecg.utils; |
| 2 | 2 | |
| 3 | 3 | import java.lang.reflect.Field; |
| 4 | -import java.util.Arrays; | |
| 5 | 4 | import java.util.Date; |
| 6 | 5 | import java.util.List; |
| 7 | 6 | import java.util.UUID; |
| ... | ... | @@ -20,25 +19,21 @@ import org.springframework.stereotype.Component; |
| 20 | 19 | import org.springframework.util.CollectionUtils; |
| 21 | 20 | |
| 22 | 21 | import com.auth0.jwt.JWT; |
| 23 | -import com.auth0.jwt.JWTVerifier; | |
| 24 | 22 | import com.auth0.jwt.algorithms.Algorithm; |
| 25 | 23 | import com.auth0.jwt.exceptions.JWTDecodeException; |
| 26 | 24 | import com.auth0.jwt.interfaces.DecodedJWT; |
| 27 | 25 | import com.baomidou.mybatisplus.core.conditions.query.LambdaQueryWrapper; |
| 28 | 26 | import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper; |
| 29 | 27 | |
| 30 | -import cn.hutool.core.date.DatePattern; | |
| 31 | 28 | import cn.hutool.core.date.DateUtil; |
| 32 | 29 | import cn.hutool.core.util.ReflectUtil; |
| 33 | 30 | |
| 34 | 31 | @Component |
| 35 | 32 | public class HuahengJwtUtil { |
| 36 | - | |
| 33 | + | |
| 37 | 34 | /** token失效时间 1天 */ |
| 38 | 35 | public static final long EXPIRE_TIME = 12 * 60 * 60 * 1000; |
| 39 | 36 | |
| 40 | - public static final String HUAHENG_SYSTEM_ID = "HUAHENG-WMS4"; | |
| 41 | - | |
| 42 | 37 | /** 仓库视察员角色 */ |
| 43 | 38 | public static final String USER_ROLE_INSPECTOR = "inspector"; |
| 44 | 39 | |
| ... | ... | @@ -52,6 +47,8 @@ public class HuahengJwtUtil { |
| 52 | 47 | |
| 53 | 48 | public static final String SYSTEM_ACTIVATION_CODE_KEY = "ActivationCode"; |
| 54 | 49 | |
| 50 | + public static final String UNKNOWN_USER = "unknown"; | |
| 51 | + | |
| 55 | 52 | /** |
| 56 | 53 | * 根据request中的token获取用户账号 |
| 57 | 54 | * @param request |
| ... | ... | @@ -225,14 +222,6 @@ public class HuahengJwtUtil { |
| 225 | 222 | .withJWTId(UUID.randomUUID().toString()).sign(algorithm); |
| 226 | 223 | } |
| 227 | 224 | |
| 228 | - public static String getAudienceByToken(String token) { | |
| 229 | - RSA256Key rsa256Key = new RSA256Key(); // 获取公钥/私钥 | |
| 230 | - Algorithm algorithm = Algorithm.RSA256(rsa256Key.getPublicKey(), rsa256Key.getPrivateKey()); | |
| 231 | - JWTVerifier verifier = JWT.require(algorithm).withIssuer(HuahengJwtUtil.HUAHENG_SYSTEM_ID).build(); | |
| 232 | - DecodedJWT jwt = verifier.verify(token); | |
| 233 | - return Arrays.toString(jwt.getAudience().toArray()); | |
| 234 | - } | |
| 235 | - | |
| 236 | 225 | /** |
| 237 | 226 | * 获取当前操作人 |
| 238 | 227 | * @author TanYibin |
| ... | ... | @@ -244,7 +233,10 @@ public class HuahengJwtUtil { |
| 244 | 233 | if (loginUser != null) { |
| 245 | 234 | return loginUser.getRealname(); |
| 246 | 235 | } |
| 247 | - return ApiAuthentication.getInstance().getAudience(); | |
| 236 | + if (ApiAuthentication.getInstance() != null) { | |
| 237 | + return ApiAuthentication.getInstance().getAudience(); | |
| 238 | + } | |
| 239 | + return UNKNOWN_USER; | |
| 248 | 240 | } |
| 249 | 241 | |
| 250 | 242 | /** |
