新增OAuth2支持

2026-06-22 01:32:48 +08:00 · 2016-08-17 14:16:55 +08:00
parent c43675bf73
commit 2c587a1816
4 changed files with 125 additions and 12 deletions
--- a/hsweb-web-core/src/main/java/org/hsweb/web/core/authorize/AopAuthorizeValidator.java
+++ b/hsweb-web-core/src/main/java/org/hsweb/web/core/authorize/AopAuthorizeValidator.java
@@ -3,16 +3,19 @@ package org.hsweb.web.core.authorize;
 import org.aspectj.lang.ProceedingJoinPoint;
 import org.aspectj.lang.reflect.MethodSignature;
 import org.hsweb.web.core.authorize.annotation.Authorize;
+import org.hsweb.web.core.authorize.oauth2.OAuth2Manager;
 import org.hsweb.web.core.authorize.validator.SimpleAuthorizeValidator;
 import org.hsweb.web.bean.po.user.User;
 import org.hsweb.web.core.exception.AuthorizeException;
 import org.hsweb.web.core.session.HttpSessionManager;
 import org.hsweb.web.core.utils.AopUtils;
+import org.hsweb.web.core.utils.ThreadLocalUtils;
 import org.hsweb.web.core.utils.WebUtil;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.hsweb.commons.ClassUtils;
 import org.hsweb.commons.StringUtils;

+import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
 import java.util.LinkedHashMap;
 import java.util.LinkedHashSet;
@@ -26,6 +29,20 @@ import java.util.concurrent.ConcurrentMap;
 */
 public class AopAuthorizeValidator extends SimpleAuthorizeValidator {

+    private HttpSessionManager httpSessionManager;
+
+    private OAuth2Manager oAuth2Manager;
+
+    @Autowired
+    public void setHttpSessionManager(HttpSessionManager httpSessionManager) {
+        this.httpSessionManager = httpSessionManager;
+    }
+
+    @Autowired(required = false)
+    public void setoAuth2Manager(OAuth2Manager oAuth2Manager) {
+        this.oAuth2Manager = oAuth2Manager;
+    }
+
    protected ConcurrentMap<String, AuthorizeValidatorConfig> configCache = new ConcurrentHashMap<>();

    protected AuthorizeValidatorConfig getConfig(ProceedingJoinPoint pjp) {
@@ -54,20 +71,29 @@ public class AopAuthorizeValidator extends SimpleAuthorizeValidator {
        return config;
    }

-    private HttpSessionManager httpSessionManager;
-
-    @Autowired
-    public void setHttpSessionManager(HttpSessionManager httpSessionManager) {
-        this.httpSessionManager = httpSessionManager;
-    }
-
    public boolean validate(ProceedingJoinPoint pjp) {
        AuthorizeValidatorConfig config = getConfig(pjp);
        if (config == null) return true;
-        HttpSession session = WebUtil.getHttpServletRequest().getSession(false);
-        if (session == null) throw new AuthorizeException("未登录", 401);
-        User user = httpSessionManager.getUserBySessionId(session.getId());
-        if (user == null) throw new AuthorizeException("未登录", 401);
+        User user = null;
+        HttpServletRequest request = WebUtil.getHttpServletRequest();
+        //api OAuth2 认证
+        if (config.isApiSupport()) {
+            if (oAuth2Manager != null) {
+                String token = oAuth2Manager.getAccessTokenByRequest(request);
+                if (token != null) {
+                    user = oAuth2Manager.getUserByAccessToken(token);
+                    if (user == null) {
+                        throw new AuthorizeException("invalid_token", 401);
+                    }
+                }
+            }
+        }
+        if (user == null) {
+            HttpSession session = request.getSession(false);
+            if (session == null) throw new AuthorizeException("未登录", 401);
+            user = httpSessionManager.getUserBySessionId(session.getId());
+            if (user == null) throw new AuthorizeException("未登录", 401);
+        }
        if (config.isEmpty()) return true;
        Map<String, Object> param = new LinkedHashMap<>();
        MethodSignature signature = (MethodSignature) pjp.getSignature();
--- a/hsweb-web-core/src/main/java/org/hsweb/web/core/authorize/oauth2/OAuth2Manager.java
+++ b/hsweb-web-core/src/main/java/org/hsweb/web/core/authorize/oauth2/OAuth2Manager.java
@@ -0,0 +1,33 @@
+/*
+ * Copyright 2015-2016 http://hsweb.me
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.hsweb.web.core.authorize.oauth2;
+
+import org.hsweb.web.bean.po.user.User;
+
+import javax.servlet.http.HttpServletRequest;
+
+public interface OAuth2Manager {
+    String getAccessTokenByRequest(HttpServletRequest request);
+
+    User getUserByAccessToken(String accessToken);
+
+    default User getUserByRequest(HttpServletRequest request) {
+        String token = getAccessTokenByRequest(request);
+        if (token == null) return null;
+        return getUserByAccessToken(token);
+    }
+}
--- a/hsweb-web-core/src/main/java/org/hsweb/web/core/authorize/oauth2/OAuth2ManagerHolder.java
+++ b/hsweb-web-core/src/main/java/org/hsweb/web/core/authorize/oauth2/OAuth2ManagerHolder.java
@@ -0,0 +1,46 @@
+/*
+ * Copyright 2015-2016 http://hsweb.me
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.hsweb.web.core.authorize.oauth2;
+
+import org.hsweb.web.core.authorize.annotation.Authorize;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import javax.annotation.PostConstruct;
+
+/**
+ * @author zhouhao
+ * @TODO
+ */
+@Component
+public class OAuth2ManagerHolder {
+
+    @Autowired(required = false)
+    private OAuth2Manager oAuth2Manager;
+
+    public static OAuth2Manager target;
+
+    public static final OAuth2Manager getManager() {
+        return target;
+    }
+
+    @PostConstruct
+    public void init() {
+        if (target == null && oAuth2Manager != null)
+            target = oAuth2Manager;
+    }
+}
--- a/hsweb-web-core/src/main/java/org/hsweb/web/core/utils/WebUtil.java
+++ b/hsweb-web-core/src/main/java/org/hsweb/web/core/utils/WebUtil.java
@@ -1,6 +1,8 @@
 package org.hsweb.web.core.utils;

 import org.hsweb.web.bean.po.user.User;
+import org.hsweb.web.core.authorize.oauth2.OAuth2Manager;
+import org.hsweb.web.core.authorize.oauth2.OAuth2ManagerHolder;
 import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;

@@ -61,7 +63,13 @@ public class WebUtil {
    public static User getLoginUser(HttpServletRequest request) {
        if (request == null) return null;
        HttpSession session = request.getSession(false);
-        if (session == null) return null;
+        if (session == null) {
+            OAuth2Manager manager = OAuth2ManagerHolder.getManager();
+            if (manager != null) {
+                return manager.getUserByRequest(request);
+            }
+            return null;
+        }
        return getLoginUser(session);
    }