【security】更新security模块

2021-02-19 18:53:16 +08:00 · 2021-02-19 18:53:16 +08:00 · 77f1aa1418
parent 64eccb04d4
commit 77f1aa1418
25 changed files with 303 additions and 108 deletions
--- a/kernel-d-security/README.md
+++ b/kernel-d-security/README.md
@ -0,0 +1,3 @@
+# 安全模块
+
+除了认证和鉴权之外的项目安全策略
--- a/kernel-d-security/pom.xml
+++ b/kernel-d-security/pom.xml
@ -0,0 +1,35 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>cn.stylefeng.roses</groupId>
+        <artifactId>roses-kernel</artifactId>
+        <version>7.0.0</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+
+    <artifactId>kernel-d-security</artifactId>
+
+    <packaging>pom</packaging>
+
+    <modules>
+        <module>security-api</module>
+        <module>security-sdk-xss</module>
+        <module>security-spring-boot-starter</module>
+    </modules>
+
+    <dependencies>
+
+        <!-- 开发规则 -->
+        <dependency>
+            <groupId>cn.stylefeng.roses</groupId>
+            <artifactId>kernel-a-rule</artifactId>
+            <version>7.0.0</version>
+        </dependency>
+
+    </dependencies>
+
+</project>
--- a/kernel-d-security/security-api/README.md
+++ b/kernel-d-security/security-api/README.md
@ -0,0 +1 @@
+安全模块的api
--- a/kernel-d-security/security-api/pom.xml
+++ b/kernel-d-security/security-api/pom.xml
@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>cn.stylefeng.roses</groupId>
+        <artifactId>kernel-d-security</artifactId>
+        <version>7.0.0</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+
+    <artifactId>security-api</artifactId>
+
+    <packaging>jar</packaging>
+
+    <dependencies>
+
+        <!--config模块的api-->
+        <dependency>
+            <groupId>cn.stylefeng.roses</groupId>
+            <artifactId>config-api</artifactId>
+            <version>7.0.0</version>
+        </dependency>
+
+    </dependencies>
+
+</project>
--- a/kernel-d-security/security-api/src/main/java/cn/stylefeng/roses/kernel/security/api/constants/SecurityConstants.java
+++ b/kernel-d-security/security-api/src/main/java/cn/stylefeng/roses/kernel/security/api/constants/SecurityConstants.java
@ -0,0 +1,26 @@
+package cn.stylefeng.roses.kernel.security.api.constants;
+
+/**
+ * 安全模块常量
+ *
+ * @author fengshuonan
+ * @date 2021/2/19 8:45
+ */
+public interface SecurityConstants {
+
+    /**
+     * 安全模块的名称
+     */
+    String SECURITY_MODULE_NAME = "kernel-d-security";
+
+    /**
+     * 异常枚举的步进值
+     */
+    String SECURITY_EXCEPTION_STEP_CODE = "28";
+
+    /**
+     * XSS默认拦截范围
+     */
+    String DEFAULT_XSS_PATTERN = "/*";
+
+}
--- a/kernel-d-security/security-api/src/main/java/cn/stylefeng/roses/kernel/security/api/exception/SecurityException.java
+++ b/kernel-d-security/security-api/src/main/java/cn/stylefeng/roses/kernel/security/api/exception/SecurityException.java
@ -0,0 +1,24 @@
+package cn.stylefeng.roses.kernel.security.api.exception;
+
+import cn.hutool.core.util.StrUtil;
+import cn.stylefeng.roses.kernel.rule.exception.AbstractExceptionEnum;
+import cn.stylefeng.roses.kernel.rule.exception.base.ServiceException;
+import cn.stylefeng.roses.kernel.security.api.constants.SecurityConstants;
+
+/**
+ * 安全模块异常
+ *
+ * @author fengshuonan
+ * @date 2021/2/19 8:48
+ */
+public class SecurityException extends ServiceException {
+
+    public SecurityException(AbstractExceptionEnum exception, Object... params) {
