优化优化

hsweb-authorization/hsweb-authorization-api/pom.xml

@@ -16,5 +16,11 @@
             <artifactId>hsweb-boost-aop</artifactId>
             <version>${project.version}</version>
         </dependency>
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>servlet-api</artifactId>
+            <version>2.5</version>
+            <optional>true</optional>
+        </dependency>
     </dependencies>
 </project>

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/MultiAuthentication.java

@@ -0,0 +1,49 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization;
+
+import java.util.Set;
+
+/**
+ * 多用户权限,可同时登录多个用户,调用{@link Authentication}的方法为获取当前激活用户的权限
+ *
+ * @since 3.0
+ */
+public interface MultiAuthentication extends Authentication {
+
+    /**
+     * @return 所有权限信息
+     */
+    Set<Authentication> getAuthentications();
+
+    /**
+     * 激活指定的用户
+     *
+     * @param userId 用户ID
+     * @return 被激活的用户, 如果用户未登录, 则返回null
+     */
+    Authentication activate(String userId);
+
+    /**
+     * 添加一个授权
+     *
+     * @param authentication 授权信息
+     */
+    void addAuthentication(Authentication authentication);
+}

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/container/AuthenticationContainer.java

@@ -0,0 +1,62 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.container;
+
+import org.hswebframework.web.authorization.Authentication;
+
+import java.util.List;
+
+/**
+ * 授权容器,用来操作所有已经授权的用户
+ *
+ * @author zhouhao
+ * @since 3.0
+ */
+public interface AuthenticationContainer {
+
+    /**
+     * @param userId 用户ID
+     * @return 用户是否已经授权
+     */
+    boolean userIsAuthorized(String userId);
+
+    /**
+     * @return 已经授权的总人数
+     */
+    int totalAuthorizedUser();
+
+    /**
+     * @return 所有被授权的用户
+     */
+    List<Authentication> allAuthorizedUser();
+
+    /**
+     * 删除用户授权信息
+     *
+     * @param userId 用户ID
+     * @return 被删除的权限信息
+     */
+    Authentication removeAuthentication(String userId);
+
+    /**
+     * @param authentication
+     * @return 添加后被覆盖的权限信息 ,如果没有则返回null
+     */
+    Authentication addAuthentication(Authentication authentication);
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/api/OAuth2ServerService.java

@@ -1,47 +0,0 @@
-/*
- *  Copyright 2016 http://www.hswebframework.org
- *
- *  Licensed under the Apache License, Version 2.0 (the "License");
- *  you may not use this file except in compliance with the License.
- *  You may obtain a copy of the License at
- *
- *        http://www.apache.org/licenses/LICENSE-2.0
- *
- *  Unless required by applicable law or agreed to in writing, software
- *  distributed under the License is distributed on an "AS IS" BASIS,
- *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
- *  See the License for the specific language governing permissions and
- *  limitations under the License.
- *
- *
- */
-
-package org.hswebframework.web.authorization.oauth2.api;
-
-
-import org.hswebframework.web.authorization.oauth2.api.entity.OAuth2AccessEntity;
-import org.hswebframework.web.authorization.oauth2.api.entity.OAuth2ClientEntity;
-
-/**
- * @author zhouhao
- */
-public interface OAuth2ServerService {
-
-    OAuth2ClientEntity getClient(String clientId);
-
-    OAuth2ClientEntity getClient(String clientId, String clientSecret);
-
-    String requestCode(String clientId, String userId, String scope, String redirectUri);
-
-    OAuth2AccessEntity requestTokenByCode(String code, String clientId, String clientSecret, String scope, String redirectUri);
-
-    OAuth2AccessEntity requestTokenByClientCredential(String clientId, String clientSecret);
-
-    OAuth2AccessEntity requestTokenByPassword(String username, String password);
-
-    OAuth2AccessEntity requestTokenByImplicit(String clientId, String scope);
-
-    OAuth2AccessEntity refreshToken(String clientId, String clientSecret, String refreshToken, String scope);
-
-    OAuth2AccessEntity getAccessToken(String accessToken);
-}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-resource-server/pom.xml

