7 years ago · f342de5bb8
--- a/hsweb-authorization/hsweb-authorization-api/README.md
+++ b/hsweb-authorization/hsweb-authorization-api/README.md
@@ -1,6 +1,10 @@
 
				 # 权限控制API
			
 
				 用于权限控制的API接口,支持RBAC权限控制,支持数据级（控制到行,列）权限控制.
			
 
				 
			
 
				+[用户令牌管理](token.md)
			
 
				+
			
 
				+[权限控制配置](define.md)
			
 
				+
			
 
				 # 介绍
			
 
				 
			
 
				 以下讲到的类都是基于包:org.hswebframework.web.authorization
			
@@ -52,4 +56,5 @@ public class CustomAuthorizationSuccessListener implements AuthorizationListener
 
				             System.out.println(authentication.getUser().getName()+"登录啦");
			
 
				         }
			
 
				 }
			
 
				-```
			
 
				+```
			
 
				+
			
--- a/hsweb-authorization/hsweb-authorization-api/define.md
+++ b/hsweb-authorization/hsweb-authorization-api/define.md
@@ -0,0 +1,3 @@
 
				+# 权限配置定义
			
 
				+
			
 
				+用于告诉权限框架哪些请求需要进行权限控制,怎么控制.
			
--- a/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/define/AuthorizingContext.java
+++ b/hsweb-authorization/hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/define/AuthorizingContext.java
@@ -1,7 +1,7 @@
 
				 package org.hswebframework.web.authorization.define;
			
 
				 
			
 
				 import org.hswebframework.web.authorization.Authentication;
			
 
				-import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
			
 
				+import org.hswebframework.web.boost.aop.context.MethodInterceptorContext;
			
 
				 
			
 
				 /**
			
 
				  * 权限控制上下文
			
@@ -11,7 +11,7 @@ public class AuthorizingContext {
 
				 
			
 
				     private Authentication authentication;
			
 
				 
			
 
				-    private MethodInterceptorParamContext paramContext;
			
 
				+    private MethodInterceptorContext paramContext;
			
 
				 
			
 
				     public AuthorizeDefinition getDefinition() {
			
 
				         return definition;
			
@@ -29,11 +29,11 @@ public class AuthorizingContext {
 
				         this.authentication = authentication;
			
 
				     }
			
 
				 
			
 
				-    public MethodInterceptorParamContext getParamContext() {
			
 
				+    public MethodInterceptorContext getParamContext() {
			
 
				         return paramContext;
			
 
				     }
			
 
				 
			
 
				-    public void setParamContext(MethodInterceptorParamContext paramContext) {
			
 
				+    public void setParamContext(MethodInterceptorContext paramContext) {
			
 
				         this.paramContext = paramContext;
			
 
				     }
			
 
				 }
			
--- a/hsweb-authorization/hsweb-authorization-api/token.md
+++ b/hsweb-authorization/hsweb-authorization-api/token.md
@@ -0,0 +1,3 @@
 
				+# 用户令牌管理
			
 
				+用于管理已授权的用户,并这些用户进行操作,如: 统计人数,踢下线,禁止多地点同时登录等操作
			
 
				+
			
--- a/hsweb-authorization/hsweb-authorization-basic/README.md
+++ b/hsweb-authorization/hsweb-authorization-basic/README.md
@@ -0,0 +1,49 @@
 
				+# 权限控制基础实现
			
 
				+
			
 
				+1. 实现RBAC权限控制
			
 
				+2. 实现数据权限控制
			
 
				+3. 可动态进行权限配置设置
			
 
				+
			
 
				+默认仅提供了aop方式的权限控制,控制逻辑如下:
			
 
				+1. `AopAuthorizingController` aop拦截所有controller方法(注解了:`Controller`或者`RestController`的类的方法)
			
 
				+2. 在客户端发起请求的时候,将拦截到的方法信息(`MethodInterceptorContext`)传给权限定义解析器(`AopMethodAuthorizeDefinitionParser`)
			
