From 6a4b6fe67fdfa02e8e8b3ed08d571b73a95db074 Mon Sep 17 00:00:00 2001
From: YunaiV <>
Date: Sun, 5 Jul 2020 00:10:55 +0800
Subject: [PATCH] =?UTF-8?q?=E5=88=9B=E5=BB=BA=20mall-spring-boot-starter-s?=
=?UTF-8?q?ecurity-admin=20=E6=A8=A1=E5=9D=97=EF=BC=8C=E7=94=A8=E4=BA=8E?=
=?UTF-8?q?=E7=AE=A1=E7=90=86=E5=91=98=E7=9A=84=E8=AE=A4=E8=AF=81=E6=8B=A6?=
=?UTF-8?q?=E6=88=AA=E5=99=A8?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
---
.../pom.xml | 9 +-
.../AdminSecurityAutoConfiguration.java | 44 +++++++
.../core/context/AdminSecurityContext.java | 6 +-
.../context/AdminSecurityContextHolder.java | 6 +-
.../interceptor/AdminDemoInterceptor.java | 10 +-
.../interceptor/AdminSecurityInterceptor.java | 94 +++++++++++++++
.../main/resources/META-INF/spring.factories | 2 +
.../interceptor/UserSecurityInterceptor.java | 11 +-
.../CommonSecurityAutoConfiguration.java | 73 ------------
.../core/context/UserSecurityContext.java | 18 ---
.../context/UserSecurityContextHolder.java | 30 -----
.../interceptor/AccountAuthInterceptor.java | 111 ------------------
.../interceptor/AdminSecurityInterceptor.java | 50 --------
.../interceptor/UserSecurityInterceptor.java | 48 --------
.../main/resources/META-INF/spring.factories | 2 -
common/pom.xml | 2 +-
mall-dependencies/pom.xml | 4 +-
management-web-app/pom.xml | 5 +
.../passport/AdminPassportController.java | 5 +-
.../biz/config/DatabaseConfiguration.java | 14 ---
.../config/ServiceExceptionConfiguration.java | 26 ----
.../user/biz/dataobject/UserAccessLogDO.java | 55 ---------
.../mall/user/biz/dataobject/UserDO.java | 41 -------
.../user/biz/dataobject/UserLoginLogDO.java | 9 --
24 files changed, 173 insertions(+), 502 deletions(-)
rename common/{mall-spring-boot-starter-security => mall-spring-boot-starter-security-admin}/pom.xml (82%)
create mode 100644 common/mall-spring-boot-starter-security-admin/src/main/java/cn/iocoder/mall/security/admin/config/AdminSecurityAutoConfiguration.java
rename common/{mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security => mall-spring-boot-starter-security-admin/src/main/java/cn/iocoder/mall/security/admin}/core/context/AdminSecurityContext.java (67%)
rename common/{mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security => mall-spring-boot-starter-security-admin/src/main/java/cn/iocoder/mall/security/admin}/core/context/AdminSecurityContextHolder.java (86%)
rename common/{mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security => mall-spring-boot-starter-security-admin/src/main/java/cn/iocoder/mall/security/admin}/core/interceptor/AdminDemoInterceptor.java (74%)
create mode 100644 common/mall-spring-boot-starter-security-admin/src/main/java/cn/iocoder/mall/security/admin/core/interceptor/AdminSecurityInterceptor.java
create mode 100644 common/mall-spring-boot-starter-security-admin/src/main/resources/META-INF/spring.factories
delete mode 100644 common/mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security/config/CommonSecurityAutoConfiguration.java
delete mode 100644 common/mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security/core/context/UserSecurityContext.java
delete mode 100644 common/mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security/core/context/UserSecurityContextHolder.java
delete mode 100644 common/mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security/core/interceptor/AccountAuthInterceptor.java
delete mode 100644 common/mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security/core/interceptor/AdminSecurityInterceptor.java
delete mode 100644 common/mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security/core/interceptor/UserSecurityInterceptor.java
delete mode 100644 common/mall-spring-boot-starter-security/src/main/resources/META-INF/spring.factories
delete mode 100644 user/user-service-impl/src/main/java/cn/iocoder/mall/user/biz/config/DatabaseConfiguration.java
delete mode 100644 user/user-service-impl/src/main/java/cn/iocoder/mall/user/biz/config/ServiceExceptionConfiguration.java
delete mode 100644 user/user-service-impl/src/main/java/cn/iocoder/mall/user/biz/dataobject/UserAccessLogDO.java
delete mode 100644 user/user-service-impl/src/main/java/cn/iocoder/mall/user/biz/dataobject/UserDO.java
delete mode 100644 user/user-service-impl/src/main/java/cn/iocoder/mall/user/biz/dataobject/UserLoginLogDO.java
diff --git a/common/mall-spring-boot-starter-security/pom.xml b/common/mall-spring-boot-starter-security-admin/pom.xml
similarity index 82%
rename from common/mall-spring-boot-starter-security/pom.xml
rename to common/mall-spring-boot-starter-security-admin/pom.xml
index 89cf3eb32..5a11b847d 100644
--- a/common/mall-spring-boot-starter-security/pom.xml
+++ b/common/mall-spring-boot-starter-security-admin/pom.xml
@@ -9,13 +9,13 @@
4.0.0
- mall-spring-boot-starter-security
+ mall-spring-boot-starter-security-admin
cn.iocoder.mall
- system-rpc-api
+ system-service-api
1.0-SNAPSHOT
@@ -33,6 +33,11 @@
1.0-SNAPSHOT
+
+ cn.iocoder.mall
+ mall-security-annotations
+
+
org.apache.dubbo
diff --git a/common/mall-spring-boot-starter-security-admin/src/main/java/cn/iocoder/mall/security/admin/config/AdminSecurityAutoConfiguration.java b/common/mall-spring-boot-starter-security-admin/src/main/java/cn/iocoder/mall/security/admin/config/AdminSecurityAutoConfiguration.java
