diff --git a/ace-admin/pom.xml b/ace-admin/pom.xml index a6198164447fcdde51051940d7af99930ef89d7d..05b5bdda96c810f72e236d7dc13be80b40909c66 100644 --- a/ace-admin/pom.xml +++ b/ace-admin/pom.xml @@ -160,17 +160,7 @@ com.github.wxiaoqi ace-cache - 0.0.2-SNAPSHOT - - - org.webjars - jquery - 2.1.4 - - - org.webjars - bootstrap - 3.1.0 + 0.0.2 diff --git a/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/AdminBootstrap.java b/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/AdminBootstrap.java index 4b927c7c691cab43709bf4e3da8faa0d64a91e18..7668f0b1aca35f5b410471d83d28c8a131ca1028 100644 --- a/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/AdminBootstrap.java +++ b/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/AdminBootstrap.java @@ -1,5 +1,6 @@ package com.github.wxiaoqi.security.admin; +import com.ace.cache.EnableAceCache; import com.github.wxiaoqi.security.auth.client.EnableAceAuthClient; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.builder.SpringApplicationBuilder; @@ -7,8 +8,6 @@ import org.springframework.boot.web.servlet.ServletComponentScan; import org.springframework.cloud.client.circuitbreaker.EnableCircuitBreaker; import org.springframework.cloud.netflix.eureka.EnableEurekaClient; import org.springframework.cloud.netflix.feign.EnableFeignClients; -import org.springframework.context.annotation.ComponentScan; -import org.springframework.context.annotation.EnableAspectJAutoProxy; import org.springframework.scheduling.annotation.EnableScheduling; /** @@ -24,8 +23,7 @@ import org.springframework.scheduling.annotation.EnableScheduling; @EnableScheduling @EnableAceAuthClient @ServletComponentScan("com.github.wxiaoqi.security.admin.config.druid") -@ComponentScan({"com.ace.cache","com.github.wxiaoqi.security.admin"}) -@EnableAspectJAutoProxy +@EnableAceCache public class AdminBootstrap { public static void main(String[] args) { new SpringApplicationBuilder(AdminBootstrap.class).web(true).run(args); } diff --git a/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/biz/ElementBiz.java b/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/biz/ElementBiz.java index c44e4a97e30309d275917be273ecc642d083b193..81a4fd51c44af694d81dc9b51e56d23642228006 100644 --- a/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/biz/ElementBiz.java +++ b/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/biz/ElementBiz.java @@ -32,13 +32,13 @@ public class ElementBiz extends BaseBiz { } @Override - @CacheClear(pre="permission:ele") + @CacheClear(keys={"permission:ele","permission"}) public void insertSelective(Element entity) { super.insertSelective(entity); } @Override - @CacheClear(pre="permission:ele") + @CacheClear(keys={"permission:ele","permission"}) public void updateSelectiveById(Element entity) { super.updateSelectiveById(entity); } diff --git a/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/biz/MenuBiz.java b/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/biz/MenuBiz.java index 6da6f46d55e52a9afdc49dd3b7d2a1a3b51826e6..23c09380023386e5a3c1b4a907011a631b4e958b 100644 --- a/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/biz/MenuBiz.java +++ b/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/biz/MenuBiz.java @@ -25,7 +25,7 @@ public class MenuBiz extends BaseBiz { } @Override - @CacheClear(pre="permission:menu") + @CacheClear(keys={"permission:menu","permission"}) public void insertSelective(Menu entity) { if (AdminCommonConstant.ROOT == entity.getParentId()) { entity.setPath("/" + entity.getCode()); @@ -37,7 +37,7 @@ public class MenuBiz extends BaseBiz { } @Override - @CacheClear(pre="permission:menu") + @CacheClear(keys={"permission:menu","permission"}) public void updateById(Menu entity) { if (AdminCommonConstant.ROOT == entity.getParentId()) { entity.setPath("/" + entity.getCode()); @@ -49,7 +49,7 @@ public class MenuBiz extends BaseBiz { } @Override - @CacheClear(pre="permission:menu") + @CacheClear(keys={"permission:menu","permission"}) public void updateSelectiveById(Menu entity) { super.updateSelectiveById(entity); } diff --git a/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/config/WebConfig.java b/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/config/WebConfig.java index 1f6b1f29807d8d952241aa09192d72a7542a3755..0debbea79631c9c4eb88cdf6b09bed0a6188a251 100644 --- a/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/config/WebConfig.java +++ b/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/config/WebConfig.java @@ -7,7 +7,6 @@ import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Primary; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; -import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; import java.util.ArrayList; @@ -54,10 +53,10 @@ public class WebConfig extends WebMvcConfigurerAdapter { return list; } - @Override - public void addResourceHandlers(ResourceHandlerRegistry registry) { - registry.addResourceHandler("/static/cache/**").addResourceLocations( - "classpath:/META-INF/static/"); - super.addResourceHandlers(registry); - } +// @Override +// public void addResourceHandlers(ResourceHandlerRegistry registry) { +// registry.addResourceHandler("/static/cache/**").addResourceLocations( +// "classpath:/META-INF/static/"); +// super.addResourceHandlers(registry); +// } } diff --git a/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/rpc/UserRest.java b/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/rpc/UserRest.java index 78f0ad201b1ba3a92936ee1468e61dc75ce00205..19ecf0aee5ba26ed80656f83985ce6750194cd76 100644 --- a/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/rpc/UserRest.java +++ b/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/rpc/UserRest.java @@ -1,5 +1,6 @@ package com.github.wxiaoqi.security.admin.rpc; +import com.ace.cache.annotation.Cache; import com.github.wxiaoqi.security.admin.rpc.service.PermissionService; import com.github.wxiaoqi.security.api.vo.authority.PermissionInfo; import com.github.wxiaoqi.security.api.vo.user.UserInfo; @@ -20,12 +21,14 @@ public class UserRest { @Autowired private PermissionService permissionService; + @Cache(key="permission") @RequestMapping(value = "/permissions", method = RequestMethod.GET) public @ResponseBody List getAllPermission(){ return permissionService.getAllPermission(); } + @Cache(key="permission:u{1}") @RequestMapping(value = "/user/un/{username}/permissions", method = RequestMethod.GET) public @ResponseBody List getPermissionByUsername(@PathVariable("username") String username){ return permissionService.getPermissionByUsername(username); diff --git a/ace-gate/ace-gate-server/src/main/java/com/github/wxiaoqi/security/gate/filter/AdminAccessFilter.java b/ace-gate/ace-gate-server/src/main/java/com/github/wxiaoqi/security/gate/filter/AdminAccessFilter.java index e790c7f383b9ec24f1b941b35466ea3a724cff82..a058ce670bf7a655621f880dab08a0db0b93a59e 100644 --- a/ace-gate/ace-gate-server/src/main/java/com/github/wxiaoqi/security/gate/filter/AdminAccessFilter.java +++ b/ace-gate/ace-gate-server/src/main/java/com/github/wxiaoqi/security/gate/filter/AdminAccessFilter.java @@ -16,8 +16,6 @@ import com.github.wxiaoqi.security.common.util.ClientUtil; import com.github.wxiaoqi.security.gate.feign.ILogService; import com.github.wxiaoqi.security.gate.feign.IUserService; import com.github.wxiaoqi.security.gate.utils.DBLog; -import com.google.common.base.Predicate; -import com.google.common.collect.Collections2; import