admin/MaxKey
1
0
Fork 0
mirror of https://gitee.com/dromara/MaxKey.git synced 2025-12-06 17:08:29 +08:00
Code Issues Packages Projects Releases Wiki Activity

change refresh token RequestHeader->RequestParam

Browse Source 
change LoginTokenRefreshPoint -> AuthTokenRefreshPoint
change refresh token RequestHeader->RequestParam
log details
This commit is contained in:
MaxKey 2022-08-08 08:37:39 +08:00
parent 4397b952c0
commit bf2401ac7d
10 changed files with 34 additions and 31 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/jwt/AuthRefreshTokenService.java
View File

@ -42,7 +42,7 @@ public class AuthRefreshTokenService extends AuthJwtService{
* @return * @return
*/ */
public String genRefreshToken(Authentication authentication) { public String genRefreshToken(Authentication authentication) {
_logger.trace("gen Refresh Token"); _logger.trace("generate Refresh JWT Token");
return genJwt( return genJwt(
authentication, authentication,
authJwkConfig.getIssuer(), authJwkConfig.getIssuer(),

1
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/jwt/AuthTokenService.java
View File

@ -66,6 +66,7 @@ public class AuthTokenService extends AuthJwtService{
public AuthJwt genAuthJwt(Authentication authentication) { public AuthJwt genAuthJwt(Authentication authentication) {
if(authentication != null) { if(authentication != null) {
String refreshToken = refreshTokenService.genRefreshToken(authentication); String refreshToken = refreshTokenService.genRefreshToken(authentication);
_logger.trace("generate JWT Token");
String accessToken = genJwt(authentication); String accessToken = genJwt(authentication);
AuthJwt authJwt = new AuthJwt( AuthJwt authJwt = new AuthJwt(
accessToken, accessToken,

14
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/LoginTokenRefreshPoint.java → maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/AuthTokenRefreshPoint.java
View File

@ -17,6 +17,8 @@
package org.maxkey.authn.web; package org.maxkey.authn.web;
import javax.servlet.http.HttpServletRequest;
import org.maxkey.authn.jwt.AuthJwt; import org.maxkey.authn.jwt.AuthJwt;
import org.maxkey.authn.jwt.AuthRefreshTokenService; import org.maxkey.authn.jwt.AuthRefreshTokenService;
import org.maxkey.authn.jwt.AuthTokenService; import org.maxkey.authn.jwt.AuthTokenService;
@ -24,6 +26,7 @@ import org.maxkey.authn.session.Session;
import org.maxkey.authn.session.SessionManager; import org.maxkey.authn.session.SessionManager;
import org.maxkey.entity.Message; import org.maxkey.entity.Message;
import org.maxkey.util.StringUtils; import org.maxkey.util.StringUtils;
import org.maxkey.web.WebContext;
import org.slf4j.Logger; import org.slf4j.Logger;
import org.slf4j.LoggerFactory; import org.slf4j.LoggerFactory;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
@ -31,13 +34,13 @@ import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType; import org.springframework.http.MediaType;
import org.springframework.http.ResponseEntity; import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller; import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RequestHeader;
import org.springframework.web.bind.annotation.RequestMapping; import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
@Controller @Controller
@RequestMapping(value = "/auth") @RequestMapping(value = "/auth")
public class LoginTokenRefreshPoint { public class AuthTokenRefreshPoint {
private static final Logger _logger = LoggerFactory.getLogger(LoginTokenRefreshPoint.class); private static final Logger _logger = LoggerFactory.getLogger(AuthTokenRefreshPoint.class);
@Autowired @Autowired
AuthTokenService authTokenService; AuthTokenService authTokenService;
@ -49,10 +52,11 @@ public class LoginTokenRefreshPoint {
SessionManager sessionManager; SessionManager sessionManager;
@RequestMapping(value={"/token/refresh"}, produces = {MediaType.APPLICATION_JSON_VALUE}) @RequestMapping(value={"/token/refresh"}, produces = {MediaType.APPLICATION_JSON_VALUE})
public ResponseEntity<?> refresh( public ResponseEntity<?> refresh(HttpServletRequest request,
@RequestHeader(name = "refresh_token", required = false) String refreshToken) { @RequestParam(name = "refresh_token", required = false) String refreshToken) {
_logger.debug("try to refresh token " ); _logger.debug("try to refresh token " );
_logger.trace("refresh token {} " , refreshToken); _logger.trace("refresh token {} " , refreshToken);
if(_logger.isTraceEnabled()) {WebContext.printRequest(request);}
try { try {
if(StringUtils.isNotBlank(refreshToken) if(StringUtils.isNotBlank(refreshToken)
&& refreshTokenService.validateJwtToken(refreshToken)) { && refreshTokenService.validateJwtToken(refreshToken)) {

2
maxkey-authentications/maxkey-authentication-core/src/main/java/org/maxkey/authn/web/interceptor/PermissionInterceptor.java
View File

@ -63,7 +63,7 @@ public class PermissionInterceptor implements AsyncHandlerInterceptor {
SignPrincipal principal = AuthorizationUtils.getPrincipal(); SignPrincipal principal = AuthorizationUtils.getPrincipal();
//判断用户是否登录,判断用户是否登录用户 //判断用户是否登录,判断用户是否登录用户
if(principal == null){ if(principal == null){
_logger.trace("No Authentication ... forward to /auth/entrypoint"); _logger.trace("No Authentication ... forward to /auth/entrypoint , request URI " + request.getRequestURI());
RequestDispatcher dispatcher = request.getRequestDispatcher("/auth/entrypoint"); RequestDispatcher dispatcher = request.getRequestDispatcher("/auth/entrypoint");
dispatcher.forward(request, response); dispatcher.forward(request, response);
return false; return false;

