diff --git a/ace-admin/pom.xml b/ace-admin/pom.xml
index a6198164447fcdde51051940d7af99930ef89d7d..05b5bdda96c810f72e236d7dc13be80b40909c66 100644
--- a/ace-admin/pom.xml
+++ b/ace-admin/pom.xml
@@ -160,17 +160,7 @@
com.github.wxiaoqi
ace-cache
- 0.0.2-SNAPSHOT
-
-
- org.webjars
- jquery
- 2.1.4
-
-
- org.webjars
- bootstrap
- 3.1.0
+ 0.0.2
diff --git a/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/AdminBootstrap.java b/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/AdminBootstrap.java
index 4b927c7c691cab43709bf4e3da8faa0d64a91e18..7668f0b1aca35f5b410471d83d28c8a131ca1028 100644
--- a/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/AdminBootstrap.java
+++ b/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/AdminBootstrap.java
@@ -1,5 +1,6 @@
package com.github.wxiaoqi.security.admin;
+import com.ace.cache.EnableAceCache;
import com.github.wxiaoqi.security.auth.client.EnableAceAuthClient;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.boot.builder.SpringApplicationBuilder;
@@ -7,8 +8,6 @@ import org.springframework.boot.web.servlet.ServletComponentScan;
import org.springframework.cloud.client.circuitbreaker.EnableCircuitBreaker;
import org.springframework.cloud.netflix.eureka.EnableEurekaClient;
import org.springframework.cloud.netflix.feign.EnableFeignClients;
-import org.springframework.context.annotation.ComponentScan;
-import org.springframework.context.annotation.EnableAspectJAutoProxy;
import org.springframework.scheduling.annotation.EnableScheduling;
/**
@@ -24,8 +23,7 @@ import org.springframework.scheduling.annotation.EnableScheduling;
@EnableScheduling
@EnableAceAuthClient
@ServletComponentScan("com.github.wxiaoqi.security.admin.config.druid")
-@ComponentScan({"com.ace.cache","com.github.wxiaoqi.security.admin"})
-@EnableAspectJAutoProxy
+@EnableAceCache
public class AdminBootstrap {
public static void main(String[] args) {
new SpringApplicationBuilder(AdminBootstrap.class).web(true).run(args); }
diff --git a/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/biz/ElementBiz.java b/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/biz/ElementBiz.java
index c44e4a97e30309d275917be273ecc642d083b193..81a4fd51c44af694d81dc9b51e56d23642228006 100644
--- a/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/biz/ElementBiz.java
+++ b/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/biz/ElementBiz.java
@@ -32,13 +32,13 @@ public class ElementBiz extends BaseBiz {
}
@Override
- @CacheClear(pre="permission:ele")
+ @CacheClear(keys={"permission:ele","permission"})
public void insertSelective(Element entity) {
super.insertSelective(entity);
}
@Override
- @CacheClear(pre="permission:ele")
+ @CacheClear(keys={"permission:ele","permission"})
public void updateSelectiveById(Element entity) {
super.updateSelectiveById(entity);
}
diff --git a/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/biz/MenuBiz.java b/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/biz/MenuBiz.java
index 6da6f46d55e52a9afdc49dd3b7d2a1a3b51826e6..23c09380023386e5a3c1b4a907011a631b4e958b 100644
--- a/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/biz/MenuBiz.java
+++ b/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/biz/MenuBiz.java
@@ -25,7 +25,7 @@ public class MenuBiz extends BaseBiz {
}
@Override
- @CacheClear(pre="permission:menu")
+ @CacheClear(keys={"permission:menu","permission"})
public void insertSelective(Menu entity) {
if (AdminCommonConstant.ROOT == entity.getParentId()) {
entity.setPath("/" + entity.getCode());
@@ -37,7 +37,7 @@ public class MenuBiz extends BaseBiz {
}
@Override
- @CacheClear(pre="permission:menu")
+ @CacheClear(keys={"permission:menu","permission"})
public void updateById(Menu entity) {
if (AdminCommonConstant.ROOT == entity.getParentId()) {