new file mode 100644
index 000000000..3575e9fb3
--- /dev/null
+++ b/common/mall-spring-boot-starter-security-admin/src/main/java/cn/iocoder/mall/security/admin/config/AdminSecurityAutoConfiguration.java
@@ -0,0 +1,44 @@
+package cn.iocoder.mall.security.admin.config;
+
+import cn.iocoder.mall.security.admin.core.interceptor.AdminDemoInterceptor;
+import cn.iocoder.mall.security.admin.core.interceptor.AdminSecurityInterceptor;
+import cn.iocoder.mall.web.config.CommonWebAutoConfiguration;
+import org.slf4j.Logger;
+import org.slf4j.LoggerFactory;
+import org.springframework.boot.autoconfigure.AutoConfigureAfter;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
+import org.springframework.context.annotation.Bean;
+import org.springframework.context.annotation.Configuration;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
+
+@Configuration
+@AutoConfigureAfter(CommonWebAutoConfiguration.class) // 在 CommonWebAutoConfiguration 之后自动配置,保证过滤器的顺序
+@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
+public class AdminSecurityAutoConfiguration implements WebMvcConfigurer {
+
+ private Logger logger = LoggerFactory.getLogger(getClass());
+
+ // ========== 拦截器相关 ==========
+
+ @Bean
+ public AdminSecurityInterceptor adminSecurityInterceptor() {
+ return new AdminSecurityInterceptor();
+ }
+
+ @Bean
+ public AdminDemoInterceptor adminDemoInterceptor() {
+ return new AdminDemoInterceptor();
+ }
+
+ @Override
+ public void addInterceptors(InterceptorRegistry registry) {
+ // AdminSecurityInterceptor 拦截器
+ registry.addInterceptor(this.adminSecurityInterceptor());
+ logger.info("[addInterceptors][加载 AdminSecurityInterceptor 拦截器完成]");
+ // AdminDemoInterceptor 拦截器
+ registry.addInterceptor(this.adminDemoInterceptor());
+ logger.info("[addInterceptors][加载 AdminDemoInterceptor 拦截器完成]");
+ }
+
+}
diff --git a/common/mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security/core/context/AdminSecurityContext.java b/common/mall-spring-boot-starter-security-admin/src/main/java/cn/iocoder/mall/security/admin/core/context/AdminSecurityContext.java
similarity index 67%
rename from common/mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security/core/context/AdminSecurityContext.java
rename to common/mall-spring-boot-starter-security-admin/src/main/java/cn/iocoder/mall/security/admin/core/context/AdminSecurityContext.java
index ba344fe6d..242797584 100644
--- a/common/mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security/core/context/AdminSecurityContext.java
+++ b/common/mall-spring-boot-starter-security-admin/src/main/java/cn/iocoder/mall/security/admin/core/context/AdminSecurityContext.java
@@ -1,4 +1,4 @@
-package cn.iocoder.mall.security.core.context;
+package cn.iocoder.mall.security.admin.core.context;
import lombok.Data;
import lombok.experimental.Accessors;
@@ -14,9 +14,5 @@ public class AdminSecurityContext {
* 管理员编号
*/
private Integer adminId;
- /**
- * 账号编号
- */
- private Integer accountId;
}
diff --git a/common/mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security/core/context/AdminSecurityContextHolder.java b/common/mall-spring-boot-starter-security-admin/src/main/java/cn/iocoder/mall/security/admin/core/context/AdminSecurityContextHolder.java
similarity index 86%
rename from common/mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security/core/context/AdminSecurityContextHolder.java
rename to common/mall-spring-boot-starter-security-admin/src/main/java/cn/iocoder/mall/security/admin/core/context/AdminSecurityContextHolder.java
index 3b808fa80..357c3c7d4 100644
--- a/common/mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security/core/context/AdminSecurityContextHolder.java
+++ b/common/mall-spring-boot-starter-security-admin/src/main/java/cn/iocoder/mall/security/admin/core/context/AdminSecurityContextHolder.java
@@ -1,4 +1,4 @@
-package cn.iocoder.mall.security.core.context;
+package cn.iocoder.mall.security.admin.core.context;
/**
* {@link AdminSecurityContext} Holder
@@ -31,8 +31,4 @@ public class AdminSecurityContextHolder {
return getContext().getAdminId();
}
- public static Integer getAccountId() {
- return getContext().getAccountId();
- }
-
}
diff --git a/common/mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security/core/interceptor/AdminDemoInterceptor.java b/common/mall-spring-boot-starter-security-admin/src/main/java/cn/iocoder/mall/security/admin/core/interceptor/AdminDemoInterceptor.java
similarity index 74%
rename from common/mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security/core/interceptor/AdminDemoInterceptor.java
rename to common/mall-spring-boot-starter-security-admin/src/main/java/cn/iocoder/mall/security/admin/core/interceptor/AdminDemoInterceptor.java
index 0bda7d9d3..ec6618eed 100644
--- a/common/mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security/core/interceptor/AdminDemoInterceptor.java
+++ b/common/mall-spring-boot-starter-security-admin/src/main/java/cn/iocoder/mall/security/admin/core/interceptor/AdminDemoInterceptor.java
@@ -1,8 +1,8 @@
-package cn.iocoder.mall.security.core.interceptor;
+package cn.iocoder.mall.security.admin.core.interceptor;