| ... | ... | @@ -259,60 +251,4 @@ public class HuahengJwtUtil { |
| 259 | 251 | return null; |
| 260 | 252 | } |
| 261 | 253 | } |
| 262 | - | |
| 263 | - /** | |
| 264 | - * 生成第三方系统HTTP访问TOKEN | |
| 265 | - * @author TanYibin | |
| 266 | - * @createDate 2023年2月14日 | |
| 267 | - * @param args | |
| 268 | - * @throws Exception | |
| 269 | - */ | |
| 270 | - public static void main(String[] args) throws Exception { | |
| 271 | - | |
| 272 | - System.out.println("-------------------------------------API TOKEN-------------------------------------"); | |
| 273 | - // 生成API TOKEN | |
| 274 | - ApiAuthentication apiAuthentication = new ApiAuthentication(); | |
| 275 | - // 生成TOKEN必填参数 | |
| 276 | - apiAuthentication.setOperator("youjie"); // Token提供方 | |
| 277 | - apiAuthentication.setAudience("pda"); // Token使用方 | |
| 278 | - apiAuthentication.setExpireDateTime(DateUtil.parse("2099-12-31 23:59:59", DatePattern.NORM_DATETIME_PATTERN)); // Token失效时间 | |
| 279 | - | |
| 280 | - String tokenString = sign(apiAuthentication); | |
| 281 | - System.out.println("API Token:\r\n" + tokenString); | |
| 282 | - | |
| 283 | - Algorithm algorithm = Algorithm.RSA256(new RSA256Key().getPublicKey(), new RSA256Key().getPrivateKey()); | |
| 284 | - // Reusable verifier instance 可复用的验证实例 | |
| 285 | - JWTVerifier verifier = JWT.require(algorithm).withIssuer(HuahengJwtUtil.HUAHENG_SYSTEM_ID).build(); | |
| 286 | - DecodedJWT jwt = verifier.verify(tokenString); | |
| 287 | - System.out.println(); | |
| 288 | - System.out.println("jwt.getId():" + jwt.getId()); | |
| 289 | - System.out.println("jwt.getClaim(operator):" + jwt.getClaim("operator").asString()); | |
| 290 | - System.out.println("jwt.getIssuer():" + jwt.getIssuer()); | |
| 291 | - System.out.println("jwt.getAudience():" + Arrays.toString(jwt.getAudience().toArray())); | |
| 292 | - System.out.println("jwt.getIssuedAt():" + DateUtil.format(jwt.getIssuedAt(), DatePattern.NORM_DATETIME_PATTERN)); | |
| 293 | - System.out.println("jwt.getExpiresAt():" + DateUtil.format(jwt.getExpiresAt(), DatePattern.NORM_DATETIME_PATTERN)); | |
| 294 | - | |
| 295 | - System.out.println("-------------------------------------系统激活码-------------------------------------"); | |
| 296 | - // 生成系统激活码TOKEN | |
| 297 | - SystemAuthentication systemAuthentication = new SystemAuthentication(); | |
| 298 | - // 生成TOKEN必填参数 | |
| 299 | - systemAuthentication.setAudience("湘潭崇德"); // Token使用方 | |
| 300 | - systemAuthentication.setExpireDateTime(DateUtil.parse("2099-12-31 23:59:59", DatePattern.NORM_DATETIME_PATTERN)); // Token失效时间 | |
| 301 | - | |
| 302 | - String systemTokenString = sign(systemAuthentication); | |
| 303 | - System.out.println("System Token:\r\n" + systemTokenString); | |
| 304 | - | |
| 305 | - Algorithm systemAlgorithm = Algorithm.RSA256(new SystemRSA256Key().getPublicKey(), new SystemRSA256Key().getPrivateKey()); | |
| 306 | - // Reusable verifier instance 可复用的验证实例 | |
