创建 mall-spring-boot-starter-security-admin 模块,用于管理员的认证拦截器

This commit is contained in:
YunaiV 2020-07-05 00:10:55 +08:00
parent 93c646890d
commit 6a4b6fe67f
24 changed files with 173 additions and 502 deletions

View File

@ -9,13 +9,13 @@
</parent> </parent>
<modelVersion>4.0.0</modelVersion> <modelVersion>4.0.0</modelVersion>
<artifactId>mall-spring-boot-starter-security</artifactId> <artifactId>mall-spring-boot-starter-security-admin</artifactId>
<dependencies> <dependencies>
<!-- Mall 相关 --> <!-- Mall 相关 -->
<dependency> <dependency>
<groupId>cn.iocoder.mall</groupId> <groupId>cn.iocoder.mall</groupId>
<artifactId>system-rpc-api</artifactId> <artifactId>system-service-api</artifactId>
<version>1.0-SNAPSHOT</version> <version>1.0-SNAPSHOT</version>
</dependency> </dependency>
@ -33,6 +33,11 @@
<version>1.0-SNAPSHOT</version> <version>1.0-SNAPSHOT</version>
</dependency> </dependency>
<dependency>
<groupId>cn.iocoder.mall</groupId>
<artifactId>mall-security-annotations</artifactId>
</dependency>
<!-- RPC 相关 --> <!-- RPC 相关 -->
<dependency> <dependency>
<groupId>org.apache.dubbo</groupId> <groupId>org.apache.dubbo</groupId>

View File

@ -0,0 +1,44 @@
package cn.iocoder.mall.security.admin.config;
import cn.iocoder.mall.security.admin.core.interceptor.AdminDemoInterceptor;
import cn.iocoder.mall.security.admin.core.interceptor.AdminSecurityInterceptor;
import cn.iocoder.mall.web.config.CommonWebAutoConfiguration;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
@AutoConfigureAfter(CommonWebAutoConfiguration.class) // CommonWebAutoConfiguration 之后自动配置保证过滤器的顺序
@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
public class AdminSecurityAutoConfiguration implements WebMvcConfigurer {
private Logger logger = LoggerFactory.getLogger(getClass());
// ========== 拦截器相关 ==========
@Bean
public AdminSecurityInterceptor adminSecurityInterceptor() {
return new AdminSecurityInterceptor();
}
@Bean
public AdminDemoInterceptor adminDemoInterceptor() {
return new AdminDemoInterceptor();
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
// AdminSecurityInterceptor 拦截器
registry.addInterceptor(this.adminSecurityInterceptor());
logger.info("[addInterceptors][加载 AdminSecurityInterceptor 拦截器完成]");
// AdminDemoInterceptor 拦截器
registry.addInterceptor(this.adminDemoInterceptor());
logger.info("[addInterceptors][加载 AdminDemoInterceptor 拦截器完成]");
}
}

View File

@ -1,4 +1,4 @@
package cn.iocoder.mall.security.core.context; package cn.iocoder.mall.security.admin.core.context;
import lombok.Data; import lombok.Data;
import lombok.experimental.Accessors; import lombok.experimental.Accessors;
@ -14,9 +14,5 @@ public class AdminSecurityContext {
* 管理员编号 * 管理员编号
*/ */
private Integer adminId; private Integer adminId;
/**
* 账号编号
*/
private Integer accountId;
} }

View File

@ -1,4 +1,4 @@
package cn.iocoder.mall.security.core.context; package cn.iocoder.mall.security.admin.core.context;
/** /**
* {@link AdminSecurityContext} Holder * {@link AdminSecurityContext} Holder
@ -31,8 +31,4 @@ public class AdminSecurityContextHolder {
return getContext().getAdminId(); return getContext().getAdminId();
} }
public static Integer getAccountId() {
return getContext().getAccountId();
}
} }

