Merge branch 'master' of https://gitee.com/xinyingpower/xymanagerbackend

 Conflicts:

	xymanager_admin/src/main/java/com/shxy/xymanager_admin/controller/TestController.java

xymanager_service/pom.xml

@@ -31,6 +31,10 @@
             <artifactId>jjwt</artifactId>
             <version>0.9.0</version>
         </dependency>
+        <dependency>
+            <groupId>org.springframework</groupId>
+            <artifactId>spring-webmvc</artifactId>
+        </dependency>
     </dependencies>
 <!--    <build>-->
 <!--        <plugins>-->

xymanager_service/src/main/java/com/shxy/xymanager_service/service/security/CustomSecurityConfig.java

@@ -1,113 +1,47 @@
 package com.shxy.xymanager_service.service.security;
 
 
-import com.shxy.xymanager_common.security.componet.CustomAuthExceptionEntryPoint;
-
-import com.shxy.xymanager_service.impl.CustomUserDetailsServiceImpl;
-import com.shxy.xymanager_service.impl.LogoutSuccessHandlerImpl;
-import lombok.extern.slf4j.Slf4j;
 import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.context.annotation.Bean;
 import org.springframework.context.annotation.Configuration;
 import org.springframework.http.HttpMethod;
-import org.springframework.security.authentication.AuthenticationManager;
-import org.springframework.security.config.annotation.authentication.builders.AuthenticationManagerBuilder;
-import org.springframework.security.config.annotation.method.configuration.EnableGlobalMethodSecurity;
-import org.springframework.security.config.annotation.web.builders.HttpSecurity;
-import org.springframework.security.config.annotation.web.configuration.EnableWebSecurity;
-import org.springframework.security.config.annotation.web.configuration.WebSecurityConfigurerAdapter;
 import org.springframework.security.config.http.SessionCreationPolicy;
-import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
-import org.springframework.security.crypto.password.PasswordEncoder;
-import org.springframework.security.web.authentication.UsernamePasswordAuthenticationFilter;
+import org.springframework.web.servlet.config.annotation.CorsRegistry;
+import org.springframework.web.servlet.config.annotation.InterceptorRegistry;
+import org.springframework.web.servlet.config.annotation.WebMvcConfigurer;
 
 
 @Configuration
-@EnableWebSecurity// 这个注解必须加，开启Security
-@EnableGlobalMethodSecurity(prePostEnabled = true)//保证post之前的注解可以使用
-@Slf4j
-public class CustomSecurityConfig extends WebSecurityConfigurerAdapter {
-
-    @Autowired
-    private CustomAuthExceptionEntryPoint customAuthExceptionEntryPoint;
-
-    @Autowired
-    private CustomUserDetailsServiceImpl customUserDetailsServiceImpl;
-
-    @Autowired
-    private JwtAuthenticationTokenFilter jwtAuthenticationTokenFilter;
-    /**
-     * 退出处理类
-     */
-    @Autowired
-    private LogoutSuccessHandlerImpl logoutSuccessHandler;
+public class CustomSecurityConfig implements WebMvcConfigurer {
 
+    private final JwtInterceptor jwtInterceptor;
 
-
-    //先来这里认证一下
-    @Autowired
-    public void configureGlobal(AuthenticationManagerBuilder auth) throws Exception {
-        log.info("213123123");
-        auth.userDetailsService(customUserDetailsServiceImpl).passwordEncoder(passwordEncoderBean());
+    public CustomSecurityConfig(JwtInterceptor jwtInterceptor) {
+        this.jwtInterceptor = jwtInterceptor;
     }
 