 
				+进行解析
			
 
				+3. 框架默认实现的解析器会先调用所有的`AopMethodAuthorizeDefinitionCustomizerParser`获取自定义的配置(实现`AopMethodAuthorizeDefinitionCustomizerParser`接口并注入到spring即可,自定义未进行缓存,请自行实现缓存策略)
			
 
				+如果没有,则获取缓存,如果缓存不存在就开始解析方法以及类上的注解,并放入缓存后返回权限配
			
 
				+4. 如果解析器返回的结果不为空,并且用户已经登录,则调用`AuthorizingHandler`进行权限控制
			
 
				+5. 默认的权限控制实现`DefaultAuthorizingHandler`,将分别进行RBAC,数据权限,表达式方式的权限控制.
			
 
				+6. 如果授权未通过,则抛出`AccessDenyException`异常
			
 
				+
			
 
				+## 授权
			
 
				+使用`hsweb-authorization-api`提供的授权方式:类`UserOnSignIn`监听用户授权事件`AuthorizationSuccessEvent`
			
 
				+当用户完成授权,授权的方式可自行处理,或者使用框架默认的授权方式.授权通过后会触发该事件.流程如下
			
 
				+
			
 
				+1. 授权接口完成授权,触发AuthorizationSuccessEvent
			
 
				+2. `UserOnSignIn` 收到事件,获取参数`token_type`(默认为`sessionId`)
			
 
				+3. 根据`token_type` 生成token.
			
 
				+4. 将token信息注册到`UserTokenManager`
			
 
				+5. 将token返回给授权接口
			
 
				+
			
 
				+## 注销
			
 
				+与授权同理,类`UserOnSignOut`监听`AuthorizationExitEvent` ,当触发事件后,调用`UserTokenManager`移除当前登录的token信息
			
 
				+
			
 
				+## rbac权限控制
			
 
				+默认对注解`Authorize`进行实现,具体功能,请查看源代码
			
 
				+
			
 
				+## 数据权限
			
 
				+原理: 通过用户的权限信息,对aop拦截到的参数进行操作
			
 
				+
			
 
				+约束: 对方法的参数有要求,如动态查询需要有参数`QueryParamEntity`,controller需要实现`hsweb-commons-controller`中提供的通用controller等
			
 
				+
			
 
				+例如:用户设置了 机构管理权限(org)只能查询(query)自己和下属的机构.
			
 
				+通过获取拦截到方法的动态查询参数`QueryParamEntity`,对参数进行重构,
			
 
				+客户端的查询条件翻译为sql:
			
 
				+```sql
			
 
				+where name like ? or full_name like
			
 
				+```     
			
 
				+     
			
 
				+重构后为:
			
 
				+```sql
			
 
				+--u_id in (用户可访问的机构id)
			
 
				+where u_id in(?,?,?) and (name like ? or full_name like)
			
 
				+```
			
--- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/AopAuthorizingController.java
+++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/AopAuthorizingController.java
@@ -8,7 +8,7 @@ import org.hswebframework.web.authorization.basic.handler.AuthorizingHandler;
 
				 import org.hswebframework.web.authorization.define.AuthorizeDefinition;
			
 
				 import org.hswebframework.web.authorization.exception.UnAuthorizedException;
			
 
				 import org.hswebframework.web.boost.aop.context.MethodInterceptorHolder;
			
 
				-import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
			
 
				+import org.hswebframework.web.boost.aop.context.MethodInterceptorContext;
			
 
				 import org.springframework.aop.support.StaticMethodMatcherPointcutAdvisor;
			
 
				 import org.springframework.stereotype.Controller;
			
 
				 import org.springframework.web.bind.annotation.RestController;
			
@@ -25,7 +25,7 @@ public class AopAuthorizingController extends StaticMethodMatcherPointcutAdvisor
 
				 
			
 
				             MethodInterceptorHolder holder = MethodInterceptorHolder.create(methodInvocation);
			
 
				 
			
 
				-            MethodInterceptorParamContext paramContext = holder.createParamContext();
			
 
				+            MethodInterceptorContext paramContext = holder.createParamContext();
			
 
				 
