feat: License由网关控制
This commit is contained in:
caiyuchao
@@ -62,11 +62,6 @@
|
||||
<groupId>org.wfc</groupId>
|
||||
<artifactId>wfc-api-user</artifactId>
|
||||
</dependency>
|
||||
<!-- License -->
|
||||
<dependency>
|
||||
<groupId>org.wfc</groupId>
|
||||
<artifactId>wfc-common-license</artifactId>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
<build>
|
||||
|
||||
@@ -17,11 +17,6 @@
|
||||
<groupId>org.wfc</groupId>
|
||||
<artifactId>wfc-common-core</artifactId>
|
||||
</dependency>
|
||||
<!-- Spring Web -->
|
||||
<dependency>
|
||||
<groupId>org.springframework</groupId>
|
||||
<artifactId>spring-webmvc</artifactId>
|
||||
</dependency>
|
||||
<!-- License -->
|
||||
<dependency>
|
||||
<groupId>de.schlichtherle.truelicense</groupId>
|
||||
|
||||
@@ -10,7 +10,6 @@ import java.io.InputStream;
|
||||
|
||||
/**
|
||||
* 自定义KeyStoreParam,用于将公私钥存储文件存放到其他磁盘位置而不是项目中
|
||||
*
|
||||
*/
|
||||
public class CustomKeyStoreParam extends AbstractKeyStoreParam {
|
||||
|
||||
@@ -22,7 +21,7 @@ public class CustomKeyStoreParam extends AbstractKeyStoreParam {
|
||||
private String storePwd;
|
||||
private String keyPwd;
|
||||
|
||||
public CustomKeyStoreParam(Class clazz, String resource,String alias,String storePwd,String keyPwd) {
|
||||
public CustomKeyStoreParam(Class clazz, String resource, String alias, String storePwd, String keyPwd) {
|
||||
super(clazz, resource);
|
||||
this.storePath = resource;
|
||||
this.alias = alias;
|
||||
@@ -49,13 +48,14 @@ public class CustomKeyStoreParam extends AbstractKeyStoreParam {
|
||||
/**
|
||||
* 复写de.schlichtherle.license.AbstractKeyStoreParam的getStream()方法<br/>
|
||||
* 用于将公私钥存储文件存放到其他磁盘位置而不是项目中
|
||||
*
|
||||
* @param
|
||||
* @return java.io.InputStream
|
||||
*/
|
||||
@Override
|
||||
public InputStream getStream() throws IOException {
|
||||
final InputStream in = new FileInputStream(new File(storePath));
|
||||
if (null == in){
|
||||
if (null == in) {
|
||||
throw new FileNotFoundException(storePath);
|
||||
}
|
||||
|
||||
|
||||
@@ -25,7 +25,7 @@ import java.util.List;
|
||||
* 自定义LicenseManager,用于增加额外的服务器硬件信息校验
|
||||
*/
|
||||
@Slf4j
|
||||
public class CustomLicenseManager extends LicenseManager{
|
||||
public class CustomLicenseManager extends LicenseManager {
|
||||
|
||||
//XML编码
|
||||
private static final String XML_CHARSET = "UTF-8";
|
||||
@@ -42,6 +42,7 @@ public class CustomLicenseManager extends LicenseManager{
|
||||
|
||||
/**
|
||||
* 复写create方法
|
||||
*
|
||||
* @return byte[]
|
||||
*/
|
||||
@Override
|
||||
@@ -57,6 +58,7 @@ public class CustomLicenseManager extends LicenseManager{
|
||||
|
||||
/**
|
||||
* 复写install方法,其中validate方法调用本类中的validate方法,校验IP地址、Mac地址等其他信息
|
||||
*
|
||||
* @param
|
||||
* @return de.schlichtherle.license.LicenseContent
|
||||
*/
|
||||
@@ -68,7 +70,7 @@ public class CustomLicenseManager extends LicenseManager{
|
||||
final GenericCertificate certificate = getPrivacyGuard().key2cert(key);
|
||||
|
||||
notary.verify(certificate);
|
||||
final LicenseContent content = (LicenseContent)this.load(certificate.getEncoded());
|
||||
final LicenseContent content = (LicenseContent) this.load(certificate.getEncoded());
|
||||
this.validate(content);
|
||||
setLicenseKey(key);
|
||||
setCertificate(certificate);
|
||||
@@ -78,6 +80,7 @@ public class CustomLicenseManager extends LicenseManager{
|
||||
|
||||
/**
|
||||
* 复写verify方法,调用本类中的validate方法,校验IP地址、Mac地址等其他信息
|
||||
*
|
||||
* @param
|
||||
* @return de.schlichtherle.license.LicenseContent
|
||||
*/
|
||||
@@ -88,13 +91,13 @@ public class CustomLicenseManager extends LicenseManager{
|
||||
|
||||
// Load license key from preferences,
|
||||
final byte[] key = getLicenseKey();
|
||||
if (null == key){
|
||||
if (null == key) {
|
||||
throw new NoLicenseInstalledException(getLicenseParam().getSubject());
|
||||
}
|
||||
|
||||
certificate = getPrivacyGuard().key2cert(key);
|
||||
notary.verify(certificate);
|
||||
final LicenseContent content = (LicenseContent)this.load(certificate.getEncoded());
|
||||
final LicenseContent content = (LicenseContent) this.load(certificate.getEncoded());
|
||||
this.validate(content);
|
||||
setCertificate(certificate);
|
||||
|
||||
@@ -103,6 +106,7 @@ public class CustomLicenseManager extends LicenseManager{
|
||||
|
||||
/**
|
||||
* 校验生成证书的参数信息
|
||||
*
|
||||
* @param content 证书正文
|
||||
*/
|
||||
protected synchronized void validateCreate(final LicenseContent content)
|
||||
@@ -112,14 +116,14 @@ public class CustomLicenseManager extends LicenseManager{
|
||||
final Date now = new Date();
|
||||
final Date notBefore = content.getNotBefore();
|
||||
final Date notAfter = content.getNotAfter();
|
||||
if (null != notAfter && now.after(notAfter)){
|
||||
if (null != notAfter && now.after(notAfter)) {
|
||||
throw new LicenseContentException("证书失效时间不能早于当前时间");
|
||||
}
|
||||
if (null != notBefore && null != notAfter && notAfter.before(notBefore)){
|
||||
if (null != notBefore && null != notAfter && notAfter.before(notBefore)) {
|
||||
throw new LicenseContentException("证书生效时间不能晚于证书失效时间");
|
||||
}
|
||||
final String consumerType = content.getConsumerType();
|
||||
if (null == consumerType){
|
||||
if (null == consumerType) {
|
||||
throw new LicenseContentException("用户类型不能为空");
|
||||
}
|
||||
}
|
||||
@@ -127,6 +131,7 @@ public class CustomLicenseManager extends LicenseManager{
|
||||
|
||||
/**
|
||||
* 复写validate方法,增加IP地址、Mac地址等其他信息校验
|
||||
*
|
||||
* @param content LicenseContent
|
||||
*/
|
||||
@Override
|
||||
@@ -138,31 +143,31 @@ public class CustomLicenseManager extends LicenseManager{
|
||||
//2. 然后校验自定义的License参数
|
||||
//License中可被允许的参数信息
|
||||
LicenseCheckModel expectedCheckModel = (LicenseCheckModel) content.getExtra();
|
||||
if(expectedCheckModel != null){
|
||||
if (expectedCheckModel != null) {
|
||||
//当前服务器真实的参数信息
|
||||
LicenseCheckModel serverCheckModel = getServerInfos();
|
||||
|
||||
if(serverCheckModel != null){
|
||||
if (serverCheckModel != null) {
|
||||
//校验IP地址
|
||||
if(!checkIpAddress(expectedCheckModel.getIpAddress(),serverCheckModel.getIpAddress())){
|
||||
if (!checkIpAddress(expectedCheckModel.getIpAddress(), serverCheckModel.getIpAddress())) {
|
||||
throw new LicenseContentException("当前服务器的IP没在授权范围内");
|
||||
}
|
||||
|
||||
//校验Mac地址
|
||||
if(!checkIpAddress(expectedCheckModel.getMacAddress(),serverCheckModel.getMacAddress())){
|
||||
if (!checkIpAddress(expectedCheckModel.getMacAddress(), serverCheckModel.getMacAddress())) {
|
||||
throw new LicenseContentException("当前服务器的Mac地址没在授权范围内");
|
||||
}
|
||||
|
||||
//校验主板序列号
|
||||
if(!checkSerial(expectedCheckModel.getMainBoardSerial(),serverCheckModel.getMainBoardSerial())){
|
||||
if (!checkSerial(expectedCheckModel.getMainBoardSerial(), serverCheckModel.getMainBoardSerial())) {
|
||||
throw new LicenseContentException("当前服务器的主板序列号没在授权范围内");
|
||||
}
|
||||
|
||||
//校验CPU序列号
|
||||
if(!checkSerial(expectedCheckModel.getCpuSerial(),serverCheckModel.getCpuSerial())){
|
||||
if (!checkSerial(expectedCheckModel.getCpuSerial(), serverCheckModel.getCpuSerial())) {
|
||||
throw new LicenseContentException("当前服务器的CPU序列号没在授权范围内");
|
||||
}
|
||||
}else{
|
||||
} else {
|
||||
throw new LicenseContentException("不能获取服务器硬件信息");
|
||||
}
|
||||
}
|
||||
@@ -171,30 +176,31 @@ public class CustomLicenseManager extends LicenseManager{
|
||||
|
||||
/**
|
||||
* 重写XMLDecoder解析XML
|
||||
*
|
||||
* @param encoded XML类型字符串
|
||||
* @return java.lang.Object
|
||||
*/
|
||||
private Object load(String encoded){
|
||||
private Object load(String encoded) {
|
||||
BufferedInputStream inputStream = null;
|
||||
XMLDecoder decoder = null;
|
||||
try {
|
||||
inputStream = new BufferedInputStream(new ByteArrayInputStream(encoded.getBytes(XML_CHARSET)));
|
||||
|
||||
decoder = new XMLDecoder(new BufferedInputStream(inputStream, DEFAULT_BUFSIZE),null,null);
|
||||
decoder = new XMLDecoder(new BufferedInputStream(inputStream, DEFAULT_BUFSIZE), null, null);
|
||||
|
||||
return decoder.readObject();
|
||||
} catch (UnsupportedEncodingException e) {
|
||||
e.printStackTrace();
|
||||
} finally {
|
||||
try {
|
||||
if(decoder != null){
|
||||
if (decoder != null) {
|
||||
decoder.close();
|
||||
}
|
||||
if(inputStream != null){
|
||||
if (inputStream != null) {
|
||||
inputStream.close();
|
||||
}
|
||||
} catch (Exception e) {
|
||||
log.error("XMLDecoder解析XML失败",e);
|
||||
log.error("XMLDecoder解析XML失败", e);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -203,9 +209,10 @@ public class CustomLicenseManager extends LicenseManager{
|
||||
|
||||
/**
|
||||
* 获取当前服务器需要额外校验的License参数
|
||||
*
|
||||
* @return demo.LicenseCheckModel
|
||||
*/
|
||||
private LicenseCheckModel getServerInfos(){
|
||||
private LicenseCheckModel getServerInfos() {
|
||||
//操作系统类型
|
||||
String osName = System.getProperty("os.name").toLowerCase();
|
||||
AbstractServerInfos abstractServerInfos = null;
|
||||
@@ -215,7 +222,7 @@ public class CustomLicenseManager extends LicenseManager{
|
||||
abstractServerInfos = new WindowsServerInfos();
|
||||
} else if (osName.startsWith("linux")) {
|
||||
abstractServerInfos = new LinuxServerInfos();
|
||||
}else{//其他服务器类型
|
||||
} else {//其他服务器类型
|
||||
abstractServerInfos = new LinuxServerInfos();
|
||||
