From 1ec5cedbd2f187aaf82097bd2c4daae53a01c642 Mon Sep 17 00:00:00 2001 From: zhou-hao Date: Sat, 6 Jan 2018 11:11:30 +0800 Subject: [PATCH] =?UTF-8?q?=E4=BC=98=E5=8C=96=E6=9D=83=E9=99=90=EF=BC=8C?= =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E6=9D=83=E9=99=90=E9=AA=8C=E8=AF=81=E5=89=8D?= =?UTF-8?q?=E7=9A=84=E4=BA=8B=E4=BB=B6=E9=80=9A=E7=9F=A5?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../web/authorization/define/HandleType.java | 5 ++ .../event/AuthorizationHandleBeforeEvent.java | 53 +++++++++++++++++++ .../basic/aop/AopAuthorizingController.java | 7 +-- .../basic/handler/AuthorizingHandler.java | 4 +- .../handler/DefaultAuthorizingHandler.java | 35 ++++++++++-- .../web/authorization/AuthorizeTests.java | 3 +- .../ldap/LdapAuthorizationTests.java | 17 ++++++ 7 files changed, 112 insertions(+), 12 deletions(-) create mode 100644 hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/define/HandleType.java create mode 100644 hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/listener/event/AuthorizationHandleBeforeEvent.java create mode 100644 hsweb-authorization/hsweb-authorization-ldap/src/test/java/org/hswebframework/web/authorization/ldap/LdapAuthorizationTests.java diff --git a/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/define/HandleType.java b/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/define/HandleType.java new file mode 100644 index 000000000..d921eb54a --- /dev/null +++ b/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/define/HandleType.java @@ -0,0 +1,5 @@ +package org.hswebframework.web.authorization.define; + +public enum HandleType{ + RBAC,DATA + } \ No newline at end of file diff --git a/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/listener/event/AuthorizationHandleBeforeEvent.java b/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/listener/event/AuthorizationHandleBeforeEvent.java new file mode 100644 index 000000000..13d943e6d --- /dev/null +++ b/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/listener/event/AuthorizationHandleBeforeEvent.java @@ -0,0 +1,53 @@ +package org.hswebframework.web.authorization.listener.event; + +import org.hswebframework.web.authorization.define.AuthorizingContext; +import org.hswebframework.web.authorization.define.HandleType; +import org.springframework.context.ApplicationEvent; + +public class AuthorizationHandleBeforeEvent extends ApplicationEvent implements AuthorizationEvent { + + private static final long serialVersionUID = -1095765748533721998L; + + private boolean allow = false; + + private boolean execute = true; + + private String message; + + private HandleType handleType; + + public AuthorizationHandleBeforeEvent(AuthorizingContext context, HandleType handleType) { + super(context); + this.handleType = handleType; + } + + public AuthorizingContext getContext() { + return ((AuthorizingContext) getSource()); + } + + public boolean isExecute() { + return execute; + } + + public boolean isAllow() { + return allow; + } + + public void setAllow(boolean allow) { + execute = false; + this.allow = allow; + } + + public String getMessage() { + return message; + } + + public void setMessage(String message) { + this.message = message; + } + + + public HandleType getHandleType() { + return handleType; + } +} diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/AopAuthorizingController.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/AopAuthorizingController.java index 2a61e90a7..e591811f1 100644 --- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/AopAuthorizingController.java +++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/AopAuthorizingController.java @@ -5,7 +5,6 @@ import org.aopalliance.intercept.MethodInterceptor; import org.hswebframework.web.AopUtils; import org.hswebframework.web.authorization.Authentication; import org.hswebframework.web.authorization.annotation.Authorize; -import org.hswebframework.web.authorization.basic.define.EmptyAuthorizeDefinition; import org.hswebframework.web.authorization.basic.handler.AuthorizingHandler; import org.hswebframework.web.authorization.define.AuthorizeDefinition; import org.hswebframework.web.authorization.define.AuthorizeDefinitionInitializedEvent; @@ -18,8 +17,6 @@ import org.springframework.aop.support.StaticMethodMatcherPointcutAdvisor; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.boot.CommandLineRunner; import org.springframework.context.ApplicationEventPublisher; -import org.springframework.core.Ordered; -import org.springframework.core.annotation.Order; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RestController; @@ -73,7 +70,7 @@ public class AopAuthorizingController extends StaticMethodMatcherPointcutAdvisor } if (definition.getPhased() == Phased.before) { //RDAC before - authorizingHandler.handRDAC(context); + authorizingHandler.handRBAC(context); //方法调用前验证数据权限 if (dataAccessPhased == Phased.before) { @@ -96,7 +93,7 @@ public class AopAuthorizingController extends StaticMethodMatcherPointcutAdvisor result = methodInvocation.proceed(); context.setParamContext(holder.createParamContext(result)); - authorizingHandler.handRDAC(context); + authorizingHandler.handRBAC(context); //方法调用后验证数据权限 if (dataAccessPhased == Phased.after) { diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/AuthorizingHandler.