增加令牌刷新逻辑

增加演示模式的开关
This commit is contained in:
YunaiV 2020-08-26 20:47:46 +08:00
parent 54325da259
commit e0ab6b8462
10 changed files with 77 additions and 17 deletions

View File

@ -49,10 +49,12 @@ public class AdminSecurityAutoConfiguration implements WebMvcConfigurer {
.excludePathPatterns(properties.getDefaultIgnorePaths());
logger.info("[addInterceptors][加载 AdminSecurityInterceptor 拦截器完成]");
// AdminDemoInterceptor 拦截器
registry.addInterceptor(this.adminDemoInterceptor())
.excludePathPatterns(properties.getIgnorePaths())
.excludePathPatterns(properties.getDefaultIgnorePaths());
logger.info("[addInterceptors][加载 AdminDemoInterceptor 拦截器完成]");
if (Boolean.TRUE.equals(properties.getDemo())) {
registry.addInterceptor(this.adminDemoInterceptor())
.excludePathPatterns(properties.getIgnorePaths())
.excludePathPatterns(properties.getDefaultIgnorePaths());
logger.info("[addInterceptors][加载 AdminDemoInterceptor 拦截器完成]");
}
}
}

View File

@ -11,6 +11,11 @@ public class AdminSecurityProperties {
// Actuator 相关
};
/**
* 演示模式 - 默认值关闭
*/
private static final Boolean DEFAULT_DEMO = false;
/**
* 自定义忽略 Path
*/
@ -19,6 +24,10 @@ public class AdminSecurityProperties {
* 默认忽略 Path
*/
private String[] defaultIgnorePaths = DEFAULT_IGNORE_PATHS;
/**
* 是否开启演示模式
*/
private Boolean demo = DEFAULT_DEMO;
public String[] getIgnorePaths() {
return ignorePaths;
@ -38,4 +47,13 @@ public class AdminSecurityProperties {
return this;
}
public Boolean getDemo() {
return demo;
}
public AdminSecurityProperties setDemo(Boolean demo) {
this.demo = demo;
return this;
}
}

View File

@ -19,8 +19,9 @@ public class AdminDemoInterceptor extends HandlerInterceptorAdapter {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
// Admin 编号等于 0 约定为演示账号
if (Objects.equals(AdminSecurityContextHolder.getAdminId(), 0)
// Admin 编号等于 1 约定为演示账号
// TODO 芋艿后续去优化
if (Objects.equals(AdminSecurityContextHolder.getAdminId(), 1)
&& request.getMethod().equalsIgnoreCase(HttpMethod.POST.toString())) {
throw ServiceExceptionUtil.exception(SystemErrorCodeConstants.PERMISSION_DEMO_PERMISSION_DENY);
}

View File

@ -12,13 +12,9 @@ import cn.iocoder.security.annotations.RequiresNone;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import org.springframework.web.bind.annotation.*;
import javax.servlet.http.HttpServletRequest;
import java.util.List;
import java.util.Set;
@ -46,6 +42,14 @@ public class PassportController {
return success(passportManager.getAdmin(AdminSecurityContextHolder.getAdminId()));
}
@PostMapping("/refresh-token")
@ApiOperation("刷新令牌")
@RequiresNone
public CommonResult<PassportAccessTokenVO> refreshToken(@RequestParam("refreshToken") String refreshToken,
HttpServletRequest request) {
return success(passportManager.refreshToken(refreshToken, HttpUtil.getIp(request)));
}
// TODO 优化点迁移到 PermissionController
@GetMapping("/tree-admin-menu")
@ApiOperation("获得当前管理员的菜单树")