}
|
||||
|
||||
@@ -225,39 +232,41 @@ public class CustomLicenseManager extends LicenseManager{
|
||||
/**
|
||||
* 校验当前服务器的IP/Mac地址是否在可被允许的IP范围内<br/>
|
||||
* 如果存在IP在可被允许的IP/Mac地址范围内,则返回true
|
||||
*
|
||||
* @return boolean
|
||||
*/
|
||||
private boolean checkIpAddress(List<String> expectedList,List<String> serverList){
|
||||
if(expectedList != null && expectedList.size() > 0){
|
||||
if(serverList != null && serverList.size() > 0){
|
||||
for(String expected : expectedList){
|
||||
if(serverList.contains(expected.trim())){
|
||||
private boolean checkIpAddress(List<String> expectedList, List<String> serverList) {
|
||||
if (expectedList != null && expectedList.size() > 0) {
|
||||
if (serverList != null && serverList.size() > 0) {
|
||||
for (String expected : expectedList) {
|
||||
if (serverList.contains(expected.trim())) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}else {
|
||||
} else {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* 校验当前服务器硬件(主板、CPU等)序列号是否在可允许范围内
|
||||
*
|
||||
* @param
|
||||
* @return boolean
|
||||
*/
|
||||
private boolean checkSerial(String expectedSerial,String serverSerial){
|
||||
if(StringUtils.isNotBlank(expectedSerial)){
|
||||
if(StringUtils.isNotBlank(serverSerial)){
|
||||
if(expectedSerial.equals(serverSerial)){
|
||||
private boolean checkSerial(String expectedSerial, String serverSerial) {
|
||||
if (StringUtils.isNotBlank(expectedSerial)) {
|
||||
if (StringUtils.isNotBlank(serverSerial)) {
|
||||
if (expectedSerial.equals(serverSerial)) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
return false;
|
||||
}else{
|
||||
} else {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
@@ -10,10 +10,10 @@ public class LicenseManagerHolder {
|
||||
|
||||
private static volatile LicenseManager LICENSE_MANAGER;
|
||||
|
||||
public static LicenseManager getInstance(LicenseParam param){
|
||||
if(LICENSE_MANAGER == null){
|
||||
synchronized (LicenseManagerHolder.class){
|
||||
if(LICENSE_MANAGER == null){
|
||||
public static LicenseManager getInstance(LicenseParam param) {
|
||||
if (LICENSE_MANAGER == null) {
|
||||
synchronized (LicenseManagerHolder.class) {
|
||||
if (LICENSE_MANAGER == null) {
|
||||
LICENSE_MANAGER = new CustomLicenseManager(param);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -24,19 +24,19 @@ public class LicenseVerify {
|
||||
/**
|
||||
* 安装License证书
|
||||
*/
|
||||
public synchronized LicenseContent install(LicenseVerifyParam param){
|
||||
public synchronized LicenseContent install(LicenseVerifyParam param) {
|
||||
LicenseContent result = null;
|
||||
DateFormat format = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
|
||||
|
||||
//1. 安装证书
|
||||
try{
|
||||
try {
|
||||
LicenseManager licenseManager = LicenseManagerHolder.getInstance(initLicenseParam(param));
|
||||
licenseManager.uninstall();
|
||||
|
||||
result = licenseManager.install(new File(param.getLicensePath()));
|
||||
log.info(MessageFormat.format("证书安装成功,证书有效期:{0} - {1}",format.format(result.getNotBefore()),format.format(result.getNotAfter())));
|
||||
}catch (Exception e){
|
||||
log.error("证书安装失败!",e);
|
||||
log.info(MessageFormat.format("证书安装成功,证书有效期:{0} - {1}", format.format(result.getNotBefore()), format.format(result.getNotAfter())));
|
||||
} catch (Exception e) {
|
||||
log.error("证书安装失败!", e);
|
||||
}
|
||||
|
||||
return result;
|
||||
@@ -44,45 +44,45 @@ public class LicenseVerify {
|
||||
|
||||
/**
|
||||
* 校验License证书
|
||||
*
|
||||
* @return boolean
|
||||
*/
|
||||
public boolean verify(){
|
||||
public boolean verify() {
|
||||
LicenseManager licenseManager = LicenseManagerHolder.getInstance(null);
|
||||
DateFormat format = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");
|
||||
|
||||
//2. 校验证书
|
||||
try {
|
||||
LicenseContent licenseContent = licenseManager.verify();
|
||||
// System.out.println(licenseContent.getSubject());
|
||||
|
||||
log.info(MessageFormat.format("证书校验通过,证书有效期:{0} - {1}",format.format(licenseContent.getNotBefore()),format.format(licenseContent.getNotAfter())));
|
||||
log.debug(MessageFormat.format("证书校验通过,证书有效期:{0} - {1}", format.format(licenseContent.getNotBefore()), format.format(licenseContent.getNotAfter())));
|
||||
return true;
|
||||
}catch (Exception e){
|
||||
log.error("证书校验失败!",e);
|
||||
} catch (Exception e) {
|
||||
log.error("证书校验失败!", e);
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* 初始化证书生成参数
|
||||
*
|
||||
* @param param License校验类需要的参数
|
||||
* @return de.schlichtherle.license.LicenseParam
|
||||
*/
|
||||
private LicenseParam initLicenseParam(LicenseVerifyParam param){
|
||||
