客户端角色路由认证规则修改
parent
4768358395
commit
4b8c442ceb
|
@ -3,6 +3,7 @@ package cc.iotkit.manager.config;
|
||||||
import cn.dev33.satoken.interceptor.SaAnnotationInterceptor;
|
import cn.dev33.satoken.interceptor.SaAnnotationInterceptor;
|
||||||
import cn.dev33.satoken.interceptor.SaRouteInterceptor;
|
import cn.dev33.satoken.interceptor.SaRouteInterceptor;
|
||||||
import cn.dev33.satoken.router.SaRouter;
|
import cn.dev33.satoken.router.SaRouter;
|
||||||
|
import cn.dev33.satoken.router.SaRouterStaff;
|
||||||
import cn.dev33.satoken.stp.StpUtil;
|
import cn.dev33.satoken.stp.StpUtil;
|
||||||
import lombok.extern.slf4j.Slf4j;
|
import lombok.extern.slf4j.Slf4j;
|
||||||
import org.springframework.context.annotation.Configuration;
|
import org.springframework.context.annotation.Configuration;
|
||||||
|
@ -20,8 +21,10 @@ public class SaTokenConfigure implements WebMvcConfigurer {
|
||||||
// 注册路由拦截器,自定义认证规则
|
// 注册路由拦截器,自定义认证规则
|
||||||
registry.addInterceptor(new SaRouteInterceptor((req, res, handler) -> {
|
registry.addInterceptor(new SaRouteInterceptor((req, res, handler) -> {
|
||||||
log.info("resource role check,path:{}", req.getRequestPath());
|
log.info("resource role check,path:{}", req.getRequestPath());
|
||||||
SaRouter
|
|
||||||
//管理员、系统、客户端用户角色能使用的功能
|
//客户端角色能使用的功能
|
||||||
|
if (StpUtil.hasRole("iot_client")) {
|
||||||
|
if (SaRouter
|
||||||
.match("/space/addSpace/**",
|
.match("/space/addSpace/**",
|
||||||
"/space/saveSpace/**",
|
"/space/saveSpace/**",
|
||||||
"/space/delSpace/**",
|
"/space/delSpace/**",
|
||||||
|
@ -38,10 +41,15 @@ public class SaTokenConfigure implements WebMvcConfigurer {
|
||||||
"/device/*/consumer/*",
|
"/device/*/consumer/*",
|
||||||
"/device/*/service/property/set",
|
"/device/*/service/property/set",
|
||||||
"/device/*/service/*/invoke"
|
"/device/*/service/*/invoke"
|
||||||
)
|
).isHit()) {
|
||||||
.check(c -> StpUtil.checkRoleOr("iot_admin", "iot_system", "iot_client"));
|
return;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
SaRouter
|
SaRouter
|
||||||
|
//除了以上所有功能都需要 管理员或系统用户角色
|
||||||
|
.match("/**")
|
||||||
|
.check(c -> StpUtil.checkRoleOr("iot_admin", "iot_system"))
|
||||||
//需要有可写权限的功能
|
//需要有可写权限的功能
|
||||||
.match(
|
.match(
|
||||||
"/**/save*/**",
|
"/**/save*/**",
|
||||||
|
@ -54,12 +62,6 @@ public class SaTokenConfigure implements WebMvcConfigurer {
|
||||||
"/**/invoke"
|
"/**/invoke"
|
||||||
).check(c -> StpUtil.checkPermission("write"));
|
).check(c -> StpUtil.checkPermission("write"));
|
||||||
|
|
||||||
SaRouter
|
|
||||||
//管理员、系统用户角色能使用的功能
|
|
||||||
.match("/**")
|
|
||||||
.check(c -> StpUtil.checkRoleOr("iot_admin", "iot_system", "iot_client"))
|
|
||||||
|
|
||||||
;
|
|
||||||
})).addPathPatterns("/**")
|
})).addPathPatterns("/**")
|
||||||
.excludePathPatterns(
|
.excludePathPatterns(
|
||||||
"/*.png",
|
"/*.png",
|
||||||
|
|
|
@ -1,154 +0,0 @@
|
||||||
package cc.iotkit.manager.service;
|
|
||||||
|
|
||||||
import cc.iotkit.common.exception.BizException;
|
|
||||||
