Home Esplora Aiuto
Registrati Accedi
java
/
diagbotcloud
2
0
Forka 0
File Problemi 0 Pull Requests 0 Wiki
Sfoglia il codice sorgente

icss后台管理系统权限添加

gaodm 6 anni fa
parent
1d2135b57a
commit
ead0bc2992
4 ha cambiato i file con 64 aggiunte e 48 eliminazioni
Visualizzazione separata Mostra Diff Stats
  1. 4 0
      icssman-service/src/main/java/com/diagbot/client/UserServiceClient.java
  2. 9 4
      icssman-service/src/main/java/com/diagbot/client/hystrix/UserServiceHystrix.java
  3. 8 8
      icssman-service/src/main/java/com/diagbot/config/ResourceServerConfigurer.java
  4. 43 36
      icssman-service/src/main/java/com/diagbot/config/security/UrlAccessDecisionManager.java

+ 4 - 0
icssman-service/src/main/java/com/diagbot/client/UserServiceClient.java
Vedi File 

@@ -2,6 +2,7 @@ package com.diagbot.client;
 
 
 import com.diagbot.client.hystrix.UserServiceHystrix;
 
 import com.diagbot.dto.RespDTO;
 
+import com.diagbot.entity.Token;
 
 import org.springframework.cloud.openfeign.FeignClient;
 
 import org.springframework.web.bind.annotation.PostMapping;
 
 import org.springframework.web.bind.annotation.RequestBody;
 
@@ -20,6 +21,9 @@ public interface UserServiceClient {
 
 
     @PostMapping(value = "/user/getUserInfoByIds")
 
     RespDTO<Map<String, String>> getUserInfoByIds(@RequestBody List<String> ids);
 
+
 
+    @PostMapping("/user/verifyToken")
 
+    RespDTO<Boolean> verifyToken(@RequestBody Token token);
 
 }

+ 9 - 4
icssman-service/src/main/java/com/diagbot/client/hystrix/UserServiceHystrix.java
Vedi File 

@@ -2,6 +2,7 @@ package com.diagbot.client.hystrix;
 
 
 import com.diagbot.client.UserServiceClient;
 
 import com.diagbot.dto.RespDTO;
 
+import com.diagbot.entity.Token;
 
 import lombok.extern.slf4j.Slf4j;
 
 import org.springframework.stereotype.Component;
 
 import org.springframework.web.bind.annotation.RequestBody;
 
@@ -19,12 +20,16 @@ import java.util.Map;
 
 @Slf4j
 
 public class UserServiceHystrix implements UserServiceClient {
 
 
-	@Override
 
-    public RespDTO<Map<String, String>> getUserInfoByIds(@RequestBody List<String> ids){
 
+    @Override
 
+    public RespDTO<Map<String, String>> getUserInfoByIds(@RequestBody List<String> ids) {
 
         log.error("【hystrix】调用{}异常", "getUserInfoByIds");
 
         return null;
 
     }
 
 
-    
-    
+    @Override
 
+    public RespDTO<Boolean> verifyToken(Token token) {
 
+        log.error("【hystrix】调用{}异常", "verifyToken");
 
+        return null;
 
+    }
 
+
 
 }

+ 8 - 8
icssman-service/src/main/java/com/diagbot/config/ResourceServerConfigurer.java
Vedi File 

@@ -25,14 +25,14 @@ public class ResourceServerConfigurer extends ResourceServerConfigurerAdapter {
 
         http
 
                 .csrf().disable()
 
                 .authorizeRequests()
 
-//                .regexMatchers(".*swagger.*", ".*v2.*", ".*webjars.*", "/druid.*", "/actuator.*", "/hystrix.*").permitAll()
 
-//                .antMatchers("/file/upload").permitAll()
 
-//                .antMatchers("/introduceInfo/saveIntroduce").permitAll()
 
-//                .antMatchers("/questionInfo/delete").permitAll()
 
-//                .antMatchers("/questionInfo/index").permitAll()
 
-//                .antMatchers("/getIcssEnumsData").permitAll()
 
-//                .antMatchers("/**").authenticated();
 
-                .antMatchers("/**").permitAll();
 
+                .regexMatchers(".*swagger.*", ".*v2.*", ".*webjars.*", "/druid.*", "/actuator.*", "/hystrix.*").permitAll()
 
+                .antMatchers("/file/upload").permitAll()
 
+                .antMatchers("/introduceInfo/saveIntroduce").permitAll()
 
+                .antMatchers("/questionInfo/delete").permitAll()
 
+                .antMatchers("/questionInfo/index").permitAll()
 
+                .antMatchers("/getIcssEnumsData").permitAll()
 
+                .antMatchers("/**").authenticated();
 
+//                .antMatchers("/**").permitAll();
 
     }

+ 43 - 36
icssman-service/src/main/java/com/diagbot/config/security/UrlAccessDecisionManager.java
Vedi File 

@@ -1,19 +1,26 @@
 
 package com.diagbot.config.security;
 
 
 import com.diagbot.client.UserServiceClient;
 
