更换权限认证策略

b387cf5d · WeiWei · 2d60d91b · b387cf5d · b387cf5d · b387cf5d
Commit b387cf5d authored Aug 06, 2019 by WeiWei
13 changed files
--- a/src/main/java/cn/quantgroup/cashloanflowboss/api/log/controller/LogController.java
+++ b/src/main/java/cn/quantgroup/cashloanflowboss/api/log/controller/LogController.java
@@ -2,7 +2,6 @@ package cn.quantgroup.cashloanflowboss.api.log.controller;
 import cn.quantgroup.cashloanflowboss.api.log.model.LoginFormModel;
 import cn.quantgroup.cashloanflowboss.api.log.service.LogService;
-import cn.quantgroup.cashloanflowboss.component.security.Power;
 import cn.quantgroup.cashloanflowboss.component.security.annotiation.Security;
 import cn.quantgroup.cashloanflowboss.core.base.Result;
 import cn.quantgroup.cashloanflowboss.core.dictionary.ApplicationStatus;
@@ -39,7 +38,7 @@ public class LogController {
     *
     * @return
     */
-    @Security(authorityId = "Log.logout", power = Power.CREATE)
+    @Security(authorityId = "Log.logout")
    @DeleteMapping("/logout")
    public Result<Boolean> logout() {
        return new Result<>(ApplicationStatus.SUCCESS, this.logService.logout());

--- a/src/main/java/cn/quantgroup/cashloanflowboss/api/log/service/LogService.java
+++ b/src/main/java/cn/quantgroup/cashloanflowboss/api/log/service/LogService.java
@@ -3,7 +3,7 @@ package cn.quantgroup.cashloanflowboss.api.log.service;
 import cn.quantgroup.cashloanflowboss.api.user.dictionary.UserStatus;
 import cn.quantgroup.cashloanflowboss.api.user.entity.User;
 import cn.quantgroup.cashloanflowboss.api.user.service.UserService;
-import cn.quantgroup.cashloanflowboss.component.security.Power;
+import cn.quantgroup.cashloanflowboss.component.security.Authority;
 import cn.quantgroup.cashloanflowboss.core.asserts.Assert;
 import cn.quantgroup.cashloanflowboss.core.dictionary.ApplicationDictionary;
 import cn.quantgroup.cashloanflowboss.core.dictionary.ApplicationStatus;
@@ -51,8 +51,8 @@ public class LogService {
        Assert.isFalse(user.getPassword().equalsIgnoreCase(MD5Tools.md5(password)), ApplicationStatus.USERNAME_OR_PASSWORD_ERROR);
        HttpSession session = this.request.getSession(true);
-        session.setAttribute(ApplicationDictionary.SECURITY_KEY, JSONTools.serialize(new HashMap<String, Power>() {{
+        session.setAttribute(ApplicationDictionary.SECURITY_KEY, JSONTools.serialize(new HashMap<String, Authority>() {{
-            put("Log.logout", Power.CREATE);
+            put("Log.logout", Authority.CREATE);
        }}));
        return true;

--- a/src/main/java/cn/quantgroup/cashloanflowboss/api/role/entity/Permission.java
+++ b/src/main/java/cn/quantgroup/cashloanflowboss/api/role/entity/Permission.java
+package cn.quantgroup.cashloanflowboss.api.role.entity;
+import cn.quantgroup.cashloanflowboss.component.security.Authority;
+import lombok.Data;
+import java.util.List;
+/**
+ * Created by WeiWei on 2019/7/30.
+ */
+@Data
+public class Permission {
+    /**
+     * 授权ID
+     */
+    private String id;
+    /**
+     * 权利
+     */
+    private List<Authority> authorities;
+}
--- a/src/main/java/cn/quantgroup/cashloanflowboss/api/role/entity/Role.java
+++ b/src/main/java/cn/quantgroup/cashloanflowboss/api/role/entity/Role.java
+package cn.quantgroup.cashloanflowboss.api.role.entity;
+import cn.quantgroup.cashloanflowboss.component.security.Authority;
+import cn.quantgroup.cashloanflowboss.core.persistence.Primary;
+import lombok.Data;
+import javax.persistence.Entity;
+import javax.persistence.Table;
+import java.util.List;
+/**
+ * Created by WeiWei on 2019/7/30.
+ */
+@Data
+@Entity
+@Table(name = "role")
+public class Role extends Primary {
+    /**
+     * 父角色
+     */
+    private Role parent;
+    /**
+     * 角色名称
+     */
+    private String name;
+    /**
+     * 授权列表
+     */
+    private List<Authority> authorities;
+}
--- a/src/main/java/cn/quantgroup/cashloanflowboss/api/role/repository/RoleRepository.java
+++ b/src/main/java/cn/quantgroup/cashloanflowboss/api/role/repository/RoleRepository.java
+package cn.quantgroup.cashloanflowboss.api.role.repository;
+import org.springframework.stereotype.Repository;
+/**
+ * Created by WeiWei on 2019/7/30.
+ */
+@Repository
+public interface RoleRepository {
+}
--- a/src/main/java/cn/quantgroup/cashloanflowboss/api/user/controller/UserController.java
+++ b/src/main/java/cn/quantgroup/cashloanflowboss/api/user/controller/UserController.java
@@ -7,6 +7,7 @@ import cn.quantgroup.cashloanflowboss.api.user.service.UserService;
 import cn.quantgroup.cashloanflowboss.component.security.Power;
 import cn.quantgroup.cashloanflowboss.component.security.annotiation.Security;
 import cn.quantgroup.cashloanflowboss.component.validator.constraints.NotEmpty;
+import cn.quantgroup.cashloanflowboss.component.validator.constraints.NotEmpty;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.data.domain.Page;
 import org.springframework.web.bind.annotation.*;

--- a/src/main/java/cn/quantgroup/cashloanflowboss/component/security/Authority.java
+++ b/src/main/java/cn/quantgroup/cashloanflowboss/component/security/Authority.java
+package cn.quantgroup.cashloanflowboss.component.security;
+/**
+ * Created by WeiWei on 2019/7/26.
+ */
+public enum Authority {
+    /**
+     * 新建
+     */
+    CREATE,
+    /**
+     * 读取
+     */
+    READ,
+    /**
+     * 更新
+     */
+    UPDATE,
+    /**
+     * 删除
+     */
+    DELETE
+}
--- a/src/main/java/cn/quantgroup/cashloanflowboss/component/security/SecurityHandler.java
+++ b/src/main/java/cn/quantgroup/cashloanflowboss/component/security/SecurityHandler.java
@@ -8,7 +8,5 @@ import org.aopalliance.intercept.MethodInvocation;
 * Created by WeiWei on 2018/12/24.
 */
 public interface SecurityHandler {
+    boolean doAuthentication(final MethodInvocation invocation, String authorityId, Authority[] authority) throws Throwable;
-    boolean doAuthentication(final MethodInvocation invocation, String authorityId, Power[] power) throws Throwable;
 }
\ No newline at end of file
--- a/src/main/java/cn/quantgroup/cashloanflowboss/component/security/SecurityInterceptor.java
+++ b/src/main/java/cn/quantgroup/cashloanflowboss/component/security/SecurityInterceptor.java
@@ -18,7 +18,7 @@ public class SecurityInterceptor extends ApplicationObjectSupport implements Met
        Security security = invocation.getMethod().getAnnotation(Security.class);
-        if (!this.getApplicationContext().getBean(SecurityHandler.class).doAuthentication(invocation, security.authorityId(), security.power())) {
+        if (!this.getApplicationContext().getBean(SecurityHandler.class).doAuthentication(invocation, security.authorityId(), security.authorities())) {
            throw new ApplicationException("认证失败");
        }

