优化权限逻辑

hsweb-authorization/hsweb-authorization-api/pom.xml

@@ -30,6 +30,15 @@
             <artifactId>spring-boot-starter</artifactId>
             <optional>true</optional>
         </dependency>
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-webmvc</artifactId>
+            <optional>true</optional>
+        </dependency>
+        <dependency>
+            <groupId>io.swagger</groupId>
+            <artifactId>swagger-annotations</artifactId>
+        </dependency>
         <dependency>
             <groupId>javax.servlet</groupId>
             <artifactId>servlet-api</artifactId>

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/simple/DefaultAuthorizationAutoConfiguration.java

@@ -12,6 +12,7 @@ import org.hswebframework.web.authorization.simple.builder.SimpleDataAccessConfi
 import org.hswebframework.web.authorization.token.DefaultUserTokenManager;
 import org.hswebframework.web.authorization.token.UserTokenAuthenticationSupplier;
 import org.hswebframework.web.authorization.token.UserTokenManager;
+import org.hswebframework.web.authorization.web.UserTokenController;
 import org.hswebframework.web.convert.CustomMessageConverter;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
@@ -41,11 +42,17 @@ public class DefaultAuthorizationAutoConfiguration {
     @Bean
     @ConditionalOnBean(AuthenticationManager.class)
     public UserTokenAuthenticationSupplier userTokenAuthenticationSupplier(AuthenticationManager authenticationManager) {
-        UserTokenAuthenticationSupplier supplier= new UserTokenAuthenticationSupplier(authenticationManager);
+        UserTokenAuthenticationSupplier supplier = new UserTokenAuthenticationSupplier(authenticationManager);
         AuthenticationHolder.addSupplier(supplier);
         return supplier;
     }
 
+    @Bean
+    @ConditionalOnBean({AuthenticationManager.class})
+    public UserTokenController userTokenController() {
+        return new UserTokenController();
+    }
+
     @Bean
     @ConditionalOnMissingBean(DataAccessConfigBuilderFactory.class)
     @ConfigurationProperties(prefix = "hsweb.authorization.data-access", ignoreInvalidFields = true)

hsweb-authorization/hsweb-authorization-cloud/src/main/java/org/hswebframework/web/authorization/cloud/server/UserTokenController.java

@@ -1,9 +1,14 @@
-package org.hswebframework.web.authorization.cloud.server;
+package org.hswebframework.web.authorization.web;
 
+import io.swagger.annotations.Api;
+import io.swagger.annotations.ApiOperation;
 import org.hswebframework.web.authorization.Authentication;
 import org.hswebframework.web.authorization.AuthenticationManager;
+import org.hswebframework.web.authorization.Permission;
+import org.hswebframework.web.authorization.annotation.Authorize;
 import org.hswebframework.web.authorization.token.TokenState;
 import org.hswebframework.web.authorization.token.UserToken;
+import org.hswebframework.web.authorization.token.UserTokenHolder;
 import org.hswebframework.web.authorization.token.UserTokenManager;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Lazy;
@@ -13,6 +18,8 @@ import java.util.List;
 
 @RestController
 @RequestMapping
+@Authorize(permission = "user-token", description = "用户令牌信息管理")
+@Api(tags = "用户令牌管理", value = "用户令牌管理")
 public class UserTokenController {
     private UserTokenManager userTokenManager;
 
@@ -30,72 +37,119 @@ public class UserTokenController {
         this.authenticationManager = authenticationManager;
     }
 
+    @GetMapping("/user-token/reset")
+    @Authorize(merge = false)
+    @ApiOperation("重置当前用户的令牌")
+    public boolean resetToken() {
+        UserToken token = UserTokenHolder.currentToken();
+        if (token != null) {
+            userTokenManager.signOutByToken(token.getToken());
+        }
+        return true;
+    }
+
+    @PutMapping("/user-token/check")
+    @ApiOperation("检查所有已过期的token并移除")
+    @Authorize(action = Permission.ACTION_UPDATE)
+    public boolean checkExpiredToken() {
+        userTokenManager.checkExpiredToken();
+        return true;
+    }
+
     @GetMapping("/user-token/token/{token}")
+    @ApiOperation("根据token获取令牌信息")
+    @Authorize(action = Permission.ACTION_GET)
     public UserToken getByToken(@PathVariable String token) {
         return userTokenManager.getByToken(token);
     }
 
     @GetMapping("/user-token/user/{userId}")
+    @ApiOperation("根据用户ID获取全部令牌信息")
+    @Authorize(action = Permission.ACTION_GET)
     public List<UserToken> getByUserId(@PathVariable String userId) {
         return userTokenManager.getByUserId(userId);
     }
 
     @GetMapping("/user-token/user/{userId}/logged")
+    @ApiOperation("根据用户ID判断用户是否已经登录")
+    @Authorize(action = Permission.ACTION_GET)
     public boolean userIsLoggedIn(@PathVariable String userId) {
         return userTokenManager.userIsLoggedIn(userId);
     }
 
     @GetMapping("/user-token/token/{token}/logged")
+    @ApiOperation("根据令牌判断用户是否已经登录")
+    @Authorize(action = Permission.ACTION_GET)
     public boolean tokenIsLoggedIn(@PathVariable String token) {
         return userTokenManager.tokenIsLoggedIn(token);
     }
 
     @GetMapping("/user-token/user/total")
+    @ApiOperation("获取当前已经登录的用户数量")
+    @Authorize(action = Permission.ACTION_GET)
     public long totalUser() {
         return userTokenManager.totalUser();
     }
 
     @GetMapping("/user-token/token/total")
+    @ApiOperation("获取当前已经登录的令牌数量")
+    @Authorize(action = Permission.ACTION_GET)
     public long totalToken() {
         return userTokenManager.totalToken();
     }
 
-    @GetMapping("/user-token}")
+    @GetMapping("/user-token")
+    @ApiOperation("获取全部用户令牌信息")
+    @Authorize(action = Permission.ACTION_GET)
     public List<UserToken> allLoggedUser() {
         return userTokenManager.allLoggedUser();
     }
 
     @DeleteMapping("/user-token/user/{userId}")
+    @ApiOperation("根据用户id将用户踢下线")
+    @Authorize(action = Permission.ACTION_UPDATE)
     public void signOutByUserId(@PathVariable String userId) {
         userTokenManager.signOutByUserId(userId);
     }
 
     @DeleteMapping("/user-token/token/{token}")
+    @ApiOperation("根据令牌将用户踢下线")
+    @Authorize(action = Permission.ACTION_UPDATE)
     public void signOutByToken(@PathVariable String token) {
         userTokenManager.signOutByToken(token);
     }
 
     @PutMapping("/user-token/user/{userId}/{state}")
+    @ApiOperation("根据用户id更新用户令牌状态")
+    @Authorize(action = Permission.ACTION_UPDATE)
     public void changeUserState(@PathVariable String userId, @PathVariable TokenState state) {
         userTokenManager.changeUserState(userId, state);
     }
 
     @PutMapping("/user-token/token/{token}/{state}")
-    public void changeTokenState(String token, TokenState state) {
+    @ApiOperation("根据令牌更新用户令牌状态")
+    @Authorize(action = Permission.ACTION_UPDATE)
+    public void changeTokenState(@PathVariable String token, @PathVariable TokenState state) {
         userTokenManager.changeTokenState(token, state);
     }
 
     @PostMapping("/user-token/{token}/{type}/{userId}/{maxInactiveInterval}")
+    @ApiOperation("将用户设置为登录")
+    @Authorize(action = Permission.ACTION_ADD)
     public UserToken signIn(@PathVariable String token, @PathVariable String type, @PathVariable String userId, @PathVariable long maxInactiveInterval) {
         return userTokenManager.signIn(token, type, userId, maxInactiveInterval);
     }
 
