spring security 核心切面


import org.aopalliance.intercept.MethodInterceptor;
import org.apache.commons.collections.CollectionUtils;
import org.springframework.aop.support.StaticMethodMatcherPointcutAdvisor;

import java.lang.reflect.Method;
import java.util.HashSet;
import java.util.LinkedHashSet;
import java.util.Set;

/**
 * Authorize切点
 **/
public class AopAuthorizeAdvisor extends StaticMethodMatcherPointcutAdvisor {

    public static final String THREAD_LOCAL_AUTH_CONTEXT = "authContext";

    public AopAuthorizeAdvisor(AuthorizeService authorizeService) {
        super((MethodInterceptor) methodInvocation -> {
            MethodInterceptorHolder holder = MethodInterceptorHolder.create(methodInvocation);
            MethodInterceptorContext paramContext = holder.createParamContext();

            Authentication authentication = Authentication.current().orElseThrow(UnauthorizedException::new);

            AuthContext context = new AuthContext(authentication, paramContext);
            ThreadLocalUtil.put(THREAD_LOCAL_AUTH_CONTEXT, context);
            authorizeService.handle(context);

            Set<String> tempIncludes = new HashSet<>();
            Set<String> tempExcludes = new HashSet<>();

            paramContext.getParameter(Param.class).ifPresent(
                    param -> {
                        tempIncludes.addAll(param.getIncludes());
                        tempExcludes.addAll(param.getExcludes());
                    }
            );

            Object obj = methodInvocation.proceed();
            ThreadLocalUtil.remove(THREAD_LOCAL_AUTH_CONTEXT);
            if (obj != null && obj instanceof ResponseMessage) {
                ResponseMessage responseMessage = (ResponseMessage) obj;
                if (CollectionUtils.isNotEmpty(tempIncludes)) {
                    // 设置可以显示的字段
                    responseMessage.setFields(new LinkedHashSet<>(CollectionUtils.removeAll(tempIncludes, tempExcludes)));
                } else {
                    responseMessage.setFields(new LinkedHashSet<>());
                }
            }
            return obj;
        });
    }

    @Override
    public boolean matches(Method method, Class<?> aClass) {
        //对controller进行控制, 只判断类, 或者父类上是否有Authorize标签.
        return ClassUtil.getAnnotation(aClass, Authorize.class) != null;
    }
}

    @Bean
    public AuthenticationSupplier authenticationSupplier() {
        return () -> {
            if (SecurityContextHolder.getContext().getAuthentication() == null) {
                return null;
            } else {
                Object principal = SecurityContextHolder.getContext().getAuthentication().getPrincipal();
                if (principal == null) {
                    return null;
                } else {
                    return principal instanceof AuthUserDetails ? ((AuthUserDetails)principal).getAuthentication() : null;
                }
            }
        };
    }
posted @ 2020-11-20 09:27  朝明  阅读(139)  评论(0编辑  收藏  举报