From 828419c76f52b23a474e9789c4705256ce87cbe8 Mon Sep 17 00:00:00 2001 From: cyjseagull Date: Mon, 2 Sep 2024 11:45:10 +0800 Subject: [PATCH] fix api signuature credential auth bug --- wedpr-adm/conf/application-wedpr.properties | 2 ++ wedpr-admin/conf/application-wedpr.properties | 1 + .../core/impl/MemoryCredentialCache.java | 13 +++++++++++-- .../security/cache/impl/MemoryUserCache.java | 15 ++++++++++++--- .../security/filter/APISignatureAuthFilter.java | 6 ++++++ .../security/filter/JwtAuthenticationFilter.java | 5 +++-- .../sync/impl/BlockChainResourceSyncImpl.java | 1 + 7 files changed, 36 insertions(+), 7 deletions(-) diff --git a/wedpr-adm/conf/application-wedpr.properties b/wedpr-adm/conf/application-wedpr.properties index 7c83aa12..e00bc2dd 100644 --- a/wedpr-adm/conf/application-wedpr.properties +++ b/wedpr-adm/conf/application-wedpr.properties @@ -94,3 +94,5 @@ quartz-cron-report-job=0/2 * * * * ? * springfox.documentation.enabled=true +server.type=site_end + diff --git a/wedpr-admin/conf/application-wedpr.properties b/wedpr-admin/conf/application-wedpr.properties index d3bd9bda..611f1fee 100644 --- a/wedpr-admin/conf/application-wedpr.properties +++ b/wedpr-admin/conf/application-wedpr.properties @@ -89,4 +89,5 @@ wedpr.user.jwt.publicKey= wedpr.user.jwt.sessionKey= springfox.documentation.enabled=true +server.type=admin_end diff --git a/wedpr-components/api-credential/src/main/java/com/webank/wedpr/components/api/credential/core/impl/MemoryCredentialCache.java b/wedpr-components/api-credential/src/main/java/com/webank/wedpr/components/api/credential/core/impl/MemoryCredentialCache.java index b2a631b7..a468a116 100644 --- a/wedpr-components/api-credential/src/main/java/com/webank/wedpr/components/api/credential/core/impl/MemoryCredentialCache.java +++ b/wedpr-components/api-credential/src/main/java/com/webank/wedpr/components/api/credential/core/impl/MemoryCredentialCache.java @@ -28,7 +28,7 @@ import org.slf4j.LoggerFactory; public class MemoryCredentialCache implements CredentialCache { - private static Logger logger = LoggerFactory.getLogger(MemoryCredentialCache.class); + private static final Logger logger = LoggerFactory.getLogger(MemoryCredentialCache.class); private final ApiCredentialMapper credentialMapper; private final CredentialToolkit credentialToolkit; @@ -55,9 +55,18 @@ public MemoryCredentialCache( this.credentialToolkit = credentialToolkit; } + private ApiCredentialDO loadCache(String accessKeyID) { + try { + return cache.get(accessKeyID); + } catch (Exception e) { + logger.warn("get {} failed for ", accessKeyID, e); + return null; + } + } + @Override public ApiCredentialDO getAccessKey(String accessKeyID) { - return cache.getIfPresent(accessKeyID); + return loadCache(accessKeyID); } public ApiCredentialDO fetchCredential(String accessKeyID) throws NoValueInCacheException { diff --git a/wedpr-components/security/src/main/java/com/webank/wedpr/components/security/cache/impl/MemoryUserCache.java b/wedpr-components/security/src/main/java/com/webank/wedpr/components/security/cache/impl/MemoryUserCache.java index 751e80d7..a81b28a6 100644 --- a/wedpr-components/security/src/main/java/com/webank/wedpr/components/security/cache/impl/MemoryUserCache.java +++ b/wedpr-components/security/src/main/java/com/webank/wedpr/components/security/cache/impl/MemoryUserCache.java @@ -75,7 +75,7 @@ public MemoryUserCache( new CacheLoader() { @Override public UserToken load(String username) throws NoValueInCacheException { - logger.info("从数据库查询用户信息:{}", username); + logger.info("fetch userInformation from DB:{}", username); // check the existence of user if (wedprUserService.getWedprUserByNameService(username) != null) { return fetchUserToken(username); @@ -96,7 +96,7 @@ public UserToken load(String username) throws NoValueInCacheException { public Pair getUserToken(HttpServletRequest request) throws Exception { UserToken userToken = TokenUtils.getLoginUser(request); String username = userToken.getUsername(); - UserToken