refactor:AuthorizationManager的check方法移除白名单校验

mall-ums/mall-ums-api/src/main/java/com/youlai/mall/ums/api/entity/UmsMember.java

@@ -28,5 +28,7 @@ public class UmsMember {
 
     private String sessionKey;
 
+    private Integer status;
+
 
 }

youlai-auth/src/main/java/com/youlai/auth/config/WebSecurityConfig.java

@@ -19,7 +19,7 @@ public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
          http
             .authorizeRequests().requestMatchers(EndpointRequest.toAnyEndpoint()).permitAll()
         .and()
-            .authorizeRequests().antMatchers("/rsa/publicKey").permitAll().anyRequest().authenticated()
+            .authorizeRequests().antMatchers("/rsa/publicKey","/oauth/logout").permitAll().anyRequest().authenticated()
         .and()
             .csrf().disable();
     }

youlai-auth/src/main/java/com/youlai/auth/controller/AuthController.java

@@ -21,7 +21,7 @@ import io.swagger.annotations.ApiImplicitParams;
 import io.swagger.annotations.ApiOperation;
 import lombok.AllArgsConstructor;
 import me.chanjar.weixin.common.error.WxErrorException;
-import org.springframework.beans.factory.annotation.Autowired;
+import org.apache.logging.log4j.util.Strings;
 import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.oauth2.common.OAuth2AccessToken;
@@ -72,64 +72,19 @@ public class AuthController {
         if (StrUtil.isBlank(clientId)) {
             throw new BizException("客户端ID不能为空");
         }
-        switch (clientId) {
-            case AuthConstants.ADMIN_CLIENT_ID: // 后台管理
-                OAuth2AccessToken oAuth2AccessToken = tokenEndpoint.postAccessToken(principal, parameters).getBody();
-                Oauth2Token oauth2Token = Oauth2Token.builder()
-                        .token(oAuth2AccessToken.getValue())
-                        .refreshToken(oAuth2AccessToken.getRefreshToken().getValue())
-                        .expiresIn(oAuth2AccessToken.getExpiresIn())
-                        .build();
-                return Result.success(oauth2Token);
-            case AuthConstants.WEAPP_CLIENT_ID: // 微信小程序
-                try {
-                    String code = parameters.get("code");
-                    if (StrUtil.isBlank(code)) {
-                        throw new BizException("code不能为空");
-                    }
-                    WxMaJscode2SessionResult session = wxService.getUserService().getSessionInfo(code);
-                    String openid = session.getOpenid();
-                    String sessionKey = session.getSessionKey();
 
-                    MemberDTO memberDTO = remoteUmsMemberService.loadMemberByOpenid(openid);
-                    UmsMember member = new UmsMember();
-                    if (memberDTO == null || memberDTO.getId() == null) {
-                        // 注册会员
-                        String encryptedData = parameters.get("encryptedData");
-                        String iv = parameters.get("iv");
-
-                        WxMaUserInfo userInfo = wxService.getUserService().getUserInfo(sessionKey, encryptedData, iv);
-                        member.setNickname(userInfo.getNickName());
-                        member.setAvatar(userInfo.getAvatarUrl());
-                        member.setGender(Integer.valueOf(userInfo.getGender()));
-                        member.setOpenid(openid);
-                        member.setUsername(openid);
-                        member.setPassword(passwordEncoder.encode(openid));
-                        Result result = remoteUmsMemberService.add(member);
-                        if (!ResultCode.SUCCESS.getCode().equals(result.getCode())) {
-                            throw new BizException("注册会员失败");
-                        }
-                    } else {
-                        BeanUtil.copyProperties(memberDTO, member);
-                    }
-
-                    // 微信授权登录数据模拟生成token
-                    parameters.put("username", member.getUsername());
-                    parameters.put("password", member.getUsername());
-                    oAuth2AccessToken = tokenEndpoint.postAccessToken(principal, parameters).getBody();
-                    oauth2Token = Oauth2Token.builder()
-                            .token(oAuth2AccessToken.getValue())
-                            .refreshToken(oAuth2AccessToken.getRefreshToken().getValue())
-                            .expiresIn(oAuth2AccessToken.getExpiresIn())
-                            .build();
-                    return Result.success(oauth2Token);
-                } catch (WxErrorException e) {
-                    e.printStackTrace();
-                    throw new BizException("auth failed");
-                }
+        // 微信小程序逻辑处理
+        if (AuthConstants.WEAPP_CLIENT_ID.equals(clientId)) {
+            this.handleParametersForWeapp(parameters);
         }
 
-        return null;
+        OAuth2AccessToken oAuth2AccessToken = tokenEndpoint.postAccessToken(principal, parameters).getBody();
+        Oauth2Token oauth2Token = Oauth2Token.builder()
+                .token(oAuth2AccessToken.getValue())
+                .refreshToken(oAuth2AccessToken.getRefreshToken().getValue())
+                .expiresIn(oAuth2AccessToken.getExpiresIn())
+                .build();
+        return Result.success(oauth2Token);
     }
 
