From 56364722d3ed70d48ec41f567a4e59e5ccbbb868 Mon Sep 17 00:00:00 2001
From: admin <weikou2014>
Date: 星期四, 19 五月 2022 17:45:42 +0800
Subject: [PATCH] 增加权限管理
---
src/main/resources/code/service/app/src/main/java/com/ks/app/config/WebSecurityConfig.java | 115 +++++++++++++++++++++++++++++++++++++++++++++++++++------
1 files changed, 103 insertions(+), 12 deletions(-)
diff --git a/src/main/resources/code/service/app/src/main/java/com/ks/app/config/WebSecurityConfig.java b/src/main/resources/code/service/app/src/main/java/com/ks/app/config/WebSecurityConfig.java
index 8b7b314..08d81b9 100644
--- a/src/main/resources/code/service/app/src/main/java/com/ks/app/config/WebSecurityConfig.java
+++ b/src/main/resources/code/service/app/src/main/java/com/ks/app/config/WebSecurityConfig.java
@@ -3,13 +3,13 @@
import com.google.code.kaptcha.Producer;
import com.google.code.kaptcha.impl.DefaultKaptcha;
import com.google.code.kaptcha.util.Config;
-import com.ks.app.entity.AdminUser;
+import com.ks.app.entity.admin.AdminUser;
import com.ks.app.service.inter.AdminUserService;
import net.sf.json.JSONObject;
-import org.omg.CORBA.SystemException;
import org.slf4j.Logger;
import org.slf4j.LoggerFactory;
import org.springframework.context.annotation.Bean;
+import org.springframework.http.HttpStatus;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.authentication.dao.DaoAuthenticationProvider;
@@ -19,15 +19,19 @@
import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
+import org.springframework.security.core.context.SecurityContext;
import org.springframework.security.core.userdetails.UserDetails;
import org.springframework.security.core.userdetails.UserDetailsService;
import org.springframework.security.core.userdetails.UsernameNotFoundException;
import org.springframework.security.crypto.password.PasswordEncoder;
+import org.springframework.security.web.AuthenticationEntryPoint;
import org.springframework.security.web.authentication.AuthenticationFailureHandler;
import org.springframework.security.web.authentication.AuthenticationSuccessHandler;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.logout.LogoutSuccessHandler;
+import org.springframework.util.AntPathMatcher;
import org.springframework.web.filter.OncePerRequestFilter;
+import org.yeshi.utils.JsonUtil;
import org.yeshi.utils.StringUtil;
import javax.annotation.Resource;
@@ -43,12 +47,18 @@
public class WebSecurityConfig extends WebSecurityConfigurerAdapter {
+ private final static String[] STATIC_RESOURCE_PATHS = new String[]{
+ "/**/*.html", "/**/*.css", "/**/*.js", "/**/*.png", "/**/*.jpg", "/**/*.jpeg", "/**/*.gif", "/**/*.xml", "/**/font/*", "/**/fonts/*"
+ };
+
private Logger logger = LoggerFactory.getLogger(WebSecurityConfig.class);
@Resource
private AdminUserService adminUserService;
private final String LOGIN_PROCESSING_URL = "/admin/api/login";
+
+ private final String LOGIN_PAGE_PATH = "/admin/xrtfgp/login.html";
//鍥惧舰楠岃瘉鐮侀厤缃�
@Bean
@@ -86,9 +96,16 @@
}
- //楠岃瘉鐮佽繃婊ゅ櫒
- class VerificationCodeFilter extends OncePerRequestFilter {
- private AuthenticationFailureHandler authenticationFailureHandler = new AuthenticationFailureHandler() {
+ /**
+ * @author hxh
+ * @description 璇锋眰涔嬪墠鐨勯獙璇佸櫒
+ * @date 16:51 2022/5/19
+ * @return
+ **/
+ class PreRequestVerifyFilter extends OncePerRequestFilter {
+
+ //澶勭悊楠岃瘉鐮佸嚭閿�
+ private AuthenticationFailureHandler verifyCodeFailureHandler = new AuthenticationFailureHandler() {
@Override
public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
httpServletResponse.setContentType("application/json;charset=UTF-8");
@@ -99,20 +116,74 @@
}
};
+ //澶勭悊娌℃湁鏉冮檺
+ private AuthenticationFailureHandler authenticationFailureHandler = new AuthenticationFailureHandler() {
+ @Override
+ public void onAuthenticationFailure(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, AuthenticationException e) throws IOException, ServletException {
+ httpServletResponse.setStatus(HttpStatus.FORBIDDEN.value());
+ }
+ };
+
@Override
