优化权限 增加jwt

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/token/MemoryUserTokenManager.java

@@ -67,7 +67,10 @@ public class MemoryUserTokenManager implements UserTokenManager {
 
     private SimpleUserToken checkTimeout(SimpleUserToken detail) {
         if (null == detail) return null;
-        if (System.currentTimeMillis() - detail.getLastRequestTime() > timeout * 1000) {
+        if(detail.getMaxInactiveInterval()<=0){
+            return detail;
+        }
+        if (System.currentTimeMillis() - detail.getLastRequestTime() >detail.getMaxInactiveInterval()) {
             detail.setState(TokenState.expired);
             return detail;
         }
@@ -152,7 +155,7 @@ public class MemoryUserTokenManager implements UserTokenManager {
     }
 
     @Override
-    public UserToken signIn(String token, String userId) {
+    public UserToken signIn(String token, String userId,long maxInactiveInterval) {
         SimpleUserToken detail = new SimpleUserToken(userId, token);
         if (null != authorizationListenerDispatcher)
             authorizationListenerDispatcher.doEvent(new UserSignInEvent(detail));
@@ -168,6 +171,7 @@ public class MemoryUserTokenManager implements UserTokenManager {
         } else {
             detail.setState(TokenState.effective);
         }
+        detail.setMaxInactiveInterval(maxInactiveInterval);
         tokenUserStorage.put(token, detail);
         return detail;
     }

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/token/SimpleUserToken.java

@@ -24,6 +24,17 @@ public class SimpleUserToken implements UserToken {
 
     private volatile long requestTimes;
 
+    private long maxInactiveInterval;
+
+    @Override
+    public long getMaxInactiveInterval() {
+        return maxInactiveInterval;
+    }
+
+    public void setMaxInactiveInterval(long maxInactiveInterval) {
+        this.maxInactiveInterval = maxInactiveInterval;
+    }
+
     public SimpleUserToken(String userId, String token) {
         this.userId = userId;
         this.token = token;

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/token/UserToken.java

@@ -44,6 +44,9 @@ public interface UserToken extends Serializable, Comparable<UserToken> {
      */
     TokenState getState();
 
+
+    long getMaxInactiveInterval();
+
     /**
      * @return 是否正常
      */

hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/token/UserTokenManager.java

@@ -107,7 +107,7 @@ public interface UserTokenManager {
      * @param token  token
      * @param userId 用户id
      */
-    UserToken signIn(String token, String userId);
+    UserToken signIn(String token, String userId,long maxInactiveInterval);
 
     /**
      * 更新token,使其不过期

hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/configuration/AuthorizingHandlerAutoConfiguration.java

@@ -13,7 +13,6 @@ import org.hswebframework.web.authorization.token.UserTokenManager;
 import org.springframework.beans.BeansException;
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.beans.factory.config.BeanPostProcessor;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnBean;
 import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.context.annotation.Bean;
@@ -22,6 +21,8 @@ import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
 
+import java.util.List;
+
 /**
  * TODO 完成注释
  *
@@ -48,7 +49,12 @@ public class AuthorizingHandlerAutoConfiguration {
     @Bean
     @ConditionalOnMissingBean(UserTokenParser.class)
     public UserTokenParser userTokenParser() {
-        return new DefaultUserTokenParser();
+        return new SessionIdUserTokenParser();
+    }
+
+    @Bean
+    public SessionIdUserTokenGenerator sessionIdUserTokenGenerator(){
+        return new SessionIdUserTokenGenerator();
     }
 
     @Bean
@@ -60,7 +66,7 @@ public class AuthorizingHandlerAutoConfiguration {
 
     @Bean
     public WebMvcConfigurer webUserTokenInterceptorConfigurer(UserTokenManager userTokenManager,
-                                                              UserTokenParser userTokenParser) {
+                                                              List<UserTokenParser> userTokenParser) {
         return new WebMvcConfigurerAdapter() {
             @Override
             public void addInterceptors(InterceptorRegistry registry) {

hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/DefaultUserTokenParser.java

@@ -1,28 +0,0 @@
-package org.hswebframework.web.authorization.basic.web;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpSession;
-import java.util.function.Predicate;
-
-/**
- * @author zhouhao
- */
-public class DefaultUserTokenParser implements UserTokenParser {
-    @Override
-    public String parseToken(HttpServletRequest request, Predicate<String> tokenValidate) {
-        String token = request.getParameter("access_token");
-        if (null != token) {
-            if (tokenValidate.test(token))
-                return token;
-        }
-
-        HttpSession session = request.getSession(false);
-
-        if (session != null) {
-            if (tokenValidate.test(session.getId()))
-                return session.getId();
-        }
-
-        return null;
-    }
-}

hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/SessionIdUserTokenGenerator.java

@@ -0,0 +1,48 @@
+package org.hswebframework.web.authorization.basic.web;
+
+import org.hswebframework.web.WebUtil;
+import org.hswebframework.web.authorization.Authentication;
+
+import javax.servlet.http.HttpServletRequest;
+import java.io.Serializable;
+import java.util.Collections;
+import java.util.Map;
+
+/**
+ * @author zhouhao
+ */
+public class SessionIdUserTokenGenerator implements UserTokenGenerator ,Serializable {
+
+    @Override
+    public String getSupportTokenType() {
+        return "sessionId";
+    }
+
+    @Override
+    public TokenResult generate(Authentication authentication) {
+        HttpServletRequest request= WebUtil.getHttpServletRequest();
+        if(null==request)throw new UnsupportedOperationException();
+
+
+        int timeout =request.getSession().getMaxInactiveInterval();
+
+        String sessionId = request.getSession().getId();
+
+        return new TokenResult() {
+            @Override
+            public Map<String, Object> getResponse() {
+                return Collections.emptyMap();
+            }
+
+            @Override
+            public String getToken() {
+                return sessionId;
+            }
+
+            @Override
+            public int getTimeout() {
+                return timeout;
+            }
+        };
+    }
+}

hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/SessionIdUserTokenParser.java

@@ -0,0 +1,22 @@
+package org.hswebframework.web.authorization.basic.web;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpSession;
+import java.util.function.Predicate;
+
+/**
+ * @author zhouhao
+ */
+public class SessionIdUserTokenParser implements UserTokenParser {
+    @Override
+    public String parseToken(HttpServletRequest request) {
+
+        HttpSession session = request.getSession(false);
+
+        if (session != null) {
+            return session.getId();
+        }
+
+        return null;
+    }
+}

hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/TokenResult.java

@@ -0,0 +1,15 @@
+package org.hswebframework.web.authorization.basic.web;
+
+import java.io.Serializable;
+import java.util.Map;
+
+/**
+ * Created by zhouhao on 2017/8/30.
+ */
+public interface TokenResult extends Serializable {
+    Map<String,Object> getResponse();
+
+    String getToken();
+
+    int getTimeout();
+}

hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/UserOnSignIn.java

@@ -6,31 +6,58 @@ import org.hswebframework.web.authorization.listener.AuthorizationListener;
 import org.hswebframework.web.authorization.listener.event.AuthorizationSuccessEvent;
 import org.hswebframework.web.authorization.token.UserToken;
 import org.hswebframework.web.authorization.token.UserTokenManager;
+import org.springframework.beans.factory.annotation.Autowired;
 
+import java.util.ArrayList;
+import java.util.List;
 import java.util.Optional;
 import java.util.UUID;
 
 /**
- * TODO 完成注释
- *
  * @author zhouhao
  */
 public class UserOnSignIn implements AuthorizationListener<AuthorizationSuccessEvent> {
+
+    private String defaultTokenType="sessionId";
+
     private UserTokenManager userTokenManager;
 