View File

@ -1,8 +1,8 @@
package cn.iocoder.mall.security.core.interceptor; package cn.iocoder.mall.security.admin.core.interceptor;
import cn.iocoder.common.framework.util.ServiceExceptionUtil; import cn.iocoder.common.framework.util.ServiceExceptionUtil;
import cn.iocoder.mall.security.core.context.AdminSecurityContextHolder; import cn.iocoder.mall.security.admin.core.context.AdminSecurityContextHolder;
import cn.iocoder.mall.system.biz.enums.SystemErrorCodeEnum; import cn.iocoder.mall.systemservice.enums.SystemErrorCodeEnum;
import org.springframework.http.HttpMethod; import org.springframework.http.HttpMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
@ -20,9 +20,9 @@ public class AdminDemoInterceptor extends HandlerInterceptorAdapter {
@Override @Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) { public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
// Admin 编号等于 0 约定为演示账号 // Admin 编号等于 0 约定为演示账号
if (Objects.equals(AdminSecurityContextHolder.getContext().getAdminId(), 0) if (Objects.equals(AdminSecurityContextHolder.getAdminId(), 0)
&& request.getMethod().equalsIgnoreCase(HttpMethod.POST.toString())) { && request.getMethod().equalsIgnoreCase(HttpMethod.POST.toString())) {
throw ServiceExceptionUtil.exception(SystemErrorCodeEnum.AUTHORIZATION_DEMO_PERMISSION_DENY.getCode()); throw ServiceExceptionUtil.exception(SystemErrorCodeEnum.AUTHORIZATION_DEMO_PERMISSION_DENY);
} }
return true; return true;
} }

View File

@ -0,0 +1,94 @@
package cn.iocoder.mall.security.admin.core.interceptor;
import cn.iocoder.common.framework.enums.UserTypeEnum;
import cn.iocoder.common.framework.util.CollectionUtil;
import cn.iocoder.common.framework.util.HttpUtil;
import cn.iocoder.common.framework.util.ServiceExceptionUtil;
import cn.iocoder.common.framework.vo.CommonResult;
import cn.iocoder.mall.security.admin.core.context.AdminSecurityContext;
import cn.iocoder.mall.security.admin.core.context.AdminSecurityContextHolder;
import cn.iocoder.mall.systemservice.enums.SystemErrorCodeEnum;
import cn.iocoder.mall.systemservice.rpc.oauth.OAuth2Rpc;
import cn.iocoder.mall.systemservice.rpc.oauth.vo.OAuth2AccessTokenVO;
import cn.iocoder.mall.web.core.util.CommonWebUtil;
import cn.iocoder.security.annotations.RequiresNone;
import cn.iocoder.security.annotations.RequiresPermissions;
import org.apache.dubbo.config.annotation.Reference;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import static cn.iocoder.mall.systemservice.enums.SystemErrorCodeEnum.OAUTH_USER_TYPE_ERROR;
public class AdminSecurityInterceptor extends HandlerInterceptorAdapter {
@Reference(validation = "true", version = "${dubbo.consumer.OAuth2Rpc.version}")
private OAuth2Rpc oauth2Rpc;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
// 获得访问令牌
Integer adminId = this.obtainAdminId(request);
// 校验认证
this.checkAuthentication((HandlerMethod) handler, adminId);
// 校验权限
this.checkPermission((HandlerMethod) handler, adminId);
return true;
}
private Integer obtainAdminId(HttpServletRequest request) {
String accessToken = HttpUtil.obtainAuthorization(request);
Integer adminId = null;
if (accessToken != null) {
CommonResult<OAuth2AccessTokenVO> checkAccessTokenResult = oauth2Rpc.checkAccessToken(accessToken);
checkAccessTokenResult.checkError();
// 校验用户类型正确
if (!UserTypeEnum.ADMIN.getValue().equals(checkAccessTokenResult.getData().getUserType())) {
throw ServiceExceptionUtil.exception(OAUTH_USER_TYPE_ERROR);
}
// 获得用户编号
adminId = checkAccessTokenResult.getData().getUserId();
// 设置到 Request
CommonWebUtil.setUserId(request, adminId);
CommonWebUtil.setUserType(request, UserTypeEnum.ADMIN.getValue());
// 设置到
AdminSecurityContext adminSecurityContext = new AdminSecurityContext().setAdminId(adminId);
AdminSecurityContextHolder.setContext(adminSecurityContext);
}
return adminId;
}
private void checkAuthentication(HandlerMethod handlerMethod, Integer adminId) {
boolean requiresAuthenticate = !handlerMethod.hasMethodAnnotation(RequiresNone.class); // 对于 ADMIN 来说默认需登录
if (requiresAuthenticate && adminId == null) {
throw ServiceExceptionUtil.exception(SystemErrorCodeEnum.OAUTH2_NOT_AUTHENTICATION);
}
}
private void checkPermission(HandlerMethod handlerMethod, Integer accountId) {
RequiresPermissions requiresPermissions = handlerMethod.getMethodAnnotation(RequiresPermissions.class);
if (requiresPermissions == null) {
return;
}
String[] permissions = requiresPermissions.value();
if (CollectionUtil.isEmpty(permissions)) {
return;
}
// 权限验证 TODO 待完成
// AuthorizationCheckPermissionsRequest authorizationCheckPermissionsRequest = new AuthorizationCheckPermissionsRequest()
// .setAccountId(accountId).setPermissions(Arrays.asList(permissions));
// CommonResult<Boolean> authorizationCheckPermissionsResult = authorizationRPC.checkPermissions(authorizationCheckPermissionsRequest);
// if (authorizationCheckPermissionsResult.isError()) { // TODO 有一个问题点假设 token 认证失败但是该 url 是无需认证的是不是一样能够执行过去
// throw ServiceExceptionUtil.exception(authorizationCheckPermissionsResult);
// }
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) {
// 清空 SecurityContext
AdminSecurityContextHolder.clear();
}
}

