当前位置 : 主页 > 网络编程 > ASP >

记一次OAuth碰到的问题

来源:互联网 收集:自由互联 发布时间:2021-06-24
@Order@Component public class PcPermissionAuthorizeConfigProvider implements AuthorizeConfigProvider { /** * Config boolean. * * @param config the config * * @return the boolean */ @Override public boolean config(ExpressionUrlAuthorizationC
@Order
@Component
public class PcPermissionAuthorizeConfigProvider implements AuthorizeConfigProvider {

    /**
     * Config boolean.
     *
     * @param config the config
     *
     * @return the boolean
     */
    @Override
    public boolean config(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry config) {
        config.anyRequest().access("@permissionService.hasPermission(authentication,request)");
        return true;
    }

}
@Slf4j
@Component("permissionService")
public class MucPermissionServiceImpl implements MucPermissionService {
    private AntPathMatcher antPathMatcher = new AntPathMatcher();
    private static final String OAUTH2_CLIENT_PREFIX = "rockysaas-client-";

    @Resource
    private ClientDetailsService clientDetailsService;

    @Override
    public boolean hasPermission(Authentication authentication, HttpServletRequest request) {
        String currentLoginName = SecurityUtils.getCurrentLoginName();
        Set<String> currentAuthorityUrl = SecurityUtils.getCurrentAuthorityUrl();
        String requestURI = request.getRequestURI();
        log.info("验证权限loginName={}, requestURI={}, hasAuthorityUrl={}", currentLoginName, requestURI, Joiner.on(GlobalConstant.Symbol.COMMA).join(currentAuthorityUrl));
        // 超级管理员 全部都可以访问
        if (StringUtils.equals(currentLoginName, GlobalConstant.Sys.SUPER_MANAGER_LOGIN_NAME)) {
            return true;
        }

        // DEMO项目Feign客户端具有所有权限, 如果需要则在角色权限中控制
        if (currentLoginName.contains(OAUTH2_CLIENT_PREFIX)) {
            ClientDetails clientDetails = clientDetailsService.loadClientByClientId(currentLoginName);
            return clientDetails != null;
        }

        for (final String authority : currentAuthorityUrl) {
            // DEMO项目放过查询权限
            if (requestURI.contains("query") || requestURI.contains("get") || requestURI.contains("check") || requestURI.contains("select")) {
                return true;
            }
            if (antPathMatcher.match(authority, requestURI)) {
                return true;
            }
        }
        return false;
    }
@Component
public class PcAuthorizeConfigManager implements AuthorizeConfigManager {

    private final List<AuthorizeConfigProvider> authorizeConfigProviders;

    /**
     * Instantiates a new Pc authorize config manager.
     *
     * @param authorizeConfigProviders the authorize config providers
     */
    @Autowired
    public PcAuthorizeConfigManager(List<AuthorizeConfigProvider> authorizeConfigProviders) {
        this.authorizeConfigProviders = authorizeConfigProviders;
    }

    /**
     * Config.
     *
     * @param config the config
     */
    @Override
    public void config(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry config) {
        for (AuthorizeConfigProvider authorizeConfigProvider : authorizeConfigProviders) {
            authorizeConfigProvider.config(config);
        }
        config.anyRequest().authenticated();
    }

}

请求过来时 permissionService.hasPermission进不去了,原来是PcAuthorizeConfigManager被改坏了,红色部分表示所有url都可以被认证用户访问,代码复原后ok

@Component
public class PcAuthorizeConfigManager implements AuthorizeConfigManager {

    private final List<AuthorizeConfigProvider> authorizeConfigProviders;

    /**
     * Instantiates a new Pc authorize config manager.
     *
     * @param authorizeConfigProviders the authorize config providers
     */
    @Autowired
    public PcAuthorizeConfigManager(List<AuthorizeConfigProvider> authorizeConfigProviders) {
        this.authorizeConfigProviders = authorizeConfigProviders;
    }

    /**
     * Config.
     *
     * @param config the config
     */
    @Override
    public void config(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry config) {
        boolean existAnyRequestConfig = false;
        String existAnyRequestConfigName = null;

        for (AuthorizeConfigProvider authorizeConfigProvider : authorizeConfigProviders) {
            boolean currentIsAnyRequestConfig = authorizeConfigProvider.config(config);
            if (existAnyRequestConfig && currentIsAnyRequestConfig) {
                throw new RuntimeException("重复的anyRequest配置:" + existAnyRequestConfigName + ","
                        + authorizeConfigProvider.getClass().getSimpleName());
            } else if (currentIsAnyRequestConfig) {
                existAnyRequestConfig = true;
                existAnyRequestConfigName = authorizeConfigProvider.getClass().getSimpleName();
            }
        }

        if (!existAnyRequestConfig) { config.anyRequest().authenticated(); }
    }

}
网友评论