From db927eef72d0e61dba4925efdb81a538f6c99fbf Mon Sep 17 00:00:00 2001 From: fengshuonan Date: Wed, 21 Jun 2023 00:57:37 +0800 Subject: [PATCH] =?UTF-8?q?=E3=80=907.6.0=E3=80=91=E6=9B=B4=E6=96=B0?= =?UTF-8?q?=E4=B8=80=E4=B8=AA=E7=BB=BC=E5=90=88=E7=9A=84=E8=BF=87=E6=BB=A4?= =?UTF-8?q?=E5=99=A8=EF=BC=8C=E5=90=88=E5=B9=B6=E4=B9=8B=E5=89=8D=E7=9A=84?= =?UTF-8?q?=E4=B8=A4=E4=B8=AAtoken=E5=92=8C=E6=9D=83=E9=99=90=E8=BF=87?= =?UTF-8?q?=E6=BB=A4=E5=99=A8?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../config/web/SpringMvcConfiguration.java | 14 ++--- .../AuthJwtTokenSecurityInterceptor.java | 51 ------------------- .../PermissionSecurityInterceptor.java | 51 ------------------- ...ava => TokenAndPermissionInterceptor.java} | 50 ++++++++++++------ 4 files changed, 40 insertions(+), 126 deletions(-) delete mode 100644 src/main/java/cn/stylefeng/guns/core/security/AuthJwtTokenSecurityInterceptor.java delete mode 100644 src/main/java/cn/stylefeng/guns/core/security/PermissionSecurityInterceptor.java rename src/main/java/cn/stylefeng/guns/core/security/{base/BaseSecurityInterceptor.java => TokenAndPermissionInterceptor.java} (72%) diff --git a/src/main/java/cn/stylefeng/guns/config/web/SpringMvcConfiguration.java b/src/main/java/cn/stylefeng/guns/config/web/SpringMvcConfiguration.java index d25d0008..325d1a03 100644 --- a/src/main/java/cn/stylefeng/guns/config/web/SpringMvcConfiguration.java +++ b/src/main/java/cn/stylefeng/guns/config/web/SpringMvcConfiguration.java @@ -1,8 +1,7 @@ package cn.stylefeng.guns.config.web; import cn.stylefeng.guns.core.error.CustomErrorAttributes; -import cn.stylefeng.guns.core.security.AuthJwtTokenSecurityInterceptor; -import cn.stylefeng.guns.core.security.PermissionSecurityInterceptor; +import cn.stylefeng.guns.core.security.TokenAndPermissionInterceptor; import cn.stylefeng.roses.kernel.wrapper.field.jackson.CustomJacksonIntrospector; import com.fasterxml.jackson.databind.ser.std.ToStringSerializer; import org.springframework.boot.autoconfigure.jackson.Jackson2ObjectMapperBuilderCustomizer; @@ -26,10 +25,7 @@ import javax.annotation.Resource; public class SpringMvcConfiguration implements WebMvcConfigurer { @Resource - private AuthJwtTokenSecurityInterceptor authJwtTokenSecurityInterceptor; - - @Resource - private PermissionSecurityInterceptor permissionSecurityInterceptor; + private TokenAndPermissionInterceptor tokenAndPermissionInterceptor; /** * 重写系统的默认错误提示 @@ -51,7 +47,8 @@ public class SpringMvcConfiguration implements WebMvcConfigurer { @Bean public Jackson2ObjectMapperBuilderCustomizer jackson2ObjectMapperBuilderCustomizer() { return jacksonObjectMapperBuilder -> { - jacksonObjectMapperBuilder.serializerByType(Long.class, ToStringSerializer.instance).serializerByType(Long.TYPE, ToStringSerializer.instance); + jacksonObjectMapperBuilder.serializerByType(Long.class, ToStringSerializer.instance) + .serializerByType(Long.TYPE, ToStringSerializer.instance); jacksonObjectMapperBuilder.annotationIntrospector(new CustomJacksonIntrospector()); }; } @@ -64,8 +61,7 @@ public class SpringMvcConfiguration implements WebMvcConfigurer { */ @Override public void addInterceptors(InterceptorRegistry registry) { - registry.addInterceptor(authJwtTokenSecurityInterceptor); - registry.addInterceptor(permissionSecurityInterceptor); + registry.addInterceptor(tokenAndPermissionInterceptor); } /** diff --git a/src/main/java/cn/stylefeng/guns/core/security/AuthJwtTokenSecurityInterceptor.java b/src/main/java/cn/stylefeng/guns/core/security/AuthJwtTokenSecurityInterceptor.java