Merge branch 'master' of https://gitee.com/zhijiantianya/ruoyi-vue-pro into feature/cache-list
commit
797be10752
|
@ -44,6 +44,12 @@
|
||||||
<artifactId>spring-boot-starter-security</artifactId>
|
<artifactId>spring-boot-starter-security</artifactId>
|
||||||
</dependency>
|
</dependency>
|
||||||
|
|
||||||
|
<!-- 工具类相关 -->
|
||||||
|
<dependency>
|
||||||
|
<groupId>com.google.guava</groupId>
|
||||||
|
<artifactId>guava</artifactId>
|
||||||
|
</dependency>
|
||||||
|
|
||||||
<!-- 业务组件 -->
|
<!-- 业务组件 -->
|
||||||
<dependency>
|
<dependency>
|
||||||
<groupId>cn.iocoder.boot</groupId>
|
<groupId>cn.iocoder.boot</groupId>
|
||||||
|
|
|
@ -6,6 +6,8 @@ import org.springframework.validation.annotation.Validated;
|
||||||
|
|
||||||
import javax.validation.constraints.NotEmpty;
|
import javax.validation.constraints.NotEmpty;
|
||||||
import javax.validation.constraints.NotNull;
|
import javax.validation.constraints.NotNull;
|
||||||
|
import java.util.Collections;
|
||||||
|
import java.util.List;
|
||||||
|
|
||||||
@ConfigurationProperties(prefix = "yudao.security")
|
@ConfigurationProperties(prefix = "yudao.security")
|
||||||
@Validated
|
@Validated
|
||||||
|
@ -30,4 +32,9 @@ public class SecurityProperties {
|
||||||
@NotEmpty(message = "mock 模式的密钥不能为空") // 这里设置了一个默认值,因为实际上只有 mockEnable 为 true 时才需要配置。
|
@NotEmpty(message = "mock 模式的密钥不能为空") // 这里设置了一个默认值,因为实际上只有 mockEnable 为 true 时才需要配置。
|
||||||
private String mockSecret = "test";
|
private String mockSecret = "test";
|
||||||
|
|
||||||
|
/**
|
||||||
|
* 免登录的 URL 列表
|
||||||
|
*/
|
||||||
|
private List<String> permitAllUrls = Collections.emptyList();
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -2,7 +2,10 @@ package cn.iocoder.yudao.framework.security.config;
|
||||||
|
|
||||||
import cn.iocoder.yudao.framework.security.core.filter.TokenAuthenticationFilter;
|
import cn.iocoder.yudao.framework.security.core.filter.TokenAuthenticationFilter;
|
||||||
import cn.iocoder.yudao.framework.web.config.WebProperties;
|
import cn.iocoder.yudao.framework.web.config.WebProperties;
|
||||||
|
import com.google.common.collect.HashMultimap;
|
||||||
|
import com.google.common.collect.Multimap;
|
||||||
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
|
import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
|
||||||
|
import org.springframework.context.ApplicationContext;
|
||||||
import org.springframework.context.annotation.Bean;
|
import org.springframework.context.annotation.Bean;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
import org.springframework.http.HttpMethod;
|
import org.springframework.http.HttpMethod;
|
||||||
|
@ -14,9 +17,15 @@ import org.springframework.security.config.http.SessionCreationPolicy;
|
||||||
import org.springframework.security.web.AuthenticationEntryPoint;
|
import org.springframework.security.web.AuthenticationEntryPoint;
|
||||||
import org.springframework.security.web.access.AccessDeniedHandler;
|
import org.springframework.security.web.access.AccessDeniedHandler;
|
||||||
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
|
||||||
|
import org.springframework.web.method.HandlerMethod;
|
||||||
|
import org.springframework.web.servlet.mvc.method.RequestMappingInfo;
|
||||||
|
import org.springframework.web.servlet.mvc.method.annotation.RequestMappingHandlerMapping;
|
||||||
|
|
||||||
import javax.annotation.Resource;
|
import javax.annotation.Resource;
|
||||||
|
import javax.annotation.security.PermitAll;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
import java.util.Map;
|
||||||
|
import java.util.Set;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 自定义的 Spring Security 配置适配器实现
|
* 自定义的 Spring Security 配置适配器实现
