stms 权限系统校验token 修改

9bbd077e · xuepeng.chang · ff894e42 · 9bbd077e · 9bbd077e · 9bbd077e
Commit 9bbd077e authored Sep 24, 2025 by xuepeng.chang
5 changed files
--- a/src/main/java/cn/quantgroup/xyqb/Constants.java
+++ b/src/main/java/cn/quantgroup/xyqb/Constants.java
@@ -232,6 +232,11 @@ public interface Constants {
        Long SESSION_VALID_TIME = 15 * 24 * 60 * 60L;
        Long SESSION_EXCHANGE_VALID_TIME = 380L;
    }
+    interface StmsSession {
+        String STMS_USER_SESSION_CACHE = "user:stms:session:";
+        // stms会话有效期24小时
+        Long STMS_SESSION_VALID_TIME = 24 * 24 * 60 * 60L;
+    }
    interface UserAvatar {
        String AVATAR_DEFAULT = "https://avatar.xyqb.com/default_avatar.png";

--- a/src/main/java/cn/quantgroup/xyqb/filter/StmsInnerInterceptor.java
+++ b/src/main/java/cn/quantgroup/xyqb/filter/StmsInnerInterceptor.java
@@ -8,10 +8,10 @@ import cn.quantgroup.xyqb.model.session.SessionStruct;
 import cn.quantgroup.xyqb.remote.StmsRemoteService;
 import cn.quantgroup.xyqb.service.session.ISessionService;
 import cn.quantgroup.xyqb.session.XyqbSessionContextHolder;
-import cn.quantgroup.xyqb.util.StringUtils;
 import com.alibaba.fastjson.JSONObject;
 import com.google.common.collect.Maps;
 import lombok.extern.slf4j.Slf4j;
+import org.apache.commons.lang3.StringUtils;
 import org.springframework.web.servlet.HandlerInterceptor;
 import org.springframework.web.servlet.ModelAndView;
@@ -38,12 +38,11 @@ public class StmsInnerInterceptor implements HandlerInterceptor {
    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
        //所有开放出去的外部接口，都需要验证租户id和注册来源
        String tenantId = request.getHeader(Constants.X_AUTH_TENANT);
        String registeredFrom = request.getHeader(Constants.X_AUTH_FROM);
        try {
-            registeredFrom = org.apache.commons.lang3.StringUtils.isEmpty(registeredFrom) ? request.getHeader(Constants.X_AUTH_FROM_) : registeredFrom;
+            registeredFrom = StringUtils.isEmpty(registeredFrom) ? request.getHeader(Constants.X_AUTH_FROM_) : registeredFrom;
        } catch (Exception e) {
+            log.warn("registeredFrom获取异常",e);
            registeredFrom = "0";
        }
        String stmsToken = request.getHeader(Constants.X_AUTH_TOKEN);
@@ -55,8 +54,8 @@ public class StmsInnerInterceptor implements HandlerInterceptor {
            throw new BizException(BizExceptionEnum.UN_EXIT_STMS_TOKEN);
        }
-        SessionStruct sessionStruct = XyqbSessionContextHolder.getXSessionFromRedis(stmsToken, Integer.valueOf(tenantId),org.apache.commons.lang3.StringUtils.isEmpty(registeredFrom) ? null:Long.valueOf(registeredFrom));
+        SessionStruct sessionStruct = XyqbSessionContextHolder.getStmsXSessionFromRedis(stmsToken, Integer.valueOf(tenantId), StringUtils.isEmpty(registeredFrom) ? null:Long.valueOf(registeredFrom));
-        log.info("从redis获取sessionStruct结果：{}",JSONObject.toJSONString(sessionStruct));
+        log.info("stms权限 从redis获取sessionStruct结果：{}",JSONObject.toJSONString(sessionStruct));
        if (sessionStruct == null) {
            OauthResult oauthResult = stmsRemoteService.checkToken(stmsToken);
            if (oauthResult != null && 2000 == oauthResult.getCode()) {
@@ -64,23 +63,20 @@ public class StmsInnerInterceptor implements HandlerInterceptor {
                String userId = String.valueOf(linkedHashMap.get("id"));
                String userName = String.valueOf(linkedHashMap.get("name"));
                sessionStruct = XyqbSessionContextHolder.initSTMSSession(stmsToken, userId, userName);
-                sessionService.persistSession(sessionStruct.getSid(), sessionStruct.getValues(), sessionStruct.getTenantId());
+                sessionService.persistStmsSession(sessionStruct.getSid(), sessionStruct.getValues(), Constants.StmsSession.STMS_SESSION_VALID_TIME,sessionStruct.getTenantId());
            } else {
                throw new BizException(BizExceptionEnum.UN_PERMISSION_STMS);
            }
        } else {
-            //session续期
+            //stms session续期
-            sessionService.persistSession(sessionStruct.getSid(), sessionStruct.getValues(), sessionStruct.getTenantId());
+            sessionService.persistStmsSession(sessionStruct.getSid(), sessionStruct.getValues(), Constants.StmsSession.STMS_SESSION_VALID_TIME,sessionStruct.getTenantId());
-            log.info("sessionStruct续期完成：{}",JSONObject.toJSONString(sessionStruct));
+            log.info("stms权限 sessionStruct续期完成：{}",JSONObject.toJSONString(sessionStruct));
        }
        //校验接口权限
        //smts 租户概念不明确，暂且先统一为560761
        String tenantIdTmp = "560761";
-        OauthResult permissionResult = stmsRemoteService.checkPermission(stmsToken,
+        OauthResult permissionResult = stmsRemoteService.checkPermission(stmsToken,request.getRequestURI(), tenantIdTmp);
-                request.getRequestURI(), tenantIdTmp);
        if (permissionResult != null && 2000 == permissionResult.getCode()) {
            return true;
        } else {