entity.setPath("/" + entity.getCode());
@@ -49,7 +49,7 @@ public class MenuBiz extends BaseBiz {
}
@Override
- @CacheClear(pre="permission:menu")
+ @CacheClear(keys={"permission:menu","permission"})
public void updateSelectiveById(Menu entity) {
super.updateSelectiveById(entity);
}
diff --git a/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/config/WebConfig.java b/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/config/WebConfig.java
index 1f6b1f29807d8d952241aa09192d72a7542a3755..0debbea79631c9c4eb88cdf6b09bed0a6188a251 100644
--- a/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/config/WebConfig.java
+++ b/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/config/WebConfig.java
@@ -7,7 +7,6 @@ import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.context.annotation.Primary;
import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
-import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter;
import java.util.ArrayList;
@@ -54,10 +53,10 @@ public class WebConfig extends WebMvcConfigurerAdapter {
return list;
}
- @Override
- public void addResourceHandlers(ResourceHandlerRegistry registry) {
- registry.addResourceHandler("/static/cache/**").addResourceLocations(
- "classpath:/META-INF/static/");
- super.addResourceHandlers(registry);
- }
+// @Override
+// public void addResourceHandlers(ResourceHandlerRegistry registry) {
+// registry.addResourceHandler("/static/cache/**").addResourceLocations(
+// "classpath:/META-INF/static/");
+// super.addResourceHandlers(registry);
+// }
}
diff --git a/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/rpc/UserRest.java b/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/rpc/UserRest.java
index 78f0ad201b1ba3a92936ee1468e61dc75ce00205..19ecf0aee5ba26ed80656f83985ce6750194cd76 100644
--- a/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/rpc/UserRest.java
+++ b/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/rpc/UserRest.java
@@ -1,5 +1,6 @@
package com.github.wxiaoqi.security.admin.rpc;
+import com.ace.cache.annotation.Cache;
import com.github.wxiaoqi.security.admin.rpc.service.PermissionService;
import com.github.wxiaoqi.security.api.vo.authority.PermissionInfo;
import com.github.wxiaoqi.security.api.vo.user.UserInfo;
@@ -20,12 +21,14 @@ public class UserRest {
@Autowired
private PermissionService permissionService;
+ @Cache(key="permission")
@RequestMapping(value = "/permissions", method = RequestMethod.GET)
public @ResponseBody
List getAllPermission(){
return permissionService.getAllPermission();
}
+ @Cache(key="permission:u{1}")
@RequestMapping(value = "/user/un/{username}/permissions", method = RequestMethod.GET)
public @ResponseBody List getPermissionByUsername(@PathVariable("username") String username){
return permissionService.getPermissionByUsername(username);
diff --git a/ace-gate/ace-gate-server/src/main/java/com/github/wxiaoqi/security/gate/filter/AdminAccessFilter.java b/ace-gate/ace-gate-server/src/main/java/com/github/wxiaoqi/security/gate/filter/AdminAccessFilter.java
index e790c7f383b9ec24f1b941b35466ea3a724cff82..a058ce670bf7a655621f880dab08a0db0b93a59e 100644
--- a/ace-gate/ace-gate-server/src/main/java/com/github/wxiaoqi/security/gate/filter/AdminAccessFilter.java
+++ b/ace-gate/ace-gate-server/src/main/java/com/github/wxiaoqi/security/gate/filter/AdminAccessFilter.java
@@ -16,8 +16,6 @@ import com.github.wxiaoqi.security.common.util.ClientUtil;
import com.github.wxiaoqi.security.gate.feign.ILogService;
import com.github.wxiaoqi.security.gate.feign.IUserService;
import com.github.wxiaoqi.security.gate.utils.DBLog;
-import com.google.common.base.Predicate;
-import com.google.common.collect.Collections2;
import com.netflix.appinfo.InstanceInfo;
