优化权限管理

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-controller/pom.xml

@@ -0,0 +1,54 @@
+<?xml version="1.0" encoding="UTF-8"?>
+<!--
+  ~ Copyright 2016 http://www.hswebframework.org
+  ~
+  ~ Licensed under the Apache License, Version 2.0 (the "License");
+  ~ you may not use this file except in compliance with the License.
+  ~ You may obtain a copy of the License at
+  ~
+  ~       http://www.apache.org/licenses/LICENSE-2.0
+  ~
+  ~ Unless required by applicable law or agreed to in writing, software
+  ~ distributed under the License is distributed on an "AS IS" BASIS,
+  ~  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+  ~  See the License for the specific language governing permissions and
+  ~  limitations under the License.
+  ~
+  -->
+
+<project xmlns="http://maven.apache.org/POM/4.0.0"
+         xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
+         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/xsd/maven-4.0.0.xsd">
+    <parent>
+        <artifactId>hsweb-system-authorization</artifactId>
+        <groupId>org.hswebframework.web</groupId>
+        <version>3.0-SNAPSHOT</version>
+    </parent>
+    <modelVersion>4.0.0</modelVersion>
+
+    <artifactId>hsweb-system-authorization-controller</artifactId>
+
+    <dependencies>
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>servlet-api</artifactId>
+            <version>2.5</version>
+            <optional>true</optional>
+        </dependency>
+        <dependency>
+            <groupId>org.hswebframework</groupId>
+            <artifactId>hsweb-expands-security</artifactId>
+            <version>3.0.0-SNAPSHOT</version>
+        </dependency>
+        <dependency>
+            <groupId>org.hswebframework.web</groupId>
+            <artifactId>hsweb-system-authorization-service-api</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+        <dependency>
+            <groupId>org.hswebframework.web</groupId>
+            <artifactId>hsweb-commons-controller</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+    </dependencies>
+</project>

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-controller/src/main/java/org/hswebframework/web/controller/authorization/AuthorizationController.java

