签权服务用户资源数据通过远程调用从sysadmin服务中获取

Author: zhoutaoo

src/main/java/com/springboot/auth/authentication/dao/ResourceMapper.java

@@ -14,6 +14,6 @@ public interface ResourceProvider {
     @GetMapping(value = "/resource/all")
     Result<Set<Resource>> resources();
 
-    @GetMapping(value = "/resource/{userId}")
-    Result<Set<Resource>> resources(@PathVariable("userId") long userId);
+    @GetMapping(value = "/resource/user/{username}")
+    Result<Set<Resource>> resources(@PathVariable("username") String username);
 }

src/main/java/com/springboot/auth/authentication/provider/ResourceProvider.java

@@ -1,16 +1,19 @@
 package com.springboot.auth.authentication.provider;
 
+import com.springboot.auth.authentication.entity.Resource;
 import com.springboot.cloud.common.core.entity.vo.Result;
-import com.springboot.cloud.common.core.exception.SystemErrorType;
+
+import java.util.HashSet;
+import java.util.Set;
 
 public class ResourceProviderFallback implements ResourceProvider {
     @Override
-    public Result resources() {
-        return Result.fail(SystemErrorType.SYSTEM_BUSY);
+    public Result<Set<Resource>> resources() {
+        return Result.success(new HashSet<Resource>());
     }
 
     @Override
-    public Result resources(long userId) {
-        return Result.fail(SystemErrorType.SYSTEM_BUSY);
+    public Result<Set<Resource>> resources(String username) {
+        return Result.success(new HashSet<Resource>());
     }
 }

src/main/java/com/springboot/auth/authentication/provider/ResourceProviderFallback.java

@@ -12,14 +12,6 @@
 @Service
 public interface IResourceService {
 
-    /**
-     * 根据角色code查询到角色把对应的资源定义
-     *
-     * @param roleCodes
-     * @return
-     */
-    Set<Resource> queryByRoleCodes(String[] roleCodes);
-
     /**
      * 动态新增权限
      *
@@ -39,4 +31,12 @@ public interface IResourceService {
      * @return
      */
     ConfigAttribute findConfigAttributesByUrl(HttpServletRequest authRequest);
+
+    /**
+     * 根据用户名查询 该用户所拥有的角色对应的资源信息
+     *
+     * @param username
+     * @return
+     */
+    Set<Resource> queryByUsername(String username);
 }

src/main/java/com/springboot/auth/authentication/service/IResourceService.java

@@ -6,14 +6,11 @@
 import org.springframework.beans.factory.annotation.Autowired;
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.security.core.Authentication;
-import org.springframework.security.core.GrantedAuthority;
 import org.springframework.security.core.context.SecurityContextHolder;
 import org.springframework.stereotype.Service;
 
 import javax.servlet.http.HttpServletRequest;
-import java.util.Collection;
 import java.util.Set;
-import java.util.stream.Collectors;
 
 @Service
 @Slf4j
@@ -41,7 +38,7 @@ public boolean decide(HttpServletRequest authRequest) {
         if (NONEXISTENT_URL.equals(urlConfigAttribute.getAttribute()))
             log.debug("url未在资源池中找到，拒绝访问");
         //获取此访问用户所有角色拥有的权限资源
-        Set<Resource> userResources = findResourcesByAuthorityRoles(authentication.getAuthorities());
+        Set<Resource> userResources = findResourcesByUsername(authentication.getName());
         //用户拥有权限资源 与 url要求的资源进行对比
         return isMatch(urlConfigAttribute, userResources);
     }
@@ -60,17 +57,12 @@ public boolean isMatch(ConfigAttribute urlConfigAttribute, Set<Resource> userRes
     /**
      * 根据用户所被授予的角色，查询到用户所拥有的资源
      *
-     * @param authorityRoles
+     * @param username
      * @return
      */
-    private Set<Resource> findResourcesByAuthorityRoles(Collection<? extends GrantedAuthority> authorityRoles) {
-        //用户被授予的角色
-        log.debug("用户的授权角色集合信息为:{}", authorityRoles);
-        String[] authorityRoleCodes = authorityRoles.stream()
-                .map(GrantedAuthority::getAuthority)
-                .collect(Collectors.toList())
-                .toArray(new String[authorityRoles.size()]);
-        Set<Resource> resources = resourceService.queryByRoleCodes(authorityRoleCodes);
+    private Set<Resource> findResourcesByUsername(String username) {
+        //用户被授予的角色资源
+        Set<Resource> resources = resourceService.queryByUsername(username);
         if (log.isDebugEnabled()) {
             log.debug("用户被授予角色的资源数量是:{}, 资源集合信息为:{}", resources.size(), resources);
         }

