From cd9313c9299ef3342a63d42f7fbc7ca293f916d2 Mon Sep 17 00:00:00 2001 From: johnniang Date: Thu, 28 Mar 2019 23:18:30 +0800 Subject: [PATCH] Set SecurityContext for development --- .../ryanc/halo/cache/InMemoryCacheStore.java | 16 ++++++++++++++++ .../ryanc/halo/config/HaloConfiguration.java | 6 ++++-- .../filter/AdminAuthenticationFilter.java | 18 +++++++++++++----- 3 files changed, 33 insertions(+), 7 deletions(-) diff --git a/src/main/java/cc/ryanc/halo/cache/InMemoryCacheStore.java b/src/main/java/cc/ryanc/halo/cache/InMemoryCacheStore.java index 0ad8bf1d4..ade47dd6c 100644 --- a/src/main/java/cc/ryanc/halo/cache/InMemoryCacheStore.java +++ b/src/main/java/cc/ryanc/halo/cache/InMemoryCacheStore.java @@ -4,6 +4,7 @@ import lombok.extern.slf4j.Slf4j; import org.springframework.util.Assert; import java.util.Optional; +import java.util.TimerTask; import java.util.concurrent.ConcurrentHashMap; import java.util.concurrent.locks.Lock; import java.util.concurrent.locks.ReentrantLock; @@ -76,4 +77,19 @@ public class InMemoryCacheStore extends StringCacheStore { cacheContainer.remove(key); } + + /** + * Cache store cleaner. + * + * @author johnniang + * @date 03/28/19 + */ + private class CacheStoreCleaner extends TimerTask { + + @Override + public void run() { + + cacheContainer.keySet().forEach(InMemoryCacheStore.this::get); + } + } } diff --git a/src/main/java/cc/ryanc/halo/config/HaloConfiguration.java b/src/main/java/cc/ryanc/halo/config/HaloConfiguration.java index a87462923..9727d4384 100644 --- a/src/main/java/cc/ryanc/halo/config/HaloConfiguration.java +++ b/src/main/java/cc/ryanc/halo/config/HaloConfiguration.java @@ -9,6 +9,7 @@ import cc.ryanc.halo.security.filter.AdminAuthenticationFilter; import cc.ryanc.halo.security.filter.ApiAuthenticationFilter; import cc.ryanc.halo.security.handler.AdminAuthenticationFailureHandler; import cc.ryanc.halo.security.handler.DefaultAuthenticationFailureHandler; +import cc.ryanc.halo.service.UserService; import com.fasterxml.jackson.databind.ObjectMapper; import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean; import org.springframework.boot.context.properties.EnableConfigurationProperties; @@ -80,8 +81,9 @@ public class HaloConfiguration { @Bean public FilterRegistrationBean adminAuthenticationFilter(HaloProperties haloProperties, ObjectMapper objectMapper, - StringCacheStore cacheStore) { - AdminAuthenticationFilter adminFilter = new AdminAuthenticationFilter(cacheStore, "/admin/api/login"); + StringCacheStore cacheStore, + UserService userService) { + AdminAuthenticationFilter adminFilter = new AdminAuthenticationFilter(cacheStore, userService, "/admin/api/login"); // Set auth enabled adminFilter.setAuthEnabled(haloProperties.getAuthEnabled()); diff --git a/src/main/java/cc/ryanc/halo/security/filter/AdminAuthenticationFilter.java b/src/main/java/cc/ryanc/halo/security/filter/AdminAuthenticationFilter.java index fa2c139a8..a6d21ad87 100644 --- a/src/main/java/cc/ryanc/halo/security/filter/AdminAuthenticationFilter.java +++ b/src/main/java/cc/ryanc/halo/security/filter/AdminAuthenticationFilter.java @@ -2,11 +2,13 @@ package cc.ryanc.halo.security.filter; import cc.ryanc.halo.cache.StringCacheStore; import cc.ryanc.halo.exception.AuthenticationException; +import cc.ryanc.halo.model.entity.User; import cc.ryanc.halo.security.authentication.AuthenticationImpl; import cc.ryanc.halo.security.context.SecurityContextHolder; import cc.ryanc.halo.security.context.SecurityContextImpl; import cc.ryanc.halo.security.handler.AuthenticationFailureHandler; import cc.ryanc.halo.security.support.UserDetail; +import cc.ryanc.halo.service.UserService; import cc.ryanc.halo.utils.JsonUtils; import org.apache.commons.lang3.StringUtils; import org.springframework.http.HttpHeaders; @@ -21,10 +23,7 @@ import javax.servlet.ServletException; import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletResponse; import java.io.IOException; -import java.util.Arrays; -import java.util.Collection; -import java.util.Collections; -import java.util.Optional; +import java.util.*; /** * Admin authentication filter. @@ -57,12 +56,15 @@ public class AdminAuthenticationFilter extends OncePerRequestFilter { private final StringCacheStore cacheStore; + private final UserService userService; + private final Collection excludeUrlPatterns; private final AntPathMatcher antPathMatcher; - public AdminAuthenticationFilter(StringCacheStore cacheStore, String... excludeUrls) { + public AdminAuthenticationFilter(StringCacheStore cacheStore, UserService userService, String... excludeUrls) { this.cacheStore = cacheStore; + this.userService = userService; this.excludeUrlPatterns = excludeUrls == null ? Collections.emptyList() : Collections.unmodifiableCollection(Arrays.asList(excludeUrls)); antPathMatcher = new AntPathMatcher(); } @@ -71,6 +73,12 @@ public class AdminAuthenticationFilter extends OncePerRequestFilter { protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain filterChain) throws ServletException, IOException { if (!authEnabled) { + List users = userService.listAll(); + if (!users.isEmpty()) { + // Set security context + User user = users.get(0); + SecurityContextHolder.setContext(new SecurityContextImpl(new AuthenticationImpl(new UserDetail(user)))); + } // If authentication disabled filterChain.doFilter(request, response); return;