From f342de5bb8b2e653bc1aaa41a1472fcd6256a8b4 Mon Sep 17 00:00:00 2001 From: zhouhao Date: Fri, 18 Aug 2017 17:55:11 +0800 Subject: [PATCH] =?UTF-8?q?shiro=E8=A2=AB=E7=A0=8D,basic=E9=A1=B6=E6=9B=BF?= =?UTF-8?q?.?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../hsweb-authorization-api/README.md | 7 ++- .../hsweb-authorization-api/define.md | 3 ++ .../define/AuthorizingContext.java | 8 +-- .../hsweb-authorization-api/token.md | 3 ++ .../hsweb-authorization-basic/README.md | 49 +++++++++++++++++++ .../basic/aop/AopAuthorizingController.java | 4 +- ...dAuthorizeDefinitionCustomizerParser.java} | 6 +-- .../AopMethodAuthorizeDefinitionParser.java | 4 +- ...ultAopMethodAuthorizeDefinitionParser.java | 8 +-- .../handler/DefaultAuthorizingHandler.java | 4 +- .../access/CustomDataAccessHandler.java | 1 - .../access/DefaultDataAccessController.java | 1 - .../access/FieldFilterDataAccessHandler.java | 1 - .../access/FieldScopeDataAccessHandler.java | 2 - .../access/ScriptDataAccessHandler.java | 1 - .../basic/web/UserOnSignOut.java | 6 +-- .../hsweb-authorization-shiro/README.md | 35 +------------ ...ext.java => MethodInterceptorContext.java} | 2 +- .../aop/context/MethodInterceptorHolder.java | 4 +- .../boost/validator/DuplicateValidator.java | 4 +- .../AbstractScopeDataAccessHandler.java | 5 -- .../simple/handler/CustomScopeHandler.java | 1 - .../handler/OrgScopeDataAccessHandler.java | 4 -- 23 files changed, 86 insertions(+), 77 deletions(-) create mode 100644 hsweb-authorization/hsweb-authorization-api/define.md create mode 100644 hsweb-authorization/hsweb-authorization-api/token.md create mode 100644 hsweb-authorization/hsweb-authorization-basic/README.md rename hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/{AopMethodAuthorizeDefinitionParserCustomer.java => AopMethodAuthorizeDefinitionCustomizerParser.java} (70%) rename hsweb-boost/hsweb-boost-aop/src/main/java/org/hswebframework/web/boost/aop/context/{MethodInterceptorParamContext.java => MethodInterceptorContext.java} (96%) diff --git a/hsweb-authorization/hsweb-authorization-api/README.md b/hsweb-authorization/hsweb-authorization-api/README.md index 70a2a014e..2683a5b65 100644 --- a/hsweb-authorization/hsweb-authorization-api/README.md +++ b/hsweb-authorization/hsweb-authorization-api/README.md @@ -1,6 +1,10 @@ # 权限控制API 用于权限控制的API接口,支持RBAC权限控制,支持数据级(控制到行,列)权限控制. +[用户令牌管理](token.md) + +[权限控制配置](define.md) + # 介绍 以下讲到的类都是基于包:org.hswebframework.web.authorization @@ -52,4 +56,5 @@ public class CustomAuthorizationSuccessListener implements AuthorizationListener System.out.println(authentication.getUser().getName()+"登录啦"); } } -``` \ No newline at end of file +``` + diff --git a/hsweb-authorization/hsweb-authorization-api/define.md b/hsweb-authorization/hsweb-authorization-api/define.md new file mode 100644 index 000000000..f55da45f1 --- /dev/null +++ b/hsweb-authorization/hsweb-authorization-api/define.md @@ -0,0 +1,3 @@ +# 权限配置定义 + +用于告诉权限框架哪些请求需要进行权限控制,怎么控制. \ No newline at end of file diff --git a/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/define/AuthorizingContext.java b/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/define/AuthorizingContext.java index 9c24dff34..9df70a2fc 100644 --- a/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/define/AuthorizingContext.java +++ b/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/define/AuthorizingContext.java @@ -1,7 +1,7 @@ package org.hswebframework.web.authorization.define; import org.hswebframework.web.authorization.Authentication; -import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext; +import org.hswebframework.web.boost.aop.context.MethodInterceptorContext; /** * 权限控制上下文 @@ -11,7 +11,7 @@ public class AuthorizingContext { private Authentication authentication; - private MethodInterceptorParamContext paramContext; + private MethodInterceptorContext paramContext; public AuthorizeDefinition getDefinition() { return definition; @@ -29,11 +29,11 @@ public class AuthorizingContext { this.authentication = authentication; } - public MethodInterceptorParamContext getParamContext() { + public MethodInterceptorContext getParamContext() { return paramContext; } - public void setParamContext(MethodInterceptorParamContext paramContext) { + public void setParamContext(MethodInterceptorContext paramContext) { this.paramContext = paramContext; } } diff --git a/hsweb-authorization/hsweb-authorization-api/token.md b/hsweb-authorization/hsweb-authorization-api/token.md new file mode 100644 index 000000000..65814024a --- /dev/null +++ b/hsweb-authorization/hsweb-authorization-api/token.md @@ -0,0 +1,3 @@ +# 用户令牌管理 +用于管理已授权的用户,并这些用户进行操作,如: 统计人数,踢下线,禁止多地点同时登录等操作 + diff --git a/hsweb-authorization/hsweb-authorization-basic/README.md b/hsweb-authorization/hsweb-authorization-basic/README.md new file mode 100644 index 000000000..d78d2b380 --- /dev/null +++ b/hsweb-authorization/hsweb-authorization-basic/README.md @@ -0,0 +1,49 @@ +# 权限控制基础实现 + +1. 实现RBAC权限控制 +2. 实现数据权限控制 +3. 可动态进行权限配置设置 + +默认仅提供了aop方式的权限控制,控制逻辑如下: +1. `AopAuthorizingController` aop拦截所有controller方法(注解了:`Controller`或者`RestController`的类的方法) +2. 在客户端发起请求的时候,将拦截到的方法信息(`MethodInterceptorContext`)传给权限定义解析器(`AopMethodAuthorizeDefinitionParser`) +进行解析 +3. 框架默认实现的解析器会先调用所有的`AopMethodAuthorizeDefinitionCustomizerParser`获取自定义的配置(实现`AopMethodAuthorizeDefinitionCustomizerParser`接口并注入到spring即可,自定义未进行缓存,请自行实现缓存策略) +如果没有,则获取缓存,如果缓存不存在就开始解析方法以及类上的注解,并放入缓存后返回权限配 +4. 如果解析器返回的结果不为空,并且用户已经登录,则调用`AuthorizingHandler`进行权限控制 +5. 默认的权限控制实现`DefaultAuthorizingHandler`,将分别进行RBAC,数据权限,表达式方式的权限控制. +6. 如果授权未通过,则抛出`AccessDenyException`异常 + +## 授权 +使用`hsweb-authorization-api`提供的授权方式:类`UserOnSignIn`监听用户授权事件`AuthorizationSuccessEvent` +当用户完成授权,授权的方式可自行处理,或者使用框架默认的授权方式.授权通过后会触发该事件.流程如下 + +1. 授权接口完成授权,触发AuthorizationSuccessEvent +2. `UserOnSignIn` 收到事件,获取参数`token_type`(默认为`sessionId`) +3. 根据`token_type` 生成token. +4. 将token信息注册到`UserTokenManager` +5. 将token返回给授权接口 + +## 注销 +与授权同理,类`UserOnSignOut`监听`AuthorizationExitEvent` ,当触发事件后,调用`UserTokenManager`移除当前登录的token信息 + +## rbac权限控制 +默认对注解`Authorize`进行实现,具体功能,请查看源代码 + +## 数据权限 +原理: 通过用户的权限信息,对aop拦截到的参数进行操作 + +约束: 对方法的参数有要求,如动态查询需要有参数`QueryParamEntity`,controller需要实现`hsweb-commons-controller`中提供的通用controller等 + +例如:用户设置了 机构管理权限(org)只能查询(query)自己和下属的机构. +通过获取拦截到方法的动态查询参数`QueryParamEntity`,对参数进行重构, +客户端的查询条件翻译为sql: +```sql +where name like ? or full_name like +``` + +重构后为: +```sql +--u_id in (用户可访问的机构id) +where u_id in(?,?,?) and (name like ? or full_name like) +``` \ No newline at end of file diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/AopAuthorizingController.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/AopAuthorizingController.java index 257aac38a..3950a7c5e 100644 --- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/AopAuthorizingController.java +++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/AopAuthorizingController.java @@ -8,7 +8,7 @@ import org.hswebframework.web.authorization.basic.handler.AuthorizingHandler; import org.hswebframework.web.authorization.define.AuthorizeDefinition; import org.hswebframework.web.authorization.exception.UnAuthorizedException; import org.hswebframework.web.boost.aop.context.MethodInterceptorHolder; -import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext; +import org.hswebframework.web.boost.aop.context.MethodInterceptorContext; import org.springframework.aop.support.StaticMethodMatcherPointcutAdvisor; import org.springframework.stereotype.Controller; import org.springframework.web.bind.annotation.RestController; @@ -25,7 +25,7 @@ public class AopAuthorizingController extends StaticMethodMatcherPointcutAdvisor MethodInterceptorHolder holder = MethodInterceptorHolder.create(methodInvocation); - MethodInterceptorParamContext paramContext = holder.createParamContext(); + MethodInterceptorContext paramContext = holder.createParamContext(); AuthorizeDefinition definition = aopMethodAuthorizeDefinitionParser.parse(paramContext); diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/AopMethodAuthorizeDefinitionParserCustomer.