增加令牌刷新逻辑
增加演示模式的开关
This commit is contained in:
parent
54325da259
commit
e0ab6b8462
@ -49,10 +49,12 @@ public class AdminSecurityAutoConfiguration implements WebMvcConfigurer {
|
||||
.excludePathPatterns(properties.getDefaultIgnorePaths());
|
||||
logger.info("[addInterceptors][加载 AdminSecurityInterceptor 拦截器完成]");
|
||||
// AdminDemoInterceptor 拦截器
|
||||
registry.addInterceptor(this.adminDemoInterceptor())
|
||||
.excludePathPatterns(properties.getIgnorePaths())
|
||||
.excludePathPatterns(properties.getDefaultIgnorePaths());
|
||||
logger.info("[addInterceptors][加载 AdminDemoInterceptor 拦截器完成]");
|
||||
if (Boolean.TRUE.equals(properties.getDemo())) {
|
||||
registry.addInterceptor(this.adminDemoInterceptor())
|
||||
.excludePathPatterns(properties.getIgnorePaths())
|
||||
.excludePathPatterns(properties.getDefaultIgnorePaths());
|
||||
logger.info("[addInterceptors][加载 AdminDemoInterceptor 拦截器完成]");
|
||||
}
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -11,6 +11,11 @@ public class AdminSecurityProperties {
|
||||
// Actuator 相关
|
||||
};
|
||||
|
||||
/**
|
||||
* 演示模式 - 默认值(关闭)
|
||||
*/
|
||||
private static final Boolean DEFAULT_DEMO = false;
|
||||
|
||||
/**
|
||||
* 自定义忽略 Path
|
||||
*/
|
||||
@ -19,6 +24,10 @@ public class AdminSecurityProperties {
|
||||
* 默认忽略 Path
|
||||
*/
|
||||
private String[] defaultIgnorePaths = DEFAULT_IGNORE_PATHS;
|
||||
/**
|
||||
* 是否开启演示模式
|
||||
*/
|
||||
private Boolean demo = DEFAULT_DEMO;
|
||||
|
||||
public String[] getIgnorePaths() {
|
||||
return ignorePaths;
|
||||
@ -38,4 +47,13 @@ public class AdminSecurityProperties {
|
||||
return this;
|
||||
}
|
||||
|
||||
public Boolean getDemo() {
|
||||
return demo;
|
||||
}
|
||||
|
||||
public AdminSecurityProperties setDemo(Boolean demo) {
|
||||
this.demo = demo;
|
||||
return this;
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -19,8 +19,9 @@ public class AdminDemoInterceptor extends HandlerInterceptorAdapter {
|
||||
|
||||
@Override
|
||||
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
|
||||
// 当 Admin 编号等于 0 时,约定为演示账号
|
||||
if (Objects.equals(AdminSecurityContextHolder.getAdminId(), 0)
|
||||
// 当 Admin 编号等于 1 时,约定为演示账号
|
||||
// TODO 芋艿,后续去优化
|
||||
if (Objects.equals(AdminSecurityContextHolder.getAdminId(), 1)
|
||||
&& request.getMethod().equalsIgnoreCase(HttpMethod.POST.toString())) {
|
||||
throw ServiceExceptionUtil.exception(SystemErrorCodeConstants.PERMISSION_DEMO_PERMISSION_DENY);
|
||||
}
|
||||
|
@ -12,13 +12,9 @@ import cn.iocoder.security.annotations.RequiresNone;
|
||||
import io.swagger.annotations.Api;
|
||||
import io.swagger.annotations.ApiOperation;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.web.bind.annotation.GetMapping;
|
||||
import org.springframework.web.bind.annotation.PostMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
import org.springframework.web.bind.annotation.*;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
import java.util.List;
|
||||
import java.util.Set;
|
||||
|
||||
@ -46,6 +42,14 @@ public class PassportController {
|
||||
return success(passportManager.getAdmin(AdminSecurityContextHolder.getAdminId()));
|
||||
}
|
||||
|
||||
@PostMapping("/refresh-token")
|
||||
@ApiOperation("刷新令牌")
|
||||
@RequiresNone
|
||||
public CommonResult<PassportAccessTokenVO> refreshToken(@RequestParam("refreshToken") String refreshToken,
|
||||
HttpServletRequest request) {
|
||||
return success(passportManager.refreshToken(refreshToken, HttpUtil.getIp(request)));
|
||||
}
|
||||
|
||||
// TODO 优化点:迁移到 PermissionController
|
||||
@GetMapping("/tree-admin-menu")
|
||||
@ApiOperation("获得当前管理员的菜单树")
|
||||
|
@ -15,12 +15,13 @@ import cn.iocoder.mall.systemservice.enums.permission.ResourceTypeEnum;
|
||||
import cn.iocoder.mall.systemservice.rpc.admin.AdminRpc;
|
||||
import cn.iocoder.mall.systemservice.rpc.admin.vo.AdminVO;
|
||||
import cn.iocoder.mall.systemservice.rpc.oauth.OAuth2Rpc;
|
||||
import cn.iocoder.mall.systemservice.rpc.oauth.dto.OAuth2CreateAccessTokenReqDTO;
|
||||
import cn.iocoder.mall.systemservice.rpc.oauth.dto.OAuth2AccessTokenRespDTO;
|
||||
import cn.iocoder.mall.systemservice.rpc.oauth.dto.OAuth2CreateAccessTokenReqDTO;
|
||||
import cn.iocoder.mall.systemservice.rpc.oauth.dto.OAuth2RefreshAccessTokenReqDTO;
|
||||
import cn.iocoder.mall.systemservice.rpc.permission.ResourceRpc;
|
||||
import cn.iocoder.mall.systemservice.rpc.permission.RoleRpc;
|
||||
import cn.iocoder.mall.systemservice.rpc.permission.vo.ResourceVO;
|
||||
import org.apache.dubbo.config.annotation.Reference;
|
||||
import org.apache.dubbo.config.annotation.DubboReference;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
import java.util.Collections;
|
||||
@ -30,13 +31,13 @@ import java.util.Set;
|
||||
@Service
|
||||
public class PassportManager {
|
||||
|
||||
@Reference(version = "${dubbo.consumer.AdminRpc.version}")
|
||||
@DubboReference(version = "${dubbo.consumer.AdminRpc.version}")
|
||||
private AdminRpc adminRpc;
|
||||
@Reference(version = "${dubbo.consumer.OAuth2Rpc.version}")
|
||||
@DubboReference(version = "${dubbo.consumer.OAuth2Rpc.version}")
|
||||
private OAuth2Rpc oauth2Rpc;
|
||||
@Reference(version = "${dubbo.consumer.RoleRpc.version}")
|
||||
@DubboReference(version = "${dubbo.consumer.RoleRpc.version}")
|
||||
private RoleRpc roleRpc;
|
||||
@Reference(version = "${dubbo.consumer.ResourceRpc.version}")
|
||||
@DubboReference(version = "${dubbo.consumer.ResourceRpc.version}")
|
||||
private ResourceRpc resourceRpc;
|
||||
|
||||
public PassportAccessTokenVO login(PassportLoginDTO loginDTO, String ip) {
|
||||
@ -59,6 +60,13 @@ public class PassportManager {
|
||||
return AdminPassportConvert.INSTANCE.convert(getAdminResult.getData());
|
||||
}
|
||||
|
||||
public PassportAccessTokenVO refreshToken(String refreshToken, String ip) {
|
||||
CommonResult<OAuth2AccessTokenRespDTO> refreshAccessTokenResult = oauth2Rpc.refreshAccessToken(
|
||||
new OAuth2RefreshAccessTokenReqDTO().setRefreshToken(refreshToken).setCreateIp(ip));
|
||||
refreshAccessTokenResult.checkError();
|
||||
return AdminPassportConvert.INSTANCE.convert(refreshAccessTokenResult.getData());
|
||||
}
|
||||
|
||||
/**
|
||||
* 获得指定管理员的权限列表
|
||||
*
|
||||
|
@ -13,3 +13,6 @@ dubbo:
|
||||
registry:
|
||||
# address: spring-cloud://400-infra.server.iocoder.cn:8848 # 指定 Dubbo 服务注册中心的地址
|
||||
address: nacos://400-infra.server.iocoder.cn:8848?namespace=dev # 指定 Dubbo 服务注册中心的地址
|
||||
|
||||
# Mall 认证安全配置
|
||||
mall.security.admin.demo: true # 是否开启演示模式
|
||||
|
@ -10,4 +10,10 @@ Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
mobile=15601691300&scene=1
|
||||
|
||||
### /passport/refresh-token
|
||||
POST {{user-api-base-url}}/passport/refresh-token
|
||||
Content-Type: application/x-www-form-urlencoded
|
||||
|
||||
refreshToken=77abd74e84e34cfc8aba9625317a14a3
|
||||
|
||||
###
|
||||
|
@ -12,6 +12,7 @@ import io.swagger.annotations.ApiOperation;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.web.bind.annotation.PostMapping;
|
||||
import org.springframework.web.bind.annotation.RequestMapping;
|
||||
import org.springframework.web.bind.annotation.RequestParam;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
@ -44,4 +45,12 @@ public class PassportController {
|
||||
return success(true);
|
||||
}
|
||||
|
||||
@PostMapping("/refresh-token")
|
||||
@ApiOperation("刷新令牌")
|
||||
@RequiresNone
|
||||
public CommonResult<PassportAccessTokenRespVO> refreshToken(@RequestParam("refreshToken") String refreshToken,
|
||||
HttpServletRequest request) {
|
||||
return success(passportManager.refreshToken(refreshToken, HttpUtil.getIp(request)));
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -5,6 +5,7 @@ import cn.iocoder.common.framework.vo.CommonResult;
|
||||
import cn.iocoder.mall.systemservice.rpc.oauth.OAuth2Rpc;
|
||||
import cn.iocoder.mall.systemservice.rpc.oauth.dto.OAuth2AccessTokenRespDTO;
|
||||
import cn.iocoder.mall.systemservice.rpc.oauth.dto.OAuth2CreateAccessTokenReqDTO;
|
||||
import cn.iocoder.mall.systemservice.rpc.oauth.dto.OAuth2RefreshAccessTokenReqDTO;
|
||||
import cn.iocoder.mall.userservice.enums.sms.UserSmsSceneEnum;
|
||||
import cn.iocoder.mall.userservice.rpc.sms.UserSmsCodeRpc;
|
||||
import cn.iocoder.mall.userservice.rpc.user.UserRpc;
|
||||
@ -50,4 +51,11 @@ public class PassportManager {
|
||||
sendSmsCodeResult.checkError();
|
||||
}
|
||||
|
||||
public PassportAccessTokenRespVO refreshToken(String refreshToken, String ip) {
|
||||
CommonResult<OAuth2AccessTokenRespDTO> refreshAccessTokenResult = oauth2Rpc.refreshAccessToken(
|
||||
new OAuth2RefreshAccessTokenReqDTO().setRefreshToken(refreshToken).setCreateIp(ip));
|
||||
refreshAccessTokenResult.checkError();
|
||||
return PassportConvert.INSTANCE.convert(refreshAccessTokenResult.getData());
|
||||
}
|
||||
|
||||
}
|
||||
|
@ -25,6 +25,7 @@ dubbo:
|
||||
consumer:
|
||||
timeout: 10000
|
||||
validation: true # 开启 Consumer 的参数校验
|
||||
check: false # 本地启动,不进行校验,不一定会使用到未启动的服务,嘿嘿~
|
||||
UserSmsCodeRpc:
|
||||
version: 1.0.0
|
||||
UserRpc:
|
||||
|
Loading…
Reference in New Issue
Block a user