View File

@ -0,0 +1,2 @@
org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
cn.iocoder.mall.security.admin.config.AdminSecurityAutoConfiguration

View File

@ -29,6 +29,13 @@ public class UserSecurityInterceptor extends HandlerInterceptorAdapter {
@Override @Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) { public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
// 获得访问令牌 // 获得访问令牌
Integer userId = this.obtainUserId(request);
// 校验认证
this.checkAuthentication((HandlerMethod) handler, userId);
return true;
}
private Integer obtainUserId(HttpServletRequest request) {
String accessToken = HttpUtil.obtainAuthorization(request); String accessToken = HttpUtil.obtainAuthorization(request);
Integer userId = null; Integer userId = null;
if (accessToken != null) { if (accessToken != null) {
@ -47,9 +54,7 @@ public class UserSecurityInterceptor extends HandlerInterceptorAdapter {
UserSecurityContext userSecurityContext = new UserSecurityContext().setUserId(userId); UserSecurityContext userSecurityContext = new UserSecurityContext().setUserId(userId);
UserSecurityContextHolder.setContext(userSecurityContext); UserSecurityContextHolder.setContext(userSecurityContext);
} }
// 校验认证 return userId;
this.checkAuthentication((HandlerMethod) handler, userId);
return true;
} }
private void checkAuthentication(HandlerMethod handlerMethod, Integer userId) { private void checkAuthentication(HandlerMethod handlerMethod, Integer userId) {

View File

@ -1,73 +0,0 @@
package cn.iocoder.mall.security.config;
import cn.iocoder.mall.security.core.interceptor.AccountAuthInterceptor;
import cn.iocoder.mall.security.core.interceptor.AdminDemoInterceptor;
import cn.iocoder.mall.security.core.interceptor.AdminSecurityInterceptor;
import cn.iocoder.mall.security.core.interceptor.UserSecurityInterceptor;
import cn.iocoder.mall.web.config.CommonWebAutoConfiguration;
import cn.iocoder.mall.web.core.constant.CommonMallConstants;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.boot.autoconfigure.AutoConfigureAfter;
import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
@Configuration
@AutoConfigureAfter(CommonWebAutoConfiguration.class) // CommonWebAutoConfiguration 之后自动配置保证过滤器的顺序
@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
public class CommonSecurityAutoConfiguration implements WebMvcConfigurer {
private Logger logger = LoggerFactory.getLogger(getClass());
// ========== 拦截器相关 ==========
@Bean
public AccountAuthInterceptor adminAccountAuthInterceptor() {
return new AccountAuthInterceptor(true);
}
@Bean
public AccountAuthInterceptor userAccountAuthInterceptor() {
return new AccountAuthInterceptor(false);
}
@Bean
public AdminSecurityInterceptor adminSecurityInterceptor() {
return new AdminSecurityInterceptor();
}
@Bean
public UserSecurityInterceptor userSecurityInterceptor() {
return new UserSecurityInterceptor();
}
@Bean
public AdminDemoInterceptor adminDemoInterceptor() {
return new AdminDemoInterceptor();
}
@Override
public void addInterceptors(InterceptorRegistry registry) {
// AccountAuthInterceptor 拦截器
registry.addInterceptor(this.userAccountAuthInterceptor())
.addPathPatterns(CommonMallConstants.ROOT_PATH_USER + "/**");
registry.addInterceptor(this.adminAccountAuthInterceptor())
.addPathPatterns(CommonMallConstants.ROOT_PATH_ADMIN + "/**");
logger.info("[addInterceptors][加载 AccountAuthInterceptor 拦截器完成]");
// AdminSecurityInterceptor 拦截器
registry.addInterceptor(this.adminSecurityInterceptor())
.addPathPatterns(CommonMallConstants.ROOT_PATH_ADMIN + "/**");
logger.info("[addInterceptors][加载 AdminSecurityInterceptor 拦截器完成]");
// UserSecurityInterceptor 拦截器
registry.addInterceptor(this.userAccountAuthInterceptor())
.addPathPatterns(CommonMallConstants.ROOT_PATH_USER + "/**");
logger.info("[addInterceptors][加载 UserSecurityInterceptor 拦截器完成]");
// AdminDemoInterceptor 拦截器
registry.addInterceptor(this.adminDemoInterceptor())
.addPathPatterns(CommonMallConstants.ROOT_PATH_ADMIN + "/**");
logger.info("[addInterceptors][加载 AdminDemoInterceptor 拦截器完成]");
}
}

View File

@ -1,18 +0,0 @@
package cn.iocoder.mall.security.core.context;
import lombok.Data;
import lombok.experimental.Accessors;
/**
* User Security 上下文
*/
@Data
@Accessors(chain = true)
public class UserSecurityContext {
/**
* 用户编号
*/
private Integer userId;
}

View File

@ -1,30 +0,0 @@
package cn.iocoder.mall.security.core.context;
/**
* {@link UserSecurityContext} Holder
*
* 参考 spring security ThreadLocalSecurityContextHolderStrategy 简单实现
*/
public class UserSecurityContextHolder {
private static final ThreadLocal<UserSecurityContext> SECURITY_CONTEXT = new ThreadLocal<UserSecurityContext>();
public static void setContext(UserSecurityContext context) {
SECURITY_CONTEXT.set(context);
}
public static UserSecurityContext getContext() {
UserSecurityContext ctx = SECURITY_CONTEXT.get();
// 为空时设置一个空的进去
if (ctx == null) {
ctx = new UserSecurityContext();
SECURITY_CONTEXT.set(ctx);
}
return ctx;
}
public static void clear() {
SECURITY_CONTEXT.remove();
}
}

