创建 mall-spring-boot-starter-security-user 模块，用于用户的认证拦截器

common/common-framework/src/main/java/cn/iocoder/common/framework/util/ServiceExceptionUtil.java

@@ -71,11 +71,13 @@ public class ServiceExceptionUtil {
     }
 
     public static ServiceException exception(Enumerable enumerable) {
-        return exception(enumerable.getCode());
+        String messagePattern = messages.getOrDefault(enumerable.getCode(), enumerable.getMessage());
+        return exception0(enumerable.getCode(), messagePattern);
     }
 
     public static ServiceException exception(Enumerable enumerable, Object... params) {
-        return exception(enumerable.getCode(), params);
+        String messagePattern = messages.getOrDefault(enumerable.getCode(), enumerable.getMessage());
+        return exception0(enumerable.getCode(), messagePattern, params);
     }
 
     /**

common/mall-security-annotations/pom.xml

@@ -0,0 +1,15 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>common</artifactId>
+        <groupId>cn.iocoder.mall</groupId>
+        <version>1.0-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>mall-security-annotations</artifactId>
+
+
+</project>

common/mall-security-annotations/src/main/java/cn/iocoder/security/annotations/RequiresAuthenticate.java

@@ -1,4 +1,4 @@
-package cn.iocoder.mall.security.core.annotation;
+package cn.iocoder.security.annotations;
 
 import java.lang.annotation.*;
 

common/mall-security-annotations/src/main/java/cn/iocoder/security/annotations/RequiresNone.java

@@ -1,4 +1,4 @@
-package cn.iocoder.mall.security.core.annotation;
+package cn.iocoder.security.annotations;
 
 import java.lang.annotation.*;
 

common/mall-security-annotations/src/main/java/cn/iocoder/security/annotations/RequiresPermissions.java

@@ -1,4 +1,4 @@
-package cn.iocoder.mall.security.core.annotation;
+package cn.iocoder.security.annotations;
 
 import java.lang.annotation.*;
 

common/mall-spring-boot-starter-security-user/pom.xml

@@ -0,0 +1,47 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>common</artifactId>
+        <groupId>cn.iocoder.mall</groupId>
+        <version>1.0-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>mall-spring-boot-starter-security-user</artifactId>
+
+    <dependencies>
+        <!-- Mall 相关 -->
+        <dependency>
+            <groupId>cn.iocoder.mall</groupId>
+            <artifactId>system-service-api</artifactId>
+            <version>1.0-SNAPSHOT</version>
+        </dependency>
+
+        <!-- Spring 核心 -->
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-configuration-processor</artifactId>
+            <optional>true</optional>
+        </dependency>
+
+        <!-- Web 相关 -->
+        <dependency>
+            <groupId>cn.iocoder.mall</groupId>
+            <artifactId>mall-spring-boot-starter-web</artifactId>
+        </dependency>
+
+        <dependency>
+            <groupId>cn.iocoder.mall</groupId>
+            <artifactId>mall-security-annotations</artifactId>
+        </dependency>
+
+        <!-- RPC 相关 -->
+        <dependency>
+            <groupId>org.apache.dubbo</groupId>
+            <artifactId>dubbo</artifactId>
+        </dependency>
+    </dependencies>
+
+</project>

common/mall-spring-boot-starter-security-user/src/main/java/cn/iocoder/mall/security/user/config/UserSecurityAutoConfiguration.java

@@ -0,0 +1,35 @@
+package cn.iocoder.mall.security.user.config;
+
+import cn.iocoder.mall.security.user.core.interceptor.UserSecurityInterceptor;
+import cn.iocoder.mall.web.config.CommonWebAutoConfiguration;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.boot.autoconfigure.AutoConfigureAfter;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+@Configuration
+@AutoConfigureAfter(CommonWebAutoConfiguration.class) // 在 CommonWebAutoConfiguration 之后自动配置，保证过滤器的顺序
+@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
+public class UserSecurityAutoConfiguration implements WebMvcConfigurer {
+
+    private Logger logger = LoggerFactory.getLogger(getClass());
+
+    // ========== 拦截器相关 ==========
+
+    @Bean
+    public UserSecurityInterceptor userSecurityInterceptor() {
+        return new UserSecurityInterceptor();
+    }
+
+    @Override
+    public void addInterceptors(InterceptorRegistry registry) {
+        // UserSecurityInterceptor 拦截器
+        registry.addInterceptor(this.userSecurityInterceptor());
+        logger.info("[addInterceptors][加载 UserSecurityInterceptor 拦截器完成]");
+    }
+
+}

common/mall-spring-boot-starter-security-user/src/main/java/cn/iocoder/mall/security/user/core/context/UserSecurityContext.java

@@ -0,0 +1,18 @@
+package cn.iocoder.mall.security.user.core.context;
+
+import lombok.Data;
+import lombok.experimental.Accessors;
+
+/**
+ * User Security 上下文
+ */
+@Data
+@Accessors(chain = true)
+public class UserSecurityContext {
+
+    /**
+     * 用户编号
+     */
+    private Integer userId;
+
+}

common/mall-spring-boot-starter-security-user/src/main/java/cn/iocoder/mall/security/user/core/context/UserSecurityContextHolder.java

