product-inventory-management-after.git

RuoYi

2022-05-28 1ba5e86262b1925d53ba64ab80e7a50f22959fd6

新增Anonymous匿名访问不鉴权注解

已修改1个文件

已添加2个文件

	src/main/java/com/ruoyi/framework/aspectj/lang/annotation/Anonymous.java	19 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史
	src/main/java/com/ruoyi/framework/config/SecurityConfig.java	15 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史
	src/main/java/com/ruoyi/framework/config/properties/PermitAllUrlProperties.java	72 ●●●●● 补丁 \| 查看 \| 原始文档 \| blame \| 历史

 src/main/java/com/ruoyi/framework/aspectj/lang/annotation/Anonymous.java

¶Ô±ÈÐÂÎÄ¼þ
@@ -0,0 +1,19 @@
package com.ruoyi.framework.aspectj.lang.annotation;



import java.lang.annotation.Documented;

import java.lang.annotation.ElementType;

import java.lang.annotation.Retention;

import java.lang.annotation.RetentionPolicy;

import java.lang.annotation.Target;



/**

 * å¿åè®¿é®ä¸é´ææ³¨è§£

 * 
 * @author ruoyi

 */

@Target({ ElementType.METHOD, ElementType.TYPE })

@Retention(RetentionPolicy.RUNTIME)

@Documented

public @interface Anonymous

{

}


 src/main/java/com/ruoyi/framework/config/SecurityConfig.java

@@ -8,12 +8,14 @@
import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;

import org.springframework.security.config.annotation.web.builders.HttpSecurity;

import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;

import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;

import org.springframework.security.config.http.SessionCreationPolicy;

import org.springframework.security.core.userdetails.UserDetailsService;

import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;

import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;

import org.springframework.security.web.authentication.logout.LogoutFilter;

import org.springframework.web.filter.CorsFilter;

import com.ruoyi.framework.config.properties.PermitAllUrlProperties;

import com.ruoyi.framework.security.filter.JwtAuthenticationTokenFilter;

import com.ruoyi.framework.security.handle.AuthenticationEntryPointImpl;

import com.ruoyi.framework.security.handle.LogoutSuccessHandlerImpl;

@@ -55,7 +57,13 @@
     */

    @Autowired

    private CorsFilter corsFilter;

    


    /**

     * åè®¸å¿åè®¿é®çå°å

     */

    @Autowired

    private PermitAllUrlProperties permitAllUrl;



    /**

     * è§£å³ æ æ³ç´æ¥æ³¨å¥ AuthenticationManager

     *

@@ -87,6 +95,10 @@
    @Override

    protected void configure(HttpSecurity httpSecurity) throws Exception

    {

        // æ³¨è§£æ è®°åè®¸å¿åè®¿é®çurl

        ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = httpSecurity.authorizeRequests();

        permitAllUrl.getUrls().forEach(url -> registry.antMatchers(url).permitAll());

 
        httpSecurity

                // CSRFç¦ç¨ï¼å ä¸ºä¸ä½¿ç¨session

                .csrf().disable()

@@ -105,6 +117,7 @@
                .anyRequest().authenticated()

                .and()

                .headers().frameOptions().disable();

        // æ·»å Logout filter

        httpSecurity.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler);

        // æ·»å JWT filter

        httpSecurity.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);


 src/main/java/com/ruoyi/framework/config/properties/PermitAllUrlProperties.java

¶Ô±ÈÐÂÎÄ¼þ
@@ -0,0 +1,72 @@
package com.ruoyi.framework.config.properties;



import java.util.ArrayList;

import java.util.List;

import java.util.Map;

import java.util.Optional;

import java.util.regex.Pattern;

import org.apache.commons.lang3.RegExUtils;

import org.springframework.beans.BeansException;

import org.springframework.beans.factory.InitializingBean;

import org.springframework.context.ApplicationContext;

import org.springframework.context.ApplicationContextAware;

import org.springframework.context.annotation.Configuration;

import org.springframework.core.annotation.AnnotationUtils;

import org.springframework.web.method.HandlerMethod;

import org.springframework.web.servlet.mvc.method.RequestMappingInfo;

import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;

import com.ruoyi.framework.aspectj.lang.annotation.Anonymous;



