lywsvip/hsweb-framework
1
0
Fork 0
mirror of https://github.com/hs-web/hsweb-framework.git synced 2026-05-09 06:36:58 +08:00
Code Issues Packages Projects Releases Wiki Activity

shiro被砍,basic顶替.

Browse Source
This commit is contained in:
zhouhao
2017-08-18 17:55:11 +08:00
parent b5a8cf712c
commit f342de5bb8
23 changed files with 86 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
hsweb-authorization/hsweb-authorization-api/README.md
View File

@@ -1,6 +1,10 @@
# 权限控制API
用于权限控制的API接口,支持RBAC权限控制,支持数据级(控制到行,列)权限控制.
[用户令牌管理](token.md)
[权限控制配置](define.md)
# 介绍
以下讲到的类都是基于包:org.hswebframework.web.authorization
@@ -52,4 +56,5 @@ public class CustomAuthorizationSuccessListener implements AuthorizationListener
System.out.println(authentication.getUser().getName()+"登录啦");
}
}
```
```

3
hsweb-authorization/hsweb-authorization-api/define.md Normal file
View File

@@ -0,0 +1,3 @@
# 权限配置定义
用于告诉权限框架哪些请求需要进行权限控制,怎么控制.

8
hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/define/AuthorizingContext.java
View File

@@ -1,7 +1,7 @@
package org.hswebframework.web.authorization.define;
import org.hswebframework.web.authorization.Authentication;
import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
import org.hswebframework.web.boost.aop.context.MethodInterceptorContext;
/**
* 权限控制上下文
@@ -11,7 +11,7 @@ public class AuthorizingContext {
private Authentication authentication;
private MethodInterceptorParamContext paramContext;
private MethodInterceptorContext paramContext;
public AuthorizeDefinition getDefinition() {
return definition;
@@ -29,11 +29,11 @@ public class AuthorizingContext {
this.authentication = authentication;
}
public MethodInterceptorParamContext getParamContext() {
public MethodInterceptorContext getParamContext() {
return paramContext;
}
public void setParamContext(MethodInterceptorParamContext paramContext) {
public void setParamContext(MethodInterceptorContext paramContext) {
this.paramContext = paramContext;
}
}

3
hsweb-authorization/hsweb-authorization-api/token.md Normal file
View File

@@ -0,0 +1,3 @@
# 用户令牌管理
用于管理已授权的用户,并这些用户进行操作,如: 统计人数,踢下线,禁止多地点同时登录等操作

49
hsweb-authorization/hsweb-authorization-basic/README.md Normal file
View File

@@ -0,0 +1,49 @@
# 权限控制基础实现
1. 实现RBAC权限控制
2. 实现数据权限控制
3. 可动态进行权限配置设置
默认仅提供了aop方式的权限控制,控制逻辑如下:
1. `AopAuthorizingController` aop拦截所有controller方法(注解了:`Controller`或者`RestController`的类的方法)
2. 在客户端发起请求的时候,将拦截到的方法信息(`MethodInterceptorContext`)传给权限定义解析器(`AopMethodAuthorizeDefinitionParser`)
进行解析
3. 框架默认实现的解析器会先调用所有的`AopMethodAuthorizeDefinitionCustomizerParser`获取自定义的配置(实现`AopMethodAuthorizeDefinitionCustomizerParser`接口并注入到spring即可,自定义未进行缓存,请自行实现缓存策略)
如果没有,则获取缓存,如果缓存不存在就开始解析方法以及类上的注解,并放入缓存后返回权限配
4. 如果解析器返回的结果不为空,并且用户已经登录,则调用`AuthorizingHandler`进行权限控制
5. 默认的权限控制实现`DefaultAuthorizingHandler`,将分别进行RBAC,数据权限,表达式方式的权限控制.
6. 如果授权未通过,则抛出`AccessDenyException`异常
## 授权
使用`hsweb-authorization-api`提供的授权方式:类`UserOnSignIn`监听用户授权事件`AuthorizationSuccessEvent`
当用户完成授权,授权的方式可自行处理,或者使用框架默认的授权方式.授权通过后会触发该事件.流程如下
1. 授权接口完成授权,触发AuthorizationSuccessEvent
2. `UserOnSignIn` 收到事件,获取参数`token_type`(默认为`sessionId`)
3. 根据`token_type` 生成token.
4. 将token信息注册到`UserTokenManager`
5. 将token返回给授权接口
## 注销
与授权同理,类`UserOnSignOut`监听`AuthorizationExitEvent` ,当触发事件后,调用`UserTokenManager`移除当前登录的token信息
## rbac权限控制
默认对注解`Authorize`进行实现,具体功能,请查看源代码
## 数据权限
原理: 通过用户的权限信息,对aop拦截到的参数进行操作
约束: 对方法的参数有要求,如动态查询需要有参数`QueryParamEntity`,controller需要实现`hsweb-commons-controller`中提供的通用controller等
例如:用户设置了 机构管理权限(org)只能查询(query)自己和下属的机构.
通过获取拦截到方法的动态查询参数`QueryParamEntity`,对参数进行重构,
客户端的查询条件翻译为sql:
```sql
where name like ? or full_name like
```
:
```sql
--u_id in (用户可访问的机构id)
where u_id in(?,?,?) and (name like ? or full_name like)
```

