优化basic授权结构

2026-06-01 02:15:07 +08:00 · 2018-09-21 17:13:23 +08:00
parent afbe914558
commit 8a1c4bc3db
4 changed files with 26 additions and 36 deletions
--- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/configuration/AuthorizingHandlerAutoConfiguration.java
+++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/configuration/AuthorizingHandlerAutoConfiguration.java
@@ -12,6 +12,7 @@ import org.hswebframework.web.authorization.basic.web.session.UserTokenAutoExpir
 import org.hswebframework.web.authorization.token.UserTokenManager;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.config.BeanPostProcessor;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingClass;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
@@ -119,4 +120,16 @@ public class AuthorizingHandlerAutoConfiguration {
            return bean;
        }
    }
+
+    @Configuration
+    @ConditionalOnProperty(prefix = "hsweb.authorize", name = "basic-authorization", havingValue = "true")
+    @ConditionalOnClass(UserTokenForTypeParser.class)
+    public static class BasicAuthorizationConfiguration {
+        @Bean
+        public BasicAuthorizationTokenParser basicAuthorizationTokenParser(AuthenticationManager authenticationManager,
+                                                                           UserTokenManager tokenManager) {
+            return new BasicAuthorizationTokenParser(authenticationManager, tokenManager);
+        }
+
+    }
 }
--- a/hsweb-system/hsweb-system-authorization/hsweb-system-authorization-starter/src/main/java/org/hswebframework/web/authorization/starter/BasicAuthorizationTokenParser.java
+++ b/hsweb-system/hsweb-system-authorization/hsweb-system-authorization-starter/src/main/java/org/hswebframework/web/authorization/starter/BasicAuthorizationTokenParser.java
@@ -1,18 +1,20 @@
-package org.hswebframework.web.authorization.starter;
+package org.hswebframework.web.authorization.basic.configuration;
+
 import org.apache.commons.codec.binary.Base64;
+import org.hswebframework.web.authorization.Authentication;
+import org.hswebframework.web.authorization.AuthenticationManager;
 import org.hswebframework.web.authorization.basic.web.AuthorizedToken;
 import org.hswebframework.web.authorization.basic.web.ParsedToken;
 import org.hswebframework.web.authorization.basic.web.UserTokenForTypeParser;
+import org.hswebframework.web.authorization.simple.PlainTextUsernamePasswordAuthenticationRequest;
 import org.hswebframework.web.authorization.token.UserToken;
 import org.hswebframework.web.authorization.token.UserTokenManager;
-import org.hswebframework.web.entity.authorization.UserEntity;
-import org.hswebframework.web.service.authorization.UserService;

 import javax.servlet.http.HttpServletRequest;

 public class BasicAuthorizationTokenParser implements UserTokenForTypeParser {

-    private UserService userService;
+    private AuthenticationManager authenticationManager;

    private UserTokenManager userTokenManager;

@@ -21,8 +23,8 @@ public class BasicAuthorizationTokenParser implements UserTokenForTypeParser {
        return "basic";
    }

-    public BasicAuthorizationTokenParser(UserService userService, UserTokenManager userTokenManager) {
-        this.userService = userService;
+    public BasicAuthorizationTokenParser(AuthenticationManager authenticationManager, UserTokenManager userTokenManager) {
+        this.authenticationManager = authenticationManager;
        this.userTokenManager = userTokenManager;
    }

@@ -56,12 +58,12 @@ public class BasicAuthorizationTokenParser implements UserTokenForTypeParser {
            }
            if (usernameAndPassword.contains(":")) {
                String[] arr = usernameAndPassword.split("[:]");
-                UserEntity user = userService.selectByUserNameAndPassword(arr[0], arr[1]);
-                if (user != null) {
+                Authentication authentication = authenticationManager.authenticate(new PlainTextUsernamePasswordAuthenticationRequest(arr[0], arr[1]));
+                if (authentication != null) {
                    return new AuthorizedToken() {
                        @Override
                        public String getUserId() {
-                            return user.getId();
+                            return authentication.getUser().getId();
                        }

                        @Override
@@ -77,7 +79,7 @@ public class BasicAuthorizationTokenParser implements UserTokenForTypeParser {
                        @Override
                        public long getMaxInactiveInterval() {
                            //60分钟有效期
-                            return 60*60*1000L;
+                            return 60 * 60 * 1000L;
                        }
                    };
                }
--- a/hsweb-system/hsweb-system-authorization/hsweb-system-authorization-starter/src/main/java/org/hswebframework/web/authorization/starter/AuthorizationAutoConfiguration.java
+++ b/hsweb-system/hsweb-system-authorization/hsweb-system-authorization-starter/src/main/java/org/hswebframework/web/authorization/starter/AuthorizationAutoConfiguration.java
@@ -20,11 +20,11 @@ package org.hswebframework.web.authorization.starter;

 import org.hswebframework.web.authorization.AuthenticationInitializeService;
 import org.hswebframework.web.authorization.AuthenticationManager;
+import org.hswebframework.web.authorization.basic.configuration.BasicAuthorizationConfiguration;
 import org.hswebframework.web.authorization.simple.DefaultAuthorizationAutoConfiguration;
 import org.hswebframework.web.service.authorization.simple.SimpleAuthenticationManager;
 import org.mybatis.spring.annotation.MapperScan;
 import org.springframework.boot.autoconfigure.AutoConfigureBefore;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
--- a/hsweb-system/hsweb-system-authorization/hsweb-system-authorization-starter/src/main/java/org/hswebframework/web/authorization/starter/BasicAuthorizationConfiguration.java
+++ b/hsweb-system/hsweb-system-authorization/hsweb-system-authorization-starter/src/main/java/org/hswebframework/web/authorization/starter/BasicAuthorizationConfiguration.java
@@ -1,25 +0,0 @@
-package org.hswebframework.web.authorization.starter;
-
-import org.hswebframework.web.authorization.basic.web.UserTokenForTypeParser;
-import org.hswebframework.web.authorization.token.UserTokenManager;
-import org.hswebframework.web.service.authorization.UserService;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnClass;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-
-/**
- * @author zhouhao
- * @since 3.0
- */
-@Configuration
-@ConditionalOnProperty(prefix = "hsweb.authorize", name = "basic-authorization", havingValue = "true")
-@ConditionalOnClass(UserTokenForTypeParser.class)
-public class BasicAuthorizationConfiguration {
-
-    @Bean
-    public BasicAuthorizationTokenParser basicAuthorizationTokenParser(UserService userService, UserTokenManager tokenManager) {
-        return new BasicAuthorizationTokenParser(userService, tokenManager);
-    }
-
-}