设备台账概览inner环境免登录

main
liutao 18 hours ago
parent 32f2eff9c3
commit f0d80bef75

@ -26,6 +26,7 @@ import org.springframework.boot.context.properties.EnableConfigurationProperties
import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Primary;
import org.springframework.core.env.Environment;
import org.springframework.data.redis.cache.BatchStrategies;
import org.springframework.data.redis.cache.RedisCacheConfiguration;
import org.springframework.data.redis.cache.RedisCacheManager;
@ -80,10 +81,11 @@ public class YudaoTenantAutoConfiguration {
public FilterRegistrationBean<TenantSecurityWebFilter> tenantSecurityWebFilter(TenantProperties tenantProperties,
WebProperties webProperties,
GlobalExceptionHandler globalExceptionHandler,
TenantFrameworkService tenantFrameworkService) {
TenantFrameworkService tenantFrameworkService,
Environment environment) {
FilterRegistrationBean<TenantSecurityWebFilter> registrationBean = new FilterRegistrationBean<>();
registrationBean.setFilter(new TenantSecurityWebFilter(tenantProperties, webProperties,
globalExceptionHandler, tenantFrameworkService));
globalExceptionHandler, tenantFrameworkService, environment));
registrationBean.setOrder(WebFilterOrderEnum.TENANT_SECURITY_FILTER);
return registrationBean;
}

@ -13,6 +13,7 @@ import cn.iocoder.yudao.framework.web.config.WebProperties;
import cn.iocoder.yudao.framework.web.core.filter.ApiRequestFilter;
import cn.iocoder.yudao.framework.web.core.handler.GlobalExceptionHandler;
import lombok.extern.slf4j.Slf4j;
import org.springframework.core.env.Environment;
import org.springframework.util.AntPathMatcher;
import javax.servlet.FilterChain;
@ -20,6 +21,8 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.util.Arrays;
import java.util.List;
import java.util.Objects;
/**
@ -33,22 +36,32 @@ import java.util.Objects;
@Slf4j
public class TenantSecurityWebFilter extends ApiRequestFilter {
private static final String INNER_PROFILE = "inner";
private static final List<String> INNER_IGNORE_URLS = Arrays.asList(
"/admin-api/iot/device-operation-record/runOverview",
"/admin-api/mes/device-line/deviceParameterAnalysis",
"/admin-api/mes/device-ledger/list"
);
private final TenantProperties tenantProperties;
private final AntPathMatcher pathMatcher;
private final GlobalExceptionHandler globalExceptionHandler;
private final TenantFrameworkService tenantFrameworkService;
private final Environment environment;
public TenantSecurityWebFilter(TenantProperties tenantProperties,
WebProperties webProperties,
GlobalExceptionHandler globalExceptionHandler,
TenantFrameworkService tenantFrameworkService) {
TenantFrameworkService tenantFrameworkService,
Environment environment) {
super(webProperties);
this.tenantProperties = tenantProperties;
this.pathMatcher = new AntPathMatcher();
this.globalExceptionHandler = globalExceptionHandler;
this.tenantFrameworkService = tenantFrameworkService;
this.environment = environment;
}
@Override
@ -101,6 +114,9 @@ public class TenantSecurityWebFilter extends ApiRequestFilter {
}
private boolean isIgnoreUrl(HttpServletRequest request) {
if (isInnerProfile() && isInnerIgnoreUrl(request)) {
return true;
}
// 快速匹配,保证性能
if (CollUtil.contains(tenantProperties.getIgnoreUrls(), request.getRequestURI())) {
return true;
@ -114,4 +130,17 @@ public class TenantSecurityWebFilter extends ApiRequestFilter {
return false;
}
private boolean isInnerIgnoreUrl(HttpServletRequest request) {
for (String url : INNER_IGNORE_URLS) {
if (pathMatcher.match(url, request.getRequestURI())) {
return true;
}
}
return false;
}
private boolean isInnerProfile() {
return Arrays.asList(environment.getActiveProfiles()).contains(INNER_PROFILE);
}
}

@ -14,6 +14,7 @@ import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.AutoConfigureOrder;
import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean;
import org.springframework.core.env.Environment;
import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder;
@ -75,8 +76,8 @@ public class YudaoSecurityAutoConfiguration {
}
@Bean("ss") // 使用 Spring Security 的缩写,方便使用
public SecurityFrameworkService securityFrameworkService(PermissionApi permissionApi) {
return new SecurityFrameworkServiceImpl(permissionApi);
public SecurityFrameworkService securityFrameworkService(PermissionApi permissionApi, Environment environment) {
return new SecurityFrameworkServiceImpl(permissionApi, environment);
}
/**