4
hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/AopAuthorizingController.java
View File

@@ -8,7 +8,7 @@ import org.hswebframework.web.authorization.basic.handler.AuthorizingHandler;
import org.hswebframework.web.authorization.define.AuthorizeDefinition;
import org.hswebframework.web.authorization.exception.UnAuthorizedException;
import org.hswebframework.web.boost.aop.context.MethodInterceptorHolder;
import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
import org.hswebframework.web.boost.aop.context.MethodInterceptorContext;
import org.springframework.aop.support.StaticMethodMatcherPointcutAdvisor;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.RestController;
@@ -25,7 +25,7 @@ public class AopAuthorizingController extends StaticMethodMatcherPointcutAdvisor
MethodInterceptorHolder holder = MethodInterceptorHolder.create(methodInvocation);
MethodInterceptorParamContext paramContext = holder.createParamContext();
MethodInterceptorContext paramContext = holder.createParamContext();
AuthorizeDefinition definition = aopMethodAuthorizeDefinitionParser.parse(paramContext);

6
hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/AopMethodAuthorizeDefinitionParserCustomer.java → hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/AopMethodAuthorizeDefinitionCustomizerParser.java
View File

@@ -1,13 +1,13 @@
package org.hswebframework.web.authorization.basic.aop;
import org.hswebframework.web.authorization.define.AuthorizeDefinition;
import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
import org.hswebframework.web.boost.aop.context.MethodInterceptorContext;
/**
* 自定义权限控制定义在拦截到方法后优先使用此接口来获取权限控制方式
* @see AuthorizeDefinition
* @author zhouhao
*/
public interface AopMethodAuthorizeDefinitionParserCustomer {
AuthorizeDefinition parse(MethodInterceptorParamContext context);
public interface AopMethodAuthorizeDefinitionCustomizerParser {
AuthorizeDefinition parse(MethodInterceptorContext context);
}

4
hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/AopMethodAuthorizeDefinitionParser.java
View File

@@ -1,7 +1,7 @@
package org.hswebframework.web.authorization.basic.aop;
import org.hswebframework.web.authorization.define.AuthorizeDefinition;
import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
import org.hswebframework.web.boost.aop.context.MethodInterceptorContext;
/**
* 权限控制定义解析器,用于解析被拦截的请求是否需要进行权限控制,以及权限控制的方式
@@ -17,5 +17,5 @@ public interface AopMethodAuthorizeDefinitionParser {
* @param paramContext 被拦截的方法上下文
* @return 权限控制定义, 如果不进行权限控制则返回{@code null}
*/
AuthorizeDefinition parse(MethodInterceptorParamContext paramContext);
AuthorizeDefinition parse(MethodInterceptorContext paramContext);
}

8
hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/DefaultAopMethodAuthorizeDefinitionParser.java
View File

