diff --git a/admin/admin-application/pom.xml b/admin/admin-application/pom.xml
index c316c806d..d5ce7fb04 100644
--- a/admin/admin-application/pom.xml
+++ b/admin/admin-application/pom.xml
@@ -80,12 +80,21 @@
${org.mapstruct.version}
+
+ cn.iocoder.mall
+ admin-sdk
+ 1.0-SNAPSHOT
+ compile
+
+
org.springframework.boot
spring-boot-devtools
true
+
+
diff --git a/admin/admin-application/src/main/java/cn/iocoder/mall/admin/config/MVCConfiguration.java b/admin/admin-application/src/main/java/cn/iocoder/mall/admin/config/MVCConfiguration.java
index 70d181d5d..1de4d78a9 100644
--- a/admin/admin-application/src/main/java/cn/iocoder/mall/admin/config/MVCConfiguration.java
+++ b/admin/admin-application/src/main/java/cn/iocoder/mall/admin/config/MVCConfiguration.java
@@ -1,23 +1,33 @@
package cn.iocoder.mall.admin.config;
+import cn.iocoder.common.framework.config.GlobalExceptionHandler;
+import cn.iocoder.mall.admin.sdk.interceptor.AdminSecurityInterceptor;
+import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Import;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@EnableWebMvc
@Configuration
-//@Import(value = {GlobalExceptionHandler.class, // 统一全局返回
-// ) // TODO 安全拦截器,实现认证和授权功能。
+@Import(value = {GlobalExceptionHandler.class, // 统一全局返回
+ AdminSecurityInterceptor.class})
public class MVCConfiguration implements WebMvcConfigurer {
// @Autowired
// private UserSecurityInterceptor securityInterceptor;
+
+ @Autowired
+ private AdminSecurityInterceptor adminSecurityInterceptor;
//
-// @Override
-// public void addInterceptors(InterceptorRegistry registry) {
+ @Override
+ public void addInterceptors(InterceptorRegistry registry) {
// registry.addInterceptor(securityInterceptor).addPathPatterns("/user/**", "/admin/**"); // 只拦截我们定义的接口
-// }
+ registry.addInterceptor(adminSecurityInterceptor).addPathPatterns("/admin/**")
+ .excludePathPatterns("/admin/passport/login"); // 排除登陆接口
+ }
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {
diff --git a/admin/admin-application/src/main/java/cn/iocoder/mall/admin/controller/AdminController.java b/admin/admin-application/src/main/java/cn/iocoder/mall/admin/controller/AdminController.java
index 33f556690..4e08f3f7c 100644
--- a/admin/admin-application/src/main/java/cn/iocoder/mall/admin/controller/AdminController.java
+++ b/admin/admin-application/src/main/java/cn/iocoder/mall/admin/controller/AdminController.java
@@ -1,6 +1,8 @@
package cn.iocoder.mall.admin.controller;
+import cn.iocoder.common.framework.vo.CommonResult;
import io.swagger.annotations.Api;
+import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@@ -9,6 +11,9 @@ import org.springframework.web.bind.annotation.RestController;
@Api("管理员模块")
public class AdminController {
-
+ @GetMapping("/info")
+ public CommonResult info() {
+ return null;
+ }
}
\ No newline at end of file
diff --git a/admin/admin-sdk/pom.xml b/admin/admin-sdk/pom.xml
index b83e37b75..16f78d67f 100644
--- a/admin/admin-sdk/pom.xml
+++ b/admin/admin-sdk/pom.xml
@@ -9,7 +9,8 @@
4.0.0
- application-sdk
+ admin-sdk
+
org.springframework
diff --git a/admin/admin-sdk/src/main/java/cn/iocoder/mall/admin/sdk/context/AdminSecurityContextHolder.java b/admin/admin-sdk/src/main/java/cn/iocoder/mall/admin/sdk/context/AdminSecurityContextHolder.java
index 9eca2c5bf..50419489c 100644
--- a/admin/admin-sdk/src/main/java/cn/iocoder/mall/admin/sdk/context/AdminSecurityContextHolder.java
+++ b/admin/admin-sdk/src/main/java/cn/iocoder/mall/admin/sdk/context/AdminSecurityContextHolder.java
@@ -17,7 +17,7 @@ public class AdminSecurityContextHolder {
AdminSecurityContext ctx = securityContext.get();
// 为空时,设置一个空的进去
if (ctx == null) {
- ctx = new AdminSecurityContext(null, roleIds);
+ ctx = new AdminSecurityContext(null, null);
securityContext.set(ctx);
}
return ctx;
diff --git a/admin/admin-sdk/src/main/java/cn/iocoder/mall/admin/sdk/interceptor/AdminSecurityInterceptor.java b/admin/admin-sdk/src/main/java/cn/iocoder/mall/admin/sdk/interceptor/AdminSecurityInterceptor.java
index 6ba914581..18a6fefb2 100644
--- a/admin/admin-sdk/src/main/java/cn/iocoder/mall/admin/sdk/interceptor/AdminSecurityInterceptor.java
+++ b/admin/admin-sdk/src/main/java/cn/iocoder/mall/admin/sdk/interceptor/AdminSecurityInterceptor.java
@@ -35,7 +35,7 @@ public class AdminSecurityInterceptor extends HandlerInterceptorAdapter {
throw new ServiceException(result.getCode(), result.getMessage());
}
authentication = result.getData();
