탐색 도움말
가입하기 로그인
zhongzheng-edu
/
ZZ-Business
3
0
포크 0
파일 이슈 0 풀 리퀘스트 0 위키
소스 검색

feat: add @PreAuth role annotation support

zj 2 년 전
부모
5b11206228
커밋
ac957b213d
4개의 변경된 파일148개의 추가작업 그리고 0개의 파일을 삭제
통합 보기 변경상태 보기
  1. 81 0
      zzbusiness-common/src/main/java/org/zhongzheng/common/secure/annotation/AuthAspect.java
  2. 64 0
      zzbusiness-common/src/main/java/org/zhongzheng/common/secure/annotation/AuthFun.java
  3. 2 0
      zzbusiness-user/src/main/java/org/zhongzheng/user/UserApplication.java
  4. 1 0
      zzbusiness-user/src/main/java/org/zhongzheng/user/controller/UserController.java

+ 81 - 0
zzbusiness-common/src/main/java/org/zhongzheng/common/secure/annotation/AuthAspect.java
파일 보기 

@@ -0,0 +1,81 @@
 
+package org.zhongzheng.common.secure.annotation;
 
+
 
+//
 
+// Source code recreated from a .class file by IntelliJ IDEA
 
+// (powered by FernFlower decompiler)
 
+//
 
+
 
+
 
+import java.lang.reflect.Method;
 
+import org.aspectj.lang.ProceedingJoinPoint;
 
+import org.aspectj.lang.annotation.Around;
 
+import org.aspectj.lang.annotation.Aspect;
 
+import org.aspectj.lang.reflect.MethodSignature;
 
+import org.springframework.stereotype.Component;
 
+import org.zhongzheng.common.secure.annotation.PreAuth;
 
+import org.zhongzheng.common.secure.annotation.AuthFun;
 
+import org.zhongzheng.common.secure.SecureException;
 
+import org.zhongzheng.common.utils.impl.ResultCode;
 
+import org.zhongzheng.common.utils.ClassUtil;
 
+import org.zhongzheng.common.utils.StringUtil;
 
+import org.springframework.beans.BeansException;
 
+import org.springframework.context.ApplicationContext;
 
+import org.springframework.context.ApplicationContextAware;
 
+import org.springframework.context.expression.BeanFactoryResolver;
 
+import org.springframework.core.MethodParameter;
 
+import org.springframework.expression.Expression;
 
+import org.springframework.expression.ExpressionParser;
 
+import org.springframework.expression.spel.standard.SpelExpressionParser;
 
+import org.springframework.expression.spel.support.StandardEvaluationContext;
 
+
 
+@Aspect
 
+@Component
 
+public class AuthAspect implements ApplicationContextAware {
 
+    private static final ExpressionParser SPEL_PARSER = new SpelExpressionParser();
 
+    private ApplicationContext applicationContext;
 
+
 
+    public AuthAspect() {
 
+    }
 
+
 
+    @Around("@annotation(org.zhongzheng.common.secure.annotation.PreAuth) || @within(org.zhongzheng.common.secure.annotation.PreAuth)")
 
+    public Object preAuth(ProceedingJoinPoint point) throws Throwable {
 
+        System.out.println(" ---------- preAuth around Aspect");
 
+        if (this.handleAuth(point)) {
 
+            return point.proceed();
 
+        } else {
 
+            throw new SecureException(ResultCode.UN_AUTHORIZED);
 
+        }
 
+    }
 
+
 
+    private boolean handleAuth(ProceedingJoinPoint point) {
 
+        MethodSignature ms = (MethodSignature)point.getSignature();
 
+        Method method = ms.getMethod();
 
+        PreAuth preAuth = (PreAuth)ClassUtil.getAnnotation(method, PreAuth.class);
 
+        String condition = preAuth.value();
 
+        if (StringUtil.isNotBlank(condition)) {
 
+            Expression expression = SPEL_PARSER.parseExpression(condition);
 
+            Object[] args = point.getArgs();
 
+            StandardEvaluationContext context = this.getEvaluationContext(method, args);
 
+            return (Boolean)expression.getValue(context, Boolean.class);
 
+        } else {
 
+            return false;
 
+        }
 
+    }
 
+
 
+    private StandardEvaluationContext getEvaluationContext(Method method, Object[] args) {
 
+        StandardEvaluationContext context = new StandardEvaluationContext(new AuthFun());
 
+        context.setBeanResolver(new BeanFactoryResolver(this.applicationContext));
 
+
 
+        for(int i = 0; i < args.length; ++i) {
 
+            MethodParameter methodParam = ClassUtil.getMethodParameter(method, i);
 
+            context.setVariable(methodParam.getParameterName(), args[i]);
 
+        }
 
+
 
+        return context;
 
+    }
 
+
 
+    @Override
 
+    public void setApplicationContext(ApplicationContext applicationContext) throws BeansException {
 
+        this.applicationContext = applicationContext;
 
