package com.inspur.smsb.gateway.config; import cn.hutool.core.convert.Convert; import lombok.AllArgsConstructor; import lombok.extern.slf4j.Slf4j; import org.springframework.http.server.reactive.ServerHttpRequest; import org.springframework.security.authorization.AuthorizationDecision; import org.springframework.security.authorization.ReactiveAuthorizationManager; import org.springframework.security.core.Authentication; import org.springframework.security.core.GrantedAuthority; import org.springframework.security.web.server.authorization.AuthorizationContext; import org.springframework.stereotype.Component; import org.springframework.util.AntPathMatcher; import org.springframework.util.PathMatcher; import reactor.core.publisher.Mono; import java.util.*; /** * 鉴权管理器 */ @Component @AllArgsConstructor @Slf4j public class AuthorizationManager implements ReactiveAuthorizationManager { @Override public Mono check(Mono mono, AuthorizationContext authorizationContext) { ServerHttpRequest request = authorizationContext.getExchange().getRequest(); String path = request.getURI().getPath(); PathMatcher pathMatcher = new AntPathMatcher(); // todo 资源权限角色关系列表,需要初始化到容器中 Map resourceRolesMap = new HashMap<>(); resourceRolesMap.put("/token/**","force"); Iterator iterator = resourceRolesMap.keySet().iterator(); List authorities = new ArrayList<>(); while (iterator.hasNext()) { String pattern = (String) iterator.next(); if (pathMatcher.match(pattern, path)) { authorities.addAll(Convert.toList(String.class, resourceRolesMap.get(pattern))); } } Mono authorizationDecisionMono = mono .filter(Authentication::isAuthenticated) .flatMapIterable(Authentication::getAuthorities) .map(GrantedAuthority::getAuthority) .any(roleId -> { log.info("访问路径:{}", path); log.info("用户角色roleId:{}", roleId); log.info("资源需要权限authorities:{}", authorities); return authorities.contains(roleId); }) .map(AuthorizationDecision::new) .defaultIfEmpty(new AuthorizationDecision(false)); return authorizationDecisionMono; } }