lywsvip/hsweb-framework
1
0
Fork 0
mirror of https://github.com/hs-web/hsweb-framework.git synced 2026-06-09 09:24:03 +08:00
Code Issues Packages Projects Releases Wiki Activity

优化权限 增加jwt

Browse Source
This commit is contained in:
zhouhao
2017-08-30 23:28:10 +08:00
parent 03cf090fb8
commit a932d5171e
14 changed files with 176 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/configuration/AuthorizingHandlerAutoConfiguration.java
View File

@@ -13,7 +13,6 @@ import org.hswebframework.web.authorization.token.UserTokenManager;
import org.springframework.beans.BeansException;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.config.BeanPostProcessor;
import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
import org.springframework.boot.context.properties.ConfigurationProperties;
import org.springframework.context.annotation.Bean;
@@ -22,6 +21,8 @@ import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
import java.util.List;
/**
* TODO 完成注释
*
@@ -48,7 +49,12 @@ public class AuthorizingHandlerAutoConfiguration {
@Bean
@ConditionalOnMissingBean(UserTokenParser.class)
public UserTokenParser userTokenParser() {
return new DefaultUserTokenParser();
return new SessionIdUserTokenParser();
}
@Bean
public SessionIdUserTokenGenerator sessionIdUserTokenGenerator(){
return new SessionIdUserTokenGenerator();
}
@Bean
@@ -60,7 +66,7 @@ public class AuthorizingHandlerAutoConfiguration {
@Bean
public WebMvcConfigurer webUserTokenInterceptorConfigurer(UserTokenManager userTokenManager,
UserTokenParser userTokenParser) {
List<UserTokenParser> userTokenParser) {
return new WebMvcConfigurerAdapter() {
@Override
public void addInterceptors(InterceptorRegistry registry) {

28
hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/DefaultUserTokenParser.java
View File

@@ -1,28 +0,0 @@
package org.hswebframework.web.authorization.basic.web;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import java.util.function.Predicate;
/**
* @author zhouhao
*/
public class DefaultUserTokenParser implements UserTokenParser {
@Override
public String parseToken(HttpServletRequest request, Predicate<String> tokenValidate) {
String token = request.getParameter("access_token");
if (null != token) {
if (tokenValidate.test(token))
return token;
}
HttpSession session = request.getSession(false);
if (session != null) {
if (tokenValidate.test(session.getId()))
return session.getId();
}
return null;
}
}

48
hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/SessionIdUserTokenGenerator.java Normal file
View File

@@ -0,0 +1,48 @@
package org.hswebframework.web.authorization.basic.web;
import org.hswebframework.web.WebUtil;
import org.hswebframework.web.authorization.Authentication;
import javax.servlet.http.HttpServletRequest;
import java.io.Serializable;
import java.util.Collections;
import java.util.Map;
/**
* @author zhouhao
*/
public class SessionIdUserTokenGenerator implements UserTokenGenerator ,Serializable {
@Override
public String getSupportTokenType() {
return "sessionId";
}
@Override
public TokenResult generate(Authentication authentication) {
HttpServletRequest request= WebUtil.getHttpServletRequest();
if(null==request)throw new UnsupportedOperationException();
int timeout =request.getSession().getMaxInactiveInterval();
String sessionId = request.getSession().getId();
return new TokenResult() {
@Override
public Map<String, Object> getResponse() {
return Collections.emptyMap();
}
@Override
public String getToken() {
return sessionId;
}
@Override
public int getTimeout() {
return timeout;
}
};
}
}

22
hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/SessionIdUserTokenParser.java Normal file
View File

@@ -0,0 +1,22 @@
package org.hswebframework.web.authorization.basic.web;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import java.util.function.Predicate;
/**
* @author zhouhao
*/
public class SessionIdUserTokenParser implements UserTokenParser {
@Override
public String parseToken(HttpServletRequest request) {
HttpSession session = request.getSession(false);
if (session != null) {
return session.getId();
}
return null;
}
}

15
hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/TokenResult.java Normal file
View File

@@ -0,0 +1,15 @@
package org.hswebframework.web.authorization.basic.web;
import java.io.Serializable;
import java.util.Map;
/**
* Created by zhouhao on 2017/8/30.
*/
public interface TokenResult extends Serializable {
Map<String,Object> getResponse();
String getToken();
int getTimeout();
}

