完善管理员认证、鉴权拦截器
This commit is contained in:
parent
09004dc000
commit
5a73061e73
@ -80,12 +80,21 @@
|
|||||||
<version>${org.mapstruct.version}</version>
|
<version>${org.mapstruct.version}</version>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
|
||||||
|
<dependency>
|
||||||
|
<groupId>cn.iocoder.mall</groupId>
|
||||||
|
<artifactId>admin-sdk</artifactId>
|
||||||
|
<version>1.0-SNAPSHOT</version>
|
||||||
|
<scope>compile</scope>
|
||||||
|
</dependency>
|
||||||
|
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.springframework.boot</groupId>
|
<groupId>org.springframework.boot</groupId>
|
||||||
<artifactId>spring-boot-devtools</artifactId>
|
<artifactId>spring-boot-devtools</artifactId>
|
||||||
<optional>true</optional>
|
<optional>true</optional>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
</dependencies>
|
</dependencies>
|
||||||
|
|
||||||
<build>
|
<build>
|
||||||
|
@ -1,23 +1,33 @@
|
|||||||
package cn.iocoder.mall.admin.config;
|
package cn.iocoder.mall.admin.config;
|
||||||
|
|
||||||
|
import cn.iocoder.common.framework.config.GlobalExceptionHandler;
|
||||||
|
import cn.iocoder.mall.admin.sdk.interceptor.AdminSecurityInterceptor;
|
||||||
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
|
import org.springframework.context.annotation.Import;
|
||||||
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
|
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
|
||||||
|
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
|
||||||
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
|
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
|
||||||
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
|
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
|
||||||
|
|
||||||
@EnableWebMvc
|
@EnableWebMvc
|
||||||
@Configuration
|
@Configuration
|
||||||
//@Import(value = {GlobalExceptionHandler.class, // 统一全局返回
|
@Import(value = {GlobalExceptionHandler.class, // 统一全局返回
|
||||||
// ) // TODO 安全拦截器,实现认证和授权功能。
|
AdminSecurityInterceptor.class})
|
||||||
public class MVCConfiguration implements WebMvcConfigurer {
|
public class MVCConfiguration implements WebMvcConfigurer {
|
||||||
|
|
||||||
// @Autowired
|
// @Autowired
|
||||||
// private UserSecurityInterceptor securityInterceptor;
|
// private UserSecurityInterceptor securityInterceptor;
|
||||||
|
|
||||||
|
@Autowired
|
||||||
|
private AdminSecurityInterceptor adminSecurityInterceptor;
|
||||||
//
|
//
|
||||||
// @Override
|
@Override
|
||||||
// public void addInterceptors(InterceptorRegistry registry) {
|
public void addInterceptors(InterceptorRegistry registry) {
|
||||||
// registry.addInterceptor(securityInterceptor).addPathPatterns("/user/**", "/admin/**"); // 只拦截我们定义的接口
|
// registry.addInterceptor(securityInterceptor).addPathPatterns("/user/**", "/admin/**"); // 只拦截我们定义的接口
|
||||||
// }
|
registry.addInterceptor(adminSecurityInterceptor).addPathPatterns("/admin/**")
|
||||||
|
.excludePathPatterns("/admin/passport/login"); // 排除登陆接口
|
||||||
|
}
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void addResourceHandlers(ResourceHandlerRegistry registry) {
|
public void addResourceHandlers(ResourceHandlerRegistry registry) {
|
||||||
|
@ -1,6 +1,8 @@
|
|||||||
package cn.iocoder.mall.admin.controller;
|
package cn.iocoder.mall.admin.controller;
|
||||||
|
|
||||||
|
import cn.iocoder.common.framework.vo.CommonResult;
|
||||||