@@ -30,4 +30,15 @@
     <artifactId>hsweb-authorization-oauth2-resource-server</artifactId>
 
 
+    <dependencies>
+        <dependency>
+            <groupId>org.springframework.boot</groupId>
+            <artifactId>spring-boot-starter</artifactId>
+        </dependency>
+        <dependency>
+            <groupId>org.hswebframework.web</groupId>
+            <artifactId>hsweb-authorization-oauth2-core</artifactId>
+            <version>${project.version}</version>
+        </dependency>
+    </dependencies>
 </project>

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-resource-server/src/main/java/org/hswebframework/web/authorization/oauth2/resource/EnableOAuth2ResourceServer.java

@@ -0,0 +1,17 @@
+package org.hswebframework.web.authorization.oauth2.resource;
+
+import org.springframework.boot.autoconfigure.ImportAutoConfiguration;
+
+import java.lang.annotation.*;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+@Target(ElementType.TYPE)
+@Retention(RetentionPolicy.RUNTIME)
+@Documented
+@ImportAutoConfiguration(OAuth2ResourceServerAutoConfigruation.class)
+public @interface EnableOAuth2ResourceServer {
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-resource-server/src/main/java/org/hswebframework/web/authorization/oauth2/resource/OAuth2ResourceServerAutoConfigruation.java

@@ -0,0 +1,13 @@
+package org.hswebframework.web.authorization.oauth2.resource;
+
+import org.springframework.context.annotation.Configuration;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+@Configuration
+public class OAuth2ResourceServerAutoConfigruation {
+
+}

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-resource-server/src/main/java/org/hswebframework/web/authorization/oauth2/resource/OAuth2ResourceServerProperties.java

@@ -0,0 +1,18 @@
+package org.hswebframework.web.authorization.oauth2.resource;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public class OAuth2ResourceServerProperties {
+    private String url;
+
+    private String authInfoUri = "/oauth2/auth-info";
+
+    private String clientId;
+
+    private String clientSecuret;
+
+
+}

hsweb-authorization/hsweb-authorization-shiro/src/main/java/org/hswebframework/web/authorization/shiro/SimpleMultiAuthentication.java

@@ -0,0 +1,100 @@
+/*
+ *  Copyright 2016 http://www.hswebframework.org
+ *
+ *  Licensed under the Apache License, Version 2.0 (the "License");
+ *  you may not use this file except in compliance with the License.
+ *  You may obtain a copy of the License at
+ *
+ *        http://www.apache.org/licenses/LICENSE-2.0
+ *
+ *  Unless required by applicable law or agreed to in writing, software
+ *  distributed under the License is distributed on an "AS IS" BASIS,
+ *  WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ *  See the License for the specific language governing permissions and
+ *  limitations under the License.
+ *
+ *
+ */
+
+package org.hswebframework.web.authorization.shiro;
+
+import org.hswebframework.web.authorization.*;
+
+import java.io.Serializable;
+import java.util.*;
+import java.util.stream.Collectors;
+
+/**
+ * TODO 完成注释
+ *
+ * @author zhouhao
+ */
+public class SimpleMultiAuthentication implements MultiAuthentication {
+
+    private Set<String> authenticationStore = new HashSet<>(4);
+
+    private String activeUserId;
+
+    @Override
+    public User getUser() {
+        return AuthenticationHolder.get(activeUserId).getUser();
+    }
+
+    @Override
+    public List<Role> getRoles() {
+        return AuthenticationHolder.get(activeUserId).getRoles();
+    }
+
+    @Override
+    public List<Permission> getPermissions() {
+        return AuthenticationHolder.get(activeUserId).getPermissions();
+    }
+
+    @Override
+    public <T extends Serializable> Optional<T> getAttribute(String name) {
+        return AuthenticationHolder.get(activeUserId).getAttribute(name);
+    }
+
+    @Override
+    public void setAttribute(String name, Serializable object) {
+        AuthenticationHolder.get(activeUserId).setAttribute(name, object);
+    }
+
+    @Override
+    public void setAttributes(Map<String, Serializable> attributes) {
+        AuthenticationHolder.get(activeUserId).setAttributes(attributes);
+    }
+
+    @Override
+    public <T extends Serializable> T removeAttributes(String name) {
+        return AuthenticationHolder.get(activeUserId).removeAttributes(name);
+    }
+
+    @Override
+    public Map<String, Serializable> getAttributes() {
+        return AuthenticationHolder.get(activeUserId).getAttributes();
+    }
+
+    @Override
+    public Set<Authentication> getAuthentications() {
+        return authenticationStore.stream()
+                .map(AuthenticationHolder::get)
+                .filter(Objects::nonNull)
+                .collect(Collectors.toSet());
+    }
+
+    @Override
+    public Authentication activate(String userId) {
+        if (!authenticationStore.contains(userId)) return null;
+        this.activeUserId = userId;
+        return AuthenticationHolder.get(userId);
+    }
+
+    @Override
+    public void addAuthentication(Authentication authentication) {
+        if (activeUserId == null) {
+            activeUserId = authentication.getUser().getId();
+        }
+        authenticationStore.add(authentication.getUser().getId());
+    }
+}

