feat: 抽离 security 认证相关配置到 framework 服务

Author: cadecode

common/plugin/log/src/main/java/com/github/cadecode/uniboot/common/plugin/log/aspect/ApiLoggerAspect.java

@@ -101,7 +101,7 @@ public void handleLogger(ProceedingJoinPoint point, ApiLogger apiLogger, Object
                     resultStr = JacksonUtil.toJson(result);
                 } catch (Exception e) {
                     resultStr = ExceptionUtil.stacktraceToString(e);
-                    log.warn("API log [{}]: request result to json fail", apiLogger.type().getType(), e);
+                    log.error("API log [{}]: request result to json fail", apiLogger.type().getType(), e);
                 }
             }
             BaseLogInfo baseLogInfo = BaseLogInfo.builder().apiLogger(apiLogger).request(attributes.getRequest())
@@ -113,10 +113,10 @@ public void handleLogger(ProceedingJoinPoint point, ApiLogger apiLogger, Object
             try {
                 apiLogHandler.save(apiLogger, logObj);
             } catch (Exception e) {
-                log.warn("API log [{}]: save async fail", apiLogger.type().getType(), e);
+                log.error("API log [{}]: save async fail", apiLogger.type().getType(), e);
             }
         } catch (Exception e) {
-            log.warn("API log [{}]: handle logger fail", apiLogger.type().getType(), e);
+            log.error("API log [{}]: handle logger fail", apiLogger.type().getType(), e);
         }
     }
 

common/plugin/log/src/main/java/com/github/cadecode/uniboot/common/plugin/log/handler/AbstractApiLogHandler.java

@@ -41,7 +41,7 @@ public static Map<String, Object> getRequestParams(JoinPoint joinPoint, ApiLogge
             return Collections.emptyMap();
         }
         if (names.length != args.length) {
-            log.warn("API log [{}]: method [{}] param and the pass value do not match", apiLogger.type().getType(), methodSignature.getName());
+            log.error("API log [{}]: method [{}] param and the pass value do not match", apiLogger.type().getType(), methodSignature.getName());
             return Collections.emptyMap();
         }
         Map<String, Object> map = new HashMap<>();

example/example_svc/src/main/resources/bootstrap.yml

@@ -2,10 +2,6 @@ logging:
   file:
     path: /log/uni_boot_admin/example
 
-server:
-  servlet:
-    context-path: /example
-
 spring:
   application:
     name: uni-boot-example

framework/framework_api/src/main/java/com/github/cadecode/uniboot/framework/api/config/SecurityConfig.java

@@ -5,28 +5,25 @@
 import com.github.cadecode.uniboot.framework.api.config.SecurityConfig.SecurityProperties;
 import com.github.cadecode.uniboot.framework.api.enums.AuthModelEnum;
 import com.github.cadecode.uniboot.framework.api.security.filter.TokenAuthFilter;
-import com.github.cadecode.uniboot.framework.api.security.handler.*;
+import com.github.cadecode.uniboot.framework.api.security.handler.NoAuthenticationHandler;
+import com.github.cadecode.uniboot.framework.api.security.handler.NoAuthorityHandler;
 import com.github.cadecode.uniboot.framework.api.security.voter.DataBaseRoleVoter;
 import lombok.Data;
 import lombok.RequiredArgsConstructor;
 import lombok.extern.slf4j.Slf4j;
+import org.springframework.boot.autoconfigure.condition.ConditionalOnMissingBean;
 import org.springframework.boot.context.properties.ConfigurationProperties;
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
-import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
 import org.springframework.security.access.vote.UnanimousBased;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
 import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
 import org.springframework.security.config.annotation.web.builders.HttpSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity;
 import org.springframework.security.config.annotation.web.builders.WebSecurity.IgnoredRequestConfigurer;
 import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
 import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
-import org.springframework.security.core.userdetails.UserDetailsService;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
-import org.springframework.security.crypto.password.PasswordEncoder;
 import org.springframework.security.web.access.expression.WebExpressionVoter;
 import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
 