View File

@ -1,111 +0,0 @@
package cn.iocoder.mall.security.core.interceptor;
import cn.iocoder.common.framework.util.CollectionUtil;
import cn.iocoder.common.framework.util.HttpUtil;
import cn.iocoder.common.framework.util.ServiceExceptionUtil;
import cn.iocoder.common.framework.vo.CommonResult;
import cn.iocoder.mall.security.core.annotation.RequiresAuthenticate;
import cn.iocoder.mall.security.core.annotation.RequiresNone;
import cn.iocoder.mall.security.core.annotation.RequiresPermissions;
import cn.iocoder.mall.system.biz.enums.SystemErrorCodeEnum;
import cn.iocoder.mall.system.rpc.api.authorization.AuthorizationRPC;
import cn.iocoder.mall.system.rpc.api.oauth2.OAuth2RPC;
import cn.iocoder.mall.system.rpc.request.authorization.AuthorizationCheckPermissionsRequest;
import cn.iocoder.mall.system.rpc.request.oauth2.OAuth2AccessTokenAuthenticateRequest;
import cn.iocoder.mall.system.rpc.response.oauth2.OAuth2AccessTokenResponse;
import cn.iocoder.mall.web.core.util.CommonWebUtil;
import org.apache.dubbo.config.annotation.Reference;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.util.StringUtils;
import org.springframework.web.method.HandlerMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.Arrays;
public class AccountAuthInterceptor extends HandlerInterceptorAdapter {
private Logger logger = LoggerFactory.getLogger(getClass());
@Reference(validation = "true", version = "${dubbo.consumer.OAuth2RPC.version}")
private OAuth2RPC oauth2RPC;
@Reference(validation = "true", version = "${dubbo.consumer.AuthorizationRPC.version}")
private AuthorizationRPC authorizationRPC;
/**
* 是否默认要求认证
*
* 针对 /users/** 接口一般默认不要求认证因为面向用户的接口往往不需要登陆即可访问
* 针对 /admins/** 接口一般默认要求认证因为面向管理员的接口往往是内部需要更严格的安全控制
*/
private final boolean defaultRequiresAuthenticate;
public AccountAuthInterceptor(boolean defaultRequiresAuthenticate) {
this.defaultRequiresAuthenticate = defaultRequiresAuthenticate;
}
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
// 1. 进行认证
Integer accountId = this.obtainAccount(request);
// 2. 进行鉴权
HandlerMethod handlerMethod = (HandlerMethod) handler;
// 判断是否需要认证
this.checkAuthenticate(handlerMethod, accountId);
// 判断是否需要权限
this.checkPermission(handlerMethod, accountId);
return true;
}
private Integer obtainAccount(HttpServletRequest request) {
String accessToken = HttpUtil.obtainAuthorization(request); // 获得访问令牌
if (!StringUtils.hasText(accessToken)) { // 如果未传递则不进行认证
return null;
}
// 执行认证
OAuth2AccessTokenAuthenticateRequest oauth2AccessTokenAuthenticateRequest = new OAuth2AccessTokenAuthenticateRequest()
.setAccessToken(accessToken).setIp(HttpUtil.getIp(request));
CommonResult<OAuth2AccessTokenResponse> oauth2AccessTokenResult = oauth2RPC.authenticate(oauth2AccessTokenAuthenticateRequest);
if (oauth2AccessTokenResult.isError()) { // TODO 有一个问题点假设 token 认证失败但是该 url 是无需认证的是不是一样能够执行过去
throw ServiceExceptionUtil.exception(oauth2AccessTokenResult);
}
// 设置账号编号
Integer accountId = oauth2AccessTokenResult.getData().getAccountId();
CommonWebUtil.setUserId(request, accountId);
return accountId;
}
private void checkAuthenticate(HandlerMethod handlerMethod, Integer accountId) {
boolean requiresAuthenticate = defaultRequiresAuthenticate;
if (handlerMethod.hasMethodAnnotation(RequiresAuthenticate.class)
|| handlerMethod.hasMethodAnnotation(RequiresPermissions.class)) { // 如果需要权限验证也认为需要认证
requiresAuthenticate = true;
} else if (handlerMethod.hasMethodAnnotation(RequiresNone.class)) {
requiresAuthenticate = false;
}
if (requiresAuthenticate && accountId == null) {
throw ServiceExceptionUtil.exception(SystemErrorCodeEnum.OAUTH2_NOT_AUTHENTICATE);
}
}
private void checkPermission(HandlerMethod handlerMethod, Integer accountId) {
RequiresPermissions requiresPermissions = handlerMethod.getMethodAnnotation(RequiresPermissions.class);
if (requiresPermissions == null) {
return;
}
String[] permissions = requiresPermissions.value();
if (CollectionUtil.isEmpty(permissions)) {
return;
}
// 权限验证
AuthorizationCheckPermissionsRequest authorizationCheckPermissionsRequest = new AuthorizationCheckPermissionsRequest()
.setAccountId(accountId).setPermissions(Arrays.asList(permissions));
CommonResult<Boolean> authorizationCheckPermissionsResult = authorizationRPC.checkPermissions(authorizationCheckPermissionsRequest);
if (authorizationCheckPermissionsResult.isError()) { // TODO 有一个问题点假设 token 认证失败但是该 url 是无需认证的是不是一样能够执行过去
throw ServiceExceptionUtil.exception(authorizationCheckPermissionsResult);
}
}
}

