diff --git a/src/main/resources/modules/SpringBoot/java/config/FreeMarkerConfig.java b/src/main/resources/modules/SpringBoot/java/config/FreeMarkerConfig.java index 14569e39..ae73f3c1 100644 --- a/src/main/resources/modules/SpringBoot/java/config/FreeMarkerConfig.java +++ b/src/main/resources/modules/SpringBoot/java/config/FreeMarkerConfig.java @@ -38,6 +38,7 @@ public class FreeMarkerConfig { @PostConstruct public void setSharedVariable() throws TemplateModelException { + // 全局共享变量、函数 configuration.setSharedVariable("context", context); configuration.setSharedVariable("screenHolder", new ScreenHolder()); configuration.setSharedVariable("controlHolder", new ControlHolder()); diff --git a/src/main/resources/modules/SpringBoot/java/config/SecurityConfig.java b/src/main/resources/modules/SpringBoot/java/config/SecurityConfig.java index 5a553fd9..ccac31df 100644 --- a/src/main/resources/modules/SpringBoot/java/config/SecurityConfig.java +++ b/src/main/resources/modules/SpringBoot/java/config/SecurityConfig.java @@ -12,7 +12,11 @@ import org.springframework.security.core.Authentication; import ${basePackage}.frame.base.Token; import ${basePackage}.frame.utils.CookieUtil; import ${basePackage}.frame.auth.LocalData; +import org.springframework.security.web.access.intercept.FilterSecurityInterceptor; + +import javax.servlet.*; import javax.servlet.http.HttpServletRequest; +import java.io.IOException; @Configuration @EnableGlobalMethodSecurity(securedEnabled = true) @@ -27,11 +31,12 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { @Override protected void configure(HttpSecurity http) throws Exception { - http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and() + http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS) + .and() + .addFilterBefore(new TokenFilter(), FilterSecurityInterceptor.class)// 过滤器用于处理Token .authorizeRequests() - .antMatchers(staticPath).permitAll() - .antMatchers(excluded).permitAll() - .antMatchers(included).access("@Authorization.hasPermission(request,authentication)") + .antMatchers(excluded).permitAll()// 放行排除的URL + .antMatchers(included).access("@Authorization.hasPermission(request,authentication)")// 需要权限的URL .and().cors() .and().headers().frameOptions().disable() .and().csrf().disable(); @@ -39,7 +44,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { /** * 此方法不要删除 用于屏蔽默认用户密码生成 - * + *

* 例如 Using generated security password: f6b42a66-71b1-4c31-b6a8-942838c81408 * * @return @@ -50,31 +55,40 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter { return super.authenticationManagerBean(); } + + public static class TokenFilter implements Filter { + + @Override + public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException { + HttpServletRequest request = (HttpServletRequest) servletRequest; + String token = request.getParameter("token"); + if (token == null || token.isEmpty()) { + token = CookieUtil.getCookieValue(request.getCookies(), "token"); + } + + if (token == null) { + LocalData.setToken(LocalData.getTempToken()); + } else { + // 组装Token ~ 这边根据实际的业务组装Token + Token token1 = new Token(); + token1.setId(1L); + token1.setUserId(1L); + token1.setUserName("admin"); + //继承临时Token + token1.addResourceSet(LocalData.getTempToken()); + //管理员特有资源(这边请用正则表达式) + token1.putResource(".*"); + LocalData.setToken(token1); + } + filterChain.doFilter(servletRequest, servletResponse); + } + } + @Bean("Authorization") public Object getAuthorization() { return new Object() { public boolean hasPermission(HttpServletRequest request, Authentication authentication) { - // 获取Token - String token = request.getParameter("token"); - if (token == null || token.isEmpty()){ - token = CookieUtil.getCookieValue(request.getCookies(), "token"); - } - - if (token == null) { - LocalData.setToken(LocalData.getTempToken()); - }else { - // 组装Token ~ 这边根据实际的业务组装Token - Token token1 = new Token(); - token1.setId(1L); - token1.setUserId(1L); - token1.setUserName("admin"); - //继承临时Token - token1.addResourceSet(LocalData.getTempToken()); - //管理员特有资源(这边请用正则表达式) - token1.putResource(".*"); - LocalData.setToken(token1); - } // 授权 Token token_ = LocalData.getToken(); diff --git a/src/main/resources/modules/SpringBoot/java/config/TaskConfig.java b/src/main/resources/modules/SpringBoot/java/config/TaskConfig.java index 279fe621..1a9c359a 100644 --- a/src/main/resources/modules/SpringBoot/java/config/TaskConfig.java +++ b/src/main/resources/modules/SpringBoot/java/config/TaskConfig.java @@ -25,6 +25,7 @@ public class TaskConfig implements SchedulingConfigurer { @Scheduled(cron="0/30 * * * * ? ") public void task(){ + // todo 自定实现的定时任务 SimpleDateFormat format = new SimpleDateFormat("HH:mm:ss"); HashMap data = new HashMap<>(); data.put("time", format.format(new Date())); diff --git a/src/main/resources/modules/SpringBoot/java/frame/utils/LocalData.java