- // 添加到 SecurityContext
+ // 添加到 AdminSecurityContext
AdminSecurityContext context = new AdminSecurityContext(authentication.getAdminId(), authentication.getRoleIds());
AdminSecurityContextHolder.setContext(context);
}
diff --git a/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/convert/OAuth2Convert.java b/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/convert/OAuth2Convert.java
index 57ccd8f8f..a58c8d271 100644
--- a/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/convert/OAuth2Convert.java
+++ b/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/convert/OAuth2Convert.java
@@ -10,6 +10,7 @@ import org.mapstruct.Mappings;
import org.mapstruct.factory.Mappers;
import java.util.List;
+import java.util.stream.Collectors;
@Mapper
public interface OAuth2Convert {
@@ -26,10 +27,12 @@ public interface OAuth2Convert {
.setExpiresIn(Math.max((int) ((oauth2AccessTokenDO.getExpiresTime().getTime() - System.currentTimeMillis()) / 1000), 0));
}
- @Mappings({
- @Mapping(source = "oauth2AccessTokenDO.id", target = "accessToken"),
- @Mapping(source = "adminRoleDOs.roleId", target = "roleIds")
- })
- OAuth2AuthenticationBO convertToAuthentication(OAuth2AccessTokenDO oauth2AccessTokenDO, List adminRoleDOs);
+ @Mappings({})
+ OAuth2AuthenticationBO convertToAuthentication(OAuth2AccessTokenDO oauth2AccessTokenDO);
+
+ default OAuth2AuthenticationBO convertToAuthentication(OAuth2AccessTokenDO oauth2AccessTokenDO, List adminRoleDOs) {
+ return convertToAuthentication(oauth2AccessTokenDO)
+ .setRoleIds(adminRoleDOs.stream().map(AdminRoleDO::getRoleId).collect(Collectors.toSet()));
+ }
}
\ No newline at end of file
diff --git a/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/dataobject/RoleDO.java b/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/dataobject/RoleDO.java
index e5e34b4c7..fdc9ffc26 100644
--- a/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/dataobject/RoleDO.java
+++ b/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/dataobject/RoleDO.java
@@ -33,6 +33,15 @@ public class RoleDO {
*/
private Integer status;
+ public Integer getId() {
+ return id;
+ }
+
+ public RoleDO setId(Integer id) {
+ this.id = id;
+ return this;
+ }
+
public String getName() {
return name;
}
diff --git a/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/dataobject/RoleResourceDO.java b/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/dataobject/RoleResourceDO.java
index 79ed702da..d8795b96a 100644
--- a/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/dataobject/RoleResourceDO.java
+++ b/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/dataobject/RoleResourceDO.java
@@ -16,7 +16,7 @@ public class RoleResourceDO {
*/
private Integer roleId;
/**
- * 资源比那好(外键:{@link ResourceDO}
+ * 资源编号(外键:{@link ResourceDO}
*/
private Integer resourceId;
/**
diff --git a/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/service/OAuth2ServiceImpl.java b/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/service/OAuth2ServiceImpl.java
index 22e173568..27734f4fa 100644
--- a/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/service/OAuth2ServiceImpl.java
+++ b/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/service/OAuth2ServiceImpl.java
@@ -70,6 +70,7 @@ public class OAuth2ServiceImpl implements OAuth2Service {
}
// 获得管理员拥有的角色
List adminRoleDOs = adminService.getAdminRoles(accessTokenDO.getAdminId());
+ // TODO 芋艿,有个 bug ,要排除掉已经失效的角色
return CommonResult.success(OAuth2Convert.INSTANCE.convertToAuthentication(accessTokenDO, adminRoleDOs));
}
@@ -81,11 +82,11 @@ public class OAuth2ServiceImpl implements OAuth2Service {
}
// 校验权限
List roleResourceDOs = roleService.getRoleByResourceHandler(url);
- if (roleResourceDOs.isEmpty()) { // 任何角色,都可以访问
+ if (roleResourceDOs.isEmpty()) { // 任何角色,都可以访问。TODO 后面调整下,如果未配置的资源,直接不校验权限
return CommonResult.success(true);
}
for (RoleResourceDO roleResourceDO : roleResourceDOs) {
- if (roleIds.contains(roleResourceDO.getId())) {
+ if (roleIds.contains(roleResourceDO.getRoleId())) {
return CommonResult.success(true);
}
}
diff --git a/admin/admin-service-impl/src/main/resources/mapper/RoleResourceMapper.xml b/admin/admin-service-impl/src/main/resources/mapper/RoleResourceMapper.xml
index d3d57df15..b351fccff 100644
--- a/admin/admin-service-impl/src/main/resources/mapper/RoleResourceMapper.xml
+++ b/admin/admin-service-impl/src/main/resources/mapper/RoleResourceMapper.xml
@@ -12,8 +12,8 @@