工业级后台API v2
parent: 544c45ff | patch | commit | ignore whitespace
fengxiang
2018-02-05 baaff76ba638ac37f5b1dcffb27ba9f5a9fff937 
token放在get请求参数中
4 files modified
50 ■■■■■ changed files
src/main/java/com/moral/controller/MapController.java 32 ●●●●● patch | view | raw | blame | history
src/main/java/com/moral/security/auth/jwt/JwtTokenAuthenticationProcessingFilter.java 7 ●●●●● patch | view | raw | blame | history
src/main/java/com/moral/security/config/WebSecurityConfig.java 1 ●●●● patch | view | raw | blame | history
src/main/java/com/moral/security/model/token/JwtTokenFactory.java 10 ●●●● patch | view | raw | blame | history 
 src/main/java/com/moral/controller/MapController.java


@@ -10,6 +10,8 @@


import com.moral.entity.Device;


import com.moral.entity.MapBounds;


import com.moral.entity.MonitorPoint;


import com.moral.security.auth.JwtAuthenticationToken;


import com.moral.security.config.WebSecurityConfig;


import com.moral.service.*;


import lombok.extern.log4j.Log4j;


import org.apache.log4j.Logger;


@@ -29,6 +31,7 @@


@Controller


@RequestMapping("map")


public class MapController {


    public  final  static String REFRESH_TOKEN = "_refresh_token";


    public  static Logger log = Logger.getLogger(MapController.class);


    @Resource


    DeviceService deviceService;


@@ -41,17 +44,23 @@


    @Resource


    MonitorPointService monitorPointService;




    @RequestMapping(value = "/main-page", method = RequestMethod.GET)


    public String map(Model model,@RequestParam("areaCode")int code,@RequestParam("accountId")int accountId){


        Account account = accountService.getAccountById(accountId);


    @RequestMapping(value = "/screen-main", method = RequestMethod.GET)


    public String map(Model model,


                      @RequestParam("areaCode")int code,


                      @RequestParam(WebSecurityConfig.AUTHENTICATION_PARAM_NAME)String token,


                      @RequestParam(REFRESH_TOKEN)String refreshToke,


                      JwtAuthenticationToken authenticationToken){


        String accountName = authenticationToken.getPrincipal().getUsername();


        Account account = accountService.getAccountByAccountName(accountName);


        String regionName = areaService.selectFullNameByCode(code);


        if(account!=null&&regionName!=null){


            Object sensors = sensorService.queryAll();


            JSONObject params = new JSONObject();


            params.put("regionCode",code);


            params.put("regionName",regionName);


            params.put("accountId", accountId);


            params.put("orgId", account.getOrganizationId());


            //token 回传页面


            params.put(WebSecurityConfig.AUTHENTICATION_PARAM_NAME, token);


            params.put(REFRESH_TOKEN,refreshToke);


            params.put("sensors", sensors);


            String paramsJson = params.toJSONString();


            model.addAttribute("mapParams",paramsJson);


@@ -60,17 +69,18 @@


            StringBuilder msg = new StringBuilder();


            msg.append(" param[0] areaCode:");


            msg.append(code);


            msg.append(" param[0] accountId:");


            msg.append(accountId);


            msg.append(" param[0] token:");


            msg.append(token);


            log.warn(msg);


            return "401";


        }


    }


    @RequestMapping(value="/get-monitorpoints",method = RequestMethod.GET)


    @RequestMapping(value="get-monitorpoints",method = RequestMethod.GET)


    @ResponseBody


    public ResultBean getMonitorpointList(@RequestParam("orgId")String orgId,MapBounds mapBounds){


    public ResultBean getMonitorpointList(JwtAuthenticationToken authenticationToken,MapBounds mapBounds){


        ResultBean< List<MonitorPoint>> resultBean = new ResultBean();


        Map<String,Object> paramMap = new HashMap<String, Object>();


        Integer orgId = authenticationToken.getPrincipal().getOrganizationId();


        paramMap.put("orgId", orgId);


        paramMap.put("mapBounds",mapBounds);


        List<MonitorPoint> list = monitorPointService.queryWithStateByMap(paramMap);


@@ -81,11 +91,11 @@


    @RequestMapping(value = "get-devices-for-popup",method = RequestMethod.GET)


    @ResponseBody


    public PageResult getDevicesForPopup(


            @RequestParam("orgId")Integer orgId,


            JwtAuthenticationToken authenticationToken,


            String name,


            Integer pageSize,


            Integer pageNo


    ){


    ){  Integer orgId = authenticationToken.getPrincipal().getOrganizationId();


        return  deviceService.query(orgId,name,pageSize,pageNo);


    }


}




 src/main/java/com/moral/security/auth/jwt/JwtTokenAuthenticationProcessingFilter.java


@@ -4,6 +4,7 @@


import com.moral.security.auth.jwt.extractor.TokenExtractor;


import com.moral.security.config.WebSecurityConfig;


import com.moral.security.model.token.RawAccessJwtToken;


import org.apache.commons.lang3.StringUtils;


import org.springframework.beans.factory.annotation.Autowired;


import org.springframework.security.core.Authentication;


import org.springframework.security.core.AuthenticationException;


@@ -12,6 +13,7 @@


import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;


import org.springframework.security.web.authentication.AuthenticationFailureHandler;


import org.springframework.security.web.util.matcher.RequestMatcher;


import org.springframework.web.bind.annotation.RequestMethod;




import javax.servlet.FilterChain;


import javax.servlet.ServletException;


@@ -42,6 +44,11 @@


    public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)


            throws AuthenticationException, IOException, ServletException {


        String tokenPayload = request.getHeader(WebSecurityConfig.AUTHENTICATION_HEADER_NAME);


        //GET请求 如果头部获取不到token信息,从参数列表去取。post请求必须放在头部


        if(StringUtils.isBlank(tokenPayload)&&"GET".equals(request.getMethod())){


            //头部标志加上


            tokenPayload = "Bearer "+request.getParameter(WebSecurityConfig.AUTHENTICATION_PARAM_NAME);


        }


        RawAccessJwtToken token = new RawAccessJwtToken(tokenExtractor.extract(tokenPayload));


        return getAuthenticationManager().authenticate(new JwtAuthenticationToken(token));


    }




 src/main/java/com/moral/security/config/WebSecurityConfig.java


@@ -36,6 +36,7 @@


@EnableWebSecurity


public class WebSecurityConfig extends WebSecurityConfigurerAdapter {


    public static final String AUTHENTICATION_HEADER_NAME = "X-Authorization";


    public static final String AUTHENTICATION_PARAM_NAME = "_token";


    public static final String AUTHENTICATION_URL = "/auth/login";


    public static final String REFRESH_TOKEN_URL = "/auth/token";


    public static final String API_ROOT_URL = "/**/*";




 src/main/java/com/moral/security/model/token/JwtTokenFactory.java


@@ -30,15 +30,7 @@




    @Autowired


    public JwtTokenFactory(JwtSettings settings) {


        this.settings = settings;




//        JwtSettings setting1 = new JwtSettings();


//        setting1.setRefreshTokenExpTime(60);


//        setting1.setTokenExpirationTime(15);


//        setting1.setTokenIssuer("http://monitor.7drlb.com");


//        setting1.setTokenSigningKey("xm9EV6Hy5RAFL8EEACIDAwQus");


//        System.out.println("+++++++++++++++++++++++++++++++++=1231231312a");


//        this.settings = setting1;


        this.settings = settings;;


    }




    /**