修复#6100、@IgnoreAuth扫描加速

2024-04-25 11:52:41 +08:00 · 2024-04-25 11:52:41 +08:00 · faebdee755
parent f1496b5084
commit faebdee755
7 changed files with 176 additions and 81 deletions
--- a/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroConfig.java
+++ b/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ShiroConfig.java
@ -27,6 +27,7 @@ import org.springframework.core.env.Environment;
 import org.springframework.core.type.filter.AnnotationTypeFilter;
 import org.springframework.data.redis.connection.lettuce.LettuceConnectionFactory;
 import org.springframework.util.CollectionUtils;
+import org.springframework.util.StopWatch;
 import org.springframework.util.StringUtils;
 import org.springframework.web.bind.annotation.*;
 import org.springframework.web.filter.DelegatingFilterProxy;
@ -48,7 +49,7 @@ import java.util.*;
@Slf4j
@Configuration
 // 免认证注解 @IgnoreAuth 注解生效范围配置
-@ComponentScan(basePackages = {"org.jeecg.**.controller"})
+@ComponentScan(basePackages = {"org.jeecg.**"})
 public class ShiroConfig {

    @Resource
@ -173,16 +174,6 @@ public class ShiroConfig {
        // 企业微信证书排除
        filterChainDefinitionMap.put("/WW_verify*", "anon");

-
-        // 通过注解免登录url
-        List<String> ignoreAuthUrlList = collectIgnoreAuthUrl();
-        if (!CollectionUtils.isEmpty(ignoreAuthUrlList)) {
-            for (String url : ignoreAuthUrlList) {
-                filterChainDefinitionMap.put(url, "anon");
-            }
-        }
-
-
        // 添加自己的过滤器并且取名为jwt
        Map<String, Filter> filterMap = new HashMap<String, Filter>(1);
        //如果cloudServer为空 则说明是单体 需要加载跨域配置【微服务跨域切换】
@ -335,74 +326,4 @@ public class ShiroConfig {
        return manager;
    }