+import com.diagbot.dto.RespDTO;
 
+import com.diagbot.entity.Token;
 
+import com.diagbot.exception.CommonErrorCode;
 
+import com.diagbot.util.HttpUtils;
 
+import com.diagbot.util.StringUtil;
 
 import org.springframework.beans.factory.annotation.Autowired;
 
 import org.springframework.security.access.AccessDecisionManager;
 
 import org.springframework.security.access.AccessDeniedException;
 
 import org.springframework.security.access.ConfigAttribute;
 
+import org.springframework.security.authentication.AccountExpiredException;
 
 import org.springframework.security.authentication.InsufficientAuthenticationException;
 
 import org.springframework.security.core.Authentication;
 
+import org.springframework.security.core.GrantedAuthority;
 
+import org.springframework.security.web.FilterInvocation;
 
 import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
 
 import org.springframework.stereotype.Service;
 
 
 import javax.servlet.http.HttpServletRequest;
 
 import java.util.Collection;
 
 
-
 
 /**
 
  * @Description: 自定义权限拦截
 
  * @author: gaodm
 
@@ -26,40 +33,40 @@ public class UrlAccessDecisionManager implements AccessDecisionManager {
 
 
     @Override
 
     public void decide(Authentication authentication, Object object, Collection<ConfigAttribute> configAttributes) throws AccessDeniedException, InsufficientAuthenticationException {
 
-//        HttpServletRequest request = ((FilterInvocation) object).getHttpRequest();
 
-//        String url, method;
 
-//        if (matchPermitAllUrl(request)) {
 
-//            return;
 
-//        }
 
-//        if ("anonymousUser".equals(authentication.getPrincipal())) {
 
-//            throw new AccessDeniedException("no right");
 
-//        } else {
 
-//            //验证token有效性
 
-//            String tokenStr = HttpUtils.getHeaders(request).get("Authorization");
 
-//            if (StringUtil.isNotEmpty(tokenStr)) {
 
-//                Token token = new Token();
 
-//                tokenStr = tokenStr.replaceFirst("Bearer ", "");
 
-//                token.setToken(tokenStr);
 
-//                RespDTO<Boolean> res = userServiceClient.verifyToken(token);
 
-//                if (res == null || !CommonErrorCode.OK.getCode().equals(res.code)) {
 
-//                    throw new AccountExpiredException("token expire");
 
-//                }
 
-//                if (!res.data) {
 
-//                    throw new AccountExpiredException("token expire");
 
-//                }
 
-//            }
 
-//            for (GrantedAuthority ga : authentication.getAuthorities()) {
 
-//                String[] authority = ga.getAuthority().split(";");
 
-//                url = authority[0];
 
-//                method = authority[1];
 
-//                if (matchers(url, request)) {
 
-//                    if (method.equals(request.getMethod()) || "ALL".equals(method)) {
 
-//                        return;
 
-//                    }
 
-//                }
 
-//            }
 
-//        }
 
-//        throw new AccessDeniedException("no right");
 
+        HttpServletRequest request = ((FilterInvocation) object).getHttpRequest();
 
+        String url, method;
 
+        if (matchPermitAllUrl(request)) {
 
+            return;
 
+        }
 
+        if ("anonymousUser".equals(authentication.getPrincipal())) {
 
+            throw new AccessDeniedException("no right");
 
+        } else {
 
+            //验证token有效性
 
+            String tokenStr = HttpUtils.getHeaders(request).get("Authorization");
 
+            if (StringUtil.isNotEmpty(tokenStr)) {
 
+                Token token = new Token();
 
+                tokenStr = tokenStr.replaceFirst("Bearer ", "");
 
+                token.setToken(tokenStr);
 
+                RespDTO<Boolean> res = userServiceClient.verifyToken(token);
 
+                if (res == null || !CommonErrorCode.OK.getCode().equals(res.code)) {
 
+                    throw new AccountExpiredException("token expire");
 
+                }
 
+                if (!res.data) {
 
+                    throw new AccountExpiredException("token expire");
 
+                }
 
+            }
 
+            for (GrantedAuthority ga : authentication.getAuthorities()) {
 
+                String[] authority = ga.getAuthority().split(";");
 
+                url = authority[0];
 
+                method = authority[1];
 
+                if (matchers(url, request)) {
 
+                    if (method.equals(request.getMethod()) || "ALL".equals(method)) {
 
+                        return;
 
+                    }
 
+                }
 
+            }
 
+        }
 
+        throw new AccessDeniedException("no right");
 
     }
 
 
 
@@ -73,7 +80,7 @@ public class UrlAccessDecisionManager implements AccessDecisionManager {
 
         return true;
 
     }
 
 
-    private Boolean matchPermitAllUrl(HttpServletRequest request){
 
+    private Boolean matchPermitAllUrl(HttpServletRequest request) {
 
         if (matchers("/swagger/**", request)
 
                 || matchers("/v2/**", request)
 
                 || matchers("/swagger-ui.html/**", request)