|
||||||
|
@ -29,6 +38,8 @@ public class YudaoWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdap
|
||||||
|
|
||||||
@Resource
|
@Resource
|
||||||
private WebProperties webProperties;
|
private WebProperties webProperties;
|
||||||
|
@Resource
|
||||||
|
private SecurityProperties securityProperties;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 认证失败处理类 Bean
|
* 认证失败处理类 Bean
|
||||||
|
@ -54,6 +65,9 @@ public class YudaoWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdap
|
||||||
@Resource
|
@Resource
|
||||||
private List<AuthorizeRequestsCustomizer> authorizeRequestsCustomizers;
|
private List<AuthorizeRequestsCustomizer> authorizeRequestsCustomizers;
|
||||||
|
|
||||||
|
@Resource
|
||||||
|
private ApplicationContext applicationContext;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* 由于 Spring Security 创建 AuthenticationManager 对象时,没声明 @Bean 注解,导致无法被注入
|
* 由于 Spring Security 创建 AuthenticationManager 对象时,没声明 @Bean 注解,导致无法被注入
|
||||||
* 通过覆写父类的该方法,添加 @Bean 注解,解决该问题
|
* 通过覆写父类的该方法,添加 @Bean 注解,解决该问题
|
||||||
|
@ -98,13 +112,21 @@ public class YudaoWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdap
|
||||||
.accessDeniedHandler(accessDeniedHandler);
|
.accessDeniedHandler(accessDeniedHandler);
|
||||||
// 登录、登录暂时不使用 Spring Security 的拓展点,主要考虑一方面拓展多用户、多种登录方式相对复杂,一方面用户的学习成本较高
|
// 登录、登录暂时不使用 Spring Security 的拓展点,主要考虑一方面拓展多用户、多种登录方式相对复杂,一方面用户的学习成本较高
|
||||||
|
|
||||||
|
// 获得 @PermitAll 带来的 URL 列表,免登录
|
||||||
|
Multimap<HttpMethod, String> permitAllUrls = getPermitAllUrlsFromAnnotations();
|
||||||
// 设置每个请求的权限
|
// 设置每个请求的权限
|
||||||
httpSecurity
|
httpSecurity
|
||||||
// ①:全局共享规则
|
// ①:全局共享规则
|
||||||
.authorizeRequests()
|
.authorizeRequests()
|
||||||
// 静态资源,可匿名访问
|
// 静态资源,可匿名访问
|
||||||
.antMatchers(HttpMethod.GET, "/*.html", "/**/*.html", "/**/*.css", "/**/*.js").permitAll()
|
.antMatchers(HttpMethod.GET, "/*.html", "/**/*.html", "/**/*.css", "/**/*.js").permitAll()
|
||||||
.antMatchers(HttpMethod.GET, "/admin-ui/**").permitAll()
|
// 设置 @PermitAll 无需认证
|
||||||
|
.antMatchers(HttpMethod.GET, permitAllUrls.get(HttpMethod.GET).toArray(new String[0])).permitAll()
|
||||||
|
.antMatchers(HttpMethod.POST, permitAllUrls.get(HttpMethod.POST).toArray(new String[0])).permitAll()
|
||||||
|
.antMatchers(HttpMethod.PUT, permitAllUrls.get(HttpMethod.PUT).toArray(new String[0])).permitAll()
|
||||||
|
.antMatchers(HttpMethod.DELETE, permitAllUrls.get(HttpMethod.DELETE).toArray(new String[0])).permitAll()
|
||||||
|
// 基于 yudao.security.permit-all-urls 无需认证
|
||||||
|
.antMatchers(securityProperties.getPermitAllUrls().toArray(new String[0])).permitAll()
|
||||||
// 设置 App API 无需认证
|
// 设置 App API 无需认证
|
||||||
.antMatchers(buildAppApi("/**")).permitAll()
|
.antMatchers(buildAppApi("/**")).permitAll()
|
||||||
// ②:每个项目的自定义规则
|
// ②:每个项目的自定义规则
|
||||||
|
@ -118,9 +140,46 @@ public class YudaoWebSecurityConfigurerAdapter extends WebSecurityConfigurerAdap
|
||||||
// 添加 JWT Filter
|
// 添加 JWT Filter
|
||||||
httpSecurity.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
|
httpSecurity.addFilterBefore(authenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
|
||||||
}
|
}
|
||||||
|
|
||||||
private String buildAppApi(String url) {
|
private String buildAppApi(String url) {
|
||||||
return webProperties.getAppApi().getPrefix() + url;
|
return webProperties.getAppApi().getPrefix() + url;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
private Multimap<HttpMethod, String> getPermitAllUrlsFromAnnotations() {
|
||||||
|
Multimap<HttpMethod, String> result = HashMultimap.create();
|
||||||
|
// 获得接口对应的 HandlerMethod 集合
|
||||||
|
RequestMappingHandlerMapping requestMappingHandlerMapping = (RequestMappingHandlerMapping)
