未登录或者无权限时不抛出异常

cf1d130c · suntao · 0d18c3c2 · cf1d130c · cf1d130c · cf1d130c
Commit cf1d130c authored Jan 02, 2020 by suntao
5 changed files
--- a/src/main/java/cn/quantgroup/cashloanflowboss/component/security/SecurityHandler.java
+++ b/src/main/java/cn/quantgroup/cashloanflowboss/component/security/SecurityHandler.java
 package cn.quantgroup.cashloanflowboss.component.security;

+import cn.quantgroup.cashloanflowboss.core.base.Tuple;
+import cn.quantgroup.cashloanflowboss.core.dictionary.ApplicationStatus;
 import org.aopalliance.intercept.MethodInvocation;

 /**
@@ -8,5 +10,5 @@ import org.aopalliance.intercept.MethodInvocation;
 * Created by WeiWei on 2018/12/24.
 */
 public interface SecurityHandler {
-    boolean doAuthentication(final MethodInvocation invocation, String authorityId, Authority[] authority) throws Throwable;
+    Tuple<Boolean, ApplicationStatus> doAuthentication(final MethodInvocation invocation, String authorityId, Authority[] authority) throws Throwable;
 }
\ No newline at end of file
--- a/src/main/java/cn/quantgroup/cashloanflowboss/component/security/SecurityInterceptor.java
+++ b/src/main/java/cn/quantgroup/cashloanflowboss/component/security/SecurityInterceptor.java
@@ -2,9 +2,11 @@ package cn.quantgroup.cashloanflowboss.component.security;

 import cn.quantgroup.cashloanflowboss.component.security.annotiation.Security;
 import cn.quantgroup.cashloanflowboss.core.base.Result;
+import cn.quantgroup.cashloanflowboss.core.base.Tuple;
 import cn.quantgroup.cashloanflowboss.core.dictionary.ApplicationStatus;
 import org.aopalliance.intercept.MethodInterceptor;
 import org.aopalliance.intercept.MethodInvocation;
+import org.apache.commons.lang3.BooleanUtils;
 import org.springframework.context.support.ApplicationObjectSupport;

 import java.io.Serializable;
@@ -18,9 +20,10 @@ public class SecurityInterceptor extends ApplicationObjectSupport implements Met
    public Object invoke(final MethodInvocation invocation) throws Throwable {

        Security security = invocation.getMethod().getAnnotation(Security.class);
-
-        if (!this.getApplicationContext().getBean(SecurityHandler.class).doAuthentication(invocation, security.authorityId(), security.authorities())) {
-            return Result.buildFail(ApplicationStatus.INVALID_AUTHORITY);
+        Tuple<Boolean, ApplicationStatus> doAuthentication = this.getApplicationContext().getBean(SecurityHandler.class).doAuthentication(invocation, security.authorityId(), security.authorities());
+        if (BooleanUtils.isFalse(doAuthentication.getKey())) {
+            // 未通过验证
+            return Result.buildFail(doAuthentication.getValue());
        }

        return invocation.proceed();

--- a/src/main/java/cn/quantgroup/cashloanflowboss/core/asserts/Assert.java
+++ b/src/main/java/cn/quantgroup/cashloanflowboss/core/asserts/Assert.java
@@ -325,26 +325,22 @@ public class Assert {
    public static Boolean isLastLogin(Map<String, Object> concurrentHashMapLoginInfo) {
        HttpSession session = Application.getSession();
        if (Objects.isNull(session)) {
-            System.out.println("session 为空");
            return false;
        }
        Principal principal = Application.getPrincipal();
        if (Objects.isNull(principal)) {
-            System.out.println("principal 为空");
            return false;
        }

        Object userLastLoginTimeObject = concurrentHashMapLoginInfo.get(principal.getUserInfo().getUserId()+"");
        if (Objects.isNull(userLastLoginTimeObject)) {
            // 没有登陆时间 不处理
-            System.out.println("userLastLoginTimeObject 为空");
            return false;
        }

