From b629c0f7ab2c36f72e2b88af92042c54241fe5e0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8E=8B=E6=B5=A9=E5=BD=AC?= Date: Fri, 17 Nov 2017 15:46:31 +0800 Subject: [PATCH 1/2] =?UTF-8?q?[Feature]=20=E5=8D=87=E7=BA=A7ace-cache?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ace-admin/pom.xml | 12 +----------- .../wxiaoqi/security/admin/AdminBootstrap.java | 6 ++---- .../wxiaoqi/security/admin/config/WebConfig.java | 13 ++++++------- 3 files changed, 9 insertions(+), 22 deletions(-) diff --git a/ace-admin/pom.xml b/ace-admin/pom.xml index a6198164..05b5bdda 100644 --- a/ace-admin/pom.xml +++ b/ace-admin/pom.xml @@ -160,17 +160,7 @@ com.github.wxiaoqi ace-cache - 0.0.2-SNAPSHOT - - - org.webjars - jquery - 2.1.4 - - - org.webjars - bootstrap - 3.1.0 + 0.0.2 diff --git a/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/AdminBootstrap.java b/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/AdminBootstrap.java index 4b927c7c..7668f0b1 100644 --- a/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/AdminBootstrap.java +++ b/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/AdminBootstrap.java @@ -1,5 +1,6 @@ package com.github.wxiaoqi.security.admin; +import com.ace.cache.EnableAceCache; import com.github.wxiaoqi.security.auth.client.EnableAceAuthClient; import org.springframework.boot.autoconfigure.SpringBootApplication; import org.springframework.boot.builder.SpringApplicationBuilder; @@ -7,8 +8,6 @@ import org.springframework.boot.web.servlet.ServletComponentScan; import org.springframework.cloud.client.circuitbreaker.EnableCircuitBreaker; import org.springframework.cloud.netflix.eureka.EnableEurekaClient; import org.springframework.cloud.netflix.feign.EnableFeignClients; -import org.springframework.context.annotation.ComponentScan; -import org.springframework.context.annotation.EnableAspectJAutoProxy; import org.springframework.scheduling.annotation.EnableScheduling; /** @@ -24,8 +23,7 @@ import org.springframework.scheduling.annotation.EnableScheduling; @EnableScheduling @EnableAceAuthClient @ServletComponentScan("com.github.wxiaoqi.security.admin.config.druid") -@ComponentScan({"com.ace.cache","com.github.wxiaoqi.security.admin"}) -@EnableAspectJAutoProxy +@EnableAceCache public class AdminBootstrap { public static void main(String[] args) { new SpringApplicationBuilder(AdminBootstrap.class).web(true).run(args); } diff --git a/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/config/WebConfig.java b/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/config/WebConfig.java index 1f6b1f29..0debbea7 100644 --- a/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/config/WebConfig.java +++ b/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/config/WebConfig.java @@ -7,7 +7,6 @@ import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Configuration; import org.springframework.context.annotation.Primary; import org.springframework.web.servlet.config.annotation.InterceptorRegistry; -import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry; import org.springframework.web.servlet.config.annotation.WebMvcConfigurerAdapter; import java.util.ArrayList; @@ -54,10 +53,10 @@ public class WebConfig extends WebMvcConfigurerAdapter { return list; } - @Override - public void addResourceHandlers(ResourceHandlerRegistry registry) { - registry.addResourceHandler("/static/cache/**").addResourceLocations( - "classpath:/META-INF/static/"); - super.addResourceHandlers(registry); - } +// @Override +// public void addResourceHandlers(ResourceHandlerRegistry registry) { +// registry.addResourceHandler("/static/cache/**").addResourceLocations( +// "classpath:/META-INF/static/"); +// super.addResourceHandlers(registry); +// } } -- Gitee From 044098ad62e325f2a6e92d3168bd4035066a8c86 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=E7=8E=8B=E6=B5=A9=E5=BD=AC?= Date: Sun, 19 Nov 2017 14:44:51 +0800 Subject: [PATCH 2/2] =?UTF-8?q?[Feature]=20=E4=BC=98=E5=8C=96=E7=BD=91?