|
||||||
|
applicationContext.getBean("requestMappingHandlerMapping");
|
||||||
|
Map<RequestMappingInfo, HandlerMethod> handlerMethodMap = requestMappingHandlerMapping.getHandlerMethods();
|
||||||
|
// 获得有 @PermitAll 注解的接口
|
||||||
|
for (Map.Entry<RequestMappingInfo, HandlerMethod> entry : handlerMethodMap.entrySet()) {
|
||||||
|
HandlerMethod handlerMethod = entry.getValue();
|
||||||
|
if (!handlerMethod.hasMethodAnnotation(PermitAll.class)) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
if (entry.getKey().getPatternsCondition() == null) {
|
||||||
|
continue;
|
||||||
|
}
|
||||||
|
Set<String> urls = entry.getKey().getPatternsCondition().getPatterns();
|
||||||
|
// 根据请求方法,添加到 result 结果
|
||||||
|
entry.getKey().getMethodsCondition().getMethods().forEach(requestMethod -> {
|
||||||
|
switch (requestMethod) {
|
||||||
|
case GET:
|
||||||
|
result.putAll(HttpMethod.GET, urls);
|
||||||
|
break;
|
||||||
|
case POST:
|
||||||
|
result.putAll(HttpMethod.POST, urls);
|
||||||
|
break;
|
||||||
|
case PUT:
|
||||||
|
result.putAll(HttpMethod.PUT, urls);
|
||||||
|
break;
|
||||||
|
case DELETE:
|
||||||
|
result.putAll(HttpMethod.DELETE, urls);
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
});
|
||||||
|
}
|
||||||
|
return result;
|
||||||
|
}
|
||||||
|
|
||||||
}
|
}
|
||||||
|
|
|
@ -22,6 +22,7 @@ import org.springframework.web.bind.annotation.*;
|
||||||
import org.springframework.web.multipart.MultipartFile;
|
import org.springframework.web.multipart.MultipartFile;
|
||||||
|
|
||||||
import javax.annotation.Resource;
|
import javax.annotation.Resource;
|
||||||
|
import javax.annotation.security.PermitAll;
|
||||||
import javax.servlet.http.HttpServletResponse;
|
import javax.servlet.http.HttpServletResponse;
|
||||||
import javax.validation.Valid;
|
import javax.validation.Valid;
|
||||||
|
|
||||||
|
@ -59,6 +60,7 @@ public class FileController {
|
||||||
}
|
}
|
||||||
|
|
||||||
@GetMapping("/{configId}/get/{path}")
|
@GetMapping("/{configId}/get/{path}")
|
||||||
|
@PermitAll
|
||||||
@ApiOperation("下载文件")
|
@ApiOperation("下载文件")
|
||||||
@ApiImplicitParams({
|
@ApiImplicitParams({
|
||||||
@ApiImplicitParam(name = "configId", value = "配置编号", required = true, dataTypeClass = Long.class),
|
@ApiImplicitParam(name = "configId", value = "配置编号", required = true, dataTypeClass = Long.class),
|
||||||
|
|
|
@ -35,8 +35,6 @@ public class SecurityConfiguration {
|
||||||
// Spring Boot Admin Server 的安全配置
|
// Spring Boot Admin Server 的安全配置
|
||||||
registry.antMatchers(adminSeverContextPath).anonymous()
|
registry.antMatchers(adminSeverContextPath).anonymous()
|
||||||
.antMatchers(adminSeverContextPath + "/**").anonymous();
|
.antMatchers(adminSeverContextPath + "/**").anonymous();
|
||||||
// 文件的获取接口,可匿名访问
|
|
||||||
registry.antMatchers(buildAdminApi("/infra/file/*/get/**"), buildAppApi("/infra/file/get/**")).permitAll();
|
|
||||||
}
|
}
|
||||||
|
|
||||||
};
|
};
|
||||||
|
|
|
@ -17,6 +17,7 @@ import org.springframework.validation.annotation.Validated;
|
||||||
import org.springframework.web.bind.annotation.*;
|
import org.springframework.web.bind.annotation.*;
|
||||||
|
|
||||||
import javax.annotation.Resource;
|
import javax.annotation.Resource;
|
||||||
|
import javax.annotation.security.PermitAll;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import javax.validation.Valid;
|
import javax.validation.Valid;
|
||||||
|
|
||||||
|
@ -43,6 +44,7 @@ public class AppAuthController {
|
||||||
}
|
}
|
||||||
|
|
||||||
@PostMapping("/logout")
|
@PostMapping("/logout")
|
||||||
|
@PermitAll
|
||||||
@ApiOperation("登出系统")
|
@ApiOperation("登出系统")
|
||||||
public CommonResult<Boolean> logout(HttpServletRequest request) {
