权限demo版

SmartCommunity/SmartCommunityV1/zuul/src/main/java/com/example/demo/config/entity/UserElement.java

@@ -0,0 +1,4 @@
+package com.example.demo.config.entity;
+
+public class UserElement {
+}

SmartCommunity/SmartCommunityV1/zuul/src/main/java/com/example/demo/constant/Constants.java

@@ -0,0 +1,19 @@
+package com.example.demo.constant;
+
+/**
+ * 定义参数
+ * @author weiximei
+ */
+public class Parameters {
+
+    /**
+     * 不需要授权的URL身份
+     */
+    public static final String ROLE_NONO = "ROLE_NONE";
+
+    /**
+     * token
+     */
+    public static final String X_AUTH_TOKEN = "X-Auth-Token";
+
+}

SmartCommunity/SmartCommunityV1/zuul/src/main/java/com/example/demo/constant/Header.java

@@ -0,0 +1,4 @@
+package com.example.demo.constant;
+
+public class Header {
+}

SmartCommunity/SmartCommunityV1/zuul/src/main/java/com/example/demo/constant/Status.java

@@ -0,0 +1,4 @@
+package com.example.demo.constant;
+
+public enum Status {
+}

SmartCommunity/SmartCommunityV1/zuul/src/main/java/com/example/demo/dto/MenuDTO.java

@@ -0,0 +1,4 @@
+package com.example.demo.dto;
+
+public class MenuDTO {
+}

SmartCommunity/SmartCommunityV1/zuul/src/main/java/com/example/demo/dto/RoleDTO.java

@@ -0,0 +1,4 @@
+package com.example.demo.dto;
+
+public class RoleDTO {
+}

SmartCommunity/SmartCommunityV1/zuul/src/main/java/com/example/demo/exception/WisdomSecurityException.java

@@ -0,0 +1,4 @@
+package com.example.demo.exception;
+
+public class WisdomSecurityException {
+}

SmartCommunity/SmartCommunityV1/zuul/src/main/java/com/example/demo/security/RestAuthenticationEntryPoint.java

@@ -0,0 +1,4 @@
+package com.example.demo.security;
+
+public class RestAuthenticationEntryPoint {
+}

SmartCommunity/SmartCommunityV1/zuul/src/main/java/com/example/demo/security/RestPreAuthenticateProvider.java

@@ -0,0 +1,4 @@
+package com.example.demo.security;
+
+public class RestPreAuthenticateProvider {
+}

SmartCommunity/SmartCommunityV1/zuul/src/main/java/com/example/demo/security/RestPreAuthenticatedProcessingFilter.java

