API SvcCD Setting변경, 고정토큰 처리 추가
This commit is contained in:
@@ -1,6 +1,8 @@
|
||||
package com.eactive.eai.adapter.http.dynamic.filter;
|
||||
|
||||
import com.eactive.eai.adapter.http.dynamic.HttpAdapterServiceSupport;
|
||||
//import com.eactive.eai.authserver.vo.BearerTokenInfo;
|
||||
//import com.eactive.eai.authserver.custom.BearerTokenService;
|
||||
import com.eactive.eai.authserver.service.OAuth2Manager;
|
||||
import com.eactive.eai.authserver.vo.ClientVO;
|
||||
import com.eactive.eai.common.message.EAIMessage;
|
||||
@@ -9,6 +11,7 @@ import com.eactive.eai.common.property.PropGroupVO;
|
||||
import com.eactive.eai.common.property.PropManager;
|
||||
import com.eactive.eai.common.stdmessage.STDMessageManager;
|
||||
import com.eactive.eai.common.util.Logger;
|
||||
import com.eactive.eai.common.util.StringUtil;
|
||||
import com.eactive.eai.inbound.action.ActionFactory;
|
||||
import com.eactive.eai.inbound.action.RequestAction;
|
||||
import com.eactive.eai.inbound.processor.Processor;
|
||||
@@ -35,7 +38,9 @@ import java.text.ParseException;
|
||||
import java.util.Base64;
|
||||
import java.util.Date;
|
||||
import java.util.HashSet;
|
||||
import java.util.Map;
|
||||
import java.util.Properties;
|
||||
import java.util.concurrent.ConcurrentHashMap;
|
||||
|
||||
public class ApiAuthFilter implements HttpAdapterFilter {
|
||||
static Logger logger = Logger.getLogger(Logger.LOGGER_ADAPTER);
|
||||
@@ -52,7 +57,10 @@ public class ApiAuthFilter implements HttpAdapterFilter {
|
||||
|
||||
private JWSVerifier jwsVerifier;
|
||||
|
||||
public ApiAuthFilter() {
|
||||
// // CA 토큰 저장소
|
||||
// private final Map<String, BearerTokenInfo> CATokenStore = new ConcurrentHashMap<>();
|
||||
|
||||
public ApiAuthFilter() {
|
||||
super();
|
||||
|
||||
PropGroupVO vo = PropManager.getInstance().getPropGroupVO(PROP_GROUP_AUTH_SERVER);
|
||||
@@ -94,6 +102,7 @@ public class ApiAuthFilter implements HttpAdapterFilter {
|
||||
*/
|
||||
StandardMessage standardMessage = STDMessageManager.getInstance().getSTDMessage(apiId);
|
||||
String eaiSvcCd = StandardMessageManager.getInstance().getMapper().getEaiSvcCode(standardMessage);
|
||||
if(!StringUtils.equals(eaiSvcCd, prop.getProperty("API_SERVICE_CODE"))) eaiSvcCd = prop.getProperty("API_SERVICE_CODE");
|
||||
EAIMessage eaiMessage = EAIMessageManager.getInstance().getEAIMessage(eaiSvcCd);
|
||||
|
||||
if(StringUtils.isBlank(eaiMessage.getAuthType())){
|
||||
@@ -106,7 +115,9 @@ public class ApiAuthFilter implements HttpAdapterFilter {
|
||||
String token = ApiAuthFilter.extractJWTToken(request);
|
||||
SignedJWT signedJWT = SignedJWT.parse(token);
|
||||
|
||||
if (new Date().after(signedJWT.getJWTClaimsSet().getExpirationTime())) {
|
||||
if (signedJWT.getJWTClaimsSet().getExpirationTime() == null) {
|
||||
logger.debug("Static Token");
|
||||
} else if (new Date().after(signedJWT.getJWTClaimsSet().getExpirationTime())) {
|
||||
throw new JwtAuthException(ERROR_TOKEN_EXPIRED, "Access token expired");
|
||||
}
|
||||
|
||||
@@ -133,6 +144,26 @@ public class ApiAuthFilter implements HttpAdapterFilter {
|
||||
throw new JwtAuthException(ERROR_AUTHENTICATION_FAIL, "Token invalid");
|
||||
}
|
||||
break;
|
||||
// case "bearer":
|
||||
// try {
|
||||
// String token = ApiAuthFilter.extractJWTToken(request);
|
||||
// BearerTokenInfo CATokenInfo = CATokenStore.get(token);
|
||||
//
|
||||