-
-    @SneakyThrows
-    public List<String> collectIgnoreAuthUrl() {
-        List<String> ignoreAuthUrls = new ArrayList<>();
-        ClassPathScanningCandidateComponentProvider provider = new ClassPathScanningCandidateComponentProvider(false);
-        provider.addIncludeFilter(new AnnotationTypeFilter(RestController.class));
-
-        // 获取当前类的扫描注解的配置
-        Set<BeanDefinition> components = new HashSet<>();
-        for (String basePackage : AnnotationUtils.getAnnotation(ShiroConfig.class, ComponentScan.class).basePackages()) {
-            components.addAll(provider.findCandidateComponents(basePackage));
-        }
-
-        // 逐个匹配获取免认证路径
-        for (BeanDefinition component : components) {
-            String beanClassName = component.getBeanClassName();
-            Class<?> clazz = Class.forName(beanClassName);
-            RequestMapping base = clazz.getAnnotation(RequestMapping.class);
-            String[] baseUrl = {};
-            if (Objects.nonNull(base)) {
-                baseUrl = base.value();
-            }
-            Method[] methods = clazz.getDeclaredMethods();
-
-            for (Method method : methods) {
-                if (method.isAnnotationPresent(IgnoreAuth.class) && method.isAnnotationPresent(RequestMapping.class)) {
-                    RequestMapping requestMapping = method.getAnnotation(RequestMapping.class);
-                    String[] uri = requestMapping.value();
-                    ignoreAuthUrls.addAll(rebuildUrl(baseUrl, uri));
-                } else if (method.isAnnotationPresent(IgnoreAuth.class) && method.isAnnotationPresent(GetMapping.class)) {
-                    GetMapping requestMapping = method.getAnnotation(GetMapping.class);
-                    String[] uri = requestMapping.value();
-                    ignoreAuthUrls.addAll(rebuildUrl(baseUrl, uri));
-                } else if (method.isAnnotationPresent(IgnoreAuth.class) && method.isAnnotationPresent(PostMapping.class)) {
-                    PostMapping requestMapping = method.getAnnotation(PostMapping.class);
-                    String[] uri = requestMapping.value();
-                    ignoreAuthUrls.addAll(rebuildUrl(baseUrl, uri));
-                } else if (method.isAnnotationPresent(IgnoreAuth.class) && method.isAnnotationPresent(PutMapping.class)) {
-                    PutMapping requestMapping = method.getAnnotation(PutMapping.class);
-                    String[] uri = requestMapping.value();
-                    ignoreAuthUrls.addAll(rebuildUrl(baseUrl, uri));
-                } else if (method.isAnnotationPresent(IgnoreAuth.class) && method.isAnnotationPresent(DeleteMapping.class)) {
-                    DeleteMapping requestMapping = method.getAnnotation(DeleteMapping.class);
-                    String[] uri = requestMapping.value();
-                    ignoreAuthUrls.addAll(rebuildUrl(baseUrl, uri));
-                } else if (method.isAnnotationPresent(IgnoreAuth.class) && method.isAnnotationPresent(PatchMapping.class)) {
-                    PatchMapping requestMapping = method.getAnnotation(PatchMapping.class);
-                    String[] uri = requestMapping.value();
-                    ignoreAuthUrls.addAll(rebuildUrl(baseUrl, uri));
-                }
-            }
-        }
-
-        return ignoreAuthUrls;
-    }
-
-    private List<String> rebuildUrl(String[] bases, String[] uris) {
-        List<String> urls = new ArrayList<>();
-        for (String base : bases) {
-            for (String uri : uris) {
-                urls.add(prefix(base)+prefix(uri));
-            }
-        }
-        return urls;
-    }
-
-    private String prefix(String seg) {
-        return seg.startsWith("/") ? seg : "/"+seg;
-    }
-
 }
--- a/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/filters/JwtFilter.java
+++ b/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/filters/JwtFilter.java
@ -8,6 +8,7 @@ import org.jeecg.common.constant.CommonConstant;
 import org.jeecg.common.system.util.JwtUtil;
 import org.jeecg.common.util.oConvertUtils;
 import org.jeecg.config.shiro.JwtToken;
+import org.jeecg.config.shiro.ignore.InMemoryIgnoreAuth;
 import org.springframework.http.HttpHeaders;
 import org.springframework.http.HttpStatus;
 import org.springframework.web.bind.annotation.RequestMethod;
@ -47,6 +48,10 @@ public class JwtFilter extends BasicHttpAuthenticationFilter {
    @Override
    protected boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue) {
        try {
+            // 判断当前路径是不是注解了@IngoreAuth路径，如果是，则放开验证
+            if (InMemoryIgnoreAuth.contains(((HttpServletRequest) request).getServletPath())) {
+                return true;
+            }
            executeLogin(request, response);
            return true;
        } catch (Exception e) {
--- a/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ignore/IgnoreAuthPostProcessor.java
+++ b/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ignore/IgnoreAuthPostProcessor.java
@ -0,0 +1,104 @@
+package org.jeecg.config.shiro.ignore;
+
+import lombok.AllArgsConstructor;
+import org.jeecg.config.shiro.IgnoreAuth;
+import org.springframework.aop.framework.Advised;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.ApplicationListener;
+import org.springframework.context.event.ContextRefreshedEvent;
+import org.springframework.stereotype.Component;
+import org.springframework.util.CollectionUtils;
+import org.springframework.util.StopWatch;
+import org.springframework.web.bind.annotation.*;
+
+import java.lang.reflect.Method;
+import java.util.*;
+
+/**
