完善认证管理子系统
This commit is contained in:
Saturneric
parent
80e46c8cb8
commit
9515ebbc39
@ -14,6 +14,6 @@ public class JSONRandomCodeGenerator {
|
|||||||
|
|
||||||
public String generateRandomCode(String username, Date date, String clientCode){
|
public String generateRandomCode(String username, Date date, String clientCode){
|
||||||
return encoder.encode(String.format("RandomCode [%s][%s][%s]",
|
return encoder.encode(String.format("RandomCode [%s][%s][%s]",
|
||||||
username, date.toString(), clientCode));
|
username, Long.toString(date.getTime()), clientCode));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -0,0 +1,18 @@
|
|||||||
|
package com.codesdream.ase.component.auth;
|
||||||
|
|
||||||
|
import org.springframework.stereotype.Component;
|
||||||
|
|
||||||
|
import java.util.Date;
|
||||||
|
|
||||||
|
// 验证时间戳是否有效
|
||||||
|
@Component
|
||||||
|
public class TimestampExpiredChecker {
|
||||||
|
|
||||||
|
public boolean checkTimestampBeforeMaxTime(String timestamp, int seconds){
|
||||||
|
Date timestampDate = new Date(Long.parseLong(timestamp));
|
||||||
|
long currentTime = System.currentTimeMillis();
|
||||||
|
Date maxDate = new Date(currentTime + seconds * 1000);
|
||||||
|
return timestampDate.before(maxDate);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
@ -86,7 +86,13 @@ public class JSONParameter {
|
|||||||
|
|
||||||
// 获得标准的JSON响应字符串返回(403状态)
|
// 获得标准的JSON响应字符串返回(403状态)
|
||||||
public String getJSONStandardRespond403(){
|
public String getJSONStandardRespond403(){
|
||||||
JSONBaseRespondObject respondObject = new JSONBaseRespondObject(403, "forbidden");
|
JSONBaseRespondObject respondObject = new JSONBaseRespondObject(403, "Forbidden");
|
||||||
|
return getJSONString(respondObject);
|
||||||
|
}
|
||||||
|
|
||||||
|
// 获得标准的JSON响应字符串返回(401状态)
|
||||||
|
public String getJSONStandardRespond401(){
|
||||||
|
JSONBaseRespondObject respondObject = new JSONBaseRespondObject(401, "Unauthorized");
|
||||||
return getJSONString(respondObject);
|
return getJSONString(respondObject);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|||||||
@ -1,14 +1,15 @@
|
|||||||
package com.codesdream.ase.component.json.respond;
|
package com.codesdream.ase.component.json.respond;
|
||||||
|
|
||||||
|
import com.sun.org.apache.xpath.internal.operations.Bool;
|
||||||
import lombok.Data;
|
import lombok.Data;
|
||||||
import lombok.EqualsAndHashCode;
|
import lombok.EqualsAndHashCode;
|
||||||
|
|
||||||
@Data
|
@Data
|
||||||
public class UserLoginCheckerJSONRespond {
|
public class UserLoginCheckerJSONRespond {
|
||||||
boolean userExist = false;
|
Boolean userExist = null;
|
||||||
boolean loginStatus = false;
|
Boolean userBanned = null;
|
||||||
boolean userBanned = false;
|
Boolean loginStatus = null;
|
||||||
String respondInformation = "";
|
String respondInformation = "";
|
||||||
String token = "";
|
String token = null;
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|||||||
@ -26,15 +26,9 @@ public class ASEAccessDeniedHandler implements AccessDeniedHandler {
|
|||||||
throws IOException, ServletException {
|
throws IOException, ServletException {
|
||||||
log.info("ASEAccessDeniedHandler Found!");
|
log.info("ASEAccessDeniedHandler Found!");
|
||||||
|
|
||||||
response.setCharacterEncoding("utf-8");
|
// 对无权限操作返回403
|
||||||
response.setContentType("text/javascript;charset=utf-8");
|
response.getWriter().print(jsonParameter.getJSONStandardRespond403());
|
||||||
UserLoginCheckerJSONRespond checkerRespond = new UserLoginCheckerJSONRespond();
|
|
||||||
checkerRespond.setLoginStatus(true);
|
|
||||||
checkerRespond.setUserExist(true);
|
|
||||||
checkerRespond.setRespondInformation("Authenticated user has no access to this resource");
|
|
||||||
|
|
||||||
// 对匿名用户返回
|
|
||||||
response.getWriter().print(jsonParameter.getJSONString(checkerRespond));
|
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -24,8 +24,8 @@ public class ASEAuthenticationEntryPoint implements AuthenticationEntryPoint {
|
|||||||
@Override
|
@Override
|
||||||
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException)
|
public void commence(HttpServletRequest request, HttpServletResponse response, AuthenticationException authException)