@@ -0,0 +1,181 @@
+/*
+ * Copyright 2016 http://www.hswebframework.org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+package org.hswebframework.web.controller.authorization;
+
+import org.apache.commons.codec.binary.Base64;
+import org.hswebframework.expands.security.Encrypt;
+import org.hswebframework.expands.security.rsa.RSAEncrypt;
+import org.hswebframework.expands.security.rsa.RSAPrivateEncrypt;
+import org.hswebframework.web.BusinessException;
+import org.hswebframework.web.NotFoundException;
+import org.hswebframework.web.authorization.Authorization;
+import org.hswebframework.web.authorization.listener.UserAuthorizationConfigRegister;
+import org.hswebframework.web.authorization.listener.UserAuthorizationListener;
+import org.hswebframework.web.controller.message.ResponseMessage;
+import org.hswebframework.web.entity.authorization.UserEntity;
+import org.hswebframework.web.logging.AccessLogger;
+import org.hswebframework.web.service.AbstractService;
+import org.hswebframework.web.service.authorization.UserService;
+import org.hswebframework.web.service.authorization.VerifyCode;
+import org.hswebframework.web.service.authorization.VerifyCodeGenerator;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.beans.factory.annotation.Value;
+import org.springframework.http.MediaType;
+import org.springframework.web.bind.annotation.*;
+
+import javax.servlet.http.HttpServletResponse;
+import javax.servlet.http.HttpSession;
+import java.io.IOException;
+import java.util.Date;
+import java.util.List;
+
+import static org.hswebframework.web.controller.message.ResponseMessage.ok;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+@RestController
+@RequestMapping("${hsweb.web.mappings.authorize:authorize}")
+@AccessLogger("授权")
+public class AuthorizationController {
+
+    private static final String RSA_PRIVATE_KEY_NAME  = "RSA_PRIVATE_KEY";
+    private static final String VERIFY_CODE_NAME      = "VERIFY_CODE";
+    private static final String NEED_VERIFY_CODE_NAME = "NEED_VERIFY_CODE";
+
+    @Autowired(required = false)
+    private VerifyCodeGenerator verifyCodeGenerator;
+
+    @Autowired
+    private UserService userService;
+
+    @Autowired(required = false)
+    private List<UserAuthorizationListener> userAuthorizationListeners;
+
+    @Value("${hsweb.web.authorize.rsa:false}")
+    private boolean useRsa = false;
+
+    private UserAuthorizationListenerAdapter listenerAdapter = new UserAuthorizationListenerAdapter();
+
+    @GetMapping(value = "/public-key")
+    @AccessLogger("获取公钥")
+    public ResponseMessage getAuthorizeToken(HttpSession session) {
+        RSAEncrypt rsaEncrypt = Encrypt.rsa();
+        String publicKey = rsaEncrypt.publicEncrypt().getKey();
+        String privateKey = rsaEncrypt.privateEncrypt().getKey();
+        session.setAttribute(RSA_PRIVATE_KEY_NAME, privateKey);
+        return ok(publicKey);
+    }
+
+    @GetMapping(value = "/verify-code")
+    @AccessLogger("获取验证码")
+    public void getVerifyCode(HttpServletResponse response, HttpSession session) throws IOException {
+        if (verifyCodeGenerator == null) throw new NotFoundException("{verify_code_not_found}");
+        response.setContentType(MediaType.APPLICATION_OCTET_STREAM_VALUE);
+        response.setHeader("Content-disposition", "attachment;filename=verify-code.png");
+        VerifyCode verifyCode = verifyCodeGenerator.generate();
+        session.setAttribute(RSA_PRIVATE_KEY_NAME, verifyCode.getCode());
+        verifyCode.write(response.getOutputStream());
+    }
+
+    @PostMapping(value = "/login")
+    @AccessLogger("授权")
+    public ResponseMessage authorize(@RequestParam String username,
+                                     @RequestParam String password,
+                                     String verifyCode,
+                                     @RequestParam(defaultValue = "false") boolean remember,
+                                     HttpSession session) {
+        try {
+            if (useRsa) {
+                String privateKey = (String) session.getAttribute(RSA_PRIVATE_KEY_NAME);
+                if (privateKey == null) throw new BusinessException("{private_key_is_null}");
+                // 解密用户名密码
+                try {
+                    RSAEncrypt rsaEncrypt = Encrypt.rsa();
+                    RSAPrivateEncrypt rsaPrivateEncrypt = rsaEncrypt.privateEncrypt(privateKey);
+                    byte[] username_data = Base64.decodeBase64(username);
+                    byte[] password_data = Base64.decodeBase64(password);
+                    username = new String(rsaPrivateEncrypt.decrypt(username_data));
+                    password = new String(rsaPrivateEncrypt.decrypt(password_data));
+                } catch (Exception e) {
+                    throw new BusinessException("{decrypt_param_error}", e, 400);
+                }
+            }
+            UserAuthorizationConfigRegister configHolder = (useVerify) -> session.setAttribute(NEED_VERIFY_CODE_NAME, useVerify);
+            listenerAdapter.onConfig(username, configHolder);
+            Object useVerifyCode = session.getAttribute(NEED_VERIFY_CODE_NAME);
+            // 尝试使用验证码验证
+            if (useVerifyCode instanceof Boolean && (Boolean) useVerifyCode) {
+                String realVerifyCode = (String) session.getAttribute(VERIFY_CODE_NAME);
+                if (realVerifyCode == null || !realVerifyCode.equalsIgnoreCase(verifyCode)) {
+                    throw new BusinessException("{verify_code_error}");
+                }
+            }
+            listenerAdapter.onAuthorizeBefore(username);
+            UserEntity entity = userService.selectByUsername(username);
+            AbstractService.assertNotNull(entity, "{user_not_exists}");
+            if (!entity.isEnabled()) {
+                throw new BusinessException("{user_is_disabled}", 400);
+            }
+            password = userService.encodePassword(password, entity.getSalt());
+            if (!entity.getPassword().equals(password)) {
+                listenerAdapter.onAuthorizeFail(username);
+                throw new BusinessException("{password_error}", 400);
+            }
+            // TODO: 17-1-13  获取IP
+            userService.updateLoginInfo(entity.getId(), "", new Date());
+            // 验证通过
+            Authorization authorization = userService.initUserAuthorization(entity.getId());
+            listenerAdapter.onAuthorizeSuccess(remember, authorization);
+            return ok(authorization.getPermissions());
+        } finally {
+            //无论如何都清空验证码和私钥
+            session.removeAttribute(VERIFY_CODE_NAME);
+            session.removeAttribute(RSA_PRIVATE_KEY_NAME);
+        }
+    }
+
+    class UserAuthorizationListenerAdapter implements UserAuthorizationListener {
+        @Override
+        public void onConfig(String username, UserAuthorizationConfigRegister configHolder) {
+            if (userAuthorizationListeners != null)
+                userAuthorizationListeners.forEach(listener -> listener.onConfig(username, configHolder));
+        }
+
+        @Override
+        public void onAuthorizeBefore(String username) {
+            if (userAuthorizationListeners != null)
+                userAuthorizationListeners.forEach(listener -> listener.onAuthorizeBefore(username));
+        }
+
+        @Override
+        public void onAuthorizeFail(String username) {
+            if (userAuthorizationListeners != null)
+                userAuthorizationListeners.forEach(listener -> listener.onAuthorizeFail(username));
+        }
+
+        @Override
+        public void onAuthorizeSuccess(boolean isRemembered, Authorization authorization) {
+            if (userAuthorizationListeners != null)
+                userAuthorizationListeners.forEach(listener -> listener.onAuthorizeSuccess(isRemembered, authorization));
+        }
+    }
+
+}

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-controller/src/main/java/org/hswebframework/web/controller/authorization/UserController.java