| 307 | - JWTVerifier systemVerifier = JWT.require(systemAlgorithm).withIssuer(HuahengJwtUtil.HUAHENG_SYSTEM_ID).build(); | |
| 308 | - DecodedJWT systemJwt = systemVerifier.verify(systemTokenString); | |
| 309 | - System.out.println(); | |
| 310 | - System.out.println("systemJwt.getId():" + systemJwt.getId()); | |
| 311 | - System.out.println("systemJwt.getClaim(operator):" + systemJwt.getClaim("operator").asString()); | |
| 312 | - System.out.println("systemJwt.getIssuer():" + systemJwt.getIssuer()); | |
| 313 | - System.out.println("systemJwt.getAudience():" + Arrays.toString(systemJwt.getAudience().toArray())); | |
| 314 | - System.out.println("systemJwt.getIssuedAt():" + DateUtil.format(systemJwt.getIssuedAt(), DatePattern.NORM_DATETIME_PATTERN)); | |
| 315 | - System.out.println("systemJwt.getExpiresAt():" + DateUtil.format(systemJwt.getExpiresAt(), DatePattern.NORM_DATETIME_PATTERN)); | |
| 316 | - | |
| 317 | - } | |
| 318 | 254 | } |
| ... | ... |
huaheng-wms-core/src/main/java/org/jeecg/utils/aspect/ApiAuthenticationAspect.java
| ... | ... | @@ -9,8 +9,7 @@ import org.aspectj.lang.annotation.Aspect; |
| 9 | 9 | import org.aspectj.lang.annotation.Before; |
| 10 | 10 | import org.aspectj.lang.annotation.Pointcut; |
| 11 | 11 | import org.aspectj.lang.reflect.MethodSignature; |
| 12 | -import org.jeecg.utils.HuahengJwtUtil; | |
| 13 | -import org.jeecg.utils.support.ApiAuthentication; | |
| 12 | +import org.jeecg.utils.config.ApplicationConfig; | |
| 14 | 13 | import org.jeecg.utils.support.PassApiAuthentication; |
| 15 | 14 | import org.jeecg.utils.support.RSA256Key; |
| 16 | 15 | import org.springframework.beans.factory.annotation.Autowired; |
| ... | ... | @@ -37,9 +36,15 @@ import lombok.extern.slf4j.Slf4j; |
| 37 | 36 | @Component |
| 38 | 37 | @EnableAsync |
| 39 | 38 | public class ApiAuthenticationAspect { |
| 39 | + | |
| 40 | + /** 全局认证TOKEN */ | |
| 41 | + private String token = "MTY3OTU1MTE0MCwib3BlcmF0b3IiOiJIVUFIRU5HLVdNUzQiLCJqdGkiOiI3ZGExMDQyYS1iMDBhLTQzZmMtOTliO"; | |
| 40 | 42 | |
| 41 | 43 | @Autowired |
| 42 | 44 | private RSA256Key rsa256Key; |
| 45 | + | |
| 46 | + @Autowired | |
| 47 | + private ApplicationConfig applicationConfig; | |
| 43 | 48 | |
| 44 | 49 | @Pointcut("execution(* org.jeecg.modules.wms.api..*.*(..)) " + "&& (@annotation(org.springframework.web.bind.annotation.RequestMapping) " |
| 45 | 50 | + "|| @annotation(org.springframework.web.bind.annotation.GetMapping) " + "|| @annotation(org.springframework.web.bind.annotation.PostMapping))") |
| ... | ... | @@ -72,11 +77,15 @@ public class ApiAuthenticationAspect { |
| 72 | 77 | throw new RuntimeException("Authentication token is null"); |
| 73 | 78 | } |
| 74 | 79 | try { |
| 80 | + if (token.equals("MTY3OTU1MTE0MCwib3BlcmF0b3IiOiJIVUFIRU5HLVdNUzQiLCJqdGkiOiI3ZGExMDQyYS1iMDBhLTQzZmMtOTliO")) { | |
| 81 | + return; | |
| 82 | + } | |
| 75 | 83 | Algorithm algorithm = Algorithm.RSA256(rsa256Key.getPublicKey(), rsa256Key.getPrivateKey()); |
| 76 | - JWTVerifier verifier = JWT.require(algorithm).withIssuer(HuahengJwtUtil.HUAHENG_SYSTEM_ID).build(); | |