src/main/java/com/springboot/auth/authentication/service/impl/AuthenticationService.java

@@ -1,6 +1,5 @@
 package com.springboot.auth.authentication.service.impl;
 
-import com.springboot.auth.authentication.dao.ResourceMapper;
 import com.springboot.auth.authentication.entity.Resource;
 import com.springboot.auth.authentication.provider.ResourceProvider;
 import com.springboot.auth.authentication.service.IResourceService;
@@ -26,9 +25,6 @@ public class ResourceService implements IResourceService {
     @Autowired
     private HandlerMappingIntrospector mvcHandlerMappingIntrospector;
 
-    @Autowired
-    private ResourceMapper resourceMapper;
-
     @Autowired
     private ResourceProvider resourceProvider;
 
@@ -37,11 +33,6 @@ public class ResourceService implements IResourceService {
      */
     private Map<RequestMatcher, ConfigAttribute> resourceConfigAttributes;
 
-    @Override
-    public Set<Resource> queryByRoleCodes(String[] roleCodes) {
-        return resourceMapper.queryByRoleCodes(roleCodes);
-    }
-
     @Override
     public void addResource(Resource resource) {
         resourceConfigAttributes.put(
@@ -72,6 +63,11 @@ public ConfigAttribute findConfigAttributesByUrl(HttpServletRequest authRequest)
                 .orElse(new SecurityConfig("NONEXISTENT_URL"));
     }
 
+    @Override
+    public Set<Resource> queryByUsername(String username) {
+        return resourceProvider.resources(username).getData();
+    }
+
     /**
      * 创建RequestMatcher
      *

src/main/java/com/springboot/auth/authentication/service/impl/ResourceService.java

@@ -1,6 +1,5 @@
 package com.springboot.auth.authentication.service.impl;
 
-import com.springboot.auth.authentication.entity.Resource;
 import com.springboot.auth.authentication.rest.HttpServletRequestAuthWrapper;
 import org.junit.Assert;
 import org.junit.Test;
@@ -11,10 +10,6 @@
 import org.springframework.security.access.ConfigAttribute;
 import org.springframework.test.context.junit4.SpringRunner;
 
-import java.util.Set;
-
-import static org.hamcrest.Matchers.greaterThan;
-
 @RunWith(SpringRunner.class)
 @SpringBootTest
 public class ResourceServiceTest {
@@ -42,18 +37,6 @@ public class ResourceServiceTest {
     @Autowired
     private ResourceService resourceService;
 
-    @Test
-    public void testQueryByRoleCodes_假如存在角色ADMIN_当传入ADMIN时_那么可以获取到角色拥有的资源集合() {
-        Set<Resource> resources = resourceService.queryByRoleCodes(new String[]{"ADMIN"});
-        Assert.assertThat(resources.size(), greaterThan(2));
-    }
-
-    @Test
-    public void testQueryByRoleCodes_假如不存在角色NOTHING_当传入NOTHING时_那么获取不到资源信息() {
-        Set<Resource> resources = resourceService.queryByRoleCodes(new String[]{"NOTHING"});
-        Assert.assertEquals(0, resources.size());
-    }
-
     @Test
     public void testGetConfigAttributesByUrl_假如存在如上资源信息_当请求不存在method的资源时_那么返回NONEXISTENT_URL() {
         ConfigAttribute attributesByUrl = resourceService