fix #I545XE

8bc688b8 · zhult13 · 9020eb9f · 8bc688b8 · 8bc688b8 · 8bc688b8
5 changed file
--- a/zlt-commons/zlt-auth-client-spring-boot-starter/pom.xml
+++ b/zlt-commons/zlt-auth-client-spring-boot-starter/pom.xml
@@ -42,5 +42,10 @@
            <artifactId>javax.servlet-api</artifactId>
            <scope>provided</scope>
        </dependency>
+        <dependency>
+            <groupId>org.apache.tomcat.embed</groupId>
+            <artifactId>tomcat-embed-websocket</artifactId>
+            <optional>true</optional>
+        </dependency>
    </dependencies>
 </project>
--- a/zlt-commons/zlt-auth-client-spring-boot-starter/src/main/java/com/central/oauth2/common/config/WcAuthConfigurator.java
+++ b/zlt-commons/zlt-auth-client-spring-boot-starter/src/main/java/com/central/oauth2/common/config/WcAuthConfigurator.java
+package com.central.oauth2.common.config;
+
+import com.central.oauth2.common.util.AuthUtils;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.web.context.request.RequestContextHolder;
+import org.springframework.web.context.request.ServletRequestAttributes;
+
+import javax.websocket.server.ServerEndpointConfig;
+
+/**
+ * webSocket鉴权配置
+ *
+ * @author zlt
+ * @version 1.0
+ * @date 2022/5/8
+ * <p>
+ * Blog: https://zlt2000.gitee.io
+ * Github: https://github.com/zlt2000
+ */
+@Slf4j
+public class WcAuthConfigurator extends ServerEndpointConfig.Configurator {
+    @Override
+    public boolean checkOrigin(String originHeaderValue) {
+        ServletRequestAttributes servletRequestAttributes = (ServletRequestAttributes) RequestContextHolder.getRequestAttributes();
+        try {
+            //检查token有效性
+            AuthUtils.checkAccessToken(servletRequestAttributes.getRequest());
+        } catch (Exception e) {
+            log.error("WebSocket-auth-error", e);
+            return false;
+        }
+        return super.checkOrigin(originHeaderValue);
+    }
+}
--- a/zlt-commons/zlt-auth-client-spring-boot-starter/src/main/java/com/central/oauth2/common/util/AuthUtils.java
+++ b/zlt-commons/zlt-auth-client-spring-boot-starter/src/main/java/com/central/oauth2/common/util/AuthUtils.java
@@ -3,11 +3,15 @@ package com.central.oauth2.common.util;
 import com.central.common.constant.CommonConstant;
 import com.central.common.constant.SecurityConstants;
 import com.central.common.model.SysUser;
+import com.central.common.utils.SpringUtil;
 import com.central.oauth2.common.token.CustomWebAuthenticationDetails;
 import lombok.extern.slf4j.Slf4j;
 import org.springframework.security.core.Authentication;
 import org.springframework.security.oauth2.common.OAuth2AccessToken;
+import org.springframework.security.oauth2.common.exceptions.InvalidTokenException;
 import org.springframework.security.oauth2.common.exceptions.UnapprovedClientAuthenticationException;
+import org.springframework.security.oauth2.provider.OAuth2Authentication;
+import org.springframework.security.oauth2.provider.token.TokenStore;

 import javax.servlet.http.HttpServletRequest;
 import java.nio.charset.StandardCharsets;
@@ -66,6 +70,29 @@ public class AuthUtils {
        return null;
    }

+    /**
+     * 校验accessToken
+     */
+    public static void checkAccessToken(HttpServletRequest request) {
+        String accessToken = extractHeaderToken(request);
+        checkAccessToken(accessToken);
+    }
+
+    public static void checkAccessToken(String accessTokenValue) {
+        TokenStore tokenStore = SpringUtil.getBean(TokenStore.class);
+        OAuth2AccessToken accessToken = tokenStore.readAccessToken(accessTokenValue);
+        if (accessToken == null || accessToken.getValue() == null) {
+            throw new InvalidTokenException("Invalid access token: " + accessTokenValue);
+        } else if (accessToken.isExpired()) {
+            tokenStore.removeAccessToken(accessToken);
+            throw new InvalidTokenException("Access token expired: " + accessTokenValue);
+        }
+        OAuth2Authentication result = tokenStore.readAuthentication(accessToken);
+        if (result == null) {
+            throw new InvalidTokenException("Invalid access token: " + accessTokenValue);
+        }
+    }
+
    /**
     * *从header 请求中的clientId:clientSecret
     */

--- a/zlt-commons/zlt-common-core/src/main/java/com/central/common/utils/SpringUtil.java
+++ b/zlt-commons/zlt-common-core/src/main/java/com/central/common/utils/SpringUtil.java
@@ -2,6 +2,7 @@ package com.central.common.utils;

 import org.springframework.context.ApplicationContext;
 import org.springframework.context.ApplicationContextAware;
+import org.springframework.core.annotation.Order;
 import org.springframework.core.env.Environment;
 import org.springframework.stereotype.Component;

@@ -11,6 +12,7 @@ import org.springframework.stereotype.Component;
 * @author 作者 owen E-mail: 624191343@qq.com
 */
 @Component
+@Order(0)
 public class SpringUtil implements ApplicationContextAware {

    private static ApplicationContext applicationContext = null;

--- a/zlt-commons/zlt-common-core/src/main/resources/META-INF/spring.factories
+++ b/zlt-commons/zlt-common-core/src/main/resources/META-INF/spring.factories
@@ -3,4 +3,5 @@ com.central.common.config.BannerInitializer

 org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
 com.central.common.feign.fallback.UserServiceFallbackFactory,\
-com.central.common.lock.LockAspect
\ No newline at end of file
+com.central.common.lock.LockAspect,\
+com.central.common.utils.SpringUtil
\ No newline at end of file