private LicenseParam initLicenseParam(LicenseVerifyParam param) {
|
||||
Preferences preferences = Preferences.userNodeForPackage(LicenseVerify.class);
|
||||
|
||||
CipherParam cipherParam = new DefaultCipherParam(param.getStorePass());
|
||||
|
||||
KeyStoreParam publicStoreParam = new CustomKeyStoreParam(LicenseVerify.class
|
||||
,param.getPublicKeysStorePath()
|
||||
,param.getPublicAlias()
|
||||
,param.getStorePass()
|
||||
,null);
|
||||
, param.getPublicKeysStorePath()
|
||||
, param.getPublicAlias()
|
||||
, param.getStorePass()
|
||||
, null);
|
||||
|
||||
return new DefaultLicenseParam(param.getSubject()
|
||||
,preferences
|
||||
,publicStoreParam
|
||||
,cipherParam);
|
||||
, preferences
|
||||
, publicStoreParam
|
||||
, cipherParam);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -6,7 +6,7 @@ import java.util.List;
|
||||
/**
|
||||
* 自定义需要校验的License参数
|
||||
*/
|
||||
public class LicenseCheckModel implements Serializable{
|
||||
public class LicenseCheckModel implements Serializable {
|
||||
|
||||
private static final long serialVersionUID = 8600137500316662317L;
|
||||
/**
|
||||
|
||||
@@ -1,62 +0,0 @@
|
||||
package org.wfc.common.license.interceptor;
|
||||
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.springframework.stereotype.Component;
|
||||
import org.springframework.web.servlet.HandlerInterceptor;
|
||||
import org.wfc.common.license.LicenseVerify;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.io.IOException;
|
||||
import java.io.PrintWriter;
|
||||
import java.util.HashMap;
|
||||
import java.util.Map;
|
||||
|
||||
/**
|
||||
* 使用拦截器拦截请求,验证证书的可用性
|
||||
*
|
||||
*/
|
||||
@Slf4j
|
||||
@Component
|
||||
public class LicenseCheckInterceptor implements HandlerInterceptor {
|
||||
|
||||
/**
|
||||
* 进入controller层之前拦截请求
|
||||
* @param request
|
||||
* @param response
|
||||
* @param handler
|
||||
* @return
|
||||
* @throws Exception
|
||||
*/
|
||||
@Override
|
||||
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
|
||||
LicenseVerify licenseVerify = new LicenseVerify();
|
||||
|
||||
//校验证书是否有效
|
||||
boolean verifyResult = licenseVerify.verify();
|
||||
|
||||
if(verifyResult){
|
||||
log.info("验证成功,证书可用");
|
||||
return true;
|
||||
}else{
|
||||
log.info("验证失败,证书无效");
|
||||
response.setCharacterEncoding("utf-8");
|
||||
Map<String,String> result = new HashMap<>(1);
|
||||
result.put("result","您的证书无效,请核查服务器是否取得授权或重新申请证书!");
|
||||
|
||||
outputError(response, "Your License is invalid");
|
||||
|
||||
return false;
|
||||
}
|
||||
}
|
||||
|
||||
// 输出错误信息
|
||||
private void outputError(HttpServletResponse response, String errorMsg) throws IOException {
|
||||
response.setContentType("application/json;charset=UTF-8");
|
||||
PrintWriter out = response.getWriter();
|
||||
out.write("{\"msg\": \"" + errorMsg + "\", \"code\": 500}");
|
||||
out.flush();
|
||||
out.close();
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,28 +0,0 @@
|
||||
package org.wfc.common.license.interceptor;
|
||||
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
|
||||
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
|
||||
|
||||
import javax.annotation.Resource;
|
||||
|
||||
/**
|
||||
* @Description: 拦截器配置
|
||||
*/
|
||||
@Configuration
|
||||
public class LicenseInterceptorConfig implements WebMvcConfigurer {
|
||||
|
||||
@Resource
|
||||
private LicenseCheckInterceptor licenseCheckInterceptor;
|
||||
|
||||
@Override
|
||||
public void addInterceptors(InterceptorRegistry registry) {
|
||||
|
||||
//添加要拦截的url
|
||||
registry.addInterceptor(licenseCheckInterceptor)
|
||||
// 拦截的路径
|
||||
.addPathPatterns("/**");
|
||||
// 放行的路径
|
||||
// .excludePathPatterns("/admin/login");
|
||||
}
|
||||
}
|
||||
@@ -34,14 +34,16 @@ public class LicenseCheckRunner implements ApplicationRunner {
|
||||
|
||||
// 启动定时任务
|
||||
public void startTimer() {
|
||||
scheduledFuture = scheduler.scheduleAtFixedRate(this::timer, 0, 60, TimeUnit.SECONDS);
|
||||
scheduledFuture = scheduler.scheduleAtFixedRate(this::timer, 0, 30, TimeUnit.SECONDS);
|
||||
}
|
||||
|
||||
// 停止定时任务
|
||||
public void stopTimer() {
|
||||
if (scheduledFuture != null) {
|
||||
scheduledFuture.cancel(false);
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* 文件唯一身份标识 == 相当于人类的指纹一样
|
||||
*/
|
||||
@@ -73,7 +75,7 @@ public class LicenseCheckRunner implements ApplicationRunner {
|
||||
/**
|
||||
* 5秒检测一次,不能太快也不能太慢
|
||||
*/
|
||||
protected void timer() {
|
||||
protected void timer() {
|
||||
if (!isLoad) {
|
||||
return;
|
||||
}
|
||||
|
||||
@@ -18,9 +18,10 @@ public abstract class AbstractServerInfos {
|
||||
|
||||
/**
|
||||
* 组装需要额外校验的License参数
