From 5a73061e736c6be15a4c594159894182cefa038e Mon Sep 17 00:00:00 2001
From: YunaiV <>
Date: Wed, 27 Feb 2019 01:19:38 +0800
Subject: [PATCH] =?UTF-8?q?=E5=AE=8C=E5=96=84=E7=AE=A1=E7=90=86=E5=91=98?=
 =?UTF-8?q?=E8=AE=A4=E8=AF=81=E3=80=81=E9=89=B4=E6=9D=83=E6=8B=A6=E6=88=AA?=
 =?UTF-8?q?=E5=99=A8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 admin/admin-application/pom.xml               |  9 +++++++++
 .../mall/admin/config/MVCConfiguration.java   | 20 ++++++++++++++-----
 .../admin/controller/AdminController.java     |  7 ++++++-
 admin/admin-sdk/pom.xml                       |  3 ++-
 .../context/AdminSecurityContextHolder.java   |  2 +-
 .../interceptor/AdminSecurityInterceptor.java |  2 +-
 .../mall/admin/convert/OAuth2Convert.java     | 13 +++++++-----
 .../iocoder/mall/admin/dataobject/RoleDO.java |  9 +++++++++
 .../mall/admin/dataobject/RoleResourceDO.java |  2 +-
 .../mall/admin/service/OAuth2ServiceImpl.java |  5 +++--
 .../resources/mapper/RoleResourceMapper.xml   |  4 ++--
 11 files changed, 57 insertions(+), 19 deletions(-)

diff --git a/admin/admin-application/pom.xml b/admin/admin-application/pom.xml
index c316c806d..d5ce7fb04 100644
--- a/admin/admin-application/pom.xml
+++ b/admin/admin-application/pom.xml
@@ -80,12 +80,21 @@
             <version>${org.mapstruct.version}</version>
         </dependency>
 
+        <dependency>
+            <groupId>cn.iocoder.mall</groupId>
+            <artifactId>admin-sdk</artifactId>
+            <version>1.0-SNAPSHOT</version>
+            <scope>compile</scope>
+        </dependency>
+
         <dependency>
             <groupId>org.springframework.boot</groupId>
             <artifactId>spring-boot-devtools</artifactId>
             <optional>true</optional>
         </dependency>
 
+
+
     </dependencies>
 
     <build>
diff --git a/admin/admin-application/src/main/java/cn/iocoder/mall/admin/config/MVCConfiguration.java b/admin/admin-application/src/main/java/cn/iocoder/mall/admin/config/MVCConfiguration.java
index 70d181d5d..1de4d78a9 100644
--- a/admin/admin-application/src/main/java/cn/iocoder/mall/admin/config/MVCConfiguration.java
+++ b/admin/admin-application/src/main/java/cn/iocoder/mall/admin/config/MVCConfiguration.java
@@ -1,23 +1,33 @@
 package cn.iocoder.mall.admin.config;
 
+import cn.iocoder.common.framework.config.GlobalExceptionHandler;
+import cn.iocoder.mall.admin.sdk.interceptor.AdminSecurityInterceptor;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.context.annotation.Configuration;
+import org.springframework.context.annotation.Import;
 import org.springframework.web.servlet.config.annotation.EnableWebMvc;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
 import org.springframework.web.servlet.config.annotation.ResourceHandlerRegistry;
 import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 @EnableWebMvc
 @Configuration
-//@Import(value = {GlobalExceptionHandler.class,  // 统一全局返回
-//        ) // TODO 安全拦截器，实现认证和授权功能。
+@Import(value = {GlobalExceptionHandler.class,  // 统一全局返回
+        AdminSecurityInterceptor.class})
 public class MVCConfiguration implements WebMvcConfigurer {
 
 //    @Autowired
 //    private UserSecurityInterceptor securityInterceptor;
+
+    @Autowired
+    private AdminSecurityInterceptor adminSecurityInterceptor;
 //
-//    @Override
-//    public void addInterceptors(InterceptorRegistry registry) {
+    @Override
+    public void addInterceptors(InterceptorRegistry registry) {
 //        registry.addInterceptor(securityInterceptor).addPathPatterns("/user/**", "/admin/**"); // 只拦截我们定义的接口
-//    }
+        registry.addInterceptor(adminSecurityInterceptor).addPathPatterns("/admin/**")
+                .excludePathPatterns("/admin/passport/login"); // 排除登陆接口
+    }
 