import cn.iocoder.common.framework.util.ServiceExceptionUtil;
-import cn.iocoder.mall.security.core.context.AdminSecurityContextHolder;
-import cn.iocoder.mall.system.biz.enums.SystemErrorCodeEnum;
+import cn.iocoder.mall.security.admin.core.context.AdminSecurityContextHolder;
+import cn.iocoder.mall.systemservice.enums.SystemErrorCodeEnum;
import org.springframework.http.HttpMethod;
import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
@@ -20,9 +20,9 @@ public class AdminDemoInterceptor extends HandlerInterceptorAdapter {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
// 当 Admin 编号等于 0 时,约定为演示账号
- if (Objects.equals(AdminSecurityContextHolder.getContext().getAdminId(), 0)
+ if (Objects.equals(AdminSecurityContextHolder.getAdminId(), 0)
&& request.getMethod().equalsIgnoreCase(HttpMethod.POST.toString())) {
- throw ServiceExceptionUtil.exception(SystemErrorCodeEnum.AUTHORIZATION_DEMO_PERMISSION_DENY.getCode());
+ throw ServiceExceptionUtil.exception(SystemErrorCodeEnum.AUTHORIZATION_DEMO_PERMISSION_DENY);
}
return true;
}
diff --git a/common/mall-spring-boot-starter-security-admin/src/main/java/cn/iocoder/mall/security/admin/core/interceptor/AdminSecurityInterceptor.java b/common/mall-spring-boot-starter-security-admin/src/main/java/cn/iocoder/mall/security/admin/core/interceptor/AdminSecurityInterceptor.java
new file mode 100644
index 000000000..d73876c3a
--- /dev/null
+++ b/common/mall-spring-boot-starter-security-admin/src/main/java/cn/iocoder/mall/security/admin/core/interceptor/AdminSecurityInterceptor.java
@@ -0,0 +1,94 @@
+package cn.iocoder.mall.security.admin.core.interceptor;
+
+import cn.iocoder.common.framework.enums.UserTypeEnum;
+import cn.iocoder.common.framework.util.CollectionUtil;
+import cn.iocoder.common.framework.util.HttpUtil;
+import cn.iocoder.common.framework.util.ServiceExceptionUtil;
+import cn.iocoder.common.framework.vo.CommonResult;
+import cn.iocoder.mall.security.admin.core.context.AdminSecurityContext;
+import cn.iocoder.mall.security.admin.core.context.AdminSecurityContextHolder;
+import cn.iocoder.mall.systemservice.enums.SystemErrorCodeEnum;
+import cn.iocoder.mall.systemservice.rpc.oauth.OAuth2Rpc;
+import cn.iocoder.mall.systemservice.rpc.oauth.vo.OAuth2AccessTokenVO;
+import cn.iocoder.mall.web.core.util.CommonWebUtil;
+import cn.iocoder.security.annotations.RequiresNone;
+import cn.iocoder.security.annotations.RequiresPermissions;
+import org.apache.dubbo.config.annotation.Reference;
+import org.springframework.web.method.HandlerMethod;
+import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+import static cn.iocoder.mall.systemservice.enums.SystemErrorCodeEnum.OAUTH_USER_TYPE_ERROR;
+
+public class AdminSecurityInterceptor extends HandlerInterceptorAdapter {
+
+ @Reference(validation = "true", version = "${dubbo.consumer.OAuth2Rpc.version}")
+ private OAuth2Rpc oauth2Rpc;
+
+ @Override
+ public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
+ // 获得访问令牌
+ Integer adminId = this.obtainAdminId(request);
+ // 校验认证
+ this.checkAuthentication((HandlerMethod) handler, adminId);
+ // 校验权限
+ this.checkPermission((HandlerMethod) handler, adminId);
+ return true;
+ }
+
+ private Integer obtainAdminId(HttpServletRequest request) {
+ String accessToken = HttpUtil.obtainAuthorization(request);
+ Integer adminId = null;
+ if (accessToken != null) {
+ CommonResult checkAccessTokenResult = oauth2Rpc.checkAccessToken(accessToken);
+ checkAccessTokenResult.checkError();
+ // 校验用户类型正确
+ if (!UserTypeEnum.ADMIN.getValue().equals(checkAccessTokenResult.getData().getUserType())) {
+ throw ServiceExceptionUtil.exception(OAUTH_USER_TYPE_ERROR);
+ }
+ // 获得用户编号
+ adminId = checkAccessTokenResult.getData().getUserId();
+ // 设置到 Request 中
+ CommonWebUtil.setUserId(request, adminId);
+ CommonWebUtil.setUserType(request, UserTypeEnum.ADMIN.getValue());
+ // 设置到
+ AdminSecurityContext adminSecurityContext = new AdminSecurityContext().setAdminId(adminId);
+ AdminSecurityContextHolder.setContext(adminSecurityContext);
+ }
+ return adminId;
+ }
+
+ private void checkAuthentication(HandlerMethod handlerMethod, Integer adminId) {
+ boolean requiresAuthenticate = !handlerMethod.hasMethodAnnotation(RequiresNone.class); // 对于 ADMIN 来说,默认需登录
+ if (requiresAuthenticate && adminId == null) {
+ throw ServiceExceptionUtil.exception(SystemErrorCodeEnum.OAUTH2_NOT_AUTHENTICATION);
+ }
+ }
+
+ private void checkPermission(HandlerMethod handlerMethod, Integer accountId) {
+ RequiresPermissions requiresPermissions = handlerMethod.getMethodAnnotation(RequiresPermissions.class);
+ if (requiresPermissions == null) {
+ return;
+ }
+ String[] permissions = requiresPermissions.value();
+ if (CollectionUtil.isEmpty(permissions)) {
+ return;
+ }
+ // 权限验证 TODO 待完成
+// AuthorizationCheckPermissionsRequest authorizationCheckPermissionsRequest = new AuthorizationCheckPermissionsRequest()
+// .setAccountId(accountId).setPermissions(Arrays.asList(permissions));
+// CommonResult authorizationCheckPermissionsResult = authorizationRPC.checkPermissions(authorizationCheckPermissionsRequest);
+// if (authorizationCheckPermissionsResult.isError()) { // TODO 有一个问题点,假设 token 认证失败,但是该 url 是无需认证的,是不是一样能够执行过去?