View File

@ -1,50 +0,0 @@
package cn.iocoder.mall.security.core.interceptor;
import cn.iocoder.common.framework.util.ServiceExceptionUtil;
import cn.iocoder.common.framework.vo.CommonResult;
import cn.iocoder.mall.security.core.context.AdminSecurityContext;
import cn.iocoder.mall.security.core.context.AdminSecurityContextHolder;
import cn.iocoder.mall.system.rpc.api.admin.AdminRPC;
import cn.iocoder.mall.system.rpc.response.admin.AdminResponse;
import cn.iocoder.mall.web.core.util.CommonWebUtil;
import org.apache.dubbo.config.annotation.Reference;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import static cn.iocoder.mall.system.biz.enums.SystemErrorCodeEnum.ADMIN_NOT_FOUND;
public class AdminSecurityInterceptor extends HandlerInterceptorAdapter {
@Reference(validation = "true", version = "${dubbo.consumer.AdminRPC.version}")
private AdminRPC adminRPC;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
Integer accountId = CommonWebUtil.getUserId(request);
if (accountId != null) {
// 获得 Admin 信息
CommonResult<AdminResponse> adminResult = adminRPC.getAdminByAccountId(accountId);
if (adminResult.isError()) {
throw ServiceExceptionUtil.exception(adminResult);
}
if (adminResult.getData() == null) {
throw ServiceExceptionUtil.exception(ADMIN_NOT_FOUND);
}
// 设置到 SecurityContext
AdminResponse adminResponse = adminResult.getData();
AdminSecurityContext context = new AdminSecurityContext().setAdminId(adminResponse.getId())
.setAccountId(accountId);
AdminSecurityContextHolder.setContext(context);
}
return true;
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) {
// 清空 SecurityContext
AdminSecurityContextHolder.clear();
}
}

View File

@ -1,48 +0,0 @@
package cn.iocoder.mall.security.core.interceptor;
import cn.iocoder.common.framework.util.ExceptionUtil;
import cn.iocoder.common.framework.util.ServiceExceptionUtil;
import cn.iocoder.common.framework.vo.CommonResult;
import cn.iocoder.mall.security.core.context.UserSecurityContext;
import cn.iocoder.mall.security.core.context.UserSecurityContextHolder;
import cn.iocoder.mall.system.rpc.api.user.UserRPC;
import cn.iocoder.mall.system.rpc.response.user.UserResponse;
import cn.iocoder.mall.web.core.util.CommonWebUtil;
import org.apache.dubbo.config.annotation.Reference;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
public class UserSecurityInterceptor extends HandlerInterceptorAdapter {
@Reference(validation = "true", version = "${dubbo.consumer.UserRPC.version}")
private UserRPC userRPC;
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
Integer accountId = CommonWebUtil.getUserId(request);
if (accountId != null) {
// 获得 Admin 信息
CommonResult<UserResponse> userResult = userRPC.getUserByAccountId(accountId);
if (userResult.isError()) {
throw ServiceExceptionUtil.exception(userResult);
}
if (userResult.getData() == null) {
throw ExceptionUtil.getServiceException(null); // TODO 需要完善
}
// 设置到 SecurityContext
UserResponse userResponse = userResult.getData();
UserSecurityContext context = new UserSecurityContext().setUserId(userResponse.getId());
UserSecurityContextHolder.setContext(context);
}
return true;
}
@Override
public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) {
// 清空 SecurityContext
UserSecurityContextHolder.clear();
}
}