+    private List<UserTokenGenerator> userTokenGenerators=new ArrayList<>();
+
     public UserOnSignIn(UserTokenManager userTokenManager) {
         this.userTokenManager = userTokenManager;
     }
+
+    public void setDefaultTokenType(String defaultTokenType) {
+        this.defaultTokenType = defaultTokenType;
+    }
+
+    @Autowired(required = false)
+    public void setUserTokenGenerators(List<UserTokenGenerator> userTokenGenerators) {
+        this.userTokenGenerators = userTokenGenerators;
+    }
+
     @Override
     public void on(AuthorizationSuccessEvent event) {
         UserToken token = UserTokenHolder.currentToken();
-        String tokenType = (String) event.getParameter("token_type").orElse("sessionId");
+        String tokenType = (String) event.getParameter("token_type").orElse(defaultTokenType);
 
         if (token != null) {
+            //先退出已登陆的用户
             userTokenManager.signOutByToken(token.getToken());
         }
-        token = userTokenManager.signIn(createToken(tokenType), event.getAuthentication().getUser().getId());
-        event.getResult().put("token", token.getToken());
+        //创建token
+        TokenResult newToken = userTokenGenerators.stream()
+                .filter(generator->generator.getSupportTokenType().equals(tokenType))
+                .findFirst()
+                .orElseThrow(()->new UnsupportedOperationException(tokenType))
+                .generate(event.getAuthentication());
+        //登入
+        userTokenManager.signIn(newToken.getToken(), event.getAuthentication().getUser().getId(),newToken.getTimeout());
+
+
+        //响应结果
+        event.getResult().putAll(newToken.getResponse());
 
     }
 

hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/UserTokenGenerator.java

@@ -0,0 +1,15 @@
+package org.hswebframework.web.authorization.basic.web;
+
+import org.hswebframework.web.authorization.Authentication;
+
+/**
+ *
+ * 用户令牌生产器，用于在用户进行授权后生成令牌
+ * @author zhouhao
+ *
+ */
+public interface UserTokenGenerator {
+    String getSupportTokenType();
+
+    TokenResult generate(Authentication authentication);
+}

hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/UserTokenParser.java

@@ -9,5 +9,6 @@ import java.util.function.Predicate;
  * @author zhouhao
  */
 public interface UserTokenParser {
-    String parseToken(HttpServletRequest request, Predicate<String> tokenValidate);
+
+    String parseToken(HttpServletRequest request);
 }

hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/WebUserTokenInterceptor.java

@@ -1,12 +1,13 @@
 package org.hswebframework.web.authorization.basic.web;
 
-import org.hswebframework.web.authorization.exception.UnAuthorizedException;
 import org.hswebframework.web.authorization.token.UserToken;
 import org.hswebframework.web.authorization.token.UserTokenManager;
 import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
 
 import javax.servlet.http.HttpServletRequest;
 import javax.servlet.http.HttpServletResponse;
+import java.util.List;
+import java.util.Objects;
 
 /**
  * TODO 完成注释
@@ -17,16 +18,22 @@ public class WebUserTokenInterceptor extends HandlerInterceptorAdapter {
 
     private UserTokenManager userTokenManager;
 
-    private UserTokenParser userTokenParser;
+    private List<UserTokenParser> userTokenParser;
 
-    public WebUserTokenInterceptor(UserTokenManager userTokenManager, UserTokenParser userTokenParser) {
+    public WebUserTokenInterceptor(UserTokenManager userTokenManager, List<UserTokenParser> userTokenParser) {
         this.userTokenManager = userTokenManager;
         this.userTokenParser = userTokenParser;
     }
 
     @Override
     public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
-        String token = userTokenParser.parseToken(request, userTokenManager::tokenIsLoggedIn);
+        String token = userTokenParser.stream()
+                .map(parser->parser.parseToken(request))
+                .filter(Objects::nonNull)
+                .filter(userTokenManager::tokenIsLoggedIn)
+                .findFirst()
+                .orElse(null);
+
         if (null == token) {
             return true;
         }

hsweb-authorization/pom.xml

@@ -17,6 +17,7 @@
         <module>hsweb-authorization-shiro</module>
         <module>hsweb-authorization-security</module>
         <module>hsweb-authorization-basic</module>
+        <module>hsweb-authorization-jwt</module>
     </modules>