import com.netflix.discovery.EurekaClient;
import com.netflix.zuul.ZuulFilter;
@@ -30,14 +28,16 @@ import org.apache.commons.lang3.StringUtils;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.beans.factory.annotation.Value;
import org.springframework.stereotype.Component;
+import org.springframework.web.bind.annotation.RequestMethod;
import javax.annotation.PostConstruct;
import javax.servlet.http.HttpServletRequest;
import java.net.URLEncoder;
-import java.util.Collection;
import java.util.Date;
import java.util.List;
+import java.util.function.Predicate;
import java.util.regex.Pattern;
+import java.util.stream.Stream;
/**
* ${DESCRIPTION}
@@ -75,7 +75,7 @@ public class AdminAccessFilter extends ZuulFilter {
@PostConstruct
public void init() {
- InstanceInfo prodSvcInfo = discoveryClient.getNextServerFromEureka("ACE-ADMIN", false);
+ InstanceInfo prodSvcInfo = discoveryClient.getNextServerFromEureka("ACE-ADMIN", false);
ServiceFeignInterceptor serviceFeignInterceptor = new ServiceFeignInterceptor();
serviceFeignInterceptor.setServiceAuthConfig(serviceAuthConfig);
serviceFeignInterceptor.setServiceAuthUtil(serviceAuthUtil);
@@ -114,101 +114,92 @@ public class AdminAccessFilter extends ZuulFilter {
}
IJWTInfo user = null;
try {
- user = getJWTUser(request,ctx);
+ user = getJWTUser(request, ctx);
} catch (Exception e) {
- setFailedRequest(JSON.toJSONString(new TokenErrorResponse(e.getMessage())),200);
+ setFailedRequest(JSON.toJSONString(new TokenErrorResponse(e.getMessage())), 200);
return null;
}
- List permissionInfos = userService.getAllPermissionInfo();
+ List permissionIfs = userService.getAllPermissionInfo();
// 判断资源是否启用权限约束
- Collection result = getPermissionInfos(requestUri, method, permissionInfos);
- if(result.size()>0){
- checkUserPermission(requestUri, method, ctx, user);
+ Stream result = getPermissionIfs(requestUri, method, permissionIfs);
+ Object[] permissions = result.toArray();
+ if (permissions.length > 0) {
+ checkUserPermission((PermissionInfo[]) permissions, ctx, user);
}
// 申请客户端密钥头
- ctx.addZuulRequestHeader(serviceAuthConfig.getTokenHeader(),serviceAuthUtil.getClientToken());
+ ctx.addZuulRequestHeader(serviceAuthConfig.getTokenHeader(), serviceAuthUtil.getClientToken());
BaseContextHandler.remove();
return null;
}
/**
* 获取目标权限资源
+ *
* @param requestUri
* @param method
* @param serviceInfo
* @return
*/
- private Collection getPermissionInfos(final String requestUri, final String method, List serviceInfo) {
- return Collections2.filter(serviceInfo, new Predicate() {
- @Override
- public boolean apply(PermissionInfo permissionInfo) {
- String url = permissionInfo.getUri();
- String uri = url.replaceAll("\\{\\*\\}", "[a-zA-Z\\\\d]+");
- String regEx = "^" + uri + "$";
- return (Pattern.compile(regEx).matcher(requestUri).find() || requestUri.startsWith(url + "/"))
- && method.equals(permissionInfo.getMethod());
- }
- });
+ private Stream getPermissionIfs(final String requestUri, final String method, List serviceInfo) {
+ return serviceInfo.parallelStream().filter(new Predicate() {
+ @Override
+ public boolean test(PermissionInfo permissionInfo) {
+ String url = permissionInfo.getUri();
+ String uri = url.replaceAll("\\{\\*\\}", "[a-zA-Z\\\\d]+");
+ String regEx = "^" + uri + "$";
+ return (Pattern.compile(regEx).matcher(requestUri).find() || requestUri.startsWith(url + "/"))
+ && method.equals(permissionInfo.getMethod());
+ }
+ });
}
private void setCurrentUserInfoAndLog(RequestContext ctx, IJWTInfo user, PermissionInfo pm) {
- String host = ClientUtil.getClientIp(ctx.getRequest());
+ String host = ClientUtil.getClientIp(ctx.getRequest());
ctx.addZuulRequestHeader("userId", user.getId());
ctx.addZuulRequestHeader("userName", URLEncoder.encode(user.getName()));
