diff --git a/ruoyi-common/muyu-common-security/src/main/java/com/ruoyi/common/security/annotation/InitAuth.java b/ruoyi-common/muyu-common-security/src/main/java/com/ruoyi/common/security/annotation/InitAuth.java new file mode 100644 index 0000000..26de2ae --- /dev/null +++ b/ruoyi-common/muyu-common-security/src/main/java/com/ruoyi/common/security/annotation/InitAuth.java @@ -0,0 +1,20 @@ +package com.ruoyi.common.security.annotation; + +import java.lang.annotation.ElementType; +import java.lang.annotation.Retention; +import java.lang.annotation.RetentionPolicy; +import java.lang.annotation.Target; + +/** + * 初始化认证:初始化项目时跳过权限认证 + * + * @Author GuanTieLin + */ +@Retention(RetentionPolicy.RUNTIME) +@Target({ElementType.METHOD, ElementType.TYPE}) +public @interface InitAuth { + /** + * 认证的url + */ + String value() default ""; +} diff --git a/ruoyi-common/muyu-common-security/src/main/java/com/ruoyi/common/security/aspect/PreAuthorizeAspect.java b/ruoyi-common/muyu-common-security/src/main/java/com/ruoyi/common/security/aspect/PreAuthorizeAspect.java index 51e6890..82ff20d 100644 --- a/ruoyi-common/muyu-common-security/src/main/java/com/ruoyi/common/security/aspect/PreAuthorizeAspect.java +++ b/ruoyi-common/muyu-common-security/src/main/java/com/ruoyi/common/security/aspect/PreAuthorizeAspect.java @@ -1,5 +1,8 @@ package com.ruoyi.common.security.aspect; +import com.ruoyi.common.security.service.InitAuthService; +import com.ruoyi.common.core.utils.ServletUtils; +import com.ruoyi.common.security.annotation.InitAuth; import com.ruoyi.common.security.annotation.RequiresLogin; import com.ruoyi.common.security.annotation.RequiresPermissions; import com.ruoyi.common.security.annotation.RequiresRoles; @@ -9,8 +12,11 @@ import org.aspectj.lang.annotation.Around; import org.aspectj.lang.annotation.Aspect; import org.aspectj.lang.annotation.Pointcut; import org.aspectj.lang.reflect.MethodSignature; +import org.springframework.beans.factory.annotation.Autowired; import org.springframework.stereotype.Component; +import javax.servlet.http.HttpServletRequest; import java.lang.reflect.Method; +import java.util.Objects; /** * 基于 Spring Aop 的注解鉴权 @@ -20,12 +26,17 @@ import java.lang.reflect.Method; @Aspect @Component public class PreAuthorizeAspect { + + @Autowired + private InitAuthService initAuthService; + /** * 定义AOP签名 (切入所有使用鉴权注解的方法) */ public static final String POINTCUT_SIGN = " @annotation(com.ruoyi.common.security.annotation.RequiresLogin) || " + "@annotation(com.ruoyi.common.security.annotation.RequiresPermissions) || " - + "@annotation(com.ruoyi.common.security.annotation.RequiresRoles)"; + + "@annotation(com.ruoyi.common.security.annotation.RequiresRoles) ||" + + "@annotation(com.ruoyi.common.security.annotation.InitAuth)"; /** * 构建 @@ -51,13 +62,18 @@ public class PreAuthorizeAspect { */ @Around("pointcut()") public Object around (ProceedingJoinPoint joinPoint) throws Throwable { + HttpServletRequest httpServletRequest = ServletUtils.getRequest(); + String url=null; + if(Objects.nonNull(httpServletRequest)){ + // 获取url + url = httpServletRequest.getHeader("Init-Auth-Url"); + } // 注解鉴权 MethodSignature signature = (MethodSignature) joinPoint.getSignature(); - checkMethodAnnotation(signature.getMethod()); + checkMethodAnnotation(signature.getMethod(),url); try { // 执行原有逻辑 - Object obj = joinPoint.proceed(); - return obj; + return joinPoint.proceed(); } catch (Throwable e) { throw e; } @@ -66,7 +82,22 @@ public class PreAuthorizeAspect { /** * 对一个Method对象进行注解检查 */ - public void checkMethodAnnotation (Method method) { + public void checkMethodAnnotation (Method method,String url) { + // 校验 @InitAuth 注解 + InitAuth initAuth = method.getAnnotation(InitAuth.class); + // 有注解放行 + if (initAuth != null) { + // 初始化访问权限 + initAuthService.init(initAuth.value()); + return; + } + // 有权限放行 + if(url!