|
||||
*
|
||||
* @return demo.LicenseCheckModel
|
||||
*/
|
||||
public LicenseCheckModel getServerInfos(){
|
||||
public LicenseCheckModel getServerInfos() {
|
||||
LicenseCheckModel result = new LicenseCheckModel();
|
||||
|
||||
try {
|
||||
@@ -28,8 +29,8 @@ public abstract class AbstractServerInfos {
|
||||
result.setMacAddress(this.getMacAddress());
|
||||
result.setCpuSerial(this.getCPUSerial());
|
||||
result.setMainBoardSerial(this.getMainBoardSerial());
|
||||
}catch (Exception e){
|
||||
log.error("获取服务器硬件信息失败",e);
|
||||
} catch (Exception e) {
|
||||
log.error("获取服务器硬件信息失败 {}", e.getMessage());
|
||||
}
|
||||
|
||||
return result;
|
||||
@@ -37,30 +38,35 @@ public abstract class AbstractServerInfos {
|
||||
|
||||
/**
|
||||
* 获取IP地址
|
||||
*
|
||||
* @return java.util.List<java.lang.String>
|
||||
*/
|
||||
protected abstract List<String> getIpAddress() throws Exception;
|
||||
|
||||
/**
|
||||
* 获取Mac地址
|
||||
*
|
||||
* @return java.util.List<java.lang.String>
|
||||
*/
|
||||
protected abstract List<String> getMacAddress() throws Exception;
|
||||
|
||||
/**
|
||||
* 获取CPU序列号
|
||||
*
|
||||
* @return java.lang.String
|
||||
*/
|
||||
protected abstract String getCPUSerial() throws Exception;
|
||||
|
||||
/**
|
||||
* 获取主板序列号
|
||||
*
|
||||
* @return java.lang.String
|
||||
*/
|
||||
protected abstract String getMainBoardSerial() throws Exception;
|
||||
|
||||
/**
|
||||
* 获取当前服务器所有符合条件的InetAddress
|
||||
*
|
||||
* @return java.util.List<java.net.InetAddress>
|
||||
*/
|
||||
protected List<InetAddress> getLocalAllInetAddress() throws Exception {
|
||||
@@ -74,8 +80,8 @@ public abstract class AbstractServerInfos {
|
||||
InetAddress inetAddr = (InetAddress) inetAddresses.nextElement();
|
||||
|
||||
//排除LoopbackAddress、SiteLocalAddress、LinkLocalAddress、MulticastAddress类型的IP地址
|
||||
if(!inetAddr.isLoopbackAddress() /*&& !inetAddr.isSiteLocalAddress()*/
|
||||
&& !inetAddr.isLinkLocalAddress() && !inetAddr.isMulticastAddress()){
|
||||
if (!inetAddr.isLoopbackAddress() /*&& !inetAddr.isSiteLocalAddress()*/
|
||||
&& !inetAddr.isLinkLocalAddress() && !inetAddr.isMulticastAddress()) {
|
||||
result.add(inetAddr);
|
||||
}
|
||||
}
|
||||
@@ -86,24 +92,25 @@ public abstract class AbstractServerInfos {
|
||||
|
||||
/**
|
||||
* 获取某个网络接口的Mac地址
|
||||
*
|
||||
* @param
|
||||
* @return void
|
||||
*/
|
||||
protected String getMacByInetAddress(InetAddress inetAddr){
|
||||
protected String getMacByInetAddress(InetAddress inetAddr) {
|
||||
try {
|
||||
byte[] mac = NetworkInterface.getByInetAddress(inetAddr).getHardwareAddress();
|
||||
StringBuffer stringBuffer = new StringBuffer();
|
||||
|
||||
for(int i=0;i<mac.length;i++){
|
||||
if(i != 0) {
|
||||
for (int i = 0; i < mac.length; i++) {
|
||||
if (i != 0) {
|
||||
stringBuffer.append("-");
|
||||
}
|
||||
|
||||
//将十六进制byte转化为字符串
|
||||
String temp = Integer.toHexString(mac[i] & 0xff);
|
||||
if(temp.length() == 1){
|
||||
if (temp.length() == 1) {
|
||||
stringBuffer.append("0" + temp);
|
||||
}else{
|
||||
} else {
|
||||
stringBuffer.append(temp);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -11,7 +11,7 @@ import java.util.stream.Collectors;
|
||||
/**
|
||||
* 用于获取客户Linux服务器的基本信息
|
||||
*/
|
||||
public class LinuxServerInfos extends AbstractServerInfos{
|
||||
public class LinuxServerInfos extends AbstractServerInfos {
|
||||
|
||||
@Override
|
||||
protected List<String> getIpAddress() throws Exception {
|
||||
@@ -20,7 +20,7 @@ public class LinuxServerInfos extends AbstractServerInfos{
|
||||
//获取所有网络接口
|
||||
List<InetAddress> inetAddresses = getLocalAllInetAddress();
|
||||
|
||||
if(inetAddresses != null && inetAddresses.size() > 0){
|
||||
if (inetAddresses != null && inetAddresses.size() > 0) {
|
||||
result = inetAddresses.stream().map(InetAddress::getHostAddress).distinct().map(String::toLowerCase).collect(Collectors.toList());
|
||||
}
|
||||
|
||||
@@ -34,7 +34,7 @@ public class LinuxServerInfos extends AbstractServerInfos{
|
||||
//1. 获取所有网络接口
|
||||
List<InetAddress> inetAddresses = getLocalAllInetAddress();
|
||||
|
||||
if(inetAddresses != null && inetAddresses.size() > 0){
|
||||
if (inetAddresses != null && inetAddresses.size() > 0) {
|
||||
//2. 获取所有网络接口的Mac地址
|
||||
result = inetAddresses.stream().map(this::getMacByInetAddress).distinct().collect(Collectors.toList());
|
||||
}
|
||||
@@ -48,14 +48,14 @@ public class LinuxServerInfos extends AbstractServerInfos{
|
||||
String serialNumber = "";
|
||||
|
||||
//使用dmidecode命令获取CPU序列号
|
||||
String[] shell = {"/bin/bash","-c","dmidecode -t processor | grep 'ID' | awk -F ':' '{print $2}' | head -n 1"};