			
 
				             AuthorizeDefinition definition = aopMethodAuthorizeDefinitionParser.parse(paramContext);
			
 
				 
			
--- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/AopMethodAuthorizeDefinitionParserCustomer.java
+++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/AopMethodAuthorizeDefinitionParserCustomer.java
@@ -1,13 +1,13 @@
 
				 package org.hswebframework.web.authorization.basic.aop;
			
 
				 
			
 
				 import org.hswebframework.web.authorization.define.AuthorizeDefinition;
			
 
				-import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
			
 
				+import org.hswebframework.web.boost.aop.context.MethodInterceptorContext;
			
 
				 
			
 
				 /**
			
 
				  * 自定义权限控制定义，在拦截到方法后，优先使用此接口来获取权限控制方式
			
 
				  * @see AuthorizeDefinition
			
 
				  * @author zhouhao
			
 
				  */
			
 
				-public interface AopMethodAuthorizeDefinitionParserCustomer {
			
 
				-    AuthorizeDefinition parse(MethodInterceptorParamContext context);
			
 
				+public interface AopMethodAuthorizeDefinitionCustomizerParser {
			
 
				+    AuthorizeDefinition parse(MethodInterceptorContext context);
			
 
				 }
			
--- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/AopMethodAuthorizeDefinitionParser.java
+++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/AopMethodAuthorizeDefinitionParser.java
@@ -1,7 +1,7 @@
 
				 package org.hswebframework.web.authorization.basic.aop;
			
 
				 
			
 
				 import org.hswebframework.web.authorization.define.AuthorizeDefinition;
			
 
				-import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
			
 
				+import org.hswebframework.web.boost.aop.context.MethodInterceptorContext;
			
 
				 
			
 
				 /**
			
 
				  * 权限控制定义解析器,用于解析被拦截的请求是否需要进行权限控制,以及权限控制的方式
			
@@ -17,5 +17,5 @@ public interface AopMethodAuthorizeDefinitionParser {
 
				      * @param paramContext 被拦截的方法上下文
			
 
				      * @return 权限控制定义, 如果不进行权限控制则返回{@code null}
			
 
				      */
			
 
				-    AuthorizeDefinition parse(MethodInterceptorParamContext paramContext);
			
 
				+    AuthorizeDefinition parse(MethodInterceptorContext paramContext);
			
 
				 }
			
--- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/DefaultAopMethodAuthorizeDefinitionParser.java
+++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/aop/DefaultAopMethodAuthorizeDefinitionParser.java
@@ -7,7 +7,7 @@ import org.hswebframework.web.authorization.annotation.RequiresExpression;
 
				 import org.hswebframework.web.authorization.basic.define.DefaultBasicAuthorizeDefinition;
			
 
				 import org.hswebframework.web.authorization.basic.define.EmptyAuthorizeDefinition;
			
 
				 import org.hswebframework.web.authorization.define.AuthorizeDefinition;
			
 
				-import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
			
 
				+import org.hswebframework.web.boost.aop.context.MethodInterceptorContext;
			
 
				 import org.springframework.beans.factory.annotation.Autowired;
			
 
				 import org.springframework.util.CollectionUtils;
			
 
				 
			
@@ -29,16 +29,16 @@ public class DefaultAopMethodAuthorizeDefinitionParser implements AopMethodAutho
 
				     private Map<Method, AuthorizeDefinition> cache = new ConcurrentHashMap<>();
			
 
				 
			
 
				 
			
 
				-    private List<AopMethodAuthorizeDefinitionParserCustomer> parserCustomers;
			
 
				+    private List<AopMethodAuthorizeDefinitionCustomizerParser> parserCustomers;
			
 
				 
			
 
				 
			
 
				     @Autowired(required = false)
			
 
				-    public void setParserCustomers(List<AopMethodAuthorizeDefinitionParserCustomer> parserCustomers) {
			
 
				+    public void setParserCustomers(List<AopMethodAuthorizeDefinitionCustomizerParser> parserCustomers) {
			
 
				         this.parserCustomers = parserCustomers;
			
