From e0ab6b8462fdd597756c67cd978f3cf0a3d8fef3 Mon Sep 17 00:00:00 2001 From: YunaiV <> Date: Wed, 26 Aug 2020 20:47:46 +0800 Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A0=E4=BB=A4=E7=89=8C=E5=88=B7?= =?UTF-8?q?=E6=96=B0=E9=80=BB=E8=BE=91=20=E5=A2=9E=E5=8A=A0=E6=BC=94?= =?UTF-8?q?=E7=A4=BA=E6=A8=A1=E5=BC=8F=E7=9A=84=E5=BC=80=E5=85=B3?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- .../AdminSecurityAutoConfiguration.java | 10 ++++++---- .../admin/config/AdminSecurityProperties.java | 18 +++++++++++++++++ .../interceptor/AdminDemoInterceptor.java | 5 +++-- .../passport/PassportController.java | 14 ++++++++----- .../manager/passport/PassportManager.java | 20 +++++++++++++------ .../src/main/resources/application-dev.yml | 3 +++ .../passport/PassportController.http | 6 ++++++ .../passport/PassportController.java | 9 +++++++++ .../manager/passport/PassportManager.java | 8 ++++++++ .../src/main/resources/application.yml | 1 + 10 files changed, 77 insertions(+), 17 deletions(-) diff --git a/common/mall-spring-boot-starter-security-admin/src/main/java/cn/iocoder/mall/security/admin/config/AdminSecurityAutoConfiguration.java b/common/mall-spring-boot-starter-security-admin/src/main/java/cn/iocoder/mall/security/admin/config/AdminSecurityAutoConfiguration.java index 322016c37..c49f6f1d9 100644 --- a/common/mall-spring-boot-starter-security-admin/src/main/java/cn/iocoder/mall/security/admin/config/AdminSecurityAutoConfiguration.java +++ b/common/mall-spring-boot-starter-security-admin/src/main/java/cn/iocoder/mall/security/admin/config/AdminSecurityAutoConfiguration.java @@ -49,10 +49,12 @@ public class AdminSecurityAutoConfiguration implements WebMvcConfigurer { .excludePathPatterns(properties.getDefaultIgnorePaths()); logger.info("[addInterceptors][加载 AdminSecurityInterceptor 拦截器完成]"); // AdminDemoInterceptor 拦截器 - registry.addInterceptor(this.adminDemoInterceptor()) - .excludePathPatterns(properties.getIgnorePaths()) - .excludePathPatterns(properties.getDefaultIgnorePaths()); - logger.info("[addInterceptors][加载 AdminDemoInterceptor 拦截器完成]"); + if (Boolean.TRUE.equals(properties.getDemo())) { + registry.addInterceptor(this.adminDemoInterceptor()) + .excludePathPatterns(properties.getIgnorePaths()) + .excludePathPatterns(properties.getDefaultIgnorePaths()); + logger.info("[addInterceptors][加载 AdminDemoInterceptor 拦截器完成]"); + } } } diff --git a/common/mall-spring-boot-starter-security-admin/src/main/java/cn/iocoder/mall/security/admin/config/AdminSecurityProperties.java b/common/mall-spring-boot-starter-security-admin/src/main/java/cn/iocoder/mall/security/admin/config/AdminSecurityProperties.java index a54e4258a..7c36f8350 100644 --- a/common/mall-spring-boot-starter-security-admin/src/main/java/cn/iocoder/mall/security/admin/config/AdminSecurityProperties.java +++ b/common/mall-spring-boot-starter-security-admin/src/main/java/cn/iocoder/mall/security/admin/config/AdminSecurityProperties.java @@ -11,6 +11,11 @@ public class AdminSecurityProperties { // Actuator 相关 }; + /** + * 演示模式 - 默认值(关闭) + */ + private static final Boolean DEFAULT_DEMO = false; + /** * 自定义忽略 Path */ @@ -19,6 +24,10 @@ public class AdminSecurityProperties { * 默认忽略 Path */ private String[] defaultIgnorePaths = DEFAULT_IGNORE_PATHS; + /** + * 是否开启演示模式 + */ + private Boolean demo = DEFAULT_DEMO; public