test-version22
/
MeterSphere
mirror of https://gitee.com/fit2cloud-feizhiyun/MeterSphere.git
1
0
Fork 0
Code Issues Projects Releases Wiki Activity

chore: 记录apikeyfilter 报错日志,方便查询

This commit is contained in:
CaptainB 2023-06-19 15:32:50 +08:00 committed by 刘瑞斌
parent aa4ad894f9
commit 858abed065
2 changed files with 9 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
framework/sdk-parent/sdk/src/main/java/io/metersphere/security/ApiKeyFilter.java
View File

@ -20,10 +20,13 @@ public class ApiKeyFilter extends AnonymousFilter {
// 不是apikey的通过 // 不是apikey的通过
if (!ApiKeyHandler.isApiKeyCall(httpRequest) && !SecurityUtils.getSubject().isAuthenticated()) { if (!ApiKeyHandler.isApiKeyCall(httpRequest) && !SecurityUtils.getSubject().isAuthenticated()) {
// sso 带了token的 // sso 带了token的
String token = httpRequest.getHeader(SessionConstants.SSO_TOKEN);
if (StringUtils.isNotBlank(token)) {
String userId = SSOSessionHandler.validate(httpRequest); String userId = SSOSessionHandler.validate(httpRequest);
if (StringUtils.isNotBlank(userId)) { if (StringUtils.isNotBlank(userId)) {
SecurityUtils.getSubject().login(new UsernamePasswordToken(userId, SSOSessionHandler.random)); SecurityUtils.getSubject().login(new UsernamePasswordToken(userId, SSOSessionHandler.random));
} }
}
return true; return true;
} }

3
framework/sdk-parent/sdk/src/main/java/io/metersphere/security/SSOSessionHandler.java
View File

@ -7,6 +7,8 @@ import io.metersphere.commons.utils.LogUtil;
import org.apache.commons.lang3.StringUtils; import org.apache.commons.lang3.StringUtils;
import jakarta.servlet.http.HttpServletRequest; import jakarta.servlet.http.HttpServletRequest;
import java.util.Arrays;
import java.util.UUID; import java.util.UUID;
public class SSOSessionHandler { public class SSOSessionHandler {
@ -30,6 +32,7 @@ public class SSOSessionHandler {
csrfToken = CodingUtil.aesDecrypt(csrfToken, SessionUser.secret, SessionUser.iv); csrfToken = CodingUtil.aesDecrypt(csrfToken, SessionUser.secret, SessionUser.iv);
String[] signatureArray = StringUtils.split(StringUtils.trimToNull(csrfToken), "|"); String[] signatureArray = StringUtils.split(StringUtils.trimToNull(csrfToken), "|");
if (signatureArray.length != 4) { if (signatureArray.length != 4) {
LogUtil.error("invalid token: {}", signatureArray);
throw new RuntimeException("invalid token"); throw new RuntimeException("invalid token");
} }
return signatureArray[0]; return signatureArray[0];