latestUserToken = userCache.getIfPresent(username); + UserToken latestUserToken = loadUserToken(username); // the user not exists if (latestUserToken == null) { return null; @@ -113,10 +113,19 @@ public Pair getUserToken(HttpServletRequest request) throws return new ImmutablePair<>(false, userToken); } + private UserToken loadUserToken(String userName) { + try { + return userCache.get(userName); + } catch (Exception e) { + logger.warn("get record for {} failed, error: ", e.getMessage()); + return null; + } + } + @Override public UserToken getUserToken(String userName) throws Exception { wedprUserService.updateAllowedTimeAndTryCount(userName, 0L, 0); - return userCache.getIfPresent(userName); + return loadUserToken(userName); } @Override diff --git a/wedpr-components/security/src/main/java/com/webank/wedpr/components/security/filter/APISignatureAuthFilter.java b/wedpr-components/security/src/main/java/com/webank/wedpr/components/security/filter/APISignatureAuthFilter.java index 805dcb26..3d2ccacc 100644 --- a/wedpr-components/security/src/main/java/com/webank/wedpr/components/security/filter/APISignatureAuthFilter.java +++ b/wedpr-components/security/src/main/java/com/webank/wedpr/components/security/filter/APISignatureAuthFilter.java @@ -28,6 +28,7 @@ import lombok.SneakyThrows; import org.springframework.security.authentication.AuthenticationManager; import org.springframework.security.web.authentication.www.BasicAuthenticationFilter; +import org.springframework.util.StringUtils; public class APISignatureAuthFilter extends BasicAuthenticationFilter { private final CredentialVerifier credentialVerifier; @@ -47,6 +48,11 @@ public APISignatureAuthFilter( protected void doFilterInternal( HttpServletRequest request, HttpServletResponse response, FilterChain chain) { try { + // auth by token + if (!StringUtils.isEmpty(request.getHeader(Constant.TOKEN_FIELD))) { + chain.doFilter(request, response); + return; + } ApiCredentialDO credential = this.credentialVerifier.verify(request); UserToken userToken = userCache.getUserToken(credential.getOwner()); if (userToken == null) { diff --git a/wedpr-components/security/src/main/java/com/webank/wedpr/components/security/filter/JwtAuthenticationFilter.java b/wedpr-components/security/src/main/java/com/webank/wedpr/components/security/filter/JwtAuthenticationFilter.java index 92f901ef..0e40bcbc 100644 --- a/wedpr-components/security/src/main/java/com/webank/wedpr/components/security/filter/JwtAuthenticationFilter.java +++ b/wedpr-components/security/src/main/java/com/webank/wedpr/components/security/filter/JwtAuthenticationFilter.java @@ -74,9 +74,10 @@ protected void doFilterInternal( response.setHeader(Constant.TOKEN_FIELD, newJwt); chain.doFilter(request, response); } catch (Exception e) { - logger.info("认证已过期或token错误,请重新登录: ", e); + logger.info("jwt auth failed, error: ", e); String wedprResponse = - new WeDPRResponse(Constant.WEDPR_FAILED, "认证已过期或token错误,请重新登录").serialize(); + new WeDPRResponse(Constant.WEDPR_FAILED, "auth failed for " + e.getMessage()) + .serialize(); TokenUtils.responseToClient(response, wedprResponse, HttpServletResponse.SC_FORBIDDEN); } } diff --git a/wedpr-components/sync/src/main/java/com/webank/wedpr/components/sync/impl/BlockChainResourceSyncImpl.java b/wedpr-components/sync/src/main/java/com/webank/wedpr/components/sync/impl/BlockChainResourceSyncImpl.java index 4f41b57c..9bd885c1 100644 --- a/wedpr-components/sync/src/main/java/com/webank/wedpr/components/sync/impl/BlockChainResourceSyncImpl.java +++ b/wedpr-components/sync/src/main/java/com/webank/wedpr/components/sync/impl/BlockChainResourceSyncImpl.java @@ -170,6 +170,7 @@ private void switchToLeader(String leaderID) { EventSubParams eventSubParams = new EventSubParams(); eventSubParams.setFromBlock(blockNumber); eventSubParams.setToBlock(BigInteger.valueOf(-1)); + eventSubParams.addAddress(WeDPRSyncConfig.getResourceLogRecordFactoryContractAddress()); int i = 0; for (String topic : topics) { eventSubParams.addTopic(i, topic);