-    //拦截在这配
     @Override
-    protected void configure(HttpSecurity httpSecurity) throws Exception {
-        log.info("123566");
-        httpSecurity
-                // 认证失败处理类
-                .exceptionHandling().authenticationEntryPoint(customAuthExceptionEntryPoint).and()
-                .sessionManagement().sessionCreationPolicy(SessionCreationPolicy.ALWAYS).and()
-                // 过滤请求
-                .authorizeRequests()
-                // 对于登录login 验证码captchaImage 允许匿名访问
-                .antMatchers("/login", "/captchaImage").anonymous()
-                .antMatchers("*/api/addUser").anonymous()
-                .antMatchers("**/addUser").anonymous()
-                .antMatchers("/addUser").anonymous()
-                .antMatchers(
-                        HttpMethod.GET,
-                        "/*.html",
-                        "/**/*.html",
-                        "/**/*.css",
-                        "/**/*.js"
-                ).permitAll()
-                .antMatchers("/profile/**").anonymous()
-                .antMatchers("/common/download**").anonymous()
-                .antMatchers("/swagger-ui.html").anonymous()
-                .antMatchers("/swagger-resources/**").anonymous()
-                .antMatchers("/webjars/**").anonymous()
-                .antMatchers("/*/api-docs").anonymous()
-                .antMatchers("/druid/**").anonymous()
-                .antMatchers("/test/**").anonymous()
-                .antMatchers( "/v3/**").anonymous()
-                .antMatchers( "/error").anonymous()
-//                .antMatchers("/**").anonymous()
-                .antMatchers("/api/**").anonymous()
-//                .antMatchers("/busiMainDeviceController/**").anonymous()
-                .antMatchers("/sysLoginRemoteController/**").anonymous()
-//                .antMatchers("/remote/**").anonymous()
-                .antMatchers("/userRemote/**").anonymous()
-                // 除上面外的所有请求全部需要鉴权认证
-                .anyRequest().authenticated()
-                .and()
-                .headers().frameOptions().disable();
-
-        httpSecurity.logout().logoutUrl("/logout").logoutSuccessHandler(logoutSuccessHandler);
-        // 添加JWT filter
-        httpSecurity.addFilterBefore(jwtAuthenticationTokenFilter, UsernamePasswordAuthenticationFilter.class);
-    }
-
-    @Bean
-    public PasswordEncoder passwordEncoderBean() {
-        return new BCryptPasswordEncoder();
+    public void addInterceptors(InterceptorRegistry registry) {
+        registry.addInterceptor(this.jwtInterceptor).addPathPatterns("/getXcxMainInfo").addPathPatterns("/authorizeXcxLogin")
+                .addPathPatterns("/bindXcxDevice")
+                .excludePathPatterns("/login")
+                .excludePathPatterns("/api/addUser")
+                .excludePathPatterns("/swagger-ui.html")
+                .excludePathPatterns("/swagger-resources/**")
+                .excludePathPatterns("/*/api-docs")
+                .excludePathPatterns("/error")
+                .excludePathPatterns("/test/**")
+                .excludePathPatterns("/loginXcxuser")
+                .excludePathPatterns("/loginXcxuser")
+                .excludePathPatterns("/addUser");
     }
 
-    @Bean
     @Override
-    public AuthenticationManager authenticationManagerBean() throws Exception {
-        return super.authenticationManagerBean();
+    public void addCorsMappings(CorsRegistry registry) {
+        registry.addMapping("/**")
+                .allowedOrigins("*")
+                .allowedMethods("POST", "GET", "PUT", "OPTIONS", "DELETE")
+                .maxAge(3600)
+                .allowCredentials(false);
     }
 
 }

xymanager_service/src/main/java/com/shxy/xymanager_service/service/security/JwtAuthenticationTokenFilter.java

@@ -1,64 +0,0 @@
-package com.shxy.xymanager_service.service.security;
-
-
-import com.shxy.xymanager_common.entity.UserSession;
-import com.shxy.xymanager_common.security.LoginUser;
-import com.shxy.xymanager_common.util.MyDateUtils;
-import com.shxy.xymanager_common.util.SecurityUtils;
-import com.shxy.xymanager_service.service.SysUserService;
-import org.springframework.beans.factory.annotation.Autowired;
-import org.springframework.security.authentication.UsernamePasswordAuthenticationToken;
-import org.springframework.security.core.context.SecurityContextHolder;
-import org.springframework.security.web.authentication.WebAuthenticationDetailsSource;
-import org.springframework.stereotype.Component;
-import org.springframework.web.filter.OncePerRequestFilter;
-
-import javax.servlet.FilterChain;
-import javax.servlet.ServletException;
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-import java.io.IOException;
-import java.math.BigInteger;
-
-/**
- * @ClassName：JwtAuthenticationTokenFilter
- * @Description： token过滤器 验证token有效性.
- * @Author： Arno_Fu
- * @CreatTime：11/26/2019 - 6:34 PM
- * @Version V1.0
- */
-@Component
-public class JwtAuthenticationTokenFilter extends OncePerRequestFilter {
-
-    @Autowired
-    private SysUserService sysUserService;
-
-    @Override
-    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
-        UserSession user = null;
-        if(null!= request.getSession().getAttribute("sessionId")) {
-            String sessionId = request.getSession().getAttribute("sessionId").toString();
-            user = sysUserService.selectUserById(sessionId);
-            BigInteger expireTime = user.getExpireTime();
-
-            BigInteger currentTime = MyDateUtils.TimeSecond2MillSecond(System.currentTimeMillis());
-            if (expireTime.subtract(currentTime).compareTo(BigInteger.valueOf(3600L)) > 0) {
-                user.setExpireTime(user.getExpireTime().add(new BigInteger(String.valueOf(30 * 1800))));
-                sysUserService.updateUserSession(user);
-            }
-        }
-
-
-
-
-        if (null != user && null == SecurityUtils.getAuthentication())
-        {
-
-            UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(user, null,null);
-            authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
-            SecurityContextHolder.getContext().setAuthentication(authenticationToken);
-        }
-
-        chain.doFilter(request, response);
-    }
-}