+// throw ServiceExceptionUtil.exception(authorizationCheckPermissionsResult);
+// }
+ }
+
+ @Override
+ public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) {
+ // 清空 SecurityContext
+ AdminSecurityContextHolder.clear();
+ }
+
+}
diff --git a/common/mall-spring-boot-starter-security-admin/src/main/resources/META-INF/spring.factories b/common/mall-spring-boot-starter-security-admin/src/main/resources/META-INF/spring.factories
new file mode 100644
index 000000000..f9774e1c8
--- /dev/null
+++ b/common/mall-spring-boot-starter-security-admin/src/main/resources/META-INF/spring.factories
@@ -0,0 +1,2 @@
+org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
+ cn.iocoder.mall.security.admin.config.AdminSecurityAutoConfiguration
diff --git a/common/mall-spring-boot-starter-security-user/src/main/java/cn/iocoder/mall/security/user/core/interceptor/UserSecurityInterceptor.java b/common/mall-spring-boot-starter-security-user/src/main/java/cn/iocoder/mall/security/user/core/interceptor/UserSecurityInterceptor.java
index acfa030fd..19db07bfe 100644
--- a/common/mall-spring-boot-starter-security-user/src/main/java/cn/iocoder/mall/security/user/core/interceptor/UserSecurityInterceptor.java
+++ b/common/mall-spring-boot-starter-security-user/src/main/java/cn/iocoder/mall/security/user/core/interceptor/UserSecurityInterceptor.java
@@ -29,6 +29,13 @@ public class UserSecurityInterceptor extends HandlerInterceptorAdapter {
@Override
public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
// 获得访问令牌
+ Integer userId = this.obtainUserId(request);
+ // 校验认证
+ this.checkAuthentication((HandlerMethod) handler, userId);
+ return true;
+ }
+
+ private Integer obtainUserId(HttpServletRequest request) {
String accessToken = HttpUtil.obtainAuthorization(request);
Integer userId = null;
if (accessToken != null) {
@@ -47,9 +54,7 @@ public class UserSecurityInterceptor extends HandlerInterceptorAdapter {
UserSecurityContext userSecurityContext = new UserSecurityContext().setUserId(userId);
UserSecurityContextHolder.setContext(userSecurityContext);
}
- // 校验认证
- this.checkAuthentication((HandlerMethod) handler, userId);
- return true;
+ return userId;
}
private void checkAuthentication(HandlerMethod handlerMethod, Integer userId) {
diff --git a/common/mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security/config/CommonSecurityAutoConfiguration.java b/common/mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security/config/CommonSecurityAutoConfiguration.java
deleted file mode 100644
index 57646d6d9..000000000
--- a/common/mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security/config/CommonSecurityAutoConfiguration.java
+++ /dev/null
@@ -1,73 +0,0 @@
-package cn.iocoder.mall.security.config;
-
-import cn.iocoder.mall.security.core.interceptor.AccountAuthInterceptor;
-import cn.iocoder.mall.security.core.interceptor.AdminDemoInterceptor;
-import cn.iocoder.mall.security.core.interceptor.AdminSecurityInterceptor;
-import cn.iocoder.mall.security.core.interceptor.UserSecurityInterceptor;
-import cn.iocoder.mall.web.config.CommonWebAutoConfiguration;
-import cn.iocoder.mall.web.core.constant.CommonMallConstants;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.boot.autoconfigure.AutoConfigureAfter;
-import org.springframework.boot.autoconfigure.condition.ConditionalOnWebApplication;
-import org.springframework.context.annotation.Bean;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
-import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
-
-@Configuration
-@AutoConfigureAfter(CommonWebAutoConfiguration.class) // 在 CommonWebAutoConfiguration 之后自动配置,保证过滤器的顺序
-@ConditionalOnWebApplication(type = ConditionalOnWebApplication.Type.SERVLET)
-public class CommonSecurityAutoConfiguration implements WebMvcConfigurer {
-
- private Logger logger = LoggerFactory.getLogger(getClass());
-
- // ========== 拦截器相关 ==========
- @Bean
- public AccountAuthInterceptor adminAccountAuthInterceptor() {
- return new AccountAuthInterceptor(true);
- }
-
- @Bean
- public AccountAuthInterceptor userAccountAuthInterceptor() {
- return new AccountAuthInterceptor(false);
- }
-
- @Bean
- public AdminSecurityInterceptor adminSecurityInterceptor() {
- return new AdminSecurityInterceptor();
- }
-
- @Bean
- public UserSecurityInterceptor userSecurityInterceptor() {
- return new UserSecurityInterceptor();
- }
-
- @Bean
- public AdminDemoInterceptor adminDemoInterceptor() {
- return new AdminDemoInterceptor();
- }
-
- @Override
- public void addInterceptors(InterceptorRegistry registry) {
- // AccountAuthInterceptor 拦截器
- registry.addInterceptor(this.userAccountAuthInterceptor())
- .addPathPatterns(CommonMallConstants.ROOT_PATH_USER + "/**");
- registry.addInterceptor(this.adminAccountAuthInterceptor())
- .addPathPatterns(CommonMallConstants.ROOT_PATH_ADMIN + "/**");
- logger.info("[addInterceptors][加载 AccountAuthInterceptor 拦截器完成]");
- // AdminSecurityInterceptor 拦截器
- registry.addInterceptor(this.adminSecurityInterceptor())
- .addPathPatterns(CommonMallConstants.ROOT_PATH_ADMIN + "/**");
- logger.info("[addInterceptors][加载 AdminSecurityInterceptor 拦截器完成]");
- // UserSecurityInterceptor 拦截器
- registry.addInterceptor(this.userAccountAuthInterceptor())
- .addPathPatterns(CommonMallConstants.ROOT_PATH_USER + "/**");
- logger.info("[addInterceptors][加载 UserSecurityInterceptor 拦截器完成]");
- // AdminDemoInterceptor 拦截器
- registry.addInterceptor(this.adminDemoInterceptor())
