~

2025-06-06 01:24:45 +00:00 · 2020-08-24 02:16:44 +08:00 · 2020-08-24 02:16:44 +08:00 · bd37012c3e
commit bd37012c3e
parent b009fb792a
6 changed files with 43 additions and 22 deletions
--- a/src/main/java/io/qyi/e5/config/security/SecurityAuthenticationHandler.java
+++ b/src/main/java/io/qyi/e5/config/security/SecurityAuthenticationHandler.java
@ -31,18 +31,22 @@ import java.util.Map;
 public class SecurityAuthenticationHandler implements AuthenticationSuccessHandler, AuthenticationFailureHandler , LogoutSuccessHandler  {
    @Autowired
    RedisUtil redisUtil;
+    @Value("${redis.user.token}")
+    String token_;
+
+    private static Gson gson = new Gson();

    @Override
    public void onAuthenticationSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
        UsernamePasswordAuthenticationToken at = (UsernamePasswordAuthenticationToken) SecurityContextHolder.getContext().getAuthentication();
-        Gson gson = new Gson();
+
        httpServletResponse.setContentType("application/json;charset=utf-8");
        PrintWriter writer = httpServletResponse.getWriter();
        Map<String, Object> token = new HashMap<>();
        token.put("token", at.getToken());
        token.put("username", at.getName());
        token.put("authority", at.getAuthority());
-        token.put("expire", (int) redisUtil.getExpire("token:" + at.getToken()));
+        token.put("expire", redisUtil.getExpire(token_ + at.getToken()));
        writer.write(gson.toJson(ResultUtil.success(token)) );
        writer.flush();
    }
@ -51,7 +55,7 @@ public class SecurityAuthenticationHandler implements AuthenticationSuccessHandl
    public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
        httpServletResponse.setContentType("application/json;charset=utf-8");
        PrintWriter writer = httpServletResponse.getWriter();
-        writer.write("Failure");
+        writer.write(gson.toJson(ResultUtil.error(-1, "failed!")));
        writer.flush();
    }

--- a/src/main/java/io/qyi/e5/config/security/UrlAccessDecisionManager.java
+++ b/src/main/java/io/qyi/e5/config/security/UrlAccessDecisionManager.java
@ -44,6 +44,8 @@ public class UrlAccessDecisionManager implements AccessDecisionManager {
            Collection<? extends GrantedAuthority> authorities = authentication.getAuthorities();
            for (GrantedAuthority ga : authorities) {
                if (needPermission.equals(ga.getAuthority())) {
+                    log.info("当前角色: " + ga.getAuthority());
+                    log.info("访问 " + o.toString() + " 已授权!");
                    return;
                }
            }
--- a/src/main/java/io/qyi/e5/config/security/UrlInvocationSecurityMetadataSourceService.java
+++ b/src/main/java/io/qyi/e5/config/security/UrlInvocationSecurityMetadataSourceService.java
@ -1,6 +1,7 @@
 package io.qyi.e5.config.security;

 import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Value;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.access.SecurityConfig;
 import org.springframework.security.web.FilterInvocation;
@ -21,6 +22,13 @@ import java.util.*;
@Service
 public class UrlInvocationSecurityMetadataSourceService implements FilterInvocationSecurityMetadataSource {

+    @Value("web.security.admin")
+    private String[] securityAdmin;
+    @Value("web.security.user")
+    private String[] securityUser;
+    @Value("web.security.role_anonymous")
+    private String[] securitAnonymous;
+
    private HashMap<String, Collection<ConfigAttribute>> map =null;
    /**
     * 加载权限表中所有权限
@ -31,22 +39,22 @@ public class UrlInvocationSecurityMetadataSourceService implements FilterInvocat
        map = new HashMap<>();
        Collection<ConfigAttribute> array;
        ConfigAttribute cfg;
-        Map<String, String> permissions = new HashMap<>();
+        Map<String, String []> permissions = new HashMap<>();
        /*这里只是简单的配置*/
-        permissions.put("/admin/**", "admin");
-        permissions.put("/**", "user");
-        permissions.put("/auth2/**", "ROLE_ANONYMOUS");
-        permissions.put("/error", "ROLE_ANONYMOUS");
+        permissions.put("admin", securityAdmin);
+        permissions.put("user",  securityUser);
+        permissions.put("ROLE_ANONYMOUS", securitAnonymous);

-        Iterator<Map.Entry<String, String>> iterator = permissions.entrySet().iterator();
+        Iterator<Map.Entry<String, String[]>> iterator = permissions.entrySet().iterator();
        while (iterator.hasNext()) {
-            Map.Entry<String, String> next = iterator.next();
+            Map.Entry<String, String[]> next = iterator.next();
            String key = next.getKey();
-            String value = next.getValue();
-
+            String[] value = next.getValue();
            array = new ArrayList<>();
-            cfg = new SecurityConfig(value);
+            for (int i = 0; i < value.length; i++) {
+                cfg = new SecurityConfig(value[i]);
                array.add(cfg);
+            }
            map.put(key, array);
        }

--- a/src/main/java/io/qyi/e5/config/security/UsernamePasswordAuthenticationProvider.java
+++ b/src/main/java/io/qyi/e5/config/security/UsernamePasswordAuthenticationProvider.java
@ -114,23 +114,23 @@ public class UsernamePasswordAuthenticationProvider implements AuthenticationPro

        String token = EncryptUtil.getInstance().SHA1Hex(UUID.randomUUID().toString());
        /*配置角色,这里只是简单的配置，实际上需要从数据库中读取角色*/
-        List<String> list = new ArrayList<>();
-        list.add("user");
+        List<String> list_Authority = new ArrayList<>();
+        list_Authority.add("user");
        if (adminGithubId == github.getGithubId()) {
-            list.add("admin");
+            list_Authority.add("admin");
        }
-        String[] Authority =list.toArray(new String[list.size()]);
+        String[] Authority = list_Authority.toArray(new String[list_Authority.size()]);
        /*写token信息到redis*/
        userInfo_redis.put("github_name", github.getName());
        userInfo_redis.put("github_id", github.getGithubId());
        userInfo_redis.put("avatar_url", github.getAvatarUrl());
-        userInfo_redis.put("authority", Authority);
+        userInfo_redis.put("authority", list_Authority);
        redisUtil.hmset(token_ + token, userInfo_redis, tokenExpire);


 //       创建一个已认证的token
        UsernamePasswordAuthenticationToken authenticationToken1 = new UsernamePasswordAuthenticationToken(github.getName(),
-                github.getAvatarUrl(), github.getGithubId() , AuthorityUtils.createAuthorityList(Authority));
+                github.getAvatarUrl(), github.getGithubId(), token, "user", AuthorityUtils.createAuthorityList(Authority));

 //      设置一些详细信息
        authenticationToken1.setDetails(authenticationToken);
--- a/src/main/java/io/qyi/e5/controller/admin/AdminController.java
+++ b/src/main/java/io/qyi/e5/controller/admin/AdminController.java
@ -59,7 +59,6 @@ public class AdminController {
    }

    @GetMapping("/test")
-    @PreAuthorize("hasRole('ROLE_ADMIN')")
    public String test() {
        return "ok";
    }
--- a/src/test/java/httptest.java
+++ b/src/test/java/httptest.java
@ -0,0 +1,8 @@
+/**
+ * @program: e5
+ * @description:
+ * @author: 落叶随风
+ * @create: 2020-08-10 02:10
+ **/
+public class httptest {
+}