mirror of
https://github.com/luoye663/e5.git
synced 2024-12-26 03:38:53 +00:00
增加角色权限
This commit is contained in:
parent
8a5f152315
commit
8b453b16b8
@ -22,12 +22,13 @@ import java.util.Map;
|
|||||||
public class RabbitMQConfig {
|
public class RabbitMQConfig {
|
||||||
@Value("")
|
@Value("")
|
||||||
private String DirectQueueName;
|
private String DirectQueueName;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 处理死信队列的消费队列
|
* 处理死信队列的消费队列
|
||||||
* */
|
*/
|
||||||
@Bean
|
@Bean
|
||||||
public Queue fanoutQueue1() {
|
public Queue fanoutQueue1() {
|
||||||
return new Queue("delay_queue1", true, false, false);
|
return new Queue("delay_queue3", true, false, false);
|
||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -37,13 +38,14 @@ public class RabbitMQConfig {
|
|||||||
* HeadersExchange :通过添加属性key-value匹配
|
* HeadersExchange :通过添加属性key-value匹配
|
||||||
* DirectExchange:按照routingkey分发到指定队列
|
* DirectExchange:按照routingkey分发到指定队列
|
||||||
* TopicExchange:多关键字匹配
|
* TopicExchange:多关键字匹配
|
||||||
|
*
|
||||||
* @return
|
* @return
|
||||||
*/
|
*/
|
||||||
@Bean
|
@Bean
|
||||||
public CustomExchange customExchangeDelay() {
|
public CustomExchange customExchangeDelay() {
|
||||||
Map<String, Object> arg = new HashMap<>();
|
Map<String, Object> arg = new HashMap<>();
|
||||||
arg.put("x-delayed-type", "direct");
|
arg.put("x-delayed-type", "direct");
|
||||||
return new CustomExchange("delay","x-delayed-message",true, false,arg);
|
return new CustomExchange("delay3", "x-delayed-message", true, false, arg);
|
||||||
}
|
}
|
||||||
|
|
||||||
/*@Bean
|
/*@Bean
|
||||||
@ -54,7 +56,7 @@ public class RabbitMQConfig {
|
|||||||
//绑定 将队列和交换机绑定,
|
//绑定 将队列和交换机绑定,
|
||||||
@Bean
|
@Bean
|
||||||
public Binding bindingFanoutQueue1() {
|
public Binding bindingFanoutQueue1() {
|
||||||
return BindingBuilder.bind(fanoutQueue1()).to(customExchangeDelay()).with("delay").noargs();
|
return BindingBuilder.bind(fanoutQueue1()).to(customExchangeDelay()).with("delay3").noargs();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@ -2,6 +2,9 @@ package io.qyi.e5.config.security;
|
|||||||
|
|
||||||
import com.google.gson.Gson;
|
import com.google.gson.Gson;
|
||||||
import io.qyi.e5.util.ResultUtil;
|
import io.qyi.e5.util.ResultUtil;
|
||||||
|
import io.qyi.e5.util.redis.RedisUtil;
|
||||||
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
|
import org.springframework.beans.factory.annotation.Value;
|
||||||
import org.springframework.security.core.Authentication;
|
import org.springframework.security.core.Authentication;
|
||||||
import org.springframework.security.core.AuthenticationException;
|
import org.springframework.security.core.AuthenticationException;
|
||||||
import org.springframework.security.core.context.SecurityContextHolder;
|
import org.springframework.security.core.context.SecurityContextHolder;
|
||||||
@ -25,16 +28,21 @@ import java.util.Map;
|
|||||||
* @create: 2019-12-27 08:57
|
* @create: 2019-12-27 08:57
|
||||||
**/
|
**/
|
||||||
@Component
|
@Component
|
||||||
public class SecurityAuthenticationHandler implements AuthenticationSuccessHandler, AuthenticationFailureHandler , LogoutSuccessHandler {
|
public class SecurityAuthenticationHandler implements AuthenticationSuccessHandler, AuthenticationFailureHandler , LogoutSuccessHandler {
|
||||||
|
@Autowired
|
||||||
|
RedisUtil redisUtil;
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
|
public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
|
||||||
UsernamePasswordAuthenticationToken at = (UsernamePasswordAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
|
UsernamePasswordAuthenticationToken at = (UsernamePasswordAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
|
||||||
Gson gson = new Gson();
|
Gson gson = new Gson();
|
||||||
httpServletResponse.setContentType("application/json;charset=utf-8");
|
httpServletResponse.setContentType("application/json;charset=utf-8");
|
||||||
PrintWriter writer = httpServletResponse.getWriter();
|
PrintWriter writer = httpServletResponse.getWriter();
|
||||||
Map<String, String> token = new HashMap<>();
|
Map<String, Object> token = new HashMap<>();
|
||||||
token.put("token", at.getToken());
|
token.put("token", at.getToken());
|
||||||
token.put("username", at.getName());
|
token.put("username", at.getName());
|
||||||
|
token.put("authority", at.getAuthority());
|
||||||
|
token.put("expire", (int) redisUtil.getExpire("token:" + at.getToken()));
|
||||||
writer.write(gson.toJson(ResultUtil.success(token)) );
|
writer.write(gson.toJson(ResultUtil.success(token)) );
|
||||||
writer.flush();
|
writer.flush();
|
||||||
}
|
}
|
||||||
|
@ -1,14 +1,15 @@
