1、优化

5 years ago · b43ee9d325
parent c843dcdfe3
commit b43ee9d325
9 changed files with 45 additions and 120 deletions
--- a/src/main/resources/modules/SpringBoot/java/config/FreeMarkerConfig.java
+++ b/src/main/resources/modules/SpringBoot/java/config/FreeMarkerConfig.java
@ -38,6 +38,7 @@ public class FreeMarkerConfig {

    @PostConstruct
    public void setSharedVariable() throws TemplateModelException {
+        // 全局共享变量、函数
        configuration.setSharedVariable("context", context);
        configuration.setSharedVariable("screenHolder", new ScreenHolder());
        configuration.setSharedVariable("controlHolder", new ControlHolder());
--- a/src/main/resources/modules/SpringBoot/java/config/SecurityConfig.java
+++ b/src/main/resources/modules/SpringBoot/java/config/SecurityConfig.java
@ -12,7 +12,11 @@ import org.springframework.security.core.Authentication;
 import ${basePackage}.frame.base.Token;
 import ${basePackage}.frame.utils.CookieUtil;
 import ${basePackage}.frame.auth.LocalData;
+import org.springframework.security.web.access.intercept.FilterSecurityInterceptor;
+
+import javax.servlet.*;
 import javax.servlet.http.HttpServletRequest;
+import java.io.IOException;

@Configuration
@EnableGlobalMethodSecurity(securedEnabled = true)
@ -27,11 +31,12 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {

    @Override
    protected void configure(HttpSecurity http) throws Exception {
-        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS).and()
+        http.sessionManagement().sessionCreationPolicy(SessionCreationPolicy.STATELESS)
+                .and()
+                .addFilterBefore(new TokenFilter(), FilterSecurityInterceptor.class)// 过滤器用于处理Token
                .authorizeRequests()
-                .antMatchers(staticPath).permitAll()
-                .antMatchers(excluded).permitAll()
-                .antMatchers(included).access("@Authorization.hasPermission(request,authentication)")
+                .antMatchers(excluded).permitAll()// 放行排除的URL
+                .antMatchers(included).access("@Authorization.hasPermission(request,authentication)")// 需要权限的URL
                .and().cors()
                .and().headers().frameOptions().disable()
                .and().csrf().disable();
@ -39,7 +44,7 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {

    /**
     * 此方法不要删除 用于屏蔽默认用户密码生成
-     *
+     * <p>
     * 例如 Using generated security password: f6b42a66-71b1-4c31-b6a8-942838c81408
     *
     * @return
@ -50,12 +55,12 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
        return super.authenticationManagerBean();
    }

-    @Bean("Authorization")
-    public Object getAuthorization() {
-        return new Object() {
-            public boolean hasPermission(HttpServletRequest request, Authentication authentication) {

-                // 获取Token
+    public static class TokenFilter implements Filter {
+
+        @Override
+        public void doFilter(ServletRequest servletRequest, ServletResponse servletResponse, FilterChain filterChain) throws IOException, ServletException {
+            HttpServletRequest request = (HttpServletRequest) servletRequest;
            String token = request.getParameter("token");
            if (token == null || token.isEmpty()) {
                token = CookieUtil.getCookieValue(request.getCookies(), "token");
@ -75,6 +80,15 @@ public class SecurityConfig extends WebSecurityConfigurerAdapter {
                token1.putResource(".*");
                LocalData.setToken(token1);
            }
+            filterChain.doFilter(servletRequest, servletResponse);
+        }
+    }
+
+    @Bean("Authorization")
+    public Object getAuthorization() {
+        return new Object() {
+            public boolean hasPermission(HttpServletRequest request, Authentication authentication) {
+

                // 授权
                Token token_ = LocalData.getToken();
--- a/src/main/resources/modules/SpringBoot/java/config/TaskConfig.java
+++ b/src/main/resources/modules/SpringBoot/java/config/TaskConfig.java
@ -25,6 +25,7 @@ public class TaskConfig  implements SchedulingConfigurer {

