✨ 修改文档逻辑,和自定义授权,编程方式授权,使用切入点授权
This commit is contained in:
parent
b11ce877be
commit
41cd4c9976
File diff suppressed because it is too large
Load Diff
|
|
@ -0,0 +1,30 @@
|
|||
package com.spring.step2.security.config;
|
||||
|
||||
import com.spring.step2.security.manger.PostAuthorizationManager;
|
||||
import com.spring.step2.security.manger.PreAuthorizationManager;
|
||||
import org.springframework.aop.Advisor;
|
||||
import org.springframework.beans.factory.config.BeanDefinition;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.context.annotation.Role;
|
||||
import org.springframework.security.authorization.method.AuthorizationManagerAfterMethodInterceptor;
|
||||
import org.springframework.security.authorization.method.AuthorizationManagerBeforeMethodInterceptor;
|
||||
import org.springframework.security.config.annotation.method.configuration.EnableMethodSecurity;
|
||||
|
||||
@Configuration
|
||||
@EnableMethodSecurity(prePostEnabled = false)
|
||||
public class AuthorizationManagerConfiguration {
|
||||
|
||||
@Bean
|
||||
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
|
||||
Advisor preAuthorize(PreAuthorizationManager manager) {
|
||||
return AuthorizationManagerBeforeMethodInterceptor.preAuthorize(manager);
|
||||
}
|
||||
|
||||
@Bean
|
||||
@Role(BeanDefinition.ROLE_INFRASTRUCTURE)
|
||||
Advisor postAuthorize(PostAuthorizationManager manager) {
|
||||
return AuthorizationManagerAfterMethodInterceptor.postAuthorize(manager);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -1,15 +1,10 @@
|
|||
package com.spring.step2.security.config;
|
||||
|
||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
|
||||
import org.springframework.context.annotation.Bean;
|
||||
import org.springframework.context.annotation.Configuration;
|
||||
import org.springframework.security.authorization.method.PrePostTemplateDefaults;
|
||||
import org.springframework.security.core.userdetails.User;
|
||||
import org.springframework.security.core.userdetails.UserDetails;
|
||||
import org.springframework.security.core.userdetails.UserDetailsService;
|
||||
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
|
||||
import org.springframework.security.crypto.password.PasswordEncoder;
|
||||
import org.springframework.security.provisioning.InMemoryUserDetailsManager;
|
||||
|
||||
@Configuration
|
||||
public class SecurityConfiguration {
|
||||
|
|
@ -45,27 +40,6 @@ public class SecurityConfiguration {
|
|||
return new PrePostTemplateDefaults();
|
||||
}
|
||||
|
||||
/**
|
||||
* 添加内存用户
|
||||
*
|
||||
* @return {@link ConditionalOnMissingBean}
|
||||
*/
|
||||
@Bean
|
||||
@ConditionalOnMissingBean(UserDetailsService.class)
|
||||
InMemoryUserDetailsManager inMemoryUserDetailsManager(PasswordEncoder passwordEncoder) {
|
||||
// 使用注入的密码加密器进行密码加密
|
||||
String generatedPassword = passwordEncoder.encode("123456");
|
||||
|
||||
// 创建用户 权限为只读
|
||||
UserDetails bunny = User.withUsername("bunny").password(generatedPassword).roles("USER").authorities("read").build();
|
||||
|
||||
// 管理员可以查看全部
|
||||
UserDetails admin = User.withUsername("admin").password(generatedPassword).roles("ADMIN").authorities("all", "read").build();
|
||||
|
||||
// 返回内存中的用户
|
||||
return new InMemoryUserDetailsManager(bunny, admin);
|
||||
}
|
||||
|
||||
/**
|
||||
* 配置密码编码器Bean
|
||||
*
|
||||
|
|
|
|||
|
|
@ -1,23 +0,0 @@
|
|||
package com.spring.step2.security.manger;
|
||||
|
||||
import org.aopalliance.intercept.MethodInvocation;
|
||||
import org.springframework.security.authorization.AuthorizationDecision;
|
||||
import org.springframework.security.authorization.AuthorizationManager;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
import java.util.function.Supplier;
|
||||
|
||||
/**
|
||||
* 处理方法调用前的授权检查
|
||||
* check()方法接收的是MethodInvocation对象,包含即将执行的方法调用信息
|
||||
* 用于决定是否允许执行某个方法
|
||||
* 这是传统的"前置授权"模式
|
||||
*/
|
||||
@Component
|
||||
