From baaff76ba638ac37f5b1dcffb27ba9f5a9fff937 Mon Sep 17 00:00:00 2001
From: fengxiang <110431245@qq.com>
Date: Mon, 05 Feb 2018 13:30:16 +0800
Subject: [PATCH] token放在get请求参数中
---
src/main/java/com/moral/security/model/token/JwtTokenFactory.java | 10 +---------
src/main/java/com/moral/controller/MapController.java | 32 +++++++++++++++++++++-----------
src/main/java/com/moral/security/auth/jwt/JwtTokenAuthenticationProcessingFilter.java | 7 +++++++
src/main/java/com/moral/security/config/WebSecurityConfig.java | 1 +
4 files changed, 30 insertions(+), 20 deletions(-)
diff --git a/src/main/java/com/moral/controller/MapController.java b/src/main/java/com/moral/controller/MapController.java
index 88281a4..9d0f0a8 100644
--- a/src/main/java/com/moral/controller/MapController.java
+++ b/src/main/java/com/moral/controller/MapController.java
@@ -10,6 +10,8 @@
import com.moral.entity.Device;
import com.moral.entity.MapBounds;
import com.moral.entity.MonitorPoint;
+import com.moral.security.auth.JwtAuthenticationToken;
+import com.moral.security.config.WebSecurityConfig;
import com.moral.service.*;
import lombok.extern.log4j.Log4j;
import org.apache.log4j.Logger;
@@ -29,6 +31,7 @@
@Controller
@RequestMapping("map")
public class MapController {
+ public final static String REFRESH_TOKEN = "_refresh_token";
public static Logger log = Logger.getLogger(MapController.class);
@Resource
DeviceService deviceService;
@@ -41,17 +44,23 @@
@Resource
MonitorPointService monitorPointService;
- @RequestMapping(value = "/main-page", method = RequestMethod.GET)
- public String map(Model model,@RequestParam("areaCode")int code,@RequestParam("accountId")int accountId){
- Account account = accountService.getAccountById(accountId);
+ @RequestMapping(value = "/screen-main", method = RequestMethod.GET)
+ public String map(Model model,
+ @RequestParam("areaCode")int code,
+ @RequestParam(WebSecurityConfig.AUTHENTICATION_PARAM_NAME)String token,
+ @RequestParam(REFRESH_TOKEN)String refreshToke,
+ JwtAuthenticationToken authenticationToken){
+ String accountName = authenticationToken.getPrincipal().getUsername();
+ Account account = accountService.getAccountByAccountName(accountName);
String regionName = areaService.selectFullNameByCode(code);
if(account!=null&®ionName!=null){
Object sensors = sensorService.queryAll();
JSONObject params = new JSONObject();
params.put("regionCode",code);
params.put("regionName",regionName);
- params.put("accountId", accountId);
- params.put("orgId", account.getOrganizationId());
+ //token ������������
+ params.put(WebSecurityConfig.AUTHENTICATION_PARAM_NAME, token);
+ params.put(REFRESH_TOKEN,refreshToke);
params.put("sensors", sensors);
String paramsJson = params.toJSONString();
model.addAttribute("mapParams",paramsJson);
@@ -60,17 +69,18 @@
StringBuilder msg = new StringBuilder();
msg.append(" param[0] areaCode:");
msg.append(code);
- msg.append(" param[0] accountId:");
- msg.append(accountId);
+ msg.append(" param[0] token:");
+ msg.append(token);
log.warn(msg);
return "401";
}
}
- @RequestMapping(value="/get-monitorpoints",method = RequestMethod.GET)
+ @RequestMapping(value="get-monitorpoints",method = RequestMethod.GET)
@ResponseBody
- public ResultBean getMonitorpointList(@RequestParam("orgId")String orgId,MapBounds mapBounds){
+ public ResultBean getMonitorpointList(JwtAuthenticationToken authenticationToken,MapBounds mapBounds){
ResultBean< List<MonitorPoint>> resultBean = new ResultBean();
Map<String,Object> paramMap = new HashMap<String, Object>();
+ Integer orgId = authenticationToken.getPrincipal().getOrganizationId();
paramMap.put("orgId", orgId);
paramMap.put("mapBounds",mapBounds);
