fix 用户验证错误

zhongzheng-framework/src/main/java/com/zhongzheng/framework/security/filter/JwtAuthenticationTokenFilter.java

@@ -1,7 +1,12 @@
 package com.zhongzheng.framework.security.filter;
 
 import cn.hutool.core.lang.Validator;
+import cn.hutool.http.HttpStatus;
+import com.zhongzheng.common.core.domain.AjaxResult;
 import com.zhongzheng.common.core.domain.model.TopLoginUser;
+import com.zhongzheng.common.exception.CustomException;
+import com.zhongzheng.common.utils.ServletUtils;
+import com.zhongzheng.common.utils.ip.IpUtils;
 import com.zhongzheng.framework.web.service.TopTokenService;
 import com.zhongzheng.modules.user.entity.ClientLoginUser;
 import com.zhongzheng.common.core.domain.model.LoginUser;
@@ -47,39 +52,46 @@ public class JwtAuthenticationTokenFilter extends OncePerRequestFilter
     protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain)
             throws ServletException, IOException
     {
-        String wxToken = wxTokenService.getToken(request);
+        try{
+            String wxToken = wxTokenService.getToken(request);
 
-        if(StringUtils.isNoneEmpty(wxToken)){
-            ClientLoginUser clientLoginUser = wxTokenService.getLoginUser(request);
-            if(clientLoginUser!=null){
-                wxTokenService.verifyToken(clientLoginUser);
-                UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(clientLoginUser, null,null);
-                authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
-                SecurityContextHolder.getContext().setAuthentication(authenticationToken);
-            }
-        }else{
-            if(!enabledTenant){
-                //SAAS管理员
-                TopLoginUser top_loginUser = topTokenService.getLoginUser(request);
-                if (Validator.isNotNull(top_loginUser) && Validator.isNull(SecurityUtils.getAuthentication()))
-                {
-                    topTokenService.verifyToken(top_loginUser);
-                    UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(top_loginUser, null, top_loginUser.getAuthorities());
+            if(StringUtils.isNoneEmpty(wxToken)){
+                ClientLoginUser clientLoginUser = wxTokenService.getLoginUser(request);
+                if(clientLoginUser!=null){
+                    wxTokenService.verifyToken(clientLoginUser);
+                    UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(clientLoginUser, null,null);
                     authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
                     SecurityContextHolder.getContext().setAuthentication(authenticationToken);
                 }
             }else{
-                //子系统
-                LoginUser loginUser = tokenService.getLoginUser(request);
-                if (Validator.isNotNull(loginUser) && Validator.isNull(SecurityUtils.getAuthentication()))
-                {
-                    tokenService.verifyToken(loginUser);
-                    UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(loginUser, null, loginUser.getAuthorities());
-                    authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
-                    SecurityContextHolder.getContext().setAuthentication(authenticationToken);
+                if(!enabledTenant){
+                    //SAAS管理员
+                    TopLoginUser top_loginUser = topTokenService.getLoginUser(request);
+                    if (Validator.isNotNull(top_loginUser) && Validator.isNull(SecurityUtils.getAuthentication()))
+                    {
+                        topTokenService.verifyToken(top_loginUser);
+                        UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(top_loginUser, null, top_loginUser.getAuthorities());
+                        authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
+                        SecurityContextHolder.getContext().setAuthentication(authenticationToken);
+                    }
+                }else{
+                        //子系统
+                    LoginUser loginUser = null;
+
+                       loginUser = tokenService.getLoginUser(request);
+
+                    if (Validator.isNotNull(loginUser) && Validator.isNull(SecurityUtils.getAuthentication()))
+                    {
+                        tokenService.verifyToken(loginUser);
+                        UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(loginUser, null, loginUser.getAuthorities());
+                        authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
+                        SecurityContextHolder.getContext().setAuthentication(authenticationToken);
+                    }
                 }
-            }
 
+            }
+        }catch (Exception e){
+            request.getRequestDispatcher("/filter/token_auth_fail").forward(request, response);
         }
         chain.doFilter(request, response);
     }

zhongzheng-framework/src/main/java/com/zhongzheng/framework/web/exception/GlobalExceptionHandler.java

@@ -6,6 +6,7 @@ import com.zhongzheng.common.core.domain.AjaxResult;
 import com.zhongzheng.common.exception.BaseException;
 import com.zhongzheng.common.exception.CustomException;
 import com.zhongzheng.common.exception.DemoModeException;
+import io.jsonwebtoken.ExpiredJwtException;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.security.access.AccessDeniedException;
@@ -21,7 +22,7 @@ import javax.validation.ConstraintViolationException;
 
