完善认证管理子系统
This commit is contained in:
Saturneric
parent
80e46c8cb8
commit
9515ebbc39
@ -14,6 +14,6 @@ public class JSONRandomCodeGenerator {
|
||||
|
||||
public String generateRandomCode(String username, Date date, String clientCode){
|
||||
return encoder.encode(String.format("RandomCode [%s][%s][%s]",
|
||||
username, date.toString(), clientCode));
|
||||
username, Long.toString(date.getTime()), clientCode));
|
||||
}
|
||||
}
|
||||
|
||||
@ -0,0 +1,18 @@
|
||||
package com.codesdream.ase.component.auth;
|
||||
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
import java.util.Date;
|
||||
|
||||
// 验证时间戳是否有效
|
||||
@Component
|
||||
public class TimestampExpiredChecker {
|
||||
|
||||
public boolean checkTimestampBeforeMaxTime(String timestamp, int seconds){
|
||||
Date timestampDate = new Date(Long.parseLong(timestamp));
|
||||
long currentTime = System.currentTimeMillis();
|
||||
Date maxDate = new Date(currentTime + seconds * 1000);
|
||||
return timestampDate.before(maxDate);
|
||||
}
|
||||
|
||||
}
|
||||
@ -86,7 +86,13 @@ public class JSONParameter {
|
||||
|
||||
// 获得标准的JSON响应字符串返回(403状态)
|
||||
public String getJSONStandardRespond403(){
|
||||
JSONBaseRespondObject respondObject = new JSONBaseRespondObject(403, "forbidden");
|
||||
JSONBaseRespondObject respondObject = new JSONBaseRespondObject(403, "Forbidden");
|
||||
return getJSONString(respondObject);
|
||||
}
|
||||
|
||||
// 获得标准的JSON响应字符串返回(401状态)
|
||||
public String getJSONStandardRespond401(){
|
||||
JSONBaseRespondObject respondObject = new JSONBaseRespondObject(401, "Unauthorized");
|
||||
return getJSONString(respondObject);
|
||||
}
|
||||
|
||||
|
||||
@ -1,14 +1,15 @@
|
||||
package com.codesdream.ase.component.json.respond;
|
||||
|
||||
import com.sun.org.apache.xpath.internal.operations.Bool;
|
||||
import lombok.Data;
|
||||
import lombok.EqualsAndHashCode;
|
||||
|
||||
@Data
|
||||
public class UserLoginCheckerJSONRespond {
|
||||
boolean userExist = false;
|
||||
boolean loginStatus = false;
|
||||
boolean userBanned = false;
|
||||
Boolean userExist = null;
|
||||
Boolean userBanned = null;
|
||||
Boolean loginStatus = null;
|
||||
String respondInformation = "";
|
||||
String token = "";
|
||||
String token = null;
|
||||
|
||||
}
|
||||
|
||||
@ -26,15 +26,9 @@ public class ASEAccessDeniedHandler implements AccessDeniedHandler {
|
||||
throws IOException, ServletException {
|
||||
log.info("ASEAccessDeniedHandler Found!");
|
||||
|
||||
response.setCharacterEncoding("utf-8");
|
||||
response.setContentType("text/javascript;charset=utf-8");
|
||||
UserLoginCheckerJSONRespond checkerRespond = new UserLoginCheckerJSONRespond();
|
||||
checkerRespond.setLoginStatus(true);
|
||||
checkerRespond.setUserExist(true);
|
||||
checkerRespond.setRespondInformation("Authenticated user has no access to this resource");
|
||||
// 对无权限操作返回403
|
||||
response.getWriter().print(jsonParameter.getJSONStandardRespond403());
|
||||
|
||||
// 对匿名用户返回
|
||||
response.getWriter().print(jsonParameter.getJSONString(checkerRespond));
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
@ -24,8 +24,8 @@ public class ASEAuthenticationEntryPoint implements AuthenticationEntryPoint {
|
||||
@Override
|
||||
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException)
|
||||
throws IOException, ServletException {
|
||||
// 对匿名用户返回403
|
||||
response.getWriter().print(jsonParameter.getJSONStandardRespond403());
|
||||
// 对匿名用户返回401
|
||||
response.getWriter().print(jsonParameter.getJSONStandardRespond401());
|
||||
|
||||
}
|
||||
}
|
||||
|
||||
@ -23,13 +23,14 @@ public class ASEAuthenticationFailureHandler extends SimpleUrlAuthenticationFail
|
||||
|
||||
@Override
|
||||
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception)
|
||||
throws IOException, ServletException
|
||||
throws IOException
|
||||
{
|
||||
log.info("ASEAuthenticationFailureHandler Login Fail!");
|
||||
UserLoginCheckerJSONRespond respond = new UserLoginCheckerJSONRespond();
|
||||
respond.setUserExist(false);
|
||||
|
||||
respond.setUserExist(null);
|
||||
respond.setUserBanned(null);
|
||||
respond.setLoginStatus(false);
|
||||
respond.setUserBanned(true);
|
||||
respond.setRespondInformation("Authentication Failed");
|
||||
|
||||
// 填充response对象
|
||||
|
||||
@ -2,6 +2,7 @@ package com.codesdream.ase.component.permission;
|
||||
|
||||
import com.codesdream.ase.component.auth.AJAXRequestChecker;
|
||||
import com.codesdream.ase.component.auth.JSONTokenUsernamePasswordAuthenticationToken;
|
||||
import com.codesdream.ase.component.auth.TimestampExpiredChecker;
|
||||
import com.codesdream.ase.component.datamanager.JSONParameter;
|
||||
import com.codesdream.ase.component.json.request.UserLoginChecker;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
@ -12,6 +13,7 @@ import org.springframework.security.core.Authentication;
|
||||
import org.springframework.security.core.AuthenticationException;
|
||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
||||
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
|
||||
import javax.annotation.Resource;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
@ -28,10 +30,20 @@ public class ASEUsernamePasswordAuthenticationFilter extends UsernamePasswordAut
|
||||
@Resource
|
||||
private AJAXRequestChecker ajaxRequestChecker;
|
||||
|
||||
@Resource
|
||||
private TimestampExpiredChecker timestampExpiredChecker;
|
||||
|
||||
@Override
|
||||
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
|
||||
throws AuthenticationException {
|
||||
|
||||
String timestamp = request.getHeader("timestamp");
|
||||
|
||||
// 检查时间戳是否合理(60秒内)
|
||||
if(!timestampExpiredChecker.checkTimestampBeforeMaxTime(timestamp, 60)){
|
||||
throw new AuthenticationServiceException("Timestamp Expired.");
|
||||
}
|
||||
|
||||
// 判断是否为AJAX请求格式的数据
|
||||
if(!ajaxRequestChecker.checkAjaxPOSTRequest(request)) {
|
||||
throw new AuthenticationServiceException("Authentication method not supported: NOT Ajax Method.");
|
||||
|
||||
Loading…
Reference in New Issue
Block a user