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/AopMethodAuthorizeDefinitionCustomizerParser.java similarity index 70% rename from hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/AopMethodAuthorizeDefinitionParserCustomer.java rename to hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/AopMethodAuthorizeDefinitionCustomizerParser.java index 68e50b9a4..4adf51466 100644 --- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/AopMethodAuthorizeDefinitionParserCustomer.java +++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/AopMethodAuthorizeDefinitionCustomizerParser.java @@ -1,13 +1,13 @@ package org.hswebframework.web.authorization.basic.aop; import org.hswebframework.web.authorization.define.AuthorizeDefinition; -import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext; +import org.hswebframework.web.boost.aop.context.MethodInterceptorContext; /** * 自定义权限控制定义,在拦截到方法后,优先使用此接口来获取权限控制方式 * @see AuthorizeDefinition * @author zhouhao */ -public interface AopMethodAuthorizeDefinitionParserCustomer { - AuthorizeDefinition parse(MethodInterceptorParamContext context); +public interface AopMethodAuthorizeDefinitionCustomizerParser { + AuthorizeDefinition parse(MethodInterceptorContext context); } diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/AopMethodAuthorizeDefinitionParser.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/AopMethodAuthorizeDefinitionParser.java index 1c38efb44..23c995bd1 100644 --- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/AopMethodAuthorizeDefinitionParser.java +++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/AopMethodAuthorizeDefinitionParser.java @@ -1,7 +1,7 @@ package org.hswebframework.web.authorization.basic.aop; import org.hswebframework.web.authorization.define.AuthorizeDefinition; -import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext; +import org.hswebframework.web.boost.aop.context.MethodInterceptorContext; /** * 权限控制定义解析器,用于解析被拦截的请求是否需要进行权限控制,以及权限控制的方式 @@ -17,5 +17,5 @@ public interface AopMethodAuthorizeDefinitionParser { * @param paramContext 被拦截的方法上下文 * @return 权限控制定义, 如果不进行权限控制则返回{@code null} */ - AuthorizeDefinition parse(MethodInterceptorParamContext paramContext); + AuthorizeDefinition parse(MethodInterceptorContext paramContext); } diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/DefaultAopMethodAuthorizeDefinitionParser.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/DefaultAopMethodAuthorizeDefinitionParser.java index b156e154b..6544ba909 100644 --- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/DefaultAopMethodAuthorizeDefinitionParser.java +++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/DefaultAopMethodAuthorizeDefinitionParser.java @@ -7,7 +7,7 @@ import org.hswebframework.web.authorization.annotation.RequiresExpression; import org.hswebframework.web.authorization.basic.define.DefaultBasicAuthorizeDefinition; import org.hswebframework.web.authorization.basic.define.EmptyAuthorizeDefinition; import org.hswebframework.web.authorization.define.AuthorizeDefinition; -import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext; +import org.hswebframework.web.boost.aop.context.MethodInterceptorContext; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.util.CollectionUtils; @@ -29,16 +29,16 @@ public class DefaultAopMethodAuthorizeDefinitionParser implements AopMethodAutho private Map cache = new ConcurrentHashMap<>(); - private List parserCustomers; + private List parserCustomers; @Autowired(required = false) - public void setParserCustomers(List parserCustomers) { + public void setParserCustomers(List parserCustomers) { this.parserCustomers = parserCustomers; } @Override - public AuthorizeDefinition parse(MethodInterceptorParamContext paramContext) { + public AuthorizeDefinition parse(MethodInterceptorContext paramContext) { AuthorizeDefinition definition = cache.get(paramContext.getMethod()); if (definition != null) return definition instanceof EmptyAuthorizeDefinition ? null : definition; diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/DefaultAuthorizingHandler.