设备台账概览inner环境免登录

main
liutao 1 week ago
parent 32f2eff9c3
commit f0d80bef75

@ -26,6 +26,7 @@ import org.springframework.boot.context.properties.EnableConfigurationProperties
import org.springframework.boot.web.servlet.FilterRegistrationBean; import org.springframework.boot.web.servlet.FilterRegistrationBean;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.context.annotation.Primary; import org.springframework.context.annotation.Primary;
import org.springframework.core.env.Environment;
import org.springframework.data.redis.cache.BatchStrategies; import org.springframework.data.redis.cache.BatchStrategies;
import org.springframework.data.redis.cache.RedisCacheConfiguration; import org.springframework.data.redis.cache.RedisCacheConfiguration;
import org.springframework.data.redis.cache.RedisCacheManager; import org.springframework.data.redis.cache.RedisCacheManager;
@ -80,10 +81,11 @@ public class YudaoTenantAutoConfiguration {
public FilterRegistrationBean<TenantSecurityWebFilter> tenantSecurityWebFilter(TenantProperties tenantProperties, public FilterRegistrationBean<TenantSecurityWebFilter> tenantSecurityWebFilter(TenantProperties tenantProperties,
WebProperties webProperties, WebProperties webProperties,
GlobalExceptionHandler globalExceptionHandler, GlobalExceptionHandler globalExceptionHandler,
TenantFrameworkService tenantFrameworkService) { TenantFrameworkService tenantFrameworkService,
Environment environment) {
FilterRegistrationBean<TenantSecurityWebFilter> registrationBean = new FilterRegistrationBean<>(); FilterRegistrationBean<TenantSecurityWebFilter> registrationBean = new FilterRegistrationBean<>();
registrationBean.setFilter(new TenantSecurityWebFilter(tenantProperties, webProperties, registrationBean.setFilter(new TenantSecurityWebFilter(tenantProperties, webProperties,
globalExceptionHandler, tenantFrameworkService)); globalExceptionHandler, tenantFrameworkService, environment));
registrationBean.setOrder(WebFilterOrderEnum.TENANT_SECURITY_FILTER); registrationBean.setOrder(WebFilterOrderEnum.TENANT_SECURITY_FILTER);
return registrationBean; return registrationBean;
} }

@ -13,6 +13,7 @@ import cn.iocoder.yudao.framework.web.config.WebProperties;
import cn.iocoder.yudao.framework.web.core.filter.ApiRequestFilter; import cn.iocoder.yudao.framework.web.core.filter.ApiRequestFilter;
import cn.iocoder.yudao.framework.web.core.handler.GlobalExceptionHandler; import cn.iocoder.yudao.framework.web.core.handler.GlobalExceptionHandler;
import lombok.extern.slf4j.Slf4j; import lombok.extern.slf4j.Slf4j;
import org.springframework.core.env.Environment;
import org.springframework.util.AntPathMatcher; import org.springframework.util.AntPathMatcher;
import javax.servlet.FilterChain; import javax.servlet.FilterChain;
@ -20,6 +21,8 @@ import javax.servlet.ServletException;
import javax.servlet.http.HttpServletRequest; import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse; import javax.servlet.http.HttpServletResponse;
import java.io.IOException; import java.io.IOException;
import java.util.Arrays;
import java.util.List;
import java.util.Objects; import java.util.Objects;
/** /**
@ -33,22 +36,32 @@ import java.util.Objects;
@Slf4j @Slf4j
public class TenantSecurityWebFilter extends ApiRequestFilter { public class TenantSecurityWebFilter extends ApiRequestFilter {
private static final String INNER_PROFILE = "inner";
private static final List<String> INNER_IGNORE_URLS = Arrays.asList(
"/admin-api/iot/device-operation-record/runOverview",
"/admin-api/mes/device-line/deviceParameterAnalysis",
"/admin-api/mes/device-ledger/list"
);
private final TenantProperties tenantProperties; private final TenantProperties tenantProperties;
private final AntPathMatcher pathMatcher; private final AntPathMatcher pathMatcher;
private final GlobalExceptionHandler globalExceptionHandler; private final GlobalExceptionHandler globalExceptionHandler;
private final TenantFrameworkService tenantFrameworkService; private final TenantFrameworkService tenantFrameworkService;
private final Environment environment;
public TenantSecurityWebFilter(TenantProperties tenantProperties, public TenantSecurityWebFilter(TenantProperties tenantProperties,
WebProperties webProperties, WebProperties webProperties,
GlobalExceptionHandler globalExceptionHandler, GlobalExceptionHandler globalExceptionHandler,
TenantFrameworkService tenantFrameworkService) { TenantFrameworkService tenantFrameworkService,
Environment environment) {
super(webProperties); super(webProperties);
this.tenantProperties = tenantProperties; this.tenantProperties = tenantProperties;
this.pathMatcher = new AntPathMatcher(); this.pathMatcher = new AntPathMatcher();
this.globalExceptionHandler = globalExceptionHandler; this.globalExceptionHandler = globalExceptionHandler;
this.tenantFrameworkService = tenantFrameworkService; this.tenantFrameworkService = tenantFrameworkService;
this.environment = environment;
} }
@Override @Override
@ -101,6 +114,9 @@ public class TenantSecurityWebFilter extends ApiRequestFilter {
} }
private boolean isIgnoreUrl(HttpServletRequest request) { private boolean isIgnoreUrl(HttpServletRequest request) {
if (isInnerProfile() && isInnerIgnoreUrl(request)) {
return true;
}
// 快速匹配,保证性能 // 快速匹配,保证性能
if (CollUtil.contains(tenantProperties.getIgnoreUrls(), request.getRequestURI())) { if (CollUtil.contains(tenantProperties.getIgnoreUrls(), request.getRequestURI())) {
return true; return true;
@ -114,4 +130,17 @@ public class TenantSecurityWebFilter extends ApiRequestFilter {
return false; return false;
} }
private boolean isInnerIgnoreUrl(HttpServletRequest request) {
for (String url : INNER_IGNORE_URLS) {
if (pathMatcher.match(url, request.getRequestURI())) {
return true;
}
}
return false;
}
private boolean isInnerProfile() {
return Arrays.asList(environment.getActiveProfiles()).contains(INNER_PROFILE);
}
} }

