修改了security权限控制,优化了附件sdk异常处理
This commit is contained in:
ajaxfan
@ -1,16 +1,14 @@
|
||||
package com.chinaunicom.mall.ebtp.cloud.security.starter.config;
|
||||
|
||||
import com.chinaunicom.mall.ebtp.cloud.security.starter.filter.CustomUserDetailService;
|
||||
import com.chinaunicom.mall.ebtp.cloud.security.starter.filter.TokenAuthenticationFilter;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
|
||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
||||
|
||||
import com.chinaunicom.mall.ebtp.cloud.security.starter.filter.TokenAuthenticationFilter;
|
||||
|
||||
/**
|
||||
* 安全设置
|
||||
*
|
||||
@ -20,9 +18,6 @@ import org.springframework.security.web.authentication.UsernamePasswordAuthentic
|
||||
@EnableGlobalMethodSecurity(prePostEnabled = true, jsr250Enabled = true, securedEnabled = true)
|
||||
public class BrowserSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
|
||||
@Autowired
|
||||
private CustomUserDetailService userDetailsService;
|
||||
|
||||
@Bean
|
||||
public TokenAuthenticationFilter authenticationTokenFilterBean() {
|
||||
return new TokenAuthenticationFilter();
|
||||
@ -39,9 +34,5 @@ public class BrowserSecurityConfig extends WebSecurityConfigurerAdapter {
|
||||
http.csrf().disable();
|
||||
http.addFilterBefore(authenticationTokenFilterBean(), UsernamePasswordAuthenticationFilter.class);
|
||||
}
|
||||
|
||||
@Override
|
||||
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
||||
auth.userDetailsService(userDetailsService);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
@ -3,18 +3,13 @@ package com.chinaunicom.mall.ebtp.cloud.security.starter.entity;
|
||||
import java.util.List;
|
||||
|
||||
import lombok.Data;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
|
||||
@Data
|
||||
public class AuthorityEntity implements GrantedAuthority {
|
||||
public class AuthorityEntity {
|
||||
|
||||
private String roleName;
|
||||
private String roleCode;
|
||||
private String roleId;
|
||||
private List<String> authorities;
|
||||
|
||||
@Override
|
||||
public String getAuthority() {
|
||||
return roleCode;
|
||||
}
|
||||
}
|
||||
|
||||
@ -0,0 +1,23 @@
|
||||
package com.chinaunicom.mall.ebtp.cloud.security.starter.entity;
|
||||
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
|
||||
import lombok.AllArgsConstructor;
|
||||
|
||||
/**
|
||||
* 基于角色的权限信息
|
||||
*
|
||||
* @author Ajaxfan
|
||||
*/
|
||||
@AllArgsConstructor
|
||||
public class RoleCodeAuthority implements GrantedAuthority {
|
||||
private static final long serialVersionUID = -7881153326775335008L;
|
||||
|
||||
private String roleCode;
|
||||
|
||||
@Override
|
||||
public String getAuthority() {
|
||||
return roleCode;
|
||||
}
|
||||
|
||||
}
|
||||
@ -1,13 +1,10 @@
|
||||
package com.chinaunicom.mall.ebtp.cloud.security.starter.entity;
|
||||
|
||||
import java.util.Collection;
|
||||
import java.util.Date;
|
||||
import java.util.List;
|
||||
|
||||
import lombok.Data;
|
||||
import lombok.experimental.Accessors;
|
||||
import org.springframework.security.core.GrantedAuthority;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
|
||||
/**
|
||||
* 缓存用户实体映射类
|
||||
@ -18,7 +15,7 @@ import org.springframework.security.core.userdetails.UserDetails;
|
||||
*/
|
||||
@Data
|
||||
@Accessors(chain = true)
|
||||
public class SecurityUser implements UserDetails {
|
||||
public class SecurityUser {
|
||||
|
||||
/**
|
||||
* PKID
|
||||
@ -162,38 +159,4 @@ public class SecurityUser implements UserDetails {
|
||||
*/
|
||||
private List<AuthorityEntity> authorityList;
|
||||
|
||||
@Override
|
||||
public Collection<? extends GrantedAuthority> getAuthorities() {
|
||||
return authorityList;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getPassword() {
|
||||