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/DefaultAuthorizingHandler.java index 545c6fc5a..98600fa2e 100644 --- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/DefaultAuthorizingHandler.java +++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/DefaultAuthorizingHandler.java @@ -12,7 +12,7 @@ import org.hswebframework.web.authorization.annotation.Logical; import org.hswebframework.web.authorization.define.AuthorizeDefinition; import org.hswebframework.web.authorization.define.AuthorizingContext; import org.hswebframework.web.authorization.exception.AccessDenyException; -import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext; +import org.hswebframework.web.boost.aop.context.MethodInterceptorContext; import org.slf4j.Logger; import org.slf4j.LoggerFactory; @@ -85,7 +85,7 @@ public class DefaultAuthorizingHandler implements AuthorizingHandler { } - protected void handleExpression(Authentication authentication, AuthorizeDefinition definition, MethodInterceptorParamContext paramContext) { + protected void handleExpression(Authentication authentication, AuthorizeDefinition definition, MethodInterceptorContext paramContext) { if (definition.getScript() != null) { String scriptId = DigestUtils.md5Hex(definition.getScript().getScript()); diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/CustomDataAccessHandler.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/CustomDataAccessHandler.java index 9bbb698e5..40538260a 100644 --- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/CustomDataAccessHandler.java +++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/CustomDataAccessHandler.java @@ -22,7 +22,6 @@ import org.hswebframework.web.authorization.access.CustomDataAccessConfig; import org.hswebframework.web.authorization.access.DataAccessConfig; import org.hswebframework.web.authorization.access.DataAccessHandler; import org.hswebframework.web.authorization.define.AuthorizingContext; -import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext; /** * 当配置为自定义处理器时(实现{@link CustomDataAccessConfig }接口),此处理器生效 diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/DefaultDataAccessController.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/DefaultDataAccessController.java index c2f171ea9..1c296941e 100644 --- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/DefaultDataAccessController.java +++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/DefaultDataAccessController.java @@ -4,7 +4,6 @@ import org.hswebframework.web.authorization.access.DataAccessConfig; import org.hswebframework.web.authorization.access.DataAccessController; import org.hswebframework.web.authorization.access.DataAccessHandler; import org.hswebframework.web.authorization.define.AuthorizingContext; -import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext; import java.util.LinkedList; import java.util.List; diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/FieldFilterDataAccessHandler.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/FieldFilterDataAccessHandler.java index 452edeb36..f1aa6d1c3 100644 --- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/FieldFilterDataAccessHandler.java +++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/FieldFilterDataAccessHandler.java @@ -6,7 +6,6 @@ import org.hswebframework.web.authorization.access.DataAccessConfig; import org.hswebframework.web.authorization.access.DataAccessHandler; import org.hswebframework.web.authorization.access.FieldFilterDataAccessConfig; import org.hswebframework.web.authorization.define.AuthorizingContext; -import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext; import org.hswebframework.web.commons.entity.Entity; import org.hswebframework.web.commons.entity.param.QueryParamEntity; import org.hswebframework.web.commons.model.Model; diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/FieldScopeDataAccessHandler.