@@ -0,0 +1,35 @@
+package cn.iocoder.mall.security.user.core.context;
+
+/**
+ * {@link UserSecurityContext} Holder
+ *
+ * 参考 spring security 的 ThreadLocalSecurityContextHolderStrategy 类，简单实现。
+ */
+public class UserSecurityContextHolder {
+
+    private static final ThreadLocal<UserSecurityContext> SECURITY_CONTEXT = new ThreadLocal<UserSecurityContext>();
+
+    public static void setContext(UserSecurityContext context) {
+        SECURITY_CONTEXT.set(context);
+    }
+
+    public static UserSecurityContext getContext() {
+        UserSecurityContext ctx = SECURITY_CONTEXT.get();
+        // 为空时，设置一个空的进去
+        if (ctx == null) {
+            ctx = new UserSecurityContext();
+            SECURITY_CONTEXT.set(ctx);
+        }
+        return ctx;
+    }
+
+    public static Integer getUserId() {
+        UserSecurityContext ctx = SECURITY_CONTEXT.get();
+        return ctx != null ? ctx.getUserId() : null;
+    }
+
+    public static void clear() {
+        SECURITY_CONTEXT.remove();
+    }
+
+}

common/mall-spring-boot-starter-security-user/src/main/java/cn/iocoder/mall/security/user/core/interceptor/UserSecurityInterceptor.java

@@ -0,0 +1,72 @@
+package cn.iocoder.mall.security.user.core.interceptor;
+
+import cn.iocoder.common.framework.enums.UserTypeEnum;
+import cn.iocoder.common.framework.util.HttpUtil;
+import cn.iocoder.common.framework.util.ServiceExceptionUtil;
+import cn.iocoder.common.framework.vo.CommonResult;
+import cn.iocoder.mall.security.user.core.context.UserSecurityContext;
+import cn.iocoder.mall.security.user.core.context.UserSecurityContextHolder;
+import cn.iocoder.mall.systemservice.enums.SystemErrorCodeEnum;
+import cn.iocoder.mall.systemservice.rpc.oauth.OAuth2Rpc;
+import cn.iocoder.mall.systemservice.rpc.oauth.vo.OAuth2AccessTokenVO;
+import cn.iocoder.mall.web.core.util.CommonWebUtil;
+import cn.iocoder.security.annotations.RequiresAuthenticate;
+import cn.iocoder.security.annotations.RequiresPermissions;
+import org.apache.dubbo.config.annotation.Reference;
+import org.springframework.web.method.HandlerMethod;
+import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import static cn.iocoder.mall.systemservice.enums.SystemErrorCodeEnum.OAUTH_USER_TYPE_ERROR;
+
+public class UserSecurityInterceptor extends HandlerInterceptorAdapter {
+
+    @Reference(validation = "true", version = "${dubbo.consumer.OAuth2Rpc.version}")
+    private OAuth2Rpc oauth2Rpc;
+
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
+        // 获得访问令牌
+        String accessToken = HttpUtil.obtainAuthorization(request);
+        Integer userId = null;
+        if (accessToken != null) {
+            CommonResult<OAuth2AccessTokenVO> checkAccessTokenResult = oauth2Rpc.checkAccessToken(accessToken);
+            checkAccessTokenResult.checkError();
+            // 校验用户类型正确
+            if (!UserTypeEnum.USER.getValue().equals(checkAccessTokenResult.getData().getUserType())) {
+                throw ServiceExceptionUtil.exception(OAUTH_USER_TYPE_ERROR);
+            }
+            // 获得用户编号
+            userId = checkAccessTokenResult.getData().getUserId();
+            // 设置到 Request 中
+            CommonWebUtil.setUserId(request, userId);
+            CommonWebUtil.setUserType(request, UserTypeEnum.USER.getValue());
+            // 设置到
+            UserSecurityContext userSecurityContext = new UserSecurityContext().setUserId(userId);
+            UserSecurityContextHolder.setContext(userSecurityContext);
+        }
+        // 校验认证
+        this.checkAuthentication((HandlerMethod) handler, userId);
+        return true;
+    }
+
+    private void checkAuthentication(HandlerMethod handlerMethod, Integer userId) {
+        boolean requiresAuthenticate = false; // 对于 USER 来说，默认无需登录
+        if (handlerMethod.hasMethodAnnotation(RequiresAuthenticate.class)
+                || handlerMethod.hasMethodAnnotation(RequiresPermissions.class)) { // 如果需要权限验证，也认为需要认证
+            requiresAuthenticate = true;
+        }
+        if (requiresAuthenticate && userId == null) {
+            throw ServiceExceptionUtil.exception(SystemErrorCodeEnum.OAUTH2_NOT_AUTHENTICATION);
+        }
+    }
+
+    @Override
+    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) {
+        // 清空 SecurityContext
+        UserSecurityContextHolder.clear();
+    }
+
+}

common/mall-spring-boot-starter-security-user/src/main/resources/META-INF/spring.factories

@@ -0,0 +1,2 @@
+org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
+  cn.iocoder.mall.security.user.config.UserSecurityAutoConfiguration

common/pom.xml

@@ -16,7 +16,9 @@
         <module>mall-spring-boot</module>
         <module>mall-spring-boot-starter-swagger</module>
         <module>mall-spring-boot-starter-web</module>
+        <module>mall-security-annotations</module>
         <module>mall-spring-boot-starter-security</module>
+        <module>mall-spring-boot-starter-security-user</module>
         <module>mall-spring-boot-starter-mybatis</module>
     </modules>
     <dependencies>