无权限异常处理

zrj

2024-06-07 62fdbdb8371cb2572d6fb0ca02cd11bdf8ac8098

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
package org.springblade.auth.handle;
 
import com.alibaba.nacos.common.utils.StringUtils;
import io.jsonwebtoken.Claims;
import org.springblade.auth.utils.TokenUtil;
import org.springblade.core.jwt.JwtUtil;
import org.springblade.core.launch.constant.TokenConstant;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.web.filter.OncePerRequestFilter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.io.OutputStreamWriter;
import java.io.PrintWriter;
 
/**
 * token 校验过滤器
 */
@Configuration
public class TokenFilterHandle extends OncePerRequestFilter {
 
 
    @Override
    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain)
        throws ServletException, IOException {
        String auth = request.getHeader("Blade-Auth");
        if (StringUtils.isBlank(auth)) {
            // 无授权处理
            unAuthResponse(response);
            return;
        }
 
        String token = JwtUtil.getToken(auth);
        Claims claims = JwtUtil.parseJWT(token);
        if (!StringUtils.isBlank(token) && null!=claims) {
            //判断 Token 状态
            String tenantId = String.valueOf(claims.get(TokenConstant.TENANT_ID));
            String userId = String.valueOf(claims.get(TokenConstant.USER_ID));
            String account = String.valueOf(claims.get(TokenConstant.ACCOUNT));
            String accessToken = JwtUtil.getAccessToken(tenantId, userId, token);
            if (token.equalsIgnoreCase(accessToken)) {
                UsernamePasswordAuthenticationToken authenticationToken
                    = new UsernamePasswordAuthenticationToken(account, null);
                authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
                SecurityContextHolder.getContext().setAuthentication(authenticationToken);
            }else {
                // 无授权处理
                unAuthResponse(response);
                return;
            }
        }else {
            // 无授权处理
            unAuthResponse(response);
            return;
        }
 
        filterChain.doFilter(request, response);
    }
 
    /**
     * 无授权处理
     * @param response
     * @throws IOException
     */
    private void unAuthResponse(HttpServletResponse response) throws IOException {
        response.setStatus(HttpServletResponse.SC_UNAUTHORIZED);
        response.setContentType("application/json;charset=UTF-8");
        PrintWriter writer = new PrintWriter(new OutputStreamWriter(response.getOutputStream(), "UTF-8"));
        writer.write("{\"status\": 401,\n" + "\"error\": \"Unauthorized\"\n" + "}");
        writer.flush();
    }
}