|
public CommonResult<Boolean> logout(HttpServletRequest request) {
|
||||||
String token = SecurityFrameworkUtils.obtainAuthorization(request, securityProperties.getTokenHeader());
|
String token = SecurityFrameworkUtils.obtainAuthorization(request, securityProperties.getTokenHeader());
|
||||||
|
|
|
@ -1,5 +1,5 @@
|
||||||
/**
|
/**
|
||||||
* 属于 system 模块的 framework 封装
|
* 属于 member 模块的 framework 封装
|
||||||
*
|
*
|
||||||
* @author 芋道源码
|
* @author 芋道源码
|
||||||
*/
|
*/
|
||||||
|
|
|
@ -1,28 +0,0 @@
|
||||||
package cn.iocoder.yudao.module.member.framework.security.config;
|
|
||||||
|
|
||||||
import cn.iocoder.yudao.framework.security.config.AuthorizeRequestsCustomizer;
|
|
||||||
import org.springframework.context.annotation.Bean;
|
|
||||||
import org.springframework.context.annotation.Configuration;
|
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|
||||||
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* Member 模块的 Security 配置
|
|
||||||
*/
|
|
||||||
@Configuration("memberSecurityConfiguration")
|
|
||||||
public class SecurityConfiguration {
|
|
||||||
|
|
||||||
@Bean("memberAuthorizeRequestsCustomizer")
|
|
||||||
public AuthorizeRequestsCustomizer authorizeRequestsCustomizer() {
|
|
||||||
return new AuthorizeRequestsCustomizer() {
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void customize(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry) {
|
|
||||||
// 登录的接口
|
|
||||||
registry.antMatchers(buildAdminApi("/member/auth/logout")).permitAll();
|
|
||||||
}
|
|
||||||
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,4 +0,0 @@
|
||||||
/**
|
|
||||||
* 占位
|
|
||||||
*/
|
|
||||||
package cn.iocoder.yudao.module.member.framework.security.core;
|
|
|
@ -27,6 +27,7 @@ import org.springframework.validation.annotation.Validated;
|
||||||
import org.springframework.web.bind.annotation.*;
|
import org.springframework.web.bind.annotation.*;
|
||||||
|
|
||||||
import javax.annotation.Resource;
|
import javax.annotation.Resource;
|
||||||
|
import javax.annotation.security.PermitAll;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import javax.validation.Valid;
|
import javax.validation.Valid;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
@ -59,6 +60,7 @@ public class AuthController {
|
||||||
private SecurityProperties securityProperties;
|
private SecurityProperties securityProperties;
|
||||||
|
|
||||||
@PostMapping("/login")
|
@PostMapping("/login")
|
||||||
|
@PermitAll
|
||||||
@ApiOperation("使用账号密码登录")
|
@ApiOperation("使用账号密码登录")
|
||||||
@OperateLog(enable = false) // 避免 Post 请求被记录操作日志
|
@OperateLog(enable = false) // 避免 Post 请求被记录操作日志
|
||||||
public CommonResult<AuthLoginRespVO> login(@RequestBody @Valid AuthLoginReqVO reqVO) {
|
public CommonResult<AuthLoginRespVO> login(@RequestBody @Valid AuthLoginReqVO reqVO) {
|
||||||
|
@ -66,6 +68,7 @@ public class AuthController {
|
||||||
}
|
}
|
||||||
|
|
||||||
@PostMapping("/logout")
|
@PostMapping("/logout")
|
||||||
|
@PermitAll
|
||||||
@ApiOperation("登出系统")
|
@ApiOperation("登出系统")
|
||||||
@OperateLog(enable = false) // 避免 Post 请求被记录操作日志
|
@OperateLog(enable = false) // 避免 Post 请求被记录操作日志
|
||||||
public CommonResult<Boolean> logout(HttpServletRequest request) {
|
public CommonResult<Boolean> logout(HttpServletRequest request) {
|
||||||
|
@ -77,6 +80,7 @@ public class AuthController {
|
||||||
}
|
}
|
||||||
|
|
||||||
@PostMapping("/refresh-token")
|
@PostMapping("/refresh-token")
|
||||||
|
@PermitAll
|
||||||
@ApiOperation("刷新令牌")
|
@ApiOperation("刷新令牌")
|
||||||
@ApiImplicitParam(name = "refreshToken", value = "刷新令牌", required = true, dataTypeClass = String.class)
|