=null&& initAuthService.auth(url)){ + // 移除访问权限 + initAuthService.remove(url); + return; + } + // 校验 @RequiresLogin 注解 RequiresLogin requiresLogin = method.getAnnotation(RequiresLogin.class); if (requiresLogin != null) { diff --git a/ruoyi-common/muyu-common-security/src/main/java/com/ruoyi/common/security/feign/FeignRequestInterceptor.java b/ruoyi-common/muyu-common-security/src/main/java/com/ruoyi/common/security/feign/FeignRequestInterceptor.java index 2836a40..1e2c266 100644 --- a/ruoyi-common/muyu-common-security/src/main/java/com/ruoyi/common/security/feign/FeignRequestInterceptor.java +++ b/ruoyi-common/muyu-common-security/src/main/java/com/ruoyi/common/security/feign/FeignRequestInterceptor.java @@ -7,7 +7,6 @@ import com.ruoyi.common.core.utils.ip.IpUtils; import feign.RequestInterceptor; import feign.RequestTemplate; import org.springframework.stereotype.Component; - import javax.servlet.http.HttpServletRequest; import java.util.Map; @@ -40,9 +39,11 @@ public class FeignRequestInterceptor implements RequestInterceptor { if (StringUtils.isNotEmpty(authentication)) { requestTemplate.header(SecurityConstants.AUTHORIZATION_HEADER, authentication); } - // 配置客户端IP requestTemplate.header("X-Forwarded-For", IpUtils.getIpAddr()); } + // 配置请求路径 + String url = requestTemplate.feignTarget().url()+requestTemplate.url().split("\\?")[0]; + requestTemplate.header("Init-Auth-Url",url); } } diff --git a/ruoyi-common/muyu-common-security/src/main/java/com/ruoyi/common/security/service/InitAuthService.java b/ruoyi-common/muyu-common-security/src/main/java/com/ruoyi/common/security/service/InitAuthService.java new file mode 100644 index 0000000..5ae03db --- /dev/null +++ b/ruoyi-common/muyu-common-security/src/main/java/com/ruoyi/common/security/service/InitAuthService.java @@ -0,0 +1,44 @@ +package com.ruoyi.common.security.service; + +import com.ruoyi.common.redis.service.RedisService; +import org.springframework.beans.factory.annotation.Autowired; +import org.springframework.stereotype.Component; +import java.util.concurrent.TimeUnit; + +/** + * 初始化认证服务 + * @ClassName InitAuthService + * @Author GuanTieLin + * @Date 2024/5/15 12:44 + */ +@Component +public class InitAuthService { + + @Autowired + private RedisService redisService; + + private final String PREFIX="init-auth:"; + + /** + * 初始化权限3分钟 + */ + public void init(String url){ + redisService.setCacheObject(PREFIX+url,"",3L,TimeUnit.MINUTES); + } + + /** + * 验证权限 + */ + public boolean auth(String url){ + return redisService.hasKey(PREFIX + url); + } + + /** + * 移除权限 + */ + public void remove(String url){ + if(redisService.hasKey(PREFIX + url)){ + redisService.deleteObject(PREFIX + url); + } + } +} diff --git a/ruoyi-common/muyu-common-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports b/ruoyi-common/muyu-common-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports index 7418bbc..7918fba 100644 --- a/ruoyi-common/muyu-common-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports +++ b/ruoyi-common/muyu-common-security/src/main/resources/META-INF/spring/org.springframework.boot.autoconfigure.AutoConfiguration.imports @@ -1,5 +1,6 @@ com.ruoyi.common.security.config.WebMvcConfig com.ruoyi.common.security.service.TokenService +com.ruoyi.common.security.service.InitAuthService com.ruoyi.common.security.aspect.PreAuthorizeAspect com.ruoyi.common.security.aspect.InnerAuthAspect com.ruoyi.common.security.handler.GlobalExceptionHandler diff --git a/ruoyi-modules/ruoyi-data_asset/ruoyi-data_asset-remote/src/main/java/com/ruoyi/dataAsset/remote/RemoteDataAssetService.java b/ruoyi-modules/ruoyi-data_asset/ruoyi-data_asset-remote/src/main/java/com/ruoyi/dataAsset/remote/RemoteDataAssetService.java index 43b6a59..982a499 100644 --- a/ruoyi-modules/ruoyi-data_asset/ruoyi-data_asset-remote/src/main/java/com/ruoyi/dataAsset/remote/RemoteDataAssetService.java +++ b/ruoyi-modules/ruoyi-data_asset/ruoyi-data_asset-remote/src/main/java/com/ruoyi/dataAsset/remote/RemoteDataAssetService.java @@ -3,6 +3,7 @@ package com.ruoyi.dataAsset.remote; import com.ruoyi.common.core.constant.ServiceNameConstants; import com.ruoyi.common.core.domain.Result; import com.ruoyi.common.core.web.page.TableDataInfo; +import