deleted file mode 100644 index a49d1b44..00000000 --- a/src/main/java/cn/stylefeng/guns/core/security/AuthJwtTokenSecurityInterceptor.java +++ /dev/null @@ -1,51 +0,0 @@ -package cn.stylefeng.guns.core.security; - -import cn.hutool.core.util.StrUtil; -import cn.stylefeng.guns.core.security.base.BaseSecurityInterceptor; -import cn.stylefeng.roses.kernel.auth.api.AuthServiceApi; -import cn.stylefeng.roses.kernel.auth.api.exception.AuthException; -import cn.stylefeng.roses.kernel.auth.api.exception.enums.AuthExceptionEnum; -import cn.stylefeng.roses.kernel.scanner.api.pojo.resource.ResourceDefinition; -import lombok.extern.slf4j.Slf4j; -import org.springframework.stereotype.Component; - -import javax.annotation.Resource; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -/** - * 鉴权的过滤器,用来鉴权token - * - * @author fengshuonan - * @since 2020/12/15 22:45 - */ -@Component -@Slf4j -public class AuthJwtTokenSecurityInterceptor extends BaseSecurityInterceptor { - - /** - * 登陆服务Api - */ - @Resource - private AuthServiceApi authServiceApi; - - @Override - public void filterAction(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ResourceDefinition resourceDefinition, String token) { - - // 1. 获取当前请求的路径 - String requestURI = httpServletRequest.getRequestURI(); - - // 2. 如果需要登录 - if (resourceDefinition.getRequiredLoginFlag()) { - - // token为空,返回用户校验失败 - if (StrUtil.isEmpty(token)) { - throw new AuthException(AuthExceptionEnum.TOKEN_GET_ERROR); - } - - // 3.校验token和用户会话信息是否正确 - authServiceApi.checkAuth(token, requestURI); - } - } - -} diff --git a/src/main/java/cn/stylefeng/guns/core/security/PermissionSecurityInterceptor.java b/src/main/java/cn/stylefeng/guns/core/security/PermissionSecurityInterceptor.java deleted file mode 100644 index d8576f07..00000000 --- a/src/main/java/cn/stylefeng/guns/core/security/PermissionSecurityInterceptor.java +++ /dev/null @@ -1,51 +0,0 @@ -package cn.stylefeng.guns.core.security; - -import cn.hutool.core.util.StrUtil; -import cn.stylefeng.guns.core.security.base.BaseSecurityInterceptor; -import cn.stylefeng.roses.kernel.auth.api.PermissionServiceApi; -import cn.stylefeng.roses.kernel.auth.api.exception.AuthException; -import cn.stylefeng.roses.kernel.auth.api.exception.enums.AuthExceptionEnum; -import cn.stylefeng.roses.kernel.scanner.api.pojo.resource.ResourceDefinition; -import lombok.extern.slf4j.Slf4j; -import org.springframework.stereotype.Component; - -import javax.annotation.Resource; -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -/** - * 权限校验的过滤器,用来校验用户有没有访问接口的权限 - * - * @author fengshuonan - * @since 2020/12/15 22:46 - */ -@Component -@Slf4j -public class PermissionSecurityInterceptor extends BaseSecurityInterceptor { - - /** - * 资源权限校验API - */ - @Resource - private PermissionServiceApi permissionServiceApi; - - @Override - public void filterAction(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ResourceDefinition resourceDefinition, String token) { - - // 1. 获取当前请求的路径 - String requestURI = httpServletRequest.getRequestURI(); - - // 2. 如果需要鉴权 - if (resourceDefinition.getRequiredPermissionFlag()) { - - // token为空,返回用户校验失败 - if (StrUtil.isEmpty(token)) { - throw new AuthException(AuthExceptionEnum.TOKEN_GET_ERROR); - } - - // 3. 