     @Override
     public void addResourceHandlers(ResourceHandlerRegistry registry) {
diff --git a/admin/admin-application/src/main/java/cn/iocoder/mall/admin/controller/AdminController.java b/admin/admin-application/src/main/java/cn/iocoder/mall/admin/controller/AdminController.java
index 33f556690..4e08f3f7c 100644
--- a/admin/admin-application/src/main/java/cn/iocoder/mall/admin/controller/AdminController.java
+++ b/admin/admin-application/src/main/java/cn/iocoder/mall/admin/controller/AdminController.java
@@ -1,6 +1,8 @@
 package cn.iocoder.mall.admin.controller;
 
+import cn.iocoder.common.framework.vo.CommonResult;
 import io.swagger.annotations.Api;
+import org.springframework.web.bind.annotation.GetMapping;
 import org.springframework.web.bind.annotation.RequestMapping;
 import org.springframework.web.bind.annotation.RestController;
 
@@ -9,6 +11,9 @@ import org.springframework.web.bind.annotation.RestController;
 @Api("管理员模块")
 public class AdminController {
 
-    
+    @GetMapping("/info")
+    public CommonResult<Void> info() {
+        return null;
+    }
 
 }
\ No newline at end of file
diff --git a/admin/admin-sdk/pom.xml b/admin/admin-sdk/pom.xml
index b83e37b75..16f78d67f 100644
--- a/admin/admin-sdk/pom.xml
+++ b/admin/admin-sdk/pom.xml
@@ -9,7 +9,8 @@
     </parent>
     <modelVersion>4.0.0</modelVersion>
 
-    <artifactId>application-sdk</artifactId>
+    <artifactId>admin-sdk</artifactId>
+
     <dependencies>
         <dependency>
             <groupId>org.springframework</groupId>
diff --git a/admin/admin-sdk/src/main/java/cn/iocoder/mall/admin/sdk/context/AdminSecurityContextHolder.java b/admin/admin-sdk/src/main/java/cn/iocoder/mall/admin/sdk/context/AdminSecurityContextHolder.java
index 9eca2c5bf..50419489c 100644
--- a/admin/admin-sdk/src/main/java/cn/iocoder/mall/admin/sdk/context/AdminSecurityContextHolder.java
+++ b/admin/admin-sdk/src/main/java/cn/iocoder/mall/admin/sdk/context/AdminSecurityContextHolder.java
@@ -17,7 +17,7 @@ public class AdminSecurityContextHolder {
         AdminSecurityContext ctx = securityContext.get();
         // 为空时，设置一个空的进去
         if (ctx == null) {
-            ctx = new AdminSecurityContext(null, roleIds);
+            ctx = new AdminSecurityContext(null, null);
             securityContext.set(ctx);
         }
         return ctx;
diff --git a/admin/admin-sdk/src/main/java/cn/iocoder/mall/admin/sdk/interceptor/AdminSecurityInterceptor.java b/admin/admin-sdk/src/main/java/cn/iocoder/mall/admin/sdk/interceptor/AdminSecurityInterceptor.java
index 6ba914581..18a6fefb2 100644
--- a/admin/admin-sdk/src/main/java/cn/iocoder/mall/admin/sdk/interceptor/AdminSecurityInterceptor.java
+++ b/admin/admin-sdk/src/main/java/cn/iocoder/mall/admin/sdk/interceptor/AdminSecurityInterceptor.java
@@ -35,7 +35,7 @@ public class AdminSecurityInterceptor extends HandlerInterceptorAdapter {
                 throw new ServiceException(result.getCode(), result.getMessage());
             }
             authentication = result.getData();
-            // 添加到 SecurityContext
+            // 添加到 AdminSecurityContext
             AdminSecurityContext context = new AdminSecurityContext(authentication.getAdminId(), authentication.getRoleIds());
             AdminSecurityContextHolder.setContext(context);
         }
diff --git a/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/convert/OAuth2Convert.java b/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/convert/OAuth2Convert.java
index 57ccd8f8f..a58c8d271 100644
--- a/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/convert/OAuth2Convert.java
+++ b/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/convert/OAuth2Convert.java
@@ -10,6 +10,7 @@ import org.mapstruct.Mappings;
 import org.mapstruct.factory.Mappers;
 
 import java.util.List;
+import java.util.stream.Collectors;
 
 @Mapper
 public interface OAuth2Convert {
@@ -26,10 +27,12 @@ public interface OAuth2Convert {
                 .setExpiresIn(Math.max((int) ((oauth2AccessTokenDO.getExpiresTime().getTime() - System.currentTimeMillis()) / 1000), 0));
     }
 