- .addPathPatterns(CommonMallConstants.ROOT_PATH_ADMIN + "/**");
- logger.info("[addInterceptors][加载 AdminDemoInterceptor 拦截器完成]");
- }
-
-}
diff --git a/common/mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security/core/context/UserSecurityContext.java b/common/mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security/core/context/UserSecurityContext.java
deleted file mode 100644
index ad7a79040..000000000
--- a/common/mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security/core/context/UserSecurityContext.java
+++ /dev/null
@@ -1,18 +0,0 @@
-package cn.iocoder.mall.security.core.context;
-
-import lombok.Data;
-import lombok.experimental.Accessors;
-
-/**
- * User Security 上下文
- */
-@Data
-@Accessors(chain = true)
-public class UserSecurityContext {
-
- /**
- * 用户编号
- */
- private Integer userId;
-
-}
diff --git a/common/mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security/core/context/UserSecurityContextHolder.java b/common/mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security/core/context/UserSecurityContextHolder.java
deleted file mode 100644
index 7c6d9e92a..000000000
--- a/common/mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security/core/context/UserSecurityContextHolder.java
+++ /dev/null
@@ -1,30 +0,0 @@
-package cn.iocoder.mall.security.core.context;
-
-/**
- * {@link UserSecurityContext} Holder
- *
- * 参考 spring security 的 ThreadLocalSecurityContextHolderStrategy 类,简单实现。
- */
-public class UserSecurityContextHolder {
-
- private static final ThreadLocal SECURITY_CONTEXT = new ThreadLocal();
-
- public static void setContext(UserSecurityContext context) {
- SECURITY_CONTEXT.set(context);
- }
-
- public static UserSecurityContext getContext() {
- UserSecurityContext ctx = SECURITY_CONTEXT.get();
- // 为空时,设置一个空的进去
- if (ctx == null) {
- ctx = new UserSecurityContext();
- SECURITY_CONTEXT.set(ctx);
- }
- return ctx;
- }
-
- public static void clear() {
- SECURITY_CONTEXT.remove();
- }
-
-}
diff --git a/common/mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security/core/interceptor/AccountAuthInterceptor.java b/common/mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security/core/interceptor/AccountAuthInterceptor.java
deleted file mode 100644
index b45c07c21..000000000
--- a/common/mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security/core/interceptor/AccountAuthInterceptor.java
+++ /dev/null
@@ -1,111 +0,0 @@
-package cn.iocoder.mall.security.core.interceptor;
-
-import cn.iocoder.common.framework.util.CollectionUtil;
-import cn.iocoder.common.framework.util.HttpUtil;
-import cn.iocoder.common.framework.util.ServiceExceptionUtil;
-import cn.iocoder.common.framework.vo.CommonResult;
-import cn.iocoder.mall.security.core.annotation.RequiresAuthenticate;
-import cn.iocoder.mall.security.core.annotation.RequiresNone;
-import cn.iocoder.mall.security.core.annotation.RequiresPermissions;
-import cn.iocoder.mall.system.biz.enums.SystemErrorCodeEnum;
-import cn.iocoder.mall.system.rpc.api.authorization.AuthorizationRPC;
-import cn.iocoder.mall.system.rpc.api.oauth2.OAuth2RPC;
-import cn.iocoder.mall.system.rpc.request.authorization.AuthorizationCheckPermissionsRequest;
-import cn.iocoder.mall.system.rpc.request.oauth2.OAuth2AccessTokenAuthenticateRequest;
-import cn.iocoder.mall.system.rpc.response.oauth2.OAuth2AccessTokenResponse;
-import cn.iocoder.mall.web.core.util.CommonWebUtil;
-import org.apache.dubbo.config.annotation.Reference;
-import org.slf4j.Logger;
-import org.slf4j.LoggerFactory;
-import org.springframework.util.StringUtils;
-import org.springframework.web.method.HandlerMethod;
-import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.util.Arrays;
-
-public class AccountAuthInterceptor extends HandlerInterceptorAdapter {
-
- private Logger logger = LoggerFactory.getLogger(getClass());
-
- @Reference(validation = "true", version = "${dubbo.consumer.OAuth2RPC.version}")
- private OAuth2RPC oauth2RPC;
- @Reference(validation = "true", version = "${dubbo.consumer.AuthorizationRPC.version}")
- private AuthorizationRPC authorizationRPC;
-
- /**
- * 是否默认要求认证
- *
- * 针对 /users/** 接口,一般默认不要求认证,因为面向用户的接口,往往不需要登陆即可访问
- * 针对 /admins/** 接口,一般默认要求认证,因为面向管理员的接口,往往是内部需要更严格的安全控制
- */
- private final boolean defaultRequiresAuthenticate;
-
- public AccountAuthInterceptor(boolean defaultRequiresAuthenticate) {
- this.defaultRequiresAuthenticate = defaultRequiresAuthenticate;
- }
-
- @Override
- public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
- // 1. 进行认证
- Integer accountId = this.obtainAccount(request);
- // 2. 进行鉴权
- HandlerMethod handlerMethod = (HandlerMethod) handler;
- // 判断是否需要认证
- this.checkAuthenticate(handlerMethod, accountId);
- // 判断是否需要权限
- this.checkPermission(handlerMethod, accountId);
- return true;
- }
-
- private Integer obtainAccount(HttpServletRequest request) {
- String accessToken = HttpUtil.obtainAuthorization(request); // 获得访问令牌
- if (!StringUtils.hasText(accessToken)) { // 如果未传递,则不进行认证
- return null;
- }
- // 执行认证
- OAuth2AccessTokenAuthenticateRequest oauth2AccessTokenAuthenticateRequest = new OAuth2AccessTokenAuthenticateRequest()
- .setAccessToken(accessToken).setIp(HttpUtil.getIp(request));
- CommonResult oauth2AccessTokenResult = oauth2RPC.authenticate(oauth2AccessTokenAuthenticateRequest);
- if (oauth2AccessTokenResult.isError()) { // TODO 有一个问题点,假设 token 认证失败,但是该 url 是无需认证的,是不是一样能够执行过去?
