1. 完成 auth 鉴权逻辑
2. 完成 admin 获取 Admin 上下文 3. 完成 user 获取 User 上下文
This commit is contained in:
YunaiV
@@ -1,6 +1,9 @@
|
||||
package cn.iocoder.mall.security.config;
|
||||
|
||||
import cn.iocoder.mall.security.core.interceptor.AccountAuthInterceptor;
|
||||
import cn.iocoder.mall.security.core.interceptor.AdminDemoInterceptor;
|
||||
import cn.iocoder.mall.security.core.interceptor.AdminSecurityInterceptor;
|
||||
import cn.iocoder.mall.security.core.interceptor.UserSecurityInterceptor;
|
||||
import cn.iocoder.mall.web.config.CommonWebAutoConfiguration;
|
||||
import cn.iocoder.mall.web.core.constant.CommonMallConstants;
|
||||
import org.slf4j.Logger;
|
||||
@@ -30,6 +33,21 @@ public class CommonSecurityAutoConfiguration implements WebMvcConfigurer {
|
||||
return new AccountAuthInterceptor(false);
|
||||
}
|
||||
|
||||
@Bean
|
||||
public AdminSecurityInterceptor adminSecurityInterceptor() {
|
||||
return new AdminSecurityInterceptor();
|
||||
}
|
||||
|
||||
@Bean
|
||||
public UserSecurityInterceptor userSecurityInterceptor() {
|
||||
return new UserSecurityInterceptor();
|
||||
}
|
||||
|
||||
@Bean
|
||||
public AdminDemoInterceptor adminDemoInterceptor() {
|
||||
return new AdminDemoInterceptor();
|
||||
}
|
||||
|
||||
@Override
|
||||
public void addInterceptors(InterceptorRegistry registry) {
|
||||
// AccountAuthInterceptor 拦截器
|
||||
@@ -38,6 +56,18 @@ public class CommonSecurityAutoConfiguration implements WebMvcConfigurer {
|
||||
registry.addInterceptor(this.adminAccountAuthInterceptor())
|
||||
.addPathPatterns(CommonMallConstants.ROOT_PATH_ADMIN + "/**");
|
||||
logger.info("[addInterceptors][加载 AccountAuthInterceptor 拦截器完成]");
|
||||
// AdminSecurityInterceptor 拦截器
|
||||
registry.addInterceptor(this.adminSecurityInterceptor())
|
||||
.addPathPatterns(CommonMallConstants.ROOT_PATH_ADMIN + "/**");
|
||||
logger.info("[addInterceptors][加载 AdminSecurityInterceptor 拦截器完成]");
|
||||
// UserSecurityInterceptor 拦截器
|
||||
registry.addInterceptor(this.userAccountAuthInterceptor())
|
||||
.addPathPatterns(CommonMallConstants.ROOT_PATH_USER + "/**");
|
||||
logger.info("[addInterceptors][加载 UserSecurityInterceptor 拦截器完成]");
|
||||
// AdminDemoInterceptor 拦截器
|
||||
registry.addInterceptor(this.adminDemoInterceptor())
|
||||
.addPathPatterns(CommonMallConstants.ROOT_PATH_ADMIN + "/**");
|
||||
logger.info("[addInterceptors][加载 AdminDemoInterceptor 拦截器完成]");
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -19,6 +19,6 @@ public @interface RequiresPermissions {
|
||||
*
|
||||
* @return 权限标识数组
|
||||
*/
|
||||
String[] value();
|
||||
String[] value() default {};
|
||||
|
||||
}
|
||||
|
||||
@@ -14,9 +14,5 @@ public class AdminSecurityContext {
|
||||
* 管理员编号
|
||||
*/
|
||||
private Integer adminId;
|
||||
/**
|
||||
* 管理员账号
|
||||
*/
|
||||
private String username;
|
||||
|
||||
}
|
||||
|
||||
@@ -8,7 +8,9 @@ import cn.iocoder.mall.security.core.annotation.RequiresAuthenticate;
|
||||
import cn.iocoder.mall.security.core.annotation.RequiresNone;
|
||||
import cn.iocoder.mall.security.core.annotation.RequiresPermissions;
|
||||
import cn.iocoder.mall.system.biz.enums.SystemErrorCodeEnum;
|
||||