@ -14,6 +14,7 @@ import org.springframework.boot.autoconfigure.AutoConfiguration;
import org.springframework.boot.autoconfigure.AutoConfigureOrder; import org.springframework.boot.autoconfigure.AutoConfigureOrder;
import org.springframework.boot.context.properties.EnableConfigurationProperties; import org.springframework.boot.context.properties.EnableConfigurationProperties;
import org.springframework.context.annotation.Bean; import org.springframework.context.annotation.Bean;
import org.springframework.core.env.Environment;
import org.springframework.security.core.context.SecurityContextHolder; import org.springframework.security.core.context.SecurityContextHolder;
import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder; import org.springframework.security.crypto.bcrypt.BCryptPasswordEncoder;
import org.springframework.security.crypto.password.PasswordEncoder; import org.springframework.security.crypto.password.PasswordEncoder;
@ -75,8 +76,8 @@ public class YudaoSecurityAutoConfiguration {
} }
@Bean("ss") // 使用 Spring Security 的缩写,方便使用 @Bean("ss") // 使用 Spring Security 的缩写,方便使用
public SecurityFrameworkService securityFrameworkService(PermissionApi permissionApi) { public SecurityFrameworkService securityFrameworkService(PermissionApi permissionApi, Environment environment) {
return new SecurityFrameworkServiceImpl(permissionApi); return new SecurityFrameworkServiceImpl(permissionApi, environment);
} }
/** /**

@ -31,6 +31,7 @@ import org.springframework.web.util.pattern.PathPattern;
import javax.annotation.Resource; import javax.annotation.Resource;
import javax.annotation.security.PermitAll; import javax.annotation.security.PermitAll;
import java.util.ArrayList;
import java.util.Arrays; import java.util.Arrays;
import java.util.HashSet; import java.util.HashSet;
import java.util.List; import java.util.List;
@ -52,6 +53,11 @@ public class YudaoWebSecurityConfigurerAdapter {
private static final String INNER_PROFILE = "inner"; private static final String INNER_PROFILE = "inner";
private static final String HOME_INFO_PERMIT_ALL_URL = "/admin-api/home/info/**"; private static final String HOME_INFO_PERMIT_ALL_URL = "/admin-api/home/info/**";
private static final List<String> RUN_OVERVIEW_PERMIT_ALL_URLS = Arrays.asList(
"/admin-api/iot/device-operation-record/runOverview",
"/admin-api/mes/device-line/deviceParameterAnalysis",
"/admin-api/mes/device-ledger/list"
);
@Resource @Resource
private WebProperties webProperties; private WebProperties webProperties;
@ -158,11 +164,14 @@ public class YudaoWebSecurityConfigurerAdapter {
} }
private List<String> getPermitAllUrls() { private List<String> getPermitAllUrls() {
List<String> permitAllUrls = new ArrayList<>(securityProperties.getPermitAllUrls());
if (isInnerProfile()) { if (isInnerProfile()) {
return securityProperties.getPermitAllUrls(); permitAllUrls.addAll(RUN_OVERVIEW_PERMIT_ALL_URLS);
return permitAllUrls;
} }
return securityProperties.getPermitAllUrls().stream() return permitAllUrls.stream()
.filter(url -> !HOME_INFO_PERMIT_ALL_URL.equals(url)) .filter(url -> !HOME_INFO_PERMIT_ALL_URL.equals(url))
.filter(url -> !RUN_OVERVIEW_PERMIT_ALL_URLS.contains(url))
.collect(Collectors.toList()); .collect(Collectors.toList());
} }

