优化权限获取逻辑

hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/AutoSyncAuthenticationSupplier.java

@@ -21,11 +21,11 @@ package org.hswebframework.web.authorization.shiro;
 import org.apache.shiro.SecurityUtils;
 import org.hswebframework.web.ThreadLocalUtils;
 import org.hswebframework.web.authorization.*;
+import org.springframework.beans.factory.annotation.Autowired;
 
 import java.io.Serializable;
 import java.util.List;
 import java.util.Map;
-import java.util.Objects;
 import java.util.Optional;
 
 /**
@@ -41,10 +41,16 @@ public class AutoSyncAuthenticationSupplier implements AuthenticationSupplier {
     private AuthenticationManager authenticationManager;
 
     public AutoSyncAuthenticationSupplier(AuthenticationManager authenticationManager) {
-        Objects.requireNonNull(authenticationManager);
         this.authenticationManager = authenticationManager;
     }
 
+    @Override
+    public Authentication get(String userId) {
+        Authentication nativeAuth = getNative(userId);
+        if (null == nativeAuth) return null;
+        return new AutoSyncAuthentication(nativeAuth);
+    }
+
     @Override
     public Authentication get() {
         Authentication nativeAuth = getNative();
@@ -52,13 +58,17 @@ public class AutoSyncAuthenticationSupplier implements AuthenticationSupplier {
         return new AutoSyncAuthentication(nativeAuth);
     }
 
+    protected Authentication getNative(String userId) {
+        return ThreadLocalUtils.get(Authentication.class.getName(), () -> authenticationManager.getByUserId(userId));
+    }
+
     protected Authentication getNative() {
         //未授权并且未记住登录
         if (!SecurityUtils.getSubject().isAuthenticated() && !SecurityUtils.getSubject().isRemembered()) return null;
         String id = (String) SecurityUtils.getSubject().getPrincipal();
         if (null == id) return null;
         // ThreadLocal cache
-        return ThreadLocalUtils.get(Authentication.class.getName(), () -> authenticationManager.getByUserId(id));
+        return getNative(id);
     }
 
     protected void sync(Authentication authentication) {

hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/ListenerAuthorizingRealm.java

@@ -30,12 +30,11 @@ import org.apache.shiro.realm.AuthorizingRealm;
 import org.apache.shiro.subject.PrincipalCollection;
 import org.apache.shiro.subject.Subject;
 import org.hswebframework.web.authorization.Authentication;
-import org.hswebframework.web.authorization.AuthenticationManager;
+import org.hswebframework.web.authorization.AuthenticationHolder;
 import org.hswebframework.web.authorization.Role;
 import org.hswebframework.web.authorization.listener.AuthorizationListener;
 import org.hswebframework.web.authorization.listener.event.AuthorizationSuccessEvent;
 
-import java.util.Objects;
 import java.util.stream.Collectors;
 
 /**
@@ -43,20 +42,15 @@ import java.util.stream.Collectors;
  */
 public class ListenerAuthorizingRealm extends AuthorizingRealm
         implements AuthorizationListener<AuthorizationSuccessEvent> {
-    private AuthenticationManager authenticationManager;
 
-
-    public ListenerAuthorizingRealm(AuthenticationManager authenticationManager) {
-        Objects.requireNonNull(authenticationManager);
-        this.authenticationManager=authenticationManager;
+    public ListenerAuthorizingRealm() {
         setAuthenticationTokenClass(SimpleAuthenticationToken.class);
     }
 
-
     @Override
     protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
         String loginUserId = (String) super.getAvailablePrincipal(principals);
-        return createAuthorizationInfo(authenticationManager.getByUserId(loginUserId));
+        return createAuthorizationInfo(AuthenticationHolder.get(loginUserId));
     }
 
     @Override

hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/ShiroAutoConfiguration.java

@@ -23,17 +23,14 @@ import org.apache.shiro.authz.UnauthenticatedException;
 import org.apache.shiro.cache.CacheManager;
 import org.apache.shiro.cache.MemoryConstrainedCacheManager;
 import org.apache.shiro.mgt.DefaultSecurityManager;
-import org.apache.shiro.mgt.RememberMeManager;
 import org.apache.shiro.mgt.SecurityManager;
 import org.apache.shiro.realm.AuthorizingRealm;
 import org.apache.shiro.session.mgt.DefaultSessionManager;
 import org.apache.shiro.spring.LifecycleBeanPostProcessor;
 import org.apache.shiro.spring.web.ShiroFilterFactoryBean;
-import org.apache.shiro.web.mgt.CookieRememberMeManager;
 import org.apache.shiro.web.mgt.DefaultWebSecurityManager;
 import org.hswebframework.web.authorization.AuthenticationHolder;
 import org.hswebframework.web.authorization.AuthenticationManager;
-import org.hswebframework.web.authorization.AuthenticationSupplier;
 import org.hswebframework.web.authorization.access.DataAccessController;
 import org.hswebframework.web.authorization.access.DataAccessHandler;
 import org.hswebframework.web.authorization.access.FieldAccessController;
@@ -91,13 +88,20 @@ public class ShiroAutoConfiguration {
 