+        super(SecurityConstants.SECURITY_MODULE_NAME, exception.getErrorCode(), StrUtil.format(exception.getUserTip(), params));
+    }
+
+    public SecurityException(AbstractExceptionEnum exception) {
+        super(SecurityConstants.SECURITY_MODULE_NAME, exception);
+    }
+
+}
--- a/kernel-d-security/security-api/src/main/java/cn/stylefeng/roses/kernel/security/api/exception/enums/SecurityExceptionEnum.java
+++ b/kernel-d-security/security-api/src/main/java/cn/stylefeng/roses/kernel/security/api/exception/enums/SecurityExceptionEnum.java
@ -0,0 +1,37 @@
+package cn.stylefeng.roses.kernel.security.api.exception.enums;
+
+import cn.stylefeng.roses.kernel.rule.constants.RuleConstants;
+import cn.stylefeng.roses.kernel.rule.exception.AbstractExceptionEnum;
+import cn.stylefeng.roses.kernel.security.api.constants.SecurityConstants;
+import lombok.Getter;
+
+/**
+ * 安全模块异常枚举
+ *
+ * @author fengshuonan
+ * @date 2021/2/19 8:46
+ */
+@Getter
+public enum SecurityExceptionEnum implements AbstractExceptionEnum {
+
+    /**
+     * xxx
+     */
+    SECURITY_EXPIRED_ERROR(RuleConstants.BUSINESS_ERROR_TYPE_CODE + SecurityConstants.SECURITY_EXCEPTION_STEP_CODE + "01", "安全模块异常");
+
+    /**
+     * 错误编码
+     */
+    private final String errorCode;
+
+    /**
+     * 提示用户信息
+     */
+    private final String userTip;
+
+    SecurityExceptionEnum(String errorCode, String userTip) {
+        this.errorCode = errorCode;
+        this.userTip = userTip;
+    }
+
+}
--- a/kernel-d-security/security-api/src/main/java/cn/stylefeng/roses/kernel/security/api/expander/SecurityConfigExpander.java
+++ b/kernel-d-security/security-api/src/main/java/cn/stylefeng/roses/kernel/security/api/expander/SecurityConfigExpander.java
@ -0,0 +1,46 @@
+package cn.stylefeng.roses.kernel.security.api.expander;
+
+import cn.hutool.core.util.ArrayUtil;
+import cn.hutool.core.util.StrUtil;
+import cn.stylefeng.roses.kernel.config.api.context.ConfigContext;
+import cn.stylefeng.roses.kernel.security.api.constants.SecurityConstants;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * 安全模块的配置
+ *
+ * @author fengshuonan
+ * @date 2021/2/19 8:49
+ */
+public class SecurityConfigExpander {
+
+    /**
+     * 获取XSS过滤的url范围
+     *
+     * @author fengshuonan
+     * @date 2021/1/13 23:21
+     */
+    public static String[] getUrlPatterns() {
+        String xssUrlIncludes = ConfigContext.me().getSysConfigValueWithDefault("SYS_XSS_URL_INCLUDES", String.class, SecurityConstants.DEFAULT_XSS_PATTERN);
+        List<String> split = StrUtil.split(xssUrlIncludes, ',');
+        return ArrayUtil.toArray(split, String.class);
+    }
+
+    /**
+     * 获取XSS排除过滤的url范围
+     *
+     * @author fengshuonan
+     * @date 2021/1/13 23:21
+     */
+    public static List<String> getUrlExclusion() {
+        String noneSecurityUrls = ConfigContext.me().getSysConfigValueWithDefault("SYS_XSS_URL_EXCLUSIONS", String.class, "");
+        if (StrUtil.isEmpty(noneSecurityUrls)) {
+            return new ArrayList<>();
+        } else {
+            return StrUtil.split(noneSecurityUrls, ',');
+        }
+    }
+
+}
--- a/kernel-d-validator/validator-sdk-xss/README.md
+++ b/kernel-d-validator/validator-sdk-xss/README.md
--- a/kernel-d-validator/validator-sdk-xss/pom.xml
+++ b/kernel-d-validator/validator-sdk-xss/pom.xml
@ -6,18 +6,21 @@