@@ -0,0 +1,107 @@
+/*
+ * Copyright 2016 http://www.hswebframework.org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+package org.hswebframework.web.controller.authorization;
+
+import org.hswebframework.web.annotation.AuthInfo;
+import org.hswebframework.web.authorization.Authorize;
+import org.hswebframework.web.commons.entity.param.QueryParamEntity;
+import org.hswebframework.web.controller.CreateController;
+import org.hswebframework.web.controller.QueryController;
+import org.hswebframework.web.controller.message.ResponseMessage;
+import org.hswebframework.web.entity.authorization.Authorization;
+import org.hswebframework.web.entity.authorization.UserEntity;
+import org.hswebframework.web.logging.AccessLogger;
+import org.hswebframework.web.service.authorization.UserService;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.web.bind.annotation.*;
+
+import static org.hswebframework.web.controller.message.ResponseMessage.*;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+@RestController
+@RequestMapping("${hsweb.web.mappings.user:user}")
+@Authorize(module = "user")
+@AccessLogger("用户管理")
+public class UserController implements QueryController<UserEntity, String, QueryParamEntity>, CreateController<UserEntity, String> {
+
+    private UserService userService;
+
+    @Autowired
+    public void setUserService(UserService userService) {
+        this.userService = userService;
+    }
+
+    @Override
+    public ResponseMessage list(QueryParamEntity param) {
+        return QueryController.super.list(param)
+                .exclude(UserEntity.class, "password", "salt");
+    }
+
+    @Override
+    @SuppressWarnings("unchecked")
+    public UserService getService() {
+        return userService;
+    }
+
+    @Authorize(action = "update")
+    @PutMapping(path = "/{id}")
+    @AccessLogger("根据主键修改数据")
+    public ResponseMessage updateByPrimaryKey(@PathVariable String id, @RequestBody UserEntity data) {
+        data.setId(id);
+        getService().update(data);
+        return ok();
+    }
+
+    @Authorize
+    @PutMapping(path = "/password")
+    @AccessLogger("修改当前用户密码")
+    public ResponseMessage updateLoginUserPassword(@AuthInfo Authorization authorization,
+                                                   @RequestParam String password,
+                                                   @RequestParam String oldPassword) {
+        getService().updatePassword(authorization.getUser().getId(), oldPassword, password);
+        return ok();
+    }
+
+    @Authorize(action = "update")
+    @PutMapping(path = "/password/{id}")
+    @AccessLogger("修改密码")
+    public ResponseMessage updateByPasswordPrimaryKey(@PathVariable String id,
+                                                      @RequestParam String password,
+                                                      @RequestParam String oldPassword) {
+        getService().updatePassword(id, oldPassword, password);
+        return ok();
+    }
+
+    @Authorize(action = "enable")
+    @PutMapping(path = "/{id}/enable")
+    @AccessLogger("启用用户")
+    public ResponseMessage enable(@PathVariable String id) {
+        return ok(getService().enable(id));
+    }
+
+    @Authorize(action = "disable")
+    @PutMapping(path = "/{id}/disable")
+    @AccessLogger("禁用用户")
+    public ResponseMessage disable(@PathVariable String id) {
+        return ok(getService().disable(id));
+    }
+}

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-entity/src/main/java/org/hswebframework/web/entity/authorization/PermissionEntity.java

@@ -1,8 +1,6 @@
 package org.hswebframework.web.entity.authorization;
 
 import org.hswebframework.web.commons.entity.GenericEntity;
-import org.hswebframework.web.commons.entity.SortSupport;
-import org.hswebframework.web.commons.entity.TreeSupport;
 
 import java.util.List;
 

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-entity/src/main/java/org/hswebframework/web/entity/authorization/SimpleActionEntity.java

@@ -1,6 +1,10 @@
 package org.hswebframework.web.entity.authorization;
 
 
+import java.util.Arrays;
+import java.util.List;
+import java.util.stream.Collectors;
+
 /**
  * TODO 完成注释
  *
@@ -59,4 +63,8 @@ public class SimpleActionEntity implements ActionEntity {
         target.setDefaultCheck(isDefaultCheck());
         return target;
     }
+
+    public static List<ActionEntity> create(String... actions) {
+        return Arrays.stream(actions).map(SimpleActionEntity::new).collect(Collectors.toList());
+    }
 }

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-service/hsweb-system-authorization-service-api/pom.xml

@@ -12,6 +12,11 @@
     <artifactId>hsweb-system-authorization-service-api</artifactId>
 
     <dependencies>
+        <dependency>
+            <groupId>org.hswebframework.web</groupId>
+            <artifactId>hsweb-authorization-api</artifactId>
+            <version>${project.version}</version>
+        </dependency>
         <dependency>
             <groupId>org.hswebframework.web</groupId>
             <artifactId>hsweb-commons-service-api</artifactId>

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-service/hsweb-system-authorization-service-api/src/main/java/org/hswebframework/web/service/authorization/PermissionService.java

@@ -10,6 +10,6 @@ import org.hswebframework.web.service.CrudService;
  *
  * @author zhouhao
  */
-public interface PermissionService<Q extends Entity> extends CrudService<PermissionEntity<ActionEntity>, String, Q> {
+public interface PermissionService extends CrudService<PermissionEntity<ActionEntity>, String> {
 
 }

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-service/hsweb-system-authorization-service-api/src/main/java/org/hswebframework/web/service/authorization/RoleService.java

@@ -1,6 +1,5 @@
 package org.hswebframework.web.service.authorization;
 
-import org.hswebframework.web.commons.entity.Entity;
 import org.hswebframework.web.entity.authorization.PermissionRoleEntity;
 import org.hswebframework.web.entity.authorization.RoleEntity;
 import org.hswebframework.web.entity.authorization.bind.BindPermissionRoleEntity;
@@ -12,10 +11,10 @@ import org.hswebframework.web.service.QueryByEntityService;
  *
  * @author zhouhao
  */
-public interface RoleService<Q extends Entity> extends
+public interface RoleService extends
         CreateEntityService<RoleEntity>,
-        QueryByEntityService<RoleEntity, Q> {
-    <T extends PermissionRoleEntity> String add(BindPermissionRoleEntity<T> roleEntity);
+        QueryByEntityService<RoleEntity> {
+    <T extends PermissionRoleEntity> String insert(BindPermissionRoleEntity<T> roleEntity);
 
     boolean enable(String roleId);
 