b/src/main/resources/modules/SpringBoot/java/frame/utils/LocalData.java deleted file mode 100644 index d255e356..00000000 --- a/src/main/resources/modules/SpringBoot/java/frame/utils/LocalData.java +++ /dev/null @@ -1,90 +0,0 @@ -package ${basePackage}.frame.utils; - -import ${basePackage}.frame.base.Token; -import org.springframework.context.ApplicationContext; -import org.springframework.web.context.request.RequestContextHolder; -import org.springframework.web.context.request.ServletRequestAttributes; -import org.springframework.web.context.support.WebApplicationContextUtils; - -import javax.servlet.http.HttpServletRequest; -import javax.servlet.http.HttpServletResponse; - -/** - * LocalData - 本地数据存放类 - * - * @author wangbing - * @version 0.0.1 - * @since 2017-01-01 - */ -public class LocalData { - - private static Token temp = null; - - private static Token system = null; - - static { - // 组装临时Token和系统Token - temp = new Token(); - temp.setId(-1); - temp.setUserId(-1); - temp.setUserName("游客"); - temp.putResource("/"); - temp.putResource("/ajax"); - temp.putResource("/upload"); - temp.putResource("/index.htm"); - temp.putResource("/home.htm"); - temp.putResource("/app.htm"); - temp.putResource("ajax.example.example"); - system = new Token(); - system.setId(0); - system.setUserId(0); - system.setUserName("system"); - system.putResource(".*"); - } - - public static Token getTempToken(){ - return temp; - } - - public static Token getSysToken() { - return system; - } - - /** - * 当请求目标 target = '/aa/bb' - */ - private static final ThreadLocal targetHolder = new ThreadLocal(); - - public static String getTarget() { - return targetHolder.get(); - } - - public static void setTarget(String target) { - targetHolder.set(target); - } - - /** - * 当前用户的通行证 - */ - private static final ThreadLocal tokenHolder = new ThreadLocal(); - - public static Token getToken() { - return tokenHolder.get(); - } - - public static void setToken(Token token) { - tokenHolder.set(token); - } - - public static HttpServletRequest getRequest() { - return ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest(); - } - - public static HttpServletResponse getResponse() { - return ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getResponse(); - } - - public static ApplicationContext getApplicationContext() { - return WebApplicationContextUtils.getWebApplicationContext(getRequest().getServletContext()); - } -} diff --git a/src/main/resources/modules/SpringBoot/resources/application-dev.ftl b/src/main/resources/modules/SpringBoot/resources/application-dev.ftl index e9dadf6c..a97bba46 100644 --- a/src/main/resources/modules/SpringBoot/resources/application-dev.ftl +++ b/src/main/resources/modules/SpringBoot/resources/application-dev.ftl @@ -76,4 +76,4 @@ web.login.page=/login.htm # 拦截验证 web.url.auth.included=/,/**/*.htm # 直接放行 -web.url.auth.excluded=/login.htm,/index.htm,/home.htm \ No newline at end of file +web.url.auth.excluded=/login.htm \ No newline at end of file diff --git a/src/main/resources/modules/SpringBoot/resources/application-prod.ftl b/src/main/resources/modules/SpringBoot/resources/application-prod.ftl index e129d2aa..2094492b 100644 --- a/src/main/resources/modules/SpringBoot/resources/application-prod.ftl +++ b/src/main/resources/modules/SpringBoot/resources/application-prod.ftl @@ -76,4 +76,4 @@ web.login.page=/login.htm # 拦截验证 web.url.auth.included=/,/**/*.htm # 直接放行 -web.url.auth.excluded=/login.htm,/index.htm,/home.htm \ No newline at end of file +web.url.auth.excluded=/login.htm \ No newline at end of file diff --git a/src/main/resources/modules/SpringBoot/resources/templates/500.ftl b/src/main/resources/modules/SpringBoot/resources/templates/500.ftl index 183dfeec..0e365fc2 100644 --- a/src/main/resources/modules/SpringBoot/resources/templates/500.ftl +++ b/src/main/resources/modules/SpringBoot/resources/templates/500.ftl @@ -30,6 +30,7 @@ .box > div.info { width: 500px; + overflow: hidden; padding-left: 50px; padding-top: 20px; } diff --git a/src/main/resources/modules/SpringBoot/resources/templates/layout/default.ftl b/src/main/resources/modules/SpringBoot/resources/templates/layout/default.ftl index 0b9da41f..9da65252 100644 --- a/src/main/resources/modules/SpringBoot/resources/templates/layout/default.ftl +++ b/src/main/resources/modules/SpringBoot/resources/templates/layout/default.ftl @@ -8,7 +8,6 @@ - <#include controlHolder("macro")/> diff --git a/src/main/resources/modules/SpringBoot/resources/templates/layout/index.ftl b/src/main/resources/modules/SpringBoot/resources/templates/layout/index.ftl index 5bcea473..b2fab992 100644 --- a/src/main/resources/modules/SpringBoot/resources/templates/layout/index.ftl +++ b/src/main/resources/modules/SpringBoot/resources/templates/layout/index.ftl @@ -2,12 +2,11 @@ 首页 - + - <#include screenHolder()/>