 
				     }
			
 
				 
			
 
				     @Override
			
 
				-    public AuthorizeDefinition parse(MethodInterceptorParamContext paramContext) {
			
 
				+    public AuthorizeDefinition parse(MethodInterceptorContext paramContext) {
			
 
				 
			
 
				         AuthorizeDefinition definition = cache.get(paramContext.getMethod());
			
 
				         if (definition != null) return definition instanceof EmptyAuthorizeDefinition ? null : definition;
			
--- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/DefaultAuthorizingHandler.java
+++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/DefaultAuthorizingHandler.java
@@ -12,7 +12,7 @@ import org.hswebframework.web.authorization.annotation.Logical;
 
				 import org.hswebframework.web.authorization.define.AuthorizeDefinition;
			
 
				 import org.hswebframework.web.authorization.define.AuthorizingContext;
			
 
				 import org.hswebframework.web.authorization.exception.AccessDenyException;
			
 
				-import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
			
 
				+import org.hswebframework.web.boost.aop.context.MethodInterceptorContext;
			
 
				 import org.slf4j.Logger;
			
 
				 import org.slf4j.LoggerFactory;
			
 
				 
			
@@ -85,7 +85,7 @@ public class DefaultAuthorizingHandler implements AuthorizingHandler {
 
				 
			
 
				     }
			
 
				 
			
 
				-    protected void handleExpression(Authentication authentication, AuthorizeDefinition definition, MethodInterceptorParamContext paramContext) {
			
 
				+    protected void handleExpression(Authentication authentication, AuthorizeDefinition definition, MethodInterceptorContext paramContext) {
			
 
				         if (definition.getScript() != null) {
			
 
				             String scriptId = DigestUtils.md5Hex(definition.getScript().getScript());
			
 
				 
			
--- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/CustomDataAccessHandler.java
+++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/CustomDataAccessHandler.java
@@ -22,7 +22,6 @@ import org.hswebframework.web.authorization.access.CustomDataAccessConfig;
 
				 import org.hswebframework.web.authorization.access.DataAccessConfig;
			
 
				 import org.hswebframework.web.authorization.access.DataAccessHandler;
			
 
				 import org.hswebframework.web.authorization.define.AuthorizingContext;
			
 
				-import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
			
 
				 
			
 
				 /**
			
 
				  * 当配置为自定义处理器时(实现{@link CustomDataAccessConfig }接口),此处理器生效
			
--- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/DefaultDataAccessController.java
+++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/DefaultDataAccessController.java
@@ -4,7 +4,6 @@ import org.hswebframework.web.authorization.access.DataAccessConfig;
 
				 import org.hswebframework.web.authorization.access.DataAccessController;
			
 
				 import org.hswebframework.web.authorization.access.DataAccessHandler;
			
 
				 import org.hswebframework.web.authorization.define.AuthorizingContext;
			
 
				-import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
			
 
				 
			
 
				 import java.util.LinkedList;
			
 
				 import java.util.List;
			
--- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/FieldFilterDataAccessHandler.java
+++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/FieldFilterDataAccessHandler.java
@@ -6,7 +6,6 @@ import org.hswebframework.web.authorization.access.DataAccessConfig;
 
				 import org.hswebframework.web.authorization.access.DataAccessHandler;
			
 
				 import org.hswebframework.web.authorization.access.FieldFilterDataAccessConfig;
			
 
				 import org.hswebframework.web.authorization.define.AuthorizingContext;
			
 
				-import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
			
 
				 import org.hswebframework.web.commons.entity.Entity;
			
 
				 import org.hswebframework.web.commons.entity.param.QueryParamEntity;
			
 
				 import org.hswebframework.web.commons.model.Model;
			
--- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/FieldScopeDataAccessHandler.java
+++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/FieldScopeDataAccessHandler.java
@@ -8,9 +8,7 @@ import org.hswebframework.web.authorization.Permission;
 
				 import org.hswebframework.web.authorization.access.DataAccessConfig;
			
 
				 import org.hswebframework.web.authorization.access.DataAccessHandler;
			
 
				 import org.hswebframework.web.authorization.access.FieldScopeDataAccessConfig;
			