        // 获取session最后登陆时间
        Object creationTimeObject = session.getAttribute(ApplicationDictionary.USER_SESSION_LOGIN_TIME);
        if (Objects.isNull(creationTimeObject)) {
-            System.out.println("lastAccessedTime 为空");
            return false;
        }


--- a/src/main/java/cn/quantgroup/cashloanflowboss/core/configuration/ApplicationSecurityHandler.java
+++ b/src/main/java/cn/quantgroup/cashloanflowboss/core/configuration/ApplicationSecurityHandler.java
@@ -8,10 +8,12 @@ import cn.quantgroup.cashloanflowboss.component.security.Authority;
 import cn.quantgroup.cashloanflowboss.component.security.SecurityHandler;
 import cn.quantgroup.cashloanflowboss.core.Application;
 import cn.quantgroup.cashloanflowboss.core.asserts.Assert;
+import cn.quantgroup.cashloanflowboss.core.base.Tuple;
 import cn.quantgroup.cashloanflowboss.core.dictionary.ApplicationStatus;
 import cn.quantgroup.cashloanflowboss.core.exception.ApplicationException;
 import org.aopalliance.intercept.MethodInvocation;
 import org.apache.commons.collections.CollectionUtils;
+import org.apache.commons.lang3.BooleanUtils;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;

@@ -29,31 +31,34 @@ public class ApplicationSecurityHandler implements SecurityHandler {
    private LoginService loginService;

    @Override
-    public boolean doAuthentication(MethodInvocation invocation, String authorityId, Authority[] authority) throws Throwable {
+    public Tuple<Boolean, ApplicationStatus> doAuthentication(MethodInvocation invocation, String authorityId, Authority[] authority) {

        Principal principal = Application.getPrincipal();

        // 检查是否已登录
-        Assert.isNull(principal, ApplicationStatus.AUTHENTICATION_LOGIN);
+        if (principal == null) {
+            return new Tuple<>(Boolean.FALSE, ApplicationStatus.AUTHENTICATION_LOGIN);
+        }

        // 是否 被挤下线
        Boolean isLogin = Assert.isLastLogin(loginService.getConcurrentHashMapLoginInfo());
-        if (isLogin != null && isLogin) {
+        if (BooleanUtils.isTrue(isLogin)) {
            // 退出登陆
            loginService.logout();
            // 返回 信息
-            throw new ApplicationException(ApplicationStatus.AUTHENTICATION_LOGIN_CROWD_OUT);
+            return new Tuple<>(Boolean.FALSE, ApplicationStatus.AUTHENTICATION_LOGIN_CROWD_OUT);
        }


        // 如果是超级管理员跳过权限验证
-        return  principal.isSuperAdministrator() || principal.getRoles().stream().anyMatch(role -> {
+        boolean hasPrivilege = principal.isSuperAdministrator() || principal.getRoles().stream().anyMatch(role -> {
            List<Role> roleList = getRoleAndParent(role);
            if (CollectionUtils.isEmpty(roleList)) {
                return false;
            }
-            return roleList.stream().anyMatch(_role -> this.checkAuthority(authorityId, _role));
+            return roleList.stream().anyMatch(roleItem -> this.checkAuthority(authorityId, roleItem));
        });
+        return new Tuple<>(hasPrivilege, hasPrivilege ? null : ApplicationStatus.INVALID_AUTHORITY);

    }


--- a/src/main/java/cn/quantgroup/cashloanflowboss/core/configuration/BossCorsConfiguration.java
+++ b/src/main/java/cn/quantgroup/cashloanflowboss/core/configuration/BossCorsConfiguration.java
@@ -43,7 +43,7 @@ public class BossCorsConfiguration extends WebMvcConfigurerAdapter {
        corsConfiguration.addAllowedMethod("*");
        return corsConfiguration;
    }
-    @Bean
+    //@Bean
    public CorsFilter corsFilter() {
        UrlBasedCorsConfigurationSource source = new UrlBasedCorsConfigurationSource();
        source.registerCorsConfiguration("/**", buildConfig());