mirror of
https://github.com/hs-web/hsweb-framework.git
synced 2026-06-06 05:17:46 +08:00
优化basic Authorization
This commit is contained in:
zhou-hao
@@ -2,6 +2,7 @@ package org.hswebframework.web.authorization.basic.configuration;
|
||||
|
||||
import org.hswebframework.web.authorization.access.DataAccessController;
|
||||
import org.hswebframework.web.authorization.access.DataAccessHandler;
|
||||
import org.hswebframework.web.authorization.basic.aop.AopMethodAuthorizeDefinitionParser;
|
||||
import org.hswebframework.web.authorization.basic.handler.DefaultAuthorizingHandler;
|
||||
import org.hswebframework.web.authorization.basic.handler.access.DefaultDataAccessController;
|
||||
import org.hswebframework.web.authorization.basic.web.*;
|
||||
@@ -52,11 +53,13 @@ public class AuthorizingHandlerAutoConfiguration {
|
||||
|
||||
@Bean
|
||||
public WebMvcConfigurer webUserTokenInterceptorConfigurer(UserTokenManager userTokenManager,
|
||||
AopMethodAuthorizeDefinitionParser parser,
|
||||
List<UserTokenParser> userTokenParser) {
|
||||
|
||||
return new WebMvcConfigurerAdapter() {
|
||||
@Override
|
||||
public void addInterceptors(InterceptorRegistry registry) {
|
||||
registry.addInterceptor(new WebUserTokenInterceptor(userTokenManager, userTokenParser));
|
||||
registry.addInterceptor(new WebUserTokenInterceptor(userTokenManager, userTokenParser,parser));
|
||||
super.addInterceptors(registry);
|
||||
}
|
||||
};
|
||||
|
||||
@@ -0,0 +1,5 @@
|
||||
package org.hswebframework.web.authorization.basic.web;
|
||||
|
||||
public interface UserTokenForTypeParser extends UserTokenParser {
|
||||
String getTokenType();
|
||||
}
|
||||
@@ -1,8 +1,12 @@
|
||||
package org.hswebframework.web.authorization.basic.web;
|
||||
|
||||
import org.hswebframework.web.authorization.basic.aop.AopMethodAuthorizeDefinitionParser;
|
||||
import org.hswebframework.web.authorization.define.AuthorizeDefinition;
|
||||
import org.hswebframework.web.authorization.token.UserToken;
|
||||
import org.hswebframework.web.authorization.token.UserTokenHolder;
|
||||
import org.hswebframework.web.authorization.token.UserTokenManager;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.web.method.HandlerMethod;
|
||||
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
@@ -22,9 +26,18 @@ public class WebUserTokenInterceptor extends HandlerInterceptorAdapter {
|
||||
|
||||
private List<UserTokenParser> userTokenParser;
|
||||
|
||||
public WebUserTokenInterceptor(UserTokenManager userTokenManager, List<UserTokenParser> userTokenParser) {
|
||||
private AopMethodAuthorizeDefinitionParser parser;
|
||||
|
||||
private boolean enableBasicAuthorization = false;
|
||||
|
||||
public WebUserTokenInterceptor(UserTokenManager userTokenManager, List<UserTokenParser> userTokenParser,AopMethodAuthorizeDefinitionParser definitionParser) {
|
||||
this.userTokenManager = userTokenManager;
|
||||
this.userTokenParser = userTokenParser;
|
||||
this.parser=definitionParser;
|
||||
|
||||
enableBasicAuthorization = userTokenParser.stream()
|
||||
.filter(UserTokenForTypeParser.class::isInstance)
|
||||
.anyMatch(parser -> "basic".equalsIgnoreCase(((UserTokenForTypeParser) parser).getTokenType()));
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -35,6 +48,13 @@ public class WebUserTokenInterceptor extends HandlerInterceptorAdapter {
|
||||
.collect(Collectors.toList());
|
||||
|
||||
if (tokens.isEmpty()) {
|
||||
if (enableBasicAuthorization && handler instanceof HandlerMethod) {
|
||||
HandlerMethod method = ((HandlerMethod) handler);
|
||||
AuthorizeDefinition definition = parser.parse(method.getBeanType(), method.getMethod());
|
||||
if (null != definition) {
|
||||
response.addHeader("WWW-Authenticate", " Basic realm=\"\"");
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
for (ParsedToken parsedToken : tokens) {
|
||||
|
||||
@@ -35,9 +35,11 @@ public class JwtTokenParser implements UserTokenParser {
|
||||
if (!StringUtils.isEmpty(headerToken)) {
|
||||
if (headerToken.contains(" ")) {
|
||||
String[] auth = headerToken.split("[ ]");
|
||||
// if(auth[0].equalsIgnoreCase("jwt")){
|
||||
headerToken = auth[1];
|
||||
//}
|
||||
if (auth[0].equalsIgnoreCase("jwt") || auth[0].equalsIgnoreCase("Bearer")) {
|
||||
headerToken = auth[1];
|
||||
}else{
|
||||
return null;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