+ * 在spring boot初始化时，根据@RestController注解获取当前spring容器中的bean
+ * @author eightmonth@qq.com
+ * @date 2024/4/18 11:35
+ */
+@Component
+@AllArgsConstructor
+public class IgnoreAuthPostProcessor implements ApplicationListener<ContextRefreshedEvent> {
+
+    private ApplicationContext applicationContext;
+
+    @Override
+    public void onApplicationEvent(ContextRefreshedEvent event) {
+        List<String> ignoreAuthUrls = new ArrayList<>();
+        if (event.getApplicationContext().getParent() == null) {
+            // 只处理根应用上下文的事件，避免在子上下文中重复处理
+            Map<String, Object> restControllers = applicationContext.getBeansWithAnnotation(RestController.class);
+            for (Object restController : restControllers.values()) {
+                // 如 online系统的controller并不是spring 默认生成
+                if (restController instanceof Advised) {
+                    ignoreAuthUrls.addAll(postProcessRestController(restController));
+                }
+            }
+        }
+
+        if (!CollectionUtils.isEmpty(ignoreAuthUrls)) {
+            InMemoryIgnoreAuth.set(ignoreAuthUrls);
+        }
+    }
+
+    private List<String> postProcessRestController(Object restController) {
+        List<String> ignoreAuthUrls = new ArrayList<>();
+        Class<?> clazz = ((Advised) restController).getTargetClass();
+        RequestMapping base = clazz.getAnnotation(RequestMapping.class);
+        String[] baseUrl = Objects.nonNull(base) ? base.value() : new String[]{};
+        Method[] methods = clazz.getDeclaredMethods();
+
+        for (Method method : methods) {
+            if (method.isAnnotationPresent(IgnoreAuth.class) && method.isAnnotationPresent(RequestMapping.class)) {
+                RequestMapping requestMapping = method.getAnnotation(RequestMapping.class);
+                String[] uri = requestMapping.value();
+                ignoreAuthUrls.addAll(rebuildUrl(baseUrl, uri));
+            } else if (method.isAnnotationPresent(IgnoreAuth.class) && method.isAnnotationPresent(GetMapping.class)) {
+                GetMapping requestMapping = method.getAnnotation(GetMapping.class);
+                String[] uri = requestMapping.value();
+                ignoreAuthUrls.addAll(rebuildUrl(baseUrl, uri));
+            } else if (method.isAnnotationPresent(IgnoreAuth.class) && method.isAnnotationPresent(PostMapping.class)) {
+                PostMapping requestMapping = method.getAnnotation(PostMapping.class);
+                String[] uri = requestMapping.value();
+                ignoreAuthUrls.addAll(rebuildUrl(baseUrl, uri));
+            } else if (method.isAnnotationPresent(IgnoreAuth.class) && method.isAnnotationPresent(PutMapping.class)) {
+                PutMapping requestMapping = method.getAnnotation(PutMapping.class);
+                String[] uri = requestMapping.value();
+                ignoreAuthUrls.addAll(rebuildUrl(baseUrl, uri));
+            } else if (method.isAnnotationPresent(IgnoreAuth.class) && method.isAnnotationPresent(DeleteMapping.class)) {
+                DeleteMapping requestMapping = method.getAnnotation(DeleteMapping.class);
+                String[] uri = requestMapping.value();
+                ignoreAuthUrls.addAll(rebuildUrl(baseUrl, uri));
+            } else if (method.isAnnotationPresent(IgnoreAuth.class) && method.isAnnotationPresent(PatchMapping.class)) {
+                PatchMapping requestMapping = method.getAnnotation(PatchMapping.class);
+                String[] uri = requestMapping.value();
+                ignoreAuthUrls.addAll(rebuildUrl(baseUrl, uri));
+            }
+        }
+
+        return ignoreAuthUrls;
+    }
+
+    private List<String> rebuildUrl(String[] bases, String[] uris) {
+        List<String> urls = new ArrayList<>();
+        if (bases.length > 0) {
+            for (String base : bases) {
+                for (String uri : uris) {
+                    urls.add(prefix(base) + prefix(uri));
+                }
+            }
+        } else {
+            Arrays.stream(uris).forEach(uri -> {
+                urls.add(prefix(uri));
+            });
+        }
+        return urls;
+    }
+
+    private String prefix(String seg) {
+        return seg.startsWith("/") ? seg : "/"+seg;
+    }
+}
--- a/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ignore/InMemoryIgnoreAuth.java
+++ b/jeecg-boot-base-core/src/main/java/org/jeecg/config/shiro/ignore/InMemoryIgnoreAuth.java
@ -0,0 +1,38 @@
+package org.jeecg.config.shiro.ignore;
+
+import java.util.ArrayList;
+import java.util.List;
+
+/**
+ * 使用内存存储通过@IgnoreAuth注解的url，配合JwtFilter进行免登录校验
+ * PS：无法使用ThreadLocal进行存储，因为ThreadLocal装载时，JwtFilter已经初始化完毕，导致该类获取ThreadLocal为空
+ * @author eightmonth@qq.com
+ * @date 2024/4/18 15:02
+ */
+public class InMemoryIgnoreAuth {
+    private static final List<String> IGNORE_AUTH_LIST = new ArrayList<>();
+
+    public InMemoryIgnoreAuth() {}
+
+    public static void set(List<String> list) {
+        IGNORE_AUTH_LIST.addAll(list);
+    }
+
+    public static List<String> get() {
+        return IGNORE_AUTH_LIST;
+    }
+
+    public static void clear() {
+        IGNORE_AUTH_LIST.clear();
+    }
+
+    public static boolean contains(String url) {
+        for (String ignoreAuth : IGNORE_AUTH_LIST) {
+            if (url.endsWith(ignoreAuth)) {
+                return true;
+            }
+        }
+
+        return false;
+    }
+}
--- a/jeecg-module-system/jeecg-system-start/src/main/java/org/jeecg/JeecgSystemApplication.java
+++ b/jeecg-module-system/jeecg-system-start/src/main/java/org/jeecg/JeecgSystemApplication.java
@ -2,6 +2,7 @@ package org.jeecg;

