mirrors/youlai-mall
1
0
Fork 0
mirror of https://gitee.com/youlaitech/youlai-mall.git synced 2025-01-04 01:52:21 +08:00
Code Issues Actions Packages Projects Releases Wiki Activity

refactor:AuthorizationManager的check方法移除白名单校验

Browse Source
This commit is contained in:
haoxr 2020-10-10 20:09:36 +08:00
parent 3630fadf64
commit c9ef89220a
5 changed files with 67 additions and 69 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
mall-ums/mall-ums-api/src/main/java/com/youlai/mall/ums/api/entity/UmsMember.java
View File

@ -28,5 +28,7 @@ public class UmsMember {
private String sessionKey; private String sessionKey;
private Integer status;
} }

2
youlai-auth/src/main/java/com/youlai/auth/config/WebSecurityConfig.java
View File

@ -19,7 +19,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
http http
.authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll() .authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
.and() .and()
.authorizeRequests().antMatchers("/rsa/publicKey").permitAll().anyRequest().authenticated() .authorizeRequests().antMatchers("/rsa/publicKey","/oauth/logout").permitAll().anyRequest().authenticated()
.and() .and()
.csrf().disable(); .csrf().disable();
} }

112
youlai-auth/src/main/java/com/youlai/auth/controller/AuthController.java
View File

@ -21,7 +21,7 @@ import io.swagger.annotations.ApiImplicitParams;
import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiOperation;
import lombok.AllArgsConstructor; import lombok.AllArgsConstructor;
import me.chanjar.weixin.common.error.WxErrorException; import me.chanjar.weixin.common.error.WxErrorException;
import org.springframework.beans.factory.annotation.Autowired; import org.apache.logging.log4j.util.Strings;
import org.springframework.data.redis.core.RedisTemplate; import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder;
import org.springframework.security.oauth2.common.OAuth2AccessToken; import org.springframework.security.oauth2.common.OAuth2AccessToken;
@ -72,64 +72,19 @@ public class AuthController {
if (StrUtil.isBlank(clientId)) { if (StrUtil.isBlank(clientId)) {
throw new BizException("客户端ID不能为空"); throw new BizException("客户端ID不能为空");
} }
switch (clientId) {
case AuthConstants.ADMIN_CLIENT_ID: // 后台管理
OAuth2AccessToken oAuth2AccessToken = tokenEndpoint.postAccessToken(principal, parameters).getBody();
Oauth2Token oauth2Token = Oauth2Token.builder()
.token(oAuth2AccessToken.getValue())
.refreshToken(oAuth2AccessToken.getRefreshToken().getValue())
.expiresIn(oAuth2AccessToken.getExpiresIn())
.build();
return Result.success(oauth2Token);
case AuthConstants.WEAPP_CLIENT_ID: // 微信小程序
try {
String code = parameters.get("code");
if (StrUtil.isBlank(code)) {
throw new BizException("code不能为空");
}
WxMaJscode2SessionResult session = wxService.getUserService().getSessionInfo(code);
String openid = session.getOpenid();
String sessionKey = session.getSessionKey();
MemberDTO memberDTO = remoteUmsMemberService.loadMemberByOpenid(openid); // 微信小程序逻辑处理
UmsMember member = new UmsMember(); if (AuthConstants.WEAPP_CLIENT_ID.equals(clientId)) {
if (memberDTO == null || memberDTO.getId() == null) { this.handleParametersForWeapp(parameters);
// 注册会员
String encryptedData = parameters.get("encryptedData");
String iv = parameters.get("iv");
WxMaUserInfo userInfo = wxService.getUserService().getUserInfo(sessionKey, encryptedData, iv);
member.setNickname(userInfo.getNickName());
member.setAvatar(userInfo.getAvatarUrl());
member.setGender(Integer.valueOf(userInfo.getGender()));
member.setOpenid(openid);
member.setUsername(openid);
member.setPassword(passwordEncoder.encode(openid));
Result result = remoteUmsMemberService.add(member);
if (!ResultCode.SUCCESS.getCode().equals(result.getCode())) {
throw new BizException("注册会员失败");
}
} else {
BeanUtil.copyProperties(memberDTO, member);
}
// 微信授权登录数据模拟生成token
parameters.put("username", member.getUsername());
parameters.put("password", member.getUsername());
oAuth2AccessToken = tokenEndpoint.postAccessToken(principal, parameters).getBody();
oauth2Token = Oauth2Token.builder()
.token(oAuth2AccessToken.getValue())
.refreshToken(oAuth2AccessToken.getRefreshToken().getValue())
.expiresIn(oAuth2AccessToken.getExpiresIn())
.build();
return Result.success(oauth2Token);
} catch (WxErrorException e) {
e.printStackTrace();
throw new BizException("auth failed");
}
} }
return null; OAuth2AccessToken oAuth2AccessToken = tokenEndpoint.postAccessToken(principal, parameters).getBody();
Oauth2Token oauth2Token = Oauth2Token.builder()
.token(oAuth2AccessToken.getValue())
.refreshToken(oAuth2AccessToken.getRefreshToken().getValue())
.expiresIn(oAuth2AccessToken.getExpiresIn())
.build();
return Result.success(oauth2Token);
} }
@DeleteMapping("/logout") @DeleteMapping("/logout")
@ -150,4 +105,49 @@ public class AuthController {
} }
private void handleParametersForWeapp(Map<String, String> parameters) {
try {
String code = parameters.get("code");
if (StrUtil.isBlank(code)) {
throw new BizException("code不能为空");
}
WxMaJscode2SessionResult session = wxService.getUserService().getSessionInfo(code);
String openid = session.getOpenid();
String sessionKey = session.getSessionKey();
MemberDTO memberDTO = remoteUmsMemberService.loadMemberByOpenid(openid);
UmsMember member = new UmsMember();
if (memberDTO == null || memberDTO.getId() == null) {
// 注册会员
String encryptedData = parameters.get("encryptedData");
String iv = parameters.get("iv");
WxMaUserInfo userInfo = wxService.getUserService().getUserInfo(sessionKey, encryptedData, iv);
member.setNickname(userInfo.getNickName());
member.setAvatar(userInfo.getAvatarUrl());
member.setGender(Integer.valueOf(userInfo.getGender()));
member.setOpenid(openid);
member.setUsername(openid);
member.setPassword(passwordEncoder.encode(openid).replace(AuthConstants.BCRYPT, Strings.EMPTY)); // 加密密码移除前缀加密方式 {bcrypt}
Result result = remoteUmsMemberService.add(member);
if (!ResultCode.SUCCESS.getCode().equals(result.getCode())) {
throw new BizException("注册会员失败");
}
} else {
BeanUtil.copyProperties(memberDTO, member);
}
// 微信授权登录数据模拟生成token
parameters.put("username", member.getUsername());
parameters.put("password", member.getUsername());
} catch (WxErrorException e) {
e.printStackTrace();
throw new BizException("auth failed");
}
}
} }