@@ -7,7 +7,7 @@ import org.hswebframework.web.authorization.annotation.RequiresExpression;
import org.hswebframework.web.authorization.basic.define.DefaultBasicAuthorizeDefinition;
import org.hswebframework.web.authorization.basic.define.EmptyAuthorizeDefinition;
import org.hswebframework.web.authorization.define.AuthorizeDefinition;
import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
import org.hswebframework.web.boost.aop.context.MethodInterceptorContext;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.util.CollectionUtils;
@@ -29,16 +29,16 @@ public class DefaultAopMethodAuthorizeDefinitionParser implements AopMethodAutho
private Map<Method, AuthorizeDefinition> cache = new ConcurrentHashMap<>();
private List<AopMethodAuthorizeDefinitionParserCustomer> parserCustomers;
private List<AopMethodAuthorizeDefinitionCustomizerParser> parserCustomers;
@Autowired(required = false)
public void setParserCustomers(List<AopMethodAuthorizeDefinitionParserCustomer> parserCustomers) {
public void setParserCustomers(List<AopMethodAuthorizeDefinitionCustomizerParser> parserCustomers) {
this.parserCustomers = parserCustomers;
}
@Override
public AuthorizeDefinition parse(MethodInterceptorParamContext paramContext) {
public AuthorizeDefinition parse(MethodInterceptorContext paramContext) {
AuthorizeDefinition definition = cache.get(paramContext.getMethod());
if (definition != null) return definition instanceof EmptyAuthorizeDefinition ? null : definition;

4
hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/DefaultAuthorizingHandler.java
View File

@@ -12,7 +12,7 @@ import org.hswebframework.web.authorization.annotation.Logical;
import org.hswebframework.web.authorization.define.AuthorizeDefinition;
import org.hswebframework.web.authorization.define.AuthorizingContext;
import org.hswebframework.web.authorization.exception.AccessDenyException;
import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
import org.hswebframework.web.boost.aop.context.MethodInterceptorContext;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
@@ -85,7 +85,7 @@ public class DefaultAuthorizingHandler implements AuthorizingHandler {
}
protected void handleExpression(Authentication authentication, AuthorizeDefinition definition, MethodInterceptorParamContext paramContext) {
protected void handleExpression(Authentication authentication, AuthorizeDefinition definition, MethodInterceptorContext paramContext) {
if (definition.getScript() != null) {
String scriptId = DigestUtils.md5Hex(definition.getScript().getScript());

1
hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/CustomDataAccessHandler.java
View File

@@ -22,7 +22,6 @@ import org.hswebframework.web.authorization.access.CustomDataAccessConfig;
import org.hswebframework.web.authorization.access.DataAccessConfig;
import org.hswebframework.web.authorization.access.DataAccessHandler;
import org.hswebframework.web.authorization.define.AuthorizingContext;
import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
/**
* 当配置为自定义处理器时(实现{@link CustomDataAccessConfig }接口),此处理器生效

1
hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/DefaultDataAccessController.java
View File

@@ -4,7 +4,6 @@ import org.hswebframework.web.authorization.access.DataAccessConfig;
import org.hswebframework.web.authorization.access.DataAccessController;
import org.hswebframework.web.authorization.access.DataAccessHandler;
import org.hswebframework.web.authorization.define.AuthorizingContext;
import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
import java.util.LinkedList;
import java.util.List;

1
hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/FieldFilterDataAccessHandler.java
View File

@@ -6,7 +6,6 @@ import org.hswebframework.web.authorization.access.DataAccessConfig;
import org.hswebframework.web.authorization.access.DataAccessHandler;
import org.hswebframework.web.authorization.access.FieldFilterDataAccessConfig;
import org.hswebframework.web.authorization.define.AuthorizingContext;
import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
import org.hswebframework.web.commons.entity.Entity;
import org.hswebframework.web.commons.entity.param.QueryParamEntity;
import org.hswebframework.web.commons.model.Model;

2
hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/FieldScopeDataAccessHandler.java
View File

@@ -8,9 +8,7 @@ import org.hswebframework.web.authorization.Permission;
import org.hswebframework.web.authorization.access.DataAccessConfig;
import org.hswebframework.web.authorization.access.DataAccessHandler;
import org.hswebframework.web.authorization.access.FieldScopeDataAccessConfig;
import org.hswebframework.web.authorization.annotation.RequiresDataAccess;
import org.hswebframework.web.authorization.define.AuthorizingContext;
import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
import org.hswebframework.web.commons.entity.param.QueryParamEntity;
import org.hswebframework.web.controller.QueryController;
import org.hswebframework.web.service.QueryService;

1
hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/ScriptDataAccessHandler.java
View File

@@ -9,7 +9,6 @@ import org.hswebframework.web.authorization.access.DataAccessConfig;
import org.hswebframework.web.authorization.access.DataAccessHandler;
import org.hswebframework.web.authorization.access.ScriptDataAccessConfig;
import org.hswebframework.web.authorization.define.AuthorizingContext;
import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
/**
* TODO 完成注释

6
hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/UserOnSignOut.java
View File

@@ -1,7 +1,5 @@
package org.hswebframework.web.authorization.basic.web;
import org.hswebframework.web.ThreadLocalUtils;
import org.hswebframework.web.WebUtil;
import org.hswebframework.web.authorization.listener.AuthorizationListener;
import org.hswebframework.web.authorization.listener.event.AuthorizationExitEvent;
import org.hswebframework.web.authorization.token.UserToken;
@@ -25,7 +23,7 @@ public class UserOnSignOut implements AuthorizationListener<AuthorizationExitEve
}
protected String geToken() {
// TODO: 17-8-16 更多创建方式
return ThreadLocalUtils.<UserToken>get(UserToken.class.getName()).getToken();
UserToken token = UserTokenHolder.currentToken();
return null != token ? token.getToken() : null;
}
}

35
hsweb-authorization/hsweb-authorization-shiro/README.md
View File

@@ -1,36 +1,3 @@
# shiro 权限控制实现
[shiro官方文档](http://shiro.apache.org/documentation.html)
本模块对shiro进行拓展,增加对[hsweb-authorization-api](../hsweb-authorization-api)中的注解进行实现。
实现类如下:
| 注解名称 | 实现类 |
| ------------- |:-------------:|
| [`@Authorize`](../hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/annotation/Authorize.java) | [ExpressionAnnotationMethodInterceptor](src/main/java/org/hswebframework/web/authorization/shiro/boost/SimpleAuthorizeMethodInterceptor.java) |
| [`@RequiresExpression`](../hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/annotation/RequiresExpression.java) | [ExpressionAnnotationMethodInterceptor](src/main/java/org/hswebframework/web/authorization/shiro/boost/ExpressionAnnotationMethodInterceptor.java) |
| [`@RequiresDataAccess`](../hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/annotation/RequiresDataAccess.java) | [DataAccessAnnotationMethodInterceptor](src/main/java/org/hswebframework/web/authorization/shiro/boost/DataAccessAnnotationMethodInterceptor.java) |
## 拓展接口
### 数据级权限控制器
控制逻辑简述:
1. 获取被拦截方法的注解信息,取得当前需要验证的permission,action。如: user,query
2. 根据上一步获取到需要验证的permission和action获取当前登录用户权限信息中配置的控制规则控制规则可以在前端进行设置
3. 调用控制器进行验证
可自己实现DataAccessHandler接口并注入spring以实现自定义的控制方式
内置的控制方式
1. [CustomDataAccessHandler](src/main/java/org/hswebframework/web/authorization/shiro/boost/handler/CustomDataAccessHandler.java) 自定义控制器
2. [OwnCreatedDataAccessHandler](src/main/java/org/hswebframework/web/authorization/shiro/boost/handler/OwnCreatedDataAccessHandler.java) 控制只能操作自己创建的数据
3. [ScriptDataAccessHandler](src/main/java/org/hswebframework/web/authorization/shiro/boost/handler/ScriptDataAccessHandler.java) 使用脚本方式控制
4. [FieldScopeDataAccessHandler](src/main/java/org/hswebframework/web/authorization/shiro/boost/handler/FieldScopeDataAccessHandler.java) 控制字段的值范围,如: orgId in (1,2,3,4)
5. [FieldFilterDataAccessHandler](src/main/java/org/hswebframework/web/authorization/shiro/boost/handler/FieldFilterDataAccessHandler.java) 控制字段的操作范围,此控制器替代之前的FieldAccess功能
注意: 控制需满足的条件请查看控制器源代码查看注释获取
shiro实现已被砍,请看[basic实现](../hsweb-authorization-basic)

2
hsweb-boost/hsweb-boost-aop/src/main/java/org/hswebframework/web/boost/aop/context/MethodInterceptorParamContext.java → hsweb-boost/hsweb-boost-aop/src/main/java/org/hswebframework/web/boost/aop/context/MethodInterceptorContext.java
View File