 import lombok.extern.slf4j.Slf4j;
 import org.jeecg.common.util.oConvertUtils;
+import org.jeecg.config.shiro.ignore.InMemoryIgnoreAuth;
 import org.springframework.boot.SpringApplication;
 import org.springframework.boot.autoconfigure.SpringBootApplication;
 import org.springframework.boot.builder.SpringApplicationBuilder;
--- a/jeecg-server-cloud/jeecg-cloud-gateway/src/main/java/org/jeecg/handler/swagger/SwaggerResourceController.java
+++ b/jeecg-server-cloud/jeecg-cloud-gateway/src/main/java/org/jeecg/handler/swagger/SwaggerResourceController.java
@ -1,13 +1,16 @@
 package org.jeecg.handler.swagger;

 import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.context.ApplicationContext;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 import springfox.documentation.swagger.web.*;

+import java.util.ArrayList;
 import java.util.List;
+import java.util.regex.Pattern;

 /**
 * swagger聚合接口，三个接口都是 doc.html需要访问的接口
@ -19,6 +22,11 @@ import java.util.List;
 public class SwaggerResourceController {
    private MySwaggerResourceProvider swaggerResourceProvider;

+    @Autowired
+    private ApplicationContext applicationContext;
+    // 生产环境profile配置模型
+    private static final String PRODUCTION_PROFILE_NAME = "prod*";
+
    @Autowired
    public SwaggerResourceController(MySwaggerResourceProvider swaggerResourceProvider) {
        this.swaggerResourceProvider = swaggerResourceProvider;
@ -36,6 +44,22 @@ public class SwaggerResourceController {

    @RequestMapping
    public ResponseEntity<List<SwaggerResource>> swaggerResources() {
+        // 如果激活的profile带有生产环境的profile，则屏蔽swagger资源
+        if (isProd()) {
+            return new ResponseEntity<>(new ArrayList<>(), HttpStatus.OK);
+        }
        return new ResponseEntity<>(swaggerResourceProvider.get(), HttpStatus.OK);
    }
+
+    private boolean isProd() {
+        String[] profiles = applicationContext.getEnvironment().getActiveProfiles();
+        Pattern pattern = Pattern.compile(PRODUCTION_PROFILE_NAME);
+        for (String profile : profiles) {
+            if (pattern.matcher(profile).find()) {
+                return true;
+            }
+        }
+
+        return false;
+    }
 }
--- a/jeecg-server-cloud/jeecg-system-cloud-start/src/main/java/org/jeecg/JeecgSystemCloudApplication.java
+++ b/jeecg-server-cloud/jeecg-system-cloud-start/src/main/java/org/jeecg/JeecgSystemCloudApplication.java
@ -16,6 +16,7 @@ import org.springframework.core.env.Environment;
 import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.scheduling.annotation.EnableScheduling;

+import java.lang.management.ManagementFactory;
 import java.net.InetAddress;
 import java.net.UnknownHostException;

@ -35,6 +36,7 @@ public class JeecgSystemCloudApplication extends SpringBootServletInitializer im
    private RedisTemplate<String, Object> redisTemplate;
    @Override
    protected SpringApplicationBuilder configure(SpringApplicationBuilder application) {
+
        return application.sources(JeecgSystemCloudApplication.class);
    }