首頁 探索 說明
登入
iot
/
hsweb-framework
4
0
複刻 0
檔案 問題管理 0 合併請求 0 Wiki
瀏覽代碼

优化basic Authorization

zhou-hao 7 年之前
父節點
e74b5d4192
當前提交
164311ec98
共有 8 個文件被更改,包括 55 次插入17 次删除
分割檢視 顯示文件統計
  1. 4 1
      hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/configuration/AuthorizingHandlerAutoConfiguration.java
  2. 5 0
      hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/UserTokenForTypeParser.java
  3. 21 1
      hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/WebUserTokenInterceptor.java
  4. 5 3
      hsweb-authorization/hsweb-authorization-jwt/src/main/java/org/hswebframework/web/authorization/jwt/JwtTokenParser.java
  5. 6 6
      hsweb-examples/hsweb-examples-simple/src/main/java/org/hswebframework/web/example/simple/SpringBootExample.java
  6. 1 0
      hsweb-examples/hsweb-examples-simple/src/main/resources/application.yml
  7. 3 2
      hsweb-starter/hsweb-spring-boot-starter/src/main/java/org/hswebframework/web/starter/RestControllerExceptionTranslator.java
  8. 10 4
      hsweb-system/hsweb-system-authorization/hsweb-system-authorization-starter/src/main/java/org/hswebframework/web/authorization/starter/BasicAuthorizationTokenParser.java

+ 4 - 1
hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/configuration/AuthorizingHandlerAutoConfiguration.java
查看文件 

@@ -2,6 +2,7 @@ package org.hswebframework.web.authorization.basic.configuration;
 
 
 import org.hswebframework.web.authorization.access.DataAccessController;
 
 import org.hswebframework.web.authorization.access.DataAccessHandler;
 
+import org.hswebframework.web.authorization.basic.aop.AopMethodAuthorizeDefinitionParser;
 
 import org.hswebframework.web.authorization.basic.handler.DefaultAuthorizingHandler;
 
 import org.hswebframework.web.authorization.basic.handler.access.DefaultDataAccessController;
 
 import org.hswebframework.web.authorization.basic.web.*;
 
@@ -52,11 +53,13 @@ public class AuthorizingHandlerAutoConfiguration {
 
 
     @Bean
 
     public WebMvcConfigurer webUserTokenInterceptorConfigurer(UserTokenManager userTokenManager,
 
+                                                              AopMethodAuthorizeDefinitionParser parser,
 
                                                               List<UserTokenParser> userTokenParser) {
 
+
 
         return new WebMvcConfigurerAdapter() {
 
             @Override
 
             public void addInterceptors(InterceptorRegistry registry) {
 
-                registry.addInterceptor(new WebUserTokenInterceptor(userTokenManager, userTokenParser));
 
+                registry.addInterceptor(new WebUserTokenInterceptor(userTokenManager, userTokenParser,parser));
 
                 super.addInterceptors(registry);
 
             }
 
         };

+ 5 - 0
hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/UserTokenForTypeParser.java
查看文件 

@@ -0,0 +1,5 @@
 
+package org.hswebframework.web.authorization.basic.web;
 
+
 
+public interface UserTokenForTypeParser extends UserTokenParser {
 
+    String getTokenType();
 
+}

+ 21 - 1
hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/WebUserTokenInterceptor.java
查看文件 

@@ -1,8 +1,12 @@
 
 package org.hswebframework.web.authorization.basic.web;
 
 
+import org.hswebframework.web.authorization.basic.aop.AopMethodAuthorizeDefinitionParser;
 
+import org.hswebframework.web.authorization.define.AuthorizeDefinition;
 
 import org.hswebframework.web.authorization.token.UserToken;
 
 import org.hswebframework.web.authorization.token.UserTokenHolder;
 
 import org.hswebframework.web.authorization.token.UserTokenManager;
 
+import org.springframework.beans.factory.annotation.Autowired;
 
+import org.springframework.web.method.HandlerMethod;
 
 import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
 
 
 import javax.servlet.http.HttpServletRequest;
 