@ -31,6 +31,7 @@ import org.springframework.web.util.pattern.PathPattern;
import javax.annotation.Resource;
import javax.annotation.security.PermitAll;
import java.util.ArrayList;
import java.util.Arrays;
import java.util.HashSet;
import java.util.List;
@ -52,6 +53,11 @@ public class YudaoWebSecurityConfigurerAdapter {
private static final String INNER_PROFILE = "inner";
private static final String HOME_INFO_PERMIT_ALL_URL = "/admin-api/home/info/**";
private static final List<String> RUN_OVERVIEW_PERMIT_ALL_URLS = Arrays.asList(
"/admin-api/iot/device-operation-record/runOverview",
"/admin-api/mes/device-line/deviceParameterAnalysis",
"/admin-api/mes/device-ledger/list"
);
@Resource
private WebProperties webProperties;
@ -158,11 +164,14 @@ public class YudaoWebSecurityConfigurerAdapter {
}
private List<String> getPermitAllUrls() {
List<String> permitAllUrls = new ArrayList<>(securityProperties.getPermitAllUrls());
if (isInnerProfile()) {
return securityProperties.getPermitAllUrls();
permitAllUrls.addAll(RUN_OVERVIEW_PERMIT_ALL_URLS);
return permitAllUrls;
}
return securityProperties.getPermitAllUrls().stream()
return permitAllUrls.stream()
.filter(url -> !HOME_INFO_PERMIT_ALL_URL.equals(url))
.filter(url -> !RUN_OVERVIEW_PERMIT_ALL_URLS.contains(url))
.collect(Collectors.toList());
}

@ -56,4 +56,11 @@ public interface SecurityFrameworkService {
* @return
*/
boolean hasAnyScopes(String... scope);
/**
* profile
*
* @return
*/
boolean isInnerProfile();
}

@ -5,6 +5,7 @@ import cn.iocoder.yudao.framework.security.core.LoginUser;
import cn.iocoder.yudao.framework.security.core.util.SecurityFrameworkUtils;
import cn.iocoder.yudao.module.system.api.permission.PermissionApi;
import lombok.AllArgsConstructor;
import org.springframework.core.env.Environment;
import java.util.Arrays;
@ -18,7 +19,10 @@ import static cn.iocoder.yudao.framework.security.core.util.SecurityFrameworkUti
@AllArgsConstructor
public class SecurityFrameworkServiceImpl implements SecurityFrameworkService {
private static final String INNER_PROFILE = "inner";
private final PermissionApi permissionApi;
private final Environment environment;
@Override
public boolean hasPermission(String permission) {
@ -62,4 +66,9 @@ public class SecurityFrameworkServiceImpl implements SecurityFrameworkService {
return CollUtil.containsAny(user.getScopes(), Arrays.asList(scope));
}
@Override
public boolean isInnerProfile() {
return Arrays.asList(environment.getActiveProfiles()).contains(INNER_PROFILE);
}
}

@ -139,7 +139,7 @@ public class DeviceOperationRecordController {
summary = "设备运行总览",
description = "根据设备 ID 集合、统计时间范围和时间轴分页参数,返回运行总览指标卡、按小时状态分布、状态汇总以及设备时间轴数据"
)
@PreAuthorize("@ss.hasPermission('iot:device-operation-record:query')")
@PreAuthorize("@ss.isInnerProfile() || @ss.hasPermission('iot:device-operation-record:query')")
public CommonResult<DeviceOperationOverviewRespVO> runOverview(@Valid DeviceTotalTimeRecordReqVO pageReqVO) {
return success(deviceOperationRecordService.runOverview(pageReqVO));
}

@ -172,7 +172,7 @@ public class DeviceLedgerController {
@GetMapping("/list")
@Operation(summary = "获得设备台账列表")
@PreAuthorize("@ss.hasPermission('mes:device-ledger:query')")
@PreAuthorize("@ss.isInnerProfile() || @ss.hasPermission('mes:device-ledger:query')")
public CommonResult<List<DeviceLedgerDO>> getDeviceLedgerList(@Valid DeviceLedgerPageReqVO pageReqVO) {
List<DeviceLedgerDO> deviceLedgerDOList = deviceLedgerService.getDeviceLedgerList(pageReqVO);
return success(deviceLedgerDOList);

@ -150,7 +150,7 @@ public class DeviceLineController {
@GetMapping("/deviceParameterAnalysis")
@Operation(summary = "设备运行参数分析")
@PreAuthorize("@ss.hasPermission('iot:device:query')")
@PreAuthorize("@ss.isInnerProfile() || @ss.hasPermission('iot:device:query')")
public CommonResult<List<LineAnalysisTreeDTO.LineNode>> deviceParameterAnalysis(
@RequestParam(value = "keyword", required = false) String keyword,
@RequestParam(value = "showDevices") Integer showDevices,

Loading…
Cancel
Save