@ApiImplicitParam(name = "refreshToken", value = "刷新令牌", required = true, dataTypeClass = String.class)
|
||||||
@OperateLog(enable = false) // 避免 Post 请求被记录操作日志
|
@OperateLog(enable = false) // 避免 Post 请求被记录操作日志
|
||||||
|
@ -119,6 +123,7 @@ public class AuthController {
|
||||||
// ========== 短信登录相关 ==========
|
// ========== 短信登录相关 ==========
|
||||||
|
|
||||||
@PostMapping("/sms-login")
|
@PostMapping("/sms-login")
|
||||||
|
@PermitAll
|
||||||
@ApiOperation("使用短信验证码登录")
|
@ApiOperation("使用短信验证码登录")
|
||||||
@OperateLog(enable = false) // 避免 Post 请求被记录操作日志
|
@OperateLog(enable = false) // 避免 Post 请求被记录操作日志
|
||||||
public CommonResult<AuthLoginRespVO> smsLogin(@RequestBody @Valid AuthSmsLoginReqVO reqVO) {
|
public CommonResult<AuthLoginRespVO> smsLogin(@RequestBody @Valid AuthSmsLoginReqVO reqVO) {
|
||||||
|
@ -126,6 +131,7 @@ public class AuthController {
|
||||||
}
|
}
|
||||||
|
|
||||||
@PostMapping("/send-sms-code")
|
@PostMapping("/send-sms-code")
|
||||||
|
@PermitAll
|
||||||
@ApiOperation(value = "发送手机验证码")
|
@ApiOperation(value = "发送手机验证码")
|
||||||
@OperateLog(enable = false) // 避免 Post 请求被记录操作日志
|
@OperateLog(enable = false) // 避免 Post 请求被记录操作日志
|
||||||
public CommonResult<Boolean> sendLoginSmsCode(@RequestBody @Valid AuthSmsSendReqVO reqVO) {
|
public CommonResult<Boolean> sendLoginSmsCode(@RequestBody @Valid AuthSmsSendReqVO reqVO) {
|
||||||
|
@ -136,6 +142,7 @@ public class AuthController {
|
||||||
// ========== 社交登录相关 ==========
|
// ========== 社交登录相关 ==========
|
||||||
|
|
||||||
@GetMapping("/social-auth-redirect")
|
@GetMapping("/social-auth-redirect")
|
||||||
|
@PermitAll
|
||||||
@ApiOperation("社交授权的跳转")
|
@ApiOperation("社交授权的跳转")
|
||||||
@ApiImplicitParams({
|
@ApiImplicitParams({
|
||||||
@ApiImplicitParam(name = "type", value = "社交类型", required = true, dataTypeClass = Integer.class),
|
@ApiImplicitParam(name = "type", value = "社交类型", required = true, dataTypeClass = Integer.class),
|
||||||
|
@ -147,6 +154,7 @@ public class AuthController {
|
||||||
}
|
}
|
||||||
|
|
||||||
@PostMapping("/social-login")
|
@PostMapping("/social-login")
|
||||||
|
@PermitAll
|
||||||
@ApiOperation(value = "社交快捷登录,使用 code 授权码", notes = "适合未登录的用户,但是社交账号已绑定用户")
|
@ApiOperation(value = "社交快捷登录,使用 code 授权码", notes = "适合未登录的用户,但是社交账号已绑定用户")
|
||||||
@OperateLog(enable = false) // 避免 Post 请求被记录操作日志
|
@OperateLog(enable = false) // 避免 Post 请求被记录操作日志
|
||||||
public CommonResult<AuthLoginRespVO> socialQuickLogin(@RequestBody @Valid AuthSocialLoginReqVO reqVO) {
|
public CommonResult<AuthLoginRespVO> socialQuickLogin(@RequestBody @Valid AuthSocialLoginReqVO reqVO) {
|
||||||
|
|
|
@ -10,6 +10,7 @@ import org.springframework.web.bind.annotation.RequestMapping;
|
||||||
import org.springframework.web.bind.annotation.RestController;
|
import org.springframework.web.bind.annotation.RestController;
|
||||||
|
|
||||||
import javax.annotation.Resource;
|
import javax.annotation.Resource;
|
||||||
|
import javax.annotation.security.PermitAll;
|
||||||
|
|
||||||
import static cn.iocoder.yudao.framework.common.pojo.CommonResult.success;
|
import static cn.iocoder.yudao.framework.common.pojo.CommonResult.success;
|
||||||
|
|
||||||
|
@ -22,6 +23,7 @@ public class CaptchaController {
|
||||||
private CaptchaService captchaService;
|
private CaptchaService captchaService;
|
||||||
|
|
||||||
@GetMapping("/get-image")
|
@GetMapping("/get-image")
|
||||||
|
@PermitAll
|
||||||
@ApiOperation("生成图片验证码")
|
@ApiOperation("生成图片验证码")
|
||||||
public CommonResult<CaptchaImageRespVO> getCaptchaImage() {
|
public CommonResult<CaptchaImageRespVO> getCaptchaImage() {
|
||||||
return success(captchaService.getCaptchaImage());
|
return success(captchaService.getCaptchaImage());
|
||||||