= =?UTF-8?q?=E5=85=B3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit 1、采用parallelStream优化比较 2、网关模块加入缓存 --- .../security/admin/biz/ElementBiz.java | 4 +- .../wxiaoqi/security/admin/biz/MenuBiz.java | 6 +- .../wxiaoqi/security/admin/rpc/UserRest.java | 3 + .../gate/filter/AdminAccessFilter.java | 112 ++++++++---------- pom.xml | 7 ++ 5 files changed, 67 insertions(+), 65 deletions(-) diff --git a/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/biz/ElementBiz.java b/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/biz/ElementBiz.java index c44e4a97..81a4fd51 100644 --- a/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/biz/ElementBiz.java +++ b/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/biz/ElementBiz.java @@ -32,13 +32,13 @@ public class ElementBiz extends BaseBiz { } @Override - @CacheClear(pre="permission:ele") + @CacheClear(keys={"permission:ele","permission"}) public void insertSelective(Element entity) { super.insertSelective(entity); } @Override - @CacheClear(pre="permission:ele") + @CacheClear(keys={"permission:ele","permission"}) public void updateSelectiveById(Element entity) { super.updateSelectiveById(entity); } diff --git a/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/biz/MenuBiz.java b/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/biz/MenuBiz.java index 6da6f46d..23c09380 100644 --- a/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/biz/MenuBiz.java +++ b/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/biz/MenuBiz.java @@ -25,7 +25,7 @@ public class MenuBiz extends BaseBiz { } @Override - @CacheClear(pre="permission:menu") + @CacheClear(keys={"permission:menu","permission"}) public void insertSelective(Menu entity) { if (AdminCommonConstant.ROOT == entity.getParentId()) { entity.setPath("/" + entity.getCode()); @@ -37,7 +37,7 @@ public class MenuBiz extends BaseBiz { } @Override - @CacheClear(pre="permission:menu") + @CacheClear(keys={"permission:menu","permission"}) public void updateById(Menu entity) { if (AdminCommonConstant.ROOT == entity.getParentId()) { entity.setPath("/" + entity.getCode()); @@ -49,7 +49,7 @@ public class MenuBiz extends BaseBiz { } @Override - @CacheClear(pre="permission:menu") + @CacheClear(keys={"permission:menu","permission"}) public void updateSelectiveById(Menu entity) { super.updateSelectiveById(entity); } diff --git a/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/rpc/UserRest.java b/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/rpc/UserRest.java index 78f0ad20..19ecf0ae 100644 --- a/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/rpc/UserRest.java +++ b/ace-admin/src/main/java/com/github/wxiaoqi/security/admin/rpc/UserRest.java @@ -1,5 +1,6 @@ package com.github.wxiaoqi.security.admin.rpc; +import com.ace.cache.annotation.Cache; import com.github.wxiaoqi.security.admin.rpc.service.PermissionService; import com.github.wxiaoqi.security.api.vo.authority.PermissionInfo; import com.github.wxiaoqi.security.api.vo.user.UserInfo; @@ -20,12 +21,14 @@ public class UserRest { @Autowired private PermissionService permissionService; + @Cache(key="permission") @RequestMapping(value = "/permissions", method = RequestMethod.GET) public @ResponseBody List getAllPermission(){ return permissionService.getAllPermission(); } + @Cache(key="permission:u{1}") @RequestMapping(value = "/user/un/{username}/permissions", method = RequestMethod.GET) public @ResponseBody List getPermissionByUsername(@PathVariable("username") String username){ return permissionService.getPermissionByUsername(username); diff --git a/ace-gate/ace-gate-server/src/main/java/com/github/wxiaoqi/security/gate/filter/AdminAccessFilter.java b/ace-gate/ace-gate-server/src/main/java/com/github/wxiaoqi/security/gate/filter/AdminAccessFilter.java index e790c7f3..a058ce67 100644 --- a/ace-gate/ace-gate-server/src/main/java/com/github/wxiaoqi/security/gate/filter/AdminAccessFilter.java +++ b/ace-gate/ace-gate-server/src/main/java/com/github/wxiaoqi/security/gate/filter/AdminAccessFilter.java @@ -16,8 +16,6 @@ import com.github.wxiaoqi.security.common.util.ClientUtil; import com.github.wxiaoqi.security.gate.feign.ILogService; import com.github.wxiaoqi.security.gate.feign.IUserService; import com.github.wxiaoqi.security.gate.utils.DBLog; -import com.google.common.base.Predicate; -import com.google.common.collect.Collections2; import com.netflix.appinfo.InstanceInfo; import com.netflix.discovery.EurekaClient; import com.netflix.zuul.ZuulFilter; @@ -30,14 +28,16 @@ import org.apache.commons.lang3.StringUtils; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.beans.factory.annotation.Value; import org.springframework.stereotype.Component; +import org.springframework.web.bind.annotation.RequestMethod; import javax.annotation.PostConstruct; import javax.servlet.http.HttpServletRequest; import java.net.URLEncoder; -import java.util.Collection; import java.util.Date; import java.util.List; +import java.util.function.Predicate; import java.util.regex.Pattern; +import java.util.stream.Stream; /** * ${DESCRIPTION} @@ -75,7 +75,7 @@ public class AdminAccessFilter extends ZuulFilter { @PostConstruct public void init() { - InstanceInfo prodSvcInfo = discoveryClient.getNextServerFromEureka("ACE-ADMIN", false); + InstanceInfo prodSvcInfo = discoveryClient.getNextServerFromEureka("ACE-ADMIN", false); ServiceFeignInterceptor serviceFeignInterceptor = new ServiceFeignInterceptor(); serviceFeignInterceptor.setServiceAuthConfig(serviceAuthConfig); serviceFeignInterceptor.setServiceAuthUtil(serviceAuthUtil); @@ -114,101 +114,92 @@ public class AdminAccessFilter extends ZuulFilter { } IJWTInfo user = null; try { - user = getJWTUser(request,ctx); + user = getJWTUser(request, ctx); } catch (Exception e) { - setFailedRequest(JSON.toJSONString(new TokenErrorResponse(e.getMessage())),200); + setFailedRequest(JSON.toJSONString(new TokenErrorResponse(e.getMessage())), 200); return null; } - List permissionInfos = userService.getAllPermissionInfo(); + List permissionIfs = userService.getAllPermissionInfo(); // 判断资源是否启用权限约束 - Collection result = getPermissionInfos(requestUri, method, permissionInfos); - if(result.size()>0){ - checkUserPermission(requestUri, method, ctx, user); + Stream result = getPermissionIfs(requestUri, method, permissionIfs); + Object[] permissions = result.toArray(); + if (permissions.length > 0) { + checkUserPermission((PermissionInfo[]) permissions, ctx, user); } // 申请客户端密钥头 - ctx.addZuulRequestHeader(serviceAuthConfig.getTokenHeader(),serviceAuthUtil.getClientToken()); + ctx.addZuulRequestHeader(serviceAuthConfig.getTokenHeader(), serviceAuthUtil.getClientToken()); BaseContextHandler.remove(); return null; } /** * 获取目标权限资源 + * * @param requestUri * @param method * @param serviceInfo * @return */ - private Collection getPermissionInfos(final String requestUri, final String method, List serviceInfo) { - return Collections2.filter(serviceInfo, new Predicate() { - @Override - public boolean apply(PermissionInfo permissionInfo) { - String url = permissionInfo.getUri(); - String uri = url.replaceAll("\\{\\*\\}", "[a-zA-Z\\\\d]+"); - String regEx = "^" + uri + "$"; - return (Pattern.compile(regEx).matcher(requestUri).find() || requestUri.startsWith(url + "/")) - && method.equals(permissionInfo.getMethod()); - } - }); + private Stream getPermissionIfs(final String requestUri, final String method, List serviceInfo) { + return serviceInfo.parallelStream().filter(new Predicate() { + @Override + public boolean test(PermissionInfo permissionInfo) { + String url = permissionInfo.getUri(); + String uri = url.replaceAll("\\{\\*\\}", "[a-zA-Z\\\\d]+"); + String regEx = "^" + uri + "$"; + return (Pattern.compile(regEx).matcher(requestUri).find() || requestUri.startsWith(url + "/")) + && method.equals(permissionInfo.getMethod()); + } + }); } private void setCurrentUserInfoAndLog(RequestContext ctx, IJWTInfo