审计日志相关代码提交
This commit is contained in:
@@ -3,8 +3,11 @@ package com.njcn.auth.controller;
|
||||
import com.nimbusds.jose.jwk.JWKSet;
|
||||
import com.nimbusds.jose.jwk.RSAKey;
|
||||
import com.njcn.auth.service.UserTokenService;
|
||||
import com.njcn.common.pojo.annotation.OperateInfo;
|
||||
import com.njcn.common.pojo.constant.OperateType;
|
||||
import com.njcn.common.pojo.constant.SecurityConstants;
|
||||
import com.njcn.common.pojo.dto.UserTokenInfo;
|
||||
import com.njcn.common.pojo.enums.common.LogEnum;
|
||||
import com.njcn.common.pojo.enums.response.CommonResponseEnum;
|
||||
import com.njcn.common.pojo.response.HttpResult;
|
||||
import com.njcn.common.utils.HttpResultUtil;
|
||||
@@ -59,7 +62,10 @@ public class AuthController extends BaseController {
|
||||
private final UserTokenService userTokenService;
|
||||
|
||||
|
||||
|
||||
|
||||
@ApiIgnore
|
||||
@OperateInfo(info = LogEnum.SYSTEM_COMMON, operateType = OperateType.AUTHENTICATE)
|
||||
@ApiOperation("登录认证")
|
||||
@ApiImplicitParams({
|
||||
@ApiImplicitParam(name = SecurityConstants.GRANT_TYPE, defaultValue = "password", value = "授权模式", required = true),
|
||||
@@ -88,7 +94,7 @@ public class AuthController extends BaseController {
|
||||
//用户的登录名&密码校验成功后,判断当前该用户是否可以正常使用系统
|
||||
userFeignClient.judgeUserStatus(username);
|
||||
//登录成功后,记录token信息,并处理踢人效果
|
||||
userTokenService.recordUserInfo(oAuth2AccessToken);
|
||||
userTokenService.recordUserInfo(oAuth2AccessToken,RequestUtil.getRealIp());
|
||||
if (!grantType.equalsIgnoreCase(SecurityConstants.PASSWORD)) {
|
||||
return HttpResultUtil.assembleCommonResponseResult(CommonResponseEnum.SUCCESS, oAuth2AccessToken, methodDescribe);
|
||||
} else {
|
||||
|
||||
@@ -42,11 +42,13 @@ public class AuthExceptionHandler {
|
||||
@ExceptionHandler(InvalidGrantException.class)
|
||||
public HttpResult<String> handleInvalidGrantException(HttpServletRequest httpServletRequest, InvalidGrantException invalidGrantException) {
|
||||
String loginName = invalidGrantException.getMessage();
|
||||
logService.recodeAuthExceptionLog(invalidGrantException, httpServletRequest, UserResponseEnum.LOGIN_WRONG_PWD.getMessage(), loginName);
|
||||
|
||||
HttpResult<String> result = userFeignClient.updateUserLoginErrorTimes(loginName);
|
||||
if (result.getData().equals(UserResponseEnum.LOGIN_USER_LOCKED.getMessage())) {
|
||||
logService.recodeAuthExceptionLog(invalidGrantException, httpServletRequest, UserResponseEnum.LOGIN_USER_LOCKED.getMessage(), loginName);
|
||||
return HttpResultUtil.assembleResult(UserResponseEnum.LOGIN_USER_LOCKED.getCode(), null, UserResponseEnum.LOGIN_USER_LOCKED.getMessage());
|
||||
} else {
|
||||
logService.recodeAuthExceptionLog(invalidGrantException, httpServletRequest, UserResponseEnum.LOGIN_WRONG_PWD.getMessage(), loginName);
|
||||
return HttpResultUtil.assembleResult(UserResponseEnum.LOGIN_WRONG_PWD.getCode(), null, UserResponseEnum.LOGIN_WRONG_PWD.getMessage());
|
||||
}
|
||||
}
|
||||
|
||||