@@ -40,29 +37,13 @@
  * @date 2022/5/27
  */
 @Slf4j
-@Data
 @RequiredArgsConstructor
 @EnableWebSecurity
 @EnableGlobalMethodSecurity(prePostEnabled = true)
 @EnableConfigurationProperties(SecurityProperties.class)
+@ConditionalOnMissingBean(SecurityConfig.class)
 @Configuration
-public class SecurityConfig {
-
-    /**
-     * 登录路径
-     */
-    public static final String LOGIN_URL = "/login";
-
-    /**
-     * 登录参数
-     */
-    public static final String USERNAME_PARAMETER = "username";
-    public static final String PASSWORD_PARAMETER = "password";
-
-    /**
-     * 注销路径
-     */
-    public static final String LOGOUT_URL = "/logout";
+public class SecurityConfig extends WebSecurityConfigurerAdapter {
 
     /**
      * 配置项
@@ -72,11 +53,8 @@ public class SecurityConfig {
     /**
      * 注入各种处理器
      */
-    private final LoginSuccessHandler loginSuccessHandler;
-    private final LoginFailureHandler loginFailureHandler;
     private final NoAuthenticationHandler noAuthenticationHandler;
     private final NoAuthorityHandler noAuthorityHandler;
-    private final SignOutSuccessHandler signOutSuccessHandler;
 
     /**
      * 注入 Token 过滤器
@@ -88,88 +66,50 @@ public class SecurityConfig {
      */
     private final DataBaseRoleVoter dataBaseRoleVoter;
 
-    /**
-     * 注入 UserDetailsService
-     */
-    private final UserDetailsService userDetailsService;
-
-    /**
-     * 密码加密器
-     */
-    @Bean
-    public PasswordEncoder passwordEncoder() {
-        return new BCryptPasswordEncoder();
+    @Override
+    protected void configure(HttpSecurity http) throws Exception {
+        // 关闭 csrf
+        http.csrf().disable();
+        // 关闭 session 管理
+        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
+        // 配置鉴权规则
+        http.authorizeRequests()
+                // 尝试请求直接通过
+                .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
+                .anyRequest().authenticated();
+        // 配置异常处理
+        http.exceptionHandling()
+                // 配置未登录处理器
+                .authenticationEntryPoint(noAuthenticationHandler)
+                // 配置无权限处理器
+                .accessDeniedHandler(noAuthorityHandler);
+        // 自定义的 accessDecisionManager
+        http.authorizeRequests()
+                .accessDecisionManager(new UnanimousBased(
+                        Arrays.asList(new WebExpressionVoter(), dataBaseRoleVoter)));
+        // 配置 Token 校验过滤器
+        http.addFilterBefore(tokenAuthFilter, UsernamePasswordAuthenticationFilter.class);
+        log.info("Config Security over，AuthModel:{}", properties.getAuthModel());
     }
 
-    /**
-     * Security 配置
-     */
-    @Bean
-    public WebSecurityConfigurerAdapter webSecurityConfigurer(PasswordEncoder passwordEncoder) {
-        return new WebSecurityConfigurerAdapter() {
-
-            @Override
-            protected void configure(AuthenticationManagerBuilder auth) throws Exception {
-                auth.userDetailsService(userDetailsService).passwordEncoder(passwordEncoder);
-            }
-
-            @Override
-            protected void configure(HttpSecurity http) throws Exception {
-                // 关闭 csrf
-                http.csrf().disable();
-                // 关闭 session 管理
-                http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS);
-                // 配置鉴权规则
-                http.authorizeRequests()
-                        // 尝试请求直接通过
-                        .antMatchers(HttpMethod.OPTIONS, "/**").permitAll()
-                        .anyRequest().authenticated();
-                // 配置注销处理器
-                http.logout().permitAll()
-                        .logoutUrl(LOGOUT_URL)
-                        .logoutSuccessHandler(signOutSuccessHandler);
-                // 配置异常处理
-                http.exceptionHandling()
-                        // 配置未登录处理器
-                        .authenticationEntryPoint(noAuthenticationHandler)
-                        // 配置无权限处理器
-                        .accessDeniedHandler(noAuthorityHandler);
-                // 自定义的 accessDecisionManager
-                http.authorizeRequests()
-                        .accessDecisionManager(new UnanimousBased(
-                                Arrays.asList(new WebExpressionVoter(), dataBaseRoleVoter)));
-                // 配置登录处理器
-                http.formLogin().permitAll()
-                        .loginProcessingUrl(LOGIN_URL)
-                        .usernameParameter(USERNAME_PARAMETER)
-                        .passwordParameter(PASSWORD_PARAMETER)
-                        .successHandler(loginSuccessHandler)
-                        .failureHandler(loginFailureHandler);
-                // 配置 Token 校验过滤器
-                http.addFilterBefore(tokenAuthFilter, UsernamePasswordAuthenticationFilter.class);
-                log.info("Config Security over，AuthModel:{}", properties.getAuthModel());
-            }
-
-            @Override
-            public void configure(WebSecurity web) {
-                // 忽略配置器
-                IgnoredRequestConfigurer ignoring = web.ignoring();
-                // 放行 swagger knife 文档
-                ignoring.antMatchers("/doc.html", "/webjars/**", "/swagger-resources/**", "/v2/api-docs/**");
-                // 放行其他框架
-                ignoring.antMatchers("/error", "/druid/**", "/actuator/**");
-                // 设置忽略的路径
-                List<String> ignoreUrls = properties.getIgnoreUrls();
-                if (CollUtil.isNotEmpty(ignoreUrls)) {
-                    log.info("Config Security ignore urls:{}", ignoreUrls);
-                    ignoring.antMatchers(ArrayUtil.toArray(ignoreUrls, String.class));
-                }
-            }
-        };
+    @Override
+    public void configure(WebSecurity web) {
+        // 忽略配置器
+        IgnoredRequestConfigurer ignoring = web.ignoring();
+        // 放行 swagger knife 文档
+        ignoring.antMatchers("/doc.html", "/webjars/**", "/swagger-resources/**", "/v2/api-docs/**");
+        // 放行其他框架
+        ignoring.antMatchers("/error", "/druid/**", "/actuator/**");
+        // 设置忽略的路径
+        List<String> ignoreUrls = properties.getIgnoreUrls();
+        if (CollUtil.isNotEmpty(ignoreUrls)) {
+            log.info("Config Security ignore urls:{}", ignoreUrls);
+            ignoring.antMatchers(ArrayUtil.toArray(ignoreUrls, String.class));
+        }
     }
 
