From 56364722d3ed70d48ec41f567a4e59e5ccbbb868 Mon Sep 17 00:00:00 2001
From: admin <weikou2014>
Date: 星期四, 19 五月 2022 17:45:42 +0800
Subject: [PATCH] 增加权限管理
---
src/main/resources/code/service/app/src/main/java/com/ks/app/config/WebSecurityConfig.java | 100 ++++++++++++++++++++++++++++++++++++++++++--------
1 files changed, 84 insertions(+), 16 deletions(-)
diff --git a/src/main/resources/code/service/app/src/main/java/com/ks/app/config/WebSecurityConfig.java b/src/main/resources/code/service/app/src/main/java/com/ks/app/config/WebSecurityConfig.java
index 1109b27..08d81b9 100644
--- a/src/main/resources/code/service/app/src/main/java/com/ks/app/config/WebSecurityConfig.java
+++ b/src/main/resources/code/service/app/src/main/java/com/ks/app/config/WebSecurityConfig.java
@@ -3,10 +3,9 @@
import com.google.code.kaptcha.Producer;
import com.google.code.kaptcha.impl.DefaultKaptcha;
import com.google.code.kaptcha.util.Config;
-import com.ks.app.entity.AdminUser;
+import com.ks.app.entity.admin.AdminUser;
import com.ks.app.service.inter.AdminUserService;
import net.sf.json.JSONObject;
-import org.omg.CORBA.SystemException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Bean;
@@ -20,6 +19,7 @@
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
@@ -29,6 +29,7 @@
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
+import org.springframework.util.AntPathMatcher;
import org.springframework.web.filter.OncePerRequestFilter;
import org.yeshi.utils.JsonUtil;
import org.yeshi.utils.StringUtil;
@@ -46,6 +47,10 @@
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+ private final static String[] STATIC_RESOURCE_PATHS = new String[]{
+ "/**/*.html", "/**/*.css", "/**/*.js", "/**/*.png", "/**/*.jpg", "/**/*.jpeg", "/**/*.gif", "/**/*.xml", "/**/font/*", "/**/fonts/*"
+ };
+
private Logger logger = LoggerFactory.getLogger(WebSecurityConfig.class);
@Resource
@@ -53,7 +58,7 @@
private final String LOGIN_PROCESSING_URL = "/admin/api/login";
- private final String LOGIN_PAGE_PATH="/7aed59d33d777100/login.html";
+ private final String LOGIN_PAGE_PATH = "/admin/xrtfgp/login.html";
//鍥惧舰楠岃瘉鐮侀厤缃�
@Bean
@@ -91,9 +96,16 @@
}
- //楠岃瘉鐮佽繃婊ゅ櫒
- class VerificationCodeFilter extends OncePerRequestFilter {
- private AuthenticationFailureHandler authenticationFailureHandler = new AuthenticationFailureHandler() {
+ /**
+ * @author hxh
+ * @description 璇锋眰涔嬪墠鐨勯獙璇佸櫒
+ * @date 16:51 2022/5/19
+ * @return
+ **/
+ class PreRequestVerifyFilter extends OncePerRequestFilter {
+
+ //澶勭悊楠岃瘉鐮佸嚭閿�
+ private AuthenticationFailureHandler verifyCodeFailureHandler = new AuthenticationFailureHandler() {
@Override
public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
httpServletResponse.setContentType("application/json;charset=UTF-8");
@@ -104,20 +116,74 @@
}
};
+ //澶勭悊娌℃湁鏉冮檺
+ private AuthenticationFailureHandler authenticationFailureHandler = new AuthenticationFailureHandler() {
+ @Override
+ public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
+ httpServletResponse.setStatus(HttpStatus.FORBIDDEN.value());
+ }
+ };
+
@Override
protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
if (!LOGIN_PROCESSING_URL.equalsIgnoreCase(httpServletRequest.getRequestURI())) {
- filterChain.doFilter(httpServletRequest, httpServletResponse);
+ //闈炵櫥褰曟帴鍙�
+ String url = httpServletRequest.getRequestURI();
