From bd37012c3e812520c657e95c81c3922e7b723008 Mon Sep 17 00:00:00 2001
From: APLS <html6@msn.com>
Date: Mon, 24 Aug 2020 02:16:44 +0800
Subject: [PATCH] ~

---
 .../SecurityAuthenticationHandler.java        | 10 +++++--
 .../security/UrlAccessDecisionManager.java    |  2 ++
 ...vocationSecurityMetadataSourceService.java | 30 ++++++++++++-------
 ...sernamePasswordAuthenticationProvider.java | 14 ++++-----
 .../e5/controller/admin/AdminController.java  |  1 -
 src/test/java/httptest.java                   |  8 +++++
 6 files changed, 43 insertions(+), 22 deletions(-)
 create mode 100644 src/test/java/httptest.java

diff --git a/src/main/java/io/qyi/e5/config/security/SecurityAuthenticationHandler.java b/src/main/java/io/qyi/e5/config/security/SecurityAuthenticationHandler.java
index f1de06e..7d85067 100644
--- a/src/main/java/io/qyi/e5/config/security/SecurityAuthenticationHandler.java
+++ b/src/main/java/io/qyi/e5/config/security/SecurityAuthenticationHandler.java
@@ -31,18 +31,22 @@ import java.util.Map;
 public class SecurityAuthenticationHandler implements AuthenticationSuccessHandler, AuthenticationFailureHandler , LogoutSuccessHandler  {
     @Autowired
     RedisUtil redisUtil;
+    @Value("${redis.user.token}")
+    String token_;
+
+    private static Gson gson = new Gson();
 
     @Override
     public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
         UsernamePasswordAuthenticationToken at = (UsernamePasswordAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
-        Gson gson = new Gson();
+
         httpServletResponse.setContentType("application/json;charset=utf-8");
         PrintWriter writer = httpServletResponse.getWriter();
         Map<String, Object> token = new HashMap<>();
         token.put("token", at.getToken());
         token.put("username", at.getName());
         token.put("authority", at.getAuthority());
-        token.put("expire", (int) redisUtil.getExpire("token:" + at.getToken()));
+        token.put("expire", redisUtil.getExpire(token_ + at.getToken()));
         writer.write(gson.toJson(ResultUtil.success(token)) );
         writer.flush();
     }
@@ -51,7 +55,7 @@ public class SecurityAuthenticationHandler implements AuthenticationSuccessHandl
     public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
         httpServletResponse.setContentType("application/json;charset=utf-8");
         PrintWriter writer = httpServletResponse.getWriter();
-        writer.write("Failure");
+        writer.write(gson.toJson(ResultUtil.error(-1, "failed!")));
         writer.flush();
     }
 
diff --git a/src/main/java/io/qyi/e5/config/security/UrlAccessDecisionManager.java b/src/main/java/io/qyi/e5/config/security/UrlAccessDecisionManager.java
index 70662df..cda8892 100644
--- a/src/main/java/io/qyi/e5/config/security/UrlAccessDecisionManager.java
+++ b/src/main/java/io/qyi/e5/config/security/UrlAccessDecisionManager.java
@@ -44,6 +44,8 @@ public class UrlAccessDecisionManager implements AccessDecisionManager {
             Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
             for (GrantedAuthority ga : authorities) {
                 if (needPermission.equals(ga.getAuthority())) {
+                    log.info("当前角色: " + ga.getAuthority());
+                    log.info("访问 " + o.toString() + " 已授权!");
                     return;
                 }
             }
diff --git a/src/main/java/io/qyi/e5/config/security/UrlInvocationSecurityMetadataSourceService.java b/src/main/java/io/qyi/e5/config/security/UrlInvocationSecurityMetadataSourceService.java
index 43cfe5e..05fac7c 100644
--- a/src/main/java/io/qyi/e5/config/security/UrlInvocationSecurityMetadataSourceService.java
+++ b/src/main/java/io/qyi/e5/config/security/UrlInvocationSecurityMetadataSourceService.java
@@ -1,6 +1,7 @@
 package io.qyi.e5.config.security;
 
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.SecurityConfig;
 import org.springframework.security.web.FilterInvocation;
@@ -21,6 +22,13 @@ import java.util.*;
 @Service
 public class UrlInvocationSecurityMetadataSourceService implements FilterInvocationSecurityMetadataSource {
 
+    @Value("web.security.admin")
+    private String[] securityAdmin;
+    @Value("web.security.user")
+    private String[] securityUser;
+    @Value("web.security.role_anonymous")
+    private String[] securitAnonymous;
+
     private HashMap<String, Collection<ConfigAttribute>> map =null;
     /**
      * 加载权限表中所有权限
@@ -31,22 +39,22 @@ public class UrlInvocationSecurityMetadataSourceService implements FilterInvocat
         map = new HashMap<>();
         Collection<ConfigAttribute> array;
         ConfigAttribute cfg;
-        Map<String, String> permissions = new HashMap<>();
+        Map<String, String []> permissions = new HashMap<>();
         /*这里只是简单的配置*/
-        permissions.put("/admin/**", "admin");
-        permissions.put("/**", "user");
-        permissions.put("/auth2/**", "ROLE_ANONYMOUS");
-        permissions.put("/error", "ROLE_ANONYMOUS");
+        permissions.put("admin", securityAdmin);
+        permissions.put("user",  securityUser);
+        permissions.put("ROLE_ANONYMOUS", securitAnonymous);
 
