继续优化权限

2026-06-09 09:24:03 +08:00 · 2017-08-18 17:06:13 +08:00
parent 5e1b2ec689
commit b5a8cf712c
14 changed files with 124 additions and 47 deletions
--- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/DefaultAuthorizingHandler.java
+++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/DefaultAuthorizingHandler.java
@@ -57,7 +57,7 @@ public class DefaultAuthorizingHandler implements AuthorizingHandler {

    protected void handleDataAccess(AuthorizingContext context) {
        if (dataAccessController == null) {
-            logger.warn("dataAccessController is null,skip data access control!");
+            logger.warn("dataAccessController is null,skip result access control!");
            return;
        }
        List<Permission> permission = context.getAuthentication().getPermissions()
--- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/OwnCreatedDataAccessHandler.java
+++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/OwnCreatedDataAccessHandler.java
@@ -44,7 +44,7 @@ public class OwnCreatedDataAccessHandler implements DataAccessHandler {
                case Permission.ACTION_UPDATE:
                    return doRWAccess(own, context,controller);
                case Permission.ACTION_ADD:
-                    //put creator_id to data
+                    //put creator_id to result
                    return putCreatorId(own, context);
                default:
                    logger.warn("action: {} not support now!", access.getAction());
--- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/UserTokenAuthenticationSupplier.java
+++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/UserTokenAuthenticationSupplier.java
@@ -31,6 +31,10 @@ public class UserTokenAuthenticationSupplier implements AuthenticationSupplier {

    @Override
    public Authentication get() {
-        return ThreadLocalUtils.get(Authentication.class.getName(), () -> get(Optional.ofNullable(getCurrentUserToken()).map(UserToken::getUserId).orElse(null)));
+        return ThreadLocalUtils.get(Authentication.class.getName(), () ->
+                get(Optional.ofNullable(getCurrentUserToken())
+                        .filter(UserToken::validate) //验证token,如果不是正常状态,将会抛出异常
+                        .map(UserToken::getUserId)
+                        .orElse(null)));
    }
 }
--- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/WebUserTokenInterceptor.java
+++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/WebUserTokenInterceptor.java
@@ -1,5 +1,6 @@
 package org.hswebframework.web.authorization.basic.web;

+import org.hswebframework.web.authorization.exception.UnAuthorizedException;
 import org.hswebframework.web.authorization.token.UserToken;
 import org.hswebframework.web.authorization.token.UserTokenManager;
 import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
@@ -33,14 +34,8 @@ public class WebUserTokenInterceptor extends HandlerInterceptorAdapter {
        UserToken userToken = userTokenManager.getByToken(token);
        if (userToken == null) {
            return true;
-        } else if (userToken.isEffective()) {
+        } else {
            UserTokenHolder.setCurrent(userToken);
-        } else if (userToken.isExpired()) {
-            // TODO: 17-8-16 发送登录超时的错误信息
-            userTokenManager.signOutByToken(token);
-        } else if (userToken.isOffline()) {
-            // TODO: 17-8-16 发送已被踢出的错误信息
-            userTokenManager.signOutByToken(token);
        }
        return true;
    }