Merge branch 'refs/heads/master' into dev/数据库统合2

# Conflicts: # src/main/java/com/genersoft/iot/vmp/conf/UserSetting.java # src/main/java/com/genersoft/iot/vmp/gb28181/controller/DeviceConfig.java # src/main/java/com/genersoft/iot/vmp/gb28181/controller/GBRecordController.java # src/main/java/com/genersoft/iot/vmp/gb28181/service/IDeviceService.java # src/main/java/com/genersoft/iot/vmp/gb28181/service/IGbChannelPlayService.java # src/main/java/com/genersoft/iot/vmp/gb28181/service/impl/DeviceServiceImpl.java # src/main/java/com/genersoft/iot/vmp/gb28181/service/impl/GbChannelPlayServiceImpl.java # src/main/java/com/genersoft/iot/vmp/gb28181/service/impl/PlayServiceImpl.java # src/main/java/com/genersoft/iot/vmp/streamProxy/service/impl/StreamProxyPlayServiceImpl.java # src/main/resources/配置详情.yml
2025-02-11 19:30:20 +08:00
parent c38c4e3979 d08248aae9
commit b6c3f42a1f
43 changed files with 370 additions and 180 deletions
--- a/src/main/java/com/genersoft/iot/vmp/conf/UserSetting.java
+++ b/src/main/java/com/genersoft/iot/vmp/conf/UserSetting.java
@@ -180,6 +180,11 @@ public class UserSetting {
     */
    private long loginTimeout = 30;

+    /**
+     * jwk文件路径，若不指定则使用resources目录下的jwk.json
+     */
+    private String jwkFile = "classpath:jwk.json";
+
    /**
     * wvp集群模式下如果注册向上级的wvp奔溃，则自动选择一个其他wvp继续注册到上级
     */
--- a/src/main/java/com/genersoft/iot/vmp/conf/security/JwtUtils.java
+++ b/src/main/java/com/genersoft/iot/vmp/conf/security/JwtUtils.java
@@ -21,12 +21,16 @@ import org.jose4j.jwt.consumer.JwtConsumer;
 import org.jose4j.jwt.consumer.JwtConsumerBuilder;
 import org.jose4j.lang.JoseException;
 import org.springframework.beans.factory.InitializingBean;
+import org.springframework.core.io.ClassPathResource;
 import org.springframework.stereotype.Component;

 import javax.annotation.Resource;
 import java.io.BufferedReader;
+import java.io.File;
+import java.io.InputStream;
 import java.io.InputStreamReader;
 import java.nio.charset.StandardCharsets;
+import java.nio.file.Files;
 import java.time.LocalDateTime;
 import java.time.ZoneOffset;
 import java.util.List;
@@ -92,8 +96,46 @@ public class JwtUtils implements InitializingBean {
     */
    private RsaJsonWebKey generateRsaJsonWebKey() throws JoseException {
        RsaJsonWebKey rsaJsonWebKey = null;
-        try (BufferedReader reader = new BufferedReader(new InputStreamReader(getClass().getClassLoader().getResourceAsStream("/jwk.json"), StandardCharsets.UTF_8))) {
-            String jwkJson = reader.readLine();
+        try {
+            String jwkFile = userSetting.getJwkFile();
+            InputStream inputStream = null;
+            if (jwkFile.startsWith("classpath:")){
+                String filePath = jwkFile.substring("classpath:".length());
+                ClassPathResource civilCodeFile = new ClassPathResource(filePath);
+                if (civilCodeFile.exists()) {
+                    inputStream = civilCodeFile.getInputStream();
+                }
+            }else {
+                File civilCodeFile = new File(userSetting.getCivilCodeFile());
+                if (civilCodeFile.exists()) {
+                    inputStream = Files.newInputStream(civilCodeFile.toPath());
+                }
+
+            }
+            if (inputStream == null ) {
+                log.warn("[API AUTH] 读取jwk.json失败，文件不存在，将使用新生成的随机RSA密钥对");
+                // 生成一个RSA密钥对，该密钥对将用于JWT的签名和验证，包装在JWK中
+                rsaJsonWebKey = RsaJwkGenerator.generateJwk(2048);
+                // 给JWK一个密钥ID
+                rsaJsonWebKey.setKeyId(keyId);
+                return rsaJsonWebKey;
+            }
+            BufferedReader inputStreamReader = new BufferedReader(new InputStreamReader(inputStream, StandardCharsets.UTF_8));
+            int index = -1;
+            String line;
+            StringBuilder content = new StringBuilder();
+            while ((line = inputStreamReader.readLine()) != null) {
+                content.append(line);
+                index ++;
+                if (index == 0) {
+                    continue;
+                }
+            }
+            inputStreamReader.close();
+            inputStream.close();
+
+
+            String jwkJson = content.toString();
            JsonWebKeySet jsonWebKeySet = new JsonWebKeySet(jwkJson);
            List<JsonWebKey> jsonWebKeys = jsonWebKeySet.getJsonWebKeys();
            if (!jsonWebKeys.isEmpty()) {
@@ -102,14 +144,15 @@ public class JwtUtils implements InitializingBean {
                    rsaJsonWebKey = (RsaJsonWebKey) jsonWebKey;
                }
            }
-        } catch (Exception e) {
-            // ignored
-        }
+        } catch (Exception ignore) {}
        if (rsaJsonWebKey == null) {
+            log.warn("[API AUTH] 读取jwk.json失败，获取内容失败，将使用新生成的随机RSA密钥对");
            // 生成一个RSA密钥对，该密钥对将用于JWT的签名和验证，包装在JWK中
            rsaJsonWebKey = RsaJwkGenerator.generateJwk(2048);
            // 给JWK一个密钥ID
            rsaJsonWebKey.setKeyId(keyId);
+        }else {
+            log.info("[API AUTH] 读取jwk.json成功");
        }
        return rsaJsonWebKey;
    }
--- a/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
+++ b/src/main/java/com/genersoft/iot/vmp/conf/security/WebSecurityConfig.java
@@ -148,8 +148,10 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
            corsConfiguration.setAllowCredentials(true);
            corsConfiguration.setAllowedOrigins(userSetting.getAllowedOrigins());
        }else {
-            corsConfiguration.setAllowCredentials(false);
-            corsConfiguration.setAllowedOrigins(Collections.singletonList(CorsConfiguration.ALL));
+            // 在SpringBoot 2.4及以上版本处理跨域时，遇到错误提示：当allowCredentials为true时，allowedOrigins不能包含特殊值"*"。
+            // 解决方法是明确指定allowedOrigins或使用allowedOriginPatterns。
+            corsConfiguration.setAllowCredentials(true);
+            corsConfiguration.addAllowedOriginPattern(CorsConfiguration.ALL); // 默认全部允许所有跨域
        }

        corsConfiguration.setExposedHeaders(Arrays.asList(JwtUtils.getHeader()));