 
				-import org.hswebframework.web.authorization.annotation.RequiresDataAccess;
			
 
				 import org.hswebframework.web.authorization.define.AuthorizingContext;
			
 
				-import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
			
 
				 import org.hswebframework.web.commons.entity.param.QueryParamEntity;
			
 
				 import org.hswebframework.web.controller.QueryController;
			
 
				 import org.hswebframework.web.service.QueryService;
			
--- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/ScriptDataAccessHandler.java
+++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/handler/access/ScriptDataAccessHandler.java
@@ -9,7 +9,6 @@ import org.hswebframework.web.authorization.access.DataAccessConfig;
 
				 import org.hswebframework.web.authorization.access.DataAccessHandler;
			
 
				 import org.hswebframework.web.authorization.access.ScriptDataAccessConfig;
			
 
				 import org.hswebframework.web.authorization.define.AuthorizingContext;
			
 
				-import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
			
 
				 
			
 
				 /**
			
 
				  * TODO 完成注释
			
--- a/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/UserOnSignOut.java
+++ b/hsweb-authorization/hsweb-authorization-basic/src/main/java/org/hswebframework/web/authorization/basic/web/UserOnSignOut.java
@@ -1,7 +1,5 @@
 
				 package org.hswebframework.web.authorization.basic.web;
			
 
				 
			
 
				-import org.hswebframework.web.ThreadLocalUtils;
			
 
				-import org.hswebframework.web.WebUtil;
			
 
				 import org.hswebframework.web.authorization.listener.AuthorizationListener;
			
 
				 import org.hswebframework.web.authorization.listener.event.AuthorizationExitEvent;
			
 
				 import org.hswebframework.web.authorization.token.UserToken;
			
@@ -25,7 +23,7 @@ public class UserOnSignOut implements AuthorizationListener<AuthorizationExitEve
 
				     }
			
 
				 
			
 
				     protected String geToken() {
			
 
				-        // TODO: 17-8-16 更多创建方式
			
 
				-        return ThreadLocalUtils.<UserToken>get(UserToken.class.getName()).getToken();
			
 
				+        UserToken token = UserTokenHolder.currentToken();
			
 
				+        return null != token ? token.getToken() : null;
			
 
				     }
			
 
				 }
			
--- a/hsweb-authorization/hsweb-authorization-shiro/README.md
+++ b/hsweb-authorization/hsweb-authorization-shiro/README.md
@@ -1,36 +1,3 @@
 
				 # shiro 权限控制实现
			
 
				 
			
 
				-[shiro官方文档](http://shiro.apache.org/documentation.html)
			
 
				-
			
 
				-本模块对shiro进行拓展,增加对[hsweb-authorization-api](../hsweb-authorization-api)中的注解进行实现。
			
 
				-实现类如下:
			
 
				-
			
 
				-| 注解名称       | 实现类       | 
			
 
				-| ------------- |:-------------:| 
			
 
				-| [`@Authorize`](../hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/annotation/Authorize.java)    |      [ExpressionAnnotationMethodInterceptor](src/main/java/org/hswebframework/web/authorization/shiro/boost/SimpleAuthorizeMethodInterceptor.java)        |
			
 
				-| [`@RequiresExpression`](../hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/annotation/RequiresExpression.java)    | [ExpressionAnnotationMethodInterceptor](src/main/java/org/hswebframework/web/authorization/shiro/boost/ExpressionAnnotationMethodInterceptor.java)      | 
			
 
				-| [`@RequiresDataAccess`](../hsweb-authorization-api/src/main/java/org/hswebframework/web/authorization/annotation/RequiresDataAccess.java)    | [DataAccessAnnotationMethodInterceptor](src/main/java/org/hswebframework/web/authorization/shiro/boost/DataAccessAnnotationMethodInterceptor.java)      | 
			
 
				-
			
 
				-## 拓展接口
			
 
				-
			
 
				-### 数据级权限控制器
			
 
				-
			
 
				-控制逻辑简述:
			