@@ -22,9 +26,18 @@ public class WebUserTokenInterceptor extends HandlerInterceptorAdapter {
 
 
     private List<UserTokenParser> userTokenParser;
 
 
-    public WebUserTokenInterceptor(UserTokenManager userTokenManager, List<UserTokenParser> userTokenParser) {
 
+    private AopMethodAuthorizeDefinitionParser parser;
 
+
 
+    private boolean enableBasicAuthorization = false;
 
+
 
+    public WebUserTokenInterceptor(UserTokenManager userTokenManager, List<UserTokenParser> userTokenParser,AopMethodAuthorizeDefinitionParser definitionParser) {
 
         this.userTokenManager = userTokenManager;
 
         this.userTokenParser = userTokenParser;
 
+        this.parser=definitionParser;
 
+
 
+        enableBasicAuthorization = userTokenParser.stream()
 
+                .filter(UserTokenForTypeParser.class::isInstance)
 
+                .anyMatch(parser -> "basic".equalsIgnoreCase(((UserTokenForTypeParser) parser).getTokenType()));
 
     }
 
 
     @Override
 
@@ -35,6 +48,13 @@ public class WebUserTokenInterceptor extends HandlerInterceptorAdapter {
 
                 .collect(Collectors.toList());
 
 
         if (tokens.isEmpty()) {
 
+            if (enableBasicAuthorization && handler instanceof HandlerMethod) {
 
+                HandlerMethod method = ((HandlerMethod) handler);
 
+                AuthorizeDefinition definition = parser.parse(method.getBeanType(), method.getMethod());
 
+                if (null != definition) {
 
+                    response.addHeader("WWW-Authenticate", " Basic realm=\"\"");
 
+                }
 
+            }
 
             return true;
 
         }
 
         for (ParsedToken parsedToken : tokens) {

+ 5 - 3
hsweb-authorization/hsweb-authorization-jwt/src/main/java/org/hswebframework/web/authorization/jwt/JwtTokenParser.java
查看文件 

@@ -35,9 +35,11 @@ public class JwtTokenParser implements UserTokenParser {
 
             if (!StringUtils.isEmpty(headerToken)) {
 
                 if (headerToken.contains(" ")) {
 
                     String[] auth = headerToken.split("[ ]");
 
-                    // if(auth[0].equalsIgnoreCase("jwt")){
 
-                    headerToken = auth[1];
 
-                    //}
 
+                    if (auth[0].equalsIgnoreCase("jwt") || auth[0].equalsIgnoreCase("Bearer")) {
 
+                        headerToken = auth[1];
 
+                    }else{
 
+                        return null;
 
+                    }
 
                 }
 
             }
 
         }

+ 6 - 6
hsweb-examples/hsweb-examples-simple/src/main/java/org/hswebframework/web/example/simple/SpringBootExample.java
查看文件 

@@ -87,12 +87,12 @@ import java.util.stream.Stream;
 
 public class SpringBootExample
 
         implements CommandLineRunner ,ApplicationListener<AuthorizeDefinitionInitializedEvent>{
 
 
-    @Bean
 
-    public AopMethodAuthorizeDefinitionCustomizerParser customizerParser(){
 
-        //自定义权限声明
 
-        //所有控制都通过
 
-        return (type,method,context) -> EmptyAuthorizeDefinition.instance;
 
-    }
 
+//    @Bean
 
+//    public AopMethodAuthorizeDefinitionCustomizerParser customizerParser(){
 
+//        //自定义权限声明
 
+//        //所有控制都通过
 
+//        return (type,method,context) -> EmptyAuthorizeDefinition.instance;
 
+//    }
 
 
     @Bean
 
     public AccessLoggerListener accessLoggerListener() {

+ 1 - 0
hsweb-examples/hsweb-examples-simple/src/main/resources/application.yml
查看文件 

@@ -22,6 +22,7 @@ hsweb:
 
       allowed-headers: "*"
 
     authorize:
 
       auto-parse: true # 自动解析所有代码中到权限,并触发 ApplicationListener<AuthorizeDefinitionInitializedEvent>
 