String[] getIgnorePaths() { return ignorePaths; @@ -38,4 +47,13 @@ public class AdminSecurityProperties { return this; } + public Boolean getDemo() { + return demo; + } + + public AdminSecurityProperties setDemo(Boolean demo) { + this.demo = demo; + return this; + } + } diff --git a/common/mall-spring-boot-starter-security-admin/src/main/java/cn/iocoder/mall/security/admin/core/interceptor/AdminDemoInterceptor.java b/common/mall-spring-boot-starter-security-admin/src/main/java/cn/iocoder/mall/security/admin/core/interceptor/AdminDemoInterceptor.java index 3659b1f7a..056395c9e 100644 --- a/common/mall-spring-boot-starter-security-admin/src/main/java/cn/iocoder/mall/security/admin/core/interceptor/AdminDemoInterceptor.java +++ b/common/mall-spring-boot-starter-security-admin/src/main/java/cn/iocoder/mall/security/admin/core/interceptor/AdminDemoInterceptor.java @@ -19,8 +19,9 @@ public class AdminDemoInterceptor extends HandlerInterceptorAdapter { @Override public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) { - // 当 Admin 编号等于 0 时,约定为演示账号 - if (Objects.equals(AdminSecurityContextHolder.getAdminId(), 0) + // 当 Admin 编号等于 1 时,约定为演示账号 + // TODO 芋艿,后续去优化 + if (Objects.equals(AdminSecurityContextHolder.getAdminId(), 1) && request.getMethod().equalsIgnoreCase(HttpMethod.POST.toString())) { throw ServiceExceptionUtil.exception(SystemErrorCodeConstants.PERMISSION_DEMO_PERMISSION_DENY); } diff --git a/management-web-app/src/main/java/cn/iocoder/mall/managementweb/controller/passport/PassportController.java b/management-web-app/src/main/java/cn/iocoder/mall/managementweb/controller/passport/PassportController.java index 15c06daed..4ebf7ea16 100644 --- a/management-web-app/src/main/java/cn/iocoder/mall/managementweb/controller/passport/PassportController.java +++ b/management-web-app/src/main/java/cn/iocoder/mall/managementweb/controller/passport/PassportController.java @@ -12,13 +12,9 @@ import cn.iocoder.security.annotations.RequiresNone; import io.swagger.annotations.Api; import io.swagger.annotations.ApiOperation; import org.springframework.beans.factory.annotation.Autowired; -import org.springframework.web.bind.annotation.GetMapping; -import org.springframework.web.bind.annotation.PostMapping; -import org.springframework.web.bind.annotation.RequestMapping; -import org.springframework.web.bind.annotation.RestController; +import org.springframework.web.bind.annotation.*; import javax.servlet.http.HttpServletRequest; - import java.util.List; import java.util.Set; @@ -46,6 +42,14 @@ public class PassportController { return success(passportManager.getAdmin(AdminSecurityContextHolder.getAdminId())); } + @PostMapping("/refresh-token") + @ApiOperation("刷新令牌") + @RequiresNone + public CommonResult refreshToken(@RequestParam("refreshToken") String refreshToken, + HttpServletRequest request) { + return success(passportManager.refreshToken(refreshToken, HttpUtil.getIp(request))); + } + // TODO 优化点:迁移到 PermissionController @GetMapping("/tree-admin-menu") @ApiOperation("获得当前管理员的菜单树") diff --git a/management-web-app/src/main/java/cn/iocoder/mall/managementweb/manager/passport/PassportManager.java b/management-web-app/src/main/java/cn/iocoder/mall/managementweb/manager/passport/PassportManager.java index cd2f11f08..6535b0114 100644 --- a/management-web-app/src/main/java/cn/iocoder/mall/managementweb/manager/passport/PassportManager.java +++ b/management-web-app/src/main/java/cn/iocoder/mall/managementweb/manager/passport/PassportManager.java @@ -15,12 +15,13 @@ import cn.iocoder.mall.systemservice.enums.permission.ResourceTypeEnum; import cn.iocoder.mall.systemservice.rpc.admin.AdminRpc; import cn.iocoder.mall.systemservice.rpc.admin.vo.AdminVO; import cn.iocoder.mall.systemservice.rpc.oauth.OAuth2Rpc; -import cn.iocoder.mall.systemservice.rpc.oauth.dto.OAuth2CreateAccessTokenReqDTO; import cn.iocoder.mall.systemservice.rpc.oauth.dto.OAuth2AccessTokenRespDTO; +import cn.iocoder.mall.systemservice.rpc.oauth.dto.OAuth2CreateAccessTokenReqDTO; +import cn.iocoder.mall.systemservice.rpc.oauth.dto.OAuth2RefreshAccessTokenReqDTO; import cn.iocoder.mall.systemservice.rpc.permission.ResourceRpc; import cn.iocoder.mall.systemservice.rpc.permission.RoleRpc; import cn.iocoder.mall.systemservice.rpc.permission.vo.ResourceVO; -import org.apache.dubbo.config.annotation.Reference; +import org.apache.dubbo.config.annotation.DubboReference; import org.springframework.stereotype.Service; import java.util.Collections; @@ -30,13 +31,13 @@ import java.util.Set; @Service public class PassportManager { - @Reference(version = "${dubbo.consumer.AdminRpc.version}") + @DubboReference(version = "${dubbo.consumer.AdminRpc.version}") private AdminRpc adminRpc; - @Reference(version = "${dubbo.consumer.OAuth2Rpc.version}") + @DubboReference(version = "${dubbo.consumer.OAuth2Rpc.version}") private OAuth2Rpc oauth2Rpc; - @Reference(version = "${dubbo.consumer.RoleRpc.version}") + @DubboReference(version = "${dubbo.consumer.RoleRpc.version}") private RoleRpc roleRpc; - @Reference(version = "${dubbo.consumer.ResourceRpc.version}") + @DubboReference(version = "${dubbo.consumer.ResourceRpc.version}") private ResourceRpc resourceRpc; public PassportAccessTokenVO login(PassportLoginDTO loginDTO, String ip) { @@ -59,6 +60,13 @@ public class PassportManager { return AdminPassportConvert.INSTANCE.convert(getAdminResult.getData()); } + public PassportAccessTokenVO refreshToken(String refreshToken, String ip) { + CommonResult refreshAccessTokenResult = oauth2Rpc.refreshAccessToken( + new OAuth2RefreshAccessTokenReqDTO().setRefreshToken(refreshToken).setCreateIp(ip)); + refreshAccessTokenResult.checkError(); + return AdminPassportConvert.INSTANCE.convert(refreshAccessTokenResult.getData()); + } + /** * 获得指定管理员的权限列表 * diff --git a/management-web-app/src/main/resources/application-dev.yml b/management-web-app/src/main/resources/application-dev.yml index 2e26cd388..31a3a702f 100644 --- a/management-web-app/src/main/resources/application-dev.yml +++ b/management-web-app/src/main/resources/application-dev.yml @@ -13,3 +13,6 @@ dubbo: registry: # address: spring-cloud://400-infra.server.iocoder.cn:8848 # 指定 Dubbo 服务注册中心的地址 address: nacos://400-infra.server.iocoder.cn:8848?namespace=dev # 指定 Dubbo 服务注册中心的地址 + +# Mall 认证安全配置 +mall.security.admin.demo: true # 是否开启演示模式 diff --git a/user-web-app/src/main/java/cn/iocoder/mall/userweb/controller/passport/PassportController.http b/user-web-app/src/main/java/cn/iocoder/mall/userweb/controller/passport/PassportController.http index 9812438c5..47fdbf217 100644 --- a/user-web-app/src/main/java/cn/iocoder/mall/userweb/controller/passport/PassportController.http +++ b/user-web-app/src/main/java/cn/iocoder/mall/userweb/controller/passport/PassportController.http @@ -10,4 +10,10 @@ Content-Type: application/x-www-form-urlencoded mobile=15601691300&scene=1 +### /passport/refresh-token +POST {{user-api-base-url}}/passport/refresh-token +Content-Type: application/x-www-form-urlencoded + +refreshToken=77abd74e84e34cfc8aba9625317a14a3 + ### diff --git a/user-web-app/src/main/java/cn/iocoder/mall/userweb/controller/passport/PassportController.java b/user-web-app/src/main/java/cn/iocoder/mall/userweb/controller/passport/PassportController.java index bacc0f008..168b520da 100644 --- a/user-web-app/src/main/java/cn/iocoder/mall/userweb/controller/passport/PassportController.java +++ b/user-web-app/src/main/java/cn/iocoder/mall/userweb/controller/passport/PassportController.java @@ -12,6 +12,7 @@ import io.swagger.annotations.ApiOperation; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.PostMapping; import org.springframework.web.bind.annotation.RequestMapping; +import org.springframework.web.bind.annotation.RequestParam; import org.springframework.web.bind.annotation.RestController; import javax.servlet.http.HttpServletRequest; @@ -44,4 +45,12 @@ public class PassportController { return success(true); } + @PostMapping("/refresh-token") + @ApiOperation("刷新令牌") + @RequiresNone + public CommonResult refreshToken(@RequestParam("refreshToken") String refreshToken, + HttpServletRequest request) { + return success(passportManager.refreshToken(refreshToken, HttpUtil.getIp(request))); + } + } diff --git a/user-web-app/src/main/java/cn/iocoder/mall/userweb/manager/passport/PassportManager.java b/user-web-app/src/main/java/cn/iocoder/mall/userweb/manager/passport/PassportManager.java index da2659625..4f6264c5d 100644 --- a/user-web-app/src/main/java/cn/iocoder/mall/userweb/manager/passport/PassportManager.java +++ b/user-web-app/src/main/java/cn/iocoder/mall/userweb/manager/passport/PassportManager.java @@ -5,6 +5,7 @@ import cn.iocoder.common.framework.vo.CommonResult; import cn.iocoder.mall.systemservice.rpc.oauth.OAuth2Rpc; import cn.iocoder.mall.systemservice.rpc.oauth.dto.OAuth2AccessTokenRespDTO; import cn.iocoder.mall.systemservice.rpc.oauth.dto.OAuth2CreateAccessTokenReqDTO; +import cn.iocoder.mall.systemservice.rpc.oauth.dto.OAuth2RefreshAccessTokenReqDTO; import cn.iocoder.mall.userservice.enums.sms.UserSmsSceneEnum; import cn.iocoder.mall.userservice.rpc.sms.UserSmsCodeRpc; import cn.iocoder.mall.userservice.rpc.user.UserRpc; @@ -50,4 +51,11 @@ public class PassportManager { sendSmsCodeResult.checkError(); } + public PassportAccessTokenRespVO refreshToken(String refreshToken, String ip) { + CommonResult refreshAccessTokenResult = oauth2Rpc.refreshAccessToken( + new OAuth2RefreshAccessTokenReqDTO().setRefreshToken(refreshToken).setCreateIp(ip)); + refreshAccessTokenResult.checkError(); + return PassportConvert.INSTANCE.convert(refreshAccessTokenResult.getData()); + } + } diff --git a/user-web-app/src/main/resources/application.yml b/user-web-app/src/main/resources/application.yml index 7ce01ad3d..65be706f6 100644 --- a/user-web-app/src/main/resources/application.yml +++ b/user-web-app/src/main/resources/application.yml @@ -25,6 +25,7 @@ dubbo: consumer: timeout: 10000 validation: true # 开启 Consumer 的参数校验 + check: false # 本地启动,不进行校验,不一定会使用到未启动的服务,嘿嘿~ UserSmsCodeRpc: version: 1.0.0 UserRpc: