mirror of
https://github.com/hs-web/hsweb-framework.git
synced 2026-05-23 01:39:35 +08:00
优化basic Authorization
This commit is contained in:
zhou-hao
@@ -2,6 +2,7 @@ package org.hswebframework.web.authorization.basic.configuration;
|
||||
|
||||
import org.hswebframework.web.authorization.access.DataAccessController;
|
||||
import org.hswebframework.web.authorization.access.DataAccessHandler;
|
||||
import org.hswebframework.web.authorization.basic.aop.AopMethodAuthorizeDefinitionParser;
|
||||
import org.hswebframework.web.authorization.basic.handler.DefaultAuthorizingHandler;
|
||||
import org.hswebframework.web.authorization.basic.handler.access.DefaultDataAccessController;
|
||||
import org.hswebframework.web.authorization.basic.web.*;
|
||||
@@ -52,11 +53,13 @@ public class AuthorizingHandlerAutoConfiguration {
|
||||
|
||||
@Bean
|
||||
public WebMvcConfigurer webUserTokenInterceptorConfigurer(UserTokenManager userTokenManager,
|
||||
AopMethodAuthorizeDefinitionParser parser,
|
||||
List<UserTokenParser> userTokenParser) {
|
||||
|
||||
return new WebMvcConfigurerAdapter() {
|
||||
@Override
|
||||
public void addInterceptors(InterceptorRegistry registry) {
|
||||
registry.addInterceptor(new WebUserTokenInterceptor(userTokenManager, userTokenParser));
|
||||
registry.addInterceptor(new WebUserTokenInterceptor(userTokenManager, userTokenParser,parser));
|
||||
super.addInterceptors(registry);
|
||||
}
|
||||
};
|
||||
|
||||
@@ -0,0 +1,5 @@
|
||||
package org.hswebframework.web.authorization.basic.web;
|
||||
|
||||
public interface UserTokenForTypeParser extends UserTokenParser {
|
||||
String getTokenType();
|
||||
}
|
||||
@@ -1,8 +1,12 @@
|
||||
package org.hswebframework.web.authorization.basic.web;
|
||||
|
||||
import org.hswebframework.web.authorization.basic.aop.AopMethodAuthorizeDefinitionParser;
|
||||
import org.hswebframework.web.authorization.define.AuthorizeDefinition;
|
||||
import org.hswebframework.web.authorization.token.UserToken;
|
||||
import org.hswebframework.web.authorization.token.UserTokenHolder;
|
||||
import org.hswebframework.web.authorization.token.UserTokenManager;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.web.method.HandlerMethod;
|
||||
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
|
||||
|
||||
import javax.servlet.http.HttpServletRequest;
|
||||
@@ -22,9 +26,18 @@ public class WebUserTokenInterceptor extends HandlerInterceptorAdapter {
|
||||
|
||||
private List<UserTokenParser> userTokenParser;
|
||||
|
||||
public WebUserTokenInterceptor(UserTokenManager userTokenManager, List<UserTokenParser> userTokenParser) {
|
||||
private AopMethodAuthorizeDefinitionParser parser;
|
||||
|
||||
private boolean enableBasicAuthorization = false;
|
||||
|
||||
public WebUserTokenInterceptor(UserTokenManager userTokenManager, List<UserTokenParser> userTokenParser,AopMethodAuthorizeDefinitionParser definitionParser) {
|
||||
this.userTokenManager = userTokenManager;
|
||||
this.userTokenParser = userTokenParser;
|
||||
this.parser=definitionParser;
|
||||
|
||||
enableBasicAuthorization = userTokenParser.stream()
|
||||
.filter(UserTokenForTypeParser.class::isInstance)
|
||||
.anyMatch(parser -> "basic".equalsIgnoreCase(((UserTokenForTypeParser) parser).getTokenType()));
|
||||
}
|
||||
|
||||
@Override
|
||||
@@ -35,6 +48,13 @@ public class WebUserTokenInterceptor extends HandlerInterceptorAdapter {
|
||||
.collect(Collectors.toList());
|
||||
|
||||
if (tokens.isEmpty()) {
|
||||
if (enableBasicAuthorization && handler instanceof HandlerMethod) {
|
||||
HandlerMethod method = ((HandlerMethod) handler);
|
||||
AuthorizeDefinition definition = parser.parse(method.getBeanType(), method.getMethod());
|
||||
if (null != definition) {
|
||||
response.addHeader("WWW-Authenticate", " Basic realm=\"\"");
|
||||
}
|
||||
}
|
||||
return true;
|
||||
}
|
||||
for (ParsedToken parsedToken : tokens) {
|
||||
|
||||
Reference in New Issue
Block a user