增加 auth 认证拦截器(未完全)
This commit is contained in:
parent
eec8f0860e
commit
6f37500f62
@ -17,7 +17,6 @@
|
|||||||
<groupId>cn.iocoder.mall</groupId>
|
<groupId>cn.iocoder.mall</groupId>
|
||||||
<artifactId>system-rpc-api</artifactId>
|
<artifactId>system-rpc-api</artifactId>
|
||||||
<version>1.0-SNAPSHOT</version>
|
<version>1.0-SNAPSHOT</version>
|
||||||
<optional>true</optional>
|
|
||||||
</dependency>
|
</dependency>
|
||||||
|
|
||||||
<!-- Spring 核心 -->
|
<!-- Spring 核心 -->
|
||||||
@ -38,7 +37,6 @@
|
|||||||
<dependency>
|
<dependency>
|
||||||
<groupId>org.apache.dubbo</groupId>
|
<groupId>org.apache.dubbo</groupId>
|
||||||
<artifactId>dubbo</artifactId>
|
<artifactId>dubbo</artifactId>
|
||||||
<optional>true</optional>
|
|
||||||
</dependency>
|
</dependency>
|
||||||
</dependencies>
|
</dependencies>
|
||||||
|
|
||||||
|
@ -1,16 +1,38 @@
|
|||||||
package cn.iocoder.mall.security.config;
|
package cn.iocoder.mall.security.config;
|
||||||
|
|
||||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
|
import cn.iocoder.mall.security.core.interceptor.AccountAuthInterceptor;
|
||||||
|
import cn.iocoder.mall.web.config.CommonWebAutoConfiguration;
|
||||||
|
import cn.iocoder.mall.web.core.constant.CommonMallConstants;
|
||||||
|
import org.slf4j.Logger;
|
||||||
|
import org.slf4j.LoggerFactory;
|
||||||
|
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
|
||||||
|
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
|
||||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
|
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
|
||||||
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
|
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
|
||||||
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
|
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
|
||||||
|
|
||||||
@Configuration
|
@Configuration
|
||||||
|
@AutoConfigureAfter(CommonWebAutoConfiguration.class) // 在 CommonWebAutoConfiguration 之后自动配置,保证过滤器的顺序
|
||||||
@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
|
@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
|
||||||
@ConditionalOnClass(name = {"cn.iocoder.mall.system.rpc.api.systemlog.SystemLogRPC", "org.apache.dubbo.config.annotation.Reference"})
|
|
||||||
public class CommonSecurityAutoConfiguration implements WebMvcConfigurer {
|
public class CommonSecurityAutoConfiguration implements WebMvcConfigurer {
|
||||||
|
|
||||||
// ========== 拦截器相关 ==========
|
private Logger logger = LoggerFactory.getLogger(getClass());
|
||||||
|
|
||||||
|
// ========== 拦截器相关 ==========
|
||||||
|
@Bean
|
||||||
|
@ConditionalOnMissingBean(AccountAuthInterceptor.class)
|
||||||
|
public AccountAuthInterceptor accountAuthInterceptor() {
|
||||||
|
return new AccountAuthInterceptor();
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public void addInterceptors(InterceptorRegistry registry) {
|
||||||
|
// AccountAuthInterceptor 拦截器
|
||||||
|
registry.addInterceptor(this.accountAuthInterceptor())
|
||||||
|
.addPathPatterns(CommonMallConstants.ROOT_PATH_ADMIN + "/**", CommonMallConstants.ROOT_PATH_USER + "/**");
|
||||||
|
logger.info("[addInterceptors][加载 AccountAuthInterceptor 拦截器完成]");
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -0,0 +1,16 @@
|
|||||||
|
package cn.iocoder.mall.security.core.annotation;
|
||||||
|
|
||||||
|
import java.lang.annotation.*;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 要求用户登录注解。通过将该注解添加到 Controller 上,会自动校验用户是否登陆。
|
||||||
|
*
|
||||||
|
* 默认请求下,用户访问的 API 接口,无需登陆。主要的考虑是,
|
||||||
|
* 1. 需要用户登陆的接口,本身会获取在线用户的编号。如果不添加 @RequiresLogin 注解就会报错。
|
||||||
|
* 2. 大多数情况下,用户的 API 接口无需登陆。
|
||||||
|
*/
|
||||||
|
@Documented
|
||||||
|
