mirror of
https://github.com/hs-web/hsweb-framework.git
synced 2026-05-13 09:01:27 +08:00
优化权限,增加权限验证前的事件通知
This commit is contained in:
zhou-hao
@@ -5,7 +5,6 @@ import org.aopalliance.intercept.MethodInterceptor;
|
||||
import org.hswebframework.web.AopUtils;
|
||||
import org.hswebframework.web.authorization.Authentication;
|
||||
import org.hswebframework.web.authorization.annotation.Authorize;
|
||||
import org.hswebframework.web.authorization.basic.define.EmptyAuthorizeDefinition;
|
||||
import org.hswebframework.web.authorization.basic.handler.AuthorizingHandler;
|
||||
import org.hswebframework.web.authorization.define.AuthorizeDefinition;
|
||||
import org.hswebframework.web.authorization.define.AuthorizeDefinitionInitializedEvent;
|
||||
@@ -18,8 +17,6 @@ import org.springframework.aop.support.StaticMethodMatcherPointcutAdvisor;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.boot.CommandLineRunner;
|
||||
import org.springframework.context.ApplicationEventPublisher;
|
||||
import org.springframework.core.Ordered;
|
||||
import org.springframework.core.annotation.Order;
|
||||
import org.springframework.stereotype.Controller;
|
||||
import org.springframework.web.bind.annotation.RestController;
|
||||
|
||||
@@ -73,7 +70,7 @@ public class AopAuthorizingController extends StaticMethodMatcherPointcutAdvisor
|
||||
}
|
||||
if (definition.getPhased() == Phased.before) {
|
||||
//RDAC before
|
||||
authorizingHandler.handRDAC(context);
|
||||
authorizingHandler.handRBAC(context);
|
||||
|
||||
//方法调用前验证数据权限
|
||||
if (dataAccessPhased == Phased.before) {
|
||||
@@ -96,7 +93,7 @@ public class AopAuthorizingController extends StaticMethodMatcherPointcutAdvisor
|
||||
result = methodInvocation.proceed();
|
||||
context.setParamContext(holder.createParamContext(result));
|
||||
|
||||
authorizingHandler.handRDAC(context);
|
||||
authorizingHandler.handRBAC(context);
|
||||
|
||||
//方法调用后验证数据权限
|
||||
if (dataAccessPhased == Phased.after) {
|
||||
|
||||
@@ -8,12 +8,12 @@ import org.hswebframework.web.authorization.define.AuthorizingContext;
|
||||
* @author zhouhao
|
||||
*/
|
||||
public interface AuthorizingHandler {
|
||||
void handRDAC(AuthorizingContext context);
|
||||
void handRBAC(AuthorizingContext context);
|
||||
|
||||
void handleDataAccess(AuthorizingContext context);
|
||||
|
||||
default void handle(AuthorizingContext context) {
|
||||
handRDAC(context);
|
||||
handRBAC(context);
|
||||
handleDataAccess(context);
|
||||
}
|
||||
}
|
||||
|
||||
@@ -11,10 +11,14 @@ import org.hswebframework.web.authorization.access.DataAccessController;
|
||||
import org.hswebframework.web.authorization.annotation.Logical;
|
||||
import org.hswebframework.web.authorization.define.AuthorizeDefinition;
|
||||
import org.hswebframework.web.authorization.define.AuthorizingContext;
|
||||
import org.hswebframework.web.authorization.define.HandleType;
|
||||
import org.hswebframework.web.authorization.exception.AccessDenyException;
|
||||
import org.hswebframework.web.authorization.listener.event.AuthorizationHandleBeforeEvent;
|
||||
import org.hswebframework.web.boost.aop.context.MethodInterceptorContext;
|
||||
import org.slf4j.Logger;
|
||||
import org.slf4j.LoggerFactory;
|
||||
import org.springframework.beans.factory.annotation.Autowired;
|
||||
import org.springframework.context.ApplicationEventPublisher;
|
||||
|
||||
import java.util.*;
|
||||
import java.util.function.Function;
|
||||
@@ -30,6 +34,8 @@ public class DefaultAuthorizingHandler implements AuthorizingHandler {
|
||||
|
||||
private Logger logger = LoggerFactory.getLogger(this.getClass());
|
||||
|
||||
private ApplicationEventPublisher eventPublisher;
|
||||
|
||||
public DefaultAuthorizingHandler(DataAccessController dataAccessController) {
|
||||
this.dataAccessController = dataAccessController;
|
||||
}
|
||||
@@ -41,17 +47,40 @@ public class DefaultAuthorizingHandler implements AuthorizingHandler {
|
||||
this.dataAccessController = dataAccessController;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void handRDAC(AuthorizingContext context) {
|
||||
@Autowired
|
||||
public void setEventPublisher(ApplicationEventPublisher eventPublisher) {
|
||||
this.eventPublisher = eventPublisher;
|
||||
}
|
||||
|
||||
@Override
|
||||
public void handRBAC(AuthorizingContext context) {
|
||||
if(handleEvent(context,HandleType.RBAC)){
|
||||
return;
|
||||
}
|
||||
//进行rdac权限控制
|
||||
handleRdac(context.getAuthentication(), context.getDefinition());
|
||||
//表达式权限控制
|
||||
handleExpression(context.getAuthentication(), context.getDefinition(), context.getParamContext());
|
||||
|
||||
|
||||
}
|
||||
private boolean handleEvent(AuthorizingContext context,HandleType type){
|
||||
if(null!=eventPublisher) {
|
||||
AuthorizationHandleBeforeEvent event = new AuthorizationHandleBeforeEvent(context, type);
|
||||
eventPublisher.publishEvent(event);
|
||||
if (!event.isExecute()) {
|
||||
if (event.isAllow()) {
|
||||
return true;
|
||||
} else {
|
||||
throw new AccessDenyException(event.getMessage());
|
||||
}
|
||||
}
|
||||
}
|
||||
return false;
|
||||
}
|
||||
public void handleDataAccess(AuthorizingContext context) {
|
||||
if(handleEvent(context,HandleType.DATA)){
|
||||
return;
|
||||
}
|
||||
if (dataAccessController == null) {
|
||||
logger.warn("dataAccessController is null,skip result access control!");
|
||||
return;
|
||||
|
||||
@@ -26,7 +26,6 @@ import org.mockito.runners.MockitoJUnitRunner;
|
||||
import java.util.*;
|
||||
|
||||
import static org.mockito.Matchers.any;
|
||||
import static org.mockito.Matchers.anyString;
|
||||
import static org.mockito.Mockito.mock;
|
||||
import static org.mockito.Mockito.when;
|
||||
|
||||
@@ -111,7 +110,7 @@ public class AuthorizeTests {
|
||||
authorizingContext.setDefinition(definition);
|
||||
authorizingContext.setParamContext(queryById);
|
||||
|
||||
handler.handRDAC(authorizingContext);
|
||||
handler.handRBAC(authorizingContext);
|
||||
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user