- throw ServiceExceptionUtil.exception(oauth2AccessTokenResult);
- }
- // 设置账号编号
- Integer accountId = oauth2AccessTokenResult.getData().getAccountId();
- CommonWebUtil.setUserId(request, accountId);
- return accountId;
- }
-
- private void checkAuthenticate(HandlerMethod handlerMethod, Integer accountId) {
- boolean requiresAuthenticate = defaultRequiresAuthenticate;
- if (handlerMethod.hasMethodAnnotation(RequiresAuthenticate.class)
- || handlerMethod.hasMethodAnnotation(RequiresPermissions.class)) { // 如果需要权限验证,也认为需要认证
- requiresAuthenticate = true;
- } else if (handlerMethod.hasMethodAnnotation(RequiresNone.class)) {
- requiresAuthenticate = false;
- }
- if (requiresAuthenticate && accountId == null) {
- throw ServiceExceptionUtil.exception(SystemErrorCodeEnum.OAUTH2_NOT_AUTHENTICATE);
- }
- }
-
- private void checkPermission(HandlerMethod handlerMethod, Integer accountId) {
- RequiresPermissions requiresPermissions = handlerMethod.getMethodAnnotation(RequiresPermissions.class);
- if (requiresPermissions == null) {
- return;
- }
- String[] permissions = requiresPermissions.value();
- if (CollectionUtil.isEmpty(permissions)) {
- return;
- }
- // 权限验证
- AuthorizationCheckPermissionsRequest authorizationCheckPermissionsRequest = new AuthorizationCheckPermissionsRequest()
- .setAccountId(accountId).setPermissions(Arrays.asList(permissions));
- CommonResult authorizationCheckPermissionsResult = authorizationRPC.checkPermissions(authorizationCheckPermissionsRequest);
- if (authorizationCheckPermissionsResult.isError()) { // TODO 有一个问题点,假设 token 认证失败,但是该 url 是无需认证的,是不是一样能够执行过去?
- throw ServiceExceptionUtil.exception(authorizationCheckPermissionsResult);
- }
- }
-
-}
diff --git a/common/mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security/core/interceptor/AdminSecurityInterceptor.java b/common/mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security/core/interceptor/AdminSecurityInterceptor.java
deleted file mode 100644
index ecb2056a8..000000000
--- a/common/mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security/core/interceptor/AdminSecurityInterceptor.java
+++ /dev/null
@@ -1,50 +0,0 @@
-package cn.iocoder.mall.security.core.interceptor;
-
-import cn.iocoder.common.framework.util.ServiceExceptionUtil;
-import cn.iocoder.common.framework.vo.CommonResult;
-import cn.iocoder.mall.security.core.context.AdminSecurityContext;
-import cn.iocoder.mall.security.core.context.AdminSecurityContextHolder;
-import cn.iocoder.mall.system.rpc.api.admin.AdminRPC;
-import cn.iocoder.mall.system.rpc.response.admin.AdminResponse;
-import cn.iocoder.mall.web.core.util.CommonWebUtil;
-import org.apache.dubbo.config.annotation.Reference;
-import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-import static cn.iocoder.mall.system.biz.enums.SystemErrorCodeEnum.ADMIN_NOT_FOUND;
-
-public class AdminSecurityInterceptor extends HandlerInterceptorAdapter {
-
- @Reference(validation = "true", version = "${dubbo.consumer.AdminRPC.version}")
- private AdminRPC adminRPC;
-
- @Override
- public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
- Integer accountId = CommonWebUtil.getUserId(request);
- if (accountId != null) {
- // 获得 Admin 信息
- CommonResult adminResult = adminRPC.getAdminByAccountId(accountId);
- if (adminResult.isError()) {
- throw ServiceExceptionUtil.exception(adminResult);
- }
- if (adminResult.getData() == null) {
- throw ServiceExceptionUtil.exception(ADMIN_NOT_FOUND);
- }
- // 设置到 SecurityContext 中
- AdminResponse adminResponse = adminResult.getData();
- AdminSecurityContext context = new AdminSecurityContext().setAdminId(adminResponse.getId())
- .setAccountId(accountId);
- AdminSecurityContextHolder.setContext(context);
- }
- return true;
- }
-
- @Override
- public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) {
- // 清空 SecurityContext
- AdminSecurityContextHolder.clear();
- }
-
-}
diff --git a/common/mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security/core/interceptor/UserSecurityInterceptor.java b/common/mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security/core/interceptor/UserSecurityInterceptor.java
deleted file mode 100644
index a360dc696..000000000
--- a/common/mall-spring-boot-starter-security/src/main/java/cn/iocoder/mall/security/core/interceptor/UserSecurityInterceptor.java
+++ /dev/null
@@ -1,48 +0,0 @@
-package cn.iocoder.mall.security.core.interceptor;
-
-import cn.iocoder.common.framework.util.ExceptionUtil;
-import cn.iocoder.common.framework.util.ServiceExceptionUtil;
-import cn.iocoder.common.framework.vo.CommonResult;
-import cn.iocoder.mall.security.core.context.UserSecurityContext;