@ -56,4 +56,11 @@ public interface SecurityFrameworkService {
* @return * @return
*/ */
boolean hasAnyScopes(String... scope); boolean hasAnyScopes(String... scope);
/**
* profile
*
* @return
*/
boolean isInnerProfile();
} }

@ -5,6 +5,7 @@ import cn.iocoder.yudao.framework.security.core.LoginUser;
import cn.iocoder.yudao.framework.security.core.util.SecurityFrameworkUtils; import cn.iocoder.yudao.framework.security.core.util.SecurityFrameworkUtils;
import cn.iocoder.yudao.module.system.api.permission.PermissionApi; import cn.iocoder.yudao.module.system.api.permission.PermissionApi;
import lombok.AllArgsConstructor; import lombok.AllArgsConstructor;
import org.springframework.core.env.Environment;
import java.util.Arrays; import java.util.Arrays;
@ -18,7 +19,10 @@ import static cn.iocoder.yudao.framework.security.core.util.SecurityFrameworkUti
@AllArgsConstructor @AllArgsConstructor
public class SecurityFrameworkServiceImpl implements SecurityFrameworkService { public class SecurityFrameworkServiceImpl implements SecurityFrameworkService {
private static final String INNER_PROFILE = "inner";
private final PermissionApi permissionApi; private final PermissionApi permissionApi;
private final Environment environment;
@Override @Override
public boolean hasPermission(String permission) { public boolean hasPermission(String permission) {
@ -62,4 +66,9 @@ public class SecurityFrameworkServiceImpl implements SecurityFrameworkService {
return CollUtil.containsAny(user.getScopes(), Arrays.asList(scope)); return CollUtil.containsAny(user.getScopes(), Arrays.asList(scope));
} }
@Override
public boolean isInnerProfile() {
return Arrays.asList(environment.getActiveProfiles()).contains(INNER_PROFILE);
}
} }

@ -139,7 +139,7 @@ public class DeviceOperationRecordController {
summary = "设备运行总览", summary = "设备运行总览",
description = "根据设备 ID 集合、统计时间范围和时间轴分页参数,返回运行总览指标卡、按小时状态分布、状态汇总以及设备时间轴数据" description = "根据设备 ID 集合、统计时间范围和时间轴分页参数,返回运行总览指标卡、按小时状态分布、状态汇总以及设备时间轴数据"
) )
@PreAuthorize("@ss.hasPermission('iot:device-operation-record:query')") @PreAuthorize("@ss.isInnerProfile() || @ss.hasPermission('iot:device-operation-record:query')")
public CommonResult<DeviceOperationOverviewRespVO> runOverview(@Valid DeviceTotalTimeRecordReqVO pageReqVO) { public CommonResult<DeviceOperationOverviewRespVO> runOverview(@Valid DeviceTotalTimeRecordReqVO pageReqVO) {
return success(deviceOperationRecordService.runOverview(pageReqVO)); return success(deviceOperationRecordService.runOverview(pageReqVO));
} }

@ -172,7 +172,7 @@ public class DeviceLedgerController {
@GetMapping("/list") @GetMapping("/list")
@Operation(summary = "获得设备台账列表") @Operation(summary = "获得设备台账列表")
@PreAuthorize("@ss.hasPermission('mes:device-ledger:query')") @PreAuthorize("@ss.isInnerProfile() || @ss.hasPermission('mes:device-ledger:query')")
public CommonResult<List<DeviceLedgerDO>> getDeviceLedgerList(@Valid DeviceLedgerPageReqVO pageReqVO) { public CommonResult<List<DeviceLedgerDO>> getDeviceLedgerList(@Valid DeviceLedgerPageReqVO pageReqVO) {
List<DeviceLedgerDO> deviceLedgerDOList = deviceLedgerService.getDeviceLedgerList(pageReqVO); List<DeviceLedgerDO> deviceLedgerDOList = deviceLedgerService.getDeviceLedgerList(pageReqVO);
return success(deviceLedgerDOList); return success(deviceLedgerDOList);

@ -150,7 +150,7 @@ public class DeviceLineController {
@GetMapping("/deviceParameterAnalysis") @GetMapping("/deviceParameterAnalysis")
@Operation(summary = "设备运行参数分析") @Operation(summary = "设备运行参数分析")
@PreAuthorize("@ss.hasPermission('iot:device:query')") @PreAuthorize("@ss.isInnerProfile() || @ss.hasPermission('iot:device:query')")
public CommonResult<List<LineAnalysisTreeDTO.LineNode>> deviceParameterAnalysis( public CommonResult<List<LineAnalysisTreeDTO.LineNode>> deviceParameterAnalysis(
@RequestParam(value = "keyword", required = false) String keyword, @RequestParam(value = "keyword", required = false) String keyword,
@RequestParam(value = "showDevices") Integer showDevices, @RequestParam(value = "showDevices") Integer showDevices,

Loading…
Cancel
Save