 /**
  * 全局异常处理器
- * 
+ *
  * @author zhongzheng
  */
 @RestControllerAdvice
@@ -62,7 +63,12 @@ public class GlobalExceptionHandler
     public AjaxResult handleAuthorizationException(AccessDeniedException e)
     {
         log.error(e.getMessage());
-        return AjaxResult.error(HttpStatus.HTTP_FORBIDDEN, "没有权限，请联系管理员授权");
+        if("用户验证错误".equals(e.getMessage())){
+            return AjaxResult.error(HttpStatus.HTTP_UNAUTHORIZED, "用户验证错误");
+        }else{
+            return AjaxResult.error(HttpStatus.HTTP_FORBIDDEN, "没有权限，请联系管理员授权");
+        }
+
     }
 
     @ExceptionHandler(AccountExpiredException.class)
@@ -86,6 +92,7 @@ public class GlobalExceptionHandler
         return AjaxResult.error(e.getMessage());
     }
 
+
     /**
      * 自定义验证异常
      */

zhongzheng-framework/src/main/java/com/zhongzheng/framework/web/service/TokenService.java

@@ -2,9 +2,12 @@ package com.zhongzheng.framework.web.service;
 
 import cn.hutool.core.lang.Validator;
 import cn.hutool.core.util.IdUtil;
+import cn.hutool.http.HttpStatus;
 import cn.hutool.http.useragent.UserAgent;
 import cn.hutool.http.useragent.UserAgentUtil;
+import com.alibaba.fastjson.JSON;
 import com.zhongzheng.common.constant.Constants;
+import com.zhongzheng.common.core.domain.AjaxResult;
 import com.zhongzheng.common.core.domain.model.LoginUser;
 import com.zhongzheng.common.core.redis.RedisCache;
 import com.zhongzheng.common.exception.CustomException;
@@ -16,10 +19,12 @@ import com.zhongzheng.common.utils.ip.IpUtils;
 import com.zhongzheng.framework.manager.AsyncManager;
 import com.zhongzheng.framework.manager.factory.AsyncFactory;
 import io.jsonwebtoken.Claims;
+import io.jsonwebtoken.ExpiredJwtException;
 import io.jsonwebtoken.Jwts;
 import io.jsonwebtoken.SignatureAlgorithm;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.annotation.Value;
+import org.springframework.security.access.AccessDeniedException;
 import org.springframework.security.authentication.AuthenticationManager;
 import org.springframework.security.authentication.BadCredentialsException;
 import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
@@ -28,6 +33,7 @@ import org.springframework.stereotype.Component;
 
 import javax.annotation.Resource;
 import javax.servlet.http.HttpServletRequest;
+import java.io.IOException;
 import java.util.HashMap;
 import java.util.Map;
 import java.util.concurrent.TimeUnit;
@@ -69,8 +75,7 @@ public class TokenService
      *
      * @return 用户信息
      */
-    public LoginUser getLoginUser(HttpServletRequest request)
-    {
+    public LoginUser getLoginUser(HttpServletRequest request)  {
         //测试用户
         String test_token = request.getHeader("X-Auth-Token");
         if("test".equals(test_token)){
@@ -80,17 +85,12 @@ public class TokenService
         String token = getToken(request);
         if (Validator.isNotEmpty(token))
         {
+            String uuid = "";
             Claims claims = parseToken(token);
             // 解析对应的权限以及用户信息
-            String uuid = (String) claims.get(Constants.LOGIN_USER_KEY);
+            uuid = (String) claims.get(Constants.LOGIN_USER_KEY);
             String userKey = getTokenKey(uuid);
             LoginUser user = redisCache.getCacheObject(userKey);
-            if(Validator.isEmpty(user)){
-                throw new UserPasswordNotMatchException();
-            }
-            if(user==null){
-                throw new UserPasswordNotMatchException();
-            }
             return user;
         }
 
@@ -231,10 +231,12 @@ public class TokenService
      */
     private Claims parseToken(String token)
     {
-        return Jwts.parser()
-                .setSigningKey(secret)
-                .parseClaimsJws(token)
+        Claims claims;
+        claims = Jwts.parser()
+                .setSigningKey(secret) // 设置标识名
+                .parseClaimsJws(token)  //解析token
                 .getBody();
+        return claims;
     }
 
     /**

zhongzheng-generator/src/main/java/com/zhongzheng/generator/controller/FilterController.java

@@ -0,0 +1,18 @@
+package com.zhongzheng.generator.controller;
+
+import com.zhongzheng.common.exception.CustomException;
+import org.springframework.security.access.AccessDeniedException;
+import org.springframework.web.bind.annotation.RequestMapping;
+import org.springframework.web.bind.annotation.RestController;
+
+import javax.servlet.http.HttpServletRequest;
+
+@RequestMapping("/filter")
+@RestController
+public class FilterController {
+
+    @RequestMapping("/token_auth_fail")
+    public void loginAuthFail(HttpServletRequest request) {
+        throw new AccessDeniedException("用户验证错误");
+    }
+}

zhongzheng-quartz/src/main/java/com/zhongzheng/quartz/config/ScheduleConfig.java

@@ -8,7 +8,7 @@ import java.util.Properties;
 
 /**
  * 定时任务配置
- * 
+ *
  * @author zhongzheng
  */
 @Configuration