View File

@ -1,2 +0,0 @@
org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
cn.iocoder.mall.security.config.CommonSecurityAutoConfiguration

View File

@ -17,7 +17,7 @@
<module>mall-spring-boot-starter-swagger</module> <module>mall-spring-boot-starter-swagger</module>
<module>mall-spring-boot-starter-web</module> <module>mall-spring-boot-starter-web</module>
<module>mall-security-annotations</module> <module>mall-security-annotations</module>
<module>mall-spring-boot-starter-security</module> <module>mall-spring-boot-starter-security-admin</module>
<module>mall-spring-boot-starter-security-user</module> <module>mall-spring-boot-starter-security-user</module>
<module>mall-spring-boot-starter-mybatis</module> <module>mall-spring-boot-starter-mybatis</module>
</modules> </modules>

View File

@ -147,12 +147,12 @@
</dependency> </dependency>
<dependency> <dependency>
<groupId>cn.iocoder.mall</groupId> <groupId>cn.iocoder.mall</groupId>
<artifactId>mall-spring-boot-starter-security</artifactId> <artifactId>mall-spring-boot-starter-security-user</artifactId>
<version>1.0-SNAPSHOT</version> <version>1.0-SNAPSHOT</version>
</dependency> </dependency>
<dependency> <dependency>
<groupId>cn.iocoder.mall</groupId> <groupId>cn.iocoder.mall</groupId>
<artifactId>mall-spring-boot-starter-security-user</artifactId> <artifactId>mall-spring-boot-starter-security-admin</artifactId>
<version>1.0-SNAPSHOT</version> <version>1.0-SNAPSHOT</version>
</dependency> </dependency>

View File

@ -37,6 +37,11 @@
<artifactId>mall-spring-boot-starter-swagger</artifactId> <artifactId>mall-spring-boot-starter-swagger</artifactId>
</dependency> </dependency>
<dependency>
<groupId>cn.iocoder.mall</groupId>
<artifactId>mall-spring-boot-starter-security-admin</artifactId>
</dependency>
<!-- RPC 相关 --> <!-- RPC 相关 -->
<dependency> <dependency>
<groupId>com.alibaba.cloud</groupId> <groupId>com.alibaba.cloud</groupId>

View File

@ -5,6 +5,7 @@ import cn.iocoder.common.framework.vo.CommonResult;
import cn.iocoder.mall.managementweb.controller.passport.dto.AdminPassportLoginDTO; import cn.iocoder.mall.managementweb.controller.passport.dto.AdminPassportLoginDTO;
import cn.iocoder.mall.managementweb.controller.passport.vo.AdminPassportVO; import cn.iocoder.mall.managementweb.controller.passport.vo.AdminPassportVO;
import cn.iocoder.mall.managementweb.manager.admin.AdminPassportManager; import cn.iocoder.mall.managementweb.manager.admin.AdminPassportManager;
import cn.iocoder.security.annotations.RequiresNone;
import io.swagger.annotations.Api; import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation; import io.swagger.annotations.ApiOperation;
import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Autowired;
@ -24,9 +25,9 @@ public class AdminPassportController {
@Autowired @Autowired
private AdminPassportManager adminPassportManager; private AdminPassportManager adminPassportManager;
@PostMapping("/login")
@ApiOperation("账号密码登陆") @ApiOperation("账号密码登陆")
// @RequiresNone TODO 晚点加上 @PostMapping("/login")
@RequiresNone
public CommonResult<AdminPassportVO> login(AdminPassportLoginDTO loginDTO, public CommonResult<AdminPassportVO> login(AdminPassportLoginDTO loginDTO,
HttpServletRequest request) { HttpServletRequest request) {
return success(adminPassportManager.login(loginDTO, HttpUtil.getIp(request))); return success(adminPassportManager.login(loginDTO, HttpUtil.getIp(request)));

