add rbac

starway · Sep 21, 2017 · 3d41ab4 · 3d41ab4
1 parent c30cc34
commit 3d41ab4
Show file tree

Hide file tree

Showing 282 changed files with 76,549 additions and 31 deletions.
diff --git a/imooc-security-authorize/pom.xml b/imooc-security-authorize/pom.xml
@@ -10,12 +10,17 @@
 
 	<dependencies>
 		<dependency>
-			<groupId>javax.servlet</groupId>
-			<artifactId>javax.servlet-api</artifactId>
+			<groupId>com.imooc.security</groupId>
+			<artifactId>imooc-security-core</artifactId>
+			<version>${imooc.security.version}</version>
 		</dependency>
 		<dependency>
-			<groupId>org.springframework.security</groupId>
-			<artifactId>spring-security-core</artifactId>
+			<groupId>org.springframework.boot</groupId>
+			<artifactId>spring-boot-starter-data-jpa</artifactId>
+		</dependency>
+		<dependency>
+			<groupId>joda-time</groupId>
+			<artifactId>joda-time</artifactId>
 		</dependency>
 	</dependencies>
 </project>
diff --git a/imooc-security-authorize/src/main/java/com/imooc/security/rbac/RbacServiceImpl.java b/imooc-security-authorize/src/main/java/com/imooc/security/rbac/RbacServiceImpl.java
@@ -3,48 +3,49 @@
  */
 package com.imooc.security.rbac;
 
-import java.util.HashSet;
 import java.util.Set;
 
 import javax.servlet.http.HttpServletRequest;
 
+import org.apache.commons.lang.StringUtils;
 import org.springframework.security.core.Authentication;
-import org.springframework.security.core.userdetails.UserDetails;
 import org.springframework.stereotype.Component;
 import org.springframework.util.AntPathMatcher;
 
+import com.imooc.security.rbac.domain.Admin;
+
 /**
  * @author zhailiang
  *
  */
 @Component("rbacService")
 public class RbacServiceImpl implements RbacService {
-	
+
 	private AntPathMatcher antPathMatcher = new AntPathMatcher();
 
 	@Override
 	public boolean hasPermission(HttpServletRequest request, Authentication authentication) {
 		Object principal = authentication.getPrincipal();
-		
+
 		boolean hasPermission = false;
-
-		if (principal instanceof UserDetails) {
-
-			String username = ((UserDetails)principal).getUsername();
-			//读取用户所拥有权限的所有URL
-			Set<String> urls = new HashSet<>();
-			for (String url : urls) {
-				if(antPathMatcher.match(url, request.getRequestURI())){
-					hasPermission = true;
-					break;
+
+		if (principal instanceof Admin) {
+			//如果用户名是admin，就永远返回true
+			if (StringUtils.equals(((Admin) principal).getUsername(), "admin")) {
+				hasPermission = true;
+			} else {
+				// 读取用户所拥有权限的所有URL
+				Set<String> urls = ((Admin) principal).getUrls();
+				for (String url : urls) {
+					if (antPathMatcher.match(url, request.getRequestURI())) {
+						hasPermission = true;
+						break;
+					}
 				}
 			}
-
 		}
-		
+
 		return hasPermission;
 	}
-
-
 