@@ -23,6 +22,6 @@ public interface RoleService<Q extends Entity> extends
 
     <T extends PermissionRoleEntity> boolean update(BindPermissionRoleEntity<T> roleEntity);
 
-    RoleEntity selectById(String roleId);
+    RoleEntity selectByPk(String roleId);
 
 }

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-service/hsweb-system-authorization-service-api/src/main/java/org/hswebframework/web/service/authorization/UserService.java

@@ -1,11 +1,11 @@
 package org.hswebframework.web.service.authorization;
 
-import org.hswebframework.web.entity.authorization.Authorization;
+import org.hswebframework.web.authorization.Authorization;
 import org.hswebframework.web.entity.authorization.UserEntity;
-import org.hswebframework.web.entity.authorization.bind.BindRoleUserEntity;
-import org.hswebframework.web.commons.entity.Entity;
 import org.hswebframework.web.service.CreateEntityService;
+import org.hswebframework.web.service.InsertService;
 import org.hswebframework.web.service.QueryByEntityService;
+import org.hswebframework.web.service.QueryService;
 
 import java.util.Date;
 
@@ -14,11 +14,11 @@ import java.util.Date;
  *
  * @author zhouhao
  */
-public interface UserService<Q extends Entity> extends
+public interface UserService extends
         CreateEntityService<UserEntity>,
-        QueryByEntityService<UserEntity, Q> {
-
-    String add(UserEntity userBean);
+        QueryByEntityService<UserEntity>,
+        QueryService<UserEntity, String>,
+        InsertService<UserEntity, String> {
 
     boolean enable(String userId);
 
@@ -28,8 +28,6 @@ public interface UserService<Q extends Entity> extends
 
     UserEntity selectByUsername(String username);
 
-    UserEntity selectById(String id);
-
     String encodePassword(String password, String salt);
 
     void updateLoginInfo(String userId, String ip, Date loginTime);

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-service/hsweb-system-authorization-service-api/src/main/java/org/hswebframework/web/service/authorization/VerifyCode.java

@@ -0,0 +1,31 @@
+/*
+ * Copyright 2016 http://www.hswebframework.org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+package org.hswebframework.web.service.authorization;
+
+import java.io.OutputStream;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface VerifyCode {
+    String getCode();
+
+    void write(OutputStream outputStream);
+}

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-service/hsweb-system-authorization-service-api/src/main/java/org/hswebframework/web/service/authorization/VerifyCodeGenerator.java

@@ -0,0 +1,32 @@
+/*
+ * Copyright 2016 http://www.hswebframework.org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+package org.hswebframework.web.service.authorization;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public interface VerifyCodeGenerator {
+
+    VerifyCode generate(int figures);
+
+    default VerifyCode generate() {
+        return generate(4);
+    }
+}

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-service/hsweb-system-authorization-service-simple/pom.xml

@@ -11,7 +11,6 @@
 
     <artifactId>hsweb-system-authorization-service-simple</artifactId>
 
-
     <dependencies>
         <dependency>
             <groupId>org.hswebframework</groupId>

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-service/hsweb-system-authorization-service-simple/src/main/java/org/hswebframework/web/service/authorization/simple/SimpleAuthorization.java

@@ -17,11 +17,15 @@
 
 package org.hswebframework.web.service.authorization.simple;
 
+import org.hswebframework.web.authorization.Authorization;
+import org.hswebframework.web.authorization.Permission;
+import org.hswebframework.web.authorization.Role;
+import org.hswebframework.web.authorization.User;
 import org.hswebframework.web.entity.authorization.*;
 
-import java.util.ArrayList;
-import java.util.Date;
-import java.util.List;
+import java.io.Serializable;
+import java.util.*;
+import java.util.function.Supplier;
 import java.util.stream.Collectors;
 
 /**
@@ -29,118 +33,205 @@ import java.util.stream.Collectors;
  *
  * @author zhouhao
  */
-class SimpleAuthorization implements Authorization {
-    private UserReadEntity                           userReadEntity;
-    private List<PermissionRoleReadEntity>           permissionRoleReadEntities;
-    private List<PermissionReadEntity<ActionEntity>> permissionReadEntities;
+public class SimpleAuthorization implements Authorization {
+    private ReadOnlyUser user;
+
+    private List<Role> roles;
+
+    private List<Permission> permissions;
+
+    private Map<String, Serializable> attributes = new HashMap<>();
+
+    public SimpleAuthorization() {
+    }
 
