API SvcCD Setting변경, 고정토큰 처리 추가

This commit is contained in:
Yunsam.Eo
2025-12-10 23:07:09 +09:00
parent 5274ce811d
commit b6ba433fc9
2 changed files with 48 additions and 5 deletions
@@ -1,6 +1,8 @@
package com.eactive.eai.adapter.http.dynamic.filter;
import com.eactive.eai.adapter.http.dynamic.HttpAdapterServiceSupport;
//import com.eactive.eai.authserver.vo.BearerTokenInfo;
//import com.eactive.eai.authserver.custom.BearerTokenService;
import com.eactive.eai.authserver.service.OAuth2Manager;
import com.eactive.eai.authserver.vo.ClientVO;
import com.eactive.eai.common.message.EAIMessage;
@@ -9,6 +11,7 @@ import com.eactive.eai.common.property.PropGroupVO;
import com.eactive.eai.common.property.PropManager;
import com.eactive.eai.common.stdmessage.STDMessageManager;
import com.eactive.eai.common.util.Logger;
import com.eactive.eai.common.util.StringUtil;
import com.eactive.eai.inbound.action.ActionFactory;
import com.eactive.eai.inbound.action.RequestAction;
import com.eactive.eai.inbound.processor.Processor;
@@ -35,7 +38,9 @@ import java.text.ParseException;
import java.util.Base64;
import java.util.Date;
import java.util.HashSet;
import java.util.Map;
import java.util.Properties;
import java.util.concurrent.ConcurrentHashMap;
public class ApiAuthFilter implements HttpAdapterFilter {
static Logger logger = Logger.getLogger(Logger.LOGGER_ADAPTER);
@@ -52,7 +57,10 @@ public class ApiAuthFilter implements HttpAdapterFilter {
private JWSVerifier jwsVerifier;
public ApiAuthFilter() {
// // CA 토큰 저장소
// private final Map<String, BearerTokenInfo> CATokenStore = new ConcurrentHashMap<>();
public ApiAuthFilter() {
super();
PropGroupVO vo = PropManager.getInstance().getPropGroupVO(PROP_GROUP_AUTH_SERVER);
@@ -94,6 +102,7 @@ public class ApiAuthFilter implements HttpAdapterFilter {
*/
StandardMessage standardMessage = STDMessageManager.getInstance().getSTDMessage(apiId);
String eaiSvcCd = StandardMessageManager.getInstance().getMapper().getEaiSvcCode(standardMessage);
if(!StringUtils.equals(eaiSvcCd, prop.getProperty("API_SERVICE_CODE"))) eaiSvcCd = prop.getProperty("API_SERVICE_CODE");
EAIMessage eaiMessage = EAIMessageManager.getInstance().getEAIMessage(eaiSvcCd);
if(StringUtils.isBlank(eaiMessage.getAuthType())){
@@ -106,7 +115,9 @@ public class ApiAuthFilter implements HttpAdapterFilter {
String token = ApiAuthFilter.extractJWTToken(request);
SignedJWT signedJWT = SignedJWT.parse(token);
if (new Date().after(signedJWT.getJWTClaimsSet().getExpirationTime())) {
if (signedJWT.getJWTClaimsSet().getExpirationTime() == null) {
logger.debug("Static Token");
} else if (new Date().after(signedJWT.getJWTClaimsSet().getExpirationTime())) {
throw new JwtAuthException(ERROR_TOKEN_EXPIRED, "Access token expired");
}
@@ -133,6 +144,26 @@ public class ApiAuthFilter implements HttpAdapterFilter {
throw new JwtAuthException(ERROR_AUTHENTICATION_FAIL, "Token invalid");
}
break;
// case "bearer":
// try {
// String token = ApiAuthFilter.extractJWTToken(request);
// BearerTokenInfo CATokenInfo = CATokenStore.get(token);
//
// if (CATokenInfo == null) {
// throw new JwtAuthException(ERROR_AUTHENTICATION_FAIL, "Token invalid");
// }
//
// if (CATokenInfo.isExpired()) {
// throw new JwtAuthException(ERROR_TOKEN_EXPIRED, "Access token expired");
// }
// } catch (JwtAuthException e) {
// logger.debug(e.getMessage());
// throw e;
// } catch (Exception e) {
// logger.error(e.getMessage());
// throw new JwtAuthException(ERROR_AUTHENTICATION_FAIL, "Token invalid");
// }
// break;
case "api_key":
String apiKeyName = PropManager.getInstance().getProperty("ApiConfig", "api.key.name", "x-api-key");
String apiKey = request.getHeader(apiKeyName);
@@ -158,7 +189,7 @@ public class ApiAuthFilter implements HttpAdapterFilter {
return message;
}
private boolean verifyClientId(Properties prop, SignedJWT signedJWT) {
private boolean verifyClientId(Properties prop, SignedJWT signedJWT) throws JwtAuthException {
try {
// 이전 filter에서 셋팅한 clientId 확보
String headerClientId = prop.getProperty(HttpAdapterServiceSupport.PROPERTIES_NAME_CLIENT_ID);
@@ -176,6 +207,7 @@ public class ApiAuthFilter implements HttpAdapterFilter {
}
} catch (Exception e) {
logger.error(e.getMessage());
throw new JwtAuthException(ERROR_AUTHENTICATION_FAIL, "Token invalid");
}
return true;
@@ -227,8 +259,16 @@ public class ApiAuthFilter implements HttpAdapterFilter {
if (scopeArr == null || scopeArr.length == 0) {
return false;
}
String passScope = "oob,public";
String[] passScopeArr = org.springframework.util.StringUtils.tokenizeToStringArray(passScope, ",");
for (String scope : scopeArr) {
for (String pScope : passScopeArr) {
if ( StringUtils.equalsAny(scope, pScope)) {
return true;
}
}
if (scopeSet.contains(scope)) {
return true;
}
@@ -88,7 +88,9 @@ public class JwtAuthFilter implements HttpAdapterFilter {
String token = JwtAuthFilter.extractJWTToken(request);
SignedJWT signedJWT = SignedJWT.parse(token);
if (new Date().after(signedJWT.getJWTClaimsSet().getExpirationTime())) {
if (signedJWT.getJWTClaimsSet().getExpirationTime() == null) {
logger.debug("Static Token");
} else if (new Date().after(signedJWT.getJWTClaimsSet().getExpirationTime())) {
throw new JwtAuthException(ERROR_TOKEN_EXPIRED, "Access token expired");
}
@@ -118,7 +120,7 @@ public class JwtAuthFilter implements HttpAdapterFilter {
return message;
}
private boolean verifyClientId(Properties prop, SignedJWT signedJWT) {
private boolean verifyClientId(Properties prop, SignedJWT signedJWT) throws JwtAuthException {
try {
// 이전 filter에서 셋팅한 clientId 확보
String headerClientId = prop.getProperty(HttpAdapterServiceSupport.PROPERTIES_NAME_CLIENT_ID);
@@ -136,6 +138,7 @@ public class JwtAuthFilter implements HttpAdapterFilter {
}
} catch (Exception e) {
logger.error(e.getMessage());
throw new JwtAuthException(ERROR_AUTHENTICATION_FAIL, "Token invalid");
}
return true;