List<MonitorPoint> list = monitorPointService.queryWithStateByMap(paramMap);
@@ -81,11 +91,11 @@
@RequestMapping(value = "get-devices-for-popup",method = RequestMethod.GET)
@ResponseBody
public PageResult getDevicesForPopup(
- @RequestParam("orgId")Integer orgId,
+ JwtAuthenticationToken authenticationToken,
String name,
Integer pageSize,
Integer pageNo
- ){
+ ){ Integer orgId = authenticationToken.getPrincipal().getOrganizationId();
return deviceService.query(orgId,name,pageSize,pageNo);
}
}
diff --git a/src/main/java/com/moral/security/auth/jwt/JwtTokenAuthenticationProcessingFilter.java b/src/main/java/com/moral/security/auth/jwt/JwtTokenAuthenticationProcessingFilter.java
index 4fb6f49..bcf294f 100644
--- a/src/main/java/com/moral/security/auth/jwt/JwtTokenAuthenticationProcessingFilter.java
+++ b/src/main/java/com/moral/security/auth/jwt/JwtTokenAuthenticationProcessingFilter.java
@@ -4,6 +4,7 @@
import com.moral.security.auth.jwt.extractor.TokenExtractor;
import com.moral.security.config.WebSecurityConfig;
import com.moral.security.model.token.RawAccessJwtToken;
+import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
@@ -12,6 +13,7 @@
import org.springframework.security.web.authentication.AbstractAuthenticationProcessingFilter;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.util.matcher.RequestMatcher;
+import org.springframework.web.bind.annotation.RequestMethod;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
@@ -42,6 +44,11 @@
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
throws AuthenticationException, IOException, ServletException {
String tokenPayload = request.getHeader(WebSecurityConfig.AUTHENTICATION_HEADER_NAME);
+ //GET������ ������������������������token������,������������������������post������������������������
+ if(StringUtils.isBlank(tokenPayload)&&"GET".equals(request.getMethod())){
+ //������������������
+ tokenPayload = "Bearer "+request.getParameter(WebSecurityConfig.AUTHENTICATION_PARAM_NAME);
+ }
RawAccessJwtToken token = new RawAccessJwtToken(tokenExtractor.extract(tokenPayload));
return getAuthenticationManager().authenticate(new JwtAuthenticationToken(token));
}
diff --git a/src/main/java/com/moral/security/config/WebSecurityConfig.java b/src/main/java/com/moral/security/config/WebSecurityConfig.java
index 41b91dc..2d1fceb 100644
--- a/src/main/java/com/moral/security/config/WebSecurityConfig.java
+++ b/src/main/java/com/moral/security/config/WebSecurityConfig.java
@@ -36,6 +36,7 @@
@EnableWebSecurity
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
public static final String AUTHENTICATION_HEADER_NAME = "X-Authorization";
+ public static final String AUTHENTICATION_PARAM_NAME = "_token";
public static final String AUTHENTICATION_URL = "/auth/login";
public static final String REFRESH_TOKEN_URL = "/auth/token";
public static final String API_ROOT_URL = "/**/*";
diff --git a/src/main/java/com/moral/security/model/token/JwtTokenFactory.java b/src/main/java/com/moral/security/model/token/JwtTokenFactory.java
index 4644e2d..226397e 100644
--- a/src/main/java/com/moral/security/model/token/JwtTokenFactory.java
+++ b/src/main/java/com/moral/security/model/token/JwtTokenFactory.java
@@ -30,15 +30,7 @@
@Autowired
public JwtTokenFactory(JwtSettings settings) {
- this.settings = settings;
-
-// JwtSettings setting1 = new JwtSettings();
-// setting1.setRefreshTokenExpTime(60);
-// setting1.setTokenExpirationTime(15);
-// setting1.setTokenIssuer("http://monitor.7drlb.com");
-// setting1.setTokenSigningKey("xm9EV6Hy5RAFL8EEACIDAwQus");
-// System.out.println("+++++++++++++++++++++++++++++++++=1231231312a");
-// this.settings = setting1;
+ this.settings = settings;;
}
/**
--
Gitblit v1.8.0