diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/configuration/AuthorizingHandlerAutoConfiguration.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/configuration/AuthorizingHandlerAutoConfiguration.java index fd4293aa1..2db8d96a2 100644 --- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/configuration/AuthorizingHandlerAutoConfiguration.java +++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/configuration/AuthorizingHandlerAutoConfiguration.java @@ -2,6 +2,7 @@ package org.hswebframework.web.authorization.basic.configuration; import org.hswebframework.web.authorization.access.DataAccessController; import org.hswebframework.web.authorization.access.DataAccessHandler; +import org.hswebframework.web.authorization.basic.aop.AopMethodAuthorizeDefinitionParser; import org.hswebframework.web.authorization.basic.handler.DefaultAuthorizingHandler; import org.hswebframework.web.authorization.basic.handler.access.DefaultDataAccessController; import org.hswebframework.web.authorization.basic.web.*; @@ -52,11 +53,13 @@ public class AuthorizingHandlerAutoConfiguration { @Bean public WebMvcConfigurer webUserTokenInterceptorConfigurer(UserTokenManager userTokenManager, + AopMethodAuthorizeDefinitionParser parser, List userTokenParser) { + return new WebMvcConfigurerAdapter() { @Override public void addInterceptors(InterceptorRegistry registry) { - registry.addInterceptor(new WebUserTokenInterceptor(userTokenManager, userTokenParser)); + registry.addInterceptor(new WebUserTokenInterceptor(userTokenManager, userTokenParser,parser)); super.addInterceptors(registry); } }; diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/UserTokenForTypeParser.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/UserTokenForTypeParser.java new file mode 100644 index 000000000..c845a75e7 --- /dev/null +++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/UserTokenForTypeParser.java @@ -0,0 +1,5 @@ +package org.hswebframework.web.authorization.basic.web; + +public interface UserTokenForTypeParser extends UserTokenParser { + String getTokenType(); +} diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/WebUserTokenInterceptor.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/WebUserTokenInterceptor.java index cea0c34a7..af484226c 100644 --- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/WebUserTokenInterceptor.java +++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/WebUserTokenInterceptor.java @@ -1,8 +1,12 @@ package org.hswebframework.web.authorization.basic.web; +import org.hswebframework.web.authorization.basic.aop.AopMethodAuthorizeDefinitionParser; +import org.hswebframework.web.authorization.define.AuthorizeDefinition; import org.hswebframework.web.authorization.token.UserToken; import org.hswebframework.web.authorization.token.UserTokenHolder; import org.hswebframework.web.authorization.token.UserTokenManager; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.web.method.HandlerMethod; import org.springframework.web.servlet.handler.HandlerInterceptorAdapter; import javax.servlet.http.HttpServletRequest; @@ -22,9 +26,18 @@ public class WebUserTokenInterceptor extends HandlerInterceptorAdapter { private List userTokenParser; - public WebUserTokenInterceptor(UserTokenManager userTokenManager, List userTokenParser) { + private AopMethodAuthorizeDefinitionParser parser; + + private boolean enableBasicAuthorization = false; + + public WebUserTokenInterceptor(UserTokenManager userTokenManager, List userTokenParser,AopMethodAuthorizeDefinitionParser definitionParser) { this.userTokenManager = userTokenManager; this.userTokenParser = userTokenParser; + this.parser=definitionParser; + + enableBasicAuthorization = userTokenParser.stream() + .filter(UserTokenForTypeParser.class::isInstance) + .anyMatch(parser -> "basic".equalsIgnoreCase(((UserTokenForTypeParser) parser).getTokenType())); } @Override @@ -35,6 +48,13 @@ public class WebUserTokenInterceptor extends HandlerInterceptorAdapter { .collect(Collectors.toList()); if (tokens.isEmpty()) { + if (enableBasicAuthorization && handler instanceof HandlerMethod) { + HandlerMethod method = ((HandlerMethod) handler); + AuthorizeDefinition definition = parser.parse(method.getBeanType(), method.getMethod()); + if (null != definition) { + response.addHeader("WWW-Authenticate", " Basic realm=\"\""); + } + } return true; } for (ParsedToken parsedToken : tokens) { diff --git a/hsweb-authorization/hsweb-authorization-jwt/src/main/java/org/hswebframework/web/authorization/jwt/JwtTokenParser.java b/hsweb-authorization/hsweb-authorization-jwt/src/main/java/org/hswebframework/web/authorization/jwt/JwtTokenParser.java index 15ef21f41..01a6a653c 100644 --- a/hsweb-authorization/hsweb-authorization-jwt/src/main/java/org/hswebframework/web/authorization/jwt/JwtTokenParser.java +++ b/hsweb-authorization/hsweb-authorization-jwt/src/main/java/org/hswebframework/web/authorization/jwt/JwtTokenParser.java @@ -35,9 +35,11 @@ public class JwtTokenParser implements UserTokenParser { if (!StringUtils.isEmpty(headerToken)) { if (headerToken.contains(" ")) { String[] auth = headerToken.split("[ ]"); - // if(auth[0].equalsIgnoreCase("jwt")){ - headerToken = auth[1]; - //} + if (auth[0].equalsIgnoreCase("jwt") || auth[0].equalsIgnoreCase("Bearer")) { + headerToken = auth[1]; + }else{ + return null; + } } } } diff --git a/hsweb-examples/hsweb-examples-simple/src/main/java/org/hswebframework/web/example/simple/SpringBootExample.java