templates.service.DefaultAuthorizationManager.ftl Maven / Gradle / Ivy

Go to download
Show more of this group Show more artifacts with this name
Show all versions of yes-generator Show documentation
There is a newer version: 2.0.4
package ${packageName}.service.security;

import com.alibaba.fastjson.JSONObject;
import lombok.extern.slf4j.Slf4j;
import org.springframework.http.server.reactive.ServerHttpRequest;
import org.springframework.security.access.AccessDeniedException;
import org.springframework.security.authorization.AuthorizationDecision;
import org.springframework.security.authorization.ReactiveAuthorizationManager;
import org.springframework.security.core.Authentication;
import org.springframework.security.core.GrantedAuthority;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.web.server.authorization.AuthorizationContext;
import org.springframework.stereotype.Component;
import org.springframework.util.AntPathMatcher;
import org.springframework.web.context.request.RequestContextHolder;
import org.springframework.web.server.ServerWebExchange;
import ${packageName}.common.context.TokenContextHolder;
import ${packageName}.common.vo.LoginUserVo;
import org.yes.tools.core.exception.YesBaseException;
import reactor.core.publisher.Mono;

import java.util.Collection;
import java.util.Objects;

/**
 * 用户权限鉴权处理
 */
@Component
@Slf4j
public class DefaultAuthorizationManager implements ReactiveAuthorizationManager {


    private final AntPathMatcher antPathMatcher = new AntPathMatcher();

    @Override
    public Mono check(Mono authentication, AuthorizationContext authorizationContext) {
        return authentication.map(auth -> {
            if (auth.getPrincipal() == null || "null".equals(auth.getPrincipal())) {
                return new AuthorizationDecision(true);
            }
            LoginUserVo principal = (LoginUserVo) auth.getPrincipal();
            if (Objects.nonNull(principal)) {
                TokenContextHolder.setToken(principal.getToken());
            }
            RequestContextHolder.setRequestAttributes(RequestContextHolder.getRequestAttributes(), true);
            SecurityContextHolder.getContext().setAuthentication(auth);
            ServerWebExchange exchange = authorizationContext.getExchange();
            ServerHttpRequest request = exchange.getRequest();
            //TODO 路径鉴权先不做
            Collection authorities = auth.getAuthorities();
            return new AuthorizationDecision(true);
        }).defaultIfEmpty(new AuthorizationDecision(false));
    }

    @Override
    public Mono verify(Mono authentication, AuthorizationContext object) {
        return check(authentication, object)
                .filter(AuthorizationDecision::isGranted)
                .switchIfEmpty(Mono.defer(() -> {
                    String body = JSONObject.toJSONString(new YesBaseException("账号没有权限"));
                    return Mono.error(new AccessDeniedException(body));
                }))
                .flatMap(d -> Mono.empty());
    }
}