mirrors/youlai-mall
1
0
Fork 0
mirror of https://gitee.com/youlaitech/youlai-mall.git synced 2024-12-23 05:00:25 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

feat:网关鉴权优化

Browse Source
This commit is contained in:
haoxr 2021-04-03 00:03:15 +08:00
parent ee38526171
commit aa0540da35
3 changed files with 11 additions and 20 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
youlai-common/common-core/src/main/java/com/youlai/common/constant/AuthConstants.java
View File

@ -90,7 +90,7 @@ public interface AuthConstants {
/**
* 后台管理接口路径匹配
*/
String ADMIN_URL_PATTERN = "*_/youlai-admin/**";
String ADMIN_URL_PATTERN = "/api.admin/**";
String LOGOUT_PATH = "/youlai-auth/oauth/logout";

2
youlai-gateway/src/main/java/com/youlai/gateway/filter/AuthGlobalFilter.java
View File

@ -52,7 +52,7 @@ public class AuthGlobalFilter implements GlobalFilter, Ordered {
return WebUtils.writeFailedToResponse(response, ResultCode.FORBIDDEN_OPERATION);
}
// 无token放行
// 非JWT或者JWT为空不作处理
String token = request.getHeaders().getFirst(AuthConstants.AUTHORIZATION_KEY);
if (StrUtil.isBlank(token) || !token.startsWith(AuthConstants.AUTHORIZATION_PREFIX)) {
return chain.filter(exchange);

27
youlai-gateway/src/main/java/com/youlai/gateway/security/AuthorizationManager.java
View File

@ -37,8 +37,9 @@ public class AuthorizationManager implements ReactiveAuthorizationManager<Author
public Mono<AuthorizationDecision> check(Mono<Authentication> mono, AuthorizationContext authorizationContext) {
ServerHttpRequest request = authorizationContext.getExchange().getRequest();
String path = request.getMethodValue() + "_" + request.getURI().getPath();
log.info("请求path={}", path);
// Restful接口权限设计 @link https://www.cnblogs.com/haoxianrui/p/14396990.html
String restPath = request.getMethodValue() + "_" + request.getURI().getPath();
log.info("请求路径={}", restPath);
PathMatcher pathMatcher = new AntPathMatcher();
// 对应跨域的预检请求直接放行
if (request.getMethod() == HttpMethod.OPTIONS) {
@ -46,20 +47,11 @@ public class AuthorizationManager implements ReactiveAuthorizationManager<Author
}
// 非管理端路径无需鉴权直接放行
if (!pathMatcher.match(AuthConstants.ADMIN_URL_PATTERN, path)) {
log.info("请求无需鉴权,path={}", path);
if (!pathMatcher.match(AuthConstants.ADMIN_URL_PATTERN, restPath)) {
log.info("请求无需鉴权,请求路径={}", restPath);
return Mono.just(new AuthorizationDecision(true));
}
// token为空拒绝访问
String token = request.getHeaders().getFirst(AuthConstants.AUTHORIZATION_KEY);
if (StrUtil.isBlank(token)) {
log.info("请求token为空拒绝访问path={}", path);
return Mono.just(new AuthorizationDecision(false));
}
// 从缓存取资源权限角色关系列表
Map<Object, Object> permissionRoles = redisTemplate.opsForHash().entries(AuthConstants.PERMISSION_ROLES_KEY);
Iterator<Object> iterator = permissionRoles.keySet().iterator();
@ -67,11 +59,10 @@ public class AuthorizationManager implements ReactiveAuthorizationManager<Author
Set<String> authorities = new HashSet<>();
while (iterator.hasNext()) {
String pattern = (String) iterator.next();
if (pathMatcher.match(pattern, path)) {
if (pathMatcher.match(pattern, restPath)) {
authorities.addAll(Convert.toList(String.class, permissionRoles.get(pattern)));
}
}
log.info("require authorities:{}", authorities);
Mono<AuthorizationDecision> authorizationDecisionMono = mono
.filter(Authentication::isAuthenticated)
@ -79,9 +70,9 @@ public class AuthorizationManager implements ReactiveAuthorizationManager<Author
.map(GrantedAuthority::getAuthority)
.any(roleId -> {
// roleId是请求用户的角色(格式:ROLE_{roleId})authorities是请求资源所需要角色的集合
log.info("访问路径:{}", path);
log.info("用户角色信息{}", roleId);
log.info("资源需要权限authorities{}", authorities);
log.info("访问路径:{}", restPath);
log.info("用户角色{}", roleId);
log.info("资源需要角色{}", authorities);
return authorities.contains(roleId);
})
.map(AuthorizationDecision::new)