Hzero @Permission注解解析
仲浩歌
//
// Source code recreated from a .class file by IntelliJ IDEA
// (powered by FernFlower decompiler)
//
package io.choerodon.swagger.annotation;
import io.choerodon.core.iam.ResourceLevel;
import java.lang.annotation.ElementType;
import java.lang.annotation.Retention;
import java.lang.annotation.RetentionPolicy;
import java.lang.annotation.Target;
import org.hzero.core.swagger.PermissionStatus;
import org.springframework.http.HttpMethod;
@Target({ElementType.METHOD})
@Retention(RetentionPolicy.RUNTIME)
public @interface Permission {
String code() default "";
String[] roles() default {};
ResourceLevel level() default ResourceLevel.PROJECT;
boolean permissionLogin() default false;
boolean permissionPublic() default false;
boolean permissionWithin() default false;
boolean permissionSign() default false;
String[] tags() default {};
PermissionStatus[] status() default {PermissionStatus.NONE};
String upgradeApiPath() default "";
HttpMethod upgradeApiMethod() default HttpMethod.GET;
}
这个注解与@EnableChoerodonResourceServer注解相结合,去除了security的基本认证,加入了一个JwtTokenFilter过滤器进行用户权限的拦截。并且这个过滤器与@Permission联系起来,通过获取注解的配置来判断是否需要拦截请求
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException {
HttpServletRequest httpRequest = (HttpServletRequest)request;
String[] var5 = this.skipPath;
int var6 = var5.length;
for(int var7 = 0; var7 < var6; ++var7) {
String path = var5[var7];
if (path.equals(httpRequest.getRequestURI())) {
chain.doFilter(request, response);
return;
}
}
Iterator var14 = this.publicPermissions.iterator();
while(var14.hasNext()) {
PublicPermission publicPermission = (PublicPermission)var14.next();
if (MATCHER.match(publicPermission.path, httpRequest.getRequestURI()) && publicPermission.method.matches(httpRequest.getMethod())) {
chain.doFilter(request, response);
return;
}
}
try {
Authentication authentication = this.tokenExtractor.extract(httpRequest);
if (authentication == null) {
if (this.isAuthenticated()) {
LOGGER.debug("Clearing security context.");
SecurityContextHolder.clearContext();
}
LOGGER.debug("No Jwt token in request, will continue chain.");
((HttpServletResponse)response).sendError(401, "No Jwt token in request.");
return;
}
request.setAttribute(OAuth2AuthenticationDetails.ACCESS_TOKEN_VALUE, authentication.getPrincipal());
if (authentication instanceof AbstractAuthenticationToken) {
AbstractAuthenticationToken needsDetails = (AbstractAuthenticationToken)authentication;
needsDetails.setDetails(new OAuth2AuthenticationDetails(httpRequest));
}
Authentication authResult = this.authenticate(authentication);
LOGGER.debug("Authentication success: {}", authResult);
SecurityContextHolder.getContext().setAuthentication(authResult);
chain.doFilter(request, response);
} catch (OAuth2Exception var12) {
LOGGER.debug("Authentication request failed: ", var12);
((HttpServletResponse)response).sendError(401, "Invalid JWT token.");
} finally {
SecurityContextHolder.clearContext();
}
}
@Permission注解的解析主要由ApplicationPermissionParserImpl这个类进行解析
private void findAndParseController() {
List<PermissionData> permissionDataList = new ArrayList();
String[] beanNames = this.applicationContext.getBeanNamesForType(Object.class);
if (ArrayUtils.isNotEmpty(beanNames)) {
Class<?> beanType = null;
String[] var4 = beanNames;
int var5 = beanNames.length;
for(int var6 = 0; var6 < var5; ++var6) {
String beanName = var4[var6];
if (!beanName.startsWith("scopedTarget.")) {
try {
beanType = this.applicationContext.getType(beanName);
if (ClassUtils.isCglibProxyClass(beanType)) {
beanType = beanType.getSuperclass();
}
} catch (Throwable var9) {
if (LOGGER.isDebugEnabled()) {
LOGGER.debug("Could not resolve target class for bean with name '" + beanName + "'", var9);
