优化权限

hsweb-authorization/hsweb-authorization-api/pom.xml

@@ -35,12 +35,6 @@
             <artifactId>spring-webmvc</artifactId>
             <optional>true</optional>
         </dependency>
-        <dependency>
-            <groupId>org.hswebframework.web</groupId>
-            <artifactId>hsweb-commons-controller</artifactId>
-            <version>${project.version}</version>
-            <optional>true</optional>
-        </dependency>
         <dependency>
             <groupId>io.swagger</groupId>
             <artifactId>swagger-annotations</artifactId>

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/listener/event/AuthorizationFailedEvent.java

@@ -59,6 +59,9 @@ public class AuthorizationFailedEvent extends AbstractAuthorizationEvent {
     }
 
     public enum Reason {
-        PASSWORD_ERROR, USER_DISABLED, USER_NOT_EXISTS, OTHER
+        PASSWORD_ERROR,
+        USER_DISABLED,
+        USER_NOT_EXISTS,
+        OTHER
     }
 }

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/simple/DefaultAuthorizationAutoConfiguration.java

@@ -3,7 +3,6 @@ package org.hswebframework.web.authorization.simple;
 import org.hswebframework.web.authorization.Authentication;
 import org.hswebframework.web.authorization.AuthenticationHolder;
 import org.hswebframework.web.authorization.AuthenticationManager;
-import org.hswebframework.web.authorization.AuthenticationSupplier;
 import org.hswebframework.web.authorization.builder.AuthenticationBuilderFactory;
 import org.hswebframework.web.authorization.builder.DataAccessConfigBuilderFactory;
 import org.hswebframework.web.authorization.simple.builder.DataAccessConfigConvert;
@@ -12,7 +11,6 @@ import org.hswebframework.web.authorization.simple.builder.SimpleDataAccessConfi
 import org.hswebframework.web.authorization.token.DefaultUserTokenManager;
 import org.hswebframework.web.authorization.token.UserTokenAuthenticationSupplier;
 import org.hswebframework.web.authorization.token.UserTokenManager;
-import org.hswebframework.web.authorization.web.UserTokenController;
 import org.hswebframework.web.convert.CustomMessageConverter;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
@@ -47,12 +45,6 @@ public class DefaultAuthorizationAutoConfiguration {
         return supplier;
     }
 
-    @Bean
-    @ConditionalOnBean({AuthenticationManager.class})
-    public UserTokenController userTokenController() {
-        return new UserTokenController();
-    }
-
     @Bean
     @ConditionalOnMissingBean(DataAccessConfigBuilderFactory.class)
     @ConfigurationProperties(prefix = "hsweb.authorization.data-access", ignoreInvalidFields = true)

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/simple/builder/SimpleDataAccessConfigBuilder.java

@@ -39,10 +39,14 @@ public class SimpleDataAccessConfigBuilder implements DataAccessConfigBuilder {
         Objects.requireNonNull(type);
         Objects.requireNonNull(action);
 
+        if (config == null) {
+            config = json;
+        }
+        String finalConfig = config;
 
         return converts.stream()
-                .filter(convert -> convert.isSupport(type, action, config))
-                .map(convert -> convert.convert(type, action, config))
+                .filter(convert -> convert.isSupport(type, action, finalConfig))
+                .map(convert -> convert.convert(type, action, finalConfig))
                 .findFirst()
                 .orElse(null);
     }

hsweb-authorization/hsweb-authorization-api/src/test/java/org/hswebframework/web/authorization/AuthenticationTests.java

@@ -43,7 +43,7 @@ public class AuthenticationTests {
         Authentication authentication = builder.user("{\"id\":\"admin\",\"username\":\"admin\",\"name\":\"Administrator\",\"type\":\"default\"}")
                 .role("[{\"id\":\"admin-role\",\"name\":\"admin\"}]")
                 .permission("[{\"id\":\"user-manager\",\"actions\":[\"query\",\"get\",\"update\"]" +
-                        ",\"dataAccesses\":[{\"action\":\"query\",\"field\":\"test\",\"config\":{\"fields\":[\"1\",\"2\",\"3\"]},\"scopeType\":\"CUSTOM_SCOPE\",\"type\":\"DENY_FIELDS\"}]}]")
+                        ",\"dataAccesses\":[{\"action\":\"query\",\"field\":\"test\",\"fields\":[\"1\",\"2\",\"3\"],\"scopeType\":\"CUSTOM_SCOPE\",\"type\":\"DENY_FIELDS\"}]}]")
                 .build();
 
         //test user
@@ -54,7 +54,7 @@ public class AuthenticationTests {
 
         //test role
         assertNotNull(authentication.getRole("admin-role").orElse(null));
-        assertEquals(authentication.getRole("admin-role").orElse(null).getName(), "admin");
+        assertEquals(authentication.getRole("admin-role").get().getName(), "admin");
         assertTrue(authentication.hasRole("admin-role"));
 
 

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-controller/src/main/java/org/hswebframework/web/controller/authorization/AuthorizationController.java

@@ -22,6 +22,7 @@ import io.swagger.annotations.ApiOperation;
 import io.swagger.annotations.ApiParam;
 import org.hswebframework.web.BusinessException;
 import org.hswebframework.web.NotFoundException;
+import org.hswebframework.web.WebUtil;
 import org.hswebframework.web.authorization.Authentication;
 import org.hswebframework.web.authorization.AuthenticationManager;
 import org.hswebframework.web.authorization.annotation.Authorize;
@@ -35,10 +36,12 @@ import org.slf4j.Logger;
 import org.slf4j.LoggerFactory;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationEventPublisher;
+import org.springframework.http.MediaType;
 import org.springframework.web.bind.annotation.*;
 
 import javax.servlet.http.HttpServletRequest;
 import java.util.Map;
+import java.util.Objects;
 import java.util.function.Function;
 
 import static org.hswebframework.web.controller.message.ResponseMessage.ok;
@@ -76,36 +79,45 @@ public class AuthorizationController {
         return ok(authentication);
     }
 
-    @PostMapping(value = "/login")
-    @ApiOperation("用户名密码登录")
+
+    @PostMapping(value = "/login", consumes = MediaType.APPLICATION_JSON_VALUE)
+    @ApiOperation("用户名密码登录,json方式")
+    public ResponseMessage<Map<String, Object>> authorize(@ApiParam(example = "{\"username\":\"admin\",\"password\":\"admin\"}")
+                                                          @RequestBody Map<String, String> parameter) {
+
+        return doLogin(Objects.requireNonNull(parameter.get("username"), "用户名不能为空")
+                , Objects.requireNonNull(parameter.get("password"), "密码不能为空")
+                , parameter);
+    }
+
+    @PostMapping(value = "/login",consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE)
+    @ApiOperation("用户名密码登录,参数方式")
     public ResponseMessage<Map<String, Object>> authorize(@RequestParam @ApiParam("用户名") String username,
                                                           @RequestParam @ApiParam("密码") String password,
                                                           @ApiParam(hidden = true) HttpServletRequest request) {
 
+        return doLogin(username, password, WebUtil.getParameters(request));
+    }
+
+    protected ResponseMessage<Map<String, Object>> doLogin(String username, String password, Map<String, ?> parameter) {
         AuthorizationFailedEvent.Reason reason = AuthorizationFailedEvent.Reason.OTHER;
-        Function<String, Object> parameterGetter = request::getParameter;
+        Function<String, Object> parameterGetter = parameter::get;
         try {
             AuthorizationDecodeEvent decodeEvent = new AuthorizationDecodeEvent(username, password, parameterGetter);
             eventPublisher.publishEvent(decodeEvent);
             username = decodeEvent.getUsername();
             password = decodeEvent.getPassword();
-
             AuthorizationBeforeEvent beforeEvent = new AuthorizationBeforeEvent(username, password, parameterGetter);
             eventPublisher.publishEvent(beforeEvent);
-            UserEntity entity = userService.selectByUsername(username);
+            UserEntity entity = userService.selectByUserNameAndPassword(username, password);
             if (entity == null) {
-                reason = AuthorizationFailedEvent.Reason.USER_NOT_EXISTS;
-                throw new NotFoundException("{user_not_exists}");
+                reason = AuthorizationFailedEvent.Reason.PASSWORD_ERROR;
+                throw new NotFoundException("密码错误");
             }
             if (!DataStatus.STATUS_ENABLED.equals(entity.getStatus())) {
                 reason = AuthorizationFailedEvent.Reason.USER_DISABLED;
                 throw new BusinessException("{user_is_disabled}", 400);
             }
-            password = userService.encodePassword(password, entity.getSalt());
-            if (!entity.getPassword().equals(password)) {
-                reason = AuthorizationFailedEvent.Reason.PASSWORD_ERROR;
-                throw new BusinessException("{password_error}", 400);
-            }
             // 验证通过
             Authentication authentication = authenticationManager.getByUserId(entity.getId());
             //触发授权成功事件

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/web/UserTokenController.java

@@ -1,4 +1,4 @@
-package org.hswebframework.web.authorization.web;
+package org.hswebframework.web.controller.authorization;
 
 import io.swagger.annotations.Api;
 import io.swagger.annotations.ApiOperation;
@@ -17,12 +17,12 @@ import org.springframework.web.bind.annotation.*;
 
 import java.util.List;
 
-import static org.hswebframework.web.controller.message.ResponseMessage.*;
+import static org.hswebframework.web.controller.message.ResponseMessage.ok;
 
 @RestController
 @RequestMapping
 @Authorize(permission = "user-token", description = "用户令牌信息管理")
-@Api(tags = "用户令牌管理", value = "用户令牌管理")
+@Api(tags = "权限-用户令牌管理", value = "权限-用户令牌管理")
 public class UserTokenController {
     private UserTokenManager userTokenManager;