com.ruoyi.common.security.annotation.InitAuth; import com.ruoyi.dataAsset.domain.DataSource; import com.ruoyi.dataAsset.domain.req.DataSourceQueryReq; import com.ruoyi.dataAsset.remote.factory.RemoteDataAssetFactory; @@ -27,5 +28,6 @@ public interface RemoteDataAssetService { * 查询数据接入列表 */ @GetMapping("/list") + @InitAuth("http://ruoyi-data-asset/source/list") public Result> list(@RequestParam("dataSourceQueryReq") DataSourceQueryReq dataSourceQueryReq); } diff --git a/ruoyi-modules/ruoyi-data_asset/ruoyi-data_asset-server/src/main/java/com/ruoyi/dataAsset/controller/DataSourceController.java b/ruoyi-modules/ruoyi-data_asset/ruoyi-data_asset-server/src/main/java/com/ruoyi/dataAsset/controller/DataSourceController.java index e28006d..ab86dcb 100644 --- a/ruoyi-modules/ruoyi-data_asset/ruoyi-data_asset-server/src/main/java/com/ruoyi/dataAsset/controller/DataSourceController.java +++ b/ruoyi-modules/ruoyi-data_asset/ruoyi-data_asset-server/src/main/java/com/ruoyi/dataAsset/controller/DataSourceController.java @@ -4,9 +4,6 @@ import java.sql.SQLException; import java.util.List; import javax.servlet.http.HttpServletResponse; import com.ruoyi.common.security.utils.SecurityUtils; -import com.ruoyi.dataAsset.service.AssetModelDataService; -import com.ruoyi.dataAsset.service.ColumnInfoService; -import com.ruoyi.dataAsset.service.TableInfoService; import io.swagger.annotations.*; import org.springframework.beans.factory.annotation.Autowired; import org.springframework.web.bind.annotation.GetMapping; @@ -47,7 +44,7 @@ public class DataSourceController extends BaseController { * 查询数据接入列表 */ @ApiOperation("获取数据接入列表") - //@RequiresPermissions("dataAsset:source:list") + @RequiresPermissions("dataAsset:source:list") @GetMapping("/list") public Result> list(DataSourceQueryReq dataSourceQueryReq) { startPage(); diff --git a/ruoyi-modules/ruoyi-rule_engine/ruoyi-rule_engine-remote/src/main/java/com/ruoyi/ruleEngine/remote/RemoteRuleEngineService.java b/ruoyi-modules/ruoyi-rule_engine/ruoyi-rule_engine-remote/src/main/java/com/ruoyi/ruleEngine/remote/RemoteRuleEngineService.java index 040b16d..40cf3f9 100644 --- a/ruoyi-modules/ruoyi-rule_engine/ruoyi-rule_engine-remote/src/main/java/com/ruoyi/ruleEngine/remote/RemoteRuleEngineService.java +++ b/ruoyi-modules/ruoyi-rule_engine/ruoyi-rule_engine-remote/src/main/java/com/ruoyi/ruleEngine/remote/RemoteRuleEngineService.java @@ -2,6 +2,7 @@ package com.ruoyi.ruleEngine.remote; import com.ruoyi.common.core.constant.ServiceNameConstants; import com.ruoyi.common.core.domain.Result; +import com.ruoyi.common.security.annotation.InitAuth; import com.ruoyi.ruleEngine.domain.EngineVersion; import com.ruoyi.ruleEngine.domain.req.EngineVersionQueryReq; import com.ruoyi.ruleEngine.remote.factory.RemoteRuleEngineFactory; @@ -29,6 +30,7 @@ public interface RemoteRuleEngineService { * 查询引擎规则版本列表 */ @GetMapping("/list") + @InitAuth("http://ruoyi-rule-engine/version/list") public Result> list(@RequestParam("engineConfigQueryReq") EngineVersionQueryReq engineConfigQueryReq); /** diff --git a/ruoyi-modules/ruoyi-rule_engine/ruoyi-rule_engine-server/src/main/java/com/ruoyi/ruleEngine/controller/EngineVersionController.java b/ruoyi-modules/ruoyi-rule_engine/ruoyi-rule_engine-server/src/main/java/com/ruoyi/ruleEngine/controller/EngineVersionController.java index ff956a4..afd850d 100644 --- a/ruoyi-modules/ruoyi-rule_engine/ruoyi-rule_engine-server/src/main/java/com/ruoyi/ruleEngine/controller/EngineVersionController.java +++ b/ruoyi-modules/ruoyi-rule_engine/ruoyi-rule_engine-server/src/main/java/com/ruoyi/ruleEngine/controller/EngineVersionController.java @@ -38,7 +38,7 @@ public class EngineVersionController extends BaseController { * 查询引擎规则版本列表 */ @ApiOperation("查询引擎规则版本列表") - //@RequiresPermissions("ruleEngine:version:list") + @RequiresPermissions("ruleEngine:version:list") @GetMapping("/list") public Result> list(EngineVersionQueryReq engineConfigQueryReq) { return Result.success(engineVersionService.list(EngineVersion.queryBuild(engineConfigQueryReq)));