完善管理员认证、鉴权拦截器

This commit is contained in:
YunaiV 2019-02-27 01:19:38 +08:00
parent 09004dc000
commit 5a73061e73
11 changed files with 57 additions and 19 deletions

View File

@ -80,12 +80,21 @@
<version>${org.mapstruct.version}</version>
</dependency>
<dependency>
<groupId>cn.iocoder.mall</groupId>
<artifactId>admin-sdk</artifactId>
<version>1.0-SNAPSHOT</version>
<scope>compile</scope>
</dependency>
<dependency>
<groupId>org.springframework.boot</groupId>
<artifactId>spring-boot-devtools</artifactId>
<optional>true</optional>
</dependency>
</dependencies>
<build>

View File

@ -1,23 +1,33 @@
package cn.iocoder.mall.admin.config;
import cn.iocoder.common.framework.config.GlobalExceptionHandler;
import cn.iocoder.mall.admin.sdk.interceptor.AdminSecurityInterceptor;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Import;
import org.springframework.web.servlet.config.annotation.EnableWebMvc;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@EnableWebMvc
@Configuration
//@Import(value = {GlobalExceptionHandler.class, // 统一全局返回
// ) // TODO 安全拦截器实现认证和授权功能
@Import(value = {GlobalExceptionHandler.class, // 统一全局返回
AdminSecurityInterceptor.class})
public class MVCConfiguration implements WebMvcConfigurer {
// @Autowired
// private UserSecurityInterceptor securityInterceptor;
@Autowired
private AdminSecurityInterceptor adminSecurityInterceptor;
//
// @Override
// public void addInterceptors(InterceptorRegistry registry) {
@Override
public void addInterceptors(InterceptorRegistry registry) {
// registry.addInterceptor(securityInterceptor).addPathPatterns("/user/**", "/admin/**"); // 只拦截我们定义的接口
// }
registry.addInterceptor(adminSecurityInterceptor).addPathPatterns("/admin/**")
.excludePathPatterns("/admin/passport/login"); // 排除登陆接口
}
@Override
public void addResourceHandlers(ResourceHandlerRegistry registry) {

View File

@ -1,6 +1,8 @@
package cn.iocoder.mall.admin.controller;
import cn.iocoder.common.framework.vo.CommonResult;
import io.swagger.annotations.Api;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
@ -9,6 +11,9 @@ import org.springframework.web.bind.annotation.RestController;
@Api("管理员模块")
public class AdminController {
@GetMapping("/info")
public CommonResult<Void> info() {
return null;
}
}

View File

@ -9,7 +9,8 @@
</parent>
<modelVersion>4.0.0</modelVersion>
<artifactId>application-sdk</artifactId>
<artifactId>admin-sdk</artifactId>
<dependencies>
<dependency>
<groupId>org.springframework</groupId>

View File

@ -17,7 +17,7 @@ public class AdminSecurityContextHolder {
AdminSecurityContext ctx = securityContext.get();
// 为空时设置一个空的进去
if (ctx == null) {
ctx = new AdminSecurityContext(null, roleIds);
ctx = new AdminSecurityContext(null, null);
securityContext.set(ctx);
}
return ctx;

View File

@ -35,7 +35,7 @@ public class AdminSecurityInterceptor extends HandlerInterceptorAdapter {
throw new ServiceException(result.getCode(), result.getMessage());
}
authentication = result.getData();
// 添加到 SecurityContext
// 添加到 AdminSecurityContext
AdminSecurityContext context = new AdminSecurityContext(authentication.getAdminId(), authentication.getRoleIds());
AdminSecurityContextHolder.setContext(context);
}

View File

@ -10,6 +10,7 @@ import org.mapstruct.Mappings;
import org.mapstruct.factory.Mappers;
import java.util.List;
import java.util.stream.Collectors;
@Mapper
public interface OAuth2Convert {
@ -26,10 +27,12 @@ public interface OAuth2Convert {
.setExpiresIn(Math.max((int) ((oauth2AccessTokenDO.getExpiresTime().getTime() - System.currentTimeMillis()) / 1000), 0));
}
@Mappings({
@Mapping(source = "oauth2AccessTokenDO.id", target = "accessToken"),
@Mapping(source = "adminRoleDOs.roleId", target = "roleIds")
})
OAuth2AuthenticationBO convertToAuthentication(OAuth2AccessTokenDO oauth2AccessTokenDO, List<AdminRoleDO> adminRoleDOs);
@Mappings({})
OAuth2AuthenticationBO convertToAuthentication(OAuth2AccessTokenDO oauth2AccessTokenDO);
default OAuth2AuthenticationBO convertToAuthentication(OAuth2AccessTokenDO oauth2AccessTokenDO, List<AdminRoleDO> adminRoleDOs) {
return convertToAuthentication(oauth2AccessTokenDO)
.setRoleIds(adminRoleDOs.stream().map(AdminRoleDO::getRoleId).collect(Collectors.toSet()));
}
}

View File

@ -33,6 +33,15 @@ public class RoleDO {
*/
private Integer status;
public Integer getId() {
return id;
}
public RoleDO setId(Integer id) {
this.id = id;
return this;
}
public String getName() {
return name;
}

View File

@ -16,7 +16,7 @@ public class RoleResourceDO {
*/
private Integer roleId;
/**
* 资源比那好(外键{@link ResourceDO}
* 资源编号(外键{@link ResourceDO}
*/
private Integer resourceId;
/**

View File

@ -70,6 +70,7 @@ public class OAuth2ServiceImpl implements OAuth2Service {
}
// 获得管理员拥有的角色
List<AdminRoleDO> adminRoleDOs = adminService.getAdminRoles(accessTokenDO.getAdminId());
// TODO 芋艿有个 bug 要排除掉已经失效的角色
return CommonResult.success(OAuth2Convert.INSTANCE.convertToAuthentication(accessTokenDO, adminRoleDOs));
}
@ -81,11 +82,11 @@ public class OAuth2ServiceImpl implements OAuth2Service {
}
// 校验权限
List<RoleResourceDO> roleResourceDOs = roleService.getRoleByResourceHandler(url);
if (roleResourceDOs.isEmpty()) { // 任何角色都可以访问
if (roleResourceDOs.isEmpty()) { // 任何角色都可以访问TODO 后面调整下如果未配置的资源直接不校验权限
return CommonResult.success(true);
}
for (RoleResourceDO roleResourceDO : roleResourceDOs) {
if (roleIds.contains(roleResourceDO.getId())) {
if (roleIds.contains(roleResourceDO.getRoleId())) {
return CommonResult.success(true);
}
}

View File

@ -12,8 +12,8 @@
<select id="selectByResourceHandler" parameterType="String" resultType="RoleResourceDO">
SELECT
rr.id, rr.role_id, rr.resouce_id
FROM resouce r, role_resource rr
rr.id, rr.role_id, rr.resource_id
FROM resource r, role_resource rr
WHERE r.handler = #{resourceHandler}
AND r.id = rr.resource_id
</select>