河北安全测评整改需求
This commit is contained in:
@@ -4,6 +4,7 @@ import cn.hutool.core.collection.CollectionUtil;
|
||||
import com.nimbusds.jose.jwk.JWKSet;
|
||||
import com.nimbusds.jose.jwk.RSAKey;
|
||||
import com.njcn.auth.service.UserTokenService;
|
||||
import com.njcn.auth.utils.AuthPubUtil;
|
||||
import com.njcn.common.pojo.annotation.OperateInfo;
|
||||
import com.njcn.common.pojo.constant.OperateType;
|
||||
import com.njcn.common.pojo.constant.SecurityConstants;
|
||||
@@ -47,6 +48,7 @@ import java.util.ArrayList;
|
||||
import java.util.List;
|
||||
import java.util.Map;
|
||||
import java.util.Objects;
|
||||
import java.util.stream.Collectors;
|
||||
|
||||
/**
|
||||
* @author hongawen
|
||||
@@ -73,7 +75,7 @@ public class AuthController extends BaseController {
|
||||
|
||||
|
||||
@ApiIgnore
|
||||
@OperateInfo(info = LogEnum.SYSTEM_COMMON, operateType = OperateType.AUTHENTICATE)
|
||||
@OperateInfo(info = LogEnum.SYSTEM_SERIOUS, operateType = OperateType.AUTHENTICATE)
|
||||
@ApiOperation("登录认证")
|
||||
@ApiImplicitParams({
|
||||
@ApiImplicitParam(name = SecurityConstants.GRANT_TYPE, defaultValue = "password", value = "授权模式", required = true),
|
||||
@@ -90,14 +92,7 @@ public class AuthController extends BaseController {
|
||||
public Object postAccessToken(@ApiIgnore Principal principal, @RequestParam @ApiIgnore Map<String, String> parameters) throws HttpRequestMethodNotSupportedException {
|
||||
String methodDescribe = getMethodDescribe("postAccessToken");
|
||||
String username = parameters.get(SecurityConstants.USERNAME);
|
||||
UserStrategy data = passWordRuleFeugnClient.getUserStrategy().getData();
|
||||
|
||||
String onlineUserKey = SecurityConstants.TOKEN_ONLINE_PREFIX;
|
||||
List<UserTokenInfo> onLineUser = (List<UserTokenInfo>) redisUtil.getLikeListAllValues(onlineUserKey);
|
||||
Integer maxNum = data.getMaxNum();
|
||||
if((CollectionUtil.isNotEmpty(onLineUser)?onLineUser.size():0)>=maxNum){
|
||||
throw new BusinessException(UserResponseEnum.LOGIN_USER_OVERLIMIT);
|
||||
}
|
||||
|
||||
String grantType = parameters.get(SecurityConstants.GRANT_TYPE);
|
||||
if (grantType.equalsIgnoreCase(SecurityConstants.GRANT_CAPTCHA) || grantType.equalsIgnoreCase(SecurityConstants.REFRESH_TOKEN_KEY)) {
|
||||
@@ -106,6 +101,24 @@ public class AuthController extends BaseController {
|
||||
//短信方式登录,将手机号赋值为用户名
|
||||
username = parameters.get(SecurityConstants.PHONE);
|
||||
}
|
||||
|
||||
UserStrategy data = passWordRuleFeugnClient.getUserStrategy().getData();
|
||||
String onlineUserKey = SecurityConstants.TOKEN_ONLINE_PREFIX;
|
||||
List<UserTokenInfo> onLineUser = (List<UserTokenInfo>) redisUtil.getLikeListAllValues(onlineUserKey);
|
||||
if(CollectionUtil.isNotEmpty(onLineUser)){
|
||||
String finalUsername = username;
|
||||
onLineUser = onLineUser.stream().filter(item->{
|
||||
String login = AuthPubUtil.getLoginByToken(item.getRefreshToken());
|
||||
return !login.equals(finalUsername);
|
||||
}).collect(Collectors.toList());
|
||||
}
|
||||
|
||||
Integer maxNum = data.getMaxNum();
|
||||
if((CollectionUtil.isNotEmpty(onLineUser)?onLineUser.size():0)>=maxNum){
|
||||
throw new BusinessException(UserResponseEnum.LOGIN_USER_OVERLIMIT);
|
||||
}
|
||||
|
||||
|
||||
if (grantType.equalsIgnoreCase(SecurityConstants.REFRESH_TOKEN_KEY)) {
|
||||
//如果是刷新token,需要去黑名单校验
|
||||
userTokenService.judgeRefreshToken(parameters.get(SecurityConstants.REFRESH_TOKEN_KEY));
|
||||
@@ -125,6 +138,7 @@ public class AuthController extends BaseController {
|
||||
}
|
||||
}
|
||||
|
||||
@OperateInfo(info = LogEnum.SYSTEM_SERIOUS, operateType = OperateType.LOGOUT)
|
||||
@ApiOperation("用户登出系统")
|
||||
@DeleteMapping("/logout")
|
||||
public HttpResult<Object> logout() {
|
||||
|
||||
@@ -1,9 +1,12 @@
|
||||
package com.njcn.auth.utils;
|
||||
|
||||
import cn.hutool.core.util.RandomUtil;
|
||||
import okhttp3.*;
|
||||
import cn.hutool.json.JSONObject;
|
||||
import cn.hutool.json.JSONUtil;
|
||||
import com.nimbusds.jose.JWSObject;
|
||||
import com.njcn.common.pojo.constant.SecurityConstants;
|
||||
import lombok.SneakyThrows;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
@@ -28,4 +31,13 @@ public class AuthPubUtil {
|
||||
return String.join("", textList);
|
||||
}
|
||||
|
||||
|
||||
@SneakyThrows
|
||||
public static String getLoginByToken(String token){
|
||||
JWSObject jwsObject = JWSObject.parse(token);
|
||||
String payload = jwsObject.getPayload().toString();
|
||||
JSONObject jsonObject = JSONUtil.parseObj(payload);
|
||||
return jsonObject.getStr(SecurityConstants.USER_NAME_KEY);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user