Merge branch '84-wb' into '84-integrate'

feat:组织与账号管理权限控制







See merge request !10

src/main/java/com/inspur/smsb/gateway/config/AuthorizationManager.java

@@ -1,7 +1,9 @@
 package com.inspur.smsb.gateway.config;
 
+import com.inspur.smsb.gateway.dto.PathRolesMap;
 import lombok.AllArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.http.server.reactive.ServerHttpRequest;
 import org.springframework.security.authorization.AuthorizationDecision;
 import org.springframework.security.authorization.ReactiveAuthorizationManager;
@@ -10,6 +12,7 @@ import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.web.server.authorization.AuthorizationContext;
 import org.springframework.stereotype.Component;
 import org.springframework.util.AntPathMatcher;
+import org.springframework.util.CollectionUtils;
 import org.springframework.util.PathMatcher;
 import reactor.core.publisher.Mono;
 
@@ -22,16 +25,17 @@ import java.util.*;
 @AllArgsConstructor
 @Slf4j
 public class AuthorizationManager implements ReactiveAuthorizationManager<AuthorizationContext> {
+
+    @Autowired
+    private PathRolesMap pathRolesMap;
+
     @Override
     public Mono<AuthorizationDecision> check(Mono<Authentication> mono, AuthorizationContext authorizationContext) {
         ServerHttpRequest request = authorizationContext.getExchange().getRequest();
         String path = request.getURI().getPath();
         PathMatcher pathMatcher = new AntPathMatcher();
-        // todo 资源权限角色关系列表,需要初始化到容器中
-        Map<String, List<String>> resourceRolesMap = new HashMap<>();
         List<String> authorities = new ArrayList<>();
-        resourceRolesMap.put("/token/**",Collections.singletonList("force"));
-        resourceRolesMap.forEach((resource, roles) -> {
+        pathRolesMap.getPathRoles().forEach((resource, roles) -> {
             if (pathMatcher.match(resource, path)) {
                 authorities.addAll(roles);
             }
@@ -41,10 +45,7 @@ public class AuthorizationManager implements ReactiveAuthorizationManager<Author
             .flatMapIterable(Authentication::getAuthorities)
             .map(GrantedAuthority::getAuthority)
             .any(roleId -> {
-                log.info("访问路径：{}", path);
-                log.info("用户角色roleId：{}", roleId);
-                log.info("资源需要权限authorities：{}", authorities);
-                return authorities.contains(roleId);
+                return CollectionUtils.isEmpty(authorities)?Boolean.TRUE:authorities.contains(roleId);
             })
             .map(AuthorizationDecision::new)
             .defaultIfEmpty(new AuthorizationDecision(false));

src/main/java/com/inspur/smsb/gateway/config/ResourceServerConfig.java

@@ -33,12 +33,9 @@ public class ResourceServerConfig {
         http.oauth2ResourceServer().jwt()
             .jwtAuthenticationConverter(jwtAuthenticationConverter());
         http.authorizeExchange()
-            // todo 增加白名单
-            .pathMatchers("/**").permitAll()
             .anyExchange().access(authorizationManager)
             .and()
             .exceptionHandling()
-            // 处理未授权
             .accessDeniedHandler(customServerAccessDeniedHandler)
             .and().csrf().disable();
 

src/main/java/com/inspur/smsb/gateway/dto/PathRolesMap.java

@@ -0,0 +1,20 @@
+package com.inspur.smsb.gateway.dto;
+import lombok.Data;
+import org.springframework.boot.context.properties.ConfigurationProperties;
+import org.springframework.context.annotation.Configuration;
+
+import java.util.List;
+import java.util.Map;
+
+/**
+ * @Author wangbo13
+ * @Date 2022/11/24 14:14
+ * @Version 1.0
+ */
+@Configuration
+@ConfigurationProperties(prefix = "mapping")
+@Data
+public class PathRolesMap {
+
+    private Map<String, List<String>> pathRoles;
+}