新增OAuth2支持

hsweb-web-core/src/main/java/org/hsweb/web/core/authorize/AopAuthorizeValidator.java

@@ -3,16 +3,19 @@ package org.hsweb.web.core.authorize;
 import org.aspectj.lang.ProceedingJoinPoint;
 import org.aspectj.lang.reflect.MethodSignature;
 import org.hsweb.web.core.authorize.annotation.Authorize;
+import org.hsweb.web.core.authorize.oauth2.OAuth2Manager;
 import org.hsweb.web.core.authorize.validator.SimpleAuthorizeValidator;
 import org.hsweb.web.bean.po.user.User;
 import org.hsweb.web.core.exception.AuthorizeException;
 import org.hsweb.web.core.session.HttpSessionManager;
 import org.hsweb.web.core.utils.AopUtils;
+import org.hsweb.web.core.utils.ThreadLocalUtils;
 import org.hsweb.web.core.utils.WebUtil;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.hsweb.commons.ClassUtils;
 import org.hsweb.commons.StringUtils;
 
+import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpSession;
 import java.util.LinkedHashMap;
 import java.util.LinkedHashSet;
@@ -26,6 +29,20 @@ import java.util.concurrent.ConcurrentMap;
  */
 public class AopAuthorizeValidator extends SimpleAuthorizeValidator {
 
+    private HttpSessionManager httpSessionManager;
+
+    private OAuth2Manager oAuth2Manager;
+
+    @Autowired
+    public void setHttpSessionManager(HttpSessionManager httpSessionManager) {
+        this.httpSessionManager = httpSessionManager;
+    }
+
+    @Autowired(required = false)
+    public void setoAuth2Manager(OAuth2Manager oAuth2Manager) {
+        this.oAuth2Manager = oAuth2Manager;
+    }
+
     protected ConcurrentMap<String, AuthorizeValidatorConfig> configCache = new ConcurrentHashMap<>();
 
     protected AuthorizeValidatorConfig getConfig(ProceedingJoinPoint pjp) {
@@ -54,20 +71,29 @@ public class AopAuthorizeValidator extends SimpleAuthorizeValidator {
         return config;
     }
 
-    private HttpSessionManager httpSessionManager;
-
-    @Autowired
-    public void setHttpSessionManager(HttpSessionManager httpSessionManager) {
-        this.httpSessionManager = httpSessionManager;
-    }
-
     public boolean validate(ProceedingJoinPoint pjp) {
         AuthorizeValidatorConfig config = getConfig(pjp);
         if (config == null) return true;
-        HttpSession session = WebUtil.getHttpServletRequest().getSession(false);
-        if (session == null) throw new AuthorizeException("未登录", 401);
-        User user = httpSessionManager.getUserBySessionId(session.getId());
-        if (user == null) throw new AuthorizeException("未登录", 401);
+        User user = null;
+        HttpServletRequest request = WebUtil.getHttpServletRequest();
+        //api OAuth2 认证
+        if (config.isApiSupport()) {
+            if (oAuth2Manager != null) {
+                String token = oAuth2Manager.getAccessTokenByRequest(request);
+                if (token != null) {
+                    user = oAuth2Manager.getUserByAccessToken(token);
+                    if (user == null) {
+                        throw new AuthorizeException("invalid_token", 401);
+                    }
+                }
+            }
+        }
+        if (user == null) {
+            HttpSession session = request.getSession(false);
+            if (session == null) throw new AuthorizeException("未登录", 401);
+            user = httpSessionManager.getUserBySessionId(session.getId());
+            if (user == null) throw new AuthorizeException("未登录", 401);
+        }
         if (config.isEmpty()) return true;
         Map<String, Object> param = new LinkedHashMap<>();
         MethodSignature signature = (MethodSignature) pjp.getSignature();

hsweb-web-core/src/main/java/org/hsweb/web/core/authorize/oauth2/OAuth2Manager.java

@@ -0,0 +1,33 @@
+/*
+ * Copyright 2015-2016 http://hsweb.me
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.hsweb.web.core.authorize.oauth2;
+
+import org.hsweb.web.bean.po.user.User;
+
+import javax.servlet.http.HttpServletRequest;
+
+public interface OAuth2Manager {
+    String getAccessTokenByRequest(HttpServletRequest request);
+
+    User getUserByAccessToken(String accessToken);
+
+    default User getUserByRequest(HttpServletRequest request) {
+        String token = getAccessTokenByRequest(request);
+        if (token == null) return null;
+        return getUserByAccessToken(token);
+    }
+}

hsweb-web-core/src/main/java/org/hsweb/web/core/authorize/oauth2/OAuth2ManagerHolder.java

@@ -0,0 +1,46 @@
+/*
+ * Copyright 2015-2016 http://hsweb.me
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.hsweb.web.core.authorize.oauth2;
+
+import org.hsweb.web.core.authorize.annotation.Authorize;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.stereotype.Component;
+
+import javax.annotation.PostConstruct;
+
+/**
+ * @author zhouhao
+ * @TODO
+ */
+@Component
+public class OAuth2ManagerHolder {
+
+    @Autowired(required = false)
+    private OAuth2Manager oAuth2Manager;
+
+    public static OAuth2Manager target;
+
+    public static final OAuth2Manager getManager() {
+        return target;
+    }
+
+    @PostConstruct
+    public void init() {
+        if (target == null && oAuth2Manager != null)
+            target = oAuth2Manager;
+    }
+}

hsweb-web-core/src/main/java/org/hsweb/web/core/utils/WebUtil.java

@@ -1,6 +1,8 @@
 package org.hsweb.web.core.utils;
 
 import org.hsweb.web.bean.po.user.User;
+import org.hsweb.web.core.authorize.oauth2.OAuth2Manager;
+import org.hsweb.web.core.authorize.oauth2.OAuth2ManagerHolder;
 import org.springframework.web.context.request.RequestContextHolder;
 import org.springframework.web.context.request.ServletRequestAttributes;
 
@@ -61,7 +63,13 @@ public class WebUtil {
     public static User getLoginUser(HttpServletRequest request) {
         if (request == null) return null;
         HttpSession session = request.getSession(false);
-        if (session == null) return null;
+        if (session == null) {
+            OAuth2Manager manager = OAuth2ManagerHolder.getManager();
+            if (manager != null) {
+                return manager.getUserByRequest(request);
+            }
+            return null;
+        }
         return getLoginUser(session);
     }