b2baccline/ballcat
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

集成spring-boot-admin 做为 monitor

Browse Source
This commit is contained in:
b2baccline
2019-10-21 20:34:49 +08:00
parent 6fec14df8b
commit 5e569bd3c5
19 changed files with 710 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
ballcat-common/ballcat-common-conf/src/main/java/com/hccake/ballcat/common/conf/config/FilterConfig.java
View File

@@ -1,8 +1,10 @@
package com.hccake.ballcat.common.conf.config;
import com.hccake.ballcat.commom.log.access.service.AccessLogHandlerService;
import com.hccake.ballcat.common.core.filter.ActuatorFilter;
import com.hccake.ballcat.common.core.filter.XSSFilter;
import lombok.extern.slf4j.Slf4j;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.boot.web.servlet.FilterRegistrationBean;
@@ -19,6 +21,11 @@ import org.springframework.context.annotation.Configuration;
@ConditionalOnWebApplication
public class FilterConfig {
@Value("${monitor.secret-id: ballcat-monitor}")
private String secretId;
@Value("${monitor.secret-key: =BallCat-Monitor}")
private String secretKey;
@Bean
@ConditionalOnClass(AccessLogHandlerService.class)
public FilterRegistrationBean<XSSFilter> xssFilterRegistrationBean(){
@@ -28,4 +35,15 @@ public class FilterConfig {
return registrationBean;
}
@Bean
public FilterRegistrationBean<ActuatorFilter> actuatorFilterRegistrationBean(){
log.debug("Actuator 安全过滤器已开启====");
FilterRegistrationBean<ActuatorFilter> registrationBean = new FilterRegistrationBean<>();
ActuatorFilter actuatorFilter = new ActuatorFilter(secretId, secretKey);
registrationBean.setFilter(actuatorFilter);
registrationBean.addUrlPatterns("/actuator/*");
registrationBean.setOrder(0);
return registrationBean;
}
}

24
ballcat-common/ballcat-common-core/src/main/java/com/hccake/ballcat/common/core/constant/HeaderConstants.java Normal file
View File

@@ -0,0 +1,24 @@
package com.hccake.ballcat.common.core.constant;
/**
* @author Hccake
* @version 1.0
* @date 2019/10/31 11:55
*/
public final class HeaderConstants {
private HeaderConstants(){}
/**
* 请求时间戳
*/
public static final String REQ_TIME = "reqTime";
/**
* 请求sign
*/
public static final String SIGN = "sign";
/**
* SECRET_ID
*/
public static final String SECRET_ID = "secretId";
}

84
ballcat-common/ballcat-common-core/src/main/java/com/hccake/ballcat/common/core/filter/ActuatorFilter.java Normal file
View File

@@ -0,0 +1,84 @@
package com.hccake.ballcat.common.core.filter;
import cn.hutool.core.util.StrUtil;
import cn.hutool.crypto.SecureUtil;
import cn.hutool.json.JSONUtil;
import com.hccake.ballcat.common.core.constant.HeaderConstants;
import com.hccake.ballcat.common.core.result.R;
import com.hccake.ballcat.common.core.result.ResultStatus;
import org.springframework.http.HttpStatus;
import org.springframework.http.MediaType;
import org.springframework.web.filter.OncePerRequestFilter;
import javax.servlet.FilterChain;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
/**
* @author Hccake
* @version 1.0
* @date 2019/10/17 20:28
*/
public class ActuatorFilter extends OncePerRequestFilter {
private String secretId;
private String secretKey;
public ActuatorFilter(String secretId, String secretKey){
this.secretId = secretId;
this.secretKey = secretKey;
}
/**
* Same contract as for {@code doFilter}, but guaranteed to be
* just invoked once per request within a single request thread.
* See {@link #shouldNotFilterAsyncDispatch()} for details.
* <p>Provides HttpServletRequest and HttpServletResponse arguments instead of the
* default ServletRequest and ServletResponse ones.
*
* @param request
* @param response
* @param filterChain
*/
@Override
protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException {
// 检验签名是否正确
String reqSecretId = request.getHeader(HeaderConstants.SECRET_ID);
String sign = request.getHeader(HeaderConstants.SIGN);
String reqTime = request.getHeader(HeaderConstants.REQ_TIME);
if (verifySign(reqSecretId, sign, reqTime)) {
filterChain.doFilter(request, response);
}else {
response.setHeader("Content-Type", MediaType.APPLICATION_JSON_UTF8.toString());
response.setStatus(HttpStatus.UNAUTHORIZED.value());
response.getWriter().write(JSONUtil.toJsonStr(R.failed(ResultStatus.UNAUTHORIZED)));
}
}
/**
* 校验sign
* @param reqSecretId
* @param sign
* @param reqTime
* @return
*/
private boolean verifySign(String reqSecretId, String sign, String reqTime) {
if (StrUtil.isNotBlank(sign) && StrUtil.isNotBlank(reqTime) && StrUtil.isNotBlank(reqSecretId)) {
if(!reqSecretId.equals(secretId)){
return false;
}
// 过期时间 30秒失效
long expireTime = 30 * 1000;
long nowTime = System.currentTimeMillis();
if (nowTime - Long.parseLong(reqTime) <= expireTime) {
String reverse = StrUtil.reverse(reqTime);
String checkSign = SecureUtil.md5(reverse + secretId + secretKey);
return StrUtil.equalsIgnoreCase(checkSign, sign);
}
}
return false;
}
}

8
ballcat-common/ballcat-common-core/src/main/java/com/hccake/ballcat/common/core/util/PasswordUtil.java
View File

@@ -36,6 +36,14 @@ public class PasswordUtil {
}
public static String encodeAESBase64(String pass, String secretKey){
AES aes = new AES(Mode.CBC, Padding.NoPadding,
new SecretKeySpec(secretKey.getBytes(), "AES"),
new IvParameterSpec(secretKey.getBytes()));
return aes.encryptBase64(pass, StandardCharsets.UTF_8);
}
public static String encodeBCrypt(String pass){
return ENCODER.encode(pass);
}