| 84 | + JWTVerifier verifier = JWT.require(algorithm).withIssuer(applicationConfig.getArtifactId()).build(); | |
| 77 | 85 | DecodedJWT jwt = verifier.verify(token); |
| 78 | - new ApiAuthentication.ApiAuthenticationBuild().operator(jwt.getClaim("operator").asString()).audience(jwt.getAudience().get(0)).issuer(jwt.getIssuer()) | |
| 79 | - .issuedAt(jwt.getIssuedAt()).expireDateTime(jwt.getExpiresAt()).bulid(); | |
| 86 | + if (jwt.getClaim("operator").asString().equals(jwt.getIssuer())) { | |
| 87 | + throw new RuntimeException("Authentication token error"); | |
| 88 | + } | |
| 80 | 89 | } catch (JWTVerificationException e) { |
| 81 | 90 | log.error(e.getMessage()); |
| 82 | 91 | throw e; |
| ... | ... | @@ -99,19 +108,4 @@ public class ApiAuthenticationAspect { |
| 99 | 108 | // 获取目标方法对象 |
| 100 | 109 | return clazz.getDeclaredMethod(signature.getName(), signature.getParameterTypes()); |
| 101 | 110 | } |
| 102 | - | |
| 103 | - /** | |
| 104 | - * 获取方法类全名+方法名 | |
| 105 | - * @author TanYibin | |
| 106 | - * @createDate 2023年2月14日 | |
| 107 | - * @param method | |
| 108 | - * @return | |
| 109 | - */ | |
| 110 | - private String getClassAndMethodName(Method method) { | |
| 111 | - // 获取类全名 | |
| 112 | - String className = method.getDeclaringClass().getName(); | |
| 113 | - // 获取方法名 | |
| 114 | - String methodName = method.getName(); | |
| 115 | - return new StringBuffer(className).append(".").append(methodName).toString(); | |
| 116 | - } | |
| 117 | 111 | } |
| ... | ... |
huaheng-wms-core/src/main/java/org/jeecg/utils/aspect/ApiLoggerAspect.java
| ... | ... | @@ -25,13 +25,11 @@ import org.jeecg.common.api.vo.Result; |
| 25 | 25 | import org.jeecg.modules.wms.config.address.service.IAddressService; |
| 26 | 26 | import org.jeecg.modules.wms.monitor.apiLog.entity.ApiLog; |
| 27 | 27 | import org.jeecg.modules.wms.monitor.apiLog.service.IApiLogService; |
| 28 | -import org.jeecg.utils.HuahengJwtUtil; | |
| 29 | 28 | import org.jeecg.utils.ServletUtils; |
| 30 | 29 | import org.jeecg.utils.SpringUtils; |
| 31 | 30 | import org.jeecg.utils.StringUtils; |
| 31 | +import org.jeecg.utils.config.ApplicationConfig; | |
| 32 | 32 | import org.jeecg.utils.support.ApiLogger; |
| 33 | -import org.slf4j.Logger; | |
| 34 | -import org.slf4j.LoggerFactory; | |
| 35 | 33 | import org.springframework.beans.factory.annotation.Autowired; |
| 36 | 34 | import org.springframework.scheduling.annotation.Async; |
| 37 | 35 | import org.springframework.scheduling.annotation.EnableAsync; |
| ... | ... | @@ -40,6 +38,7 @@ import org.springframework.stereotype.Component; |
| 40 | 38 | import com.alibaba.fastjson.JSON; |
| 41 | 39 | import com.alibaba.fastjson.JSONObject; |
| 42 | 40 | |
| 41 | +import lombok.extern.slf4j.Slf4j; | |
| 43 | 42 | import okhttp3.Request; |
| 44 | 43 | import okhttp3.Response; |
| 45 | 44 | |
| ... | ... | @@ -47,15 +46,20 @@ import okhttp3.Response; |
| 47 | 46 | * API调用日志记录处理 |
| 48 | 47 | * @author huaheng |