|
||||
String[] shell = {"/bin/bash", "-c", "dmidecode -t processor | grep 'ID' | awk -F ':' '{print $2}' | head -n 1"};
|
||||
Process process = Runtime.getRuntime().exec(shell);
|
||||
process.getOutputStream().close();
|
||||
|
||||
BufferedReader reader = new BufferedReader(new InputStreamReader(process.getInputStream()));
|
||||
|
||||
String line = reader.readLine().trim();
|
||||
if(StringUtils.isNotBlank(line)){
|
||||
if (StringUtils.isNotBlank(line)) {
|
||||
serialNumber = line;
|
||||
}
|
||||
|
||||
@@ -69,14 +69,14 @@ public class LinuxServerInfos extends AbstractServerInfos{
|
||||
String serialNumber = "";
|
||||
|
||||
//使用dmidecode命令获取主板序列号
|
||||
String[] shell = {"/bin/bash","-c","dmidecode | grep 'Serial Number' | awk -F ':' '{print $2}' | head -n 1"};
|
||||
String[] shell = {"/bin/bash", "-c", "dmidecode | grep 'Serial Number' | awk -F ':' '{print $2}' | head -n 1"};
|
||||
Process process = Runtime.getRuntime().exec(shell);
|
||||
process.getOutputStream().close();
|
||||
|
||||
BufferedReader reader = new BufferedReader(new InputStreamReader(process.getInputStream()));
|
||||
|
||||
String line = reader.readLine().trim();
|
||||
if(StringUtils.isNotBlank(line)){
|
||||
if (StringUtils.isNotBlank(line)) {
|
||||
serialNumber = line;
|
||||
}
|
||||
|
||||
|
||||
@@ -1,5 +1,9 @@
|
||||
package org.wfc.common.license.serverinfo;
|
||||
|
||||
import java.io.BufferedReader;
|
||||
import java.io.File;
|
||||
import java.io.FileWriter;
|
||||
import java.io.InputStreamReader;
|
||||
import java.net.InetAddress;
|
||||
import java.util.List;
|
||||
import java.util.Scanner;
|
||||
@@ -8,7 +12,7 @@ import java.util.stream.Collectors;
|
||||
/**
|
||||
* 用于获取客户Windows服务器的基本信息
|
||||
*/
|
||||
public class WindowsServerInfos extends AbstractServerInfos{
|
||||
public class WindowsServerInfos extends AbstractServerInfos {
|
||||
|
||||
@Override
|
||||
protected List<String> getIpAddress() throws Exception {
|
||||
@@ -17,7 +21,7 @@ public class WindowsServerInfos extends AbstractServerInfos{
|
||||
//获取所有网络接口
|
||||
List<InetAddress> inetAddresses = getLocalAllInetAddress();
|
||||
|
||||
if(inetAddresses != null && inetAddresses.size() > 0){
|
||||
if (inetAddresses != null && inetAddresses.size() > 0) {
|
||||
result = inetAddresses.stream().map(InetAddress::getHostAddress).distinct().map(String::toLowerCase).collect(Collectors.toList());
|
||||
}
|
||||
|
||||
@@ -31,7 +35,7 @@ public class WindowsServerInfos extends AbstractServerInfos{
|
||||
//1. 获取所有网络接口
|
||||
List<InetAddress> inetAddresses = getLocalAllInetAddress();
|
||||
|
||||
if(inetAddresses != null && inetAddresses.size() > 0){
|
||||
if (inetAddresses != null && inetAddresses.size() > 0) {
|
||||
//2. 获取所有网络接口的Mac地址
|
||||
result = inetAddresses.stream().map(this::getMacByInetAddress).distinct().collect(Collectors.toList());
|
||||
}
|
||||
@@ -39,8 +43,7 @@ public class WindowsServerInfos extends AbstractServerInfos{
|
||||
return result;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected String getCPUSerial() throws Exception {
|
||||
private String getCPUSerial2() throws Exception {
|
||||
//序列号
|
||||
String serialNumber = "";
|
||||
|
||||
@@ -49,11 +52,60 @@ public class WindowsServerInfos extends AbstractServerInfos{
|
||||
process.getOutputStream().close();
|
||||
Scanner scanner = new Scanner(process.getInputStream());
|
||||
|
||||
if(scanner != null && scanner.hasNext()){
|
||||
if (scanner != null && scanner.hasNext()) {
|
||||
scanner.next();
|
||||
}
|
||||
|
||||
if(scanner.hasNext()){
|
||||
if (scanner.hasNext()) {
|
||||
serialNumber = scanner.next().trim();
|
||||
}
|
||||
|
||||
scanner.close();
|
||||
return serialNumber;
|
||||
}
|
||||
|
||||
@Override
|
||||
protected String getCPUSerial() throws Exception {
|
||||
String result = "";
|
||||
try {
|
||||
File file = File.createTempFile("tmp", ".vbs");
|
||||
file.deleteOnExit();
|
||||
FileWriter fw = new FileWriter(file);
|
||||
String vbs = "Set objWMIService = GetObject(\"winmgmts:\\\\.\\root\\cimv2\")\n"
|
||||
+ "Set colItems = objWMIService.ExecQuery _ \n" + " (\"Select * from Win32_Processor\") \n"
|
||||
+ "For Each objItem in colItems \n" + " Wscript.Echo objItem.ProcessorId \n"
|
||||
+ " exit for ' do the first cpu only! \n" + "Next \n";
|
||||
|
||||
fw.write(vbs);
|
||||
fw.close();
|
||||
Process p = Runtime.getRuntime().exec("cscript //NoLogo " + file.getPath());
|
||||
BufferedReader input = new BufferedReader(new InputStreamReader(p.getInputStream()));
|
||||
String line;
|
||||
while ((line = input.readLine()) != null) {
|
||||
