OperateAuthFilter权限优化

5110af93 · guozhipeng · 381807bd · 5110af93
Commit 5110af93 authored Feb 10, 2025 by guozhipeng
Hide whitespace changes
Inline Side-by-side

Showing with 24 additions and 56 deletions

OperateAuthFilter.java ...stomer/lianchuangjie/common/filter/OperateAuthFilter.java +24 -56

No files found.
--- a/srv/src/main/java/customer/lianchuangjie/common/filter/OperateAuthFilter.java.txt
+++ b/srv/src/main/java/customer/lianchuangjie/common/filter/OperateAuthFilter.java.txt
@@ -2,6 +2,7 @@ package customer.lianchuangjie.common.filter;
 import com.alibaba.fastjson.JSONObject;
 import com.sap.cds.ql.Select;
+import com.sap.cloud.security.xsuaa.token.XsuaaToken;
 import customer.lianchuangjie.common.constant.CommonConstant;
 import customer.lianchuangjie.common.exception.BtpException;
 import customer.lianchuangjie.common.util.*;
@@ -90,60 +91,27 @@ public class OperateAuthFilter implements Filter {
            }
        }*/
+        String username = null;
+        Collection<? extends GrantedAuthority> authorities = null;
        Authentication authentication = SecurityContextHolder.getContext().getAuthentication();
        if (authentication != null && authentication.isAuthenticated()) {
-            String name = authentication.getName();//用户名 Username user/sap.default/zhipeng.guo@boscloud.cn
+            username = authentication.getName();//登录用户 user/sap.default/zhipeng.guo@boscloud.cn
-            Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();//权限的集合
+            int lastSlashIndex = username.lastIndexOf('/'); // 找到最后一个斜杠的索引
-            Object credentials = authentication.getCredentials();//获取凭证
+            if (lastSlashIndex != -1 && lastSlashIndex < username.length() - 1) {
-            Object details = authentication.getDetails();//获取详细信息
+                username = username.substring(lastSlashIndex + 1);// 提取斜杠后面的字符串
-            org.springframework.security.core.userdetails.User principal = (org.springframework.security.core.userdetails.User)authentication.getPrincipal();//获取主体信息
+            }
-            //Collection<GrantedAuthority> authorities0 = principal.getAuthorities();
+            authorities = authentication.getAuthorities();//角色集合[]
-            boolean isAuthenticated = authentication.isAuthenticated();//判断是否已认证
+        }
-            //log.info("用户名：{}", name);
+        log.info("[OperateAuthFilter.doFilter]登录用户 username：{}", username);
-            //log.info("返回一个包含授予权限的集合：{}", authorities);//Granted Authorities=[ROLE_ANONYMOUS]
+        log.info("[OperateAuthFilter.doFilter]角色集合 authorities：{}", authorities);
-            //log.info("获取凭证：{}", credentials);//登录密码 Credentials=[PROTECTED],
+        log.info("[OperateAuthFilter.doFilter]权限认证 authorization: {}", request.getHeader("authorization"));
-            //log.info("获取详细信息：{}", details);//Details=WebAuthenticationDetails [RemoteIpAddress=127.0.0.1, SessionId=null],
+        Cookie[] cookies = request.getCookies();
-            //log.info("判断是否已认证：{}", isAuthenticated);//Authenticated=true,
+        if (cookies != null && cookies.length > 0) {
-            //log.info("获取主体信息：{}", principal);//登录账号 Principal=anonymousUser,
+            for (Cookie cookie : cookies) {
-            //log.info("获取主体信息getPassword：{}", principal.get("password"));
+                log.info("[OperateAuthFilter.doFilter]cookie: {}", cookie.getName() + "=" + cookie.getValue());
-            //log.info("获取主体信息isEnabled：{}", principal.isEnabled());
-            log.info("获取主体信息getUsername：{}", principal.getUsername());
-            log.info("获取主体信息getAuthorities：{}", principal.getAuthorities());
-            /*
-            未登录时，使用的是匿名用户
-            用户名getName：anonymousUser
-            角色集合getAuthorities：[ROLE_ANONYMOUS]
-            登陆后使用的是配置文件中的用户
-            用户名getName：sabine
-            角色集合getAuthorities：[Administrators]
-            */
-            //返回结果
-            JSONObject result = new JSONObject();
-            result.put("name", name);
-            result.put("authorities", authorities);
-            result.put("credentials", credentials);
-            result.put("details", details);
-            result.put("principal", principal);
-            result.put("isAuthenticated", isAuthenticated);
-            result.put("success", false);
-            result.put("code", 403);
-            if (authorities == null || authorities.isEmpty()) {
-                result.put("message", "Username " + name + " Authorities " + authorities + " is null or empty!");
-                /*// 返回给前端
-                HttpServletResponse response = (HttpServletResponse) servletResponse;
-                // 设置返回状态码，比如403表示禁止访问
-                response.setStatus(HttpServletResponse.SC_FORBIDDEN);
-                response.setContentType("application/json; charset=utf-8");
-                PrintWriter out = servletResponse.getWriter();
-                out.println(result.toString());
-                out.flush();
-                out.close();
-                return;*/
            }
+        } else {
+            log.info("[OperateAuthFilter.doFilter]cookie: null");
        }
        //TODO 郭智朋 测试中 处理ODATA接口
@@ -227,13 +195,13 @@ public class OperateAuthFilter implements Filter {
            return;
        }*/
        // "/"是OData默认首页 禁止访问OData默认首页
-        if (request.getMethod().equals("GET") && ("/index.html".equals(uri))) {// "/index.html"跳转到"/main/webapp/index.html"
+        /*if (request.getMethod().equals("GET") && ("/index.html".equals(uri))) {// "/index.html"跳转到"/main/webapp/index.html"
            response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate");
            response.setHeader("Pragma", "no-cache");
            response.setHeader("Expires", "0");
            response.sendRedirect("/main/webapp/index.html");//重定向
            return;
-        }
+        }*/
        /*if (request.getMethod().equals("GET") && ("/".equals(uri))) {// "/"是OData默认首页 禁止访问OData默认首页
            response.setHeader("Cache-Control", "no-cache, no-store, must-revalidate");
            response.setHeader("Pragma", "no-cache");
@@ -241,9 +209,9 @@ public class OperateAuthFilter implements Filter {
            request.getServletContext().getRequestDispatcher("/main/webapp/index.html").forward(request, response);//重定向
            return;
        }*/
-        boolean allowUri = Pattern.matches("(.*/login/.*|.*/odata/v4/.*)", uri);
+        //boolean allowUri = Pattern.matches("(.*/login/.*|.*/odata/v4/.*)", uri);
        //排除用户登录和非Post请求
-        if (!allowUri && request.getMethod().equals("POST")) {
+        /*if (!allowUri && request.getMethod().equals("POST")) {
            //校验请求头中appKey参数: appKey为空或其不存在于系统中，或状态未鉴权通过均拦截
            if (StringUtils.isEmpty(appKey)) {
                if (!CommonConstant.userAuthenticationMap.containsKey(appKey)
@@ -264,7 +232,7 @@ public class OperateAuthFilter implements Filter {
                    request = new AuthHttpServletRequest(request, biz, "appKey", requestValueMap.get("appKey"));
                }
            }
-        }
+        }*/
        filterChain.doFilter(request, servletResponse);
    }