38
maxkey-core/src/main/java/org/maxkey/web/WebContext.java
View File

@ -237,26 +237,24 @@ public final class WebContext {
* @param request * @param request
*/ */
public static void printRequest(final HttpServletRequest request) { public static void printRequest(final HttpServletRequest request) {
if(_logger.isTraceEnabled()) { _logger.info("getContextPath : {}" , request.getContextPath());
_logger.trace("getContextPath : {}" , request.getContextPath()); _logger.info("getRequestURL : {} " , request.getRequestURL());
_logger.trace("getRequestURL : {} " , request.getRequestURL()); _logger.info("URL : {}" , request.getRequestURI().substring(request.getContextPath().length()));
_logger.trace("URL : {}" , request.getRequestURI().substring(request.getContextPath().length())); _logger.info("getMethod : {} " , request.getMethod());
_logger.trace("getMethod : {} " , request.getMethod());
Enumeration<String> headerNames = request.getHeaderNames();
Enumeration<String> headerNames = request.getHeaderNames(); while (headerNames.hasMoreElements()) {
while (headerNames.hasMoreElements()) { String key = (String) headerNames.nextElement();
String key = (String) headerNames.nextElement(); String value = request.getHeader(key);
String value = request.getHeader(key); _logger.info("Header key {} , value {}" , key, value);
_logger.trace("Header key {} , value {}" , key, value); }
}
Enumeration<String> parameterNames = request.getParameterNames();
Enumeration<String> parameterNames = request.getParameterNames(); while (parameterNames.hasMoreElements()) {
while (parameterNames.hasMoreElements()) { String key = (String) parameterNames.nextElement();
String key = (String) parameterNames.nextElement(); String value = request.getParameter(key);
String value = request.getParameter(key); _logger.info("Parameter {} , value {}",key , value);
_logger.trace("Parameter {} , value {}",key , value); }
}
}
} }
/** /**

2
maxkey-core/src/main/java/org/maxkey/web/WebInstRequestFilter.java
View File

@ -53,7 +53,7 @@ public class WebInstRequestFilter extends GenericFilterBean {
HttpServletRequest request= ((HttpServletRequest)servletRequest); HttpServletRequest request= ((HttpServletRequest)servletRequest);
if(request.getSession().getAttribute(WebConstants.CURRENT_INST) == null) { if(request.getSession().getAttribute(WebConstants.CURRENT_INST) == null) {
WebContext.printRequest(request); if(_logger.isTraceEnabled()) {WebContext.printRequest(request);}
String host = request.getHeader(HEADER_HOSTNAME); String host = request.getHeader(HEADER_HOSTNAME);
_logger.trace("hostname {}",host); _logger.trace("hostname {}",host);
if(StringUtils.isEmpty(host)) { if(StringUtils.isEmpty(host)) {

2
maxkey-core/src/main/java/org/maxkey/web/WebXssRequestFilter.java
View File

@ -72,7 +72,7 @@ public class WebXssRequestFilter extends GenericFilterBean {
_logger.trace("WebXssRequestFilter"); _logger.trace("WebXssRequestFilter");
boolean isWebXss = false; boolean isWebXss = false;
HttpServletRequest request= ((HttpServletRequest)servletRequest); HttpServletRequest request= ((HttpServletRequest)servletRequest);
if(_logger.isTraceEnabled()) {WebContext.printRequest(request);}
if(skipUrlMap.containsKey(request.getRequestURI().substring(request.getContextPath().length()))) { if(skipUrlMap.containsKey(request.getRequestURI().substring(request.getContextPath().length()))) {
isWebXss = false; isWebXss = false;
}else { }else {

BIN
maxkey-lib/mybatis-jpa-extra-2.7.jar
View File

Binary file not shown.

2
maxkey-web-frontend/maxkey-web-app/src/app/core/net/default.interceptor.ts
View File

@ -107,7 +107,7 @@ export class DefaultInterceptor implements HttpInterceptor {
*/ */
private refreshTokenRequest(): Observable<any> { private refreshTokenRequest(): Observable<any> {
const model = this.tokenSrv.get(); const model = this.tokenSrv.get();
return this.http.post(`/auth/token/refresh`, null, null, { headers: { refresh_token: model?.['refresh_token'] || '' } }); return this.http.post(`/auth/token/refresh`, null, { refresh_token: model?.['refresh_token'] || '' });
} }
// #region 刷新Token方式一使用 401 重新刷新 Token // #region 刷新Token方式一使用 401 重新刷新 Token

2
maxkey-web-frontend/maxkey-web-mgt-app/src/app/core/net/default.interceptor.ts
View File

@ -107,7 +107,7 @@ export class DefaultInterceptor implements HttpInterceptor {
*/ */
private refreshTokenRequest(): Observable<any> { private refreshTokenRequest(): Observable<any> {
const model = this.tokenSrv.get(); const model = this.tokenSrv.get();
return this.http.post(`/auth/token/refresh`, null, null, { headers: { refresh_token: model?.['refresh_token'] || '' } }); return this.http.post(`/auth/token/refresh`, null, { refresh_token: model?.['refresh_token'] || '' });
} }
// #region 刷新Token方式一使用 401 重新刷新 Token // #region 刷新Token方式一使用 401 重新刷新 Token