Merge branch 'master' of https://gitee.com/zouxuan/mec

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/filter/PhoneLoginAuthenticationFilter.java

@@ -7,9 +7,6 @@ import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import com.alibaba.fastjson.JSON;
-import com.alibaba.fastjson.JSONObject;
-import com.ym.mec.auth.config.RequestUtils;
 import org.springframework.security.authentication.AbstractAuthenticationToken;
 import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.core.Authentication;
@@ -39,12 +36,12 @@ public class PhoneLoginAuthenticationFilter extends AbstractAuthenticationProces
 		}
 
 		AbstractAuthenticationToken authRequest;
-		String requestJsonString = RequestUtils.getRequestPostStr(request);
-		JSONObject jsonObject = JSON.parseObject(requestJsonString);
-		String principal = jsonObject.getString(SPRING_SECURITY_RESTFUL_PHONE_KEY);
-		String credentials = jsonObject.getString(SPRING_SECURITY_RESTFUL_VERIFY_CODE_KEY);
-		request.setAttribute("clientId",jsonObject.get("clientId"));
-		request.setAttribute("clientSecret",jsonObject.get("clientSecret"));
+		String principal;
+		String credentials;
+
+		// 手机验证码登陆
+		principal = obtainParameter(request, SPRING_SECURITY_RESTFUL_PHONE_KEY);
+		credentials = obtainParameter(request, SPRING_SECURITY_RESTFUL_VERIFY_CODE_KEY);
 
 		principal = principal.trim();
 		authRequest = new PhoneAuthenticationToken(SecurityConstants.PHONE_PRINCIPAL_PREFIX + principal, credentials);

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/filter/UsernameAuthenticationFilter.java

@@ -1,28 +1,21 @@
 package com.ym.mec.auth.core.filter;
 
 import java.io.IOException;
-import java.util.HashMap;
-import java.util.logging.Handler;
 
 import javax.servlet.FilterChain;
 import javax.servlet.ServletException;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
 
-import com.alibaba.fastjson.JSON;
-import com.alibaba.fastjson.JSONObject;
-import com.ym.mec.auth.config.RequestUtils;
 import org.springframework.security.authentication.AuthenticationServiceException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.core.AuthenticationException;
-import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 import org.springframework.util.Assert;
 
 import com.ym.mec.auth.config.constant.SecurityConstants;
-import org.springframework.web.bind.annotation.RequestBody;
 
 public class UsernameAuthenticationFilter extends AbstractAuthenticationProcessingFilter {
 
@@ -50,12 +43,9 @@ public class UsernameAuthenticationFilter extends AbstractAuthenticationProcessi
 			throw new AuthenticationServiceException(
 					"Authentication method not supported: " + request.getMethod());
 		}
-		String requestJsonString = RequestUtils.getRequestPostStr(request);
-		JSONObject jsonObject = JSON.parseObject(requestJsonString);
-		String username = jsonObject.getString("username");
-		String password = jsonObject.getString("password");
-		request.setAttribute("clientId",jsonObject.get("clientId"));
-		request.setAttribute("clientSecret",jsonObject.get("clientSecret"));
+
+		String username = obtainUsername(request);
+		String password = obtainPassword(request);
 		if (username == null) {
 			username = "";
 		}
@@ -76,47 +66,6 @@ public class UsernameAuthenticationFilter extends AbstractAuthenticationProcessi
 		return this.getAuthenticationManager().authenticate(authRequest);
 	}
 
-	private String getRequestJsonString(HttpServletRequest request)
-			throws IOException {
-		String submitMehtod = request.getMethod();
-		// GET
-		if (submitMehtod.equals("GET")) {
-			return new String(request.getQueryString().getBytes("iso-8859-1"),"utf-8").replaceAll("%22", "\"");
-			// POST
-		} else {
-			return getRequestPostStr(request);
-		}
-	}
-
-	private String getRequestPostStr(HttpServletRequest request)
-			throws IOException {
-		byte buffer[] = getRequestPostBytes(request);
-		String charEncoding = request.getCharacterEncoding();
-		if (charEncoding == null) {
-			charEncoding = "UTF-8";
-		}
-		return new String(buffer, charEncoding);
-	}
-
-	private byte[] getRequestPostBytes(HttpServletRequest request)
-			throws IOException {
-		int contentLength = request.getContentLength();
-		if(contentLength<0){
-			return null;
-		}
-		byte buffer[] = new byte[contentLength];
-		for (int i = 0; i < contentLength;) {
-
-			int readlen = request.getInputStream().read(buffer, i,
-					contentLength - i);
-			if (readlen == -1) {
-				break;
-			}
-			i += readlen;
-		}
-		return buffer;
-	}
-
 	@Override
 	protected void successfulAuthentication(HttpServletRequest request, HttpServletResponse response,
 			FilterChain chain, Authentication authResult) throws IOException, ServletException {