@@ -2,11 +2,16 @@ package com.njcn.auth.service;
|
||||
|
||||
import cn.hutool.json.JSONObject;
|
||||
import cn.hutool.json.JSONUtil;
|
||||
import com.github.tocrhz.mqtt.publisher.MqttPublisher;
|
||||
import com.nimbusds.jose.JWSObject;
|
||||
import com.njcn.common.config.GeneralInfo;
|
||||
import com.njcn.common.pojo.constant.OperateType;
|
||||
import com.njcn.common.pojo.constant.SecurityConstants;
|
||||
import com.njcn.common.pojo.dto.LogInfoDTO;
|
||||
import com.njcn.common.pojo.dto.UserTokenInfo;
|
||||
import com.njcn.common.pojo.enums.response.CommonResponseEnum;
|
||||
import com.njcn.common.pojo.exception.BusinessException;
|
||||
import com.njcn.common.utils.PubUtils;
|
||||
import com.njcn.redis.utils.RedisUtil;
|
||||
import lombok.AllArgsConstructor;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
@@ -33,6 +38,10 @@ public class UserTokenService {
|
||||
|
||||
private final RedisUtil redisUtil;
|
||||
|
||||
private final MqttPublisher publisher;
|
||||
|
||||
private final GeneralInfo generalInfo;
|
||||
|
||||
|
||||
/**
|
||||
* 记录用户token信息,并经过处理后达到最新登录的使用者,将之前的token信息置为黑名单,过期状态
|
||||
@@ -45,7 +54,7 @@ public class UserTokenService {
|
||||
* @param oAuth2AccessToken 认证后的最新token信息
|
||||
*/
|
||||
@Async("asyncExecutor")
|
||||
public void recordUserInfo(OAuth2AccessToken oAuth2AccessToken) {
|
||||
public void recordUserInfo(OAuth2AccessToken oAuth2AccessToken,String ip) {
|
||||
UserTokenInfo userTokenInfo = new UserTokenInfo();
|
||||
String accessTokenValue = oAuth2AccessToken.getValue();
|
||||
JWSObject accessJwsObject ;
|
||||
@@ -56,6 +65,7 @@ public class UserTokenService {
|
||||
}
|
||||
JSONObject accessJson = JSONUtil.parseObj(accessJwsObject.getPayload().toString());
|
||||
String userIndex = accessJson.getStr(SecurityConstants.USER_INDEX_KEY);
|
||||
String nickName = accessJson.getStr(SecurityConstants.USER_NICKNAME_KEY);
|
||||
//查询是否有在线的当前用户
|
||||
String onlineUserKey = SecurityConstants.TOKEN_ONLINE_PREFIX + userIndex;
|
||||
Object onlineTokenInfoOld = redisUtil.getObjectByKey(onlineUserKey);
|
||||
@@ -91,6 +101,10 @@ public class UserTokenService {
|
||||
userTokenInfo.setRefreshTokenExpire(refreshLifeTime);
|
||||
//生命周期在refreshToken的基础上,延迟5分钟
|
||||
redisUtil.saveByKeyWithExpire(onlineUserKey, userTokenInfo, refreshLifeTime.plusMinutes(5L).toEpochSecond(ZoneOffset.of("+8")) - LocalDateTime.now().toEpochSecond(ZoneOffset.of("+8")));
|
||||
|
||||
//记录成功登录后的信息
|
||||
LogInfoDTO logInfoDTO = new LogInfoDTO(nickName, ip, "登录认证", OperateType.AUTHENTICATE, 1, "",0, 1, generalInfo.getMicroServiceName(), userIndex);
|
||||
publisher.send("/userLog", PubUtils.obj2json(logInfoDTO), 2, false);
|
||||
}
|
||||
|
||||
/**
|
||||
|
||||
@@ -51,6 +51,6 @@ mybatis-plus:
|
||||
|
||||
mqtt:
|
||||
uri: tcp://@middle.server.url@:1883
|
||||
client-id: @artifactId@
|
||||
client-id: @artifactId@${random.value}
|
||||
username: t_user
|
||||
password: njcnpqs
|
||||
|
||||
Reference in New Issue
Block a user