-import cn.iocoder.mall.security.core.context.UserSecurityContextHolder;
-import cn.iocoder.mall.system.rpc.api.user.UserRPC;
-import cn.iocoder.mall.system.rpc.response.user.UserResponse;
-import cn.iocoder.mall.web.core.util.CommonWebUtil;
-import org.apache.dubbo.config.annotation.Reference;
-import org.springframework.web.servlet.handler.HandlerInterceptorAdapter;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-public class UserSecurityInterceptor extends HandlerInterceptorAdapter {
-
- @Reference(validation = "true", version = "${dubbo.consumer.UserRPC.version}")
- private UserRPC userRPC;
-
- @Override
- public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) {
- Integer accountId = CommonWebUtil.getUserId(request);
- if (accountId != null) {
- // 获得 Admin 信息
- CommonResult userResult = userRPC.getUserByAccountId(accountId);
- if (userResult.isError()) {
- throw ServiceExceptionUtil.exception(userResult);
- }
- if (userResult.getData() == null) {
- throw ExceptionUtil.getServiceException(null); // TODO 需要完善
- }
- // 设置到 SecurityContext 中
- UserResponse userResponse = userResult.getData();
- UserSecurityContext context = new UserSecurityContext().setUserId(userResponse.getId());
- UserSecurityContextHolder.setContext(context);
- }
- return true;
- }
-
- @Override
- public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) {
- // 清空 SecurityContext
- UserSecurityContextHolder.clear();
- }
-
-}
diff --git a/common/mall-spring-boot-starter-security/src/main/resources/META-INF/spring.factories b/common/mall-spring-boot-starter-security/src/main/resources/META-INF/spring.factories
deleted file mode 100644
index 198e0fb11..000000000
--- a/common/mall-spring-boot-starter-security/src/main/resources/META-INF/spring.factories
+++ /dev/null
@@ -1,2 +0,0 @@
-org.springframework.boot.autoconfigure.EnableAutoConfiguration=\
- cn.iocoder.mall.security.config.CommonSecurityAutoConfiguration
diff --git a/common/pom.xml b/common/pom.xml
index 3929611ec..1599a6b3b 100644
--- a/common/pom.xml
+++ b/common/pom.xml
@@ -17,7 +17,7 @@
mall-spring-boot-starter-swagger
mall-spring-boot-starter-web
mall-security-annotations
- mall-spring-boot-starter-security
+ mall-spring-boot-starter-security-admin
mall-spring-boot-starter-security-user
mall-spring-boot-starter-mybatis
diff --git a/mall-dependencies/pom.xml b/mall-dependencies/pom.xml
index 5980e2879..a25483e49 100644
--- a/mall-dependencies/pom.xml
+++ b/mall-dependencies/pom.xml
@@ -147,12 +147,12 @@
cn.iocoder.mall
- mall-spring-boot-starter-security
+ mall-spring-boot-starter-security-user
1.0-SNAPSHOT
cn.iocoder.mall
- mall-spring-boot-starter-security-user
+ mall-spring-boot-starter-security-admin
1.0-SNAPSHOT
diff --git a/management-web-app/pom.xml b/management-web-app/pom.xml
index abd0dce9a..b4ead34e7 100644
--- a/management-web-app/pom.xml
+++ b/management-web-app/pom.xml
@@ -37,6 +37,11 @@
mall-spring-boot-starter-swagger
+
+ cn.iocoder.mall
+ mall-spring-boot-starter-security-admin
+
+
com.alibaba.cloud
diff --git a/management-web-app/src/main/java/cn/iocoder/mall/managementweb/controller/passport/AdminPassportController.java b/management-web-app/src/main/java/cn/iocoder/mall/managementweb/controller/passport/AdminPassportController.java
index 89ed6e92a..4abce09bc 100644
--- a/management-web-app/src/main/java/cn/iocoder/mall/managementweb/controller/passport/AdminPassportController.java
+++ b/management-web-app/src/main/java/cn/iocoder/mall/managementweb/controller/passport/AdminPassportController.java
@@ -5,6 +5,7 @@ import cn.iocoder.common.framework.vo.CommonResult;
import cn.iocoder.mall.managementweb.controller.passport.dto.AdminPassportLoginDTO;
import cn.iocoder.mall.managementweb.controller.passport.vo.AdminPassportVO;
import cn.iocoder.mall.managementweb.manager.admin.AdminPassportManager;
+import cn.iocoder.security.annotations.RequiresNone;
import io.swagger.annotations.Api;
import io.swagger.annotations.ApiOperation;
import org.springframework.beans.factory.annotation.Autowired;
@@ -24,9 +25,9 @@ public class AdminPassportController {
@Autowired
private AdminPassportManager adminPassportManager;
- @PostMapping("/login")
@ApiOperation("账号密码登陆")
-// @RequiresNone TODO 晚点加上
+ @PostMapping("/login")
+ @RequiresNone
public CommonResult login(AdminPassportLoginDTO loginDTO,
HttpServletRequest request) {
return success(adminPassportManager.login(loginDTO, HttpUtil.getIp(request)));
diff --git a/user/user-service-impl/src/main/java/cn/iocoder/mall/user/biz/config/DatabaseConfiguration.java b/user/user-service-impl/src/main/java/cn/iocoder/mall/user/biz/config/DatabaseConfiguration.java
deleted file mode 100644
index f712638ca..000000000