@Target({ElementType.METHOD}) // 暂时不支持 ElementType.TYPE ,因为没有场景
|
||||||
|
@Retention(RetentionPolicy.RUNTIME)
|
||||||
|
public @interface RequiresLogin {
|
||||||
|
}
|
@ -0,0 +1,22 @@
|
|||||||
|
package cn.iocoder.mall.security.core.annotation;
|
||||||
|
|
||||||
|
import java.lang.annotation.*;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 参考 Shiro @RequiresPermissions 设计 http://shiro.apache.org/static/1.3.2/apidocs/org/apache/shiro/authz/annotation/RequiresPermissions.html
|
||||||
|
*
|
||||||
|
* 通过将该注解添加到 Controller 的方法上,进行授权鉴定
|
||||||
|
*/
|
||||||
|
@Documented
|
||||||
|
@Target({ElementType.METHOD}) // 暂时不支持 ElementType.TYPE ,因为没有场景
|
||||||
|
@Retention(RetentionPolicy.RUNTIME)
|
||||||
|
public @interface RequiresPermissions {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 当有多个标识时,必须全部拥有权限,才可以操作
|
||||||
|
*
|
||||||
|
* @return 权限标识数组
|
||||||
|
*/
|
||||||
|
String[] value();
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,28 @@
|
|||||||
|
package cn.iocoder.mall.security.core.context;
|
||||||
|
|
||||||
|
import lombok.Data;
|
||||||
|
import lombok.experimental.Accessors;
|
||||||
|
|
||||||
|
import java.util.Set;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* Security 上下文
|
||||||
|
*/
|
||||||
|
@Data
|
||||||
|
@Accessors(chain = true)
|
||||||
|
public class AdminSecurityContext {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 管理员编号
|
||||||
|
*/
|
||||||
|
private Integer adminId;
|
||||||
|
/**
|
||||||
|
* 管理员账号
|
||||||
|
*/
|
||||||
|
private String username;
|
||||||
|
/**
|
||||||
|
* 拥有的角色编号
|
||||||
|
*/
|
||||||
|
private Set<Integer> roleIds;
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,30 @@
|
|||||||
|
package cn.iocoder.mall.security.core.context;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* {@link AdminSecurityContext} Holder
|
||||||
|
*
|
||||||
|
* 参考 spring security 的 ThreadLocalSecurityContextHolderStrategy 类,简单实现。
|
||||||
|
*/
|
||||||
|
public class AdminSecurityContextHolder {
|
||||||
|
|
||||||
|
private static final ThreadLocal<AdminSecurityContext> SECURITY_CONTEXT = new ThreadLocal<>();
|
||||||
|
|
||||||
|
public static void setContext(AdminSecurityContext context) {
|
||||||
|
SECURITY_CONTEXT.set(context);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static AdminSecurityContext getContext() {
|
||||||
|
AdminSecurityContext ctx = SECURITY_CONTEXT.get();
|
||||||
|
// 为空时,设置一个空的进去
|
||||||
|
if (ctx == null) {
|
||||||
|
ctx = new AdminSecurityContext();
|
||||||
|
SECURITY_CONTEXT.set(ctx);
|
||||||
|
}
|
||||||
|
return ctx;
|
||||||
|
}
|
||||||
|
|
||||||
|
public static void clear() {
|
||||||
|
SECURITY_CONTEXT.remove();
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,18 @@
|
|||||||
|
package cn.iocoder.mall.security.core.context;
|
||||||
|
|
||||||
|
import lombok.Data;
|
||||||
|
import lombok.experimental.Accessors;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* User Security 上下文
|
||||||
|
*/
|
||||||
|
@Data
|
||||||
|
@Accessors(chain = true)
|
||||||
|
public class UserSecurityContext {
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 用户编号
|
||||||
|
*/
|
||||||
|
private Integer userId;
|
||||||
|
|
||||||
|
}
|
@ -0,0 +1,30 @@
|
|||||||
|
package cn.iocoder.mall.security.core.context;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* {@link UserSecurityContext} Holder
|
||||||
|
*
|
||||||
|
* 参考 spring security 的 ThreadLocalSecurityContextHolderStrategy 类,简单实现。
|
||||||
|
*/
|
||||||
|
public class UserSecurityContextHolder {
|
||||||
|
|
||||||
|
private static final ThreadLocal<UserSecurityContext> SECURITY_CONTEXT = new ThreadLocal<UserSecurityContext>();
|
||||||