result += line;
|
||||
}
|
||||
input.close();
|
||||
file.delete();
|
||||
} catch (Exception e) {
|
||||
return getCPUSerial2();
|
||||
}
|
||||
return result.trim();
|
||||
}
|
||||
|
||||
private String getMainBoardSerial2() throws Exception {
|
||||
//序列号
|
||||
String serialNumber = "";
|
||||
|
||||
//使用WMIC获取主板序列号
|
||||
Process process = Runtime.getRuntime().exec("wmic baseboard get serialnumber");
|
||||
process.getOutputStream().close();
|
||||
Scanner scanner = new Scanner(process.getInputStream());
|
||||
|
||||
if (scanner != null && scanner.hasNext()) {
|
||||
scanner.next();
|
||||
}
|
||||
|
||||
if (scanner.hasNext()) {
|
||||
serialNumber = scanner.next().trim();
|
||||
}
|
||||
|
||||
@@ -63,23 +115,30 @@ public class WindowsServerInfos extends AbstractServerInfos{
|
||||
|
||||
@Override
|
||||
protected String getMainBoardSerial() throws Exception {
|
||||
//序列号
|
||||
String serialNumber = "";
|
||||
|
||||
//使用WMIC获取主板序列号
|
||||
Process process = Runtime.getRuntime().exec("wmic baseboard get serialnumber");
|
||||
process.getOutputStream().close();
|
||||
Scanner scanner = new Scanner(process.getInputStream());
|
||||
String result = "";
|
||||
try {
|
||||
File file = File.createTempFile("realhowto", ".vbs");
|
||||
file.deleteOnExit();
|
||||
FileWriter fw = new FileWriter(file);
|
||||
|
||||
if(scanner != null && scanner.hasNext()){
|
||||
scanner.next();
|
||||
String vbs = "Set objWMIService = GetObject(\"winmgmts:\\\\.\\root\\cimv2\")\n"
|
||||
+ "Set colItems = objWMIService.ExecQuery _ \n" + " (\"Select * from Win32_BaseBoard\") \n"
|
||||
+ "For Each objItem in colItems \n" + " Wscript.Echo objItem.SerialNumber \n"
|
||||
+ " exit for ' do the first cpu only! \n" + "Next \n";
|
||||
|
||||
fw.write(vbs);
|
||||
fw.close();
|
||||
Process p = Runtime.getRuntime().exec("cscript //NoLogo " + file.getPath());
|
||||
BufferedReader input = new BufferedReader(new InputStreamReader(p.getInputStream()));
|
||||
String line;
|
||||
while ((line = input.readLine()) != null) {
|
||||
result += line;
|
||||
}
|
||||
input.close();
|
||||
} catch (Exception e) {
|
||||
return getMainBoardSerial2();
|
||||
}
|
||||
|
||||
if(scanner.hasNext()){
|
||||
serialNumber = scanner.next().trim();
|
||||
}
|
||||
|
||||
scanner.close();
|
||||
return serialNumber;
|
||||
return result.trim();
|
||||
}
|
||||
}
|
||||
|
||||
@@ -1,4 +1,2 @@
|
||||
org.wfc.common.license.runner.LicenseProperties
|
||||
org.wfc.common.license.runner.LicenseCheckRunner
|
||||
org.wfc.common.license.interceptor.LicenseCheckInterceptor
|
||||
org.wfc.common.license.interceptor.LicenseInterceptorConfig
|
||||
@@ -88,6 +88,12 @@
|
||||
<version>${springdoc.version}</version>
|
||||
</dependency>
|
||||
|
||||
<!-- License -->
|
||||
<dependency>
|
||||
<groupId>org.wfc</groupId>
|
||||
<artifactId>wfc-common-license</artifactId>
|
||||
</dependency>
|
||||
|
||||
</dependencies>
|
||||
|
||||
<build>
|
||||
|
||||
@@ -18,18 +18,18 @@ import org.wfc.common.core.utils.JwtUtils;
|
||||
import org.wfc.common.core.utils.MessageUtils;
|
||||
import org.wfc.common.core.utils.ServletUtils;
|
||||
import org.wfc.common.core.utils.StringUtils;
|
||||
import org.wfc.common.license.LicenseVerify;
|
||||
import org.wfc.common.redis.service.RedisService;
|
||||
import org.wfc.gateway.config.properties.IgnoreWhiteProperties;
|
||||
import reactor.core.publisher.Mono;
|
||||
|
||||
/**
|
||||
* 网关鉴权
|
||||
*
|
||||
*
|
||||
* @author wfc
|
||||
*/
|
||||
@Component
|
||||
public class AuthFilter implements GlobalFilter, Ordered
|
||||
{
|
||||
public class AuthFilter implements GlobalFilter, Ordered {
|
||||
private static final Logger log = LoggerFactory.getLogger(AuthFilter.class);
|
||||
|
||||
// 排除过滤的 uri 地址,nacos自行添加
|
||||
@@ -40,42 +40,44 @@ public class AuthFilter implements GlobalFilter, Ordered
|
||||
private RedisService redisService;
|
||||
|
||||
@Override
|
||||
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain)
|
||||
{
|
||||
public Mono<Void> filter(ServerWebExchange exchange, GatewayFilterChain chain) {
|
||||
ServerHttpRequest request = exchange.getRequest();
|
||||
ServerHttpRequest.Builder mutate = request.mutate();
|
||||
|
||||
LicenseVerify licenseVerify = new LicenseVerify();
|
||||
|
||||
// 校验license证书是否有效
|
||||
boolean verifyResult = licenseVerify.verify();
|
||||
if (!verifyResult) {
|
||||
log.error("验证失败,证书无效");
|
||||
return unauthorizedResponse(exchange, MessageUtils.message("Your License is invalid"));
|
||||
}
|
||||
|
||||
String url = request.getURI().getPath();
|
||||
// 跳过不需要验证的路径
|
||||
if (StringUtils.matches(url, ignoreWhite.getWhites()))
