Example 1 with AuthPermission
use of com.github.liuweijw.system.api.model.AuthPermission in project fw-cloud-framework by liuweijw.
the class PermissionFeignApiClient method findMenuByRole.
@Override
@ApiOperation(httpMethod = GET, value = "通过角色获取菜单权限")
@ApiImplicitParam(name = "roleCode", value = "用户roleCode", required = true, dataType = "string", paramType = "path")
public Set<AuthPermission> findMenuByRole(@PathVariable("roleCode") String roleCode) {
Set<AuthPermission> permissions = new HashSet<AuthPermission>();
if (StringHelper.isBlank(roleCode))
return permissions;
Set<AuthMenu> menus = menuService.findMenuByRole(roleCode);
if (null == menus || menus.size() == 0)
return permissions;
menus.stream().forEach(r -> {
permissions.add(new AuthPermission(r.getUrl()));
});
return permissions;
}
Also used :
AuthMenu(com.github.liuweijw.core.beans.system.AuthMenu)
AuthPermission(com.github.liuweijw.system.api.model.AuthPermission)
HashSet(java.util.HashSet)
ApiOperation(io.swagger.annotations.ApiOperation)
ApiImplicitParam(io.swagger.annotations.ApiImplicitParam)
Example 2 with AuthPermission
use of com.github.liuweijw.system.api.model.AuthPermission in project fw-cloud-framework by liuweijw.
the class PermissionServiceImpl method hasPermission.
@SuppressWarnings("unchecked")
@Override
public boolean hasPermission(HttpServletRequest request, Authentication authentication) {
// options 跨域配置,现在处理是通过前端配置代理,不使用这种方式,存在风险
/*
* if (HttpMethod.OPTIONS.name().equalsIgnoreCase(request.getMethod())) { return true; }
*/
Object principal = authentication.getPrincipal();
List<SimpleGrantedAuthority> grantedAuthorityList = (List<SimpleGrantedAuthority>) authentication.getAuthorities();
boolean hasPermission = false;
if (null == principal)
return hasPermission;
if (CollectionUtils.isEmpty(grantedAuthorityList))
return hasPermission;
String token = JwtUtil.getToken(request);
if (null == token) {
log.warn("==> gateway|permissionService 未获取到Header Authorization");
return hasPermission;
}
if (!"anonymousUser".equals(principal.toString())) {
RedisTokenStore tokenStore = new RedisTokenStore(redisConnectionFactory);
tokenStore.setPrefix(SecurityConstant.PREFIX);
OAuth2AccessToken accessToken = tokenStore.readAccessToken(token);
if (null == accessToken || accessToken.isExpired()) {
log.warn("==> gateway|permissionService token 过期或者不存在");
return hasPermission;
}
}
// 接口层面做了缓存处理,后续可以继续优化
Set<AuthPermission> permissions = new HashSet<AuthPermission>();
for (SimpleGrantedAuthority authority : grantedAuthorityList) {
permissions.addAll(permissionFeignApi.findMenuByRole(authority.getAuthority()));
}
// 网关处理是否拥有菜单权限,菜单下的功能权限校验由调用子模块负责
String requestURI = request.getRequestURI();
for (AuthPermission menu : permissions) {
if (StringHelper.isNotEmpty(menu.getUrl()) && antPathMatcher.match(menu.getUrl(), requestURI)) {
hasPermission = true;
break;
}
}
return hasPermission;
}
Also used :
SimpleGrantedAuthority(org.springframework.security.core.authority.SimpleGrantedAuthority)
RedisTokenStore(org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore)
OAuth2AccessToken(org.springframework.security.oauth2.common.OAuth2AccessToken)
AuthPermission(com.github.liuweijw.system.api.model.AuthPermission)
List(java.util.List)
HashSet(java.util.HashSet)
Aggregations
AuthPermission (com.github.liuweijw.system.api.model.AuthPermission)2
HashSet (java.util.HashSet)2
AuthMenu (com.github.liuweijw.core.beans.system.AuthMenu)1
ApiImplicitParam (io.swagger.annotations.ApiImplicitParam)1
ApiOperation (io.swagger.annotations.ApiOperation)1
List (java.util.List)1
SimpleGrantedAuthority (org.springframework.security.core.authority.SimpleGrantedAuthority)1
OAuth2AccessToken (org.springframework.security.oauth2.common.OAuth2AccessToken)1
RedisTokenStore (org.springframework.security.oauth2.provider.token.store.redis.RedisTokenStore)1