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/handler/AuthenticationFailureListener.java

@@ -36,7 +36,11 @@ public class AuthenticationFailureListener implements ApplicationListener<Authen
         Date date = new Date();
         SysUser sysUser = null;
         if(username.split(":").length > 1){
-            sysUser = sysUserService.queryByPhone(username.split(":")[1]);
+        	if(username.startsWith(SecurityConstants.USERNAME_PRINCIPAL_PREFIX)){
+                sysUser = sysUserService.queryByUsername(username.split(":")[1]);
+            }else {
+                sysUser = sysUserService.queryByPhone(username.split(":")[1]);
+            }
         }
         if(sysUser != null){
             SysUserLogin userLogin = sysUserLoginService.findLoginByUserId(sysUser.getId());

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/handler/BaseAuthenticationSuccessEventHandler.java

@@ -1,13 +1,13 @@
 package com.ym.mec.auth.core.handler;
 
-import com.fasterxml.jackson.databind.ObjectMapper;
-import com.ym.mec.auth.api.entity.SysUser;
-import com.ym.mec.auth.api.entity.SysUserLogin;
-import com.ym.mec.auth.api.entity.SysUserLoginLog;
-import com.ym.mec.auth.service.SysUserLoginLogService;
-import com.ym.mec.auth.service.SysUserLoginService;
-import com.ym.mec.auth.service.SysUserService;
-import com.ym.mec.common.entity.HttpResponseResult;
+import java.io.IOException;
+import java.util.Base64;
+import java.util.Date;
+import java.util.HashMap;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
 import org.apache.commons.collections.MapUtils;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@@ -19,17 +19,24 @@ import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.common.OAuth2AccessToken;
 import org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException;
-import org.springframework.security.oauth2.provider.*;
+import org.springframework.security.oauth2.provider.ClientDetails;
+import org.springframework.security.oauth2.provider.ClientDetailsService;
+import org.springframework.security.oauth2.provider.OAuth2Authentication;
+import org.springframework.security.oauth2.provider.OAuth2Request;
+import org.springframework.security.oauth2.provider.TokenRequest;
 import org.springframework.security.oauth2.provider.token.AuthorizationServerTokenServices;
 import org.springframework.security.web.authentication.SavedRequestAwareAuthenticationSuccessHandler;
 import org.springframework.stereotype.Component;
 
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.util.Base64;
-import java.util.Date;
-import java.util.HashMap;
+import com.fasterxml.jackson.databind.ObjectMapper;
+import com.ym.mec.auth.api.entity.SysUser;
+import com.ym.mec.auth.api.entity.SysUserLogin;
+import com.ym.mec.auth.api.entity.SysUserLoginLog;
+import com.ym.mec.auth.config.constant.SecurityConstants;
+import com.ym.mec.auth.service.SysUserLoginLogService;
+import com.ym.mec.auth.service.SysUserLoginService;
+import com.ym.mec.auth.service.SysUserService;
+import com.ym.mec.common.entity.HttpResponseResult;
 
 @Component
 public class BaseAuthenticationSuccessEventHandler extends SavedRequestAwareAuthenticationSuccessHandler {
@@ -56,7 +63,12 @@ public class BaseAuthenticationSuccessEventHandler extends SavedRequestAwareAuth
 		logger.info("用户：{} 登录成功", authentication.getPrincipal());
 		HashMap<String,String> hashMap = objectMapper.convertValue(authentication.getPrincipal(), HashMap.class);
 		String username = hashMap.get("username");
-		SysUser sysUser  = sysUserService.queryByPhone(username.split(":")[1]);
+		SysUser sysUser;
+		if(username.startsWith(SecurityConstants.USERNAME_PRINCIPAL_PREFIX)){
+			sysUser = sysUserService.queryByUsername(username.split(":")[1]);
+		}else {
+			sysUser = sysUserService.queryByPhone(username.split(":")[1]);
+		}
 		Date date = new Date();
 		//修改添加登录信息
 		SysUserLogin userLogin = sysUserLoginService.findLoginByUserId(sysUser.getId());
@@ -79,8 +91,8 @@ public class BaseAuthenticationSuccessEventHandler extends SavedRequestAwareAuth
 		sysUserLoginLogService.insert(sysUserLoginLog);
 		
 		try {
-			String clientId = request.getAttribute("clientId").toString();
-			String clientSecret = request.getAttribute("clientSecret").toString();
+			String clientId = request.getParameter("clientId");
+			String clientSecret = request.getParameter("clientSecret");
 			if (clientId == null || clientSecret == null) {
 				throw new UnapprovedClientAuthenticationException("请求头中client信息为空");
 			}