|
|
|
@ -31,6 +31,7 @@ import org.springframework.validation.annotation.Validated;
|
||||||
import org.springframework.web.bind.annotation.*;
|
import org.springframework.web.bind.annotation.*;
|
||||||
|
|
||||||
import javax.annotation.Resource;
|
import javax.annotation.Resource;
|
||||||
|
import javax.annotation.security.PermitAll;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
import java.util.Collections;
|
import java.util.Collections;
|
||||||
import java.util.List;
|
import java.util.List;
|
||||||
|
@ -82,6 +83,7 @@ public class OAuth2OpenController {
|
||||||
* 注意,默认需要传递 client_id + client_secret 参数
|
* 注意,默认需要传递 client_id + client_secret 参数
|
||||||
*/
|
*/
|
||||||
@PostMapping("/token")
|
@PostMapping("/token")
|
||||||
|
@PermitAll
|
||||||
@ApiOperation(value = "获得访问令牌", notes = "适合 code 授权码模式,或者 implicit 简化模式;在 sso.vue 单点登录界面被【获取】调用")
|
@ApiOperation(value = "获得访问令牌", notes = "适合 code 授权码模式,或者 implicit 简化模式;在 sso.vue 单点登录界面被【获取】调用")
|
||||||
@ApiImplicitParams({
|
@ApiImplicitParams({
|
||||||
@ApiImplicitParam(name = "grant_type", required = true, value = "授权类型", example = "code", dataTypeClass = String.class),
|
@ApiImplicitParam(name = "grant_type", required = true, value = "授权类型", example = "code", dataTypeClass = String.class),
|
||||||
|
@ -141,6 +143,7 @@ public class OAuth2OpenController {
|
||||||
}
|
}
|
||||||
|
|
||||||
@DeleteMapping("/token")
|
@DeleteMapping("/token")
|
||||||
|
@PermitAll
|
||||||
@ApiOperation(value = "删除访问令牌")
|
@ApiOperation(value = "删除访问令牌")
|
||||||
@ApiImplicitParam(name = "token", required = true, value = "访问令牌", example = "biu", dataTypeClass = String.class)
|
@ApiImplicitParam(name = "token", required = true, value = "访问令牌", example = "biu", dataTypeClass = String.class)
|
||||||
@OperateLog(enable = false) // 避免 Post 请求被记录操作日志
|
@OperateLog(enable = false) // 避免 Post 请求被记录操作日志
|
||||||
|
@ -159,6 +162,7 @@ public class OAuth2OpenController {
|
||||||
* 对应 Spring Security OAuth 的 CheckTokenEndpoint 类的 checkToken 方法
|
* 对应 Spring Security OAuth 的 CheckTokenEndpoint 类的 checkToken 方法
|
||||||
*/
|
*/
|
||||||
@PostMapping("/check-token")
|
@PostMapping("/check-token")
|
||||||
|
@PermitAll
|
||||||
@ApiOperation(value = "校验访问令牌")
|
@ApiOperation(value = "校验访问令牌")
|
||||||
@ApiImplicitParam(name = "token", required = true, value = "访问令牌", example = "biu", dataTypeClass = String.class)
|
@ApiImplicitParam(name = "token", required = true, value = "访问令牌", example = "biu", dataTypeClass = String.class)
|
||||||
@OperateLog(enable = false) // 避免 Post 请求被记录操作日志
|
@OperateLog(enable = false) // 避免 Post 请求被记录操作日志
|
||||||
|
|
|
@ -15,6 +15,7 @@ import org.springframework.web.bind.annotation.RequestParam;
|
||||||
import org.springframework.web.bind.annotation.RestController;
|
import org.springframework.web.bind.annotation.RestController;
|
||||||
|
|
||||||
import javax.annotation.Resource;
|
import javax.annotation.Resource;
|
||||||
|
import javax.annotation.security.PermitAll;
|
||||||
import javax.servlet.http.HttpServletRequest;
|
import javax.servlet.http.HttpServletRequest;
|
||||||
|
|
||||||
import static cn.iocoder.yudao.framework.common.pojo.CommonResult.success;
|
import static cn.iocoder.yudao.framework.common.pojo.CommonResult.success;
|
||||||
|
@ -28,6 +29,7 @@ public class SmsCallbackController {
|
||||||
private SmsSendService smsSendService;
|
private SmsSendService smsSendService;
|
||||||
|
|
||||||
@PostMapping("/yunpian")
|
@PostMapping("/yunpian")
|
||||||
|
@PermitAll
|
||||||
@ApiOperation(value = "云片短信的回调", notes = "参见 https://www.yunpian.com/official/document/sms/zh_cn/domestic_push_report 文档")
|
@ApiOperation(value = "云片短信的回调", notes = "参见 https://www.yunpian.com/official/document/sms/zh_cn/domestic_push_report 文档")
|
||||||
@ApiImplicitParam(name = "sms_status", value = "发送状态", required = true, example = "[{具体内容}]", dataTypeClass = String.class)
|
@ApiImplicitParam(name = "sms_status", value = "发送状态", required = true, example = "[{具体内容}]", dataTypeClass = String.class)
|
||||||
@OperateLog(enable = false)
|
@OperateLog(enable = false)
|
||||||
|
@ -38,6 +40,7 @@ public class SmsCallbackController {
|
||||||
}
|
}
|
||||||
|
|
||||||
@PostMapping("/aliyun")
|
@PostMapping("/aliyun")
|
||||||
|
@PermitAll
|
||||||
@ApiOperation(value = "阿里云短信的回调", notes = "参见 https://help.aliyun.com/document_detail/120998.html 文档")
|
@ApiOperation(value = "阿里云短信的回调", notes = "参见 https://help.aliyun.com/document_detail/120998.html 文档")
|
||||||
@OperateLog(enable = false)
|
@OperateLog(enable = false)
|
||||||
public CommonResult<Boolean> receiveAliyunSmsStatus(HttpServletRequest request) throws Throwable {
|
public CommonResult<Boolean> receiveAliyunSmsStatus(HttpServletRequest request) throws Throwable {
|
||||||
|
@ -47,6 +50,7 @@ public class SmsCallbackController {
|
||||||
}
|
}
|
||||||
|
|
||||||
@PostMapping("/tencent")
|
@PostMapping("/tencent")
|
||||||
|
@PermitAll
|
||||||
@ApiOperation(value = "腾讯云短信的回调", notes = "参见 https://cloud.tencent.com/document/product/382/52077 文档")
|
@ApiOperation(value = "腾讯云短信的回调", notes = "参见 https://cloud.tencent.com/document/product/382/52077 文档")
|
||||||
@OperateLog(enable = false)
|
@OperateLog(enable = false)
|
||||||
public CommonResult<Boolean> receiveTencentSmsStatus(HttpServletRequest request) throws Throwable {
|
public CommonResult<Boolean> receiveTencentSmsStatus(HttpServletRequest request) throws Throwable {
|
||||||
|
|
|
@ -15,6 +15,7 @@ import org.springframework.security.access.prepost.PreAuthorize;
|
||||||
import org.springframework.web.bind.annotation.*;
|
import org.springframework.web.bind.annotation.*;
|
||||||
|
|
||||||
import javax.annotation.Resource;
|
import javax.annotation.Resource;
|
||||||
|
import javax.annotation.security.PermitAll;
|
||||||
import javax.servlet.http.HttpServletResponse;
|
import javax.servlet.http.HttpServletResponse;
|
||||||
import javax.validation.Valid;
|
import javax.validation.Valid;
|
||||||
import java.io.IOException;
|
import java.io.IOException;
|
||||||
|
@ -32,6 +33,7 @@ public class TenantController {
|
||||||
private TenantService tenantService;
|
private TenantService tenantService;
|
||||||
|
|
||||||
@GetMapping("/get-id-by-name")
|
@GetMapping("/get-id-by-name")
|
||||||
|
@PermitAll
|
||||||
@ApiOperation(value = "使用租户名,获得租户编号", notes = "登录界面,根据用户的租户名,获得租户编号")
|
@ApiOperation(value = "使用租户名,获得租户编号", notes = "登录界面,根据用户的租户名,获得租户编号")
|
||||||
@ApiImplicitParam(name = "name", value = "租户名", required = true, example = "1024", dataTypeClass = Long.class)
|
@ApiImplicitParam(name = "name", value = "租户名", required = true, example = "1024", dataTypeClass = Long.class)
|
||||||
public CommonResult<Long> getTenantIdByName(@RequestParam("name") String name) {
|
public CommonResult<Long> getTenantIdByName(@RequestParam("name") String name) {
|
||||||
|
|
|
@ -1,45 +0,0 @@
|
||||||
package cn.iocoder.yudao.module.system.framework.security.config;
|
|
||||||
|
|
||||||
import cn.iocoder.yudao.framework.security.config.AuthorizeRequestsCustomizer;
|
|
||||||
import org.springframework.context.annotation.Bean;
|
|
||||||
import org.springframework.context.annotation.Configuration;
|
|
||||||
import org.springframework.security.config.annotation.web.builders.HttpSecurity;
|
|
||||||
import org.springframework.security.config.annotation.web.configurers.ExpressionUrlAuthorizationConfigurer;
|
|
||||||
|
|
