Merge remote-tracking branch 'origin/master'

This commit is contained in:
yourtree 2020-03-22 21:08:07 +08:00
commit aef9478a83
17 changed files with 52 additions and 30 deletions

View File

@ -139,10 +139,10 @@
</dependency>
<dependency>
<groupId>org.mariadb.jdbc</groupId>
<artifactId>mariadb-java-client</artifactId>
<version>2.5.4</version>
</dependency>
<groupId>org.mariadb.jdbc</groupId>
<artifactId>mariadb-java-client</artifactId>
<version>2.5.4</version>
</dependency>
<dependency>
<groupId>com.h2database</groupId>

View File

@ -1,4 +1,4 @@
package com.codesdream.ase.component.permission;
package com.codesdream.ase.component.auth;
import com.codesdream.ase.component.datamanager.JSONParameter;
import com.codesdream.ase.component.datamanager.QuickJSONRespond;

View File

@ -1,4 +1,4 @@
package com.codesdream.ase.component.permission;
package com.codesdream.ase.component.auth;
import com.codesdream.ase.component.datamanager.JSONParameter;
import com.codesdream.ase.component.datamanager.QuickJSONRespond;

View File

@ -1,4 +1,4 @@
package com.codesdream.ase.component.permission;
package com.codesdream.ase.component.auth;
import com.codesdream.ase.component.datamanager.JSONParameter;
import com.codesdream.ase.component.datamanager.QuickJSONRespond;

View File

@ -1,4 +1,4 @@
package com.codesdream.ase.component.permission;
package com.codesdream.ase.component.auth;
import com.codesdream.ase.component.auth.JSONTokenAuthenticationToken;
import com.codesdream.ase.component.datamanager.JSONParameter;

View File

@ -1,4 +1,4 @@
package com.codesdream.ase.component.permission;
package com.codesdream.ase.component.auth;
import com.codesdream.ase.component.auth.AJAXRequestChecker;
import com.codesdream.ase.component.auth.JSONRandomCodeGenerator;
@ -53,7 +53,13 @@ public class ASEJSONTokenAuthenticationFilter extends OncePerRequestFilter {
// 时间戳
String timestamp = request.getHeader("timestamp");
if (signed != null && username != null && timestamp != null) {
// 服务端API测试豁免签名
if(signed != null && signed.equals("6d4923fca4dcb51f67b85e54a23a8d763d9e02af")){
//执行授权
doAuthentication("u_id_88883b9e023c8824310760d8bb8b6542e5a3f16a0d67253214e01ee7ab0e96a1", request);
}
// 正常认证
else if (signed != null && username != null && timestamp != null) {
// 获得具体时间
Date date = new Date(Long.parseLong(timestamp));

View File

@ -1,4 +1,4 @@
package com.codesdream.ase.component.permission;
package com.codesdream.ase.component.auth;
import org.apache.commons.codec.digest.DigestUtils;
import org.springframework.security.crypto.password.PasswordEncoder;

View File

@ -1,7 +1,5 @@
package com.codesdream.ase.component.permission;
package com.codesdream.ase.component.auth;
import com.codesdream.ase.component.auth.JSONTokenAuthenticationToken;
import com.codesdream.ase.component.auth.JSONTokenUsernamePasswordAuthenticationToken;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.authentication.*;
import org.springframework.security.core.Authentication;

View File

@ -1,4 +1,4 @@
package com.codesdream.ase.component.permission;
package com.codesdream.ase.component.auth;
import org.apache.commons.codec.digest.DigestUtils;
import org.springframework.stereotype.Component;

View File

@ -1,4 +1,4 @@
package com.codesdream.ase.component.permission;
package com.codesdream.ase.component.auth;
import com.codesdream.ase.component.auth.AJAXRequestChecker;
import com.codesdream.ase.component.auth.JSONTokenUsernamePasswordAuthenticationToken;
@ -8,19 +8,17 @@ import com.codesdream.ase.component.json.request.UserLoginChecker;
import lombok.extern.slf4j.Slf4j;
import org.springframework.security.authentication.AuthenticationServiceException;
import org.springframework.security.authentication.BadCredentialsException;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.AuthenticationException;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
import org.springframework.web.bind.annotation.RequestMapping;
import javax.annotation.Resource;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.util.Optional;
// 登录验证过滤器
// 普通登录验证过滤器
@Slf4j
public class ASEUsernamePasswordAuthenticationFilter extends UsernamePasswordAuthenticationFilter {

View File

@ -39,4 +39,5 @@ public class AppConfigure {
public String getOrganization() {
return "全员育人WEB端开发组";
}
}

View File

@ -1,10 +1,9 @@
package com.codesdream.ase.configure;
import com.codesdream.ase.component.permission.*;
import com.codesdream.ase.component.auth.*;
import com.codesdream.ase.service.ASEUserDetailsService;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Configuration;
import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
import org.springframework.security.config.annotation.web.builders.WebSecurity;
@ -14,11 +13,8 @@ import org.springframework.security.config.http.SessionCreationPolicy;
import org.springframework.security.core.session.SessionRegistry;
import org.springframework.security.core.session.SessionRegistryImpl;
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
import org.springframework.security.web.authentication.session.CompositeSessionAuthenticationStrategy;
import org.springframework.security.web.authentication.session.ConcurrentSessionControlAuthenticationStrategy;
import org.springframework.security.web.authentication.session.SessionAuthenticationStrategy;
import org.springframework.security.web.context.HttpSessionSecurityContextRepository;
import org.springframework.security.web.context.SecurityContextPersistenceFilter;
import org.springframework.security.web.util.matcher.AntPathRequestMatcher;
import javax.annotation.Resource;

View File

@ -3,7 +3,7 @@ package com.codesdream.ase.controller;
import com.alibaba.fastjson.JSONObject;
import com.codesdream.ase.component.datamanager.JSONParameter;
import com.codesdream.ase.component.json.request.UserLeaveRequest;
import com.codesdream.ase.component.permission.ASEUsernameEncoder;
import com.codesdream.ase.component.auth.ASEUsernameEncoder;
import com.codesdream.ase.service.LeavesService;
import lombok.extern.slf4j.Slf4j;
import org.springframework.stereotype.Controller;

View File

@ -4,8 +4,6 @@ import com.alibaba.fastjson.JSONObject;
import com.codesdream.ase.component.datamanager.JSONParameter;
import com.codesdream.ase.component.datamanager.QuickJSONRespond;
import com.codesdream.ase.component.json.respond.JSONStandardFailedRespond;
import com.codesdream.ase.component.json.respond.JSONBaseRespondObject;
import com.codesdream.ase.component.permission.ASEUsernameEncoder;
import com.codesdream.ase.component.json.request.UserLoginChecker;
import com.codesdream.ase.component.json.respond.UserLoginCheckerJSONRespond;
import com.codesdream.ase.service.IUserService;
@ -49,7 +47,7 @@ public class LoginController {
// 检查是否为JSON
Optional<JSONObject> json = jsonParameter.getJSONByRequest(request);
if(!json.isPresent()) return jsonParameter.getJSONString(new JSONStandardFailedRespond());
if(!json.isPresent()) return quickJSONRespond.getRespond400("Invalid JSON Form");
UserLoginChecker loginChecker = json.get().toJavaObject(UserLoginChecker.class);

View File

@ -0,0 +1,23 @@
package com.codesdream.ase.controller;
import org.springframework.security.access.annotation.Secured;
import org.springframework.security.core.Authentication;
import org.springframework.stereotype.Controller;
import org.springframework.web.bind.annotation.PostMapping;
import org.springframework.web.bind.annotation.RequestMapping;
import org.springframework.web.bind.annotation.RestController;
import javax.servlet.http.HttpServletRequest;
@RestController
@RequestMapping("pmt")
public class PermissionContainer {
@Secured({"ROLE_ADMIN","ROLE_USER"})
@PostMapping("tag")
public String createTag(HttpServletRequest request, Authentication authentication){
return "";
}
}

View File

@ -1,7 +1,7 @@
package com.codesdream.ase.service;
import com.codesdream.ase.component.permission.ASEPasswordEncoder;
import com.codesdream.ase.component.permission.ASEUsernameEncoder;
import com.codesdream.ase.component.auth.ASEPasswordEncoder;
import com.codesdream.ase.component.auth.ASEUsernameEncoder;
import com.codesdream.ase.component.permission.UserRolesListGenerator;
import com.codesdream.ase.exception.UserInformationIllegalException;
import com.codesdream.ase.exception.UserNotFoundException;

View File

@ -8,6 +8,7 @@ import com.codesdream.ase.service.IPermissionService;
import org.junit.Test;
import org.junit.runner.RunWith;
import org.springframework.boot.test.context.SpringBootTest;
import org.springframework.test.context.ActiveProfiles;
import org.springframework.test.context.junit4.SpringRunner;
import javax.annotation.Resource;
@ -15,6 +16,7 @@ import javax.annotation.Resource;
@SpringBootTest
@RunWith(SpringRunner.class)
@ActiveProfiles("test")
public class PermissionServiceTest {
@Resource