记一次OAuth碰到的问题
发布时间:2020-12-16 09:26:24 所属栏目:asp.Net 来源:网络整理
导读:@Order@Component public class PcPermissionAuthorizeConfigProvider implements AuthorizeConfigProvider { /** * Config boolean. * * @param config the config * * @return the boolean */ @Override public boolean config(ExpressionUrlAuthorization
@Order @Component public class PcPermissionAuthorizeConfigProvider implements AuthorizeConfigProvider { /** * Config boolean. * * @param config the config * * @return the boolean */ @Override public boolean config(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry config) { config.anyRequest().access("@permissionService.hasPermission(authentication,request)"); return true; } } @Slf4j @Component("permissionService") public class MucPermissionServiceImpl implements MucPermissionService { private AntPathMatcher antPathMatcher = new AntPathMatcher(); private static final String OAUTH2_CLIENT_PREFIX = "rockysaas-client-"; @Resource private ClientDetailsService clientDetailsService; @Override public boolean hasPermission(Authentication authentication,HttpServletRequest request) { String currentLoginName = SecurityUtils.getCurrentLoginName(); Set<String> currentAuthorityUrl = SecurityUtils.getCurrentAuthorityUrl(); String requestURI = request.getRequestURI(); log.info("验证权限loginName={},requestURI={},hasAuthorityUrl={}",currentLoginName,requestURI,Joiner.on(GlobalConstant.Symbol.COMMA).join(currentAuthorityUrl)); // 超级管理员 全部都可以访问 if (StringUtils.equals(currentLoginName,GlobalConstant.Sys.SUPER_MANAGER_LOGIN_NAME)) { return true; } // DEMO项目Feign客户端具有所有权限,如果需要则在角色权限中控制 if (currentLoginName.contains(OAUTH2_CLIENT_PREFIX)) { ClientDetails clientDetails = clientDetailsService.loadClientByClientId(currentLoginName); return clientDetails != null; } for (final String authority : currentAuthorityUrl) { // DEMO项目放过查询权限 if (requestURI.contains("query") || requestURI.contains("get") || requestURI.contains("check") || requestURI.contains("select")) { return true; } if (antPathMatcher.match(authority,requestURI)) { return true; } } return false; } @Component public class PcAuthorizeConfigManager implements AuthorizeConfigManager { private final List<AuthorizeConfigProvider> authorizeConfigProviders; /** * Instantiates a new Pc authorize config manager. * * @param authorizeConfigProviders the authorize config providers */ @Autowired public PcAuthorizeConfigManager(List<AuthorizeConfigProvider> authorizeConfigProviders) { this.authorizeConfigProviders = authorizeConfigProviders; } /** * Config. * * @param config the config */ @Override public void config(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry config) { for (AuthorizeConfigProvider authorizeConfigProvider : authorizeConfigProviders) { authorizeConfigProvider.config(config); } config.anyRequest().authenticated(); } } 请求过来时?permissionService.hasPermission进不去了,原来是PcAuthorizeConfigManager被改坏了,红色部分表示所有url都可以被认证用户访问,代码复原后ok @Component public class PcAuthorizeConfigManager implements AuthorizeConfigManager { private final List<AuthorizeConfigProvider> authorizeConfigProviders; /** * Instantiates a new Pc authorize config manager. * * @param authorizeConfigProviders the authorize config providers */ @Autowired public PcAuthorizeConfigManager(List<AuthorizeConfigProvider> authorizeConfigProviders) { this.authorizeConfigProviders = authorizeConfigProviders; } /** * Config. * * @param config the config */ @Override public void config(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry config) { boolean existAnyRequestConfig = false; String existAnyRequestConfigName = null; for (AuthorizeConfigProvider authorizeConfigProvider : authorizeConfigProviders) { boolean currentIsAnyRequestConfig = authorizeConfigProvider.config(config); if (existAnyRequestConfig && currentIsAnyRequestConfig) { throw new RuntimeException("重复的anyRequest配置:" + existAnyRequestConfigName + "," + authorizeConfigProvider.getClass().getSimpleName()); } else if (currentIsAnyRequestConfig) { existAnyRequestConfig = true; existAnyRequestConfigName = authorizeConfigProvider.getClass().getSimpleName(); } } if (!existAnyRequestConfig) { config.anyRequest().authenticated(); } } } (编辑:李大同) 【声明】本站内容均来自网络,其相关言论仅代表作者个人观点,不代表本站立场。若无意侵犯到您的权利,请及时与联系站长删除相关内容! |
相关内容
- 基于Asp.net C#实现HTML转图片(网页快照)
- asp.net-mvc – 维护消息完整性
- asp.net-mvc – 如何降级Visual Studio 2012中的Entity Fra
- asp.net-mvc-2 – 强大类型的ActionLink在Asp.Net MVC 2?
- asp.net-mvc-5 – 在GenerateUserIdentityAsync方法的aspne
- 如果用户在线,如何检入ASP.NET?
- asp.net-mvc – 在什么级别可以使用SPDY?
- asp.net-mvc-3 – OutputCache属性和jQuery Ajax没有缓存
- asp.net – 我需要将.compiled文件复制到生产服务器?
- asp.net读取excel文件的三种方法示例
推荐文章
站长推荐
- asp.net-mvc – 如何在使用Html.BeginForm时使用
- asp.net – 在Azure部署期间(彻底改变)Web.confi
- asp.net – Web用户控件通过XML填充项目
- asp.net-mvc – 我在哪里可以初始化Orchard模块中
- .NET Core技术研究-主机Host ASP.NET
- ASP.Net Identity 2.0:用户是System.Web.Securi
- asp.net-mvc – ASP.NET MVC 5为隐藏输入渲染不同
- asp.net – 需要有关选择数据访问方法的建议
- asp.net-mvc – Actionresult vs JSONresult
- asp.net-mvc-3 – 带Razor的条件显示元素
热点阅读