public class MyAuthorizationManager implements AuthorizationManager<MethodInvocation> {
|
||||
@Override
|
||||
public AuthorizationDecision check(Supplier<Authentication> authentication, MethodInvocation invocation) {
|
||||
return new AuthorizationDecision(true);
|
||||
}
|
||||
}
|
||||
|
|
@ -17,6 +17,38 @@ import java.util.function.Supplier;
|
|||
@Component
|
||||
public class PostAuthorizationManager implements AuthorizationManager<MethodInvocationResult> {
|
||||
|
||||
/**
|
||||
* 这里两个实现方法按照Security官方要求进行实现
|
||||
* <h4>类说明:</h4>
|
||||
* 下面的实现是对方法执行前进行权限校验的判断
|
||||
* <pre>
|
||||
* <code>AuthorizationManager <MethodInvocation></code>
|
||||
* </pre>
|
||||
* 下面的这个是对方法执行后对权限的判断
|
||||
* <pre>
|
||||
* <code>AuthorizationManager <MethodInvocationResult></code>
|
||||
* </pre>
|
||||
*
|
||||
* <h4>注意事项:</h4>
|
||||
* 将上述两个方法按照自定义的方式进行实现后,还需要禁用默认的。
|
||||
* <pre>
|
||||
* @Configuration
|
||||
* @EnableMethodSecurity(prePostEnabled = false)
|
||||
* class MethodSecurityConfig {
|
||||
* @Bean
|
||||
* @Role(BeanDefinition.ROLE_INFRASTRUCTURE)
|
||||
* Advisor preAuthorize(MyAuthorizationManager manager) {
|
||||
* return AuthorizationManagerBeforeMethodInterceptor.preAuthorize(manager);
|
||||
* }
|
||||
*
|
||||
* @Bean
|
||||
* @Role(BeanDefinition.ROLE_INFRASTRUCTURE)
|
||||
* Advisor postAuthorize(MyAuthorizationManager manager) {
|
||||
* return AuthorizationManagerAfterMethodInterceptor.postAuthorize(manager);
|
||||
* }
|
||||
* }
|
||||
* </pre>
|
||||
*/
|
||||
@Override
|
||||
public AuthorizationDecision check(Supplier<Authentication> authentication, MethodInvocationResult invocation) {
|
||||
return new AuthorizationDecision(true);
|
||||
|
|
|
|||
|
|
@ -0,0 +1,57 @@
|
|||
package com.spring.step2.security.manger;
|
||||
|
||||
import org.aopalliance.intercept.MethodInvocation;
|
||||
import org.springframework.security.authorization.AuthorizationDecision;
|
||||
import org.springframework.security.authorization.AuthorizationManager;
|
||||
import org.springframework.security.core.Authentication;
|
||||
import org.springframework.stereotype.Component;
|
||||
|
||||
import java.util.function.Supplier;
|
||||
|
||||
/**
|
||||
* 处理方法调用前的授权检查
|
||||
* check()方法接收的是MethodInvocation对象,包含即将执行的方法调用信息
|
||||
* 用于决定是否允许执行某个方法
|
||||
* 这是传统的"前置授权"模式
|
||||
*/
|
||||
@Component
|
||||
public class PreAuthorizationManager implements AuthorizationManager<MethodInvocation> {
|
||||
|
||||
/**
|
||||
* 这里两个实现方法按照Security官方要求进行实现
|
||||
* <h4>类说明:</h4>
|
||||
* 下面的实现是对方法执行前进行权限校验的判断
|
||||
* <pre>
|
||||
* <code>AuthorizationManager <MethodInvocation></code>
|
||||
* </pre>
|
||||
* 下面的这个是对方法执行后对权限的判断
|
||||
* <pre>
|
||||
* <code>AuthorizationManager <MethodInvocationResult></code>
|
||||
* </pre>
|
||||
*
|
||||
* <h4>注意事项:</h4>
|
||||
* 将上述两个方法按照自定义的方式进行实现后,还需要禁用默认的。
|
||||
* <pre>
|
||||
* @Configuration
|
||||
* @EnableMethodSecurity(prePostEnabled = false)
|
||||
* class MethodSecurityConfig {
|
||||
* @Bean
|
||||
* @Role(BeanDefinition.ROLE_INFRASTRUCTURE)
|
||||
* Advisor preAuthorize(MyAuthorizationManager manager) {
|
||||
* return AuthorizationManagerBeforeMethodInterceptor.preAuthorize(manager);
|
||||
* }
|
||||
*
|
||||
* @Bean
|
||||
* @Role(BeanDefinition.ROLE_INFRASTRUCTURE)
|
||||
* Advisor postAuthorize(MyAuthorizationManager manager) {
|
||||
* return AuthorizationManagerAfterMethodInterceptor.postAuthorize(manager);
|
||||
* }
|
||||
* }
|
||||
* </pre>
|
||||
*/
|
||||
@Override
|
||||
public AuthorizationDecision check(Supplier<Authentication> authentication, MethodInvocation invocation) {
|
||||
return new AuthorizationDecision(true);
|
||||
}
|
||||
|
||||
}
|
||||
|
|
@ -56,6 +56,7 @@ public class DbUserDetailService implements UserDetailsService {
|
|||
.password(userEntity.getPassword())
|
||||
// 设置用户 authorities
|
||||
.authorities(authorities)
|
||||
.roles(roles)
|
||||
.build();
|
||||
}
|
||||
|
||||
|
|
|
|||
Loading…
Reference in New Issue