import cc.iotkit.common.utils.JsonUtil;
|
|
||||||
import cc.iotkit.model.UserInfo;
|
|
||||||
import lombok.extern.slf4j.Slf4j;
|
|
||||||
import org.keycloak.admin.client.Keycloak;
|
|
||||||
import org.keycloak.admin.client.KeycloakBuilder;
|
|
||||||
import org.keycloak.admin.client.resource.UserResource;
|
|
||||||
import org.keycloak.admin.client.resource.UsersResource;
|
|
||||||
import org.keycloak.representations.idm.CredentialRepresentation;
|
|
||||||
import org.keycloak.representations.idm.UserRepresentation;
|
|
||||||
import org.springframework.beans.factory.annotation.Value;
|
|
||||||
import org.springframework.stereotype.Service;
|
|
||||||
|
|
||||||
import java.util.Arrays;
|
|
||||||
import java.util.Collections;
|
|
||||||
import java.util.List;
|
|
||||||
|
|
||||||
@Slf4j
|
|
||||||
@Service
|
|
||||||
public class KeycloakAdminService {
|
|
||||||
|
|
||||||
@Value("${keycloak.realm}")
|
|
||||||
private String realm;
|
|
||||||
|
|
||||||
@Value("${keycloak.auth-server-url}")
|
|
||||||
private String authServerUrl;
|
|
||||||
|
|
||||||
@Value("${keycloak-admin-user}")
|
|
||||||
private String adminUser;
|
|
||||||
|
|
||||||
@Value("${keycloak-admin-password}")
|
|
||||||
private String adminPassword;
|
|
||||||
|
|
||||||
@Value("${keycloak-admin-clientid}")
|
|
||||||
private String adminClientId;
|
|
||||||
|
|
||||||
private Keycloak keycloak;
|
|
||||||
|
|
||||||
private Keycloak getKeycloak() {
|
|
||||||
if (keycloak == null) {
|
|
||||||
keycloak = KeycloakBuilder.builder()
|
|
||||||
.serverUrl(authServerUrl)
|
|
||||||
.username(adminUser)
|
|
||||||
.password(adminPassword)
|
|
||||||
.clientId(adminClientId)
|
|
||||||
.realm(realm)
|
|
||||||
.build();
|
|
||||||
}
|
|
||||||
return keycloak;
|
|
||||||
}
|
|
||||||
|
|
||||||
public String createUser(UserInfo user, String pwd) {
|
|
||||||
Keycloak keycloak = getKeycloak();
|
|
||||||
UsersResource usersResource = keycloak.realm(realm)
|
|
||||||
.users();
|
|
||||||
UserRepresentation userRepresentation = new UserRepresentation();
|
|
||||||
userRepresentation.setUsername(user.getUid());
|
|
||||||
userRepresentation.setGroups(Collections.singletonList(getGroup(user.getType())));
|
|
||||||
userRepresentation.setRealmRoles(user.getRoles());
|
|
||||||
if (user.getEmail() != null) {
|
|
||||||
userRepresentation.setEmail(user.getEmail());
|
|
||||||
}
|
|
||||||
userRepresentation.setEnabled(true);
|
|
||||||
userRepresentation.setFirstName(user.getNickName());
|
|
||||||
|
|
||||||
CredentialRepresentation credentialRepresentation = new CredentialRepresentation();
|
|
||||||
credentialRepresentation.setType(CredentialRepresentation.PASSWORD);
|
|
||||||
credentialRepresentation.setValue(pwd);
|
|
||||||
credentialRepresentation.setTemporary(false);
|
|
||||||
userRepresentation.setCredentials(Collections.singletonList(credentialRepresentation));
|
|
||||||
javax.ws.rs.core.Response response = usersResource.create(userRepresentation);
|
|
||||||
String url = response.getLocation().getPath();
|
|
||||||