     @Bean
     @Order(Ordered.LOWEST_PRECEDENCE)
-    public ListenerAuthorizingRealm listenerAuthorizingRealm(CacheManager cacheManager,
-                                                             AuthenticationManager authenticationManager) {
-        ListenerAuthorizingRealm realm = new ListenerAuthorizingRealm(authenticationManager);
+    public ListenerAuthorizingRealm listenerAuthorizingRealm(CacheManager cacheManager) {
+        ListenerAuthorizingRealm realm = new ListenerAuthorizingRealm();
         realm.setCacheManager(cacheManager);
         return realm;
     }
 
+    @Bean
+    @ConditionalOnMissingBean
+    public AutoSyncAuthenticationSupplier authorizationSupplier(AuthenticationManager authenticationManager) {
+        AutoSyncAuthenticationSupplier syncAuthenticationSupplier = new AutoSyncAuthenticationSupplier(authenticationManager);
+        AuthenticationHolder.setSupplier(syncAuthenticationSupplier);
+        return syncAuthenticationSupplier;
+    }
+
     @Bean
     public LoginExitListener loginExitListener(ListenerAuthorizingRealm listenerAuthorizingRealm) {
         return new LoginExitListener(listenerAuthorizingRealm);
@@ -157,14 +161,6 @@ public class ShiroAutoConfiguration {
         return advisor;
     }
 
-    @Bean
-    @ConditionalOnMissingBean
-    public AuthenticationSupplier authorizationSupplier(AuthenticationManager authenticationManager) {
-        AutoSyncAuthenticationSupplier syncAuthenticationSupplier = new AutoSyncAuthenticationSupplier(authenticationManager);
-        AuthenticationHolder.setSupplier(syncAuthenticationSupplier);
-        return syncAuthenticationSupplier;
-    }
-
     @Bean(name = "shiroFilter")
     public ShiroFilterFactoryBean shiroFilterFactoryBean(DefaultWebSecurityManager securityManager) {
         ShiroFilterFactoryBean shiroFilterFactoryBean = new ShiroFilterFactoryBean();

hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/boost/BoostAuthorizationAttributeSourceAdvisor.java

@@ -17,6 +17,7 @@
 
 package org.hswebframework.web.authorization.shiro.boost;
 
+import org.aopalliance.intercept.MethodInvocation;
 import org.apache.shiro.aop.AnnotationResolver;
 import org.apache.shiro.authz.annotation.*;
 import org.apache.shiro.mgt.SecurityManager;
@@ -30,6 +31,7 @@ import org.hswebframework.web.authorization.annotation.Authorize;
 import org.hswebframework.web.authorization.annotation.RequiresDataAccess;
 import org.hswebframework.web.authorization.annotation.RequiresExpression;
 import org.hswebframework.web.authorization.annotation.RequiresFieldAccess;
+import org.hswebframework.web.boost.aop.context.MethodInterceptorHolder;
 import org.springframework.aop.support.StaticMethodMatcherPointcutAdvisor;
 import org.springframework.core.Ordered;
 import org.springframework.core.annotation.AnnotationUtils;
@@ -69,7 +71,14 @@ public class BoostAuthorizationAttributeSourceAdvisor extends StaticMethodMatche
      */
     public BoostAuthorizationAttributeSourceAdvisor(DataAccessController dataAccessController,
                                                     FieldAccessController fieldAccessController) {
-        AopAllianceAnnotationsAuthorizingMethodInterceptor interceptor = new AopAllianceAnnotationsAuthorizingMethodInterceptor();
+        AopAllianceAnnotationsAuthorizingMethodInterceptor interceptor =
+                new AopAllianceAnnotationsAuthorizingMethodInterceptor() {
+                    @Override
+                    public Object invoke(MethodInvocation methodInvocation) throws Throwable {
+                        MethodInterceptorHolder.create(methodInvocation).set();
+                        return super.invoke(methodInvocation);
+                    }
+                };
         AnnotationResolver resolver = new SpringAnnotationResolver();
         // @RequiresExpression support
         interceptor.getMethodInterceptors().add(new ExpressionAnnotationMethodInterceptor(resolver));