xymanager_service/src/main/java/com/shxy/xymanager_service/service/security/JwtInterceptor.java

@@ -0,0 +1,94 @@
+package com.shxy.xymanager_service.service.security;
+
+
+import cn.hutool.core.util.StrUtil;
+import com.shxy.xymanager_common.annotation.JwtIgnore;
+import com.shxy.xymanager_common.enums.HttpMethod;
+import com.shxy.xymanager_common.exception.Asserts;
+import lombok.extern.slf4j.Slf4j;
+import org.springframework.stereotype.Component;
+import org.springframework.web.method.HandlerMethod;
+import org.springframework.web.servlet.HandlerInterceptor;
+import org.springframework.web.servlet.ModelAndView;
+
+import javax.servlet.http.HttpServletRequest;
+import javax.servlet.http.HttpServletResponse;
+
+/**
+ * @ClassName：JwtAuthenticationTokenFilter
+ * @Description： token过滤器 验证token有效性.
+ * @Author： Arno_Fu
+ * @CreatTime：11/26/2019 - 6:34 PM
+ * @Version V1.0
+ */
+@Component
+@Slf4j
+public class JwtInterceptor implements HandlerInterceptor {
+
+
+
+    @Override
+    public boolean preHandle(HttpServletRequest request, HttpServletResponse response, Object handler) throws Exception {
+        // 忽略带JwtIgnore注解的请求, 不做后续token认证校验
+        if (handler instanceof HandlerMethod) {
+            HandlerMethod handlerMethod = (HandlerMethod) handler;
+            JwtIgnore jwtIgnore = handlerMethod.getMethodAnnotation(JwtIgnore.class);
+            if (jwtIgnore != null) {
+                return true;
+            }
+        }
+        if (HttpMethod.GET.name().equals(request.getMethod())) {
+            response.setStatus(HttpServletResponse.SC_OK);
+            return true;
+        }
+        // 获取请求头信息authorization信息
+        final String token = request.getHeader("token");
+        if (StrUtil.isBlank(token)) {
+            log.info("token为空登录过期");
+            Asserts.fail(401, "登录过期");
+        }
+        return true;
+    }
+
+
+
+    @Override
+    public void postHandle(HttpServletRequest request, HttpServletResponse response, Object handler, ModelAndView modelAndView) throws Exception {
+        HandlerInterceptor.super.postHandle(request, response, handler, modelAndView);
+    }
+
+    @Override
+    public void afterCompletion(HttpServletRequest request, HttpServletResponse response, Object handler, Exception ex) throws Exception {
+        HandlerInterceptor.super.afterCompletion(request, response, handler, ex);
+    }
+
+
+   /* @Override
+    protected void doFilterInternal(HttpServletRequest request, HttpServletResponse response, FilterChain chain) throws ServletException, IOException {
+        UserSession user = null;
+        if(null!= request.getSession().getAttribute("sessionId")) {
+            String sessionId = request.getSession().getAttribute("sessionId").toString();
+            user = sysUserService.selectUserById(sessionId);
+            BigInteger expireTime = user.getExpireTime();
+
+            BigInteger currentTime = MyDateUtils.TimeSecond2MillSecond(System.currentTimeMillis());
+            if (expireTime.subtract(currentTime).compareTo(BigInteger.valueOf(3600L)) > 0) {
+                user.setExpireTime(user.getExpireTime().add(new BigInteger(String.valueOf(30 * 1800))));
+                sysUserService.updateUserSession(user);
+            }
+        }*/
+
+
+
+
+      /*  if (null != user && null == SecurityUtils.getAuthentication())
+        {
+
+            UsernamePasswordAuthenticationToken authenticationToken = new UsernamePasswordAuthenticationToken(user, null,null);
+            authenticationToken.setDetails(new WebAuthenticationDetailsSource().buildDetails(request));
+            SecurityContextHolder.getContext().setAuthentication(authenticationToken);
+        }
+
+        chain.doFilter(request, response);
+    }*/
+}