37
hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/UserOnSignIn.java
View File

@@ -6,31 +6,58 @@ import org.hswebframework.web.authorization.listener.AuthorizationListener;
import org.hswebframework.web.authorization.listener.event.AuthorizationSuccessEvent;
import org.hswebframework.web.authorization.token.UserToken;
import org.hswebframework.web.authorization.token.UserTokenManager;
import org.springframework.beans.factory.annotation.Autowired;
import java.util.ArrayList;
import java.util.List;
import java.util.Optional;
import java.util.UUID;
/**
* TODO 完成注释
*
* @author zhouhao
*/
public class UserOnSignIn implements AuthorizationListener<AuthorizationSuccessEvent> {
private String defaultTokenType="sessionId";
private UserTokenManager userTokenManager;
private List<UserTokenGenerator> userTokenGenerators=new ArrayList<>();
public UserOnSignIn(UserTokenManager userTokenManager) {
this.userTokenManager = userTokenManager;
}
public void setDefaultTokenType(String defaultTokenType) {
this.defaultTokenType = defaultTokenType;
}
@Autowired(required = false)
public void setUserTokenGenerators(List<UserTokenGenerator> userTokenGenerators) {
this.userTokenGenerators = userTokenGenerators;
}
@Override
public void on(AuthorizationSuccessEvent event) {
UserToken token = UserTokenHolder.currentToken();
String tokenType = (String) event.getParameter("token_type").orElse("sessionId");
String tokenType = (String) event.getParameter("token_type").orElse(defaultTokenType);
if (token != null) {
//先退出已登陆的用户
userTokenManager.signOutByToken(token.getToken());
}
token = userTokenManager.signIn(createToken(tokenType), event.getAuthentication().getUser().getId());
event.getResult().put("token", token.getToken());
//创建token
TokenResult newToken = userTokenGenerators.stream()
.filter(generator->generator.getSupportTokenType().equals(tokenType))
.findFirst()
.orElseThrow(()->new UnsupportedOperationException(tokenType))
.generate(event.getAuthentication());
//登入
userTokenManager.signIn(newToken.getToken(), event.getAuthentication().getUser().getId(),newToken.getTimeout());
//响应结果
event.getResult().putAll(newToken.getResponse());
}

15
hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/UserTokenGenerator.java Normal file
View File

@@ -0,0 +1,15 @@
package org.hswebframework.web.authorization.basic.web;
import org.hswebframework.web.authorization.Authentication;
/**
*
* 用户令牌生产器,用于在用户进行授权后生成令牌
* @author zhouhao
*
*/
public interface UserTokenGenerator {
String getSupportTokenType();
TokenResult generate(Authentication authentication);
}

3
hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/UserTokenParser.java
View File

@@ -9,5 +9,6 @@ import java.util.function.Predicate;
* @author zhouhao
*/
public interface UserTokenParser {
String parseToken(HttpServletRequest request, Predicate<String> tokenValidate);
String parseToken(HttpServletRequest request);
}

15
hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/WebUserTokenInterceptor.java
View File

@@ -1,12 +1,13 @@
package org.hswebframework.web.authorization.basic.web;
import org.hswebframework.web.authorization.exception.UnAuthorizedException;
import org.hswebframework.web.authorization.token.UserToken;
import org.hswebframework.web.authorization.token.UserTokenManager;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.List;
import java.util.Objects;
/**
* TODO 完成注释
@@ -17,16 +18,22 @@ public class WebUserTokenInterceptor extends HandlerInterceptorAdapter {
private UserTokenManager userTokenManager;
private UserTokenParser userTokenParser;
private List<UserTokenParser> userTokenParser;
public WebUserTokenInterceptor(UserTokenManager userTokenManager, UserTokenParser userTokenParser) {
public WebUserTokenInterceptor(UserTokenManager userTokenManager, List<UserTokenParser> userTokenParser) {
this.userTokenManager = userTokenManager;
this.userTokenParser = userTokenParser;
}
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
String token = userTokenParser.parseToken(request, userTokenManager::tokenIsLoggedIn);
String token = userTokenParser.stream()
.map(parser->parser.parseToken(request))
.filter(Objects::nonNull)
.filter(userTokenManager::tokenIsLoggedIn)
.findFirst()
.orElse(null);
if (null == token) {
return true;
}