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/core/provider/PhoneAuthenticationProvider.java

@@ -1,12 +1,6 @@
 package com.ym.mec.auth.core.provider;
 
-import com.alibaba.fastjson.JSON;
-import com.ym.mec.auth.config.constant.SecurityConstants;
-import com.ym.mec.auth.config.token.PhoneAuthenticationToken;
-import com.ym.mec.common.validcode.SmsCodeService;
 import org.apache.commons.lang3.StringUtils;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.InternalAuthenticationServiceException;
 import org.springframework.security.core.Authentication;
@@ -15,6 +9,10 @@ import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.security.core.userdetails.UserDetailsService;
 import org.springframework.security.core.userdetails.UsernameNotFoundException;
 
+import com.ym.mec.auth.config.constant.SecurityConstants;
+import com.ym.mec.auth.config.token.PhoneAuthenticationToken;
+import com.ym.mec.common.validcode.SmsCodeService;
+
 public class PhoneAuthenticationProvider extends AbstractAuthenticationProvider {
 
 	private UserDetailsService userDetailsService;

mec-auth/mec-auth-server/src/main/java/com/ym/mec/auth/service/impl/SysUserServiceImpl.java

@@ -45,7 +45,7 @@ public class SysUserServiceImpl extends BaseServiceImpl<Integer, SysUser> implem
 
 	@Override
 	public SysUserInfo queryUserInfoByUsername(String username) {
-		SysUser sysUser = queryByPhone(username);
+		SysUser sysUser = queryByUsername(username);
 		return getSysUserInfo(sysUser);
 	}
 

mec-gateway/mec-gateway-web/src/main/java/com/ym/mec/gateway/web/filter/AuthFilter.java

@@ -19,15 +19,13 @@ public class AuthFilter extends ZuulFilter {
 		HttpServletRequest request = requestContext.getRequest();
 
 		Enumeration<String> headerNames = request.getHeaderNames();
-		if (headerNames != null) {
-			while (headerNames.hasMoreElements()) {
-				String name = headerNames.nextElement();
-				String values = request.getHeader(name);
-				requestContext.addZuulRequestHeader(name, values);
-			}
+		while (headerNames.hasMoreElements()) {
+			String key = headerNames.nextElement();
+			String value = request.getHeader(key);
+			// 将头信息传递下去
+			requestContext.addZuulRequestHeader(key, value);
 		}
 
-		requestContext.setSendZuulResponse(false);
 		return null;
 	}
 
@@ -43,7 +41,7 @@ public class AuthFilter extends ZuulFilter {
 
 	@Override
 	public String filterType() {
-		return null;
+		return "pre";
 	}
 
 }

mec-gateway/mec-gateway-web/src/main/resources/application.yml

@@ -21,28 +21,28 @@ zuul:
       serviceId: auth-server
       #url: http://localhost:8001/
       ##加上下面参数，可将header信息传递至下游
-      sensitiveHeaders: 
+      #sensitiveHeaders: 
     api-task:
       ### 以 /api-auth/访问转发到会员服务
       path: /api-task/**
       serviceId: task-server
       #url: http://localhost:8001/
       ##加上下面参数，可将header信息传递至下游
-      sensitiveHeaders: 
+      #sensitiveHeaders: 
     api-cms:
       ### 以 /api-auth/访问转发到会员服务
       path: /api-cms/**
       serviceId: cms-server
       #url: http://localhost:8001/
       ##加上下面参数，可将header信息传递至下游
-      sensitiveHeaders: 
+      #sensitiveHeaders: 
     api-web:
       ### 以 /api-auth/访问转发到会员服务
       path: /api-web/**
       serviceId: web-server
       #url: http://localhost:8001/
       ##加上下面参数，可将header信息传递至下游
-      sensitiveHeaders: 
+      #sensitiveHeaders: 
   #忽略某个微服务
   ignored-services: eureka-server
   #重试