进行当前接口的权限校验 - permissionServiceApi.checkPermission(token, requestURI); - } - } - -} diff --git a/src/main/java/cn/stylefeng/guns/core/security/base/BaseSecurityInterceptor.java b/src/main/java/cn/stylefeng/guns/core/security/TokenAndPermissionInterceptor.java similarity index 72% rename from src/main/java/cn/stylefeng/guns/core/security/base/BaseSecurityInterceptor.java rename to src/main/java/cn/stylefeng/guns/core/security/TokenAndPermissionInterceptor.java index 3cc6eebd..fad50798 100644 --- a/src/main/java/cn/stylefeng/guns/core/security/base/BaseSecurityInterceptor.java +++ b/src/main/java/cn/stylefeng/guns/core/security/TokenAndPermissionInterceptor.java @@ -1,7 +1,8 @@ -package cn.stylefeng.guns.core.security.base; +package cn.stylefeng.guns.core.security; import cn.hutool.core.util.StrUtil; import cn.stylefeng.roses.kernel.auth.api.AuthServiceApi; +import cn.stylefeng.roses.kernel.auth.api.PermissionServiceApi; import cn.stylefeng.roses.kernel.auth.api.SessionManagerApi; import cn.stylefeng.roses.kernel.auth.api.context.LoginContext; import cn.stylefeng.roses.kernel.auth.api.exception.AuthException; @@ -13,6 +14,7 @@ import cn.stylefeng.roses.kernel.scanner.api.pojo.resource.ResourceDefinition; import cn.stylefeng.roses.kernel.scanner.api.pojo.resource.ResourceUrlParam; import cn.stylefeng.roses.kernel.sys.api.ResourceServiceApi; import lombok.extern.slf4j.Slf4j; +import org.springframework.stereotype.Component; import org.springframework.web.servlet.HandlerInterceptor; import javax.annotation.Resource; @@ -20,13 +22,14 @@ import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; /** - * 基础的Filter,一般用在权限过滤 + * Token和权限校验的综合过滤器 * * @author fengshuonan - * @since 2020/12/15 22:50 + * @since 2023/6/21 0:54 */ +@Component @Slf4j -public abstract class BaseSecurityInterceptor implements HandlerInterceptor { +public class TokenAndPermissionInterceptor implements HandlerInterceptor { @Resource private ResourceServiceApi resourceServiceApi; @@ -37,6 +40,9 @@ public abstract class BaseSecurityInterceptor implements HandlerInterceptor { @Resource private SessionManagerApi sessionManagerApi; + @Resource + private PermissionServiceApi permissionServiceApi; + @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) { @@ -45,7 +51,8 @@ public abstract class BaseSecurityInterceptor implements HandlerInterceptor { requestURI = requestURI.replaceAll("/+", "/"); // 2. 不需要权限过滤的资源,直接放行 - Boolean noneSecurityFlag = AntPathMatcherUtil.getAntMatchFLag(requestURI, request.getContextPath(), AuthConfigExpander.getNoneSecurityConfig()); + Boolean noneSecurityFlag = AntPathMatcherUtil.getAntMatchFLag(requestURI, request.getContextPath(), + AuthConfigExpander.getNoneSecurityConfig()); if (noneSecurityFlag) { return true; } @@ -88,18 +95,31 @@ public abstract class BaseSecurityInterceptor implements HandlerInterceptor { throw new AuthException(AuthExceptionEnum.CANT_REQUEST_UN_OPEN_API, requestURI); } - // 8.执行真正过滤器业务,如果拦截器执行不成功会抛出异常 - this.filterAction(request, response, resourceDefinition, token); + // 8. 执行token校验 + if (resourceDefinition.getRequiredLoginFlag()) { + + // token为空,返回用户校验失败 + if (StrUtil.isEmpty(token)) { + throw new AuthException(AuthExceptionEnum.TOKEN_GET_ERROR); + } + + // 校验token和用户会话信息是否正确 + authServiceApi.checkAuth(token, requestURI); + } + + // 9. 执行权限校验 + if (resourceDefinition.getRequiredPermissionFlag()) { + + // token为空,返回用户校验失败 + if (StrUtil.isEmpty(token)) { + throw new AuthException(AuthExceptionEnum.TOKEN_GET_ERROR); + } + + // 进行当前接口的权限校验 + permissionServiceApi.checkPermission(token, requestURI); + } return true; } - /** - * 过滤器的具体业务执行逻辑 - * - * @author fengshuonan - * @since 2020/12/15 22:52 - */ - public abstract void filterAction(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, ResourceDefinition resourceDefinition, String token); - }