    @Scheduled(cron="0/30 * * * * ? ")
    public void task(){
+        // todo 自定实现的定时任务
        SimpleDateFormat format = new SimpleDateFormat("HH:mm:ss");
        HashMap<String, String> data = new HashMap<>();
        data.put("time", format.format(new Date()));
--- a/src/main/resources/modules/SpringBoot/java/frame/utils/LocalData.java
+++ b/src/main/resources/modules/SpringBoot/java/frame/utils/LocalData.java
@ -1,90 +0,0 @@
-package ${basePackage}.frame.utils;
-
-import ${basePackage}.frame.base.Token;
-import org.springframework.context.ApplicationContext;
-import org.springframework.web.context.request.RequestContextHolder;
-import org.springframework.web.context.request.ServletRequestAttributes;
-import org.springframework.web.context.support.WebApplicationContextUtils;
-
-import javax.servlet.http.HttpServletRequest;
-import javax.servlet.http.HttpServletResponse;
-
-/**
- * LocalData - 本地数据存放类
- *
- * @author wangbing
- * @version 0.0.1
- * @since 2017-01-01
- */
-public class LocalData {
-
-    private static Token temp = null;
-
-    private static Token system = null;
-
-    static {
-        // 组装临时Token和系统Token
-        temp = new Token();
-        temp.setId(-1);
-        temp.setUserId(-1);
-        temp.setUserName("游客");
-        temp.putResource("/");
-        temp.putResource("/ajax");
-        temp.putResource("/upload");
-        temp.putResource("/index.htm");
-        temp.putResource("/home.htm");
-        temp.putResource("/app.htm");
-        temp.putResource("ajax.example.example");
-        system = new Token();
-        system.setId(0);
-        system.setUserId(0);
-        system.setUserName("system");
-        system.putResource(".*");
-    }
-
-    public static Token getTempToken(){
-        return temp;
-    }
-
-    public static Token getSysToken() {
-        return system;
-    }
-
-    /**
-     * 当请求目标 target = '/aa/bb'
-     */
-    private static final ThreadLocal<String> targetHolder = new ThreadLocal();
-
-    public static String getTarget() {
-        return targetHolder.get();
-    }
-
-    public static void setTarget(String target) {
-        targetHolder.set(target);
-    }
-
-    /**
-     * 当前用户的通行证
-     */
-    private static final ThreadLocal<Token> tokenHolder = new ThreadLocal();
-
-    public static Token getToken() {
-        return tokenHolder.get();
-    }
-
-    public static void setToken(Token token) {
-        tokenHolder.set(token);
-    }
-
-    public static HttpServletRequest getRequest() {
-        return ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getRequest();
-    }
-
-    public static HttpServletResponse getResponse() {
-        return ((ServletRequestAttributes) RequestContextHolder.getRequestAttributes()).getResponse();
-    }
-
-    public static ApplicationContext getApplicationContext() {
-        return WebApplicationContextUtils.getWebApplicationContext(getRequest().getServletContext());
-    }
-}
--- a/src/main/resources/modules/SpringBoot/resources/application-dev.ftl
+++ b/src/main/resources/modules/SpringBoot/resources/application-dev.ftl
@ -76,4 +76,4 @@ web.login.page=/login.htm
 # 拦截验证
 web.url.auth.included=/,/**/*.htm
 # 直接放行
-web.url.auth.excluded=/login.htm,/index.htm,/home.htm
+web.url.auth.excluded=/login.htm
--- a/src/main/resources/modules/SpringBoot/resources/application-prod.ftl
+++ b/src/main/resources/modules/SpringBoot/resources/application-prod.ftl
@ -76,4 +76,4 @@ web.login.page=/login.htm
 # 拦截验证
 web.url.auth.included=/,/**/*.htm
 # 直接放行
-web.url.auth.excluded=/login.htm,/index.htm,/home.htm
+web.url.auth.excluded=/login.htm
--- a/src/main/resources/modules/SpringBoot/resources/templates/500.ftl
+++ b/src/main/resources/modules/SpringBoot/resources/templates/500.ftl
@ -30,6 +30,7 @@

        .box > div.info {
            width: 500px;
+            overflow: hidden;
            padding-left: 50px;
            padding-top: 20px;
        }
--- a/src/main/resources/modules/SpringBoot/resources/templates/layout/default.ftl
+++ b/src/main/resources/modules/SpringBoot/resources/templates/layout/default.ftl
@ -8,7 +8,6 @@
    <link href="${context}/static/dist/index.min.css" rel="stylesheet"/>
    <script src="${context}/static/js/ajax.js" type="text/javascript"></script>
    <link href="${context}/static/css/base.css" rel="stylesheet"/>
-    <link href="${context}/static/favicon.ico" rel="icon" type="image/x-icon"/>
 </head>
 <body>
 <#include controlHolder("macro")/>
--- a/src/main/resources/modules/SpringBoot/resources/templates/layout/index.ftl
+++ b/src/main/resources/modules/SpringBoot/resources/templates/layout/index.ftl
@ -2,12 +2,11 @@
 <html>
 <head>
    <title>首页</title>
-    <link rel="icon" href="${context}/static/favicon.ico" type="image/x-icon"/>
    <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/>
+    <link href="${context}/static/favicon.ico" rel="icon"  type="image/x-icon"/>
    <script src="${context}/static/dist/lib.min.js" type="text/javascript"></script>
    <script src="${context}/static/dist/index.min.js" type="text/javascript"></script>
    <link href="${context}/static/dist/index.min.css" rel="stylesheet"/>
-    <link href="${context}/static/favicon.ico" rel="icon" type="image/x-icon"/>
 </head>
 <body>
 <#include screenHolder()/>