优化认证

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/events/AuthorizationFailedEvent.java

@@ -31,6 +31,7 @@ public class AuthorizationFailedEvent extends AbstractAuthorizationEvent {
     /**
      * 失败原因
      */
+    @Deprecated//已弃用，请根据exception判断
     private Reason reason;
 
     /**
@@ -58,6 +59,7 @@ public class AuthorizationFailedEvent extends AbstractAuthorizationEvent {
         return reason;
     }
 
+    @Deprecated//已弃用，请根据exception判断
     public enum Reason {
         PASSWORD_ERROR,
         USER_DISABLED,

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/exception/AuthenticationException.java

@@ -0,0 +1,25 @@
+package org.hswebframework.web.authorization.exception;
+
+import lombok.Getter;
+
+@Getter
+public class AuthenticationException extends RuntimeException {
+
+
+    public static String ILLEGAL_PASSWORD = "illegal_password";
+
+    public static String USER_DISABLED = "user_disabled";
+
+
+    private final String code;
+
+    public AuthenticationException(String code, String message) {
+        super(message);
+        this.code = code;
+    }
+
+    public AuthenticationException(String code, String message, Throwable cause) {
+        super(message, cause);
+        this.code = code;
+    }
+}

hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/AuthorizationController.java

@@ -27,9 +27,11 @@ import org.hswebframework.web.authorization.events.AuthorizationBeforeEvent;
 import org.hswebframework.web.authorization.events.AuthorizationDecodeEvent;
 import org.hswebframework.web.authorization.events.AuthorizationFailedEvent;
 import org.hswebframework.web.authorization.events.AuthorizationSuccessEvent;
+import org.hswebframework.web.authorization.exception.AuthenticationException;
 import org.hswebframework.web.authorization.exception.UnAuthorizedException;
 import org.hswebframework.web.authorization.simple.CompositeReactiveAuthenticationManager;
 import org.hswebframework.web.authorization.simple.PlainTextUsernamePasswordAuthenticationRequest;
+import org.hswebframework.web.logging.AccessLogger;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.ApplicationEventPublisher;
 import org.springframework.http.MediaType;
@@ -65,19 +67,12 @@ public class AuthorizationController {
     @PostMapping(value = "/login", consumes = MediaType.APPLICATION_JSON_VALUE)
     @ApiOperation("用户名密码登录,json方式")
     @Authorize(ignore = true)
+    @AccessLogger(ignore = true)
     public Mono<Map<String, Object>> authorizeByJson(@ApiParam(example = "{\"username\":\"admin\",\"password\":\"admin\"}")
                                                      @RequestBody Mono<Map<String, Object>> parameter) {
         return doLogin(parameter);
     }
 
-    @PostMapping(value = "/login", consumes = MediaType.APPLICATION_FORM_URLENCODED_VALUE)
-    @ApiOperation("用户名密码登录,参数方式")
-    @Authorize(ignore = true)
-    public Mono<Map<String, Object>> authorizeByUrlEncoded(@ApiParam(hidden = true) @RequestParam Map<String, Object> parameter) {
-
-        return doLogin(Mono.just(parameter));
-    }
-
     /**
      * <img src="https://raw.githubusercontent.com/hs-web/hsweb-framework/4.0.x/hsweb-authorization/hsweb-authorization-basic/img/autz-flow.png">
      */
@@ -105,7 +100,7 @@ public class AuthorizationController {
                                     .publish(eventPublisher)
                                     .then(authenticationManager
                                             .authenticate(Mono.just(new PlainTextUsernamePasswordAuthenticationRequest(username, password)))
-                                            .switchIfEmpty(Mono.error(() -> new IllegalArgumentException("密码错误")))
+                                            .switchIfEmpty(Mono.error(() -> new AuthenticationException(AuthenticationException.ILLEGAL_PASSWORD,"密码错误")))
                                             .flatMap(auth -> {
                                                 //触发授权成功事件
                                                 AuthorizationSuccessEvent event = new AuthorizationSuccessEvent(auth, parameterGetter);
@@ -114,7 +109,6 @@ public class AuthorizationController {
                                                         .publish(eventPublisher)
                                                         .then(Mono.fromCallable(event::getResult));
                                             }));
-
                         }));
             }).onErrorResume(err -> {
                 AuthorizationFailedEvent failedEvent = new AuthorizationFailedEvent(username_, password_, parameterGetter, reason);

hsweb-concurrent/hsweb-concurrent-cache/src/main/java/org/hswebframework/web/cache/supports/RedisReactiveCache.java