|
|||||||
package io.qyi.e5.config.security;
|
package io.qyi.e5.config.security;
|
||||||
|
|
||||||
import io.qyi.e5.config.security.filter.LinkTokenAuthenticationFilter;
|
import io.qyi.e5.config.security.filter.LinkTokenAuthenticationFilter;
|
||||||
import io.qyi.e5.service.security.SecurityUserService;
|
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
|
import org.springframework.security.config.annotation.ObjectPostProcessor;
|
||||||
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
|
||||||
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
|
||||||
import org.springframework.security.config.http.SessionCreationPolicy;
|
import org.springframework.security.config.http.SessionCreationPolicy;
|
||||||
|
import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
|
||||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -24,64 +25,50 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
|
|||||||
@Autowired
|
@Autowired
|
||||||
SecurityAuthenticationHandler securityAuthenticationHandler;
|
SecurityAuthenticationHandler securityAuthenticationHandler;
|
||||||
|
|
||||||
@Autowired
|
|
||||||
private SecurityUserService securityUserService;
|
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
UsernamePasswordAuthenticationConfig usernamePasswordAuthenticationConfig;
|
UsernamePasswordAuthenticationConfig usernamePasswordAuthenticationConfig;
|
||||||
|
|
||||||
|
@Autowired
|
||||||
|
UrlAccessDecisionManager myAccessDecisionManager;
|
||||||
|
|
||||||
|
@Autowired
|
||||||
|
UrlInvocationSecurityMetadataSourceService myInvocationSecurityMetadataSourceService;
|
||||||
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
protected void configure(AuthenticationManagerBuilder auth) throws Exception {
|
||||||
System.out.println("AuthenticationManagerBuilder auth");
|
System.out.println("AuthenticationManagerBuilder auth");
|
||||||
// auth.userDetailsService(securityUserService).passwordEncoder(new BCryptPasswordEncoder());
|
|
||||||
// auth.inMemoryAuthentication().passwordEncoder(new BCryptPasswordEncoder())
|
|
||||||
// .withUser("user").password(new BCryptPasswordEncoder().encode("123")).roles("user").and()
|
|
||||||
// .withUser("admin").password(new BCryptPasswordEncoder().encode("admin")).roles("USER", "ADMIN");
|
|
||||||
}
|
}
|
||||||
|
|
||||||
// 通过重载该方法,可配置如何通过拦截器保护请求。
|
// 通过重载该方法,可配置如何通过拦截器保护请求。
|
||||||
@Override
|
@Override
|
||||||
protected void configure(HttpSecurity http) throws Exception {
|
protected void configure(HttpSecurity http) throws Exception {
|
||||||
System.out.println("HttpSecurity http");
|
System.out.println("HttpSecurity http");
|
||||||
http.addFilterBefore(new LinkTokenAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
|
|
||||||
http.csrf().disable()
|
|
||||||
.apply(usernamePasswordAuthenticationConfig);
|
|
||||||
/*关闭创建session*/
|
/*关闭创建session*/
|
||||||
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
|
http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
|
||||||
/*formLogin()
|
// http.authorizeRequests().antMatchers("/user/login", "/user/loginFrom", "/auth2/getGithubUrl").permitAll()// 指定相应的请求 不需要验证
|
||||||
.loginPage("/user/login")// 登陆页面
|
// .accessDecisionManager(myAccessDecisionManager)
|
||||||
.loginProcessingUrl("/user/loginFrom")// 登陆表单提交请求
|
http.authorizeRequests().
|
||||||
.and()*/
|
anyRequest().authenticated().withObjectPostProcessor(filterSecurityInterceptorObjectPostProcessor());
|
||||||
http.authorizeRequests().antMatchers("/user/login", "/user/loginFrom", "/auth2/getGithubUrl").permitAll()// 指定相应的请求 不需要验证
|
http.addFilterBefore(new LinkTokenAuthenticationFilter(), UsernamePasswordAuthenticationFilter.class);
|
||||||
// .and()
|
/*自定义*/
|
||||||
// .authorizeRequests().antMatchers("/quartz/**").permitAll()//测试
|
http.csrf().disable().apply(usernamePasswordAuthenticationConfig);
|
||||||
.anyRequest()// 任何请求
|
//自定义过滤器
|
||||||
.authenticated();// 都需要身份认证
|
}
|
||||||
// http.exceptionHandling().accessDeniedHandler();
|
/**
|
||||||
// http.formLogin().loginProcessingUrl("api/getInfo");
|
* 自定义 FilterSecurityInterceptor ObjectPostProcessor 以替换默认配置达到动态权限的目的
|
||||||
|
* @return ObjectPostProcessor
|
||||||
// http.formLogin().usernameParameter("username");
|
*/
|
||||||
// http.formLogin().passwordParameter("password");
|
private ObjectPostProcessor<FilterSecurityInterceptor> filterSecurityInterceptorObjectPostProcessor() {
|
||||||
|
return new ObjectPostProcessor<FilterSecurityInterceptor>() {
|
||||||
|
@Override
|
||||||
|
public <O extends FilterSecurityInterceptor> O postProcess(O object) {
|
||||||
|
object.setAccessDecisionManager(myAccessDecisionManager);
|