import cn.iocoder.mall.system.rpc.api.authorization.AuthorizationRPC;
|
||||
import cn.iocoder.mall.system.rpc.api.oauth2.OAuth2RPC;
|
||||
import cn.iocoder.mall.system.rpc.request.authorization.AuthorizationCheckPermissionsRequest;
|
||||
import cn.iocoder.mall.system.rpc.request.oauth2.OAuth2AccessTokenAuthenticateRequest;
|
||||
import cn.iocoder.mall.system.rpc.response.oauth2.OAuth2AccessTokenResponse;
|
||||
import cn.iocoder.mall.web.core.util.CommonWebUtil;
|
||||
@@ -21,6 +23,7 @@ import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.util.Arrays;
|
||||
|
||||
public class AccountAuthInterceptor extends HandlerInterceptorAdapter {
|
||||
|
||||
@@ -28,7 +31,8 @@ public class AccountAuthInterceptor extends HandlerInterceptorAdapter {
|
||||
|
||||
@Reference(validation = "true", version = "${dubbo.consumer.OAuth2RPC.version}")
|
||||
private OAuth2RPC oauth2RPC;
|
||||
|
||||
@Reference(validation = "true", version = "${dubbo.consumer.AuthorizationRPC.version}")
|
||||
private AuthorizationRPC authorizationRPC;
|
||||
|
||||
/**
|
||||
* 是否默认要求认证
|
||||
@@ -51,7 +55,7 @@ public class AccountAuthInterceptor extends HandlerInterceptorAdapter {
|
||||
// 判断是否需要认证
|
||||
this.checkAuthenticate(handlerMethod, accountId);
|
||||
// 判断是否需要权限
|
||||
|
||||
this.checkPermission(handlerMethod, accountId);
|
||||
return true;
|
||||
}
|
||||
|
||||
@@ -63,12 +67,12 @@ public class AccountAuthInterceptor extends HandlerInterceptorAdapter {
|
||||
// 执行认证
|
||||
OAuth2AccessTokenAuthenticateRequest oauth2AccessTokenAuthenticateRequest = new OAuth2AccessTokenAuthenticateRequest()
|
||||
.setAccessToken(accessToken).setIp(HttpUtil.getIp(request));
|
||||
CommonResult<OAuth2AccessTokenResponse> oauth2AccessTokenResponseResult = oauth2RPC.authenticate(oauth2AccessTokenAuthenticateRequest);
|
||||
if (oauth2AccessTokenResponseResult.isError()) { // TODO 有一个问题点,假设 token 认证失败,但是该 url 是无需认证的,是不是一样能够执行过去?
|
||||
throw ServiceExceptionUtil.exception(oauth2AccessTokenResponseResult);
|
||||
CommonResult<OAuth2AccessTokenResponse> oauth2AccessTokenResult = oauth2RPC.authenticate(oauth2AccessTokenAuthenticateRequest);
|
||||
if (oauth2AccessTokenResult.isError()) { // TODO 有一个问题点,假设 token 认证失败,但是该 url 是无需认证的,是不是一样能够执行过去?
|
||||
throw ServiceExceptionUtil.exception(oauth2AccessTokenResult);
|
||||
}
|
||||
// 设置账号编号
|
||||
Integer accountId = oauth2AccessTokenResponseResult.getData().getAccountId();
|
||||
Integer accountId = oauth2AccessTokenResult.getData().getAccountId();
|
||||
CommonWebUtil.setAccountId(request, accountId);
|
||||
return accountId;
|
||||
}
|
||||
@@ -96,7 +100,12 @@ public class AccountAuthInterceptor extends HandlerInterceptorAdapter {
|
||||
return;
|
||||
}
|
||||
// 权限验证
|
||||
|
||||
AuthorizationCheckPermissionsRequest authorizationCheckPermissionsRequest = new AuthorizationCheckPermissionsRequest()
|
||||
.setAccountId(accountId).setPermissions(Arrays.asList(permissions));
|
||||
CommonResult<Boolean> authorizationCheckPermissionsResult = authorizationRPC.checkPermissions(authorizationCheckPermissionsRequest);
|
||||
if (authorizationCheckPermissionsResult.isError()) { // TODO 有一个问题点,假设 token 认证失败,但是该 url 是无需认证的,是不是一样能够执行过去?