b/hsweb-examples/hsweb-examples-simple/src/main/java/org/hswebframework/web/example/simple/SpringBootExample.java index 9585b2b65..768d4fcbb 100644 --- a/hsweb-examples/hsweb-examples-simple/src/main/java/org/hswebframework/web/example/simple/SpringBootExample.java +++ b/hsweb-examples/hsweb-examples-simple/src/main/java/org/hswebframework/web/example/simple/SpringBootExample.java @@ -87,12 +87,12 @@ import java.util.stream.Stream; public class SpringBootExample implements CommandLineRunner ,ApplicationListener{ - @Bean - public AopMethodAuthorizeDefinitionCustomizerParser customizerParser(){ - //自定义权限声明 - //所有控制都通过 - return (type,method,context) -> EmptyAuthorizeDefinition.instance; - } +// @Bean +// public AopMethodAuthorizeDefinitionCustomizerParser customizerParser(){ +// //自定义权限声明 +// //所有控制都通过 +// return (type,method,context) -> EmptyAuthorizeDefinition.instance; +// } @Bean public AccessLoggerListener accessLoggerListener() { diff --git a/hsweb-examples/hsweb-examples-simple/src/main/resources/application.yml b/hsweb-examples/hsweb-examples-simple/src/main/resources/application.yml index d911fca91..6757480a2 100644 --- a/hsweb-examples/hsweb-examples-simple/src/main/resources/application.yml +++ b/hsweb-examples/hsweb-examples-simple/src/main/resources/application.yml @@ -22,6 +22,7 @@ hsweb: allowed-headers: "*" authorize: auto-parse: true # 自动解析所有代码中到权限,并触发 ApplicationListener + basic-authorization: true #开启basic认证 sync: true # 自动同步权限信息到数据库 jwt: id: test diff --git a/hsweb-starter/hsweb-spring-boot-starter/src/main/java/org/hswebframework/web/starter/RestControllerExceptionTranslator.java b/hsweb-starter/hsweb-spring-boot-starter/src/main/java/org/hswebframework/web/starter/RestControllerExceptionTranslator.java index dcdda8dd3..ac2024fa7 100644 --- a/hsweb-starter/hsweb-spring-boot-starter/src/main/java/org/hswebframework/web/starter/RestControllerExceptionTranslator.java +++ b/hsweb-starter/hsweb-spring-boot-starter/src/main/java/org/hswebframework/web/starter/RestControllerExceptionTranslator.java @@ -36,6 +36,7 @@ import org.springframework.web.bind.annotation.ResponseBody; import org.springframework.web.bind.annotation.ResponseStatus; import org.springframework.web.bind.annotation.RestControllerAdvice; +import javax.servlet.http.HttpServletResponse; import java.sql.SQLException; import java.util.List; @@ -80,7 +81,7 @@ public class RestControllerExceptionTranslator { @ExceptionHandler(UnAuthorizedException.class) @ResponseStatus(HttpStatus.UNAUTHORIZED) @ResponseBody - ResponseMessage handleException(UnAuthorizedException exception) { + ResponseMessage handleException(UnAuthorizedException exception, HttpServletResponse response) { return ResponseMessage.error(401, exception.getMessage()).result(exception.getState()); } @@ -125,7 +126,7 @@ public class RestControllerExceptionTranslator { @ResponseBody ResponseMessage handleException(SQLException exception) { logger.error(exception.getMessage(), exception); - return ResponseMessage.error(500,"服务器内部错误"); + return ResponseMessage.error(500, "服务器内部错误"); } diff --git a/hsweb-system/hsweb-system-authorization/hsweb-system-authorization-starter/src/main/java/org/hswebframework/web/authorization/starter/BasicAuthorizationTokenParser.java b/hsweb-system/hsweb-system-authorization/hsweb-system-authorization-starter/src/main/java/org/hswebframework/web/authorization/starter/BasicAuthorizationTokenParser.java index c831b3032..5a0e76742 100644 --- a/hsweb-system/hsweb-system-authorization/hsweb-system-authorization-starter/src/main/java/org/hswebframework/web/authorization/starter/BasicAuthorizationTokenParser.java +++ b/hsweb-system/hsweb-system-authorization/hsweb-system-authorization-starter/src/main/java/org/hswebframework/web/authorization/starter/BasicAuthorizationTokenParser.java @@ -4,6 +4,7 @@ import lombok.extern.slf4j.Slf4j; import org.apache.commons.codec.binary.Base64; import org.hswebframework.web.authorization.basic.web.AuthorizedToken; import org.hswebframework.web.authorization.basic.web.ParsedToken; +import org.hswebframework.web.authorization.basic.web.UserTokenForTypeParser; import org.hswebframework.web.authorization.basic.web.UserTokenParser; import org.hswebframework.web.authorization.token.UserToken; import org.hswebframework.web.authorization.token.UserTokenManager; @@ -12,12 +13,17 @@ import org.hswebframework.web.service.authorization.UserService; import javax.servlet.http.HttpServletRequest; -public class BasicAuthorizationTokenParser implements UserTokenParser { +public class BasicAuthorizationTokenParser implements UserTokenForTypeParser { private UserService userService; private UserTokenManager userTokenManager; + @Override + public String getTokenType() { + return "basic"; + } + public BasicAuthorizationTokenParser(UserService userService, UserTokenManager userTokenManager) { this.userService = userService; this.userTokenManager = userTokenManager; @@ -31,7 +37,7 @@ public class BasicAuthorizationTokenParser implements UserTokenParser { } if (authorization.contains(" ")) { String[] info = authorization.split("[ ]"); - if (info[0].equalsIgnoreCase("Basic")) { + if (info[0].equalsIgnoreCase(getTokenType())) { authorization = info[1]; } } @@ -47,7 +53,7 @@ public class BasicAuthorizationTokenParser implements UserTokenParser { @Override public String getType() { - return "basic"; + return getTokenType(); } }; } @@ -68,7 +74,7 @@ public class BasicAuthorizationTokenParser implements UserTokenParser { @Override public String getType() { - return "basic"; + return getTokenType(); } @Override