return null;
|
||||
}
|
||||
|
||||
@Override
|
||||
public String getUsername() {
|
||||
return fullName;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isAccountNonExpired() {
|
||||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isAccountNonLocked() {
|
||||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isCredentialsNonExpired() {
|
||||
return true;
|
||||
}
|
||||
|
||||
@Override
|
||||
public boolean isEnabled() {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
|
||||
@ -1,19 +0,0 @@
|
||||
package com.chinaunicom.mall.ebtp.cloud.security.starter.filter;
|
||||
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
||||
import org.springframework.stereotype.Service;
|
||||
|
||||
@Service
|
||||
@Slf4j
|
||||
public class CustomUserDetailService implements UserDetailsService {
|
||||
|
||||
|
||||
@Override
|
||||
public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
|
||||
log.info("UserDetails -------------------------------- {} ---------------------------------------", s);
|
||||
return null;
|
||||
}
|
||||
}
|
||||
@ -1,9 +1,16 @@
|
||||
package com.chinaunicom.mall.ebtp.cloud.security.starter.filter;
|
||||
|
||||
import com.chinaunicom.mall.ebtp.cloud.security.starter.common.Constants;
|
||||
import com.chinaunicom.mall.ebtp.cloud.security.starter.entity.AuthorityEntity;
|
||||
import com.chinaunicom.mall.ebtp.cloud.security.starter.entity.SecurityUser;
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
import java.io.IOException;
|
||||
import java.util.Arrays;
|
||||
import java.util.Collections;
|
||||
import java.util.List;
|
||||
import java.util.Optional;
|
||||
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
|
||||
import org.apache.commons.lang3.RegExUtils;
|
||||
import org.apache.commons.lang3.StringUtils;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
@ -18,15 +25,11 @@ import org.springframework.security.core.context.SecurityContextHolder;
|
||||
import org.springframework.web.client.RestTemplate;
|
||||
import org.springframework.web.filter.OncePerRequestFilter;
|
||||
|
||||
import javax.servlet.FilterChain;
|
||||
import javax.servlet.ServletException;
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.io.IOException;
|
||||
import java.util.List;
|
||||
import java.util.Objects;
|
||||
import java.util.Optional;
|
||||
import java.util.stream.Collectors;
|
||||
import com.chinaunicom.mall.ebtp.cloud.security.starter.common.Constants;
|
||||
import com.chinaunicom.mall.ebtp.cloud.security.starter.entity.RoleCodeAuthority;
|
||||
import com.chinaunicom.mall.ebtp.cloud.security.starter.entity.SecurityUser;
|
||||
|
||||
import lombok.extern.slf4j.Slf4j;
|
||||
|
||||
/**
|
||||
* 请求Token拦截
|
||||
@ -36,60 +39,62 @@ import java.util.stream.Collectors;
|
||||
@Slf4j
|
||||
public class TokenAuthenticationFilter extends OncePerRequestFilter {
|
||||
|
||||
private @Autowired RestTemplate restTemplate;
|
||||
private @Value("${user.auth.resource.userinfo}") String token_uri;
|
||||
private @Autowired RestTemplate restTemplate;
|
||||
private @Value("${user.auth.resource.userinfo}") String token_uri;
|
||||
|
||||
/**
|
||||
* @param request
|
||||
* @param response
|
||||
* @param filterChain
|
||||
* @throws ServletException
|
||||
* @throws IOException
|
||||
*/
|
||||
@Override
|
||||
protected void doFilterInternal(final HttpServletRequest request, final HttpServletResponse response,
|
||||
final FilterChain filterChain) throws ServletException, IOException {
|
||||
// 清空上下文中的缓存信息, 防止二次请求时数据异常 (如此, 每次有新的请求进入,都会进行token的验证)
|
||||
SecurityContextHolder.getContext().setAuthentication(null);
|
||||
/**
|
||||
* @param request
|
||||
* @param response
|
||||
* @param filterChain
|
||||
* @throws ServletException
|
||||