||||||
/**
|
|
||||||
* System 模块的 Security 配置
|
|
||||||
*/
|
|
||||||
@Configuration("systemSecurityConfiguration")
|
|
||||||
public class SecurityConfiguration {
|
|
||||||
|
|
||||||
@Bean("systemAuthorizeRequestsCustomizer")
|
|
||||||
public AuthorizeRequestsCustomizer authorizeRequestsCustomizer() {
|
|
||||||
return new AuthorizeRequestsCustomizer() {
|
|
||||||
|
|
||||||
@Override
|
|
||||||
public void customize(ExpressionUrlAuthorizationConfigurer<HttpSecurity>.ExpressionInterceptUrlRegistry registry) {
|
|
||||||
// 登录的接口
|
|
||||||
registry.antMatchers(buildAdminApi("/system/auth/login")).permitAll();
|
|
||||||
registry.antMatchers(buildAdminApi("/system/auth/logout")).permitAll();
|
|
||||||
registry.antMatchers(buildAdminApi("/system/auth/refresh-token")).permitAll();
|
|
||||||
// 社交登陆的接口
|
|
||||||
registry.antMatchers(buildAdminApi("/system/auth/social-auth-redirect")).permitAll();
|
|
||||||
registry.antMatchers(buildAdminApi("/system/auth/social-login")).permitAll();
|
|
||||||
// 登录登录的接口
|
|
||||||
registry.antMatchers(buildAdminApi("/system/auth/sms-login")).permitAll();
|
|
||||||
registry.antMatchers(buildAdminApi("/system/auth/send-sms-code")).permitAll();
|
|
||||||
// 验证码的接口
|
|
||||||
registry.antMatchers(buildAdminApi("/system/captcha/**")).permitAll();
|
|
||||||
// 获得租户编号的接口
|
|
||||||
registry.antMatchers(buildAdminApi("/system/tenant/get-id-by-name")).permitAll();
|
|
||||||
// 短信回调 API
|
|
||||||
registry.antMatchers(buildAdminApi("/system/sms/callback/**")).permitAll();
|
|
||||||
// OAuth2 API
|
|
||||||
registry.antMatchers(buildAdminApi("/system/oauth2/token")).permitAll();
|
|
||||||
registry.antMatchers(buildAdminApi("/system/oauth2/check-token")).permitAll();
|
|
||||||
}
|
|
||||||
|
|
||||||
};
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
|
@ -1,4 +0,0 @@
|
||||||
/**
|
|
||||||
* 占位
|
|
||||||
*/
|
|
||||||
package cn.iocoder.yudao.module.system.framework.security.core;
|
|
|
@ -77,6 +77,9 @@ yudao:
|
||||||
web:
|
web:
|
||||||
admin-ui:
|
admin-ui:
|
||||||
url: http://dashboard.yudao.iocoder.cn # Admin 管理后台 UI 的地址
|
url: http://dashboard.yudao.iocoder.cn # Admin 管理后台 UI 的地址
|
||||||
|
security:
|
||||||
|
permit-all_urls:
|
||||||
|
- /admin-ui/** # /resources/admin-ui 目录下的静态资源
|
||||||
swagger:
|
swagger:
|
||||||
title: 管理后台
|
title: 管理后台
|
||||||
description: 提供管理员管理的所有功能
|
description: 提供管理员管理的所有功能
|
||||||
|
|
|
@ -4,7 +4,7 @@
|
||||||
<!-- 变量 yudao.info.base-package,基础业务包 -->
|
<!-- 变量 yudao.info.base-package,基础业务包 -->
|
||||||
<springProperty scope="context" name="yudao.info.base-package" source="yudao.info.base-package"/>
|
<springProperty scope="context" name="yudao.info.base-package" source="yudao.info.base-package"/>
|
||||||
<!-- 格式化输出:%d 表示日期,%X{tid} SkWalking 链路追踪编号,%thread 表示线程名,%-5level:级别从左显示 5 个字符宽度,%msg:日志消息,%n是换行符 -->
|
<!-- 格式化输出:%d 表示日期,%X{tid} SkWalking 链路追踪编号,%thread 表示线程名,%-5level:级别从左显示 5 个字符宽度,%msg:日志消息,%n是换行符 -->
|
||||||
<property name="PATTERN_DEFAULT" value="%d{${LOG_DATEFORMAT_PATTERN:-yyyy-MM-dd HH:mm:ss.SSS}} ${LOG_LEVEL_PATTERN:-%5p} ${PID:- } --- [%thread] [%tid] %-40.40logger{39} : %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx}"/>
|
<property name="PATTERN_DEFAULT" value="%d{${LOG_DATEFORMAT_PATTERN:-yyyy-MM-dd HH:mm:ss.SSS}} | %highlight(${LOG_LEVEL_PATTERN:-%5p} ${PID:- }) | %boldYellow(%thread [%tid]) %boldGreen(%-40.40logger{39}) | %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx}"/>
|
||||||
|
|
||||||
<!-- 控制台 Appender -->
|
<!-- 控制台 Appender -->
|
||||||
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
|
<appender name="STDOUT" class="ch.qos.logback.core.ConsoleAppender">
|
||||||
|
|
Loading…
Reference in New Issue