From 4595cef06e41202c9db4b614fac1beea458837d9 Mon Sep 17 00:00:00 2001
From: chenbowen <you@example.com>
Date: Tue, 20 Jan 2026 08:57:34 +0800
Subject: [PATCH] =?UTF-8?q?1.=E8=8E=B7=E5=8F=96=20token=20=E5=A4=B1?=
 =?UTF-8?q?=E8=B4=A5=E5=90=8E=E8=BF=9B=E8=A1=8C=E5=8D=81=E6=AC=A1=E9=87=8D?=
 =?UTF-8?q?=E8=AF=95?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../security/GatewaySecurityFilter.java       | 13 ++++---
 .../gateway/ApiAnonymousUserService.java      | 38 ++++++++++++++-----
 2 files changed, 36 insertions(+), 15 deletions(-)

diff --git a/zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/framework/integration/gateway/security/GatewaySecurityFilter.java b/zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/framework/integration/gateway/security/GatewaySecurityFilter.java
index 7bd4e98f..00025b83 100644
--- a/zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/framework/integration/gateway/security/GatewaySecurityFilter.java
+++ b/zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/framework/integration/gateway/security/GatewaySecurityFilter.java
@@ -41,6 +41,7 @@ import java.time.Duration;
 import java.util.LinkedHashMap;
 import java.util.List;
 import java.util.Map;
+import java.util.Optional;
 
 import static com.zt.plat.framework.common.util.security.CryptoSignatureUtils.SIGNATURE_FIELD;
 import static com.zt.plat.module.databus.framework.integration.config.ApiGatewayProperties.*;
@@ -471,11 +472,13 @@ public class GatewaySecurityFilter extends OncePerRequestFilter {
         }
         securedRequest.removeHeader(GatewayJwtResolver.HEADER_ZT_AUTH_TOKEN);
         securedRequest.removeHeader(HttpHeaders.AUTHORIZATION);
-        anonymousUserService.issueAccessToken(anonymousDetails)
-                .ifPresent(token -> {
-                    securedRequest.setHeader(HttpHeaders.AUTHORIZATION, "Bearer " + token);
-                    securedRequest.setHeader(GatewayJwtResolver.HEADER_ZT_AUTH_TOKEN, token);
-                });
+        Optional<String> tokenOptional = anonymousUserService.issueAccessToken(anonymousDetails);
+        if (tokenOptional.isEmpty()) {
+            throw new SecurityValidationException(HttpStatus.UNAUTHORIZED, "匿名访问获取token失败");
+        }
+        String token = tokenOptional.get();
+        securedRequest.setHeader(HttpHeaders.AUTHORIZATION, "Bearer " + token);
+        securedRequest.setHeader(GatewayJwtResolver.HEADER_ZT_AUTH_TOKEN, token);
     }
 
     private static final class SecurityValidationException extends RuntimeException {
diff --git a/zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/service/gateway/ApiAnonymousUserService.java b/zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/service/gateway/ApiAnonymousUserService.java
index 788b0498..ae04eabe 100644
--- a/zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/service/gateway/ApiAnonymousUserService.java
+++ b/zt-module-databus/zt-module-databus-server/src/main/java/com/zt/plat/module/databus/service/gateway/ApiAnonymousUserService.java
@@ -40,6 +40,9 @@ public class ApiAnonymousUserService {
     private final AdminUserApi adminUserApi;
     private final OAuth2TokenCommonApi oauth2TokenApi;
 
+    private static final int RETRY_ATTEMPTS = 10;
+    private static final Duration RETRY_DELAY = Duration.ofSeconds(5);
+
     private LoadingCache<Long, Optional<AnonymousUserDetails>> cache;
 
     @PostConstruct
@@ -105,18 +108,33 @@ public class ApiAnonymousUserService {
         if (details == null) {
             return Optional.empty();
         }
-        try {
-            OAuth2AccessTokenCreateReqDTO req = buildAccessTokenRequest(details);
-            OAuth2AccessTokenRespDTO resp = oauth2TokenApi.createAccessToken(req).getCheckedData();
-            if (resp == null || !StringUtils.hasText(resp.getAccessToken())) {
-                log.warn("[ANONYMOUS] 获取用户 {} 的访问令牌失败: 响应为空", details.getUserId());
-                return Optional.empty();
+        OAuth2AccessTokenCreateReqDTO req = buildAccessTokenRequest(details);
+        Exception lastException = null;
+        for (int attempt = 1; attempt <= RETRY_ATTEMPTS; attempt++) {
+            try {
+                OAuth2AccessTokenRespDTO resp = oauth2TokenApi.createAccessToken(req).getCheckedData();
+                if (resp == null || !StringUtils.hasText(resp.getAccessToken())) {
+                    log.warn("[ANONYMOUS] 获取用户 {} 的访问令牌失败: 响应为空", details.getUserId());
+                    return Optional.empty();
+                }
+                return Optional.of(resp.getAccessToken());
+            } catch (Exception ex) {
+                lastException = ex;
+                if (attempt < RETRY_ATTEMPTS) {
+                    log.warn("[ANONYMOUS] 获取用户 {} 的访问令牌失败，开始第 {} 次重试，原因：{}",
+                            details.getUserId(), attempt, ex.getMessage());
+                    try {
+                        Thread.sleep(RETRY_DELAY.toMillis());
+                    } catch (InterruptedException ie) {
+                        Thread.currentThread().interrupt();
+                        log.error("[ANONYMOUS] 获取用户 {} 的访问令牌重试被中断", details.getUserId());
+                        return Optional.empty();
+                    }
+                }
             }
-            return Optional.of(resp.getAccessToken());
-        } catch (Exception ex) {
-            log.error("[ANONYMOUS] 获取用户 {} 的访问令牌时发生异常", details.getUserId(), ex);
-            return Optional.empty();
         }
+        log.error("[ANONYMOUS] 获取用户 {} 的访问令牌时发生异常", details.getUserId(), lastException);
+        return Optional.empty();
     }
 
     private OAuth2AccessTokenCreateReqDTO buildAccessTokenRequest(AnonymousUserDetails details) {