@@ -87,12 +87,12 @@ import java.util.stream.Stream;
|
||||
public class SpringBootExample
|
||||
implements CommandLineRunner ,ApplicationListener<AuthorizeDefinitionInitializedEvent>{
|
||||
|
||||
@Bean
|
||||
public AopMethodAuthorizeDefinitionCustomizerParser customizerParser(){
|
||||
//自定义权限声明
|
||||
//所有控制都通过
|
||||
return (type,method,context) -> EmptyAuthorizeDefinition.instance;
|
||||
}
|
||||
// @Bean
|
||||
// public AopMethodAuthorizeDefinitionCustomizerParser customizerParser(){
|
||||
// //自定义权限声明
|
||||
// //所有控制都通过
|
||||
// return (type,method,context) -> EmptyAuthorizeDefinition.instance;
|
||||
// }
|
||||
|
||||
@Bean
|
||||
public AccessLoggerListener accessLoggerListener() {
|
||||
|
||||
@@ -22,6 +22,7 @@ hsweb:
|
||||
allowed-headers: "*"
|
||||
authorize:
|
||||
auto-parse: true # 自动解析所有代码中到权限,并触发 ApplicationListener<AuthorizeDefinitionInitializedEvent>
|
||||
basic-authorization: true #开启basic认证
|
||||
sync: true # 自动同步权限信息到数据库
|
||||
jwt:
|
||||
id: test
|
||||
|
||||
@@ -36,6 +36,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
|
||||
import org.springframework.web.bind.annotation.ResponseStatus;
|
||||
import org.springframework.web.bind.annotation.RestControllerAdvice;
|
||||
|
||||
import javax.servlet.http.HttpServletResponse;
|
||||
import java.sql.SQLException;
|
||||
import java.util.List;
|
||||
|
||||
@@ -80,7 +81,7 @@ public class RestControllerExceptionTranslator {
|
||||
@ExceptionHandler(UnAuthorizedException.class)
|
||||
@ResponseStatus(HttpStatus.UNAUTHORIZED)
|
||||
@ResponseBody
|
||||
ResponseMessage handleException(UnAuthorizedException exception) {
|
||||
ResponseMessage handleException(UnAuthorizedException exception, HttpServletResponse response) {
|
||||
return ResponseMessage.error(401, exception.getMessage()).result(exception.getState());
|
||||
}
|
||||
|
||||
@@ -125,7 +126,7 @@ public class RestControllerExceptionTranslator {
|
||||
@ResponseBody
|
||||
ResponseMessage handleException(SQLException exception) {
|
||||
logger.error(exception.getMessage(), exception);
|
||||
return ResponseMessage.error(500,"服务器内部错误");
|
||||
return ResponseMessage.error(500, "服务器内部错误");
|
||||
}
|
||||
|
||||
|
||||
|
||||
@@ -4,6 +4,7 @@ import lombok.extern.slf4j.Slf4j;
|
||||
import org.apache.commons.codec.binary.Base64;
|
||||
import org.hswebframework.web.authorization.basic.web.AuthorizedToken;
|
||||
import org.hswebframework.web.authorization.basic.web.ParsedToken;
|
||||
import org.hswebframework.web.authorization.basic.web.UserTokenForTypeParser;
|
||||
import org.hswebframework.web.authorization.basic.web.UserTokenParser;
|
||||
import org.hswebframework.web.authorization.token.UserToken;
|
||||
import org.hswebframework.web.authorization.token.UserTokenManager;
|
||||
@@ -12,12 +13,17 @@ import org.hswebframework.web.service.authorization.UserService;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
|
||||
public class BasicAuthorizationTokenParser implements UserTokenParser {
|
||||
public class BasicAuthorizationTokenParser implements UserTokenForTypeParser {
|
||||
|
||||
private UserService userService;
|
||||
|
||||
private UserTokenManager userTokenManager;
|
||||
|
||||
@Override
|
||||
public String getTokenType() {
|
||||
return "basic";
|
||||
}
|
||||
|
||||
public BasicAuthorizationTokenParser(UserService userService, UserTokenManager userTokenManager) {
|
||||
this.userService = userService;
|
||||
this.userTokenManager = userTokenManager;
|
||||
@@ -31,7 +37,7 @@ public class BasicAuthorizationTokenParser implements UserTokenParser {
|
||||
}
|
||||
if (authorization.contains(" ")) {
|
||||
String[] info = authorization.split("[ ]");
|
||||
if (info[0].equalsIgnoreCase("Basic")) {
|
||||
if (info[0].equalsIgnoreCase(getTokenType())) {
|
||||
authorization = info[1];
|
||||
}
|
||||
}
|
||||
@@ -47,7 +53,7 @@ public class BasicAuthorizationTokenParser implements UserTokenParser {
|
||||
|
||||
@Override
|
||||
public String getType() {
|
||||
return "basic";
|
||||
return getTokenType();
|
||||
}
|
||||
};
|
||||
}
|
||||
@@ -68,7 +74,7 @@ public class BasicAuthorizationTokenParser implements UserTokenParser {
|
||||
|
||||
@Override
|
||||
public String getType() {
|
||||
return "basic";
|
||||
return getTokenType();
|
||||
}
|
||||
|
||||
@Override
|
||||
|
||||
Reference in New Issue
Block a user