feature & fix: 正式发布0.0.6版本, 增加header-secret校验.

5b71d939 · 朱劲松 · 7e76f5e3 · 5b71d939 · 5b71d939
Commit 5b71d939 authored Jan 18, 2018 by 朱劲松
Hide whitespace changes
Inline Side-by-side

Showing with 8 additions and 0 deletions

SecurityUtil.java src/main/java/cn/quantgroup/tech/security/SecurityUtil.java +6 -0

ZUser.java src/main/java/cn/quantgroup/tech/security/ZUser.java +2 -0

No files found.
--- a/src/main/java/cn/quantgroup/tech/security/SecurityUtil.java
+++ b/src/main/java/cn/quantgroup/tech/security/SecurityUtil.java
@@ -12,6 +12,12 @@ public class SecurityUtil {
    public static ZUser extractHeader(HttpServletRequest request) {
+        // valid secret.
+        String secret = request.getHeader(ZUser.HEADER_SECRET_KEY_FROM_GATEWAY);
+        if (StringUtils.isEmpty(secret) || !secret.equals(ZUser.HEADER_SECRET_VAL_FROM_GATEWAY)) {
+            return null;
+        }
        String uuid = request.getHeader(ZUser.HEADER_UUID);
        if (StringUtils.isNotEmpty(uuid)) {
            String userIdStr = request.getHeader(ZUser.HEADER_USER_ID);

--- a/src/main/java/cn/quantgroup/tech/security/ZUser.java
+++ b/src/main/java/cn/quantgroup/tech/security/ZUser.java
@@ -23,6 +23,8 @@ public class ZUser implements UserDetails {
    public static final String HEADER_USER_ID = "z-user-id";
    public static final String HEADER_UUID = "z-user-uuid";
    public static final String HEADER_PHONE_NO = "z-user-phone-no";
+    public static final String HEADER_SECRET_KEY_FROM_GATEWAY = "z-user-secret";
+    public static final String HEADER_SECRET_VAL_FROM_GATEWAY = "z.h,w44RXMu4XL#dq_%@ZX,u*gd]zVhmdks@H8krq*Gn-CC:6>YTHX_Kh=_#D7LR";
    private String uuid;
    private Long userId;