import io.swagger.annotations.Api;
|
import io.swagger.annotations.Api;
|
||||||
|
import org.springframework.web.bind.annotation.GetMapping;
|
||||||
import org.springframework.web.bind.annotation.RequestMapping;
|
import org.springframework.web.bind.annotation.RequestMapping;
|
||||||
import org.springframework.web.bind.annotation.RestController;
|
import org.springframework.web.bind.annotation.RestController;
|
||||||
|
|
||||||
@ -9,6 +11,9 @@ import org.springframework.web.bind.annotation.RestController;
|
|||||||
@Api("管理员模块")
|
@Api("管理员模块")
|
||||||
public class AdminController {
|
public class AdminController {
|
||||||
|
|
||||||
|
@GetMapping("/info")
|
||||||
|
public CommonResult<Void> info() {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
@ -9,7 +9,8 @@
|
|||||||
</parent>
|
</parent>
|
||||||
<modelVersion>4.0.0</modelVersion>
|
<modelVersion>4.0.0</modelVersion>
|
||||||
|
|
||||||
<artifactId>application-sdk</artifactId>
|
<artifactId>admin-sdk</artifactId>
|
||||||
|
|
||||||
<dependencies>
|
<dependencies>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.springframework</groupId>
|
<groupId>org.springframework</groupId>
|
||||||
|
@ -17,7 +17,7 @@ public class AdminSecurityContextHolder {
|
|||||||
AdminSecurityContext ctx = securityContext.get();
|
AdminSecurityContext ctx = securityContext.get();
|
||||||
// 为空时,设置一个空的进去
|
// 为空时,设置一个空的进去
|
||||||
if (ctx == null) {
|
if (ctx == null) {
|
||||||
ctx = new AdminSecurityContext(null, roleIds);
|
ctx = new AdminSecurityContext(null, null);
|
||||||
securityContext.set(ctx);
|
securityContext.set(ctx);
|
||||||
}
|
}
|
||||||
return ctx;
|
return ctx;
|
||||||
|
@ -35,7 +35,7 @@ public class AdminSecurityInterceptor extends HandlerInterceptorAdapter {
|
|||||||
throw new ServiceException(result.getCode(), result.getMessage());
|
throw new ServiceException(result.getCode(), result.getMessage());
|
||||||
}
|
}
|
||||||
authentication = result.getData();
|
authentication = result.getData();
|
||||||
// 添加到 SecurityContext
|
// 添加到 AdminSecurityContext
|
||||||
AdminSecurityContext context = new AdminSecurityContext(authentication.getAdminId(), authentication.getRoleIds());
|
AdminSecurityContext context = new AdminSecurityContext(authentication.getAdminId(), authentication.getRoleIds());
|
||||||
AdminSecurityContextHolder.setContext(context);
|
AdminSecurityContextHolder.setContext(context);
|
||||||
}
|
}
|
||||||
|
@ -10,6 +10,7 @@ import org.mapstruct.Mappings;
|
|||||||
import org.mapstruct.factory.Mappers;
|
import org.mapstruct.factory.Mappers;
|
||||||
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
import java.util.stream.Collectors;
|
||||||
|
|
||||||
@Mapper
|
@Mapper
|
||||||
public interface OAuth2Convert {
|
public interface OAuth2Convert {
|
||||||
@ -26,10 +27,12 @@ public interface OAuth2Convert {
|
|||||||
.setExpiresIn(Math.max((int) ((oauth2AccessTokenDO.getExpiresTime().getTime() - System.currentTimeMillis()) / 1000), 0));
|
.setExpiresIn(Math.max((int) ((oauth2AccessTokenDO.getExpiresTime().getTime() - System.currentTimeMillis()) / 1000), 0));
|
||||||
}
|
}
|
||||||
|
|
||||||
@Mappings({
|
@Mappings({})
|
||||||
@Mapping(source = "oauth2AccessTokenDO.id", target = "accessToken"),
|
OAuth2AuthenticationBO convertToAuthentication(OAuth2AccessTokenDO oauth2AccessTokenDO);
|
||||||
@Mapping(source = "adminRoleDOs.roleId", target = "roleIds")
|
|