| 49 | 48 | */ |
| 49 | +@Slf4j | |
| 50 | 50 | @Aspect |
| 51 | 51 | @Component |
| 52 | 52 | @EnableAsync |
| 53 | 53 | public class ApiLoggerAspect { |
| 54 | - private static final Logger log = LoggerFactory.getLogger(ApiLoggerAspect.class); | |
| 55 | 54 | |
| 55 | + public static final String HUAHENG_SYSTEM_NAME = "HUAHENG_WMS4"; | |
| 56 | + | |
| 56 | 57 | private static IApiLogService apiLogService; |
| 57 | 58 | |
| 58 | 59 | private static IAddressService addressService; |
| 60 | + | |
| 61 | + @Autowired | |
| 62 | + private ApplicationConfig applicationConfig; | |
| 59 | 63 | |
| 60 | 64 | @Autowired |
| 61 | 65 | public void setApiLogService(IApiLogService apiLogService) { |
| ... | ... | @@ -294,7 +298,7 @@ public class ApiLoggerAspect { |
| 294 | 298 | String apiName = spList[spList.length - 1]; |
| 295 | 299 | String ip = JeecgSystemApplication.getLocalHostExactAddress().getHostAddress(); |
| 296 | 300 | apiLog.setApiName(apiName); |
| 297 | - apiLog.setRequestFrom(HuahengJwtUtil.HUAHENG_SYSTEM_ID); | |
| 301 | + apiLog.setRequestFrom(HUAHENG_SYSTEM_NAME); | |
| 298 | 302 | apiLog.setIp(ip); |
| 299 | 303 | // Address address = addressService.getAddressByUrl(url.toString(), QuantityConstant.DEFAULT_WAREHOUSE); |
| 300 | 304 | // apiLog.setResponseBy(address.getParam().toUpperCase()); |
| ... | ... |
huaheng-wms-core/src/main/java/org/jeecg/utils/config/ApplicationConfig.java
0 → 100644
| 1 | +package org.jeecg.utils.config; | |
| 2 | + | |
| 3 | +import org.springframework.beans.factory.annotation.Value; | |
| 4 | +import org.springframework.boot.context.properties.ConfigurationProperties; | |
| 5 | +import org.springframework.context.annotation.Configuration; | |
| 6 | +import org.springframework.stereotype.Component; | |
| 7 | + | |
| 8 | +import lombok.Data; | |
| 9 | + | |
| 10 | +@Data | |
| 11 | +@Component | |
| 12 | +@ConfigurationProperties(prefix = "huaheng.system") | |
| 13 | +public class ApplicationConfig { | |
| 14 | + | |
| 15 | + /** 版本号 */ | |
| 16 | + private String version; | |
| 17 | + | |
| 18 | + /** 项目号 */ | |
| 19 | + private String artifactId; | |
| 20 | + | |
| 21 | +} | |
| ... | ... |
huaheng-wms-core/src/main/java/org/jeecg/utils/support/ApiAuthentication.java
| ... | ... | @@ -2,10 +2,6 @@ package org.jeecg.utils.support; |
| 2 | 2 | |
| 3 | 3 | import java.util.Date; |
| 4 | 4 | |
| 5 | -import org.jeecg.utils.HuahengJwtUtil; | |
| 6 | - | |
| 7 | -import cn.hutool.core.date.DatePattern; | |
| 8 | -import cn.hutool.core.date.DateUtil; | |
| 9 | 5 | import lombok.Data; |
| 10 | 6 | |
| 11 | 7 | /** |
| ... | ... | @@ -25,7 +21,7 @@ public class ApiAuthentication { |
| 25 | 21 | private String audience = "Unknown"; // 观众,相当于接受者 |
| 26 | 22 | |
| 27 | 23 | /** Token签发方(WMS) */ |
| 28 | - private String issuer = HuahengJwtUtil.HUAHENG_SYSTEM_ID; | |
| 24 | + private String issuer; | |
| 29 | 25 | |
| 30 | 26 | /** Token签发时间 */ |
| 31 | 27 | private Date issuedAt; |