    <parent>
        <groupId>cn.stylefeng.roses</groupId>
-        <artifactId>kernel-d-validator</artifactId>
+        <artifactId>kernel-d-security</artifactId>
        <version>7.0.0</version>
+        <relativePath>../pom.xml</relativePath>
    </parent>

-    <artifactId>validator-sdk-xss</artifactId>
+    <artifactId>security-sdk-xss</artifactId>
+
+    <packaging>jar</packaging>

    <dependencies>

-        <!--校验模块的api-->
+        <!--安全模块的api-->
        <dependency>
            <groupId>cn.stylefeng.roses</groupId>
-            <artifactId>validator-api</artifactId>
+            <artifactId>security-api</artifactId>
            <version>7.0.0</version>
        </dependency>

@ -28,4 +31,5 @@
        </dependency>

    </dependencies>
+
 </project>
--- a/kernel-d-security/security-sdk-xss/src/main/java/cn/stylefeng/roses/kernel/security/XssFilter.java
+++ b/kernel-d-security/security-sdk-xss/src/main/java/cn/stylefeng/roses/kernel/security/XssFilter.java
@ -1,7 +1,7 @@
-package cn.stylefeng.roses.kemel.xss;
+package cn.stylefeng.roses.kernel.security;

 import cn.hutool.core.util.ObjectUtil;
-import cn.stylefeng.roses.kemel.xss.prop.XssProperties;
+import cn.stylefeng.roses.kernel.security.prop.XssProperties;
 import org.springframework.util.AntPathMatcher;

 import javax.servlet.*;
--- a/kernel-d-security/security-sdk-xss/src/main/java/cn/stylefeng/roses/kernel/security/XssHttpServletRequestWrapper.java
+++ b/kernel-d-security/security-sdk-xss/src/main/java/cn/stylefeng/roses/kernel/security/XssHttpServletRequestWrapper.java
@ -1,4 +1,4 @@
-package cn.stylefeng.roses.kemel.xss;
+package cn.stylefeng.roses.kernel.security;


 import cn.hutool.core.util.ObjectUtil;
--- a/kernel-d-security/security-sdk-xss/src/main/java/cn/stylefeng/roses/kernel/security/XssJacksonDeserializer.java
+++ b/kernel-d-security/security-sdk-xss/src/main/java/cn/stylefeng/roses/kernel/security/XssJacksonDeserializer.java
@ -1,9 +1,9 @@
-package cn.stylefeng.roses.kemel.xss;
+package cn.stylefeng.roses.kernel.security;

 import cn.hutool.core.util.ObjectUtil;
 import cn.hutool.http.HtmlUtil;
-import cn.stylefeng.roses.kemel.xss.prop.XssProperties;
 import cn.stylefeng.roses.kernel.rule.util.HttpServletUtil;
+import cn.stylefeng.roses.kernel.security.prop.XssProperties;
 import com.fasterxml.jackson.core.JsonParser;
 import com.fasterxml.jackson.databind.DeserializationContext;
 import com.fasterxml.jackson.databind.JsonDeserializer;
--- a/kernel-d-security/security-sdk-xss/src/main/java/cn/stylefeng/roses/kernel/security/prop/XssProperties.java
+++ b/kernel-d-security/security-sdk-xss/src/main/java/cn/stylefeng/roses/kernel/security/prop/XssProperties.java
@ -1,4 +1,4 @@
-package cn.stylefeng.roses.kemel.xss.prop;
+package cn.stylefeng.roses.kernel.security.prop;

 import lombok.Data;