|
|
||||||
|
public static void setContext(UserSecurityContext context) {
|
||||||
|
SECURITY_CONTEXT.set(context);
|
||||||
|
}
|
||||||
|
|
||||||
|
public static UserSecurityContext getContext() {
|
||||||
|
UserSecurityContext ctx = SECURITY_CONTEXT.get();
|
||||||
|
// 为空时,设置一个空的进去
|
||||||
|
if (ctx == null) {
|
||||||
|
ctx = new UserSecurityContext();
|
||||||
|
SECURITY_CONTEXT.set(ctx);
|
||||||
|
}
|
||||||
|
return ctx;
|
||||||
|
}
|
||||||
|
|
||||||
|
public static void clear() {
|
||||||
|
SECURITY_CONTEXT.remove();
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
@ -1,4 +1,4 @@
|
|||||||
package cn.iocoder.mall.security.core.account;
|
package cn.iocoder.mall.security.core.interceptor;
|
||||||
|
|
||||||
import cn.iocoder.common.framework.util.HttpUtil;
|
import cn.iocoder.common.framework.util.HttpUtil;
|
||||||
import cn.iocoder.common.framework.util.ServiceExceptionUtil;
|
import cn.iocoder.common.framework.util.ServiceExceptionUtil;
|
||||||
@ -10,6 +10,7 @@ import cn.iocoder.mall.web.core.util.CommonWebUtil;
|
|||||||
import org.apache.dubbo.config.annotation.Reference;
|
import org.apache.dubbo.config.annotation.Reference;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
|
import org.springframework.util.StringUtils;
|
||||||
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
|
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
@ -24,8 +25,12 @@ public class AccountAuthInterceptor extends HandlerInterceptorAdapter {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
|
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
|
||||||
// 执行认证
|
// 获得访问令牌
|
||||||
String accessToken = HttpUtil.obtainAuthorization(request);
|
String accessToken = HttpUtil.obtainAuthorization(request);
|
||||||
|
if (StringUtils.hasText(accessToken)) { // 如果未传递,则不进行认证
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
// 执行认证
|
||||||
OAuth2AccessTokenAuthenticateRequest oauth2AccessTokenAuthenticateRequest = new OAuth2AccessTokenAuthenticateRequest()
|
OAuth2AccessTokenAuthenticateRequest oauth2AccessTokenAuthenticateRequest = new OAuth2AccessTokenAuthenticateRequest()
|
||||||
.setAccessToken(accessToken).setIp(HttpUtil.getIp(request));
|
.setAccessToken(accessToken).setIp(HttpUtil.getIp(request));
|
||||||
CommonResult<OAuth2AccessTokenResponse> oauth2AccessTokenResponseResult = oauth2RPC.authenticate(oauth2AccessTokenAuthenticateRequest);
|
CommonResult<OAuth2AccessTokenResponse> oauth2AccessTokenResponseResult = oauth2RPC.authenticate(oauth2AccessTokenAuthenticateRequest);
|
@ -0,0 +1,2 @@
|
|||||||
|
org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
|
||||||
|
cn.iocoder.mall.security.config.CommonSecurityAutoConfiguration
|
@ -1,5 +1,6 @@
|
|||||||
package cn.iocoder.mall.web.config;
|
package cn.iocoder.mall.web.config;
|
||||||
|
|
||||||
|
import cn.iocoder.common.framework.servlet.CorsFilter;
|
||||||
import cn.iocoder.mall.web.core.constant.CommonMallConstants;
|
import cn.iocoder.mall.web.core.constant.CommonMallConstants;
|
||||||
import cn.iocoder.mall.web.core.handler.GlobalExceptionHandler;
|
import cn.iocoder.mall.web.core.handler.GlobalExceptionHandler;
|
||||||
import cn.iocoder.mall.web.core.handler.GlobalResponseBodyHandler;
|
import cn.iocoder.mall.web.core.handler.GlobalResponseBodyHandler;
|
||||||
@ -10,6 +11,7 @@ import org.springframework.beans.factory.NoSuchBeanDefinitionException;
|
|||||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
|
import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
|
||||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
|
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
|
||||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