@@ -0,0 +1,152 @@
+package com.example.demo.security;
+
+import ch.qos.logback.core.joran.conditional.ElseAction;
+import com.example.demo.config.HttpSessionConfig;
+import com.example.demo.config.entity.UserElement;
+import com.example.demo.constant.Constants;
+import com.example.demo.constant.Header;
+import com.example.demo.constant.Status;
+import com.example.demo.dto.RoleDTO;
+import com.example.demo.entity.ToSysMenu;
+import com.example.demo.service.IRoleService;
+import com.example.userserver.entity.User;
+import org.apache.commons.lang.StringUtils;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.authority.SimpleGrantedAuthority;
+import org.springframework.security.web.authentication.preauth.AbstractPreAuthenticatedProcessingFilter;
+import org.springframework.util.AntPathMatcher;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+import java.util.ArrayList;
+import java.util.List;
+import java.util.stream.Collectors;
+
+/**
+ * 预授权
+ * @author weiximei
+ */
+public class RestAbstractPreAuthenticatedProcessingFilter extends AbstractPreAuthenticatedProcessingFilter {
+
+    private AntPathMatcher matcher = new AntPathMatcher();
+
+    private IRoleService iRoleService;
+
+
+    /** 用户类型请求登陆类型 **/
+    private String loginType;
+
+    /**
+     * 不需要权限访问的路径
+     */
+    private List<ToSysMenu> noneSecurity;
+
+    /**
+     * 获取主体信息
+     *
+     *      1.验证是否有权限
+     *      2.授权
+     *
+     * @param request
+     * @return
+     */
+    @Override
+    protected Object getPreAuthenticatedPrincipal(HttpServletRequest request) {
+        List<GrantedAuthority> grantedAuthorityList = new ArrayList<>();
+        // 不需要的拦截请求处理
+        if (isNoneSecurity(request.getRequestURI().toString()) || "OPTIONS".equals(request.getMethod())){
+            GrantedAuthority[] authorities = new GrantedAuthority[1];
+            GrantedAuthority roleNone = new SimpleGrantedAuthority(Constants.ROLE_NONE);
+            authorities[0]=roleNone;
+            grantedAuthorityList.add(authorities[0]);
+            return new TokenAuthrentication(grantedAuthorityList);
+        }
+
+        isInspection(request);
+
+        if (null == request.getAttribute(Header.HEADER_ERROR.getValue())){
+            try {
+                UserElement userElement = getUserElement(loginType, request);
+                List<RoleDTO> roleDTOList = iRoleService.getUserRoleByUserId(userElement.getId());
+                grantedAuthorityList = roleDTOList.stream()
+                        .map(e->new SimpleGrantedAuthority(e.getRoleName().trim()))
+                        .collect(Collectors.toList());
+            } catch (Exception e){
+                System.out.println("用户授权失败!");
+                e.printStackTrace();
+            }
+
+        }else {
+            // 校验有问题后, 需要给个角色, 让流程继续下去
+            GrantedAuthority[] authorities = new GrantedAuthority[1];
+            GrantedAuthority roleNone = new SimpleGrantedAuthority("ROLE_NONE");
+            authorities[0]=roleNone;
+            grantedAuthorityList.add(authorities[0]);
+        }
+
+        return new TokenAuthrentication(grantedAuthorityList);
+    }
+
+
+    @Override
+    protected Object getPreAuthenticatedCredentials(HttpServletRequest httpServletRequest) {
+        return null;
+    }
+
+    /**
+     * 验证url是否是不需要权限访问
+     * @param url
+     * @return
+     */
+    private boolean isNoneSecurity(String url){
+        for (ToSysMenu sysMenu : noneSecurity) {
+            if (matcher.match(sysMenu.getMenuUrl(),url)){
+                return true;
+            }
+        }
+        return false;
+    }
+
+    /**
+     * 检验Token, App版本, 用户登录类型
+     * @param request
+     */
+    private void isInspection(HttpServletRequest request){
+        // Token检测
+        String token = request.getHeader(Header.REQUEST_X_AUTH_TOKEN.getValue()).trim();
+        if (StringUtils.isNotBlank(token)) {
+            request.setAttribute(Header.HEADER_ERROR.getValue(), Status.RESPONSE_STATUS_802.getValue());
+        }
+        // APP版本检测
+        String version = request.getHeader(Header.REQUEST_VERSION.getValue()).trim();
+        if (StringUtils.isBlank(version)){
+            request.setAttribute(Header.HEADER_ERROR.getValue(),Status.RESPONSE_STATUS_800.getValue());
+        }
+        // 用户登陆类型检测
+        loginType = ((String) request.getAttribute(Header.LOGIN_TYPE.getValue())).trim();
+        if (StringUtils.isBlank(loginType)) {
+            request.setAttribute(Header.HEADER_ERROR.getValue(),Status.RESPONSE_STATUS_801.getValue());
+        }
+    }
+
+
+    /**
+     * 获取用户session信息
+     * @param loginType 用户类型
+     * @param request
+     * @return
+     */
+    public UserElement getUserElement(String loginType, HttpServletRequest request){
+        HttpSession session = request.getSession();
+        UserElement userElement = null;
+        if ("app".equals(loginType)) {
+            userElement = (UserElement) session.getAttribute(Constants.APP_USER_SESSION);
+        } else if ("web".equals(loginType)) {
+            userElement = (UserElement) session.getAttribute(Constants.WEB_USER_SESSION);
+        }
+
+        return userElement;
+    }
+
+}

SmartCommunity/SmartCommunityV1/zuul/src/main/java/com/example/demo/security/TokenAuthrentication.java

@@ -0,0 +1,26 @@
+package com.example.demo.security;
+
+import org.springframework.security.authentication.AbstractAuthenticationToken;
+import org.springframework.security.core.GrantedAuthority;
+
+import java.util.Collection;
+
+public class SecurityAuthrentication extends AbstractAuthenticationToken {
+
+    /**
+     * 创建权限集合
+     */
+    public SecurityAuthrentication(Collection<? extends GrantedAuthority> authorities) {
+        super(authorities);
+    }
+
+    @Override
+    public Object getCredentials() {
+        return null;
+    }
+
+    @Override
+    public Object getPrincipal() {
+        return null;
+    }
+}

SmartCommunity/SmartCommunityV1/zuul/src/main/java/com/example/demo/service/IRoleService.java

@@ -0,0 +1,4 @@
+package com.example.demo.service;
+
+public interface IRoleService {
+}

SmartCommunity/SmartCommunityV1/zuul/src/main/java/com/example/demo/service/IUserService.java

@@ -0,0 +1,4 @@
+package com.example.demo.service;
+
+public class IUserService {
+}

SmartCommunity/SmartCommunityV1/zuul/src/main/java/com/example/demo/service/impl/RoleService.java

@@ -0,0 +1,4 @@
+package com.example.demo.service.impl;
+
+public class RoleService {
+}

SmartCommunity/SmartCommunityV1/zuul/src/main/java/com/example/demo/service/impl/UserService.java

@@ -0,0 +1,4 @@
+package com.example.demo.service.impl;
+
+public class UserService {
+}