||||||
|
object.setSecurityMetadataSource(myInvocationSecurityMetadataSourceService);
|
||||||
|
return object;
|
||||||
|
}
|
||||||
|
};
|
||||||
}
|
}
|
||||||
|
|
||||||
/*@Bean
|
|
||||||
public LinkTokenAuthenticationFilter linkTokenAuthenticationFilter (){
|
|
||||||
return new LinkTokenAuthenticationFilter();
|
|
||||||
}*/
|
|
||||||
|
|
||||||
/*@Bean
|
|
||||||
public AccessDeniedHandler getAccessDeniedHandler() {
|
|
||||||
return new RestAuthenticationAccessDeniedHandler();
|
|
||||||
}*/
|
|
||||||
|
|
||||||
/* @Override
|
|
||||||
public void configure(WebSecurity web) {
|
|
||||||
System.out.println("WebSecurity web");
|
|
||||||
String antPatterns = "/pdfjs-2.1.266/**,/favicon.ico,/css/**,/js/**,/ico/**,/images/**,/jquery-1.12.4/**,/uuid-1.4/**,/layui-2.4.5/**,/jquery-easyui-1.6.11/**,/zTree-3.5.33/**,/select2-4.0.5/**,/greensock-js-1.20.5/**";
|
|
||||||
web.ignoring().antMatchers(antPatterns.split(","));
|
|
||||||
}*/
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -0,0 +1,66 @@
|
|||||||
|
package io.qyi.e5.config.security;
|
||||||
|
|
||||||
|
import lombok.extern.slf4j.Slf4j;
|
||||||
|
import org.springframework.security.access.AccessDecisionManager;
|
||||||
|
import org.springframework.security.access.AccessDeniedException;
|
||||||
|
import org.springframework.security.access.ConfigAttribute;
|
||||||
|
import org.springframework.security.authentication.InsufficientAuthenticationException;
|
||||||
|
import org.springframework.security.core.Authentication;
|
||||||
|
import org.springframework.security.core.GrantedAuthority;
|
||||||
|
import org.springframework.stereotype.Service;
|
||||||
|
|
||||||
|
import java.util.Collection;
|
||||||
|
import java.util.Iterator;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 决策管理器
|
||||||
|
*
|
||||||
|
* @program: e5
|
||||||
|
* @description:
|
||||||
|
* @author: 落叶随风
|
||||||
|
* @create: 2020-06-15 16:11
|
||||||
|
**/
|
||||||
|
@Slf4j
|
||||||
|
@Service
|
||||||
|
public class UrlAccessDecisionManager implements AccessDecisionManager {
|
||||||
|
@Override
|
||||||
|
public void decide(Authentication authentication, Object o, Collection<ConfigAttribute> collection) throws AccessDeniedException, InsufficientAuthenticationException {
|
||||||
|
log.info("进入权限判断!");
|
||||||
|
if (collection == null) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
log.info("object is a URL. {}", o.toString());
|
||||||
|
//所请求的资源拥有的权限(一个资源对多个权限)
|
||||||
|
Iterator<ConfigAttribute> iterator = collection.iterator();
|
||||||
|
while (iterator.hasNext()) {
|
||||||
|
ConfigAttribute configAttribute = iterator.next();
|
||||||
|
//访问所请求资源所需要的权限
|
||||||
|
String needPermission = configAttribute.getAttribute();
|
||||||
|
log.info("访问 " + o.toString() + " 需要的权限是:" + needPermission);
|
||||||
|
if (needPermission == null) {
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
//用户所拥有的权限authentication
|
||||||
|
Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
|
||||||
|
for (GrantedAuthority ga : authorities) {
|
||||||
|
if (needPermission.equals(ga.getAuthority())) {
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
//没有权限
|
||||||
|
throw new AccessDeniedException("无权限!");
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean supports(ConfigAttribute configAttribute) {
|
||||||
|
log.info("进入权限判断! ConfigAttribute configAttribute");
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean supports(Class<?> aClass) {
|
||||||
|
log.info("进入权限判断! Class<?> aClass");
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
}
|
@ -0,0 +1,78 @@
|
|||||||
|
package io.qyi.e5.config.security;
|
||||||
|
|
||||||
|
import lombok.extern.slf4j.Slf4j;
|
||||||
|
import org.springframework.security.access.ConfigAttribute;
|
||||||
|
import org.springframework.security.access.SecurityConfig;
|
||||||
|
import org.springframework.security.web.FilterInvocation;
|
||||||
|
import org.springframework.security.web.access.intercept.FilterInvocationSecurityMetadataSource;
|
||||||
|
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
|
||||||
|
import org.springframework.stereotype.Service;
|
||||||
|
|
||||||
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
import java.util.*;
|
||||||
|
|
||||||
|
/**
|
||||||
|
* @program: e5
|
||||||
|
* @description:
|
||||||
|
* @author: 落叶随风
|
||||||
|
* @create: 2020-06-17 16:25
|
||||||
|
**/
|
||||||
|
@Slf4j
|
||||||
|
@Service
|
||||||
|
public class UrlInvocationSecurityMetadataSourceService implements FilterInvocationSecurityMetadataSource {
|
||||||
|
|
||||||
|
private HashMap<String, Collection<ConfigAttribute>> map =null;
|
||||||
|
/**
|
||||||
|
* 加载权限表中所有权限
|