--- a/kernel-d-security/security-spring-boot-starter/README.md
+++ b/kernel-d-security/security-spring-boot-starter/README.md
@ -0,0 +1 @@
+jwt功能的spring boot自动加载模块
--- a/kernel-d-security/security-spring-boot-starter/pom.xml
+++ b/kernel-d-security/security-spring-boot-starter/pom.xml
@ -0,0 +1,29 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <modelVersion>4.0.0</modelVersion>
+
+    <parent>
+        <groupId>cn.stylefeng.roses</groupId>
+        <artifactId>kernel-d-security</artifactId>
+        <version>7.0.0</version>
+        <relativePath>../pom.xml</relativePath>
+    </parent>
+
+    <artifactId>security-spring-boot-starter</artifactId>
+
+    <packaging>jar</packaging>
+
+    <dependencies>
+
+        <!--xss模块-->
+        <dependency>
+            <groupId>cn.stylefeng.roses</groupId>
+            <artifactId>security-sdk-xss</artifactId>
+            <version>7.0.0</version>
+        </dependency>
+
+    </dependencies>
+
+</project>
--- a/kernel-d-security/security-spring-boot-starter/src/main/java/cn/stylefeng/roses/kernel/security/starter/GunsSecurityAutoConfiguration.java
+++ b/kernel-d-security/security-spring-boot-starter/src/main/java/cn/stylefeng/roses/kernel/security/starter/GunsSecurityAutoConfiguration.java
@ -0,0 +1,14 @@
+package cn.stylefeng.roses.kernel.security.starter;
+
+import org.springframework.context.annotation.Configuration;
+
+/**
+ * 安全模块自动配置
+ *
+ * @author fengshuonan
+ * @date 2021/2/19 9:05
+ */
+@Configuration
+public class GunsSecurityAutoConfiguration {
+
+}
--- a/kernel-d-validator/validator-spring-boot-starter/src/main/java/cn/stylefeng/roses/kernel/validator/starter/XssFilterAutoConfiguration.java
+++ b/kernel-d-validator/validator-spring-boot-starter/src/main/java/cn/stylefeng/roses/kernel/validator/starter/XssFilterAutoConfiguration.java
@ -1,9 +1,9 @@
-package cn.stylefeng.roses.kernel.validator.starter;
+package cn.stylefeng.roses.kernel.security.starter;

-import cn.stylefeng.roses.kemel.xss.XssFilter;
-import cn.stylefeng.roses.kemel.xss.XssJacksonDeserializer;
-import cn.stylefeng.roses.kemel.xss.prop.XssProperties;
-import cn.stylefeng.roses.kernel.validator.expander.XssConfigExpander;
+import cn.stylefeng.roses.kernel.security.XssFilter;
+import cn.stylefeng.roses.kernel.security.XssJacksonDeserializer;
+import cn.stylefeng.roses.kernel.security.api.expander.SecurityConfigExpander;
+import cn.stylefeng.roses.kernel.security.prop.XssProperties;
 import org.springframework.boot.autoconfigure.jackson.Jackson2ObjectMapperBuilderCustomizer;
 import org.springframework.boot.web.servlet.FilterRegistrationBean;
 import org.springframework.context.annotation.Bean;
@ -18,7 +18,7 @@ import static org.springframework.core.Ordered.HIGHEST_PRECEDENCE;
 * @date 2021/1/13 23:05
 */
@Configuration
-public class XssFilterAutoConfiguration {
+public class GunsXssAutoConfiguration {

    /**
     * XSS Filter过滤器，用来过滤param之类的传参
@ -58,8 +58,8 @@ public class XssFilterAutoConfiguration {
     */
    private XssProperties createProperties() {
        XssProperties xssProperties = new XssProperties();
-        xssProperties.setUrlPatterns(XssConfigExpander.getUrlPatterns());
-        xssProperties.setUrlExclusion(XssConfigExpander.getUrlExclusion());
+        xssProperties.setUrlPatterns(SecurityConfigExpander.getUrlPatterns());
+        xssProperties.setUrlExclusion(SecurityConfigExpander.getUrlExclusion());
        return xssProperties;
    }