|
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
|
||||||
|
import org.springframework.boot.web.servlet.FilterRegistrationBean;
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
|
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
|
||||||
@ -47,14 +49,23 @@ public class CommonWebAutoConfiguration implements WebMvcConfigurer {
|
|||||||
@Override
|
@Override
|
||||||
public void addInterceptors(InterceptorRegistry registry) {
|
public void addInterceptors(InterceptorRegistry registry) {
|
||||||
try {
|
try {
|
||||||
AccessLogInterceptor accessLogInterceptor = this.accessLogInterceptor();
|
registry.addInterceptor(this.accessLogInterceptor())
|
||||||
if (accessLogInterceptor != null) {
|
.addPathPatterns(CommonMallConstants.ROOT_PATH_ADMIN + "/**", CommonMallConstants.ROOT_PATH_USER + "/**");
|
||||||
registry.addInterceptor(accessLogInterceptor)
|
logger.info("[addInterceptors][加载 AccessLogInterceptor 拦截器完成]");
|
||||||
.addPathPatterns(CommonMallConstants.ROOT_PATH_ADMIN + "/**", CommonMallConstants.ROOT_PATH_USER + "/**");
|
|
||||||
}
|
|
||||||
} catch (NoSuchBeanDefinitionException e) {
|
} catch (NoSuchBeanDefinitionException e) {
|
||||||
logger.warn("[addInterceptors][无法获取 AccessLogInterceptor 拦截器,因此不启动 AccessLog 的记录]");
|
logger.warn("[addInterceptors][无法获取 AccessLogInterceptor 拦截器,因此不启动 AccessLog 的记录]");
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// ========== 过滤器相关 ==========
|
||||||
|
|
||||||
|
@Bean
|
||||||
|
@ConditionalOnMissingBean
|
||||||
|
public FilterRegistrationBean<CorsFilter> corsFilter() {
|
||||||
|
FilterRegistrationBean<CorsFilter> registrationBean = new FilterRegistrationBean<>();
|
||||||
|
registrationBean.setFilter(new CorsFilter());
|
||||||
|
registrationBean.addUrlPatterns("/*");
|
||||||
|
return registrationBean;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -53,13 +53,6 @@ public class UserMVCAutoConfiguration implements WebMvcConfigurer {
|
|||||||
registry.addInterceptor(userSecurityInterceptor()).addPathPatterns(MallConstants.ROOT_PATH_USER + "/**");
|
registry.addInterceptor(userSecurityInterceptor()).addPathPatterns(MallConstants.ROOT_PATH_USER + "/**");
|
||||||
}
|
}
|
||||||
|
|
||||||
@Bean
|
|
||||||
@ConditionalOnMissingBean
|
|
||||||
public FilterRegistrationBean<CorsFilter> corsFilter() {
|
|
||||||
FilterRegistrationBean<CorsFilter> registrationBean = new FilterRegistrationBean<>();
|
|
||||||
registrationBean.setFilter(new CorsFilter());
|
|
||||||
registrationBean.addUrlPatterns("/*");
|
|
||||||
return registrationBean;
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -26,6 +26,11 @@
|
|||||||
<artifactId>mall-spring-boot-starter-web</artifactId>
|
<artifactId>mall-spring-boot-starter-web</artifactId>
|
||||||
<version>1.0-SNAPSHOT</version>
|
<version>1.0-SNAPSHOT</version>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
<dependency>
|
||||||
|
<groupId>cn.iocoder.mall</groupId>
|
||||||
|
<artifactId>mall-spring-boot-starter-security</artifactId>
|
||||||
|
<version>1.0-SNAPSHOT</version>
|
||||||
|
</dependency>
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>cn.iocoder.mall</groupId>
|
<groupId>cn.iocoder.mall</groupId>
|
||||||
<artifactId>mall-spring-boot-starter-swagger</artifactId>
|
<artifactId>mall-spring-boot-starter-swagger</artifactId>
|
||||||
|
@ -21,3 +21,5 @@ dubbo:
|
|||||||
consumer:
|
consumer:
|
||||||
SystemLogRPC: # 用于 AccessLogInterceptor 等拦截器,记录 HTTP API 请求的访问日志
|
SystemLogRPC: # 用于 AccessLogInterceptor 等拦截器,记录 HTTP API 请求的访问日志
|
||||||
version: 1.0.0
|
version: 1.0.0
|
||||||
|
OAuth2RPC:
|
||||||
|
version: 1.0.0
|
||||||
|
Loading…
Reference in New Issue
Block a user