View File

@ -1,14 +0,0 @@
package cn.iocoder.mall.user.biz.config;
import org.mybatis.spring.annotation.MapperScan;
import org.springframework.context.annotation.Configuration;
import org.springframework.transaction.annotation.EnableTransactionManagement;
@Configuration
@MapperScan("cn.iocoder.mall.user.biz.dao") // 扫描对应的 Mapper 接口
@EnableTransactionManagement(proxyTargetClass = true) // 启动事务管理为什么使用 proxyTargetClass 参数参见 https://blog.csdn.net/huang_550/article/details/76492600
public class DatabaseConfiguration {
// 数据源使用 Druid
}

View File

@ -1,26 +0,0 @@
package cn.iocoder.mall.user.biz.config;
import cn.iocoder.common.framework.util.ServiceExceptionUtil;
import cn.iocoder.mall.user.api.constant.UserErrorCodeEnum;
import org.springframework.boot.context.event.ApplicationReadyEvent;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.event.EventListener;
@Configuration
public class ServiceExceptionConfiguration {
@EventListener(ApplicationReadyEvent.class) // 可参考 https://www.cnblogs.com/ssslinppp/p/7607509.html
public void initMessages() {
// service_exception_message.properties 加载错误码的方案
// Properties properties;
// try {
// properties = PropertiesLoaderUtils.loadAllProperties("classpath:service_exception_message.properties");
// } catch (IOException e) {
// throw new RuntimeException(e);
// }
for (UserErrorCodeEnum item : UserErrorCodeEnum.values()) {
ServiceExceptionUtil.put(item.getCode(), item.getMessage());
}
}
}

View File

@ -1,55 +0,0 @@
package cn.iocoder.mall.user.biz.dataobject;
import cn.iocoder.common.framework.dataobject.DeletableDO;
import lombok.Data;
import lombok.experimental.Accessors;
import java.util.Date;
/**
* 用户访问日志 DO
*/
@Data
@Accessors(chain = true)
public class UserAccessLogDO extends DeletableDO {
/**
* 编号
*/
private Integer id;
/**
* 用户编号.
*
* 当用户编号为空时该值为0
*/
private Integer userId;
/**
* 访问地址
*/
private String uri;
/**
* 参数
*/
private String queryString;
/**
* http 方法
*/
private String method;
/**
* userAgent
*/
private String userAgent;
/**
* ip
*/
private String ip;
/**
* 请求时间
*/
private Date startTime;
/**
* 响应时长 -- 毫秒级
*/
private Integer responseTime;
}

View File

@ -1,41 +0,0 @@
package cn.iocoder.mall.user.biz.dataobject;
import cn.iocoder.common.framework.dataobject.DeletableDO;
import lombok.Data;
import lombok.experimental.Accessors;
/**
* 用户实体存储用户基本数据
*
* idx_mobile 唯一索引
*/
@Data
@Accessors(chain = true)
public class UserDO extends DeletableDO {
/**
* 用户编号
*/
private Integer id;
/**
* 手机号
*/
private String mobile;
/**
* 昵称
*/
private String nickname;
/**
* 头像
*/
private String avatar;
/**
* 账号状态
*
* 1 - 开启
* 2 - 禁用
*/
private Integer status;
}

View File

@ -1,9 +0,0 @@
package cn.iocoder.mall.user.biz.dataobject;
import lombok.Data;
import lombok.experimental.Accessors;
@Data
@Accessors(chain = true)
public class UserLoginLogDO {
}