--- a/src/main/java/cn/quantgroup/xyqb/service/session/ISessionService.java
+++ b/src/main/java/cn/quantgroup/xyqb/service/session/ISessionService.java
@@ -19,6 +19,8 @@ public interface ISessionService {
    void persistSession(String token, SessionValue sessionValue,Integer tenantId);
    void persistSession(String token, SessionValue sessionValue,Long time,Integer tenantId);
+    void persistStmsSession(String stmsToken, SessionValue sessionValue,Long time,Integer tenantId);
    void deleteByUserId(long userId,Integer tenantId);
    void deleteUserCatch(User user,Integer tenantId);

--- a/src/main/java/cn/quantgroup/xyqb/service/session/impl/SessionServiceImpl.java
+++ b/src/main/java/cn/quantgroup/xyqb/service/session/impl/SessionServiceImpl.java
@@ -260,6 +260,33 @@ public class SessionServiceImpl implements ISessionService {
        }
    }
+    @Override
+    public void persistStmsSession(String stmsToken, SessionValue sessionValue, Long time, Integer tenantId) {
+        Timestamp current = new Timestamp(System.currentTimeMillis());
+        if (sessionValue == null) {
+            sessionValue = new SessionValue();
+        }
+        if (sessionValue.getLoginProperties() == null) {
+            sessionValue.setLoginProperties(new LoginProperties());
+        }
+        LoginProperties loginProperties = sessionValue.getLoginProperties();
+        loginProperties.setTenantId(tenantId);
+        sessionValue.setLoginProperties(loginProperties);
+        sessionValue.setLastAccessTime(current);
+        String json = JSON.toJSONString(sessionValue);
+        String key;
+        if (Objects.isNull(tenantId) || UserConstant.defaultTenantId.equals(tenantId)) {
+            key = Constants.StmsSession.STMS_USER_SESSION_CACHE + stmsToken;
+        } else {
+            key = Constants.StmsSession.STMS_USER_SESSION_CACHE + tenantId + ":" + stmsToken;
+        }
+        stringRedisTemplate.opsForValue().set(key, json,time, TimeUnit.SECONDS);
+    }
    /**
     * 设置用户token集合方便注销使用
     *

--- a/src/main/java/cn/quantgroup/xyqb/session/XyqbSessionContextHolder.java
+++ b/src/main/java/cn/quantgroup/xyqb/session/XyqbSessionContextHolder.java
@@ -185,6 +185,41 @@ public class XyqbSessionContextHolder {
        }
    }
+    public static SessionStruct getStmsXSessionFromRedis(String token,Integer tenantId,Long registeredFrom) {
+        String stmsTokenKey;
+        if (UserConstant.defaultTenantId.equals(tenantId)) {
+            stmsTokenKey = Constants.StmsSession.STMS_USER_SESSION_CACHE + token;
+        } else {
+            stmsTokenKey = Constants.StmsSession.STMS_USER_SESSION_CACHE + tenantId + ":" + token;
+        }
+        String result = redisTemplate.opsForValue().get(stmsTokenKey);
+        if (StringUtils.isEmpty(result)) {
+            log.warn("[XyqbSessionContextHolder][getStmsXSessionFromRedis] session data 未找到：Tokekn:{},stmsTokenKey:{},sessionValue:{}", token, stmsTokenKey, result);
+            return null;
+        }
+        try {
+            SessionValue values = JSON.parseObject(result, SessionValue.class);
+            SessionStruct sessionStruct = new SessionStruct();
+            if (values == null) {
+                log.warn("[XyqbSessionContextHolder][getStmsXSessionFromRedis] session data 序列化失败：token:{},stmsTokenKey:{},sessionValue:{}", token, stmsTokenKey, result);
+                return null;
+            } else {
+                if (values.getLoginProperties() != null) {
+                    sessionStruct.setTenantId(values.getLoginProperties().getTenantId());
+                    sessionStruct.setRegisteredFrom(registeredFrom);
+                }
+            }
+            sessionStruct.setSid(token);
+            sessionStruct.setValues(values);
+            sessionStruct.setExpire(redisTemplate.getExpire(stmsTokenKey));
+            return sessionStruct;
+        } catch (Exception e) {
+            log.warn("[XyqbSessionContextHolder][getXSessionFromRedis] 序列化SessionValue出错：Tokekn:{},stmsTokenKey:{},sessionValue:{}", token, stmsTokenKey, result, e);
+            return null;
+        }
+    }
    public static void releaseSession() {
        threadSession.remove();
    }