// if (CATokenInfo == null) {
|
||||
// throw new JwtAuthException(ERROR_AUTHENTICATION_FAIL, "Token invalid");
|
||||
// }
|
||||
//
|
||||
// if (CATokenInfo.isExpired()) {
|
||||
// throw new JwtAuthException(ERROR_TOKEN_EXPIRED, "Access token expired");
|
||||
// }
|
||||
// } catch (JwtAuthException e) {
|
||||
// logger.debug(e.getMessage());
|
||||
// throw e;
|
||||
// } catch (Exception e) {
|
||||
// logger.error(e.getMessage());
|
||||
// throw new JwtAuthException(ERROR_AUTHENTICATION_FAIL, "Token invalid");
|
||||
// }
|
||||
// break;
|
||||
case "api_key":
|
||||
String apiKeyName = PropManager.getInstance().getProperty("ApiConfig", "api.key.name", "x-api-key");
|
||||
String apiKey = request.getHeader(apiKeyName);
|
||||
@@ -158,7 +189,7 @@ public class ApiAuthFilter implements HttpAdapterFilter {
|
||||
return message;
|
||||
}
|
||||
|
||||
private boolean verifyClientId(Properties prop, SignedJWT signedJWT) {
|
||||
private boolean verifyClientId(Properties prop, SignedJWT signedJWT) throws JwtAuthException {
|
||||
try {
|
||||
// 이전 filter에서 셋팅한 clientId 확보
|
||||
String headerClientId = prop.getProperty(HttpAdapterServiceSupport.PROPERTIES_NAME_CLIENT_ID);
|
||||
@@ -176,6 +207,7 @@ public class ApiAuthFilter implements HttpAdapterFilter {
|
||||
}
|
||||
} catch (Exception e) {
|
||||
logger.error(e.getMessage());
|
||||
throw new JwtAuthException(ERROR_AUTHENTICATION_FAIL, "Token invalid");
|
||||
}
|
||||
|
||||
return true;
|
||||
@@ -227,8 +259,16 @@ public class ApiAuthFilter implements HttpAdapterFilter {
|
||||
if (scopeArr == null || scopeArr.length == 0) {
|
||||
return false;
|
||||
}
|
||||
|
||||
String passScope = "oob,public";
|
||||
String[] passScopeArr = org.springframework.util.StringUtils.tokenizeToStringArray(passScope, ",");
|
||||
|
||||
for (String scope : scopeArr) {
|
||||
for (String pScope : passScopeArr) {
|
||||
if ( StringUtils.equalsAny(scope, pScope)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
if (scopeSet.contains(scope)) {
|
||||
return true;
|
||||
}
|
||||
|
||||
@@ -88,7 +88,9 @@ public class JwtAuthFilter implements HttpAdapterFilter {
|
||||
String token = JwtAuthFilter.extractJWTToken(request);
|
||||
SignedJWT signedJWT = SignedJWT.parse(token);
|
||||
|
||||
if (new Date().after(signedJWT.getJWTClaimsSet().getExpirationTime())) {
|
||||
if (signedJWT.getJWTClaimsSet().getExpirationTime() == null) {
|
||||
logger.debug("Static Token");
|
||||
} else if (new Date().after(signedJWT.getJWTClaimsSet().getExpirationTime())) {
|
||||
throw new JwtAuthException(ERROR_TOKEN_EXPIRED, "Access token expired");
|
||||
}
|
||||
|
||||
@@ -118,7 +120,7 @@ public class JwtAuthFilter implements HttpAdapterFilter {
|
||||
return message;
|
||||
}
|
||||
|
||||
private boolean verifyClientId(Properties prop, SignedJWT signedJWT) {
|
||||
private boolean verifyClientId(Properties prop, SignedJWT signedJWT) throws JwtAuthException {
|
||||
try {
|
||||
// 이전 filter에서 셋팅한 clientId 확보
|
||||
String headerClientId = prop.getProperty(HttpAdapterServiceSupport.PROPERTIES_NAME_CLIENT_ID);
|
||||
@@ -136,6 +138,7 @@ public class JwtAuthFilter implements HttpAdapterFilter {
|
||||
}
|
||||
} catch (Exception e) {
|
||||
logger.error(e.getMessage());
|
||||
throw new JwtAuthException(ERROR_AUTHENTICATION_FAIL, "Token invalid");
|
||||
}
|
||||
|
||||
return true;
|
||||
|
||||
Reference in New Issue
Block a user