feat(全局): 新增 HasPermisson 表达式，简化接口权限判断表达式

@hasPermission("XXX") @PreAuthorize("@pms.hasPermission('XXX')")
pig-mesh · Jul 15, 2024 · 144bfa2 · 144bfa2
1 parent 4243319
commit 144bfa2
Show file tree

Hide file tree

Showing 2 changed files with 80 additions and 37 deletions.
diff --git a/...on-security/src/main/java/com/pig4cloud/pig/common/security/annotation/HasPermission.java b/...on-security/src/main/java/com/pig4cloud/pig/common/security/annotation/HasPermission.java
@@ -0,0 +1,29 @@
+package com.pig4cloud.pig.common.security.annotation;
+
+
+import org.springframework.security.access.prepost.PreAuthorize;
+
+import java.lang.annotation.ElementType;
+import java.lang.annotation.Retention;
+import java.lang.annotation.RetentionPolicy;
+import java.lang.annotation.Target;
+
+/**
+ * 判断是否有权限
+ *
+ * @author lengleng
+ * @date 2024/07/15
+ */
+@Target({ElementType.METHOD})
+@Retention(RetentionPolicy.RUNTIME)
+@PreAuthorize("@pms.hasPermission('{value}'.split(','))")
+public @interface HasPermission {
+
+    /**
+     * 权限字符串
+     *
+     * @return {@link String[] }
+     */
+    String[] value();
+
+}
diff --git a/.../java/com/pig4cloud/pig/common/security/component/PigResourceServerAutoConfiguration.java b/.../java/com/pig4cloud/pig/common/security/component/PigResourceServerAutoConfiguration.java
@@ -21,6 +21,7 @@
 import org.springframework.boot.context.properties.EnableConfigurationProperties;
 import org.springframework.context.MessageSource;
 import org.springframework.context.annotation.Bean;
+import org.springframework.security.authorization.method.PrePostTemplateDefaults;
 import org.springframework.security.oauth2.server.authorization.OAuth2AuthorizationService;
 import org.springframework.security.oauth2.server.resource.introspection.OpaqueTokenIntrospector;
 
@@ -32,45 +33,58 @@
 @EnableConfigurationProperties(PermitAllUrlProperties.class)
 public class PigResourceServerAutoConfiguration {
 
-	/**
-	 * 鉴权具体的实现逻辑
-	 * @return （#pms.xxx）
-	 */
-	@Bean("pms")
-	public PermissionService permissionService() {
-		return new PermissionService();
-	}
+    /**
+     * 鉴权具体的实现逻辑
+     *
+     * @return （#pms.xxx）
+     */
+    @Bean("pms")
+    public PermissionService permissionService() {
+        return new PermissionService();
+    }
 
-	/**
-	 * 请求令牌的抽取逻辑
-	 * @param urlProperties 对外暴露的接口列表
-	 * @return BearerTokenExtractor
-	 */
-	@Bean
-	public PigBearerTokenExtractor pigBearerTokenExtractor(PermitAllUrlProperties urlProperties) {
-		return new PigBearerTokenExtractor(urlProperties);
-	}
+    /**
+     * 请求令牌的抽取逻辑
+     *
+     * @param urlProperties 对外暴露的接口列表
+     * @return BearerTokenExtractor
+     */
+    @Bean
+    public PigBearerTokenExtractor pigBearerTokenExtractor(PermitAllUrlProperties urlProperties) {
+        return new PigBearerTokenExtractor(urlProperties);
+    }
 
-	/**
-	 * 资源服务器异常处理
-	 * @param objectMapper jackson 输出对象
-	 * @param securityMessageSource 自定义国际化处理器
-	 * @return ResourceAuthExceptionEntryPoint
-	 */
-	@Bean
-	public ResourceAuthExceptionEntryPoint resourceAuthExceptionEntryPoint(ObjectMapper objectMapper,
-			MessageSource securityMessageSource) {
-		return new ResourceAuthExceptionEntryPoint(objectMapper, securityMessageSource);
-	}
+    /**
+     * 资源服务器异常处理
+     *
+     * @param objectMapper          jackson 输出对象
+     * @param securityMessageSource 自定义国际化处理器
+     * @return ResourceAuthExceptionEntryPoint
+     */
+    @Bean
+    public ResourceAuthExceptionEntryPoint resourceAuthExceptionEntryPoint(ObjectMapper objectMapper,
+                                                                           MessageSource securityMessageSource) {
+        return new ResourceAuthExceptionEntryPoint(objectMapper, securityMessageSource);
+    }
 
-	/**
-	 * 资源服务器toke内省处理器
-	 * @param authorizationService token 存储实现
-	 * @return TokenIntrospector
-	 */
-	@Bean
-	public OpaqueTokenIntrospector opaqueTokenIntrospector(OAuth2AuthorizationService authorizationService) {
-		return new PigCustomOpaqueTokenIntrospector(authorizationService);
-	}
+    /**
+     * 资源服务器toke内省处理器
+     *
+     * @param authorizationService token 存储实现
+     * @return TokenIntrospector
+     */
+    @Bean
+    public OpaqueTokenIntrospector opaqueTokenIntrospector(OAuth2AuthorizationService authorizationService) {
+        return new PigCustomOpaqueTokenIntrospector(authorizationService);
+    }
 
+    /**
+     * 支持自定义权限表达式
+     *
+     * @return {@link PrePostTemplateDefaults }
+     */
+    @Bean
+    PrePostTemplateDefaults prePostTemplateDefaults() {
+        return new PrePostTemplateDefaults();
+    }
 }