     public SimpleAuthorization(UserEntity user,
-                               List<PermissionRoleEntity> permissionRoleEntities,
-                               List<PermissionEntity<ActionEntity>> permissionReadEntities) {
-        final String userId = user.getId();
-        final String name = user.getName();
-        final String userName = user.getUsername();
-        final Date createDate = user.getCreateDate();
-        final Date lastLoginDate = user.getLastLoginDate();
-        final String lastLoginIp = user.getLastLoginIp();
-        final boolean enabled = user.isEnabled();
-        this.userReadEntity = new UserReadEntity() {
-            @Override
-            public String getId() {
-                return userId;
-            }
-
-            @Override
-            public String getName() {
-                return name;
-            }
-
-            @Override
-            public String getUsername() {
-                return userName;
-            }
-
-            public Date getCreateDate() {
-                return createDate;
-            }
-
-            public Date getLastLoginDate() {
-                return lastLoginDate;
-            }
-
-            @Override
-            public boolean isEnabled() {
-                return enabled;
-            }
-
-            @Override
-            public String getLastLoginIp() {
-                return lastLoginIp;
-            }
-        };
-        this.permissionRoleReadEntities = permissionRoleEntities.stream()
-                .map(permissionRoleEntity ->
-                        new PermissionRoleReadEntity() {
-                            @Override
-                            public String getRoleId() {
-                                return permissionRoleEntity.getRoleId();
-                            }
-
-                            @Override
-                            public String getPermissionId() {
-                                return permissionRoleEntity.getPermissionId();
-                            }
-
-                            @Override
-                            public List<String> getActions() {
-                                return new ArrayList<>(permissionRoleEntity.getActions());
-                            }
-                        }
-                ).collect(Collectors.toList());
-
-        this.permissionReadEntities = permissionReadEntities.stream()
-                .map(permission -> new PermissionReadEntity<ActionEntity>() {
-                    @Override
-                    public String getId() {
-                        return permission.getId();
-                    }
-
-                    @Override
-                    public String getName() {
-                        return permission.getName();
-                    }
-
-                    @Override
-                    public String getDescribe() {
-                        return permission.getDescribe();
-                    }
-
-                    @Override
-                    public byte getStatus() {
-                        return permission.getStatus();
-                    }
-
-                    @Override
-                    public List<ActionEntity> getActions() {
-                        return new ArrayList<>(permission.getActions());
-                    }
-                })
+                               List<RoleEntity> roleEntities,
+                               List<PermissionRoleEntity> permissionRoleEntities) {
+        this.user = new ReadOnlyUser(user.getId(), user.getUsername(), user.getName());
+        this.roles = roleEntities.stream()
+                .map(roleEntity -> new ReadOnlyRole(roleEntity.getId(), roleEntity.getDescribe()))
+                .collect(Collectors.toList());
+        this.permissions = permissionRoleEntities.stream()
+                .map(permissionRoleEntity -> new ReadOnlyPermission(permissionRoleEntity.getPermissionId(), permissionRoleEntity.getActions()))
                 .collect(Collectors.toList());
     }
 
+
     @Override
-    public UserReadEntity getUser() {
-        return userReadEntity;
+    public User getUser() {
+        return user;
     }
 
     @Override
-    public List<PermissionRoleReadEntity> getRoles() {
-        return permissionRoleReadEntities;
+    public List<Role> getRoles() {
+        return new ArrayList<>(roles);
     }
 
     @Override
-    public List<PermissionReadEntity<ActionEntity>> getPermissions() {
-        return permissionReadEntities;
+    public List<Permission> getPermissions() {
+        return new ArrayList<>(permissions);
+    }
+
+    @Override
+    public <T extends Serializable> T getAttribute(String name) {
+        return ((T) attributes.get(name));
+    }
+
+    @Override
+    public <T extends Serializable> T getAttribute(String name, T defaultValue) {
+        T val = getAttribute(name);
+        return val == null ? defaultValue : val;
+    }
+
+    @Override
+    public <T extends Serializable> T getAttribute(String name, Supplier<T> supplier) {
+        T val = getAttribute(name);
+        return val == null ? supplier.get() : val;
+    }
+
+    @Override
+    public void setAttribute(String name, Serializable value) {
+        attributes.put(name, value);
+    }
+
+    public void setUser(ReadOnlyUser user) {
+        checkWritable(this.user);
+        this.user = user;
+    }
+
+    public void setRoles(List<Role> roles) {
+        checkWritable(this.roles);
+        this.roles = roles;
+    }
+
+    public void setPermissions(List<Permission> permissions) {
+        checkWritable(this.permissions);
+        this.permissions = permissions;
+    }
+
+    public void setAttributes(Map<String, Serializable> attributes) {
+        this.attributes = attributes;
+    }
+
+
+    public static class ReadOnlyPermission implements Permission {
+        private String       id;
+        private List<String> actions;
+
+        public ReadOnlyPermission() {
+        }
+
+        public ReadOnlyPermission(String id, List<String> actions) {
+            this.id = id;
+            this.actions = actions;
+        }
+
+        @Override
+        public String getId() {
+            return id;
+        }
+
+        public void setId(String id) {
+            checkWritable(this.id);
+            this.id = id;
+        }
+
+        @Override
+        public List<String> getActions() {
+            return new ArrayList<>(actions);
+        }
+
+        public void setActions(List<String> actions) {
+            checkWritable(this.actions);
+            this.actions = new ArrayList<>(actions);
+        }
     }
 
