-
Notifications
You must be signed in to change notification settings - Fork 18
minsx framework security
Joker edited this page Apr 4, 2018
·
5 revisions
- 支持RBAC策略
- 支持动态JAVASCRIPT/SPEL/GROOVY/OGNL等表达式权限校验
- 支持元权限校验
- 支持角色校验
- 支持自定义权限校验
- 支持注解校验
- 支持统一请求信息校验
- 支持事件通知
- 支持单点登录(待完善)
import com.minsx.framework.security.api.configure.WebSecurity;
import com.minsx.framework.security.api.configure.WebSecurityConfigurer;
import org.springframework.context.annotation.Configuration;
@Configuration
public class SecurityConfig implements WebSecurityConfigurer {
@Override
public void configure(WebSecurity webSecurity) {
webSecurity
.enabled(true)
.authorizeConfigurer()
.needAuthorize("/**")
.unNeedAuthorize("/", "/static/**")
.and()
.loginConfigurer()
.loginAPIUrl("/api/login")
.loginPageUrl("/page/login")
.and()
.logoutConfigurer()
.logoutAPIUrl("/api/logout");
}
}import com.minsx.framework.security.api.authority.CustomAuthority;
import com.minsx.framework.security.api.authority.RequestAuthority;
import com.minsx.framework.security.api.basic.Role;
import com.minsx.framework.security.api.basic.SecurityUser;
import java.util.List;
public class User implements SecurityUser {
private String username;
private String password;
private Boolean isLock;
private Boolean isEnabled;
private List<Role> roles;
private List<CustomAuthority> customAuthorities;
private List<RequestAuthority> requestAuthorities;
@Override
public String getUsername() {
return this.username;
}
@Override
public String getPassword() {
return this.password;
}
@Override
public Boolean isLocked() {
return isLock;
}
@Override
public Boolean isEnabled() {
return isEnabled;
}
@Override
public List<Role> getRoles() {
return this.roles;
}
@Override
public List<CustomAuthority> getCustomAuthorities() {
return this.customAuthorities;
}
@Override
public List<RequestAuthority> getRequestAuthorities() {
return this.requestAuthorities;
}
public void setUsername(String username) {
this.username = username;
}
public void setPassword(String password) {
this.password = password;
}
public Boolean getLock() {
return isLock;
}
public void setLock(Boolean lock) {
isLock = lock;
}
public Boolean getEnabled() {
return isEnabled;
}
public void setEnabled(Boolean enabled) {
isEnabled = enabled;
}
public void setRoles(List<Role> roles) {
this.roles = roles;
}
public void setCustomAuthorities(List<CustomAuthority> customAuthorities) {
this.customAuthorities = customAuthorities;
}
public void setRequestAuthorities(List<RequestAuthority> requestAuthorities) {
this.requestAuthorities = requestAuthorities;
}
}import com.minsx.example.security.entity.User;
import com.minsx.framework.security.api.authority.CustomAuthority;
import com.minsx.framework.security.api.authority.RequestAuthority;
import com.minsx.framework.security.api.basic.Role;
import com.minsx.framework.security.api.basic.SecurityUser;
import com.minsx.framework.security.api.exception.AuthorityDenyException;
import com.minsx.framework.security.api.exception.AuthorizationException;
import com.minsx.framework.security.api.service.LoadSecurityUserService;
import com.minsx.framework.security.api.simple.SimpleCustomAuthority;
import com.minsx.framework.security.api.simple.SimpleRequestAuthority;
import com.minsx.framework.security.api.simple.SimpleRole;
import org.springframework.stereotype.Component;
import javax.servlet.http.HttpServletRequest;
import java.util.ArrayList;
import java.util.List;
@Component
public class LoadSecurityUserServiceImpl implements LoadSecurityUserService {
@Override
public SecurityUser loadUser(HttpServletRequest httpServletRequest) throws AuthorizationException {
User user = new User();
user.setUsername(httpServletRequest.getParameter("username"));
user.setPassword(httpServletRequest.getParameter("password"));
user.setEnabled(true);
user.setLock(false);
List<Role> roles = new ArrayList<>();
roles.add(new SimpleRole("admin"));
roles.add(new SimpleRole("user"));