* @throws IOException
|
||||
*/
|
||||
@Override
|
||||
protected void doFilterInternal(final HttpServletRequest request, final HttpServletResponse response,
|
||||
final FilterChain filterChain) throws ServletException, IOException {
|
||||
// 清空上下文中的缓存信息, 防止二次请求时数据异常 (如此, 每次有新的请求进入,都会进行token的验证)
|
||||
SecurityContextHolder.getContext().setAuthentication(null);
|
||||
|
||||
// 提取request头信息
|
||||
final String header = request.getHeader(Constants.AUTHORIZATION_HEADER);
|
||||
final String currentRoleCode = request.getHeader(Constants.CURRENT_ROLE_CODE);
|
||||
// 提取request头信息
|
||||
final String header = request.getHeader(Constants.AUTHORIZATION_HEADER);
|
||||
final String currentRoleCode = request.getHeader(Constants.CURRENT_ROLE_CODE);
|
||||
|
||||
// 检查请求头是否包含 Bearer 前缀
|
||||
if (StringUtils.startsWith(header, Constants.TOKEN_PREFIX)) {
|
||||
// 移除header的前缀,提取出token字串
|
||||
String authToken = RegExUtils.replaceAll(header, Constants.TOKEN_PREFIX, "");
|
||||
// 检查请求头是否包含 Bearer 前缀
|
||||
if (StringUtils.startsWith(header, Constants.TOKEN_PREFIX)) {
|
||||
// 移除header的前缀,提取出token字串
|
||||
String authToken = RegExUtils.replaceAll(header, Constants.TOKEN_PREFIX, "");
|
||||
|
||||
try {// 通过token读取用户信息 (新增用户当前角色字段: 2021-03-05)
|
||||
SecurityContextHolder.getContext().setAuthentication(getAuthentication(authToken, currentRoleCode));
|
||||
} catch (Exception e) {
|
||||
log.error(e.getMessage());
|
||||
}
|
||||
}
|
||||
filterChain.doFilter(request, response);
|
||||
}
|
||||
try {// 通过token读取用户信息 (新增用户当前角色字段: 2021-03-05)
|
||||
SecurityContextHolder.getContext().setAuthentication(getAuthentication(authToken, currentRoleCode));
|
||||
} catch (Exception e) {
|
||||
log.error(e.getMessage());
|
||||
}
|
||||
}
|
||||
filterChain.doFilter(request, response);
|
||||
}
|
||||
|
||||
/**
|
||||
* 调用山分的认证中心接口,获取该token的绑定信息
|
||||
*
|
||||
* @param token
|
||||
* @return
|
||||
*/
|
||||
private Authentication getAuthentication(final String token, final String currentRoleCode) {
|
||||
HttpHeaders headers = new HttpHeaders();
|
||||
// 设置安全头
|
||||
headers.add(HttpHeaders.AUTHORIZATION, String.format("Bearer %s", token));
|
||||
/**
|
||||
* 调用山分的认证中心接口,获取该token的绑定信息
|
||||
*
|
||||
* @param token
|
||||
* @return
|
||||
*/
|
||||
private Authentication getAuthentication(final String token, final String currentRoleCode) {
|
||||
HttpHeaders headers = new HttpHeaders();
|
||||
// 设置安全头
|
||||
headers.add(HttpHeaders.AUTHORIZATION, String.format("Bearer %s", token));
|
||||
|
||||
ResponseEntity<SecurityUser> entity = restTemplate.exchange(token_uri, HttpMethod.GET,
|
||||
new HttpEntity<String>(headers), SecurityUser.class);
|
||||
ResponseEntity<SecurityUser> entity = restTemplate.exchange(token_uri, HttpMethod.GET,
|
||||
new HttpEntity<String>(headers), SecurityUser.class);
|
||||
|
||||
SecurityUser securityUser = entity.getBody();
|
||||
//设置当前角色的权限
|
||||
List<AuthorityEntity> authority = Optional.ofNullable(currentRoleCode)
|
||||
.map(o -> securityUser.getAuthorityList().stream().filter(f -> Objects.equals(f.getRoleCode(), currentRoleCode)).collect(Collectors.toList()))
|
||||
.orElse(securityUser.getAuthorityList());
|
||||
return new UsernamePasswordAuthenticationToken(securityUser.setCurrentRoleCode(currentRoleCode), token, authority);
|
||||
}
|
||||
SecurityUser securityUser = entity.getBody();
|
||||
|
||||
// 根据当前角色设定权限列表
|
||||
List<RoleCodeAuthority> authorities = Optional.ofNullable(currentRoleCode)
|
||||
.map(o -> Arrays.asList(new RoleCodeAuthority(o))).orElse(Collections.emptyList());
|
||||
|
||||
return new UsernamePasswordAuthenticationToken(securityUser.setCurrentRoleCode(currentRoleCode), token,
|
||||
authorities);
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user