refactor: 后台服务间调用区分sso token
This commit is contained in:
parent
7dc151e940
commit
f71158e327
|
@ -7,6 +7,7 @@ public class SessionConstants {
|
||||||
|
|
||||||
public final static String HEADER_TOKEN = "X-AUTH-TOKEN";
|
public final static String HEADER_TOKEN = "X-AUTH-TOKEN";
|
||||||
public final static String CSRF_TOKEN = "CSRF-TOKEN";
|
public final static String CSRF_TOKEN = "CSRF-TOKEN";
|
||||||
|
public final static String SSO_TOKEN = "SSO-TOKEN";
|
||||||
public final static String CURRENT_PROJECT = "PROJECT";
|
public final static String CURRENT_PROJECT = "PROJECT";
|
||||||
public final static String CURRENT_WORKSPACE = "WORKSPACE";
|
public final static String CURRENT_WORKSPACE = "WORKSPACE";
|
||||||
public final static String ACCESS_KEY = "accessKey";
|
public final static String ACCESS_KEY = "accessKey";
|
||||||
|
|
|
@ -60,6 +60,7 @@ public class HttpHeaderUtils {
|
||||||
|
|
||||||
headers.add(SessionConstants.HEADER_TOKEN, sessionUser.getSessionId());
|
headers.add(SessionConstants.HEADER_TOKEN, sessionUser.getSessionId());
|
||||||
headers.add(SessionConstants.CSRF_TOKEN, sessionUser.getCsrfToken());
|
headers.add(SessionConstants.CSRF_TOKEN, sessionUser.getCsrfToken());
|
||||||
|
headers.add(SessionConstants.SSO_TOKEN, sessionUser.getId());
|
||||||
headers.add(SessionConstants.CURRENT_PROJECT, sessionUser.getLastProjectId());
|
headers.add(SessionConstants.CURRENT_PROJECT, sessionUser.getLastProjectId());
|
||||||
headers.add(SessionConstants.CURRENT_WORKSPACE, sessionUser.getLastWorkspaceId());
|
headers.add(SessionConstants.CURRENT_WORKSPACE, sessionUser.getLastWorkspaceId());
|
||||||
}
|
}
|
||||||
|
|
|
@ -1,7 +1,6 @@
|
||||||
package io.metersphere.security;
|
package io.metersphere.security;
|
||||||
|
|
||||||
import io.metersphere.commons.constants.SessionConstants;
|
import io.metersphere.commons.constants.SessionConstants;
|
||||||
import io.metersphere.commons.utils.LogUtil;
|
|
||||||
import org.apache.commons.lang3.StringUtils;
|
import org.apache.commons.lang3.StringUtils;
|
||||||
import org.apache.shiro.SecurityUtils;
|
import org.apache.shiro.SecurityUtils;
|
||||||
import org.apache.shiro.authc.UsernamePasswordToken;
|
import org.apache.shiro.authc.UsernamePasswordToken;
|
||||||
|
@ -21,9 +20,9 @@ public class ApiKeyFilter extends AnonymousFilter {
|
||||||
// 不是apikey的通过
|
// 不是apikey的通过
|
||||||
if (!ApiKeyHandler.isApiKeyCall(httpRequest) && !SecurityUtils.getSubject().isAuthenticated()) {
|
if (!ApiKeyHandler.isApiKeyCall(httpRequest) && !SecurityUtils.getSubject().isAuthenticated()) {
|
||||||
// sso 带了token的
|
// sso 带了token的
|
||||||
String userId = ApiKeySessionHandler.validate(httpRequest);
|
String userId = SSOSessionHandler.validate(httpRequest);
|
||||||
if (StringUtils.isNotBlank(userId)) {
|
if (StringUtils.isNotBlank(userId)) {
|
||||||
SecurityUtils.getSubject().login(new UsernamePasswordToken(userId, ApiKeySessionHandler.random));
|
SecurityUtils.getSubject().login(new UsernamePasswordToken(userId, SSOSessionHandler.random));
|
||||||
}
|
}
|
||||||
return true;
|
return true;
|
||||||
}
|
}
|
||||||
|
@ -32,7 +31,7 @@ public class ApiKeyFilter extends AnonymousFilter {
|
||||||
if (!SecurityUtils.getSubject().isAuthenticated()) {
|
if (!SecurityUtils.getSubject().isAuthenticated()) {
|
||||||
String userId = ApiKeyHandler.getUser(WebUtils.toHttp(request));
|
String userId = ApiKeyHandler.getUser(WebUtils.toHttp(request));
|
||||||
if (StringUtils.isNotBlank(userId)) {
|
if (StringUtils.isNotBlank(userId)) {
|
||||||
SecurityUtils.getSubject().login(new UsernamePasswordToken(userId, ApiKeySessionHandler.random));
|
SecurityUtils.getSubject().login(new UsernamePasswordToken(userId, SSOSessionHandler.random));
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@ -45,6 +44,13 @@ public class ApiKeyFilter extends AnonymousFilter {
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void postHandle(ServletRequest request, ServletResponse response) throws Exception {
|
protected void postHandle(ServletRequest request, ServletResponse response) throws Exception {
|
||||||
|
HttpServletRequest httpRequest = WebUtils.toHttp(request);
|
||||||
|
// sso 带了token的 退出
|
||||||
|
String userId = httpRequest.getHeader(SessionConstants.SSO_TOKEN);
|
||||||
|
if (StringUtils.isNotBlank(userId) && SecurityUtils.getSubject().isAuthenticated()) {
|
||||||
|
SecurityUtils.getSubject().logout();
|
||||||
|
}
|
||||||
|
// apikey 退出
|
||||||
if (ApiKeyHandler.isApiKeyCall(WebUtils.toHttp(request)) && SecurityUtils.getSubject().isAuthenticated()) {
|
if (ApiKeyHandler.isApiKeyCall(WebUtils.toHttp(request)) && SecurityUtils.getSubject().isAuthenticated()) {
|
||||||
SecurityUtils.getSubject().logout();
|
SecurityUtils.getSubject().logout();
|
||||||
}
|
}
|
||||||
|
|
|
@ -9,7 +9,7 @@ import org.apache.commons.lang3.StringUtils;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import java.util.UUID;
|
import java.util.UUID;
|
||||||
|
|
||||||
public class ApiKeySessionHandler {
|
public class SSOSessionHandler {
|
||||||
|
|
||||||
public static String random = UUID.randomUUID() + UUID.randomUUID().toString();
|
public static String random = UUID.randomUUID() + UUID.randomUUID().toString();
|
||||||
|
|
Loading…
Reference in New Issue