-    @Mappings({
-            @Mapping(source = "oauth2AccessTokenDO.id", target = "accessToken"),
-            @Mapping(source = "adminRoleDOs.roleId", target = "roleIds")
-    })
-    OAuth2AuthenticationBO convertToAuthentication(OAuth2AccessTokenDO oauth2AccessTokenDO, List<AdminRoleDO> adminRoleDOs);
+    @Mappings({})
+    OAuth2AuthenticationBO convertToAuthentication(OAuth2AccessTokenDO oauth2AccessTokenDO);
+
+    default OAuth2AuthenticationBO convertToAuthentication(OAuth2AccessTokenDO oauth2AccessTokenDO, List<AdminRoleDO> adminRoleDOs) {
+        return convertToAuthentication(oauth2AccessTokenDO)
+                .setRoleIds(adminRoleDOs.stream().map(AdminRoleDO::getRoleId).collect(Collectors.toSet()));
+    }
 
 }
\ No newline at end of file
diff --git a/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/dataobject/RoleDO.java b/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/dataobject/RoleDO.java
index e5e34b4c7..fdc9ffc26 100644
--- a/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/dataobject/RoleDO.java
+++ b/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/dataobject/RoleDO.java
@@ -33,6 +33,15 @@ public class RoleDO {
      */
     private Integer status;
 
+    public Integer getId() {
+        return id;
+    }
+
+    public RoleDO setId(Integer id) {
+        this.id = id;
+        return this;
+    }
+
     public String getName() {
         return name;
     }
diff --git a/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/dataobject/RoleResourceDO.java b/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/dataobject/RoleResourceDO.java
index 79ed702da..d8795b96a 100644
--- a/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/dataobject/RoleResourceDO.java
+++ b/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/dataobject/RoleResourceDO.java
@@ -16,7 +16,7 @@ public class RoleResourceDO {
      */
     private Integer roleId;
     /**
-     * 资源比那好(外键：{@link ResourceDO}
+     * 资源编号(外键：{@link ResourceDO}
      */
     private Integer resourceId;
     /**
diff --git a/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/service/OAuth2ServiceImpl.java b/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/service/OAuth2ServiceImpl.java
index 22e173568..27734f4fa 100644
--- a/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/service/OAuth2ServiceImpl.java
+++ b/admin/admin-service-impl/src/main/java/cn/iocoder/mall/admin/service/OAuth2ServiceImpl.java
@@ -70,6 +70,7 @@ public class OAuth2ServiceImpl implements OAuth2Service {
         }
         // 获得管理员拥有的角色
         List<AdminRoleDO> adminRoleDOs = adminService.getAdminRoles(accessTokenDO.getAdminId());
+        // TODO 芋艿，有个 bug ，要排除掉已经失效的角色
         return CommonResult.success(OAuth2Convert.INSTANCE.convertToAuthentication(accessTokenDO, adminRoleDOs));
     }
 
@@ -81,11 +82,11 @@ public class OAuth2ServiceImpl implements OAuth2Service {
         }
         // 校验权限
         List<RoleResourceDO> roleResourceDOs = roleService.getRoleByResourceHandler(url);
-        if (roleResourceDOs.isEmpty()) { // 任何角色，都可以访问
+        if (roleResourceDOs.isEmpty()) { // 任何角色，都可以访问。TODO 后面调整下，如果未配置的资源，直接不校验权限
             return CommonResult.success(true);
         }
         for (RoleResourceDO roleResourceDO : roleResourceDOs) {
-            if (roleIds.contains(roleResourceDO.getId())) {
+            if (roleIds.contains(roleResourceDO.getRoleId())) {
                 return CommonResult.success(true);
             }
         }
diff --git a/admin/admin-service-impl/src/main/resources/mapper/RoleResourceMapper.xml b/admin/admin-service-impl/src/main/resources/mapper/RoleResourceMapper.xml
index d3d57df15..b351fccff 100644
--- a/admin/admin-service-impl/src/main/resources/mapper/RoleResourceMapper.xml
+++ b/admin/admin-service-impl/src/main/resources/mapper/RoleResourceMapper.xml
@@ -12,8 +12,8 @@
 
     <select id="selectByResourceHandler" parameterType="String" resultType="RoleResourceDO">
       SELECT
-        rr.id, rr.role_id, rr.resouce_id
-      FROM resouce r, role_resource rr
+        rr.id, rr.role_id, rr.resource_id
+      FROM resource r, role_resource rr
       WHERE r.handler = #{resourceHandler}
       AND r.id = rr.resource_id
     </select>