View File

@ -15,12 +15,13 @@ import cn.iocoder.mall.systemservice.enums.permission.ResourceTypeEnum;
import cn.iocoder.mall.systemservice.rpc.admin.AdminRpc;
import cn.iocoder.mall.systemservice.rpc.admin.vo.AdminVO;
import cn.iocoder.mall.systemservice.rpc.oauth.OAuth2Rpc;
import cn.iocoder.mall.systemservice.rpc.oauth.dto.OAuth2CreateAccessTokenReqDTO;
import cn.iocoder.mall.systemservice.rpc.oauth.dto.OAuth2AccessTokenRespDTO;
import cn.iocoder.mall.systemservice.rpc.oauth.dto.OAuth2CreateAccessTokenReqDTO;
import cn.iocoder.mall.systemservice.rpc.oauth.dto.OAuth2RefreshAccessTokenReqDTO;
import cn.iocoder.mall.systemservice.rpc.permission.ResourceRpc;
import cn.iocoder.mall.systemservice.rpc.permission.RoleRpc;
import cn.iocoder.mall.systemservice.rpc.permission.vo.ResourceVO;
import org.apache.dubbo.config.annotation.Reference;
import org.apache.dubbo.config.annotation.DubboReference;
import org.springframework.stereotype.Service;
import java.util.Collections;
@ -30,13 +31,13 @@ import java.util.Set;
@Service
public class PassportManager {
@Reference(version = "${dubbo.consumer.AdminRpc.version}")
@DubboReference(version = "${dubbo.consumer.AdminRpc.version}")
private AdminRpc adminRpc;
@Reference(version = "${dubbo.consumer.OAuth2Rpc.version}")
@DubboReference(version = "${dubbo.consumer.OAuth2Rpc.version}")
private OAuth2Rpc oauth2Rpc;
@Reference(version = "${dubbo.consumer.RoleRpc.version}")
@DubboReference(version = "${dubbo.consumer.RoleRpc.version}")
private RoleRpc roleRpc;
@Reference(version = "${dubbo.consumer.ResourceRpc.version}")
@DubboReference(version = "${dubbo.consumer.ResourceRpc.version}")
private ResourceRpc resourceRpc;
public PassportAccessTokenVO login(PassportLoginDTO loginDTO, String ip) {
@ -59,6 +60,13 @@ public class PassportManager {
return AdminPassportConvert.INSTANCE.convert(getAdminResult.getData());
}
public PassportAccessTokenVO refreshToken(String refreshToken, String ip) {
CommonResult<OAuth2AccessTokenRespDTO> refreshAccessTokenResult = oauth2Rpc.refreshAccessToken(
new OAuth2RefreshAccessTokenReqDTO().setRefreshToken(refreshToken).setCreateIp(ip));
refreshAccessTokenResult.checkError();
return AdminPassportConvert.INSTANCE.convert(refreshAccessTokenResult.getData());
}
/**
* 获得指定管理员的权限列表
*

View File

@ -13,3 +13,6 @@ dubbo:
registry:
# address: spring-cloud://400-infra.server.iocoder.cn:8848 # 指定 Dubbo 服务注册中心的地址
address: nacos://400-infra.server.iocoder.cn:8848?namespace=dev # 指定 Dubbo 服务注册中心的地址
# Mall 认证安全配置
mall.security.admin.demo: true # 是否开启演示模式

View File

@ -10,4 +10,10 @@ Content-Type: application/x-www-form-urlencoded
mobile=15601691300&scene=1
### /passport/refresh-token
POST {{user-api-base-url}}/passport/refresh-token
Content-Type: application/x-www-form-urlencoded
refreshToken=77abd74e84e34cfc8aba9625317a14a3
###

View File

@ -12,6 +12,7 @@ import io.swagger.annotations.ApiOperation;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
import org.springframework.web.bind.annotation.RestController;
import javax.servlet.http.HttpServletRequest;
@ -44,4 +45,12 @@ public class PassportController {
return success(true);
}
@PostMapping("/refresh-token")
@ApiOperation("刷新令牌")
@RequiresNone
public CommonResult<PassportAccessTokenRespVO> refreshToken(@RequestParam("refreshToken") String refreshToken,
HttpServletRequest request) {
return success(passportManager.refreshToken(refreshToken, HttpUtil.getIp(request)));
}
}

View File

@ -5,6 +5,7 @@ import cn.iocoder.common.framework.vo.CommonResult;
import cn.iocoder.mall.systemservice.rpc.oauth.OAuth2Rpc;
import cn.iocoder.mall.systemservice.rpc.oauth.dto.OAuth2AccessTokenRespDTO;
import cn.iocoder.mall.systemservice.rpc.oauth.dto.OAuth2CreateAccessTokenReqDTO;
import cn.iocoder.mall.systemservice.rpc.oauth.dto.OAuth2RefreshAccessTokenReqDTO;
import cn.iocoder.mall.userservice.enums.sms.UserSmsSceneEnum;
import cn.iocoder.mall.userservice.rpc.sms.UserSmsCodeRpc;
import cn.iocoder.mall.userservice.rpc.user.UserRpc;
@ -50,4 +51,11 @@ public class PassportManager {
sendSmsCodeResult.checkError();
}
public PassportAccessTokenRespVO refreshToken(String refreshToken, String ip) {
CommonResult<OAuth2AccessTokenRespDTO> refreshAccessTokenResult = oauth2Rpc.refreshAccessToken(
new OAuth2RefreshAccessTokenReqDTO().setRefreshToken(refreshToken).setCreateIp(ip));
refreshAccessTokenResult.checkError();
return PassportConvert.INSTANCE.convert(refreshAccessTokenResult.getData());
}
}

View File

@ -25,6 +25,7 @@ dubbo:
consumer:
timeout: 10000
validation: true # 开启 Consumer 的参数校验
check: false # 本地启动,不进行校验,不一定会使用到未启动的服务,嘿嘿~
UserSmsCodeRpc:
version: 1.0.0
UserRpc: