增加令牌刷新逻辑
增加演示模式的开关
This commit is contained in:
parent
54325da259
commit
e0ab6b8462
@ -49,10 +49,12 @@ public class AdminSecurityAutoConfiguration implements WebMvcConfigurer {
|
|||||||
.excludePathPatterns(properties.getDefaultIgnorePaths());
|
.excludePathPatterns(properties.getDefaultIgnorePaths());
|
||||||
logger.info("[addInterceptors][加载 AdminSecurityInterceptor 拦截器完成]");
|
logger.info("[addInterceptors][加载 AdminSecurityInterceptor 拦截器完成]");
|
||||||
// AdminDemoInterceptor 拦截器
|
// AdminDemoInterceptor 拦截器
|
||||||
|
if (Boolean.TRUE.equals(properties.getDemo())) {
|
||||||
registry.addInterceptor(this.adminDemoInterceptor())
|
registry.addInterceptor(this.adminDemoInterceptor())
|
||||||
.excludePathPatterns(properties.getIgnorePaths())
|
.excludePathPatterns(properties.getIgnorePaths())
|
||||||
.excludePathPatterns(properties.getDefaultIgnorePaths());
|
.excludePathPatterns(properties.getDefaultIgnorePaths());
|
||||||
logger.info("[addInterceptors][加载 AdminDemoInterceptor 拦截器完成]");
|
logger.info("[addInterceptors][加载 AdminDemoInterceptor 拦截器完成]");
|
||||||
}
|
}
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -11,6 +11,11 @@ public class AdminSecurityProperties {
|
|||||||
// Actuator 相关
|
// Actuator 相关
|
||||||
};
|
};
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 演示模式 - 默认值(关闭)
|
||||||
|
*/
|
||||||
|
private static final Boolean DEFAULT_DEMO = false;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 自定义忽略 Path
|
* 自定义忽略 Path
|
||||||
*/
|
*/
|
||||||
@ -19,6 +24,10 @@ public class AdminSecurityProperties {
|
|||||||
* 默认忽略 Path
|
* 默认忽略 Path
|
||||||
*/
|
*/
|
||||||
private String[] defaultIgnorePaths = DEFAULT_IGNORE_PATHS;
|
private String[] defaultIgnorePaths = DEFAULT_IGNORE_PATHS;
|
||||||
|
/**
|
||||||
|
* 是否开启演示模式
|
||||||
|
*/
|
||||||
|
private Boolean demo = DEFAULT_DEMO;
|
||||||
|
|
||||||
public String[] getIgnorePaths() {
|
public String[] getIgnorePaths() {
|
||||||
return ignorePaths;
|
return ignorePaths;
|
||||||
@ -38,4 +47,13 @@ public class AdminSecurityProperties {
|
|||||||
return this;
|
return this;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public Boolean getDemo() {
|
||||||
|
return demo;
|
||||||
|
}
|
||||||
|
|
||||||
|
public AdminSecurityProperties setDemo(Boolean demo) {
|
||||||
|
this.demo = demo;
|
||||||
|
return this;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -19,8 +19,9 @@ public class AdminDemoInterceptor extends HandlerInterceptorAdapter {
|
|||||||
|
|
||||||
@Override
|
@Override
|
||||||
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
|
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
|
||||||
// 当 Admin 编号等于 0 时,约定为演示账号
|
// 当 Admin 编号等于 1 时,约定为演示账号
|
||||||
if (Objects.equals(AdminSecurityContextHolder.getAdminId(), 0)
|
// TODO 芋艿,后续去优化
|
||||||
|
if (Objects.equals(AdminSecurityContextHolder.getAdminId(), 1)
|
||||||
&& request.getMethod().equalsIgnoreCase(HttpMethod.POST.toString())) {
|
&& request.getMethod().equalsIgnoreCase(HttpMethod.POST.toString())) {
|
||||||
throw ServiceExceptionUtil.exception(SystemErrorCodeConstants.PERMISSION_DEMO_PERMISSION_DENY);
|
throw ServiceExceptionUtil.exception(SystemErrorCodeConstants.PERMISSION_DEMO_PERMISSION_DENY);
|
||||||
}
|
}
|
||||||
|
@ -12,13 +12,9 @@ import cn.iocoder.security.annotations.RequiresNone;
|
|||||||
import io.swagger.annotations.Api;
|
import io.swagger.annotations.Api;
|
||||||
import io.swagger.annotations.ApiOperation;
|
import io.swagger.annotations.ApiOperation;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.web.bind.annotation.GetMapping;
|
import org.springframework.web.bind.annotation.*;
|
||||||
import org.springframework.web.bind.annotation.PostMapping;
|
|
||||||
import org.springframework.web.bind.annotation.RequestMapping;
|
|
||||||
import org.springframework.web.bind.annotation.RestController;
|
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
import java.util.Set;
|
import java.util.Set;
|
||||||
|
|
||||||
@ -46,6 +42,14 @@ public class PassportController {
|
|||||||
return success(passportManager.getAdmin(AdminSecurityContextHolder.getAdminId()));
|
return success(passportManager.getAdmin(AdminSecurityContextHolder.getAdminId()));
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@PostMapping("/refresh-token")
|
||||||
|
@ApiOperation("刷新令牌")
|
||||||
|
@RequiresNone
|
||||||
|
public CommonResult<PassportAccessTokenVO> refreshToken(@RequestParam("refreshToken") String refreshToken,
|
||||||
|
HttpServletRequest request) {
|
||||||
|
return success(passportManager.refreshToken(refreshToken, HttpUtil.getIp(request)));
|
||||||
|
}
|
||||||
|
|
||||||
// TODO 优化点:迁移到 PermissionController
|
// TODO 优化点:迁移到 PermissionController
|
||||||
@GetMapping("/tree-admin-menu")
|
@GetMapping("/tree-admin-menu")
|
||||||
@ApiOperation("获得当前管理员的菜单树")
|
@ApiOperation("获得当前管理员的菜单树")
|
||||||
|
@ -15,12 +15,13 @@ import cn.iocoder.mall.systemservice.enums.permission.ResourceTypeEnum;
|
|||||||
import cn.iocoder.mall.systemservice.rpc.admin.AdminRpc;
|
import cn.iocoder.mall.systemservice.rpc.admin.AdminRpc;
|
||||||
import cn.iocoder.mall.systemservice.rpc.admin.vo.AdminVO;
|
import cn.iocoder.mall.systemservice.rpc.admin.vo.AdminVO;
|
||||||
import cn.iocoder.mall.systemservice.rpc.oauth.OAuth2Rpc;
|
import cn.iocoder.mall.systemservice.rpc.oauth.OAuth2Rpc;
|
||||||
import cn.iocoder.mall.systemservice.rpc.oauth.dto.OAuth2CreateAccessTokenReqDTO;
|
|
||||||
import cn.iocoder.mall.systemservice.rpc.oauth.dto.OAuth2AccessTokenRespDTO;
|
import cn.iocoder.mall.systemservice.rpc.oauth.dto.OAuth2AccessTokenRespDTO;
|
||||||
|
import cn.iocoder.mall.systemservice.rpc.oauth.dto.OAuth2CreateAccessTokenReqDTO;
|
||||||
|
import cn.iocoder.mall.systemservice.rpc.oauth.dto.OAuth2RefreshAccessTokenReqDTO;
|
||||||
import cn.iocoder.mall.systemservice.rpc.permission.ResourceRpc;
|
import cn.iocoder.mall.systemservice.rpc.permission.ResourceRpc;
|
||||||
import cn.iocoder.mall.systemservice.rpc.permission.RoleRpc;
|
import cn.iocoder.mall.systemservice.rpc.permission.RoleRpc;
|
||||||
import cn.iocoder.mall.systemservice.rpc.permission.vo.ResourceVO;
|
import cn.iocoder.mall.systemservice.rpc.permission.vo.ResourceVO;
|
||||||
import org.apache.dubbo.config.annotation.Reference;
|
import org.apache.dubbo.config.annotation.DubboReference;
|
||||||
import org.springframework.stereotype.Service;
|
import org.springframework.stereotype.Service;
|
||||||
|
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
@ -30,13 +31,13 @@ import java.util.Set;
|
|||||||
@Service
|
@Service
|
||||||
public class PassportManager {
|
public class PassportManager {
|
||||||
|
|
||||||
@Reference(version = "${dubbo.consumer.AdminRpc.version}")
|
@DubboReference(version = "${dubbo.consumer.AdminRpc.version}")
|
||||||
private AdminRpc adminRpc;
|
private AdminRpc adminRpc;
|
||||||
@Reference(version = "${dubbo.consumer.OAuth2Rpc.version}")
|
@DubboReference(version = "${dubbo.consumer.OAuth2Rpc.version}")
|
||||||
private OAuth2Rpc oauth2Rpc;
|
private OAuth2Rpc oauth2Rpc;
|
||||||
@Reference(version = "${dubbo.consumer.RoleRpc.version}")
|
@DubboReference(version = "${dubbo.consumer.RoleRpc.version}")
|
||||||
private RoleRpc roleRpc;
|
private RoleRpc roleRpc;
|
||||||
@Reference(version = "${dubbo.consumer.ResourceRpc.version}")
|
@DubboReference(version = "${dubbo.consumer.ResourceRpc.version}")
|
||||||
private ResourceRpc resourceRpc;
|
private ResourceRpc resourceRpc;
|
||||||
|
|
||||||
public PassportAccessTokenVO login(PassportLoginDTO loginDTO, String ip) {
|
public PassportAccessTokenVO login(PassportLoginDTO loginDTO, String ip) {
|
||||||
@ -59,6 +60,13 @@ public class PassportManager {
|
|||||||
return AdminPassportConvert.INSTANCE.convert(getAdminResult.getData());
|
return AdminPassportConvert.INSTANCE.convert(getAdminResult.getData());
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public PassportAccessTokenVO refreshToken(String refreshToken, String ip) {
|
||||||
|
CommonResult<OAuth2AccessTokenRespDTO> refreshAccessTokenResult = oauth2Rpc.refreshAccessToken(
|
||||||
|
new OAuth2RefreshAccessTokenReqDTO().setRefreshToken(refreshToken).setCreateIp(ip));
|
||||||
|
refreshAccessTokenResult.checkError();
|
||||||
|
return AdminPassportConvert.INSTANCE.convert(refreshAccessTokenResult.getData());
|
||||||
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 获得指定管理员的权限列表
|
* 获得指定管理员的权限列表
|
||||||
*
|
*
|
||||||
|
@ -13,3 +13,6 @@ dubbo:
|
|||||||
registry:
|
registry:
|
||||||
# address: spring-cloud://400-infra.server.iocoder.cn:8848 # 指定 Dubbo 服务注册中心的地址
|
# address: spring-cloud://400-infra.server.iocoder.cn:8848 # 指定 Dubbo 服务注册中心的地址
|
||||||
address: nacos://400-infra.server.iocoder.cn:8848?namespace=dev # 指定 Dubbo 服务注册中心的地址
|
address: nacos://400-infra.server.iocoder.cn:8848?namespace=dev # 指定 Dubbo 服务注册中心的地址
|
||||||
|
|
||||||
|
# Mall 认证安全配置
|
||||||
|
mall.security.admin.demo: true # 是否开启演示模式
|
||||||
|
@ -10,4 +10,10 @@ Content-Type: application/x-www-form-urlencoded
|
|||||||
|
|
||||||
mobile=15601691300&scene=1
|
mobile=15601691300&scene=1
|
||||||
|
|
||||||
|
### /passport/refresh-token
|
||||||
|
POST {{user-api-base-url}}/passport/refresh-token
|
||||||
|
Content-Type: application/x-www-form-urlencoded
|
||||||
|
|
||||||
|
refreshToken=77abd74e84e34cfc8aba9625317a14a3
|
||||||
|
|
||||||
###
|
###
|
||||||
|
@ -12,6 +12,7 @@ import io.swagger.annotations.ApiOperation;
|
|||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.web.bind.annotation.PostMapping;
|
import org.springframework.web.bind.annotation.PostMapping;
|
||||||
import org.springframework.web.bind.annotation.RequestMapping;
|
import org.springframework.web.bind.annotation.RequestMapping;
|
||||||
|
import org.springframework.web.bind.annotation.RequestParam;
|
||||||
import org.springframework.web.bind.annotation.RestController;
|
import org.springframework.web.bind.annotation.RestController;
|
||||||
|
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
@ -44,4 +45,12 @@ public class PassportController {
|
|||||||
return success(true);
|
return success(true);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
@PostMapping("/refresh-token")
|
||||||
|
@ApiOperation("刷新令牌")
|
||||||
|
@RequiresNone
|
||||||
|
public CommonResult<PassportAccessTokenRespVO> refreshToken(@RequestParam("refreshToken") String refreshToken,
|
||||||
|
HttpServletRequest request) {
|
||||||
|
return success(passportManager.refreshToken(refreshToken, HttpUtil.getIp(request)));
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -5,6 +5,7 @@ import cn.iocoder.common.framework.vo.CommonResult;
|
|||||||
import cn.iocoder.mall.systemservice.rpc.oauth.OAuth2Rpc;
|
import cn.iocoder.mall.systemservice.rpc.oauth.OAuth2Rpc;
|
||||||
import cn.iocoder.mall.systemservice.rpc.oauth.dto.OAuth2AccessTokenRespDTO;
|
import cn.iocoder.mall.systemservice.rpc.oauth.dto.OAuth2AccessTokenRespDTO;
|
||||||
import cn.iocoder.mall.systemservice.rpc.oauth.dto.OAuth2CreateAccessTokenReqDTO;
|
import cn.iocoder.mall.systemservice.rpc.oauth.dto.OAuth2CreateAccessTokenReqDTO;
|
||||||
|
import cn.iocoder.mall.systemservice.rpc.oauth.dto.OAuth2RefreshAccessTokenReqDTO;
|
||||||
import cn.iocoder.mall.userservice.enums.sms.UserSmsSceneEnum;
|
import cn.iocoder.mall.userservice.enums.sms.UserSmsSceneEnum;
|
||||||
import cn.iocoder.mall.userservice.rpc.sms.UserSmsCodeRpc;
|
import cn.iocoder.mall.userservice.rpc.sms.UserSmsCodeRpc;
|
||||||
import cn.iocoder.mall.userservice.rpc.user.UserRpc;
|
import cn.iocoder.mall.userservice.rpc.user.UserRpc;
|
||||||
@ -50,4 +51,11 @@ public class PassportManager {
|
|||||||
sendSmsCodeResult.checkError();
|
sendSmsCodeResult.checkError();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public PassportAccessTokenRespVO refreshToken(String refreshToken, String ip) {
|
||||||
|
CommonResult<OAuth2AccessTokenRespDTO> refreshAccessTokenResult = oauth2Rpc.refreshAccessToken(
|
||||||
|
new OAuth2RefreshAccessTokenReqDTO().setRefreshToken(refreshToken).setCreateIp(ip));
|
||||||
|
refreshAccessTokenResult.checkError();
|
||||||
|
return PassportConvert.INSTANCE.convert(refreshAccessTokenResult.getData());
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -25,6 +25,7 @@ dubbo:
|
|||||||
consumer:
|
consumer:
|
||||||
timeout: 10000
|
timeout: 10000
|
||||||
validation: true # 开启 Consumer 的参数校验
|
validation: true # 开启 Consumer 的参数校验
|
||||||
|
check: false # 本地启动,不进行校验,不一定会使用到未启动的服务,嘿嘿~
|
||||||
UserSmsCodeRpc:
|
UserSmsCodeRpc:
|
||||||
version: 1.0.0
|
version: 1.0.0
|
||||||
UserRpc:
|
UserRpc:
|
||||||
|
Loading…
Reference in New Issue
Block a user