+ //涓嶉獙璇侀潤鎬佽祫婧�
+ AntPathMatcher pathMatcher = new AntPathMatcher();
+ for (String resource : STATIC_RESOURCE_PATHS) {
+ if (pathMatcher.match(resource, url)) {
+ filterChain.doFilter(httpServletRequest, httpServletResponse);
+ return;
+ }
+ }
+
+ //灏氭湭鐧诲綍鎺堟潈鐨勫氨涓嶉渶瑕侀獙璇佹潈闄愪簡
+ SecurityContext contextSession = (SecurityContext) httpServletRequest.getSession().getAttribute("SPRING_SECURITY_CONTEXT");
+
+ if (contextSession == null) {
+ filterChain.doFilter(httpServletRequest, httpServletResponse);
+ return;
+ }
+ Authentication authentication = contextSession.getAuthentication();
+ if (authentication == null) {
+ filterChain.doFilter(httpServletRequest, httpServletResponse);
+ return;
+ }
+ AdminUser adminUser = (AdminUser) authentication.getPrincipal();
+ if (adminUser == null) {
+ filterChain.doFilter(httpServletRequest, httpServletResponse);
+ return;
+ }
+
+ //楠岃瘉鏉冮檺
+ for (String path : adminUser.getRules()) {
+ if (pathMatcher.match(path, url)) {
+ //鏈夋潈闄�
+ filterChain.doFilter(httpServletRequest, httpServletResponse);
+ return;
+ }
+ }
+ //鏃犳潈闄�
+ authenticationFailureHandler.onAuthenticationFailure(httpServletRequest, httpServletResponse, null);
} else {
+ //鐧诲綍鎺ュ彛
try {
verificationCode(httpServletRequest);
filterChain.doFilter(httpServletRequest, httpServletResponse);
} catch (VerificationCodeException e) {
- authenticationFailureHandler.onAuthenticationFailure(httpServletRequest, httpServletResponse, e);
+ verifyCodeFailureHandler.onAuthenticationFailure(httpServletRequest, httpServletResponse, e);
}
}
}
+ /**
+ * @return void
+ * @author hxh
+ * @description 楠岃瘉楠岃瘉鐮佹槸鍚︽纭�
+ * @date 16:54 2022/5/19
+ * @param: httpServletRequest
+ **/
private void verificationCode(HttpServletRequest httpServletRequest) throws VerificationCodeException {
String requestCode = httpServletRequest.getParameter("captcha");
HttpSession httpSession = httpServletRequest.getSession();
@@ -126,8 +192,6 @@
if (StringUtil.isNullOrEmpty(captcha) || StringUtil.isNullOrEmpty(requestCode) || !captcha.equalsIgnoreCase(requestCode)) {
throw new VerificationCodeException();
}
-
-
}
}
@@ -181,8 +245,8 @@
.and()
.csrf().disable()
.rememberMe().userDetailsService(new MyUserDetailsService())
- .and().exceptionHandling().authenticationEntryPoint(new CustomAuthenticationEntryPoint());
- http.addFilterBefore(new VerificationCodeFilter(), UsernamePasswordAuthenticationFilter.class);
+ .and().exceptionHandling().authenticationEntryPoint(new NotLoginAuthenticationEntryPoint());
+ http.addFilterBefore(new PreRequestVerifyFilter(), UsernamePasswordAuthenticationFilter.class);
}
@Override
@@ -243,12 +307,17 @@
}
- //鑷畾涔夋湭鎺堟潈杩斿洖
- class CustomAuthenticationEntryPoint implements AuthenticationEntryPoint {
+ /**
+ * @author hxh
+ * @description 鏈櫥褰曠殑浜嬩欢澶勭悊
+ * @date 16:55 2022/5/19
+ * @return
+ **/
+ class NotLoginAuthenticationEntryPoint implements AuthenticationEntryPoint {
@Override
public void commence(HttpServletRequest request, HttpServletResponse response,
AuthenticationException authException) throws IOException, ServletException {
- String url = request.getRequestURI().toString();
+ String url = request.getRequestURI();
if (url.contains("/admin/api/")) {
response.setStatus(HttpStatus.UNAUTHORIZED.value());
} else {
@@ -256,6 +325,5 @@
}
}
}
-
}
--
Gitblit v1.8.0