|
||||||
throws IOException, ServletException {
|
throws IOException, ServletException {
|
||||||
// 对匿名用户返回403
|
// 对匿名用户返回401
|
||||||
response.getWriter().print(jsonParameter.getJSONStandardRespond403());
|
response.getWriter().print(jsonParameter.getJSONStandardRespond401());
|
||||||
|
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|||||||
@ -23,13 +23,14 @@ public class ASEAuthenticationFailureHandler extends SimpleUrlAuthenticationFail
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception)
|
public void onAuthenticationFailure(HttpServletRequest request, HttpServletResponse response, AuthenticationException exception)
|
||||||
throws IOException, ServletException
|
throws IOException
|
||||||
{
|
{
|
||||||
log.info("ASEAuthenticationFailureHandler Login Fail!");
|
log.info("ASEAuthenticationFailureHandler Login Fail!");
|
||||||
UserLoginCheckerJSONRespond respond = new UserLoginCheckerJSONRespond();
|
UserLoginCheckerJSONRespond respond = new UserLoginCheckerJSONRespond();
|
||||||
respond.setUserExist(false);
|
|
||||||
|
respond.setUserExist(null);
|
||||||
|
respond.setUserBanned(null);
|
||||||
respond.setLoginStatus(false);
|
respond.setLoginStatus(false);
|
||||||
respond.setUserBanned(true);
|
|
||||||
respond.setRespondInformation("Authentication Failed");
|
respond.setRespondInformation("Authentication Failed");
|
||||||
|
|
||||||
// 填充response对象
|
// 填充response对象
|
||||||
|
|||||||
@ -2,6 +2,7 @@ package com.codesdream.ase.component.permission;
|
|||||||
|
|
||||||
import com.codesdream.ase.component.auth.AJAXRequestChecker;
|
import com.codesdream.ase.component.auth.AJAXRequestChecker;
|
||||||
import com.codesdream.ase.component.auth.JSONTokenUsernamePasswordAuthenticationToken;
|
import com.codesdream.ase.component.auth.JSONTokenUsernamePasswordAuthenticationToken;
|
||||||
|
import com.codesdream.ase.component.auth.TimestampExpiredChecker;
|
||||||
import com.codesdream.ase.component.datamanager.JSONParameter;
|
import com.codesdream.ase.component.datamanager.JSONParameter;
|
||||||
import com.codesdream.ase.component.json.request.UserLoginChecker;
|
import com.codesdream.ase.component.json.request.UserLoginChecker;
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
@ -12,6 +13,7 @@ import org.springframework.security.core.Authentication;
|
|||||||
import org.springframework.security.core.AuthenticationException;
|
import org.springframework.security.core.AuthenticationException;
|
||||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
||||||
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
|
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
|
||||||
|
import org.springframework.web.bind.annotation.RequestMapping;
|
||||||
|
|
||||||
import javax.annotation.Resource;
|
import javax.annotation.Resource;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
@ -28,10 +30,20 @@ public class ASEUsernamePasswordAuthenticationFilter extends UsernamePasswordAut
|
|||||||
@Resource
|
@Resource
|
||||||
private AJAXRequestChecker ajaxRequestChecker;
|
private AJAXRequestChecker ajaxRequestChecker;
|
||||||
|
|
||||||
|
@Resource
|
||||||
|
private TimestampExpiredChecker timestampExpiredChecker;
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
|
public Authentication attemptAuthentication(HttpServletRequest request, HttpServletResponse response)
|
||||||
throws AuthenticationException {
|
throws AuthenticationException {
|
||||||
|
|
||||||
|
String timestamp = request.getHeader("timestamp");
|
||||||
|
|
||||||
|
// 检查时间戳是否合理(60秒内)
|
||||||
|
if(!timestampExpiredChecker.checkTimestampBeforeMaxTime(timestamp, 60)){
|
||||||
|
throw new AuthenticationServiceException("Timestamp Expired.");
|
||||||
|
}
|
||||||
|
|
||||||
// 判断是否为AJAX请求格式的数据
|
// 判断是否为AJAX请求格式的数据
|
||||||
if(!ajaxRequestChecker.checkAjaxPOSTRequest(request)) {
|
if(!ajaxRequestChecker.checkAjaxPOSTRequest(request)) {
|
||||||
throw new AuthenticationServiceException("Authentication method not supported: NOT Ajax Method.");
|
throw new AuthenticationServiceException("Authentication method not supported: NOT Ajax Method.");
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user