hsweb-authorization/pom.xml

@@ -15,6 +15,7 @@
         <module>hsweb-authorization-api</module>
         <module>hsweb-authorization-oauth2</module>
         <module>hsweb-authorization-shiro</module>
+        <module>hsweb-authorization-security</module>
     </modules>
 
 

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/api/entity/AuthorizationCodeEntity.java

@@ -16,7 +16,7 @@
  *
  */
 
-package org.hswebframework.web.authorization.oauth2.api.entity;
+package org.hswebframework.web.authorization.oauth2.server.entity;
 
 import org.hswebframework.web.authorization.oauth2.server.support.code.AuthorizationCode;
 import org.hswebframework.web.commons.entity.Entity;

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/api/entity/OAuth2AccessEntity.java

@@ -16,7 +16,7 @@
  *
  */
 
-package org.hswebframework.web.authorization.oauth2.api.entity;
+package org.hswebframework.web.authorization.oauth2.server.entity;
 
 import org.hswebframework.web.authorization.oauth2.server.OAuth2AccessToken;
 import org.hswebframework.web.commons.entity.Entity;

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/api/entity/OAuth2ClientEntity.java

@@ -16,7 +16,7 @@
  *
  */
 
-package org.hswebframework.web.authorization.oauth2.api.entity;
+package org.hswebframework.web.authorization.oauth2.server.entity;
 
 import org.hswebframework.web.authorization.oauth2.server.client.OAuth2Client;
 import org.hswebframework.web.commons.entity.GenericEntity;

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/api/entity/SimpleAuthorizationCodeEntity.java

@@ -16,7 +16,7 @@
  *
  */
 
-package org.hswebframework.web.authorization.oauth2.api.entity;
+package org.hswebframework.web.authorization.oauth2.server.entity;
 
 
 import java.util.Set;

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/api/entity/SimpleOAuth2AccessEntity.java

@@ -16,7 +16,7 @@
  *
  */
 
-package org.hswebframework.web.authorization.oauth2.api.entity;
+package org.hswebframework.web.authorization.oauth2.server.entity;
 
 import java.util.Set;
 

hsweb-authorization/hsweb-authorization-oauth2/hsweb-authorization-oauth2-auth-server/src/main/java/org/hswebframework/web/authorization/oauth2/api/entity/SimpleOAuth2ClientEntity.java

@@ -16,11 +16,10 @@
  *
  */
 
-package org.hswebframework.web.authorization.oauth2.api.entity;
+package org.hswebframework.web.authorization.oauth2.server.entity;
 
 import org.hswebframework.web.commons.entity.SimpleGenericEntity;
 
-import java.util.List;
 import java.util.Set;
 
 /**