ctx.addZuulRequestHeader("userHost", ClientUtil.getClientIp(ctx.getRequest()));
- LogInfo logInfo = new LogInfo(pm.getMenu(),pm.getName(),pm.getUri(),new Date(),user.getId(),user.getName(),host);
+ LogInfo logInfo = new LogInfo(pm.getMenu(), pm.getName(), pm.getUri(), new Date(), user.getId(), user.getName(), host);
DBLog.getInstance().setLogService(logService).offerQueue(logInfo);
}
/**
* 返回session中的用户信息
+ *
* @param request
* @param ctx
* @return
*/
- private IJWTInfo getJWTUser(HttpServletRequest request,RequestContext ctx) throws Exception {
+ private IJWTInfo getJWTUser(HttpServletRequest request, RequestContext ctx) throws Exception {
String authToken = request.getHeader(userAuthConfig.getTokenHeader());
- if(StringUtils.isBlank(authToken)){
+ if (StringUtils.isBlank(authToken)) {
authToken = request.getParameter("token");
}
- ctx.addZuulRequestHeader(userAuthConfig.getTokenHeader(),authToken);
+ ctx.addZuulRequestHeader(userAuthConfig.getTokenHeader(), authToken);
BaseContextHandler.setToken(authToken);
return userAuthUtil.getInfoFromToken(authToken);
}
- /**
- * 读取权限
- * @param request
- * @param username
- * @return
- */
- private List getPermissionInfos(HttpServletRequest request, String username) {
- List permissionInfos;
- if (request.getSession().getAttribute("permission") == null) {
- permissionInfos = userService.getPermissionByUsername(username);
- request.getSession().setAttribute("permission", permissionInfos);
- } else {
- permissionInfos = (List) request.getSession().getAttribute("permission");
- }
- return permissionInfos;
- }
- /**
- * 权限校验
- * @param requestUri
- * @param method
- */
- private void checkUserPermission(final String requestUri, final String method ,RequestContext ctx,IJWTInfo user) {
- log.debug("uri:" + requestUri + "----method:" + method);
- List permissionInfos = getPermissionInfos(ctx.getRequest(), user.getUniqueName()) ;
- Collection result = getPermissionInfos(requestUri, method, permissionInfos);
- if (result.size() <= 0) {
+ private void checkUserPermission(PermissionInfo[] permissions, RequestContext ctx, IJWTInfo user) {
+ List permissionInfos = userService.getPermissionByUsername(user.getUniqueName());
+ PermissionInfo current = null;
+ for (PermissionInfo info : permissions) {
+ boolean anyMatch = permissionInfos.parallelStream().anyMatch(new Predicate() {
+ @Override
+ public boolean test(PermissionInfo permissionInfo) {
+ return permissionInfo.getCode().equals(info.getCode());
+ }
+ });
+ if (anyMatch) {
+ current = info;
+ break;
+ }
+ }
+ if (current == null) {
setFailedRequest(JSON.toJSONString(new TokenForbiddenResponse("Token Forbidden!")), 200);
- } else{
- PermissionInfo[] pms = result.toArray(new PermissionInfo[]{});
- PermissionInfo pm = pms[0];
- if(!"GET".equals(method)){
- setCurrentUserInfoAndLog(ctx, user, pm);
+ } else {
+ if (!RequestMethod.GET.equals(current.getMethod())) {
+ setCurrentUserInfoAndLog(ctx, user, current);
}
}
}
@@ -216,6 +207,7 @@ public class AdminAccessFilter extends ZuulFilter {
/**
* URI是否以什么打头
+ *
* @param requestUri
* @return
*/
@@ -230,7 +222,7 @@ public class AdminAccessFilter extends ZuulFilter {
}
/**
- * Reports an error message given a response body and code.
+ * 网关抛异常
*
* @param body
* @param code
@@ -242,7 +234,7 @@ public class AdminAccessFilter extends ZuulFilter {
if (ctx.getResponseBody() == null) {
ctx.setResponseBody(body);
ctx.setSendZuulResponse(false);
-// throw new RuntimeException("Code: " + code + ", " + body); //optional
}
}
+
}
diff --git a/pom.xml b/pom.xml
index 2e1d5ec149183abed88ea71463eff976fba2bc7d..6e543915c230c096dd118182542bb52af606fd9e 100644
--- a/pom.xml
+++ b/pom.xml
@@ -54,6 +54,13 @@
provided
+
+
+ oss
+ oss
+ https://oss.sonatype.org/content/groups/public
+
+