增加管理员模块~
This commit is contained in:
YunaiV
@@ -1,13 +1,13 @@
|
||||
package cn.iocoder.mall.user.sdk.context;
|
||||
|
||||
/**
|
||||
* Security 上下文
|
||||
* User Security 上下文
|
||||
*/
|
||||
public class SecurityContext {
|
||||
public class UserSecurityContext {
|
||||
|
||||
private final Long uid;
|
||||
|
||||
public SecurityContext(Long uid) {
|
||||
public UserSecurityContext(Long uid) {
|
||||
this.uid = uid;
|
||||
}
|
||||
|
||||
@@ -1,23 +1,23 @@
|
||||
package cn.iocoder.mall.user.sdk.context;
|
||||
|
||||
/**
|
||||
* {@link SecurityContext} Holder
|
||||
* {@link UserSecurityContext} Holder
|
||||
*
|
||||
* 参考 spring security 的 ThreadLocalSecurityContextHolderStrategy 类,简单实现。
|
||||
*/
|
||||
public class SecurityContextHolder {
|
||||
public class UserSecurityContextHolder {
|
||||
|
||||
private static final ThreadLocal<SecurityContext> securityContext = new ThreadLocal<SecurityContext>();
|
||||
private static final ThreadLocal<UserSecurityContext> securityContext = new ThreadLocal<UserSecurityContext>();
|
||||
|
||||
public static void setContext(SecurityContext context) {
|
||||
public static void setContext(UserSecurityContext context) {
|
||||
securityContext.set(context);
|
||||
}
|
||||
|
||||
public static SecurityContext getContext() {
|
||||
SecurityContext ctx = securityContext.get();
|
||||
public static UserSecurityContext getContext() {
|
||||
UserSecurityContext ctx = securityContext.get();
|
||||
// 为空时,设置一个空的进去
|
||||
if (ctx == null) {
|
||||
ctx = new SecurityContext(null);
|
||||
ctx = new UserSecurityContext(null);
|
||||
securityContext.set(ctx);
|
||||
}
|
||||
return ctx;
|
||||
@@ -1,15 +1,15 @@
|
||||
package cn.iocoder.mall.user.sdk.interceptor;
|
||||
|
||||
import cn.iocoder.common.framework.exception.ServiceException;
|
||||
import cn.iocoder.common.framework.util.HttpUtil;
|
||||
import cn.iocoder.common.framework.vo.CommonResult;
|
||||
import cn.iocoder.mall.user.sdk.annotation.PermitAll;
|
||||
import cn.iocoder.mall.user.sdk.context.SecurityContext;
|
||||
import cn.iocoder.mall.user.sdk.context.SecurityContextHolder;
|
||||
import cn.iocoder.mall.user.sdk.context.UserSecurityContext;
|
||||
import cn.iocoder.mall.user.sdk.context.UserSecurityContextHolder;
|
||||
import cn.iocoder.mall.user.service.api.OAuth2Service;
|
||||
import cn.iocoder.mall.user.service.api.bo.OAuth2AuthenticationBO;
|
||||
import com.alibaba.dubbo.config.annotation.Reference;
|
||||
import org.springframework.stereotype.Component;
|
||||
import org.springframework.util.StringUtils;
|
||||
import org.springframework.web.method.HandlerMethod;
|
||||
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
|
||||
|
||||
@@ -21,7 +21,7 @@ import javax.servlet.http.HttpServletResponse;
|
||||
* 安全拦截器
|
||||
*/
|
||||
@Component
|
||||
public class SecurityInterceptor extends HandlerInterceptorAdapter {
|
||||
public class UserSecurityInterceptor extends HandlerInterceptorAdapter {
|
||||
|
||||
@Reference
|
||||
private OAuth2Service oauth2Service;
|
||||
@@ -29,7 +29,7 @@ public class SecurityInterceptor extends HandlerInterceptorAdapter {
|
||||
@Override
|
||||
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
|
||||
// 校验访问令牌是否正确。若正确,返回授权信息
|
||||
String accessToken = obtainAccess(request);
|
||||
String accessToken = HttpUtil.obtainAccess(request);
|
||||
OAuth2AuthenticationBO authentication = null;
|
||||
if (accessToken != null) {
|
||||
CommonResult<OAuth2AuthenticationBO> result = oauth2Service.checkToken(accessToken);
|
||||
@@ -38,8 +38,8 @@ public class SecurityInterceptor extends HandlerInterceptorAdapter {
|
||||
}
|
||||
authentication = result.getData();
|
||||
// 添加到 SecurityContext
|
||||
SecurityContext context = new SecurityContext(authentication.getUid());
|
||||
SecurityContextHolder.setContext(context);
|
||||
UserSecurityContext context = new UserSecurityContext(authentication.getUid());
|
||||
UserSecurityContextHolder.setContext(context);
|
||||
}
|
||||
// 校验是否需要已授权
|
||||
HandlerMethod method = (HandlerMethod) handler;
|
||||
@@ -53,19 +53,7 @@ public class SecurityInterceptor extends HandlerInterceptorAdapter {
|
||||
@Override
|
||||
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) {
|
||||
// 清空 SecurityContext
|
||||
SecurityContextHolder.clear();
|
||||
}
|
||||
|
||||
private String obtainAccess(HttpServletRequest request) {
|
||||
String authorization = request.getHeader("Authorization");
|
||||
if (!StringUtils.hasText(authorization)) {
|
||||
return null;
|
||||
}
|
||||
int index = authorization.indexOf("Bearer ");
|
||||
if (index == -1) { // 未找到
|
||||
return null;
|
||||
}
|
||||
return authorization.substring(index + 7).trim();
|
||||
UserSecurityContextHolder.clear();
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,6 +1,6 @@
|
||||
/**
|
||||
* 提供 SDK 给其它服务,使用如下功能:
|
||||
*
|
||||
* 1. 通过 {@link } 拦截器,
|
||||
* 1. 通过 {@link cn.iocoder.mall.user.sdk.interceptor.UserSecurityInterceptor} 拦截器,实现需要登陆 URL 的鉴权
|
||||
*/
|
||||
package cn.iocoder.mall.user.sdk;
|
||||
Reference in New Issue
Block a user