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/FieldScopeDataAccessHandler.java index d288d1014..ce6880e45 100644 --- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/FieldScopeDataAccessHandler.java +++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/FieldScopeDataAccessHandler.java @@ -8,9 +8,7 @@ import org.hswebframework.web.authorization.Permission; import org.hswebframework.web.authorization.access.DataAccessConfig; import org.hswebframework.web.authorization.access.DataAccessHandler; import org.hswebframework.web.authorization.access.FieldScopeDataAccessConfig; -import org.hswebframework.web.authorization.annotation.RequiresDataAccess; import org.hswebframework.web.authorization.define.AuthorizingContext; -import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext; import org.hswebframework.web.commons.entity.param.QueryParamEntity; import org.hswebframework.web.controller.QueryController; import org.hswebframework.web.service.QueryService; diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/ScriptDataAccessHandler.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/ScriptDataAccessHandler.java index 858d9e198..8fae1678c 100644 --- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/ScriptDataAccessHandler.java +++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/ScriptDataAccessHandler.java @@ -9,7 +9,6 @@ import org.hswebframework.web.authorization.access.DataAccessConfig; import org.hswebframework.web.authorization.access.DataAccessHandler; import org.hswebframework.web.authorization.access.ScriptDataAccessConfig; import org.hswebframework.web.authorization.define.AuthorizingContext; -import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext; /** * TODO 完成注释 diff --git a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/UserOnSignOut.java b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/UserOnSignOut.java index 0ab8dbe96..1e16be790 100644 --- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/UserOnSignOut.java +++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/UserOnSignOut.java @@ -1,7 +1,5 @@ package org.hswebframework.web.authorization.basic.web; -import org.hswebframework.web.ThreadLocalUtils; -import org.hswebframework.web.WebUtil; import org.hswebframework.web.authorization.listener.AuthorizationListener; import org.hswebframework.web.authorization.listener.event.AuthorizationExitEvent; import org.hswebframework.web.authorization.token.UserToken; @@ -25,7 +23,7 @@ public class UserOnSignOut implements AuthorizationListenerget(UserToken.class.getName()).getToken(); + UserToken token = UserTokenHolder.currentToken(); + return null != token ? token.getToken() : null; } } diff --git a/hsweb-authorization/hsweb-authorization-shiro/README.md b/hsweb-authorization/hsweb-authorization-shiro/README.md index 7f4b0de70..173be3fec 100644 --- a/hsweb-authorization/hsweb-authorization-shiro/README.md +++ b/hsweb-authorization/hsweb-authorization-shiro/README.md @@ -1,36 +1,3 @@ # shiro 权限控制实现 -[shiro官方文档](http://shiro.apache.org/documentation.html) - -本模块对shiro进行拓展,增加对[hsweb-authorization-api](../hsweb-authorization-api)中的注解进行实现。 -实现类如下: - -| 注解名称 | 实现类 | -| ------------- |:-------------:| -| [`@Authorize`](../hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/annotation/Authorize.java) | [ExpressionAnnotationMethodInterceptor](src/main/java/org/hswebframework/web/authorization/shiro/boost/SimpleAuthorizeMethodInterceptor.java) | -| [`@RequiresExpression`](../hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/annotation/RequiresExpression.java) | [ExpressionAnnotationMethodInterceptor](src/main/java/org/hswebframework/web/authorization/shiro/boost/ExpressionAnnotationMethodInterceptor.java) | -| [`@RequiresDataAccess`](../hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/annotation/RequiresDataAccess.java) | [DataAccessAnnotationMethodInterceptor](src/main/java/org/hswebframework/web/authorization/shiro/boost/DataAccessAnnotationMethodInterceptor.java) | - -## 拓展接口 - -### 数据级权限控制器 - -控制逻辑简述: - -1. 