+    public static class ReadOnlyRole implements Role {
+        private String id;
+
+        private String name;
+
+        public ReadOnlyRole() {
+        }
+
+        public ReadOnlyRole(String id, String name) {
+            this.id = id;
+            this.name = name;
+        }
+
+        @Override
+        public String getId() {
+            return id;
+        }
+
+        @Override
+        public String getName() {
+            return name;
+        }
+
+        public void setId(String id) {
+            checkWritable(this.id);
+            this.id = id;
+        }
+
+        public void setName(String name) {
+            checkWritable(this.name);
+            this.name = name;
+        }
+    }
+
+    public static class ReadOnlyUser implements User {
+        private String id;
+
+        private String username;
+
+        private String name;
+
+        public ReadOnlyUser() {
+        }
+
+        public ReadOnlyUser(String id, String username, String name) {
+            this.id = id;
+            this.username = username;
+            this.name = name;
+        }
+
+        @Override
+        public String getId() {
+            return id;
+        }
+
+        @Override
+        public String getUsername() {
+            return username;
+        }
+
+        @Override
+        public String getName() {
+            return name;
+        }
+
+        public void setId(String id) {
+            checkWritable(this.id);
+            this.id = id;
+        }
+
+        public void setUsername(String username) {
+            checkWritable(this.username);
+            this.username = username;
+        }
+
+        public void setName(String name) {
+            checkWritable(this.name);
+            this.name = name;
+        }
+    }
+
+    static final void checkWritable(Object obj) {
+        if (obj != null) {
+            throw new UnsupportedOperationException();
+        }
+    }
 }

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-service/hsweb-system-authorization-service-simple/src/main/java/org/hswebframework/web/service/authorization/simple/SimplePermissionService.java

@@ -1,6 +1,5 @@
 package org.hswebframework.web.service.authorization.simple;
 
-import org.hswebframework.web.commons.entity.param.QueryParamEntity;
 import org.hswebframework.web.dao.authorization.PermissionDao;
 import org.hswebframework.web.entity.authorization.ActionEntity;
 import org.hswebframework.web.entity.authorization.PermissionEntity;
@@ -16,7 +15,7 @@ import org.springframework.stereotype.Service;
  */
 @Service("permissionService")
 public class SimplePermissionService extends GenericEntityService<PermissionEntity<ActionEntity>, String>
-        implements PermissionService<QueryParamEntity> {
+        implements PermissionService {
     @Autowired
     private PermissionDao permissionDao;
 

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-service/hsweb-system-authorization-service-simple/src/main/java/org/hswebframework/web/service/authorization/simple/SimpleRoleService.java

@@ -17,7 +17,6 @@
 
 package org.hswebframework.web.service.authorization.simple;
 
-import org.hswebframework.web.commons.entity.param.QueryParamEntity;
 import org.hswebframework.web.dao.authorization.PermissionRoleDao;
 import org.hswebframework.web.dao.authorization.RoleDao;
 import org.hswebframework.web.entity.authorization.PermissionRoleEntity;
@@ -42,7 +41,7 @@ import java.util.List;
 @Transactional(rollbackFor = Throwable.class)
 @Service("roleService")
 public class SimpleRoleService extends AbstractService<RoleEntity, String>
-        implements RoleService<QueryParamEntity>, DefaultDSLQueryService<RoleEntity> {
+        implements RoleService, DefaultDSLQueryService<RoleEntity, String> {
 
     @Autowired
     private RoleDao roleDao;
@@ -64,9 +63,9 @@ public class SimpleRoleService extends AbstractService<RoleEntity, String>
     }
 
     @Override
-    public <T extends PermissionRoleEntity> String add(BindPermissionRoleEntity<T> roleEntity) {
+    public <T extends PermissionRoleEntity> String insert(BindPermissionRoleEntity<T> roleEntity) {
         tryValidateProperty(!StringUtils.hasLength(roleEntity.getId()), RoleEntity.id, "id {not_be_null}");
-        tryValidateProperty(null != selectById(roleEntity.getId()), RoleEntity.id, "{role_exists}");
+        tryValidateProperty(null != selectByPk(roleEntity.getId()), RoleEntity.id, "{role_exists}");
         tryValidate(roleEntity);
         roleDao.insert(roleEntity);
         syncPermissions(roleEntity.getId(), roleEntity.getPermissions());
@@ -84,14 +83,14 @@ public class SimpleRoleService extends AbstractService<RoleEntity, String>
     }
 
     @Override
-    public RoleEntity selectById(String roleId) {
+    public RoleEntity selectByPk(String roleId) {
         return createQuery().where(RoleEntity.id, roleId).single();
     }
 
     @Override
     public <T extends PermissionRoleEntity> boolean update(BindPermissionRoleEntity<T> roleEntity) {
         tryValidateProperty(!StringUtils.hasLength(roleEntity.getId()), RoleEntity.id, "id {not_be_null}");
-        tryValidateProperty(null == selectById(roleEntity.getId()), RoleEntity.id, "{role_not_exists}");
+        tryValidateProperty(null == selectByPk(roleEntity.getId()), RoleEntity.id, "{role_not_exists}");
         tryValidate(roleEntity);
         DefaultDSLUpdateService.createUpdate(roleDao)
                 .set("name", roleEntity.getName())

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-service/hsweb-system-authorization-service-simple/src/main/java/org/hswebframework/web/service/authorization/simple/SimpleUserService.java