user, PermissionInfo pm) { - String host = ClientUtil.getClientIp(ctx.getRequest()); + String host = ClientUtil.getClientIp(ctx.getRequest()); ctx.addZuulRequestHeader("userId", user.getId()); ctx.addZuulRequestHeader("userName", URLEncoder.encode(user.getName())); ctx.addZuulRequestHeader("userHost", ClientUtil.getClientIp(ctx.getRequest())); - LogInfo logInfo = new LogInfo(pm.getMenu(),pm.getName(),pm.getUri(),new Date(),user.getId(),user.getName(),host); + LogInfo logInfo = new LogInfo(pm.getMenu(), pm.getName(), pm.getUri(), new Date(), user.getId(), user.getName(), host); DBLog.getInstance().setLogService(logService).offerQueue(logInfo); } /** * 返回session中的用户信息 + * * @param request * @param ctx * @return */ - private IJWTInfo getJWTUser(HttpServletRequest request,RequestContext ctx) throws Exception { + private IJWTInfo getJWTUser(HttpServletRequest request, RequestContext ctx) throws Exception { String authToken = request.getHeader(userAuthConfig.getTokenHeader()); - if(StringUtils.isBlank(authToken)){ + if (StringUtils.isBlank(authToken)) { authToken = request.getParameter("token"); } - ctx.addZuulRequestHeader(userAuthConfig.getTokenHeader(),authToken); + ctx.addZuulRequestHeader(userAuthConfig.getTokenHeader(), authToken); BaseContextHandler.setToken(authToken); return userAuthUtil.getInfoFromToken(authToken); } - /** - * 读取权限 - * @param request - * @param username - * @return - */ - private List getPermissionInfos(HttpServletRequest request, String username) { - List permissionInfos; - if (request.getSession().getAttribute("permission") == null) { - permissionInfos = userService.getPermissionByUsername(username); - request.getSession().setAttribute("permission", permissionInfos); - } else { - permissionInfos = (List) request.getSession().getAttribute("permission"); - } - return permissionInfos; - } - /** - * 权限校验 - * @param requestUri - * @param method - */ - private void checkUserPermission(final String requestUri, final String method ,RequestContext ctx,IJWTInfo user) { - log.debug("uri:" + requestUri + "----method:" + method); - List permissionInfos = getPermissionInfos(ctx.getRequest(), user.getUniqueName()) ; - Collection result = getPermissionInfos(requestUri, method, permissionInfos); - if (result.size() <= 0) { + private void checkUserPermission(PermissionInfo[] permissions, RequestContext ctx, IJWTInfo user) { + List permissionInfos = userService.getPermissionByUsername(user.getUniqueName()); + PermissionInfo current = null; + for (PermissionInfo info : permissions) { + boolean anyMatch = permissionInfos.parallelStream().anyMatch(new Predicate() { + @Override + public boolean test(PermissionInfo permissionInfo) { + return permissionInfo.getCode().equals(info.getCode()); + } + }); + if (anyMatch) { + current = info; + break; + } + } + if (current == null) { setFailedRequest(JSON.toJSONString(new TokenForbiddenResponse("Token Forbidden!")), 200); - } else{ - PermissionInfo[] pms = result.toArray(new PermissionInfo[]{}); - PermissionInfo pm = pms[0]; - if(!"GET".equals(method)){ - setCurrentUserInfoAndLog(ctx, user, pm); + } else { + if (!RequestMethod.GET.equals(current.getMethod())) { + setCurrentUserInfoAndLog(ctx, user, current); } } } @@ -216,6 +207,7 @@ public class AdminAccessFilter extends ZuulFilter { /** * URI是否以什么打头 + * * @param requestUri * @return */ @@ -230,7 +222,7 @@ public class AdminAccessFilter extends ZuulFilter { } /** - * Reports an error message given a response body and code. + * 网关抛异常 * * @param body * @param code @@ -242,7 +234,7 @@ public class AdminAccessFilter extends ZuulFilter { if (ctx.getResponseBody() == null) { ctx.setResponseBody(body); ctx.setSendZuulResponse(false); -// throw new RuntimeException("Code: " + code + ", " + body); //optional } } + } diff --git a/pom.xml b/pom.xml index 2e1d5ec1..6e543915 100644 --- a/pom.xml +++ b/pom.xml @@ -54,6 +54,13 @@ provided + + + oss + oss + https://oss.sonatype.org/content/groups/public + + -- Gitee