 
				-
			
 
				-1. 获取被拦截方法的注解信息,取得当前需要验证的permission,action。如: user,query
			
 
				-2. 根据上一步获取到需要验证的permission和action获取当前登录用户权限信息中配置的控制规则（控制规则可以在前端进行设置）
			
 
				-3. 调用控制器进行验证
			
 
				-
			
 
				-可自己实现DataAccessHandler接口并注入spring以实现自定义的控制方式
			
 
				-
			
 
				-内置的控制方式
			
 
				-
			
 
				-1. [CustomDataAccessHandler](src/main/java/org/hswebframework/web/authorization/shiro/boost/handler/CustomDataAccessHandler.java) 自定义控制器
			
 
				-2. [OwnCreatedDataAccessHandler](src/main/java/org/hswebframework/web/authorization/shiro/boost/handler/OwnCreatedDataAccessHandler.java) 控制只能操作自己创建的数据
			
 
				-3. [ScriptDataAccessHandler](src/main/java/org/hswebframework/web/authorization/shiro/boost/handler/ScriptDataAccessHandler.java) 使用脚本方式控制
			
 
				-4. [FieldScopeDataAccessHandler](src/main/java/org/hswebframework/web/authorization/shiro/boost/handler/FieldScopeDataAccessHandler.java) 控制字段的值范围,如: orgId in (1,2,3,4)
			
 
				-5. [FieldFilterDataAccessHandler](src/main/java/org/hswebframework/web/authorization/shiro/boost/handler/FieldFilterDataAccessHandler.java) 控制字段的操作范围,此控制器替代之前的FieldAccess功能
			
 
				-
			
 
				-
			
 
				-注意: 控制需满足的条件请查看控制器源代码查看注释获取
			
 
				-
			
 
				+shiro实现已被砍,请看[basic实现](../hsweb-authorization-basic)
			
--- a/hsweb-boost/hsweb-boost-aop/src/main/java/org/hswebframework/web/boost/aop/context/MethodInterceptorParamContext.java
+++ b/hsweb-boost/hsweb-boost-aop/src/main/java/org/hswebframework/web/boost/aop/context/MethodInterceptorParamContext.java
@@ -30,7 +30,7 @@ import java.util.Optional;
 
				  * @author zhouhao
			
 
				  * @see 3.0
			
 
				  */
			
 
				-public interface MethodInterceptorParamContext extends Serializable {
			
 
				+public interface MethodInterceptorContext extends Serializable {
			
 
				 
			
 
				     /**
			
 
				      * 获取当前类实例
			
--- a/hsweb-boost/hsweb-boost-aop/src/main/java/org/hswebframework/web/boost/aop/context/MethodInterceptorHolder.java
+++ b/hsweb-boost/hsweb-boost-aop/src/main/java/org/hswebframework/web/boost/aop/context/MethodInterceptorHolder.java
@@ -119,8 +119,8 @@ public class MethodInterceptorHolder {
 
				         return AopUtils.findAnnotation(target.getClass(), method, annClass);
			
 
				     }
			
 
				 
			
 
				-    public MethodInterceptorParamContext createParamContext() {
			
 
				-        return new MethodInterceptorParamContext() {
			
 
				+    public MethodInterceptorContext createParamContext() {
			
 
				+        return new MethodInterceptorContext() {
			
 
				             @Override
			
 
				             public Object getTarget() {
			
 
				                 return target;
			
--- a/hsweb-boost/hsweb-boost-validator/hsweb-boost-validator-api/src/main/java/org/hswebframework/web/boost/validator/DuplicateValidator.java
+++ b/hsweb-boost/hsweb-boost-validator/hsweb-boost-validator-api/src/main/java/org/hswebframework/web/boost/validator/DuplicateValidator.java
@@ -18,7 +18,7 @@
 
				 
			
 
				 package org.hswebframework.web.boost.validator;
			
 
				 
			
 
				-import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
			
 
				+import org.hswebframework.web.boost.aop.context.MethodInterceptorContext;
			
 
				 
			
 