@@ -1,9 +1,8 @@
 package org.hswebframework.web.service.authorization.simple;
 
 import org.apache.commons.codec.digest.DigestUtils;
-import org.hswebframework.web.BusinessException;
+import org.hswebframework.web.authorization.Authorization;
 import org.hswebframework.web.commons.entity.GenericEntity;
-import org.hswebframework.web.commons.entity.param.QueryParamEntity;
 import org.hswebframework.web.dao.authorization.*;
 import org.hswebframework.web.entity.authorization.*;
 import org.hswebframework.web.entity.authorization.bind.BindRoleUserEntity;
@@ -33,8 +32,7 @@ import java.util.stream.Collectors;
 @Transactional(rollbackFor = Throwable.class)
 @Service("userService")
 public class SimpleUserService extends AbstractService<UserEntity, String>
-        implements DefaultDSLQueryService<UserEntity>,
-        UserService<QueryParamEntity> {
+        implements DefaultDSLQueryService<UserEntity, String>, UserService {
 
     @Autowired(required = false)
     private PasswordStrengthValidator passwordStrengthValidator;
@@ -54,6 +52,9 @@ public class SimpleUserService extends AbstractService<UserEntity, String>
     @Autowired
     private PermissionDao permissionDao;
 
+    @Autowired
+    private RoleDao roleDao;
+
     @Override
     public String encodePassword(String password, String salt) {
         return DigestUtils.md5Hex(String.format("hsweb.%s.framework.%s", password, salt));
@@ -80,13 +81,13 @@ public class SimpleUserService extends AbstractService<UserEntity, String>
 
     @Override
     @Transactional(readOnly = true)
-    public UserEntity selectById(String id) {
+    public UserEntity selectByPk(String id) {
         Assert.notNull(id, "id:{not_be_null}");
         return createQuery().where(GenericEntity.id, id).single();
     }
 
     @Override
-    public String add(UserEntity userEntity) {
+    public String insert(UserEntity userEntity) {
         //判断用户是否已经存在
         tryValidateProperty(null == selectByUsername(userEntity.getUsername()), "username", "{username_exists}");
         //用户名合法性验证
@@ -173,7 +174,7 @@ public class SimpleUserService extends AbstractService<UserEntity, String>
 
     @Override
     public void updatePassword(String userId, String oldPassword, String newPassword) {
-        UserEntity userEntity = selectById(userId);
+        UserEntity userEntity = selectByPk(userId);
         assertNotNull(userEntity);
         oldPassword = encodePassword(oldPassword, userEntity.getSalt());
         if (!userEntity.getPassword().equals(oldPassword)) {
@@ -188,7 +189,7 @@ public class SimpleUserService extends AbstractService<UserEntity, String>
 
     @Override
     public Authorization initUserAuthorization(String userId) {
-        UserEntity userEntity = selectById(userId);
+        UserEntity userEntity = selectByPk(userId);
         assertNotNull(userEntity);
         //用户持有的角色
         List<UserRoleEntity> roleEntities = userRoleDao.selectByUserId(userId);
@@ -196,32 +197,17 @@ public class SimpleUserService extends AbstractService<UserEntity, String>
             return new SimpleAuthorization(userEntity, new ArrayList<>(), new ArrayList<>());
         }
         List<String> roleIdList = roleEntities.stream().map(UserRoleEntity::getRoleId).collect(Collectors.toList());
+
+        List<RoleEntity> roleEntityList = DefaultDSLQueryService.createQuery(roleDao).where().in(GenericEntity.id, roleIdList).noPaging().list();
         //权限角色关联信息
         List<PermissionRoleEntity> permissionRoleEntities = permissionRoleDao.selectByRoleIdList(roleIdList);
-        List<String> permissionIdList = permissionRoleEntities.stream().map(PermissionRoleEntity::getPermissionId).collect(Collectors.toList());
-        //权限信息
-        List<PermissionEntity<ActionEntity>> permissionEntities = DefaultDSLQueryService
-                .createQuery(permissionDao).where().in(GenericEntity.id, permissionIdList).noPaging().list();
-        return new SimpleAuthorization(userEntity, permissionRoleEntities, permissionEntities);
+        return new SimpleAuthorization(userEntity, roleEntityList, permissionRoleEntities);
     }
 
     @Override
     public Authorization initAdminAuthorization(String userId) {
-        UserEntity userEntity = selectById(userId);
+        UserEntity userEntity = selectByPk(userId);
         assertNotNull(userEntity);
-        //获取所有角色信息
-//        List<UserRoleEntity> roleEntities = DefaultDSLQueryService
-//                .createQuery(roleDao)
-//                .noPaging().list()
-//                .stream().map(role -> {
-//                    UserRoleEntity roleEntity = entityFactoryIsEnabled()
-//                            ? entityFactory.newInstance(UserRoleEntity.class)
-//                            : new SimpleUserRoleEntity();
-//                    roleEntity.setRoleId(role.getId());
-//                    roleEntity.setUserId(userId);
-//                    return roleEntity;
-//                }).collect(Collectors.toList());
-
         //所有权限信息
         List<PermissionEntity<ActionEntity>> permissionEntities = DefaultDSLQueryService
                 .createQuery(permissionDao).noPaging().list();
@@ -238,10 +224,17 @@ public class SimpleUserService extends AbstractService<UserEntity, String>
                             .collect(Collectors.toList()));
                     return entity;
                 }).collect(Collectors.toList());
-
-        return new SimpleAuthorization(userEntity, permissionRoleEntities, permissionEntities);
+        List<RoleEntity> roleEntityList = DefaultDSLQueryService.createQuery(roleDao).noPaging().list();
+        if (roleEntityList.isEmpty()) {
+            RoleEntity admin = entityFactory.newInstance(RoleEntity.class);
+            admin.setId("admin");
+            admin.setName("admin");
+            roleEntityList.add(admin);
+        }
+        return new SimpleAuthorization(userEntity, roleEntityList, permissionRoleEntities);
     }
 
+
     @Override
     public UserDao getDao() {
         return userDao;

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-starter/pom.xml

@@ -49,6 +49,11 @@
             <artifactId>hsweb-system-authorization-dao-mybatis</artifactId>
             <version>${project.version}</version>
         </dependency>
+        <dependency>
+            <groupId>org.hswebframework.web</groupId>
+            <artifactId>hsweb-system-authorization-controller</artifactId>
+            <version>${project.version}</version>
+        </dependency>
 
         <dependency>
             <groupId>com.h2database</groupId>

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-starter/src/test/java/org/hswebframework/web/starter/authorization/LoginTests.java

@@ -0,0 +1,70 @@
+/*
+ * Copyright 2016 http://www.hswebframework.org
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ *       http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ */
+
+package org.hswebframework.web.starter.authorization;
+
+import com.alibaba.fastjson.JSONObject;
+import org.apache.commons.codec.binary.Base64;
+import org.hswebframework.expands.security.Encrypt;
+import org.hswebframework.expands.security.rsa.RSAPublicEncrypt;
+import org.hswebframework.web.entity.authorization.UserEntity;
+import org.hswebframework.web.service.authorization.UserService;
+import org.hswebframework.web.tests.SimpleWebApplicationTests;
+import org.junit.After;
+import org.junit.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.util.Assert;
+
+import java.sql.SQLException;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public class LoginTests extends SimpleWebApplicationTests {
+
+    @Autowired
+    private UserService userService;
+
+    @After
+    public void clear() throws SQLException {
+        sqlExecutor.delete("delete from s_user");
+    }
+
+    @Test
+    public void testLogin() throws Exception {
+        UserEntity userEntity = userService.createEntity();
+        userEntity.setName("测试");
+        userEntity.setUsername("test");
+        userEntity.setPassword("password_1234");
+        userService.insert(userEntity);
+
+        //获取publicKey
+        String publicKey = testGet("/authorize/public-key").exec().resultAsJson().getString("data");
+        Assert.notNull(publicKey);
+        RSAPublicEncrypt publicEncrypt = Encrypt.rsa().publicEncrypt(publicKey);
+        String username = Base64.encodeBase64String(publicEncrypt.encrypt("test".getBytes()));
+        String password = Base64.encodeBase64String(publicEncrypt.encrypt("password_1234".getBytes()));
+        JSONObject json = testPost("/authorize/login").setUp((builder) -> {
+            builder.param("username", username);
+            builder.param("password", password);
+        }).exec().resultAsJson();
+
+        System.out.println(json);
+    }
+}

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-starter/src/test/java/org/hswebframework/web/starter/authorization/PermissionTests.java

@@ -40,7 +40,7 @@ import java.util.Arrays;
 public class PermissionTests extends SimpleWebApplicationTests {
 
     @Autowired
-    private PermissionService<QueryParamEntity> permissionService;
+    private PermissionService permissionService;
 
     @Autowired
     private SqlExecutor sqlExecutor;

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-starter/src/test/java/org/hswebframework/web/starter/authorization/UserTests.java

@@ -17,7 +17,6 @@
 
 package org.hswebframework.web.starter.authorization;
 
-import org.hswebframework.web.commons.entity.param.QueryParamEntity;
 import org.hswebframework.web.entity.authorization.Authorization;
 import org.hswebframework.web.entity.authorization.UserEntity;
 import org.hswebframework.web.service.authorization.PasswordStrengthValidator;
@@ -66,7 +65,7 @@ public class UserTests extends SimpleWebApplicationTests {
     }
 
     @Autowired
-    private UserService<QueryParamEntity> userService;
+    private UserService userService;
 
     @After
     public void clear() throws SQLException {
@@ -78,7 +77,7 @@ public class UserTests extends SimpleWebApplicationTests {
         userEntity.setName("测试");
         userEntity.setUsername("test");
         userEntity.setPassword("password_1234");
-        userService.add(userEntity);
+        userService.insert(userEntity);
         return userEntity;
     }
 
@@ -100,17 +99,17 @@ public class UserTests extends SimpleWebApplicationTests {
         userEntity.setUsername("test");
         userEntity.setPassword("123");
         try {
-            userService.add(userEntity);
+            userService.insert(userEntity);
             Assert.assertTrue(false);
         } catch (ValidationException e) {
             Assert.assertEquals(e.getResults().getResults().get(0).getMessage(), "密码强度太弱");
         }
         userEntity.setPassword("password_1234");
-        String id = userService.add(userEntity);
+        String id = userService.insert(userEntity);
 
         UserEntity newUserEntity = userEntity.clone();
         newUserEntity.setUsername("test2");
-        String antherId = userService.add(newUserEntity);
+        String antherId = userService.insert(newUserEntity);
 
         Assert.assertNotNull(id);
         Assert.assertEquals(userEntity.getPassword().length(), 32);

hsweb-system/hsweb-system-authorization/pom.xml

@@ -16,6 +16,7 @@
         <module>hsweb-system-authorization-dao</module>
         <module>hsweb-system-authorization-service</module>
         <module>hsweb-system-authorization-starter</module>
+        <module>hsweb-system-authorization-controller</module>
     </modules>