/**

 * è®¾ç½®Anonymousæ³¨è§£åè®¸å¿åè®¿é®çurl

 * 
 * @author ruoyi

 */

@Configuration

public class PermitAllUrlProperties implements InitializingBean, ApplicationContextAware

{

    private static final Pattern PATTERN = Pattern.compile("\\{(.*?)\\}");



    private ApplicationContext applicationContext;



    private List<String> urls = new ArrayList<>();



    public String ASTERISK = "*";



    @Override

    public void afterPropertiesSet()

    {

        RequestMappingHandlerMapping mapping = applicationContext.getBean(RequestMappingHandlerMapping.class);

        Map<RequestMappingInfo, HandlerMethod> map = mapping.getHandlerMethods();



        map.keySet().forEach(info -> {

            HandlerMethod handlerMethod = map.get(info);



            // è·åæ¹æ³ä¸è¾¹çæ³¨è§£ æ¿ä»£path variable ä¸º *

            Anonymous method = AnnotationUtils.findAnnotation(handlerMethod.getMethod(), Anonymous.class);

            Optional.ofNullable(method).ifPresent(anonymous -> info.getPatternsCondition().getPatterns()

                    .forEach(url -> urls.add(RegExUtils.replaceAll(url, PATTERN, ASTERISK))));



            // è·åç±»ä¸è¾¹çæ³¨è§£, æ¿ä»£path variable ä¸º *

            Anonymous controller = AnnotationUtils.findAnnotation(handlerMethod.getBeanType(), Anonymous.class);

            Optional.ofNullable(controller).ifPresent(anonymous -> info.getPatternsCondition().getPatterns()

                    .forEach(url -> urls.add(RegExUtils.replaceAll(url, PATTERN, ASTERISK))));

        });

    }



    @Override

    public void setApplicationContext(ApplicationContext context) throws BeansException

    {

        this.applicationContext = context;

    }



    public List<String> getUrls()

    {

        return urls;

    }



    public void setUrls(List<String> urls)

    {

        this.urls = urls;

    }

}

¶Ô±ÈÐÂÎÄ¼þ
			@@ -0,0 +1,19 @@
			package com.ruoyi.framework.aspectj.lang.annotation;

			import java.lang.annotation.Documented;
			import java.lang.annotation.ElementType;
			import java.lang.annotation.Retention;
			import java.lang.annotation.RetentionPolicy;
			import java.lang.annotation.Target;

			/**
			* å¿åè®¿é®ä¸é´ææ³¨è§£
			*
			* @author ruoyi
			*/
			@Target({ ElementType.METHOD, ElementType.TYPE })
			@Retention(RetentionPolicy.RUNTIME)
			@Documented
			public @interface Anonymous
			{
			}

			@@ -8,12 +8,14 @@
			import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
			import org.springframework.security.config.annotation.web.builders.HttpSecurity;
			import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
			import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
			import org.springframework.security.config.http.SessionCreationPolicy;
			import org.springframework.security.core.userdetails.UserDetailsService;
			import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
			import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
			import org.springframework.security.web.authentication.logout.LogoutFilter;
			import org.springframework.web.filter.CorsFilter;
			import com.ruoyi.framework.config.properties.PermitAllUrlProperties;
			import com.ruoyi.framework.security.filter.JwtAuthenticationTokenFilter;
			import com.ruoyi.framework.security.handle.AuthenticationEntryPointImpl;
			import com.ruoyi.framework.security.handle.LogoutSuccessHandlerImpl;
			@@ -55,7 +57,13 @@
			*/
			@Autowired
			private CorsFilter corsFilter;