com.netflix.appinfo.InstanceInfo; import com.netflix.discovery.EurekaClient; import com.netflix.zuul.ZuulFilter; @@ -30,14 +28,16 @@ import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Component; +import org.springframework.web.bind.annotation.RequestMethod; import javax.annotation.PostConstruct; import javax.servlet.http.HttpServletRequest; import java.net.URLEncoder; -import java.util.Collection; import java.util.Date; import java.util.List; +import java.util.function.Predicate; import java.util.regex.Pattern; +import java.util.stream.Stream; /** * ${DESCRIPTION} @@ -75,7 +75,7 @@ public class AdminAccessFilter extends ZuulFilter { @PostConstruct public void init() { - InstanceInfo prodSvcInfo = discoveryClient.getNextServerFromEureka("ACE-ADMIN", false); + InstanceInfo prodSvcInfo = discoveryClient.getNextServerFromEureka("ACE-ADMIN", false); ServiceFeignInterceptor serviceFeignInterceptor = new ServiceFeignInterceptor(); serviceFeignInterceptor.setServiceAuthConfig(serviceAuthConfig); serviceFeignInterceptor.setServiceAuthUtil(serviceAuthUtil); @@ -114,101 +114,92 @@ public class AdminAccessFilter extends ZuulFilter { } IJWTInfo user = null; try { - user = getJWTUser(request,ctx); + user = getJWTUser(request, ctx); } catch (Exception e) { - setFailedRequest(JSON.toJSONString(new TokenErrorResponse(e.getMessage())),200); + setFailedRequest(JSON.toJSONString(new TokenErrorResponse(e.getMessage())), 200); return null; } - List permissionInfos = userService.getAllPermissionInfo(); + List permissionIfs = userService.getAllPermissionInfo(); // 判断资源是否启用权限约束 - Collection result = getPermissionInfos(requestUri, method, permissionInfos); - if(result.size()>0){ - checkUserPermission(requestUri, method, ctx, user); + Stream result = getPermissionIfs(requestUri, method, permissionIfs); + Object[] permissions = result.toArray(); + if (permissions.length > 0) { + checkUserPermission((PermissionInfo[]) permissions, ctx, user); } // 申请客户端密钥头 - ctx.addZuulRequestHeader(serviceAuthConfig.getTokenHeader(),serviceAuthUtil.getClientToken()); + ctx.addZuulRequestHeader(serviceAuthConfig.getTokenHeader(), serviceAuthUtil.getClientToken()); BaseContextHandler.remove(); return null; } /** * 获取目标权限资源 + * * @param requestUri * @param method * @param serviceInfo * @return */ - private Collection getPermissionInfos(final String requestUri, final String method, List serviceInfo) { - return Collections2.filter(serviceInfo, new Predicate() { - @Override - public boolean apply(PermissionInfo permissionInfo) { - String url = permissionInfo.getUri(); - String uri = url.replaceAll("\\{\\*\\}", "[a-zA-Z\\\\d]+"); - String regEx = "^" + uri + "$"; - return (Pattern.compile(regEx).matcher(requestUri).find() || requestUri.startsWith(url + "/")) - && method.equals(permissionInfo.getMethod()); - } - }); + private Stream getPermissionIfs(final String requestUri, final String method, List serviceInfo) { + return serviceInfo.parallelStream().filter(new Predicate() { + @Override + public boolean test(PermissionInfo permissionInfo) { + String url = permissionInfo.getUri(); + String uri = url.replaceAll("\\{\\*\\}", "[a-zA-Z\\\\d]+"); + String regEx = "^" + uri + "$"; + return (Pattern.compile(regEx).matcher(requestUri).find() || requestUri.startsWith(url + "/")) + && method.equals(permissionInfo.getMethod()); + } + }); } private void setCurrentUserInfoAndLog(RequestContext ctx, IJWTInfo user, PermissionInfo pm) { - String host = ClientUtil.getClientIp(ctx.getRequest()); + String host = ClientUtil.getClientIp(ctx.getRequest()); ctx.addZuulRequestHeader("userId", user.getId()); ctx.addZuulRequestHeader("userName", URLEncoder.encode(user.getName())); ctx.addZuulRequestHeader("userHost", ClientUtil.getClientIp(ctx.getRequest())); - LogInfo logInfo = new LogInfo(pm.getMenu(),pm.getName(),pm.getUri(),new Date(),user.getId(),user.getName(),host); + LogInfo logInfo = new LogInfo(pm.getMenu(), pm.getName(), pm.getUri(), new Date(), user.getId(), user.getName(), host); DBLog.getInstance().setLogService(logService).offerQueue(logInfo); } /** * 返回session中的用户信息 + * * @param request * @param ctx * @return */ - private IJWTInfo getJWTUser(HttpServletRequest request,RequestContext ctx) throws Exception { + private IJWTInfo getJWTUser(HttpServletRequest request, RequestContext ctx) throws Exception { String authToken = request.getHeader(userAuthConfig.getTokenHeader()); - if(StringUtils.isBlank(authToken)){ + if (StringUtils.isBlank(authToken)) { authToken = request.getParameter("token"); } - ctx.addZuulRequestHeader(userAuthConfig.getTokenHeader(),authToken); + ctx.addZuulRequestHeader(userAuthConfig.getTokenHeader(), authToken); BaseContextHandler.setToken(authToken); return userAuthUtil.getInfoFromToken(authToken); } - /** - * 读取权限 - * @param request - * @param username - * @return - */ - private List getPermissionInfos(HttpServletRequest request, String username) { - List permissionInfos; - if (request.getSession().getAttribute("permission") == null) { - permissionInfos = userService.getPermissionByUsername(username); - request.getSession().setAttribute("permission", permissionInfos); - } else { - permissionInfos = (List) request.getSession().getAttribute("permission"); - } - return permissionInfos; - } - /** - * 权限校验 - * @param requestUri - * @param method - */ - private void checkUserPermission(final String requestUri, final String method ,RequestContext ctx,IJWTInfo user) { - log.debug("uri:" + requestUri + "----method:" + method); - List permissionInfos = getPermissionInfos(ctx.getRequest(), user.getUniqueName()) ; - Collection result = getPermissionInfos(requestUri, method, permissionInfos); - if (result.size() <= 0) { + private void checkUserPermission(PermissionInfo[] permissions, RequestContext ctx, IJWTInfo user) { + List permissionInfos = userService.getPermissionByUsername(user.getUniqueName()); + PermissionInfo current = null; + for (PermissionInfo info : permissions) { + boolean anyMatch = permissionInfos.parallelStream().anyMatch(new Predicate() { + @Override + public boolean test(PermissionInfo permissionInfo) { + return permissionInfo.getCode().equals(info.getCode()); + } + }); + if (anyMatch) { + current = info; + break; + } + } + if (current == null) { setFailedRequest(JSON.toJSONString(new TokenForbiddenResponse("Token Forbidden!")), 200); - } else{ - PermissionInfo[] pms = result.toArray(new PermissionInfo[]{}); - PermissionInfo pm = pms[0]; - if(!"GET".equals(method)){ - setCurrentUserInfoAndLog(ctx, user, pm); + } else { + if (!RequestMethod.GET.equals(current.getMethod())) { + setCurrentUserInfoAndLog(ctx, user, current); } } } @@ -216,6 +207,7 @@ public class AdminAccessFilter extends ZuulFilter { /** * URI是否以什么打头 + * * @param requestUri * @return */ @@ -230,7 +222,7 @@ public class AdminAccessFilter extends ZuulFilter { } /** - * Reports an error message given a response body and code. + * 网关抛异常 * * @param body * @param code @@ -242,7 +234,7 @@ public class AdminAccessFilter extends ZuulFilter { if (ctx.getResponseBody() == null) { ctx.setResponseBody(body); ctx.setSendZuulResponse(false); -// throw new RuntimeException("Code: " + code + ", " + body); //optional } } + } diff --git a/pom.xml b/pom.xml index 2e1d5ec149183abed88ea71463eff976fba2bc7d..6e543915c230c096dd118182542bb52af606fd9e 100644 --- a/pom.xml +++ b/pom.xml @@ -54,6 +54,13 @@ provided + + + oss + oss + https://oss.sonatype.org/content/groups/public + +