获取被拦截方法的注解信息,取得当前需要验证的permission,action。如: user,query -2. 根据上一步获取到需要验证的permission和action获取当前登录用户权限信息中配置的控制规则(控制规则可以在前端进行设置) -3. 调用控制器进行验证 - -可自己实现DataAccessHandler接口并注入spring以实现自定义的控制方式 - -内置的控制方式 - -1. [CustomDataAccessHandler](src/main/java/org/hswebframework/web/authorization/shiro/boost/handler/CustomDataAccessHandler.java) 自定义控制器 -2. [OwnCreatedDataAccessHandler](src/main/java/org/hswebframework/web/authorization/shiro/boost/handler/OwnCreatedDataAccessHandler.java) 控制只能操作自己创建的数据 -3. [ScriptDataAccessHandler](src/main/java/org/hswebframework/web/authorization/shiro/boost/handler/ScriptDataAccessHandler.java) 使用脚本方式控制 -4. [FieldScopeDataAccessHandler](src/main/java/org/hswebframework/web/authorization/shiro/boost/handler/FieldScopeDataAccessHandler.java) 控制字段的值范围,如: orgId in (1,2,3,4) -5. [FieldFilterDataAccessHandler](src/main/java/org/hswebframework/web/authorization/shiro/boost/handler/FieldFilterDataAccessHandler.java) 控制字段的操作范围,此控制器替代之前的FieldAccess功能 - - -注意: 控制需满足的条件请查看控制器源代码查看注释获取 - +shiro实现已被砍,请看[basic实现](../hsweb-authorization-basic) diff --git a/hsweb-boost/hsweb-boost-aop/src/main/java/org/hswebframework/web/boost/aop/context/MethodInterceptorParamContext.java b/hsweb-boost/hsweb-boost-aop/src/main/java/org/hswebframework/web/boost/aop/context/MethodInterceptorContext.java similarity index 96% rename from hsweb-boost/hsweb-boost-aop/src/main/java/org/hswebframework/web/boost/aop/context/MethodInterceptorParamContext.java rename to hsweb-boost/hsweb-boost-aop/src/main/java/org/hswebframework/web/boost/aop/context/MethodInterceptorContext.java index 47121f755..563e47e4a 100644 --- a/hsweb-boost/hsweb-boost-aop/src/main/java/org/hswebframework/web/boost/aop/context/MethodInterceptorParamContext.java +++ b/hsweb-boost/hsweb-boost-aop/src/main/java/org/hswebframework/web/boost/aop/context/MethodInterceptorContext.java @@ -30,7 +30,7 @@ import java.util.Optional; * @author zhouhao * @see 3.0 */ -public interface MethodInterceptorParamContext extends Serializable { +public interface MethodInterceptorContext extends Serializable { /** * 获取当前类实例 diff --git a/hsweb-boost/hsweb-boost-aop/src/main/java/org/hswebframework/web/boost/aop/context/MethodInterceptorHolder.java b/hsweb-boost/hsweb-boost-aop/src/main/java/org/hswebframework/web/boost/aop/context/MethodInterceptorHolder.java index a15a1ecd1..d29cbdef0 100644 --- a/hsweb-boost/hsweb-boost-aop/src/main/java/org/hswebframework/web/boost/aop/context/MethodInterceptorHolder.java +++ b/hsweb-boost/hsweb-boost-aop/src/main/java/org/hswebframework/web/boost/aop/context/MethodInterceptorHolder.java @@ -119,8 +119,8 @@ public class MethodInterceptorHolder { return AopUtils.findAnnotation(target.getClass(), method, annClass); } - public MethodInterceptorParamContext createParamContext() { - return new MethodInterceptorParamContext() { + public MethodInterceptorContext createParamContext() { + return new MethodInterceptorContext() { @Override public Object getTarget() { return target; diff --git a/hsweb-boost/hsweb-boost-validator/hsweb-boost-validator-api/src/main/java/org/hswebframework/web/boost/validator/DuplicateValidator.java b/hsweb-boost/hsweb-boost-validator/hsweb-boost-validator-api/src/main/java/org/hswebframework/web/boost/validator/DuplicateValidator.java index 041fa381e..7bdd5212e 100644 --- a/hsweb-boost/hsweb-boost-validator/hsweb-boost-validator-api/src/main/java/org/hswebframework/web/boost/validator/DuplicateValidator.java +++ b/hsweb-boost/hsweb-boost-validator/hsweb-boost-validator-api/src/main/java/org/hswebframework/web/boost/validator/DuplicateValidator.java @@ -18,7 +18,7 @@ package org.hswebframework.web.boost.validator; -import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext; +import org.hswebframework.web.boost.aop.context.MethodInterceptorContext; /** * 重复数据验证器,验证数据是否重复 @@ -26,7 +26,7 @@ import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext; * @author zhouhao */ public interface