				 /**
			
 
				  * 重复数据验证器,验证数据是否重复
			
@@ -26,7 +26,7 @@ import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
 
				  * @author zhouhao
			
 
				  */
			
 
				 public interface DuplicateValidator {
			
 
				-    Result doValidate(DuplicateValidatorConfig validator, MethodInterceptorParamContext context);
			
 
				+    Result doValidate(DuplicateValidatorConfig validator, MethodInterceptorContext context);
			
 
				 
			
 
				     /**
			
 
				      * 验证结果
			
--- a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/AbstractScopeDataAccessHandler.java
+++ b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/AbstractScopeDataAccessHandler.java
@@ -6,15 +6,10 @@ import org.hswebframework.web.authorization.Permission;
 
				 import org.hswebframework.web.authorization.access.DataAccessConfig;
			
 
				 import org.hswebframework.web.authorization.access.DataAccessHandler;
			
 
				 import org.hswebframework.web.authorization.access.ScopeDataAccessConfig;
			
 
				-import org.hswebframework.web.authorization.annotation.RequiresDataAccess;
			
 
				 import org.hswebframework.web.authorization.define.AuthorizingContext;
			
 
				-import org.hswebframework.web.boost.aop.context.MethodInterceptorHolder;
			
 
				-import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
			
 
				 import org.hswebframework.web.commons.entity.Entity;
			
 
				 import org.hswebframework.web.commons.entity.param.QueryParamEntity;
			
 
				 import org.hswebframework.web.controller.QueryController;
			
 
				-import org.hswebframework.web.entity.organizational.OrganizationalEntity;
			
 
				-import org.hswebframework.web.entity.organizational.authorization.OrgAttachEntity;
			
 
				 import org.hswebframework.web.organizational.authorization.PersonnelAuthorization;
			
 
				 import org.hswebframework.web.organizational.authorization.access.DataAccessType;
			
 
				 import org.hswebframework.web.service.QueryService;
			
--- a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/CustomScopeHandler.java
+++ b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/CustomScopeHandler.java
@@ -3,7 +3,6 @@ package org.hswebframework.web.organizational.authorization.simple.handler;
 
				 import org.hswebframework.web.authorization.access.DataAccessConfig;
			
 
				 import org.hswebframework.web.authorization.access.DataAccessHandler;
			
 
				 import org.hswebframework.web.authorization.define.AuthorizingContext;
			
 
				-import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
			
 
				 import org.hswebframework.web.organizational.authorization.access.DataAccessType;
			
 
				 import org.hswebframework.web.organizational.authorization.simple.SimpleCustomScopeDataAccessConfig;
			
 
				 import org.hswebframework.web.organizational.authorization.simple.SimpleScopeDataAccessConfig;
			
--- a/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/OrgScopeDataAccessHandler.java
+++ b/hsweb-system/hsweb-system-organizational/hsweb-system-organizational-authorization/src/main/java/org/hswebframework/web/organizational/authorization/simple/handler/OrgScopeDataAccessHandler.java
@@ -2,12 +2,8 @@ package org.hswebframework.web.organizational.authorization.simple.handler;
 
				 
			
 
				 import org.hsweb.ezorm.core.param.Term;
			
 
				 import org.hsweb.ezorm.core.param.TermType;
			
 
				-import org.hswebframework.utils.ClassUtils;
			
 
				 import org.hswebframework.web.authorization.define.AuthorizingContext;
			
 
				-import org.hswebframework.web.boost.aop.context.MethodInterceptorHolder;
			
 
				-import org.hswebframework.web.boost.aop.context.MethodInterceptorParamContext;
			
 
				 import org.hswebframework.web.entity.organizational.OrganizationalEntity;
			
 
				-import org.hswebframework.web.entity.organizational.SimpleOrganizationalEntity;
			
 
				 import org.hswebframework.web.entity.organizational.authorization.OrgAttachEntity;
			
 
				 import org.hswebframework.web.organizational.authorization.PersonnelAuthorization;
			
 
				 import org.hswebframework.web.organizational.authorization.access.DataAccessType;