     /**
-     * Security 配置
+     * Security 配置项
      */
     @Data
     @ConfigurationProperties("uni-boot.security")
@@ -188,12 +128,11 @@ public static class SecurityProperties {
         /**
          * JWT Token 配置
          */
-        private TokenConfig token;
-
+        private TokenConfig tokenConfig;
     }
 
     /**
-     * JWT 配置类
+     * JWT 配置项
      */
     @Data
     public static class TokenConfig {

framework/framework_api/src/main/java/com/github/cadecode/uniboot/framework/api/feign/SysApiClient.java

@@ -0,0 +1,24 @@
+package com.github.cadecode.uniboot.framework.api.feign;
+
+import com.github.cadecode.uniboot.framework.api.bean.vo.SysApiVo.SysApiRolesVo;
+import com.github.cadecode.uniboot.framework.api.consts.KeyPrefix;
+import org.springframework.cache.annotation.Cacheable;
+import org.springframework.cloud.openfeign.FeignClient;
+import org.springframework.web.bind.annotation.PostMapping;
+
+import java.util.List;
+
+/**
+ * SysApi feign client
+ *
+ * @author Cade Li
+ * @since 2023/7/28
+ */
+@FeignClient(contextId = "SysApiClient", name = "uni-boot-framework")
+public interface SysApiClient {
+
+    @Cacheable(cacheNames = KeyPrefix.API_ROLES, key = "'all'")
+    @PostMapping("system/api/list_roles_vo")
+    List<SysApiRolesVo> listRolesVo();
+
+}

framework/framework_api/src/main/java/com/github/cadecode/uniboot/framework/api/feign/SysLogClient.java

@@ -0,0 +1,23 @@
+package com.github.cadecode.uniboot.framework.api.feign;
+
+import com.github.cadecode.uniboot.framework.api.bean.po.SysLog;
+import org.springframework.cloud.openfeign.FeignClient;
+import org.springframework.web.bind.annotation.PostMapping;
+import org.springframework.web.bind.annotation.RequestBody;
+
+import javax.validation.constraints.NotEmpty;
+import java.util.List;
+
+/**
+ * SysLog feign client
+ *
+ * @author Cade Li
+ * @since 2023/7/28
+ */
+@FeignClient(contextId = "SysLogClient", name = "uni-boot-framework")
+public interface SysLogClient {
+
+    @PostMapping("system/log/save")
+    boolean save(@RequestBody @NotEmpty List<SysLog> poList);
+
+}

framework/framework_api/src/main/java/com/github/cadecode/uniboot/framework/api/plugin/ApiLogHandler.java