||||||
|
* 这里有一个坑,如果map返回是null,是不会AccessDecisionManager,默认放行。
|
||||||
|
*/
|
||||||
|
public void loadResourceDefine(){
|
||||||
|
log.info("加载权限表中所有权限");
|
||||||
|
map = new HashMap<>();
|
||||||
|
Collection<ConfigAttribute> array;
|
||||||
|
ConfigAttribute cfg;
|
||||||
|
Map<String, String> permissions = new HashMap<>();
|
||||||
|
permissions.put("/admin/**", "admin");
|
||||||
|
permissions.put("/**", "user");
|
||||||
|
Iterator<Map.Entry<String, String>> iterator = permissions.entrySet().iterator();
|
||||||
|
while (iterator.hasNext()) {
|
||||||
|
Map.Entry<String, String> next = iterator.next();
|
||||||
|
String key = next.getKey();
|
||||||
|
String value = next.getValue();
|
||||||
|
|
||||||
|
array = new ArrayList<>();
|
||||||
|
cfg = new SecurityConfig(value);
|
||||||
|
array.add(cfg);
|
||||||
|
map.put(key, array);
|
||||||
|
}
|
||||||
|
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Collection<ConfigAttribute> getAttributes(Object o) throws IllegalArgumentException {
|
||||||
|
if(map ==null) loadResourceDefine();
|
||||||
|
//object 中包含用户请求的request 信息
|
||||||
|
HttpServletRequest request = ((FilterInvocation) o).getHttpRequest();
|
||||||
|
AntPathRequestMatcher matcher;
|
||||||
|
String resUrl;
|
||||||
|
for(Iterator<String> iter = map.keySet().iterator(); iter.hasNext(); ) {
|
||||||
|
resUrl = iter.next();
|
||||||
|
matcher = new AntPathRequestMatcher(resUrl);
|
||||||
|
if(matcher.matches(request)) {
|
||||||
|
return map.get(resUrl);
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public Collection<ConfigAttribute> getAllConfigAttributes() {
|
||||||
|
return null;
|
||||||
|
}
|
||||||
|
|
||||||
|
@Override
|
||||||
|
public boolean supports(Class<?> aClass) {
|
||||||
|
return FilterInvocation.class.isAssignableFrom(aClass);
|
||||||
|
}
|
||||||
|
}
|
@ -1,12 +1,15 @@
|
|||||||
package io.qyi.e5.config.security;
|
package io.qyi.e5.config.security;
|
||||||
|
|
||||||
|
import io.qyi.e5.config.security.filter.LinkTokenAuthenticationFilter;
|
||||||
import io.qyi.e5.config.security.filter.LoginAuthenticationFilter;
|
import io.qyi.e5.config.security.filter.LoginAuthenticationFilter;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.security.authentication.AuthenticationManager;
|
import org.springframework.security.authentication.AuthenticationManager;
|
||||||
import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
|
import org.springframework.security.config.annotation.SecurityConfigurerAdapter;
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
||||||
|
import org.springframework.security.core.context.SecurityContextHolder;
|
||||||
import org.springframework.security.web.DefaultSecurityFilterChain;
|
import org.springframework.security.web.DefaultSecurityFilterChain;
|
||||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
||||||
import org.springframework.stereotype.Component;
|
import org.springframework.stereotype.Component;
|
||||||
@ -25,10 +28,12 @@ public class UsernamePasswordAuthenticationConfig extends SecurityConfigurerAdap
|
|||||||
@Autowired
|
@Autowired
|
||||||
SecurityAuthenticationHandler securityAuthenticationHandler;
|
SecurityAuthenticationHandler securityAuthenticationHandler;
|
||||||
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
public void configure(HttpSecurity http) throws Exception {
|
public void configure(HttpSecurity http) throws Exception {
|
||||||
LoginAuthenticationFilter authenticationFilter = new LoginAuthenticationFilter();
|
LoginAuthenticationFilter authenticationFilter = new LoginAuthenticationFilter();
|
||||||
|
|
||||||
|
|
||||||
logger.info("自定义用户认证处理逻辑");
|
logger.info("自定义用户认证处理逻辑");
|
||||||
// 自定义用户认证处理逻辑时,需要指定AuthenticationManager,否则无法认证
|
// 自定义用户认证处理逻辑时,需要指定AuthenticationManager,否则无法认证
|
||||||
authenticationFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
|
authenticationFilter.setAuthenticationManager(http.getSharedObject(AuthenticationManager.class));
|
||||||
@ -36,12 +41,11 @@ public class UsernamePasswordAuthenticationConfig extends SecurityConfigurerAdap
|
|||||||
// 指定自定义的认证成功和失败的处理器
|
// 指定自定义的认证成功和失败的处理器
|
||||||
authenticationFilter.setAuthenticationSuccessHandler(securityAuthenticationHandler);
|
authenticationFilter.setAuthenticationSuccessHandler(securityAuthenticationHandler);
|
||||||
authenticationFilter.setAuthenticationFailureHandler(securityAuthenticationHandler);
|
authenticationFilter.setAuthenticationFailureHandler(securityAuthenticationHandler);
|
||||||
|
|
||||||
// 把自定义的用户名密码认证过滤器和处理器添加到UsernamePasswordAuthenticationFilter过滤器之前
|
// 把自定义的用户名密码认证过滤器和处理器添加到UsernamePasswordAuthenticationFilter过滤器之前
|
||||||