 }
diff --git a/...uthorize/src/main/java/com/imooc/security/rbac/authorize/RbacAuthorizeConfigProvider.java b/...uthorize/src/main/java/com/imooc/security/rbac/authorize/RbacAuthorizeConfigProvider.java
@@ -0,0 +1,36 @@
+/**
+ * 
+ */
+package com.imooc.security.rbac.authorize;
+
+import org.springframework.core.annotation.Order;
+import org.springframework.http.HttpMethod;
+import org.springframework.security.config.annotation.web.builders.HttpSecurity;
+import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
+import org.springframework.stereotype.Component;
+
+import com.imooc.security.core.authorize.AuthorizeConfigProvider;
+
+/**
+ * @author zhailiang
+ *
+ */
+@Component
+@Order(Integer.MAX_VALUE)
+public class RbacAuthorizeConfigProvider implements AuthorizeConfigProvider {
+
+	/* (non-Javadoc)
+	 * @see com.imooc.security.core.authorize.AuthorizeConfigProvider#config(org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer.ExpressionInterceptUrlRegistry)
+	 */
+	@Override
+	public void config(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry config) {
+		config
+		.antMatchers(HttpMethod.GET, "/fonts/**").permitAll()
+		.antMatchers(HttpMethod.GET, 
+				"/admin/me",
+				"/resource").authenticated()
+		.anyRequest()
+			.access("@rbacService.hasPermission(request, authentication)");
+	}
+
+}
diff --git a/imooc-security-authorize/src/main/java/com/imooc/security/rbac/authorize/package-info.java b/imooc-security-authorize/src/main/java/com/imooc/security/rbac/authorize/package-info.java
@@ -0,0 +1,8 @@
+/**
+ * 
+ */
+/**
+ * @author zhailiang
+ *
+ */
+package com.imooc.security.rbac.authorize;
diff --git a/imooc-security-authorize/src/main/java/com/imooc/security/rbac/domain/Admin.java b/imooc-security-authorize/src/main/java/com/imooc/security/rbac/domain/Admin.java
@@ -0,0 +1,241 @@
+/**
+ * 
+ */
+package com.imooc.security.rbac.domain;
+
+import java.util.Collection;
+import java.util.Date;
+import java.util.HashSet;
+import java.util.Set;
+import java.util.function.Consumer;
+
+import javax.persistence.CascadeType;
+import javax.persistence.Entity;
+import javax.persistence.GeneratedValue;
+import javax.persistence.Id;
+import javax.persistence.OneToMany;
+import javax.persistence.Temporal;
+import javax.persistence.TemporalType;
+import javax.persistence.Transient;
+
+import org.apache.commons.collections.CollectionUtils;
+import org.springframework.data.annotation.CreatedDate;
+import org.springframework.security.core.GrantedAuthority;
+import org.springframework.security.core.userdetails.UserDetails;
+
+/**
+ * 管理员(用户)
+ * 
+ * @author zhailiang
+ *
+ */
+@Entity
+public class Admin implements UserDetails {
+
+	/**
+	 * 
+	 */
+	private static final long serialVersionUID = -3521673552808391992L;
+	/**
+	 * 数据库主键
+	 */
+	@Id
+	@GeneratedValue
+	private Long id;
+	/**
+	 * 审计日志，记录条目创建时间，自动赋值，不需要程序员手工赋值
+	 */
+	@Temporal(TemporalType.TIMESTAMP)
+	@CreatedDate
+	private Date createdTime;
+	/**
+	 * 用户名
+	 */
+	private String username;
+	/**
+	 * 密码
+	 */
+	private String password;
+	/**
+	 * 用户的所有角色
+	 */
+	@OneToMany(mappedBy = "admin", cascade = CascadeType.REMOVE)
+	private Set<RoleAdmin> roles = new HashSet<>();
+	/**
+	 * 用户有权访问的所有url，不持久化到数据库
+	 */
+	@Transient
+	private Set<String> urls = new HashSet<>();
+	/**
+	 * 用户有权的所有资源id，不持久化到数据库
+	 */
+	@Transient
+	private Set<Long> resourceIds = new HashSet<>();
+
+	/*
+	 * (non-Javadoc)
+	 * 
+	 * @see
+	 * org.springframework.security.core.userdetails.UserDetails#getAuthorities(
+	 * )
+	 */
+	@Override
+	public Collection<? extends GrantedAuthority> getAuthorities() {
+		return null;
+	}
+	/**
+	 * @return
+	 */
+	public Set<Long> getAllResourceIds() {
+		init(resourceIds);
+		forEachResource(resource -> resourceIds.add(resource.getId()));
+		return resourceIds;
+	}
+	/**
+	 * @return
+	 */
+	public Long getId() {
+		return id;
+	}
+
+	/**
+	 * @param id
+	 */
+	public void setId(Long id) {
+		this.id = id;
+	}
+
+	/*
+	 * (non-Javadoc)
+	 * 
+	 * @see
+	 * org.springframework.security.core.userdetails.UserDetails#getUsername()
+	 */
+	public String getUsername() {
+		return username;
+	}
+
+	/**
+	 * @param username
+	 */
+	public void setUsername(String username) {
+		this.username = username;
+	}
+
+	/*
+	 * (non-Javadoc)
+	 * 
+	 * @see
+	 * org.springframework.security.core.userdetails.UserDetails#getPassword()
+	 */
+	public String getPassword() {
+		return password;
+	}
+
+	/**
+	 * @param password
+	 */
+	public void setPassword(String password) {
+		this.password = password;
+	}
+
+	/*
+	 * (non-Javadoc)
+	 * 
+	 * @see org.springframework.security.core.userdetails.UserDetails#
+	 * isAccountNonExpired()
+	 */
+	@Override
+	public boolean isAccountNonExpired() {
+		return true;
+	}
+
+	/*
+	 * (non-Javadoc)
+	 * 
+	 * @see org.springframework.security.core.userdetails.UserDetails#
+	 * isAccountNonLocked()
+	 */
+	@Override
+	public boolean isAccountNonLocked() {
+		return true;
+	}
+
+	/*
+	 * (non-Javadoc)
+	 * 
+	 * @see org.springframework.security.core.userdetails.UserDetails#
+	 * isCredentialsNonExpired()
+	 */
+	@Override
+	public boolean isCredentialsNonExpired() {
+		return true;
+	}
+
+	/*
+	 * (non-Javadoc)
+	 * 
+	 * @see
+	 * org.springframework.security.core.userdetails.UserDetails#isEnabled()
+	 */
+	@Override
+	public boolean isEnabled() {
+		return true;
+	}
+
+	/**
+	 * @return the roles
+	 */
+	public Set<RoleAdmin> getRoles() {
+		return roles;
+	}
+
+	/**
+	 * @param roles
+	 *            the roles to set
+	 */
+	public void setRoles(Set<RoleAdmin> roles) {
+		this.roles = roles;
+	}
+
+	/**
+	 * @return the urls
+	 */
+	public Set<String> getUrls() {
+		init(urls);
+		forEachResource(resource -> urls.addAll(resource.getUrls()));
+		return urls;
+	}
+
+	/**
+	 * @param data
+	 * @param consumer
+	 */
+	private void init(Set<?> data){
+		if (CollectionUtils.isEmpty(data)) {
+			if (data == null) {
+				data = new HashSet<>();
+			}
+		}
+	}
+	/**
+	 * @param consumer
+	 */
+	private void forEachResource(Consumer<Resource> consumer) {
+		for (RoleAdmin role : roles) {
+			for (RoleResource resource : role.getRole().getResources()) {
+				consumer.accept(resource.getResource());
+			}
+		}
+	}
+
+
+	/**
+	 * @param urls
+	 *            the urls to set
+	 */
+	public void setUrls(Set<String> urls) {
+		this.urls = urls;
+	}
+
+}