refactor: 重构权限后台认证

2021-06-23 13:39:57 +08:00 · 2021-06-23 13:39:57 +08:00 · 2d7073c199
parent dfb2b12c02
commit 2d7073c199
5 changed files with 64 additions and 17 deletions
--- a/backend/src/main/java/io/metersphere/security/UserModularRealmAuthenticator.java
+++ b/backend/src/main/java/io/metersphere/security/UserModularRealmAuthenticator.java
@ -29,6 +29,9 @@ public class UserModularRealmAuthenticator extends ModularRealmAuthenticator {

        // 默认使用本地验证
        for (Realm realm : realms) {
+            if (realm == null) {
+                continue;
+            }
            if (realm.getName().contains(loginType)) {
                typeRealms.add(realm);
            }
--- a/backend/src/main/java/io/metersphere/security/realm/BaseRealm.java
+++ b/backend/src/main/java/io/metersphere/security/realm/BaseRealm.java
@ -0,0 +1,55 @@
+package io.metersphere.security.realm;
+
+import io.metersphere.base.domain.UserGroupPermission;
+import io.metersphere.commons.user.SessionUser;
+import io.metersphere.commons.utils.SessionUtils;
+import io.metersphere.dto.GroupResourceDTO;
+import io.metersphere.dto.UserDTO;
+import io.metersphere.i18n.Translator;
+import io.metersphere.service.UserService;
+import org.apache.shiro.authc.*;
+import org.apache.shiro.authz.AuthorizationInfo;
+import org.apache.shiro.realm.AuthorizingRealm;
+import org.apache.shiro.subject.PrincipalCollection;
+
+import javax.annotation.Resource;
+import java.util.List;
+import java.util.Objects;
+import java.util.Set;
+import java.util.stream.Collectors;
+
+public abstract class BaseRealm extends AuthorizingRealm {
+    @Resource
+    private UserService userService;
+
+    @Override
+    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
+        return null;
+    }
+
+    @Override
+    protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken authenticationToken) throws AuthenticationException {
+        UsernamePasswordToken token = (UsernamePasswordToken) authenticationToken;
+
+        String userId = token.getUsername();
+        String password = String.valueOf(token.getPassword());
+        UserDTO user = userService.getUserDTO(userId);
+        if (user == null) {
+            throw new UnknownAccountException(Translator.get("user_not_exist"));
+        }
+        SessionUser sessionUser = SessionUser.fromUser(user);
+        SessionUtils.putUser(sessionUser);
+        return new SimpleAuthenticationInfo(userId, password, getName());
+    }
+
+    @Override
+    public boolean isPermitted(PrincipalCollection principals, String permission) {
+        Set<String> permissions = Objects.requireNonNull(SessionUtils.getUser()).getGroupPermissions().stream()
+                .map(GroupResourceDTO::getUserGroupPermissions)
+                .flatMap(List::stream)
+                .map(UserGroupPermission::getPermissionId)
+                .collect(Collectors.toSet());
+
+        return permissions.contains(permission);
+    }
+}
--- a/backend/src/main/java/io/metersphere/security/realm/LdapRealm.java
+++ b/backend/src/main/java/io/metersphere/security/realm/LdapRealm.java
@ -12,7 +12,6 @@ import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.authc.*;
 import org.apache.shiro.authz.AuthorizationInfo;
 import org.apache.shiro.authz.SimpleAuthorizationInfo;
-import org.apache.shiro.realm.AuthorizingRealm;
 import org.apache.shiro.subject.PrincipalCollection;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@ -32,7 +31,7 @@ import java.util.stream.Collectors;
 * set realm
 * </p>
 */
-public class LdapRealm extends AuthorizingRealm {
+public class LdapRealm extends BaseRealm {

    private Logger logger = LoggerFactory.getLogger(LdapRealm.class);
    @Resource
@ -44,7 +43,7 @@ public class LdapRealm extends AuthorizingRealm {
    }

    /**
-     * 权限认证
+     * 角色认证
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
@ -95,8 +94,4 @@ public class LdapRealm extends AuthorizingRealm {

    }

-    @Override
-    public boolean isPermitted(PrincipalCollection principals, String permission) {
-        return true;
-    }
 }
--- a/backend/src/main/java/io/metersphere/security/realm/LocalRealm.java
+++ b/backend/src/main/java/io/metersphere/security/realm/LocalRealm.java
@ -13,7 +13,6 @@ import org.apache.shiro.SecurityUtils;
 import org.apache.shiro.authc.*;
 import org.apache.shiro.authz.AuthorizationInfo;
 import org.apache.shiro.authz.SimpleAuthorizationInfo;
-import org.apache.shiro.realm.AuthorizingRealm;
 import org.apache.shiro.subject.PrincipalCollection;
 import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
@ -34,7 +33,7 @@ import java.util.stream.Collectors;
 * set realm
 * </p>
 */
-public class LocalRealm extends AuthorizingRealm {
+public class LocalRealm extends BaseRealm {

    private Logger logger = LoggerFactory.getLogger(LocalRealm.class);
    @Resource
@ -49,12 +48,11 @@ public class LocalRealm extends AuthorizingRealm {
    }

    /**
-     * 权限认证
+     * 角色认证
     */
    @Override
    protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
-        String userId = (String) principals.getPrimaryPrincipal();
-        return getAuthorizationInfo(userId, userService);
+        return null;
    }

    public static AuthorizationInfo getAuthorizationInfo(String userId, UserService userService) {
@ -134,8 +132,4 @@ public class LocalRealm extends AuthorizingRealm {
        return new SimpleAuthenticationInfo(userId, password, getName());
    }

-    @Override
-    public boolean isPermitted(PrincipalCollection principals, String permission) {
-        return true;
-    }
 }
--- a/backend/src/main/java/io/metersphere/xpack
+++ b/backend/src/main/java/io/metersphere/xpack
@ -1 +1 @@
-Subproject commit acbb458b5ec921754773cfdfc7a5b7f3ffebfaae
+Subproject commit 4aec3d69973965bf09b23981071bed26aa468473