--- a/kernel-d-security/security-spring-boot-starter/src/main/resources/META-INF/spring.factories
+++ b/kernel-d-security/security-spring-boot-starter/src/main/resources/META-INF/spring.factories
@ -0,0 +1,3 @@
+org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
+  cn.stylefeng.roses.kernel.security.starter.GunsSecurityAutoConfiguration,\
+  cn.stylefeng.roses.kernel.security.starter.GunsXssAutoConfiguration
--- a/kernel-d-validator/pom.xml
+++ b/kernel-d-validator/pom.xml
@ -19,7 +19,6 @@
        <module>validator-api</module>
        <module>validator-sdk-count</module>
        <module>validator-sdk-black-white</module>
-        <module>validator-sdk-xss</module>
        <module>validator-business-count</module>
        <module>validator-sdk-captcha</module>
        <module>validator-spring-boot-starter</module>
--- a/kernel-d-validator/validator-api/src/main/java/cn/stylefeng/roses/kernel/validator/constants/XssConstants.java
+++ b/kernel-d-validator/validator-api/src/main/java/cn/stylefeng/roses/kernel/validator/constants/XssConstants.java
@ -1,16 +0,0 @@
-package cn.stylefeng.roses.kernel.validator.constants;
-
-/**
- * XSS模块常量
- *
- * @author fengshuonan
- * @date 2021/1/13 23:35
- */
-public interface XssConstants {
-
-    /**
-     * 默认拦截范围
-     */
-    String DEFAULT_XSS_PATTERN = "/*";
-
-}
--- a/kernel-d-validator/validator-api/src/main/java/cn/stylefeng/roses/kernel/validator/expander/XssConfigExpander.java
+++ b/kernel-d-validator/validator-api/src/main/java/cn/stylefeng/roses/kernel/validator/expander/XssConfigExpander.java
@ -1,14 +1,5 @@
 package cn.stylefeng.roses.kernel.validator.expander;

-import cn.hutool.core.util.ArrayUtil;
-import cn.hutool.core.util.StrUtil;
-import cn.stylefeng.roses.kernel.config.api.context.ConfigContext;
-
-import java.util.ArrayList;
-import java.util.List;
-
-import static cn.stylefeng.roses.kernel.validator.constants.XssConstants.DEFAULT_XSS_PATTERN;
-
 /**
 * XSS相关配置
 *
@ -17,31 +8,5 @@ import static cn.stylefeng.roses.kernel.validator.constants.XssConstants.DEFAULT
 */
 public class XssConfigExpander {

-    /**
-     * 获取XSS过滤的url范围
-     *
-     * @author fengshuonan
-     * @date 2021/1/13 23:21
-     */
-    public static String[] getUrlPatterns() {
-        String xssUrlIncludes = ConfigContext.me().getSysConfigValueWithDefault("SYS_XSS_URL_INCLUDES", String.class, DEFAULT_XSS_PATTERN);
-        List<String> split = StrUtil.split(xssUrlIncludes, ',');
-        return ArrayUtil.toArray(split, String.class);
-    }
-
-    /**
-     * 获取XSS排除过滤的url范围
-     *
-     * @author fengshuonan
-     * @date 2021/1/13 23:21
-     */
-    public static List<String> getUrlExclusion() {
-        String noneSecurityUrls = ConfigContext.me().getSysConfigValueWithDefault("SYS_XSS_URL_EXCLUSIONS", String.class, "");
-        if (StrUtil.isEmpty(noneSecurityUrls)) {
-            return new ArrayList<>();
-        } else {
-            return StrUtil.split(noneSecurityUrls, ',');
-        }
-    }

 }
--- a/kernel-d-validator/validator-spring-boot-starter/pom.xml
+++ b/kernel-d-validator/validator-spring-boot-starter/pom.xml
@ -38,13 +38,6 @@
            <version>7.0.0</version>
        </dependency>

-        <!--XSS安全过滤器-->
-        <dependency>
-            <groupId>cn.stylefeng.roses</groupId>
-            <artifactId>validator-sdk-xss</artifactId>
-            <version>7.0.0</version>
-        </dependency>
-
        <!-- captcha图形验证码 -->
        <dependency>
            <groupId>cn.stylefeng.roses</groupId>
--- a/kernel-d-validator/validator-spring-boot-starter/src/main/resources/META-INF/spring.factories
+++ b/kernel-d-validator/validator-spring-boot-starter/src/main/resources/META-INF/spring.factories
@ -1,4 +1,3 @@
 org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
 cn.stylefeng.roses.kernel.validator.starter.ValidatorAutoConfiguration,\
-cn.stylefeng.roses.kernel.validator.starter.MethodArgumentResolverAutoConfiguration,\
-cn.stylefeng.roses.kernel.validator.starter.XssFilterAutoConfiguration
+cn.stylefeng.roses.kernel.validator.starter.MethodArgumentResolverAutoConfiguration
--- a/pom.xml
+++ b/pom.xml
@ -64,6 +64,9 @@
        <!--资源扫描模块-->
        <module>kernel-d-scanner</module>

+        <!--安全策略模块-->
+        <module>kernel-d-security</module>
+
        <!--sms模块-->
        <module>kernel-d-sms</module>

@ -310,36 +313,36 @@
            </plugin>

            <!--推送到中央仓库用-->
-<!--            <plugin>-->
-<!--                <groupId>org.apache.maven.plugins</groupId>-->
-<!--                <artifactId>maven-javadoc-plugin</artifactId>-->
-<!--                <version>2.9.1</version>-->
-<!--                <executions>-->
-<!--                    <execution>-->
-<!--                        <phase>package</phase>-->
-<!--                        <goals>-->
-<!--                            <goal>jar</goal>-->
-<!--                        </goals>-->
-<!--                    </execution>-->
-<!--                </executions>-->
-<!--                <configuration>-->
-<!--                    <additionalparam>-Xdoclint:none</additionalparam>-->
-<!--                </configuration>-->
-<!--            </plugin>-->
+            <!--            <plugin>-->
+            <!--                <groupId>org.apache.maven.plugins</groupId>-->
+            <!--                <artifactId>maven-javadoc-plugin</artifactId>-->
+            <!--                <version>2.9.1</version>-->
+            <!--                <executions>-->
+            <!--                    <execution>-->
+            <!--                        <phase>package</phase>-->
+            <!--                        <goals>-->
+            <!--                            <goal>jar</goal>-->
+            <!--                        </goals>-->
+            <!--                    </execution>-->
+            <!--                </executions>-->
+            <!--                <configuration>-->
+            <!--                    <additionalparam>-Xdoclint:none</additionalparam>-->
+            <!--                </configuration>-->
+            <!--            </plugin>-->
            <!--推送到中央仓库用-->
-<!--            <plugin>-->
-<!--                <groupId>org.apache.maven.plugins</groupId>-->
-<!--                <artifactId>maven-gpg-plugin</artifactId>-->
-<!--                <version>1.5</version>-->
-<!--                <executions>-->
-<!--                    <execution>-->
-<!--                        <phase>verify</phase>-->
-<!--                        <goals>-->
-<!--                            <goal>sign</goal>-->
-<!--                        </goals>-->
-<!--                    </execution>-->
-<!--                </executions>-->
-<!--            </plugin>-->
+            <!--            <plugin>-->
+            <!--                <groupId>org.apache.maven.plugins</groupId>-->
+            <!--                <artifactId>maven-gpg-plugin</artifactId>-->
+            <!--                <version>1.5</version>-->
+            <!--                <executions>-->
+            <!--                    <execution>-->
+            <!--                        <phase>verify</phase>-->
+            <!--                        <goals>-->
+            <!--                            <goal>sign</goal>-->
+            <!--                        </goals>-->
+            <!--                    </execution>-->
+            <!--                </executions>-->
+            <!--            </plugin>-->

        </plugins>
        <resources>