feat: add @PreAuth role annotation support

zzbusiness-common/src/main/java/org/zhongzheng/common/secure/annotation/AuthAspect.java

@@ -0,0 +1,81 @@
+package org.zhongzheng.common.secure.annotation;
+
+//
+// Source code recreated from a .class file by IntelliJ IDEA
+// (powered by FernFlower decompiler)
+//
+
+
+import java.lang.reflect.Method;
+import org.aspectj.lang.ProceedingJoinPoint;
+import org.aspectj.lang.annotation.Around;
+import org.aspectj.lang.annotation.Aspect;
+import org.aspectj.lang.reflect.MethodSignature;
+import org.springframework.stereotype.Component;
+import org.zhongzheng.common.secure.annotation.PreAuth;
+import org.zhongzheng.common.secure.annotation.AuthFun;
+import org.zhongzheng.common.secure.SecureException;
+import org.zhongzheng.common.utils.impl.ResultCode;
+import org.zhongzheng.common.utils.ClassUtil;
+import org.zhongzheng.common.utils.StringUtil;
+import org.springframework.beans.BeansException;
+import org.springframework.context.ApplicationContext;
+import org.springframework.context.ApplicationContextAware;
+import org.springframework.context.expression.BeanFactoryResolver;
+import org.springframework.core.MethodParameter;
+import org.springframework.expression.Expression;
+import org.springframework.expression.ExpressionParser;
+import org.springframework.expression.spel.standard.SpelExpressionParser;
+import org.springframework.expression.spel.support.StandardEvaluationContext;
+
+@Aspect
+@Component
+public class AuthAspect implements ApplicationContextAware {
+    private static final ExpressionParser SPEL_PARSER = new SpelExpressionParser();
+    private ApplicationContext applicationContext;
+
+    public AuthAspect() {
+    }
+
+    @Around("@annotation(org.zhongzheng.common.secure.annotation.PreAuth) || @within(org.zhongzheng.common.secure.annotation.PreAuth)")
+    public Object preAuth(ProceedingJoinPoint point) throws Throwable {
+        System.out.println(" ---------- preAuth around Aspect");
+        if (this.handleAuth(point)) {
+            return point.proceed();
+        } else {
+            throw new SecureException(ResultCode.UN_AUTHORIZED);
+        }
+    }
+
+    private boolean handleAuth(ProceedingJoinPoint point) {
+        MethodSignature ms = (MethodSignature)point.getSignature();
+        Method method = ms.getMethod();
+        PreAuth preAuth = (PreAuth)ClassUtil.getAnnotation(method, PreAuth.class);
+        String condition = preAuth.value();
+        if (StringUtil.isNotBlank(condition)) {
+            Expression expression = SPEL_PARSER.parseExpression(condition);
+            Object[] args = point.getArgs();
+            StandardEvaluationContext context = this.getEvaluationContext(method, args);
+            return (Boolean)expression.getValue(context, Boolean.class);
+        } else {
+            return false;
+        }
+    }
+
+    private StandardEvaluationContext getEvaluationContext(Method method, Object[] args) {
+        StandardEvaluationContext context = new StandardEvaluationContext(new AuthFun());
+        context.setBeanResolver(new BeanFactoryResolver(this.applicationContext));
+
+        for(int i = 0; i < args.length; ++i) {
+            MethodParameter methodParam = ClassUtil.getMethodParameter(method, i);
+            context.setVariable(methodParam.getParameterName(), args[i]);
+        }
+
+        return context;
+    }
+
+    @Override
+    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
+        this.applicationContext = applicationContext;
+    }
+}

zzbusiness-common/src/main/java/org/zhongzheng/common/secure/annotation/AuthFun.java

@@ -0,0 +1,64 @@
+package org.zhongzheng.common.secure.annotation;
+
+//
+// Source code recreated from a .class file by IntelliJ IDEA
+// (powered by FernFlower decompiler)
+//
+
+
+import java.util.Objects;
+import javax.servlet.http.HttpServletRequest;
+import org.zhongzheng.common.secure.SecureUtil;
+import org.zhongzheng.common.secure.ZhongZhengUser;
+import org.zhongzheng.common.utils.CollectionUtil;
+import org.zhongzheng.common.utils.Func;
+import org.zhongzheng.common.utils.StringUtil;
+import org.zhongzheng.common.utils.WebUtil;
+
+public class AuthFun {
+    public AuthFun() {
+    }
+
+    public boolean permitAll() {
+        return true;
+    }
+
+    public boolean denyAll() {
+        return this.hasRole("administrator");
+    }
+
+    public boolean hasRole(String role) {
+        return this.hasAnyRole(role);
+    }
+
+    public boolean hasAnyRole(String... role) {
+        ZhongZhengUser zzuser = SecureUtil.getUser();
+        if(null == zzuser){
+            return false;
+        }
+
+        String userRole = zzuser.getRoleName();
+        if (StringUtil.isBlank(userRole)) {
+            return false;
+        } else {
+            String[] roles = Func.toStrArray(userRole);
+            String[] var4 = role;
+            int var5 = role.length;
+
+            for(int var6 = 0; var6 < var5; ++var6) {
+                String r = var4[var6];
+                if (CollectionUtil.contains(roles, r)) {
+                    return true;
+                }
+            }
+
+            return false;
+        }
+    }
+
+    public boolean hasCrypto() {
+        HttpServletRequest request = WebUtil.getRequest();
+        String auth = ((HttpServletRequest)Objects.requireNonNull(request)).getHeader("blade-auth");
+        return SecureUtil.isCrypto(StringUtil.isNotBlank(auth) ? auth : request.getParameter("blade-auth"));
+    }
+}

zzbusiness-user/src/main/java/org/zhongzheng/user/UserApplication.java

@@ -10,6 +10,7 @@ import org.springframework.cloud.client.loadbalancer.LoadBalanced;
 import org.springframework.cloud.openfeign.EnableFeignClients;
 import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.ComponentScan;
+import org.springframework.context.annotation.EnableAspectJAutoProxy;
 import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RestController;
 import org.springframework.web.client.RestTemplate;
@@ -20,6 +21,7 @@ import org.springframework.web.client.RestTemplate;
 @EnableDiscoveryClient  //开启服务注册发现功能
 @RestController
 @ComponentScan(basePackages = {"org.zhongzheng.common","org.zhongzheng.user"})
+@EnableAspectJAutoProxy(proxyTargetClass = true)
 public class UserApplication {
 
     public static void main(String[] args) {

zzbusiness-user/src/main/java/org/zhongzheng/user/controller/UserController.java

@@ -111,6 +111,7 @@ public class UserController {
 	 * 新增或修改
 	 */
 	@PostMapping("/submit")
+	@PreAuth("hasRole('administrator')")
 	@ApiOperationSupport(order = 4)
 	@ApiOperation(value = "新增或修改", notes = "传入User")
 	public R submit(@Valid @RequestBody User user) {