优化权限解析

2026-06-01 10:21:26 +08:00 · 2018-01-17 13:15:22 +08:00
parent 545edd2ce7
commit f7815fb4ea
16 changed files with 197 additions and 35 deletions
--- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/DefaultAopMethodAuthorizeDefinitionParser.java
+++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/DefaultAopMethodAuthorizeDefinitionParser.java
@@ -55,7 +55,7 @@ public class DefaultAopMethodAuthorizeDefinitionParser implements AopMethodAutho
        if ((definition instanceof EmptyAuthorizeDefinition)) {
            return null;
        }
-        if(null!=definition){
+        if (null != definition) {
            return definition;
        }
        //使用自定义
@@ -88,7 +88,8 @@ public class DefaultAopMethodAuthorizeDefinitionParser implements AopMethodAutho
            return null;
        }
        DefaultBasicAuthorizeDefinition authorizeDefinition = new DefaultBasicAuthorizeDefinition();
-
+        authorizeDefinition.setTargetClass(target);
+        authorizeDefinition.setTargetMethod(method);
        if (methodAuth == null || methodAuth.merge()) {
            authorizeDefinition.put(classAuth);
        }
@@ -137,7 +138,7 @@ public class DefaultAopMethodAuthorizeDefinitionParser implements AopMethodAutho
    }

    class CacheKey {
-        private Class type;
+        private Class  type;
        private Method method;

        public CacheKey(Class type, Method method) {
--- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/configuration/AuthorizingHandlerAutoConfiguration.java
+++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/configuration/AuthorizingHandlerAutoConfiguration.java
@@ -1,21 +1,15 @@
 package org.hswebframework.web.authorization.basic.configuration;

-import org.hswebframework.web.authorization.AuthenticationHolder;
-import org.hswebframework.web.authorization.AuthenticationManager;
-import org.hswebframework.web.authorization.AuthenticationSupplier;
 import org.hswebframework.web.authorization.access.DataAccessController;
 import org.hswebframework.web.authorization.access.DataAccessHandler;
 import org.hswebframework.web.authorization.basic.handler.DefaultAuthorizingHandler;
 import org.hswebframework.web.authorization.basic.handler.access.DefaultDataAccessController;
 import org.hswebframework.web.authorization.basic.web.*;
 import org.hswebframework.web.authorization.basic.web.session.UserTokenAutoExpiredListener;
-import org.hswebframework.web.authorization.token.DefaultUserTokenManager;
-import org.hswebframework.web.authorization.token.UserTokenAuthenticationSupplier;
 import org.hswebframework.web.authorization.token.UserTokenManager;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.config.BeanPostProcessor;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
-import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
--- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/configuration/CorsAutoConfiguration.java
+++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/configuration/CorsAutoConfiguration.java
@@ -1,33 +0,0 @@
-package org.hswebframework.web.authorization.basic.configuration;
-
-import org.springframework.boot.autoconfigure.condition.ConditionalOnProperty;
-import org.springframework.boot.context.properties.ConfigurationProperties;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.web.cors.CorsConfiguration;
-import org.springframework.web.cors.UrlBasedCorsConfigurationSource;
-import org.springframework.web.filter.CorsFilter;
-
-/**
- * 跨域设置
- *
- * @author zhouhao
- * @since 1.0
- */
-@Configuration
-@ConditionalOnProperty(prefix = "hsweb.cors", name = "enable", havingValue = "true")
-public class CorsAutoConfiguration {
-
-    @ConfigurationProperties(prefix = "hsweb.cors")
-    @Bean
-    public CorsConfiguration corsConfiguration() {
-        return new CorsConfiguration();
-    }
-
-    @Bean
-    public CorsFilter corsFilter(CorsConfiguration corsConfiguration) {
-        UrlBasedCorsConfigurationSource corsConfigurationSource = new UrlBasedCorsConfigurationSource();
-        corsConfigurationSource.registerCorsConfiguration("/**", corsConfiguration);
-        return new CorsFilter(corsConfigurationSource);
-    }
-}
--- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/configuration/EnableAopAuthorize.java
+++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/configuration/EnableAopAuthorize.java
@@ -11,7 +11,7 @@ import java.lang.annotation.*;
@Retention(RetentionPolicy.RUNTIME)
@Documented
@Inherited
-@ImportAutoConfiguration(AopAuthorizeAutoConfiguration.class)
+@ImportAutoConfiguration({AopAuthorizeAutoConfiguration.class, AuthorizingHandlerAutoConfiguration.class})
 public @interface EnableAopAuthorize {

 }
--- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/define/DefaultBasicAuthorizeDefinition.java
+++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/define/DefaultBasicAuthorizeDefinition.java
@@ -6,11 +6,9 @@ import org.hswebframework.web.authorization.annotation.Authorize;
 import org.hswebframework.web.authorization.annotation.Logical;
 import org.hswebframework.web.authorization.annotation.RequiresDataAccess;
 import org.hswebframework.web.authorization.annotation.RequiresExpression;
-import org.hswebframework.web.authorization.define.AuthorizeDefinition;
-import org.hswebframework.web.authorization.define.DataAccessDefinition;
-import org.hswebframework.web.authorization.define.Phased;
-import org.hswebframework.web.authorization.define.Script;
+import org.hswebframework.web.authorization.define.*;

+import java.lang.reflect.Method;
 import java.util.Arrays;
 import java.util.HashSet;
 import java.util.LinkedHashSet;
@@ -27,7 +25,7 @@ import java.util.Set;
@NoArgsConstructor
@AllArgsConstructor
@ToString
-public class DefaultBasicAuthorizeDefinition implements AuthorizeDefinition {
+public class DefaultBasicAuthorizeDefinition implements AopAuthorizeDefinition {
    private boolean dataAccessControl;

    private String[] permissionDescription = {};
@@ -52,6 +50,10 @@ public class DefaultBasicAuthorizeDefinition implements AuthorizeDefinition {

    private Phased phased = Phased.before;

+    private Class targetClass;
+
+    private Method targetMethod;
+
    @Override
    public Phased getPhased() {
        return phased;
--- a/hsweb-authorization/hsweb-authorization-basic/src/main/resources/META-INF/spring.factories
+++ b/hsweb-authorization/hsweb-authorization-basic/src/main/resources/META-INF/spring.factories
@@ -1,5 +0,0 @@
-# Auto Configure
-org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
-org.hswebframework.web.authorization.basic.configuration.CorsAutoConfiguration,\
-org.hswebframework.web.authorization.basic.configuration.AopAuthorizeAutoConfiguration,\
-org.hswebframework.web.authorization.basic.configuration.AuthorizingHandlerAutoConfiguration