String newUid = url.substring(url.lastIndexOf("/") + 1);
|
|
||||||
|
|
||||||
if (response.getStatus() >= 300) {
|
|
||||||
log.error("create userRepresentation response:{}", JsonUtil.toJsonString(response));
|
|
||||||
throw new BizException("create keycloak user failed");
|
|
||||||
}
|
|
||||||
|
|
||||||
return newUid;
|
|
||||||
}
|
|
||||||
|
|
||||||
public void updateUser(UserInfo user) {
|
|
||||||
Keycloak keycloak = getKeycloak();
|
|
||||||
UserResource userResource = keycloak.realm(realm)
|
|
||||||
.users().get(user.getId());
|
|
||||||
UserRepresentation userRepresentation = userResource.toRepresentation();
|
|
||||||
if (user.getUid() != null) {
|
|
||||||
userRepresentation.setUsername(user.getUid());
|
|
||||||
}
|
|
||||||
if (user.getEmail() != null) {
|
|
||||||
userRepresentation.setEmail(user.getEmail());
|
|
||||||
}
|
|
||||||
if (user.getType() != null) {
|
|
||||||
userRepresentation.setGroups(Arrays.asList(getGroup(user.getType())));
|
|
||||||
}
|
|
||||||
if (user.getRoles() != null) {
|
|
||||||
userRepresentation.setRealmRoles(user.getRoles());
|
|
||||||
}
|
|
||||||
userResource.update(userRepresentation);
|
|
||||||
}
|
|
||||||
|
|
||||||
public UserInfo getUser(String uid) {
|
|
||||||
Keycloak keycloak = getKeycloak();
|
|
||||||
List<UserRepresentation> users = keycloak.realm(realm)
|
|
||||||
.users().search(uid);
|
|
||||||
if (users.size() == 0) {
|
|
||||||
return null;
|
|
||||||
}
|
|
||||||
UserRepresentation user = users.get(0);
|
|
||||||
|
|
||||||
return UserInfo.builder()
|
|
||||||
.id(user.getId())
|
|
||||||
.uid(uid)
|
|
||||||
.build();
|
|
||||||
}
|
|
||||||
|
|
||||||
public void resetUserPwd(String id, String pwd) {
|
|
||||||
Keycloak keycloak = getKeycloak();
|
|
||||||
UserResource userResource = keycloak.realm(realm)
|
|
||||||
.users().get(id);
|
|
||||||
UserRepresentation userRepresentation = userResource.toRepresentation();
|
|
||||||
|
|
||||||
CredentialRepresentation credentialRepresentation = new CredentialRepresentation();
|
|
||||||
credentialRepresentation.setType(CredentialRepresentation.PASSWORD);
|
|
||||||
credentialRepresentation.setValue(pwd);
|
|
||||||
credentialRepresentation.setTemporary(false);
|
|
||||||
userRepresentation.setCredentials(Arrays.asList(credentialRepresentation));
|
|
||||||
|
|
||||||
userResource.update(userRepresentation);
|
|
||||||
}
|
|
||||||
|
|
||||||
public void deleteUser(String id) {
|
|
||||||
Keycloak keycloak = getKeycloak();
|
|
||||||
UserResource userResource = keycloak.realm(realm)
|
|
||||||
.users().get(id);
|
|
||||||
try {
|
|
||||||
userResource.remove();
|
|
||||||
} catch (javax.ws.rs.NotFoundException e) {
|
|
||||||
log.warn("user does not exist");
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
private String getGroup(Integer type) {
|
|
||||||
if (type == null) {
|
|
||||||
return "";
|
|
||||||
}
|
|
||||||
return type == UserInfo.USER_TYPE_PLATFORM
|
|
||||||
? "platform" : "client";
|
|
||||||
}
|
|
||||||
|
|
||||||
}
|
|
Loading…
Reference in New Issue