     @DeleteMapping("/logout")
@@ -150,4 +105,49 @@ public class AuthController {
     }
 
 
+    private void handleParametersForWeapp(Map<String, String> parameters) {
+
+        try {
+            String code = parameters.get("code");
+            if (StrUtil.isBlank(code)) {
+                throw new BizException("code不能为空");
+            }
+            WxMaJscode2SessionResult session = wxService.getUserService().getSessionInfo(code);
+            String openid = session.getOpenid();
+            String sessionKey = session.getSessionKey();
+
+            MemberDTO memberDTO = remoteUmsMemberService.loadMemberByOpenid(openid);
+            UmsMember member = new UmsMember();
+            if (memberDTO == null || memberDTO.getId() == null) {
+                // 注册会员
+                String encryptedData = parameters.get("encryptedData");
+                String iv = parameters.get("iv");
+
+                WxMaUserInfo userInfo = wxService.getUserService().getUserInfo(sessionKey, encryptedData, iv);
+                member.setNickname(userInfo.getNickName());
+                member.setAvatar(userInfo.getAvatarUrl());
+                member.setGender(Integer.valueOf(userInfo.getGender()));
+                member.setOpenid(openid);
+                member.setUsername(openid);
+                member.setPassword(passwordEncoder.encode(openid).replace(AuthConstants.BCRYPT, Strings.EMPTY)); // 加密密码移除前缀加密方式 {bcrypt}
+
+                Result result = remoteUmsMemberService.add(member);
+                if (!ResultCode.SUCCESS.getCode().equals(result.getCode())) {
+                    throw new BizException("注册会员失败");
+                }
+            } else {
+                BeanUtil.copyProperties(memberDTO, member);
+            }
+
+            // 微信授权登录数据模拟生成token
+            parameters.put("username", member.getUsername());
+            parameters.put("password", member.getUsername());
+
+        } catch (WxErrorException e) {
+            e.printStackTrace();
+            throw new BizException("auth failed");
+        }
+
+    }
+
 }

youlai-auth/src/main/java/com/youlai/auth/domain/User.java

@@ -36,7 +36,7 @@ public class User implements UserDetails {
         this.setId(user.getId());
         this.setUsername(user.getUsername());
         this.setPassword(AuthConstants.BCRYPT + user.getPassword());
-        this.setEnabled(user.getStatus().equals(1));
+        this.setEnabled(Integer.valueOf(1).equals(user.getStatus()));
         this.setClientId(user.getClientId());
         if (user.getRoles() != null) {
             authorities = new ArrayList<>();
@@ -48,7 +48,7 @@ public class User implements UserDetails {
         this.setId(member.getId());
         this.setUsername(member.getUsername());
         this.setPassword(AuthConstants.BCRYPT + member.getPassword());
-        this.setEnabled(member.getStatus().equals(1));
+        this.setEnabled( Integer.valueOf(1).equals(member.getStatus()));
         this.setClientId(member.getClientId());
     }
 

youlai-gateway/src/main/java/com/youlai/gateway/component/AuthorizationManager.java

@@ -6,7 +6,6 @@ import com.youlai.common.core.constant.AuthConstants;
 import com.youlai.gateway.config.WhiteListConfig;
 import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
-import org.apache.logging.log4j.util.Strings;
 import org.springframework.data.redis.core.RedisTemplate;
 import org.springframework.http.HttpMethod;
 import org.springframework.http.server.reactive.ServerHttpRequest;
@@ -39,14 +38,6 @@ public class AuthorizationManager implements ReactiveAuthorizationManager<Author
         String path = request.getURI().getPath();
         PathMatcher pathMatcher = new AntPathMatcher();
 
-        // 白名单路径直接放行
-        List<String> whiteList = whiteListConfig.getUrls();
-        for (String ignoreUrl : whiteList) {
-            if (pathMatcher.match(ignoreUrl, path)) {
-                return Mono.just(new AuthorizationDecision(true));
-            }
-        }
-
         // 对应跨域的预检请求直接放行
         if (request.getMethod() == HttpMethod.OPTIONS) {
             return Mono.just(new AuthorizationDecision(true));
@@ -58,7 +49,12 @@ public class AuthorizationManager implements ReactiveAuthorizationManager<Author
             return Mono.just(new AuthorizationDecision(false));
         }
 
-        // 缓存取资源权限角色关系列表
+        // 非管理端路径无需鉴权直接放行
+        if (!pathMatcher.match(AuthConstants.ADMIN_URL_PATTERN, path)) {
+            return Mono.just(new AuthorizationDecision(true));
+        }
+
+        // 从缓存取资源权限角色关系列表
         Map<Object, Object> resourceRolesMap = redisTemplate.opsForHash().entries(AuthConstants.RESOURCE_ROLES_KEY);
         Iterator<Object> iterator = resourceRolesMap.keySet().iterator();