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/AuthorizingHandler.java index ddae3cfd8..8d35de635 100644 --- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/AuthorizingHandler.java +++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/AuthorizingHandler.java @@ -8,12 +8,12 @@ import org.hswebframework.web.authorization.define.AuthorizingContext; * @author zhouhao */ public interface AuthorizingHandler { - void handRDAC(AuthorizingContext context); + void handRBAC(AuthorizingContext context); void handleDataAccess(AuthorizingContext context); default void handle(AuthorizingContext context) { - handRDAC(context); + handRBAC(context); handleDataAccess(context); } } diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/DefaultAuthorizingHandler.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/DefaultAuthorizingHandler.java index a764287c9..871496861 100644 --- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/DefaultAuthorizingHandler.java +++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/DefaultAuthorizingHandler.java @@ -11,10 +11,14 @@ import org.hswebframework.web.authorization.access.DataAccessController; import org.hswebframework.web.authorization.annotation.Logical; import org.hswebframework.web.authorization.define.AuthorizeDefinition; import org.hswebframework.web.authorization.define.AuthorizingContext; +import org.hswebframework.web.authorization.define.HandleType; import org.hswebframework.web.authorization.exception.AccessDenyException; +import org.hswebframework.web.authorization.listener.event.AuthorizationHandleBeforeEvent; import org.hswebframework.web.boost.aop.context.MethodInterceptorContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.context.ApplicationEventPublisher; import java.util.*; import java.util.function.Function; @@ -30,6 +34,8 @@ public class DefaultAuthorizingHandler implements AuthorizingHandler { private Logger logger = LoggerFactory.getLogger(this.getClass()); + private ApplicationEventPublisher eventPublisher; + public DefaultAuthorizingHandler(DataAccessController dataAccessController) { this.dataAccessController = dataAccessController; } @@ -41,17 +47,40 @@ public class DefaultAuthorizingHandler implements AuthorizingHandler { this.dataAccessController = dataAccessController; } - @Override - public void handRDAC(AuthorizingContext context) { + @Autowired + public void setEventPublisher(ApplicationEventPublisher eventPublisher) { + this.eventPublisher = eventPublisher; + } + @Override + public void handRBAC(AuthorizingContext context) { + if(handleEvent(context,HandleType.RBAC)){ + return; + } //进行rdac权限控制 handleRdac(context.getAuthentication(), context.getDefinition()); //表达式权限控制 handleExpression(context.getAuthentication(), context.getDefinition(), context.getParamContext()); - + } + private boolean handleEvent(AuthorizingContext context,HandleType type){ + if(null!=eventPublisher) { + AuthorizationHandleBeforeEvent event = new AuthorizationHandleBeforeEvent(context, type); + eventPublisher.publishEvent(event); + if (!event.isExecute()) { + if (event.isAllow()) { + return true; + } else { + throw new AccessDenyException(event.getMessage()); + } + } + } + return false; } public void handleDataAccess(AuthorizingContext context) { + if(handleEvent(context,HandleType.DATA)){ + return; + } if (dataAccessController == null) { logger.warn("dataAccessController is null,skip result access control!"); return; diff --git a/hsweb-authorization/hsweb-authorization-basic/src/test/java/org/hswebframework/web/authorization/AuthorizeTests.java b/hsweb-authorization/hsweb-authorization-basic/src/test/java/org/hswebframework/web/authorization/AuthorizeTests.java index e325ac4b4..ca7b4c09a 100644 --- a/hsweb-authorization/hsweb-authorization-basic/src/test/java/org/hswebframework/web/authorization/AuthorizeTests.java +++ b/hsweb-authorization/hsweb-authorization-basic/src/test/java/org/hswebframework/web/authorization/AuthorizeTests.java @@ -26,7 +26,6 @@ import org.mockito.runners.MockitoJUnitRunner; import java.util.*; import static org.mockito.Matchers.any; -import static org.mockito.Matchers.anyString; import static org.mockito.Mockito.mock; import static org.mockito.Mockito.when; @@ -111,7 +110,7 @@ public class AuthorizeTests { authorizingContext.setDefinition(definition); authorizingContext.setParamContext(queryById); - handler.handRDAC(authorizingContext); + handler.handRBAC(authorizingContext); } diff --git a/hsweb-authorization/hsweb-authorization-ldap/src/test/java/org/hswebframework/web/authorization/ldap/LdapAuthorizationTests.java b/hsweb-authorization/hsweb-authorization-ldap/src/test/java/org/hswebframework/web/authorization/ldap/LdapAuthorizationTests.java new file mode 100644 index 000000000..bc3f18b50 --- /dev/null +++ b/hsweb-authorization/hsweb-authorization-ldap/src/test/java/org/hswebframework/web/authorization/ldap/LdapAuthorizationTests.java @@ -0,0 +1,17 @@ +package org.hswebframework.web.authorization.ldap; + +import org.junit.Test; +import org.springframework.ldap.core.LdapTemplate; +import org.springframework.ldap.query.LdapQueryBuilder; + +public class LdapAuthorizationTests { + + LdapTemplate ldapTemplate; + + // @Test + public void testGetUser(){ + ldapTemplate=new LdapTemplate(); + + ldapTemplate.authenticate(LdapQueryBuilder.query().base("dc=261consulting, dc=com"),"admin"); + } +}