@@ -30,7 +30,7 @@ import java.util.Optional;
* @author zhouhao
* @see 3.0
*/
public interface MethodInterceptorParamContext extends Serializable {
public interface MethodInterceptorContext extends Serializable {
/**
* 获取当前类实例

4
hsweb-boost/hsweb-boost-aop/src/main/java/org/hswebframework/web/boost/aop/context/MethodInterceptorHolder.java
View File

@@ -119,8 +119,8 @@ public class MethodInterceptorHolder {
return AopUtils.findAnnotation(target.getClass(), method, annClass);
}
public MethodInterceptorParamContext createParamContext() {
return new MethodInterceptorParamContext() {
public MethodInterceptorContext createParamContext() {
return new MethodInterceptorContext() {
@Override
public Object getTarget() {
return target;

4
hsweb-boost/hsweb-boost-validator/hsweb-boost-validator-api/src/main/java/org/hswebframework/web/boost/validator/DuplicateValidator.java
View File

@@ -18,7 +18,7 @@
package org.hswebframework.web.boost.validator;
import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
import org.hswebframework.web.boost.aop.context.MethodInterceptorContext;
/**
* 重复数据验证器,验证数据是否重复
@@ -26,7 +26,7 @@ import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
* @author zhouhao
*/
public interface DuplicateValidator {
Result doValidate(DuplicateValidatorConfig validator, MethodInterceptorParamContext context);
Result doValidate(DuplicateValidatorConfig validator, MethodInterceptorContext context);
/**
* 验证结果

5
hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/AbstractScopeDataAccessHandler.java
View File

@@ -6,15 +6,10 @@ import org.hswebframework.web.authorization.Permission;
import org.hswebframework.web.authorization.access.DataAccessConfig;
import org.hswebframework.web.authorization.access.DataAccessHandler;
import org.hswebframework.web.authorization.access.ScopeDataAccessConfig;
import org.hswebframework.web.authorization.annotation.RequiresDataAccess;
import org.hswebframework.web.authorization.define.AuthorizingContext;
import org.hswebframework.web.boost.aop.context.MethodInterceptorHolder;
import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
import org.hswebframework.web.commons.entity.Entity;
import org.hswebframework.web.commons.entity.param.QueryParamEntity;
import org.hswebframework.web.controller.QueryController;
import org.hswebframework.web.entity.organizational.OrganizationalEntity;
import org.hswebframework.web.entity.organizational.authorization.OrgAttachEntity;
import org.hswebframework.web.organizational.authorization.PersonnelAuthorization;
import org.hswebframework.web.organizational.authorization.access.DataAccessType;
import org.hswebframework.web.service.QueryService;

1
hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/CustomScopeHandler.java
View File

@@ -3,7 +3,6 @@ package org.hswebframework.web.organizational.authorization.simple.handler;
import org.hswebframework.web.authorization.access.DataAccessConfig;
import org.hswebframework.web.authorization.access.DataAccessHandler;
import org.hswebframework.web.authorization.define.AuthorizingContext;
import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
import org.hswebframework.web.organizational.authorization.access.DataAccessType;
import org.hswebframework.web.organizational.authorization.simple.SimpleCustomScopeDataAccessConfig;
import org.hswebframework.web.organizational.authorization.simple.SimpleScopeDataAccessConfig;

4
hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/OrgScopeDataAccessHandler.java
View File

@@ -2,12 +2,8 @@ package org.hswebframework.web.organizational.authorization.simple.handler;
import org.hsweb.ezorm.core.param.Term;
import org.hsweb.ezorm.core.param.TermType;
import org.hswebframework.utils.ClassUtils;
import org.hswebframework.web.authorization.define.AuthorizingContext;
import org.hswebframework.web.boost.aop.context.MethodInterceptorHolder;
import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
import org.hswebframework.web.entity.organizational.OrganizationalEntity;
import org.hswebframework.web.entity.organizational.SimpleOrganizationalEntity;
import org.hswebframework.web.entity.organizational.authorization.OrgAttachEntity;
import org.hswebframework.web.organizational.authorization.PersonnelAuthorization;
import org.hswebframework.web.organizational.authorization.access.DataAccessType;