protected void doFilterInternal(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, FilterChain filterChain) throws ServletException, IOException {
if (!LOGIN_PROCESSING_URL.equalsIgnoreCase(httpServletRequest.getRequestURI())) {
- filterChain.doFilter(httpServletRequest, httpServletResponse);
+ //闈炵櫥褰曟帴鍙�
+ String url = httpServletRequest.getRequestURI();
+ //涓嶉獙璇侀潤鎬佽祫婧�
+ AntPathMatcher pathMatcher = new AntPathMatcher();
+ for (String resource : STATIC_RESOURCE_PATHS) {
+ if (pathMatcher.match(resource, url)) {
+ filterChain.doFilter(httpServletRequest, httpServletResponse);
+ return;
+ }
+ }
+
+ //灏氭湭鐧诲綍鎺堟潈鐨勫氨涓嶉渶瑕侀獙璇佹潈闄愪簡
+ SecurityContext contextSession = (SecurityContext) httpServletRequest.getSession().getAttribute("SPRING_SECURITY_CONTEXT");
+
+ if (contextSession == null) {
+ filterChain.doFilter(httpServletRequest, httpServletResponse);
+ return;
+ }
+ Authentication authentication = contextSession.getAuthentication();
+ if (authentication == null) {
+ filterChain.doFilter(httpServletRequest, httpServletResponse);
+ return;
+ }
+ AdminUser adminUser = (AdminUser) authentication.getPrincipal();
+ if (adminUser == null) {
+ filterChain.doFilter(httpServletRequest, httpServletResponse);
+ return;
+ }
+
+ //楠岃瘉鏉冮檺
+ for (String path : adminUser.getRules()) {
+ if (pathMatcher.match(path, url)) {
+ //鏈夋潈闄�
+ filterChain.doFilter(httpServletRequest, httpServletResponse);
+ return;
+ }
+ }
+ //鏃犳潈闄�
+ authenticationFailureHandler.onAuthenticationFailure(httpServletRequest, httpServletResponse, null);
} else {
+ //鐧诲綍鎺ュ彛
try {
verificationCode(httpServletRequest);
filterChain.doFilter(httpServletRequest, httpServletResponse);
} catch (VerificationCodeException e) {
- authenticationFailureHandler.onAuthenticationFailure(httpServletRequest, httpServletResponse, e);
+ verifyCodeFailureHandler.onAuthenticationFailure(httpServletRequest, httpServletResponse, e);
}
}
}
+ /**
+ * @return void
+ * @author hxh
+ * @description 楠岃瘉楠岃瘉鐮佹槸鍚︽纭�
+ * @date 16:54 2022/5/19
+ * @param: httpServletRequest
+ **/
private void verificationCode(HttpServletRequest httpServletRequest) throws VerificationCodeException {
String requestCode = httpServletRequest.getParameter("captcha");
HttpSession httpSession = httpServletRequest.getSession();
@@ -121,8 +192,6 @@
if (StringUtil.isNullOrEmpty(captcha) || StringUtil.isNullOrEmpty(requestCode) || !captcha.equalsIgnoreCase(requestCode)) {
throw new VerificationCodeException();
}
-
-
}
}
@@ -136,7 +205,7 @@
.and()
.formLogin()
//鑷畾涔夌櫥褰曠晫闈�
- .loginPage("/login.html")
+ .loginPage(LOGIN_PAGE_PATH)
//澶勭悊鐧诲綍閫昏緫鐨剈rl
.loginProcessingUrl(LOGIN_PROCESSING_URL)
//鐧诲綍鎴愬姛鍚庣殑璺宠浆
@@ -170,12 +239,14 @@
@Override
public void onLogoutSuccess(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse, Authentication authentication) throws IOException, ServletException {
logger.info("onLogoutSuccess");
+ httpServletResponse.getWriter().print(JsonUtil.loadTrueResult(""));
}
})
.and()
.csrf().disable()
- .rememberMe().userDetailsService(new MyUserDetailsService());
- http.addFilterBefore(new VerificationCodeFilter(), UsernamePasswordAuthenticationFilter.class);
+ .rememberMe().userDetailsService(new MyUserDetailsService())
+ .and().exceptionHandling().authenticationEntryPoint(new NotLoginAuthenticationEntryPoint());
+ http.addFilterBefore(new PreRequestVerifyFilter(), UsernamePasswordAuthenticationFilter.class);
}
@Override
@@ -235,4 +306,24 @@
}
}
+
+ /**
+ * @author hxh
+ * @description 鏈櫥褰曠殑浜嬩欢澶勭悊
+ * @date 16:55 2022/5/19
+ * @return
+ **/
+ class NotLoginAuthenticationEntryPoint implements AuthenticationEntryPoint {
+ @Override
+ public void commence(HttpServletRequest request, HttpServletResponse response,
+ AuthenticationException authException) throws IOException, ServletException {
+ String url = request.getRequestURI();
+ if (url.contains("/admin/api/")) {
+ response.setStatus(HttpStatus.UNAUTHORIZED.value());
+ } else {
+ response.sendRedirect(LOGIN_PAGE_PATH);
+ }
+ }
+ }
+
}
--
Gitblit v1.8.0