http.authenticationProvider(usernamePasswordAuthenticationProvider)
|
http.authenticationProvider(usernamePasswordAuthenticationProvider)
|
||||||
.addFilterBefore(authenticationFilter, UsernamePasswordAuthenticationFilter.class);
|
.addFilterBefore(authenticationFilter, UsernamePasswordAuthenticationFilter.class);
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
@ -18,9 +18,7 @@ import org.springframework.security.core.authority.AuthorityUtils;
|
|||||||
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
||||||
import org.springframework.stereotype.Component;
|
import org.springframework.stereotype.Component;
|
||||||
|
|
||||||
import java.util.HashMap;
|
import java.util.*;
|
||||||
import java.util.Map;
|
|
||||||
import java.util.UUID;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @program: e5
|
* @program: e5
|
||||||
@ -41,11 +39,15 @@ public class UsernamePasswordAuthenticationProvider implements AuthenticationPro
|
|||||||
@Value("${isdebug}")
|
@Value("${isdebug}")
|
||||||
boolean isDebug;
|
boolean isDebug;
|
||||||
|
|
||||||
|
@Value("${user.admin.githubId}")
|
||||||
|
int adminGithubId;
|
||||||
|
|
||||||
|
@Value("${user.token.expire}")
|
||||||
|
private int tokenExpire;
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
RedisUtil redisUtil;
|
RedisUtil redisUtil;
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
IGithubService githubService;
|
IGithubService githubService;
|
||||||
|
|
||||||
@ -59,16 +61,22 @@ public class UsernamePasswordAuthenticationProvider implements AuthenticationPro
|
|||||||
String state = authenticationToken.getState();
|
String state = authenticationToken.getState();
|
||||||
logger.info("Github 认证: code:{} state:{} Token:", code, state);
|
logger.info("Github 认证: code:{} state:{} Token:", code, state);
|
||||||
Map<String, Object> userInfo_redis = new HashMap<>();
|
Map<String, Object> userInfo_redis = new HashMap<>();
|
||||||
|
|
||||||
/*是否调试模式*/
|
/*是否调试模式*/
|
||||||
if (isDebug) {
|
if (isDebug) {
|
||||||
|
List<String> list = new ArrayList<>();
|
||||||
|
list.add("admin");
|
||||||
|
list.add("user");
|
||||||
|
String[] l =list.toArray(new String[list.size()]);
|
||||||
String token = EncryptUtil.getInstance().SHA1Hex(UUID.randomUUID().toString());
|
String token = EncryptUtil.getInstance().SHA1Hex(UUID.randomUUID().toString());
|
||||||
UsernamePasswordAuthenticationToken authenticationToken1 = new UsernamePasswordAuthenticationToken("debugName",
|
UsernamePasswordAuthenticationToken authenticationToken1 = new UsernamePasswordAuthenticationToken("debugName",
|
||||||
"DebugAvatar", 19658189,token, AuthorityUtils.createAuthorityList("user"));
|
"DebugAvatar", adminGithubId, token, "admin", AuthorityUtils.createAuthorityList(l));
|
||||||
authenticationToken1.setDetails(authenticationToken);
|
authenticationToken1.setDetails(authenticationToken);
|
||||||
userInfo_redis.put("github_name", "debug");
|
userInfo_redis.put("github_name", "debug");
|
||||||
userInfo_redis.put("github_id", 19658189);
|
userInfo_redis.put("github_id", adminGithubId);
|
||||||
userInfo_redis.put("avatar_url", "https://www.baidu.com");
|
userInfo_redis.put("avatar_url", "https://www.baidu.com");
|
||||||
redisUtil.hmset(token_ + token, userInfo_redis, 3600);
|
userInfo_redis.put("authority", list);
|
||||||
|
redisUtil.hmset(token_ + token, userInfo_redis, tokenExpire);
|
||||||
return authenticationToken1;
|
return authenticationToken1;
|
||||||
}
|
}
|
||||||
if (!redisUtil.hasKey(states + state)) {
|
if (!redisUtil.hasKey(states + state)) {
|
||||||
@ -105,16 +113,24 @@ public class UsernamePasswordAuthenticationProvider implements AuthenticationPro
|
|||||||
}
|
}
|
||||||
|
|
||||||
String token = EncryptUtil.getInstance().SHA1Hex(UUID.randomUUID().toString());
|
String token = EncryptUtil.getInstance().SHA1Hex(UUID.randomUUID().toString());
|
||||||
|
/*配置角色,这里只是简单的配置,实际上需要从数据库中读取角色*/
|
||||||
|
List<String> list = new ArrayList<>();
|
||||||
|
list.add("user");
|
||||||
|
if (adminGithubId == github.getGithubId()) {
|
||||||
|
list.add("admin");
|
||||||
|
}
|
||||||
|
String[] Authority =list.toArray(new String[list.size()]);
|
||||||
/*写token信息到redis*/
|
/*写token信息到redis*/
|
||||||
userInfo_redis.put("github_name", github.getName());
|
userInfo_redis.put("github_name", github.getName());
|
||||||
userInfo_redis.put("github_id", github.getGithubId());
|
userInfo_redis.put("github_id", github.getGithubId());
|
||||||
userInfo_redis.put("avatar_url", github.getAvatarUrl());
|
userInfo_redis.put("avatar_url", github.getAvatarUrl());
|
||||||
redisUtil.hmset(token_ + token, userInfo_redis, 3600);
|
userInfo_redis.put("authority", Authority);
|
||||||
|
redisUtil.hmset(token_ + token, userInfo_redis, tokenExpire);
|
||||||
|
|
||||||
|
|
||||||
// 创建一个已认证的token
|
// 创建一个已认证的token
|
||||||
UsernamePasswordAuthenticationToken authenticationToken1 = new UsernamePasswordAuthenticationToken(github.getName(),
|
UsernamePasswordAuthenticationToken authenticationToken1 = new UsernamePasswordAuthenticationToken(github.getName(),
|
||||||
github.getAvatarUrl(), github.getGithubId(), token, AuthorityUtils.createAuthorityList("user"));
|
github.getAvatarUrl(), github.getGithubId() , AuthorityUtils.createAuthorityList(Authority));
|
||||||
|
|
||||||
// 设置一些详细信息
|
// 设置一些详细信息
|
||||||
authenticationToken1.setDetails(authenticationToken);
|
authenticationToken1.setDetails(authenticationToken);
|
||||||
|
@ -29,8 +29,11 @@ public class UsernamePasswordAuthenticationToken extends AbstractAuthenticationT
|
|||||||
|
|
||||||
private String Token;
|
private String Token;
|
||||||
|
|
||||||
|
private String Authority;
|
||||||
|
|
||||||
private int github_id;
|
private int github_id;
|
||||||
|
|
||||||
|
|
||||||
// 创建未认证的用户名密码认证对象
|
// 创建未认证的用户名密码认证对象
|
||||||
public UsernamePasswordAuthenticationToken() {
|
public UsernamePasswordAuthenticationToken() {
|
||||||
super(null);
|
super(null);
|
||||||
@ -64,15 +67,17 @@ public class UsernamePasswordAuthenticationToken extends AbstractAuthenticationT
|
|||||||
}
|
}
|
||||||
|
|
||||||
// 创建已认证的用户密码认证对象
|
// 创建已认证的用户密码认证对象
|
||||||
public UsernamePasswordAuthenticationToken(String name, String avatar_url, int github_id, String token, Collection<? extends GrantedAuthority> authorities) {
|
public UsernamePasswordAuthenticationToken(String name, String avatar_url, int github_id, String token, String Authority, Collection<? extends GrantedAuthority> authorities) {
|
||||||
super(authorities);
|
super(authorities);
|
||||||
this.name = name;
|
this.name = name;
|
||||||
this.avatar_url = avatar_url;
|
this.avatar_url = avatar_url;
|
||||||
this.github_id = github_id;
|
this.github_id = github_id;
|
||||||
this.Token = token;
|
this.Token = token;
|
||||||
|
this.Authority = Authority;
|
||||||
super.setAuthenticated(true);
|
super.setAuthenticated(true);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
||||||
public String getToken() {
|
public String getToken() {
|
||||||
return Token;
|
return Token;
|
||||||
}
|
}
|
||||||
@ -132,4 +137,12 @@ public class UsernamePasswordAuthenticationToken extends AbstractAuthenticationT
|
|||||||
public void setGithub_id(int github_id) {
|
public void setGithub_id(int github_id) {
|
||||||
this.github_id = github_id;
|
this.github_id = github_id;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
public String getAuthority() {
|
||||||
|
return Authority;
|
||||||
|
}
|
||||||
|
|
||||||
|
public void setAuthority(String authority) {
|
||||||
|
Authority = authority;
|
||||||
|
}
|
||||||
}
|
}
|
||||||
|
@ -1,16 +1,15 @@
|
|||||||
package io.qyi.e5.config.security.filter;
|
package io.qyi.e5.config.security.filter;
|
||||||
|
|
||||||
import com.google.gson.Gson;
|
|
||||||
import com.google.gson.JsonElement;
|
|
||||||
import com.google.gson.JsonObject;
|
|
||||||
import com.google.gson.JsonParser;
|
|
||||||
import io.qyi.e5.config.security.UsernamePasswordAuthenticationToken;
|
import io.qyi.e5.config.security.UsernamePasswordAuthenticationToken;
|
||||||
import io.qyi.e5.util.SpringUtil;
|
import io.qyi.e5.util.SpringUtil;
|
||||||
import io.qyi.e5.util.redis.RedisUtil;
|
import io.qyi.e5.util.redis.RedisUtil;
|
||||||
|
import lombok.extern.slf4j.Slf4j;
|
||||||
|
import org.springframework.beans.factory.annotation.Autowired;
|
||||||
import org.springframework.http.HttpMethod;
|
import org.springframework.http.HttpMethod;
|
||||||
import org.springframework.http.HttpStatus;
|
import org.springframework.http.HttpStatus;
|
||||||
import org.springframework.security.core.authority.AuthorityUtils;
|
import org.springframework.security.core.authority.AuthorityUtils;
|
||||||
import org.springframework.security.core.context.SecurityContextHolder;
|
import org.springframework.security.core.context.SecurityContextHolder;
|
||||||
|
import org.springframework.stereotype.Component;
|
||||||
import org.springframework.web.filter.OncePerRequestFilter;
|
import org.springframework.web.filter.OncePerRequestFilter;
|
||||||
|
|
||||||
import javax.servlet.FilterChain;
|
import javax.servlet.FilterChain;
|
||||||
@ -18,7 +17,8 @@ import javax.servlet.ServletException;
|
|||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import javax.servlet.http.HttpServletResponse;
|
import javax.servlet.http.HttpServletResponse;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.io.PrintWriter;
|
import java.util.Arrays;
|
||||||
|
import java.util.List;
|
||||||
import java.util.Map;
|
import java.util.Map;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
@ -29,25 +29,27 @@ import java.util.Map;
|
|||||||
* @author: 落叶随风
|
* @author: 落叶随风
|
||||||
* @create: 2020-04-05 00:42
|
* @create: 2020-04-05 00:42
|
||||||
**/
|
**/
|
||||||
|
@Slf4j
|
||||||
public class LinkTokenAuthenticationFilter extends OncePerRequestFilter {
|
public class LinkTokenAuthenticationFilter extends OncePerRequestFilter {
|
||||||
|
|
||||||
|
|
||||||
@Override
|
@Override
|
||||||
protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
|
protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
|
||||||
String token = httpServletRequest.getHeader("token");
|
String token = httpServletRequest.getHeader("token");
|
||||||
if (token != null) {
|
if (token != null) {
|
||||||
RedisUtil redisUtil = SpringUtil.getBean(RedisUtil.class);
|
RedisUtil RedisUtil = SpringUtil.getBean(RedisUtil.class);
|
||||||
if (redisUtil.hasKey("token:" + token)) {
|
if (RedisUtil.hasKey("token:" + token)) {
|
||||||
Map<Object, Object> userInfo = redisUtil.hmget("token:" + token);
|
Map<Object, Object> userInfo = RedisUtil.hmget("token:" + token);
|
||||||
// 将未认证的Authentication转换成自定义的用户认证Token
|
// 将未认证的Authentication转换成自定义的用户认证Token
|
||||||
UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken();
|
List<String> list = (List<String>)userInfo.get("authority");
|
||||||
|
String[] authority = list.toArray(new String[list.size()]);
|
||||||
UsernamePasswordAuthenticationToken authenticationToken1 = new UsernamePasswordAuthenticationToken(userInfo.get("github_name") == null ? "" : userInfo.get("github_name").toString(),
|
UsernamePasswordAuthenticationToken authenticationToken1 = new UsernamePasswordAuthenticationToken(userInfo.get("github_name") == null ? "" : userInfo.get("github_name").toString(),
|
||||||
userInfo.get("avatar_url").toString(), (int) userInfo.get("github_id"), AuthorityUtils.createAuthorityList("user"));
|
userInfo.get("avatar_url").toString(), (int) userInfo.get("github_id"), AuthorityUtils.createAuthorityList(authority));
|
||||||
authenticationToken1.setDetails(authenticationToken);
|
|
||||||
SecurityContextHolder.getContext().setAuthentication(authenticationToken1);
|
SecurityContextHolder.getContext().setAuthentication(authenticationToken1);
|
||||||
System.out.println("完成授权");
|
log.info("完成授权,角色:{}" , Arrays.toString(authority) );
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
System.out.println("--------------Token鉴权---------------");
|
log.info("--------------Token鉴权---------------");
|
||||||
/*设置跨域*/
|
/*设置跨域*/
|
||||||
HttpServletResponse response = httpServletResponse;
|
HttpServletResponse response = httpServletResponse;
|
||||||
response.setHeader("Access-Control-Allow-Origin", "*");
|
response.setHeader("Access-Control-Allow-Origin", "*");
|
||||||
@ -57,18 +59,11 @@ public class LinkTokenAuthenticationFilter extends OncePerRequestFilter {
|
|||||||
response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, token");
|
response.setHeader("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept, token");
|
||||||
/*如果是OPTIONS则结束请求*/
|
/*如果是OPTIONS则结束请求*/
|
||||||
if (HttpMethod.OPTIONS.toString().equals(httpServletRequest.getMethod())) {
|
if (HttpMethod.OPTIONS.toString().equals(httpServletRequest.getMethod())) {
|
||||||
|
log.debug("OPTIONS请求");
|
||||||
response.setStatus(HttpStatus.NO_CONTENT.value());
|
response.setStatus(HttpStatus.NO_CONTENT.value());
|
||||||
} else {
|
} else {
|
||||||
filterChain.doFilter(httpServletRequest, response);
|
filterChain.doFilter(httpServletRequest, response);
|
||||||
}
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
||||||
public void sendJson(HttpServletResponse httpServletResponse, Object o) throws IOException {
|
|
||||||
Gson gson = new Gson();
|
|
||||||
String s = gson.toJson(o);
|
|
||||||
PrintWriter writer = httpServletResponse.getWriter();
|
|
||||||
writer.write(s);
|
|
||||||
writer.flush();
|
|
||||||
}
|
|
||||||
}
|
}
|
||||||
|
@ -1,13 +1,9 @@
|
|||||||
package io.qyi.e5.service.rabbitMQ.impl;
|
package io.qyi.e5.service.rabbitMQ.impl;
|
||||||
|
|
||||||
import com.alibaba.fastjson.JSON;
|
|
||||||
import com.alibaba.fastjson.JSONObject;
|
|
||||||
import com.baomidou.mybatisplus.core.conditions.query.QueryWrapper;
|
|
||||||
import com.google.gson.Gson;
|
|
||||||
import com.rabbitmq.client.Channel;
|
import com.rabbitmq.client.Channel;
|
||||||
import io.qyi.e5.outlook.entity.Outlook;
|
|
||||||
import io.qyi.e5.outlook.service.IOutlookService;
|
import io.qyi.e5.outlook.service.IOutlookService;
|
||||||
import io.qyi.e5.service.task.ITask;
|
import io.qyi.e5.service.task.ITask;
|
||||||
|
import lombok.extern.slf4j.Slf4j;
|
||||||
import org.slf4j.Logger;
|
import org.slf4j.Logger;
|
||||||
import org.slf4j.LoggerFactory;
|
import org.slf4j.LoggerFactory;
|
||||||
import org.springframework.amqp.core.Message;
|
import org.springframework.amqp.core.Message;
|
||||||
@ -17,7 +13,6 @@ import org.springframework.beans.factory.annotation.Autowired;
|
|||||||
import org.springframework.stereotype.Service;
|
import org.springframework.stereotype.Service;
|
||||||
|
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
import java.lang.reflect.Type;
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* @program: msgpush
|
* @program: msgpush
|
||||||
@ -25,9 +20,9 @@ import java.lang.reflect.Type;
|
|||||||
* @author: 落叶随风
|
* @author: 落叶随风
|
||||||
* @create: 2020-01-13 23:35
|
* @create: 2020-01-13 23:35
|
||||||
**/
|
**/
|
||||||
|
@Slf4j
|
||||||
@Service
|
@Service
|
||||||
public class ListenerImpl {
|
public class ListenerImpl {
|
||||||
private final Logger logger = LoggerFactory.getLogger(this.getClass());
|
|
||||||
|
|
||||||
@Autowired
|
@Autowired
|
||||||
IOutlookService outlookService;
|
IOutlookService outlookService;
|
||||||
@ -35,14 +30,17 @@ public class ListenerImpl {
|
|||||||
ITask Task;
|
ITask Task;
|
||||||
|
|
||||||
@RabbitHandler
|
@RabbitHandler
|
||||||
@RabbitListener(queues = "delay_queue1", containerFactory = "rabbitListenerContainerFactory")
|
@RabbitListener(queues = "delay_queue3", containerFactory = "rabbitListenerContainerFactory")
|
||||||
public void listen(Message message, Channel channel) throws IOException {
|
public void listen(Message message, Channel channel) throws IOException {
|
||||||
logger.info("消费者1开始处理消息: {},时间戳:{}" ,message,System.currentTimeMillis());
|
log.info("消费者1开始处理消息: {},时间戳:{}" ,message,System.currentTimeMillis());
|
||||||
System.out.println("消费者1开始处理消息:"+System.currentTimeMillis());
|
System.out.println("消费者1开始处理消息:"+System.currentTimeMillis());
|
||||||
int github_id = Integer.valueOf(new String(message.getBody()));
|
int github_id = Integer.valueOf(new String(message.getBody()));
|
||||||
Task.executeE5(github_id);
|
boolean b = Task.executeE5(github_id);
|
||||||
|
|
||||||
channel.basicAck(message.getMessageProperties().getDeliveryTag(), true);
|
channel.basicAck(message.getMessageProperties().getDeliveryTag(), true);
|
||||||
/*再次进行添加任务*/
|
/*再次进行添加任务*/
|
||||||
Task.sendTaskOutlookMQ(github_id);
|
if (b) {
|
||||||
|
Task.sendTaskOutlookMQ(github_id);
|
||||||
|
}
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
@ -1,39 +0,0 @@
|
|||||||
package io.qyi.e5.service.security;
|
|
||||||
|
|
||||||
import io.qyi.e5.user.mapper.UserMapper;
|
|
||||||
import org.slf4j.Logger;
|
|
||||||
import org.slf4j.LoggerFactory;
|
|
||||||
import org.springframework.beans.factory.annotation.Autowired;
|
|
||||||
import org.springframework.security.core.authority.AuthorityUtils;
|
|
||||||
import org.springframework.security.core.userdetails.User;
|
|
||||||
import org.springframework.security.core.userdetails.UserDetails;
|
|
||||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
|
||||||
import org.springframework.security.core.userdetails.UsernameNotFoundException;
|
|
||||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
|
||||||
import org.springframework.security.crypto.factory.PasswordEncoderFactories;
|
|
||||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
|
||||||
import org.springframework.stereotype.Component;
|
|
||||||
import org.springframework.stereotype.Service;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* @program: e5
|
|
||||||
* @description:
|
|
||||||
* @author: 落叶随风
|
|
||||||
* @create: 2020-02-26 21:38
|
|
||||||
**/
|
|
||||||
@Component
|
|
||||||
public class SecurityUserService implements UserDetailsService {
|
|
||||||
private final Logger logger = LoggerFactory.getLogger(this.getClass());
|
|
||||||
@Autowired
|
|
||||||
private UserMapper userMapper;
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public UserDetails loadUserByUsername(String s) throws UsernameNotFoundException {
|
|
||||||
BCryptPasswordEncoder bCryptPasswordEncoder = new BCryptPasswordEncoder();
|
|
||||||
String encode = bCryptPasswordEncoder.encode("123");
|
|
||||||
String encodePasswd = encode;
|
|
||||||
logger.info("登录用户名: {} , 密码:{}",s,encodePasswd);
|
|
||||||
UserDetails userDetails = new User(s, encode, AuthorityUtils.createAuthorityList("admin"));
|
|
||||||
return userDetails;
|
|
||||||
}
|
|
||||||
}
|
|
Loading…
Reference in New Issue
Block a user