--- a/src/main/java/cn/quantgroup/cashloanflowboss/component/security/annotiation/Security.java
+++ b/src/main/java/cn/quantgroup/cashloanflowboss/component/security/annotiation/Security.java
 package cn.quantgroup.cashloanflowboss.component.security.annotiation;
-import cn.quantgroup.cashloanflowboss.component.security.Power;
+import cn.quantgroup.cashloanflowboss.component.security.Authority;
 import java.lang.annotation.ElementType;
 import java.lang.annotation.Retention;
@@ -28,6 +28,6 @@ public @interface Security {
     *
     * @return
     */
-    Power[] power() default {};
+    Authority[] authorities() default {};
 }
\ No newline at end of file
--- a/src/main/java/cn/quantgroup/cashloanflowboss/core/configuration/ApplicationSecurityConfiguration.java
+++ b/src/main/java/cn/quantgroup/cashloanflowboss/core/configuration/ApplicationSecurityConfiguration.java
 package cn.quantgroup.cashloanflowboss.core.configuration;
-import cn.quantgroup.cashloanflowboss.component.security.Power;
+import cn.quantgroup.cashloanflowboss.api.role.entity.Permission;
+import cn.quantgroup.cashloanflowboss.component.security.Authority;
 import cn.quantgroup.cashloanflowboss.component.security.SecurityHandler;
+import cn.quantgroup.cashloanflowboss.core.asserts.Assert;
 import cn.quantgroup.cashloanflowboss.core.dictionary.ApplicationDictionary;
+import cn.quantgroup.cashloanflowboss.core.dictionary.ApplicationStatus;
 import cn.quantgroup.cashloanflowboss.utils.JSONTools;
 import com.fasterxml.jackson.core.type.TypeReference;
 import org.aopalliance.intercept.MethodInvocation;
@@ -12,7 +15,7 @@ import org.springframework.context.annotation.Configuration;
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
 import java.util.Arrays;
-import java.util.Map;
+import java.util.List;
 import java.util.Objects;
 /**
@@ -25,12 +28,26 @@ public class ApplicationSecurityConfiguration implements SecurityHandler {
    private HttpServletRequest request;
    @Override
-    public boolean doAuthentication(MethodInvocation invocation, String authorityId, Power[] power) throws Throwable {
+    public boolean doAuthentication(MethodInvocation invocation, String authorityId, Authority[] authority) throws Throwable {
-        HttpSession session = this.request.getSession();
+        // 获取Session
-        Map<String, Power> permissions = JSONTools.deserialize(String.valueOf(session.getAttribute(ApplicationDictionary.SECURITY_KEY)), new TypeReference<Map<String, Power>>() {});
+        HttpSession session = this.request.getSession(false);
-        return Objects.nonNull(permissions) && permissions.containsKey(authorityId) && Arrays.asList(power).contains(permissions.get(authorityId));
+        // 检查是否已登录
+        Assert.isNull(session.getAttribute(ApplicationDictionary.SECURITY_KEY), ApplicationStatus.AUTHENTICATION_FAILURE);
+        // 读取Session授权内容
+        List<Permission> permissions = JSONTools.deserialize(String.valueOf(session.getAttribute(ApplicationDictionary.SECURITY_KEY)), new TypeReference<List<Permission>>() {});
+        if (Objects.nonNull(permissions)) {
+            Permission permission = permissions.parallelStream().filter(p2 -> p2.getId().equals(authorityId)).findFirst().orElseThrow(ApplicationStatus.INVALID_AUTHORITY::throwException);
+            return !(Objects.isNull(permission.getAuthorities()) || permission.getAuthorities().isEmpty()) && permission.getAuthorities().parallelStream().anyMatch(a -> Arrays.asList(authority).contains(a));
+        }
+        return false;
    }

--- a/src/main/java/cn/quantgroup/cashloanflowboss/core/dictionary/ApplicationStatus.java
+++ b/src/main/java/cn/quantgroup/cashloanflowboss/core/dictionary/ApplicationStatus.java
 package cn.quantgroup.cashloanflowboss.core.dictionary;
+import cn.quantgroup.cashloanflowboss.core.exception.ApplicationException;
 import lombok.Getter;
 /**
@@ -24,6 +25,8 @@ public enum ApplicationStatus implements Status<ApplicationStatus> {
    JSON_DATA_EXCEPTION(500005, "无效的JSON数据"),
+    INVALID_AUTHORITY(501001, "无效的授权"),
    INVALID_USER(501001, "无效的用户"),
    DISABLED_USER(501002, "用户已被禁用"),
@@ -42,4 +45,11 @@ public enum ApplicationStatus implements Status<ApplicationStatus> {
        this.status = this;
    }
+    /**
+     * 抛出本状态异常
+     */
+    public ApplicationException throwException() {
+        throw new ApplicationException(this);
+    }
 }
--- a/src/main/java/cn/quantgroup/cashloanflowboss/core/dictionary/Status.java
+++ b/src/main/java/cn/quantgroup/cashloanflowboss/core/dictionary/Status.java
@@ -30,4 +30,5 @@ public interface Status<T> {
     */
    Status<T> getStatus();
 }