--- a/user/user-service-impl/src/main/java/cn/iocoder/mall/user/biz/config/DatabaseConfiguration.java
+++ /dev/null
@@ -1,14 +0,0 @@
-package cn.iocoder.mall.user.biz.config;
-
-import org.mybatis.spring.annotation.MapperScan;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.transaction.annotation.EnableTransactionManagement;
-
-@Configuration
-@MapperScan("cn.iocoder.mall.user.biz.dao") // 扫描对应的 Mapper 接口
-@EnableTransactionManagement(proxyTargetClass = true) // 启动事务管理。为什么使用 proxyTargetClass 参数,参见 https://blog.csdn.net/huang_550/article/details/76492600
-public class DatabaseConfiguration {
-
- // 数据源,使用 Druid
-
-}
diff --git a/user/user-service-impl/src/main/java/cn/iocoder/mall/user/biz/config/ServiceExceptionConfiguration.java b/user/user-service-impl/src/main/java/cn/iocoder/mall/user/biz/config/ServiceExceptionConfiguration.java
deleted file mode 100644
index a315eb6bf..000000000
--- a/user/user-service-impl/src/main/java/cn/iocoder/mall/user/biz/config/ServiceExceptionConfiguration.java
+++ /dev/null
@@ -1,26 +0,0 @@
-package cn.iocoder.mall.user.biz.config;
-
-import cn.iocoder.common.framework.util.ServiceExceptionUtil;
-import cn.iocoder.mall.user.api.constant.UserErrorCodeEnum;
-import org.springframework.boot.context.event.ApplicationReadyEvent;
-import org.springframework.context.annotation.Configuration;
-import org.springframework.context.event.EventListener;
-
-@Configuration
-public class ServiceExceptionConfiguration {
-
- @EventListener(ApplicationReadyEvent.class) // 可参考 https://www.cnblogs.com/ssslinppp/p/7607509.html
- public void initMessages() {
-// 从 service_exception_message.properties 加载错误码的方案
-// Properties properties;
-// try {
-// properties = PropertiesLoaderUtils.loadAllProperties("classpath:service_exception_message.properties");
-// } catch (IOException e) {
-// throw new RuntimeException(e);
-// }
- for (UserErrorCodeEnum item : UserErrorCodeEnum.values()) {
- ServiceExceptionUtil.put(item.getCode(), item.getMessage());
- }
- }
-
-}
\ No newline at end of file
diff --git a/user/user-service-impl/src/main/java/cn/iocoder/mall/user/biz/dataobject/UserAccessLogDO.java b/user/user-service-impl/src/main/java/cn/iocoder/mall/user/biz/dataobject/UserAccessLogDO.java
deleted file mode 100644
index e91f70bc2..000000000
--- a/user/user-service-impl/src/main/java/cn/iocoder/mall/user/biz/dataobject/UserAccessLogDO.java
+++ /dev/null
@@ -1,55 +0,0 @@
-package cn.iocoder.mall.user.biz.dataobject;
-
-import cn.iocoder.common.framework.dataobject.DeletableDO;
-import lombok.Data;
-import lombok.experimental.Accessors;
-
-import java.util.Date;
-
-/**
- * 用户访问日志 DO
- */
-@Data
-@Accessors(chain = true)
-public class UserAccessLogDO extends DeletableDO {
-
- /**
- * 编号
- */
- private Integer id;
- /**
- * 用户编号.
- *
- * 当用户编号为空时,该值为0
- */
- private Integer userId;
- /**
- * 访问地址
- */
- private String uri;
- /**
- * 参数
- */
- private String queryString;
- /**
- * http 方法
- */
- private String method;
- /**
- * userAgent
- */
- private String userAgent;
- /**
- * ip
- */
- private String ip;
- /**
- * 请求时间
- */
- private Date startTime;
- /**
- * 响应时长 -- 毫秒级
- */
- private Integer responseTime;
-
-}
diff --git a/user/user-service-impl/src/main/java/cn/iocoder/mall/user/biz/dataobject/UserDO.java b/user/user-service-impl/src/main/java/cn/iocoder/mall/user/biz/dataobject/UserDO.java
deleted file mode 100644
index d6d13f203..000000000
--- a/user/user-service-impl/src/main/java/cn/iocoder/mall/user/biz/dataobject/UserDO.java
+++ /dev/null
@@ -1,41 +0,0 @@
-package cn.iocoder.mall.user.biz.dataobject;
-
-import cn.iocoder.common.framework.dataobject.DeletableDO;
-import lombok.Data;
-import lombok.experimental.Accessors;
-
-/**
- * 用户实体,存储用户基本数据。
- *
- * idx_mobile 唯一索引
- */
-@Data
-@Accessors(chain = true)
-public class UserDO extends DeletableDO {
-
- /**
- * 用户编号
- */
- private Integer id;
- /**
- * 手机号
- */
- private String mobile;
- /**
- * 昵称
- */
- private String nickname;
- /**
- * 头像
- */
- private String avatar;
- /**
- * 账号状态
- *
- * 1 - 开启
- * 2 - 禁用
- */
- private Integer status;
-
-
-}
diff --git a/user/user-service-impl/src/main/java/cn/iocoder/mall/user/biz/dataobject/UserLoginLogDO.java b/user/user-service-impl/src/main/java/cn/iocoder/mall/user/biz/dataobject/UserLoginLogDO.java
deleted file mode 100644
index 14c287de0..000000000
--- a/user/user-service-impl/src/main/java/cn/iocoder/mall/user/biz/dataobject/UserLoginLogDO.java
+++ /dev/null
@@ -1,9 +0,0 @@
-package cn.iocoder.mall.user.biz.dataobject;
-
-import lombok.Data;
-import lombok.experimental.Accessors;
-
-@Data
-@Accessors(chain = true)
-public class UserLoginLogDO {
-}