@@ -12,7 +12,7 @@
 import com.github.cadecode.uniboot.framework.api.bean.dto.SysLogDto.SysLogInfoDto;
 import com.github.cadecode.uniboot.framework.api.bean.po.SysLog;
 import com.github.cadecode.uniboot.framework.api.convert.SysLogConvert;
-import com.github.cadecode.uniboot.framework.api.service.SysLogService;
+import com.github.cadecode.uniboot.framework.api.feign.SysLogClient;
 import com.github.cadecode.uniboot.framework.api.util.SecurityUtil;
 import io.swagger.annotations.ApiOperation;
 import lombok.RequiredArgsConstructor;
@@ -22,6 +22,8 @@
 import org.springframework.scheduling.annotation.Async;
 import org.springframework.stereotype.Component;
 
+import java.util.Collections;
+
 /**
  * Api Log 处理器实现
  *
@@ -33,7 +35,7 @@
 @Component
 public class ApiLogHandler extends AbstractApiLogHandler {
 
-    private final SysLogService sysLogService;
+    private final SysLogClient sysLogClient;
 
     /**
      * 构造 LogInfo
@@ -49,7 +51,7 @@ public SysLogInfoDto generateLog(ProceedingJoinPoint point, BaseLogInfo baseLogI
             paramsJson = JacksonUtil.toJson(getRequestParams(point, apiLogger));
         } catch (Exception e) {
             paramsJson = ExceptionUtil.stacktraceToString(e);
-            log.warn("API log [{}]: request params to json fail", apiLogger.type().getType(), e);
+            log.error("API log [{}]: request params to json fail", apiLogger.type().getType(), e);
         }
         // 获取描述
         String description = apiLogger.description();
@@ -94,6 +96,10 @@ public void save(ApiLogger apiLogger, Object o) {
         if (!apiLogger.saveResult()) {
             po.setResult(null);
         }
-        sysLogService.save(po);
+        try {
+            sysLogClient.save(Collections.singletonList(po));
+        } catch (Exception e) {
+            log.error("API log [{}]: save fail", apiLogger.type().getType(), e);
+        }
     }
 }

framework/framework_api/src/main/java/com/github/cadecode/uniboot/framework/api/security/voter/DataBaseRoleVoter.java

@@ -1,9 +1,9 @@
 package com.github.cadecode.uniboot.framework.api.security.voter;
 
 import cn.hutool.core.util.ObjectUtil;
-import com.github.cadecode.uniboot.framework.api.bean.dto.SysUserDto;
+import com.github.cadecode.uniboot.framework.api.bean.dto.SysUserDto.SysUserDetailsDto;
 import com.github.cadecode.uniboot.framework.api.bean.vo.SysApiVo.SysApiRolesVo;
-import com.github.cadecode.uniboot.framework.api.service.SysApiService;
+import com.github.cadecode.uniboot.framework.api.feign.SysApiClient;
 import com.github.cadecode.uniboot.framework.api.util.SecurityUtil;
 import lombok.RequiredArgsConstructor;
 import org.springframework.security.access.ConfigAttribute;
@@ -31,7 +31,7 @@ public class DataBaseRoleVoter extends RoleVoter {
     // ant 匹配器
     private final AntPathMatcher antPathMatcher = new AntPathMatcher();
 
-    private final SysApiService sysApiService;
+    private final SysApiClient sysApiClient;
 
     @Override
     public int vote(Authentication authentication, Object object, Collection<ConfigAttribute> attributes) {
@@ -42,9 +42,9 @@ public int vote(Authentication authentication, Object object, Collection<ConfigA
         FilterInvocation fi = (FilterInvocation) object;
         String requestUrl = fi.getRequest().getRequestURI();
         // 获取 api role 的关系列表
-        List<SysApiRolesVo> sysApiRolesVos = sysApiService.listRolesVo();
+        List<SysApiRolesVo> sysApiRolesVos = sysApiClient.listRolesVo();
         // 获取用户角色
-        SysUserDto.SysUserDetailsDto sysUserDetailsDto = SecurityUtil.getUserDetails(authentication);
+        SysUserDetailsDto sysUserDetailsDto = SecurityUtil.getUserDetails(authentication);
         List<String> roles = sysUserDetailsDto.getRoles();
         // 获取与 url 相同的配置，不存在与 url 相同配置则使用 spring mvc ant 风格匹配
         SysApiRolesVo sysApiRolesVo = sysApiRolesVos.stream()