diff --git a/hsweb-web-core/src/main/java/org/hsweb/web/core/authorize/AopAuthorizeValidator.java b/hsweb-web-core/src/main/java/org/hsweb/web/core/authorize/AopAuthorizeValidator.java index d23598024..d70da5698 100644 --- a/hsweb-web-core/src/main/java/org/hsweb/web/core/authorize/AopAuthorizeValidator.java +++ b/hsweb-web-core/src/main/java/org/hsweb/web/core/authorize/AopAuthorizeValidator.java @@ -3,16 +3,19 @@ package org.hsweb.web.core.authorize; import org.aspectj.lang.ProceedingJoinPoint; import org.aspectj.lang.reflect.MethodSignature; import org.hsweb.web.core.authorize.annotation.Authorize; +import org.hsweb.web.core.authorize.oauth2.OAuth2Manager; import org.hsweb.web.core.authorize.validator.SimpleAuthorizeValidator; import org.hsweb.web.bean.po.user.User; import org.hsweb.web.core.exception.AuthorizeException; import org.hsweb.web.core.session.HttpSessionManager; import org.hsweb.web.core.utils.AopUtils; +import org.hsweb.web.core.utils.ThreadLocalUtils; import org.hsweb.web.core.utils.WebUtil; import org.springframework.beans.factory.annotation.Autowired; import org.hsweb.commons.ClassUtils; import org.hsweb.commons.StringUtils; +import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpSession; import java.util.LinkedHashMap; import java.util.LinkedHashSet; @@ -26,6 +29,20 @@ import java.util.concurrent.ConcurrentMap; */ public class AopAuthorizeValidator extends SimpleAuthorizeValidator { + private HttpSessionManager httpSessionManager; + + private OAuth2Manager oAuth2Manager; + + @Autowired + public void setHttpSessionManager(HttpSessionManager httpSessionManager) { + this.httpSessionManager = httpSessionManager; + } + + @Autowired(required = false) + public void setoAuth2Manager(OAuth2Manager oAuth2Manager) { + this.oAuth2Manager = oAuth2Manager; + } + protected ConcurrentMap configCache = new ConcurrentHashMap<>(); protected AuthorizeValidatorConfig getConfig(ProceedingJoinPoint pjp) { @@ -54,20 +71,29 @@ public class AopAuthorizeValidator extends SimpleAuthorizeValidator { return config; } - private HttpSessionManager httpSessionManager; - - @Autowired - public void setHttpSessionManager(HttpSessionManager httpSessionManager) { - this.httpSessionManager = httpSessionManager; - } - public boolean validate(ProceedingJoinPoint pjp) { AuthorizeValidatorConfig config = getConfig(pjp); if (config == null) return true; - HttpSession session = WebUtil.getHttpServletRequest().getSession(false); - if (session == null) throw new AuthorizeException("未登录", 401); - User user = httpSessionManager.getUserBySessionId(session.getId()); - if (user == null) throw new AuthorizeException("未登录", 401); + User user = null; + HttpServletRequest request = WebUtil.getHttpServletRequest(); + //api OAuth2 认证 + if (config.isApiSupport()) { + if (oAuth2Manager != null) { + String token = oAuth2Manager.getAccessTokenByRequest(request); + if (token != null) { + user = oAuth2Manager.getUserByAccessToken(token); + if (user == null) { + throw new AuthorizeException("invalid_token", 401); + } + } + } + } + if (user == null) { + HttpSession session = request.getSession(false); + if (session == null) throw new AuthorizeException("未登录", 401); + user = httpSessionManager.getUserBySessionId(session.getId()); + if (user == null) throw new AuthorizeException("未登录", 401); + } if (config.isEmpty()) return true; Map param = new LinkedHashMap<>(); MethodSignature signature = (MethodSignature) pjp.getSignature(); diff --git a/hsweb-web-core/src/main/java/org/hsweb/web/core/authorize/oauth2/OAuth2Manager.java b/hsweb-web-core/src/main/java/org/hsweb/web/core/authorize/oauth2/OAuth2Manager.java new file mode 100644 index 000000000..893bbbe4a --- /dev/null +++ b/hsweb-web-core/src/main/java/org/hsweb/web/core/authorize/oauth2/OAuth2Manager.java @@ -0,0 +1,33 @@ +/* + * Copyright 2015-2016 http://hsweb.me + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.hsweb.web.core.authorize.oauth2; + +import org.hsweb.web.bean.po.user.User; + +import javax.servlet.http.HttpServletRequest; + +public interface OAuth2Manager { + String getAccessTokenByRequest(HttpServletRequest request); + + User getUserByAccessToken(String accessToken); + + default User getUserByRequest(HttpServletRequest request) { + String token = getAccessTokenByRequest(request); + if (token == null) return null; + return getUserByAccessToken(token); + } +} diff --git a/hsweb-web-core/src/main/java/org/hsweb/web/core/authorize/oauth2/OAuth2ManagerHolder.java b/hsweb-web-core/src/main/java/org/hsweb/web/core/authorize/oauth2/OAuth2ManagerHolder.java new file mode 100644 index 000000000..c505d4cbb --- /dev/null +++ b/hsweb-web-core/src/main/java/org/hsweb/web/core/authorize/oauth2/OAuth2ManagerHolder.java @@ -0,0 +1,46 @@ +/* + * Copyright 2015-2016 http://hsweb.me + * + * Licensed under the Apache License, Version 2.0 (the "License"); + * you may not use this file except in compliance with the License. + * You may obtain a copy of the License at + * + * http://www.apache.org/licenses/LICENSE-2.0 + * + * Unless required by applicable law or agreed to in writing, software + * distributed under the License is distributed on an "AS IS" BASIS, + * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. + * See the License for the specific language governing permissions and + * limitations under the License. + */ + +package org.hsweb.web.core.authorize.oauth2; + +import org.hsweb.web.core.authorize.annotation.Authorize; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; + +import javax.annotation.PostConstruct; + +/** + * @author zhouhao + * @TODO + */ +@Component +public class OAuth2ManagerHolder { + + @Autowired(required = false) + private OAuth2Manager oAuth2Manager; + + public static OAuth2Manager target; + + public static final OAuth2Manager getManager() { + return target; + } + + @PostConstruct + public void init() { + if (target == null && oAuth2Manager != null) + target = oAuth2Manager; + } +} diff --git a/hsweb-web-core/src/main/java/org/hsweb/web/core/utils/WebUtil.java b/hsweb-web-core/src/main/java/org/hsweb/web/core/utils/WebUtil.java index c28efa91b..b36e2894d 100644 --- a/hsweb-web-core/src/main/java/org/hsweb/web/core/utils/WebUtil.java +++ b/hsweb-web-core/src/main/java/org/hsweb/web/core/utils/WebUtil.java @@ -1,6 +1,8 @@ package org.hsweb.web.core.utils; import org.hsweb.web.bean.po.user.User; +import org.hsweb.web.core.authorize.oauth2.OAuth2Manager; +import org.hsweb.web.core.authorize.oauth2.OAuth2ManagerHolder; import org.springframework.web.context.request.RequestContextHolder; import org.springframework.web.context.request.ServletRequestAttributes; @@ -61,7 +63,13 @@ public class WebUtil { public static User getLoginUser(HttpServletRequest request) { if (request == null) return null; HttpSession session = request.getSession(false); - if (session == null) return null; + if (session == null) { + OAuth2Manager manager = OAuth2ManagerHolder.getManager(); + if (manager != null) { + return manager.getUserByRequest(request); + } + return null; + } return getLoginUser(session); }