+    }
 
+}

+ 64 - 0
zzbusiness-common/src/main/java/org/zhongzheng/common/secure/annotation/AuthFun.java
파일 보기 

@@ -0,0 +1,64 @@
 
+package org.zhongzheng.common.secure.annotation;
 
+
 
+//
 
+// Source code recreated from a .class file by IntelliJ IDEA
 
+// (powered by FernFlower decompiler)
 
+//
 
+
 
+
 
+import java.util.Objects;
 
+import javax.servlet.http.HttpServletRequest;
 
+import org.zhongzheng.common.secure.SecureUtil;
 
+import org.zhongzheng.common.secure.ZhongZhengUser;
 
+import org.zhongzheng.common.utils.CollectionUtil;
 
+import org.zhongzheng.common.utils.Func;
 
+import org.zhongzheng.common.utils.StringUtil;
 
+import org.zhongzheng.common.utils.WebUtil;
 
+
 
+public class AuthFun {
 
+    public AuthFun() {
 
+    }
 
+
 
+    public boolean permitAll() {
 
+        return true;
 
+    }
 
+
 
+    public boolean denyAll() {
 
+        return this.hasRole("administrator");
 
+    }
 
+
 
+    public boolean hasRole(String role) {
 
+        return this.hasAnyRole(role);
 
+    }
 
+
 
+    public boolean hasAnyRole(String... role) {
 
+        ZhongZhengUser zzuser = SecureUtil.getUser();
 
+        if(null == zzuser){
 
+            return false;
 
+        }
 
+
 
+        String userRole = zzuser.getRoleName();
 
+        if (StringUtil.isBlank(userRole)) {
 
+            return false;
 
+        } else {
 
+            String[] roles = Func.toStrArray(userRole);
 
+            String[] var4 = role;
 
+            int var5 = role.length;
 
+
 
+            for(int var6 = 0; var6 < var5; ++var6) {
 
+                String r = var4[var6];
 
+                if (CollectionUtil.contains(roles, r)) {
 
+                    return true;
 
+                }
 
+            }
 
+
 
+            return false;
 
+        }
 
+    }
 
+
 
+    public boolean hasCrypto() {
 
+        HttpServletRequest request = WebUtil.getRequest();
 
+        String auth = ((HttpServletRequest)Objects.requireNonNull(request)).getHeader("blade-auth");
 
+        return SecureUtil.isCrypto(StringUtil.isNotBlank(auth) ? auth : request.getParameter("blade-auth"));
 
+    }
 
+}

+ 2 - 0
zzbusiness-user/src/main/java/org/zhongzheng/user/UserApplication.java
파일 보기 

@@ -10,6 +10,7 @@ import org.springframework.cloud.client.loadbalancer.LoadBalanced;
 
 import org.springframework.cloud.openfeign.EnableFeignClients;
 
 import org.springframework.cloud.openfeign.EnableFeignClients;
 
 import org.springframework.context.annotation.Bean;
 
 import org.springframework.context.annotation.Bean;
 
 import org.springframework.context.annotation.ComponentScan;
 
 import org.springframework.context.annotation.ComponentScan;
 
+import org.springframework.context.annotation.EnableAspectJAutoProxy;
 
 import org.springframework.web.bind.annotation.GetMapping;
 
 import org.springframework.web.bind.annotation.GetMapping;
 
 import org.springframework.web.bind.annotation.RestController;
 
 import org.springframework.web.bind.annotation.RestController;
 
 import org.springframework.web.client.RestTemplate;
 
 import org.springframework.web.client.RestTemplate;
 
@@ -20,6 +21,7 @@ import org.springframework.web.client.RestTemplate;
 
 @EnableDiscoveryClient  //开启服务注册发现功能
 
 @EnableDiscoveryClient  //开启服务注册发现功能
 
 @RestController
 
 @RestController
 
 @ComponentScan(basePackages = {"org.zhongzheng.common","org.zhongzheng.user"})
 
 @ComponentScan(basePackages = {"org.zhongzheng.common","org.zhongzheng.user"})
 
+@EnableAspectJAutoProxy(proxyTargetClass = true)
 
 public class UserApplication {
 
 public class UserApplication {
 
 
 
     public static void main(String[] args) {
 
     public static void main(String[] args) {

+ 1 - 0
zzbusiness-user/src/main/java/org/zhongzheng/user/controller/UserController.java
파일 보기 

@@ -111,6 +111,7 @@ public class UserController {
 
 	 * 新增或修改
 
 	 * 新增或修改
 
 	 */
 
 	 */
 
 	@PostMapping("/submit")
 
 	@PostMapping("/submit")
 
+	@PreAuth("hasRole('administrator')")
 
 	@ApiOperationSupport(order = 4)
 
 	@ApiOperationSupport(order = 4)
 
 	@ApiOperation(value = "新增或修改", notes = "传入User")
 
 	@ApiOperation(value = "新增或修改", notes = "传入User")
 
 	public R submit(@Valid @RequestBody User user) {
 
 	public R submit(@Valid @RequestBody User user) {