DuplicateValidator { - Result doValidate(DuplicateValidatorConfig validator, MethodInterceptorParamContext context); + Result doValidate(DuplicateValidatorConfig validator, MethodInterceptorContext context); /** * 验证结果 diff --git a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/AbstractScopeDataAccessHandler.java b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/AbstractScopeDataAccessHandler.java index 042059970..dcf1e0029 100644 --- a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/AbstractScopeDataAccessHandler.java +++ b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/AbstractScopeDataAccessHandler.java @@ -6,15 +6,10 @@ import org.hswebframework.web.authorization.Permission; import org.hswebframework.web.authorization.access.DataAccessConfig; import org.hswebframework.web.authorization.access.DataAccessHandler; import org.hswebframework.web.authorization.access.ScopeDataAccessConfig; -import org.hswebframework.web.authorization.annotation.RequiresDataAccess; import org.hswebframework.web.authorization.define.AuthorizingContext; -import org.hswebframework.web.boost.aop.context.MethodInterceptorHolder; -import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext; import org.hswebframework.web.commons.entity.Entity; import org.hswebframework.web.commons.entity.param.QueryParamEntity; import org.hswebframework.web.controller.QueryController; -import org.hswebframework.web.entity.organizational.OrganizationalEntity; -import org.hswebframework.web.entity.organizational.authorization.OrgAttachEntity; import org.hswebframework.web.organizational.authorization.PersonnelAuthorization; import org.hswebframework.web.organizational.authorization.access.DataAccessType; import org.hswebframework.web.service.QueryService; diff --git a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/CustomScopeHandler.java b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/CustomScopeHandler.java index 62683732e..ca729e609 100644 --- a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/CustomScopeHandler.java +++ b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/CustomScopeHandler.java @@ -3,7 +3,6 @@ package org.hswebframework.web.organizational.authorization.simple.handler; import org.hswebframework.web.authorization.access.DataAccessConfig; import org.hswebframework.web.authorization.access.DataAccessHandler; import org.hswebframework.web.authorization.define.AuthorizingContext; -import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext; import org.hswebframework.web.organizational.authorization.access.DataAccessType; import org.hswebframework.web.organizational.authorization.simple.SimpleCustomScopeDataAccessConfig; import org.hswebframework.web.organizational.authorization.simple.SimpleScopeDataAccessConfig; diff --git a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/OrgScopeDataAccessHandler.java b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/OrgScopeDataAccessHandler.java index 4da3af9de..c0dc47d5b 100644 --- a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/OrgScopeDataAccessHandler.java +++ b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/OrgScopeDataAccessHandler.java @@ -2,12 +2,8 @@ package org.hswebframework.web.organizational.authorization.simple.handler; import org.hsweb.ezorm.core.param.Term; import org.hsweb.ezorm.core.param.TermType; -import org.hswebframework.utils.ClassUtils; import org.hswebframework.web.authorization.define.AuthorizingContext; -import org.hswebframework.web.boost.aop.context.MethodInterceptorHolder; -import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext; import org.hswebframework.web.entity.organizational.OrganizationalEntity; -import org.hswebframework.web.entity.organizational.SimpleOrganizationalEntity; import org.hswebframework.web.entity.organizational.authorization.OrgAttachEntity; import org.hswebframework.web.organizational.authorization.PersonnelAuthorization; import org.hswebframework.web.organizational.authorization.access.DataAccessType;