|
||||
throw ServiceExceptionUtil.exception(authorizationCheckPermissionsResult);
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -0,0 +1,30 @@
|
||||
package cn.iocoder.mall.security.core.interceptor;
|
||||
|
||||
import cn.iocoder.common.framework.util.ServiceExceptionUtil;
|
||||
import cn.iocoder.mall.security.core.context.AdminSecurityContextHolder;
|
||||
import cn.iocoder.mall.system.biz.enums.SystemErrorCodeEnum;
|
||||
import org.springframework.http.HttpMethod;
|
||||
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.util.Objects;
|
||||
|
||||
/**
|
||||
* Admin 演示拦截器
|
||||
*
|
||||
* 这是个比较“奇怪”的拦截器,用于演示的管理员账号,禁止使用 POST 请求,从而实现即达到阉割版的演示的效果,又避免影响了数据
|
||||
*/
|
||||
public class AdminDemoInterceptor extends HandlerInterceptorAdapter {
|
||||
|
||||
@Override
|
||||
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
|
||||
// 当 Admin 编号等于 0 时,约定为演示账号
|
||||
if (Objects.equals(AdminSecurityContextHolder.getContext().getAdminId(), 0)
|
||||
&& request.getMethod().equalsIgnoreCase(HttpMethod.POST.toString())) {
|
||||
throw ServiceExceptionUtil.exception(SystemErrorCodeEnum.AUTHORIZATION_DEMO_PERMISSION_DENY.getCode());
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
}
|
||||
@@ -1,5 +1,12 @@
|
||||
package cn.iocoder.mall.security.core.interceptor;
|
||||
|
||||
import cn.iocoder.common.framework.util.ServiceExceptionUtil;
|
||||
import cn.iocoder.common.framework.vo.CommonResult;
|
||||
import cn.iocoder.mall.security.core.context.AdminSecurityContext;
|
||||
import cn.iocoder.mall.security.core.context.AdminSecurityContextHolder;
|
||||
import cn.iocoder.mall.system.rpc.api.admin.AdminRPC;
|
||||
import cn.iocoder.mall.system.rpc.response.admin.AdminResponse;
|
||||
import org.apache.dubbo.config.annotation.Reference;
|
||||
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
@@ -7,16 +14,30 @@ import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
public class AdminSecurityInterceptor extends HandlerInterceptorAdapter {
|
||||
|
||||
@Override
|
||||
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
|
||||
// 获得 Admin 信息
|
||||
@Reference(validation = "true", version = "${dubbo.consumer.AdminRPC.version}")
|
||||
private AdminRPC adminRPC;
|
||||
|
||||
@Override
|
||||
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
|
||||
Integer accountId = AdminSecurityContextHolder.getContext().getAdminId();
|
||||
if (accountId != null) {
|
||||
// 获得 Admin 信息
|
||||
CommonResult<AdminResponse> adminResult = adminRPC.getAdminByAccountId(accountId);
|
||||
if (adminResult.isError()) {
|
||||
throw ServiceExceptionUtil.exception(adminResult);
|
||||
}
|
||||
// 设置到 SecurityContext 中
|
||||
AdminResponse adminResponse = adminResult.getData();
|
||||
AdminSecurityContext context = new AdminSecurityContext().setAdminId(adminResponse.getId());
|
||||
AdminSecurityContextHolder.setContext(context);
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
|
||||
|
||||
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) {
|
||||
// 清空 SecurityContext
|
||||
AdminSecurityContextHolder.clear();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -1,5 +1,13 @@
|
||||
package cn.iocoder.mall.security.core.interceptor;
|
||||
|
||||
import cn.iocoder.common.framework.util.ServiceExceptionUtil;
|
||||
import cn.iocoder.common.framework.vo.CommonResult;
|
||||
import cn.iocoder.mall.security.core.context.AdminSecurityContextHolder;
|
||||
import cn.iocoder.mall.security.core.context.UserSecurityContext;
|
||||
import cn.iocoder.mall.security.core.context.UserSecurityContextHolder;
|
||||
import cn.iocoder.mall.system.rpc.api.user.UserRPC;
|
||||
import cn.iocoder.mall.system.rpc.response.user.UserResponse;
|
||||
import org.apache.dubbo.config.annotation.Reference;
|
||||
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
@@ -7,15 +15,30 @@ import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
public class UserSecurityInterceptor extends HandlerInterceptorAdapter {
|
||||
|
||||
@Reference(validation = "true", version = "${dubbo.consumer.UserRPC.version}")
|
||||
private UserRPC userRPC;
|
||||
|
||||
@Override
|
||||
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
|
||||
// 获得用户信息
|
||||
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
|
||||
Integer accountId = AdminSecurityContextHolder.getContext().getAdminId();
|
||||
if (accountId != null) {
|
||||
// 获得 Admin 信息
|
||||
CommonResult<UserResponse> userResult = userRPC.getUserByAccountId(accountId);
|
||||
if (userResult.isError()) {
|
||||
throw ServiceExceptionUtil.exception(userResult);
|
||||
}
|
||||
// 设置到 SecurityContext 中
|
||||
UserResponse userResponse = userResult.getData();
|
||||
UserSecurityContext context = new UserSecurityContext().setUserId(userResponse.getId());
|
||||
UserSecurityContextHolder.setContext(context);
|
||||
}
|
||||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
|
||||
super.afterCompletion(request, response, handler, ex);
|
||||
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) {
|
||||
// 清空 SecurityContext
|
||||
UserSecurityContextHolder.clear();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@@ -1 +0,0 @@
|
||||
package cn.iocoder.mall.security.core;
|
||||
Reference in New Issue
Block a user