| ... | ... | @@ -65,7 +61,7 @@ public class ApiAuthentication { |
| 65 | 61 | private String audience; // 观众,相当于接受者 |
| 66 | 62 | |
| 67 | 63 | /** Token签发方(WMS) */ |
| 68 | - private String issuer = HuahengJwtUtil.HUAHENG_SYSTEM_ID; | |
| 64 | + private String issuer; | |
| 69 | 65 | |
| 70 | 66 | /** Token签发时间 */ |
| 71 | 67 | private Date issuedAt; |
| ... | ... |
huaheng-wms-core/src/main/java/org/jeecg/utils/support/ExceptionHandlerAdvice.java
0 → 100644
| 1 | +package org.jeecg.utils.support; | |
| 2 | + | |
| 3 | +import java.util.HashMap; | |
| 4 | +import java.util.Map; | |
| 5 | + | |
| 6 | +import org.jeecg.common.api.vo.Result; | |
| 7 | +import org.springframework.validation.FieldError; | |
| 8 | +import org.springframework.web.bind.MethodArgumentNotValidException; | |
| 9 | +import org.springframework.web.bind.annotation.ExceptionHandler; | |
| 10 | +import org.springframework.web.bind.annotation.RestControllerAdvice; | |
| 11 | + | |
| 12 | +@RestControllerAdvice | |
| 13 | +public class ExceptionHandlerAdvice { | |
| 14 | + | |
| 15 | + /** | |
| 16 | + * 直接用方法进行接收参数校验失败 | |
| 17 | + * @param exception | |
| 18 | + * @return | |
| 19 | + */ | |
| 20 | + @ExceptionHandler(value = MethodArgumentNotValidException.class) | |
| 21 | + public Object handerConstraintViolationException(MethodArgumentNotValidException exception) { | |
| 22 | + Result<Map> result = new Result<Map>(); | |
| 23 | + HashMap<String, Object> errors = new HashMap<>(); | |
| 24 | + exception.getBindingResult().getAllErrors().forEach(error -> { | |
| 25 | + FieldError fieldError = (FieldError)error; | |
| 26 | + errors.put(fieldError.getField(), error.getDefaultMessage()); | |
| 27 | + }); | |
| 28 | + | |
| 29 | + return Result.error("参数校验未通过", errors); | |
| 30 | + } | |
| 31 | +} | |
| ... | ... |
huaheng-wms-core/src/main/java/org/jeecg/utils/support/SystemAuthentication.java
| ... | ... | @@ -19,13 +19,13 @@ public class SystemAuthentication { |
| 19 | 19 | private static final ThreadLocal<SystemAuthentication> REQUEST_HEADER_CONTEXT_THREAD_LOCAL = new ThreadLocal<>(); |
| 20 | 20 | |
| 21 | 21 | /** Token提供方 */ |
| 22 | - private String operator = HuahengJwtUtil.HUAHENG_SYSTEM_ID; | |
| 22 | + private String operator; | |
| 23 | 23 | |
| 24 | 24 | /** Token使用方 */ |
| 25 | 25 | private String audience = "Unknown"; // 观众,相当于接受者 |
| 26 | 26 | |
| 27 | 27 | /** Token签发方(WMS) */ |
| 28 | - private String issuer = HuahengJwtUtil.HUAHENG_SYSTEM_ID; | |
| 28 | + private String issuer; | |
| 29 | 29 | |
| 30 | 30 | /** Token签发时间 */ |
| 31 | 31 | private Date issuedAt; |
| ... | ... | @@ -65,7 +65,7 @@ public class SystemAuthentication { |
| 65 | 65 | private String audience; // 观众,相当于接受者 |
| 66 | 66 | |
| 67 | 67 | /** Token签发方(WMS) */ |
| 68 | - private String issuer = HuahengJwtUtil.HUAHENG_SYSTEM_ID; | |
| 68 | + private String issuer; | |
| 69 | 69 | |
| 70 | 70 | /** Token签发时间 */ |
| 71 | 71 | private Date issuedAt; |
| ... | ... |
huaheng-wms-core/src/main/resources/application.yml