			/**
			* åè®¸å¿åè®¿é®çå°å
			*/
			@Autowired
			private PermitAllUrlProperties permitAllUrl;

			/**
			* è§£å³ æ æ³ç´æ¥æ³¨å¥ AuthenticationManager
			*
			@@ -87,6 +95,10 @@
			@Override
			protected void configure(HttpSecurity httpSecurity) throws Exception
			{
			// æ³¨è§£æ è®°åè®¸å¿åè®¿é®çurl
			ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry = httpSecurity.authorizeRequests();
			permitAllUrl.getUrls().forEach(url -> registry.antMatchers(url).permitAll());

			httpSecurity
			// CSRFç¦ç¨ï¼å ä¸ºä¸ä½¿ç¨session
			.csrf().disable()
			@@ -105,6 +117,7 @@
			.anyRequest().authenticated()
			.and()
			.headers().frameOptions().disable();
			// æ·»å Logout filter
			httpSecurity.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler);
			// æ·»å JWT filter
			httpSecurity.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);

¶Ô±ÈÐÂÎÄ¼þ
			@@ -0,0 +1,72 @@
			package com.ruoyi.framework.config.properties;

			import java.util.ArrayList;
			import java.util.List;
			import java.util.Map;
			import java.util.Optional;
			import java.util.regex.Pattern;
			import org.apache.commons.lang3.RegExUtils;
			import org.springframework.beans.BeansException;
			import org.springframework.beans.factory.InitializingBean;
			import org.springframework.context.ApplicationContext;
			import org.springframework.context.ApplicationContextAware;
			import org.springframework.context.annotation.Configuration;
			import org.springframework.core.annotation.AnnotationUtils;
			import org.springframework.web.method.HandlerMethod;
			import org.springframework.web.servlet.mvc.method.RequestMappingInfo;
			import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;
			import com.ruoyi.framework.aspectj.lang.annotation.Anonymous;

			/**
			* è®¾ç½®Anonymousæ³¨è§£åè®¸å¿åè®¿é®çurl
			*
			* @author ruoyi
			*/
			@Configuration
			public class PermitAllUrlProperties implements InitializingBean, ApplicationContextAware
			{
			private static final Pattern PATTERN = Pattern.compile("\\{(.*?)\\}");

			private ApplicationContext applicationContext;

			private List<String> urls = new ArrayList<>();

			public String ASTERISK = "*";

			@Override
			public void afterPropertiesSet()
			{
			RequestMappingHandlerMapping mapping = applicationContext.getBean(RequestMappingHandlerMapping.class);
			Map<RequestMappingInfo, HandlerMethod> map = mapping.getHandlerMethods();

			map.keySet().forEach(info -> {
			HandlerMethod handlerMethod = map.get(info);

			// è·åæ¹æ³ä¸è¾¹çæ³¨è§£ æ¿ä»£path variable ä¸º *
			Anonymous method = AnnotationUtils.findAnnotation(handlerMethod.getMethod(), Anonymous.class);
			Optional.ofNullable(method).ifPresent(anonymous -> info.getPatternsCondition().getPatterns()
			.forEach(url -> urls.add(RegExUtils.replaceAll(url, PATTERN, ASTERISK))));

			// è·åç±»ä¸è¾¹çæ³¨è§£, æ¿ä»£path variable ä¸º *
			Anonymous controller = AnnotationUtils.findAnnotation(handlerMethod.getBeanType(), Anonymous.class);
			Optional.ofNullable(controller).ifPresent(anonymous -> info.getPatternsCondition().getPatterns()
			.forEach(url -> urls.add(RegExUtils.replaceAll(url, PATTERN, ASTERISK))));
			});
			}

			@Override
			public void setApplicationContext(ApplicationContext context) throws BeansException
			{
			this.applicationContext = context;
			}

			public List<String> getUrls()
			{
			return urls;
			}

			public void setUrls(List<String> urls)
			{
			this.urls = urls;
			}
			}