-        Iterator<Map.Entry<String, String>> iterator = permissions.entrySet().iterator();
+        Iterator<Map.Entry<String, String[]>> iterator = permissions.entrySet().iterator();
         while (iterator.hasNext()) {
-            Map.Entry<String, String> next = iterator.next();
+            Map.Entry<String, String[]> next = iterator.next();
             String key = next.getKey();
-            String value = next.getValue();
-
+            String[] value = next.getValue();
             array = new ArrayList<>();
-            cfg = new SecurityConfig(value);
-            array.add(cfg);
+            for (int i = 0; i < value.length; i++) {
+                cfg = new SecurityConfig(value[i]);
+                array.add(cfg);
+            }
             map.put(key, array);
         }
 
diff --git a/src/main/java/io/qyi/e5/config/security/UsernamePasswordAuthenticationProvider.java b/src/main/java/io/qyi/e5/config/security/UsernamePasswordAuthenticationProvider.java
index 22e3775..4e23fc3 100644
--- a/src/main/java/io/qyi/e5/config/security/UsernamePasswordAuthenticationProvider.java
+++ b/src/main/java/io/qyi/e5/config/security/UsernamePasswordAuthenticationProvider.java
@@ -67,7 +67,7 @@ public class UsernamePasswordAuthenticationProvider implements AuthenticationPro
             List<String> list = new ArrayList<>();
             list.add("admin");
             list.add("user");
-            String[] l =list.toArray(new String[list.size()]);
+            String[] l = list.toArray(new String[list.size()]);
             String token = EncryptUtil.getInstance().SHA1Hex(UUID.randomUUID().toString());
             UsernamePasswordAuthenticationToken authenticationToken1 = new UsernamePasswordAuthenticationToken("debugName",
                     "DebugAvatar", adminGithubId, token, "admin", AuthorityUtils.createAuthorityList(l));
@@ -114,23 +114,23 @@ public class UsernamePasswordAuthenticationProvider implements AuthenticationPro
 
         String token = EncryptUtil.getInstance().SHA1Hex(UUID.randomUUID().toString());
         /*配置角色,这里只是简单的配置，实际上需要从数据库中读取角色*/
-        List<String> list = new ArrayList<>();
-        list.add("user");
+        List<String> list_Authority = new ArrayList<>();
+        list_Authority.add("user");
         if (adminGithubId == github.getGithubId()) {
-            list.add("admin");
+            list_Authority.add("admin");
         }
-        String[] Authority =list.toArray(new String[list.size()]);
+        String[] Authority = list_Authority.toArray(new String[list_Authority.size()]);
         /*写token信息到redis*/
         userInfo_redis.put("github_name", github.getName());
         userInfo_redis.put("github_id", github.getGithubId());
         userInfo_redis.put("avatar_url", github.getAvatarUrl());
-        userInfo_redis.put("authority", Authority);
+        userInfo_redis.put("authority", list_Authority);
         redisUtil.hmset(token_ + token, userInfo_redis, tokenExpire);
 
 
 //       创建一个已认证的token
         UsernamePasswordAuthenticationToken authenticationToken1 = new UsernamePasswordAuthenticationToken(github.getName(),
-                github.getAvatarUrl(), github.getGithubId() , AuthorityUtils.createAuthorityList(Authority));
+                github.getAvatarUrl(), github.getGithubId(), token, "user", AuthorityUtils.createAuthorityList(Authority));
 
 //      设置一些详细信息
         authenticationToken1.setDetails(authenticationToken);
diff --git a/src/main/java/io/qyi/e5/controller/admin/AdminController.java b/src/main/java/io/qyi/e5/controller/admin/AdminController.java
index 33b5bd9..a3e029d 100644
--- a/src/main/java/io/qyi/e5/controller/admin/AdminController.java
+++ b/src/main/java/io/qyi/e5/controller/admin/AdminController.java
@@ -59,7 +59,6 @@ public class AdminController {
     }
 
     @GetMapping("/test")
-    @PreAuthorize("hasRole('ROLE_ADMIN')")
     public String test() {
         return "ok";
     }
diff --git a/src/test/java/httptest.java b/src/test/java/httptest.java
new file mode 100644
index 0000000..5428bad
--- /dev/null
+++ b/src/test/java/httptest.java
@@ -0,0 +1,8 @@
+/**
+ * @program: e5
+ * @description:
+ * @author: 落叶随风
+ * @create: 2020-08-10 02:10
+ **/
+public class httptest {
+}