| | |
|---|
| | | import javax.servlet.http.HttpServletResponse; |
|---|
| | | import java.io.IOException; |
|---|
| | | import java.io.PrintWriter; |
|---|
| | | import java.util.Map; |
|---|
| | | import java.util.StringJoiner; |
|---|
| | | |
|---|
| | | /** |
|---|
| | | * AppId/Token 认证过滤器 |
|---|
| | |
|---|
| | | String token = TokenUtils.extractTokenFromHeader(authHeader); |
|---|
| | | String tokenAppId = token != null ? tokenService.getAppIdIfValid(token) : null; |
|---|
| | | if (!StringUtils.hasText(tokenAppId)) { |
|---|
| | | log.warn("Token验证失败或缺失"); |
|---|
| | | log.warn("Token验证失败或缺失 url={} params={}", requestUrlWithQuery(request), formatRequestParams(request)); |
|---|
| | | sendErrorResponse(response, Constants.UNAUTHENTICATED_CODE, "认证失败,请提供有效的Token"); |
|---|
| | | return; |
|---|
| | | } |
|---|
| | |
|---|
| | | writer.flush(); |
|---|
| | | } |
|---|
| | | |
|---|
| | | private static String requestUrlWithQuery(HttpServletRequest request) { |
|---|
| | | StringBuilder sb = new StringBuilder(request.getRequestURL()); |
|---|
| | | String qs = request.getQueryString(); |
|---|
| | | if (StringUtils.hasText(qs)) { |
|---|
| | | sb.append('?').append(qs); |
|---|
| | | } |
|---|
| | | return sb.toString(); |
|---|
| | | } |
|---|
| | | |
|---|
| | | private static String formatRequestParams(HttpServletRequest request) { |
|---|
| | | Map<String, String[]> pm = request.getParameterMap(); |
|---|
| | | if (pm.isEmpty()) { |
|---|
| | | return "-"; |
|---|
| | | } |
|---|
| | | StringJoiner j = new StringJoiner("&"); |
|---|
| | | for (Map.Entry<String, String[]> e : pm.entrySet()) { |
|---|
| | | for (String v : e.getValue()) { |
|---|
| | | j.add(e.getKey() + "=" + v); |
|---|
| | | } |
|---|
| | | } |
|---|
| | | return j.toString(); |
|---|
| | | } |
|---|
| | | |
|---|
| | | private boolean isAuthRequest(String requestURI) { |
|---|
| | | return requestURI != null && requestURI.contains("/getToken"); |
|---|
| | | } |
|---|