|
||||
{
|
||||
if (StringUtils.matches(url, ignoreWhite.getWhites())) {
|
||||
return chain.filter(exchange);
|
||||
}
|
||||
String token = getToken(request);
|
||||
if (StringUtils.isEmpty(token))
|
||||
{
|
||||
if (StringUtils.isEmpty(token)) {
|
||||
return unauthorizedResponse(exchange, MessageUtils.message("gateway.token.not.blank"));
|
||||
}
|
||||
Claims claims = JwtUtils.parseToken(token);
|
||||
if (claims == null)
|
||||
{
|
||||
if (claims == null) {
|
||||
return unauthorizedResponse(exchange, MessageUtils.message("gateway.token.expired"));
|
||||
}
|
||||
String userkey = JwtUtils.getUserKey(claims);
|
||||
boolean islogin = redisService.hasKey(getTokenKey(userkey));
|
||||
if (!islogin)
|
||||
{
|
||||
if (!islogin) {
|
||||
return unauthorizedResponse(exchange, MessageUtils.message("gateway.status.expired"));
|
||||
}
|
||||
String userid = JwtUtils.getUserId(claims);
|
||||
String username = JwtUtils.getUserName(claims);
|
||||
if (StringUtils.isEmpty(userid) || StringUtils.isEmpty(username))
|
||||
{
|
||||
if (StringUtils.isEmpty(userid) || StringUtils.isEmpty(username)) {
|
||||
return unauthorizedResponse(exchange, MessageUtils.message("gateway.token.error"));
|
||||
}
|
||||
String platform = JwtUtils.getUserPlatform(claims);
|
||||
if ("user".equals(platform) && StringUtils.startsWith(url,"/system"))
|
||||
{
|
||||
if ("user".equals(platform) && StringUtils.startsWith(url, "/system")) {
|
||||
return unauthorizedResponse(exchange, MessageUtils.message("gateway.user.portal.forbidden"));
|
||||
}
|
||||
// 设置用户信息到请求
|
||||
@@ -88,10 +90,8 @@ public class AuthFilter implements GlobalFilter, Ordered
|
||||
return chain.filter(exchange.mutate().request(mutate.build()).build());
|
||||
}
|
||||
|
||||
private void addHeader(ServerHttpRequest.Builder mutate, String name, Object value)
|
||||
{
|
||||
if (value == null)
|
||||
{
|
||||
private void addHeader(ServerHttpRequest.Builder mutate, String name, Object value) {
|
||||
if (value == null) {
|
||||
return;
|
||||
}
|
||||
String valueStr = value.toString();
|
||||
@@ -99,13 +99,11 @@ public class AuthFilter implements GlobalFilter, Ordered
|
||||
mutate.header(name, valueEncode);
|
||||
}
|
||||
|
||||
private void removeHeader(ServerHttpRequest.Builder mutate, String name)
|
||||
{
|
||||
private void removeHeader(ServerHttpRequest.Builder mutate, String name) {
|
||||
mutate.headers(httpHeaders -> httpHeaders.remove(name)).build();
|
||||
}
|
||||
|
||||
private Mono<Void> unauthorizedResponse(ServerWebExchange exchange, String msg)
|
||||
{
|
||||
private Mono<Void> unauthorizedResponse(ServerWebExchange exchange, String msg) {
|
||||
log.error("[Authentication exception handling]Request path:{}, error message:{}", exchange.getRequest().getPath(), msg);
|
||||
return ServletUtils.webFluxResponseWriter(exchange.getResponse(), msg, HttpStatus.UNAUTHORIZED);
|
||||
}
|
||||
@@ -113,28 +111,24 @@ public class AuthFilter implements GlobalFilter, Ordered
|
||||
/**
|
||||
* 获取缓存key
|
||||
*/
|
||||
private String getTokenKey(String token)
|
||||
{
|
||||
private String getTokenKey(String token) {
|
||||
return CacheConstants.LOGIN_TOKEN_KEY + token;
|
||||
}
|
||||
|
||||
/**
|
||||
* 获取请求token
|
||||
*/
|
||||
private String getToken(ServerHttpRequest request)
|
||||
{
|
||||
private String getToken(ServerHttpRequest request) {
|
||||
String token = request.getHeaders().getFirst(SecurityConstants.AUTHORIZATION_HEADER);
|
||||
// 如果前端设置了令牌前缀,则裁剪掉前缀
|
||||
if (StringUtils.isNotEmpty(token) && token.startsWith(TokenConstants.PREFIX))
|
||||
{
|
||||
if (StringUtils.isNotEmpty(token) && token.startsWith(TokenConstants.PREFIX)) {
|
||||
token = token.replaceFirst(TokenConstants.PREFIX, StringUtils.EMPTY);
|
||||
}
|
||||
return token;
|
||||
}
|
||||
|
||||
@Override
|
||||
public int getOrder()
|
||||
{
|
||||
public int getOrder() {
|
||||
return -200;
|
||||
}
|
||||
}
|
||||
@@ -89,11 +89,6 @@
|
||||
<groupId>org.mapstruct</groupId>
|
||||
<artifactId>mapstruct</artifactId>
|
||||
</dependency>
|
||||
<!-- License -->
|
||||
<dependency>
|
||||
<groupId>org.wfc</groupId>
|
||||
<artifactId>wfc-common-license</artifactId>
|
||||
</dependency>
|
||||
|
||||
</dependencies>
|
||||
|
||||
|
||||
@@ -103,11 +103,6 @@
|
||||
<groupId>org.wfc</groupId>
|
||||
<artifactId>wfc-common-mail</artifactId>
|
||||
</dependency>
|
||||
<!-- License -->
|
||||
<dependency>
|
||||
<groupId>org.wfc</groupId>
|
||||
<artifactId>wfc-common-license</artifactId>
|
||||
</dependency>
|
||||
</dependencies>
|
||||
|
||||
<build>
|
||||
|
||||
Reference in New Issue
Block a user