From 1a9aefc4f250b1666c06b70ed48408d12bd9a087 Mon Sep 17 00:00:00 2001 From: twilight0620 Date: Fri, 15 Jul 2022 17:38:18 +0800 Subject: [PATCH 1/2] =?UTF-8?q?=E5=8E=BB=E6=8E=89debug=E6=97=A5=E5=BF=97?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ...dler.java => AuthentionSuccessFilter.java} | 42 +++++++++---------- .../config/ClientApplicationContext.java | 21 ++++++++++ .../config/ClientWebSecurityConfigurer.java | 7 +--- .../controller/OAuthClientController.java | 2 - src/main/resources/application.yaml | 9 +--- 5 files changed, 45 insertions(+), 36 deletions(-) rename src/main/java/org/edgegallery/website/config/{ClientAuthenticationSuccessHandler.java => AuthentionSuccessFilter.java} (39%) create mode 100644 src/main/java/org/edgegallery/website/config/ClientApplicationContext.java diff --git a/src/main/java/org/edgegallery/website/config/ClientAuthenticationSuccessHandler.java b/src/main/java/org/edgegallery/website/config/AuthentionSuccessFilter.java similarity index 39% rename from src/main/java/org/edgegallery/website/config/ClientAuthenticationSuccessHandler.java rename to src/main/java/org/edgegallery/website/config/AuthentionSuccessFilter.java index 2512fc2..9b1813c 100644 --- a/src/main/java/org/edgegallery/website/config/ClientAuthenticationSuccessHandler.java +++ b/src/main/java/org/edgegallery/website/config/AuthentionSuccessFilter.java @@ -2,38 +2,38 @@ package org.edgegallery.website.config; import java.io.IOException; import java.util.Map; +import javax.servlet.Filter; +import javax.servlet.FilterChain; import javax.servlet.ServletContext; import javax.servlet.ServletException; +import javax.servlet.ServletRequest; +import javax.servlet.ServletResponse; import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; -import javax.servlet.http.HttpSession; +import org.edgegallery.website.controller.JwtServer; +import org.edgegallery.website.controller.OAuthClientController; import org.slf4j.Logger; import org.slf4j.LoggerFactory; -import org.springframework.beans.factory.annotation.Autowired; import org.springframework.security.core.Authentication; -import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails; -import org.springframework.security.oauth2.provider.token.TokenStore; -import org.springframework.security.web.authentication.AuthenticationSuccessHandler; - -public class ClientAuthenticationSuccessHandler implements AuthenticationSuccessHandler { - private static final Logger LOGGER = LoggerFactory.getLogger(ClientAuthenticationSuccessHandler.class); +import org.springframework.security.core.context.SecurityContextHolder; - @Autowired - private TokenStore jwtTokenStore; +import org.springframework.security.oauth2.provider.authentication.OAuth2AuthenticationDetails; - @Autowired - private ServletContext servletContext; +public class AuthentionSuccessFilter implements Filter { + private static final Logger LOGGER = LoggerFactory.getLogger(OAuthClientController.class); @Override - public void onAuthenticationSuccess(HttpServletRequest request, HttpServletResponse response, - Authentication authentication) throws IOException, ServletException { - LOGGER.info("ClientAuthenticationSuccessHandler onAuthenticationSuccess in."); - HttpSession session = request.getSession(false); + public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) + throws IOException, ServletException { + LOGGER.info("AuthentionSuccessFilter doFilter in."); + HttpServletRequest httpRequest = (HttpServletRequest) servletRequest; + ServletContext servletContext = httpRequest.getServletContext(); + + Authentication authentication = SecurityContextHolder.getContext().getAuthentication(); OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) authentication.getDetails(); - Map additionalInformation = jwtTokenStore.readAccessToken(details.getTokenValue()) + JwtServer jwtServer = ClientApplicationContext.getBean(JwtServer.class); + Map additionalInformation = jwtServer.getToken(details.getTokenValue()) .getAdditionalInformation(); - //TODO DELETE LOG - LOGGER.info("additionalInformation: {}", additionalInformation.get("ssoSessionId").toString()); - servletContext.setAttribute(additionalInformation.get("ssoSessionId").toString(), session); + LOGGER.info("doFilter ssoSessionId: {}", additionalInformation.get("ssoSessionId").toString()); + servletContext.setAttribute(additionalInformation.get("ssoSessionId").toString(), httpRequest.getSession()); } } diff --git a/src/main/java/org/edgegallery/website/config/ClientApplicationContext.java b/src/main/java/org/edgegallery/website/config/ClientApplicationContext.java new file mode 100644 index 0000000..565b774 --- /dev/null +++ b/src/main/java/org/edgegallery/website/config/ClientApplicationContext.java @@ -0,0 +1,21 @@ +package org.edgegallery.website.config; + +import org.springframework.beans.BeansException; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationContext; +import org.springframework.context.ApplicationContextAware; +import org.springframework.stereotype.Component; + +@Component +public class ClientApplicationContext implements ApplicationContextAware { + private static ApplicationContext applicationContext; + + @Override + public void setApplicationContext(ApplicationContext applicationContext) throws BeansException { + this.applicationContext = applicationContext; + } + + public static T getBean(Class clazz) { + return ClientApplicationContext.applicationContext.getBean(clazz); + } +} diff --git a/src/main/java/org/edgegallery/website/config/ClientWebSecurityConfigurer.java b/src/main/java/org/edgegallery/website/config/ClientWebSecurityConfigurer.java index 1b9564a..8bd3103 100644 --- a/src/main/java/org/edgegallery/website/config/ClientWebSecurityConfigurer.java +++ b/src/main/java/org/edgegallery/website/config/ClientWebSecurityConfigurer.java @@ -94,8 +94,8 @@ public class ClientWebSecurityConfigurer extends WebSecurityConfigurerAdapter { // this api will be used by health-check service, so permit all roles to get mec host list in v1.2 .antMatchers(HttpMethod.GET, "/mecm-inventory/inventory/v1/mechosts").permitAll() .antMatchers(HttpMethod.GET, "/health").permitAll().antMatchers("/webssh").permitAll() - .antMatchers("/wsserver/**").permitAll().anyRequest().authenticated().and().formLogin() - .successHandler(new ClientAuthenticationSuccessHandler()).and().logout() + .antMatchers("/wsserver/**").permitAll().anyRequest().authenticated().and() + .addFilterBefore(new AuthentionSuccessFilter(), BasicAuthenticationFilter.class).logout() .addLogoutHandler(new LogoutHandler() { @Override public void logout(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, @@ -126,8 +126,6 @@ public class ClientWebSecurityConfigurer extends WebSecurityConfigurerAdapter { OAuth2AuthenticationDetails details = (OAuth2AuthenticationDetails) authentication.getDetails(); Map additionalInformation = jwtTokenStore.readAccessToken(details.getTokenValue()) .getAdditionalInformation(); - //TODO - LOGGER.info("ssoSessionId: {}", additionalInformation.get("ssoSessionId").toString()); servletContext.setAttribute(additionalInformation.get("ssoSessionId").toString(), session); super.onAuthenticationSuccess(request, response, authentication); } @@ -175,7 +173,6 @@ public class ClientWebSecurityConfigurer extends WebSecurityConfigurerAdapter { accessToken = details.getTokenValue(); } - LOGGER.info("accessToken: {}", accessToken); ctx.addZuulRequestHeader(Consts.HEADER_ACCESS_TOKEN, accessToken); } catch (Exception e) { LOGGER.warn( diff --git a/src/main/java/org/edgegallery/website/controller/OAuthClientController.java b/src/main/java/org/edgegallery/website/controller/OAuthClientController.java index 37a6d60..3266ee4 100644 --- a/src/main/java/org/edgegallery/website/controller/OAuthClientController.java +++ b/src/main/java/org/edgegallery/website/controller/OAuthClientController.java @@ -69,7 +69,6 @@ public class OAuthClientController { loginInfoRespDto.setAccessToken(details.getTokenValue()); loginInfoRespDto.setIsSecureBackend(isSecureBackend); loginInfoRespDto.setUserName(additionalInformation.get("userName")); - LOGGER.info("userId: {}", additionalInformation.get("userId")); LOGGER.info("userName: {}", additionalInformation.get("userName")); StringBuilder loginPage = new StringBuilder(authServerAddressClientAccess); @@ -96,7 +95,6 @@ public class OAuthClientController { public ResponseEntity logout(HttpServletRequest request) { log.info("gateway logout in."); String ssoSessionId = request.getParameter("ssoSessionId"); - log.info("gssoSessionId: {}", ssoSessionId); HttpSession session = (HttpSession) servletContext.getAttribute(ssoSessionId); if (session != null) { log.info("session is not empty."); diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml index 33099b5..a3bf5ed 100644 --- a/src/main/resources/application.yaml +++ b/src/main/resources/application.yaml @@ -12,13 +12,6 @@ # See the License for the specific language governing permissions and # limitations under the License. # -logging: - level: - org.springframework.web: INFO - org.springframework.security: DEBUG - org.springframework.security.oauth2: DEBUG - org.springframework.boot.autoconfigure: DEBUG - zuul: routes: user-mgmt-be: /mec-usermgmt/** @@ -55,7 +48,7 @@ ribbon: IsSecure: ${IS_SECURE_BACKEND:false} server: - port: 8443 + port: 8078 ssl: enabled: ${SSL_ENABLED:false} protocol: TLS -- Gitee From 02d9845065f260d576333e71b590d527e864c5d9 Mon Sep 17 00:00:00 2001 From: twilight0620 Date: Fri, 15 Jul 2022 17:40:08 +0800 Subject: [PATCH 2/2] =?UTF-8?q?=E5=8E=BB=E6=8E=89debug=E6=97=A5=E5=BF=97?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- src/main/resources/application.yaml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/main/resources/application.yaml b/src/main/resources/application.yaml index a3bf5ed..1dc2772 100644 --- a/src/main/resources/application.yaml +++ b/src/main/resources/application.yaml @@ -48,7 +48,7 @@ ribbon: IsSecure: ${IS_SECURE_BACKEND:false} server: - port: 8078 + port: 8443 ssl: enabled: ${SSL_ENABLED:false} protocol: TLS -- Gitee