+      basic-authorization: true #开启basic认证
 
       sync: true # 自动同步权限信息到数据库
 
       jwt:
 
         id: test

+ 3 - 2
hsweb-starter/hsweb-spring-boot-starter/src/main/java/org/hswebframework/web/starter/RestControllerExceptionTranslator.java
查看文件 

@@ -36,6 +36,7 @@ import org.springframework.web.bind.annotation.ResponseBody;
 
 import org.springframework.web.bind.annotation.ResponseStatus;
 
 import org.springframework.web.bind.annotation.RestControllerAdvice;
 
 
+import javax.servlet.http.HttpServletResponse;
 
 import java.sql.SQLException;
 
 import java.util.List;
 
 
@@ -80,7 +81,7 @@ public class RestControllerExceptionTranslator {
 
     @ExceptionHandler(UnAuthorizedException.class)
 
     @ResponseStatus(HttpStatus.UNAUTHORIZED)
 
     @ResponseBody
 
-    ResponseMessage handleException(UnAuthorizedException exception) {
 
+    ResponseMessage handleException(UnAuthorizedException exception, HttpServletResponse response) {
 
         return ResponseMessage.error(401, exception.getMessage()).result(exception.getState());
 
     }
 
 
@@ -125,7 +126,7 @@ public class RestControllerExceptionTranslator {
 
     @ResponseBody
 
     ResponseMessage handleException(SQLException exception) {
 
         logger.error(exception.getMessage(), exception);
 
-        return ResponseMessage.error(500,"服务器内部错误");
 
+        return ResponseMessage.error(500, "服务器内部错误");
 
     }

+ 10 - 4
hsweb-system/hsweb-system-authorization/hsweb-system-authorization-starter/src/main/java/org/hswebframework/web/authorization/starter/BasicAuthorizationTokenParser.java
查看文件 

@@ -4,6 +4,7 @@ import lombok.extern.slf4j.Slf4j;
 
 import org.apache.commons.codec.binary.Base64;
 
 import org.hswebframework.web.authorization.basic.web.AuthorizedToken;
 
 import org.hswebframework.web.authorization.basic.web.ParsedToken;
 
+import org.hswebframework.web.authorization.basic.web.UserTokenForTypeParser;
 
 import org.hswebframework.web.authorization.basic.web.UserTokenParser;
 
 import org.hswebframework.web.authorization.token.UserToken;
 
 import org.hswebframework.web.authorization.token.UserTokenManager;
 
@@ -12,12 +13,17 @@ import org.hswebframework.web.service.authorization.UserService;
 
 
 import javax.servlet.http.HttpServletRequest;
 
 
-public class BasicAuthorizationTokenParser implements UserTokenParser {
 
+public class BasicAuthorizationTokenParser implements UserTokenForTypeParser {
 
 
     private UserService userService;
 
 
     private UserTokenManager userTokenManager;
 
 
+    @Override
 
+    public String getTokenType() {
 
+        return "basic";
 
+    }
 
+
 
     public BasicAuthorizationTokenParser(UserService userService, UserTokenManager userTokenManager) {
 
         this.userService = userService;
 
         this.userTokenManager = userTokenManager;
 
@@ -31,7 +37,7 @@ public class BasicAuthorizationTokenParser implements UserTokenParser {
 
         }
 
         if (authorization.contains(" ")) {
 
             String[] info = authorization.split("[ ]");
 
-            if (info[0].equalsIgnoreCase("Basic")) {
 
+            if (info[0].equalsIgnoreCase(getTokenType())) {
 
                 authorization = info[1];
 
             }
 
         }
 
@@ -47,7 +53,7 @@ public class BasicAuthorizationTokenParser implements UserTokenParser {
 
 
                     @Override
 
                     public String getType() {
 
-                        return "basic";
 
+                        return getTokenType();
 
                     }
 
                 };
 
             }
 
@@ -68,7 +74,7 @@ public class BasicAuthorizationTokenParser implements UserTokenParser {
 
 
                         @Override
 
                         public String getType() {
 
-                            return "basic";
 
+                            return getTokenType();
 
                         }
 
 
                         @Override