     @GetMapping("/user-token/{token}/touch")
+    @ApiOperation("更新token有效期")
+    @Authorize(action = Permission.ACTION_UPDATE)
     public void touch(@PathVariable String token) {
         userTokenManager.touch(token);
     }
 
     @GetMapping("/user-auth/{userId}")
+    @ApiOperation("根据用户id获取用户的权限信息")
+    @Authorize(action = Permission.ACTION_GET)
     public Authentication userAuthInfo(@PathVariable String userId) {
         return authenticationManager.getByUserId(userId);
     }

hsweb-authorization/hsweb-authorization-cloud/pom.xml

@@ -23,6 +23,17 @@
             <version>1.3.1.RELEASE</version>
             <optional>true</optional>
         </dependency>
+        <dependency>
+            <groupId>org.springframework.cloud</groupId>
+            <artifactId>spring-cloud-starter-feign</artifactId>
+            <version>1.3.1.RELEASE</version>
+            <optional>true</optional>
+        </dependency>
+        <dependency>
+            <groupId>org.hswebframework.web</groupId>
+            <artifactId>hsweb-authorization-oauth2-client</artifactId>
+            <version>${project.version}</version>
+        </dependency>
         <dependency>
             <groupId>org.springframework</groupId>
             <artifactId>spring-web</artifactId>

hsweb-authorization/hsweb-authorization-cloud/src/main/java/org/hswebframework/web/authorization/cloud/AuthorizationServerAutoConfiguration.java

@@ -1,7 +1,5 @@
 package org.hswebframework.web.authorization.cloud;
 
-import org.hswebframework.web.authorization.cloud.server.UserTokenController;
-import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 
 /**
@@ -11,8 +9,4 @@ import org.springframework.context.annotation.Configuration;
 @Configuration
 public class AuthorizationServerAutoConfiguration {
 
-    @Bean
-    public UserTokenController userTokenController() {
-        return new UserTokenController();
-    }
 }

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-controller/src/main/java/org/hswebframework/web/controller/authorization/UserTokenInfoController.java

@@ -15,10 +15,11 @@ import org.springframework.web.bind.annotation.*;
 
 import java.util.List;
 
-@RestController
-@RequestMapping("${hsweb.web.mappings.user-token:user-token}")
-@Api(value = "用户令牌", tags = "权限-用户令牌管理")
-@Authorize(permission = "user-token", description = "用户令牌管理")
+//@RestController
+//@RequestMapping("${hsweb.web.mappings.user-token:user-token}")
+//@Api(value = "用户令牌", tags = "权限-用户令牌管理")
+//@Authorize(permission = "user-token", description = "用户令牌管理")
+@Deprecated
 public class UserTokenInfoController {
 
     @Autowired
@@ -49,6 +50,14 @@ public class UserTokenInfoController {
         return ResponseMessage.ok(true);
     }
 
+    @PutMapping("/check")
+    @ApiOperation("检查所有已过期的token并移除")
+    @Authorize(action = Permission.ACTION_UPDATE)
+    public ResponseMessage<Void> checkExpiredToken() {
+        userTokenManager.checkExpiredToken();
+        return ResponseMessage.ok();
+    }
+
     @GetMapping("/token/all")
     @ApiOperation("获取所有令牌")
     @Authorize(action = Permission.ACTION_GET)
@@ -73,12 +82,5 @@ public class UserTokenInfoController {
         return ResponseMessage.ok();
     }
 
-    @PutMapping("/check")
-    @ApiOperation("检查所有已过期的token并移除")
-    @Authorize(action = Permission.ACTION_UPDATE)
-    public ResponseMessage<Void> checkExpiredToken() {
-        userTokenManager.checkExpiredToken();
-        return ResponseMessage.ok();
-    }
 
 }