user.setRoles(roles);
List<RequestAuthority> requestAuthorities = new ArrayList<>();
requestAuthorities.add(new SimpleRequestAuthority("/user/userInfo", "GET", "ALL"));
requestAuthorities.add(new SimpleRequestAuthority("/user/select", "GET", "ALL"));
requestAuthorities.add(new SimpleRequestAuthority("/user/deleteUser", "DELETE", "ALL"));
requestAuthorities.add(new SimpleRequestAuthority("/user/update", "PUT", "name=good&age=25"));
user.setRequestAuthorities(requestAuthorities);
List<CustomAuthority> customAuthorizes = new ArrayList<>();
customAuthorizes.add(new SimpleCustomAuthority("user", "good"));
customAuthorizes.add(new SimpleCustomAuthority("user", "john"));
customAuthorizes.add(new SimpleCustomAuthority("user", "joker"));
customAuthorizes.add(new SimpleCustomAuthority("system", "mack"));
user.setCustomAuthorities(customAuthorizes);
if (!("admin".equals(user.getUsername()) && "admin".equals(user.getPassword()))) {
throw new AuthorityDenyException(403, "username or password is incorrect");
}
return user;
}
}import com.alibaba.fastjson.JSON;
import com.minsx.framework.security.api.listener.LoginSuccessEvent;
import org.springframework.context.ApplicationListener;
import org.springframework.stereotype.Component;
@Component
public class LoginSuccessEventListener implements ApplicationListener<LoginSuccessEvent>{
@Override
public void onApplicationEvent(LoginSuccessEvent event) {
System.out.println(JSON.toJSONString(event.getAuthentication()));
}
}import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.GetMapping;
import org.springframework.web.bind.annotation.RequestMapping;
@Controller
@RequestMapping(value = "/user")
public class SystemController {
@GetMapping(value = "/login")
public String login() {
return "login";
}
}import com.minsx.framework.security.api.annotation.VerifyAuthority;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.RequestMapping;
@Controller
@RequestMapping(value = "/user")
public class SystemController {
@DeleteMapping(value = "/deleteUser")
@VerifyAuthority(value = {"user:good", "system:mack", "group:jack"}, logic = Logic.OR)
public ResponseEntity<?> deleteUser() {
return new ResponseEntity<Object>("success", HttpStatus.OK);
}
}import com.minsx.framework.security.api.annotation.Logic;
import com.minsx.framework.security.api.annotation.Order;
import com.minsx.framework.security.api.annotation.Scope;
import com.minsx.framework.security.api.annotation.VerifyRole;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
@Controller
@RequestMapping(value = "/user")
public class SystemController {
@DeleteMapping(value = "/deleteUser")
@VerifyRole(value = {"admin", "user", "super"}, logic = Logic.AND, order = Order.BEFORE, scope = Scope.EXCLUDE)
public ResponseEntity<?> deleteUser() {
return new ResponseEntity<Object>("success", HttpStatus.OK);
}
}import com.minsx.framework.security.api.annotation.Script;
import com.minsx.framework.security.api.annotation.VerifyExpression;
import org.springframework.http.HttpStatus;
import org.springframework.http.ResponseEntity;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.DeleteMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RequestParam;
@Controller
@RequestMapping(value = "/user")
public class SystemController {
@DeleteMapping(value = "/deleteUser")
@VerifyExpression(value = {"'good'==#name"},script = Script.SPEL)
public ResponseEntity<?> deleteUser(@RequestParam String name) {
return new ResponseEntity<Object>("success", HttpStatus.OK);
}
}- POM引入(暂未发布):
<dependency>
<groupId>com.minsx</groupId>
<artifactId>minsx-framework-security</artifactId>
<version>1.0.0</version>
</dependency>
Minsx-framework Apache License Version 2.0 http://www.apache.org/licenses/
项目文档
- Minsx-framework-common
- Minsx-framework-common-basic
- Minsx-framework-common-excel
- Minsx-framework-common-mail
- Minsx-framework-common-shell
- Minsx-framework-security
联系方式
- Email:support@minsx.com
- Git:github.com/MinsxCloud
- Web:www.minsx.com