@@ -82,34 +82,17 @@ public class RedisReactiveCache<E> implements ReactiveCache<E> {
 
     @Override
     public Mono<Void> put(Object key, Publisher<E> data) {
-        if (data instanceof Mono) {
-            return ((Mono<?>) data)
-                    .flatMap(r -> {
-                        return operations.opsForHash()
-                                .put(redisKey, key, r)
-                                .then(localCache.put(key, data))
-                                .then(operations.convertAndSend(topicName, key));
-
-                    })
-                    .then()
-                    .onErrorResume(err -> this.handleError(err))
-                    ;
-        }
-        if (data instanceof Flux) {
-            return ((Flux<?>) data)
-                    .collectList()
-                    .flatMap(r -> {
-                        return operations.opsForHash()
-                                .put(redisKey, key, r)
-                                .then(localCache.put(key, data))
-                                .then(operations.convertAndSend(topicName, key));
-
-                    })
-                    .then()
-                    .onErrorResume(err -> this.handleError(err))
-                    ;
-        }
-        return Mono.error(new UnsupportedOperationException("unsupport publisher:" + data));
+        return Flux
+                .from(data)
+                .collectList()
+                .flatMap(r -> {
+                    return operations.opsForHash()
+                            .put(redisKey, key, r)
+                            .then(localCache.put(key, data))
+                            .then(operations.convertAndSend(topicName, key));
+                })
+                .then()
+                .onErrorResume(err -> this.handleError(err));
     }
 
     @Override

hsweb-logging/hsweb-access-logging-api/src/main/java/org/hswebframework/web/logging/AccessLogger.java

@@ -33,7 +33,7 @@ public @interface AccessLogger {
      * @return 对类或方法的简单说明
      * @see AccessLoggerInfo#getAction()
      */
-    String value();
+    String value() default "";
 
     /**
      * @return 对类或方法的详细描述

hsweb-system/hsweb-system-authorization/hsweb-system-authorization-default/src/main/java/org/hswebframework/web/system/authorization/defaults/service/DefaultReactiveAuthenticationManager.java

@@ -29,22 +29,21 @@ public class DefaultReactiveAuthenticationManager implements ReactiveAuthenticat
     @Autowired(required = false)
     private ReactiveCacheManager cacheManager;
 
-
     @EventListener
     public void handleClearAuthCache(ClearUserAuthorizationCacheEvent event) {
         if (cacheManager != null) {
             if (event.isAll()) {
                 cacheManager.getCache("user-auth")
                         .clear()
-                        .doOnSuccess(nil->log.info("clear all user authentication cache success"))
+                        .doOnSuccess(nil -> log.info("clear all user authentication cache success"))
                         .doOnError(err -> log.error(err.getMessage(), err))
                         .subscribe();
             } else {
                 cacheManager.getCache("user-auth")
                         .evictAll(event.getUserId())
                         .doOnError(err -> log.error(err.getMessage(), err))
-                        .doOnSuccess(__->log.info("clear user {} authentication cache success", event.getUserId()))
-                        .subscribe( );
+                        .doOnSuccess(__ -> log.info("clear user {} authentication cache success", event.getUserId()))
+                        .subscribe();
             }
         }
     }
@@ -56,7 +55,7 @@ public class DefaultReactiveAuthenticationManager implements ReactiveAuthenticat
                 .switchIfEmpty(Mono.error(() -> new UnsupportedOperationException("不支持的请求类型")))
                 .map(PlainTextUsernamePasswordAuthenticationRequest.class::cast)
                 .flatMap(pwdRequest -> reactiveUserService.findByUsernameAndPassword(pwdRequest.getUsername(), pwdRequest.getPassword()))
-                .switchIfEmpty(Mono.error(() -> new AccessDenyException("密码错误")))
+                .filter(user -> Byte.valueOf((byte) 1).equals(user.getStatus()))
                 .map(UserEntity::getId)
                 .flatMap(this::getByUserId);
     }