||||||
})
|
default OAuth2AuthenticationBO convertToAuthentication(OAuth2AccessTokenDO oauth2AccessTokenDO, List<AdminRoleDO> adminRoleDOs) {
|
||||||
OAuth2AuthenticationBO convertToAuthentication(OAuth2AccessTokenDO oauth2AccessTokenDO, List<AdminRoleDO> adminRoleDOs);
|
return convertToAuthentication(oauth2AccessTokenDO)
|
||||||
|
.setRoleIds(adminRoleDOs.stream().map(AdminRoleDO::getRoleId).collect(Collectors.toSet()));
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
@ -33,6 +33,15 @@ public class RoleDO {
|
|||||||
*/
|
*/
|
||||||
private Integer status;
|
private Integer status;
|
||||||
|
|
||||||
|
public Integer getId() {
|
||||||
|
return id;
|
||||||
|
}
|
||||||
|
|
||||||
|
public RoleDO setId(Integer id) {
|
||||||
|
this.id = id;
|
||||||
|
return this;
|
||||||
|
}
|
||||||
|
|
||||||
public String getName() {
|
public String getName() {
|
||||||
return name;
|
return name;
|
||||||
}
|
}
|
||||||
|
@ -16,7 +16,7 @@ public class RoleResourceDO {
|
|||||||
*/
|
*/
|
||||||
private Integer roleId;
|
private Integer roleId;
|
||||||
/**
|
/**
|
||||||
* 资源比那好(外键:{@link ResourceDO}
|
* 资源编号(外键:{@link ResourceDO}
|
||||||
*/
|
*/
|
||||||
private Integer resourceId;
|
private Integer resourceId;
|
||||||
/**
|
/**
|
||||||
|
@ -70,6 +70,7 @@ public class OAuth2ServiceImpl implements OAuth2Service {
|
|||||||
}
|
}
|
||||||
// 获得管理员拥有的角色
|
// 获得管理员拥有的角色
|
||||||
List<AdminRoleDO> adminRoleDOs = adminService.getAdminRoles(accessTokenDO.getAdminId());
|
List<AdminRoleDO> adminRoleDOs = adminService.getAdminRoles(accessTokenDO.getAdminId());
|
||||||
|
// TODO 芋艿,有个 bug ,要排除掉已经失效的角色
|
||||||
return CommonResult.success(OAuth2Convert.INSTANCE.convertToAuthentication(accessTokenDO, adminRoleDOs));
|
return CommonResult.success(OAuth2Convert.INSTANCE.convertToAuthentication(accessTokenDO, adminRoleDOs));
|
||||||
}
|
}
|
||||||
|
|
||||||
@ -81,11 +82,11 @@ public class OAuth2ServiceImpl implements OAuth2Service {
|
|||||||
}
|
}
|
||||||
// 校验权限
|
// 校验权限
|
||||||
List<RoleResourceDO> roleResourceDOs = roleService.getRoleByResourceHandler(url);
|
List<RoleResourceDO> roleResourceDOs = roleService.getRoleByResourceHandler(url);
|
||||||
if (roleResourceDOs.isEmpty()) { // 任何角色,都可以访问
|
if (roleResourceDOs.isEmpty()) { // 任何角色,都可以访问。TODO 后面调整下,如果未配置的资源,直接不校验权限
|
||||||
return CommonResult.success(true);
|
return CommonResult.success(true);
|
||||||
}
|
}
|
||||||
for (RoleResourceDO roleResourceDO : roleResourceDOs) {
|
for (RoleResourceDO roleResourceDO : roleResourceDOs) {
|
||||||
if (roleIds.contains(roleResourceDO.getId())) {
|
if (roleIds.contains(roleResourceDO.getRoleId())) {
|
||||||
return CommonResult.success(true);
|
return CommonResult.success(true);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -12,8 +12,8 @@
|
|||||||
|
|
||||||
<select id="selectByResourceHandler" parameterType="String" resultType="RoleResourceDO">
|
<select id="selectByResourceHandler" parameterType="String" resultType="RoleResourceDO">
|
||||||
SELECT
|
SELECT
|
||||||
rr.id, rr.role_id, rr.resouce_id
|
rr.id, rr.role_id, rr.resource_id
|
||||||
FROM resouce r, role_resource rr
|
FROM resource r, role_resource rr
|
||||||
WHERE r.handler = #{resourceHandler}
|
WHERE r.handler = #{resourceHandler}
|
||||||
AND r.id = rr.resource_id
|
AND r.id = rr.resource_id
|
||||||
</select>
|
</select>
|
||||||
|
Loading…
Reference in New Issue
Block a user