4
youlai-auth/src/main/java/com/youlai/auth/domain/User.java
View File

@ -36,7 +36,7 @@ public class User implements UserDetails {
this.setId(user.getId()); this.setId(user.getId());
this.setUsername(user.getUsername()); this.setUsername(user.getUsername());
this.setPassword(AuthConstants.BCRYPT + user.getPassword()); this.setPassword(AuthConstants.BCRYPT + user.getPassword());
this.setEnabled(user.getStatus().equals(1)); this.setEnabled(Integer.valueOf(1).equals(user.getStatus()));
this.setClientId(user.getClientId()); this.setClientId(user.getClientId());
if (user.getRoles() != null) { if (user.getRoles() != null) {
authorities = new ArrayList<>(); authorities = new ArrayList<>();
@ -48,7 +48,7 @@ public class User implements UserDetails {
this.setId(member.getId()); this.setId(member.getId());
this.setUsername(member.getUsername()); this.setUsername(member.getUsername());
this.setPassword(AuthConstants.BCRYPT + member.getPassword()); this.setPassword(AuthConstants.BCRYPT + member.getPassword());
this.setEnabled(member.getStatus().equals(1)); this.setEnabled( Integer.valueOf(1).equals(member.getStatus()));
this.setClientId(member.getClientId()); this.setClientId(member.getClientId());
} }

16
youlai-gateway/src/main/java/com/youlai/gateway/component/AuthorizationManager.java
View File

@ -6,7 +6,6 @@ import com.youlai.common.core.constant.AuthConstants;
import com.youlai.gateway.config.WhiteListConfig; import com.youlai.gateway.config.WhiteListConfig;
import lombok.AllArgsConstructor; import lombok.AllArgsConstructor;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.apache.logging.log4j.util.Strings;
import org.springframework.data.redis.core.RedisTemplate; import org.springframework.data.redis.core.RedisTemplate;
import org.springframework.http.HttpMethod; import org.springframework.http.HttpMethod;
import org.springframework.http.server.reactive.ServerHttpRequest; import org.springframework.http.server.reactive.ServerHttpRequest;
@ -39,14 +38,6 @@ public class AuthorizationManager implements ReactiveAuthorizationManager<Author
String path = request.getURI().getPath(); String path = request.getURI().getPath();
PathMatcher pathMatcher = new AntPathMatcher(); PathMatcher pathMatcher = new AntPathMatcher();
// 白名单路径直接放行
List<String> whiteList = whiteListConfig.getUrls();
for (String ignoreUrl : whiteList) {
if (pathMatcher.match(ignoreUrl, path)) {
return Mono.just(new AuthorizationDecision(true));
}
}
// 对应跨域的预检请求直接放行 // 对应跨域的预检请求直接放行
if (request.getMethod() == HttpMethod.OPTIONS) { if (request.getMethod() == HttpMethod.OPTIONS) {
return Mono.just(new AuthorizationDecision(true)); return Mono.just(new AuthorizationDecision(true));
@ -58,7 +49,12 @@ public class AuthorizationManager implements ReactiveAuthorizationManager<Author
return Mono.just(new AuthorizationDecision(false)); return Mono.just(new AuthorizationDecision(false));
} }
// 缓存取资源权限角色关系列表 // 非管理端路径无需鉴权直接放行
if (!pathMatcher.match(AuthConstants.ADMIN_URL_PATTERN, path)) {
return Mono.just(new AuthorizationDecision(true));
}
// 从缓存取资源权限角色关系列表
Map<Object, Object> resourceRolesMap = redisTemplate.opsForHash().entries(AuthConstants.RESOURCE_ROLES_KEY); Map<Object, Object> resourceRolesMap = redisTemplate.opsForHash().entries(AuthConstants.RESOURCE_ROLES_KEY);
Iterator<Object> iterator = resourceRolesMap.keySet().iterator(); Iterator<Object> iterator = resourceRolesMap.keySet().iterator();