From c9ef89220adac529a089779d12d3e7e7aa0c2a3a Mon Sep 17 00:00:00 2001 From: haoxr <1490493387@qq.com> Date: Sat, 10 Oct 2020 20:09:36 +0800 Subject: [PATCH] =?UTF-8?q?refactor:AuthorizationManager=E7=9A=84check?= =?UTF-8?q?=E6=96=B9=E6=B3=95=E7=A7=BB=E9=99=A4=E7=99=BD=E5=90=8D=E5=8D=95?= =?UTF-8?q?=E6=A0=A1=E9=AA=8C?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../youlai/mall/ums/api/entity/UmsMember.java | 2 + .../youlai/auth/config/WebSecurityConfig.java | 2 +- .../auth/controller/AuthController.java | 112 +++++++++--------- .../java/com/youlai/auth/domain/User.java | 4 +- .../component/AuthorizationManager.java | 16 +-- 5 files changed, 67 insertions(+), 69 deletions(-) diff --git a/mall-ums/mall-ums-api/src/main/java/com/youlai/mall/ums/api/entity/UmsMember.java b/mall-ums/mall-ums-api/src/main/java/com/youlai/mall/ums/api/entity/UmsMember.java index acfb4b4b2..79234307d 100644 --- a/mall-ums/mall-ums-api/src/main/java/com/youlai/mall/ums/api/entity/UmsMember.java +++ b/mall-ums/mall-ums-api/src/main/java/com/youlai/mall/ums/api/entity/UmsMember.java @@ -28,5 +28,7 @@ public class UmsMember { private String sessionKey; + private Integer status; + } diff --git a/youlai-auth/src/main/java/com/youlai/auth/config/WebSecurityConfig.java b/youlai-auth/src/main/java/com/youlai/auth/config/WebSecurityConfig.java index b894b3b9a..3a49d8eb6 100644 --- a/youlai-auth/src/main/java/com/youlai/auth/config/WebSecurityConfig.java +++ b/youlai-auth/src/main/java/com/youlai/auth/config/WebSecurityConfig.java @@ -19,7 +19,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter { http .authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll() .and() - .authorizeRequests().antMatchers("/rsa/publicKey").permitAll().anyRequest().authenticated() + .authorizeRequests().antMatchers("/rsa/publicKey","/oauth/logout").permitAll().anyRequest().authenticated() .and() .csrf().disable(); } diff --git a/youlai-auth/src/main/java/com/youlai/auth/controller/AuthController.java b/youlai-auth/src/main/java/com/youlai/auth/controller/AuthController.java index 52697aad9..f3f4c4aba 100644 --- a/youlai-auth/src/main/java/com/youlai/auth/controller/AuthController.java +++ b/youlai-auth/src/main/java/com/youlai/auth/controller/AuthController.java @@ -21,7 +21,7 @@ import io.swagger.annotations.ApiImplicitParams; import io.swagger.annotations.ApiOperation; import lombok.AllArgsConstructor; import me.chanjar.weixin.common.error.WxErrorException; -import org.springframework.beans.factory.annotation.Autowired; +import org.apache.logging.log4j.util.Strings; import org.springframework.data.redis.core.RedisTemplate; import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.oauth2.common.OAuth2AccessToken; @@ -72,64 +72,19 @@ public class AuthController { if (StrUtil.isBlank(clientId)) { throw new BizException("客户端ID不能为空"); } - switch (clientId) { - case AuthConstants.ADMIN_CLIENT_ID: // 后台管理 - OAuth2AccessToken oAuth2AccessToken = tokenEndpoint.postAccessToken(principal, parameters).getBody(); - Oauth2Token oauth2Token = Oauth2Token.builder() - .token(oAuth2AccessToken.getValue()) - .refreshToken(oAuth2AccessToken.getRefreshToken().getValue()) - .expiresIn(oAuth2AccessToken.getExpiresIn()) - .build(); - return Result.success(oauth2Token); - case AuthConstants.WEAPP_CLIENT_ID: // 微信小程序 - try { - String code = parameters.get("code"); - if (StrUtil.isBlank(code)) { - throw new BizException("code不能为空"); - } - WxMaJscode2SessionResult session = wxService.getUserService().getSessionInfo(code); - String openid = session.getOpenid(); - String sessionKey = session.getSessionKey(); - MemberDTO memberDTO = remoteUmsMemberService.loadMemberByOpenid(openid); - UmsMember member = new UmsMember(); - if (memberDTO == null || memberDTO.getId() == null) { - // 注册会员 - String encryptedData = parameters.get("encryptedData"); - String iv = parameters.get("iv"); - - WxMaUserInfo userInfo = wxService.getUserService().getUserInfo(sessionKey, encryptedData, iv); - member.setNickname(userInfo.getNickName()); - member.setAvatar(userInfo.getAvatarUrl()); - member.setGender(Integer.valueOf(userInfo.getGender())); - member.setOpenid(openid); - member.setUsername(openid); - member.setPassword(passwordEncoder.encode(openid)); - Result result = remoteUmsMemberService.add(member); - if (!ResultCode.SUCCESS.getCode().equals(result.getCode())) { - throw new BizException("注册会员失败"); - } - } else { - BeanUtil.copyProperties(memberDTO, member); - } - - // 微信授权登录数据模拟生成token - parameters.put("username", member.getUsername()); - parameters.put("password", member.getUsername()); - oAuth2AccessToken = tokenEndpoint.postAccessToken(principal, parameters).getBody(); - oauth2Token = Oauth2Token.builder() - .token(oAuth2AccessToken.getValue()) - .refreshToken(oAuth2AccessToken.getRefreshToken().getValue()) - .expiresIn(oAuth2AccessToken.getExpiresIn()) - .build(); - return Result.success(oauth2Token); - } catch (WxErrorException e) { - e.printStackTrace(); - throw new BizException("auth failed"); - } + // 微信小程序逻辑处理 + if (AuthConstants.WEAPP_CLIENT_ID.equals(clientId)) { + this.handleParametersForWeapp(parameters); } - return null; + OAuth2AccessToken oAuth2AccessToken = tokenEndpoint.postAccessToken(principal, parameters).getBody(); + Oauth2Token oauth2Token = Oauth2Token.builder() + .token(oAuth2AccessToken.getValue()) + .refreshToken(oAuth2AccessToken.getRefreshToken().getValue()) + .expiresIn(oAuth2AccessToken.getExpiresIn()) + .build(); + return Result.success(oauth2Token); } @DeleteMapping("/logout") @@ -150,4 +105,49 @@ public class AuthController { } + private void handleParametersForWeapp(Map parameters) { + + try { + String code = parameters.get("code"); + if (StrUtil.isBlank(code)) { + throw new BizException("code不能为空"); + } + WxMaJscode2SessionResult session = wxService.getUserService().getSessionInfo(code); + String openid = session.getOpenid(); + String sessionKey = session.getSessionKey(); + + MemberDTO memberDTO = remoteUmsMemberService.loadMemberByOpenid(openid); + UmsMember member = new UmsMember(); + if (memberDTO == null || memberDTO.getId() == null) { + // 注册会员 + String encryptedData = parameters.get("encryptedData"); + String iv = parameters.get("iv"); + + WxMaUserInfo userInfo = wxService.getUserService().getUserInfo(sessionKey, encryptedData, iv); + member.setNickname(userInfo.getNickName()); + member.setAvatar(userInfo.getAvatarUrl()); + member.setGender(Integer.valueOf(userInfo.getGender())); + member.setOpenid(openid); + member.setUsername(openid); + member.setPassword(passwordEncoder.encode(openid).replace(AuthConstants.BCRYPT, Strings.EMPTY)); // 加密密码移除前缀加密方式 {bcrypt} + + Result result = remoteUmsMemberService.add(member); + if (!ResultCode.SUCCESS.getCode().equals(result.getCode())) { + throw new BizException("注册会员失败"); + } + } else { + BeanUtil.copyProperties(memberDTO, member); + } + + // 微信授权登录数据模拟生成token + parameters.put("username", member.getUsername()); + parameters.put("password", member.getUsername()); + + } catch (WxErrorException e) { + e.printStackTrace(); + throw new BizException("auth failed"); + } + + } + } diff --git a/youlai-auth/src/main/java/com/youlai/auth/domain/User.java b/youlai-auth/src/main/java/com/youlai/auth/domain/User.java index 3408f403f..e0d5874fa 100644 --- a/youlai-auth/src/main/java/com/youlai/auth/domain/User.java +++ b/youlai-auth/src/main/java/com/youlai/auth/domain/User.java @@ -36,7 +36,7 @@ public class User implements UserDetails { this.setId(user.getId()); this.setUsername(user.getUsername()); this.setPassword(AuthConstants.BCRYPT + user.getPassword()); - this.setEnabled(user.getStatus().equals(1)); + this.setEnabled(Integer.valueOf(1).equals(user.getStatus())); this.setClientId(user.getClientId()); if (user.getRoles() != null) { authorities = new ArrayList<>(); @@ -48,7 +48,7 @@ public class User implements UserDetails { this.setId(member.getId()); this.setUsername(member.getUsername()); this.setPassword(AuthConstants.BCRYPT + member.getPassword()); - this.setEnabled(member.getStatus().equals(1)); + this.setEnabled( Integer.valueOf(1).equals(member.getStatus())); this.setClientId(member.getClientId()); } diff --git a/youlai-gateway/src/main/java/com/youlai/gateway/component/AuthorizationManager.java b/youlai-gateway/src/main/java/com/youlai/gateway/component/AuthorizationManager.java index b206be2bb..12e1db219 100644 --- a/youlai-gateway/src/main/java/com/youlai/gateway/component/AuthorizationManager.java +++ b/youlai-gateway/src/main/java/com/youlai/gateway/component/AuthorizationManager.java @@ -6,7 +6,6 @@ import com.youlai.common.core.constant.AuthConstants; import com.youlai.gateway.config.WhiteListConfig; import lombok.AllArgsConstructor; import lombok.extern.slf4j.Slf4j; -import org.apache.logging.log4j.util.Strings; import org.springframework.data.redis.core.RedisTemplate; import org.springframework.http.HttpMethod; import org.springframework.http.server.reactive.ServerHttpRequest; @@ -39,14 +38,6 @@ public class AuthorizationManager implements ReactiveAuthorizationManager whiteList = whiteListConfig.getUrls(); - for (String ignoreUrl : whiteList) { - if (pathMatcher.match(ignoreUrl, path)) { - return Mono.just(new AuthorizationDecision(true)); - } - } - // 对应跨域的预检请求直接放行 if (request.getMethod() == HttpMethod.OPTIONS) { return Mono.just(new AuthorizationDecision(true)); @@ -58,7 +49,12 @@ public class AuthorizationManager implements ReactiveAuthorizationManager resourceRolesMap = redisTemplate.opsForHash().entries(AuthConstants.RESOURCE_ROLES_KEY); Iterator iterator = resourceRolesMap.keySet().iterator();