}
}
if (Objects.nonNull(beanType) && this.isHandler(beanType)) {
permissionDataList.addAll(this.parseController(this.getServiceName(beanType), beanName, beanType));//解析controller
}
}
}
this.applicationPermissionRepository.overwrite(permissionDataList);
this.applicationContext.publishEvent(new ApplicationPermissionParsedEvent(this));
}
}
private List<PermissionData> parseController(String serviceName, String controllerName, Class<?> clazz) {
LOGGER.debug("Start Parse Service [{}] : Controller [{}] Permission", serviceName, controllerName);
List<PermissionData> permissionDataList = new ArrayList();
Api controllerApi = (Api)AnnotatedElementUtils.findMergedAnnotation(clazz, Api.class);
String resourceCode = this.getResourceCode(controllerApi, clazz.getSimpleName());
if (StringUtils.isBlank(resourceCode)) {
LOGGER.warn("Controller's Resource Code Is Empty, Skip Parse Permission");
return Collections.emptyList();
} else {
RequestMapping controllerMapping = (RequestMapping)AnnotatedElementUtils.findMergedAnnotation(clazz, RequestMapping.class);
String[] controllerPaths = null;
if (Objects.nonNull(controllerMapping)) {
controllerPaths = controllerMapping.value();
}
if (ArrayUtils.isEmpty(controllerPaths)) {
controllerPaths = new String[]{""};
}
Method[] var9 = clazz.getMethods();
int var10 = var9.length;
for(int var11 = 0; var11 < var10; ++var11) {
Method method = var9[var11];
permissionDataList.addAll(this.parseMethod(serviceName, method, resourceCode, controllerPaths));//解析方法
}
LOGGER.debug("Finished Parse Service [{}] : Controller [{}] Permission", serviceName, controllerName);
return permissionDataList;
}
}
private List<PermissionData> parseMethod(String serviceName, Method method, String resourceCode, String[] controllerPaths) {
List<PermissionData> permissionDataList = new ArrayList();
RequestMapping methodMapping = (RequestMapping)AnnotatedElementUtils.findMergedAnnotation(method, RequestMapping.class);
if (Objects.nonNull(methodMapping)) {
Permission permission = (Permission)AnnotationUtils.findAnnotation(method, Permission.class);
if (Objects.isNull(permission)) {
LOGGER.warn("Method [{}.{}] Without @{} Annotation, Use Default Parameters To Define Permission Data", new Object[]{method.getDeclaringClass().getCanonicalName(), method.getName(), Permission.class.getCanonicalName()});
return Collections.emptyList();
}
String[] methodPaths = methodMapping.value();
if (ArrayUtils.isEmpty(methodPaths)) {
methodPaths = new String[]{""};
}
RequestMethod[] requestMethods = methodMapping.method();
if (ArrayUtils.isEmpty(requestMethods)) {
requestMethods = RequestMethod.values();
}
ApiOperation operation = (ApiOperation)AnnotationUtils.findAnnotation(method, ApiOperation.class);
String description = null;
if (Objects.nonNull(operation)) {
description = operation.value();
}
String methodName = method.getName();
RequestMethod[] var15 = requestMethods;
int var16 = requestMethods.length;
for(int var17 = 0; var17 < var16; ++var17) {
RequestMethod requestMethod = var15[var17];
String requestMethodString = requestMethod.name().toLowerCase();
int index = 0;
String[] var19 = controllerPaths;
int var20 = controllerPaths.length;
for(int var21 = 0; var21 < var20; ++var21) {
String controllerPath = var19[var21];
String[] var23 = methodPaths;
int var24 = methodPaths.length;
for(int var25 = 0; var25 < var24; ++var25) {
String methodPath = var23[var25];
++index;
permissionDataList.add(this.builtPermissionData(serviceName, resourceCode, controllerPaths.length, methodPaths.length, requestMethods.length, description, permission, methodName, requestMethodString, index, controllerPath, methodPath));
}
}
}
}
return permissionDataList;
}
类似资料: